Given the current, and entirely understandable, popularity of cryptography courses in university mathematics departments, and given the proliferation of textbooks that have been written to accommodate such courses, it follows that any book that enters this crowded field should have some feature that distinguishes it from the competition. In the case of the book now under review, that feature would seem to be the topic coverage. This book discusses certain topics in cryptography that are not easily found in other textbooks at this level.

“This level” refers to senior undergraduate or (more realistically) beginning graduate students. The text begins at the beginning and develops the necessary number-theoretic and algebraic material as appropriate, but at a pace and with a degree of conciseness that likely will not serve as a substitute for some prior experience in these areas. It is a very algebraically oriented text, and by the end of it, the student has seen not only elliptic curves and lattice methods (which are covered in some other comparable texts, such as *An Introduction to Mathematical Cryptography* by Hoffstein, Pipher and Silverman) but also braid groups and Gröbner bases, both commutative and non-commutative, which are generally not.

More specifically: the book begins with several chapters introducing cryptography. The basic definitions are given, and some of the easier cryptosystems are introduced. There is also some discussion of complexity and statistical issues. After this, the book turns to public key cryptography, including ElGamal, RSA, and elliptic curve cryptography. The main mathematical prerequisite for this is number theory, and there are two chapters on number theory background preceding the chapter on public key cryptography, including a chapter on number theoretic algorithms.

This takes us about halfway through the text. The second half concentrates on algebraic aspects of cryptography. After a chapter discussing group theory, there are several chapters discussing the use of groups in cryptography. One particular class of groups, the braid groups, are made the subject of an entire chapter. After this, the authors turn their attention from groups to rings, and there are two chapters on the use of Gröbner bases (commutative in the first chapter, non-commutative in the second) in cryptography. The final chapter discusses lattices and their role in cryptography.

Each chapter ends with exercises; there are a reasonable, but not abundant, number of them. Most chapters contain 10 to 20 exercises; contrast with Hoffstein, Pipher and Silverman, where each chapter typically ends with 50 or 60. Solutions to the exercises are not provided in the text.

The writing style is generally clear, but on the dry side. The focus throughout is on the mathematics rather than the history of the subject. (The first chapter contains a brief historical discussion, roughly two pages long, but readers who really want to hear interesting stories about, for example, the Enigma machine and Navajo code talkers will need to look elsewhere, such as *Cryptology: Classical and Modern with Maplets* by Klima and Sigmon or *Secret History: The Story of Cryptology* by Bauer). The mathematical presentation is from the “Just the facts, Ma’am” school of exposition; this is, for example, the only book that I can think of, off the top of my head, that discusses elliptic curves without giving a single picture of one.

There were times, reading this book, that I had the impression that different chapters were written by different authors, and not coordinated as well as they could have been. Modular arithmetic is defined in chapter 5 but was used as early as page 5. Cyclic groups are quickly defined and used extensively in chapter 5, but then given a formal definition on page 190, with no indication that the reader has ever seen them before.

Some other quibbles: The formal partial derivative of a polynomial in several variables over an arbitrary field is used (page 161) to define the term “singular point”, but is not defined. In addition, exercise 5.22 (which asks the reader to prove that if \(n\) has \(k\) distinct odd factors, then \(2^k\) divides \(\varphi(n)\)) is clearly false (take, for example, \(n=3\) or \(9\)); I assume the authors meant to write “odd *prime *factors”.

These issues seem to be relatively minor and do not seriously detract from the value of this book as a text or reference. Anyone teaching a graduate course in cryptography with a strong algebraic slant should take a look at this book. And, given some of the unusual topics covered, this book should certainly be considered for acquisition by university libraries.

Mark Hunacek (mhunacek@iastate.edu) teaches mathematics at Iowa State University.