RU2459367C2 - Method to generate alternating key for unit coding and transfer of coded data - Google Patents

Abstract

FIELD: information technologies.

SUBSTANCE: identical closed keys are entered in a receiver and a transmitter, and then in the transmitter a sequence is generated from separate k-digit units of data, afterwards a sequence of subkeys is received from the closed key with the possibility of coding of data units in the transmitter and decoding of the transmitted data units in the receiver, and unit-by-unit transfer of data, at the same time the value of each subsequent (i+1) subkey is determined in compliance with the value of the previous i subkey of the same sequence according to the functional dependence, besides, prior to transfer of coded data, an additional sequence is generated in the transmitter from modifiers from n-digit random numbers, which do not exceed the digit number of data units (k>n), afterwards the value of the subsequent (i+1) modifier is introduced into the previous i data unit, which is a carrier of the alternating key modifier, with subsequent use when generating the subsequent value of the (i-1) closed subkey in the transmitter and the receiver.

EFFECT: higher cryptographic resistance of a data transfer system.

3 cl, 2 dwg

Description

The invention relates to computer technology and can be used for cryptographic data protection in computer networks.

The encryption method is known in the prior art when bitwise summing modulo 2 of the source data with a gamma of cipher (gamma) is performed, which is removed from the outputs of the key generator, and on the receiving side, encrypted data is summed bitwise modulo 2 with a gamma of cipher (Ivanov M .A. Cryptographic methods of information protection in computer systems and networks. - M.: KUDITS-OBRAZ, 2001, p. 34).

A disadvantage of the known technical solution is the low cryptographic security, because The level of cryptographic protection depends on the length of the key. In this method, there are no tools for changing the key depending on the amount of information to be closed. The specified method uses only one of the possible encryption methods, namely gamming, and, therefore, is not universal.

To increase the cryptographic strength, block data encryption is used when the message is divided into separate blocks, and the key is divided into subkeys, then these blocks are encrypted, and each subkey is used for each block.

Block encryption methods include GOST 28147-89 (Russia), DES (Data Encryption Standard, USA), and others.

The GOST 28147-89 cryptographic conversion algorithm uses a block cipher with a 256-bit key and 32 conversion cycles, operating with 64-bit blocks. For encryption, the plaintext is first split into two halves (the least significant bits are A, the most significant bits are B). On the i-th cycle, the Ki subkey is used. To generate subkeys, the original 256-bit key is divided into eight 32-bit blocks: K1 ... K8. Ai and Ki add up modulo 2 ³² . The result is divided into eight 4-bit subsequences (tetrads), each of which is fed to the input of its own node of the substitution table, called the S-block. The table defines the substitution when one tetrad is replaced by another tetrad. The outputs of all eight S-blocks are combined into a 32-bit word, then the whole word is cyclically shifted to the left (to the upper digits) by 11 bits.

The disadvantage of this algorithm is the use of a permanent 256-bit key from which subkeys are formed. With software implementation, this encryption method does not provide high speed (more than 1 Mbps) due to the need to convert data formats. Modern processors operate on data that is a multiple of 1 byte (8, 16, 32, 64, 128 bits). The indicated method uses a large number of substitution operations on 4-bit data blocks (up to 32 rounds). During each round, the processor converts the data formats. First, 4-bit tetrads (8 bits → 4 + 4 bits) are allocated in a byte, and then table substitution and inverse conversion is performed (8 × 4 bits → 32 bits). Converting data formats reduces the encryption speed. At the same time, the level of cryptographic protection of the transmitted data is also reduced.

In the US DES standard, data block encryption is performed by generating a secret key, dividing the converted data block into two subunits L and R, and changing the latter one by one by performing a bitwise summing operation modulo two over the subunit L and the binary vector, which is formed as the output value of some function F from the value of the sub-block R. After this, the blocks are rearranged. Function F in the indicated method is implemented by performing permutation and substitution operations performed on sub-block R (National Bureau of Standards. Data Encryption Standard. Federal Information Processing Standards Publication 46, January 1977). In DES, each data block is encrypted independently of the others. This allows you to decrypt individual blocks of encrypted messages or data structures, and therefore, opens up the possibility of independent transmission of data blocks or random access to encrypted data. DES uses a small secret key, which makes it vulnerable to cryptanalysis based on key selection. In DES, the encryption key is represented as a collection of subkeys.

The disadvantage of this technical solution is that for all i-th input data blocks the same i-th subkey will be used, which reduces the level of cryptographic protection of the transmitted data.

There is also known another method of block encryption of binary information, which includes generating an encryption key in the form of a set of subkeys, dividing the data block into N≥2 subunits and alternately converting the subunits by performing an encryption operation on the subunit and subkey. Before performing a two-place encryption operation on the i-th subunit and subkey on the subkey, a substitution operation is performed depending on the j-th subunit, where j ≠ i. As a substitution operation performed on a subkey depending on the jth subunit, a control operation or a substitution operation depending on the encryption key is used (RF Patent No. 2211541, H04L 9/00, 2001).

A disadvantage of the known technical solution is the use of one source private key, from which using substitutions, permutations, transformations, functions, etc. receive a sequence of subkeys for subblocks of transmitted data. Knowing the conversion rule, you can pick up the key. The cryptographic protection of the transmitted data is reduced.

Closest to the claimed invention is a well-known from the prior art method for block encryption of discrete information, including generating an encryption key in the form of a set of subkeys, dividing the data block into N≥2 subunits and alternately converting the subunits by performing a two-place operation on the subunit and subkey, characterized in that before performing a two-place operation on the i-th subunit and the subkey on the subkey, a cyclic shift operation is performed depending on the j-th subunit, where j ≠ i (RF Patent No. 21407 11, H04L 9/00, 1998).

The main disadvantage of the solutions known from the prior art with respect to the claimed technical solution is the use of one source private key, from which, by functional dependence, a sequence of subkeys for subblocks of transmitted data can be obtained. Having learned the rule or the law of transformation, you can choose a closed subkey. The cryptographic strength of known methods of data transfer is reduced.

The problem to which the claimed invention is directed, is to increase the cryptographic strength of a data transmission system.

The technical result obtained implies the technical nature of the claimed proposal and the problem being solved.

The claimed technical result obtained by solving the problem is achieved by the fact that in the claimed method, first, the same private keys are entered in the receiver and transmitter, and then a sequence of individual k-bit data blocks is formed in the transmitter, after which the sequence is obtained from the private key connections with the possibility of encrypting data blocks in the transmitter and unambiguous decryption of the transmitted data blocks in the receiver and block data transmission, the value of any subsequent of the th (i + 1) th subkey is determined in accordance with the value of the previous i-th subkey of the same sequence according to the functional dependence, according to the invention, before transmitting encrypted data in the transmitter, an additional sequence of modifiers is formed from n-bit random numbers not exceeding the bit depth of the data blocks (k> n), after which the value of the subsequent (i + 1) -th modifier is entered into the previous i-th data block, as in the medium of the modifier of the variable key, and is used to form the subsequent value (i +1) th closed subkey in the transmitter and receiver.

It is advisable that according to the claimed method, the subkey for each subsequent (i + 1) th block is formed by adding n bits of the modifier to the plug of the previous 1st block, and during the modification, a shift operation is performed with the loss of n significant digits of the plug of the previous i-th block.

It is also advisable that according to the claimed method, the subkey for each subsequent (i + 1) th block is formed from the subkey of the previous i-th block based on stochastic or other methods.

Distinctive features of the claimed technical solution in relation to the object - the "prototype", set forth in the independent claim, are as follows.

Before transmitting encrypted data, an additional sequence of modifiers is formed in the transmitter from n-bit random numbers not exceeding the bit depth of the data blocks (k> n), after which the value of the subsequent (i + 1) th modifier is entered into the previous i-th data block, as into the carrier of the modifier of the alternating key, and used to form the subsequent value of the (i + 1) -th closed subkey in the transmitter and receiver.

The essence of the claimed invention is as follows.

In the claimed method for encrypting a message, a private key is used, from which a final sequence of subkeys is obtained for encrypting the message in the transmitter and then uniquely decrypting the message in the receiver.

During initialization, the same private key value is entered in the transmitter and receiver.

After that, the following actions are performed in the transmitter.

The message is divided into separate k-bit data blocks. Then form a sequence of n-bit (n <k) random numbers. These numbers are used as a key modifier to change a key according to a functional (stochastic or other) law. The modifier of the (i + 1) th key is added to the i-th data block, as to the modifier medium. The result is a block of bit capacity (k + n), which includes the i-th data block and the modifier of the (i + 1) -th key. In the transmitter, this block is encrypted using the i-th subkey and then in encrypted form is transmitted over the network to the receiver. To encrypt each block, its own subkey is used. After the transmission of the next data block, the subkey synchronously changes according to the functional (stochastic or other) law in the transmitter and receiver. As a result, both the transmitter and the receiver receive the same closed subkey.

In the receiver, the following actions are performed.

Decrypt the received i-th block using the i-th subkey. As a result of decryption, the i-th data block and the modifier of the (i + 1) -th key are obtained. The modifier is used to obtain the next (i + 1) -th subkey according to the functional (stochastic or other) law.

The key modifier is a random number and can be generated, for example, using a random number sensor. For example, the subsequent (i + 1) -th subkey can be obtained by adding (joining) a random number of modifier to the previous i-th private key and shift with loss of bits.

The claimed method of generating a variable key for block encryption is illustrated by graphic materials, where:

- figure 1 shows a method of generating a variable key for block encryption and transmission of encrypted data;

- figure 2 presents a diagram of the receiver and transmitter of the message, where a variable key is used for block data encryption.

First, the information message 1 (Fig. 1) is divided into separate k-bit data blocks 2. The transmitter generates a sequence of closed subkeys 3 to encrypt the k-bit data blocks 2. The first subkey 3 is set during initialization, and the subsequent (i + 1) -th subkey 3 depends on the previous i-th subkey 3 functionally (stochastically or otherwise). According to the invention, before transmitting the ith data block, an n-bit random number (k> n) is additionally generated, which is modifier 4 for the (i + 1) th key 3. The modifier for the (i + 1) th block 4 is included in the transmitted The 1st data block is part of the corresponding (i + 1) -th closed subkey 3.

For example, the subkey for each subsequent (i + 1) -th block 3 is formed by adding n bits of modifier 4 to the plug of the previous i-th block 3 and a shift with loss of bits, see Fig. 1.

For example, a subkey for each subsequent (i + 1) -th block 3 is formed by performing a functional, stochastic or other transformation on modifier 4 and connecting the previous i-th block 3.

The claimed method of generating a variable key for block data encryption can be used in conjunction with the data transfer protocol in computer networks TCP / IP.

Reception and transmission of messages, according to the generated variable key, is illustrated by the scheme, which is presented in figure 2. Shown are a transmitter 5, the output of which is connected to the input of the receiver 6 via a data transmission network 7. The transmitter 5 includes: a first private key generation unit 8, a first data buffer 9, a first register 10, an encoder 11, a transmission buffer 12, an output device 13. Input the first private key generation unit 8 is connected to a random number generator 4. A key modifier is generated at the output of the random number generator. The output of the random number generator 4 and the output of the first data buffer 9 are connected to the first and second inputs of the first register 10. The key modifier 4 and the transmitted data block 2 are entered in the register 10. At the output of block 8, the value of the private key 3 is generated to encrypt the next data block. The outputs of the private key generation unit 8 and the register 10 are connected, respectively, to the first and second inputs of the encoder 11. In the encoder 11, the information is encrypted using the private key 3. The encoder 11 is connected in series with the transmission buffer 12 and the output device 13. Encrypted information from the output encoder 11 enters the transmission buffer 12, and then to the output device 13. The output of the output device 13 is connected to the data transmission network 7.

The receiver 6 contains: an input device 14, a receive buffer 15, a decoder 16, a second private key generating unit 17, a second register 18 and a second data buffer 19. An input device 14 is connected in series with the receive buffer 15 and the first input of the decoder 16. The second input of the decoder 16 connected to the output of the second private key generating unit 17. The output of the decoder 16 is connected to the register 18. The private key 4 modifier is generated at the first output of the register 18, and the data block 2 is generated at the second output. The receiver 6 decrypts the information using rytogo key 3. The first output of the second register 18 is connected to the input of the second private key generating unit 17, and its second output - to an input of the second data buffer 19. The second register 18 the information is divided into two parts - a modifier key and the data block. The key modifier 4 is fed to the input of the second private key generating unit 17. The data block is fed to the input of the second data buffer 19.

After transmitting and receiving the next data block, the private key 3 synchronously changes at the transmitter and receiver of the data. The actual length of the private key 3 will be significantly increased, due to the addition of modifier 4.

Thus, the essence of the claimed method of generating a variable key for block encryption and transmission of encrypted data can be represented in the form of an algorithm (figure 1):

1. First, the information message is divided into separate k-bit data blocks. Then, during initialization, a closed subkey is entered. This subkey is the same for the transmitter and receiver. The length of the closed subkey must be greater than the length of the data block. A closed subkey encrypts the data block with the number i = 1.

2. For each subsequent (i + 1) th data block, a new key modifier is generated. The key modifier is a random n-bit number. The key modifier can be obtained, for example, using a random number generator. Then the subsequent (i + 1) -oe subkey value is formed, which functionally (stochastically or otherwise) depends on the previous i-th subkey and the key modifier. The modification function provides a one-to-one change in the subkey in accordance with the modifier. For example, a subkey for each subsequent (i + 1) th block is formed by adding n bits of the modifier to the plug of the previous i-th block, and during the modification, a shift operation is performed with the loss of n significant bits of the subkey of the previous block.

3. The modifier of the (i + 1) -th subkey is connected to the i-th data block and encrypted with the i-th subkey. For encryption, you can use any of the known encryption methods, such as gamming. The encrypted block is transmitted over the data network from the sender to the receiver.

4. Steps 2-3 are performed for all data blocks included in the message. The message secret key is formed by a series of subkeys for data blocks.

In the claimed method of generating a variable key, the length of the secret key exceeds the volume of the information block, which significantly increases the cryptographic strength of the data transmission system.

According to Shannon’s formula, if the size of the data block does not exceed the size of the key, then unauthorized decryption (hacking) of the data block is impossible. For unauthorized decryption, it is necessary that the amount of encrypted data be significantly larger than the volume of the key. In the proposed method, the key can be made large enough by attaching a modifier.

Thus, the claimed method of forming a variable key provides a high level of cryptographic strength. With the claimed method of generating a variable key, you can use any encryption methods, even simple ones (for example, gamming). The simplicity of generating a variable key and encryption method will significantly increase the speed of transmission and reception of messages. The claimed method can be used in mobile communication devices.

The claimed method of generating a key for block data encryption can be implemented in software, hardware or software-hardware based on a computer with an installed program.

The analysis of the claimed technical solution for compliance with the conditions of patentability showed that the characteristics indicated in the independent claim are essential and interconnected with the formation of a stable set of necessary features, unknown at the priority date from the prior art and sufficient to obtain the synergetic (super-total) technical result formulated in the problem .

Thus, the above information indicates the fulfillment of the following set of conditions when using the claimed technical solution:

- the claimed method of generating a variable key for block encryption and transmission of encrypted data is intended for use in computer technology and can be implemented for cryptographic protection of data in computer networks in the form described in the independent claim, the possibility of implementing the method using the above in the application materials known from the prior art on the priority date of the means and methods;

- the object embodying the claimed technical solution, when implemented, is able to ensure the achievement of the technical result perceived by the applicant: increasing the cryptographic strength of the data transmission system;

- the claimed method of generating a variable key for block encryption and transmission of encrypted data is intended for use in computer technology and can be implemented for cryptographic protection of data in computer networks in the form described in the independent claim, the possibility of implementing the method using the above in the application materials known from the prior art on the priority date of the means and methods;

- the object embodying the claimed technical solution, when implemented, is able to ensure the achievement of the technical result perceived by the applicant: increasing the cryptographic strength of the data transmission system.

The claimed technical solution provides a clear and unambiguous understanding of its implementation and implementation of the specified purpose within the framework of the signs specified in the formula. Based on the foregoing, we can conclude that the claimed technical solution, according to the applicant, meets the criterion of "industrial applicability".

The technical nature of the solution is confirmed by the presence of a technical result obtained when implementing or using a technical solution.

Therefore, the claimed subject matter meets the requirements and conditions of patentability “novelty”, “inventive step” and “industrial applicability” under applicable law.

Claims (3)

1. A method of generating a variable key for block encryption and transmission of encrypted data, in which the same private keys are first entered in the receiver and transmitter, and then a sequence of separate k-bit data blocks is formed in the transmitter, after which a sequence of encrypted connected keys is obtained from the private key data blocks in the transmitter and decryption of the transmitted data blocks in the receiver and block data transfer, while the value of any subsequent (i + 1) -th subkey is determined in accordance with In accordance with the value of the previous i-th subkey of the same sequence according to the functional dependence, characterized in that before transmitting the encrypted data in the transmitter, an additional sequence of modifiers is formed from n-bit random numbers not exceeding the bit depth of the data blocks (k> n), after which the value the next (i + 1) -th modifier is entered into the previous i-th data block, which is the carrier of the variable-key modifier, with the subsequent use of the (i + 1) -th closed when forming the subsequent value subkey of the transmitter and receiver. 2. The method according to claim 1, characterized in that the subkey for each subsequent (i + 1) th block is formed by adding n bits of the modifier to the subkey of the previous i-th block, and during the modification, a shift operation is performed with the loss of n significant digits of the subkey of the previous i-th block. 3. The method according to claim 1, characterized in that the subkey for each subsequent (i + 1) th block is formed from the subkey of the previous i-th block based on stochastic or other methods.

Images