## REVIEW - Implementing Elliptic Curve Cryptography

Title:

Implementing Elliptic Curve Cryptography

Author:

Michael Rosing

ISBN:

Publisher:

Manning Publications (1999)

Pages:

313pp

Reviewer:

Francis Glassborow

Reviewed:

June 1999

Rating:

★★★☆☆

...if you are interested in providing strong cryptography in a product this would be an excellent book to study.

I know just about enough about the theory of elliptic curves (nothing to do with ellipses) to find the title of this book daunting. This area of mathematics is deep and challenges the minds of competent mathematicians. However it has one useful characteristic in that an aspect of it features a 'trap door.' By that I mean something that is relatively easy to do while being exceptionally difficult to undo. An example is taking two large (say about 100 digit) primes and multiplying them. Though tedious, most numerate people can do that. Now give the answer to someone and ask them to factorise it. You get the point.

Public key cryptography relies on trap door behaviour. Pretty Good Privacy is probably the best known. However elliptic curve cryptography offers a much higher ratio of encoding to code breaking potential. Of course new technology (such as a practical quantum computer) or mathematical discoveries may devalue the trap door characteristic.

This book provides excellent coverage of its topic. All the source code is available form a web site (despite the fact that you can use it to produce very strong, munitions grade, cryptography). The author covers enough theory to help you understand the mechanism and provides copious explanations of the actual cryptographic tools. He also has his feet firmly planted on the ground as relates to the difference between hard-to-break cryptography and security. (Anyone who watched the recent Station X programmes on UK Channel 4 TV will recognise the difference, the excellent Enigma coding machines were seriously compromised by the way the operators (ab)used them).

Now let me make my one criticism of this book, the C source code is all in K&R C despite the fact that most of it was written over the last six years. A careful rewrite of the code by a fluent C programmer would have changed a very good book into an outstanding one. Perhaps the best way to learn from this book is to read it cover to cover while rewriting the code in modern C. None-the-less, if you are interested in providing strong cryptography in a product this would be an excellent book to study.

Book cover image courtesy of Open Library.