RU2241314C2 - Controlled operating block - Google Patents

Abstract

FIELD: electrical communications and computer engineering.

SUBSTANCE: proposed operating block designed for use in cryptographic methods and devices for protecting information transferred over telecommunication networks functions to convert binary data and has s ≥ 2 active stages each incorporating k ≥ 2 controlled items provided with t-bit data input and output, as well as w-bit control input, where t = 2, 3 and w = 1, 2, w + t = 4 condition being fulfilled for one of controlled items; active stages have controlled items provided with two-bit control inputs; active stage incorporates controlled items provided with both three-bit and two-bit data inputs, and active stage includes controlled items provided with both two-bit and single-bit data inputs.

EFFECT: enhanced data processing speed using programmable logic arrays such as field-programmable gate arrays.

5 cl, 33 dwg

Description

The invention relates to the field of telecommunications and computer technology, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks.

In the aggregate of the features of the proposed method, the following terms are used:

- operating unit - an electronic circuit that performs some conversion of binary data blocks called binary vectors; the operation unit contains an information input to which the converted binary vectors X = (x ₁ , x ₂ , ..., x _n ) are supplied, and an output on which the converted binary vectors Y = (y ₁ , y ₂ , ... , y _n ); the transformation performed by the operating unit can be expressed analytically in the form Y = F (X);

- a binary vector is a sequence of zero and single bits, for example (0101101011); a binary vector can be associated with a numerical value, which is determined uniquely by the structure of the binary vector, if we assume that the position of each bit corresponds to a binary digit; the binary vector X will be denoted by large Latin letters, and the bits that are its components by small Latin letters, as follows X = (x ₁ , x ₂ , ..., x _n ).

- concatenation operation - the operation of combining binary vectors, as a result of which a new binary vector is formed, the length of which is equal to the sum of the lengths of the binary vectors over which the concatenation operation is performed; the concatenation operation will be denoted as follows: Z = (X, Y), where X and Y are the binary vectors over which the concatenation operation is performed; for example, for X = (x ₁ , x ₂ , ..., x _n ) and Y = (y ₁ , y ₂ , ..., y _k ) for Z = (X, Y) we have Z = (x ₁ , x ₂ , ..., x _n , y ₁ , y ₂ , ..., y _k );

- operand - convertible binary vector;

- Hamming weight - the number of unit bits contained in a binary vector;

- controlled operating unit - an operating unit unit containing an additional input, called a control input, to which a control binary vector V = (ν ₁ , ν ₂ , ..., ν _n ) is supplied, which defines a specific variant of the transformation function F; the dependence of F on V is denoted by an index, namely, in the form f _(V) ; the analytical record of the conversion performed by the managed operating unit has the form Y = F _(V) (X);

- a controlled element is a typical electronic node equipped with t-bit information input and output, w-bit control input, where t = 2, 3 and w = 1, 2, and used to build controlled operating units; the controlled element is a certain elementary controlled operating unit and is denoted as S _{t / w} , t and w are the number of bits of the information and control inputs, respectively;

- a controlled operation is an operation performed using a controlled operation unit, in particular, an operation performed on one operand under the control of a binary vector called a control binary vector and consisting in the formation of an output binary vector depending on the value of the operand and the value of the control binary vector; in the formulas, the controlled operation will be denoted by the notation F _(V) , where V is the control binary vector;

- modification of the controlled operation - the operation corresponding to the transformation of the operand with a fixed value of the control binary vector V = V ₀ ;

is an inverse controlled operation (with respect to some given controlled operation) is a controlled operation, all modifications of which F $\genfrac{}{}{0ex}{}{\text{-1}}{\text{(V)}}$ are inverse with respect to the corresponding modifications of the controlled operation F _(V) , i.e. for any given value of the control binary vector, the sequential execution of operations F _(V) and F $\genfrac{}{}{0ex}{}{\text{-1}}{\text{(V)}}$ over the binary vector X do not change the values of the latter, which analytically can be written in the form X: = F _(V) (F $\genfrac{}{}{0ex}{}{\text{-1}}{\text{(V)}}$ (X)) or X: = F $\genfrac{}{}{0ex}{}{\text{-1}}{\text{(V)}}$ (F _(V) (X)); a particular example of the implementation of mutually inverse controlled operations in the form of two mutually inverse controlled permutations is described in the patent of the Russian Federation No. 2140714;

- circuit resources - the number of active elements (for example, transistors or typical logic modules) that can be used to implement, for example, for hardware implementation of the encryption algorithm;

- circuitry implementation complexity - circuitry resources used to implement the corresponding electronic circuitry, for example, a managed operating unit.

Known managed adders, which are managed operating units that implement a controlled two-seat operation [Guts N.D., Moldovyan A.A., Moldovyan N.A. Flexible hardware-oriented ciphers based on managed adders // Information security issues. 2000. No1. S.8-15] and used to increase the strength of encryption. The disadvantage of managed adders is that their implementation requires significant circuitry resources. A more economical option for controlled operating units are controlled permutation units [Guts ND, Izotov BV, Moldovyan NA Controlled permutations with a symmetric structure in block ciphers // Issues of information security. 2000. No4. P.57-64], which implement a controlled permutation of bits of a transformed binary vector and are used in the construction of devices designed to encrypt binary information. The use of controlled operations provides an increase in the strength of data encryption using insignificant circuitry resources. However, the analog device implements a particular version of the controlled operation, which saves the Hamming weight of the operand, which limits the increase in the efficiency of the encryption conversion due to the use of the controlled operation.

The closest in technical essence to the claimed managed operating unit is a managed operating unit described in [Eremeev M.A., Moldovyan N.A. Synthesis of hardware-oriented controlled substitutions over large binary vectors // Issues of information security. 2001. No4. S.46-51] and built using typical controlled elements S _2/1 (see figa), containing a two-bit information input, two-bit output and single-bit control input. On Fig presents a private embodiment of a managed operating unit constructed using these managed elements. In this embodiment, the managed operating unit has an 8-bit information input, an 8-bit output, and a 12-bit control input. Conductors transmitting control signals are shown by a dashed line, and conductors transmitting information signals (i.e., bits of a converted binary vector) are shown by a solid line. Control elements form three active cascades, each of which consists of four controlled elements. The inputs of the upper (first) active cascade are the inputs of a managed operating unit. The outputs of the lower (last) active stage are the outputs of the managed operating unit. Each two consecutive active cascades are interconnected by means of fixed switching of the corresponding outputs of the previous active cascade with the corresponding inputs of the subsequent active cascade. When depicting fixed switching in the drawings and figures, fixed switching between adjacent active cascades is depicted directly by lines corresponding to the connecting conductors, or as a fixed switching node located between the corresponding active cascades. The control inputs of all managed elements make up the control input of the managed operating unit. In the general case, the prototype device is a controlled operating unit containing an n-bit information input, an m-bit control input and s≥ 2 consecutive active stages consisting of k = n / 2 included controlled elements, and the set of information inputs of controlled elements i nth active stage, where i = 1, 2, ..., s, form the n-bit information input of the ith active stage and the set of outputs of the controlled elements of the ith active stage form the n-bit output of the ith active stage. In addition, the n-bit information input of the first active stage and the n-bit output of the s-th active stage are, respectively, n-bit information input and the output of a controlled operation unit. Moreover, the set of control inputs of all active cascades is an m-bit control input of a managed operating unit, and each bit of the n-bit output of the j-th active stage, where j = 1, 2, ..., s-1, is connected to one bit n -digit information input of the (j + 1) th active cascade.

The prototype device provides a change in the Hamming weight during the conversion of the operand, however, when implemented in hardware using widespread programmable logic matrices such as FPGA, the potential inherent in this type of programmable devices is not used effectively. Logical matrix of type FPGA [Ugryumov EP Digital circuitry. - SPb, BHV - St. Petersburg, 2000 .-- 518 p. (see pages 391-412)] is a collection of a large number of typical logic modules, the main part of each of which are two logic cells with a four-bit input and a single-bit output. One logical cell allows you to implement an arbitrary Boolean function of four variables [EP Ugryumov Digital circuitry. - St. Petersburg, 2000. - S.402]. When implementing one managed element S _2/1 , containing a two-bit information input, two-bit output and a single-bit control input, one typical logic module is used. This is due to the fact that the transformation performed by the controlled element S _2/1 is defined by two Boolean functions of three variables, for the implementation of which it is necessary to use two typical logic cells contained in one typical logical module. However, one cell can implement an arbitrary Boolean function of four variables, i.e. one typical logic module can perform a much more complex transformation than the transformation specified by the controlled element S _2/1 , namely, the transformation described by two Boolean functions of four variables. Thus, the disadvantage of the prototype in the hardware implementation using logical programmable logic matrices of the FPGA type is the relatively low data processing speed due to the insufficiently efficient use of the resources of typical logical cells.

The basis of the invention is the task of developing a controlled operating unit, the implementation of which uses the potential of logic cells of typical logic modules of programmable logic matrices of the FPGA type more efficiently, which reduces the number of logical cells used for a given cryptographic resistance, which leads to an increase in the data processing speed.

The solution of this problem is achieved by the fact that in a controlled operating unit equipped with n-bit information input and output, where n≥ 4, m-bit control input, where m≥ 4, and containing s≥ 2 active stages, the i-th active stage , where i = 1,2, ..., s, contains k≥ 2 controlled elements, each of which is equipped with information and control inputs and outputs, the set of information inputs and outputs of the controlled elements of the i-th active stage and the set of their control inputs are , respectively, n-bit information ion input and output and control input of the i-th active stage, each bit of the n-bit output of the j-th active stage, where j = 1,2, ..., s-1, is connected to one of the bits of the n-bit information input (j + 1) -th active stage, and the n-bit information input of the first active stage, the n-bit output of the s-th active stage and the set of control inputs of all active stages are, respectively, an n-bit information input, n-bit output and m-bit control input of a managed operating unit, n According to the invention, at least one active cascade consists of controlled elements, each of which is equipped with t-bit information input and output, where t = 2,3, w-bit control input, where w = 1,2, moreover, for at least one controlled element, the condition w + t = 4 is fulfilled, and each bit of the control inputs of the controlled elements contained in the active stages is connected to one of the bits of the m-bit control input of the controlled operating unit.

Thanks to this solution, a fuller use of the potential of programmable logic matrices of the FPGA type is ensured, due to the fact that a controlled element with a two-bit input is implemented using two typical logic cells of programmable logic matrices of the FPGA type, each of which implements a Boolean function of four variables. The latter leads to a significant increase in the efficiency of the conversion carried out with the help of a managed element, and the effectiveness of a managed operating unit, built on the basis of such managed elements. This provides an increase in the efficiency of the managed operation as a cryptographic primitive, which allows to reduce the number of encryption rounds and thereby reduces the used circuitry resources in hardware implementation based on programmable logic matrices such as FPGA and increases the speed of data processing.

At least one of the active cascades contains g controlled elements equipped with a three-bit information input and output and a single-bit control input, where g is an odd natural number satisfying the condition 1≤ g &λτ; n / 3, with odd n and an even positive integer satisfying 1 ≤ g &λτ; n / 3, for even n &γτ; 6 and h of the controlled elements provided with a two-bit information input and output, with h = (n-3g) / 2.

Thanks to this, it is possible to build controlled operating units with a wide range of sizes for information and control inputs.

What is new is that n is a positive integer that is a multiple of three, and at least one of the active stages consists of n / 3 controlled elements equipped with a three-bit information input and output and a single-bit control input.

This ensures the uniformity of the structure of the managed operating unit when the number of bits of the information input of the managed operating unit is a multiple of three.

In addition, it is new that n is an even integer, and at least one of the active stages consists of n / 2 controlled elements equipped with a two-bit information input and output and a two-bit control input.

Also new is that n is an even positive integer, and at least one of the active stages consists of n / 2 controlled elements equipped with a two-bit information input and output and a w-bit control input, with at least one of the controlled elements is equipped with a two-digit control input.

The last two options of the proposed technical solution provide an increase in the number of various potentially possible modifications of the managed operation, which implements one of the mechanisms to increase the efficiency of the managed operation as a cryptographic primitive.

The inventive device is illustrated by drawings, which show:

figure 1 - General diagram of the claimed managed operational unit;

figure 2 - Types of managed elements and their designations;

figure 3 is a variant of the scheme of the managed operating unit S _10/18 ;

figure 4 is a variant of the scheme of the managed operating unit S _32/160 ;

figure 5 - Truth tables defining three variants of Boolean functions of three variables;

figure 6 - Transformation options carried out by the managed element described in example 4, with four different values of the control vector;

figure 7 - Transformation options carried out by the managed element described in example 5;

on Fig - Scheme of a managed operating unit S _32/160 ;

_figure 9 is a variant of the scheme of the managed operating unit S _64/448 ;

_figure 10 is a variant of the scheme of the managed operating unit S _64/180 ;

figure 11 is a variant of the circuit of the managed element S _3/1 ;

on Fig - Designation of managed elements, which are involutions, and the designation of two mutually inverse controlled operating units;

on Fig - a variant of the circuit of the controlled element S _{3/1 of the} General type;

on Fig - Option circuit managed element S $\genfrac{}{}{0ex}{}{\text{-<figure-callout id="3" label="l" filenames="00000006.png,00000018.png" state="{{state}}">l</figure-callout>}}{\text{3/1}}$ ;

on Fig - Option mutually inverse controlled operating units S _8/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/9}}$ ;

on Fig - A variant of the construction of mutually inverse controlled operating units S _32/72 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/72}}$ ;

on Fig - A variant of the construction of mutually inverse controlled operating units S _8/12 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8 / l2}}$ ;

in Fig.18 - A variant of the construction of mutually inverse controlled operating units S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192}}$ ;

in Fig.19 - A variant of the construction of mutually inverse controlled operating units S _96/544 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ ;

on Fig - A variant of the construction of mutually inverse controlled operating units S _9/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ ;

on Fig - A variant of the construction of mutually inverse controlled operating units S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ ;

on Fig - a variant of the algorithm of one-way conversion of a 192-bit data block;

on Fig - a variant of the structure of one round of encryption 128-bit cryptographic conversion algorithm;

on Fig - Prototype.

The generalized structure of the managed operational unit corresponding to the claimed invention is shown in FIG. 1, where x ₁ , x ₂ , ..., x _n are the bits of the transformed binary vector X supplied to the n-bit information input of the managed operational unit; y ₁ , y ₂ , ..., y _n are the bits of the output binary vector Y generated at the n-bit output of the managed operational unit; ν ₁ , ν ₂ , ... ν _m - bits of the control binary vector V = (ν ₁ , ν ₂ , .... ν _m ) supplied to the m-bit control input of the managed operating unit. In general, the controllable operating unit is s consecutive active cascades 1 ₁ , 1 ₂ , ..., 1 _s , interconnected using fixed switching nodes 2 ₁ , 2 ₂ , ..., 2 _s-1 , made in in the form of wiring conductors, each of which connects one of the outputs of one of the managed elements of the previous active stage with one of the information inputs of one of the managed elements of the subsequent active stage. In the general case, each active cascade contains controlled elements of three types S _2/1 , S _2/2 and S _3/1 , which are shown by rectangles with the general designation of the controlled element S _{t / w} . At the same time, in various active cascades these managed elements can be contained in various combinations. Depending on the parity of the number of bits of the information input n, the number of contained controlled elements of type S _3/1 g is even or odd, which ensures that the total number of bits of the inputs of all controlled elements corresponds to the number of bits of the information input of the active cascade and the managed operational unit as a whole. For odd n, the number g is odd, and g satisfies the condition 1≤ g &λτ; n / 3. For even n &γτ; 6, the number g is even, and g satisfies the condition 1 ≤ g <n / 3. If g≤ n / 3, then the active cascade contains h controllable elements of type S _{2 / w} , where w = 1, 2, and h = (n-3g) / 2. In the particular case, for an arbitrary even value of n, the active cascade can include only controlled elements of type S _2/2 , the number of which is n / 2. In another particular case, for an arbitrary value of n that is a multiple of three, the active cascade can include only controllable elements of type S _3/1 , the number of which is n / 3. There are also special cases corresponding to an arbitrary even value of n, in which the active cascade includes controllable elements of types S _2/1 and S _2/2 , the total number of which is n / 2.

The set of all information inputs of the managed elements of the first cascade form an n-bit information input of the managed operational unit, the set of all outputs of the managed elements of the last active stage form an n-bit output of the managed operational unit, and the set of all bits of the control inputs of the managed elements of all active cascades form an m-bit control input of a managed operating unit.

On figb shows a controlled element containing a two-bit information input, two-bit output and two-bit control input, denoted as S _2/2 . Moreover, in the figures, this controllable element is indicated by a rectangle on which the entry "S _2/2 " or "2/2" is given. The increase in the conversion efficiency carried out using the controlled element S _2/2 , implemented using two Boolean functions of four variables, is due to the fact that it implements four different modifications of the conversion operation of a two-bit input binary vector, while the controlled element S _2/1 implements only two modifications of a similar operation. The increase in case efficiency is associated with an increase in the number of modifications of operations implemented using a managed element.

On figv shows a controlled element containing a three-bit information input, three-bit output and a single-bit control input, denoted as S _3/1 , and in the figures - a rectangle with the entry "S _3/1 " or "3/1". The increase in the efficiency of the conversion carried out using the controlled element S _3/1 implemented using two Boolean functions of four variables is due to the fact that it implements two modifications of the conversion operation of a three-bit input binary vector, while the controlled element S _2/1 implements two modifications of the operation transformations over a two-bit input binary vector. The increase in efficiency in this case is associated with an increase in the size of the converted input binary vector.

In the general case, the controlled elements S _2/2 implement 4 different modifications of the controlled operation performed on a two-bit binary vector (x ₁ , x ₂ ), depending on the current value of the two-bit control binary vector (ν ₁ , ν ₂ ) (see Fig. 2b). Each bit of the output binary vector (y ₁ , y ₂ ) resulting from the conversion of the binary vector (x ₁ , x ₂ ) is a Boolean function of four variables x ₁ , x ₂ , ν ₁ and ν ₂ :, i.e. we have y ₁ = f ₁ (x ₁ , x ₂ , ν ₁ , ν ₂ ) and y ₂ = f ₂ (x ₁ , x ₂ , ν ₁ , ν ₂ ). In total, there are N _f = 2 ¹⁶ different Boolean functions of four variables. When implementing the inventive controlled operating units in electronic devices implemented using logical matrices of the FPGA type, an arbitrary Boolean function of four variables can be implemented using one logical cell. Since there are two logical cells in each typical logical module of an FPGA type logical matrix, using one typical logical module two arbitrary Boolean functions of four variables can be implemented. Thus, using one typical logic module of the FPGA matrix, it is possible to implement one controlled element S _{2/2 of} an arbitrary type. The number of different possible controlled elements S _2/2 is N _s = (N _f ) ² = 2 ³² , of which, when constructing controlled operating units for specific applications, variants of controlled elements S _2/2 with the desired properties can be selected.

Implementation options for the controlled elements S _2/1 using two Boolean functions of three variables are described in [Eremeev MA, Moldyanyan NA Synthesis of hardware-oriented controlled substitutions over long vectors // Issues of information security. 2001. No4. S.46-51].

In the general case, the controlled elements S _3/1 implement 2 different modifications of the controlled operation performed on a three-bit binary vector (x ₁ , x ₂ , x ₃ ), depending on the current value of the control bit v (see fig.2b). Each bit of the output binary vector (y ₁ , y ₂ , y ₃ ) resulting from the conversion of the binary vector (x ₁ , x ₂ , x ₃ ) is a Boolean function of four variables x ₁ , x ₂ , x ₃ , and ν, t .e. we have y ₁ = f ₁ (x ₁ , x ₂ , x ₃ , ν), y ₂ = f ₂ (x ₁ , x ₂ , x ₃ , ν) and y ₃ = f ₃ (x ₁ , x ₂ , x ₃ , ν). Using three typical logical modules of an FPGA logic matrix, six arbitrary Boolean functions of four variables can be implemented. Thus, using three typical logic modules of an FPGA matrix, two controllable elements S _{3/1 of} arbitrary type can be realized. In this case, the potential of logical cells is used to the maximum. The number of different possible controllable elements S _3/1 is N _s = (N _f ) ³ = 2 ⁴⁸ , of which, when constructing controllable operating units for specific applications, variants of controllable elements S _3/1 can be selected with properties that ensure high efficiency of controllable operating units.

The controlled operating unit will be denoted as S _{n / m} , where the first index indicates the width of the information input and output, and the second index, separated from the first by the separator “/” indicates the width of the control input. Figure 3 shows a particular embodiment of the construction of a controlled operating unit with a 10-bit information input, a 10-bit output and an 18-bit control input, constructed using 6 controlled elements S _2/2 and 6 controlled elements S _3/1 .

For given values of n and m, various types of controlled operating units can be developed that differ among themselves in the set of fixed switching nodes used. As the fixed switching nodes of the managed operating unit S _{n / m} , the fixed switching nodes of the managed operational blocks of the π _{n / m type} , constructed on the basis of the controlled elements S _2/1 and described in [Eremeev M.A., Moldovyan N. A. Synthesis of hardware-oriented controlled substitutions over long vectors // Issues of information security. 2001. No4. S.46-51], or fixed switching nodes used in controlled operating units of type P _{n / m} , composed using the recursive construction mechanism described in [Guts ND, Izotov BV, Moldovyan N.A . Controlled permutations with a symmetric structure in block ciphers // Issues of information security. 2000. No4. S.57-64]. For a given set of fixed switching nodes, various controlled operating units are constructed using different sets of controlled elements S _2/1 , S _2/2 and S _3/1 . Moreover, each type of controlled elements can be implemented in a large number of specific options, using Boolean functions of various kinds. In the general case, the number of different modifications of the controlled operation performed by the operation unit S _{n / m} is 2 ^m . The ratio between n and m is determined by the number of active cascades in the controlled operating unit and the ratio of controlled elements of the type S _{2 / z} , where z = 1, 2, and S _3/1 . Consider specific examples of building managed operating units S _{n / m} .

EXAMPLE 1. Controlled operation unit S _10/18.

This example is shown in Figure 3B and corresponds to the construction managed S _10/18 operating unit.

Example 2. Managed operating units of type S _32/160 .

This example is shown in figure 4 and corresponds to the structural diagram of the construction of a managed operating unit S _32/160 , which consists of five active cascades of the same type 1 ₁ , 1 ₂ , 1 ₃ , 1 ₄ , 1 ₅ and four fixed switching nodes 2 ₁ , 2 ₂ , 2 ₃ , 2 ₄ . Fixed switching nodes differ from each other and are designed in such a way as to ensure the influence of each input bit x ₁ , x ₂ , ..., x _n on each output bit y ₁ , y ₂ , ..., y _n . Using various types of controlled elements S _2/2 , it is possible to build different types of controlled operating units S _32/160 , while maintaining the structural diagram shown in figure 4. Below we consider variants of Boolean functions of four variables and examples of constructing controlled elements S _2/2 .

Example 3. Variants of Boolean functions of the type y = f (x ₁ , x ₂ , ν ₁ , ν ₂ ).

This example shows options for Boolean functions of four variables y = f (x ₁ , x ₂ , ν ₁ , ν ₂ ), which can be used to construct controlled elements. Variants of such functions defined using truth tables are shown in FIG. 5.

Example 4. The construction of the managed element S _2/2 .

, если

, для каждого из четырех возможных значений двоичного вектора (ν ₁, ν ₂). При использовании других пар булевых функций могут быть построены управляемые элементы S_2/2, которые не являются инволюциями, что при построении специальных типов управляемых операционных блоков предоставляет конструктивные преимущества, связанные с большим числом вариантов реализации управляемых элементов S_2/2. При решении большого числа задач построения управляемых операционных блоков, ориентированных на применение в алгоритмах криптографического преобразования, достаточным является использование управляемых элементов S_2/2, являющихся инволюциями, число конкретных вариантов которых является достаточно большим. Основным достоинством управляемых элементов, являющихся инволюциями, состоит в том, что с их использованием упрощается построение пар взаимно обратных управляемых операционных блоков.This example shows the option of constructing controlled elements S _2/2 , in which the first version of the function y = f (x ₁ , x ₂ , is used as the Boolean function y ₁ = f ₁ (x ₁ , x ₂ , ν ₁ , ν ₂ ) ν ₁ , ν ₂ ) from Example 3, and as the Boolean function y ₂ = f ₂ (x ₁ , x ₂ , ν ₁ , ν ₂ ) we use the second version of the function y = f (x ₁ , x ₂ , ν ₁ , ν ₂ ) from Example 3. Modifications of the controlled operation implemented by the controlled element S _2/2 for the values of the control binary vector equal to (ν ₁ , ν ₂ ) = (0, 0), (ν ₁ , ν ₂ ) = (0, 1), (ν ₁ , ν ₂ ) = (1, 0) and (ν ₁ , ν ₂ ) = (1, 1), are presented in the form of a functional diagram and in the form of anal Iticheski records in figures 6A, 6B, 6B and 6D, respectively. 6b and 6d, the bar above the variable in the analytical record denotes the logical negation operation performed on this variable. In the figures, the operation of logical negation is indicated by the sign "". All four modifications of the controlled operation implemented by the controlled element S _2/2 are involutions, i.e. define a transformation satisfying the condition

, if

, for each of the four possible values of the binary vector (ν ₁ , ν ₂ ). When using other pairs of Boolean functions, managed elements S _2/2 can be constructed that are not involutions, which, when constructing special types of controlled operating units, provides design advantages associated with a large number of options for implementing managed elements S _2/2 . When solving a large number of tasks of constructing controlled operating units oriented to the use of cryptographic conversion algorithms, it is sufficient to use controlled elements S _2/2 , which are involutions, the number of specific variants of which is quite large. The main advantage of managed elements, which are involutions, is that using them simplifies the construction of pairs of mutually inverse controlled operational blocks.

Example 5. The construction of the managed element S _2/2 .

This example shows a variant of constructing a controlled element S _2/2 , represented by four modifications of a controlled operation, which are described by truth tables and are illustrated by functional diagrams in Fig.7. Modifications implemented for the values of the control binary vector (ν ₁ , ν ₂ ) = (0, 0), (ν ₁ , ν ₂ ) = (0, 1), (ν ₁ , ν ₂ ) = (1, 0) and (ν ₁ , ν ₂ ) = (1, 1) are presented in figa, 7b, 7c and 7d, respectively.

Example 6. The construction of two mutually inverse controlled operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ using controlled elements S _{2/2 of} example 4.

A specific type of controlled operating unit S _32/160 can be obtained based on the block diagram shown in FIG. 4, in which the controlled elements described in example 4 are used as controlled elements S _2/2 . Due to the fact that in block S _{32 / 160} , corresponding to the considered example 6, using controlled elements that perform transformations that are involutions for any value of the control binary vector, it is easy to construct a controlled operational unit S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ shown in Fig. 8 and which is inverse with respect to block S _32/160 . Moreover, in block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ the same type of controlled elements is used as in block S _32/160 . In this case, the control bits corresponding to the i-th active stage, where i = 1, 2, ..., 5, of block S _32/160 , for all values of i correspond to the j-th active stage, where j = 6-i, of the block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ . The control binary vector V can be represented as a concatenation of the control binary vectors V ₁ , V ₂ , ..., V ₅ corresponding to the individual active cascades of the controlled operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ , namely in the form V = (V ₁ , V ₂ , V ₃ , V ₄ , V ₅ ). In this case, the control binary vector V _i controls the ith active cascade of block S _32/160 and the jth active cascade of block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160,}}$ where j = 6-i. In the general case, for a pair of mutually inverse controlled operating units S _{n / m} and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ including s active cascades, the control binary vector is represented as V = (V ₁ , V ₂ , ..., V _s ), where the control binary vector V _i controls the ith active cascade of the block S _{n / m} and the jth active cascade of block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ where j = s-i + 1. To block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ was the inverse of the block S _{n / m} , it is enough that the ith active stage of the block S _{n / m} , and the jth active stage of the block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ carried out mutually inverse transformations (this is the case, for example, when these active cascades are identical and all the controlled elements of which they consist are involutions), and fixed switching between the ith and (i + 1) -th active cascades of the block S _{n / m} was the inverse of the fixed switching between the (si) -th and (s-i + 1) -th active stages of block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ for values i = 1, 2, ..., s-1.

Example 7. The construction of managed operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ using the managed elements of example 5.

Another specific type of managed operational unit S _32/160 , based on the block diagram shown in figure 4, can be obtained using the managed elements S _2/2 described in example 5. All modifications of the managed operation specified by the managed element of example 5, are involutions, therefore, the corresponding inverse controlled operation block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ implemented using the structural diagram shown in Fig. 8 when using the controlled elements described in Example 5 as S _2/2 elements.

Example 8. Managed operating units S _64/448 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ .

Controlled operating units with 64-bit information input S _64/448 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ can be built in accordance with the structural diagrams shown in figa and 9b, respectively. Block S _64/448 (respectively S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ ) is built as a parallel connection of two blocks S _32/160 (respectively, two blocks S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ ), united in a single block by two active cascades, each of which consists of 32 controlled elements S _2/2 . Each controllable element of both active stages is connected to both S _{32/160 units} . Given the structure of blocks S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ , it is easy to establish that the structure of blocks S _64/448 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ corresponds to the General structural diagram of the construction of managed operating units S _{n / m} , presented in figure 3.

Example 9. The construction of managed operating units S _4/5 , S _4/6 , S _16/40 and S _64/180 .

On figa and fig.10b shows the construction of managed operating units S _4/6 and S _4/5 , in which the number of active stages is two, and the set of included managed elements corresponds to paragraph 5 of the claims. These operating units of a relatively small size can be used as typical nodes in the construction of controlled operating units of arbitrary size. An example of the use of blocks S _4/5 to build blocks S _16/40 shown in Fig.10B. Block S _16/40 consists of eight blocks S _4/5 located in two tiers, each of which consists of four blocks S _4/5 . Blocks S _{4/5 of the} lower tier are connected to the blocks of the upper tier according to the principle of “each with each”. An example of the use of blocks S _4/5 and S _16/40 for building blocks S _{64/180 is} shown in Fig. 10g, where the upper tier is represented by four blocks S _16/40 , and the lower one is represented by sixteen blocks S _4/5 . The latter are connected to the former according to the principle of “each with each”, which ensures the organic unity of block S _64/180 as a single whole.

Taking the block S _4/6 as the initial node instead of the block S _4/5 , using the similar structural schemes (see Fig.10b and 10d), it is possible to build operational blocks S _16/48 and S _64/228 . By combining various combinations of managed elements as part of active cascades of controlled operating blocks, it is possible to build S _{n / m} blocks with arbitrary size ratios of information and control inputs, which contributes to the selection of optimized solutions when building encryption devices based on the claimed technical solution.

Example 10. The construction of a managed element S _3/1 .

In Fig.11 shows a variant of the construction of the controlled element S _3/1 , presented by truth tables describing the dependence of the output bits from the input at zero value of the control bit v (Fig.11a) and at a single value of the control bit ν (Fig.11b). These two truth tables completely describe the three Boolean functions y ₁ = f ₁ (x ₁ , x ₂ , x ₃ , ν), y ₂ = f ₂ (x ₁ , x ₂ , x ₃ , ν) and y ₃ = f ₃ (x ₁ , x ₂ , x ₃ , ν), with the help of which three logical cells of the FPGA-matrix realize this variant of the controlled element S _3/1 . The schemes describing the transformations implemented by this variant of the controlled element S _3/1 , for ν = 0 (Fig. 11a) and for ν = 1 (Fig. 11b), show that the controlled element S _3/1 , corresponding to Example 10, is involution. In the schemes considered below, the controlled elements that are involutions will be denoted by the sign “°” used as the superscript: S ° _3/1 (Fig. 12a), S ° _2/1 (Fig. 11b), S ° _2/2 ( figv). Two mutually inverse controlled operating units having an n-bit information input and an m-bit control input, where n 2 and m 1, will be denoted as a pair S _{n / m} and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ (see Fig.11g). The following example shows the option of constructing two mutually inverse controlled elements S _3/1 and S $\genfrac{}{}{0ex}{}{\text{-<figure-callout id="3" label="l" filenames="00000006.png,00000018.png" state="{{state}}">l</figure-callout>}}{\text{3 / l}}$ .

Example 11. The construction of mutually inverse controlled elements S _3/1 and S $\genfrac{}{}{0ex}{}{\text{-<figure-callout id="3" label="l" filenames="00000006.png,00000018.png" state="{{state}}">l</figure-callout>}}{\text{3/1}}$ not involutions.

On Fig presents a variant of the construction of the controlled element S _3/1 , which is not an involution. This option is described by functional diagrams and truth tables corresponding to the zero (fig.13a) and single (fig.13b) value of the control bit ν, similarly to example 10. Using more general options for controlled elements allows you to choose those that have more pronounced propagation properties errors, which is preferable for some types of managed operating units, since this allows to reduce the number of rounds of cryptographic conversion and thereby reduce the circuitry complexity implementation and increase the performance of cryptographic transformation algorithms, for example, data hashing. When using such managed operating units for data encryption, it is necessary to implement the corresponding reverse managed operating units. To implement the latter, the corresponding inverse controlled elements S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ . On Fig presents an implementation option of the managed element S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ , which is inverse with respect to the controlled element S _3/1 shown in Fig.13.

Example 12. The construction of mutually inverse controlled operating units S _8/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/9}}$ .

This example is shown in FIG. 15, which shows a controllable operating unit S _8/9 (FIG. 15 a) constructed using controllable elements S ° _2/2 and S _3/1 , and a block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/9}}$ (figb), constructed using the controlled elements S ° _2/1 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ . As a typical controlled element S ° _2/1, you can use one of the controlled elements described in [Eremeev M.A., Moldovyan N.A. Synthesis of hardware-oriented controlled substitutions over long vectors // Issues of information security. 2001. No4. S. 46-51], and as a pair of mutually inverse controlled elements S _3/1 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ you can use a couple of managed items from example 11. Managed operating units S _8/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/9}}$ can serve as a typical node in the construction of larger managed operational blocks, for example, blocks S _32/72 and S shown in FIG. $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/72}}$ whose size is well suited for designing iterative block ciphers with 64-bit input. Depending on the technical tasks being solved, based on the controlled elements S ° _2/1 , S _3/1 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ of various types, it is possible to build a fairly wide variety of managed operating units, differing in their structure, size of the information and control input, as well as in their properties, which provides ample opportunities for designing effective cryptographic algorithms. The following example shows the construction of managed operating units S _8/12 , S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/12}}$ , S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192}}$ .

Example 13. The construction of a pair of mutually inverse controlled operating units S _8/12 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/12}}$ and pairs of blocks S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192}}$ .

An example of building a pair of mutually inverse blocks S _8/12 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/12}}$ shown in Fig.17, which shows a managed operating unit S _8/12 (Fig.17a), constructed using managed elements S ° _2/2 and S _3/1 (Fig.17b), and a managed operating unit S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/12}}$ (figb), constructed using controlled elements S ° _2/2 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ . As a typical controlled element S ° _2/2, you can use the controlled element described in example 5, and as a pair of mutually inverse controlled elements S _3/1 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ you can use a couple of managed items from example 11. Managed operating units S _8/12 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{8/12}}$ can serve as a typical node in the construction of larger managed operational blocks, for example, blocks S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192,}}$ shown in Fig. 18. Both blocks are S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192}}$ have the same structure, except that the switching of the bits of the control input of the individual active stages with the bits of the control input in blocks S _64/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/192}}$ characterized in that the components V ₁ , V ₂ , ..., V _{6 of the} control binary vector V = (V ₁ , V ₂ , ..., V ₆ ) control 1, 2, ..., 6 active cascades counted from top to bottom in block S _64/192 and from bottom to top in block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{164/192}}$ . This corresponds to the general switching circuit of the control inputs of individual active stages with a control input in a pair of mutually inverse controlled operating units S _{n / m} and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ (see example 6). Due to the symmetry of the structure of the block S _{n / m} , by changing only the switching of the control inputs of the active cascades with the control input of the managed operating unit, the latter is converted into a reverse controlled operating unit S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{n / m}}$ . Managed symmetric operating blocks provide the ability to simplify the construction of a pair of mutually inverse blocks, which is essential when designing block ciphers.

Example 14. The construction of a pair of mutually inverse controlled operating units S _96/544 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ .

A pair of mutually inverse blocks S _96/544 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ (Fig. 19) is constructed using operating blocks S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ and the controlled elements S ° _3/1 described in example 10. The controlled operational unit S _95/544 contains an internal module consisting of five active stages, which are structurally represented by three parallel blocks S _32/160 , and combined into a single controlled operational unit by the upper and the lower active cascade, each of which includes 32 controllable elements S ° _3/1 (figa). Corresponding return block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ contains an internal module consisting of five active cascades, which is structurally divided into three parallel blocks S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ . An additional two active stages, located above and below and including 32 controllable elements S ° _3/1 , combine blocks S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ into a single whole, namely in block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ due to the fact that each of the elements S ° _{3/1 is} connected to each of the blocks S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ . Due to the large size of the information input, the controlled operating units S _96/544 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{96/544}}$ make it easy to build high-speed and cost-effective data hashing algorithms with hardware implementation. Another option for managed operating blocks of interest for constructing hashing algorithms are blocks S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ , the advantage of which is that they have a control input that is exactly two times the size of the information input. This determines the possibility of using simple mechanisms for generating control binary vectors and the convenience of designing cryptographic conversion algorithms.

Example 15. The construction of a pair of mutually inverse controlled operating units S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ .

A pair of mutually inverse blocks S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ can be built using blocks S _9/9 (figa) and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ (Fig.20b) in accordance with the structural diagram shown in Fig.21. Each of blocks S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ structurally divided into two modules - upper and lower. The upper module consists of nine S _9/9 blocks connected in parallel, and the lower module consists of nine S blocks connected in parallel $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ . The upper and lower modules are interconnected according to the principle of "each with each" using switching, performing a permutation of bits, which is an involution, which ensures the symmetry of the structure of the block S _81/192 . This allows you to implement the corresponding reverse block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ by changing the switching of the control inputs of individual active cascades with the control input of a managed operating unit, while maintaining internal switching between the active cascades. When implementing blocks S _9/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ as a typical controlled element S ° _3/1 , the element S _3/1 described in Example 10 can be used.

Another embodiment of blocks S _9/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ is the use of the controlled element S _3/1 from example 11 as a typical element in the circuit shown in figa, and element S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{3/1}}$ from example 11 as a typical element in the circuit shown in Fig.20b. This variant of mutually inverse controlled operating units S _9/9 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{9/9}}$ can also be used in the construction of controlled operating units S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ in accordance with the structural diagram shown in Fig.21.

Consider the example of using S _{n / m} blocks when constructing a block one-way transform algorithm that can be used as part of data hashing algorithms and encryption algorithms.

Example 16. The use of managed operating units S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ when building a block algorithm for one-way conversion.

The structure of the algorithm for one-way conversion of a 192-bit data block is presented in the form of the circuit shown in Fig.22. The converted 192-bit data block is divided into two 81-bit subunits X ₁ and X ₂ , after which each of them is converted using the managed operating blocks S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ by performing two controlled operations on each of the subunits. The one-sided nature of the transformation is ensured by the fact that the transformation of the subunits when performing each of the operations is carried out jointly. Joint conversion of the subunits is ensured by the fact that the control binary vector used to control the operations performed is formed depending on both data subunits. The subunits X ₁ and X _{2 are} converted using the operating blocks S _81/192 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192}}$ respectively. These operating units are controlled by the binary vectors V = (X ₁ , X ₂ ) and V ′ = (X ₁ , X ₂ ), respectively. As a result of this conversion, intermediate data subblocks T ₁ = S _{81/192 (V)} (X ₁ ) and T ₂ = S are formed $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192 (V ′)}}$ (X ₂ ). After that, the subunits T ₁ and T _{2 are} converted in accordance with the following formulas Y ₁ = S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{81/192 (V ″)}}$ (T ₁ ) and Y ₂ = S _{81/192 (V ″)} (T ₂ ), where V ″ = (T ₂ , X ₁ ) and V ″ = (T ₁ , X ₂ ). The converted 192-bit data block is a concatenation of the subunits Y ₁ and Y ₂ , namely the block (Y ₁ , Y ₂ ). By the known output value, i.e. It is computationally difficult for the value of the transformed data block to restore the values of the control vectors that were used to select the modifications of the controlled operations when performing the transformation of the data block. This determines the computational complexity of computing such a data block that would be transformed by the algorithm considered in this example into a data block having a given value, i.e. the algorithm performs one-way conversion.

Consider examples of using S _{n / m} blocks when building encryption algorithms.

Example 17. The use of managed operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ when building a 64-bit block cipher.

In the well-known 12-round cipher SPECTR-H64 [N.D. Guts, B.V. Izotov, A.A. Moldovyan, N.A. Moldovyan. SPECTR-H64 High-Speed Encryption Algorithm // Information Technology Security. 2000. No4. P.37-50], based on controlled permutations of P _32/80 and P $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/80}}$ , the latter can be replaced by managed operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ , respectively. In this case, the necessary 160-bit control binary vectors corresponding to the controlled operational blocks S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ can be formed in accordance with the expressions V ^(s) = (V ^(p) ), V ^(p) ) and V ^(s) = (V ^(p) , V ^(p) ), where V ^(p) and V ^{( p)} - control binary vectors used to control blocks P _32/80 and P $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/80}}$ , respectively, and V ^(s) and V ^(s) are control binary vectors used to control blocks S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ respectively. Due to the higher efficiency of the managed operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ , the modified cipher is resistant to all known attacks when performing eight rounds of encryption. The hardware implementation of an improved 8-round cipher using FPGA type programmable logic arrays requires the use of approximately 1.5 times fewer typical FPGA matrix logic modules as compared to the 12-round SPECTR-H64 cipher, while the delay time for encrypting one data block decreases by 1.5 times, which leads to a significant increase in encryption speed.

For the practical construction of encryption devices, the most interesting are the managed operating units S _{n / m} with a value of n = 32 and 64 and a value of m = 160 and 448, respectively. In these cases, the control binary vector can be formed depending on one of the data sub-blocks, for example sub-block A, and connect K ₁ , K ₂ ... K _l , where l &γτ; 4 used when performing encryption procedures. For example, the formation of a control binary vector can be carried out by:

1) repetition of the data subblock: V = (A, A, ..., A) and

2) combining subkeys and data subunit: V = (K ₁ , A, K ₂ , ..., K _l , A).

Additionally, the control binary vector can be subjected to a fixed transformation, for example, an operation can be performed on it to cyclically shift the bits in the direction of the higher or lower digits.

Consider an example of building a 128-bit cipher based on the managed operating blocks S _64/448 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ described in example 8.

Example 18. Using the managed operating units S _32/160 and S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{32/160}}$ when building a 128-bit block cipher.

Example 18 is illustrated in FIG. The encryption of the 128-bit data block X is as follows. A secret key is generated, presented in the form of the following set of 64-bit round subkeys: K ₁ , K ₂ , ..., K ₆ ; Q ₁ , Q ₂ , ..., Q ₆ and U ₁ , U ₂ , ..., U ₆ . The converted 128-bit data block X is divided into two 64-bit subunits A and B and the conversion of subunits A and B is carried out in accordance with the following algorithm.

1. Set the counter for the number of encryption rounds r: = 1.

2. Generate a 448-bit control binary vector V ₁ : K ( _r , A, K _r , A, K _r , A, K _r ) using subkey K _r and subunit A.

3. Generate a 448-bit control binary vector V ₂ from the sub-block U _r and sub-block A: = (U _r , A, U _r , A, U _r , A, U _r ).

4. Generate a 448-bit binary control vector V ₁ : = (Q _r , A, Q _r , A, Q _r , A, Q _r ) using subkey Q _r and subunit A.

5. Convert subblock B by performing a controlled operation on it using a managed operating unit S _64/448 , depending on the value of the control code V ₁ : B: = S _{64/448 (v1)} (B).

6. Depending on the value of V _2, convert the round subkey To _r by performing a controlled operation on it, carried out using the controlled operating unit S _64/448 , depending on the value of the control code V ₂ :

7. Generate the binary vector F: F: = A.

8. Convert the binary vector F in accordance with the formula: F: = (F + K _r ) mod 2 ⁶⁴ .

9. Convert subblock B in accordance with the formula: B: = B⊕ F, where the sign “⊕” denotes the operation of bitwise summation modulo 2.

10. Convert subblock B by performing a controlled operation on it using a managed operational block S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448}}$ , depending on the value of the control code V ₁ : B: = S $\genfrac{}{}{0ex}{}{\text{-1}}{\text{64/448 (V1)}}$ (B).

11. If r &λτ; 6, then increment r: = r + 1, rearrange subblocks A and B, and go to step 2.

12. STOP.

The cryptogram block Y represents the concatenation of the transformed subunits A and B: Y = (A, B). The cryptogram block is decrypted using the same algorithm, except that in step 2, instead of subkey K _r , subkey Q _{7-r is used} , in step 3, instead of subkey U _r , subkey K _{7-r is used} , and in step 4 instead of the subkey Q _r , the subkey K _{7-r is used} . The concatenation operation in steps 2, 3 and 4 is performed almost without delay, since it is implemented using a simple connection of conductors, and steps 5 and 6 are performed in parallel, which provides high encryption speed of 128-bit data blocks. With a hardware implementation using programmable logic matrices such as FPGA, this algorithm provides an encryption speed of more than 2 Gbit / s with a low circuit complexity of implementation.

The above examples show that the inventive managed operating unit is technically feasible and allows you to solve the problem.

Due to the mass production of programmable logic matrices of the type FPGA, the claimed technical solution can be widely used in practice when creating inexpensive, productive cryptographic devices that are promising for use in high-speed telecommunication systems and computer networks.

Claims (5)

1. A controlled operational binary data conversion unit containing s consecutive active cascades, where s≥2, interconnected using fixed switching nodes, while the ith active cascade, where i = 1, 2, ..., s contains k ≥2 parallel-connected controlled elements, each of which is equipped with information and control inputs and outputs, while the n-bit information input of the first active stage, the n-bit output of the s-th active stage and m control inputs s of the active stages are, respectively, n-ra by an information input, an n-bit output and an m-bit control input of a controlled operating unit, each output of one of the controlled elements of the previous stage being connected to one of the information inputs of one of the controlled elements of the subsequent stage through a fixed switching unit, characterized in that, according to in at least one of s active cascades, each of the controlled elements is equipped with a t-bit information input and output, where t = 2,3, and a w-bit control input, where w = 1,2, and at least e, for one controlled element satisfies the condition w + t = 4, each discharge control inputs of controlled elements s active stages connected to one of radryadov m-bit control input of controlled operating unit. 2. The controlled operating unit according to claim 1, characterized in that at least one of the active stages contains g controlled elements equipped with a three-bit information input and output and a single-bit control input, where g is an odd natural number satisfying the condition 1≤ g <n / 3, with odd n and even natural number, satisfying the condition 1≤g <n / 3, with even n> 6 and h controllable elements equipped with two-digit information input and output, and h = (n-3g) / 2. 3. The controlled operating unit according to claim 1, characterized in that n is a positive integer that is a multiple of three, and at least one of the active stages consists of n / 3 controlled elements equipped with a three-bit information input and output and a single-bit control input . 4. The controlled operational unit according to claim 1, characterized in that n is an even natural number, and at least one of the active stages consists of n / 2 controlled elements equipped with a two-bit information input and output and a two-bit control input. 5. The controlled operational unit according to claim 1, characterized in that n is an even natural number, and at least one of the active stages consists of n / 2 controlled elements equipped with a two-bit information input and output and a w-bit control input and, at least one of the controlled elements is equipped with a two-digit control input.

Images