Avalanche effect

Avalanche effect - a concept in cryptography , usually applied to block ciphers and cryptographic hash functions . An important cryptographic property for encryption, which means that changing the value of a small number of bits in the input text or in the key leads to an "avalanche" change in the values of the output bits of the ciphertext. In other words, this is the dependence of all output bits on each input bit.

The term “avalanche effect” was first introduced by Feistel in an article on Cryptography and Computer Privacy published in Scientific American in May 1973 ^[1] , although the concept was still used by Shannon .

In algorithms with several passes, an avalanche effect is usually achieved due to the fact that at each pass a change in one input bit leads to changes in several output bits ^[2] .

If the cryptographic algorithm does not have an avalanche effect sufficiently, the cryptanalyst can make an assumption about the input information based on the output information. Thus, achieving an avalanche effect is an important goal in the development of a cryptographic algorithm ^[3] .

Content

1 Criteria
- 1.1 Avalanche criterion
- 1.2 Strict avalanche criteria
  - 1.2.1 Definition
  - 1.2.2 Example
- 1.3 Criterion for the independence of bits
  - 1.3.1 Definition
- 1.4 Guaranteed avalanche effect of order $\gamma$ ${\ displaystyle \ gamma}$ $\ gamma$
2 Confusion and diffusion
3 Avalanche effect in popular algorithms
- 3.1 Avalanche effect in DES
  - 3.1.1 Counting dependent output bits
  - 3.1.2 Impact spread table 1 bit left part in DES
  - 3.1.3 Table of the dependence of the number of changed bits in each round
- 3.2 Avalanche effect in AES
- 3.3 AES Avalanche Test
- 3.4 Avalanche effect in GOST 28147-89
  - 3.4.1 Table of influence distribution of 1 bit of the left part in GOST 28147-89
  - 3.4.2 The value of the avalanche effect in GOST 28147-89
4 Examples
- 4.1 Examples for hash functions
- 4.2 Examples for ciphers
- 4.3 Example of a bad avalanche effect
5 notes

Criteria

In order to check for a good avalanche effect in a particular algorithm, several criteria are used ^[4] :

Avalanche Criterion

The cryptographic algorithm satisfies the avalanche criterion if, when one bit of the input sequence is changed, half of the output bits change on average.

Formally, a function can be given the following definition:

Function $f:\{0,1\}^{n}\to \{0,1\}^{n}$ ${\ displaystyle f: \ {0,1 \} ^ {n} \ to \ {0,1 \} ^ {n}}$ $f: \{0,1\}^n \to \{0,1\}^n$ satisfies the avalanche criterion if a change in one bit at the input causes an average change in half of the output bits ^[4] .

Strict Avalanche Criteria

The definition of a strictly avalanche criterion (SLK) was first given by and in the research and design of S-blocks .

The Boolean function can be considered as part of the structure of S-blocks. The design of S-blocks based on Boolean functions satisfying SLK was studied by Adams and C. Tavares, Kwangio Kim . Since 1990, SLK has been studied in the context of Boolean functions ^[5] .

Definition

Boolean function $f(x)$ ${\ displaystyle f (x)}$ where $x$ ${\ displaystyle x}$ - vector of $n$ ${\ displaystyle n}$ variables, satisfies the SLC if, when changing one of $n$ ${\ displaystyle n}$ input bits the output bit changes with probability exactly $1/2$ ${\ displaystyle 1/2}$ .

Example

An example of a Boolean function of three variables that satisfies SLK ^[5] :

Input bits $x$ ${\ displaystyle x}$	000	001	010	011	one hundred	101	110	111
Output bit $f(x)$ ${\ displaystyle f (x)}$	one	one	one	0	0	one	one	one

It is said that a cryptographic algorithm satisfies the strict avalanche criterion ^[6] if, when one bit of the input sequence changes, each bit of the output sequence changes with a probability of one second.

Bit independence criterion

and in their work on the study and description of S-blocks identified another criterion for a Boolean function , called the criterion for bit independence , according to which, when one input bit is changed, any two output bits change independently from friend.

Definition

Function $f:\{0,1\}^{n}\to \{0,1\}^{n}$ ${\ displaystyle f: \ {0,1 \} ^ {n} \ to \ {0,1 \} ^ {n}}$ satisfies the independence criterion of bits , if for any $i,j,k\in \{1,2,...,n\}$ ${\ displaystyle i, j, k \ in \ {1,2, ..., n \}}$ where $j\neq k$ ${\ displaystyle j \ neq k}$ inverting bits $i$ ${\ displaystyle i}$ input causes bit changes $j$ ${\ displaystyle j}$ and $k$ ${\ displaystyle k}$ , and these changes are independent. A correlation coefficient is introduced to measure the independence of the two output bits. $BIC(a_{j},a_{k})$ ${\ displaystyle BIC (a_ {j}, a_ {k})}$ between $j$ ${\ displaystyle j}$ and $k$ ${\ displaystyle k}$ component of the output vector for the modified output vector, which is called the avalanche vector and is denoted as $A^{ei}$ ${\ displaystyle A ^ {ei}}$ .

BIC(a_{i},a_{j})=\max _{1\leqslant i\leqslant n}|\operatorname {corr} (a_{k}^{e_{j}},a_{k}^{e_{i}'})|

{\ displaystyle BIC (a_ {i}, a_ {j}) = \ max _ {1 \ leqslant i \ leqslant n} | \ operatorname {corr} (a_ {k} ^ {e_ {j}}, a_ {k } ^ {e_ {i} '}) |}

.

Parameter $B I C$ ${\ displaystyle BIC}$ bit independence for function $f$ ${\ displaystyle f}$ located as:

BIC=\max _{1\leqslant j,k\leqslant n,j\neq k}BIC(a_{j},a_{k})

{\ displaystyle BIC = \ max _ {1 \ leqslant j, k \ leqslant n, j \ neq k} BIC (a_ {j}, a_ {k})}

.

This parameter demonstrates how much the function $f$ ${\ displaystyle f}$ satisfies the criterion for bit independence . It takes values between $[0,1]$ ${\ displaystyle [0,1]}$ , and in the best case it is 0 and we can talk about independence, in the worst 1, when there is a dependence ^[4] .

It is said that a cryptographic algorithm satisfies the criterion for bit independence if, when changing any input bit, any two output bits change independently.

Guaranteed avalanche effect of order $\gamma$ ${\ displaystyle \ gamma}$

The guaranteed avalanche effect of order is also distinguished. $\gamma$ ${\ displaystyle \ gamma}$ .

Guaranteed Avalanche Criterion ( GAC ) $\gamma$ ${\ displaystyle \ gamma}$ if, when one bit is changed at the input of the node, the replacements at the output $\gamma$ ${\ displaystyle \ gamma}$ output bits. GAC order execution $\gamma$ ${\ displaystyle \ gamma}$ in the range from 2 to 5 for replacement nodes provides any cipher a very high avalanche effect due to the propagation of changes in bits when passing data through encryption rounds in the Feistel scheme ^[7] .

Confusion and Diffusion

Shannon introduced the concepts of confusion and diffusion as methods that complicate statistical cryptanalysis . According to Shannon:

Diffusion is a method in which the redundancy in the statistics of the input data is "distributed" throughout the structure of the output data. At the same time, large volumes of output data are required for statistical analysis, the structure of the source text is hidden. It is implemented using P-blocks , In other words, every bit of unencrypted text should affect every bit of encrypted text. Spreading one unencrypted bit over a large number of encrypted bits hides the statistical structure of unencrypted text. Determining how the statistical characteristics of encrypted text depend on the statistical characteristics of unencrypted text should not be easy.

Confusion is a method in which the dependence of the key and the output is made as complex as possible, in particular, non-linear. At the same time, it becomes more difficult to draw conclusions about the key on the output data, as well as on the source data, if part of the key is known. It is implemented using S-blocks .

The avalanche effect is the result of good confusion and diffusion ^[8] .

Avalanche effect in popular algorithms

Avalanche effect in DES

Counting Dependent Output Bits

In DES, the avalanche effect has the character of a strict avalanche effect and appears already in the fourth to fifth round ^[3] , estimated for each operation (assuming that by the beginning of the round the influence of one initially selected bit spread to $R_{0}$ ${\ displaystyle R_ {0}}$ bits on the right and $L_{0}$ ${\ displaystyle L_ {0}}$ - in the left):

After expansion: $R_{1}=\min(1{,}5\cdot R_{0},32).$ ${\ displaystyle R_ {1} = \ min (1 {,} 5 \ cdot R_ {0}, 32).}$

Assuming random hits in 8 S-blocks, according to the placement problem , the bits will fall into: $S_{2}=8\cdot \left(1-(1-{\tfrac {1}{8}})^{R_{1}}\right)\approx 8\cdot \left(1-e^{-{\frac {R_{1}}{8}}}\right)$ ${\ displaystyle S_ {2} = 8 \ cdot \ left (1- (1 - {\ tfrac {1} {8}}) ^ {R_ {1}} \ right) \ approx 8 \ cdot \ left (1- e ^ {- {\ frac {R_ {1}} {8}}} \ right)}$ S-blocks.

One of the NSA's requirements for S-blocks was that changing each input bit changed 2 output bits. We assume that each S-block input bit affects all 4 output bits. Dependent will be: $S_{2}=4\cdot 8\cdot \left(1-(1-{\tfrac {1}{8}})^{R_{1}}\right)\approx 4\cdot 8\cdot \left(1-e^{-{\frac {R_{1}}{8}}}\right)$ ${\ displaystyle S_ {2} = 4 \ cdot 8 \ cdot \ left (1- (1 - {\ tfrac {1} {8}}) ^ {R_ {1}} \ right) \ approx 4 \ cdot 8 \ cdot \ left (1-e ^ {- {\ frac {R_ {1}} {8}}} \ right)}$ bits.

After bit addition left $L$ ${\ displaystyle L}$ and right $R$ ${\ displaystyle R}$ parts : $R_{3}\approx R_{2}+L_{0}-{\frac {R_{2}\cdot L_{0}}{32}}.$ ${\ displaystyle R_ {3} \ approx R_ {2} + L_ {0} - {\ frac {R_ {2} \ cdot L_ {0}} {32}}.}$

Impact spread table 1 bit left part in DES

Round	$L_{i}$ ${\ displaystyle L_ {i}}$	$R_{i}$ ${\ displaystyle R_ {i}}$
Round	$l$ ${\ displaystyle l}$	Expansion $r\to R_{1}$ ${\ displaystyle r \ to R_ {1}}$	S-blocks $R_{1}\to R_{2}$ ${\ displaystyle R_ {1} \ to R_ {2}}$	$R_{i+1}=f(R_{1})\oplus L_{i}$ ${\ displaystyle R_ {i + 1} = f (R_ {1}) \ oplus L_ {i}}$ $(R_{2},l)\to R_{3}$ ${\ displaystyle (R_ {2}, l) \ to R_ {3}}$
0	one	0	0	0
one	0	0	0	(0, 1) $\to$ ${\ displaystyle \ to}$ one
2	one	1 → 1,5	1.5 → 5.5	(5.5, 0) → 5.5
3	5.5	5.5 → 8.3	8.2 → 20.5	(20.5, 1) → 20.9
four	20.9	20.9 → 31.3	31.3 → 32	(32, 20.9) → 32
5	32	32	32	32

To achieve the maximum avalanche effect, it is necessary to carefully select the extension, S-blocks, as well as a permutation in the function $F$ ${\ displaystyle F}$ .

Table of the dependence of the number of changed bits in each round

The following table shows the number of output bits changed on each round, provided that one bit of the source text and one bit of the key are changed. ^[9]

Input Changes		Key Changes
Round	amount modified bits	Round	amount modified bits
0	one	0	0
one	6	one	2
2	21	2	fourteen
3	35	3	28
four	39	four	32
5	34	5	thirty
6	32	6	32
7	31	7	35
8	29th	8	34
9	42	9	40
10	44	10	38
eleven	32	eleven	31
12	thirty	12	33
13	thirty	13	28
fourteen	26	fourteen	26
fifteen	29th	fifteen	34
16	34	16	35

AES Avalanche Effect

In AES, the avalanche effect appears as follows: in the first round, the MixColumns () operation propagates the changes of one byte to all 4 bytes of the column, after which in the second round the application of the ShiftRows () and MixColumns () operations propagates the changes to the entire table. Thus, complete diffusion is achieved already in the second round. Confusion is provided by the SubBytes () operation.

AES Avalanche Test

The table shows the numerical values of the avalanche effect for S-blocks in AES. In the first case, the byte “11” (in hexadecimal notation) is changed to “10”, in the second case the byte “11” is changed to “12”, in the third - “00” to “10”. Accordingly, the avalanche effect coefficient was calculated for each case. From these data, we can clearly see that the encrypted output text is not at all simple, with a rather simple input text ^[10] . And the coefficient of the avalanche effect is close to 0.5, which means good fulfillment of the avalanche criterion.

Input text	Ciphertext ^{[ specify ]}	Avalanche effect
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11	79 F8 CC 24 01 82 DD 7F 2D 89 F7 E7 78 B7 EE 30	0.4375 (56)
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 10	9D 4C 1D B4 6A 93 27 B5 20 64 37 D1 3D 9D 2A	0.4375 (56)
11 22 33 66 55 44 55 44 77 88 99 66 44 45 36 12	4A A9 16 11 E2 8A 9F 67 35 30 1F 80 16 C5 B7 CD	0.5153 (66)
11 22 33 66 55 44 55 44 77 88 99 66 44 45 36 11	D7 00 43 2D 51 78 F7 65 50 03 03 75 B1 E4 2D A0	0.5153 (66)
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	C6 A1 3B 37 87 8F 5B 82 6F 4F 81 62 A1 C8 79	0.4453 (57)
10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	0D 19 33 06 27 42 FE 01 9C FE 06 E1 A8 1A A0 01	0.4453 (57)

Avalanche effect in accordance with GOST 28147-89

The input avalanche effect is provided (4 by 4) with S-blocks and a cyclic left shift by $11\neq 0\mod 4$ ${\ displaystyle 11 \ neq 0 \ mod 4}$

Impact spreading table of 1 bit of the left part in GOST 28147-89

Round	$L_{i}$ ${\ displaystyle L_ {i}}$								$R_{i}$ ${\ displaystyle R_ {i}}$
Round	one	2	3	four	5	6	7	8	one	2	3	four	5	6	7	8
0								one
one																one
2								one					3	one
four		3	four	one				one	four	one			3	one	3	four
5	four	one			3	one	3	four		3	four	four	four	four	four	one
6		3	four	four	four	four	four	one	four	four	four	four	four	3	3	four
7	four	four	four	four	four	3	3	four	four	four	four	four	four	four	four	four
8	four	four	four	four	four	four	four	four	four	four	four	four	four	four	four	four

The table shows that on each round, the number of independent bits increases by an average of 4 times as a result of a shift and hit of the S-block output of the previous round in 2 S-blocks of the next round. The distribution of dependent bits in groups of 4 bits in the left and right parts is shown without taking into account addition with the round key. It is assumed that each bit at the input of the S-block affects all bits of the output. The number of rounds to achieve a complete avalanche effect without taking into account addition with the key is 8. An experimental check for S-blocks used by the Central Bank of the Russian Federation shows that 8 rounds are required .

The value of the avalanche effect in GOST 28147-89

For cryptographic stability, the key requirements for bit conversion operations in the encryption round are nonlinearity, i.e., the inability to choose a linear function that approximates this conversion well and the avalanche effect - fulfilling these requirements makes it difficult to conduct linear and differential cryptanalysis of the cipher, respectively. If we consider from this perspective the conversion operations in the encryption round according to GOST 28147-89, then it is easy to make sure that cryptographic stability is provided only by the addition operations with the key and the replacement of bits according to the table, since the operations of bitwise shift and summation modulo 2 are linear and do not have an avalanche effect. From this we can conclude that the decisive factor in the reliability of encryption according to GOST 28147-89 is the properly selected key information (key and replacement table). In the case of encrypting data with a zero key and a trivial substitution table, all nodes of which contain numbers from 0 to 15 in ascending order, it is quite simple to find plaintext from a known ciphertext using both linear and differential cryptanalysis.

As shown ^[11] , the operation of adding data with a subkey cannot provide a sufficient avalanche effect, since when changing one bit at the input of this procedure, only one bit at the output changes with a probability of 0.5, the remaining bits change with a probability much less. This suggests that to ensure the cryptographic strength of encryption, it is not enough just to ensure sufficient key quality - it is also necessary to use strong replacement tables with high nonlinearity and avalanche effect ^[12] .

Examples

Examples for hash functions

The examples demonstrate a hash change when one bit in the input sequence changes.

SHA-1 :

  SHA-1 (0110 0001 0110 00 0 1 0110 0001 0110 00 0 1) = '70c881d4a26984ddce795f6f71817c9cf4480e79'
 SHA-1 (0110 0001 0110 00 1 1 0110 0001 0110 00 0 1) = 'c6fdc1a445881de1f33e09cf00420a57b493b96d'
 SHA-1 (0110 0001 0110 00 0 1 0110 0001 0110 00 1 1) = '00b25f15212ed225d3389b5f75369c82084b3a76'

MD5 :

  MD5 (0110 0001 0110 00 0 1 0110 0001 0110 00 0 1) = '74b87337454200d4d33f80c4663dc5e5'
 MD5 (0110 0001 0110 00 1 1 0110 0001 0110 00 0 1) = 'ca7de9e17429612452a717a44c36e688'
 MD5 (0110 0001 0110 00 0 1 0110 0001 0110 00 1 1) = '3963a2ba65ac8eb1c6e2140460031925'

Examples for ciphers

The examples demonstrate the change in the encrypted message when one bit ^[13] changes in the input sequence or in the key.

AES :

  AES (key = "aaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaa)) = '5188c6474b228cbdd242e9125ebe1d53'
 AES (key = "aaaaaaaaaaaaaaaa", "aa c aaaaaaaaaaaaaa") = 'f7e5c1118f5cb86198e37ff7a29974bc'
 AES (key = "aa c aaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaa") = '2c50b5cac9c755d67aa61b87c26248eb'
 AES (key = "aa c aaaaaaaaaaaaa", "aa c aaaaaaaaaaaaaa") = '87c09128de852b990b3dfbd65c7d9094'

RC4 :

  RC4 (key = "aaaaaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaa") = '71ddf97f23b8e42a4f0ccc463d7da4aa'
 RC4 (key = "aaaaaaaaaaaaaaaa", "aa c aaaaaaaaaaaaaa") = '3d0feab630a32d1d0654c5481bd9ddd9'
 RC4 (key = "aa c aaaaaaaaaaaaa", "aaaaaaaaaaaaaaaaa") = '476266d77453695b6cee682f23b0c51d'
 RC4 (key = "aa c aaaaaaaaaaaaa", "aa c aaaaaaaaaaaaaa") = '3139d4506185d48e9b9e3dbbd4b57ec2'

Bad Avalanche Effect Example

Caesar's cipher does not realize an avalanche effect:

  E (k = 3, "aaaaaaaaaaaaaaaaa") = 'dddddddddddddddd'
 E (k = 3, "a c aaaaaaaaaaaaaaa") = 'dfdddddddddddddd'

Notes

↑ Horst Feistel, “Cryptography and Computer Privacy.” Scientific American , Vol. 228, No. 5, 1973. (Scanned JPEG Images)
↑ Richard A. Mollin, “Codes: the guide to secrecy from ancient to modern times”, Chapman & Hall / CRC, 2005, p. 142. (View on Google Books)
↑ ¹ ² William Stallings, “Cryptography and network security: principles and practice”, Prentice Hall, 1999, p. 80. (Viewed on Google Books)
↑ ¹ ² ³ Isl VERGILI, Melek D. YUCEL. VOL . 9 // Avalanche and Bit Independence Properties for the Ensembles of Randomly Chosen n X n S-Boxes . - Turk J Elec Engin, 2001 .-- S. 137.
↑ ¹ ² Thomas W. Cusick, Pantelimon Stanica, Pantelimon Stănică. Cryptographic Boolean Functions and Applications . - Academic Press, 2009 .-- S. 25.
↑ Réjane Forré, “The Strict Avalanche Criterion: Spectral Properties of Boolean Functions and an Extended Definition”, Proceedings on Advances in cryptology, Springer-Verlag New York, Inc, 1990, p. 450. (Link to PDF) Archived from 19 May 2003 on the Wayback Machine .
↑ Federal Agency for Education Siberian State Aerospace University named after Academician M.F. Reshetnev. TOPICAL SECURITY ISSUES OF INFORMATION TECHNOLOGIES (PDF link)
↑ Shannon C. Communication Theory of Secrecy Systems // Bell Syst. Tech. J. - Short Hills, NJ, etc : 1949. - Vol. 28, Iss. 4. - P. 656–715. - ISSN 0005-8580 - doi: 10.1002 / J.1538-7305.1949.TB00928.X
<a href=" https://wikidata.org/wiki/Track:Q4883266 "> </a> <a href=" https://wikidata.org/wiki/Track:Q3472467 "> </a> <a href = " https://wikidata.org/wiki/Track:Q92760 "> </a> <a href=" https://wikidata.org/wiki/Track:Q1053345 "> </a>
↑ Sourav Mukhopadhyay. Chapter 2 // Cryptography and Network Security . - India: Department of Mathematics Indian Institute of Technology Kharagpur. - S. 20. Archived November 20, 2016 on the Wayback Machine
↑ Amish Kumar, Mrs. Namita Tiwari. Vol. 1 // EFFECTIVE IMPLEMENTATION AND AVALANCHE EFFECT OF AES . - Department of CSE MANIT-Bhopal: IJSPTM, August 2012 .-- S. 34.
↑ C. Charnes, O`Connor, J. Pieprzyk, R. Safavi-Naini, Y. Zheng. Futher Comments Soviet Encryption Algorithm . - June 1,1994. - S. 1-8. (inaccessible link)
↑ TOPICAL SECURITY ISSUES OF INFORMATION TECHNOLOGIES. Collection of materials of the III International Scientific and Practical Conference Krasnoyarsk 2009. (Link to PDF)
↑ “a” = 0110 00 0 1, “c” = 0110 00 1 1

[feistelSciAm-1] Horst Feistel, “Cryptography and Computer Privacy.” Scientific American , Vol. 228, No. 5, 1973. (Scanned JPEG Images)

[MollinCodes-2] Richard A. Mollin, “Codes: the guide to secrecy from ancient to modern times”, Chapman & Hall / CRC, 2005, p. 142. (View on Google Books)

[StallingsCryptography-3] ¹ ² William Stallings, “Cryptography and network security: principles and practice”, Prentice Hall, 1999, p. 80. (Viewed on Google Books)

[Vergili-4] ¹ ² ³ Isl VERGILI, Melek D. YUCEL. VOL . 9 // Avalanche and Bit Independence Properties for the Ensembles of Randomly Chosen n X n S-Boxes . - Turk J Elec Engin, 2001 .-- S. 137.

[Cusick-5] ¹ ² Thomas W. Cusick, Pantelimon Stanica, Pantelimon Stănică. Cryptographic Boolean Functions and Applications . - Academic Press, 2009 .-- S. 25.

[SAC-6] Réjane Forré, “The Strict Avalanche Criterion: Spectral Properties of Boolean Functions and an Extended Definition”, Proceedings on Advances in cryptology, Springer-Verlag New York, Inc, 1990, p. 450. (Link to PDF) Archived from 19 May 2003 on the Wayback Machine .

[7] Federal Agency for Education Siberian State Aerospace University named after Academician M.F. Reshetnev. TOPICAL SECURITY ISSUES OF INFORMATION TECHNOLOGIES (PDF link)

[Shannon-8] Shannon C. Communication Theory of Secrecy Systems // Bell Syst. Tech. J. - Short Hills, NJ, etc : 1949. - Vol. 28, Iss. 4. - P. 656–715. - ISSN 0005-8580 - doi: 10.1002 / J.1538-7305.1949.TB00928.X
<a href=" https://wikidata.org/wiki/Track:Q4883266 "> </a> <a href=" https://wikidata.org/wiki/Track:Q3472467 "> </a> <a href = " https://wikidata.org/wiki/Track:Q92760 "> </a> <a href=" https://wikidata.org/wiki/Track:Q1053345 "> </a>

[Sourav-9] Sourav Mukhopadhyay. Chapter 2 // Cryptography and Network Security . - India: Department of Mathematics Indian Institute of Technology Kharagpur. - S. 20. Archived November 20, 2016 on the Wayback Machine

[Kumar-10] Amish Kumar, Mrs. Namita Tiwari. Vol. 1 // EFFECTIVE IMPLEMENTATION AND AVALANCHE EFFECT OF AES . - Department of CSE MANIT-Bhopal: IJSPTM, August 2012 .-- S. 34.

[Charnes-11] C. Charnes, O`Connor, J. Pieprzyk, R. Safavi-Naini, Y. Zheng. Futher Comments Soviet Encryption Algorithm . - June 1,1994. - S. 1-8. (inaccessible link)

[12] TOPICAL SECURITY ISSUES OF INFORMATION TECHNOLOGIES. Collection of materials of the III International Scientific and Practical Conference Krasnoyarsk 2009. (Link to PDF)

[13] “a” = 0110 00 0 1, “c” = 0110 00 1 1

Avalanche effect

Content

Criteria

Avalanche Criterion

Strict Avalanche Criteria

Definition

Example

Bit independence criterion

Definition

Guaranteed avalanche effect of orderγ {\ displaystyle \ gamma}

Confusion and Diffusion

Avalanche effect in popular algorithms

Avalanche effect in DES

Counting Dependent Output Bits

Impact spread table 1 bit left part in DES

Table of the dependence of the number of changed bits in each round

AES Avalanche Effect

AES Avalanche Test

Avalanche effect in accordance with GOST 28147-89

Impact spreading table of 1 bit of the left part in GOST 28147-89

The value of the avalanche effect in GOST 28147-89

Examples

Examples for hash functions

Examples for ciphers

Bad Avalanche Effect Example

Notes

More articles:

Guaranteed avalanche effect of order $\gamma$ ${\ displaystyle \ gamma}$