there are reasons why you could argue that they do, but let's not go into that.) AddRoundKey does not contribute to diffusion.I would argue that "small subsets" is what is really meant because Shannon also talks about " long combinations of letters in the cryptogram" (emphasis mine). Note that the above interpretation of diffusion is somewhat different from Shannon's "long range statistics", because the latter might be interpreted as "non-neighboring/close bits" rather than "small subsets of bits". (Remark that if this was not the case, one would obtain a strong linear approximation.) This is unfortunately very vague and in fact not really helpful if you are designing a block cipher. For instance, if the first input bit is zero with large probability, this should not be apparent in any small subset of the output bits. Paraphrasing to the context of the AES, one might say that diffusion means that the "statistic structure" (this is quite vague) of a plaintext block is spread out over the resulting ciphertext block.
Theĭough is first rolled out into a thin slab, then folded over, thenįor this reason, my answer will mostly be about how each transformation contributes to confusion/diffusion (rather than if these transformations contribute at all). That pastry dough can be mixed by such a sequence of operations. Good mixing transformations are often formed by repeated products of Shannon uses the following metaphor (for the construction of "mixing transformations"): The first comment I would like to make is that diffusion and confusion, if described using the intuitions above, typically only arise by repeated application of the round transformations. A second statistic $S_2$ limits $K$ stillįurther to $R_2$, hence it lies in the intersection region but thisĭoes not help much because it is so difficult to determine just what Region $R$ in the space, perhaps "folded ever" many times, and he has aĭifficult time making use of it. This limitation, however, is to some complex If the connection is very involved and confused the enemy may still beĪble to evaluate a statistic $S_1$, say, which limits the key to a In the case of simple substitution, it is easy toĭescribe the limitation of $K$ imposed by the letter frequencies of $E$. Statistics of $E$ and the simple description of $K$ a very complex and
The method of confusion is to make the relation between the simple Redundancy has been diffused over a large number of individual statistics. Material, the analytical work required is much greater since the This structure, since the structure is evident only in blocks of very The enemy must intercept a tremendous amount of material to tie down “dissipated” into long range statistics-i.e.,into statistical structure involving longĬombinations of letters in the cryptogram. Statistical structure of $M$ which leads to its redundancy is Two methods (other than recourse to ideal systems) suggest themselvesįor frustrating a statistical analysis. In Communication Theory of Secrecy Systems, Shannon wrote: In any case, a proper definition of "confusion" / "diffusion" is essential. Needless to say, the outcome of such a thought experiment is at least somewhat subjective. That said, we can of course try to understand the effect of each transformation with respect to the "confusion" / "diffusion" concepts. Instead, the key to understanding the choice of the steps in the round transformation is the wide trail strategy. I should start by saying that the notions confusion and diffusion can not provide an in-depth understanding of the design of the AES, simply because they are not specific enough.
0 kommentar(er)
