Cryptography Reference
In-Depth Information
chance that we had to fall back on the help of a new cryptanalytic method with
fcrypt
, and that linking diffusion and confusion prevented a plaintext attack
(requiring a chosen-plaintext attack instead). Diffusion is the acting principle
of transposition, which becomes easily attackable by differential cryptanaly-
sis only.
A stronger term for smudging than described by diffusion is the
avalanche
effect
for block ciphers (see also the following section): every bit of the cipher-
text block should depend on every bit of the plaintext block
and
every bit of
the key. The avalanche effect of
fcrypt
is insufficient: with a fixed key, only
some ciphertext characters (i.e., ciphertext bits) depend on a changed plaintext
bit. We will use this as a good peg for differential cryptanalysis.
A good block algorithm demands even more: if somebody swaps some plain-
text bit or key bit, then every ciphertext bit should change with a proba-
bility of exactly 50 %. Differential cryptanalysis exploits any deviation from
this value.
E
W
VB
W
F
I
R
B
X
O
M
Q
V
A
Z
QJZUANL
X
N
J
M
Q
L
Q
U
N
Confusion:
A
U
C
R
O
ETE
W
Z
J
The relationship between ciphertext
letters and plaintext letters is blurred; this
is “vertical blurring”.
G
T
J
A
L
K
ARTEXT
X
TTLKAE
XRTTLKAE
Diffusion:
Plaintext information is distributed
across the ciphertext; this is “horizontal
blurring”.
KAR
T
E
XT
Figure 4.1:
Confusion and diffusion.
