The Kerckhoff's Principle states that: A cryptosystem should be secure, even if everything about the system, except the key, is public knowledge.
Claude Shannon rephrased the principle as:
"one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them".
This expression is referred to as: "Shannon's maxim". The opposite of the above principle is: security through obscurity where the secrecy of the cryptosystem is based on fully or partially hiding the algorithm or its implementation. Due to advanced reverse engineering methods, this is widely considered a security weakness.
Substitution ciphers could be exploited using frequency analysis attacks. We have seen that frequency analysis can take different forms and complexities. The technique attempts to exploit the statistical features of the language used in communication.
In general, if we can collect meaningful statistics from the ciphertext, and map it to some known features, then we hope to recover the plaintext or part of it.
<aside> 💡 As ciphers became more complex the statistical techniques used in cryptanalysis also became complex. We call cryptanalysis techniques that rely on statistical analysis: statistical cryptanalysis. Frequency analysis is only a small portion within statistical cryptanalysis.
</aside>
Part of the design of modern cryptosystems is to ensure that it can withstand statistical cryptanalysis. To do that Claude Shannon developed in 1949 two concepts: confusion and diffusion.
Diffusion is a measure of the relationship between the plaintext and ciphertext.
To achieve better security we want higher diffusion, i.e., the statistical relationship between the plaintext and ciphertext is complicated. In other words, we want the ciphertext to store as little information as possible about the plaintext, other than the length. If the ciphertext has zero information about plaintext then this is perfect secrecy which is practically infeasible.
<aside> 💡 If there is good diffusion, then changing a bit in the plaintext will impact many bits in the ciphertext. The more bits are impacted, the better diffusion we get. This is similar to saying that information about a specific bit in plaintext is diffused through many bits in the ciphertext.
</aside>
If changing one bit in plaintext impacts half of the bits in the ciphertext, then this is an excellent diffusion, which is given the name Avalanche Effect. More desirable, the avalanche effect is achieved when complementing one bit in the input results in changing every bit in the output with probability of 50%. This is a desirable design property for cryptographic algorithms.
<aside> 💡 This is called the Strict Avalanche Criterion (SAC). All transposition ciphers exhibit some level of diffusion. For modern ciphers, diffusion is normally achieved through applying multiple transposition cycles then passing it to a function. In DES this is achieved using the combination of the expansion function and SBoxes. In AES, this is achieved using the permutation boxes (P-boxes).
</aside>
Confusion is a measure of the relationship between the ciphertext and the key.
To achieve better security we want higher confusion, i.e., the statistical relationship between the plaintext and ciphertext is complicated. In other words, we want the ciphertext to store as little information as possible about the key. Perfect secrecy is achieved when the ciphertext stores zero knowledge about the key, which is again practically infeasible.
<aside> 💡 Unlike diffusion where the impact of a local change is spread out, in confusion a localized change results in some ambiguous local change, i.e., you get confused about what happened. Stated in other terms, every bit in ciphertext depends on many bits in the key.
</aside>