Confusion and diffusion

In cryptography, confusion and diffusion are two properties of the operation of a secure cipher which were identified by Shannon in his paper, "Communication Theory of Secrecy Systems" published in 1949.

In Shannon's original definitions, confusion refers to making the relationship between the key and the ciphertext as complex and involved as possible; diffusion refers to the property that redundancy in the statistics of the plaintext is "dissipated" in the statistics of the ciphertext.

Diffusion is associated with dependency of bits of the output on bits of the input. In a cipher with good diffusion, flipping an input bit should change each output bit with a probability of one half (this is termed the Strict Avalanche Criterion).

Substitution (a plaintext symbol is replaced by another) has been identified as a mechanism for primarily confusion (see S-box); conversely transposition (rearranging the order of symbols) is a technique for diffusion, although other mechanisms are also used in modern practice, such as linear transformations (e.g. in Rijndael). Product ciphers use alternating substitution and transposition phases to achieve both confusion and diffusion respectively.

See also

• Substitution-permutation network

References

• Claude E. Shannon, "Communication Theory of Secrecy Systems", Bell System Technical Journal, vol.28-4, page 656--715, 1949. [1]