Abstract: In order to measure the degree of security of RAF algorithm, some cryptographic tests must be applied such as randomness test, avalanche criteria, correlation coefficient and criteria of S-Box. In this study, we analyze the security of RAF. The security analysis is divided into two phases. The first phase investigates the output of the entire RAF, including the avalanche text and the correlation coefficient. The second phase investigates the quality of the dynamic 3D S-Box generated by the RAF by using the avalanche criterion (AVAL), the Strict Avalanche Criterion (SAC) and the Bit Independence Criterion (BIC). In addition, RAF algorithm is compared with the Blowfish Algorithm (BA). The avalanche text findings show that both algorithms produced satisfactory results on the second round. The correlation coefficient for RAF showed better non-linearity than BA. The S-Box analyses show that the dynamic 3D S-Box in the RAF is equipped with more security features than dynamic S-boxes in BA. C++ is used in the implementation of both algorithms. MATLAB computing software is used to implement the properties (AVAL, SAC and BIC) as well as the avalanche text and the correlation coefficient.
INTRODUCTION
Numerous block ciphers are depending on the traditional Shannon idea of the serial application of confusion and diffusion. Normally, confusion is provided by some forms of substitution "S-Boxes" (Mar and Latt, 2008).
A significant amount of time is taken up on the design or on the analysis that focuses on the substitution boxes (S-Boxes) of the algorithm during the development of a symmetric or private key that comprises the construction of cryptosystems which are constructed as substitution-permutation (S-P) networks (i.e.,“DES-LIKE” system). The S-Boxes bring nonlinearity to the cryptosystems; hence require the strengthening of the cryptographic security. Serious limitations in the S-Boxes can cause the cryptography to break easily (Mar and Latt, 2008; Adams and Tavares, 1990; Hussain et al., 2010). Generally, two sets of problems arise in the selection of an S-Box before its cryptographic use can be considered secure. The first challenge lies in the design (or search) of a good S-Box while the second ch1allenge is the verification of a given S-Box as one that satisfies the requirements that entail the types and quantitative values of the desired properties for an S-Box.
The properties of S-Box namely Avalanche (AVAL), Strict Avalanche (SAC) and Bit Independence Criteria (BIC) which guarantee the randomness of the SPN are a measure of its security. Also, these properties are cryptographic desirable in S-Boxes, so they are used as guide in the design of S-Boxes (Adams and Tavares, 1990; Vergili and Yucel, 2000; Alabaichi et al., 2013a).
The publications of most of the work on the design of S-Box has attempted the identification of good S-Boxes based on a procedure that involves generating of designs randomly, evaluating them against selected evaluation criterion and rejecting those which fail to meet these criterions (Adams and Tavares, 1990).
This study in the first phase attempts to analyze the avalanche text and correlation coefficient in RAF after which the results are compared with the results of Blowfis’s output in (Alabaichi et al., 2013b). While in the seconds phase analyze the properties of AVAL, SAC and BIC that are used for the testing of security of dynamic 3D S-Box in RAF after which the results are compared with the results of Blowfish’s S-Boxes in Alabaichi (Alabaichi et al., 2013a).
SECURITY ANALYSIS
Security is the most important factor in evaluating cryptographic algorithms. Security includes features such as the randomness of the algorithm output, the avalanche effect, the correlation coefficient, the resistance of the algorithm to the cryptanalysis and the relative security compared with other candidates (Ariffin, 2012).
The S-Box is the keystone of modern symmetric ciphers, such as block and stream ciphers and is an essential component in the layout of any block system.
Three properties are chosen to test security of the dynamic 3D S-Box, namely, AVAL, SAC and BIC.
In this study, security analysis is divided into two phases. In the first phase, security analysis of the entire algorithm is performed and the results are compared with those of the BA. In the second phase, the component of the RAF, that is, the dynamic 3D S-Box is analyzed.
First phase (security analysis of the RAF): As mentioned in the previous section, the output of entire algorithm (the RAF) is analyzed and compared with the results of the BA in this phase. The analysis includes the avalanche text and the correlation coefficient between plaintext and ciphertext.
The randomness of the RAF output is analyzed in earlier studies titled "A dynamic 3D S-Box based on Cylindrical Coordinate System for Blowfish algorithm" (Alabaichi et al., 2014a) and "A Cylindrical Coordinate System with Dynamic Permutation Table for Blowfish Algorithm" (Alabaichi et al., 2014b).
Avalanche effect: The avalanche effect is a desirable property of any encryption algorithm. If one bit changes in either the plaintext or the key, a significant change occurs in at least half of the bits in the ciphertext, thus making it difficult to analyse ciphertext when an attempt to mount an attack is made. That is performing an analysis on ciphertext while trying to come up with an attack is difficult (Mahmoud et al., 2013). The avalanche text is used to evaluate the avalanche effect of the RAF and the BA in this study. A block cipher satisfies the avalanche text effect when a fixed key and a small change in the plaintext result in a large change in the ciphertext (Dawson et al., 1992).
Mathematically Eq. 1 is defined as:
| (1) |
where, F is the avalanche effect when the Hamming distance between the outputs of a random input vector and the output generated by randomly flipping one of its bits should be n/2 or 0.5, on average. That is a minimum message input change is amplified and it produces a maximum message output change, on average (Ariffin, 2012). Numerous researchers have conducted the avalanche effect test including (Ariffin, 2012); (Mahmoud et al., 2013; Dawson et al., 1992; Juremi et al., 2012; Sulaiman et al., 2012; Castro et al., 2005; Doganaksoy et al., 2010; Agrawal and Monisha, 2010; Mohan and Reddy, 2011; Ramanujam and Karuppiah, 2011).
Testing data: All data of the 16-byte blocks of the random plaintext as well as of the 16-byte random key were generated using the BBS pseudo-random bit generator. The 128 sequences of the 128-bit with a 128-bit random key are generated and used in the test for the RAF.
Empirical results and analysis: Table 1 and 2 summarize the values of the avalanche text for the first three rounds and the last round of the RAF algorithm. In each table, the columns "Different bit number (RAF)" indicate that the numbers of bits are different in the ciphertext when one bit is changed in the plaintext. Meanwhile, the columns "Ratio bits (RAF)" indicate the different number of bits divided by the total number of bit sequence.
As shown in Table 1 and 2 changing one bit in the input results in a change on approximately half of the output bits in the three rounds, that is, the second, third and last rounds in RAF algorithm. The average change in bits in the RAF algorithm are 0.4912, 0.4926 and 0.4950 in second, third and last rounds, respectively, whereas the average change in bits in the BA are 0.5110, 0.5098 and 0.4972 in second, third and last rounds, respectively (Alabaichi et al., 2013b). In addition, the avalanche text of the RAF approximates the same avalanche text in the BA for these rounds. However, the avalanche text presented by the RAF in the first round is 0.2690 and in the BA in the first round is 0.2555(Alabaichi et al., 2013b). This result indicates that both algorithms exhibit good avalanche text in the second round.
The results of the avalanche text in both algorithms for the first to third rounds and the last round are presented in Fig. 1(a-d) and Table 1-2.
Correlation coefficient: The correlation coefficient is considered as one of the important aspects of block cipher security that deals with the dependency of the individual output bits on the input bits. This coefficient measures how the two variables affect each other, that is, how much one variable depends on the other. In this section, we use the correlation coefficient to measure the dependency between plaintext and ciphertext. The correlation values can determine the confusion effect of the block cipher. The correlation coefficient which is a number between (-1) and (1), measures the degree of linear relationship between two variables. The correlation is (1) in an increasing linear relationship and (-1) in a decreasing linear relationship.
| Table 1: | Values of the avalanche text for RAF algorithm in the first and second rounds |
| Table 2: | Values of the avalanche text for RA algorithm in the third and last rounds |
In case of independent variables, the correlation is 0 and the following values are the acceptable range for interpreting the correlation coefficient (Mahmoud et al., 2013; Ariffin et al., 2012; Fahmy et al., 2005; Mohammad et al., 2009):
| • | 0 indicates a non-linear relationship |
| • | +1 indicates a perfect positive linear relationship |
| • | -1 indicates a perfect negative linear relationship |
| • | The values between 0 and 0.3 (0 and -0.3) indicate a weak positive (negative) linear relationship |
| • | The values between 0.3 and 0.7 (-0.3 and -0.7) indicate a moderate positive (negative) linear relationship |
| • | The values between 0.7 and 1.0 (-0.7 and -1.0) indicate a strong positive (negative) linear relationship |
| Fig. (1a-d): | Avalanche text of both algorithms for (a) First round, (b) Second round, )(c) Third round and (d) last round |
Testing data: The data set tested is the same as the data set tested for the avalanche text.
Empirical results and analysis: As presented in Table 3 and 87 correlation coefficient values in the RAF are near zero, thus indicating perfect non-linear relation between plaintext and ciphertext. However, 41 values are greater than 0.1 and less than 0.3 or greater than -0.1 and less than -0.3, thus indicating weak linear positive or negative relation. Meanwhile, 80 values in the BA are near zero, thus indicating non-linear relation between inputs and outputs. One value is -0.3974, thus indicating moderate negative linear relation. However, 47 values are greater than 0.1 and less than 0.3 or greater than -0.1 and less than -0.3, thus indicating weak positive (negative) linear relationship (Alabaichi et al., 2013b).
| Table 3: | Values of the correlation coefficient between plaintext and Ciphertext for RAF algorithm |
Although both algorithms have good non-linear relations, all results show that the RAF exhibits non-linear relations with better impact than BA. The results of the correlation of both algorithms are illustrated in Fig. 2 and Table 3.
| Fig. 2: | Results of correlation coefficient of both algorithms |
Second phase (security analysis of the dynamic 3D S-BOX): In this phase, we analyze the security of the dynamic 3D S-Box, including its properties such as AVAL, SAC and BIC.
Criteria of the S-Box: AVAL, SAC and are BIC used to guide S-Boxes design, therefore, these criteria are used to evaluate the dynamic 3D S-Box of the RAF.
Avalanche criteria: According to Feistel (1973), AVAL is an important cryptographic property of block ciphers, S-Boxes and SPNs.
In formulating this, an n×n S-Box satisfies AVAL under the condition that for all i = 1, 2,…, n:
| (2) |
Where:
| (3) |
where, ei is the unit vector with bit i = 1 and all other bits are equal to 0.
A ei XOR sums are referred to as avalanche vectors. Each vector has n bits or avalanche variables. This condition only occurs when a change in the ith bit in the input string is implemented.
A ei is defined as:
| (4) |
where,
The total change in the jth avalanche variable,
| (5) |
k AVAL(i )which has the values of [0,1] should be interpreted as the probability of change in the overall output bits when only the ith bit in the input string is changed. If k AVAL(i) differs from 1/2 for any i, then it is assumed that the S-Box does not satisfy AVAL. If k AVAL(i) is approximately 1/2 for all is, then the S-Box satisfies AVAL within a small range of error. If approximately 1/2 of the resulting avalanche variables are equal to 1 for all values of i, such that 1>i>m, then the function has a good avalanche effect (Mar and Latt, 2008; Hussain et al., 2010; Webster and Tavares, 1986; Selcuk and Melek, 2001).
Relative error for avalanche criteria: Vergili and Yucel (2000) concluded that the S-Box can satisfy Eq. 5 for small values of n but for n≥6, satisfying the AVAL criterion is difficult for the S-Box. Therefore, expecting that the criterion given by Eq. 5 will be satisfied within an error range of ±e A is logical. This range of error is known as the relative error interval for the AVAL. Therefore, the S-Box satisfies the AVAL within ±e A, on the condition for all values of i:
| (6) |
is true. Given an S-Box, the corresponding relative error e A can be found in Eq. 6 as:
| (7) |
For a set of S-Boxes with the same size, the maximum relative error is:
| (8) |
Strict avalanche criteria: Webster and Tavares (1986) combined completeness and avalanche properties into the SAC. An S-Box satisfies the SAC if the probability of change in any output bit approximates 1/2 whenever an input bit changes. SAC can be described mathematically as follows:
| • | The F-function: {0, 1 n} → {0, 1 n }satisfies the SAC for all i, j, ε (1, 2, …, n). The flipping input bit i changes the output bit j with a probability of exactly 1/2. Thus, an S-Box fulfills the requirements of the SAC if: |
| (9) |
can be modified to define a SAC parameter, K SAC (i), j as:
| (10) |
K SAC (i, j) can assume the values [0,1] and should be interpreted as the probability of change in the jth output bit when the ith bit in the input string is changed. If k SAC (i, j) is not 1/2 for any (i, j) pair, then the S-Box does not satisfy the SAC. Satisfying Eq. 10 for all values of i and j is unrealistic, therefore, interpreting Eq. 10 within an error interval of {-e S, + e S} is meaningful. That is, if k SAC (i, j) approximates 1/2 for all (i, j) pairs, then the S-Box satisfies the SAC within a small range of error(Mar and Latt, 2008; Hussain et al., 2010; Selcuk and Melek, 2001).
Relative error for the strict avalanche criteria: The SAC is a more specialized form of the AVAL, thus the number of S-Boxes that satisfies the SAC is smaller than the number of S-Boxes that satisfies the AVAL. Moreover, this criterion for a large S-Box size (n≥6) is satisfied with a small error range. Therefore, by modifying Eq. 10, an S-Box satisfies the SAC within ±e A for all values of i and j. The following equation is then satisfied:
| (11) |
Using Eq. 11 for a given S-Box, the relative error e S for the SAC is:
| (12) |
For a set of S-Boxes with the same size, the maximum relative error is:
| (13) |
Bit independence criteria: Webster and Tavares (1986) introduced another property for the S-Box which they named as the BIC. This property is most appropriate for cryptographic transformation in which all the avalanche variables become independent pairs when a given set of avalanche vectors is generated by complementing a single plaintext bit. To measure the degree of independence between a pair of avalanche variables, calculating the correlation coefficient is necessary. The independence of the output bits ensures that any two output bits i and j act "Independently" of each other. Therefore, bits i and j are neither equal to each other significantly more, nor significantly less, than half the time (over all possible input vectors).
The BIC is defined mathematically as follows. A function f:{0, 1} n → {0, 1}n satisfies the BIC on the condition for all values of i, j, k, ε {1, 2, …, n}, with j ≠ k. Inverting input bit i causes output bits j and k to change independently. The correlation coefficient computed between the jth and kth components of the output difference string is known as the avalanche vector A ei. A parameter of bit independence that corresponds to the effect of the ith input bit that change on the jth and kth bits of A ei is defined as:
| (14) |
Overall, the BIC parameter for the S-Box of the F-function is:
| (15) |
BIC (f) assumes the values of [0, 1] (Hussain et al., 2010; Selcuk and Melek, 2001; Manikandan et al., 2012).
Relative error for the bit independence criteria: The relative error for the BIC is slightly different from those of the AVAL and the SAC. This error is presented as follows (Hussain et al., 2010; Feistel, 1973):
| (16) |
For a set of S-Boxes with the same size, the maximum relative error is:
| (17) |
Testing data: All random 128-bit and 256-bit encryption keys (E ks) as well as the random 128-bit plaintext were generated by BBS.
Empirical results and analysis: Twelve experiments have been conducted on the Dynamic 3D S-Box in the RAF by using three types of E ks: Random, low entropy ones and low entropy zeroes with three properties AVAL, SAC, BIC, thus comprising 12 128-bit E ks in all experiments to examine the effect of entropy of the E ks on the security of the dynamic 3D S-Box in the RAF. The first 10 experiments are conducted with 10 random 128-bit E ks. The remaining two experiments are carried out with a non-random E k. One experiment is conducted with low entropy ones encryption key and the last experiment is performed with low entropy zeroes encryption key. In summary, the total number of S-Boxes tested in these experiments is 12 dynamic 3D S-Boxes in the RAF.
Empirical results of the avalanch criteria: Table 4, summarizes the values of k AVAL(i) that satisfies Eq. 5. Moreover, the values of k AVAL that correspond to the changed input bits е i, (i = 1…8) where e 1 represents the first changed input bit, whereas е 2 represents the second changed input bit. Subsequently, the other parameters follow the same pattern, whereby еi (i = 3…8). The results of the first experiment are discussed in this study for a brief. In Table 4, the second column indicates the random encryption keys in hexadecimal, the third column indicates the changed ith input bit, the last column indicates the average change in the output bits when the ith input bit is changed.
The results in Table 4 indicate that the values of k AVAL (i) approximates to half. This means that the dynamic 3D S-Box in RAF does not satisfy the exact AVAL criterion, i.e., these S-Boxes satisfy AVAL only within a range of error. Other experiments have similar results.
Table 5-7, summarize the values of eA, the maximum (Max) and the minimum (Min) values of the k AVAL which correspond to the changed input bits еi where i = 1…8 with ten random 128-bit Eks, non random128-bit Eks (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively. Results in Table 5-7 showed that the dynamic 3D S-Box in RAF satisfy AVAL with maximum error values (e AVAL) of 0.0566. Whereas BA satisfies the AVAL maximum error values (e AVAL) of 0.0518 (Alabaichi et al., 2013a). In addition, the entropy of E ks is not affected on the AVAL results.
Empirical results of the SAC: Table 8 and summarize the values of k SAC (i, j) which satisfy Eq. 10 in RAF. The values of k SAC (i, j) correspond to the changed input bits е i, (i = 1…8) where е 1 represents the first changed input bit, е 2 represents the second changed input bit and subsequently the other parameters е i (i = 3 …8).
The results of the first dynamic 3D S-Box from the first experiment are discussed as follows. This experiment includes SAC values with 8-bit input (i) and 8-bit output (j) with the first random encryption key.
| Table 4: | Values of ith avalanche k AVAL(i) for the dynamic 3D S-box in RAF with the first random 128 –bit E ks |
| Table 5: | Values of the e A, maximum and minimum of K AVAL for the dynamic 3D S-Box with ten random 128- bit E ks in RAF |
| Table 6: | Values e A, maximum and minimum of K AVAL for the dynamic 3D S-Box with low entropy ones encryption key in RAF algorithm |
| Table 7: | Values e A, maximum and minimum of K AVAL for the dynamic 3D S-Box with low entropy zeroes encryption key in RAF algorithm |
| Table 8: | Values of Strict Avalanche Criterion (SAC) of dynamic 3D S-box in RAF with 8 bits input (i) and 8 bits output (j) |
| Table 9: | Values of e S, maximum and minimum of K SAC for the dynamic 3D S-Box with ten random 128-bit E ks in RAF |
| Table 10: | Values of the e S, maximum and minimum of K SAC for dynamic 3D S-Box with low entropy ones encryption key in RAF algorithm |
| Table 11: | Values of the e S, maximum & minimum of K SAC for the dynamic 3D S-Boxes with low entropy zeroes encryption key in RAF |
The first row indicates the average change in every output bit when the first input bit is changed, the second row shows the average change in every output bit when the second input bit is changed and so on until the eighth row.
Table 8 and show that the values of K SAC (i, j) random E ks are approximate to one half. This means that the dynamic 3D S-Box in RAF does not exactly satisfy SAC, i.e., the dynamic 3D S-Box in RAF algorithm satisfy SAC within an error range.
Table 9-11 and summarize the values of e SAC, the maximum (Max) and the minimum(Min) values of the K SAC which correspond to the changed input bits е i where i = 1…8 with ten random 128-bit E ks, non random128-bit E ks (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively.
The dynamic 3D S-Box in RAF satisfies SAC with a maximum error value (eSAC) of 0.2813 as shows in Table 9-11. In addition, the entropy of E ks bears no effect on the SAC results. Whereas BA satisfies the SAC with a maximum error values ( e SAC)of 0.3594 (Alabaichi et al., 2013a). In addition, the entropy of E ks is not affected by the SAC.
Empirical results of the BIC: Table 12 summarizes the values of BIC (i) which satisfy Equations 14 and 15 . The values of BIC (i) which correspond to the changed input bits е i (i = 1 …8) with ten random 128-bit E ks, non random128-bit E ks (low entropy zeroes and low entropy ones) and random plaintext (a24a52153c3ede6735e0865e8d99bfbc), respectively. The second column indicates to BIC when ith input bit is changed.
From the results in Table 12-14 and it can be inferred that the dynamic 3D S-Box in RAF satisfy BIC with a maximum error value (eBIC) of 0.2698. In addition, the entropy of E ks did not affect the BIC results. Whereas BA satisfies the BIC with maximum error value (e) BIC of 0.4725 (Alabaichi et al., 2013a). In addition, the entropy of E ks was not affected by the BIC results.
Finally, based on all the aforementioned results, a conclusion can be drawn that the dynamic 3D S-Box in RAF satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0566, 0.2813 and 0.2698, respectively. Meanwhile, the S-Boxes in the BA satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0518, 0.3594 and 0.4725, respectively. The dynamic 3D S-Box in the RAF and the S-Boxes in the BA satisfy the AVAL approximate the same.
| Table 12: | Values of the BIC for dynamic 3D S-Boxes in RAF with ten random 128-bit E ks |
| Table 13: | Values of BIC for dynamic 3D S-Box with low entropy ones encryption key in RAF algorithm |
| Table 14: | Values of BIC for dynamic 3D S-Box with low entropy encryption key in RAF algorithm |
| Table 15: | Values of e AVAL, e SAC and e BIC for S-Boxes in RAF and BA algorithms |
Meanwhile, the SAC and the BIC are more effectively satisfied by the dynamic 3D S-Box in RAF than the S-Boxes in BA. This means RAF is more secure than BA. In addition, the entropy of the keys has no effect on the security of the S-Boxes in both algorithms.
Table 15 summarizes e AVAL, e SAC and e BIC for the S-Boxes in the RAF and the BA.
CONCLUSION
Several conclusions are drawn from this research and the most significant ones are discussed as follows.
Based on the results of the avalanche text test, the avalanche texts of the RAF are 0.4912, 0.4926 and 0.4950 in the second, third and last rounds, respectively, whereas the avalanche texts of the BA are 0.5110, 0.5098, 0.4972 in the second, third and last rounds, respectively. In addition, the avalanche text of the RAF approximates the same avalanche text in the BA in these rounds. However, the avalanche texts of the first round of the RAF and the BA are 0.2690 and 0.2555, respectively. The two algorithms provide good avalanche texts from the second round and their results of the correlation coefficient exhibit good non-linear relations. Based on the evaluation of the S-Boxes in the RAF and the BA, the 3D S-Box in the RAF is more secure than the S-Boxes in the BA because the 3D S-Box in RAF satisfies the AVAL, the SAC and the BIC with maximum error values of 0.0566, 0.2813 and 0.2698, respectively. By contrast, the S-Boxes in BA satisfy the AVAL, the SAC and the BIC with maximum error values of 0.0518, 0.3594 and 0.4725, respectively. The dynamic 3D S-Box in the RAF and the S-Boxes in the BA exhibit approximately the same result in satisfying the AVAL. Meanwhile, the dynamic 3D S-Box in the RAF satisfies the SAC and the BIC more effectively than the S-Boxes in the BA. By contrast, the entropy of the keys does not affect the security of the S-Boxes in both algorithms.
Thus, the dynamic permutation box and the dynamic 3D S-Box when combined serve as an effective approach that strengthens the RAF algorithm.
Following the present study, future work can be conducted on the following topics:
| • | Analyzing the performance of the RAF based on following factors: speed, throughput and power consumption. Afterward, the performance of the RAF can be compared with other algorithms of various platforms |
| • | Implementing and evaluating the characteristic criteria of the RAF, including flexibility, hardware, software suitability and algorithm simplicity |