Next Article in Journal
An Out-of-Distribution Generalization Framework Based on Variational Backdoor Adjustment
Previous Article in Journal
A Novel Approach to Modeling Incommensurate Fractional Order Systems Using Fractional Neural Networks
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

A Novel Dynamic S-Box Generation Scheme Based on Quantum Random Walks Controlled by a Hyper-Chaotic Map

1
School of Electronic Information and Electrical Engineering, Tianshui Normal University, Tianshui 741000, China
2
School of Mathematics and Statistics, Tianshui Normal University, Tianshui 741000, China
3
College of Mathematics and Physics, Wenzhou University, Wenzhou 325035, China
*
Author to whom correspondence should be addressed.
Mathematics 2024, 12(1), 84; https://doi.org/10.3390/math12010084
Submission received: 29 November 2023 / Revised: 18 December 2023 / Accepted: 21 December 2023 / Published: 26 December 2023

Abstract

:
For many years, chaotic maps have been widely used in the design of various algorithms in cryptographic systems. In this paper, a new model (compound chaotic system) of quantum random walks controlled by a hyper-chaotic map is constructed and a novel scheme for constructing a dynamic S-Box based on the new model is proposed. Through aperiodic evaluation and statistical complexity measurement, it is shown that the compound chaotic system has features such as complex structure and stronger randomness than classical chaotic systems. Based on the chaotic sequence generated by the composite system, we design a dynamic S-Box generation mechanism. The mechanism can quickly generate high-security S-Boxes. Then, an example of randomly generating S-Boxes is given alongside an analytical evaluation of S-Box standard performance criteria such as bijection, boomerang uniformity, bit independence, nonlinearity, linear approximate probability, strict avalanche effect, differential uniformity, the and generalized majority logic criterion. The evaluation results confirm that the performance of the S-Box is excellent. Thus, the proposed dynamic S-Box construction technique can be used to generate cryptographically strong substitution-boxes in practical information security systems.

1. Introduction

In recent years, with the rapid development of network communication technology, network security has become an increasingly important research field. Accordingly, information security technology, which is used for data transmission security, has attracted widespread attention. Scholars have proposed various secure communication mechanisms, including a large number of data encryption algorithms. The user data is converted to cipher text by encryption technology before data transmission. This means that the input data block (plaintext) is converted into insignificant output block (ciphertext) and the ciphertext is useless to an attacker. In symmetric cryptographic systems, block encryption algorithms are widely used as they are easy to implement and provide the required cipher strength [1]. In block cipher systems, as the only nonlinear component, the substitution box (abbreviated as S-Box) is an important nonlinear component in many block cipher systems such as the Data Encryption Standard (DES) and the Advanced Encryption Standard (AES). In these block cipher systems, that use of an S-Box provides a complex relationship between plaintext and ciphertext and plays a scrambling effect (chaotic effect). The security of the S-Box determines the security strength of the whole block cipher system. Thus, it is meaningful to study how to quickly generate high security S-Boxes and this has attracted more and more attention. Usually, a designer must evaluate the strength of respective S-Boxes in block cipher system. For S-Box security, there are some typical evaluation criteria, such as bijection, bit independence, nonlinearity, linear approximate probability, and strict avalanche effect. Some new attack technologies against S-Boxes have emerged with the development of new theories and technologies, such as the boomerang attack [2,3]. The authors of [4] summarize the many security attributes (including some new tests) of S-Boxes. A strong S-Box can resist cryptanalysis-based attacks if it can pass standard benchmarks tests. Thus, determining how to build a strong S-Box has received intensive attention.
However, the S-Box that is used in block cipher systems such as AES is a fixed component. That is, a block cipher has a static S-Box and employs the unchanged S-Box in each round. A static S-Box allows a third party to check the characteristics of the S-Box, which will lead to the attacker discovering its defects and eventually having the opportunity to cryptanalyze the ciphertext generated by the block cipher [5]. If high-quality S-Boxes (based on a user key) can be dynamically generated and applied, the encryption strength of the cryptosystem would be more able to resist various cryptanalytical attacks. A dynamically generated S-Box mechanism can be used to improve classic block cipher algorithms and design new block cipher algorithms. In recent years, researchers have explored elements of the concept of dynamic S-Box design, such as S-Box generation efficiency and randomness. In an actual cryptographic system, the S-Box is not only required to be safe but also the time and space efficiency of the algorithm for generating the S-Box must be high. Researchers have sought alternative S-Box design approaches. There are some approaches that are frequently applied to the construction of S-Boxes, such as the analytical approach [6], algebraic techniques [7], triangle groups [8], and chaotic maps [9,10,11]. Since chaos-based cryptography is considered highly secure, robust, and computationally powerful, and is complex enough to make cryptanalysis harder, chaos-based design emerges as the best method from the above approaches [11].
Chaotic dynamical systems have special nonlinear dynamic characteristics such as the sensitivity to initial conditions, unpredictability of long-term behavior, intrinsic randomness, and the ergodic nature of the processes. These characteristics of chaotic systems are equivalent to diffusion and confusion in traditional cryptographic systems [12]. Chaos cryptography is an important application field of chaos theory. For cryptosystems, there have many chaos-based algorithms proposed in recent years such as chaos-based image encryption, which was utilized in studies such as “Color image encryption using orthogonal Latin squares and a new 2D chaotic system” [13]; “Exploiting semi-tensor product compressed sensing and hybrid cloud for secure medical image transmission” [14]; and “A parallel image encryption algorithm using intrabitplane scrambling” [15]. For the development of modern cryptographic systems, chaotic maps have emerged as an alternative chaotic typology, and as part of this work, researchers have used chaos in the design of S-Boxes. An S-Box is essentially a random placement of n × n numbers from 0 to n × n 1 . Chaotic systems with complex dynamic behaviors are able to generate high-quality pseudo random numbers. These pseudo random numbers can be used to design S-Box generation schemes. In the past few years, chaotic systems have been widely used in the design of S-Boxes due to the useful properties of chaotic maps, and analysis shows that an S-Box based on chaos has strong resistance to different attacks and higher space–time efficiency [16]. Scholars such as Ye and Zhimao [10], Masood et al. [11], Zheng and Zeng [17], Bin Faheem et al. [18], Zhu et al. [19], Lu et al. [20] have proposed many S-Box-based cryptographic systems that include effective S-Boxes that possess favorable characteristics such as bit independence, nonlinearity, etc.
However, problems such as unpredictability and short cycle may occur when implementing chaotic systems in digital devices (digital chaos) [21,22]. This will result in successful attacks on a cryptographic systems based on the original digital chaotic maps. Many cryptographic systems have serious security problems due to improper selection and application of chaotic maps [23]. Several researchers are working to rid chaotic maps of their weak points and further improve their chaotic behavior and randomness. Modified chaotic maps can be used to enhance the security characteristics of various encryption schemes. It is necessary to combat the degradation of chaotic dynamic performance and further optimize chaos. Lu et al. [20], proposed 8 × 8 S-Boxes based on a improved compound chaotic map (tent-logistic system) that has a large key space, better chaotic behavior, and chaos at a large scale. In another study [24], a novel method of constructing S-Boxes is proposed that can generate strong S-Boxes through the use of TSS maps and algebraic Mobius transformations.
Inspired by the above discussion, we aim to search for a compound chaotic map with complex dynamic behavior and develop a new S-Box generation algorithm that can improve the linear probability (LP) and other characteristics of S-Boxes and enhance the robustness of cryptographic systems to linear analysis attacks, differential cryptanalysis attacks and boomerang attacks. The innovations of this work include the following:
1.
A new compound chaotic system based on a two-dimensional hyper-chaotic map and quantum random walks is proposed, which has a larger key space and better chaotic performance and is more suitable for practical applications;
2.
A simple and efficient dynamic S-Box generation algorithm is proposed;
3.
A comprehensive and detailed security analysis of the generated S-Box is made to evaluate it against cryptographic landscapes. The analytical results demonstrate that the S-Box can well meet multiple cryptographic criteria.
The rest of this paper is organized as follows. Section 2 proposes a new compound chaotic system based on a two-dimensional hyper-chaotic map and quantum random walks. Section 3 describes an efficient dynamic S-Box generation algorithm based on the compound chaotic system. In Section 4, we show safety analyses of the proposed S-Box generated by the algorithm and make a comparison with some recent S-Boxes from the literature.

2. A Compound Chaotic System Based on a Two-Dimensional Hyper-Chaotic Map and Quantum Random Walks

In this section, we select a known two-dimensional hyper-chaotic map whose output is used as the control source of quantum random walks on the ring graph. Thus, a compound chaotic system with a complex structure that is sensitive to initial conditions and can generate uniform sequences is obtained.

2.1. Two-Dimensional Hyper-Chaotic Map Controlling Quantum Random Walks

A hyper-chaotic system has at least two expanding directions due to a minimum of two positive LEs [25]. The expression of a two-dimensional hyper-chaotic map is as follows [26] (p. 49):
u n + 1 = k 11 + k 12 u n + k 13 u n 2 + k 14 v n + k 15 v n 2 + k 16 u n v n , v n + 1 = k 21 + k 22 u n + k 23 u n 2 + k 24 v n + k 25 v n 2 + k 26 u n v n .
We simplify Expression (1) to make most of the parameter coefficients zero, i.e., k 11 = k 12 = k 13 = k 16 = k 21 = k 23 = k 25 = k 26 = 0 . Finally, we obtain a simple two-dimensional hyper-chaotic map:
u n + 1 = k 14 v n + k 15 v n 2 , v n + 1 = k 22 u n + k 24 v n ,
where k 14 = 1.55 , k 15 = 1.55 , k 24 = 0.1 and k 22 is the control parameter. A fixed point of System (2) is O = 0 , 0 , and the norm can be defined as follows:
u , v = u 2 + v 2 .
Let h = ( h 1 , h 2 ) , where
h 1 u , v = 1.55 v 2 + 1.55 v , h 2 u , v = k 22 u + 0.1 v .
h is continuously differentiable on R 2 , and the Jacobian matrix is
D h ( u , v ) = 0 3.1 v + 1.55 k 22 0.1 .
For the fixed point O = 0 , 0 T , as k 22 < 1.003558730 and k 22 > 1.003558730 , Map (2) may be chaotic if the absolute value of the eigenvalues of the matrix D h O is greater than 1. The randomness of the hyper-chaotic Map (2) will be investigated by trajectory diagram, Lyapunov exponent, and bifurcation diagrams with control parameters.

2.1.1. Trajectory Diagram

For a sequence generated by a dynamical system, in different stage from the initial state, values can be presented by using the trajectory diagram. If values occupy the entire phase space and occupy this space by choosing the correct initial conditions for a dynamical system, it can be concluded that the system appears chaotic if the correct initial conditions are chosen. The trajectory of Map (2) with the initial u 0 , v 0 = 0.1 , 0.1 is shown in Figure 1. In Figure 1, the effect of different k 22 control parameter values is assessed according to the values generated by the hyper-chaotic map. As shown in Figure 1, the occupancy of the phase space in the trajectory increases as k 22 grows increasingly negative.

2.1.2. Lyapunov Exponents

The Lyapunov exponents (LEs) are one of the most important criteria for checking the randomness of a map and it sensitivity to the initial conditions. If the motion is chaotic, the Lyapunov exponent will be positive. Let K a r e a = 1.165 , 1.105 [ 1.137 , 1.135 ] [ 1.121 , 1.117 ] [ 1.091 , 1.088 ] . Figure 2(1–3) show the Lyapunov exponents of the hyper-chaotic map, in which sub-figures (2) is refined using the subdivision method by selecting sub intervals. From Figure 2(1,2), it can be seen that the Lyapunov exponent is positive as k 22 K a r e a .

2.1.3. Bifurcation Diagram

As a visual tool, a bifurcation diagram displays the process of period-doubling through the change of nonlinear dynamical system parameters. A chaotic system can achieve the best chaotic state by adjustment of the control parameters. That is, filling the phase space can be considered as the optimal value of the control parameters. Bifurcation diagrams of the system with changing k 22 parameter are shown in Figure 2(3,4). It can be seen from Figure 2(3,4) that the filling space of the variable becomes greatest as k 22 K a r e a .

2.2. A Scheme for a Sequence Generated by Quantum Random Walks on a Cycle Graph

G is a n-cycle graph and the degree of every node is 2. The quantum random walks on the cycle graph G contains two sub systems: Walker and Coin. Walker can be denoted as a position in an n-dimensional Hilbert space H p and the basis state is i , i 0 , 1 , 2 , , n that span H p . Any position of Walker can be represented as i k i i , and i k i 2 = 1 . Coin is a sub quantum system in two-dimensional dimensional Hilbert space H c , and the canonical basis state is 0 , 1 . The state of Coin can be expressed as a 0 + b 1 , where a 2 + b 2 = 1 . The joint state of Walker and Coin resides in H t = H p H c , where p and c correspond to Walker and Coin, respectively.
The coin operator C ^ has been extensively employed [27]:
C ^ = cos θ 0 0 + sin θ 0 1 + sin θ 1 0 cos θ 1 1 .
The Walker shift operator has the following form:
S ^ = i i + f o r w a r d m o d n i 0 0 + i b a c k m o d n i 1 1 ,
where f o r w a r d means that Walker takes steps to the right when the accompanying coin state is 0 , and b a c k means steps to left when the coin state is 1 . Each operator on the total Hilbert space can be expressed as
U ^ = S ^ C ^ I .
The initial state of the total system is φ 0 , after t steps, the state is
φ t = U ^ t φ 0 = S ^ C ^ I t φ 0 .
The probability of Walker at position υ after t steps is
P t υ | φ 0 = υ , 1 | φ t 2 + υ , 0 | φ t 2 ,
and the resulting probability distribution is as follows:
P t = P t υ 1 | φ 0 , P t υ 2 | φ 0 , P t υ n | φ 0 .
The limiting distribution of Walker at position υ is
lim T P ¯ T υ | φ 0 = lim T 1 T t = 0 T 1 P t υ | φ 0 .
According to Theorem 3.6 and Theorem 4.1 in the study [28], Equation (7) is close to a uniform distribution as n is odd. It can be seen from Equation (5) that there is a nonlinear map between initial state φ 0 = i 0 , c 0 and the resulting probability distribution P t that is highly sensitive to the initial conditions [29]. According to Equations (4) and (5), a uniformly distributed sequence can be generated. Following this, the steps of a sequence generation scheme using quantum random walks on a ring graph are as shown in Algorithm 1.
Algorithm 1 Random number generation algorithm based on ring graph
Input: θ , f o r w a r d , b a c k , n , i 0 , c 0 , r
Output: A l l O u t p u t S e q
(1) Init: φ 0 = i 0 , c 0 ,
C ^ = sin θ 0 1 cos θ 1 1 + cos θ 0 0 + sin θ 1 0
S ^ = i i + f o r w a r d m o d n i 0 0 + i b a c k m o d n i 1 1
Φ = φ n = U ^ n φ 0 = S ^ C ^ I n φ 0 ,
T m a x = n , A l l O u t p u t S e q = ;
(2) f o r T = 1 : T m a x
Φ = U ^ r Φ = S ^ C ^ I r Φ ,
f o r j = 1 : n
p j = j , 0 | Φ 2 + j , 1 | Φ 2
e n d f o r
O u t p u t S e q = p 1 , p 2 , , p n ,
A l l O u t p u t S e q + = O u t p u t S e q ,
e n d f o r .
(3) r e t u r n A l l O u t p u t S e q

2.3. A New Compound Chaotic System Based on Quantum Random Walks Controlled by a Hyper-Chaotic Map

In this section, a new compound chaotic system will be constructed by using quantum random walks and a two-dimensional hyper-chaotic map. Let Q · be Algorithm 1, which is essentially a pseudo random number generator. However, Q · can only generate n × n random numbers at a time. To generate new random numbers, there are two options. One is to continue to perform step (2) of Algorithm 1, and the other is to modify the relevant parameters except n, c 0 , and i 0 before executing step (2) of Algorithm 1. Obviously, the second method is more flexible. If a two-dimensional system is used to adjust the corresponding parameters, the key space can be enlarged on the basis of increasing the complexity. Thus, the output u , v of hyper-chaotic map (2) is used to construct the parameter θ of Q · . Let the normalization function be:
n o r m x = x x m i n x m a x x m i n ,
and the parameters θ , f o r w a r d are constructed as follows:
θ = 1 n o r m v × n o r m u + n o r m v × θ , f o r w a r d = b a c k = m o d ( f l o o r Z × n o r m v + n o r m v ) ,
where f l o o r x is the integral function and Z is an integer, which is generally larger to improve the randomness. The new compound chaotic system is based on quantum random walks controlled by a hyper-chaotic map. As the control parameter k 22 1.165 , 1.105 , the non-periodicity and statistical complexity of the compound chaotic system will be evaluated.

2.3.1. Degree of Non-Periodicity

The Scale index, which is based on the continuous wavelet transform (CWT), is presented by Benítez et al. [30], and we will use the tool to study non-periodicity in sequences generated by the proposed compound chaotic system. For chaotic sequences, wavelets are more suitable for studying non-periodicity due to their non-stationary nature [31]. We can assume that sequence f is a continuous function and f L 2 R , which is defined over a finite time interval I = a , b . In Benítez et al. [30], the CWT of f at scale s and time u is defined as
W f ( u , s ) : = f , ψ u , s = + f ( t ) ψ u , s * ( t ) d t ,
and from there it is possible to obtain the frequency component of f corresponding to time location u and scale s. The f scalogram, which is the energy of the CWT of f at scale s, is defined as
S s = W f ( u , s ) = + W f ( u , s ) 2 d u 1 2 .
Let J s = c s , d s I and it is the maximal subinterval in I. The inner scalogram of f at a scale s can be defined by
S i n n e r s = W f ( u , s ) J s = c s d s W f ( u , s ) 2 d u 1 2 ,
where I must be big enough and b a s l [32]. In order to compare the values of the inner scalogram at different scales, the inner scalogram should be normalized:
S ¯ i n n e r s = S i n n e r s d s c s 1 2 .
In the scale interval s 0 , s 1 I , the Scale index of f is given by
i s c a l e = S i n n e r s m i n S i n n e r s m a x ,
where s m a x s 0 , s 1 is the maximal scale such that S i n n e r s m a x S i n n e r s for all s s 0 , s 1 , and s m i n s m a x , 2 s 1 is the smallest scale such that S i n n e r s m i n S i n n e r s for all s s m a x , 2 s 1 [32]. For highly non-periodic sequences, the Scale index will be close to 1; while, it will close to 0 for periodic sequences [30].
We set s 0 = 1 and s 1 = 20 , and choose a Haar wavelet as the mother wavelet function for calculating the Scale index. Figure 3 shows the Scale index of the compound chaotic system, the logistic map, and the Henon map. From a comparison of Figure 3a–c, we can obtain that the Scale index of the compound system is higher than those of the other two chaotic maps. Thus, we can conclude that the sequence generated by the compound system is more non-periodic.

2.3.2. Statistical Complexity Measures

The authors of [33], proposed statistical complexity measures (SCMs), which are used to quantify the degree of physical structure in a sequence. We use the the method of Larrondo et al. [34] to calculate the SCMs. The intensive SCM ( C j P ) can be thought of as a quantity that represents the probability distribution P that is associated with a sequence [35]. C j P , introduced by Larrondo et al. [34], is defined as:
C j [ P ] = H S [ P ] Q j · P , P e ,
where Q J is “disequilibrium” and H S [ P ] is the entropic measure (normalized entropy). H S [ P ] can be calculated by
H S [ P ] = H P / H m a x ,
where H is the Shannon entropy. The entropy of a byte sequence is given by the following:
H = i = 1 N p a i l o g 2 p 1 a i ,
where p a i is the probability that a i occur in the sequence. For a byte sequence, the ideal value of entropy ( H m a x ) is 8. Q J is an intensive quantity [35] and Q J is given by
Q j P , P e = Q 0 · H P + P e / 2 H [ P ] / 2 H P e / 2 ,
where Q 0 is a normalization coefficient, which can be calculated by
Q 0 = 2 N + 1 N ln ( N + 1 ) 2 ln ( 2 N ) + ln N 1 .
If a PRNG can generate high-quality pseudo-random numbers, it can be expected that “no attractor” will be reconstructed. It is reasonable to obtain a homogeneity cloud of points with a strong performance that “fill” up a d-dimension space [34]. Consequently, the associated permutation probability distribution will be P P e , so H S [ P ] 1 and C J [ P ] 0 and for periodic sequences will have H S [ P ] 0 and C J [ P ] 0 [34]. H S and C J as functions of the number of 8 bits are shown in Figure 4 based on the above calculation method. From Figure 4, it can be see that C j and H s tend to 0 and 1, respectively, when the number of words of the analyzed sequence increases. Thus, the randomness of the PRNG based on the proposed compound chaotic system is successfully verified by statistical complexity and the normalized Shannon entropy.

3. Dynamic S-Box Generation Algorithm Based on the Compound Chaotic System

3.1. Introduction of the S-Box

In a symmetric block cipher system, the S-Box plays an important role as the only nonlinear component. An S-Box is essentially a nonlinear permutation function, which can be understood as an encrypted black box. Furthermore, it confuses the relationship between the ciphertext and plaintext. An S-Box can be abstracted as a vector Boolean function of n-bit input and m-bit output:
S b o x : F 2 n F 2 m 0 , 1 n 0 , 1 m .
For most S-Boxes in cryptography, commonly the case of n = m is used and an n × n S-Box is shown in Figure 5. We focused on the design algorithm for 8 × 8 S-Boxes, which are the most commonly used type in cryptography. An 8 × 8 S-Box is a set of integers S s e t = { 0 , 1 , 2 , , 2 8 1 } , which is unique for a matrix S b : S b = { S b i , j | i = 1 , 2 , , 16 ; j = 1 , 2 , , 16 } . The matrix S b can be obtained:
i = f l o o r x / 16 , j = x mod 16 + 1 , y = S b o x x = S b i , j ,
if the vector Boolean function corresponding to an 8 × 8 S-Box is y = S b o x 8 × 8 x , where both x and y are elements in S s e t . Conversely, it is known that an 8 × 8 S-Box corresponds to S b o x 8 × 8 1 y :
y = S b i , j , x = S b o x 8 × 8 1 y = 16 i 1 + j 1 .

3.2. Pseudo-Random Number Generator (PRNG) Based on the Proposed Compound Chaotic System

In this section, a PRNG is designed based on the proposed compound chaotic system, followed by a NIST Statistical Test of the PRNG. The fixed-point algorithm [35] expressed by P-bit precision is adopted, and the specific steps of generating random number are as follows:
  • Initialization u 0 , v 0 , k 22 , θ , f a w a r d , b a c k , n , i 0 , c 0 , r ;
  • Q H y 1000 u 0 , v 0 ;
  • Let Y k = 3 p 3 k 1 + 5 p 3 k 1 + 1 p 3 k 1 + 2 . Furthermore, the following formula is used to generate and output the random number z k :
    z n = mod f l o o r 2 2 P 1 · 10 5 · Y k , 2 P ,
    where f l o o r · is an integral function.

NIST Statistical Test

We will use NIST SP800-22 [36] to estimate the randomness of sequences generated by the PRNG based on the compound system. In the NIST suite, there are 17 test items and every test item concentrates on one type of non-randomness that can exist in a sequence. There are two performance indicators, pass rate and p-value, to determine the random performance of the sequence. In our tests, the following settings were used: the number of sequences to be tested was 100, the sequence length was 10 6 bits, and the significance level was α = 0.01 , which implies that if the sequence passed the test, it can be referred to as being random with a probability of 99 % . For each statistical test item except for the random excursion test, the minimum pass rate is around 96 for sample capacity = 100 bit sequences. The results of NIST SP800–22 test for the PRNG are given in Table 1. The results of the sequence generated by proposed PRNG are all “Pass”. Hence, the sequence generated by the PRNG be considered to have high randomness, and the PRNG can be used in information security systems.

3.3. Dynamic S-Box Generation Algorithm Based on the Proposed PRNG

Generally, complex designs can generate S-Boxes with high cryptographic strength, but the time cost is very large while the efficiency is low. Here, we propose a simple and effective method of constructing strong 8 × 8 S-Boxes based on the proposed PRNG. The new method takes advantage of the excellent chaotic characteristics of the compound system.
For generating S-Boxes, the steps of algorithm based on the proposed PRNG are shown in Algorithm 2.
By the proposed method, the length of sequences generated by the PRNG is used to construct an S-Box that corresponds to a 16 × 16 matrix. The proposed new S-Boxes are generated by the above algorithm and the parameters are set as { u 0 = 0.1 , v 0 = 0.1 , k 22 = 1.1 , n = 15 , r = 5 , i 0 = 2 , c 0 = 1 , θ = π r , f o r w a r d = b a c k = 1 } . The matrix S b corresponding to the first generated S-Box is shown in Table 2.
Algorithm 2 The algorithm for generating S-Boxes
Input: N , r , i 0 , c 0 , θ , f a r w a r d , u 0 , v 0 , k 22 and m (number of S-Boxes required)
Output: A l l S b o x e s
(1) A l l S b o x e s = { } ;
(2)
%%
Initialize the state of an S-Box:
%%
S b o x i = i , i = 0 , 1 , 2 8 1 ;
(3) for 0 i < 2 8
  Obtain a number j from the proposed PRNG;
  swap values of S b o x 2 8 1 i and S b o x j ;
  end for;
(4) s t a t u s = 1 ;
%%
Check whether the S-Box meets the criteria of high diffusion and low differential uniformity [37].
%%
  for 0 i < 2 8
  if S b o x i S b o x mod i + 1 , 2 8 2 δ S b o x > 10
%%
The operator δ ( ) is used to obtain the differential uniformity value of an S-Box.
%%
s t a t u s = 0 ;
break ;
  end if
  end for;
  If s t a t u s = = 1
  A l l S b o x e s + = S b o x ;
  else
  jump to (2);
(5) if c o u n t A l l S b o x e s < m
  jump to (2);

4. Performance Tests of the Constructed S-Box

An S-Box is the only nonlinear component in a block encryption system (providing nonlinear mapping between plaintext and ciphertext), so it is very important to evaluate the robustness of encrypted data attacks by analyzing the nonlinear characteristics of the S-Box. We will evaluate the encryption strength of the proposed S-Box given in Table 2. We will use S-Box performance evaluation criteria such as strict avalanche criterion (SAC), bijection, nonlinearity, BIC, and Linear approximation probability (LAP).

4.1. Basic Cryptographic Evaluation Criteria

4.1.1. Bijection

For a function or S-Box Y = S X : X F 2 n Y F 2 n , it is bijective if it is a one-to-one map. From Table 2, it can be seen that a clearly different value of Y corresponds to only one X. Conversely, one can obtain a distinct value X by Equation (13) and Table 2. Hence, the obtained S-Box of Table 2 has bijective properties.

4.1.2. Algebraic Degree

The algebraic degree of the S-Box can provide an upper limit for the algebraic degree of the whole cryptographic system [4].
Definition 1.
For a Boolean function Y = S X , the algebraic normal form of Y is as the follows [4]:
ANF S = u F 2 n α u i = 0 n 1 x i u i ,
where α u F 2 . The Algebraic degree of S X
Deg ( S ) max wt ( u ) u F 2 n and α u 0 F 2 n in ANF S .
For an 8 × 8 S-Box, S X is usually represented by a collection of 8 Boolean functions of 8 variables called the coordinates of S. Thus, S X can be represented as
S X = S 1 X S 2 X S 8 X ,
where S i X 0 , 1 . In practical calculation, Deg ( S ) is given by estimate the maximum among all degrees of the coordinate functions:
Degree ( S ) = max d e g r e e S i S X = S 1 X , S 2 X , S n X .
The degree of the coordinate functions of the listed S-Box is presented in Table 3 according to Equation (14). We can see that degree of every coordinate function is 7, the largest possible value.

4.1.3. Algebraic Complexity (Univariate Degree)

For a cryptosystem, the algebraic complexity of the S-Box can be used to evaluate the ability of the system to cope with interpolation attacks [4]. If the univariate degree of the S-Box is too low, it can lead to successful interpolation attacks [38].
It is clear from Bao et al. [4], [p. 17] that if F 2 n X / f X F 2 n , S X can be uniquely represented as a univariate polynomial in F 2 n X / f X from:
S X = i = 0 2 n 1 A i X i .
A 0 = S 0 , A 2 n 1 = x F 2 n S x , and the other coefficien A i can be calculated by discrete Fourier transform of the values of S, that is:
A i = k = 0 2 n 2 S α k α k i , 0 i 2 n 2 ,
is a primitive element in F 2 n X / f X . The Algebraic Complexity AC of S X is the number of non-zero coefficients in the linear polynomial representation of S X .
For an 8 × 8 S-Box, f X = X 8 + X 4 + X 3 + X 2 + 1 is an irreducible polynomial and β is taken as a root of f X in F 2 8 . β is a primitive element and we identify F 2 8 with F 2 8 = 0 , 1 , β , β 2 , , β 254 using the basis 1 , β , β 2 , , β 7 . Because F 2 8 X / f X F 2 8 β F 2 F 2 F 2 , we can obtain that the corresponding codes for 0 , 1 , X 1 , , X 254 shown in Table 4. Then, coefficient A i of X i in the univariate expression corresponding to the S-Box can be calculated by Equation (15), as shown in Table 5. From Table 5, We can see that the AC is 255, the largest possible value.

4.1.4. Nonlinearity

For an S-Box S X , in order to effectively resist linear cryptanalysis attacks, the relationship between outputs and inputs should be highly nonlinear. We will use the nonlinearity of every Boolean function S i to estimate the S-Box’s nonlinear strength. Based on the Walsh transform of the Boolean function S i , the evaluation criteria for nonlinearity is defined. The Walsh transform of a Boolean function S i is defined as [39]:
W S S i ( w ) = x F 2 n ( 1 ) w · x S i ( X ) ,
where the · operator denotes the scalar product. For a Boolean function S i , the nonlinearity calculation is based on the following equation [40]:
N S i = 2 n 1 2 1 max w F 2 n W S S i ( w ) .
The nonlinearity values of all constituent 8-bit Boolean functions of the proposed S-Box are provided in Table 6. From Table 6, we can see that the average nonlinearity was 106.5 , the maximum nonlinearity was 112, and the minimum nonlinearity was 104.

4.1.5. Strict Avalanche Criterion (SAC)

An imperative cryptographic feature for an S-Box is the Strict Avalanche Criterion (SAC), which was first introduced in Webster and Tavares [41]. If an S-Box satisfies the SAC, as a single bit is changed in the input, half the output bits should be modified. For an S-Box, the SAC property requires that all the values in the dependency matrix are close to the ideal value of 0.5 . The SAC values provided by the dependency matrix of the proposed S-Box are listed in Table 7. From Table 7, it can be seen that the average value is equal to 0.5 . Thus, the proposed S-Box has good SAC performance.

4.1.6. Bit Independence Criterion (BIC)

Based on the reverse of plaintext, a set of avalanche vectors can be generated, and all avalanche variables should be paired and independent. The degree of independence ρ can be measured by calculating the phase relation of two avalanche vectors A and B:
ρ A , B = c o v A , B σ A σ B ,
where σ 2 A = E A 2 E A 2 and c o v A , B = E A B E A E B . If ρ is 0, the two variables are independent of each other. Furthermore, the two variables are the “same” if ρ is 1, while if it is equal to 1 , the two variables are complementary.
A method of actually measuring BIC was proposed by C.Adams and S.Tavares in [41,42]: for the coordinate Boolean functions S j and S k j k of a given S-Box, if S i S k is highly nonlinear or S i S k satisfies SAC as much as possible and the correlation coefficient of every output bit pair approaches 0 if only one input bit is inverted. By verifying whether S i S k between any two output bits of the S-Box strictly satisfies the avalanche effect, or by calculating the nonlinearity of S i S k , whether the S-Box satisfies BIC can be tested. For 8 Boolean functions of the proposed S-Box, the nonlinearity and SAC values, respectively, are listed in Table 8 and Table 9. We can see from Table 8 and Table 9 that the SAC values and average nonlinearity for BIC are 0.50698 and 105.6 , respectively. Thus, there is an extremely weak linear association among the output bits, and, thus, the obtained S-Box had good BIC performance.

4.1.7. Differential Probability

The XOR distribution of the input and output of an S-Box can be obtained from the differential probability [43] of the S-Box. By analyzing the differential probability, it is possible to obtain the original plaintext. Differential probability is computed by:
D P S = Max Δ X 0 , Δ Y # { X N Δ Y = S ( X Δ X ) S ( X ) } 2 n ,
where Δ Y is the output difference and Δ X is the input difference. The lower the value of the differential probability, the stronger the ability of the S-Box to resist differential cryptanalysis. The maximum D P value of the S-Box generated by this algorithm is only 0.0390625 .

4.1.8. Maximal Degree of the Product of k Coordinates

For a cryptosystem, the degrees of the product of any k coordinates of the S-Box can provide the degree of the superior upper bound. For an S-Box S X , to obtain the definition of maximal algebraic degree of the product of any k coordinates, we go through generalized definitions of an S-Box.
Definition 2.
For an S-Box, the Walsh transform [39] of the corresponding S X is defined as the following:
W S ( α , β ) = x F 2 n ( 1 ) β · S ( x ) α · x , α F 2 n , β F 2 n .
In matrix W S , the value of point α , β represent the Walsh coefficient at α , β . The maximal algebraic degree of the product of any k coordinates of S X is given by Bao et al. [4]:
d k ( S ) = max K { 1 , , 8 } , | K | k deg i K S e i ,
where S e i is called the ith coordinate of the S-Box and
S e i ( x ) = 1 2 1 2 n + 1 a F 2 n W S a , 2 i ( 1 ) a · x .
The values of d k ( S ) are closely related to resistance against higher-order differential attacks [4]. This means that the higher their values, the stronger the S-Box’s ability to resist high-order differential attacks. The d k ( S ) values of the proposed S-Box are shown in Table 10. We can see that all d k ( S ) values are 7, the largest possible value.

4.1.9. Differential Uniformity

The differential uniformity of an S-Box is defined as [4]:
δ S = max a 0 , b δ ( a , b ) = max a 0 , b # X F 2 8 : S ( X a ) S ( X ) = b ,
where a , b F 2 8 . Low differential uniformity is advantageous for a good S-Box. The smaller δ S is, the better the S-Box approximates to being perfectly nonlinear [44]. δ S of the proposed S-Box is 10 according to Equation (16).

4.1.10. Linear Approximation Probability

The linear approximation probability (LAP) is mainly concerned with linear attacks on block encryption technology, and it is used to measure the ability of a cryptographic system to resist linear cryptanalysis. The linear approximation probability of an S-Box is the maximum unbalance value, which is presented as [43]:
LAP = max α , β # X GF 2 n X · α = S ( X ) · β 2 n 1 2 ,
where α and β are the input and output mask values, and · is the dot product operation on F 2 . The maximum value of LAP of the proposed S-Box is only 0.1328125 .

4.2. Security Analysis

4.2.1. Resistance to Algebraic Attacks

A cryptosystem can be regarded as an algebraic system and the fundamental principles of algebraic attacks can be traced back to Shannon’s work [45], in which he said that the entire cryptosystem can be mathematically modeled and expressed as a multivariate algebraic equation. The resistance of cryptographic systems to algebraic attacks can be evaluated by calculating the nonlinearity, algebraic complexity, and algebraic degree.
It is clear from Table 5 and Table 3 that AC and Deg ( S ) need to be high for the cryptosystem to resist algebraic attacks efficiently.

4.2.2. Resistance to Differential Attack

A differential attack is an analysis of the distribution of output differences caused by an input with a fixed difference [4]. The security of an 8 × 8 S-Box against differential attack is quantified by computing its differential probability D P S , maximal algebraic degree of the product of any k coordinates d k ( S ) , and differential uniformity δ S . The D P S and δ S of the proposed S-Box are small, while the d k ( S ) values are the largest possible. Thus, the S-Box has good resistance to differential attacks.

4.2.3. Resistance to Linear Attack

The linear attack was proposed by Mitsuru Matsui [46]. A linear attack exploits the fact that a cryptosystem C = E K ( P ) can form a Boolean function that behaves as non-random (imbalanced) on the set of P [46]. In a linear attack, the cyber attacker searches for the most biased linear relation between the input and output bits of the S-Box. Security against linear attack is quantified by computing LAP, nonlinearity, and AC. If LAP is small while the nonlinearity and AC are high, an S-Box can be highly resistant to linear attack. It can be clearly seen from the above nonlinearity of the proposed S-Box (in Table 6), AC value of 255, and LAP value of 0.1328125 that the NL and AC of the proposed S-Box and are sufficiently high, while the LAP is low. Thus, the S-Box has good resistance to linear attack.

4.2.4. Resistance to Boomerang Attack

A differential-style attack called the boomerang attack was first described by Wagner [3]. The boomerang attack is considered an extension of classical differential attacks. In a classic boomerang attack, cryptosystem E is regarded as a combination of two sub-cryptosystems E 0 and E 1 such that E = E 1 E 0 . There are two different inputs, α and γ ; α is exported to β by E 0 with probability p and γ is propagated to δ by E 1 with probability q. In the original study [3], the boomerang attack is based on the expectation probability:
Pr E 1 ( E ( x ) b ) E 1 ( E ( x a ) b ) = a = p 2 q 2 .
Since Wagner put forward this kind of attack, many improved boomerang attacks have been proposed [2]. In particular, the cryptosystem E is decomposed into three modules: E = E 1 E m E 0 , and the E m corresponds to a simple change (usually an S-Box). The probability of generating a right quartet in each S-Box in the middle S-Box layer is given by the following equation [47]:
# x { 0 , 1 } n S 1 S ( x ) o S 1 S x Δ i o = Δ i 2 n ,
where o , Δ i is a given differential pair. Cid et al. focused on the effect of S-Box construction on boomerang attacks, and constructed a pre-calculated table to evaluate this probability. This table is called the boomerang connectivity table (BCT), which is defined as follows.
For an S-Box, the boomerang connectivity table (BCT) of the corresponding S X is defined by the following equation [47]:
β S ( a , b ) # x F 2 n S 1 ( S ( x ) b ) S 1 ( S ( x a ) b ) = a .
The highest value in the BCT except for point 0 , 0 is defined as boomerang uniformity [4]:
BU S = max β S ( a , b ) .
For an S-Box, the smaller the BU S , the stronger the resistance to boomerang attack. The BU S value of the proposed S-Box is 20 according to Equations (18) and (19), which indicates that the proposed S-Box has strong resistance to boomerang attack.

4.3. Performance Comparison with Different S-Boxes

In this section, linear approximation probability (LAP), strict avalanche criterion (SAC), nonlinearity (NL), differential approximation probability (DP), and algebraic complexity (AC) are selected as the key cryptanalysis attributes of S-Boxes, and the cryptographic performance of the S-Box proposed in this paper is compared with some recently proposed S-Boxes. The key cryptanalysis results of the different S-Boxes are shown in Table 11. From the table, we can make the following observation: the S-Box generated by the proposed algorithm has good nonlinearity and DP value, and the nonlinear values of SAC, BIC-SAC, and BIC are close to the ideal values. Thus, the proposed algorithm to generated an S-Box can meet the needs of data encryption.

5. Conclusions and Discussion

In a summary, we proposed a novel compound chaotic system based on quantum random walks controlled by a hyper-chaotic map. We have evaluated the new system by using some test tools such as Scale index and statistical complexity measures. The results show that the new system has complex dynamic behavior. We have proposed a new PRNG, which passes all the standard statistical tests in NIST SP800-22. Next, we built a new chaotic S-Box generation algorithm based on the PRNG. We have evaluated the performance of the S-Box so-generated by using various cryptographic criteria such as the bit independence criterion (BIC), bijection, strict avalanche criterion (SAC), nonlinearity, differential probability (DP), and linear probability (LP). Test results demonstrated that the S-Box can well meet multiple cryptographic criteria and the new chaotic S-Box generation algorithm is effective.
The results lead us to the following conclusions. By controlling or perturbing the parameters of two types of chaos based on the outputs of one chaotic map, a compound chaotic system can be constructed. Based on the compound chaotic system, designers can easily propose efficient S-Box generation mechanisms that can produce secure S-Boxes. Our proposed compound chaotic system has more complex dynamic behavior. Therefore, based on this dynamical system, it is easy to design modules for cryptosystems such as image encryption algorithms.
In future work, we will take advantage of the proposed compound chaotic system in applications such as image encryption schemes and video authentication.

Author Contributions

Conceptualization, L.Z. and W.Z.; formal analysis and investigation, L.Z. and W.Z.; discussion and suggestion, C.M. and Y.Z.; writing—original draft preparation, C.M. and W.Z.; writing—review and editing, C.M., W.Z. and L.Z. All authors have read and agreed to the published version of the manuscript.

Funding

This work is supported by the National Natural Science Foundation of China (No. 12161077); the Natural Science Foundation of Gansu Province (Nos. 23JRRE0737, 22JR11RE189, 22CX8GA075); and the Innovation Fund Project of Tianshui Teachers College (Nos. CXJ2021-04, CXJ2021-01, PTJ2022-01) and Tianshui Natural Science Foundation (No. 2020-FZJHK-9757).

Data Availability Statement

The data presented in this study are available on request from the corresponding author. The data are not publicly available due to the reason that data could have been generated by the algorithm provided in this paper.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

The following abbreviations are used in this manuscript:
LAPLinear approximation probability
SACStrict avalanche criterion
CWTContinuous wavelet transform
DPDifferential approximation probability
SCMStatistical complexity measure

References

  1. Liu, L.; Zhang, Y.; Wang, X. A Novel Method for Constructing the S-Box Based on Spatiotemporal Chaotic Dynamics. Appl. Sci. 2018, 8, 2650. [Google Scholar] [CrossRef]
  2. Boura, C.; Canteaut, A. On the Boomerang Uniformity of Cryptographic Sboxes. IACR Trans. Symmetric Cryptol. 2018, 2018, 290–310. [Google Scholar] [CrossRef]
  3. Wagner, D. The Boomerang Attack. In Fast Software Encryption; Knudsen, L., Ed.; Springer: Berlin/Heidelberg, Germany, 1999; pp. 156–170. [Google Scholar]
  4. Bao, Z.; Guo, J.; Ling, S.; Sasaki, Y. PEIGEN—A Platform for Evaluation, Implementation, and Generation of S-Boxes. IACR Trans. Symmetric Cryptol. 2019, 2019, 330–394. [Google Scholar] [CrossRef]
  5. Katiyar, S.; Jeyanthi, N. Pure Dynamic S-Box Construction. Int. J. Comput. 2016, 1, 42–46. [Google Scholar]
  6. Adams, C.; Tavares, S. Good S-Boxes Are Easy To Find. In Advances in Cryptology—CRYPTO’ 89 Proceedings; Brassard, G., Ed.; Springer: New York, NY, USA, 1990; pp. 612–615. [Google Scholar]
  7. Hussain, I.; Anees, A.; Al-Maadeed, T.A.; Mustafa, M.T. Construction of S-Box Based on Chaotic Map and Algebraic Structures. Symmetry 2019, 11, 351. [Google Scholar] [CrossRef]
  8. Rafiq, A.; Khan, M. Construction of new S-Boxes based on triangle groups and its applications in copyright protection. Multimed. Tools Appl. 2019, 78, 15527–15544. [Google Scholar] [CrossRef]
  9. Artuğer, F.; Özkaynak, F. SBOX-CGA: Substitution box generator based on chaos and genetic algorithm. Neural Comput. Appl. 2022, 34, 20203–20211. [Google Scholar] [CrossRef]
  10. Ye, T.; Zhimao, L. Chaotic S-Box: Six-dimensional fractional Lorenz–Duffing chaotic system and O-shaped path scrambling. Nonlinear Dyn. 2018, 94, 2115–2126. [Google Scholar] [CrossRef]
  11. Masood, F.; Boulila, W.; Alsaeedi, A.; Khan, J.S.; Ahmad, J.; Khan, M.A.; Rehman, S.U. A novel image encryption scheme based on Arnold cat map, Newton–Leipnik system and Logistic Gaussian map. Multimed. Tools Appl. 2022, 81, 30931–30959. [Google Scholar] [CrossRef]
  12. Sambas, A.; Vaidyanathan, S.; Tlelo-Cuautle, E.; Abd-El-Atty, B.; El-Latif, A.A.A.; Guillén-Fernández, O.; Sukono; Hidayat, Y.; Gundara, G. A 3-D Multi-Stable System with a Peanut-Shaped Equilibrium Curve: Circuit Design, FPGA Realization, and an Application to Image Encryption. IEEE Access 2020, 8, 137116–137132. [Google Scholar] [CrossRef]
  13. Hua, Z.; Zhu, Z.; Chen, Y.; Li, Y. Color image encryption using orthogonal Latin squares and a new 2D chaotic system. Nonlinear Dyn. 2021, 104, 4505–4522. [Google Scholar] [CrossRef]
  14. Chai, X.; Fu, J.; Gan, Z.; Lu, Y.; Zhang, Y.; Han, D. Exploiting Semi-Tensor Product Compressed Sensing and Hybrid Cloud for Secure Medical Image Transmission. IEEE Internet Things J. 2023, 10, 7380–7392. [Google Scholar] [CrossRef]
  15. Song, W.; Fu, C.; Zheng, Y.; Tie, M.; Liu, J.; Chen, J. A parallel image encryption algorithm using intra bitplane scrambling. Math. Comput. Simul. 2023, 204, 71–88. [Google Scholar] [CrossRef]
  16. Zahid, A.H.; Arshad, M.J. An Innovative Design of Substitution-Boxes Using Cubic Polynomial Mapping. Symmetry 2019, 11, 437. [Google Scholar] [CrossRef]
  17. Zheng, J.; Zeng, Q. An image encryption algorithm using a dynamic S-Box and chaotic maps. Appl. Intell. 2022, 52, 15703–15717. [Google Scholar] [CrossRef]
  18. Bin Faheem, Z.; Ali, A.; Khan, M.A.; Ul-Haq, M.E.; Ahmad, W. Highly dispersive substitution box (S-Box) design using chaos. ETRI J. 2020, 42, 619–632. [Google Scholar] [CrossRef]
  19. Zhu, H.; Tong, X.; Wang, Z.; Ma, J. A novel method of dynamic S-Box design based on combined chaotic map and fitness function. Multimed. Tools Appl. 2020, 79, 12329–12347. [Google Scholar] [CrossRef]
  20. Lu, Q.; Zhu, C.; Wang, G. A Novel S-Box Design Algorithm Based on a New Compound Chaotic System. Entropy 2019, 21, 1004. [Google Scholar] [CrossRef]
  21. Zhao, W.; Chang, Z.; Ma, C.; Shen, Z. A Pseudorandom Number Generator Based on the Chaotic Map and Quantum Random Walks. Entropy 2023, 25, 166. [Google Scholar] [CrossRef]
  22. Sambas, A.; Vaidyanathan, S.; Zhang, S.; Abd El-Latif, A.A.; Mohamed, M.A.; Abd-El-Atty, B. Multistability Analysis and MultiSim Simulation of a 12-Term Double-Scroll Hyperchaos System with Three Nonlinear Terms, Bursting Oscillations and Its Cryptographic Applications. In Cybersecurity: A New Approach Using Chaotic Systems; Springer International Publishing: Cham, Switzerland, 2022; pp. 221–235. [Google Scholar] [CrossRef]
  23. Ahmad, M.; Alam, M.Z.; Ansari, S.; Lambić, D.; AlSharari, H.D. Cryptanalysis of an image encryption algorithm based on PWLCM and inertial delayed neural network. J. Intell. Fuzzy Syst. 2018, 34, 1323–1332. [Google Scholar] [CrossRef]
  24. Jamal, S.S.; Anees, A.; Ahmad, M.; Khan, M.F.; Hussain, I. Construction of Cryptographic S-Boxes Based on Mobius Transformation and Chaotic Tent-Sine System. IEEE Access 2019, 7, 173273–173285. [Google Scholar] [CrossRef]
  25. Singh, J.P.; Roy, B. The nature of Lyapunov exponents is (+, +, -, -). Is it a hyperchaotic system? Chaos Solitons Fractals 2016, 92, 73–85. [Google Scholar] [CrossRef]
  26. Guo, F.; Xu, L. Applications of Chaos Theory to Cryptography, 1st ed.; Beijing Institute of Technology Press: Beijing, China, 2015. [Google Scholar]
  27. Venegas-Andraca, S.E. Quantum walks: A comprehensive review. Quantum Inf. Process. 2012, 11, 1015–1106. [Google Scholar] [CrossRef]
  28. Aharonov, D.; Ambainis, A.; Kempe, J.; Vazirani, U. Quantum Walks on Graphs. In Proceedings of the Thirty-Third Annual ACM Symposium on Theory of Computing, Hersonissos, Greece, 6–8 July 2001; Association for Computing Machinery: New York, NY, USA, 2001; STOC ’01; pp. 50–59. [Google Scholar] [CrossRef]
  29. Yang, Y.G.; Zhao, Q.Q. Novel pseudo-random number generator based on quantum random walks. Sci. Rep. 2016, 6, 20362. [Google Scholar] [CrossRef] [PubMed]
  30. Benítez, R.; Bolós, V.J.; Ramírez, M.E. A wavelet-based tool for studying non-periodicity. Comput. Math. Appl. 2010, 60, 634–641. [Google Scholar] [CrossRef]
  31. Chandre, C.; Wiggins, S.; Uzer, T. Time–frequency analysis of chaotic systems. Phys. D Nonlinear Phenom. 2003, 181, 171–196. [Google Scholar] [CrossRef]
  32. Bolós, V.J.; Benítez, R.; Ferrer, R. A New Wavelet Tool to Quantify Non-Periodicity of Non-Stationary Economic Time Series. Mathematics 2020, 8, 844. [Google Scholar] [CrossRef]
  33. Martin, M.; Plastino, A.; Rosso, O. Statistical complexity and disequilibrium. Phys. Lett. A 2003, 311, 126–132. [Google Scholar] [CrossRef]
  34. Larrondo, H.A.; González, C.M.; Martín, M.T.; Plastino, A.; Rosso, O.A. Intensive statistical complexity measure of pseudorandom number generators. Phys. A Stat. Mech. Its Appl. 2005, 356, 133–138. [Google Scholar] [CrossRef]
  35. Akhshani, A.; Akhavan, A.; Mobaraki, A.; Lim, S.C.; Hassan, Z. Pseudo random number generator based on quantum chaotic map. Commun. Nonlinear Sci. Numer. Simul. 2014, 19, 101–111. [Google Scholar] [CrossRef]
  36. Bassham, L.E.; Rukhin, A.L.; Soto, J.; Nechvatal, J.R.; Smid, M.E.; Barker, E.B.; Leigh, S.D.; Levenson, M.; Vangel, M.; Banks, D.L.; et al. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report; NIST: Gaithersburg, MD, USA, 2010.
  37. Biham, E.; Shamir, A. Differential Cryptanalysis of Feal and N-Hash. In Advances in Cryptology—EUROCRYPT ’91; Davies, D.W., Ed.; Springer: Berlin/Heidelberg, Germany, 1991; pp. 1–16. [Google Scholar]
  38. Jakobsen, T. Attacks on block ciphers of low algebraic degree. J. Cryptol. 2001, 14, 197–210. [Google Scholar] [CrossRef]
  39. Carlet, C. Vectorial Boolean Functions for Cryptography. In Boolean Models and Methods in Mathematics, Computer Science, and Engineering; Encyclopedia of Mathematics and Its Applications; Cambridge University Press: Cambridge, UK, 2010; pp. 398–470. [Google Scholar] [CrossRef]
  40. Canteaut, A.; Carlet, C.; Charpin, P.; Fontaine, C. Propagation Characteristics and Correlation-Immunity of Highly Nonlinear Boolean Functions. In Advances in Cryptology—EUROCRYPT 2000; Preneel, B., Ed.; Springer: Berlin/Heidelberg, Germany, 2000; pp. 507–522. [Google Scholar]
  41. Webster, A.F.; Tavares, S.E. On the Design of S-Boxes. In Advances in Cryptology — CRYPTO ’85 Proceedings; Williams, H.C., Ed.; Springer: Berlin/Heidelberg, Germany, 1986; pp. 523–534. [Google Scholar]
  42. Adams, C.; Tavares, S. The structured design of cryptographically good s-boxes. J. Cryptol. 1990, 3, 27–41. [Google Scholar] [CrossRef]
  43. Hussain, I.; Shah, T.; Mahmood, H.; Gondal, M.A. Construction of S8 Liu J S-Boxes and their applications. Comput. Math. Appl. 2012, 64, 2450–2458. [Google Scholar] [CrossRef]
  44. Nyberg, K.; Knudsen, L.R. Provable Security Against Differential Cryptanalysis. In Advances in Cryptology—CRYPTO’ 92; Brickell, E.F., Ed.; Springer: Berlin/Heidelberg, Germany, 1993; pp. 566–574. [Google Scholar]
  45. Shannon, C.E. Communication theory of secrecy systems. Bell Syst. Tech. J. 1949, 28, 656–715. [Google Scholar] [CrossRef]
  46. Matsui, M. Linear Cryptanalysis Method for DES Cipher. In Advances in Cryptology—EUROCRYPT ’93; Helleseth, T., Ed.; Springer: Berlin/Heidelberg, Germany, 1994; pp. 386–397. [Google Scholar]
  47. Cid, C.; Huang, T.; Peyrin, T.; Sasaki, Y.; Song, L. Boomerang Connectivity Table: A New Cryptanalysis Tool. In Advances in Cryptology—EUROCRYPT 2018; Nielsen, J.B., Rijmen, V., Eds.; Springer International Publishing: Cham, Switzerland, 2018; pp. 683–714. [Google Scholar]
  48. Wang, X.; Ünal, Ç.; Kaçar, S.; Akgul, A.; Pham, V.T.; Jafari, S.; Alsaadi, F.E.; Nguyen, X.Q. S-Box Based Image Encryption Application Using a Chaotic System without Equilibrium. Appl. Sci. 2019, 9, 781. [Google Scholar] [CrossRef]
  49. Ali, T.S.; Ali, R. A novel color image encryption scheme based on a new dynamic compound chaotic map and S-Box. Multimed. Tools Appl. 2022, 81, 20585–20609. [Google Scholar] [CrossRef]
Figure 1. Trajectory diagram of map (2) with different values of the k 22 control parameter ( k 22 = 0.1 in subfigure (1), k 22 = 0.9 in subfigure (2), and k 22 = 1.16 in subfigure (3)).
Figure 1. Trajectory diagram of map (2) with different values of the k 22 control parameter ( k 22 = 0.1 in subfigure (1), k 22 = 0.9 in subfigure (2), and k 22 = 1.16 in subfigure (3)).
Mathematics 12 00084 g001
Figure 2. Lyapunov exponent and Bifurcation diagram of Sys (2) with different values of the k 22 control parameter (Lyapunov exponents are shown in subfigure (1,2) and Bifurcation diagrams are shown in subfigure (3,4)).
Figure 2. Lyapunov exponent and Bifurcation diagram of Sys (2) with different values of the k 22 control parameter (Lyapunov exponents are shown in subfigure (1,2) and Bifurcation diagrams are shown in subfigure (3,4)).
Mathematics 12 00084 g002
Figure 3. The Scale index of the Henon map, the logistic map, and the compound chaotic system.
Figure 3. The Scale index of the Henon map, the logistic map, and the compound chaotic system.
Mathematics 12 00084 g003
Figure 4. H s and C j for the proposed PRNG.
Figure 4. H s and C j for the proposed PRNG.
Mathematics 12 00084 g004
Figure 5. The function and basic principle of an n × n S-Box.
Figure 5. The function and basic principle of an n × n S-Box.
Mathematics 12 00084 g005
Table 1. Results of the NIST SP800–22 for the PRNG.
Table 1. Results of the NIST SP800–22 for the PRNG.
Test Namep-ValuePass RateResult
Frequency0.81653799/100Pass
Block Frequency (m = 128)0.24928498/100Pass
Cumulative Sums (Forward)0.28966799/100Pass
Cumulative Sums (Reverse)0.31908499/100Pass
Runs0.93571698/100Pass
Longest Run of Ones0.41902199/100Pass
Rank0.955835100/100Pass
FFT0.20226899/100Pass
Non-Overlapping Templates0.964295100/100Pass
(m = 9, B = 000000001)
Overlapping Templates (m = 9)0.595549100/100Pass
Universal0.49439299/100Pass
Approximate Entropy (m = 10)0.19168798/100Pass
Random-Excursions (data1)0.84858863/63Pass
Random-Excursions Variant Serial (data7)0.78872863/63Pass
Serial Test 1 (m = 16)0.38382799/100Pass
Serial Test 2 (m = 16)0.319084100/100Pass
Linear complexity (M = 500)0.595549100/100Pass
Table 2. The M a t r i x representing the proposed S-Box.
Table 2. The M a t r i x representing the proposed S-Box.
i/j12345678910111213141516
114512970861651891842938813247201749
22171581072191471039130601792023419018512863
3792134111497741661692301181991351423175124
473936831519912020319122642481064183250
518714811614316412581351381619111223159176108
615725045155178113714181194174244239540
71802297614972141117207512723115416110126236
8282421971212510417224037221132494103198205
924333175171801931532451521155320813790234
1038421776785261012012151861277815021696218
1125265624318422011252225662241823611523798
127719157123958167552275613130222200136235
13692062325510222196253922111702541334024915
1416025168214192109874818919518822812139105163
1561325824624146209134114620416822617323889
162114411982233156140162445923221210024721071
Table 3. Degree of coordinate functions of the proposed S-Box.
Table 3. Degree of coordinate functions of the proposed S-Box.
Sbox i S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8
d e g r e e 77777777
Table 4. Code of X t = X ( m 1 ) × 16 + n .
Table 4. Code of X t = X ( m 1 ) × 16 + n .
m / n 12345678910111213141516
101248163264128295811623220513519
2387615245901801172342011433612244896
31921573978156377414853106212181119238193159
4357014051020408016093186105210185111222
516195190971941534794188101202137153060120
624025323121118710721417712725422522316391182113
722621717567134173468136132652104208189103
820612931621242482371991475911823619715151102
92041332346921841092181697915833661322142
1084168771544182164851707314657114228213183
111152302091919919814563126252229215179123246241
122552272191717515049981961495511022016587174
13651302550100200141714285611222422116783
141668116289178121242249239195155438617269138
1591836721446112224424524724325123520313911
16224488176125250233207131275410821617371142
Table 5. The coefficients A i = A ( m 1 ) × 16 + n 1 (coefficient of univariate polynomial representation).
Table 5. The coefficients A i = A ( m 1 ) × 16 + n 1 (coefficient of univariate polynomial representation).
m / n 12345678910111213141516
114533253168502412211681502085417915719621621
24415120316123813325310722319918424422915444176
312969236230239250186451581397819829569931
43620682115333511941391334547163233203184
51691122213145205101169141190234148172100129157
6201149112322214349209221391562067619799
73769331262210314023373721863168917549
84917430811151242322211232375207181392211
9254821941822011731682269010420519062154020
101931148984219198146521061391946919939170
11176185666224522099944344431124619983110
1263238981881673018021495249101514815421976
131155215170233451123711925388892233252243
141071711445614861150130117255552229143248210
15632511132091581346159164114130147184249143194
1610698219204166881162001705421222523641860
Table 6. Nonlinearities of coordinate functions of the proposed S-Box.
Table 6. Nonlinearities of coordinate functions of the proposed S-Box.
S Box / S i S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8 Average
N o n l i n e a r i t y 104106106104110106112104106.5
Table 7. S A C _ D e p matrix of the proposed S-Box.
Table 7. S A C _ D e p matrix of the proposed S-Box.
0.57460.55170.51880.47530.47720.53790.49790.5276
0.47190.48210.57560.48370.58950.50040.44630.4622
0.54070.48230.58160.51870.43070.40700.49420.4878
0.54740.48120.51620.48150.51140.53390.47570.4535
0.50650.46800.53650.51850.51970.49020.53210.4392
0.53670.52400.49520.51650.59760.56910.53470.5091
0.56540.52880.54580.52550.47080.45940.46480.5513
0.52290.57910.56640.51640.42620.60320.39240.4726
Table 8. Bit independence criterion for SAC.
Table 8. Bit independence criterion for SAC.
S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8
S 1 -0.468750.546880.546880.515620.546880.562500.51562
S 2 0.54688-0.484380.484380.468750.531250.531250.57812
S 3 0.515620.57812-0.515620.546880.484380.546880.56250
S 4 0.468750.484380.51562-0.515620.515620.531250.51562
S 5 0.484380.593750.421880.50000-0.593750.468750.42188
S 6 0.531250.500000.406250.531250.48438-0.453120.59375
S 7 0.500000.437500.500000.468750.531250.53125-0.39062
S 8 0.515620.468750.484380.453120.437500.515620.54688-
Table 9. Bit independence criterion for nonlinearity.
Table 9. Bit independence criterion for nonlinearity.
S 1 S 2 S 3 S 4 S 5 S 6 S 7 S 8
S 1 -108108108106104112106
S 2 108-108106106102108108
S 3 108108-102102108100104
S 4 108106102-108102106106
S 5 106106102108-106102104
S 6 104102108102106-106106
S 7 112108100106102106-106
S 8 106108104106104106106-
Table 10. Maximal degree of the product of k coordinates of the proposed S-Box.
Table 10. Maximal degree of the product of k coordinates of the proposed S-Box.
k1234567
d k 7777777
Table 11. Performance comparison of different S-Boxes.
Table 11. Performance comparison of different S-Boxes.
S-Box MethodNonlinearitySACBIC-NLLAPDPAC
MinMaxAverage
Ref. [1]102108104.50.498104.60.1250.048254
Ref. [16]104108106.80.507103.90.1400.054254
Ref. [20]1041101060.499103.80.1250.039255
Ref. [48]104110106.50.495103.80.1410.039255
Ref. [49]981101020.493104.60.1400.046255
Proposed S-Box104112106.50.506105.60.1320.039255
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Zhang, L.; Ma, C.; Zhao, Y.; Zhao, W. A Novel Dynamic S-Box Generation Scheme Based on Quantum Random Walks Controlled by a Hyper-Chaotic Map. Mathematics 2024, 12, 84. https://doi.org/10.3390/math12010084

AMA Style

Zhang L, Ma C, Zhao Y, Zhao W. A Novel Dynamic S-Box Generation Scheme Based on Quantum Random Walks Controlled by a Hyper-Chaotic Map. Mathematics. 2024; 12(1):84. https://doi.org/10.3390/math12010084

Chicago/Turabian Style

Zhang, Lijun, Caochuan Ma, Yuxiang Zhao, and Wenbo Zhao. 2024. "A Novel Dynamic S-Box Generation Scheme Based on Quantum Random Walks Controlled by a Hyper-Chaotic Map" Mathematics 12, no. 1: 84. https://doi.org/10.3390/math12010084

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop