Open Access
This article is

- freely available
- re-usable

*Cryptography*
**2019**,
*3*(1),
6;
doi:10.3390/cryptography3010006

Article

A Novel Algorithm of Constructing Highly Nonlinear S-p-boxes

Department of Mathematics, Quaid-i-Azam University, Islamabad 44000, Pakistan

^{*}

Author to whom correspondence should be addressed.

Received: 16 December 2018 / Accepted: 9 January 2019 / Published: 16 January 2019

## Abstract

**:**

The role of substitution boxes is very important in block ciphers. Substitution boxes are utilized to create confusion in the cryptosystem. However, to create both confusion and diffusion in any cryptosystem p-boxes and chaos base substitution boxes are designed. In this work, a simple method is presented that serves both ways. This method is based on composition of the action of symmetric group on Galois field and inversion map. This construction method provides a large number of highly non-linear substitution permutation boxes having the property of confusion as well as diffusion. These substitution permutation boxes have all the cryptography properties. Their utilization in the image encryption application is measured by majority logic criterion. We named these newly designed substitution boxes (S-boxes) as substitution permutation boxes (S-p-boxes), because they serve as both substitution boxes (S-boxes) as well as permutation boxes (p-boxes).

Keywords:

S-p-box; S-box; Symmetric group; Galois field## 1. Introduction

Cryptography techniques have been utilized in different areas. In this era, due to progress in computer and communication technology have facilitated mankind to transfer important personal data through the long-distance channels. The concerns that are related to secrecy of transfer data is a big problem. Cryptology provides the solution of all such requirements in modern day communication systems. The symmetric (private) and asymmetric (public) key cryptography are two most trusted cryptographic models for secure communication. Both methodologies have several benefits and drawbacks as well.

Symmetric key cryptography algorithms have two types. These types are block ciphers and stream ciphers. The concept of block cipher was introduced by C. Shannon. Block ciphers, like DES, advanced encryption standard (AES), and international data encryption algorithm (IDEA), play an important role in multimedia security. The substitution box and permutation box are the two most indispensable parts of a secure block cipher. The role of substitution box is to make the relationship between the secret key and the ciphertext as complex as possible. Permutation box induces diffusion in the system.

## 2. Related Work

In literature, different researchers worked in this aspect. The construction of AES [1] is based on the composition of inversion map and affine transformation. In 2007 Cui and Cao presented the APA S-box [2]. In the construction of affine-power-affine S-box, the composition of affine surjection, power function, and again affine surjection are used. This model of S-box improves algebraic complexity as compared to AES. In 2008 Minh-Triet Tran, Doan-Khanh Bui and Anh-Duc Duong proposed Gray S-box [3]. It was obtained that AES includes an additional transformation based on the binary gray code. This S-box has similar properties to AES. In addition, it is more secure against algebraic and interpolation attacks in comparison to AES. In 2009, Kim and Phan suggest Skipjack S-box [4]. This S-box is a Feistel network that is based on 32 rounds. This scheme uses the 80-bit key for encryption or decrypts 64-bit blocks. Later, Iqtadar et al. in [5] proposed chaos based S-boxes. Also, in [6,7,8,9,10,11,12,13,14] different S-boxes are constructed utilizing different algebraic structures and chaotic maps. These S-boxes have strong algebraic analysis but weak statistical analysis [13]. In [14] Iqtadar et use permutations of ${S}_{8}$ on Liu S-box to attain 40,320 S-boxes, but there are p- boxes that were obtained from S-boxes and a different author using group action on Galois field by linear fractional transformation.

A substitution box is a mapping $S:{\mathbb{Z}}_{2}{}^{r}\to {\mathbb{Z}}_{2}{}^{t}$. This mapping map $r$ input bits to $t$ output bits. Substitution box is signified in matrix from a rectangular and square matrix. Substitution box of dimension $r\times t$ with $r=t$ has two categories. In first category, every input has a distinctive output. Second category involves those substitution boxes where several inputs may have the same output and all possible output are not existing in S-box. An S-box of dimension $r\times t$, which is one-to-one and onto is said to be bijective S-box. This S-box maps each input to a distinct output and all possible outputs are included in the S-box. The existence of bijective S-boxes may imply that $r=t$ and these S-boxes are also renowned as reversible S-boxes. Reversible S-boxes are very significant in symmetric key cryptosystems.

Most of the work that is related to S-boxes is based on affine transformations and linear fractional transformations [14,15,16,17,18,19,20,21,22,23,24,25,26]. In both cases, we have some constraints on coefficients of affine transformations and linear fractional transformations. Also, for diffusing property chaotic maps [27], permutations on S-box entries and binary gray code are used. The motivations behind the present work are to obtain a scheme free of constraints, to generate large number of highly nonlinear S-boxes and the S-boxes having the diffusing property as well. This work is unique in the aspect of constructing a large number of highly non-linear substitution permutation boxes (S-p-boxes).

## 3. Preliminaries

Group is a non-empty set with an associative binary operation having the properties of unique identity and each member of the set has unique inverse. For instance, a set of rational number $Q/\left\{0\right\}$ under multiplication is a group.

Symmetric Group ${S}_{n}$ is also an example of group. It is the group of all possible permutations on a set of n members with the binary operation of composition of functions.

A polynomial $h\left(y\right)\in R\left[Y\right]$ is said to be irreducible over a unitary commutative ring $R$ if it is non-unit in $R\left[Y\right]$ and if we write it as $h\left(y\right)=n\left(y\right)\xb7m\left(y\right),$ then one of $n\left(y\right)$, $m\left(y\right)$ is unit in $R\left[Y\right]$.

Galois field $GF\left({q}^{r}\right)$ is a field that has order ${q}^{r}$, where $q$ is prime and $r$ is a positive integer. Suppose that $h\left(y\right)$ be the $r$ degree polynomial, which is primitive irreducible over the prime field ${\mathbb{Z}}_{q},$ where $q$ is prime. For primitive root $\varsigma $ of the polynomial $h\left(y\right)$, we define Galois field, as follows

$$GF\left({q}^{r}\right)=\frac{{\mathbb{Z}}_{q}\left[y\right]}{\langle h\left(y\right)\rangle}=\left\{{b}_{0}+{b}_{1}\varsigma +{b}_{2}{\varsigma}^{2}+\dots +{b}_{r-1}{\varsigma}^{r-1}:{b}_{j}\in {\mathbb{Z}}_{q},\forall j=0,1,2,\dots ,r-1\right\}$$

For instance, $q=2andr=3$, we have following Galois field.
here $h\left(y\right)=$ 1 + $y$ + ${y}^{3}$, $GF\left({2}^{3}\right)$ has eight elements.

$$GF\left({2}^{3}\right)=\frac{{\mathbb{Z}}_{2}\left[y\right]}{\langle h\left(y\right)\rangle}=\left\{{b}_{0}+{b}_{1}\varsigma +{b}_{2}{\varsigma}^{2}:{b}_{j}\in {\mathbb{Z}}_{2},\forall j=0,1,2\right\}$$

Let $\varsigma $ be the primitive irreducible root of $h\left(y\right)$
here, the coefficient belongs to ${\mathbb{Z}}_{2}$ and −1 in ${\mathbb{Z}}_{2}$ is equal to 1.

$$h\left(\varsigma \right)=0impliesthat1+\varsigma +{\varsigma}^{3}=0impliesthat{\varsigma}^{3}=-\varsigma -1$$

$${\varsigma}^{3}=1+\varsigma ,{\varsigma}^{4}=\varsigma +{\varsigma}^{2},{\varsigma}^{5}=1+\varsigma +{\varsigma}^{2},{\varsigma}^{6}=1+{\varsigma}^{2},{\varsigma}^{7}=1$$

Similarly, $GF\left({2}^{8}\right)$ is constructed and we computed it computationally.
where $h\left(y\right)=$ 1 + ${y}^{2}$ + ${y}^{3}$ + ${y}^{4}$ + ${y}^{8}$ is a primitive irreducible polynomial.

$$GF\left({2}^{8}\right)=\frac{{\mathbb{Z}}_{2}\left[y\right]}{\langle h\left(y\right)\rangle}=\left\{{b}_{0}+{b}_{1}y+{b}_{2}{y}^{2}+\dots +{b}_{7}{y}^{7}:{b}_{i}\in {\mathbb{Z}}_{2},\forall i=0,1,2,\dots ,7\right\}$$

## 4. Design for Proposed S-p-Boxes

The design of the suggested S-p-box is dependent on the composition of action of symmetric group ${S}_{8}$ on to Galois field $GF\left({2}^{8}\right)$ and inversion map. The action of ${S}_{8}$ on $GF\left({2}^{8}\right)$ is defined as:

$$\eta :{S}_{8}\times GF\left({2}^{8}\right)\to GF\left({2}^{8}\right)$$

$$1:\eta \left({\sigma}_{e},d\left(z\right)\right)={\left(d\left(z\right)\right)}^{{\sigma}_{e}}=d\left(z\right):where{\sigma}_{e}\in {S}_{8},d\left(z\right)\in GF\left({2}^{8}\right)$$

$$2:\eta \left(\sigma ,\eta \left(\rho ,d\left(z\right)\right)\right)=\eta \left(\sigma \circ \rho ,d\left(z\right)\right)={\left(d\left(z\right)\right)}^{\sigma \circ \rho}$$

The construction of S-p-boxes has four steps:

**Step 1:**Construct Galois field $GF\left({2}^{8}\right)$

**Step 2:**Define action of the symmetric group $\eta :{S}_{8}\times GF\left({2}^{8}\right)\to GF\left({2}^{8}\right)$, defined by

$$\eta \left(\sigma ,d\left(z\right)\right)={\left(d\left(z\right)\right)}^{\sigma},where\sigma \in {S}_{8}andd\left(z\right)\in GF\left({2}^{8}\right)$$

**Step 3:**Define inversion map $\xi :GF\left({2}^{8}\right)\to GF\left({2}^{8}\right)$ by

$$\xi \left(d\left(z\right)\right)={\left(d\left(z\right)\right)}^{-1},whered\left(z\right)\in GF\left({2}^{8}\right)$$

**Step 4:**Define composition map $\tau :GF\left({2}^{8}\right)\to GF\left({2}^{8}\right)$ by

$$\xi \left(\eta \left({\sigma}_{i},d\left(z\right)\right)\right)=w\left(z\right),\tau =\xi \circ \eta $$

This composition gives us the desired S-p-box. We pick a specific permutation, and using this permutation, we permute according to the defined action in the Galois field (in Table 1) in step 2. In the third step, each member of Galois field is mapped to its inverse. Following the same procedure, we get 40,320 highly nonlinear S-p-boxes. The method is explained below by a simple example by constructing a small S-box and with the similar method, an S-box of dimension $16\times 16$ is constructed. The computational scheme is presented in Figure 1. It notable that, in this construction, zero is always mapped on zero and the remaining numbers are mapped on a different number according to the permutations.

In Table 1, Galois field $GF\left({2}^{3}\right)$ is constructed. We choose ${S}_{3}=\left\{I,\left(01\right),\left(02\right),\left(12\right),\left(012\right),\left(021\right)\right\}$ to explain the procedure by a small example. We select $\sigma =\left(012\right)$.

In step 1, as $GF\left({2}^{3}\right)$ is constructed in Table 1.

In step 2 (Table 2), $\eta :{S}_{3}\times GF\left({2}^{3}\right)\to GF\left({2}^{3}\right)$

In step 3 (Table 3), the resulting form which is again a $GF\left({2}^{3}\right)$ is mapped on there inverses.

Hence, the S-box obtained is of dimension $2\times 4$

0 | 7 | 3 | 4 |

5 | 1 | 2 | 6 |

The S-p-box presented in Table 4 is designed using a permutation $\sigma =\left(1467253\right)$. Similarly, for each permutation of ${S}_{8}$, we can get an S-p-box. These S-p-boxes depend on permutation. For each permutation of ${S}_{8}$, we have a new S-p-box that is different from other S-p-boxes. Accordingly, permutation can be used as a key for the unique S-p-boxes. The inverse S-p-box is obtained by using reverse procedure.

## 5. Algebraic Analysis and Simulation Results

In order to judge the utility of proposed S-box for any cryptosystem, we generally used standard algebraic analysis. This analysis includes bit independence criterion, nonlinearity, strict avalanche criterion, and differential and linear approximation probability. The comparison of proposed S-p-box is also made with some classical S-boxes and presently constructed S-boxes. The proposed S-p-box fulfills all of the optimal values of standard algebraic analysis. Detail of these analyses is discussed below.

#### 5.1. Nonlinearity

Nonlinearity measures the minimum distance between the set of all n-variable affine functions and an n-variable Boolean function $\left(x\right)$. Mathematically, it is defined as
where $WH{T}_{max}$ is the maximum absolute value in the Walsh-Hadamard transform vector.

$$NL\left(g\right)=0.5\left({2}^{n}-WH{T}_{max}\right)$$

Non-linearity of newly suggested S-p-box is 112 and a comparison is made with some classic as well, as recently constructed S-boxes is shown in Table 5. The graphical representation is shown in Figure 2. Here, it is noteworthy that, following the similar method, 40,320 highly non-linear S-p-boxes are obtained. The non-linearity of proposed S-p-box has a superior value than Ref. [8], Ref. [10], and Ref. [12], and it has equal value to AES, Ref. [6], and Gray.

#### 5.2. Strict Avalanche Criterion

A Boolean function $g\left(x\right)$ such that for every $t$ satisfies the expression

$$HW\left(t\right)=1{\displaystyle \sum}_{x}g\left(x\right)g\left(x\oplus t\right)={2}^{n-1}$$

Known as strict avalanche criterion. In other words, strict avalanche criterion (SAC) measures how much the output bits altered when a single change in input bits is made.

An S-box fulfills SAC criterion if an alteration in one bit in the input bit can cause an avalanche change in the output bits that is nearly half of the output bits must be altered. The comparison of overall SAC analysis of proposed S-p-box with AES and Gray is shown in Table 6, Table 7 and Table 8, while the average outcomes are shown in Table 9 and graphical representation of analysis comparison is described in Figure 3. It can be observed from Table 9 that the proposed S-p-box has attained a maximum value = 0.526, minimum value = 0.437, average value = 0.487, and square deviation = 0.015. These outcomes are better than the Gray S-box.

#### 5.3. Bit Independence Criterion

Bit independence criterion (BIC) investigated those input bits that continue unaltered. The modification of unaltered input bits and the avalanche vectors’ independent performance of pairwise variables are the assets of this criterion. In the symmetric cryptosystem, BIC is an effective property as, by increasing independence between bits, it is almost impossible to predict and recognize the pattern of the system [11].

The outcomes of nonlinearity are presented in Table 10. The bits, which are generated by eight constituent functions, are compared with each other for the purpose to measure the independence characteristics. The correlation due to the alteration in input bit and the corresponding alteration in output bits is calculated. Initially, ${j}^{th}$ and ${k}^{th}$ bits are kept fixed and $the{i}^{th}$ bit is changed from 1 to n after that j and k are altered.

BIC analysis performed on different S-boxes and their comparison with the proposed S-box is shown in Table 11. It can be observed that BIC analysis of proposed S-box has a minimum value = 112, average value = 112, and square deviation = 0. These outcomes are comparatively excellent when compared to Ref. [8] and Ref. [10]. Graphical representations of outcomes are presented in Figure 4.

#### 5.4. Linear Approximation Probability

Linear approximation probability measures the imbalance of the incident. This analysis is convenient in enumerating the supreme value of the discrepancy of an event between input and output. The two masks, ${\mathsf{\Gamma}}_{x}$ and ${\mathsf{\Gamma}}_{y}$, are applied to the parity of the input bits and output bits, respectively.
where $x$ is all possible inputs and ${2}^{n}$ is a number of the input element.

$$LP={}_{{\mathsf{\Gamma}}_{x},{\mathsf{\Gamma}}_{y}\ne 0}{}^{max}\left[\frac{\#\left\{x:x\cdot {\mathsf{\Gamma}}_{x}=S\left(x\right)\cdot {\mathsf{\Gamma}}_{y}\right\}}{{2}^{n}}-0.5\right]$$

In Table 12, linear probability (LP) analysis is presented and a comparison with selected S-boxes is also shown. The maximum value of linear approximation of the proposed S-box is 144, which demonstrates that the proposed S-p-box has strong resisting ability against linear attacks. In Figure 5, a graphical representation of the suggested S-p-box with some selected S-boxes is presented. LP analysis of the proposed S-p-box is better than Ref. [8], Ref. [10], and Skipjack, while its Max LP is the same as AES, Gray, and Ref. [6].

#### 5.5. Differential Approximation Probability

Differential approximation probability guaranteed uniform mapping. For every change in the input, there must be a unique change in output. These features of differential approximation probability guarantee uniform mapping probability for every input bit i.
where $\u25b3x$ is the input differential and $\u25b3y$ is the output differential.

$$DP\left(\u25b3x\to \u25b3y\right)=\left[\frac{\#\left\{x\in X:S\left(x\right)\u2a01S\left(x\u2a01\u25b3x\right)=\u25b3y\right\}}{{2}^{m}}\right]$$

The proposed S-p-box has maximum differential probability is 0.015625, which is comparable to the S-boxes that are present in Table 13. These S-boxes include Ref. [6], Ref. [8], Ref. [10], AES, Gray, and skipjack. The performance of proposed S-p-box is better than Ref. [8], Ref. [10], and skipjack. Figure 6 represents the graphical representation of differential approximation probability analysis.

## 6. Statistical Analysis

Statistical analyses are judged through majority logic criteria (MLC). MLC decides the suitability of an S-box for the encryption procedure of a specific type of data. In this criterion, a test image is encrypted using S-box by substituting the pixel values. This process is just testing of S-box suitability in the encryption process. This is not itself an encryption scheme. In this criterion, statistical analysis is applied on the original data and encrypted data. It measures the statistical properties. During the procedure of encryption, data is used and during this utilization of data produces alterations in the original data. The outcomes of several statistical analyses, which include contrast analysis, entropy analysis, energy analysis, correlation analysis, mean of absolute deviation analysis, and homogeneity analysis, which defines the appropriateness of S-box in encryption applications. This criterion is a decider, its analysis described whether the S-box is suitable for encryption applications or not [13].

Figure 7 shows that the image encryption sample image of Lena by using the proposed S-p-box and their corresponding histogram, respectively. The outcomes of statistical analysis of proposed S-p-box and a comparison with AES, Ref. [6], Ref. [10] and Gray are shown in Table 14. In Table 14, AES and Ref. [6] are the most suitable for encryption and the proposed S-p-box has a better outcome than both, according to the majority logic criterion. The MLC analysis of proposed S-p-box showed that this S-p-box is more diffusing and better for any cryptosystem as compared to the best S-boxes in the literature. The proposed S-p-box is confusing as well as diffusing, which differentiate it from all other S-boxes constructed so far in literature. The majority logic criterion suggests that the proposed S-p-box has excellent image encryption properties.

## 7. Conclusions

A simple and innovative method is suggested for the construction of S-p-boxes in an unconstraint system as compared to linear fractional and affine transformation. The proposed S-p-box has an additional property of diffusion as well. S-p-box is constructed using the composition of the action of symmetric group ${S}_{8}$ on Galois field $GF\left({2}^{8}\right)$ and inversion map. Due to this scheme, 8! highly nonlinear S-p-boxes are obtained. To judge the strength and efficiency of S-p-box, we apply nonlinearity analysis, strict avalanche analysis, bit independence analysis, and linear and differential approximation probability analysis. Suitability of S-p-box in image encryption application is measured by MLC analysis and its diffusing capability proves its superiority in image encryption application. It is further summarized that the suggested scheme of the proposed S-p-box has all the desired cryptographic properties and it is useable in any cryptosystem.

## Author Contributions

Conceptualization, S.H.; Methodology, Y.N.; Software, D.S.; Supervision, T.S.

## Funding

This research received no external funding.

## Conflicts of Interest

The authors declare no conflict of interest.

## References

- Daemen, J.; Rijmen, V. The Design of Rijndael-AES: The Advanced Encryption Standard; Springer: Berlin, Germany, 2002. [Google Scholar]
- Cui, L.; Cao, Y. A new S-box structure named Affine Power-Affine. Int. J. Innov. Comput. Inf. Control
**2007**, 3, 45–53. [Google Scholar] - Tran, M.T.; Bui, D.K.; Doung, A.D. Gray S-box for advanced encryption standard. In Proceedings of the 2008 International Conference on Computational Intelligence and Security, Suzhou, China, 13–17 December 2008; pp. 253–256. [Google Scholar]
- Kim, J.; Phan, W.R. Advanced differential-style cryptanalysis of the NSA’s Skipjack block cipher. Cryptologia
**2009**, 33, 246–270. [Google Scholar] [CrossRef] - Hussain, I.; Shah, T.; Mahmood, H. A new algorithm to construct secure keys for AES. Int. J. Contemp. Math. Sci.
**2010**, 5, 1263–1270. [Google Scholar] - Farwa, S.; Shah, T.; Idrees, L. A Highly Non-Linear S-Box Based on A Fractional Linear Transformation. Springerplus
**2016**, 5, 1658. [Google Scholar] [CrossRef] [PubMed] - Altaleb, A.; Saeed, M.S.; Hussain, I.; Aslam, M. An algorithm for the construction of substitution box for block ciphers based on a projective general linear group. AIP Adv.
**2017**, 7, 035001. [Google Scholar] [CrossRef] - Ozkaynak, F. Construction of robust substitution boxes based on chaotic systems. Neural Comput. Appl.
**2017**. [Google Scholar] [CrossRef] - Shi, X.; Xiao, X.Y.H.; Lam, K. A method for obtaining cryptographically strong 8 × 8 S-boxes. Int. Conf. Inf. Netw. Appl.
**2002**, 2, 14–20. [Google Scholar] - Razaq, A.; Yousaf, A.; Shuaib, U.; Siddique, N.; Ullah, A.; Waheed, A. A novel construction of substitution box coset diagram and a bijective map. Hindawi Secur. Commun. Netw.
**2017**, 2017, 5101934. [Google Scholar] [CrossRef] - Webster, A.F.; Tavares, S.E. On the design of S-boxes. In Advances in Cryptology—CRYPTO ’85 Proceedings; Lecture Notes in Computer Science; Springer: Berlin, Germany, 1986; Volume 218, pp. 523–534. [Google Scholar]
- Alkhaldi, A.H.; Hussain, I.; Gondal, M.A. A novel design for the construction of safe S-boxes based on TDERC sequence. Alex. Eng. J.
**2015**, 54, 65–69. [Google Scholar] [CrossRef] - Shah, T.; Hussain, I.; Gondal, M.A.; Mahmood, H. Statistical analysis of S-box in image encryption applications based on majority logic criterion. Int. J. Phys. Sci.
**2011**, 6, 4110–4127. [Google Scholar] - Hussain, I.; Shah, T.; Gondal, M.A.; Mahmood, H. Construction of S
_{8}Liu J S-boxes and their applications. J. Comput. Math. Appl.**2012**, 64, 2450–2458. [Google Scholar] [CrossRef] - Shah, T.; Shah, D. Construction of highly nonlinear S-boxes for degree 8 primitive irreducible polynomials over ℤ
_{2}. Multimed. Tools Appl.**2018**, 1–16. [Google Scholar] [CrossRef] - Naseer, Y.; Shah, D.; Shah, T. A Novel Approach to improve multimedia security utilizing 3D Mixed Chaotic map. Microprocess. Microsyst.
**2019**, 65, 1–6. [Google Scholar] [CrossRef] - Preneel, B.; Dodunekov, S.; Rijmen, V.; Nikova, S. Enhancing Cryptographic Primitives with Techniques from Error Correcting Codes; IOS Press: Amsterdam, The Netherlands, 2009. [Google Scholar]
- Alvarez, R.; Zamora, A. Randomness analysis and generation of key-derived s-boxes. Log. J. IGPL
**2016**, 24, 68–79. [Google Scholar] [CrossRef] - Youssef, A.M.; Tavares, S.E. Resistance of balanced s-boxes to linear and differential cryptanalysis. Inf. Process. Lett.
**1995**, 56, 249–252. [Google Scholar] [CrossRef] - Ferguson, N.; Lucks, S.; Schneier, B.; Whiting, D.; Bellare, M.; Kohno, T.; Callas, J.; Walker, J. The Skein Hash Function Family, Version 1.3. 1 October 2010. Available online: http://www.skein-hash.info/sites/default/files/skein1.3.pdf (accessed on 3 January 2019).
- Zhang, Y. The unified image encryption algorithm based on chaos and cubic S-Box. Inf. Sci.
**2018**, 450, 361–377. [Google Scholar] [CrossRef] - Zhu, C.; Wang, G.; Sun, K. Cryptanalysis and Improvement on an Image Encryption Algorithm Design Using a Novel Chaos Based S-Box. Symmetry
**2018**, 10, 399. [Google Scholar] [CrossRef] - Khan, M.A.; Ali, A.; Jeoti, V.; Manzoor, S. A Chaos-Based Substitution Box (S-Box) Design with Improved Differential Approximation Probability (DP). Iran. J. Sci. Technol. Trans. Electr. Eng.
**2018**, 42, 219–238. [Google Scholar] [CrossRef] - Zhu, C.; Wang, G.; Sun, K. Improved Cryptanalysis and Enhancements of an Image Encryption Scheme Using Combined 1D Chaotic Maps. Entropy
**2018**, 20, 843. [Google Scholar] [CrossRef] - Liu, H.; Kadir, A.; Sun, X.; Li, Y. Chaos based adaptive double-image encryption scheme using hash function and S-boxes. Multimed. Tools Appl.
**2017**. [Google Scholar] [CrossRef] - Islam, F.U.; Liu, G. Designing S-Box Based on 4D-4Wing Hyperchaotic System. 3D Res.
**2017**, 8, 9. [Google Scholar] [CrossRef] - Zhu, S.; Zhu, C.; Wang, W. A New Image Encryption Algorithm Based on Chaos and Secure Hash SHA-256. Entropy
**2018**, 20, 716. [Google Scholar] [CrossRef]

Power Form | Binary Form | Polynomial Form | Power Form | Binary Form | Polynomial |
---|---|---|---|---|---|

$\mathbf{0}$ | $000$ | $0$ | ${\mathsf{\varsigma}}^{3}$ | $110$ | $1+\mathsf{\varsigma}$ |

${\mathsf{\varsigma}}^{\mathbf{7}}$ | $100$ | $1$ | ${\mathsf{\varsigma}}^{4}$ | $011$ | $\mathsf{\varsigma}+{\mathsf{\varsigma}}^{2}$ |

$\mathsf{\varsigma}$ | $010$ | $\mathsf{\varsigma}$ | ${\mathsf{\varsigma}}^{5}$ | $111$ | $1+\mathsf{\varsigma}+{\mathsf{\varsigma}}^{2}$ |

${\mathsf{\varsigma}}^{\mathbf{2}}$ | $001$ | ${\mathsf{\varsigma}}^{2}$ | ${\mathsf{\varsigma}}^{6}$ | $101$ | $1+{\mathsf{\varsigma}}^{2}$ |

Polynomial Form | $\mathit{\eta}\left(\left(012\right),\mathit{d}\left(\mathit{z}\right)\right)={\left(\mathit{d}\left(\mathit{z}\right)\right)}^{\left(012\right)}$ | Resulting Polynomial Form |
---|---|---|

0 | ${0}^{\left(012\right)}$ | $0$ |

$1$ | ${\left({z}^{0}\right)}^{\left(012\right)}$ | $z$ |

$z$ | ${\left(z\right)}^{\left(012\right)}$ | ${z}^{2}$ |

${z}^{2}$ | ${\left({z}^{2}\right)}^{\left(012\right)}$ | ${z}^{0}=1$ |

$1+z$ | ${\left({z}^{0}+{z}^{1}\right)}^{\left(012\right)}$ | $z+{z}^{2}$ |

$z+{z}^{2}$ | ${\left({z}^{1}+{z}^{2}\right)}^{\left(012\right)}$ | $1+{z}^{2}$ |

$1+z+{z}^{2}$ | ${\left({z}^{0}+{z}^{1}+{z}^{2}\right)}^{\left(012\right)}$ | $1+z+{z}^{2}$ |

$1+{z}^{2}$ | ${\left({z}^{0}+{z}^{2}\right)}^{\left(012\right)}$ | $1+z$ |

Resulting Polynomial Form | ${\left(\mathit{d}\right(\mathit{z}\left)\right)}^{-1}$ |
---|---|

$0$ | 0 |

$z$ | $1+{z}^{2}$ |

${z}^{2}$ | $1+z+{z}^{2}$ |

${z}^{0}=1$ | $1$ |

$z+{z}^{2}$ | $1+z$ |

$1+{z}^{2}$ | $z$ |

$1+z+{z}^{2}$ | ${z}^{2}$ |

$1+z$ | $z+{z}^{2}$ |

0 | 1 | 216 | 114 | 108 | 237 | 72 | 137 | 142 | 244 | 192 | 88 | 57 | 81 | 111 | 46 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|

54 | 95 | 56 | 35 | 36 | 87 | 40 | 209 | 248 | 213 | 104 | 140 | 202 | 91 | 17 | 217 |

173 | 157 | 144 | 222 | 112 | 208 | 80 | 34 | 221 | 152 | 85 | 128 | 31 | 74 | 207 | 169 |

48 | 136 | 19 | 193 | 82 | 141 | 219 | 119 | 43 | 30 | 203 | 99 | 239 | 179 | 6 | 187 |

27 | 84 | 24 | 223 | 28 | 130 | 135 | 229 | 161 | 29 | 68 | 79 | 159 | 198 | 238 | 107 |

18 | 89 | 41 | 113 | 20 | 63 | 227 | 231 | 165 | 53 | 200 | 246 | 230 | 240 | 181 | 234 |

73 | 49 | 11 | 220 | 206 | 59 | 197 | 100 | 39 | 45 | 189 | 148 | 13 | 60 | 7 | 123 |

210 | 247 | 16 | 115 | 250 | 116 | 66 | 212 | 98 | 90 | 118 | 120 | 243 | 180 | 232 | 117 |

71 | 167 | 224 | 62 | 96 | 86 | 164 | 195 | 122 | 186 | 76 | 102 | 44 | 138 | 64 | 94 |

146 | 78 | 129 | 26 | 185 | 196 | 233 | 251 | 166 | 4 | 37 | 97 | 23 | 77 | 218 | 121 |

61 | 170 | 160 | 131 | 38 | 139 | 171 | 12 | 93 | 150 | 75 | 42 | 51 | 110 | 21 | 225 |

22 | 103 | 151 | 14 | 32 | 236 | 132 | 205 | 69 | 147 | 55 | 65 | 47 | 50 | 254 | 252 |

124 | 204 | 155 | 188 | 52 | 194 | 235 | 242 | 228 | 176 | 15 | 92 | 70 | 5 | 191 | 175 |

101 | 184 | 249 | 67 | 134 | 177 | 3 | 143 | 163 | 158 | 215 | 214 | 226 | 241 | 211 | 201 |

83 | 105 | 172 | 9 | 156 | 8 | 149 | 154 | 2 | 245 | 199 | 162 | 190 | 183 | 174 | 182 |

133 | 125 | 153 | 10 | 109 | 33 | 127 | 255 | 168 | 58 | 25 | 145 | 178 | 106 | 126 | 253 |

S-Boxes | ${\mathit{g}}_{0}$ | ${\mathit{g}}_{1}$ | ${\mathit{g}}_{2}$ | ${\mathit{g}}_{3}$ | ${\mathit{g}}_{4}$ | ${\mathit{g}}_{5}$ | ${\mathit{g}}_{6}$ | ${\mathit{g}}_{7}$ | Average |
---|---|---|---|---|---|---|---|---|---|

Proposed | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ |

Gray | $112$ | $112$ | $112$ | $112$ | $112$ | 112 | 112 | $112$ | $112$ |

Ref. [6] | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ |

AES | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ | $112$ |

Ref. [10] | $108$ | $106$ | $108$ | $108$ | $108$ | $104$ | $106$ | $106$ | $106.75$ |

Ref. [8] | $106$ | $106$ | $106$ | $104$ | $108$ | $102$ | $106$ | $104$ | $105.25$ |

Ref. [12] | $108$ | $104$ | $106$ | $106$ | $102$ | $98$ | $104$ | $108$ | $104$ |

${\mathit{g}}_{0}$ | ${\mathit{g}}_{1}$ | ${\mathit{g}}_{2}$ | ${\mathit{g}}_{3}$ | ${\mathit{g}}_{4}$ | ${\mathit{g}}_{5}$ | ${\mathit{g}}_{6}$ | ${\mathit{g}}_{7}$ | |
---|---|---|---|---|---|---|---|---|

Bit 0 | 128 | 116 | 120 | 124 | 136 | 112 | 116 | 116 |

Bit 1 | 128 | 116 | 116 | 124 | 128 | 116 | 124 | 128 |

Bit 2 | 116 | 132 | 120 | 140 | 116 | 124 | 128 | 128 |

Bit 3 | 116 | 124 | 144 | 144 | 112 | 116 | 116 | 128 |

Bit 4 | 132 | 124 | 136 | 140 | 124 | 128 | 128 | 116 |

Bit 5 | 128 | 128 | 132 | 124 | 116 | 128 | 116 | 124 |

Bit 6 | 124 | 136 | 124 | 136 | 128 | 128 | 116 | 132 |

Bit 7 | 124 | 128 | 120 | 132 | 116 | 116 | 128 | 116 |

${\mathit{g}}_{0}$ | ${\mathit{g}}_{1}$ | ${\mathit{g}}_{2}$ | ${\mathit{g}}_{3}$ | ${\mathit{g}}_{4}$ | ${\mathit{g}}_{5}$ | ${\mathit{g}}_{6}$ | ${\mathit{g}}_{7}$ | |
---|---|---|---|---|---|---|---|---|

Bit 0 | 132 | 132 | 116 | 144 | 116 | 124 | 116 | 128 |

Bit 1 | 120 | 124 | 144 | 128 | 124 | 116 | 128 | 136 |

Bit 2 | 132 | 132 | 128 | 120 | 144 | 128 | 136 | 128 |

Bit 3 | 136 | 136 | 120 | 116 | 128 | 136 | 128 | 140 |

Bit 4 | 116 | 128 | 116 | 132 | 128 | 128 | 140 | 136 |

Bit 5 | 116 | 132 | 132 | 120 | 120 | 140 | 136 | 136 |

Bit 6 | 136 | 136 | 120 | 132 | 120 | 136 | 136 | 124 |

Bit 7 | 128 | 140 | 136 | 132 | 144 | 120 | 132 | 120 |

${\mathit{g}}_{0}$ | ${\mathit{g}}_{1}$ | ${\mathit{g}}_{2}$ | ${\mathit{g}}_{3}$ | ${\mathit{g}}_{4}$ | ${\mathit{g}}_{5}$ | ${\mathit{g}}_{6}$ | ${\mathit{g}}_{7}$ | |
---|---|---|---|---|---|---|---|---|

Bit 0 | 132 | 132 | 116 | 144 | 116 | 124 | 116 | 128 |

Bit 1 | 120 | 128 | 136 | 120 | 132 | 120 | 136 | 136 |

Bit 2 | 136 | 120 | 120 | 128 | 140 | 136 | 136 | 112 |

Bit 3 | 132 | 136 | 128 | 124 | 132 | 136 | 112 | 132 |

Bit 4 | 120 | 132 | 124 | 124 | 116 | 112 | 132 | 132 |

Bit 5 | 120 | 128 | 124 | 120 | 140 | 132 | 132 | 120 |

Bit 6 | 120 | 136 | 120 | 136 | 136 | 132 | 120 | 132 |

Bit 7 | 128 | 140 | 136 | 132 | 144 | 120 | 132 | 120 |

S-Boxes | Proposed | Gray | Ref. [6] | AES | Prime |
---|---|---|---|---|---|

Minimum Value | 0.437 | 0.421 | 0.453 | 0.453 | 0.343 |

Maximum value | 0.526 | 0.525 | 0.525 | 0.526 | 0.671 |

Average | 0.487 | 0.476 | 0.510 | 0.504 | 0.516 |

Square Deviation | 0.015 | 0.015 | 0.0165 | 0.0156 | 0.032 |

- | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 |
---|---|---|---|---|---|---|---|

112.000 | - | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 |

112.000 | 112.000 | - | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 |

112.000 | 112.000 | 112.000 | - | 112.000 | 112.000 | 112.000 | 112.000 |

112.000 | 112.000 | 112.000 | 112.000 | - | 112.000 | 112.000 | 112.000 |

112.000 | 112.000 | 112.000 | 112.000 | 112.000 | - | 112.000 | 112.000 |

112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | - | 112.000 |

112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | 112.000 | - |

S-Boxes | Average | Minimum Value | Square Deviation |
---|---|---|---|

Proposed | 112 | 112 | 0 |

AES | 112 | 112 | 0 |

Gray | 112 | 112 | 0 |

Ref. [6] | 112 | 112 | 0 |

Ref. [8] | 103.2 | 94 | 3.53 |

Ref. [10] | 103.643 | 96 | 2.7283 |

S-Boxes | Proposed | Gray | Ref. [6] | AES | Ref. [10] | Ref. [8] | Skipjack |
---|---|---|---|---|---|---|---|

Max Value | 144 | 144 | 144 | 144 | 162 | 164 | 156 |

Max LP | 0.0625 | 0.0625 | 0.0625 | 0.0625 | 0.1484 | 0.159 | 0.109 |

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).