Efﬁcient Chaos-Based Substitution-Box and Its Application to Image Encryption

: Chaotic systems are vital in designing contemporary cryptographic systems. This study proposes an innovative method for constructing an effective substitution box using a 3-dimensional chaotic map. Moreover, bouyed by the efﬁciency of the proposed chaos-based substitution boxes’ effectiveness, we introduce a new chaos-based image cryptosystem that combines the adeptness of Gray codes, a non-linear and sensitive hyper-chaotic system, and the proposed S-box. The generated secret key emanating from the cryptosystem is correlated to the input image to produce a unique key for each image. Extensive experimental outcomes demonstrate the utility, effectiveness, and high performance of the resulting cryptosystem.


Introduction
In various graphics applications such as military, medicine, homeland security, etc., advanced image encryption techniques are increasingly needed for the safe transfer, storage, and recuperation of digital images. A well-designed image cryptosystem should meet the two principles: diffusion and confusion [1]. Confusion indicates that all possible traces or information related to the plaintext or key are deleted from the ciphertext. Diffusion indicates that any tiny modification in either the plaintext or the key leads to a huge modification in the ciphertext. The substitution-box (S-box) is a nonlinear unit used in many cryptographic applications to guarantee the confusion characteristic [2]. The diffusion feature can be checked with chaotic dynamical maps. In actuality, chaotic maps have numerous ultimate features, such as ergodicity, sensitivity to primary conditions. They show a random behavior that can cause confusion and diffusion in the plaintext to get secure ciphertext [3].
Recently, various researchers have used chaotic maps in constructing S-boxes and designing image encryption mechanisms [4][5][6][7][8][9][10][11][12][13]. Chaotic systems play an important role in designing S-boxes. For example, Tang et al. [14] presented a different scheme for constructing S-box using a 2D discretized chaotic system, and in [7], a four-step strategy to construct S-boxes using a chaotic system is proposed. In [15], Chen et al. developed the scheme presented in [14] by utilizing 3D Backer system. In [16], Fatih et al. introduced a new method for S-box constructions using chaotic Lorenz map. Furthermore, Khan et al. [17] presented a new S-box construction scheme for block cipher using multi-chaotic maps. A popular characteristic of the above approaches is that they construct S-boxes using only the randomness properties of chaotic systems. This is why we need a new chaotic map with good randomness properties to build strong S-boxes. In [18], Tlelo-Cuautle et al. presented a new 3D chaotic map with infinite numbers of equilibrium points and good effective performance. Based on the advantages of the presented map in [18], we design a new chaos-based S-box that utilizes the randomness property of the chaotic map.
Data security performs a vital task in our daily life, in which chaotic systems are popularly utilized in the development of modern encryption mechanisms [19][20][21]. Based on chaos, several image cryptosystems have been introduced. Most of them are dependent on a one-dimensional or multi-dimensional chaotic system to generate pseudorandom numbers for constructing the cipher image. For example, in [22], a skew tent map is employed to design an image encryption approach, and in [8], a 1D chaotic map is obtained through coupling sine and tent maps, which is then adjusted to encrypt the plain image. Hua et al. in [23] employ a 2D Sine Logistic modulation system to produce an image cryptosystem, and Liu et al. [24] suggest a color image cryptosystem by utilizing a hyperchaotic map and Choquet fuzzy integral. In [9], a chaos-based image block encryption approach is presented using S-box, and Wang et al. [24] suggested an image cryptosystem in the form of block cipher using a chaotic map and dynamic random growth mechanism. In [25], an image cryptosystem based on a 3D cat map is proposed. Although the previous schemes have some good results, they are not enough to raise the effectiveness of potential applications for the image encryption field. Most of them present vulnerabilities [26][27][28].
Based on the presented chaos-based substitution box efficiency, we present a new chaos-based image cryptosystem using Gray code, 3D chaotic map [18], and the proposed substitution box strategy. The provided image cryptosystem can be implemented on both grey-scale and colored images. Experimental outcomes demonstrate that the presented approach posses high performance and security.
To clarify, the main contributions of our study are twofold, as follows: 1.
Designing a new chaos-based S-box and validating its randomness property as required in efficient chaotic maps [18].

2.
Utilising the designed S-box as the fulcrum of a new image cryptosystem that also integrates the Gray code and the chaotic mapping [18] to generate unique encryption signatures with high sensitivity for each image.
This work's organization is as follows: Section 2 gives the preliminary work for the suggested schemes. In Section 3, the new approach of designing the S-box is illustrated, and the criteria for assessing the S-box and the performance evaluation of the suggested Sbox are presented and compared with other chaos-based S-boxes. In Section 4, a new chaosbased image cryptosystem is presented, while its performance evaluations are provided in Section 5. Finally, a conclusion is given in Section 6.

Preliminary Knowledge
This section presents the preliminary knowledge needed for constructing the S-box and designing the image encryption mechanism. In what follows, we provide the preliminary knowledge regarding the chaotic system [18] and Gray code.

3D Chaotic Map
Tlelo-Cuautle et al. [18] introduced a new 3D chaotic map with infinite numbers of equilibrium points and good effective performance, which the following equation can express: where a is the system parameter, and x, y, z are state variables. For more information about the chaotic map, refer to Reference [18]. To present the cryptographic applications of the chaotic system provided in Equation (1), we adjust the system as given in Equation (2).

Gray Code
Gray code is a representation of two consecutive values that should differ in only one bit. This feature has proven useful in many applications. The representation of Gray code can be defined as given in Equation (3).
where denotes the binary right shift, and ⊕ is the binary XOR operation. Table 1 provides an illustrated example of Gray code operation.

Proposed S-box Approach
In this part, we present the new approach of designing the S-box, its performance evaluation, and compared it with other chaos-based S-boxes.

S-box Construction
Chaotic systems perform a vital task in constructing S-boxes. Utilizing the powers of the presented chaotic map in [18], we proposed a new chaos-based S-box that utilizes the randomness property of the chaotic map. The proposed algorithm for producing a new 8 × 8 S-box is described in Algorithm 1.

Algorithm 1: S-box construction
Parameters : Primary conditions and control parameters for acting the 3D chaotic map (x 0 , y 0 , z 0 , a) Output: An 8 × 8 S-box (SBox) 1 [X, Y, Z] ← chaoticSystem(x 0 , y 0 , z 0 , a, 256) // Operate the chaotic map using primary requirements 256 times 2 V ← order(X)// Order the elements in ascending structure 3 SB ← index(V in X) // Get the index of every element of the sequence V in the sequence X 4 SBox ← reshape(SB, P, Q, R) // Remodeling SB sequence into 16 × 16 structure to generate the S-box In this paper, the primary key parameters for acting the chaotic system (2) to generate the stated S-box are given as (x 0 = 0.7486, y 0 = 0.5935, z 0 = 0.6535, and a = 0.6582). The generated S-box by the presented method is shown in Table 2.

Performance Analysis
In [29][30][31], the most important criteria for a strong S-box are presented. These criteria include bijectivety, strict avalanche criterion (SAC), differential and linear approximation probability, and the bit independence criterion (BIC).

Bijective Property
An n × n S-box is bijective when it has all distinct outcome integers in the period [0, 2 n − 1]. From Table 2, our produced S-box has distinct outcome integers in the period [0, 255]. Consequently, the produced S-box fulfills the bijective characteristic.

Nonlinearity Criterion
The non-linearities of the produced S-box and S-boxes displayed in [7,[14][15][16]32] are shown in Table 3. We notice that the average non-linearity given by the suggested approach is superior to that of the S-boxes in Reference [7,[14][15][16] and lower than Wang's S-box [32]. Table 3. Comparison of the non-linearities.

Strict Avalanche Criterion
The dependence matrix of the created S-box is provided in Table 4. The average value of the proposed S-box's dependence matrix is 0.4993, which is very near to the optimal value of 0.5. The maximum, minimum, and average values of our S-box and other S-boxes' dependence matrix are provided in Table 5. The outcomes demonstrate that the generated S-box using our strategy has good SAC features.  Table 5. Comparison of strict avalanche criterion.

S-box
Strict Avalanche Criterion

The Equiprobable Input/Output XOR Distribution
The differential approximation tables for our S-box are listed in Table 9. The differential approximate probability (DP) of the presented S-box is 0.039062, demonstrating that the presented method is secure against differential attacks. The PDs of other S-boxes are provided in Table 10, in which our S-box has an acceptable DP value compared to other S-boxes.  Table 10. Differential approximate probability (DP) comparison.

Linear Approximation Probability (LP)
The probability of linear approximation for the compared S-boxes is given in Table 11. Obviously, our S-box has an LP value of 0.1250 and is comparable with the value of other S-boxes. Consequently, the proposed S-box has acceptable LP characteristics. Table 11. A comparison of Linear approximation probability (LP).

Discussion
From the above performance evaluations of our S-box compared with prior S-boxes, we can conclude that: 1. Table 2 demonstrates the bijective feature of our proposed S-box. 2.
From Table 3, we can notice that our S-box have good performance compared to prior S-boxes in References [7,[14][15][16].

3.
The average value of BIC-SAC for the proposed S-box is 0.5030, which is very near the optimal value. 4.
The maximum DP value, Table 10, is acceptable.

5.
The LP value of our S-box, Table 11, is acceptable.

Proposed Encryption Approach
In this part, we present a new image cryptosystem based on S-box, 3D chaotic system (2), and Gray code. In the substitution phase, the presented S-box in Section 3 is utilized to demonstrate its fitness for various cryptographic applications.

Encryption Process
The detailed steps of the encryption process for the presented cryptosystem are outlined in Figure 1 and defined in Algorithm 2.  Algorithm 2: Encryption procedure Input: Plain-image (PlainIm) Parameters : Primary conditions and control parameters for iterating the 3D chaotic map (x 0 , y 0 , z 0 , a) Output: Cipher-image (CipherIm) and δ (a value used to update the initial conditions) 1 [P, Q, R] ← size(PlainIm)// Obtain the dimensional of PlainIm 2 GrayIm ← grayCode(PlainIm)// Perform the Gray code described in Eq.

Decryption Process
The decryption process consists of applying the encryption steps in reverse order. The proposed algorithm is symmetric; i.e., the same secret key is used at the reception to decipher the encrypted images correctly. Thus, the secret key of (2) and the parameter δ must be transferred to the receiver using a secure exchange like the Diffie-Hellman key exchange. The steps of the decryption process are illustrated in Figure 2 and detailed in Algorithm 3.

Performance and Security Analyses
In this part, various analyses are employed to evaluate the security and performance of the suggested encryption scheme. A dataset of images taken from Kodak [33] of dimension 512 × 768 were employed to evaluate the proposed cryptosystem (see Figure 3).
The primary values and control parameter for acting the 3D chaotic map (2) are given as (x 0 = 0.7486, y 0 = 0.5935, z 0 = 0.6535, and a = 0.6582). These simulation results were obtained using Matlab software, which was performed on an Intel Core i5-2450M 2.5 CPU with 6 GB RAM.

Key Space Analysis
The key space is defined as the whole set of keys employed throughout the encryption process. It must be amply large to make brute-force attacks ineffective. The key space of the proposed cryptosystem consists of the initial conditions (x 0 , y 0 , z 0 , a) of (2). The computational precision of digital computers is assumed to be 10 −16 . The possible values of x 0 are 10 16 , as are the values of y 0 , z 0 , and a. Therefore, the proposed scheme holds a 10 64 ≈ 2 213 key space, which is enough to defend against potential brute-force-based attacks.

Statistical Analysis
In this part, various statistical analyses are utilized to evaluate the performance of the suggested cryptosystem, including correlation analysis, histogram analysis, global entropy, and local entropy.

Correlation Analysis
The correlation of neighboring pixels in the original images and their ciphered ones are displayed in this subsection. It is understood that the values of correlation for original images are very near to 1, whilst encrypted images with a good encryption mechanism are very near to 0. The correlations among each pair of two neighboring pixels can be measured as follows: where x i and y i are gray-scale values of two selected adjacent pixels, and N is the complete number of pairs (x i , y i ) collected from the image. The correlation coefficients of 10,000 randomly selected pairs of neighboring pixels in the original image and its encrypted ones are provided in Table 12. The correlation coefficients of original images are close to 1, whilst those of ciphered images are approximately equal to 0. Then, the adjacent pixels in the encrypted image are de-correlated in each direction. This feature is displayed graphically in Figures 4-6, which contains plots of the correlation distributions in each direction of the original Houses image and the Cipher-Houses image for each color component.
Consequently, the presented encryption scheme fulfills zero correlation, and it has a high privilege towards statistical attacks.

Histogram Analysis
The histogram exposes the intensity of the grey level of an image. This information can be beneficial in the event of a histogram attack with an uneven distribution. Images created using a well-designed image cryptosystem should have identical histograms to increase resistance to statistical analysis. Histograms of plain images and their ciphered ones are shown in Figure 7. Obviously, the histograms of the ciphered images are somewhat identical and differ significantly from the corresponding plain images. Therefore, we can deduce that the suggested encryption mechanism can withstand histogram attacks.

Global Entropy
Information entropy is a statistical examination of randomness. The entropy value can be measured as given in (5).
where p(x k ) denotes the appearance probability of each symbol x k . The optimal entropy value (i.e., log 2 (2 8 ) = 8 bits) is achieved if all the pixels appeared with equal probability, which implies that the pixel distribution is identical. The entropy values of experimented images are given in Table 13, in which the entropy values for the presented cryptosystem are approximately equal to 8. Thus, the presented image cryptosystem has the ability to withstand entropy attacks.

Local Entropy
The global entropy is the average amount of information, so it does not reflect the randomness within each region of the image; i.e., the insufficiency of randomness inside some local regions of the image may be hidden. Therefore, it is recommended to apply another entropy analysis that works at the block level, namely, the local entropy [34]. The local entropy computation is conducted following the steps reported in [34]. The local entropy outcomes are listed in Table 14, where the entropies are very close to the optimal empiric value 7.9024693 [34].

Sensitivity Analysis
A well-designed cryptosystem must present a very high sensitivity of the ciphered image to slight modifications in either the key or the plain image. In this part, we present the suggested cryptosystem sensitivity analyses, including key sensitivity and plaintext sensitivity.

Key Sensitivity
A robust encryption scheme always warrants a high sensitivity to the secret key. That is, any slight change in such a key would provide a diametrically different encrypted image. Figure 8 shows the outcomes of key sensitivity for the proposed image cryptosystem, in which it demonstrates a high sensitivity to the secret key. Consequently, the proposed cryptosystem is extremely sensitive to tiny changes in the secret key.

Plaintext Sensitivity
Like the key sensitivity, the plaintext sensitivity measures the rate of changes in the ciphertext when inducing a slight alteration to the plaintext. In this regard, two well-known quantitative tools were used: unified average changing intensity (UACI) and the number of pixel change rate (NPCR). We performed NPCR to calculate the number of different pixels between two ciphered images encrypted with one key and differing only in one bit of the plain image. Whereas the UACI criteria provide the average intensity variation. The NPCR and UACI are represented in (6) and (7), respectively.
where W is the complete number of pixels in the image and φ(i, j) is obtained as: where, F 1 and F 2 are two ciphered images; the (i, j)th pixel of F 1 and F 2 are indicated as F 1 (i, j) and F 2 (i, j), respectively; and n is the number of bits utilized to form a greyscale pixel value. The results of NPCR and UACI values are provided in Table 15. It can be observed from Table 15 that all of the NPCR values are over than 99.6%, which confirms the high sensitivity of the encryption method, and UACI values for all experimented dataset are very near to 33%, which verifies that the degree of influence is very high. Accordingly, the proposed cryptosystem is immensely sensitive to minor changes in the original image, and no valuable information can be deduced from the algorithm.

Robustness Analysis
When transmitted over a communication channel, the encrypted images are susceptible to data losses, which causes degradations in the quality of the decrypted images. Furthermore, the transmission channels are noisy, and the encrypted images are susceptible to noise-based attacks. In this part, we present the robustness analyses of the suggested cryptosystem, including occlusion attack and noise attack.

Occlusion Attack
An occlusion attack generally tests an encryption scheme's ability to retain the original image's features when the corresponding encrypted image is subjected to a loss of information. Figure 9a-d depict the encrypted images of Lighthouse under data losses of (a) 6.25%, (b) 12.5%, (c) 25%, and (d) 50%, respectively. Their decrypted images are displayed in Figure 9e-h, respectively. Although half of the encrypted image information is lost, the corresponding decrypted image reserves enough visual information of the original image. As a result, the proposed cryptosystem can resist occlusion-based attacks.

Noise Attack
A strong encryption scheme should not be concerned with such noises. To check the robustness of the proposed cryptosystem to noise-based attacks, the encrypted image of the Lighthouse is tainted by the salt and pepper noise with several densities. The corresponding decrypted images are displayed in Figure 10. It is shown that the image maintains the original image's features, although the noise density is set to 0.3. Therefore, the proposed cryptosystem exhibits strong immunity against noise-based attacks.

Known-Plaintext and Chosen-Plaintext Attacks
The main task of cryptanalysis is to recover the entire secret key or some parts of it to completely or partially decipher the ciphertexts produced by a given encryption scheme. Moreover, in some attack scenarios, the attacker can retrieve the correct plaintext from a given ciphertext without needing the secret key. Indeed, he/she tries to find any similarities between plaintexts and ciphertexts. According to how the cryptanalyst performed such a search, four different attacks are presented and listed here from the hardest to the easiest attacks: the ciphertext-only attack, the known-plaintext attack, the chosen-plaintext attack, and the chosen-ciphertext attack. Among these attacks, the known-plaintext and chosen-plaintext attacks are considered the powerful ones, and if an encryption scheme can withstand them, it can resist the other attacks as well. In the proposed cryptosystem, the secret key is fully correlated to the input image, which leads to a unique key for each different image. Accordingly, the cryptanalyst cannot establish any link between plaintext/ciphertext pairs. The proposed cryptosystem has the power to hold facing known-plaintext and chosen-plaintext attacks.

Comparative and Speed Analysis
To appraise our image cryptosystem's performance, its experimental outcomes are compared to other related encryption schemes. Table 16 provides a comparison analysis, proving our encryption mechanism's high performance. Apart from performance and security evaluations of the presented approach, a speed performance is also needed. Table 17 provides the speed performance of our cryptosystem and the competitive image cryptosystem for various sizes of grey-scale of images as reported in [35]. Tables 16 and 17 confirm the supremacy of our cryptosystem alongside those related image cryptosystems.

Conclusions
A new approach to building a strong S-box using a 3D chaotic map was presented in this paper. The performance results show that the presented S-box has better cryptographic features than prior S-box approaches. Furthermore, a new chaotic-based image cryptosystem using the proposed S-Box and Gray code was introduced. It employs a key generation process that relies on the input image and acts as its signature to make high key sensibility. Various numerical and simulation methods were used to analyze the performance of the proposed image encryption approach. We will focus on designing a new video encryption scheme using the presented S-Box, chaotic maps, and Gray code in the near future.

Conflicts of Interest:
The authors declare no conflict of interest.