A Strong Hybrid S-Box Scheme Based on Chaos, 2D Cellular Automata and Algebraic Structure

Substitution-boxes are the main deciding components in symmetric-key cryptosystems for resisting many cryptanalytic attacks. It has been a challenging task for the designers to construct strong S-box which satisﬁes multiple cryptographic properties simultaneously. A number of S-box studies have been investigated in literature; but, the generated S-box found to exhibit one single property with good score. This paper proposes a novel creation of S-boxes which possess excellent scores of multiple cryptographic properties instead of only one property. The suggested hybrid S-box method explores the science of two-dimensional cellular automata theory, discrete chaotic maps, and algebraic group structure. The proposed anticipated 8 × 8 S-box holds excellent security performance features such as: minimum nonlinearity as high as 110, no ﬁxed points, satisfaction of strict avalanche and bits independence criterions, differential uniformity as low as 6, linear approximation probability as low as 0.0703, and auto-correlation function (absolute indicator) of 40. The performance comparison indicates the proposed S-box has superior features, greater inherent security and robustness strength than many available state of the art S-box methods.


I. INTRODUCTION
Due to the rapid progress in online communication and data transferring, the importance of security mechanisms is increasing manifold. It is of utmost importance to secure the important data in transit, across networks. The cryptography algorithms are employed for the same purpose, as they provide the required security over the insecure channels of network [1]. Symmetric cryptosystems have been the most critical of cryptography to realize security mechanisms for last many decades. It was only in 1949 that Shannon introduces the notion of modern cryptography. There are various block cryptosystems namely Data Encryption Standard, BLOWFISH, and Advanced Encryption Standard, etc. and The associate editor coordinating the review of this manuscript and approving it for publication was Wei Huang . these rely on the two important concepts of Confusion and Diffusion introduced by Shannon [2]. Making the association between the ciphertext and the key as convoluted and difficult as possible is referred to be confusing, and the goal is to prevent anyone from understanding the key by simply getting the ciphertext. Diffusion is the procedure of decreasing the influence of a single plaintext piece on several encoded text in order to mask the plaintext's statistical redundancy. To create an encrypted text, a block cipher iteratively operates the process to retrieve multiple effects of confusion and diffusion properties. The most famous block ciphers in the field to employ this method are Data Encryption Standard (DES), BLOWFISH, Advanced Encryption Standard (AES), GOST, etc. The most potent attacks against these block encryption algorithms are linear and differential cryptanalyses [3]. The primary goal of a differential attack is to extract patterns from VOLUME 10, 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ encoded data, and to do this, the assailant uses a certain set of inputs to track changes in output. Goal of a linear assault is to identify a linear relationship between plain text, cipher text, and the accompanying keys. The confusion component is entirely accountable for furnishing resistance to these two attacks as well as for creating a randomized association between the ciphertext and the key [4]. Substitution-box (S-box), the block cipher's confusion mechanism, converts k input bits into m output bits. The dynamic components of block ciphers that cause confusion by making nonlinear transformations of inputs into outputs are the S-boxes. A cryptosystem must have S-box(es) that can produces great nonlinearity effect and robustness to related attacks [4], [5].
The success of the AES block cipher and its substitution box has been greatly aided by the development and enhancement of ideas devoted to the creation of S-boxes [6]. They involve methods of algebraic tactics, optimization, the chaotic function as well as structures, and other techniques, and they are stable. The creation of efficient S-boxes with varying sizes is a challenging subject. One of the primary motives for this issue is the size of the enormously large search space. In order to establish a reliable frame of an S-box that can yield useful S-boxes, meta-heuristic optimization approaches have been developed in recent past [7]. S-boxes are the main building blocks of symmetric block ciphers to implement substitution process. For encryption methods to achieve the notion of complete security, S-boxes, are essential. An S-box usually receives m input bits, and transform inputs into n output bits, is said to known as an m × n S-box is the transformation function of bits S (x) : B m → B n , where B = [0, 1] m . It transforms nonlinearly each m-bits binary input values 2 m to the n-bits binary output values 2 n . It can be actualized as a look-up table with 2 m words of n-bits each, where m may or may not be equal to n. The case when m = n leads to a bijective S-box and it acts as a one-to-one mapping from set of input streams to set of output streams. The bijective S-boxes correspond to a permutation sequence of [0, 1, 2, .., 2 n -1]. Consequently, they have a theoretical state space of (2 n )! which is more than 10 506 for 8 × 8 S-boxes [8].
Literature reveals that chaotic systems have been extensively explored to generate the S-boxes. With an aim to create safe S-boxes that can withstand linear, differential, and algebraic attacks, the schemes based on chaotic maps have been demonstrated. Using a Lorenz chaotic system, Ozkaynak and Ozer [9] produced secure S-boxes. Using chaotic maps and a genetic algorithm, Wang et al. [10] suggested an S-box scheme. A chaotic map iterative S-box generator was proposed by Yin et al. [11]. S-boxes were produced by Lambi'c [12] using an enhanced 1-dimensional discrete chaotic map. S-boxes were produced by Ozkaynak et al. [13] using a fractional-order chaotic Chen system. Dynamic S-boxes were designed by Cassal-Quiroga and Campos-Canton [14] using an enhanced logistic map. Tanyildizi and Ozkaynak [15] created S-boxes with respectable algebraic and differential features using an optimized one-dimensional chaotic map. El-Latif et al. [16] created a cryptographically robust S-box using quantum walks and chaos induction. But, the sole use of chaotic systems for their generation involves some demerits. The chaos based S-box designs have the shortcomings such as: (1) they are computationally intensive making the keydependent S-box generation a time-consuming process, and (2) most of them involved continuous-time systems which suffers from precision errors when digitized and a slight change in value drastically affect the future dynamics of such systems, and (3) they are also have complex hardware implementations. Hence, the researchers have been investigating different methods and alternatives to strengthen the S-boxes features, the techniques explored are: algebraic theory such as group and rings [17], cellular automata [18], cubic fractional transformation [19], and elliptic curve [20]. An S-box is deliberate in [21] with the help of LFT (linear fractional transformation) and a Gaussian distribution. For generating the S-box, the Box-Muller transform, polarisation decision, and central limit algorithm are applied. The authors of [8] presented a technique for producing nonlinear n × n S-boxes (for n < 8). Basha et al. explored the DNA computing and Bent function concepts to yield S-boxes for image encryption application in [22]. Farhan et al. applied the features of RNA computing approach to generate multi-S-boxes in [23]. However, the majority of S-box designs do not produce findings that are statistically significant.
A number of significant attempts have been made by few researchers to apply different forms of elliptic curves to generate the S-box with less computational overheads. To this end, Azam et al. in [24], constructed efficient S-boxes based on the class of Mordell elliptic curves (MEC) over prime fields. Ibrahim and Abbas in [25] presented an elegant construction method for strong S-box design with the help of key-permuted finite elliptic curves which is suited for real-time applications. In [26], authors made use of ordered Mordell elliptic curve to generate the efficient S-boxes with less time and space complexities for quicker generation operation. Hayat and Azam in [27], suggested an S-box construction approach for use in image encryption application. Their scheme applied exhaustive approach to generate points of finite elliptic curve which are utilized to obtain a randomized S-box. In [28], an image encryption scheme is suggested using quasi-resonant triads which are utilized for PRNG design to compute MEC meant for S-box construction. The constructed PRNG and S-box are applied to perform the diffusion and confusion during encryption process. Subsequently, the development of a substitution box possessing excellent cryptographic characteristic is the most important part of any cryptographic system. The cryptographers have been investigating different concepts in order to achieve following performance objectives while designing 8 × 8 S-boxes. This paper put forward a novel S-box creation scheme which is hybrid in the sense that it explores the features of 2-D cellular automata, chaos theory, and algebraic theory. The initial S-box is obtained with the help of discrete chaotic maps and working of cellular automata. The performance augmentation is carried out by applying the action of experimentally designed a specific algebraic group whose action results into strong S-box. The constructed S-box has excellent security and robustness features as evident by the performance comparison analysis.
In what follows, we prepared the different sections as follows: Section II provides some insight of cellular automata concepts that are relevant to the proposed S-box generation work. The proposed scheme of S-box design procedure using 2-D cellular automata, two discrete chaotic maps, and algebraic group structure is pronounced in Section III. The security assessment and comparison analysis of the projected S-box is done in Section IV. The work is concluded in Section V.

II. CELLULAR AUTOMATA
The mathematical model of Cellular Automata (CA) was probed by John von Neumann and his collaborator Stanisław Ulam [29]. It is a simple system wherein the states, space, and the time instances are discrete. The structure of the CA is regular, it has feature of parallelism, and cells interact locally to imitate random-like phenomenon. The structure of the cellular automata is investigated as the distinct mesh section of cells where value can be either 0 (off) or 1(on) for every cell. Cellular automata also can be seen as grid or network of cells or as arrays of cells where each cell stores single information bit. Every cell of automata adjusted autonomously by advancing the distinct time stamp. The use of the progress function to each cell in the network prompts the accompanying 'age' for the framework. In spite of the fact that these functions rely on their state of input, but each cell accompany the similar guideline or Rule in terms of cellular automata to determine the transition to next state. An underlying situation (t = 0) is chosen by allotting a situation for every cell. Another age is made (propelling t by 1), as indicated by some settled Rule (for the most part, a function) that decides the new situation or state of every cell as far as the present condition of the cell and the conditions of the cells in its neighborhood. Regularly, the administering Rule for refreshing the situation of cells is similar for every cell and not changing after some time and is connected to the entire lattice. Here S i (t) denotes the state of i th cell at t th instant of time. In similar manner at time (t + 1) th instant state of the automata can be denoted as , the numbers of neighbors depends on the neighbor radius. Here only one neighbor before the i th cell and one neighbor after i th cell has been considered, and this is called neighbor with radius 1. The state of the automata: where, X t = automata state at time instant t X t+1 = automata state at time instant (t + 1) S i (t) = i th cell state at time stamp t S i (t + 1) = i th cell state at time instant (t + 1) One-dimensional CA is the elementary case of the cellular automata. It can be simply represented as one-dimensional array of cells. Assume an automata of length N , and the radius r = 1. Then, the neighborhood of any i th cell can be defined as n i = 2r + 1 cells, counting the i th cell itself. Considering a limited size CA and with closely wrapped boundary, then a circular grid is formed. For a 1-D CA of length N and r = 1, the following statistics hold: If cell state value is represented as a state table (see Table 1), then decimal value to the binary number is termed as Rule of the CA. Three bits binary number can have 8 possible arrangements and each arrangement can have either 0 or 1 possible value at next step. This will provide the rule for updating the cell of automata. A two-dimensional CA is represented as a 2D lattice of cells. Each cell may depict finite states which are updated in discrete time instances as per the specified CA rule. In 2D CA, the next state automata cells value relies upon every VOLUME 10, 2022 one of its neighbor's cells value around it in 2-D lattice. The significance of the 2D CA is evident from its usage in vast applications which include pattern testing, encryption methods design, image processing, bioinformatics, compression, intrusion detection systems, etc., [30]. The two-dimensional CA that includes an entire framework of cells with the information bit of every cell being refreshed by a rule that relies upon its neighbors in each of the four heading as shown in Figure 2. Von-Neumann technique is one of the generally utilized neighborhood definition techniques. Figure 2 represents the Von-Neumann neighbors of a green color cell, here considered cell is of color green and its neighbors are in shown in grey shade. Von Neumann defined the neighborhood [31] in horizontal and vertical direction only. Number of neighborhood cells may depend on neighborhoods radius r, but only that cell will be taken which present either in vertical or in horizontal direction to the updating cell. Neighborhood radius r can be any integer, r = 1, 2, and so on.

III. PROPOSED S-BOX SCHEME
The proposed scheme utilized 2-D cellular automata, discrete chaos, and algebraic group structure to design the S-box for excellent cryptographic properties. To start with good randomness throughout the automata, the two-dimensional CA is initialized with the help of PWLCM chaotic map. This randomly initialized 2-D CA cells will be updated later using rules of automata for specified count of iteration.

A. INITIALIZATION
The CA initialization is the first step to have a table, so that it could be changed later. Here, a simple system is used to define random function to get the initial value for lesser complexity and time efficient as well. Initialization would affect the result of the final S-box because all initials value will be replaced by the calculated value of defined sliding window value. In the suggested method, an 8 × 8 S-box is initialized using the system based function with random values. As a matter of the fact, the beginning value has vital impact on the optimization process. Keeping in mind the end goal to get automata with initial random values, it is important to begin with initial automata. To get pseudo random number with good randomness, there are many chaotic maps which can be used to do so. To initialize the two-dimensional automata PWLCM chaotic map is used. The PWLCM map is defined as follows.
where, p = 0.49876; x = 0.12345 be the initial setting for the map. The PWLCM shows chaotic behavior when parameters value lies inside the range (0, 0.5) and its beginning constraint selected inside the range (0, 1). We are initializing the 2-D automata using PWLCM dependent procedure. All entries e of automata will be in binary form i.e. either 0 or 1 using the following predefined condition.
where, x if the chaotic variable generated from PWLCM map after iteration. The size of the two-dimensional automata S will be of a × a, Let where, a is size of row and column of the automata, and n is size of S-box i.e. n × n.

B. DEFINING NEIGHBORHOOD CELLS USING VON NEUMANN TECHNIQUE
The Von-Neumann method is used to define the neighbors (see Figure 5) of any cell of our two-dimensional cellular automata. To define the rule number for updating the cell at next state at time instant t + 1, there should be some sequence, order and indices for each cell. The cell indices are defined in i and j, where i denotes the row number and j denotes the column number of cell located at (i, j). Below Figure 5 describes the over layout of the all neighbors of the cell (i, j) along with indices of neighbors of cell at (i, j).

C. RULES GENERATION AND CELL UPDATING
Rule generation in CA is the most crucial part of cellular automata theory. Different rules can produce different output for the same initial value of cellular automata. The CA rules are responsible for increased power and beauty of cellular automata working. It is evident that there are at most 256 rules for 1-D CA. However, in 2D CA the cell (i, j) updates its value at time stamp t + 1, depending on the value of its previous state, its neighbor's previous state values, and the rule. These updates can be also seen as Boolean function dependent. A Boolean function is a mapping as f : {0, 1} n → {0, 1}. The cell state updates can be represented through the following local rule:

D. WINDOW SELECTION
The window selection operation enables the algorithm to decide the element of the anticipated S-box. Therefore, it is considered as one of the most main aspects of the proposed scheme. Through window selection operation, the value of S-box cell is calculated from two-dimensional automata binary cell values. Sliding window technique is used to fill the next cell value of S-box. To obtain the value in range (0, 256), we need 8-bits, hence a 2 × 4 window has been implemented to fulfill the 8-bits requirement.
Window initialized at position (0, 0) of automata to calculate the value of S-box cell and the value is appended to S-box table. To get next value, the window is shifted two positions in the right direction, and the calculated value is searched in S-box, if value is already present in S-box table then value is rejected else it is appended, and the window is further shifted. Suppose window has reached at right bottom corner of automata then update function is called to refresh the automata and remaining values are calculated in same fashion. In this way, it computes all required 256 unique values of 8 × 8 S-box table by sliding or shifting its position from left to right and top to down as per requirements. VOLUME 10, 2022 The diagram shown in Figure 8 demonstrates the working of sliding window method used in the proposed scheme.

E. S-BOX VALUE GENERATION FROM WINDOW
This section describes how decimal values are being calculated from 2 × 4 window. Rows of current window are taken in linear order i.e. row with index 1 is appended after the row with index 0, and then decimal equivalent number of 8-bits binary number is computed. Figure 9 demonstrates this diagrammatically, taking first window of Figure 8 as an example.
The suggested S-box scheme has several parts. In the first part, an empty S-box is generated. In second part, a 2-D cellular automaton is generated using PWLCM map. The automata iterated further to have excellent randomness by predefined number of times. In third part, a sliding window method is used to calculate the S-box values from 2-D automata, this calculated value is compared with pre-existing value of automata, if matched then window slides to calculate new unmatched value. If calculated value not matched, then value is appended in S-box. The working of proposed method is described below as: 1. Initializing the 8 × 8 S-box with random values using.
These random values will be substituted by other calculated values of the S-box using 2-D cellular automata.

A chaotic map is used to initialize the 2-D CA table.
3. Function is defined to generate the desired output bit of the defined rule. This function produces the desired bit to update the next state of the cell. 4. Function is defined to update the initial automata to desired number of time. It is the function which iterates predefined number of time to update the 2-D CA. 5. Another function is called to update the initial S-box value, with calculated value from the automata using sliding window protocol. 6. After completion of all the above process we get our desired substitution box with excellent non-linearity and other cryptographic characteristic of substitution box. Table 2 presented below provides generated substitution box of size 8 × 8 having nonlinearity 107.0 is produced from proposed algorithm. Further analysis of this substitution box is done in next section.

F. PROPOSED GROUP STRUCTURE AND ACTION
The usefulness of algebraic theory for the design of S-boxes has been evolved after the success of the AES S-box [32].
There have been proposals for the S-boxes which are based on algebraic structures. Unfortunately, the S-boxes which are purely algebraic technique based are found to be prune to algebraic attacks. Therefore, there is need to mix the concepts of chaos, CA, and algebraic technique which can complicate the works of attackers to make algebraic attacks infeasible. Moreover, there is very limited work which has focused on the improvisation of an S-box with the help of the action of effective algebraic structure. This requires efforts to construct the strong algebraic structure whose action results in the improvisation of S-boxes security strength. On this line, we have designed a hybrid method to construct final S-box with excellent security performance. The proposed method involves the design and action of an algebraic permutation group which has the efficacy of augmenting the cryptographic features of the S-box. Here, a suitable algebraic structure is designed, after rigorous experiments and experiments, whose action on the S-box yielded by 2-D CA enhances the security strength of the S-box. In what follows, the description of the obtained algebraic group and its action are presented.
We designed an algebraic permutation group ''G = C 93240 × C 180 ×C 30 ×C 30 '' of order 15104880000 having following eight generators.   This permutation group is applied to update the S-box shown in Table 2. The action of the suggested permutation group on the elements of the S-box generated another S-box which is found to possess strong security features compared to the seed S-box. The complete process of the proposed scheme is shown in Figure 10. The S-box retrieved after the action of proposed algebraic group is displayed in Table 3.

IV. PERFORMANCE ANALYSES
The recital accountability of the anticipated method and S-box is conducted in this section. The known standard security parameters are adopted to assess the features of the S-boxes. The results outcomes are also compared with many prevailing S-boxes methods investigated recently in the literature.

A. NONLINEARITY
Block ciphers typically employ an S-box to offer a nonlinear transition from confidential information to encrypted information. The most crucial component of all the security VOLUME 10, 2022  measures is the nonlinearity provided by the cipher [33]. In order to lessen the impact of linear cryptanalysis, block ciphers have robust immunity and nonlinearity. In reality, for an 8-bit Boolean function, Walsh spectrum utilized to estimate the nonlinearity of f as shown in [34]. where, It is to note that x.z denotes the bitwise dot product. The NLs (nonlinearities) for the suggested S-box are found to be 110, 112, 110, 110, 112, 110, 112 and 110. It shows an excellent nonlinearity performance statistics of the anticipated S-box that the least, maximum, and mean values are 110, 112, and 110.75, respectively, which are considerably high scores. However, the S-box prior to group action has an average score of 107.0 with the minimum value of 102 only, as listed in Table 4. All nonlinearities of final S-box are evidently fairly high and greater than or equivalent to 110. This demonstrates the pronounced capability of the suggested S-box to provide high nonlinear transformation to defend against related attacks [35].

B. DIFFERENTIAL UNIFORMITY
To determine the ability of an S-box to withstand prospective differential cryptanalysis, the metric of differential uniformity is taken into account. It is a specific plaintext attack designed by Biham and Shamir to attack block ciphers similar to DES [36], [37]. Whenever an input differential is a = XOR(a i , a j ), the differential uniformity (DU) reflects the highest probability of producing an output differential b = XOR(b i , b j ). This process establishes the XOR (differential) distribution between the S-box's inputs and outputs. In mathematics, it is expressed as: To withstand the differential attack of Biham and Shamir, the S-box must have a DU value as low as feasible. It is determined as the biggest value of the differential distribution table. In Table 5, the potential I/O XOR differential scattering for the anticipated S-box is presented. The Table reveals that the largest count in the entire differential scattering is 6 which occur in the distribution only 4 times. However, Du of the S-box prior to group action was 10.

C. STRICT AVALANCHE CRITERIA
The strict avalanche standard as imperative for strong S-boxes was acquired by Webster and Tavares [38]. To fulfill SAC criteria in S-boxes, the reversing of one bit of vector which gives input must prompt fifty percent of change in the vector which gives out. Because half avalanche is important to lessen any sort of correlation between I/O mix and neglects to spill the sensitive data. A SAC value nearer to 0.5 is constantly seen as respectable. To confirm SAC, Webster and Tavares gave a procedure for computing the dependency matrix as mentioned in [38]. The dependency matrix for the projected S-box displayed in Table 6 is obtained. The dependency matrix reveals that every entry of the table is quite close to 0.5. This matrix has an average score of 0.5012 which signifies the proposed S-box fulfills the strict avalanche criterion well as it is very near to ideal score of 0.5. Hence, the S-box satisfactorily has good avalanche effect.

D. BITS INDEPENDENCE CRITERIA
One of the equally critical criterions for strong S-boxes is bits independence criterion. A strategy to test BIC was recommended by Adams and Tavares [39]. Supposing, the Boolean function's component of a 8 × 8 S-box are f 0 , f 1 , . . . , f 7 . It is said that the S-box meets BIC, the Boolean functions XOR(B j , B k ) (j = k and 0 ≤ j, k ≤ 7) ought to be exceptionally VOLUME 10, 2022   Table 7. The average score of BIC as for nonlinearities are found as 111.28 which appear to be excellent and better compared to the S-box score before the group action which was 103.57 only. Hence, the BIC score for proposed S-box verifies the fantastic performance as far as fulfillment of bits independent criterion is concern.

E. AUTO-CORRELATION FUNCTION
Assuming that A(t) and B(t) are the Boolean mappings. Their correlation is symbolized asĈ AB (x) and mathematically expressed as [40]: However,Ĉ AA (x) represents the auto-correlation function (ACF) for mapping A(t).Ĉ AA (x) is the squares of elements of spectrum of A(t) responsible for the elements of the spectrum of ACF. The ACF for A : GF(2 n ) →GF(2 n ) is denoted bŷ R A (x) which has the following algebraic formulation.
For an S-box exhibiting better diffusion effect, the lower score of ACF is appropriate [40]. The proposed S-box after group action found to have an ACF score of 40 only which is sufficiently better than the ACF of the S-box before the group action where it was 104.

F. LINEAR APPROXIMATION PROBABILITY
The strategy for linear approximation probability (LAP) is useful in computing the unevenness of an event. Matsui in [41] presented the largest probability showing the unevenness of an event accounted with the assistance of the examination. There should be no distinction of bits uniformity among output and input. Every one of the input bits along its outcomes in output bits is analyzed independently. On the off chance that every one of the input components are 2 8 , D is the set of all potential inputs and the masks functional on the correspondence of output and input bits are individually w x and w y , then, at that point, most extreme linear guess is the greatest number of similar outcomes which is determined as shown in Eqn (4).
The fact that that S-box is more competent to resist against linear cryptanalysis attack is because of the lower value of LAP. Following the definition of LAP, the proposed S-box found to have an LAP score of 0.0703 only this is considerably improved score after the group action as prior to group action LAP was 0.1406. Hence, LAP analysis shows that final S-box has superior capability to repel linear cryptanalysis than S-box we had before group action. The performance features other than nonlinearity of S-boxes we have prior and post group action are provided in Table 8 to make evident the effectiveness of proposed permutation group action and excellent security forte of the final S-box.

G. COMPARISON ANALYSIS
Researchers have been investigating different methods to spawn cryptographically tough S-boxes for the last two decades. Eventually, a number of proposals came up to fulfill the research goal based on chaotic systems, algebraic approaches, number-theoretic concepts, meta-heuristics, and other random design strategies. Hence, it is rational to assess the performance of any new S-box against the security features of existing S-boxes studies [16], [42], [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53], [54], [55], [56], [57], [58], [59], [60]. Therefore, the features of suggested S-box are compared with some of the state of the art and recently investigated S-box methods. The comparison analysis is based on the Table 9 maintained for this purpose. Table 9 consists of some well-known and recently investigated S-box studies whose design concepts are based on chaos, elliptic curve, algebraic method, meta-heuristics, and their combinations.
In almost all S-box studies, it has been found that nonlinearity has been deliberated as the main focused performance parameter while scheming S-boxes [61]. Due to which the generated S-box have high nonlinearity but other performance parameters don't have good enough scores which might make the S-box susceptible to attacks other than linear attacks. Hence, it necessary to generate S-box which should have good score on all other parameters as well in addition to nonlinearity to make it tough and robust. The comparison study made in Table 9 reveals that the anticipated S-box has superb nonlinearity feature compared to almost all S-boxes of the Table. As the proposed S-box has minimum nonlinearity of 110 with an awesome average of 110.75, thereby enabling the S-box to offer high nonlinear transformation of plaintext to ciphertext during substitution phase in block cryptosystems. In addition to high nonlinearity feature, the XOR distribution analysis of our S-box shows a decent value of differential uniformity which is 6 in our proposed case. This DU score is the lowest among all the scores presented in the Table 9. Hence, it can be clearly stated that the suggested S-box offers quite better robustness and resistance to differential cryptanalysis than the other recently investigated S-boxes. The SAC of the proposed S-box is found as 0.5012 which is comparable to all other SAC values of the Table, thereby  indicating that S-box suitably satisfies the SAC criteria. The bits independence analysis showed that the BIC-NL value for the projected S-box is 111.28 which is pretty higher and better among the many existing S-boxes. To withstand the Mitsui's linear cryptanalysis effort, it is mandatory for the S-box to exhibit lower linear approximation probability. Our S-box has LAP of 0.0703 which is lowest compared to of all other S-boxes LAP scores. Hence, the projected S-box also has improved ability to mitigate linear attacks. The autocorrelation function or the absolute indicator is also another equally crucial performance parameter to gauge the security and diffusion ability of the S-box. The projected S-box found to have an excellent ACF score of 40 which is best among all other S-boxes of the comparison Table 9.

H. S-BOX APPLICATION
It is prudent to assess the security performance of generated S-box on cryptographic application. Here, the generated S-box is applied to assess its suitability and feasibility for encryption applications on benchmark Lena plain-image of size 256 × 256. This plain-image is shown in Figure 11 along with its histogram and adjacent pixels correlation plot. Obviously, the plain-image is having non-uniform distribution of its pixels and the adjacent pixels are highly correlated to each as evident from their respective plots. The encryption method based on S-box suggested in Ref. [62] is applied to encrypt the image using proposed S-box. The encrypted image obtained using proposed S-box is shown in Figure 12. The same figure also presents the histogram and correlation among adjacent pixels of the encrypted image. It is clear from the encrypted image that it has excellent visual distortion as the image is noise-like and it is difficult to visually recognize the plain-image. Moreover, the histogram shows that the pixels distribution in the encrypted image are fairly uniform as the histogram is quite flat, and the adjacent pixels are not correlated to each unlike plain-image.
We have also evaluated the majority logic criteria (MLC) parameters to quantify the encryption performance statistically. Readers are advised to refer to the Ref. [62] for MLC description. The results of MLC analysis are provided in Table 10. The obtained MLC results are also compared with similar kind of S-box based encryption scheme to fairly assess the level of performance. We can see that the obtained MLC parameters scores are pretty better than scores obtained for plain-image and encryption scheme investigated in [63]. Thus, the analysis confirms the acceptable performance of our S-box for image encryption applications. Apart from image encryption applications, several other applications of S-box have been also investigated such as watermarking, steganography, hash functions, and pseudo-random number generations, etc.

V. CONCLUSION
A cryptographically strong S-box must have excellent cores of almost all performance parameters. Existing methods main focused on improvising only one parameter which is nonlinearity in most of the investigations which neglects the improvisation of other and equally significant parameters. This paper reported a hybrid method which is based on the features of chaos, 2-D cellular automata, and algebraic approach as well. Initially, an S-box is produced with the help of chaos and 2-D cellular automata. The security features of obtained S-box are augmented with the help of a suggested permutation group action. The proposed method aims to generate a cryptographic strong S-box which possesses near perfect scores of most of the performance parameters. The minimum NL of 110, DU of 6, BIC-NL of 111.28, LAP of 0.0703, and ACF of 40 are the features of the proposed S-box. The comparison analysis revealed that proposed S-box exhibits considerably better security strength and robustness as compared to many recent and other S-boxes, thereby confirming the suitable conduct of proposed method for strong S-box candidates design for usage in secure block cipher implementations.
AMIRUL HAQUE received the B.Tech. degree from the Maulana Azad National Institute of Technology, Bhopal, India, in 2015, and the M.Tech. degree from the Department of Computer Engineering, Jamia Millia Islamia, New Delhi, India, in 2018, where he is currently pursuing the Ph.D. degree with the Department of Computer Engineering, in the area of GPU based intrusion detection and prevention. His research interests include cyber security, machine learning, and GPU computing.
TABARAK ALI ABDULHUSSEIN was born in Iraq, in 1990. She received the B.Sc. degree in software engineering from Madenat Alelem University, Iraq, in 2013, and the M.Sc. degree in computer science from the University of Baghdad, Iraq, in 2021. She is currently a Lecturer at the Department of Accounting, College of Administrative and Financial Science, Imam Ja'afar Al-Sadiq University, Iraq. Her current research interests include medical image processing, neural networks, machine learning, the IoT, wireless sensor networks, network mobility management, fog computing, and information security.
MUSHEER AHMAD received the B.Tech. and M.Tech. degrees from the Department of Computer Engineering, Aligarh Muslim University, India, in 2004 and 2008, respectively, and the Ph.D. degree in chaos-based cryptography from the Department of Computer Engineering, Jamia Millia Islamia, New Delhi, India. From 2007 to 2010, he has worked at the Department of Computer Engineering, Aligarh Muslim University. Since 2011, he has been working as an Assistant Professor at the Department of Computer Engineering, Jamia Millia Islamia. He has published over 100 research papers in internationally reputed refereed journals and conference proceedings of the IEEE/Springer/Elsevier. His research interests include multimedia security, chaos-based cryptography, cryptanalysis, machine learning for security, image processing, and optimization techniques. He has more than 2300 citations of his research works with an H-index of 30, i-10 index of 65, and cumulative impact factor of more than 200. He has been listed two times among World's Top 2% researchers in studies conducted by Elsevier and Stanford University, in 2021 and 2022. He has served as a reviewer and a technical program committee member of many international conferences. He has also served as a Referee for some renowned journals, such as