In cryptography, decorrelation theory is a system developed by Serge Vaudenay in 1998[1] for designing block ciphers to be provably secure against differential cryptanalysis, linear cryptanalysis,[2] and even undiscovered cryptanalytic attacks meeting certain broad criteria. Ciphers designed using these principles include COCONUT98 and the AES candidate DFC, both of which have been shown to be vulnerable to some forms of cryptanalysis not covered by the theory.
According to Vaudenay, the decorrelation theory has four tasks: 1) the definition of a measurement for the decorrelation, which usually relies on a matrix norm; 2) the construction of simple primitive or "decorrelation module" with a quite good decorrelation; 3) the construction of cryptographic algorithms with decorrelation modules so that the primitive can be inherited by the algorithm; and, 4) proving that the decorrelation provides security against attacks.[3]