RU2796051C1 - Method for forming encryption/decryption keys - Google Patents

Abstract

FIELD: cryptography.

SUBSTANCE: method for generating encryption/decryption keys, which provides for the simultaneous formation of a network and two pair keys for a communication network consisting of three correspondents, includes the formation of the original and correlated sequences on the side of the first correspondent, as well as preliminary, basic, decoded and corrected sequences on the sides of the second and third correspondents of the communication network, encoding the original and basic sequences, extracting blocks of test symbols from them and simultaneously transmitting these blocks over communication channels without errors, forming decoded sequences on the sides of the second and third correspondents and corrected sequences on the side of the first correspondent; compressible basic sequences are formed on the side of the first correspondent and compressible corrected sequences on the sides of the second and third correspondents, a hashing function of sequences is formed on the side of the first correspondent, it is transmitted over direct communication channels without errors, and simultaneously a network and two pair keys are formed on the sides of all correspondents by hashing the original, decoded, compressible basic and compressible corrected sequences according to the generated sequence hashing function.

EFFECT: providing the possibility of generating encryption/decryption keys, providing, in addition to the network secure information exchange between correspondents of the communication network, a paired secure information exchange

10 cl, 58 dwg

Description

The invention relates to the field of cryptography, namely to the formation of an encryption/decryption key (CLSD) and can be used as a separate element in the construction of symmetric cryptographic systems designed to transmit encrypted voice, sound, television and other messages.

The proposed method for the formation of CLSD can be used in cryptographic systems in the absence or loss of cryptographic connectivity ^{1 1} KLShD.) between correspondents of a communication network (CC), which includes three correspondents, or the establishment of cryptographic connectivity between new correspondents of the CC (CCC) in the conditions of the intruder intercepting information transmitted over open communication channels, as well as the exchange of messages in case of compromise of the network key or the need to exchange messages with one of the CSSs without access to them by other CSSs. The term "communication network" means a set of nodes and lines connecting them, and for any two different nodes there is at least one path connecting them, as described, for example, in the book D. Phillips, A. Garcia-Díaz, "Methods of Analysis networks”, M.: Mir, 1984, p. 16.

There is a known method for the formation of KLShD, described in the book by W. Diffie "The first ten years of public key cryptography", TIER, vol. 76, No. 5, p. 57-58. The known method consists in the preliminary distribution between the parties of the direction of communication (SNS) numbers α and β, where α is a prime number and 1 ≤ β ≤ (α-1). The term "communication direction" means a set of transmission lines and communication nodes that provide communication between two points of the network, as described, for example, in the National Standard of the Russian Federation, GOST R 53111-2008, "Stability of the public communication network", Moscow: Standartinform, 2009, p. 7. The transmitting side of the communication direction (PRSNS) and the receiving side NS (PRSNS), independently of each other, select random corresponding numbers X _A and X _B , which are kept secret and then generate numbers based on X _A , α and β on PRNS and X _B , α and β on PRNS. SNAs exchange received figures over communication channels without errors. After receiving the numbers of correspondents, the parties convert the received numbers using their secret numbers into a single CLSD. The method makes it possible to encrypt information during each communication session on new CLSD (i.e., eliminates the storage of key information on media) and relatively quickly generate CLSD using one unsecured communication channel.

However, the known method has a relatively low resistance of CLSD to compromise ² , ² (Resistance of CLSD to compromise - the ability of a cryptographic system to resist attempts by an intruder to obtain CLSD, which is generated and used by legitimate participants in the exchange of information, when the offender uses information about CLSD obtained as a result of interception, theft , loss, disclosure, analysis, etc.) the duration of the CLSD is limited to the duration of one communication session or its part, the incorrect distribution of the numbers α and β leads to the impossibility of forming the CLSD.

There is also known a method for generating CLSD using a quantum communication channel [US Patent No. 5515438 H04L 9/00 dated 05/07/96], which allows you to automatically generate CLSD without additional measures for distribution (delivery) of the preliminary sequence. The known method is to use the uncertainty principle of quantum physics and generates QSD by transmitting photons through a quantum channel. The method ensures the production of CLSD with high resistance to compromise, provides guaranteed control of the presence and degree of interception of CLSD.

However, the implementation of the known method requires high-precision equipment, which leads to a high cost of its implementation. In addition, CLSD according to this method can be formed using fiber-optic communication lines of limited length, which significantly limits the scope of its application in practice.

There is also known a method for the formation of CLSD on the basis of information differences [RF Patent No. 2180770 dated 03/20/2002].

This method includes the formation of the initial sequence (IP) on the PRNS, the coding of the SI, the extraction of a block of check symbols from the encoded SI, its transmission over the reverse communication channel without errors to the PRNS, the formation of a decoded sequence (DS) on the PRNS, the formation of a hashing function of the sequences on the PRNS, transmitting it over a direct communication channel without errors to the PRNS and generating encryption/decryption keys to the PRNS and to the RPNS by hashing the IP and DP according to the sequence hashing function generated on the RPNS.

The disadvantage of this method is the relatively large time spent on the formation of the CLSD for the SS of three correspondents, since it is necessary to sequentially generate the CLSD using the method for each pair of SS correspondents, including the first SS, then select one of the generated CLSD as the CLSD for the SS and ensure its receipt by all SS correspondents.

The closest in technical essence to the claimed method of forming CLSD is the method of forming CLSD [RF Patent No. 2480923 dated 27.04.2013].

The prototype method includes generating a random binary symbol on the side of the first CSS, generating a code word from the random binary symbol, transmitting the code word from the first CSS to the second and third CSS, independently and simultaneously generating the received binary symbol on the sides of the second and third CSS, generating a binary confirmation symbol on the sides of the second and third CSS, simultaneous transmission of a binary confirmation symbol from the second CSS to the first and third CSS, simultaneous transmission of a binary confirmation symbol from the third CSS to the first and second CSS, formation of IP by the first CSS, the first pre-sequence (PRS) on the side of the second CSS and the second pre-sequence (PRS) on the side of the third CSS, IP encoding, selection of the block of test symbols from the coded IP, its transmission from the first CSS to the second and third CSS, the formation and storage of the first decoded sequence (DP1) on the side of the second CSS and the second decoded sequence (DP2 ) on the side of the third CSS, the formation of a hashing function on the side of the first CSS, the transfer of the hashing function from the first CSS to the second and third CSS, after which the formation of the encryption / decryption key from IP, DP1 and DP2 on the sides of the first, second and third CSS, respectively.

The formation of the IP by the first CSS consists in generating L times, where L > 10 ³ is the selected primary length of the IP, a random binary symbol, forming a code word from it by repeating the generated random binary symbol M times, where M≥1, and transmitting the code word through the channels connection with errors to the second and third CSS, simultaneous formation of the received binary symbol and binary confirmation symbol from the received word on the sides of the second and third CSS, simultaneous transmission of the binary confirmation symbol F1 from the second CSS to the first reverse channel without errors and the third CSS on the third forward channel without errors, simultaneous transmission of a binary confirmation symbol F2 from the third CSS to the first CSS via the second reverse channel without errors and the second CSS via the third reverse channel without errors, and if at least one of the binary confirmation symbols F1 and F2 is equal to zero, the corresponding CSSs erase the generated random binary symbol and received binary symbols, and with the simultaneous equality of the binary confirmation symbols F1 and F2 to one, the generated random binary symbol and the received binary symbols by the first, second and third CSS are stored as ix elements of IP, PrP1 and PrP2, on the sides of the first, second and the third CSS, respectively, where i = 1, 2, 3, ..., (LU), where U is the number of erased symbols in the formation of the initial and preliminary sequences.

IP encoding is carried out by a linear block systematic binary error-correcting (N, K) code, the generating matrix of which has the dimension K×N, and N>K. The sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen to be K=2 ^m -1-m and N=2 ^m -1, where m≥3. To do this, the IP is preliminarily divided into Y subblocks with a length of K binary symbols, where Y=(LU)/K, then, sequentially, starting from the 1st to the Yth of each jth subblock, where j = 1, 2, 3, ..., Y, the j-th code block of length N binary symbols is formed by multiplying the j-th subblock by the generator matrix, then the j-th subblock of check symbols of length (NK) of binary symbols is extracted from the j-th code block, which is stored as j-th subblock of the block of check symbols of the encoded IP.

The selection of the IP check symbol block consists in splitting the encoded IP into IP and the block of check symbols of the encoded IP and isolating the latter.

Transmission of the block of parity coded IP consists in its transmission from the first CSS through the first direct communication channel without errors to the second CSS and through the second direct communication channel without errors to the third CSS.

The formation of DP1 by the second CSS and DP2 by the third CSS is carried out as follows, simultaneously, Pr1 of the second CSS and Pr2 of the third CSS are decoded by a linear block systematic binary error-correcting (N, K) code, the transposed check matrix of which has the dimension N×(NK), and N>K . The sizes K and N of the check matrix of the linear block systematic binary error-correcting (N, K) code choose K=2 ^m -1-m and N=2 ^m -1, where m≥3. To do this, the corresponding pre-sequence on the sides of the second CSS and the third CSS and the block of parity symbols of the encoded IP are divided into Y corresponding pairs of decoded sub-blocks and sub-blocks of parity symbols, where Y=(LU)/K, and the lengths of the decoded sub-blocks and sub-blocks of parity symbols are chosen to be equal, respectively K and (NK) binary symbols, then form Y received code blocks of length N binary symbols by right concatenation to the j-th decodable sub-block of the j-th sub-block of parity symbols, where j = 1, 2, 3, ..., Y, and then sequentially , starting from the 1st to the Yth, the jth syndrome S of length (NK) of binary symbols is calculated by multiplying the jth received code block by the transposed check matrix, and using the received jth syndrome S, errors are corrected in the jth decoded subblock, which is then stored as the corresponding jth subblock of the decoded sequence.

The formation of the hashing function of the sequences by the first CSS consists in the formation of a binary matrix G of dimension (L-U)×T, where T≥64 is the length of the generated CLSD, and each of the elements of the binary matrix G is randomly generated.

The transmission of the sequence hashing function consists in serial transmission, starting from the 1st to (L-U) - th row of the binary matrix G, from the first CSS through the first direct communication channel without errors to the second CSS and through the second direct communication channel without errors to the third CSS.

The formation of CLSD by the first, second and third CSS consists in hashing the original and decoded sequences according to the hashing function of the sequences formed by the first CSS. To hash the sequences, first, on the side of the first CSS, the binary matrix G and IP, on the side of the second CSS, the binary matrix G and DP1, and on the side of the third CSS, the binary matrix G and DP2 are divided into W corresponding pairs of submatrices of dimension P×T, where P= (LU)/W, and subblocks of the original and decoded sequences of length P binary symbols, then starting from the 1st to the Wth, the z-th primary key of length T binary symbols is calculated, where z = 1, 2, 3, W, by multiplying the z-th IP sub-block by the z-th sub-matrix G _z on the side of the first CSS, the z-th sub-block DP1 by the z-th sub-matrix G _z on the side of the second CSS, the z-th sub-block DP2 by the z-th sub-matrix G _z on the side of the third KSS, after which a KSS is formed by bitwise summation modulo two of all W primary keys on the sides of the first, second and third KSS.

Prototype method allows you to form CLSD between the correspondents of the SS with a relatively small material costs with a large spatial separation of the correspondents.

The disadvantage of the prototype is the low overall cryptographic connectivity, determined by the low coefficient of cryptographic connectivity of the communication network ³ . ³ (Cryptoconnectivity coefficient of the communication network - the ratio of the number of existing cryptoconnections between the correspondents of the communication network to the possible number of cryptoconnections between the correspondents of the communication network, including network and paired cryptoconnectivity.) ) an intruder at any CCC and the need to form a new CLSD to restore cryptographic connectivity between CC correspondents, which requires significant time costs to resume secure information exchange

The purpose of the claimed technical solution is to develop a method for the formation of CLSD, which makes it possible to increase the overall cryptographic connectivity of the communication network and ensure, in the absence of CLSD compromises, in addition to the network secure information exchange between SS correspondents, a paired secure information exchange, in the event of a CLSD compromise, the continuation of secure information exchange and reducing the time spent on restoring the CLSD due to paired cryptoconnections, in the event of a compromise of the paired CLSD (PCLSD) - continuation of the pair and network information exchange between the SS correspondents, in the event of a compromise of the paired CLSD - continuation of the secure information exchange and, in the event of a compromise of the CLSD and PCLSD - continuation paired secure information exchange between SS correspondents.

This goal is achieved by the fact that in the proposed method for generating encryption/decryption keys, which consists in generating L times a random binary symbol on the side of the first CSS, where L≥10 ³ is the selected length of the initial random sequence, a code is formed from a random binary symbol. word, the code word is simultaneously transmitted from the first SSC to the second and third SSCs through the first and second communication channels with errors, respectively, after that, the received word of the second SSC is received at the output of the first communication channel with errors, and the received word is received at the output of the second communication channel with errors the third CSS, after which the received binary symbols and binary confirmation symbols are formed on the sides of the second CSS and the third CSS, respectively, then the binary confirmation symbol F1 generated by the second CSS is transmitted over the first reverse and third forward communication channels without errors to the first CSS and the third CSS, respectively, the binary confirmation symbol F2 generated by the third CSS is simultaneously transmitted over the second reverse and third reverse communication channels without errors to the first CSS and the second CSS, respectively, in the case of zero binary confirmation symbols F1 and F2, a random binary symbol of the first CSS and the received binary symbols of the second CSS and the third The CSS is erased, if the binary confirmation symbols F1 and F2 are equal to one, the random binary symbol of the first CSS, the received binary symbol of the second CSS, the received binary symbol of the third CSS, respectively, are stored as ix elements, where i = 1, 2, 3, ..., UU , initial and preliminary sequences, where UU is the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition of joint equality to one of the binary confirmation symbols F1 and F2 during the formation of the initial and preliminary sequences, and UU≤L, after which the IP is encoded on the side of the first CSS , extract a block of check symbols from the encoded IP and simultaneously transmit it over the first direct and second direct communication channels without errors to the second CSS and the third CSS, respectively, after that, DP1 and DP2 are simultaneously formed and stored on the sides of the second CSS and the third CSS, respectively, then , on the side of the first CSS, a sequence hashing function is formed and transmitted over the first direct and second direct communication channels without errors to the second CSS and the third CSS, respectively, after which the SCLSD is formed from the IP on the side of the first CSS and the corresponding DP1 of the second CSS and DP2 of the third CSS, Simultaneously and independently with the formation of the SCLSD, the first PKLSD (PKLSD1) of the second SSS and the first SSS and the second PKSHD (PKLSHD2) of the third SSS and the first SSS are formed, for this, after transmitting the binary confirmation symbols F1 and F2 over the communication channels without errors and, in the case of joint equality of the binary confirmation symbol F2 to zero and the binary confirmation symbol F1 to one, corresponding to the received binary symbol of the third CSS, erase and store the random binary symbol of the first CSS, the received binary symbol of the second CSS, respectively, as ii-x elements, where ii = 1, 2, 3 , …, Q1, the first secondary sequence (TS1) of the first SSC, the first primary sequence (SP1) of the second SSC, where Q1 is the number of transmitted symbols of the initial random sequence, each of which corresponds to the fulfillment of the condition of joint equality of the binary confirmation symbol F2 to zero and the binary confirmation symbol F1 to one, and Q1≤L, in the case of joint equality of the binary confirmation symbol F1 to zero and the binary confirmation symbol F2 to one, the corresponding received binary symbol of the second CSS is erased and the generated random binary symbol of the first CSS, the received binary symbol of the third CSS, respectively, are stored as iii -x elements, where iii = 1, 2, 3, ..., Q2, of the second secondary sequence (SP2) of the first CSS, the second primary sequence (PS2) of the third CSS, where Q2 is the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition joint equality of the binary confirmation symbol F1 to zero and the binary confirmation symbol F2 to one, with Q2≤L, after which, on the sides of the first CSS and the second CSS, the first correlated sequence (CS1) and the first basic sequence (BP1) of length Q11 of binary symbols are formed, respectively, moreover, Q11≤UU, simultaneously, on the sides of the first CSS and the third CSS, respectively, form the second correlated sequence (CS2) and the second basic sequence (BP2) with a length of Q21 binary symbols, and Q2≤UU, after which, on the side of the second CSS encode BS1 , extract a block of correction symbols from the encoded BS and transmit it over the first error-free reverse communication channel to the first CSS, simultaneously encode BP2 on the side of the third CSS, extract a block of correction symbols from the encoded BS2 and transmit it via the second error-free reverse communication channel to the first CSS, after of this, on the side of the first CCC, the first corrected sequence (CcP1) of length Q11 of binary symbols is formed and stored simultaneously from CP1 and the second corrected sequence (CcP2) of length Q21 of binary symbols is formed and stored from CP2, then the first and the second compressible corrected sequences (SSP1, SSP2), respectively, on the side of the second CSS, the first compressible basic sequence (SBS1) is formed from BP1, on the side of the third CSS, the second compressible basic sequence (SBS2) is formed from BS, and the length of each compressible sequence is equal to UU binary characters, after which, at the same time form PCLSD1 from SSP1 on the side of the first CSS and SBP1 on the side of the second CSS, PCLSD2 from SSP2 on the side of the first CSS and SBP2 on the side of the third CSS.

A code word is formed by repeating the generated random binary symbol M times, where M≥1, and the received binary symbol of any SS correspondent is assigned the value of the first binary symbol of the received word. For independent and simultaneous formation of a binary symbol

confirmation F1 of the second CSS or binary confirmation symbol F2 of the third CSS on the sides of the second CSS and the third CSS, respectively, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received word, after which, if there are M matches of the first binary symbol of the received word with M binary the received word symbols, the binary confirmation symbol F1 of the second CSS, or the binary confirmation symbol F2 of the third CSS, is assigned the value one, and, if there is at least one mismatch between the first binary symbol of the received word and M binary symbols of the received word, the binary confirmation symbol F1 of the second CSS, or the binary symbol acknowledgments F2 of the third CSS are set to zero. For simultaneous and independent formation of CP1 of the first CSS, BP1 of the second CSS, as well as CP2 of the first CSS and BP2 of the third CSS, the required length of the generated CP1 of the first CSS and BP1 of the second CSS equal to Q11 of binary symbols is compared with the length equal to Q1 of binary symbols VP1 on the side of the first CSS, PP1 on the side of the second CSS, then, if the condition Q1≥Q11 is met, each j-th symbol of CP1 on the side of the first CSS is assigned the value of the j-th symbol of VP1 and each j-th symbol of BP1 on the side of the second CSS is assigned the value of the j-th symbol of PP1, where j = 1, 2, 3, ..., Q11, otherwise, each j1-th symbol of CP1 on the side of the first CSS is assigned the value of the j1-th symbol of VP1 and each j1-th symbol of BP1 on the side of the second CSS is assigned the value of the j1-th symbol of PP1 , where j1 = 1, 2, 3, …, Q1, after which each jj-th symbol of CP1 on the side of the first CSS, where jj = Q1+1, Q1+2, Q1+3, …, Q11, is assigned the value q1- th symbol IP, where q1=1, 2, 3, ..., (Q11 - Q1), and each jj-th symbol BP1 on the side of the second CSS is assigned the value of the q1-th symbol PrP1, simultaneously, to form CP2 of the first CSS and BP2 of the third The CSS compares the required length of the generated CP2 of the first CSS and BP2 of the third CSS equal to Q21 of binary symbols with a length equal to Q2 of binary symbols VP2 on the side of the first CSS and PP2 on the side of the third CSS, then, if the condition Q2≥Q21 is met, each j2-th symbol of CS2 on the side of the first CSS is assigned the value of the j2-th symbol of VP2 and each j2-th symbol of BP2 on the side of the third CSS is assigned the value of the j2-th symbol of PP2, where j2 = 1, 2, 3, ..., Q21, otherwise, each j3-th symbol CP2 on the side of the first CSS is assigned the value of the j3-th symbol of VP2 and each j3-th symbol of BP2 on the side of the third CSS is assigned the value of the j3-th symbol of RP2, where j3=1, 2, 3, ..., Q2, after which each jj2-th the symbol KP2 on the side of the first CSS, where jj2=Q2+1, Q2+2, Q2+3, ..., Q21, is assigned the value of the q2-th symbol of the IP, where q2=UU, (UU-1), (UU-2) , ..., (UU-(Q21-Q2)+1), and each jj2-th symbol of BP2 on the side of the third CSS is assigned the value of the q2-th symbol of PrP2. To simultaneously generate a block of check symbols of an encoded IP, a block of correction symbols of an encoded BP1, a block of correction symbols of an encoded BP2, the initial sequence of the first CSS is encoded with a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block , the generator matrix of which has dimensions K×N, and N>K, while the sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen K=2 ^m -1-m and N=2 ^m -1 , where m≥3, for which the IP is first divided into Y subblocks of length K binary symbols, where Y=UU/K, then sequentially starting from the first to the Y-th of each q-th subblock, where q=1, 2, 3 , …, Y, form the q-th code block of length N binary symbols by multiplying the q-th subblock by the generating matrix, then the q-th subblock of check symbols of length (NK) of binary symbols is extracted from the q-th code block, which is stored as q of the th subblock of the block of check symbols of the encoded IP, simultaneously on the side of the second CSS, BP1 is encoded with a linear block systematic binary error-correcting (NN, KK) code, where KK is the length of the block of information symbols and NN is the length of the code block, the generating matrix of which has the dimension KK × NN , and NN>KK, while the sizes KK and NN of the generator matrix of the linear block systematic binary error-correcting (NN, KK) code are chosen KK=2 ^mm -1-mm and NN=2 ^mm -1, where mm≥3, for which purpose BP1 is divided into YY subblocks of length KK binary symbols, where YY=Q11/KK, then sequentially starting from the first to YY-th of each qq-th subblock, where qq=1, 2, 3, ..., YY, form the qq-th code block of length NN binary symbols by multiplying the qq-th subblock by the generator matrix, then the qq-th subblock of correction symbols of length (NN-KK) of binary symbols is extracted from the qq-th code block, which is stored as the qq-th subblock of the block of correction symbols of the encoded BP1, at the same time on the side of the third CSS, BP2 is encoded with a linear block systematic binary error-correcting (NNN, KKK) code, where KKK is the length of the block of information symbols and NNN is the length of the code block, the generator matrix of which has the dimension KKK × NNN, and NNN>KKK, with In this case, the sizes KKK and NNN of the generating matrix of the linear block systematic binary error-correcting (NNN, KKK) code are chosen KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm≥3, for which BP2 is previously divided into YYY subblocks of length KKK binary symbols, where YYY=Q21/KKK, then sequentially starting from the first to YYY-th of each qqq-th subblock, where qqq=1, 2, 3, ..., YYY, form the qqq-th code block of length NNN binary symbols by multiplying qqq-th subblock to the generating matrix, then from the qqq-th code block, the qqq-th subblock of correction symbols of the length (NNN-KKK) of binary symbols is extracted, which is stored as the qqq-th subblock of the block of correction symbols of the encoded BP2. For the simultaneous formation of the LH of the second CSS, DP2 of the third CSS, as well as SkP2 of the first CSS and SkP2 of the first CSS, PrP1 of the second CSS and PrP2 of the third CSS are simultaneously and independently decoded by a linear block systematic binary noise-immune (N, K) code, where K is the length of the information block symbols and N is the length of the code block, the transposed check matrix of which has the dimension N×(NK), and N>K, while choosing the sizes K and N of the check matrix of the linear block systematic binary error-correcting (N, K) code K=2 ^m - 1-m and N=2 ^m -1, where m≥3, for which the pre-sequences and blocks of check symbols of the encoded IP are divided into Y corresponding pairs of decoded subblocks and subblocks of check symbols, where Y=UU/K, and the lengths of the decoded subblocks and of parity subblocks are chosen equal to respectively K and (NK) binary symbols, then Y received code blocks of length N binary symbols are formed by right concatenation to the q-th decoded subblock of the q-th subblock of parity symbols, where q=1, 2, 3, ... , Y, then sequentially, starting from the 1st to the Yth, the qth syndrome D of the length (NK) of binary symbols is calculated by multiplying the qth received code block by the transposed check matrix, and using the obtained qth syndrome D, errors are corrected in the q-th decoded sub-block, which is then stored as the q-th sub-block of the decoded sequences, CKP1 is simultaneously and independently formed on the side of the first KCC, for which CP1 is decoded with a linear block systematic binary error-correcting (NN, KK) code, where KK is the block length information symbols and NN is the length of the code block, the transposed check matrix of which has the dimension NN×(NN-KK), and NN>KK, while choosing the sizes KK and NN of the check matrix of the linear block systematic binary error-correcting (NN, KK) code KK= 2 ^mm -1-mm and NN=2 ^mm -1, where mm≥3, for which CP1 and the block of correction symbols of the encoded BP1 are divided into YY corresponding pairs of corrected sub-blocks and sub-blocks of correction symbols, where YY=Q11/KK, and the lengths of the corrected subblocks and subblocks of correction symbols are chosen equal to KK and (NN-KK) binary symbols, respectively, then YY received code blocks of length NN binary symbols are formed by concatenation from the right to the qq-th corrected subblock of the qq-th subblock of correction symbols, where qq=1, 2 , 3, …, YY, then sequentially, starting from the 1st to YYth, the qq-th syndrome Da1 of length (NN-KK) of binary symbols is calculated by multiplying the qq-th received code block by the transposed check matrix, and by the received qq -th syndrome Da1, errors are corrected in the qq-th corrected subblock, which is then stored as the qq-th corrected subblock SkP1, at the same time, for independent formation of SkP2 on the side of the first CSS CP2, it is decoded with a linear block systematic binary error-correcting (NNN, KKK) code, where KKK - the length of the block of information symbols and NNN - the length of the code block, the transposed check matrix of which has the dimension NNN × (NNN-KKK), and NNN>KKK, while choosing the sizes KKK and NNN of the check matrix of the linear block systematic binary error-correcting (NNN, KKK) code KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm≥3, for which CP2 and the block of correction symbols of the encoded BP2 are divided into YYY of the corresponding pairs of corrected subblocks and subblocks of correction symbols, where YYY=Q21/KKK, moreover, the lengths of the corrected subblocks and subblocks of correction symbols are chosen to be equal to KKK and (NNN-KKK) binary symbols, respectively, then YYY received code blocks of length NNN binary symbols are formed by right concatenation to the qqq-th corrected sub-block of the qqq-th correction symbol sub-block, where qqq= 1, 2, 3, ..., YYY, then, sequentially, starting from the 1st to YYYth, the qqq -th syndrome Da2 of length (NNN-KKK) of binary symbols is calculated by multiplying the qqq -th received code block by the transposed check matrix, and according to the obtained qqq-th syndrome Da2, errors are corrected in the qqq-th corrected sub-block, which is then stored as the qqq-th corrected sub-block SkP2. For the simultaneous and independent formation of SSP1 of the first CSS, SBP1 of the second CSS, as well as SSP2 of the first CSS and SBP2 of the third CSS, the required length of the generated SSP1 of the first CSS and SBP1 of the second CSS is compared equal to UU of binary symbols with a length equal to Q11 of binary symbols SkP1 on the side of the first CSS and BP1 on the side of the second CSS, then, if the condition Q11=UU is met, each j-th symbol of the SSP1 on the side of the first CSS is assigned the value of the j-th symbol of the SPC1 and each j-th symbol of the SBP1 on the side of the second CSS is assigned the value of the j-th symbol of the BP1, where j = 1, 2, 3, ..., UU, otherwise, each jj-th symbol of the SSP1 on the side of the first CSS is assigned the value of the jj-th symbol of the SPC1 and each jj-th symbol of the SBP1 on the side of the second CSS is assigned the value of the jj-th symbol BP1, where jj = 1, 2, 3, ..., Q11, after which each i-th symbol of the SBP1 on the side of the first CSS is assigned the value zero and each i-th symbol of the SBP1 on the side of the second CSS is assigned the value zero, where i=Q11+ 1, Q11+2, UU, at the same time, for the formation of SSP2 of the first CSS and SBP2 of the third CSS, the required length of the generated sequences equal to UU of binary symbols is compared with the length equal to Q21 of binary symbols SPC2 on the side of the first CSS and BP2 on the side of the third CSS, then, in the case fulfillment of the condition Q21=UU, each j2-th symbol of SSP2 on the side of the first CSS is assigned the value of the j2-th symbol of SBS2 and each j2-th symbol of SBP2 on the side of the third CSS is assigned the value of the j2-th symbol of the second base sequence, where j2=1, 2, 3, ..., UU, otherwise, each jj2-th symbol of the SSP2 on the side of the first CSS is assigned the value of the jj2-th symbol of the SP2 and each jj2-th symbol of the SBP2 on the side of the third CSS is assigned the value of the jj2-th symbol of the BP2, where jj2=1, 2, 3, ..., Q21, after which each i2-th symbol of SBP2 on the side of the first CSS is assigned the value zero and each i2-th symbol of the SBP2 on the side of the third CSS is assigned the value zero, where i2=Q21+1, Q21+2, ... , UU. The hashing function of the sequences on the side of the first CSS is formed in the form of a binary matrix G of dimension UU×T, where T≥64 is the length of the generated network and paired encryption/decryption keys, and each of the elements of the binary matrix G is randomly generated. The sequence hashing function is transmitted sequentially, starting from the first to the UU-th row of the binary matrix G. For the simultaneous formation of SLSD, PKLSD1, PKLSD2, the pre-binary matrix G and IP of the first CSS, the binary matrix G and DP1 of the second CSS, the binary matrix G and DP2 of the third CSS are divided into W of the corresponding pairs of submatrices of dimension Р×Т, and P=UU/W, where Т≥64 is the length of the generated SCLSD, and, accordingly, subblocks IP, DP1 of the second CSS and DP2 of the third CSS with a length of P binary symbols, respectively, then simultaneously starting from the first on the W-th, calculate the z-th primary key of length T binary symbols, where z=1, 2, 3, ..., W, by multiplying the z-th subblock of the IP of the first CSS by the z-th submatrix G _z , the z-th subblock of the decoded the sequence of the second CSS to the z-th submatrix G _z , the z-th subblock of the decoded sequence of the third CSS to the z-th submatrix G _z , after which the SCLSD is simultaneously formed by bitwise summation modulo two W of primary keys on the sides of all correspondents of the communication network, simultaneously, to form PKLShD1, the preliminary binary matrix G and SSP1 of the first SSS, the binary matrix G and SBP1 of the second SSS are divided into W corresponding pairs of submatrices of dimension P×T, where P=UU/W, where T≥64 is the length of the generated PKLSD1, and, accordingly, subblocks SSP1, SBP1 with a length of P binary symbols, respectively, then, simultaneously, starting from the first to the W-th, calculate the zz-th primary key with a length of T binary symbols, where zz=1, 2, 3, ..., W, by multiplying the zz-th subblock SSP1 of the first CSS to the zz-th submatrix G _zz , zz-th subblock SBP1 of the second CSS to the zz-th submatrix G _zz , after which PCLSD1 is simultaneously formed by bitwise summation modulo two W of the primary keys on the sides of the first CSS and the second CSS, respectively , at the same time, for the formation of PklSD2, the preliminary binary matrix G and SSP2 of the first CSS, the binary matrix G and SBP2 of the third CSS are divided into W corresponding pairs of submatrices of dimension P×T, where P=UU/W, where T≥64 is the length of the generated PKlSD2, and , respectively, subblocks of SSP2, SBP2 with a length of P binary symbols, respectively, then, simultaneously, starting from the first to the Wth, calculate the zzz-th primary key with a length of T binary symbols, where zzz=1, 2, 3, ..., W, by multiplying of the zz-th subblock of the SSS2 of the first CSS to the zzz-th submatrix G _zzz , the zzz-th subblock of the SBP2 of the third CSS to the zzz-th submatrix G _zzz , after which the PCLSD2 is simultaneously formed by bitwise summation modulo two W of the primary keys on the sides of the first CSS and the third KSS, respectively.

Thanks to a new set of essential features, due to the simultaneous formation of network and pair keys between the SS correspondents, the overall cryptoconnectivity of the SS increases, which ensures that, when the SSDS is compromised by the intruder, the continued secure information exchange and the restoration of the new SSDS, as well as the emergence of the possibility of pairwise messaging between the SS correspondents without access to it by others correspondents of the SS and the intruder due to the preservation of the pair cryptoconnectivity of the correspondents of the SS.

The above-described new set of essential features in the proposed method allows you to increase the overall cryptographic connectivity of the communication network, which allows you to get a secure paired information exchange and provide conditions for the continuation of secure information exchange between SS correspondents, quick recovery of the CLSD, through the use of paired cryptographic connections, in case of compromise of the CLSD - to continue the secure pair and network information exchange, in case of compromise of PKLShD and SKLShD - to continue secure paired information exchange, and in case of compromise of paired KLShD - will allow continuing secure network information exchange between SS correspondents.

Due to the similar and similar formation in the proposed method and the prototype method of SCLSD, as well as the symmetry of the formation of PKLSHD1 of the second SSS and the first SSS and PKLSHD2 of the third SSS and the first SSS, the figures below show the process of forming only PKLSHD1 of the second SSS and the first SSS.

The claimed method is illustrated by the figures, which show:

• figure 1 - a generalized block diagram of the communication network used in the claimed method;

• figure 2 - timing diagram of generating a random binary symbol on the side of the first CSS;

• figure 3 - timing diagram of the generated initial random sequence of binary symbols on the side of the first CSS length L;

• figure 4 - timing diagram of the formation of the code word on the side of the first CSS length (M+1) binary symbols;

• figure 5 - timing diagram of the error vector in the first communication channel with errors between the first and second CSS;

• figure 6 - timing diagram of the received word of the second CSS length (M+1) binary symbols;

• figure 7 - timing diagram of the formation of the received binary symbol of the second CSS;

• figure 8 - timing diagram of the formation of the binary confirmation symbol F1 of the second CSS;

• Figure 9 shows the timing diagram of the binary acknowledgment symbol F1 received by the third CCC and the first CCC;

• figure 10 - timing diagram of the generated code word on the side of the first CSS length (M+1) binary symbols;

• figure 11 - timing diagram of the error vector in the second communication channel with errors between the first and third CSS;

• figure 12 - timing diagram of the received word of the third CSS length (M+1) binary symbols;

• figure 13 - timing diagram of the formation of the received binary symbol of the third CSS;

• figure 14 - timing diagram of the formation of a binary confirmation symbol F2 of the third CSS;

• Figure 15 shows a timing diagram of the binary acknowledgment symbol F2 received by the second and first CSS;

• figure 16 - timing diagram formed by the correspondents of the communication network set of binary confirmation symbols F1=1 and F2=0;

• figure 17 - time diagram of the received binary symbol erased by the third CSS;

• figure 18 - timing diagram of the generated received binary symbol of the second CSS;

• figure 19 - timing diagram of the formation of the second CSS of the first primary sequence of length Q1 binary symbols (general case);

• figure 20 - timing diagram formed by the second CSS of the first primary sequence of length Q1 binary symbols under the condition Q1≥Q11;

• figure 21 - timing diagram of the formation of the second CSS of the first base sequence length Q11 of binary symbols under the condition Q1≥Q11;

• figure 22 is a timing diagram of the first pre-sequence of the length (UU) of binary symbols generated by the second CSS under the condition Q1<Q11;

• figure 23 - timing diagram formed by the second CSS of the first primary sequence length Q1 binary symbols under the condition Q1<Q11;

• figure 24 - timing diagram of the formation of the second CSS of the first base sequence of length Q11 binary symbols under the condition Q1<Q11;

• figure 25 - timing diagram of the generated random binary symbol on the side of the first CSS;

• figure 26 - timing diagram of the formation of the first CSS of the first secondary sequence of length Q1 binary symbols (general case);

• figure 27 - timing diagram formed by the first CSS of the first secondary sequence of length Q1 binary symbols under the condition Q1≥Q11;

• figure 28 - timing diagram of the formation of the first CSS of the first correlated sequence of length Q11 binary symbols under the condition Q1≥Q11;

• figure 29 - timing diagram formed by the first CSS initial sequence length (UU) of binary characters under the condition Q1<Q11;

• figure 30 - timing diagram formed by the first CSS of the first secondary sequence of length Q1 binary symbols under the condition Q1<Q11;

• figure 31 - timing diagram of the formation of the first CSS of the first correlated sequence of length Q11 binary symbols under the condition Q1<Q11;

• Figure 32 shows the timing diagram of the first base sequence generated by the second CSS, divided into YY subblocks with a length of KK binary symbols;

• figure 33 - timing diagram of the coding of the qq-th subblock of binary symbols of the first base sequence on the side of the second CSS;

• Figure 34 shows a timing diagram of the generated qq-th code block of binary symbols, including the qq-th subblock of correction symbols of length (NN-KK) of binary symbols in the encoded first base sequence on the side of the second CSS;

• Figure 35 shows a timing diagram of combining from qq-x code subblocks of correction symbols into the qq-th code block on the side of the second CSS;

• figure 36 - timing diagram of the transmission of the qq-th subblock correction symbols of the encoded first base sequence from the second CSS to the first CSS;

• Figure 37 shows a timing diagram of dividing the block of correction symbols of the encoded first base sequence received by the first CSS into YY subblocks of correction symbols of length (NN-KK) binary symbols and extracting the qq-th subblock of correction symbols from it;

• figure 38 - timing diagram of the division on the side of the first CSS of the first correlated sequence of length Q11 binary symbols into YY corrected subblocks of length KK binary symbols and the allocation of the qq-th corrected subblock;

• figure 39 - timing diagram of the formation of the qq-th code block with a length of NN binary symbols by concatenation on the right of the qq-th subblock of correction symbols to the qq-th corrected subblock and calculation of the qq-th syndrome;

• figure 40 - timing diagram of the formation of the qq-th syndrome Da1 length (NN-KK) binary symbols and the definition of the error;

• figure 41 - timing diagram of the formation of the first CSS qq-th corrected subblock length KK binary symbols

• Figure 42 is a timing diagram of the formation on the first CSS side of the first corrected sequence of binary symbols from YY corrected error-corrected sub-blocks of length Q11 binary symbols;

• figure 43 - timing diagram formed on the side of the first CSS first corrected sequence length Q11 binary symbols (general case);

• figure 44 - timing diagram formed on the side of the first CSS first corrected sequence of length Q11 binary symbols under the condition Q11=UU;

• figure 45 - timing diagram of the formation on the side of the first CSS of the first compressible corrected sequence length UU binary symbols, provided Q11=UU;

• figure 46 - timing diagram formed on the side of the second CCC first base sequence length Q11 binary symbols, provided Q11=UU;

• figure 47 - timing diagram of the formation on the side of the second CSS of the first compressible base sequence length UU binary characters under the condition Q11=UU;

• figure 48 - timing diagram formed on the side of the first CSS first corrected sequence length Q11 binary symbols under the condition Q11<UU;

• figure 49 - timing diagram of the formation on the side of the first CSS of the first compressible corrected sequence length UU binary symbols under the condition Q11<UU;

• figure 50 - timing diagram formed on the side of the second CCC first base sequence length Q11 binary symbols under the condition Q11<UU;

• figure 51 - timing diagram of the formation on the side of the second CSS of the first compressible base sequence length UU binary characters under the condition Q11<UU;

• Figure 52 shows a timing diagram of the first compressible corrected sequence formed on the side of the first CSS, with a length of UU binary symbols;

• figure 53 is a timing diagram formed on the side of the second CCC first compressible basic sequence with a length of UU binary symbols;

• figure 54 - view formed on the side of the first CCC function hashing sequences;

• figure 55 - timing diagram of the representation of the hashing function in the form of a sequence of binary characters, including from the first to (UU)-th line of length T binary characters;

• Figure 56 is a timing diagram of the generated first compressible corrected sequence on the first CSS side and the first compressible base sequence on the second CSS side;

• figure 57 - timing diagram formed PKLShD1 on the sides of the first and second CSS with a length of T binary symbols;

• figure 58 - timing diagram of the formation of PKLSD1 on the sides of the first and second CSS with a length of T binary symbols.

In the presented figures, the symbol "A" indicates the actions taking place on the side of the first CSS, the symbols "B1" - on the side of the second CSS, the symbols "B2" - on the side of the third CSS, the symbols "E" indicate the level of the signal (symbol) along the ordinate axis of the time diagrams. The symbol "→" denotes the process of transferring sequences of binary characters over communication channels between SS correspondents. In the figures, the shaded pulse is the symbol "1", and not the shaded symbol is "0". The signs "+" and "×" denote, respectively, addition and multiplication in the Galois field GF(2). The upper alphabetic indices indicate the length of the sequence (block), the lower alphabetic indices indicate the number of the element in the sequence (block). Characters underlined with a straight line indicate sequences, without underlining, individual characters (blocks of characters) are indicated.

The formation of IP, PrP1, PrP2, as well as SKLShD is carried out in accordance with the prototype method (RF Patent No. 2480923 dated 04/27/2013). A feature of the proposed method is the simultaneous formation of SCLSD and two PCLSD.

The implementation of the claimed method is as follows. Modern cryptosystems are built according to the Kerckhoffs principle, described, for example, in the book by D. Massey, "Introduction to modern cryptology", TIIER vol. 76, No. 5, May 1988, p. 24, according to which the complete knowledge of the intruder includes, in addition to information obtained through interception, complete information about the order of interaction between the SS correspondents and the process of forming the CLSD. The formation of SCLSD and two PCLSD can be divided into three main stages within the framework of the block diagram (see figure 1).

The first stage is the simultaneous formation of statistically dependent sequences (SZP) among SS correspondents. Ensuring the formation of SZP for each of the correspondents of the SS is provided by the simultaneous transmission of information from the first SS through the first and second communication channels with independent errors, respectively, to the second SS and the third SS. In the proposed method, the formation of SFP provides the formation of the IP of the first CSS, PrP1 of the second CSS, as well as PrP2 of the third CSS, to use them during the formation of the SCLSD, simultaneously BP1 of the second CSS, CP1 of the first CSS are formed to form the PCLSD1, as well as BP2 of the third CSS and CS2 of the first KSS for the formation of PKLShD2. The features of information processing during the formation of these sequences provide a reduction in the statistical relationships between them to ensure the possibility of forming a SCLSD and two PKLSDS that do not coincide with each other. It is assumed that the intruder knows the order of information processing by SS correspondents and intercepts his versions of the generated sequences using an independent interception channel with errors (ICer) between the first CSS and the intruder.

The second stage is designed to ensure the simultaneous formation of SCLSD and two SCLSD with high reliability. Simultaneous formation of SCLSD with high reliability is achieved by eliminating (correcting) mismatched symbols (errors) in PrP1 of the second KSS and PrP2 of the third KSS relative to the IP of the first KSS, when using the second KSS and the third KSS additional information about the IP transmitted from the first KSS over the first direct communication channel without errors to the second CSS and on the second direct communication channel without errors to the third CSS (see figure 1). Simultaneous formation of PCLSD1 with high reliability is achieved by eliminating (correcting) mismatched symbols (errors) in CP1 of the first CSS with respect to BP1 of the second CSS, when using the first CSS additional information about BP1 transmitted over the first reverse communication channel without errors (see Fig.1) from second KSS to the first KSS. Simultaneous formation of PKlSD2 with high reliability is achieved by eliminating (correcting) mismatched symbols (errors) in CP2 of the first CSS with respect to BP2 of the third CSS, when the first CSS uses additional information about BP2 transmitted over the second reverse communication channel without errors (see Fig.1) from third CCC to the first CCC. It is assumed that the intruder intercepts all additional information transmitted over the intercept channels without errors and uses it to eliminate discrepancies in their versions of IP, BP1 and BP2. Possibility of simultaneous formation of SCLSD and two SCLSD is determined by different interception conditions by the intruder. The intruder receives information about IP at the output of an independent NPC with errors between it and the first KSS (i.e., the original NPC), while at the same time, the intruder receives information about BP1 at the output of the composite NPC, which includes a serial connection of the first communication channel with errors and the original Kper, and the offender receives information about BP2 at the output of a composite Nper, which includes a serial connection of the second communication channel with errors and the original Nper.

The third stage is intended for the formation of a CLSD and two CLSD of a given length with a small amount of information about the key received by the intruder.

Ensuring the formation of SSW and two SSW of SS correspondents with a small amount of information about each SSW of the intruder is ensured by compressing the sequences of SS correspondents used to form SSW and two SSW that they received after the second stage. It is assumed that the attacker knows the sequence compression algorithm. Possibilities of forming a CLSD and two CLSD for a SS of three correspondents, reducing the time spent on restoring the cryptographic network connectivity of the SS when the SLSD is compromised, continuing the secure information exchange is achieved by simultaneously transferring the hashing function from the first SS via the first direct and second direct communication channels without errors, respectively, to the second SS and the third CSS and the simultaneous processing of information in order to form the SLSD and two CLSD.

It is assumed that the intruder has an interception channel with errors with input from the first CSS, with the help of which he receives information about the transmitted code words via communication channels with errors to form his versions of IP, BP1, BP2. The intruder can only receive information and cannot participate in the information exchange. The intruder receives information about BP1 at the output of the first composite leak channel, which includes a serial connection of the first communication channel with errors and the interception channel, and the intruder receives information about BP2 at the output of the second composite leak channel, which includes a serial connection of the second error communication channel and the intercept channel. The intruder receives information about IP at the output of the interception channel.

In the claimed method, increasing the overall cryptographic connectivity of the SS correspondents, reducing the recovery time of the network cryptographic connectivity of the SS correspondents in the event of a compromise of the SCLSD by the intruder is implemented by the following sequence of actions.

For the simultaneous formation of SCLSD and two PCLSD correspondents CC on the side of the first CSS generate L times a random binary symbol (see figure 2), where L≥10 ³ is the selected length of the initial random sequence (see figure 3). Known methods for generating random numbers are described, for example, in the book by D. Knuth, "The Art of Computer Programming", M., Mir, 1977, vol. 2, p. 22. A code word is formed from a random binary symbol. To form a code word, the generated random binary symbol is repeated M times (see Fig.4, 10), where M≥1. The value of M is determined by the quality of communication channels with errors. Known methods of encoding code with repetitions are described, for example, in the book by E. Berlekamp, "Algebraic Coding Theory", M., Mir, 1971, p. KSS and the third KSS, respectively. The timing diagram of the error vector in the first communication channel with independent random errors is shown in figure 5, and the timing diagram of the error vector in the second communication channel with independent random errors is shown in figure 11. The term "error vector" means the bitwise difference between the transmitted and received code words , as described, for example, in the book A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 93. After that, at the output of the first communication channel with errors receive the received word of the second CSS (see Fig.6), and at the output of the second communication channel with errors receive the received word of the third CSS (see Fig.12). Known methods for transmitting sequences over communication channels with errors are described, for example, in the book by A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 11. The second CSS and the third CSS form the received binary symbols simultaneously and independently from the respective received words. The received binary symbol of any correspondent SS is assigned the value of the first binary symbol of the corresponding received word (see Fig.7, 13). Due to the analogy and similarity of the formation in the proposed method and the prototype method of SCLSD, as well as the symmetry of the formation of PKLSHD1 of the second SSS and the first SSS and PKLSHD2 of the third SSS and the first SSS, the presented figures, starting from figure 2, show the process of forming only PKLSHD1 of the second SSS and first KSS. To independently and simultaneously generate a binary acknowledgment symbol F1 of the second CSS (see FIG. 8), or a binary acknowledgment symbol F2 of the third CSS (see FIG. 14), respectively, the first binary symbol of the received word is compared with subsequent M binary symbols of the received word, after which, if there are M matches of the first binary symbol of the received word with the subsequent M binary symbols of the received word, the binary confirmation symbol F1 of the second CSS or the binary confirmation symbol F2 of the third CSS is assigned the value one (see Fig.6, 8), and , if there is at least one mismatch between the first binary symbol of the received word and the M binary symbols of the received word, the binary acknowledgment symbol F1 of the second CSS or the binary acknowledgment symbol F2 of the third CSS is set to zero (see FIGS. 12, 14). Known methods for comparing binary symbols are described, for example, in the book by P. Horovets, W. Hill, “The Art of Circuitry”, M., Mir, vol. 1, 1983, p. the first reverse and third forward error-free communication channels to the first CSS and the third CSS, respectively (see Fig.9), transmit the binary confirmation symbol F2 generated by the third CSS over the second reverse and third error-free reverse communication channels to the first CSS and the second CSS, respectively ( see Fig.15). Known methods for transmitting a binary character over the reverse channel are described, for example, in the book A. Zyuko, D. Klovsky, M. Nazarov, L. Fink, "Theory of signal transmission", M., Radio and communication, 1986, p. 156. Then , in the case of joint equality to zero of the binary confirmation symbols F1 and F2 (F1=0; F2=0), the corresponding random binary symbol of the first CSS, as well as the corresponding received binary symbols of the second CSS and the third CSS are simultaneously erased. Known methods for erasing binary characters are described, for example, in the book by W. Peterson, E. Weldon, “Error Correcting Codes”, M., Mir, 1976, p. 1; F2=1) store the random binary symbol of the first CSS, the received binary symbol of the second CSS and the received binary symbol of the third CSS, respectively, as ix elements, where i=1, 2, 3, ..., UU, IP, PrP1 and PrP2, where UU is the number of transmitted symbols of the initial random sequence, each of which corresponds to the fulfillment of the condition of joint equality to one of the binary confirmation symbols F1 and F2 (F1=1; F2=1) during the formation of IP, PrP1, PRP2, and UU≤L. Known methods for storing binary characters are described, for example, in the book L. Maltsev, E. Flomberg, V. Yampolsky, "Fundamentals of Digital Technology", M., Radio and Communications, 1986, p. 79. In the case of joint equality of the binary confirmation symbol F1 one (F1=1) and a binary confirmation symbol F2 zero (F2=0) (see Fig. 16), the corresponding received binary symbol of the third CSS is erased (see Fig. 17) and a random binary symbol of the first CSS is stored (see Fig. 25), the received binary symbol of the second CSS (see FIG. 18), respectively, as ii-x elements, where ii=1, 2, 3, ..., Q1, VP1 of the first CSS (see FIG. 26), PP1 of the second KSS (see Fig.19), where Q1 is the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition of joint equality of the binary confirmation symbol F2 to zero (F2=0) and the binary confirmation symbol F1 to one (F1=1), and Q1 ≤L. If the binary confirmation symbol F1 is jointly equal to zero (F1=0), and the binary confirmation symbol F2 is equal to one (F2=1), the corresponding received binary symbol of the second CSS is erased and the generated random binary symbol of the first CSS, the received binary symbol of the third CSS are stored, respectively. , as iii-x elements, where iii=1, 2, 3, ..., Q2, VP2 of the first CSS, PP2 of the third CSS, where Q2 is the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition of joint equality of the binary confirmation symbol F1 to zero (F1=0) and the binary confirmation character F2 to one (F2=1), with Q2≤L.

After that, for the simultaneous and independent formation of CP1 of the first CSS and BP1 of the second CSS, with a length of Q11 binary symbols, and Q11≤UU, compare the required length of the generated CP1 of the first CSS, BP1 of the second CSS equal to Q11 binary symbols with a length equal to Q1 binary symbols VP1 on the side of the first CSS, PP1 on the side of the second CSS, then, if the condition Q1≥Q11 is met (see Fig.20, 27), each j-th symbol of CP1 on the side of the first CSS is assigned the value of the j-th symbol of VP1 (see Fig.28 ) and each j-th character BP1 on the side of the second CSS is assigned the value of the j-th character PP1 (see Fig.21), where j = 1, 2, 3, ..., Q11, otherwise, each j1-th character CP1 on the side of the first CSS (see Fig.31) assign the value of the j1-th symbol VP1 (see Fig. 30) and each j1-character BP1 on the side of the second CSS (see Fig.24) assign the value of the j1-th symbol PP1 (see Fig.23), where j = 1, 2, 3, ..., Q1, after which each jj-th character KP1 on the side of the first CSS, where jj=Q1+1, Q1+2, Q1+3, Q11 , assign the value of the q1-th character of the IP, where q1=1, 2, 3, (Q11-Q1) (see Fig.29, 31) and each jj-th character BP1, on the side of the second CSS assign the value of the q1-th character PrP1, (see Fig.22, 24). Known methods for storing a sequence of binary characters are described, for example, in the book by L. Maltseva, E. Flomberg, V. Yampolsky, “Fundamentals of Digital Technology”, M., Radio and Communications, 1986, p. CSS and BP2 of the third CSS compare the required length of the generated sequences equal to Q21 of binary symbols with the length equal to Q2 of binary symbols VP2 on the side of the first CSS and TS2 on the side of the third CSS, then, if the condition Q2≥Q21 is met, to each j2-th symbol of CS2 on the side of the first CSS the value of the j2-th symbol of VP2 is assigned and each j2-th symbol of BP2 on the side of the third CSS is assigned the value of the j2-th symbol of RP2, where j2=1, 2, 3, ..., Q21, otherwise, each j3-th symbol of CP2 on the side of the first CSS is assigned the value of the j3-th symbol of VP2 and each j3-th symbol of BP2 on the side of the third CSS is assigned the value of the j3-th symbol of PP2, where j3=1, 2, 3, ..., Q2, after which each jj2-th symbol of CP2 on side of the first CSS, where jj2=Q2+1, Q2+2, Q2+3, …, Q21 is assigned the value of the q2-th symbol of the IP, where q2=UU, (UU-1), (UU-2), …, ( UU-(Q21-Q2)+1) and each jj2-th symbol of BP2, on the side of the third CSS, the value of the q2-th symbol of PrP2 is assigned.

Evaluation of the error probabilities in CP1 and CP2 relative to the corresponding BP1 and BP2 correspondents of the SS is given in Appendix 1 of the proposed method. Evaluation of the probability of errors in DP1 and DP2 with respect to IP correspondents SS is given in Appendix 1 of the prototype method.

After the use of the code with repetitions by the CC correspondents in the IP of the first CC, as well as PrP1 of the second CC and PrP2 of the third CC, non-matching characters remain, which does not allow the CC correspondents to proceed to the direct formation of the SCLSD. The elimination of these mismatches can be implemented based on the use of error-correcting coding. However, well-known error-correcting codes make it possible to encode sequences of much smaller length than the received IP length, which is equal to UU of binary symbols. For this, sequential coding is used, i.e. if the IP length is large, for example, 10 ³ ÷10 ⁵ binary symbols, it is divided into Y subblocks with a length of K binary symbols, where Y=UU/K. Known methods for splitting a sequence into blocks of fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, "Communication Systems", M., Higher School, 1987, p. book by R. Blahut, "Theory and practice of codes that control errors", M., Mir, 1986, p. 63.

For the simultaneous formation of a block of check symbols of the encoded IP, the IP of the first CSS is encoded with a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the generator matrix of which has the dimension K × N, and N >K, while the sizes K and N of the generator matrix of the linear block systematic binary error-correcting (N, K) code are chosen to be K=2 ^m -1-m and N=2 ^m -1, where m≥3, as described, for example, in the book by R. Blahut, “Theory and Practice of Error Control Codes”, M., Mir, 1986, p. 71, for which the IP of the first CCC is first divided into Y subblocks of length K of binary symbols, where Y = UU / K, then , sequentially, starting from the first to the Y-th of each q-th subblock, where q=1, 2, 3, ..., Y, form the q-th code block of length N binary symbols by multiplying the q-th subblock by the generating matrix, then , from the q-th code block, the q-th subblock of check symbols of length (NK) of binary symbols is selected, which is stored as the q-th subblock of the block of check symbols of the encoded IP. A linear binary code is a code that is built on the basis of the use of linear operations in the GF (2) field, as described, for example, in the book by R. Blahut, "Theory and Practice of Error Control Codes", M, Mir, 1986, p. 61 The term "block code" means a code in which actions are performed on blocks of characters, as described, for example, in the book by R. Blahut, "Theory and Practice of Error Control Codes", M., Mir, 1986, p. 13. A code is called systematic, in which the code word begins with information symbols, the remaining symbols of the code word are test symbols for information symbols, as described, for example, in the book by R. Bleihut, "Theory and Practice of Error Control Codes", M., Mir, 1986, p. 66. For the simultaneous and independent formation of a block of correction symbols of the encoded BP1, on the side of the second CSS, BP1 is encoded with a linear block systematic binary error-correcting (NN, KK) code, where KK is the length of the block of information symbols and NN is the length of the code block, generating matrix which has dimensions KK×NN, and NN>KK, while the sizes KK and NN of the generator matrix of the linear block systematic binary error-correcting (NN, KK) code are chosen KK=2 ^mm -1-mm and NN=2 ^mm -1, where mm ≥3, for which BP1 is first divided into YY subblocks with a length of KK binary characters, where YY=Q11/KK (see Fig. Fig.32), then, sequentially, starting from the first to YY-th of each qq-th subblock, where qq=1, 2, 3, ..., YY (see Fig.33), form the qq-th code block of length NN binary symbols by multiplying the qq-th subblock by the generating matrix (see Fig. 34), then the qq-th subblock of correction symbols with the length (NN-KK) of binary symbols (see Fig. 35) is extracted from the qq-th code block, which is stored in as the qq-th subblock of the block of correction symbols of the encoded BP1 (see Fig.36). Simultaneously and independently, on the side of the third CSS, BP2 is encoded with a linear block systematic binary error-correcting (NNN, KKK) code, where KKK is the length of the block of information symbols and NNN is the length of the code block, the generator matrix of which has the dimension KKK × NNN, and NNN>KKK, with In this case, the sizes KKK and NNN of the generating matrix of the linear block systematic binary error-correcting (NNN, KKK) code are chosen KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm≥3, for which BP2 is previously divided into YYY subblocks of length KKK binary symbols, where YYY=Q21/KKK, then, sequentially, starting from the first to YYY-th of each qqq-th subblock, where qqq=1, 2, 3, ..., YYY, form the qqq-th code block of length NNN binary symbols by multiplying the qqq-th subblock by the generator matrix, then the qqq-th subblock of correction symbols with the length (NNN-KKK) of binary symbols is extracted from the qqq-th code block, which is stored as the qqq-th subblock of the block of correction symbols of the encoded BP2. Simultaneously and independently, a block of test symbols of the encoded IP of the first CSS is transmitted over the first direct and second direct communication channels without errors to the second CSS and the third CSS, respectively. Simultaneously and independently, a block of correction symbols of the encoded BP1 of the second CSS is transmitted over the first reverse link without errors to the first CSS (see Fig. 37). Simultaneously and independently, a block of correction symbols of the encoded BP2 of the third CSS is transmitted via the second reverse communication channel without errors to the first CSS.

A wide class of Bose-Chowdhury-Hokvingham codes, Hamming, Reed-Mahler, Reed-Solomon codes and other linear block codes characterized by their parameters N, K, d (NN, KK, dd, ...) can be used as error-correcting codes. During the use of error-correcting coding by the correspondents of the SS, the intruder receives additional information about the CLSD by intercepting a block of correction symbols of the encoded BP1 of the second KSS and BP2 of the third KSS, transmitted, respectively, through the first reverse and third reverse communication channels without errors to the first KSS. Using it, the intruder also corrects some of the inconsistencies in its versions of intercepted TS1 and TS2 relative to TS1 of the second CSS and BP2 of the third CSS. Correspondents take this circumstance into account when forming the corresponding PKSD from the corrected sequences.

The elimination of inconsistencies (errors) in CP1 and CP2 of the first CCC, as well as in PrP1 of the second CCC and PrP2 of the third CCC is implemented in the claimed method by the following sequence of actions. At the same time, DP1 of the second CSS and DP2 of the third CSS are formed and stored, as well as SkP1 with a length of Q11 binary symbols and SkP2 with a length of Q21 binary symbols on the side of the first CSS.

At the same time, for the independent formation of DP1 on the side of the second CSS and on the DP2 side of the third CSS, PrP1 of the second CSS and PrP2 of the third CSS are simultaneously and independently decoded by a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the transposed check matrix of which has the dimension N×(NK), and N>K, while choosing the sizes K and N of the check matrix of the linear block systematic binary error-correcting (N, K) code K=2 ^m -1-m and N= 2 ^m -1, where m≥3, for which the pre-sequences and blocks of parity symbols of the encoded IP are divided into Y corresponding pairs of decoded subblocks and subblocks of parity symbols, where Y=UU/K, and the lengths of decoded subblocks and subblocks of parity symbols are chosen equal respectively K and (NK) binary symbols, then form Y received code blocks of length N binary symbols by right concatenation to the q-th decodable sub-block of the q-th parity sub-block, where q=1, 2, 3, ..., Y, then, sequentially , starting from the 1st to the Yth, the qth syndrome D of length (NK) of binary symbols is calculated by multiplying the qth received code block by the transposed check matrix, and using the obtained qth syndrome D, errors are corrected in the qth decoded subblock, which is then stored as the qth subblock of the decoded sequences. Known methods for syndromic decoding of symbol blocks are described, for example, in the book by R. Blahut, “Theory and practice of error control codes”, M., Mir, 1986, p. linear block systematic binary error-correcting (NN, KK) code, where KK is the length of the block of information symbols and NN is the length of the code block, the transposed check matrix of which has the dimension NNx(NN-KK), and NN>KK, while choosing the sizes KK and NN of the check matrix of the linear block systematic binary error-correcting (NN, KK) code KK=2 ^mm -1-mm and NN=2 ^mm -1, where mm≥3, for which KP1 and the block of correction symbols of the encoded BS are divided into YY corresponding pairs of corrected subblocks and subblocks of correction symbols (see Fig.37, 38), where YY=Q11/KK, and the lengths of the corrected subblocks and subblocks of correction symbols are chosen equal to KK and (NN-KK) of binary symbols, respectively, then YY of the received code blocks of length NN binary symbols by right concatenation to the qq-th corrected sub-block of the qq-th sub-block of corrective symbols (see Fig. Fig.39), where qq=1, 2, 3, ..., YY, then, sequentially, starting from the 1st to YYth, calculate qq-th syndrome Da1 length (NN-KK) of binary symbols by multiplying the qq-th of the received code block to the transposed check matrix (see Fig.40), and according to the obtained qq-th syndrome Da1, errors are corrected in the qq-th corrected subblock (see Fig.41), which is then stored as the qq-th corrected subblock ( see Fig.42) SKP1 on the side of the first KSS (see Fig.43). At the same time, for the independent formation of SC2 on the side of the first CSS, CS2 is decoded by a linear block systematic binary error-correcting (NNN, KKK) code, where KKK is the length of the block of information symbols and NNN is the length of the code block, the transposed check matrix of which has the dimension NNN×(NNN- KKK), moreover, NNN>KKK, while choosing the sizes KKK and NNN of the check matrix of the linear block systematic binary noise-correcting (NNN, KKK) code KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm≥3, for whereby TS2 and the block of correction symbols of the encoded BP2 are divided into YYY of the corresponding pairs of corrected sub-blocks and sub-blocks of correction symbols, where YYY=Q21/KKK, and the lengths of corrected sub-blocks and sub-blocks of correction symbols are chosen to be KKK and (TSTNN-KKK) binary symbols, respectively, then form YYY received code blocks of length NNN binary symbols by right concatenation to the qqq-th corrected sub-block of the qqq-th correction symbol sub-block, where qqq=1, 2, 3, ..., YYY, then, sequentially, starting from the 1st to the YYY-th , the qqq-th syndrome Da2 of length (NNN-KKK) of binary symbols is calculated by multiplying the qqq-th received code block by the transposed check matrix, and using the obtained qqq-th syndrome Da2, errors are corrected in the qqq-th corrected subblock, which is then stored as qqq th corrected subblock SkP2.

Estimation of the probabilities of erroneous decoding of correlated sequences is given in Appendix 2 of the proposed method. Estimation of the probabilities of erroneous decoding of preliminary sequences is given in Appendix 2 of the prototype method.

After the elimination of mismatches (errors) in CP1 and CP2 of the first CCC relative to the corresponding BP1 of the second CCC and BP2 of the third CCC, in the claimed method, SC1 and CC2 are simultaneously and independently formed on the side of the first CCC, as well as SBP1 on the side of the second CCC and SBP2 on the side of the third CCC , and the length of each compressed sequence is equal to UU binary symbols, for which the required length of the generated SSP1 of the first CSS and SBP1 of the second CSS is compared to UU of binary symbols with a length equal to Q11 binary symbols of SSP1 on the side of the first CSS (see Fig.44) and BP1 on the side of the second CSS (see Fig.46), then, if the condition Q11=UU is met, each j-th symbol of the SSP1 on the side of the first CSS is assigned the value of the j-th symbol of the SP1 (see Fig.45) and each j-th symbol SBP1 on the side of the second CSS assign the value of the j-th character BP1 (see Fig.47), where j = 1, 2, 3, ..., UU, otherwise (see Fig.48, 50) each jj-th symbol SSP1 on the side of the first CSS is assigned the value of the jj-th symbol of SSP1 and each jj-th symbol of the SBP1 on the side of the second CSS is assigned the value of the jj-th symbol of BP1, where jj = 1, 2, 3, ..., Q11, after which each i-th the symbol SSP1 on the side of the first CSS is assigned the value zero (see Fig.49) and each i-th symbol SBP1 on the side of the second CSS assign the value zero (see Fig.51), where i = Q11+1, Q11+2, ..., UU. A general view of the formed SSP1 of the first SSS and the SBS of the second SSS is shown in figures 52 and 53, respectively. At the same time, for the formation of SSP2 of the first CSS and SBP2 of the third CSS, the required length of the generated sequences equal to UU of binary symbols is compared with the length equal to Q21 of binary symbols SC2 on the side of the first CSS and BP2 on the side of the third CSS, then, if the condition Q21=UU is met, each j2- the value of the j2-th symbol of SSP2 is assigned to the j2-th symbol of SBP2 on the side of the third CSS2, where j2=1, 2, 3, ..., UU, otherwise each The jj2-th symbol of SSP2 on the side of the first CSS is assigned the value of the jj2-th symbol of SP1 and each jj of the 2nd symbol of SBP2 on the side of the third CSS is assigned the value of the jj2-th symbol of the BS, where jj2=1, 2, 3, ..., Q21, after whereby each i2-th symbol of SBP2 on the side of the first CSS is assigned the value zero and each i2-th symbol of the SBP2 on the side of the third CSS is assigned the value zero, where i2=Q21+1, Q21+2, ..., UU.

After the formation by the correspondents of the SS of the identical IP of the first KSS, as well as DP1 of the second KSS and DP2 of the third KSS, SSP1 of the first KSS and SBP1 of the second KSS, as well as SSP2 of the first KSS and SBP2 of the third KSS, the correspondents of the communication network must form, respectively, SKLShD, as well as PklSHD1 and PklShD2 with a small amount of information of the intruder about SklShD and two PklShD. To provide a small amount of information to the intruder about the SCLSD and two SCLSD, the correspondents of the communication network use the method of "enhancing the secrecy" of sequences.

An estimate of the amount of Shannon's information received by the intruder about the SCLSD communication network formed by the correspondents when using the "enhancement of secrecy" method is given in Appendix 3 of the prototype method. An estimate of the amount of Shannon's information received by the intruder about the two PKLSD formed by the SS correspondents using the "enhancement of secrecy" method is given in Appendix 3 of the proposed method.

To provide a small amount of information to the intruder about the SCLSD and two SCLSD, the following sequence of actions is implemented in the proposed method. On the side of the first CSS, a hashing function of sequences is formed in the form of a binary matrix G of dimension UU×T, where T≥64 is the length of the generated SLSD and paired CLSD, and each of the elements of the binary matrix G is randomly generated (see Fig.54). Then, simultaneously, sequentially, starting from the first to the UU-th row of the binary matrix G (see Fig.55), the sequence hashing function is transmitted over the first direct and second direct communication channels without errors to the second CSS and the third CSS, respectively. Then, simultaneously and independently, by hashing, SCLSD is formed from IP on the side of the first CSS and the corresponding DP1 of the second CSS and DP2 of the third CSS, PCLSD1 from SSP1 on the side of the first CSS and SBS on the side of the second CSS (see Fig.56), PCLSD2 from SSP2 on the side of the first CSS and SBP2 on the side of the third CSS, for which the preliminary binary matrix G and IP of the first CSS, the binary matrix G and DP1 of the second CSS, the binary matrix G and DP2 of the third CSS are divided into W corresponding pairs of submatrices of dimension P×T, moreover, P=UU/W, where T≥64 is the length of the formed SCLSD, and, accordingly, subblocks IP of the first CSS, DP1 of the second CSS and DP2 of the third CSS with a length of P binary symbols. Known methods for splitting a sequence into blocks of a fixed length are described, for example, in the book by V. Vasiliev, V. Sviridenko, "Communication Systems", M., Higher School, 1987, p. 208. Then, simultaneously, starting from the first to the W-th , calculate the z-th primary key of length T binary symbols, where z=1, 2, 3, W, by multiplying the z-th subblock IP of the first CSS by the z-th submatrix G _z , the z-th subblock, DP1 of the second CSS by z- th submatrix G _z , the z-th sub-block of DP2 of the third CSS onto the z-th sub-matrix G _z . Then SKLShD is formed by bitwise summation modulo two of all W primary keys on the sides of all CSSs. The actions for transmitting and receiving sequences on communication channels with errors, as well as on forward and reverse communication channels without errors, are synchronized. Known synchronization methods are described, for example, in the book by E. Martynov, “Synchronization in Discrete Message Transmission Systems”, M., Communications, 1972, p. and SSP1 of the first SSS, the binary matrix G and SBP1 of the second SSS are divided into W corresponding pairs of submatrices of dimension P×T, and P=UU/W, where T≥64 is the length of the formed PKLSD1, and, accordingly, SSP1, SBP2 subblocks of length R binary symbols, respectively, then, simultaneously, starting from the first to the W-th, the zz-th primary key of length T binary symbols is calculated, where zz=1, 2, 3, ..., W, by multiplying the zz-th subblock of the SSP1 of the first CSS by zz -th submatrix G _zz , zz-th sub-block SBP1 of the second CSS to the zz-th submatrix G _zz , after which PCLSD1 is simultaneously formed by bitwise summation modulo two W of primary keys on the sides of the first CSS and the second CSS, respectively (see Fig.58 ). Simultaneously and independently, for the formation of PCLSD2, the preliminary binary matrix G and SSP2 of the first CSS, the binary matrix G and SBP2 of the third CSS are divided into W of the corresponding pairs of submatrices of dimension P×T, and P=UU/W, where T≥64 is the length of the generated PCLSD2, and, accordingly, subblocks of SSP2, SBP2 of length P binary symbols, respectively, then, simultaneously starting from the first to the Wth, calculate the zzz-th primary key of length T binary symbols, where zzz=1, 2, 3, ..., W, by multiplying zzz-th subblock of the SSS2 of the first CSS to the zzz-th submatrix G _zzz , zzz-th subblock of the SBP2 of the third CSS to the zzz-th submatrix G _zzz , after which, simultaneously, respectively, the PCLSD2 is formed by bitwise summation modulo two W of the primary keys on the sides of the first KSS and the third KSS.

In accordance with the proposed method, SCLSD, PKLSD1 and PKLSD2 are formed, which coincide in pairs with a low probability commensurate with the probability of guessing the generated CLSD with a length of T binary symbols. An assessment of the probability of pairwise coincidence of CLSD and paired CLSD is given in Appendix 4.

To confirm the possibility of achieving the formulated technical result, analytical modeling was carried out, the results of which can be concluded that, given the initial data and requirements for the SCLSD and two PKLSDs, an SCLSD and two PKLSDS can be simultaneously formed in accordance with the proposed method. The results of evaluating the generated SLSD and two PKLSD for a communication network that includes three SSNs, as well as estimating the change in the cryptoconnectivity coefficient in the proposed method, are given in Appendix 5.

Annex 1

Estimation of the probability of errors in the first and second correlated sequences of the first correspondent of the communication network ^{1 1} (Appendices 1-5 use all the conventional abbreviations that were used in the description of the invention, as well as newly introduced in the course of the description of the Applications.)

- вероятность ошибки на двоичный символ в первом канале связи с ошибками (КСО1) между первым корреспондентом сети связи (СС) и вторым корреспондентом СС (КСС) и

- вероятность ошибки на двоичный символ во втором канале связи с ошибками (КСО2) между первым КСС и третьим КСС, тогда

- вероятность ошибки в первой коррелированной последовательности (КП1) первого КСС относительно первой базовой последовательности (БП1) второго КСС может быть найдена из выражения:Let

- the probability of an error per binary symbol in the first communication channel with errors (CSO1) between the first correspondent of the communication network (CC) and the second correspondent CC (CCN) and

is the probability of an error per binary symbol in the second communication channel with errors (CCO2) between the first CCC and the third CCC, then

- the error probability in the first correlated sequence (CP1) of the first CSS relative to the first base sequence (BP1) of the second CSS can be found from the expression:

- вероятность, с которой принимается блок (длиной М+1 двоичных символов) с М повторениями второго КСС, которая определяется с помощью выражения:Where

- the probability with which a block (of length M + 1 binary symbols) with M repetitions of the second CSS is received, which is determined using the expression:

- вероятность ошибки во второй коррелированной последовательности (КП2) первого КСС относительно второй базовой последовательности (БП2) третьего КСС может быть найдена из выражения:Similarly

- the error probability in the second correlated sequence (CS2) of the first CSS relative to the second base sequence (BP2) of the third CSS can be found from the expression:

- вероятность, с которой принимается блок (длиной М+1 двоичных символов) с М повторениями третьего КСС, которая определяется с помощью выражения:Where

- the probability with which a block (of length M + 1 binary symbols) is received with M repetitions of the third CSS, which is determined using the expression:

из выражения (1.2) (т.к. нарушитель сохраняет только те решения о принятых им словах длиной М+1 двоичных символов, которые сохранил второй КСС) и может быть определена из выражения:The probability of an error in the version of BP1 of the intruder depends on the reception rule chosen by him and the fact of formation of the first composite leakage channel (CLC1) independent of the intruder. This channel (see figure 1) includes a serial connection KCO1 and intercept channel (Kper) between the first KSS and the intruder. Thus, if p _w is the probability of error per binary symbol in NPER and the offender decodes according to the majority rule ² , ( ² repetitions.), then the probability of an error per binary symbol for the received information symbols in the offender's version of BP1 depends on the probability of receiving

from expression (1.2) (because the offender saves only those decisions about the words he made with the length of M + 1 binary symbols that the second CCC saved) and can be determined from the expression:

where α _tj is the joint probability of events, the occurrence of an error i in CSR1 (the presence of an error (i=1) or the absence of an error (i=0), with i ∈ {0,1}), and the occurrence of an error j in CKU1 (the presence of an error ( j=1) or the absence of an error (j=0), with j ∈ {0,1}), when transmitting any symbol from the first CSS to the second CSS over CSS1 with independent errors, where:

By analogy, the probability of an error in the BP2 version of the intruder will depend on the reception rule chosen by him and the fact of formation of the second composite leakage channel (CLC2) independent of the intruder. This channel (see figure 1) includes a serial connection KCO2 and Kper. So, if the offender decodes according to the majority rule, then the probability of an error per binary symbol for the received information symbols in the offender’s version of BP2 depends on the probability of receiving p2 _ac from expression (1.4) (because the offender saves only those decisions about the words of length M taken by him +1 of the binary characters that the third CSS retained) and can be determined from the expression:

where β _ij is the joint probability of events, the occurrence of an error i in CSR2 (the presence of an error (i=1) or the absence of an error (i=0), with i ∈ {0,1}), and the occurrence of an error j in the CKU2 (the presence of an error ( j=1) or the absence of an error (j=0), with j ∈ {0,1}), when transmitting any symbol from the first CSS to the third CSS over CSS02 with independent errors, where:

Annex 2

Estimation of the probabilities of erroneous decoding of the first and second corrected sequences of the first correspondent of the communication network

The probability of erroneous decoding of the first corrected sequence (CcP1) of the first CSS with respect to BP1 of the second CSS can be determined by the formula:

where P _E01 is the probability of erroneous decoding of a subblock with a length of KK binary symbols from CKP1 KSS1, determined as described, for example, in the book by F. McWilliams, N. Sloan, "Theory of error-correcting codes", M., Svyaz, 1979, p. .29, from the expression:

- вероятность ошибки в КП1 первого КСС относительно БП1 второго КСС, полученная из выражения (1.1) Приложения 1, a d1 - минимальное кодовое расстояние (NN, KK) кода, которое определяется, как минимальное число несовпадающих разрядов в двух любых кодовых словах (NN, KK) кода, как описано, например, в книге Ф. Мак-Вильямс, Н. Слоэн, «Теория кодов исправляющих ошибки», М., Связь, 1979, стр. 20.Where

is the error probability in CP1 of the first CSS relative to BP1 of the second CSS, obtained from the expression (1.1) of Appendix 1, and d1 is the minimum code distance (NN, KK) of the code, which is defined as the minimum number of mismatched bits in any two code words (NN, KK) code, as described, for example, in the book by F. McWilliams, N. Sloan, "Theory of error-correcting codes", M., Svyaz, 1979, p. 20.

The probability of erroneous decoding of the second corrected sequence (CcS2) of the first CSS with respect to BP2 of the third CSS can be determined by the formula:

where P _E02 is the probability of erroneous decoding of a subblock with a length of KKK binary symbols from the CKP2 of the first CSS, determined from the expression

- вероятность ошибки в КП2 первого КСС относительно БП2 третьего КСС, полученная из выражения (1.3) Приложения 1, a d2 - минимальное кодовое расстояние (NNN, KKK) кода.Where

is the error probability in CP2 of the first CSS relative to BP2 of the third CSS, obtained from the expression (1.3) of Appendix 1, and d2 is the minimum code distance (NNN, KKK) of the code.

Annex 3

Estimation of the amount of Shannon's information received by the intruder about the first and second paired encryption/decryption keys formed by the correspondents of the communication network when using the "enhancement of secrecy" method

To provide a small amount of information to the intruder about the first paired CLSD (PCLSD1) and the second paired CLSD (PCLSD2), the proposed method uses the method of "enhancing the secrecy" of sequences based on universal hashing, as described, for example, in the book Bennett S., Brassard G ., Crepeau C., Maurer U. "Generalized privacy amplification", IEEE Trans, on IT. vol. 41 no. 6. pp.1915-1923, 1995, p. 1920. The essence of the method of "increasing secrecy" is as follows. On the side of the first CSS, a hash function is randomly selected from the universal set of hash functions. The hashing function is transmitted over the first direct and second direct communication channels without errors, respectively, to the second CSS and the third CSS. Then the first compressible corrected sequence (SSP1) of the first CSS, the first compressible base sequence (SBS1) of the second CSS is hashed. The result of hashing will be the generated PklSD1 for the second KSS and the first KSS. With a probability close to one and equal to (1-Рε), an event occurs when the information of the intruder about PKLSD1 does not exceed a certain small value Io, and with a low probability of failure Pε, an event is possible in which the information of the offender about PKLSD1 will be more than Io. SSP1 with a length of UU binary symbols is mapped into a sequence Pka1 with a length of T binary symbols of the generated PCLSD1 of the first CSS, and SBP1 with a length of UU binary symbols is mapped into a sequence Pkb1 with a length of T of binary symbols of the generated PCLSD1 of the second CSS. It is assumed that the intruder has complete information about the hashing function of the sequences of SS correspondents. The sequence hashing function must satisfy a number of requirements, as described, for example, in the book Yu. Romanets, P. Timofeev, V. Shangin, “Information Protection in Computer Systems and Networks”, M., Radio and Communication, 1999, p. 156:

* the hashing function must be sensitive to all kinds of changes in the sequence, such as insertions, emissions, permutations, etc.;

* the hashing function must have the property of irreversibility, i.e. the task of selecting another sequence that had the required value of the hash function must be computationally unsolvable;

* probability of collision, i.e. the probability of an event in which the values of the hash function of two different sequences are the same must be negligible.

причем для хранения каждая функция хеширования последовательностей требует TUU ячеек памяти) труднореализуемо и нецелесообразно. Поэтому случайный равновероятный выбор функции хеширования последовательностей из универсального множества G2 функций хеширования последовательностей на стороне первого КСС заключается в генерировании случайным образом элементов двоичной матрицы размерности UU×T, которая описывает случайно выбранную функцию хеширования последовательностей из G2. После формирования вторым КСС и первым КСС ПКлШД1 путем хеширования СБП1 и ССП1 по случайно выбранной из G2 функции хеширования последовательностей количество информации Шеннона, получаемое нарушителем о ПКлШД1, сформированном вторым КСС и первым КСС не больше, чемIn addition, the hash function must belong to the universal set of hash functions G2. The universal set of hash functions is defined as follows. Let n and r be two positive integers, with n>r. A set of G2 functions that map a set of binary sequences of length n into a set of binary sequences of length r is called universal if, for any different sequences x ₁ and x ₂ from the set of binary sequences of length n, the probability (collision) that the value of the hash function from x ₁ is equal to value of the hash function from x ₂ (g(x ₁ ) = g(x ₂ )), does not exceed 2 ^-r if the hash function g is chosen randomly, in accordance with the equiprobable distribution, from G2, as described, for example, in the book Carter J., Wegman M., "Universal classes of hash functions", Journal of Computer and System Sciences, 1979, Vol.18, pp.143-154, p. 145. All linear functions mapping a set of binary sequences of length n into a set binary sequences of length r belong to the universal set, as described, for example, in Carter J., Wegman M., "Universal classes of hash functions", Journal of Computer and System Sciences, 1979, Vol.18, pp.143-154 , p. 150. Linear functions can be described by n×r binary matrices. Storing the universal set G2 of sequence hash functions (the number of sequence hash functions belonging to the universal set G2 is large and equals

moreover, each sequence hashing function requires TUU of memory cells for storage) is difficult to implement and impractical. Therefore, a random equiprobable choice of a hashing function for sequences from the universal set G2 of hashing functions for sequences on the side of the first CSS is to randomly generate elements of a binary UU×T matrix that describes a randomly selected hashing function for sequences from G2. After the formation of the second CSS and the first CSS PklSD1 by hashing SBP1 and SSP1 according to a hashing function of sequences randomly selected from G2, the amount of Shannon information received by the offender about PKlSD1 formed by the second CSS and the first CSS is no more than

where I _R is Renyi information. The Renyi information is determined in terms of the Renyi entropy per symbol in NPer with the probability of error per binary symbol p _w , which characterizes the intruder’s uncertainty about PCLSD1, if the adversary knows the information obtained by interception, the full information about the algorithm of interaction between SS correspondents and the process of formation of PCLSD1, as described , for example, in Bennett C., Brassard G., Crepeau C., Maurer U. "Generalized privacy amplification", IEEE Trans, on IT. vol. 41 no. 6.pp. 1915-1923, 1995, p. 1919. Renyi's entropy is

Then the Renyi information I _R , obtained by the intruder when observing the sequences of BP1 with the length of UU symbols, is determined by the expression:

When eliminating mismatches (errors) in CP1 of the first CCC, when a block of correction symbols encoded BP1 with a length of YY(NN-KK) of binary symbols is transmitted from the second CCC to the first CCC over the first reverse communication channel without errors, the offender receives additional Renyi information about PklSD1. Additional Renyi information obtained by the attacker by encoding BP1 I _Rcode is equal to I _Rcode =YY(NN-KK), as proved, for example, in Lemma 5 of Maurer U. "Linking Information Reconciliation and Privacy Amplification", J. Cryptology, 1997, no. 10, pp.97-110, p. 105. Then the total amount of Renyi information coming to the offender is

In this case (3.1), takes the form:

The amount of Shannon's information received by the intruder about the generated PKlSD1, when using the "enhancement of secrecy" method, is greater than the limit 10 (defined in (3.5)) with a low failure probability Рε. When SS correspondents use a code with repetitions, the Renyi entropy and the probability Re are determined by more complex relationships described, for example, in the journal Information Security Problems. Computer Systems", St. Petersburg, Petrovsky Fund, No. 1, 2000, p. 18 in the article by V. Korzhik, V. Yakovlev, A. Sinyuk, "Protocol for generating a key in a noisy channel", and the Renyi entropy does not depend on the chosen a violator of the rule for processing intercepted messages.

Determining the Renyi information and the probability Pε with the simultaneous formation of PKLSD1 (together with the network CLSD (SKLSD) and PKLSD2) requires consideration of all procedures associated with the simultaneous transmission of information over communication channels with errors, which include: generation and transmission of an initial random sequence (NRS) the first KSS to the second KSS and the third KSS. In order to create conditions under which the reception quality in SOC1 will exceed the reception quality in SCH1, each of the NSP symbols randomly generated by the first SSC is repeated M times and transmitted to the side of the second SSC over SCH1. On the second side of the CSS, each of the words of the repetition code is received if all its elements are either "1" or "0" and decides on the information symbol corresponding to the received word. The generated BP1 of the second CSS may include the stored symbols of the first primary and preliminary sequences of the second CSS in accordance with paragraphs. 1 and 4 claims. In case not all elements of the received word "1" or "0" on the side of the second CSS are erased. The decision (in the form of a binary confirmation symbol F1) about the received (erased) words is transmitted over the communication channels without errors to the first CSS and the third CSS, which store in BP1 and CP1, respectively, the characters that have not been erased.

The attacker may also delete symbols that have been erased by the second CSS and the first CSS. However, the symbols stored by the attacker (i.e., which saved the second CSS and the first CSS) are not sufficiently reliable, because Errors occurring in KSO1 and errors in KPer are independent, and the offender receives information about PKLSD1 at the output of SKU1, which includes a serial connection of KSO1 and KPer. Consider the situation of the offender, when he observes a noisy sequence of blocks with a length of M + 1 binary symbols (bits). Denote by |z1| Hamming weight ^{3 3} (The Hamming weight of a block of binary symbols is the number of non-zero bits in a block of binary symbols.) (the number of symbols "1") of the block z1 of length (M+1) received by the intruder. It is easy to show that the joint probability of events |z1|=d and the event that this block was received by the second CSS, provided that the information symbol x equal to "0" is transmitted from the first CSS, is equal to:

where α1 _ij is the joint probability that the information symbol x = 0 sent from the first CSS is received by the second CSS as i ∈ {0,1} and by the offender as j ∈ {0,1}. Since KCO1 and KPer are independent, then

Similarly, for x = 1

Where

Replacing (3.7) in (3.6) and (3.9) in (3.8) and using the Bayes theorem, as described, for example, in the book Feller V., "Introduction to the theory of probability and its applications", M., Mir, 1967, 498 c, we obtain the probability that |z1| \u003d d, provided that the information symbol x equal to “0” is transmitted from the first CSS, it is equal to:

- вероятность, с которой принимается блок (длиной (М+1) двоичных символов) с М повторениями вторым КСС, которая определяется из выражения (1.2) Приложения 1. Аналогично, для х=1:Where

- the probability with which a block (of length (M + 1) binary symbols) is received with M repetitions of the second CSS, which is determined from the expression (1.2) of Appendix 1. Similarly, for x=1:

We believe that the probability of the formation of the information binary symbol x NSP by the first CSS is equal to (because each bit of the NSP on the side of the first CSS is randomly generated)

Probability of receipt by the intruder by NPer of a block z1 of a code with M repetitions of length (M+1) and Hamming weight d, |z1| = d is equal to

Using the Bayes theorem, we obtain the following probabilities of transmission from the first CCC of symbols x=0 or x=1, provided that the offender received the block |z1|=d:

(символов сформированной БП1), при условии, что нарушитель принял блок |z1|=d, определяется с учетом правильного (неправильного) декодирования вторым КСС блока длиной (М+1) символов (формирования принятого символа) и равны:These probabilities correspond to the case when the intruder receives a block of length (M + 1) symbols with Hamming weight |z1|=d relative to the symbol in CP1 (NSP) on the side of the first CSS, but on the side of the first CSS, mismatched symbols are corrected in the generated CS1 relative to the generated BP1 on the side of the second KSS2, using a block of correction symbols encoded BP1. Then it is necessary to determine these probabilities with respect to the formed BP1 on the side of the second CCC2. Probabilities of reception on the side of the second CSS symbols

(symbols of the formed BP1), provided that the intruder received the block |z1|=d, is determined taking into account the correct (incorrect) decoding of the second CSS block with a length of (M + 1) symbols (the formation of the received symbol) and are equal to:

- вероятность, которая определяется согласно выражению (1.1) Приложения 1.Where

- probability, which is determined according to the expression (1.1) of Appendix 1.

The relative knowledge of the violator BP1 of the second CSS of length Q11 is represented by his knowledge of the Hamming weights d ₁ , d ₂ , ... d _Q11 of the corresponding code blocks with repetitions of length (M+1) symbols. For the BP1 version of the intruder, the Rényi entropy R is equal to

с использованием границы Чернова, как описано, например, в книге Коржик В.И., Финк Л.М., Щелкунов К.Н. "Расчет помехоустойчивости систем передачи дискретных сообщений" - М: Радио и связь, 1981. - 231 с, Ре определяется:The weights d ₁ , d ₂ , …, d _Q11 are random variables and the Rényi entropy obtained by the attacker is also a random variable. Probability Pε is the probability that the sum of random variables will be less than the value (R ₀ - ε)Q11, where R ₀ is the average Renyi entropy per received repetition block of length (M + 1), ε is a small value that determines the value

using the Chernov boundary, as described, for example, in the book Korzhik V.I., Fink L.M., Shchelkunov K.N. "Calculation of noise immunity of discrete message transmission systems" - M: Radio and communication, 1981. - 231 s, Re is determined by:

- энтропия Реньи (см. выражение (3.2)) на принятый нарушителем блок повторения длиной (М+1) с весом Хемминга d и R₀ определяется согласно выражениюWhere

- Renyi entropy (see expression (3.2)) on the repetition block of length (M + 1) received by the intruder with Hamming weight d and R ₀ is determined according to the expression

The optimal parameter a can be found from the equation

Then the Renyi information I _R in expression (3.5) when using the first CSS and the second CSS code with repetitions and forming SBP1 of the second CSS and SPC1 of the first CSS is equal to

In a similar way, as shown in expressions (3.1) - (3.25), using the analogy method, taking into account the features of the formation of PklSD2 of the third KSS and the first KSS, an estimate of the amount of information of the intruder about PKlSD2 in the proposed method can be shown using the "enhancement of secrecy" method.

Appendix 4

Evaluation of pairwise match events of network and pairwise encryption/decryption keys

In accordance with paragraph 1 of the claims of the proposed method, the SCLSD is formed on the information basis of the generated initial sequence (IP) of the first CSS with a length of UU binary characters, because SLSD is formed on the basis of IP hashing (DP1, DP2), moreover, DP1 with a length of UU binary symbols on the side of the second CSS and DP2 with a length of UU binary symbols on the side of the third CSS are independently and simultaneously formed on the basis of a block of check symbols of the encoded IP.

In accordance with paragraph 1 of the claims of the proposed method, PKlSD1 is formed on the information basis of the generated SBP1 of the second CSS with a length of UU binary symbols, because PklSD1 is formed on the basis of hashing SBP1 (SSP1), and SBP1 with a length of Q11 binary symbols on the side of the first SSS1 is formed on the basis of a block of correction symbols of the encoded BP1, which has a length of Q11 binary symbols, after which it is simultaneously and independently formed from BP1 on the side of the second SSS - SBP1 the length of UU binary symbols, and from SSP1 on the side of the first CSS - SSP1 with the length of UU binary symbols.

In accordance with paragraph 1 of the claims of the proposed method, PklSD2 is formed on the information basis of the generated SBP2 of the third CSS with a length of UU binary symbols, because PklSD2 is formed on the basis of hashing SBP2 (SSP2), and SBP1 with a length of Q21 binary symbols on the side of the first CSS is formed on the basis of a block of correction symbols of the encoded BP2, which has a length of Q21 binary symbols, after which, simultaneously and independently, SBP2 with a length of UU of binary symbols, and from SKP1 on the side of the first CSS - SSP2 with a length of UU of binary symbols.

The foregoing allows us to assert that the evaluation of events of pairwise (mutual) matching of network and paired encryption/decryption keys is determined by the evaluation of events of pairwise (mutual) matching of IP, SBP1 and SBP2.

ИП, СБП1 и СБП2 формируется с «временным» сдвигом относительно взаимного расположения по нумерации символов в НСП, т.к. запоминание s-го соответствующего символа ИП, СБП1 и СБП2 происходит в различные моменты времени с учетом кодированной передачи символов НСП по независимым первому и второму каналам связи с ошибками.In accordance with paragraph 1 of the claims of the proposed method, IP, SBP1 and SBP2 are formed on the basis of the encoded transmission of randomly generated binary symbols (NSP) with a sufficiently large length L of binary symbols. The formation of each sequence from the set, including IP, SBP1 and SBP2, is carried out independently, while with a total equal length UU, each of any sx of the corresponding characters according to the general numbering, where

IP, SBP1 and SBP2 are formed with a "temporal" shift relative to the relative position according to the numbering of symbols in the NSP, because memorization of the s-th corresponding symbol of the IP, SBP1 and SBP2 occurs at different points in time, taking into account the encoded transmission of the NSP symbols over independent first and second communication channels with errors.

запоминание на стороне первого КСС случайного двоичного символа НСП x_i в качестве s-го символа ИП происходит в случае события совместного равенства двоичных символов подтверждения F1 и F2 единице (F1=1 и F2=1), которое происходит с вероятностью Р₁₁:At time i, and

memorization on the side of the first CSS of a random binary symbol of the NSP x _i as the s-th symbol of the IP occurs in the event of a joint equality of the binary confirmation symbols F1 and F2 to one (F1=1 and F2=1), which occurs with a probability P ₁₁ :

where the probabilities p1 _ac and p2 _ac are determined from (1.2) and (1.4) of Appendix 1, respectively. The average length of the IP, equal to UU, and UU>0, can be found from the formula:

запоминание на стороне второго КСС принятого двоичного символа НСП y_j в качестве s-го символа первой первичной последовательности (ПП1) происходит в случае события совместного равенства двоичных символов подтверждения F1 единице и F2 нулю (F1=1 и F2=0), которое происходит с вероятностью P₁₀:At time j, and

memorization on the side of the second CSS of the received binary symbol NSP y _j as the s-th symbol of the first primary sequence (PP1) occurs in the event of a joint equality of the binary confirmation symbols F1 to one and F2 to zero (F1=1 and F2=0), which occurs with probability P ₁₀ :

The average length of the PN, equal to Q1, and Q1>0, can be found from the formula:

In accordance with paragraphs. 1, 4, 7 of the claims of the proposed method, the basis for the formation of SBP1 is PP1. In accordance with (4.1) - (4.4) for the moments of time i and j in the stored corresponding s-th symbols of IP and SBP1, the following inequality is fulfilled:

запоминание на стороне третьего КСС принятого двоичного символа НСП m_k в качестве символа второй первичной последовательности (ПП2) происходит в случае события совместного равенства двоичных символов подтверждения F1 нулю и F2 единице (F1=0 и F2=1), которое происходит с вероятностью Р₀₁:At time k, and

memorization on the side of the third CSS of the received binary symbol NSP m _k as a symbol of the second primary sequence (PS2) occurs in the event of a joint equality of binary confirmation symbols F1 to zero and F2 to one (F1=0 and F2=1), which occurs with probability P ₀₁ :

The average length of PP2, equal to Q2, and Q2>0, can be found from the formula:

Note that the estimate of the length of the sequence in (4.2), (4.4) and (4.7) may be equal to zero, but this event occurs with a negligible probability, which is especially noticeable for large NSP lengths L. In accordance with Secs. 1, 4, 7 of the claims of the proposed method, the basis for the formation of SBP2 is PP2. In accordance with (4.1) - (4.7) for the times i, j and k in the stored corresponding s-x symbols IP and SBP2, as well as SBP1 and SBP2, respectively, the following inequalities hold:

The implementation of conditions (4.5), (4.8) and (4.9) determines the presence of pairwise mutual "time" shifts in terms of the numbering of the NSP symbols (s changes from 1 to L) of any s-th symbol from the IP, SBP1 and SBP2 (from 1 to UU). "Temporary" shifts are formed in accordance with the sequence of actions performed by the correspondents of the SS, described in paragraphs. 1, 4, 7 claims of the proposed method. The absolute estimate of the "temporal" shift ω of the corresponding s-x symbols of IP and SBP1, with ω > 0, is equal to

By analogy, the absolute estimate of the "temporal" shift ξ, corresponding to s-x symbols IP and SBP2, with ξ > 0, is equal to

By analogy, the absolute estimate of the "temporal" shift ψ of the corresponding s-th symbols of SBP1 and SBP2, with ψ > 0, is equal to

- вероятности совпадения s-x двоичных символов ИП и СБП1 с учетом со по теореме умножения вероятностей, как описано, например, в книге Вентцель Е.С. Теория вероятностей: Учеб. для вузов. - 9-е изд. стер. - М.: Издательский центр «академия», 2003. - 576 с. на стр. 39, равна:Note that the estimate of the shift in (4.10) - (4.12) can be equal to zero, but this happens with a negligible probability, which is especially noticeable for large NSP lengths L. In the case ω = 0, the mismatch probability is determined from expression (1.1), in the case ξ = 0 the mismatch probability is determined from expression (1.3), and for the case ψ = 0 it is determined by the convolution of probabilities (1.1) and (1.3). Let us estimate the coincidence probabilities of the corresponding (by number s in the sequences) binary symbols IP, SBP1 and SBP2, taking into account the fact of the presence of pairwise (mutual) "time" shifts. Grade

- the probability of coincidence sx of binary symbols IP and SBP1, taking into account with according to the probability multiplication theorem, as described, for example, in the book Venttsel E.S. Probability theory: Proc. for universities. - 9th ed. erased - M.: Publishing center "Academy", 2003. - 576 p. on page 39 is:

Taking into account the fact that each NSP symbol on the side of the first CSS is generated independently and randomly with the same (uniform) probability, as described, for example, in the book by Wentzel E.S. Probability theory: Proc. for universities. - 9th ed. erased - M.: Publishing center "Academy", 2003. - 576 p. on page 97, then

Known methods for generating random numbers are described, for example, in the book by D. Knuth, "The Art of Computer Programming", M., Mir, 1977, v.2, p. 22. Random events of errors in communication channels are independent, as described in the book by I.N. Bronstein, K.A. Semendyaeva, "Handbook of mathematics for engineers and students of higher educational institutions", Moscow: Nauka. The main edition of physical and mathematical literature, 1981, p. 580. Taking into account (4.14), time shift and the fact that in KSO1 the error probability is independent, we write:

определяется из (1.1) Приложения 1.Where

is determined from (1.1) Appendix 1.

вероятность-индикатор равна:For condition:

the indicator probability is:

вероятность-индикатор равна:For condition:

the indicator probability is:

Substituting (4.14) - (4.17) into (4.13) we get

определяется из (1.3) Приложения 1 получаем оценку

- вероятности совпадения s-x двоичных символов ИП и СБП2 с учетом ξ:Using the analogy method and evaluation

is determined from (1.3) in Appendix 1, we obtain the estimate

- probabilities of coincidence sx of binary symbols of IP and SBP2, taking into account ξ:

- вероятности совпадения s-x двоичных символов СБП1 и СБП2 при сдвиге ψ равна:By analogy, taking into account the coded transmission on CCO1 and CCO2, the estimate

- the probability of coincidence sx of binary symbols SBP1 and SBP2 at a shift ψ is equal to:

из (1.3) Приложения 1 и подставляя результаты в (4.20) получаем оценку

Applying the analogy method for expressions (4.14) - (4.17), taking into account the probability estimate

from (1.3) in Appendix 1 and substituting the results into (4.20) we obtain the estimate

Analysis of expressions (4.18), (4.19), (4.21) shows that the probabilities of pairwise coincidence of the corresponding sx symbols of IP, SBP1 and SBP2, where s ∈ [1; UU], are the same and equal to the probabilities of matching symbols P _match :

Then the probability of mismatch of the corresponding sx symbols IP, SBP1 and SBP2 P _mismatch is equal to:

не совпадают с вероятностью Р_н:In accordance with paragraphs. 1, 8, 10 of the claims of the proposed method, each binary symbol of the hash function (FC) is independently generated randomly with the same probability equal to 0.5 as described, for example, in the book Carter J., Wegman M., "Universal classes of hash functions" , Journal of Computer and System Sciences, 1979, Vol. 18, pp. 143-154, p. 150. The FC generated on the first QSS side is used to generate SLSD, PKLSD1 and PKLSD2 of length T binary symbols in the framework of the method of "enhancing the secrecy" of sequences based on universal hashing, as described, for example, in the book Bennett C, Brassard G., Crepeau C, Maurer U. "Generalized privacy amplification", IEEE Trans, on IT. vol. 41 no. 6. pp.1915-1923, 1995, p. 1920. Taking into account the above and the fulfillment of condition (4.23) for IP, SBP1 and SBP2, the corresponding ss-th binary symbols of the generated SCLSD, PKLSHD1 and PKLSHD2, where

do not coincide with the probability P _n :

This circumstance is enhanced by the possible participation of not all UU binary symbols SBP1 (SBP2) in the formation of PKLSD1 and PKLSD2 if the condition (s) Q11<UU (Q21<UU) is met in accordance with paragraphs. 1, 7 claims of the proposed method. Then, taking into account (4.24), the estimate of the probability P _Q of the event of a pairwise coincidence of SKLShD and PKLShD1, or SKLShD and PKLShD2, or PKLShD1 and PKLSHD2 is determined in accordance with the expression:

Estimate (4.25), provided that T≥64, shows P _with takes small numerical values that differ little from 0:

It is obvious that under the conditions of the formation of a “temporary” shift for PI, SBP1 and SBP2, the probability of pairwise mismatch of SKLShD and PklShD1, or SkShD and PklShD2, or PklShD1 and PklShD2 is very high and tends to 1.

Annex 5

Evaluation of the simultaneous and independent formation of the network, first and second paired encryption/decryption keys for a communication network

The possibility of the simultaneous formation of SCLSD, PKLSHD1 and PKLSHD2 for SS of three correspondents is determined by building a model of channel connectivity of SS correspondents shown in figure 1, a feature of which is the use of two open communication channels with independent errors. Random events of errors in communication channels are independent, as described in the book by I.N. Bronstein, K.A. Semendyaeva, "Handbook of mathematics for engineers and students of higher educational institutions", Moscow: Nauka. Main edition of physical and mathematical literature, 1981, p. 580.

It is expedient to present a number of requirements to SKLShD, PKlShD1 and PKlShD2 in terms of minimizing the total time of formation of SKLShD, PKlShD1 and PKlShD2, taking into account the peculiarities of formation over open communication channels with errors. Let us describe the general requirements for each of the generated CLSDs (i.e., we assume that the same requirements are set for any of the CLSD, PCLSD1, and CLSD2).

The requirements for the reliability of the formation of CLSD are determined by the probability of discrepancy between the CLSD generated by the correspondents of the SS -

Requirements for the safety of the formation of CLSD are determined by:

a) the required (minimum allowable) length of the generated CLSD - T ^Tr [binary characters];

[бит];b) the required (maximum allowable) amount of Shannon information received by the violator about the generated CLSD -

[bit];

- вероятностью риска, что информация Шеннона о сформированном КлШД превысит

.V)

- the probability of risk that Shannon's information about the formed KSD will exceed

.

The time of simultaneous and independent formation of SCLSD, PKLSHD1 and PKLSHD2 for SS (T _total ) is determined by the time of transmission of all necessary information over the SS. In this case, it was assumed that all time delays associated with information processing (generation, encoding, decoding, compression, etc.) are equal to zero, i.e. are executed instantly. The second assumption is related to the choice of the maximum of the transmission times of the block of check symbols of the encoded IP or the transmission of the block of correction symbols of the encoded BP1 or the transmission of the block of correction symbols of the encoded BP2, since We assume that the transmission and formation of blocks is carried out simultaneously. Taking into account the length of the IP, equal to UU of binary symbols, we choose as the maximum of the times - the transmission time of the block of test symbols of the encoded IP. Then

- время передачи кодированной НСП,

- время передачи блока проверочных символов кодированной ИП,

- время передачи ФХ.Where

- transmission time of the encoded NSP,

- time of transmission of the block of check symbols of the encoded IP,

- FH transmission time.

по каналам связи, причем считаем ее одинаковой в любом канале связи, показанном на фиг.1, тогда (с учетом обозначений принятых в описании изобретения):Let us rewrite (5.1) taking into account the given technical information transfer rate

over communication channels, and we consider it the same in any communication channel shown in figure 1, then (taking into account the designations adopted in the description of the invention):

, предлагается вместо затрачиваемого времени

использовать обобщенный показатель - общую длину передаваемых последовательностей DLINA, которая из (5.2) определяется согласно выражению:Due to the fact that each information transmission system is characterized by a different

, offered instead of time spent

use a generalized indicator - the total length of the transmitted DLINA sequences, which from (5.2) is determined according to the expression:

The task of generating several keys (increasing the overall cryptographic connectivity in the SS) is reduced to selecting the parameters of the process of the simultaneous and independent formation of SLSD, PKLSD1 and PKLSD2 for the SS in such a way that, under the conditions of fulfilling the requirements for each of the SLSD, PKLSD1 and PKLSD2, to ensure the minimization of the DLINA parameter.

The general requirements for KLShD (SKlShD, PKlShD1 and PKlShD2) for SS can be written as:

- вероятность несовпадения сформированных корреспондентами СС соответствующих КлШД (СКлШД, ПКлШД1 и ПКлШД2), которая для СКлШД определяется из выражения (4.5) способа-прототипа (СП), для ПКлШД1 из выражения (2.1), для ПКлШД2 из выражения (2.3) Приложения 2 предлагаемого способа (ПС), информация утечки нарушителя

для СКлШД определена в (3.5) Приложения 3 СП, информация утечки нарушителя

для ПКлШД1 (ПКлШД2) определена в (3.5) Приложения 3 ПС, вероятность риска

для СКлШД определена в (3.19) Приложения 3 СП, вероятность риска

для ПКлШД1 (ПКлШД2) определена в (3.22) Приложения 3 ПС,

- требуемая величина вероятности несовпадения при формировании КлШД (СКлШД, ПКлШД1 и ПКлШД2),

- требуемая длина КлШД,

- требуемая величина информации утечки к нарушителю о КлШД,

- требуемая величина вероятности риска превышения информации утечки нарушителя по отношению к

при формировании КлШД.Where

- the probability of non-coincidence of the corresponding CLSD formed by the correspondents of the SS (SKLSHD, PKLSHD1 and PKLSHD2), which for SKLSHD is determined from expression (4.5) of the prototype method (SP), for PCLSHD1 from expression (2.1), for PCLSHD2 from expression (2.3) of Appendix 2 of the proposed method (PS), intruder leak information

for CLSD is defined in (3.5) of Annex 3 of SP, the information of the intruder's leakage

for PklShD1 (PklShD2) is defined in (3.5) of Appendix 3 of the PS, risk probability

for SCLSD is defined in (3.19) of Appendix 3 of the SP, risk probability

for PklShD1 (PklShD2) is defined in (3.22) of Appendix 3 of the PS,

- the required value of the probability of mismatch during the formation of CLSD (SKLSD, PKLSHD1 and CLSD2),

- the required length of the KLShD,

- the required amount of information leakage to the intruder about CLSD,

- the required value of the probability of the risk of exceeding the information of the leak of the intruder in relation to

during the formation of the KLShD.

Let's set the general requirements for KLShD (SKlShD, PKlShD1 and PKlShD2) for the SS:

Let's define the general initial data for Fig.1:

1. The quality of the first communication channel with errors - p _m1 =10 ^-2 ;

2. The quality of the second communication channel with errors - p _m2 =2⋅10 ^-2 ;

3. Quality KPer of the intruder - p _w =8⋅10 ^-2 .

Let us present the results of calculating the parameters and assessing the fulfillment of the requirements for the conditions for the formation of SCLSD for the SS using the prototype method and the proposed method for the simultaneous and independent formation of the SCLSD, PKLSHD1 and PKLSHD2 for the SS.

Options:

L=4398 [dv.s.];

M+1=3 [dv.s.];

UU=4016 [engine];

N=511 [dv.s.];

K=502 [dv.s.];

Y=8 [bl.];

ε=7.03⋅10 ^-3 [bit].

Compliance assessment:

T=64 [dv.s.];

P _carried =7.3 5406⋅10 ^-5 ;

Io=3.10477⋅10 ^-14 [bits];

P _ε =9.97693⋅10 ^-6 .

The resulting total length of the sequences transmitted over the communication channels is DLINA=2.7029⋅10 ⁵ [d.c].

In contrast to the prototype method, the proposed method additionally formed PKLSD1 and PKLSD2. Let us present the results of calculating the parameters and assessing the fulfillment of the requirements for the conditions for the formation of PKlSD1 for the SS using the proposed method. Options:

Q1=251 [engine];

Q11=3039 [engine];

NN=1023 [eng.s.];

KK=1013 [engine];

YY=3 [bl.];

ε=8.1⋅10 ^-3 [bit].

Assessment of fulfillment of the requirements for PKLShD1:

T=64 [dv.s.];

P _carried =1.632⋅10 ^-6 ;

I _o =1.287⋅10 ^-12 [bits];

P _ε =8.841⋅10 ^-6 .

Let us present the results of calculating the parameters and evaluating the fulfillment of the requirements for the conditions for the formation of PKlSD2 for the SS using the proposed method. Options:

Q2=123 [eng.c.];

Q21=4016 [engine];

NNN=511 [eng.s.];

KKK=502 [engine];

YYY=8 [bl.];

ε=7.03⋅10 ^-3 [bit].

Assessment of fulfillment of the requirements for PKLShD2:

T=64 [dv.s.];

P _carried = 7.247 x 10 ^-5 ;

I _o =2.907⋅10 ^-14 [bits];

P _ε =9.972⋅10 ^-6 .

The above results of evaluations (and calculations) show and confirm that, given the same initial data, at the same time, using the prototype method, only SCLSD can be formed that meets the general requirements, and using the proposed method, SCLSD can be simultaneously and independently formed , PKlSHD1 and PKlSHD2 meeting the general requirements. Thus, the provision of conditions for achieving the goal of the claimed invention associated with an increase in the overall cryptographic connectivity of SS correspondents is confirmed. Using the proposed method allows you to increase the estimate of the cryptographic coefficient from the value of 0.25 to the value of 0.75 compared with the prototype method.

Claims (10)

1. A method for generating encryption/decryption keys, which consists in generating L times a random binary symbol on the side of the first correspondent of the communication network, where L≥10 ³ is the selected length of the initial random sequence, forming a code word from a random binary symbol, simultaneously transmitting the code word from the first correspondent to the second and third correspondents of the communication network via the first and second communication channels with errors, respectively, after that, at the output of the first communication channel with errors, the received word of the second correspondent of the communication network is received, and at the output of the second communication channel, the received word of the third is received with errors correspondent of the communication network, after which the received binary symbols and binary confirmation symbols are formed on the sides of the second and third correspondents of the communication network, respectively, then the binary confirmation symbol F1 generated by the second correspondent of the communication network is transmitted over the first reverse and third direct communication channels without errors to the first and third correspondents communication networks, respectively, simultaneously transmit the binary confirmation symbol F2 formed by the third correspondent of the communication network over the second reverse and third reverse communication channels without errors to the first and second correspondents of the communication network, respectively, in the case of a joint equality to zero of the binary confirmation symbols F1 and F2, the corresponding random binary symbol of the first correspondent of the communication network and the received binary symbols of the second and third correspondents of the communication network are simultaneously erased, if the binary symbols of confirmation F1 and F2 are jointly equal to one, a random binary symbol of the first correspondent of the communication network is stored, the received binary symbol of the second correspondent of the communication network, the received binary symbol of the third correspondent communication network, respectively, as ix elements, where i = 1, 2, 3, ..., UU, of the original sequence, the first preliminary sequence and the second preliminary sequence, where UU is the number of transmitted symbols of the initial random sequence, each of which corresponds to the fulfillment of the joint condition equality to one of the binary confirmation symbols F1 and F2 during the formation of the initial and preliminary sequences, and UU≤L, after which the initial sequence is encoded on the side of the first correspondent of the communication network, a block of test symbols is extracted from the encoded initial sequence and simultaneously transmitted over the first direct and second direct error-free communication channels to the second and third correspondents of the communication network, respectively, after that, decoded sequences are simultaneously formed and stored on the sides of the second and third correspondents of the communication network, then on the side of the first correspondent of the communication network, a hashing function of the sequences is formed and transmitted over the first direct and second direct error-free communication channels to the second and third correspondents of the communication network, respectively, after which a network encryption/decryption key is formed from the original sequence on the side of the first correspondent of the communication network and the corresponding first decoded sequence of the second correspondent of the communication network and the second decoded sequence of the third correspondent of the communication network, characterized in that that simultaneously with the formation of the network encryption / decryption key and independently form the first paired encryption / decryption key of the second and first correspondents of the communication network and the second paired encryption / decryption key of the third and first correspondents of the communication network, for this, after transmitting the binary confirmation symbols F1 and F2 by communication channels without errors and in the case of a joint equality of the binary confirmation symbol F2 to zero and the binary confirmation symbol F1 to one, the corresponding received binary symbol of the third correspondent of the communication network erase and store a random binary symbol of the first correspondent of the communication network, the received binary symbol of the second correspondent of the communication network, respectively, as ii-x elements, where ii = 1, 2, 3, ..., Q1, the first secondary sequence of the first correspondent of the communication network, the first primary sequence of the second correspondent of the communication network, where Q1 is the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition joint equality of the binary confirmation symbol F2 to zero and the binary confirmation symbol F1 to one, and Q1≤L in the case of joint equality of the binary confirmation symbol F1 to zero and the binary confirmation symbol F2 to one, the corresponding received binary symbol of the second correspondent of the communication network erase and store the generated random binary symbol of the first correspondent communication network, the received binary symbol of the third correspondent of the communication network, respectively, as iii-x elements, where iii = 1, 2, 3, ..., Q2, the second secondary sequence of the first correspondent of the communication network, the second primary sequence of the third correspondent of the communication network, where Q2 - the number of transmitted symbols of the initial random sequence, each of which corresponds to the condition of joint equality of the binary confirmation symbol F1 to zero and the binary confirmation symbol F2 to one, with Q2 ≤ L, after which the first correlated and the first basic sequences are formed on the sides of the first and second correspondents of the communication network of length Q11 of binary symbols, respectively, with Q11 ≤ UU, simultaneously on the sides of the first and third correspondents of the communication network, respectively, the second correlated and second base sequences of length Q21 of binary symbols are formed, with Q21 ≤ UU, after which the first basic sequence is encoded on the side of the second correspondent of the communication network sequence, a block of correction symbols is extracted from the encoded first basic sequence and transmitted via the first reverse communication channel without errors to the first correspondent of the communication network, at the same time, on the side of the third correspondent of the communication network, the second basic sequence is encoded, a block of correction symbols is extracted from the encoded second basic sequence and transmitted through the second reverse communication channel without errors to the first correspondent of the communication network, after that, on the side of the first correspondent of the communication network, the first corrected sequence of length Q11 of binary symbols is simultaneously formed and stored from the first correlated sequence and the second corrected sequence of length Q21 of binary symbols is formed from the second correlated sequence, then simultaneously the first and second corrected sequences are formed from the first corrected sequence and the second corrected sequence on the side of the first correspondent of the communication network, the first and second compressible corrected sequences, respectively, on the side of the second correspondent of the communication network, the first compressible basic sequence is formed from the first base sequence, on the side of the third correspondent of the communication network, the first compressible base sequence is formed from the second base sequence, the second compressible base sequence, with the length of each compressible sequence equal to UU binary symbols, after which the first paired encryption/decryption key is simultaneously formed from the first compressible corrected sequence on the side of the first correspondent of the communication network and the first compressible base sequence on the side of the second correspondent of the communication network, the second a paired encryption/decryption key from the second compressible corrected sequence on the side of the first correspondent of the communication network and the second compressible basic sequence on the side of the third correspondent of the communication network. 2. The method according to claim 1, characterized in that to form a code word, the generated random binary symbol is repeated M times, where M ≥ 1, and the received binary symbol of any correspondent of the communication network is assigned the value of the first binary symbol of the received word. 3. The method according to p. 1, 2, characterized in that for independent of each other and simultaneous formation of a binary confirmation symbol F1 of the second correspondent of the communication network or a binary confirmation symbol F2 of the third correspondent of the communication network on the sides of the second correspondent of the communication network and the third correspondent of the communication network , respectively, the first binary symbol of the received word is compared with the subsequent M binary symbols of the received word, after which, if there are M matches of the first binary symbol of the received word with M binary symbols of the received word, the binary confirmation symbol F1 of the second correspondent of the communication network or the binary confirmation symbol F2 of the third correspondent of the network the communication network is assigned the value one, and if there is at least one mismatch between the first binary symbol of the received word and the M binary symbols of the received word, the binary confirmation symbol F1 of the second correspondent of the communication network or the binary confirmation symbol F2 of the third correspondent of the communication network is assigned the value zero. 4. The method according to claim 1, characterized in that for the simultaneous and independent formation of the first correlated sequence of the first correspondent of the communication network, the first base sequence of the second correspondent of the communication network, as well as the second correlated sequence of the first correspondent of the communication network and the second base sequence of the third correspondent of the communication network comparing the required length of the generated first correlated sequence of the first correspondent of the communication network and the first basic sequence of the second correspondent of the communication network, equal to Q11 binary symbols, with the length equal to Q1 binary symbols, the first secondary sequence on the side of the first correspondent of the communication network, the first primary sequence on the side of the second correspondent network, then if the condition Q1 ≥ Q11 is met, each j-th symbol of the first correlated sequence on the side of the first correspondent of the communication network is assigned the value of the j-th symbol of the first secondary sequence and each j-th symbol of the first base sequence on the side of the second correspondent of the communication network is assigned the value of the j-th character of the first primary sequence, where j = 1, 2, 3, ..., Q11, otherwise, each j 1-th character of the first correlated sequence on the side of the first correspondent of the communication network is assigned the value of the j1-th character of the first secondary sequence and each j1-th symbol of the first base sequence on the side of the second correspondent of the communication network is assigned the value of the j1-th symbol of the first primary sequence, where j1 = 1, 2, 3, ..., Q1, after which each jj-th symbol of the first correlated sequence on the side of the first correspondent of the communication network, where jj = Q1+1, Q1+2, Q1+3, ..., Q11, assign the value of the q1-th symbol of the original sequence, where q1 = 1, 2, 3, ..., (Q11 - Q1), and each jj-th symbol of the first base sequence on the side of the second correspondent of the communication network is assigned the value of the q1-th symbol of the first preliminary sequence, at the same time, to form the second correlated sequence of the first correspondent of the communication network and the second base sequence of the third correspondent of the communication network, the required length of the generated second correlated sequence of the first correspondent of the communication network and the second base sequence of the third correspondent of the communication network, equal to Q21 of binary symbols, with a length equal to Q2 of binary symbols, the second secondary sequence on the side of the first correspondent of the communication network and the second primary sequence on the side of the third correspondent of the communication network, then if the condition is met Q2≥Q21 each j2-th symbol of the second correlated sequence on the side of the first correspondent of the communication network is assigned the value of the j2-th symbol of the second secondary sequence and each j2-My symbol of the second base sequence on the side of the third correspondent of the communication network is assigned the value of the j2-th symbol of the second primary sequence , where j2 = 1, 2, 3, ..., Q21, otherwise, each j3 symbol of the second correlated sequence on the side of the first correspondent of the communication network is assigned the value of the j3 symbol of the second secondary sequence and each j3 symbol of the second base sequence on the side of the third correspondent of the communication network is assigned the value of the j3 symbol of the second primary sequence, where j3 = 1, 2, 3, ..., Q2, after which each jj2 symbol of the second correlated sequence on the side of the first correspondent of the communication network, where jj2 = Q2+ 1, Q2+2, Q2+3, ..., Q21, assign the value of the q2th character of the original sequence, where q2 = UU, (UU-1), (UU-2), ..., (UU-(Q21-Q2) +1), and each jj2-th symbol of the second basic sequence on the side of the third correspondent of the communication network is assigned the value of the q2-th symbol of the second preliminary sequence. 5. The method according to claim 1, characterized in that for the simultaneous formation of a block of check symbols of the encoded original sequence, a block of correction symbols of the encoded first base sequence, a block of correction symbols of the encoded second base sequence, the initial sequence of the first correspondent of the communication network is encoded with a linear block systematic binary noise-resistant ( N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the generating matrix of which has the dimension K×N, and N>K, while the sizes K and N of the generating matrix of the linear block systematic binary error-correcting (N, K) code choose K=2 ^m -1-m and N=2 ^m -1, where m≥3, for which previously the initial sequence on the side of the first correspondent of the communication network is divided into Y subblocks of length K binary symbols, where Y=UU/ K, then, sequentially, starting from the first to the Y-th of each q-th subblock, where q = 1, 2, 3, ..., Y, form the q-th code block of length N binary symbols by multiplying the q-th subblock by the generator matrix, then from the q-th code block, the q-th subblock of check symbols of length (NK) of binary symbols is extracted, which is stored as the q-th subblock of the block of check symbols of the encoded original sequence, simultaneously and independently on the side of the second correspondent of the communication network, the first basic a sequence of linear block systematic binary error-correcting (NN, KK) codes, where KK is the length of the block of information symbols and NN is the length of the code block, the generator matrix of which has the dimension KK × NN, and NN>KK, while the sizes KK and NN of the generator matrix of the linear block systematic binary error-correcting (NN, KK) code choose KK=2 ^mm -1-mm and NN=2 ^mm -1, where mm ≥ 3, for which the first basic sequence is first divided into YY subblocks of length KK binary symbols, where YY= Q11/KK, then, sequentially, starting from the first to YY-th of each qq-th subblock, where qq = 1, 2, 3, ..., YY, form the qq-th code block of length NN binary symbols by multiplying the qq-th subblock on the generating matrix, then from the qq-th code block, the qq-th subblock of correction symbols of length (NN-KK) of binary symbols is extracted, which is stored as the qq-th subblock of the block of correction symbols of the encoded first base sequence, simultaneously and independently on the side of the third correspondent communication networks encode the second basic sequence with a linear block systematic binary error-correcting (NNN, KKK) code, where KKK is the length of the block of information symbols and NNN is the length of the code block, the generator matrix of which has the dimension KKK × NNN, moreover, NNN>KKK, while the dimensions are KKK and NNN generating matrix of a linear block systematic binary error-correcting (NNN, KKK) code choose KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm ≥ 3, for which the second base sequence is first divided into YYY subblocks of length KKK binary characters, where YYY=Q21/KKK, then, sequentially, starting from the first to YYY-th of each qqq-th subblock, where qqq = 1, 2, 3, ..., YYY, form the qqq-th code block of length NNN binary symbols by multiplying the qqq-th subblock by the generating matrix, then the qqq-th subblock of correction symbols with the length (NNN-KKK) of binary symbols is extracted from the qqq-th code block, which is stored as the qqq-th subblock of the block of correction symbols of the encoded second base sequence. 6. The method according to p. 1, 5, characterized in that for the simultaneous formation of the first decoded sequence of the second correspondent of the communication network, the second decoded sequence of the third correspondent of the communication network, as well as the first corrected sequence of the first correspondent of the communication network and the second corrected sequence of the first correspondent of the communication network, the first and the second pre-sequences of the second and third correspondents of the communication network, respectively, are simultaneously and independently decoded by a linear block systematic binary error-correcting (N, K) code, where K is the length of the block of information symbols and N is the length of the code block, the transposed check matrix of which has the dimension N ×(NK), with N>K, while choosing the sizes K and N of the check matrix of the linear block systematic binary noise-correcting (N, K) code K=2 ^m -1-m and N=2 ^m -1, where m≥3 , for which the preliminary sequences and blocks of check symbols of the encoded source sequence are divided into Y corresponding pairs of decoded subblocks and subblocks of check symbols, where Y=UU/K, and the lengths of decoded subblocks and subblocks of check symbols are chosen to be equal to K and (NK) binary symbols, respectively, then, Y received code blocks of length N binary symbols are formed by right concatenation to the q-th decodable subblock of the q-th subblock of parity symbols, where q = 1, 2, 3, ..., Y, then, sequentially, starting from the 1st to Y -th, the q-th syndrome D of length (NK) of binary symbols is calculated by multiplying the q-th received code block by the transposed check matrix, and according to the received q-th syndrome D, errors are corrected in the q-th decoded subblock, which is then stored as q -th subblock of the decoded sequences, simultaneously and independently form the first corrected sequence on the side of the first correspondent of the communication network, for which the first correlated sequence is decoded with a linear block systematic binary error-correcting (NN, KK) code, where KK is the length of the block of information symbols and NN is the length of the code block, the transposed check matrix of which has the dimension NN×(NN-KK), and NN>KK, while choosing the sizes KK and NN of the check matrix of the linear block systematic binary error-correcting (NN, KK) code KK=2 ^mm -1-mm and NN=2 ^mm -1, where mm≥3, for which the first correlated sequence and the block of correction symbols of the encoded first base sequence are divided into YY corresponding pairs of corrected sub-blocks and sub-blocks of correction symbols, where YY=Q11/KK, and the lengths of corrected sub-blocks and sub-blocks correction symbols are chosen equal to KK and (NN-KK) binary symbols, respectively, then YY received code blocks of length NN binary symbols are formed by concatenation from the right to the qq-th corrected subblock of the qq-th subblock of correction symbols, where qq = 1, 2, 3, …, YY, then, sequentially, starting from the 1st to the YYth, the qq-th syndrome Da1 of length (NN-KK) of binary symbols is calculated by multiplying the qq-th received code block by the transposed check matrix, and by the received qq-th syndrome Da1, errors are corrected in the qq-th corrected sub-block, which is then stored as the qq-th corrected sub-block of the first corrected sequence on the side of the first correspondent of the communication network, at the same time, for independent formation of the second corrected sequence on the side of the first correspondent of the communication network, the second correlated sequence is decoded by a linear block systematic binary error-correcting (NNN, KKK) code, where KKK is the length of the block of information symbols and NNN is the length of the code block, the transposed check matrix of which has the dimensions NNN × (NNN-KKK), and NNN>KKK, while choosing the sizes KKK and NNN check matrix of a linear block systematic binary error-correcting (NNN, KKK) code KKK=2 ^mmm -1-mmm and NNN=2 ^mmm -1, where mmm ≥ 3, for which the second correlated sequence and the block of correction symbols of the encoded second base sequence are divided into YYY corresponding pairs of corrected subblocks and subblocks of correction symbols, where YYY=Q21/KKK, wherein the lengths of corrected subblocks and subblocks of correction symbols are chosen to be respectively KKK and (NNN-KKK) binary symbols, then YYY received code blocks of length NNN binary symbols are formed by right concatenation to the qqq-th corrected sub-block of the qqq-th sub-block of correction symbols, where qqq = 1, 2, 3, …, YYY, then, sequentially, starting from the 1st to the YYY-th, the qqq-th syndrome Da2 of length (NNN- KKK) binary symbols by multiplying the qqq-th received code block by the transposed check matrix, and using the received qqq-th syndrome Da2, errors are corrected in the qqq-th corrected subblock, which is then stored as the qqq-th corrected subblock of the second corrected sequence on the side of the first correspondent communication networks. 7. The method according to claim. 1, characterized in that for the simultaneous and independent formation of the first compressible adjusted sequence of the first correspondent of the communication network, the first compressible base sequence of the second correspondent of the communication network, as well as the second compressible adjusted sequence of the first correspondent of the communication network and the second compressible base sequence of the third correspondent of the communication network, the required length of the generated first compressible corrected sequence of the first correspondent of the communication network and the first compressible basic sequence of the second correspondent of the communication network, equal to UU of binary symbols, are compared with a length equal to Q11 of binary symbols, the first corrected sequence on the side of the first correspondent of the communication network and the first base sequence on the side of the second correspondent of the communication network, then, if the condition Q11=UU is met, each j-th character of the first compressible corrected sequence on the side of the first correspondent of the communication network is assigned the value of the j-th character of the first corrected sequence and each j-th character of the first compressible base sequence on the side of the second correspondent of the communication network is assigned the value of the j-th symbol of the first base sequence, where j = 1, 2, 3, ..., UU, otherwise, each jj-th character of the first compressible corrected sequence on the side of the first correspondent of the communication network is assigned the value jj-th character of the first corrected sequence and each jj-th character of the first compressible base sequence on the side of the second correspondent of the communication network is assigned the value of the jj-th character of the first base sequence, where jj = 1, 2, 3, ..., Q11, after which each i the th symbol of the first compressed corrected sequence on the side of the first correspondent of the communication network is assigned the value zero and each i-th symbol of the first compressed base sequence on the side of the second correspondent of the communication network is assigned the value zero, where i=Q11+l, Q11+2, ..., UU , at the same time, to form the second compressible corrected sequence of the first correspondent of the communication network and the second compressible basic sequence of the third correspondent of the communication network, the required length of the generated sequences equal to UU of binary symbols is compared with the length equal to Q21 of binary symbols, the second corrected sequence on the side of the first correspondent of the communication network and second base sequence on the side of the third correspondent of the communication network, then, if the condition Q21=UU is met, each j2-th character of the second compressible corrected sequence on the side of the first correspondent of the communication network is assigned the value of the j2-th character of the second corrected sequence and each j2-th character of the second compressible the base sequence on the side of the third correspondent of the communication network is assigned the value of the j2-th character of the second base sequence, where j2=1, 2, 3, ..., UU, otherwise, each jj2-th symbol of the second compressible corrected sequence on the side of the first correspondent of the communication network is assigned the value of the jj2-th character of the second corrected sequence and each jj2-th character of the second compressible base sequence on the side of the third correspondent of the communication network is assigned the value of the jj2-th character of the second base sequence, where jj2=1, 2, 3, ..., Q21, after which each The i2-th symbol of the second compressed corrected sequence on the side of the first correspondent of the communication network is assigned the value zero and each i2-th symbol of the second compressed base sequence on the side of the third correspondent of the communication network is assigned the value zero, where i2=Q21+1, Q21+2, ..., uu. 8. The method according to claim 1, characterized in that the hashing function of the sequences on the side of the first correspondent of the communication network is formed in the form of a binary matrix G of dimension UU×T, where T≥64 is the length of the generated network and pair encryption/decryption keys, each of elements of the binary matrix G are randomly generated. 9. The method according to p. 1, 8, characterized in that the hashing function of the sequences is transmitted sequentially, starting from the first to the UU-th row of the binary matrix G. 10. The method according to claim 1, characterized in that for the simultaneous formation of a network encryption / decryption key, the first paired encryption / decryption key, the second paired encryption / decryption key, a pre-binary matrix G and the initial sequence of the first correspondent of the communication network, a binary matrix G and the first decoded sequence of the second correspondent of the communication network, the binary matrix G and the second decoded sequence of the third correspondent of the communication network are divided into W corresponding pairs of submatrices of dimension P×T, and P=UU/W, where T≥64 is the length of the generated network encryption/decryption key, and, accordingly, subblocks of the original sequence, the first decoded sequence of the second correspondent of the communication network and the second decoded sequence of the third correspondent of the communication network of length P binary symbols, respectively, then simultaneously, starting from the first to the Wth, the z-th primary key of length T binary symbols is calculated , where z = 1, 2, 3, …, W, by multiplying the z-th subblock of the original sequence of the first correspondent of the communication network by the z-th submatrix G _z , the z-th subblock of the first decoded sequence of the second correspondent of the communication network by the z-th submatrix G _z , the z-th subblock of the second decoded sequence of the third correspondent of the communication network onto the z-th submatrix G _z , after which the network encryption/decryption key is simultaneously formed by bitwise modulo two summation of all W primary keys on the sides of all correspondents of the communication network, simultaneously to form of the first paired encryption/decryption key, the preliminary binary matrix G and the first compressible corrected sequence of the first correspondent of the communication network, the binary matrix G and the first compressible basic sequence of the second correspondent of the communication network are divided into W of the corresponding pairs of submatrices of dimension P×T, where P=UU/W, where T≥64 is the length of the generated first paired encryption/decryption key, and, accordingly, subblocks of the first compressible corrected sequence, the first compressible base sequence of length P binary characters, respectively, then simultaneously starting from the first to the W-th, calculate the zz-th primary key length T of binary symbols, where zz = 1, 2, 3, ..., W, by multiplying the zz-th subblock of the first compressible corrected sequence of the first correspondent of the communication network by the zz-th submatrix G _zz , the zz-th subblock of the first compressible basic sequence of the second correspondent of the network connection to the zz-th submatrix G _zz , after which the first paired encryption/decryption key is simultaneously formed by bitwise summation modulo two W of primary keys on the sides of the first and second correspondents of the communication network, respectively, simultaneously to form the second paired encryption/decryption key pre-binary the matrix G and the second compressible corrected sequence of the first correspondent of the communication network, the binary matrix G and the second compressible basic sequence of the third correspondent of the communication network are divided into W corresponding pairs of submatrices of dimension P×T, where P=UU/W, where T≥64 is the length of the generated second paired encryption/decryption key, and, respectively, subblocks of the second compressible corrected sequence, the second compressible base sequence of length P binary symbols, respectively, then simultaneously starting from the first to the Wth, calculate the zzz-th primary key of length T binary symbols, where zzz = 1, 2, 3, …, W, by multiplying the zzz-th subblock of the second compressible corrected sequence of the first communication network correspondent by the zzz-th submatrix G _zzz , the zzz-th subblock of the second compressible basic sequence of the third communication network correspondent by the zzz-th submatrix G _zzz , after which the second paired encryption/decryption key is simultaneously formed by bitwise summation modulo two W of primary keys on the sides of the first and third correspondents of the communication network, respectively.

Images