A Novel Algorithm of Constructing Highly Nonlinear S-p-boxes

Abstract

The role of substitution boxes is very important in block ciphers. Substitution boxes are utilized to create confusion in the cryptosystem. However, to create both confusion and diffusion in any cryptosystem p-boxes and chaos base substitution boxes are designed. In this work, a simple method is presented that serves both ways. This method is based on composition of the action of symmetric group on Galois field and inversion map. This construction method provides a large number of highly non-linear substitution permutation boxes having the property of confusion as well as diffusion. These substitution permutation boxes have all the cryptography properties. Their utilization in the image encryption application is measured by majority logic criterion. We named these newly designed substitution boxes (S-boxes) as substitution permutation boxes (S-p-boxes), because they serve as both substitution boxes (S-boxes) as well as permutation boxes (p-boxes).

1. Introduction

Cryptography techniques have been utilized in different areas. In this era, due to progress in computer and communication technology have facilitated mankind to transfer important personal data through the long-distance channels. The concerns that are related to secrecy of transfer data is a big problem. Cryptology provides the solution of all such requirements in modern day communication systems. The symmetric (private) and asymmetric (public) key cryptography are two most trusted cryptographic models for secure communication. Both methodologies have several benefits and drawbacks as well.

Symmetric key cryptography algorithms have two types. These types are block ciphers and stream ciphers. The concept of block cipher was introduced by C. Shannon. Block ciphers, like DES, advanced encryption standard (AES), and international data encryption algorithm (IDEA), play an important role in multimedia security. The substitution box and permutation box are the two most indispensable parts of a secure block cipher. The role of substitution box is to make the relationship between the secret key and the ciphertext as complex as possible. Permutation box induces diffusion in the system.

2. Related Work

In literature, different researchers worked in this aspect. The construction of AES [1] is based on the composition of inversion map and affine transformation. In 2007 Cui and Cao presented the APA S-box [2]. In the construction of affine-power-affine S-box, the composition of affine surjection, power function, and again affine surjection are used. This model of S-box improves algebraic complexity as compared to AES. In 2008 Minh-Triet Tran, Doan-Khanh Bui and Anh-Duc Duong proposed Gray S-box [3]. It was obtained that AES includes an additional transformation based on the binary gray code. This S-box has similar properties to AES. In addition, it is more secure against algebraic and interpolation attacks in comparison to AES. In 2009, Kim and Phan suggest Skipjack S-box [4]. This S-box is a Feistel network that is based on 32 rounds. This scheme uses the 80-bit key for encryption or decrypts 64-bit blocks. Later, Iqtadar et al. in [5] proposed chaos based S-boxes. Also, in [6,7,8,9,10,11,12,13,14] different S-boxes are constructed utilizing different algebraic structures and chaotic maps. These S-boxes have strong algebraic analysis but weak statistical analysis [13]. In [14] Iqtadar et use permutations of $S_8$ on Liu S-box to attain 40,320 S-boxes, but there are p- boxes that were obtained from S-boxes and a different author using group action on Galois field by linear fractional transformation.

A substitution box is a mapping $S:{\mathbb{Z}}_2{}^r\to {\mathbb{Z}}_2{}^t$. This mapping map $r$ input bits to $t$ output bits. Substitution box is signified in matrix from a rectangular and square matrix. Substitution box of dimension $r\times t$ with $r=t$ has two categories. In first category, every input has a distinctive output. Second category involves those substitution boxes where several inputs may have the same output and all possible output are not existing in S-box. An S-box of dimension $r\times t$, which is one-to-one and onto is said to be bijective S-box. This S-box maps each input to a distinct output and all possible outputs are included in the S-box. The existence of bijective S-boxes may imply that $r=t$ and these S-boxes are also renowned as reversible S-boxes. Reversible S-boxes are very significant in symmetric key cryptosystems.

Most of the work that is related to S-boxes is based on affine transformations and linear fractional transformations [14,15,16,17,18,19,20,21,22,23,24,25,26]. In both cases, we have some constraints on coefficients of affine transformations and linear fractional transformations. Also, for diffusing property chaotic maps [27], permutations on S-box entries and binary gray code are used. The motivations behind the present work are to obtain a scheme free of constraints, to generate large number of highly nonlinear S-boxes and the S-boxes having the diffusing property as well. This work is unique in the aspect of constructing a large number of highly non-linear substitution permutation boxes (S-p-boxes).

3. Preliminaries

Group is a non-empty set with an associative binary operation having the properties of unique identity and each member of the set has unique inverse. For instance, a set of rational number $Q/\left\{0\right\}$ under multiplication is a group.

Symmetric Group $S_n$ is also an example of group. It is the group of all possible permutations on a set of n members with the binary operation of composition of functions.

A polynomial $h\left(y\right)\in R\left[Y\right]$ is said to be irreducible over a unitary commutative ring $R$ if it is non-unit in $R\left[Y\right]$ and if we write it as $h\left(y\right)=n\left(y\right)·m\left(y\right),$ then one of $n\left(y\right)$, $m\left(y\right)$ is unit in $R\left[Y\right]$.

Galois field $GF\left(q^r\right)$ is a field that has order $q^r$, where $q$ is prime and $r$ is a positive integer. Suppose that $h\left(y\right)$ be the $r$ degree polynomial, which is primitive irreducible over the prime field ${\mathbb{Z}}_q,$ where $q$ is prime. For primitive root $\varsigma$ of the polynomial $h\left(y\right)$, we define Galois field, as follows

$$GF\left(q^r\right)=\frac{{\mathbb{Z}}_q\left[y\right]}{\langle h\left(y\right)\rangle }=\left\{b_0+b_1\varsigma +b_2{\varsigma }^2+\dots +b_{r-1}{\varsigma }^{r-1}:b_j\in {\mathbb{Z}}_q,\forall j=0,1,2,\dots ,r-1\right\}$$

For instance, $q=2 and r=3$, we have following Galois field.

$$GF\left(2^3\right)=\frac{{\mathbb{Z}}_2\left[y\right]}{\langle h\left(y\right)\rangle }=\left\{b_0+b_1\varsigma +b_2{\varsigma }^2:b_j\in {\mathbb{Z}}_2,\forall j=0,1,2\right\}$$

here $h\left(y\right)=$ 1 + $y$ + $y^3$, $GF\left(2^3\right)$ has eight elements.

Let $\varsigma$ be the primitive irreducible root of $h\left(y\right)$

$$h\left(\varsigma \right)=0 implies that 1+\varsigma +{\varsigma }^3=0 implies that {\varsigma }^3=-\varsigma -1$$

here, the coefficient belongs to ${\mathbb{Z}}_2$ and −1 in ${\mathbb{Z}}_2$ is equal to 1.

$${\varsigma }^3=1+\varsigma , {\varsigma }^4=\varsigma +{\varsigma }^2, {\varsigma }^5=1+\varsigma +{\varsigma }^2, {\varsigma }^6=1+{\varsigma }^2, {\varsigma }^7=1$$

Similarly, $GF\left(2^8\right)$ is constructed and we computed it computationally.

$$GF\left(2^8\right)=\frac{{\mathbb{Z}}_2\left[y\right]}{\langle h\left(y\right)\rangle }=\left\{b_0+b_{1}y+b_2{y}^2+\dots +b_7{y}^7:b_i\in {\mathbb{Z}}_2,\forall i=0,1,2,\dots ,7\right\}$$

where $h\left(y\right)=$ 1 + $y^2$ + $y^3$ + $y^4$ + $y^8$ is a primitive irreducible polynomial.

4. Design for Proposed S-p-Boxes

The design of the suggested S-p-box is dependent on the composition of action of symmetric group $S_8$ on to Galois field $GF\left(2^8\right)$ and inversion map. The action of $S_8$ on $GF\left(2^8\right)$ is defined as:

$$\eta :S_8\times GF\left(2^8\right)\to GF\left(2^8\right)$$

$$1: \eta \left({\sigma }_e,d\left(z\right)\right)={\left(d\left(z\right)\right)}^{{\sigma }_e}=d\left(z\right):where {\sigma }_e\in S_8, d\left(z\right)\in GF\left(2^8\right)$$

$$2: \eta \left(\sigma ,\eta \left(\rho ,d\left(z\right)\right)\right)=\eta \left(\sigma \circ \rho ,d\left(z\right)\right)={\left(d\left(z\right)\right)}^{\sigma \circ \rho }$$

The construction of S-p-boxes has four steps:

Step 1: Construct Galois field $GF\left(2^8\right)$

Step 2: Define action of the symmetric group $\eta :S_8\times GF\left(2^8\right)\to GF\left(2^8\right)$, defined by

$$\eta \left(\sigma ,d\left(z\right)\right)={\left(d\left(z\right)\right)}^{\sigma }, where \sigma \in S_8 and d\left(z\right)\in GF\left(2^8\right)$$

here, a fixed $\sigma \in S_8$ is utilized in the design of a single S-p-box. This phase of design will kill the structure of Galois field and induced diffusion.

Step 3: Define inversion map $\xi :GF\left(2^8\right)\to GF\left(2^8\right)$ by

$$\xi \left(d\left(z\right)\right)={\left(d\left(z\right)\right)}^{-1}, where d\left(z\right)\in GF\left(2^8\right)$$

Step 4: Define composition map $\tau :GF\left(2^8\right)\to GF\left(2^8\right)$ by

$$\xi \left(\eta \left({\sigma }_i,d\left(z\right)\right)\right)=w\left(z\right), \tau =\xi \circ \eta$$

This composition gives us the desired S-p-box. We pick a specific permutation, and using this permutation, we permute according to the defined action in the Galois field (in

Table 1. $GF\left(2^3\right)$ generated by 1 + y + y³.

Power Form	Binary Form	Polynomial Form	Power Form	Binary Form	Polynomial
$\mathbf{0}$	$000$	$0$	${\mathsf{\varsigma }}^3$	$110$	$1+\mathsf{\varsigma }$
${\mathsf{\varsigma }}^{\mathbf{7}}$	$100$	$1$	${\mathsf{\varsigma }}^4$	$011$	$\mathsf{\varsigma }+{\mathsf{\varsigma }}^2$
$\mathsf{\varsigma }$	$010$	$\mathsf{\varsigma }$	${\mathsf{\varsigma }}^5$	$111$	$1+\mathsf{\varsigma }+{\mathsf{\varsigma }}^2$
${\mathsf{\varsigma }}^{\mathbf{2}}$	$001$	${\mathsf{\varsigma }}^2$	${\mathsf{\varsigma }}^6$	$101$	$1+{\mathsf{\varsigma }}^2$

) in step 2. In the third step, each member of Galois field is mapped to its inverse. Following the same procedure, we get 40,320 highly nonlinear S-p-boxes. The method is explained below by a simple example by constructing a small S-box and with the similar method, an S-box of dimension $16\times 16$ is constructed. The computational scheme is presented in Figure 1. It notable that, in this construction, zero is always mapped on zero and the remaining numbers are mapped on a different number according to the permutations.

In Table 1, Galois field $GF\left(2^3\right)$ is constructed. We choose $S_3=\left\{I,\left(01\right), \left(02\right), \left(12\right), \left(012\right), \left(021\right)\right\}$ to explain the procedure by a small example. We select $\sigma =\left(012\right)$.

In step 1, as $GF\left(2^3\right)$ is constructed in Table 1.

In step 2 (

Table 2. Explanation of step 2.

Polynomial Form	$\mathit{\eta }\left(\left(012\right),\mathit{d}\left(\mathit{z}\right)\right)={\left(\mathit{d}\left(\mathit{z}\right)\right)}^{\left(012\right)}$	Resulting Polynomial Form
0	$0^{\left(012\right)}$	$0$
$1$	${\left(z^0\right)}^{\left(012\right)}$	$z$
$z$	${\left(z\right)}^{\left(012\right)}$	$z^2$
$z^2$	${\left(z^2\right)}^{\left(012\right)}$	$z^0=1$
$1+z$	${\left(z^0+z^1\right)}^{\left(012\right)}$	$z+z^2$
$z+z^2$	${\left(z^1+z^2\right)}^{\left(012\right)}$	$1+z^2$
$1+z+z^2$	${\left(z^0+z^1+z^2\right)}^{\left(012\right)}$	$1+z+z^2$
$1+z^2$	${\left(z^0+z^2\right)}^{\left(012\right)}$	$1+z$

), $\eta :S_3\times GF\left(2^3\right)\to GF\left(2^3\right)$

In step 3 (

Table 3. Explanation of step 3.

Resulting Polynomial Form	${\left(\mathit{d}\right(\mathit{z}\left)\right)}^{-1}$
$0$	0
$z$	$1+z^2$
$z^2$	$1+z+z^2$
$z^0=1$	$1$
$z+z^2$	$1+z$
$1+z^2$	$z$
$1+z+z^2$	$z^2$
$1+z$	$z+z^2$

), the resulting form which is again a $GF\left(2^3\right)$ is mapped on there inverses.

Hence, the S-box obtained is of dimension $2\times 4$

0	7	3	4
5	1	2	6

The S-p-box presented in

Table 4. Proposed S-p-box.

0	1	216	114	108	237	72	137	142	244	192	88	57	81	111	46
54	95	56	35	36	87	40	209	248	213	104	140	202	91	17	217
173	157	144	222	112	208	80	34	221	152	85	128	31	74	207	169
48	136	19	193	82	141	219	119	43	30	203	99	239	179	6	187
27	84	24	223	28	130	135	229	161	29	68	79	159	198	238	107
18	89	41	113	20	63	227	231	165	53	200	246	230	240	181	234
73	49	11	220	206	59	197	100	39	45	189	148	13	60	7	123
210	247	16	115	250	116	66	212	98	90	118	120	243	180	232	117
71	167	224	62	96	86	164	195	122	186	76	102	44	138	64	94
146	78	129	26	185	196	233	251	166	4	37	97	23	77	218	121
61	170	160	131	38	139	171	12	93	150	75	42	51	110	21	225
22	103	151	14	32	236	132	205	69	147	55	65	47	50	254	252
124	204	155	188	52	194	235	242	228	176	15	92	70	5	191	175
101	184	249	67	134	177	3	143	163	158	215	214	226	241	211	201
83	105	172	9	156	8	149	154	2	245	199	162	190	183	174	182
133	125	153	10	109	33	127	255	168	58	25	145	178	106	126	253

is designed using a permutation $\sigma =\left(1467253\right)$. Similarly, for each permutation of $S_8$, we can get an S-p-box. These S-p-boxes depend on permutation. For each permutation of $S_8$, we have a new S-p-box that is different from other S-p-boxes. Accordingly, permutation can be used as a key for the unique S-p-boxes. The inverse S-p-box is obtained by using reverse procedure.

5. Algebraic Analysis and Simulation Results

In order to judge the utility of proposed S-box for any cryptosystem, we generally used standard algebraic analysis. This analysis includes bit independence criterion, nonlinearity, strict avalanche criterion, and differential and linear approximation probability. The comparison of proposed S-p-box is also made with some classical S-boxes and presently constructed S-boxes. The proposed S-p-box fulfills all of the optimal values of standard algebraic analysis. Detail of these analyses is discussed below.

5.1. Nonlinearity

Nonlinearity measures the minimum distance between the set of all n-variable affine functions and an n-variable Boolean function $\left(x\right)$. Mathematically, it is defined as

$$NL\left(g\right)=0.5\left(2^n-WH{T}_{max}\right)$$

where $WH{T}_{max}$ is the maximum absolute value in the Walsh-Hadamard transform vector.

Non-linearity of newly suggested S-p-box is 112 and a comparison is made with some classic as well, as recently constructed S-boxes is shown in

Table 5. Outcomes of nonlinearity analysis of constituent functions of different S-boxes.

S-Boxes	${\mathit{g}}_0$	${\mathit{g}}_1$	${\mathit{g}}_2$	${\mathit{g}}_3$	${\mathit{g}}_4$	${\mathit{g}}_5$	${\mathit{g}}_6$	${\mathit{g}}_7$	Average
Proposed	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$
Gray	$112$	$112$	$112$	$112$	$112$	112	112	$112$	$112$
Ref. [6]	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$
AES	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$	$112$
Ref. [10]	$108$	$106$	$108$	$108$	$108$	$104$	$106$	$106$	$106.75$
Ref. [8]	$106$	$106$	$106$	$104$	$108$	$102$	$106$	$104$	$105.25$
Ref. [12]	$108$	$104$	$106$	$106$	$102$	$98$	$104$	$108$	$104$

. The graphical representation is shown in Figure 2. Here, it is noteworthy that, following the similar method, 40,320 highly non-linear S-p-boxes are obtained. The non-linearity of proposed S-p-box has a superior value than Ref. [8], Ref. [10], and Ref. [12], and it has equal value to AES, Ref. [6], and Gray.

5.2. Strict Avalanche Criterion

A Boolean function $g\left(x\right)$ such that for every $t$ satisfies the expression

$$HW\left(t\right)=1{\displaystyle \sum }_{x}g\left(x\right)g\left(x\oplus t\right)=2^{n-1}$$

Known as strict avalanche criterion. In other words, strict avalanche criterion (SAC) measures how much the output bits altered when a single change in input bits is made.

An S-box fulfills SAC criterion if an alteration in one bit in the input bit can cause an avalanche change in the output bits that is nearly half of the output bits must be altered. The comparison of overall SAC analysis of proposed S-p-box with AES and Gray is shown in

Table 6. SAC Analysis of Proposed S-p-box.

	${\mathit{g}}_0$	${\mathit{g}}_1$	${\mathit{g}}_2$	${\mathit{g}}_3$	${\mathit{g}}_4$	${\mathit{g}}_5$	${\mathit{g}}_6$	${\mathit{g}}_7$
Bit 0	128	116	120	124	136	112	116	116
Bit 1	128	116	116	124	128	116	124	128
Bit 2	116	132	120	140	116	124	128	128
Bit 3	116	124	144	144	112	116	116	128
Bit 4	132	124	136	140	124	128	128	116
Bit 5	128	128	132	124	116	128	116	124
Bit 6	124	136	124	136	128	128	116	132
Bit 7	124	128	120	132	116	116	128	116

,

Table 7. SAC Analysis of AES S-box.

	${\mathit{g}}_0$	${\mathit{g}}_1$	${\mathit{g}}_2$	${\mathit{g}}_3$	${\mathit{g}}_4$	${\mathit{g}}_5$	${\mathit{g}}_6$	${\mathit{g}}_7$
Bit 0	132	132	116	144	116	124	116	128
Bit 1	120	124	144	128	124	116	128	136
Bit 2	132	132	128	120	144	128	136	128
Bit 3	136	136	120	116	128	136	128	140
Bit 4	116	128	116	132	128	128	140	136
Bit 5	116	132	132	120	120	140	136	136
Bit 6	136	136	120	132	120	136	136	124
Bit 7	128	140	136	132	144	120	132	120

and

Table 8. SAC Analysis of Gray S-box.

	${\mathit{g}}_0$	${\mathit{g}}_1$	${\mathit{g}}_2$	${\mathit{g}}_3$	${\mathit{g}}_4$	${\mathit{g}}_5$	${\mathit{g}}_6$	${\mathit{g}}_7$
Bit 0	132	132	116	144	116	124	116	128
Bit 1	120	128	136	120	132	120	136	136
Bit 2	136	120	120	128	140	136	136	112
Bit 3	132	136	128	124	132	136	112	132
Bit 4	120	132	124	124	116	112	132	132
Bit 5	120	128	124	120	140	132	132	120
Bit 6	120	136	120	136	136	132	120	132
Bit 7	128	140	136	132	144	120	132	120

, while the average outcomes are shown in

Table 9. Average outcomes of SAC.

S-Boxes	Proposed	Gray	Ref. [6]	AES	Prime
Minimum Value	0.437	0.421	0.453	0.453	0.343
Maximum value	0.526	0.525	0.525	0.526	0.671
Average	0.487	0.476	0.510	0.504	0.516
Square Deviation	0.015	0.015	0.0165	0.0156	0.032

and graphical representation of analysis comparison is described in Figure 3. It can be observed from Table 9 that the proposed S-p-box has attained a maximum value = 0.526, minimum value = 0.437, average value = 0.487, and square deviation = 0.015. These outcomes are better than the Gray S-box.

5.3. Bit Independence Criterion

Bit independence criterion (BIC) investigated those input bits that continue unaltered. The modification of unaltered input bits and the avalanche vectors’ independent performance of pairwise variables are the assets of this criterion. In the symmetric cryptosystem, BIC is an effective property as, by increasing independence between bits, it is almost impossible to predict and recognize the pattern of the system [11].

The outcomes of nonlinearity are presented in

Table 10. Non-linearity of bit independence criterion (BIC) of Proposed S-p-box.

-	112.000	112.000	112.000	112.000	112.000	112.000	112.000
112.000	-	112.000	112.000	112.000	112.000	112.000	112.000
112.000	112.000	-	112.000	112.000	112.000	112.000	112.000
112.000	112.000	112.000	-	112.000	112.000	112.000	112.000
112.000	112.000	112.000	112.000	-	112.000	112.000	112.000
112.000	112.000	112.000	112.000	112.000	-	112.000	112.000
112.000	112.000	112.000	112.000	112.000	112.000	-	112.000
112.000	112.000	112.000	112.000	112.000	112.000	112.000	-

. The bits, which are generated by eight constituent functions, are compared with each other for the purpose to measure the independence characteristics. The correlation due to the alteration in input bit and the corresponding alteration in output bits is calculated. Initially, $j^{th}$ and $k^{th}$ bits are kept fixed and $the i^{th}$ bit is changed from 1 to n after that j and k are altered.

BIC analysis performed on different S-boxes and their comparison with the proposed S-box is shown in

Table 11. BIC analysis of Proposed S-p-box.

S-Boxes	Average	Minimum Value	Square Deviation
Proposed	112	112	0
AES	112	112	0
Gray	112	112	0
Ref. [6]	112	112	0
Ref. [8]	103.2	94	3.53
Ref. [10]	103.643	96	2.7283

. It can be observed that BIC analysis of proposed S-box has a minimum value = 112, average value = 112, and square deviation = 0. These outcomes are comparatively excellent when compared to Ref. [8] and Ref. [10]. Graphical representations of outcomes are presented in Figure 4.

5.4. Linear Approximation Probability

Linear approximation probability measures the imbalance of the incident. This analysis is convenient in enumerating the supreme value of the discrepancy of an event between input and output. The two masks, ${\mathsf{\Gamma }}_x$ and ${\mathsf{\Gamma }}_y$, are applied to the parity of the input bits and output bits, respectively.

$$LP={}_{{\mathsf{\Gamma }}_x,{\mathsf{\Gamma }}_y\ne 0}{}^{max}\left[\frac{\#\left\{x:x\cdot {\mathsf{\Gamma }}_x=S\left(x\right)\cdot {\mathsf{\Gamma }}_y\right\}}{2^n}-0.5\right]$$

where $x$ is all possible inputs and $2^n$ is a number of the input element.

In

Table 12. Linear approximation analysis of the Proposed S-p-box.

S-Boxes	Proposed	Gray	Ref. [6]	AES	Ref. [10]	Ref. [8]	Skipjack
Max Value	144	144	144	144	162	164	156
Max LP	0.0625	0.0625	0.0625	0.0625	0.1484	0.159	0.109

, linear probability (LP) analysis is presented and a comparison with selected S-boxes is also shown. The maximum value of linear approximation of the proposed S-box is 144, which demonstrates that the proposed S-p-box has strong resisting ability against linear attacks. In Figure 5, a graphical representation of the suggested S-p-box with some selected S-boxes is presented. LP analysis of the proposed S-p-box is better than Ref. [8], Ref. [10], and Skipjack, while its Max LP is the same as AES, Gray, and Ref. [6].

5.5. Differential Approximation Probability

Differential approximation probability guaranteed uniform mapping. For every change in the input, there must be a unique change in output. These features of differential approximation probability guarantee uniform mapping probability for every input bit i.

$$DP\left(△x\to △y\right)=\left[\frac{\#\left\{x\in X:S\left(x\right)⨁S\left(x⨁△x\right)=△y\right\}}{2^m}\right]$$

(1)

where $△x$ is the input differential and $△y$ is the output differential.

The proposed S-p-box has maximum differential probability is 0.015625, which is comparable to the S-boxes that are present in

Table 13. Comparison of Differential approximation probability of different S-boxes.

S-Boxes	Proposed	Gray	Ref. [6]	AES	Ref. [10]	Ref. [8]	Skipjack
Max DP	0.015625	0.0156	0.015625	0.0156	0.0468	0.281	0.0468

. These S-boxes include Ref. [6], Ref. [8], Ref. [10], AES, Gray, and skipjack. The performance of proposed S-p-box is better than Ref. [8], Ref. [10], and skipjack. Figure 6 represents the graphical representation of differential approximation probability analysis.

6. Statistical Analysis

Statistical analyses are judged through majority logic criteria (MLC). MLC decides the suitability of an S-box for the encryption procedure of a specific type of data. In this criterion, a test image is encrypted using S-box by substituting the pixel values. This process is just testing of S-box suitability in the encryption process. This is not itself an encryption scheme. In this criterion, statistical analysis is applied on the original data and encrypted data. It measures the statistical properties. During the procedure of encryption, data is used and during this utilization of data produces alterations in the original data. The outcomes of several statistical analyses, which include contrast analysis, entropy analysis, energy analysis, correlation analysis, mean of absolute deviation analysis, and homogeneity analysis, which defines the appropriateness of S-box in encryption applications. This criterion is a decider, its analysis described whether the S-box is suitable for encryption applications or not [13].

Figure 7 shows that the image encryption sample image of Lena by using the proposed S-p-box and their corresponding histogram, respectively. The outcomes of statistical analysis of proposed S-p-box and a comparison with AES, Ref. [6], Ref. [10] and Gray are shown in

Table 14. Statistical Analysis of Proposed S-p-Box.

S-Boxes	Information Entropy	Contrast	Correlation	Energy	Homogeneity	MAD
S-p-box	7.7461	9.8198	0.0573	0.0163	0.4228	38.5638
AES	7.7301	7.3220	0.0879	0.0244	0.4835	36.3631
Ref. [6]	7.2415	7.4568	0.0785	0.0223	0.4731	37.3631
Ref. [10]	7.6595	6.3683	0.0996	0.0260	0.4984	36.3082
Gray	7.2301	7.5283	0.0586	0.0203	0.4623	27.4974

. In Table 14, AES and Ref. [6] are the most suitable for encryption and the proposed S-p-box has a better outcome than both, according to the majority logic criterion. The MLC analysis of proposed S-p-box showed that this S-p-box is more diffusing and better for any cryptosystem as compared to the best S-boxes in the literature. The proposed S-p-box is confusing as well as diffusing, which differentiate it from all other S-boxes constructed so far in literature. The majority logic criterion suggests that the proposed S-p-box has excellent image encryption properties.

7. Conclusions

A simple and innovative method is suggested for the construction of S-p-boxes in an unconstraint system as compared to linear fractional and affine transformation. The proposed S-p-box has an additional property of diffusion as well. S-p-box is constructed using the composition of the action of symmetric group $S_8$ on Galois field $GF\left(2^8\right)$ and inversion map. Due to this scheme, 8! highly nonlinear S-p-boxes are obtained. To judge the strength and efficiency of S-p-box, we apply nonlinearity analysis, strict avalanche analysis, bit independence analysis, and linear and differential approximation probability analysis. Suitability of S-p-box in image encryption application is measured by MLC analysis and its diffusing capability proves its superiority in image encryption application. It is further summarized that the suggested scheme of the proposed S-p-box has all the desired cryptographic properties and it is useable in any cryptosystem.