Although this book is intended as an undergraduate text in cryptography, it has its origins in a series of lectures given by the author to pre-college students between 14 and 17 years of age. As a result, the text is somewhat less sophisticated and more accessible than are competing texts such as *An Introduction to Mathematical Cryptography* by Hoffstein, Pipher and Silverman (hereafter HPS). At the same time, however, this book does cover some substantial topics in mathematics, including elliptic curves and Markov chains.

This book is, in fact, less than half the size of HPS, though it has substantial overlap in terms of topic coverage. Its brevity is achieved by the fact that it is largely a survey of ideas rather than an in-depth exploration of them. For example, HPS spends about 25 pages discussing the Weil pairing on an elliptic curve, but Rubinstein-Salzedo states that this topic is beyond the scope of his book. The general tone of this book is one of efficient clarity: the author says what he has to say and then moves on, content to leave more advanced topics for a second look at the material.

As befits its origins, this book requires very little in the way of prerequisites. No background in cryptography is assumed, and the necessary background material in number theory, algebra and probability is developed as needed. Some prior background in reading proofs, even if not technically necessary, is, however, probably advisable, because, while there are (quite reasonably) lots of theorems stated without proof in the book, some proofs (especially those of a number-theoretic nature) are given, and others are occasionally called for in the exercises.

It would probably also be useful for a reader to have at least some prior experience with computers. Frequently throughout the text the author uses computer algebra programs (generally Sage) to assist in unwieldy computations. However, a person with no prior experience along these lines should still be able to follow the discussion. Also, the author occasionally does make a point of doing computations by hand, which is a nice feature.

The text begins with a discussion of the very simplest classical cryptosystems, including the Caesar cipher (just shift each letter a specified number of places), substitution ciphers in general, and the cryptosystems of Hill and Vigenère. (Affine ciphers, a natural generalization of the Caesar shift ciphers and an easy application of modular arithmetic, are not mentioned.) Some basic number theory (divisibility, prime factorization, congruence mod *n*, the theorems of Fermat and Euler, primitive roots, fast exponentiation) and algebra (a quick survey of groups and fields) is also introduced as needed, and there is also a chapter on complexity. This takes about 100 pages, or forty percent of the text.

After this, the text turns to more modern cryptosystems, such as ElGamal and RSA. (The general ideas behind modern cryptography were briefly introduced about thirty pages earlier.) Because public-key cryptosystems are intimately involved with factorization of large numbers, there is also a chapter on this topic, as well as several chapters on elliptic curves and their applications to cryptography (and other things).

The next three chapters cover additional topics in cryptography: zero-knowledge proofs, secret sharing and an introduction to quantum cryptography. These are excellent chapters, well-motivated and filled with interesting examples. The chapter on quantum cryptography, though described by the author as a “cursory overview”, it is about as clear an introduction to this topic as anything I have seen in the textbook literature.

Two chapters remain. The first of these introduces the basic ideas of probability (in a somewhat intuitive way; the term “event”, for example, is defined as “things that can happen”; to the author’s credit, however, he makes clear that there is a more technical definition) and quickly segues from this to the subject of Markov chains, with applications to substitution ciphers. (It should be noted, though, that probabilistic ideas had appeared at various places earlier in the text, though not in a way that required extensive knowledge of the subject.) The final chapter of the book is on linear coding theory, culminating in a very brief discussion of finite simple groups (because some of these groups are related to the Golay code).

Throughout, the author’s writing style is clear and conversational, and, as noted earlier, he knows when it is desirable to leave something unproved. As an illustration of both of these remarks, for example, the author omits the proof that the group operation on an elliptic curve is associative, but instead writes:

One, rather uncivilized, way of checking this is to use the formula for what P + Q is in terms of the coordinates of P and Q, and then go through the rather horrific computations needed to show that it is indeed associative. Generally, people prefer to check associativity in fancier ways, and they will throw around terms like “the Riemann-Roch theorem” and possibly “complex tori” and “the Weierstrass \(\wp\)-function”. These are wonderful topics that I encourage you to learn about, not necessarily immediately, but eventually. However, we’ll just accept that this operation is indeed associative and move on.

In another nice informal touch, the author often speaks in the first person: “I haven’t learned to make friends with all these 26 sporadic groups, as I would very much like to.” A writing style like this is quite likely to be enjoyed by student readers.

Another interesting aspect of the author’s writing style is his use of “Spivak pronouns”, which are third-person singular gender-neutral pronouns, intended for those who dislike writing gender-specific terms like “he” or “she”. This results in sentences like “Your friend can’t open it, but ey can put a …”. The author really likes these pronouns, much more so than I; he states in a footnote that “I’m on a mission to get these pronouns into common English parlance. Please do your part to support the cause.” (This was my first exposure to the phrase “Spivak pronoun”, and so of course I had to go to google to see if the person referred to is *that* Spivak, author of the monumental treatise on differential geometry (and a less monumental, but also excellent, book on calculus). It is.)

Every chapter of the book ends with a selection of problems, some of them surprisingly challenging. (Example: “Can you find two English words *other than* “sleep” and “bunny”, with at least four letters, that encrypt to each other under a Caesar cipher? What are the longest such words that you can find?”) Although the problems in books in the *Springer Undergraduate Mathematics Series* are, according to the advertising for that series, supposed to come equipped with “fully-worked solutions”, there are none in the book, nor is there, as far as I can tell, a solutions manual available for instructors. The author does provide hints to some problems, and, in an amusing twist, the hints are themselves encrypted (using a Caesar cipher).

Though a lot of mathematics is covered in this book, there are some topics that one might have expected to see here that are omitted. I have already mentioned, for example, the omission of any discussion of affine ciphers. Also, although the author explains the difference between the words “cryptography” and “cryptanalysis”, he does not mention the word “cryptology”; nor does he mention the word “steganography”. As for substantive topics, there is no discussion of the Advanced Encryption Standard (AES). I also think the book could also have benefited from a more extensive historical discussion, perhaps discussing some of the famous and interesting ciphers of the past, such as Enigma or the Navajo Code-Talkers. A look at some famous ciphers in literature (Poe’s *The Gold Bug*, Conan Doyle’s *The Adventure of the Dancing Men*) would have been fun too. Instructors who want to spice up their lectures with interesting historical vignettes might look at a couple of books written by Craig Bauer: *Secret History: The Story of Cryptology* and *Unsolved! The History and Mystery of the World’s Greatest Ciphers from Ancient Egypt to Online Secret Societies.*

These omissions are relatively minor, however, and do not seriously interfere with the use of the book as a text. To the extent that they are a problem at all, they are outweighed by the many good features of this book.

To summarize and conclude: this would make an excellent text for a first course in cryptography at, say, the junior undergraduate level. While this text does not always achieve the level of depth that might be found in books like HPS, there is certainly a lot of interesting mathematics to be learned here, and the reader will have fun learning it. If I were teaching a course in cryptography, this text would definitely be on my very short list; people teaching a course in number theory who want to discuss some cryptography might also want to keep a copy of this book within easy reach.

Mark Hunacek (mhunacek@iastate.edu) teaches mathematics at Iowa State University.