RU2412548C1 - Generation method of common secret key of two remote subscribers of telecommunication system - Google Patents

Abstract

FIELD: radio engineering.

SUBSTANCE: open key Y₁ of the first subscriber is shaped by generating its private secret key in the form of two X₁ and W₁ elements of G group, by generating additional private secret key of the first subscriber in the form of many-digit binary number s₁, by generating V₁ element of G group by the formula

where ° symbol means group operation, and further implementation of group operation with V₁ and W₁ elements, and open key Y₂ of the second subscriber is formed by generating its private secret key in the form of two X₂ and W₂ elements of G group, by generating the additional private secret key of the second subscriber in the form of multi-digit binary number s₂, by generating V₂ element of G group by formula

and further implementation of group operation with V₂ and W₂ elements; at that, conditions of X₁

Z≠Z

X₁, X₁

X₂=X₂

X₁, X₂

Z≠Z

X₂,

and

are met, and non-commutative finite group is used as G group.

EFFECT: improving generation efficiency of common secret key of remote subscribers.

2 cl, 3 tbl, 7 ex, 1 app

Description

The invention relates to the field of telecommunications and computer technology, and more particularly to the field of information security of telecommunication systems, and, in particular, can be used in cryptographic systems with an open key distribution to generate a common encryption key and authentication of remote subscribers.

A known method of generating an encryption key for subscribers of a confidential communication session, including converting a random multi-bit binary number, called a time stamp and determined by the time point, for example, according to the time of the beginning of the communication session, according to a previously agreed cryptographic algorithm controlled by a secret key, which subscribers exchange beforehand by secure communication channel [Ivanov MA Cryptography. M., KUDITS-IMAGE, 2001, - p.197-198]. The disadvantage of this method of generating an encryption key is the need to transmit a secret key through a secure communication channel, which is an expensive element of secret communication systems.

Also known is a method of generating encryption keys by repeatedly sequentially modifying the secret key in accordance with the one-way conversion algorithm [Ivanov M.A. Cryptography. M., KUDITS-IMAGE, 2001, p.205]. A disadvantage of the known method of generating an encryption key is that when the current key is compromised, all subsequent encryption keys are compromised.

Also known is a method of generating a shared secret key of two remote subscribers of a telecommunication system using open communication channels described in the book [N. Moldovyan, A. Moldovyan, M. A. Eremeev Cryptography: from primitives to the synthesis of algorithms. - SPb, BHV-Petersburg, 2004, - 436 p. - see s.408 and s.412-413]. The analogue method consists in performing the following sequence of actions:

1. At the first subscriber, a public key (OK) is formed in the form of two multi-bit binary numbers (MDCs) of the first n and second α (hereinafter in the description text, the MDC should be understood as an electromagnetic signal in binary digital form, in which the total number of bits and order their following reflects some binary number ¹ ) ( ^{1 The} interpretation of the terms used in the description is given in Appendix 1), for which

generate the first m and second q auxiliary prime factors in the form of MDC, and the first MDC n OK is calculated as the product n = mq;

calculate the Euler function φ (n) from the first MDC n OK by the formula φ (n) = (m-1) (q-1);

generating a second MDC α OK, which is mutually simple with the value of the Euler function φ (n) (a pair of MDC n and α forms OK);

calculate the secret MDC γ = α ⁻¹ modφ (n), under which the condition γα mod φ (n) = 1 is fulfilled.

2. Transmit OK, i.e. a pair of MDC p and α, to the second subscriber, for example, via telecommunication networks.

3. At the second subscriber, the secret key K is generated and the image of the secret key is generated in the form of MDC r, by calculating it using the formula r = K ^α modn.

4. The key image r is transmitted to the information recipient.

5. At the information recipient, the encryption key T is calculated by the formula K = r ^γ modn.

With this method, it is possible to openly distribute keys, i.e. without the use of secure communication channels, which reduces the cost of ensuring information security.

However, the known method has a drawback - the relatively large time required to generate a common secret encryption key, which is associated with the need to perform a large amount of calculations at the information recipient due to the large bit depth of the MDC γ, approximately equal to the bit depth of the first MDC n OK, which is chosen to achieve the required cryptographic strength within 1024-2048 bits.

Also known is a method of generating an encryption key, proposed in the patent of the Russian Federation No. 2286022 and consisting in the following sequence of actions:

the information recipient (the first subscriber) is formed OK in the form of the first p and the second α MDC, the bit depth of each of which is selected equal to at least 1024 bits,

transmit OK to the sender of the information (second subscriber),

at the sender of information, an encryption key image is formed in the form of MDC r and is transmitted to the recipient of the information;

the information recipient in the image of the encryption key r calculate the encryption key in the form of MDC K.

The disadvantage of this method is the relatively large size of the OK, which is equal to the total capacity of the numbers α and p.

Closest in technical essence to the claimed one is the well-known method of generating a common secret encryption key for two subscribers using open communication channels, described in the book [N. Moldovyan, A. A. Moldovyan Introduction to public key cryptosystems. - SPb, BHV-Petersburg, 2005, - 286 p. - see p. 408 and p. 104-105]. The closest analogue method (prototype) includes the following steps:

1. Generate a finite group Γ, including a set of integers {1, 2, ..., p-1}, over which as a group operation a multiplication operation is specified modulo p, where p is a simple MDC having a capacity of at least 1024 bits. To do this, generate a simple FDM of the required capacity.

2. An element Z of the final group G, common to both subscribers, is formed, which is an MDC Z∈ {1, 2, ..., p-1}, referring to the indicator p-1 modulo p.

.3. At the first subscriber, an OK is generated in the form of an element Y _{1 of the} final group G, for which a private secret key is generated in the form of a randomly generated MDC x ₁ and Y _{1 is} calculated by the formula

.

4. The public key Y _{1 is} transmitted over the open channel to the second subscriber.

.5. At the second subscriber, they generate OK in the form of element Y _{2 of the} final group G, for which they generate their personal secret key in the form of MDC x ₂ and calculate Y ₂ according to the formula

.

6. The public key Y ₂ transmit on an open channel to the first subscriber.

.7. At the first subscriber, a common secret key is formed in the form of an element K of the final group G by calculating it by the formula

.

.8. The second subscriber generates a shared secret key in the form of an element K of the final group G by calculating it by the formula

.

A disadvantage of the closest analogue is the relatively high complexity of the procedure for generating a shared encryption secret key K, due to the fact that the shared secret encryption key K is calculated by raising a subscriber modulo the MDC r OK to a large integer power equal to the other person’s private secret key.

The aim of the invention is to develop a method for generating an encryption key, which reduces the time required to generate an encryption key by reducing the amount of computation to generate an encryption key while maintaining its required cryptographic strength.

In addition, the claimed technical solution expands the arsenal of funds for this purpose.

This goal is achieved by the fact that in the known method of generating a common secret key of two remote subscribers of a telecommunication system, namely, that they generate the final group G, form a common element Z of the final group G, the first subscriber generates his personal secret key and his OK in the form element Y _{1 of the} final group G, transmit OK of the first subscriber Y _{1 to the} second subscriber, generate a private secret key from the second subscriber and its OK in the form of element Y _{2 of the} final group G, transmit OK of the second subscriber Y _{2 to the} first to the subscriber, the first subscriber forms a shared secret key in the form of an element K of the final group G, depending on the OK of the second subscriber Y ₂ and the personal secret key of the first subscriber, and the second subscriber forms a shared secret key in the form of the element K of the final group G, depending on OK y ₁ of the first subscriber and the second subscriber personal secret key, the new in the claimed invention is that the first subscriber ₁ OK y formed by generating his personal secret key in the form of two elements X ₁ and W ₁ of a finite group G, forming Elem that V ₁ of a finite group G based on the element X ₁ of a finite group G and the common element Z finite group G and then performing the group operation on elements of V ₁ and W ₁ of a finite group G, the second local formed OK Y ₂ by generating his personal secret key in the form of two elements X ₂ and W _{2 of the} final group G, the formation of the element V _{2 of the} final group G, depending on the element X _{2 of the} final group G and the common element Z of the finite group G and the subsequent execution of the group operation on the elements V ₂ and W _{2 of the} final groups G, and in quality stve finite group G using non-commutative finite group.

A non-commutative finite group Γ can be defined by expanding the method for defining commutative multiplicative groups of vectors proposed in [Moldovyan PA, Dernova ES, Moldovyan DN Synthesis of finite extended fields for cryptographic applications // Issues of information security. 2008. No3 (82). C.2-7]. Examples of defining non-commutative groups of vectors with the operation of vector multiplication, which has relatively low complexity, are given below. Due to the relatively low complexity of the vector multiplication operation and the possibility of its effective parallelization, a significant reduction in the time for generating a shared secret key of two subscribers is provided.

Z≠Z

X₁ и W₁

Z≠Z

W₁, где знак

обозначает групповую операцию, формирования элемента V₁ конечной группы Г путем выполнения групповой операции над элементами Х₁ и Z конечной группы Г и последующего выполнения групповой операции над элементами V₁ и W₁ конечной группы Г, у второго абонента формируют OK Y₂ путем генерации его личного секретного ключа в виде двух элементов Х₂ и W₂ конечной группы Г, таких, что выполняются условия Х₂

Z≠Z

Х₂ и W₂

Z≠Z

W₂, формирования элемента V₂ конечной группы Г путем выполнения групповой операции над элементами Х₂ и Z конечной группы Г и последующего выполнения групповой операции над элементами V₂ и W₂ конечной группы Г, у первого абонента формируют общий секретный ключ в виде элемента K конечной группы Г путем формирования элемента R₁ конечной группы Г, заключающегося в выполнении групповой операции над элементом Х₁ конечной группы Г и ОК Y₂ второго абонента Z, т.е. по формуле R₁=X₁

Y₂, и последующего выполнения групповой операции над элементами R₁ и W₁ конечной группы Г, т.е. по формуле К=R₁

W₁, a у второго абонента формируют общий секретный ключ в виде элемента K конечной группы Г путем формирования элемента R₂ конечной группы Г, заключающегося в выполнении групповой операции над элементом Х₂ конечной группы Г и ОК Y₁ первого абонента, т.е. по формуле R₂=Х₂

Y₁, и последующего выполнения групповой операции над элементами R₂ и W₂ конечной группы Г, т.е. по формуле K=R₂

W₂.It is also new that the first subscriber is formed OK Y ₁ by generating his personal secret key in the form of two elements X ₁ and W _{1 of the} final group G, such that the conditions X ₁

Z ≠ Z

X ₁ and W ₁

Z ≠ Z

W ₁ where the sign

denotes a group operation, the formation of the element V _{1 of the} final group G by performing a group operation on the elements X ₁ and Z of the final group G and the subsequent execution of the group operation on the elements V ₁ and W _{1 of the} final group G, the second subscriber is formed OK Y ₂ by generating it personal secret key in the form of two elements X ₂ and W _{2 of the} final group G, such that the conditions X ₂

Z ≠ Z

X ₂ and W ₂

Z ≠ Z

W ₂ , the formation of the element V _{2 of the} final group G by performing a group operation on the elements X ₂ and Z of the final group G and the subsequent execution of the group operation on the elements V ₂ and W _{2 of the} final group G, the first subscriber forms a shared secret key in the form of the element K the final group G by forming the element R _{1 of the} final group G, which consists in performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber Z, i.e. by the formula R ₁ = X ₁

Y ₂ , and the subsequent execution of the group operation on the elements R ₁ and W _{1 of the} final group G, i.e. by the formula K = R ₁

W ₁ , a at the second subscriber form a shared secret key in the form of an element K of the final group G by forming the element R _{2 of the} final group G, consisting in performing a group operation on the element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. according to the formula R ₂ = X ₂

Y ₁ , and the subsequent execution of the group operation on the elements R ₂ and W _{2 of the} finite group G, i.e. by the formula K = R ₂

W ₂ .

By using only two group operations in the formation of a shared secret key K, a further reduction in the time spent on this procedure is provided.

Z≠Z

D, генерируют личный секретный ключ первого абонента в виде двух элементов Х₁ и W₁ конечной группы Г путем генерации случайных МДЧ а₁ и b₁ и последующей генерации элементов Х₁ и W₁ конечной группы Г по формулам

и

и генерируют личный секретный ключ второго абонента в виде двух элементов Х₂ и W₂ конечной группы Г путем генерации случайных МДЧ а₂ и b₂ и последующей генерации элементов Х₂ и W₂ конечной группы Г по формулам

и

.Also new is the fact that they form an additional common element D of the finite group Γ for which condition D

Z ≠ Z

D, generate the personal secret key of the first subscriber in the form of two elements X ₁ and W _{1 of the} final group G by generating random MDCs a ₁ and b ₁ and the subsequent generation of elements X ₁ and W _{1 of the} final group G according to the formulas

and

and generate a personal secret key of the second subscriber in the form of two elements X ₂ and W _{2 of the} final group G by generating random MDC a ₂ and b ₂ and the subsequent generation of elements X ₂ and W _{2 of the} final group G according to the formulas

and

.

Calculation of the secret key by raising the additional common element D to a power equal to randomly selected numbers simplifies the procedure for generating personal secret keys of subscribers.

Z≠Z

Х₁ и

, и генерируют личный секретный ключ второго абонента в виде двух элементов Х₂ и W₂ конечной группы Г, таких что выполняются условия Х₁

Х₂=Х₂

Х₁, Х₂

Z≠Z

Х₂ и

.Also new is the fact that they generate the private secret key of the first subscriber in the form of two elements X ₁ and W _{1 of the} final group G, such that the conditions X ₁

Z ≠ Z

X ₁ and

, and generate a personal secret key of the second subscriber in the form of two elements X ₂ and W _{2 of the} final group G, such that the conditions X ₁

X ₂ = X ₂

X ₁ , X ₂

Z ≠ Z

X ₂ and

.

The use of a pair of mutually inverse elements of group G as a personal secret key of each user unifies the procedure for generating personal secret keys of subscribers and allows to further increase the cryptographic stability of the claimed method by using an additional personal secret key of the user in the form of a randomly selected number and performing the additional operation of raising the common element Z to the final group G to the extent equal to the user's additional private secret key.

Z≠Z

X₁ и

генерации дополнительного личного секретного ключа первого абонента в виде МДЧ s₁, формирования элемента V₁ конечной группы Г по формуле

и последующего выполнения групповой операции над элементами V₁ и W₁ конечной группы Г, а у второго абонента формируют ОК Y₂ путем генерации его личного секретного ключа в виде двух элементов Х₂ и W₂ конечной группы Г, таких что выполняются условия Х₁

Х₂=Х₂

Х₁, Х₂

Z≠Z

Х₂ и

генерации дополнительного личного секретного ключа второго абонента в виде МДЧ s₂, формирования элемента V₂ конечной группы Г по формуле

и последующего выполнения групповой операции над элементами V₂ и W₂ конечной группы Г.It is also new that the first subscriber is formed OK Y ₁ by generating his personal secret key in the form of two elements X ₁ and W _{1 of the} final group G, such that the conditions X ₁

Z ≠ Z

X ₁ and

generating an additional personal secret key of the first subscriber in the form of MDC s ₁ , forming the element V _{1 of the} final group G according to the formula

and then performing a group operation on the elements V ₁ and W _{1 of the} final group G, and the second subscriber forms OK Y ₂ by generating his personal secret key in the form of two elements X ₂ and W _{2 of the} final group G, such that the conditions X ₁

X ₂ = X ₂

X ₁ , X ₂

Z ≠ Z

X ₂ and

generating an additional personal secret key of the second subscriber in the form of MDC s ₂ , forming the element V _{2 of the} final group G according to the formula

and the subsequent execution of the group operation on the elements V ₂ and W _{2 of the} finite group G.

Due to the additional operation of raising the common element Z of the final group G to a degree equal to the additional private secret key, a significant increase in the cryptographic strength of the claimed method for generating the shared secret key of two remote subscribers of the telecommunication system is achieved while maintaining a relatively short time for generating the shared secret key.

Z≠Z

D₁ и D₂

Z=Z

D₂, генерируют личный секретный ключ первого абонента в виде двух элементов Х₁ и W₁ группы Г путем генерации случайных МДЧ а₁ и b₁ и последующей генерации элементов Х₁ и W₁ по формулам

и

и генерируют личный секретный ключ второго абонента в виде двух элементов Х₂ и W₂ группы Г путем генерации случайных МДЧ а₂ и b₂ и последующей генерации элементов Х₂ и W₂ по формулам

и

.Also new is the fact that they form two additional common elements D ₁ and D _{2 of the} finite group G, for which the conditions D ₁

Z ≠ Z

D ₁ and D ₂

Z = z

D ₂ , generate the personal secret key of the first subscriber in the form of two elements X ₁ and W _{1 of} group G by generating random MDC a ₁ and b ₁ and the subsequent generation of elements X ₁ and W ₁ according to the formulas

and

and generate a personal secret key of the second subscriber in the form of two elements X ₂ and W _{2 of} group G by generating random MDC a ₂ and b ₂ and the subsequent generation of elements X ₂ and W ₂ according to the formulas

and

.

Calculation of the secret key by raising additional common elements D ₁ and D _{2 of the} final group G to the degree equal to randomly selected numbers expands options for simplifying the procedure for generating personal secret keys of subscribers.

Z≠Z

D₁, D₂

D₁≠D₁

D₂ и D₂

Z≠Z

D₂, генерируют личный секретный ключ первого абонента в виде двух элементов Х₁ и W₁ группы Г путем генерации случайных МДЧ а₁ и b₁ и последующей генерации элементов Х₁ и W₁ по формулам

и

и генерируют личный секретный ключ второго абонента в виде двух элементов Х₂ и W₂ группы Г путем генерации случайных МДЧ а₂ и b₂ и последующей генерации элементов Х₂ и W₂ по формулам

и

.Also new is the fact that they form two additional common elements D ₁ and D _{2 of the} finite group G, for which the conditions D ₁

Z ≠ Z

D ₁ , D ₂

D ₁ ≠ D ₁

D ₂ and D ₂

Z ≠ Z

D ₂ , generate the personal secret key of the first subscriber in the form of two elements X ₁ and W _{1 of} group G by generating random MDC a ₁ and b ₁ and the subsequent generation of elements X ₁ and W ₁ according to the formulas

and

and generate a personal secret key of the second subscriber in the form of two elements X ₂ and W _{2 of} group G by generating random MDC a ₂ and b ₂ and the subsequent generation of elements X ₂ and W ₂ according to the formulas

and

.

Z≠Z

D₁ и D₂

Z≠Z

ZD₂, а также дополнительному условию D₂

D₁≠D₁

D₂, и вычислению личных секретных ключей абонентов путем возведения общих элементов D₁ и D₂ конечной группы Г в степени, равные случайно выбираемым числам, расширяются варианты унификации процедуры формирования личных секретных ключей абонентов и одновременно обеспечивается дополнительное повышение криптостойкости.Due to the generation of additional common elements D ₁ and D _{2 of a} finite group Γ satisfying the conditions D ₁

Z ≠ Z

D ₁ and D ₂

Z ≠ Z

ZD ₂ , as well as the additional condition D ₂

D ₁ ≠ D ₁

D ₂ , and the calculation of personal secret keys of subscribers by raising the common elements D ₁ and D _{2 of the} final group G to the degree equal to randomly selected numbers, the options for unifying the procedure for generating personal secret keys of subscribers are expanded and at the same time an additional increase in cryptographic strength is provided.

Z

X^-1 с неизвестным значением X являются трудно решаемыми при соответствующем выборе некоммутативной конечной группы Г и значений Y и Z. Это позволяет выполнить вычисление ОК Y абонента в зависимости от его секретного ключа X по формуле Y=X

Z

X^-1, в которой элементы X и Z некоммутативной конечной группы Г выбираются так, что выполняется условие Z

X≠X

Z. При этом в некоммутативных группах всегда существуют коммутативные подгруппы Г_к', которые легко могут быть установлены. Если выбирать личные секретные ключи абонентов из таких коммутативных подгрупп, то возникает возможность формирования общего секретного ключа по ОК первого абонента и личному секретному ключу второго абонента, а также по ОК второго абонента и личному секретному ключу первого абонента. Действительно, пусть Z - общий элемент, Х₁∈Г_к' и Х₂∈Г_к' - личные секретные ключи первого и второго абонентов соответственно, причем выполняются условия некоммутативности Z

X₁≠X₁

Z и Z

Х₂≠Х₂

Z, а также условие коммутативности Х₁

Х₂=Х₂

Х₁ (из последнего условия вытекает выполнимость условия

). Тогда ОК первого (Y₁) и второго (F₂) абонентов формируются путем их вычисления по формулам

и

. Первый абонент вычисляет общий секретный ключ по формуле

, а второй - по формуле

, где при преобразовании последнего выражения использованы условия коммутативности личных секретных ключей Х₁ и Х₂ и их обратных значений

и

. Таким образом, описанная процедура формирования общего секретного ключа действительно обеспечивает формирование одинаковых значений у первого и второго абонентов.The inventive concept of the claimed new technical solution consists in the use of non-commutative finite groups, in which, in the general case, the result of a group operation depends on the arrangement of the elements of the group over which the group operation is performed. Due to this, equations of the form Y = X

Z

X ^-1 with an unknown value of X are difficult to solve with the appropriate choice of a non-commutative finite group G and values of Y and Z. This allows you to calculate OK Y subscriber depending on his secret key X by the formula Y = X

Z

X ^-1 , in which the elements X and Z of a noncommutative finite group Γ are chosen so that condition Z

X ≠ X

Z. Moreover, in non-commutative groups there always exist commutative subgroups Γ _k 'that can easily be established. If you choose personal secret keys of subscribers from such commutative subgroups, then it becomes possible to generate a shared secret key by OK of the first subscriber and the private secret key of the second subscriber, as well as by OK of the second subscriber and the private secret key of the first subscriber. Indeed, let Z be a common element, X ₁ ∈ к _k 'and X ₂ ∈ к _k ' the private secret keys of the first and second subscribers, respectively, and the conditions of non-commutativity Z

X ₁ ≠ X ₁

Z and Z

X ₂ ≠ X ₂

Z, as well as the commutativity condition X ₁

X ₂ = X ₂

X ₁ (the last condition implies the fulfillment of the condition

) Then OK the first (Y ₁ ) and second (F ₂ ) subscribers are formed by calculating them according to the formulas

and

. The first subscriber calculates the shared secret key by the formula

and the second - according to the formula

where, when converting the last expression, the commutativity conditions of personal secret keys X ₁ and X ₂ and their inverse values are used

and

. Thus, the described procedure for generating a shared secret key really ensures the formation of the same values for the first and second subscribers.

Z

X^-1)

(X

V

X^-1)=X

(Z

V)

X^-1, из которого легко установить справедливость формулыFor arbitrary elements V, X, and Z of the noncommutative group Γ, the relation (X

Z

X ^-1 )

(X

V

X ^-1 ) = X

(Z

V)

X ^-1 , from which it is easy to establish the validity of the formula

Z

X^-1)^s=X

Z^s

Х^-1.(X

Z

X ^-1 ) ^s = X

Z ^s

X ^-1 .

и

соответственно. Криптостойкость повышается за счет того, что при таком формировании ОК значительно повышается вычислительная сложность нахождения секретного ключа по ОК. При таком варианте генерации ОК в заявленном способе формирования общего секретного ключа двух удаленных абонентов телекоммуникационной системы у первого абонента общий секретный ключ вычисляют по формулеThe validity of the last relation is due to the fact that a group operation has the property of associativity in groups of any type (see p. 28-43 in the book [B. L. van der Waerden “Algebra.” Publishing House “Doe.” 2004, - 623 from.]). This ratio can be used to build a variant of the claimed method for generating a common secret key of two subscribers of a telecommunication system, providing increased cryptographic strength through the use of an additional personal secret key of the first (second) subscriber in the form of MDC s ₁ (MDC s ₂ ) and the formation of OK Y ₁ and Y ₂ by the formulas

and

respectively. Cryptographic strength is increased due to the fact that with this formation of OK, the computational complexity of finding a secret key in OK increases significantly. With this option for generating OK in the claimed method for generating a common secret key of two remote subscribers of a telecommunication system, the first subscriber shares the shared secret key by the formula

and for the second subscriber - according to the formula

It is easy to see that the values of the secret key generated by the first and second users coincide.

Х₂=Х₂

Х₁ и W₁

W₂=W₂

W₁, то первый абонент может вычислить общий секретный ключ по ОК Y₂=Х₂

Z

W₂ второго абонента, осуществляя вычисления по формуле K=X₁

Y₂

W₁=X₁

Х₂

Z

W₂

W₁, а второй абонент может вычислить общий секретный ключ по формуле K=Х₂

Y₁

W₂=Х₂

X₁

Z

W₁

W₂=X₁

Х₂

Z

W₂

W₁. Сравнение правых частей последних двух выражений показывает, что первый и второй абоненты формируют одно и то же секретное значение K.It is also possible that OK is generated using a private secret key, which is a pair of independent elements X ₁ and W _{1 of a} non-commutative end group G for the first subscriber and elements X ₂ and W _{2 of a} non-commutative end group G for the second subscriber. If for elements X ₁ , W ₁ , X ₂ and W _{2 of a} noncommutative finite group Γ, the commutativity conditions X ₁

X ₂ = X ₂

X ₁ and W ₁

W ₂ = W ₂

W ₁ , then the first subscriber can calculate the shared secret key by OK Y ₂ = X ₂

Z

W _{2 of the} second subscriber, performing the calculations according to the formula K = X ₁

Y ₂

W ₁ = X ₁

X ₂

Z

W ₂

W ₁ , and the second subscriber can calculate the shared secret key by the formula K = X ₂

Y ₁

W ₂ = X ₂

X ₁

Z

W ₁

W ₂ = X ₁

X ₂

Z

W ₂

W ₁ . A comparison of the right-hand sides of the last two expressions shows that the first and second subscribers form the same secret value K.

Consider examples of the generation of non-commutative end groups and specific examples of the implementation of the claimed method for generating a common secret key of two subscribers of a telecommunication system.

Example 1: Generation of non-commutative finite groups of vectors.

Consider the ordered sets of MDCs (a ₁ , a ₂ , ..., a _m ), each of which does not exceed some selected simple MDC p. Such a set is called a vector, and MDC a ₁ , ₂ , ..., a _m are the coordinates of the vector, the value m≥2 is the dimension of the vector equal to the number of coordinates in the vector. The coordinates are MDCs belonging to the set MDC {1, 2, ..., p-1}, where p is a given simple MDC, over which the operations of addition and multiplication modulo p are defined. Another form of writing vectors is to write it in the form of a sum of one-dimensional vectors called components of a vector, each of which represents the coordinate of a vector with a formal base vector assigned to it. We denote the formal basis vectors by lowercase Latin letters e, i, j, etc. In the last record, the recording order of the components of the vector does not matter, for example, the vector Z ₁ = 523425е + 3676785i + 53453453j and Z ₂ = 3676785i + 523425е + 53453453j, where e, i, j are formal basis vectors in which the coordinates are MDCs, are considered as equal, i.e. Z ₁ = Z ₂ . The operation of vector multiplication is defined as the multiplication of all components of the factor vectors, taking into account the fact that the resulting products of formal basis vectors are replaced according to some specified table by one basis vector or a one-component vector, after which all coordinates attributed to the same basis vector are added modulo p. The specified table of multiplication of basis vectors (TUBV) for the case of vectors of dimension m = 3 has, for example, the form of table 1, which defines the following rule of substitution of basis vectors:

е→е, e

i→i, e

j→j, i

е→е, i

i→j, i

j→µe,e

e → e, e

i → i, e

j → j, i

e → e, i

i → j, i

j → μe,

e→j, j

i→µe, j

j→µi,j

e → j, j

i → μe, j

j → µi,

where µ is a given MDC belonging to the set of MDC {1, 2, ..., p-1}.

») выполняется следующим образом:For example, let Z ₁ = a ₁ e + b ₁ i + c ₁ i and Z ₂ = a ₂ e + b ₂ i + c2j, then the operation of multiplying the vectors Z ₁ and Z ₂ (we denote it by the symbol “

") Is performed as follows:

Z₂=(a₁e+b₁i+c₁j)

(a₂e+b₂i+c₂j)=а₁а₂е

е+a₁b₂e

i+a₁c₂e

j+b₁a₂i

e+b₁b₂i

i+b₁c₂i

j+c₁a₂j

e+c₁b₂j

i+c₁c₂j

j=(a₁a₂+µb₁c₂+µc₁b₂)e+(a₁b₂+b₁a₂+µc₁c₂)i+(a₁c₂+c₁a₂+b₁b₂)j.Z ₁

Z ₂ = (a ₁ e + b ₁ i + c ₁ j)

(a ₂ e + b ₂ i + c ₂ j) = a ₁ a ₂ e

e + a ₁ b ₂ e

i + a ₁ c ₂ e

j + b ₁ a ₂ i

e + b ₁ b ₂ i

i + b ₁ c ₂ i

j + c ₁ a ₂ j

e + c ₁ b ₂ j

i + c ₁ c ₂ j

j = (a ₁ a ₂ + µb ₁ c ₂ + µc ₁ b ₂ ) e + (a ₁ b ₂ + b ₁ a ₂ + µc ₁ c ₂ ) i + (a ₁ c ₂ + c ₁ a ₂ + b ₁ b ₂ ) j.

Since each coordinate of the vector takes p different values, the set of vectors for a finite dimension value is finite. With the appropriate task TUBV, the operation of vector multiplication will have the property of associativity. Then all reversible vectors, i.e. vectors for which there are inverse values will form a finite group. Moreover, if the associative operation of vector multiplication is non-commutative, then the generated group of vectors will be non-commutative.

A non-commutative finite group of four-dimensional vectors of the form Z = ae + bi + cj + dk can be generated by choosing a simple MDC p and choosing the TUBW represented by Table 2. The unit element of this non-commutative finite group is the vector E = 1е + 0i + 0j + 0k = ( 1, 0, 0, 0). The generation of various variants of noncommutative finite groups of four-dimensional vectors is carried out by the generation of various values of the simple MDF p and various specific values of the coefficients μ and ε.

A non-commutative finite group of six-dimensional vectors of the form Z = ae + bi + cj + dk + gu + hv can be generated by choosing a simple MDC p and choosing the TUBV presented in Table 3. The unit element of this non-commutative finite group is the vector E = 1е + 0i + 0j + 0k + 0u + 0v = (1, 0, 0, 0, 0, 0). The generation of various variants of non-commutative finite groups of six-dimensional vectors is carried out by the generation of various values of the simple MDF p and various specific values of the coefficients μ and ε.

In the specific embodiments of the claimed method considered below, a non-commutative finite group of four-dimensional vectors is generated, and the elements of the finite group G are vectors. In this case, a simple MDC r with artificially reduced bit depth was used for a more compact recording of examples. In real applications, the bit depth of the MDC p should be chosen equal to 80 bits or more to ensure sufficient cryptographic strength of the claimed method for generating a common secret key of two telecommunication network subscribers.

By analogy with the examples below, various versions of the claimed method can be implemented in which noncommutative finite groups of six-dimensional vectors, noncommutative finite groups of vectors of other dimensions, as well as noncommutative finite groups of a different nature, for example, noncommutative finite groups of non-degenerate matrices with group matrix multiplication ( on the formation of finite groups of matrices, see, for example, the article [Dernova ES, Kostina AA, Moldovyan PA. Final groups of matrices as accept tive digital signature algorithms // Information Security Issues. 2008. No. 3 (82). S.8-12]).

Example 2: Implementation of the claimed method according to claims 1 and 2 of the claims (FI).

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple FDM = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219).

3. The first subscriber generates OK in the form of an element Y _{1 of the} final group G, for which

3.1) generate the private secret key of the first subscriber in the form of vectors

X ₁ = (412485650, 354714868, 11415120, 374981699) and

W ₁ = (218734814, 538682836, 87527669, 422047718),

Z≠Z

X₁ и W₁

Z≠Z

W₁;such that conditions X ₁

Z ≠ Z

X ₁ and W ₁

Z ≠ Z

W ₁ ;

3.2) form a vector V ₁ depending on the element (vector) X _{1 of the} finite group G and the common element Z of the finite group G:

Z=(728320531, 654181207, 65070899, 577618629);V ₁ = X ₁

Z = (728320531, 654181207, 65070899, 577618629);

3.3) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ .

W₁=(425148910, 246457671, 747646831, 410216744).Y ₁ = V ₁

W ₁ = (425148910, 246457671, 747646831, 410216744).

4. The OK of the first subscriber is transmitted to the second subscriber, for example, via an open telecommunication channel.

5. At the second subscriber, an OK is generated in the form of an element (vector) Y _{2 of the} final group G, for which

5.1) generate a personal secret key of the second subscriber in the form of vectors

X ₂ = (370670118, 625081252, 441595984, 439787129) and

W ₂ = (260962717, 154659585, 690010063, 41501431);

Z≠Z

Х₂ и W₂

Z≠Z

W₂ выполняются;verification shows that conditions X ₂

Z ≠ Z

X ₂ and W ₂

Z ≠ Z

W ₂ are performed;

5.2) form a vector V ₂ depending on the element (vector) X _{2 of the} finite group G and the common element Z of the final group G:

Z=(479451174, 559227309, 256367878, 729027484);V ₂ = X ₂

Z = (479451174, 559227309, 256367878, 729027484);

5.3) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(469173303, 40216341, 439013336, 697933857).Y ₂ = V ₂

W ₂ = (469173303, 40216341, 439013336, 697933857).

6. The OK of the second subscriber is transmitted to the first subscriber, for example, via an open telecommunication channel.

7. At the first subscriber, a common secret key is formed in the form of an element (vector) K of the final group G, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which

7.1) form the element (vector) R _{1 of the} final group G by performing a group operation on the element (vector) X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

Y₂=(661128145, 71383748, 132286367, 491638663);R ₁ = X ₁

Y ₂ = (661128145, 71383748, 132286367, 491638663);

7.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. in this example, multiply the vector R ₁ by the vector W ₁ :

W₁=(56050234, 472712410, 528948385, 229431566).K = R ₁

W ₁ = (56050234, 472712410, 528948385, 229431566).

8. At the second subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which

8.1) form the element R _{2 of the} final group G by performing a group operation on the element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. by multiplying the vector X ₂ by the vector Y ₁ :

Y₁=(482946163, 375061607, 517975082, 716663007);R ₂ = X ₂

Y ₁ = (482946163, 375061607, 517975082, 716663007);

8.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ :

W₂=(56050234, 472712410, 528948385, 229431566).K = R ₂

W ₂ = (56050234, 472712410, 528948385, 229431566).

As a result of the actions performed, the first and second subscribers generated the same secret key, which was not explicitly transmitted through OK. For a third party intercepting messages transmitted through the communication channel of the subscribers, the calculation of the secret key K is computationally impractical in practice when choosing a MDC p of 80 bits or more. This embodiment of the inventive method for generating a shared secret key of two remote subscribers of a telecommunication system reduces the formation time a shared secret key in comparison with the closest analogue method even when choosing the MDC p size equal to 2048 bits, which allows significantly to increase cryptographic strength, while maintaining a relatively short time for generating a shared secret key.

Example 3: Implementation of the claimed method according to claim 3 FI.

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple FDM = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219).

Z≠Z

D, в виде следующего вектора:3. An additional general element D of the finite group Γ is formed for which condition D

Z ≠ Z

D, in the form of the following vector:

D = (534608750, 512739492, 524918926, 447002300).

4. At the first subscriber, an OK is generated in the form of an element Y _{1 of the} final group G, for which

4.1) generate random MDCs a ₁ and b ₁ : a ₁ = 291530213 and b ₁ = 184575638;

и

:4.2) generate the personal secret key of the first subscriber in the form of elements X ₁ and W _{1 of the} final group G, calculated by the formulas

and

:

X ₁ = (33699142, 27614207, 589607720, 562339745) and

W ₁ = (156041335, 433249021, 449252506, 154059360).

4.3) form a vector V ₁ depending on the element X _{1 of the} finite group Γ and the general element Z of the finite group Γ:

Z=(501417156, 131388964, 621523999, 283611901);V ₁ = X ₁

Z = (501417156, 131388964, 621523999, 283611901);

4.4) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ :

W₁=(717857199, 69545294, 183473883, 632506213).Y ₁ = V ₁

W ₁ = (717857199, 69545294, 183473883, 632506213).

5. Transmit OK of the first subscriber to the second subscriber.

6. The second subscriber generates OK in the form of an element Y _{2 of the} final group G, for which

6.1) generate random MDC a ₂ and b ₂ : a ₂ = 116495327 and b ₂ = 317562913;

и

:6.2) generate a personal secret key of the second subscriber in the form of elements X ₂ and W _{2 of the} final group G, calculated by the formulas

and

:

X ₂ = (676077679, 640501448, 302593640, 440687969) and

W ₂ = (585868651, 727531050, 697946319, 367672412);

Z≠Z

Х₂ и W₂

Z≠Z

W₂ выполняются;verification shows that conditions X ₂

Z ≠ Z

X ₂ and W ₂

Z ≠ Z

W ₂ are performed;

6.3) form a vector V ₂ depending on the element X _{2 of the} finite group Γ and the common element Z of the finite group Γ:

Z=(291393458, 652305749, 344861251, 175372945);V ₂ = X ₂

Z = (291393458, 652305749, 344861251, 175372945);

6.4) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(422879155, 641610894, 540116498, 145646709).Y ₂ = V ₂

W ₂ = (422879155, 641610894, 540116498, 145646709).

7. Transmit OK of the second subscriber to the first subscriber.

8. At the first subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which

8.1) form the element R _{1 of the} final group G by performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

Y₂=(685855902, 712172111, 595007995, 499592732);R ₁ = X ₁

Y ₂ = (685855902, 712172111, 595007995, 499592732);

8.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. multiply the vector R ₁ by the vector W ₁ :

W₁=(16329912, 348186141, 483076292, 468651775).K = R ₁

W ₁ = (16329912, 348186141, 483076292, 468651775).

9. At the second subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which

9.1) form element R _{2 of the} final group G by performing a group operation on element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. by multiplying the vector X ₂ by the vector Y ₁ :

Y₁=(313099699, 536879836, 647240501, 568582030);R ₂ = X ₂

Y ₁ = (313099699, 536879836, 647240501, 568582030);

9.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ :

W₂=(16329912, 348186141, 483076292, 468651775).K = R ₂

W ₂ = (16329912, 348186141, 483076292, 468651775).

As a result of the actions performed, the first and second subscribers generated the same secret key.

Example 4: Implementation of the claimed method according to claim 4 FI.

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple FDM = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219),

whose order is equal to the MDC q = 375894199.

3. The first subscriber generates OK in the form of an element Y _{1 of the} final group G, for which

3.1) generate the private secret key of the first subscriber in the form of vectors

X ₁ = (412485650, 354714868, 11415120, 374981699) and

,

,

Z≠Z

X₁ и

;such that conditions X ₁

Z ≠ Z

X ₁ and

;

3.2) form a vector V ₁ depending on the element X _{1 of the} finite group G and the general element Z of the final group G:

Z=(728320531, 654181207, 65070899, 577618629);V ₁ = X ₁

Z = (728320531, 654181207, 65070899, 577618629);

3.3) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ :

W₁=(225775009, 81555981, 151356132, 669845920).Y ₁ = V ₁

W ₁ = (225775009, 81555981, 151356132, 669845920).

4. Transmit OK of the first subscriber to the second subscriber, for example, through an open communication channel.

5. The second subscriber generates OK in the form of an element Y _{2 of the} final group G, for which

5.1) generate a personal secret key of the second subscriber in the form of vectors

X ₂ = (370670118, 625081252, 441595984, 439787129) and

Х₂=Х₂

Х₁, Х₂

Z≠Z

Х₂ и

;such that conditions X ₁

X ₂ = X ₂

X ₁ , X ₂

Z ≠ Z

X ₂ and

;

5.2) form a vector V ₂ depending on the element X _{2 of the} finite group G and the common element Z of the final group G:

Z=(479451174, 559227309, 256367878, 729027484);V ₂ = X ₂

Z = (479451174, 559227309, 256367878, 729027484);

5.3) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, an OK is formed in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(225775009, 359096640, 159959475, 610994590).Y ₂ = V ₂

W ₂ = (225775009, 359096640, 159959475, 610994590).

6. The OK of the second subscriber is transmitted to the first subscriber, for example, via an open communication channel.

7. At the first subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which

7.1) form the element R _{1 of the} final group G by performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

Y₂=(728320531, 667645298, 157932283, 733253337);R ₁ = X ₁

Y ₂ = (728320531, 667645298, 157932283, 733253337);

7.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. multiply the vector R ₁ by the vector W ₁ :

W₁=(225775009, 365259173, 573285714, 745051492).K = R ₁

W ₁ = (225775009, 365259173, 573285714, 745051492).

8. At the second subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which

8.1) form the element R _{2 of the} final group G by performing a group operation on the element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. by multiplying the vector X ₂ by the vector Y ₁ :

Y₁=(479451174, 91855889, 444557157, 435069688);R ₂ = X ₂

Y ₁ = (479451174, 91855889, 444557157, 435069688);

8.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ :

W₂=(225775009, 365259173, 573285714, 745051492).K = R ₂

W ₂ = (225775009, 365259173, 573285714, 745051492).

As a result of the actions taken, the first and second subscribers generated the same secret key, which was not explicitly transmitted over the open channel.

Example 5: Implementation of the claimed method according to claim 5 FI.

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple FDM = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219),

whose order is equal to the MDC q = 375894199.

3. The first subscriber generates OK in the form of an element Y _{1 of the} final group G, for which

3.1) generate the private secret key of the first subscriber in the form of vectors

X ₁ = (412485650, 354714868, 11415120, 374981699) and

Z≠Z

X₁ и

;such that conditions X ₁

Z ≠ Z

X ₁ and

;

3.2) generate an additional personal secret key of the first subscriber in the form of MDC s ₁ : s ₁ = 287457372;

(

обозначает операцию возведения вектора Z в степень s₁, т.е.

(s₁ раз)) и умножения вектора Х₁ на вектор

:3.3) form the element V _{1 of the} final group G, depending on the element X _{1 of the} final group G and the general element Z of the final group G by calculating the vector

(

denotes the operation of raising the vector Z to the power s ₁ , i.e.

(s ₁ time)) and multiplying the vector X ₁ by the vector

:

3.3) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ :

W₁=(13407495, 117475284, 729495990, 112340265).Y ₁ = V ₁

W ₁ = (13407495, 117475284, 729495990, 112340265).

4. OK of the first subscriber is transmitted to the second subscriber, for example, via an open communication channel of a telecommunication system.

5. The second subscriber generates OK in the form of an element Y _{2 of the} final group G, for which

5.1) generate a personal secret key of the second subscriber in the form of vectors

X ₂ = (370670118, 625081252, 441595984, 439787129) and

Х₂=Х₂

X₁, Х₂

Z≠Z

Х₂ и

;such that conditions X ₁

X ₂ = X ₂

X ₁ , X ₂

Z ≠ Z

X ₂ and

;

5.2) generate an additional personal secret key of the second subscriber in the form of MDC s ₂ : s ₂ = 302751365;

(возведение вектора Z в степень s₂) и умножения вектора Х₂ на вектор

:5.3) form a vector V ₂ depending on the element X _{2 of the} finite group G and the general element Z of the final group G by calculating the vector

(raising the vector Z to the power s ₂ ) and multiplying the vector X ₂ by the vector

:

5.3) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(268323899, 366097580, 492488923, 372628196).Y ₂ = V ₂

W ₂ = (268323899, 366097580, 492488923, 372628196).

6. The OK of the second subscriber is transmitted to the first subscriber, for example, via an open communication channel of a telecommunication system.

7. At the first subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the second subscriber, the personal secret key of the first subscriber and the additional private secret key of the first subscriber, for which

7.1) form the element R _{1 of the} final group G by performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

и умножения вектора Х₂ на вектор

:form an element R _{2 of the} final group G by computing the vector

and multiplying the vector X ₂ by the vector

:

7.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. multiply the vector R ₁ by the vector W ₁ :

W₁=(665169598, 698972005, 207121212, 631745661).K = R ₁

W ₁ = (665169598, 698972005, 207121212, 631745661).

8. The second subscriber generates a common secret key in the form of an element K of the final group G, depending on the OK of the first subscriber, the personal secret key of the second subscriber and the additional personal secret key of the second subscriber, for which

и умножения вектора Х₂ на вектор

:8.1) form an element R _{2 of the} finite group G by computing the vector

and multiplying the vector X ₂ by the vector

:

8.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ .

W₂=(665169598, 698972005, 207121212, 631745661).K = R ₂

W ₂ = (665169598, 698972005, 207121212, 631745661).

As a result of the actions performed, the first and second subscribers generated the same secret key K, which was not explicitly transmitted over the open channel. In this embodiment, an additional private secret key is used, which leads to an increase in cryptographic strength and an increase in the time for generating a shared secret key in comparison with other options for implementing the claimed method. Compared with the closest analogue method with the same specified cryptographic strength, the embodiment of the inventive method described in this example provides the procedure for generating a shared secret key approximately 7.5 times faster.

Example 6: Implementation of the claimed method according to claim 6 FI.

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple FDM = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219).

Z≠Z

D₁ и D₂

Z=Z

D₂:3. Form two additional common elements D ₁ and D _{2 of the} finite group Γ for which conditions D ₁

Z ≠ Z

D ₁ and D ₂

Z = z

D ₂ :

D ₁ = (534608750, 512739492, 524918926, 447002300) and

D ₂ = (723700851, 9764039, 138183077, 407816790).

4. At the first subscriber, an OK is generated in the form of an element Y _{1 of the} final group G, for which

4.1) generate random MDCs a ₁ and b ₁ : a ₁ = 291530213 and b ₁ = 184575638;

и

:4.2) generate the personal secret key of the first subscriber in the form of elements X ₁ and W _{1 of the} final group G, calculated by the formulas

and

:

X ₁ = (33699142, 27614207, 589607720, 562339745) and

W ₁ = (106030556, 503651307, 708182581, 544725304).

4.3) form the element V _{1 of the} final group G, depending on the element X _{1 of the} final group G and the common element Z of the final group G:

Z=(501417156, 131388964, 621523999, 283611901);V ₁ = X ₁

Z = (501417156, 131388964, 621523999, 283611901);

4.4) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ :

W₁=(416571129, 64019502, 534537127, 433602441).Y ₁ = V ₁

W ₁ = (416571129, 64019502, 534537127, 433602441).

5. Transmit OK of the first subscriber to the second subscriber.

6. The second subscriber generates OK in the form of an element Y _{2 of the} final group G, for which

6.1) generate random MDC a ₂ and b ₂ : a ₂ = 116495327 and b ₂ = 317562913;

и

:6.2) generate a personal secret key of the second subscriber in the form of elements X ₂ and W _{2 of the} final group G, calculated by the formulas

and

:

X ₂ = (676077679, 640501448, 302593640, 440687969) and

W ₂ = (134525578, 32936500, 312364224, 676034188);

Z≠Z

Х₂ и W₂

Z≠Z

W₂ выполняются;verification shows that conditions X ₂

Z ≠ Z

X ₂ and W ₂

Z ≠ Z

W ₂ are performed;

6.3) form a vector V ₂ depending on the element X _{2 of the} finite group Γ and the common element Z of the finite group Γ:

Z=(291393458, 652305749, 344861251, 175372945);V ₂ = X ₂

Z = (291393458, 652305749, 344861251, 175372945);

6.4) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(291299135, 679249764, 201973270, 700852854).Y ₂ = V ₂

W ₂ = (291299135, 679249764, 201973270, 700852854).

7. Transmit OK of the second subscriber to the first subscriber.

8. At the first subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which

8.1) form the element R _{1 of the} final group G by performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

Y₂=(261999283; 6137698; 233045854; 1770367);R ₁ = X ₁

Y ₂ = (261999283; 6137698; 233045854; 1770367);

8.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. multiply the vector R ₁ by the vector W ₁ :

W₁=(727736088, 404584806, 193596713, 424443795).K = R ₁

W ₁ = (727736088, 404584806, 193596713, 424443795).

9. At the second subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which

9.1) form element R _{2 of the} final group G by performing a group operation on element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. by multiplying the vector X ₂ by the vector Y ₁ :

Y₁=(40601245, 718350287, 567209164, 241014819);R ₂ = X ₂

Y ₁ = (40601245, 718350287, 567209164, 241014819);

9.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ :

W₂=(727736088, 404584806, 193596713, 424443795).K = R ₂

W ₂ = (727736088, 404584806, 193596713, 424443795).

As a result of the actions taken, the first and second subscribers generated the same secret key, which was not explicitly transmitted over the open channel.

Example 7: Implementation of the claimed method according to claim 7 FI.

1. A non-commutative finite group Γ is generated in the form of a non-commutative finite group of four-dimensional vectors, for which

1.1) generate a simple MDC p = 751788397;

1.2) generate TUBV in the form of table 2, where µ = 2 and ε = 3.

2. Form a common element Z of the finite group Γ in the form of a vector

Z = (225775009, 612940870, 565904108, 399985219).

Z≠Z

D₁, D₂

D₁≠D₁

D₂ и D₂

Z≠Z

D₂:3. Form two additional common elements D ₁ and D _{2 of the} finite group Γ for which conditions D ₁

Z ≠ Z

D ₁ , D ₂

D ₁ ≠ D ₁

D ₂ and D ₂

Z ≠ Z

D ₂ :

D ₁ = (534608750, 512739492, 524918926, 447002300) and

D ₂ = (679666808, 377694615, 565138462, 505041338).

4. At the first subscriber, an OK is generated in the form of an element Y _{1 of the} final group G, for which

4.1) generate random MDCs a ₁ and b ₁ : a ₁ = 291530213 and b ₁ = 184575638;

и

:4.2) generate the personal secret key of the first subscriber in the form of elements X ₁ and W _{1 of the} final group G, calculated by the formulas

and

:

X ₁ = (33699142, 27614207, 589607720, 562339745) and

W ₁ = (437014043, 413669527, 582430806, 419833824).

4.3) form a vector V ₁ depending on the element X _{1 of the} finite group G and the common element Z of the final group G:

Z=(501417156; 131388964; 621523999; 283611901);V ₁ = X ₁

Z = (501417156; 131388964; 621523999; 283611901);

4.4) form the OK of the first subscriber Y ₁ by performing a group operation on the elements V ₁ and W _{1 of the} final group G, i.e. in this example, in the form of a vector equal to the product of vectors V ₁ and W ₁ :

W₁=(105090004, 388090680, 664039794, 512841850).Y ₁ = V ₁

W ₁ = (105090004, 388090680, 664039794, 512841850).

5. Transmit OK of the first subscriber to the second subscriber.

6. The second subscriber generates OK in the form of an element Y _{2 of the} final group G, for which

6.1) generate random MDC a ₂ and b ₂ : a ₂ = 116495327 and b ₂ = 317562913;

и

:6.2) generate a personal secret key of the second subscriber in the form of elements X ₂ and W _{2 of the} final group G, calculated by the formulas

and

:

X ₂ = (676077679, 640501448, 302593640, 440687969) and

W ₂ = (408454641, 129510874, 712799849, 107283989);

Z≠Z

Х₂ и W₂

Z≠Z

W₂ выполняются;verification shows that conditions X ₂

Z ≠ Z

X ₂ and W ₂

Z ≠ Z

W ₂ are performed;

6.3) form the element V _{2 of the} final group Γ depending on the element X _{2 of the} finite group Γ and the general element Z of the finite group Γ:

Z=(291393458, 652305749, 344861251, 175372945);V ₂ = X ₂

Z = (291393458, 652305749, 344861251, 175372945);

6.4) form the OK of the second subscriber Y ₂ by performing a group operation on the elements V ₂ and W _{2 of the} final group G, i.e. in this example, in the form of a vector equal to the product of the vectors V ₂ and W ₂ :

W₂=(228621823, 365421749, 562763903, 532545831).Y ₂ = V ₂

W ₂ = (228621823, 365421749, 562763903, 532545831).

7. Transmit OK of the second subscriber to the first subscriber.

8. At the first subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which

8.1) form the element R _{1 of the} final group G by performing a group operation on the element X _{1 of the} final group G and OK Y _{2 of the} second subscriber, i.e. by multiplying the vector X ₁ by the vector Y ₂ :

Y₂=(531923262, 696869496, 226339945, 460508234);R ₁ = X ₁

Y ₂ = (531923262, 696869496, 226339945, 460508234);

8.2) perform a group operation on the elements R ₁ and W _{1 of the} final group G, i.e. multiply the vector R ₁ by the vector W ₁ :

W₁=(515074148, 347934926,307920204, 133652455).K = R ₁

W ₁ = (515074148, 347934926.3007920204, 133652455).

9. At the second subscriber, a common secret key is formed in the form of an element K of the final group G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which

9.1) form element R _{2 of the} final group G by performing a group operation on element X _{2 of the} final group G and OK Y _{1 of the} first subscriber, i.e. by multiplying the vector X ₂ by the vector Y ₁ :

Y₁=(122092361, 587709477, 404972314, 211551832);R ₂ = X ₂

Y ₁ = (122092361, 587709477, 404972314, 211551832);

9.2) perform a group operation on the elements R ₂ and W _{2 of the} final group G, i.e. multiply the vector R ₂ by the vector W ₂ :

W₂=(515074148, 347934926, 307920204, 133652455).K = R ₂

W ₂ = (515074148, 347934926, 307920204, 133652455).

As a result of the actions taken, the first and second subscribers generated the same secret key, which was not explicitly transmitted over the open channel. This embodiment of the inventive method for generating a common secret key of two remote subscribers of a telecommunication system provides sufficient cryptographic strength when choosing a simple MDC p of 80 bits or more, while it provides a reduction in the time for generating a shared secret key in comparison with the closest analogue method even when increasing the size of a simple MDC p up to 2048 bits, which can significantly increase cryptographic strength, while maintaining a relatively short time for the formation of a shared secret key.

In the case of non-commutative finite groups of four-dimensional vectors, the claimed method for generating a common secret key of two remote subscribers of a telecommunication system provides sufficient stability when choosing a simple MDC p of 80 bits or more. One operation of vector multiplication, which is a group operation in the considered embodiments of the claimed method, requires performing no more than 22 operations of multiplication modulo p. Reducing the time for generating a shared secret key in the claimed method compared to analogous methods is ensured by the fact that 1) when generating a shared secret key, fewer group operations are performed, 2) in non-commutative groups of four-dimensional vectors, the calculations are performed according to a simple module, the resolution of which is about 12 , 8 times less than the capacity of a simple module in analogous methods, and 3) the execution time of the operation of multiplication modulo is proportional to the square of the capacity of the module. The longest time for generating a shared secret key K of two remote subscribers in the claimed method corresponds to its implementation option according to claim 6, since in this embodiment, when generating a shared secret key K, an additional operation of raising to a power equal to the value of the additional private secret key is performed. Even in this case, the formation time of the shared secret key K in the claimed method is approximately 12.8 ² / 22≈7.5 times less compared to the analogous methods with the same cryptographic strength.

Thus, it is shown that the claimed method of generating a common secret key of two remote subscribers of a telecommunication system is technically feasible and allows to achieve the formulated technical result.

Annex 1

Interpretation of the terms used in the description of the application

1. Binary digital electromagnetic signal - a sequence of bits in the form of zeros and ones.

2. Parameters of a binary digital electromagnetic signal: bit depth and order of single and zero bits.

3. The bit depth of a binary digital electromagnetic signal is the total number of its single and zero bits, for example, the number 10011 is 5-bit.

4. A bit string is a binary digital electromagnetic signal represented as a finite sequence of digits “0” and “1”.

5. Secret key - a binary digital electromagnetic signal used to generate a signature for a given electronic document. The secret key is represented, for example, in binary form as a sequence of digits "0" and "1".

6. Public key - a bit string whose parameters depend on the private key. The public key is calculated in secret as the value of a function that can be calculated in one direction, which makes it almost impossible to calculate the secret key in the public key.

7. A multi-digit binary number (MDC) is a binary digital electromagnetic signal, interpreted as a binary number and represented as a sequence of digits "0" and "1".

8. The operation of raising a number S to a discrete power A modulo n is an operation performed on a finite set of natural numbers {0, 1, 2, ..., n-1}, including n numbers that are the remainders of dividing all kinds of integers by a number n; the result of the operations of addition, subtraction and multiplication modulo n is a number from the same set [Vinogradov IM Fundamentals of number theory. - M .: Nauka, 1972, - 167 p.]; the operation of raising a number S to a discrete power Z modulo n is defined as a Z-fold sequential multiplication modulo n of the number S by itself, i.e. as a result of this operation, the number W is also obtained that is less than or equal to the number n-1; even for very large numbers S, Z and n, there are effective algorithms for performing the operation of raising a discrete power modulo.

9. The exponent q modulo n of the number a, which is coprime with n, is the minimum of the numbers γ for which the condition a ^γ mod n = 1 holds, that is q = min {γ ₁ , γ2, ...} [I. Vinogradov Fundamentals of number theory. - M .: Nauka, 1972, - 167 p.].

10. The order of q modulo n of a is the exponent q modulo n of a.

11. An algebraic structure is a set of mathematical elements of some nature. The mathematical elements can be, for example, polynomials, MDC, pairs of MDC, pairs of polynomials, triples of MDC, triples of polynomials, matrices of MDC, matrices of polynomials, etc., over which mathematical actions (operations) are specified. A mathematically algebraic structure is determined by specifying a specific set of mathematical elements and one or more operations performed on the elements.

12. An element of an algebraic structure is a single bit string or a set of several bit strings over which an algebraic operation is defined. When determining a specific type of algebraic structure, operations are determined on elements of the algebraic structure, which uniquely indicate the rules for interpretation and transformation of bit strings representing these elements. The transformations of bit strings implemented in computing devices correspond to operations performed on elements of a given algebraic structure.

13. A group is an algebraic structure (that is, a set of elements of various nature), on the elements of which one operation is defined, which for a given operation has the following set of properties: the operation is associative, the result of the operation on two elements is also an element of the same structure, there is a single element such that when performing an operation on it and some other element of a group, the result is element a. A detailed description of the groups is given in the books [A.G. Kurosh. Group theory. - M .: publishing house "Science", 1967, - 648 p.] And [M.I. Kargapolov, Yu.I. Merzlyakov. Fundamentals of group theory. - M .: publishing house "Science. Fizmatlit ", 1996, - 287 p.].

а

а

…

а (n раз), где «

» обозначает групповую операцию.14. A group operation is an operation defined on the elements of a group. Usually in a group, the operation of raising to a power, which is a derivative of a group operation, is defined. Raising to a power in a group is a multiple execution of a group operation on the same element. For example, for an element of a and a positive integer n, by definition we have a ⁿ = a

but

but

...

a (n times), where

"Denotes a group operation.

Z=Z

E=Z, где Е - единичный элемент группы.15. A unit element of the group - is such an element that, when performing an operation on it and another arbitrary element Z of the group результатом, the result is the element Z, that is, for any Z ∈ имеем we have E

Z = z

E = Z, where E is the unit element of the group.

16. The order of an element Z of a group Γ is the smallest positive integer q such that Z ^q = E, where E is the identity element of G.

Z=Z

Z^-1=Е, где Е - единичный элемент группы Г.17. The inverse element with respect to a given element Z of the group - is some element of the group,, denoted as Z ^-1 , such that Z ^-1

Z = z

Z ^-1 = E, where E is the unit element of the group G.

Z₂≠Z₂

Z₁.18. A non-commutative group is a group with a non-commutative group operation, that is, with a group operation for which, in the general case, the result of its action on two elements of the group depends on their arrangement relative to the sign of the group operation, for example, for two elements Z ₁ ∈ Г and Z ₂ ∈ Г, in the general case, the following inequality Z ₁

Z ₂ ≠ Z ₂

Z ₁ .

19. A vector is a set of two or more MDCs, called the coordinates of a vector. The number of coordinates of a vector is called the dimension of the vector.

20. The operation of vector multiplication is the operation of multiplying two vectors, which is a group operation in a finite group of vectors.

21. A final group is a group containing a finite number of elements.

22. The membership sign “∈” is used to indicate membership, for example, of an element a to a group Г as follows:

23. The Euler function of a given natural number is the number of numbers that are coprime with a given natural number.

Claims (2)

1. A method for generating a common secret key of two remote subscribers of a telecommunication system, which consists in generating the final group G, forming a common element Z of the final group G, generating the private secret key and the public key in the form of the element Y _{1 of the} final group F, y ₁ is transmitted first outdoor subscriber key to the second subscriber, the second subscriber generates its own secret key and public key as the element y of a finite group G _2, transmit the public key y ₂ of the second subscriber to the first Dialing NTU, at the first subscriber form the shared secret in the form of an element K finite group G according to the public key Y ₂ of the second subscriber and the personal secret key of the first subscriber and the second subscriber form the shared secret in the form of an element K finite group G as a function of the public key Y _{1 of the} first subscriber and the private secret key of the second subscriber, characterized in that the first subscriber generates a public key Y ₁ by generating his personal secret key in the form of two elements X ₁ and W _{1 of} group G, such that conditions

where is the sign

denotes a group operation, and

generating an additional personal secret key of the first subscriber in the form of a multi-bit binary number s ₁ , forming the element V _{1 of the} final group G by the formula

and then performing a group operation on the elements V ₁ and W _{1 of the} final group G, and the second subscriber generates a public key Y ₂ by generating his personal secret key in the form of two elements X ₂ and W _{2 of} group G, such that the conditions are met

and

generating an additional personal secret key of the second subscriber in the form of a multi-bit binary number s ₂ , forming the element V _{2 of the} final group G by the formula

and the subsequent execution of the group operation on the elements V ₂ and W _{2 of the} finite group Γ, moreover, a noncommutative finite group is used as the finite group Γ. 2. The method according to claim 1, characterized in that they form an additional common element D of the final group G, for which the condition

where is the sign

denotes a group operation, generate the personal secret key of the first subscriber in the form of two elements X ₁ and W _{1 of} group G by generating random multi-bit binary numbers a ₁ and b ₁ and the subsequent generation of elements X ₁ and W _{1 of the} final group G according to the formulas

and

and generate a personal secret key of the second subscriber in the form of two elements X ₂ and W _{2 of} group G by generating random multi-bit binary numbers a ₂ and b ₂ and the subsequent generation of elements X ₂ and W _{2 of the} final group G according to the formulas

and

.