Block Cipher Generation Model: A Step Towards Generative Ciphers

Abstract

The protection of confidential information is a worldwide challenge, and block ciphers are the most reliable option by which data security is accomplished. To the best of our knowledge, this type of research is being performed for the first time, unlocking new avenues for block cipher design research, shifting the paradigm from cryptographer-designed ciphers to computationally generated. We propose a computational model named Block Cipher Design Generation Model (BCDGM) to generate a complete design of novel block ciphers and their primitives, such as cipher structures, S-boxes, inverse S-boxes, P-boxes, round functions, half-round functions, and derived keys, in an automated manner without the participation of cryptographers. To accomplish this goal, BCDGM only requires high-quality quantum random bits as input to generate a myriad of new block ciphers. A quantum circuit is designed over the International Business Machines Corporation (IBM) Quantum Santiago computer to generate high-quality random bits. BCDGM itself and all its generated cipher structures and primitives are invariably transparent, unreproducible, and nondeterministic due to their sole reliance on quantum random bits. Furthermore, every decision made by BCDGM is randomized. As a result, potential vulnerabilities and attacks that exist in other ciphers are bypassed in BCDGM-generated ciphers. Extensive experimentation was conducted, generating more than fifty thousand new block cipher designs tested over 107 terabytes of data. Generated ciphers are compared with twelve reputable standard block ciphers, including five AES competition finalists. The results show that the proposed block ciphers occasionally surpass standard ciphers and achieve equivalent security strength in many cases. The implementation of the proposed model is publicly available.

1. Introduction

1.1. Cipher Design from Enigmatic Art to Standardization

The famous information theorist Claude Shannon has provided two desirable characteristics that should exist in a strong cipher: confusion and diffusion, as outlined in the fundamental research on the ‘Communication Theory of Secrecy Systems’ [1]. Block ciphers strictly follow the confusion and diffusion principle in an iterative manner to generate a cipher text. Block cipher operates on the block of data (plaintext) and produces an output of similar length (ciphertext) by using a key. This relationship is represented as $C={\mathrm{ENC}}_k\left(P\right)$. The encryption process, from plaintext to cipher text, is entirely dependent on the block cipher method and the key value k. The decryption process follows the reverse order, utilizing the same key, and is represented as $D_k\left(C\right)=P$ [2].

The notable progress in the design of block ciphers was started in the late 1960s, when Horst Feistel and Walt Tuchman led an IBM research program to develop secure ciphers. During the research program, a series of ciphers were developed, called the Lucifer ciphers. Generally, the Lucifer cipher is considered the first civilian block cipher. A few Lucifer ciphers were based on the Substitution Permutation Network (SPN), and a few were based on the Feistel Network. Later, this research program was ended in 1971 [2,3]. In 1973, the National Bureau of Standards (NBS), which is currently known as National Institute of Standards and Technology (NIST), published a proposal for the cryptographic algorithms to protect data during the storage and transmission process.

At that time, the need for cryptographic algorithms to protect the commercial use of computers was recognized by the NBS. It was a historic moment because before this call for proposals, cryptography had been considered the ‘black art’, mainly practiced by the military and national security organizations. In response to the NBS call, IBM submitted a cryptographic design based on the “Lucifer” design, and later, this design evolved into a data encryption standard (DES). In 1976, the National Security Agency (NSA) approved DES as an encryption standard, despite the criticism on key size and the existence of a backdoor in their S-boxes structure. DES was authorized for use in all non-classified government organization communications. After achieving the status of an NSA-approved encryption standard, DES was widely accepted internationally [4].

Another notable progress in block cipher design took place in 1997, when NIST issued a call for proposals for an advanced encryption standard (AES). In response to the AES call, an initial submission of fifteen proposals was received from preeminent figures in the domain of cryptography, distinguished research institutions, and leading technological enterprises across the globe. The names of the proposals were CAST-256, CRYPTON, DEAL, DFC, E2, FROG, Hasty Pudding, LOKI97, MAGENTA, MARS, RC6, Rijndael, SAFER+, Serpent, and Twofish [3].

In 1999, after several rounds of testing, ten algorithms were dropped, and five algorithms: Twofish, MARS, Serpent, RC6, and Rijndael, were selected for the final competition. In October 2002, the Rijndael algorithm was selected as the winner of AES; it was designed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. In 2003, the US national security agency approved AES for encrypting all government documents up to “secret level” with any key length, but for the “top secret level” documents, the key length was safe to 192 or 256 bits. It was the first time that a public encryption scheme was used for securing official documents. From 2001 to the present date, AES is considered an industry standard. AES encrypts millions of pieces of secret data every second. Its application spans a wide spectrum of technological interfaces, including ubiquitous web browsers, firewalls, routers, diverse operating systems, communication applications, and cryptographic standards such as internet protocol security (IPsec), transport layer security (TLS), IEEE 802.11i the Wi-Fi encryption standard, the WPA2 protocol, and the venerable network protocol Secure Shell (SSH) [3].

GOST, CLEFIA, CAST-128, Camellia, Blowfish, and ANUBIS are a few other block ciphers that are widely adopted in different regions and countries. For instance, the GOST block cipher is the standard for both the Soviet and Russian governments, with its latest iteration released in 2015. Similarly, CLEFIA has received a recommendation from the cryptography research and evaluation committees of the Japanese government, with its latest release in 2019. CAST-128 holds the endorsement of the communications security establishment of the Canadian government. In 2003, the Camellia cipher obtained approval for New European Schemes for Signatures, Integrity, and Encryption EU (NESSIE). Skipjack is another renowned cipher designed by the NSA that was kept secret for a long time. Consequently, it lost trust due to the lack of transparency associated with the key escrow policy. This lack of transparency raised suspicions within the cryptographic community regarding potential hidden vulnerabilities or backdoors [5]. Kuznyechik (also known as GOST R 34.12-2015 [6]) is another prominent block cipher standardized by the Soviet and Russian agency, utilizing 8-bit S-boxes. The architects of Kuznyechik chose not to disclose the specific design of the S-boxes. This decision has also raised concerns about the potential intentional insertion of hidden weaknesses [7,8,9].

Modern block ciphers such as advanced encryption standard rely on manually engineered cryptographic primitives, including S-boxes, permutation layers, and round transformations designed through extensive human analysis. This manual design process is extremely complex, requires years of cryptographic expertise, and typically results in a single fixed architecture that remains unchanged once standardized. Consequently the exploration of alternative cipher structures with independent randomness and diverse internal configurations is limited. From a research perspective, this creates a gap. There is no framework capable of automatically generating secure block cipher architectures offline, including S-boxes, permutations, and round structures, while still adhering to classical cryptographic principles of confusion and diffusion. The research therefore addresses the following problem: how to design an automated block cipher generation framework capable of producing complete cipher architectures offline with strong statistical randomness, scalable round structures while ensuring that the generated cipher can be deployed in the same operational manner as standardized algorithms such as AES. This problem is addressed through the proposed Block Cipher Design Generator Model (BCDGM), which generates cipher architectures prior to deployment rather than during runtime communication.

1.2. Contribution

To the best of our knowledge, this nature of research is being performed for the first time, generating complete designs of novel block ciphers and their primitives in an automated manner without the participation of cryptographers. To accomplish this goal, BCDGM only requires high-quality quantum random bits as input to generate a myriad of new block ciphers. A quantum circuit is designed over the IBM Quantum Santiago computer to generate high-quality random bits. BCDGM itself and all its generated cipher structures and primitives are invariably transparent, unreproducible, and nondeterministic, due to their sole reliance on quantum random bits. BCDGM is free from the existing backdoors such as by-design backdoors, weak key backdoors, algorithmic trapdoors, hidden encryption modes, mathematical backdoors, hidden parameters, or similar vulnerabilities.

Abundant scholarly investigations exist in the research literature that target the mathematical foundations of existing block cipher primitives and structures. For example, algebraic structure-based S-box construction techniques are extensively targeted by various potential attacks, such as interpolation attack [5], gröbner basis attack [7,10], SAT solver [8,11], linear and differential attacks [9,12], XL attacks [13], XSL attacks [13], integral cryptanalysis [14,15], boomerang attack [14,16], truncated differential cryptanalysis [17,18], multiple linear cryptanalysis [19,20], multiple differential cryptanalysis [21,22], higher-order differential cryptanalysis [23], impossible differential cryptanalysis [24,25,26], and integral cryptanalysis [27]. However, instead of relying on mathematical foundations and algebraic structures, BCDGM generated ciphers totally rely on quantum random bits. As a result, the generated cipher bypasses the aforementioned potential vulnerabilities. Every decision of the BCDGM is randomized; consequently, existing potential vulnerabilities are irrelevant to our generated ciphers. These decisions involve considerations such as the following:

• Determining how many rounds will be applied to each plaintext block.
• Which cipher structure will be applied to each round, such as left Feistel, Substitution-Permutation Network, right Feistel, left Lai–Massey, right Lai–Massey, and any possible randomized combination.
• Which S-box will be used in which round and what will be the values of the S-box.
• Which P-box will be used in which round and what will be the values of the P-box.
• Which derived key will be used in which round and what will be the values of the derived keys.
• How many S-boxes, P-boxes, and derived keys will be used or similar other decisions.

The asymptotic computational complexity of both encryption and decryption is the same as that of AES, i.e., O(N).

The BCDGM has the capability to generate a myriad of new block cipher designs with their primitives. For the experiment, we conducted extensive testing, generating more than fifty thousand new block cipher designs and their corresponding primitives, such as S-boxes, reverse S-boxes, P-boxes, round functions, half round functions, and derived keys. A comprehensive assessment of 50,000 novel block cipher designs was conducted over 107 terabytes of data. During the testing phase, a total of 66,725 ciphers were generated. Out of these, 50,000 ciphers satisfied the evaluation criteria presented in Section 3.1, Section 3.2, Section 3.3, Section 3.4, Section 3.5 and Section 3.6, whereas the remaining 16,725 ciphers were discarded. Generated ciphers are compared with twelve standard reputable block ciphers. Among these twelve, five stood out as AES competition finalists, while the remaining seven are widely adopted in various regions across the globe. Our generated block ciphers occasionally surpass standard block ciphers across various test criteria and also produce equivalent strength in many cases. The main factor behind this achievement is that every structure, primitive, and step of our proposed model is purely randomized. The first motivation for this research was randomness; randomness is the philosophy of science. It is a fundamental feature of nature and an indubitably valuable resource for cryptography, and the second motivation is generative AI. This research unlocks new avenues for cipher design research, shifting the paradigm from cryptographer designed ciphers towards computationally generated ciphers.

The single contribution of this research is the generation of block ciphers and their cryptographic primitives. BCDGM does not generate ciphers during communication; it only designs the cipher offline, and the generated cipher can later be used in a fixed form at both the sender and receiver sides, similar to conventional block ciphers. The generated cipher primitives in our framework are also fixed and shared beforehand. Therefore, no cipher generation occurs during runtime communication; the generated cipher is used in the same operational manner as AES.

The remaining paper is arranged as follows: Section 2 explains the proposed model; Section 3 presents the results and its evaluation; Section 4 presents the conclusion.

2. Proposed Model: Block Cipher Designs Generator Model (BCDGM)

Kerckhoffs’ principle states that a cryptosystem is secure even if everything about the system except the key is public knowledge. Kerckhoffs introduces this principle for cryptographers to the design of standalone ciphers. In our case, BCDGM replaced the cryptographers; that is why the ciphers generated from the BCDGM also strictly follow Kerckhoffs’ principle. Each generated cipher does not require the secrecy of the cipher itself, except the key. Even so, we are one step ahead, as the internal design of BCDGM itself strictly follows Kerckhoffs’ principle; the internal design is open except the input source, which is quantum random bits.

Before beginning to understand BCDGM, it is noteworthy that the model is intricate and substantial in scope, and to understand each module thoroughly, we have attached the module’s flowchart/algorithm. In some modules, we have also appended visual interpretations with the flowchart/algorithm. These attachments will significantly facilitate the readers to understand the BCDGM. The proposed BCDGM model is depicted in Figure 1. In the upper part of the model, randomized primitives generation is shown, and in the lower part, cipher structure generation is shown. BCDGM requires a high-quality true random bit stream, any plaintext, and a 32-byte key from the user, and it returns a novel block cipher design along with its primitives. To obtain a high-quality truly random bit stream, we performed iterative executions of the quantum random number generation (QRNG) circuit over the IBMQ-Santiago quantum computer. The QRNG circuit is illustrated in Figure 2.

True random bits are directly used to generate primitives like S-boxes, P-boxes, and derived keys. The detailed algorithm for generating S-boxes and P-boxes based on a quantum random bit stream is illustrated in Supplementary S1. Additionally, the reverse S-box generation algorithm is also provided in Supplementary S1. Block ciphers generated by BCDGM encrypt one block at a time, and the size of the output block is always equal to the input block. The transformation from the input block to the output block is achieved through the randomized primitives and randomized cipher structures. BCDGM generates a random number of rounds to process a single plaintext block. These rounds are iterated such that the output of one round becomes the input of the next. After the rounds, the cipher text is emitted, and the next block of plaintext is processed. Random bits determine the number of rounds that will be applied to a single plaintext block, and random bits also determine which cipher structure will be generated. Similarly, random bits determine which S-box, P-Box, inverse S-box, and derived key will be applied to each block and what will be the values of these primitives.

In a single cipher, it is feasible that each block of the plaintext is processed through different rounds. For example, in Supplementary S2, a new block cipher design is generated in which we can see that on block-1 eight, different rounds are applied; on block-2, nine different rounds are applied; on block-3, thirteen different rounds are applied; on block-4, twelve different rounds are applied; on block-6, fourteen different rounds are applied. Principally, in every round, three different operations are performed in a single block regardless of its structure type: Like left Feistel, Substitution-Permutation Network, right Feistel, left Lai–Massey, right Lai–Massey, and any possible randomized combination, collectively referred to as a hybrid structure. These three round operations are confusion, diffusion, and key whitening. BCDGM achieved confusion through S-boxes, diffusion through P-boxes, and key whitening through (key ⊕ block) operation. In a single generated cipher, it is also feasible that each block of the plaintext can be processed through a single structure, as illustrated in Supplementary S3–S5. It can be observed that plaintext blocks are processed with either the SPN structure, Left Feistel, Right Feistel structure, Left Lai–Massey, or Right Lai–Massey structures, respectively. In the single generated cipher, it is also feasible that each block of the plaintext can be processed through randomized structure, like in Supplementary S6, round-1 of the block-2 is processed through Feistel structure. In the same round-1, block-3 is processed through the left Lai–Massey structure. In the same round-1, block-1 is processed through SPN structure. In the same round-1, block-13 is processed through right Lai–Massey structure. The flowchart presented in Supplementary S7 depicts the complete cipher generation process, including the key generation algorithm, the derived key generation algorithm, key mixture algorithm, round key generation algorithm, round encryption algorithm, round substitution algorithm, round permutation algorithm, block extraction algorithm, algorithm for constructing protocol headers, algorithm for constructing round headers, and algorithm for constructing round structure.

Generated ciphers only require a 32-byte key from the user. This key is not directly used in round and inverse functions; instead, the round function and inverse function only use derived keys. Our proposed key generation method produces the required number of derived keys by using a single 32-byte key as a seed. The key generation process is illustrated in Figure 3. In Supplementary S7, the comprehensive step-by-step methodology for key generation is visually presented in the form of a flowchart. All the primitives of block ciphers such as S-boxes, P-boxes, inverse S-boxes, cipher structure, and derived keys are assigned randomly to each round and each block by using the randomized primitive’s assignment protocol. Based on the random numbers, randomized primitive’s assignment protocol decides seven essential building blocks of the BCDGM, which are as follows:

• How many rounds will be applied to each plaintext block.
• Which cipher structure will be applied to which block.
• Which S-box will be used in which block and what will be the values of the S-box.
• Which P-box will be used in which block and what will be the values of the P-box.
• How many S-boxes, P-boxes, inverse S-boxes, and derived keys will be used.
• Which derived key will be used in which block and what will be the values of the derived keys.
• Which inverse S-box will be used in which block and what will be the values of the inverse S-box.

The complete format of the randomized primitive’s assignment protocol is illustrated in Figure 4. To facilitate simplicity and improve the reader’s comprehension, we present a sample randomized primitive’s assignment protocol of a very basic and small block cipher.

3. Results and Evaluation

This section delineates essential details related to the results, experimental setup, assessment criteria, and set of analyses. For the evaluation, different types of analysis are applied on different categories of the data sets; these analyses and corresponding data sets follow the evaluation criteria stipulated by the advanced encryption standard (AES) [28,29]. In the process of assessing our block cipher strength, a comprehensive evaluation is conducted by comparing them with 12 standard block ciphers. Notably, five of these ciphers were finalists in the esteemed advanced encryption standard (AES) competition: Twofish, MARS, Serpent, RC6, and Rijndael. Additionally, our evaluation extended to include other prominent ciphers, such as DES, GOST, CLEFIA, CAST-128, Camellia, Blowfish, and ANUBIS. The BCDGM has the capability to generate a myriad of new block cipher designs and its primitives. However, we present here eight ciphers generated using BCDGM for discussion and analysis; these ciphers are randomly picked.

In the experimentation, a set of 15 standard plaintexts and keys are employed, encompassing a diverse range of combinations. This encompassed variations such as {low-density key with low-density plaintext}, {low-density key with high-density plaintext}, {low-density flipped key with high-density plaintext}, {low-density key with randomized plaintext}, {high-density key with high-density flipped plaintext}, and {randomized flipped key with randomized plaintext}, among others. To further elucidate the parameters of our experimentation, let Plaintext1 = {010101010101, …, N }, Plaintext1Flipped = $\{110101010101,\dots ,\mathrm{N}\}$, where $\mathrm{N}=8437$. Key1 {0, 0, 0, 0, 0, …, N}, KeylFlipped $=\{1,0,0,0,0,\dots ,\mathrm{N}\}$, where $\mathrm{N}=64$. Plaintext2 = {010101010101, …, N}, Plaintext2Flipped = {110101010101, …, N}, where $\mathrm{N}=8437$. The randomized Key 2 = {6, 126, 108, 15, 87, 120, 114, …, N}, Key2Flipped = {5, 126, 108, 15, 87, 120, 114, …, N}, where $\mathrm{N}=64$. Plaintext3 = {100000000, …, N}, Plaintext3Flipped {110000000, …, N}, where N = 9710. Key3 = $\{0,1,0,0,0,0,0,\dots ,\mathrm{N}\}$, Key3Flipped = {0, 0, 0, 0, 0, 0, 0, …, N}, where N = 64. Plaintext4 = {011111111, …, N}, Plaintext4Flipped = {111111111, …, N}, where N = 9728. Key4 = {0, 0, 1, 1, 1, 1, 1, …, N}, Key4Flipped $=\{1,0,1,1,1,1,1,\dots ,\mathrm{N}\}$, where $\mathrm{N}=64$. Plaintext5 = {000000000, …, N}, Plaintext5Flipped = {100000000, …, N}, where N = 7148. The randomized Key5 = {105, 53, 49, 23, 98, 26, 106, 43, 27, …, N}, Key5Flipped = {106, 53, 49, 23, 98, 26, 106, 43, 27, …, N}, where $\mathrm{N}=64$. The remaining plaintexts and keys are delineated in Supplementary S8. In the assessment process, six different types of analysis, each corresponding to different categories of the datasets, are applied to twenty different ciphers. The first twelve ciphers are standard block ciphers, and the remaining eight ciphers are the generated block ciphers. To augment the readability of results, the outcomes are categorized into two groups: {P1K1, P3K3, P5K5, P7K7, P9K9, P11K11, P13K13, P15K15} and {P2K2, P4K4, P6K6, P8K8, P10K10, P12K12}.

3.1. Avalanche Effect (Plaintext, Key) Compared to Avalanche Effect (Plaintext, Key Flipped)

The avalanche effect is a desirable property in cryptography and it refers to the phenomenon where a small change in the key results in a drastic change in the output. This assessment applies fifteen pairs of parameters {P1K1 and P1K1Flipped, P2K2 and P2K2Flipped, P15K15 and P15K15Flipped} individually to twenty various block ciphers {DES, MARS, GOST, CLEFIA, CAST, Camellia, BLOWFISH, ANUBIS, AES, RC6, SERPENT, TWOFISH [30,31,32] Generated Cipher (GC)-2, GC-3, GC-4, GC-5, GC-6, GC-7, GC-8, and GC-9}. This rigorous analysis involves the processing of millions of bits. In Figure 5 and Figure 6, the results portray the impact of applying the avalanche effect on key flipping to the twenty ciphers. The results of the avalanche effect on our eight generated block ciphers are approximately 0.5, which are similar to the results of other standard block ciphers such as AES, GOST, Blowfish, Camellia, and DES.

3.2. Avalanche Effect (Plaintext, Key) Compared to Avalanche Effect (Plaintext Flipped, Key)

This explores the avalanche effect on plaintext flipping, which examines the sensitivity of each cipher to changes in plaintext. To conduct this assessment, fifteen pairs of parameters: {P1K1 and P1FlippedK1, P2K2 and P2FlippedK2, …, P15K15 and P15FlippedK15}, are applied one by one to the twenty block ciphers {DES, MARS, GOST, …, GC-9}. In Figure 7 and Figure 8, the results depict the impact of applying the avalanche effect on plaintext flipping to the twenty ciphers. The plaintext avalanche effect score on our eight generated block ciphers is approximately 0.5, completely fulfilling the required criteria. Furthermore, a comparative analysis reveals that our proposed cipher outperforms MARS, CLEFIA, CAST, ANUBIS, RC4, SERPENT, and TWOFISH.

3.3. Correlation (Plaintext, Key) Compared to Correlation (Plaintext, Key Flipped)

It examines the relationship between a single alteration in the key and the resultant changes in the encrypted output. To conduct this assessment, fifteen pairs of plaintexts with keys and plaintexts with flipped keys: {P1K1 and P1K1Flipped, P2K2 and P2K2 Flipped, P15K15 and P15K15Flipped} are applied one by one to the twenty block ciphers {DES, MARS, GOST, …, GC-9}. Then, the correlation between the plaintexts and the flipped keys is measured. The goal of this test is to evaluate how a single change in the encryption key affects the correlation between the plaintext and the cipher text. A low correlation between the plaintext and the flipped key indicates that the cipher exhibits good strength. The results, available in the form of bar charts in Figure 9 and Figure 10, show that the correlation value of key flipping on our generated block ciphers is excellent (≈0.02), except for the results of GC-5 (P12K12 and P12K12Flipped). It is also observed that our generated cipher results are similar to those of AES, GOST, Blowfish, Camellia, and DES.

3.4. Correlation (Plaintext, Key) Compared to Correlation (Plaintext Flipped, Key)

This examines the relationship between a single alteration in the plain text and the resultant changes in the encrypted output. To conduct this assessment, fifteen pairs of plaintexts, keys and flipped plaintexts, keys: {P1K1 and P1FlippedK1, P2K2 and P2FlippedK2, P15K15 and P15FlippedK15}, are applied one by one to the twenty block ciphers {DES, MARS, GOST, …, GC-9}. Then, the correlation between the plaintexts and the flipped plaintext is measured. The objective of this test is to assess how altering the plaintext affects its correlation with the key and, conversely, how this alteration affects the resultant cipher text. A low correlation between the plaintext–key pairs and the flipped plaintext–key pairs signifies robust cipher strength. The results, illustrated in bar charts in Figure 11, demonstrate that the correlation value between plaintext and flipped plaintext on our generated block ciphers is excellent (≈0.01). Furthermore, it is noted that our generated cipher results closely resemble those with AES, GOST, Blowfish, Camellia, and DES. This analysis also reveals that our proposed cipher outperforms MARS, CAST, ANUBIS, RC4, SERPENT, and TWOFISH.

3.5. Correlation (PlainText) Compared to Correlation (CipherText)

This evaluates the correlation between plaintext and the corresponding cipher text. High correlation score between plaintext and cipher text indicates potential vulnerabilities in the cipher and makes it susceptible to attacks such as differential cryptanalysis. Low correlation score between plaintext and cipher text indicates a strong cipher. To conduct this assessment, fifteen parameters: {P1K1, P2K2, …, P15K15}, are applied one by one to the twenty block ciphers {DES, MARS, GOST, …, GC-9}, and the resultant cipher text output is, respectively, compared with {P1, P2, P3, …, P15}. Then the correlation score between the plaintexts and the cipher text is measured. These measured results are shown in Figure 12 and Figure 13. The results are evident that our cipher closely resembles other ciphers, including AES, GOST, Twofish, Camellia, and DES.

3.6. NIST Statistical Randomness Tests

These are intricate statistical metrics developed by NIST to evaluate the randomness of binary sequences [17,18]. The suite consists of multiple tests designed to detect non-random characteristics that compromise the strength of ciphers. The primary objective of the NIST Randomness Test Suite is to ensure that the output of ciphers exhibits characteristics of randomness to such a degree that it becomes impossible for an adversary to distinguish between the cipher’s output and data generated by PRNG/TRNG. Each test in the suite produces a p-value, representing the probability that the observed sequence is random. A low p-value indicates the sequence exhibits patterns, while a high p-value indicates that the sequence appears to be random. The p-value determines whether a sequence passes or fails each test. To perform this assessment, fifteen parameters, denoted as {P1K1, P2K2, P15K15}, are applied individually to the twenty block ciphers {DES, MARS, GOST, …, GC-9}. Subsequently, NIST statistical randomness tests are applied to the resulting outputs of these ciphers. The number of passed NIST statistical tests is presented in Figure 14 and Figure 15. The results indicate that, similar to other reputable ciphers such as AES, GOST, Camellia, and Blowfish, our eight computationally generated ciphers also exhibit a high degree of randomness.

3.7. Statistical Randomness Evaluation Using TestU01

One hundred cipher instances are randomly selected from the generated cipher pool, and the encrypted outputs of these ciphers are then evaluated using the TestU01 statistical framework, which includes tests for spacing distribution, collision frequency, matrix rank characteristics, bitwise independence, and random-walk behavior.

Table 1. Average TestU01 results for 100 cipher texts of the proposed cipher.

Test ID	Statistical Test	Parameters	Test Statistic	p-Value	Result
T1	Birthday Spacings	$n=5,000,000$	$\lambda =27.1051$	0.61	Pass
T2	Collision (Multinomial)	$d=65,536$	$\mu =2909.25$	0.01	Pass
T3	Gap Test	$n=200,000$	${\chi }^2=1021.19$	0.98	Pass
T4	Simple Poker	$d=64$	${\chi }^2=16.80$	0.60	Pass
T5	Coupon Collector	$d=16$	${\chi }^2=31.70$	0.92	Pass
T6	Maximum-of-t	$n=2,000,000$	${\chi }^2\approx 9.9981\times {10}^4$	0.52	Pass
T7	Anderson–Darling	—	$AD=0.31$	0.69	Pass
T8	Weight Distribution	$n=200,000$	${\chi }^2=42.23$	0.42	Pass
T9	Matrix Rank	$n=20,000$	${\chi }^2=1.11$	0.77	Pass
T10	Hamming Independence	$n=500,000$	${\chi }^2=2312.29$	0.06	Pass
T11	Random Walk (H)	$n=1,000,000$	${\chi }^2=55.30$	0.35	Pass
T12	Random Walk (M)	$n=1,000,000$	${\chi }^2=60.86$	0.19	Pass
T13	Random Walk (J)	$n=1,000,000$	${\chi }^2=68.14$	0.70	Pass
T14	Random Walk (R)	$n=1,000,000$	${\chi }^2=42.09$	0.55	Pass
T15	Random Walk (C)	$n=1,000,000$	${\chi }^2=12.20$	0.99	Pass

shows the average results of the statistical tests performed on the 100 cipher texts, which indicate the absence of detectable non-uniform structures and statistical biases. The obtained p-values consistently fall within the acceptable range, and the keystream derived from the cipher text preserves strong entropy characteristics that also have a uniform probability distribution and negligible inter-bit correlation. All these assessments validate that the statistical robustness of the generated sequences is suitable for cryptographic applications that need high unpredictability and strong resistance against statistical and structural cryptanalytic attacks.

3.8. Differential Security Analysis Using NPCR and UACI Metrics

One hundred cipher instances are randomly selected from the generated cipher pool, and after that, these ciphers are used to encrypt standard benchmark images, including the Lena, Pepper, Baboon, Grapes, Sparrow, and Butterfly. For each encrypted output, the differential security metrics number of pixel change rate and unified average changing intensity are computed. The NPCR and UACI values are obtained from the encrypted images generated by the 100 distinct ciphers. These values are statistically aggregated, and their mean values are reported in

Table 2. NPCR and UACI Results of the Proposed Method.

Image	Ch	Proposed NPCR	Proposed UACI
Lena	R	99.6231	33.9985
	G	99.6927	33.6145
	B	99.5637	33.6954
Pepper	R	99.6771	33.6155
	G	99.6162	33.7641
	B	99.6912	33.6964
Nature	R	99.5785	33.3123
	G	99.6136	33.6673
	B	99.6345	33.1456
Bird	R	99.6641	33.7456
	G	99.6451	32.3213
	B	99.6216	32.1956
Baboon	R	99.6158	33.4345
	G	99.6466	33.7578
	B	99.6544	33.3642
Grapes	R	99.6411	33.2645
	G	99.6452	32.7224
	B	99.6452	33.8978
Sparrow	R	99.6941	33.8456
	G	99.6555	33.4321
	B	99.6132	32.6978
Butterfly	R	99.6211	33.7789
	G	99.6232	32.0546
	B	99.6453	33.2756

. These metrics quantify diffusion strength and sensitivity to minimal plaintext perturbations. Comparative analysis with the state-of-the-art image encryption schemes indicates that the proposed cipher framework achieves competitive differential characteristics. The results demonstrate strong diffusion capability and effective resistance against differential cryptanalytic attacks. The Lena image is used as a standard test image in this study. The original image is separated into its three color channels (R, G, B), and each channel is encrypted independently. Figure 16 illustrates the original RGB channels alongside their corresponding encrypted outputs where subfigures (a,b,c) depict the original R, G, B channels, and subfigures (d,e,f) show the encrypted channels produced by the proposed encryption scheme.

$$\mathrm{NPCR}={\displaystyle \frac{{\sum }_{i,j}D(i,j)}{M\times N}}\times 100$$

(1)

where

$$D(i,j)=\left\{\begin{array}{cc}0,\hfill & \mathrm{if}I(i,j)=J(i,j),\hfill \\ 1,\hfill & \mathrm{if}I(i,j)\ne J(i,j).\hfill \end{array}\right.$$

The unified average changing intensity (UACI) is defined as

$$\mathrm{UACI}={\displaystyle \frac{1}{M\times N}}\sum _{i,j}{\displaystyle \frac{|C_1(i,j)-C_2(i,j)|}{255}}\times 100$$

(2)

where $C_1(i,j)$ and $C_2(i,j)$ indicate the pixel values of two encrypted images at location $(i,j)$. M represents the number of rows, and N represents the number of columns of the plain image. Encryption security is improved with a large UACI value. The ideal expectations of NPCR and UACI can be calculated by the following formulas:

$${\mathrm{NPCR}}_{\mathrm{ideal}}=\left(1-{\displaystyle \frac{1}{2^n}}\right)\times 100\%$$

(3)

$${\mathrm{UACI}}_{\mathrm{ideal}}={\displaystyle \frac{1}{2^n}}{\displaystyle \sum _{k=1}^{2^n-1}}{\displaystyle \frac{k}{2^n-1}}\times 100\%$$

(4)

where n is the number of bits used to denote the various bit planes of an image. High values of UACI and NPCR indicate strong resistance against differential attacks. Table 2 indicates the values of NPCR and UACI. The NPCR values obtained in our results are consistently around $99.63$, which is considered a very good value. Similarly, the UACI values are around $33.5$, which also demonstrates strong encryption performance.

3.9. Resistance Analysis Against Structured-Plaintext, Known-Plaintext, and Chosen-Plaintext Attacks

Let a proposed cipher be modeled as an r-round keyed permutation

$$E_K:{\{0,1\}}^n\to {\{0,1\}}^n$$

with ciphertext

$$C=E_K\left(P\right).$$

To analyze structured-plaintext attacks, define the plaintext subset

$$\mathcal{T}\subseteq {\{0,1\}}^n$$

representing structured textual inputs such as repeated characters, low-entropy binary strings, periodic bit patterns, sparse blocks, and dense blocks.

For adversarial access, define an encryption oracle

$${\mathcal{O}}_E\left(P\right)=E_K\left(P\right).$$

The known-plaintext attack corresponds to observing pairs

$$(P_i,C_i)=(P_i,E_K\left(P_i\right))$$

with $P_i\in \mathcal{T}$, while a chosen-plaintext attack corresponds to adaptive queries

$$P_i\leftarrow \mathcal{A}(·),C_i=E_K\left(P_i\right).$$

To evaluate whether structured plaintext patterns leak exploitable structure, we define the statistical leakage

$${\mathcal{L}}_T=I(P;C)$$

where $I(·)$ denotes mutual information between plaintext and ciphertext distributions restricted to $\mathcal{T}$. A secure cipher requires

$${\mathcal{L}}_T\approx 0.$$

The cipher’s nonlinear layer can be characterized using the maximum differential probability

$${\delta }_{max}=\underset{∆x\ne 0,∆y}{max}Pr\left[S\left(x\right)\oplus S(x\oplus ∆x)=∆y\right]$$

and the maximum absolute linear bias

$${\lambda }_{max}=\underset{\alpha \ne 0,\beta \ne 0}{max}\left|Pr[\alpha ·x=\beta ·S\left(x\right)]-{\displaystyle \frac{1}{2}}\right|.$$

Let $A\left(r\right)$ denote the minimum number of active nonlinear components over any r-round propagation trail. Then, the probability of a differential characteristic generated by structured plaintext differences $∆P$ satisfies

$$Pr[E_K\left(P\right)\oplus E_K(P\oplus ∆P)=∆C]\le {\left({\delta }_{max}\right)}^{A\left(r\right)}.$$

Similarly, any linear relation between structured plaintext masks $\alpha$ and ciphertext masks $\beta$ satisfies

$$|\mathrm{Corr}(\alpha ·P,\beta ·E_K\left(P\right))|\le {\left({\lambda }_{max}\right)}^{A\left(r\right)}.$$

The data complexity required for a successful known-plaintext linear distinguisher is, therefore,

$$N_{\mathrm{lin}}\approx {\displaystyle \frac{1}{{\left({\lambda }_{max}\right)}^2}}.$$

Because $A\left(r\right)$ grows with the number of rounds due to diffusion, both differential probabilities and linear correlations rapidly decrease across multiple nonlinear components. The generated ciphers exhibit plaintext avalanche scores very close to the ideal value of $0.5$ and show very low plaintext–ciphertext correlation across structured plaintext families, including sparse, dense, repeated, flipped, and randomized inputs.

These observations indicate that structured plaintext patterns do not produce statistically exploitable ciphertext structure. Accordingly, the revised manuscript clarifies that the proposed cipher family demonstrates both empirical and analytical resistance to structured-plaintext KPA/CPA analysis.

3.10. Asymptotic Computational Complexity and Scalability Analysis

A scalability analysis quantitatively evaluates encryption and decryption execution times, throughput, resource utilization, and algorithmic complexity across varying plaintext sizes. We randomly select 100 cipher instances generated by the proposed model.

Table 3. Scalability Analysis of the Proposed Cipher Framework.

Data Size	Average Encryption Time (ms)	Average Decryption Time (ms)	Throughput (MB/s)
12 KB	0.69	0.71	17.6
100 KB	6.41	6.56	15.6
470 KB	25.74	26.11	18.2
1 MB	45.41	46.21	22.0
30 MB	286.72	290.42	104.6
60 MB	543.50	549.11	110.4
100 MB	2188.00	2195.82	45.7
250 MB	5473.20	5485.22	45.6
500 MB	10,946.37	10,971.43	45.7
750 MB	16,419.53	16,457.63	45.7
1000 MB	21,892.70	21,943.84	45.7

presents the average performance metrics of these instances. The results exhibit linear scaling of execution time with data size, minimal divergence between encryption and decryption times, and stable throughput, collectively validating the framework’s operational efficiency, balanced computational complexity, and practical suitability.

To encrypt N bytes of plaintext, the asymptotic computational complexity of the proposed generated encryption algorithms is $\mathcal{O}\left(n\right)$, which is equivalent to the complexity of AES.

3.11. Key Space Estimation of the Generated Ciphers

The complete flowchart of the key schedule design is shown in Figure 17. The total key space of the proposed cipher is determined by the per-round key length $k=256$ bits and the number of rounds r. Each round uses a unique subkey; therefore, the total key space is given by

$$K=2^{k\times r}=2^{256r}.$$

For example, a 10-round cipher has a key space of $K=2^{2560}$, while a 16-round cipher has a key space of $K=2^{4096}$. Even the minimum round configuration $(r=8)$ yields a key space of $K=2^{2048}$, ensuring that exhaustive key-search attacks are computationally infeasible. This demonstrates that the proposed encryption algorithm is highly secure against brute-force attacks.

Table 4. Key space estimation for varying rounds of the generated ciphers.

Rounds (r)	Per-Round Key (bits)	Total Key Space
16	256	$2^{4096}$
15	256	$2^{3840}$
14	256	$2^{3584}$
13	256	$2^{3328}$
12	256	$2^{3072}$
11	256	$2^{2816}$
10	256	$2^{2560}$
9	256	$2^{2304}$
8	256	$2^{2048}$

provides the key space estimation for different round configurations.

4. Conclusions

This paper unlocks new avenues for block cipher design research, shifting the paradigm from cryptographer-designed ciphers to computationally generated ones. The proposed model automatically generates block ciphers and their primitives without the direct participation of cryptographers. Although these computationally generated ciphers are not designed by renowned cryptographers, each generated cipher and its primitives are novel and free from existing backdoors, trapdoors, and previously known vulnerabilities. Moreover, the strength of the generated cipher is comparable to that of well-established industry-standard ciphers such as AES, GOST, CLEFIA, Twofish, MARS, Serpent, RC6, DES, CAST-128, Camellia, Blowfish, and ANUBIS.

To evaluate the strength of the generated ciphers, different types of analyses are applied to multiple categories of datasets. These analyses and corresponding datasets follow the evaluation criteria stipulated by the AES competition. In several cases, the generated block ciphers even surpass these standard block ciphers across certain testing criteria while maintaining equivalent security strength in other cases. The primary factor behind this achievement is that every cipher structure, primitive, and step of the proposed model is purely randomized. Furthermore, the implementation of the proposed model is publicly available.

However, the major limitation of the proposed cipher generation model is its reliance on a large number of high-quality quantum random bits to construct its structures and primitives. Since the system depends entirely on the quality of randomness, quantum true random bits are employed. To ensure their reliability and suitability for the model, these bits are rigorously evaluated prior to use through multiple statistical testing frameworks, including the NIST Statistical Test Suite, Diehard tests, TestU01 suite, and entropy-based evaluations.

In future work, the proposed model will be extended toward lattice-based cryptography to explore its applicability in post-quantum cryptographic systems.