Construction of S-Box Based on Chaotic Map and Algebraic Structures

The Advanced Encryption Standard (AES) is widely used in different kinds of security applications. The substitution box (S-box) is the main component of many modern symmetric encryption ciphers that provides confusion between the secret key and ciphertext. The S-box component that is used in AES is fixed. If we construct this component dynamically, the encryption strength of AES would be greater than before. In this manuscript, we used chaotic logistic map, Mobius transformation and symmetric group S256 to construct S-box for AES. The idea behind the proposed work is to make supplementary safe S-box. The presented S-box is analyzed for the following analyses: linear approximation probability (LP), nonlinearity (NL), differential approximation probability (DP), strict avalanche criterion (SAC), and bit independence criterion (BIC). The analyses show that the proposed technique is useful in generating high resistance S-box to known attacks.


Introduction
The concept of substitution box (S-box) was first given by Claude Shannon in 1949 [1] after that this component got the attention of many researchers.The S-box has wide usage in secure communication, and it is the core component in popular block ciphers such as data encryption standard (DES), international data encryption algorithm (IDEA) and advanced encryption standard (AES) [2] etc.Most of the time, the strength of any cryptosystem [3][4][5][6][7][8] depends on the resistance of S-boxes against known attacks, which is why, to design a robust cipher, the synthesis of strong S-boxes is required.The strength of S-box [9][10][11][12][13][14] usually depends on some algebraic and statistical criteria, such as linear and differential analyses, strict avalanche criterion (SAC) to measure maximal confusion ability between key and cipher text, bit independence criteria to know the dependency of plaintext, and ciphertext bits.Linear and differential cryptanalysis shows that it is essential to propose dominant ciphers that can resist renown attacks.The AES is largely acknowledged as a valid cryptosystem.One of the vital components of AES is its S-box, which is constructed based on the inversion of GF(2 8 ) elements and an affine transformation.Due to AES popularity in the communication systems, S-box got more attention.
In the past 10 to 15 years, some cryptosystems have been constructed by chaotic maps [15][16][17][18][19][20][21] to provide more secure encryption techniques.The safety of secret data can be achieved using dynamical chaotic systems in chaos-based secure communication [22][23][24][25][26][27][28].The inclusion of chaotic maps in vulnerable schemes can make them more secure against renowned attacks.The pseudo random number generator for symmetric key encryption ciphers and one-way functions are two basic techniques for the execution of data protection.The ability of dynamical systems to induce nonlinearity can be used to synthesize S-boxes, and the analyses of these kinds of boxes were very good against different types of attacks.
The structure of the article is as follows: Section 2 presents the preliminaries.Section 3 consists of the construction methodology for proposed S-box.In Section 4, we presented the analysis to measure the resistance of the presented box against linear and differential types of attacks.Section 5 is the conclusion.

Preliminaries
The proposed work is based on the action of general linear group and chaotic logistic map.There are few works on the general linear group for the construction of S-boxes in the literature.In this section, we briefly present the basics of these two modules to be used later in the section for proposed S-box generation.

General Linear Group
The group that we will use is the action of projective linear group PGL(2, GF(2 8 )) on Galois field GF(2 8 ), and construct a nonlinear vector corresponding to a particular type of linear fractional transformation (180z + 144)/(83z + 4) with the condition that 180 × 4 − 144 × 83 = 0.

Logistic Map
The logistic map is a model of population growth given as [29]: where 0 < p < 4, y 0 ∈ [0, 1].Furthermore, the chaotic range for logistic map lies where p ∈ [3.6, 4].p is a positive constant and is known as biotic potential, which is responsible for the chaotic behavior.While it had proposed by John Von Neumann in 1947, there are two logistic map sequences which we are using in proposed work, with initial parameters as y 0 and y 1 with p 0 and p 1 .Chaos has several benefits when applied in secure communication.It has been shown that chaotic security algorithms have commended many advantages such as high security, speed, reasonable computational overheads, and computational power over the traditional algorithms.One of the most notable features is the sensitivity of the initial conditions.The values of the iterations are very sensitive and change significantly by a tiny change in the initial conditions of either p or y.
Figure 1 illustrates the idea of sensitivity of initial conditions.Figure 1a shows the values of the first 100 iterations against the initial parameters of p = 3.7 and y 0 = 0.5.Figure 1b shows the values of the 100 iterations generated after first 300 iterations against the initial parameters of p = 3.700000000 and y 0 = 0.5 in red color and the values of the 100 iterations generated after first 300 iterations against the initial parameters of p = 3.700000001 and y 0 = 0.5 in blue color.It can be seen that the two graphs are significantly different to each other despite a tiny difference in the initial condition of p.Similarly, Figure 1c shows the values of the 100 iterations generated after first 300 iterations against the initial parameters of p = 3.7 and y 0 = 0.50000000 in red color and the values of the 100 iterations generated after first 300 iterations against the initial parameters of p = 3.7 and y 0 = y 0 = 0.50000000 in blue color.It can be seen that the two graphs are significantly different to each other despite a tiny difference in the initial condition of y 0 .

Propose S-Box
We have divided the proposed algorithm for the construction of S-box into three steps, we shall construct the initial row vector with the help of linear fractional group technique for the construction of nonlinear vector; this is explained earlier.In step 2, we shall construct the intermediate S-box with the help of initial vector of step 1 and chaotic logistic map of Equation (3).In step 3, we shall take the output of step 2 as a seed and will apply a particular permutation of S 256 on it to get S-box with desire properties.The illustration of the proposed generation of S-box and explanation of steps is as follows:

Step 1: Application of General Linear Group
In first step we are going to apply the action of projective linear group PGL(2, GF(2 8 )) on Galois field GF(2 8 ) as mentioned earlier.The methodology is explained in Table 1 and Galois field element representation corresponding to a particular primitive irreducible polynomial can also be shown.The output of this first step in form of 16 × 16 S-box is shown in Table 2.
Table 1.Construction of S-box using fractional transformation.
Here We Are Taking ζ i i and ζ j j from Table 2 S-Box Elements The purpose of step 1 is to destroy the linear structure of Galois field GF(2 8 ), because GF(2 8 ) is basically a cyclic group and it is very easy to generate all its elements with the help of root of primitive irreducible polynomial of degree 8.The process of cyclic generation of Galois field elements is a linear operation.We have made this operation nonlinear with the help of linear fractional transformation.A minimum requirement to make a linear operation into nonlinear operation is affine transformation but here we are going beyond this because affine transformation is a particular case of linear fractional transformation.In Figure 2, we have shown the nonlinearity of the initial vector and compared it with a linear initial vector.It can be seen that red line presents a linear vector from 0 to 255 and green line shows that nonlinear vector of step 1, which we shall use for the construction of S-box.This nonlinearity of the initial vector will play an important role in improving the confusion creating capacity of the proposed S-box.

Step 2: Applying Logistic Chaotic Map
In this step, we need the following stuff: (a) Initial vector of step 1 as a basic seed, which is shown in Table 2. Let the initial seed be represented as K with size 1 × 256.
(b) Define the two chaotic logistic map sequences as defined in Equation ( 3) with appropriate initial conditions.
(c) Initial parameters for first logistic map are as follows p = 3.99234589 and y 0 = 0.5.The first logistic map sequence is represented as f 1 .The length of this sequence is 256.
(d) Initial parameters for second logistic map are as follows p = 3.99777777 and y 0 = 0.6.The second logistic map sequence is represented as y.The length of this sequence is also 256.
(e) Define f 2 = y 155 , that is f 2 has a single value of second chaotic sequence which is placed at 155th position.
(f) Define a function pos_min as shown in Algorithm 1.It consists of two steps; in step 1, "ones(1,256)" will give us a row vector with 256 values, all with a value of f 2 .In step 2, the position at where the minimum difference lies will be set as an output.
(g) Use the initial seed of S-box generated with the help of general linear group shown in Table 2 and the logistic map, we will get the vector K 1 .The whole process of getting the output of this step is depicted in Algorithm 2 and the output of this step is shown in Table 3.
Algorithm 1 To find the positions at where the minimum difference lies Inputs: Two distinct logistic chaotic map sequences, f 1 , y and f 2 .Output: Position location, pos_min.
To generate S-box with the input seeds of logistic map and general linear group Inputs: Initial vector K of Table 1 (which is a substitution box), functions for logistic map and pos_min.Outputs: Substitution box, K 1 .

Analyses for Evaluating the Strength of S-Box
In the analyses section we shall determine the cryptographic strength of the propose S-box with some suitable measures.To find the S-box with fitting confusion creating strength many standard evaluating analyses are presented in literature such as DP, SAC, BIC, Nonlinearity, and LP.We shall also use these criteria to test the security of proposed S-box.2) be an n Boolean function, the nonlinearity of f (x) can take the form,

Nonlinearity
where, L n is a set of the whole linear and affine functions, d H ( f , l) denotes the Hamming distance between f and l.
The nonlinearity denoted by the Walsh spectrum can take the form, The cyclic spectrum of the function f (x) is, where, ω ∈ GF(2 n ), and x.ω denotes the dot product of x and w.The larger the nonlinearity N f of the function f , the stronger the ability of its resistance to the linear attacks, and vice versa.
The results of nonlinearity of proposed algorithm are shown in Table 6, with the help of these results we can say that the nonlinearity of the nonlinear values of the substitution box created by the chaos-based scheme shaped in the reading are 112,112,112,112,112,112,112,112.Nonlinearity average value, minimum value and maximum value are 112, 112, and 112, respectively.

Strict Avalanche Criterion
SAC describes a fact that when one bit in the input of Boolean function changes, the changing probability of every bit in its output is 1/2.In practical application, a correlation matrix, the construction method is always constructed to test the SAC property of the Boolean function.The results of SAC are shown in Table 7.In Table 7, we have shown the eight different Boolean functions corresponding to S-box.It can be observed that the values are approximately equal to 0.5, which is very good for cryptographic uncertainty.Therefore, the proposed nonlinear component satisfies this criterion with approximately optimal values.

Bit Independent Criterion
Given a Boolean function f j , f k is a two bits output of an S-box, if f j ⊕ f k is highly nonlinear and meets the SAC, the correlation coefficient of each output bit pair may be close to 0 when one input bit is inversed.Thus, we can check the BIC of the S-box by verifying whether f j ⊕ f k (j = k) of any two output bits of the S-box meets the nonlinearity and SAC.According to the description of BIC, an 8 × 8 S-box produced by our procedure is checked.The results show the exclusive-or sum of all pairs of output bits of this S-box is highly nonlinear and approximately fulfill SAC.
In Table 8, we have shown the results of bit independence criterion (BIC) for SAC.This analysis is very important to know the confusion strength of any nonlinear algorithm.The requirement of this analysis is that all values should be approximately equal to 0.5, and it can be observed that the whole table is between 0.490234 and 0.525391.It means our S-box fulfills this criterion with very close readings.
In Table 9, we presented the BIC for nonlinearity for proposed box.It can be observed that all the values are 112 which is maximum possible nonlinearity for a secure S-box.

Differential Approximation Probability
The Differential approximation probability DP f can reflect the XOR distribution of the input and output of the Boolean function, i.e., the maximum likelihood of outputting ∆y , when the input is ∆x, where, X denotes a set of all possible inputs, 2 n is the number of elements in the set.
The smaller the DP f , the stronger the ability of the S-box for fighting against differential cryptanalysis attacks, and vice versa.In Table 10, the results of differential approximation probabilities are presented.It can be observed that all the values are 0.015625 and same which is equal to AES S-box strength, this shows that our S-box is good against the differential type of attacks.

Linear Approximation Probability
Given two randomly selected masks Γx and Γy , we used Γx to calculate the mask of all possible values of an input x, and use Γy to calculate the mask of the output values S(x) of the corresponding S-box.After masking the input and the output values, and the maximum number of the same results is called the maximum linear approximation that can be computed by the following equation: {x|x.Γx = S(x).Γy} where, Γx and Γy are the mask values of the input and output, respectively, X is a set of all possible input values of x, the elements of which is 2 n .The smaller the LP, the stronger the ability of the S-box for fighting against linear cryptanalysis attacks, vise-versa.

Conclusions
In this manuscript, we have shown the usage of logistic chaotic map, symmetric group of permutation and projective general linear group action to get high-quality S-box for encryption algorithms.The method presented assurances the success of the SAC, nonlinearity, BIC with an optimal reading and at the same time guarantying an extremely good differential and linear probability.In Table 11, it can be seen that strength of proposed S-box is comparable with well-known prevailing S-boxes.So, one can use the proposed S-box for secure communication in any block cipher encryption algorithm.Moreover, the proposed method can construct 256! S-boxes based on the permutation of S 256 .The S-box which we have constructed in this paper is an example and a member of combination of eight output bits of AES S-box.

Figure 1 .
Figure 1.Illustration of sensitivity to initial conditions of logistic map.(a) values of the first 100 iterations against the initial parameters of p = 3.7 and y 0 = 0.5, (b) comparison between the iteration values generated from two slightly different initial conditions of p, (c) comparison between the iteration values generated from two slightly different initial conditions of y 0 .

Figure 2 .
Figure 2. Uncertainty of the initial vector.

Table 2 .
Initial vector corresponding to a = 183, b = 144, c = 83 and d = 4 of Mobius transformation in matrix form.

Table 4 .
Particular permutation µ of symmetric group of permutation S 256 .

Table 5 .
The proposed S-box.

Table 6 .
Nonlinearity of proposed S-box.

Table 7 .
SAC of proposed S-box.

Table 8 .
Bit independence criterion for SAC.

Table 9 .
Bit independence criterion for nonlinearity.

Table 10 .
Differential approximation probability of proposed S-box.

Table 11 .
Comparison of the chaotic and non-chaotic S-boxes with proposed S-box.