1 Introduction

Today's information systems, from email to mobile communications, heavily rely on cryptography. Examples include secure web access to digital currencies. The use of cryptography enhances confidentiality, fairness, accuracy, and accountability. Ensuring that financial transactions are authentic, it can aid in safeguarding electronic commerce from fraud. You can use it to keep your identity a secret or to confirm it. Vandals won’t be able to interfere with your website, and your important material won’t be read by business rivals. Cryptography will become even more important as trade and communications move to computer networks. It secures communications and data by enforcing a set of regulations that limit access to and processing of data to just those who are supposed to use it.

Although it is today most closely linked to the terms encryption and decryption, cryptography is commonly known as the study of secrets. To safeguard data from data thieves, plain text that is visible is converted into ciphertext, which is hidden. Researchers employ encryption to ensure that material is concealed from anyone for whom it is not intended, including those who are able to view the encrypted data. Understanding ciphertext, which is at the other end of the process, requires decoding. In symmetric block ciphers, the S-box is a key element that is essential to ensuring the security of the system. By establishing an exclusive link between plaintext and ciphertext, the S-box causes data to get muddled [52].

Today, cryptography plays a crucial role in a number of fields. Satellite remote-sensing images have been used in many aspects of people's life due to the rapid growth of remote-sensing technology. It is critical to encrypt remote sensing photos as well as digital and medical photographs since they contain sensitive information such as land profiles and military secrets [28]. For the past 20 years, face verification has been the subject of extensive research. One of the challenges is that there is rising concern about the template database's security and privacy [30]. Author, [9], provides a face verification system with security that creates a distinct, secure cryptographic key from a face template. After processing, the face photos are turned into face templates or codes that can be used for both encryption and decryption operations. With Advanced Encryption Standard, the identity data obtained is encrypted.

The use of medical image encryption has grown significantly in recent years. The diagnosis of a variety of disorders depends heavily on the use of medical imaging techniques such as magnetic resonance imaging (MRI), computed tomography (CT), X-rays, and ultrasound. The internet has seen quick advancements in terms of sharing and exchanging vast volumes of information. To protect patients' sensitive information during the transmission of medical images, these medical data should be communicated through a secure communication channel; otherwise, a false diagnosis could result from the attacker capturing and tampering with the provided medical image. As a result, transmitting medical images while maintaining confidentiality and integrity became quite difficult. In order to safeguard the medical images exchanged via a public network, extra care must be taken. Cryptography, steganography, and watermarking are common methods used in medical image security [29, 37]. Due to the frequent data exchange over the internet, data concealing in video streams have become more common in the modern world. Compared to hiding inside images, hiding the data in video streams offers more security and increased embedding capacity. The amount of information that must be integrated into the video is growing, and this could negatively affect the quality of the video, making it unsuitable for some appliances. High visual quality, enhanced concealing capacity, and video stream size is the key issues with data hiding in videos [56, 60].

The following format is used in this document: The relevant work is under Section 2. The terms S-box, Catalan number, and elliptic curve are defined in Section 3. Section 4 presents the proposed scheme for S-box production. In Section 5, the algebraic analyses of these S-boxes are presented. Section 6 provides a description of the statistical analyses. Lastly, Section 7 provides a summary of this study's findings.

2 Related work

There are several ideas in the literature for making S-boxes. Well-known S-boxes have been described as producing data misinterpretation in the literature [6, 15, 21, 27, 35]. On the basis of various mathematical frameworks, several academics have devised numerous S-box generation techniques. A good S-box was reportedly obtained by employing a coset diagram and a bijective map in [45]. By combining a chaotic tent-sine system and the Mobius transformation, the authors create robust S-boxes [26]. For the creation of S-boxes, the authors [7] proposed a novel method based on symmetric group permutation. In [4], the authors presented a brand-new S-boxes method using a projective general linear group. Using coset diagrams for the action of a quotient of the modular group on the projective line over the finite field, as well as the Fibonacci sequence for the selection of vertices of the coset diagram, the authors proposed an S-box in [51]. In [48], a fresh idea for the S-box was put out, which was based at the idea of coset graphs and symmetric groups. By specifying various total orders in [13], researchers created an effective technique for producing S-boxes based on a class of Mordell elliptic curves (MECs) over prime fields. The authors developed an effective technique for generating a large number of different, mutually uncorrelated, and cryptographically robust, and uncorrelated injective S-boxes based on ordered isomorphic elliptic curves [12]. In [47], a straightforward technique for making S-boxes were studied using the cyclic and symmetric group. Using the composition of the inversion function and the effect of the S8 symmetric group on the Galois field, the authors of [40] proposed a novel strategy. Table 1 lists some newly proposed S-boxes, the design approaches used to make them, as well as their cryptographic features, such as nonlinearity and differential approximation probability.

Table 1 Latest S-boxes design techniques with cryptographic properties
Full size table

In this research, we propose a new and effective approach for constructing secure S-boxes based on the Catalan number and the elliptic curve. S-boxes have not yet been created using the Elliptic Curve and Catalan numbers. The combination of the Catalan number plus an elliptic curve yields S-boxes. We used algebraic analyses such as nonlinearity, strict avalanche criterion, bit independence criterion, differential and linear approximation probabilities to examine the cryptographic strength of the proposed S-boxes in accordance with the National Institute of Standards and Technology (NIST) standards. In order to encrypt images, we also used the newly proposed S-boxes. We then performed statistical analysis on both plain and encrypted images using the majority logic criterion.

3 Preliminaries

In this part, we will go over the fundamentals of S-box, elliptic curve cryptography, and Catalan number.

3.1 Substitution box

Claude Shannon first presented the concept of the S-box in 1949 [52]. S-boxes play a vital role in each block cipher cryptography. For each block cipher (S-box), nonlinear components are essential for secure communication. Confusion is an important characteristic, which is only done by S-box in enciphering digital information. S-box is commonly used in block ciphers to hide the connection between the key and the ciphertext, Shannon’s property of confusion. A multivalued Boolean function S known as a substitution box maps n-inputs to m-outputs.

$$S:{Z}_2^n\longrightarrow {Z}_2^m$$

Typically, S-Box takes a certain amount of input bits n and turns them into a certain amount of output bits m, and then returns the result.

3.2 Catalan number

In the fields of combinatorics and computer science, Catalan numbers play a vital role and have a considerable impact. In investigating an astoundingly large number of combinatorial problems, they form a sequence of natural numbers. Nowadays, computational geometry, geographic information systems, geodesy, cryptography, and medicine are the application of the engineering fields where Catalan numbers are used. In computational geometry problems, they are typically employed in geometric modelling. They aid in the creation of keys used in cryptography to transmit data securely.

Catalan numbers are a group of natural numbers that appear in a wide range of counting problems, the majority of which involve recursively-produced objects. They were named after Belgian mathematician “Eugene Charles Catalan (1814–1894)” [44]. Using binomial coefficients, the nth Catalan number is derived as,

$${C}_n=\frac{1}{n+1}\left(\genfrac{}{}{0pt}{}{2n}{n}\right)=\frac{(2n)!}{\left(n+1\right)!n!}=\prod_{k=2}^n\frac{n+k}{k};\kern0.75em \textrm{for}\ n\ge 0$$

3.3 Elliptic curve cryptography

For the first time in 1985, Neal Koblitz [34] and Victor Miller [39] independently proposed Elliptic Curve (EC) cryptography algorithms. A non-singular cubic curve in two variables f(x, y) = 0, with a rational point is an EC over a field K. The field K is widely used to represent complex numbers, reals, rationals, and algebraic extensions of rationals, as well as a finite field [5].

A prime field Fp with p elements, where p is a prime number. There is exactly one prime field Fp for each prime p number. The elliptic curve on field Fp is defined as the following for any two integers of Fp, let's assume a and b,

$${E}_{a,b}\left({F}_p\right)=\left\{\left(x,y\right)\in {F}_p^2|\left({\textrm{y}}^2={x}^3+ ax+b\right)\left(\mathit{\operatorname{mod}}\ p\right),\kern0.5em a,b,x,y\in {F}_p\right\}\cup \left\{O\right\}$$

Given that 4a3 + 27b2 ≠ 0 and O represent the infinite point. The discriminant of the elliptic curve is 4a3 + 27b2 [19].

4 Proposed scheme

We'll look at a simple way for creation of S-boxes in this part. The creation of S-boxes is based on the Catalan number and the elliptic curve's composition.

Figure 1 depicts the two halves of the suggested approach for the creation of an S-box, the first of which comprises four crucial phases. An EC is defined in the first phase. Modulo 256 is then applied on EC. The first S-box is then obtained by using a = 789, b = 713, and p = 25851. Three crucial phases make up the second section: first, we defined a Catalan number, and then we obtained the second S-box by applying the formula k = 8, n = 1 : 300. We obtain the final S-boxes by composing these S-boxes.

Fig. 1
figure 1

Proposed methodology for S-box design

Full size image

The proposed algorithm consists of the essential phases outlined below:

  • Step 1: Define a Catalan number as,

    $${C}_n=\prod_{k=2}^n\frac{n+k}{k};\kern1em for\ n\ge 0$$

We generate an algorithm using this equation for k = 8 and n = 1 : 300 to obtain an S-box, but this S-box doesn't have good cryptographic properties and for secure communication, this S-box is not regarded as being particularly powerful. To improve the cryptographic features of this S-box, we go to the next step.

  • Step 2: a and b are two distinct elements to be chosen from Fp, where p is a huge prime number. The large value of p is used to produce an elliptic curve with at least 256 unique members. Create the EC Ep(a, b) by using the equation,

    $${y}^2=\left({x}^3+ ax+b\right) modp$$

  • Step 3: Now, apply modulo 256 on Ep(a, b) to get \({E}_p^{255}\left(a,b\right)\). This action is used to limit the values of Ep(a, b) in the range 0–255.

  • Step 4: Finally, by the selection of a = 789, b = 713, and p = 2851, S-box is generated.

  • Step 5: The final S-boxes were created by the composition of the Catalan number and the elliptic curve S-boxes. This composition gives us the desired S-boxes which were presented in Tables 2 and 3.

Table 2 The final S-box-1 creation by the offered algorithm
Full size table
Table 3 The final S-box-2 creation by the offered algorithm
Full size table

5 Results, analysis, comparison

At this point, to study the attributes of proposed S-boxes, we utilized the algebraic tests such as NL, SAC, BIC, DAP, and LAP. Furthermore, we also compare our proposed S-boxes to various existing S-boxes in the literature, as shown in Tables 5, 9, and 11.

5.1 Nonlinearity

A distance between the function itself and the set of all affine functions can be used to describe nonlinearity for a Boolean function. Nonlinearity refers to the number of bits that must be transferred to a Boolean function's truth table in order to achieve the nearby affine function. For the S-box over the Galois field GF(2n), the nonlinearity is \(N(f)={2}^{n-1}-{2}^{\frac{n}{2}-1}\). Because the S-box in the advanced encryption standard is in GF(28), the highest nonlinearity value is 120. Table 4 shows that the proposed S-box-1 has nonlinearity scores of 106, 106, 102, 106, 106, 108, and 104, with the least nonlinearity being 102, maximum nonlinearity being 108 and average nonlinearity score being 105.50. Proposed S-box-2 has nonlinearity scores of 104, 106, 108, 102, 104, 106, 108, and 96, with the least nonlinearity being 96, maximum nonlinearity being 108 and average nonlinearity score being 104.24 respectively.

Table 4 Nonlinearity of proposed S-boxes
Full size table

Table 5 compares the nonlinearity scores of the newly proposed S-boxes to those of previously published S-boxes, which are available in the literature. Table 5 shows that the average nonlinearity rating of the newly proposed S-boxes, with the exception of a few S-boxes, is greater than the mean nonlinearity rating of the majority of various existing S-boxes in literature and generally on par with other strong S-boxes.

Table 5 Nonlinearity scores for different S-boxes
Full size table

5.2 Strict avalanche criterion

The SAC is reliant on modifying the input and output bits. An S-box fulfills SAC, when a single bit on the input changes and half of the output bits change as well. When using S-box to create a Substitution Permutation (S-P) network, a single exchange in the network's input cause an avalanche of adjustments. Table 6 indicates the outcomes of applying the strict avalanche criterion.

Table 6 Results of SAC
Full size table

5.3 Bit Independence criterion

A cryptographic structure essentially carries the output bits independence criterion. This was first mentioned by Detombe and Tavares [16]. It requires all the avalanche variables pairwise however independent of a given set of avalanche vectors. The complementing of a single plaintext bit generates these vectors. Table 7 shows the outcomes of the BIC analysis of the proposed S-box-1, whereas Table 8 shows the BIC results for SAC. The score for BIC is 103.

Table 7 Bit independence criterion of proposed S-box-1
Full size table
Table 8 Bit independence criterion results for strict avalanche criterion
Full size table

The average SAC scores of our proposed S-boxes are 0.500 and 0.515 respectively, indicating that the proposed S-boxes effectively justify SAC. Furthermore, the average BIC score is 103 and 103.5, indicating that our proposed S-box-1 meets BIC analyses. Table 9 shows a comparison of the proposed S-boxes’ SAC and BIC scores with the SAC and BIC scores of S-boxes published in the literature, demonstrating that our S-boxes outperform various other S-boxes.

Table 9 Performance valuation of SAC and BIC scores
Full size table

5.4 Differential approximation probability

The important property of the non-linear transformation of an S-box is differential uniformity, which makes it unique. The input differential \({D}_{x_i}\) maps the output differential \({D}_{y_i}\), ensuring uniform mapping probability for each. The probability of a given S-box being a measure for differential uniformity can be written as,

$$D{P}^s\left(\Delta x\longrightarrow \Delta y\right)=\left[\frac{\#\left\{x\in Xj|S(x)\oplus S\left(x\oplus \Delta x\right)=\Delta y\right\}}{2^m}\right]$$

The highest DAP value for the proposed S-box-1 is 0.0390 according to Table 10.

Table 10 Differential approximation probability of the proposed S-box-1
Full size table

5.5 Linear approximation probability

To investigate an event of imbalance, the linear approximation probability approach is used. This quantity is used for estimating the maximum output imbalance value in an event, where x and y are the two masks that are applied to the uniformity of input bits and output bits, respectively. The probability of bias for a particular S-box is also known as the linear approximation probability and is defined as,

$$LP=\underset{\tau x,\tau y}{\max}\left|\frac{\#\left\{x|x.\tau x=S(x).\tau y\right\}}{2^n}-\frac{1}{2}\right|$$

Where set X consists all possible inputs and 2n gives the number of elements in it. The LAP of the proposed S-box-1 is 0.1328.

The LAP and DAP scores of our proposed S-boxes are compared to the LAP and DAP scores of S-boxes found in the literature in Table 11. From Table 11, it can be seen that our proposed S-boxes’ DAP values are 0.0390 and 0.0468. In addition, the LAP values of our work are 0.1328 and 0.125. These tests demonstrate that our proposed S-boxes can thwart both linear and differential cryptanalysis.

Table 11 Evaluation of DP and LAP of different S-Boxes
Full size table

6 Image encryption applications

In this stage, we give some statistical studies of the novel and popular S-boxes. The majority logic criterion (MLC) is used to evaluate the efficacy of the proposed S-box in applications of image encryption. The applicability of the S-box in encryption applications is determined by statistical analyses such as energy, contrast, correlation, entropy, and homogeneity. These investigations determined whether the S-box is acceptable for encryption applications or not. In the energy analysis, we calculate the energy of the encrypted images as processed by numerous S-boxes. The number of square elements in the co-occurrence matrix at the gray level is determined by this calculation. When compared to plain images, encrypted images have less energy. The ability to detect objects in an image is measured through contrast analysis. To achieve successful encryption, a high level of contrast is required. Table 10 summarizes the results of the statistical analyses. By researching correlation analysis, we can detect the resemblances between plain pixel patterns and encoded images. There are three different types of correlation analysis. For this reason, the vertical, horizontal, and diagonal forms are used. The correlation between adjacent pixels in the encrypted image should be close to zero. Entropy is a statistical randomness measure that may be used to characterize the texture of an image. The optimum entropy of a perfect random image is 8. The homogeneity test compares the dispersion of variables in the grey-level co-occurrence matrix (GLCM) to the inclination of the GLCM. The GLCM displays measurements as simple blends of pixel splendor values or dark stages.

As illustrated in Table 12, the proposed S-boxes deliver robust image encryption outcomes. The achieved parameters are comparable to those of the AES, Skipjack, APA, and Gray S-boxes. Plan images of Lena and Baboon obtained using the proposed S-box-1 have entropy values of 7.2248 and 7.4087, respectively, and encoded images of Lena and Baboon have entropy values of 7.2245 and 7.4087, which are nearly equal to the optimal value of 8. The image's randomness is amplified by the image's nonlinear substitution of input and output elements, which is measured by its entropy. To establish their linear independence, calculations are made to determine the relationship between the plain and encrypted images. Table 12 shows that when employing the proposed S-box-1, the correlation between plain images and their encrypted versions is 0.1940 and 0.0252, respectively. These statistics reveal a slight linear association between the pixels' input and output values. Because of this, the proposed S-boxes have good cryptographic qualities such as confusion and diffusion. The energy measure values for Lena and Baboon's plain images are 0.1075 and 0.0779, respectively. After using the S-box-1 to encrypt these plain images, we obtain energy values of 0.0218 and 0.0159, which are comparable to the energy values of AES, Skipjack, APA, and Gray S-boxes. The smaller energy metric indicates the proposed S-boxes efficient performance in image encryption. In addition, in comparison to existing S-boxes, the proposed S-boxes achieve high contrast values of over 8.5. A high value of contrast, in general, suggests that the image has greater randomness. After applying the S-box-1, the objects in the image are entirely distorted because of the nonlinearity of mapping. As a result, the encrypted image's high contrast value indicates that the encryption is robust. Lastly, homogeneity analysis is used to calculate the distance between the scattered elements of GLCM and its diagonal. The results of this statistical analysis are shown in Table 12, which demonstrates that the S-box-1 that was produced reaches satisfactory homogeneity value, suggesting that more robust encryption is feasible. As a result, as demonstrated in Table 12, the proposed S-box-1 image encryption results are comparable to recent results.

Table 12 Evaluation of MLC for proposed S-box-1 over different S-boxes
Full size table

Figure 2 shows an example image of Lena along with an encrypted image and histograms, while Figure 3 shows a simple and encrypted image of Baboon along with histograms. As illustrated in the pictures, the proposed S-boxes successfully conceal the visual data present in the plain image, suggesting their effective image encryption capacity. Because of this, we feel the S-box design is appropriate for encryption purposes.

Fig. 2
figure 2

For the Pepper image, the results of image encryption using the proposed S-box-1 (a) Plain Image (b) Plain Image's Histogram (c) Encrypted Image (d) Encrypted Image's Histogram

Full size image
Fig. 3
figure 3

For the Baboon image, the results of image encryption using the proposed S-box-1 (a) Plain Image (b) Plain Image's Histogram (c) Encrypted Image (d) Encrypted Image's Histogram

Full size image

7 Conclusion

In cryptography, the S-box is a principal device used to show a connection between plaintext and ciphertext. They play a vital role in creating confusion in data. In this study, robust S-boxes are introduced which depend on the idea of the Elliptic Curve and Catalan number. As per our information, this is the first time when Catalan number is involved in the creation of S-boxes. After construction, the outcomes of the different statistical and algebraic analyses demonstrate the eminently great cryptographic performance of our new S-boxes. As clear from the different statistical analyses, the proposed S-boxes show great results when contrasted with some notable S-boxes. The proposed S-boxes are exceptionally safe and the outcomes acquired from the various analyses are almost equivalent to the perfect ones. Therefore, it is valuable for safe communication. ECC is much more efficient than RSA for encryption and decryption, but it is still much slower than symmetric algorithms. Furthermore, this study can be expanded in the future and employed in image denoising.