An Innovative Design of Substitution-Boxes Using Cubic Polynomial Mapping

: In this paper, we propose to present a novel technique for designing cryptographically strong substitution-boxes using cubic polynomial mapping. The proposed cubic polynomial mapping is proﬁcient to map the input sequence to a strong 8 × 8 S-box meeting the requirements of a bijective function. The use of cubic polynomial maintains the simplicity of S-box construction method and found consistent when compared with other existing S-box techniques used to construct S-boxes. An example proposed S-box is obtained which is analytically evaluated using standard performance criteria including nonlinearity, bijection, bit independence, strict avalanche effect, linear approximation probability, and differential uniformity. The performance results are equated with some recently scrutinized S-boxes to ascertain its cryptographic forte. The critical analyses endorse that the proposed S-box construction technique is considerably innovative and effective to generate cryptographic strong substitution-boxes.


Introduction
Recent technological innovations and their fruitful usage in real life have resulted in an immense growth in the volume of data being communicated. The sensitive nature of data demands for techniques to be developed and measures to protect from misuse. Before transmission, a user's data must be transformed in such a form that is meaningless to an attacker. Symmetric block ciphers are among the most widely used techniques to fulfill this purpose due to the easy implementation and being the providers of much needed cryptographic strength [1,2]. One popular type of block cipher uses substitution and permutation operations. This type of block cipher transforms an input block of data (plaintext) into a meaningless output block (ciphertext) by using a symmetric key and different number of rounds. Generally, each round performs substitution and permutation processes on the input block of data. A substitution process replaces an input block with another output block using substitution box (S-box) [3]. Advanced Encryption Standard (AES), as an example, is most commonly used symmetric block cipher.
An S-box is a decisive component of recent block ciphers and generates a scrambled ciphertext from the given plaintext. An S-box, being the only nonlinear constituent of modern block ciphers, offers a complex relationship between the plaintext and the ciphertext. This relation is called confusion [4]. Whatever security a block cipher provides is reliant on the confusion in the ciphertext created by an S-box. As a result, many researchers are designing novel S-boxes and evaluating the strength of their respective S-boxes against some typical benchmarks such as bijective-ness, strict avalanche criterion (SAC), nonlinearity, bit independence criterion (BIC), linear and differential probabilities, etc. In [5][6][7], a number of properties have been suggested to be existent in an S-box to be able to resist various cryptanalytic attacks. An S-box possessing most of these properties provides more security.
The organization of the rest of the paper is as follows. Section 2 offers the design of the proposed S-Box. Performance analysis of the proposed S-Box against cryptographic landscapes is conferred in Section 3 and a comparison is made with some recently designed S-boxes. Section 4 completes the research paper with conclusions.

Proposed Substitution-Box Design
Most of the symmetric block ciphers use one or more S-boxes for substitution purpose to bring in the sufficient confusion. An S-box provides the confusion facility between the plaintext and the ciphertext through a nonlinear mapping. The researchers have comprehensively explored such nonlinear mappings to construct S-boxes having different cryptographic strength. However, the process of S-Box construction using these techniques is very complex and inefficient.

Performance Results
In this section, we investigate our novel technique and proposed S-box given in Table 1 for broadly established standard S-box performance benchmarks to measure its cryptographic strength.

Bijectiveness
For two sets X and Y, a function f: X → Y is bijective if and only if it is one-to-one and onto simultaneously. One-to-one mapping requires that each element of set X is matching with just one element of set Y. Onto mapping requires that each element of set Y has distinct pre-image in set X. CPM function C: N → N is bijective as it produces distinct output values for distinct input values having image(C) = N and pre-image(C) = N, where N = {0, 1, . . . , 254, 255}.

Strict Avalanche Criterion (SAC)
The SAC criterion [52,53] is an imperative feature for any cryptographic S-box which states that if a single bit is changed in the input, this change should modify half of the output bits. An S-box having a value of SAC closer to 0.5 has decent uncertainty. Dependency matrix providing the SAC values of proposed S-box is given in Table 2. It is evident from Table 2 that the average SAC value of the S-Box is equal to 0.5. This SAC value is an indication that the proposed S-box gratifies SAC property in a respectable manner.

Nonlinearity
If an S-box is designed in such a way that it has linear mapping between the plaintext and the ciphertext, it becomes easy to launch a linear cryptanalysis attack on the ciphertext to get the original plaintext. To resist this attack, an S-box must be designed with high nonlinear mapping between its input and output. Equation (3) is used to calculate the nonlinearity of an n-bit Boolean function b(k) as: where, WS b (h) = Walsh spectrum of function b, and it is calculated as: where, h ∈ {0, 1} n and k.h denotes the dot product of k and h, calculated as: The nonlinearity values of our S-box are 106, 104, 106, 108, 108, 106, 108, and 108 with minimum of 104, maximum of 108, and average of 106.8. The nonlinearities of all eight constituent Boolean functions are also provided in Table 3. In Table 4, we make a comparison of proposed S-box and other recent S-boxes with respect to nonlinearity metric. It can be seen that proposed S-box has the right competence to insipid the linearity and thus the linear cryptanalysis is an uphill task for the attacker.

Bit Independence Criterion (BIC)
According to this criterion [52,53], the inversion of an input bit p modifies output bits q and r without any dependence on each other. An S-box that makes the output bits independent of each other strengthens the security. If an S-box fulfills BIC property, all the constituent Boolean functions of that S-Box own high nonlinearity and also meet SAC very well. Tables 5 and 6 exhibit the nonlinearity and SAC values for constituent Boolean functions of the proposed S-Box.   [53], if an S-box exhibit nonlinearity and SAC, it fulfills BIC. The obtained scores of 103.9 and 0.5 for proposed S-box clearly indicate an extremely weak linear association among the output bits and thus fully validate BIC of our S-box.

Linear Probability
The cryptologist of modern block ciphers tries to create ample confusion and diffusion of bits to secure the data against cryptanalytic efforts. Strong S-boxes help in achieving these requirements through nonlinear mapping between input and output. An S-box having low linear probability (LP) indicates higher nonlinear mapping and provides resistance against the linear cryptanalysis. Mathematically, Equation (4) is used to calculate the linear probability of an S-box: where, α z and β z are the corresponding input and output masks and N = {0,1, . . . , 255}. Maximum value of LP of our S-box is only 0.140, and thus provides good resistance against linear cryptanalysis.

Differential Probability
Differential cryptanalysis is considered as a useful tool to grasp the original plaintext. During this effort, variances in the plaintext and the ciphertext are found. The coupling of these variances assists the attackers to attain some part of the key. A low value of differential probability helps in resisting this attack. Differential probability (DP) is calculated as: where, ∆z and ∆y are corresponding input and output differentials. An S-box with smaller differentials is sturdier to deter differential cryptanalysis. Table 7 shows that the proposed S-box has value of differential probability as 0.054. This small value indicates that the proposed S-Box provides respectable resistance to differential cryptanalytic efforts.

Performance Comparison
Using cryptographic features, a performance comparison of proposed S-box and other S-boxes is given in Table 7. Our verdicts are given below:

•
Our S-box has average value of nonlinearity greater than the other S-boxes in Table 7. As a result, proposed S-box provides good resistance against linear cryptanalysis. • Table 7 validates that SAC value (0.507) of proposed S-box is very near to ideal value of SAC (0.5). We can say that our S-box is gratifying SAC in a respectable manner. • It can be observed from Tables 5-7 that the BIC value of the proposed S-box is quite good ensuing gratification of the BIC test. • Differential probability value of proposed S-box is just 0.054. This small value of DP reveals the cryptographic strength of our S-box. • Proposed S-Box has LP value equal to 0.140. This small value guarantees that our S-box has the potential to confront the linear cryptanalysis.

Conclusions
In this paper, using a new nonlinear mapping (cubic polynomial mapping), we have suggested an innovative and simple method to design efficient S-Boxes. Then the proposed S-Box is tested for cryptographic strength using different standard benchmarks. The analysis results are in harmony with the related S-boxes to justify our method. Recital of our S-Box sounds good when we compare it with topical S-boxes. The promising scores of BIC, nonlinearity, SAC, and other criteria of our S-Box reflect its potential candidature for future block ciphers. It is worth declaring that our proposed method is the pioneer one to explore the cubic polynomial mapping for S-Box design. One can expect the emergence of stronger S-boxes for secure transmission of data using cubic polynomial mapping in real life.
Author Contributions: All the authors collaborated in this research work in all aspects.
Funding: This research received no external funding.

Conflicts of Interest:
The authors declare no conflict of interest.