Hybrid multi-criteria decision-making technique for the selection of best cryptographic multivalued Boolean function

Abstract

Robustness of modern information confidentiality algorithm depends on its individual components. Modern block ciphers highly depend on two components namely confusion and diffusion. These two main characteristics in any modern cipher are achieved by substitution and permutation boxes. In this article, a decision-making algorithm is utilized for the selection of optimum substitution box (S-box), which plays a significant role in the field of information confidentiality. For this purpose, an interval-based Pythagorean fuzzy technique for order of preference by similarity to the ideal solution (IVPF–TOPSIS) method is introduced to get the desired nonlinear confusion component of block cipher namely S-box. In this manner, we performed cryptographic analyses of standard S-boxes namely nonlinearity (NL), strict avalanche criterion (SAC), bit-independent criterion (BIC), absolute indicator (ABI), the sum of square and absolute indicator (SSAI), algebraic degree (AD), algebraic immunity (AI), transparency order (TO), composite algebraic immunity (CAI), robustness (RB), signal to noise ratio (SNR), confusion coefficient of variance (CCV). With these cryptographic characteristics, we have used interval-valued based Pythagorean fuzzy TOPSIS multi-criteria decision-making technique to classify standard S-boxes suitable for construction of modern block ciphers.

Introduction

Decision-making plays an important role in our daily life. A decision is an action of collection or option of one accomplishment from various preferences. The process of selecting an optimum and profitable plan of action from two or more options to attain a preferred result is known as decision-making. Our daily life is all about making decisions. Decisions reinforce the complete management process in any organization. Decision-making is needed for concentrating on main issues and optimized the gains from offered prospects. Appropriate decisions reduce the complication, ambiguity, and variety of administrative situations. Several subjective and objective types of multi-criteria decision-making techniques were developed so far for the selection of best options among different conflicting alternatives. There are individual and group-based decision-making techniques with different weighting mechanism to minimize or maximize various criteria upon which optimum selection of alternatives is based on.

Multi-criteria decision-making (MCDM) techniques deals with various complex problems in various fields of sciences and engineering that cannot be resolved using classical methods due to a large number of uncertainties and vagueness present in their data analysis. To counter these problems, Zadeh [1] presented the idea of a fuzzy set in which a membership value is assigned to every element of a set within a unit interval [0,1]. However, fuzzy sets do not provide a non-membership value which is sometimes necessary to handle uncertain and vague information. To deal with this, Attanassov [2] presented the idea of the intuitionistic fuzzy set (IFS) where both, the membership values and non-membership values are given with the property that their addition does not exceed 1.

In real-life problems, interval-based information is sometimes necessary to handle uncertain and vague information. To deal with such a problem, Attanassov and Gargov [3] presented the idea of an interval-based intuitionistic fuzzy set (IVIFS) in which interval-based membership value and non-membership value are given. During the most recent couple of years, IFS and IVIFS have effectively been utilized in numerous fields of life such as disease diagnosis, and face recognition [4,5,6,7,8]. However, in many real-life applications, it is not constantly feasible to provide the preferences under this limitation. For example, an individual may assign a worth 0.7 and 0.5 to an object as a membership value and non-membership value separately, then, at that point 0.7 + 0.5 > 1. Thus (IFS) fails to handle these types of preferences.

To deal with such preferences, Yagar [9, 10] generalized IFS to Pythagorean fuzzy set (PFS) with condition that the square sum of preference values does not exceed 1. In real-life applications, PFS is used where IFS fails to handle the situations. For instance, for the above-mentioned example, it is easily observed that \({(0.7)}^{2}\) +\({(0.5)}^{2}\) \(\le \) 1. Thus, PFS better handle those situations where IFS fails. Peng and Yang [11] put forward an idea of an interval-based Pythagorean fuzzy set (IVPFS). We will discuss these concepts in detail in the next section.

MCDM is a commonly applied methodology for solving real-life decision problems effectively. It aims to find the ideal alternatives from the set of possible alternatives, characterized by multiple criteria. Over the past few decades, various techniques have been set up for tackling MCDM issues [12,13,14,15]. The most commonly used MCDM techniques includes Analytical hierarchy process (AHP), Fuzzy analytical hierarchy process (FAHP), Entropy method, Weighted aggregated sum (WAS), Weighted aggregated product method (WASPM) and Vise Kriterijumska Optimizacija Kompromisno Revenge (VIKOR).

Among them, TOPSIS [16] is the most effective method that utilizes the idea of choosing an ideal solution that is nearer to a positive ideal solution (PIS) and a long way from a negative ideal solution (NIS). TOPSIS method has effectively been applied by many researchers in a fuzzy environment [17,18,19,20,21,22]. Zhang and Xu [23] applied (PF) TOPSIS method in decision-making applications. Garg [24] utilizes interval-based data by introducing the IVPF-TOPSIS method. In this work, we use the technique [24] to select the best (S-box).

In the present world, security and confidentiality are the existing challenges for researchers. To overcome these challenges, strong cryptographic algorithms are designed nowadays, keeping the property to resist any differential and linear cryptanalysis attacks. The construction of modern block cipher is based on confusion and diffusion components. These two components are building blocks of any modern information confidentiality mechanisms. The idea to add confusion and diffusion in modern information secrecy techniques is to make it resistant against various cryptographic attacks. These two characteristics can be achieved through substitution box (S-box) and permutation box (P-box). An S-box is generally a nonlinear mapping which is used nowadays in modern ciphers schemes. The ability of encryption depends on the strength of this nonlinear component in manipulating the input information. Many techniques have been introduced in the literature for constructing secure S-boxes [25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42]. Multi-criteria decision-making techniques were already used extensively for various problems in literature [42,43,44,45,46,47,48,49].

Our contributions

In this work, a decision-making algorithm is utilized to select the suitable S-box. Our contributions are summarized as follows:

• We first look into the results by investigating the cryptographic properties of some standard S-boxes.

• Secondly, the TOPSIS method based on the IVPF set is applied to analyze the results to reach the final decision.

• We ranked best nonlinear confusion component of block ciphers which can be utilized in any modern information confidentiality mechanism.

The rest of the article is organized as follows: “Some basic preliminaries” is devoted to background. In “Cryptographic properties of S-boxes”, we added standard cryptographic analysis. The IVPF-based TOPSIS method is applied to choose the desired S-box is presented in “Selection of optimum nonlinear confusion component based on interval-valued Pythagorean fuzzy set”. In “Results and discussion”, we added results and discussions of our proposed method on S-boxes. “Conclusion” is dedicated to conclusion and future recommendations.

Some basic preliminaries

In this section, we will defined some fundamental definitions will be helpful in following sections of our article.

Definition 1.

Let G be a ground set. A fuzzy set F in G is defined as

F = {(g, \({\alpha }_{\mathrm{F}}\)(g)) | g \(\in \mathrm{G }\},\) where\({\mathrm{ \alpha }}_{\mathrm{F}} :\mathrm{ G}\to [0, 1]\), is the membership value of every element g \(\in \mathrm{G}\) to F [1].

Definition 2.

Let G be a ground set. An intuitionistic fuzzy set (IFS) I in G is defined as.

$$ I \, = \, \left\{ {\left( {g,\alpha_{1} \left( g \right),\beta_{1} \left( g \right)} \right)| \, g \in G} \right\}, $$

where \({\alpha }_{I} :\mathrm{G}\to \left[0 , 1\right]\) and \({\beta }_{I} :\mathrm{ G}\to [0, 1]\) indicates the membership value and non-membership value of every element \(g\in G\) to I, respectively, with the condition \({0\le \alpha }_{I}\)(g) + \({\beta }_{I}\)(g)\(\le 1.\) The indeterminacy value is given by \({\rho }_{I }\left(g\right)=1-{\alpha }_{I}\left(g\right)-{\beta }_{I}(g).\) For simplicity, Yager and Xu called the pair (\({\alpha }_{I}\)(g),\({ \beta }_{I}\)(g)) an IF number and is represented by I = (\({\alpha }_{I}\), \({\beta }_{I}\)) [2].

Definition 3.

Let G be a ground set. An interval-valued intuitionistic fuzzy set (IVIFS) A in G is defined as

$$\begin{aligned} A\, &= \,\left\{ \left( g,{ }\left[ \left( \alpha_{A} \left( g \right) \right)^{l} ,{ },\left( \alpha_{A} \left( g \right) \right)^{u} \right], \right.\right.\\ &\quad \times\left.\left. \left[\left( \beta_{A} \left( g \right) \right)^{l} ,\left( \beta_{A} \left( g \right) \right)^{u} \right] \right), | { }g \in G \right\},\end{aligned} $$

where \({\alpha }_{A} :\mathrm{ G}\to \mathrm{ L}\left[0, 1\right]\) is the membership interval denoted by\([{({\alpha }_{A}(\mathrm{g}))}^{l}\), \({ ({\alpha }_{A}(\mathrm{g}))}^{u}\)] with \({({\alpha }_{A}(\mathrm{g}))}^{l}\) \(\le \) \({({\alpha }_{A}(\mathrm{g}))}^{u}\) and \({\beta }_{A} :\mathrm{ G}\to \mathrm{ L}\left[0, 1\right]\mathrm{ is}\) the non-membership interval denoted by\([{({\beta }_{A}(\mathrm{g}))}^{l}\),\({({\beta }_{A}(\mathrm{g}))}^{u}\)] with \({({\beta }_{A}(\mathrm{g}))}^{l}\) \(\le {({\beta }_{A}(\mathrm{g}))}^{u}\) to each element \(g\in G\) to A, respectively, with condition \({({\alpha }_{A}(\mathrm{g}))}^{u}+{({\beta }_{A} (\mathrm{g}))}^{u}\le 1.\) \(\mathrm{For every g} \in G,\) \({\alpha }_{A}\) and \({\beta }_{A}\) are the closed subinterval of\([0, 1]\). For simplicity, the IVIF number is represented by A = ([\({a}_{1}\), \({b}_{1}\)], [\({a}_{2}\), \({b}_{2}\)]), where \({b}_{1}\) + \({b}_{2}\) \(\le \) 1 [3].

Definition 4.

Let G be a ground set. A Pythagorean fuzzy set (PFS) P in G is defined as [9]

$$ P \, = \, \left\{ {\left( {g,\alpha_{p} \left( g \right),\beta_{p} \left( g \right)} \right)| \, g \in G,} \right\} $$

where \({\alpha }_{P } :G\to \left[0 , 1\right]\) indicates the membership value and \({\beta }_{P} :\mathrm{G }\to [0 , 1]\) indicates the non-membership value of an element \(\mathrm{g}\in \mathrm{G}\) to the set P, respectively, with condition \(0\le \) \({({\alpha }_{P}(g))}^{2}\) +\({({\beta }_{P}(g))}^{2} \le 1\). The indeterminacy value is given by

$${\rho }_{P}\left(g\right) ={(1 -\left({\left({\alpha }_{P}\left(g\right)\right)}^{2}+ {\left({\beta }_{P}\left(g\right)\right)}^{2}\right))}^{0.5}$$

Zhang and Xu denote the pair (\({\alpha }_{P}\)(g), \({\beta }_{P}\)(g)) as PF number and is represented by P = (\({\alpha }_{P}\),\({\beta }_{P}\)).

Definition 5.

Let G be a ground set. An interval-valued Pythagorean fuzzy set (IVPFS) \({I}_{P}\) in G is defined as [11]

$$\begin{aligned} I_{p} &= \left\{ {\left( {g, \left[ {\left( {\alpha_{{I_{P} }} \left( g \right)} \right)^{l} ,\,\left( {\alpha_{{I_{P} }} \left( g \right)} \right)^{u} } \right],}\right.}\right. \\ & \quad\left.{\left.{ \times\left[ {\left( {\beta_{{I_{P} }} \left( g \right)} \right)^{l} ,\left( {\beta_{{I_{P} }} \left( g \right)} \right)^{u} } \right]} \right)|g \in G} \right\}\end{aligned} $$

where \({\alpha }_{{I}_{P}}\mathrm{ G}\to \mathrm{ L}[0 , 1]\) ithe membership interval denoted by\([{({\alpha }_{{I}_{P}}(g))}^{l}\), \({({\alpha }_{{I}_{P}}(g))}^{u}\)] with \({({\alpha }_{{I}_{P}}(g))}^{l}\) \(\le {({\alpha }_{{I}_{P}}(g))}^{u}\) and \({\beta }_{{I}_{P}} : G\to [0 , 1]\) is the non-membership interval denoted by \([{({\beta }_{{I}_{P}}(g))}^{l}\),\({({\beta }_{{I}_{P}}(g))}^{u}\)] with \({({\beta }_{{I}_{P}}(g))}^{l}\) \(\le \) \({({\beta }_{{I}_{P}}(g))}^{u}\) to each element \(g\in G\) to \({I}_{P},\) respectively, with condition \({({({\alpha }_{{I}_{P}}(g))}^{u})}^{2}+ {({({\beta }_{{I}_{P}}(g))}^{u})}^{2}\le 1.\) For every g g\(\in G\), \({\alpha }_{{I}_{P}}\) and \({v}_{{I}_{P}}\) are the closed subinterval of \([0 , 1]\).For simplicity IVPF number is denoted by \({I}_{P}\) = ([\({a}_{1}\), \({b}_{1}\)], [\({a}_{2}\), \({b}_{2}\)]) \({{b}_{1}}^{2}+ { {b}_{2}}^{2}\le 1\). The indeterminacy value is given by:

$$\begin{aligned} \rho_{{I_{P} }} \left( g \right) &= \left[ \left(1 {-}\left( \left( \alpha_{{I_{P} }} \left( g \right) \right)^{u}\right)^{2} - \left( \left( \beta_{{I_{P} }} \left( g \right)\right)^{u} \right)^{2} \right)^{0.5} ,\right.\\ &\left. \left( 1 {-} \left( \left( \alpha_{{I_{P} }} \left( g \right) \right)^{l} \right)^{2} - \left( \left( \beta_{{I_{P} }} \left( g \right) \right)^{l} \right)^{2} \right)^{0.5} \right]\end{aligned} $$

.

Definition 6.

Interval-valued Pythagorean fuzzy numbers can be graded using score function which is given as follows [9]:

$$S({I}_{P}) =\frac{({{a}_{1}}^{2} +{{b}_{1}}^{2} -{{a}_{2}}^{2} -{{b}_{2}}^{2} )}{2} ,$$

(1)

where \({I}_{P}\) = ([\({a}_{1}\), \({b}_{1}\)], [\({a}_{2}\),\({b}_{2}\)]) be any IVPF number with \(-1\le \) S \(({I}_{P})\le \) 1. However, it is observed in many cases that score function is unable to grade IVPF number. For example, let \({I}_{P1}\) = [0.4, 0.5], [0.4, 0.5] and \({I}_{P2}\) = [0.6, 0.7], [0.6, 0.7] be two IVPF numbers, then using Eq. (1), we have S (\({I}_{\mathrm{P}1}\)) = S (\({I}_{\mathrm{P}2}\)) = 0. Thus, it is unable to find the best between them. To counter this problem an accuracy function [9] is introduced which is defined as:

$$Z \left({I}_{P}\right)= \frac{({{a}_{1}}^{2} +{{b}_{1}}^{2}+{{a}_{2}}^{2}+{{b}_{2}}^{2} )}{2}$$

(2)

where \(0\le \) Z \(({I}_{P})\le \) 1. If we apply Eq. (2) in above example, we get Z (\({I}_{\mathrm{P}1}\)) = 0.41 and Z (\({I}_{\mathrm{P}2}\)) = 0.85. Here it is clearly observed that \({I}_{P1}\) < \({I}_{P2}\). Based on above observation, a comparison method is formulated as follows:

Proposition

For any two IVPF numbers\(, {I}_{P1}\) and \({I}_{P2}\) the following results hold [9],

1. 1.

   If S (\({I}_{P1}\)) < S (\({I}_{P2}\)), then \({I}_{P1}\) < \({I}_{P2}\).

2. 2

   If S (\({I}_{P1}\)) > S (\({I}_{P2}\)), then \({I}_{P1}\) > \({I}_{P2}\).

3. 3

   If S (\({I}_{P1}\)) = S (\({I}_{P2}\)),

   1. (i)

      If Z (\({I}_{P1}\)) < Z (\({I}_{P2}\)), then \({I}_{P1}\) < \({I}_{P2}\).

   1. (ii)

      If Z (\({I}_{P1}\)) > Z (\({I}_{P2}\)), then \({I}_{P1}\) > \({I}_{P2}\).

   1. (iii)

      If Z (\({I}_{P1}\)) = Z (\({I}_{P2}\)), then \({I}_{P1}\) \(\sim \) \({I}_{P2}\).

Limitations of existing score and accuracy function

Here, we consider an example which illustrates that, both, the score and the accuracy functions are inadequate to provide the correct information about the IVPF numbers used in the decision process.

Example

Let \({I}_{P1}\)= ([0, 0.5], [0.1, 0.8]) and \({I}_{P2}\) = ([0.3, 0.4], [0.4, 0.7]) be two IVPF numbers, then using Eq. (1), we have.

$$S\,(I_{{P1}} ) = - 0.2\,and\,S\,(I_{{P2}} ) = - 0.2 $$

Now using Eq. (2), we have.

$$ S\,(I_{{P1}} ) = - 0.2\,and\,S\,(I_{{P2}} ) = - 0.2 $$

Therefore, by proposition 2.1 (iii) \({I}_{P1}\) \(\sim \) \({I}_{P2}\). But it is clear that \({I}_{P1}\) \(\ne \) \({I}_{P2}\). Hence, both score function and accuracy function are not sufficient to grade IVPF numbers, so there is a need of an efficient score function which addresses this problem.

Improved score function

Garg [22] improved the score function by taking into account the indeterminacy information of an IVPF number which is given by:

$$ {\text{Q}}{\mkern 1mu} (I_{P} ) \!=\! \frac{{(a_{1} ^{2} \!-\! a_{2} ^{2} )(1 + (1 \!-\! a_{1} ^{2} - a_{2} ^{2} )^{{o.5}} ) + (b_{1} ^{2} \!-\! b_{2} ^{2} )(1 + (1 \!-\! b_{1} ^{2} \!-\! b_{2} ^{2} )^{{0.5}} )}}{2} $$

(3)

where \(-1\le \) Q \(({I}_{P})\le \) 1. Garg presented comparison laws based on improved score function which is defined as follows:

• If Q (\({I}_{P1}\)) < Q (\({I}_{P2}\)), then \({I}_{P1}\) <\({I}_{P2}\).

• If Q (\({I}_{P1}\)) > Q (\({I}_{P2}\)), then \({I}_{P1}\) >\({I}_{P2}\).

• If Q (\({I}_{P1}\)) = Q (\({I}_{P2}\)), then \({I}_{P1}\) \(\sim \) \({I}_{P2}\).

Now, let us check the effectiveness of the proposed score functions. Consider two IVPF numbers defined in Example 2.1 then after applying Eq. (3), we have.

$$ Q\,(I_{{P1}} ) = - 0.5393\,{\text{and}}\,Q\,(I_{{P2}} ) = - 0.6558 $$

Hence Q (\({I}_{P1}\)) > Q (\({I}_{P2}\)) \(\Rightarrow \) \({I}_{P1}\) >\({I}_{P2}\). Garg [22] proved some important results for improved score function which are discussed below:

$$ {\text{If}} \, I_{p} = \, \left( {\left[ {{1},{ 1}} \right], \, \left[ {0, \, 0} \right]} \right){\text{ then Q }}(I_{p} ) \, = { 1}. $$

(4)

$$ {\text{If \, I}}_{p} = \, \left( {\left[ {0, \, 0} \right], \, \left[ {{1},{ 1}} \right]} \right){\text{ then \, }} {\text{Q }}(I_{p} ) \, = \, - {1}. $$

(5)

The classification of different types of set are given in Figs. 1, 2 shows different types of uncertain parameters in fuzzy numbers. The generalization of fuzzy sets and their corresponding extensions are given in Fig. 3, along with their historical publication years and name of researchers. These classifications are nowadays used in several designs of multi-criteria decision-making schemes for the classification and ranking of given data set.

Fig. 1

Classical to fuzzy sets classification

Fig. 2

Different types of uncertainty parameters of fuzzy numbers

Fig. 3

Extension and generalization of fuzzy set

Multi-criteria decision-making

Multi-criteria decision-making is defined as a mathematical tool permit the comparative investigation of various available situations or alternatives based on several criteria and sub-criteria, often conflicting to direct the policy makers or stakeholders concerning an optimum selection. Mathematically, MCDM is multivalued function defined as:

$$f:A\times C\times W\times A\mathrm{g}\to R,$$

where A = {A₁, A₂, A₃,…, A_n} set of possible alternatives, C = {C₁, C₂, C₃,…,C_m} set of criteria, W = {w₁, w₂, w₃,…,w_m} set of weights corresponding to each criteria, Ag is aggregation and R is set of ranks after applying aggregation methods. The multi-criteria decision-making scheme comprises of the following fundamental steps for the selection of optimum alternatives among various available conflicting options to be followed (see Fig. 4):

Fig. 4

Multi-criteria decision-making technique components and process

1. i.

   Defining the formulation/objective/goal of the decision-making process

2. ii.

   Selection of Parameters/Features/Issues/Criteria/Play-off

3. iii.

   Selection of the Choices/Options/ Substitutes/ Replacements/Alternatives

4. iv.

   Selection of best weighing technique to represent the importance of each criterion

5. v.

   Technique to be applied for ranking namely method of aggregation

6. vi.

   Ranking/Classification of alternatives based on the aggregation results

MCDM is further classified into subjective and objective information. In subjective techniques we mapped qualitative information to quantitative date set. The subjective MCDM techniques fundamentally depends on the partialities of decision makers or experts. These experts ultimately determine weights for each criterion on which alternatives are to be ranked. Mostly commonly subjective methods based on linguistics terms which consists of degree of agreement or disagreement, respectively. Mostly fuzzy set-based techniques fall in the category of subjective mechanisms for instance, fuzzy AHP, fuzzy ANP, fuzzy TOPSIS, interval-valued fuzzy TOPSIS, Pythagorean fuzzy TOPSIS and interval-valued Pythagorean fuzzy TOPSIS method (see Fig. 5). There are various objective based methods for the selection of best alternatives. The objective MCDM techniques used different aggregation operations or mathematical techniques and there is no role of decision makers to influential the relative importance of criteria. The most common used objective MCDM are TOPSIS, VIKOR, PROMETHEE, ELECTRE and hybrid techniques.

Fig. 5

Fuzzy-based multi-criteria decision-making techniques

Cryptographic properties of S-boxes

This section mainly deals with some well-known cryptographic properties of nonlinear confusion component of block ciphers.

Nonlinearity

It is defined as minimum hamming distance of any Boolean function h from all affine functions. The mathematical expression for nonlinear of Boolean function h is given as follows:

$${\mathrm{NL}}_{h} ={\mathrm{min}}_{a\epsilon {A}_{n}}\mathrm{d}\left(h,a\right),$$

where \(a\epsilon {A}_{n}\) an affine function, d is the distance between a Boolean function h and set of all affine functions \({A}_{n}\). High value of nonlinearity increases the resistance against any cryptanalytic attack optimum value of nonlinearity is 120 [35].

Strict avalanche criterion (SAC)

It is used to determine the confusion ability of multivalued Boolean function namely S-box. The optimum value of SAC is 0.5.

Bit-independent criterion

Bit-independent criterion (BIC) defines the relationship between bit independent and nonlinearity. It also defines the relationship between bit independent and SAC. It is noticed that if nonlinearity and SAC are satisfied, then BIC is also satisfied [33].

Sum of square and absolute indicator

The absolute indicator is the maximum absolute value of \({\delta }_{H}\)(w) \(\forall \) w \(\epsilon \){1…\({2}^{n-1}\)}. The sum of square indicator is denoted by \({\sigma }_{h}\) and is given by \(\sum_{w}{(\delta (w))}^{2}\) where \(\delta \left(w\right)\) is an autocorrelation of n variable Boolean function h.

Algebraic degree

It is defined as the highest number of confusion component in truth table. Low value of algebraic degree decreases the resistance against any cryptanalytic attack [36].

Algebraic immunity

High level of algebraic immunity is required to overcome the algebraic attacks in breaking an encryption system [37].

Transparency order

Low value of transparency order is required to resist against any differential power analysis (DPA) attack [38].

Robustness to differential cryptanalysis

Suppose F = (f₁, f₂,…, f_s) be an n × s S-box, where h_j (j = 1,…,s) is a function on GF (\({2}^{n}\)). If L is the highest value of differential characteristic Table on F and k is the number of non-zero values in the first column of the table where the value of \({2}^{n}\) is not calculated in either case [39]. Then, \(F\) is ε – robustness against the differential cryptanalysis, where ε is defined by:

$$ \varepsilon = \left( {1 - \frac{k}{{2^{n} }}} \right)\left( {1 - \frac{L}{{2^{n} }}} \right) $$

Signal to noise ratio

High value of signal to noise ratio (SNR) is required for strong S-box, which is close to maximum bound [40].

Confusion coefficient variance

The confusion coefficient variance (CCV) indicates the resistance of S-boxes against any cryptanalytic attack. High value of confusion coefficient variance is required, which infers that the S-box output is distinctive [41].

Selection of optimum nonlinear confusion component based on interval-valued Pythagorean fuzzy set

TOPSIS [16] is one of the popular and preferable MCDM methods used to find a solution which is nearer to positive ideal solution (PIS) and a long way from negative ideal solution (NIS). With the passage of time, researchers applied TOPSIS method to solve decision problems in different fuzzy environments.

Chen [21] used TOPSIS method for fuzzy environment, Park in [22] extended it for interval-valued fuzzy environment. All above extensions were not able to handle decision problems using Pythagorean fuzzy information. Therefore, Hang and Xu [23] in 2014 introduced Pythagorean fuzzy TOPSIS method to solve decision problems using PFSs. Further, Garg [24] utilizes TOPSIS method for solving decision problems containing IVPF information by introducing improved score function. The detailed steps of IVPFS-based MCDM are given in [24]. The thirst for searching and construction of ideal S-box is always an interesting problem among cryptographers in literature. Our principal goal here is to use IVPFS-based MCDM for the selection of best nonlinear confusion component of modern block ciphers.

Our aim here is to use IVPFS-based MCDM scheme for the selection of best nonlinear confusion component of block ciphers [24]. For this purpose, let S = {S₁, S₂, S₃, S₄, S₅, S₆} be a set of six S-boxes, in which S₁ represents (AES) S-box, S₂ represents APA S-box, S₃ represents Gray S-box, S₄ represents Prime S-box, S₅ represents Skipjack S-box and S₆ represents (XYI) S-box, and T = {T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9, T_10, T_11, T_12, T₁₃} be a set of criteria, in which T₁ is nonlinearity, T₂ is strict avalanche criterion (SAC), T₃ is bit-independent criterion (BIC-SAC), T₄ is BIC-Nonlinearity, T₅ is absolute indicator, T₆ is sum of square indicator, T₇ is algebraic degree, T₈ is algebraic immunity, T₉ is transparency order, T₁₀ is composite algebraic immunity, T₁₁ is robustness, T₁₂ is signal to noise ratio (SNR), T₁₃ is confusion coefficient variance.

The criteria weights, provided by an expert, are given by W = {0.0738, 0.0818, 0.0907, 0.0912, 0.0421, 0.0424, 0.0926, 0.0926, 0.0915, 0.0926, 0.0787, 0.0774, 0.0528}\(^{t}\) such that \(\sum w\)= 1. The S-boxes are examined using IVPF information given by decision maker which satisfies the above-mentioned criteria. The decision maker utilizes the (IVPF) TOPSIS method to select the desired S-box.

The detail of the procedure is given below:

• Step 1

Initially, a decision matrix is constructed in which all the preferences are given as, IVPF numbers. For this purpose, Let \({I}_{\mathrm{P}}\)= \({({T}_{\mathrm{m}}\left({S}_{n}\right))}_{\mathrm{m }\times \mathrm{ n}}= {([{a}_{\mathrm{m} ,\mathrm{n}}, {b}_{\mathrm{m},\mathrm{ n}}], [{c}_{m, n}, {\mathrm{d}}_{m, n}])}_{\mathrm{m}\times \mathrm{n}}\) be an IVPF decision matrix as defined in Table 1, where \([{a}_{m ,n}, {b}_{m, n}]\) denotes the degree of membership of the S-box \({S}_{n}\)(n = 1,2…,6) with respect to the criterion \({T}_{m}\) (m = 1,2…,13) and \([{c}_{m, n}, {\mathrm{d}}_{m, n}]\) denotes the degree of non-membership with \({({b}_{m, n})}^{2}\) + \({({d}_{m, n})}^{2}\) \(\le \) 1.

Table 1 Interval-valued Pythagorean fuzzy decision matrix \({I}_{P}\) =\({\left({T}_{m}\left({S}_{n}\right)\right)}_{m\times n}\)

In Table 1, the element \({T}_{1}\left({S}_{1}\right)\) = (\(\left[\mathrm{0.7,0.8}\right],[\mathrm{0.2,0.4}])\) (first row and first column) corresponding to \({S}_{1} (\) AES) and \({T}_{1}\) (Nonlinearity) represents the degree to which an S-box \({S}_{1}\) satisfies the criteria \({T}_{1},\) is expressed as \(\left[\mathrm{0.7,0.8}\right]\) and the degree to which an S-box \({S}_{2}\) dissatisfies the criteria is expressed as \([\mathrm{0.2,0.4}])\). The remaining elements in Table 1 represent the same meaning.

• Step 2

Normalization of the decision matrix \({I}_{P}\)= \({({T}_{m}\left({S}_{n}\right))}_{m\times n}\) is performed in this step, which is defined as

$${N}_{m,n}= \left\{\begin{array}{c} {T}_{m}\left({S}_{n}\right) ; m\in B \\ {({T}_{m}\left({S}_{n}\right))}^{c} ; m\in C,\end{array}\right.$$

(6)

where \({({T}_{m}\left({S}_{n}\right))}^{c}\) represents the complement of \({T}_{m}\left({S}_{n}\right)\), B and C represents the benefit and cost criteria, respectively. The results are shown in Table 2.

Table 2 Normalized IVPF decision matrix N = \({n}_{(m,n)}\)

• Step 3

Next, we construct a score matrix R, using Eq. (3). The results are presented in Table 3.

Table 3 The score matrix of given information

• Step 4

Separation measure of each alternative, from interval-valued Pythagorean positive ideal solution (IVPIS) and interval-valued Pythagorean negative ideal solution (IVPNIS) is calculated, which is given by the formula

$$ D(S_{n} ,s^{ + } ) = \left( {\mathop \sum \limits_{m} \left\{ {w_{m} \left( {Q\left( {s^{ + } } \right) - Q\left( {n_{{\left( {m,n} \right)}} } \right) } \right)^{2} } \right\}^{2} } \right)^{0.5} ,\left( {m = { 1},{ 2},...,{ 13}} \right){\text{ and }}\left( {n = { 1},{2}, \ldots ,{6}} \right) $$

(7)

$$ D(S_{n} ,s^{ + } ) = \left( {\mathop \sum \limits_{m} \{ w_{m} \left( {Q\left( {n_{{\left( {m,n} \right)}} } \right) - Q\left( {s^{ - } } \right) } \right)^{2} )\}^{2} } \right)^{0.5} ,\left( {m = { 1},{ 2}, \ldots {13}} \right){\text{ and }}\left( {n = { 1},{2}, \ldots ,{6}} \right) $$

(8)

where \({s}^{+}\) = {[1, 1], [0, 0]} and \({s}^{-}\) = {[0, 0], [1, 1]} represents IVPPIS and IVPNIS, respectively. Also \(Q ({s}^{+})\) = 1 and \(Q({s}^{-})\) = − 1 (from Eqs. (4) and (5)). The calculated results are shown in Table 4. For better understanding, the results are shown geometrically in Fig. 6.

Table 4 Separation measure of each alternative from IVPPIS and IVPNIS

Fig. 6

Distance of each alternative from IVPPIS and IVPNIS

Figure 6 illustrates that the distance of AES S-box and prime S-box from interval-valued Pythagorean PIS is minimum, where the distance of AES S- box and Gray S-box from interval-valued Pythagorean NIS is maximum.

• Step 5

Relative closeness coefficient is measured to evaluate the performance score of each S-box. Relative closeness coefficient RC \({C}_{i}\) of each alternative from ideal solution is given by:

$${\mathrm{RCC}}_{\mathrm{i}} =\frac{D ({S}_{n}, { s}^{-})}{D \left({S}_{n} , {s}^{-}\right)+D ({S}_{n} , {s}^{+})}$$

(9)

The results are presented in Table 5.

Table 5 Relative closeness coefficient and rank of each S-box

• Step 6

The S-box with high rank is considered as the best S-box, and it is clear from Table 5 that AES S-box box is the desired S-box with respect to above-mentioned criteria. It can be visualized geometrically as shown in Fig. 7.

Fig. 7

Relative closeness of each alternative

Results and discussion

The quality of modern information confidentiality mechanism highly depends on its nonlinear confusion component. This nonlinear confusion component which is responsible for adding confusion capability in encryption algorithm. The confusion is used to make relationship between the key and the ciphertext as complex as possible in order not to retrieve plaintext. In modern block ciphers, confusion is achieved through substitution box (S-box) which is nonlinear confusion component. With this study, we have studied various standard S-boxes based on their standard cryptographic characteristics. We have studied AES, APA, Gray, Prime, Skipjack and XYI S-boxes, respectively. It is quite evident from Fig. 7, that AES S-box is the best nonlinear confusion component of modern block ciphers. In this article, we fundamentally tested standard six S-boxes based on thirteen cryptographic characteristics (see Fig. 8). We have taken decision matrix based on these thirteen cryptographic characteristics for six standard S-boxes. The relative closeness of AES S-box is high as compared to other standard S-boxes which clearly elucidate its distance from positive idea solution is maximum and negative ideal solution is minimum.

Fig. 8

Proposed optimum S-box selection criteria based on interval-valued Pythagorean fuzzy set

Conclusion

With this investigation, we can easily determine the best S-box which is one of the nonlinear confusion component of modern block cipher mechanism. We have used an interval-valued Pythagorean fuzzy set-based TOPSIS technique to scrutinize the suitable S-box, whereas the preference values of each S-box are taken in the form of IVPF number. This technique can easily be utilized for the classification of encryption algorithms based on various security analyses. These security analyses can be taken as criteria and encryption algorithms are taken to be alternatives.