A strong construction of S-box using Mandelbrot set an image encryption scheme

Contributions

• The Mandelbrot set is used in this article because it contains an intricate structure that arises from a basic description. A slight change in the parameter can modify the shape of the Mandelbrot set.

• The initial condition sensitivity shows its chaotic behavior. The slight change in the initial parameters of the Mandelbrot set completely changed the output value.

• In literature, chaos-based cryptographic protocols could be resilient to cryptanalytic attacks rather than mathematical encryption protocols. Therefore, we used Chen’s chaotic system to create diffusion in the offered cryptosystem.

• The proposed scheme also deceives all possible linear cryptanalysis attacks such as a chosen-plaintext attack, chosen-cipher attack, and known-plaintext attack.

• Security proof of our scheme will be presented in preferable security assumptions, such as non-linearity, strict avalanche criterion, differential probability histogram analysis, correlation measures, entropy analysis.

Using fractal-based sequence property, we generate an S-box with maximum non-linearity by changing the parameters. The typical Mandelbrot set is defined as: (1)${\displaystyle f:{z\leftarrow z}^2+c.}$

Researchers have also produced a variety of methods for S-box analysis (Khan et al., 2018; Picek et al., 2014), i.e., non-linearity methods, strict avalanche criteria, probability methods (linear approximation (LP), differential approximation (DP)), and bit independence criteria (BIC) are among these methods and criteria (Razaq et al., 2021; Khan, Masood & Alghafis, 2020; Khan et al., 2018; Picek et al., 2014). Recent studies have shown that chaos-based cryptographic protocols could resist cryptanalytic attacks rather than mathematical encryption protocols. Therefore, we have utilized Chen’s chaotic system to create diffusion in the offered cryptosystem. Moreover, the cryptographic strength of the proposed cryptosystem is dignified by some formal analysis, such as randomness analysis, National Institute of Standards and Technology (NIST) test, differential attack analysis, and pixel similarity-based analysis. The rest of the article is classified as: ‘Literature Review’ presents the literature review; in ‘Proposed Cryptosystem’, we provide a specific technique for key generation and the encryption scheme of the proposed image cryptosystem. In ‘Formal Modeling of Mandelbrot Set S-box’ and ‘Performance Analysis and Results’, a detailed security analysis and comparison of the proposed cryptosystem are mentioned. Finally, in ‘Statistical Analysis’, this study’s conclusion and future work are provided.

S-boxes

The image encryption method uses two types of s-boxes: static and dynamics. Static s-boxes are less secure than dynamic s-boxes. Dynamics s-boxes are more efficient and usable than static s-boxes because of the prior additional keyspace.  Lu, Zhu & Deng (2020) proposed a single dynamics scheme for the construction of the S-box. They use two turns of chain substitution and one turn of pixel permutation. An image encryption scheme was proposed, which depends upon block permutation for S-box construction, in Ping et al. (2018). The chaotic operation was used for the confusion and diffusion purpose. Genetic algorithms approaches were used to solve the challenge of S-box creation. In order to meet the non-linear behavior and other strength criteria, Farah, Rhouma & Belghith (2017) employed a genetic algorithm optimization to enhance the designed S-box continuously. On the other hand, soft computing techniques are not fast enough to construct dynamic S-boxes in real-time. In Javeed, Shah et al. (2020), a novel method of s-box construction was proposed. The system of equation Rabinovich Fabrikant (RF) is chaotic and more dynamic due to its non-linear feature. This system is ideally designed to design a non-linear block cipher component.

Mandelbrot set

 Agarwal (2020) presented the CFF technique, composite fractal function (CFF) is the combination of two distant Mandelbrot sets having a single threshold value. A z-scanned fractal pattern is used for increasing randomness in the image by applying random fractal matrix and Henon map-based plain image pixel scrambling. The analysis showed that the proposed CFF method exhibits all required chaotic features. In Sani, Behnia & Akhshani (2021), the S-box was generated through a complex map. They use Julia set for creating confusion and diffusion in their s box and cryptosystem. The real part of the Julia set was used for the generation of S-boxes, and the imaginary part was used for diffusion in their algorithm. Experimental results show that their algorithm satisfies most of the required criteria, but there is still some limitation to secure image encryption algorithm. Their result shows there is less robustness in the proposed S-box algorithm. In Hasanzadeh & Yaghoobi (2020), another fractal-based scheme was proposed in which the Julia set and three-dimensional chaotic map for image encryption were used. At first, they encrypted images with Julia set by shuffling image layers, and then the encryption is done with the Julia set by doing the same shuffling process. The confusion and diffusion property of the algorithm enhanced the robustness of the proposed system. Another fractal-based scheme was proposed by Zhang, Hao & Wang (2020). They generated a keystream from the Julia set created confusion in image layers and then used the Mandelbrot set to create another keystream. After generating two key streams, they shuffled them and created confusion in the image by the updated keystream. The constructed Julia set and Mandelbrot set created confusion until complete disorder in the original image, followed by diffusion using the XOR operation. A key-dependent permutation over finite elliptic curve scheme proposed (Ibrahim & Abbas, 2021) to reduce the computational construction time of dynamics S-boxes. By supporting sizeable keyspace, the proposed scheme generates an 8x8 s-box in 1ms. The authors’ analysis shows that schemes have a high-level resistance against chosen plaintext and key-related attacks. In Ye & Zhimao (2018), a six-dimensional fractional Lorenz-Duffing chaotic system with an o-shaped path shuffling algorithm was presented to produce a robust high-level S-box. FLDSOP begins by constructing a preliminary S-box using a six-dimensional FLDS. Second, it creates an O-shaped route scrambling method to disrupt the order of the component in the obtained S-box. In Jamal et al. (2019), the chaotic behavior of the modified Tent-Sine map is addressed in this study, and a novel approach for constructing substitution-boxes was offered as a result. To construct robust S-boxes, this novel approach investigates the characteristics of chaos using a TSS map and an algebraic Mobius transformation. The main goal in Khan, Masood & Alghafis (2020) was to provide a safe and resilient algorithm with the least amount of vulnerability possible. They used fractals, Fibonacci, chaotic maps, and compared the outcomes to existing approaches, which revealed unmatched communication security. In Hasanzadeh & Yaghoobi (2020), another fractal-based scheme was proposed in which they use Julia set and three-dimensional chaotic map for image encryption. At first, they encrypted the image with the Julia set by shuffling image layers and then the encryption is done with Julia set by doing same shuffling process. The confusion and diffusion property of algorithm enhanced the robustness of the proposed system.

Azam, Ullah & Hayat (2021) proposed a quick and secure public-key image encryption technique based on elliptic curves. To prevent costly calculations, the sender and receiver in this system precompute a public EC using an efficient search algorithm. This approach scrambles the pixels of a masked image using a dynamic S-box after masking the pixels of a plain text with random integers.

Mandelbrot set substitution box

The Substitution box (S-box) is one of the essential non-linear components of the block cipher. The S-box creates confusion in the encryption process due to its non-linearity property. Shannon’s (1949) highly non-linear S-box breaks the relationship between key and ciphertext. We have designed a new structure for the substitution box by implementing Mandelbrot sets. The substitution-box generated by the offered design is highly non-linear and passes all the standard cryptographic analysis. The substitution box is essential for achieving excellent cipher characteristics. Because of its resilience to cryptanalysis, both differential and linear, its significance in any cryptosystem cannot be overstated. When we look at the Mandelbrot set image, we can see the Mandelbrot set in the dark zone. Now to pick any c-value from this dark region for the construction of S-box, we will see that when iterating x² + c, the orbit of zero does not escape to infinity. The Mandelbrot set in the plane is symmetric with respect to the x-axis, and its intersection with the x-axis occupies the interval from −2 to 1/4 (Devaney, 2006). The point 0 is located inside the major cardioid, while point −1 is located within the ‘bulb’ to the left of the main cardioid. The y-axis of the Mandelbrot set, also known as the imaginary axis, lies between −1 to 1 in the complex plane. As we know, Mandelbrot set shows sensitive behavior at their initial condition, a tinny change will be resultant a different out. To resist brute force attacks, we selected those parameters where the sensitivity of the Mandelbrot set is very high. These are the initial parameters to generate an S-box by fulfilling Mandelbrot set properties. We develop an S-box into two different steps discussed below.

Step 1: Initial S-box Generation:- The choice of an initial S-box is a critical step, and it is the phase that takes us to an outstanding S-box with improved performance. We set the initial parameters manually as x₀ = −1.7, y₀ =0, I = and c we obtained the non-linearity value of 100. We generated the S-box according to the following steps shown in Fig. 2. In our approach, we altered the first S-box to increase the nonlinearity score and.

Step 2: Final S-box:- In this step we set the initial parameter manually which satisfied Mandelbrot set conditions as; x₀ = 0.9, y₀ =−0.3, I = −1.45. The output S-box have higher randomness than the previous S-box. To increase randomness, we permuted S-box rows into columns and then columns into rows. From the given S-box, we obtained minimum non-linearity S-box 102.75 and maximum S-box non-linearity 108 and the average of 106.

Mandelbrot Set S-box Construction Steps:

Step 1: Set initial parameters for the construction of the Mandelbrot set. In our case, we select the initial parameter manually as x, y, and I.

Step 2: The output of the Mandelbrot set is in the form of

Z = X + iY

The real part of the Mandelbrot set (X) is utilized to construct the Substitution box.

Step 3: The output values (X) are in small numbers so that, the real part of the Mandelbrot set (X) is multiplied with a large random constant such as:

X = X × 10000

Step 4: Next step is the diffusion of random array generated from MATLAB with X obtained from the previous step by:

B = X⊕A

where A is the random array.

Step 5: Now unique 256 values are selected using MATLAB command as follows:

S = unique(B,’stable’)

Step 6: Reshape the obtained array in 16×16 array matrix and store as S-box.

Step 7: Now permute 16*16 matrix value, rows into column and column into rows and stored output as a final S-box.

A = [Array 0, 256 num’s]

P = Randperm(A)

The proposed Mandelbrot set S-box is shown in Table 2.

Construction of diffusion key

Chaotic systems have been frequently utilized for secure data transmission from past decades. Chaos-based cryptographic algorithms are considered a reliable source of secure encryption due to their sensitivity to the initial condition, Ergodicity, and other chaotic features. The combination of confusion and diffusion gives rise to an SPN. In the proposed encryption process, the diffusion is produced by Chen’s chaotic systems. The diffusion key is constructed by using Chen’s chaotic system with some specific initial conditions and chaotic parameters. Chen’s chaotic system is employed to shuffle the data for diffusion. Chen chaotic has extremely similar equations of Lorenz systems, but there is a topological difference. The parameter c in front of the variable y leads the present system to have a lot of complicated characteristics. Chen’s chaotic system has more complex dynamical characteristics than Lorenz chaotic system. Mathematical general parameter of Chen’s chaotic system (Chen & Ueta, 1999) is defined as: (16)${\displaystyle \left\{\begin{array}{c}\hfill dx/dt=a\left(cy-cx\right)\hfill \\ \hfill dy/dt=\left(c-a\right)cx+cy-xz\hfill \\ \hfill dz/dt=-bz+cy\hfill \end{array}\right.}$

where a, b, and c are parameters. After executing the diffusion and confusion process, the encrypted data is passed through cryptographic standards to measure its strength. Chen’s chaotic attractor is shown in Fig. 4 (Cassal-Quiroga & Campos-Cantón, 2020).

Image encryption process

The following are the steps in the proposed encryption scheme:

Step 1: Insert an image m×n×3 as input of encryption scheme and split each channel of an image as red, green, blue.

Step 2: Initialize Chen’s chaotic map using chaotic sequence and initial parameters.

Step 3: The trajectories of Chen’s chaotic map are stored as x, y, and z arrays from Eq. (16).

Step 4: Each trajectory is utilized to permute channels of an image.

Step 5: After scrambling Chen’s chaotic trajectories with the Image plane, a new scrambled image is generated.

Step 6: The Mandelbrot substitution box is implemented on an obtained image from step 5.

Step 7: At the end, the obtained resulting layers are compiled as cipher images.

Non linearity

The main objective of S-box is to aid the non-linear transformation of unique information into encoded data non-linearity defines the gap between function and all affine functions. The number of bits in a Boolean truth table may represent how it must be modified to gain the nearest affine function. The non-linearity score of a cryptographic function can be used to determine its susceptibility to linear attacks. The Walsh spectrum can represent the Boolean function non-linearity f(x): (17)${\displaystyle N_f=2^{m-1}\dot{\left(1-2^{-m}\right)}ma{x}_{\omega \in GF\left(2^m\right)}\left|S_f\left(\omega \right)\right|}$

And Walsh spectrum is (18)${\displaystyle S_f\left(\omega \right)=\sum _{x\in GF\left(2^m\right)}{\left[-1\right]}^{f\left(x\right)}\oplus x\dot{\omega }}$

whereas ω belongs to 2^m. High non-linearity values are obtained using the methodology utilized in this article. Linear approximation and affine attacks are examples of cyber-attacks that highlight the need for S-boxes with high non-linearity values. As a result, the significant non-linearity of our suggested S-box aids in providing great confusion as well as great resilience to these attacks. The resulting values from the highest nonlinear S-box max, min, and average scores are 108, 104, 106, respectively. Table 3 and Fig. 5 compare the proposed S-box to existing systems in terms of non-linearity.

Strict avalanche criterion

Webster & Tavares (1985) presented the concept of exacting strict avalanche effect (SAC), which is the speculation of culmination and torrential slide impact in the year 1985. SAC is used to check the confusion capability. It is especially beneficial in Shannon-based encryption, where a slight modification might result in a 50 % difference in the output bits. Table 4 shows the dependence matrix for S-box.

Every unit of the resultant table shows that the SAC value is close to 0.5, which is acceptable. The proposed construction S-box accomplishes the least, most extreme, and ordinary qualities for SAC is 0.406250, 0.625000, and 0.498291 separately, and the difference is 0.044987.

Bit independence criteria

Bit independent criteria are used to maintain the capacity of disarray work in replacement boxes. Webster & Tavares (1985) first defined this measurable property, e.g., for a set of specific torrential slide vectors, in general, the torrential slide factors must be pairwise free. For proposed S-boxes, the average BIC non-linearity matrix is 106, which is a significant value. Furthermore, the BIC-SAC matrix’s average against our S-box is 0.50021, which is quite near 0.5. Table 5 presents the BIC, and Table 6 presents the SAC of BIC. The findings provided in Table 7 demonstrate that our suggested S-box is very desired based on SAC and BIC criteria.

After that exacting torrential slide standard on BIC, SAC was applied, and the outcome is given in Table 7. The standard worth of SAC of BIC is 0.50021, which demonstrates the power of the presented substitution box.

Differential approximation probability

The differential approximation probability for an S-box should demonstrate differential uniformity under ideal conditions. An S-box is considered as strong as much smaller DP values. The proposed S-box differential probability is shown in Table 8 and Fig. 6. According to Eq. (19) (Dimitrov, 2020). (19)${\displaystyle DAP\left(\lambda x\to \lambda y\right)=\frac{|x\in X|\left(Sx\right)\oplus \left(x\oplus \lambda x\oplus =\lambda y\right)}{2^m}}$

λx is an input and λy is output differential, x is the set of all possible inputs, and 2^m isthe number of elements.

Linear approximation probability

The linear approximation probability is often used to assess an event’s mismatch. This number helps determine the highest value of the event’s mismatch, accordingly, i and j are used to determine the parity of input and output bits. The linear probability can be calculated through the adapted Eq. (20) (Dimitrov, 2020) below. (20)${\displaystyle L{P}_f=ma{x}_{i,j}\ne \frac{x\in X|x.i=S\left(x\right)j}{2^m}=\frac{1}{2}}$

where i is the input mask value and j is the output mask value, X is a set of 2^m elements that contains all x input values. An S-box is considered as strong as smaller the values of linear approximation probability. In the proposed S-box case, the maximum LP is 0.13281, as shown in Table 8.

Histogram analysis

Histogram analysis is the analysis of graphical values for image information. It is used to validate the pixel distribution values for the cipher image. A suitable type of image encryption has the same frequency of grey scales, which indicates a uniform distribution. The cipher image’s histogram shows a balanced distribution of pixels. This demonstrates that it is challenging for attackers to obtain useful statistical information from the encrypted image. Although the pixel values of the encrypted image do not have a simple regularity, the attacker cannot extract the original image by a raw force analysis of the cipher. The histogram analysis for the original and cipher images is shown in Fig. 7. The encryption process is comprised of the permutation stage where the Chen chaotic trajectories would XORed with image channels to create diffusion. The comparison of the RGB channels of the original and cipher image test the encryption efficiency. The RGB channel of original test images are shown in Fig. 8 and the RGB channel-wise histogram analysis of test images is shown in Fig. 9.

Coefficient analysis

The correlation will visually represent the difference between the plain and cipher images than the histogram and data entropy. The association between neighboring pixels is reasonably high in plain images, and the attacker can use the correlation between neighboring pixels to gain useful information. Therefore, the similarity between the neighboring pixels of the encrypted image is closer to 0 after image encryption, suggesting that the pixel distribution is random. Attackers carry out a statistical attack using the input image’s correlation values. The encryption algorithm is thus necessary to decrease the association between adjacent pixels of cipher images. The correlation coefficient of the original and cipher image of the airplane, owl, and fruits is shown in Fig. 10 and in Table 9. The channel-wise correlation coefficient of the original and cipher Airplane image is shown in Fig. 11. The correlation coefficient can be represented mathematically as an adapted Eqs. (21) to 23 (Şengel, Aydın & Sertbaş, 2020) below. (21)${\displaystyle S=\frac{\mathbf{cov}\left(\mathbf{x1},\mathbf{y1}\right)}{\alpha x\cdot \alpha y}}$

where, $ax=\sqrt{var}{x}_1$ and $ay=\sqrt{var}{y}_1$ (22)${\displaystyle Var\left(x1\right)=\frac{\mathbf{1}}{n}\sum _{i=\mathbf{1}}^n{\left(xi-E\left(x1\right)\right)}^{\mathbf{2}}}$ (23)${\displaystyle Cov\left(x1,y1\right)=\frac{\mathbf{1}}{n}\sum _{i=\mathbf{1}}^n\left(xi-E\left(x\mathbf{1}\right)\right)\left(yi-E\left(y\mathbf{1}\right)\right)}$

where x1 and y1 are the original and encrypted image pixels, respectively, and m x n denotes the image’s total dimension. The original and encrypted airplane correlation coefficient can be seen in Fig. 9.

Entropy analysis

Entropy is the level of uncertainty of pixels in images. Typically, to characterize the intensity of randomness, we use information entropy. This research is a mathematical analysis of the condition. The encrypted image entropy analysis shows its instability, and the resulting values should be like 8 since all the numbers have the same probability. As a result, the effective cryptosystem entropy should be 8, indicating that all states of information occurred an equal number of times and securing the image against retrieving by the attacker. (24)${\displaystyle H=\sum _{n=0}^{n=255}{P}_n{log}_2{P}_n}$

where Pn is the frequency of events for pixels of the quality n, local entropy best represents the unpredictability of pixel values in the image. Allow the image to be partitioned into small blocks of equal size that do not overlap, then calculate the entropy of each block of data. The image’s local entropy is defined as the average block entropy values. The information entropy of the channel cipher image shows that most of the values are near to 8, as shown in Table 10.

Differential attack analysis

In a differential attack, an attacker changes the slight pixel value of an encoded image and then generates an output image to extract essential information from an image. The phenomenon of differential attack is as simple as using the changed pixel value image and original cipher image and measuring the contrast between them. In this manner, most attackers will break cryptosystems by determining the difference between two encoded images. This approach is known as a differential attack. The suggested algorithm must be susceptible to the secret key and the plain text for a safe encryption strategy. Any minor change in the secret key or the plain text causes the ciphertext to change completely. A number of pixels change rate (NPCR), and Unified average changing intensity (UACI) check the resistance against differential attack. Examination of arithmetic results of NPCR esteems concerning distinctive image layer parts are indicated in Table 11. (25)${\displaystyle NPCR\left(I_1,I_2\right)=\frac{\sum x,yC\left(x,y\right)}{w\ast H}\times 100}$ and

(26)${\displaystyle UACI\left(I_1,I_2\right)=\frac{1}{H\ast W}\left[\begin{array}{c}\hfill \sum xy\frac{\left|I_1\left(x,y\right)-I_2\left(x,Y\right)\right|}{255}\hfill \\ \hfill \hfill \end{array}\right]}$

where, I₁(x, y) and I₂(x, y) are two images with one pixel difference.H * W is the size of image. C(x,Y) is defined as: (27)${\displaystyle \left\{\begin{array}{c}\hfill C\left(x,y\right)=1if{I}_1\left(x,y\right)=I_2\left(x,y\right)\hfill \\ \hfill C\left(x,y\right)=0otherwise\hfill \end{array}\right.}$

NIST analysis

The NIST 800-22 test is used to evaluate the randomness characteristic of encryption algorithms. Some qualities, such as extended time, high complication, uniform distribution, and productivity, are used to measure cryptosystem security. We choose several cipher images for the NIST test and compute their P values according to Karell-Albo et al. (2020), which should be in the range [0,1]. To confirm the randomization test, we chose three distinct photos from Table 12 (Lena, peppers, and baboon).

Key sensitive test

Assume a 16-character cipher key is used in the key sensitivity test. This signifies that the length of the cipher key is 128 bits. The steps below are used to conduct a typical key sensitivity test.

1. To begin, a 512 × 512 image is encrypted using the cipher key “abc123def456gh78”.

2. The least significant bit of the key is then modifying, and the original key becomes, say “abc123def456gh79”.

3. Finally, the two images are encrypted with old and modified cipher keys, and then both images will compare. Therefore, the image encrypted with the cipher key “abc123def456gh78” differs from the image encrypted by “abc123def456gh79” in terms of pixel grey-scale values by 99.61%, even though the difference between both cipher key values is just one bit.

Mean Square Error (MSE)

The MSE represents the difference between the original and encrypted images. For improved performance between two distinct images, this difference must be quite large. MSE = (1)/(MN)(original image–encrypted image) The MSE measures an estimator’s quality; it is always non-negative, and numbers closer to zero are preferable. The MSE is the estimator’s variance and is measured in the same units evaluated by the quality square. The MSE values for test images are shown in Table 13.