Professional Documents
Culture Documents
Download textbook Advances In Cryptology Asiacrypt 2017 23Rd International Conference On The Theory And Applications Of Cryptology And Information Security Hong Kong China December 3 7 2017 Proceedings ebook all chapter pdf
Download textbook Advances In Cryptology Asiacrypt 2017 23Rd International Conference On The Theory And Applications Of Cryptology And Information Security Hong Kong China December 3 7 2017 Proceedings ebook all chapter pdf
https://textbookfull.com/product/cryptology-and-network-
security-16th-international-conference-cans-2017-hong-kong-china-
november-30-december-2-2017-revised-selected-papers-srdjan-
capkun/
Advances in Cryptology –
ASIACRYPT 2017
23rd International Conference on the Theory
and Applications of Cryptology and Information Security
Hong Kong, China, December 3–7, 2017, Proceedings, Part II
123
Lecture Notes in Computer Science 10625
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen
Editorial Board
David Hutchison
Lancaster University, Lancaster, UK
Takeo Kanade
Carnegie Mellon University, Pittsburgh, PA, USA
Josef Kittler
University of Surrey, Guildford, UK
Jon M. Kleinberg
Cornell University, Ithaca, NY, USA
Friedemann Mattern
ETH Zurich, Zurich, Switzerland
John C. Mitchell
Stanford University, Stanford, CA, USA
Moni Naor
Weizmann Institute of Science, Rehovot, Israel
C. Pandu Rangan
Indian Institute of Technology, Madras, India
Bernhard Steffen
TU Dortmund University, Dortmund, Germany
Demetri Terzopoulos
University of California, Los Angeles, CA, USA
Doug Tygar
University of California, Berkeley, CA, USA
Gerhard Weikum
Max Planck Institute for Informatics, Saarbrücken, Germany
More information about this series at http://www.springer.com/series/7410
Tsuyoshi Takagi Thomas Peyrin (Eds.)
•
Advances in Cryptology –
ASIACRYPT 2017
23rd International Conference on the Theory
and Applications of Cryptology and Information Security
Hong Kong, China, December 3–7, 2017
Proceedings, Part II
123
Editors
Tsuyoshi Takagi Thomas Peyrin
The University of Tokyo Nanyang Technological University
Tokyo Singapore
Japan Singapore
ASIACRYPT 2017, the 23rd Annual International Conference on Theory and Appli-
cation of Cryptology and Information Security, was held in Hong Kong, SAR China,
during December 3–7, 2017.
The conference focused on all technical aspects of cryptology, and was sponsored
by the International Association for Cryptologic Research (IACR).
ASIACRYPT 2017 received 243 submissions from all over the world. The Program
Committee selected 67 papers (from which two were merged) for publication in the
proceedings of this conference. The review process was made by the usual
double-blind peer review by the Program Committee consisting of 48 leading experts
of the field. Each submission was reviewed by at least three reviewers, and five
reviewers were assigned to submissions co-authored by Program Committee members.
This year, the conference operated a two-round review system with rebuttal phase. In
the first-round review the Program Committee selected the 146 submissions that were
considered of value for proceeding to the second round. In the second-round review the
Program Committee further reviewed the submissions by taking into account their
rebuttal letter from the authors. All the selection process was assisted by 334 external
reviewers. These three-volume proceedings contain the revised versions of the papers
that were selected. The revised versions were not reviewed again and the authors are
responsible for their contents.
The program of ASIACRYPT 2017 featured three excellent invited talks. Dustin
Moody gave a talk entitled “The Ship Has Sailed: The NIST Post-Quantum Cryptog-
raphy ‘Competition’,” Wang Huaxiong spoke on “Combinatorics in Information-
Theoretic Cryptography,” and Pascal Paillier gave a third talk. The conference also
featured a traditional rump session that contained short presentations on the latest
research results of the field. The Program Committee selected the work “Identification
Protocols and Signature Schemes Based on Supersingular Isogeny Problems” by
Steven D. Galbraith, Christophe Petit, and Javier Silva for the Best Paper Award of
ASIACRYPT 2017. Two more papers, “Kummer for Genus One over Prime Order
Fields” by Sabyasachi Karati and Palash Sarkar, and “A Subversion-Resistant SNARK”
by Behzad Abdolmaleki, Karim Baghery, Helger Lipmaa, and Michał Zaja̧c were
solicited to submit the full versions to the Journal of Cryptology. The program chairs
selected Takahiro Matsuda and Bart Mennink for the Best PC Member Award.
Many people have contributed to the success of ASIACRYPT 2017. We would like
to thank the authors for submitting their research results to the conference. We are very
grateful to all of the Program Committee members as well as the external reviewers for
their fruitful comments and discussions on their areas of expertise. We are greatly
indebted to Duncan Wong and Siu Ming Yiu, the general co-chairs, for their efforts and
overall organization. We would also like to thank Allen Au, Catherine Chan,
Sherman S.M. Chow, Lucas Hui, Zoe Jiang, Xuan Wang, and Jun Zhang, the local
VI Preface
Organizing Committee, for their continuous supports. We thank Duncan Wong and Siu
Ming Yiu for expertly organizing and chairing the rump session.
Finally, we thank Shai Halevi for letting us use his nice software for supporting all
the paper submission and review process. We also thank Alfred Hofmann, Anna
Kramer, and their colleagues for handling the editorial process of the proceedings
published at Springer LNCS.
General Co-chairs
Duncan Wong CryptoBLK Limited
Siu Ming Yiu The University of Hong Kong, SAR China
Program Co-chairs
Tsuyoshi Takagi University of Tokyo, Japan
Thomas Peyrin Nanyang Technological University, Singapore
Program Committee
Shweta Agrawal IIT Madras, India
Céline Blondeau Aalto University, Finland
Joppe W. Bos NXP Semiconductors, Belgium
Chris Brzuska TU Hamburg, Germany
Jie Chen East China Normal University, China
Sherman S.M. Chow The Chinese University of Hong Kong, SAR China
Kai-Min Chung Academia Sinica, Taiwan
Nico Döttling University of California, Berkeley, USA
Thomas Eisenbarth Worcester Polytechnic Institute, USA
Dario Fiore IMDEA Software Institute, Madrid, Spain
Georg Fuchsbauer Inria and ENS, France
Steven Galbraith Auckland University, New Zealand
Jian Guo Nanyang Technological University, Singapore
Viet Tung Hoang Florida State University, USA
Jérémy Jean ANSSI, France
Jooyoung Lee KAIST, South Korea
Dongdai Lin Chinese Academy of Sciences, China
Feng-Hao Liu Florida Atlantic University, USA
Stefan Mangard Graz University of Technology, Austria
Takahiro Matsuda AIST, Japan
Alexander May Ruhr University Bochum, Germany
Bart Mennink Radboud University, The Netherlands
VIII ASIACRYPT 2017
Additional Reviewers
Members
Lucas Hui (Chair) The University of Hong Kong, SAR China
Catherine Chan (Manager) The University of Hong Kong, SAR China
Jun Zhang The University of Hong Kong, SAR China
Xuan Wang Harbin Institute of Technology, Shenzhen, China
Zoe Jiang Harbin Institute of Technology, Shenzhen, China
Allen Au The Hong Kong Polytechnic University, SAR China
Sherman S.M. Chow The Chinese University of Hong Kong, SAR China
Invited Speakers
The Ship Has Sailed: the NIST Post-quantum
Cryptography “Competition”
Dustin Moody
Huaxiong Wang
Part of this research was funded by Singapore Ministry of Education under Research Grant
MOE2016-T2-2-014(S).
Contents – Part II
Pairing-based Protocols
ABE with Tag Made Easy: Concise Framework and New Instantiations
in Prime-Order Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Jie Chen and Junqing Gong
Quantum Algorithms
Elliptic Curves
Faster Algorithms for Isogeny Problems Using Torsion Point Images . . . . . . 330
Christophe Petit
Block Chains
Multi-party Protocols
Abstract. This work considers the problem of fast and secure scalar
multiplication using curves of genus one defined over a field of prime
order. Previous work by Gaudry and Lubicz in 2009 had suggested the
use of the associated Kummer line to speed up scalar multiplication. In
this work, we explore this idea in detail. The first task is to obtain an
elliptic curve in Legendre form which satisfies necessary security con-
ditions such that the associated Kummer line has small parameters
and a base point with small coordinates. In turns out that the ladder
step on the Kummer line supports parallelism and can be implemented
very efficiently in constant time using the single-instruction multiple-
data (SIMD) operations available in modern processors. For the 128-bit
security level, this work presents three Kummer lines denoted as K1 :=
KL2519(81, 20), K2 := KL25519(82, 77) and K3 := KL2663(260, 139) over
the three primes 2251 − 9, 2255 − 19 and 2266 − 3 respectively. Implemen-
tations of scalar multiplications for all the three Kummer lines using
Intel intrinsics have been done and the code is publicly available. Tim-
ing results on the recent Skylake and the earlier Haswell processors of
Intel indicate that both fixed base and variable base scalar multiplica-
tions for K1 and K2 are faster than those achieved by Sandy2x which is
a highly optimised SIMD implementation in assembly of the well known
Curve25519; for example, on Skylake, variable base scalar multiplica-
tion on K1 is faster than Curve25519 by about 25%. On Skylake, both
fixed base and variable base scalar multiplication for K3 are faster than
Sandy2x; whereas on Haswell, fixed base scalar multiplication for K3 is
faster than Sandy2x while variable base scalar multiplication for both
K3 and Sandy2x take roughly the same time. In fact, on Skylake, K3
is both faster and also offers about 5 bits of higher security compared
to Curve25519. In practical terms, the particular Kummer lines that are
introduced in this work are serious candidates for deployment and stan-
dardisation.
1 Introduction
Curve-based cryptography provides a platform for secure and efficient imple-
mentation of public key schemes whose security rely on the hardness of dis-
crete logarithm problem. Starting from the pioneering work of Koblitz [29] and
Miller [33] introducing elliptic curves and the work of Koblitz [30] introducing
hyperelliptic curves for cryptographic use, the last three decades have seen an
extensive amount of research in the area.
Appropriately chosen elliptic curves and genus two hyperelliptic curves are
considered to be suitable for practical implementation. Table 1 summarises fea-
tures for some of the concrete curves that have been proposed in the literature.
Arguably, the two most well known curves proposed till date for the 128-bit
security level are P-256 [37] and Curve25519 [2]. Also the secp256k1 curve [40]
has become very popular due to its deployment in the Bitcoin protocol. All of
these curves are in the setting of genus one over prime order fields. In particular,
we note that Curve25519 has been extensively deployed for various applications.
A listing of such applications can be found at [17]. So, from the point of view
of deployment, practitioners are very familiar with genus one curves over prime
order fields. Influential organisations, such as NIST, Brainpool, Microsoft (the
NUMS curve) have concrete proposals in this setting. See [5] for a further listing
of such primes and curves. It is quite likely that any future portfolio of proposals
by standardisation bodies will include at least one curve in the setting of genus
one over a prime field.
Our Contributions
The contribution of this paper is to propose new curves for the setting of genus
one over a prime order field. Actual scalar multiplication is done over the Kum-
mer line associated with such a curve. The idea of using Kummer line was pro-
posed by Gaudry and Lubicz [22]. They, however, were not clear about whether
competitive speeds can be obtained using this approach. Our main contribution
is to show that this can indeed be done using the single-instruction multiple-
data (SIMD) instructions available in modern processors. We note that the use
of SIMD instructions to speed up computation has been earlier proposed for
Kummer surface associated with genus two hyperelliptic curves [22]. The appli-
cation of this idea, however, to Kummer line has not been considered in the
literature. Our work fills this gap and shows that properly using SIMD instruc-
tions provides a competitive alternative to known curves in the setting of genus
one and prime order fields.
As in the case of Montgomery curve [34], scalar multiplication on the Kum-
mer line proceeds via a laddering algorithm. A ladder step corresponds to each
bit of the scalar and each such step consists of a doubling and a differential
addition irrespective of the value of the bit. As a consequence, it becomes easy
to develop code which runs in constant time. We describe and implement a vec-
torised version of the laddering algorithm which is also constant time. Our target
is the 128-bit security level.
Kummer for Genus One over Prime Order Fields 5
Choice of the Underlying Field: Our target is the 128-bit security level. To
this end, we consider three primes, namely, 2251 −9, 2255 −19 and 2266 −3. These
primes are abbreviated as p2519, p25519 and p2663 respectively. The underlying
field will be denoted as Fp where p is one of p2519, p25519 or p2663.
Choice of the Kummer Line: Following previous suggestions [3,9], we work in
the square-only setting. In this case, the parameters of the Kummer line are given
by two integers a2 and b2 . We provide appropriate Kummer lines for all three
of the primes p2519, p25519 and p2663. These are denoted as KL2519(81,20),
KL25519(82,77) and KL2663(260,139) respectively. In each case, we identify a
base point with small coordinates. The selection of the Kummer lines is done
using a search for curves achieving certain desired security properties. Later we
provide the details of these properties which indicate that the curves provide
security at the 128-bit security level.
SIMD Implementation: On Intel processors, it is possible to pack 4 64-bit
words into a single 256-bit quantity and then use SIMD instructions to simul-
taneously work on the 4 64-bit words. We apply this approach to carefully con-
sider various aspects of field arithmetic over Fp . SIMD instructions allow the
simultaneous computation of 4 multiplications in Fp and also 4 squarings in Fp .
6 S. Karati and P. Sarkar
The use of SIMD instructions dovetails very nicely with the scalar multiplication
algorithm over the Kummer line as we explain below.
H H
H H
∗ B2 ∗ A2 ∗ B2 ∗ A2
∗ ∗ ∗ ∗
∗ ∗ ∗ ∗
∗ − + −
H H (A − 2)/4 ∗ ∗ ∗
∗ z2 ∗ x2 ∗ b2 ∗ a2 + ∗ x
∗ ∗ ∗ ∗ ∗
Fig. 1. One ladder step on the Fig. 2. One ladder step on the Montgomery
Kummer line. curve.
faster than that of Sandy2x; fixed base scalar multiplication for KL2663(260,139)
is faster than that of Sandy2x while variable base scalar multiplication for both
KL2663(260,139) and Sandy2x take roughly the same time. Detailed timing
results are provided later.
At a broad level, the timing results reported in this work show that the avail-
ability of SIMD instructions leads to the following two practical consequences.
1. At the 128-bit security level, the choice of F2255 −19 as the base field is not the
fastest. If one is willing to sacrifice about 2 bits of security, then using F2251 −9
as the base field leads to about 25% speed up on the Skylake processor.
2. More generally, the ladder step on the Kummer line is faster than the ladder
step on the Montgomery curve. We have demonstrated this by implementing
on the Intel processors. Future work can explore this issue on other platforms
such as the ARM NEON architecture.
Due to page limit restrictions, we are unable to include all the details in this
version. These are provided in the full version [28].
2 Background
In this section, we briefly describe theta functions over genus one, Kummer
lines, Legendre form elliptic curves and their relations. In our description of the
background material, the full version [28] provides certain details which are not
readily available in the literature.
The following identities hold for the theta functions. Proofs are given in the
appendix of the full version [28].
2Θ1 (w1 + w2 )Θ1 (w1 − w2 ) = ϑ1 (w1 )ϑ1 (w2 ) + ϑ2 (w1 )ϑ2 (w2 );
(2)
2Θ2 (w1 + w2 )Θ2 (w1 − w2 ) = ϑ1 (w1 )ϑ1 (w2 ) − ϑ2 (w1 )ϑ2 (w2 );
ϑ1 (w1 + w2 )ϑ1 (w1 − w2 ) = Θ1 (2w1 )Θ1 (2w2 ) + Θ2 (2w1 )Θ2 (2w2 );
(3)
ϑ2 (w1 + w2 )ϑ2 (w1 − w2 ) = Θ1 (2w1 )Θ1 (2w2 ) − Θ2 (2w1 )Θ2 (2w2 ).
Putting w1 = w2 = w, we obtain
2Θ1 (2w)Θ1 (0) = ϑ1 (w)2 + ϑ2 (w)2 ; 2Θ2 (2w)Θ2 (0) = ϑ1 (w)2 − ϑ2 (w)2 ; (4)
ϑ1 (2w)ϑ1 (0) = Θ1 (2w)2 + Θ2 (2w)2 ; ϑ2 (2w)ϑ2 (0) = Θ1 (2w)2 − Θ2 (2w)2 . (5)
Let τ ∈ C having a positive imaginary part and denote by P1 (C) the projective
line over C. The Kummer line (K) associated with τ is the image of the map ϕ
from C to P1 (C) defined by
Suppose that ϕ(w) = [ϑ1 (w) : ϑ2 (w)] is known for some w ∈ Fq . Using (4) it
is possible to compute Θ1 (2w) and Θ2 (2w) and then using (5) it is possible to
compute ϑ1 (2w) and ϑ2 (2w). So, from ϕ(w) it is possible to compute ϕ(2w) =
[ϑ1 (2w) : ϑ2 (2w)] without knowing the value of w.
Suppose that ϕ(w1 ) = [ϑ1 (w1 ) : ϑ2 (w1 )] and ϕ(w2 ) = [ϑ1 (w2 ) : ϑ2 (w2 )] are
known for some w1 , w2 ∈ Fq . Using (4), it is possible to obtain Θ1 (2w1 ), Θ1 (2w2 ),
Θ2 (2w1 ) and Θ2 (2w2 ). Then (3) allows the computation of ϑ1 (w1 + w2 )ϑ1 (w1 −
w2 ) and ϑ2 (w1 + w2 )ϑ2 (w1 − w2 ). Further, if ϕ(w1 − w2 ) = [ϑ1 (w1 − w2 ) :
ϑ2 (w1 − w2 )] is known, then it is possible to obtain ϕ(w1 + w2 ) = [ϑ1 (w1 + w2 ) :
ϑ2 (w1 + w2 )] without knowing the values of w1 and w2 .
The task of computing ϕ(2w) from ϕ(w) is called doubling and the task of
computing ϕ(w1 + w2 ) from ϕ(w1 ), ϕ(w2 ) and ϕ(w1 − w2 ) is called differential
(or pseudo) addition.
This approach requires only squared values, i.e., it starts with squared values and
also returns squared values. Hence, this is called the square only setting. Note
that in the square only setting, [x2 : z 2 ] represents two points [x : ±z] on the
Kummer line. For the case of genus two, the square only setting was advocated
in [3,9] (see also [13]). To the best of our knowledge, the details of the square
only setting in genus one do not appear earlier in the literature.
Let
Then from (6) we obtain Θ1 (0)2 = A2 /2 and Θ2 (0)2 = B 2 /2. By Ka2 ,b2 we
denote the Kummer line having the parameters a2 and b2 .
Table 2 shows the Algorithms dbl and diffAdd for doubling and differential
addition. Details regarding correctness of the computation are provided in the
full version [28].
In Ka2 ,b2 , the point [a2 : b2 ] (representing [a : ±b]) in the square only setting
acts as the identity element for the differential addition. The full version [28]
provides further details.
In the rest of the paper, we will work in the square only setting over a
Kummer line Ka2 ,b2 for some values of the parameters a2 and b2 .
Kummer for Genus One over Prime Order Fields 11
be an elliptic curve in the Legendre form. Let Ka2 ,b2 be a Kummer line such
that
a4
μ= . (13)
a4 − b4
An explicit map ψ : Ka2 ,b2 → Eμ /σ has been given in [22]. In the square only
setting, let [x2 : z 2 ] represent the points [x : ±z] of the Kummer line Ka2 ,b2 such
that [x2 : z 2 ] = [b2 : a2 ]. Recall that [a2 : b2 ] acts as the identity in Ka2 ,b2 . Then
from [22],
2 2
∞
if [x2 : z 2 ] = [a2 : b2 ];
ψ([x : z ]) = 2 2
a x (14)
a2 x2 −b2 z 2 , . . . otherwise.
Notation: We will use upper-case bold face letters to denote points of Eμ and
upper case normal letters to denote points of Ka2 ,b2 .
Consistency: Let Ka2 ,b2 and Eμ be such that (13) holds. Consider the point
T = (μ, 0) on Eμ . Note that T is a point of order two. Given any point P =
(X, . . .) of Eμ , let Q = P + T. Then it is easy to verify that
μ(X − 1)
Q= ,... .
X −μ
Consider the map ψ : Ka2 ,b2 → Eμ such that for points [x : ±z] represented by
[x2 : z 2 ] in the square only setting
2 : z 2 ]) = ψ([x2 : z 2 ]) + T.
ψ([x (16)
The inverse map ψ−1 takes a point P of Eμ to squared coordinates in Ka2 ,b2 .
For any two points P1 , P2 on Eμ which are not of order two and P = P1 −P2
the following properties hold.
⎫
2 : z 2 ]) = ψ(dbl(x
2 · ψ([x , z )); ⎪
2 2
⎪
⎬
−1 −1
dbl ψ (P1 ) = ψ (2P1 ) ; (17)
⎪
⎪
−1 −1 −1 −1
diffAdd ψ (P1 ), ψ (P2 ), ψ (P) = ψ (P1 + P2 ) . ⎭
ψ +T −T ψ −1
P P Q Q P P
∗n ∗n ∗n ∗n
−1
ψ +T −T ψ
Pn Pn Qn Qn Pn Pn
Language: English
BUILDERS
Henry Maudslay
English and American
Tool Builders
By
JOSEPH WICKHAM ROE
Museum of the Peaceful Arts, City of New York,
Professor of Industrial Engineering,
New York University
Copyright, 1916
BY
Joseph Wickham Roe
The purpose of this book is to bring out the importance of the work
and influence of the great tool builders. Few realize that their art is
fundamental to all modern industrial arts. Without machine tools
modern machinery could not be built. Little is known by the general
public as to who the great tool builders were, and less is known of
their lives and work.
History takes good care of soldiers, statesmen and authors. It is
even kind to engineers like Watt, Fulton and Stephenson, who have
conspicuously and directly affected society at large. But little is
known, even among mechanics, of the men whose work was mainly
within the engineering profession, and who served other engineers
rather than the general public. The lives and the personalities of men
like Maudslay, Nasmyth and Eli Whitney, can hardly fail of interest to
the mechanic of today. They were busy men and modest, whose
records are mainly in iron and steel, and in mechanical devices
which are used daily with little thought of their origin.
In following the history of English and American tool builders, the
query arises as to whether there might not have been important
contributions to tool building from other countries. Others have
contributed to some degree, but practically all of the creative work in
tool building has been done in these two countries. Although the
French were pioneers in many mechanical improvements, they have
always shown an aptitude for refinements and ingenious novelties
rather than for commercial production on a large scale. They have
influenced other nations more through their ideas than through their
machinery. The Swiss are clever artisans, particularly in fine work,
but they have excelled in personal skill, operating on a small scale,
rather than in manufacturing. Germany has, under the Empire,
developed splendid mechanics, but the principal machine tools had
taken shape before 1870, when the Empire began. The history of
English and American tool building, therefore, covers substantially
the entire history of the art.
Almost the only book upon tool builders and their work is Samuel
Smiles’ “Industrial Biography,” which is out of print and little known. It
is an admirable and interesting book, and a mine of information upon
the English tool builders down to about 1850. The writer has used it
freely and would urge those who are interested in the subject to go
to it for further information on the early mechanics. It was written,
however, over fifty years ago and contains nothing about modern
developments or about the American tool builders who have
contributed so much.
The writer has tried to trace the origin and rise of tool building in
America and to give something of its spread in recent years. The
industrial life of the United States is so vast that a comprehensive
history of even a single industry, such as tool building, would run far
beyond the limits of one volume. This book, therefore, is confined to
the main lines of influence in tool building and to the personalities
and cities which have been most closely identified with it. The later
history of American tool building has never been written. For this the
writer has had to rely largely upon personal information from those
who are familiar with it, and who have had a part in it.
Part of the material contained in this book has appeared from time
to time in the American Machinist, and the writer would acknowledge
his indebtedness most of all to Mr. L. P. Alford, the editor of that
journal. His help and counsel have given these pages much of such
value as they possess. So many have helped with information,
corrections and suggestions that acknowledgments can be made
only to a few. The writer would particularly thank Mr. L. D.
Burlingame, Mr. Ned Lawrence, Mr. James Hartness, Mr. Coleman
Sellers and Mr. Clarence Bement.
If these pages serve to stimulate interest in the lives and work of
the tool builders, to whom we owe much, they will fulfill the hope of
the writer.
Sheffield Scientific School,
Yale University,
October, 1915.
AUTHOR’S NOTE
PAGE
Chapter I. Influence of the Early Tool Builders 1
Chapter II. Wilkinson and Bramah 11
Chapter III. Bentham and Brunel 22
Chapter IV. Henry Maudslay 33
Chapter V. Inventors of the Planer 50
Chapter VI. Gearing and Millwork 63
Chapter VII. Fairbairn and Bodmer 71
Chapter VIII. James Nasmyth 81
Chapter IX. Whitworth 98
Chapter X. Early American Mechanics 109
Chapter XI. The Rise of Interchangeable Manufacture 128
Chapter XII. Whitney and North 145
Chapter XIII. The Colt Armory 164
Chapter XIV. The Colt Workman—Pratt & Whitney 173
Chapter XV. Robbins & Lawrence 186
Chapter XVI. The Brown & Sharpe Manufacturing
Company 202
Chapter XVII. Central New England 216
Chapter XVIII. The Naugatuck Valley 231
Chapter XIX. Philadelphia 239
Chapter XX. The Western Tool Builders 261
Appendix A 281
Appendix B, The Jennings Gun 292
A Partial Bibliography on Tool Building 295
LIST OF ILLUSTRATIONS