1 Introduction

Substitution boxes (S-boxes) have been extensively used in almost all conventional cryptographic algorithms, such as data encryption standard (DES) and advanced encryption standard (AES). S-boxes are the only nonlinear components in these cryptosystems. The strength of cryptographic algorithms is determined by these nonlinear S-boxes, so the construction of cryptographically strong S-boxes is important in the design of secure cryptosystems. S-boxes are usually designed using the nonlinearity criteria of [117], inspired by linear and differential cryptanalysis [18, 19]. It is the objective of most designs to keep the maximum differential and linear approximation probabilities of an S-box as small as possible [20]. Recently, chaos has attracted significant attention of researchers in the design of new cryptosystems [2124]. Many methods have been proposed to design S-boxes based on chaos. In this letter, we compare our results with the latest results of studies by [26] and [27]. In [21], Jackimoski and Kocarev proposed a method for designing chaotic S-boxes based on the chaotic logistic map. The four-step process is based on the N-th iteration of a chaotic logistic map, where they choose N=1000. In [25], Chen et al. proposed another method to obtain 8×8 S-boxes in three steps by employing a Chebyshev map and a 3D Baker map. We propose a method based on the NCA chaotic map. The remainder of this paper is organized as follows. Section 2 gives a detailed description of our method of constructing the S-box. Section 3 presents an analysis of the resulting S-box, and the conclusion follows in Sect. 4.

2 The proposed scheme

The method proposed is as follows. An 8-bit sequence of binary random variables is generated and is turned into a decimal integer; if the integer exists then we will iterate the NCA chaotic sequence successively. In this way, an integer table in the range of 0–28 can be obtained. The mathematical expression of the proposed scheme is in the following.

Boolean function is a function that returns values 0 or 1. Generally, one takes a sequence of bits as an input and produces 1 bit as an output. In [28], an approach to generate an NCA sequence is proposed, which can be seen as a Boolean function. The procedure is as follows.

NCAS system was projected by Professor Yuan Sheng Lee, who proposed a two-dimensional chaotic system [29] in 2004; the two-dimensional chaotic system is a new domain-wide discrete chaotic system with zero correlation and a stable probability distribution [29, 30]. The mapping equation is

The ith bit d i (X) can be expressed as

$$ d_{i}(X) = \sum_{g = 1}^{2^{i} - 1} ( - 1)^{g - 1}\chi_{(g/2^{i})} (X) $$
(1)

where \(\chi_{(g/2^{i})}(X)\) is a threshold function which is defined as

$$\chi_{(g/2^{i})}(X) = \left \{ \begin{array}{l@{\quad}l} 0 & X < (g/2^{i}) \\ 1 & X \ge(g/2^{i}) \end{array} \right . $$

As a result of a binary sequence,

where

$$X_{N} \in(0,1),\quad n = 0,1,2,\ldots $$

The ranges of parameters λ, α and β are discussed in the following. Firstly, they are positive. Secondly, the absolute value of the slope of the curve at a fixed point should not be less than 1 [3], and x N+1>x N when X N =1/(1+β), therefore λ may be defined as

$$\lambda = \mu.\mathrm{ctg}\biggl( \frac{\alpha}{1 + \beta} \biggr).\biggl( 1 + \frac{1}{\beta} \biggr)^{\beta},\quad \mu > 0 $$

Finally, a parameter μ is obtained by experimental analysis: μ=1−β −4. So the NCA map is defined as:

where x n ∈(0,1),α∈(0,1.4],β∈[5,43], or x n ∈(0,1),α∈(1.4,1.5],β∈[9,38], or x n ∈(0,1),α∈(1.5,1.57],β∈[3,15]. The ranges of and β are obtained by iteration experimental analysis. In [20], many experiments have been done to show that the NCA map is truly chaotic.

3 Analysis

In this section, a detailed analysis of the S-box created using the method described in Sect. 2 is presented and compared with those presented in [26, 27]. The proposed S-box very close satisfies all the criterions to the optimal value as compared with Refs. [26] and [27]. The strength of proposed substitution box of Table 1 are shown in Table 2.

Table 1 The proposed chaotic S-box
Full size table
Table 2 Comparison of nonlinearity, strict avalanche criterion (SAC), bit independence criterion (BIC), linear approximation probability (LP), and differential approximation probability (DP) of the proposed S-box with reputed S-boxes
Full size table

4 Conclusion

In this letter, we proposed a novel method for constructing cryptographically strong S-boxes based on the NCA chaotic systems. The maximum differential and linear approximation probabilities of the constructed S-box, calculated for a typical initial condition, are very low compared to recently proposed chaotic S-boxes [21, 25]. Our method is also very simple in comparison. We compare the nonlinearity, strict avalanche criterion, bit independence criterion, differential approximation probability and linear approximation probability of proposed S-box with [26] and [27], and conclude that the proposed box is much more secure than the ones in [26] and [27]. Although the overall distribution of differentials is not uniform, like that of differentials of an AES S-box, the linear approximation probability of the S-box constructed by our method is even lower than that of the AES S-box, although the differential approximation probability is slightly higher.