RU2184423C2 - Method for iterative block encryption of digital data - Google Patents

Abstract

FIELD: electrical communications and computer engineering; cryptographic methods for data encryption. SUBSTANCE: method involves encryption of private key, division of data block into two sub- blocks, and execution of R≥2 encryption rounds including generation of binary vector, conversion of binary vector under private key control, and superposition of converted binary vector onto second block by means of addition operation; control code is generated during each round and first sub-block is converted by means of first controlled operation depending on control code value; mentioned first sub-block is then converted by means of second controlled operation depending on control key value; binary vector is generated with respect to first sub-block converted by means of first controlled operation; control code is shaped with respect to private key and also control code is shaped with respect to private key and with respect to second sub-block value; used as second controlled operation is two-space controlled operation which is reverse to first controlled operation; used as first and second controlled operations are controlled exchanges and also two-space controlled operations are used as first and second controlled operations. EFFECT: reduced number of encryption rounds thereby increasing encryption speed. 6 cl, 3 dwg

Description

 The invention relates to the field of telecommunications and computer technology, and more particularly to the field of cryptographic methods and devices for encrypting messages (information).

In the aggregate of the features of the proposed method, the following terms are used:
- the secret key is binary information known only to a legitimate user;
- subkey - part of the secret key;
- encryption is the process of converting information that depends on the secret key and converts the source text into ciphertext (cryptogram), which is a pseudo-random sequence of characters from which obtaining information without knowing the secret key is practically impossible;
- decryption is the opposite of the encryption process; decryption provides recovery of information from the cryptogram with the knowledge of the secret key;
- the cipher is a set of elementary steps for converting input data using a secret key; the cipher can be implemented as a computer program or as a separate device;
- a binary vector is a sequence of zero and one bits, for example (101101011); the specific structure of a binary vector can be interpreted as a binary number, if we assume that the position of each bit corresponds to a binary digit, i.e., a binary vector can be associated with a numerical value, which is determined uniquely by the structure of the binary vector;
- cryptanalysis - a method of calculating a secret key to obtain unauthorized access to encrypted information;
- cryptographic strength is a measure of the reliability of encrypted information protection and represents the complexity, measured in the number of elementary operations that must be performed to recover information from a cryptogram with knowledge of the conversion algorithm, but without knowledge of the secret key;
- cryptanalyst - a person performing cryptanalysis;
- cyclic shift operations depending on the converted sub-blocks or depending on the binary vector — these are cyclic shift operations by the number of bits specified by the value of the sub-block or the value of the binary vector; operations of cyclic shift to the left (right) are indicated by the sign "<<<"(">>>"), for example, the record B <<< A denotes the operation of cyclic left shift of the subunit B by the number of bits equal to the value of binary vector A;
- a single operation is an operation performed on one operand (data block or binary vector); the value of a subblock after performing some given unary operation depends only on its initial value; examples of single operations are cyclic shift operations;
- two-place operation is an operation performed on two operands; the result of some given two-place operation depends on the value of each operand; examples of double operations are the operations of addition, subtraction, multiplication, etc .;
- a controlled two-place operation is an operation performed on two operands under the control of some binary vector called the control code; the result of some controlled two-place operation with a fixed control code depends on the value of each operand, and for fixed values of the operands, on the value of the control code; Examples of the implementation of controlled double operations are described in patent N 2140716 [Moldovyan A.A., Moldovyan N.A., Moldovyan P.A. The method of cryptographic conversion of digital data blocks // RF Patent N 2140716, IPC ⁶ N 04 L 9/28, Bull. N 30 from 10.27.1999]; in the formulas, the controlled two-place operation will be denoted by the record B: = Q _V (A, B), where A, B are operands, V is the control code;
- modification of a controlled two-seater operation - a two-seater operation corresponding to the conversion of two operands with a fixed value of the control code;
- controlled permutation is an operation performed on one operand under the control of some binary vector called the control code, which consists in the permutation of the bits of the operand depending on the value of the control code; examples of the implementation of controlled permutations are described in patent N 2140714 [Alekseev L.E., Belkin T.G., Moldovyan A.A., Moldovyan N.A. The method of iterative encryption of data blocks // RF Patent N 2140714, IPC ⁶ N 04 L 9/20, Bull. N 30 from 10.27.1999]; in the formulas, the controlled permutation will be denoted by the record P _V , and the transformation of the operand B by performing a controlled permutation on it by the record B: = P _V (B), where V is the control code; controlled permutation is a special case of controlled single operation;
- modification of controlled permutation - a fixed permutation of the bits of the operand corresponding to a given value of the control code;
- the concatenation operation is the operation of combining several binary vectors, as a result of which a new binary vector is formed, which includes all the bits of each of the combined binary vectors, and the relative position of the bits corresponding to the original binary vectors does not change; for example, the concatenation of binary vectors W ₁ = (101101011) and W ₂ = (011101010) is written as W ₁ | W ₂ = (101101011011101010); these binary vectors can be combined by the concatenation operation in yet another way: W ₂ | W ₁ = (01110101010101101011).

Known methods for block iterative encryption of digital data, see, for example, the DES cipher [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc. New York 1996, pp. 270-277]. In this method, the encryption of data blocks is performed by generating a secret key, dividing the converted data block into two subunits L and R and alternating the latter by performing bitwise summing operations modulo two over the subunit L and the binary vector, which is formed as the output value of some function E of the values of the sub-block R. After that, the sub-blocks are rearranged. The function F in the specified method is implemented by performing permutation and substitution operations performed on the sub-block R. This method has a high conversion speed when implemented in the form of specialized electronic circuits. However, the known analogue method uses a small secret key (56 bits), which makes it vulnerable to cryptanalysis based on key selection. The latter is associated with the high computing power of modern computers. Another well-known method of block iterative data encryption is the method implemented in the RC5 cipher [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc. New York 1996, pp. 344-346]. This method includes generating a secret key in the form of a set of subkeys, splitting the binary information code into q-bit information blocks and sequentially converting q-bit blocks. The transformation of q-bit blocks is carried out by dividing the q-bit data block into n-bit subblocks A and B and alternately converting the subblocks. Subblocks are converted by performing single and double operations on them. As two-place operations, we use the addition operations modulo 2 ⁿ , where n = q / 2 = 8, 16, 32, 64, and the bitwise summing operation modulo 2. The operation of cyclic left shift, the number of bits per which the converted subunit is shifted depends on the value of the other subunit, which determines the dependence of the cyclic shift operation at the current step of converting the subunit on the initial value of the input data block. Double operation is performed on a sub-block and a sub-block, as well as on two sub-blocks. Characteristic of the RC5 method is the use of a cyclic shift operation, depending on the value of the input block. A subblock, for example subblock B, is transformed by superimposing subblock A onto subblock B using the bitwise summing operation modulo 2, i.e. the bitwise summing operation is performed modulo 2 (denoted by the symbol "⊕") over subblocks A and B and the value obtained after performing this operation is assigned to subblock B. This is written as the ratio B: = B⊕A, where the sign ": =" denotes an assignment operation. After that, the operation of cyclic shift to the left by the number of bits equal to the value of the subunit A: B: = B <<< A is performed on subblock B. Then, over the subblock B and one of the subkeys S, the summation operation is performed modulo 2 ⁿ , where n is the length of the subblock in bits: B: = (B + S) mod 2 ⁿ . After that, subunit A is similarly converted. Several such steps are taken to convert both subunits. The disadvantage of the RC5 cipher is the lack of resistance to differential cryptanalysis.

The closest in technical essence to the claimed method of iterative block encryption of digital data is the method described in the Russian standard of cryptographic data protection [USSR Standard GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic Transformation Algorithm]. The prototype method includes generating an encryption key in the form of a sequence of 8 subkeys 32 bits long, dividing the input information presented as a binary code into sections of 64-bit length, forming 64-bit data blocks on their basis and converting the blocks under control encryption key. Before conversion, each data block is divided into two 32-bit subunits A and B, which are converted one by one by performing 32 rounds of conversion (iterations). One round of conversion is as follows. Using subunit A and one of the subkeys, the 32-bit value of the round function E is calculated and the obtained value E (A) is superimposed on subunit B using the bitwise summing operation modulo two (⊕) in accordance with the formula B: = B⊕E (A) . The calculation of the round function is carried out in accordance with the following transformation steps. A binary vector F is formed from subunit A. The binary vector F is transformed by superimposing on it the current subkey K _i , which is fixed for a given round and called a round subkey, using the addition operation modulo 2 ³² (+) in accordance with the formula F: = ( R + K _i ) mod 2 ³² , where 1≤i≤8, after which the substitution operation (F: = S (F)) is performed on the binary vector F, then the operation of cyclic left shift by eleven bits, i.e. by eleven binary digits in the direction of the higher digits (F: = F <<< 11). After each round of encryption, with the exception of the last round, the subblocks are rearranged. The substitution operation is performed as follows. Binary vector F is divided into 8 binary vectors with a length of 4 bits. Each binary vector is replaced by a binary vector from the lookup table. The 8 4-bit vectors selected from the lookup table are combined into a converted 32-bit binary vector F.

 However, the prototype method has drawbacks, namely, in all rounds of encryption, sub-block A is not converted, which creates the preconditions for attacking this cipher by differential cryptanalysis [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc. , New York, 1996, pp. 285-290]. Therefore, to ensure high resistance to differential cryptanalysis, a large number of encryption rounds are required, which reduces the encryption performance.

 The basis of the invention is to develop a method for iterative block encryption of digital data, in which the input data is converted in such a way that, in each encryption round, both sub-block B and sub-block A are transformed, and the sub-block A is transformed using controlled operations , which will reduce the number of encryption rounds while maintaining high cryptographic resistance to differential cryptanalysis, thereby increasing the encryption speed.

 The problem is achieved in that in a method of block iterative encryption of digital data, including the formation of a secret key, splitting a data block into two subunits and performing R≥2 rounds of encryption, which consist of generating a binary vector from the first subunit, converting a binary vector and applying it using the operation of summing the converted binary vector to the second subblock, new, according to the invention, is that they additionally form a control code and the first subblock is converted from to oschyu two controlled operations depending on value of the control code, and one of them is performed prior to formation of the binary vector, and the second is performed after the formation of the binary vector.

 Thanks to this solution, the conversion of the second subunit during the conversion of the binary vector is ensured, which makes it possible to reduce the number of encryption rounds while ensuring high cryptographic strength, thereby increasing the encryption speed.

 What is also new is that the control code is generated using a secret key.

 Thanks to this solution, an additional increase in resistance to differential cryptanalysis is provided.

 In addition, it is new that the control code is generated by the secret key and by the current value of the information block being transformed.

 Thanks to this solution, an increase in cryptographic resistance to attacks based on failures of the encryption device is provided.

 In addition, it is also new that a controlled two-seat operation is used as the second controlled operation, which is inverse to the first controlled operation.

 Thanks to this solution, it is possible to encrypt and decrypt using the same electronic circuit, which simplifies the hardware implementation of the proposed method.

 New is the fact that controlled permutations are used as controlled operations.

 Thanks to this solution, an additional increase in cryptographic resistance to attacks based on failures of the encryption device is provided.

 Also new is that managed double operations are used as managed operations.

 Thanks to this solution, the implementation of the proposed method in high-speed electronic encryption devices is simplified.

 Below the essence of the claimed invention is explained in more detail by examples of its implementation with reference to the accompanying drawings.

The generalized scheme of iterative encryption of data blocks based on the proposed method is represented by the encryption round structure shown in FIG. 1a, where
S ₁ and S ₂ - operating units that perform controlled operations; the selection of current modifications of these operations is carried out depending on the control codes V ₁ and V ₂ supplied to the control input of the corresponding permutation blocks;
A and B are subblocks of the converted data block;
F is a binary vector generated by the data sub-block A in accordance with the formula F: = A;
E is the operating unit, denoting the procedures for converting a binary vector; at the output of the operating unit E, the value of the transformed binary vector F is formed: = E (A, K _r );
To _r is the rth round subkey.

The operation unit S is controlled by the binary vector V, which depends on the variable parameters involved in the encryption. Such variable parameters can be plug-ins, subblocks of the information block, or specially generated values that change with a change in the initial value of the information block. As a variable parameter that controls the permutation operation, values generated from random or pseudo-random data can also be used. In the general case, the value that controls the operation S will be called the control code V. By the formation of the control code V we will mean the formation of signals at the control input of the managed operating unit. A variant of the controlled operation S for a given V will be called a modification of the controlled operation corresponding to the value V. The control code can be generated, for example, in the following ways:
1) for the data block B (V: = B or V: = π (B), where π is a fixed permutation implemented in electronic circuits as a simple interweaving of conductors),
2) on the i-th round subkey K _i (V: = π (K _i ) or V: = K _i ,
3) by the data block and connect (V: = π (B) ⊕K _i ).
Encryption consists of performing the R conversion transforms shown in FIG. 1a, and performing permutation of subunits A and B after completing the Rth round. In the general case, the operations S ₁ and S ₂ can be arbitrary operations for which there are corresponding inverse operations, which allows decryption of the ciphertext. The encryption round shown in figa corresponds to the decryption round shown in figb, where
S ₁ ^-1 - operation, the inverse of the operation S ₁ ;
S ₂ ^-1 - operation, the inverse of the operation S ₂ ;
E is an operating unit that matches the operating unit E in figa; at the output of the operating unit E during decryption, the value of the transformed binary vector F is formed: = E (A, K _{R-r + 1} );
K _{R-r + 1} - subkey used in the rth decryption round. Decryption consists in performing the R conversion rounds shown in FIG. 1b, and performing permutation of the subunits A and B after completing the Rth round. In general, encryption and decryption are performed using different electronic circuits. Simplification of the hardware implementation of the proposed method is achieved by choosing such operations S ₁ and S ₂ that are mutually inverse, i.e., such controlled operations for which modifications corresponding to the same values of the control codes V ₁ and V ₂ are mutually inverse operations. In this case, decryption can be carried out using the same scheme as encryption, by setting the reverse order of using subkeys.

As the controlled operations S ₁ and S ₂ , (1) controlled permutations and (2) controlled two-place operations can be used. For example, the controlled permutations described in patent N 2140713 [Moldovyan A.A., Moldovyan N.A., Moldovyanu P.A. The method of block cryptographic conversion of binary information // RF Patent N 2140713, IPC ⁶ N 04 L 9/00, Bull. N 30 from 10.27.1999], or controlled double operations described in patent N 2140716 [Moldovyan A.A., Moldovyan N.A., Moldovyan P.A. The method of cryptographic conversion of digital data blocks // RF Patent N 2140716, IPC ⁶ N 04 L 9/28, Bull. N 30 from 10.27.1999]. Thus, as a controlled operating unit S, a controlled operational permutation unit (block P) or a controlled operating unit performing a two-place operation depending on the control code (block Q) can be used. Operating units that perform controlled permutations or controlled two-place operations can be easily implemented in the form of simple high-speed combinational electronic circuits built on standard elements of logic circuits. Blocks P and blocks Q can also be used to convert the binary vector F instead of the commonly used substitution blocks having low speed, thereby reducing the conversion time of the binary vector and further increasing the encryption speed. Modern microelectronic technology allows the manufacture of low-cost electronic devices based on controlled permutations and providing an encryption speed of up to 1 Gbit / s.

 Consider specific examples of the implementation of the proposed method of block iterative encryption of digital data.

Example 1: encryption of a 64-bit data block T. Example 1 is illustrated in FIG. 1c, where P and P ^-1 are controlled operating units with a 32-bit information input and a 64-bit control input, realizing mutually inverse controlled permutations. Mutually inverse controlled permutations are understood as such controlled permutations for which, for all values of the control code, the modifications corresponding to them are mutually inverse fixed permutations. Mutually inverse fixed permutations π and π ^-1 are such fixed permutations, the sequential execution of which on any operand does not change the value of the latter, i.e. the following relations hold: π (π ^-1 (A)) = A, and π ^-1 (π (Α)) = A. For an arbitrary operational block P performing controlled permutations, the corresponding operational block P ^-1 can easily be constructed performing inverse controlled permutations. Block P ^-1 is a block P, in which the input is used as an output, and the output is used as an input.

Encryption in accordance with example 1 is as follows. Generate a secret key, presented in the form of the following set of n-bit round subkeys: K ₁ , K ₂ , ..., K ₁₆ and W ₁ , W ₂ , ..., W ₁₆ . Break the data block into two subunits A = T div 2 ³² and B = T mod 2 ³² . Encrypt the data block in accordance with the following algorithm.

 1. Set the counter for the number of rounds of encryption r: = 1.

2. Form on the subkey K _r and sub-block B the control code V ₁ : V ₁ : = B | K _r , where "|" - concatenation operation.

3. Depending on the value of V _1, convert the subunit A by performing a controlled permutation operation performed by the operation unit P: A: = P _V1 (A).

 4. Form a binary vector F: F: = A.

5. Generate a 32-bit subkey Z to control the subunit E performing the round encryption procedure in the prototype method: Z: = K _r ⊕W _r .
6. Using the round subkey Z, convert the binary vector F in accordance with the binary vector conversion procedures performed in the prototype method: F: = E (F, Z).

7. Using the bitwise summation operation modulo 2, superimpose the transformed binary vector F onto the subblock B: B: = B⊕F.
8. Form on the subkey W _r and the sub-block B the control code V ₂ : V ₂ : = B | W _r .
9. Convert subblock A by performing a controlled permutation operation on it performed by the operation block P ^-1 , depending on the value of the control code: B: = P $\genfrac{}{}{0ex}{}{\text{-1}}{\text{V2}}$ (A).
10. If r <16, then increment r: = r + 1, rearrange subblocks A and B (that is, take binary vector A as binary vector B, and binary vector B as binary vector A) and go to step 2.

 11. STOP.

The cryptogram block C is formed by combining the transformed binary vectors A and B: C = A | B. The cryptogram block is decrypted using the same algorithm, except that in step 2, the K _17-r subkey is used instead of the W _r subkey, and in step 8, the W _17-r subkey is used instead of K _r .

Example 2: encryption of a 64-bit data block T. Example 2 is illustrated in FIG. 2a, where Q and Q ^-1 are operation blocks with a 32-bit information input and a 32-bit control input that implement mutually inverse controlled double-seat operations. Mutually inverse controlled two-place operations are understood to mean such controlled two-place operations for which, for all values of the control code, the modifications corresponding to them are mutually inverse two-place operations. In example 2, encryption is as follows. Generate a secret key, presented in the form of the following set of n-bit round subkeys: K ₁ , K ₂ , ..., K ₁₀ and W ₁ , W ₂ , ..., W ₁₀ . Break the data block into two subunits A = T div 2 ³² and B = T mod 2 ³² . Encrypt the data block in accordance with the following algorithm.

 1. Set the counter for the number of rounds of encryption r: = 1.

2. On a subkey K _r, generate a control code V ₁ : V _1: = K _r .

3. Depending on the value of V _1, convert subunit A by performing a controlled two-seater operation on subunit A and the subgroup W _r : A: = Q _V1 (A, W _r ).
4. Form a binary vector F: F: = A.

5. Generate a 32-bit subkey Z to control the subunit E performing the round encryption procedure in the prototype method: Z: = K _r ⊕W _r .
6. Using the round subkey Z, convert the binary vector F in accordance with the binary vector conversion procedures performed in the prototype method: F: = E (F, Z).

7. Using the bitwise summation operation modulo 2, superimpose the transformed binary vector F onto the subblock B: B: = B⊕F.
8. Form on the subkey W _{r the} control code V ₂ : V _2: = W _r .

9. Depending on the value of V _2, convert subunit A by performing a controlled two-place operation Q ^-1 over subunit A and subkey K _r : A: = Q $\genfrac{}{}{0ex}{}{\text{-1}}{\text{V2}}$ (A, K _r ).
10. If r <10, then increment r: = r + 1, rearrange subblocks A and B, and go to step 2.

 14. STOP.

Steps 6 and 9 are performed in parallel. The cryptogram block C is a concatenation of the converted subunits A and B: C = A | B. The cryptogram block is decrypted using the same algorithm, except that in step 2, the K _11-r subkey is used instead of the W _r subkey, and in step 8, the W _11-r subkey is used instead of K _r .

Example 3: encryption of a 64-bit data block T. Example 3 is illustrated in FIG. 2b, where Q and Q ^-1 are operation blocks with a 32-bit information input and a 32-bit control input that implement mutually inverse controlled double-seat operations. Encryption is as follows. Generate a secret key, presented in the form of the following set of n-bit round subkeys: K ₁ , K ₂ , ..., K ₁₀ and W ₁ , W ₂ , ..., W ₁₀ . Break the data block into two subunits A = T div 2 ³² and B = T mod 2 ³² . Encrypt the data block in accordance with the following algorithm.

 1. Set the counter for the number of rounds of encryption r: = 1.

2. Generate a control code V ₁ : V ₁ : = B from subunit B.

3. Depending on the value of V _1, convert subunit A by performing a controlled two-seat operation on subunit A and subkey K _r : A: = Q _V1 (A, K _r ).
4. Form the binary vector F: F: = A.

5. Generate a 32-bit subkey Z to control the subunit E performing the round encryption procedure in the prototype method: Z: = K _r ⊕W _r .
6. Using the round subkey Z, convert the binary vector F in accordance with the binary vector conversion procedures performed in the prototype method: F: = E (F, Z).

7. Using the bitwise summation operation modulo 2, superimpose the transformed binary vector F onto the subblock B: B: = B⊕F.
8. Generate a control code V ₂ : V ₂ : = B on sub-block B.

9. Depending on the value of V _2, convert subunit A by performing a controlled two-seater operation Q ^-1 over subunit A and connecting W _r : A: = Q $\genfrac{}{}{0ex}{}{\text{-1}}{\text{V2}}$ (A, W _r ).
10. If r <10, then increment r: = r + 1, rearrange subblocks A and B, and go to step 2.

 14. STOP.

The cryptogram block C is a concatenation of the converted subunits A and B: C = A | B. The cryptogram block is decrypted using the same algorithm, except that in step 3, the K _11-r subkey is used instead of the W _r subkey, and in step 9, the W _11-r subkey is used instead of K _r .

 Example 4: an implementation of inverse controlled double-seat operations. This example illustrates the possibility of implementing mutually inverse two-place operations using the same electronic circuit. The choice of the execution mode of the direct controlled two-place operation or the execution mode of the corresponding reverse controlled two-place operation is determined by some control bit i. This control bit can be used simultaneously to specify the order in which subkeys are used. For example, with i = 1 (encryption mode), a direct order of using subkeys and a direct controlled two-place operation are established, and for i = 0 (decryption mode), a reverse order of using subkeys and a reverse controlled two-place operation is established.

Operating units performing a reversible controlled two-seater operation can be constructed on the basis of reversible adders. Fig. 3a shows an example of constructing a reversible adder σ _i , and Fig. 3b shows an example of a reversible controlled two-seater operation implemented using an operation unit consisting of a set of reversible adders σ _i .
On figa used the following notation:
⊕ - element performing the summing operation modulo two over two input bits;
P _2/1 - an element that performs a permutation of two input bits with a value of i = 0; when i = 1, the input bits are transmitted to the output of this element without rearrangement;
& - logical element that performs the AND operation;
a and w are the bits of the operands A and W related to the corresponding bits;
g is the carry bit transmitted to the input of the reversible adder of the next bit;
u is the carry bit coming from the output of the reversible adder of the previous discharge.

On figb used the following notation:
σ _i is a reversible adder;
& - logical element that performs the AND operation;
and _h (h = 1, 2, ..., n) are the bits of the operand A = (a _n , ..., a ₂ , a ₁ );
w _h (h = 1, 2, ..., n) - bits of the operand W = (w _n , ..., w ₂ , w ₁ );
v _h (h = 1, 2, ..., n) - bits of the control code V = (v _n , ..., v ₂ , v ₁ ).

 The operation unit in Fig. 3b implements a direct controlled two-place operation for i = 0, and for i = 1 - the corresponding inverse controlled two-place operation, due to the fact that a reversible operation is performed on the bits of each bit and, in the corresponding bits, the direct and reverse operations are formed same carry bits.

 The above examples show that the proposed method of iterative block encryption of digital data is technically feasible and allows us to solve the problem.

 Thanks to its simple structure, modern microelectronic technology makes it easy to manufacture microelectronic encryption devices based on controlled operations. The inventive method can be implemented, for example, in specialized cryptographic microprocessors that provide an encryption speed of up to 1 Gbit / s, sufficient for real-time encryption of data transmitted via high-speed fiber-optic communication channels.

Claims (6)

 1. A method of block iterative encryption of digital data, including generating a secret key, dividing the data block into two subunits, and performing R≥2 rounds of encryption, which consist of generating a binary vector, converting the binary vector to control the secret key, and superimposing the converted binary vector using the summation operation to the second sub-block, characterized in that in each round a control code is generated and, using the first controlled operation, which depends on the value of the control code, pre Braz first sub-block, which is then converted via a second controllable operation dependent on the value of the control code, the binary vector formed by the first sub-block, transformed by a first controllable operation.  2. The method according to p. 1, characterized in that the control code is formed by a secret key.  3. The method according to p. 1, characterized in that the control code is generated by the secret key and by the value of the second subunit.  4. The method according to p. 1, characterized in that as the second controlled operation uses a managed two-seater operation, which is inverse to the first managed operation.  5. The method according to p. 1, characterized in that as the first and second controlled operations are used controlled permutations.  6. The method according to p. 1, characterized in that as the first and second controlled operations are used controlled double operations.

Images