RU2518950C9 - Method of encrypting n-bit unit m - Google Patents

Abstract

FIELD: radio engineering, communication.

SUBSTANCE: method of encrypting an n-bit data unit M includes generating a secret key by generating subkeys Q and R and auxiliary subkeys in form of mutually simple multi-bit binary numbers m₁ and m₂, generating an auxiliary n-bit data unit T, generating an n-bit auxiliary cryptogram C_M by performing a block encryption operation E over the M depending on Q using the formula C_M=E_Q(M), generating n-bit auxiliary cryptograms C_T by performing a block encryption operation E over T depending on R using the formula C_T=E_R(T), generating a cryptogram C in form of a solution of a system of two identities C≡C_Mmodm₁ and C≡C_Tmodm₂ with unknown C. In a particular version of the method, m₁ and m₂ are prime numbers.

EFFECT: high level of security of information encrypted using said method.

2 cl

Description

The invention relates to the field of telecommunications and computer technology, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks by encrypting messages (information) (An interpretation of the terms used in the description is given in Appendix 1).

There are known methods of encrypting electronic messages presented in digital form, namely, in the form of binary data, performed using a secret key, for example, a method implemented in the form of a block encryption algorithm RC5 [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc., New York, 1996, 758 p .; see p. 344-346]. The method includes generating a secret key in the form of a set of subkeys, splitting the n-bit binary information block into n / 2-bit information subblocks A and B, and alternately converting these subblocks. The subunits are transformed by sequentially performing linear and nonlinear operations on them, using the summation modulo 2 ^m , where m = n / 2 = 8, 16, 32, 64, bitwise summation modulo 2 and a cyclic shift to the left, and the number the bit by which the converted subblock is shifted depends on the value of the other subblock. The latter property is characteristic of the RC5 method and determines the dependence of the cyclic shift operation at the current step of converting a subunit on the initial value of the input data block. The information subblock, for example subblock B, is transformed by superimposing subblock A onto subblock B using the bitwise summing operation modulo 2 B: = B⊕A. After that, the operation of cyclic left shift by the number of bits equal to the value of subunit A is performed on subblock B: B: = B <<< A. Then, over the subblock B and one of the subkeys K, the summation operation is performed modulo 2 ^m , where m is the length of the subblock in bits: B: = (B + K) mod2 ^m . After that, subunit A is similarly converted. Depending on the size of the key, several such iterations of the conversion of both subunits are performed. This method provides a fairly high encryption speed in software implementation. The disadvantage of the RC5 encryption method is its low resistance to differential and linear types of cryptanalysis [Kaliski BS, Yin YL On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm // Advances in Cryptology - CRYPTO 95. Proceedings. Springer-Verlag, 1995. P.171-184].

A known method of encryption of n-bit data blocks [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc., New York, 1996, 758 p; see p.193-194] by generating the secret key K, splitting the message M into n-bit data blocks M ₁ , M ₂ , ..., M _k , where k is the number of blocks in the message; n≥64 bits, and subsequent encryption of the data blocks M ₁ , M ₂ , ..., M _k , and the encryption process is performed in the following way. The block M _{1 is} encrypted with the secret key, obtaining the cryptogram block C ₁ , then, starting from the value i = 2 and up to the value i = k, the cryptogram block C _i-1 and the block M _i obtained by summing are summed using bitwise summation operation , the data block is encrypted with a secret key, resulting in the current cryptogram block C _i . The set of blocks of the cryptogram C ₁ , C ₂ , ..., C _k is a cryptogram containing the message M in hidden form. Removing the message M from the cryptogram is practically possible only using the secret key used in encryption, due to which the information contained in the message M is protected when it is transmitted over open communication channels. This method provides an improvement in the statistical properties of the cryptogram, however, it has the disadvantage that the ability to independently decrypt individual blocks of the cryptogram is lost.

A close analogue to the claimed method of encrypting an n-bit block of binary data M is the method described in patent No. 2459275 [Moldovyan A.A., Moldovyan N.A. A method for block encrypting message M in binary form. Patent No. 2459275. Publ. 08/20/2012].

The closest in technical essence to the claimed method of encrypting an n-bit block of binary data M is a particular embodiment of the method according to patent No. 2459275, shown in example 1 of the description of this patent. In the specified private method, the encryption of the 64-bit data block M _{i is} carried out by performing the following sequence of actions:

1. Generate a secret key by generating the subkeys K, Q (Q ≠ K) and R (R ≠ K; R ≠ Q), where Q and R are 64-bit subkeys; K is a 128-bit subkey.

2. Form an auxiliary 64-bit data block T _i .

3. A 64-bit data block M _{i is} encrypted using the block encryption procedure E over sub Q, resulting in a data block E _Q (M _i ), which is an auxiliary cryptogram C _M , i.e. at this step, the formation of a 64-bit auxiliary cryptogram C _M = E _Q (M _i ) is carried out.

4. The auxiliary 64-bit data block T _{i is} encrypted using the block encryption procedure E over the subkey R, as a result of which the data block E _R (T _i ) is obtained, which is an auxiliary cryptogram C _T , i.e. at this step, the formation of a 64-bit auxiliary cryptogram C _T = E _R (T _i ) is carried out.

5. A 128-bit data block B _{i is formed} by combining auxiliary cryptograms C _M and C _T (that is, by combining the converted 64-bit blocks M _i and T _i ) into a single 128-bit data block B _i = C _M | | C _T = E _Q (M _i ) || E _R (T _i ).

6. The 128-bit data block B _{i is} encrypted using the block encryption procedure F on sub-K:

C _i = F _K (B _i ) = F _K (E _Q (M _i ) || E _R (T _i )).

Thus, the prototype method includes generating a secret key, including plug Q and R, generating an auxiliary n-bit block of binary data T, generating an n-bit auxiliary cryptogram C _M by performing block ciphering operations E on M depending on Q according to the formula C _M = E _Q (M), the formation of an n-bit auxiliary cryptogram C _T by performing block ciphering operations E on T depending on R according to the formula C _T = E _R (T), the formation of cryptogram C depending on the secret key and auxiliary cryptograms C _M and C _T.

The prototype method allows you to protect information using the mechanism of fraudulent traps, which consists in the fact that the potential attacker is substituted with a part of the secret key, including subkey R, as the decryption key, and n-bit is used as an auxiliary n-bit block of binary data T dummy message block. The cryptogram block C is decrypted by converting it with an additional key, resulting in an intermediate 2n-bit cryptogram C *, which is a concatenation of two n-bit auxiliary cryptograms C _M and C _T : C * = C _M || C _T. The auxiliary cryptograms C _M and C _T comprise the right and left halves of the intermediate 2n-bit cryptogram C *. Using subkey R, the right n-bit auxiliary cryptogram C _T is decrypted by performing the block transform operation D inverse to the block encryption operation E, i.e. by the formula T = D _R (C _T ). A similar decryption procedure is performed using the subkey K and the left n-bit string C _{M of the} intermediate 2n-bit cryptogram C * = C _M || C _T. The disadvantage of the prototype method is that the various parts of the intermediate 2n-bit cryptogram C * are used when restoring the data block M and the fictitious message block T. This unmasks the fact that the cryptogram block C contains the data block M, which reduces the level of security of the information encrypted using the method prototype.

The objective of the claimed new technical solution is to develop a method of encrypting a data block M, presented in the form of an n-bit string, which provides increased information security by improving the masking efficiency of the presence of an n-bit data block M in the cryptogram block C. The masking efficiency is improved by of the fact that during the decryption procedure, the conversion of the 2n-bit cryptogram C directly to the n-bit auxiliary cryptogram, depending on t of the key used in the conversion of the 2n-bit cryptogram C, and the use of all bits of the auxiliary cryptogram when performing recovery procedures for both the n-bit data block M and the auxiliary n-bit string T.

The technical result of a new method for encrypting an n-bit data block M is to increase the level of security of information encrypted with its use.

The indicated technical result is achieved by the fact that in the method of encrypting an n-bit data block M, which consists in generating a secret key by generating Q and R subkeys, forming an auxiliary n-bit data block T, forming an n-bit auxiliary cryptogram C _M by executing on M block encryption operations E depending on Q using the formula C _M = E _Q (M), generating an n-bit auxiliary cryptogram C _T by performing block T encryption operations E depending on R using the formula C _T = E _R (T), shaping to cryptograms C, depending on the secret key and auxiliary cryptograms C _M and C _T , in addition, when generating the secret key, auxiliary sub-keys are additionally generated in the form of mutually simple multi-bit binary numbers m ₁ and m ₂ , and cryptogram C is formed as a solution to the system of two comparisons С≡C _M modm ₁ and С≡C _T modm ₂ with unknown С.

Also new is that at least one of the multi-bit binary numbers m ₁ and m ₂ is prime.

The use of primes as modules of the comparison system simplifies the procedure for generating the secret key, since the need to execute the Euclidean algorithm to verify the mutual simplicity conditions of the MDC m ₁ and m _{2 is} eliminated.

Thanks to this new set of essential features, by generating n-bit auxiliary cryptograms C _M and C _T, it is _possible to use all bits of the auxiliary cryptogram when decrypting both the data block M and the auxiliary n-bit data block T, which can be used as An n-bit block of some dummy message. This provides an effective masking of the presence of an n-bit data block M in the block of cryptogram C when it is decrypted by cryptogram C by a potential intruder using Q and m ₂ subkeys, since the decryption procedure is performed using the same formula both when decrypting the M data block and decrypting the fictitious message block T.

The correctness of the claimed method of encrypting an n-bit block of binary data M is that, according to the cryptogram C, an n-bit block of binary data M can be restored using subkeys Q and m ₁ according to the formula M = D _Q (Cmodm ₁ ), where D is the operation block decryption, the inverse of the operation of block encryption E, and an auxiliary n-bit data block T on the subkeys R and m ₂ according to the formula T = D _R (Cmodm ₂ ).

Indeed, when performing the decryption procedure for the subkeys Q and m _1, we have

$$\begin{array}{l}C\mathrm{mod}{m}_{\mathrm{one}}=C_M\Rightarrow \\ \Rightarrow D{}_Q(_C^{\mathrm{mod}}{}_{m_{\mathrm{one}}}{}^{)}=D_Q(C_M)=D_Q(E_Q(M))=E_Q^{-\mathrm{one}}(E_Q(M))=M,\end{array}$$

and when performing the decryption procedure for the R and m ₂ subkeys, we have

$$\begin{array}{l}C\mathrm{mod}{m}_2=C_T\Rightarrow \\ \Rightarrow D{}_R(_C^{\mathrm{mod}}{}_{m_2}{}^{)}=D_R(C_T)=D_R(E_R(T))=E_R^{-\mathrm{one}}(E_R(T))=T.\end{array}$$

Further, the feasibility and correctness of the claimed method for encrypting an n-bit block of binary data M is illustrated by particular examples of its implementation.

Example 1. Encryption of a 64-bit block of binary data M (n = 64). The secret key is formed in the form of subkeys Q, R, m ₁ and m ₂ , and subkey Q is formed as a 128-bit string, which is a concatenation of two odd 64-bit binary numbers q ₁ and q ₂ , i.e. Q = q ₁ || q ₂ , where the sign || denotes a concatenation operation, subkey R is formed as a 128-bit string representing the concatenation of two odd 64-bit binary numbers r ₁ and r ₂ , i.e. R = r ₁ || r ₂ , plug m ₁ and m ₂ form in the form of two random 65-bit binary numbers that satisfy the condition of mutual simplicity, i.e. their greatest common factor is one. Then, an auxiliary 64-bit data block T and a 64-bit auxiliary cryptogram C _{M are formed} by performing block ciphering E on the data block M depending on the subkey Q = q ₁ || q ₂ according to the formula C _M = E _Q (M), where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _M ← M, where the sign ← denotes the assignment operation.

2. Generate a 64-bit string C _M in the form of MDC calculated by the formula C _M ← (q ₁ (C _M ⊕q ₂ ) mod2 ⁶⁴ ) ^{<29 <} , where (...) ^{<29 <} denotes the operation of cyclic shift of the bit string ( ...) 29 bits to the left; the sign ⊕ denotes the operation of bitwise summation modulo 2.

3. Convert a 64-bit string C _M according to the formula C _M ← (q ₂ (C _M ⊕q ₁ ) mod2 ⁶⁴ ) ^{<17 <} , where (...) ^{<17 <} denotes the operation of cyclic shift of the bit string (...) by 17 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q performed on the 64-bit block of binary data M.

Then a 64-bit auxiliary cryptogram C _{T is formed} by performing block ciphering operation E on the auxiliary 64-bit binary data block T depending on the subkey R = r ₁ || r ₂ no formula C _T = E _R (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _T ← Т.

2. Generate a 64-bit string C _T in the form of MDC calculated by the formula C _T ← (r ₁ (C _T ⊕r ₂ ) mod2 ⁶⁴ ) ^{<29 <} .

3. Convert a 64-bit string C _T according to the formula C _T ← (r ₂ (C _T ⊕r ₁ ) mod2 ⁶⁴ ) ^{<17 <} .

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _T as the output value of the block encryption operation E _R performed on the auxiliary 64-bit data block T.

After the formation of auxiliary cryptograms C _M and C _T , considering them as 64-bit MDCs, cryptogram C is formed in the form of a solution of the following system of two linear comparisons with an unknown value of C:

. $$\{\begin{array}{l}C\equiv C_M\mathrm{mod}{m}_{\mathrm{one}}\\ C\equiv C_T\mathrm{mod}{m}_2\end{array}$$

.

Since m ₁ and m ₂ are 65-bit coprime numbers, then m ₁ > C _M ; m ₂ > C _T and, in accordance with the Chinese remainder theorem, this system has a unique solution C <m ₁ m ₂ . This decision is taken as a cryptogram C and is calculated by the following formula [N. Moldovyan Theoretical minimum and digital signature algorithms. SPb., BHV-Petersburg, 2010 .-- 304 p .; see p. 15-16]:

. $$C=(C_M{m}_2(m_2^{-\mathrm{one}}\mathrm{mod}{m}_{\mathrm{one}})+C_T{m}_{\mathrm{one}}(m_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}{m}_2))\mathrm{mod}{m}_{\mathrm{one}}{m}_2$$

.

, $$q_2^{-1}$$

, $$r_1^{-1}$$

, $$r_2^{-1}$$

, а операция блочного расшифрования D_Q(C_M), обратная операции блочного шифрования E_Q(M), реализуется следующей процедурой преобразования:The proof of the correctness of this particular embodiment of the claimed method for encrypting an n-bit block of binary data M is proved similarly to the general proof of the correctness of the claimed method described above, given that for odd MDCs q ₁ , q ₂ , r ₁ , r ₂ modulo 2 ⁶⁴ exist and the corresponding inverse values are easily calculated using the extended Euclidean algorithm $$q_{\mathrm{one}}^{-\mathrm{one}}$$

, $$q_2^{-\mathrm{one}}$$

, $$r_{\mathrm{one}}^{-\mathrm{one}}$$

, $$r_2^{-\mathrm{one}}$$

and the operation of block decryption D _Q (C _M ), the inverse of the operation of block encryption E _Q (M), is implemented by the following conversion procedure:

1. Set the value of the counter i ← 0 and the variable M ← C _M.

и M←M⊕q₁⊕, где (…)^>17> обозначает операцию циклического сдвига битовой строки (…) на 17 бит вправо.2. Convert a 64-bit string M, performing sequential calculations according to the formulas M ← M ^>17> , $$M\leftarrow M{q}_2^{-\mathrm{one}}\mathrm{mod}{2}^{64}$$

and M ← M⊕q ₁ ⊕, where (...) ^>17> denotes the operation of cyclic shift of the bit string (...) by 17 bits to the right.

и M←M⊕q₂, где (...)^>29>обозначает операцию циклического сдвига битовой строки (...) на 29 бит вправо.3. Convert a 64-bit string M, performing sequential calculations according to the formulas M ← M ^>29> , $$\text{M}\leftarrow {\text{Mq}}_{\text{one}}^{-\text{one}}{\text{mod2}}^{\text{64}}$$

and M ← M⊕q ₂ , where (...) ^>29> denotes the operation of cyclic shift of the bit string (...) by 29 bits to the right.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value of M as the output value of the operation D _Q performed on the 64-bit auxiliary cryptogram C _M.

Similarly, the procedure for implementing the block decryption operation D _R (C _T ), the inverse of the block encryption operation E _R (T), is recorded.

The considered private implementation of the claimed method can be used to jointly encrypt two Messages and Text messages, each of which, for example, has a size of 64 Kb. Message Message is divided into 64-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 1000. The Text message is divided into 64-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for the values i = 1, 2, ..., 1000, the pairs of data blocks (M _i , T _i ) are jointly encrypted in accordance with the described implementation example of the claimed method, resulting in ciphertext in the form of a sequence of 128-bit cryptograms (C ₁ || C ₂ ) _i , i = 1, 2, ..., 1000.

Example 2. Encryption of a 128-bit block of binary data M (n = 128). The secret key is formed in the form of subkeys Q, R, m ₁ and m ₂ , and subkey Q is formed in the form of a 256-bit string, which is a concatenation of two odd 128-bit binary numbers q ₁ and q ₂ , i.e. Q = q ₁ || q ₂ , where the sign || denotes a concatenation operation, subkey R is formed as a 256-bit string representing the concatenation of two odd 64-bit binary numbers r ₁ and r ₂ , i.e. R = r ₁ || r ₂ , plug m ₁ and m ₂ form in the form of two random simple 129-bit binary numbers satisfying the condition m ₁ ≠ m ₂ (due to the last condition, m ₁ and m ₂ are coprime MDCs). Then, an auxiliary 128-bit data block T and a 128-bit auxiliary cryptogram C _{M are formed} by performing block encryption operation E on the data block M depending on the subkey Q = q ₁ || q ₂ according to the formula C _M = E _Q (M), where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _M ← M, where the sign ← denotes the assignment operation.

2. Generate a 128-bit string C _M in the form of MDC calculated by the formula C _M ← (q ₁ (C _M ⊕q ₂ ) mod2 ¹²⁸ ) ^{<80 <} , where (...) ^{<80 <} denotes the operation of cyclic shift of the bit string ( ...) 80 bits to the left.

3. Convert a 128-bit string C _M according to the formula C _M ← (q ₂ (C _M ⊕q ₁ ) mod2 ¹²⁸ ) ^{<40 <} , where (...) ^{<40 <} denotes the operation of cyclic shift of the bit string (...) by 40 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <20, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q performed on the 128-bit binary data block M.

Then, a 128-bit auxiliary cryptogram C _{T is formed} by performing block encryption operation E on the auxiliary 128-bit binary data block T, depending on the subkey R = r ₁ || r ₂ according to the formula C _T = E _R (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _T ← Т.

2. Generate a 128-bit string C _T in the form of MDC calculated by the formula C _T ← (r ₁ (C _T ⊕r ₂ ) mod2 ¹²⁸ ) ^{<80 <} .

3. Convert a 128-bit string C _T according to the formula C _T ← (r ₂ (C _T ⊕r ₁ ) mod2 ¹²⁸ ) ^{<40 <} .

4. Increase the value of counter i: i ← i + 1. If i <20, then go to step 2, otherwise, take the current value C _T as the output value of the block encryption operation E _R performed on the auxiliary 128-bit data block T.

After the formation of auxiliary cryptograms C _M and C _T , considering them as 64-bit MDCs, cryptogram C is formed in the form of a solution of the following system of two linear comparisons with an unknown value of C:

$$\{\begin{array}{l}C\equiv C_M\mathrm{mod}{m}_{\mathrm{one}}\\ C\equiv C_T\mathrm{mod}{m}_2\end{array}$$

Since m ₁ and m ₂ (m ₂ ≠ m ₁ ) are 129-bit primes, then m ₁ > C _M , m ₂ > C _T and, in accordance with the Chinese remainder theorem, this system has a unique solution C <m ₁ m ₂ . This decision is taken as a cryptogram C and is calculated by the following formula

$$C=(C_M{m}_2(m_2^{-\mathrm{one}}\mathrm{mod}{m}_{\mathrm{one}})+C_T{m}_{\mathrm{one}}(m_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}{m}_2))\mathrm{mod}{m}_{\mathrm{one}}{m}_2$$

, $$q_2^{-1}$$

, $$r_1^{-1}$$

, $$r_2^{-1}$$

, а операция блочного расшифрования D_Q(C_M), обратная операции блочного шифрования E_Q(M), реализуется следующей процедурой преобразования:The proof of the correctness of this particular embodiment of the claimed method of encrypting an n-bit block of binary data M is proved similarly to the general proof of the correctness of the claimed method described above, given that for odd MDCs q ₁ , q ₂ , r ₁ , r ₂ modulo 2 ¹²⁸ exist and the corresponding inverse values are easily calculated using the extended Euclidean algorithm $$q_{\mathrm{one}}^{-\mathrm{one}}$$

, $$q_2^{-\mathrm{one}}$$

, $$r_{\mathrm{one}}^{-\mathrm{one}}$$

, $$r_2^{-\mathrm{one}}$$

and the operation of block decryption D _Q (C _M ), the inverse of the operation of block encryption E _Q (M), is implemented by the following conversion procedure:

1. Set the value of the counter i ← 0 and the variable M ← C _M.

и М←M⊕q₁⊕, где (…)^>40> обозначает операцию циклического сдвига битовой строки (…) на 40 бит вправо.2. Convert a 128-bit string M, performing sequential calculations using the formulas M ← M ^{<40 <} , $$M\leftarrow M{q}_2^{-\mathrm{one}}\mathrm{mod}{2}^{128}$$

and M ← M⊕q ₁ ⊕, where (...) ^>40> denotes the operation of cyclic shift of the bit string (...) by 40 bits to the right.

и M←M⊕q₂, где (…)^>80> обозначает операцию циклического сдвига битовой строки (…) на 80 бит вправо.3. Convert a 128-bit string M, performing sequential calculations according to the formulas M ← M ^>80> , $$M\leftarrow M{q}_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}{2}^{128}$$

and M ← M⊕q ₂ , where (...) ^>80> denotes the operation of cyclic shift of the bit string (...) by 80 bits to the right.

4. Increase the value of counter i: i ← i + 1. If i <20, then go to step 2, otherwise, take the current value of M as the output value of the operation D _Q performed on the 64-bit auxiliary cryptogram C _M.

The considered private implementation of the claimed method can be used to jointly encrypt two Messages and Text messages, each of which, for example, has a size of 128 KB. Message Message is divided into 128-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 8000. The Text message is split into 128-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for values i = 1, 2, ..., 8000, pairs of data blocks (M _i , T _i ) are jointly encrypted in accordance with the described implementation example of the claimed method, resulting in ciphertext in the form of a sequence of 256-bit cryptograms (C ₁ || C ₂ ) _i , i = 1, 2, ..., 8000.

The above examples show that the claimed method of encryption of a data block M, presented as an n-bit string, functions correctly, is technically feasible and allows us to solve the problem.

The inventive method of encrypting a data block M, represented as an n-bit string, can be used to develop means of comprehensive protection of information from unauthorized access, providing additional information security by imposing false messages to potential attackers. This method can also be used for secure broadcast messages with control of access to messages from the recipients while ensuring the identity of the decryption of the same cryptogram. Such means of secure broadcasting of messages solve the problem of untraceability of the schedule when transmitting information via telecommunication channels.

Annex 1

Interpretation of the terms used in the description of the application

1. Binary digital electromagnetic signal - a sequence of bits in the form of zeros and ones.

2. Parameters of a binary digital electromagnetic signal: bit depth and order of single and zero bits.

3. The bit depth of a binary digital electromagnetic signal is the total number of its single and zero bits, for example, the number 10011 is 5-bit.

4. Bit string (BS) - a binary digital electromagnetic signal, presented in the form of a finite sequence of digits "0" and "1".

5. Secret key - a binary digital electromagnetic signal used to generate a signature for a given electronic document. The secret key is represented, for example, in binary form as a sequence of digits "0" and "1".

6. A multi-bit binary number (MDC) is a binary digital electromagnetic signal, interpreted as a binary number and represented as a sequence of digits "0" and "1", ie as a bit string.

7. Comparable in absolute value of a certain number m are called the numbers whose difference is divided by the number m without remainder or, which is the same, the numbers, when divided by the number m, equal residues are obtained. The comparability of the two MDCs a and b modulo m is denoted as a≡bmodm or a≡b (modm), and also as equality modulo, i.e. a = bmodm or a = b (modm).

8. The operation of multiplying two MDC modulo m is performed as a normal algebraic multiplication of MDC followed by taking the remainder of dividing the result by module m.

9. The operation of adding two MDC modulo m is performed as the usual algebraic addition of MDC followed by taking the remainder of dividing the result by module m.

10. For each MDC a, which is coprime to the module m, there can be associated a single element a ^-1 , called the inverse element with respect to this element, such that the product a ^-1 a (and hence aa ^-1 ) is comparable to unit modulo m. To calculate the inverse values of a ^-1 modulo m, we use the extended Euclidean algorithm described in detail in the book [N. Moldovyan Moldovyan A.A. Introduction to public key cryptosystems. SPb., BHV - Petersburg, 2005 .-- 288 p .; see p. 78-79].

11. The operation of dividing the MDC a by the MDC b modulo m is performed as the operation of multiplying the modulo m of the MDC a by the MDC b ^-1 , which is the inverse of the MDC b modulo m.

12. The operations of addition and multiplication modulo m are associative and commutative, and the operation of multiplication modulo m with respect to multiplication modulo m is distributive.

13. A system of two linear equations modulo m with two unknowns has a unique solution if the condition of mutual simplicity of the coefficients and the module m and the condition of mutual simplicity of the main determinant of the system and the module m are satisfied.

Claims (2)

1. A method of encrypting an n-bit data block M, which consists in generating a secret key by generating Q and R subkeys, generating an auxiliary n-bit data block T, forming an n-bit auxiliary cryptogram C _M by performing block encryption operation E on M depending from Q according to the formula C _M = E _Q (M), the formation of an n-bit auxiliary cryptogram C _T by performing block ciphering operations E on T depending on R by the formula C _T = E _R (t), the formation of cryptogram C depending on secret key and pop ogatelnyh cryptograms C _M and C _T, characterized in that when forming a secret key further comprises generating the auxiliary plug as coprime multibit binary numbers m ₁ and m _2, and the ciphertext C is formed as a system of two solutions S≡C comparisons ₁ and _M modm С≡C _T modm ₂ with unknown С. 2. The method according to claim 1, characterized in that at least one of the multi-bit binary numbers m ₁ and m ₂ is simple.