Permutation box (P-box) in symmetric cryptography

A permutation box (P-box) is a reversible bit-permutation component used in block ciphers to spread input bits across outputs, increasing diffusion and complicating the plaintext–ciphertext relationship.

Overview

A permutation box, commonly called a P-box, is a deterministic mapping that reorders bits within a block of data. In symmetric cryptography it is paired with substitution components to create confusion and diffusion: P-boxes move bits to different positions so that a single input bit affects many outputs after several rounds. A P-box operates on individual bits rather than multi-bit symbols and is typically reversible so decryption can restore the original order.

Design and behavior

P-boxes are often used in combination with S-boxes. While S-boxes nonlinearly change bit patterns, P-boxes change their positions; together they make the relationship between plaintext and ciphertext hard to trace. This implements Claude Shannon's diffusion principle, spreading the influence of each input bit across many output bits to resist statistical attacks (diffusion).

Typical properties considered when designing a P-box include reversibility, balance (no output bit should be overly dependent on a small set of input bits), and compatibility with the cipher's word and round structure. P-boxes can be fixed, keyed, or generated by a permutation schedule.

Types: straight P-boxes (simple repositioning), expansion P-boxes (increase width by duplicating bits), and compression P-boxes (reduce width).
Level: bit-level permutations vs. byte- or word-level permutations.

Within many block ciphers, designers alternate substitution and permutation layers to build an overall substitution–permutation network (SPN) or use P-boxes inside Feistel rounds. Historically, classic ciphers such as DES used P-boxes to improve diffusion.

Because a P-box itself is linear and does not introduce nonlinearity, it must be combined with S-boxes or other nonlinear operations to resist linear and differential cryptanalysis. For further technical descriptions and examples see introductory resources and cipher specifications linked below.

Related topics and references: cryptography concepts, bit operations (bits), substitution boxes (S-boxes), diffusion theory (diffusion), block cipher design (block ciphers), plaintext/ciphertext relation (plaintext and ciphertext).