Substitution boxes are the only nonlinear component of the symmetric key cryptography and play a key role in the cryptosystem. In block ciphers, the S-boxes create confusion and add valuable strength. The majority of the substitution boxes algorithms focus on bijective Boolean functions and primitive irreducible polynomial that generates the Galois field. For binary field F2, there are exactly 16 primitive irreducible polynomials of degree 8 and it prompts us to construct 16 Galois field extensions of order 256. Conventionally, construction of affine power affine S-box is based on Galois field of order 256, depending on a single degree primitive irreducible polynomial over . In this manuscript, we study affine power affine S-boxes for all the distinct degree primitive irreducible polynomials over to propose 16 different substitution boxes. To perform this idea, we introduce 16 affine power affine transformations and, for fixed parameters, we obtained 16 distinct S-boxes. Here, we thoroughly study S-boxes with all possible primitive irreducible polynomials and their algebraic properties. All of these boxes are evaluated with the help of nonlinearity test, strict avalanche criterion, bit independent criterion, and linear and differential approximation probability analyses to measure the algebraic and statistical strength of the proposed substitution boxes. Majority logic criterion results indicate that the proposed substitution boxes are well suited for the techniques of secure communication.

1. Introduction

The exchange of digital data through the Internet has revolutionized the communication parameters over the years. But this rapid communication also provides opportunities to access this digital data illegally. For this reason, the security of this content on the Internet has become a serious challenge for the researchers of different fields. To counter the emerging challenges of security, cryptography and steganography are used to hide the secret information whereas watermarking is used for copyright protection. In this manuscript, we discuss cryptography and relevant aspects of this field. For convenience, cryptography is divided into two types named symmetric key cryptography and asymmetric key cryptography. In symmetric key cryptography, two parties share secret information and keys during encryption and decryption procedures. The private key is shared by both sender and receiver. In addition to this, block ciphers and stream ciphers are two main branches of symmetric key cryptography. In 1949, Shannon gave the idea of block cipher and some examples of block ciphers are Advanced Encryption Standard (AES) [1], Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), and many more [2, 3]. In AES, there is availability of three different key sizes such as 128, 192, and 256 bits, whereas in DES, the only available key size is 56 bits. The AES has 10, 12, and 14 rounds for key sizes of 128, 192, and 256 bits, respectively. All these rounds have four basic steps, that is, subbyte, shift row, mix column, and add round key. Subbyte is the step which substitutes the plaintext data with substitution box (S-box). This S-box is the only nonlinear part of block cipher used in different well-known cryptosystems. It is used to create confusion to make plaintext data obscure for any attacker and hence S-box is an integral part of any cryptosystem. S-box is a function which has input and output from the Galois field. The Galois field is a finite field having order 256 and denoted by .

1.1. Related Work

S-box is used to create confusion as observed in AES, International Data Encryption Algorithm (IDEA), DES, and many more cryptosystems [4]. It is an established fact that the strength of block cipher depends on the standard and quality of S-box. Due to the necessary immersion of S-box to generate nonlinearity, intricacy persuades different researchers to design strong S-boxes to enhance the security level of cryptosystems. Among different available methods, the algebraic structure-based construction of S-boxes has much more attention. These S-boxes have strong cryptographic features and are robust against linear and differential cryptanalysis.

In the literature, different structural advancements are viewed to improve the quality of S-boxes. The algebraic complexity of AES S-box has been improved with the extension of this S-box, that is, affine power affine (APA) [5]. Furthermore, the symmetric group S8 has also been applied to AES S-box to improve the quality and numbers of S-boxes [6]. Similarly, the application of transformation using binary gray codes on AES S-box gives Gray S-box [7]. In [8], S-boxes are constructed by using the projective general linear group (PGL). Moreover, the construction scheme of chaotic S-boxes using DNA sequence and chaotic Chen system is given in [9, 10]. Different analytical, algebraic, and chaos-based techniques for the construction of S-boxes are given in [1116]. Conventionally, AES uses a polynomial of 8 terms which have all the required properties and improves the security for AES. But the Gray S-box has a -term polynomial. Moreover, residue prime, Xyi, and Skipjack S-boxes are frequently used for the encryption and decryption schemes [17, 18].

It is assumed that the model of Boolean functions and primitive irreducible polynomial has an impact on the strength of S-box. In [19], different primitive irreducible polynomials have been used to identify the effect of primitive irreducible polynomial. To investigate this fact, we want to study all the primitive irreducible polynomials to understand whether there is an impact of irreducible polynomial or not. Archetypally in the synthesis of an S-box, the numbers and in affine transformation belong to Galois field . As the polynomial ring has 16 primitive irreducible polynomials of degree 8, it shows that only 16 opportunities are available for constructing Galois fields . In this paper, we have constructed 16 different robust S-boxes over the elements of these 16 irreducible polynomials. Firstly, we define 16 affine power affine transformations on these different Galois fields which can be given as ; here, for values, we would be able to get 16 distinct S-boxes.

1.2. Motivation

Due to the role of S-boxes in cryptosystems, it is essential to explore all of its aspects. The motivation behind this work is to study all primitive irreducible polynomials and their role in the construction of S-boxes.(1)The Mobius transformation used in a different construction of S-boxes has certain limitations and restrictions in its structure [7]. For example, the condition on the parameters, i.e., squeezes the remaining cases. Hence, there is a need for any other transformation.(2)There are 16 primitive irreducible polynomials in the principal ideal domain whose impact was not studied yet regarding their impression on analyses of S-boxes.(3)By exploring all primitive irreducible polynomials, we have a better opportunity to obtain the cryptographically strong cryptosystems.

1.3. Our Contribution

In this manuscript, we studied all binary degree 8 primitive irreducible polynomials for the construction of S-boxes. The quality of the proposed work can be seen from the different security analyses and resistance against malicious attacks. This whole study can be summarized as follows:(1)We constructed S-boxes associated with the 16 binary degree 8 primitive irreducible polynomials.(2)The APA transformation is used in this work, which is bijective and has no restrictions on the parameters.(3)To evaluate the strength of the proposed S-boxes, we have performed different analyses along with differential cryptanalysis. The outcomes of these analyses are compared with the well-known S-boxes.

The remaining part of the paper is planned as follows: Section 2 presents the preliminaries and construction scheme of the proposed S-boxes. In Section 3, algebraic and statistical analyses are calculated in detail. Section 4 presents definitions of the balanced Boolean function. Section 5 concludes the paper.

2. Primitive Irreducible Polynomials of Degree 8 and GF (28)

2.1. The Galois Fields

We summarize here some well-known facts from the theory of rings and fields. Let be a commutative ring with identity. A nonempty subset of is called an ideal of if is an additive subgroup of and for every , where . If, furthermore, there does not exist a proper ideal of properly containing , then we say that is a maximal ideal of Besides; is said to be a field if each of its nonzero elements has a must inverse in . If is a field of prime characteristic , then is an extension of the prime field . A polynomial is said to be irreducible if it cannot be factored in into two polynomials of strictly smaller degrees. The principal ideal,generated by a monic irreducible polynomial is a maximal ideal in . If is of degree , then the quotient ring,is an extension field of of degree consisting of elements. This field is called a Galois field and is denoted by and is said to be the field extension of defined by the irreducible polynomial . A representative of each element of can be chosen to be of degree strictly less than . If is a root of in an algebraic closure of , then is isomorphic to the field:and so we can identify the two fields. Furthermore, if is a generator of the cyclic finite multiplicative group of nonzero elements of , then we say that is primitive.

The Galois field is particularly of specific interest in cryptographic applications, especially in S-boxes constructions. For our cryptographic purposes, we are interested in such a field whose defining irreducible polynomial is “primitive” (of degree 8, of course). It is well known that there are such polynomials over , for example, , which we list in Table 1. In the following section, we construct 16 S-boxes out of the Galois fields corresponding to the aforementioned sixteen primitive irreducible polynomials.

2.2. The Proposed S-Box Construction Method

For each , consider the affine power affine map (APA):where and are two affine maps with , and

Among other things, the map , which is obviously bijective, was introduced by [5] to produce confusion in the scheme. For our S-boxes, we choose , and and Figure 1 demonstrates the flow chart of the construction of the 16 different S-boxes. Moreover, the construction of S-boxes in correspondence to polynomial 1 (P1) to polynomial 16 (P16) is shown in Figure 1. All the S-boxes are given in Tables 217, corresponding to P1 to P16. These tables are before the conclusion section.

In the proposed work, we present an APA S-box corresponding to each where the APA map gives the lookup tables. We, then, show that these S-boxes have strong cryptographic properties certified with the help of analyses such as nonlinearity, strict avalanche criterion (SAC), bit independent criterion (BIC), linear approximation probability (LP), and differential approximation probability (DP) [20].

3. Security Analysis

In this section, we present some algebraic and statistical analyses of S-box followed [21]. Such analyses indicate the strength of all the proposed S-boxes and give an idea for their application in image encryption and other modes of secure communication.

3.1. Nonlinearity

Nonlinearity analysis of a function is the minimum hamming distance between the Boolean function : and its all n-bit affine functions. In the truth table of Boolean function , the nonlinearity of represents the degree of dissimilarity between and all affine function. If the function has high minimum hamming distance, it indicates it has high nonlinearity. It is an established fact that high nonlinearity provides resistance to any kind of linear approximation attacks [22, 23]. The calculated upper bound of nonlinearity is so that, for, the optimal value of nonlinearity is. Table 18 shows the nonlinearity of 16 S-boxes corresponding to all primitive irreducible polynomials. From this table, it can be seen that the value of nonlinearity has not been affected due to background irreducible polynomial.

3.2. Strict Avalanche Criteria

In [24], Webster and Tavares introduced the strict avalanche criteria (SAC) on the concepts of completeness and avalanche. If a single input bit changes, the output bits change with almost 0.5 probability. It helps to show that the resulting output vector is highly random, and no single pattern can be predictable by minor variation in the input vector [25]. By seeing the performance indexes of S-boxes, the proposed S-boxes successfully satisfy SAC. Table 19 depicts the value of SAC for all the proposed 16 S-boxes. It shows that the maximum value of SAC is 0.562500 for the first 9 S-boxes including 11th, 14th, and 16th S-boxes. Similarly, the minimum value of SAC is 0.453125 for the first 10 S-boxes including 12th and 14th S-boxes. The average value of SAC lies in the interval [0.4856, 0.509766].

3.3. Bit Independent Criterion

Another algebraic criterion (BIC) is used to evaluate the strength of S-box, which is presented by Detombe and Tavares in [26]. In Table 14, the outcomes of BIC to SAC and BIC for the proposed S-boxes are given. The minimum BIC to SAC value is 0.47070 for 12th S-box and the highest minimum value is 0.49219 for 2nd S-box. The average BIC to SAC lies between 0.49679 and 0.50739. Similarly, the square deviation values for all the proposed S-boxes are given in Table 20. The maximum and average value of BIC is 112 for all S-boxes. It is depicted that the proposed S-boxes give the nearest best value of BIC analyses.

3.4. Linear Approximation Probability

Matsui defines the extreme value of the imbalance of an event as the linear approximation probability. It is notable that the parity of the input bits that is, the mask , is equal to the parity of the output bits, i.e., the mask . The linear approximation probability of a given S-box is defined in the following equation:where and are input and output masks, respectively, and the set represents the set of all possible inputs; is the number of elements of. The value of linear approximation indicates the strength of S-box against various linear attacks. In Table 21, the maximum count and the LP value for all proposed S-boxes is 144 and 0.0625. These values of LP of the proposed S-boxes are appropriate against linear attacks.

3.5. Differential Approximation Probability

The degree of differential uniformity is known as differential approximation probability (DPs) of S-box. Mathematically, it can be given as

Briefly, it can be explained as follows: an input differential must be mapped to an output differential uniquely for each i. Here, represents all the possible input values and the number of its elements is given by . Table 21 depicts the results of DP, which include the maximum and DP value.

Moreover, Table 22 represents the values of proposed S-boxes along with AES, Skipjack, Xyi, APA, Gray, and residue prime S-boxes.

3.6. Statistical Analyses

To evaluate the visual strength of the substitution with the help of the proposed S-boxes, various statistical analyses are made on the host and substituted images. In this proposed work, statistical analyses like homogeneity, entropy, contrast, energy, and correlation are used to evaluate the substitution ability of the 16 proposed S-boxes. These analyses are given aswhere give the row and column locations of an image. The pixel value at kth row and lth column is represented by and is the probability of the image pixel. In equation (8), are mean and standard deviation, respectively.

Correlation analysis helps to find the similarity between the host and substituted image. The correlation analysis provides the range which indicates the perfect, negative, and positive correlation. This is interval for correlation and value of 1 indicates the perfect correlation.

The randomness of the digital image can be calculated with the help of entropy. The higher value of entropy from the interval represents the higher amount of randomness in a digital image. For any viewer, it is only possible with the help of contrast analysis to intensely recognize the objects in the texture of an image. With the help of contrast analyses, one can observe the maximum distinction in image pixels. The range of the contrast can be given by. For constant image, the value of contrast is zero. The goal of finding close distribution between the matrix and its diagonal is obtained in homogeneity analysis. The matrix used in this analysis is named gray level cooccurrence matrix (GLCM) and the range of homogeneity lies between 0 and 1. The range for energy analysis also lies in the interval [0, 1]. The results of Table 23 are obtained by applying these analyses on the original and encrypted images. For all the proposed 16 S-boxes, we calculated the values of the statistical analyses.

A 256 × 256 JPEG image of Lena is considered for MLC analysis. Figure 2 shows the results of image encryption with 16 proposed S-boxes.

4. Balanced Boolean Function

4.1. Balance Property

The imbalance of a Boolean function weak system against linear cryptanalysis highlights the importance of balance property. The balance property indicates that the higher the magnitude of a function’s imbalance, the more the chances of a high probability linear approximation. A Boolean function is balanced. If the cardinality or Hamming weight of these two functions, that is, is the same, then it is named the balance function.

4.2. Balance Property of the Proposed S-Box

All the Boolean functions involved in proposed S-boxes are balanced just like the Boolean functions of AES, , AES and other well-known S-boxes. The nonlinearity of the proposed S-boxes is equal to 112.

5. Conclusion

In this paper, a scheme for the synthesis of S-boxes over 16 isomorphic Galois fields is presented. Here, we fixed all the parameters of affine power affine transformation, that is, for 16 S-boxes. We have 16 primitive irreducible polynomials of degree 8 and they prompt us to construct 16 Galois field extensions of order 256. By using elements of the Galois field, corresponding to each different pair of the parameters, one can construct different S-boxes. These S-boxes obtained as a result of APA transformation which is bijective, pass nonlinearity test, and out bit independent criterion (BIC) which demonstrates that the existing S-boxes have high confusion producing capability. The evaluation of constructed S-boxes is done with some algebraic and statistical analyses. The results of these analyses highlight the characteristics of all the proposed S-boxes and later these S-boxes are equated with some of the existing S-boxes. In addition to this, we also ensured that all these constructed S-boxes are balanced that guarantee the strength of our S-boxes. Hence, we have concluded that a large class of S-boxes can be obtained by varying parameters of affine power affine transformations. These S-boxes can be used for secure communication.

Data Availability

The data that support the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest

There are no conflicts of interest among the authors.


The authors extend their appreciation to the Deanship of Scientific Research at King Khalid University for funding this work through research groups program under Grant no. R.G.P. 1/234/41.