Chaos-Lifted S-box

Updated 22 November 2025

Chaos-lifted S-boxes are nonlinear substitutions derived from chaotic dynamical systems, offering key-dependent permutations to boost cipher confusion.
Their construction involves iterative chaotic mapping, quantization, and deduplication to ensure bijectivity and defend against algebraic, differential, and linear attacks.
They are applied in block ciphers, 6G physical-layer security, and real-time image encryption, with efficient hardware implementations supporting dynamic reconfiguration.

A chaos-lifted substitution box (S-box) is a nonlinear mapping constructed using chaotic dynamical systems in order to achieve high confusion, key-dependency, and reconfigurability in symmetric cryptography. Unlike algebraically defined S-boxes (e.g., AES), chaos-lifted S-boxes derive their bijective permutations through iteration, quantization, and conditioning of outputs from one- or multi-dimensional chaotic maps. This approach leverages the sensitivity, pseudo-randomness, and ergodicity of chaos to harden ciphers against algebraic, differential, and linear cryptanalysis, as well as precomputation and side-channel attacks. Chaos-lifted S-boxes are applied across settings including block ciphers, physical-layer security for 6G, and real-time image encryption.

1. Mathematical Foundations and Construction Methodologies

Chaos-lifted S-box construction begins with the selection of a discrete-time chaotic map, such as the Logistic-Sine Map (LSM) (Fadhil et al., 9 Sep 2025), a piecewise hybrid map (AHYB) (Ishaq et al., 2023), a lagged Logistic map (Cassal-Quiroga et al., 2019), or the $\beta$ -transformation (Cherkaoui et al., 15 Nov 2025). The typical workflow is as follows:

Parameterization: Map parameters—expansion rate, initial seeds, or control coefficients—are derived from the cryptographic key using linear scaling or a hash-based key derivation function.
Chaotic Iteration and Quantization: The map is iterated, folding outputs into the unit interval. Outputs are quantized to integers (e.g., 8-bit values) by scaling and flooring, producing candidate entries for the S-box.
Deduplication: Values are added to the S-box table only if not previously included. This ensures the resulting mapping is a permutation (bijective), crucial for invertibility.
Heuristic or Diffusion Postprocessing (optional): Some schemes perform additional random or key-conditioned shuffling, e.g., Fisher–Yates with chaotic indices (Ahmad et al., 2017), or guided swaps accepting only nonlinearity-improving moves (Ishaq et al., 2023).
Dynamic Update or Dyadic Sampling: In certain constructions, the S-box is regenerated per block, per session, or even per pixel, using new seeds or conditioned subsets of the chaotic trajectory (Cherkaoui et al., 15 Nov 2025, Ahmad et al., 2017).
Integration with Algebraic Transforms: For stronger algebraic immunity, outputs may pass through affine–power–affine layers (e.g., $S_{APA}(u)=A(P(A(u)))$ ) as in APA-enhanced designs (Ahmad et al., 2017).

Key chaotic maps and their defining equations include:

Logistic-Sine Map: $x_{n+1} = [ r\sin(\pi x_n) + \mu x_n(1-x_n) ] \bmod 1$ (Fadhil et al., 9 Sep 2025)
AHYB Map: piecewise, $X_{n+1} = (2+A)X_n$ if $X_n<1.5$ ; $A+X_n^{0.9}$ if $1.5\le X_n<3$ ; $X_n(A-X_n)$ if $X_n\ge3$ (Ishaq et al., 2023)
Lagged Logistic Map: combines $x_{i-10},x_{i-5},x_i$ and $x_{i-10},x_{i-6},x_i$ for two orbits, with binary thresholding (Cassal-Quiroga et al., 2019)
$\beta$ -transformation: $T_\beta(x) = \{\beta x\}$ and dyadic conditional sampling (Cherkaoui et al., 15 Nov 2025)

2. Cryptographic Properties and Security Metrics

Chaos-lifted S-boxes are evaluated against established cryptographic criteria for $n\times n$ S-boxes, targeting or benchmarking against AES properties:

Bijectivity: Ensured by construction; all 256 outputs are unique.
Nonlinearity (NL): For coordinate function $f$ , $NL(f) = 2^{n-1} - (1/2)\max_\omega |W_f(\omega)|$ ; values $\sim$ 100–112 for $n=8$ (Ishaq et al., 2023, Cassal-Quiroga et al., 2019, Cherkaoui et al., 15 Nov 2025, Ahmad et al., 2017).
Differential Uniformity (DP): $\max_{\Delta x\neq 0, \Delta y} \Pr [S(x)\oplus S(x\oplus\Delta x)=\Delta y]$ ; typical maximum differential probabilities $0.03125$–$0.04$ (Cherkaoui et al., 15 Nov 2025, Ishaq et al., 2023).
Strict Avalanche Criterion (SAC): Flipping any input bit toggles each output bit with $\approx 0.5$ probability.
Bit Independence Criterion (BIC): Output bits change independently under single-bit input flips.
Linear Approximation Probability (LP): $\max_{a\ne0, b}\left|\Pr[a\cdot x\oplus b\cdot S(x)=0]-1/2\right|$ ; reported values $0.0625$–$0.13$ for optimized schemes (Cherkaoui et al., 15 Nov 2025, Ishaq et al., 2023).
Algebraic Degree: Degrees up to 7 (optimal for 8-bit S-box) are attained via chaos-lifting strategies (Cherkaoui et al., 15 Nov 2025).

Empirical comparisons (sampled from (Ishaq et al., 2023)):

Metric	Chaos-Lifted (Proposed)	AES S-box	Recent Chaos (T&O)
NL (avg)	109.5	112	104–108
SAC	0.5007	0.5000	0.4960
DP (max)	0.0391	0.03125	0.1406
LP (max)	0.1328	0.0625	0.1560

These metrics indicate chaos-lifted S-boxes can match or exceed the resistance of classical S-boxes to linear and differential attacks, conditional on map ergodicity and key management.

3. Reconfigurability, Key Management, and Agility

A central advantage of chaos-lifted S-boxes is their ability to produce session-dependent, key-conditioned confusion layers, directly addressing precomputation and side-channel threats:

Key Derivation: S-box construction is keyed via hash-based derivation of chaotic parameters from the master key (Fadhil et al., 9 Sep 2025, Ishaq et al., 2023, Cherkaoui et al., 15 Nov 2025).
Dynamic Regeneration: S-boxes may be refreshed per block or image, per session, or per device/transaction, supporting slice-oriented security for 6G (Cherkaoui et al., 15 Nov 2025), ephemeral image encryption (Fadhil et al., 9 Sep 2025), or per-row substitutions (Cassal-Quiroga et al., 2019).
Seed Sensitivity: High sensitivity of chaotic orbits to seeds yields a massive effective S-box key space; e.g., $10^{81}$ (Ishaq et al., 2023), $>2^{465}$ (Ahmad et al., 2017), defeating brute-force attacks.

Practical recommendations include precomputing S-boxes per key, avoiding repeated seeds, and combining chaotic parameterization with classical key schedules to guard against S-box recovery and enable forward secrecy (Ishaq et al., 2023).

4. Integration into Cryptosystems and Application Domains

Chaos-lifted S-boxes have been embedded as confusion layers within block ciphers, stream ciphers, and applied directly to multimedia data protection:

Block Cipher Integration: Drop-in replacement of static S-boxes in CAST-128 (Fadhil et al., 9 Sep 2025) and SPN architectures (Cherkaoui et al., 15 Nov 2025). Dynamic S-boxes are regenerated with each encryption session, increasing unpredictability of confusion layers. The replacement in CAST-128 covers all S-box lookups per round with a single chaos-driven permutation, while SPN ciphers may use multiple fresh S-boxes as dictated by slice/session for physical-layer security.
Image and Multimedia Encryption: Applications exploit dynamic S-box regeneration for each image block or row, achieving high entropy ( $\sim8$ ), near-maximal NPCR ( $>$ 99.6%), and robust UACI ( $\sim33$ \%) (Fadhil et al., 9 Sep 2025, Cassal-Quiroga et al., 2019, Ahmad et al., 2017).
Physical-Layer Security (PLS): In 6G, chaos-lifted S-boxes support per-session/device reconfigurability, low-latency, hardware implementations with minimal gate count ( $\sim$ 3 kGE), and sub-100 $\mu$ s generation time (Cherkaoui et al., 15 Nov 2025).

Applications extend to secure surveillance, resource-constrained IoT streaming, and VPN data protection (Ishaq et al., 2023, Cherkaoui et al., 15 Nov 2025, Fadhil et al., 9 Sep 2025).

5. Hardware Implementation and Efficiency

Chaos-lifted S-box engines are hardware-efficient compared to classical lookup-table approaches:

Core Components: Implementations require fixed-point MAC units, few hundred logic gates (FPGA: 2 000 LUTs, 300 FFs), small BRAM for maps and seen-bits, and simple FSM/control logic (Cherkaoui et al., 15 Nov 2025).
Performance: S-box generation latency at 200 MHz ranges from 67–127 $\mu$ s depending on dyadic extraction frequency; energy costs are $<$ 0.14 $\mu$ J per generation (Cherkaoui et al., 15 Nov 2025). Standard encryption or decryption times remain competitive with, or superior to, reference ciphers (e.g., CAST-128: 25 ms per 256×256 block (Fadhil et al., 9 Sep 2025)).
Diffusion Layer Pairing: For ciphers with limited rounds, chaos-lifted S-boxes are paired with compact MDS matrices to proliferate the effect of strong, but not optimal, differential and linear metrics throughout the cipher (Cherkaoui et al., 15 Nov 2025).

A plausible implication is that such resource profiles enable deployment in latency- and energy-constrained environments, notably in URLLC and edge-cloud networking contexts.

6. Security Analysis, Limitations, and Comparative Context

Empirical results across references demonstrate strong nonlinearity, low DP, and robust avalanche/bit-independence (Ishaq et al., 2023, Cherkaoui et al., 15 Nov 2025, Cassal-Quiroga et al., 2019, Ahmad et al., 2017). Nevertheless, critical considerations include:

Parameter Selection: Security critically depends on the chosen map and parameterization. Poorly tuned maps may exhibit short cycles, redundant orbits, or statistical bias (Fadhil et al., 9 Sep 2025).
Symmetry Risks: Reusing a single chaos-lifted S-box for all rounds or all S-box positions may introduce structural exploitability; a plausible implication is the need for multiple distinct or perturbed S-boxes per round (Fadhil et al., 9 Sep 2025).
Dimension and Map Choice: Most published designs are one-dimensional; higher-dimensional, non-degenerate chaotic systems may further strengthen S-box unpredictability, as noted in 2D-ECM approaches (Liu et al., 2021).
Metric Gaps: Not all schemes report full sets of nonlinear/differential metrics; validation in implementation contexts is necessary to assure resistance to side-channel and higher-order attacks (Fadhil et al., 9 Sep 2025).

7. Directions and Comparative Table

A summary of key chaos-lifted S-box instantiations follows:

Reference	Map/Method	NL (avg)	DP (max)	SAC	Application Domain
(Fadhil et al., 9 Sep 2025)	Logistic–Sine (LSM)	N/A	N/A	Yes	Image encryption (CAST-128)
(Ishaq et al., 2023)	Piecewise AHYB	109.5	0.0391	0.5007	VPN/data symmetry
(Cherkaoui et al., 15 Nov 2025)	$\beta$ -transform	102.5	0.039	N/A	6G/PLS, hardware slices
(Cassal-Quiroga et al., 2019)	Lagged logistic	96–104	≤0.02	0.50	Dynamic S-box/image
(Ahmad et al., 2017)	PWLCM+Fisher-Yates	≥100	≤0.02	0.50	Image encryption (Latin sq.)

This field is rapidly evolving, with advances targeting dynamic reconfigurability, hardware efficiency, and proof of resilience to contemporary attack modalities. Comparative research shows chaos-lifted S-boxes, when properly constructed and integrated, are competitive with or superior to algebraic S-boxes across key metrics, provided map and hardware constraints are carefully addressed (Ishaq et al., 2023, Cherkaoui et al., 15 Nov 2025, Cassal-Quiroga et al., 2019).