This is an article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption.
A block cipher is a type if cipher that combines an encryption/decryption algorithm that works on blocks of data with a mode of operation that details the techniques to process sequences of data blocks.
While many different block cipher algorithms exist, they all share a common structural design: they apply a series of transformations — known as rounds — that iteratively manipulate the input data. These rounds consist of small, repeatable operations that gradually transform the plaintext into ciphertext.
Confusion and Diffusion
To understand the principles behind these transformations, we turn to the foundational work of Claude Shannon, who identified two essential properties for constructing a secure cipher: confusion and diffusion.
Confusion and S-Boxes
Confusion means that the relationship between the input and output is hidden. In practice this means that the input undergoes complex transformations that obscure the relationship between the plaintext and ciphertext after encryption is complete.
For example, one method of implementing confusion is through a simple lookup table that take a fixed-size input and maps it to a fixed-size output using a pre-defined lookup table. In most algorithms these lookup tables are called substitution boxes or S-boxes.
For example, we could define 4-bit S-box that takes any one of 16 possible 4-bit values and returns a substituted value.
S-Box Table
| Input (hex) | Output (hex) |
|---|---|
| 0 | E |
| 1 | 4 |
| 2 | D |
| 3 | 1 |
| 4 | 2 |
| 5 | F |
| 6 | B |
| 7 | 8 |
| 8 | 3 |
| 9 | A |
| A | 6 |
| B | C |
| C | 5 |
| D | 9 |
| E | 0 |
| F | 7 |
Suppose you are trying to perform a substitution for the input 1010
(binary), which is 0xA in hexadecimal. The process is simple:
- Lookup
0xAin the table - Find the output is
6→0110in binary.
The S-box maps 1010 → 0110. In practice, you’d apply this S-box to
each 4-bit segment of a block of data.
On its own, an S-box is not secure, and acts suspiciously like the simple substitution ciphers that we know are insecure.
To make this secure, we apply a diffusion step to the S-box output to obfuscate the substitution.
Diffusion and P-Boxes
Diffusion means that influence of each plaintext bit is spread over many ciphertext bits. It works by reordering bits within a block according to a fixed permutation. Unlike S-boxes, which substitute values, permutations, called P-boxes, only reposition bits.
The purpose of diffusion is to hide the statistical relationship between the ciphertext and the plain text by, for example, making sure that any patterns in the plaintext do not show up in the ciphertext.
Diffusion means that if we change a single bit of the plaintext, then about half of the bits in the ciphertext should change, and similarly, if we change one bit of the ciphertext, then about half of the plaintext bits should change.
- Wikipedia
P-Box Table
For simplicity, let’s assume that we have a simple 4-bit block. We’ll define a permutation that maps each bit position in the input to a new position in the output.
| Input Bit Position | Output Bit Position |
|---|---|
| 0 | 2 |
| 1 | 3 |
| 2 | 1 |
| 3 | 0 |
This means that the bit in position 0 goes to position 2, the bit in position 1 goes to position 4, and so on.
Given a simple input like 1011, applying the P-Box reorders the bits,
giving 1101.
Substitution-Permutation Networks (SPN)
One of the most researched ways of encrypting data is by combining substitution and permutation operations in sequence to encrypt blocks of data. These sequences are called a substitution-permutation network (SPN). SPN algorithms operate over a number of rounds, where each round includes a layer of confusion (S-box) and diffusion (P-box) steps. Each round scrambles the input more thoroughly.
plaintext ->
confusion -> diffusion ->
... ->
confusion -> diffusion -> ciphertext
SPNs are particularly attractive in cryptographic design for practical reasons:
- They support efficient parallelization on both general-purpose CPUs and specialized hardware.
- They enable rigorous formal analysis by breaking down encryption into two manageable layers.
- They adapt well to resource-constrained environments where gate count, power, and latency are limiting factors.
The real-world impact of SPNs is extensive: AES, the de facto standard for symmetric encryption globally, is a textbook example of a high-throughput SPN optimized for software and hardware. Lightweight SPNs, such as those used in PRESENT or PRINCE, provide tailored tradeoffs between security and performance in embedded systems.
Stay tuned for more discussion of SPNs as we understand DES and AES block ciphers in upcoming articles.