INTRODUCTION
Numerous block ciphers are depending on the traditional Shannon idea of the serial application of confusion and diffusion. Normally, confusion is provided by some forms of substitution "SBoxes" (Mar and Latt, 2008).
A significant amount of time is taken up on the design or on the analysis that focuses on the substitution boxes (SBoxes) of the algorithm during the development of a symmetric or private key that comprises the construction of cryptosystems which are constructed as substitutionpermutation (SP) networks (i.e.,“DESLIKE” system). The SBoxes bring nonlinearity to the cryptosystems; hence require the strengthening of the cryptographic security. Serious limitations in the SBoxes can cause the cryptography to break easily (Mar and Latt, 2008; Adams and Tavares, 1990; Hussain et al., 2010). Generally, two sets of problems arise in the selection of an SBox before its cryptographic use can be considered secure. The first challenge lies in the design (or search) of a good SBox while the second ch1allenge is the verification of a given SBox as one that satisfies the requirements that entail the types and quantitative values of the desired properties for an SBox.
The properties of SBox namely Avalanche (AVAL), Strict Avalanche (SAC) and Bit Independence Criteria (BIC) which guarantee the randomness of the SPN are a measure of its security. Also, these properties are cryptographic desirable in SBoxes, so they are used as guide in the design of SBoxes (Adams and Tavares, 1990; Vergili and Yucel, 2000; Alabaichi et al., 2013a).
The publications of most of the work on the design of SBox has attempted the identification of good SBoxes based on a procedure that involves generating of designs randomly, evaluating them against selected evaluation criterion and rejecting those which fail to meet these criterions (Adams and Tavares, 1990).
This study in the first phase attempts to analyze the avalanche text and correlation coefficient in RAF after which the results are compared with the results of Blowfis’s output in (Alabaichi et al., 2013b). While in the seconds phase analyze the properties of AVAL, SAC and BIC that are used for the testing of security of dynamic 3D SBox in RAF after which the results are compared with the results of Blowfish’s SBoxes in Alabaichi (Alabaichi et al., 2013a).
SECURITY ANALYSIS
Security is the most important factor in evaluating cryptographic algorithms. Security includes features such as the randomness of the algorithm output, the avalanche effect, the correlation coefficient, the resistance of the algorithm to the cryptanalysis and the relative security compared with other candidates (Ariffin, 2012).
The SBox is the keystone of modern symmetric ciphers, such as block and stream ciphers and is an essential component in the layout of any block system.
Three properties are chosen to test security of the dynamic 3D SBox, namely, AVAL, SAC and BIC.
In this study, security analysis is divided into two phases. In the first phase, security analysis of the entire algorithm is performed and the results are compared with those of the BA. In the second phase, the component of the RAF, that is, the dynamic 3D SBox is analyzed.
First phase (security analysis of the RAF): As mentioned in the previous section, the output of entire algorithm (the RAF) is analyzed and compared with the results of the BA in this phase. The analysis includes the avalanche text and the correlation coefficient between plaintext and ciphertext.
The randomness of the RAF output is analyzed in earlier studies titled "A dynamic 3D SBox based on Cylindrical Coordinate System for Blowfish algorithm" (Alabaichi et al., 2014a) and "A Cylindrical Coordinate System with Dynamic Permutation Table for Blowfish Algorithm" (Alabaichi et al., 2014b).
Avalanche effect: The avalanche effect is a desirable property of any encryption algorithm. If one bit changes in either the plaintext or the key, a significant change occurs in at least half of the bits in the ciphertext, thus making it difficult to analyse ciphertext when an attempt to mount an attack is made. That is performing an analysis on ciphertext while trying to come up with an attack is difficult (Mahmoud et al., 2013). The avalanche text is used to evaluate the avalanche effect of the RAF and the BA in this study. A block cipher satisfies the avalanche text effect when a fixed key and a small change in the plaintext result in a large change in the ciphertext (Dawson et al., 1992).
Mathematically Eq. 1 is defined as:
where, F is the avalanche effect when the Hamming distance between the outputs of a random input vector and the output generated by randomly flipping one of its bits should be n/2 or 0.5, on average. That is a minimum message input change is amplified and it produces a maximum message output change, on average (Ariffin, 2012). Numerous researchers have conducted the avalanche effect test including (Ariffin, 2012); (Mahmoud et al., 2013; Dawson et al., 1992; Juremi et al., 2012; Sulaiman et al., 2012; Castro et al., 2005; Doganaksoy et al., 2010; Agrawal and Monisha, 2010; Mohan and Reddy, 2011; Ramanujam and Karuppiah, 2011).
Testing data: All data of the 16byte blocks of the random plaintext as well as of the 16byte random key were generated using the BBS pseudorandom bit generator. The 128 sequences of the 128bit with a 128bit random key are generated and used in the test for the RAF.
Empirical results and analysis: Table 1 and 2
summarize the values of the avalanche text for the first three rounds and the
last round of the RAF algorithm. In each table, the columns "Different
bit number (RAF)" indicate that the numbers of bits are different in the
ciphertext when one bit is changed in the plaintext. Meanwhile, the columns
"Ratio bits (RAF)" indicate the different number of bits divided by
the total number of bit sequence.
As shown in Table 1 and 2 changing one bit in the input results in a change on approximately half of the output bits in the three rounds, that is, the second, third and last rounds in RAF algorithm. The average change in bits in the RAF algorithm are 0.4912, 0.4926 and 0.4950 in second, third and last rounds, respectively, whereas the average change in bits in the BA are 0.5110, 0.5098 and 0.4972 in second, third and last rounds, respectively (Alabaichi et al., 2013b). In addition, the avalanche text of the RAF approximates the same avalanche text in the BA for these rounds. However, the avalanche text presented by the RAF in the first round is 0.2690 and in the BA in the first round is 0.2555(Alabaichi et al., 2013b). This result indicates that both algorithms exhibit good avalanche text in the second round.
The results of the avalanche text in both algorithms for the first to third rounds and the last round are presented in Fig. 1(ad) and Table 12.
Correlation coefficient: The correlation coefficient is considered as one of the important aspects of block cipher security that deals with the dependency of the individual output bits on the input bits. This coefficient measures how the two variables affect each other, that is, how much one variable depends on the other. In this section, we use the correlation coefficient to measure the dependency between plaintext and ciphertext. The correlation values can determine the confusion effect of the block cipher. The correlation coefficient which is a number between (1) and (1), measures the degree of linear relationship between two variables. The correlation is (1) in an increasing linear relationship and (1) in a decreasing linear relationship.
Table 1:  Values of the avalanche text for RAF algorithm in the first and second rounds 

Table 2:  Values of the avalanche text for RA algorithm in the third and last rounds 

In case of independent variables, the correlation is 0 and the following values are the acceptable range for interpreting the correlation coefficient (Mahmoud et al., 2013; Ariffin et al., 2012; Fahmy et al., 2005; Mohammad et al., 2009):
• 
0 indicates a nonlinear relationship 
• 
+1 indicates a perfect positive linear relationship 
• 
1 indicates a perfect negative linear relationship 
• 
The values between 0 and 0.3 (0 and 0.3) indicate a weak positive (negative) linear relationship 
• 
The values between 0.3 and 0.7 (0.3 and 0.7) indicate a moderate positive (negative) linear relationship 
• 
The values between 0.7 and 1.0 (0.7 and 1.0) indicate a strong positive (negative) linear relationship 

Fig. (1ad): 
Avalanche text of both algorithms for (a) First round, (b) Second round, )(c) Third round and (d) last round 
Testing data: The data set tested is the same as the data set tested for the avalanche text.
Empirical results and analysis: As presented in Table 3 and 87 correlation coefficient values in the RAF are near zero, thus indicating perfect nonlinear relation between plaintext and ciphertext. However, 41 values are greater than 0.1 and less than 0.3 or greater than 0.1 and less than 0.3, thus indicating weak linear positive or negative relation. Meanwhile, 80 values in the BA are near zero, thus indicating nonlinear relation between inputs and outputs. One value is 0.3974, thus indicating moderate negative linear relation. However, 47 values are greater than 0.1 and less than 0.3 or greater than 0.1 and less than 0.3, thus indicating weak positive (negative) linear relationship (Alabaichi et al., 2013b).
Table 3:  Values of the correlation coefficient between plaintext and Ciphertext for RAF algorithm 

Although both algorithms have good nonlinear relations, all results show that the RAF exhibits nonlinear relations with better impact than BA. The results of the correlation of both algorithms are illustrated in Fig. 2 and Table 3.

Fig. 2: 
Results of correlation coefficient of both algorithms 
Second phase (security analysis of the dynamic 3D SBOX): In this phase, we analyze the security of the dynamic 3D SBox, including its properties such as AVAL, SAC and BIC.
Criteria of the SBox: AVAL, SAC and are BIC used to guide SBoxes design, therefore, these criteria are used to evaluate the dynamic 3D SBox of the RAF.
Avalanche criteria: According to Feistel (1973), AVAL is an important cryptographic property of block ciphers, SBoxes and SPNs.
In formulating this, an n×n SBox satisfies AVAL under the condition that for all i = 1, 2,…, n:
Where:
where, ei is the unit vector with bit i = 1 and all other bits are equal to 0.
A^{ ei} XOR sums are referred to as avalanche vectors. Each vector has n bits or avalanche variables. This condition only occurs when a change in the ith bit in the input string is implemented.
A^{ ei} is defined as:
where, = {0, 1}.
The total change in the jth avalanche variable, is computed over the entire input alphabet with size 2^{ n} (note that 0>( W )>2^{ n}). Equation 2 is manipulated to define an AVAL parameter, k_{ AVAL}(i) as:
k_{ AVAL}(i )which has the values of [0,1] should be interpreted as the probability of change in the overall output bits when only the ith bit in the input string is changed. If k_{ AVAL}(i) differs from 1/2 for any i, then it is assumed that the SBox does not satisfy AVAL. If k_{ AVAL}(i) is approximately 1/2 for all is, then the SBox satisfies AVAL within a small range of error. If approximately 1/2 of the resulting avalanche variables are equal to 1 for all values of i, such that 1>i>m, then the function has a good avalanche effect (Mar and Latt, 2008; Hussain et al., 2010; Webster and Tavares, 1986; Selcuk and Melek, 2001).
Relative error for avalanche criteria: Vergili and Yucel (2000) concluded that the SBox can satisfy Eq. 5 for small values of n but for n≥6, satisfying the AVAL criterion is difficult for the SBox. Therefore, expecting that the criterion given by Eq. 5 will be satisfied within an error range of ±e_{ A} is logical. This range of error is known as the relative error interval for the AVAL. Therefore, the SBox satisfies the AVAL within ±e_{ A}, on the condition for all values of i:
is true. Given an SBox, the corresponding relative error e_{ A} can be found in Eq. 6 as:
For a set of SBoxes with the same size, the maximum relative error is:
Strict avalanche criteria: Webster and Tavares (1986) combined completeness and avalanche properties into the SAC. An SBox satisfies the SAC if the probability of change in any output bit approximates 1/2 whenever an input bit changes. SAC can be described mathematically as follows:
• 
The Ffunction: {0, 1^{ n}} → {0, 1^{ n} }satisfies the SAC for all i, j, ε (1, 2, …, n). The flipping input bit i changes the output bit j with a probability of exactly 1/2. Thus, an SBox fulfills the requirements of the SAC if: 
can be modified to define a SAC parameter, K_{ SAC }(i), j as:
K_{ SAC} (i, j) can assume the values [0,1] and should be interpreted as the probability of change in the jth output bit when the ith bit in the input string is changed. If k_{ SAC } (i, j) is not 1/2 for any (i, j) pair, then the SBox does not satisfy the SAC. Satisfying Eq. 10 for all values of i and j is unrealistic, therefore, interpreting Eq. 10 within an error interval of {e_{ S}, + e_{ S}} is meaningful. That is, if k_{ SAC }(i, j) approximates 1/2 for all (i, j) pairs, then the SBox satisfies the SAC within a small range of error(Mar and Latt, 2008; Hussain et al., 2010; Selcuk and Melek, 2001).
Relative error for the strict avalanche criteria: The SAC is a more
specialized form of the AVAL, thus the number of SBoxes that satisfies the
SAC is smaller than the number of SBoxes that satisfies the AVAL. Moreover,
this criterion for a large SBox size (n≥6) is satisfied with a small
error range. Therefore, by modifying Eq. 10, an SBox satisfies
the SAC within ±e_{ A} for all values of i and j. The following
equation is then satisfied:
Using Eq. 11 for a given SBox, the relative error e_{ S} for the SAC is:
For a set of SBoxes with the same size, the maximum relative error is:
Bit independence criteria: Webster and Tavares (1986) introduced another property for the SBox which they named as the BIC. This property is most appropriate for cryptographic transformation in which all the avalanche variables become independent pairs when a given set of avalanche vectors is generated by complementing a single plaintext bit. To measure the degree of independence between a pair of avalanche variables, calculating the correlation coefficient is necessary. The independence of the output bits ensures that any two output bits i and j act "Independently" of each other. Therefore, bits i and j are neither equal to each other significantly more, nor significantly less, than half the time (over all possible input vectors).
The BIC is defined mathematically as follows. A function f:{0, 1}^{ n} → {0, 1}^{n} satisfies the BIC on the condition for all values of i, j, k, ε {1, 2, …, n}, with j ≠ k. Inverting input bit i causes output bits j and k to change independently. The correlation coefficient computed between the jth and kth components of the output difference string is known as the avalanche vector A^{ ei}. A parameter of bit independence that corresponds to the effect of the ith input bit that change on the jth and kth bits of A^{ ei} is defined as:
Overall, the BIC parameter for the SBox of the Ffunction is:
BIC (f) assumes the values of [0, 1] (Hussain et al., 2010; Selcuk and Melek, 2001; Manikandan et al., 2012).
Relative error for the bit independence criteria: The relative error for the BIC is slightly different from those of the AVAL and the SAC. This error is presented as follows (Hussain et al., 2010; Feistel, 1973):
For a set of SBoxes with the same size, the maximum relative error is:
Testing data: All random 128bit and 256bit encryption keys (E_{ ks)} as well as the random 128bit plaintext were generated by BBS.
Empirical results and analysis: Twelve experiments have been conducted on the Dynamic 3D SBox in the RAF by using three types of E_{ ks}: Random, low entropy ones and low entropy zeroes with three properties AVAL, SAC, BIC, thus comprising 12 128bit E_{ ks} in all experiments to examine the effect of entropy of the E_{ ks} on the security of the dynamic 3D SBox in the RAF. The first 10 experiments are conducted with 10 random 128bit E_{ ks}. The remaining two experiments are carried out with a nonrandom E_{ k}. One experiment is conducted with low entropy ones encryption key and the last experiment is performed with low entropy zeroes encryption key. In summary, the total number of SBoxes tested in these experiments is 12 dynamic 3D SBoxes in the RAF.
Empirical results of the avalanch criteria: Table 4,
summarizes the values of k_{ AVAL}(i) that satisfies Eq.
5. Moreover, the values of k_{ AVAL} that correspond to the changed
input bits е_{ i}, (i = 1…8) where e_{ 1} represents
the first changed input bit, whereas е_{ 2} represents the second
changed input bit. Subsequently, the other parameters follow the same pattern,
whereby е_{i} (i = 3…8). The results of the first experiment
are discussed in this study for a brief. In Table 4, the second
column indicates the random encryption keys in hexadecimal, the third column
indicates the changed ith input bit, the last column indicates the average change
in the output bits when the ith input bit is changed.
The results in Table 4 indicate that the values of k_{ AVAL} _{}(i) approximates to half. This means that the dynamic 3D SBox in RAF does not satisfy the exact AVAL criterion, i.e., these SBoxes satisfy AVAL only within a range of error. Other experiments have similar results.
Table 57, summarize the values of eA, the maximum (Max) and the minimum (Min) values of the k_{ AVAL} which correspond to the changed input bits еi where i = 1…8 with ten random 128bit Eks, non random128bit Eks (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively. Results in Table 57 showed that the dynamic 3D SBox in RAF satisfy AVAL with maximum error values (e_{ AVAL}) of 0.0566. Whereas BA satisfies the AVAL maximum error values (e_{ AVAL}) of 0.0518 (Alabaichi et al., 2013a). In addition, the entropy of E_{ ks }is not affected on the AVAL results.
Empirical results of the SAC: Table 8 and summarize the values of k_{ SAC} (i, j) which satisfy Eq. 10 in RAF. The values of k_{ SAC} (i, j) correspond to the changed input bits е_{ i}, (i = 1…8) where е_{ 1} represents the first changed input bit, е_{ 2} represents the second changed input bit and subsequently the other parameters е_{ i} (i = 3 …8).
The results of the first dynamic 3D SBox from the first experiment are discussed as follows. This experiment includes SAC values with 8bit input (i) and 8bit output (j) with the first random encryption key.
Table 4:  Values of ith avalanche k_{ AVAL}(i) for the dynamic 3D Sbox in RAF with the first random 128 –bit E_{ ks} 

Table 5:  Values of the e_{ A}, maximum and minimum of K_{ AVAL} for the dynamic 3D SBox with ten random 128 bit E_{ ks} in RAF 

Table 6:  Values e_{ A}, maximum and minimum of K_{ AVAL} for the dynamic 3D SBox with low entropy ones encryption key in RAF algorithm 

Table 7:  Values e_{ A}, maximum and minimum of K_{ AVAL} for the dynamic 3D SBox with low entropy zeroes encryption key in RAF algorithm 

Table 8: 
Values of Strict Avalanche Criterion (SAC) of dynamic 3D Sbox
in RAF with 8 bits input (i) and 8 bits output (j) 

Table 9:  Values of e_{ S}, maximum and minimum of K_{ SAC }for the dynamic 3D SBox with ten random 128bit E_{ ks }in RAF 

Table 10:  Values of the e_{ S}, maximum and minimum of K_{ SAC} for dynamic 3D SBox with low entropy ones encryption key in RAF algorithm 

Table 11:  Values of the e_{ S}, maximum & minimum of K_{ SAC} for the dynamic 3D SBoxes with low entropy zeroes encryption key in RAF 

The first row indicates the average change in every output bit when the first input bit is changed, the second row shows the average change in every output bit when the second input bit is changed and so on until the eighth row.
Table 8 and show that the values of K_{ SAC }(i, j) random E_{ ks} are approximate to one half. This means that the dynamic 3D SBox in RAF does not exactly satisfy SAC, i.e., the dynamic 3D SBox in RAF algorithm satisfy SAC within an error range.
Table 911 and summarize the values of e_{ SAC}, the maximum (Max) and the minimum(Min) values of the K_{ SAC} which correspond to the changed input bits е_{ i} where i = 1…8 with ten random 128bit E_{ ks}, non random128bit E_{ ks} (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively.
The dynamic 3D SBox in RAF satisfies SAC with a maximum error value (eSAC) of 0.2813 as shows in Table 911. In addition, the entropy of E_{ ks }bears no effect on the SAC results. Whereas BA satisfies the SAC with a maximum error values ( e_{ SAC)}of 0.3594 (Alabaichi et al., 2013a). In addition, the entropy of E_{ ks} is not affected by the SAC.
Empirical results of the BIC: Table 12 summarizes the values of BIC (i) which satisfy Equations 14 and 15 . The values of BIC (i) which correspond to the changed input bits е_{ i} (i = 1 …8) with ten random 128bit E_{ ks}, non random128bit E_{ ks} (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively. The second column indicates to BIC when ith input bit is changed.
From the results in Table 1214 and it can be inferred that the dynamic 3D SBox in RAF satisfy BIC with a maximum error value (eBIC) of 0.2698. In addition, the entropy of E_{ ks} did not affect the BIC results. Whereas BA satisfies the BIC with maximum error value (e)_{ BIC} of 0.4725 (Alabaichi et al., 2013a). In addition, the entropy of E_{ ks} was not affected by the BIC results.
Finally, based on all the aforementioned results, a conclusion can be drawn that the dynamic 3D SBox in RAF satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0566, 0.2813 and 0.2698, respectively. Meanwhile, the SBoxes in the BA satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0518, 0.3594 and 0.4725, respectively. The dynamic 3D SBox in the RAF and the SBoxes in the BA satisfy the AVAL approximate the same.
Table 12:  Values of the BIC for dynamic 3D SBoxes in RAF with ten random 128bit E_{ ks} 

Table 13:  Values of BIC for dynamic 3D SBox with low entropy ones encryption key in RAF algorithm 

Table 14:  Values of BIC for dynamic 3D SBox with low entropy encryption key in RAF algorithm 

Table 15:  Values of e_{ AVAL}, e_{ SAC} and e_{ BIC} for SBoxes in RAF and BA algorithms 

Meanwhile, the SAC and the BIC are more effectively satisfied by the dynamic 3D SBox in RAF than the SBoxes in BA. This means RAF is more secure than BA. In addition, the entropy of the keys has no effect on the security of the SBoxes in both algorithms.
Table 15 summarizes e_{ AVAL}, e_{ SAC }and e_{ BIC} for the SBoxes in the RAF and the BA.
CONCLUSION
Several conclusions are drawn from this research and the most significant ones are discussed as follows.
Based on the results of the avalanche text test, the avalanche texts of the RAF are 0.4912, 0.4926 and 0.4950 in the second, third and last rounds, respectively, whereas the avalanche texts of the BA are 0.5110, 0.5098, 0.4972 in the second, third and last rounds, respectively. In addition, the avalanche text of the RAF approximates the same avalanche text in the BA in these rounds. However, the avalanche texts of the first round of the RAF and the BA are 0.2690 and 0.2555, respectively. The two algorithms provide good avalanche texts from the second round and their results of the correlation coefficient exhibit good nonlinear relations. Based on the evaluation of the SBoxes in the RAF and the BA, the 3D SBox in the RAF is more secure than the SBoxes in the BA because the 3D SBox in RAF satisfies the AVAL, the SAC and the BIC with maximum error values of 0.0566, 0.2813 and 0.2698, respectively. By contrast, the SBoxes in BA satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0518, 0.3594 and 0.4725, respectively. The dynamic 3D SBox in the RAF and the SBoxes in the BA exhibit approximately the same result in satisfying the AVAL. Meanwhile, the dynamic 3D SBox in the RAF satisfies the SAC and the BIC more effectively than the SBoxes in the BA. By contrast, the entropy of the keys does not affect the security of the SBoxes in both algorithms.
Thus, the dynamic permutation box and the dynamic 3D SBox when combined serve as an effective approach that strengthens the RAF algorithm.
Following the present study, future work can be conducted on the following topics:
• 
Analyzing the performance of the RAF based on following factors: speed, throughput and power consumption. Afterward, the performance of the RAF can be compared with other algorithms of various platforms 
• 
Implementing and evaluating the characteristic criteria of the RAF, including flexibility, hardware, software suitability and algorithm simplicity 