**2. Chaos-Based S-Box Structures**

Chaos theory offers researchers various opportunities in many areas of science [8]. The rich dynamics that it contains have always made chaotic systems a popular research area. In addition to its use in modeling and control areas, its random behavior has led cryptography experts to focus on this field [9]. The basic idea behind this interest is that confusion and diffusion requirements can be met with the principle of sensitive dependence on initial conditions and control parameters. Confusion and diffusion requirements are two important properties of encryption protocols. These requirements were identified by Claude Shannon in 1945. "Confusion makes it difficult to find the key from the ciphertext and if a single bit in a key is changed, most or all the bits in the ciphertext will be affected. Diffusion means that if we change a single bit of the plaintext, then (statistically) half of the bits in the ciphertext should change". It has been suggested that these requirements can be met using chaotic systems, since chaotic outputs are extremely sensitive to changes in initial conditions and control parameters, and have a nonlinear characteristic. Researchers have used chaotic systems as an entropy source in cryptographic designs. They used the initial condition and control parameters of chaotic systems as the secret key of cryptographic protocols. It has been suggested that different entropy sources can be produced by using different initial conditions and control parameters, as they will produce different outputs with small changes that may occur in the initial conditions and control parameters. Many cryptographic protocols such as image encryption algorithms [10,11], key generators [12,13] and s-box designs [14] have been proposed using this design idea, as visualized in Figure 1.

**Figure 1.** General design approach for chaos-based cryptographic protocol designs.

Although this design approach has been widely studied, the security analysis of some proposals has not been done according to certain criteria, which has caused various security problems. Chaos-based s-box designs stand out as a design class that is not affected by these problems, because the requirements for s-box performance analysis are almost standardized [15,16]. Bijective, nonlinearity, bit independence criterion (BIC), strict avalanche criterion (SAC) and input/output XOR distribution criteria are the standard measurements used in analysis processes of s-boxes. A nonlinearity criterion can be associated with the confusion criterion, which is one of the general characteristics of encryption algorithms; the ideal value for this criterion is 112, and the ideal value for the strict avalanche criterion is 0.5. This value indicates the difficulty of making statistical inferences. Values smaller or greater than 0.5 increase the success of statistical analysis. BIC measurement is related to nonlinearity and SAC measurements through the relationship between input and output bits. Input/output XOR distribution is related to differential cryptanalysis. To show its resistance against differential attacks, the maximum value that can be calculated. The expected value is 4; larger values indicate that differential attacks can be more successful [14–16].

In the simplest terms, s-box structures have the mathematical model given in Equation (1). In other words, it is a bijective function that converts values in a certain range to values in another range. The AES s-box structure is a nonlinear function that maps 256 values between 0 and 255 to 256 values between 0 and 255. Therefore, in the literature, attempts have been made to obtain different s-box structures by converting the chaotic system outputs to 256 different values. Many different s-box structures have been generated by changing the initial conditions and control parameters. Also, different chaotic system classes or different conversion algorithms have been used to improve the s-box performance criteria.

$$S: \begin{array}{ccccc} F\_2^n & \rightarrow & F\_2^m \\ (\mathbf{x}\_1, \ldots, \mathbf{x}\_n) & \rightarrow & (y\_1, \ldots, y\_m) \end{array} \tag{1}$$

When design studies are classified in terms of chaotic system types, there are two general classes: discrete and continuous-time chaotic systems. Discrete-time systems are among the preferred systems for researchers in the design process [17–21]. The main reason for this is that the systems can produce very fast results due to their simple mathematical models. The biggest advantage of continuous-time systems is that they have more complex mathematical models than discrete-time systems [22–26]. It is thought that this complexity will positively affect the quality of the entropy source. To use this advantage of continuous-time systems most effectively, special chaotic systems such as hyperchaotic [27,28], time-delay [29,30] and fractional-order systems [31,32] have also been used in the design process.

Another remarkable element of the general design architecture visualized in Figure 1 is the conversion function. The purpose of this function is to convert chaotic system outputs into an entropy source. In the literature, two conversion functions are most common. The first is the threshold value function. As stated in Equation (2), the chaotic system outputs are converted to 0 or 1 values by comparing them with a threshold value. Choosing the appropriate threshold value is a critical design

problem. It has been shown that successful results can be obtained if 0.5 is selected as the threshold value in many sources [33,34]. The other conversion function is the mode function. It has been shown in various studies that the mode function has various advantages, since it is a one-way function which guarantees various statistical properties [35–37]. Due to these advantages, in the proposed method, the mode function has been used to transform the chaotic entropy source into s-box structures.

$$f\_{threshold}(\mathbf{x}): \begin{cases} 0 & \mathbf{x} \le 0.5\\ 1 & \mathbf{x} > 0.5 \end{cases} \tag{2}$$
