EA021803B1 - Method of data encoding for calculating platforms with simd-architecture - Google Patents

Abstract

The invention relates to data encoding. Proposed is a technology of realization of data encoding cycle for calculating platforms with SIMD-architecture, allowing to avoid forced mixture instructions of the standard architecture and SIMD-instructions due to a specialized adaptation of change units providing to perform change operations only by the SIMD-instructions. The technical result provides the production increase.

Description

FIELD OF THE INVENTION

The invention generally relates to data encryption, in particular to data encryption according to GOST 28147-89 for computing platforms with δΙΜΌ architecture.

Description of the Related Art

In modern technology, data encryption plays a significant role and is very widely used. As a result, serious attention at various levels has been riveted to developments in the field of data encryption.

The national standard of the Russian Federation GOST 28147-89 establishes a unified algorithm of cryptographic conversion for information processing systems in computer networks and individual computer complexes. GOST 28147-89, the contents of which by reference is fully included in the present description, introduces a block encryption algorithm with a block size of 64 binary bits (hereinafter referred to as the bit) and a 256-bit key. The cryptographic transformation uses a substitution block consisting of eight replacement nodes. Each replacement node is a table of sixteen 4-bit numbers and provides a one-to-one mapping of the set of 4-bit numbers onto itself. It should be noted that the standard does not specify a specific set of constants for the substitution block. This means that the developer can choose its content at his discretion.

GOST 28147-89 describes a number of encryption modes, namely: simple replacement, gamming, gamming with feedback and the development of an imitation insert. The encryption cycle is the basis of each of the mentioned modes, which differ from each other by a specific combination of input parameters.

Currently, computing platforms with δΙΜΌ-architecture are widely used in practice. Such a platform, in general, allows parallel processing of N data streams, as its hardware component consists of N independent, but resource-intensive processor elements, while processing is controlled by a single stream of commands. Each processor element has a local RAM. The processor elements receive commands from one central command controller and operate synchronously, executing the same command at each step. In this case, each processor element operates with data from the local RAM, i.e. The main characteristic of the δΙΜΌ architecture is that all N processor elements execute a fixed command, but on different data.

There are known processors with δ производства-architecture produced by 1n1e1 or ΑΜΌ companies, which in addition to standard architecture instructions also include a set of specialized instructions (so-called δΙΜΌ-instructions), in particular a set of δδΕ-technology instructions (81geappppd δΙΜΌ E. \ 1ephyuph).

Considering the high performance characteristics provided by the δΙΜΌ architecture, which are caused by the aforementioned parallelization, it seems promising to implement data encryption on it according to GOST 28147-89 in order to increase productivity. However, it was experimentally shown that when using exclusively δΙΜΌ instructions it is impossible to implement the encryption cycle of GOST 28147-89 in exact accordance with the algorithm described in the standard. The essence of the problem lies in the fact that δΙΜΌ instructions do not allow the replacement operation performed during data encryption to be performed as specified in GOST 28147-89. Obviously, you can use the standard architecture instructions to complete this operation. However, in the end, productivity does not increase, but rather decreases. This decrease is due to additional overhead that occurs as a result of data matching when switching between δΙΜΌ- and standard architecture instructions.

Thus, in technology there is a need for a methodology for implementing the encryption cycle of GOST 28147-89, which excludes mixing of standard architecture instructions and δΙΜΌ instructions.

For the block cipher algorithm ΌΕδ known implementation using δΙΜΌ-instructions (see. E. Βίΐιαιη. A Gah1 ne \ y ΌΕδ npr1etep1aOop ίη hop \ uage. EsFte ΝοΡχ ίη SotrSheg δ <^ η <^. Νοί. 1267, pp. 260 to 272, 1997), which proposes to use δΙΜΌ instructions on 64-bit registers for parallel encryption of sixty-four independent data streams. However, the use of the approach described in this article to implement the encryption cycle according to GOST 28147-89 with the specific content of the replacement nodes is not applicable due to significant algorithmic differences between ΌΕδ and GOST 28147-89.

A possible approach to the implementation of the national encryption standard is proposed in the publication by A. Vinokurov. GOST 28147-89 encryption algorithm, its use and software implementation for computers of the platform Ιηίο1 \ 86, Monitor, No. 1, p. 5, 1995, which in a revised and augmented form is available at the address Lp: //yyy.epPdTs.Gi/gur1o/ag1yu1e8Mpoksh ^/do81_Pcs.

This publication contains a description of the implementation of the standard GOST 28147-89 for the ΙηΡί \ 86 platforms, however, the specificity of the δΙΜΌ-architecture is not taken into account.

SUMMARY OF THE INVENTION

A technique is proposed for implementing a data encryption cycle according to GOST 28147-89 on a δΙΜΌ- 1 021803 architecture, which avoids the forced mixing of standard architecture instructions and δΙΜΌ-instructions due to specialized adaptation of replacement nodes, which enables the replacement operation to be performed exclusively using δΙΜΌ-instructions. When implementing a given type on an 8-architecture, the proposed approach provides a twofold increase in performance compared to the implementation based solely on instructions from the standard architecture.

The present invention proposes the implementation of a data encryption cycle according to GOST 28147-89 for computer systems having a δΙΜΌ-architecture. The proposed method comprises the steps of initializing the masks Μ _{] ί} (k = 1, ..., 6), each mask being an array of dimension 4, each element of which is a 32-bit constant unique to the mask; reorganize the pre-filled replacement nodes K _t (t = 1, ..., 8) specified in GOST 28147-89, each of which is an array of 4-bit numbers of dimension 16, into arrays T (] = 0, ..., 3) 4-bit numbers of dimension 32 as follows:

T ₀ [2 (l>] = + = K _e [l],

TD2 (p)] = KCP], G, [2 (p) + 1] = K ₄ [p],

7 ^ 2 (l)] = KDl], T _: [2 (l) ₊ 1] = K _g [l], ''''

Т, Ип)] = КДп], Г ₃ [2 (l) + 1] = units perform an encryption cycle. Note that the number of executions of the mentioned encryption cycle is defined in GOST 28147-89.

Preferably, the δΙΜΌ architecture is a 1ΙΜΌ1s1 δΙΜΌ architecture or a similar ΛΜΌ company architecture formed by a processor having four processing elements.

When performing the encryption cycle, arrays of 32-bit elements of dimension 4 are formed:

= {Νι.ίΐζ = {Χϊ}, X = {Χχ}, 2 = 0, ..., 3, where Ν _{1> 1} , Ν _{2> 1} are subblocks into which the 64-bit block of encrypted data is previously split, and X! - part of the 256-bit encryption key selected in accordance with GOST 28147-89. The choice of part of the encryption key is preferably determined by the encryption mode provided by GOST 28147-89. A separate local storage device is associated with each of the processor elements, in which one of the sets Ν _{1> 1} , Ν _{2> 1} , Χ ₁ (ί = 0, ..., 3) for independent processing by this processor element is stored. At the same time, the replacement nodes K _t (m = 1, ..., 8) together form a substitution block, which is the same for all processor elements.

When performing the encryption cycle, an array of CM ₁ is then formed by performing the summing operation modulo 2 ³² with respect to arrays Ν ₁ and X. Then, the first auxiliary array Υ _{0 is formed} by applying the bitwise shift operation four times to the array CM1 and form the second auxiliary array Υ by applying a logical OR operation to the result of the logical aND operation against Μ mask ₁ and CM array ₁ and the result of the logical aND operation against mask M ₂ and the first auxiliary array and form Υ ₀ tre s Ζ auxiliary array by applying a logical OR operation to the result of the logical AND operation with respect to the mask _M1 and the first auxiliary array Υ ₀ and logic AND operation result with regard to the mask M and the array ₂ SM !. After that, the first intermediate array K _{0 is formed} by applying the logical AND operation to the mask M ₂ and the result of the mixing operation with respect to the T ₀ array and the second auxiliary array Υ, the second intermediate array K is formed! by applying the logical And operation to the mask M ₅ and the result of performing the mixing operation with respect to the T2 array and the third auxiliary array Ζ, the third intermediate array K _{2 is formed} by applying the logical And operation to the mask M ₄ and the result of performing the mixing operation with respect to the T1 array and the second auxiliary array Υ, form the fourth intermediate array K ₂ by applying the logical operation AND to the mask M ₆ and the result of the operation of mixing in relation to the array T3 and the third of the auxiliary array Ζ and form the fifth intermediate array K, combining the previously obtained intermediate arrays from first to fourth, by applying the logical OR operation to the result of the logical OR operation with respect to the first intermediate array K ₀ and the third intermediate array K ₂ and the result of the logical OR operation with respect to the second intermediate array and the fourth intermediate array K ₃ . By applying the logical AND operation to the corresponding mask and the corresponding result of the mixing operation, insignificant values in the resulting intermediate array are zeroed.

Then, when performing the encryption cycle with respect to the fifth intermediate array K, a cyclic shift is performed by applying the logical OR operation to the result of the bitwise left shift operation by eleven digits with respect to the array K and the result of the bitwise right shift operation by twenty one bits with respect to the array K. After this, the the SM2 array representing the encrypted data by performing a bitwise summing operation modulo 2 with respect to the fifth intermediate array that has passed cyclically shift, and array Ν ₂ .

The above operations of logical AND, logical OR, right / left shift, summation

- 2 021803 modulo 2, summation modulo 2 ³² and mixing are directly provided for by the 8 architecture.

The present invention also provides a machine-readable medium on which computer-executable instructions are stored which, when executed by a computer system having a δΙΜΌ architecture, require this computer system to perform the claimed method of data encryption according to GOST 28147-89.

List of drawings

In FIG. 1 shows a logical block diagram of an encryption cycle; in FIG. 2 is a flowchart of a replacement operation according to the present invention.

DETAILED DESCRIPTION OF THE INVENTION

When disclosing the proposed proposal, for convenience, we will use a specialized pseudo-language to describe the procedures, each of which corresponds to the specific 8 instruction used (for example, from the 88E2, 88E3, 888E3 set).

When describing the procedures, we will interpret the variable as an array. Suppose A is a 128-bit variable, then the highest 32 bits will be denoted as A [0], the next in descending order of 32 bits will be denoted as A [1] and so on to A [3]. We will do the same when breaking the variable into smaller parts, for example, eight digits, then the array will have a dimension of sixteen. The method of splitting a variable unambiguously follows from the range of values that the index takes when addressing in an array.

For bitwise logical operations AND, OR, EXCLUSIVE OR, SHIFT RIGHT, SHIFT LEFT, we use the notation og, apD, hog, kb, kb1, respectively.

So, in the proposed approach, the following set of procedures is used, where the corresponding 81ME instructions are given in angle brackets.

A = load (B) <_pia_zeb1_er132>

Input: B is a 32-bit unsigned integer.

Output: A is an array of 32-bit unsigned numbers of dimension four and A [D = B, where 0 £ <£ 3.

A = sum (B, C) <_pcs_ac1 <1_er132>

Input: B and C are arrays of 32-bit unsigned integers of dimension four.

Output: A - an array of 32-bit unsigned integers of dimension four and

A [/ '] = B [/] + SI, where Oy /' ^ 3.

In other words, this operation is an operation of summation modulo 2 ³² , the essence of which is that during overflow, which arises as a result of summation, the values of binary bits that go beyond the limits of the bit grid are ignored.

A = shift_vlθβο (V _G C) <_lsh> _z11 ± _vr ±>

Input: B is an array of 32-bit unsigned integers of dimension four, C is a positive integer, 0 ^ C32.

Output: A - an array of 32-bit unsigned integers of dimension four and

А [, '] = В [Д в / ι / С, where 0 <ΐ <3.

When shifting to the left by one binary digit, the binary sequence is shifted in the direction of the most significant digit, while the value of the most significant digit goes beyond the boundaries of the bit grid and is ignored. The position of the least significant digit is the value of binary zero.

A = right_shift (B, C} <_χηπι_3ΐ: 1ί_βρϊ32>

Input: B is an array of 32-bit unsigned integers of dimension four, C is a positive integer, 0 <C <32.

Output: A - an array of 32-bit unsigned integers of dimension four and

A [/] = B [/ '] sB C, where 0 <ί <3.

Similarly, when shifting to the right by one binary digit, the least significant bit of the shifted binary sequence goes beyond the boundaries of the bit grid and is ignored, and the binary zero value is entered at the position of the most significant bit.

- 3 021803

A = or (B, C} <_it_og_zx128>

Input: B and C are arrays of 32-bit unsigned integers of dimension four.

Output: A - an array of 32-bit unsigned integers of dimension four and

A [/] = br] from Cp], where 0 <ί ί 3.

A = and (B, C) <_пш1_апс1_8д.128>

Input: B and C are arrays of 32-bit unsigned integers of dimension four.

Output: A - an array of 32-bit unsigned integers of dimension four and

A (/] - B [r] aps! C [(], where 0 <ί <3.

A = exc_or (B, C) <_пш1_хог_В1128>

Input: B and C arrays of 32-bit unsigned integers of dimension four.

Output: A - an array of 32-bit unsigned integers of dimension four and

Α [ί] = Β [ί] tag Ср], where 0 <ί <3.

A = mix (B, C) <_pip_db and £ 1 1e_er ± 8>

Input: B and C are arrays of sixteen eight-bit unsigned integers.

Output: A - an array of 8-bit unsigned integers of dimension sixteen.

If C [y] aps / 0x80 * 0x00, then D [/] = 0x00, otherwise D [/] = B [C [/] upd OhOR], where 0 <ί <15.

The operation allows you to form an array A from the values of the array B. The values of the least four bits of some element of the array C determine the position of the element from the array B to write to the position of the array A, corresponding to the position of the given element of the array C. If the senior bit of some element C has a binary value, then zero is entered in the corresponding position A.

Further, when disclosing the proposed proposal, the following designations are used, corresponding to GOST 28147-89:

X | .0 <| <7 - 256-bit key storage, consisting of eight 32-bit drives. Here, a drive is a memory cell;

Ν ₁ , Ν ₂ - 32-bit drives into which a 64-bit block of input data, previously divided into two 32-bit subblocks, is entered before the start of the encryption cycle;

SM ₁ - 32-bit drive, which stores the result of the summation modulo 2 ³² ;

SM ₂ is a 32-bit drive in which the result of bitwise summation modulo 2 is saved (in other words, bitwise logical operation EXCLUSIVE OR). At the end of the encryption cycle, the final result is saved in the same drive;

To _t , 1 <u <8 - eight 32-bit drives that are used in intermediate calculations;

To _t , 1 <t <8 - eight replacement nodes, together constituting a substitution block.

As noted earlier, each replacement node is a table of sixteen 4-digit numbers. Accordingly, for storage of one replacement unit, 64 bits must be reserved. Generally speaking, the replacement is performed as follows: the number b sets the position number in the replacement node K _t , then the corresponding 4-bit number is read and then written to the drive K _t .

The following is a description of the implementation of the present invention of the data encryption cycle according to GOST 28147-89 for a platform with §1MI architecture.

Let there be a computer system with 81MI-architecture of the company 1n1s1 (or a similar architecture of the company AMI), formed by a processor with four processor elements. As mentioned earlier, each processor element has its own local random access memory.

Taking into account the above notation, the variables Ν _{1> 1} , Ν _{2> 1} , X ₁ , 0 <ί <3 are introduced. So, Ν _{1> 1} , Ν _{2> 1} denote 32-bit data subblocks on which one encryption cycle is to be performed, X ₁ denotes the 32-bit part of the 256-bit key used by the encryption cycle. At

- 4 021803 of this, the procedure for selecting a part of the key is described in GOST 28147-89.

According to the standard, before executing an encryption cycle, certain values must be loaded into drives Y ₁ , Ν ₂ , Χ ^ 0 <_] <7. Then the contents of the variables Ν _{1> 0} , Ν ₂ , ₀ , X ₀ correspond to the values of the drives Ν ₁ , Ν ₂ , Χ_ί of the first processor element, and the contents of Ν ₁ , ₁ , Ν _{2> 1} , Χ ₁ correspond to the values of the drives Ν ₁ , Ν ₂ , Χ_ί of the second processor element and so on to the fourth processor element with variables Ν _{1> 3} , Ν ₂ , ₃ , X ₃ .

The main feature of the proposed approach for a computing platform with an 8 architecture is to enable the encryption cycle of GOST 28147-89 by four processor elements simultaneously with respect to four sets of variables Ν _{1> 1} , Ν _{2> 1} , X! using the same replacement nodes K _t , 1 <t <8. At the same time, the key component in each set of variables can be its own. It should also be noted that the contents of each of these sets in no way correlate with the contents of any other of them.

The implementation of the encryption cycle according to the present invention is preceded by the following actions.

Firstly, the constants M ₁ -M ₆ acting as masks are defined as follows:

M, = download (Ohoooooooo);

M ₂ = load (0x0OP00R00);

M, = Download (OhROOO00OR);

M _a = download (OhOOORROOO) -;

Λί ₅ = download (OhORROOOOO);

Λί „= download (0x00000РРО),

The choice of these constants is determined by the features of the used δΙΜΌ-architecture, namely a set of δΙΜΌ-instructions (in fact, the question of choosing specific constants is equivalent to the question of using specific instructions). The functional purpose of these constants is explained below.

Secondly, T ₁ arrays _of unsigned 4-bit numbers of dimension 32 are formed, in which pre-filled replacement nodes are placed. Then the following values will be stored in the cells of the T ₁ arrays:

T ₀ [2 (l)] = K, [l], _7-0 [2 (l) + 1] = K _a [l],

T ₁ [2 (l)] = K ₅ [l], T ₁ [2 (l) + 1] = X ₄ [l],

T ₂ (2 (l)] = K ₃ [l], G ₂ [2 (l) + 1] = K ₂ [l], ''

T, [2 (l)] = K ₇ [l], T ₃ [2 (l) ₊ 1] = K _in [l]

For example, T ₀ = (K ₁ [0], K ₈ [0], K ₁ [1], K ₈ [1], ..., K ₁ [15], K ₈ [15]). It should be noted that, as said earlier, GOST 28147-89 does not specify a specific set of constants for the substitution block, which means that the developer can choose its content at his discretion.

Next, with reference to FIG. 1 directly describes the implementation of one cycle of data encryption according to GOST 2814 7-89. As mentioned above, the number of encryption cycles is determined by GOST 28147-89, depending on the encryption mode.

At the input of the loop there are three data arrays Ν ₁ , Ν ₂ and X:

Ν, = (Ν, _ρ , Ν ^ Ν _ν , Ν _Χ3 ),

Ν ₂ = (Ν _2ΰ , Ν _2ί , Ν ₂₂ , Ν ₂₂ },

X = (X ₉ , X _g X _g , X ₃ ).

Explanations regarding the 32-bit elements of these three arrays are given above.

At its output, an array of SM _{2 is formed} , consisting of four 32-bit elements, where SM ₂ [1] is the result of performing one encryption cycle for a set of variables Ν _{1> 1} , Ν _{2> 1} , Χ ₁ , ί = 0, ... , 3.

At step 101, the summation of Ν ₁ , ₁ and Χ ₁ is carried out modulo 2 ³² The result is recorded in the 32-bit element of the SM array !, i.e. SM _| | 1 | = (^ |, _| + Χ,) ιηού2 ³² . In the pseudo-language used here, step 101 is summarized as

CM, = sum (Ν,, X)

Next, at step 102, the replacement operation of the present invention is performed, which is described in detail below.

Then, at step 103, with respect to the replacement result K, a cyclic shift of = = or (left shifts (Z, 11), right-shift (P, 21)) is performed, after which, at step 104, output encrypted data is received in the CM2 array by performing bitwise summation modulo 2 in the following way

CM _g = exc_or (K, Λί ₂ )

It should be noted that the operations in steps 101, 103, 104 correspond to the specification of GOST 2814789 without any δΙΜΌ-oriented adaptation. In other words, these operations are directly projected onto δΙΜΌ instructions.

- 5 021803

As mentioned above, the essence of the problem solved by the present invention is that the replacement operation, as specified in GOST 28147-89, cannot be directly projected onto δΙΜΌ instructions, similar to the above operations in steps 101, 103, 104, and, therefore, its corresponding adaptation is necessary taking into account the specifics of the δΙΜΌ architecture, which is described below with reference to FIG. 2.

At the input of the replacement operation, at step 102, an array of CM! Is supplied, obtained at step 101. The result of this operation is placed in variable K. When the replacement operation is performed, the SM is essentially replaced! [ί] in accordance with the contents of the replacement nodes K _t

At step 201, using the masks M ₁ , M ₂ (see above), two auxiliary arrays Υ and Ζ are formed from the array SM ₁ as follows:

Y '= right_shift (CM,, 4),

Υ = or (and (M., CM,}, and (M ₂ , Y ')),

Ζ = or (and (Μ,, Υ '), and (М ₂ , СМ,)).

Further, each 32-bit element of the SM ₁ , Υ, and массив arrays will naturally be considered as an array of four-bit elements of dimension eight. As a result of this interpretation, the arrays CM ₁ , Υ, and Ζ will have a dimension of 32. Suppose that the array CM _{1 is} given as a sequence

Then (-1.1. (- 1.2 .-- 4 0811010.24-4 0.8 ..... (- 4.1ι (-ί, 2ι ··>> - 42

Y = (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 0) and = (0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,.,., 0,0 ^, 0,0 , 0,0., 0,00.

Then, at step 202, with respect to the auxiliary arrays Υ and Ζ, the replacement is performed using the shuffle operation in accordance with the representation of the substitution block T ₁ , ί = 0, ..., 3 (see above), to obtain intermediate data arrays K ₀ -P ₃ :

At the same time, the resulting data arrays mix the data arrays, due to the specifics of this operation, they contain both data that is significant from the point of view of the final result and insignificant. For further calculations, filtering data from these data arrays by extracting significant data using masks M ₃ -M ₆ .

The following should be noted. Although in the above description of the set of procedures it is said that arrays of 8-bit integers of dimension 16 are fed to the operator input, while in the description of FIG. 2 arrays of 4-bit integers of dimension 32 are fed to its input, there is no contradiction, since the operator corresponding to the δΙΜΌ-architecture mixes the input arrays with 128-bit variables, while the specific breakdown used here is used to conveniently illustrate one or another aspect.

Let us consider in more detail the replacement operation by the example of T ₀ and Υ. During the operation, T ₀ | Y | k || will be obtained. 0 <k <15. However, the significant results of the operation are the values of the senior four digits for k = 0.4.8.12 and the lower four digits for k = 3.7.11.11.15, the values of the remaining digits should be ignored due to their uselessness. We write the intermediate result in the form of an expanded array K _{1> m} = K _m [b _{1> m} ]. Using x, we mark values that are not significant. As a result, we get

I ₀₁ , x, x, x, x, x, x, Ρ _οβ , Ρ _υ , x, x, x, x, x, χ, K ₃₁ , χ, χ, χ, χ, χ, χ,

In order for the values at the positions marked x not to affect the calculation results, a zero value should be written to these positions. This is done using the mask M ₃ .

Replacement by means of the remaining units is carried out in a similar way.

Finally, at step 203, by combining the previously obtained intermediate arrays of Ko-K ₃ , the result of the replacement operation issued in step 103 is obtained in the form of array K as follows:

K = or (or (I, I,), or (K, I,))

To illustrate, we present the calculated values at steps 101, 102 (i.e., 201-203):

- 6 021803 - Щр ίη £ η _β , 21 Ά.3 ί · 4.1 | ί4.2>'Ι ^, β)' γ = (0.4,, 0,4, ο, ^, ο, ς., ΟΑ ,, ο, ί ^ οΑ., ΟΑβ ..... ο, ί ,,, ο, ^, ο, ^, ο, ^), ζ = (0, ^ 2.0-4.0.1 ,,, o, q ₇ , ο, ί2,, 0Α ₃ .θΛ.3.θ. ± ..... ο, 4,, 0.4, .0,4,, о, 4Д

Κ, = (^ ,, 0.0.0. ^ 0.0 ./^./^ ,, 0.0.0,0.0.0, ^,., ^ ,, 0,0.0.0.0,0 ./^.^ ,, 0.0,0.0.0.0. ^ 4.). ^ = (0, ^. ^. 0.0,0,0,0,0,0, ^ 2 ^, 3,0,0,0,0,0,0,0, ^, ^ ,, 0,0,0,0, 0,0, ^ 2. ^. 3-0.0,0,0,0,), ί? 2 = (0,0,0, ^, ^, 0,0,0,0,0,0,0, ^, ^, 0,0,0,0,0,0,0, ^, ^ 23,0,0,0,0,0,0,0,0, ^, ^, 0,0,0), ^ = (0,0,0 , 0,0, ^, ^ 2,0,0,0,0,0,0,0, ^ ,, ^, 0,0,0,0,0,0,0 ^ 2 .. ^. 7.0.0.0.0.0. 0. ^, ^. 7-0).

(ί = (^. „Κϊ, 2 '' I ^ 03Λ,. (^ 12” · I D. &. ^ 2! '^ 2,2 ..... ^ 20' ^ 31 '^ 3,2 ..... ^ 33)

For the practical implementation of the described encryption cycle, GOST 28147-89 requires a computer system with a δ архитектур architecture, for example a computer system with a processor manufactured by 1p companies (e1 or ΆΜΌ with a set of δδΕ technology instructions. In particular, the above approach can be implemented as software, stored on a known computer-readable medium (s) from such a computer system, which, when executed by the said processor, will instruct it to encrypt data according to The invention can be created by compiling source code representing the steps, operations and actions described above, as well as variables and constants, in the appropriate programming language (for example, in the C ++ programming language) using a compiler that supports the instructions δδΕ -technologies, such as, for example, the compiler U15ia1 C ++ 2008 of the company M1SGO5OY or the compiler of the company 1p1e1.

The invention has been disclosed above with reference to a specific embodiment. Other specialists may be obvious to other embodiments of the invention, without changing its essence, as it is disclosed in the present description. Accordingly, the invention should be considered limited in scope only by the following claims.

Claims (17)

CLAIM 1. A method of data encryption implemented by a computing platform having a δΙΜΌ-architecture, comprising the steps of initializing the masks M _k (k = 1, ..., 6), each mask being an array of dimension 4, each element of which represents a 32-bit constant unique to the mask; reorganize the pre-filled replacement nodes K _t (t = 1, ..., 8) specified in GOST 28147-89, each of which is an array of 4-bit numbers of dimension 16, into arrays T (ί = 0, ..., 3) 4-bit numbers of dimension 32 as follows: Г _о [2 (л) 1 = КМГо [ЗД + 1] = К _в [п |, G, [2 (/ e)] - K ₅ [n], G42 (n) + 11-K ₄ [l1, T ₂ [2 ( _n )] = K ₃ [q], T _r [2 (n) ₊ 1] = KDp], '~' Г, [2 ( _П )] = К ₇ [и], Г ₃ [2 (п) + 1] = К _е [п1 perform at least one encryption cycle in which arrays of 32-bit elements of dimension 4 are formed Their = {Νι, 4, 1¾ = {Л ₃ , 4, X = {ХЦ, 1 = 0,, 3, where Νι _{> 1} , Ν _{2> 1} are subblocks into which a 64-bit block of encrypted data is previously split, and X! - part of the 256-bit encryption key, selected in accordance with GOST 28147-89; form an array CM1 by performing the summation operation modulo 2 ³² with respect to arrays Ν ₁ and X; form the first auxiliary array Υ ₀ by applying CM to the array! bitwise right operations by four digits, form the second auxiliary array Υ by applying the logical OR operation to the result of the logical AND operation with respect to the mask M ₁ and the array CM ₁ and the result of the logical AND operation with respect to the mask M ₂ and the first auxiliary array Υ ₀ and form the third auxiliary array Ζ by applying the logical OR operation to the result of the logical AND operation with respect to the mask M1 and the first auxiliary array Υ0 and the result of the logical AND operation with respect to the mask M2 and array CM1; form the first intermediate array Ko by applying the logical AND operation to the mask M3 and the result of the mixing operation with respect to the array T0 and the second auxiliary array Υ, form the second intermediate array путемι by applying the logical And operation to the mask M ₅ and the result of the mixing operation with respect to the array T ₂ and the third auxiliary array Ζ, form a third intermediate Κ array ₂ by applying a logical aND operation to the mask M ₄ and the operation result is stirred I against array T ₁ and the second auxiliary array Υ, form a fourth intermediate array Κ ₃ by applying a logical AND operation to the mask M ₆ and the result of performing mixing operation against - 7 021803 of the array T ₃ and the third auxiliary array Ζ and form the fifth intermediate array K by applying the logical OR operation to the result of the logical OR operation with respect to the first intermediate array Ko and the third intermediate array K ₂ and the result of the logical OR operation with respect to the second intermediate array K ! and the fourth intermediate array K ₃ ; perform a cyclic shift with respect to the fifth intermediate array K and form a CM ₂ array representing the encrypted data by performing bitwise summing operations modulo 2 with respect to the fifth intermediate array that has passed the cyclic shift and array Ν ₂ ; the aforementioned summation, logical operations, shifts, and mixing operation are directly provided for by the δΙΜΏ-architecture. 2. The method according to claim 1, in which the δΙΜΏ-architecture is the δΙΜΏ-architecture of the company 1n1e1 or similar architecture of the company ΆΜΏ formed by a processor having four processor elements. 3. The method according to claim 2, in which a separate local storage device is associated with each of the processor elements, in which one of the sets Ν _{1; 1} , Ν ₂₄ , X! (ί = 0, ..., 3) for independent processing by this processor element. 4. The method according to claim 3, in which the replacement nodes K _t (t = 1, ..., 8) together form a substitution block, which is the same for all processor elements. 5. The method according to claim 1, in which the number of encryption cycles is determined by GOST 28147-89. 6. The method according to claim 1, in which the choice of part of the encryption key is determined by the encryption mode provided for by GOST 28147-89. 7. The method according to claim 1, wherein when forming the array of CM ₁ by performing the summing operation modulo 2 ³² with respect to arrays Ν ₁ and X, the ΐ -th element of the array SM _{1 is} obtained by summing Ν _{1; 1} and X! modulo 2 ³² , 1 = 0, ..., 3. 8. The method according to claim 1, in which before the formation of intermediate arrays, each of the auxiliary arrays Υ and Ζ is reorganized as an array of 4-bit numbers of dimension 32 by reorganizing each of its 32-bit elements into an array of 4-bit numbers of dimension 8. 9. The method of claim 8, wherein in the mixing operation performed on two arrays, the resulting array is filled with elements of the first of these two arrays so that the element of the resulting array, whose position corresponds to the position of the element of the second of the two arrays, is written either 0, or an element of the first of the two arrays mentioned, the position of which is indicated by the lower four digits of the said element of the second of these two arrays. 10. The method according to claim 9, in which by applying the logical AND operation to the corresponding mask and the corresponding result of the mixing operation, insignificant values in the resulting intermediate array are zeroed. 11. The method according to claim 1, in which the cyclic shift in relation to the fifth intermediate array K is performed by applying the logical OR operation to the result of the bitwise left shift operation by eleven digits in relation to the array K and the result of the bitwise right shift operation by twenty one bits in relation to the array TO. 12. The method according to claim 7 or 11, in which when applying to the array of 32-bit numbers of dimension 4, the operations of bitwise shift left / right, the operation of bitwise shift left / right is performed with respect to each element of this array. 13. The method according to claim 1, in which when forming the array of SM ₂ by performing the operation of bitwise summation modulo 2 with respect to arrays K and Ν _{2, the} ΐ-th element of the array SM _{2 is} obtained by bitwise summation of the 1st element of the array K and Ν ₂ , ϊ modulo 2, 1 = 0, ..., 3. 14. The method according to any one of claims 1-11, wherein when applying logical OR operations to 32-bit numbers of dimension 4, the ΐth element of the resulting array is obtained by the corresponding application of the logical OR operation with respect to the элементовth elements of the arrays mentioned, 1 = 0, ..., 3. 15. The method according to any one of claims 1 to 11, wherein when applying logical AND operations to the arrays of 32-bit numbers of dimension 4, the ΐth element of the resulting array is obtained by the corresponding application of the logical AND operation with respect to the элементовth elements of the arrays mentioned, 1 = 0, ..., 3. 16. The method according to claim 1, in which the mask Μι ^ (k = 1, ..., 6) is initialized with the following values: MLN = OhOOOOOOOO, Μ ₂ [ϊ] = ΟχΟΡΟΟΟΓΟΟ, Μ ₃ [ί] = OhROOOOOO, MLL = OhOOOOOOOO, M ₅ [2] = OhOOORROOO, M ₅ [2] = OhORROOOOO, M ₆ [1] = 0Х00000РР0, 2 = 0, 3. 17. A machine-readable medium on which computer-executable instructions are stored which, when executed by a computing platform having a δΙΜΏ architecture, require this computing platform to perform the data encryption method according to claim 1.