Multimedia Tools and Applications

https://doi.org/10.1007/s11042-019-08464-6

S-box design based on optimize LFT parameter

selection: a practical approach in recommendation
system domain

Saira Beg 1 & Naveed Ahmad 2 & Adeel Anjum 1 & Mansoor Ahmad 1 & Abid Khan 1 &
Faisal Baig 3 & Ahmed Khan 1

Received: 26 February 2019 / Revised: 25 October 2019 / Accepted: 12 November 2019

# Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract
The strength of cryptography encryption is strongly depended upon the substitution box
(S-box), hence highly non-linear S-box is appreciated in cryptography. In this work, we
proposed a scheme to select the optimized values for control parameters (a, b, c, d) of
linear fractional transform (LFT) to achieve an S-box with non-linearity of 112. For
dynamic parameter values, we used location of chaotic sequences. The proposed s-box
tested on different criteria such as non-linearity method (NL), probability methods (linear
approximation (LP), differential approximation (DP), strictly avalanche criteria (SAC)
and bit independence criteria (BIC). Our result shows that proposed s-box achieves better
or equal to cryptographic strength as compared with state-of-the-art techniques. More-
over, we tested the proposed s-box based encryption method in recommendation system
scenario with the idea of text-to-image conversion. The statistical analysis of this image
encryption shows the bright prospects of the proposed method.

Keywords S-box . Cryptography . Galois field . Projective linear group (PGL) . Chaotic theory .
Text-2-image conversion . Recommendation system . NIST standard

1 Introduction

In cryptography one of the most essential resources is the substitution box (S-box) that plays
an important role. The S-box is used to aid in creating confusion in data and the strength of

* Ahmed Khan
soft_engr_isb@yahoo.com

1
Department of Computer Science, COMSATS University Islamabad, Islamabad, Pakistan
2
FAST-National University of Computer and Emerging Sciences, Islamabad, Pakistan
3
Federal Urdu University of Arts, Science & Technology, Islamabad, Pakistan
 Multimedia Tools and Applications

encryption is depended upon the ability of S-box to distort the data [29, 44]. S-box is basically
a set of permutations mapping of m-bits input into n-bits output. The output n-bits can be
viewed as a Boolean function. The representation of Boolean function is F : F n2 ⟶F m 2
where in s-box, a single nonlinear transformation function is used which perform the confusion
bit. So, high non-linear s-box is required. For cryptography technique the need of a strong S-
box is a matter of great interest in research community. A lot of effort has been put to develop
S-box [3, 13, 24, 26, 31, 39]. The most common construction techniques of s-box used chaotic
maps, power polynomial, DNA sequences, TDERC sequences, Galois field, machine learning,
inversion mapping, Gaussian noise, and pseudorandom number generator approach [24, 31]
[2]. In literature, AES, APA, Gray, Skipjack, Xyi, and Residue Prime (RP) S-boxes, are
available [24]. These methods are not only algebraically complex but also have better
cryptographic properties. The strength of the encryption method is usually based on the
properties of s-box. For s-box analyses, researchers have also developed numerous ways [2,
15, 30, 41, 45]. These methods and criteria consist of non-linearity method (NL), probability
methods (linear approximation (LP), differential approximation (DP)), strictly avalanche
criteria (SAC) and bit independence criteria (BIC) [24, 2, 15, 30, 41, 45]. In this paper, we
used linear fractional transform (LFT). The equation of LFT is given below [26];
at þ b
f ðtÞ ¼ ð1Þ
ct þ d
In LFT, the Projective linear group (PGL) was applied to the Galois field (GF) of order 256 for
the construction of new S-box. It is obvious that the algorithm starts with GF (28) and function
f (t) is modeled as PGL (2, GF (28)) on GF (28) [44, 24]. In this scheme, we want to generate s-
boxes having a non-linearity of 112. For this purpose, we select optimal values for LFT control
parameters (a, b, c, and d). For dynamic parameter values, we used chaotic sequences that can
be generated by any chaotic maps.
The rest of the paper is organized as follows. In section 2 and 3, we discussed the related
work and chaotic maps based parameter values respectively. The description of the proposed s-
box method and analysis of the proposed s-box is given in section 4 and 5 respectively.
Section 6 presents the results of the proposed s-box based encryption method in the recom-
mendation system scenario. The conclusion is presented in section 7.

2 Related work

In literature, different strategies are available to design the s-box which includes chaotic maps
and systems [5, 7, 15, 27, 29, 30, 34, 35, 37, 39, 43, 49], Gaussian noise [31], power
polynomial, Galois field, LFT [11, 24, 44], machine learning [2] and many more. In this
paper, our focus is to optimize the LFT parameters, which is currently being investigated by
different researchers as discussed in [11, 24, 31, 44]. Article [24] used the irreducible
polynomial η(x) = x8 + x6 + x5 + x4 + 1 of degree 8 for the construction of S-box of GF (28).
They used a random approach to generate the parameter values of LFT which ensures the non-
degeneracy condition ad - bc ≠ 0. The non-linearity score of this approach is 112.
In the article [31], the authors used a Gaussian distribution approach to optimize the
LFT parameters. They used three different Gaussian distribution algorithms; Box-Muller
transforms, Polarization decision algorithm, and Central limit algorithm to generate
sequences for variable “a”, “b”, “c”. For variable “d”, they perform the bitwise XOR
Multimedia Tools and Applications

on parity bits generated from Box-Muller transform method (a) and polarization decision
method (b). For variable “z”, they perform the bitwise XOR on parity bits generated
from central limit method (c) and sequence generated for “d”. Their proposed method
achieves maximum non-linearity up to 112.
Article [11] used the Chebyshev map to generate the four random values for LFT parameters.
The initial condition and control parameter values of Chebyshev map for S-box generation are y0 =
0.49181151663058487 and β = 0.49869124158571443. Their proposed S-box achieves non-
linearity score of 112. Article [8, 44] used SLM (Sine-Logistic Map) to generate S-box. Their
proposed method is consisting of three steps; in first step, they consider the group of units from the
ring of integers modulo 1024, and the normal subgroup of U(Z1024) is given byF = {4p + 1, 0 =
p < 256}. The set of multiplicative inverse of Fis denoted by F−1. In second step, they initialized the
chaotic map β on F with the help of β(a) = ra−1where r ∊ F. In third step, they define an action of
PGL group on the set. Their proposed S-box achieves non-linearity score of 107.25.

3 Chaotic map based parameter values

Chaotic maps are widely used in encryption because of their dynamical behavior and
sensitive to their initial conditions. These systems create a butterfly effect; can be defined
as if a smaller change occurs in the initial conditions produce large changes that make
them a suitable component of the encryption model. In literature, wide varieties of the
chaotic maps are developed e.g., logistic maps, gingerbread man maps, chaotic scaled
Zhongtang systems, and, many more [15, 29, 39]. The randomness level of the chaotic
sequences directly affects the quality of the encryption system. Here, in this paper, for
the selection of parameter values, we can use different dimensional (1D, 2D, and 3D)
chaotic maps and systems. All chaotic maps require an initial condition xο and control
parameters λ. xο is assigned as an internal state variable before the first iteration and the
λ parameter controls the dynamic system of the map. On the basis of existing theoretical
studies, the best value of λ is between 3.6 and 4. For simplicity, we use the logistic map.
Logistic Map is the most used chaotic maps in the literature and it is defined as;

xiþ1 ¼ λ:xi ð1−xi Þ; xο ∈½0; 1; 0 < λ < 4 ð2Þ

For sequence generation, we set the initial condition as 0.9 and the control parameter as 4. We
tested the chaotic sequence generated by the logistic map on NIST randomness tests, which are
internationally accepted as the highest standard. The simple logistic sequence passed few NIST
tests. Here, for the proposed method, we can use this logistic sequence into ways such as;

I. Use the original location of the sequence after performing the ascending or descending
operation on it.
II. Create binary bits from the chaotic sequence and generate unique numbers

In the location strategy, we can generate 256 values by performing two steps;

Step 1. generate 256 length of a chaotic sequence

Step 2. perform the ascending or descending operation on the sequence while keeping the
original location.
 Multimedia Tools and Applications

Output: random 256 locations (no repetition) will be achieved.

In the second strategy, we can generate 256 values by performing the following steps;

Step 1. generate minimum 256*8*2 chaotic sequence

Step 2. generate binary from the chaotic sequence, if the sequence value is >0.5 then
consider it as 1 otherwise 0. Combine 8 binary sequences into groups. OR use the
simplest method which is ndnum = (chaotic sequence ∗ 256) % 256.
Step 3. generate unique random numbers.

Output: 256 random numbers will be achieved.

We tested the nonlinearly of both methods (consider these 256 values as S-box). The
minimum nonlinearity score of the location method is 90 and after 10 runs we achieved a
maximum score up to 96. The minimum nonlinearity score of binary method is 104 and after
10 runs we achieved maximum score up to 106. Here, it is worth mentioning that, for
simplicity we only use location method in our proposed method.

4 Proposed S-box method

For the construction of S-box of GF (28), advanced encryption standard (AES) utilized irreducible
polynomial η(x) = x8 + x4 + x3 + x + 1 of degree 8 [17], whereas polynomial η(x) = x8 + x4 + x3 +
x2 + x + 1 for the generation of numbers was used in [26]. It is notable that we may choose any of
degree 8 polynomial, so, in our work we utilized η(x) = x8 + x6 + x5 + x4 + 1.
For LFT parameter values we ensure non-degeneracy condition ad - bc ≠ 0 every time and
choose parameter values from the range of [1–255]. Our proposed algorithm of s-box design
based on parameter selection is given below;

Step 1. We initialize “b” and “c” from the range of [1–254].

Step 2. To ensure the non-degeneracy condition, firstly identify the value range for “a” and
“d” parameters. For this purpose, compare the values of “b” and “c” in order to
identify the larger value. Consider that larger value as “X” and smallest value as “Y”.
Step 3. For parameter “a”, select value from the range of [Y-255] and for parameter “d”
select value from the range of [X-255].
Step 4. For the dynamic selection of “a” and “d” values, chaotic maps are used. For this
purpose, initialize two chaotic sequences Q, P in which length of sequence Q is equal
to the length of [Y-255] range and length of sequence P is equal to the length of
[X-255] range.
Step 5. For the initial value of “a”, “d”, identify the max value and its location from both
chaotic sequences. Using location value, we can select a value for “a” and “d” from
their respective ranges such as;

a ¼ ððX þ max val locÞ−1Þ

d ¼ ððY þ max val locÞ−1Þ

Step 6. To find the optimized values of “a” and “d”, generates S-boxes for each value of “a”
and “d”, while keeping “b” and “c” constant. Final values of “a”, and “d” will only
be selected if generated s-box should possess the following criterion;
Multimedia Tools and Applications

Step 6.1: Each s-box should pass the uniqueness criterion. In our strategy, we
allowed only two repetition maximum.
Step 6.2: if the repeated element is “0”, then identify the two locations of “0” and
missing values from that s-box from the range of [0–255]. Replace the 1st
missing value at the 2nd “0” location. Calculate the non-linearity of that s-
box. If its non-linearity is greater than or equal to 112, than store the values
of “a” and “d” in the final list.
Step 6.3: Other than “0” repeated elements discard the s-box and insert the values of
“a”, “d” in the discarded list.

Step 7. From 2nd iteration onwards, the other values of “a” and “d” will be selected as; sort
the chaotic sequences “P” and “Q” in ascending or descending order while keeping a
record of the original indexes of the data. Use these indexes to arrange the values of
[X-255] and [Y-255] in order to get the values of “a” and “d”.

From Fig. 1, it is obvious that the algorithm starts with GF (28) and function f(t) is
modeled as PGL (2, GF (28)) on GF (28) [24, 44]. Next, we will initialize the values for
variable “b” and “c” from the range of [1–254], suppose we select 15 and 20 respec-
tively. Here, after comparison we can see that variable “c” values are greater, so, consider

Fig. 1 Flow chart for S-box

 Multimedia Tools and Applications

this value as X and value of b will be considered as Y. Using X = 20, Y = 15 we can

define the range for variable “d” such as [21–255] and for “a” the range will be [16–255]
as shown in Table 1.
After the selection of the control parameters for function f (t) on the PGL filed, an S-box is
created using Eq. 3 as shown in Table 2.

216t þ 15
f ðt Þ ¼ ð3Þ
20t þ 157

In Table 2, column 1 represents the value of “t” in GF (28) column 2 represents the
analytical details for LFT and column 3 represents the transformation LFT to S-box
values using PGL (2, GF (28)). A complete, s-box with zeros repletion is shown in
Table 3.
After that, we apply the uniqueness criterion on the generated s-box and found out that
element “14” is missing from the s-box. To insert the missing element in the s-box, we have to
find the location of zeros and put the missing value at the second location. The final, s-box is
given in Table 4.

5 Results and evaluation

In this section, the proposed S-box is analyzed and different constraint results are compared
with state-of-art methods such as; LFT based s-box using Gaussian [31], LFT based S-box
using PGL [24], AES, APA, Gray, Skipjack, and Xyi [16, 17, 32, 42, 50]. The explanation of
the analysis and results of the proposed S-boxes is given below.

5.1 Non-linearity

Non-linearity is an indicator for the truth table of Boolean function in which the number of bits
must be altered to reach a value of affine transformation. Table 5 shows the performance
parameters results for newly constructed S-box and Table 6 shows the results compared with
other established S-boxes used in encryption such as AES, Gray, APA, Skipjack, Xyi, and S-
box from LFT in [24, 31].
In the recent article [31], authors compare their non-linearity score with more than 25 recent
published research papers and proved that their non-linearity score is greater and equal to these
studies. From Table 6 we can clearly see that our s-boxed non-linearity score is similar to [31].
Moreover, the approach in the article [31] achieves minimum non-linearity 110 wherein our
proposed method, minimum score is also 112 as similar to article [24].

5.2 Bit independence criterion

Bit independence criteria (BIC), is a parameter for the analysis of output bit pattern
behavior and the effect of changes in the successive rounds of encryption [42]. This
criterion was first introduced by Webster and Tavares (1986), according to criteria the
variables are compared pairwise to extract the knowledge of independence of these
variables [47]. In cryptography bit independence (BI) is highly desirable because as BI
increases it will become more difficult to understand and predict system design. Table 7
 Multimedia Tools and Applications

Table 1 Example of proposed algorithm

Sequence-no Logistic-sequence-P Logistic-sequence-Q For variable “d” For variable “a”

Initial-condition = 0.3 Initial-condition = 0.2 [21–255] [16–255]

1 0.3 0.2 21 16
2 0.84 0.64 22 17
3 0.5376 0.9216 23 18
. 0.994345 0.28901376 24 19
. 0.022492 0.821939226 25 20
. . . . .
. Length of [X-255] Length of [Y-255] 255 255
First iteration process for Maximum sequence element Maximum sequence element of Using location of max element Using location of max element
parameter selection of P = 0.99993477, Q = 0.999940569, the value of “d” from the range the value of “a” from the range
Location of Max sequence Location of Max element = 201 [21–255] is = 157 ((137 + 21)-1) [16–255] is = 216 ((201 + 16)-1)
element = 137
 Multimedia Tools and Applications

Table 2 S-box from Eq. 2

t ∈GF (28) S-box

f ðtÞ ¼ 20tþ157
216tþ15

0 216ð0Þþ15
f ð0Þ ¼ 20ð0Þþ157
96
1 216ð1Þþ15
f ð1Þ ¼ 20ð1Þþ157
90
2 216ð2Þþ15
f ð2Þ ¼ 20ð2Þþ157
12
255 216ð255Þþ15
f ð255Þ ¼ 20 ð255Þþ157
239

presents the comparison of the BIC results with other existing methods and it is evident
that the BIC results for the proposed S-box are equivalent to AES, APA S-box.
After that strict avalanche criterion (SAC) were applied to BIC and the result for SAC of
BIC is given in Table 8. Results for SAC of BIC clearly show that the average value is 0.50
which shows the strength of proposed S-box.

5.3 Linear approximation probability

Linear approximation probability helps in quantifying the maximum amount of imbal-

ance for the possible outcome of an event. Suppose, Γx, Γy be the two masks that are
applied to input and output bit parity respectively with X consists of all possible inputs
with cardinality 2n, then the linear approximation for any given S-box can be approxi-
mated as given in Eq. 4 [38].

(4)

Table 9 shows the result for linear approximation probability with well-known S-box available
in the literature and with previous work on LFT based S-box. The result presented in Table 9
shows that the newly developed S-box is resistant to linear attack.

Table 3 Generated S-box with Zeros repetition

96 90 12 89 55 191 98 61 242 8 91 69 52 24 211 123

60 97 25 137 42 77 196 31 223 81 148 236 200 237 251 134
167 224 18 51 72 103 58 1 3 17 195 115 233 43 207 6
26 65 59 141 80 162 193 120 118 78 174 93 62 76 128 9
32 106 235 70 75 221 149 243 29 104 166 160 34 228 2 152
100 38 225 178 63 254 99 110 220 16 163 116 68 30 48 244
161 218 212 108 37 219 114 154 217 133 198 158 171 83 194 35
165 41 227 249 205 201 192 11 213 87 215 202 180 84 105 95
232 156 79 147 155 112 101 13 85 216 179 140 0 19 184 5
36 71 57 125 157 248 15 150 238 49 170 252 175 183 56 131
92 67 119 127 126 222 169 153 21 204 240 74 230 109 234 199
129 146 23 27 245 143 189 173 151 117 28 255 190 66 107 182
113 208 44 136 187 176 111 185 124 214 210 10 122 197 135 164
121 144 226 39 168 142 0 138 130 102 45 54 177 253 20 229
7 94 206 159 250 50 139 46 132 73 82 181 86 22 40 47
145 64 4 241 247 188 172 186 88 246 33 203 53 231 209 239
Multimedia Tools and Applications

Table 4 Proposed s-box

96 90 12 89 55 191 98 61 242 8 91 69 52 24 211 123

60 97 25 137 42 77 196 31 223 81 148 236 200 237 251 134
167 224 18 51 72 103 58 1 3 17 195 115 233 43 207 6
26 65 59 141 80 162 193 120 118 78 174 93 62 76 128 9
32 106 235 70 75 221 149 243 29 104 166 160 34 228 2 152
100 38 225 178 63 254 99 110 220 16 163 116 68 30 48 244
161 218 212 108 37 219 114 154 217 133 198 158 171 83 194 35
165 41 227 249 205 201 192 11 213 87 215 202 180 84 105 95
232 156 79 147 155 112 101 13 85 216 179 140 0 19 184 5
36 71 57 125 157 248 15 150 238 49 170 252 175 183 56 131
92 67 119 127 126 222 169 153 21 204 240 74 230 109 234 199
129 146 23 27 245 143 189 173 151 117 28 255 190 66 107 182
113 208 44 136 187 176 111 185 124 214 210 10 122 197 135 164
121 144 226 39 168 142 14 138 130 102 45 54 177 253 20 229
7 94 206 159 250 50 139 46 132 73 82 181 86 22 40 47
145 64 4 241 247 188 172 186 88 246 33 203 53 231 209 239

5.4 Differential approximation probability

For a stronger encryption process under ideal conditions, the differential approximation
probability should exhibit differential uniformity for S-box [14], but the smaller value of DP
also indicated a stronger S-box. The differential approximation is defined in Eq. 5.
 
#fx∈X jS ðxÞ⊗S ðx⊗ΔxÞ ¼ Δyg
DPðΔx→ΔyÞ ¼ ð5Þ
2n

Where Δx and Δy are differential input and outputs. Results for DP of given S-box is
given in Table 10.

5.5 Strict avalanche criterion

The strict avalanche criteria (SAC) are used to evaluate the chipper output with reverence
to changes applied at the input. To satisfy SAC, it is desirable that a single change at the
input value must toggle half of the output bit. And as the iteration for substitution
permutation progress a single change in input bit will cause an avalanche change.
Formally SAC can be defined as function f : F n2 ⟶F 2 satisfies SAC if f(x) ⊕ f(x ⊕ α)
is balanced for all α whose weights are 1. The result for the SAC of proposed S-box is
given in Table 11.

Table 5 Performance parameters of proposed S-box

Analysis Min value Max value Average Variance Differential Linear

approximation approximation
probability probability

Non-linearity 112 112 112

SAC 0.4551 0.5625 0.498291 0.033537
BIC 112 112 0
DP 0.023438
LP 0.0625
SAC-of-BIC 0.48242 0.50195 0.00931
 Multimedia Tools and Applications

Table 6 Non-linearity score comparison with state-of-the-art techniques

Substitution box Max-non linearity Substitution box Max-non linearity

Proposed S-box 112 Peng et al., [40], 2017 112

AES 112 Latif et al., [18], 2019 106.25
APA 112 Belazi et al., [11], 2017 112
Gray 110 Solami et al., [5], 2018 108
Skipjack 110 Lambić [35], 2017 108
Xyi 110 Tian et al., [49], 2018 106
Khan et al., [31], 2019 112 Lambić [34], 2014 112
Farwa et al., [24], 2016 112 Liu et al., [36], 2014 106
Belazi et al., [10], 2017 108 Zhang et al., [53], 2014 110
Belazi et al., [7], 2017 110 Liu et al., [37], 2015 108

The comparison of maximum non-linearity and BIC score with parameter optimization
researches are shown in Fig. 2.
The comparison SAC, DP, and LP score with parameter optimization researches are shown
in Fig. 3.

5.6 Statistical analysis of proposed s-box based image encryption

With the increase in digital traffic nowadays it is vital to secure digital information against all
possible attacks. To evaluate the strength of the proposed S-box in image encryption, we analyzed
the majority logic criterion (MLC) which is the most widely used criterion in image encryption
research [1, 6, 9, 12, 19–23, 25, 51, 52, 54]. In the recent past different image encryption
algorithm has been presented using S-box [27, 43, 49]. Recent studies evaluate the strength of
S-box using different parameters like entropy, homogeneity, correlation, contrast, and energy. To
evaluate these parameter results for proposed S-box (shown in Table 4), we first apply our S-box
to Lena image. Original Lena image and the resultant encrypted images are shown in Fig. 4.
Now to determine the quantitative measures of 256 × 256 encrypted Lena image MLC
is applied. The results for entropy, correlation, energy, contrast, and homogeneity are
given in Table 12.
From Table 12 we can clearly see that proposed s-box encryption shows comparable results
with other state-of-the-art techniques.

6 Mobile recommendation system (MRS): A case study

We tested the s-box based image encryption technique in the mobile app recommenda-
tion system (MRS) scenario. In the recommendation system, for recommendations, these

Table 7 Bit independence criteria results and comparison

S-boxes Proposed AES APA Gray Skipjack Xyi [31] [24] [10] [18]

Min Value 112 112 112 112 102 101.71 108 112 – –
Avg. Value 112 112 112 112 104.14 103.78 112 112 103.7 103.7
Deviation 0 0 0 0 1.767 2.743 2.8284 0 – –
Multimedia Tools and Applications

Table 8 Results for SAC of BIC

– 0.490234 0.496094 0.509766 0.509766 0.505859 0.503906 0.5

0.490234 – 0.482422 0.517578 0.498047 0.503906 0.515625 0.509766
0.496094 0.482422 – 0.484375 0.503906 0.488281 0.501953 0.515625
0.509766 0.517578 0.484375 – 0.490234 0.494141 0.496094 0.486328
0.509766 0.498047 0.503906 0.490234 – 0.507812 0.509766 0.5
0.505859 0.503906 0.488281 0.494141 0.507812 – 0.509766 0.513672
0.503906 0.515625 0.501953 0.496094 0.509766 0.509766 – 0.509766
0.5 0.509766 0.515625 0.486328 0.5 0.513672 0.509766 –

systems access various types of user data such as previous product purchasing history,
demographic, biographical and social relationships information. Such information col-
lection, distribution and use of disclosed data can impose privacy and security threats
which are an inherently human attitude towards their belongings [33, 46, 48]. Data used
in the recommendation process could be sold to a third party by the intruder without user
consent or could even be stolen by motivated attackers during data transit. As we know
recommendation process has three main phases and recently authors in [48] have
identified different privacy and security risks associated with each phase of mobile
recommendation system i.e. from data collection to display recommendations. Table 13
shows the privacy risks related to each phase of a mobile recommendation system [48].
In data collection phase, recommender system can collect implicit and explicit class data
where data transmission mechanism from user to the recommender is depends upon
architecture and system design of recommendation system e.g. client-server, peer-to-peer
and distributed system [48].
In recommendation system, usually, it is assumed that there is a mutual trust present
between users and recommenders in which users participate honestly (provide honest
data e.g. feedbacks and ratings) and recommender system not only provide an honest
recommendation but also safeguard the user data [46]. In this scenario, we want to secure
data transit between client-server using the proposed s-box image encryption method. We
use two different ways to encrypt the client data; 1) first convert the user text data into an
image format and then apply proposed encryption technique on the constructed image,
and 2) map the user data in a cover image and then apply the proposed encryption
scheme. Here, we used the Lena image as the cover for data mapping. The text-to-image
conversion concept is taken from the article [4]. The example of client data is presented
in Table 14.
The client-data in Table 14 is first converted into a matrix using their respective ASCII
values and then an image is created as shown in Fig. 5 (a). The resultant image size of the
client-data is 70 × 20. We can clearly see that client data mostly consist of characters and
number and there is a high probability of repetition. This repetition can degrade the encryption
results as presented in Table 15. In the second case, we replace the pixel values of Lena image

Table 9 Linear approximation probability comparison

S-boxes Proposed AES APA Gray Skipjack Xyi [31] [24] [10] [18]

Max LP 0.0625 0.062 0.062 0.062 0.109 0.156 0.0781 0.0625 0.1562 0.1016
Max Value 144 144 144 144 156 168 – 144 – –
 Multimedia Tools and Applications

Table 10 Results for DP

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
0 4 4 4 4 2 2 4 4 4 4 2 4 2 4 4
4 6 4 4 4 2 2 4 2 2 4 4 2 4 4 2
2 4 4 2 4 2 4 4 4 4 4 2 4 2 4 2
4 4 4 2 2 4 4 2 4 4 2 4 4 2 4 2
4 4 4 2 2 2 4 2 4 4 2 4 4 4 2 4
4 4 2 4 4 4 4 4 4 2 4 4 4 4 4 4
2 4 4 4 4 4 4 4 4 4 4 4 2 2 4 4
2 4 4 4 4 4 4 2 4 4 4 4 4 4 2 4
2 4 4 4 4 2 2 4 2 4 2 4 4 4 2 4
4 2 2 4 4 4 2 4 2 4 2 4 4 4 4 2
2 4 4 2 4 4 4 4 2 4 4 4 4 4 2 4
2 4 4 2 6 4 4 4 4 2 2 4 2 2 4 4
4 4 4 4 4 2 4 4 2 2 4 4 4 4 4 4
4 4 2 4 4 2 4 4 4 4 4 2 4 4 4 4
2 2 2 4 4 4 2 4 4 4 4 2 4 4 4 2
4 4 4 4 4 4 4 2 4 4 4 4 2 4 4 4

Table 11 SAC results for proposed s-box

0.453125 0.484375 0.46875 0.515625 0.53125 0.453125 0.5 0.484375

0.484375 0.46875 0.515625 0.53125 0.453125 0.5 0.484375 0.5
0.46875 0.546875 0.46875 0.46875 0.5625 0.484375 0.546875 0.53125
0.53125 0.515625 0.5 0.515625 0.484375 0.53125 0.5 0.546875
0.453125 0.5 0.5 0.546875 0.453125 0.484375 0.453125 0.515625
0.484375 0.515625 0.5625 0.453125 0.5 0.453125 0.515625 0.53125
0.515625 0.546875 0.453125 0.484375 0.453125 0.515625 0.546875 0.453125
0.5625 0.453125 0.484375 0.46875 0.515625 0.53125 0.453125 0.5

with the client-data matrix values. The resultant image is shown in Fig. 5 (c). This image is
then encrypted using proposed method.
In this paper, for simplicity, we only replace the initial pixel values of the cover
image with data-image values as we can clearly see from the Fig. 5 (c). In the future,
for better mapping, we can use the concept of permutation-based mapping, chaotic
based mapping and image steganography strategies [1, 6, 9, 12, 19–23, 51, 52, 54].
Similarly, we can use the most recent text-to image encryption scheme as discussed in
[28] for the recommendation domain.

non-linearity and BIC score

Comparison
max.Non-linearity Score BIC score
112 112 112 112 112 112 112

108.71
107.5
105.29

[1] [5] [7] [36] Proposed

Fig. 2 Comparison of Non-linearity and BIC score

Multimedia Tools and Applications

Comparison of SAC, LP, DP

SAC DP LP
0.5034 0.503662 0.5102 0.5001 0.5

0.132
0.0781 0.0625 0.0625 0.0625
0.0468 0.0468 0.0313
0.015625 0.015625

[1] [5] [7] [36] Proposed

Fig. 3 Comparison of SAC, LP and DP score

(a) Original image (b) Encrypted image

Fig. 4 Lena image vs Lena encrypted image using new S-box (a) Original image (b) Encrypted image

6.1 Statistical analysis of proposed s-box application in the mobile app

recommendation system

In section, we performed different statistical analyses on the resultant encrypted images and
compare our results with existing techniques as shown in Table 15. From our results, we can
infer that the proposed method can be applied in the recommendation system.

6.2 Histogram analysis

We also perform histogram analysis on the resultant images as shown in Figs. 4 and 5. In the
image, the histogram is a graphical representation of pixel distribution by plotting the number

Table 12 Comparison of MLC for proposed S-box

Image [256256] Entropy Correlation Energy Contrast Homogeneity

Plain Image 7.2305 0.9288 0.1577 0.2154 0.9048

Proposed 7.3028 0.1362 0.0184 8.3202 0.4812
AES 7.2531 0.0554 0.202 7.5509 0.466
APA 7.2264 0.1473 0.0183 8.119 0.4676
Gray 7.2301 0.0586 0.0203 7.5283 0.4623
Skipjack 7.2214 0.1025 0.0193 7.7058 0.4689
Xyi 7.2207 0.0417 0.0196 8.3108 0.4533
[24] 7.2415 0.0785 0.0223 7.4568 0.4731
 Multimedia Tools and Applications

Table 13 Privacy risks related to each phase of a mobile recommendation system

Phases of MRS Privacy risks

Technology risks Policy risks

Data collection Hacker attack on data transmission Unconscious data provision

Data storage
Recommendation learning
Recommendation display
Hacker attacks
Internal attacks on plaintext storage
Learning strategies (CBS, CF) analysis
Machine learning
Hacker attacks on display
Unauthorized data collection
Data sharing
Multi-cooperation
Internal disclosure
Inference of sensitive information
Sensitive information disclosure
Inference of recommendation outcome
Improper display

Table 14 Example of client data

User_Id: 03007777777

User_app_list App-usage-Frequency User-friends Call- frequency SMS-frequency Recommendation

Whatsapp 12 3,001,000,000 23 34 Uber

Youtube 43 30,034,000,000 32 44 Alfahla Mobile
Gmail 34 3,001,550,000 45 32 Video editor
Google 23 30,010,004,400 23 12
HBL Mobile 3 3,001,000,055 12 0
Video 34 3,001,006,600 4 12
S Planner 5 3,001,000,333 21 45
Email 45 30,451,000,000 10 4
Phone 68 3,211,000,000 6 1
Gallery 32 3,021,000,000 14 66

(a) Text-to-image (Original) (b) Cover-image(Original) (c) Text data mapping (Original)

(d) Text-to-image (encrypted) (e) Text data mapping (encrypted)

Fig. 5 Scenario Images (a) Text-to-image (Original) (b) Cover-image(Original) (c) Text data mapping (Original)
(d) Text-to-image (encrypted) (e) Text data mapping (encrypted)
Multimedia Tools and Applications

Table 15 Comparison of proposed s-box based image encryption results in a recommendation scenario

Image Entropy Correlation Energy Contrast Homogeneity

Plain Image of Lena [256× 256] 7.2305 0.9288 0.1577 0.2154 0.9048
Proposed results for Lena image [256× 256] 7.3028 0.1362 0.0184 8.3202 0.4812
Plain Image of text-to-image [70× 20] 1.540 0.7585 0.7078 0.5519 0.9605
Proposed results for text-to-image [70 × 20] 1.541 0.2978 0.6907 1.451 0.9018
Plain Image of data mapping in cover image [256× 7.262 0.9039 0.1474 0.3436 0.8865
256]
Proposed results for data mapping in cover Lena 7.352 0.1798 0.0197 8.8794 0.4916
image [256 × 256]
AES 7.2531 0.0554 0.202 7.5509 0.466
APA 7.2264 0.1473 0.0183 8.119 0.4676
Gray 7.2301 0.0586 0.0203 7.5283 0.4623
Skipjack 7.2214 0.1025 0.0193 7.7058 0.4689
Xyi 7.2207 0.0417 0.0196 8.3108 0.4533
[24] 7.2415 0.0785 0.0223 7.4568 0.4731

of pixels at each intensity level. Figure 6 (a), (b), (c) shows the histogram of Lena image, text-
to-image and text data mapping respectively whereas Fig. 6 (d), (e) and (f) represent histo-
grams of their respective encrypted images.
In literature, it has been established that the histogram of the original and the
encrypted image should be significantly different so that attackers could not extract the
original image from the encrypted one as discussed in [24]. From Fig. 6, we can clearly
see the difference between the histograms of original images and their respective
encrypted images.

(a) Original Lena image (b) Original Text-to- (c) Original Text data
image mapping image

(d) Encrypted Lena image (e) Encrypted Text-to- (f) Encrypted Text data
image mapping image
Fig. 6 Histogram analysis Original Lena image Original Text-to-image Original Text data mapping image
Encrypted Lena image Encrypted Text-to-image Encrypted Text data mapping image
 Multimedia Tools and Applications

7 Conclusion

In this paper, we proposed a scheme to select the optimized values for control parameters of
linear fractional transform (LFT) to achieve an S-box with non-linearity of 112. Our proposed
s-box is then tested on different criteria such as SAC, BIC, LP, DP, and non-linearity. We
compare the score of each criterion with other existing schemes and our results proved that
proposed method can perform better or equal to these schemes. For practical implementation,
we tested our proposed s-box based image encryption in mobile app recommendation scenario.
The statistical analysis and histogram analysis proved that proposed method has a bright
perspective in this domain.

Compliance with ethical standards

Conflict of interest Mentioned authors have no conflict of interest in this article.

Ethical approval This article does not contain any studies with human participants or animals performed by
any of the authors.

References

1. Abd-El-Atty B, El-Latif AAA, Venegas-Andraca SE (2019) An encryption protocol for NEQR images
based on one-particle quantum walks on a circle. Quantum Inf Process 18(9):272
2. Abdullah S, Amin NU (2015) Analysis of S-box image encryption based on generalized fuzzy soft expert
set. Nonlinear Dyn 79:1679–1692
3. Aboytes-González JA, Murguía JS, Mejía-Carlos M, González-Aguilar H, Ramírez-Torres MT (2018)
Design of a strong S-box based on a matrix approach. Nonlinear Dyn 94:2003–2012
4. Ahmad A, Mohammad T, Almimi HM (2014) Distributed text-to-image encryption algorithm. Int J Comput
Appl 106:1
5. Al Solami E, Ahmad M, Volos C, Doja M, Beg M (2018) A new hyper chaotic system-based design for
efficient bijective substitution-boxes. Entropy 20(7):525
6. Amin M, El-Latif AAA (2010) Efficient modified RC5 based on chaos adapted to image encryption. J
Electron Imaging 19(1):013012
7. Belazi A, El-Latif AAA (2017) A simple yet efficient S-box method based on chaotic sine map. Optik 130:
1438–1444
8. Belazi A, El-Latif AAA, Rhouma R, Belghith S (2015) Selective image encryption scheme based on DWT,
AES S-box and chaotic permutation. In: international wireless communications and Mobile computing
conference (IWCMC) IEEE. pp. 606–610
9. Belazi A, El-Latif AAA, Belghith S (2016) A novel image encryption scheme based on substitution-
permutation network and chaos. Signal Process 128:155–170
10. Belazi A, Khan M, El-Latif AAA, Belghith S (2017) Efficient cryptosystem approaches: S-boxes and
permutation–substitution-based encryption. Nonlinear Dyn 87(1):337–361
11. Belazi A, El-Latif AAA, Diaconu AV, Rhouma R, Belghith S (2017) Chaos-based partial image encryption
scheme based on linear fractional and lifting wavelet transforms. Opt Lasers Eng 88:37–50
12. Benrhouma O, Hermassi H, El-Latif AAA, Belghith S (2015) Cryptanalysis of a video encryption method
based on mixing and permutation operations in the DCT domain. SIViP 9(6):1281–1286
13. Bibi N, Farwa S, Muhammad N, Jahngir A, Usman M (2018) A novel encryption scheme for high-contrast
image data in the Fresnelet domain. PLoS One 13
14. Biham E, Shamir A (1991) Differential cryptanalysis of DES-like cryptosystems. J Cryptol 4:3–72
15. Çavuşoğlu Ü, Zengin A, Pehlivan I, Kaçar S (2017) A novel approach for strong S-box generation
algorithm design based on chaotic scaled Zhongtang system. Nonlinear Dyn 87:1081–1094
16. Cui L, Cao Y (2007) A new S-box structure named affine-power-affine. Int J Innov Comput Inf Control 3:
751–759
17. Daemen J, Rijmen V (2002) The Design of Rijndael. Springer, Berlin Heidelberg. https://doi.org/10.1007
/978-3-662-04722-4
Multimedia Tools and Applications

18. EL-Latif AAA, Abd-El-Atty B, Venegas-Andraca SE (2019) A novel image steganography technique based
on quantum substitution boxes. Opt Laser Technol 116:92–102
19. El-Latif AAA, Yan X, Li L, Wang N, Peng JL, Niu X (2013) A new meaningful secret sharing scheme
based on random grids, error diffusion and chaotic encryption. Opt Laser Technol 54:389–400
20. El-Latif AAA, Wang N, Peng JL, Li Q, Niu X (2013) A new encryption scheme for color images based on
quantum chaotic system in transform domain. In: 5th International Conference on Digital Image Processing
(ICDIP 2013). Int Soc Opt Photon 8878:88781S
21. El-Latif AAA, Li L, Wang N, Han Q, Niu X (2013) A new approach to chaotic image encryption based on
quantum chaotic system, exploiting color spaces. Signal Process 93(11):2986–3000
22. El-Latif AAA, Li L, Niu X (2014) A new image encryption scheme based on cyclic elliptic curve and
chaotic system. Multimed Tools Appl 70(3):1559–1584
23. El-Latif AAA, Abd-El-Atty B, Talha M (2017) Robust encryption of quantum medical images. IEEE
Access 6:1073–1081
24. Farwa S, Shah T, Idrees L (2016) A highly nonlinear S-box based on a fractional linear transformation.
Springerplus 5:1658
25. Hussain I, Shah T, Gondal MA, Mahmood H (2012) Generalized Majority Logic Criterion to Analyze the
Statistical Strength of S-Boxes. Z Naturforsch A 67
26. Hussain I, Shah T, Mahmood H, Gondal MA (2013) A projective general linear group based algorithm for
the construction of substitution box for block ciphers. Neural Comput Appl 22:1085–1093
27. Hussain I, Anees A, AlKhaldi AH, Algarni A, Aslam M (2018) Construction of chaotic quantum magnets
and matrix Lorenz systems S-boxes and their applications. Chin J Phys 56:1609–1621
28. Jhajharia S (2016) Using cell division for text to image encryption. In: 10th IEEE international conference on
intelligent systems and control (ISCO), IEEE. pp. 1–7
29. Khan M, Asghar Z (2018) A novel construction of substitution box for image encryption applications with
Gingerbreadman chaotic map and S8 permutation. Neural Comput Appl 29:993–999
30. Khan MA, Ali A, Jeoti V, Manzoor S (2018) A Chaos-based substitution box (S-box) design with improved
differential approximation probability (DP). Iran J Sci Technol Trans Electr Eng 42:219–238
31. Khan MF, Ahmed A, Saleem K (2019). A novel cryptographic substitution box design using Gaussian
distribution. IEEE Access
32. Kim J, Phan RC-W (2009) Advanced differential-style cryptanalysis of the NSA’s skipjack block cipher.
Cryptologia 33:246–270
33. Lam S, Frankowski D, Riedl J (2006) Do you trust your recommendations? An exploration of security and
privacy issues in recommender systems. Emerg Trends Inf Commun Secur 2006:14–29
34. Lambić D (2014) A novel method of S-box design based on chaotic map and composition method. Chaos,
Solitons Fractals 58:16–21
35. Lambić D (2017) A novel method of S-box design based on discrete chaotic map. Nonlinear Dyn 87(4):
2407–2413
36. Liu H, Kadir A, Niu Y (2014) Chaos-based color image block encryption scheme using S-box. AEU-Int J
Electron Commun 68(7):676–686
37. Liu G, Yang W, Liu W, Dai Y (2015) Designing S-boxes based on 3-D four-wing autonomous chaotic
system. Nonlinear Dyn 82(4):1867–1877
38. Matsui M (1993) Linear cryptanalysis method for DES cipher. In: Adv. Cryptol. — EUROCRYPT ‘93.
Springer, Berlin Heidelberg, pp 386–397
39. Özkaynak F, Çelik V, Özer AB (2017) A new S-box construction method based on the fractional-order
chaotic Chen system. Sig Image Video Process 11:659–664
40. Peng J, El-Latif AAA, Belazi A, Kotulski Z (2017) Efficient chaotic nonlinear component for secure
cryptosystems. In: 9th International Conference on Ubiquitous and Future Networks (ICUFN), IEEE. pp.
989–993
41. Picek S, Batina L, Jakobović D, Ege B, Golub M (2014) S-box, SET, match: A toolbox for S-box analysis.
pp. 140–149
42. Tran MT, Bui DK, Duong AD (2008) Gray S-box for advanced encryption standard. Int. Conf. Comput.
Intell. Secur., IEEE. pp. 253–258
43. ul Islam F, Liu G (2017) Designing s-box based on 4D-4wing hyperchaotic system. 3D Res. 8:9.
44. Ullah A, Jamal SS, Shah T (2018) A novel scheme for image encryption using substitution box and chaotic
system. Nonlinear Dyn 91:359–370
45. Wang Y, Xie Q, Wu Y, Du B (2009) A software for S-box performance analysis and test. Int. Conf. Electron.
Commer. Bus. Intell., IEEE. pp. 125–128
46. Wang C, Zheng Y, Jiang J, Ren K (2018) Toward privacy-preserving personalized recommendation
services. Engineering
47. Webster AF, Tavares SE (1985) On the design of S-boxes. In: Adv. Cryptol. — CRYPTO ‘85 Proc.
Springer, Berlin Heidelberg, pp 523–534
 Multimedia Tools and Applications

48. Xu K, Yan Z (2016) Privacy protection in mobile recommender systems: a survey. In: Wang G, Ray I,
Alcaraz Calero J, Thampi S (eds) Security, Privacy, and Anonymity in Computation, Communication, and
Storage. SpaCCS 2016. Lecture notes in computer science, vol 10066. Springer, Cham, pp 305–318
49. Ye T, Zhimao L (2018) Chaotic S-box: six-dimensional fractional Lorenz–Duffing chaotic system and O-
shaped path scrambling. Nonlinear Dyn 94:2115–2126
50. Yi X, Cheng SX, You XH, Lam KY (1997) A method for obtaining cryptographically strong 8×8 S-boxes.
In: GLOBECOM 97. IEEE Glob. Telecommun. Conf. Conf. Rec., IEEE. pp 689–693
51. Zaghloul A, Zhang T, Amin M, El-Latif AAA (2014l) Color encryption scheme based on adapted quantum
logistic map. In 6th International Conference on Digital Image Processing (ICDIP 2014). Int Soc Opt Photon
9159:915922
52. Zhang TJ, El-Latif AAA, Amin M, Zaghloul A (2014) Diffusion-substitution mechanism for color image
encryption based on multiple chaotic systems. Adv Mater Res Trans Tech Publ 981:327–330
53. Zhang X, Zhao Z, Wang J (2014) Chaotic image encryption based on circular substitution box and key
stream buffer. Signal Process Image Commun 29(8):902–913
54. Zhang T, El-Fatyany A, Li L, Amin M, El-Latif AAA (2015) Secret sharing-based chaotic image
encryption. Int J Secur Appl 9(7):217–224

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.