Multidimensional Hill Cipher Substitution-Permutation Network with AES S-Box and Argon2id Key Derivation

The Hill cipher has historically lacked the confusion and diffusion properties required for modern cryptographic use. This paper presents the Multidimensional Hill Substitution-Permutation Network (MD-Hill-SPN), a 128-bit, 12-round block cipher combining three elements: (1) a hierarchical matrix diffusion layer operating at 4×4, 8×8, and 16×16 byte scales over GF(2⁸); (2) two AES S-box substitution layers per round; and (3) Argon2id memory-hard key derivation. Metric sessions used a SHA-256 domain-separator surrogate for Argon2id for computational tractability; Argon2id is the specified production KDF. Two independent runs of the full metric suite yield: (a) full plaintext avalanche from round 1 (mean 63.97–64.67 of 128 bits, ideal 64); (b) the differential-probability sampling floor of 2×10⁻⁵ reached at round 4 (50,000 of 50,000 output differences distinct, both sessions); (c) algebraic-degree lower-bound saturation at the maximum observable value from round 1; (d) linear bias indistinguishable from random (combined exceedance 4.40%, below the 4.55% noise floor); and (e) branch numbers at the Singleton (MDS) bound for every tier (B = 5 for 4×4, B = 9 for 8×8, B = 17 for 16×16), computed exhaustively over weight-1 inputs. MD-Hill-SPN therefore moves beyond theoretical construction to empirically validated confusion and diffusion properties stronger than prior Hill-cipher variants.