Confusion and diffusion
This article needs additional citations for verification. (April 2009) |
In
Confusion in a
Definition
Confusion
Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.[3]
The property of confusion hides the relationship between the ciphertext and the key.
This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of most or all of the bits in the ciphertext will be affected.
Confusion increases the ambiguity of ciphertext and it is used by both block and stream ciphers.
In
Diffusion
Diffusion means that if we change a single bit of the plaintext, then about half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then about half of the plaintext bits should change.[5] This is equivalent to the expectation that encryption schemes exhibit an avalanche effect.
The purpose of diffusion is to hide the statistical relationship between the ciphertext and the plain text. For example, diffusion ensures that any patterns in the plaintext, such as redundant bits, are not apparent in the ciphertext.[3] Block ciphers achieve this by "diffusing" the information about the plaintext's structure across the rows and columns of the cipher.
In substitution–permutation networks, diffusion is provided by permutation boxes (a.k.a. permutation layer[4]). In the beginning of the 21st century a consensus had appeared where the designers preferred the permutation layer to consist of linear Boolean functions, although nonlinear functions can be used, too.[4]
Theory
In Shannon's original definitions, confusion refers to making the relationship between the
In particular, for a randomly chosen input, if one flips the i-th bit, then the probability that the j-th output bit will change should be one half, for any i and j—this is termed the strict avalanche criterion. More generally, one may require that flipping a fixed set of bits should change each output bit with probability one half.
One aim of confusion is to make it very hard to find the key even if one has a large number of plaintext-ciphertext pairs produced with the same key. Therefore, each bit of the ciphertext should depend on the entire key, and in different ways on different bits of the key. In particular, changing one bit of the key should change the ciphertext completely.
Practical applications
Design of a modern block cipher uses both confusion and diffusion,[2] with confusion changing data between the input and the output by applying a key-dependent non-linear transformation (linear calculations are easier to reverse and thus are easier to break).
Confusion inevitably involves some diffusion,
One of the most researched cipher structures uses the
Analysis of AES
The Advanced Encryption Standard (AES) has both excellent confusion and diffusion. Its confusion look-up tables are very non-linear and good at destroying patterns.[14] Its diffusion stage spreads every part of the input to every part of the output: changing one bit of input changes half the output bits on average. Both confusion and diffusion are repeated multiple times for each input to increase the amount of scrambling. The secret key is mixed in at every stage so that an attacker cannot precalculate what the cipher does.
None of this happens when a simple one-stage scramble is based on a key. Input patterns would flow straight through to the output. It might look random to the eye but analysis would find obvious patterns and the cipher could be broken.
See also
References
- ISBN 9780387740737.
- ^ a b c Stamp & Low 2007, p. 182.
- ^ .
- ^ a b c Liu, Rijmen & Leander 2018, p. 1.
- ISBN 978-0133354690.
- ^ a b Daemen & Rijmen 2013, p. 130.
- ^ Daemen & Rijmen 2013, p. 20.
- ^ Daemen & Rijmen 2013, p. 21.
- ^ Daemen & Rijmen 2013, p. 126.
- ^ Liu, Rijmen & Leander 2018, p. 2.
- ^ Li & Wang 2017.
- ^ Sajadieh et al. 2012.
- ^ Daemen & Rijmen 2013, p. 131.
- ISBN 978-1292158587.
Sources
- Claude E. Shannon, "A Mathematical Theory of Cryptography", Bell System Technical Memo MM 45-110-02, September 1, 1945.
- Claude E. Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, vol. 28–4, pages 656–715, 1949. [1] Archived 2007-06-05 at the Wayback Machine
- Wade Trappe and Lawrence C. Washington, Introduction to Cryptography with Coding Theory. Second edition. Pearson Prentice Hall, 2006.
- Li, Chaoyun; Wang, Qingju (2017). "Design of Lightweight Linear Diffusion Layers from Near-MDS Matrices" (PDF). IACR Transactions on Symmetric Cryptology. 1: 129–155. .
- Sajadieh, Mahdi; Dakhilalian, Mohammad; Mala, Hamid; Sepehrdad, Pouyan (2012). "Recursive Diffusion Layers for Block Ciphers and Hash Functions". Fast Software Encryption (PDF). Springer Berlin Heidelberg. pp. 385–401. ISSN 0302-9743.
- Daemen, Joan; Rijmen, Vincent (9 March 2013). The Design of Rijndael: AES - The Advanced Encryption Standard (PDF). Springer Science & Business Media. OCLC 1259405449.
- Stamp, Mark; Low, Richard M. (15 June 2007). Applied Cryptanalysis: Breaking Ciphers in the Real World. John Wiley & Sons. OCLC 1044324461.
- Liu, Yunwen; Rijmen, Vincent; Leander, Gregor (20 January 2018). "Nonlinear diffusion layers" (PDF). Designs, Codes and Cryptography. 86 (11): 2469–2484. ISSN 0925-1022.