Cryptography is a large and ever growing subject, which at times feels like a branch of mathematics, at times feels like a branch of computer science, and often involves bringing in questions of politics, marketing, business, and (since we are on the verge, or at least on the verge of being on the verge, of quantum cryptography) physics. Books in this area are therefore required to choose their target audience very carefully, trying to decide exactly which aspects to cover and what background they may assume, and they need to walk a fine line in order to be both useful and readable. Douglas Stinson's book *Cryptography: Theory and Practice* has walked that line well for more than a decade. It might not be as practical as some programmers would like or as rigorously theoretical as some mathematicians would like, but for most people who are between those two extremes this book does an excellent job.

The first edition of Stinson's book came out in 1995 and quickly became a mainstay on the syllabi of the cryptography courses that were starting to pop up in math and computer science departments around the globe (including, I should add for reasons of full disclosure, the course that I took at the University of Pennsylvania in 1998). The second edition, released in 2002, scaled back the scope of the book quite significantly, as the author intended to write a second volume to supplement the main book.

The third edition, released last year, once again expands the scope of the book and includes far more topics than one could include in a single course. Those topics include full chapters on Block Ciphers, Hash Functions, RSA Cryptosystems, ElGamal Cryptosystems, Signature Schemes, Pseudo-random Number Generators, Entity Authentication, Key Distribution, Secret Sharing Schemes, and Multicast Security as well as several other topics. (A full table of contents can be found above). Many of these are serious topics, and they are treated at a serious level. In order to discuss them well, Stinson spends a significant amount of time introducing ideas from mathematics that computer scientists may not know and ideas from computer science that mathematicians may not know, including some number theory, some probability theory, some information theory, and some of the theory of elliptic curves. In the process of doing so, he inevitably oversimplifies many of these topics, but he does as good a job as one could expect given the context, and the bibliography points the reader to many sources where they can get deeper information on these topics.

This book is extremely well written, and gets better with each passing edition. There are certainly easier introductions to cryptography available, and this would not be the first book I would recommend to an undergraduate student who was interested in the topic, but the clear exposition and large number of exercises would make the book a good choice for either a graduate level course or for a researcher who is interested in learning more about the field of cryptography to peruse. For a book that covers this quantity and depth of material I cannot imagine a better choice.

Darren Glass (dglass@gettysburg.edu) is an Assistant Professor at Gettysburg College.