Content uploaded by Saira Jahangir
Author content
All content in this area was uploaded by Saira Jahangir on Oct 14, 2023
Content may be subject to copyright.
Designing S-boxes triplet over a finite chain ring
and its application in RGB image encryption
Saria Jahangir
1
&Tariq Shah
1
Received: 6 May 2019 / Revised: 6 March 2020 / Accepted: 23 April 2020
#Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract
In this article, we have developed an encryption technique to encrypt any kind of digital
information. The main work is to construct the component of the block ciphers namely the
substitution boxes (S-boxes) over an algebraic structure of finite chain ring; and then use these
S-boxes in image encryption applications. The present formation is based on the finite
commutative chain ring R9=ℤ2+uℤ2+…+uk−1ℤ2(module over itself) which is exactly
twice of 256. The multiplicative group of unit elements of R9precisely has 256 elements and
the set of all nonunit elements in R9forms a submodule of module R9consisting of 256
elements. By using this point we initiate a new 8 × 8 S-box triplet generation technique which
addresses the group of units of R9and the submodule of R9. This new construction technique
of S-boxes ensures random values in the area of the initial domain of transformation. The
proposed S-boxes have been examined by algebraic, statistical and texture analyses. A
comparison of the expected and existing S-boxes reveals that the proposed S-boxes are
comparatively better and can be used in the well known ciphers. Another goal of this work
is to suggest an encryption technique for colored (RGB) images based on permutation keys
and triplet of newly generated S-boxes. The outcomes of the security, statistical and the
differential analyses have proved that our scheme is better for the image encryption.
Keywords S-box .Finite chain ring .Submodule .Group of units .Nonlinearity and RGB image
encryption
1 Introduction
For last three decades, digital data has been exchanged enormously from one place to another due
to development and advances in computer networking. The main concern in this exchange is to
https://doi.org/10.1007/s11042-020-08995-3
*Saria Jahangir
saira156@gmail.com
Tariq Shah
stariqshah@gmail.com
1
Department of Mathematics, Quaid-i-Azam University, Islamabad, Pakistan
Multimedia Tools andApplications (2020) 79:26885–26911
/
Published online: 4 June 2020
avoid any kind of manipulation, unauthenticated form, repudiation and the disintegration. Images
are extensively used in the numerous progressions. Hence, the fortification of the image data from
an unlicensed entree is compulsory. Image encryption and steganography play a substantial part in
the field of information hiding. Swift development of network multimedia systems has been seen
in recent years. The data duplication has been made easy by such developments. The ease with
which flawless duplicates can be made may lead to large-scale unlicensed copying, which is a
great alarm to the original images, music, films, and the books. Due to the copywrite concern, a
number of technologies are being developed to guard against illegitimate replication. Keeping in
view the rising demands of digital security mechanisms, we have devised a novel technique
of image encryption based on finite commutative chain ring to enrich existing
information hiding schemes that relies on the Galois field (GF).
Currently, a common constituent used for attaining misperception in the encrypted data is
the S-box. The S-box is the nonlinear segment of a block cipher. Thus, the performance of block
cipher depends on the S-box. Because of this many researcher have shown their interest in
designing different and powerful S-boxes. Due to their strong cryptographic characteristics, S-
boxes that are created on algebraic techniques have much consideration and which are robust to
linear and differential cryptanalyses. So, a secure communication based on different types of S-
boxes was designed. For instance in advanced encryption standards (AES), the affine power
affine (APA) S-box is recommended to increase the algebraic complexity while keeping the
anticipated encryption properties available in the new S-box [5]. By the action of symmetric
group S8on the original S-box of AES, the S8AES S-boxes are proposed [13]. On applying the
additional transform based on binary Gray codes on the original S-box of AES, the Gray S-box
has been introduced [29]. The Gray S-box has a 255-term polynomial as compared to 9-term
polynomial which inherits almost all the properties and increases the security for the AES.
Consequently, it maintains the nonlinearity and the algebraic complexity. Similarly, Xyi S-box,
Residue Prime S-box and Skipjack S-box are commonly used S-boxes in the encryption and
decryption methods [19,34]. The above mentioned S-boxes have been used as a standard to
determine the strength of newly constructed S-boxes by means of the criteria which include,
nonlinearity, strict avalanche criterion (SAC), bit independence criterion (BIC), linear approx-
imation probability method (LP) and the Differential approximation probability (DP) [15,27].
The most S-box construction techniques are the composition of an inversion and the
bijection maps on the GF consisting 256 (28) elements. Another renowned scheme of S-box
construction is the linear fractional transformations GF(28). So, for the fixed values of a,b,c,
and dof the GF(28), the linear fractional transformation (LFT) x⟼axþb
cxþddesign 8 × 8 S-
boxes. The study is Ref. [16] shows a novel 8 × 8 S-box construction method based on the unit
elements of ring of integers of 512 elements ((ℤ512)). This technique is twofold: First to
increase randomness, a configuration of two maps; an inverse and the scalar multiple are
defined on U(ℤ512).Then the action of group is applied in the form of the LFT on the permuted
elements of GF(28). The 512 elements of commutative chain ring R9is in fact a module over
itself. The additive abelian subgroup Mof R9has cardinality 256 formed by all the nonunit
elements of the ring R9. Accordingly, Mis a R9submodule of the R9module R9.The
multiplicative group MG9of the unit elements of R9has also 256 elements. The two binary
operations based on the algebraic structure of the GF(28) support the XOR and AND
operations in logic gates. The multiplicative structure of MG9support the operation AND,
however Mfavors XOR operation. In this manuscript, we propose a construction technique of
8×8S-boxes,bytheuseofR
9submodule Mof the R9module R9and by the multiplicative
Multimedia Tools and Applications (2020) 79:26885–26911
26886
group MG9with the help of affine linear map and a fractional transformation as given
in [12,14]. The algebraic analyses such as nonlinearity, strict avalanche criteria, linear
approximation probability, bit independence criteria and differential approximation
probability on the newly generated S-boxes are performed to determine their strength.
The proposed Substitution boxes have been characterized by some standard algebraic,
statistical and texture analyses. To check the adequacy of the foreseen image encryption
algorithm, we have performed various analysis along with the linear and the differential
cryptanalysis. The outcomes of these analyses are compared with the current encryption
algorithms shows the great performance of our foreseen encryption algorithm. In the end we
use differential analysis to examine that the proposed encryption scheme has excellent statistical
properties which helps in resistance of differential attacks.
The paper is organized as follows: Some basic concepts regarding commutative chain rings
are given in Section 2.InSection3, the algebraic algorithm for the design of triplet of S-boxes
is introduced. The Section 4contains the methods used to analyze the performance of
proposed S-boxes in comparison with some of the fundamental S-boxes. The the color image
encryption by the use of proposed S-boxes is presented in the Section 5. The Section 6deals
with the histogram, correlation, entropy, NPCR, UACI analyses, randomness test for cipher
and occlusion attack. The work in concluded in the Section 7.
2 Algebraic structure of the proposed S-boxes
We begin with some basic notions and terminologies in a commutative ring with identity. In all
these definitions we deal with R as commutative ring with identity.
Definition Let GF 2n
ðÞ¼Vn
2be the vector space of dimension n. A Boolean function fis a
mapping
f¼GF 2;nðÞ→GF 2;1ðÞ
where x=(x1,x2,…,xn)andGF(2n) represents Galois field of order 2n. The total number of
distinct n-variable Boolean functions is 22n[4].
Definition A Boolean function f:ℤn
2→ℤ2is balanced function if x:f(x)=0 and x:f(x)=1
have same cardinality. The significance of the balance property is that the higher the magnitude of a
function’s imbalance, the more likelihood of a high probability linear approximation being obtained.
Thus, the imbalance makes a Boolean function weak in terms of linear cryptanalysis. Furthermore, a
function with a large imbalance can easily be approximated by a constant function [10].
Definition A commutative ring Rwith identity is said to be local if and only if it’s all non-unit
elements form an additive Abelian group. More explicitly a local ring Rhas a unique maximal
ideal Mand the factor ring R/M is a field, called the residue field of the local ring R.The
integer modulo ring ℤpm,pis a prime integer and mis any positive integer, is the example of
finite local ring, whereas the fraction ring ℤp, is an infinite local ring.
Definition The ring Rk¼ℤ2u½
<uk>¼ℤ2þuℤ2þ…þuk−1ℤ2is a commutative chain ring of
2kelements with only maximal ideal uRk,whereuk=0. Since uis a nilpotent element with
Multimedia Tools and Applications (2020) 79:26885–26911 26887
nilpotency index ktherefore
0¼ukRk⊂uk−1Rk⊂uk−2Rk⊂…⊂u2Rk⊂uRk:
is the chain of ideals in Rk. The multiplication binary operation of Rkcoincides with of
ℤ2kwhereas the addition binary operation is similar to that of F2k[11,18].
3 Generating algorithm for triplet of S-boxes
A competent S-box with extensive cryptographic features is of significant worth for the
development of tough cryptographic system. Constructing cryptographically robust S-boxes
is a key challenge. In [25] Shah et.al. proposed a method to construct efficient 4 × 4 S-boxes
based on unit elements of the chain rings ℤ2+uℤ2+…uk−1ℤ2,fork = 3, 4, 5, 6, 7, 8. In this
study we construct a triplet of 16 × 16 S-boxes based on R9. The ring R9¼ℤ2u½
<u9>¼ℤ2þu
ℤ2þ…u8ℤ2is a commutative chain ring of 29elements.
The manipulative technique of the S-boxes triplet is based on two substructures of the finite
commutative chain ring R9. One of the substructure is the maximal ideal M¼
0;u;u2;…;u8;uþu2;…;uþu2þu3þ…þu8
of R9, a submodule of module R9over
the ring R9MðÞ;which is decimal equivalent to {0, , 2, 4, …, 510}. Another is the multipli-
cative group MG9¼1;1þu;1þu2;…;1þu8;1þuþu2;…;1þuþu2þ…þu8
of
unit elements of the ring R9, which is decimal equivalent to {1, 3, 5, …, 511}. The first one
aptitudes two operations; addition and scalar multiplication, however the last one holds only
multiplication binary operation. The actions of projective general linear group PGL(2, GF(28))
to the Galois field GF(28) yield the eventual S-boxes. The R9.submoduleMof R9module
R9is not used previously in any other cryptosystem; however, the S-boxes construction over
the unit elements of integers modulo ring Rkfor k =3,4,…, 8;is given in [25].
3.1 Case I: Generating S-box over M
Since Mis R9submodule of R9Module R9, so, a mapping like affine transformation is
possible to define as: f:M→M,f(m)=rm +m1,whererand m1are fixed element of MG9
and Mrespectively. The elements of Mhave 9 bits binary representation, to project them on
GF(28), we define a bijection g:M→GF 28
by
gxðÞ¼ x;if 0≤x≤254
Rmþ1;if 256 ≤x≤510
;where x∈M;
Rmis the remainder when divided by 256. So, lastly the linear fractional transformation used in
the construction of one of the S-boxes triplet is given by; h:PGL(2, GF(28)) × GF(28)→
GF(28) and defined as hmðÞ¼
amþb
cmþd;where a,b,c,d∈GF(28). In short for the construction of
this S-box, the algorithm begins with the maximal ideal Mof a local ring R9and use
of GF(28). Ultimately the function h(m) designs the S-box with the action of PGL (2,
GF(28)) on GF(28). The functions f,gand hare used in the process of creating the S-box.
The new S-box, created through the proposed algorithm is shown in Table 1.Thisisa16×16
look up table and can be used to process eight binary bits of data.
Multimedia Tools and Applications (2020) 79:26885–26911
26888
3.2 Case II: Generating S-box over MG9
Define inverse and affine linear mappings I0;f0:MG9→MG9by I′(s)=s−1and f0s
ðÞ¼as;
for fixed a∈MG9Accordingly the composition f0oI0:MG9→MG9of mapping is defined by
I′of′(s)=(as)−1. As the elements of MG9are 9 binary bits representation, to project them on
GF(28), we define a bijection g0:MG9→GF 28
by
g0xðÞ¼x;
Rmþ1;
if 1≤x≤255
if 257≤x≤511 ;where x∈MG9;
Rmis the remainder when divided by 256. So, lastly the linear fractional transformation used in
the construction of one of S-boxes triplet is given as; h′:PGL(2, GF(28)) × GF(28)→GF(28)
h0zðÞ¼a0zþb0
c0zþd0;where a′,b′,c′,d′∈GF(28). For the construction of this S-box, the
algorithm stimulates with the group MG9of unit elements in the local ring R9and use of
Galois field GF(28). Finally the function h′designs the S-box with the action of PGL (2,
GF(28)) on GF(28). The functions I′,f′,g′and h′are used in the process of generating the S-
box. The new S-box created through the proposed algorithm is shown in Table 2and can be
Table 1 S-box 1 designed over M
229 18 26 184 80 85 125 037 63 164 238 170 160 147 227 185
244 59 21 69 103 53 112 65 60 2 177 153 12 10 93 84
215 193 223 188 56 186 0 36 72 196 30 3 55 226 23 250
109 180 144 136 146 74 161 94 128 241 8 67 71 47 181 202
245 205 45 88 173 163 9 14 236 213 237 210 77 122 165 120
117 41 44 151 57 27 248 22 75 106 5 46 17 243 232 191
123 139 78 148 70 66 51 182 89 218 162 246 168 187 115 98
42 104 38 129 96 169 58 49 212 141 135 102 6 131 97 132
16 255 19 230 81 198 64 101 95 152 40 4 25 52 150 50
99 183 43 73 249 157 154 240 179 251 32 111 201 195 83 159
171 116 149 200 224 242 189 33 203 118 222 34 92 216 204 108
167 235 133 219 138 134 1 252 145 48 79 20 137 166 31 172
234 253 220 29 197 119 214 61 28 156 239 142 190 247 140 208
54 130 121 228 114 113 100 82 206 11 13 192 194 107 105 254
87 175 127 207 62 221 225 68 211 24 15 155 158 90 76 199
7 126 233 174 231 39 35 143 110 91 209 217 178 176 86 124
Table 2 S-box 2 designed over MG9
166 218 246 190 179 174 238 71 144 4 230 172 251 119 173 242
43 33 15 222 187 30 102 147 205 83 161 237 89 193 178 3
245 223 53 224 240 252 247 75 208 197 199 151 150 27 148 84
64 103 164 39 24 113 68 57 100 48 1 163 175 228 177 214
12 37 200 56 60 234 58 129 50 188 115 181 140 167 236 65
54 23 0 207 128 219 149 62 170 47 249 156 42 74 26 111
19 239 169 191 38 78 180 69 70 159 32 254 18 216 125 137
22 165 2 109 49 93 152 215 217 241 59 132 16 255 183 51
79 72 52 203 126 117 66 101 67 229 250 220 194 94 28 182
130 5 110 91 160 168 17 9 98 235 153 80 123 122 44 63
131 176 184 40 14 96 192 90 35 55 201 162 21 85 195 158
231 11 244 206 77 87 106 141 202 114 211 171 198 186 233 8
185 154 196 232 88 225 209 99 139 95 210 124 46 221 45 41
146 248 213 226 10 36 243 104 134 212 118 157 97 7 92 121
135 155 25 20 142 31 105 81 61 120 143 116 107 86 136 127
73 133 13 76 253 227 34 138 6 29 204 108 145 82 189 112
Multimedia Tools and Applications (2020) 79:26885–26911 26889
used to process eight binary bits of data.
Whole construction process is summarized in the form of flow chart and shown in the Fig. 1.
To synthesize the third S-box, we take the composition of above generated S-boxes (Table 3).
4 Performance analyses of S-boxes
A productive S-box ought to fulfill some particular cryptographic criteria, which are nonlinearity,
bijectiveness, linear approximation probability, strict avalanche, differential approximation
Fig. 1 Flow chart for S-boxes pairs generation over the ring R9
Table 3 S-box 3 obtained by composition of S-boxes 1,2
31 15 161 202 54 219 255 252 214 14 136 201 131 91 20 114
253 163 30 234 69 113 22 37 175 246 11 235 251 230 74 128
104 154 121 198 100 211 166 240 50 88 178 190 57 25 147 204
216 77 130 67 110 115 176 26 79 133 144 56 129 84 87 210
227 221 27 170 85 40 4 173 107 36 87 213 167 59 96 217
93 197 150 9 48 237 6 102 181 32 174 148 33 76 61 8
132 220 236 160 58 200 39 106 47 118 184 34 35 171 109 169
199 70 247 72 19 55 1 103 10 94 101 180 238 203 239 126
43 112 222 105 23 209 12 78 111 98 208 179 83 24 17 164
191 141 151 188 29 122 153 73 206 108 245 137 95 232 207 63
162 049 168 139 135 13 186 223 124 152 92 53 42 134 46 18
090 116 117 157 250 66 218 145 5 64 65 187 229 192 3 21
143 82 97 193 225 215 243 228 89 123 127 28 233 138 194 146
68 52 241 142 2 165 38 0 45 172 119 185 196 254 159 189
62 158 51 41 177 7 155 60 226 205 242 80 44 249 140 99
71 183 120 195 81 75 224 182 125 156 248 212 244 231 149 16
Multimedia Tools and Applications (2020) 79:26885–26911
26890
probability and bit independence etc. We implement different analyses for the proposed S-boxes
in order to test their strength and ranking with respect to some other famous S-boxes.
Nonlinearity Nonlinearity measures the interspace betwixt the Boolean function fand the
collection of all relative direct functions. Boolean functions on even number of input variables
n, achieving the utmost nonlinearity of (2n−1−2n
2−1) are called the bent functions [24]. Whereas
for odd n, the nonlinearity value (2n−1−2n−1
2) is known as the bent concatenation bound.
Comparison of nonlinearity of proposed S-box with some existing S-boxes is presented in
the Table 5, given below. Readings of this analysis reveals that synthesized S-boxes can
efficiently replace S-boxes based on algebraic construction because of its more appealing
construction and chaos-based S-boxes due to its vast interval for randomness.
Strict avalanche criteria (SAC) Feng and Wu [8] introduced SAC. This criterion analyzes that
how output bits of the cryptograph responds to the swapping in input bits It is required 50% of
the yield bits must be altered on the variety of a solitary info bit esteem. As the iteration
progresses, an avalanche of change in yield bits caused by alteration of a only one input bit.
The unpredictability made by cipher will be largest if the variation only in a single input bit
can make changes in output bit with a probability of 0.5. Execution Indexes of S-boxes
indicates that the projected S-boxes effectively fulfilled SAC. The mean value of SAC for
projected S-boxes is much closed to the optimal value.
Bit independent criterion (BIC) It is imperative to examine the deviation in the performance of
output bits when input bits are changed. Several methodologies are introduced to quantify this change.
BIC is a notable technique to gauge the level of dependent change in any pair of output bits when any
input bit is retreated. Webster and Tavares [6,9] introduced this criterion. Through execution Indexes
of suggested S-boxes we saw that these S-boxes fulfilled BIC to the most ideal value.
Linear approximation probability (LP) This is the peak polarity of an occurrence.The
uniformity of input bits designated by the cover Gaequals to the uniformity of the yield bits
chose by the cover Gb. Conferring to Matsui’s definition [22], LP of an S-box is calculated as
LP ¼max
Ga;Gb≠0│#a∈X│a:Ga¼SaðÞ:Gb
2n−1
2│
“X”the collection of every conceivable info and 2nis the size of X”.Wecaninferfrom
execution Indexes of anticipated S-boxes that the mean value of LP is 0.0625 which is suitable
to resist linear attacks.
Differential approximation probability (DP) [3]This tool is castoff to measure the differen-
tial uniformity of an S-box. Which is defined as:
DPsΔa→ΔbðÞ¼
#a∈X│SaðÞSaΔaðÞ¼Δb
2m
"#
:
This implies, an input discrepancy Δaishould exclusively map to an output discrepancy Δbi,
so that certifying an even mapping probability for each i. The mean value of DP for endorsed
S-boxes is 0.015625, which is the same as AES, APA, Gray S-box.
Multimedia Tools and Applications (2020) 79:26885–26911 26891
Performance Indexes of S-boxes are given in Tables 4and 5shows the comparison of
suggested S-boxes with residue prime, Xyi, Skipjack, APA, AES S-boxes and some other
good S-boxes.
Table 4 Performance Indexes for proposed S-boxes
Analysis Max. Min. Average Square
deviation
The differential
approximation
probability (DP)
The linear
approximation
probability (LP)
Nonlinearity:
S box1 112 110 111.5
S box2 112 110 111.75
S box3 104 96 101.5
SAC:
S box1 0.546875 0.4375 0.496582 0.0133521
S box2 0.5652 0.4375 0.502197 0.0156778
S box3 0.578125 0.390625 0.497314 0.0207415
BIC:
S box1 110 111.429 0.903508
S box2 110 111 1
S box3 100 104.214 2.22578
BIC- SAC:
S box1 0.484375 0.50020 0.0102733
S box2 0.480469 0.50411 0.0111387
S box3 0.482422 0.503209 0.0139111
DP:
S box1 0.0234375
S box2 0.0234375
S box3 0.046875
LP:
S box1 146 0.0703125
S box2 146 0.0703125
S box3 160 0.0125
Table 5 Comparison of Performance indexes of trio S-boxes
S-boxes Nonlinearity SAC BIC DP LP
AES S-box 112 0.5058 112.0 0.0156 0.062
APA S-box 112 0.4987 112.0 0.0156 0.062
Gray S-box 112 0.5058 112.0 0.0156 0.062
Skipjack S-box 105.7 0.4980 104.1 0.0468 0.109
Xyi S-box 105 0.5048 103.7 0.0468 0.156
Residue Prime 99.5 0.5012 101.7 0.2810 0.132
Lui 105 0.499756 104.071 0.0390625 0.128906
Ref. [28] 110.50 0.5031 109.21 0.0234 0.0860
Ref. [35] 106.5 0.507 103.9 0.140 0.054
Ref. [21] 104.5 0.498 104.6 0.047 0.125
Ref. [31] 106 0.0520 104.2 0.039 0.132
Ref. [2] 105.5 0.5000 103.78 0.0468 0.1250
Ref. [30] 106 0.5020 103.00 0.0469 0.1250
Ref. [32] 110.25 0.5000 104 10 0.125
proposed:
S-box 1 111.5 0.496582 111.429 0.0234375 0.0703125
S-box 2 111.75 0.502197 111 0.0234375 0.0703125
S-box 3 101.5 0.497314 104.214 0.046875 0.0125
Multimedia Tools and Applications (2020) 79:26885–26911
26892
The assessment of the many prevailing nonlinear constituent for block cryptographs with
counseled is specified in Table 5.
i. A high estimation of nonlinearity gives obstruction against the linear cryptanalysis [12]. As
shown in the table, the average nonlinearity of our proposed S-boxes 1 and 2 is higher than
the Skipjack, Xyi, Residue prime, Lui and S-boxes presented in [2,21,28,30–32,35].
This highlights in decent perplexity and makes the planned S-boxes strong against linear
cryptanalysis.
ii. A SAC value close to 0.5 (the ideal value for SAC) is an important objective of S-Box.
Tables 4and 5exhibit that our SAC values of S-box 1, S-box 2, S-box 3 are 0.496582,
0.502197 and 0.497314 respectively, which are extremely close to the ideal value. We can
say that our S-boxes fulfill the SAC.
iii. The comparison of the BIC analyses of anticipated S-boxes and accessible nonlinear
segment of block ciphers are given in Table 5. As indicated by the results of BIC,
proposed S-boxes are very similar to the AES, APA and Gray S-boxes, consequently
fulfilling the BIC test.
iv. To resist linear cryptanalysis, a small value of LP for a specified S-box is wanted by S-
box designers. The LP values of our S-boxes 1, 2 and 3 are 0.0703125, 0.0703125 and
0.0125 respectively. Because of these small values, we can say that our S-boxes are
impervious to linear cryptanalysis.
v. An S-Box with a small value of differential probability is secure counter to
differential cryptanalysis. The DP values of our S-boxes 1, 2 and 3 are
0.0234375, 0.0234375 and 0.046875 respectively, which are superior to the DP
values of different S-boxes presented [2,21,28,30–32,35] and very similar to
AES, APA and Gray S-boxes, as appeared in Table 5. This value of DP reflects
the quality of our S-boxes.
5 Application of synthesized S-boxes in image encryption
We take an image of dimensions 256, split it into three layers; red layer, green layer and
blue layer. Each layer of the image is encrypted in two steps. In first step we scramble
the pixels of each layer of the image through permutation keys generated by 3D chaotic
map and in second step each layer is again concealed through S-boxes synthesized in
section 3. Both steps are explained below.
5.1 Pixels permutation
In this phase, the location of the pixels is mixed-up of the whole image without
altering their values and the image becomes distorted. The determination of confusion
is to diminish the high correlation between end-to-end pixels in the plain image. To
boost the degree of unpredictability and the level of security we use following 3D
logistic map;
Multimedia Tools and Applications (2020) 79:26885–26911 26893
xiþ1¼λxi1−xi
ðÞþβy2
ixiþαz3
i;
yiþ1¼λyi1−yi
ðÞþβz2
iyiþαx3
i;
ziþ1¼λzi1−zi
ðÞþβx2
iziþαy3
i:
Here the above equations exhibit the chaotic behavior for 3.35 <λ<3.81,0<β<0.022,0<α
< 0.015 and xi,yi,zi∈(0, 1). Component wise plots of this chaotic system are presented in the
Figs. 2,3and 4.
We iterate this map 256 by 256 times to generate three different keys. After generation of
required length of keys, we use them for the pixel scrambling of each layer of the image.
Suppose I(i, j) be the plain image of dimension 256 ×256.Hereisignifies the location of pixel
on X-axis and jsignifies the location of pixel on Y-axis. After permutation we get the image I′
(i, j). Figures 10,11,12 and 13 depicts the results after applying permutation keys on each
channel of the input image.
5.2 Pixels mixing
After permutation, we have image I′(i, j). In the Pixels mixing process, we use triplet
of S-boxes generated in section 3. For pixels mixing XOR operation is used. In each
Fig. 2 Plot of X component of 3D logistic map
Fig. 3 Plot of Y component of 3D logistic map
Multimedia Tools and Applications (2020) 79:26885–26911
26894
layer of permuted image different S-box is XORed to achieve high level of security
and complexity. The process in summarized in the Fig. 5.R’(i, j), G’(i, j)andB′(i, j)
are splits layers of permuted image, Re(i, j), Ge(i, j), Be(i, j) are encrypted channels of
the image. After combining these encrypted channels we get Ie(i, j), which is ciphered
image.
Pictorial view of the original image and the images obtained during encryption process is
presented in the Figs. 6,7,8,9,10,11,12,13,14,15,16 and 17.
6Security analyses
To determine the strength of proposed encryption scheme, we perform an image encryption
experiment on “baboon”image of dimensions 256 and examine the encrypted image through
some standard analyses like, histogram analysis, correlation analysis, UACI and NPCR etc.
Fig. 4 Plot of Z component of 3D logistic map
Fig. 5 Flow chart for XOR operation
Multimedia Tools and Applications (2020) 79:26885–26911 26895
Fig. 6 Original image
Fig. 7 Red layer
Fig. 8 Green layer
Multimedia Tools and Applications (2020) 79:26885–26911
26896
Fig. 9 Blue layer
Fig. 10 Permuted image
Fig. 11 Permuted red layer
Multimedia Tools and Applications (2020) 79:26885–26911 26897
Fig. 12 Permuted green layer
Fig. 13 Permuted blue layer
Fig. 14 Encrypted image
Multimedia Tools and Applications (2020) 79:26885–26911
26898
6.1 Histogram analysis
The histogram of the plain-image and cipher image are presented in the Figs. 18 and
19. We found that the histograms of the ciphered image have a uniform distribution
which highlights the usefulness of the algorithm, as all the 256 Red, Green and Blue
(RGB) channels present the same prospect.
6.2 Key space analysis
The key space is the entire number of different keys used in the encryption/decryption
process. For an effectual cryptosystem, the key space should be adequately large enough
to resist the brute-force attacks. In the first case of proposed algorithm we have 256!
Different choices to define affine function and from the action of PGL(2, GF(28)) on
Fig. 15 Encrypted red layer
Fig. 16 Encrypted green layer
Multimedia Tools and Applications (2020) 79:26885–26911 26899
Im(f)=GF(28), we can construct 16,776,960 number of S-boxes [1]. Similarly, for
second case; we have 256 different choices for scalar functions and then for projection
we have 16,776,960 choices for parameters. Hence combining all possibilities, we have
large enough key space to defend the brute force attack. At initial stage; in both cases we
have number of choices for defining affine and scalar multiple functions, these choices
are additional edge in producing very large number of S-boxes.
6.3 Correlation analysis
The correlation analysis partitioned into three different categories. It executes on upright,
horizontal, and slanting formats. The association of a pixel to its neighbor is measured by this
analysis. During this analysis, the texture of the whole image kept into consideration. The
mathematical formulation of this analysis is
Fig. 17 Encrypted blue layer
Fig. 18 Histogram of original image
Multimedia Tools and Applications (2020) 79:26885–26911
26900
K¼∑
i;j
i−μiðÞj−μjðÞpi;jðÞ
σiσj
:
Figures 20,21,22,23,24, and 25 expressed the correlation of adjoining pixels in the
horizontal, vertical, diagonal and antidiagonal directions of the plain and encoded image
respectively. The connection between the original plain pixel interpreting apparent linear
relationship and in the encrypted image pixels of random correspondent relations are visible.
The end results of the correlation examination are accessible in the Table 6.Forabest
encryption conspire, the correlation results must be equivalent to zero or ways to deal with
zero. This table indicates the correlation of original image is almost close to 1 and the
correlation of encrypted image is closer to 0.
Table 6also indicates that the correlation of the encrypted image is closer to 0 and is better
as compared to another scheme presented in [20,26](Table7).
Fig. 19 Histogram of encrypted image
Fig. 20 Horizontal correlation of original image
Multimedia Tools and Applications (2020) 79:26885–26911 26901
6.4 Entropy
In an image, the amount of entropy is accompanying to the arrangement of objects
which assist the humans to identify image. The process of replacement of nonlinear
constituent in cryptosystem induced uncertainty in an image. The extent of unpredict-
ability brought through encryption is highly related to the certitude that the human
eye can identify the consistency in an image. The deficiency of unpredictability may
consequence in identification of the encrypted/processed image. Therefore, the extent
of entropy can deliver essential evidence about the encryption asset and is its value is
calculated by the equation
H¼∑
n
i¼0
px
i
ðÞlogbpx
i
ðÞ;
Fig. 21 Vertical correlation of original image
Fig. 22 Diagonal correlation of original image
Multimedia Tools and Applications (2020) 79:26885–26911
26902
where (xi) indicates the histogram counts. Table 7enlist the values of entropy
analysis.
The entropy value acquired in this technique is 7.9994, which is very close to the ideal
value. We have contrasted our results and right now exist work [7,17].
6.5 NPCR and UACI analysis
For the strong cryptosystem of images, the universal stipulation is that the original image is
completely stashed in its encrypted image. To estimate the strength of an encrypted image
against the differential attack, there are two most probable techniques; a number of pixels
change rate (NPCR) and unified average changing Intensity (UACI).
The NPCR (Number of pixels changing rate) [33] contemplate two encoded images only
diverge by the one pixel, If one of the images is signified by C1(i, j) and the next by C2(i, j),
Fig. 23 Horizontal correlation of encrypted image
Fig. 24 Vertical correlation of encrypted image
Multimedia Tools and Applications (2020) 79:26885–26911 26903
then NPCR is assessed as;
NPCR C1;C2
ðÞ¼
∑
i;j
Di;jðÞ
T100%;
Where T is the total number of pixels and D(i, j) is defined as
Di;jðÞ¼ 0;if C1i;jðÞ¼C2i;jðÞ
1;if C1i;jðÞ≠C2i;jðÞ
:
The UACI (Unified average changed intensity) [33] is intended to test the quantity of changing
pixels and the quantity of arrived at the midpoint of changed power between encoded image,
separately, when the contrast between plain image is inconspicuous (typically a solitary pixel).
Precisely this analysis is signified by the formula,
UACI C1;C2
ðÞ
¼1
MXN ∑
M−1
i¼0
∑
N
j¼0
Di;jðÞ−Pi;jðÞ
jj
FT100%;
Where F denotes the largest supported pixel value compatible with the cipher text image
format and D(i, j) is defined as:
Di;jðÞ¼ 0;if C1i;jðÞ¼C2i;jðÞ
1;if C1i;jðÞ≠C2i;jðÞ
:
Fig. 25 Diagonal correlation of encrypted image
Table 6 Comparison of correlation among adjacent pixels
Related Systems Original image Proposed Ref. [26]Ref.[20]
Horizontal 0.9103 −0.000165 0.0665 0.00039
Vertical 0.8841 −0.000274 0.0407 0.00036
Diagonal 0.8549 −0.000284 −0.0069 0.00010
Multimedia Tools and Applications (2020) 79:26885–26911
26904
To get the strong encryption algorithm for images, the values of NPCR should be substantial
than 99% and UACI values should be closer to 33%. Results of NPCR and UACI
and comparison of proposed scheme with some other schemes [7,20,26,33]isgiven
in the Table 8.
These results show that the proposed technique for image encryption has raised
NPCR and pertinent UACI values. Higher NPCR values have shown that each pixel
position is randomized exaggeratedly. And the pertinent UACI values presented that
nearly every level of a grey pixel in the proposed encrypted algorithm are altered. For
each RGB channel, NPCR values of proposed encrypted scheme are greater than the
other referred schemes and UACI values are greater than the schemes presented in
reference [7,26]. So, the comparison depicts that the proposed encryption algorithm
has competent diffusion properties, which indicate its high resistance against algebraic
attacks.
6.6 Randomness test for cipher
Uniform distribution, long period and high complex nature of the output are the key
properties to take note of the security strength of a cryptosystem. By a definite end
target to accomplish these preconditions, we used NIST SP 800–22 [23] for testing
the randomness of digital images. A part of these tests includes many subclasses. The
distorted baboon digital image is cast-off to catch all NIST tests. The ciphered data is
made by the proposed RGB image encryption scheme of a colored baboon plain
image of dimension Ā.Table9shows the outcomes of the tests. Remarkably our
proposed digital image encryption tool capably passes the NIST tests. Hence, due to
the skillful outcomes, the designed random cryptosystem used for RGB image en-
cryption constructed via triplet S-boxes be professed that are very irregular in its crop
Table 7 Comparison of Entropy
Analysis Images Entropy
Proposed 7.9994
Ref. [7] 7.9992
Ref. [17] 7.9991
Table 8 Comparison of proposed and reference schemes
Image name Image size 256 × 256
Baboon Analysis Layers Proposed Ref. [26]Ref.[20]Ref.[33]Ref.[7]
NPCR Red 99.4583 99.7299 99.6056 94.5864 99.6338
Green 99.3358 99.3289 99.6105 95.6835 99.5483
Blue 99.5010 99.4029 99.5956 98.6810 99.5972
UACI Red 33.4837 33.7275 33.4571 33.4647 33.3756
Green 33.4639 33.2510 33.4763 34.5058 33.5518
Blue 33.2689 33.2213 33.4852 35.4999 33.5145 M
Multimedia Tools and Applications (2020) 79:26885–26911 26905
6.7 Occlusion attack
At the point when computerized images are transmitted through networks, a few data
might be lost on account of blockage in the network or vindictive annihilation [17].
Occlusion attack analysis is utilized to test the limit of recuperating unique images
from cipher images regardless of whether some piece of it has been lost or blocked.
The occlusion analysis of images is appeared in Figures 26,27,28,29,30 and 31.
In these figures, the segments, Cipher Occlusion 1, Cipher Occlusion 2, Cipher Occlusion
3 demonstrate the loss of image data in various regions which may almost certainly occur
while transmission. The comparing decrypted or recovered images are appeared in the
remainder of the segments. It is obviously apparent from the Figs. 29,30 and 31 that the
images can be decrypted in a decipherable or justifiable structure regardless of whether a
few pieces of cipher image are lost.
Table 9 NIST test results for proposed encrypted image
Test P–values for color encryptions of ciphered image Results
Red Green Blue
Frequency 0.2823 0.59086 0.4292 Pass
Block frequency 0.8988 0.21487 0.71781 Pass
Rank 0.29191 0.29191 0.29191 Pass
Runs (M = 10,000) 0.69437 0.21914 0.38768 Pass
Long runs of ones 0.7127 0.7127 0.7127 Pass
Overlapping templates 0.85988 0.85988 0.85988 Pass
No overlapping templates 0.95715 1 0.9994 Pass
Spectral DFT 0.30979 0.88464 0.081659 Pass
Approximate entropy 0.013847 0.82725 0.70397 Pass
Universal 0.99716 0.98964 0.98956 Pass
Serial pvalues1 0.0022627 0.61929 0.70533 Pass
Serial pvalues2 0.00044814 0.99438 0.90991 Pass
Cumulative sums forward 0.34767 0.35256 0.23783 Pass
Cumulative sums reverse 1.2649 0.91462 0.88005 Pass
Random excursions X=−49.9281e-05 0.24498 0.55893 Pass
X=−30.62172 0.078723 0.81689 Pass
X=−20.81797 0.17256 0.7631 Pass
X=−10.75125 0.94318 0.77296 Pass
X=1 0.9725 0.7583 0.93709 Pass
X=2 0.52568 0.34004 0.29291 Pass
X=3 0.73909 0.78446 0.014187 Pass
X=4 0.6243 0.1531 0.62343 Pass
Random excursions variants X=−50.59244 0.67999 1 Pass
X=−40.96542 0.46236 0.85859 Pass
X=−30.91828 0.47677 0.56208 Pass
X=−20.59624 0.54029 0.45419 Pass
X=−10.3588 0.59588 0.63735 Pass
X=1 0.4913 0.4795 0.4795 Pass
X=2 0.6911 0.54029 0.19608 Pass
X=3 0.68152 0.63526 0.63526 Pass
X=4 0.63343 0.54762 0.50404 Pass
X=5 0.56628 0.55569 0.38746 Pass
Multimedia Tools and Applications (2020) 79:26885–26911
26906
7 Conclusion
On the basis of commutative chain ring R9a new algorithm has been developed by
which one could generate a large number of 8 × 8 S-boxes triplets. The erection
method utilized the group MGkof units of R9and M¼R9−MGk:The new algorithms
Fig. 26 Cipher occlusion 1
Fig. 27 Cipher occlusion 2
Multimedia Tools and Applications (2020) 79:26885–26911 26907
of triplet of S-boxes certified random values in initial domain of transformation. The
strength of the newly created S-boxes triplet was first measured and then their
comparison has been given with AES, APA, Prime, Gray, Xyi, Skipjack, S8AES,
Lui and S-boxes presented in [2,21,28,30–32,35]. Furthermore, intention of this
work was the accomplishment of an innovative encryption scheme for RGB images
based on triplet of S-boxes. Afterwards, the newly constituted algorithm is applied to
explicit parameters to affirm its quality. To fix the rank of proposed 8 × 8 S-boxes a
comparison of the results of various color image quality measures with color image
encryption has been made. The proposed color image encryption depending on triplet
of S-boxes, has been given and assessed its strength through well-known texture,
Fig. 28 Cipher occlusion 3
Fig. 29 decrypted occlusion 1
Multimedia Tools and Applications (2020) 79:26885–26911
26908
statistical analysis, NIST tests and occlusion attack. We examine that our algorithm is
robust against the brute force attacks due to huge key space. Whereas, the NPCR and
UACI, the basic measures employed for differential analyses were also satisfactory.
Experimental results allow to conclude that this algorithm outperforms existing
schemes in term of protection.
Fig. 30 decrypted occlusion 2
Fig. 31 decrypted occlusion 3
Multimedia Tools and Applications (2020) 79:26885–26911 26909
References
1. Atlab A, Saeed SM, Hussain I, Aslam M (2017) An algorithm for the construction of substitution boxes for
block ciphers based on projective general linear group. AIP Adv 7:035116
2. Belazi A, El-Latif AAA (2017) A simple yet efficient S-box method based on chaotic sine map. Optik 130:
1438–1444
3. Biham E, Shamir A (1991) Differential cryptanalysis of DES-like cryptosystems. J Cryptol 4:3–72
4. Crama Y, Hammer PL (2011) Boolean functions: theory, algorithms, and applications. Cambridge
University Press
5. Cui L, Cao Y (2007) A new S-box structure named affine-power-affine. International Journal of Innovative
Computing, Information and Control 3:751
6. Detombe J, Tavares S (1992) On the design of S-boxes. Advances in cryptology: proceedings of CRYPTO-
92. Lecture notes in Computer Science
7. Farah MB, Guesmi R, Kachouri A, Samet M (2019) A novel chaos based optical image encryption using
fractional Fourier transform and DNA sequence operation. Optics & Laser Technology 121:105777
8. Feng D, Wu W (2000) Design and analysis of block ciphers
9. Haralick RM, Shanmungam K, Dinstein I (1973) Textural features of image classification. Transactions on
systems, man and cybemetics, IEEE 3:610
10. Helleseth T, Klove JM (1978) On the covering radius of binary codes. Transactions on Information Theory,
IEEE 24:627–628
11. Hou XD (2007) Commutative chain rings. Wright State University, Dayton
12. Hussain I, Shah T, Gondal MA, Khan M, Khan WA (2011) Construction of new S-box using a linear
fractional transformation. World Appl. Sci. J 14:1779
13. Hussain I, Shah T, Mahmood H (2010) A new algorithm to construct secure keys for AES. International
Journal of Contemporary Mathematical Sciences 5:1263
14. Hussain I, Shah T, Mahmood H, Gondal MA (2013) A projective general linear group based algorithm for
the construction of substitution box for block ciphers. Neural Comput & Applic 22:1085–1093
15. Hussain I, Shah T, Mahmood H, Gondal MA, Bhatti UY (2011) Some analysis of S-box based on residue of
prime number. Proc Pak Acad Sci 48:111
16. Jamal SS, Shah T, Attaullah (2017) A group action method for construction of strong substitution box. 3D
Res 8:12
17. Jithin KC, Sankar S (2020) Color image encryption algorithm combining, Arnold map, DNA
sequence operation, and a Mandelbrot set. Journal of Information Security and Applications 50:
102428
18. Khanna VK (1998) A course in abstract algebra. University of Dehli, Second revised edition
19. Kim J, Phan RCW (2009) Advanced differential-style cryptanalysis of the NSA's skipjack block cipher.
Cryptologia 33:246–270
20. Kumar M, Mohapatra RN, Agarwal S, Sathish G, Raw SN (2019) A new RGB image encryption using
generalized Vigenére-type table over symmetric group associated with virtual planet domain. Multimed
Tools Appl 78:10227–10263
21. Liu L, Zhang Y, Wang X (2018) A novel method for constructing the S-box based on spatiotemporal
chaotic dynamics. Appl Sci 8:2650
22. Matsui M (1993) Linear cryptanalysis method for DES cipher. In Workshop on the Theory and Application
of Cryptographic Techniques Springer, Berlin, Heidelberg, pp 386
23. Pareschi F, Rovatti R, Setti G (2012) On statistical tests for randomness included in the NIST SP800-22 test
suite and based on the binomial distribution. Transactions on Information Forensics and Security, IEEE 7:
491–505
24. Rothaus OS (1976) On bent functions. Journal of Combinatorial Theory, Series A 20:300–305
25. Shah T, Jahangir S, Andrade A (2017) Design of new 4 X 4 S-boxes from finite commutative chain rings.
Comput Appl Math 36:843–857
26. Shah D, Ul Haq T, Shah T (2018) Image encryption based on action of projective general linear group on a
Galois field GF(28). International conference on applied and Engineering mathematics, IEEE 6:38
27. Shah T, Ussain I, Gondal MA, Mahmood H (2011) Statistical analysis of S-box in image encryption
applications based on majority logic criterion. Int. J Phys Sci 6:4110
28. Shahzad I, Mushtaq Q, Razaq A (2019) Construction of new S-box using action of quotient of the modular
group for multimedia security. Security and Communication Networks 2019
29. Tran MT, Bui DK, Duong AD (2008) “Gray S-box for advanced encryption standard”, computational
intelligence and security, 2008. IEEE 1:253
30. Ullah A, Jamal SS, Shah T (2017) A novel construction of substitution box using a combination of chaotic
maps with improved chaotic range. Nonlinear Dynamics 88:2757
Multimedia Tools and Applications (2020) 79:26885–26911
26910
31. Wang X, Akgul A, Cavusoglu U, Pham VT, Vo Hoang D, Nguyen X (2018) A chaotic system with infinite
equilibria and its S-box constructing application. Appl Sci 8:2132
32. Wang Y, Lei P, Wong KW (2015) A method for constructing bijective S-box with high
nonlinearity based on chaos and optimization. International Journal of Bifurcation and Chaos
25:1550127
33. Wu Y, Noonan JP, Agaian S (2011) NPCR and UACI randomness tests for image encryption. Cyber
journals: multidisciplinary journals in science and technology, Journal of Selected Areas in
Telecommunications 1:31
34. Yi X, Cheng SX, You XH, Lam KY (1997) A method for obtaining cryptographically strong 8×8 S-boxes.
In Global Telecommunications Conference, IEEE 2:689
35. Zahid AH, Arshad MJ (2019) An innovative Design of Substitution-Boxes Using Cubic Polynomial
Mapping. Symmetry 11:437
Publisher’snote Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.
Saira Jahangir An active researcher in cryptography, and a Ph.D. scholar in Department of Mathematics at
Quaid-i-Azam University, Islamabad, Pakistan.
Tariq Shah Currently serving as Professor in Department of Mathematics at Quaid-i-Azam University,
Islamabad, Pakistan. His topics of research are commutative algebra, algebraic coding theory, cryptography,
wireless communication, generalization of algebraic sructure, fuzzy and soft structures in development of
economics.
Multimedia Tools and Applications (2020) 79:26885–26911 26911