Cryptography Made Simple. Springer International Publishing, 2015. ISBN: 978-3-319-04041-7. |

We use LaTeX terminology when this makes things clearer

- Page 5: Line 5.

Missing 2 in the denominaotor of the first term. - Page 10: Figure 1.1.

The number by the line connecting F_{p^2} and F_{p^4} should be 2 not 4. - Page 15: Algorithm 1.2.

The penultimate line should assign t' and s' to x and y, and not t and s. - Page 76: Line -12.

Should be a_2 \cdot X^2 not a_2 \cdot X in the equation. - Page 205: Line -1.

g:M->{0,1} should be g:P->{0,1}. - Page 218: Line 7.

Spelling mistake. Should be UnForgeable. - Page 245: Theorem 13.1.

2^{64}should be 2^{56}in both cases; but note the use of the word "about". - Page 226: Number of small typos on this page.

A corrected page is here. - Page 232: Figure 12.9.

States s_{12} and s_{14} are swapped around. - Page 234: Line -1.

"described" is spelt wrong. - Page 238: Lines 6,7, 8 and 12

Mistyping means the equations make Trivium linear! The correct equations are.a_i = c_{i-111} + c_{i-110} \cdot c_{i-109} + c_{i-66} + a_{i-69}

b_i = a_{i-93} + a_{i-92} \cdot + a_{i-91} + a_{i-66} + b_{i-78}

c_i = b_{i-84} + b_{i-83} \cdot b_{i-82} + b_{i-69} + c_{i-87}

r_i = c_{i-111} + a_{i-93} + b_{i-84} + b_{i-69} + c_{i-66} + a_{i-66}

- Page 264: Line -9.

Replace "a new nonce" with "another nonce". - Page 265: Theorem 13.11.

The theorem is stated for the Random-IV variant, which should go in the theorem statement. The sentance afterwards should say that the above advantage statement*also*applies in the nonce-based setting assuming the restriction of the nonce (on the previous page) is respected. - Page 271: Line 11 of first main paragraph.

Replace O(2^t) with \Omega(2^t). - Page 277: Line 15.

Padding method four could also be used here. - Page 281: Algorithm 14.3.

There is an unfortunate double use of the letter f to denote both the round function for SHA-1 and the bit-wise operations used to define the round function. Hopefully the usage of the letter f is clear from the context. - Page 285: Line 7.

Should be "we first pad m out to a multiple of b using zero's (i.e. we apply padding method zero)". - Page 315: Line 2 and 3.

Should be "If b=b'" then algorithm B returns that j is not a quadrative residue, otherwise it returns that it is". - Page 315: Line 8.

Swap the two probabilities on this line around to make it match in order with the line which follows. - Page 319: Line 3.

The group order should be \phi(N^2)=... not \phi(N)=.... - Page 321: Line -5.

Should be \log_{256} not \log_{8} - Page 335: Line -12.

The public key h should be y. - Page 336: Lines 1,6,9.

The public key h should be y. - Page 337: Lines 10 and 19.

The public key h should be y. - Page 447: Multiples corrections and clarifications.
- Line 11:

Change "each party obtains its row" to "each party obtains its column". - First table:

Swap the row/column labels i and j around. - First line after first table change to:

"As an exercise you should work out the associated polynomial corresponding to each row. For example the polynomial for the first row/variable is given by $68 \cdot X^2 + 58 \cdot x + 20$."

(Where all numbers are encoded in red) - Line 3 and 4 after first table change to:

"by each multiplying the first two elements in their column of the above table" - Before second table add the line:

"For example the value $33 = 44 \cdot 26 \pmod{101}$ obtained by party one, is shared by them using the polynomial $2 \cdot X^2 + 57 \cdot X + 33$, resulting in the six shares $(92,54,20,91,65,43)$."

(Where all numbers are encoded in red) - After the second table change the line to:

"Each party then takes the six values obtained (i.e. it's column) and recovers..."

- Line 11:

Nigel Smart