A medical image encryption scheme based on Mobius transformation and Galois field

Data security and privacy are considered to be the biggest problems faced by service providers who have worked with public data for a long time. A key element of modern encryption that is utilized to increase textual confusion is the Substitution box (S-box) and the algebraic strength of the S-box has a significant impact on how secure the encryption method is. In this article, we present a unique method that uses a linear fractional transformation on a finite field to produce cryptographically robust S-boxes. Firstly, we choose a specific irreducible polynomial of degree 8 in Z2[x] to construct GF(28). Later, we used the action of PGL(2,GF(28)) on GF(28) to generate a robust S-box. The effectiveness of the built-in S-box was evaluated using several criteria including non-linearity, differential uniformity, strict avalanche criteria, linear approximation probability, and bit independence criterion. The proposed S-box's characteristics are compared to those of most recent S-boxes to confirm the higher performance. Additionally, the S box was used to encrypt images to show its usefulness for multimedia security applications. We performed several tests, including contrast, correlation, homogeneity, entropy, and energy, to evaluate the success of the encryption technique. The proposed method for ciphering an image is very effective, as proven by its comparison with several S boxes.


Introduction
The use of medical imaging to identify a variety of ailments has become widespread thanks to the quick advancements in medical device technology.Protecting medical images has become an increasingly important issue in recent years due to their transfer over multiple networks.Medical images require secure transfer with confidentiality, integrity, and authentication to protect patient data privacy.Additionally, if these images are susceptible to even the slightest modification, it could lead to an incorrect identification that endangers the lives of the patients.Some medical image-securing schemes are presented in [1][2][3][4][5][6][7].One specific area of cryptography is symmetric cryptography which involves the use of stream and block ciphers.Some of the known block ciphers are Data Encryption Standard (DES) [8], International Data Encryption Algorithm (IDEA) [9], and Advanced Encryption Standard (AES) [10].C.E. Shannon introduced the concept of block ciphers in 1949 [11].In 1975, DES was introduced by IBM and subsequently adopted by the government of the USA for implementation in various sectors.However, in 1998 a group of university students decrypted the DES, causing the US government to seek proposals for a stronger encryption standard.The National Institute of Standards and Technology (NIST) accepted Rijndeal (AES) as the encryption standard and since then it has been used worldwide.AES uses keys with sizes of 128 bits, 192 bits, and 256 bits with 10, 12, and 14 rounds respectively.A round of AES has four steps: substitution byte, shift row, mix column, and add round key while the last round does not have Mix Column step.Due to the substitution box being the sole nonlinear part of AES, the block cipher's strength is largely determined by the strength of the associated substitution box.Thus, developing a sturdy S-box is a viable field of research.High non-linearity, resistance to linear and differential cryptanalysis, confusion, diffusion, bijectivity, algebraic complexity, and the lack of fixed points are all characteristics of a well-secured S-box.To construct efficient S-boxes, various techniques are utilized, including algebraic structures such as Galois fields, Galois rings, projective general and special linear groups, elliptic curves, coset diagrams, and Cayley graphs.It is intended to use an APA S-box which increases algebraic complexity by possessing the predicted accessible encryption features.A strong S-box was created by using the action of the Symmetric group of degree 8 on the original S-box of AES which is known as  8 AES S-box.By performing several transformations on the AES S-box that were based on binary gray codes, the Gray S-box was constructed.The AES S-box,  8 AES S-box, APA S-box, and Gray S-box are very strong S-boxes and are widely used in securing data transmission, [12][13][14][15][16][17].
In addition to all of these, a variety of methods based on algebraic theory and chaotic theory were used to create substitution boxes.Several strong S-boxes have been proposed in the literature using various algebraic structures such as finite fields, rings, cyclic groups, symmetric groups, elliptic curves, and chain rings ( , [47,49]).As there are 30 irreducible polynomials of degree 8 over the field we can construct 30 fields of order 256.Although all of these fields are isomorphic, the strength of the substitution box might vary depending on the irreducible polynomials used and the boolean function selected.Almost all of the researchers used only specific irreducible polynomials () =  8 +  4  Six sections make up the remaining portion of the study.We covered a few fundamental concepts of the Galois field in Section 2.
The algorithm for the construction of the S-box is found in Section 3.Many tests conducted on the recommended S-box and their comparison with other well-known S-boxes are covered in Section 4. In Section 5 we used the suggested S-box for image encryption and compared the results of the Majority Logic criterion with well-known S boxes.Finally, Section 6 concludes the study.

Galois field
A non-empty set  under two binary operation namely addition and multiplication is a ring if it is an abelian group under addition, semi-group with respect to multiplication and left, right distributive laws of multiplication over addition hold in .Similar to the concept of normal subgroups in a group, an ideal in a ring is a subset  that satisfies two conditions: it is an additive subgroup of the ring and it is closed under left and right multiplication by elements of the ring.If the commutative law of multiplication holds in  then an ideal  of  is called maximal if  ≠  and there is no other proper ideal of  containing .A commutative ring  with unity which has no zero divisors is called an integral domain.Since ℤ 2 is a field, ℤ 2 [] is an integral domain.Note that the polynomial () =  8 +  7 +  6   We can represent the elements of ℤ 256 in base 2 as follows In order to destroy the structure of  (2 8 ), we use the canonical bijection ℤ 256

2↔𝑣
↔  (256) Using this bijection we can express all the polynomials of  (2 8 ) in the corresponding elements of ℤ 256 as well as in the power of  (see Table 1).
It follows that for a fixed element  = Table 2 shows the working of algorithm, while Table 3 shows the outputs of  arranged as a 16 × 16 matrix.

Algebraic analysis of the proposed S-box
To determine the suggested S-box's resistance to cryptographic assaults, security evaluations were conducted on it.The results are discussed in this section.The S-box was put through five different tests, including assessments for non-linearity, strict avalanche criteria (SAC), bit independence criteria (BIC), probability of linear approximation (LP), and probability of differential approximation (DP).The results of these evaluations were next contrasted with those of frequently employed S-boxes (Table 4).

Bijectiveness and balanacedness
An S-box is bijective if each input value is mapped to one and only one output value and each output value is derived from a unique input value.The decryption process in any cryptographic algorithm uses the inverse of S-box so a bijective S-box is an essential component for such algorithms.Moreover, a non-bijective S-box has weak cryptographic properties as compared to a bijective S-box.A boolean function is balanced if its truth table has an equal number of zeros and ones.An S-box is balanced if all of its component boolean functions are balanced.The security of a cryptographic technique using an imbalanced S-box can be compromised because its output distribution is biased towards specific bit values for some or all of its input values.Our proposed S-box is bijective and balanced.Moreover, it has no fixed points.

Nonlinearity (NL)
Nonlinearity is the quality of an S-box that deviates significantly from a linear connection between its input and output bits.In simpler terms, the output bits of an S-box cannot be predicted accurately by a simple linear combination of its input bits.Cryptography requires high nonlinearity in an S-box because it enhances system security by rendering it difficult for an attacker to deduce the input bits from the output bits.Various statistical tests, such as the correlation coefficient and Walsh transform, can measure nonlinearity.Our proposed S-box also achieves the optimal nonlinearity value of 112.The nonlinearity of an S-box can be calculated by the following where WHT  is the Walsh Hadmard Transformation of  .

Strict avalanche criteria (SAC)
Strict avalanche criteria (SAC) [39] is a property that defines the behavior of an S-box in response to a small change in its input.It specifies that when a single bit of the input to an S-box is flipped, the output should change in an unpredictable and completely random manner with each output bit changing with a probability of exactly 0.5.In other words, the S-box should exhibit maximum diffusion, where any small change in the input propagates through the S-box, resulting in significant changes in the output.The SAC property is critical in cryptography as it ensures that any small modification in the input data results in a drastic transformation of the output making it challenging for attackers to decipher the original input data from the output data.If  () ⊕ ( ⊕ ) is a balanced function for all  such that   () = 1 then  satisfies the strict avalanche criterion.

Bit independence criteria (BIC)
Bit independence criteria for an S-box refers to a set of properties that specify the statistical independence between the input and output bits of an S-box.The criteria define the conditions that must be satisfied by the S-box to ensure that its output bits are statistically independent of its input bits.For the bit outputs   ,   (1 ≤ ,  ≤ ,  ≠ ) of an S-box, if   ⊕   is highly nonlinear and satisfies the strict avalanche criteria then the S-box fulfills BIC.

Linear approximation probability (LP)
The linear approximation probability of an S-box is a measure of the degree to which an S-box can be approximated by a linear function.In other words, it is a measure of the correlation between the input and output of an S-box when both are represented as binary vectors.
To compute the linear approximation probability of an S-box, we need to consider all possible pairs of input and output vectors and count the number of pairs that satisfy a specific linear equation.The linear approximation probability is then defined as the difference in the proportion of pairs that satisfy the linear equation with 0.5.S-boxes with low linear approximation probabilities are generally considered to be more secure against cryptographic attacks.LAP can be computed by the following equation where ,  are the input and output masks respectively.

Differential approximation probability (DP)
The highest absolute difference between the occurrences of two separate input differences that lead to a given output difference across all conceivable input differences is known as the differential uniformity (DU) of an S-box.It measures the maximum difference between the probabilities of two input differences producing a certain output difference.This definition is useful for understanding how differential attacks work.Attackers look for input variations that enhance the probability of a specific output variation and these attacks can be thwarted by S-boxes with higher differential uniformity.The differential approximation probability (DP) is defined by while DU is calculated by using where Δ is the input and Δ is the output differential.

Application of proposed S-box in image encryption
In this section we will utilize the proposed S-box for encryption of medical images.We will check the effectiveness of image encryption algorithm by applying different tests on input image and cipher image.

Entropy
Entropy is a measurement of how chaotic or random the pixel values in an image are.Using Shannon's entropy formula, which takes into consideration the probability distribution of the various pixel values in the image, the entropy of an image may be computed.Entropy is calculated by the mathematical formula When all 256 pixel values occur with the same probability an 8-bit gray scale image has an entropy value of 8 which is the greatest attainable value.Since the pixel values in a cipher image with an entropy value close to 8 are scattered as uniformly as possible, it is challenging to anticipate the original image from the cipher image.

Correlation
A mathematical procedure known as correlation involves swiping a filter over a picture and analyzing how similar the filter and the corresponding pixels in the image are.Correlation in the context of image encryption describes how similar the original and encrypted images are to one another.The strength of the encryption algorithm can be evaluated by looking at the correlation between the two images.An ideal correlation coefficient value for an image encryption system should be as close as 0. In practice, a correlation coefficient value of less than 0.1 is typically regarded as a reliable indicator of a high-quality encryption scheme, while a value greater than 0.1 denotes a possibility of weak encryption and the possibility of recovering the original image content from the encrypted image.The following formula can be used for calculating correlation; In this formula,  and  are the two images being compared,  is the number of pixels in the image.

Mean square error (MSE)
MSE is used to assess the quality of an image encryption protocol.
The MSE value provides a quantitative measure of the distortion introduced by the encryption process.A lower MSE indicates less distortion and better encryption quality.

Peak signal to noise ratio (PSNR)
PSNR is also used to assess the efficacy of image encryption algorithms along with MSE.It quantifies the proportionality between the signal's maximum potential power and the power of the distortion introduced by the encryption process.PSNR = 10 ⋅ log 10 ( whereas  is the maximum pixel value.The PSNR value represents the quality of the encrypted image.Higher PSNR values indicate lower distortion and hence better encryption quality.

Key space analysis
Keyspace analysis establishes the number of distinct keys that may be developed and employed.A larger key space is preferred since it increases the number of keys that an attacker must attempt in a brute-force assault to successfully decrypt data.Brute force attacks consist of repeatedly trying every key until the right one is discovered.This increases the safety of the encryption technique since a wider key space makes brute force attacks more computationally expensive and time-consuming.An image encryption scheme can withstand brute force attacks if its key space is at least 2 100 .The key space of our algorithm is 2 256 (Tables 5, 6, Figs.1-8).

Conclusion
When used to encrypt medical images, the use of a new irreducible polynomial to build an S-box through the Mobius transformation has produced remarkable results that significantly outperform those of other encryption techniques.This accomplishment highlights the value of cutting-edge mathematical ideas and cryptographic methods in enhancing the security of sensitive medical data.Our method provides a dependable way to guarantee anonymity in healthcare by securely protecting patient information and diagnostics.It demonstrates the capability of cutting-edge research to address practical issues and increase data security, indicating improved prospects for the protection of medical and other sensitive data in our digital age.

Declaration of competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
+  3 +  2 + 1 to design S-boxes and no discussion was made about cryptographic properties of other 29 irreducible polynomials.In this article, we selected a novel irreducible polynomial and used a specific Mobius transformation  +   +  such that  −  ≠ 0 and , , , ,  ∈  (2 8 ) to generate the elements of S-box.It is important to assess the algebraic strength of the S-box before employing it in a cryptosystem because it is the only non-linear component of a block cipher.The algebraic strength of a substitution box is measured by various tests such as non-linearity, strict avalanche criteria, probability of linear approximation(LP), probability of differential approximation (DP), and bit independence criterion (BIC).

Table 2
Algorithm for S-box.

Table 4
Algebraic analysis of proposed and some well-known S-boxes.

Table 5
Results of different tests on image encryption scheme.

Table 6
Comparative analysis of image encryption scheme.