1994-01-19 - APPLIED CRYPTOGRAPHY - Errata version 1.5.3

Header Data

From: schneier@chinet.com (Bruce Schneier)
To: cypherpunks@toad.com
Message Hash: 53e881b0c12682702e17fe398910920180b4509d6d485fa948133677ff4cbbbc
Message ID: <m0pMgSH-0008pDC@chinet.chinet.com>
Reply To: N/A
UTC Datetime: 1994-01-19 17:18:55 UTC
Raw Date: Wed, 19 Jan 94 09:18:55 PST

Raw message

From: schneier@chinet.com (Bruce Schneier)
Date: Wed, 19 Jan 94 09:18:55 PST
To: cypherpunks@toad.com
Subject: APPLIED CRYPTOGRAPHY - Errata version 1.5.3
Message-ID: <m0pMgSH-0008pDC@chinet.chinet.com>
MIME-Version: 1.0
Content-Type: text/plain



                  APPLIED CRYPTOGRAPHY

                         ERRATA
              Version 1.5.3 - January 18, 1994


This errata includes all errors I have found in the first and
second printings of the book, including minor spelling and
grammatical errors.  Please distribute this errata sheet to
anyone else who owns a copy of the book.


Page xvii:  Third paragraph, first line:  "Part IV" should be
"Part III".

Page 1:  First paragraph, fourth line:  "receiver cannot
intercept" should be "intermediary cannot intercept".

Page 6:  Sixth and seventh lines:  "against symmetric" should be
"against a symmetric".

Page 8:  Second paragraph, first line:  "q code" should be "a
code".

Page 10:  Second paragraph, fifth line:  Reference "[744]" should
be "[774]".

Page 11:  Second paragraph:  "The rotations of the rotors are a
Caesar Cipher" should be "Each rotor is an arbitrary permutation
of the alphabet".

Page 13:  Third paragraph:  Delete parenthetical remark.  

Page 13:  Fifth paragraph, first line:  "Shift the key" should be
"shift the ciphertext".

Page 15:  Section 1.3, first line:  "Throughout the book use"
should be "Throughout the book I use".

Page 28:  Third paragraph, third and fourth sentences should be
"How to put mail in a mailbox is public knowledge.  How to open
the mailbox is not public knowledge."

Page 30:  "Attacks Against Public Key Cryptography," second
paragraph:  "The database also has to be protected from access by
anyone" should be "The database also has to be protected from
write access by anyone".  Also:  "substitute a key of his
choosing for Alice's" should be "substitute a key of his own
choosing for Bob's".

Page 30:  Last line:  "substitute that key for his own public
key" should be "substitute his own key for that public key".

Page 32:  Ninth line:  Delete the word "encrypted".

Page 34"  "Signing Documents with..."  First sentence:  "too
inefficient to encrypt long documents" should be "too inefficient
to sign long documents".  

Page 40:  Third line:  "computer can exist" should be "computer
can be".

Page 40:  Second paragraph:  Delete "should be runs of zeros and
the other half should be runs of ones; half the runs".

Page 51:  Step 5:  "with what he received from Bob" should be
"with what he received from Alice".

Page 69:  Last line:  "tried to recover her private key" should
be "tries to recover Alice's private key".

Page 73:  "Bit Commitment Using One-Way Functions," last
paragraph:  Second and third sentences should be "Alice cannot
cheat and find another message (R_1,R_2',b'), such that
H(R_1,R_2',b') = H(R_1,R_2,b).  If Alice didn't send Bob R_1,
then she could change the value of both R_1 and R_2 and then the
value of the bit."

Page 77:  "Flipping Coins into a Well," first line:  "neither
party learns the result" should be "Alice and Bob don't learn the
result".  Third line:  parenthetical remark should be:  "Alice in
all three protocols".

Page 90:  Last paragraph:  "step (3)" should be "step (4)".

Page 91:  Second line:  "step (3)" should be "step (4)".

Page 93:  "Blind Signatures," first line:  "An essential in all"
should be "An essential feature in all".

Page 98:  First paragraph after protocol, fourth line:  "to
determine the DES key with the other encrypted message" should be
"to determine the DES key that the other encrypted message was
encrypted in."

Page 115:  "Protocol #2," third paragraph:  "together determine
if f(a,b)" should be "together determine f(a,b)".

Page 131:  Fifth paragraph:  "each capable of checking 265
million keys" should be "each capable of checking 256 million
keys".

Page 133:  Table 7.2:  Third number in third column, "1.2308"
should be "0.2308".

Page 134:  Table 7.3:  "1027" should be "10^27".

Page 139:  Indented paragraph:  "could break the system" should
be "could break the system within one year".

Page 141:  "Reduced Keyspaces," last sentence:  "don't expect
your keys to stand up" should be "don't expect short keys to
stand up".

Page 148:  Eighth line:  "2^24" should be "2^32".

Page 156:  Second paragraph:  "blocks 5 through 10" should be
"blocks 5 through 12".

Page 157:  Figure 8.2:  "IO" should be "IV".

Page 159:  Figure 8.3:  "IO" should be "IV".

Page 161:  Figure 8.5:  "Decrypt" should be "Encrypt".

Page 162:  Figure 8.6:  "Encipherment" diagram:  "Decrypt" should
be "Encrypt".  Input should be "p_i" instead of "b_i", and output
should be "c_i" instead of "p_i".

Page 164:  Figure 8.7:  "IO" should be "IV".

Page 165:  Last equation:  There should be a "(P)" at the end of
that equation.

Page 167:  Second paragraph, last line:  "2^(2n-1)" should be
"2^(2n-14)".

Page 168:  Figure 8.8:  This figure is wrong.  The encryption
blocks in the second row should be off-centered from the
encryption blocks in the first and third row by half a block
length.

Page 174:  Middle of page:  Equations should be:
   k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2
   k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3
   k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175:  Last paragraph, second line:  "acting as the output
function" should be "acting as the next-state function".

Page 177:  Diffie's quote, second to last line:  "proposal to
built" should be "proposal to build".

Page 178:  Figure 8.20:  In "Node 2", the subscripts should be
"D_2" and "E_3".

Page 191:  First paragraph:  "3.5" should be "6.8".  "0.56"
should be "0.15".  "EBCDIC (Extended Binary-Coded Decimal
Interchange Code)" should be "BAUDOT".  "0.30" should be "0.76". 
"0.70" should be "0.24".

Page 193:  Second sentence:  "Unicity distance guarantees
insecurity if it's too small, but does guarantee security if it's
high" should be "Unicity distance guarantees insecurity if it's
too small, but does not guarantee security if it's high."

Page 198:  Fourth paragraph from bottom, second sentence:  "If a
and b are positive and a is less than n, you can think of a as
the remainder of b when divided by n" should be "If a and b are
positive and b is less than n, you can think of b as the
remainder of a when divided by n".

Page 199:  Middle of the page:  In the sentence "Calculating the
power of a number modulo a number", a should not be italicized.

Page 201:  First line of code:  Remove "assuming x and y are >
0".

Page 202:  Middle of the page:  In the sentence "Now, how do you
go about finding the inverse of a modulo n?" "a" should be
italicized.

Page 207:  "Jacobi Symbol: formula:  Variable "h" should be "a".

Page 209:  Fourth paragraph:  "If that value does not equal q"
should be "If that value does not equal 1".

Page 214:  Last line:  "n" should be "p".  Lines 29, 30, and 31: 
"r" should be "a", and "gcd(p,r)" should be gcd(a,p)".

Page 215:  Lehman test, step 5:  All three "(n-1)/2" should be
exponents.

Page 217:  There should be an open parenthesis in front of the
second "ln" in both exponents.  Sixth paragraph:  "Guassian"
should be "Gaussian".

Page 222:  "Validation and Certification of DES Equipment," first
line:  "As part of the standard, the DES NIST" should be "As part
of the DES standard, NIST".

Page 223:  Second to last paragraph, last line.  Reference
"[472]" should be "[473]".

Page 225:  Figure 10.2:  L_i is taken from R_(i-1) before
expansion, not after.  And "L_(i)-1" should be "L_(i-1)".

Page 228:  Fourth paragraph, last line:  "0 to 16" should be 0 to
15".

Page 228:  Fifth paragraph should read:  "For example, assume
that the input to the sixth S-box (that is, bits 31 through 36 of
the XOR function) are 110010.  The first and last bits combine to
form 10, which corresponds to row 3 of the sixth S-box.  The
middle four bits combine to form 1001, which corresponds to
column 9 of the same S-box.  The entry under row 3, column 9 of
S-box 6 is 0.  (Remember, we count rows and columns from 0, and
not from 1.)  The value 0000 is substituted for 110010.

Page 233:  The second two weak keys should be:
   1F1F 1F1F 0E0E 0E0E     00000000 FFFFFFFF
   E0E0 E0E0 F1F1 F1F1     FFFFFFFF 00000000

Page 238:  Next to last line before "Additional Results": 
"NSA's" should be "IBM's".

Page 238:  "Differential Cryptanalysis," third paragraph: 
"(1/16)^2" should be "(14/64)^2".

Page 239:  Figure 10.4:  "14/16" should be "14/64".

Page 242:  Table 10.14:  In "XORs by additions" line, "2^39,2^3"
should be "2^39,2^31".  In "Random" line, "2^21" should be"2^18-
2^20".  In "Random permutations" line, "2^44-2^48" should
be"2^33-2^41".

Page 245:  Line 11"  "8 bits is" should be "8 bits was".

Page 250:  The two functions should be:
   S_0(a,b) = rotate left 2 bits ((a+b) mod 256)
   S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)
Note the difference in parentheses.

Page 250:  Figure 11.4:  Note that a is broken up into four 8-bit
substrings, a_0, a_1, a_2, and a_3.

Page 251:  Figure 11.6:  The definitions for S_0 and S_1 are
incorrect ("Y = S_0" and "Y = S_1").  See corrections from
previous page.  Also, "S1" should be "S_1".

Page 254:  "Security of REDOC III," second sentence. Delete
clause after comma:  "even though it looks fairly weak."

Page 262:  Figure 11.9:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Page 263:  Table 11.1:  The decryption key sub-blocks that are
Z_n^(m)-1 should be Z_n^((m)-1).

Page 265:  Figure 11.10:  There is a line missing.  It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Pages 266-7:  Since the publication of this book, MMB has been
broken.  Do not use this algorithm.

Page 267:  Sixth line from bottom:  Reference should be "[256]".

Page 269:  "Skipjack."  First paragraph.  Reference should be
"[654]".

Page 270:  "Karn."  Third paragraph.  Last sentence:  "append C_r
to C to produce" should be "append C_r to C_l to produce".

Page 271:  Middle of the page:  "(for example, MD2, MD5, Snefru"
should be "(for example, MD2, MD4, Snefru".

Page 272:  Second to last line:  "But it is be analyzed" should
be "but it is being analyzed".

Page 277:  First lines:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 281:  Third paragraph:  The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)
735-5893".

Page 286:  Second to last line:  "Eve wants to Alice to" should
be "Eve wants Alice to".

Page 287:  Last line:  Wiener's attack is misstated.  If d is
less than one-quarter the length of the modulus, then the attack
can use e and n to find d quickly.

Page 288:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 289:  The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 295:  First line:  "t random integers fewer than n" should
be "t random numbers less than n".

Page 301:  Middle of the page:  Delete the sentence "Since the
math is all correct, they do this step."

Page 302:  Fourth line from bottom:  "a" should be in italics.

Page 305:  Third paragraph, parenthetical remark:  "NIST claimed
that having DES meant that both that both the algorithm and the
standard were too confusing" should be "NIST claimed that having
DES mean both the algorithm and the standard was too confusing".

Page 306:  Eighth line:  "cryptographers' paranoia" should be
"paranoia".

Page 307:  "Description of the Algorithm":  "p = a prime number
2^L bits long" should be "p = a prime number L bits long".

Page 309:  Third line:  "random k values and then precompute r
values" should be "random k-values and then precompute r-values".

Page 314:  Protocol, step (1):  "when" should be "where".

Page 319:  There should be a blank line before "discrete
logarithm:" and another before "factoring:".

Page 322:  Second paragraph:  "over 500 pairs of people" should
be "253 pairs of people".

Page 330:  Definitions of FF, GG, HH, and II:  In all of them, "a
= b +" should be "a = a +".

Page 336:  "HAVAL," sixth line:  "160, 92, 224" should be "160,
192, 224".

Page 339:  "LOKI Single Block":  In computation of Hi, drop final
"XOR M_i". 

Page 340:  "Modified Davies-Meyer":  In computation of H_i, "M_i"
should be subscripted.

Page 342:  "Tandem Davies-Meyer":  In computation of W_i, "M_i"
should be subscripted.

Page 345:  "Stream Cipher Mac", first line:"  "A truly elegant
MDC" should be "A truly elegant MAC".

Page 347:  Formula:  "aX_(n1)" should be "aX_(n-1)".

Page 347:  Second paragraph:  "(For example, m should be chosen
to be a prime number.)" should be "(For example, b and m should
be relatively prime.)"

Page 351:  Second line of text:  "they hold current" should be
"they hold the current".

Page 353:  Tenth line (in source code):  "< 31" should be "<<
31".

Page 353:  Second paragraph:  "are often used from stream-cipher"
should be "are often used for stream-cipher".

Page 356:  Source code:  "ShiftRegister = (ShiftRegister ^ (mask
>> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >>
1)".

Page 360:  Equation should not be "l(2^1-1)^(n-1)", but "l(2^l-
1)^(n-1)".

Page 362:  Figure 15.10:  "LFSR-B" should be "LFSR-A" and vice
versa.  The second "a(t+n-1)" should be "a(t+n-2)", and the
second "b(t+n-1)" should be "b(t+n-2)".

Page 363:  Fourth paragraph: "cellular automaton, such as an
CSPRNG" should be "cellular automaton as a CSPRNG".

Page 365:  "Blum-Micali Generator":  In the equation, "x_i"
should be an exponent of a, not a subscript.

Page 367:  Paragraph 5:  "Ingmar" should be "Ingemar".

Page 371:  Sixth line:  "access/modify times of/del/tty" should
be "access/modify times of /dev/tty".

Page 371:  "Biases and Correlations," third line:  "but there
many types" should be "but there are many types".

Page 391:  Second protocol, step (1):  "in his implementation of
DES" should be "in his implementation of DSS".  Next sentence: 
"such that r is either q quadratic" should be "such that r is
either a quadratic".

Page 402:  Line 18:  "2^t" should be "2^(-t)".

Page 417:  Last paragraph:  "Kerberos is a service Kerberos on
the network" should be "Kerberos is a service on the network".

Page 421:  Figure 17.2:  In the top message "C" should be lower
case.

Page 435:  "RIPEM":  "Mark Riorden" should be "Mark Riordan".

Page 436:  "Pretty Good Privacy," third paragraph:  Delete fourth
sentence:  "After verifying the signature...."

Page 436:  Pretty Good Privacy is not in the public domain.  It
is copyrighted by Philip Zimmermann and available for free under
the "Copyleft" General Public License from the Free Software
Foundation.

Page 437:  Fifth line:  Delete "assess your own trust level".

Page 437:  "Clipper,"  Second paragraph:  reference should be
"[473]".  Fourth paragraph:  references should be
"[473,654,876,271,57]".

Page 438:  Middle of page:  reference should be "[654]". 
"Capstone," first paragraph:  reference should be "[655]".

Page 445:  The IACR is not the "International Association of
Cryptographic Research," but the "International Association for
Cryptologic Research."  This is also wrong in the table of
contents.

Source Code:  The decrement operator, "--", was inadvertently
typesetted as an m-dash, "-".  This error is on pages 496, 510,
511, 523, 527, 528, 540, and 541.  There may be other places as
well.

Page 472:  "for( i = 0; i<<16; i++ )" should be "for( i = 0;
i<16; i++ )"

Page 473:  Function "cpkey(into)". "while (from endp)" should be
"while (from < endp)".

Page 508:  Line 8:  "union U_INITseed" should be "union U_INIT
seed".

Page 558:  "#defineBOOLEAN int" should be "#define BOOLEAN int",
"#defineFALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 564:  "#define BOOLEANint" should be "#define BOOLEAN int",
"#define FALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 569:  "rand() > 11" should be "rand() >> 11".

Page 569:  In "G13.H", "#define G13int" should be "#define G13
int".

Page 572:  Reference [45]:  "Haglen" should be "Hagelin".

Page 576:  References [136] and [137]:  "Branstead" should be
"Branstad."

Page 578:  Reference [184]  "Proof that DES Is Not a Group"
should be "DES Is Not a Group."  The correct page numbers are
512-520.

Page 589:  Reference [475]:  The publisher should be E.S. Mittler
und Sohn, and the publication date should be 1863.

Page 601:  References [835] and [836]:  "Branstead" should be
"Branstad."

Page 602:  Reference [842]:  "Solvay" should be "Solovay".

Page 603:  Reference [878]:  "Weiner" should be "Wiener."


For a current errata sheet, send a self-addressed stamped
envelope to:  Bruce Schneier, Counterpane Systems, 730 Fair Oaks
Ave., Oak Park, IL  60302; or send electronic mail to:
schneier@chinet.com.

From owner-cypherpunks  Wed Jan 19 09:29:45 1994
Received: by toad.com id AA11708; Wed, 19 Jan 94 09:19:26 PST
Received: by toad.com id AA11629; Wed, 19 Jan 94 09:16:14 PST
Return-Path: <chinet!schneier@mcs.com>
Received: from mercury.mcs.com ([192.160.127.80]) by toad.com id AA11623; Wed, 19 Jan 94 09:15:46 PST
Received: by mercury.mcs.com (/\==/\ Smail3.1.28.1 #28.20)
	id <m0pMgVF-000EqMC@mercury.mcs.com>; Wed, 19 Jan 94 11:15 WET
Received: by chinet.chinet.com (/\==/\ Smail3.1.28.1 #28.1{chinet})




Thread