RU2574804C2 - Method for adaptive stream encryption with controlled cryptographic robustness and device therefor - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: depending on the required degree of cryptographic protection, public information is encrypted at the transmitting side via modulo 2 bitwise summation with an encryption gamma and data are decrypted at the receiving side, wherein at the transmitting and receiving sides, respectively, interchangeable irreducible polynomials of the order n are generated and brought into conformity with the key, said polynomials being selected from primitive polynomials and corresponding Galois field extensions GF(2q)n and based on which the linear recurrent shift register (LRSR) which generates the encryption gamma is reprogrammed.

EFFECT: improved cryptographic protection of information.

2 cl, 1 dwg

Description

The invention relates to information encryption and can be used in information transfer systems to provide adaptive encrypted communication using a key transmitted over a closed communication channel.

A known encryption method (Ivanov MA, Cryptographic methods of protecting information in computer systems and networks. - M .: KUDITS-OBRAZ, 2001, p. 34), where the data is encrypted on the transmitting side by their bitwise summation modulo 2 in an adder with a gamma of cipher taken from the outputs of the key generator, and in decrypting data at the receiving side by summing the encrypted data bitwise modulo 2 with the gamma of cipher.

However, the known encryption method is not adapted to the degree of secrecy of the transmitted information, and also has a relatively low cryptographic strength.

A known encryption device (Alferov A.P., Zubov A.Yu., Kuzmin A.S. Fundamentals of cryptography. Textbook. 2nd ed., Revised and supplemented. - M .: Helios ARV, 2002, p. 129 , 130), where direct encryption is carried out in the cipher block, to which open information is supplied to one input, and the gamma of the cipher to the other input.

The disadvantage of this device is low adaptation to the degree of secrecy of the transmitted information, as well as a relatively low cryptographic strength.

The closest in technical essence is the adaptive stream encryption method implemented in the encryption device (Pat. 2329544, Russian Federation, IPC ⁷ H04L 9/00. Adaptive stream encryption method and device for its implementation [Text]. / Bardaev E.A. ; Applicant and patent holder EA Bardaev - No. 2006117121/12; Applicant. 05/19/2006; publ. 07/20/2008). The prototype method consists in the fact that removable primitive polynomials of degree n and replaceable value of the expansion of the Galois field GF (2q) n, respectively, are generated and introduced in accordance with the key on the transmitting and receiving sides, in accordance with which the key generator is reconfigured.

In the known method, the goal is achieved by encrypting data on the transmitting side by bitwise summing modulo 2 with the gamma of the cipher and decrypting data on the receiving side, according to the invention, on the transmitting and receiving sides, respectively, replaceable primitive polynomials of degree n are generated and entered in accordance with the key and the corresponding expansion of the Galois field GF (2q) n, in accordance with which carry out the reconfiguration of the block synthesis linear recursive shift register (LRS), generating present gamut cipher.

The disadvantage of this method is the relatively low cryptographic strength, since primitive polynomials are used, which although they are irreducible, they are the smallest polynomial in the field GF (2q) and the number of such polynomials is limited [7]. Thus, the development of a given number of primitive polynomials is not possible. To solve this problem, device [3] introduces an extension of the primitive polynomial in the field GF (2q), but in this case a mixed set is obtained containing both irreducible and reducible polynomials. Under these conditions, the device can synthesize LRS on a reducible polynomial. This, in turn, leads to the fact that the cryptographic strength of the gamut of the cipher sharply (at times) decreases.

The aim of the claimed method of adaptive stream encryption with controlled cryptographic strength and a device for its implementation is to increase cryptographic strength through the use of replaceable irreducible primitive polynomials and a replaceable value of the Galois field extension GF (2q) n, in accordance with which the key generator is reconfigured.

The claimed method is as follows. Depending on the required degree of cryptographic protection, open information is encrypted on the transmitting side by bitwise summing modulo 2 with the gamma of the cipher and the data on the receiving side is decrypted. On the transmitting and receiving sides, respectively, replaceable irreducible polynomials of degree n are generated and introduced in accordance with the key, which are selected from primitive polynomials and the corresponding Galois field extensions GF (2q) n and based on which they reprogram the LRS generating the cipher gamma.

In the claimed method, the cryptographic strength is increased on average based on the formula (NM) n-GF (2q) n bits, where N is the number of primitive polynomials in a ring of degree n, from which a replaceable primitive gamma-forming polynomial is selected, M is the number of reducible primitive polynomials in the ring degree n, and GF (2q) n is the selected value of the expansion of the Galois field over which the chosen primitive polynomial of degree n is considered. So, for example, if a replaceable primitive polynomial of degree n = 207 is selected, then when constructing a linear recurrence shift register for a polynomial of this degree, the power of the key system of such a device without taking into account nonlinear complexity nodes will be equal to the number of options for initial filling of LRS - 2 ²⁰⁷ -1. In the proposed method, by choosing the value of the expansion of the Galois field, for example, 2 ^{5 the} number of options for the initial filling of the LRS will increase to (2 ⁵ ) ²⁰⁷ -1 = 2 ¹⁰³⁵ -1, and taking into account the selection of the gamma-forming irreducible primitive polynomial from the ring of polynomials of degree n = 207, the power of the key system, and hence the cryptographic strength, will additionally increase by 2 ^(NM) times.

The technical result is achieved by the fact that in a known encryption device containing a key generator on the transmitting and receiving sides and encrypting and decrypting blocks, a series-connected irreducibility check unit, the input of which is connected to the output of the Galois field expansion unit, is additionally introduced on the transmitting and receiving sides, checking the selected specific polynomial of a given degree, the other input of which is connected to the second output of the control unit, and the output is connected to the input of the block LRRS synthesis, which performs the synthesis of recurrent shift registers, the second input of which is connected to the third output of the control unit, while on the transmitting side the output of the LRRS synthesis block is connected to the encryption block, the other input of which is the information input of the device, and the output of the LRRS synthesis block is connected on the receiving side with the input of the decryption unit, the second input of which is connected to the output of the communication channel, and the output is the information output of the device.

Figure 1 presents the structural diagram of a device for implementing the method of adaptive stream encryption with controlled cryptographic strength.

A device for implementing an adaptive stream encryption method with controlled cryptographic strength comprises, on the transmitting side, a control unit 1, the input of which is connected to the output of the key information source, a unit for selecting primitive polynomials 2, a Galois field extension unit 3, the other input of which is connected to the second output of the control unit 1, the irreducibility test block 4, the second input of which is connected to the third output of the control unit, the LRS synthesis unit 5, the second input of which is information the input of the device, the encryption unit 6 and the communication channel 7, and on the receiving side, the device contains a control unit 13 connected in series, the input of which is connected to the output of the key information source, a unit for selecting primitive polynomials 12, a Galois field extension unit 11, the other input of which is connected to the second output of the control unit, the irreducibility test unit 10, the second input of which is connected to the third output of the control unit, the LRS synthesis unit, the second input of which is connected to the fourth output of the control unit 13, which decrypts block 8, the second input of which is connected to the output of the communication channel 7, and the output is the information output of the device. Blocks 1, 2, 3, 7, 8, 9 can be made in the form of ROM (read-only memory), the programming information for which is given in [5] and in the description of an example implementation of the method, blocks 5 and 9 in the form of standard generators [4 , 6], in which the recurrent shift registers are implemented on programmable logic integrated circuits (FPGAs), the programming information of which is given in the description of an example implementation of the method.

The operation of the device for implementing the adaptive stream encryption method with controlled cryptographic strength is as follows. The control unit 1 and 11 (see Fig. 1), depending on the content of the key information, sets the specific values of the following control input parameters: for the operation algorithm of the unit for selecting primitive polynomials 2 and 10 - determining the choice of polynomials of a given degree and their number; for the operation algorithm of the Galois field extension block 3 and 11 and the irreducibility check block 4 and 10 - determining the selection of a particular polynomial of a given degree; for the operation algorithm of the LRRS synthesis block 5 and 9, which determine the reprogramming of FPGAs (implementing recurrent shift registers of the key generator) in accordance with the selected polynomial of degree n and the value of the Galois field extension GF (2q) n, as well as the initial filling of the recurrence shift registers.

The control signal from control unit 1 is fed to the input of the primitive polynomial selection block 2, which, according to the algorithm [5], selects a given number of primitive polynomials of the corresponding degree, which are then fed to the input of the Galois field expansion unit 3, where, by the control signal from control unit 1, generating a set of polynomials, the parameters of which, as well as the expansion value of the Galois field GF (2q) n, are fed to the input of the irreducibility check unit 4, in accordance with these parameters, according to the signal from the control I am carried out in the block of synthesis of LRS 5, the synthesis of linear recurrent shift registers of the key generator is carried out by reprogramming the FPGAs, and then their initial filling. In the encoder 6, the binary information sequence arriving at its input is added modulo two with the gamut of the cipher and fed to the input of the communication channel 7. On the receiving side, when entering key information, the control unit 13 generates the corresponding control signals, according to which the unit for selecting primitive polynomials 12 according to the algorithm [5], it selects a given number of primitive polynomials of the corresponding degree, which then go to the input of the Galois field expansion unit 11, where according to the control signal y from the control unit 13, many polynomials are generated, the parameters of which, as well as the expansion value of the Galois field GF (2q) n, are input to the irreducibility check unit 4, in accordance with these parameters, according to the signal from the control unit, it is carried out in the LRS 5 synthesis unit synthesis of linear recurrence shift registers of the key generator by reprogramming the FPGAs, and then their initial filling. In the decoder 8, the binary encrypted sequence arriving at its input from the output of the communication channel 7 is added modulo two with the gamut of the cipher, and the binary information sequence arrives at the consumer from the decoder output.

Thus, due to the introduction of additional functions, the capabilities of the method are significantly expanded, since the cryptographic strength is significantly increased, and the adaptive control of cryptographic strength is also provided, which allows to achieve the desired result.

Information sources

1. Ivanov M.A. Cryptographic methods of information security in computer systems and networks. - M .: KUDITS-IMAGE, 2001, p. 34, prototype.

2. Zubov A.Yu., Kuzmin A.S. The basics of cryptography. Tutorial. 2nd ed., Rev. and add. - M .: Helios ARV, 2002, p.129, 130, prototype.

3. Patent 2329544, Russian Federation, IPC ⁷ H04L 9/00. Adaptive stream encryption method and device for its implementation [Text]. / Bardaev E.A .; Applicant and patent holder E. Bardaev - No. 2006117121/12; declared 05/19/2006; publ. 07/20/2008 - a prototype.

4. Liddle R., Niederreiter G. Finite Fields. T.2. - M.: Mir, 1988.

5. Bardaev E.A., Lovtsov D.A. Situational security management IPO ACS SDO. NTI RAS (Ser. 2. Information processes and systems), 1999. No. 11. - S.10-21.

6. Ivanov M.A., Chugunkov I.V. Theory, application and quality assessment of pseudo-random sequence generators. - M .: KUDITS-IMAGE, 2003 .-- 240 p.

7. Serdyukov P.N., Belchikov A.V., Dronov A.E. and others. Protected radio systems for digital transmission of information. - M .: ACT, 2006 .-- 403 p.

Claims (2)

1. A method of adaptive stream encryption with controlled cryptographic strength, which consists in the fact that, depending on the required degree of cryptographic protection, open information is encrypted on the transmitting side by bitwise summation modulo 2 with the gamma of the cipher and decrypt the data on the receiving side, characterized in that on the transmitting and respectively, the replaceable irreducible polynomials of degree n, which are selected from the primitive polynomials and their corresponding extension, are generated and introduced in accordance with the key s Galois field GF (2q) n and are the basis for reprogramming linear recurrence shift register (LRRS) generating cipher scheme. 2. An encryption device comprising a key generator on the transmitting and receiving sides and encrypting and decrypting blocks, characterized in that a primitive polynomial selection block is additionally introduced on the transmitting and receiving sides, which selects a primitive polynomial from a finite set by input from the control unit, input which is connected to the output of the control unit, and the output is connected to the input of the expansion unit of the Galois field, which is designed to expand the set of polynomials, the output of which is connected to the input an irreducibility checker, which is designed to check polynomials for irreducibility, the output of which is connected to the input of the LRS synthesis unit, which synthesizes a linear recursive shift register designed to generate an encryption gamut, the output of which is connected to an encryption unit, which performs the summation of plain text from the information the input of the device with an encryption gamut, the second input of which is connected to the information input of the device, and the output is connected to the communication channel.