Enhanced security of affine ciphers using digraph transformation and a modified three pass protocol

Abstract

Ensuring secure data transmission over public channels remains a fundamental challenge in modern communication systems. Cryptography, through encryption and decryption processes, is vital for protecting sensitive information from unauthorized access. Various symmetric and asymmetric cryptographic algorithms are used for this purpose, including Caesar, Affine, Vigenère, Hill ciphers, DES, AES, elliptic curve cryptography, ElGamal, and RSA. Among them, the Affine cipher is a monoalphabetic substitution cipher designed to convert plaintext into unreadable ciphertext to prevent intrusion. Although modified versions of the Affine cipher—such as those incorporating digraph transformation and squared modulus—have attempted to enhance security, they continue to suffer from vulnerabilities such as insecure key exchange, predictable ciphertext patterns, and padding-related ambiguities, especially with odd-length plaintexts. To overcome these limitations, we propose an enhanced Affine cipher algorithm that integrates a digraph transformation and a modified three-pass protocol for secure key exchange. This approach eliminates the need for padding characters, supports encryption of odd-length messages, expands the key space, and significantly improves overall security. We evaluated our method against both the original and modified Affine ciphers using key metrics including the avalanche effect, confusion and diffusion properties, encryption/decryption time, and resistance to brute-force and frequency analysis attacks. Our proposed method achieved a 75% avalanche effect, demonstrated better confusion and diffusion, and showed superior resistance to common cryptanalysis techniques. It also ensured secure key exchange between sender and receiver using the modified three-pass protocol and avoided padding, thereby reducing memory usage and processing time while resolving ciphertext ambiguity. Overall, the enhanced Affine cipher significantly outperforms existing approaches in both security and efficiency, and future work may focus on extending its application to multimedia data and further optimizing its computational performance.

Introduction

In today’s digital era, the transmission and storage of valuable information over the internet are increasingly vulnerable to security threats. With the rapid advancement of technology, ensuring the confidentiality and integrity of data shared across public networks has become a pressing concern. Whether in e-commerce, telecommunications, or government, secure communication is vital to prevent unauthorized access, tampering, or interception. Among the most widely adopted techniques to protect sensitive information is cryptography, a mathematical process that transforms readable data (plaintext) into an unreadable format (ciphertext) to ensure only authorized parties can access the original message^1,2,3. Cryptographic systems are broadly categorized into symmetric and asymmetric key schemes. Symmetric cryptography uses the same key for both encryption and decryption, offering speed and simplicity, but suffers from key distribution challenges^4,5. Asymmetric cryptography, on the other hand, uses a public-private key pair to enhance security but often at the cost of computational efficiency⁶. Within symmetric cryptography, substitution and transposition methods are foundational. The Affine cipher, a classical monoalphabetic substitution cipher, is a lightweight encryption technique that remains relevant in low-resource environments due to its simplicity. However, it suffers from critical vulnerabilities such as limited key space, insecure key exchange, ciphertext predictability, and the need for padding when processing odd-length messages⁷. To address some of these shortcomings, researchers have proposed modifications to the Affine cipher. One such approach involves using digraph transformation encrypting two characters at a time and expanding the character set to increase key diversity. For example, the work in⁷ grouped the plaintext into pairs and squared the character space to increase the range of keys. While this strengthens.

1.

the cipher, it still fails to resolve fundamental issues such as insecure key distribution, repeated digraph encryption (e.g., “ED” always mapping to the same ciphertext), and ambiguity introduced by padding characters.

To overcome these limitations, this study proposes a novel enhancement to the Affine cipher by integrating a modified three-pass protocol and digraph transformation. The three-pass protocol, originally introduced by Shamir in 1980^8,9 enables secure key exchange without transmitting secret keys over insecure channels. Our modification employs three keys and ensures secure key exchange, while the digraph transformation eliminates ciphertext repetition and supports odd-length plaintext encryption without padding. The goal is to develop a lightweight yet secure encryption scheme that improves upon the weaknesses of traditional and modified Affine ciphers. The proposed algorithm is evaluated through several security metrics, including avalanche effect, confusion and diffusion, key space, encryption/decryption time, and resistance to brute-force and frequency analysis attacks. The results demonstrate that the proposed method offers significantly improved security, albeit with a slight increase in processing time an intentional trade-off favoring confidentiality over speed. These improvements suggest the algorithm’s practical viability in contexts where data security is paramount, such as secure messaging and government communication.

Related works

In³, the author presented a modification of affine cipher digraph transforms to square the value of n in text security. In digraph transformation, two characters are encrypted together. Here, the proposed algorithm increases the number of possibilities of the key ‘a’ and the number of characters for the modulus. The algorithm uses one character for completing the odd number of characters. The proposed algorithm is more secure than the classical affine cipher because the text is a block of two characters before applying encryption to plain text messages.

In⁶, an algorithm was proposed to increase the security of affine ciphers via key stream values. Here, the author incorporates digits from 0 to 9 for the purpose 17 of encrypting messages containing a combination of characters and numbers. The author also uses key stream values to vary the shift value of the affine cipher to minimize the frequency of the cipher for the same character. However, the key stream value and multiplicative values are shared with the receiver directly as keys. This direct sharing of the keys’ ream value and multiplicative value is vulnerable to the attacker, and the attacker can easily decrypt the encrypted message. The proposed algorithm also cannot encrypt special characters.

In⁷, an algorithm was proposed to modify affine ciphers to enhance the security of cryptography passwords. Here, the author first inversed the plaintext and obtained the index of each inverse character and performed encryption via the affine cipher rule. The paper included capital letters and digits from 0 to 9 for use as a password. The paper cannot encrypt special characters and spaces between plaintext words. The author also sends the key to the receiver directly in hand; this makes the algorithm vulnerable to the attacker because if the attacker obtains the multiplicative and shift values of the affine keys, it is simple to decrypt the message by inverting the decrypted message.

The author of⁸ proposed an algorithm to enhance the security of affine ciphers by combining affine and Caesar ciphers entitled A combination of Caesar and Affine Cipher to Conceal the Message. Here, the author first encrypts the plaintext with the Caesar cipher and again encrypts the resulting cipher with an affine cipher. The author also increases the number of characters from 26 English alphabets to 256 ASCII characters. The use of the ASCII character increases the possibility of selecting a random number for the multiplicative value of the affine cipher. This method is also vulnerable to attack because it directly shares the keys of both the affine cipher and the Caesar cipher and uses ASCII values for plaintext characters. The ASCII value is printable and easily obtained by an attacker. In 2019, Tun Myat Aung et al. developed a hybrid algorithm that combines Vigenere and affine ciphers to produce a complex vigenere- affine cipher.

In¹⁰, the author presented work on the analysis of the possibility of combining the affine cipher algorithm with the one-time pad cipher via the three-pass protocol method in text security. The three-pass protocol method is used to avoid opening the secret message via a single key. Here, the proposed algorithm first encrypts the message via a one-time pad cipher and sends the cipher text to the receiver, and the receiver encrypts it via an affine cipher and sends a return back to the sender. Then, the sender decrypts via the one-time pad cipher and sends it to the receiver. Finally, the receiver decrypts via the affine cipher. However, the author concluded that one time pad and the affine cipher algorithm cannot be combined in the three- pass protocol and that the affine cipher cannot decrypt the result of one-time pad (OTP) cipher decryption.

The author of¹¹ presented an enhancement of three-pass protocol security with a combination of the Caesar cipher and Vigenere cipher. The key distribution between the sender and receiver is a classic cryptography problem. To overcome this key distribution problem, the proposed algorithm uses a three-pass protocol as a mechanism for exchanging secret messages without having to share secret keys between two or more communicating parties. It performs encryption first by using the Caesar cipher with its own private key, and the cipher text is again re- encrypted via the Vigenere cipher with its private key and sends the cipher text to the intended receiver. The receiver super encrypts the cipher text via the Caesar cipher and Vigenere cipher with its own private key and sends the cipher text back to the sender. The sender performs a Caesar cipher and Vigenere cipher decryption process on cipher text using the first key used in the encryption process and sends the decrypted text to.

a receiver. Finally, the receiver decodes the received text via the Caesar cipher and Vigenere cipher to obtain the original plain text. However, it is better to modify the three-pass protocol to prevent man-in-the-middle attacks in a certain way. A three-pass protocol implemented in Caesar cipher classic cryptography was presented in¹². The affine cipher is a classical symmetric cryptography that uses the same key for both the encryption and decryption processes. The proposed algorithm implements a three-pass protocol on an affine cipher and is used as a key exchange mechanism without sharing the secret key between the sender and receiver. The sender performs encryption via the Caesar cipher and sends it to the receiver without having to share the encryption key. The sender and receiver are exchanged three times to authenticate each other. However, the proposed algorithm provides similar cipher text characteristics for identical characters in plain text, and it is better to modify the three-pass protocol algorithm.

In¹³, the author presented a new approach for data hiding via affine ciphers and the least significant bit algorithm. The proposed algorithm is a combination of cryptography and steganography. In the proposed algorithm, the plain text message is encrypted via the affine cipher algorithm, resulting in a cipher text. After affine encryption, the cipher text is inserted into the picture via the LSB method, and after processing, the stego image is generated. The stego object and the affine keys are sent to the receiver. The decryption process of the proposed algorithm is performed by first extracting the stego object to retrieve the cipher text, and the receiver decrypts the retrieved cipher text via affine keys. However, the attacker can intercept the affine key due to the exchange of secret key information and decode the cipher text via the intercepted key. Additionally, the encryption of similar characters from plain text results in identical cipher values.

The author of¹⁴ presented a modified affine cipher algorithm with hash least significant (H- LSB), which provides security for information. Initially, the data are encrypted and embedded into a cover image, and the 8-bit secret image is divided into 3. 3 and 2. Eventually, these bits are embedded to cover the image with RGB pixels. Before data are embedded to cover an image, the data are encrypted via the secret key. To decrypt the encrypted message, the receiver shares the secret key that the sender uses to encrypt the message and uses the shared secret keys to decrypt the encoded message. However, the receiver and sender share secret keys in insecure channels without any mechanism.

In¹⁵, the author presented a combination of the RSA and Affine cipher algorithms to improve the effectiveness and security of text messages. In this proposed algorithm, there are two methods of encryption and decryption. To perform the encryption process in the proposed study, first, the plain text message is encrypted via the affine cipher algorithm with an affine key to produce cipher text one, which is taken as the input message and further encrypted via the RSA algorithm, resulting in the final cipher text that is sent to the receiver. Decryption is the reverse process of the encryption procedure. To decode the cipher text, first, the final cipher text is decrypted via the RSA algorithm to produce the first cipher text, and finally, the first cipher text is further decrypted via the affine cipher algorithm. Therefore, the receiver obtains the original message that was sent from the sender. Here, the proposed algorithm is more secure than usual affine cipher encryption. However, the sender and receiver share the affine keys directly without any mechanism, which means that if the attackers intercept RSA encryption via a factorization attack, attackers also easily decipher the cipher text via compromised affine keys. The application of a linear congruent generator in the affine cipher algorithm to produce dynamic encryption was investigated by the author in [26]. The proposed algorithm enhances the security of cipher text by using random numbers generated via LCG. In this study, to encrypt plain text, plain text is initially converted into ASCII code and inserted into the data list. Furthermore, a random number is generated and inserted into the data list at an odd column position. Additionally, the algorithm generates other random numbers that are equal in length to plaintext via LCG and sums them with the corresponding data list items to produce a large number. Finally, the algorithm encrypts the numbers via the affine cipher algorithm. The sender and receiver share generated random numbers and affine keys. On the receiver side, first, the cipher text is decrypted to numbers via affine ciphers. The receiver subtracts the received random numbers from the numbers that are obtained via affine decryption and inserts the result into the data list. Finally, the receiver retrieves numbers in the position of the even column from the data list and converts those numbers into characters to obtain the plain text. The proposed algorithm produces dynamic cipher text results at different encryption times. However, it is better to generate random numbers on both the sender and receiver sides instead of directly sharing them. Additionally, if the affine keys are intercepted by the attacker during the exchange process, the cipher text is easily decoded into numbers, and the attackers try to recover the plain text via compromised random numbers.

Authors cited in¹⁶ presented, an improved AES key expansion algorithm entitled as Affine Recurrence Based Key Scheduling Algorithm for the Advanced Encryption Standard. In this paper, the author combined AES substitution box with an affine cipher based on primitive polynomial, which ensures non-linearity and attempts to break key dependencies between two generated keys. It also aimed to improve low strict avalanche effect by creating a strong confusion. However, AES has its own limitations specially the first-round key since it is given from the user and not randomly generated. Besides, when two algorithms are combined, it creates a high need of time because of some AES algorithm is time taking especially mix column transformation. The author algorithm did not discuss about the ambiguity of unnecessary padding character appending. Additionally, the paper does not clarify how the proposed approach performs under constrained environments where computational efficiency is critical. As a result, while the approach is novel, its real-world practicality and security improvements remain somewhat speculative.

Authors cited in¹⁷ proposed a hybrid encryption scheme entitled Exchange of Message using Fourier Transforms Via Affine Transformation. In this method, plaintext is first encrypted using a basic affine cipher and then processed through a Fourier cosine transform to produce the final ciphertext. Here, an author attempted to combine classical encryption with mathematical transformation method which is creative but its approach is fundamentally not strong as it initially encrypts the plaintext using standard affine cipher. The affine cipher by itself is easily breakable due to its limited key space and linear nature, and the Fourier cosine transform which is a non-keyed operation adds little security. Moreover, the use of continuous transforms for digital data introduces unnecessary computational complexity. The author algorithm did not attempt to strengthen an affine cipher by overcoming is weakness. The paper lacks any formal security analysis or comparison to modern cryptographic standards, making the proposed system unsuitable for practical or secure communication.

A recent study [18] analyzed the security performance of an image encryption algorithm based on a 3D Boolean Convolutional Neural Network (CNN). In this approach, convolutional layers of the CNN are leveraged for encryption, aiming to benefit from low-precision computations. The encryption mechanism generates convolution matrices and kernels using a prime modulo multiplicative linear congruence generator. Additionally, a permutation module is incorporated to introduce confusion in the cipher image derived from convolution operations. Despite these novel design choices, the algorithm suffers from a critical security flaw due to its low-precision operations specifically, the use of one-to-one XOR and modulo operations that only affect individual pixels without propagating changes to neighboring pixels. This lack of diffusion opens the system to chosen-plaintext attacks. The authors demonstrated effective attacks against both one-round and multi-round versions of the encryption algorithm using a divide- and-conquer strategy that targets the convolution and permutation modules separately. This study underscores the importance of designing encryption schemes with strong diffusion and confusion properties, as well as resistance to chosen-plaintext attacks. In contrast to this CNN- based method, our proposed affine cipher enhancement prioritizes key exchange security, digraph transformation for character-pair diffusion, and ambiguity-free decryption without padding, thereby offering broader resistance to cryptanalytic techniques. Furthermore, the use of algebraic structures such as the modified three-pass protocol ensures more reliable key management, a feature not present in the CNN-based encryption scheme.

For more understanding, we have summarized the related works, as presented in Table 1.

Table 1 Summary of related studies.

Different researchers have presented methods for enhancing the security of affine ciphers via different mechanisms. Among them, some studies enhance affine ciphers by incorporating digits and special symbols to encrypt complex messages, inverting the plaintext message and using the index as a key, using keystream values for dynamic encryption results, and by squaring the value of n to increase the possibility value of key a. On the other hand, some studies complex the encryption and decryption process by hybridizing with other cryptography algorithms. However, all the abovementioned studies have a weakness in the key distribution, which means that the sender and receiver share their encryption and decryption keys without any mechanism. Therefore, to solve this key distribution challenge, we propose an algorithm that uses a modified three-pass protocol mechanism instead of direct key exchange.

The main contributions of this study are as follows:

• Improved Key Exchange Mechanism: We modify a three-pass protocol for secure key exchange without sharing keys directly, addressing a major vulnerability in traditional affine cipher implementations.

• Enhanced Affine Cipher Algorithm: We have enhanced the original affine cipher via digraph transformation (processing pairs of characters) and included a larger character set (uppercase, lowercase, digits, and special characters) to strengthen the encryption.

• Increased Key Space and Security: We can increase the key space significantly by squaring the character set size, making brute-force attacks more difficult.

• Resistance to Cryptanalysis Attacks: Our proposed algorithm shows better resistance to brute force and frequency analysis attacks by avoiding repeated cipher outputs for repeated digraphs and using randomization techniques.

• Pad Character Elimination: Unlike earlier methods that needed pad characters for odd- length messages (which introduced ambiguity), the proposed algorithm avoids this issue.

• Support for Alphanumeric and Special Characters: We extended affine cipher capability to encrypt more complex texts, which include digits and special symbols, overcoming a major limitation of earlier versions.

The remaining section of this paper is organized as follows. The methodology is described in Sect. 3, and the results and discussion are described in Sect. 4. Conclusions is stated in Sect. 5.

Methodology

In our proposed work, we included small letters and digits in addition to uppercase letters. The total number of character sets in the proposed work is 63. This enabled the possible value of a to be extended from 486 to 2268, increasing the size of the domain. We used the following steps for encryption via the proposed method:

• Select the first key a within the domain n². This key must be a prime number and should have a multiplicative inverse with a modulo number of 3969.

• Select the second key b within domain n²

• Accept the message that will be encrypted.

• The message is divided into two digraph characters.

• Convert the digraph into corresponding integer numbers.

• Perform the digraph transform process into one integer number via.

  $$n * {P_1} + {P_2}$$

  (1)

• Perform the encryption process via.

  $$C = a*p + b\bmod {n^2}$$

  (2)

• Convert the integer number into a digraph number via.

  $${C_2} = Cmodn$$

  (3)

and.

$$C = \frac{{C_1 - {C_2}}}{{{n}}}$$

(4)

• Convert C1 and C2 into strings using their index values.

Algorithm 1

Encryption Procedure.

The following Fig. 1 shows a proposed encryption flow chart.

Fig. 1

Proposed algorithm flow chart.

Key exchange via the modified three-pass protocol

The modified three-pass protocol eliminates direct key sharing. It involves three rounds of message exchanges between the sender and receiver, each using unique private keys:

• The sender chooses three keys: K1, K2, and K3 (K3 = K1 + K2).

• The receiver chooses three keys: K1, K2, and K3 (K3 = K1 − K2).

• The affine keys (a and b) and random number sequences are encrypted and exchanged through this sequence of operations, ensuring that the receiver retrieves the original keys without ever directly exposing them. We presented in Fig. 2 the key exchange method.

Fig. 2

Key exchanges via the modified three-pass protocol.

Figure 2 illustrates that the use of three keys in the modified three-pass protocol ensures that no individual key is directly exposed during the exchange. The dependencies K3 = K1 + K2 (sender) and K3 = K1 − K2 (receiver) allow mutual cancellation of transformations, enabling secure recovery of the original message. Similarly, the multiplicative key a is restricted to primes coprime with n²,ensuring that a modular inverse exists for decryption. The modulus n² = 3969,derived from a 63-character set,

was selected to expand the key space from a few hundred possibilities in the classical Affine cipher, thus mitigating brute-force attacks. Finally, random numbers are incorporated during digraph transformation to break ciphertext repetition, providing resistance to frequency and known-plaintext attacks.

Character set and key space

The encryption scheme is based on a total character set of 63 symbols: uppercase letters (A- Z), lowercase letters (a-z), digits (0–9), and space characters. The total number of character combinations (n²) is 3969. Two encryption keys are used:

• Multiplicative key (a): must be co-prime with 3969 and a prime number.

• Additive key (b): selected from within the range of 0–3968.

Decryption process

In the proposed algorithm, the decryption process proceeds after accepting the generated random numbers and affine encryption key a and b via a modified three-pass protocol. After the decryption key is obtained, the proposed algorithm decrypts the encoded message via the following procedures.

• The receiver divides the accepted ciphertext or encoded message into two digraph characters to perform affine decryption.

• After the ciphertext is divided into two characters, it is converted into its corresponding integer number. The receiver performs a digraph transformation and converts two digraph characters into one integer number via the formula C = n ∗ C1 + C2.

• The receiver performs an affine decryption process for each integer number via the affine key received via a modified three-pass protocol. The decryption formula is P = a − 1 ∗(C − b)modn². The multiplicative inverse of key a is calculated by finding the number that satisfies the equation a ∗ a − 1modn² = 1.

• After the P value is obtained, the digraph transformation is performed via the formula P2 = Pmodn.

• After P2 is found, the value of P2 is updated by adding the corresponding random number. P2 = P₂ + randomnumber. 

  $$p = \frac{{{p_1} - {p_2}}}{p}$$

• After the value of P1 is obtained, the value of P1 is updated by subtracting the corresponding random number.

• Each integer number is mapped into characters, and those characters are merged in their decryption order. Finally, the receiver obtains the plain text that was sent from the sender. Figure 3 demonstrates the entire decryption process.

Fig. 3

Proposed algorithm decryption flow chart.

Results and discussion

Our proposed algorithm, the ISADTTPP, is implemented and compared with affine ciphers and existing modified affine ciphers on the basis of several metrics, such as the avalanche effect, diffusion and confusion, key space, similar digraph encryption, encryption, and decryption times. The proposed algorithm is implemented on an Intel Core i5 CPU with a 2.7 GHz 64-bit processor with 4 GB of RAM. The proposed algorithm was implemented in MATLAB 2019a software. It is an intuitive programming environment with powerful mathematical operations. It has a wide range of users in any area of science and technology because it contains basic mathematical tools (with the operation of complex numbers, data processing, vectors, and signal analysis), which are needed for the development of complex models and functions.

Performance evaluation

The performance of the proposed algorithm is compared with that of the affine cipher and the existing modified affine cipher on the basis of different metrics described below in detail.

Avalanche effect

The avalanche effect is an important property in cryptography that is used to measure the performance of a certain cryptographic algorithm. The input message is slightly modified by changing one bit of data and shows a drastic change in the output data; this behavior is called the avalanche effect. It is an important parameter used to measure the security of different cryptographic algorithms. It reflects the performance of cryptographic algorithms. The formula for calculating the avalanche effect is shown below:

The number of changed characters is the total number of characters that change due to slight changes in the plain text. The number of total characters is the total number of characters in the message. The strict avalanche effect criterion (SAC) was introduced by Webstar and Tavars in 1985. It is the most important parameter used to measure whether the cryptographic algorithm is good. If the algorithm is good, the output is flipped 50% or above because a slight change occurs in the input. The cryptographic algorithm is not secure; it has an avalanche effect of less than 50%, and it is vulnerable to different attacks Let us compare the proposed algorithm with the affine cipher and the existing benchmark algorithm. The input plain text for comparing these algorithms is “COMPUTER”. We have presented Comparison of Algorithms Using the Avalanche Effect in Table 2.

Table 2 Comparison of algorithms using the avalanche Effect.

A comparison of the proposed algorithm with the affine cipher and existing modified affine cipher algorithms is shown above in Table 2. The comparison of those algorithms is made by changing one or two characters from the given plain text data and viewing the resultant change in the output or cipher text. The affine cipher algorithm and modified affine cipher algorithm result in a 12.5% avalanche effect when we change one character from the input data and support a 25% avalanche effect when two characters of the input change. The proposed algorithm supports 68.5% of the avalanche effect when a single character of the input message changes and supports 75% of the avalanche effect when two or more characters change in the input data. The affine cipher and modified affine cipher algorithms do not satisfy the strict avalanche effect criterion, which means that they support an avalanche effect of less than 50%. However, the proposed algorithm satisfies the strict avalanche effect criterion because its support is above 50% of the avalanche effect. Therefore, the proposed algorithm supports a greater percentage of the avalanche effect than the existing affine cipher and modified algorithms do. The proposed algorithm is more secure for different adversaries than the affine and modified algorithms are. We presented a comparison of algorithms using the avalanche effect in Fig. 4.

Fig. 4

Comparisons of algorithms using the avalanche effect.

As shown above in Fig. 4, the comparison results indicate that the affine cipher and the existing modified affine cipher support 12.5% and 25% of the avalanche effect when one and two characters change from the input, respectively. The affine and modified affine algorithms yielded equal percentages of the avalanche effect. In contrast, as Fig. 5 shows, the proposed algorithm achieved better security performance than the affine and modified affine ciphers did.

Confusion and diffusion

Confusion and diffusion are important properties of cryptographic algorithms used for making secure ciphers. Confusion and diffusion make the process of deducing the secret key by adversaries complex. Confusion is achieved through substitution, and diffusion is achieved through the permutation process. Confusion and diffusion techniques were proposed by Claude Shannon for preventing cryptanalysis with the help of statistical analysis. Confusion hides the correlation between the encryption key and ciphertext. This makes it as complex as possible to find the secret key if several combinations of plaintext and ciphertext are encrypted through a similar key. Diffusion is another property that hides the relationship between ciphertext and plain text. A slight change in the input data provides a complete change in the output data in a pseudorandom manner. Generally, the relationship between ciphertext and plaintext is concealed by diffusion, and the relationship between the secret key and ciphertext is concealed by confusion. Let us compare the proposed algorithm with the affine cipher and modified cipher using the diffusion property by taking “ABCDEFGH” as plain text. Each algorithm takes its own keys.

Key for affine cipher: a = 17, b = 4 Key for modified affine cipher: a = 725 b = 380 516

Key for the proposed algorithm: a = 1231 b = 380. We have presented a Comparison of algorithms using diffusion properties in Table 3.

Table 3 Comparison of algorithms using diffusion Properties.

A comparison of the proposed algorithm with the affine cipher and modified affine cipher algorithms using the diffusion property is shown in Table 3. Diffusion is a property that indicates that if a slight change occurs in the input data, the output data will change completely in an unstable manner. As shown in the above table, the affine cipher and modified affine cipher provide a small number of characters that change when one or two characters from the input plain text data change. A one-character change in the plain text provides only a character change in the cipher text, and two-character changes in the plain text also provide only two characters of a cipher text change. In contrast, in the proposed algorithm, a one-character change in the plain text provides seven characters of cipher text changes, and all the characters of the cipher text change when two characters from the plain text change. Therefore, based on the comparison results shown in Table 3, the proposed algorithm achieves better diffusion properties than the affine cipher and modified affine cipher algorithms.

Fig. 5

Comparison of algorithms using diffusion properties.

As shown in Fig. 5, the proposed ISADTTPP algorithm results in a greater number of character changes when there is a small modification in the plain text data. A greater number of character changes indicates better diffusion properties. Hence, the proposed algorithm has better diffusion properties than the affine and modified affine algorithms do.

Encryption time

The encryption time is a parameter of the cryptographic algorithm used to make comparisons between different algorithms. It is the time required to convert or encode the readable or plain text message into an encoded or cipher text message. The amount of time an algorithm takes to convert plain text to cipher text is called the encryption time. The encryption time of an algorithm depends on parameters such as the size of a key, the block size of plain text, and the type of algorithm. We compare the proposed algorithm with the affine cipher and modified affine cipher in terms of encryption time in Table 4. We presented Comparison of algorithms using encryption time in Fig. 6.

Table 4 Comparison of algorithms by encryption Time.

Fig. 6

Comparison of algorithms using encryption time.

Decryption time

The decryption time is the time required by cryptographic algorithms to obtain or return the readable message from encoded or cipher text messages. It is the reverse process encryption process. The amount of time the algorithm takes to decrypt the encrypted data to obtain readable messages is called the decryption time. It affects the performance of a system. We presented Comparison of algorithms by decryption time in Fig. 7. We have presented Comparison of algorithms using the decryption time in Table 5.

Table 5 Comparison of algorithms using the decryption Time.

Fig. 7

Comparison of algorithms by decryption time.

Keyspace

An important factor that supports the validity and robustness of cryptographic algorithms is called the Keyspace. To resist different cryptanalysis attacks, cryptographic algorithms should have a larger key space. The least value of Key ‘a’ and the total number of characters that are used in the algorithm are the affine cipher problem. The Affine cipher uses only A-Z(26) uppercase alphabet characters. This number of characters limits the ability of the user to encrypt messages that contain both digits and small letters. The possible value of key ‘a’ out of 26 characters is only 12 numbers, but key b can be selected within 26 numbers. These numbers are (1, 3, 5, 7, 9, 11, 15, 17, 19 21, 23, 25). The key pace for the affine cipher is 12 × 26 = 312. The value of key ‘a’ must satisfy gcd (a, n) = 1 to decrypt the encoded text. The author of³ increased the value of key ‘a’ from 12 to 486 by increasing the total number of characters and the squared value of n, and the modulus value n changed from 26 to 729. Out of the modulus value of 729, 486 can be used as the value of key ‘a’, and these numbers satisfy gcd(a, 729) = 1. If the number does not satisfy the rule, the cipher text cannot be decrypted. In the proposed algorithm, the total number of character sets increases from 27 to 63 by including small letters and digits in addition to uppercase letters. The total number of characters used in the proposed algorithm is 63. The modulus value is the square of the value of n (63), which is n2 = 3969. Owing to the increment of value n, the possible value of key ‘a’ extends from 486 to 2286; if the possible value of key ‘a’ is small, the attackers can break the cipher text by finding the value of key ‘a’ in minimal operation. Extending the key space of key ‘a’ or the possible value of ‘a’ helps prevent attackers from cracking the decoded text. We presented Comparisons of algorithms using the possible value of key a Fig. 8. we have presented Comparison of algorithms using keyspace in Table 6.

Table 6 Comparison of algorithms using keyspace.

The Affine Recurrence-Based Key Scheduling Algorithm for AES¹⁰ and the Fourier Transform-based Affine Cipher Scheme

¹¹ methods offer innovative approaches, they face limitations such as key exposure vulnerabilities, reliance on weak classical ciphers, and insufficient robustness against cryptanalysis. In contrast, our proposed algorithm addresses these issues by significantly increasing the key space from 354,294 to 9,073,134, supporting a wider character set including alphanumeric and special characters, eliminating repeated digraph encryption through secure digraph-based transformation, and integrating a modified three-pass protocol to ensure secure key exchange. The mathematical derivation of the key space values using Euler’s totient function φ (n), demonstrating how the expanded character set and modulus contribute to the enhanced security. These improvements establish our algorithm as a more robust and practical solution for modern cryptographic applications. These values are derived using Euler’s totient function φ (n), which gives the number of integers less than n² that are co- prime to n². The key space of the existing affine cipher, which uses a character set of 27 (i.e., uppercase letters plus space), is calculated as follows: Let n = 27, so n² = 729. The number of possible values for key a is the count of integers less than 729 that are co-prime with 729, i.e., φ (729) = 486. Key b can be any integer from 0 to 728, o i.e.,729 values. Thus, the total key space is: 486 × 729 = 354,294 In the proposed algorithm, the character set is expanded to 63 characters (including uppercase, lowercase, and digits), so n = 63, and n² = 3969. The number of valid values for key a is φ (3969) = 2286, and key b can be any value from 0 to 3968, i.e., 3969 values. Therefore, the total key space becomes: 2286 × 3969 = 9,073,134 These calculations demonstrate the increase in key space due to the expansion of the character set.

¹¹ methods offer innovative approaches, they face limitations such as key exposure vulnerabilities, reliance on weak classical ciphers, and insufficient robustness against cryptanalysis. In contrast, our proposed algorithm addresses these issues by significantly increasing the key space from 354,294 to 9,073,134, supporting a wider character set including alphanumeric and special characters, eliminating repeated digraph encryption through secure digraph-based transformation, and integrating a modified three-pass protocol to ensure secure key exchange. The mathematical derivation of the key space values using Euler’s totient function φ (n), demonstrating how the expanded character set and modulus contribute to the enhanced security. These improvements establish our algorithm as a more robust and practical solution for modern cryptographic applications. These values are derived using Euler’s totient function φ (n), which gives the number of integers less than n² that are co- prime to n². The key space of the existing affine cipher, which uses a character set of 27 (i.e., uppercase letters plus space), is calculated as follows: Let n = 27, so n² = 729. The number of possible values for key a is the count of integers less than 729 that are co-prime with 729, i.e., φ (729) = 486. Key b can be any integer from 0 to 728, o i.e.,729 values. Thus, the total key space is: 486 × 729 = 354,294 In the proposed algorithm, the character set is expanded to 63 characters (including uppercase, lowercase, and digits), so n = 63, and n² = 3969. The number of valid values for key a is φ (3969) = 2286, and key b can be any value from 0 to 3968, i.e., 3969 values. Therefore, the total key space becomes: 2286 × 3969 = 9,073,134 These calculations demonstrate the increase in key space due to the expansion of the character set.

Fig. 8

Comparisons of algorithms using the possible value of key a.

As observed in Fig. 8, the proposed algorithm has a larger possible value for selecting the value of the multiplicative key. The possible value of the multiplicative key in the proposed algorithm is 2286. Those numbers satisfy gcd(a, 3969) = 1, where a is a multiplicative key. However, in the affine cipher and modified affine cipher, the possible values of the multiplicative key are 12 and 486, respectively. As shown below in Fig. 9, the comparison results show that the proposed algorithm has a larger key space for selecting additive and multiplicative keys than affine ciphers and modified affine ciphers do.

Fig. 9

Comparison of algorithms using key space.

Similar digraph encryption

Similar digraphs may be available in a long text when we encrypt it via different algorithms. Encryption of identical digraphs in plain text results in similar cipher text digraphs in the encoded text. This feature of similarity creates a pattern for attackers to crack cipher text via the frequency analysis method. For example, the plain text ‘ABCDEFGHIJABCDEFGHIJ’ has five similar digraphs, AB, CD, EF, GH, and IJ. The five digraphs occur two times in the plain text. If the attacker obtains the corresponding plaintext of the first five encoded digraphs, the attacker knows the plaintext of the encoded cipher text without decoding the second five digraphs. The cipher text of the plain text ‘ABCDEFGHIJABCDEFGHIJ’ is ‘WNEVMDULCTWNEVMDULCT’. As shown from the cipher text, similar characters in the plain text result in similar cipher characters in the encoded text. The modified affine cipher also produces similar cipher digraphs for identical plain text digraphs. We presented Comparison of algorithms using similar digraph encryption in Fig. 10. We have presented Comparison of algorithms using similar digraph encryption in Table 7.

Table 7 Comparison of algorithms using similar digraph encryption.

Fig. 10

Comparison of algorithms using similar digraph encryption.

A comparison of the proposed algorithm with affine and modified affine ciphers is shown above in Fig. 10. The affine cipher and modified affine cipher algorithms contain five similar digraphs in the cipher text, and the proposed algorithm has no similar digraphs in the cipher text. On the basis of the comparison results, the proposed algorithm performs better in providing encoded text without repeated identical digraphs, especially in plain text containing similar characters or digraphs. Therefore, the proposed algorithm is more secure and difficult for attackers to crack than affine ciphers and modified affine ciphers are.

Key exchange

Key exchange is one of the basic cryptographic primitives used to establish secure information by exchanging keys. It is also called key establishment. It is a technique in which secret information or cryptographic keys are exchanged between two parties’ senders and receivers, allowing the use of cryptographic algorithms. One of the major problems of symmetric key cryptography is the key distribution problem. The affine cipher is a symmetric mono-alphabetic substitution cipher in which the sender and receiver share a secret key or encryption and decryption key through the unsecured channel. The affine cipher has two keys: a multiplicative key and an additive key. The sender and receiver share these secret keys to share data among them, and they are vulnerable to different attackers. If the attacker obtains encryption keys, the whole conversation can be controlled through the compromised key. It is necessary to share affine keys securely. The modified affine cipher does not use any techniques for sharing secret keys. However, the proposed algorithm uses a modified three-pass protocol for exchanging the secret encryption and decryption keys between the sender and receiver instead of sharing the secret keys. Therefore, the proposed algorithm is secure and complex for attackers compared with affine ciphers and modified affine ciphers through a key exchange process.

Pad characters

A pad character is a character that is added to a certain text when the length of the text is odd to make it even. The existing modified affine cipher uses space as a pad character when the length of plain text is odd. The algorithm performs encryption on plain text after it is divided into two digraph characters. When the length of plain text is odd, the modified affine cipher algorithm adds space as a padding character and digraphs it with the last character. The addition of padding characters in a text creates ambiguity by whether it is a pad character or text character.

on the receiver side. To mitigate the ambiguity problem on the receiver side during the decryption process, the proposed algorithm encrypts odd lengths of plain text without adding any padding characters. When the length of plain text is odd, the proposed algorithm encrypts the last character by adding the length of plain text to the index value of the last character. Therefore, the proposed algorithm eliminates the ambiguity problem that occurs during the decryption of odd texts on the receiver side.

Security attacks

When the same data are encrypted repeatedly via the affine cipher and modified affine cipher, it always generates the same cipher text for the plain text. This feature helps passive attacks crack the cipher text of the same data transmitted later on the basis of the previously transmitted data. An attacker knows that once the encryption key, the attacker obtains all necessary information that is encrypted through the compromised key.

Brute force attack

A brute force attack is one of the most common cryptanalysis attacks, and it tries every possible combination of keys until the correct encryption key is obtained. It is also called exhaustive search and can be applied to any encoded text. The attacker tries every possible key within a key space until the intelligible translation of cipher text to plain text. The key space is considered when a cryptographic algorithm is designed to prevent the secret key from brute force attack. When the key size of an algorithm is increased, the required resources for brute force attacks also grow exponentially. The affine cipher has two keys, namely, a multiplicative key and an additive key. It has a key space of the product of 26 for the additive key and 12 for the multiplicative key. The key space for the classical affine cipher is 312. The key spaces for the modified affine cipher and the proposed algorithm are 354,294 and 9,073,134, respectively. The key space of an algorithm is large enough; the ciphertext is not decrypted easily by brute force attack. On the basis of the comparison of the key space, the proposed algorithm has a larger key space than affine and modified affine ciphers do. Therefore, the proposed algorithm is superior to the affine cipher and existing modified affine ciphers.

Frequency analysis attack

A frequency analysis attack is one of the most common attacks in mono-alphabetic substitution ciphers, such as affine ciphers. It breaks the encoded text on the basis of the frequency of a group of letters or the frequency of individual letters. In the English language, the most common letters are E, T, A, and O, whereas Z, Q, X, and J are less commonly repeated letters. It is one method for cracking simple substitution ciphers. Let us observe the frequency of letters in the cipher text of the existing modified and proposed algorithms. Plaintext: “CRYPTOGRAPHYISASCIENCEOFHIDDENWRITINGANDITCANBESYMMET- RICOR A SYMMETRICCRYPTOGRAPH”. By taking this plain text as an example, we compared the proposed algorithm with the affine cipher and existing modified affine cipher. First, the plain text is encrypted via its own keys, and the frequencies of the characters in the cipher text are compared. The cipher text of plain text encrypted via a modified affine cipher with keys a = 527 and b = 434 is “DKCJUWFKRJVAZYVYQTHITRSEFTODHINKSLJIYPTDSLWPHCXYYVYRZKKQJ.

KVYYVYRZKKQDKCJUWFKRJV”. The cipher text of plain text encrypts via the proposed algorithm with key a = 2321 and b = 460 is “ItiaybOi2JOvT3f5p3gEyl0P5Kbz7vvgL3BYnpkgoQNxwYhRWZ7tH6EsSffPZZrTUjiq0Hf zZXzQeu3”. We have presented Frequency analysis for the cipher text of the proposed algorithm in Table 8. We have presented x Frequency analysis for the cipher text of the modified affine cipher in Table 9.

Table 8 Frequency analysis for the cipher text of the proposed algorithm.

Table 9 Frequency analysis for the cipher text of the modified affine cipher.

Based on the results of the frequency analysis, the letters in the cipher text of the proposed algorithm have a lower frequency than those in the cipher text of the modified affine cipher algorithm. More repeated letters in the cipher text help an attacker crack the encrypted text via a frequency analysis attack. As shown in Table 8, letters f, Z, and 3 are repeated at a cipher text frequency of 5.06%. The letter f is decrypted to different cipher text characters because it is the cipher text of different characters. If the attacker can obtain the plain text of one of the cipher characters, the plain text cannot be determined by the first f characters because of the different plain characters. Whereas in the modified affine cipher, the attacker obtains the plain of one cipher character that is presented at high frequency in the cipher text, the attacker can determine other plain characters by using the first known character. For example, in Table 9, the letter K has a frequency of 12.5%, it occurs 10 times in cipher text, and all ten k characters are decrypted to one identical plain text character. On the basis of this comparison, the proposed algorithm is more secure for frequency analysis attacks than the modified affine cipher algorithm. Although the proposed algorithm provides significant improvements in terms of security achieving a 75% avalanche effect, better confusion and diffusion, and enhanced resistance to brute-force and frequency analysis attacks it comes at the cost of increased encryption and decryption time compared to the original and modified Affine ciphers. This performance trade-off was deliberately accepted in order to prioritize cryptographic strength and secure key exchange over speed. Compared to the original Affine cipher and its modified variants, the proposed method ensures secure key distribution using a modified three-pass protocol, supports odd-length plaintexts without padding, and eliminates ciphertext pattern predictability, which makes it far more resistant to cryptanalysis. However, this additional complexity introduces some processing overhead. Despite the increase in processing time, the algorithm remains practical for applications where confidentiality is paramount, such as governmental communication and secure messaging. In such scenarios, the improved security justifies the slight computational cost. Thus, the proposed algorithm offers a valuable trade-off between enhanced security features and moderate performance impact, making it a strong candidate for security-critical applications.

Known-plaintext attack

A known-plaintext attack (KPA) allows an adversary to recover encryption keys using a portion of the plaintext and its corresponding ciphertext. In classical Affine ciphers, this attack is highly effective, as just two plaintext–ciphertext pairs are sufficient to solve the linear equations and determine the keys, enabling full decryption.

The proposed ISADTTPP algorithm significantly enhances resistance to KPA. By combining digraph transformation with random number addition, the same plaintext digraph can encrypt to multiple ciphertext digraphs, preventing direct key recovery. Its modified three-pass protocol conceals the keys during exchange, while a greatly expanded key space makes brute-force attacks infeasible. Experimental results confirm that known plaintext–ciphertext pairs do not yield solvable equations, forcing attackers into computationally impractical guessing. Overall, ISADTTPP overcomes the weakness of the classical Affine cipher and modified affine cipher, demonstrating strong resilience against known-plaintext attacks.

Conclusion

This research presented an enhanced Affine cipher, the ISADTTPP algorithm, designed to overcome the classical cipher’s weaknesses in insecure key exchange, ciphertext predictability, padding ambiguities, and vulnerability to cryptanalysis. By incorporating a modified three-pass protocol with multiple keys, digraph transformation, and a mechanism to handle odd-length plaintexts without padding, the proposed approach significantly strengthens both security and practicality. The evaluation results confirmed that ISADTTPP achieves better confusion, diffusion, and resistance to frequency and brute-force attacks, while also expanding the key space and ensuring secure key exchange. Although the encryption and decryption times are slightly higher, the trade-off is justified by the substantial security improvements.

Overall, this study demonstrates that classical cryptographic schemes like the Affine cipher can be modernized to meet current security demands. The ISADTTPP algorithm provides a stronger and more resilient alternative suitable for secure communications in sensitive applications such as government, messaging, and confidential data sharing.

Recommendation

While the proposed algorithm demonstrates strong security improvements over traditional Affine ciphers, future research can further enhance its applicability and efficiency. One potential direction is to extend the algorithm’s capability to support multimedia data encryption, such as securing images, audio, and video files, which often require specialized handling due to their size and structure. Additionally, future studies could explore optimizing the algorithm’s computational performance through lightweight implementation techniques, such as hardware acceleration or parallel processing, to reduce encryption and decryption time without compromising security. Investigating adaptive key generation methods and integration with public key infrastructure (PKI) may also strengthen the protocol’s usability in broader cryptographic frameworks. These directions will help in adapting the proposed algorithm for modern, real-world security applications.