Analysis of Key Dependent Dynamic S-Boxes with Dynamic Irreducible polynomial and Affine Constant

172 |

P a g e

Analysis of Key Dependent Dynamic S-Boxes with Dynamic

Irreducible polynomial and Affine Constant

Amandeep Singh

and Praveen Agarwal

1

Research Scholar, Department of Computer Science,

Singhania University, Pacheri Bari, Jhunjhunu-(India), AP,

Department of Computer Science, Baba Farid College, Bathinda-151001 (India),

2

Department of Mathematics, Anand International College of Engineering, Jaipur303012, India,

ABSTRACT

The substitution table or S-Box is the core of block ciphers. The better designed S-Boxes increase the security of cipher. So in this paper our objective is to examine the properties of key dependent Dynamic S-Boxes in comparison with standard S-Box of AES. The characteristics of dynamic AES with key dependent Dynamic S-Boxes and AES with standard S-Box will be investigated and compared on the basis of criterion SAC (strict avalanche criterion), non-linearity, XOR distribution and BIC (bit independence criterion).

Keywords: Dynamic AES, AES, Dynamic S-Box, SAC, Non-linearity, BIC

I INTRODUCTION

The S-Box or substitution box is the only non-liner component of block ciphers like DES and AES, which provides

confusion property. In cryptography the strength of these block ciphers largely depend upon the design of S-Boxes.

The AES algorithm works on 128 bit block length data with variable key lengths i.e. 128 bit key, 192 bit key and

256 bit key. There are four stages involved in AES encryption these are substation box, shift row, mix column and

add round key. In AES decryption these stages are involved in inverse form i.e. inverse substation box, inverse shift

row, inverse mix column and add round key. In this paper we are talking about first layer of AES that is S-Box. AES

S-Box is a 16 × 16 matrix of bytes ranging from 0 to 255 these values are calculated in GF(28). Each value or byteY

173 |

P a g e

transformation using affine matrix A is computed and a constant vector 63 as cis added (Y=Ax ⊕ c Mod m). This

matrix values are used to replace values of initial state of plain text and then other three steps i.e. shift row, mix

column and add round key are followed.

The S-Boxes should be cryptographically strong enough to defend various algebraic attacks. AES (Advanced

encryption standards) is a very strong algorithm. There are some tests which test the strength of algebraic structure

of AES S-Box. Following are some definitions of these tests.

Definition 1 (Strict Avalanche Criterion)The Strict Avalanche Criterion (SAC) was introduced by Webster and

Tavares [1]. If a function is to satisfy the strict avalanche criterion, then each of its output bits should change with a

probability of one half whenever a single bit of plain text or a key is complemented.

where x and e are two n bit vectors which differ only in one bit i. The Boolean function f(x) accomplishes SAC

criterion if and only if α = 2n-1 _{for all i, 0 ≤ i ≤ n-1.}

Definition 2 (Non-linearity)The non-linearity is one of the most important property of boolean functions, which

specify distance to weak cryptographically affine functions. The non-linearity parameter, NFMf (z), of a cipher

for a given is defined as the number of cases over all cipher inputs such

that the affine function and the non-zero combination differ from each other [3] [4]

where , and . The overall non-linearity measure NLMfof the cipher f is defined as:

for a cipher f to be a linear cryptanalysis resistant, NLMf should be as close as possible to its maximum value given

by ( for perfectly nonlinear functions.

Definition 3 (XOR Distribution)XOR table of S-Box provides information about the security of block cipher

against differential cryptanalysis. The differential cryptanalysis exploits particular high valued entries in the XOR (1.1)

(1.2)

(1.3)

174 |

P a g e

distribution table of S-Box. The XOR table of n S-Box is a matrix [2][4]. The XOR table entries

represent output difference $b$, when the input P is changed by δ i.e.

where and . It is necessary condition for S-Box to be immune against differential attack, which does

not have large value in XOR distribution table.

Definition 4 (Bit Independence Criterion)The concept of BIC was introduced by Webster and Tavares [1] [4]. For

a given set of avalanche vectors, which are generated by changing single bit of plain text or key, all avalanche

variables should be pairwise independent. To measure the bit independence property the correlation coefficient of jth

and kth components of avalanche vector Dei is calculated over all input pairs P and Pi, which differ only in bit

i .

Then the overall BIC is defined as:

BIC(f) is defined in the range 0,1. It is ideally equal to zero, and in worst case it is equal to one.

II RELATED WORK

Although AES is strong algorithm but the limitation is that a fixed S-Box is being used throughout all the rounds of

encryption in AES which could be an attraction for cryptanalyst. To make AES strong many researchers did

improvement and proposed their algorithms to make S-Boxes dynamic.

In recent years many researchers developed various approaches to make AES dynamic by introducing Dynamic

S-Boxes.The authors tested their proposed algorithms on theparameters like SAC, Non-linearity, Xor profile and BIC

and their results are discussed here in this section.

For strict avalanche criteria (SAC) authors [5], [6], [7], [9], [10], [12], [15], [16], [18], [19], [20] and [21] analyzed

SAC and their results for average SAC are 46% to 57%, which are near to the ideal value 50%. SAC represents that

a single bit change in either plain text or key will change ½ bits of output vector or cipher text. The different

algorithms results are close to standard results of AES.

(1.5)

175 |

P a g e

For Non-Linearity authors [6], [10], [11], [14] and [23] analyzed their algorithms. The results are 98, 112, 112, 104

and 112 respectively, which are near to the ideal value of AES ranges from 112 to 144. The minimum value of

non-linearity of S-Box is 112. The results of different algorithms are close to AES

For Bit Independence Criteria authors [7], [8], [15], [19] and [20] analyzed their algorithms and the results are

0.4688, 0.4439, 0.4993, -0.0545 and 0.443 respectively, The BIC ranges between -1 and +1, which means if

correlation coefficient value is -1 that means the output vectors are negatively correlated and if values are 1 that

means the output vectors are positively correlated and if the value is 0 that means the output vectors are not

correlated at all. This criteria tells that with the small change in plain text or key the values of output vectors must be

pair wise independent

For XOR Profile authors [9], [10], [11] and [23] tested their algorithms. The results are 10/256 for [9] and 4/256 for

[10], [11] and [23]. The results of AES are 4/256 so for [10], [11] and [23] the results are equal to AES.

By taking motivation from above in this paper we developed a dynamic algorithm which generates dynamic

S-Boxes dependent on key, dynamic irreducible polynomial and a dynamic affine constant. The results are compared

with the standard AES.

III PROPOSED DYNAMIC KEY DEPENDENT S-BOX ALGORITHM

The proposed Dynamic Key Dependent S-Box algorithm is a permutation of existing AES S-Box.Dynamic S-Boxes

are generated by using existing AES S-Box. These new generated dynamic S-Boxes are used in AES to make it

Dynamic AES. Our dynamic Box is dependent upon three dynamic parameters. As shown in figure 1 dynamic

S-Boxes algorithm generated S-S-Boxes based on existing AES S-Box in first round and in other n-1 rounds it used previous round S-Box to generated next round dynamic S-Box. The algorithm is based on idea that whenever a

single bit of a key is complemented then the algorithm will select an irreducible polynomial dynamically from a

pool of irreducible polynomials i.e. “M”. The algorithm will select a key value“K” dependent on entire key and initial AES S-Box by doing key XOR of all bytes of initial key in 1st round and for other n-1 rounds sub keys, which

are generated by key expansion seclude of algorithm and previous round dynamic S-Box is used to generate key

value for next round. The algorithm will select an affine constant dynamically from all affine values ranging from 0

to 256 which is also dependent on dynamic key value “K” initially in 1st round this value is dependent on initial key value and AES-S-Box and for rest of n-1 rounds it is dependent on previous round key value and previous round dynamic S-Box values. So our S-Box values are dependent on these three parameters. Every time a key bit is

complemented then a different S-Box with permuted values will be generated, which adds complexity to the

176 |

P a g e

Dynamic S-Box Analysis

The Dynamic S-Box is analyzed and compared with standard AES S-Box on the basis of criterion like SAC,

non-linearity, XOR distribution and bit independence criterion.

Strict Avalanche Criterion: The newly developed dynamic AES with key dependent Dynamic S-Boxes and

standard AES is tested with different keys and singly bit change in plain text. The plain texts used for analysis are

presented in table 1 as shown below:

177 |

P a g e

Plain Texts Change on Bit

Positions Plain Text

Plain Text 1 _{0 3243F6A8885A308D313198A2E0370734}

Plain Text 2

2 7243F6A8885A308D313198A2E0370734 Plain Text 3

4 6243F6A8885A308D313198A2E0370734 Plain Text 4

8 6343F6A8885A308D313198A2E0370734 Plain Text 5

16 3242F6A8885A308D313198A2E0370734 Plain Text 6

32 3243F6A9885A308D313198A2E0370734 Plain Text 7

64 3243F6A8885A308C313198A2E0370734 Plain Text 8

128 3243F6A8885A308D313198A2E0370735

The result of SAC with single bit change in plain text has been displayed in table 2 along with its graphical representation presented in figure 2.

Key 1 Key 2 Key 3 Key 4 Key 5 Key 6 Key 7 Key 8 Key 9

AES Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn AES

Plain Text 1 - - - -

Plain Text 2 46.1 53.1 52.3 52.3 51.6 52.3 50.8 47.7 53.9 48.4 50.0 43.8 52.3 43.0 53.9 49.2 46.1 52.3

Plain Text 3 45.3 57.8 50.0 46.1 53.1 57.8 54.7 55.5 47.7 49.2 53.1 53.9 50.0 55.5 52.3 48.4 51.6 53.9

Plain Text 4 49.2 53.1 49.2 50.0 52.3 43.8 57.8 51.6 46.1 47.7 47.7 50.0 53.9 40.6 49.2 43.8 50.0 47.7

Plain Text 5 50.0 46.9 50.0 46.1 51.6 50.0 51.6 43.8 47.7 46.1 45.3 52.3 57.0 39.8 54.7 57.0 50.8 44.5

Plain Text 6 53.1 51.6 50.8 51.6 55.5 54.7 49.2 43.0 48.4 52.3 45.3 53.9 50.0 46.9 52.3 44.5 51.6 52.3

Plain Text 7 44.5 54.7 46.1 45.3 52.3 58.6 53.9 56.3 54.7 53.1 46.1 51.6 45.3 51.6 54.7 50.8 51.6 60.9

Plain Text 8 44.5 56.3 49.2 54.7 53.1 62.5 47.7 51.6 44.5 53.9 50.0 39.1 47.7 46.1 49.2 50.8 48.4 53.1

Average 47.5 53.3 49.7 49.4 52.8 54.2 52.2 49.9 49.0 50.1 48.2 49.2 50.9 46.2 52.3 49.2 50.0 52.1

Table 1. Plain Texts with one bit change

178 |

P a g e

In figure 2 we analyze that the average SAC of dynamic AES using key dependent Dynamic S-Boxes are better than

standard AES on maximum positions by changing single bit in plain text and in figure 3 presents overall average

SAC of Dynamic AES and Standard AES with one bit change in plain text in which the overall SAC of Dynamic

AES is better than standard AES.

The newly developed dynamic AES with key dependent Dynamic S-Boxes and standard AES is tested with different

plain texts and singly bit change in key. The keys used for analysis are presented in table 3 as shown below:

Fig. 2: Graphical representation of Average SAC of Dynamic AES and Standard AES with one

bit change in plain text

179 |

P a g e

Key Change on Bit

Positions Key

Key 1 0 00E9C9F2A509D4E8A8BBB760A02AAB08

Key 2 ₁ 80E9C9F2A509D4E8A8BBB760A02AAB08

Key 3 ₂ 40E9C9F2A509D4E8A8BBB760A02AAB08

Key 4 ₃ 20E9C9F2A509D4E8A8BBB760A02AAB08

Key 5 ₄ 10E9C9F2A509D4E8A8BBB760A02AAB08

Key 6 ₅ 08E9C9F2A509D4E8A8BBB760A02AAB08

Key 7 ₆ 04E9C9F2A509D4E8A8BBB760A02AAB08

Key 8 ₇ 02E9C9F2A509D4E8A8BBB760A02AAB08

Key 9 ₈ 01E9C9F2A509D4E8A8BBB760A02AAB08

The result of SAC with single bit change in key has been presented in table 4 along with its graphical representation presented in figure 4.

Plain Text 1 Plain Text 2 Plain Text 3 Plain Text 4 Plain Text 5 Plain Text 6 Plain Text 7 Plain Text 8 AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S AE S Dy n AE S

Key 1 - - - - - - - - - - - - - - - -

Key 2 50.

0 48. 4 50. 0 49. 2 51. 6 50. 8 53. 1 54. 7 54. 7 52. 3 49. 2 53. 1 56. 3 50. 0 54. 7 48. 4

Key 3 55.

5 53. 1 53. 1 55. 5 49. 2 51. 6 49. 2 54. 7 49. 2 48. 4 43. 8 59. 4 46. 1 50. 8 46. 9 42. 2

Key 4 53.

1 48. 4 48. 4 47. 7 43. 8 47. 7 46. 1 59. 4 45. 3 48. 4 47. 7 47. 7 59. 4 48. 4 42. 2 46. 9

Key 5 53.

1 48. 4 43. 8 56. 3 53. 9 44. 5 50. 0 49. 2 49. 2 44. 5 51. 6 55. 5 43. 0 56. 3 43. 8 52. 3

Key 6 45.

3 46. 9 57. 0 43. 8 59. 4 47. 7 46. 9 51. 6 51. 6 57. 0 48. 4 52. 3 53. 1 56. 3 55. 5 53. 1

Key 7 53.

9 53. 9 49. 2 43. 8 49. 2 51. 6 47. 7 47. 7 51. 6 59. 4 49. 2 50. 8 48. 4 47. 7 41. 4 45. 3

Key 8 48.

4 42. 2 43. 8 55. 5 49. 2 51. 6 43. 8 56. 3 43. 8 50. 8 49. 2 50. 8 49. 2 44. 5 48. 4 46. 1

Key 9 51.

6 51. 6 46. 9 46. 1 42. 2 57. 0 47. 7 49. 2 60. 2 50. 8 50. 0 46. 1 49. 2 54. 7 41. 4 50. 0 Avera ge 51. 4 49. 1 49. 0 49. 7 49. 8 50. 3 48. 0 52. 8 50. 7 51. 5 48. 6 52. 0 50. 6 51. 1 46. 8 48. 0

Table 3. Keys with one bit change

180 |

P a g e

In figure 4 we analyze that the average SAC of dynamic AES using key dependent Dynamic S-Boxes are better than

standard AES on maximum positions by changing single bit in key and in figure 5 presents overall average SAC of

Fig. 4: Graphical representation of Average SAC of Dynamic AES and Standard AES with one

bit change in key

181 |

P a g e

Dynamic AES and Standard AES with one bit change in key in which the overall SAC of Dynamic AES is better

than standard AES.

Non-Linearity: The non-linearity of AES S-Box and Dynamic S-Box is same because Dynamic S-Box is

permutation of AES S-Box. The non-linear distribution of Dynamic S-Box is symmetric around the midpoint

NLMf(z) = 2 n-1

provides information about the weakness of S-Box to linear cryptanalysis. The following graphical

representation shows z vectors corresponding to a specific value of NLMf (z). The horizontal axis shows possible

values of NLMf(z) in the range (0, 2n).

It is observed that Dynamic S-Box is resistant to linear cryptanalysis because it has got 635 vectors with lowest

NLMf (z) = 112. The following equation is satisfied for 635 vectors for 144 plaintexts.

The probability is equal to 144/256 = 0.56 for 635 vectors. Similarly it can be observed for all the vectors. So for all

the vectors the probability is close to 1/2. So the Dynamic S-Box and AES S-Box are resistant to linear

cryptanalysis.

XOR Profile: XOR distribution of Dynamic S-Box is a matrix of 256 × 256. It is values are calculated by eq. 2.4.

The values obtained in this table are summarized in the table 5. It is clear from this analysis that the XOR values of

both AES S-Box and Dynamic S-Box are uniformly distributed.

182 |

P a g e

No. of Vectors AES S-Box Dyn. S-Box

33150 0 0

32130 2 2

255 4 4

In table 5 maximum value for both AES S-Box and Dynamic S-Box is 4 which is very less. To cryptanalysis S-Box

the cryptanalyst is interested in higher values in XOR distribution table. So both AES S-Box and Dynamic S-Box

are secure against differential cryptanalysis.

Bit Independence Criterion

According to BIC property for a set of avalanche vectors generated by complementing the single bit of plain text

then all the variables of these vectors should be pairwise independent. To analysis this the correlation coefficient of

variable of avalanche variable need to be calculated. The value of correlation coefficient lies between 1 and -1. If

value of correlation is 0 that means the variables are independent and there is no correlation between variables, if the

value is 1 that means there is a strong positive correlation between variables and if the value is -1 that means there is

strong negative correlation between variables. So the table 6 presents correlation coefficient of AES and Dynamic

AES by changing single bit of plain text using different keys

Plain Text

Key 1 Key 2 Key 3 Key 4 Key 5 Key 6 Key 7 Key 8 Key 9

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Dyn

AES AES

Plain Text 1

0.441 0.434 0.232 0.151 0.099 0.581 0.328 0.288 0.079 0.043 0.169 0.021 0.192 0.188 0.151 0.057 0.265 0.418

Plain Text 2

0.003 0.081 0.066 0.045 0.309 0.397 0.199 0.246 0.188 0.468 0.107 0.123 0.303 0.172 0.313 0.008 0.309 0.060

Plain Text 3

0.337 0.085 0.102 0.159 0.368 0.008 0.136 0.348 0.103 0.182 0.021 0.102 0.340 0.001 0.506 0.364 0.092 0.087

Plain Text 4

0.439 0.216 0.147 0.195 0.205 0.026 0.002 0.337 0.216 0.127 0.456 0.690 0.155 0.013 0.374 0.155 0.227 0.239

Plain Text 5

0.076 0.188 0.132 0.076 0.010 0.415 0.644 0.342 0.042 0.084 0.145 0.246 0.188 0.135 0.317 0.157 0.052 0.501

Plain Text 6

0.230 0.234 0.070 0.317 0.466 0.287 0.062 0.281 0.016 0.491 0.127 0.108 0.283 0.408 0.227 0.027 0.477 0.104

Plain Text 7

0.317 0.167 0.545 0.066 0.430 0.056 0.141 0.098 0.223 0.187 0.662 0.112 0.215 0.537 0.268 0.273 0.378 0.010

Table 5. Values for XOR Distribution table

183 |

P a g e

IV CONCLUSIONS

In this paper we analysis AES S-Box and Dynamic S-Box for the criterion like non-linearity, SAC, XOR

distribution and bit independence criterion. The results are average SAC for one bit change in plain text and key are

50.42% and 50.56% respectively as compared to AES 50.30% and 49.37% respectively, non-linearty is 112 same as

AES, Xor profile is 4/256 and BIC is 0.2336. It is shown that both AES S-Box and Dynamic S-Box satisfies all the

criterion. But Dynamic S-Box shows better results in SAC (Strict Avalanche criterion) and in other results it is

equally good as AES S-Box. So the new algorithm which is Dynamic AES uses Dynamic S-Boxes in all 10 stages

of encryption and provides better resistance to different algebraic attacks.

REFERENCES

[1]A. F. Webster and S.E.Tavares, On the Design of S-Boxes, Advances in Cryptology, Proceedings of CRYPTO’

85, Springer Verlag, New York, 1986, 523-534

[2] A. Shamir and E. Biham, Differential Cryptanalysis of DES-like Cryptosystems, Journal of Cryptology, 4 (1)

1991, 3-72.

[3]W. Meier. and O. Staffelbach, Nonlinearity Criteria For Cryptographic Functions, Advances in Cryptology, Proc.

EUROCRYPT’ 89, Springler-Verlag, 1989, 549-562.

[4]S. Kavut andM. D. Yucel,On Some Cryptographic Properties of Rijndael., Information Assurance in Computer

Networks. MMM-ACNS Springer, Berlin, Heidelberg 2001., Lecture Notes in Computer Science, 2001.

[5] G.N. Krishnamurthy. and V. Ramaswamy, Making AES Stronger: AES with Key Dependent S-Box,

International Journal of Computer Science and Network Security, 2008, 388-398.

[6] M. Piotr, Generating Pseudorandom S-Boxes – a Method of Improving the Security of Cryptosystems Based on

Block Ciphers, Journal of Telecommunications and Information Technology, 2009.

[7] A. ElGhafar, A. Rohiem, A. Diaa and F. Mohammed, Generation of AES Key Dependent S-Boxes using RC4

Algorithm, 13th International Conference on Aerospace Sciences & Aviation Technology,ASAT- 13, 2009,

26-28.

[8] K. Kazys and K. Jaunius, Key-Dependent S-Box Generation in AES Block Cipher System, INFORMATICA,

2009, 23-34.

[9] Z. Ghada, K. Abdennaceur, P. Fabrice and F. Daniele, On Dynamic chaotic S-BOX, IEEE, 2009.

[10] J. Cui, L. Huang, H. Zhong, C. Chang and W. Yang, An Improved AES S-Box and Its Performance Analysis,

International Journal of Innovative Computing, Information and Control. 2011.

[11] G. Anna, Cryptographic properties of modified AES-like S-boxes, Annales UMCS Informatica AI XI, 11(2)

184 |

P a g e

[12] J. Julia, M. Ramlan, S. Salasiah and R. Jazrin, Enhancing Advanced Encryption Standard S-Box Generation

Based on Round Key, IJCSDF,1(3), 2012, 183-188.

[13] R. Hosseinkhani and H. Haj Seyyed Javadi, Using Cipher Key to Generate Dynamic S-Box in AES Cipher

System, IJCSS, 6(1), 2012, 19-28.

[14] O. Kazymyrov, V. Kazymyrova and R. Oliynykov, A Method For Generation Of High-Nonlinear S-Boxes

Based On Gradient Descent. IACR Cryptology, 2013.

[15] M. Dara and K. Manochehri, A Novel Method for Designing S-Boxes Based on Chaotic Logistic Maps Using

Cipher Key,World Applied Sciences Journal,28, 2013, 2003-2009.

[16] E. Mohammed Mahmoud , A. Abd El Hafez, A. Talaat and A. Zekry, Dynamic AES-128 with key-dependent

s-box, International Journal of Engineering Research and Applications, 3(1), 2013, 1662-1670.

[17] S. Arrag, A. Hamdoun, A. Tragha and S. Eddine Khamlich, Implementation of Stronger AES By Using

Dynamic S-Box Dependent of Master Key, Journal of Theoretical and Applied Information Technology, 2013.

[18] F. Ahmed and D. Elkamchouchi, Strongest AES with S-Boxes Bank and Dynamic Key MDS Matrix

(SDK-AES), International Journal of Computer and Communication Engineering, 2013.

[19] K. Adi Narayana Reddy and B. Vishnuvardhan, Secure Linear Transformation Based Cryptosystem using

Dynamic Byte Substitution, International Journal of Security, 2014.

[20] K. Kazys, V. Gytis and S. Robertas, An Algorithm for Key-Dependent S-Box Generation in Block Cipher

System, INFORMATICA, 26(1), 2015, 51-65.

[21] K. Balajee Maram and J. M. Gnanasekar, Evaluation of Key Dependent S-Box Based Data Security Algorithm

using Hamming Distance and Balanced Output,TEM Journal, 2016.

[22] S. Katiyar and N. Jeyanthi,Pure Dynamic S-box Construction, International Journal of Computers, 2016.

[23] A. Tianyong, R. Jinli, D. Kui, and Z. Xuecheng, Construction of High Quality Key-dependent S-Box, IAENG