Cryptography Reference
In-Depth Information
4.1 Basic Terms
4.1.1 Bitwise Processing
The methods discussed so far were character-oriented, with the exception of the
simple XOR ciphering, which we discussed together with the classic Vigenere
method, since it is analogous to this method. When computers are available as
ciphering machines, it is no longer meaningful to limit ourselves to bytewise
encryption. Computers work with bits, bytes, and words (i.e., groups of bytes).
It is much better to work with bits for statistical reasons alone: we know that
'e' is the most frequent character in the English and German languages. But is
there also some usable evidence about the distribution of bit 3 of all bytes in
a text?
However, the particularities of a text won't be lost when decomposing it into
single bits. Think only of the headers in WordPerfect files, where many zero
bytes occur successively. This fact alone could be fateful for a weak method.
4.1.2 Confusion and Diffusion
C. E. Shannon, the 'father of information theory', published two basic encryp-
tion principles back in 1949: confusion and diffusion.
Confusion
refers to
covering up the relationship between the characters in the plaintext and in
the ciphertext.
Diffusion
refers to distributing the information contained in the
plaintext across the ciphertext. We can use the methods discussed so far to
easily explain these two terms.
Both the Caesar cipher and the simple substitution are methods that use con-
fusion. The relationship between a single ciphertext character and the corre-
sponding plaintext character is intentionally blurred; it should be recoverable
only by means of a key. Polyalphabetic methods, such as the Vigenere cipher
or the Enigma, are other methods that work with confusion only, but the kind
of 'blurring' additionally depends on the position in the text.
The
fcrypt
program discussed in Section 3.7 is a good example of diffusion. In
this case, every ciphertext character depends on 256
−
31
=
225 other plaintext
characters, and it is impossible to identify these characters. This 'smudging'
of information is the basic idea behind
fcrypt
. In addition, it uses confusion,
namely when adding a secret key or XORing with a secret key. It wasn't pure
