Method of block encryption of binary information

 

(57) Abstract:

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for data encryption. The technical result achieved by the invention is to increase the speed of encryption in the software implementation. The method includes forming the encryption key as a set of plug, dividing the data block into N 2 sub-blocks and sequential conversion of sub-blocks by performing two-place operations on sub-blocks and connection. New in the present method is that before performing the two-place operations on the i-th sub-block and the data over the connection perform the substitution operation, depending on the j-th sub-blocks, where j i. New is also the fact that, as performed on the data substitution operation, depending on the j-th sub-block, using the substitution operation that depends on the encryption key. 1 C.p. f-crystals, 1 Il.

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encoding messages (or information). In the combination of features of the proposed method are used slotmacine of data signals; the encryption key is a replaceable part of the cipher and is used to convert the message or the set of messages; the encryption key must be known only to the legitimate user;

the cipher is a set of elementary steps of converting input data using sherloch; cipher can be implemented as a software or as a separate electronic devices;

connection represents the portion of the encryption key used on the individual elementary steps encryption;

- binary vector is a sequence of zero and a unit of bits, for example 101101011; the specific structure of the binary vector can be interpreted as a binary number, if we assume that the position of each bit corresponds to a binary digit, i.e., the binary vector can be mapped to a numerical value that is determined uniquely by the structure of the binary vector;

encryption is a process that implements some way of transforming the data using sherloch that translates data in the cryptogram represents a pseudo-random sequence of characters from which to obtain information without known what I; decryption provides data recovery for the cryptogram with knowledge of the encryption key;

- cryptographic strength is a measure of the reliability of information protection and represents the complexity measured in the number of elementary operations that must be performed to recover information on the cryptogram, when knowledge of the conversion algorithm, but without knowledge of the encryption key.

Known methods of block encryption of binary information, see, for example, U.S. standard DES [U. Diffie, M. E. Hellman. Security and infotouriste: Introduction to cryptography// TIER. 1979. So 67. N. 3. C. 87-89], the method of encryption for U.S. patent N 5222139 dated June 22, 1993, the cipher FEAL-1 and the cryptalgorithm B-Crypt [s Mattick. Protection mechanisms in computer networks.- M., Mir, 1993. S. 49-52] . In the known methods the encryption of data blocks is performed by generating the encryption key in the form of a set of plug, splits converted block data sub-blocks and alternating changes using operations substitution, permutation and arithmetic operations performed on the current sub-block and the current under the key.

However, the known methods analogs are not sufficiently resistant to known differential Cree is adnych data blocks for a given conversion step uses the same connection intact.

The closest in technical essence to the present method of encryption of binary data, a method described in the Russian standard for cryptographic protection of data [the Standard of the USSR GOST 28147-89. The information processing system. The cryptographic protection. The cryptographic transformation] . Prototype method includes forming the encryption key in a sequence of 8 plug with a length of 32 bits, splitting the input 64-bit data block into two 32-bit sub-blocks B1and B2the successive transformation of the sub-blocks. One step conversion of sub-blocks, for example of the subblock B2is the overlay of the current connection Qi, which is fixed for a given step, using the operation of addition modulo 232(+) in accordance with the formula B2:=B2+Qiwhere 1 i 8, and then on the resulting new value of the subblock B2perform the substitution operation, then the operation of cyclic shift to the left by eleven bits, i.e., at eleven binary bits toward the high-order bits, and then the obtained value of B2impose subsection B1using the bitwise sum modulo two () with the OK is divided into 8 binary vectors of length 4 bits. Each binary vector is replaced by a binary vector of lookup tables. Selected from a lookup table 8 4-bit vectors are combined into a 32-bit binary vector, which is the output state of the sub-block after performing the substitution operation. Just running a 32 similar step changes of sub-blocks, and for all of the converted input data blocks at a fixed conversion step of sub-blocks use the same connection with the same value.

However, the prototype method has drawbacks, namely in the software implementation it does not provide encryption speed of more than 1 Mbit/s [Andreev N. N. Some of the research directions in the field of information security// proceedings of the international conference "information Security". Moscow, 14-18 April 1997. M. 1997. S. 96], which does not allow to use it to encrypt data protection in real time. This disadvantage stems from the fact that in order to ensure resistance to differential cryptanalysis in the method-prototype uses a large number of lookup operations on 4-bit subblock transformed data block to perform each of which (in the software implementation) Mick is and the format of the data representation in the computer.

The basis of the invention is to develop a method of block encryption of binary data in which the conversion of the input data would be carried out in such a manner that a decrease in the number of elementary operations conversion per one bit of the input data, while ensuring a high resistance to differential cryptanalysis, which increases the speed of encryption in the software implementation.

This object is achieved in that in the method block encryption of binary information, including the formation of the encryption key in a set under the keys, partitioning the data block into N 2 sub-blocks and sequential conversion of sub-blocks by performing two-place operations on sub-blocks and connection, new according to the invention is that before performing the two-place operations on the i-th sub-block and the data over the connection perform the substitution operation, depending on the j-th sub-blocks, where j i.

This solution structure under the keys used at a given step of the encryption depends on the data to be converted and thus this step of conversion for different input blocks are different mo is toanalyze while reducing the number of operations performed conversion, and enhance the speed of cryptographic transformation.

New is also the fact that, as performed on the data substitution operation, depending on the j-th sub-block, using the substitution operation that depends on the encryption key.

This solution provides additional increase encryption strength while maintaining a high speed encryption.

Below the essence of the invention is explained in more detail by examples, with reference to the accompanying drawing.

The invention is illustrated a generalized diagram of the cryptographic transformation of data blocks on the basis of the proposed method, which is shown in the drawing, where S is the block substitution operation that depends on the value of one of the transformed sub-blocks; A and B are converted n-bit sub-blocks; K2R, K2R-1elements of the encryption key (plug); the sign indicates the operation bitwise sum modulo two, the sign of the operation of summation modulo 2n. Operational block S performs a lookup operation on the plug K2RK2R-1depending on the control signal on the control bus, shown in broken Inu transfer n control signals, which are the bits of the transformed sub-blocks.

The drawing shows one (the R-th round of the encryption. Depending on the specific implementation of the block controlled substitutions and the desired speed of the transformations can be set from 8 to 20 or more rounds.

Under the substitution operation we mean the replacement operation on the binary values of the signal at the input of the operational block S to the other binary value (determined at the output of the operational block S), which is selected depending on the values at the input of the block S in accordance with some replacement table. Can be implemented two variants lookup:

(1) n-bit binary input vector is replaced by the n-bit output binary vector, with different input binary vectors correspond to different output binary vector;

(2) n-bit binary vector is replaced by the m-bit binary vector, where m n, and various input binary vectors may correspond to how different and the same output binary vectors.

The lookup operation of both types can be set depending on a control signal, i.e., given a binary vector at the input can be changed to different the second method uses the value of one of the transformed sub-blocks.

Explain the task based substitution operation of the first type of sub-block data to be converted. Let the substitution operation is performed on binary vectors of length n bits, where n is an integer. Then to determine the substitution operation of size nxn (designation nxn means that the input for the substitution operation is a data block of size n bits and the output block is a binary vector of length n bits) is needed to use a table containing two rows of numbers:

< / BR>
where N = 2n. In this table, in the bottom row contains all possible values of n-bit block exactly once, but in a random order. The sequence of the numbers in the bottom row defines a specific version of the lookup table, and hence the specific variant substitution operation performed using this table. The operation of substitution is as follows. Select the top line number that is equal to the value of the input block. Under this number is in the bottom row is taken as the output unit. Thus, the lookup table can be placed in the operative memory of the computer as a serial write n-bit computingnow binary vector K is used to calculate the address of w0+ K words, which is taken as the output of the binary vector. This way of representing a lookup table requires the use of memory equal to 2nn bits. Select the number of lookup tables, is 2L(required space will be a 2LNn bit) and place lookup tables continuously one after another. As the address of table v we take the address value of w0the first n-bit words. Let the address of the table (v = 0 is a s. In this case, the address lookup table with any number v is equal to s+vN. If you have specified a control binary vector that determines the number of the current lookup tables v and the current input binary vector, the substitution operation is performed by replacing the current input block to the n-bit word located at address s + vN + K where K is the value of the input binary vector, which is the current substitution operation. Using this relation it is easy to select the lookup table with the number v and perform the substitution on the input binary vector with the value of K. In this case, the job according to the lookup tables from a control value of the binary vector and performing a substitution operation is carried out musannah parameters for host lookup tables requires 8 KB of RAM, what is acceptable, since modern computers have RAM on many orders of magnitude greater than this value (from 1 to 64 MB or more).

Explain the task based substitution operation of the second type from the sub block converted data in the example lookup h specified using the numbered sequence of 32-bit binary vectors {Qj}, j= 0, 1, 2, . . . , 256. The sequence {Qj} it can be assumed known and related to the description of the encryption algorithm. In this case, it can be generated randomly, then it is recorded as part of the description of the encryption algorithm. Another option would specify the sequence {Qj} is it generating pseudo law depending on the encryption key. In this case, it is a secret, which further increases the cryptographic strength of the encryption. Converting 8-bit input binary vector (e.g., data) K is depending on the control binary vector (e.g., transform sub-blocks) B as follows:

(1) calculate the number of j0= (B + K) mod 256; (2) 8-bit binary vector K is replaced by a 32-bit binary vector

RAH">

Example 1. In this example explains how to encrypt 64-bit blocks of data. The encryption key is generated in the form of plug 16 K1, K2, K3,... K32, each of which has a length of 32 bits. The input data block is broken into two 32-bit sub-block A= A4|a3|a2|a1and B= b4|b3|b2|b1represented as the concatenation of the 8-bit sub-blocks of the aiand biwhere i = 1, 2, 3, 4. Encryption input block described by the following algorithm:

1. Set the count of the number of rounds r = 1.

2. To transform the sub-blocks In accordance with the expression

< / BR>
where denotes the substitution operation on connection K8rdepending on subunit a1.

3. To transform the sub-block A in accordance with the expression

A: = A + B (mod32).

4. To transform the sub-block A in accordance with the expression

< / BR>
where denotes the substitution operation on connection K8r-7performed depending on the sub-block b1.

5. To transform the sub-block B in accordance with the expression

B:=B+A(mod 232).

6. To transform the sub-block B in accordance with the expression

< / BR>
6. To transform the sub-block A in accordance with the expression

B:=B + A (mod 232).

9. To transform the sub-block B in accordance with the expression

< / BR>
10. To transform the sub-block A in accordance with the expression

A:=A + B (mod 232).

11. To transform the sub-block A in accordance with the expression

< / BR>
12. To transform the sub-block B in accordance with the expression

B:=B+A(mod 232).

13. To transform the sub-block B in accordance with the expression

< / BR>
14. To transform the sub-block A in accordance with the expression

A: = A + B (mod 232).

15. To transform the sub-block A in accordance with the expression

< / BR>
16. To transform the sub-block B according to the expression

B: = B + A (mod 232).

17. If r 4, then increment the counter r:=r+1 and go to step 2, otherwise STOP.

As a lookup table used to perform a lookup in example 1 is used, the array is numbered 32-bit binary vectors { Qj}, j= 0, 1, 2,...,2048. To perform a lookup on connection K depending on subunit aicomputes the number of jain accordance with the formula ja=(K+ai)mod 211and is replaced by the value of K is Analytically it is written as

Brigetta up procedures, encryption based on the encryption key for a pseudorandom law. This can be done, for example, as follows. Take 1024 64-bit binary vector with numerical values 1, 2,..., 1024. Using the encryption key K1, K2,...,K32using the RC5 encryption algorithm [B. Schneier. Applied Cryptography/John Wiley & Sons, Inc., New York, 1996. P. 344-345.] 'll encrypt the specified 64-bit binary vectors. The result will be a set of 64-bit blocks of data with pseudo-random values. Breaking each 64-bit block into two 32-bit sub-block will get a pseudo-random sequence {Qj}, j= 0, 1, 2,...,2048.

In modern computers, the operation of extracting the binary vectors of RAM is available for a small number of machine cycles, thanks to the inventive method provides encryption speed from 10 to 30 Mbit/s (depending on the specific implementation) for mass microprocessor Pentium/200.

These examples show that the proposed method block encryption of discrete information technical feasibility and allows to solve the problem.

The inventive method can be implemented, for example, in the form of computer programs that provide high-speed data encryption.

1. Method of block encryption of binary information, include the implementation of the operations of substitution and alternate conversion of sub-blocks by performing two-place operations on sub-blocks and connection, characterized in that the substitution operation performed on the data before performing the two-place operations on the i-th sub-block, and the substitution operation is performed in dependence on the j-th sub-blocks, where j i.

2. The method according to p. 1, characterized in that as performed on the data substitution operation using the substitution operation that depends on the encryption key.

 

Same patents:

The invention relates to telecommunications and computing, and more particularly to cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encoding messages (or information)

The invention relates to telecommunications, and in particular to the technique of secret confidential communication

The invention relates to the field of technology encrypted communication

The invention relates to computing and information systems and can be used as a personal transducer information when communicating government, law enforcement, defense, industrial and commercial institutions, when there is a need of storing and transferring confidential information

Block encryption // 2127024
The invention relates to the field of telecommunications and computing, and specifically to the field of cryptographic methods and devices for data encryption

The invention relates to distributed information and control systems (RIUS), mainly to RIUS, operating in real time, and can be used in various application systems, operating information of a confidential nature

FIELD: cryptography.

SUBSTANCE: method includes generating random numbers with use of displacement register with check connection, elementary digit of which is a q-based symbol (q=2l, l - binary symbol length) at length of q-based digits register, in check connection networks nonlinear two-parameter operations on q-based symbols F (ub, ud) are used, on basis of random replacement tables, for generating next random number values z1=F(ui, uj), z2=F(ut, um), zg=F(z1, z2) are calculated, where ui, uj, ut, um - values of filling of respective register digits, value of result in check connection networks zg is recorded to g digit of displacement register and is a next result of random numbers generation, after which displacement of register contents for one q-based digit is performed.

EFFECT: higher speed and efficiency.

3 cl

FIELD: electrical communications and computer engineering; cryptographic data conversion.

SUBSTANCE: proposed method includes generation of protection key in the form of n-bit binary vector, its supply for initial filling of shift register producing maximal-length pseudorandom character sequence, conversion of data stream into encoded message, and its transfer over communication line; in the process total character of encoded text is shaped and its value is conveyed at moment when search sequence character assumed value equal to unity.

EFFECT: reduced redundancy in message transferred and enhanced message transfer speed.

1 cl, 2 dwg

FIELD: electric communications.

SUBSTANCE: method is performed using microcontrollers with two memory types: data and software. For transfer of each symbol individual main and reserve codes are used, on basis of number of repeats of symbol in transferred message. First transfer of symbol is performed by main code, second transfer of same symbol - by reserve code, and then codes synchronization displacement is activated for a step around circle relatively to symbols until finish of circle. After transfer of displaced reserve code, closing the circle, synchronous replacement of codes variants is performed, and then order of codes replacement is repeated in case of repeat of any symbol in transferred message. Number of required code variants is set by planned volume of information, sent via communication line.

EFFECT: higher efficiency.

1 dwg

FIELD: data carriers.

SUBSTANCE: data carrier is made in such a way, that for important data protection operations confidential data stored in chip memory or formed by it are separated on at least three portions, also provided is processor for calculation of random number and for dividing confidential data on such random number, while first portion of data is an integer result of such division, and third portion of data is the actual random number.

EFFECT: higher quality of data protection.

3 cl, 1 dwg

FIELD: computer science, communications.

SUBSTANCE: method includes generating a protection key in form of a binary vector n-bit long, sending it for primary filling of displacement register, generating pseudo-random series of maximal length, generating pseudo-random series of symbols, transforming data stream to encrypted message and transmitting the latter along communication line, while pseudo-random series is generated as pseudo-random series of symbols of finite field Fp with characteristic p=2k+1 in form of binary vectors k-nit long by getting information from k different bytes of displacement register with check connection, numbers of which are determined on basis of protection key, and number k is selected equal to one of members of geometric row, which has denominator and first member equal to two, and also a pseudo-random series of symbols is formed for finite field of odd values of symbols due to skipping clock pulses of displacement register with check connection for which pseudo-random series symbols take even values and serially transforming in finite field Fp symbols of source text by involution thereof, appropriate for pseudo-random series symbols.

EFFECT: higher resistance to attacks on basis of known and sorted out texts.

4 cl, 2 dwg

FIELD: radio engineering; secret intelligence protected radio communication systems.

SUBSTANCE: proposed radio communication system incorporating provision for suppressing enemy's radio communication means and radio control channels has information subsystem, noise jamming subsystem, noise memory subsystem, information subsystem elements, and subsystem elements interface unit; each element of information subsystem is made in the form of multichannel time-division radio station; each element of noise jamming subsystem is made in the form of time division multichannel radio station, and each of noise jamming subsystem elements is made in the form of barrage jamming transmitter built around noise signal generating driver; used as drivers are self-stochastic generator operating in different frequency bands.

EFFECT: enhanced intelligence protection of communication channels, simplified design, enhanced reliability.

2 cl, 13 dwg

FIELD: information protection.

SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.

EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.

6 dwg

FIELD: data processing.

SUBSTANCE: before beginning of decoding all possible non-repeating meanings of combinations of alphabet ui are recorded randomly into code spreadsheet with N lines by means of random numbers detector (RND). Number i of code line of code spreadsheet Tk is recorded in each line ui of address spreadsheet Ta. Meaning of combinations of alphabet ui is recorded in spreadsheet Tk, where N-size of alphabet coincident with number of lines of code and address spreadsheets Tk and Ta, ui is original combination being subject to coding. Moreover for filling any next i-line and line from code spreadsheet Tk (where i equals 1 to N) the next meaning of combination of alphabet from RND which is subsequently compared with each i-th meaning from recorded combinations of alphabet in code spreadsheet Tk. In case there is no coincidence with any recorded combinations of alphabet, the next meaning of combination of alphabet ui is recorded into i-th line of code spreadsheet Tk. When coding line ui of address spreadsheet Ta the address A(ui) of original combination is read out from code spreadsheet Tk. Value of coded combination vi of original combination ui at value of parameter of conversion of ξi equals to value of combination of alphabet being stored in line A(vi) of code spreadsheet Tk, which address is determined as A(vi)=A(ui)+ξi for module of N number. Value of coded combination vi is read out from line of code spreadsheet Tk with address A(vi). When decoding coded combination vi at value of conversion parameter of ξi the value of combination is defined, which combination is stored in address line A(ui) of spreadsheet Tk which address is determined as A(ui)=A(vi) - ξi for module N number. Value of ui combination is read out from line of code spreadsheet Tk having address A(ui).

EFFECT: increased speed of data processing.

FIELD: computer science.

SUBSTANCE: method is based on block-wise conversion of message, dependently on secret key, to Cyrillic text.

EFFECT: possible use of Russian texts as containers for steganographic conversion, decreased dependence of statistic characteristics of modified container from concealed message.

2 cl, 6 dwg

FIELD: cryptography.

SUBSTANCE: block for generation of sub-keys data uses two different processes for open generation of sub-keys. During encoding of T*n block of open text, where T - length of predetermined cycle, n - positive integer, sixteen sets of sub-key data is generated. In al other cases two sets of sub-key data are generated. Encryption block encrypts open text, using formed sixteen or two sets of sub-keys data.

EFFECT: higher efficiency.

6 cl, 15 dwg

Up!