The Effect of the Primitive Irreducible Polynomial on the Quality of Cryptographic Properties of Block Ciphers

Substitution boxes are the only nonlinear component of the symmetric key cryptography and play a key role in the cryptosystem. In block ciphers, the S-boxes create confusion and add valuable strength. 'e majority of the substitution boxes algorithms focus on bijective Boolean functions and primitive irreducible polynomial that generates the Galois field. For binary field F2, there are exactly 16 primitive irreducible polynomials of degree 8 and it prompts us to construct 16 Galois field extensions of order 256. Conventionally, construction of affine power affine S-box is based on Galois field of order 256, depending on a single degree 8 primitive irreducible polynomial over Z2. In this manuscript, we study affine power affine S-boxes for all the 16 distinct degree 8 primitive irreducible polynomials over Z2 to propose 16 different 8 × 8 substitution boxes. To perform this idea, we introduce 16 affine power affine transformations and, for fixed parameters, we obtained 16 distinct S-boxes. Here, we thoroughly study S-boxes with all possible primitive irreducible polynomials and their algebraic properties. All of these boxes are evaluated with the help of nonlinearity test, strict avalanche criterion, bit independent criterion, and linear and differential approximation probability analyses to measure the algebraic and statistical strength of the proposed substitution boxes. Majority logic criterion results indicate that the proposed substitution boxes are well suited for the techniques of secure communication.


Introduction
e exchange of digital data through the Internet has revolutionized the communication parameters over the years. But this rapid communication also provides opportunities to access this digital data illegally. For this reason, the security of this content on the Internet has become a serious challenge for the researchers of different fields. To counter the emerging challenges of security, cryptography and steganography are used to hide the secret information whereas watermarking is used for copyright protection. In this manuscript, we discuss cryptography and relevant aspects of this field. For convenience, cryptography is divided into two types named symmetric key cryptography and asymmetric key cryptography. In symmetric key cryptography, two parties share secret information and keys during encryption and decryption procedures. e private key is shared by both sender and receiver. In addition to this, block ciphers and stream ciphers are two main branches of symmetric key cryptography. In 1949, Shannon gave the idea of block cipher and some examples of block ciphers are Advanced Encryption Standard (AES) [1], Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), and many more [2,3]. In AES, there is availability of three different key sizes such as 128, 192, and 256 bits, whereas in DES, the only available key size is 56 bits. e AES has 10, 12, and 14 rounds for key sizes of 128, 192, and 256 bits, respectively. All these rounds have four basic steps, that is, subbyte, shift row, mix column, and add round key. Subbyte is the step which substitutes the plaintext data with substitution box (S-box).
is S-box is the only nonlinear part of block cipher used in different well-known cryptosystems. It is used to create confusion to make plaintext data obscure for any attacker and hence S-box is an integral part of any cryptosystem. S-box is a function which has input and output from the Galois field. e Galois field is a finite field having order 256 and denoted by GF(2 8 ).

Related Work.
S-box is used to create confusion as observed in AES, International Data Encryption Algorithm (IDEA), DES, and many more cryptosystems [4]. It is an established fact that the strength of block cipher depends on the standard and quality of S-box. Due to the necessary immersion of S-box to generate nonlinearity, intricacy persuades different researchers to design strong S-boxes to enhance the security level of cryptosystems. Among different available methods, the algebraic structure-based construction of S-boxes has much more attention. ese S-boxes have strong cryptographic features and are robust against linear and differential cryptanalysis.
In the literature, different structural advancements are viewed to improve the quality of S-boxes. e algebraic complexity of AES S-box has been improved with the extension of this S-box, that is, affine power affine (APA) [5]. Furthermore, the symmetric group S 8 has also been applied to AES S-box to improve the quality and numbers of S-boxes [6]. Similarly, the application of transformation using binary gray codes on AES S-box gives Gray S-box [7]. In [8], S-boxes are constructed by using the projective general linear group (PGL). Moreover, the construction scheme of chaotic S-boxes using DNA sequence and chaotic Chen system is given in [9,10]. Different analytical, algebraic, and chaos-based techniques for the construction of S-boxes are given in [11][12][13][14][15][16]. Conventionally, AES uses a polynomial of 8 terms which have all the required properties and improves the security for AES. But the Gray S-box has a 255-term polynomial. Moreover, residue prime, Xyi, and Skipjack S-boxes are frequently used for the encryption and decryption schemes [17,18].
It is assumed that the model of Boolean functions and primitive irreducible polynomial has an impact on the strength of S-box. In [19], different primitive irreducible polynomials have been used to identify the effect of primitive irreducible polynomial. To investigate this fact, we want to study all the primitive irreducible polynomials to understand whether there is an impact of irreducible polynomial or not. Archetypally in the synthesis of an S-box, the numbers a, b, c, and d in affine transformation belong to Galois field GF (2 8

Motivation.
Due to the role of S-boxes in cryptosystems, it is essential to explore all of its aspects. e motivation behind this work is to study all primitive irreducible polynomials and their role in the construction of S-boxes.
(1) e Mobius transformation used in a different construction of S-boxes has certain limitations and restrictions in its structure [7]. For example, the condition on the parameters, i.e., a d − bc ≠ 0 ∀a, b, c, d ∈ GF(2 8 ) squeezes the remaining cases. Hence, there is a need for any other transformation. (2) ere are 16 primitive irreducible polynomials in the principal ideal domain Z 2 [x] whose impact was not studied yet regarding their impression on analyses of S-boxes. (3) By exploring all primitive irreducible polynomials, we have a better opportunity to obtain the cryptographically strong cryptosystems.

Our Contribution.
In this manuscript, we studied all binary degree 8 primitive irreducible polynomials for the construction of S-boxes. e quality of the proposed work can be seen from the different security analyses and resistance against malicious attacks. is whole study can be summarized as follows: (1) We constructed S-boxes associated with the 16 binary degree 8 primitive irreducible polynomials. (2) e APA transformation is used in this work, which is bijective and has no restrictions on the parameters. (3) To evaluate the strength of the proposed S-boxes, we have performed different analyses along with differential cryptanalysis. e outcomes of these analyses are compared with the well-known S-boxes. e remaining part of the paper is planned as follows: Section 2 presents the preliminaries and construction scheme of the proposed S-boxes. In Section 3, algebraic and statistical analyses are calculated in detail. Section 4 presents definitions of the balanced Boolean function. Section 5 concludes the paper.

Primitive
is of degree m, then the quotient ring, is an extension field of Z p of degree m consisting of p m elements. is field is called a Galois field and is denoted by GF(p m ) and is said to be the field extension of Z p defined by the irreducible polynomial f(x). A representative g(x) of each element of GF(p m ) can be chosen to be of degree strictly less than m. If α is a root of f(x) in an algebraic closure of Z p , then GF(p m ) is isomorphic to the field: and so we can identify the two fields. Furthermore, if α is a generator of the cyclic finite multiplicative group of nonzero elements of Z p (α), then we say that f(x) is primitive. e Galois field GF (2 8 ) is particularly of specific interest in cryptographic applications, especially in S-boxes constructions. For our cryptographic purposes, we are interested in such a field whose defining irreducible polynomial is "primitive" (of degree 8, of course). It is well known that there are (φ(2 8 − 1)/8) � 16 such polynomials over Z 2 , for example, p 1 (x), . . . , p 16 , which we list in Table 1. In the following section, we construct 16 S-boxes out of the Galois fields corresponding to the aforementioned sixteen primitive irreducible polynomials.

2.2.
e Proposed S-Box Construction Method. For each i � 1, . . . , 16, consider the affine power affine map (APA): where are two affine maps with a, c ≠ 0, and Among other things, the map S, which is obviously bijective, was introduced by [5] to produce confusion in the scheme. For our S-boxes, we choose a � 13, b � 14 and c � 102 and d � 210. Figure 1 demonstrates the flow chart of the construction of the 16 different S-boxes. Moreover, the construction of S-boxes in correspondence to polynomial 1 (P 1 ) to polynomial 16 (P 16 ) is shown in Figure 1. All the S-boxes are given in Tables 2-17, corresponding to P 1 to P 16 . ese tables are before the conclusion section.
In the proposed work, we present an APA S-box corresponding to each i � 1, . . . , 16 where the APA map S gives the 16 × 16 lookup tables. We, then, show that these S-boxes have strong cryptographic properties certified with the help of analyses such as nonlinearity, strict avalanche criterion (SAC), bit independent criterion (BIC), linear approximation probability (LP), and differential approximation probability (DP) [20].

Security Analysis
In this section, we present some algebraic and statistical analyses of S-box followed [21]. Such analyses indicate the strength of all the proposed S-boxes and give an idea for their application in image encryption and other modes of secure communication.
3.1. Nonlinearity. Nonlinearity analysis of a function f is the minimum hamming distance between the Boolean function f:f: 0, 1 { } n ⟶ 0, 1 { } and its all n-bit affine functions. In the truth table of Boolean function f, the nonlinearity of f represents the degree of dissimilarity between f and all affine function. If the function has high minimum hamming distance, it indicates it has high nonlinearity. It is an established fact that high nonlinearity provides resistance to any kind of linear approximation attacks [22,23]. e calculated upper bound of nonlinearity is M � 2 m− 1 − 2 ((m/2)− 1) so that, for m � 8, the optimal value of nonlinearity is 120. Table 18 shows the nonlinearity of 16 S-boxes corresponding to all primitive irreducible polynomials. From this table, it can be seen that the value of nonlinearity has not been affected due to background irreducible polynomial.

Bit Independent Criterion.
Another algebraic criterion (BIC) is used to evaluate the strength of S-box, which is presented by Detombe and Tavares in [26]. In Table 14, the outcomes of BIC to SAC and BIC for the proposed S-boxes are given. e minimum BIC to SAC value is 0.47070 for 12 th S-box and the highest minimum value is 0.49219 for 2 nd S-box. e average BIC to SAC lies between 0.49679 and 0.50739. Similarly, the square deviation values for all the proposed S-boxes are given in Table 20. e maximum and average value of BIC is 112 for all S-boxes. It is depicted that the proposed S-boxes give the nearest best value of BIC analyses.

Linear Approximation Probability.
Matsui defines the extreme value of the imbalance of an event as the linear approximation probability. It is notable that the parity of the input bits that is, the mask G l , is equal to the parity of the output bits, i.e., the mask G m . e linear approximation probability of a given S-box is defined in the following equation: where G l and G m are input and output masks, respectively, and the set "X" represents the set of all possible inputs; 2 n is the number of elements of X. e value of linear approximation indicates the strength of S-box against various linear attacks. In Table 21, the maximum count and the LP value for all proposed S-boxes is 144 and 0.0625. ese values of LP of the proposed S-boxes are appropriate against linear attacks.

Differential Approximation
Probability. e degree of differential uniformity is known as differential approximation probability (DP s ) of S-box. Mathematically, it can be given as Briefly, it can be explained as follows: an input differential Δl i must be mapped to an output differential Δm i uniquely for each i. Here, X represents all the possible input values and the number of its elements is given by 2 m . Table 21 depicts the results of DP, which include the maximum and DP value.
Moreover, Table 22 represents the values of proposed S-boxes along with AES, Skipjack, Xyi, APA, Gray, and residue prime S-boxes.

Statistical Analyses.
To evaluate the visual strength of the substitution with the help of the proposed S-boxes, various statistical analyses are made on the host and substituted images. In this proposed work, statistical analyses like homogeneity, entropy, contrast, energy, and correlation are used to evaluate the substitution ability of the 16 proposed S-boxes. ese analyses are given as entropy � − k,l pr(p(k, l))log Pr(p(k, l)), (10) where k, l give the row and column locations of an image. e pixel value at k th row and l th column is represented by p(k, l) and Pr(p(k, l)) is the probability of the image pixel. In equation (8), μ and σ are mean and standard deviation, respectively.
Correlation analysis helps to find the similarity between the host and substituted image.
e correlation analysis provides the range which indicates the perfect, negative, and positive correlation. is is [−1, 1] interval for correlation and value of 1 indicates the perfect correlation. e randomness of the digital image can be calculated with the help of entropy. e higher value of entropy from the interval [0, 8] represents the higher amount of randomness in a digital image. For any viewer, it is only possible with the help of contrast analysis to intensely recognize the objects in the texture of an image. With the help of contrast analyses, one can observe the maximum distinction in image pixels. e range of the contrast can be given by [(size(Image) − 1) 2 ]. For constant image, the value of contrast is zero. e goal of finding close distribution between the matrix and its diagonal is obtained in homogeneity analysis. e matrix used in this analysis is named gray level cooccurrence matrix (GLCM) and the range of homogeneity lies between 0 and 1. e range for energy analysis also lies in the interval [0, 1]. e results of Table 23 are obtained by applying these analyses on the original and encrypted images. For all the proposed 16 S-boxes, we calculated the values of the statistical analyses.
A 256 × 256 JPEG image of Lena is considered for MLC analysis. Figure 2 shows the results of image encryption with 16 proposed S-boxes.

Balance Property.
e imbalance of a Boolean function weak system against linear cryptanalysis highlights the importance of balance property. e balance property indicates that the higher the magnitude of a function's imbalance, the more the chances of a high probability linear approximation. A Boolean function f: Z n 2 ⟶ Z 2 is balanced. If the cardinality or Hamming weight of these two functions, that is, x: f(x) � 0 and x: f(x) � 1 is the same, then it is named the balance function.

Conclusion
In this paper, a scheme for the synthesis of 8 × 8 S-boxes over 16 isomorphic Galois fields is presented. Here, we fixed all the parameters of affine power affine transformation, that is, a, b, c, d for 16 S-boxes. We have 16 primitive irreducible polynomials of degree 8 and they prompt us to construct 16 Galois field extensions of order 256. By using elements of the Galois field, corresponding to each different pair of the parameters, one can construct different S-boxes. ese S-boxes obtained as a result of APA transformation which is bijective, pass nonlinearity test, and out bit independent criterion (BIC) which demonstrates that the existing S-boxes have high confusion producing capability. e evaluation of constructed S-boxes is done with some algebraic and statistical analyses. e results of these analyses highlight the characteristics of all the proposed S-boxes and later these S-boxes are equated with some of the existing S-boxes. In addition to this, we also ensured that all these constructed S-boxes are balanced that guarantee the strength of our S-boxes. Hence, we have concluded that a large class of S-boxes can be obtained by varying parameters of affine power affine transformations. ese S-boxes can be used for secure communication.
Data Availability e data that support the findings of this study are available from the corresponding author upon reasonable request.

Conflicts of Interest
ere are no conflicts of interest among the authors.