Comparison of Pre and Post-Action of a Finite Abelian Group Over Certain Nonlinear Schemes

This paper proposes to present a novel group theoretic approach of improvising the cryptographic features of substitution-boxes. The approach employs a proposed finite Abelian group of order 3720 with three generators and six relations. The pre and post-action of the new Abelian group on some nonlinear schemes is analyzed and investigated. It has been found that post-action is competent to construct substitution-boxes whose cryptographic strengths are quite better compared to them before the group action. The S-box strength improvisation has been perceived on multiple performance parameters including nonlinearity, differential uniformity, bits independent criteria, linear approximation probability, and auto-correlation functions along with the satisfaction of strict avalanche criteria. The suitability of proposed improved S-box is tested for image encryption applications under the majority logic criterions and differential analyses. The conducted statistical investigations demonstrated the proficiency of anticipated group action approach and its suitability for cryptographic usages.


I. INTRODUCTION
Nowadays, the mankind has been eased to communicate through insecure channels owing to the progress in communication technology. The secretiveness of information is momentous in such scenarios. It necessitates to have high level protection for trustworthy end-to-end communication. This problem of security assurance can be resolved by using cryptography, steganography and watermarking. Cryptography is an art of transforming the hidden information into a pretend form of data so that it can do attain its terminus securely without leakage of information. In 1949, modern cryptography was founded by Claude Shannon, by depicting the concept of substitution box [1]. A well-studied block cipher Data Encryption Standard (DES) was proposed in 1977 [2] which lead to the start of development and The associate editor coordinating the review of this manuscript and approving it for publication was Mohammad Ayoub Khan . refinement of block cryptosystem. A number of different block cryptosystems similar to DES have been proposed such as LOKI [3], FEAL [4], KHUFU and KHAFRE [5], REDOC [6], etc.
In 1997, a search was started by NIST when it announced that the successor algorithm is needed for DES, which has gone susceptible to different attacks. NIST established the AES which is a specification for encryption of electronic data. In 2001, NIST announced the AES as the U.S. federal information processing standard. Primarily, Belgian cryptographers developed AES, which is a subset of Rijndael block ciphers, by whom a proposal to NIST was submitted during the selection process of AES. It contains flexibility of having options for different block and key sizes. For AES, NIST selects Rijndael family, each with block size 128 bits and three different key lengths 128, 192, and 256. AES is a symmetric block cipher which can protect the classified information and be implemented in both hardware and software.
The modern cryptography has two broad categories such as asymmetric and symmetric key cryptography. The block ciphers are related to symmetric key cryptography. Substitution-boxes are nonlinear part and parcel of symmetric key cryptosystems including block ciphers, steam ciphers, hash standards, etc. The S-boxes have the ability to bring confusion in the plain-text during the encryption process. Majorly, the effectiveness of the block ciphers is predominantly dependent on the cryptographic strengths of utilized S-boxes. Therefore, the researchers are interested to develop strong and improved S-boxes compared to existing ones. Since, S-boxes are inherently the vectorial Boolean functions. The performance and quality parameters of Boolean functions are also applicable to assess the security strength of S-boxes. Hence, a number of performance criterions and metrics are available to judge the capableness of S-boxes [7]- [11]. An S-box is said to be a cryptographically strong S-box if it satisfies a number of performance criterions simultaneously and most optimally. Accordingly, the researchers are focusing to develop some simple and effective approaches which can generate to form strong S-boxes for the development of a secure cryptosystems [12]- [15], [46], [52], [56]. To inspect the algebraic and statistical structure of substitution boxes, the different metrics are nonlinearity, strict avalanche criteria (SAC), bits independence criteria (BIC), linear approximation probability and auto-correlation function. The suitability of substitutionboxes for cryptographic applications like image encryption is examined under the histogram analysis, a set of criteria collectively known as majority logic criterion, differential analysis involving NPCR and UACI.
In this paper, the techniques of S-box construction and its performance improvisations are investigated which is based on group theoretic approach. The proposed improved S-boxes have been tested by using combinatorial analyses, majority logic criterion, differential analyses and histogram analysis as mentioned above.

II. ALGRBRAIC STRUCTURE OF PROPOSED SUBSTITUTION-BOXES A. NONLINEAR SCHEMES FOR
We considered the following four nonlinear schemes applied to generate the ordered sets i ; i = 1, 2, 3, 4 which form the basis for getting substitution-boxes for the action of proposed Abelian group.
Discrete logarithm is a direct analog in a finite group of the usual log in the field of real numbers. In general, the discrete logarithm of x ∈ G to the base b ∈ G is defined to be y ∈ G such that b y = x in a finite multiplicative group G, if such y ∈ G exists. In cryptography, logarithms are considered only in cyclic groups and a generator of G is assumed for the base b. Only a positive integer can be the exponent, and x, b = 0.
An equation of the form ax 3 + b = 0 is said to be a pure cubic equation in which sum of the roots is 0, while their product is − b a , and sum of their products taken two roots at a time is 0.
Scheme.4: 3D shuffling algorithm for 16 × 16 matrix. In this 3D shuffling algorithm, the decimal entries of matrix 16×16 are changed into binary form so that all entries are in GF(2 8 ). Eight 2-D matrices are prepared for each bit. A 3D matrix A 16×16×8 is made whose ith layer is the 2D matrix of (9 − i)th bit. To construct B 16×8×16 , we remove even columns of ith layer and place it to (8 + i) th layer and change it into decimal form so that a matrix C 16×1×16 is formed. Then place ith layer at the ith column to make D 16×16 matrix. Find the missing entries, arrange them in order and flip them. Then rearrange each eight-element group using the permutation (1 5 7 6 4 2 3 8) and remaining less than eight entries keep at the same positions. Finally, replace repeated values with arranged missing values.
We tested all the four mentioned schemes on the elements of Galois Field GF(2 8 ) for high nonlinearity on , the set of members of GF(2 8 ) and satisfaction of strict avalanche criteria. The input parameters for four nonlinear schemes which satisfy the two properties most optimally are chosen as (1) b = 94 as the base of discrete log in Scheme1, (2) a = 114, b = 16 as the coefficients of cubic equation in Scheme2, and a = 114, b = 1, c = 98, d = 195 as random parameters of linear fractional transformation in Scheme 3. Let i ; i = 1, 2, 3, 4 be an ordered set obtained by applying i th scheme on GF(2 8 ). The proposed group-theoretic approach involves the following three simple steps.

B. STEP 1
Remove the repeated term 257 in order set 1 and substitute the missing values in i ; i = 1, 2, 3, 4.

C. STEP 2
Consider a finite Abelian group G =< x, y, z; consists three generators, six relations and order of 3720.

D. STEP 3
The proposed group G acts naturally on the Index set I i of i as µ : G × I i → I i defined as, for fixed g ∈ G, µ (g, ω) = (ω) g , ω ∈ i .
Hence, finally through bijection from I i to i , we get cryptographically better substitution box i on post-action of proposed group.  The generation of final S-box using scheme 1 and action of proposed group is illustrated as: Consider the entries of Galois field GF(2 8 ) and arrange its 256 elements in 16 columns, such that, the entries (in hex format) of very first row are (00h, 10h, 20h, 30h, 40h, 50h, 60h, 70h, 80h, 90h, A0h, B0h, C0h, D0h, E0h, F0h). In scheme 1, we assume discrete log of 0 to the base 94 as 0, because log of 0 is not possible. Taking discrete log to the base 94 of remaining entries (like 94 192 = 16 mod257, 94 176 = 32 mod257), we get (00h, C0h, B0h, 25h, A0h, 73h, 15h, 49h, 90h, 8Ah, 63h, 14h, 05h, 92h, 39h, D8h). These obtained values form the elements of first row initial S-box from Scheme 1 which is shown in Table 1. Now, the action of proposed Abelian group G is to be performed on the indexed set of the S-box in Table 1.
The obtaining of proposed final S-box as follows: through the action of generator x at 1 st entry of the Table 1 mapped at 5 th place in Table 2, ; 5 th is placed at 42 th ; 42 th is placed at 204 th , and 204 th is placed at 188 th (because of permutations offered by generator x of group G). Through the action of Abelian group with three generators x, y, z on S-box in Table 1, the proposed S-box which is in Table 2 is gotten. The S-box from Scheme 1 is shown in Table 1 and the postaction of group on this S-box resulted into the S-box given in Table 2. Similarly, the same group action is performed over the S-boxes generated by other three schemes to get three more S-boxes as the result of action.
The combinatorial S-box analyses of four suggested nonlinear schemes before and after the action of proposed Abelian group are given in Table 3 and Table 4. The group causes features improvement in all four S-boxes. The improvement is achieved on multiple parameters. Specifically, the pre-action nonlinearities of 104.25, 101.75, 92.5, 58 goes post-action as high as 112, 106.5, 105.5, 102.75, respectively. The differential uniformities get better from 128, 28, 40, 114 to as low as 4, 12, 12, 10 respectively. Linear approximation probabilities go excelled from 0.1797 to 0.0625, from 0.1562 to 0.1406, from 0.2109 to 0.1406, and from 0.4609 to 0.1328. Similarly, the autocorrelation function also gets improved from 184 to 32, from 136 to 108, from 184 to 96, and from 248 to 88. Hence, a remarkable performance improvisation has been achieved with post action of proposed group over initial S-boxes from four schemes. The plots for nonlinearity, strict avalanche criterion, differential uniformity, BIC, linear probability and ACF for four suggested schemes before and after the action of our finite group are shown in Figure 1 and Figure 2.

III. ANALYSES OF PROPOSED S-BOX
The different statistical tests have been implemented in MAT-LAB to determine the security performance of substitutionboxes to judge their cryptographic strengths. The S-box performance metrics and tests such as nonlinearity, strict avalanche criteria (SAC), bits independence criteria (BIC), linear approximation probability and auto-correlation function are applied to estimate the cryptographic competency of S-boxes. Moreover, the suggested substitution-box finds its application in the field of image encryption approaches. The performance outcomes of the suggested substitution-box are compared with some recent substitution-boxes.

A. NONLINEARITY
It is the fundamental tool introduced in 1988 by Pieprzyk and Finkelstein [16] to measure the strength of substitution-box. The Walsh spectrum manifests the nonlinearity of a Boolean function f (x) as  The following equation defines the Walsh spectrum where ω ∈ GF(2 8 ) and x.ω is the dot product. Concerning the security against linear cryptanalysis, S-box with maximum nonlinearity always shows greater cryptographic resistance to linear attacks. For a bijective S-box . . , f n (x)) the benchmarking index includes the highest and lowest nonlinearity and the mean value of all nonlinearity values. The nonlinearity AES S-box considered as the best-known nonlinearity for any 8 × 8 S-box. The non-linearity of proposed S-box is found as 112 which is same as that of AES S-box and better as compared to many known available S-boxes in literature as shown in Table 5. It shows that our proposed S-box has the ability to offer high nonlinearity the security system and can offer high resistance to linear attacks.

B. STRICT AVALANCHE CRITERION
The strict avalanche criterion was described by Tavares and Webster, which gets its base on the completeness effect's notion and the avalanche [34]. This criterion measures that by making a single change in input bits, how much output bits get altered. The SAC assumed as satisfied when all the output bits are changed with a probability of 0.5, whenever only one input bit is flipped.    close to ideal value of 0.5. The SAC comparison of various S-boxes is made in Table 7. It can be seen that the proposed S-box has comparable performance like other S-boxes when satisfying the SAC criteria.

C. BIT INDEPENDENCE CRITERION
The input bits which remain unchanged are explored under bits independence criterion. The revamping of independent performance of pairwise variables of avalanche vectors and unaltered input bits are the assets of this measure. It is an effective criterion in symmetric cryptosystem, because by augmenting independence between bits, the recognition and prediction of patterns of the system is not possible. The BIC outcomes for nonlinearity are provided in Table 8. We compared the lowest and average values of BIC-nonlinearity and square deviation of suggested S-box with various well-known S-boxes in Table 9. The BIC analysis of suggested S-box has standard deviation = 0, average value = 112 and minimum value = 112. The results are remarkably excellent as compared to many other S-boxes given in Table 9.

D. LINEAR APPROXIMATION PROBABILITY
The method of linear approximation probability (LAP) is helpful in calculating the imbalance of an incident. The maximum value of imbalance of an event is measured with the help of the analysis introduced by Matsui in [35]. There must VOLUME 8, 2020  be no difference between output and input bits uniformity. Each of the input bits with its results in output bits is examined individually. If all the input elements are 2 n , the class of all possible inputs is d and the masks applied on the equality of output and input bits are respectively χ y and χ x , then maximum linear approximation is the maximum number of same results and calculated as: A lower value of this probability indicates that S-box is more capable to fight against linear cryptanalysis attack. The outcomes of this crucial analysis acquired for suggested S-box and various available S-boxes which are mentioned in Table 10. These LAP measures show that our S-box can deal with various linear attacks effectively like AES in better way compared many other S-boxes.

E. DIFFERENTIAL UNIFORMITY
To withstand the famous differential cryptanalysis introduced by Biham and Shamir [36], S-box must have the differential uniformity as low as possible. By ensuring a uniform mapping probability for each J, an output differential y j must be uniquely mapped with an input differential x j . For an almost perfect nonlinear n × m S-box lower band of differential uniformity is 2 n−mC1 . For n ∈ E, there is no almost perfect nonlinear S-box in GF(2 n ). Thus, the DU of 8 × 8 AES S-box is considered as the minimum optimum value which is 4. Table 11 shows differential uniformity of proposed S-box and comparison with others is given in Table 12. The proposed S-box is also found to be a differentially 4-uniform like AES S-box. Therefore, it can oppose differential cryptanalysis quite diligently and comfortably.

F. AUTOCORRELATION FUNCTION
For two Boolean functions f (x) and g(x), their crosscorrelation functionĉ fg (y) is defined aŝ The auto-correlation function of a binary Boolean function f isĉ ff . It shows that the squares of members of spectrum of f are the members of spectrum of ACF. We denote autocorrelation function of the function f from GF(2 m ) to GF (2 n ) bŷ r f (y) and mathematically it is defined aŝ The autocorrelation function score for proposed S-box comes out be 32 only.

G. BIJECTIVE PROPERTY
Most of the block ciphers employ the bijective S-boxes during substitution-phase. Hence, it is compulsory for the S-box to be reversible and bijective for correct data decryption in substitution-permutation networks (SPN). where wt(·) is Hamming weight, (a 1 ,a 2 ,a 3 , . . . ,a n ) = (0, 0, 0, . . . , 0), a j ∈ {0, 1} and f j represents Boolean function. f is bijective and each f j should be 0/1 balanced. We have verified that our all four improvised S-boxes satisfy the bijective property.

IV. MAJORITY LOGIC CRITERION
Through majority logic criterion, the strength and suitability of substitution-boxes are examined and investigated for use in image encryptions. It is momentous to examine the statistical characteristics because by encryption a distortion is created in image. The MLC is set of criterions such as Correlation, Entropy, Energy, Homogeneity and Contrast. The proposed substitution-box is applied to encrypt digital images to show that it can be used for multimedia security and image encryption [37]. To conduct MLC analysis, we used three standard gray images Lena, Peppers, Baboon each of size 256 × 256. The encryption procedure involves substitution by proposed S-box in two rounds. In first round, the substitution is carried out in forward direction (from first pixel of image to the last pixel) followed by substitution in reversed direction (from last pixel of image to first pixel). All the experiments and simulations are performed using MATLAB tool. The original and encrypted images with proposed S-box are shown in Figure 4. The encrypted images are extremely distinct and indistinguishable compared to their respective plain-images. The visual distortion is fairly high as the images don't consist of any patterns that may leak even the slight information of plain-image data.

A. CORRELATION
The correlation coefficient measures the closeness of pixel values to its neighboring pixels. It unfolds an existing linear relationship between two pixels values of the image. It can be calculated in horizontal, vertical and diagonal formats. Its range belongs to [−1, +1]. If the neighboring pixels of image are negatively correlated, the value of correlation is -1, else +1 if they are positively correlated [38]. In general, the plain-images have strong correlation among neighboring pixels. The correlation between pixel values can be soften by encryption. The encrypted images with highly uncorrelated neighboring pixels deem robust for insecure channel. VOLUME 8, 2020 Mathematically, the correlation analysis is obatined as: where µ is the variance, σ is mean of the gray level co-occurrence matrix, and p(j, k) is the pixel value at j th row and k th column. The computed correlation coefficients for images in Figure 4 are given in Table 13. It can be observed from Table that the coefficient values in randomly selected vertical and horizontal adjacent pixels in encrypted images are very less (near to zero) than the corresponding values obtained for plain-images. This shows that proposed S-box is consistent to diminish the existing high correlation in images and make them robust. The correlation plots for vertically and horizontally neighboring pixels in plain-images and encrypted images are shown in Figure 5. The Lena, Papers and Baboon cipher image correlation coefficients encrypted with Khan's algorithm [54], Wang's algorithm [53], and Zhu algorithm [55]. The experimental results indicate that, among the three algorithms, our proposed algorithm has the closest absolute values of the correlation coefficient, having the strongest scrambling effect.

B. ENTROPY
The value of randomness of encrypted image is measured by entropy analysis. The entropy is mathematically formulated as [39].
where p(t j ) is the probability of symbol t j of source S. The entropy is 8, if source emits 256 symbols with equal probabilities; this corresponds to the ideal value for source and represents a real random source. Entropy is greater, if the distribution of gray value is more uniform. There would be a chance of predictability if the entropy of encrypted image is significantly less than 8, and it threatens security of image.
The entropy values of original and encrypted images are given in Table 14. It shows that, in our image encryption using proposed S-box, the information leakage is insignificant as the entropy for encrypted images are quite high.

C. ENERGY
The sum of squared members of gray level co-occurrence is calculated in energy analysis [40]. In gray level co-occurrence matrix high valued pixels are found in some places of plain image, therefore the energy value is high. As compared to the original image energy of the encrypted image is smaller because in encrypted image energy values are distributed. The energy analysis under MLC is expressed as: The energy values of three plain and encrypted images are given in Table 14. The obtained considerably small values of energy for encrypted images shows good encryption effect as compared to plain-images.

D. HOMOGENEITY
The intimacy of the distribution of elements of diagonal gray level co-occurrence and gray level co-occurrence is The computed scores of homogeneity for all three plain and encrypted images are listed in Table 14. Again, the low values of homogeneity for encrypted image as compared to original image indicate that the encryption effect is strong.

E. CONTRAST
For easy viewing contrast and brightness of the image are properly adjusted during image processing. Contrast is related to the difference in the brightness of object. In encryption process, due to the nonlinear substitution by the S-box, the contrast is directly proportional to the randomness of image [42]. A constant plain-image has a contrast value of zero. In general, the contrast measure for an image is obtained as: where the position of pixels in gray level co-occurrence matrices is represented by p(j, k). The contrast values of three set of images are given in Table 14. The high contrast scores for encrypted images, compared to original image, show that information leakage is negligible in proposed encryption process.
The MLC results are also depicted graphically in Figure 6 to show high divergence of MLC measures for encrypted images as compared to outcomes for plain-images. The MLC analyses demonstrate that proposed S-box is capable to offer excellent encryption effect which is proven by the evaluated different statistical measures.

V. DIFFERENTIAL ANALYSES
In this analysis, a minor change is incorporated in the original image in order to hide each statistical correspondence between output and input which results in large alteration of  encrypted image content. This feature is directly related to the confusion and diffusion of the followed encryption system. The following statistical measures are used in practice to gauge the different analysis.

A. NPCR AND UACI
Two most common criteria, number of pixel change rate (NPCR) and unified average changing intensity (UACI) are used to quantitatively measure the influence of one pixel change on the encrypted image [43]. Between the two encrypted images, the percentage of different pixel numbers is measured by NPCR and the average intensity of differences is measured by UACI [44]. Let the difference in pixel of two original images is only one and their corresponding encrypted images are denoted by E 1 and E 2 . Then NPCR is determined as: where two-dimensional array D with same size as E 1 and E 2 is defined as: While UACI is defined as: where X and Y are the height and width of encrypted image. It is concluded that the high values of NPCR and UACI are required as shown in Table 15.

B. BLOCKED AVERAGE CHANGING INTENSITY (BACI)
In Ref. [45], Zhang highlighted some problems in NPCR and UACI measures for differential analysis. Zhang demonstrated VOLUME 8, 2020 that the two different (differ by pixel values) plain-images that are visually similar up to much extent may have the scores of NPCR close to its theoretical value of 100% and UACI close to expected value. Hence, the NPCR and UACI measures are not suitable to describe and account the visual difference between images as shown in [45]. To overcome the existing problems of NPCR and UACI, Zhang suggested an index termed as blocked average changing intensity (BACI). According to BACI index, the difference image D = abs (E 1 -E 2 ) is divided into blocks of pixels each of size 2 × 2. A value (say M i ) is computed for each block D i and BACI is defined as follows: The expected score of BACI measure is calculated as 26.77% [45]. Following this procedure, we also computed the BACI measure for our encryption algorithm using proposed S-box, the obtained values of BACI are also shown in Table 15. It is evident that our encryption algorithm shows quite satisfactory BACI scores as they are somewhat close to expected value.
Hence, in addition to NPCR and UACI, BACI scores show the encryption algorithm using proposed S-box brings adequate visual difference between two encrypted images whose plain-images have minor change in pixel value.

VI. HISTOGRAM ANALYSIS
The distribution of pixels gray level intensities in an image is represented by histogram. If a non-uniform behavior is presented by distribution, cryptanalyst may use this information to mount histogram attacks. However, the algorithm is deliberated robust against histogram attack and the information is unpredictable if the histogram is flat and uniform [42]. Between ciphered and non-ciphered image, the difference among the intensities of colors is found using it. We have tested the histograms of original and encrypted images. The histogram distribution of the encrypted image with the proposed S-box presents a significant difference from the original image's histogram and is quite uniform as shown in Figure 7. The result denotes that it is extremely difficult to leverage the statistical characteristics of the substituted image to reacquire the original image.

VII. CONCLUSION
In this paper, we constructed four initial S-boxes by applying different nonlinear schemes. Then, a group theory-based approach is proposed to improve the features of generated S-boxes. To achieve features improvisation, a novel finite Abelian group with three generators having an order of 3720 is constructed. The proposed approach analyzes and compares the pre and post action of suggested Abelian group over the nonlinear S-box schemes. The simulation analysis shows that the improvisation of all four S-boxes on multiple performance parameters is achieved. The most optimal proposed S-box among all four is exclusively investigated in detail. In addition, the same proposed S-box is applied for cryptographic image application. It has been found that our encryption algorithm using proposed S-box offers excellent encryption effect and performance as evident by MLC criterions, differential analyses including NPCR, UACI and BACI measures, and histogram analysis. Hence, the proposed approach is trustful for use in secure communication systems.