RU2106753C1 - Process of cryptographic conversion of data blocks - Google Patents

Abstract

FIELD: electric communication, computer engineering, methods and devices for cryptographic conversion of data blocks. SUBSTANCE: process involves formation of encoding key in the form of assemblage of subkeys, break-down of data block into subblocks and successive conversion of subblocks. In agreement with process binary vectors of two types are formed in addition, 1-th subkey, where 1= 1,2,3, ...,K, K ≥ 8 8 is number of subkeys is superimposed on binary vector of first type with the aid of binary operation, binary vector of first type is superimposed with the use of binary operation on i-th subblock B_i, where i=1,2, 3, ..., N, N N ≥ 22 is number of subblocks. Number 1 of subkey is chosen by value of binary vector of second type. Binary vector of first type is formed, for instance, by structure of j-th subblock B_j, where j=1,2,3,...,N. Binary vector of second type is formed for example, by structure of binary vector of first type. EFFECT: enhanced speed of cryptographic conversion when computer is used. 5 cl, 3 dwg

Description

 The invention relates to the field of telecommunications and computer technology, and more particularly to the field of methods and devices for cryptographic data conversion.

In the aggregate of the features of the proposed method, the following terms are used:
the secret key (or password) is a combination of bits known only to a legitimate user;
cipher key (encryption key) is a combination of bits used in encryption of information data signals; the cipher key is a removable cipher element and is used to convert a given message or a given set of messages; the cipher key is known only to the legitimate user or can be generated by deterministic password procedures;
a cipher is a set of elementary steps for converting input data using a cipher key; the cipher can be implemented as a computer program or as a separate device;
a subkey is a part of a key used on individual elementary steps of encryption;
a cryptographic key (or subkey) usage schedule is a sequence of subkey usage in the encryption process;
encryption is the process of cryptographic transformation of data blocks using a cryptographic key, converting data into a cryptogram, which is a pseudo-random sequence of characters from which obtaining information without knowing the key is practically impossible;
decryption is the opposite of encryption; decryption provides recovery of information from the cryptogram with knowledge of the cipher key;
cryptographic strength is a measure of the reliability of information protection and represents the complexity, measured in the number of elementary operations that must be performed to recover information from the cryptogram with knowledge of the conversion algorithm, but without knowledge of the cryptographic key.

one-way conversion is the cryptographic conversion of an input data block into some output block, and the conversion procedures satisfy the following condition: it is almost impossible to find the value of the input block corresponding to this output block by the value of the output block, even knowing the conversion algorithm; one-way conversions are used in cryptographic protocols, for example, when identifying users of secure computing systems;
a binary vector is a sequence of zero and one bits, for example 101101011; the specific structure of the binary vector can be interpreted as a binary number, if we assume that the position of each bit corresponds to a binary digit, i.e. a binary vector can be associated with a numerical value, which is determined uniquely by the structure of the binary vector.

 Known methods of block encryption of data, see for example the US standard DES (W. Diffie, M.E. Hellman. Security and Immunity: An Introduction to Cryptography // TIIER. 1979, vol. 67, No. 3, pp. 87-89), The encryption method according to US patent N 5222139, dated June 22, 1993, the FEAL-1 cipher and the B-Crypt cryptographic algorithm (S. Maftik. Protection mechanisms in computer networks, M .: Mir, 1993, pp. 49-52). In the known methods, the encryption of data blocks is performed by forming an encryption key in the form of a set of subkeys, splitting the converted data block into subblocks, and subsequently converting the latter using the substitution, permutation, and arithmetic operations performed on the current subblock and the current subkey.

However, the known analogue methods do not possess sufficient resistance to differential cryptanalysis (Berson TA Differential Cryptanalysis Mod 2 ³² with application to MD5 // EUROCRYPT'92. Hungary, May 24-28, 1992. Proceedings, p. 67-68), so how the subkey usage schedule is fixed for all converted input blocks.

The closest in technical essence to the claimed method of block encryption is the method described in the Russian standard of cryptographic data protection (USSR Standard GOST 28147-89. Information processing systems. Cryptographic protection. Algorithm for cryptographic conversion). The prototype method includes generating an encryption key in the form of a sequence of 8 subkeys 32 bits long, dividing the input 64-bit data block into two 32-bit subblocks B ₁ and B _2, and subsequently converting the subblocks. One step of converting a sub-block, for example, sub-block B ₂ , is to overlay the current subkey Q _i , which is fixed for this step, using the addition operation modulo 2 ³² (+) in accordance with the formula B ₂ : = B ₂ + Q ₁ , where 1 ≤ i ≤8, after which the substitution operation is performed on the new value of the sub-block B ₂ , then the operation of cyclic left shift by eleven bits, i.e. eleven binary digits in the direction of the higher digits, and then on the obtained value of B ₂ impose a subblock B ₁ using the bitwise summing operation modulo two (⊕) in accordance with the formula B ₂ : = B ₂ ⊕ B ₁ . The substitution operation is performed as follows. The subblock is divided into 8 binary vectors with a length of 4 bits. Each binary vector is replaced by a binary vector from the lookup table. The 8 4-bit vectors selected from the lookup table are combined into a 32-bit binary vector, which is the output state of the subblock after performing the lookup operation. A total of 32 similar steps are taken to change the subunits, and for all the converted input data blocks at a fixed step for converting the subunits, a subkey with a fixed number is used.

 However, the prototype method has drawbacks, namely, in software implementation it does not provide the high encryption speed necessary to build real-time computer information protection software systems. For example, for the Intel 486/100 microprocessor, the encryption speed does not exceed 3 Mbps. This drawback is due to the fact that in order to provide resistance to differential cryptanalysis, a large number of substitution operations are specified that are slowly performed by the microprocessor.

 The purpose of the invention is the development of a method of cryptographic conversion of data blocks, providing an increase in the speed of cryptographic conversion when using a computer.

This goal is achieved by the fact that in the known method of block encryption, which consists in generating an encryption key in the form of a set of K subkeys, dividing the data block into N subunits and alternately converting the subunits, two types of binary vectors are additionally generated. Choose the number l, where l = 1,2,3, ..., K, connecting the structure of the binary vector of the first type and using the binary operation, superimpose the lth subkey on the binary vector of the second type. After that, the next subblock is transformed (for example, the i-th subblock B _i , where i ≤ N by superimposing on this subblock a binary vector of the second type with a changed structure.

 The formation of a binary vector of the first type means the selection in the structure of a subunit or in the structure of a binary vector of the second type of a group of bits whose numerical value is taken as the number of the subkey superimposed on the subunit, or the explicit formation of a binary vector of the first type in a separate register or memory cell of a computing device. For example, the implicit formation of a binary vector of the first type is as follows: subblock B has the structure {10110 ... 11010011} and 8 low-order bits, namely the binary vector {11010011} is used as the number of the selected subkey without writing this binary vector to a separate register or memory cell.

The following three options for generating a binary vector of the first type can be used:
1. The binary vector of the first type is formed according to the structure of the j-th subblock B _j , where 1 ≤ j ≤ N. For example, use the value of the 8 least significant bits as the number of the selected subkey.

2. The binary vector of the first type is formed according to the structure of the binary vector of the second type. For example, calculate the value l = (V, mod 2 ⁸ ), where the operation mod A denotes the remainder of dividing the numerical value of the binary vector of the second type V by the number A. The value l is used as the number of the selected subkey.

3. The binary vector of the first type is formed by the structure of the j-th subblock B _j , where 1 ≤ j ≤ N, and by the value of the number of the subkey superimposed on the sub-block at the previous superposition step. For example, as the number of the selected subkey, use the number obtained by superimposing on the number l of the subkey superimposed on the sub block at the previous step, the remainder of dividing the value of B _j by 2 ⁸ : l: = l ⊕ (B _j mod 2 ⁸ ) .

 The formation of a binary vector of the second type means the explicit formation of a binary vector of the second type in a separate register or memory cell of a computing device.

The following two options for forming a binary vector of the second type can be used:
1. The binary vector of the second type is formed according to the structure of the subunit B _j , where j ≤ N. For example, a 32-bit register is allocated to store the values of the binary vector of the second type V, some initial number is written into it using the bitwise summing operation modulo two (oplus ), convert the value of V by superimposing the subunit B _j on V: V: = V ⊕ B _j . . A variant is possible in which the structure of the subunit B _{j is} preliminarily written in an additional cell corresponding to the variable G, after which G is applied to V: V: = V ⊕ G.

. Затем накладывают V на подблок B_i: B_i:= B_i⊕ V. . Структура, которую имел вектор V на этом шаге наложения на подблок, сохраняется и на V накладывают следующий подключ

. После наложения V на очередной подблок структура V опять сохраняется, на V накладывается очередной подключ и т.д. до завершения преобразования всех подблоков.2. The binary vector of the second type is formed according to the structure that it had at the previous step of superposition on the subblock. For example, a 32-bit register is allocated for storing the values of the binary vector of the second type V, some initial number A is written into it: V: = A. Using the bitwise summing operation modulo two (oplus), a subkey is applied to V

. Then impose V on the sub-block B _i : B _i : = B _i ⊕ V.. The structure that the vector V had at this step of superimposing on the subblock is preserved, and the next subkey is applied to V

. After V is superimposed on the next subblock, the V structure is again preserved, the next subkey is superimposed on V, etc. until the conversion of all sub-blocks is completed.

 The formation of binary vectors is performed in such a way that the change in their structure during the cryptographic transformation of the data block is not predetermined, but depends on the structure of the data block and on the encryption key. The meaning of choosing a subkey, which is superimposed on a subblock at the current step, according to a specially generated binary vector, is to make the choice of subkey undefined for each step of converting subblocks. The listed set of essential features provides a higher cryptographic conversion speed of data blocks due to the following. The subkey usage schedule for each data block is undefined and unique, and the subkeys are not directly superimposed on the converted subunits, but are used to form the structure of a binary vector of the first type by sequentially superimposing a large number of subkeys on it. The probability of repeating the same values of the binary vector of the first type is many orders of magnitude less than the probability of repeating the values of the subkeys, since the number of combinations of subkeys selected to form the value of the binary vector of the first type is many times greater than the number of subkeys themselves. This provides high resistance to all known methods of cryptanalysis, including differential cryptanalysis, using even simple arithmetic operations that are quickly performed by the microprocessor.

 The possibility of technical implementation of the proposed method of block encryption is explained as follows. The inventive method is focused on encryption of input blocks using non-repeating combinations of subkeys, namely, setting the dependence of the subkey usage schedule on the data block structure and the encryption key, i.e. to set pseudo-random selection of subkeys. This method allows to obtain a high encryption speed when using encryption keys with a length of, for example, from 256 to 2050 bytes. The encryption key can be formed directly by entering it into the encryption system, for example, from a removable storage medium. The encryption key can also be generated by entering a password from the keyboard or from a computer storage medium into a pseudo-random number generator, obtaining the required size encryption key at the output. A number of methods are known for constructing pseudorandom number generators, see for example (Brickell E.F., Odlizhko E.M. Cryptanalysis: Review of the latest results // TIIER. 1988, v. 76, No. 5, pp. 87-89). The complexity of the key generation procedures does not affect the encryption speed, since this procedure is performed once when the user is identified with a password at the moment the encryption device is turned on or the encryption program is called.

 The inventive method can be implemented using a computer or a computing device, represented by the flowchart in FIG. 1, where block 1 is a user password input device; block 2 - cipher key generation block; block 3 - the memory block of the encryption device; block 4 - the operational block of the encryption device containing several registers, for example three registers; block 5 - encryption device; 6 - bus for transmitting information signals of the user password; 7 - a bus for transmitting information signals of a cipher key; 8 - a bus for transmitting information signals of subkeys and for transmitting information signals of input data and information signals of converted subunits; 9 - addressing bus; 10 - input data input bus; 11 - ciphertext output bus.

 Using block 1, a secret key is entered, the information signals of which 6 are fed to the input of block 2. In block 2, a cipher key is formed and the corresponding information signals are transmitted via bus 7 to memory block 3. After that, encryption device 5 contains a cipher key in memory and is ready to perform operations encryption. This initialized state of the device is maintained for the entire duration of the legitimate user. The input unit is entered via bus 10 into operation unit 4 and then via bus 8 into memory unit 3.

The input data block is represented as a set of subblocks recorded at fixed addresses in the memory block 3. The information signals of the subunit B _j via bus 8 are input into the first register of operation block 4 (in the case of computers, into one of the microprocessor registers). In the second register, a binary vector of the first type is formed, for example, writing into it the contents of the 8 least significant bits of the subunit B _j . In the fourth register, sub-block B _i is introduced. In the third register of block 4, a binary vector of the second type is formed, for example, by writing to the register of the 1st subkey. The information signals of the binary vector of the first type are fed to the address bus 9 and thereby set the number l of the current subkey Q _l to be selected by the value of the binary vector of the first type. The key vector of the second type is superimposed using a binary operation under the key located at the address set in the second register, i.e. by the value of the binary vector of the first type. The sub-block B _{i is} transformed by superimposing a binary vector of the second type on it using the binary operation, the structure of which was previously changed by superimposing a subkey on it. After that, they proceed to transform the next sub-block. At each new step of converting the current subblock, in the third register, the value of another subkey is accumulated, selected according to the current structure of the subblock B _j . Overlay refers to the execution of a binary operation between two operands, for example, a subblock B _i and a binary vector of the second type V, and replacement of the initial value of the first operand with the value of the result of the binary operation. Analytically, the overlay procedure is written in the form of the formula B _i : = B _i * V, where the * sign denotes a binary operation, the sign: = - assignment operation. The overlay pattern is shown in FIG. 2, where 12 is a subunit of B _i with the original structure; 13 is a binary vector of the second type V; 14 - a block performing a binary operation *; 15 - subblock B _i with a modified structure.

.As a binary operation, simple arithmetic operations of addition (+) and subtraction (-) modulo 2 ³² , bitwise summing modulo 2 (⊕), which are quickly executed by the microprocessor, can be used. More complex binary operations can also be used, determined on the basis of those listed and on the basis of quickly performed unary operations, i.e. operations on a single binary vector, for example, based on the cyclic shift operation ^{>> d >>} by d bits, where 1 ≤ d ≤ b-1, where b is the size of the subblock in bits. For example, the operation * on 32-bit vectors can be defined in the following variants corresponding to the formulas:

.

In FIG. 3 shows the structure of a binary operation defined by formula (3), where blocks 16 and 17 are input operands X and Y, block 18 performs a cyclic shift operation 1 bit to the right, block 19 performs a cyclic shift operation 7 bits to the right, block 20 performs the bitwise summing operation is modulo two; block 21 performs the composite binary operation ^'*' . The use of more complex binary operations in the claimed method is permissible, since in this case a high encryption speed is also provided, and an increase in the number of types of operations used further increases the strength of the cipher.

The generated binary vector of the first type has a structure depending on the subblock B _j or on the structure of the binary vector of the second type. In variants of the proposed method, in which the formation of a binary vector of the first type according to the structure of the binary vector of the second type is specified, the option of forming the binary vector of the second type according to the structure of the subunit B _{j is used} . This determines the dependence of the selection of the current subkey superimposed on the subunit B _i on the structure of the subunit B _j . Since the structure B _j during the conversion varies depending on the selected subkeys, this determines the pseudo-random nature of the change in the number of the subkey selected at the current sampling step. The generated binary vector of the second type has a structure depending on the set of subkeys selected in the previous steps of the sample, so it takes values different from the values of the subkeys, and the binary vector of the second type takes a number of different values equal to approximately 2 ³² if its length is 32 bits whereas the number of subkeys is usually not more than 2 ¹² .

 The proposed method of cryptographic conversion of data blocks is easily implemented, for example, on personal computers and provides the possibility of creating high-speed encryption software modules on its basis, which allows solving a number of acute problems of protecting computer information, as well as replacing expensive specialized encryption equipment for personal computers equipped with a high-speed software system encryption.

Claims (6)

 1. The method of cryptographic transformation of data blocks, which consists in generating an encryption key in the form of a set of K subkeys, dividing the data block into N subblocks and alternately transforming the subblocks, characterized in that the binary vectors of two types are additionally formed, the number l is selected, where l ≤ K, connecting the structure of the binary vector of the first type, using the binary operation, impose the lth subkey on the binary vector of the second type and transform the i-th subunit, where i ≤ N, by superimposing it on it using the binary operation second type binary vector with a modified structure.  2. The method according to claim 1, characterized in that the binary vector of the first type is formed according to the structure of the j-th subunit.  3. The method according to claim 1, characterized in that the binary vector of the first type is formed according to the structure of the binary vector of the second type.  4. The method according to claim 1, characterized in that the binary vector of the first type is formed by the structure of the j-th subunit and by the value of the subkey number used in the previous overlay step.  5. The method according to claim 1, characterized in that the binary vector of the second type is formed according to the structure of the j-th subunit.  6. The method according to claim 1, characterized in that the binary vector of the second type is formed according to the structure that it had at the previous step of superposition on the subunit.

Images