Method of block encryption of discrete information

 

(57) Abstract:

The invention relates to telecommunications and computing, and more particularly to cryptographic methods and devices for data encryption. The technical result achieved by the invention is to increase the speed of encryption. The method includes forming the encryption key as a set of plug, dividing the data block into N 2 sub-blocks and sequential conversion of sub-blocks by performing two-place operations on sub-blocks and connection. Differs from known methods that perform a double operation on the i-th sub-block and the data over the connection perform the operation of cyclic shift that depends on the j-th sub-blocks, where j i. 1 Il.

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encoding messages (or information). In the set of features proposed method uses the following terms:

- the secret key is a combination of bits known only to the legitimate user;

- the encryption key is a combination of bits used in the encryption information soobshenia or a given set of messages; the encryption key is generated by the deterministic procedures for secret key; in some ciphers as the encryption key is a secret key;

the cipher is a set of elementary steps of converting input data using sherloch; cipher can be implemented as a software or as a separate electronic devices;

connection represents the portion of the encryption key used on the individual elementary steps encryption;

encryption is a process that implements some way of transforming the data using sherloch that translates data in the cryptogram represents a pseudo-random sequence of characters from which to obtain information without knowledge of the encryption key is impracticable;

- desifrovanie is the reverse process of the encryption process; decryption provides data recovery for the cryptogram with knowledge of the encryption key;

- cryptographic strength is a measure of the reliability of information protection and represents the complexity measured in the number of elementary operations that must be performed to recover information on reblockage data encryption, see, for example, U.S. standard DES [U. Diffie, M. E. Hellman. Security and infotouriste: Introduction to cryptography // TIER. 1979. So 67. N. 3. C. 87-89], the method of encryption for U.S. patent N 5222139 dated June 22, 1993, the cipher FEAL-1 and the cryptalgorithm B-Crypt [s Mattick. The mechanism of protection in computer networks. - M., Mir, 1993. S. 49-52]. In the known methods the encryption of data blocks is performed by generating the encryption key in the form of a set of plug, splits converted block data sub-blocks and alternating changes using operations substitution, permutation and arithmetic operations performed on the current sub-block and the current connection.

However, the known methods analogs do not have sufficient resistance to differential cryptanalysis [Berson, T. A. Differential Cryptanalysis Mod 232with application to MD5// EUROCRYPT'92. Hungary, May 24-28, 1992. Proceedings. P. 67-68], because for all the input blocks of data for a given conversion step uses the same connection intact.

The closest in technical essence to the claimed method block encryption is the method that is described in the Russian standard for cryptographic protection of data [the Standard of the USSR GOST 28147-89. The information processing system. Protection cryptographically as a sequence of 8 plug with a length of 32 bits, splitting the input 64-bit data block into two 32-bit sub-blocks B1and B2the successive transformation of the sub-blocks. One step conversion of sub-blocks, for example of the subblock B2is the overlay of the current connection Qi, which is fixed for a given step, using the operation of addition modulo 232(+) in accordance with the formula B2:= B2+ Qiwhere := - sign assignment operation, 1 i 8, and then on the resulting new value of the subblock B2perform the substitution operation, then the operation of cyclic shift to the left by eleven bits, i.e., at eleven binary bits toward the high-order bits, and then the obtained value of B2impose subsection B1using the bitwise sum modulo two) in accordance with the formula B2:= B2B1. The substitution operation is performed as follows. The sub-block is divided into 8 binary vectors of length 4 bits. Each binary vector is replaced by a binary vector of lookup tables. Selected from a lookup table 8 4-bit vectors are combined into a 32-bit binary vector, which is the output state of the sub-block after executing op input blocks of data at a fixed conversion step of sub-blocks use the same connection with the same value.

However, the prototype method has drawbacks, namely in the software implementation it does not provide encryption speed of more than 1 Mbit/s [Andreev N. N. Some of the research directions in the field of information security // proceedings of the international conference "information Security". Moscow, 14-18 April 1997. M. 1997. S. 96], which does not allow to use it to encrypt data protection in real time. This disadvantage stems from the fact that in order to ensure resistance to differential cryptanalysis in the method-prototype uses a large number of lookup operations on 4-bit subblock transformed data block to perform each of which (in the software implementation), the microprocessor performs many basic commands, due to the mismatch of substitutions of this type with the format of the data representation in the computer.

The basis of the invention is to develop a method of encryption in which the conversion of the input data would be carried out in such a manner that a decrease in the number of elementary operations conversion per one bit of the input data, while ensuring a high resistance to difference This object is achieved in that a method of block encryption of discrete information, including the formation of the encryption key as a set of plug, dividing the data block into N 2 sub-blocks and sequential conversion of sub-blocks by performing two-place operations on sub-blocks and connection, new according to the invention is that before performing the two-place operations on the i-th sub-block and the data over the connection perform the operation of cyclic shift that depends on the j-sub-blocks, where j i.

Thanks to this solution the structure of the plug used at a given step of the encryption depends on the data to be converted and thus this step of conversion for different input blocks are used in various modified values of the plug, providing high resistance to differential cryptanalysis and simultaneous decrease in the number of operations transformation, and enhance the speed of cryptographic transformation.

Below the essence of the invention is explained in more detail by examples, with reference to the accompanying drawings.

The invention is illustrated by the generic scheme cryptographicexception is - the unit is controlled cyclic shift operation; A and B are converted n-bit sub-blocks; K2r, K2r-1elements of the encryption key (plug); the sign indicates the operation bitwise sum modulo two, the sign + is the operation of summation modulo 2n. Bold solid lines indicate the bus transfer n-bit signals, and the thick dashed line bus transfer n control signals, which are the bits of the transformed sub-blocks.

The drawing shows one (the r-th round of the encryption. Depending on the desired speed of the transformations can be set from 8 to 30 or more rounds.

Consider a specific example of implementation of the proposed method cryptographic transformation of binary data blocks.

Example.

In this example explains how to encrypt 64-bit blocks of data. The encryption key is generated in the form of 16 plug K1, K2, K3, ..., K32, each of which has a length of 32 bits. The input data block is broken into two 32-bit sub-blocks A and B. the Encryption input block described by the following algorithm:

1. Set the count of the number of rounds r = 1.

2. To transform the sub-block B in accordance with virginjapanese over the subkey K2r.

3. To transform the sub-block A in accordance with the expression

A := A + B,

where + is the operation of summing modulo 232.

4. To transform the sub-block A in accordance with the expression

A:= A(K2r-1< B),

where K2r-1<<< B denotes the operation of cyclic shift to the left by B bits to be performed on the connection K2r-1.

5. To transform the sub-block B in accordance with the expression

B := B + A.

If r 16, then increment the counter r := r + 1 and go to step 2, otherwise STOP.

Modern microprocessors quickly carry out a cyclic shift operation depending on the value of a variable stored in one of registers. Thanks to the described algorithm provides encryption speed of about 30 Mbit/s for mass microprocessor Pentium/200.

These examples show that the proposed method block encryption of discrete information technical feasibility and allows to solve the problem.

The inventive method can be implemented, for example, in the form of computer programs that provide high-speed data encryption.

Method of block encryption of discrete information, including the formation of the education sub-blocks by performing two-place operations on sub-blocks and connection, wherein before performing the two-place operations on the i-th sub-block and the data over the connection perform the operation of cyclic shift that depends on the j-th sub-blocks, where j i.

 

Same patents:

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encoding messages (or information)

The invention relates to telecommunications, and in particular to the technique of secret confidential communication

The invention relates to the field of technology encrypted communication

The invention relates to computing and information systems and can be used as a personal transducer information when communicating government, law enforcement, defense, industrial and commercial institutions, when there is a need of storing and transferring confidential information

Block encryption // 2127024
The invention relates to the field of telecommunications and computing, and specifically to the field of cryptographic methods and devices for data encryption

The invention relates to distributed information and control systems (RIUS), mainly to RIUS, operating in real time, and can be used in various application systems, operating information of a confidential nature

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encrypting digital data

FIELD: cryptography.

SUBSTANCE: method includes generating random numbers with use of displacement register with check connection, elementary digit of which is a q-based symbol (q=2l, l - binary symbol length) at length of q-based digits register, in check connection networks nonlinear two-parameter operations on q-based symbols F (ub, ud) are used, on basis of random replacement tables, for generating next random number values z1=F(ui, uj), z2=F(ut, um), zg=F(z1, z2) are calculated, where ui, uj, ut, um - values of filling of respective register digits, value of result in check connection networks zg is recorded to g digit of displacement register and is a next result of random numbers generation, after which displacement of register contents for one q-based digit is performed.

EFFECT: higher speed and efficiency.

3 cl

FIELD: electrical communications and computer engineering; cryptographic data conversion.

SUBSTANCE: proposed method includes generation of protection key in the form of n-bit binary vector, its supply for initial filling of shift register producing maximal-length pseudorandom character sequence, conversion of data stream into encoded message, and its transfer over communication line; in the process total character of encoded text is shaped and its value is conveyed at moment when search sequence character assumed value equal to unity.

EFFECT: reduced redundancy in message transferred and enhanced message transfer speed.

1 cl, 2 dwg

FIELD: electric communications.

SUBSTANCE: method is performed using microcontrollers with two memory types: data and software. For transfer of each symbol individual main and reserve codes are used, on basis of number of repeats of symbol in transferred message. First transfer of symbol is performed by main code, second transfer of same symbol - by reserve code, and then codes synchronization displacement is activated for a step around circle relatively to symbols until finish of circle. After transfer of displaced reserve code, closing the circle, synchronous replacement of codes variants is performed, and then order of codes replacement is repeated in case of repeat of any symbol in transferred message. Number of required code variants is set by planned volume of information, sent via communication line.

EFFECT: higher efficiency.

1 dwg

FIELD: data carriers.

SUBSTANCE: data carrier is made in such a way, that for important data protection operations confidential data stored in chip memory or formed by it are separated on at least three portions, also provided is processor for calculation of random number and for dividing confidential data on such random number, while first portion of data is an integer result of such division, and third portion of data is the actual random number.

EFFECT: higher quality of data protection.

3 cl, 1 dwg

FIELD: computer science, communications.

SUBSTANCE: method includes generating a protection key in form of a binary vector n-bit long, sending it for primary filling of displacement register, generating pseudo-random series of maximal length, generating pseudo-random series of symbols, transforming data stream to encrypted message and transmitting the latter along communication line, while pseudo-random series is generated as pseudo-random series of symbols of finite field Fp with characteristic p=2k+1 in form of binary vectors k-nit long by getting information from k different bytes of displacement register with check connection, numbers of which are determined on basis of protection key, and number k is selected equal to one of members of geometric row, which has denominator and first member equal to two, and also a pseudo-random series of symbols is formed for finite field of odd values of symbols due to skipping clock pulses of displacement register with check connection for which pseudo-random series symbols take even values and serially transforming in finite field Fp symbols of source text by involution thereof, appropriate for pseudo-random series symbols.

EFFECT: higher resistance to attacks on basis of known and sorted out texts.

4 cl, 2 dwg

FIELD: radio engineering; secret intelligence protected radio communication systems.

SUBSTANCE: proposed radio communication system incorporating provision for suppressing enemy's radio communication means and radio control channels has information subsystem, noise jamming subsystem, noise memory subsystem, information subsystem elements, and subsystem elements interface unit; each element of information subsystem is made in the form of multichannel time-division radio station; each element of noise jamming subsystem is made in the form of time division multichannel radio station, and each of noise jamming subsystem elements is made in the form of barrage jamming transmitter built around noise signal generating driver; used as drivers are self-stochastic generator operating in different frequency bands.

EFFECT: enhanced intelligence protection of communication channels, simplified design, enhanced reliability.

2 cl, 13 dwg

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

FIELD: data processing.

SUBSTANCE: before beginning of decoding all possible non-repeating meanings of combinations of alphabet ui are recorded randomly into code spreadsheet with N lines by means of random numbers detector (RND). Number i of code line of code spreadsheet Tk is recorded in each line ui of address spreadsheet Ta. Meaning of combinations of alphabet ui is recorded in spreadsheet Tk, where N-size of alphabet coincident with number of lines of code and address spreadsheets Tk and Ta, ui is original combination being subject to coding. Moreover for filling any next i-line and line from code spreadsheet Tk (where i equals 1 to N) the next meaning of combination of alphabet from RND which is subsequently compared with each i-th meaning from recorded combinations of alphabet in code spreadsheet Tk. In case there is no coincidence with any recorded combinations of alphabet, the next meaning of combination of alphabet ui is recorded into i-th line of code spreadsheet Tk. When coding line ui of address spreadsheet Ta the address A(ui) of original combination is read out from code spreadsheet Tk. Value of coded combination vi of original combination ui at value of parameter of conversion of ξi equals to value of combination of alphabet being stored in line A(vi) of code spreadsheet Tk, which address is determined as A(vi)=A(ui)+ξi for module of N number. Value of coded combination vi is read out from line of code spreadsheet Tk with address A(vi). When decoding coded combination vi at value of conversion parameter of ξi the value of combination is defined, which combination is stored in address line A(ui) of spreadsheet Tk which address is determined as A(ui)=A(vi) - ξi for module N number. Value of ui combination is read out from line of code spreadsheet Tk having address A(ui).

EFFECT: increased speed of data processing.

FIELD: computer science.

SUBSTANCE: method is based on block-wise conversion of message, dependently on secret key, to Cyrillic text.

EFFECT: possible use of Russian texts as containers for steganographic conversion, decreased dependence of statistic characteristics of modified container from concealed message.

2 cl, 6 dwg

FIELD: cryptography.

SUBSTANCE: block for generation of sub-keys data uses two different processes for open generation of sub-keys. During encoding of T*n block of open text, where T - length of predetermined cycle, n - positive integer, sixteen sets of sub-key data is generated. In al other cases two sets of sub-key data are generated. Encryption block encrypts open text, using formed sixteen or two sets of sub-keys data.

EFFECT: higher efficiency.

6 cl, 15 dwg

Up!