Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download A New DNA-Based S-Box
Document related concepts
Transcript
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
1
A New DNA-Based S-Box
Auday H. Al-Wattar, Ramlan Mahmod , Zuriati Ahmad Zukarnain, and Nur Izura Udzir,
Faculty of Computer Science and Information Technology,
Universiti Putra Malaysia,
43400 UPM, Serdang, Selangor.
Abstract— Recently, many scholars have tried to design new
security methods inspired by biological techniques, as DNA,
Some of which are in the domains of cryptography and
steganography. In this article, a new DNA-based S-Box was
designed inspired by biology DNA techniques to be used for
SPN symmetric block ciphers. The new DNA-base S-Box is
used in order to reduce the calculations process in addition to
make use of the unknown randomness of DNA bases in
creating the S-box.
This article uses the new DNA-based S-Box within the AES
(Advanced
Encryption
Standard).
The
Encryption
Standard).The S-Box testing criteria were performed to assess
the security of the new S-Box. The National Institute of
Standard and Technology (NIST) tests have been used to test
the cipher which uses this new DNA based S-Box. The outcome
of the tests shows that proposed S-box has good security, as
well as it is passed all the randomness tests.
Index Term— cryptography algorithm, block cipher, DNA,
AES, S-Box, randomness, state.
I. INTRODUCTION
In the field of cryptography and for any symmetric
encryption algorithm, the S-Box (substitution box) is the
only nonlinear unit of the symmetric encryption algorithms
which performs substitution [1].Usually, Usually, the cipher
uses the S-box to build the association of the key and the
cryptosystem, which is called confusion as Shannon [2].
Since the security of the entire encryption system depends
on the S-box, the better the design of the S-box will result in
the most secure encryption system as a whole [3-5]. Based
on this concept can be considered one of the most important
for the design, modification or work with the cipher S-box is
to improve the entire cipher and make it completely immune
and safe.
There are many approaches used by researchers in the
design and modification of the S-boxes, as in [6], [7], [8],
[9], [10] . Some researchers explored the use of a dynamic
and Key-depend-S-Box to enhance the security of block
ciphers, as in [11] [12] [1] [13] [14] and [15].
The using of DNA as a form of cryptography is still in the
preliminary stage. One of the most important reasons is the
need for a high-tech laboratory, and a method that obviates
the highly labor intensive means of extrapolation.
However, this challenge has led researchers to find an
alternative process to the use of cryptography DNA using
DNA digital cryptography or pseudo DNA cryptography.
This type of cryptography is inspired by the process of real
DNA.
A number of studies have been conducted in the context
of DNA cryptography,[16] proposed DNA One-Time Pad,
that hides information in DNA strands as a steganography,
and [17] proposed a virtual DNA major cryptographic
method employed initiatives central dogma of molecular
biology. In addition to [18] which launched a new
cryptographic technique which depends on the central
dogma of molecular biology. Many others have adopted the
proposition of different new cryptographic techniques that
are inspired by actual DNA techniques such as [19] [20]
[21] [22, 23],
Another group of researchers specialized in the design of
DNA-based algorithms, that provide security for images
and videos[24-31].
Although all previous works on DNA have concentrated
on proposing a cryptographic method inspired from the real
DNA, no one has proposed or suggested an S-box that is
designed or created using DNA structure and bio-inspired
techniques.
This paper proposes a novel technique for gaining a
powerful (8 × 8) S-Box based on operations that have been
inspired from really biological DNA structure and
processes. Subsequently, it tests the new S-Box using the SBox testing criteria and the NIST randomness tests for the
cryptosystem that used the DNA-based S-box.
II. CRYPTOSYSTEM
Cryptosystem is a technique that allows some parties to
communicate securely. Generally the cryptosystem consists
of a number of elements: plaintext P , key K as input, and
t
ciphertext C as output. The encryption and decryption
t
methods as E , and D respectively.
k
k
The mathematic represent of the cryprosystem is as
follows:
∀ k ∈ K ∃ 𝐸𝑘 and 𝐷𝑘 : 𝐷𝑘 (𝐸𝑘 (𝑠)) = s ∀ s ∈ 𝑃t .
A. Substitution Box (S-Box)
S-box is the main non-linear transformation of an
encryption algorithm which replaces a set of input bits with
a different set of bits known as its output bits. If S-Box
denoted by: 𝜋𝑠 then:
𝜋𝑠 : {0,1}𝑛 ⟶ {0,1}𝑛 where n represent the number of
input and out bits for S-box.
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
B. AES block cipher
In October 2000, NIST declared that Rijndael had been
chosen as the intended AES. It is an iterated symmetric
block cipher cryptosystem follows the formation of the
Substitution-Permutation Network (SPN) [32-35], where it
is works on segments of data with fixed-length called
blocks, that affect the identical transformation of every
block.
The AES rounds are approximately equal, but the first
and last rounds are a slight specialty. For complete
encryption, the data passes Nr rounds (Nr: = 10, 12, and
14), with key size 128,194 and 256 respectively.Regardless
the number of rounds for the algorithm, each round is made
up of four transformations, as follows: [32].
--First, ShiftRow transformation.
--Second, MixColumn transformation.
--Third, Round Key addition.
--Fourth, ByteSub transformation
2
algorithm It is one of the security testing tools that are used
to evaluate the confusion and diffusion properties for the
new encryption system, according to [39] and [40]..The test
judges if the production of convincing algorithms under test
conditions shows features that suggest that the outputs are
randomly generated.
The NIST test suite consists of 15 tests [41], The
guidelines issued by NIST reports these tests and their
related aims as:
--Frequency (Monobit) Test
This is the most important part of the NIST test in which
all subsequent tests are based on passing this test. The intent
of this test is to determine whether the appearance of ones
and zeros in a sequence is as identical as would be expected
for a truly random sequence. The test assesses the vicinity of
the portion of ½.
--Frequency Test within a Block
The idea of this assay is to determine whether the
frequency of a block of fixed size is around the (block size) /
2, as anticipated in the case assuming randomness.
III. DNA BACKGROUND
DNA (nucleic acid Deoxyribo) is considered to be the
genetic pattern of existing creatures. All the individual cells
in the body have a full set of DNA. It is a polymer made
from monomers named deoxyribo nucleotides.
A single-strand of DNA is composed of a sequence of
molecules named bases, which stick out from a sugarphosphate backbone, the bases are defined as four characters
{A, C, G, and T}[36, 37]. One of the most basic features of
the DNA strand sequence is that it is oriented; accordingly,
TTCA is distinct from ACTT. Typically the DNA strands
exist as paired, reverse complementary words or strands:
The Watson-Crick Double helix, with its four letters, A, C,
G and T paired via A¯ = T and C¯ = G. Corresponding
DNA codes could involve the insertion-deletion metric —
with bounded similarity between two strands [38].
The graphics will stay in the “second” column, but you
can drag them to the first column. Make the graphic wider to
push out any text that may try to fill in next to the graphic.
Central dogma is one of the most important processes for
biological molecules. It is includes some processes of DNA,
such as replication, transcription and translation, As in Fig.
1,
Fig. 1. Central dogma process. One of biological DNA process which is
consists of a number of methods that are used as inspiration for design the new
S-box.
IV. THE NIST SUITE RANDOMNESS TEST
The NIST Test Suite is a set of statistical tests for
randomness used by NIST to evaluate cryptographic
--Runs Test
It is concerned with the complete number of runs in the
sequence. A run is a continuous sequence of the same bits.
The aim of this test is to settle if the amount of runs of ones
and zeros of different sizes is as predictable for a random
sequence.
--Test for the Longest Run of Ones in a Block
It is concerned with the test of the longest run of ones
within fixed bit length blocks. The objective of this test is to
determine whether the length of the longest run of ones of
the tested sequence is homogeneous with that which would
be predictable in a random sequence.
--Binary Matrix Rank Test
This test is concerned with the rank of disjoint submatrices of the entire sequence. The objective of this test is
to confirm the linear reliance among fixed size substrings of
the genuine sequence.
--Discrete Fourier Transform (Spectral) Test
It is concerned with the peak heights in the Discrete
Fourier Transform of the sequence. The objective of this test
is to discover periodic features in the checked sequence that
would specify an aberration from the randomness
supposition; however, the main aim is to see if the amount
of peaks surpassing the 95 % threshold is extensively more
diverse than 5 %.
--Non-overlapping Template Matching Test
It is concerned with the amount of happenings of a
predetermined target series. The objective of this test is to
reveal generators that create too much happening of a
specified non-episodic model.
--Overlapping Template Matching Test
It is same as the Non-Overlapping Template Matching
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
Test; the only difference between them is that in this test
when the pattern is detected or found, the window slides just
a bit before seeking continues.
--Maurer’s “Universal Statistical” Test
It is concerned with the number of bits between
(matching) identical patterns. The objective of this test is to
discover whether or not the sequence can be significantly
compressed without loss of information. A considerably
compressible sequence is believed to be non-random.
--Linear Complexity Test
It is concerned with the size of a linear feedback shift
register (LFSR). The objective this test is to decide whether
or not the sequence is complex enough to be considered
random and has the required complexity.
--Serial Test
It is concerned with the frequency of all likely
overlapping k-bit patterns throughout the whole sequence.
The objective of this test is to decide whether the amount of
happenings of the 2kk-bit overlapping patterns is just about
alike as would be supposed for a random sequence.
--Approximate Entropy Test
It is concerned with the frequency of all possible
overlapping k-bit patterns throughout the whole sequence.
The objective of this test is the comparison of the
overlapping block frequency for two consecutive/adjacent
lengths (k and k+1) against the expected result in a random
sequence.
--Cumulative Sums (Cusum) Test
It is concerned with the highest jaunt (from zero) of the
random step, which is defined by the accruing sum of
amended (-1, +1) digits in the sequence. The objective of
this test is to decide whether the cumulative sum of the
partial sequences happening in the tested sequence is very
great or tiny in size, in respect of the guessed action of that
cumulative sum of random sequences.
--Random Excursions Test
It is concerned with the amount of cycles having accurate
K trips in a cumulative sum random walk. The objective of
this test is to see if the amount of visits to a specific state in
a cycle deviates from what one would expected for a
random sequence.
--Random Excursions Variant Test
It concerned with the entire amount of times that a
specific state is happening in a cumulative sum random
walk. The objective of this test is to see the differences from
the anticipated amount of visits to a variety of states in the
random walk. This test is actually a series of eighteen tests.
V. S-BOX TESTS CRITERIA
There are a number of criteria that S-boxes must meet to be
considered a good S-Box.
--Balanced
If the S-Box has the same number of one’s and zeroes, it
3
indicates that they are balanced, which is one of most
important characteristics of an S-box.
--Completeness
The S-boxes are complete if every output bit depends on
all of the input bits [37]. The function Y is considered
complete if there is at least one pair of plaintext vectors (z
and zi ), such that:
(z and zi ) are n bit vectors that vary in just one bit i ,
and,Y(z)and Y( zi ) vary at least in bit h, for all {i, h ∶ 1 ≤
i, h ≤ n}
--Avalanche criterion
The avalanche effect is an extremely eligible feature of
block ciphers accompanying the computing of diffusion.
Usually, a block cipher is considered to reveal the avalanche
effect if for a single change in a single bit of the input, the
output varies drastically [37, 42, 43].
These relations could be described by certain terms:
Cu A Vector, where, all its bits are (0s), except the bit (i),
which is (1)
AV Cu Avalanche vector represents the difference in the
output string as a result of the changing of bit (i) at the input
string:
𝑐𝑢
AV Cu = 𝑌(𝑥) ⊕ 𝑌(𝑥 ⊕ 𝑐𝑖 ) = 𝑎𝑣1𝑐𝑢 𝑎𝑣2𝑐𝑢 𝑎𝑣3𝑐𝑢 … 𝑎𝑣𝑚
Formally,
the
avalanche
criterion
can
(1)
be
represented as:
𝑆 ∶ {0,1}𝑚 → {0,1}𝑚
A function
It meets the Avalanche criterion if one input bit is
complementing, usually, half of the output bits alter.
For
a square m X m S-Box, S is said to satisfy the avalanche
criterion if for every u ∈ (1, . . , 2m ):
1
2𝑛
𝑛
𝑐
∑ 𝑊( 𝑎𝑣𝑣 𝑢 ) =
𝑣=1
𝑛
2
(2)
Where (u, v) are the inputs and outputs bits, respectively,
such that𝑢, 𝑣 ∈ (1, . . , 2𝑛 ), and:
∑
𝑐
(𝑎𝑣𝑣 𝑢 )
(3)
𝑎𝑙𝑙 𝑥∈{0,1}𝑛
Avalanche Effect =
1
𝑚2𝑚
𝑐𝑢
∑𝑚
𝑣=1 𝑊( 𝑎𝑣𝑣 ) =
1
2
(4)
The avalanche value should be within the range [0, 1].
The ideal value for avalanche is 0.5, which indicates that the
S-Box satisfies the avalanche criterion. However, it is
preferred to take the error interval {- A,+ ∈A} into account
for the experimental results [44].
Also, the avalanche of the transformation function (SBox) can be obtained by using the following equation [45]:
𝐴𝑣𝑎𝑙𝑎𝑛𝑐ℎ𝑒 𝐸𝑓𝑓𝑒𝑐𝑡 =
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑓𝑙𝑖𝑝𝑝𝑒𝑑 𝑏𝑖𝑡𝑠 𝑖𝑛 (𝑜𝑢𝑡𝑝𝑢𝑡)𝑐𝑖𝑝ℎ𝑒𝑟𝑡𝑒𝑥𝑡
𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝐴𝑙𝑙 𝑏𝑖𝑡𝑠 𝑖𝑛 𝑡ℎ𝑒 (𝑜𝑢𝑡𝑝𝑢𝑡)𝑐𝑖𝑝ℎ𝑒𝑟𝑡𝑒𝑥𝑡
--Strict Avalanche (SAC)
According to A. Webster and S. E. Tavares in [37] the
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
transformation function (S-Box) satisfies the strict
avalanche criterion if each bit of its output bits is changed
by a probability of one half when a single bit of its outputs is
complemented. This criterion merges both the completeness
and avalanche criteria.
A
function S ∶ {0,1}m → {0,1}m for all u, v ∈
(1,2, … . m), is said to satisfy the SAC
If complementing one input bit u alters the output bit v by
the chance of precisely one half[37].
For
1
2m
c
W(avvu ) =
1
(5)
2
--Non-Linearity
The nonlinearity of a Boolean function is the distance
between the function and the set of all affine functions, or it
is the distance between the function in issue and the nextdoor linear function [37, 46-48].
According to [49] the Boolean function can be
represented as:
f(v) =
n
⊕
δ . (∏ vizi )
z ∈ F2n z
i=1
(6)
As F2n represents the set of all n-totals of elements in the
Galois Field, and, BFn represents the set of all n variables in
the Boolean function.
Where z= (z1, z2,…,zn) and
F2
Let u= (u1, u2,…, un) and v=(v1,v2,…,vn) ∈ F2n
The inner product for two vectors u & v will be ∑i uivi
As (u1*v1⊕u2*v2⊕ … ⊕un*vn) can be declared as
[u,v].
The nonlinearity for a function F: F2n → F2m , such that
F: {0,1}n → {0,1} named S:
The Walsh transformation of a Boolean function s (u)
∈ BFn over F2n can be expressed as:
ws (u) = ∑ (−1)f(u)⊕[u,v]
(7)
u ∈ Fn
2
n−1
NL(S) = 2
−
1
2
Max
|Ws(u)|
u ∈ F2n∗
For all u, v, l ∈ (1,2, … . m), such as v ≠ l, a function f ∶
{0,1}m → {0,1}m satisfies the bit independence criterion
if complementing input bit u makes the output bits v and l to
alter independently.
The Bit Independence requires a correlation coefficient
between the u and v bits of the Avalanche vector AV cu
𝐵𝐼𝐶(𝑆) =
𝒎𝒂𝒙
1≤𝑢≤𝑚
n
For the S which is a (n,m) S-Box, the nonlinearity can be
known as the minimum amount of the nonlinearities for the
entire nonzero linear combinations of the constituent
functions, as in 10.
NL([z, F]
(9)
𝐵𝐼𝐶(𝑎𝑢, 𝑎𝑙)
(11)
-- Differential Uniformity
The differential Uniformity δ(S) for a function S(x) is
defined as [51]:
𝛿(𝑆) = 𝑚𝑎𝑥𝑛 |{𝑥|𝑆(𝑥) + 𝑆(𝑥 + 𝛼) = 𝛽|
(12)
𝛼∈𝐹2
𝛽∈𝐹2𝑛
𝛼≠0
Where: S(x) = (s1 (x), … , sn (x)) is a multiple output
Boolean function fromF2n → F2n .
The minimum value for δ(S) = 1, and its value for AES
S-box = 4, the low value of differential uniformity means it
is resistant to differential attack [52].
--Invertability
Any n x n S-box satisfy the conditions for invertability, if
S ( x1 ) = S ( x2 ) in case that x1 = x2 for all inputs x1 ,
and x2 .
VI. THE PROPOSED METHOD
The DNA strand has four bases (a, c, g, and t) so:
F(X): X → Y, where X = {a, c, g, t} and Y = {00, 01, 10,
11}. This can be expressed in table I as below:
TABLE I
TABLE (1): DNA BASE CODING
DNA base
Binary code
(8)
22 −1 as maximum nonlinearity [49, 50].
Max
z∈Fm
2 /{0}
(10)
Commonly the values of BIC range between 0 and 1 as:
1: means the worse state is completely dependent on the
relation between v and l bits.
0: means the ideal state is completely independent in the
relation between v and l bits.
a
c
g
t
So, NL(S) in (10) , represents the nonlinearity of the
function s(u) ∈ BFn by using the Walsh transformation
,and, since n is even then the function f(u) will get 2n−1 −
NL(S) = min
𝒎𝒂𝒙
|𝐶𝑜𝑟𝑟(𝑎𝑣𝑒𝑢 , 𝑎𝑙𝑒𝑢 )|
1≤𝑢≤𝑚
So, for the S-Box the Bit independence can be represented
as:
all u, v
Strict Avalanche Effect =
Another criterion called Bit Independence (BIT) was
declared by A. Webster and S. E. Tavares as one of the
criteria used to check the security of the designed S-Boxes.
𝐵𝐼𝐶(𝑎𝑣 , 𝑎𝑙 ) =
The S-Box assures this criterion in case:
4
00
01
10
11
According to the DNA base binary coding, every two bit is
considered as one DNA base. Since a byte consists of eight
bits, so, each byte represents four bases, for example,
01101100 will be as cgta.
The proposed method of generating the new S-boxes is
depending on using two random DNA segments (DNAS1
and DNAS2), that can be obtained from the GenBank [53]
or by using one of unique pseudo DNA generating methods .
The new S-boxes are inspired by DNA transcription process
--Bit Independence (BIC)
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
as one of Central Dogma method which converts the mRNA
to protein.
Each four bases of the first DNA-segment (DNAS1) would
be taken as one byte, and that will repeated until obtain 256
unique bytes. These bytes will be allocated in two
dimensions (16×16) matrix; every element of this matrix is
belonging to 𝐹28 .
This matrix is called Initial S-box (Init-S-box). The first
element of Init-S-box is consisting of four DNA bases and
the second byte will consist of the next four DNA bases and
so on. The second DNA segment (DNAS2) will be used to
reallocate the S-box elements into another (16×16) matrix
that called DNA-based S-box, which forms the final S-box.
A. The Creation of the DNA-Based S-Boxes
The following steps stand for creating the proposed Sbox:
--First: Obtaining the Init-S-box.
1) Get two DNA segments DNAS1 and DNAS2,
where each of them are consist of 1024 DNA
bases, every four successive DNA bases are
unique that form one byte, for example (ctga) 01111000.
DNAS1 1024 DNA bases 256 bytes.
DNAS2 1024 DNA bases, 256 bytes.
2) Place the 256 bytes obtained from the DNAS1 into
16X16 matrix called Initial S-Box (Init-S-box), as
in Fig.2,
DNAS1
ctagagtctgcagccttacgaactctagtacgactgccc
tatcgggcatgtgtatacctagatcttaaatcggggaatt
cgtgtaagatgaggctc………ctggcaagtaaacgatg
ctaaaacacgtgtacctgatatcgcatctgagcatactgt
acatatcagaatcc
Bytes
ctag agtc tgca gcct … gtac
(4 bases)
…
Sequenc
1
2
3
4
… 253
…
es
…
…
…
…
0
1
2
3
4
B
…..
… gatc
0 ctag agtc tgca gcct actg …..
1 gtgt aaga caca tgag gctc …
.
F ctgg caag taaa cgat gcta ….. acgt
atat
caga
atcc
254
255
256
C
D
E
5
B. Obtaining the DNA-based S-box
The second DNA-segment DNAS2 used to obtain the
DNA-based S-box, where the structure and size of the
DNAS2 is same as DNSA1, but, with different DNA-bases,
each four DNA bases are considered as one value (one
byte). These values will be taken one by one to be used as
locater for the New S-box, according to the following
procedures:1) The values of DNAS2 will be taken sequentially
from 1, 256. Note that (each value is consist of 4
successive DNA bases).
2) The values of Init-S-box will be obtained
sequentially one by one and located into the DNAbased-S-box matrix according the DNAS2 values.
3) Each element of the DNAS2 value which consist
of 4 DNA bases would be used to specify the
location of the elements within the New-S-box as
the left two DNA-bases of value would specify the
row, while the right two DNA-bases, would
specify the column. The process of allocating the
elements of the DNA-based-S-box can be
summarized within this pseudo code:
For i =1 to 256
Begin
Four-bases = DNAS2 (i)
//where “Four—DNA-bases = (b4b3b1b1), & b∈ {a ,c ,g, t}
Split (Four-DNA-bases) to:
(Left- Two- DNA-bases) + (Right-Two-DNA-bases)
Left-Two-DNA-bases = b4b3, Right-Two-DNA bases = b2b1
Row = Left-Two-DNA-bases
Col = Right-Two-DNA bases
DNA-based-S-box [row, col] =Initial S-Box[i]
End
The stage of generating the DNA-based S-box can be shown
in Fig.4
F
ttaa atcg ggga attc
tacg atat caga atcc
Fig. 2. Constructing of Init S-box matrix.The DNA segment is placed in
(16×16) matrix named Init-S-boxm where each cell of this matrix contain
4 DNA bases (1 byte).
The binary representing of Init S-box matrix can be
shown in Fig.3, according to DNA bases coding
Fig. 4, Constructing of DNA-based S-box matrix
The results will be the DNA-based S-box, which is
obtained by the inspiration of the DNA processes. The
randomness of the DNA segments will guarantee the
randomness of the generating S-box.
Fig. 3, Binary representation of Init S-box matrix
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
C. Additional transformations
It also could add other transformations for the resulted
New S-box to increase the randomness and the complexity
of the resulted S-box. These transformations are inspired
from DNA processes as follow:
--Reverse process
This transformation can be achieved on the whole New Sbox bases by apply the reverse process as in Fig.5,
Fig. 5, Apply Reverse process over DNA-based S-box elements
--Recode process
Each DNA base can be coded in more than one binary
code as in Table II:
TABLE II
DNA BASE MULTI CODING
DNA base
Code1
Code2
a
c
g
t
00
01
10
11
01
00
11
10
Code3
10
11
00
01
Fig.6, shows the applying of recoding DNA-base over the
DNA-based S-box elements.
6
1,044,096 bits per sequence in length, which were tested and
plotted in the laboratory experiments' action as a random
plaintext with random keys of 128 bits.The tested ciphertext
for the experiments is the output of round (3) of the AES
algorithm with DNA-based S-box.
The entire randomness testing relied upon the use of the
NIST Statistical Test Suite, which comprises 15 tests that,
under special factor put ins, can be observed as 188
statistical tests [40].The majority of the 15 tests have a one
p-value; nevertheless, some of the tests have more than one
P-value Table III. Every P-value matches to the function of
a random statistical test on a distinct block, this block is a
binary sequence [54].
The significant level α used for analysis of its value =
0.01, as proposed by NIST, for the study of P-values gained
from a variety of statistical tests. Depending on the p-value
the following states can be concluded:
1) The sequence is shown to be completely nonrandom if a (p-value = 0).
2) 2. The sequence is shown to be non-random if a (pvalue <0.01).
3) 3. The sequence is shown to be random if a (pvalue ≥0.01).
4) 4. The sequence is shown to be perfect-random if a
(p-value =1).
The proportion of sequences that passed a specific
statistical test should lie above the proportion value p’
described in the following equation:
𝑝′ =
Fig. 6, Apply Re-code process over DNA-based S-box elements
−
+
∝ (1−∝)
3√
𝑚
(14).
Where m = the number of tested sequences.
VII. METHODOLOGY
A number of experiments were conducted
1) Experiments measure the security of the
algorithm that used the DNA-based S-box by
using the statistical NIST Suite Randomness test.
2) Experiments measure the security DNA-based Sbox, using S-box test criteria.
3) Experiment to measure key sensitivity.
4) Experiment to analysis the information entropy.
.
For the NIST Suite Randomness test all the data for
the 128-byte block of plain-text and 16-byte key was
generated and evaluated off-line. The data included a
random plaintext with random 128 bit keys.
This works only deals with the situation where the block
ciphers run in ECB mode, where the plaintext is divided into
blocks, and each block is encrypted separately using the
same secret key.
The values of the key were based on data generated using
the Blum-Blum-Shub (BBS) pseudo-random bit generator,
while the plaintext was different file types, image, video and
text. Many images, videos and text files were chosen.
According to [39], as a minimum, 128 sequences with
1,000,000 bits for each sequence should be used for an
NIST test suite. This paper uses 128 sequences of length
VIII.
RESULTS AND DISCUSSION
A. Cryptanalysis and security analysis
The process of generating the DNA-based S-box does not
used the mathematical operations that were employed in
generating the original AES S-box, including the inverse
multiplication and all operations related to it. Also the use of
DNA segments makes the attempts to attack the S-box and
cipher look like a hard job or infeasible for the
cryptanalyzer, since it is difficult for him to recognize or
anticipate the DNA segments and their construction and
structures.
B. Randomness test
This section evaluates and analyses the randomness of the
AES algorithm used New S-box. A number of experiments
were performed using the NIST Test Suite randomness test
function. It is concerned with proving the success of the
encryption algorithm that used the proposed S-Box by
showing that this cipher has successfully passed all 15 NIST
Statistical Test Suite randomness tests for some chosen
sequences.
In reference to Table III, Random Excursion Test is a chain
of eight tests and conclusions, single test and conclusion for
each of the states: -4,-3,-2,-1 and +1, +2, +3+4.
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
7
TABLE III
BREAKDOWN OF 15 STATISTICAL TESTS APPLIED DURING
EXPERIMENTATION
Test ID
Number
NIST Statistical Test
Number
of
p-value
1
2
3
4
5
6
Frequency
Frequency-Within-Block
Runs
Longest Runs of Ones
Binary Matrix Rank
Discrete Fourier
Transformation
Non-Over Lapping Template
Matching
Overlapping Template
Matching Test
Maurer’s Universal
Linear Complexity
Serial
Approximating Entropy
Cumulative Sums (Cusums)
Random Excursions
Random Excursions Variant
1
1
1
1
1
1
7
8
9
10
11-12
13
14-15
16-23
24-41
1
1
1
1
2
1
2
8
18
Random Excursions Variant Test is a chain of eighteen tests
and conclusions, single test and conclusion for each of the
states:-9,-8,…,-1 and +1,+2,… , +9. State +1 from Random
Excursions Test (test ID number = 20) and state -1 from
Random Excursions Variant Test (test ID number =32) were
selected to register in this experiment, Fig.7, demonstrates
the p-values for 15 NIST at round 3 of the block cipher used
the DNA-based S-box.
Fig.7, Randomness Test for the block cipher used the DNA-based S-box.
The p-values of all the tests are more than 0.01 for the output of round 3.
The result includes State +1 from Random Excursions Test (test ID number = 20)
and state -1 from Random Excursions Variant Test (test ID number =32).
C. The proportion
The proportion of the sequences that exceeded a
particular statistical test must be greater than the proportion
value p′ . As defined in (14) and for the 128 sequences the
proportion value of these sequences is:
0.01(1 − 0.01)
𝑝′ = (1 − 0.01) − 3√
= 0.96361
128
Figure 8 shows the randomness test for 15 statistical tests
for rounds 3 of block block cipher that used the DNA-based
S-box. From this figure, at the end of the third round, all of
the 41 statistical tests fall over 96.36%, which is evident that
the output from the algorithm is random.
Fig.8, Proportion for block cipher using the DNA-based S-box. The
proportion of the 42 tests are more than 0.963616.This indicates that
all the statistical tests have at least 124 of 128 sequences with p-value
more than 0.01.
The results show that, the block cipher with DNA-based
S-box has a good randomness, which proves the security of
the system, since the randomness is consider as one of the
most important factors in the evaluation of ciphers security.
D. S-box test criteria
--Balanced
The new DNA-based S-box, which is generated using the
proposed method, is balanced since it has equal numbers of
both 0’s and 1’s.
--Completeness
The new generated DNA based S-box has the
completeness criteria since each bit of the new S-Box is
dependent on all of the input bits. For the DNA-based SBox, it is clear that if there is at least one pair of 8-bit input
vectors, Z and Zi that are differ in only one bit (i), then the
output f(z) and f(zi) are differ at least in bit j.
--Non-Linearity
The experiment shows that the non-linearity for the S-box
is 114, and, by examining a number of generated DNAbased S-boxes using our proposed method it appears that the
values of non-linearity range between 112 and 118. This
means that they have good nonlinearity since the ideal
nonlinearity value for n=8 is 120, and as long as the value of
nonlinearity is more than 100 it mean it has good results [55,
56].
--Avalanche
A number of DNA-based S-boxes were tested to get their
avalanche values. The experiments show that the avalanche
values of the new S-Boxes range between 0.4689 and 0.51.
--Strict Avalanche (SAC)
The Strict Avalanche criterion for the DNA based S-Box
is satisfying 5, where the whole values are ranging between
130 and 142.
--Bit independence
The experiments show that the bit independence value for
the new DNA-based S-Box does not exceed 0.07.
--Differential Uniformity
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
The experiments results show that differential uniformity
of the new-DNA base S-boxes is range between (4 and 6).So
The resistance against differential cryptanalysis is measured
by the Differential Uniformity, so the new S-boxes
generated by the proposed method have good resistant
against differential attacks[51].
--Invertability
Any n x n S-box satisfy the conditions for invertability, if
S ( x1 ) = S ( x2 ) in case that x1 = x2 for all inputsx1 ,
and x2.
The results of the NIST suite randomness test besides the
S-box criteria tests prove that the new DNA based S-box
have a strong security since they are bijective, balanced and
complete; furthermore, they have perfect avalanche, strict
avalanche, good independence and differential uniformity.
Based on all of the foregoing reasons, and supported by the
simple processes used in the generation of these S-boxes, it
can be deduced that this technique is successful.
E. Key sensitivity analysis
This test is to identify the rate if a bit changes between the
original ciphertext and the changing ciphertext with one
digit key difference. 128 data sets were tested each of them
consists of 32 sequences (128 bits per sequence). The result
of the test is in Figure 9, which is a plot of difference
between the point location of key changed and bit error rate
for one data set. It shows that the values of bit differ
between two ciphertexts of every sequence of key lie within
range of 0.5. The result indicates that a single bit change on
input causes changes on approximately half of the output
bits. It justifies the high sensitivity of ciphertext to the key.
theoretical entropy value H(m) is 8. The experiment results
for the proposed algorithm showed that all the entropies
values are within the range of 7.975 to 7.977. The values are
extremely close to the ideal value
IX. CONCLUSION
This paper proposed a new method to generate new Sboxes inspired by real biological techniques, specifically
DNA. The proposed method tried to take advantage of the
DNA properties in generating a new S-Box that satisfies the
security criterion with simple and less mathematical
operations. It proves that real biology techniques could be
used as the inspiration to build the main components used in
the encryption algorithms like the S-box. The generated Sbox can be used within SPN symmetric block cipher as AES
cipher. The data used for testing the proposed algorithm
were Image, Video, Text, and BBS, which are considered as
being among the most difficult and important data types in
terms of encryption. The security of the new S-boxes were
analyzed and tested using a number of security measurement
and tests as NIST test Suite, S-box test criteria, entropy
information analysis, key sensitivity. The results of the
experiments and tests show that both the new DNA-based SBox and the cipher used have strong security. For future
work, some modifications could be made for the proposed
generating method to build a dynamic DNA-based S-box, in
which the whole cipher completely depends on or is inspired
by DNA techniques. Finally, this work opens the door wide
to capitalize on the numerous features available in DNA and
adopting them within the encryption field.
[1]
[2]
[3]
[4]
[5]
[6]
Fig. 9, Key sensitivity analysis.
F. Analysis of information entropy
This section is concerned with the calculation and
analysis of the entropy for the generated S-Boxes (DNAbased S-Box).It is known that the entropy of a message
source can be computed according to the equation 15
2𝑁 −1
𝐻(𝑚) = ∑ 𝑃(𝑚𝑗 )𝑙𝑜𝑔
𝑗=0
1
𝑃(𝑚𝑗 )
𝑏𝑖𝑡𝑠
(15)
[7]
[8]
[9]
[10]
H(m) represents the entropy of the message m, 𝑃(𝑚𝑗 )
symbolizes the probability of happening of symbol 𝑚𝑗 and
finally, the log corresponds to the base 2 logarithm in order
that the entropy is stated by bits.
For totally random source producing 28 symbols, the
8
[11]
[12]
[13]
REFERENCES
K. Kazlauskas and J. Kazlauskas, "Key-dependent S-box
generation in AES block cipher system," Informatica, vol. 20,
pp. 23-34, 2009.
A. Braeken, "Cryptographic properties of Boolean functions and
S-boxes," phd thesis-2006, 2006.
J. Detombe and S. Tavares, "Constructing large
cryptographically strong S-boxes," in Advances in Cryptology—
AUSCRYPT'92, 1993, pp. 165-181.
G. Leander and A. Poschmann, "On the Classification of 4 Bit
S-boxes," in Arithmetic of Finite Fields, ed: Springer, 2007, pp.
159-176.
C. Adams and S. Tavares, "Good S-boxes are easy to find," in
Advances in Cryptology—CRYPTO’89 Proceedings, 1990, pp.
612-615.
J. A. Clark, et al., "The design of S-boxes by simulated
annealing," New Generation Computing, vol. 23, pp. 219-231,
2005.
G. Tang, et al., "A novel method for designing S-boxes based on
chaotic maps," Chaos, Solitons & Fractals, vol. 23, pp. 413419, 2005.
M. T. Tran, et al., "Gray S-box for advanced encryption
standard," in Computational Intelligence and Security, 2008.
CIS'08. International Conference on, 2008, pp. 253-258.
D. Canright and L. Batina, "A very compact “perfectly masked”
S-box for AES," in Applied Cryptography and Network
Security, 2008, pp. 446-459.
G. Chen, "A novel heuristic method for obtaining< i> S</i>boxes," Chaos, Solitons & Fractals, vol. 36, pp. 1028-1036,
2008.
G. Krishnamurthy and V. Ramaswamy, "Making AES stronger:
AES with key dependent S-box," IJCSNS International Journal
of Computer Science and Network Security, vol. 8, pp. 388-398,
2008.
H. M. El-Sheikh, et al., "A New Approach for Designing KeyDependent S-Box Defined over GF (2 4) in AES."
A. Janadi and D. Anas Tarah, "AES immunity Enhancement
against algebraic attacks by using dynamic S-Boxes," in
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
International Journal of Engineering & Technology IJET-IJENS Vol:15 No:04
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
[38]
Information and Communication Technologies: From Theory to
Applications, 2008. ICTTA 2008. 3rd International Conference
on, 2008, pp. 1-6.
G. Zaibi, et al., "A new design of dynamic S-Box based on two
chaotic maps," in Computer Systems and Applications
(AICCSA), 2010 IEEE/ACS International Conference on, 2010,
pp. 1-6.
J. Juremi, et al., "A proposal for improving AES S-box with
rotation and key-dependent," in Cyber Security, Cyber Warfare
and Digital Forensic (CyberSec), 2012 International
Conference on, 2012, pp. 38-42.
A. Gehani, et al., "DNA-based cryptography," in 5th DIMACS
workshop on DNA Based Computers, MIT, 1999.
S. T. Amin, et al., "A DNA-based Implementation of YAEA
Encryption Algorithm," in IASTED International Conference on
Computational Intelligence, San Francisco, 2006, pp. 120-125.
K. Ning, "A pseudo DNA cryptography method," arXiv preprint
arXiv:0903.2693, 2009.
A. Leier, et al., "Cryptography with DNA binary strands,"
BioSystems, vol. 57, pp. 13-22, 2000.
Q. Zhang, et al., "An image encryption algorithm based on
DNA sequence addition operation," in Bio-Inspired Computing,
2009. BIC-TA'09. Fourth International Conference on, 2009,
pp. 1-5.
O. Tornea and M. Borda, "DNA Cryptographic Algorithms," in
International Conference on Advancements of Medicine and
Health Care through Technology, 2009, pp. 223-226.
S. Sadeg, et al., "An encryption algorithm inspired from DNA,"
in Machine and Web Intelligence (ICMWI), 2010 International
Conference on, 2010, pp. 344-349.
M. Sabry, et al., "Three Reversible Data Encoding Algorithms
based on DNA and Amino Acids' Structure," International
Journal of Computer Applications, vol. 54, 2012.
T. Mandge and V. Choudhary, "A DNA encryption technique
based on matrix manipulation and secure key generation
scheme," in Information Communication and Embedded
Systems (ICICES), 2013 International Conference on, 2013, pp.
47-52.
Q. Zhang and L. Liu, "DNA Coding and Chaos-Based Image
Encryption Algorithm," Journal of Computational and
Theoretical Nanoscience, vol. 10, pp. 341-346, 2013.
G. Jacob and A. Murugan, "An Encryption Scheme with DNA
Technology and JPEG Zigzag Coding for Secure Transmission
of Images," arXiv preprint arXiv:1305.1270, 2013.
M. Babaei, "A novel text and image encryption method based
on chaos theory and DNA computing," Natural computing, pp.
1-7, 2013.
Q. Zhang, et al., "A novel image fusion encryption algorithm
based on DNA sequence operation and hyper-chaotic system,"
Optik-International Journal for Light and Electron Optics,
2013.
L. Liu, et al., "A RGB image encryption algorithm based on
DNA encoding and chaos map," Computers & Electrical
Engineering, vol. 38, pp. 1240-1248, 2012.
X. Wei, et al., "A novel color image encryption algorithm based
on DNA sequence operation and hyper-chaotic system," Journal
of Systems and Software, vol. 85, pp. 290-299, 2012.
Q. Zhang, et al., "A Novel Image Encryption Algorithm Based
on DNA Subsequence Operation," The Scientific World Journal,
vol. 2012, 2012.
J. Daemen and V. Rijmen, "The block cipher Rijndael," in
Smart Card Research and Applications, 2000, pp. 277-284.
J. Daemen and V. Rijmen, The design of Rijndael: AES-the
advanced encryption standard: Springer, 2002.
J. Daemen and V. Rijmen, "AES proposal: Rijndael," in First
Advanced Encryption Standard (AES) Conference, 1998.
N. F. Pub, "197: Advanced Encryption Standard (AES), Federal
Information Processing Standards Publication 197, US
Department of Commerce/NIST, November 26, 2001. Available
from the NIST website," ed.
M. Zhang, et al., "A mathematical formulation of DNA
computation," NanoBioscience, IEEE Transactions on, vol. 5,
pp. 32-40, 2006.
A. Webster and S. E. Tavares, "On the design of S-boxes," in
Advances in Cryptology—CRYPTO’85 Proceedings, 1986, pp.
523-534.
G. I. Bell and D. C. Torney, "Repetitive DNA sequences: some
considerations for simple sequence repeats," Computers &
chemistry, vol. 17, pp. 185-190, 1993.
[39]
[40]
[41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
[52]
[53]
[54]
[55]
[56]
9
J. Soto and L. Bassham, "Randomness testing of the advanced
encryption standard finalist candidates," DTIC Document2000.
V. Katos, "A randomness test for block ciphers," Applied
mathematics and computation, vol. 162, pp. 29-35, 2005.
L. E. Bassham III, et al., "SP 800-22 Rev. 1a. A Statistical Test
Suite for Random and Pseudorandom Number Generators for
Cryptographic Applications," 2010.
H. Feistel, "Cryptography and computer privacy," Scientific
american, vol. 228, pp. 15-23, 1973.
H. Feistel, et al., "Some cryptographic techniques for machineto-machine data communications," Proceedings of the IEEE,
vol. 63, pp. 1545-1554, 1975.
I. Vergili and M. Yücel, "Avalanche and Bit Independence
Properties for the Ensembles of Randomly Chosen× S-Boxes,"
Turk J Elec Engin, vol. 9, pp. 137-145, 2001.
S. Ramanujam and M. Karuppiah, "Designing an algorithm with
high avalanche effect," IJCSNS, vol. 11, p. 106, 2011.
A. Canteaut and M. Videau, "Symmetric boolean functions,"
Information Theory, IEEE Transactions on, vol. 51, pp. 27912811, 2005.
W. Meier and O. Staffelbach, "Nonlinearity criteria for
cryptographic functions," in Advances in Cryptology—
EUROCRYPT’89, 1990, pp. 549-562.
J. Pieprzyk and G. Finkelstein, "Towards effective nonlinear
cryptosystem design," Computers and Digital Techniques, IEE
Proceedings E, vol. 135, pp. 325-335, 1988.
S. Gao, et al., "Nonlinearity Profile Test for an S-Box," in
Future Wireless Networks and Information Systems, ed:
Springer, 2012, pp. 639-644.
C. Carlet and C. Ding, "Nonlinearities of S-boxes," Finite Fields
and Their Applications, vol. 13, pp. 121-135, 2007.
J. Cui, et al., "An improved AES S-Box and its performance
analysis," International Journal of Innovative Computing,
Information and Control, vol. 7, 2011.
G. Gong, et al., "Enhanced Criteria on Differential Uniformity
and Nonlinearity of Cryptographically Significant Functions."
D. A. Benson, et al., "GenBank," Nucleic acids research, p.
gks1195, 2012.
A. Rukhin, et al., "A statistical test suite for random and
pseudorandom
number
generators
for
cryptographic
applications," DTIC Document2001.
O. Kazymyrov, et al., "A Method For Generation Of HighNonlinear S-Boxes Based On Gradient Descent."
I. Hussain, et al., "Construction of cryptographically strong 8× 8
S-boxes," World Appl. Sci. J, vol. 13, pp. 2389-2395, 2011.
150204-7373-IJET-IJENS © August 2015 IJENS
IJENS
