A New Modified MARS Cryptosystem Based on Niho Exponent with an Enhanced S-Box Generation

Abstract

As an essential cryptological element, symmetric-key block ciphers have long been utilized to offer information security. Even though they were created to provide data confidentiality, their adaptability grants them to be utilized in the creation of various cryptological techniques, including message authentication protocols, hash functions, and stream cryptograms. MARS is a symmetric shared-key block cryptosystem that supports 128-bit blocks and keys with sizes ranging from 128 to 448 bits. The cryptographic cores of MARS come in a variety of rounds, each constructed to take benefit of the robust outcomes in order to enhance security and performance over earlier ciphers. The MARS cipher is given a new function in this work that uses the operations ROT, XOR, NOP, INV, hash 512, Quotient, and MOD for improving the technique of the cipher. The goal of our modification is attaining a superior confusion level whilst retaining the MARS cryptosystem’s differential and linearity aspects.

1. Introduction

Cryptography is a modern encryption technology made up of a variety of mathematical processes requiring the application of formulas and algorithms. It was created to safeguard the confidentiality of military and diplomatic communications. A new market for cryptographic products has emerged as information technology and encryption science have advanced rapidly [1]. While the internet is currently being utilized to speed up the movement of huge amounts of critical and valuable data, these data must be protected from unauthorized access due to the internet’s multiple attack vectors [2]. To secure data from illegal access, many data protection techniques are used, including masking, watermarking, and encryption. Effective security technology is required to protect consumers’ sensitive digital data [3].

Cryptography is one of the most widely used and trusted methods of protecting digital data in computer and communication networks. Many various image encrypting systems, such as RSA, the International Data Encryption Algorithm, and the Data Encryption Standard, have been proposed to achieve this objective. However, owing to a variety of inherent image properties, such as increased redundancy and data capacity, which have been problematic for conventional encryption, such conventional systems do not appear to be optimal for image applications. Furthermore, numerous encryption algorithms necessitate additional operations on compressed image data, necessitating a lengthy computation time and a large amount of computational power.

Network security is to defend networks and their applications from intrusions while preserving the availability, confidentiality, and integrity of data. We take into account a variety of elements in our innovative system. (1) Confidentiality: In order to make information confidential, it is updated in a way that makes it impossible for an attacker to deduce the information. Through the use of encryption methods, it is accomplished. (2) Authentication: In order for a pair of interacting entities to prove their identification, the authentication component of security services is necessary. In essence, the authentication service works to verify the identity by ensuring that a secret is shared by all parties involved. (3) Integrity: Data integrity refers to the necessity for assurance that only authorized parties can change the message. The message is safeguarded from being altered by the attacker by being encrypted to some extent.

This article introduces a new modified MARS cryptosystem based on a new S-box generation and Niho exponent. Images were not encrypted using the MARS technique because the repeated letters in the plaintext would result in a non-flat histogram graphic. However, we can encrypt images in our newly modified Mars system, circumventing the MARS cryptosystem’s weak areas. The following list highlights the paper’s significant contributions:

• The novel system uses the SHA-512 algorithm to generate a secret key used in S-box generation to ensure that the S-box was totally dependent on every bit in the secret key.
• The subkeys generation is modified by using the Niho exponent, which is subset of Boolean bent functions. This base property of bent functions is used for protecting ciphers against linear cryptanalysis.
• After each cipher block, different rotations for S-boxes are selected based on the hashed key’s array to overcome the letter repetition problem.
• The ciphertext is mainly diffused after encrypting every plaintext block with the bitwise exclusive-OR operation so we guarantee that the ciphertext mix together.
• We perform an “image diffusion” step that makes randomization in the image so that if one pixel changes, it will have a large effect on the output of the diffusion step.

The entire algorithm is tested for image and text to attain a satisfactory level of security by the performance analysis test to improve the security level. The main innovation points of this paper are:

• Overcoming the letter repetition problem (this problem will cause the histogram to not be flat).
• Making high randomization in the image so that if one pixel will change so it will affect the whole image, and if we encrypt the same image with one pixel change it will cause a different ciphertext to be obtained.
• Making a generation of subkeys robust against linear and differential attacks by using the Niho exponent function.

The article is planned as follows: Section 2 presents the related work, Section 3 reviews a brief explanation for the MARS system, and Section 4 discusses the proposed algorithm, while Section 5 delivers numerical simulation results. Section 6 examines the proposed scheme’s performance. This article is concluded in Section 7.

2. Related Work

In 2007, The MARS method was subjected to diffusion analysis using first order SAC and higher order strict avalanche criteria in this work. The findings provide valuable information into the MARS spreading behavior and it can be used to develop novel encryption techniques [4]. In the year 2013, [5] Ahmed H. et al. suggested a Metamorphic-Enhanced MARS Cipher that improves on the MARS cipher by incorporating high confusion while keeping the linear and differential diffusion criteria intact. The encrypted key is used to generate the sub-keys after the user key has been encrypted. The meta-MARS encryption function is built using the MARS encryption cipher’s four low-level operations. The operation selection bits can be any two sub-key sequential bits. In the same year [6], Mansoor E.et al. published a study in which they offered a detailed examination of symmetric block encryption methods based on various factors. The main goal was to examine the performance of the most popular symmetric key algorithms in terms of authentication, flexibility, reliability, robustness, scalability, and security, as well as to highlight the major flaws of the algorithms in question, making the strengths and limitations of each algorithm transparent for application. Moataz M. et al. published a metamorphic-enhanced function in 2014 [7] that is used before and after the cipher process to improve the MARS cipher process, with plaintext as an input to the meta-MARS function. The metamorphic function uses four logical-level operations to encrypt the text before and after the ciphering process. These operations include XOR, INV, ROR, and NOP. In [8], different bitmap pictures are encrypted with RC6 and MARS; Yi Yi Aung et al. introduced in this paper visual inspection and various encryption techniques that are used to assess the quality of the encrypted images. Later, Nian Li et al. [9] addressed several research challenges related to Niho exponents and reviewed some recent advances in the application of Niho exponents in this study. Where Niho exponents were also used to discuss some unresolved problems in the areas of sequence design, coding theory and cryptography. Lately in 2021, Alibek N. et al [10] published an unbiased analysis of the most popular and widely used data encryption methods. The ability to protect data from various attacks, as well as the amount of time it takes to encrypt data, are the major characteristics that distinguish encryption algorithms. The most widely used symmetric encryption algorithms, such as DES, 3DES, Blowfish, MARS, and AES, were compared. Recently in 2022 [11], Qian LIU employed over finite fields with even characteristic two modules of permutation polynomials using Niho exponents. The algorithms employed in [5,7] were not used for image encryption, as they did not offer a solution to the repetition issue that prevents the histogram from being flat; moreover, they did not offer any changes to the key generation process. Subkeys for the MARS cryptosystem that have prolonged runs of ones or zeros could make MARS vulnerable to effective assaults [12]. When using round keys for multiplication, the two least significant bits are always set to one. Thus, regardless of the subkey, there are always two inputs that remain unchanged during the multiplication process, and there are also two outputs that remain fixed. MARS can be broken in 21 out of 32 rounds using a meet-in-the-middle attack that John Kelsey and Bruce Schneier published in 2004 [13]. In order to overcome these drawbacks of earlier systems, the authors proposed a novel algorithm for image encryption.

3. Background Review

3.1. The Niho Exponent

The bent function class is a subset of Boolean functions that achieve the highest level of nonlinearity attainable. These functions are essential in cryptology and coding theory [14]. As a result, the presence of bent functions is a well-known issue. When it comes to the polynomial form, monomial bent functions of the type:

$$T{r}_1^n(a{x}^s)$$

(1)

are being investigated by [15] and the whole monomial bent functions are identified if n ≤ 20. After achieving this point, the community began to focus on the binomial bent functions of the following type [16]:

$$T{r}_1^n(a_1{x}^{s_1})+T{r}_1^k(a_2{x}^{s_2})$$

(2)

Let $f: F_{2^n}\to F_2$ be a Boolean function such that $f\left(x\right)=T{r}_1^n\left(a{x}^s\right)$ for a given positive integer s and for some $a\in F_{2^n}$ [17]. Functions of this form are called monomial functions. The exponent s is said to be a bent exponent if there exists $a\in F_{2^n}^{*},$ such that $T{r}_1^n\left(a{x}^s\right)$ is bent [18]. In order for $f$ to be bent, the following two conditions should be satisfied [19]:

(1)

$gcd\left(s,2^n-1\right)\ne 1$

(2)

$either gcd\left(s,2^{\frac{n}{2}}+1\right)=1$ or $gcd\left(s,2^{\frac{n}{2}}-1\right)=1$

Proven by computer experiments that there is no other exponent s for $n\le 20$ [20]. These bent functions are analyzed in [21], where conditions of the existence of bent functions are provided for certain parameter values n, k, s₁, and s₂. [22].

Binomial Bent Functions

Over the years, monomial bent functions have been thoroughly researched [23], and all bent exponents for n $\le$ 20 have been determined. Finding a new exponent s for n > 20 is extremely difficult because the search primarily relies on computer experiments, hence Equation (1) does not belong to any of the structures. As a consequence, the community began searching for bent functions containing multi tracing terms, with binomial functions as the first step. Ref. [24] made the first investigations in identifying binomial bent functions, demonstrating that Equation (2) is bent with Niho exponents s₁ and s₂. Consider that a Niho exponent is a positive integer s (generally considered modulo $2^n-1$) as well as $x^s$ is a Niho power function if the constraint of $x^s$ to $F_{2^m}$ is linear, or in other terms $s\equiv 2^j\left(mod 2^m-1\right)$ for certain j < n. Dobbertin et al. explored the bent property of binomials with the next Equation (3) and came up with the following bent Niho exponents

$$F(x)=T{r}_1^n(a_1{x}^{s_1})+T{r}_1^n(a_2{x}^{s_2})$$

(3)

where $a_1, a_2\in F_{2^{2m}}$ satisfying ${\left(a_1+a_2{}^{2m}\right)}^2=a_2{}^{2^m+1}$ and $s_1=\frac{1}{2}\left(2^m-1\right)+1$, and $s_2=\frac{1}{6}\left(2^m-1\right)+1$ where m is even.

3.2. Description of the MARS Cryptosystem

MARS is a shared-key block cipher with a 128-bit block size and a 128-bit key size. It was created to satisfy and exceed the specifications for a shared-key encryption standard. It generates 4/32-bit decrypted words of data named A’, B’, C’, and D’. [25] from 4/32-bit plaintext words of data named A, B, C, and D. All internal operations are conducted on 32-bit words, making the cipher word-oriented. MARS is a three-phase Feistel network of type three. Figure 1 shows a 16-round “cryptographic core” phase wrapped up within a double layer of eight rounds of forward/backwards mixing.

MARS allows user keys ranging in length from 4 to 14 words (128 to 448 bits). For the encoding procedure, MARS employs key expansion technique for expanding the key of the user into a key array K[] comprised of 40 words, as shown in Figure 2. Three steps make up the essential expansion process. The first phase is linear expansion, which employs a simple linear transform to expand the original user-supplied key to forty 32 bits. While the second phase utilizes “S-box based key stirring,” which uses a type 1 Feistel structure to stir the extended key. In a multiplication keyword modification step, the keywords utilized in the ciphering/deciphering processes of multiplying are examined. MARS likewise uses a table of a single S-box with bit words 512-32. This S-box is also utilized in the process of the key expansion. The S-box is split up into two tables, each with 256 entries: S0 and S1.

The MARS Framework

Figure 3 shows the six levels that a plaintext block should pass through to produce an encrypted block [13]. These levels are as follows:

a.

Pre-Whitening Level: The plaintext’s words have 128 bits of key material modulo 2³² added to them.

b.

Forward Mixing Level: An unkeyed mixing procedure consisting of eight rounds utilizing the MARS S-box extensively.

c.

Forward Core Level: A keyed unbalanced Feistel encryption of eight rounds, which resists cryptanalytic assault by combining S-box lookups, data-dependent rotations, multiplications, xors, and additions.

d.

Backward Core Level: A keyed unbalanced Feistel encryption of eight rounds, which resists cryptanalytic assault by combining S-box lookups, data-dependent rotations, multiplications, xors, and additions.

e.

Backward Mixing Level: An unkeyed mixing operation of eight rounds utilizing the MARS S-box extensively.

f.

Post-Whitening Level: A key material of 128bits have been withdrew from the block’s words modulo 2³².

4. Proposed Cryptosystem:

An innovative method is introduced to eliminate the pixel correlations, increase the value of entropy, and accelerate the avalanche effect. Plaintext and image encryption are both possible with the improved MARS. Figure 4 depicts the suggested encryption scheme’s flow chart.

Table 1. List of mathematical symbols.

+:	Addition.
⊕:	Xor.
Length:	Gives the number of elements in expr.
Partition:	Partitions list into sub-lists of length n.
FromDigits:	Takes the digits to be given in base b.
Rotateleft:	Cycles the elements in expr n positions to the left.
Transpose:	Transposes the first two levels in list.
Quotient:	Gives the integer quotient of m and n.
Imagedata:	Gives the array of pixel values in an image.

shows a list of mathematical symbols used in the paper. Furthermore,

Table 2. List of abbreviations.

$\mathrm{hash}\_\mathrm{key}$:.	The key hashed by using SHA3- 512.
$\mathrm{E}\_\mathrm{hash}\_\mathrm{key}$:	The expanded hash_key to 512 bit.
$rotated\_array:$	The array that will cause the S-boxes to rotate with different values.
Index:	The address of element that is located in the rotated array.
num_of_subblocks:	The subblocks of ciphertext.
no_of_part1:	The number of the parts that XORed with the other two parts in ciphertext.

demonstrates a list of abbreviations.

In our new system, the key expansion process is the same as MARS except the part of the mask to modify the multiplication subkeys. We modified it by using the Niho exponent. In our novel scheme, we intend to establish a strong relationship between S-box and the user key.

We modify the S-box used in the MARS system by mixing it with the secret key. The encryption process for our novel scheme has the same encryption steps as MARS. We modify the S-box part to get different rotations after every step. In addition, we introduce the image diffusion step at the beginning of the encryption scheme and after the forward mixing, cryptographic core, and backward mixing to ensure that by changing one pixel it will affect a significant change for the whole image. Finally, we use the Xor operation to merge the whole ciphertext with each other to make a strong relation between the plaintext and the ciphertext, as if only one pixel changes, the ciphertext will totally change.

4.1. Proposed Keyed S Box

In our novel scheme, we intend to establish a strong relationship between the S-box and the user key, as well as a strong association between rounds and the S-box by making each round have a distinct S-box, so that even if we duplicate the plaintext, we will obtain a distinctive ciphertext. The following is a description of the operating procedure:

Step 1: Using the “SHA3-512” algorithm to produce 512 bits of the secret key.

Step 2: Expanding the hashed key to a 512-word array by rotating the hashed key by the number 17. We use the number 17 because it cannot be divided by 512; as a result, we guarantee that the array cannot be repeated.

$$\begin{array}{l}hash\_key=Hash[key,SHA3- 512]\\ For[i=0,i<32,i++,\\ hash\_key=rotateleft[hash\_key,17]\\ E\_hash\_key=\{E\_hash\_key,hash\_key\}\\ ]\\ E\_hash\_key=partition[\hspace{0.17em}E\_hash\_key,32]\end{array}$$

(4)

Step 3: Merging the expanded hashed key with S-box by XOR operation.

$$S\_box=bitxor[E\_hash\_key,S\_box]$$

(5)

Step 4: We calculate the values of “the rotated array” using the hashed key values, which will cause the S-boxes to rotate with different values. After encrypting each message’s block, we rotate the S-box, S-box1, and S-box2 using the values in the “rotated array.” As a result, while encrypting another block of message, we will have a new arrangement for S-box, S-box1, and S-box2, resulting in a strong relationship between the ciphertext and key because we will have different ciphertext even if we enter the same block of data.

$$\begin{gathered} rotate\_array=\left\{ \right\} \\ rotate\_array=partition \left[hash\_key,4\right] \\ For[i=0,i<Length\left[rotated\_array\right],i++, \\ rotated\_array\left[i\right]=FromDigits\left[rotated\_array\left[i\right],2\right]] \end{gathered}$$

(6)

4.2. Key Expansion Process

In our new system, the key expansion process is the same as MARS except the part of the mask to modify the multiplication subkeys. The material of the original key is first duplicated into a 15-word temporary table T[], proceeded by the number of words n, then zeroes. We did this by establishing:

$$T\left[0\dots n-1\left]=k\right[0\dots n-1\left]; T\left[n\right]=n; T\right[n+1\dots 14\right]=0$$

(7)

The following method is then performed four times, with each iteration computing the expansion key’s next ten words:

• The subsequent linear function is utilized to transform the array T[]:

  $$\mathrm{For} i=0\dots 14; T\left[i\right]=\left(\left(T\left[i-7 mod 15\right]\oplus T\left[i-2 mod 15\right]\right)<<<3\right)\oplus \left(4i+j\right)$$

  (8)
• The array T[] is then stirred via four rounds of Feistel networks of type 1. We replicate the process four times in total.

  $$T\left[i\right]=\left(T\left[i\right]+S\left[low 9 bits of T\left[i-1 mod 15\right]\right]\right)<<<9; i=0; 1;\dots : 14$$

  (9)
• Later, ten words are taken from T[], then rearranged into the extended key array’s following ten words, K[]. This is accomplished by establishing

  $$K\left[10j+i\right]=T\left[4i mod 15\right]; i=0; 1;\dots ; 9$$

  (10)

  and using the relation:

  $$F(x)=T{r}_1^n(a_1{x}^{s_1})+T{r}_1^n(a_2{x}^{s_2})$$

  (11)

  where $a_1, a_2\in F_{2^{2m}}$ satisfying ${\left(a_1+a_2{}^{2m}\right)}^2=a_2{}^{2^m+1}$ and $s_1=\frac{1}{2}\left(2^m-1\right)+1$, and $s_2=\frac{1}{6}\left(2^m-1\right)+1$ where m is even equal.
• We choose secret value $“ a_2”$ and calculate the secret value $“a_1”$ Then we convert the expanded key array into the polynomial array and applied it into the relation

  $$F(x)=T{r}_1^n(a_1{x}^{s_1})+T{r}_1^n(a_2{x}^{s_2})$$

  (12)

  where:

  $$T{r}_k^n(x)=x+x^{p^k}+......+x^{p^{k(n/k-1)}}$$

  (13)
  After we execute the trace function, we convert the function back into the binary array.
• Finally, we partition the function into subkeys.

4.3. Encryption Process

In our new system, the encryption process is the same as the MARS cryptosystem; however, we add a few steps that make the whole ciphertext depend on itself and on the secret key, which implies that, by changing one bit in the plaintext or the secret key, it will cause a changeover for the whole ciphertext. The encryption process is shown in Figure 5 and is described as follows:

At the first step: Before we make the forward mixing rounds, we calculate the index factor that we use to rotate the S-box. We set the initial value of the index factor (index) to zero. After we encrypt the first sub-block from the plaintext, the index factor (index) will increase by one. The value of the index factor is the address of the element that is located in the rotated array. This element will cause the S-box to rotate left by its value; then, we increase the number of (index) by one and we get the address of another element located in the rotated array. This element will cause the S-box1 to rotate left by its value. Finally, we increase the number of (index) by one and we get the address of the element located in the rotated array. This number will cause the S-box2 to rotate left by its value. This step will be repeated for the two other phases.

$$\begin{array}{c}\mathrm{indx}=0;\\ \mathrm{n}=\mathrm{num}\_\mathrm{of}\_\mathrm{message} \mathrm{blocks}\\ \mathrm{For}[\mathrm{i}=1, \mathrm{i} \le \mathrm{n}, \mathrm{i}++,\\ \mathrm{For}[\mathrm{j}=1, \mathrm{j} \le \mathrm{num}\_\mathrm{of}\_\mathrm{round}, \mathrm{j}++,\mathrm{encryption} \mathrm{steps}]; index=Mod[index+\\ 1,Length \left[rotated\_array\right]]\\ Sbox=\mathrm{RotateLeft}\left[\mathrm{Sbox} ,rotated\_array\left[index\right]\right];\\ index=Mod\left[index+1,Length \left[rotated\_array\right]\right]\\ Sbox1=\mathrm{RotateLeft}\left[\mathrm{Sbox}1 ,rotated\_array\left[index\right]\right];;\\ index=Mod\left[index+1,Length \left[rotated\_array\right]\right]\\ Sbox2=\mathrm{RotateLeft}\left[\mathrm{Sbox}2 ,rotated\_array\left[index\right]\right]\\ ];\\ index=Mod\left[index+1,Length \left[rotated\_array\right]\right]\\ Sbox=\mathrm{RotateLeft}\left[\mathrm{Sbox} ,rotated\_array\left[index\right]\right];\\ index=Mod\left[index+1,Length \left[rotated\_array\right]\right]\\ Sbox1=\mathrm{RotateLeft}\left[\mathrm{Sbox}1 ,rotated\_array\left[index\right]\right];;\\ index=Mod\left[index+1,Length \left[rotated\_array\right]\right]\\ Sbox2=\mathrm{RotateLeft}\left[\mathrm{Sbox}2 ,rotated\_array\left[index\right]\right];;\end{array}$$

(14)

At the second step: We divide the ciphertext into three parts of blocks, we first evaluate the number of sub-blocks in each part by dividing the total number of the message’s blocks by three.

$$\mathrm{num}\_\mathrm{of}\_\mathrm{subblocks}=\mathrm{Quotient}\left[\mathrm{Length}\left[\mathrm{message}\right],3\right]$$

(15)

Then, we evaluate the number of the parts that XORed with the other two parts {in this step we depend on index factor (index)}.

no_of_part1 = Mod [index,3]

(16)

Final step: Mixing the chosen part, which is determined by the index factor (index) with the other two parts.

4.4. Image Diffusion

R, G, and B are the three primary components of any colorful image. In order to obtain better randomness, we perform “image diffusion”. In this step, we use simple operations “Xoring and rotate left”. We perform the following program for every component:

$$\begin{array}{c}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}Image=dataimage\left[Image\right]\\ Image=Transpose\left[Image\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For[i=0,i<\frac{row}{2},i++, Image\left[i\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}=BitXor\left[Image\left[i\right],Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\right]]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For\left[i=0,i<row,i++, Image\left[i\right]=RotateLeft\left[Image\left[i\right],i\right]\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For[i=0,i<\frac{row}{2},i++, Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}=BitXor\left[Image\left[i\right],Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\right]]\\ Image=Transpose\left[Image\right]\\ Image=Transpose\left[Image\right]\\ For\left[i=0,i<\frac{row}{2},i++, Image\left[i\right]=BitXor\left[Image\left[i\right],Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\right]\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For\left[i=0,i<row,i++, Image\left[i\right]=RotateLeft\left[Image\left[i\right],i\right]\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}For[i=0,i<\frac{row}{2},i++, Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\\ \hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}\hspace{0.33em}=BitXor\left[Image\left[i\right],Image\left[\left(2\ast \frac{row}{2}\right)+1-i\right]\right]]\\ Image=Transpose\left[Image\right]\end{array}$$

(17)

These steps will be performed after forward mixing, cryptographic core, and backward mixing. Figure 6 illustrates how the image diffusion step makes randomization in the image.

4.5. Decryption Process

In our novel scheme, its decryption process is the inverse of the encryption process, and the decryption code is similar to the encryption code, so the novel scheme is secure against chosen ciphertext attacks as against chosen plaintext attacks. For the image diffusion step also, its decryption code is the same as the encryption code because we only use XOR operations. The S-box in the decryption process will be rotated to the right by the same manner as in the encryption process to get the same values in each step.

5. Simulation Results

Wolfram Mathematica 13 has been used to simulate and test the novel MARS approach that has been proposed. The tremendous mathematical and computational capabilities of the Wolfram Language are fully integrated with the built-in support for programmatic and interactive image encryption. The simulated environment was created using an Intel Core i5 processor running at 2.7 GHz, 8 GB of memory, and Windows 10.

The algorithm is applied to the images of Lena, Pepper, Tigers, and Nature. The suggested symmetric encryption and decryption system is implemented using the ‘Mathematica 13’ program. Figure 7a shows the original plain images with a size of 512 × 512 pixels. The components “RGB” of the matching cipher image are created using the encryption procedure, as shown in Figure 7b. Then, using the proper secret key, we decrypted the cipher image in Figure 7b to obtain the perfectly reconstructed image in Figure 7d. Figure 7c shows the histograms of the plain images. The pattern of the cipher image is noise-like and unrelated to the original plain image, as shown in the Figures. The image that was retrieved is flawlessly restored.

6. Performance and Security Analysis

6.1. For Plaintext

6.1.1. Avalanche Effect

The avalanche effect is the changing in the number of bits in the cipher text as one bit of the plaintext or one bit of the secret key changes. Any encryption technique should have the property that a smear change in the plaintext or key would yield a major change in the ciphertext [26]. If the modifications are minor, this could minimize the size of the plaintext or key space that needs to be searched, making cryptanalysis much easier. The avalanche effect can be determined as follows:

$$Avalanche Effect=\frac{No. of flipped bits in the ciphered text}{No. of bits in the ciphered text}\times 100\%$$

(18)

In this case, we take four plaintexts, where two of them are normal messages while the other ones are of a repeated letter “e”. The effect of avalanche is computed by toggling one bit from everyone in different positions. Then, we compute the avalanche effect by toggling the user’s key in various positions. After computing the avalanche effects as indicated in

Table 3. The effect of avalanche.

Plaintext	Length of Plaintext in Bits	Changing Plaintest’s 1st Bit		Changing Plaintext’s Last Bit		Changing Plaintest’s Middle Bit
		MARS	Proposed	MARS	Proposed	MARS	Proposed
1st Case	128	47.5%	52.34%	50%	52.78%	49%	50.17%
2nd Case	128	46%	51.2%	50%	50.31%	48%	50.8%
3rd Case	1024	0.04%	53.5%	0.04%	54.3%	0.03%	54.5%
4th Case	1024	0.11%	52.6%	5.9%	52.8%	0.03%	52.5%
Plaintext	Length of plaintext in bits	Changing key’s 1st bit		Changing key’s last bit		Changing key’s middle bit
		MARS	Proposed	MARS	Proposed	MARS	Proposed
1st Case	128	49.9%	50.1%	49.9%	50.2%	50%	50.3%
2nd Case	128	47.4%	53.125%	49.8%	51.56%	46%	53.2%
3rd Case	1024	34.4%	50.2%	45.3%	50.1%	45.3%	50.2%
4th Case	1024	49%	50%	50%	50.3%	51.2%	51.5%

, the following results have been obtained:

6.1.2. Language Statistics

Entropy is a statistical metric that determines how much information is created on average for each letter in a text. The amount of limitation placed on a text in the language due to its statistical nature is measured by redundancy. Shannon proposed a new method for estimating a language’s entropy and redundancy. If the ciphertext of a cryptosystem has a flat distribution, it is deemed unbreakable against statistical examination. Figure 8 depicts the statistics of the plaintext for the utilized file, MARS ciphertext statistics, and the strength of the new suggested system.

6.1.3. NIST Statistical Suite

NIST has developed a set of 16 tests to ensure that binary sequences generated by random or pseudorandom number generators are indeed random, which can be utilized for a variety of applications such as cryptography, modelling, and simulations. The tests are focused on applications that require randomization for cryptographic purposes, such as keying material creation. The tests are described in detail in the NIST Special Publication (SP) 800-22, A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications [27].

Table 4. The average values of the statistical tests for the proposed system and MARS algorithm.

	Algorithm	Proposed Cryptosystem		MARS
Test
Monobit Frequency		100%	Pass	99%	Pass
Frequency within a Block		99%	Pass	100%	Pass
Runs		100%	Pass	100%	Pass
Longest Run of Ones		100%	Pass	100%	Pass
Binary Matrix Rank		100%	Pass	96%	Failed
D Fourier Transform		100%	Pass	100%	Pass
Non-overlap Template Match		100%	Pass	100%	Pass
Overlap Template Match Test		100%	Pass	100%	Pass
Universal Statistical of Maurer		100%	Pass	99%	Pass
Lempel–Ziv Compression		99%	Pass	98%	Failed
Linearity Complexity		100%	Pass	99%	Pass
Serial		99%	Pass	97%	Failed
Approximate Entropy Test		100%	Pass	100%	Pass
Cumulative Sums		100%	Pass	100%	Pass
Random Excursions		100%	Pass	97%	Failed
Random Excursions Variant for Test(α = 0.05)		96%	Pass	93%	Failed

shows the average results of the statistical tests for the suggested system and MARS algorithm.

6.2. For Image

The security analysis of the proposed encryption technique with R, G, and B components will be discussed in this section.

6.2.1. Key Space

The ability of cryptography to resist brute force assaults enhances with an increasing key space. As our suggested algorithm employs a 448-bit key, the number of permissible secret key permutations is 2⁴⁴⁸ for R, G, and B individually, it made it extremely hard to be cracked whilst employing a brute force assault.

6.2.2. Key Sensitivity

Two aspects of key sensitivity can be assessed: First aspect, while encoding the same plaintext image using slightly different keys, the ciphertext image will be completely different, as assessed by the ciphertext image’s changing rate t. Second aspect, even though the discrepancy between the erroneous and right keys is negligible, the image decoded from the wrong key contains no information about the plaintext image.

For the first aspect, we compute:

$$Dif{f}_1=\frac{{{\displaystyle \sum }}_{i,j}{D}_{i,j}}{W\ast H}\ast 100 where D_{i,j}=\left\{\begin{array}{c}0 if c_1\left(i,j\right)=c_2\left(i,j\right)\\ 1 if c_1\left(i,j\right)\ne c_2\left(i,j\right)\end{array}\right.$$

(19)

$$Dif{f}_2=\frac{{{\displaystyle \sum }}_{i,j}\left|c_1\left(i,j\right)-c_2\left(i,j\right)\right|}{255\ast W\ast H}\ast 100$$

(20)

For the second aspect:

$$Dif{f}_3=\frac{{{\displaystyle \sum }}_{i,j}{D}_{i,j}}{W\ast H}\ast 100 where D_{i,j}=\left\{\begin{array}{c}0 if p_1\left(i,j\right)=p_2\left(i,j\right)\\ 1 if p_1\left(i,j\right)\ne p_2\left(i,j\right)\end{array}\right.$$

(21)

$$Dif{f}_4=\frac{{{\displaystyle \sum }}_{i,j}\left|p_1\left(i,j\right)-p_2\left(i,j\right)\right|}{255\ast W\ast H}\ast 100$$

(22)

The hypothetical values for Diff₁, Diff₃ and Diff₂, Diff₄ in the case of dual arbitrary images are 99.6094% and 33.3328%, correspondingly.

Table 5. The computed key sensitivity results.

		Lena	Pepper	Tiger	Nature
R	Diff1	99.62%	99.63%	99.61%	99.61%
	Diff2	33.58%	33.36%	33.52%	33.5%
	Diff3	99.62%	99.64%	99.61%	99.62%
	Diff4	33.45%	33.89%	33.9%	33.52%
G	Diff1	99.62%	99.61%	99.64%	99.61%
	Diff2	33.46%	33.84%	33.4%	33.52%
	Diff3	99.61%	99.61%	99.61%	99.62%
	Diff4	33.34%	34%	33.49%	35.8%
B	Diff1	99.61%	99.61%	99.61%	99.61%
	Diff2	33.34%	33.5%	33.5%	33.47%
	Diff3	99.62%	99.61%	99.62%	99.65%
	Diff4	33.58%	34%	34%	33.59%

shows that the computed results of Diff₁, Diff₂, Diff₃, and Diff₄ for R, G, and B components for images.

6.2.3. Histogram Analysis

The way that an image’s pixel values are distributed is represented by the histogram. The histogram values in an encrypted image should have a uniform distribution, making it difficult for the attacker to discover anything about the image. The uniform distribution of pixel values in a coded image demonstrates the applicability of the proposed encryption approach. Figure 9 shows the encrypted images’ histograms.

6.2.4. Pixel Correlation Analysis

The Nature image has a strong correlation amongst every pixel along with its neighboring pixels, denoting minor variance for the value across the stated image. Among the objectives for a ciphered image is a lessening correlation amongst the adjoining pixels; lessening the correlation strengthens the encoding effect, leading to system overall security enhancement. Horizontal, vertical, and diagonal pixels are the most prevalent types of correlation.

Table 6. The different correlation coefficients of the R, G, and B cipher images.

		Lena	Pepper	Tiger	Nature
R	Vertical correlation	−0.002	−0.003	0.001	−0.001
	Horizontal correlation	0.006	−0.001	0.001	0.0001
	Diagonal correlation	0.004	0.0009	−0.002	0.001
G	Vertical correlation	−0.004	0.0001	−0.001	0.0008
	Horizontal correlation	0.004	0.002	0.0002	−0.002
	Diagonal correlation	−0.004	0.005	0.003	0.004
B	Vertical correlation	−0.001	0.0004	−0.0001	−0.001
	Horizontal correlation	−0.005	0.0001	0.00008	−0.001
	Diagonal correlation	0.004	0.005	0.001	−0.001

lists the various correlation coefficients of the cipher image. Figure 10 depicts the relationship between the Nature image and its cipher. Plain image correlation is high and near to one. The correlation of the cipher images, on the other hand, is low and close to zero, indicating that the encrypted pixels in the encrypted images are valued and distributed randomly [28].

6.2.5. Plaintext Sensitivity

The algorithm’s sensitivity towards plaintext signifies that a slight variation in plaintext results in enormous variation within ciphertext, which entails one of the cryptographic security analysis standards. The extent of plaintext sensitivity of image encryption approaches is measured experimentally using NPCR (number of pixels change rate) and UACI (unified average changing intensity). NPCR and UACI reflect the percentage and variation extent for a number of pixels in the ciphered image subsequent to random alteration of the pixel’s valuation in the original input image, respectively. The following are the formulas for calculating NPCR and UACI:

$$\mathrm{NPCR}=\frac{1}{W\ast H}{\displaystyle \sum }_{i=1}^W{\displaystyle \sum }_{i=1}^{H}D\left(i,j\right)\ast 100\% where D\left(i,j\right)=\left\{\begin{array}{c}0 if x\left(i,j\right)=x^{\prime }\left(i,j\right)\\ 1 if x\left(i,j\right)\ne x^{\prime }\left(i,j\right)\end{array}\right.$$

(23)

$$\mathrm{UACI}={\displaystyle \sum }_{i=1}^W{\displaystyle \sum }_{i=1}^H\frac{\left|x\left(i,j\right)-x^{\prime }\left(i,j\right)\right|}{255\ast W\ast H}\ast 100\%$$

(24)

where W ∗ H stands for the image size, x (i, j) represents the pixel within the (i, j) coordinate related to the ciphered image correspondent to the original image, as well as x′ (i, j) denotes the pixel of the ciphertext image related to the variated plaintext image in the (i, j) coordinate. NPCR and UACI are anticipated to be valued at 99.6094 percent and 33.4635 percent, correspondingly. [29,30,31,32]. Four colored photos are selected to be tested for our suggested technique.

Table 7. NPCR and UACI listed output results.

		Lena	Pepper	Tiger	Nature
R	NPCR	99.61%	99.61%	99.64%	99.61%
	UACI	33.5%	33.4%	33.2%	33.4%
G	NPCR	99.61%	99.61%	99.66%	99.61%
	UACI	33,7%	33.5%	33.3%	33.2%
B	NPCR	99.62%	99.63%	99.64%	99.65%
	UACI	33.6%	33.5%	33.5%	33.7%

lists the NPCR and UACI tests valuation outputs.

6.2.6. Chi-Square Test

Figure 9 indicates that the ciphertext image’s histogram is distributed uniformly, withstands the statistical assaults, and is demonstrated using the chi-square test denoted as:

$$x^2={\displaystyle \sum }_{k=1}^{256}\frac{{\left(v_k-e\right)}^2}{e}$$

(25)

where $v_k$ denotes the true frequency for every pixel’s level, while e denotes the estimated one. The lower the value of the chi square, the greater the homogeneity and uniformity of the ciphertext images [33]. when the output value of chi square is below 295.25 for the confidence level a = 0.05, the test is declared as passed.

Table 8. Chi-square test results.

		Lena	Pepper	Tiger	Nature
R	Chi-square	253.035	247.9	221.6	234.97
	pvalue	0.476	0.3	0.064	0.189
	H	pass	pass	pass	pass
G	Chi-square	261	243.67	293.2	262.4
	pvalue	0.384	0.315	0.032	0.361
	H	pass	pass	pass	pass
B	Chi-square	223.33	267.7	280.32	239.55
	pvalue	0.075	0.279	0.015	0.251
	H	pass	pass	pass	pass

shows the value of the chi-square test in this research.

6.2.7. PSNR Evaluation

The peak-signal-to-noise ratio (PSNR) can be utilized to determine an image’s quality. A strong image encryption algorithm should produce encrypted images having a low PSNR value. PSNR is calculated using the following formula:

$$\mathrm{PSNR}=10{\log }_{10}\frac{255.255}{\sqrt{\mathrm{MSE}}}$$

(26)

Given that P(i, j) is the original image pixel value and c(i, j) is the encrypted image pixel value, than the mean square error (MSE) can be computed from the following equation:

$$\mathrm{MSE}={\displaystyle \sum }_{i=1}^W{\displaystyle \sum }_{i=1}^H\frac{{\left|P\left(i,j\right)-C\left(i,j\right)\right|}^2}{WH}$$

(27)

In this article, the value of the PSNR test is demonstrated in

Table 9. Demonstrated values of PNSR and MSE.

		Lena	Pepper	Tiger	Nature
R	MSE	13,462.3	9826.3	16,777.9	13,003.4
	PSNR	6.84	8.206	5.88	6.9
G	MSE	12,324.6	11,816.7	16,014.1	12,531.9
	PSNR	7.22	7.405	6.08	7.1
B	MSE	10,954.9	12,043.1	16,852.4	14,099.8
	PSNR	7.734	7.32	5.86	6.6

.

6.2.8. Complexity Analysis

By using a big O notation to analyze the complexity of each operation required to encrypt or decode images, it is possible to determine the computational complexity of image encryption methods. The steps necessary to complete the encryption process are used to gauge the algorithm’s computational complexity. For a plain image with a size of M × N, the complexity time for the suggested algorithm is O ((M × N)/Bs), where Bs is the number of blocks in the image.

6.2.9. Comparison with Existing Methods

The suggested scheme is complemented with alternative methods, employing correlation analysis, entropy, NPCR, and UACI, and for the Lena image of size 512*512 in

Table 10. Comparative evaluation for new proposed scheme with MARS, IDEA, and LUCIFER cryptosystems.

		Proposed	MARS	IDEA	LUCIFER
R	V correlation	−0.002	0.168	0.21907	0.144
	H correlation	0.006	−0.04	0.0691	−0.028
	D correlation	0.004	−0.03	0.071	−0.025
	Entropy	7.998	7.76	7.608	7.78
	NPCR	99.61%	0.015	0.0076	0.0156
	UACI	33.5%	0.0034	0.0021	0.00266
G	V correlation	−0.004	0.1705	0.221	0.1518
	H correlation	0.004	−0.039	0.063	−0.027
	D correlation	−0.004	−0.033	0.064	−0.019
	Entropy	7.999	7.84	7.67	7.84
	NPCR	99.61%	0.0156	0.0058	0.01562
	UACI	33.7%	0.0057	0.0022	0.0064
B	V correlation	−0.001	0.179	0.223	0.1491
	H correlation	−0.005	−0.04	0.071	−0.0286
	D correlation	0.004	−0.034	0.062	−0.024
	Entropy	7.995	7.77	7.626	7.788
	NPCR	99.62%	0.01561	0.0078	0.01562
	UACI	33.6%	0.0052	0.0019	0.0045

comparing our system with other systems: MARS [13], IDEA [34], and LUCIFER [35]. Figure 11 shows histograms of plaintext Lena’s image and cipher image for the proposed scheme, MARS, IDEA, and LUCIFER concluding that, compared to the other systems, the histogram for the ciphered images in our suggested approach is the most uniformly distributed. These results imply that our cryptosystem has improved histogram assault resilience.

7. Conclusions

A superior variant of MARS is offered in this article, a Niho function was added to the MARS cipher, and the subkeys generation was improved by using the Niho exponent, which is a subset of Boolean bent functions; this modification improved the ciphering procedure and achieved a higher level of confusion while retaining the MARS cipher’s linear and differential features. In addition, a strong relationship between S-box and the user key was established, as well as between rounds and S-box by making each round have a different S-box, so that even if we have repeated text, we will get distinct ciphertext. Additionally, we created a tight relationship between the ciphertext and the plaintext by splitting the ciphertext into smaller parts and Xoring them together to ensure that even if a single bit changes in the plaintext it will result in totally distinct ciphertext. It was discovered that MARS, LUCIFER, and IDEA had drawbacks when using images instead of text, including the histogram of the ciphertext, the correlation between the plain image and the cypher image, entropy, NPCR, and UACI.

Our new modified algorithm can withstand a variety of known assaults, statistical attacks, differential attacks, and high-speed performance, according to extensive experimentation and security analysis. The main points achieved in our proposed system is to overcome the letter repetition problem and make high randomization in the cipher image so that if one pixel will change it will affect whole cipher image and if we encrypt the same image with one pixel change it will cause different ciphertext to be obtained. Conclusively, in the case of changing the key size, it can be seen that it leads to a clear change in the subkeys and S-box generation, which causes strong confusion between the secret key and the ciphertext.

In the future, we will extend our proposed method with the help of the chaotic mapping function for improving robustness against a wide range of attacks. Moreover, we will try to make S-box generate dynamically when it is needed to reduce the space required.