Construction of S-boxes on Algebraic Substructures and their Applications in Information Security

Abstract

We are living in an age when the security of private and sensitive information matters to everyone. We require the security of information in many applications, for example, identification and authentication, secure communication systems, online billing, secure log in, and emails, etc. Cryptography has played a very significant role in the field of information security, as cryptographic systems can securely store and transfer the sensitive information. In today’s computer-centric world, cryptographic systems are designed using mathematical procedures and computer programs. Before 1976, symmetric-key cryptography was the only type of cryptography in which sender and receiver of confidential information share a single common key [34]. Classical symmetric-key cryptosystems/ciphers include the shift, substitution, Vignere and permutation ciphers. Some of the substitution ciphers with large key space may be safe, but many of them are not safe against brute force attacks. In 1940, Claude Shannon presented new design criteria for symmetric-key ciphers [75]. He emphasized on two points. First, the only secret of the cipher should be the key, not the larger algorithm. Second, a good cipher should incorporate both confusion and diffusion. A substitution cipher fails at confusion. Vignere cipher is more effective at confusion but it fails at diffusion. The permutation cipher on the other hand excel at diffusion. So, Shannon’s goals of confusion and diffusion were achieved by combining both substitution and permutation. The modern symmetric-key ciphers repeat cycles of one or the other, that is, a substitution, then a permutation, then a substitution, and so on. One such example of a symmetric-key cipher is data encryption standard (DES) [61]. An earlier cipher named Lucifer was modified at IBM in 1970 to design DES [79]. Shannon’s idea of confusion and diffusion was practiced in DES by alternation of substitution from the S-boxes, and permutation from the P-boxes. It was resistant against differential attack than other ciphers because the S-boxes were planned by keeping the differential characteristics in mind. Further, there are 256 possibilities of keys and at that time brute force attack on such number of keys was impractical [83, 31]. So, DES was considered strong enough and standardized for many applications in 1977. But it has never been strong against brute force attacks. In the same year of iv standardization of DES, Diffie and Hellman proposed a machine costing an estimate of US$20 million, which could find a DES key in a single day [35]. That is why, DES was not secure against well-funded opponent. Then in 1991, Biham and Shamir reported first theoretical differential attack on DES [8]. It was less complex than brute force attack, but it required an unrealistic 247 chosen plaintexts. Moreover, DES was not designed with defense against linear cryptanalysis in mind. In 1994, Matsui performed first experimental linear attack on DES [55]. In 1997, the DES challenge (DESCHALL) project break a message encrypted with DES for the first time in public [27]. In 1998, the EFF DES cracker (Deep Crack) break a DES key in 56 hours [33]. In 1999, Deep Crack and distributed.net break a DES key in 22 hours and 15 minutes [50]. DES has since considered insecure, but it remained highly influential on modern cryptography. To another prospective, DES is expensive in software and hard to implement efficiently in constant time. The reason is that it was designed with hardware in mind. It uses operations that can be very efficiently translated to a custom circuit but are comparatively much more expensive in software. Additionally, DES is quite slow by modern standards. In 1997, National institute of standards and technology announced the need for a new cipher in place of data encryption standard [62]. It was specified that the cipher must be a block cipher capable of dealing with 128-bit blocks, using key sizes of 128, 192, and 256 bits, resistant to attacks, computationally efficient and have simple implementations in hardware and software. Fifteen competing symmetric-key algorithm designs were subjected to preliminary analysis by the world cryptographic community. Among which NIST selected five algorithms for more extensive analysis in 1999, including MARS, RC6, Rijndael, Serpent and Twofish [64]. After much feedback, debate and analysis, the Rijndael cipher (submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen) was selected as the proposed algorithm for advanced encryption standard (AES) in 2000 [29]. It was approved as a federal government standard in 2002. AES is more secure than DES as the algorithm is stronger and supports longer key lengths. It also enables faster encryption than DES. In present day cryptography, AES is widely adopted and supported in both hardware and software applications. Till date, no practical cryptanalytic attacks against AES has been discovered. Additionally, AES has built-in flexibility of key length, which is an obstacle against progress in exhaustive key searches. However, the v AES security is assured only if it is correctly implemented and good key management is employed. Confusion property of Shannon is implemented in AES through substitution that is a nonlinear transformation (S-box). This transformation makes the algorithm secure against linear and differential cryptanalysis. The Rijndael S-Box can be edited, which defeats the suspicion of a backdoor built into the cipher that exploits a static S-box. But according to the design criteria of Rijndael, the S-box should be non-linear and algebraically complex [30]. Hence, the process of discovering novel and powerful S-boxes is of great interest in the field of cryptography. Many researchers have proposed various methods to make stronger and harder to attack S-boxes. The strength or weakness of S-box can be specified through the analysis of S-box properties, mainly including balancing, non-linearity, differential uniformity, linear approximation, algebraic complexity, strict avalanche criterion, fixed and opposite fixed points and bit independence criterion. A cipher that uses the S-box which is not robust is easier to attack by an adversary. In literature we can find so many large S-boxes having 16×16 look-up tables based on the finite field with 28 elements, typically operating on 8 bits, having both good cryptographic properties and a low implementation cost. Among them Rijndael S-box has the smallest known differential probability and linear correlation and therefore allows the AES to be secure with a small number of rounds and to reach very good performance. However, it is not always the best option for constrained environments. Like security, hardware utilization and power consumption are other major things to be considered since most of the mobile terminals are battery operated. An efficient implementation of the S-box is the main challenge for compact or highspeed hardware implementations. In software, an S-box can be implemented with a look-up table in memory, but this takes 256 bytes for the large S-box. Therefore, the field of lightweight cryptography has produced many alternatives with smaller S-boxes. Many of these lightweight ciphers use S-boxes operating on 4-bit words, or even on a smaller alphabet [5, 9, 10, 11, 28, 40, 41, 53, 93]. 4-bit S-box is usually much more compact in hardware than an 8-bit S-box. But, reducing the number of variables increases the values of the optimal differential probability and linear correlation. Therefore, more rounds are required to achieve the same resistance against differential and linear attacks. Later, in [71, 72], the authors introduced the concept of erection of vi 16-byte S-boxes on different structures. To the best known of the author’s knowledge, this was the first attempt for the construction of such S-boxes. They justified the majority logic criterion and proposed the application of these S-boxes in watermarking. But, their research lacks in information security applications as the retrieval of data bytes remained questionable after the S-box implementation. This fact caused many bounds for the idea presented. This thesis deals with the above problems with the approach of reducing the size of S-box, keeping the number of variables same as in large S-boxes. The motive is to reduce the size of S-box in memory with an increased optimal differential probability and linear correlation. Additionally, to achieve reasonable resistance against differential and linear attacks in a smaller number of rounds. For this purpose, constructions have been made on algebraic substructures with the thought that 16-byte S-box will use less memory space compared with 256-byte S-box. It will also reduce the hardware utilization, the power consumption and the execution time for encryption process. The research has also been extended towards the information security applications by presenting schemes for data retrieval. In this way, the 16-byte S-boxes have a lot to add in literature. In Chapter 1, we start with the cryptographic preludes. Chapter 2 introduces different novel methodologies for the construction of S-boxes based on the elements of the multiplicative subgroup of Galois field instead of the entire Galois field. Formation of the Boolean functions by establishing constrained transformations on the elements of the subgroup is intricacy of the problem. Chapter 3 deals with the conduct of small 8×8-bit S-boxes in advanced encryption standard algorithm. The objective is to reduce the S-box consumption of area and power by making known byte substitution using a 4×4 lookup table of byte values. Chapter 4 extends the research by presenting 8×8-bit 𝑆4 S-boxes of order 16 generated from subgroup of Galois field. The inspiration comes from the improved performance parameters and the practical applications of existing 𝑆8 S-boxes around Cryptography. In Chapter 5, we propose an innovative scheme to diminish the size of 𝑆8 S-boxes by working with a small unit of data. Chapter 6 and Chapter 7 introduces the application of proposed 16-byte S-boxes in the field of information security by designing RGB image encryption schemes. Finally, we conclude the whole research work.