We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Ben Rothke: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography (2009) by Simon Singh
It’s not clear who first uttered the quip: Of course I can keep a secret. It's the people I tell it to that can't. But what’s clear is that there are plenty of times when it’s a matter of life and death to ensure that secrets remain undisclosed.
In The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, author Simon Singh reveals the often hush-hush world of the science of secrecy.
How powerful are these cryptography tools? Until about only a decade ago, the U.S. Department of Commerce categorized strong cryptographic tools the same way it did F-15s and M-16s (more about that in Chapter 7).
Singh is a particle physicist who understands the science well and, more importantly in the case of this book, knows how to explain those details quite well.
Sit back and be enthralled by the fascinating world of cloak-and-dagger spies, and how without strong cryptography, we wouldn’t have online banking, Amazon Prime, and other things that make life meaningful.
For anyone who ever had to study for the CISSP certification examination, the cryptography domain was almost always the hardest and most intimidating of the ten exam domains. While the ISC2 recently retired the cryptography domain and put it under Security Engineering, any topic with obscure terms such as hash function, public key cryptosystem, side-channel attacks and the like will certainly be intimidating.
In The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, while not a comprehensive overview of cryptography, this masterful book by Simon Singh is a history of encryption, with a focus on the 16th century to the end of the 20th century. As a history book, Singh strikes a good balance between writing about the history, and providing a good technical and mathematical overview of the topic of cryptography
With a Ph.D. in physics, Singh follows in the footsteps of fellow physicist, Richard Feynman, who was a great explainer. Feynman noted that if a specific topic couldn’t be explained in a freshman lecture, it was not yet fully understood. In the book, Singh spends about 400 pages on this freshman lecture. It’s worth noting that a number of freshman university courses use this book as a reference; it’s that good.
I first became acquainted with Singh when he gave a most entertaining keynote at an information security conference about a decade ago, where he dispelled the claim that Stairway to Heaven contained subliminal satanic messages.
Classic cryptography goes back thousands of years. While the book provides details into cryptography from the times of the Bible, Caesar and more; its focus is predominantly on the modern era, starting with the cryptography used by Mary, Queen of Scots in the mid-1500s, up to the topic of quantum cryptography.
The book covers a wide range of topics, from both a historical and technology perspective. Singh takes a broad approach to the topic and doesn’t focus entirely on ciphers and algorithms, rather he brings historical stories like the Rosetta stone, Man in the Iron Mask, Manhattan Project, Navajo Code Talkers and much more.
While encryption and cryptography have their roots in the world of mathematics and number theory, the book often places a focus on the human elements. While many cryptosystems work perfectly in the pristine environs of a lab, they will fail miserably when incorrectly implemented. Singh gives numerous examples, from Mary, Queen of Scotts to the German Enigma cipher machine, where the human element leads to extreme failures.
A number of the eight chapters start with a story, which Singh then uses as a lead to provide the underlying details of a specific aspect of security and cryptography.
For the story of Mary, Queen of Scots in Chapter 1, the message is that the underlying cipher needs to be reasonably impenetrable. In Chapter 4 on cracking the Enigma machine, the message is that even the strongest of cryptography devices finds its kryptonite if its users don’t follow the directions.
Chapter 5 on Language Barrier is perhaps the most fascinating chapter in the book. Singh details the story of how the U.S. used Navajo Indians and their obscure language as a means of ensuring the Japanese would have a much harder time deciphering the messages. By the time the war ended, the Japanese were never able to read a single message when Navajo was used.
The chapter also details the story of the Rosetta stone. While not a cryptographic issue in the common sense, hieroglyphics had been indecipherable for thousands of years. Singh writes how common wisdom at the time was that the Ancient Egyptian language of hieroglyphs should be treated as symbols and not letters. Singh highlights the story of how Jean-François Champollion was able to decipher the stones by using new research that the hieroglyphs were indeed letters, not symbols.
Anyone involved with cryptography knows terms such as Diffie–Hellman and RSA on a first-name basis. Those cryptosystems are the very backbone of today’s Internet security infrastructure. Singh does a good job of explaining how they work and what makes them secure. For RSA, it’s built on a very simple premise, that factoring the product of two huge prime numbers is difficult. While most people may be oblivious to it, much of the underlying security for online banking and the Internet is built on top of RSA.
The book closes with the next generation of secrecy, which is quantum cryptography. As a particle physicist, quantum mechanics is Singh’s bread and butter. When Singh wrote the book, quantum cryptography was not a practical technology, and that is still the case.
As a side note, if and when quantum cryptography becomes practical, it would be so powerful as to be able to break every RSA key in existence.
The Code Book was first published in 1999, around the time Windows 2000 came out. While the latter became obsolete in 2005, The Code Book is still quite germane given the value of the information in the book, which is still relevant and of interest.
For those looking for an encyclopedic reference, David Kahn’s The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet is the definitive tome on the topic.
For those looking for a more informal and selected overview of some of the core topics from the last 600 years of cryptography, this book is readable and interesting, and a perfect read for those looking for an introduction to the topic.
Those looking for a captivating and very readable book on the history of modern cryptography will find The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography a valuable read, and one that is certainly worthy of being in the Cybersecurity Canon.