1 Introduction

The objectives of a cryptographic system are to obscure information present in the plain text in order to secure the encrypted data. The integral part of creating confusion is the introduction of randomness in data at the output [37]. The random behavior of chaotic systems exhibits desirable properties suitable for nonlinear dynamic systems such as the substitution process in a cipher without independent round keys. The chaotic systems are highly sensitive to initial conditions and exhibit random behavior, which is deterministic if the initial information is available, and in the absence of this initial information, the system appears to be random to an observer. These properties are desirable and attractive in the design of cryptographic systems. The application of chaotic sequences to the construction of substitution boxes, used in Advanced Encryption Standard (AES), is capable of creating confusion and applying diffusion to the original data [27, 9, 10, 1236, 3840].

The substitution process in the AES encryption process is the only nonlinear part, which creates confusion and obscures the data. The substitution process is accomplished by the use of the substitution box (S-box) that is an array of size n×n and is defined as S:{0,1}n→{0,1}n.

Several methodologies for the construction of cryptographically strong S-boxes have been seen in literature. In [1], a method is proposed which relies on an exhaustive search to construct a new S-box. Although the proposed method yields good results, the construction of new S-boxes with large values of n is computationally complex and impractical. Keeping in view the methods used by cryptanalysis [41], an S-box of size 5×5 is presented in [11] with strong resistance to differential cryptanalysis. In addition, results show that only odd values of dimension n yield S-boxes with acceptable properties. Recently, the theory of chaos is also employed for the construction of S-boxes. In [12, 28], chaotic maps are used to generate S-boxes in multiple steps. In another construction method based on chaotic techniques [9], a three-dimensional chaotic Baker map is used to generate an 8×8 S-box. This method exhibited some attractive properties pertaining to robustness and resistance to cryptanalysis; the implementation aspects were not addressed in detail [39]. This method is further improved by the use of a continuous-time chaotic Lorenz system [32]. In order to obtain discrete data from the chaotic system, the system trajectory values are converted to digital numbers for selected time steps and a linear functional algorithm [20] is applied to these coded discrete outputs. This method exhibits cryptographically strong properties as compared to other algorithms, which synthesize S-boxes based on chaotic methods. In this paper, we mainly relate our chaotic system with linear functional transformation in order to generate a strong S-box.

The remaining sections of this paper are organized as follows: In Sect. 2, we present the mathematical background for the chaotic Lorenz system. The behavior of the trajectory based on the initial condition is also presented in this section. In Sect. 3, the performance analysis results for the new S-box. Section 4 is devoted to results and discussions. The last section presents the conclusion.

2 Chaotic Lorenz system

The Lorenz system is used to design atmospheric model in 1950 [32] and is the first numerical study of chaos. The system dynamics are represented by the following equations:

(1)

The space plots resulting from the equations in (1) are shown in Figs. 1, 2, 3, 4. The values of the parameters are α=10, β=28 and γ=8/3. The intervals used in the states of the system are −40≤x≤40, −40≤y≤40, and −40≤z≤40. The system exhibits chaotic behavior for the selected parameters and intervals.

Fig. 1
figure 1

The plot of Lorenz system along xy axis, for α=10, β=28, γ=8/3

Full size image
Fig. 2
figure 2

The plot of Lorenz systems for x along t-axis for α=10, β=28, γ=8/3

Full size image
Fig. 3
figure 3

Plot of Lorenz systems for y along t-axis for α=10, β=28, γ=8/3

Full size image
Fig. 4
figure 4

Plot of Lorenz systems for z along t-axis for α=10, β=28, γ=8/3

Full size image

2.1 Chaos based algorithm for S-box design

The algorithm of the chaos based S-box design is presented in Fig. 5. This algorithm is divided into two parts: diffusion and substitution. The first two steps describe the diffusion process, whereas the remaining portion depicts the realization of the S-box.

Fig. 5
figure 5

Flow chart of proposed chaotic S-box

Full size image

Algorithm

  1. A.1:

    System trajectories are obtained by solving the Lorenz system with selected initial conditions and chaotic parameter values employing the four-step Runge–Kutta method.

  2. A.2:

    Selected trajectory is sampled at every (number of data/256) step.

  3. A.3:

    Use the linear functional transformation [20]. Outputs corresponding to each sample is coded starting from 0 to 255.

  4. A.4:

    We select the distinct first 256 values from these chaotic random sequences to generate chaos-based S-box.

In the diffusion process, the system trajectories are evaluated by the solution of the Lorenz chaotic system. The number of orbits obtained depends on the dimension of the system, and is selected as a design parameter. The initial conditions of the system are selected at this stage. The Runge–Kutta method is applied to generate the chaotic parameters. A trajectory is selected and sampled at 8-bit resolution. The objective is to construct an S-box capable of substituting 8 bits of data; as a result, 256 samples are generated. Thus, coded samples used in the S-box range from 0 to 255. The entries in the S-box are populated by using the codes generated by the samples obtained from the selected system trajectory. A coding table is used to map the sampled values from the output of the Lorenz system to an entry in S-box (see Table 1).

Table 1 Algebraic structure of S-box in the form of 16 by 16 matrix
Full size table

In this work, the system trajectory is generated for 1,000 data samples while keeping the values of initial conditions as x=1, y=0, z=0. In order to ignore the transients of the chaotic system, first 1,000 samples are ignored. The system trajectory along xy-axes is shown in Fig. 1. The resulting S-box based on the chaotic system is presented in Table 1.

3 Analysis of the proposed chaotic S-boxes

It is vital to assess the performance of the proposed S-box in an effort to establish its usefulness in encryption. Several properties are listed in the literature, which indicate the strength of any S-box [1]. Among some of the prevailing methods used by cryptanalysis include differential analysis used for the analysis of DES [8] and information theoretic analysis with excerpts from the original concepts presented by Shannon [37]. In this work, we analyze the proposed S-box for five different properties, which include nonlinearity, strict avalanche criterion (SAC), bit independence criterion (BIC), linear approximation probability (LP), and differential approximation probability (DP). In order to determine the strength of the proposed S-box, the results of these analyses are prudently analyzed. In the following subsections, we present the details of these analyses and discuss the results pertaining to the strength the S-box under analysis.

3.1 Nonlinearity

In the nonlinearity analysis, the constituent Boolean functions are assessed with reference to the behavior of the input/output bit patterns. The set of all affine functions is used to compare the distance from the given Boolean function. Once the initial distance is determined, the bits in the truth table of the Boolean function are modified to approximate to the closest affine function. The number of modifications required to reach the closest affine functions bears useful characteristics in determining the nonlinearity of the transformation used in the encryption process. The measure of nonlinearity is bounded by [23],

$$ N_{g} = 2^{m - 1} \bigl( 1 - 2^{ - m} \max \bigl \vert S_{(g)}(w) \bigr \vert \bigr) . $$
(2)

The Walsh spectrum, S (g)(w) is defined as

$$ S_{(g)}(w) = \sum_{w \in \mathbb{F}_{2^{m}}} ( - 1)^{g(x) \otimes \chi .w} . $$
(3)

The results of the non-linearity analysis are shown in Table 2.

Table 2 The results of nonlinearity analysis of different S-boxes
Full size table

3.2 Strict Avalanche Criterion Analytically

In strict avalanche criterion, the behavior of the output bits is analyzed that results from a change at the input bit applied to the nonlinear S-box transformation. It is desired that almost half of the output bits change their value or simply toggle their state in response to a single change at the input. The change in the output bit patterns cause a series of variations in the entire substitution–permutation network (S–P network), and thus causes an avalanche effect. The extent of these changes assists in determining the resistance to cryptanalysis and the strength of the cipher. The results of the strict avalanche criterion is shown in Table 3. A comparison of the SAC for different S-boxes is listed in Table 4.

Table 3 The results of Strict avalanche criterion for proposed S-box
Full size table
Table 4 Comparison of SAC analysis of proposed chaotic S-boxes with other S-boxes
Full size table
Table 5 The nonlinearity of BIC of proposed S-box
Full size table
Table 6 The dependent matrix in BIC of the proposed S-box
Full size table

3.3 Bit Independent Criterion

The bit independence criterion (BIC) also relies on the changes at the input bits and the properties exhibited by the independence behavior of pairwise input/output variables of avalanche vectors [2325]. This criterion is analyzed by modifying single input bit from the plaintext.

3.4 Linear approximation probability

The imbalance of an event between input and output bits is quantified by the linear approximation probability test [34, 35]. In this method, the parity of the input bits given by a certain mask Ωk and the parity of the output bits Ωl are used to determine the linear probability of bits given as

$$ \Im_{P} = \mathop{\max} \limits _{\varOmega k, \varOmega l \ne 0} \biggl \vert \frac{\# \{ k/k \bullet \varOmega k = S(k) \bullet \varOmega l\}}{2^{m}} - \frac{1}{2} \biggr \vert , $$
(4)

where Ωk and Ωl are the input/output masks used in determining the linear approximation probability. The total number of elements is given by 2m and K is the set of all possible inputs.

3.5 Differential approximation probability

It is desirable that the nonlinear transformation exhibits differential uniformity. In order to ensure the uniform mapping, a differential at the input, given as Δk i , uniquely maps to an output differential Δl i for all i. The differential approximation probability is mathematically defined as

(5)

The proposed chaotic S-box is evaluated by differential approximation probability test. The results show that the performance of the new chaotic S-box is comparable to some of the commonly used S-boxes.

4 Results and discussions

The comparison of the strong encryption capabilities shows that the performance of the proposed S-box is comparable or superior to some prevailing S-boxes used in the area of cryptography. The nonlinearity analysis depicts that the properties are comparable to the S-boxes use as a benchmark in this work. Table 2 presents a list of results of nonlinearity analysis. The result of SAC is very close to 0.5 which assures the acceptability of this S-box to encryption application (see Table 4). In Table 7, a comparison of BIC is presented between the proposed S-box and AES, APA, Gray, and Prime S-boxes [2026]. The results are in agreement with the desired range. In further analysis, the linear approximation analysis shows that the new S-box conforms to the range of values specified for the good nonlinear components used in encryption applications. The results are shown in Table 8. Finally, the differential approximation probability analysis is presented in Table 9 and the comparison with already existing S-boxes are shown in Table 10. In this test, it is observed that the performance of the chaotic S-box is comparable to the existing well-known S-boxes used as benchmarks in this paper.

Table 7 BIC of SAC analysis of S-boxes
Full size table
Table 8 Linear approximation analysis of S-boxes
Full size table
Table 9 The differential approximation probability of proposed chaotic S-box
Full size table
Table 10 Comparison of differential approximation probability of proposed chaotic S-box with existing S-boxes
Full size table

5 Conclusion

In this paper, we present a method to construct a new S-box with the application of the Lorenz system of differential equations. In order to evaluate the performance of the proposed S-box, a comparison is presented by the application of strict avalanche criterion, linear approximation probability, differential approximation probability, bit independent criterion, and nonlinearity analysis. The existing S-boxes, which are used for the purpose of benchmarking, include AES, APA, Gray, and Prime S-boxes. The results yield that the new S-box have desirable properties suitable for encryption applications for secure communications.