New Books

This page lists new books about cryptology, and occasionally reviews one.

Al-Kindi' Treatise on Cryptanalysis

An annotated translation into English from the original Arabian manuscript.

By M. Mrayati, Y.Meer Alam and M.H. at-Tayyan (translation by Said M. al-Asaid). Vol. 1 of Series on Arabic Origins of Cryptology , revised by Mohammed I. Al-suwaiyel, Ibrahim H. Al-Kadi and Marwan al-Bawab. Published by KFCRIS and KACST.

Reviewed by Peter Landrock.

It is a well established fact (see e.g. David Kahn's book, the Codebreakers) albeit perhaps not that well-known that the first scholarly and profound treatments of cryptography and cryptanalysis go back to the Arabs. The reason why this has attracted limited attention is that until recently, the sources, which proves this were to a large degree unknown at least in the Western world - and the "established fact" was mostly based on references to various manuscripts, the whereabouts of which were not clear..

It is no surprise that one of the oldest civilizations that we know of with a written language took an interest in cryptography. I have sometimes stated that cryptography must be the second oldest profession in the world, as it seems to be an essential feature on human nature that if three or more people are together, some of them want to share a secret. It is interesting to establish then when cryptography transformed from art to science.

The readers familiar with Simon Singh's excellent documentary on the BBC on cryptography may recall an interview there with the first author, Dr. M. Mrayati, about the discovery of al-Kindi's manuscript at the old library in Istanbul. It dates back to the ninth century: al-Kindi was born around 801 AD and died in 873. Often referred to as "the philosopher of the Arabs," he received most of his education in Baghdad, where he built a very impressive library. Due to the persistence of the authors, and the generous help and assistance of many colleagues, a number of these original manuscripts have been recovered, and a whole series has been dedicated to the translation, of which this is the first and one of the most significant as it basically makes the birth of cryptology as a science. The whole series is planned to publish 15 original manuscripts in 9 annotated volumes.

As space here is limited, I cannot but give a vague impression of the content of the first volume and urge interested readers to request their own (free) copy from KACST, King Abdulaziz City for Science and Technology in Riyadh or King Faisal Center for Research and Islamic Studies, P.O. Box 51049, Ryiadh, 11543, KSA.

The book under review starts off with an analytic study of cryptology in the Arab civilization in Chapter 1, and continues with a study of al-Kindi's treatise in Chapter 2. Finally, Chapter 3 is a translation of al-Kindi's book, with translation on the left and a photocopy of the translated page on the right.

The first two chapters are very rich on historical facts and observations.

The main topics of al-Kindi's book are methods of cryptanalysis, encipherments, cryptanalysis of certain encipherments and statistical analysis of letters and letter combinations in Arabic.

The first chapter on methods of cryptanalysis addresses probe as well as poetry (the latter presenting a charming alternative to the topics usually considered by members of the IACR :-)), and lists three principles: 1) the qualitative characteristics of letters, such as frequency of occurrence, observing that the quality of this depends on the length of the text. 2) the qualitative characteristics of letters, i.e. association and disassociation, listíng the most common 2- and 3-letter combinations, and 3) likely phrases (i.e. known-plaintext attacks). His list of letter frequency builds on an analysis of a particular text of 3667 letters (see table p. 58). It was of course essential for his statistical analysis that he was using the Arabic numericals (albeit the East Arabic numbers, which are the symbols used in India, as opposed to what we use in the Western world, which are the West Arabic numericals) rather than the Romans, as pointed out by the authors.

In the second chapter al-Kindi discusses various means of encipherment, most likely based on his experience with encrypted texts in his library, and he classifies these methods, which he "... represents [] in a tree-diagram, so that all our senses participate in understanding the craft, and facilitate its comprehension ..." The methods described include substitution - mono-alphabetic as well as poly-alphabetic - and transposition, coding and key-dependent encryption.

In the following chapter, he returns to applied cryptanalysis, where the methods introduced in chapter 1 are applied to some of the encryption schemes he introduced in the previous chapter. He addresses 7 different tools in some detail.

The last chapter is devoted to letter combinations in Arabic and as such is as much a study in linguistics as cryptology. One of his achievements is to establish 94 non-possible combinations of the 29 consonants in Arabic.

All in all, this book is an excellent account of the origins of cryptology as an Arabic Science, and at the same time a good overview of related sciences in the Arab world at the same time, e.g. in mathematics (combinatorics) and linguistics, which is highly recommendable reading, and we should all be grateful that this has been made available to our whole community.

NB. It is planned to make copies of the book freely available at Eurocrypt 2004 in Interlaken.

UMTS Security

UMTS Security
Valtteri Niemi and Kaisa Nyberg, Nokia Research Centre, Finland
Publisher: WILEY
ISBN: 0470 847 948
Available: November 2003
Price: Hbk GBP 55.00  EUR 82.50


The Universal Mobile Telecommunication System (UMTS) offers a consistent set
of services to mobile computer and phone users and numerous different radio
access technologies will co-exist within the UMTS system's core network -
security is, therefore, of the utmost importance.

UMTS Security focuses on the standardized security features of UMTS and brings
together material previously only available in specifications, design
documents and presentations in one concise form. In addition, this unique
volume also covers non-standard implementation specific features that allow
differentiation between operators and manufacturers.  Describes the security
solutions specified for UMTS Provides a comprehensive presentation of the UMTS
security specifications and explains the role of the security functionality in
the UMTS system Presents the UMTS security system in its totality from the
theoretical background through to the design process Discusses the new
security features included in Release 4 and 5.

By providing a unified treatment of the security services provided by the UMTS
system, this volume will provide invaluable information and have instant
appeal to planners, constructers and implementers of UMTS networks, and
developers and analysts of application oriented security services that make
use of UMTS communication networks. It will also be of considerable interest
to postgraduates and researchers of modern communication security technology.

| CONTENTS                                                  |
|                                                           |
| 1 CHAPTER ONE: Introduction to security and to UMTS.      |
| 1.1 Security in telecommunications.                       |
| 1.2 The background of 3G.                                 |
| 1.3 The 3rd Generation Partnership Project.               |
| 1.4 3GPP network architecture.                            |
| 1.5 WCDMA radio technology.                               |
| 2 CHAPTER TWO: UMTS security features in Release 99.      |
| 2.1 Access security to UMTS.                              |
| 2.2 Interworking with GSM .                               |
| 2.3 Additional security features in Release 99.           |
| 3  CHAPTER THREE: Cryptographic Algorithms for UMTS.      |
| 3.1 Introduction to Cryptography.                         |
| 3.2 3GPP Algorithms Specification Principles .            |
| 3.3    Confidentiality and Integrity Algorithms.          |
| 3.4 Kernel Algorithm KASUMI.                              |
| 3.5 Authentication and Key Generation Algorithm.          |
| 4 CHAPTER FOUR: Security features in releases 4 and 5.    |
| 4.1 Network domain security.                              |
| 4.2 IMS security.                                         |
| 4.3 Other security systems.                               |

Please send your new book announcements to the newsletter editor at newsletter at

[ IACR home page | IACR Newsletter page and archive | This issue ] © IACR