Redesigning the Serpent Algorithm by PA-Loop and Its Image Encryption Application

This article presents a cryptographic encryption standard whose model is based on Serpent presented by Eli Biham, Ross Anderson, and Lars Knudsen. The modification lies in the design of the Cipher, we have used power associative (PA) loop and group of permutations. The proposed mathematical structure is superior to Galois Field (GF) in terms of complexity and has the ability to create arbitrary randomness due to a larger key space. The proposed method is simple and speedy in terms of computations, meanwhile it affirms higher security and sensitivity. In contrast to GF, PA-loop are non-isomorphic and have several Cayley table representations. This validates the resistance to cryptanalytic attacks, particularly those targeting mathematical structures. This cryptographic scheme’s full description of encryption and decryption is measured and rigorously assessed to support its multimedia applications. The observed speed of this technique, which uses a key of 256 bits and a block size of 128 bits, is comparable to three-key triple-DES.


I. INTRODUCTION
Extensive deployment of soft computing devices has changed the overall communication pattern around the globe. All these devices are connected via internet relying on unsecure medium. The exponential growth of soft computing devices has got some disadvantages like insecure communications, violation of copyright protection and alteration in valuable information. Even the communication in terms of images is also exaggerated by such threats. Generally, to reduce the impact of these, encryption is considered a healthier tactic to attain the higher security level. For that reason, image encryption has achieved extensive importance in Internet communication, medical imaging, multimedia systems, telemedicine etc.
Encryption schemes are usually categorized in two main divisions, spatial domain and frequency domain. The permutation of positions, transformation of pixel values and their The associate editor coordinating the review of this manuscript and approving it for publication was Wei Huang . amalgamation is used in spatial domain. Literature reveals many encryption schemes in this domain, but the prominent schemes keeping [1] in mind are 2D cellular automatabased methods [2], tree structure-based schemes [3], and chaos based cryptosystems [4], [5], [6], [7]. In [8], quad tree structure is used for encryption which in result reduced the processing time of both encryption and decryption. But it has not gained space in international standards. Similarly, many chaos based schemes [10], [11], [12] are proposed due to specific attributes like sensitivity to initial conditions, randomness, ergodicity and complex bifurcation pattern. Certain loopholes appearing in such cryptosystems can be minimized by using higher dimensional chaotic systems. Usual encryption schemes based on chaotic maps generally uses two processes i.e. substitution and diffusion, that are iterated for a certain value. Pixels of images are substituted by the outcomes from chaotic maps which are altered in diffusion stage by a certain sequential rearrangement. One small alteration in pixels results in total dissimilar output after certain iterations. Such kind of schemes are very common in literature [13].

A. RELATED WORK
There are some techniques that make use of their own proposed structure. Still speed and security is an issue in such schemes. These drawbacks create space for new cryptosystems.
After spending a successful period, DES [14] algorithm at the start of 21st century lost its popularity. The first allegation on it was of shorter key length i.e. 256 bit key, which can be traced by exhaustive key search in ever increasing growth of fast computing devices. Although, this was addressed by introducing triple DES. But another objection was its application in software encryption, although its creation was designed for hardware enciphering.
Due to this drawback, NIST in US welcomed the new and vibrant inheritor algorithm, which was later called as advanced encryption standard (AES) [40]. The distinction of AES on predecessor was due to the two reasons, first it was speedy enough to cope up with new technological development of 21st century and meanwhile it did not compromise on security.
Image encryption using block cipher-based serpent algorithm is presented in [15] A proposal algorithm for images protection is depending on the block cipher serpent algorithm in Feistel network structure. Then another scheme for the improvement of serpent algorithm and design to RGB image encryption implementation is present in [16].
Our remaining manuscript is structured as follows: Section II presents the fundamental introductions, the algebraic structure of PA-loops, and the synthesis of our suggested S-boxes. The purpose of Section III is to evaluate the effectiveness of the recently proposed S-boxes in comparison to a few well-known S-boxes. The IVth Section is where the suggested S-boxes' image encryption application is carried out. In section V, the statistical analyses of the proposed S-box image encryption system are compared to those of other well-known schemes. Sections VI and VII in order provide the differential analyses of the scheme and conclusion.

B. OUR CONTRIBUTION
This article explains that applications of S-box in Serpent Algorithm with the image encryption. The step wise contribution of our manuscript is as follows, 1) The construction of S-boxes by utilizing mobius transformation over PA-Loop is explained. Its enssuerd that proposed technique is good for image encryption. 7) We have also calculated time excutaion for our proposed encryption secheme, and compare with other algorithm.

II. PRELIMINARIES
Few basic definitions of PA-loops and its comprehensive structure is highlighted in this section. In addition to this, the forming of the S-box by using this new structure is also explicated. Laterly, the application of symmetric group S 16 is also being in consideration.

A. POWER ASSOCIATIVE LOOP
For quasi group, it is necessary that groupoid (A non empty Set with binary operation) must satisfy the cancellation laws. If there exsits a two sided identity e ′ ∈ L ′ (L ′ is non-empty set having a binary operation) and for each c, d ∈ L ′ the equations cx = d and yc = d for all x, y ∈ L ′ have unique solution then L is named as loop. Moreover, if the subloop generated by any element of L is a cyclic subgroup then non-empty set L is named as Power Associative Loop (PA-Loop). It can be expressed as Each subloop generated by a single element is a cyclic subgroup in PA-loops [12]. Due to absence of associative property in PA loop, so it has more varieties of structures which is not possible in associative structures like groups and rings.To express this truth, Table 1 indicates the difference of available possibilities between power associative loops and group with same order.

B. DESIGN OF S-BOXES OVER POWER ASSOCIATIVE LOOP
In different cryptosystems different methods are used to generate confusion in the data. However, substitution boxes are the best source for confusion in the literature. Most of these structures are depended upon the Galois field and some are belonging to Z n 2 which is n topples of binary field Z 2 . These classes are associative therefore show limited impact as shown in Table 1. Power associative loop has more structures as compared to groups and Galois field due to non-associative, which give us different choices to design S-boxes.
The variety of S-boxes make the cryptosystems secure and help to resist the spiteful attacks. For the constructions of S-boxes many techniques are given the literature from which Mobius transformation is one of them. To create several different S-boxes by mobius transformation which is action of projective general linear group on a power associative loop of order 256. The mathematical expression of this technique is given below: Value of c and e are to be fixed 4 and 9 respectively but d and f vary from 0 to n − 1. Take the values of y= 0 : n − 1 then use table of PA-loop see value corresponding to e * y, c * y after that convert the system into binary number. Apply XOR in numerator and denominator and simplify utilizing the table of power associative loop. After simplification exponent give us a new transformed substitution box. We construct 131028 S-boxes by varying the values of f and d.Flow chart of this scheme is given in a Figure 1. Table 2 shows the designing of S-box entries while Table 3, Table 4, and Table 5, show three different S-boxes.

III. ANALYSES OF S-BOXES
It is required to check the strength of proposed S-boxes by using different algebraic and statistical analysis. In this section, we also evaluate our S-boxes with the help of histogram analysis.  In Boolean function, the distance between one function and the remaining set of all affine functions is defined as nonlinearity. Also, the total number of bits that need to be transformed in the truth table to obtain the closest affine function.
where WHT max indicates the walsh Hadamard transform vector's maximum absolute value [20]. The optimum value of nonlinearity is 120. The comparison of our proposed S-boxes and some other existing S-boxes is depicted in Figure 2. Our S-boxes also have good results as compared [37], [38], [39], because propsed S-box have non linearity 111.5.

2) BIT INDEPENDENT CRITERION
Webster and Tavares defined the output Bits Independence Criterion (BIC) to assess the S-box. They advocated that every avalanche inconstant necessarily pair-wise independent for a specified set of avalanche vectors. We can simply add single plaintext bit and obtain these avalanche vectors [20].
The results of BIC of proposed S-boxes indicate the standard outcomes when they are compared with few standard S-boxes. Also, the smallest, middling and square deviation value of BIC is shown in Figure 3. The comparison of the smallest, middling and square deviation values of BIC of new S-boxes with other S-boxes are also given in Figure 3.

3) STRICT AVALANCHE CRITERION ANALYTICALLY
For any proposed S-box, strict avalanche criterion (SAC) is fulfilled if a alteration in a single input bit provides an influence on semi of the output bits. For instance, S-box is functioned to build an S-P network, then a single modification in the input of the network provides an avalanche of variations [20]. It can be seen in Figure 4 the outcomes of the SAC of proposed S-boxes. Moreover, the middling, smallest and square deviation value of SAC in evaluation with different existing S-boxes are given away in Figure 4.   the mask y. According to Matsui's original description [26], linear approximation probability (or probability of bias) of a given S-box is defined as, where x is input masks and y output masks, the set of all possible inputs represented in X and 2 n is the number of its elements. The LP value of newly designed S-boxes and comparison with other S-boxes are given in Figure 5.

5) DIFFERENTIAL APPROXIMATION PROBABILITY
In differential approximation probability x i input differential should uniquely map to an output differential y i , to ensure a uniform mapping probability for each i. The differential approximation probability of a given S-box (i.e. DPs) is a measure for differential uniformity and is defined as 29702 VOLUME 11, 2023    In round 2, second row of S-box and permutation P 2 is used and above method is repeated for {n 1 , n 2 , n 3 ,. . . , n 16 }, similarly we perform 16 th round, in the last round we select the 16 th row of S-box and permutation P 16 for further utilization using the same pattern to obtained {y 1 , y 2 , y 3 ,. . . , y 16 } that lies in the range 0 to 255. This is 16 bytes or 128-bit cipher text. For image encryption scheme we use three different S-boxes which are constructed above. Figure 7(a-d) show the encrypted images by using this scheme and Figure 8 show the flow chart of this encryption scheme. Figure 9 shows the layer wise encryprion by using this scheme. For decryption we use the reverse process by using the inverse S-boxes. Figure 10 shows the decrypted images by using decrpyion process.

V. INVESTIGATIONAL UPSHOTS AND SIMULATION ANALYSES
In any investigation of designed cryptosystems, the ultimate gauge is to measure the outcomes of different analyses. The astonishing fact connected to any research is the disclosure of false outcomes after a long and hectic tiresome job. Sometimes, for scientist and engineers, it become really hard to identify the wrong step. Still it's an interesting task for many. The efficacy of any scheme is established right after the complete investigation of analyses. For this argument, simulation analyses of proposed scheme are given hereafter.

A. KEY SPACE ANALYSIS
In this analysis the total number of keys used in algorithm are debated. If the total volume of keys used in a cryptosystem are higher than it bears more strength against any exhaustive key search. For a chaotic cryptosystem, the key space greater than 2 100 [26] is proposed as secure enough.

B. KEY SENSITIVITY ANALYSIS
Key sensitivity is an essential criteria to be fulfilled by a robust cryptosystem. This assures that any wrong guess will totally change the output obtained from enciphering algorithm. Conversely, with a wrong set of keys the decryption should generate a totally different and wrong original input. PA-loop used in this article successfully satisfies the sensitivity test.

C. CORRELATION ANALYSIS
Pixels are building blocks of images. These are numeric values that are highly correlated with neighboring pixels in all three directions i.e. horizontally, vertically and diagonally. In an enciphered image, the correlation values must approach to zero. This is the main objective of cryptographic algorithm to achieve in any scheme of image encryption proposed by researchers. In result, the rearrangement of pixel values to original one becomes extremely difficult for an assaulter. Table 6 show the correlation analysis of proposed scheme and comparison with other well known schemes.

D. HISTOGRAM ANALYSIS
Histogram analysis of an image provides the information about tonal distribution. This graph is obtained by plotting total amount of pixels in a certain tone along y axis whereas x-axis represent single tonal value. Lighter and darker portion of images are represented on left and right side of graph respectively. The scheme of encryption tries to distort the original combination of pixels which makes the histogram flat as well after these operations. Figure 11 and Figure 12 shows the histogram of original and encrypted image of Lena and Baboon respectively.

VI. DIFFERENTIAL ANALYSES
Differential analysis sometimes also known as sensitive analyses. These are used to retrace/retrieve an original image. There are two major divisions of these namely number of pixels change rate (NPCR) and unified average changing intensity (UACI).

A. NPCR AND UACI
NPCR measures the effect of change on an encrypted image by varying only single bit. It tells us the amount of pixels changed by this increment. Its standard value showing good encryption scheme lies nearer to 99 using its formula mentioned at the end of this paragraph. This affirms its strength against differential analysis. Whereas unified average change intensity (UACI) measures the difference of intensities between original and enciphered image. Its value that is considered acceptable lies nearer to 33% as per formula defined below. Table 7 explains the values of NPCR and UACI.

B. CHI-SQUARE TEST
Since pixels are building blocks of digital images. These are highly correlated with each other in neighboring regions to produce a certain kind of shade. Their distribution in terms of  uniformity is measured statistically by using Chi-square test while the same is analyzed pictorially in histogram analysis.
In chi-square test, the observed and expected values are used to attain significance level. The formula is given as: Here, i represent the intensity level of image and the expected value is 256 for 256 × 256 image. The outcomes are verified in the chi-square distribution table with 0.05 and 0.01 significance level. For 255 degree of freedom, the critical values with 0.05 and 0.01 probability are 293.2478 and 310.457 respectively. Table 8 shows the chi-square values generated from the encrypted Lena image using the proposed scheme. It also reveals that the hypothesis is accepted with 0.05 and 0.01 level of significance, which means the pixel distribution is uniform.

C. TIME EXECUTION PERFORMANCE
The present-day world is totally focusing on time taken by the machines to complete their assignment. Old fashioned devices consume more time and hence energy in achieving their goals. Same is the idea here that any proposed scheme should execute its job in short interval of time. For a bigger real life data, the execution time should be minimized to seconds and even lesser. For calculating the time of the proposed work, we use a system having Processor: Intel R CoreTMi7-8565U CPU @ 1.8GHz 1.99 GHz, RAM: 8 GB and operating system: 64 Bit operating system ×64-based processor. The language used here is python version 3.6. Table 9 explains the time executation. 29708 VOLUME 11, 2023

D. INFORMATION ENTROPY
This analysis deals with level of randomness achieved. The amount of randomness give the impression of true efficacy of a cryptosystem. Information entropy (IE) calculate this randomness and unpredictability as defined by the equation defined below, where the probability of random variable u j is used to calculate IE. The best optimal value of an encrypted image is 8. Any kind of enciphering technique generating the outcomes of IE nearer to 8 are considered as robust and secure. Such encrypted images are when observed pictorially, they generate a flat histogram curve i.e. authenticating randomness and unpredictability. Table 10 represents the outcomes of IE of the proposed scheme vs some well-known cryptosystems.
where P(u j ) denotes the probability of a r.v u at jth index.

VII. CONCLUSION
This article presents a modified scheme of encryption i.e. modification of serpent. The construction of S-box is different over here. It is developed using PA-Loop. The superiority of the structure over the extended binary Galois field is due to the larger key space i.e. larger number of possibilities are available here as compared to Galois field. PA-Loop have many representations in terms of Cayley table as compared to one Cayley representation in GF. It includes 128 bits key along with PA-Loop of order 256. If an attacker has the knowledge of key but don't have any information about loop, he can't succeed to break this. Moreover, the proposed mathematical system is noncommutative making it harder to break. One of this scheme's key benefits is that it works for both text and image encryption. The suggested scheme was examined using various analyses to determine its viability.
All of the standard tests had positive outcomes, indicating that they could be used in real-world situations. , Lahore, as an Assistant Professor of mathematics. He is currently a Co-Coordinator of mathematics with UE Vehari Campus, Pakistan. He has teaching experience of over ten years at different levels and supervised more than 15 M.S./M.Phil. students and one Ph.D. scholar sofa. He has been supervising many students and performing other administrative duties as well. He has published more than 25 research articles in internationally reputed journals. SAYED M. ELDIN is currently with the Faculty of Engineering and Technology, Future University in Egypt, on leave from Cairo University after nearly 30 years of experience with the Faculty of Engineering, Cairo University. He was the Dean of the Faculty of Engineering, Cairo University, where he achieved many unique signs of progress in both academia and research on the impact of emerging technologies in electrical engineering. He was a PI of several nationally and internationally funded projects. He has many publications in highly refereed international journals and specialized conferences on the applications of artificial intelligence in the protection of electrical power networks. He is on the editorial boards of several international journals.