RU2542880C1 - Method of encrypting binary data unit - Google Patents

Abstract

FIELD: radio engineering, communication.

SUBSTANCE: method of encrypting a binary data (M) unit comprises generating a secret key which includes subkeys Q and R, generating an auxiliary n-bit unit of binary data T, generating an in-bit auxiliary cryptogram C_M by performing, over M, a block encryption E operation depending on Q using the formula C_M=E_Q(M), generating an n-bit auxiliary cryptogram C_T by performing, over T, a block encryption E operation depending on R using the formula C_T=E_R(T), generating a cryptogram C depending on the secret key and the auxiliary cryptograms C_M and C_T, characterised by that subkey Q is generated in the form of a 2n-bit line which is a concatenation of two n-bit binary numbers q₁ and q₂, the subkey R is generated in the form of a 2n-bit line which is a concatenation of two n-bit binary numbers r₁ and r₂, generating a (n+1)-bit binary number p and generating a cryptogram C in the form of a concatenation of two multi-bit binary numbers C₁ and C₂, which are the solution of a system of two linear equations q₁C₁+q₂C₂=C_M mod p and r₁C₁+r₂C₂=C_T mod p with two unknowns C₁ and C₂.

EFFECT: higher level of security of encrypted information.

3 cl

Description

The invention relates to the field of telecommunications and computer technology, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks by encrypting messages (information).

There are known methods of encrypting electronic messages presented in digital form, namely in the form of binary data, performed using a secret key, for example, a method implemented in the form of an RC5 block encryption algorithm [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons , Inc., New York, 1996, pp. 344-346]. The method includes generating a secret key in the form of a set of subkeys, splitting the n-bit binary information block into n / 2-bit information subblocks A and B, and alternately converting these subblocks. Subblocks are transformed by sequentially performing linear and nonlinear operations on them, using the summation modulo 2 ^m , where m = n / 2 = 8.16.32.64, bitwise summation modulo 2 and a cyclic shift to the left, and the number the bit by which the converted subblock is shifted depends on the value of the other subblock. The latter property is characteristic of the RC5 method and determines the dependence of the cyclic shift operation at the current step of converting a subunit on the initial value of the input data block. The information subblock, for example subblock B, is transformed by superimposing subblock A onto subblock B using the bitwise summing operation modulo 2 B: = B⊕A. After that, the operation of cyclic left shift by the number of bits equal to the value of subunit A is performed on subblock B: B: = B <<< A. Then, over the subblock B and one of the subkeys K, the summation operation is performed modulo 2 ^m , where m is the length of the subblock in bits: B: = (B + K) mod 2 ^m . After that, subunit A is similarly converted. Depending on the size of the key, several such iterations of the conversion of both subunits are performed. This method provides a fairly high encryption speed in software implementation. The disadvantage of the RC5 encryption method is its low resistance to differential and linear types of cryptanalysis [Kaliski BS, Yin YL On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm. Advances in Cryptology - CRYPTO 95. Proceedings, Springer-Verlag, 1995, pp. 171-184].

A known method for encrypting n-bit data blocks [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc., New York, 1996, pp. 193-194] by generating the secret key K, splitting the message M into n-bit data blocks M ₁ , M ₂ , ..., M _k , where k is the number of blocks in the message; n≥64 bits, and subsequent encryption of the data blocks M ₁ , M ₂ , ... M _k , and the encryption process is performed in the following way. The block M _{1 is} encrypted with the secret key, obtaining the cryptogram block C ₁ , then, starting from the value i-2 and up to the value i = k, the cryptogram block C _i-1 and the block M _i obtained by summing are summed using the bitwise summing operation the data block is encrypted with a secret key, resulting in the current cryptogram block C _i . The set of blocks of the cryptogram C ₁ , C ₂ , ..., C _k is a cryptogram containing the message M in a hidden form. Removing the message M from the cryptogram is practically possible only using the secret key used in encryption, due to which the information contained in the message M is protected when it is transmitted over open communication channels. This method provides an improvement in the statistical properties of the cryptogram, however, it has the disadvantage that the ability to independently decrypt individual blocks of the cryptogram is lost.

The closest in technical essence to the claimed method of encrypting an n-bit block of binary data M is the method described in patent No. 2459275 [Moldovyan A.A., Moldovyan N.A. A method for block encrypting message M in binary form. Patent No. 2459275] according to claim 2 of the claims of the specified patent. The prototype method includes generating a secret key, including plug Q and R, generating an auxiliary n-bit block of binary data T, generating an n-bit auxiliary cryptogram C _M by performing block ciphering operations E on M depending on Q using the formula C _M = E _Q (M), generating an n-bit auxiliary cryptogram C _T by performing block ciphering operations E on T depending on R using the formula C _T = E _R (T), generating cryptogram C depending on the secret key and auxiliary cryptograms C _M and C _T.

The prototype method allows you to protect information using the mechanism of fraudulent traps, which consists in the fact that the potential attacker is substituted with a part of the secret key, including subkey R, as the decryption key, and n-bit is used as an auxiliary n-bit block of binary data T dummy message block. The cryptogram block C is decrypted by converting it with an additional key, which leads to an auxiliary cryptogram C ∗, which is a concatenation of two n-bit strings C _M and C _T : C ∗ = C _M || C _T. Then, the right n-bit string C _{T is} decrypted by performing the block transform operation D inverse to the block encryption operation E, i.e. by the formula T = D _R (C _T ). A similar decryption procedure is performed using subkey K and the left n-bit string C _{M of the} auxiliary cryptogram C ∗ = C _M || C _T. The disadvantage of the prototype method is that the various parts of the auxiliary cryptogram C ∗ are used to decrypt the data block M and the fictitious message block T. This unmasks the fact that the cryptogram C contains the data block M.

The objective of the claimed new technical solution is to develop a method for encrypting a binary data block, presented in the form of an n-bit string, which provides an effective masking of the presence of an n-bit data block M in the cryptogram block C due to the fact that when the decryption procedure is performed, C to n is converted -bit auxiliary cryptogram and the use of all bits of the auxiliary cryptogram when decrypting both the n-bit data block M and the auxiliary n-bit line T.

The technical result of a new method of encrypting a binary data block M is to increase the level of security of information encrypted with its use.

The indicated technical result is achieved by the fact that in the method of encrypting the binary data block M, which consists in generating a secret key, including plug Q and R, forming an auxiliary n-bit block of binary data T, forming an n-bit auxiliary cryptogram C _M by performing operations on M block encryption E depending on Q using the formula C _M = E _Q (M), generating an n-bit auxiliary cryptogram C _T by performing block encryption E on T depending on R using the formula C _T = E _R (T), forming and cryptograms C depending on the secret key and auxiliary cryptograms C _M and C _T ,

new is that subkey Q is formed as a 2n-bit string representing the concatenation of two n-bit binary numbers q ₁ and q ₂ , subkey Q is formed as a 2n-bit string representing the concatenation of two n-bit binary numbers r ₁ and r ₂ form an (n + 1) -bit binary number p and form a cryptogram C in the form of a concatenation of two multi-digit binary numbers C ₁ and C ₂ , which are a solution of a system of two linear equations k ₁ C ₁ + k ₂ C ₂ = C _M mod p and q ₁ C ₁ + q ₂ C ₂ = C _T mod p with two unknowns C ₁ and C ₂ .

Also new is that they form an (n + 1) -bit binary number p, which is prime.

The formation and use of a simple (n + 1) -bit binary number p simplifies the procedure for generating subkeys Q and R.

Also new is the fact that they form an (n + 1) -bit binary number p, which can be represented in the form 2 ⁿ +1.

Using as an (n + 1) -bit binary number p of the MDC of the form 2 ⁿ +1 provides the formation of a cryptogram having a size of 2n bits, which simplifies the software and hardware implementation of the claimed method of encryption of an n-bit block of binary data M.

Thanks to this new set of essential features, by generating n-bit auxiliary cryptograms C _M and C _T, it is _possible to use all bits of the auxiliary cryptogram when decrypting both the data block M and the auxiliary n-bit block of binary data T, which can be An n-bit block of some dummy message is applied. This provides an effective masking of the fact that there is an n-bit data block M in the block of cryptogram C when it is decrypted by a potential intruder when it uses the Q subkey when decrypting cryptogram C, since the decryption procedure is performed using the same formula as when decrypting the data block M and when decrypting a fictitious message block T.

The correctness of the claimed method of encryption of an n-bit block of binary data M is that according to the cryptogram C = C ₁ || C ₂ , where the sign || denotes the operation of concatenation (combining bit strings), the “-bit block of binary data M can be restored by connecting Q = q ₁ || q ₂ according to the formula M = D _Q ((q ₁ C ₁ + q ₂ C ₂ ) mod p) , where D is the operation of block decryption, the inverse of the operation of block encryption E, and the auxiliary n-bit block of binary data T through the subkey R = r ₁ || r ₂ according to the formula T = D _R ((r ₁ C ₁ + r ₂ C ₂ ) mod p).

Indeed, when performing the decryption procedure on the subkey Q = q ₁ || q ₂ we have

and when performing the decryption procedure on the subkey R = r ₁ || r ₂ we have

Further, the feasibility and correctness of the claimed method for encrypting an n-bit block of binary data M is illustrated by particular examples of its implementation.

Example 1. Encryption of a 64-bit block of binary data M. Form a simple MDC p = 18446744073709551629 ₁₀ = 2 ⁶⁴ +2 ³ +2 ² + 1 =

= 10000000000000000000000000000000000000000000000000000000000001101 ₂ , where the index 10 (index 2) means that the number is written using a decimal (binary) number recording system, form a secret key in the form of subkeys Q and R, and subkey Q is formed as a 128-bit string representing is the concatenation of two 64-bit binary numbers q ₁ and q ₂ , i.e. Q = q ₁ || q ₂ , and the subkey R is formed in the form of a 128-bit string, which is a concatenation of two 64-bit strings r ₁ and r ₂ (i.e., R = r ₁ || r ₂ ), which satisfy conditions

q ₁ ≡q ₂ ≡r ₁ ≡r ₂ ≡1 mod 2 (the odd condition of numbers q ₁ , q ₂ , r ₁ , r ₂ ), namely, the following MDCs are formed:

q ₁ = 15344089324516380789 ₁₀ ; q ₂ = 12571778644096321013 ₁₀ ;

r ₁ = 15608185472029694193 ₁₀ ; r ₂ = 15369129295277581477 ₁₀ .

Verification shows that the generated odd MDCs q ₁ , q ₂ , r ₁ and r ₂ satisfy the condition q ₁ r ₂ -q ₂ r ₁ = 812714980881351227 ≠ 0 mod p. Then, an auxiliary 64-bit block of binary data T and a 64-bit auxiliary cryptogram C _{M are formed} by performing block encryption E on the block M of data depending on the subkey Q = q ₁ || q ₂ according to the formula C _M = E _Q (M) where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _M ← M, where the sign ← denotes the assignment operation.

2. Generate a 64-bit string C _M in the form of MDC calculated by the formula C _M ← (q ₁ C _M mod2 ⁶⁴ ) ^{<29 <} , where (...) ^{<29 <} denotes the operation of cyclic shift of the bit string (...) by 29 bits to the left.

3. Convert a 64-bit string C _M according to the formula C _M ← (q ₁ C _M mod2 ⁶⁴ ) ^{<17 <} , where (...) ^{<17 <} denotes the operation of cyclic shift of the bit string (...) by 17 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q performed on the 64-bit block of binary data M.

Then, a 64-bit auxiliary cryptogram C _{T is formed} by performing block ciphering operation E on the auxiliary 64-bit binary data block T, depending on the subkey R = r ₁ || r ₂ according to the formula C _T = E _R (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _T ← Т.

2. Generate a 64-bit string C _T in the form of MDC calculated by the formula C _T ← (r ₁ C _T mod2 ⁶⁴ ) ^{<29 <} .

3. Convert a 64-bit string C _T according to the formula C _T ← (r ₂ C _T mod2 ⁶⁴ ) ^{<17 <} .

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _T as the output value of the block encryption operation E _R performed on the auxiliary 64-bit block of binary data T.

After the formation of auxiliary cryptograms C _M and C _T , considering them as 64-bit MDCs, a cryptogram C = C1 || C _{2 is formed} by solving the following system of two linear equations with unknown C ₁ and C ₂ .

The solution to this system are two MDC C ₁ and C ₂ , which are combined into a cryptogram C = C ₁ || C ₂ .

а операция блочного расшифрования D_Q(C_M), обратная операции блочного шифрования E_Q(M), реализуется следующей процедурой преобразования:The proof of the correctness of this particular embodiment of the claimed method for encrypting an n-bit block of binary data M is proved similarly to the general proof of the correctness of the claimed method described above, given that for odd MDCs q _1, q ₂ , r ₁ , r ₂ modulo 2 ⁶⁴ exist and the corresponding inverse values are easily calculated using the extended Euclidean algorithm $$q_{\mathrm{one}}^{-\mathrm{one}},q_2^{-\mathrm{one}},r_{\mathrm{one}}^{-\mathrm{one}},r_2^{-\mathrm{one}}$$

and the operation of block decryption D _Q (C _M ), the inverse of the operation of block encryption E _Q (M), is implemented by the following conversion procedure:

1. Set the value of the counter i ← 0 and the variable M ← C _M.

где (…)^>17> обозначает операцию циклического сдвига битовой строки (…) на 17 бит вправо.2. Convert a 64-bit string M, performing sequential calculations according to the formulas M ← M ^>17> and $$M\leftarrow M{q}_2^{-\mathrm{one}}\mathrm{mod}{2}^{64},$$

where (...) ^>17> denotes the operation of cyclic shift of the bit string (...) by 17 bits to the right.

, где (…)^>29> обозначает операцию циклического сдвига битовой строки (…) на 29 бит вправо.3. Convert a 64-bit string M, performing sequential calculations according to the formulas M ← M ^>29> and $$M\leftarrow M{q}_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}{2}^{64},$$

, where (...) ^>29> denotes the operation of cyclic shift of the bit string (...) by 29 bits to the right.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value of M as the output value of the operation D _Q performed on the 64-bit auxiliary cryptogram C _M.

Similarly, a procedure is written for implementing the block decryption operation D _R (C _T ), the inverse of the block encryption operation E _R (T).

The considered private implementation of the claimed method can be used to jointly encrypt two Messages and Text messages, each of which, for example, has a size of 64 Kb. Message Message is divided into 64-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 1000. The Text message is broken into 64-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for the values i = 1, 2, ..., 1000, the pairs of data blocks (M _i , T _i ) are jointly encrypted in accordance with the described implementation example of the claimed method, resulting in ciphertext in the form of a sequence of 128-bit cryptograms (C ₁ || C ₂ ) _i , i = 1, 2, ..., 1000.

Example 2. Encryption of a 128-bit block of binary data M.

MDC p of the form 2 ¹²⁸ +1 is formed:

p = 2 ¹²⁸ + 1 = 340282366920938463463374607431768211457 ₁₀ , where the index 10 means that the number is written using a decimal number system. In the form of a binary number (i.e., when using the binary number writing system), p has the form

p = 10000000000000000000000000000000000000000000000000000000000000000 00 \\ 00000000000000000000000000000000000000000000000000000000000001 ₂ ,

where the character "\\" means moving the record to the next line. Then the secret key is formed in the form of subkeys Q and R, and subkey Q is formed in the form of a 256-bit string, which is a concatenation of two 128-bit binary numbers q ₁ and q ₂ , i.e. Q = q ₁ || q ₂ , and the subkey R is formed in the form of a 256-bit string, which is a concatenation of two 128-bit strings r ₁ and r ₂ (i.e., R = r ₁ || r ₂ ) that satisfy condition

q ₁ ≡q ₂ ≡r ₁ ≡r ₂ ≡1 mod 2 (the odd condition of numbers q ₁ , q ₂ , r ₁ , r ₂ ), namely, the following MDCs are formed:

q ₁ = 321909040675575663770595377008565615669 ₁₀ ;

q ₂ = 286307205067618230636306150613625759003 ₁₀ ;

r ₁ = 290440427634195645156881834450918186151 ₁₀ ;

r ₂ = 29426692692758328055910162911399393987661 ₁₀ .

Verification shows that the generated odd MDC q ₁ , q ₂ , r ₁ , and r ₂ satisfy the condition

q ₁ r ₂ -q ₂ r ₁ = 75227762587413192201808942155507758598 ≠ 0 mod p.

Then, an auxiliary 64-bit block of binary data T and a 128-bit auxiliary cryptogram C _{M are formed} by performing block encryption E on the block M of data depending on the subkey Q = q ₁ || q ₂ according to the formula C _M = E _Q (M) where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _M ← M.

2. Generate a 64-bit string C _M in the form of MDC calculated by the formula C _M ← (q ₁ C _M mod2 ¹²⁸ ) ^{<32 <} , where (...) ^{<32 <} denotes the operation of cyclic shift of the bit string (...) by 32 bits to the left.

3. Convert a 64-bit string C _M according to the formula C _M ← (q ₂ C _M mod2 ¹²⁸ ) ^{<40 <} , where (...) ^{<40 <} denotes the operation of cyclic shift of the bit string (...) by 40 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q performed on the 64-bit block of binary data M.

Then, a 64-bit auxiliary cryptogram C _{T is formed} by performing block ciphering operation E on the auxiliary 64-bit binary data block T, depending on the subkey R = r ₁ || r ₂ according to the formula C _T = E _R (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 0 and the variable C _T ← Т.

2. Generate a 64-bit string C _T in the form of MDC calculated by the formula C _T ← (r ₁ C _T mod2 ¹²⁸ ) ^{<32 <} .

3. Convert a 64-bit string C _T according to the formula C _T ← (r ₂ C _T mod2 ¹²⁸ ) ^{<40 <} .

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value C _T as the output value of the block encryption operation E _R performed on the auxiliary 64-bit block of binary data T.

After the formation of auxiliary cryptograms C _M and C _T , considering them as 64-bit MDCs, a cryptogram C = C ₁ || C _{2 is formed} by solving the following system of two linear equations with unknown C ₁ and C ₂ :

The solution to this system are two MDC C ₁ and C ₂ , which are combined into a cryptogram C = C ₁ || C ₂ .

операция блочного расшифрования D_Q(C_M), обратная операции блочного шифрования E_Q(M), реализуется следующей процедурой преобразования:The proof of the correctness of this particular embodiment of the claimed method of encrypting an n-bit block of binary data M is proved similarly to the general proof of the correctness of the claimed method described above, given that for odd MDCs q ₁ , q ₂ , r ₁ , r ₂ modulo 2 ¹²⁸ exist and the corresponding inverse values are easily calculated using the extended Euclidean algorithm $$q_{\mathrm{one}}^{-\mathrm{one}},q_2^{-\mathrm{one}},r_{\mathrm{one}}^{-\mathrm{one}},r_2^{-\mathrm{one}},$$

the block decryption operation D _Q (C _M ), the inverse of the block encryption operation E _Q (M), is implemented by the following conversion procedure:

1. Set the value of the counter i ← 0 and the variable M ← C _M.

где (…)^>40> обозначает операцию циклического сдвига битовой строки (…) на 40 бит вправо.2. Convert a 64-bit string M, sequentially performing calculations according to the formulas M ← M ^>40> and $$M\leftarrow M{q}_2^{-\mathrm{one}}\mathrm{mod}{2}^{128},$$

where (...) ^>40> denotes the operation of cyclic shift of the bit string (...) by 40 bits to the right.

где (…)^>32> обозначает операцию циклического сдвига битовой строки (…) на 32 бита вправо.3. Convert a 64-bit string M, sequentially performing calculations according to the formulas M ← M ^>32> and $$M\leftarrow M{q}_2^{-\mathrm{one}}\mathrm{mod}{2}^{128},$$

where (...) ^>32> denotes the operation of cyclic shift of the bit string (...) by 32 bits to the right.

4. Increase the value of counter i: i ← i + 1. If i <16, then go to step 2, otherwise, take the current value of M as the output value of the operation D _Q performed on the 64-bit auxiliary cryptogram C _M.

Similarly, a procedure is written for implementing the block decryption operation D _R (C _T ), the inverse of the block encryption operation E _R (T).

The considered private implementation of the claimed method can be used to jointly encrypt two Messages and Text messages, each of which, for example, has a size of 128 Kbytes. Message Message is divided into 128-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 8000. The Text message is split into 128-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for values i = 1, 2, ..., 8000, pairs of data blocks (M _i , T _i ) are jointly encrypted in accordance with the described implementation example of the claimed method, resulting in ciphertext in the form of a sequence of 256-bit cryptograms (C ₁ || C ₂ ) _i , i = 1, 2, ..., 8000.

The above examples show that the claimed method of encryption of a data block M, presented as an n-bit string, functions correctly, is technically feasible and allows us to solve the problem.

The inventive method of encrypting a data block M, represented as an n-bit string, can be used to develop means of comprehensive protection of information from unauthorized access, providing additional information security by imposing false messages to potential attackers. This method can also be used for secure broadcast messages with control of access to messages from the recipients while ensuring the identity of the decryption of the same cryptogram. Such means of secure broadcast messaging solve the problem of traffic non-tracking when transmitting information over telecommunication channels.

Claims (3)

1. A method of encrypting a binary data block (M), which consists in generating a secret key, including plug Q and R, forming an auxiliary n-bit block of binary data T, forming an n-bit auxiliary cryptogram C _M by performing block encryption operation E on M depending on Q by the formula C _M = E _Q (M), the formation of an n-bit auxiliary cryptogram C _T by performing block ciphering operations E on T depending on R by the formula C _T = E _R (T), the formation of cryptogram C depending from the secret key and in pomogatelnyh cryptograms C _M and C _T, wherein the subkey Q form a 2n-bit string representing a concatenation of two n-bit binary numbers q ₁ and q _2, subkey R are formed in a 2n-bit string representing a concatenation two n-bit binary numbers r ₁ and r ₂ , form an (n + 1) -bit binary number p and form a cryptogram C in the form of concatenation of two multi-bit binary numbers C ₁ and C ₂ , which are a solution of a system of two linear equations q ₁ C ₁ + q ₂ C ₂ = C _M mod p and r ₁ C ₁ + r ₂ C ₂ = C _T mod p with two unknowns C ₁ and C ₂ . 2. The method according to claim 1, characterized in that form (n + 1) -bit binary number p, which is simple. 3. The method according to claim 1, characterized in that form (n + 1) -bit binary number p, which is representable in the form 2 ⁿ +1.