The base-10 logarithm of the ratio of two power values (which is also the same as the difference between the log of each power value). The basis for the more-common term decibel: One bel equals 10 decibels. Bent Function A bent function is a Boolean function whose fast Walsh transform has the same absolute value in each term (except, possibly, the zeroth). This means that the bent function has the same distance from every possible affine Boolean function. We can do FWT's in "the bottom panel" at the end of Active Boolean Function Nonlinearity Measurement in JavaScript page of the Ciphers By Ritter / JavaScript computation pages. Here is every bent sequence of length 4, first in {0,1} notation, then in {1,- 1} notation, with their FWT results: bent {0,1} FWT bent {1,-1} FWT 0 0 0 1 1 -1 -1 1 1 1 1 -1 2 2 2 -2 0 0 1 0 1 1 -1 -1 1 1 -1 1 2 -2 2 2 0 1 0 0 1 -1 1 -1 1 -1 1 1 2 2 -2 2 1 0 0 0 1 1 1 1 -1 1 1 1 2 -2 -2 -2 1 1 1 0 3 1 1 -1 -1 -1 -1 1 -2 -2 -2 2 1 1 0 1 3 -1 1 1 -1 -1 1 -1 -2 2 -2 2 1 0 1 1 3 1 -1 1 -1 1 -1 -1 -2 -2 2 -2 0 1 1 1 3 -1 -1 -1 1 -1 -1 -1 -2 2 2 2 These sequences, like all true bent sequences, are not balanced, and the zeroth element of the {0,1} FWT is the number of 1's in the sequence. Here are some bent sequences of length 16: bent {0,1} 0 1 0 0 0 1 0 0 1 1 0 1 0 0 1 0 FWT 6,-2,2,-2,2,-2,2,2,-2,-2,2,-2,-2,2,-2,-2 bent {1,-1} 1 -1 1 1 1 -1 1 1 -1 -1 1 -1 1 1 -1 1 FWT 4,4,-4,4,-4,4,-4,-4,4,4,-4,4,4,-4,4,4 bent {0,1} 0 0 1 0 0 1 0 0 1 0 0 0 1 1 1 0 FWT 6,2,2,-2,-2,2,-2,2,-2,-2,-2,-2,2,2,-2,-2 bent {1,-1} 1 1 -1 1 1 -1 1 1 -1 1 1 1 -1 -1 -1 1 FWT 4,-4,-4,4,4,-4,4,-4,4,4,4,4,-4,-4,4,4 Bent sequences are said to have the highest possible uniform nonlinearity. But, to put this in perspective, recall that we expect a random sequence of 16 bits to have 8 bits different from any particular sequence, linear or otherwise. That is also the maximum possible nonlinearity, and here we actually get a nonlinearity of 6. There are various more or less complex constructions for these sequences. In most cryptographic uses, bent sequences are modified slightly to achieve balance. Bernoulli Trials In statistics, observations or sampling with replacement which has exactly two possible outcomes, typically called "success" and "failure." Bernoulli trials have these characteristics:  Each trial is independent,  Each outcome is determined only by chance, and  The probability of success is fixed. Bernoulli trials have a Binomial distribution. Bijective A mapping f: X -> Y which is both one-to-one and onto. For each unique x in X there is corresponding unique y in Y. An invertible mapping function. Binary From the Latin for "dual" or "pair." Dominantly used to indicate "base 2": The numerical representation in which each digit has an alphabet of only two symbols: 0 and 1. This is just one particular coding or representation of a value which might otherwise be represented (with the exact same value) as octal (base 8), decimal (base 10), or hexadecimal (base 16). Also see bit and Boolean. Possibly also the confusing counterpart to unary when describing the number of inputs or arguments to a function, but dyadic is almost certainly a better choice. Binomial Distribution In statistics, the probability of finding exactly k successes in n independent Bernoulli trials, when each trial has success probability p: n k n-k P(k,n,p) = ( ) p (1-p) k This ideal distribution is produced by evaluating the probability function for all possible k, from 0 to n. If we have an experiment which we think should produce a binomial distribution, and then repeatedly and systematically find very improbable test values, we may choose to reject the null hypothesis that the experimental distribution is in fact binomial. Also see the binomial section of the Ciphers By Ritter / JavaScript computation pages. Birthday Attack A form of attack in which it is necessary to obtain two identical values from a large population. The "birthday" part is the realization that it is far easier to find an arbitrary matching pair than to match any particular value. Often a hash attack. Also see: birthday paradox. Birthday Paradox The apparent paradox that, in a schoolroom of only 23 students, there is a 50 percent probability that at least two will have the same birthday. The "paradox" is that we have an even chance of success with at most 23 different days represented. The "paradox" is resolved by noting that we have a 1/365 chance of success for each possible pairing of students, and there are 253 possible pairs or combinations of 23 things taken 2 at a time. (To count the number of pairs, we can choose any of the 23 students as part of the pair, then any of the 22 remaining students as the other part. But this counts each pair twice, so we have 23 * 22 / 2 = 253 different pairs.) We can compute the overall probability of success from the probability of failure (1 - 1/365 = 0.99726) multiplied by itself for each pair. The overall probability of failure is thus 0.99726 253 (0.99726 to the 253rd power) or 0.4995. So the success probability for 253 pairs is 0.5005. We can relate the probability of finding at least one "double" of some birthday (Pd) to the expected number of doubles (Ed) as: Pd = 1 - e -Ed , so Ed = -Ln( 1 - Pd ) and 365 * -Ln( 0.5 ) = 365 * 0.693 = 253 . Also see: Estimating Population from Repetitions in Accumulated Random Samples, my "birthday" article. Bit A contraction of "binary digit." The smallest possible unit of information. A Boolean value: True or False; Yes or No; one or zero; Set or Cleared. Virtually all information to be communicated or stored digitally is coded in some way which fundamentally relies on individual bits. Alphabetic characters are often stored in eight bits, which is a byte. Block Some amount of data treated as a single unit. For example, the DES block cipher has a 64-bit block. So DES ciphers 64 bits (8 bytes or typically 8 ASCII characters) at once. A 64-bit block supports 2 64 or about 1.8 x 10 19 block values or code values. Each different permutation of those values can be considered a complete code. A block cipher has the ability to select from among many such codes using a key. It is not normally possible to block-cipher just a single bit or a single byte of a block. An arbitrary stream of data can always be partitioned into one or more fixed-size blocks, but it is likely that at least one block will not be completely filled. Using fixed-size blocks generally means that the associated system must support data expansion in enciphering, if only by one block. Handling even minimal data expansion may be difficult in some systems. Block Cipher A cipher which requires the accumulation of data (in a block) before ciphering can complete. Other than simple transposition ciphers, this seems to be the province of ciphers designed to emulate a keyed simple substitution with a table of size far too large to realize. A block cipher operates on a block of data (for example, multiple bytes) in a single ciphering, as opposed to a stream cipher, which operates on bytes or bits as they occur. Block ciphers can be called "codebook-style" ciphers. Also see Variable Size Block Cipher. A block cipher is a transformation between plaintext block values and ciphertext block values, and is thus an emulated simple substitution on huge block-wide values. Within a particular block size, both plaintext and ciphertext have the same set of possible values, and when the ciphertext values have the same ordering as the plaintext, ciphering is obviously ineffective. So effective ciphering depends upon re-arranging the ciphertext values from the plaintext ordering, and this is a permutation of the plaintext values. A block cipher is keyed by constructing a particular permutation of ciphertext values. Block Cipher Data Diffusion In an ideal block cipher, changing even a single bit of the input block will change all bits of the ciphertext result, each with independent probability 0.5. This means that about half of the bits in the output will change for any different input block, even for differences of just one bit. This is overall diffusion and is present in a block cipher, but not in a stream cipher. Data diffusion is a simple consequence of the keyed invertible simple substitution nature of the ideal block cipher. Improper diffusion of data throughout a block cipher can have serious strength implications. One of the functions of data diffusion is to hide the different effects of different internal components. If these effects are not in fact hidden, it may be possible to attack each component separately, and break the whole cipher fairly easily. Partitioning Messages into Fixed Size Blocks A large message can be ciphered by partitioning the plaintext into blocks of a size which can be ciphered. This essentially creates a stream meta-cipher which repeatedly uses the same block cipher transformation. Of course, it is also possible to re-key the block cipher for each and every block ciphered, but this is usually expensive in terms of computation and normally unnecessary. . a large population. The "birthday" part is the realization that it is far easier to find an arbitrary matching pair than to match any particular value. Often a hash attack. Also. the number of pairs, we can choose any of the 23 students as part of the pair, then any of the 22 remaining students as the other part. But this counts each pair twice, so we have 23 * 22 /. separately, and break the whole cipher fairly easily. Partitioning Messages into Fixed Size Blocks A large message can be ciphered by partitioning the plaintext into blocks of a size which