Dynamic S-Box Construction Using Mordell Elliptic Curves over Galois Field and Its Applications in Image Encryption

: Elliptic curve cryptography has gained attention due to its strong resilience against current cryptanalysis methods. Inspired by the increasing demand for reliable and secure cryptographic methods, our research investigates the relationship between complex mathematical structures and image encryption. A substitution box (S-box) is the single non-linear component of several well-known security systems. Mordell elliptic curves are used because of their special characteristics and the immense computational capacity of Galois ﬁelds. These S-boxes are dynamic, which adds a layer of complexity that raises the encryption process’s security considerably. We suggest an effective technique for creating S-boxes based on a class of elliptic curves over GF ( 2 n ) , n ≥ 8. We demonstrate our approach’s robustness against a range of cryptographic threats through thorough examination, highlighting its practical applicability. The assessment of resistance of the newly generated S-box to common attack methods including linear, differential, and algebraic attacks involves a thorough analysis. This analysis is conducted by quantifying various metrics such as non-linearity, linear approximation, strict avalanche, bit independence, and differential approximation to gauge the S-box’s robustness against these attacks. A recommended method for image encryption involves the use of built-in S-boxes to quickly perform pixel replacement and shufﬂing. To evaluate the efﬁciency of the proposed strategy, we employed various tests. The research holds relevance as it can provide alternative guidelines for image encryption, which could have wider consequences for the area of cryptography as a whole. We believe that our ﬁndings will contribute to the development of secure communication and data protection, as digital security is becoming increasingly important.


Most individuals frequently want to keep their personal information confidential.
There have been several occasions throughout history where it was necessary to keep important information hidden from intruders.In particular, it was still crucial to prevent enemies from intercepting communications between generals or rulers and their troops.In the past, simple strategies were used to obfuscate data.On the other hand, the world became more interconnected as society advanced.Due to the rising demand for electronic services, this resulted in an increasing reliance on electronic systems.It is a generally acknowledged activity to exchange private information online.As a result, the need for advanced techniques of data security has become more and more imperative every day.The basic goal of cryptography is the creation of techniques that guarantee safe communication over the networks.The word "cryptography" is derived from two Greek words: "Kryptos" which refers to something concealed or unrevealed and "graphein" which describes the process of learning or writing.The primary goal of cryptography is often regarded as safeguarding information security.The subjects of computer science, mathematics, communication science, physics, and electrical engineering play a significant role in the development of modern cryptography.Cryptography is useful in many realworld situations like protecting chip-based payment cards, allowing digital currencies, securing computer passwords, and simplifying electronic commerce.An S-box is the nonlinear component of cryptosystems employing block ciphers.These cryptosystems use two kinds of S-boxes, static and dynamic.Static S-boxes are fixed tables with substitution values that do not change during the encryption procedure.Even though they are easy to create and efficient, their fixed nature leaves them open to some kinds of assaults, such as differential cryptanalysis or algebraic attacks.Conversely, dynamic S-boxes provide unpredictability to the substitution procedure.They use functions or algorithms that, depending on certain variables or parameters, dynamically produce the substitution values.By increasing the complexity of the encryption scheme and making it harder for attackers to identify patterns in the substitution process, its security is strengthened.
Strong cryptosystems are also developed using elliptic curves.The most often used strategies for enhancing information security are those based on elliptic curves.We will specifically focus on elliptic curve cryptography (ECC) and the many approaches proposed by many experts in this field.The elliptic curve was initially used as a public key cryptosystem in 1985 by Miller [1].Additionally, it was shown that the ECC cryptosystem is twenty percent more effective than the Diffie-Hellman algorithm.Koblatiz et al. in [2] presented the concept of a discrete logarithmic issue which is applied to construct a highly secure, quick, and effective security system.An effective method to multiply the elliptic curve points and their resources is provided in [3] and compared with binary and non-adjacent (NAF) forms.It has been found that ECC, which uses a shorter key length than RSA, is more secure overall.In [4], an elliptic curve is used over a prime field to generate elliptic curve points, and then, each point's x and y coordinates are added.The modulo function is then used to construct various numbers of 4 × 4 S-boxes.In [5], a procedure for creating prime field dependent 8 × 8 (8 input bits, 8 output bits) S-boxes is described.In this work, the modulo operation is used after the x-coordinate of an elliptic curve to produce the various numbers of 8 × 8 S-boxes dependent on the prime field.The authors in [6] presented novel approaches for creating S-boxes utilizing the total order on an elliptic curve (EC) over a prime field.A search method is used to efficiently construct an EC in place of the more traditional group rule, which is computationally expensive.The x-coordinates of the points of the order elliptic curve (OEC) are used in the construction method for the S-boxes.These methods can be used to create various numbers of 8 × 8 S-boxes.Although they are independent of the underlying elliptic curve and may or may not generate an S-box for any input value, their result is still unpredictable.A 4 × 4 S-box was developed in [7] by using elliptic curves over GF (2 4 ).Shah et al. in [8] used the Mordell elliptic curves over finite fields with elements 256, 512, 2048.The authors designed three S-boxes with one S-box of nonlinearity 112 and with a very low score of strict avalanche criteria (SAC).The authors concluded that we can obtain good S-boxes over GF(2 n ), n ≥ 9.In this, study, we used the same idea and will show that over GF(2 8 ), there are extremely good S-boxes as compared to S-boxes produced in [8] in terms of scores of strict avalanche criteria (SAC), bit independence criteria (BIC), linear approximation probability (LAP), and differential approximation probability (DAP) .
The confidentiality, integrity, and validity of digital images depend on image encryption techniques, which also secure transmission, solve privacy issues, adhere to legal requirements, stop illegal changes, and safeguard intellectual property rights.Feng et al. in [45] developed a new fractional-order 3D Lorenz chaotic system and a 2D sinusoidally constrained polynomial hyper-chaotic map (2D-SCPM).The multi-image encryption technique outperforms several contemporary image encryption algorithms by utilizing multichannel fusion, chaotic random substitution, dynamic diffusion, and quick scrambling.The authors in [46] used an image encryption method that employs two keys.The first key is generated by a 2D Logistic Sine map and a Linear Congruential Generator, while the second key is generated from the Tent map, the Bernoulli, and the KAA map.The study in [47] presents a Feistel cipher structure-based simplified picture encryption algorithm (SIEA) for picture security in cloud storage that makes use of the key generation and permutation approaches.For digital image encryption, the study [48] suggests ARHM (AES and Rossler Hyperchaotic Modeling) that combines AES with phantom transformation and the Rossler hyperchaotic system.This model conducts simulations and analyses including key space, key sensitivity, histogram, pixel correlation, entropy, and resistance to differential attacks.It makes use of chaotic system randomness and AES encryption speed.Ali et al. proposed an image encryption algorithm based on S-boxes using the direct product of cyclic groups and Galois fields [49].The authors in [50] used Mobius transformation on a Galois field to generate robust S-boxes and presented a scheme that can protect medical images in a better way.The use of quantum theory in image encryption has been on the rise lately.The Quantum Chaotic Map and DNA Coding-based Image Encryption Algorithm (QCMDC-IEA) is susceptible to assaults on its DNA domain encryption and has intrinsic security weaknesses such as the presence of an equivalent key resulting from independent chaos-based sequences.A suggested technique of attack takes advantage of these flaws to achieve low complexity and full decipherment.The authors presented recommendations for security enhancements in similar cryptosystems to address the discovered weaknesses [51].An image encryption algorithm utilizing Quantum Logistic and Lorenz Chaotic Map with DNA Coding, claims enhanced security, but a proposed chosen-plaintext attack exposes vulnerabilities in its permutation and diffusion key.Suggestions for improvement are offered to bolster the algorithm's security and practicality in cryptographic design [52].
It is evident from the literature that there is a dire need to design robust S-boxes using algebraic structures to enhance the security of cryptosystems.The elliptic curves and Galois fields are used separately in the literature for designing image encryption schemes and S-boxes.The elliptic curves provide greater security due to the short key length, and its usage along with the Galois field can improve the strength of cryptosystems.The following are the motivations for the proposed work:

•
The elliptic curves provide great resistance against linear and differential cryptanalysis due to their nonlinear nature.

•
Compact S-box designs can be achieved by representing elliptic curves with smaller key sizes than conventional mathematical structures.In terms of efficiency, this can be helpful, particularly in settings with few resources.

•
Hardware and software may both effectively implement elliptic curve operations.For real-world applications, such as embedded systems or gadgets with constrained processing power, this efficiency is essential.• A further degree of protection is provided by the mathematical hardness of elliptic curve problems like the elliptic curve discrete logarithm problem.The cryptographic strength of elliptic curve-based designs is predicated on the difficulty of solving these complex mathematical problems.• Due to the strong properties of elliptic curves and a highly nonlinear permutation of the Galois field, the proposed strategy for S-boxes and encryption has a greater ability to resist cryptanalysis.
The contributions of the proposed scheme are as follows.
• The generated S-boxes have nonlinearity greater than 105 with four optimal boxes of nonlinearity 112.

•
As the degree of irreducible polynomials increases, the number of irreducible polynomials increases quickly, and we can produce millions of S-boxes with the proposed work in a short time.

•
The entropy of the proposed cipher image is close to 8, confirming the efficacy of the effectiveness of the method.
The rest of the article is divided into five Sections.Section 2 deals with preliminaries.The proposed algorithm is described in Section 3. Analysis of S-boxes has been made in Section 4. We employed the proposed S-boxes in image encryption in Section 5. Section 6 concludes the study.

Preliminaries
In this section, we will present some basic definitions related to the Galois field and elliptic curves.

Maximal Ideal
Let M be an ideal of R and M = R, then M is called maximal if no proper ideal of R contains M.

Galois Field
For a prime number p and for an irreducible polynomial f (x is a finite field of order p m called Galois field and denoted by GF(p m ), where t is a particular root of f (x).

Elliptic Curve
Consider the field F with |F| = p k for some prime p and natural number n, then the elliptic curve over F is defined as where the point O is called the infinite point.This form is known as the Weierstrass form of an elliptic curve.
If A, B ∈ F and B(A 2 − 4) = 0, then the curve By 2 = x 3 + Ax 2 + x is known as the Montgomery form of an elliptic curve.

Mordell Elliptic Curve
The elliptic curve with a = 0 is called a Mordell elliptic curve.If p k ≡ 2 (mod 3), then there is randomness and distinctness in y-coordinates of points satisfying the elliptic curve.

Proposed Algorithm for the Construction of S-boxes
We used the x and y coordinates of points (x, y) satisfying a Mordell elliptic curve that is interpreted over GF(2 n ) employing different irreducible polynomials of degree n.

S-Boxes Using Mordell
An elliptic curve of the form The number of points satisfying the curve other than infinity is exactly p n , so we can use them to construct S-boxes.As there is no repetition in x-coordinates of point (x, y) ∈ GF(2 n ) × GF(2 n ), by defining a bijective map, we can obtain an S-box.We call an S-boxm the S-box generated by using an irreducible polynomial with decimal value m.The algorithm is described as follows.
(2) Choose the Mordell elliptic curve (3) Choose x-coordinates of points (x, y) satisfying the Mordell curve.All 10 S-boxes are presented in Tables 1-10.The table of comparison shows that S-boxes produced using these polynomials are better than the S-boxes designed in [8] in terms of scores of SAC, BIC SAC, LAP, and DAP.
), n = 9, 11 over GF(2 n ), n = 9, 11 has exactly p n points in such a way that there is no repetition in x and y-coordinates with random values in y-coordinates.The proposed algorithm for the S-box is described as follows.
(1) Choose any irreducible polynomial of degree 9, 11 over the binary field.

Security Analysis of S-Boxes
This segment discusses the outcomes of security evaluations conducted on the proposed S-boxes to evaluate their resistance to cryptographic attacks.The S-box was evaluated through five different tests including Nonlinearity, Strict Avalanche Criteria (SAC), Bit Independence Criteria (BIC), Probability of Linear Approximation (LAP), and Probability of Differential Approximation (DAP).The results were compared to some popular S-boxes in Table 11.

Nonlinearity (NL)
The nonlinearity of a boolean function g is one of the most desirable characteristics of a strong S-box.It is defined as , where W(v) represents the Walsh spectrum of the polarity truth table of the boolean function g, and n is the number of input bits.The nonlinearity of a boolean function measures its difference from a set of all affine functions of n variables.We can calculate the Walsh spectrum in the following way; Walsh spectrum = Hadamard matrix of order n × n [polarity truth table of f ].

Strict Avalanche Criteria (SAC)
To assess the cryptographic potency of substitution boxes (S-boxes) used in symmetric key algorithms, one property is known as strict avalanche criteria (SAC).A minor change in the input causes substantial changes in the output when using SAC, which quantifies how much changing a single bit of an S-box's input impacts the output bits.The output bits of the S-box should change with a probability of 0.5 for each output bit when any one of its input bits is reversed.If all potential input bit changes are averaged, the amount of 0s and 1s in the output bits should be equal.By doing this, it is made sure that no particular output value is preferred by the S-box.Ideally, if k input bits are modified, at least (k/2) output bits should also change.This characteristic makes sure that a minor change in the input spreads and results in a significant change in the result.A boolean function f satisfies the SAC if for every vector a of hamming weight 1 , the function f (x) ⊕ f (x ⊕ a) is balanced.

Bit Independence Criteria (BIC)
Let f a and f b be two-bit outputs of an S-box; if highly nonlinear and satisfies the strict avalanche criteria, then S-box satisfies BIC.The bit independence criteria assesses the correlation between the input bits and the output bits of an S-box.An S-box should exhibit a high degree of bit independence, which means that the output bits should have as little correlation as possible with the input bits.

Linear Approximation Probability (LAP)
The probability of linear approximation for an S-box is the likelihood that its inputs will approach its outputs linearly given a certain number of input-output pairs.A weaker S-box would have a higher linear approximation probability because it would be more susceptible to linear attacks.On the other side, a smaller linear approximation probability indicates a stronger S-box.Due to this, the S-box exhibits greater resilience against linear attacks.The following formula can be used to calculate the linear approximation probability considering u, v to be the input and output masks, respectively.

Differential Approximation Probability (DP)
The differential approximation probability for an S-box quantifies the probability that a particular input difference will result in a particular output difference, taking into account a specified number of rounds.It quantifies the probability of a particular differential characteristic occurring within the S-box.To calculate the differential approximation probability, one typically performs an exhaustive search over all possible input and output differences for a given number of rounds, counting the occurrences of each difference and calculating the probability as the ratio of the occurrences of the desired difference to the total number of input/output pairs tested.The lower the differential approximation probability, the more resistant the S-box is against differential cryptanalysis.A lower probability indicates that the S-box does not exhibit any strong differentials, making it more difficult for an attacker to exploit differential characteristics and break the cipher.
where ∆u is the input, and ∆v is the output differential.

Discussion
• Large nonlinearity is required for the S-box to fend off linear attacks.Table 11 shows that there are four S-boxes with optimal nonlinearity, while the remaining also have considerable scores.

•
The strict avalanche criterion is deemed to be met rather effectively by the SAC score that is close to the optimal value of 0.50.Table 11 shows that, in comparison to most recently created S-boxes with the avalanche effect, our best SAC score of 0.4998 is quite near to the ideal value.As a result, the suggested S-box successfully satisfies the strict avalanche criteria.

•
Under the bits independence requirement, the pair-wise disjoint boolean functions have demonstrated strong performance for both SAC and nonlinearity scores.Each of our proposed S-boxes has a sound score of nonlinearity and SAC.

•
A lower DU score is indicative of a secure S-box.Among all generated S-boxes, none of the S-boxes has a score of DU greater than 10.

•
The resistance of the S-box against linear cryptanalysis is likewise correlated with the likelihood of linear approximation.It is claimed that an S-box with a lower LAP score is more resistant to linear cryptanalysis.The LP values of our S-boxes are lower than many of the proposed S-boxes as shown in Table 11.

Image Encryption
In this section, we will examine an innovative approach for protecting digital images that makes use of a specially designed S-box.Our analysis included several distinct tests designed to assess the durability and effectiveness of our picture encryption approach while also testing its resistance to prospective attacks.After a thorough evaluation and analysis of our process, we compared the outcomes to those attained using well-known encryption methods.The results of our study showed that the suggested method for encrypting digital images performed the best overall.All the codings were completed in MATLAB R2023a using the CBC mode of AES with a random key of 256 bits.Figure 1a-k represents the plain and cipher image of a baboon, while Table 12 is the comparison of image encryption schemes.

Entropy
Entropy is a metric that quantifies the degree of unpredictability or disorganization in the pixel values of an image.By utilizing Shannon's entropy formula, which factors in the probability distribution of diverse pixel values present in the image, one can determine the entropy of an image.If all 256-pixel values within an 8-bit grayscale image occur with equal probability, then the image's entropy value reaches its maximum possible value of 8. Scrambled illustrations with an entropy value that is near 8 have pixel values that are spread out as uniformly as possible.Therefore, it becomes difficult to predict the original image from the scrambled image.
where p(y) represents the probability of a pixel.
A strong image encryption scheme must have an entropy score close to 8.

Correlation
One method for evaluating the similarity between a filter and the corresponding pixels in an image is called correlation, which involves convolving the filter over the image using a mathematical operation.A way to assess the robustness of the confidentiality protocol is to examine the correlation between the original image and the scrambled image.A desirable property of an image encryption system is that the correlation statistic value amidst the original and scrambled images should be as close to 0 as possible.In practical image encryption scenarios, a correlation coefficient value approaching zero is considered ideal.A correlation coefficient value below 0.1 is generally considered a strong indicator of a high-quality encryption scheme.However, if the correlation coefficient value exceeds 0.1, it implies the existence of a weak encryption scheme with a risk of unveiling the original image from the scrambled image.
where µ a and µ b represent the means of their respective variables.

Contrast
The difference in brightness or intensity between various areas of an encrypted image is referred to as contrast in a cipher image.It specifies how distinct the dark and bright parts appear in the cipher image.Contrast is important for picture encryption because it influences the visual appeal and readability of the encrypted image.A stronger contrast indicates that there is a notable difference in brightness or intensity between various areas of the encrypted image.A high-contrast cipher image offers several advantages in an encryption scheme: (1) Enhanced Security: Higher contrast can make it more challenging for attackers to analyze or extract meaningful information from the cipher image.Well-defined edges and distinct intensity variations can make it harder to detect patterns or identify specific features within the image.(2) Robustness Against Attacks: A cipher image with higher contrast can exhibit greater resilience against common attacks, such as statistical analysis, pixel correlation, or known-plaintext attacks.The increased variability in intensity levels can make it more difficult to exploit statistical regularities and effectively break the encryption.(3) Improved Visual Quality: Although the primary goal of image encryption is security, maintaining a visually appealing and interpretable cipher image is also desirable.Higher contrast often leads to a more visually striking encrypted image, which may enhance the user experience and the overall acceptance of the encryption scheme.
image content should not be revealed by the noise.The encryption plan might be made to adjust to different noise levels.Because of its versatility, the scheme can withstand variations in noise levels or types without losing its effectiveness.We used salt and pepper noise with different intensity levels to check the effectiveness of the proposed image encryption scheme.We can observe that the PSNR values are still greater than 30 after adding noise in the image (see Table 13).Figure 2 shows the results of the noise attack with an intensity of 0.1, 0.3, 0.5, respectively.

Conclusions and Future Study
Robust cryptographic solutions are extremely important as the digital landscape continues to change.Our study explores the complex field of image encryption, utilizing the strong characteristics of elliptic curve cryptography to improve security protocols.This paper utilizes the intricate configuration of elliptic curves within the binary Galois field extension GF(2 n ), n ≥ 8 to establish an effective approach for constructing S-boxes.There are a lot of existing schemes for designing S-boxes using the prime field, but we used GF(2 n ), n ≥ 8.We compared our results with existing schemes on prime fields and GF(2 n ), n ≥ 8.We concluded that for n ≥ 9, the produced S-boxes are relatively weak as compared to the usage of GF(2 8 ).Our conclusion contradicts the conclusion of [8] by producing a large number of S-boxes using GF(2 8 ) and GF(2 9 ).Our thorough analysis, which included measures, such as bit independence, strict avalanche, non-linearity, linear approximation, and differential approximation, highlighted the robustness of our suggested approach.Furthermore, we have employed S-boxes in the substitution process, yielding significantly superior results compared to various alternative methods.We demonstrated the effectiveness and efficiency of our method through extensive testing, providing a viable substitute for strengthening digital security protocols.Our research has the potential to advance data security and secure communication paradigms and advance the field of cryptography as a whole.Going ahead, our study offers insightful advice and suggestions for creating robust encryption systems, which are essential for protecting sensitive data in a world getting more digitally connected.In the future, we are interested in using some more elliptic and hyperelliptic curves over GF(2 n ), n ≥ 8 to design robust S-boxes.

Figure 1 .
Figure 1.Plain image and cipher images using proposed S-boxes.

Table 11 .
Algebraic analysis of proposed and some well-known S-boxes.

Table 12 .
Results of majority logic criteria and differential analysis of image encryption scheme.