RU2801198C1 - Method of structural parametric synthesis of crypto-code structures under forced dimensional reduction of control space and restoration of integrity of structured data arrays - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention is related to methods for constructing crypto-code structures. The technical result is achieved by performing a structural parametric synthesis, as a result of which the layout of the structure is determined and the values of the parameters of its constituent elements are found, which consists of reducing the dimensionality of the control space and restoring the integrity of structured data arrays without switching to a data space with a lower dimensionality, which ensure that integrity of the data is protected.

EFFECT: ensuring the integrity of the data with a forced reduction in the dimensionality of the control space and restoring the integrity of structured data arrays

1 cl, 3 dwg

Description

The field of technology to which the invention belongs

The present invention relates to information technology and can be used to ensure the integrity of information when building crypto-code structures in data storage systems under conditions of forced reduction in the dimensionality of the control space and restoring the integrity of structured data arrays.

State of the art

a) Description of analogues

There are known methods for constructing cryptographic structures for controlling the integrity of structured data arrays through the use of cryptographic hash functions (Patent for invention RUS No. 2730365, 08/21/2020; Patent for invention RUS No. 2758194, 10/26/2021; Patent for invention RUS No. 2759240, 11/11/2021 ; Patent for invention RUS No. 2771146, 27.04.2022; Patent for invention RUS No. 2771209, 28.04.2022: Patent for invention RUS No. 2771236, 28.04.2022; Patent for invention RUS No. 2771273, 29.04.2022; Patent for invention RUS No. 2774099, June 15, 2022; Shannon, K. Works on information theory and cybernetics / K. Shannon. - M.: Publishing house of foreign literature, 1963. - 829 pp.; Schneier, B. Secrets and lies. Data security in digital world / B. Schneier. - St. Petersburg: Peter, 2003. - 367 p.).

The disadvantages of these methods are:

- the inability to restore data integrity;

- the lack of the ability to control the integrity of data with a forced reduction in the dimensionality of the space for monitoring the integrity of structured data arrays.

There are known methods for constructing code structures for restoring the integrity of structured data arrays through the use of error-correcting codes (Patent for invention RUS No. 2680033, February 14, 2019; Patent for invention RUS No. 2680350, February 19, 2019; Patent for invention RUS No. 2758943, 03.11.2021 ; Patent for invention RUS No. 2771238, 04/28/2022; Morelos-Zaragoza, R. The art of error-correcting coding. Methods, algorithms, application / R. Morelos-Zaragoza; translated from English by V. B. Afanasiev. M .: Technosfera, 2006 320 pp.: Hemming, R.V. Coding theory and information theory / R.V. Hemming, translated from English M.: "Radio and Communication", 1983. - 176 p.).

The disadvantages of these methods are:

- data integrity control is performed with a certain probability for the error-correcting code used;

- the lack of the possibility of restoring data integrity with a forced reduction in the dimensionality of the space for restoring the integrity of structured data arrays.

Known methods are based on the construction of crypto-code structures for monitoring and restoring the integrity of structured data arrays through the use of cryptographic methods and methods of reliability theory (Patent for invention RUS No. 2680739, 26.02.2019; Patent for invention RUS No. for the invention RUS No. 2707940, 02.12.2019).

The disadvantages of these methods are:

- control and restoration of data integrity is performed for the initially defined data structure to be stored;

- the lack of the possibility of monitoring and restoring the integrity of data with a forced reduction in the dimensionality of the control space and restoring the integrity of structured data arrays.

b) Description of the closest analogue (prototype)

The closest in technical essence to the claimed invention (prototype) is a method for monitoring and restoring the integrity of multidimensional data arrays, in which a crypto-code structure is built to control and restore the integrity of data presented in the form of multidimensional structured data arrays of dimension k (Fig. 1), from the elements of which reference hash codes are preliminarily calculated by applying a hash function, the values of which are subsequently compared during data integrity control with the values of hash codes already calculated from the checked data blocks when requesting their use. From the obtained hash codes, as well as from the elements of multidimensional structured data arrays, redundant blocks are calculated to ensure the possibility of restoring data integrity by means of the mathematical apparatus of error-correcting codes (Alimanov P.E., Dichenko S.A., Samoylenko D.V., Finko O. A. [et al.] A method for monitoring and restoring the integrity of multidimensional data arrays // Patent for invention RUS No. 2771208, 28.04.2022).

The disadvantage of the known method is the inability to ensure the integrity of the data when forced to reduce the dimensionality of the control space and restore the integrity of structured data arrays.

Disclosure of invention

a) The technical result to which the invention is directed The purpose of the present invention is to develop a method for constructing crypto-code structures for controlling and restoring the integrity of structured data arrays, which make it possible to ensure data integrity with a forced reduction in the dimensionality of the control space and restore the integrity of structured data arrays.

b) A set of essential features

This goal is achieved by the fact that in a known method for monitoring and restoring the integrity of multidimensional data arrays, which consists in the fact that crypto-code structures for monitoring and restoring data integrity are built on the basis of data arrays of dimension k, consisting of data blocks, to which, for the possibility of detecting signs integrity violation, the hash function h is applied, while the calculated hash codes are placed in free blocks of the array and are reference, the values of which, when requesting the use of data, are compared with the values of the hash codes already calculated from the checked data blocks, when restoring the integrity of the data blocks, to be protected, as well as the reference hash codes calculated from them, are interpreted as elements of GF(2 ^t ) and are the smallest polynomial residues, while the resulting data array is considered as a single superblock of the modular polynomial code, on which the expansion operation is performed by introducing n - k redundant grounds for which the excess residues corresponding to them are calculated, additionally introduced to correct the error, in the event of which the restoration of data blocks without prejudice to the unambiguity of their representation is carried out by reconfiguring the system by excluding from the calculations a data block with signs of integrity violation, in the presented method for constructing of crypto-code structures for monitoring and restoring the integrity of structured data arrays, a structural-parametric synthesis is performed, as a result of which the structure structure is determined and the values of the parameters of its constituent elements are found in such a way that the conditions for the task for synthesis are satisfied, while it is required to perform the aggregation of the corresponding cryptographic and code transformations both in the space of structures and parameters of the object under consideration, the number of control blocks will be determined by the required detecting and correcting abilities of the error-correcting code used, while the synthesis procedure is to reduce the dimensionality of the control space and restore the integrity of structured data arrays without switching to the data space with a lower dimension, which allows monitoring and restoring data integrity through the use of (θ-1)-dimensional cryptographic and code transformations performed in the θ-dimensional data space.

A comparative analysis of the claimed solution and the prototype shows that the proposed method differs from the known one in that the goal is achieved by performing a structural-parametric synthesis, as a result of which the structure of the structure is determined and the values of the parameters of its constituent elements are found, which consists in reducing the dimensionality of the space of control and restoration integrity of structured data arrays without switching to a data space with a lower dimension, which will ensure the integrity of the data to be protected.

Under the conditions of degradation of data storage systems, the structural-parametric synthesis of crypto-code structures is determined and can be described by means of the ϕ-function, which will ensure the integrity of the data to be protected at time t. What is new is that in order to build crypto-code control structures and restore the integrity of structured data arrays, a structural-parametric synthesis is performed, which consists in reducing the dimensionality of the control space and restoring the integrity of structured data arrays without switching to a data space with a lower dimension. What is new is that the control and restoration of data integrity is provided through the use of (θ-1)-dimensional cryptographic and code transformations performed in the θ-dimensional data space.

c) Causal relationship between features and technical result

Thanks to a new set of essential features, the method implements the possibility of:

- construction of crypto-code structures for monitoring and restoring the integrity of structured data arrays by performing structural-parametric synthesis, which consists in reducing the dimensionality of the control space and restoring the integrity of structured data arrays without switching to a data space with a lower dimensionality;

- ensuring the integrity of the data to be protected by monitoring and restoring data integrity through the use of (θ-1)-dimensional cryptographic and code transformations performed in the θ-dimensional data space.

Evidence of compliance of the claimed invention with the conditions of patentability "novelty" and "inventive step"

The analysis of the prior art made it possible to establish that there are no analogues characterized by a set of features identical to all the features of the claimed technical solution, which indicates the compliance of the claimed method with the condition of patentability "novelty".

The results of the search for known solutions in this and related fields of technology in order to identify features that match the distinguishing features of the prototype of the claimed object showed that they do not follow explicitly from the prior art. The prior art also did not reveal the fame of distinctive essential features that cause the same technical result that is achieved in the claimed method. Therefore, the claimed invention meets the condition of patentability "inventive step".

Brief description of the drawings

The claimed method is illustrated by drawings, which show:

fig. 1 is a diagram illustrating a general view of a crypto-code structure for controlling and restoring the integrity of multidimensional data arrays;

fig. 2 is a diagram illustrating the execution of 2-dimensional cryptographic and code transformations;

fig. 3 is a diagram illustrating the performance of 1-dimensional cryptographic and code transformations on elements of a structured data array represented in a 2-dimensional data space.

Implementation of the invention

Structural-parametric synthesis is understood as a process, as a result of which the structure of an object is determined and the values of the parameters of its constituent elements are found, in such a way that the conditions of the assignment for synthesis are satisfied (Volkov, V.A. System analysis for system-parametric synthesis / V.A. Volkov, S.M. Chudinov // Scientific Bulletin of the Belgorod State University Series: Economics Informatics - 2012. - No. 19(138) - P. 153-157.

To obtain, as a result of synthesis, crypto-code structures that make it possible to ensure data integrity in the event of a forced change in the required detecting and correcting abilities caused by the destructive effects of an attacker and disturbances in the functioning environment, the aggregation of the corresponding cryptographic and code transformations is performed both in the space of structures and parameters of the object under consideration .

Under the conditions of destructive influences of an intruder and disturbances of the functioning environment during storage of information, it is possible to distort and (or) destroy it, that is, a violation of its integrity. Violation of the integrity of structured data arrays, in turn, will be characterized by the appearance of an error in the data blocks, that is, a discrepancy between the data sent for storage and the data when requesting their use. A violation of the integrity of a single data block contained in a structured data array is understood as the occurrence of a 1-fold error, respectively, the occurrence of a q-fold error will be characterized by a violation of the integrity of q data blocks.

Cryptographic transformations performed in the construction of crypto-code structures are based on the use of a cryptographic hash function (Knuth, D.E. The Art of Computer Programming. Volume 3 Sorting and Search / D.E. Knut. - M .: Mir, 1978. 824 p.). The application of a hash function to structured data arrays makes it possible to detect with cryptographic certainty a data block or a set of data blocks with signs of integrity violation.

A hash function h is a function that maps data М ∈ {0,1} ^* into hash codes Н ∈ {0,1} ^ξ :

h(M) → H,

where “(⋅) ^* ” is an arbitrary data block size, “(⋅) ^ξ ” is a fixed block size with a hash code (ξ ∈ N), and satisfies the following properties:

- according to the calculated value of the hash function H ∈ {0,1} ^ξ, it is difficult to calculate the initial data M ∈ {0,1} ^* mapped to this value;

- for the given initial data M ₁ ∈ {0,1} ^* it is difficult to calculate other initial data M ₂ ∈ {0,1} ^* mapped to the same hash function value, i.e. h(M ₁ )=h(M ₂ ), where M ₁ ≠ M ₂ :

- it is difficult to calculate any pair of initial data (M ₁ ,M ₂ ), where M ₁ ≠ M ₂ , M _t ∈ {0.1} ^* , t=1.2, mapped to the same hash function value , i.e. h(M ₁ )=h(M ₂ ).

The hash code Н ∈ {0.1} ^ξ is understood as a string of bits that is the output result of the hash function h.

The strings of bits that the hash function h maps to a hash code H ∈ {0,1} ^* will be called a data block M ∈ {0,1} ^* .

In turn, the restoration of the integrity of structured data arrays is ensured through the use of the mathematical apparatus of error-correcting codes.

An error-correcting code (correcting code, error-correcting code) is a code for detecting and correcting errors. The main technique is adding specially structured redundant information to the payload when writing (transmitting) and using such redundant information when reading (receiving) to detect and correct errors. The number of errors that can be corrected is limited and depends on the specific code used (Bleihut, R. Theory and practice of error control codes / R. Blaihut; translated from English by I.I. Grushko, V.M. Blinovsky; ed. K. Sh. Zigangirova. - M.: Mir, 1986. - 576 p.).

The procedure for the structural-parametric synthesis of crypto-code structures of control and restoration of the integrity of structured data arrays, based on the aggregation of cryptographic and code transformations, will be explained using systematic codes (codes in which the digits can be divided into information and control, and the control digits occupy one and the same the same positions in code combinations). They are denoted by (n, k)-codes, where n is the length of the codeword, k is the information part. In this case, the mathematical apparatus of error-correcting codes will be described by means of the coding function, which is denoted by ƒ.

The coding function ƒ is understood as a function that maps information data blocks (target information) contained in a structured data array into control (redundant) blocks:

ƒ(M _c ) → M _ρ .

where M _k - information data blocks contained in a 1-dimensional structured data array M[k]={M ₀ , M ₁ , ..., M _k-1 } (special case); M _ρ - control (redundant) blocks; k=0,1,…,k-1; ρ=k,…,n-1.

The number of control (redundant) blocks will be determined by the required detecting and correcting capabilities of the error correcting code used.

The use of error-correcting codes provides the possibility of flexible introduction of redundancy for restoration (control and restoration in cases where the use of a hash function does not allow detection and (or) localization of data blocks with signs of integrity violations) of the integrity of structured data arrays under destructive influences attacker and disturbances of the functioning environment.

At the same time, to ensure the possibility of applying cryptographic and code transformations to the elements of structured data arrays to control and restore their integrity, the interpretation of the data blocks contained in them will be different. To ensure the possibility of performing transformations identical to the transformations used in the construction of error-correcting codes with elements of an arbitrary structured data array, it is required to interpret data blocks M as:

- integer non-negative numbers, represented, for example, in the binary system:

where µg ∈ {0,1}; g=0,1,…,τ-1;

- elements of the extended field GF(2 ^τ ):

Where - dummy variable; μ _g ∈ {0,1}; g=0,1,…,τ-1.

With this interpretation, it is possible to perform transformations with elements of a structured data array that are identical to those that are used, in particular, when performing an extension operation to construct codes of a system of residual classes: modular codes, modular polynomial codes, etc.

Interpreting data blocks as vectors:

М=[μ ₁ ,μ ₂ ,…,μ _τ ],

where μ _g ∈ {0,1}; g=1,2,…,τ, makes it possible to perform transformations with them that are identical to those used in various cryptographic algorithms, for example, when generating and verifying an electronic signature, using a hashing function, etc.

With the degradation of data storage systems under the destructive influences of an attacker and disturbances in the operating environment, to ensure data integrity by means of crypto-code structures, it is proposed to reduce the dimensionality of the control space and restore the integrity of structured data arrays without switching to a data space with a lower dimensionality. In this case, the control and restoration of the integrity of structured data arrays will be carried out by applying cryptographic and code transformations in a space with a lower dimension in relation to the dimension of the data space.

For a structured data array M[k, k], presented in a 2-dimensional data space, the structural-parametric synthesis of crypto-code structures can be performed in the following order:

- on one axis, cryptographic transformations will be performed on the elements of the array M[k, k], interpreted as vectors:

- on the other axis - code transformations over the elements of the array M[k,k], interpreted as non-negative integers:

As a result, the dimensionality of the cryptographic and coding transformations illustrated in FIG. 2, with the previous dimension of the data space in which the original structured data array M[k,k] is represented, and 1-dimensional cryptographic and code transformations will be performed in a 2-dimensional data space (Fig. 3).

Let's get a crypto-code construction of control and restoration of the integrity of the original 2-dimensional structured data array, represented by an array:

The rules for constructing a crypto-code structure represented by the resulting array are determined and can be described by means of a ϕ-function of the following form:

where the symbol "1D" denotes that 1-dimensional cryptographic and code transformations are performed on the elements of a structured data array represented in a 2-dimensional data space ("2D"); ρ=k,…,n-1; j=0,…,η-1; k=0,1,…,k-1.

The resulting crypto-code structure, represented by the received array, allows to ensure the integrity of information in the event of a possible violation of the integrity of single data blocks (occurrence of 1-fold errors) located on different lines of the structured data array M[k,k]. At the same time, it is sufficient for the error-correcting code used in coding to restore the integrity of the detected and localized data blocks with signs of integrity violation by using the hash function to have a correcting ability equal to its detecting one.

Detection, localization and restoration of the integrity of other data blocks with signs of integrity violation (in the event of a q-fold error) will be performed on the columns of the structured data array M[k,k] by applying the mathematical apparatus of the error-correcting code used. At the same time, the error-correcting code used in coding will require both its detecting and correcting abilities to detect, localize and restore the integrity of these data blocks with signs of integrity violation.

Thus, the presented order of synthesis makes it possible to build crypto-code structures for controlling and restoring the integrity of structured data arrays, which make it possible to ensure data integrity with a forced reduction in the dimensionality of the control space and restore the integrity of structured data arrays. During the degradation of data storage systems, the dimension of the parameter vector (the number of calculated hash codes and control (redundant) blocks) is not known in advance and will be determined after determining the structure of the resulting crypto-code structure.

Claims (1)

A method of structural-parametric synthesis of crypto-code structures with a forced reduction in the dimensionality of the control space and restoration of the integrity of structured data arrays, which consists in the fact that crypto-code structures of control and restoration of data integrity are built on the basis of data arrays of dimension k, consisting of data blocks, k which, in order to be able to detect signs of integrity violation, the hash function h is used, while the calculated hash codes are placed in free blocks of the array and are reference values, the values of which, when requesting the use of data, are compared with the values of the hash codes already calculated from the checked data blocks, with integrity restoration, the data blocks to be protected, as well as the reference hash codes calculated from them, are interpreted as elements of GF(2 ^t ) and are the smallest polynomial residues, while the resulting data array is considered as a single superblock of the modular polynomial code, on which the expansion operation is performed by introduction of n - k redundant bases, for which the corresponding excess residues are calculated, additionally introduced to correct an error, in the event of which the restoration of data blocks without prejudice to the unambiguity of their representation is carried out by reconfiguring the system by excluding from the calculations a data block with signs of integrity violation, which differs by the fact that in order to build crypto-code structures of control and restore the integrity of structured data arrays, structural-parametric synthesis is performed, as a result of which the structure structure is determined and the values of the parameters of its constituent elements are found, in such a way that the conditions of the task for synthesis are satisfied, while it is required perform the aggregation of the corresponding cryptographic and code transformations both in the space of structures and parameters of the object under consideration, the number of control blocks will be determined by the required detecting and correcting abilities of the error-correcting code used, while the synthesis order is to reduce the dimensionality of the control space and restore the integrity of structured data arrays without switching to a data space with a lower dimension, which allows monitoring and restoring data integrity through the use of θ-1-dimensional cryptographic and code transformations performed in a θ-dimensional data space.