RU2542929C1 - Method to code data unit represented as bit string - Google Patents

Abstract

FIELD: information technologies.

SUBSTANCE: method to code a data unit represented as a bit string consisting in formation of a secret key in the form of subkeys K and Q, which represent bit strings, formation of an auxiliary n-bit string T, formation of an n-bit auxiliary cryptogram C_M by performance of operation of E coding on the data unit M depending on K according to the formula C_M=E_K(M), formation of an n-bit auxiliary cryptogram C_T by performance of operation of E coding on the n-bit string T depending on Q according to the formula C_T=E_Q(T), formation of 2n-bit cryptogram C depending on subkeys K and Q and auxiliary cryptograms C_M and C_T, differing by the fact that the subkey K is formed as a 2n-bit string, representing concatenation o two n-bit strings k₁ and k₂, the subkey Q is formed as a 2n-bit string, representing concatenation of two n-bit strings q₁ and q₂, the (n+1)-bit string m is formed, and the 2n-bit cryptogram C is formed as concatenation of two binary polynomials of degree n-1, being the solution to the system of two linear equations k₁C₁+k₂C₂=C_M mod m and q₁C₁+q₂C₂=C_T mod m with two unknown binary polynomials C₁ and C₂, in which m is an additionally formed polynomial of degree n, and n-bit strings k₁, k₂, q₁, q₂, C_M, C_T are considered as binary polynomials of degree n-1, and (n+1)-bit string m is considered as a binary polynomial of degree n.

EFFECT: increased level of protection of coded information.

2 cl

Description

The invention relates to the field of telecommunications and computing, and more particularly to the field of cryptographic methods and devices for protecting information transmitted over telecommunication networks by encryption ¹ ( ^{1 The} interpretation of the terms used in the description is given in Appendix 1) messages (information).

Known methods for encrypting electronic messages presented in digital form, namely, in the form of binary data, performed using a secret key, for example, a method implemented in the form of a block encryption algorithm RC5 [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc., New York, 1996, pp. 344-346]. The method includes generating a secret key in the form of a set of subkeys, splitting the n-bit binary information block into n / 2-bit information subunits A and B, and sequentially converting the data of the subunits. The subunits are transformed by sequentially performing linear and nonlinear operations on them, using the summation modulo 2 ^m , where m = n / 2 = 8, 16, 32, 64, bitwise summation modulo 2 and a cyclic shift to the left, and the number the bit by which the converted subblock is shifted depends on the value of the other subblock. The latter property is characteristic of the RC5 method and determines the dependence of the cyclic shift operation at the current step of converting a subunit on the initial value of the input data block. The information subblock, for example subblock B, is transformed by superimposing subblock A onto subblock B using the bitwise summing operation modulo 2 B: = B⊕A. After that, the operation of cyclic left shift by the number of bits equal to the value of subunit A is performed on subblock B: B: = B <<< A. Then, the summing operation modulo 2 ^{m is} performed on subblock B and one of the K subkeys, where m is the length of the subblock in bits: B: = (B + K) mod 2 ^m . After that, the subunit A is similarly converted. Depending on the size of the key, several such iterations of the conversion of both subunits are performed. This method provides a fairly high encryption speed in software implementation. The disadvantage of the RC5 encryption method is its low resistance to differential and linear types of cryptanalysis [Kaliski BS, Yin YL On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm. Advances in Cryptology - CRYPTO 95. Proceedings, Springer-Verlag, 1995, pp. 171-184].

A known method of encryption of n-bit data blocks [B. Schneier, "Applied Cryptography", Second Eddition, John Wiley & Sons, Inc., New York, 1996, pp. 193-194] by generating the secret key K, splitting the message M into n-bit data blocks M ₁ , M ₂ , ..., M _k where k is the number of blocks in the message; n≥64 bits, and subsequent encryption of the data blocks M ₁ , M ₂ , ..., M _k , and the encryption process is performed in the following way. The block M _{1 is} encrypted with the secret key, obtaining a cryptogram block C ₁ , then, starting from the value i = 2 and up to the value i = k, the cryptogram block C _i-1 and the block M _i obtained by summing are summed using the bitwise summing operation a data block is encrypted with a secret key, resulting in the current cryptogram block C _i . The set of blocks of the cryptogram C ₁ , C ₂ , ..., C _k is a cryptogram containing a message in a hidden form. Removing a message from a cryptogram is practically possible only using the secret key used in encryption, which ensures protection of the information contained in the message when it is transmitted over open communication channels. This method provides an improvement in the statistical properties of the cryptogram, however, it has the disadvantage that the ability to independently decrypt individual blocks of the cryptogram is lost.

The closest in technical essence to the claimed method of encrypting a data block M, represented as an n-bit string, is the method described in patent No. 2459275 [Moldovyan A.A., Moldovyan N.A. A method for block encrypting a binary M message. Patent No. 2459275] according to claim 2 of the claims of the specified patent. The prototype method includes generating a secret key, including subkeys K and Q, generating an auxiliary n-bit block of binary data T, generating an n-bit auxiliary cryptogram C _M by performing block encryption operation E on M depending on K using the formula C _M = E _K (M), generating an n-bit auxiliary cryptogram C _T by performing block ciphering operations E on Q depending on Q using the formula C _T = E _Q (T), generating a cryptogram C depending on the secret key and auxiliary cryptograms C _M and C _T.

. Затем правая n-битовая строка C_T расшифровывается путем выполнения операции блочного преобразования D, обратной к операции блочного шифрования E, т.е. по формуле T=D_Q(C_T). Аналогичная процедура расшифрования выполняется с использованием подключа K и левой n-битовой строки C_M вспомогательной криптограммы $$C\ast =C_M\Vert C_T$$

, а именно данных М, восстанавливается по формуле M=D_K(C_M). Недостатком способа прототипа является то, что различные части вспомогательной криптограммы C* используются при расшифровании блока данных M и блока фиктивного сообщения T. Это демаскирует факт наличия в блоке криптограммы C блока данных M.The prototype method allows to protect information using the mechanism of fraudulent traps, which consists in the fact that the potential attacker is substituted with a part of the secret key, including subkey Q, as the decryption key, and n-bit is used as an auxiliary n-bit block of binary data T dummy message block. The cryptogram block C is decrypted by converting it with an additional key, resulting in an auxiliary cryptogram C *, which is a concatenation of two n-bit strings C _M and $$C_T:C\ast =C_M\Vert C_T$$

. Then, the right n-bit string C _{T is} decrypted by performing the block transform operation D inverse to the block encryption operation E, i.e. by the formula T = D _Q (C _T ). A similar decryption procedure is performed using subkey K and the left n-bit string C _M auxiliary cryptogram $$C\ast =C_M\Vert C_T$$

, namely the data M, is restored by the formula M = D _K (C _M ). The disadvantage of the prototype method is that the various parts of the auxiliary cryptogram C * are used when decrypting the data block M and the fictitious message block T. This unmasks the fact that the cryptogram block C contains the data block M.

The problem to which the claimed technical solution is directed is to develop a method for encrypting a data block M, presented in the form of an n-bit string, which provides an effective masking of the presence of an n-bit data block M in a 2n-bit block of cryptogram C due to the formation of an n-bit auxiliary cryptogram and the use of all its bits when decrypting both the n-bit data block M and the auxiliary n-bit string T.

The technical result of a new method of encrypting a data block represented as a bit string is to increase the level of security of information encrypted with its use. This technical result is achieved in that in a method of encrypting a data block M represented as an n-bit string, which consists in generating a secret key in the form of subkeys K and Q, which are bit strings, forming an auxiliary n-bit string T, forming n- auxiliary bit cryptogram C _M by performing the above operations data block M the block cipher E K according to the formula C _M = E _K (M), forming an auxiliary n-bit cryptogram C _T by subjecting the n-bit string step T the block cipher E according to the formula C Q _{T Q} = E (T), forming 2n-bit cryptogram C depending on subkey K and Q and auxiliary cryptograms C _M and C _T,

new is that subkey K is formed as a 2n-bit string representing the concatenation of two n-bit strings k ₁ and k ₂ , subkey Q is formed as a 2n-bit string representing the concatenation of two n-bit strings q ₁ and q ₂ , form an (n + 1) -bit string m and form a 2n-bit cryptogram C in the form of a concatenation of two binary polynomials of degree n-1, which are a solution of a system of two linear equations k ₁ C ₁ + k ₂ C ₂ = C _M mod m, and c ₁ q ₁ + q ₂ c ₂ = _T c mod m with two unknown binary polynomials c ₁ and c ₂ in which m is additionally sformirovannosti polynomial of degree n, and the n-bit string k _1, k _2, q _1, q _2, C _M, C _T are considered as binary polynomials of degree n-1 and (n + 1) -bit string m is considered as a binary polynomial of degree n .

Also new is that they form an (n + 1) -bit string m in the form of an irreducible binary polynomial of degree n.

The formation of an (n + 1) -bit string m in the form of an irreducible binary polynomial of degree n reduces the complexity of computing the solution of a system of linear equations, thereby reducing the time required to encrypt a data block M represented as an n-bit string.

Thanks to this new set of essential features, by generating n-bit auxiliary cryptograms C _M and C _T, it is _possible to use all bits of the auxiliary cryptogram when decrypting both the data block M and the auxiliary n-bit string T, which can be used as n bit block dummy message. This provides an effective masking of the presence of an n-bit data block M in the 2n-bit block of the cryptogram C when it is decrypted by a potential intruder when he uses the key elements Q and m ₂ as the decryption key, since the decryption procedure is performed using the same formula for decryption a data block M and a dummy message block T.

может быть восстановлен n-битовый блока данных M по подключу $$K=k_1\Vert k_2$$

по формуле M=D_K((k₁C₁+k₂C₂)mod m), где D - операция блочного расшифрования, обратная операции блочного шифрования E, и вспомогательная n-битовая строка T по подключу $$Q=q_1\Vert q_2$$

по формуле T=D_Q((q₁C₁+q₂C₂)mod m).The correctness of the claimed method of encrypting a data block M, presented as an n-bit string, is that 2n-bit cryptogram $$C=C_{\mathrm{one}}\Vert C_2$$

can be restored n-bit data block M by subkey $$K=k_{\mathrm{one}}\Vert k_2$$

according to the formula M = D _K ((k ₁ C ₁ + k ₂ C ₂ ) mod m), where D is the operation of block decryption, the inverse of the operation of block encryption E, and the auxiliary n-bit string T by connection $$Q=q_{\mathrm{one}}\Vert q_2$$

by the formula T = D _Q ((q ₁ C ₁ + q ₂ C ₂ ) mod m).

имеемIndeed, when performing the decryption procedure on the subkey $$K=k_{\mathrm{one}}\Vert k_2$$

we have

.

.

имеемand when I perform the decryption procedure on the plug $$Q=q_{\mathrm{one}}\Vert q_2$$

we have

.

.

Further, the feasibility and correctness of the claimed method of encrypting a data block M, presented as an n-bit string, is illustrated by particular examples of its implementation.

представляющую собой последовательность коэффициентов неприводимого двоичного многочлена степени 65, т.е. двоичного многочлена x⁶⁵+x¹⁸+1 [см. таблицу неприводимых двоичных многочленов на с. 209 в книге Болотов А.А., Гашков С.Б., Фролов А.Б. Элементарное введение в эллиптическую криптографию: Протоколы криптографии на эллиптических кривых. - М.: КомКнига, 2006. - 280 с.]. Затем формируют вспомогательную 65-битовую строку T и 65-битовую вспомогательную криптограмму C_M путем выполнения над блоком данных M операции блочного шифрования E в зависимости от подключа K=(k₁, k₂) по формуле C_M=E_K(M), где операция блочного шифрования описывается следующим алгоритмом:Example 1. Encryption of a data block M represented as a 65-bit string. The secret key is formed in the form of subkeys K and Q, and subkey K is formed in the form of a 130-bit string representing the concatenation of two 65-bit strings k ₁ and k ₂ , i.e. K = (k ₁ , k ₂ ), and the subkey Q is formed in the form of a 130-bit string representing the concatenation of two 65-bit strings q ₁ and q ₂ , i.e. Q = (q ₁ , q ₂ ). Form a 66-bit string

which is a sequence of coefficients of an irreducible binary polynomial of degree 65, i.e. binary polynomial x ⁶⁵ + x ¹⁸ +1 [see table of irreducible binary polynomials on p. 209 in the book Bolotov A.A., Gashkov S.B., Frolov A.B. An Elementary Introduction to Elliptic Cryptography: Protocols of Cryptography on Elliptic Curves. - M .: KomKniga, 2006. - 280 p.]. Then, an auxiliary 65-bit string T and a 65-bit auxiliary cryptogram C _{M are formed} by performing block ciphering operation E on the data block M depending on the subkey K = (k ₁ , k ₂ ) according to the formula C _M = E _K (M), where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 1 and the variable C _M ← M, where the sign ← denotes the assignment operation.

2. Considering the 65-bit strings k ₁ and M as binary polynomials, form a 65-bit string C _M , which is a sequence of coefficients of the binary polynomial calculated by the formula C _M ← (k ₁ C _M mod m) ^{<23 <} , where ( ...) ^{<23 <} denotes the operation of cyclic shift of the bit string (...) 23 bits to the left.

3. Considering the 65-bit string k ₂ , convert the 65-bit string C _M according to the formula C _M ← (k ₂ C _M mod m) ^{<17 <} , where (...) ^{<17 <} denotes the operation of cyclic shift of the bit string (...) 17 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <10, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _K performed on the 65-bit data block M.

Then, a 65-bit auxiliary cryptogram C _{T is formed} by performing block ciphering operation E on a 65-bit string T depending on the subkey Q = (q ₁ , q ₂ ) according to the formula C _T = E _Q (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 1 and the variable C _T ← T.

2. Considering the 65-bit strings k ₂ and T as binary polynomials, form a 65-bit string C _T , which is a sequence of coefficients of the binary polynomial calculated by the formula C _T ← (q ₁ C _T mod m) ^{<23 <} .

3. Convert a 65-bit string C _T according to the formula C _T ← (q ₂ C _T mod m) ^{<17 <} .

4. Increase the value of counter i: i ← + 1. If i <10, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q (T) performed on the 65-bit string T.

After the formation of auxiliary cryptograms C _M and C _T in the form of binary polynomials represented as 65-bit strings, a 130-bit cryptogram C is formed by solving the following system of two linear equations

.

.

, где знак ║ обозначает операцию конкатенации (объединения) битовых строк.The solution to this system are two binary polynomials C ₁ and C ₂ , presented in the form of 65-bit strings. Combining the 65-bit strings C ₁ and C ₂ gives a 130-bit cryptogram $$C=C_{\mathrm{one}}\Vert C_2$$

, where the sign ║ denotes the operation of concatenation (union) of bit strings.

The proof of the correctness of this particular variant of the claimed method of encrypting the data block M, presented as a 65-bit string, is proved similarly to the general proof of the correctness of the claimed method described above, given that the block decryption operation D _K (C _M ) is the opposite of the block encryption operation E _K (M) is implemented by the following conversion procedure:

1. Set the value of the counter i ← 1 and the variable M ← C _M.

, где (…)^>17>, обозначает операцию циклического сдвига битовой строки (…) на 17 бит вправо.2. Convert the 65-bit string M, performing sequential calculations using the formulas M ← M ^>17> and $$M\leftarrow M{k}_2^{-\mathrm{one}}\mathrm{mod}m$$

, where (...) ^>17> , denotes the operation of cyclic shift of the bit string (...) by 17 bits to the right.

, где (…)^>23>, обозначает операцию циклического сдвига битовой строки (…) на 23 бита вправо.3. Convert the 65-bit string M, performing sequential calculations using the formulas M ← M ^>23> and $$M\leftarrow M{k}_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}m$$

, where (...) ^>23> , denotes the operation of cyclic shift of the bit string (...) by 23 bits to the right.

4. Increase the value of counter i: i ← i + 1. If i <10, then go to step 2, otherwise, take the current value of M as the output value of the operation D _K performed on the 65-bit data block C _M.

The procedure for implementing the block decryption operation D _Q (C _T ), the inverse of the block encryption operation E _Q (T), is written similarly.

, i=1, 2, …, 1000.The considered private implementation of the claimed method can be used to jointly encrypt two messages M and T, each of which, for example, has a size of 65 Kb. The message M is divided into 65-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 1000. Message T is divided into 65-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for values i = 1, 2, ..., 1000, pairs of data blocks (M _i , T _i ,) are jointly encrypted in accordance with the described implementation example of the inventive method, resulting in ciphertext in the form of a sequence of 130-bit cryptograms $$(C_{\mathrm{one}}\Vert C_2{)}_i$$

, i = 1, 2, ..., 1000.

Example 2. Encryption of a data block M represented as a 52-bit string. The secret key is formed in the form of subkeys K and Q, and subkey K is formed in the form of a 104-bit string, which is a concatenation of two 52-bit strings k ₁ and k ₂ , i.e. K = (k ₁ , k ₂ ), and the subkey Q is formed as a 104-bit string representing the concatenation of two 52-bit strings q ₁ and q ₂ , i.e. Q = (q ₁ , q ₂ ). Form a 53-bit string

which is a sequence of coefficients of an irreducible binary polynomial of degree 52, i.e. binary polynomial x ⁵³ + x ³ +1 [see table of irreducible binary polynomials on p. 209 in the book Bolotov A.A., Gashkov S.B., Frolov A.B. An Elementary Introduction to Elliptic Cryptography: Protocols of Cryptography on Elliptic Curves. - M .: KomKniga, 2006. - 280 p.]. Then, an auxiliary 52-bit string T and a 52-bit auxiliary cryptogram C _{M are formed} by performing block encryption operation E on the data block M depending on the subkey K = (k ₁ , k ₂ ) according to the formula C _M = E _K (M), where the operation of block encryption is described by the following algorithm:

1. Set the value of the counter i ← 1 and the variable C _M ← M, where the sign ← denotes the assignment operation.

2. Considering the 52-bit strings k ₁ and M as binary polynomials, form a 52-bit string C _M , which is a sequence of coefficients of the binary polynomial calculated by the formula C _M ← (k ₁ C _M mod m) ^{<19 <} , where ( ...) ^{<19 <} , denotes the operation of cyclic shift of the bit string (...) by 19 bits to the left.

3. Considering the 52-bit string k ₂ , convert the 65-bit string C _M according to the formula C _M ← (k ₂ C _M mod m) ^{<11 <} , where (...) ^{<11 <} denotes the operation of cyclic shift of the bit string (...) 11 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <10, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _K performed on the 52-bit data block M.

Then, a 52-bit auxiliary cryptogram C _{T is formed} by performing block ciphering operation E on a 52-bit string T depending on the subkey Q = (q ₁ , q ₂ ) according to the formula C _T = E _Q (T) in accordance with the following algorithm:

1. Set the value of the counter i ← 1 and the variable C _T ← T.

2. Generate a 52-bit string C _T , which is a sequence of coefficients of the binary polynomial calculated by the formula C _T ← (q ₁ C _T mod m) ^{<19 <} .

3. Convert the 52-bit string C _T according to the formula C _T ← (q ₂ C _T mod m) ^{<11 <} .

4. Increase the value of counter i: i ← i + 1. If i <10, then go to step 2, otherwise, take the current value C _M as the output value of the block encryption operation E _Q (T) performed on the 65-bit string T.

.After the formation of auxiliary cryptograms C _M and C _T in the form of binary polynomials represented as 52-bit strings, a 130-bit cryptogram C is formed by solving the following system of two linear equations

.

, где знак ║ обозначает операцию конкатенации (объединения) битовых строк.The solution to this system are two binary polynomials C ₁ and C ₂ , presented in the form of 52-bit strings. Combining the 52-bit strings C ₁ and C ₂ , you get a 104-bit cryptogram $$C=C_{\mathrm{one}}\Vert C_2$$

, where the sign ║ denotes the operation of concatenation (union) of bit strings.

The proof of the correctness of this particular variant of the claimed method of encrypting the data block M, presented as a 52-bit string, is proved similarly to the general proof of the correctness of the claimed method described above, given that the block decryption operation D _K (C _M ) is the opposite of the block encryption operation E _K (M) is implemented by the following conversion procedure:

1. Set the value of the counter i ← 1 and the variable M ← C _M.

, где (…)^>11> обозначает операцию циклического сдвига битовой строки (…) на 11 бит влево.2. Convert the 52-bit string M, performing sequential calculations using the formulas M ← M ^>11> and $$M\leftarrow M{k}_2^{-\mathrm{one}}\mathrm{mod}m$$

, where (...) ^>11> denotes the operation of cyclic shift of the bit string (...) by 11 bits to the left.

, где (…)^>19> обозначает операцию циклического сдвига битовой строки (…) на 19 бит влево.3. Convert the 52-bit string M, performing sequential calculations using the formulas M ← M ^>19> and $$M\leftarrow M{k}_{\mathrm{one}}^{-\mathrm{one}}\mathrm{mod}m$$

, where (...) ^>19> denotes the operation of cyclic shift of the bit string (...) by 19 bits to the left.

4. Increase the value of counter i: i ← i + 1. If i <10, then go to step 2, otherwise, take the current value of M as the output value of the operation D _K performed on the 65-bit data block C _M.

The procedure for implementing the block decryption operation D _Q (C _T ), the inverse of the block encryption operation E _Q (T), is written similarly.

, i=1, 2, …, 1000.The considered private implementation of the claimed method can be applied for joint encryption of two messages M and T, each of which, for example, has a size of 520 kbps. Message M is divided into 52-bit data blocks M ₁ , M ₂ , ..., M _w , where w = 10000. Message T is split into 52-bit data blocks T ₁ , T ₂ , ..., T _w . Alternately, for values i = 1, 2, ..., 10000, pairs of 52-bit data blocks (M _i , T _i ) are jointly encrypted in accordance with the described implementation example of the claimed method, resulting in ciphertext in the form of a sequence of 130-bit cryptograms $$(C_{\mathrm{one}}\Vert C_2{)}_i$$

, i = 1, 2, ..., 1000.

The above examples show that the claimed method of encrypting a data block M, represented as an n-bit string, functions correctly, is technically feasible and allows us to solve the problem.

The inventive method of encrypting a data block M, represented as an n-bit string, can be used to develop means of comprehensive protection of information from unauthorized access, providing additional information security by imposing false messages to potential attackers. This method can also be used for secure broadcast messages with control of access to messages from the recipients while ensuring the identity of the decryption of the same cryptogram. Such means of secure broadcast messaging solve the problem of traffic non-tracking when transmitting information over telecommunication channels.

The interpretation of the terms used in the description of the invention

1. Binary digital electromagnetic signal - a sequence of bits in the form of zeros and ones.

2. Parameters of a binary digital electromagnetic signal: bit depth and order of single and zero bits.

3. The bit depth of a binary digital electromagnetic signal is the total number of its single and zero bits, for example, the number 10011 is 5-bit.

4. Bit string (BS) - a binary digital electromagnetic signal, presented in the form of a finite sequence of digits "0" and "1".

5. Secret key - a binary digital electromagnetic signal used to generate a signature for a given electronic document. The secret key is represented, for example, in binary form as a sequence of digits "0" and "1".

6. A multi-bit binary number (MDC) is a binary digital electromagnetic signal, interpreted as a binary number and represented as a sequence of digits "0" and "1".

7. A polynomial is an ordered sequence of coefficients, each of which is a single-bit or multi-bit binary number (MDC). The operations of addition of polynomials and multiplication of polynomials are defined over polynomials, which are reduced to performing actions with coefficients of polynomials that are operands. Polynomials and the rules of action on them are discussed in detail in books [Kostrikin A.I. Introduction to Algebra. Fundamentals of Algebra. M .: Fizmatlit. 1994. - 320 p.] And [Kurosh A.G. Course of higher algebra. - M., "Science", 1971. - 431 p.]. In computing devices, polynomials are represented as a bit string in which each bit or each substring of bits of a fixed length is interpreted as one of the coefficients of the polynomial over which the operations of addition and multiplication of coefficients are defined.

. В алгебраической форме указываются только слагаемые с ненулевыми коэффициентами, так как позиция коэффициента связана однозначно со степенью формальной переменной, при которой он записан.8. A binary polynomial is a polynomial whose coefficients are single-digit binary numbers “0” and “1”. The binary polynomial is written as a bit string, the highest bit of which is equal to a single bit. The degree of the polynomial is the value of S equal to the length of the bit string representing the binary polynomial minus one. In algebraic form, the binary polynomial is written as the sum of some degrees s _i <S of the formal variable x, for example, in the form $$x^S+x^{s_{\mathrm{one}}}+x^{s_2}+x^{s_3}+\mathrm{one}$$

. In an algebraic form, only terms with nonzero coefficients are indicated, since the position of the coefficient is uniquely related to the degree of the formal variable at which it is written.

9. An irreducible binary polynomial is a binary polynomial that cannot be divisible without remainder by any other binary polynomial, that is, an irreducible binary polynomial cannot be represented as the product of two binary polynomials.

10. Comparable in absolute value of a polynomial m are polynomials whose difference is divided by a polynomial m without remainder or, which is the same, polynomials, when divided by a polynomial m, equal residues are obtained.

11. The operation of multiplying two polynomials modulo (mod) the polynomial m is performed as ordinary algebraic multiplication of polynomials, followed by taking the remainder of dividing the result by the polynomial m.

12. The operation of adding two polynomials is performed as the addition of all the coefficients for the same degrees of the formal variable, as the elements of the field to which the coefficients of the polynomials belong (this field is called the field over which the polynomials are given).

13. An algebraic structure is a set of mathematical elements of some nature. As mathematical elements, for example, polynomials, MDCs, pairs of MDCs, pairs of polynomials, triples of MDCs, triples of polynomials, matrices of MDCs, matrices of polynomials, etc., over which mathematical actions (operations) are specified, can act. A mathematically algebraic structure is determined by specifying a specific set of mathematical elements and one or more operations performed on the elements.

14. An element of an algebraic structure is a single bit string or a set of several bit strings over which an algebraic operation is defined. When determining a specific type of algebraic structure, operations are determined on elements of the algebraic structure, which uniquely indicate the rules for interpretation and transformation of bit strings representing these elements. The transformations of bit strings implemented in computing devices correspond to operations performed on elements of a given algebraic structure.

15. A group is an algebraic structure (that is, a set of elements of various nature), on the elements of which one operation is defined, and which for a given operation has a given set of properties: the operation is associative, the result of the operation on two elements is also an element of the same structure there is a neutral element such that when performing operations on them and some other element of a group is the result of element a. A detailed description of the groups is given in the books [A.G. Kurosh. Group theory. - M., publishing house "Science", 1967. - 648 p.] And [M.I. Kargapolov, Yu.I. Merzlyakov. Fundamentals of group theory. - M., publishing house "Science. Fizmatlit ", 1996. - 287 p.]. An operation defined on group elements is called a group operation.

16. A ring is an algebraic structure (that is, a set of mathematical elements of nature), on the elements of which two operations are defined, one of which is called addition, and the second - multiplication. Moreover, for given operations, this algebraic structure has a given set of properties: addition and multiplication operations are associative and commutative, the multiplication operation is distributive with respect to the addition operation, and the result of each of these operations on two elements is also an element of the same structure. In addition, for addition there is a neutral element such that when performing an operation on it and some other element a of the group, the result is element a . A neutral element with respect to addition is called a zero element (or simply zero). A detailed description of the rings is given in the books [Kostrikin A.I. Introduction to Algebra. The basics of algebra. M .: Fizmatlit. 1994. - 320 p.] And [Kurosh A.G. Course of higher algebra. - M., "Science", 1971. - 431 p.].

17. A field is an algebraic structure (that is, a set of mathematical elements of various nature), on the elements of which two operations are defined, one of which is called addition, and the second - multiplication. Moreover, for given operations, this algebraic structure has a given set of properties: addition and multiplication operations are associative and commutative, the multiplication operation is distributive with respect to the addition operation, and the result of each of these operations on two elements is also an element of the same structure. Wherein for each of said two operations exists a neutral element such that when performing operations on them and some other element of a group is the result of element a. The neutral element with respect to addition is called the zero element (or simply zero), and the neutral element with respect to multiplication is called the unit element (or simply unit). In addition, each nonzero element a can be associated with a single element a ^-1 , called the inverse element with respect to this element, such that the product a ^-1 a (and therefore aa ^-1 ) is equal to one. A detailed description of the fields is given in the books [A.I. Kostrikin. Introduction to Algebra. The basics of algebra. M .: Fizmatlit. 1994. - 320 p.] And [Kurosh A.G. Course of higher algebra. - M., "Science", 1971. - 431 p.].

18. The operation of dividing the binary polynomial A by the binary polynomial B modulo the binary polynomial m is performed as the operation of multiplying modulo m of the binary polynomial A by the binary polynomial B ^-1 , which is the inverse of the binary polynomial B modulo the binary polynomial m.

19. The set of all binary polynomials of degree that does not exceed the value of S, together with the addition and multiplication modulo an irreducible polynomial of degree S + 1, forms a field GF (2 ^S ) with the number of elements equal to 2 ^S. In such a field, as well as in other fields, systems including two linearly independent equations with two unknowns have a unique solution.

Claims (2)

1. A method of encrypting a data block represented as a bit string, which consists in generating a secret key in the form of subkeys K and Q, which are bit strings, forming an auxiliary n-bit string T, forming an n-bit auxiliary cryptogram C _M by executing on the block data M, the operation of block encryption E depending on K by the formula C _M = E _K (M), the formation of an n-bit auxiliary cryptogram C _T by performing the operation of block encryption E on the n-bit string T, depending on Q, by the formula C _T = E _Q (T), the formation of a 2n-bit cryptogram C depending on the subkeys K and Q and auxiliary cryptograms C _M and C _T , characterized in that the subkey K is formed as a 2n-bit string, which is a concatenation of two n-bit lines k ₁ and k ₂ , sub Q are formed in the form of a 2n-bit string representing the concatenation of two n-bit strings q ₁ and q ₂ , a (n + 1) -bit string m is formed, and a 2n-bit cryptogram C is formed in the form concatenations of two binary polynomials of degree n-1, which are a solution of a system of two linear equations k ₁ C ₁ + k ₂ C ₂ = C _M mod m and q ₁ C ₁ + q ₂ C ₂ = C _T mod m with two unknown binary polynomials C ₁ and C ₂ , in which m is an additionally formed polynomial of degree n, and n-bit strings k ₁ , k ₂ , q ₁ , q ₂ , C _M , C _{T are} considered as binary polynomials of degree n-1 and a (n + 1) -bit string m is considered as a binary polynomial of degree n. 2. The method according to claim 1, characterized in that they form an (n + 1) -bit string m in the form of an irreducible binary polynomial of degree n.