amazon.co.uk

• Featured in Computing Reviews list of notable computing items published in 2012.
  
  
• AMS MathSciNet Mathematical Reviews, by Jose Ignacio Farran.
  
  "Written by an active researcher in the topic, this book aims precisely to explain the main ideas and techniques behind public key cryptography, from both historical and future development perspectives. Because of the abundance of examples, proofs and exercises, it is suitable as a textbook for an advanced course, or even for self-study. For more advanced readers, it is a basic reference for crucial topics such as the Pollard algorithms, elliptic curves and isogenies, algebraic tori, and lattices."
  
  
• Zentralblatt MATH, by Juan Tena Ayuso.
  
  "the book gathers the main mathematical topics related to public key cryptography and provides an excellent source of information for both students and researchers interested in the field"
  
  
• MAA Reviews, by Darren Glass.
  
  "I enjoy Galbraith's exposition, and am very happy to have a copy of this book on my shelf"
  
  

• Section 2.3, page 26, Lemma 2.3.3, line -8: t_{i} should be t_{i-1}. The correct formula is a = r_{i} (-1)^{i-1} t_{i-1} + r_{i-1} (-1)^{i} t_{i}. (Error noticed by Wang Maoning.)
• Section 5.2, page 73. Part 1 of Lemma 5.2.20: varphi_i^{-1}^* is not a k-algebra homomorphism (consider the sum of two polynomials of different total degree). Part 6 of Lemma 5.2.20: f should be homogeneous. Also proof of part 2 of Lemma 5.2.25: f should be homogeneous. (Errors noticed by Parinaz Shahabi.)
• Section 5.3, page 76, Theorem 5.3.8: The theorem is clearly false, since if f is the square of an irreducible polynomial then V( f ) is irreducible, but f is not. An extra condition, that f has no repeated factors is required. A correct proof is given on the pdf file on this webpage.
• Section 6.3.1, page 91, Exercise 6.3.5: This question only makes sense when $q$ is odd. (Error noticed by Barak Shani.)
• Section 7.1, Lemma 7.1.19: It was pointed out by Noel Robinson that there is a simpler proof of this result. If P is not equal to Q then one can write down a function that is regular at P but not regular at Q. See the revised pdf for the details.
• Section 7.7, page 113, Proof of Lemma 7.7.10 (second line): "\iota(P) = \iota(P) = " should just be "\iota(P) = ". (Error noticed by Parinaz Shahabi.)
• Section 8.1, page 122, Definition 8.1.6: A field F between phi^*( k( C_2 )) and k( C_1 ) with those properties does not necessarily exist if the extension is not normal. The treatment should be the other way around: k(C_1)/F purely inseparable and F/phi^*( k( C_2 )) separable. (Error noticed by Alexander Schiller.)
• Section 9.5, Exercise 9.5.8: The claim is incorrectly stated. For example the number of twists when j=1728 may be 2 or 4, not always 4. The correct statement is that #Twist(E) = # k^*/(k^*)^d, where d=4 when j=1728 and d=6 when j=0.
• Section 9.6, page 148, Proof of Lemma 9.6.11: First line of proof should be \phi_1, \phi_2 : E \to E. (Error noticed by Alfred Menezes.)
• Section 9.6, page 151, Proof of Theorem 9.6.21: Formula should be \hat{\phi} = \alpha_1^{-1} \circ \phi^* \circ \alpha_2. (Error noticed by Yan Bo Ti.)
• Section 9.11, page 165, Example 9.11.6: F(x) lies in F_q[x].
• Section 9.11, page 166, Lemma 9.11.8: R[x] should be R[T].
• Section 9.12, Lemma 9.12.5: P_1 should be (x_1,y_1). (Error noticed by Gaurish Korpal.)
• Section 9.12, Exercise 9.12.6: In the formula for Z_2, x_1 should be X_1 (or x_P).
• Section 10.1.1 of version on website (not printed book), equation (10.3): F_0 Z^d should be F_0 Z^{2d}. (Error noticed by Vincent Macri.)
• Section 10.3, Theorem 10.3.14, Equation (10.7): The polynomial v_3(x) may have degree equal to or larger than the degree of u_3(x). So v_3(x) should be reduced modulo u_3(x) to satisfy the definition of Mumford representation. (Error noticed by Vincent Macri.)
• Section 10.4, in the proof of Lemma 10.4.10, Equation (10.16) is incorrect when g is odd. The part "(3m - ..." should be "(3m-1 - ..." (Error noticed by Vincent Macri.)
• Section 10.3, page 188, Definition 10.3.1: Item 1 should read: If $P = \iota(P)$ then $n_P \in \{0, 1\}$. (Error noticed by Alfred Menezes.)
• Section 12.2.1, page 241, line -5: The standard definition of a Sophie Germain prime is a prime p such that 2p+1 is prime. The book defines 2p+1 to be the Sophie Germain prime, which is not standard. (Error noticed by Florian Weingarten.)
• Section 15.4, page 312, line 20: Replace c/(3c') with c'/(3c''). (Error noticed by Alfred Menezes)
• Section 15.5.1, page 314, line -13: Change "do not lie in" to "do not necessarily lie in". (Error noticed by Alfred Menezes)
• Section 15.5.1, page 315, line 12: Delete "B = ". (Error noticed by Alfred Menezes)
• Section 15.5.4, page 322, lines 10-19: Several small errors. (n / c \log(n))^{1/3} should be (n / \log(n))^{1/3} / \sqrt{c}. kd should be 2^k d_A. 2^k d should be 2^k d_A. (n / log(n))^{1/3} should be (n \log(n)^2)^{1/3}. (Errors noticed by Alfred Menezes)
• Section 15.5.1, page 315, line -12: The value c = (2 / 3 \log(2))^{2/3} gives the theoretical value for the running time. But this is not necessarily an accurate value for implementing the algorithm. One needs to ensure that enough smooth pairs (C(x),D(x)) are available to get enough relations. (Comment made by Alfred Menezes)
• Section 15.8.3, page 332, Theorem 15.8.4: Replace F_{q^n}^* by E( F_{q^n} ) in two places. (Error noticed by Samuel Neves.)
• Section 17.3, Definition 7.3.1: d_0=0 should be d_0 = 1.
• Section 17.5, Theorem 17.5.1: line 17 of the proof: \log_\delta should be \log_{1/\delta}. (Error noticed by Cullen Hooper.)
• Section 17.5, Exercise 17.5.2: \gamma_n \le 2^{(n-1)/4} should be \gamma_n \le 2^{(n-1)/2}. (Error noticed by Edoardo Persichetti.)
• Section 18.2, page 371, line 1: According to the definition used in the book, [7/2] = [3.5] = 4 and so the correct vector should be 4 b_1 + 2 b_2 = (10, 8, 6). But this ruins the moral of Example 18.2.4 (pages 372-373) that Babai nearest plane and Babai rounding can give different results (which is true in general, just not in this case). (Error noticed by Bart Coppens.)
• Section 18.4, page 376, line -3: The equation $0 \le x_n \le \sqrt{A / B_i}$ should be $0 \le x_n \le \sqrt{A / B_n}$. (Error noticed by Sean Murphy.)
• Section 19.1.2, Theorem 19.1.9: The first line of the statement should be "Let $0 < \epsilon < \min\{ 0.18 (d-1)/d , 1/d \}$". In the proof, the line "Therefore, assume $\epsilon \le (d-1)/d$" should be changed to "Therefore, we require $\epsilon \le 0.18 (d-1)/d$". (Error noticed by Katherine Kosaian and Yong Kiam Tan.)
• Section 24.5.1, page 505, line 19: The correct bound in this theorem is $0 < d < N^{1/4}/\sqrt{6}$. In the proof one applies Lemma 2.3.3(8) and this requires $|sr| < N/2$. So the displayed equation should be |duk| < \frac{N^{1/2}}{6} 3 \sqrt{N} = N/2$.
• Section 25.1, first line: In equation for elliptic curve $a_3$ should be $a_3 y$. (Error noticed by Jan Oupický.)
• Section 25.1.1, page 521, Example 25.1.12: $Y^2 + XY + 3Y^2$ should be $Y^2 + XY + 3Y$. (Error noticed by Alfred Menezes.)
• Section 25.1.1, page 523, Exercise 25.1.21: One can compute $\psi(x)$ in $O( d^2 )$ operations in $\F_{q^n}$ not $\F_q$. (Error noticed by Alfred Menezes.)
• Section 25.2, page 523, line -3: It is not true that Phi_{ell}( j(E), j( tilde{E} ) = 0 implies there is an isogeny from E to tilde{E}, as the isogeny might be to a twist of tilde{E}. Correct wording would be to replace "cyclic kernel from E to tilde{E}" to "cyclic kernel from E to a twist of tilde{E}". (Error noticed by Drew Sutherland.)
• Section 25.3, page 532, Remark 25.3.6: "determine the corresponding isogeny" should read "determine the corresponding ideal". (Error noticed by Alfred Menezes.)
• Appendix A.10.3, page 575, Definition A.10.7: Sum should range from $i=1$ to $n$. (Error noticed by Douglas Stebila.)