The SMA: A Novel 2D Matrix-Based Lightweight Block Cipher for IoT Security

Abstract

The rapid expansion of Internet of Things (IoT) and mobile devices has intensified the demand for lightweight cryptographic algorithms capable of delivering strong security with minimal computational overhead. This work presents the SMA, a Secure Matrix-Based lightweight block cipher designed to meet these requirements through a 64-bit block and 80-bit key Substitution–Permutation Network (SPN) optimized for constrained environments. The SMA combines a nibble-wise PRESENT S-box with a fully index-based 2D matrix permutation to provide high non-linearity and efficient full-bit diffusion, supported by an enhanced key schedule that increases round-key diversity and mitigates key-dependent weaknesses. The proposed method replaces the complex linear diffusion layers used in existing lightweight ciphers such as GIFT, RECTANGLE, and PRESENT with a low-cost two-dimensional permutation that improves practical performance. Experimental evaluation demonstrates that the SMA achieves 98.5% non-correlated outputs, an average 50% bit error rate under both plaintext and key variations, and a 100% pass rate across fifteen NIST SP 800-22 statistical tests in nine data categories. Software-based implementation further confirms the correctness and applicability of the SMA for IoT-oriented simulation environments. Moreover, no exploitable differential or linear trails were identified across the full 20-round design. These results indicate that the SMA provides strong confusion, diffusion, and statistical randomness while maintaining competitive performance for secure IoT and mobile encryption applications.

1. Introduction

Cybersecurity has become a critical global priority due to the rapid expansion of mobile devices and interconnected smart systems. Recent reports show that mobile subscriptions reached 8.83 billion in 2025, with projections increasing to 9.50 billion by 2031, reflecting the growing dependence on mobile connectivity [1]. Simultaneously, the Internet of Things (IoT) continues to grow at an unprecedented scale, with connected IoT devices expected to rise from 19.8 billion in 2025 to more than 40.6 billion by 2034 [2]. This explosive increase in interconnected nodes significantly enlarges the attack surface and exposes sensitive data to threats such as interception, unauthorized access, and privacy breaches. Ensuring confidentiality in these environments requires security mechanisms that are not only robust but also lightweight enough to operate on highly resource-constrained devices.

Despite their proven security, traditional cryptographic algorithms such as Advanced Encryption Standard (AES), Data Encryption Standard (DES), Tiny Encryption Algorithm (TEA), and Rivest–Shamir–Adleman (RSA) [3] remain computationally expensive for ultra-low-power applications. AES, for instance, demands considerable memory and processing resources [4], which makes it inefficient for microcontrollers, wearable devices, and embedded IoT systems. As a result, the research community has intensified efforts to develop lightweight block ciphers (LWBCs) that offer strong security while using limited hardware area, low energy, and minimal memory resources [5].

Several lightweight ciphers have been proposed over the past decade, including PRESENT [6], RECTANGLE [7], GIFT [8], NUX [9], LAO-3D [10] and KLEIN [11]. Although these designs demonstrate improvements in compactness and performance, they also reveal trade-offs between diffusion capability, confusion strength, non-linearity, and resistance to differential and linear attacks. As observed in our prior survey [12], many existing LWBCs struggle to simultaneously achieve fast diffusion, cryptanalytic robustness, and low implementation cost. Additionally, multidimensional diffusion mechanisms especially 3D transformations can enhance security but often introduce additional structural complexity and resource consumption, limiting their suitability for IoT devices [13].

Recent research trends have therefore shifted toward two-dimensional (2D) matrix-based architectures as a middle ground between simple 1D permutations and costly 3D diffusion. Instead of relying on heavy algebraic operations, 2D ciphers exploit spatial organization of the state as a grid of bits or nibbles to enhance diffusion cost-effectively. For example, GIFT [8] uses a matrix-style state representation to enable efficient permutations with low hardware overhead, demonstrating the practicality of structured spatial diffusion in constrained environments. Similarly, LED [14] applies a compact 4 × 4 matrix structure to support shift- and mix-based transformations optimized for lightweight devices. Other designs such as Lilliput [15] organize internal sub-blocks in a matrix form within a generalized Feistel network to accelerate cross-column and cross-row propagation. Additional proposals based on grid- and cell-oriented permutations show that arranging cipher data in two dimensions can reduce routing complexity, shorten critical paths, and allow index-driven operations to accumulate strong diffusion across rounds. Collectively, these studies highlight the effectiveness of matrix-oriented structural transformations in lightweight cryptography.

Motivated by these observations, this work introduces the SMA (Secure Matrix-Based Algorithm), a new lightweight block cipher that employs a purely index-driven 2D matrix permutation to simplify diffusion while avoiding arithmetic mixing layers. By combining this lightweight structural rearrangement with an SPN framework, the SMA fills the gap between high-cost diffusion matrices and minimal-cost bit permutations, providing strong multi-round diffusion with significantly lower implementation overhead. The SMA further integrates a nibble-wise PRESENT S-box and an improved key schedule to enhance non-linearity and round-key diversity.

In contrast to existing lightweight ciphers that rely on either algebraic MDS diffusion or structurally complex multidimensional transformations, the SMA adopts a purely index-driven two-dimensional permutation that achieves efficient diffusion without increasing computational or hardware overhead. Unlike designs such as GIFT or LED, which employ fixed matrix-based transformations, the SMA introduces a lightweight permutation strategy tailored to minimize implementation cost while maintaining strong resistance against differential and linear cryptanalysis. This design choice clearly distinguishes the SMA from prior approaches and positions it as a practical alternative for resource-constrained IoT environments.

Unlike survey-oriented studies, this paper presents the SMA as a newly designed lightweight block cipher and constitutes the primary technical contribution of this work.

The main contributions of this work are as follows:

• A compact 2D matrix-based permutation layer that achieves rapid full-bit diffusion within a lightweight structure, without increasing block or key sizes.
• An improved key scheduling mechanism that enhances round-key randomness and strengthens resistance to key-related cryptanalysis.
• A complete security and performance evaluation demonstrating that SMA satisfies lightweight cipher requirements and is efficient for mobile and IoT encryption applications.

The remainder of this paper is organized as follows. Section 2 introduces the 2D cipher design architecture, including the two-dimensional cipher structure, a comparison between the proposed 2D permutation and conventional MDS diffusion matrices, and the advantages of the 2D design approach. Section 3 presents the proposed SMA block cipher, detailing its algorithm specification, encryption and key schedule algorithms, and test vectors. Section 4 reports the experimental results, including avalanche effect tests, randomness analysis, cryptanalysis attacks, and performance evaluation. Section 5 provides a detailed discussion of the findings, while Section 6 describes the software implementation and simulation environment used for validation. Finally, Section 7 concludes the paper and outlines potential directions for future research.

2. Two-Dimensional Cipher Design Architecture

2.1. Two-Dimensional Cipher Structure

A 2D cipher arranges plaintext bits into a rectangular matrix instead of a linear or cubic form. In the SMA cipher, a 64-bit plaintext block is represented as an 8 × 8 matrix, where each element corresponds to a single bit of the cipher state. This representation enables bit-level diffusion across both horizontal (row) and vertical (column) dimensions, ensuring that a single-bit change in the input can propagate widely across the state matrix.

Let $W=\left\{w_{63},w_{62},\dots ,w_0\right\}$ represent the plaintext bits, arranged into an 8 × 8 bit matrix as presented in Figure 1 (MSB- left).

The subscript $\mathit{w}$ denotes the bit index within the cipher state, where $w\in \{\mathrm{0,1},\dots ,63\}$. Each round transformation of SMA applies the AddRoundKey, SubNibble, and 2DMatrixPermutation operations on this 8 × 8 matrix form as detailed in the next section, providing enhanced confusion and diffusion similar to 3D designs but without additional dimensional complexity.

2.2. Two-Dimensional Matrix Permutation vs. MDS Diffusion Matrices

Although both SMA’s 2D matrix permutation layer and classical Maximum Distance Separable (MDS) matrices are designed to enhance diffusion, they achieve this objective through fundamentally different mechanisms and incur markedly different implementation costs.

MDS-based diffusion, widely used in AES and several SPN-class lightweight ciphers [16], is constructed using linear transformations over finite fields. These matrices guarantee optimal branch numbers, enabling rapid spread of differences and strong resistance against differential and linear cryptanalysis. However, this optimality comes with a cost. Implementing MDS matrices typically requires finite-field multipliers, multiple XOR operations, and nontrivial circuit depth, all of which significantly increase hardware complexity and power consumption [17]. Therefore, MDS matrices can be complex to implement in hardware, which is critical for ultra IoT devices that often require low power and cost-efficient solutions [18].

In contrast, the SMA’s 2D matrix permutation relies solely on structural rearrangement of bits or nibbles within a two-dimensional grid. No GF arithmetic, matrix multiplication, or multi-bit linear operations are required. The permutation layer consists entirely of index-based rotations, transpositions, and position swaps. This design achieves multi-round diffusion at extremely low cost, making it particularly suitable for resource-limited embedded devices. While the SMA does not rely on algebraic optimality like MDS matrices, the combined effect of substitution and repeated 2D permutation across 20 rounds results in fast propagation of differences and strong overall diffusion.

Table 1. Comparison between 2D Matrix Permutation and MDS.

Feature	2D Matrix Permutation	MDS Matrix Diffusion
Type of Operation	Pure permutation (bit/nibble rearrangement) using an 8 × 8 matrix.	Linear mixing using GF(2ⁿ) matrix multiplication.
Diffusion Mechanism	Bit-level rearrangement across rows/columns.	Optimal branch number from algebraic mixing.
Hardware Cost	Very low; only indexing.	High; many XORs and GF multipliers.
Software Cost	Extremely lightweight.	More expensive due to linear algebra operations.
Diffusion Speed	Requires multiple rounds.	Full diffusion in one round.
Suitability for IoT	Excellent for constrained devices.	Less suitable for ultra-light devices.

presents a detailed comparison between the two approaches.

It is important to note that the classical branch number metric is inherently defined for linear mixing layers such as MDS matrices and is therefore not directly applicable to pure permutation-based diffusion layers. Since the proposed 2D matrix permutation performs index-driven bit rearrangement without algebraic mixing, its diffusion efficiency is instead evaluated through the growth of active S-boxes across consecutive rounds. This metric is widely adopted for substitution–permutation networks employing lightweight permutation layers, as it directly reflects how rapidly input differences propagate through the non-linear components. As demonstrated in the differential and linear cryptanalysis results, the proposed 2D permutation achieves fast multi-round diffusion, reaching a high number of active S-boxes within the first few rounds, thereby providing strong resistance against statistical attacks despite the absence of an MDS structure.

2.3. Advantages of the 2D Design

The adoption of a 2D matrix structure offers several benefits over 1D and 3D approaches:

• Compact Implementation: Maintains the standard 64-bit block without expanding key or round parameters.
• High Diffusion Efficiency: Each round efficiently redistributes bits across rows and columns.
• Hardware and Software Flexibility: The matrix-based structure can be efficiently implemented in both microcontroller and software environments.
• Enhanced Security: The combination of rotation and transposition reduces the probability of differential and linear correlations, verified experimentally in Section 4.

3. Proposed SMA Block Cipher

In this section, we introduce the main contribution of this work: the design of a new lightweight block cipher called the Secure Matrix-based Algorithm (SMA). The SMA is constructed using an optimized SPN architecture and incorporates a matrix-based permutation to enhance diffusion. The goal of the SMA is to provide strong security with low computational overhead, making it suitable for mobile and other resource-constrained encryption applications. The detailed structure and design steps of the proposed SMA cipher are presented in the following subsections.

3.1. Algorithm Specification

The SMA is a symmetric lightweight block cipher composed of 20 rounds, operating on a 64-bit block with an 80-bit key length. The cipher adopts a substitution–permutation network (SPN) structure. The SPN design is selected over the Feistel network because it provides faster execution, lower energy consumption, and requires fewer round functions, making it well suited for lightweight applications.

The number of rounds in the SMA was selected based on a security–performance trade-off analysis. Experimental cryptanalysis shows that both differential and linear trail probabilities decrease rapidly and fall below established security thresholds within the first few rounds. Choosing 20 rounds provides a comfortable security margin beyond the point where no effective differential or linear distinguishers exist, while maintaining low computational overhead suitable for lightweight IoT applications.

Each round of SMA contains three main components. First, the key addition layer performs XOR between the RoundKey and the cipher state to provide effective key mixing. Second, the non-linear layer applies parallel S-box substitutions to introduce strong confusion properties. Third, the matrix-based linear layer uses the 2D Matrix Permutation to achieve efficient multi-round diffusion. Together, these layers ensure that even a minor change in the plaintext or key results in significant alterations to the ciphertext, thereby satisfying Shannon’s principles of confusion and diffusion [19].

Each round performs as in Equation (1):

$$\mathit{S}\mathit{t}\mathit{a}\mathit{t}\mathit{e}=\mathit{P}\left(\mathit{S}\left(\mathit{S}\mathit{t}\mathit{a}\mathit{t}\mathit{e}\oplus {\mathit{K}}_{\mathit{r}}\right)\right)$$

(1)

where $\mathit{S}\left(\right)$ is the substitution layer, $\mathit{P}\left(\right)$ the 2D matrix permutation, and ${\mathit{K}}_{\mathit{r}}$ the r-th round key. The named State represents the 64-bit internal cipher state arranged as an 8 × 8 bit matrix. The functional composition, indicating that the substitution and permutation layers are applied sequentially to the state under the corresponding round key.

3.2. Encryption Algorithm

The round transformation of the proposed SMA block cipher is composed of three distinct functions, as illustrated in Algorithm 1.

Algorithm 1 Pseudocode of the SMA Block Cipher (Encryption)
1:	RoundKeysGeneration (Key)   // produces K1...K20
2:	for i = 1 to 20 do
3:	AddRoundKey (State, RoundKeyi)
4:	SubNibble (State)
5:	2DMatrixPermutation(State)
6:	end for

In this notation, all three functions comprise the AddRoundKey, S-box Substitution, and 2D Matrix Permutation are applied to arrays, where the inputs consist of the cipher State and the RoundKey. The complete encryption and decryption processes of the SMA are illustrated in Figure 2.

For the decryption process, the functions are executed in the reverse order, with 20 rounds of the 2D Matrix Permutation and S-box Substitution applied first, followed by the AddRoundKey operation. Likewise, all RoundKeys are used in reverse sequence during decryption. Algorithm 2 presents all functional transformations of the SMA.

Algorithm 2 Pseudocode of the SMA Block Cipher (Decryption)
1:	RoundKeysGeneration (Key)   // produces K1...K20
2:	for i = 1 to 20 do
3:	2DMatrixPermutation −1(State)
4:	SubNibble −1 (State)
5:	AddRoundKey (State, RoundKeyi)
6:	end for

3.2.1. AddRoundKey Layer

In the AddRoundKey function of SMA, the 64-bit cipher State is represented as an 8 × 8 bit array, where each element corresponds to one byte of the state. The 64-bit RoundKey for each round is extracted from the 80-bit master key using the key schedule algorithm. The AddRoundKey operation is performed by applying a bitwise XOR between each byte of the cipher State and the corresponding byte of the RoundKey as derived via Equation (2):

$$\mathit{B}\left[\mathit{i}\right]=\mathit{A}\left[\mathit{i}\right]\oplus \mathit{K}\left[\mathit{i}\right],0\le \mathit{i}\le 7$$

(2)

where $\mathit{A}\left[\mathit{i}\right]$ is the input state byte, $\mathit{K}\left[\mathit{i}\right]$ is the round key byte, and $\mathit{B}\left[\mathit{i}\right]$ is the resulting state byte after XOR. This step ensures effective key mixing and provides the foundation for the subsequent non-linear and diffusion layers of the SMA.

The RoundKeys are generated prior to encryption, and this XOR operation is repeated in each of the 20 rounds of the SMA cipher, as shown in Algorithm 1.

3.2.2. SubNibble Layer

The SubNibble function provides the non-linear substitution transformation in the SMA and operates independently on each byte of the cipher state. This function applies the 4-bit PRESENT S-box [6] to both the high nibble and the low nibble of every byte.

The PRESENT S-box as presented in

Table 2. PRESENT S-box.

x	0	1	2	3	4	5	6	7	8	9	A	B	C	D	E	F
S(x)	5	E	F	8	C	1	2	D	B	4	6	3	0	7	9	A

is selected due to its proven cryptographic strength, low differential uniformity, and compact hardware footprint, making it a well-established choice for lightweight block ciphers operating under strict resource constraints.

The PRESENT S-box defines a non-linear mapping $\mathit{S}:{\mathbb{F}}_2^4\to {\mathbb{F}}_2^4$, such that $\mathit{S}\left(\mathit{x}\right)={\mathit{s}}_{\mathit{x}}$, where $\mathit{x}\in \{\mathrm{0,1},\dots ,15\}$ denotes the input nibble and $s_x$ is the corresponding substituted output value listed in Table 2.

In SMA, the cipher State for this operation is represented as a sequence of eight bytes:

$$A=\left(a_0,a_1,\dots ,a_7\right)$$

Each byte $a_i$consists of two 4-bit halves:

$$a_i=\left(a_i^{\left(H\right)},a_i^{\left(L\right)}\right)$$

The SubNibble transformation applies the S-box to both halves independently:

$$b_i=\left(S\left(a_i^{\left(H\right)}\right)\mid \mid S\left(a_i^{\left(L\right)}\right)\right),0\le i\le 7$$

where $b_i$ is the output byte after substitution.

This process is implemented in the encryption routine as presented in Algorithm 3.

Algorithm 3 Pseudocode of SubNibble SMA Block Cipher
1:	function SubNibble(state [8])        // state: array of 8 bytes
2:	for i from 0 to 7 do
3:	high = (state[i] >> 4)        // upper 4 bits
4:	low = (state[i] & 0x0F)     // lower 4 bits
5:	high’ = SBOX[high]          // PRESENT S-box lookup
6:	low’ = SBOX[low]          // PRESENT S-box lookup
7:	end for

This nibble-wise substitution operation introduces the necessary confusion into each round of the SMA block cipher.

3.2.3. 2DMatrixPermutation Layer

The 2DMatrixPermutation function is the primary diffusion layer of SMA. It performs three sequential transformations on the 8 × 8 bit matrix to ensure uniform propagation of bit changes across both axes. Figure 3 conceptually illustrates the three-step 2D matrix permutation, including the initial 8 × 8 layout, the row-wise left rotations, the matrix transpose, and the final column-wise right rotations.

Step 1: Row Rotation (ROL)

Table 3. Permutation Table—Row Rotation (ROL).

	c0	c1	c2	c3	c4	c5	c6	c7
r0	1	2	3	4	5	6	7	0
r1	12	13	14	15	8	9	10	11
r2	23	16	17	18	19	20	21	22
r3	26	27	28	29	30	31	24	25
r4	37	38	39	32	33	34	35	36
r5	40	41	42	43	44	45	46	47
r6	51	52	53	54	55	48	49	50
r7	62	63	56	57	58	59	60	61

presents the permutation values produced by the Row Rotation (ROL) stage. In this step, the 64-bit state is first arranged as an 8 × 8 matrix in row-major order. Each row i is then circularly left-rotated by $\left(3i+1\right)mod8$ positions. The entry at each position in Table 3 indicates the original bit index that appears at that output location after applying the corresponding row rotation. This horizontally disperses the bits while maintaining row integrity.

Step 2: Matrix Transposition

Table 4. Permutation Table—Matrix Transposition.

	c0	c1	c2	c3	c4	c5	c6	c7
r0	1	12	23	26	37	40	51	62
r1	2	13	16	27	38	41	52	63
r2	3	14	17	28	39	42	53	56
r3	4	15	18	29	32	43	54	57
r4	5	8	19	30	33	44	55	58
r5	6	9	20	31	34	45	48	59
r6	7	10	21	24	35	46	49	60
r7	0	11	22	25	36	47	50	61

shows the permutation results after applying the matrix transposition to the output of the ROL stage. The transpose operation swaps each bit position $\left(i,j\right)$ with $\left(j,i\right)$, effectively converting row diffusion into column diffusion. The values in Table 4 represent the same original bit indices, but now placed according to their new transposed locations. This interchanges rows and columns, enabling cross-axis diffusion.

Step 3: Column Rotation (ROR)

Table 5. Permutation Table—Column Rotation (ROR).

	c0	c1	c2	c3	c4	c5	c6	c7
r0	51	62	1	12	23	26	37	40
r1	13	16	27	38	41	52	63	2
r2	39	42	53	56	3	14	17	28
r3	57	4	15	18	29	32	43	54
r4	19	30	33	44	55	58	5	8
r5	45	48	59	6	9	20	31	34
r6	7	10	21	24	35	46	49	60
r7	25	36	47	50	61	0	11	22

provides the final permutation values after performing the Column Rotation (ROR) stage. At this stage, each row i of the transposed matrix is circularly right-rotated by $\left(5i+2\right)mod8$ positions. This operation completes the 2-dimensional diffusion by redistributing bits both horizontally and vertically. The entries in Table 5 indicate the original bit indices after all three steps: ROL → Transpose → ROR.

This three-step permutation ensures that each input bit is reassigned to a new position according to the mapping $P\left(i\right)$, enabling rapid and complete diffusion across the 64-bit state. The overall permutation can be expressed formally, as shown in Equation (3).

$${\mathit{S}}_{\mathit{o}\mathit{u}\mathit{t}}\left[\mathit{i}\right]={\mathit{S}}_{\mathit{i}\mathit{n}}\left[\mathit{P}\left(\mathit{i}\right)\right]$$

(3)

where $\mathit{P}\left(\mathit{i}\right)$ is the complete permutation index given in Table 5 after applying the three sequential operations: Row Rotation_L, Transpose, and Column Rotation_R.

3.3. Key Schedule Algorithm

The key scheduling process of the SMA block cipher generates twenty 64-bit round keys from an 80-bit secret key. The key schedule algorithm begins by dividing the 80-bit master key into two 40-bit halves, L and R, which are iteratively updated over twenty rounds.

As illustrated in Figure 4, each round consists of five main stages: Bit-Rotation, S-box Substitution, Byte Swapping, Round Constant Addition, and RoundKey Extraction.

• Bit-Rotation

Both halves are circularly shifted left to achieve full diffusion of key bits the left L by 37 bits and right R by 19 bits, ensuring that every key bit eventually influences all round keys.

2.

S-box Substitution

The most significant 12 bits of the left half undergo non-linear transformation using the PRESENT S-box.

This step enhances the non-linearity of the round-key sequence and prevents linear relations among consecutive keys.

3.

Byte Swapping

Two rightmost bytes between the L and R halves are swapped to increase dependency between both portions of the key state.

This inter-mixing operation contributes to additional diffusion within the key schedule.

4.

Round Constant Addition

To remove symmetry and strengthen resistance against related-key attacks, round constants (RC[r]) are XORed with the first and last bytes of the 80-bit key state.

These constants are fixed 8-bit values that vary across all 20 rounds:

{1D, 2E, 31, 43, 5A, 6C, 77, 84, 9A, AD, B1, C3, D4, E6, F8, 1B, 2C, 3E, 4F, 5D}.

5.

Round Key Extraction

After applying these operations, the updated 80-bit key state is used to extract the next 64-bit round key (RK[r]), taken from bits 8 to 71 of the internal key register.

The procedure repeats for all twenty rounds, resulting in twenty unique round keys (RK₁–RK₂₀) employed during the encryption and decryption processes.

The combination of non-linear S-box substitution, asymmetric bit rotations, byte swapping between key halves, and round constant injection ensures that even small differences between related keys rapidly propagate across subsequent round keys. These design choices disrupt linear relations and prevent the formation of simple key dependencies, thereby strengthening resistance against related-key attacks. Since each round key is derived through multiple non-linear and permutation-based transformations, no equivalent or weak-key classes were observed during experimental evaluation.

3.4. Test Vectors

Test vectors define the expected outputs of a cryptographic algorithm for given inputs, serving as reference data for verification by developers and implementers [20].

Table 6. Test Vectors of the SMA Block Cipher.

Key	Plaintext	Ciphertext
00000000000000000000	0000000000000000	DE9FDF0E3D278FAC
FFFFFFFFFFFFFFFFFFFF	0000000000000000	27A8CFB6B8454F8C
E79B03D8F421A4C6F392	0000000000000000	DB45FD06A3F47BFE
00000000000000000000	FFFFFFFFFFFFFFFF	CD1E6AF218910360
FFFFFFFFFFFFFFFFFFFF	FFFFFFFFFFFFFFFF	75EB4818D8943A55
E79B03D8F421A4C6F392	FFFFFFFFFFFFFFFF	5796BB627D3CF1AE
00000000000000000000	C56B90AD3EF84712	DFDD9B5CEE90F938
FFFFFFFFFFFFFFFFFFFF	C56B90AD3EF84712	6859C245565B7B41
E79B03D8F421A4C6F392	C56B90AD3EF84712	3F7AAE3F7C0D3ADA

presents the input values alongside their corresponding outputs for the proposed SMA block cipher.

4. Results

This section presents the comprehensive security evaluation conducted on all 20 rounds of the proposed SMA block cipher. The assessment methods were applied to demonstrate the robustness of this lightweight algorithm and to highlight its potential suitability for integration into various cryptographic primitives.

A secure cipher must create a complex relationship between the plaintext, ciphertext, and key, a property known as confusion. At the same time, it should spread any changes in the plaintext across the entire ciphertext, referred to as diffusion [19]. Both confusion and diffusion are essential for ensuring the security of an encryption algorithm. In SMA, confusion is introduced through SubNibble S-box substitution, while diffusion is achieved via 2D matrix permutation. Together, these mechanisms generate sufficient randomness in the ciphertext, preventing any recognizable patterns.

To assess the confusion and diffusion properties of the SMA block cipher, three analyses were conducted: correlation coefficient, bit error, and key sensitivity tests. Additionally, a randomness evaluation was performed to examine the statistical randomness of the algorithm. Lastly, two types of cryptanalysis attacks were carried out to evaluate the robustness of the SMA cipher against potential vulnerabilities.

In addition to the security evaluation, a performance test was carried out to measure the encryption speed, throughput, and cycles per byte required by the SMA cipher. For benchmarking, the results were compared with several existing lightweight block ciphers, including LAO-3D, GIFT, KLEIN, LED, LRBC, PRESENT, PRINCE, PRINT, QTL, RECTANGLE, SIMECK, and TEA. These algorithms were selected due to their comparable block sizes (≤64 bits) and key sizes (≤128 bits), allowing for a fair comparison of their security levels and performance within the lightweight cipher category.

4.1. Avalanche Effect Tests

The avalanche effect is used to assess the cipher’s non-linear behavior. This type of transformation introduces confusion by ensuring that minor changes in the input lead to significant alterations in the output. To evaluate this, several tests were conducted—specifically correlation coefficient analysis, bit error rate, and key sensitivity—to observe how the block cipher responds. A pseudorandom bit generator was utilized to create both the plaintexts and corresponding keys for the experiments. The avalanche effect, represented as $\mathit{A}\mathit{E}$, is mathematically defined in Equation (4):

$$\mathit{A}\mathit{E}={\displaystyle \frac{1}{\mathit{S}}}{\sum }_{\mathit{i}=1}^{\mathit{s}}\left|{\mathit{c}}_{\mathit{i}}-{\mathit{p}}_{\mathit{i}}\right|$$

(4)

where $\mathit{s}$ denotes the block length of the cipher in bits ($s=64$ for SMA). The variables ${\mathit{p}}_{\mathit{i}}$ and ${\mathit{c}}_{\mathit{i}}$ represent the $\mathit{i}\mathrm{th}$ bit of the plaintext and the corresponding ciphertext, respectively, with $\mathit{i}\in \{\mathrm{0,1},\dots ,63\}$. The absolute difference $\mid c_i-p_i\mid$ yields a binary value (0 or 1), indicating whether a bit change has occurred. Consequently, the avalanche effect is a dimensionless normalized ratio in the range $\left[0,1\right]$, where a value close to 0.5 indicates an ideal diffusion behavior.

4.1.1. Correlation Coefficient Test

The correlation coefficient is particularly useful in assessing the strength of the non-linear relationship between the plaintext and the resulting ciphertext. A properly designed cipher should exhibit low correlation values between these inputs and outputs [21]. As shown in

Table 7. Interpretation of Correlation Coefficient Results.

Result (R)	Correlation Strength
(R = 0)	No correlation (non-linear or random relationship)
(0 < R ≤ 0.3) or (–0.3 ≤ R < 0)	Weak positive/negative linear correlation
(0.3 < R < 0.7) or (–0.7 < R < –0.3)	Moderate positive/negative linear correlation
(0.7 ≤ R < 1) or (–1 < R ≤ –0.7)	Strong positive/negative linear correlation
(R = 1) or (R = –1)	Perfect positive/negative linear correlation

, the correlation coefficient $\mathit{R}$ ranges between $-$1 and +1, providing insight into how effectively the cipher introduces confusion.

A correlation coefficient $R$ close to 0 indicates strong confusion, while values approaching ±1 denote linear dependence.

The coefficient is computed in Equation (5):

$$\mathit{R}={\displaystyle \frac{\sum _{\mathit{i}=1}^{\mathit{s}}\left({\mathit{p}}_{\mathit{i}}-\mathbf{A}\mathbf{E}\right)\left({\mathit{c}}_{\mathit{i}}-\mathbf{A}\mathbf{E}\right)}{\sqrt{\sum _{\mathit{i}=1}^{\mathit{s}}({\mathit{p}}_{\mathit{i}}-\mathbf{A}\mathbf{E}{)}^2}\sqrt{\sum _{\mathit{i}=1}^{\mathit{s}}({\mathit{c}}_{\mathit{i}}-\mathbf{A}\mathbf{E}{)}^2}}}$$

(5)

where AE represents the avalanche effect from Equation (4), $p_i$ and $c_i$ represent the $i\mathrm{t}\mathrm{h}$ bits of plaintext and ciphertext, respectively, for $i=(\mathrm{0,1},\dots ,63)$, and $s$ = 64 bits.

The correlation coefficient analysis was conducted to evaluate the degree of linear relationship between the plaintext and ciphertext of the proposed SMA block cipher. A total of 1000 random plaintexts and five random keys were used to assess the cipher’s non-linearity behavior. Figure 5 illustrates the scatter charts of the obtained correlation values, where each subplot corresponds to one of the five random keys. The correlation values were computed based on the bit-level relationship between plaintext and ciphertext blocks. As shown in the figure, the data points are uniformly distributed around zero, demonstrating a weak and random linear dependency for all tested keys.

A statistical summary of the results is provided in

Table 8. SMA Correlation Coefficient Findings.

Result	Key 1	Key 2	Key 3	Key 4	Key 5	Average
R = 0	1.5	1.8	2.2	1.8	1.7	1.8%
0 < R ≤ 0.3 and −0.3 ≤ R < 0	97.7	96.9	96.2	96.3	96.5	96.7%
0.3 < R ≤ 0.7 and −0.7 ≤ R < −0.3	0.8	1.3	1.6	1.9	1.8	1.5%
0.7 ≤ R < 1 and −1 < R ≤ −0.7	0.0	0.0	0.0	0.0	0.0	0.0%
R = ±1	0.0	0.0	0.0	0.0	0.0	0.0%

. The results indicate that approximately 96.7% of the correlation coefficients fall within the range $0<R\le 0.3$ and $-0.3\le R<0$ mean weakly correlated, while 1.8% correspond to perfectly uncorrelated cases ($R=0$). Only 1.5% of samples showed moderate correlation ($0.3<\mid R\mid \le 0.7$), and no strong correlation values ($\mid R\mid >0.7$) were observed. Combining the uncorrelated and weakly correlated regions yields a total of 98.5% non-correlated outputs, confirming the high non-linearity and diffusion, ensuring strong resistance to linear attacks of the SMA design. These outcomes demonstrate that the SMA achieves nearly the same level of correlation performance as LAO-3D (98.2%), while maintaining a simpler 2D matrix-permutation structure with lower computational complexity.

4.1.2. Bit Error Test

The bit error test evaluates how changes in the plaintext influence the resulting ciphertext. It measures the number of ciphertext bits that differ after a single plaintext bit has been modified, which is defined as the bit error. Ideally, the optimum outcome of this test is 0.5, meaning that approximately 50% of the ciphertext bits change for every one-bit alteration in the plaintext [22]. Each plaintext bit (0–63) was flipped individually, and the resulting ciphertexts were compared with the originals to compute the bit error rate (BER) using Equation (6).

$$\mathit{B}\mathit{E}\mathit{R} = {\displaystyle \frac{\mathit{N}\mathit{u}\mathit{m}\mathit{b}\mathit{e}\mathit{r} \mathit{o}\mathit{f} \mathit{c}\mathit{i}\mathit{p}\mathit{h}\mathit{e}\mathit{r}\mathit{t}\mathit{e}\mathit{x}\mathit{t} \mathit{b}\mathit{i}\mathit{t} \mathit{d}\mathit{i}\mathit{f}\mathit{f}\mathit{e}\mathit{r}\mathit{e}\mathit{n}\mathit{c}\mathit{e}\mathit{s}}{\mathit{T}\mathit{o}\mathit{t}\mathit{a}\mathit{l} \mathit{n}\mathit{u}\mathit{m}\mathit{b}\mathit{e}\mathit{r} \mathit{o}\mathit{f} \mathit{c}\mathit{i}\mathit{p}\mathit{h}\mathit{e}\mathit{r}\mathit{t}\mathit{e}\mathit{x}\mathit{t} \mathit{b}\mathit{i}\mathit{t}\mathit{s}}}$$

(6)

The main objective of the bit error test is to analyze the correlation between the plaintext and ciphertext of the SMA cipher. In this experiment, one random key and five distinct random plaintexts were used for evaluation. The scatter plots in Figure 6 illustrate the bit error rate (BER) values obtained from these tests, where each data point represents the number of ciphertext bits affected by a specific plaintext-bit modification. The data points are evenly distributed around 0.5, indicating that approximately half of the ciphertext bits change for every plaintext-bit alteration.

A comprehensive summary of the bit error results is presented in

Table 9. SMA Bit Error Findings.

Input	Average Different Bits	Average Bit Error Rate
Plaintext 1	31.765625	0.496338
Plaintext 2	32.359375	0.505615
Plaintext 3	32.109375	0.501709
Plaintext 4	31.812500	0.497070
Plaintext 5	32.000000	0.500000
Average	32.009 (≈50.01%)	0.5001 (≈50.01%)

. The experimental outcomes show that, after modifying the plaintext bits, the BER values of the SMA cipher consistently converge around 0.5. The results for all five plaintexts confirm that the proposed SMA block cipher achieves the optimal bit error performance, verifying its strong diffusion characteristics and ideal avalanche behavior.

By carefully analyzing the results, it is observed that the SMA block cipher achieves an average bit error rate of approximately 50%, indicating that the ciphertext is almost entirely altered when a single bit in the plaintext is modified. This behavior confirms that the SMA provides excellent diffusion and exhibits the ideal avalanche property.

Table 10. Avalanche Effect Under Plaintext Modifications.

Algorithm	Average Avalanche Effect
SMA (proposed)	50.02%
LAO-3D	50.05%
LED	52.83%
LRBC	58.00%
PRINCE	51.18%
PRINT	49.08%
QTL	52.56%
SIMECK	53.00%
TEA	49.12%

compares the average avalanche effect on plaintext modifications of the proposed SMA cipher with several existing lightweight block ciphers [23], demonstrating that the SMA achieves competitive or superior diffusion strength relative to previous designs.

4.1.3. Key Sensitivity Test

The key sensitivity test evaluates the changes in the ciphertext that occur when the encryption key is slightly modified [24]. A cryptographic algorithm demonstrates a high level of security against key sensitivity attacks if the alteration of even a single key bit results in significant modifications in the ciphertext. In the SMA cipher, the key sensitivity was analyzed by flipping one key bit at a time, starting from the least significant bit to the most significant bit, while keeping the plaintext constant.

The bit error rate (BER) equation was used to calculate the degree of ciphertext alteration caused by each key-bit modification. For an effective cryptographic design, the BER should ideally be around 0.5, indicating that approximately 50% of the ciphertext bits are affected by a one-bit change in the key. In this experiment, a single random plaintext and five random keys were utilized to assess the SMA block cipher. The resulting scatter plots presented in Figure 7 illustrate the distribution of BER values for each key, showing a balanced and uniform response to key-bit changes.

Table 11. SMA Key Sensitivity Findings.

Input	Average Different Bits	Average Bit Error Rate
Key 1	33.500000	0.523438
Key 2	31.050000	0.485156
Key 3	32.725000	0.511328
Key 4	31.787500	0.496680
Key 5	32.525000	0.508203
Average	32.317 (≈50.50%)	0.505 (≈50.50%)

summarizes the experimental outcomes of the key sensitivity analysis. On average, the SMA cipher achieved approximately 32-bit differences, corresponding to an average BER of 0.50, which aligns with the expected theoretical value. A bit error rate close to 50%, verifying that single-bit modifications in the key cause nearly half of the ciphertext bits to change. These results confirm that the SMA block cipher exhibits a strong non-linear dependency between the key and the ciphertext, proving high key sensitivity.

Similar observations were recorded during the key alteration experiments conducted on the SMA cipher while maintaining a constant plaintext. The results, presented in

Table 12. Avalanche Effect Under Key Modifications.

Algorithm	Average Avalanche Effect
SMA (proposed)	50.50%
LAO-3D	50.00%
LED	50.37%
LRBC	55.75%
PRINCE	49.06%
PRINT	46.42%
QTL	50.31%
SIMECK	51.25%
TEA	47.12%

[23], show that the proposed SMA achieves an average avalanche effect of approximately 50.50%, confirming that all key bits contribute significantly to changes in the ciphertext. This outcome demonstrates that the SMA possesses strong key sensitivity, ensuring that even a single-bit modification in the key produces substantial and unpredictable variations in the ciphertext. Compared to existing lightweight block ciphers, the SMA exhibits balanced and effective diffusion behavior under key modification conditions.

4.2. Randomness Test

The randomness of the proposed SMA block cipher was evaluated using fifteen statistical tests provided by the NIST Special Publication 800-22 [25]. These tests were conducted using the NIST Statistical Test Suite (STS), which is a widely used open-source framework designed to identify non-random patterns within ciphertext. The randomness evaluation aims to confirm the statistical unpredictability of the cipher’s output, which is essential for robust cryptographic security.

The applied statistical tests are classified into two groups: non-parameterized and parameterized. The non-parameterized group includes tests that do not require any external input parameters and consists of the following: the random excursion test (yielding eight p-values), random excursion variant (eighteen p-values), cumulative sums (two p-values), binary matrix rank (one p-value), longest runs of ones (one p-value), frequency (one p-value), spectral DFT (one p-value), and the runs test (one p-value). These tests analyze the statistical characteristics of the ciphertext to ensure it does not exhibit predictable behavior.

The parameterized group, which requires specific test parameters, includes the non-overlapping template matching test (148 p-values), the serial test (two p-values), linear complexity, Maurer’s universal test, approximate entropy, overlapping template matching, and block frequency each producing a single p-value. These tests assess different statistical dimensions of randomness, targeting aspects such as entropy, pattern distribution, and structural uniformity within the ciphertext.

To determine whether the ciphertext passes a randomness test, a significance level $\mathit{\alpha }$ must be defined prior to analysis. In this study, a significance level of α = 0.01 was selected, corresponding to a 1% threshold. Accordingly, any p-value less than 0.01 indicates a failure in the randomness test. To ensure statistical reliability, the sample size must be no less than $1/\mathit{\alpha }$; therefore, a minimum of 100 ciphertext samples were used. A test is considered passed if its p-value is greater than or equal to $\mathit{\alpha }$, and failed otherwise.

The acceptable pass ratio threshold for the tests is calculated using Equation (7):

$${\mathit{p}}_{\mathit{\alpha }}=\left(1-\mathit{\alpha }\right)-3\sqrt{{\displaystyle \frac{\mathit{\alpha }\left(1-\mathit{\alpha }\right)}{\mathit{s}}}}$$

(7)

In this equation, $\mathit{s}$ is the sample size (set to 1000 in this evaluation), and $\mathit{\alpha }$ is the significance level. The test suite concludes that the cipher output is statistically random if the proportion of passing tests is greater than or equal to ${\mathit{p}}_{\mathit{\alpha }}$. Otherwise, the cipher fails the randomness requirement.

For the randomness test setup, the SMA cipher was used to produce ciphertexts across nine distinct data categories, as summarized in

Table 13. Overview of Data Category Inputs.

No.	Data Category	Key Input	Plaintext Input	Derived Blocks	Derived Bits
1	SKA	196 random 80-bit keys	One all-zero 64-bit plaintext	15,680	1,003,520
2	SPA	One all-zero 80-bit key	245 random 64-bit plaintext	15,680	1,003,520
3	PCC	1 random 80-bit key	15,625 random 64-bit texts	15,625	1,000,000
4	CBCM	1 random 80-bit key	One all-zero 64-bit plaintext	15,625	1,000,000
5	RPRK	1 random 80-bit key	15,625 random 64-bit plaintext	15,625	1,000,000
6	LDK	3241 specific 80-bit keys	3241 random 64-bit texts	3241	207,424
7	HDK	3241 specific 80-bit keys	3241 random 64-bit texts	3241	207,424
8	LDP	2081 random 80-bit keys	2081 specific 64-bit texts	2081	133,184
9	HDP	2081 random 80-bit keys	2081 specific 64-bit texts	2081	133,184

. Each category involved a unique configuration of key and plaintext inputs, with the number of derived blocks ranging from 2081 to 15,680 and total generated bits between 133,184 and 1,003,520. These outputs reflect the encryption of either fixed or random 64-bit plaintexts using 80-bit keys, depending on the test case. The ciphertexts were concatenated into large sequences suitable for NIST randomness testing, with the total data size per category ranging from approximately 16 KB to 125 KB. The block size and key size define the total number of blocks generated for each test sample [26].

All fifteen statistical tests were applied to categories compatible with CBC, PCC, RPRK, SPA, and SKA formats. Due to constraints in data length, only ten statistical tests were applied to the LDK, HDK, LDP, and HDP categories.

To evaluate the SMA cipher’s randomness characteristics, nine data categories were generated with diverse key and plaintext input configurations. Each category produced a large number of derived blocks and bits to ensure statistical adequacy for the NIST randomness tests.

The SKA (Statistical Key Avalanche) category used 196 randomly generated 80-bit keys with a fixed all-zero 64-bit plaintext, resulting in 15,680 derived blocks totaling 1,003,520 bits. Conversely, the SPA (Statistical Plaintext Avalanche) category fixed the key to all zeros and varied the plaintext using 245 randomly generated 64-bit inputs, producing the same block and bit totals as SKA.

In the PCC (Plaintext Ciphertext Correlation) category, a single random 80-bit key was used to encrypt 15,625 random plaintexts, yielding 15,625 blocks and 1,000,000 bits. The CBCM (Ciphertext-Based Constant Message) category used a single key with a constant all-zero plaintext, also producing 15,625 blocks and 1,000,000 bits. Similarly, RPRK (Random Plaintext Random Key) employed one random key with 15,625 random plaintexts, generating identical block and bit counts.

To test more granular scenarios, the LDK (Low-Density Key) and HDK (High-Density Key) categories used 3241 specific 80-bit keys with 3241 random plaintexts, producing 3241 blocks and 207,424 bits per category. The final two categories, LDP (Low-Density Plaintext) and HDP (High-Density Plaintext), utilized 2081 random 80-bit keys and 2081 specific plaintexts, resulting in 2081 blocks and 133,184 bits for each.

The experimental results demonstrate that the SMA block cipher successfully passed all 9 data categories and 15 statistical tests, as shown in

Table 14. SMA Randomness Analysis Results (SKA, SPA, PCC, CBC, and RPRK).

	Data Category
Statistical Test	SKA	SPA	PCC	CBC	RPRK
Range of Acceptable Rejection: [0, 20]
1. Runs	991/1000	989/1000	992/1000	990/1000	990/1000
2. Frequency	988/1000	989/1000	992/1000	995/1000	989/1000
3. Spectral DFT	989/1000	992/1000	990/1000	994/1000	986/1000
4. Block Frequency	993/1000	994/1000	989/1000	988/1000	996/1000
5. Binary Matrix Rank	991/1000	990/1000	987/1000	994/1000	991/1000
6. Approximate Entropy	990/1000	990/1000	989/1000	986/1000	992/1000
7. Longest Runs of Ones	991/1000	989/1000	987/1000	991/1000	989/1000
8. Serial	992/1000	990/1000	993/1000	990/1000	991/1000
9. Cumulative Sums	992/1000	990/1000	993/1000	994/1000	989/1000
10. Non-Overlapping Templates	989/1000	990/1000	990/1000	990/1000	990/1000
11. Maurer’s Universal	991/1000	994/1000	984/1000	983/1000	991/1000
12. Linear Complexity	988/1000	990/1000	987/1000	990/1000	983/1000
13. Overlapping Templates	990/1000	985/1000	988/1000	985/1000	990/1000
Range of Acceptable Rejection: [0, 14]
14. Random Excursion	608/613	621/628	632/639	620/627	594/600
15. Random Excursion Variant	608/613	620/628	632/639	621/627	596/600

and

Table 15. SMA Randomness Analysis Results (LDK, LDP, HDK, and HDP).

	Data Category
Statistical Test	LDK	LDP	HDK	HDP
Range of Acceptable Rejection: [0, 20]
1. Runs	990/1000	992/1000	989/1000	990/1000
2. Frequency	988/1000	984/1000	988/1000	994/1000
3. Spectral DFT	991/1000	990/1000	983/1000	988/1000
4. Block Frequency	992/1000	991/1000	984/1000	991/1000
5. Binary Matrix Rank	995/1000	988/1000	993/1000	982/1000
6. Approximate Entropy	993/1000	985/1000	987/1000	989/1000
7. Longest Runs of Ones	991/1000	995/1000	992/1000	992/1000
8. Serial	989/1000	992/1000	989/1000	990/1000
9. Cumulative Sums	988/1000	983/1000	991/1000	994/1000
10. Non-Overlapping Templates	989/1000	989/1000	989/1000	988/1000
11. Maurer’s Universal	*	*	*	*
12. Linear Complexity	*	*	*	*
13. Overlapping Templates	*	*	*	*
Range of Acceptable Rejection: Not Available
14. Random Excursion	*	*	*	*
15. Random Excursion Variant	*	*	*	*

* Test not executed due to insufficient data length.

. Notably, the cipher achieved a 100% passing rate across all applicable NIST SP 800-22 tests in each data category, affirming the robustness of its design. Furthermore, the p-values generated by the SMA cipher using the NIST Statistical Test Suite were uniformly distributed and exceeded the minimum threshold of 0.0001, as detailed in

Table 16. The SMA p-values of the Uniformity Test (SKA, SPA, PCC, CBC, and RPRK).

	Data Category
Statistical Test	SKA	SPA	PCC	CBC	RPRK
1. Runs	0.214439	0.353733	0.428095	0.605916	0.056426
2. Frequency	0.474986	0.518106	0.781106	0.316052	0.769527
3. Spectral DFT	0.568739	0.263572	0.751866	0.825505	0.034484
4. Block Frequency	0.520102	0.520102	0.595549	0.120207	0.643366
5. Binary Matrix Rank	0.401199	0.837781	0.889118	0.296834	0.088762
6. Approximate Entropy	0.350485	0.202268	0.973718	0.119508	0.786830
7. Longest Runs of Ones	0.344048	0.203351	0.442831	0.645448	0.175691
8. Serial	0.226954	0.482009	0.504306	0.274938	0.04512
9. Cumulative Sums	0.565090	0.50017	0.460819	0.213319	0.729832
10. Non-Overlapping Templates	0.501299	0.486167	0.458299	0.498877	0.526183
11. Maurer’s Universal	0.572847	0.251837	0.197981	0.043087	0.065230
12. Linear Complexity	0.454053	0.251837	0.961869	0.510153	0.796268
13. Overlapping Templates	0.444691	0.616305	0.995969	0.204439	0.585209
14. Random Excursion	0.424006	0.375151	0.495624	0.746409	0.311922
15. Random Excursion Variant	0.462252	0.583549	0.478043	0.522233	0.657168

and

Table 17. The SMA p-values of the Uniformity Test (LDK, LDP, HDK, and HDP).

Statistical Test	LDK	LDP	HDK	HDP
1. Runs	0.220159	0.512137	0.032274	0.377007
2. Frequency	0.684890	0.248014	0.635037	0.861264
3. Spectral DFT	0.313041	0.072514	0.302657	0.467322
4. Block Frequency	0.751866	0.777265	0.612147	0.463512
5. Binary Matrix Rank	0.093720	0.006472	0.244236	0.030197
6. Approximate Entropy	0.715679	0.715679	0.794391	0.723804
7. Longest Runs of Ones	0.979788	0.271619	0.632955	0.214439
8. Serial	0.226564	0.392515	0.084211	0.311564
9. Cumulative Sums	0.408575	0.226505	0.463478	0.477629
10. Non-Overlapping Templates	0.468405	0.470064	0.513858	0.517539
11. Maurer’s Universal	*	*	*	*
12. Linear Complexity	*	*	*	*
13. Overlapping Templates	*	*	*	*
14. Random Excursion	*	*	*	*
15. Random Excursion Variant	*	*	*	*

* Test not executed due to insufficient data length. Note: For the LDK, HDK, LDP, and HDP data categories, several NIST tests—specifically, Maurer’s Universal, Linear Complexity, Overlapping Templates, Random Excursion, and Random Excursion Variant—were not executed due to insufficient data length. These tests require larger datasets (typically ≥ 1,000,000 bits) or additional mathematical conditions in the sequence. As these categories generated fewer bits (≤207,424), the test results are marked with an asterisk (*). However, the first ten tests such as Frequency, Runs, Block Frequency, and DFT require smaller input sizes (as low as ~100,000 bits), and thus were successfully applied to all categories.

. These outcomes validate the strong randomness properties of the cipher’s output. The effective combination of substitution and 2D matrix permutation in the SMA enhances both confusion and diffusion, contributing to its secure and randomized ciphertext structure.

4.3. Cryptanalysis Attacks

A cryptanalysis attack is an experimental method used to determine whether a cryptosystem can be distinguished from a random function [27]. Evaluating the security of a lightweight block cipher requires examining its behavior under several well-established cryptanalytic techniques. Among these, differential cryptanalysis (DC) and linear cryptanalysis (LC) are the most widely used methods for determining whether a cipher behaves indistinguishably from a random permutation. To ensure that the SMA cipher provides strong confidentiality guarantees, it is essential to analyze how differences and linear masks propagate through its substitution–permutation structure.

4.3.1. Differential Cryptanalysis (DC)

To perform differential cryptanalysis on an n-bit block cipher, an attacker seeks input differences that propagate through multiple rounds with probabilities greater than $2^{1-n}$. For SMA to withstand differential attacks, this requirement corresponds to a security threshold of $2^{-63}$. Any differential trail exceeding this probability would thus represent a potential vulnerability.

Table 18. Differential Trails with Optimal Probability (SMA Cipher).

Round	Input Mask of S-Box	Output Mask of S-Box	Probability	Cumulative Probability
1	0000000000000001	0000000040080000	2−2	2−2
2	0000000040080000	2000000001200C80	2−4	2−6
3	2000000001200C80	0C82A81822000100	2−10	2−16
4	0C82A81822000100	E229A3C01A83F808	2−20	2−36
5	E229A3C01A83F808	B3257F2B6A2AA649	2−31	2−67

summarizes the optimal differential trail identified for the SMA block cipher. Beginning with a single active nibble at the input, the difference propagates through the S-box and permutation layers across five rounds. Each round presents the corresponding input and output difference patterns together with the round probability and cumulative trail probability. The results show a rapid decrease in probability, reaching a cumulative value of approximately 2⁻⁶⁷ after the fifth round. Since this probability falls well below the security bound of 2⁻⁶³ for a 64-bit block cipher, the SMA effectively suppresses exploitable differential trails beyond Round 5.

Figure 8 illustrates the propagation of differences through the SMA round structure. The figure highlights the active S-boxes in each round and traces the diffusion of bit differences through the AddRoundKey, substitution, and 2D permutation layers. Red-shaded components indicate active positions contributing to the trail. As the rounds progress, the number of active S-boxes increases and the differences spread uniformly across the state. This behavior demonstrates the SMA’s strong diffusion capability, which accelerates the reduction in differential trail probabilities and strengthens resistance against differential cryptanalysis.

4.3.2. Linear Cryptanalysis (LC)

To apply linear cryptanalysis on an n-bit block cipher, a predictable linear approximation must propagate through the rounds with a significant correlation amplitude greater than $2^{-n/2}$. For a 64-bit cipher such as the SMA, resistance to linear cryptanalysis requires that no linear approximation appears with an amplitude higher than $2^{-32}$.

For a 64-bit block cipher, linear approximations with correlation amplitudes below $2^{-32}$ are generally considered computationally infeasible to exploit in practice, as the required data complexity exceeds realistic attack limits. This threshold is therefore commonly adopted as a security bound for evaluating resistance to linear cryptanalysis in lightweight block cipher designs.

The experimental findings summarized in

Table 19. Linear Trails with Optimal Bias (SMA Cipher).

Round	Input Mask of S-Box	Output Mask of S-Box	Bias	Correlation Potentials
1	0000000000000001	0000000200080000	−2−2	−2−2
2	0000000200080000	0008000001201402	2−4	−2−6
3	0008000001201402	1925F488C2180200	2−12	−2−18
4	1925F488C2180200	437F69393F6174CE	−2−26	2−44

show that the highest linear propagation occurs in the fourth round, with a cumulative correlation potential of $2^{-44}$, which is substantially lower than the security threshold. The limited clustering of linear masks observed in the SMA cipher indicates that the substitution–permutation layers effectively disrupt linear relations between plaintext and ciphertext. As a result, no meaningful linear approximation can be extended beyond the fourth round, confirming the cipher’s robustness against linear attacks.

The linear cryptanalysis results show that the SMA cipher reaches its highest correlation amplitude in the fourth round, with a cumulative potential of $2^{-44}$, which is far below the security threshold of $2^{-32}$. Beyond this round, no effective linear trail can be constructed due to the rapid diffusion provided by the substitution–permutation layers, confirming the cipher’s strong resistance to linear distinguishers. These observations clearly validate the robustness of the SMA against linear cryptanalysis, as shown in Figure 9.

4.3.3. Comparison DC and LC

Table 20. Probabilities of Differential Trails and Correlation Potentials of Linear Trails.

Algorithms
	SMA		LAO-3D		GIFT		PRESENT		RECTANGLE
Attack
Round	DC	LC	DC	LC	DC	LC	DC	LC	DC	LC
1	2−2	2−2	2−2	2−2	2−6	2−1	2−2	2−1	2−2	2−1
2	2−6	2−6	2−8	2−8	2−10	2−2	2−4	2−2	2−4	2−2
3	2−16	2−18	2−15	2−14	2−16	2−3	2−8	2−4	2−7	2−4
4	2−36	* 2−44	2−27	2−20	2−20	2−5	2−12	2−6	2−10	2−6
5	* 2−67	–	2−44	2−26	2−26	2−7	2−20	2−8	2−14	2−8
6	–	–	* 2−64	2−32	2−30	2−10	2−24	2−10	2−18	2−10
7	–	–	–	* 2−38	2−36	2−13	2−28	2−12	2−25	2−13
8	–	–	–	–	2−40	2−16	2−32	2−14	2−31	2−16
9	–	–	–	–	2−46	2−20	2−36	2−16	2−36	2−19
10	–	–	–	–	2−50	2−25	2−41	2−18	2−41	2−22
11	–	–	–	–	2−56	2−29	2−46	2−20	2−46	2−25
12	–	–	–	–	2−60	2−31	2−52	2−22	2−51	2−28
13	–	–	–	–	* 2−64	* 2−34	2−56	2−24	2−56	2−31
14	–	–	–	–	–	–	2−62	2−26	2−61	* 2−34
15	–	–	–	–	–	–	* 2−66	2−28	* 2−66	–
16	–	–	–	–	–	–	–	2−30	–	–
17	–	–	–	–	–	–	–	2−32	–	–
18	–	–	–	–	–	–	–	* 2−34	–	–

* No effective trail from the encryption round onward.

[28,29] compares the differential and linear cryptanalytic behavior of the SMA with several lightweight block ciphers, showing that the cumulative probability drops below $2^{-63}$ by the fifth round, indicating strong resistance to differential attacks. A similar analysis was carried out for linear cryptanalysis, where the maximum correlation likewise diminishes rapidly across rounds, reaching values lower than $2^{-32}$ by the fourth round.

For a broader comparison against other lightweight block ciphers,

Table 21. Active S-Boxes of Differential Cryptanalysis (DC) and Linear Cryptanalysis (LC).

		Rounds
Algorithm	Attack	1	2	3	4	5	6	7	8	9
SMA	DC	1	2	5	10	* 14	–	–	–	–
	LC	1	2	6	* 13	–	–	–	–	–
LAO-3D	DC	1	3	6	11	17	* 25	–	–	–
	LC	1	3	5	7	9	11	* 13	–	–
GIFT	DC	1	2	3	5	7	10	13	16	18
	LC	1	2	3	5	7	9	12	15	18
PRESENT	DC	1	2	4	6	10	12	14	16	18
	LC	1	2	3	4	5	6	7	8	9
RECTANGLE	DC	1	2	3	4	6	8	11	13	14
	LC	1	2	3	4	6	8	10	12	14

* No effective trail from the encryption round onward.

[8] summarizes the number of active differential and linear S-boxes across nine encryption rounds. The results show that the SMA cipher begins accumulating a high number of active S-boxes from the early rounds, indicating rapid diffusion. Based on the differential and linear probabilities presented in Table 18 and Table 19, the SMA achieves a cumulative differential probability of $2^{-67}$ with 14 active S-boxes by the fifth round, which is significantly lower than the allowable threshold of $2^{-63}$. Furthermore, the SMA exhibits a cumulative linear correlation potential of only $2^{-44}$ up to the fourth round, demonstrating stronger resistance compared to several existing lightweight algorithms. These findings confirm that the SMA cipher maintains robust security margins under both differential and linear cryptanalysis.

4.4. Performance Evaluation

The proposed SMA block cipher was implemented using a Windows 11 (64-bit) platform equipped with an AMD Ryzen 7 5700U processor (Advanced Micro Devices, Inc., Santa Clara, CA, USA) operating at 1.801 GHz with 8 cores and 16 logical processors, and 16 GB RAM.

All implementations were coded in C++ under Visual Studio (Release|x64) and compiled with full optimizations. For fairness, each cipher was executed with the same test harness, which processes one million 64-bit blocks over five repeated trials and excludes key schedule precomputation and I/O operations from the measured time. A short warm-up phase was executed before timing to stabilize caches and eliminate startup variability.

The performance evaluation was conducted for all ciphers using 64-bit plaintext blocks and 80–128-bit secret keys. Each cipher was executed for its full number of rounds to measure the total encryption time, throughput, and cycle cost. These measurements were then compared with other well-known lightweight block ciphers, including RECTANGLE, KLEIN, LAO-3D, and PRESENT.

Speed tests were performed by encrypting a large dataset of 64-bit plaintext blocks to determine the average encryption time per block (expressed in microseconds) and encryption throughput. The evaluation focused on the SMA cipher’s 20-round implementation using the optimized lookup-table (LUT) round design and 8 × 8 two-dimensional matrix permutation.

The performance of a cryptographic algorithm can be quantified using three primary metrics: the encryption speed, the encryption throughput (bytes per second), and the number of CPU cycles required per byte.

These are computed as shown in Equations (8) and (9):

$$\mathit{T}\mathit{h}\mathit{r}\mathit{o}\mathit{u}\mathit{g}\mathit{h}\mathit{p}\mathit{u}\mathit{t}={\displaystyle \frac{\mathbf{Message}\mathbf{Size}\mathbf{\left(}\mathbf{bytes}\mathbf{\right)}}{\mathbf{Encryption}\mathbf{Time}\mathbf{\left(}\mathbf{s}\mathbf{\right)}}}$$

(8)

$$\mathit{C}\mathit{y}\mathit{c}\mathit{l}\mathit{e}\mathit{s}\mathit{p}\mathit{e}\mathit{r}\mathit{B}\mathit{y}\mathit{t}\mathit{e}={\displaystyle \frac{\mathbf{CPU}\mathbf{Clock}\mathbf{Speed}\mathbf{Frequency}\mathbf{\left(}\mathbf{Hz}\mathbf{\right)}}{\mathbf{Encryption}\mathbf{Throughput}}}$$

(9)

Therefore, based on the experimental results summarized in

Table 22. Comparative Performance Test Findings.

Algorithm	SMA	RECTANGLE	KLEIN	LAO-3D	PRESENT
Block Size (bit)	64	64	64	64	64
Key Size (bit)	80	80	80	128	80
Rounds	20	25	16	20	31
Encryption Algorithm Components	1. AddRound Key 2. SubNibble 3. Two-Dimensional Matrix Permutation	1. AddRound Key 2. Substitution S-layer 3. Bit Permutation	1. Sub Nibble 2. Rotate Nibble 3. Mix Nibble	1. AddRound Key 2. Sub Column S-box 3. 3DRotation	1. AddRound Key 2. Substitution S-box 3. Permutation
Encryption Speed (µs per block)	0.200	0.300	0.500	0.500	0.600
Encryption Throughput (byte per second)	34,770,055.19	24,497,646.66	16,514,405.91	15,836,964.78	13,957,267.38
Encryption Throughput (block per second)	4,346,256.90	3,062,205.83	2,064,300.74	1,979,620.60	1,744,658.42
Cycles per Byte	51.7974	73.5173	109.0563	113.7213	129.0367
Cycles per Block	414.3796	588.1381	872.4504	909.7703	1,032.2938

, the proposed SMA cipher demonstrates high performance and low resource consumption, making it competitive and suitable for implementation in IoT and mobile encryption applications where both security and efficiency are critical.

The selected performance evaluation setup reflects a software-level simulation commonly adopted in lightweight cryptography research to assess algorithmic efficiency prior to embedded deployment. Metrics such as encryption latency, throughput, and cycles per byte are architecture-independent indicators that enable fair comparison across platforms and implementations. While real IoT devices operate under stricter power and memory constraints, the chosen methodology provides meaningful insight into the computational cost and scalability of the proposed cipher, serving as a practical baseline for future embedded or hardware-based evaluations.

5. Discussion

The experimental results demonstrate that the SMA block cipher achieves a strong balance between security, statistical robustness, and computational efficiency, positioning it as a competitive option among state-of-the-art lightweight ciphers. The confusion–diffusion characteristics introduced by the PRESENT S-box and the 2D matrix permutation produced consistently strong avalanche behavior, low plaintext–ciphertext correlation, and uniformly distributed randomness across all test categories. These outcomes are aligned with, and in several cases superior to, previously reported lightweight designs such as PRESENT, GIFT, RECTANGLE, and LAO-3D, confirming that structured diffusion based on two-dimensional transformations can achieve desirable cryptographic properties without the overhead of algebraic mixing or complex linear layers.

Although LRBC exhibits a slightly higher average avalanche effect under plaintext variation, a higher avalanche percentage alone does not directly imply superior overall security. Avalanche effect measures diffusion strength but does not capture resistance to differential and linear cryptanalysis, randomness quality, or implementation efficiency. SMA achieves near-ideal avalanche behavior (≈50%) while maintaining stronger statistical randomness, balanced cryptanalytic resistance, and lower computational cost, which collectively provide a more comprehensive security profile for lightweight IoT environments.

From a cryptanalytic perspective, the SMA exhibits rapid decrease in differential and linear trail probabilities. The best-found differential characteristic reaches a cumulative probability of approximately 2⁻⁶⁷ after five rounds, which is below the theoretical security threshold of 2⁻⁶³ for a 64-bit block cipher. Likewise, the maximum linear correlation potential diminishes to 2⁻⁴⁴ by the fourth round. These findings confirm that the SMA cipher maintains robust security margins under both differential and linear cryptanalysis and that its substitution–permutation structure effectively suppresses exploitable statistical dependencies. Consequently, the full 20-round SMA design provides a wide security margin and can be considered resistant to both differential and linear distinguishers.

The statistical evaluation further reinforces these conclusions. The NIST SP 800-22 randomness tests showed that SMA achieves a 100% passing rate across all applicable tests in the nine data categories, with all p-values exceeding the minimum acceptable threshold. The uniformity of these p-values suggests that the cipher produces high-entropy ciphertext even under diverse input and key conditions. Similarly, avalanche-based tests—including correlation coefficient, bit error rate, and key sensitivity analysis—confirm that the SMA consistently produces near-ideal diffusion, with approximately 50% of ciphertext bits changing following a single-bit modification in the plaintext or key. This behavior demonstrates that the SMA’s 2D permutation and non-linear substitution effectively obscure structural patterns and ensure that minor input variations propagate unpredictably throughout the state.

Beyond security, the performance evaluation highlights another important advantage of the SMA design. With an encryption time of 0.200 µs per 64-bit block and a throughput of 34.77 MB/s, the SMA-64/80 implementation outperforms lightweight ciphers such as RECTANGLE, KLEIN, LAO-3D, and PRESENT on the same testing platform. The cipher’s low computational cost 51.79 cycles/byte and 414.38 cycles/block can be attributed to its efficient LUT-based implementation and the computational simplicity of its 8 × 8 matrix permutation. Unlike more complex 3D transformations or GF-based diffusion layers, the SMA’s permutation relies solely on index-based operations, reducing memory-access overhead and avoiding multipliers or wide XOR chains. These design choices enable the SMA to achieve high throughput, low latency, and energy-efficient execution while still maintaining strong security guarantees.

Compared with ARX-based lightweight ciphers such as SIMON, which rely primarily on simple bitwise operations for efficiency, the SMA adopts an SPN-based structure with non-linear substitution and structured 2D permutation to enhance diffusion and resistance against differential and linear cryptanalysis. While SIMON emphasizes minimal hardware cost, the SMA prioritizes balanced security margins and strong statistical properties, as demonstrated by its avalanche behavior and full NIST randomness compliance.

Although a comparison with 3D ciphers such as LAO-3D is provided in terms of security behavior and software performance, quantitative hardware metrics such as area, power consumption, and energy per bit are not included in this study. Accurate evaluation of these parameters requires ASIC or FPGA synthesis using specific standard-cell libraries and hardware design flows, which are beyond the scope of this software-oriented cryptographic analysis. Hardware-level evaluation is therefore identified as an important direction for future work.

Given these findings, the SMA offers a promising lightweight encryption solution for IoT devices, edge nodes, mobile platforms, and other constrained environments where both performance and security are essential.

To ensure reproducibility and to clarify the practical feasibility of the proposed cipher, the following section describes the software implementation details and simulation environment used to evaluate the SMA.

6. Software Implementation

This section describes the software realization of the proposed SMA cipher in both desktop and IoT-oriented environments. The implementations were designed to validate functional correctness, assess computational feasibility, and evaluate memory requirements under realistic deployment conditions.

6.1. Desktop Application

To validate the functional correctness of the proposed SMA cipher, a desktop-based application was developed using C++ under Visual Studio 2022 and executed on a general-purpose laptop. The application provides an interactive command-line interface that allows users to input a secret key and plaintext message and observe the corresponding encryption and decryption processes. As illustrated in Figure 10, the encryption operation successfully generates a 64-bit ciphertext in hexadecimal format from the provided plaintext and key.

Subsequently, Figure 11 demonstrates the decryption process, where the same secret key is used to correctly recover the original plaintext from the ciphertext. These results confirm the correctness, reversibility, and practical usability of the SMA implementation in a software-level environment representative of IoT-oriented cryptographic testing.

Executing the SMA in a desktop setting enables rapid testing, debugging, and verification of algorithmic behavior without the limitations imposed by embedded systems. The desktop implementation therefore serves as a reference model for correctness prior to deployment in constrained environments.

6.2. IoT Simulation Environment

The IoT-oriented implementation of the SMA was realized using the Contiki-NG operating system (version 5.1, available at https://contiki-ng.org, accessed on 29 December 2025) and evaluated through the Cooja network simulator on a Linux-based platform. The cipher was executed as a native Cooja mote, enabling realistic event-driven execution consistent with IoT node behavior. Figure 12 illustrate Cooja simulation of the SMA cipher on Contiki-NG using a single mote. The network view confirms correct deployment, while the mote output shows successful system initialization and the generated ciphertext (CT), validating correct execution of the proposed cipher in an IoT-oriented environment.

The memory footprint of the proposed SMA cipher was evaluated using the Contiki-NG build system targeting the Cooja platform as presented in

Table 23. Memory footprint of the proposed SMA cipher on the Contiki-NG Cooja platform.

Metric	Value
ROM usage	260,755 bytes (≈254.7 KB)
RAM usage	118,160 bytes (≈115.4 KB)
Platform	Contiki-NG + Cooja
Evaluation level	System-level

. The ROM usage (code size) was computed as the sum of the text and data segments, while the RAM usage (data memory) was calculated as the sum of the data and BSS segments. The BSS segment represents memory allocated for uninitialized global and static variables and contributes to the overall RAM usage during execution.

The obtained results reflect the system-level memory requirements, including the Contiki-NG operating system, the networking stack, and the integrated SMA cipher. This evaluation confirms the feasibility of the SMA for deployment in IoT-oriented environments with constrained resources.

The simulation was conducted using a single Cooja mote, which is sufficient for validating the correct execution and memory footprint of the proposed SMA cipher. Since the SMA is a local cryptographic primitive and does not rely on inter-node communication, a single-mote configuration is adequate for this evaluation. The successful execution and logging of encryption-related outputs in the Cooja environment demonstrate that the SMA can be effectively integrated into IoT software stacks (i.e., a general term referring to integrated collections of operating systems, communication protocols, and middleware used in IoT systems).

7. Conclusions

This paper presented the SMA, a Secure Matrix-Based lightweight block cipher designed for resource-constrained IoT and mobile environments. By integrating a nibble-wise PRESENT S-box with an efficient 2D matrix permutation, the SMA achieves strong confusion, rapid multi-round diffusion, and a compact 20-round SPN structure. The experimental evaluations confirm that the SMA produces high-quality randomness, exhibits ideal avalanche behavior, and maintains low plaintext–ciphertext correlation. Differential and linear cryptanalysis show no exploitable trails within the full-round design, demonstrating robust security margins. Performance measurements further indicate that SMA achieves fast encryption speeds and low computational cost, outperforming several established lightweight ciphers on the same platform. In addition, a software-level implementation was developed to validate the functional correctness and practical feasibility of the SMA in IoT-oriented environments.

Overall, the results indicate that the SMA offers a secure and efficient encryption solution suitable for IoT nodes, edge devices, wearable electronics, and other low-power systems. Future work may explore hardware-level implementations to assess area and energy requirements, investigate side-channel and fault-attack resistance, and extend the design to authenticated encryption or hashing modes. Additional research into configurable block sizes or adaptive permutation parameters may further enhance the flexibility of the 2D matrix approach for emerging lightweight cryptographic applications.