An Effective S-box Construction Based on Linear Recurrences with Constant Co-Efficient

In this paper, we propose an algorithm for the construction of substitution-box (S-box) through a linear recurrence relation. S-box is considered as the building block of block ciphers; here, we present a technique to construct S-boxes by using linear recurrence relation to comply with the standards of cryptographically secure S-box. We have witnessed that the latest research relies more on improving already existing techniques, rather than developing wholly new methods. We use linear recurrence for the design of S-box in an entirely new way. Real values, including initial and obtained values, are concealed by converting it into new numbers to avoid any pattern to follow. The obtained S-boxes are analyzed through benchmark performance tests to check the strength and quality of our proposed S-boxes. Later, we used the S-boxes to encrypt an image and also performed encryption and decryption of data in noisy channels to make it more applicable in low profile applications.


Introduction
The security of data has become a major necessity of our life in the present era. Fast and modern communication channels are being used around the globe, which demands the security of transmitted data to avoid privacy hazards. In order to prevent the misuse of data by unauthorized people, many researchers are developing techniques to create confusion in the original data. As time progresses, the need to develop strong cryptographic algorithms 1 3 is becoming crucial. Cryptographically secure systems are becoming very important nowadays as we are using them not only in military and defense applications, but also in our daily life in our mobile phones, social media accounts, and banks [1].
To secure the communication through mobile phone and wireless sensor networks, the data transmitted is encrypted using symmetric or asymmetric algorithms to avoid the leakage of information. Substitution-box (S-box) plays a significant role in ensuring the security of the system and is considered to be a major component of a symmetric block cipher in cryptography. S-box creates confusion in data by establishing a unique relationship between plaintext and cipher text. Most secure block ciphers include both substitution and permutation [2]. The purpose of this paper is to construct S-boxthat satisfies all the necessary conditions for developing a secure system. It is a known fact that in the last two decades, the academic study of construction of S-boxes for securing our data has been an attractive area of study for many researchers. Advanced Encryption Standard (AES) is considered as the strongest system for data security and is widely used, but due to the high computational complexities, comparatively easy applicable algorithms are developed these days [3].
The proposed technique of S-box construction is based on linearly recurrence relation. The idea of using linear recurrence may be perceived as outdated in this era. However, we use it in a unique way along with the latest methods to get efficient results.
This paper is organized as follows. In Section 2, the preliminaries are discussed. In Section 3, the method for the construction of our substitution-box is explained. In Section 4, the comparison with already existing techniques for S-box design is presented and discussed. The strength of our constructed S-boxs is tested on the basis of Non-Linearity, Bit Independence Criterion, Strict Avalanche Criterion, Linear Probability, and Differential Probability [4,5].

Linear Recurrence Formula
In order to incorporate linear recurrence in this research, we delve into its prior history, which can be classified as finite history and full history [6]. Finite history emphasizes on the dependence of fixed number of earlier values, while an equation that depends on all the preceding terms has a full history. Similar to differential equation, it can be classified into homogeneous and non-homogenous. Homogenous linear recurrence relations are easily distinguishable from non-homogenous relations due to the presence of an extra term g(x). The formula of linear recurrence is defined in Eq. (1).
If g(x) = 0,equation is homogenous, but when it is not equal to zero, then equation is non-homogenous. Here, we considered a homogenous equation with all coefficients zero except c 0 , c 1 andc 2 .Here we take the values as c 0 = 1, c 1 = −1 and c 2 = −1.
(1) c 0 x n + c 1 x n−1 + … + c m x n−m = g(x), n ≥ m 3 Scheme of Proposed S-box Generation

Step 1
First, we consider the Fibonacci number calculation formula [6], as given in the following equation.

Step 2
In our experiments, the initial random values, i.e., 150 and 130, are used to calculate further values . But, after many iterations, maximum of 168 distinct integer values are calculated. To calculate more values, we apply the same formula with slight change in initial conditions. The process repeats until we get all required values from 0 to 255. We get all values by using a formula three to four times with the change in initial conditions and using different variables. For example,, we use Eq. (3) with different initial values for generating more values.
We can also change the formula as a product of preceding terms instead of summation to create more confusion. Table 1 shows the set of a few initial values used for generating the further values.

Step 3
The numbers are arranged in specific way that calculated values are picked in iterations in a respective manner. For example, the first value from x is used, then the first value of y and so on. This step makes all values more random. The program is designed using MATLAB software.
The S-box obtained by following these steps is shown in Table 2.All the values are obtained with x, y and z variables. But to create more confusion, in the last step, we use the formula presented in Eq. (4) It can be observed from Table 2 that the all our initial values are appearing in the first row. So, to overcome this problem, we apply another the next step. (2)

Step 4
The S-box obtained after third step is transformed by converting the values from decimal to binary and permuted in reverse order to get the new decimal numbers. This step does not affect the non-linearity of the S-box; rather it helps in hiding the initial values. Figs. 1 and 2 show the steps for the proposed S-box construction method. The process of number filipping is applied to every value in the S-box to transform our S-box into a new S-box. The finalized S-box generated using this transformation is shown in Table 3.

Analysis Criterion of S-boxes
In order to investigate the strength of our constructed S-box, we test our S-box according to the following criteria: Non-Linearity (NL), Strict Avalanche Criterion (SAC), Linear Probability (LP), Differential Probability (DP), and Bit Independence Criterion (BIC), as explained in [7,8]. The values obtained for the proposed S-box are presented in Table 4, which are compared with the existing S-boxes in Table 5 and Figs. 4, 5, 6, and 7.

Non-Linearity
S-box is designed in such a way that the relation between plaintext and cipher text is nonlinear in terms of mapping, otherwise it would be susceptible to linear cryptanalysis. Nonlinearity is actually the distance between a Boolean function and the set of all the affine functions. The importance of non-linearity for the encryption process cannot be denied as mentioned in [8]..  The calculated non-linearity of our proposed S-box is 106, with minimum non-linearity as 104 and maximum non-linearity as 108. The comparison with the non-linearity of the known S-boxes is presented in Table 6 and Fig. 3.

Strict Avalanche Criterion
According to the SAC, if in the function that is forming the substitution box, we change the single bit of input, it is necessary that there is probability of 50% change in the output bits sequence. If the SAC value is closer to that of AES, it becomes more reliable. The obtained strict avalanche value for our constructed S-box is better than skipjack S-box and residue prime,as shown in Table 5 and Fig.4.

Bit Independence Criterion
The independent behavior of the pair of variables and the changes in input bits are considered as significant factors of BIC. According to this criterion, the input bits are transformed completely, and then output bits are checked for their independence. Bit independence is one of the most important criterions of S-box strength. The proposed S-box produces good results for the BIC, as shown in Table 5 and Fig. 5.

Differential Probability and Linear Probability
To access the imbalance of an event, the linear probability of the constructed S-box is calculated. It is represented by the formula given in Eq. (5)   In the given formula, p represents the input values of S-box. The input and output masks are expressed in the form of βp, βq respectively. We compared our results with the standard S-box results. Our obtained value is 0.125, which is not too susceptible in terms of linear attacks [18].
To measure the differential uniformity of the constructed S-box, we check the DP value of the constructed S-box. The formula for the calculation of DP is expressed in the following form in Eq. (6)  To represent the differentials, we use Δx and Δy . On the basis of comparative analysis shown in Figs. 6 and 7, we can say that our results are better than Skipjack, Xyi, and Residue Prime [18].

Image Encryption
We also performed image encryption in order to test the strength of the constructed S-box. We use Capsicum image for the encryption process. The image with pixel values of 0 to 255 is considered for encryption and the S-box ranging from 0 to 255 is applied on the image, which will replace pixel values of the image . The algorithm is applied twice to get the best results for the encrypted image as shown in Table 7

S-box
As we know, that the intruder can add noise to any communication channel intentionally. This makes it necessary to develop an algorithm, which is noise resistant. The noise must be removed to reduce the effect of channel noise caused by unauthorized person [20,21]. The next step is followed by the analysis of our constructed S-box based on bit error rate (BER), which is actually a function of length of burst errors for multiple values of Signal to Noise Ratio (SNR) in aggregation with the single error correction code. N . We also compare the performance of our constructed S-box for noise removal with conventionalS-boxes. The data is taken in the form of 100 random blocks with the block size N = 256. To encode our data, we use linear hamming code. The length of the cord word is taken as (7,4), whereas the minimum value of the hamming distance is kept equal to 3 . We then introduce the burst errors of different lengths in the data using Additive White Gaussian Noise (AWGN). The noise is then XORed it with the modular data for analyzing the performance of our S-box against the burst errors. Error rates are calculated at different values of SNR and compared with the results of standard S-boxes, i.e., AES, Gray, Skipjack, and Residue Prime S-boxes, as shown in Tables 8, 9, and 10. These results show that the proposed S-box can provide strong resistance against the noise. The error rate values for known S-boxes are taken from the existing study [22].

Conclusion
In this work, we proposed a new scheme for the construction of S-boxes. We established that linear recurrence relation can be used to construct efficient S-boxes in a simpler way. The technique presented for S-box construction has better results than some known algorithms. The strength of constructed S-boxes is analyzed by performance tests in order to cope up to the standards of well-known S-boxes. Furthermore, the constructed S-box is used for the encryption of an image as well as for noise removal, and it showed effective results.