RU2766319C1 - Method for generating the encryption/decryption key - Google Patents

Abstract

FIELD: cryptography.

SUBSTANCE: invention relates to the field of cryptography. The expected result is achieved by generating a random binary symbol, forming a code word, an accepted binary symbol, a binary confirmation symbol, transmitting a binary confirmation symbol, forming an initial sequence on the side of the second correspondent of the communication network (CCN) and the first preliminary sequence on the side of the first CCN, forming a second preliminary sequence on the side of the third CCN, encoding the initial sequence, isolating a block of verification characters from the encoded initial sequence, transmitting the block of verification characters through communication channels without errors, forming and remembering the first and second decoded sequences, forming the hashing function on the side of the first correspondent, simultaneously transmitting the hashing function of sequences through the first direct and second direct communication channels without errors, respectively, to the second and third correspondents of the communication network, after which form an encryption /decryption key from the original, first and second decoded sequences is formed.

EFFECT: increase in the resistance to encryption/decryption key compromise by the violator.

11 cl, 50 dwg

Description

The invention relates to the field of cryptography, namely to the formation of an encryption/decryption key (CLSD), and can be used as a separate element in the construction of symmetric cryptographic systems designed to transmit encrypted voice, sound, television and other messages.

The proposed method for the formation of CLSD can be used in cryptographic systems in the absence or loss of cryptographic connectivity (Cryptoconnectivity - the correspondents of the communication network have the same CLSD) between the correspondents of the communication network (SS), which includes three correspondents, or the establishment of cryptographic connectivity between new SS correspondents in the conditions of interception by the violator information transmitted through open communication channels. The term "communication network" means a set of nodes and lines connecting them, and for any two different nodes there is at least one path connecting them, as described, for example, in the book by D. Phillips, A. Garcia-Diaz, " Network Analysis Methods”, M.: Mir, 1984, p. 16.

There is a known method for the formation of KLShD, described in the book by W. Diffie "The first ten years of public key cryptography", TIER, vol. 76, No. 5, p. 57-58. The known method consists in preliminary distribution between the parties of the direction of communication (PCS) numbers α and β, where α is a prime number and 1≤β≤(α-1). The term "communication direction" means a set of transmission lines and communication nodes that provide communication between two points of the network, as described, for example, in the National Standard of the Russian Federation, GOST R 53111-2008, "Stability of the operation of a public communication network", Moscow: Standartinform, 2009, p. 7. The transmitting side of the communication direction (PRSNS) and the receiving side NS (PRSNS), independently of each other, select random corresponding numbers X _A and X _B , which are kept secret, and then generate numbers based on X _A , α , β on PerSNS and Х _В , α, β on PrSNS. SNAs exchange received figures over communication channels without errors. After receiving the numbers of correspondents, the parties convert the received numbers using their secret numbers into a single CLSD. The method makes it possible to encrypt information during each communication session on new CLSD (i.e., eliminates the storage of key information on media) and relatively quickly generate CLSD using one unsecured communication channel.

However, the known method has a relatively low resistance of CLSD to compromise (Resistance of CLSD to compromise is the ability of a cryptographic system to resist attempts by an intruder to obtain a CLSD, which is generated and used by legitimate participants in the exchange of information, when the intruder uses information about CLSD obtained as a result of interception, theft, loss, disclosure, analysis, etc.), the duration of the CLSD is limited to the duration of one communication session or its part, the incorrect distribution of the numbers α and β leads to the impossibility of forming the CLSD.

There is also known a method for generating CLSD using a quantum communication channel [US Patent No. 5515438 H04L 9/00 dated 05/07/96], which allows you to automatically generate CLSD without additional measures for distribution (delivery) of the preliminary sequence. The known method is to use the uncertainty principle of quantum physics and generates QSD by transmitting photons through a quantum channel. The method ensures the production of CLSD with high resistance to compromise, provides guaranteed control of the presence and degree of interception of CLSD.

However, the implementation of the known method requires high-precision equipment, which leads to a high cost of its implementation. In addition, CLSD according to this method can be formed using fiber-optic communication lines of limited length, which significantly limits its scope in practice.

There is also known a method for the formation of CLSD on the basis of information differences [RF Patent No. 2180469 dated 10.03.2002].

This method includes the formation of the initial sequence (IS) by the second correspondent of the direction of communication (NS), encoding the IP, extracting a block of test symbols from the encoded IP, transmitting it over a direct communication channel without errors to the first correspondent of the NS, forming a decoded sequence (DS) by the first correspondent of the NS, formation of the function of hashing sequences by the first correspondent of the NS, its transmission over the direct communication channel without errors to the second correspondent of the NS, and the formation of encryption / decryption keys by the first and second correspondents of the NS by hashing IP and DP according to the hash function of sequences formed by the first correspondent of the NS.

The disadvantage of this method is the impossibility of the simultaneous formation of CLSD for the correspondents of the communication network (SS) and the relatively large time costs for the sequential formation of the CLSD for the SS of three correspondents, since it is necessary to sequentially form the CLSD using the above method for each pair of SS correspondents, including the first correspondent, then to choose one of the formed CLSD as CLSD for the SS and ensure that it is received by all SS correspondents.

The closest but technical essence to the claimed method of forming CLSD is the method of forming CLSD [RF Patent No. 2480923 dated 27.04.2013].

The prototype method includes generating a random binary character on the side of the first correspondent of the communication network (CCC), generating a code word from the random binary character, transmitting the code word from the first correspondent to the second and third CCCs via the first communication channel with errors and the second communication channel with errors, respectively. , the formation of the received binary symbol on the sides of the second and third CSS, the formation of a binary confirmation symbol on the sides of the second and third CSS, the simultaneous transmission of a binary confirmation symbol from the second correspondent to the first and third CSS on the first reverse communication channel without errors and on the third forward communication channel without errors , respectively, the simultaneous transmission of a binary confirmation symbol from the third correspondent to the first and second KSS via the second reverse communication channel without errors and via the third reverse communication channel without errors, respectively, the formation of the initial sequence (IP) by the first correspondent of the SS, per initial sequence (1PRP) on the side of the second CSS and the second preliminary sequence (2PRP) on the side of the third CSS, IP encoding on the side of the first CSS, selection of the block of test symbols from the encoded IP, its transmission from the first correspondent to the second and third CSS over the first direct channel communication without errors and on the second direct communication channel without errors, respectively, the formation and storage of the first decoded sequence on the side of the second SSN and the second decoded sequence on the side of the third SSN, the formation of the hashing function on the side of the first SSN, the transfer of the hashing function from the first correspondent to the second and third CSS on the first direct communication channel without errors and on the second direct communication channel without errors, respectively, after which the formation of an encryption/decryption key from the original, first and second decoded sequences on the sides of the first, second and third CSS, respectively.

The formation of the IP by the first CSS consists in generating L times, where L>10 ⁴ is the selected primary length of the IP, a random binary symbol, forming a code word from it by repeating the generated random binary symbol M times, where M ≥ 1, and transmitting the code word over the first channel communication with errors to the second CSS and via the second communication channel with errors to the third CSS, simultaneous formation of the second and third CSS from the received code word of the received binary symbol and binary confirmation symbols F and F1, on the sides of the second and third CSS, respectively, simultaneous transmission of the binary confirmation symbol F from the second RCC on the first error-free reverse link to the first RCC and on the third error-free forward link to the third RCC, simultaneous transmission of a binary confirmation symbol F1 from the third RCC on the second error-free reverse link to the first RCC and on the third error-free reverse link to the second CSS, then, if at least one of the binary confirmation symbols F and F1 to zero, the generated random binary symbol on the side of the first CSS, the received binary symbol on the side of the second CSS and the received binary symbol on the side of the third CSS are erased, otherwise the generated random binary symbol and the received binary symbols are stored as ix elements , where i=1, 2, 3, ..., (LU), IP, 1PRP and 2PRP, on the sides of the first, second and third CSS, respectively, where U is the number of erased symbols in the formation of the initial and preliminary CSS sequences.

IP encoding on the side of the first CSS is carried out by a linear block systematic binary error-correcting (N, K) code, the generating matrix of which has the dimension K×N, and N>K. The sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen to be K=2 ^m -1-m and N=2 ^m -1, where m≥3. For encoding, the original sequence is preliminarily divided into Y subblocks of length K binary symbols, where Y=(LU)/K, then sequentially starting from the 1st to the Yth of each jth subblock, where j=1, 2, 3, ...,Y, form the j-th code block of length N binary symbols by multiplying the j-th subblock by the generating matrix, then the j-th subblock of check symbols of length (NK) of binary symbols is extracted from the j-th code block, which is stored as j- th subblock of the block of check symbols of the encoded IP.

The selection of the IP parity block consists in splitting the encoded IP into IP and the parity block of the encoded IP by extracting the latter.

The transmission of the block of parity coded SP consists in the transmission of the latter from the first CSS on the first direct communication channel without errors to the second CSS and on the second direct communication channel without errors to the third CSS.

Simultaneous formation of 1DP on the side of the second CSS and 2DP on the side of the third CSS is carried out as follows: the first preliminary sequence of the second CSS and the second preliminary sequence of the third CSS are decoded by a linear block systematic binary error-correcting (N, K) code, the transposed check matrix of which has the dimension N×( NK), and N>K. Sizes K and N check matrix linear block systematic binary error-correcting (N, K) code choose K=2 ^m -1-m and N=2 ^m -1, where m≥3. For decoding, the first pre-sequence on the side of the second CSS and the second pre-sequence on the side of the third CSS, as well as the block of parity symbols of the encoded source sequence, are divided into Y corresponding pairs of decoded sub-blocks and sub-blocks of parity symbols, where Y=(LU)/K, and the lengths of the decoded subblocks and subblocks of the parity symbols are chosen equal to K and (NK) binary symbols, respectively, then Y received code blocks of length N binary symbols are formed by right concatenation to the j-th decoded subblock of the j-th parity subblock, where j=1, 2, 3,…, Y, after which sequentially, starting from the 1st to the Yth, the j-th syndrome of length (NK) of binary symbols is calculated by multiplying the j-th received code block by the transposed check matrix, and by the obtained j-th syndrome correct errors in the j-th decoded sub-block, which is then stored as the j-th sub-block 1DP on the side of the second CSS and 2DP on the st defense of the third KSS.

The formation of the hashing function of sequences by the first CSS consists in the formation of a binary matrix G of dimension (L-U)×T, where T≥64 is the length of the generated encryption/decryption key, and each of the elements of the binary matrix G is randomly generated.

The transmission of the hashing function of the sequences consists in sequential transmission, starting from the 1st to the (L-U)th row of the binary matrix G, from the first CSS through the first direct communication channel without errors to the second CSS and through the second direct communication channel without errors to the third CSS.

The formation of CLSD by the first, second and third CSS consists in hashing the corresponding original and decoded sequences according to the hashing function of the sequences generated by the first CSS. To hash the sequences, the binary matrix G and IP are preliminarily on the side of the first correspondent, on the side of the second correspondent the binary matrix G and 1DP, and on the side of the third correspondent the binary matrix G and 2DP are divided into W of the corresponding pairs of submatrices of dimension P×T, where P=(LU )/W, and the corresponding subblocks of the original and decoded sequences of length P binary symbols, then, starting from the 1st to the Wth, the z-th primary key of length T binary symbols is calculated, where z=1, 2, 3,…, W, by multiplying the z-th IP subblock by the z-th submatrix G _z on the side of the first CSS, the z-th subblock 1DP by the z-th submatrix G, on the side of the second CSS, the z-th subblock 2DP by the z-th submatrix G _z by side of the third CSS, and then form KLSD by bitwise summation modulo 2 of the corresponding W primary keys on the sides of the first, second and third CSS.

The prototype method makes it possible to form a CLSD between the CSS with relatively low material costs with a large spatial separation of the correspondents themselves of the communication network.

The disadvantage of the prototype is the relatively low resistance of the CLSD to compromise, due to the sufficiently large amount of information about the CLSD obtained by the intruder as a result of the interception of non-noisy code words of the code with M-repetitions in the process of forming the communication network IP, 1PRP and 2T1RP by the correspondents as the basis for the formation of the CLSD.

The purpose of the claimed technical solution is to develop a method for the formation of CLSD, providing an increase in resistance to compromise CLSD by the intruder.

This goal is achieved by the fact that in the known method of generating an encryption/decryption key, which consists in generating a random binary symbol, generating a code word, generating a received binary symbol, generating a binary confirmation symbol, transmitting a binary confirmation symbol, forming the initial sequence on the side of the second CSS and the first pre-sequence on the side of the first CSS, form the second pre-sequence on the side of the third CSS, encode the original sequence, extract a block of parity symbols from the encoded original sequence, transmit the block of parity symbols over communication channels without errors, form and store the first and second decoded sequences , form a hashing function on the side of the first correspondent, simultaneously transmit the hashing function of sequences over the first direct and second direct communication channels without errors, respectively, to the second and third correspondents communication network users, after which an encryption/decryption key is generated from the original, first and second decoded sequences.

To form the initial sequence L times, where L>10 ⁴ is the selected primary length of the initial sequence, on the side of the first CSS, a noisy block of binary symbols is formed, and each p-th binary symbol of the noisy block of binary symbols, where p=1, 2, 3, ..., (M+1), randomly generated, where M≥1, simultaneously transmitted over the first and second communication channels with errors to the second and third correspondents of the communication network, respectively, after which the noisy block of binary symbols is simultaneously received on the side of the second correspondent of the network communication as a received noise block of binary symbols of the second correspondent of the communication network, and on the side of the third correspondent of the communication network as a received noise block of binary symbols of the third correspondent of the communication network, then on the side of the second correspondent of the communication network a random binary symbol is generated, a code word is formed from it, after which a noisy code word is formed by bitwise sums modulo 2 of the received noisy block of binary symbols of the second correspondent of the communication network and the generated code word, the noisy code word is simultaneously transmitted over the first reverse and third direct communication channels without errors to the side of the first and third correspondents of the communication network, respectively, then on the side of the first correspondent of the network connections form the received word of the first correspondent of the communication network by bitwise summation modulo 2 of the noisy block of binary symbols and the noisy code word, and at the same time, on the side of the third correspondent of the communication network, the received word of the third correspondent of the communication network is formed by bitwise summation modulo 2 of the received noisy block of binary symbols of the third correspondent of the communication network and a noisy code word, then on the side of the first correspondent of the communication network, from the generated received word of the first CSS, the received binary symbol of the first CSS and the binary confirmation symbol are formed F, and at the same time, on the side of the third correspondent of the communication network, from the corresponding generated received word of the third CSS, the received binary symbol of the third CSS and the binary confirmation symbol F1 are formed, after which the binary confirmation symbol F formed by the first correspondent of the communication network is simultaneously transmitted over the first direct and second direct communication channels without errors, respectively, to the second and third correspondents of the communication network, and the binary confirmation symbol F1 formed by the third correspondent of the communication network is simultaneously transmitted over the second reverse and third reverse channels without errors to the first and second correspondents of the communication network, respectively, when at least one of of the received binary confirmation symbols, the generated random binary symbol of the second correspondent of the communication network and the received binary symbols of the first and third correspondents of the communication network are erased, otherwise the generated random binary symbol is stored l of the second correspondent of the communication network, the received binary symbol of the first correspondent of the communication network, the received binary symbol of the third correspondent of the communication network, respectively, as ix binary symbols, where i=T, 2, 3, ..., (LU), the initial sequence of the second KSS, the first of the preliminary sequence of the first CSS and the second preliminary sequence of the third CSS, respectively, where U is the number of erased binary symbols during the formation of the initial sequence and preliminary sequences, then, on the side of the second correspondent of the communication network, the initial sequence is encoded, a block of test symbols is extracted from the encoded initial sequence, at the same time it is transmitted over the first reverse and third forward communication channels without errors to the first and third correspondents of the communication network, respectively, then the first decoded sequence is simultaneously formed on the side of the first CSS, the second decoded sequence on the side of the third thiego KSS.

To form a code word, the generated random binary symbol is repeated M times, where M≥1. The received binary symbol of any correspondent of the communication network is assigned the value of the first binary symbol of the received code word. For independent and simultaneous formation of the binary confirmation symbol F of the first correspondent of the communication network or the binary confirmation symbol F1 of the third correspondent of the communication network, respectively, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received word, where M is the number of repetitions of the generated random binary symbol at formation of a code word, after which, if there are M matches of the first binary symbol of the received word with subsequent M binary symbols of the received word, the binary confirmation symbol F of the first correspondent or the binary confirmation symbol F1 of the third correspondent is assigned the value one, and if there is at least one mismatch of the first binary symbol of the received words followed by M binary symbols of the received word, the binary acknowledgment symbol F of the first correspondent or the binary acknowledgment symbol F1 of the third correspondent is set to zero. The original sequence is encoded with a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the generating matrix of which has the dimension (K×N), and N>K. When encoding, the original sequence is preliminarily divided into Y subblocks of length K binary symbols, where Y=(LU)/K. Then sequentially starting from the first to the Y-th of each j-th sub-block, where j=1, 2, 3,…, Y, the j-th code block of length N binary symbols is formed by multiplying the j-th sub-block by the generating matrix. From the j-th code block, the j-th subblock of check symbols of length (NK) of binary symbols is selected. Memorize as the j-th subblock of the block of check symbols of the encoded source sequence. The sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen to be K=2 ^m -1-m and N=2 ^m -1, where m≥3. To form the first and second decoded sequences, the first and second preliminary sequences of the first and third correspondents of the communication network, respectively, are independently and simultaneously decoded by a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block , whose transposed check matrix has dimension N×(NK), and N>K. For simultaneous and independent formation of decoded sequences of the first and third correspondents of the communication network, the corresponding preliminary sequences of the first and third correspondents of the communication network and blocks of check symbols of the encoded original sequence are divided into Y corresponding pairs of decoded subblocks and subblocks of check symbols, where Y=(LU)/K. The lengths of the decoded sub-blocks and sub-blocks of the parity symbols are chosen to be, respectively, K and (NK) binary symbols. Then, Y received code blocks of length N binary symbols are formed by right concatenation to the j-th decoded subblock of the j-th subblock of parity symbols, where j=1, 2, 3,…, Y. Sequentially, starting from the 1st to the Yth , the j-th syndrome of length (NK) of binary symbols is calculated by multiplying the j-th received code block by the transposed parity matrix. According to the obtained j-th syndrome, errors are corrected in the j-th decoded sub-block, which is then stored as the j-th sub-block of the decoded sequences.

The sizes K and N of the check matrix of the linear block systematic binary error-correcting (N, K) code K=2 ^m -1-m and N=2 ^m -1 are selected, where m≥3.

The sequence hashing function on the side of the first correspondent of the communication network is formed in the form of a binary matrix G of dimension (LU)×T, where T≥64 is the length of the generated encryption/decryption key, and each of the elements of the binary matrix G is randomly generated. The hashing function of the sequences, formed by the first correspondent of the communication network, sequentially, starting from the first to (LU)-th row of the binary matrix G, is transmitted simultaneously to the second and third correspondents of the communication network via the first direct and second direct communication channels without errors, respectively. With the simultaneous formation of the encryption/decryption key, the preliminary binary matrix G and the initial sequence of the second correspondent of the communication network, the binary matrix G and the first decoded sequence of the first correspondent of the communication network, the binary matrix G and the second decoded sequence of the third correspondent of the communication network are divided into W corresponding pairs of submatrices of dimension P ×T, where P=(LU)/W, T≥64 - the length of the generated encryption/decryption key, and, accordingly, subblocks of the original sequence, the first decoded sequence and the second decoded sequence of length P binary symbols, respectively. Then, simultaneously, starting from the first to the W-th, the correspondents of the communication network calculate the z-th primary key of length T binary symbols, where z=1, 2, 3,…, W, by multiplying the z-th subblock of the initial sequence of the second correspondent of the communication network by z -th submatrix G _z , z-th subblock of the first decoded sequence of the first correspondent of the communication section to the z-th submatrix G _z , z-th subblock of the second decoded sequence of the third correspondent of the communication network to the z-th submatrix G _z . After that, an encryption/decryption key is simultaneously formed by bitwise summation modulo 2 of all W primary keys on the sides of all correspondents of the communication network.

Thanks to a new set of essential features, due to the noise of the transmitted code word with a code with M-repetitions in the process of the simultaneous formation of the CLSD by the correspondents of the communication network, the amount of information about the CLSD obtained by the intruder as a result of the interception of the transmitted keywords is reduced, which makes it possible to increase the resistance of the generated CLSD to compromise with respect to to the offender.

The claimed method is illustrated by the figures, which show:

• figure 1 - a generalized block diagram of the communication network used in the claimed method;

• figure 2 - timing diagram of the formation of a noisy block of binary symbols (ZBDS) on the side of the first CSS;

• figure 3 - timing diagram of the error vector in the first communication channel with errors;

• Figure 4 shows the timing diagram of the second CCC received by the STD;

• figure 5 - timing diagram of generating a random binary symbol on the side of the second CSS;

• figure 6 - timing diagram of the formation of the code word on the side of the second CSS;

• figure 7 - time diagram of the formation of a noisy code word by the second CSS;

• Figure 8 shows the time diagram of the noisy code word received by the first CSS;

• Figure 9 shows the time diagram of the 3BDS generated by the first CSS;

• figure 10 - timing diagram of the formation of the received word by the first CSS;

• figure 11 - timing diagram of the formation of the first CSS binary confirmation symbol F;

• figure 12 - timing diagram of the formation of the first CSS of the received binary symbol;

• Figure 13 is a timing diagram of the binary acknowledgment symbol F received by the second CSS from the first CSS;

• Figure 14 is a timing diagram of the binary acknowledgment symbol F received by the third CSS from the first CSS;

• on the figure 15 - the timing diagram formed by the first CSS STD;

• figure 16 - timing diagram of the error vector in the second communication channel with errors;

• Figure 17 shows the timing diagram of the third CSS received by the ZBDS;

• na figure 18 is the time diagram of the noisy code word received by the third CCC;

• figure 19 - timing diagram of the formation of the received word on the side of the third CSS;

• figure 20 - timing diagram of the formation of the third CCC binary confirmation symbol F1;

• figure 21 - timing diagram of the formation of the third CCC received binary symbol;

• Figure 22 shows a timing diagram of the binary acknowledgment symbol F1 received by the first CSS from the third CSS;

• Figure 23 shows a timing diagram of the binary acknowledgment symbol F1 received by the second CSS from the third CSS;

• pa figure 24 - timing diagram of the stored i-th element of the original sequence of the second CSS;

• figure 25 - timing diagram of the stored i-th element of the first pre-sequence of the first CSS;

• figure 26 - timing diagram of the stored i-th element of the second pre-sequence of the third CSS;

• Figure 27 is a timing diagram of the generated first pre-sequence of the first CSS;

• figure 28 - timing diagram of the generated second pre-sequence of the third CSS;

• figure 29 - timing diagram of the generated initial sequence of the second CSS, divided into Y subblocks by K symbols;

• figure 30 - timing diagram of the selected j-th subblock of the original sequence of length K binary symbols;

• figure 31 - timing diagram of the formation of the j-th code block with a length of N binary symbols;

• on the figure 32 - timing diagram of the selection of the j-th subblock of parity symbols of length (N-K) binary symbols;

• figure 33 - timing diagram of the formation of the coded IP parity block from Y subblocks of parity symbols;

• Figure 34 is a timing diagram of the block of parity symbols of the encoded source sequence received by the first CSS and divided into Y subblocks of parity symbols of length (N-K) binary symbols, and extracting the j-th subblock of parity symbols from it;

• figure 35 - timing diagram of the first pre-sequence of the first CSS, divided into Y decodable sub-blocks of K symbols and the allocation of the j-th decodable sub-block;

• figure 36 - timing diagram of the formation of the j-th code block by right concatenation of the j-th subblock of parity symbols to the j-th decoded subblock;

• figure 37 - timing diagram of the calculation of the j-th syndrome S1, length (N-K) binary symbols and the determination of the absence of errors on the side of the first CSS;

• figure 38 - timing diagram of the j-th decodable sub-block on the received j-th syndrome S1;

• in figure 39, the timing diagram of the formation of the first decoded sequence of the first CSS from Y subblocks;

• Figure 40 shows a timing diagram of the block of parity symbols of the encoded source sequence received by the third CCC and divided into Y subblocks of parity symbols of length (N-K) binary symbols and extracting the j-th subblock of parity symbols from it;

• figure 41 - timing diagram of the second pre-sequence of the third CSS, divided into Y decodable sub-blocks of K symbols and extracting from it the j-th decodable sub-block;

• in figure 42, the timing diagram of the formation of the j-th code block by right concatenation of the j-th subblock of parity symbols to the j-th decoded subblock on the side of the third CSS;

• figure 43 - timing diagram of the calculation of the j-th syndrome S2 length (N-K) binary symbols;

• figure 44 - timing diagram of the location of the error in the j-th decoded sub-block on the received j-th syndrome S2 on the side of the third CSS;

• figure 45 - timing diagram of the formation of the second decoded sequence of the third CSS from Y decodable sub-blocks;

• figure 46 - view formed on the side of the first CCC function hashing sequences;

• figure 47 - timing diagram of the representation of the hashing function in the form of a sequence of binary characters, including from the first to (L-U)-th line of length but T binary characters;

• Figure 48 shows the timing diagram of the generated initial sequence of the second CSS, the first decoded sequence of the first CSS, the second decoded sequence of the third CSS;

• figure 49 - timing diagram of the generated encryption/decryption key of the second first and third correspondents of the communication network;

• on the figure 50 - the time diagram of the formation of CLSD.

In the presented figures, the symbol "A" denotes the actions taking place on the side of the first CCC, the symbol "B1" - on the side of the second CCC, the symbol "B2" - on the side of the third CCC. The symbol "→" denotes the process of transferring sequences of binary characters over communication channels between correspondents of the communication network. In the figures, the shaded pulse is the symbol "1" and not the shaded symbol "0". The signs "+" and "×" denote, respectively, addition and multiplication in the Galois field GF(2). The upper alphabetic indices indicate the length of the sequence (block), the lower alphabetic indices indicate the number of the element in the sequence (block). The symbol "E" denotes the level of the symbol (signal) along the y-axis of the timing diagram.

The implementation of the claimed method is as follows. Modern cryptosystems are built according to the Kerckhoff principle, described, for example, in the book by D. Massey, "Introduction to modern cryptology", TIIER vol. 76, No. 5, May 1988, p. 24, according to which the complete knowledge of the intruder includes, in addition to information obtained by means of interception, complete information about the order of interaction of the correspondents of the communication network and the process of forming the CLSD. The formation of a common CLSD can be divided into three main stages within the framework of the block diagram of the communication network shown in figure 1.

The first stage is the simultaneous formation of the initial (IP) and preliminary (PRI) sequences. Ensuring the formation of IP and PRP is carried out by simultaneously transmitting information from the first CCC over the first and second communication channels with independent errors to the second and third CCC, respectively, by simultaneously transmitting additional information about the IP over the first reverse and third forward communication channels without errors, respectively, to the first and third CCC and with simultaneous processing by all CCCs. It is assumed that the intruder knows the order of processing information about the IP and intercepts his version of the information about the AI transmitted by the first CSS at the output of an independent intercept channel (IC) with errors, intercepts additional information through the intercept channels without errors and uses it to form his version of the PDP. Increasing the resistance to CLSD compromise on the part of the intruder is achieved by the formation of IP on the side of the second CSS through the use of ZBDS transmitted by the first CSS. As a result, the initial intercept channel (PCH) of the intruder is converted to the secondary interception channel (SCH), which is a composite channel that includes the PCH and the first communication channel with errors. The quality of the VKP is deteriorating compared to the PKP, which leads to a decrease in the amount of information about the generated CLSD received by the intruder at the output of the VKP.

The second stage is designed to ensure the formation of CLSD with high reliability. The formation of CLSD with high reliability is achieved by eliminating (correcting) mismatched symbols (errors) in the preliminary sequences of the first CSS and the third CSS relative to the original sequence of the second CSS, when the correspondents use additional information about the IP transmitted but to the first reverse and third direct communication channels without errors from the second correspondent to the first KSS and the third KSS, respectively. It is assumed that the adversary intercepts additional information via interception channels without errors and uses it to eliminate discrepancies in its version of the PDP regarding the PI of the second CSS.

The third stage is designed to generate a key of a given length with a small amount of information about the key received by the intruder. Ensuring the formation of a key of SS correspondents with a small amount of information about it from the intruder is ensured by compressing the sequences of correspondents of the communication network that they received after the second stage. It is assumed that the attacker knows the sequence compression algorithm.

In the claimed method, an increase in the resistance to compromise of the CLSD on the part of the intruder is realized by the following sequence of actions.

It is assumed that the intruder has an interception channel, with the help of which he receives information about randomly generated and transmitted ZBDS via communication channels with errors to form the IP and PRP of the correspondents of the communication network. However, in order to obtain information about the IP (the first PRP, the second PRP), knowledge is required about the code words transmitted by the second CSS over communication channels without errors. The second CSS transmits noisy code words (ZCS). It is assumed that the intruder receives the ZKS at the output of its error-free intercept channels (ERCs). In order to obtain a code word, the intruder needs to remove the noise from the SSS by bitwise summation modulo 2 of the version of the SBDS of the intruder and the SSS. This determines the transformation of the PKP into the PKP. The intruder can only receive information and cannot participate in the information exchange. To ensure an increase in the resistance to compromise of the CLSD on the part of the intruder, it is necessary to create conditions under which the transformation of the PKP into the PKP is carried out.

To create the above conditions, on the side of the first CSS, a ZBDS is formed (each p-th binary symbol of the ZBDS, where p=1, 2, 3..., (M+1), is randomly generated, where M>1, to ensure an increase in resistance to compromise CLSD from the side of the intruder), it is simultaneously transmitted via the first and second communication channels with errors to the second SSS and the third SSS, respectively. The second CSS and the third CSS simultaneously receive each of the noise blocks of binary symbols as the received noise block of binary symbols of the second CSS and the received noise block of binary symbols of the third CSS, respectively. Then, on the side of the second CSS, a random binary symbol is generated (each binary symbol is generated randomly in order to increase the resistance to the compromise of the CLSD by the intruder), a code word is formed from it by repeating the generated random binary symbol M times, and a noisy code word is formed by bitwise modulo 2 summation of the received noisy block of binary symbols of the second CSS and the generated code word. At the same time, a noisy code word is transmitted over the first reverse and third forward communication channels without errors to the side of the first CSS and the third CSS, respectively. On the side of the first CSS, the received word of the first CSS is formed by bitwise summation modulo 2 of the noisy block of binary symbols and the noisy code word, and at the same time, on the side of the third CSS, the received word of the third CSS is formed by bitwise summation modulo 2 of the received noise block of binary symbols of the third CSS and the noisy code word. Then, on the side of the first CSS, the received binary symbol of the first CSS and the binary confirmation symbol F are formed from the generated received word of the first CSS, and simultaneously, on the side of the third CSS, the received binary symbol of the third CSS and the binary confirmation symbol F1 are formed from the corresponding generated received word of the third CSS. To form a received binary symbol, it is assigned the value of the first binary symbol of the received word. If all elements of the received word are "1" symbols or "0" symbols, then the confirmation symbol is set to "1" and the information symbol corresponding to the received word is judged. Otherwise, the received word is erased and the acknowledgment symbol is set to "0". The decision (confirmation symbols) about the received (erased) words is simultaneously transmitted over the communication channels without errors to all other correspondents of the communication network. Correspondents of the communication network simultaneously store in the original and preliminary sequences the received characters that have not been erased. The intruder can also delete characters that have been erased by the correspondents of the communication network. However, the symbols stored by the attacker (i.e., which correspond to the simultaneously stored communication network correspondent symbols) are not sufficiently reliable because errors occurring in independent channels with communication network correspondent errors and errors occurring in the interception channel are independent errors. Instead of the presented decoding of the received words, the correspondents of the communication network can use threshold decoding at the same time. The main difference when using threshold decoding is that the correspondents of the communication network simultaneously receive each of the words of the repetition code, not only when all its elements are either "1" or "0", but also when the number of identical binary symbols in the received word is not less than a certain number (threshold). This will lead, on the one hand, to a decrease in the reliability of each of the simultaneously stored symbols in the pre-sequences (PRS) on the sides of the first CSS and the third CSS, on the other hand, the correspondents of the communication network will erase the IP (PR) symbols less.

The creation of conditions under which an increase in resistance to compromise of the CLSD by the intruder is implemented in the claimed method by the following sequence of actions for the simultaneous formation of the IP of the second CSS and preliminary sequences of the first CSS and the third CSS. The formation of the initial sequence of the second CSS is as follows. L times, where L>10 ⁴ is the selected primary length of the original sequence, on the side of the first CSS form 3BDS, and each p-th binary symbol of the 3BDS, where p=1, 2, 3, ..., (M + 1), is generated randomly way, where M≥1 (see Fig. 2, 15). The value of M is determined by the quality of the communication channels with errors (see Fig. 2). Known methods for generating random numbers are described, for example, in the book by D. Knuth, "The Art of Computer Programming", M., Mir, 1977, v.2, p. 22. Simultaneously transmit it through the first and second communication channels with independent errors to the second KSS and the third KSS, respectively. Timing diagrams of error vectors in communication channels with independent errors are shown in figures 3 and 16. The term "error vector" means the bit difference between the transmitted and received words, as described, for example, in the book A. Zyuko, D. Klovsky, M. Nazarov , L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 93. BDSN is received on the side of the second CSS as a received noisy block of binary symbols of the second CSS, and on the side of the third CSS as a received noisy block binary symbols of the third CSS. The received STA of the second SSC and the received STA of the third SSC are shown in Figures 4 and 17, respectively. Known methods for transmitting sequences over communication channels with errors are described, for example, in the book by A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 11. On the second CSS side, a binary symbol is randomly generated (see FIG. 5). Known methods for generating random numbers are described, for example, in the book by D. Knuth, "The Art of Computer Programming", M., Mir, 1977, v. 2, p. 22. A code word is formed from a random binary symbol. To form a code word, the generated random binary symbol is encoded with an M-repetition code (see FIG. 6). Known methods of encoding with a code with repetitions are described, for example, in the book by E. Berlekamp, "Algebraic Coding Theory", M., Mir, 1971, p. to increase the reliability of the received symbols. A noisy codeword is formed on the side of the second CSS by bit-by-bit summation modulo 2 of the received ZBDS of the second CSS and the generated codeword (see Fig. 7).

At the same time, a noisy code word is transmitted over the first reverse and third forward communication channels without errors to the first CSS and the third CSS, respectively. The received noisy code words are shown in figures 8 and 18. On the side of the first CSS, the received word of the first CSS is formed by bitwise summation modulo 2 of the noisy block of binary symbols and the noisy code word, at the same time, on the side of the third CSS, the received word of the third CSS is formed by bitwise summation modulo 2 of the received noisy block of binary symbols of the third CSS and the noisy code word. Received word generation timings are shown in FIGS. 8, 9, 10 for the first CSS and FIGS. 17, 18, 19 for the third CSS, respectively. On the first CSS side, the received binary symbol of the first CSS is formed from the generated received word of the first CSS (see Fig. 12) and the binary confirmation symbol F (see Fig. 11), on the third CSS side, the received binary symbol is formed from the corresponding generated received word of the third CSS a third CSS (see FIG. 21) and a binary acknowledgment symbol F1 (see FIG. 20). The received binary symbol on the side of the first CSS and the third CSS is simultaneously assigned the value of the first binary symbol of the received words of the first CSS (see Fig. 10, 12) and the third CSS (see Fig. 19, 21), respectively. On the first CSS side, to generate a binary confirmation symbol F, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received word of the first CSS. Simultaneously, on the side of the third CSS, to generate a binary acknowledgment symbol F1, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received word of the third CSS. If there is at least one mismatch between the first binary symbol of the received word and the subsequent M binary symbols of the received word, the binary confirmation symbol is set to "0". If there are M matches of the first binary symbol of the received word followed by M binary symbols of the received word, the binary confirmation symbol is set to "1", as shown in Figures 10 and 11 for the first CSS and in Figures 19, 20 for the third CSS. Known methods for comparing binary symbols are described, for example, in the book by P. Horovets, W. Hill, “The Art of Circuitry”, M., Mir, vol. 1, 1983, p. the first and second forward communication channels without errors, respectively, to the second CSS and the third CSS (see Fig. 13 and 14), the binary confirmation symbol F1 generated by the third CSS is transmitted over the second reverse and third reverse communication channels without errors, respectively, to the first CSS and the second CSS (see Fig. 22 and 23). Known methods for transmitting a binary character over the reverse channel are described, for example, in the book A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 156. When if at least one of the received binary confirmation symbols (F, or (and) F1) is equal to zero, the generated random binary symbol of the second CSS and the received binary symbols of the first CSS and the third CSS are simultaneously erased, otherwise the generated random binary symbol of the second CSS is simultaneously stored , the received binary symbol of the first CSS, the received binary symbol of the third CSS, respectively, as ix elements, where i=1, 2, 3, ..., (LU), the original sequence, the first pre-sequence and the second pre-sequence, where U is the number simultaneously erased symbols during the formation of the initial sequence of the second CSS, the first PRP of the first CSS and the second PRP of the third CSS. Figure 24 shows the i-th element of the source sequence of the second CSS, figure 25 shows the i-th element of the PR of the first CSS, and the i-th element of the second PR of the third CSS is shown in figure 26. Known methods for erasing binary characters are described, for example, in the book W. Pittsson, E. Weldon, "Error-correcting codes", M., Mir, 1976, p. 17. Known methods of storing binary characters are described, for example, in the book digital technology”, M., Radio and Communications, 1986, p. .

An estimate of the error probabilities in the PRP of the correspondents of the communication network is given in Appendix 1.

After the correspondents of the communication network use a code with repetitions in the IP of the second CSS and the preliminary sequences of the first CSS and the third CSS, mismatched characters remain, which does not allow the correspondents of the communication network to proceed to the direct formation of the CLSD. The elimination of these mismatches can be implemented based on the use of error-correcting coding. However, well-known error-correcting codes make it possible to encode sequences of much smaller length than the received length of IP (PRP) equal to (LU) of binary symbols. For this, sequential coding is used, i.e. if the length of the IP (PRP) is large, for example, 10 ⁴ ÷10 ⁶ binary symbols, it is divided into Y sub-blocks with a length of K symbols, where Y=(LU)/K.

Each subblock with a length of K symbols is encoded on the side of the second CSS with a linear systematic block error-correcting (N, K) binary code, where K is the length of the block of information symbols and N is the length of the code block. A linear binary code is a code that is built on the basis of the use of linear operations in the GY (2) field, as described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir, 1986, p. 61 The term "block code" means a code in which actions are performed on blocks of characters, as described, for example, in the book by R. Blahut, "Theory and Practice of Error Control Codes", M., Mir, 1986, p. a code is called in which the code word begins with K information symbols, the remaining (NK) symbols of the code word are check symbols for information symbols, as described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir, 1986, p. 66. Then the generated blocks of check symbols of length (NK) of binary symbols are combined into a single block of check symbols of the encoded IP of length Y × (NK) of binary symbols and simultaneously transmitted over the first reverse and third forward channels with ties without errors, respectively, to the first KSS and the third KSS. The first CSS and the third CSS use the coded IP parity block to resolve mismatches in their pre-sequences with respect to the IP, whereby the first CSS and the third CSS generate decoded sequences.

An estimate of the probabilities of erroneous decoding of preliminary sequences of correspondents of a communication network is given in Appendix 2.

As error-correcting codes, a wide class of Bose-Chowdhury-Hokvingham codes, Hamming, Reed-Mahler, Reed-Solomon codes and other linear block codes characterized by their parameters (N, K) can be used. During the use of error-correcting coding by the correspondents of the communication network, the intruder receives additional information about the CLSD by intercepting the block of test symbols of the encoded IP of the second CCC, transmitted over the first reverse and third direct communication channels without errors, respectively, to the first CCC and the third CCC. Using it, the intruder also corrects some of the inconsistencies in its version of the intercepted PDP regarding the PI of the second CSS. Correspondents take this circumstance into account when forming from the original and decoded sequences of CLSD for the communication network. The elimination of inconsistencies (errors) in the preliminary sequences of the first CCC and the third CCC is implemented in the claimed method by the following sequence of actions. The encoding of the original sequence of the second CSS is as follows. Previously, the source sequence is divided into Y subblocks of length K binary symbols, where Y=(LU)/K, as shown in FIG. 29. Known methods for splitting a sequence into blocks of fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, “Communication Systems”. M., Higher school, 1987, p. 208. Sequentially, starting from the 1st to the Yth, each j-th subblock, where j=1, 2, 3, ..., Y, is encoded by a linear block systematic binary noise-immune ( N, K) code (see Fig. 30 and 31). The generator matrix of the code has dimension K×N, and N>K. The sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen as K=2 ^m -1-m and N=2 ^m -1. where m≥3, as described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir, 1986, p. generating code matrix and get the j-th code block of length N binary symbols, as shown in figure 31. Known methods of error-correcting coding of symbol blocks are described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir , 1986, p. 63. From the j-th code block, the j-th subblock of parity symbols of length (NK) of binary symbols is extracted (see Fig. 32). Known methods for allocating blocks of fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, "Communication Systems", M., Higher School, 1987, p. a block of check symbols of the encoded source sequence. The timing diagram for the formation of a block of check symbols of an encoded IP is shown in figure 33. Known methods for storing a sequence of binary symbols are described, for example, in the book L. Maltsev, E. Flomberg, V. Yampolsky, "Fundamentals of Digital Technology", M., Radio and Communications, 1986, p. 38. At the same time, a block of coded IP parity symbols is transmitted over the first reverse and third forward communication cables without errors, respectively, to the first SSC and the third SSC. Known methods for transmitting sequences over communication cables are described, for example, in the book by A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 11. Simultaneous formation decoded sequences by the first KSS and the third KSS is as follows. The first DP of the first SCC and the second DP of the third SCC are simultaneously formed from the first PRP and the second PRP, respectively. The actions of the first CSS and the third CSS on the formation of the first DP and the second DP are the same and are performed simultaneously. On the first RCC side, the first DR and the coded parent sequence parity symbol block, simultaneously on the third RCC side, the second RLP and the coded parent sequence parity symbol block are divided into Y corresponding pairs of decodable sub-blocks as shown in FIGS. 35 and 41, respectively, and parity sub-blocks , as shown in figures 34 and 40, respectively, where Y=(LU)/K. The lengths of the decodable sub-blocks and sub-blocks of the parity symbols are chosen to be, respectively, K and (NK) binary symbols. Known methods for splitting a sequence into blocks of fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, "Communication Systems", M., Higher School, 1987, p. 208. The first CCC and the third CCC simultaneously form Y received code blocks of length N binary symbols by right concatenation to the j-th decodable sub-block of the j-th parity sub-block, where j=1, 2, 3, ..., Y, as shown in Figures 36 and 42, respectively. The Y received code blocks of the first CSS and the third CSS are simultaneously decoded with a linear block systematic binary error-correcting (N, K) code (see FIGS. 36 and 42, respectively). The check matrix of the code has the dimension (NK)xN, and N>K. The sizes K and N of the check matrix of the linear block systematic binary error-correcting (N, K) code K=2 ^m -1-m and N=2 ^m -1 are selected, where m≥3, as described, for example, in the book by R. Blahut, “Theory and practice of error control codes”, M., Mir, 1986, p. 71. Sequentially, starting from the 1st to the Yth, the j-th length syndrome (NK) of binary symbols is calculated by multiplying the j-th received code block to the transposed check matrix. The timing diagram of the calculation of the j-th syndrome S1 of length (NK) binary symbols of the first CSS is shown in figure 37. The timing diagram of the calculation of the j-th syndrome S2 of length (NK) of binary symbols of the third CSS is shown in figure 43. The first CSS and the third CSS according to the received j th syndrome correct errors in the j-th decodable sub-block (see Fig. 38 and 44, respectively). Known methods for syndromic decoding of symbol blocks are described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir, 1986, p. j-th subblock of the first decoded sequence and the second decoded sequence, respectively, as shown in Figures 39 and 45. Known methods for storing a sequence of binary symbols are described, for example, in the book L. Maltsev, E. Flomberg, V. Yampolsky, "Fundamentals of Digital Technology" , M., Radio and communication, 1986, p. 38. Thus, the first KSS and the third KSS receive, respectively, the first and second decoded sequences.

After the communication network correspondents form identical IP on the side of the second CSS and DP on the sides of the first CSS and the third CSS, the correspondents of the communication network must form a CLSD with a small amount of information of the offender about the CLSD. To provide a small amount of information to the intruder about CLSD, the correspondents of the communication network use the method of "enhancing the secrecy" of sequences.

An assessment of the amount of Shannon's information received by the intruder about the KSD communication network formed by correspondents using the "enhancement of secrecy" method is given in Appendix 3.

To ensure a small amount of information of the intruder about CLSD in the proposed method of forming CLSD, the following sequence of actions is implemented. Simultaneous formation of the original sequence and decoded sequences CLSD is as follows. On the side of the first CSS, a hashing function of sequences is formed in the form of a binary matrix G of dimension (LU)×T, where T≥64 is the required length of the generated CLSD. Each of the elements of the binary matrix G is randomly generated (see FIG. 46). Known methods for generating random numbers are described, for example, in the book by D. Knuth, "The Art of Computer Programming", M., Mir, 1977, v.2, p. 22. The sequence hashing function is simultaneously transmitted over the first direct and second direct communication channels without errors, respectively, to the second CCC and the third CCC, sequentially, starting from the 1st to (LU)th rows of the binary matrix G, as shown in figure 47. Known methods for transmitting sequences over communication channels are described, for example, in the book by A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, “Theory of Signal Transmission”, M., Radio and Communications, 1986, p. 11. On the sides of the second CSS, the first CSS and the third CSS, CLSD is simultaneously formed by hashing the IP, the first DP and the second DP, respectively (see Fig. 48) according to the sequence hash function formed on the side of the first CSS, as shown in figure 49. binary the matrix G and the second DP of the third CSS are divided into W corresponding pairs of submatrices of dimension P×T, where P=(LU)/W, and subblocks of the original and decoded sequences of length P of binary symbols, respectively. Known methods for splitting a sequence into blocks of a fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, "Communication Systems", M., Higher School, 1987, p. 208. Then, starting from the first to the W-th, calculate z-th primary key of length T binary symbols, where z=1, 2, 3, W, by multiplying the z-th subblock of the IP of the second CSS by the z-th submatrix G _z , the z-th subblock of the first DP of the first CSS by the z-th submatrix G _z , the z-th sub-block in the second DP of the third CSS onto the z-th sub-matrix G _z . After that, CSD is formed by bitwise modulo 2 summation of all Wx primary keys on the sides of all correspondents of the communication network, as shown in figure 50. The actions for transmitting and receiving sequences over communication channels with errors, direct and reverse communication channels without errors are synchronized. Known synchronization methods are described, for example, in the book by E. Martynov, “Synchronization in Discrete Message Transmission Systems”, M., Svyaz, 1972, p. 186.

To confirm the possibility of achieving the formulated technical result, analytical modeling was carried out, the results of which can be concluded that the amount of information about the CLSD received by the intruder as a result of the interception of preliminary sequences between the correspondents of the communication network in the process of forming the CLSD using the proposed method can be reduced by 11, 08381 times compared with the amount of information of the offender in the formation of CLSD using the prototype method. This directly increases the resistance to compromise formed CLSD communication network by the proposed method in comparison with the prototype method. The results of evaluating the information of the intruder in the process of forming a CLSD for a communication network that includes three correspondents, the proposed method and the prototype method are given in Appendix 4

Attachment 1

Evaluation of the probabilities of errors (mismatches) of symbols in the first preliminary sequence of the first correspondent of the communication network and in the second preliminary sequence of the third correspondent of the communication network relative to the original sequence of the second correspondent of the communication network (Appendices 1-4 use all the conventional abbreviations that were used in the description of the invention)

- вероятность ошибки (несовпадения) символов в первой предварительной последовательности первого корреспондента СС относительно исходной последовательности второго корреспондента СС может быть найдена из выражения:Let p _ml be the probability of an error per binary symbol in the first communication channel with errors between the first and second SS correspondents and p _m2 is the probability of an error per binary symbol in the second communication channel with errors between the first and third SS correspondents (see Fig. 1), then

- the probability of an error (mismatch) of characters in the first preliminary sequence of the first correspondent of the SS relative to the original sequence of the second correspondent of the SS can be found from the expression:

вероятность ошибки (несовпадения) символов во второй предварительной последовательности (ПРП) третьего корреспондента СС относительно исходной последовательности второго корреспондента СС определяется выражением:Similarly

the probability of an error (mismatch) of characters in the second preliminary sequence (PRS) of the third SS correspondent relative to the original sequence of the second SS correspondent is determined by the expression:

where _pac is the probability with which the block transmitted by the second correspondent of the SS is simultaneously received (length (M + 1) of binary symbols) with M repetitions by the first and third correspondents, which is determined using the expression:

where α _ij is the joint probability of events, the occurrence of an error i in the first communication channel with errors between the first and second correspondents of the SS (the presence of an error (mismatch) of characters (i=1) or the absence of an error (i=0), and i∈{0, 1}), and the occurrence of an error j in the composite channel, including the serial connection of the first and second communication channels with errors, between the second and third correspondents of the CC (the presence of an error (mismatch) of characters (j=1) or the absence of an error (j=0), where j∈{0,1}), when transmitting any random character from the second SS correspondent to the first SS correspondent and the third SS correspondent, respectively, where:

Annex 2

Estimation of the probabilities of erroneous decoding of the first preliminary sequence of the first correspondent of the communication network and the second preliminary sequence of the third correspondent of the communication network relative to the original sequence of the second correspondent of the communication network

The probability of erroneous decoding of the first PRP of the first correspondent of the SS can be determined by the formula

where P _E01 is the probability of erroneous decoding of a subblock of length K of binary symbols from the first PRP of the first correspondent of the SS, determined as described, for example, in the book F. McWilliams, N. Sloan, “Theory of error-correcting codes”, M, Communication, 1979 , page 29,

- вероятность ошибки в первой ПРП первого корреспондента СС, равная полученному значению вероятности ошибки

из выражении (1.1) Приложения 1, а d - минимальное кодовое расстояние (N,K) кода, которое определяется, как минимальное число несовпадающих разрядов в двух любых кодовых словах (N,K) кода, как описано, например, в книге Ф. Мак-Вильямс, Н. Слоэн, «Теория кодов исправляющих ошибки», М., Связь, 1979, стр. 20.where

- error probability in the first PRP of the first correspondent of the SS, equal to the obtained value of the error probability

from expression (1.1) of Appendix 1, and d is the minimum code distance (N,K) of the code, which is defined as the minimum number of mismatched bits in any two codewords (N,K) of the code, as described, for example, in the book F. McWilliams, N. Sloan, "Theory of error-correcting codes", M., Svyaz, 1979, p. 20.

The probability of erroneous decoding of the second PRP of the third SS correspondent can be determined by the formula

where P _E02 is the probability of erroneous decoding of a subblock of length K of binary symbols from the second DRP of the third SS correspondent, is determined according to the expression:

- вероятность ошибки (несовпадения) символов во второй ПРП третьего корреспондента СС относительно исходной последовательности второго корреспондента СС, полученная из выражения (1.2) Приложения 1.where

- the probability of an error (mismatch) of characters in the second PRP of the third SS correspondent relative to the original sequence of the second SS correspondent, obtained from the expression (1.2) of Appendix 1.

Annex 3

Estimation of the amount of Shannon information received by the intruder about the encryption / decryption key generated by the correspondents of the communication network when using the “enhancement of secrecy” method

To provide a small amount of information to the intruder about CLSD, the proposed method for generating CLSD uses the method of "enhancing secrecy" of sequences based on universal hashing, as described, for example, in the book Bennett C., Brassard G., Crepeau C., Maurer U. "Generalized privacy amplification", IEEE Trans, on IT. vol. 41 no. 6.pp. 1915-1923, 1995, p. 1920. The essence of the method of "increasing secrecy" is as follows. On the side of the first correspondent, the CC randomly selects a hash function from a universal set of hash functions. The hashing function is transmitted over the first direct and second direct communication channels without errors, respectively, to the second and third SS correspondents. Then the first decoded sequence (DS) of the first SS correspondent, the original sequence of the second SS correspondent and the second DS of the third SS correspondent are hashed. The result of hashing will be the generated CLSD for a communication network of three correspondents. With the failure probability Pε, an event is possible in which the offender's information about the CLSD will be more than a certain small value Io. The first DL of length (LU) of binary symbols is displayed when hashing into a sequence Ka of length T of binary symbols of the generated CLSD of the first SS correspondent, the original sequence of length (LU) of binary symbols is mapped to a sequence of Kb1 of length T of binary symbols of the generated CLSD of the second correspondent of the SS, the second DS of length ( LU) of binary symbols is mapped to the sequence Kb2 of length T of binary symbols of the formed KSD of the third SS correspondent. It is assumed that the offender has complete information about the hashing function of the sequences of SS correspondents. The sequence hashing function must satisfy a number of requirements, as described, for example, in the book by Yu. Romanets, P. Timofeev, V. Shangin, “Information Protection in Computer Systems and Networks”, M., Radio and Communication, 1999, p. 156:

* the hash function should be sensitive to all sorts of changes in the sequence, such as. insertions, emissions, permutations, etc.;

* the hashing function must have the property of irreversibility, i.e. the task of selecting another sequence that had the required value of the hash function must be computationally unsolvable;

* probability of collision, i.e. the probability of an event in which the values of the hash function of two different sequences are the same must be negligible.

In addition, the hash function must belong to the universal set of hash functions. The universal set of hash functions is defined as follows. Let n and r be two positive integers, with n>r. The set of functions G2 mapping the set of binary sequences of length n into the set of binary sequences of length r is called universal if for any different sequences x ₁ and x ₂ from the set of binary sequences of length n the probability (collision) that the value of the hashing function from x ₁ is equal to the value of the function hashing from x ₂ (g(x ₁ )=g(x ₂ )), does not exceed 2 ^-r if the hashing function g is chosen randomly, in accordance with the equiprobable distribution, from G2, as described, for example, in the book Carter J. , Wegman M., "Universal classes of hash functions", Journal of Computer and System Sciences, 1979, Vol. 18, pp. 143-154, p. 145. All linear functions that map a set of binary sequences of length n into a set of binary sequences of length r belong to the universal set, as described, for example, in the book Carter J., Wegman M, "Universal classes of hash functions" , Journal of Computer and System Sciences, 1979, Vol.18, pp.143-154, p. the second DP (the number of hashing functions for sequences belonging to the universal set G2 is large and equals 2 ^T(LU) , and each hashing function for sequences requires T(LU) memory cells for storage) is difficult to implement and impractical. Therefore, a random equiprobable choice of a hashing function for sequences from a universal set G2 of hashing functions for sequences on the side of the first correspondent of the SS consists in generating randomly the elements of a binary matrix of dimension (LU)T, which describes a randomly selected hashing function for sequences from G2. After the formation of the CLSD by the SS correspondents by hashing the IP, the first and the second DP according to the hashing sequences randomly selected from G2, the amount of Shannon information received by the offender about the CLSD formed by the SS correspondents using the proposed method is no more than

where I _R is Renyi information. The Renyi information is determined through the Renyi entropy per symbol in the interception channel (CP) with the probability of error per binary symbol p _and , which characterizes the intruder's uncertainty about the CSD, if the intruder knows the information obtained through interception, full information about the algorithm of interaction of legitimate SS correspondents and the formation process key, as described, for example, in the book Bennett C., Brassard G., Crepeau C., Maurer U. "Generalized privacy amplification", IEEE Trans, on IT. vol. 41 no. 6. pp.1915-1923, 1995, p. 1919. The Rényi entropy is

Then the Renyi information I _R obtained by the intruder during the observation

sequences of length (L-U) symbols at the output of the interception channel, is determined by the expression

In the proposed method, when eliminating mismatches (errors) of the first and second DRI, respectively, of the first and third correspondents of the SS relative to the IP of the second correspondent of the SS, when the block of test symbols of the encoded IP is transmitted from the second correspondent to the first and third correspondents, respectively, via the first reverse and third direct communication channels without errors of length Y(NK) of binary symbols, the adversary receives additional Renyi information about CLSD. The additional Renyi information I _Rcode obtained by the attacker by encoding the IP is I _Rcode =Y(NK), as proved, for example, in Lemma 5 of Maurer U. "Linking Information Reconciliation and Privacy Amplification", J. Cryptology, 1997, no. 10, pp.97-110, p. 105. Then the total amount of Renyi information coming to the offender is

In this case (3.1), takes the form:

The amount of Shannon's information received by the intruder about the CLSD generated by the SS correspondents using the proposed method, when using the "enhancement of secrecy" method, is greater than the limit Io (defined in (3.5)) with a low failure probability Pε. When correspondents use a code with repetitions, the Renyi entropy and the probability Pε are determined by more complex relations described, for example, in the journal Information Security Problems. Computer Systems", St. Petersburg, Petrovsky Fund, No. 1, 2000, p. 18 in the article by V. Korzhik, V. Yakovlev, A. Sinyuk, "Protocol for generating a key in a noisy channel", and the Renyi entropy does not depend on the chosen a violator of the rule for processing intercepted messages.

Let us determine the procedure for estimating the Renyi information and the probability Pε, taking into account the peculiarities of the formation of the CLSD for the SS by the proposed method. Let's consider all the procedures of the proposed method related to the transmission of information via communication channels with errors, which include: generating and transmitting the IP of the second SS correspondent to the second and third SS correspondents. To do this, each of the symbols of the original binary sequence, randomly generated on the side of the second SS correspondent (each binary symbol I11 is randomly generated in order to provide the possibility of forming a CSD for three SS correspondents and increasing the stability of its formation), is repeated M times and a code word (CS) is formed. ). Then a noisy code word (ZKS) is formed by bitwise summation modulo two of the code word and the received noisy block of binary symbols (ZBDS) of the second correspondent of the communication network (KSN). The received SSDN of the second SSN was previously received at the output of the first communication channel with errors, provided that the first SSN applied its randomly generated SSDS to its input. communication channel without errors, respectively. The first and third correspondents simultaneously form their received words by bit-by-bit summation modulo two of the ZKS and ZBDS of the first KSS, and on the side of the third KSS by summing the ZKS and the received ZBDS of the third KSS. The first and third correspondents accept each of the received words if all its symbols are "1" or "0" and make a decision about the information symbol corresponding to the received word. Otherwise, the CSSs erase these codewords and received words, as well as the generated and received symbols. Why, in order to coordinate the actions of the CCC, the first and third correspondents simultaneously transmit a decision on the accepted (erased) code words via communication channels without errors to other correspondents of the network. SS correspondents simultaneously store in the original and preliminary sequences characters that have not been erased. The intruder can also remove characters that have been erased by SS correspondents. However, the symbols stored by the intruder (i.e., those stored by the CCs at the same time) are not sufficiently reliable, because the errors occurring in the communication channels of the CCs and the errors occurring in the interception channel are independent.

The assessment of Renyi information is made taking into account the results of estimates of the probabilities of errors (mismatches) in the first PRP of the first SS correspondent and the second PRP of the third SS correspondent relative to the first IP of the second SS correspondent, given in Appendix 1.

We rewrite expression (1.3) taking into account (1.4), putting the common factors out of brackets, and we get:

Consider the situation of the offender, when he observes a noisy sequence of blocks with a length of (M + 1) binary symbols. Denote by ⎢z⎢ the Hamming weight (Hamming weight of a block of binary symbols - the number of non-zero bits in a block of binary symbols) of a block z of length (M+1) of binary symbols received by the offender. It is easy to show that the joint probability of the event ⎢z⎢=d and the event that this block is accepted by the first and third correspondents, provided that the second correspondent generates the binary symbol “0” is equal to

where γ _ijk is the joint probability of events in which the corresponding binary symbol x=0 from the composition of the CS formed by the second correspondent of the SS after removing the noise is accepted by the first correspondent of the SS, as i, moreover, i∈{0,1}, and by the third correspondent of the SS, as j , moreover, j∈{0,1}, and the intruder as k, moreover, k∈{0,1}, where:

Similarly, for the case when x=1 we define:

where

Replacing (3.8) in (3.7), taking into account (3.6), after taking the common factors out of brackets and performing abbreviations, we obtain the probability of the intruder receiving the word z with the Hamming weight |z|=d, provided that the connection of the first communication channel with errors and the interception channel, the symbol x = 0 arrived and the first and third SS correspondents received the word:

Similarly, as for (3.11), we obtain the probability of the intruder receiving the word r with the Hamming weight ⎢z⎢=d, provided that the input of the composite CP channel, which includes the serial connection of the first communication channel with errors and the interception channel, received the symbol x=1 and the first and third SS correspondents accepted the code word:

Using the Bayes theorem (as described, for example, in the book Feller V., "Introduction to the theory of probability and its applications", M., Mir, 1967, 498 pp. ] and taking into account the uniform distribution law of the probability distribution of the formation of binary symbols IP of the second correspondent of the SS and independence of errors in the first and second communication channels with errors and the interception channel, we obtain the following probabilities:

- probability of reception by the intruder of any block z of the Hamming weight ⎢z⎢=d

- the probability of the formation of the symbol x=0 by the second correspondent of the SS, under the joint fulfillment of the conditions that the offender received the block ⎢z⎢=d, and the first and third correspondents of the SS received a code word of length (M+1)

- the probability of the formation of the symbol x=1 by the second correspondent of the SS, provided that the offender received the block ⎢z⎢=d, and the first and third correspondents of the SS received a code word of length (M+1)

Relative knowledge by the intruder of the IP of the second CSS of length (LU) is represented by his knowledge of the Hamming weights d _l ,d ₂ ,…d _(LU) of the corresponding code blocks with repetitions of length (M + 1) of symbols obtained at the output of the composite communication channel including the serial connection of the first channel communication with errors and interception channel. For the MRP of the intruder, the Rényi entropy R is equal to

, где

). Используя границу Чернова [как описано, например, в книге Коржик В.И., Финк Л.М., Щелкунов К.Н. "Расчет помехоустойчивости систем передачи дискретных сообщений" - М: Радио и связь, 1981. - 231 с. ], Рε определяется из выраженияThe weights d ₁ ,d ₂ ,…,d _(LU) are random variables and the Rényi entropy obtained by the attacker is also a random variable. Probability Pε is the probability that the sum of random Renyi entropy values observed by the offender of IP symbols will be less than the value (R ₀ - ε)(L - U), where R ₀ is the average Renyi entropy per received repetition block of length (M + 1) by the output of the composite communication channel, including the first communication channel with errors and the interception channel connected in series, with a small value that determines the value of Рε (

, where

). Using the Chernov boundary [as described, for example, in the book Korzhik V.I., Fink L.M., Shchelkunov K.N. "Calculation of noise immunity of systems for transmitting discrete messages" - M: Radio and communication, 1981. - 231 p. ], Рε is determined from the expression

- энтропия Реньи (см. выражение (3.2)) на принятый после снятия зашумления нарушителем блок кода с повторениями длиной (М+1) с весом Хемминга на выходе составного канала связи включающего последовательно соединенные первый канат связи с ошибками и канал перехвата; d; P(d) - определяемая из выражения (3.13) вероятность приема нарушителем на выходе составного канала связи, включающего последовательно соединенные первый канал связи с ошибками и канал перехвата, блока кода с повторениями длиной (М+1) и весом Хемминга d; R₀ определяется из выраженияwhere

- Renyi entropy (see expression (3.2)) on the code block with repetitions of length (M + 1) received after removing the noise by the intruder with the Hamming weight at the output of the composite communication channel, which includes the first communication cable with errors connected in series and the interception channel; d; P(d) - determined from expression (3.13) the probability of receiving by the intruder at the output of the composite communication channel, including the first communication channel with errors and the interception channel connected in series, a code block with repetitions of length (M + 1) and Hamming weight d; R ₀ is determined from the expression

The optimal parameter σ can be found from the solution of the equation

Then the Renyi information I _R in expression (3.3) when used by SS correspondents to transmit code information with repetitions in the proposed method, can be determined from the expression:

Appendix 4

Calculation of information of the intruder about the generated encryption/decryption key for the communication network

The possibility of increasing the resistance to compromise with respect to the intruder of the generated CLSD is determined by the choice of the SS correspondents of the IP of the second SS correspondent as its information basis and the formation of the encoded IP on the side of the second CSS. Such a choice determines the knowledge (information) of the intruder about the IP through a composite communication channel, including a serial connection of the first communication cable with errors from the first SS correspondent to the second SS correspondent and the intruder's interception channel with errors from the first SS correspondent to the intruder. The knowledge (information) of the intruder about the IP in the prototype method is determined only through the interception channel with errors from the first correspondent of the SS to the intruder, the quality of which is much higher than the quality of the composite channel in the proposed method. This circumstance provides an increase in resistance to compromise in relation to the intruder formed KSD by the proposed method in comparison with the prototype method.

Under the conditions of minimizing the information of the intruder about the generated CLSD, and taking into account the peculiarities of its formation through open communication channels with errors, it is advisable for the SS to present a number of requirements to the CLSD.

.The requirements for the reliability of the formation of CLSD are determined by the probability of discrepancy between the CLSD generated by the correspondents of the SS -

.

Requirements for the safety of the formation of CLSD are determined by:

a) the required (minimum allowable) length of the generated CLSD - T ^Tr [binary characters];

[бит];b) the required (maximum allowable) amount of Shannon information received by the offender about the generated CLSD

[bit];

вероятностью риска, что информация Шеннона о сформированном КлШД превысит

.in)

the probability of risk that Shannon's information about the formed CLSD will exceed

.

The task of minimizing the information of the intruder about the generated CLSD for the SS is reduced to selecting the parameters of the process of forming the CLSD for the SS in such a way that, under the conditions of fulfilling the requirements for reliability and safety, form the CLSD with a minimum amount of information about the generated CLSD.

Requirements for CLSD for SS can be written in the form

where Р _carried - the probability of non-coincidence of the SS CLSD formed by the correspondents, which is equal to

where P _E1 is determined from expression (2.1), P _E2 is determined from expression (2.3) of Appendix 2, I _o is defined in (3.5), and P _ε is defined in (3.17) of Appendix 3.

To compare the amount of information about the generated CLSD of the proposed method and the prototype method, we set the requirements for CLSD for the SS:

Let us define the general input data for FIG. one:

1. The quality of the first communication channel with errors - p _m1 =3.23⋅10 ^-2 ;

2. The quality of the second communication channel with errors - р _m2 =8⋅10 ^-3 ;

3. The quality of the interception channel of the intruder - p _w =3⋅10 ^-2 .

Conducting a full-fledged comparison of the prototype method and the proposed method for assessing the amount of information about the generated CLSD SS involves the use of the same parameters: L [dv.s], [dv.s], U [dv.s.], N [dv.s.] , K [eng.s], U [number].

We present the results of calculating the same parameters and evaluating the fulfillment of the requirements for the conditions for the formation of CLSD for SS using the proposed method for generating CLSD for SS and the method of the prototype.

Parameters:

L=43738 [dv.s.];

M+1=3 [eng.s];

U=5054 [dv.s.];

N=2047 [d.s.];

K=2036 [dv.s.];

Y=19.

Evaluation of the fulfillment of the requirements of the proposed method:

T=64 [eng.s.];

P _carried =9.97⋅10 ^-2 ;

P _ε =3.48⋅10 ^-4 , ε=4.88⋅10 ^-4 [bit].

Estimation of the amount of information about the generated CLSD of the proposed method:

I ₀ =8.96⋅10 ^-3 [bit].

Evaluation of the requirements of the prototype method:

T1=64 [eng.c.];

P _carried =5.1⋅10 ^-2 ;

P _ε 1=6⋅10 ^-4 , ε1=4.78⋅10 ^-4 [bit].

Estimation of the amount of information of the offender about the generated CLSD for the prototype method:

I ₀ 1=9.93⋅10 ^-2 [bit].

Т^Тр=64[дв.с],

исходных данных: p_m1=3,23⋅10^-2; p_m2=8⋅10^-3; p_и=3⋅10^-2 и параметрах: L=43738 [дв.с.]; (М+1)=3 [дв.с.]; U=5054 [дв.с.]; N=2047 [дв.с.]; K=2036 [дв.с.]; Y=19 показывает, что I₀ меньше I₀1 в абсолютном сравнении на величину 9,032⋅10^-2 [бит] и в 1 1,08318 раз при относительном сравнении. Это подтверждает факт повышения стойкости по отношению к нарушителю сформированного КлШД для СС к компрометации для предлагаемого способа по сравнению со способом-прототипом.Comparison of the calculated values of the amount of information about the generated CLSD SS of the proposed method - I ₀ and for the prototype method - I ₀ 1 with the same requirements:

T ^Tr \u003d 64 [dv.s],

initial data: p _m1 =3.23⋅10 ^-2 ; p _m2 =8⋅10 ^-3 ; p _and =3⋅10 ^-2 and parameters: L=43738 [dv.s.]; (M+1)=3 [dv.s.]; U=5054 [dv.s.]; N=2047 [d.s.]; K=2036 [dv.s.]; Y=19 indicates that I ₀ is less than I ₀ 1 in absolute comparison by 9.032⋅10 ^-2 [bits] and by 1.08318 times in relative comparison. This confirms the fact of increasing the resistance against the intruder formed KSD for SS to compromise for the proposed method compared with the prototype method.

Claims (11)

1. A method for generating an encryption/decryption key, which consists in generating a random binary symbol, generating a code word, generating a received binary symbol, generating a binary confirmation symbol, transmitting a binary confirmation symbol, generating an initial and a first pre-sequence, forming a second pre-sequence on side of the third correspondent of the communication network, encode the original sequence, extract a block of check symbols from the encoded original sequence, transmit the block of check symbols over communication channels without errors, form and store the first and second decoded sequences, form the hashing function on the side of the first correspondent, simultaneously transmit the hashing function sequences over the first direct and second direct communication channels without errors, respectively, to the second and third correspondents of the communication network, after which the encryption / decryption key is formed from the original, first and the second decoded sequences, characterized in that for the formation of the original sequence L times, where L>10 ⁴ is the selected primary length of the original sequence, on the side of the first correspondent of the communication network, a noisy block of binary symbols is formed, and each p-th binary symbol of the noisy block of binary symbols , where p=1, 2, 3, ..., (M+1), randomly generated, where M≥1, it is simultaneously transmitted over the first and second communication channels with errors to the second and third correspondents of the communication network, respectively, after which the noisy a block of binary symbols is simultaneously received on the side of the second correspondent of the communication network as a received noisy block of binary symbols of the second correspondent of the communication network, and on the side of the third correspondent of the communication network as a received noise block of binary symbols of the third correspondent of the communication network, then on the side of the second correspondent of the communication network generate random binary character, formed from n its code word, after which a noisy code word is formed by bitwise summation modulo two of the received noisy block of binary symbols of the second correspondent of the communication network and the generated code word, then the noisy code word is simultaneously transmitted over the first reverse and third direct communication channels without errors to the side of the first and of the third correspondent of the communication network, respectively, then, on the side of the first correspondent of the communication network, the received word of the first correspondent of the communication network is formed by bitwise summation modulo two of the noisy block of binary symbols and the noisy code word, and at the same time, on the side of the third correspondent of the communication network, the received word of the third correspondent of the network is formed communication by bitwise summation modulo two of the received noisy block of binary symbols of the third correspondent of the communication network and the noisy code word, then on the side of the first correspondent of the communication network from the received word of the first about the correspondent of the communication network, the received binary symbol of the first correspondent of the communication network and the binary confirmation symbol F are formed, and at the same time, on the side of the third correspondent of the communication network, the received binary symbol of the third correspondent of the communication network and the binary confirmation symbol F1 are formed from the received word of the third correspondent of the communication network, and then simultaneously the binary confirmation symbol F formed by the first correspondent of the communication network is transmitted over the first direct and second direct communication channels without errors, respectively, to the second and third correspondents of the communication network, and the binary confirmation symbol F1 formed by the third correspondent of the communication network is simultaneously transmitted over the second reverse and third reverse channels without errors to the first and the second correspondent of the communication network, respectively, if at least one of the received binary confirmation symbols is equal to zero, the generated random binary symbol of the second correspondent of the communication network and the received two the literal symbols of the first and third correspondents of the communication network are erased, otherwise, the generated random binary symbol of the second correspondent of the communication network, the received binary symbol of the first correspondent of the communication network, the received binary symbol of the third correspondent of the communication network, respectively, are stored as i-th binary symbols, where i= 1, 2, 3, ..., (LU), the initial sequence of the second correspondent of the communication network, the first preliminary sequence of the first correspondent of the communication network and the second preliminary sequence of the third correspondent of the communication network, respectively, where U is the number of erased binary symbols during the formation of the initial sequence and preliminary sequences, then on the side of the second correspondent of the communication network, the initial sequence is encoded, a block of test symbols is extracted from the encoded initial sequence, it is simultaneously transmitted over the first reverse and third direct communication channels without errors to the first and the third correspondents of the communication network, respectively, then simultaneously form the first decoded sequence on the side of the first correspondent of the communication network, and the second decoded sequence on the side of the third correspondent of the communication network. 2. The method according to claim 1, characterized in that the generated random binary symbol is repeated M times, where M≥1, to generate a code word. 3. The method according to claim 1, characterized in that the received binary symbol is assigned the value of the first binary symbol of the received word. 4. The method according to claim 1, characterized in that for the independent and simultaneous formation of a binary confirmation symbol F of the first correspondent of the communication network or a binary confirmation symbol F1 of the third correspondent of the communication network, respectively, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received words, where M≥1 is the number of repetitions of the generated random binary symbol in the formation of the code word, after which, if there are M matches of the first binary symbol of the received word with the subsequent M binary symbols of the received word, the binary confirmation symbol F of the first correspondent or the binary confirmation symbol F1 of the third correspondent is assigned the value is one, and if there is at least one mismatch between the first binary symbol of the received word and the subsequent M binary symbols of the received word, the binary confirmation symbol F of the first correspondent or the binary confirmation symbol F1 of the third correspondent ondenta are assigned the value zero. 5. The method according to claim 1, characterized in that the original sequence is encoded with a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the generating matrix of which has the dimension K×N, moreover, N>K, for which the original sequence is first divided into Y subblocks of length K binary symbols, where Y=(LU)/K, then sequentially, starting from the first to the Y-th of each j-th subblock, where j=1, 2, 3, Y, the j-th code block of length N binary symbols is formed by multiplying the j-th subblock by the generating matrix, then the j-th subblock of check symbols of length (NK) of binary symbols is extracted from the j-th code block, which is stored as j-th subblock of the block of check symbols of the encoded initial sequence. 6. The method according to claim 5, characterized in that the sizes K and N of the generator matrix of the linear block systematic binary noise-correcting (N, K) code are chosen to be K=2 ^m -1-m and N=2 ^m -1, where m≥3 . 7. The method according to claim 1, characterized in that for the formation of the first and second decoded sequences, the first and second preliminary sequences of the first and third correspondents of the communication network, respectively, are independently and simultaneously decoded by a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the transposed check matrix of which has the dimension N×(NK), and N>K, for which the corresponding preliminary sequences and blocks of check symbols of the encoded source sequence are divided into Y corresponding pairs of decoded subblocks and subblocks of parity symbols, where Y=(LU)/K, and the lengths of decoded subblocks and subblocks of parity symbols are chosen equal to K and (NK) binary symbols, respectively, then Y received code blocks of length N binary symbols are formed by right concatenation to the j-th decoded subblock of j-th subblock n check symbols, where j=1, 2, 3, Y, then sequentially, starting from the 1st to the Kth, the j-th syndrome of length (NK) of binary symbols is calculated by multiplying the j-th received code block by the transposed check matrix, and according to the obtained j-th syndrome, errors are corrected in the j-th decoded sub-block, which is then stored as the j-th sub-block of the decoded sequences. 8. The method according to claim 7, characterized in that the sizes K and N of the check matrix of the linear block systematic binary noise-correcting (N, K) code K=2 ^m -1-m and N=2 ^m -1 are selected, where m≥3 . 9. The method according to claim 1, characterized in that the hash function of sequences on the side of the first correspondent of the communication network is formed in the form of a binary matrix G of dimension (LU)×T, where T≥64 is the length of the generated encryption/decryption key, and each of the elements binary matrix G is randomly generated. 10. The method according to any one of paragraphs. 1, 9, characterized in that the sequence hash function is transmitted sequentially, starting from the first to the (L-U)-th row of the binary matrix G. 11. The method according to any one of paragraphs. 1, 9, 10, characterized in that, with the simultaneous formation of the encryption/decryption key, the preliminary binary matrix G and the initial sequence of the second correspondent of the communication network, the binary matrix G and the first decoded sequence of the first correspondent of the communication network, the binary matrix G and the second decoded sequence of the third correspondent of the network links are divided into W corresponding pairs of submatrices of dimension P×T, where P=(LU)/W, where T≥64 is the length of the generated encryption/decryption key, and, accordingly, subblocks of the original sequence, the first decoded sequence and the second decoded sequence of length P binary symbols respectively, then simultaneously starting from the first to the W-th, the z-th primary key of length T binary symbols is calculated, where z=1, 2, 3, ..., W, by multiplying the z-th subblock of the initial sequence of the second correspondent of the communication network by z- th submatrix G _z , the zth subblock of the first decoded sequence of the first the z-th correspondent of the communication network to the z-th submatrix G _z , the z-th subblock of the second decoded sequence of the third correspondent of the communication network to the z-th submatrix G _z , after which the encryption/decryption key is simultaneously formed by bitwise summation modulo two of all W primary keys on sides of all correspondents of the communication network.

Images