# Managed the operational unit

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks. Managed the operational processing block of binary data contains s2 active stages, each of which contains2 managed elements, equipped with t-bit information input and output and w-bit managing entrance, where t=2, 3 and w=1,2, and at least one managed element is made the condition w+t=4, and the active cascades consist of managed elements, equipped with double-bit control inputs, active cascade includes managed elements, implemented as a three-digit and two-digit information input and active cascade includes managed elements, implemented as a two-digit and one-bit information inputs. The technical result achieved by the invention is to increase the speed of data processing using programmable logic arrays type FPGA. 4 C.p. f-ly, 33 ill.

In the set of features proposed method uses the following terms:

- operating unit - an electronic circuit that performs the conversion of binary data blocks, called binary vectors; operational block contains the information input to which is served converted binary vector X=(x_{1}, x_{2}, ... , x_{n}), and the output of which forms the converted binary vector Y=(y_{1}, y_{2}, ... , y_{n}); the conversion is carried out by operational block can be expressed analytically in the form Y=F(X);

- binary vector is a sequence of zero and a unit of bits, for example (0101101011); binary vector can be mapped to a numerical value that is determined uniquely by the structure of the binary vector, if we assume that the position of each bit corresponds to a binary digit, a binary vector X, we denote the large Latin letters, and bits which are its components - small Latin letters, as follows X=(x_{1}, x_{2}, ... , x_{n}).

the concatenation operation is a join operation, binary vectors, which is a new DVO is enali; the concatenation operation will be denoted as follows: Z=(X, Y), where X and Y are binary vectors over which the operation of concatenation; for example, if X=(x_{1}, x_{2}, ... , x_{n}) and Y=(y_{1}, y_{2}, ... , y_{k}for Z=(X, Y) we have Z=(x_{1}x_{2}, ... , x_{n}, y_{1}, y_{2}, ... , y_{k});

- operand - convert binary vector;

the Hamming weight is the number of unit bits contained in the binary vector;

- managed operating unit operating unit containing an additional input, called managing input to which is fed the managing binary vector V=(_{1},_{2}, ... ,_{n}) specifying the particular choice of the transformation function F; the dependence of F on V is denoted by the index, namely, in the form of f_{(V)}; analytical account of the conversion performed managed operational block has the form Y=F_{(V)}(X);

- managed item is a model node, equipped with a t-bit information input and output, w-bit managing entrance, where t=2, 3 and w=1, 2, and used to build a managed operating units; managed item represent what about the bits of information and control inputs, respectively;

- managed operation - this operation is implemented using managed operating unit, in particular the operation performed on one operand running a binary vector, known as the Manager of the binary vector and consists in generating the output binary vector depending on the operand values and the value of the control binary vector; in formulas managed operation will be designated account F_{(V)}where V is the managing binary vector;

- modification of the managed operation - the operation that corresponds to the conversion of the operand at the fixed value of the control binary vector V=V_{0};

- reverse driven operation (with respect to some given controlled operations) is a managed operation, all modifications which F^{-1}_{(V)}are reverse with respect to the corresponding modifications of the managed operation F_{(V)}, i.e., for any given value of the control binary vector of sequential operations F_{(V)}and F^{-1}_{(V)}over a binary vector X does not change the values of the last that can be analytically written as X:=F_{(V)}(F^{-1}_{(V)}(X)) or X:=F

- circuit resources - the number of active elements (such as transistors or model logic modules) that can be used to implement, for example, for the hardware implementation of encryption algorithm;

- circuit complexity implementation of circuit resources used for implementation of the corresponding electronic circuit, such as a managed transaction block.

Known managed adders representing managed operating blocks that implement managed double entry in the [guts N. D., Moldovyan A. A., Moldovyan N. A. Flexible hardware-oriented ciphers based on controlled adders // Problems of information security. 2000. No. 1. C. 8-15] and is used to increase the encryption strength. The disadvantage of managed adders is that their implementation requires considerable circuit resources. A more economical option managed operating blocks are blocks managed permutations [GUZ N. D., Izotov B. C., Moldovyan N. A. Managed permutation symmetric structure in block ciphers // Problems of information security. 2000. No. 4. S. 57-64], implement managed a permutation of the bits of the converted binary vector and ipolish operations provides improved resistance data encryption when using minor circuit resources. However, the device similar implements a special version of the managed operation that preserves the Hamming weight of the operand, which limits the efficiency of the encryption transformation through the use of managed operations.

The closest in technical essence to declare managed the operational unit is controlled operating unit, described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions over binary vectors of a large length//Problems of information security. 2001. No. 4. S. 46-51] and built using the model of the managed elements of S_{2/1}(see Fig.2A) containing the digit information input digit output and single-bit control input. In Fig.24 presents a special version of the realization of the controlled operating unit, built using these managed elements. In this embodiment controlled operating unit has an 8-bit information input, 8-bit output and a 12-bit control input. Conductors that transmit control signals shown in dotted lines and the conductors that transmit information signals (i.e., the bits of the converted binary vector), - splosna elements. The entrances of the upper (first) active cascade inputs are controlled operating unit. The outputs of the bottom (last) active cascade outputs are controlled operating unit. Every two consecutive active cascade interconnected through a fixed switching the respective outputs of the previous stage with the corresponding inputs of the next active stage. When the image is fixed switching on the drawings and figures fixed switching between adjacent active cascades is represented directly by the lines corresponding to the connecting conductors, or in the form of a fixed node switching, located between the respective active cascades. The control inputs of all managed elements that constitute the control input of the control operating unit. In the General case, the device prototype is a managed operational block containing n-bit information input m-bit control input and s2 consecutive active cascades, consisting of k=n/2 is enabled managed items, and a set of information inputs of the managed elements of the i-th the e outputs of the managed elements of the i-th active cascade form an n-bit output of i-active cascade. In addition, the n-bit information input of the first active stage and n-bit output of the s-th active cascade are, respectively, the n-bit information input and output controlled operations unit. Moreover, the combination of the control inputs of all active stages is m-bit managing input of the control operating unit, and each category of n-bit output j active cascade, where j=1, 2, ... , s-1, is connected to one category of n-bit information input (j+1)-th active cascade.

The device prototype provides the weight change Hamming converting operand, however, the hardware implementation using a common programmable logic matrix type FPGA not effectively use the potential inherent in this type of programmable devices. Logical matrix type FPGA [Ugryumov E. P. Digital circuitry. St. Petersburg, BHV - Saint Petersburg, 2000. - 518 C. (see pages 391-412)] is a set of a large number of standard logic modules, the main part of each of which are two logic cells with a four-digit by single-bit input and output. One logic cell to implement arbitrary Boolean is being element of S_{2/1}containing the digit information input digit output and single-bit control input, use one of the standard logic module. This is because the transformation performed by the managed element's_{2/1}that is given two Boolean functions of three variables for which you must use two standard logic cells contained in one standard logical module. However, one cell can implement an arbitrary Boolean function of four variables, i.e., one standard logic module can perform considerably more complex transformation than the conversion of the specified managed element of S_{2/1}namely, the transformation described by two Boolean functions of four variables. Thus, the disadvantage of the prototype hardware implementation using logic programmable logic matrix type FPGA is relatively low processing speed, due to inefficient use of resources standard logic cells.

The basis of the invention is to develop a managed operating unit, the implementation of which more effectively used Potenza given strength decreases the number of logic cells, which leads to the increase in the speed of data processing.

The solution of this problem is achieved by the fact that in managed operational unit, equipped with a n-bit information input and output, where n4, the m-bit managing entrance, where m4, and contains s2 active stages, the first active stage, where i=1,2, ... , s contains k2 managed elements, each of which is equipped with instrumentation and control inputs and output, aggregate information inputs and outputs of the managed elements of the i-th active cascade and the totality of their control inputs are, respectively, the n-bit information input and output and control input of the i-th active cascade, each category of n-bit output of the j-th active cascade, where j=1,2, ... ,s-1, connected to one of the bits of n-bit information input (j+1)-th active cascade, moreover, the n-bit information input of the first active stage, the n-bit output of the s-th active cascade and the combination of the control inputs of all active stages are, respectively, the n-bit information input, n-bit output and m-razadyne least one active cascade consists of managed elements, each of which is provided with a t-bit information input and output, where t=2,3, w-bit managing entrance, where w=1,2, and at least one managed element is made the condition w+t=4, and each discharge control inputs of managed elements contained in the active cascades connected with one of the bits of the m-bit control input of the control operating unit.

This solution provides a more complete use of the potential of programmable logic arrays type FPGA arising from the fact that the managed element with the digit input is implemented using two standard logic cells and programmable logic arrays type FPGA, each of which implements a Boolean function of four variables. The latter leads to significantly improve the efficiency of the transformations carried out by using a controlled element, and the effectiveness of the managed operating unit, based on these managed elements. This improves the efficiency of the managed operation as a cryptographic primitive that allows to reduce the number of rounds of encryption and Torremirona logical matrix type FPGA and increase the speed of data processing.

New is also that at least one of the active cascades contains g of managed elements, equipped with a three-digit information input and output and the bit managing entrance, where g is an odd natural number satisfying 1g&; n/3, for odd n and odd natural number satisfying 1g&; n/3 if n is even&; 6, and h of managed elements, equipped with the digit information input and output, and h=(n-3g)/2.

This ensures the possibility of building a managed operating units with a wide range of the aspect ratio information and the control inputs.

What is new is that n is a natural number multiple of three, and at least one of the active cascades consists of n/3 managed elements, equipped with a three-digit information input and output and the bit managing log.

This ensures the homogeneity of the structures of the spacecraft, times three.

Also new is the fact that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and digit managing log.

Also new is the fact that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and w-bit managing input and at least one of the managed elements are equipped with digit managing log.

The last two options of the proposed technical solutions provide an increase in the number of different potential modifications of the managed operation that implements one of the mechanisms to improve the efficiency of the managed operation as a cryptographic primitive.

The inventive device is illustrated by drawings on which is shown:

in Fig.1 - General scheme managed declared operational block;

in Fig.2 - Types of managed elements and their symbols;

in Fig.3 - Option schemes managed the operational unit S_{10/18};

in Fig.4 - Option schemes manage the t three variables;

in Fig.6 Variants of transformations implemented a managed element described in example 4, with four different values of the control vector;

in Fig.7 Variants of transformations implemented a managed element described in example 5;

in Fig.8 is a Schematic managed the operational unit S_{32/160};

in Fig.9 - Option schemes managed the operational unit S_{64/448};

in Fig.10 - Option schemes managed the operational unit S_{64/180};

in Fig.11 - Option schemes managed element S_{3/1};

in Fig.12 - Designation of managed elements are involutions, and the designation of two mutually inverse managed operating units;

in Fig.13 - Option schemes managed element S_{3/1}General type;

in Fig.14 - Option schemes managed element's^{-l}_{3/1};

in Fig.15 is a Variant of the inverse managed operating units S_{8/9}and S^{-1}_{8/9};

in Fig.16 is a Variant of the build mutually inverse managed operating units S_{32/72}and S^{-1}_{32/72};

in Fig.17 is a Variant of the build mutually inverse managed operating units S_{8/12}and S^{-1}_{8/l2};

in Fig.18 is a Variant of the build mutually reverse urate managed operating units S_{96/544}and S^{-1}_{96/544};

in Fig.20 is a Variant of the build mutually inverse managed operating units S_{9/9}and S^{-1}_{9/9};

in Fig.21 is a Variant of the build mutually inverse managed operating units S_{81/192}and S^{-1}_{81/192};

in Fig.22 is a Variant of the algorithm one-way conversion 192-bit block of data;

in Fig.23 is a Variant of the structure of one round of encryption 128-bit cryptographic transformation;

in Fig.24 - Prototype.

Generalized structure of a managed operating unit corresponding to the claimed invention, represented in Fig.1, where x_{1}, x_{2}, ... , x_{n}bits of the converted binary vector X applied to n-bit information input of the control operating unit; I_{1},_{2}, ... , y_{n}bits of the output of the binary vector Y, which is formed on the n-bit output controlled operating unit;_{1},_{2}that ..._{m}bits of the control binary vector V=(_{1},_{2}, ... ._{m}submitted represent a s sequential active stages 1_{1}, 1_{2}, ... , 1_{s}interconnected with nodes fixed switching 2_{1}, 2_{2}, ... , 2_{s-1}made in the form of wiring conductors, each of which connects one of the outputs of one of the managed elements of the previous stage with one of the information inputs of one of the managed elements of the subsequent active cascade. In the General case, each active cascade contains the managed elements of the three types of S_{2/1}, S_{2/2}and S_{3/1}are shown by rectangles with a common designation of a managed element S_{t/w}. At the same time in different active cascades data managed elements may be contained in various combinations. Depending on the parity of the number of bits of information input n number contained managed elements of type S_{3/1}g is odd or even, ensure the total number of bits of the inputs of all managed elements to the number of bits of information input is active cascade and managed the operational unit as a whole. For odd n, the number g is odd, and g satises 1g&_{2/w}where w=1, 2, and h=(n-3g)/2. In the particular case when arbitrary even n, the active cascade may include only the managed elements of type S_{2/2}which number is n/2. In another particular case, for an arbitrary value of n, a multiple of three, active cascade may include only the managed elements of type S_{3/1}which number is n/3. It is also possible particular cases corresponding to an arbitrary even integer n, in which the active cascade includes managed elements types S_{2/1}and S_{2/2}the number of the total number of which is n/2.

The collection of all information inputs controllable elements of the first cascade form n-bit information input of the control operating unit, set of all outputs of the managed elements of the last active cascade form an n-bit output controlled operating unit, and the sum of all bits of the control inputs controlled items all active stages form an m-bit control input of the control operating unit.

In Fig.2B shows a managed element containing DV is
2/2. On the figures given managed element is denoted by the rectangle which contains the entry "S_{2/2}" or "2/2". The conversion efficiencies implemented using a controlled element of S_{2/2}implemented using two Boolean functions of four variables, due to the fact that it implements four different modification conversion case of double-bit binary input vector while the driven element of S_{2/1}implements only two modifications of such operations. Improving the efficiency of case associated with an increase in the number of modifications of the operations implemented by the managed element.

In Fig.2B shows a managed element that contains a three-digit information input, three-digit output and single-bit control input, denoted as S_{3/1}and the shapes - rectangle with "S_{3/1}" or "3/1". The conversion efficiencies implemented using a controlled element of S_{3/1}implemented using two Boolean functions of four variables, due to the fact that it implements two versions of the conversion operations a three-bit binary input vector while the driven element S efficiency in this case is associated with increasing size of the converted input binary vector.

In the General case managed elements of S_{2/2}implement 4 different modifications of the managed operation performed on the case of double-bit binary vector (x_{1}x_{2}), depending on the current value of the case of double-bit binary control vector (_{1},_{2}) (see Fig.2B). Each bit of the output binary vector (y_{1}, y_{2}), the resulting transformation binary vector (x_{1}x_{2}) is a Boolean function of four variables x_{1}x_{2},_{1}and_{2}:, I. e. have y_{1}=f_{1}(x_{1}, x_{2},_{1},_{2}and y_{2}=f_{2}(x_{1}x_{2},_{1},_{2}). There are a total of N_{f}=2^{16}different Boolean functions of four variables. When implementing the inventive controllable operating units in electronic devices implemented using logical matrix type FPGA, an arbitrary Boolean function of four variables can be implemented using one logical the IPA FPGA, use one of the standard logic module may be implemented two arbitrary Boolean functions of four variables. Thus, using one of the standard logic module FPGA-matrix, you can implement one managed element S_{2/2}of arbitrary type. The number of different possible managed elements of S_{2/2}is N_{s}=(N_{f})^{2}=2^{32}from which when you build a managed operating units for specific applications can be selected variants of managed elements of S_{2/2}possessing the desired properties.

Options for implementation of managed elements of S_{2/1}using two Boolean functions of three variables described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length // Problems of information security. 2001. No. 4. S. 46-51].

In the General case managed elements of S_{3/1}implement 2 different modifications of the managed operation performed on trabeculum binary vector (x_{1}x_{2}, x_{3}), depending on the current value of the control bits v (see Fig.2B). Each bit of the output binary vector (y_{1}, y_{2}, y_{3}) the resulting transformation ub>2, x_{3}andi.e. have y_{1}=f_{1}(x_{1}x_{2}x_{3},), y_{2}=f_{2}(x_{1}, x_{2}x_{3},and y_{3}=f_{3}(x_{1}x_{2}x_{3},). Using three standard logic modules logical matrix type FPGA can be implemented six arbitrary Boolean functions of four variables. Thus, using three standard logic module FPGA-matrix, you can implement two managed element S_{3/1}of arbitrary type. When this maximum use of the potential of logic cells. The number of different possible managed elements of S_{3/1}is N_{s}=(N_{f})^{3}=2^{48}from which when you build a managed operating units for specific applications can be selected variants of managed elements of S_{3/1}possessing properties efficiently managed operating units.

Managed the operational unit will be denoted as S_{n/m}where the first index denotes the bit information input and output, and the second index, separated from the first separator is personnage block with 10-bit information input, 10-bit output and 18-bit managing entrance, built using 6 managed elements of S_{2/2}and 6 of managed elements of S_{3/1}.

For given values of n and m can be different types of managed operating blocks that are different between a set of used nodes fixed switching. As nodes fixed switching controlled operating unit S_{n/m}can be taken as the fixed nodes of the managed switching operating units type_{n/m}based managed items S_{2/1}and described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length//Problems of information security. 2001. No. 4. S. 46-51], or nodes fixed switching used in managed operating units type R_{n/m}prepared using the recursive mechanism of the construction described in [GUZ N. D., Izotov B. C., Moldovyan N. A. Managed permutation symmetric structure in block ciphers//Problems of information security. 2000. No. 4. S. 57-64]. For a given set of nodes fixed switching managed various operational and each type of managed elements can be implemented in a large number of specific options, using Boolean functions. In the General case, the number of different modifications managed the operations performed by operational block S_{n/m}is 2^{m}. The ratio between n and m is determined by the number of active stages in managed operational block and the ratio of managed elements of type S_{2/z}where z=1, 2, and S_{3/1}. Consider a specific example of the construction of controllable operating units S_{n/m}.

Example 1. Managed the operational unit S_{10}/_{18}.

This example is shown in Fig.3b and follows the construction of the managed operating unit S_{10}/_{18}.

Example 2. Managed operating units of type S_{32/160}.

This example is shown in Fig.4 and corresponds to the structural design, managed the operational unit S_{32/160}, which consists of five identical active stages 1_{1}, 1_{2}, 1_{3}, 1_{4}, 1_{5}and four nodes fixed switching 2_{1}, 2_{2}, 2_{3}, 2_{4}. Nodes fixed switching differ and is designed to ensure that the impact of each input bit x_{1}x_{2}, ... , x_{n}for each output bit y_{1}, y_{2}, ... , y_{n}. Ispolatov S_{32/160}preserving the structural diagram shown in Fig.4. Below are variants of Boolean functions of four variables and examples on how to build the managed elements of S_{2/2}.

Example 3. Options are Boolean functions of the type y =f(x_{1}, x_{2},_{1},_{2}).

This example shows variants of Boolean functions of four variables y=f(x_{1}x_{2},_{1},_{2}), which can be used to build the managed elements. Variants of these functions, defined by truth tables shown in Fig.5.

Example 4. Building a managed element S_{2/2}.

This example shows a variant of construction of the managed elements of S_{2/2}where as the Boolean function y_{1}=f_{1}(x_{1}, x_{2},_{1},_{2}) is the first version of the function y=f(x_{1}, x_{2},_{1},_{2}from example 3, and as the Boolean function y_{2}=f_{2}(x_{1}, x_{2},_{1},_{1},_{2}from example 3. Modification of the managed operation, implemented by the managed element's_{2/2}when the values of the control binary vector equal to (_{1},_{2})=(0, 0), (_{1},_{2})=(0, 1), (_{1},_{2})=(1, 0) and (_{1},_{2})=(1, 1), presented in the form of a functional circuit in the form of analytical entries on figures 6A, 6b, 6C and 6D, respectively. In Fig.6b and 6g feature of the above variable in the analytical denotes the logical negation operation performed on this variable. In the figures, the logical operation of negation is marked with " ". All four versions of the managed operation, implemented by the managed element's_{2/2}are involutions, i.e., define the transformation satisfying the conditioniffor each of the four possible values of the binary vector (_{1},Example 5. Building a managed element S_{2/2}.

This example shows a variant of construction of the managed element's_{2/2}presented in four versions of the managed operation that are described by truth tables and explains the functional circuits of Fig.7. Modifications implemented by the values of the control binary vector (_{1},_{2})=(0, 0), (_{2})=(1, 0) and (_{1},_{2})=(1, 1) shown in Fig.7a, 7b, 7C and 7G, respectively.

Example 6. The construction of two mutually inverse managed operating units S_{32/160}and S^{-1}_{32/160}using the managed elements of S_{2/2}example 4.

A specific type of managed operating unit S_{32/160}can be obtained on the basis of the structural diagram shown in Fig.4, in which as managed elements of S_{2/2}used managed elements, described in example 4. Due to the fact that in the S_{32/160}corresponding to the considered example 6, using managed elements undergoing change, which is the involutions for any value of the control binary vector, you can easily build a managed operating unit S^{-1}_{32/160}shown on Fig.8 and which is reverse with respect to the unit S_{32/160}. In block S^{-1}_{32/160}use the same type of managed elements that block, S_{32/160}. When this control bits corresponding to the i-th active cascade, where i=1, 2, ... , 5, block S_{32/160}for all values of i ratio is awiti as a concatenation of governors of the binary vectors V_{1}V_{2}, ... , V_{5}corresponding to the individual active cascades managed operating units S_{32/160}and S^{-1}_{32/160}namely in the form V=(V_{1}V_{2}V_{3}V_{4}V_{5}). While managing a binary vector V_{i}manages the i-th active cascade block S_{32/160}and the j-th active cascade block S^{-1}_{32/160,}where j=6-i. In the General case for a pair of mutually inverse managed operating units S_{n/m}and S^{-1}_{n/m}including s active cascades, managing binary vector is represented in the form V=(V_{1}V_{2}, ... , V_{s}), where the managing binary vector V_{i}manages the i-th active cascade block S_{n/m}and the j-th active cascade block S^{-1}_{n/m}where j=s-i+1. To block S^{-1}_{n/m}was reverse block S_{n/m}enough to the i-th active cascade of unit S_{n/m}and j-th active cascade of unit S^{-1}_{n/m}implemented mutually inverse transformation (this is the case, for example, when these active cascades are identical and all managed elements of which they consist are involutions), and fixed switching between i-th and (i+1)-th active cascades of unit S_{n/m}was the reverse fixed Domostroenie managed operating units S_{32/160}and S^{-1}_{32/160}using the managed elements of example 5.

Another specific type of managed operating unit S_{32/160}based on the structural diagram shown in Fig.4, can be obtained by using the managed elements of S_{2/2}described in example 5. All modifications of the managed operation specified managed element of example 5, are involutions, so the corresponding reverse driven operating unit S^{-1}_{32/160}implemented using structural diagram shown in Fig.8, when used as elements of S_{2/2}managed elements described in example 5.

Example 8. Managed operational blocks S_{64/448}and S^{-1}_{64/448}.

Managed operating blocks with 64-bit information input S_{64/448}and S^{-1}_{64/448}can be constructed in accordance with flow charts shown in Fig.9a and 9b, respectively. Block S_{64/448}(respectively S^{-1}_{64/448}built as a parallel connection of two units S_{32/160}(respectively two blocks S^{-1}_{64/448}), combined into a single unit with two active stages, each of which consists of 32 managed elementa the block structure S_{32/160}and S^{-1}_{64/448}easy to install, the block structure of S_{64/448}and S^{-1}_{64/448}in line with the overall structural design, managed operating units S_{n/m}presented on Fig.3.

Example 9. Building a managed operating units S_{4/5}, S_{4/6}, S_{16/40}and S_{64/180}.

In Fig.10A and Fig.10B shows the construction of controllable operating units S_{4/6}and S_{4/5}in which the number of active stages is two, and the set included the managed elements corresponds p. 5 claims. These operating units of relatively small size can be used as a model nodes when building managed operating blocks of arbitrary size. An example of using blocks S_{4/5}for building blocks of S_{16/40}it is shown in Fig.10V. Block S_{16/40}consists of eight blocks of S_{4/5}located in two tiers, each of which consists of four blocks of S_{4/5}. Blocks S_{4/5}the lower layer is connected with the blocks of the upper tier on the principle of “each to each”. An example of using blocks S_{4/5}and S_{16/40}for building blocks of S_{64/180}it is shown in Fig.10g, where the upper layer is represented by four blocks S_{the”, which provides an organic unity block S64/180as a whole.}

Taking as a source node, S_{4/6}instead of block S_{4/5}similar to block diagrams (see Fig.10B and 10g) you can build operating units S_{16/48}and S_{64/228}. By combining different combinations of managed elements in the composition of the active cascades managed operating units, you can build blocks S_{n/m}with an arbitrary ratio of the size information and the control inputs, which contributes to the choice of optimized solutions when building devices based encryption of the proposed technical solution.

Example 10. Building a managed element S_{3/1}.

In Fig.11 shows a variant of construction of the managed element's_{3/1}submitted by truth tables, which describe the dependence of the output bits from the input at zero value of the control bits v (Fig.11a) and a single control value bits(Fig.11b). These two truth tables completely describe the three Boolean functions y_{1}=f_{1}(x_{1}x_{2}x_{3},), y_{2}=f_{2}(x_{1}, x_{2}, x_{3},=0 (Fig.11a) and at=1 (Fig.11b) show that the managed element's_{3/1}corresponding to example 10, is an involution. The following schemes managed elements, which are involutions denote the sign "° used as an upper index: S°_{3/1}(Fig.12A), S°_{2/1}(Fig.11b), S°_{2/2}(Fig.11b). Two mutually inverse managed operating unit having n-bit information input and m-bit control input, where n 2 and m 1, will be denoted as a pair of S_{n/m}and S^{-1}_{n/m}(see Fig.11g). The following example shows a variant of construction of two mutually inverse of managed elements of S_{3/1}and S^{-l}_{3/l}.

Example 11. Building mutually inverse of managed elements of S_{3/1}and S^{-l}_{3/1}non-involutions.

In Fig.13 shows a variant of construction of the managed element's_{3/1}that is not an involution. This option is described functional diagrams and truth tables corresponding to zero (Fig.13A) and isolated (Fig.13B) to the value of the control is implemented elements allows you to choose the one which have more prominent characteristics of the propagation of errors that for some types of managed operating units is preferred because it reduces the number of rounds of cryptographic transformation and thereby reduce the circuit complexity and improve the performance of algorithms a cryptographic transformation of, for example, the hash data. When using such controlled operating units for data encryption, you must implement the corresponding reverse driven operating units. To implement the latter by using the corresponding inverse managed elements of S^{-1}_{3/1}. In Fig.14 shows a variant implementation of the managed element's^{-1}_{3/1}, which is the reverse of the managed element's_{3/1}shown on Fig.13.

Example 12. Building mutually inverse managed operating units S_{8/9}and S^{-1}_{8/9}.

This example is shown in Fig.15, which presents the managed operating unit S_{8/9}(Fig.15A), built using managed items S°_{2/2}and S_{3/1}and block S^{-1}_{8/9}(Fig.15B), built using/sub> you can use one of the managed elements, described in [Eremeev, M. A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions on large vectors of length//Problems of information security. 2001. No. 4. S. 46-51], as well as a pair of mutually inverse of managed elements of S_{3/1}and S^{-1}_{3/1}you can use a couple of managed elements from example 11. Managed operational blocks S_{8/9}and S^{-1}_{8/9}can serve as a typical node when building larger managed operating units, for example, shown in Fig.16 blocks S_{32/72}and S^{-1}_{32/72}which size is best suited for the design of iterative block cipher with a 64-bit input. Depending on the current technical problems, based managed items S°_{2/1}, S_{3/1}and S^{-1}_{3/1}different types you can build quite a large variety of controllable operating units that differ in terms of structure, size information and the control input, and in its properties, which provides ample opportunities for effective design of cryptographic algorithms. The following example shows the construction of controllable operating units S~~8/12and S~~^{-1}_{8/12}and a couple of blocks S_{64/192}and S^{-1}_{64/192}.

~~Example build a pair of mutually inverse blocks S~~_{8/12}and S^{-1}_{8/12}it is shown in Fig.17, which shows the managed operating unit S_{8/12}(Fig.17A), built using managed items S°_{2/2}and S_{3/1}(Fig.17B), and managed the operational unit S^{-1}_{8/12}(Fig.17B), built using managed items S°_{2/2}and S^{-1}_{3/1}. As a typical controlled item S°_{2/2}you can use a managed element described in example 5, and as a pair of mutually inverse of managed elements of S_{3/1}and S^{-1}_{3/1}you can use a couple of managed elements from example 11. Managed operational blocks S_{8/12}and S^{-1}_{8/12}can serve as a typical node when building larger managed operating units, for example, blocks of S_{64/192}and S^{-1}_{64/192,}it is shown in Fig.18. Both units S_{64/192}and S^{-1}_{64/192}have the same structure, except that the switching of the bits of the control input of a separate active cascades with bits of the control input in units of S_{64/192}and S^{-1}_{64/192}2, ... , V_{6}control 1, 2,... ,6 active cascades, counted from top to bottom in the block S_{64/192}and from the bottom up in the block S^{-1}_{164/192}. This corresponds to the General scheme of the switching control inputs of the individual active cascades with the control input in a pair of mutually inverse managed operating units S_{n/m}and S^{-1}_{n/m}(see example 6). Due to the symmetry of the structure of the block S_{n/m}, by changing only one switching control inputs active cascades with the control input of the control operating unit, the latter is converted in the reverse driven operating unit S^{-1}_{n/m}. Managed operating blocks with symmetric enable simplify the construction of a pair of mutually inverse blocks, which is essential when designing block ciphers.

~~Example 14. Build a pair of mutually inverse managed operating units S~~_{96/544}and S^{-1}_{96/544}.

~~A pair of mutually inverse blocks S~~_{96/544}and S^{-1}_{96/544}(Fig.19) built using operational blocks S_{32/160}and S^{-1}_{32/160}and managed items S°_{3/1}described in example 10. Managed the operational unit S_{95/544}modelName blocks S_{32/160}and integrated into a single managed the operational unit of the upper and lower active cascade, each of which includes 32 controlled item S°_{3/1}(Fig.19a). The corresponding inverse block S^{-1}_{96/544}contains an internal module, consisting of five active cascades, which is structurally divided into three parallel block S^{-1}_{32/160}. Additional two active cascade, have a top and bottom and including 32 a managed element S°_{3/1}combine blocks S^{-1}_{32/160}in a single unit, namely in block S^{-1}_{96/544}due to the fact that each element of S°_{3/1}connected with each of the blocks S^{-1}_{32/160}. Due to the large size of the information input-driven operating units S_{96/544}and S^{-1}_{96/544}make it easy to build fast and efficient hardware implementation of algorithms for hashing data. Another option managed operating units of interest to build hashing algorithms are blocks of S_{81/192}and S^{-1}_{81/192}, advantage of which is that they have a control input has size exactly two times the size of informationcontrol and convenience of designing algorithms cryptographic transformation.

~~Example 15. Build a pair of mutually inverse managed operating units S~~_{81/192}and S^{-1}_{81/192}.

~~A pair of mutually inverse blocks S~~_{81/192}and S^{-1}_{81/192}can be constructed using blocks of S_{9/9}(Fig.20A) and S^{-1}_{9/9}(Fig.20B) in accordance with the block diagram shown in Fig.21. Each of the blocks S_{81/192}and S^{-1}_{81/192}structurally divided into two modules - the top and bottom. The top module consists of nine parallel blocks S_{9/9}and the lower module consists of nine parallel blocks S^{-1}_{9/9}. The upper and lower modules are interconnected on the principle of "each other through switching, performing a permutation of bits, which is the involution which ensures the symmetry of the block structure S_{81/192}. This allows a corresponding reverse block S^{-1}_{81/192}by changing the switching control inputs of the individual active cascades with the control input of the control operating unit, keeping an internal switching between the active cascades. When implementing blocks S_{9/9}and S^{-1}_{9/9}as a typical controlled item S°_{3/1}>/9and S^{-1}_{9/9}is the use of a managed element S_{3/1}from example 11 as a model element in the diagram shown in Fig.20A, and the element's^{-1}_{3/1}from example 11 as a model element in the diagram shown in Fig.20B. This option is mutually inverse managed operating units S_{9/9}and S^{-1}_{9/9}can also be used when building a managed operating units S_{81/192}and S^{-1}_{81/192}in accordance with the design concept shown in Fig.21.

~~Consider the example of using the blocks S~~_{n/m}when building algorithm block one-way conversion, which can be used as an integral part of the hashing algorithms, data, and encryption algorithms.

~~Example 16. Managed operating units S~~_{81/192}and S^{-1}_{81/192}when building block of the algorithm is one-way conversion.

~~The structure of the algorithm one-way conversion 192-bit block of data is presented in the form of circuit shown in Fig.22. Convertible 192-bit data block is divided into two 81-bit sub-blocks X~~_{1}and X_{2}after that, each of them will be transformed with the help Desk is each of the subblocks. One-sided transformation is ensured by the fact that the transform sub-blocks when performing each of the operations is carried out jointly. Joint transform sub-blocks is ensured by the fact that managing the binary vector used for management operations, depends on both the sub-blocks of data. The sub-blocks X_{1}and X_{2}converted using operating units S_{81/192}and S^{-1}_{81/192}respectively. These operating units are controlled by a binary vector V=(X_{1}X_{2}and V=(X_{1}X_{2}), respectively. As a result of such conversion is formed intermediate subblocks of data T_{1}=S_{81/192(V)}(X_{1}and T_{2}=S^{-1}_{81/192(V)}(X_{2}). After that, the sub-blocks of T_{1}and T_{2}converted in accordance with the following formula Y_{1}=S^{-1}_{81/192(V)}(T_{1}and Y_{2}=S_{81/192(V)}(T_{2}), where V=(T_{2}X_{1}and V=(T_{1}X_{2 it is a block (Y1, Y2). A known output value, i.e. the value of the converted block data computing difficult to recover the value of control vectors that were used to select modifications managed operations during conversion of the data block. This determines the computational complexity of computing such a block of data, which would be transformed considered in this example, the algorithm in the data block having the specified value, i.e., the algorithm performs a one-way transformation.}

~~Consider the examples of using the blocks S~~_{n/m}when building encryption algorithms.

~~Example 17. Managed operating units S~~_{32/160}and S^{-1}_{32/160}when building a 64-bit block cipher.

~~In the famous 12-round cipher SPECTR-H64 [N. D. GUZ, B. C. Izotov, A. A. Moldovyan, N. A. Moldovyan. High-speed encryption algorithm SPECTR-H64//safety of information technology. 2000. No. 4. S. 37-50], based on managed permutations P~~_{32/80}and R^{-1}_{32/80}, the latter can be replaced by a managed operating units S_{32/160}and S^{-1}_{32/160}, respectively. You need a 160-bit binary control vector corresponding to at what adeniyi V^{(s)}=(V^{(p)}), V^{(p)}and V^{(s)}=(V^{(b)}, V^{(b)}), where V^{(p)}and V^{(b)}- control binary vector used for control blocks P_{32/80}and P^{-1}_{32/80}, respectively, and V^{(s)}and V^{(s)}- control binary vector used for control blocks S_{32/160}and S^{-1}_{32/160}respectively. Due to the higher efficiency of managed operating units S_{32/160}and S^{-1}_{32/160}modified cipher is resistant to all known attacks when performing eight rounds of encryption. Hardware implementation of an improved 8-round cipher using programmable logic arrays type FPGA requires approximately 1.5 times smaller quantity of typical FPGA logic modules-matrix compared with a 12-rounder so cipher SPECTR-H64, while the delay time to encrypt one block of data is reduced by 1.5 times, which leads to a significant increase in the speed of encryption.

~~For the practical construction of the device encryption greatest interest are managed operating units S~~_{n/m}with a value of n=32 and 64, and the value of m=160 and 448, respectively. In these cases, managing a binary vector m is K_{2}..._{}K_{l}where l&; 4, used in encryption. For example, the formation of the control binary vector can be made by:

~~1) repetition of the subblock data: V=(a, a, ... , a) and~~

~~2) combination of plug-and-sub-blocks of data: V=(C~~_{1}And, To_{2}, ... , K_{l}A).

~~Additionally, managing the binary vector may be subjected to a fixed transformation, for example, above it can be implemented operation bit cyclic shift towards older or younger categories.~~

~~Consider the example of construction of a 128-bit cipher-based managed operating units S~~_{64/448}and S^{-1}_{64/448}described in example 8.

~~Example 18. Managed operating units S~~_{32/160}and S^{-1}_{32/160}when building a 128-bit block cipher.

~~Example 18 is illustrated in Fig.23. Encryption 128-bit data block X is as follows. Generated secret key is represented as the following cumulative 64-bit round distance plug: K~~_{1}, K_{2}, ... , K_{6}; Q_{1}, Q_{2}, ... , Q_{6}and U_{1}U_{2}, ... , U_{6}. Convert 128-bit Westie with the following algorithm.

~~1. Set the count of the number of rounds of encryption r:=1.~~

~~2. To form on the connect To~~_{r}and subblock And 448-bit managing binary vector V_{1}:= (C_{r}And, To_{r}And, To_{r}And, To_{r}).

~~3. To form mounts U~~_{r}and subblock And 448-bit managing binary vector V_{2}:=(U_{r}, A, U_{r}, A, U_{r}And, U_{r}).

~~4. To form mounts Q~~_{r}and subblock And 448-bit managing binary vector V_{1}:=(Q_{r}, A, Q_{r}, A, Q_{r}, A, Q_{r}).

~~5. To transform the sub-blocks In, running over it managed operation carried out using a controlled operating unit S~~_{64/448}depending on the value of the control code V_{1}::=S_{64/448(v1)}(B).

~~6. Depending on the values of V~~_{2}convert round subkey K_{r}by performing the above it managed transactions using managed the operational unit S_{64/448}depending on the value of the control code V_{2}:

~~7. To generate the binary vector F: F:=A.~~

~~8. To convert a binary vector F in accordance with the formula: F:=(F+K~~_{r}) mod 2^{64}.

~~9. To transform the sub-block B in accordance with the formula: In:=In10. To transform the sub-blocks In, running over it managed operation using managed the operational unit S~~^{-1}_{64/448}depending on the value of the control code V_{1}::=S^{-1}_{64/448(V1)}(B).

~~11. If r&; 6, then increment r:=r+1, to rearrange the sub-blocks a and b and go to step 2.~~

~~12. STOP.~~

~~The unit cryptogram Y represents the concatenation of the transformed sub-blocks a and b: Y=(a, b). The decryption unit cryptogram by using the same algorithm, except that in step 2 instead of connection To~~_{r}used data Q_{7-r}at step 3 instead of connection U_{r}use the subkey K_{7-r}and in step 4 instead of connection Q_{r}use the subkey K_{7-r}. The concatenation operation in steps 2, 3 and 4 is carried out practically without delay, because it is implemented using a simple connection conductors, and steps 5 and 6 are executed in parallel, which speeds up encryption 128-bit data blocks. When the hardware implementation using programmable logic arrays type FPGA this algorithm provides encryption speed balsamy managed the operational unit technical feasibility and allows to solve the problem.

~~Thanks to mass production of programmable logic arrays type FPGA claimed technical solution can be widely used in practice when creating a budget efficient cryptographic devices are promising for applications in high-speed telecommunication systems and computer networks.~~

~~Claims~~

~~1. Managed the operational processing block of binary data that contains s serial active cascades, where s2, interconnected through nodes fixed switching, while the i-th active cascade, where i=1, 2,..., s contains2 parallel to the managed elements, each of which is equipped with instrumentation and control inputs and outputs, in this case n-bit information input of the first active stage, the n-bit output of the s-th active cascade and m control inputs s active stages are, respectively, the n-bit information input, n-bit output and the m-bit managing input of the control operating unit, and each output of one of the managed elements of the previous cascade connected to one of the information is present, however, that, at least in one's active cascades each of the managed elements fitted t-bit information input and output, where t=2,3, and w-bit managing entrance, where w=1,2, and at least one managed element is made the condition w+t=4, and each discharge control inputs of managed elements s active cascades connected with one of Redrado m-bit control input of the control operating unit.~~

~~2. Managed the operational unit under item 1, characterized in that at least one of the active cascades contains g of managed elements, equipped with a three-digit information input and output and the bit managing entrance, where g is an odd natural number satisfying 1g<n/3, for odd n and odd natural number satisfying 1g<n/3 if n is even>6 and h managed items supplied digit information input and output, and h=(n-3g)/2.~~

~~3. Managed the operational unit under item 1, characterized in that n is a natural number multiple of three, and at least one of the active cascades consists of n/3 managed items supplied with erational block under item 1, characterized in that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and digit managing log.~~

~~5. Managed the operational unit under item 1, characterized in that n is an even natural number, and at least one of the active cascades consists of n/2 managed items supplied digit information input and output and w-bit managing input and at least one of the managed elements are equipped with digit managing log.~~

**Same patents:**

FIELD: radio engineering.

SUBSTANCE: signal is divided on time intervals, and transfer of time intervals is performed along several data channels, while each time interval is transferred along separate channel, selected randomly.

EFFECT: higher efficiency.

7 dwg