Efficient S-box construction based on quantum-inspired quantum walks with PSO algorithm and its application to image cryptosystem

Optimization algorithms play an essential role in constructing S-boxes to gain secure S-boxes with good nonlinearity [8, 9]. However, the role of optimization algorithms is to select a well-constructed S-box based on its performance analyses, not to utilize optimization algorithms in designing S-box mechanisms. Correspondingly, optimization algorithms play an essential role in developing image cryptosystems to gain secure cipher images with good cryptographic properties [10, 11]. However, the role of optimization algorithms is to select a well-constructed cipher image based on its performance analyses, not to utilize optimization algorithms in designing image cryptosystems. Optimization algorithms include particle swarm optimization (PSO) [12], artificial bee colony [13], ant colony optimization [14], and others, with the PSO algorithm having a low computational time, being simple to execute due to it does not need a large number of parameters, and having a high confluence rate. PSO focuses on a small number of random particles and uses recurrence to find an effective solution. Therefore, Luo et al. [15] utilized the benefits of the PSO algorithm and customized it to perform as a chaotic system for designing a novel image cryptosystem with good performance.

The physical implementation of quantum computers does not have sufficient capability for hacking any traditional cryptosystem yet, but amidst the growth of quantum resources, sufficient capability may be available in the near future and most digital cryptosystems may be breached because their design is based on mathematical models [16]. Therefore, some researchers are concerned with developing quantum algorithms for securing data in the quantum era [17]. However, most digital data have a long lifetime, like military, medical, personal, etc. Consequently, confidential data must be secured before powerful quantum computers are available for hacking these data. Based on the issues raised, we need to develop new cryptosystems with structures based on quantum-inspired models that can withstand possible assaults from both classical and quantum devices, and their structures are based on optimization techniques to provide extra security. Among quantum paradigms, there is a quantum walk (QW), which is a quantum computing model used in the development of quantum mechanisms and may be used as a quantum-inspired model for constructing current cryptosystems that can be run on both digital and quantum platforms.

From the stated issues above, we present a new S-box whose design is based on quantum-inspired QW, Hénon map, and a customized PSO algorithm. In the suggested S-box approach, QW is utilized as a quantum-inspired model to be performed on digital resources, and the PSO algorithm is customized to be utilized in designing the proposed mechanism. Performance analysis of the presented S-box proves its effectiveness and its reliability in designing various cryptosystems. Based on the efficiency of the presented S-box, a new image cryptosystem is suggested. In the suggested image cryptosystem, the probability vector generated from operating quantum-inspired QW and the generated sequences from Hénon map are utilized to operate the customized PSO algorithm for generating two sequences (X and Y), in which X and Y sequences are utilized for constructing different two permutation boxes to shuffle columns and rows of the pristine image. Then, the X sequence is utilized for constructing an \(8\times 8\) S-box to substitute the pixels of the permutated image, while the Y sequence is utilized for generating a pseudo-random sequence to construct the cipher image from the substituted image. Experimental results of the suggested image cryptosystem prove its efficiency and security against various attacks.

The summary of the key contributions of this study is listed below:

The remnant of this study is scheduled as given: the recent works related to the presented study are discussed in the next section, while the preliminaries for QW, Hénon map, and the customized PSO algorithm are given in “Preliminaries”. The suggested S-box approach and its performance are delivered in “Proposed S-box algorithm and its analyses”, while the proposed image cryptosystem and its performance analyses are provided in “Proposed encryption algorithm” and “Experimental outcomes and analyses”.

There are two main elements for QW: coin particle \(H_{c} =\cos \theta |0\rangle +\sin \theta |1\rangle \) and walker space \(H_{s}\) [36]. In every step t of acting QW on a cycle of V-node governed by a binary message S, a unitary revolution \({\hat{R}}_{1}\) (or \({\hat{R}}_{0}\)) is applied on the whole quantum system if the \({t}\text {th}\)-bit of S is 1 (or 0), otherwise \({\hat{R}}_{2}\) is applied. The mathematical expression of \({\hat{R}}_{1}\) is as in Eq. (1),where \({\hat{H}}\) is the shift operator of running QW on a cycle of V-node and can be represented as follows:and the coin operator \({\hat{O}}_{1}\) can be expressed as follows:where \(\sigma _{1} \in \left[ 0,\pi /2\right] \). Similar \({\hat{R}}_{1}\), \({\hat{R}}_{0}\) and \({\hat{R}}_{2}\) can be formed. After operating QW t steps, the probability of finding the particle at vertex j can be stated as in Eq. (4):where \(c\in \left\{ 0,1,2\right\} \) and \(|\varphi {\rangle }_{{0}} \) is the original quantum state of QW.

Chaotic systems have been commonly utilized as a primary tool for constructing S-boxes and image cryptosystems because of their chaotic behavior, ease of implementation, and sensitivity to control parameters and primary conditions. Hénon map is a two-dimensional chaotic map and is expressed in Eq. (5):where \({p}_{0}\), \({q}_{0}\) are the primary conditions and \(a=1.4,\) \(b=0.3\) are the control parameters of Hénon map. For more information about the chaotic Hénon map, go to Ref. [17].

Optimization algorithms play an essential role in constructing S-boxes to gain secure S-boxes with good nonlinearity. However, the role of optimization algorithms is to select a well-constructed S-box based on its performance analyses, not to utilize optimization algorithms in designing S-box mechanisms. Among optimization algorithms, there is the PSO algorithm, which has a low computational time, being simple to execute due to it does not need a large number of parameters, and having a high confluence rate. PSO focuses on a small number of random particles and uses recurrence to find an effective solution. In PSO, each particle represents an individual solution. Each particle k possesses an initial state, pbest \((z_k),\) gbest \((w_k),\) and two primary parts: velocity \((x_k)\) and position \((y_k),\) which are used to run the PSO algorithm. To update each particle’s location and velocity, Eq. (6) can be utilized [37]:where i denotes the iteration number, k is the particle number, the particle’s dimensions are j, \(\alpha \) indicates the inertia coefficient, d1 is the subjective parameter, d2 is the collective parameter, and \(u_{j},v_{j} \in \left( 0,1\right) \) are random numbers.

To adapt the PSO algorithm to be employed in the designing process of the suggested S-box algorithm, we customized it as reported in [15]. The mathematical representation of the customized PSO algorithm is provided as follows:where sequence \(\{U\}\) is generated from running QW, and sequences \(\{V\}\), \(\{Z\}\), and \(\{W\}\) are generated from iterating Hénon map.

The suggested S-box algorithm is based on quantum-inspired QW, Hénon map, and the customized PSO algorithm, in which QW is utilized as a quantum-inspired model to be performed on digital resources, and the PSO algorithm is customized to be utilized in designing the proposed mechanism. The detailed steps of the suggested S-box algorithm are itemized in the following points.

To verify the efficiency of the offered S-box algorithm, several analyses performed for the constructed \(8\times 8\) S-box. The most crucial requirements for a robust S-box have been laid forth in [38]. Among these requirements, Bijectivity, NL (“nonlinearity”), SAC (“strict avalanche criterion”), BIC (“bit independence”), LP (“linear approximation probability”), and DP (“differential probability”). The key parameters that utilized for constructing the S-box stated in Table 1 are set as: S = [0100 0100 1011 1101 0101 0101 0110 1001 1010 0110 0101], \(V=265, t= 270, \theta =0,\) \({\sigma }_{0}= \pi /3,\) \({\sigma }_{1}= \pi /4,\) \({\sigma }_{2}= \pi /6,\) \({p}_{0}=0.6495,\) \({q}_{0}=0.5073,\) \(a=1.4,\) \(b=0.3,\) \(\alpha =0.1,\) \(d1=0.5,\) \(d2=0.5,\) \({x}_{0}=0.5,\) and \({y}_{0}=1.\)

The proposed S-box approach was evaluated in terms of NL, SAC, BIC, LP, and DP in which Table 11 displays the values of these terms for our S-box with other related S-boxes reported in [6‐8, 23‐26, 29, 30, 34, 39]. The S-boxes reported in [6, 7, 23‐26] are based on chaotic systems, while the S-boxes reported in [8, 29, 30, 39] are based on optimization algorithms to select a well-constructed S-box based on its performance analyses, not to utilize optimization algorithms in developing S-box mechanisms. The S-box reported in [34] is based on quantum-inspired QW, while the proposed S-box mechanism is based on quantum-inspired QW that can withstand possible assaults from both classical and quantum devices, and its structure is based on the customized PSO to provide extra security.

From the stated evaluations above, we can deduce that:

To check the efficacy of the suggested encryption scheme in terms of computational cost, we examine it from two viewpoints: computational complexity and encryption time.

The presented encryption approach primarily includes three phases: key generation, confusion, and diffusion. The utilized key streams are generated using Hénon map, QW, and the customized PSO. Hénon map iterates RC times, where RC is the dimensions of the original image, therefore the complexity of operating Hénon map is thus \({\mathcal {O}}(RC)\); and the complexity of acting QW on a cycle of V-vertex is \({\mathcal {O}}(V^2)\), while the complexity of operating the customized PSO (7) is \({\mathcal {O}}(RC)\). The confusion strategy is based on two permutation boxes, one for acting rows and the other for acting columns which both are based on sorting the elements and locating the index of per element, with an \({\mathcal {O}}(\max (R \log R, C \log C))\) computational complexity. The diffusion strategy is based on constructing an S-box with an \({\mathcal {O}}(256 \log 256)\) computational complexity, and the bitwise XOR operation with an \({\mathcal {O}}(RC)\). According to the reported computational complexity for each component of the suggested encryption approach, the whole computational complexity of the encryption approach is \({\mathcal {O}}(\max (RC, V^2))\).

Encryption time is known as the time taken to cipher one image. Table 12 provided a quick comparison of the recommended scheme’s encryption time in megabytes/second to that of other relevant techniques as reported in [7, 10, 15, 18, 20, 23, 24, 29, 41]. Based on the data displayed in Table 12, the presented encryption technique has an admissible time complexity and broad applicability.

Note that the constructed S-box using our methodology is generated once, not several times as in other S-box mechanisms that are based on optimization algorithms. Also, the cipher image is constructed once, not several times as in other image cryptosystems that are based on optimization algorithms. Therefore, our methodology has better performance and usability than other related methodologies that are based on optimization algorithms.

The correlation coefficient (Crf) of adjoining pixels is utilized to appreciate the meaning of an image, in which pristine images have strong Crf values close to 1 and good cipher images have Crf values close to 0. To calculate the Crf values for our experimented dataset and its related cipher images, we randomly selected \({10}^{4}\) pairs of adjacent pixels. Crf can be stated mathematically as followswhere M represents the number of adjacent pixel pairs \({x}_{j}\) and \({y}_{j}\). Table 13 states the Crf values for the investigated dataset, in which the Crf values for cipher images are very near to 0. To support Table 13 visually, Figs. 3, 4, and 5 plot the correlation distribution for Peppers image before and after the encryption procedure. From the stated outcomes in this subsection, we can extrapolate that the proposed cryptosystem is secure against correlation analysis.

Differential analysis is utilized to appreciate the number of differences between two encrypted images for one plain image with slight modifications in one bit. There are two measures that are utilized in differential analyses: NPCR (“Number of Pixel Change Rate”) and UACI (“Unified Average Changing Intensity”), which are stated as given belowwhere M signifies the complete number of pixels in the image and R1,  R2 represent two encrypted images for one plain image with slight modifications in one bit. The results of NPCR and UACI are given in Table 14, in which NPCR values for all cipher images exceed 99.60% and UACI values are around 33.46%. Therefore, the suggested encryption algorithm has high pristine image sensitivity.

Key sensitivity analysis is utilized to appreciate the decryption effects of cipher images with slight modifications in initial key parameters. Figure 6 displays the visual effects of deciphering the Ciph-Peppers image with slight modifications in initial key parameters, from which we can deduce that the presented encryption technique has high key sensitivity.

A histogram is used to appreciate the distribution of pixel values in an image. Cipher images generated by a well-developed cryptosystem should have indistinguishable histograms for different encrypted images. Figure 7 shows the histograms of the experimented dataset and its resulting encrypted images, in which the plots for the encrypted images are semi-similar to each other. To verify that the constructed cipher images have a regular distribution of histograms, we utilized a numerical test like the Chi-square \((\chi ^{2})\) test whose mathematical expression is given belowwhere \(r_{i}\) is the frequency of the pixel value i, and s represents the dimension of the image. If the \(\chi ^{2}\) value does not exceed the threshold value \(\chi _{0.05}^{2} (255)=293.3\), then its histogram is regular, else the image has a non-uniform histogram. The outcomes of \(\chi ^{2}\) are given in Table 15, in which the \(\chi ^{2}\) values for all encrypted images are less than 293.3. Therefore, the suggested image cryptosystem can withstand histogram analysis attacks.

Image entropy test is used to appreciate the distribution of bit levels in an image. Cipher images constructed by a well-developed image encryption should have an entropy value very close to 8. The mathematical expression for entropy is given in Eq. (25)where \(r(a_{i})\) represents the probability of \(a_{i}\). Table 16 states the results of the entropy test, in which cipher images have entropy values very approximately 8-bit. Hence, the suggested encryption approach can resist entropy attacks.

To appreciate the suggested encryption scheme against occlusion attacks, we made cuts out of some parts of the encrypted image and then tried to decipher it. Figure 8 shows the outcomes of occlusion attacks, in which the deciphered image is recovered perfectly without lack of any visual information in the cutout part.

Generally, the cryptanalyst is familiar with the design and the operation of the under-consideration cryptosystem, aware of virtually everything about the encryption algorithm except the key parameters. A well-developed encryption algorithm must be has the ability to resist common attacks such as known-plaintext, ciphertext-only, chosen-ciphertext, and chosen-plaintext attacks. A cryptoanalyst in ciphertext-only attacks has only the ciphertext he has trapped, but in known-plaintext attacks, the cryptoanalyst has pairs of plaintext–ciphertext and tries to breach the secret key. In chosen-plaintext attacks, the cryptoanalyst has the ciphertext for a selected plaintext by himself, whereas in chosen-ciphertext attacks, the cryptoanalyst has the plaintext for a chosen ciphertext. The chosen-plaintext attack is the most powerful known assault, in which the cryptoanalyst earns transitory access to the cryptosystem and constructs ciphertext associated with a picked plaintext, attempting to breach the secret key or devising a strategy to decipher the ciphertext even access to the secret key. If an encryption approach can endure the chosen-plaintext attack, it can also endure other types of assaults. Due to the fact that the used keystream in the encryption procedure for our cryptosystem is based on the pristine image, the cryptoanalyst for the suggested encryption algorithm cannot get any information about the original key parameters by examining the ciphertext. In another manner, for each pristine image, a one-time keystream is generated, while the original key parameters remain unmodified. Because the totally paralyzed responsibilities of permutation and substitution procedures, cryptoanalysts prefer to nominate full-back and full-white images in chosen-plaintext assaults. The cipher images for FullBlack and FullWhite images, as well as their related histograms, are shown in Fig. 9, where no visual information can be acquired, and some statistical analyses for those images are stated in Table 17. As a consequence, the presented cryptosystem can withstand classical attacks.

The presented encryption approach was evaluated from two viewpoints to prove its effectiveness: performance and withstanding cryptanalysis attacks. Regarding performance, the final cipher image is constructed once, not several times as in other image cryptosystems that are based on optimization algorithms; and based on the data displayed in Table 12, the presented encryption technique has an admissible time complexity and broad applicability. Therefore, our methodology has better performance and usability than other related methodologies that are based on optimization algorithms.

Regarding cryptanalysis attacks, we performed several analyses to evaluate the presented encryption approach for withstanding differential, statistical, occlusion, brute-force, and classical types of attacks. Table 13 states the correlation coefficients for the analyzed dataset, in which its values for cipher images are very near to 0. To support Table 13 visually, Figs. 3, 4, and 5 plot the correlation distribution for Peppers image before and after the encryption procedure. Cipher images constructed by a well-designed cryptosystem should have indistinguishable histograms for different cipher images. Figure 7 displays the histograms of the investigated dataset and its resulting encrypted images, in which the plots for the encrypted images are semi-similar to each other. To verify that the constructed cipher images have a regular distribution of histograms, \(\chi ^{2}\)-test is utilized. The results of \(\chi ^{2}\) are provided in Table 15, in which the \(\chi ^{2}\) values for all cipher images are \(< 293.3.\) Cipher images constructed by a well-developed cryptosystem should have an entropy value very close to 8. Table 16 states the results of the entropy test, in which cipher images have entropy values of very approximately 8 bits. From the results of correlation, histogram, and entropy analyses, we can extrapolate that the proposed cryptosystem is secure against statistical analysis. Differential analysis is utilized to appreciate the number of differences between two encrypted images for one plain image with slight modifications in one bit. There are two measures that are utilized in differential analyses: NPCR and UACI. The results of NPCR and UACI are given in Table 14, in which NPCR values for all cipher images are \(> 99.60\%\) and UACI values are around 33.46%. Therefore, the suggested encryption algorithm has high pristine image sensitivity. Figure 6. displays the visual effects of deciphering the Ciph-Peppers image with slight modifications in initial key parameters, from which we can deduce that the presented encryption technique has high key sensitivity. To appreciate the suggested encryption scheme against occlusion attacks, we made cuts out of some parts of the cipher image and then tried to decipher it. Figure 8 shows the results of occlusion attacks, in which the ciphered image is restored perfectly without lack of any visual information in the cutout part. If an encryption approach can resist the chosen-plaintext attack, it can also resist other types of assaults. Due to the fact that the used keystream in the encryption procedure for our cryptosystem is based on the pristine image, the cryptoanalyst for the suggested encryption algorithm cannot gain any information about the original key parameters by examining the ciphertext. The ciphered images for FullBlack and FullWhite images, as well as their related histograms, are shown in Fig. 9, where no visual information can be acquired, and some statistical analyses for those images are stated in Table 17. As a consequence, the proposed cryptosystem can resist classical attacks. To verify the effectiveness of the offered encryption scheme alongside other corresponding ones, Table 18 stated the average values of UACI, NPCR, Chi-square, entropy, and correlation coefficients for the suggested scheme and their values in other corresponding ones. From the given values in Table 18, we deduce that the suggested encryption algorithm is effective and has high security.