Managed the operational unit

 

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks. Managed the operational processing block of binary data contains s2 active stages, each of which contains2 managed elements, equipped with t-bit information input and output and w-bit managing entrance, where t=2, 3 and w=1,2, and at least one managed element is made the condition w+t=4, and the active cascades consist of managed elements, equipped with double-bit control inputs, active cascade includes managed elements, implemented as a three-digit and two-digit information input and active cascade includes managed elements, implemented as a two-digit and one-bit information inputs. The technical result achieved by the invention is to increase the speed of data processing using programmable logic arrays type FPGA. 4 C.p. f-ly, 33 ill.

In the set of features proposed method uses the following terms:

- operating unit - an electronic circuit that performs the conversion of binary data blocks, called binary vectors; operational block contains the information input to which is served converted binary vector X=(x1, x2, ... , xn), and the output of which forms the converted binary vector Y=(y1, y2, ... , yn); the conversion is carried out by operational block can be expressed analytically in the form Y=F(X);

- binary vector is a sequence of zero and a unit of bits, for example (0101101011); binary vector can be mapped to a numerical value that is determined uniquely by the structure of the binary vector, if we assume that the position of each bit corresponds to a binary digit, a binary vector X, we denote the large Latin letters, and bits which are its components - small Latin letters, as follows X=(x1, x2, ... , xn).

the concatenation operation is a join operation, binary vectors, which is a new DVO is enali; the concatenation operation will be denoted as follows: Z=(X, Y), where X and Y are binary vectors over which the operation of concatenation; for example, if X=(x1, x2, ... , xn) and Y=(y1, y2, ... , ykfor Z=(X, Y) we have Z=(x1x2, ... , xn, y1, y2, ... , yk);

- operand - convert binary vector;

the Hamming weight is the number of unit bits contained in the binary vector;

- managed operating unit operating unit containing an additional input, called managing input to which is fed the managing binary vector V=(1,2, ... ,n) specifying the particular choice of the transformation function F; the dependence of F on V is denoted by the index, namely, in the form of f(V); analytical account of the conversion performed managed operational block has the form Y=F(V)(X);

- managed item is a model node, equipped with a t-bit information input and output, w-bit managing entrance, where t=2, 3 and w=1, 2, and used to build a managed operating units; managed item represent what about the bits of information and control inputs, respectively;

- managed operation - this operation is implemented using managed operating unit, in particular the operation performed on one operand running a binary vector, known as the Manager of the binary vector and consists in generating the output binary vector depending on the operand values and the value of the control binary vector; in formulas managed operation will be designated account F(V)where V is the managing binary vector;

- modification of the managed operation - the operation that corresponds to the conversion of the operand at the fixed value of the control binary vector V=V0;

- reverse driven operation (with respect to some given controlled operations) is a managed operation, all modifications which F-1(V)are reverse with respect to the corresponding modifications of the managed operation F(V), i.e., for any given value of the control binary vector of sequential operations F(V)and F-1(V)over a binary vector X does not change the values of the last that can be analytically written as X:=F(V)(F-1(V)(X)) or X:=F

- circuit resources - the number of active elements (such as transistors or model logic modules) that can be used to implement, for example, for the hardware implementation of encryption algorithm;

- circuit complexity implementation of circuit resources used for implementation of the corresponding electronic circuit, such as a managed transaction block.

Known managed adders representing managed operating blocks that implement managed double entry in the [guts N. D., Moldovyan A. A., Moldovyan N. A. Flexible hardware-oriented ciphers based on controlled adders // Problems of information security. 2000. No. 1. C. 8-15] and is used to increase the encryption strength. The disadvantage of managed adders is that their implementation requires considerable circuit resources. A more economical option managed operating blocks are blocks managed permutations [GUZ N. D., Izotov B. C., Moldovyan N. A. Managed permutation symmetric structure in block ciphers // Problems of information security. 2000. No. 4. S. 57-64], implement managed a permutation of the bits of the converted binary vector and ipolish operations provides improved resistance data encryption when using minor circuit resources. However, the device similar implements a special version of the managed operation that preserves the Hamming weight of the operand, which limits the efficiency of the encryption transformation through the use of managed operations.

The closest in technical essence to declare managed the operational unit is controlled operating unit, described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions over binary vectors of a large length//Problems of information security. 2001. No. 4. S. 46-51] and built using the model of the managed elements of S2/1(see Fig.2A) containing the digit information input digit output and single-bit control input. In Fig.24 presents a special version of the realization of the controlled operating unit, built using these managed elements. In this embodiment controlled operating unit has an 8-bit information input, 8-bit output and a 12-bit control input. Conductors that transmit control signals shown in dotted lines and the conductors that transmit information signals (i.e., the bits of the converted binary vector), - splosna elements. The entrances of the upper (first) active cascade inputs are controlled operating unit. The outputs of the bottom (last) active cascade outputs are controlled operating unit. Every two consecutive active cascade interconnected through a fixed switching the respective outputs of the previous stage with the corresponding inputs of the next active stage. When the image is fixed switching on the drawings and figures fixed switching between adjacent active cascades is represented directly by the lines corresponding to the connecting conductors, or in the form of a fixed node switching, located between the respective active cascades. The control inputs of all managed elements that constitute the control input of the control operating unit. In the General case, the device prototype is a managed operational block containing n-bit information input m-bit control input and s2 consecutive active cascades, consisting of k=n/2 is enabled managed items, and a set of information inputs of the managed elements of the i-th the e outputs of the managed elements of the i-th active cascade form an n-bit output of i-active cascade. In addition, the n-bit information input of the first active stage and n-bit output of the s-th active cascade are, respectively, the n-bit information input and output controlled operations unit. Moreover, the combination of the control inputs of all active stages is m-bit managing input of the control operating unit, and each category of n-bit output j active cascade, where j=1, 2, ... , s-1, is connected to one category of n-bit information input (j+1)-th active cascade.

The device prototype provides the weight change Hamming converting operand, however, the hardware implementation using a common programmable logic matrix type FPGA not effectively use the potential inherent in this type of programmable devices. Logical matrix type FPGA [Ugryumov E. P. Digital circuitry. St. Petersburg, BHV - Saint Petersburg, 2000. - 518 C. (see pages 391-412)] is a set of a large number of standard logic modules, the main part of each of which are two logic cells with a four-digit by single-bit input and output. One logic cell to implement arbitrary Boolean is being element of S2/1containing the digit information input digit output and single-bit control input, use one of the standard logic module. This is because the transformation performed by the managed element's2/1that is given two Boolean functions of three variables for which you must use two standard logic cells contained in one standard logical module. However, one cell can implement an arbitrary Boolean function of four variables, i.e., one standard logic module can perform considerably more complex transformation than the conversion of the specified managed element of S2/1namely, the transformation described by two Boolean functions of four variables. Thus, the disadvantage of the prototype hardware implementation using logic programmable logic matrix type FPGA is relatively low processing speed, due to inefficient use of resources standard logic cells.

The basis of the invention is to develop a managed operating unit, the implementation of which more effectively used Potenza given strength decreases the number of logic cells, which leads to the increase in the speed of data processing.

The solution of this problem is achieved by the fact that in managed operational unit, equipped with a n-bit information input and output, where n4, the m-bit managing entrance, where m4, and contains s2 active stages, the first active stage, where i=1,2, ... , s contains k2 managed elements, each of which is equipped with instrumentation and control inputs and output, aggregate information inputs and outputs of the managed elements of the i-th active cascade and the totality of their control inputs are, respectively, the n-bit information input and output and control input of the i-th active cascade, each category of n-bit output of the j-th active cascade, where j=1,2, ... ,s-1, connected to one of the bits of n-bit information input (j+1)-th active cascade, moreover, the n-bit information input of the first active stage, the n-bit output of the s-th active cascade and the combination of the control inputs of all active stages are, respectively, the n-bit information input, n-bit output and m-razadyne least one active cascade consists of managed elements, each of which is provided with a t-bit information input and output, where t=2,3, w-bit managing entrance, where w=1,2, and at least one managed element is made the condition w+t=4, and each discharge control inputs of managed elements contained in the active cascades connected with one of the bits of the m-bit control input of the control operating unit.

This solution provides a more complete use of the potential of programmable logic arrays type FPGA arising from the fact that the managed element with the digit input is implemented using two standard logic cells and programmable logic arrays type FPGA, each of which implements a Boolean function of four variables. The latter leads to significantly improve the efficiency of the transformations carried out by using a controlled element, and the effectiveness of the managed operating unit, based on these managed elements. This improves the efficiency of the managed operation as a cryptographic primitive that allows to reduce the number of rounds of encryption and Torremirona logical matrix type FPGA and increase the speed of data processing.

New is also that at least one of the active cascades contains g of managed elements, equipped with a three-digit information input and output and the bit managing entrance, where g is an odd natural number satisfying 1g&; n/3, for odd n and odd natural number satisfying 1g&; n/3 if n is even&; 6, and h of managed elements, equipped with the digit information input and output, and h=(n-3g)/2.

This ensures the possibility of building a managed operating units with a wide range of the aspect ratio information and the control inputs.

What is new is that n is a natural number multiple of three, and at least one of the active cascades consists of n/3 managed elements, equipped with a three-digit information input and output and the bit managing log.

This ensures the homogeneity of the structures of the spacecraft, times three.

Also new is the fact that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and digit managing log.

Also new is the fact that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and w-bit managing input and at least one of the managed elements are equipped with digit managing log.

The last two options of the proposed technical solutions provide an increase in the number of different potential modifications of the managed operation that implements one of the mechanisms to improve the efficiency of the managed operation as a cryptographic primitive.

The inventive device is illustrated by drawings on which is shown:

in Fig.1 - General scheme managed declared operational block;

in Fig.2 - Types of managed elements and their symbols;

in Fig.3 - Option schemes managed the operational unit S10/18;

in Fig.4 - Option schemes manage the t three variables;

in Fig.6 Variants of transformations implemented a managed element described in example 4, with four different values of the control vector;

in Fig.7 Variants of transformations implemented a managed element described in example 5;

in Fig.8 is a Schematic managed the operational unit S32/160;

in Fig.9 - Option schemes managed the operational unit S64/448;

in Fig.10 - Option schemes managed the operational unit S64/180;

in Fig.11 - Option schemes managed element S3/1;

in Fig.12 - Designation of managed elements are involutions, and the designation of two mutually inverse managed operating units;

in Fig.13 - Option schemes managed element S3/1General type;

in Fig.14 - Option schemes managed element's-l3/1;

in Fig.15 is a Variant of the inverse managed operating units S8/9and S-18/9;

in Fig.16 is a Variant of the build mutually inverse managed operating units S32/72and S-132/72;

in Fig.17 is a Variant of the build mutually inverse managed operating units S8/12and S-18/l2;

in Fig.18 is a Variant of the build mutually reverse urate managed operating units S96/544and S-196/544;

in Fig.20 is a Variant of the build mutually inverse managed operating units S9/9and S-19/9;

in Fig.21 is a Variant of the build mutually inverse managed operating units S81/192and S-181/192;

in Fig.22 is a Variant of the algorithm one-way conversion 192-bit block of data;

in Fig.23 is a Variant of the structure of one round of encryption 128-bit cryptographic transformation;

in Fig.24 - Prototype.

Generalized structure of a managed operating unit corresponding to the claimed invention, represented in Fig.1, where x1, x2, ... , xnbits of the converted binary vector X applied to n-bit information input of the control operating unit; I1,2, ... , ynbits of the output of the binary vector Y, which is formed on the n-bit output controlled operating unit;1,2that ...mbits of the control binary vector V=(1,2, ... .msubmitted represent a s sequential active stages 11, 12, ... , 1sinterconnected with nodes fixed switching 21, 22, ... , 2s-1made in the form of wiring conductors, each of which connects one of the outputs of one of the managed elements of the previous stage with one of the information inputs of one of the managed elements of the subsequent active cascade. In the General case, each active cascade contains the managed elements of the three types of S2/1, S2/2and S3/1are shown by rectangles with a common designation of a managed element St/w. At the same time in different active cascades data managed elements may be contained in various combinations. Depending on the parity of the number of bits of information input n number contained managed elements of type S3/1g is odd or even, ensure the total number of bits of the inputs of all managed elements to the number of bits of information input is active cascade and managed the operational unit as a whole. For odd n, the number g is odd, and g satises 1g&g<n/3. If gn/3, the active cascade h contains the managed elements of type S2/wwhere w=1, 2, and h=(n-3g)/2. In the particular case when arbitrary even n, the active cascade may include only the managed elements of type S2/2which number is n/2. In another particular case, for an arbitrary value of n, a multiple of three, active cascade may include only the managed elements of type S3/1which number is n/3. It is also possible particular cases corresponding to an arbitrary even integer n, in which the active cascade includes managed elements types S2/1and S2/2the number of the total number of which is n/2.

The collection of all information inputs controllable elements of the first cascade form n-bit information input of the control operating unit, set of all outputs of the managed elements of the last active cascade form an n-bit output controlled operating unit, and the sum of all bits of the control inputs controlled items all active stages form an m-bit control input of the control operating unit.

In Fig.2B shows a managed element containing DV is 2/2. On the figures given managed element is denoted by the rectangle which contains the entry "S2/2" or "2/2". The conversion efficiencies implemented using a controlled element of S2/2implemented using two Boolean functions of four variables, due to the fact that it implements four different modification conversion case of double-bit binary input vector while the driven element of S2/1implements only two modifications of such operations. Improving the efficiency of case associated with an increase in the number of modifications of the operations implemented by the managed element.

In Fig.2B shows a managed element that contains a three-digit information input, three-digit output and single-bit control input, denoted as S3/1and the shapes - rectangle with "S3/1" or "3/1". The conversion efficiencies implemented using a controlled element of S3/1implemented using two Boolean functions of four variables, due to the fact that it implements two versions of the conversion operations a three-bit binary input vector while the driven element S efficiency in this case is associated with increasing size of the converted input binary vector.

In the General case managed elements of S2/2implement 4 different modifications of the managed operation performed on the case of double-bit binary vector (x1x2), depending on the current value of the case of double-bit binary control vector (1,2) (see Fig.2B). Each bit of the output binary vector (y1, y2), the resulting transformation binary vector (x1x2) is a Boolean function of four variables x1x2,1and2:, I. e. have y1=f1(x1, x2,1,2and y2=f2(x1x2,1,2). There are a total of Nf=216different Boolean functions of four variables. When implementing the inventive controllable operating units in electronic devices implemented using logical matrix type FPGA, an arbitrary Boolean function of four variables can be implemented using one logical the IPA FPGA, use one of the standard logic module may be implemented two arbitrary Boolean functions of four variables. Thus, using one of the standard logic module FPGA-matrix, you can implement one managed element S2/2of arbitrary type. The number of different possible managed elements of S2/2is Ns=(Nf)2=232from which when you build a managed operating units for specific applications can be selected variants of managed elements of S2/2possessing the desired properties.

Options for implementation of managed elements of S2/1using two Boolean functions of three variables described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length // Problems of information security. 2001. No. 4. S. 46-51].

In the General case managed elements of S3/1implement 2 different modifications of the managed operation performed on trabeculum binary vector (x1x2, x3), depending on the current value of the control bits v (see Fig.2B). Each bit of the output binary vector (y1, y2, y3) the resulting transformation ub>2, x3andi.e. have y1=f1(x1x2x3,), y2=f2(x1, x2x3,and y3=f3(x1x2x3,). Using three standard logic modules logical matrix type FPGA can be implemented six arbitrary Boolean functions of four variables. Thus, using three standard logic module FPGA-matrix, you can implement two managed element S3/1of arbitrary type. When this maximum use of the potential of logic cells. The number of different possible managed elements of S3/1is Ns=(Nf)3=248from which when you build a managed operating units for specific applications can be selected variants of managed elements of S3/1possessing properties efficiently managed operating units.

Managed the operational unit will be denoted as Sn/mwhere the first index denotes the bit information input and output, and the second index, separated from the first separator is personnage block with 10-bit information input, 10-bit output and 18-bit managing entrance, built using 6 managed elements of S2/2and 6 of managed elements of S3/1.

For given values of n and m can be different types of managed operating blocks that are different between a set of used nodes fixed switching. As nodes fixed switching controlled operating unit Sn/mcan be taken as the fixed nodes of the managed switching operating units typen/mbased managed items S2/1and described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length//Problems of information security. 2001. No. 4. S. 46-51], or nodes fixed switching used in managed operating units type Rn/mprepared using the recursive mechanism of the construction described in [GUZ N. D., Izotov B. C., Moldovyan N. A. Managed permutation symmetric structure in block ciphers//Problems of information security. 2000. No. 4. S. 57-64]. For a given set of nodes fixed switching managed various operational and each type of managed elements can be implemented in a large number of specific options, using Boolean functions. In the General case, the number of different modifications managed the operations performed by operational block Sn/mis 2m. The ratio between n and m is determined by the number of active stages in managed operational block and the ratio of managed elements of type S2/zwhere z=1, 2, and S3/1. Consider a specific example of the construction of controllable operating units Sn/m.

Example 1. Managed the operational unit S10/18.

This example is shown in Fig.3b and follows the construction of the managed operating unit S10/18.

Example 2. Managed operating units of type S32/160.

This example is shown in Fig.4 and corresponds to the structural design, managed the operational unit S32/160, which consists of five identical active stages 11, 12, 13, 14, 15and four nodes fixed switching 21, 22, 23, 24. Nodes fixed switching differ and is designed to ensure that the impact of each input bit x1x2, ... , xnfor each output bit y1, y2, ... , yn. Ispolatov S32/160preserving the structural diagram shown in Fig.4. Below are variants of Boolean functions of four variables and examples on how to build the managed elements of S2/2.

Example 3. Options are Boolean functions of the type y =f(x1, x2,1,2).

This example shows variants of Boolean functions of four variables y=f(x1x2,1,2), which can be used to build the managed elements. Variants of these functions, defined by truth tables shown in Fig.5.

Example 4. Building a managed element S2/2.

This example shows a variant of construction of the managed elements of S2/2where as the Boolean function y1=f1(x1, x2,1,2) is the first version of the function y=f(x1, x2,1,2from example 3, and as the Boolean function y2=f2(x1, x2,1,1,2from example 3. Modification of the managed operation, implemented by the managed element's2/2when the values of the control binary vector equal to (1,2)=(0, 0), (1,2)=(0, 1), (1,2)=(1, 0) and (1,2)=(1, 1), presented in the form of a functional circuit in the form of analytical entries on figures 6A, 6b, 6C and 6D, respectively. In Fig.6b and 6g feature of the above variable in the analytical denotes the logical negation operation performed on this variable. In the figures, the logical operation of negation is marked with " ". All four versions of the managed operation, implemented by the managed element's2/2are involutions, i.e., define the transformation satisfying the conditioniffor each of the four possible values of the binary vector (1,Example 5. Building a managed element S2/2.

This example shows a variant of construction of the managed element's2/2presented in four versions of the managed operation that are described by truth tables and explains the functional circuits of Fig.7. Modifications implemented by the values of the control binary vector (1,2)=(0, 0), (2)=(1, 0) and (1,2)=(1, 1) shown in Fig.7a, 7b, 7C and 7G, respectively.

Example 6. The construction of two mutually inverse managed operating units S32/160and S-132/160using the managed elements of S2/2example 4.

A specific type of managed operating unit S32/160can be obtained on the basis of the structural diagram shown in Fig.4, in which as managed elements of S2/2used managed elements, described in example 4. Due to the fact that in the S32/160corresponding to the considered example 6, using managed elements undergoing change, which is the involutions for any value of the control binary vector, you can easily build a managed operating unit S-132/160shown on Fig.8 and which is reverse with respect to the unit S32/160. In block S-132/160use the same type of managed elements that block, S32/160. When this control bits corresponding to the i-th active cascade, where i=1, 2, ... , 5, block S32/160for all values of i ratio is awiti as a concatenation of governors of the binary vectors V1V2, ... , V5corresponding to the individual active cascades managed operating units S32/160and S-132/160namely in the form V=(V1V2V3V4V5). While managing a binary vector Vimanages the i-th active cascade block S32/160and the j-th active cascade block S-132/160,where j=6-i. In the General case for a pair of mutually inverse managed operating units Sn/mand S-1n/mincluding s active cascades, managing binary vector is represented in the form V=(V1V2, ... , Vs), where the managing binary vector Vimanages the i-th active cascade block Sn/mand the j-th active cascade block S-1n/mwhere j=s-i+1. To block S-1n/mwas reverse block Sn/menough to the i-th active cascade of unit Sn/mand j-th active cascade of unit S-1n/mimplemented mutually inverse transformation (this is the case, for example, when these active cascades are identical and all managed elements of which they consist are involutions), and fixed switching between i-th and (i+1)-th active cascades of unit Sn/mwas the reverse fixed Domostroenie managed operating units S32/160and S-132/160using the managed elements of example 5.

Another specific type of managed operating unit S32/160based on the structural diagram shown in Fig.4, can be obtained by using the managed elements of S2/2described in example 5. All modifications of the managed operation specified managed element of example 5, are involutions, so the corresponding reverse driven operating unit S-132/160implemented using structural diagram shown in Fig.8, when used as elements of S2/2managed elements described in example 5.

Example 8. Managed operational blocks S64/448and S-164/448.

Managed operating blocks with 64-bit information input S64/448and S-164/448can be constructed in accordance with flow charts shown in Fig.9a and 9b, respectively. Block S64/448(respectively S-164/448built as a parallel connection of two units S32/160(respectively two blocks S-164/448), combined into a single unit with two active stages, each of which consists of 32 managed elementa the block structure S32/160and S-164/448easy to install, the block structure of S64/448and S-164/448in line with the overall structural design, managed operating units Sn/mpresented on Fig.3.

Example 9. Building a managed operating units S4/5, S4/6, S16/40and S64/180.

In Fig.10A and Fig.10B shows the construction of controllable operating units S4/6and S4/5in which the number of active stages is two, and the set included the managed elements corresponds p. 5 claims. These operating units of relatively small size can be used as a model nodes when building managed operating blocks of arbitrary size. An example of using blocks S4/5for building blocks of S16/40it is shown in Fig.10V. Block S16/40consists of eight blocks of S4/5located in two tiers, each of which consists of four blocks of S4/5. Blocks S4/5the lower layer is connected with the blocks of the upper tier on the principle of “each to each”. An example of using blocks S4/5and S16/40for building blocks of S64/180it is shown in Fig.10g, where the upper layer is represented by four blocks Sthe”, which provides an organic unity block S64/180as a whole.

Taking as a source node, S4/6instead of block S4/5similar to block diagrams (see Fig.10B and 10g) you can build operating units S16/48and S64/228. By combining different combinations of managed elements in the composition of the active cascades managed operating units, you can build blocks Sn/mwith an arbitrary ratio of the size information and the control inputs, which contributes to the choice of optimized solutions when building devices based encryption of the proposed technical solution.

Example 10. Building a managed element S3/1.

In Fig.11 shows a variant of construction of the managed element's3/1submitted by truth tables, which describe the dependence of the output bits from the input at zero value of the control bits v (Fig.11a) and a single control value bits(Fig.11b). These two truth tables completely describe the three Boolean functions y1=f1(x1x2x3,), y2=f2(x1, x2, x3,=0 (Fig.11a) and at=1 (Fig.11b) show that the managed element's3/1corresponding to example 10, is an involution. The following schemes managed elements, which are involutions denote the sign "° used as an upper index: S°3/1(Fig.12A), S°2/1(Fig.11b), S°2/2(Fig.11b). Two mutually inverse managed operating unit having n-bit information input and m-bit control input, where n 2 and m 1, will be denoted as a pair of Sn/mand S-1n/m(see Fig.11g). The following example shows a variant of construction of two mutually inverse of managed elements of S3/1and S-l3/l.

Example 11. Building mutually inverse of managed elements of S3/1and S-l3/1non-involutions.

In Fig.13 shows a variant of construction of the managed element's3/1that is not an involution. This option is described functional diagrams and truth tables corresponding to zero (Fig.13A) and isolated (Fig.13B) to the value of the control is implemented elements allows you to choose the one which have more prominent characteristics of the propagation of errors that for some types of managed operating units is preferred because it reduces the number of rounds of cryptographic transformation and thereby reduce the circuit complexity and improve the performance of algorithms a cryptographic transformation of, for example, the hash data. When using such controlled operating units for data encryption, you must implement the corresponding reverse driven operating units. To implement the latter by using the corresponding inverse managed elements of S-13/1. In Fig.14 shows a variant implementation of the managed element's-13/1, which is the reverse of the managed element's3/1shown on Fig.13.

Example 12. Building mutually inverse managed operating units S8/9and S-18/9.

This example is shown in Fig.15, which presents the managed operating unit S8/9(Fig.15A), built using managed items S°2/2and S3/1and block S-18/9(Fig.15B), built using/sub> you can use one of the managed elements, described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length//Problems of information security. 2001. No. 4. S. 46-51], as well as a pair of mutually inverse of managed elements of S3/1and S-13/1you can use a couple of managed elements from example 11. Managed operational blocks S8/9and S-18/9can serve as a typical node when building larger managed operating units, for example, shown in Fig.16 blocks S32/72and S-132/72which size is best suited for the design of iterative block cipher with a 64-bit input. Depending on the current technical problems, based managed items S°2/1, S3/1and S-13/1different types you can build quite a large variety of controllable operating units that differ in terms of structure, size information and the control input, and in its properties, which provides ample opportunities for effective design of cryptographic algorithms. The following example shows the construction of controllable operating units S8/12and S-18/12and a couple of blocks S64/192and S-164/192.

Example build a pair of mutually inverse blocks S8/12and S-18/12it is shown in Fig.17, which shows the managed operating unit S8/12(Fig.17A), built using managed items S°2/2and S3/1(Fig.17B), and managed the operational unit S-18/12(Fig.17B), built using managed items S°2/2and S-13/1. As a typical controlled item S°2/2you can use a managed element described in example 5, and as a pair of mutually inverse of managed elements of S3/1and S-13/1you can use a couple of managed elements from example 11. Managed operational blocks S8/12and S-18/12can serve as a typical node when building larger managed operating units, for example, blocks of S64/192and S-164/192,it is shown in Fig.18. Both units S64/192and S-164/192have the same structure, except that the switching of the bits of the control input of a separate active cascades with bits of the control input in units of S64/192and S-164/1922, ... , V6control 1, 2,... ,6 active cascades, counted from top to bottom in the block S64/192and from the bottom up in the block S-1164/192. This corresponds to the General scheme of the switching control inputs of the individual active cascades with the control input in a pair of mutually inverse managed operating units Sn/mand S-1n/m(see example 6). Due to the symmetry of the structure of the block Sn/m, by changing only one switching control inputs active cascades with the control input of the control operating unit, the latter is converted in the reverse driven operating unit S-1n/m. Managed operating blocks with symmetric enable simplify the construction of a pair of mutually inverse blocks, which is essential when designing block ciphers.

Example 14. Build a pair of mutually inverse managed operating units S96/544and S-196/544.

A pair of mutually inverse blocks S96/544and S-196/544(Fig.19) built using operational blocks S32/160and S-132/160and managed items S°3/1described in example 10. Managed the operational unit S95/544modelName blocks S32/160and integrated into a single managed the operational unit of the upper and lower active cascade, each of which includes 32 controlled item S°3/1(Fig.19a). The corresponding inverse block S-196/544contains an internal module, consisting of five active cascades, which is structurally divided into three parallel block S-132/160. Additional two active cascade, have a top and bottom and including 32 a managed element S°3/1combine blocks S-132/160in a single unit, namely in block S-196/544due to the fact that each element of S°3/1connected with each of the blocks S-132/160. Due to the large size of the information input-driven operating units S96/544and S-196/544make it easy to build fast and efficient hardware implementation of algorithms for hashing data. Another option managed operating units of interest to build hashing algorithms are blocks of S81/192and S-181/192, advantage of which is that they have a control input has size exactly two times the size of informationcontrol and convenience of designing algorithms cryptographic transformation.

Example 15. Build a pair of mutually inverse managed operating units S81/192and S-181/192.

A pair of mutually inverse blocks S81/192and S-181/192can be constructed using blocks of S9/9(Fig.20A) and S-19/9(Fig.20B) in accordance with the block diagram shown in Fig.21. Each of the blocks S81/192and S-181/192structurally divided into two modules - the top and bottom. The top module consists of nine parallel blocks S9/9and the lower module consists of nine parallel blocks S-19/9. The upper and lower modules are interconnected on the principle of "each other through switching, performing a permutation of bits, which is the involution which ensures the symmetry of the block structure S81/192. This allows a corresponding reverse block S-181/192by changing the switching control inputs of the individual active cascades with the control input of the control operating unit, keeping an internal switching between the active cascades. When implementing blocks S9/9and S-19/9as a typical controlled item S°3/1>/9and S-19/9is the use of a managed element S3/1from example 11 as a model element in the diagram shown in Fig.20A, and the element's-13/1from example 11 as a model element in the diagram shown in Fig.20B. This option is mutually inverse managed operating units S9/9and S-19/9can also be used when building a managed operating units S81/192and S-181/192in accordance with the design concept shown in Fig.21.

Consider the example of using the blocks Sn/mwhen building algorithm block one-way conversion, which can be used as an integral part of the hashing algorithms, data, and encryption algorithms.

Example 16. Managed operating units S81/192and S-181/192when building block of the algorithm is one-way conversion.

The structure of the algorithm one-way conversion 192-bit block of data is presented in the form of circuit shown in Fig.22. Convertible 192-bit data block is divided into two 81-bit sub-blocks X1and X2after that, each of them will be transformed with the help Desk is each of the subblocks. One-sided transformation is ensured by the fact that the transform sub-blocks when performing each of the operations is carried out jointly. Joint transform sub-blocks is ensured by the fact that managing the binary vector used for management operations, depends on both the sub-blocks of data. The sub-blocks X1and X2converted using operating units S81/192and S-181/192respectively. These operating units are controlled by a binary vector V=(X1X2and V=(X1X2), respectively. As a result of such conversion is formed intermediate subblocks of data T1=S81/192(V)(X1and T2=S-181/192(V)(X2). After that, the sub-blocks of T1and T2converted in accordance with the following formula Y1=S-181/192(V)(T1and Y2=S81/192(V)(T2), where V=(T2X1and V=(T1X2 it is a block (Y1, Y2). A known output value, i.e. the value of the converted block data computing difficult to recover the value of control vectors that were used to select modifications managed operations during conversion of the data block. This determines the computational complexity of computing such a block of data, which would be transformed considered in this example, the algorithm in the data block having the specified value, i.e., the algorithm performs a one-way transformation.

Consider the examples of using the blocks Sn/mwhen building encryption algorithms.

Example 17. Managed operating units S32/160and S-132/160when building a 64-bit block cipher.

In the famous 12-round cipher SPECTR-H64 [N. D. GUZ, B. C. Izotov, A. A. Moldovyan, N. A. Moldovyan. High-speed encryption algorithm SPECTR-H64//safety of information technology. 2000. No. 4. S. 37-50], based on managed permutations P32/80and R-132/80, the latter can be replaced by a managed operating units S32/160and S-132/160, respectively. You need a 160-bit binary control vector corresponding to at what adeniyi V(s)=(V(p)), V(p)and V(s)=(V(b), V(b)), where V(p)and V(b)- control binary vector used for control blocks P32/80and P-132/80, respectively, and V(s)and V(s)- control binary vector used for control blocks S32/160and S-132/160respectively. Due to the higher efficiency of managed operating units S32/160and S-132/160modified cipher is resistant to all known attacks when performing eight rounds of encryption. Hardware implementation of an improved 8-round cipher using programmable logic arrays type FPGA requires approximately 1.5 times smaller quantity of typical FPGA logic modules-matrix compared with a 12-rounder so cipher SPECTR-H64, while the delay time to encrypt one block of data is reduced by 1.5 times, which leads to a significant increase in the speed of encryption.

For the practical construction of the device encryption greatest interest are managed operating units Sn/mwith a value of n=32 and 64, and the value of m=160 and 448, respectively. In these cases, managing a binary vector m is K2...Klwhere l&; 4, used in encryption. For example, the formation of the control binary vector can be made by:

1) repetition of the subblock data: V=(a, a, ... , a) and

2) combination of plug-and-sub-blocks of data: V=(C1And, To2, ... , KlA).

Additionally, managing the binary vector may be subjected to a fixed transformation, for example, above it can be implemented operation bit cyclic shift towards older or younger categories.

Consider the example of construction of a 128-bit cipher-based managed operating units S64/448and S-164/448described in example 8.

Example 18. Managed operating units S32/160and S-132/160when building a 128-bit block cipher.

Example 18 is illustrated in Fig.23. Encryption 128-bit data block X is as follows. Generated secret key is represented as the following cumulative 64-bit round distance plug: K1, K2, ... , K6; Q1, Q2, ... , Q6and U1U2, ... , U6. Convert 128-bit Westie with the following algorithm.

1. Set the count of the number of rounds of encryption r:=1.

2. To form on the connect Torand subblock And 448-bit managing binary vector V1:= (CrAnd, TorAnd, TorAnd, Tor).

3. To form mounts Urand subblock And 448-bit managing binary vector V2:=(Ur, A, Ur, A, UrAnd, Ur).

4. To form mounts Qrand subblock And 448-bit managing binary vector V1:=(Qr, A, Qr, A, Qr, A, Qr).

5. To transform the sub-blocks In, running over it managed operation carried out using a controlled operating unit S64/448depending on the value of the control code V1::=S64/448(v1)(B).

6. Depending on the values of V2convert round subkey Krby performing the above it managed transactions using managed the operational unit S64/448depending on the value of the control code V2:

7. To generate the binary vector F: F:=A.

8. To convert a binary vector F in accordance with the formula: F:=(F+Kr) mod 264.

9. To transform the sub-block B in accordance with the formula: In:=In10. To transform the sub-blocks In, running over it managed operation using managed the operational unit S-164/448depending on the value of the control code V1::=S-164/448(V1)(B).

11. If r&; 6, then increment r:=r+1, to rearrange the sub-blocks a and b and go to step 2.

12. STOP.

The unit cryptogram Y represents the concatenation of the transformed sub-blocks a and b: Y=(a, b). The decryption unit cryptogram by using the same algorithm, except that in step 2 instead of connection Torused data Q7-rat step 3 instead of connection Uruse the subkey K7-rand in step 4 instead of connection Qruse the subkey K7-r. The concatenation operation in steps 2, 3 and 4 is carried out practically without delay, because it is implemented using a simple connection conductors, and steps 5 and 6 are executed in parallel, which speeds up encryption 128-bit data blocks. When the hardware implementation using programmable logic arrays type FPGA this algorithm provides encryption speed balsamy managed the operational unit technical feasibility and allows to solve the problem.

Thanks to mass production of programmable logic arrays type FPGA claimed technical solution can be widely used in practice when creating a budget efficient cryptographic devices are promising for applications in high-speed telecommunication systems and computer networks.

Claims

1. Managed the operational processing block of binary data that contains s serial active cascades, where s2, interconnected through nodes fixed switching, while the i-th active cascade, where i=1, 2,..., s contains2 parallel to the managed elements, each of which is equipped with instrumentation and control inputs and outputs, in this case n-bit information input of the first active stage, the n-bit output of the s-th active cascade and m control inputs s active stages are, respectively, the n-bit information input, n-bit output and the m-bit managing input of the control operating unit, and each output of one of the managed elements of the previous cascade connected to one of the information is present, however, that, at least in one's active cascades each of the managed elements fitted t-bit information input and output, where t=2,3, and w-bit managing entrance, where w=1,2, and at least one managed element is made the condition w+t=4, and each discharge control inputs of managed elements s active cascades connected with one of Redrado m-bit control input of the control operating unit.

2. Managed the operational unit under item 1, characterized in that at least one of the active cascades contains g of managed elements, equipped with a three-digit information input and output and the bit managing entrance, where g is an odd natural number satisfying 1g<n/3, for odd n and odd natural number satisfying 1g<n/3 if n is even>6 and h managed items supplied digit information input and output, and h=(n-3g)/2.

3. Managed the operational unit under item 1, characterized in that n is a natural number multiple of three, and at least one of the active cascades consists of n/3 managed items supplied with erational block under item 1, characterized in that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and digit managing log.

5. Managed the operational unit under item 1, characterized in that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and w-bit managing input and at least one of the managed elements are equipped with digit managing log.



 

Same patents:

The invention relates to radio communications, in particular, for encryption, decryption and processing information

The invention relates to the field of telecommunications and computer technology and may find use in communication systems, computing and information systems for cryptographic close binary information when communicating

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks

The invention relates to a method of operating a communication network, mainly radio network packet data, which contains the station operator network and a lot of user stations

The invention relates to telecommunications and computing, and more particularly to cryptographic methods for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods for data encryption

The invention relates to the field of cryptography, namely the formation of the encryption key/decryption and can be used as a separate element in the construction of symmetric cryptographic systems designed for transmission of encrypted voice, sound, TV, etc

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic transformation

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods to protect information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic devices for data encryption

The invention relates to telecommunications and computing, and more particularly to cryptographic methods for data encryption

The invention relates to telecommunications and computing, and more particularly to cryptographic methods for data encryption

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods for data encryption

The invention relates to communication technology, to a method of encoding speech signals.2 object of the invention is to reduce the probability of decoding speech signals outside observer, simplifying the hardware implementation of the device while increasing its function to carry out the proposed method of encoding speech signals

FIELD: radio engineering.

SUBSTANCE: signal is divided on time intervals, and transfer of time intervals is performed along several data channels, while each time interval is transferred along separate channel, selected randomly.

EFFECT: higher efficiency.

7 dwg

Up!