Journal of Communications Vol. 15, No. 12, December 2020 Enhancing Hierocrypt-3 Performance by Modifying Its S- Box and Modes of Operations Wageda I. El Sobky1, Ahmed R. Mahmoud1, Ashraf S. Mohra1, and T. El-Garf 2 1 Benha Faculty of Engineering, Benha University, Egypt 2 Higher Technological Institute 10th Ramadan, Egypt Email: [email protected]; [email protected]; Abstract—Human relationships rely on trust, which is the The Substitution box (S-Box) is the unique nonlinear reason that the authentication and related digital signatures are operation in block cipher, and it determines the cipher the most complex and confusing areas of cryptography. The performance [3]. The stronger S-Box, the stronger and Massage Authentication Codes (MACs) could be built from more secure algorithm. By selecting a strong S-Box, the cryptographic hash functions or block cipher modes of nonlinearity and complexity of these algorithms increases operations. Substitution-Box (S-Box) is the unique nonlinear operation in block ciphers, and it determines the cipher and the overall performance is modified [4]. This change performance. The stronger S-Box, the stronger and more secure will be seen here on the Hierocrypt-3 [5] as an example the algorithm. This paper focuses on the security considerations of block ciphers. for MACs using block cipher modes of operations with the The S-Box construction is a major issue from initial Hierocrypt-3 block cipher. the Hierocrypt-3 could be considered days in cryptology [6]-[8]. Use of Irreducible as a week cipher. It could be enhanced by changing its S-Box Polynomials to construct S-Boxes had already been with a new one that has better performance against algebraic adopted by crypto community [9]. attack with using different modes of operations. The The Hierocrypt-L1 and Hierocrypt-3 are algorithms of mathematical model for the new S-Boxes with its properties is symmetric block ciphers that were submitted to the provided. The result of this change appeared in the mirror of Average Strict Avalanche Criterion (SAC) and some other NESSIE project [10], [11], but were not selected. Both properties. SAC could be improved from 0.80469 to 0.16406. algorithms were among the cryptographic strategies prescribed by CRYPTREC for the Japanese government The Hierocrypt-3 could be enhanced for more security. utilize in 2003 [12], however, both algorithms have been Index Terms—Hierocrypt, S-Box, Security, block cipher, dropped to "candidate" by CRYPTREC revision in 2013. Cryptography, MACs, COVID-19 The Hierocrypt algorithms were candidate block ciphers for the NESSIE project, where Toshiba corporation I. INTRODUCTION started developing it from 2000 to 2002. In September 2001, Toshiba Corporation announced for the Hierocrypt- Nowadays, with the wide spread of the corona virus L1 specifications which was an algorithm that uses 64-bit (COVID-19) and the extremely large growth of online block iterated cipher using a 128-bit cipher key [11]. In shopping processes, digital data communication and September 2001, Toshiba Corporation also announced for online bank transactions over computer networks, the Hierocrypt-3 specifications which was an iterated information content security becomes a prime concern in 128-bit block cipher algorithm that uses 6.5, 7.5, or 8.5 the whole world. Internet itself has many security threats rounds of encryption, according to the key size 128, 192 that could be easily used to corrupt the data transferring or 256, respectively [5]. In October 2001, Toshiba over the network. Cryptography plays an important role Corporation announced for the Hierocrypt-3 Self for providing security for digital data transmission over Evaluation which mentioned that the Hierocrypt-3 is such this insecure network. Cryptographic algorithms secured [13]. In January 2004, Rogawski published an scramble data into unreadable text which can be only read article that mentioned that the Hierocrypt-3 is a very or decrypted by those possesses the associated security flexible algorithm and could be optimized for any key. Message authentication codes (MACs) are purpose like speed, area and memory [14]. In 2016, commonly used in network transactions to maintain KUROKAWA et al published an article which mentioned information integrity [1]. They confirm that a message is that related key attacks and meet-in-the-middle attacks authentic; that it really does come, in other words, from (including biclique attacks) were evaluated on the stated sender, and hasn’t undergone any changes Hierocrypt-3. In their evaluations [15], no flaws that during the transaction using digital signatures [2]. A could be realistic threats were found [16]. verifier who also possesses the key can use it to identify In this article, The S-Box principle is deeply analyzed changes to the content of the message in transaction. and a new S-Box is provided with its principle. the Hierocrypt-3 structure is simply illustrated and a Manuscript received May 25, 2020; revised November 12, 2020. comparative analysis of Hierocrypt-3 performance using Corresponding author email: [email protected]. the original and the new modified S-Boxes is provided. doi:10.12720/jcm.15.12.905-912 ©2020 Journal of Communications 905 Journal of Communications Vol. 15, No. 12, December 2020 The Hierocrypt-3 performance is evaluated using using the 휎 function which consists of (Tturn-1) rounds and −1 different modes of operations. then 휎 function which consists of (Tturn) rounds where The rest of paper is organized as follows. Principle and T is the number of rounds and Tturn equals 4, 4, and 5 for deep Analysis of S-Boxes is provided in section II-1. The 128, 192, and 256 key lengths, respectively as shown in Hierocrypt-3 is studied and illustrated in section II-2. The Fig. 3. The round key is generated from each intermediate modes of operations are given in section II-3. key [17]. Experimental setup and procedures steps are shown in section III. Section IV provides the results and discussion. Then, the paper is concluded. II. THEORETICAL APPROACH A. Hierocrypt -3 Block Cipher Hierocrypt-3 cipher is an iterated 128-bit symmetric block cipher that uses 6.5, 7.5, or 8.5 rounds of encryption, according to the key size 128, 192 or 256. The last round consists of an output transformation slightly different from the other rounds. The Hierocrypt-3 uses the nested SPN structure in the data randomizing part, and the Feistel structure in the key scheduling part to Fig. 2. Hierocrypt key scheduling. insure sufficient security against major attacks and high TABLE I: KEY SCHEDULE ROUNDS performance. X= 1) System structure Key schedule for X-bit key 128 192 256 Toshiba corporation provided the algorithm T = 6 7 8 construction [5] and it will be just previewed clearly. The Round (푡) t Operation 퐺 Hierocrypt-3 encryption algorithm diagram is shown in key (64) Fig. 1. The decryption is the same blocks using the −1 -- -- 퐻3||퐻2 inverse functions and arrangement. The Hierocrypt-3 (PAD) -- 0 (PW) σ0 G0(5) G0(5) G0(5) encryption uses 6, 7 and 8 rounds according to key sizes (1) 퐾(256) 1 σ G0(0) G0(1) G0(4) 128, 192 and 256 bits and one Xs block round then an 퐾(2) 2 σ Add Final key block round. (256) G0(1) G0(0) G0(0) (3) To summarize the encryption scenario, The 퐾(256) 3 σ G0(2) G0(3) G0(2) (4) Hierocrypt-3 encryption of T rounds consists of (T−1) 퐾(256) 4 σ G0(3) G0(2) G0(1) iterations of round function ρ followed by the final round 128- 256 (5) function Xs and the final key addition. 퐾(256) 5 192 G0(3) G0(2) G0(3) σ-1 σ (T+1)α (T) (T+1) -1 Enc = AK(K ) ◦ 푋푠(K ) ◦ ρ(K ) ◦ ··· ◦ 퐾(6) 6 σ G (2) G (3) G (3) (2) (1) (256) 0 0 0 ρ(K ) ◦ ρ(K ) -1 (7) σ 퐾(256) 7 G0(1) G0(0) G0(1) (8) σ-1 G (2) 퐾(256) 8 G0(1) 0 (9) σ-1 G (0) 퐾(256) 9 0 B. Principle and Deep Analysis of S-Boxes In this article, The Hierocrypt-3 symmetric block cipher algorithm was studied and evaluated using different S-Boxes. The S-Box is a unique nonlinear operation in block cipher, that plays an important role in the cipher overall performance [18] as will be shown. A new S-Box with very good polynomial is provided and analyzed. The term Hierocrypt could be used in the rest Fig. 1. Graphical representation of Hierocrypt-3 structure. of paper instead for Hierocrypt-3. 1) Algebraic system of polynomial 2) Key scheduling In this section, we will show how to represent the The key scheduling part consists of an initial key system of polynomial equations over finite field of expansion – Padding – KX and iterative key generations characteristic two GF (2). We consider the algebraic KH. As shown in Fig. 2, [17] and Table I. The KH descriptions of two S-Boxes in details. The first S-Box is consists of 휎0 which is the Prewhitening function that the Hierocrypt original S-Box and the second is a new takes the original key and produce the initial intermediate improved S-Box which enhanced the characteristics of key that will be used in the intermediate key generations Hierocrypt algorithm. ©2020 Journal of Communications 906 Journal of Communications Vol. 15, No. 12, December 2020 Theorem 1. [19] Let 푢, 푣 ∈ 푁, 푋0, … , 푋푢 be variables δ(f) = maxαϵGF(2)n|{푥|퐹(푥) + 퐹(푥 + α) = β}| (4) βϵGF(2)n α ≠ 1 representing the S-Box input, 푆0, … , 푆푣, the S-Box output.