A novel systematic byte substitution method to design strong bijective substitution box (S-box) using piece-wise-linear chaotic map

Related literature on chaos-based S-box

An extensive research has been presented in literature utilizing chaotic maps in various domains, such as digital image encryption (Pareek, Patidar & Sud, 2006; Murillo-Escobar et al., 2015; Yavuz et al., 2016; Liu et al., 2015; Wang et al., 2019; Farwa et al., 2017), watermarking (Jamal, Khan & Shah, 2016; Khan et al., 2019; Singh & Raman, 2017), steganography (EL-Latif, Abd-El-Atty & Venegas-Andraca, 2019; Siddiqui & Khare, 2021; Pak et al., 2019), Light-Weight cryptography and IoT (Mondal & Mandal, 2017; Mohananthini, Mohamed Parvees & Abdul Samath, 2021; Prathiba & Bhaaskaran, 2018), cryptographically-secure random number generation (Behnia et al., 2011; Avaroʇlu et al., 2014; Rezk et al., 2019; Koyuncu & Turan Özcerit, 2017; Irfan et al., 2020) and healthcare applications (Rajendran & Doraipandian, 2021; Masood et al., 2021; Magsi et al., 2021). A few novel methodologies have been proposed to design an S-box using the mixing property of the chaotic map (Jakimoski & Kocarev, 2001; Tang, Liao & Chen, 2005). Jakimoski & Kocarev (2001) proposed S-boxes using the chaotic logistic map. Their methodology was a four-step process utilizing a chaotic logistic map. Tang, Liao & Chen (2005) proposed a two-step 8 × 8 S-box methodology by iterating a chaotic map. First, the chaotic map is iterated to obtain distinct integers in the range (0 – 2ⁿ) are stored in an integer table. Secondly, a 2D Baker map permutes the integer table to obtain the final S-box. Later on, many researchers showed their potential and improved chaos-based S-boxes utilizing 1-dimensional chaotic maps (Belazi & El-Latif, 2017; Lambić, 2018; Shakiba, 2020; Tanyildizi & Özkaynak, 2019), higher-dimensional maps (Özkaynak, 2020; 2017; Özkaynak, Çelik & Özer, 2017; Lu, Zhu & Wang, 2019; Tian & Lu, 2016; Chen, Chen & Liao, 2007; Tang, Liao & Chen, 2005; Chen et al., 2008), and hybrid techniques incorporating optimization techniques with chaos, such as genetic algorithm (Li-Jiang & Tian-Lun, 2002; Wang et al., 2020), Hill climbing (Alzaidi et al., 2018), firefly algorithm (Ahmed, Zolkipli & Ahmad, 2019), heuristic techniques (Ahmad, Alauddin & AlSharari, 2018; Ahmad et al., 2020; Farah, Rhouma & Belghith, 2017). Few S-box design methodologies exploited cellular automata (Seredynski, Bouvry & Zomaya, 2004; Szaban & Seredynski, 2012; Miroslaw & Seredynski, 2011; Picek et al., 2017; Gangadari et al., 2015), elliptic curve (Hayat, Azam & Asif, 2018; Azam, Hayat & Ullah, 2018) for comparable properties of S-box design.

Recently, research on the S-box has been accelerated and numerous methodologies have been proposed (Ahmed, Zolkipli & Ahmad, 2019; Açikkapi, Özkaynak & Özer, 2019; Hussain et al., 2019; Lu, Zhu & Wang, 2019; Zahid, Arshad & Ahmad, 2019; Khan, Ahmed & Saleem, 2019; Farhan et al., 2019; Yi et al., 2019; Özkaynak, 2019; Tanyildizi & Özkaynak, 2019; Özkaynak, 2020; Artuğer & Özkaynak, 2020; Shakiba, 2020; Zhu et al., 2020; Dimitrov, 2020; Nizam Chew & Ismail, 2020; Ahmad et al., 2020; Wang et al., 2020; Faheem et al., 2020; Alhadawi et al., 2021; Khan & Jamal, 2021; Zamli, 2021; Zahid et al., 2021; Hua et al., 2021; Jiang & Ding, 2021; Belazi & El-Latif, 2017). Belazi & El-Latif (2017) proposed a four-step S-box design methodology based on a chaotic sine map. In step 1, the integer matrix S(16 × 16) is obtained. Steps 2 and 4 are the reshaping function to obtain row vector of I(1 × 256). Step 3 utilizes a chaotic sine map to generate a permutation of integer matrix S(16 × 16). In Tian & Lu, 2017 a method based on a 1-D logistic map and optimized using the bacterial foraging optimization method was proposed. An algebraic method using cubic traction transform was proposed (Zahid, Arshad & Ahmad, 2019). Wang et al. (2020) proposed an S-box design method based on a logistic map and genetic algorithm. The proposed methodology is two-step. First, a chaotic logistic map generates the initial pool of S-boxes. Secondly, a genetic algorithm is applied to obtain the final S-box. Shakiba (2020) proposed a simple chaotic S-box based on the I-D Chebyshev map. Artuğer & Özkaynak (2020) proposed a method to analyze chaotic S-box design using the zigzag mapping technique. Various discrete and continuous maps are chosen, and integer mapping is performed using the zigzag transformation approach. In Ahmad et al. (2020) a hybrid approach to design a bijective S-box was proposed. First, key-dependent improved S-boxes are generated using I-D sine-powered chaotic map and heuristic search technique. Secondly, chaotic features of obtained S-boxes are improvised using the action of an algebraic group. In Khan & Jamal (2021) author proposed an S-box design based on the composition of chaotic maps for lightweight design. In Zahid et al. (2021) a method to design S-box based on heuristic evolutionary strategy and modular operation is presented. Hua et al. (2021) proposed an S-box method using an improved logistic map and bijective matrix. The chaotic logistic map is iterated to generate a Latin matrix then randomized to obtain the final S-box. Zhu et al. (2020) proposed a dynamic S-box design method. The final S-box is obtained by applying the fitness function on the proposed static S-box. The static S-box is generated by iterating the logistic-tent system. Solami et al. (2018) proposed an S-box based on the mixing property of a higher dimensional map. A 5-D hyperchaotic system is used to obtain the final S-box. Alhadawi et al. (2021) obtained an S-box utilizing a cuckoo search algorithm and a 1-D discrete space chaotic map. In Jiang & Ding (2021) author generated an 8 × 8 S-box using chaotic bent functions.

The discussed S-boxes achieved strong cryptographic properties that have been analyzed using performance criteria. However, the DP value of these S-boxes is 0.03906, which shows that the maximum DP value is 0.03906. Moreover, several methodologies have been proposed utilizing mathematical transformation of linear fractional transform combined with the symmetric group, elliptic curve, coset diagram, etc., that have a DP value of 0.03906 (Siddiqui, Naseer & Ehatisham-ul-Haq, 2021; Nizam Chew & Ismail, 2020; Beg et al., 2020; Zahid, Arshad & Ahmad, 2019; Farwa, Shah & Idrees, 2016; Hussain et al., 2013a, 2013b; Ahmad et al., 2020; Hayat, Azam & Asif, 2018; Khan, Ahmed & Saleem, 2019; Aboytes-González et al., 2018; Hussain et al., 2018; Siddiqui et al., 2020). However, few methodologies have generated an S-box with a differential probability of 0.156 (Aboytes-González et al., 2018; Siddiqui et al., 2020; Nizam Chew & Ismail, 2020; Ahmad et al., 2020; Cui & Cao, 2007; Tran, Bui & Duong, 2008). Additionally, recent research on the chaos-based S-box (Özkaynak, 2020) shows that an S-box based on the mixing property of chaotic map has high differential uniformity and nonlinearity. It was observed that exiting hybrid S-box methodologies improve nonlinearity property with chaos and optimization or heuristics. However, differential uniformity of these S-boxes is still high. The nonlinearity property is used in the fitness function as an improvement criterion. The heuristics and optimization-based techniques are an added layer on chaotic mapping to achieve highly nonlinear S-boxes. The nonlinearity of an S-box reflects its resistance against linear cryptanalysis. Chaos-based S-box has better LP as compared to algebraic S-boxes. Despite high differential uniformity of chaos-based S-box, DP property cannot be considered an improvement criterion. The DP property is a good criterion for systematic S-box design. The input/output difference information is required to understand the confusion component for systematic design, along with strong diffusion and key mixing components, makes differential attacks like chosen plaintext/ciphertext attacks infeasible. A recent and notable contribution on chaos-based S-box that uses mixing property of chaotic map and DDT within the design loop to improve the DP value is given in Khan et al. (2018), Khan, Jeoti & Manzoor (2012). It is still challenging to improve the DP value of the chaos-based S-box. It is hypothesized that systematic methodologies, designs based on the knowledge of cryptographic attacks and cryptographic properties as a tool within the methodologies for design, are required to generate S-box with a strong structure. For example, chaos-based S-boxes have a higher DP property value than algebraic S-boxes. The observations of this study are as follows:

1. An S-box is a nonlinear component in an encryption algorithm that provides confusion.

2. An S-box Provides uncertainty that obscures the relationship between plaintext and ciphertext, and a strong encryption algorithm makes chosen plaintext/ciphertext attack infeasible.

3. The low DP value of an S-box indicates high dispersion among $\mathrm{\Delta }y$.

4. A strong S-box must have an upper bound of cryptographic performance criteria.

5. Chaos-based S-box has poor cryptographic criteria as compared to algebraic S-box.

6. The cryptographic criterion of DP has remained high in chaos-based S-box.

7. Systematic chaos-based S-box with a solid structure and a good understanding of cryptanalytic attack may lead to a strong S-box with improved cryptographic performance criteria, especially differential uniformity.

Problem statement

An S-box based on mathematical transformations has near-optimal cryptographic performance criteria compared to a chaos-based S-box. However, a chaos-based S-box can have better immunity against various side-channel attacks (Özkaynak, 2020). A chaos-based S-box with comparable performance criteria to an algebraic S-box is still challenging. Further, it was established that mapping techniques (continuum to integer) to produce an S-box structure are more important than the chaotic system properties (Artuğer & Özkaynak, 2020). Therefore, an S-box solid structure with improved performance criteria can be designed with a good understanding of cryptanalytic attacks, such as linear and differential attacks (Kocarev, 2001).

Contributions

The contribution of this paper is the use of dispersion property as a new tool to design an S-box. This section explains the use of dispersion property within the design loop to achieve results. While, we mainly focused on presenting the research hypothesis, which is later proved in the results section.

An S-box design is critically essential to resist all known attacks, especially differential cryptanalysis. Cryptosystem having S-box with high DP property value may be prone to chosen-plaintext attacks. It uses plaintext ciphertext pairs to mount differential cryptanalysis. The aim is to recover information without the knowledge of the key. With the help of the cryptosystem's S-box, an attacker tabulates pairs ( $\mathrm{\Delta }x,\mathrm{\Delta }y$) in DDT and finds DP using Eq. (1). An attacker looks for pairs with a maximum count in DDT to measure the differential uniformity of a given S-box. The dispersion property is employed as a tool to design the proposed S-box. The dispersion property is an added layer provided within the design loop.

For a given n bit S-box $S:(0,1{)}^n\mapsto (0,1{)}^n$, the dispersion property computes all pairs ( $\mathrm{\Delta }{S}_x,\mathrm{\Delta }{S}_y$), where $\mathrm{\Delta }{S}_x$ is the input spread and $\mathrm{\Delta }{S}_y$ is the output spread. Similar to DDT, these pairs tabulated in a dispersion matrix (DM). The total number of dispersion pairs and pairs which recur in DM are used to measure the normalized dispersion value between 0 and 1. The normalized dispersion is computed as $\zeta =\frac{2\ast \left|(d_{total}\left(\pi \right)-d_R\left(\pi \right))\right|}{T(T-1)}$. The $d_{total}(\pi )$ is the total pairs count in DM, $d_R(\pi )$ is the total recur pairs count in DM, and ‘T’ is the total number of S-box positions. The normalized value of ‘0’ stands for no dispersion, and the ‘1’ entails high dispersion among $\mathrm{\Delta }{S}_y$. Further, the normalized value close to 1 shows that the input S-box substituted the input sequence with high randomness, which entails efficient decorrelation among the substituted sequence. Hence, S-box exhibits high nonlinearity. The normalized value of 1 requires $d_R\left(\pi \right)=0$. However, this argument requires distinct pairs in DM. The occurrence of recurring pairs is due to the relative positions of elements in the auxiliary table of an S-box. It can be hypothesized that systematic selection and positioning of elements in the S-box may control the $d_R\left(\pi \right)$ in DM.

In the light of the discussion in previous sections, this article attempts to design a systematic S-box using dispersion property within the design loop. The proposed methodology works in layers iteratively. The discretized PWLCM generates initial S-box positions that fill the S-box table. The dispersion property is then used as an added layer that systematically decides the relative position of the S-box element in the S-box table. The proposed method is an increment design approach, starting with an initial pool of S-box positions, using Eq. (3), DM is dynamically generated. The new S-box positions are approved after checking the recurrence of pairs in DM. Due to the dynamic systematic S-box generation, design conditions are proposed under which the DM is dynamically generated, and the relative location of S-box positions are chosen. The recurrence of pairs in DM is closely monitored, and positions are regenerated and placed in the S-box table that entails a high occurrence of pairs in DM. The high-level flow diagram is given in Fig. 1. The ergodic and mixing behavior inherent in chaos generates all S-box positions in a reasonable time. For the added layer of DM generation, each position to confirm as the final S-box position, all pairs are added and checked for recurrence. The time complexity TC of this added layer is closely approximated between ( $O(2^{2n})<TC<O(2^{3n})$, where n is the cardinality of the proposed S-box.

On the other hand, choosing chaos also stands critical in cryptosystem design. In this work, a multi-dimensional PWLCM is chosen to generate initial trajectories. A multi-dimensional map is crucial in resisting key-related attacks in secure chaotic communications systems (Liu, Xiang & Liu, 2020). Initially, a random number generator (RNG) design is proposed using PWLCM. The random numbers generated using PWLCM are cryptographically secure, and statistically analyzed by the National Institute of Standards and Technology (NIST) criterion. This paper is organized as follows: “Random Number Generation Using PWLCM” performs a randomness test of PWLCM, “Materials and Methods” and “Dispersion Matrix Generation” presents the proposed methodology. With the understanding of DDT for differential cryptanalysis that finds the weaknesses in the S-box structure, this research proposes a systematic S-box design. “Proposed Systematic S-box Application in Image Encryption” evaluates the performance of proposed S-boxes. “Boomerang Connectivity Table” and “Feistel counterpart of BCT (FBCT)” analyze the BCT and FBCT of proposed S-box. The performance criteria of chaos-based S-box are not optimal compared to algebraic S-boxes. However, S-box differential uniformity certainly improved as compared to recently proposed S-boxes.

Random number generation using PWLCM

The randomness of PWLCM is evaluated using the NIST-800-22 statistical test suite. The test suite includes 15 different types of tests. Any bitstream must pass all these tests from the random bitstream pool to be accepted as a successful key and used as a secure key in encryption. A length of one million of the bitstream is required for NIST-800-22 statistical tests. The PWLCM equation is defined as:

(2) $x_{n+1}=\{\begin{array}{cc}\frac{x_n}{p},& 0\le x_n<p\\ \frac{(x_n-p)}{(0.5-p)},& p\le x_n<0.5\\ \frac{(1-p-x_n)}{(0.5-p)},& 0.5<x_n<1-p\\ \frac{(1-x_n)}{p},& 1-p<x_n<1\end{array}$

where, x_o ∈ [0, 1) is the initial value and p ∈ (0, 0.5) is the control factor. Any arbitrary chosen initial condition can be used. It is well established that the randomness of the RNG numbers directly affects encryption applications’ security. Hence they have crucial importance. Therefore, a successful bitstream selected as a key for encryption possesses a property that should have a uniform probability distribution of 1′s and 0′s. It means that the number of 1′s and 0′s in the bitstream should be equal or nearly equal. A PWLCM generates floating-point numbers in the given range of [0–1). As a result, by using PWLCM trajectories, we can generate infinite real number values in this range. A suitable threshold value is set on the continuous-valued output of RNG. Therefore, this paper chooses the typical median value of the threshold, i.e., $\tau =0.5$, bearing in mind the output range of RNG values to be [0–1). The steps for generating a random bit stream using the proposed RNG are as follows:

• Step 1: The initial condition $(x_0=0.78)$ and parameter $(p=0.16)$ are provided as input to PWLCM for generating random floating-point numbers having a range $[0,1)$.

• Step 2: The PWLCM is iterated ${10}^6$ times to generate 1 million random floating-point values.

• Step 3: Thresholding is applied to the floating-point values obtained after step 2 to generate a random bit stream of 0′s and 1′s. Each floating-point value $x_i$ (where $1\le i\le {10}^6$) is mapped to either ‘0’ or ‘1’ depending upon the following criteria: If $x_i\ge \tau$, it is mapped to a bit ‘1’; otherwise, the value is mapped to a bit ‘0’. In this way, a bitstream of a length of 1 million is generated using the proposed RNG.

• Step 4: In the last phase, NIST tests are applied to the bitstream obtained in step 3 to assess the bitstream’s randomness. The test results are evaluated based on a calculated test statistic value, i.e., P-value, which is a function of the data. The P-value reveals the strength of the randomness of a bit sequence. A P-value of 1 means the sequence is entirely random, whereas a P-value of 0 indicates entirely non-random. For each test, if P-value obtained is greater than or equal to the significance level ‘α,’ the test is considered successful. The significance level lies in the range [0.001–0.01]. We used the default parameters for all tests to test our proposed RNG using the NIST test. The value of α was chosen equal to 0.01, which means that for a test to be successful, the P-value obtained must be greater than or equal to 0.01. The random bit stream obtained from the proposed RNG using PWLCM passed all NIST tests presented in Table 1.

Dispersion matrix generation

Generally, the dispersion property is a post-processing technique used to measure the randomness in a sequence. The proposed novel methodology uses dispersion property within the design loop for systematic S-box design. The dispersion property can be defined as:

Definition 2:The dispersion measures the irregularity in output spread $\mathrm{\Delta }{\mathrm{S}}_{\mathrm{y}}$for a given input spread $\mathrm{\Delta }{\mathbf{S}}_{\mathbf{x}}$. For a given substitution π, the list of dispersion pairs of π is defined as

(3) $d_{total}\left(\pi \right)=\{(\mathrm{\Delta }{S}_x=\left(S_{x+c}-S_x\right),\mathrm{\Delta }{S}_y=\left(\pi \left(S_{y+c}\right)-\pi \left(S_y\right)\right)\}$

where $\mathrm{\Delta }{S}_x$, and $\mathrm{\Delta }{\mathbf{S}}_{\mathbf{y}}$ is the input and output spread. As described in the contribution subsection, Counting $d_{total}(\pi )$ and $d_R(\pi )$ computes normalized dispersion.

The utilization of dispersion property within the design loop under proposed design conditions requires an understanding of the computation of DM. Figure 2 shows a three-column vector of input information, the S-box, which is used to substitute input information and substituted input information using the S-box, respectively.

The dispersion matrix is filled with the spread pair ( $\mathrm{\Delta }{S}_x,\mathrm{\Delta }{S}_y)$. The input spread is measured using input differential with spread variable $C\in (0,255)$. Figure 2 shows the process of measuring $\mathrm{\Delta }{S}_x$ and $\mathrm{\Delta }{S}_y$. Further, Table 2 demonstrates the process of selecting input spread using the input spread variable to measure the $\mathrm{\Delta }{S}_y$. In Table 2, the C = 0 column entails 0, hence not considered herein. Finally, Table 3 shows the dispersion matrix.

Table 2:

Selection of input differentials using input spread variable C.

DOI: 10.7717/peerj-cs.940/table-2

Table 3:

Generating dispersion matrix by placing forgiven C.

DOI: 10.7717/peerj-cs.940/table-3

The DM is quite straightforward compared to DDT, which requires a complete S-box for DDT generation. It is further hypothesized that improving the recurrence of pairs in DM may improve the count of output difference in DDT. Therefore the proposed method systematically substitutes S-box elements with low DP value, which seems impossible using a typical chaos-based algorithm (Özkaynak, 2020).

Steps to design proposed S-box

• 1. Variable initialization:

The first step is to initialize variables used during the proposed design, such as an initial condition for the map $x_n$, the final position of the map $x_{n+1}$, position vector PV to store the final S-box.

• 2. S-box position mapping:

The behavior of any generated chaotic trajectories is vetted using the Lyapunov exponent. The nonlinear behavior of the chaotic map to the decimal domain is preserved. The domain in the range [0.1–0.9] is divided into 256 equal intervals, and the intervals are sequentially labeled as position counter PC. In doing so, the generated S-box positions acquire the nonlinear behavior of chaotic trajectories.

• 3. Chaotic trajectories decimal mapping:

The PWLCM is iterated using an arbitrarily chosen initial seed $x_n$; however, we use $x_n=0.346$ to generate the proposed S-box, which entails $x_{n+1}$, is checked in the range [0.1–0.9] where it falls and marks associated interval/subdomain number if empty using PC. This PC is an S-box element and stored in a position vector. The S-box’s bijective property is assured by ignoring output value that falls visited subdomain whose PC is already stored in PV ensures distinct positions generation. The chaotic decimal mapping entails an initial S-box.

• 4. Systematic byte substitution using dispersion matrix:

This step ensures the substitution of weak S-box positions that affect the performance parameters of the final S-box. The inherent structure of chaotic trajectories habitually includes these wrong positions as a part of the S-box. Therefore, this work proposed a dispersion matrix-based systematic byte substitution method to generate a near-optimal S-box. The flow graph is presented in Fig. 3. The dispersion matrix is generated within the loop of the proposed S-box design by tabulating the output differential $\mathrm{\Delta }{S}_y$ = PV [PC]th and PV[PC - ∆x[i]]th in the dispersion matrix. The dispersion matrix is filled column-wise due to the S-box design’s dynamic nature until each row has a distinct output differential. “Dispersion Matrix Generation” of the proposed methodology details the generation of the dispersion matrix.

1. If the output difference is repeated in any column of the dispersion matrix, the S-box’s corresponding position is ignored and regenerated.

2. Tabulate all output differences of the S-box in the dispersion matrix for all given input differences.

3. The regeneration of S-box positions due to repeated output differences is attempted in the arbitrary given time; otherwise, allow repetition to generate S-box in a reasonable amount of time.

4. Stop iteration once all S-box positions are generated. The position matrix is now the final proposed S-box.

Proposed systematic S-box application in image encryption

The suitability of the proposed S-box is evaluated as an application in image encryption. Image encryption, measures the strength and robustness of the proposed S-box, is performed using majority logic criteria (MLC) (Hussain et al., 2012; Shah et al., 2011). It is presented herein just to showcase the capability of the proposed S-box and not being used as a cipher. We used a standard gray-level San Diego aerial image of size 512 $\times$ 512 as plaintext to perform the substitution (Weber, 1981). This image can be used freely for research purpose. This image was substituted using the proposed S-box and AES S-box individually. The S-box substituted the pixel values of an image with the corresponding value in the S-box. The ciphertext is the scrambled image that hides the visual information contained in the plaintext. We performed a single round image substitution to perform some statistical analysis on plain and encrypted images. We performed these statistical analyses, namely histogram analysis, entropy, energy, correlation, contrast, and homogeneity analysis.

It can be observed from Table 13 that the proposed systematic S-box efficiently disperse the correlated pixels that provide effective image substitution. Results show that parameters are mainly comparable to the AES S-box. The entropy parameter value obtained using the proposed systematic S-box is 7.4060, near the superior value of 8. The entropy value indicates the randomness in an image. Hence, the proposed S-box is designed to provide near-optimal decorrelation between input and output elements in the image, amplifying randomness. The energy parameter value of the plain image is 0.0780. When image encryption is applied to plain images, we achieved an energy value of 0.0161, the same as the AES S-box energy value. The achieved energy value is small, which entails efficient image encryption performance of the proposed S-box. The correlation shows the linear independence between plain and encrypted images.

The coefficient value of approximately 0 indicates no or weak correlation between images. The proposed S-box’s correlation parameter value is 0.0398, close to 0, and comparable with AES S-box. The proposed S-box enhances the spread and dispersion among input and output pixels. Thus, it results in a weak correlation among pixels values. Further, the proposed S-box enhances the modern encryption properties of confusion and diffusion. The contrast parameter value of the proposed S-box is 9.9895. The constant image entails a contrast value of 0. A high value of contrast indicates randomness in the image. Due to systematic nonlinear mapping using the proposed S-box, Objects in the plain image are dispersed completely. Therefore, we achieved a high value of contrast in encrypted that indicates strong encryption. The homogeneity parameter measures the closeness of the distributed pixels of GLCM to its diagonals. The achieved homogeneity results using the proposed S-box and AES S-box are comparable and show strong encryption. Using majority logic, the image substitution analysis entails the proposed S-box results comparable to the state-of-the-art results in Table 13.

The visual demonstration of plain image (Fig. 13) substituted using proposed and AES S-box is also shown. Fig. 14 shows the histogram of plain image. The substituted image using proposed and AES S-box is shown in Figs. 15 and 16, respectively. It is evident from the figures that the proposed S-box hides all visual information contained in an image. It further justifies the effectiveness of the proposed S-box in image encryption. It can be concluded that the proposed S-box can be used as a confusion component in any application of image encryption.