Next Article in Journal
Hybrid Cuckoo Search for the Capacitated Vehicle Routing Problem
Previous Article in Journal
Split Common Coincidence Point Problem: A Formulation Applicable to (Bio)Physically-Based Inverse Planning Optimization
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A New S-Box Generation Method and Advanced Design Based on Combined Chaotic System

1
School of Computer Science and Technology, Harbin Institute of Technology, Weihai 264209, China
2
School of Information, Harbin Institute of Technology, Weihai 264209, China
*
Authors to whom correspondence should be addressed.
Symmetry 2020, 12(12), 2087; https://doi.org/10.3390/sym12122087
Submission received: 5 November 2020 / Revised: 10 December 2020 / Accepted: 11 December 2020 / Published: 15 December 2020
(This article belongs to the Section Computer)

Abstract

:
The construction of substitute box (S-box) has always been an important research direction in cryptography. This paper proposes a new S-box generation method and advanced design based on combined chaotic system. Firstly, our paper proposes a new combined chaotic system and analyze its dynamic behavior. Next, we construct S-box by combining the generated pseudo-random sequence with the linear congruence random number generator, and the standard mapping is introduced to scramble the initial S-box. Then, the S-box optimization method based on advanced genetic algorithm is proposed in this paper. We design adaptive of S-box coding, selection operator, crossover operator and mutation operator to avoid the shortcomings of low calculation efficiency and non-convergence of optimization results in traditional genetic algorithm. Finally, through a lot of security analysis experiments and comparison with other papers, the optimized S-box has better cryptography characteristics and can resist linear attacks and differential attacks.

1. Introduction

Cryptographic algorithms are widely used in many fields, which can transmit important personal data through remote channels in computer and communication technology. In general, symmetric and asymmetric are two basic system of cryptographic. Symmetric cipher is also known as private key cryptography, asymmetric cipher is known as public key cryptography. They have their own advantages: symmetric cipher is faster, while asymmetric cipher is more secure.
In addition, block cipher is one class in cryptographic, substitute box (S-box) is the only non-linear component in block cipher, which plays an important role in the security of encryption algorithm. Therefore, how to build a strong S-box has become the attention issue. Chaotic system refers to the existence of seemingly random irregular motion in a deterministic system. Its behavior is characterized by uncertainty, unrepeatability and unpredictability. According to its characteristics, it is very suitable for building S-boxes.
Aim to distinguish the performance of S-box, there are some criteria to estimate whether S-box is strong or not, such as linear approximation probability, the output bits independence criterion, equiprobable input/output XOR distribution, the strict avalanche criterion (SAC), nonlinear criterion [1]. The evaluation criteria are specific, so we can optimize the S-box by optimizing these values, there are many optimization algorithms, such as simulated annealing algorithm [2], ant colony algorithm [3], genetic algorithm [4], particle swarm optimization algorithm [5]. Among them, genetic algorithm has been widely used because of its convenience, it is suitable to be used to optimize S-box, because we can regard multiple S-boxes as input individuals of genetic algorithm.
The purpose of our study was not to focus on how to design cryptographic algorithm, we aimed to propose the method to construct and optimize the S-box. One advantage of our study is that the criteria can reflect the performance of S-box, another advantage is that the optimization S-box can be applied in any block cipher algorithms. The main contributions are as follows:
  • Our paper proposes a new combined chaotic system and analyzes its dynamic behavior.
  • We construct S-Box by combining the generated pseudo-random sequence with the linear congruence random number generator, and the standard mapping is introduced to scramble the initial S-box.
  • The S-box optimization method based on advanced genetic algorithm is proposed in this paper.
  • Through a lot of security analysis experiment and comparison with other papers, the optimized S-box has better cryptography characteristics and can resist linear attacks and differential attacks.
Therefore, this paper proposes a new combined chaotic system and the S-boxes construction method. We design self-adaptive processing of multiple operators in general genetic algorithm to optimize performances of the S-boxes. Through a lot of security analysis experiments and comparison with other papers, the optimized S-box has better cryptography characteristics and can resist linear attacks and differential attacks.
The remaining part of this paper is organized as follows. In Section 2, we have listed some review related to construction and optimization of S-box. The new combined chaotic system is proposed in Section 3, and analyzes its dynamic behavior. Section 4 introduces the method of S-box generation based on combined chaotic system. In Section 5, we propose an advanced genetic algorithm to optimize the S-Box. In Section 6, we evaluate the proposed S-box by a lot of security analysis experiments and comparison with other papers. In Section 7, we have a comprehensive analysis of the advantage of the proposed method. Finally, we present the conclusion in Section 8.

2. Related Work

2.1. Review of S-Box

In recent years, many methods of S-box construction have been proposed. Tian [6] designed a chaotic S-box based on the intertwining logistic map and bacterial foraging optimization. Ahmed [7] proposed an S-box using Gaussian distribution and linear fractional transform based on the BoxMuller transform, polarization decision and central limit algorithm. Khan [8] proposed a systematic design methodology to generate a chaotic S-box using difference distribution table. Isa [9] proposed a heuristic method called the bee waggle dance for designing of S-box. Rafip [10] proposed an innovative scheme of S-box based on the action of projective linear groups on the projective line and the permutation triangle groups. Ahmad [11] proposed an S-box based on artificial bee colony optimization and the chaotic map. Grosso [12] proposed an innovative design of S-boxes using cubic polynomial mapping. Shahzad [13] proposed a method for obtaining random bijective S-boxes based on improved one-dimensional discrete chaotic map. Khan [7] proposed an S-box construction algorithm based on Gaussian distribution, linear fractional transformation and center restriction algorithm; Asif [8] proposed an S-box construction algorithm based on differential distribution table; Ullah [14] proposed an S-box construction algorithm based on box linear fractional transformation of chaotic system; Belazi and El-Latif [15] proposed a simple S-box generation algorithm based on sine chaotic map. Khan [7] proposed an S-box using Gaussian distribution and linear fractional transform, which is constructed by employing a linear fractional transform based on the BoxâASMuller transform, polarization decision and central limit algorithm. Rafifiq [10] developed an innovative scheme of S-box based on the action of projective linear groups on the projective line, and the permutation triangle groups. Zahid [12] proposed an innovative design of S-boxes using cubic polynomial mapping, the use of cubic polynomial maintains the simplicity of the S-box construction method.

2.2. Review of Genetic Algorithm

The linear probability (LP) and differential probability (DP) of the normal method are not good, and the ability to resist linear and differential attacks is not ideal. In addition, many scholars turned their attention to some mathematical intelligent algorithms. For example, Guesmi et al. [16] proposed an S-box optimization method based on genetic algorithm, and optimized the generated S-box with nonlinearity as the fitness value; Ilvanov et al. [17] proposed an S-box construction and optimization algorithm based on the genetic algorithm of reverse work, which can quickly generate multi-dimensional bijective S-boxes. Wang et al. [18] proposed an 8 × 8 S-box design scheme based on chaos mapping and genetic algorithm, which turned the construction of S-boxes into a traveling salesman problem. Through this method makes full use of the characteristics of chaotic mapping and evolution process, a better performance S-box is obtained. However, there are some problems in the application of this genetic algorithm, such as the low efficiency of calculation and the non-convergence of optimization results, which lead to the low performance of the optimized S-boxes.

3. Chaotic System Analysis

There are two one-dimensional chaotic maps. Equation (1) is called as logistic map, where xn−1 is a state variable, k ∈ (0, 4] is a control parameter and n is the number of iterations. The bifurcation diagram and Lyapunov exponent of Equation (1) are shown in Figure 1a,b. Sine map is showed as Equation (2). k ∈ (0, 4] is a control parameter, The bifurcation diagram and Lyapunov exponent of Equation (1) are shown in Figure 1c,d. We can find that the ergodicity is not good and there exist some periodic windows of logistic map and sine map, their Lyapunov exponent are low, none of them is more than 1, which shows that the above two chaotic systems are defective and chaotic dynamic behavior can be improved.
y = k x n 1 ( 1 x n 1 )
y = k sin ( π x n 1 )
Enhance the ergodicity, randomness and enlarge the key space to make it suitable for cryptography. Then, this paper constructed the combined chaotic system based on Equations (1) and (2):
x n = { k cos ( 1 a r c cos ( x n 1 ) t ) , x > π 4 k π sin ( π   x n 1 t ) , x < = π 4
where 0 < k ≤ 4, the following is the dynamic behavior analysis of the combined chaotic system, mainly analyzing the following performance characteristics: Lyapunov exponent, bifurcation diagram, sequence uniformity and initial value sensitivity.
  • Lyapunov exponent of the combined chaotic system
Lyapunov exponent describes the chaotic system quantitatively. For one-dimensional chaos, as long as one positive Lyapunov exponent of the chaotic system means that the system is chaotic. Lyapunov exponent is denoted as following Equation (4):
L E = lim n 1 n ln | d F ( x ) d ( x ) | x = x i
where F(x) is the chaotic system. LE is the Lyapunov exponent, it represents the exponent of the exponential separation caused by each iteration in multiple iterations.
As illustrated in Figure 1, the Lyapunov exponents of the system are all positive in the parameter space, and the maximum Lyapunov exponent is 1.265 (k = 0.13), which shows that the system is chaotic.
  • Bifurcation diagram of the combined system
Bifurcation diagram is another important concept to study the chaotic characteristics of chaotic system, which means that the dynamic state of chaotic system may change with the change of parameters, resulting in bifurcation phenomenon.
Figure 2a is bifurcation diagrams of the combined system, which shows that the system is in a chaotic state all the time, without obvious bifurcation phenomenon. It proves that the dynamic state of the system does not change with the change of parameters, and the system is always in a stable chaotic state. Therefore, the system is a chaotic system with good chaotic characteristics.
  • Sequence uniformity
The chaotic sequences generated by a strong chaotic system iterated should be uniform. Figure 3 represents the number of occurrences of X values in different ranges for different iterations. Figure 4 shows the distribution of the chaotic sequence after 5000 iterations times of the combined chaotic system. The X-axis represents the number of iterations, the Y-axis represents frequency of the sequence value of iterations and the different colors represent the different range of values. According to the maximum Lyapunov exponent of the combined chaotic system, we set X0 = 0.05, t = 0.13 as initial conditions. As illustrated in Figure 3 and Figure 4, the chaotic sequences generated are evenly distributed in the whole range, and can completely cover the whole value range. Therefore, the combined chaotic system has strong performance in sequence uniformity and can be used to generate chaotic pseudo-random sequences.
  • Initial value sensitivity
Set X0 = 0.12345, X0 = 0.12345 + 10−10 and t = 0.13 as initial conditions, and conditions of other parameters are the same, then the two chaotic sequences are generated through 100 iterations. The system is behaving chaotically with this condition; when t = 0.13, the system has the largest Lyapunov exponent, as shown in Figure 5. The chaos sequences begin to diverge and show a stable state of divergence after the number of iterations close to 11. In the long-term behavior of the system, the system has initial value sensitivity. Therefore, the combined chaotic system proposed in this paper is a chaotic system with strong performance and can be used to generate chaotic pseudo-random sequences.

4. S-Box Generation Method Based on Combined Chaotic System

4.1. Construction of S-Box

The construction steps of S-box in this paper are shown as the Figure 6:
Step 1. Generate chaotic pseudo-random sequence according to Equation (3).
Step 2. Discretization of pseudo-random sequences, the phase space [0, 1] of chaotic sequence is equally divided into 65,536 parts. The chaotic sequence { x i } i = 1 N is transformed into the corresponding phase space with the help of Equation (5), then we obtain the discrete pseudo-random sequence { s e q } i = 1 N , where N is the iteration times.
S e q ( i ) = { c e i l ( ( 1 2 arcsin ( x i ) / π ) 65,536 ) i f         0 x i < 1 65,535 i f         x i = 1
Step 3. The randomness of the pseudo-random sequences will be reduced after discretization, the linear congruence random number generator (LCGs) is used to avoid the short-period phenomena with the help of Equation (6).
L C G ( i ) = ( a × L C G ( i 1 ) + b ) mod ( m )
where a, b, c are constant, a is multiplier, b is increment, m is module. Set a = 16,807, b = 0, m = 232 − 1. Therefore, the periodic value of LCGs is 231−1, then we obtain the new discrete sequence { y i } i = 1 N with the help of Equation (7).
y ( i ) = S e q ( i ) L C G ( i )
Step 4. Convert the chaotic sequence { y i } i = 1 N into 256 integers with the help of Equation (8).
z ( i ) = y ( i ) mod 256
Select 256 non-repeated from sequence { z i } i = 1 N and record their positions. Rearrange the sequence with ascending order then obtain a new sequence { S i } i = 1 256 .

4.2. Scrambling of S-Box

The scrambling steps of S-box in this paper is shown as the Figure 7:
Step 1. Scrambling the sequence { S i } i = 1 256 . generated in the Section 4.1 with the help of standard mapping. The standard mapping follows Equation (9):
x n + 1 = ( x n + y n ) mod 2 π y n + 1 = ( y n + k sin ( x n + y n ) ) mod 2 π
Step 2. Obtain two sequences { x i } and { y i } by step 1. Then the elements in initial S-box are scrambled by row left and column rotation, and the sequence is discretized to [0, 15] with the help of Equation (10):
{ r o w i = f l o o r ( ( x i + 0.5 ) 16 ) + 1 c o l i = f l o o r ( ( y i + 0.5 ) 16 ) + 1     i = 1 , 2 , , 16
where r o w i represents rotate left by r o w i bits for the i-th row of the initial S-box, c o l j represents rotate the c o l j bits for the j-th column of the initial S-box.

4.3. Security Analysis of Chaotic Pseudo-Random Sequences

In order to verify the randomness of the discrete chaotic pseudo-random sequence obtained from the combined chaotic system, SP800-22 is tested in this paper. SP800-22 has 16 test items. The test items meet the requirements if p-value > 0.01. Only if all the 16 test items meet the requirements, the ciphertext generated by cryptographic algorithm can be considered as good random performance. The selected text should be large enough and divided into 100 groups. The results as shown in Table 1.
The chaotic sequences generated by the combined chaotic system proposed have strong pseudo randomness. The proposed is suitable for constructing S-boxes.
We can dynamically generate the S-boxes after the above steps, which is the preparation for the Section 4 about the S-box optimization based on the advanced genetic algorithm.

5. S-Box Optimization Based on Advanced Genetic Algorithm

5.1. Traditional Genetic Algorithm

Genetic algorithm (GA) is a kind of population optimization algorithm derived from the evolution of biological world, which was proposed by J. Holland in 1957. The general process is to calculate the fitness of each individual by calculating the objective function of each individual in the group and comparing the relationship with the fitness function, then select two individuals with larger fitness value to cross and mutate to generate new individuals. The algorithm is terminated when it reaches iteration times. Figure 8 shows the process of traditional genetic algorithm.

5.2. The Design of S-Boxes Optimization Based on Advanced GA

5.2.1. Adaptive S-Boxes Coding

The S-boxes coding format should be determined before optimizing S-boxes by GA. There are generally two ways: decimal coding and binary coding. This paper proposes different encoding methods for S-boxes encoding in different stages according to characteristics of different encoding format. Select decimal coding in the iterative and crossover stages and select binary coding when calculating fitness value, which improves the speed of calculating the fitness value and simplifies the de-duplication stage of iterative operation and cross operation.

5.2.2. Advanced Fitness Function

A strong S-box has good performance in nonlinearity, differential uniformity and strict avalanche effect according to the evaluation criteria. However, the design of fitness function is too simple in traditional GA to comprehensively satisfy the performance standard of S-box. Therefore, the fitness function in this paper shown as Equation (11):
F ( s ) = a F ( N s ) + b F ( δ s ) + c F ( B s )
where F(s) is fitness function, F ( N s ) ,   F ( δ s ) ,   F ( B s ) represent nonlinear, difference uniformity, strict avalanche effect; a, b and c represent the relevant weights coefficients, respectively.
Through the extensive experiment, a piecewise weighting function is designed in this paper as following Equation (12):
F ( s ) = { N s 1 4 δ s B s N s < 107 a n d δ s > 10 N s 3 4 δ s B s N s < 107 a n d δ s 10 5 3 N s 1 4 δ s B s N s 107 a n d δ s > 10 5 3 N s 3 4 δ s B s N s 107 a n d δ s 10

5.2.3. Advanced Selection Operator

The purpose of selection operator is to select good individuals for the population and eliminate the bad ones in GA. Firstly, the individuals are sorted according to the fitness value, then N individuals with high fitness value are selected as the next generation. However, there exists many problems in this process. In the early stage of evolution, there are few excellent individuals and their distribution is scattered. In the late stage of evolution, there are many excellent individuals and their distribution is centralized. It is easy to cause the non-convergence of evolution if selection rate is fixed. Therefore, this paper proposes an adaptive selection probability as shown in Equation (13):
p a = { p max i f         q Q 3 5 p min i f         1 q Q > 3 5
where q is q-th iteration, Q is the total number of iterations, pa is the selection probability, pmax is the maximum selection probability, pmin is the minimum selection probability.

5.2.4. Advanced Crossover Operator

The purpose of crossover operator is to generate new individuals in the iterative process. The crossover rate is a fixed constant in traditional GA. However, a fixed crossover probability may cause that there are not enough individuals in the early stage, or the calculation speed cannot be guaranteed, the stable convergence of the algorithm cannot be guaranteed in the later stage. Therefore, this paper proposes an adaptive crossover probability as shown in Equation (14):
p b = { p max × e q Q i f   p max × e q Q < p min p min e l s e
where q is q-th iteration, Q is the total number of iterations, pb is the selection probability, p max is the maximum crossover probability, p min is the minimum crossover probability.

5.2.5. Advanced Mutation Operator

The purpose of mutation operator is to increase the diversity of population in traditional GA. The algorithm is not easy to converge and the evolutionary randomness is enhanced when the mutation rate is too large, the algorithm may cause he local optimal solution and the population diversity is too small when the mutation rate is too small. Therefore, this paper proposes the adaptive mutation rate. Firstly, the individuals with larger adaptability should have a lower mutation probability to retain the good characteristics, and the individuals with smaller adaptability should have a larger mutation probability. Secondly, the mutation rate should decrease gradually and the algorithm tends to be stable with the increase of the number of iterations. The adaptive mutation probability designed in this paper as shown in Equation (15):
p c = { p max × e | 1 F ( x ) F max | q Q i f     p max × e | 1 F ( x ) F max | q Q > p min p min e l s e
where Fmax is the maximum fitness of the current population, F(x) is the fitness of the individual mutated, p max is the maximum mutation probability, p min is the minimum mutation probability.

5.3. The Design of S-Boxes Optimization Based on Advanced GA

The S-boxes optimization algorithm in this paper combines the S-box construction method proposed in the Section 3 with the advanced GA, including population initialization stage, individual evaluation, selection stage, crossover stage, mutation stage and termination condition determination. Algorithm 1 shows the pseudo code of chaotic s-box optimization. The steps are as follows:
  • Step 1: Initialization
Initialize each element x in the S-box generated in Section 3 with the help of Equation (16):
X = F l o o r ( x × 2 8 )
Add each X to sequence {S}, and the output is the individual of the initial population. Repeat the above steps until all the populations are initialized.
  • Step 2: Individual evaluation
Calculate the fitness value of the S-box according to the fitness function, then arrange the individuals in ascending order according to the fitness values. The operation continues unless the number of iterations reaches the threshold or the maximum fitness value in the population is greater than the predetermined value.
  • Step 3: Selection stage
Calculate the selection probability pa in the current iteration stage, then select N1 excellent individuals with the help of Equation (17):
N 1 = p a × T
where T is the number of initial populations.
  • Step 4: Crossover stage
Calculate the number of populations N2 generated in the crossover according to Equation (18). Select the individual with the largest fitness value as the parent-1, and the i-th individual as the parent-2, add parent-1 and parent-2 to the crossover population. The above operation continues until the number of individuals generated by the crossover operator is not greater than N2. Cross descendants of the output as elements in {S’}
N 2 = p b × T
i = F l o o r ( T × x )
where pb is the crossover probability, x is the element of the sequence {S}.
  • Step 5: Mutation stage
Calculate the number N3 of individuals to be mutated according to Equation (20). Select the i-th individual in the cross population is to perform the mutation operation. Then exchange the ( P 1 + i ) -th and ( P 2 + i ) -th individuals to generate an individual mutated. The above operation continues until the number of individuals generated by the mutation operator is not greater than N3.
N 3 = p c × T
P 1 = F l o o r ( N 2 × x )
P 2 = F l o o r ( ( N 2 1 ) × x )
where pc is the mutation probability, x is the element of the sequence {S’}.
  • Step 6: Termination condition determination
If the number of iterations is greater than the threshold Q, obtain the individual with the maximum fitness in the optimization process as the optimal solution, then the algorithm is terminated.
Algorithm 1 TThe pseudo code of chaotic s-box optimization
Input: The initial S-box population {S}, Q, T, p max , p min , p max , p min , p max , p min  
Output: The optimal S-box Sp;
1:   read the initial S-box {S};
2:   sort(F({S}));
3:   while(m < Q && n < T) do
4:    if(m/Q <= 3/5)
5:    pa = p max     ;
6:    N1 = pa × T;
7:    else pa = p min     ;
8:    N1 = pa × T;
9:    end if;
10:  Selection(N1);
11:  if( p max × e q Q < p min )
12:   pb = p max × e q Q ;
13:   N2 = pb × T;
14:  else pb = p min     ;
15:   N2 = pb × T;
16:  end if;
17:  Obtain S1: F(S1) = max(F{S});
18:  Obtain S2: i = Floor(T × x’);
19:  S’ = Crossover(S1,S2);
20:  add S’ to {S};
21:  if(pc == p max × e | 1 F ( x ) F max | q Q )
22:   N3 = pc × T
23:  else N3 = p min     *T;
24:  end if;
25:  Obtain Si: i = Floor(T × x’);
26:  Change(X1 + i,X2 + i):X1 = Floor(N2 × x’’); X2 = Floor((N2-1) × x′);
27:  SEED←max(F{Si});
28:   end while;
29:   Sp←SEED;
30:   return Sp;

5.4. Proposed S-Boxes

Select initial conditions x = 0.02485 , t = 1 , T = 10,000 , p max = 0.15 , Q = 200, p min = 0.05 , p max = 0.5 , p min = 0.3 , p max = 0.5 , p min = 0.3 .
Generate the S-box according to the above steps as shown in Table 2.

6. Performance Analysis

In order to verify the cryptography characteristics of S-boxes, according to the performance standard evaluation system of S-boxes, this paper analyzes the performances of the proposed S-boxes included nonlinear criterion, the strict avalanche criterion, differential uniformity, the output bits independence criterion and linear approximation probability.

6.1. Nonlinear Criterion

Nonlinear criterion is an important characteristic of S-boxes performance evaluation system. The higher the nonlinearity, the stronger the ability of S-box to resist nonlinear attack. By definition, f : F 2 n F 2 can be considered as N-Variable Boolean function. The nonlinear criterion is denoted by
N f = min l L n d H ( f , l )
where L n is an affine function set, d H ( f , l ) is the Hamming distance between f and l. In general, f is denoted by Walsh spectrum as Equation (24):
S f ( ω ) = ω G F ( 2 n ) ( 1 ) f ( x ) x ω
with ω ϵ G F ( 2 n ) , and ω · x is the dot product between x and ω s. The nonlinearity is shown in Equation (25):
N f = 2 n 1 ( 1 2 n max | S ( f ) ( ω ) | )
Nonlinearity is a criterion of linear cryptanalysis. The higher the nonlinearity, the stronger the ability of S-boxes to resist nonlinear attack.

6.2. The Strict Avalanche Criterion (SAC)

S ( x ) = [ f 1 ( x ) , , f m ( x ) ] : F 2 n F 2 m satisfies the strict avalanche effect, which means that each output bit changes with each input bit, and the probability of change is strictly 0.5.
In general, the strict avalanche effect of S-boxes can be measured by SAC correlation matrix. The S-boxes satisfy the strict avalanche effect if each of the sac correlation matrix is close to 0.5.
Set e i = [ δ i , 1 , δ i , 2 , δ i , n ] T , δ i , j is denoted as Equation (26):
δ i , j = { 1 , i = j 0 , i j
  ( · ) T is transpose matrix, showed as Equation (27):
P i , j = 2 n x B n f i ( x ) f j ( x e i )
The estimation bias of SAC correlation is measured by Equation (28):
S ( f ) = 1 n 2 1 i n s u m j n | 1 2 P i , j ( f ) |
Table 3 shows the comparison of our S-boxes and other S-boxes about the values of SAC values. The S-boxes satisfy the strict avalanche criterion when every value of the matrix is close to 0.5.

6.3. Equiprobable Input/Output XOR Distribution

Differential probability is a characteristic of S-box, it is a measure of criterion of equiprobable input/output XOR distribution.
Set S ( x ) = [ f 1 ( x ) , , f m ( x ) ] : F 2 n F 2 m as a multi-output function. Differential uniformity η is denoted as Equation (29):
η = 1 2 n max α F 2 n α 0 max β F 2 m | { x F 2 n : S ( x + α ) S ( x ) = β } |
Differential uniformity also can be expressed by the different approximation probability like as Equation (30):
D P f = max Δ x 0 , Δ y ( # { x X | f ( x ) f ( x + Δ x ) = Δ y } 2 n )
where 2n is the cardinality of all the possible input values, Δ x is input differences, Δ y is output differences. The smaller values of DPf give better resistance to differential cryptanalysis.

6.4. The Output Bits Independence Criterion

By inverting the plaintext bits to generate vector sets, if the vector sets are independent of each other, the S-boxes satisfy the output bits independence criterion. the independence of avalanche vector pairs can be measured by calculating the correlation coefficient. The correlation coefficient is denoted as Equation (31). Set a given sum of two variables, A and B.
ρ { A , B } = cov { A , B } σ { A } σ { B }
where ρ{A,B} is the correlation between A and B, cov{A,B} = E{AB} − E{A}E{B} is the covariance between A and B, σ2{A} = E{A2} − (E{A})2 and σ2{B} = E{B2} − (E{B})2.
Set two output bits, fi and fk. It shows that S-boxes satisfy the output bits independence criterion if the non-linearity of fifk is high and the strict avalanche effect is close to the 0.5.
Table 3 and Table 4 show that the minimum of BIC-nonlinearity is 105 and the BIC-SAC is so close to the ideal value 0.5.

6.5. Linear Approximation Probability

Linear approximation probability (LP) is defined as
L P f = max a , b 0 ( # { x X | x a = f ( x ) b } 2 n 1 2 n )
where a is the input and b is the output. The smaller values of L P f gives better resistance to liner cryptanalysis.

6.6. Performance Comparation

Table 5 shows the comparison of our S-boxes proposed and other S-boxes from references [16,17,18,19,20,21,22,23,24].
Comparing the results in the Table 3, some insights we can summarize as follows:
  • The average nonlinearity of the constructed S-box-based construction method in Section 3 is 107.5, and the optimized S-box based on the advanced GA in Section 4 is 110.75, which is better than all other S-box algorithms except for literature 16 and 19. Therefore, our S-box has very good nonlinear characteristics and can resist linear attacks.
  • The SAC value of S-box in this paper is 0.0019 different from 0.5000, and the performance is better than that of references 17, 18, 19, 22, 23, 24. The performance of the optimized S-box is better than that of all other S-box algorithms except for reference 24.
  • The value of the XOR distribution of equiprobable input/output of our constructed S-box is 0.03900 and the optimized S-box is 0.01560, which illustrates resistance to differential cryptanalysis.
  • The BIC-nonlinearity of our constructed S-box is 105.75 and the BIC-SAC is 0.5005. The BIC-nonlinearity of optimized S-box is 110.02 and the BIC-SAC is 0.5005, which illustrates good output bits independence.
  • The LP of our constructed S-box is 0.0629 and the optimized S-box is 0.0156, which illustrates resistance to liner cryptanalysis.
  • In conclusion, both the constructed S-box and optimized S-box have a good performance in nonlinear criterion, the strict avalanche criterion, differential uniformity, the output bits independence criterion and linear approximation probability.

7. Comprehensive Analysis of Proposed Method

Our proposed method contains the construction of S-box and the optimization of S-box. The quality of this construction method depends on the chaotic system used. The chaotic system is controlled by parameters k and x, the proposed method is to generate S-box population by determining the optimal range of these two parameters, the obtained S-box population can guarantee the quality of the S-box. In addition, the speed of the proposed advanced genetic algorithm can be converged, our proposed method presents the following advantages after comparing with method [19,20,21,22,23,24,25,26]:
  • The S-box of proposed method is determined in advance, which can ensure the quality of optimization.
  • The proposed optimization algorithm controls the degree of optimization through the fitness function; therefore, we can obtain the satisfactory S-box by controlling the fitness function.
  • The comparison of performance illustrated that the optimized S-box have a better performance in above performance than method [19,20,21,22,23,24,25,26], which shows the optimized S-box has better cryptography characteristics and can resist linear attacks and differential attacks.

8. Conclusions

In this paper, a new combined chaotic system is proposed based on the chaotic theory, which has good chaotic characteristics proved by analyzing its dynamic characteristics. Next, this paper proposes a method of generating S-boxes based on the combined chaotic system. Finally, an advanced genetic algorithm is proposed to optimize the performances of S-boxes. The proposed advanced genetic algorithm is effective to avoid the shortcomings of low calculation efficiency and non-convergence of optimization results in traditional genetic algorithm. Through a lot of security analysis experiments and comparison with other papers, the optimized S-box has better cryptography characteristics and can resist linear attacks and differential attacks. The constructed S-box can be used in information hiding, image encryption, communication security technology and other fields.

Author Contributions

D.Z., X.T., Z.W. and M.Z. wrote and edited the manuscript. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Acknowledgments

This work was supported by the following projects and foundations: project ZR2019MF054 supported by Shandong Provincial Natural Science Foundation, the National Natural Science Foundation of China (No.61902091) and Innovation Research Foundation of Harbin Institute of Technology (HIT.NSRIF.2020099), the Foundation of Science and Technology on Information Assurance Laboratory (No.KJ-17-004), Equip Pre-research Projects of 2018 supported by Foundation of China Academy of Space Technology (No. WT-TXYY/WLZDFHJY003), 2017 Weihai University Co-construction Project.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Adams, C.; Tavares, S. The structured design of cryptographically good S-boxes. J. Cryptol. 1990, 3, 27–41. [Google Scholar] [CrossRef]
  2. Abdulsalam, A.A. Keystream Generator Based On Simulated Annealing. J. Appl. Comput. Sci. Math. 2011, 5, 48–53. [Google Scholar]
  3. Sreelaja, N.K.; Pai, G.A.V. Stream cipher for binary image encryption using Ant Colony Optimization based key generation. Appl. Soft Comput. 2012, 12, 2879–2895. [Google Scholar] [CrossRef]
  4. Wang, Y.; Zhang, Z.; Zhang, L.Y.; Feng, J.; Gao, J.; Lei, P. A genetic algorithm for constructing bijective substitution boxes with high nonlinearity. Inf. Sci. 2020, 523, 152–166. [Google Scholar] [CrossRef]
  5. Pathak, V.K.; Singh, A.K.; Singh, R.; Chaudhary, H. A modified algorithm of Particle Swarm Optimization for form error evaluation. Tm-Tech. Mess. 2017, 84, 272–292. [Google Scholar] [CrossRef]
  6. Tian, Y.; Lu, Z. Chaotic S-box: Intertwining Logistic Map and Bacterial Foraging Optimization. Math. Probems Eng. 2017. [Google Scholar] [CrossRef]
  7. Khan, M.F.; Ahmed, A.; Saleem, K. A Novel Cryptographic Substitution Box Design Using Gaussian Distribution. IEEE Access 2019, 7, 15999–16007. [Google Scholar] [CrossRef]
  8. Khan, M.A.; Ali, A.; Jeoti, V.; Manzoor, S. A Chaos-Based Substitution Box (S-Box) Design with Improved Differential Approximation Probability (DP). Iran. J. Sci. Technol. Trans. Electr. Eng. 2018, 42, 219–238. [Google Scholar] [CrossRef]
  9. Isa, H.; Jamil, N.; Zaba, M.R. Construction of Cryptographically Strong S-Boxes Inspired by Bee Waggle Dance. New Gener. Comput. 2016, 34, 221–238. [Google Scholar] [CrossRef]
  10. Rafiq, A.; Khan, M. Construction of new S-boxes based on triangle groups and its applications in copyright protection. Multimed. Tools Appl. 2019, 78, 15527–15544. [Google Scholar] [CrossRef]
  11. Ahmad, M.; Doja, M.N.; Sufyan Beg, M.M. ABC Optimization Based Construction of Strong Substitution-Boxes. Wirel. Pers. Commun. 2018, 101, 1715–1729. [Google Scholar] [CrossRef]
  12. Zahid, A.H.; Arshad, M.J. An Innovative Design of Substitution-Boxes Using Cubic Polynomial Mapping. Symmetry 2019, 11, 437. [Google Scholar] [CrossRef] [Green Version]
  13. Shahzad, I.; Mushtaq, Q.; Razaq, A. Construction of New S-Box Using Action of Quotient of the Modular Group for Multimedia Security. Secur. Commun. Netw. 2019, 2019, 2847801. [Google Scholar] [CrossRef] [Green Version]
  14. Belazi, A.; El-Latif, A.A.A. A simple yet efficient s-box method based on chaotic sine map. Optik 2017, 130, 1438–1444. [Google Scholar] [CrossRef]
  15. Çavuşoğlu, Ü.; Zengin, A.; Pehlivan, I.; Kaçar, S. A novel approach for strong s-box generation algorithm design based on chaotic scaled zhongtang system. Nonlinear Dyn. 2017, 87, 1081–1094. [Google Scholar] [CrossRef]
  16. Guesmi, R.; Farah, M.A.; Kachouri, A.; Samet, M. A novel design of Chaos based S-Boxes using genetic algorithm techniques. In Proceedings of the 2014 IEEE/ACS 11th International Conference on Computer Systems and Applications (AICCSA), Doha, Qatar, 10–13 November 2014; pp. 678–684. [Google Scholar]
  17. Ilvanov, G.; Nikolov, N.; Nikova, S. Reversed genetic algorithms for generation of bijectives-boxes with good cryptographic properties. Cryptogr. Commun. 2016, 8, 247–276. [Google Scholar]
  18. Wang, Y.; Wong, K.W.; Li, C.; Li, Y. A novel method to design S-box based on chaotic map and genetic algorithm. Phys. Lett. A 2012, 376, 827–833. [Google Scholar] [CrossRef]
  19. Cui, L.; Cao, Y. A new S-box structure named affine power-affine. Int. J. Innov. Comput. Inf. Control 2007, 3, 751–759. [Google Scholar]
  20. Wang, Y.; Lei, P.; Wong, K.-W. A method for constructing bijective S-box with high nonlinearity based on chaos and optimization. Int. J. Bifurc. Chaos 2015, 25, 1550127. [Google Scholar] [CrossRef]
  21. Belazi, A.; Abd El-Latif, A.A.; Diaconu, A.V.; Rhouma, R.; Belghith, S. Chaos-based partial image encryption scheme based on linear fractional and lifting wavelet transforms. Opt. Lasers Eng. 2017, 88, 37–50. [Google Scholar] [CrossRef]
  22. Lambic, D. A new discrete-space chaotic map based on the multiplication of integer numbers and its application in S-box design. Nonlinear Dyn. 2020, 1–13. [Google Scholar] [CrossRef]
  23. Wang, X.; Çavuşoğlu, Ü.; Kacar, S.; Akgul, A.; Pham, V.T.; Jafari, S.; Alsaadi, F.E.; Nguyen, X.Q. S-box based image encryption application using a chaotic system without equilibrium. Appl. Sci. 2019, 9, 781. [Google Scholar] [CrossRef] [Green Version]
  24. Ozkaynak, F. Construction of robust substitution boxes based on chaotic systems. Neural Comput. Appl. 2019, 31, 3317–3326. [Google Scholar] [CrossRef]
  25. Ullah, A.; Jamal, S.S.; Shah, T. A novel scheme for image encryption using substitution box and chaotic system. Nonlinear Dyn. 2018, 91, 359–370. [Google Scholar] [CrossRef]
  26. Daemen, J.; Rijmen, V. Design of Rijndael: AES—Advanced Encryption Standard; Springer Science and Business Media: Berlin, Germany, 2002. [Google Scholar]
Figure 1. (a) Bifurcation diagrams of logistic map. (b) Lyapunov exponents of logistic map. (c) Bifurcation diagrams of sine map. (d) Lyapunov exponents of sine map.
Figure 1. (a) Bifurcation diagrams of logistic map. (b) Lyapunov exponents of logistic map. (c) Bifurcation diagrams of sine map. (d) Lyapunov exponents of sine map.
Symmetry 12 02087 g001
Figure 2. (a) Bifurcation diagrams of the combined system. (b) Lyapunov exponent of the combined chaotic system.
Figure 2. (a) Bifurcation diagrams of the combined system. (b) Lyapunov exponent of the combined chaotic system.
Symmetry 12 02087 g002
Figure 3. Statistics of the number of occurrences of X values in the same range.
Figure 3. Statistics of the number of occurrences of X values in the same range.
Symmetry 12 02087 g003
Figure 4. Sequence uniformity.
Figure 4. Sequence uniformity.
Symmetry 12 02087 g004
Figure 5. Initial value sensitivity.
Figure 5. Initial value sensitivity.
Symmetry 12 02087 g005
Figure 6. Substitute box (S-box) construction.
Figure 6. Substitute box (S-box) construction.
Symmetry 12 02087 g006
Figure 7. S-box scrambling.
Figure 7. S-box scrambling.
Symmetry 12 02087 g007
Figure 8. The process of traditional genetic algorithm.
Figure 8. The process of traditional genetic algorithm.
Symmetry 12 02087 g008
Table 1. SP800-22 result.
Table 1. SP800-22 result.
Test SuitePass Ratep-ValueResult
Frequency0.970.5748SUCCESS
Block Frequency1.000.6253SUCCESS
Cumulative0.980.8712SUCCESS
Runs0.990.1623SUCCESS
Lonest Run1.000.3458SUCCESS
Rank0.990.5182SUCCESS
FFT0.970.7923SUCCESS
Non-Overlapping Template1.000.8322SUCCESS
Overlapping Template1.000.6573SUCCESS
Universal1.000.8812SUCCESS
Approximate Entropy0.990.1678SUCCESS
Random Excursion0.970.5893SUCCESS
Random Excursions Variant1.000.7694SUCCESS
Serial1.000.6199SUCCESS
Serial0.990.0765SUCCESS
Linear Complexity1.000.8192SUCCESS
Table 2. S-box generated.
Table 2. S-box generated.
0123456789ABCDEF
0244831171501901111021712820092223247174198147
12414795711842421134830135501020211022203
210144531314028581681961321997011206252177
39890891096661169170214201362232130154126
4246158673951768711393712117624185178157
517514212225461221914229226081179243127153
616520511918021797118112641599425577249134171
721165181431615799201108115155187123208173124
823822224821618223715225250143146172181945207
9192239825422180357519521229213622244282
A14968114861527245144227881051417238210162
B122567323619103712923320952541331639334
C36107186551251911064569608591116240218131
D220741454915116423026317919784253236137
E961661835916725112014818916023121523533228234
F919331882041043244015678631641138100
Table 3. BIC-nonlinearity of the optimized S-box.
Table 3. BIC-nonlinearity of the optimized S-box.
-110109107108112108109
113-108110108109112106
109105-116108110109114
114107109-106117109109
112109108107-110109110
108112107106112-114110
114109112110109109-112
117111109110109113112-
Table 4. BIC-strict avalanche criterion (SAC) of the optimized S-box.
Table 4. BIC-strict avalanche criterion (SAC) of the optimized S-box.
-0.5038870.4989130.5062380.5021190.4932890.4942760.500157
0.507813-0.4969940.5068360.5078130.4928110.5066020.495117
0.4804690.503672-0.4960940.5003760.4998710.5017280.499572
0.500497 0.502930-0.5001980.5004920.4980810.498814
0.4998820.4998710.5008360.507831-0.5010010.5003210.500427
0.5018130.5005010.5011210.5001920.501036-0.5004920.500513
0.5004990.5005070.5001770.4992130.4991720.499925-0.498210
0.5001300.5004980.4999180.5001160.5000910.5004920.499981-
Table 5. Comparison of S-boxes proposed and other S-boxes.
Table 5. Comparison of S-boxes proposed and other S-boxes.
S-BoxesAverage
Nonlinearity
SACDPBIC-
Nonlinearity
BIC-
SAC
LP
Constructed S-box107.250.50190.03900105.750.50050.0629
Optimized S-box110.750.50050.01560110.020.50050.0156
Cui [19]112.000.50070.015601120.49970.0156
Çavusoglu [17]106.250.50390.03910103.350.50590.0791
Wang [20]110.500.49370.03910103.850.50330.0625
Belazi [21]112.000.51150.03130103.780.49820.0479
Lambic [22]106.750.50100.03910104.070.50050.0706
X. Wang [23]106.750.49980.03910104.140.49980.0706
Ozkaynak [24]106.750.49710.03910102.920.50080.0791
Ullah [25]106.000.50340.04690105.280.49800.0627
AES [26]107.250.50490.015601120.50460.0706
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Share and Cite

MDPI and ACS Style

Zhu, D.; Tong, X.; Zhang, M.; Wang, Z. A New S-Box Generation Method and Advanced Design Based on Combined Chaotic System. Symmetry 2020, 12, 2087. https://doi.org/10.3390/sym12122087

AMA Style

Zhu D, Tong X, Zhang M, Wang Z. A New S-Box Generation Method and Advanced Design Based on Combined Chaotic System. Symmetry. 2020; 12(12):2087. https://doi.org/10.3390/sym12122087

Chicago/Turabian Style

Zhu, Ding, Xiaojun Tong, Miao Zhang, and Zhu Wang. 2020. "A New S-Box Generation Method and Advanced Design Based on Combined Chaotic System" Symmetry 12, no. 12: 2087. https://doi.org/10.3390/sym12122087

APA Style

Zhu, D., Tong, X., Zhang, M., & Wang, Z. (2020). A New S-Box Generation Method and Advanced Design Based on Combined Chaotic System. Symmetry, 12(12), 2087. https://doi.org/10.3390/sym12122087

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop