||The English used in this article or section may not be easy for everybody to understand. (December 2011)|
The avalanche effect is satisfied if:
- The output changes significantly (e.g., half the output bits flip) as a result of a slight change in input (e.g., flipping a single bit)
- In "quality" block ciphers, such a small change in either the key or the plaintext should cause a strong change in the ciphertext.
Both of above features allow small changes to propagate rapidly through iterations of the algorithm, in such a way that every bit of the output should depend on every bit of the input before the algorithm terminates.
If a block cipher or cryptographic hash function does not exhibit the avalanche effect to a significant degree, then it has poor randomization, and thus a cryptanalyst can make forecasts about the input, if given only the output. This may be sufficient to partially or completely break (crack) the algorithm.
One of the primary design objectives in constructing a "quality" cipher or cryptographic hash function is to build a good avalanche effect in it. This is why most block ciphers are product ciphers. It is also why hash functions have large data blocks.
Strict avalanche criterion[change | change source]
The Strict Avalanche Criterion (SAC) is a property of boolean functions of importance to cryptography. A function is said to satisfy the strict avalanche criterion if, whenever a single input bit is complemented, each of the output bits should change with a probability of one half.
The SAC was built on the concepts of evolution completeness and avalanche and introduced by Webster and Tavares in 1985.
Bit independence criterion[change | change source]
The Bit independence criterion (BIC) states that output bits j & k should change independently when any single input bit i is inverted, for all i, j and k.
Related pages[change | change source]
References[change | change source]
- A. F. Webster and Stafford E. Tavares, "On the design of S-boxes", Advances in Cryptology - Crypto '85 (Lecture Notes in Computer Science), vol. 219, pp. 523–534, 1985.
- Practical example (32 bits), taken from the extensive justification of the hash function HSH 11/13
- Horst Feistel, "Cryptography and Computer Privacy." Scientific American, Vol. 228, No. 5, 1973. (JPEG format scanned)