Way cryptographic transformation of binary data blocks
(57) Abstract:The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encrypting digital data. The method consists of dividing the data block at the V sub-blocks, the sequential conversion of sub-blocks by performing the above sub-blocks of at least one conversion operation, which depends on the values of the input block. New in the present method is that as the operations that depend on the values of the input block, you use the permutation of the bits of the subblock. New is also the fact that when converting subsection additionally perform an operation of permutation of bits depending on the secret key. Also new is the fact that additionally form a binary vector V, and the operation of permutation of the bits of the subblock is carried out in dependence on the values of V, and the binary vector at the current step of the conversion form depending on its value at the previous step of the conversion and the value of one of the subblocks. The technical result is the provision of increasing the number of possible variants of the operation, depending on preobrazuemogo cryptanalysis. 1 C.p. f-crystals. 5 Il. The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for encoding messages (or information).In the set of features proposed method uses the following terms:
- the secret key consists of binary information, known only to the legitimate user;
- cryptographic transformation is the conversion of digital information, which provides the effect of one bit of the input data on many bits of output data, for example, to protect information from unauthorized read, generate digital signature generation detection code modifications; some of the important types of cryptographic transformations are one-way conversion, hashing and encryption;
- hashing information there is some way of forming a so-called hash value, the amount of which is fixed (typically 128 bits) for messages of any size; widely used methods hash-based iterative hash-functions using modular mechanisms cryptographic transformation of data [see X. Lai, J. L. Massey Hash Fu is the W is the process of transforming information which depends on the secret key, and converts the source text in the text, representing a pseudo-random sequence of characters from which to obtain information without knowledge of the secret key impracticable;
- decryption is the reverse process of the encryption process; decryption provides data recovery for the cryptogram with knowledge of the secret key.
the cipher is a set of elementary steps of converting input data using the secret key; cipher can be implemented as a software or as a separate device;
-binary vector is a sequence of zero and a unit of bits, for example 101101011; the specific structure of the binary vector can be interpreted as a binary number, if we assume that the position of each bit corresponds to a binary digit, i.e., the binary vector can be mapped to a numerical value that is determined uniquely by the structure of the binary vector;
- cryptanalysis is a method of computing the secret key to gain unauthorized access to encrypted data or to develop a method that provides access to zashifrovannoe L-bit input data block into L-bit output data block, which makes it easy to calculate the output block input block, and the calculation of the input block, which would be transformed into a randomly selected output unit, is a nearly impossible task;
- one-way function is a function whose value is easily calculated according to this argument, however, the calculation of the argument on this value function is computationally difficult task; one-way functions are implemented as a sequence of procedures one-way transformation of some input unit (argument), the output value which is the value of the function;
- cryptographic strength is a measure of the reliability of the protection of encrypted information and represents the complexity measured in the number of elementary operations that must be performed to recover information on the cryptogram, when knowledge of the conversion algorithm, but without knowledge of the secret key; in the case of unilateral reforms under the cryptographic understood the complexity of the calculation input values of the block at its output value;
- the operation of cyclic shift that depends on transform subblock or dependent binary vector is the operation cyclizes the th shift to the left (right) designated by the symbol "<<<" (">>>"), for example, B1< a<denotes the operation of cyclic left shift of the sub-block IN1on a number of bits equal to the value of the binary vector B2; these operations are basic for the cipher RC5;
single operation is an operation performed on one operand (data block or a binary vector); the value of the subblock after performing some given single operation only depends on its initial value; an example of single operations are operations of cyclic shift;
- double operation is an operation performed on the two operands; the result of executing some of this double operation depends on the value of each operand; an example of double operations are the operations of addition, subtraction, multiplication, etc.Known methods of block encryption of data, see for example U.S. standard DES [National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standards Publication 46, January 1977; see also: s Mattick. Protection mechanisms in computer networks.- M.: Mir, 1993, S. 42-47]. In this way encryption of data blocks is performed by forming a secret key, split transformed data block into two sub-blocks L and R and successive changes by the last executed as the output value of a function F from the values of the subblock R. After this, the blocks are swapped places. The function F in the specified method is implemented by performing the operations of permutation and substitution performed on sub-blocks of R. This method has a high rate of conversions when implemented in the form of specialized electronic circuits.However, the known method is similar uses secret key of the small size (56-bit), making it vulnerable to cryptanalysis based on the selection key. The latter is associated with high computational power of modern computers for mass application.The closest in technical essence to the claimed method of cryptographic transformation of binary data blocks is the method implemented in the RC5 cipher described in [R. Rivest, The RC5 Encryption Algorithm/Fast Software Encryption, Second International Workshop Proceedings (Leuven, Belgium, December 14-16, 1994), Lecture Notes in Computer Science, v. 1008, Springer-Verlag, 1995, pp. 86-96]. Prototype method includes forming a secret key in the form of a set of plug, splitting the input data block into sub-blocks A and B and in turn transform the sub-blocks. The sub-blocks is converted by running over them single and double operations. As double operations are the operations of addition is the radio you use the cyclic shift to the left, moreover, the number of bits. which shifts transform the sub-block depends on the value of another sub-block, it determines the dependence of the cyclic shift operation on the current step of the transform sub-blocks from the original values of the input data block. Double operation is performed on sub-blocks and connection, as well as over the two sub-blocks. Characteristic for the method of the prototype is the operation of cyclic shift that depends on the values of the input block.The sub-block, for example, subsection (B) convert the following way. The operation is performed bitwise sum modulo 2 over the sub-blocks A and B and the value obtained after performing this operation are assigned to the subblock Century, It is written as a ratio B _ BV, where the sign "<---" denotes the assignment operation and the symbol "" denotes the operation bitwise sum modulo 2. Then over the sub-block To perform an operation cyclic shift number of bits equal to the value of sub-block A:<---<<<A. Then over the sub-blocks and one of the plug's perform an operation of summation modulo 2nwhere n is the length of the subblock in bits: B<---B+S mod 2n. Then similarly converted block A. Is how such seelische in the form of computer programs. However, the prototype method has disadvantages, namely, in the software implementation for computers with 32-bit microprocessor, it does not provide high resistance cryptographic transformation of data to differential and linear cryptanalysis [Kaliski C. S., Yin Y. L. On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm. Advances in Cryptology - CRYPTO'95 Proceedings, SprInger-Verlag, 1995, pp. 171-184]. This disadvantage stems from the fact that the efficiency of operations depending on the data to be converted in order to complicate the known methods of cryptanalysis is reduced because the number of possible variants of the cyclic shift operation is equal to the number of binary bits of the subblock n and not greater than 64.The basis of the invention is to develop a way cryptographic transformation blocks of digital data, in which the conversion of the input data would be carried out in such a manner that a rise in the number of different variants of the operation, dependent on the transform block, which increases the resistance to differential and linear cryptanalysis.This object is achieved in that way cryptographic transformation of binary data blocks, which consists in partitioning the data block on N2 conversion, which depends on the values of the input block, new according to the invention is that as the operations that depend on the values of the input block, you use the permutation of the bits of the subblock.Thanks to this solution makes it possible to increase the number of possible variants of the operation, dependent on the transform block, which increases the strength of cryptographic transform to differential and linear cryptanalysis.New is also the fact that when converting subsection additionally perform an operation of rearranging the bits of the sub-blocks depending on the secret key.This solution is further increased strength to differential and linear cryptanalysis.New is also the fact that additionally form a binary vector V, and the operation of permutation of the bits of the subblock is carried out in dependence on the values of V, and the binary vector at the current step of the conversion form depending on its value at the previous step of the conversion and the value of one of the sub-blocks.This solution provides additional increase in strength is explained in detail by examples, with reference to the accompanying drawings.In Fig. 1 shows a generalized diagram of the cryptographic transformation according to the claimed method.In Fig. 2 schematically shows the structure of the unit managed permutations.In Fig. 3 presents a block diagram of the elementary switch.In Fig. 4 shows a table of input and output signals of the elementary switch when the high potential control signal.In Fig. 5 shows a table of input and output signals basic managed switch with low potential control signal.The invention is illustrated a generalized diagram of the cryptographic transformation of data blocks on the basis of the proposed method, which is presented in Fig. 1, where: P - block managed permutations; A and B are converted subblocks; K4r, K4r-1, K4r-2, K4r-3elements of the secret key (plug); V is a binary vector generated depending on the input data; the sign indicates the operation bitwise sum modulo two; sign - surgery summation modulo n, where n is the length of the subblock data in bits. Bold solid lines indicate the bus transfer n-bit signals, the thin solid line is the transfer of one the n control signals, which are the bits of the subkeys. The use of additional dependencies permutations from the secret key increases the resistance of cryptographic transformation.Fig. 1 shows one round of transformation. Depending on the specific implementation unit operated permutations and the desired speed of the transformations can be set from 2 to 16 or more rounds. This scheme procedures cryptographic transformations can be used to implement encryption and to implement unilateral changes. In the latter case, the secret key is not used and instead signals plug on the control input block P signals are binary vector V is generated depending on the values of the transformed sub-blocks in the intermediate steps of the transformation.Consider specific examples of implementation of the proposed method cryptographic transformation of binary data blocks.Example 1.This example relates to the use of the method for data encryption. The secret key consists of four plug K4r, K4r-1, K4r-2and K4r-3. One round of encryption is described by the following sequence is the value of an assignment operation.2. To transform the sub-block B in accordance with the expression:
< / BR>3. Depending on the values of the subblock A and from connection K4r-1to shift the bits of the subblock B.4. To transform the sub-block A in accordance with the expression:
< / BR>5. Depending on the values of the sub-block B and the connection TO4rto shift the bits of the subblock A.6. To transform the sub-block B in accordance with the expression:
B _ BA.
Example 2.This example describes one round of unilateral changes in accordance with the following sequence of procedures:
1. To form a binary vector V:
V < - A <<< B.2. To transform the sub-block B in accordance with the expression:
< / BR>3. To form a binary vector V, depending on its value at the previous step and the values of sub-blocks A and B in accordance with the formula:
V _(V<<5. Depending on the values of A and V to shift bits of the subblock B.6. To transform the sub-block A in accordance with the expression:
< / BR>7. To form a binary vector V:
V _(V<<In Fig. 2 shows a possible implementation of the block managed permutations, using the set of elementary preclassic signals, indicated by the dotted lines of the same designation in Fig. 1.The number of different variants of the operation of permutation is equal to the number of possible code combinations on the control input and is for block P with the structure shown in Fig. 2, 28=256, which exceeds the number of operations of cyclic shift used in the method prototype. The same method can be written scheme for the block P with arbitrary sizes of input data and input control signals, in particular for the block P with a 32-bit input data and 32-bit input control signal. In the latter case is achieved by a number of different variants of the operation of permutation is equal to 232> 109.Fig. 3, 4 and 5 explain the work of the elementary switch, where u is the control signal, and b input data, and the d - output data signals. Table of Fig. 4 and 5 show the dependence of the output signals from the input and control signals. From these tables it is seen that when u = 1 line and is switched with line C and line b from line d. When u = 0 line and is switched with the d line, and the line b - line d. Due to the simple structure of modern planar fabrication technology of integrated circuits allows Le is 32, 64 and 128 bits.These examples show that the proposed method of cryptographic transformation of binary data blocks technical feasibility and allows to solve the problem.The inventive method can be implemented, for example, in specialized cryptographic processors, providing the encryption speed of 200 Mbps, sufficient for encryption in real-time all data sent over high-speed fiber-optic communication channels. 1. Way cryptographic transformation of binary data blocks, which consists in partitioning the data block into N2 sub-blocks, the sequential conversion of sub-blocks by performing the above subsection, at least one conversion, which depends on the values of the input unit, wherein as the operation depending on the values of the input block, you use the permutation of the bits of the subblock.2. The method according to p. 1, characterized in that the operation of permutation of the bits of the subblock, depending on the values of the input block is formed depending on a secret key.
SUBSTANCE: method includes generating random numbers with use of displacement register with check connection, elementary digit of which is a q-based symbol (q=2l, l - binary symbol length) at length of q-based digits register, in check connection networks nonlinear two-parameter operations on q-based symbols F (ub, ud) are used, on basis of random replacement tables, for generating next random number values z1=F(ui, uj), z2=F(ut, um), zg=F(z1, z2) are calculated, where ui, uj, ut, um - values of filling of respective register digits, value of result in check connection networks zg is recorded to g digit of displacement register and is a next result of random numbers generation, after which displacement of register contents for one q-based digit is performed.
EFFECT: higher speed and efficiency.
FIELD: electrical communications and computer engineering; cryptographic data conversion.
SUBSTANCE: proposed method includes generation of protection key in the form of n-bit binary vector, its supply for initial filling of shift register producing maximal-length pseudorandom character sequence, conversion of data stream into encoded message, and its transfer over communication line; in the process total character of encoded text is shaped and its value is conveyed at moment when search sequence character assumed value equal to unity.
EFFECT: reduced redundancy in message transferred and enhanced message transfer speed.
1 cl, 2 dwg
FIELD: electric communications.
SUBSTANCE: method is performed using microcontrollers with two memory types: data and software. For transfer of each symbol individual main and reserve codes are used, on basis of number of repeats of symbol in transferred message. First transfer of symbol is performed by main code, second transfer of same symbol - by reserve code, and then codes synchronization displacement is activated for a step around circle relatively to symbols until finish of circle. After transfer of displaced reserve code, closing the circle, synchronous replacement of codes variants is performed, and then order of codes replacement is repeated in case of repeat of any symbol in transferred message. Number of required code variants is set by planned volume of information, sent via communication line.
EFFECT: higher efficiency.
FIELD: data carriers.
SUBSTANCE: data carrier is made in such a way, that for important data protection operations confidential data stored in chip memory or formed by it are separated on at least three portions, also provided is processor for calculation of random number and for dividing confidential data on such random number, while first portion of data is an integer result of such division, and third portion of data is the actual random number.
EFFECT: higher quality of data protection.
3 cl, 1 dwg
FIELD: computer science, communications.
SUBSTANCE: method includes generating a protection key in form of a binary vector n-bit long, sending it for primary filling of displacement register, generating pseudo-random series of maximal length, generating pseudo-random series of symbols, transforming data stream to encrypted message and transmitting the latter along communication line, while pseudo-random series is generated as pseudo-random series of symbols of finite field Fp with characteristic p=2k+1 in form of binary vectors k-nit long by getting information from k different bytes of displacement register with check connection, numbers of which are determined on basis of protection key, and number k is selected equal to one of members of geometric row, which has denominator and first member equal to two, and also a pseudo-random series of symbols is formed for finite field of odd values of symbols due to skipping clock pulses of displacement register with check connection for which pseudo-random series symbols take even values and serially transforming in finite field Fp symbols of source text by involution thereof, appropriate for pseudo-random series symbols.
EFFECT: higher resistance to attacks on basis of known and sorted out texts.
4 cl, 2 dwg
FIELD: radio engineering; secret intelligence protected radio communication systems.
SUBSTANCE: proposed radio communication system incorporating provision for suppressing enemy's radio communication means and radio control channels has information subsystem, noise jamming subsystem, noise memory subsystem, information subsystem elements, and subsystem elements interface unit; each element of information subsystem is made in the form of multichannel time-division radio station; each element of noise jamming subsystem is made in the form of time division multichannel radio station, and each of noise jamming subsystem elements is made in the form of barrage jamming transmitter built around noise signal generating driver; used as drivers are self-stochastic generator operating in different frequency bands.
EFFECT: enhanced intelligence protection of communication channels, simplified design, enhanced reliability.
2 cl, 13 dwg
FIELD: information protection.
SUBSTANCE: method for transferring messages while providing for confidentiality of identification signs of communication system objects with interaction of devices of communication system subscribers through central device for each communication session cryptographic conversion of subscriber device identifier is performed using encryption key of current subscriber device, while during said cryptographic conversion symmetrical cryptographic algorithm is used and two message transfer modes are taken in consideration, on initiative from subscriber device to central device and vice versa.
EFFECT: protection from unsanctioned access to identifiers of devices of system subscribers transferred via communication channels, in particular when providing for confidentiality of messages identification signs in communications systems with multiple subscriber devices.
FIELD: data processing.
SUBSTANCE: before beginning of decoding all possible non-repeating meanings of combinations of alphabet ui are recorded randomly into code spreadsheet with N lines by means of random numbers detector (RND). Number i of code line of code spreadsheet Tk is recorded in each line ui of address spreadsheet Ta. Meaning of combinations of alphabet ui is recorded in spreadsheet Tk, where N-size of alphabet coincident with number of lines of code and address spreadsheets Tk and Ta, ui is original combination being subject to coding. Moreover for filling any next i-line and line from code spreadsheet Tk (where i equals 1 to N) the next meaning of combination of alphabet from RND which is subsequently compared with each i-th meaning from recorded combinations of alphabet in code spreadsheet Tk. In case there is no coincidence with any recorded combinations of alphabet, the next meaning of combination of alphabet ui is recorded into i-th line of code spreadsheet Tk. When coding line ui of address spreadsheet Ta the address A(ui) of original combination is read out from code spreadsheet Tk. Value of coded combination vi of original combination ui at value of parameter of conversion of ξi equals to value of combination of alphabet being stored in line A(vi) of code spreadsheet Tk, which address is determined as A(vi)=A(ui)+ξi for module of N number. Value of coded combination vi is read out from line of code spreadsheet Tk with address A(vi). When decoding coded combination vi at value of conversion parameter of ξi the value of combination is defined, which combination is stored in address line A(ui) of spreadsheet Tk which address is determined as A(ui)=A(vi) - ξi for module N number. Value of ui combination is read out from line of code spreadsheet Tk having address A(ui).
EFFECT: increased speed of data processing.
FIELD: computer science.
SUBSTANCE: method is based on block-wise conversion of message, dependently on secret key, to Cyrillic text.
EFFECT: possible use of Russian texts as containers for steganographic conversion, decreased dependence of statistic characteristics of modified container from concealed message.
2 cl, 6 dwg
SUBSTANCE: block for generation of sub-keys data uses two different processes for open generation of sub-keys. During encoding of T*n block of open text, where T - length of predetermined cycle, n - positive integer, sixteen sets of sub-key data is generated. In al other cases two sets of sub-key data are generated. Encryption block encrypts open text, using formed sixteen or two sets of sub-keys data.
EFFECT: higher efficiency.
6 cl, 15 dwg