Cryptographic converter binary data
The invention relates to telecommunications, and in particular to the field of cryptographic devices to protect information transmitted over telecommunication networks.The device consists of a S2 blocks controlled substitutions (epmo) 1 and S-1 blocks of fixed permutations (FFT) 2. Each BUP 1 is equipped with m-bit managing log (m4) and the n-bit information input and output (n4). BUP 1 and FFT 2 includes a cascaded n-bit information inputs (outputs). Information n-bit input of the first BUP and the S-th BUP information are n-bit input and output of the Converter. BUP with numbers i and (S+1-i) and the i-th and (S-i)-th FFT performed vzaimoobratima. In addition, even when S/2nd FFT, and if S is odd (S+1)/2-th BUP internally samobytnymi. The bitness of the control inputs of the i-th and (S+1-i)-th BUP chosen to be equal. The technical result achieved in the claimed device is providing direct and inverse transform n-bit binary vector. 1 C.p. f-crystals, 9 Il.
The invention relates to the field electric data in particular, for the protection of information transmitted over telecommunication networks.
The known device for converting binary data.
In the work of John C. Kam, George I. Davida "Structured design of Substitution-Permutation encryption networks" IEEE Transactions on computers, vol. c-28, Nr.10, October 1979, pp.747-751, Fig.2 describes a device for the controlled conversion of binary data. The device consists of three blocks controlled substitutions (epmo) and two blocks of fixed permutations (FFT). Each BUP consists of three managed elements (RES) having 3-bit information inputs and outputs and a single-bit control inputs. Information 9-bit outputs BUP connected to the corresponding 9-bit FFT inputs, the outputs of which in turn is connected to a 9-bit inputs BUP. The information input of the first BUP and the output of the third BUP are 9-bit information input and output device. The combination of the control inputs UE in each BUP is the Manager of the entrance. In turn, the control inputs of all BUP are 9-bit managing input devices.
However, the known device has drawbacks:
1. The relatively low encryption strength that is because after you enter the key conversion carried out by the Department, due to the necessity of using BUP with different bit width information log when building devices with information input, the size of which corresponds to the typical size of the data blocks, namely equal to the natural powers of 2, i.e., equal to 2hwhere h=3, 4, 5,... .
It is also known a device for converting binary data Pat. Of the Russian Federation No. 2140715, IPC H 04 L 9/28, publ. 27.10.99. The known device consists of w2 n-bit series-connected adders and at least one node permutations, which is made in the form of a managed node permutations. The information input node permutations is a control input device, and its output is the second output of the R-th adder, where 1pw.
A disadvantage of the known device is relatively low conversion rate, due to the need to perform multiple rounds of transformation, because in each round will be converted only half of the data block.
The closest to the technical nature of the claimed is a cryptographic Converter binary data, opirg, 2002, S. 174-176, Fig.3.5.
The device prototype consists of S2 blocks controlled substitutions (BUP), S-1 blocks of fixed permutations (FFT) and is equipped with an n-bit, where n4, the information input and output. Information n-bit output of the i-th, where i=1, 2,... , S-1, BUP is connected to the n-bit input of the i-th FFT, n-bit output of which is connected to the n-bit information input (i+1)-th BUP. Each j, where j=1, 2,... , S, boop equipped with mj-bit managing input and n-bit information of the first input and the output of the 5th BUP are n-bit information, respectively, input and output devices.
This device may be used to implement high-speed encryption and/or decryption of blocks of binary data.
However, the device prototype has the following disadvantage is the relatively high cost of the device that performs encryption and decryption, due to the fact that to perform mutually inverse cryptographic transformations require the use of two different devices, one of which performs a direct conversion, and the other corresponding inverse transform.
The purpose of the image is epistemolgy due to advances in it the possibility of execution as a direct, and the inverse transform, i.e., combining in a single diagram of the device of the two functions, which in turn simplifies the construction of the device encryption.
This objective is achieved in that in the known cryptographic Converter binary data containing S2 BUP, S-1 FFT and is equipped with an n-bit, where n4, the information input and output n-bit information output of the i-th, where i=1, 2,... , S-1, BUP is connected to the n-bit input of the i-th FFT, n-bit output of which is connected to the n-bit information input (i+1)-th BUP, each j-th BUP, where j=1, 2,... , S, equipped with mj-bit managing input and n-bit information of the first input and the output of the S-th BUP are n-bit information, respectively, input and output devices, the i-th and (S+1-i)-th BUP, as well as the i-th and (S-i)-th FFT performed vzaimoobratima. If S even S/2-th FFT, and when S is odd [(S+1)/2]-th BUP internally samobytnymi. The control inputs of the i-th and (S+1-i)-th BUP is made equal to the width, i.e., mi=mS+1-i.
BUP consists of Z2 managed elements (UE). Each UE is equipped with t-bit, where t=2, 3, information input and vyhoda is all ZjUE are respectively n-bit information input, output and mj-bit managing input BUP. Moreover, if S is odd all UE [(S+1)/2]-th BUP internally samobytnymi.
Thanks to the new essential features in the claimed device is implemented the ability to direct and/or inverse transformation, i.e. one cryptographic Converter can perform both direct and inverse cryptographic transformation that reduces the cost and simplifies the implementation of devices cryptographic transformation of data that will be used in the claimed object.
The analysis of the prior art showed the lack of analogues characterized by the set of essential features that are identical to all features of the claimed technical solution, which indicates compliance of the device to the condition of patentability “novelty”.
Search results known solutions in this and related areas of technology showed the absence of aggregate distinctive features of the prototype characteristics of the claimed device, providing the same effect as in the claimed method to achieve form the ability of “inventive step”.
The claimed device is illustrated by drawings on which is shown:
- Fig.1 is a General block diagram of the device;
- Fig.2 - the option of constructing schemes BUP;
- Fig.3 - typical variants UE;
- Fig.4 is an electrical schematic UE S2/1;
- Fig.5 is an electrical schematic UE S2/2;
- Fig.6 is an electrical schematic UE S3/1;
- Fig.7 is a drawing explaining vzaimoobratima BUP (FFT);
- Fig.8 is a drawing explaining internally samoobrony BUP (FFT);
- Fig.9 is a diagram illustrating vzaimoobratima switching in two FFT;
Cryptographic binary data Converter shown in Fig.1, consists of S 1 BUP1-1SS-1 FFT 21-2S-1.
The number S BUP 1 and, respectively, 2 FFT is chosen based on a compromise accounting requirements device requirements of cryptographic conversion speed and complexity of implementation. However, the selected value of S must satisfy the condition S2. Each BUP 1 is supplied with n-bit information input and output, where the value of n is determined by the bit width converting a block of binary data. In addition, for every j, where j=1, 2,... , S, boop 1 is equipped with mj- cared, when choosing mjand n must comply with the condition mj4 and n4. Each FFT 2 is also provided with n-bit input and output. Information n-bit output of the i-th BUP 1iwhere i=1, 2,... , S-1, is connected to the n-bit input of the i-th FFT 2i-bit output of which is connected to the n-bit information input (i+1)-th BUP 1i+1. Information n-bit input of the first BUP 11and the S-th 1 BUPsare respectively n-bit information input and output device.
The control inputs of the i-th and (S+1-i)-th BUP 1 is made equal to the bitness: mi=mS+1-i. In addition, the i-th and (S+1-i)-th BUP 1, and the i-th and (S-i)-th FFT 2 made vzaimoobratima. If S even S/2 FFT 2S/2and when S is odd [(S+1)/2]-th BUP 1(S+1)/2internally samobytnymi.
In Fig.1 index x1x2x3,... ,xnand I1,2,3,nthe indicated bits of the n-bit information input X and output of the device. The digits in parentheses indicate the change of the type of conversion when the input is a block of binary data and, accordingly, the output - X.
It is shown in Fig.2 1 BUP designed the n-bit block of binary data depending on mi-bit control vector received at a control input.
In General, any of the epmo 1, for example, the first 11includesEach of the UE is equipped with t-bit (t=2,3) information input and output and w-bit (w=1,2) control input.
Aggregate information inputs, outputs and control inputs of allare, respectively, the n-bit information input, output and w i-bit managing input BUP 11, i.e.,,
where k=1, 2,... ,Z1.
Each UE 1.1 is designed to perform elementary operations controlled operational substitution over low bit depth (t=2,3) block incoming binary data with low bit depth (w=1,2) of the control vector.
In Fig.3 shows typical ways to build UE, denoted as St/w(Fig.3A), where t is the bit of information input and output, w is the width of the control input.
Typical options are S UE3/1(Fig.3b), S2/1(Fig.3b) and S2/2(Fig.3G), which perform elementary-managed lookup type 3× 3 (S3/1and 2× 2 (S, the ome of which is shown in Fig.4 (S2/1), Fig.5 (S2/2) and Fig.6 (S3/1).
So, in Fig.4 shows variations of electronic circuits that implement the lookup type 2× 2 performed on a case of double-bit binary vector (x1x2), depending on the current value of one of the control bits (w=1). Each bit of the output binary vector (u1,2) is a Boolean function of three variables, i.e., y1=f1(x1, x2, w) and y2=f2(x1,x2w). In Fig.4 shows a Boolean function that describes a lookup using the schemes UE S2/1(Fig.4A and 4B).
In Fig.5 shows variations of electronic circuits that implement the lookup type 2× 2 performed on a case of double-bit binary vector (x1x2), depending on the four possible values in the case of double-bit control vector (w=2). For example, the version corresponding to the value of the control vector w=(1, 1) is defined as the inversion of the two input bits (x1, x2- operation of inversion indicated by the symbol “O”. In this embodiment, UE each bit of the output binary vector (u1,2) is a Boolean function of four variables, i.e., y1=f1(x1xThe electronic circuits, implement lookup type 3× 3, performed on trabeculum binary vector (x1x2x3depending on the current value of one of the control bits (w=1). On these diagrams the symbols “&”, “V” and “” denoted, respectively, logic gates and, OR, AND the operation of summing modulo 2. Each bit of the output binary vector (u1,2,3) is a Boolean function of four variables in1=f3(x1, x2, x3, w), y2=f2(x1, x2x3, w), y3=f3(x1x2x3, w).
Depending on the specific variant of circuit implementation of controlled operational substitutions of the three types of UE 1.1 can be chosen the most suitable one that will optimize the use of circuit resources for a given level of strength and speed conversion. In particular, in Fig.2 shows BUP 1, consisting of four UE 1.11-1.14, Two of which are of type S2/2and two S3/1. Such BUP 1 implements a managed operating substitution over a 10-bit binary input vector (n=10) based on the 6-bit control Viktorov input n-bit binary vector at its output. Switching inputs and outputs of the i-th FFT 2 is carried out arbitrarily. In particular, in Fig.7 FFT 2ithe bits of the 8-bit input (n=8) x1, x2, x3,... , x8rotated at the output in the following sequence x1x3x2x5x4x7x6x8.
When choosing patterns and schemes for RES in BUP 1, and also when selecting the variations in FFT 2 must meet the requirements:
- BUP 1 i and (S+1-i), and FFT with 2 rooms and i (S-i) must be made mutually reversible;
- if S is even, S/2-th FFT 1 and 5 odd [(S+1)/2]-th BUP 2 must be completed internally samobytnymi.
Under mutually reversible understand a couple of BUP 1 or pair 2 FFT, which perform the inverse transformation: one of the blocks - the direct conversion of Y=F1(X), the second block is the inverse transformation X=F-12(Y). For example, if the input of the first block filed n-bit sequence of the digital data X (x1x2,... ,xnand the result of the conversion at the output of the received n-bit sequence Y (y1, y2, yn), then fed to the input of the second block, mutually reversible with respect to the first n-bit posledovatelnosti X(x1x2,... , xn) (see Fig.7).
Internally Samoobrona BUP is 1 or 2 FFT, which implements the transformation, which is an involution: X=F(Y), if Y=F(X), i.e. F(F(X))=X (see Fig.8).
Internally Samoobrona BUP 1 if each UE 1.1 also provides a Converter, which is an involution. Schema UE 1.1 implementing such a transformation is known. In particular, in Fig.6 shows the UE 1.1 type S3/3type conversion, which is an involution.
Embodiment of mutually reversible FFT 2 shown in Fig.9 - 2iand 2i+1. Each of these FFT is also internally Samoobrona.
The claimed device operates as follows. When applying to the input n-bit binary vector X (direct conversion) sequentially in each of the epmo 1 and then connected to 2 FFT over him perform respectively controlled operational substitution and fixed permutation. The value of the respective bits of the n-bit vector at the output of a specific (e.g., first) 1 BUP1is defined as a structure BUP (Z1and types of UE 1.1), as well as the values of the corresponding bits of the n-bit control vector. On the n-bit output FFT 211(see Fig.9). The number (i.e. the number of S) such cycles of transformation is chosen with respect to presented to the device requirements for strength and speed conversion. On the output values of the digits (1,2the... ynn-bit converted binary vector Y will be determined collectively held over him by the operations controlled operational substitutions (BUP 11-1sand fixed permutations (FFT 21-2s-1depending on the values of bits m-bit control vectors at control inputs 11-1s.
Performing the inverse transformation, i.e., obtaining at the output n-bit binary vector X, is achieved by the bit values of mi-bit control vector at the control input of the i-th BUP 1igive the values of the bits of mS+1-ith of the steering vector, which had BUP 1S+1-iat its control input for direct conversion. Conversely, the control input BUP 1S+1-ishould the bit values mS+1-i- bit control vector to give the values of the bits that had BUP 1iat its control input for direct conversion.
Effect of mutual reciprocity i-g the Merom (S+1-i) and, respectively, in BUP number (S+1-i) implements the inverse operation is controlled substitution towards BUP with the i-th number.
If S is odd, the control vector applied to BUP number [(S+1)/2], remains unchanged and in force internal soobramoney this epmo process forward and reverse conversion happens automatically.
In FFT 2 the direct and the inverse transform is provided mutually reversible switching circuits of inputs and outputs in FFT with numbers i and (S-i) (see Fig.9), and using S/2-th FFT when S is even with the inner soobramoney (see Fig.9)
Thus, the proposed device allows both the direct and the inverse transform, so with using the same device for the controlled conversion can be performed as the data encryption and decryption, thereby simplifying the construction of the device cryptographic transformation. The proposed device for the controlled conversion can be used in high-speed encoders with high resistance and low complexity circuit implementation.
1. Cryptographic Converter binary data containing S2 blocks controlled substitutions and S-1 blocks of fixed prestan the number of substitutions is connected to the n-bit input of the i-th block of fixed permutations, n-bit output of which is connected to the n-bit information input (i+1)-th block of the controlled substitutions, and n-bit information input of the first and the n-bit information output S-th blocks controlled substitutions are respectively n-bit information input and output cryptographic Converter binary data, and the j-th block controlled substitutions, where j =1,2,..,S, equipped with mj-bit, where mj4, the controlling input, wherein the i-th and [(S+1)-i]-th blocks controlled substitutions, as well as the i-th and (S-i)-th blocks of fixed permutations performed vzaimoobratima, even if S S/2-th block of fixed permutations and when S is odd [(S+1)/2]-th block controlled substitutions performed internally samobytnymi, and control inputs of the i-th and [(S+1)-i]th blocks controlled substitutions are made equal capacity: mi= mS+1-i.
2. Cryptographic Converter binary data under item 1, characterized in that the j-th block controlled substitutions consists of Zj2 managed elements, each of which is provided with a t-bit, where t = 2, 3, the information input and output and w-bit, where w = 1, 2 is the shining elements are respectively n-bit information input, output and mj-bit managing input of the j-th block controlled substitutions, and if S is odd, all the controls [(S+1)/2]-th block controlled substitutions performed internally samobytnymi.
FIELD: engineering of methods for cryptographic transformation of data, possible use in communication, computer and informational systems for cryptographic encryption of information and computation of numbers close to random.
SUBSTANCE: device contains two memory blocks, current time moment timer, two concatenation blocks, two hash-function computation blocks, operation block, computing block.
EFFECT: increased complexity of encryption analysis and decreased probability of reliable prediction of next values of pseudo-random series bits while increasing operation speed of generator.
FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.
SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.
EFFECT: increased level of protection from unsanctioned access.
3 cl, 1 dwg
FIELD: engineering of systems for protecting communication channels, which realize claimed method for user authentication on basis of biometric data by means of provision and extraction of cryptographic key and user authentication.
SUBSTANCE: in accordance to the invention, neither biometric template nor cryptographic user key are explicitly represented in information storage device, without provision of biometric sample and information storage device with a pack stored on it, any cryptographic operations with data are impossible.
EFFECT: creation of biometric access system and method for provision/extraction of cryptographic key and user authentication on basis of biometry, increased key secrecy level, increased reliability, expanded functional capabilities and simplified system creation process.
2 cl, 2 dwg
FIELD: physics, communications.
SUBSTANCE: invention relates to a method and a device for encryption in a mobile broadcast system. The technical result is achieved due to that in a mobile broadcast system, BCAST service subscription management (BSM) manages terminal subscriber information and sends a first delivery message for BCAST service distribution/adaptation (BSD/A), where the said message contains registration key material (RKM) for registering the broadcast service for the terminal, and also at least one service or content identifier. BSD/A sends a first message to BSM for confirming delivery, where the said message contains information indicating success/failure of receiving the first delivery message, and sends the RKM to the terminal.
EFFECT: increased efficiency of encrypting transmitted content.
21 cl, 18 dwg, 7 tbl
FIELD: information technology.
SUBSTANCE: binary sequence of a secret identification key and a binary sequence of a secret embedding key, a cryptographic function and several Fourier coefficients of the electronic image are pre-generated for the sender and the receiver. An electronic image certified by a digital watermark is created for the sender, for which the electronic image is divided into M units with pixel size n×n. An identifier for the m-th unit of the electronic image is created. The binary sequence of the digital watermark of the m-th unit of the electronic image is determined. The digital watermark is embedded into the m-th unit of the electronic image and operations for certifying units of the electronic image for the sender with the digital watermark are repeated until completion. The receiver is sent the electronic image certified with the digital watermark. Authenticity of the electronic image received by the receiver is checked.
EFFECT: invention increases security of an electronic image certified by a digital watermark from deliberate altering of the content of the image.
3 cl, 9 dwg
FIELD: physics, communications.
SUBSTANCE: invention relates to data transmission. The system includes a first and a second communication device. One of the communication devices encrypts transmitted data in order to generate encrypted data and transmits said data to the other communication device which decrypts the received encrypted data. Before encryption, each of the communication devices divides transmitted data into portions with given number of bits. Each of the communication devices changes the number of bits of the transmitted divided data and mixes with the transmitted divided data, except portions with the highest number of bits, and includes fictitious data, the size of which ensures coincidence of the number of bits of the transmitted divided data with the highest number of bits.
EFFECT: low probability of cracking of data by a third party.
19 cl, 6 dwg, 1 ex
FIELD: information technology.
SUBSTANCE: block cipher with common key processing configuration is implemented with improved immunity against such attacks as saturation attacks and algebraic attacks ("РЯС" attack). In the encryption processing device which executes processing of block cipher with common key, S-blocks used as modules of nonlinear transformation processing in round function and installed in round functions execution modules are made capable to use S-blocks of at least two different types. With such configuration, immunity against saturation attacks can be improved. Additionally, types of S-blocks represent mixture of various types.
EFFECT: increased difficulty of cryptanalysis and implementation of highly protected algorithm of block cipher with common key.
14 cl, 19 dwg
FIELD: radio engineering, communication.
SUBSTANCE: method for secure transmission of information includes generating an information signal with encoded information, adaptive summation of said signal with a chaotic masking signal, transmitting the resultant signal over a communication channel to a receiving device, detecting information; during detection, the information signal is identified based on a neural network technique.
EFFECT: high information security.
2 cl, 4 dwg
FIELD: radio engineering, communication.
SUBSTANCE: method of concealing data encryption in a communication network involves the following operations: generating a set of characters using a set of encryption keys as input into a pseudorandom function, wherein each character corresponds to an indicator value; subdividing the encrypted data into a plurality of parts; partitioning each part into a plurality of groups; encoding each part by mapping each group with a character in the set of characters in accordance with its indicator value; and transmitting the mapped characters over a communication network.
EFFECT: high probability of identifying encrypted data in a communication network.
20 cl, 4 dwg
FIELD: information technology.
SUBSTANCE: invention realises a common key block encryption processing with improved immunity against attacks, such as attack by saturation and algebraic attacks (RYAS attacks). In the encryption device which performs common key encryption processing, S blocks which are used as nonlinear conversion processing modules in round functions established in round function execution modules are configured to use S blocks of at least two different types. Such a configuration can improve immunity against attacks by saturation. Furthermore, the types of S blocks are a mixture of different types. Use of such a configuration can improve immunity against algebraic attacks, thereby realising a highly secure encryption device.
EFFECT: harder cryptanalysis and realisation of a highly secure common key block encryption algorithm.
52 cl, 19 dwg