ALICA: A Multi-S-Box Lightweight Cryptographic Algorithm Based on Generalized Feistel Structure

,


Introduction
Te Internet of Tings (IoT) is the transmission and communication of data between terminal nodes in the Internet era.Trough information gathering and communication, sensor devices form an interconnected network for transmitting information, enabling applications such as remote device tracking, dynamic logistics and goods management, and predictive analysis.IoT continuously expands and drives societal development, bringing extensive and profound impacts to various aspects of people's lives and ofering signifcant convenience.However, while benefting from the advancements in information technology, challenges arise in securing IoT devices due to their heterogeneous nature, limited computing capabilities of many IoT devices, constraints imposed by deployment environments, and resource limitations.Additionally, diferent IoT devices may utilize various cryptographic hardware acceleration modules, making it challenging to adopt a unifed architecture for security protection.Moreover, some IoT devices lack built-in cryptographic modules or have outdated ones, leaving them vulnerable to security breaches related to password protection.Malicious individuals exploit these vulnerabilities in IoT terminal devices to engage in activities such as device destruction or stealing information.Tis leads to the silent theft, sharing, and dissemination of signifcant amounts of sensitive data, often for fnancial gain.To prevent data breaches and safeguard stored information, data encryption and secure communication in IoT devices play a crucial role.While efcient cryptographic hardware security modules are essential, the diverse nature of IoT devices limits deployment fexibility.Terefore, designing a lightweight cryptographic algorithm that prioritizes software implementation and is easily deployable becomes a viable solution to address security concerns related to information and data leakage in resource-constrained IoT devices.Te application of modern cryptography plays a vital role in ensuring data security.While encryption algorithms like AES [1] can provide data security, their implementation often requires a signifcant number of hardware gate circuits, resulting in a relatively large hardware footprint.Tis poses a challenge for deploying AES on low-power and low-computational devices, as it demands signifcant power consumption.In software implementation, the Advanced Encryption Standard (AES) can consume substantial amounts of memory and may not satisfy the output bandwidth demands of real-world applications.Additionally, it fails to meet the low-power and low-resource demands of IoT devices that have limited resources.In essence, traditional encryption implementations often struggle to deliver satisfactory performance in resource-limited environments, resulting in high latency and energy consumption.Terefore, they may not ofer optimal data protection capabilities.
In recent years, several lightweight block cipher schemes have been proposed for various environments.As early as the 1980s and 1990s, the industry developed a series of lightweight encryption algorithms, including A5/1 [2].Tis algorithm was utilized in the feld of mobile communication as a cipher algorithm for communication encryption, commonly referred to as the GSM encryption algorithm.Te design goal of the A5/1 algorithm was to efciently perform encryption and decryption operations on devices with limited resources.However, despite being considered secure in the past, A5/1 has now been proven to be susceptible to brute-force attacks.Tis is due to linear attack vulnerabilities in its pseudorandom number generator design, which uses a 64-bit key.It is destined to be phased out with the advancement of computational power.Consequently, more and more people are turning to use A5/3 (also known as KASUMI) [3].In 2005, Lim et al. improved the Crypton cipher and introduced the mCrypton [4] cipher, which ofers three selectable security thresholds and is specifcally designed for RFID tags.In 2007, Shibutani et al. proposed the Piccolo algorithm [5].Piccolo is a block cipher algorithm that provides a security threshold with a 128-bit key size and utilizes the SPN structure.Piccolo's design goal is similar to achieve efcient encryption and decryption on embedded devices while demonstrating good performance in both software and hardware implementations.In 2011, Guo et al. introduced the LED cipher [6].LED cipher ofers two different encryption methods for keys of varying lengths, specifcally the 64-bit and 128-bit versions, each with its own security threshold.It adopts the SPN structure, considering the resource constraints and power requirements of embedded devices.LED uses a simple S-box structure and efcient bit operations.Also in 2011, Suzaki et al. proposed the TWINE cipher [7], which is also based on the SPN structure.A notable feature of TWINE is its ability to select key and block lengths based on application requirements.For example, TWINE's key size and sequence length can be used in two diferent ways.Furthermore, TWINE provides variants with variable key and block lengths to adapt to various application scenarios.In 2011, Wu et al. introduced LBlock [8], which utilizes the Feistel structure.While this design logic reduces the cost of hardware and software implementations, it requires more iterative rounds as a trade-of to achieve sufcient cryptographic security.In 2012, Borghof et al. proposed PRINCE [9], which utilizes a matrix structure and combines iterations involving permutation and linear transformation operations.Te introduction of the matrix structure increases the complexity of cipher design logic and requires more memory.In 2015, Zhang et al. proposed a lightweight block cipher called RECTANGLE [10], which is suitable for hardware implementations and utilizes bit-slicing techniques.Similarly, the implementation of matrices in its design requires more memory.In 2017, Banik et al. introduced GIFT [11], a block cipher that utilizes the SPN structure with S-boxes generated using the Grøstl hash function.Te use of the SPN structure makes logic implementation more complex compared to Feistel-structured ciphers, and it requires more memory.In 2019, Wu et al. proposed the uBlock algorithm [12], which is adaptable to various software and hardware platforms, taking into account the computing resources of modern microprocessors.However, despite mentioning that uBlock can be accelerated using SSE and AVX2 instructions, it is important to note that these instructions are not commonly supported on target devices.Terefore, the practical efciency of this cipher in real-world applications still needs to be verifed.[15], which aims to encrypt data within a single clock cycle in order to mitigate the high implementation cost of MDS matrices in lightweight block ciphers.Tis cipher is designed with a focus on hardware and may not be as suitable for software implementations.Cipher algorithms such as PIPO and Shadow, which are newly proposed, employ novel design logic and require further testing in terms of security and efciency.As old cipher algorithms continue to face attacks and vulnerabilities in their design logic being exploited, it is necessary to introduce new cipher algorithms to counter the increasing computational capabilities and specialized attacks by adversaries.In 2023, following a review and third-party security analysis conducted by NIST's lightweight cryptography team, the Ascon series algorithms were chosen as the standard lightweight block cipher algorithms [16].Tis marked the establishment of new cipher algorithm standards and opened up new research possibilities for researchers.When designing and using lightweight ciphers, it is crucial to consider specifc application scenarios.Current cipher algorithms mostly use Sboxes as the nonlinear components of the cipher, particularly in lightweight block ciphers.In these ciphers, 4 × 4 Sboxes are often the optimal choice as they strike a balance between hardware implementation area, performance, security, and resource consumption.In the implementation of 2 International Journal of Intelligent Systems lightweight block cipher algorithms that utilize S-box substitutions, such as Piccolo, LED, LBlock, and uBlock, their performance in terms of logic is similar.Tis is because their performance is determined by the cipher design logic and clock frequency when implemented in hardware.In software implementations, cipher algorithms with S-box design logic do not ofer a signifcant advantage compared to those that use arithmetic operations in ARX.Additionally, they require more memory storage for substitution tables.On the contrary, S-boxes ofer greater security advantages and can achieve the required level of cryptographic security with fewer cipher iterations.ALICA, from its inception, is designed to be suitable for both software and lightweight hardware implementations.Te goal is to minimize memory usage and employ an appropriate number of iterations while maintaining the required security level.ALICA utilizes fundamental instructions such as XOR and shifts to maximize the performance of the cipher on various platforms.Tis allows it to meet the demands of real-world environments with heterogeneous computing units and resource constraints.In this paper, we propose a novel lightweight cipher algorithm called ALICA, designed to be applicable to low-computational-power heterogeneous devices.ALICA employs a generalized Feistel structure, and linear processes are implemented through XOR and bitwise operations, making it easy to implement in software and deploy uniformly across diverse devices.While ensuring security, ALICA outperforms other cipher algorithms that use Sboxes in terms of performance.ALICA does not rely on round constants, which reduces its advantages over memory-intensive ciphers.ALICA does not depend on specifc instruction accelerations, allowing it to perform well on various computing platforms.

ALICA
ALICA is a block cipher that employs a generalized Feistel network structure.It operates on input blocks of 96 bits and uses a 128-bit key.In ALICA, the initial key K is subjected to a key expansion algorithm to generate new subkeys k i and k i+1 .Tese subkeys are then separately applied to the left-round function F left and the right-round function F right .Te only diference between the two lies in the utilization of distinct 4 × 4 S-boxes.Next, the plaintext input is divided into 32-bit segments and fed into the round functions for 24 iterations.After the fnal round, the resulting ciphertext is produced.Te specifc process of splitting the plaintext into smaller segments will be illustrated in the overall framework design of ALICA.
2.1.Te Design of ALICA.PRESENT, uBlock, and FUTURE are lightweight cryptographic algorithms that utilize the substitution-permutation network (SPN) structure, as shown in Figure 1.In contrast, there are other structures employed by Simeck and LBlock, for example, the Feistel structure (as shown in Figure 2) and its derivative, the generalized Feistel structure.Te ALICA cipher algorithm belongs to the generalized Feistel structure, as shown in Figure 3.
In ALICA, the 96-bit plaintext sequence is divided into three groups: left, middle, and right, each consisting of 32 bits.Te left and right groups are then separately fed into the left-round function and the right-round function.Te results from both functions are XORed together to produce the intermediate sequence for the next round.Te logical structure is illustrated in the diagram provided.

International Journal of Intelligent Systems
Te F-function is composed of a 4 × 4 S-box and a bitwise shift operation.Te design of the S-box is determined by the specifed design scheme, and the output is XORed at the byte level before undergoing a shift operation.In the following sections, a detailed analysis and study of each component will be presented.

Te Design of the F-Function.
Te F-function is the most crucial component in the Feistel structure of the cipher, and the complexity of its design directly afects the security aspects such as resistance to linearity and diferentials.In ALICA, which adopts the generalized Feistel structure, the left-round function F left and the right-round function F right only difer in the internal S-boxes they use, while their fundamental structures remain the same.Te F-function takes two types of sequences as inputs.Te frst type is the XOR result of a 32-bit plaintext sequence, and the second type is a 32-bit subkey sequence generated by the key expansion scheme.Te F-function consists of S-box substitutions, byte-wise XOR operations, and shift operations.Using A-H to represent 4-bit random sequences, the Ffunction can be depicted as shown in the following fgure.

Te Design of S-Box.
Te S-box is the only nonlinear component in the ALICA cipher structure and plays a crucial role in ensuring the security and robustness of the cipher algorithm.ALICA employs three 4 × 4 S-boxes in its design, and their logical designs are identical.Although using larger S-boxes, such as the 8 × 8 S-box in AES (1000 GEs), provides better resistance against various cryptographic attacks, their larger hardware implementation area or higher memory consumption in software implementations makes them unsuitable for deployment.Similarly, 6 × 6 (300 GEs) and 6 × 4 (300 GEs) S-boxes are also not preferred choices for lightweight cipher designs.On the other hand, the hardware implementation of a 4 × 4 S-box only requires 28 GEs, signifcantly reducing the hardware implementation area and memory usage of the nonlinear component in cipher designs.Hence, the 4 × 4 S-box is the optimal choice for designing lightweight ciphers.However, reducing the size of the S-box design inevitably leads to a decrease in its security.Furthermore, Mishra et al. [17] analysed that the S-box in the PRESENT cipher is not optimally designed and cannot efectively resist diferential attacks.Terefore, the design and selection of the 4 × 4 S-box should strive to improve its security performance.
Te security of an S-box can be evaluated by analysing its cryptographic properties, including nonlinearity, diferential uniformity, avalanche efect, algebraic degree, and distribution of terms.Diferent cryptographic properties determine the ability of an S-box to withstand various types of attacks.Generally, an S-box with better cryptographic properties provides stronger security.
Nonlinear mapping is a common design approach for many S-boxes, and researchers have developed powerful Sboxes using mapping transformations.Among them, the linear fractional transformation (LFT) is one of the mapping methods commonly used by researchers.In mathematics, a linear fractional transformation (LFT) can be roughly represented by the formula (1), which is generated by modifying four parameters: a, b, c, and d, in order to create a dynamic S-box.
While the design concept of dynamic S-boxes can make it harder for attackers to identify design faws in a cipher algorithm, implementing LFT requires additional memory storage for data.Furthermore, the performance of the algorithm's division operation is about ten times slower compared to bitwise XOR and shift operations on computers.In division operations, it is necessary to determine whether each subtraction of operands results in an overfow before deciding on the input for the next subtraction.Unlike multiplication, division operations cannot be parallelized, which further diminishes their advantages in lightweight cipher design.Te use of multiple S-boxes in cipher algorithm design can enhance cryptographic strength without relying on dynamic Sboxes, as it eliminates these disadvantages.
Te specifc method for designing the S-box is as follows.
By addressing the issue of data overfow in the generation of S-boxes, Zahid et al. [18] proposed the use of the triple fraction transformation (CFT), which constrains the transformation within the fnite feld GF (2 4 ).Te CFT, as shown in equation (2), is an extension of the LFT, where the original linear transformation is converted into a nonlinear transformation.Te introduction of nonlinear characteristics makes the generation of S-boxes more complex.However, on the contrary, the probability of generating Sboxes with good cryptographic properties within a limited time frame increases.
where α(z) 3 + β ≠ 0. Let α � 3 and β � 4. Te S-box generated by these two values is used in the left function F left of the ALICA cipher, referred to as the left S-box in this article, as listed in Table 1.
Next, this paper will analyze the left S-box generated using the proposed method for constructing S-boxes.It will evaluate its encryption strength using widely used standards to measure the performance of S-boxes.

Injectivity.
A function f is injective if and only if for every ∀y ∈ Y and a unique x ∈ X such that f(x) � y.In other words, when

Nonlinearity.
A good S-box should possess high nonlinearity rather than linearity.Te nonlinearity of an n-bit Boolean function f is calculated using the following formula: Here, <x, α> represents the bitwise dot product.Te value proposed in this paper is 7. International Journal of Intelligent Systems

Strict Avalanche Criterion (SAC).
Webster et al. [19] proposed the strict avalanche criterion (SAC) as a standard for a high-performance S-box.Te average SAC value of the proposed left S-box in this paper is approximately 0.4974, which satisfes the strict avalanche criterion.SAC values for each value of the S-box are calculated and presented in Table 2.

Linear Probability.
When evaluating the security of an S-box, an important metric is its linear probability.Te linear probability of an S-box refers to the likelihood of a linear correlation between the input and output bits of the S-box.Specifcally, assuming the input bits of the S-box are x 1 , x 2 , . . ., x n , and the output bits are y 1 , y 2 , . . ., y m , the linear probability of the S-box can be defned using the following equation: Here, a 1 , a 2 , . . ., a n and b 1 , b 2 , . . ., b m are arbitrary nonzero bit values, excluding all zeros and all ones.A smaller linear probability of an S-box implies that it is more difcult for attackers to exploit linear relationships for cryptographic attacks.
Te linear probability of an S-box is calculated using the following equation: Here, A x and B x represent input masks and output masks, specifcally, Z ∈ {0, 1, 2, ..., 15}.Te maximum linear probability of the left S-box proposed in this paper is 0.25, indicating that the S-box possesses resistance against linear cryptanalysis.

Diferential Uniformity.
Diferential uniformity is a measure of the frst-order nonlinearity of an S-box and is also known as the minimum nonzero element value in the table of diferential distribution.It represents the minimum magnitude between the diferences (input diferentials) of any two given inputs and the diferences (output diferentials) of their corresponding outputs.Diferential uniformity is a measure of the uniformity of a permutation function across various input diferentials.Te method for calculating diferential uniformity is as follows: (1) Calculate the set of output diferentials for each input diferential in the S-box (2) For each set of output diferentials, calculate the number of distinct elements (3) Take the minimum value of the number of distinct elements among all sets of output diferentials as the diferential uniformity value of the S-box A higher diferential uniformity indicates a stronger frst-order nonlinearity of the S-box, thus enhancing its security in cryptography.Based on the above analysis, the calculation formula for diferential uniformity (DU) is given by equation ( 6), and the calculation formula for diferential probability (DP) is given by equation ( 7): Here, Δx represents the input diferential, α represents a bit in the input diferential, and F 2 n represents the n-bit binary feld.Table 3 presents the diferential distribution table of the proposed left S-box in this paper.Table 4 displays the linear approximation table of the proposed left S-box in this paper.Lastly, Table 5 illustrates the DU values of the proposed left S-box.According to the diferential distribution table, the minimum DU value is 6.Te diferential probability (DP) of the left S-box is 0.25.

Te Linear Transformation of F-Function.
According to Shannon's theorem, the security and robustness of a cipher can be achieved through the principles of confusion and difusion.Te ALICA cipher employs a generalized Feistel structure, which inherently provides difusion capabilities.However, this alone is not sufcient.Due to the lightweight constraints imposed by the designed S-boxes (nonlinear components), the design of the difusion component also needs to balance difusion capabilities with hardware implementation area and memory footprint.In ALICA, the linear components of the round function F are designed with a focus on high efciency in software implementation.Tis is achieved by utilizing only bitwise cyclic shift and bitwise XOR operations on bit sequences.Te specifc design logic can be referred to in Figure 4.In the upcoming sections, this paper will represent the linear components using logical symbols.
Let M, N, P, and Q be 8-bit random sequences generated by the S-boxes within the round function F (not specifcally referring to the left-or right-round function).k i represents the subkey of the i-th round, composed of 32 bits.Te generation of subkeys will be detailed in Section 3. Te linear transformation L in the round function can be represented by Algorithm 1.

International Journal of Intelligent Systems
Diferential branch number refers to the number of branches required to determine the critical diferentials through diferential analysis.Te branch number represents the number of bits observed during the diferential analysis.Te higher the branch number of the linear transformation in a cryptographic system, the stronger its resistance to diferential analysis.Te linear branch number is an indicator that expresses the linearity properties of a linear transformation in a cryptographic algorithm.It is defned as the expected number of output bits that difer when there is a change in the input.A higher linear branch number indicates a larger portion of the algorithm's linear transformation.Tis means that changing input bits will have a greater impact on more output bits.Tis implies a higher complexity of the linear transformation, making it more difcult for attackers to exploit it in cryptographic attacks.
Although maximum distance separable (MDS) structures have inherent advantages in the design of cryptographic algorithms, their implementation cost in terms of software and hardware is relatively high.Table 6 shows the XOR numbers required for linear layers using diferent methods, which limits their widespread adoption in lightweight cryptography.In designing the linear transformation of ALICA, a compromise approach is taken, utilizing a costefective strategy for linear transformation.Te linear transformation L constructed in this paper possesses the following characteristics: (1) Te diferential branch number of L is 8, and the linear branch number is 4 International Journal of Intelligent Systems (2) Te operations involved in L include XOR and bit shifting, making it easy to implement in both software and hardware with a relatively low implementation cost 2.5.Te Subkey Generation Scheme of ALICA.Te subkey generation scheme in a cryptographic algorithm refers to the process of generating the subkeys necessary for the algorithm.Te ALICA cryptographic algorithm allows for the derivation of the entire set of subkeys for the data encryption process from a single computation of the key.Terefore, even though the purpose of this paper is to design a lightweight cipher, the subkey generation process is designed to ensure key difusion during the encryption process and is more complex than the encryption process itself.
In the design of the ALICA cryptographic algorithm, subkeys are generated separately for the left-round function F left and the right-round function F right ALICA generates a total of 48 subkeys.Te values of left-k are derived from k 2r , and the values of right-k are derived from k 2r+1 , where r represents the iteration round number from 0 to n − 1. Te subkey generation scheme reuses the F-function component.Te subkey input parameter of the F-function is set to 0, and the S-box used in the F-function is replaced with a key S-box.Te design concept of the key S-box has been explained in the previous section and can be referenced in Figure 5. Te specifc key S-box is shown in Table 7.
Te following section will describe in detail the process of generating subkeys from the key K.In the ALICA cryptographic algorithm, the key K is 128 bits, and each subkey k has a length of 32 bits.Te specifc subkey generation scheme is outlined in Algorithm 2.
Let Bitset [i] be a value represented as x 7 x 6 x 5 x 4 x 3 x 2 x 1 x 0 , Te XOR function for Bitset [i] can be expressed using the following formula:  International Journal of Intelligent Systems (8)

Security Analysis of ALICA
3.1.Diferential Cryptanalysis.By calculating the number of active S-boxes in the single-round function of the ALICA algorithm, we can use the program to determine the minimum number of active S-boxes in a complete encryption round, which consists of 24 rounds.Te calculation results are shown in Table 8.
According to the second section of this paper, it is known that the maximum diferential probability for both the left Sbox and the right S-box in ALICA is 2 −2 .By calculation, it is found that the maximum diferential probability for 24 rounds of the ALICA cipher is (2 −2 ) 108 � 2 -216 , which is much smaller than the time complexity required for brute-force key search, which is 2 128 .Terefore, the complete round of the ALICA cipher is sufcient to resist diferential analysis.

Linear Analysis.
Te ALICA cipher algorithm uses left and right S-boxes with a maximum linear bias of 2 −2 .Terefore, applying the stack lemma, it can be concluded that the maximum linear bias probability for 24 rounds of the ALICA algorithm is (2 −2 ) 108 � 2 −216 , which is smaller than the security boundary of 2 −216 .Hence, the ALICA cipher algorithm with the full number of rounds is capable of resisting linear analysis.

Random Test of Subkey.
Te results of the NIST randomness tests, which are based on the calculation of the subkey sequence generated from the initial key, are presented in Table 9. Te randomly tested number sequence passes all 10 out of 10 tests in each category, indicating excellent performance in various aspects without any signifcant deviations.
Frequency and Block Frequency Tests.Tese tests assess the balance between 0 and 1 bits in the random number sequence.A pass rate of 10/10 indicates that the sequence exhibits good balance and shows no apparent bias.Cumulative Sums Test.Tis test checks for variations in the cumulative sums of the random number sequence.A pass rate of 10/10 suggests that the sequence performs well in this regard and does not show statistically signifcant deviations.Runs and Longest Run Tests.Tese tests detect the presence of repeated sequences in the random number sequence.A score of 0.534146 indicates that there are relatively few repeated patterns in the sequence, and a pass rate of 10/10 suggests that there are no apparent repeated sequences.Rank Test.Tis test evaluates whether the random number sequence is uniformly distributed within a specifc range of values in a matrix.A score of 0.534146 indicates that the sequence performs well in this aspect.
FFT (Fast Fourier Transform) Test.Tis test assesses the distribution of frequency-domain features in a random number sequence.A score of 0.739918 indicates that the sequence also exhibits good randomness in the frequency domain.
Randomness security analysis is essential for assessing and determining whether a sequence is secure enough to protect sensitive information from attacks.Based on the comprehensive results, it can be concluded that the tested random number sequence has passed all NIST randomness tests, demonstrating a high level of randomness and security.

Te Avalanche Efect of ALICA.
Te avalanche efect in cryptographic algorithms refers to the phenomenon where even a slight alteration in the input leads to a substantial and unpredictable alteration in the output.In cryptography, the avalanche efect is a highly crucial feature because it ensures the sensitivity and randomness of the algorithm to input changes, thereby enhancing the security of the encryption.

Performance of ALICA
HIGHT [20] is a lightweight encryption algorithm that South Korea adopted as a standard for lightweight cryptography.It provides a security threshold of 128 bits, similar to ALICA.HIGHT was designed specifcally for 8-bit processors.However, with the majority of IoT devices now equipped with more advanced architectures and higher-bit processors, HIGHT's advantages are no longer optimal on the next-generation x86 platforms.On older ARM architecture processors, such as the Qualcomm Snapdragon 410 platform, HIGHT still retains its advantages.However, when comparing ALICA to Piccolo and uBlock on ARM, ALICA demonstrates a greater advantage.Te initial design of uBlock relies on instruction acceleration on the processor platform.Te comparison results shown in the experimental graph provide a more realistic representation of the underlying heterogeneous IoT device environment, without utilizing instruction acceleration.Te performance of the four mentioned encryption algorithms on the ARM (Snapdragon 410) platform, all providing a 128-bit key security threshold, is illustrated in Figure 8.Similarly, the performance on the x86 (Intel i5 9500) platform is shown in  International Journal of Intelligent Systems Figure 9. ALICA, similar to uBlock and Piccolo, incorporates an S-box substitution during the algorithm design, whereas HIGHT utilizes an ARX design logic.It can be anticipated that on the x86 platform, ALICA's performance is on par with HIGHT or even superior.Te memory usage for storing S-boxes and round constants in the cryptographic algorithm is depicted in Figure 10.In the future, the algorithm employs MDS matrices and round constants, which results in consuming twice the memory compared to other lightweight block cipher algorithms.ALICA's memory usage during the encryption process is comparable to that of other lightweight encryption algorithms.International Journal of Intelligent Systems

Conclusion
Tis paper presents a summary of recent literature on lightweight block ciphers.By analysing the components of lightweight block ciphers, the paper proposes a new lightweight cipher called ALICA.ALICA employs a generalized Feistel structure with a key size of 128 bits and a block size of 96 bits.Te overall structure of ALICA enables efcient hardware implementation and minimal software memory usage through the reuse of the F-function.ALICA demonstrates good deployment and applicability on devices with limited hardware resources and strict software size constraints.Te security of ALICA is evaluated by calculating the success probability of diferential attacks based on the number of active S-boxes after iterations.Te calculated security level of ALICA is signifcantly higher than the threshold for brute-force attacks on lightweight ciphers.In terms of performance, this paper compares ALICA with the HIGHT cipher algorithm and demonstrates the advantages of the proposed solution on high-end processors.Te next step in this research is to further investigate the design and application of various lightweight cipher algorithms on constrained devices.Additionally, specifc research should be conducted on the additional security aspects of the proposed cipher mentioned in this paper.

Figure 3 :
Figure 3: Generalized Feistel structure proposed in this paper.

Table 2 :
Te SAC of left S-box.

Table 1 :
Left S-box of the ALICA cipher algorithm.

Table 4 :
Linear approximation table of the proposed left S-box.

0 Table 5 :
DU values of the left S-box.

Table 3 :
Diferential distribution table of the left S-box.

Table 7 :
Left S-box of the ALICA cipher algorithm.

Table 9 :
Random test table for subkey sequence of ALICA.