A. Research Objectives

All the mathematical principles either satisfy two or more of these criteria in “Table 1” but none satisfy all these criteria to generate a strong S-box for the utmost chaos in the ciphertext. Hence, the reason for applying the Möbius transformation and Bit shift principles is to design an S-box that satisfies these criteria with a focus on the following research objectives (ROs).

• RO1:

  Investigating the weaknesses of S-box in the existing research.

• RO2:

  Designing a robust S-box that overcomes all the identified weaknesses in RO1.

• RO3:

  Testing the strength of the S-box against linear and differential attacks.

• RO4:

  Examining the practicality of the newly designed S-box by integrating it with the SOTA IoT cipher i.e., Chacha20.

B. Research Question and Contribution

To analyse the efficiency of designing a strong S-box, the following research question (RQ) is addressed in this paper:

RQ: What essential design principles must an S-box adhere to withstand linear and differential attacks, and how to validate its effectiveness for SOTA ciphers?

To address the earlier mentioned RQ, this paper presents a robust S-box design and examines its practicality by implementing it with SOTA cipher. The paper contributions are:

• Practical and Secure S-box Design: This paper designed a secure S-box and integrated it into a SOTA stream cipher (Chacha20) to effectively secure the visual data. The results validate the practicality of the proposed S-box with any cipher to maximise content protection.

• Low computation: The minimal encryption timing between the proposed S-box with Chacha20 (Sbox+Chacha20) and Chacha20 cipher shows the efficacy of the Sbox+Chacha20 for constrained devices.

The remainder of this paper is arranged as follows; Section II describes the related pieces of literature on different S-box designs. Section III presents the methodology for designing the proposed S-box. Section IV outlines the analysis of the proposed S-box. Section V examines the security and statistical analysis of integrating the proposed S-box with a SOTA cipher (Sbox+Chacha20)) and compares it with other existing SOTA ciphers. The conclusion is discussed in Section VI.

A. Chaotic Map Principle

The chaotic map always manifests unpredictable behaviours and can be divided into discrete and continuous with a frequent appearance in dynamical systems.

The chaotic map has a wide range of applications across various fields, including secure communication and random number generation in physics, engineering, finance, and even biology. The study [37] designed a 2-D memristive Cubic map(2D-MCM), which produces a discrete mapping by integrating the memristor and the Cubic map to only encrypts a selective portion of the video. The research [38] derives a novel chaotic two-dimensional hyperchaotic exponential adjusted logistic and sine map (2D-HELS) from the well-known two-dimensional logistic and sine maps to design an image encryption algorithm with a good cryptographic structure called “permutation-diffusion.” This encryption algorithm achieves a highly secure cipher-image by employing a dynamic confusion strategy and an RNA operation.

The study [39] applied Rule 30 cellular automata to generate the first key, then created an $8-bits$ S-box using permutation, modular inverses, and transformations, and finally generated the second encryption key using the Lorenz system solution. Reference [40] constructed an S-box based on the Lorenz system by utilising the properties of quaternions with a non-linearity of 106, a SAC of 0.5024, and LP of 0.1172. Reference [28] presented a one-dimensional discrete-space chaotic map using integer numbers multiplication and circular shift to design an S-box with a non-linearity value of 107, SAC of 0.52881. Reference [41] designed an S-box with a large chaos interval, high complexity, and fast iteration rate using a 2D multiple collapse chaotic map (2D-MCCM) and a diffusion with 107.75 non-linearity, 0.5327 SAC and 0.1250 LP. Using a discrete compound chaotic system and a Logistic-Sine System (LSS), [29] proposed a compound chaotic map and single S-Box with a non-linearity of 106.3, SAC of 0.503, and LP of 0.133. Reference [30] proposed a dynamic and key-dependent S-box that involves three stages, which are ingenious chaotic map design, preliminary S-box development, and heuristic method for the final S-box generation having a non-linearity of 110, SAC of 0.5034, and LP of 0.133.

B. Permutation Principle

The permutation principle is an arrangement of elements without repetition but with an emphasis on order. Some studies have implemented this principle to design an S-box.

The authors [34] used chaotic permutation to design the S-box. Firstly, the logistic map’s ergodicity and randomness were used to increase its complexity and robustness, and lastly, the logistic map was used to create a permutation algorithm based on a chaotic sequence with a non-linearity of 108 and, SAC of 0.4988. By making little adjustments to the parameters of the transformation and permutation processes, a square polynomial transformation, an affine transformation, and a permutation technique were proposed by [35] to create a large number of robust S-box with 111.5 non-linearity, 0.502 SAC and 0.125 LP. A linear fractional transformation and permutation function was proposed by the authors [36] which involves an irreducible polynomial of degree eight being selected, and all of the primitive irreducible polynomial’s roots were computed as step one. In the second step, the Galois Field $GF(2^{8})$ is subjected to the algebraic properties of linear fractional transformation, and the resulting matrix is permuted to introduce variance into the S-box with a non-linearity of 112, and a normal SAC.

C. Galois / Finite Field Principle

A finite field is a set that defines and satisfies the mathematical principles of addition, division (excludes division by zero), multiplication, and subtraction.

The authors [31] created an $8-bit$ S-box by applying an adjacency matrix to the Galois field $GF(2^{8})$ . For the action of a modular group on a projective line $PL(F^{7})$ over a finite field $F^{7}$ , the adjacency matrix corresponding to the coset diagram is obtained. Eight different S-boxes were designed with the last S-box having a good result with a non-linearity of 112, SAC of 0.4953, and LP of 0.0625. By defining distinct total orders, [42] present an effective way to generate an S-box based on a class of Mordell elliptic curves over prime fields with a non-linearity of 106, SAC of 0.52345, and LP of 0.1328. Reference [43] designed ten different S-boxes using the Möbius group and finite field with an irreducible polynomial of $t^{8} + t^{4} + t^{3} + t^{2} + 1$ which has the $1st$ and the $5th$ S-box with a better output. Adjacency matrices and graph theory are the tools employed to create highly nonlinear S-boxes which employ an adjacency matrix that matches the coset diagram for the Mobius group M $= \left \langle {{x,y:x^{2} = y^{6} = 1}}\right \rangle $ saction on$ PL(F_{7})$ . Then, to create new S-boxes, this matrix was applied to the Galois field $GF(2^{8})$ . The $1st$ S-box has a non-linearity value of 107.25, SAC of 0.5017, and LP of 0.109. Reference [20] used the exponentiation modulo polynomial in extended Galois fields $GF(2^{8})$ or modular arithmetic approach to generate an S-box with an irreducible polynomial of $x^{8} +x^{5}+x^{3}+x+1$ given 102 non-linearity and 0.499 SAC output. To create the initial seed S-box, [44] suggested a method that uses two Galois fields $GF(2^{7})$ of order 128 with distinct structures and irreducible polynomials of $1 + \alpha ^{4} + \alpha ^{7}$ and $1 + \omega + \omega ^{2} + \omega ^{3} + \omega ^{7}$ . This provides a strong basis for subsequent optimisation, and the application of permutation group ${C}_{6888} \times {C}_{4}\times {C}_{4}$ to the initial S-box improved the efficiency of the generated S-box which present a non-linearity of 110.75, SAC of 0.5012 and LP of 0.0781. Reference [45] adopted the AES S-box method and reduced it to a $4-bits$ S-box design using simplified finite field inversion mapping using a reduction polynomial of $\alpha ^{4} + 1$ to produce a non-linearity of 4. The construction of the S-box on the elements of the Galois field’s multiplicative subgroup, rather than the Galois field as a whole, was suggested by [46] to produce a $4-bits$ S-box with a non-linearity of 3.5, SAC of 0.4688 and LP of 0.125.

D. Other Mathematical Principle

Aside from the three mathematical principles discussed earlier, several studies also implemented various principles like [47] designed an S-box using fractional-order time-delayed Hopfield neural network which entails the evolution of the first-generated S-box for enhanced non-linearity with a value of 111.25, SAC of 0.5007 and LP of 0.14025. The study [48] presents a controller for the plasma system that can displace its equilibria, thereby disintegrating the symmetric double-wing, resembling a butterfly, into multiple autonomous chaotic attractors to design an S-box with a non-linearity of 106, and a SAC of 0.4978. Reference [49] proposed two different S-boxes (G S-box and Algebraic S-box) using a pseudo-random generator based on Walsh Hadamard transform (WHT) and bi S-boxes to create the secure pseudo-random bit generator (CSPRBG). The first S-box has a non-linearity value of 112 but a very low SAC value of 0.375 and a good LP value of 0.062 while the second S-box has a non-linearity of 103.5, SAC of 0.5066 and high LP value of 0.1328. To create the substitution boxes, a multilevel information fusion with four layers—Multi Sources, Multi Features, Nonlinear Multi Features Whitening, and Substitution Boxes Construction—was implemented by the study [50]. This allowed for the creation of true random numbers from the unavoidable random noise found in medical imaging with the first S-box having a good result having the non-linearity and SAC to be 110, 0.503174 respectively with a high LP of 0.140625.

The study [51] applied Möbius transformation to design two different S-boxes. The first S-box was named a transformed S-box which had an average non-linearity value of 106.75 and, an average non-linearity BIC of 106.571. The second S-box was named as modified S-box which also had its average non-linearity and average non-linearity BIC as 108 and 105.286 respectively. These values are lower than the values obtained in this research. Möbius transformation was implemented by [52], to construct S-box and proposed a transformed S-box with a non-linearity of 107.3, SAC of 0.59, a BIC non-linearity of 101.3, a LP of 0.15, and a DU of 0.06 Also, [53] applied Möbius transformation to design a cryptologically robust 131028 S-Box with an average non-linearity value of 109, an average BIC non-linearity of 106, a LP of 0.125 and a DU of 0.0703125.

All the existing background and literature surveys reviewed herein show that the design of the S-box with different mathematical principles did not achieve the maximum recommended output of high NL with a SAC of ≈0.5, a very low LP. Also, none of these studies calculated the HOSAC and HOBIC of their proposed S-box.

However, this research designed an S-box with a non-linearity of 112, SAC of 0.5044, LP of 0.0625, a DU of 0.015625 and also fulfill the requirement of the HOSAC and HOBIC criteria using the Möbius transformation and bitwise shift permutation, and to the best of the authors’ knowledge, no research has utilised these methods (Möbius transformation and bitwise shift permutation) to design an S-box.

A. Möbius Transformation

The Möbius transformations are bijective complex algebraic rational fractions where the upper and lower fractions are polynomials as represented in (1) where a, b, c, d complies with the condition in (2). The Möbius transformations consist of a group under composition\begin{align*} & f(x)= \frac {ax + b}{cx + d} \tag {1}\\ & (a \times d) - (b \times c) \neq 0 \tag {2}\end{align*} View Source\begin{align*} & f(x)= \frac {ax + b}{cx + d} \tag {1}\\ & (a \times d) - (b \times c) \neq 0 \tag {2}\end{align*}

The Möbius transformation can be represented as a matrix in (3) consisting of the translation, inversion, rotation, and dilation operations as given in (4).\begin{align*} \Phi (x)& \approx \begin{pmatrix} a & b \\ c & d \end{pmatrix} \begin{pmatrix} x \\ 1 \end{pmatrix} \tag {3}\\ f_{1}(x) & = x + \frac {d}{c} \\ f_{2}(x)& = \frac {1}{x} \\ f_{3}(x)& = - \frac {ad - bc}{c^{2}} x \\ f_{4}(x) & = x + \frac {a}{c} \tag {4}\end{align*} View Source\begin{align*} \Phi (x)& \approx \begin{pmatrix} a & b \\ c & d \end{pmatrix} \begin{pmatrix} x \\ 1 \end{pmatrix} \tag {3}\\ f_{1}(x) & = x + \frac {d}{c} \\ f_{2}(x)& = \frac {1}{x} \\ f_{3}(x)& = - \frac {ad - bc}{c^{2}} x \\ f_{4}(x) & = x + \frac {a}{c} \tag {4}\end{align*}

The functions in (4) are then composed and transformed to generate (5), producing the Möbius transformation formula.\begin{equation*} f_{4}(x) \cdot f_{3}(x) \cdot f_{2}(x) \cdot f_{1}(x) = f(x) = \frac {ax + b}{cx + d} \tag {5}\end{equation*} View Source\begin{equation*} f_{4}(x) \cdot f_{3}(x) \cdot f_{2}(x) \cdot f_{1}(x) = f(x) = \frac {ax + b}{cx + d} \tag {5}\end{equation*}

4) Fractional Linear Transformation

This is a mathematical addition, subtraction, multiplication, and division operation carried out as a modulo on a particular irreducible polynomial that characterises the domain. Applying linear transformation on (9) where $a,b,c,d \in GF(2^{8})$ and $ad - bc \neq 0$ . The selected values are shown in (10) where x ranges from 0 to 255 as shown in “Table 3”.

TABLE 3 S-Box Construction Using Möbius Transformation

To implement the calculation of equation (10), the Reed Solomon application [54] would be a good scenario.\begin{equation*} f(x) = \frac {ax + b}{cx + d} \Rightarrow f(x) = \frac {135x + 75}{16x + 8} \tag {10}\end{equation*} View Source\begin{equation*} f(x) = \frac {ax + b}{cx + d} \Rightarrow f(x) = \frac {135x + 75}{16x + 8} \tag {10}\end{equation*}

As a result of applying the Möbius transformation to x from 0 to 255, the result of the S-box generated can be seen in “Table 4”.

TABLE 4 The Initial Generated S-Box After Möbius Transformation

B. Permutation

This is the number of practicable ways to rearrange a set of elements which could be with repetition or without repetition as given in (11) where n is the total elements and r is the number of chosen elements. This research implemented a right bitwise shift operation to produce a permutation without repetition.\begin{equation*} {\mathcal {P}}_{without-repetition} \rightarrow {\mathcal {P}}_{r}(n, r) = \frac {(n-r)!}{n!} \tag {11}\end{equation*} View Source\begin{equation*} {\mathcal {P}}_{without-repetition} \rightarrow {\mathcal {P}}_{r}(n, r) = \frac {(n-r)!}{n!} \tag {11}\end{equation*}

1) The Bitwise Shift Operation

The bitwise shift operation is a low-level operator that manipulates binary bits individually. This operation takes two operands, the first operand is the binary value to be shifted and the second operand is the number of shifts to produce a new binary value. A bitwise shift could either be to the left or the right.

The set of elements gotten from (10) was converted to binary and a right bitwise shift was applied on each of the elements as shown in (12) where n is the operand to be shifted, d is the number of shifts. A high algebraic degree is achieved when d is odd thus, you can select any odd number but this manuscript randomly selected 5 as the d value.\begin{align*} f_{bitshift}: & \rightarrow (n \gg d) \tag {12}\\ f_{bitxor}: & \rightarrow n \oplus f_{bitshift} \mathbin {\%} 256 \tag {13}\end{align*} View Source\begin{align*} f_{bitshift}: & \rightarrow (n \gg d) \tag {12}\\ f_{bitxor}: & \rightarrow n \oplus f_{bitshift} \mathbin {\%} 256 \tag {13}\end{align*}

A modulus 256 which is the pixel intensity and an xor process was applied to the rightmost $3-bits$ of n from (12) to produce (13), which generated our final S-box as displayed in “Table 5”. The step-by-step implementation of the bitwise shift operation is displayed in “Algorithm 1”.

TABLE 5 Design of Proposed S-Box

Algorithm 1 Pseudo-Code for Bitwise Shift Operation

Require:

$values \; from \; the \; first \; generated \; S-box$

Ensure:

$int\_values$

1:

$bin\_list \leftarrow []$

2:

$final\_S-box\_list \leftarrow []$

3:

$d = 5$

4:

for $i \;in \;len(int\_values)$ do

5:

$bin\_value \leftarrow int\_values.convert\_to\_binary()$

6:

$bin\_list \cdot append(bin\_values)$

7:

end for

8:

for $j \;in \;len(bin\_list)$ do

9:

$shifted\_bits \Leftarrow bin\_list[j] \oplus (bin\_list[j] \gg 5) \% 256 $

10:

$final\_S-box\_list \cdot append(shifted\_bits)$

11:

end for

12:

$return \; final\_S-box\_list$

A. Balanced

The balanced criterion measures the distribution of output values for every possible input value of an S-box. When there are equal numbers of occurrences for each potential output difference of a given fixed input difference then the S-box is said to be balanced. An S-box with a balanced criterion shows an even distribution of output values. Mathematically, a balanced S-box is calculated using (14). Where $\Delta x$ is the fixed input difference and $S(x)$ is the S-box input.\begin{align*} & S: \{0, 1\}^{n} \rightarrow \{ 0, 1 \} ^{m} \\ & \bigg \{ S(x) \oplus S(x \oplus \Delta x ): x \in \{0, 1 \} ^{n} \bigg \} \tag {14}\end{align*} View Source\begin{align*} & S: \{0, 1\}^{n} \rightarrow \{ 0, 1 \} ^{m} \\ & \bigg \{ S(x) \oplus S(x \oplus \Delta x ): x \in \{0, 1 \} ^{n} \bigg \} \tag {14}\end{align*}

It is important to note that an S-box increases its confusion mechanism if it is balanced. Hence the proposed S-box exhibits the balanced criterion where the output bits are well-distributed and not predictable.

B. Non-Linearity

The Non-Linearity (NL) criterion is used to determine the randomness of the S-box elements and also to access the validation of the S-box against cryptanalysis attacks. The higher the NL, the higher the uncertainty output of the S-box. The NL of an S-box is measured mathematically using (15) the Walsh spectrum.\begin{align*} W_{f}(z) & = \sum _{t \in (0, 1)^{n}} (-1)^{f(t)\oplus t.z} \\ \mathcal NL & = 2^{n-1} \Biggl ( 2^{n} - \max _{t \in GF(2^{n})} \Big |\; W_{f}(z) \; \Big |\Biggl ) \tag {15}\end{align*} View Source\begin{align*} W_{f}(z) & = \sum _{t \in (0, 1)^{n}} (-1)^{f(t)\oplus t.z} \\ \mathcal NL & = 2^{n-1} \Biggl ( 2^{n} - \max _{t \in GF(2^{n})} \Big |\; W_{f}(z) \; \Big |\Biggl ) \tag {15}\end{align*}

The NL result of the proposed S-box is displayed in “Table 6” with a maximum and minimum result of 112. This proves the resistance of the S-box against the linear attacks.

TABLE 6 The Non-Linearity Result of the Proposed S-Box

C. Strict Avalanche Criterion

The Strict Avalanche Criterion (SAC) estimates a change when a single input bit is flipped, then a probability of half or $\frac {1}{2}$ of the output bits should change. An SAC result of ≈0.5 indicates a strong avalanche effect which contributes to the properties of diffusion and confusion associated with cryptographic algorithms and is regarded as a good result against cryptanalyst attacks.

The result of the proposed S-box SAC is rounded off at 4th place and analysed in “Table 7”. The result shows most of the values can be ≈0.5 and with an average of 0.50439 which successfully meets the SAC requirement. The SAC result is close to the expected 0.5 with an offset value of 0.00439.

TABLE 7 The SAC Result of the Proposed S-Box

D. Higher-Order Strict Avalanche Criterion

This is a quantitative measure that calculates the average number of changes that occur in the output bit when more than one input bits are changed at the same time. The result of the Higher-Order Strict Avalanche Criterion (HOSAC) ranges from 0 to 1, where values close to 1 mean the S-box shows more chaotic and avalanche-like behaviour.

HOSAC was applied to the proposed S-box by changing different numbers of input bits out of its $8-bits$ . “Table 8” shows the response of the S-box to different input bits change at the same time. The HOSAC of the proposed S-box gave a value closer to 0.5, which signifies that modifications of any number of the input bits will only have an effect on half of the output bits and hence increase the S-box security and indicate a strong diffusion.

TABLE 8 The Proposed S-Box HOSAC on Different Conditions

E. Bit Independence Criterion

The Bit Independence Criterion (BIC) is a metric for assessing the level of bit independence in the output bits of an S-box. The BIC is computed as the probability that changing a particular input bit will result in a change in a specific output bit regardless of other input and output bits [55]. Each input bit “i” should transpose independently for all the output bits of “j” and “k”. BIC determines the maximum absolute correlation coefficient between avalanche vector “j” and “k” components. Mathematically, the BIC of a $16\times 16$ S-box is computed with (16) where “j” and “k” are the output bit, $V^{e{i}}$ is the avalanche vector. The BIC-SAC test is valid if each output value is approximately 0.5.\begin{equation*} BIC(V_{j}, V_{k}) \rightarrow \max _{1 \leq i \leq n} \Big | \; corr({V_{j}^{e{i}}}, {V_{k}^{e{i}}}) \; \Big | \tag {16}\end{equation*} View Source\begin{equation*} BIC(V_{j}, V_{k}) \rightarrow \max _{1 \leq i \leq n} \Big | \; corr({V_{j}^{e{i}}}, {V_{k}^{e{i}}}) \; \Big | \tag {16}\end{equation*}

This paper performs the BIC for the NL in “Table 9” and the SAC in “Table 10” with good correlation and each output value was approximately 0.5 for the BIC-SAC, preventing right guessing and recognition of patterns.

TABLE 9 The BIC Output of the Proposed S-Box Non-Linearity

TABLE 10 BIC for the Proposed S-Box SAC

F. Higher-Order Bit Independence Criterion

The Higher-Order Bit Independence Criterion (HOBIC) is a metric used to assess the level of bit independence in the output bits of an S-box when several input bits are changed at once. The HOBIC calculates the average bit independence of all possible combinations of an input bit count. It is computed by averaging over all combinations while taking into account the bit independence for each combination. The HOBIC can be mathematically calculated as (17) where k is the number of changed input bit, $\binom {n }{ k}$ is combination of the input bits, $P(Y \;|\; X_{1}, X_{2}, \cdot \cdot \cdot , X_{k})$ is the probability distribution of the output bits.

The BIC value ranges from 0 to 1, where 0 indicates that the corresponding output bits remain completely independent and 1 denotes a higher level of dependence between the output bits.\begin{equation*} {\mathcal {HOBIC}}_{k} \rightarrow \frac {1}{2^{n}} \sum _{\binom {n }{ k}} P(Y \;|\; X_{1}, X_{2}, \cdot \cdot \cdot , X_{k}) \tag {17}\end{equation*} View Source\begin{equation*} {\mathcal {HOBIC}}_{k} \rightarrow \frac {1}{2^{n}} \sum _{\binom {n }{ k}} P(Y \;|\; X_{1}, X_{2}, \cdot \cdot \cdot , X_{k}) \tag {17}\end{equation*}

This paper changed $4-bits$ from the $8-bit$ input bits and the result of the impact of these changed bits on the output bits is discussed in “Table 11”. The results in “Table 11” are close to 0 which proves that output bits of the S-box are independent when the input bits were altered.

TABLE 11 HOBIC for the Proposed S-Box

G. Linear Approximation Probability

The Linear Approximation Probability (LAP) evaluates the maximal imbalance between the input bits and the output bits elements. The uniformity of the input bits must not be different from the output bits and this is examined individually to give the maximal number of the same outputs. The LAP criterion is calculated as given in (18) where $\Gamma _{x}$ , $\Gamma _{y}$ are the input mask and the output mask, $2^{n}$ is the total element in the S-box, and x is the possible input numbers.\begin{equation*} LP = \max _{\Gamma _{x}, \Gamma _{y} \neq 0} \Bigg | \; \frac {\# \; \{x|x \cdot \Gamma _{x} = S(x) \cdot \Gamma _{y}\}}{2^{n}} - \frac {1}{2} \; \Bigg | \tag {18}\end{equation*} View Source\begin{equation*} LP = \max _{\Gamma _{x}, \Gamma _{y} \neq 0} \Bigg | \; \frac {\# \; \{x|x \cdot \Gamma _{x} = S(x) \cdot \Gamma _{y}\}}{2^{n}} - \frac {1}{2} \; \Bigg | \tag {18}\end{equation*}

The proposed S-box achieved an absolute maximal imbalance of 16 as shown in “Table 12” hence, the linear approximation probability value gives 0.0625 which is low. A low LAP value indicates there is a low correlation between the linear approximations of the S-box’s input and output bits. This means the S-box is resistant to linear cryptanalysis attacks.

TABLE 12 The Linear Approximation Probability Result of the Proposed S-Box

H. Differential Uniformity

The Differential Uniformity (DU) is the maximum probability of getting a uniform XOR change in the output bit $\Delta q$ when there is a XOR change in the input bit $\Delta q$ . If an S-box is uniform in its input and output distribution, then it is said to be resistant. It is required that the highest value of the DU in a XOR table be as low as possible. The DU criterion is calculated mathematically as in (19) where $X = (0,1,2,\ldots ,254,255)$ , $ \Delta p $ is the input differentials and $\Delta q$ is the output differentials.\begin{align*} DU_{\psi }= \max _{\Delta p \neq 0, \Delta q} \left ({{ \frac { \{ p \in X \;| \psi (p) \oplus \psi (p \oplus \Delta p ) = \Delta q \}}{2^{n}} }}\right ) \tag {19}\end{align*} View Source\begin{align*} DU_{\psi }= \max _{\Delta p \neq 0, \Delta q} \left ({{ \frac { \{ p \in X \;| \psi (p) \oplus \psi (p \oplus \Delta p ) = \Delta q \}}{2^{n}} }}\right ) \tag {19}\end{align*}

The maximum differential uniformity result of the proposed S-box is 4 or 0.015625 which is less and proves that the S-box is secure against differential attacks.

I. Comparative Analysis with SOTA S-Box

The proposed S-box was compared with existing S-box designs as shown in “Table 13”. Authors [31] and [50] proposed the designs of ten and seven different S-boxes respectively and this paper selected the best S-box out of the several designs. The first S-box from [50] and the last S-box from [31] were selected for comparison with our S-box. The X in “Table 13” indicates that the authors did not mention or provide the information.

TABLE 13 Comparative Analysis of the Proposed S-Box With Other Designed S-Box

It is understood that a SAC value of perfectly 0.5 shows better confusion properties while a value that varies from 0.5 may result in biased output. The more the variation from 0.5 the higher the output biases. The SAC-Offset is used to determine the variation of the SAC. When the proposed S-box, [17] and [31] were compared based on the SAC-Offset, the proposed S-box has a lower variation.

From “Table 13”, the proposed S-box, has a consistent result in all the criteria specified in the table. In the average Non-Linearity (NL Average) column it has a high result, also in the strict avalanche criterion (SAC) column, the value is approximately 0.5 as required. The SAC offset of the proposed S-box is low as well as the linear approximation probability (LAP) and the differential uniformity (DU). The bit independence criterion for the Non-Linearity (BIC-NL) has an average of 112 while the average SAC (BIC-SAC) is 0.5074 which is in the expected range of ≈0.5.

A. S-Box Integration With Chacha20

In this paper, we tested the effectiveness of the newly designed S-box while implementing it as a part of SOTA IoT cipher i.e., Chacha20 (Sbox+Chacha20). Unlike AES [17], Chacha20 did not implement an S-box originally, hence it is the best fit for our experiments to validate the effectiveness of the proposed S-box.

Chacha20; a stream cipher was created by Daniel Bernstein and it belongs to the Salsa family [56] with a $256-bit$ key length and a $64-bit$ or $96-bit$ nonce [57]. Chacha20 applies the randomly generated key, nonce, and the XORing, addition, and rotation principles for its encryption and decryption. A single round of Chacha20 is made up of four quarter-rounds for a column-round and four quarter-rounds for a diagonal-round, while a full round consists of ten (10) column rounds and ten (10) diagonal-rounds giving a total of twenty (20) rounds, and eighty (80) quarter-rounds [57].

B. Experimental Analysis of Sbox+Chacha20

This sub-section discussed the dataset, visual results, security analysis, and statistical analysis of the Sbox+Chacha20.

1) Dataset

The experiment was conducted on Intel NUC, a low-power constrained IoT (Internet of Things) with the specifications enumerated in “Table 14” and it was implemented in the Python programming language as well as Cython.

TABLE 14 Experimental Test-Kit for Sbox+Chacha20

The experiment was also carried out with a dataset of two (02) dynamic backgrounds and two (02) static backgrounds, yielding a total of four (04) videos based on publicly available surveillance camera footage [58], [59] with varying characteristics such as colour, motion activity, and spatial details. “Table 15” describes the dataset properties captured from dynamic and static camera devices.

TABLE 15 Properties of the Datasets Used for the Experiments

2) Visual Result

The visual results of applying the Sbox+Chacha20 on the surveillance footage are displayed in “Table 16”. Based on “Table 16”, each video frame was randomly chosen from the dataset videos generated from static and dynamic IoT cameras. The original frames and the naïve encryption with Sbox+Chacha20 are displayed on row 1(a(1-4)) and row 2(b(1-4)) respectively.

TABLE 16 Visual Representation of the Original (O), and Naïve Encrypted (NE) Frames Using Sbox+Chacha20 Cipher

C. Security Analysis of Sbox+Chacha20

This sub-section covers the security paradigm of the Sbox+Chacha20 cipher which is based on the differential attacks.

1) Differential Attacks

The differential attack is a crucial analytical technique for evaluating an algorithm’s cipher-image sensitivity to its original-image when slightly altered. If the cipher-image obtained from the original-image is very different from the cipher-image obtained when there is a pixel alternation in the original-image, then the algorithm is secured and can resist differential attack [60].

A differential attack analysis can be calculated using the Numbers of Pixel Changing Rate (NPCR) and the UACI (Unified Average Changing Intensity) as given in (20) and (21) respectively where ${T}_{p}$ is total pixel, ${VF}_{1}$ is the original video frame pixel encryption, ${VF}_{2}$ is the altered video frame pixel encryption.\begin{align*} NPCR\left ({{{VF}_{1},{VF}_{2}}}\right )& =\frac {{\sum }_{i,j}{D}_{{VF}_{1},{VF}_{2}}\left ({{i,j}}\right )}{{T}_{p}}\times 100\%, \\ D_{VF_{1},VF_{2} } \left ({{i,j}}\right ) & = \begin{cases} \displaystyle 1 & {\quad if\quad VF_{1} \left ({{i,j}}\right ) \ne VF_{2} \left ({{i,j}}\right )} \\ \displaystyle 0 & {\quad if\quad VF_{1} \left ({{i,j}}\right ) = VF_{2} \left ({{i,j}}\right )} \end{cases} \tag {20}\\ \\ UACI\left ({{{VF}_{1},{VF}_{2}}}\right )& =\frac {{\sum }_{i,j} \Big |{VF}_{1}\left ({{i,j}}\right )-{VF}_{2}\left ({{i,j}}\right ) \Big |}{{{T}_{p}}\times 255}\times 100\%. \tag {21}\end{align*} View Source\begin{align*} NPCR\left ({{{VF}_{1},{VF}_{2}}}\right )& =\frac {{\sum }_{i,j}{D}_{{VF}_{1},{VF}_{2}}\left ({{i,j}}\right )}{{T}_{p}}\times 100\%, \\ D_{VF_{1},VF_{2} } \left ({{i,j}}\right ) & = \begin{cases} \displaystyle 1 & {\quad if\quad VF_{1} \left ({{i,j}}\right ) \ne VF_{2} \left ({{i,j}}\right )} \\ \displaystyle 0 & {\quad if\quad VF_{1} \left ({{i,j}}\right ) = VF_{2} \left ({{i,j}}\right )} \end{cases} \tag {20}\\ \\ UACI\left ({{{VF}_{1},{VF}_{2}}}\right )& =\frac {{\sum }_{i,j} \Big |{VF}_{1}\left ({{i,j}}\right )-{VF}_{2}\left ({{i,j}}\right ) \Big |}{{{T}_{p}}\times 255}\times 100\%. \tag {21}\end{align*}

To conduct the differential attack analysis, a single video frame was chosen, one of its pixels was altered and encrypted and then was compared with the original encrypted video frame using (20) and (21) to justify the Sbox+Chacha20 resistance to the differential attack.

“Table 17”, shows that the Sbox+Chacha20 cipher is sensitive to a single pixel change, hence making it robust against differential attacks and suitable for IoT devices.

TABLE 17 Results of Differential Attack Performed on Video Frames Encrypted With Sbox+Chacha20

D. Statistical Analysis

This sub-section examined the statistical analysis such as the correlation analysis, histogram analysis, and the video quality metrics of the Sbox+Chacha20 cipher.

1) Correlation Analysis

Correlation is a measure of the degree to which variables are interconnected or linearly related to each other and it is represented as r as shown in (22), where $x_{i}$ is the original frame, $\widehat {x}_{i}$ is the mean of the original frame, $y_{i}$ is the encrypted frame and $\widehat {y}_{i}$ is the mean of the encrypted frame. When r is +1 then it is perfectly correlated, when $r=0$ then variables are independent with no correction, and when $r = -1$ , then it is inversely correlated.\begin{align*} E(x)& =\frac {1}{N}\sum \limits _{i-1}^{N} {x_{i}} \\ F(x)& =\frac {1}{N}\sum \limits _{i=1}^{N} {(x_{i} -E(x))^{2}} \\ r & = \frac { \sum {(x_{i} - \widehat {x}_{i})(y_{i} - \widehat {y}_{i})}} {\sqrt { \sum {(x_{i} - \widehat {x}_{i})^{2}} \sum {(y_{i} - \widehat {y}_{i})^{2}}}} \tag {22}\end{align*} View Source\begin{align*} E(x)& =\frac {1}{N}\sum \limits _{i-1}^{N} {x_{i}} \\ F(x)& =\frac {1}{N}\sum \limits _{i=1}^{N} {(x_{i} -E(x))^{2}} \\ r & = \frac { \sum {(x_{i} - \widehat {x}_{i})(y_{i} - \widehat {y}_{i})}} {\sqrt { \sum {(x_{i} - \widehat {x}_{i})^{2}} \sum {(y_{i} - \widehat {y}_{i})^{2}}}} \tag {22}\end{align*}

The correlation analysis of the full encrypted video frames with the Sbox+Chacha20 cipher and the original frame is displayed in “Table 18” with a negative result indicating an inverse correlation. Also, performing the vertical, diagonal, and horizontal correlation with the same frame is displayed on “Table 19” where the graph shows an extremely uniform distribution of the encrypted image’s pixel values. This proves the effectiveness of Sbox+Chacha20 cipher to secure multimedia data.

TABLE 18 Video Frame Correlation Analysis

TABLE 19 Graphical Representation of the Correlation Between the Original Frame and the Naïve Encrypted Frame Based on Different Directions

2) Video Quality Metric (PSNR)

The video quality metric evaluated in this paper is the Peak-Signal-to-Noise Ratio (PSNR). The PSNR is defined as the ratio of the maximum possible signal power to the power of the corrupting noise that affects the authenticity of the image representation. The PSNR test was conducted on the decrypted frames to measure the quality disparity between the original video frame and their respective decrypted video frames randomly selected from the full video.

PSNR was calculated using (23), where ${I}_{\text {Max}}$ is the maximum pixel value which is 255, and MSE is the mean square error.\begin{align*} {\text {PSNR}} = 10 \times \log _{10} \left ({{\frac {I_{\text {Max}^{2}} }{\text {MSE}}}}\right ) = 20 \times \log _{10} \left ({{\frac {I_{\text {Max}} }{\sqrt {\text {MSE}}}}}\right ) \tag {23}\end{align*} View Source\begin{align*} {\text {PSNR}} = 10 \times \log _{10} \left ({{\frac {I_{\text {Max}^{2}} }{\text {MSE}}}}\right ) = 20 \times \log _{10} \left ({{\frac {I_{\text {Max}} }{\sqrt {\text {MSE}}}}}\right ) \tag {23}\end{align*}

All the videos used in this manuscript are of datatype $uint8$ which means their pixels are depicted with $8-bits$ per sample to produce a maximum value of 255. The PSNR is measured in decibels (dB).

A PSNR value for an $uint8$ datatype video is calculated as $20 \times \log _{10}(Max\_pixel)$ where the $Max\_pixel$ is the maximum pixel value of the image. In image quality estimation, a PSNR between 30 to $50dB$ is required to ensure good quality for $uint8$ .

Comparing the original video frames with the decrypted video frames, as discussed in “Table 20”, demonstrated that the decrypted video frames maintain the quality of the original video frames, indicating that there was no data loss, and the proposed S-box does not degrade the video quality.

TABLE 20 PSNR Video Quality Metrics Analysis

Furthermore, if there is no data loss between the original and decrypted image, the mean square error (MSE) is zero (0). Hence, the two images are identical since there is no variation between the images, the PSNR in this instance tends to infinity ($\infty $ ).

3) Histogram Analysis

The histogram analysis of a video frame is a graphical representation of the pixel intensity values. It reveals the number of pixels within a video frame at each of the frame’s various intensity values. This analysis can be applied to any type of video frame (greyscale and coloured). Hence, this paper applied the histogram analysis to encrypted coloured video frames. The histogram analysis of an encrypted video frame is uniformly distributed when using a good cipher for encryption.

The histogram analysis was applied on both original and encrypted video frames as evaluated in “Table 21”. “Table 21” a(1-4) represents the histogram analysis of the original video frame which does not match the result of “Table 21” b(1-4) which shows a uniform distribution making Sbox+Chacha20 a competent cipher for encryption.

TABLE 21 Histogram Analysis of the Original (O) Frames and the Naïve Encrypted (NE) Frames With Sbox+Chacha20

E. Comparison of Sbox+Chacha20 With the Sota Ciphers

This sub-section compared the performance of SOTA ciphers with the Sbox+Chacha20 cipher on the dataset videos using the entropy analysis, number of pixel changing rate (NPCR), unified average changing intensity (UACI), and computational timing. The SOTA ciphers considered in this paper are Chacha20 and AES Cipher Feedback (CFB) mode.

1) Entropy Analysis

The entropy analysis estimates the information content of a video frame, by measuring the amount of randomness or uncertainty present in it. An encrypted image entropy increases with increasing pixel randomisation. An entropy is computed on a greyscale level giving eight (8) as its ideal entropy value. When encrypted image entropy is closer to 8 then the image information can not be leaked. The entropy of the encrypted video frame was calculated using (24) where $p(i)$ is the chance of a pixel having grey level i, and the number of grey levels is represented by x.\begin{equation*} \mathcal E(Y) = - \sum _{i=0}^{x - 1} p(i)\log _{2}p(i). \tag {24}\end{equation*} View Source\begin{equation*} \mathcal E(Y) = - \sum _{i=0}^{x - 1} p(i)\log _{2}p(i). \tag {24}\end{equation*}

“Table 22” analysed the entropy results of the randomly selected encrypted video frames from the dataset videos with the Sbox+Chacha20 cipher having higher randomness when compared with other SOTA ciphers.

TABLE 22 Entropy Results of Sbox+Chacha20 and SOTA Stream Ciphers

2) Number of Pixel Changing Rate (NPCR)

The Number of Pixel Changing Rate (NPCR) is a method for testing the sensitivity of cipher-images when a single pixel of a plain-image is altered and when the plain-image is not altered before encryption. The NPCR is computed using (20) and a result of ≥ 99 is considered highly sensitive.

The sensitivity of the proposed Sbox+Chacha20 cipher and other SOTA ciphers were measured with NPCR by randomly modifying a pixel value of a selected random video frame before encryption and hence comparing the result of the modified encrypted video frame with the unmodified encrypted video frame. These results are analysed in “Table 23” showing only Sbox+Chacha20 cipher has values $\ge 99$ .

TABLE 23 NPCR Results of Sbox+Chacha20 and SOTA Stream Ciphers

3) Unified Average Changing Intensity (UACI)

The Unified Average Changing Intensity (UACI) is a technique for measuring the relative intensity of cipher-images when a plain-image is not changed, and when a single pixel of a plain-image is changed. The UACI is calculated using (21) and a result of ≥ 33 is acceptable.

The UACI of the proposed Sbox+Chacha20 cipher and other SOTA cipher was applied on some randomly selected video frames and their results are discussed in “Table 24” with Sbox+Chacha20 cipher having higher result than the other SOTA ciphers.

TABLE 24 UACI Results of Sbox+Chacha20 and SOTA Stream Ciphers

4) Computational Cost Analysis

In this paper, the execution time taken to perform encryption on the video frames in the video dataset using Sbox+Chacha20 and other SOTA ciphers was evaluated as the computational cost analysis. As shown in “Fig. 2”, the execution timing was measured in Microseconds ($\mu $ s) and the Sbox+Chacha20 cipher has a lower execution timing when compared with the AES-CFB cipher.

FIGURE 2.

Computational cost analysis using Sbox+Chacha20 and other SOTA ciphers on dataset videos.

Show All

Comparing the Sbox+Chacha20 cipher with the Chacha20 cipher, the execution timing of the Sbox+ Chacha20 cipher increased minimally. This proves that the implementation of the proposed S-box with existing ciphers will have a minimal effect on their execution times.