||This article includes a list of references, but its sources remain unclear because it has insufficient inline citations. (July 2009)|
In cryptography, the avalanche effect refers to a desirable property of cryptographic algorithms, typically block ciphers and cryptographic hash functions. The avalanche effect is evident if, when an input is changed slightly (for example, flipping a single bit) the output changes significantly (e.g., half the output bits flip). In the case of quality block ciphers, such a small change in either the key or the plaintext should cause a drastic change in the ciphertext. The actual term was first used by Horst Feistel, although the concept dates back to at least Shannon's diffusion.
If a block cipher or cryptographic hash function does not exhibit the avalanche effect to a significant degree, then it has poor randomization, and thus a cryptanalyst can make predictions about the input, being given only the output. This may be sufficient to partially or completely break the algorithm. Thus, the avalanche effect is a desirable condition from the point of view of the designer of the cryptographic algorithm or device.
Constructing a cipher or hash to exhibit a substantial avalanche effect is one of the primary design objectives. This is why most block ciphers are product ciphers. It is also why hash functions have large data blocks. Both of these features allow small changes to propagate rapidly through iterations of the algorithm, such that every bit of the output should depend on every bit of the input before the algorithm terminates.
Strict avalanche criterion 
The strict avalanche criterion (SAC) is a generalization of the avalanche effect. It is satisfied if, whenever a single input bit is complemented, each of the output bits changes with a 50% probability. The SAC builds on the concepts of completeness and avalanche and was introduced by Webster and Tavares in 1985.
Bit independence criterion 
The bit independence criterion (BIC) states that output bits j and k should change independently when any single input bit i is inverted, for all i, j and k.
See also 
- Feistel, Horst (1973). "Cryptography and Computer Privacy". Scientific American 228 (5).
- Webster, A. F.; Tavares, Stafford E. (1985). "On the design of S-boxes". Advances in Cryptology - Crypto '85. Lecture Notes in Computer Science 218. New York, NY,: Springer-Verlag New York, Inc. pp. 523–534. ISBN 0-387-16463-4.