Confusion and diffusion

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work together to thwart the application of statistics and other methods of cryptanalysis. Confusion in a symmetric cipher is obscuring the local correlation between the input (plaintext) and output (ciphertext) by varying the application of the key to the data, while diffusion is hiding the plaintext statistics by spreading it over a larger area of ciphertext. Although ciphers can be confusion-only (substitution cipher, one-time pad) or diffusion-only (transposition cipher), any "reasonable" block cipher uses both confusion and diffusion. These concepts are also important in the design of cryptographic hash functions and pseudorandom number generators, where decorrelation of the generated values is the main feature, diffusion (and its avalanche effect) is also applicable to non-cryptographic hash functions. Confusion means that each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two. The property of confusion hides the relationship between the ciphertext and the key. This property makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, the calculation of most or all of the bits in the ciphertext will be affected. Confusion increases the ambiguity of ciphertext and it is used by both block and stream ciphers. In substitution–permutation networks, confusion is provided by substitution boxes. Diffusion means that if we change a single bit of the plaintext, then about half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then about half of the plaintext bits should change. This is equivalent to the expectation that encryption schemes exhibit an avalanche effect. The purpose of diffusion is to hide the statistical relationship between the ciphertext and the plain text.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications (1)

Related concepts (17)

Related lectures (10)

DES S-box generator

Serge Vaudenay, Lauren De Meyer

The Data Encryption Standard (DES) is a cryptographic algorithm, designed by IBM, that was selected to be the national standard in 1977 by the National Bureau of Standards. The algorithm itself was en

Taylor & Francis Inc2016

Symmetric Encryption Schemes

Explores symmetric encryption schemes, including block and stream ciphers, their vulnerabilities, and the importance of key lengths.

Cryptanalysis: Decorrelation & Proving Security

Explores cryptanalysis through decorrelation techniques and proving security in conventional cryptography, covering topics like distinguishing functions, matrices, and the random oracle model.

Analytical Mechanics: Lagrange Formalism

Covers the limitations of Lagrange formalism and the transition to Hamiltonian formalism for dynamic variables.

Round (cryptography)

In cryptography, a round or round function is a basic transformation that is repeated (iterated) multiple times inside the algorithm. Splitting a large algorithmic function into rounds simplifies both implementation and cryptanalysis. For example, encryption using an oversimplified three-round cipher can be written as , where C is the ciphertext and P is the plaintext. Typically, rounds are implemented using the same function, parameterized by the round constant and, for block ciphers, the round key from the key schedule.

Confusion and diffusion

Substitution–permutation network

In cryptography, an SP-network, or substitution–permutation network (SPN), is a series of linked mathematical operations used in block cipher algorithms such as AES (Rijndael), 3-Way, Kalyna, Kuznyechik, PRESENT, SAFER, SHARK, and Square. Such a network takes a block of the plaintext and the key as inputs, and applies several alternating rounds or layers of substitution boxes (S-boxes) and permutation boxes (P-boxes) to produce the ciphertext block. The S-boxes and P-boxes transform of input bits into output bits.