To Study the Effect of the Generating Polynomial on the Quality of Nonlinear Components in Block Ciphers

Copyright © 2018 Shahid Mahmood et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Substitution box (S-box), being the only nonlinear component, contributes to the confusion creating capability of a cryptosystem. Keeping in view the predominant role of S-box, many design algorithms to synthesize cryptographically stronger S-boxes have gained pivotal attention. A quick review of these algorithms shows that all these ideas mainly concentrate on the choice of bijective Boolean functions, with nonobservance to the irreducible polynomial that generates the Galois field. In this paper, we propose that the selection of irreducible polynomial has a deep influence on the highly desirable features of an S-box such as nonlinearity, strict avalanche, bit independence, linear approximation probability, and differential approximation probability. We underpin our claim by investigating a detailed model, which deploys the same algorithm but different polynomials and produces unusual changes in the results regarding the performance parameters of S-box.


Introduction
Electronic exchange of data has undoubtedly revolutionized the communication in recent years but, on the other hand, the secure transfer of confidential material over Internet has become the biggest challenge nowadays.It definitely demands seriously high level of security.The main problem is to avoid unauthorised access to the secret data.To achieve the desired level of security, many techniques such as cryptography, watermarking, and steganography have been the major focus of research for past few years [1][2][3][4][5].In this paper, we deal with cryptography.
Cryptography is categorized into two types, symmetric key cryptography and asymmetric key cryptography.The symmetric key cryptography can be further split into two types: block ciphers and the stream ciphers.Advanced Encryption Standard is an example of block cipher that was officially adopted by the US government as the Federal Information Processing Standard (FIPS) in May 2002.AES algorithm [6] is based on four steps: round key addition, byte substitution, shift row, and mix column, but the most influential of all these is the byte substitution step.This step relies on a substitution box (-box), which serves as the only nonlinear component in any substitution-permutation network (SPN).
It has been established that the substitution box (-box) is a standout in different block ciphers and is a widely used mechanism in any substitution-permutation network as a source to produce nonlinearity [6].It renders an absolutely complex, unforeseeable layout to requite various blocks of bits in output data.To extend high resistance against unexpected surveillance, -box structure is required to fulfil certain standards.The indispensable involvement of -box to induce complexity and nonlinearity motivates studying the properties and algorithms for safer and more reliable -boxes.In this regard, many advanced structural developments are witnessed in literature.Khan et al. [7] proposed a technique for -box construction based on chaotic Lorenz systems.Hussain et al. presented -box algorithms using generalized Bakers map [8] and projective general linear group [9].Algebraic, analytical, and chaotic approaches for -box are studied in [10][11][12][13].Özkaynak et al. [14] applied fractionalorder chaotic Chen system, to develop -box.Tian and Lu [15] structured dynamic chaos-based -box in conjunction with DNA sequence operation.Some other more efficient algorithms could be reviewed in [6,[16][17][18][19][20].In addition to this, applications of -boxes in digital image encryption, steganography, and watermarking have become quite popular and influential in recent years [4,11,13,21].
The study of innovation in design algorithms for -boxes witnesses that the change of model and the selection of Boolean function contribute little to the performance indices of an -box.We, in this paper, propose that the performance of an -box is highly related to the background Galois field.The fact that finite fields of the same order are isomorphic is definitely of worth but the scrambling effect of a nonlinear Boolean function applied on two different fields of the same order might vary.Since in cryptography, an -box is the salient component used to produce confusion in the data, it is worth studying that the confusion creating ability is associated with the choice of the irreducible polynomial used to form the background Galois field.
In [9], Hussain et al. presented an algorithm for generating -box through the application of a linear fractional transformation on the Galois field GF(2 8 ), structured by the polynomial  8 +  4 +  3 +  2 + 1.We in the proposed work show that the same algorithm used for a different polynomial exhibits highly improved values of nonlinearity, strict avalanche criterion (SAC), bit independent criterion (BIC), linear approximation probability (LAP), and differential approximation probability (DAP).By comparing the numerical results of these tests, we prove that different polynomials produce significantly different results.This observation leads to revising the existing models by choosing different background polynomials as it could be more influential in improvement of ideas rather changing the whole scheme.
We organize the contents of this paper as follows.In Section 2, we discuss the properties of the background Galois field GF (2 8 ).The detailed algorithm for the design of the -box is presented in Section 3. Section 4 deals with the analyses of -boxes against several common attacks and the comparison of respective results.We further compare the cryptographic standing of both of the newly synthesized boxes with the state-of-the-art AES -box.Conclusion is presented in Section 5.

Generating Polynomial and the Galois Field
For any prime , Galois field GF(  ) is expressed as the factor ring F  []/(()) where () ∈ F  [] is an irreducible polynomial of degree .For GF (2 8 ) we choose an irreducible polynomial of degree 8 that generates the maximal ideal of the principal ideal domain F 2 [𝑋].We know that the multiplicative group of the resultant field GF(2 8 ) is cyclic and hence each nonzero element of the field can be expressed as a power of the generator  = 00000010.
In order to support our claim regarding the effect of polynomial, we choose two irreducible primitive polynomials  1 and  2 of degree 8, to construct Galois fields F 1 and F 2 , respectively, where  1 =  8 +  6 +  5 +  4 + 1 and  2 =  8 +  4 +  3 +  2 + 1, as used in [9].We may choose other polynomials as well to compare our calculations but the selected pair beautifully serves for the purpose.Let   represents the multiplicative group of the Galois field, F  .The exponential form of elements of the multiplicative group  1 , along with their inverses, is represented in Table 1; however the elements of  2 are presented in Table 2 of [9].In the next section, we use these calculations to develop the corresponding -boxes.

Algorithm for 𝑆-Box
An  ×  -box is defined by a vector Boolean function S  : GF(2  ) → GF(2  ), defined as where ) and each of   's is regarded as a component Boolean function.
For a field F, the general linear group GL(, F) is a group formed by all  ×  invertible matrices.A projective general linear group of degree  over a field F is defined to be the quotient group of GL(, F) by its center.For this paper, we form the 8 × 8 -box by considering the action of the Galois field GF(2 8 ) on the projective linear group PGL(2, GF(2 8 )); that is, we take a function  : PGL(2, GF(2 8 )) × GF(2 8 ) → GF(2 8 ) defined as follows: In (2),  is known as a linear fractional transformation (LFT) with , ,  and  ∈ GF(2 8 ) satisfying the nondegeneracy condition  −  ̸ = 0.The ease of implementation, lesser computational labour, and high algebraic complexity of an LFT are the prime features that give incentive to employ this map for byte substitution.We may choose any values for LFT parameters that satisfy the aforementioned condition but, for the presented calculations, we, in particular, choose the same values as in [9], so that a comparison could be set easily.We consider  = 35,  = 15,  = 9 and  = 5.The images of the map , when applied on F 1 and F 2 , produce our -boxes  1 and  2 , respectively, as shown in Tables 2 and 3.

Performance Analysis of 𝑆-Boxes
The cryptographic strength if the -boxes, generated in the foregoing section, are examined through the most widely used analysis techniques such as nonlinearity, bit independence, strict avalanche, and linear and differential approximation probabilities.In the following subsections we present all these performance indices one by one and compare the performance of  1 and  2 with one another, as well as, with the ever-prevailing algorithm AES.

4.1.
Nonlinearity.Nonlinearity analysis measures the distance of the reference function from all of the affine functions.Nonlinearity criterion outlines the total number of bits that must be altered in the truth table of a Boolean function to get close to the nearby affine function [22].Table 4 shows that, for  1 , the average nonlinearity measure is 112., which is the highest figure attained by the AES -box.Figure 1 shows the comparison which clearly depicts outstanding performance of  1 as compared to  2 .

Linear Approximation Probability.
The measure of unevenness of an event is determined by linear approximation probability.This analysis is used to evaluate the maximum imbalance of the outcome.Mathematically, the linear approximation probability for a given -box is defined as follows:

LP = max
where  represents the set of all possible inputs and Γ  and Γ  are the input and output masks, respectively.Numerical results presented in Table 5 and compared in Figure 2 show that the linear approximation probability of  1 is much better than  2 .

Differential Approximation Probability.
For further analysis, we use the differential approximation probability, which determines the differential uniformity demonstrated by an -box.The mathematical expression for DP is given by the following: In the above-mentioned expression input and output differentials are represented by Δ and Δ, respectively.The smaller the differential uniformity, the stronger the -box.
It is evident from Table 5 and Figure 3 that in terms of the differential approximation probability  1 is much stronger than  2 .

Strict Avalanche
Criterion.This criterion examines the changes in the output bits caused as a result of single input bit change.This is one of the most desirable features of any cryptographic design that when we change a single input bit, changes must occur in half of the output bits.In other words an -box, S  : F  2 → F  2 is said to satisfy SAC if, for a change in an input bit, the probability of change in the output bit is 1/2.The results are shown in Table 5 and Figure 4. 4.5.Bit Independence Criterion.The independent behavior of the pair of variables and the variations of input bits are considered as important factors of bit independence criterion.In bit independence criterion, input bits are transformed exclusively, and then output results are scrutinized for their independency [23].Bit independence has great worth in cryptographic structures.The goal of reaching the maximum complexity and perplexity in a system can be achieved through this property of increasing independence between the bits.In cryptographic systems, the increased independence between bits is an essential requirement as it makes harder to understand and forecast the design of the system.
The numerical results of BIC when applied to the proposed -box are given in Table 5 and are compared in Figure 5.It can be observed that according to these results our -box  1 is pretty similar to the AES -box and is much better than  2 .
One can observe that overall performance of  1 is much better than that of  2 .The performance parameters for  1 seem to be pretty close to that of AES -box.The algorithm used for both  1 and  2 is the same but the primitive polynomial selected to generate the Galois field is different, which really contributes to the outputs.

Conclusion
The kernel of the presented work lies in the fact that the choice of the background Galois field and its generating primitive  polynomial matters to the function and performance of the substitution boxes.This fact leads to the fascinating idea that, rather than the development of new algorithms, the improvement of the existing algorithms is worth studying as its least laborious but most effective.We propose, on the basis of the example discussed, that the effect of the choice of generating polynomial may lead to an intensive research in future to modify the design models of -boxes.It will definitely affect the applications of -boxes in other branches of the digital communication, such as steganography, watermarking, and image encryption.

Table 1 :
Exponential representation and the multiplicative inverses of elements of  1 .

Table 4 :
Performance Indices for new -box.

Table 5 :
Comparison of performance indices for different -boxes.