RU2734324C1 - Method of forming common secret key of two remote telecommunication system users - Google Patents

Abstract

FIELD: computer equipment.

SUBSTANCE: method of forming common secret key of two remote users of telecommunication system, in which at the first subscriber the public key Y₁ is formed by generation of its personal secret key in the form of the element R of the finite set of algebraic elements G, which is the right local unit of the common element Z of the finite set of algebraic elements G, and natural number x₁ and subsequent generation of public key Y₁ by formula Y₁=RZ^x1, in second subscriber, public key Y₂ is generated by generating its personal secret key in form of element L of finite set of algebraic elements G, which is a right-hand left local unit of general element Z of finite set of algebraic elements G, and natural number x₂ and subsequent generation of public key Y₂ by formula Y₂=Z^x2L, wherein finite set of algebraic elements G with associative multiplication operation generate finite algebra with non-commutative associative multiplication operation.

EFFECT: technical result consists in reduction of time required for generation of encryption key due to reduced volume of calculations for generation of encryption key while maintaining required cryptographic stability.

1 cl, 1 tbl

Description

The invention relates to the field of telecommunications, computer technology, digital information technology and information and telecommunication systems, and more specifically to the field of information security of telecommunication systems and, in particular, can be used in cryptographic systems with an open distribution of keys to generate a common encryption key and authentication of remote subscribers ...

There is a known method of generating an encryption key for subscribers of a confidential communication session, including the transformation of a random multi-bit binary number, called a timestamp and determined by a point in time, for example, by the time the communication session starts, according to a pre-agreed cryptographic algorithm under the control of a secret key, which the subscribers exchange in advance through a secure communication channel [Ivanov M.A. Cryptography. M., KUDITS-OBRAZ, 2001 .-- p. 197-198]. The disadvantage of this method for generating an encryption key is the need to transmit the secret key over a secure communication channel, which is an expensive element of secret communication systems.

Also known is a method for generating encryption keys by multiple sequential modification of the secret key in accordance with the one-way transformation algorithm [Ivanov MA. Cryptography. M., KUDITS-OBRAZ, 2001 .-- p. 205]. The disadvantage of the known method for generating an encryption key is that when the current key is compromised, all subsequent encryption keys are compromised.

Also known is a method of forming a shared secret key of two remote subscribers of a telecommunication system using open communication channels, described in the book [Moldovyan N. A., Moldovyan A. A., Eremeev M. A. Cryptography: from primitives to the synthesis of algorithms. - SPb, BHV-Petersburg, 2004 .-- 436 p. - see p. 408 and p. 412-413]. An analogous method consists in performing the following sequence of actions:

1. The first subscriber generates a public key (OK) in the form of two multi-bit binary numbers (MDC), the first n and the second α, (hereinafter, in the text of the description, the MPC should be understood as an electromagnetic signal in binary digital form, in which the total number of bits and their order reflects some binary number), for which

generate the first m and second q auxiliary prime factors in the form of MDC, and the first MDC n OK is calculated as the product of n = mq;

calculate the Euler function ϕ (n) from the first MFN n OK by the formula ϕ (n) = (m-1) (q-1);

generate a second MPC α OK, which is relatively prime with the value of the Euler function ϕ (n) (a pair of MPC n and α forms an OK);

calculate the secret MDC γ = α ^-1 mod ϕ (n), at which the condition γα mod ϕ (n) = 1 is satisfied.

2. Pass OK, i.e. a pair of MDC p and α, to the second subscriber, for example, over telecommunication networks.

3. A secret key K is generated for the second subscriber and an image of the secret key is formed in the form of MDC r by calculating it by the formula r = K ^α mod n.

4. The key image r is transmitted to the recipient of the information.

5. At the recipient of information, the encryption key T is calculated according to the formula K = r ^γ mod n.

With this method, an open distribution of keys is possible, i.e. without the use of secure communication channels, which reduces the cost of ensuring information security.

However, the known method has a disadvantage - the relatively long time required to generate a shared secret encryption key, which is associated with the need to perform a large amount of computation at the recipient of information, due to the large bit width of the MDC γ, which is approximately equal to the bit width of the first MDC n OK, which is selected in order to achieve the required cryptographic strength within 1024-2048 bits.

Also known is a method for generating an encryption key, proposed in the patent of the Russian Federation No. 2286022 and consisting in the following sequence of actions:

at the recipient of information (the first subscriber), the OK is formed in the form of the first p and the second α MDC, the bit width of each of which is chosen to be at least 2048 bits.

transmit OK to the sender of information (second subscriber),

an image of an encryption key in the form of MDC r is formed at the sender of information and transmitted to the recipient of information;

from the recipient of the information in the image of the encryption key r, the encryption key is calculated in the form of MDC K.

The disadvantage of this method is the relatively large size of the OK, which is equal to the total number of words α and p.

The closest in technical essence to the claimed is the known method of forming a shared secret encryption key of two subscribers using open communication channels, described in the book [Moldovyan N.A., Moldovyan A.A. An introduction to public key cryptosystems. - SPb, BHV-Petersburg, 2005 .-- 286 p. - see p. 408 and p. 104-105]. The closest analogue method (prototype) includes the following steps:

1. Generate a finite set of algebraic elements with an associative multiplication operation Г in the form of a finite group, including the set of integers {1, 2, ..., p-1}, over which the operation of multiplication mod p is given as a group operation, where p is a prime MDC having a bit depth of at least 1024 bits. For this, a simple MDC p of the required bit depth is generated.

2. An element Z of a finite group G, common for both subscribers, is formed, which is an MDC Z ∈ {1, 2, ..., p-1}, referring to the indicator p-1 modulo p.

mod р.3. The first subscriber generates OK in the form of an element Y _{1 of the} finite group G, for which his personal secret key is generated in the form of a randomly generated MDC x ₁ and Y _{1 is} calculated by the formula

mod p.

4. The public key Y _{1 is} transmitted over an open channel to the second subscriber.

mod р.5. The second subscriber generates OK in the form of an element Y _{2 of a} finite group G, for which his personal secret key is generated in the form of MDC x ₂ and Y _{2 is} calculated by the formula

mod p.

6. The public key Y _{2 is} transmitted over an open channel to the first subscriber.

mod р.7. The first subscriber generates a common secret key in the form of an element K of a finite group G by calculating it by the formula

mod p.

mod р.8. The second subscriber generates a shared secret key in the form of an element K of a finite group G by calculating it by the formula

mod p.

The disadvantage of the closest analogue is the relatively high complexity of the procedure for generating the general secret encryption key K, due to the fact that the general secret encryption key K is calculated by raising one subscriber to a large integer power equal to the private secret key of another subscriber modulo MDC p OK.

The task to be solved by the claimed invention is to develop a method for generating a secret encryption key, which provides a technical result, which consists in reducing the time required to generate an encryption key by reducing the amount of calculations for generating an encryption key while maintaining its required cryptographic strength.

In addition, the claimed technical solution expands the arsenal of tools for this purpose.

The technical result is achieved by the fact that in the known method of forming a common secret key of two remote subscribers of a telecommunication system, which consists in generating a finite set of algebraic elements G with an associative operation of multiplication, forming a common element Z of a finite set of algebraic elements G, the first subscriber generates it private secret key and its OK in the form of an element Y _{1 of a} finite set of algebraic elements G, transmit the OK of the first subscriber Y _{1 to the} second subscriber, the second subscriber generates his personal secret key and his OK in the form of an element Y _{2 of a} finite set of algebraic elements G, transmit OK of the second subscriber Y _{2 to the} first subscriber, the first subscriber generates a common secret key in the form of an element K of a finite set of algebraic elements G, depending on the OK of the second subscriber Y ₂ and the personal secret key of the first subscriber, and the second subscriber generates a shared secret key in the form of an element K final multi properties of algebraic elements Г depending on the OK of the first subscriber Y ₁ and the private secret key of the second subscriber

у второго абонента формируют ОК Y₂ путем генерации его личного секретного ключа в виде элемента L конечного множества алгебраических элементов Г, являющегося правой левой локальной единицей общего элемента Z конечного множества алгебраических элементов Г, и натурального числа х₂ и последующей генерации OK Y₂ по формуле

причем в качестве конечного множества алгебраических элементов Г с ассоциативной операцией умножения генерируют конечную алгебру с некоммутативной ассоциативной операцией умножения.new in the claimed invention is that the first subscriber is formed OK Y ₁ by generating his private secret key in the form of an element R of a finite set of algebraic elements Г, which is the right local unit of a common element Z of a finite set of algebraic elements Г, and a natural number x ₁ and subsequent generation OK Y ₁ according to the formula

for the second subscriber, OK Y _{2 is formed} by generating his private secret key in the form of an element L of a finite set of algebraic elements G, which is the right-left local unit of a common element Z of a finite set of algebraic elements G, and a natural number x ₂ and the subsequent generation of OK Y ₂ according to the formula

moreover, as a finite set of algebraic elements Γ with an associative multiplication operation, a finite algebra with a non-commutative associative multiplication operation is generated.

Examples of generating finite algebras with a non-commutative associative multiplication operation having a relatively low computational complexity are given below. Due to the comparatively low computational complexity of the vector multiplication operation and the possibility of its efficient parallelization, a significant reduction in the formation time of the shared secret key of two subscribers is provided.

и умножение справа на левую локальную единицу L изменяет значение

Последнее обусловливает существенное повышение вычислительной трудности нахождения личных секретных ключей первого и второго пользователей по их открытым ключам Y₁ и Y₂ соответственно.The inventive concept of the claimed new technical solution is to use finite algebras with a non-commutative associative multiplication operation, in which, in the general case, the result of performing a non-commutative multiplication operation depends on the order of the elements of the finite algebra over which the non-commutative multiplication operation is performed. Due to this, left and right local units simultaneously exist in algebras of the indicated type, and multiplication from the left by the right local unit R changes the value

and multiplying from the right by the left local unit L changes the value

The latter causes a significant increase in the computational difficulty of finding the private secret keys of the first and second users from their public keys Y ₁ and Y _2, respectively.

и умножения справа на левую локальную единицу L являются взаимно коммутативными с операцией возведения в степень элемента Z, т.е. выполняются соотношения

благодаря чему выполняется соотношение

и формированием каждым из абонентов одного и того же секретного ключа.In this case, the operation of multiplying from the left by the right local unit R changes the value

and multiplication on the right by the left local unit L are mutually commutative with the operation of raising to a power of the element Z, i.e. the relations hold

due to which the relation

and the formation by each of the subscribers of the same secret key.

Example 1: Generation of a finite algebra Γ with a non-commutative associative multiplication operation.

Consider ordered sets of MDCs ( a ₁ , a ₂ ,…, a _m ), each of which does not exceed some selected simple MDC p. Such a set is called a vector, and MDC a ₁ , and ₂ , ..., a _m - the coordinates of the vector, the value m≥2 is the dimension of the vector equal to the number of coordinates in the vector. The coordinates are MDCs belonging to the set MDC {1, 2, ..., p-1}, where p is a given prime MDC, over which the operations of addition and multiplication modulo p are defined. Another form of writing vectors is to write it as a sum of one-dimensional vectors, called vector components, each of which is a vector coordinate with a formal basis vector assigned to it. Let us denote formal basis vectors by lowercase Latin letters e, i, j, k, etc. In the last record, the order of writing the components of the vector does not matter, for example, the vectors Z ₁ = 523425е + 3676785i + 53453453j + 94734k and Z ₂ = 3676785i + 94734k + 523425e + 53453453j, where e, i, j, k are formal basis vectors, in which coordinates are MDC, are considered equal, i.e. Z ₁ = Z ₂ . For a finite dimension of vectors, we have a finite vector space with the operation of addition of vectors, performed according to the rule of addition of coordinates of the same name modulo a simple MDC p. When specifying the rule for the multiplication of vectors possessing the properties of being closed and distributive under the addition operation, we obtain a finite algebra.

The operation of multiplying two vectors a e + bi +… + qv and xe + yi +… + wv is determined by the rule of multiplying each component of the first vector with each component of the second vector, i.e. according to the formula:

with the subsequent replacement in each term of the product of pairs of basis vectors by a one-component vector in accordance with the so-called multiplication table of basis vectors (TUBV). The coordinates of such one-component vectors present in the TUBV are called structural coefficients, which in special cases can be equal to one or zero. After such a replacement, the right-hand side of the last formula will be the sum of one-component vectors. After adding them, in the general case, we get the result in the form of an m-dimensional vector of the form a '' e + b''i + ... + q''v, i.e. the closed property of the multiplication operation is ensured.

For the case of vectors of dimension m = 4, the record of some four-dimensional vector has the form Z = a e + bi + cj + dk. Ensuring the properties of non-commutativity and associativity of the finite algebra of four-dimensional vectors is realized, for example, when using TUBV, presented in the form of Table 2.

The generation of various variants of finite four-dimensional algebras with a non-commutative associative multiplication operation is carried out by generating various values of the simple MDC p and various specific values of the coefficients α and β.

To find the unit vector in the finite algebra under consideration, consider an arbitrary 4-dimensional vector V = ( a e + bi + cj + dk). Multiplying the vector V on the right by the unknown vector E = (xe + yi + zj + wk) and equating the result to V, we obtain the following vector equation for finding the unit on the right:

( a e + bi + cj + dk) (xe + yi + zj + wk) = ( a e + bi + cj + dk).

Multiplication of two vectors on the right side using table. 1 gives the following

Equating the coefficients in the left and right sides of the last equation with the same basis vectors, we obtain the following pair of systems of two linear equations with two unknowns:

and

The main determinant of systems (1) and (2) is equal to the same value

Δ = a b (1-αβ) + dc (αβ-1) = (αβ-1) (dc- a b)

The corresponding auxiliary determinants are

Δ _x = a b-cd; Δ _z = β (cd- a b); Δ _y = a b-cd; Δ _w = α (cd- a b).

Under the condition αβ ≠ 1 and dc- a b ≠ 0, both systems (1) and (2) have a unique solution and we obtain the following coordinates for the unit on the right:

Thus, under the condition αβ ≠ 1, for all vectors whose coordinates satisfy the condition dc ≠ a b, there is a unit on the right in the form of a vector with coordinates depending on the values of the structural coefficients.

To find the formula for units left multiply the vector (a e + bi + cj + dk) on the left to an unknown vector (xe + yi + zj + wk) and solve equation (xe + yi + zj + wk) ( a e + bi + cj + dk) = ( a e + bi + cj + dk).

Multiplying the parentheses on the right-hand side using Table 1 gives

Equating the coefficients at the same basis vectors, we obtain the following pair of systems of two linear equations with two unknowns:

and

The main determinant of each of systems (5) and (6) is equal to the value

Δ = (αβ-1) (dc- a b).

The corresponding auxiliary determinants are

Δ _x = a b-cd; Δ _z = β (cd- a b); Δ _y = a b-cd; Δ _w = α (cd- a b).

For αβ ≠ 1 and dc- a b ≠ 0, both systems (5) and (6) have a unique solution and we obtain the values of the coordinates for unity on the left, given by relations (3) and (4).

Thus, when these two conditions are fulfilled, the unit on the right and the unit on the left coincide, i.e. the ring has a single unit vector

It is easy to see that the vectors V whose coordinates satisfy the relation dc ≠ a b are invertible. Indeed, the vector equation V⋅X = E with unknown vector X has a unique solution (equal to the vector V ^-1 , inverse with respect to the vector V), if the vector equation V⋅X = V, considered when deriving the expression for the unit vector, has a unique decision. Vector E is a unit for the considered ring of four-dimensional vectors, i.e. multiplication of an arbitrary irreversible vector N on the left or on the right by E does not lead to a change in N.

All vectors whose coordinates satisfy the condition a b = cd are irreversible, i.e. there are no corresponding reciprocal values for them. It is easy to see that the number of irreversible vectors is large enough, namely, with the coordinate a ≠ 0 the number of irreversible vectors is equal to p ² (p-1), and with the coordinate a = 0-p (2 (p-1) +1) = 2p ^2- p. Thus, the number of irreversible vectors is

Consider the set of all irreversible vectors ( a , b, c, d) for which the relation a b = cd holds, for which the main determinant of systems (5) and (6) is equal to zero. However, in this case, the auxiliary determinants also turn out to be equal to zero, therefore each of the systems of linear equations (5) and (6) has p solutions. The latter means that for an irreversible vector Z = ( a , b, c, d) there is a set of vectors acting on Z as a unit from the left. Taking into account the linear dependence of the equations in system (5), we write down its solutions:

those. for a given irreversible vector Z = ( a , b, c, d), whose coordinates satisfy the condition a β + c ≠ 0, there are p ² different left units. The set of left local units corresponding to the vector Z is described by the formula:

A random choice of the left local unit L can be implemented as the generation of random values of the first and third coordinates k <p and h <p and the calculation of the second and fourth coordinates by formula (10).

Consider the question of the presence of local right units acting on a subset of vectors {Z ⁱ , i = 1, 2, 3…}. To find the class of local right units, one should solve a pair of systems (1) and (2). The solution of the last two systems leads to the following formula describing all the right local units corresponding to the vector Z and all its various powers:

where the first and fourth coordinates k and h take all possible values, and the second and third coordinates are calculated by formula (11).

Example 2: Implementation of the claimed method.

1. Generate a finite algebra Γ with a non-commutative associative multiplication operation for which

1.1) generate a simple 256-bit MDC p;

1.2) generate TUBV in the form of table 1, where α = 2 and β = 3.

2. A common element Z of a finite algebra Γ is formed in the form of an irreversible four-dimensional vector Z.

3. The first subscriber generates OK in the form of an element Y _{1 of a} finite algebra Г, for which

3.1) generate a private secret key of the first subscriber in the form of a vector R, which is a randomly selected right local unit of the vector Z.

3.2) generate a random MDC x ₁ <p;

3.3) form the OK of the first subscriber Y ₁ by performing calculations according to the formula

4. The OK of the first subscriber is transmitted to the second subscriber, for example, via an open telecommunication channel.

5. The second subscriber generates OK in the form of an element (vector) Y _{2 of the} finite algebra Г, for which

5.1) generate a personal secret key of the second subscriber in the form of a vector L, which is a randomly selected left local unit of the vector Z.

5.2) generate a random MDC x ₂ <p;

5.3) form the OK of the second subscriber Y ₂ by performing calculations according to the formula

6. The OK of the second subscriber is transmitted to the first subscriber, for example, via an open telecommunication channel.

7. The first subscriber generates a common secret key in the form of an element (vector) K of the finite algebra Г, depending on the OK of the second subscriber and the personal secret key of the first subscriber, for which calculations are performed using the formula

8. The second subscriber generates a common secret key in the form of an element K of the finite algebra G, depending on the OK of the first subscriber and the personal secret key of the second subscriber, for which calculations are performed using the formula.

As a result of the actions performed, the first and second subscribers generated the same secret key, which was not explicitly transmitted via OK. For an unauthorized person intercepting messages transmitted over the communication channel of subscribers, the calculation of the secret key K is computationally impracticable in practice when the size of the MDC p is equal to 160 bits or more. This embodiment of the claimed method for generating a shared secret key of two remote subscribers of a telecommunication system provides a reduction in the time for generating a shared secret key in comparison with the closest analogue method due to the fact that for a given level of security, the used size of the MDC p is about 6 times less than the bit width of a simple MDC in the prototype way.

The proof of the correctness of the work of the considered example of the implementation of the method consists in the proof that at steps 7 and 8 the first and second subscribers form the same element of the finite algebra G. Indeed, we have:

in step 7:

in step 8:

In the case of non-commutative finite algebras of four-dimensional vectors, the claimed method of forming a shared secret key of two remote subscribers of a telecommunication system provides sufficient security when choosing a simple MDC p of 160 bits or more. Thus, it is shown that the claimed method of forming a shared secret key of two remote subscribers of a telecommunication system is technically feasible and allows achieving the formulated technical result.

application

Interpretation of terms used in the description of the application

1. Binary digital electromagnetic signal - a sequence of bits in the form of zeros and ones.

2. Parameters of a binary digital electromagnetic signal: capacity and sequence of single and zero bits.

3. The bit depth of a binary digital electromagnetic signal is the total number of its one and zero bits, for example, the number 10011 is 5-bit.

4. Bit string - binary digital electromagnetic signal, represented as a finite sequence of digits "0" and "1".

5. Secret key is a binary digital electromagnetic signal used to generate a signature for a given electronic document. The secret key is represented, for example, in binary form as a sequence of digits "0" and "1".

6. Public key - a bit string, the parameters of which depend on the secret key. The public key is computed from the secret as the value of a one-way computable function, which makes it impractical to compute the private key from the public key.

7. Multi-bit binary number (MDC) is a binary digital electromagnetic signal interpreted as a binary number and represented as a sequence of digits "0" and "1".

8. Algebraic structure is a set of mathematical elements of some nature. Mathematical elements can be, for example, polynomials, MDC, MDC pairs, pairs of polynomials, MDC vectors, polynomial vectors, MDC matrices, polynomial matrices, etc., over which mathematical actions (operations) are specified. Algebraic structure is defined by specifying a specific set of mathematical elements and one or more operations performed on the elements.

9. A set of algebraic elements is an algebraic structure.

10. An element of an algebraic structure is a polynomial, vector, one bit string or a set of several bit strings, over which an algebraic operation is defined. When defining a specific type of algebraic structure, operations are defined on elements of the algebraic structure, which unambiguously indicate the rules for interpreting and transforming bit strings representing these elements. Conversions of bit strings implemented in computing devices correspond to operations performed on elements of a given algebraic structure.

11. A group is an algebraic structure (that is, a set of elements of different nature), over the elements of which one operation is defined, which, for a given operation, has the following set of properties: the operation is associative, the result of performing an operation on two elements is also an element of the same structure, there is a single element such that when an operation is performed on it and some other element a of the group, the result is element a . A detailed description of the groups is given in the books [A.G. Kurosh. Group theory. - M., publishing house "Science", 1967. - 648 p.] And [M.I. Kargapolov, Yu.I. Merzlyakov. Foundations of group theory. - M., publishing house "Science. Fizmatlit ", 1996. - 287 p.].

12. A group operation is an operation defined on the elements of a group. Usually the group defines the exponentiation operation, which is a derivative of the group operation. Exponentiation in a group is a multiple execution of a group operation on the same element. For example, for a group member and a natural number n by definition have a ⁿ = a ° a ° a ° a ° ... (n times), where «°» denotes the group operation.

где Е - единичный элемент группы.13. The unit element of the group Γ is an element such that performing an operation on it and on another arbitrary element Z of the group Γ results in an element Z, that is, for any Z∈Г we have

where E is the unit element of the group.

14. A finite algebra is a finite vector space in which the operation of multiplying a vector by a vector is additionally specified, the result of which is a certain vector, and the operation of multiplication is distributive with respect to the operation of addition of vectors.

15. Local units of algebra are some elements of algebra, such that when multiplying by them elements of algebra from a certain subset leave the latter unchanged, that is, local units act as units not on all elements of the algebra, but only on a certain subset of the elements of the algebra.

16. The left unit is an element of algebra that acts as a unit when performing a multiplication operation in which it is the left operand.

17. Right one is an element of algebra that acts as a unit when performing a multiplication operation, in which it is the right operand.

18. Global unit of algebra - an element of algebra, acting as a unit for all elements of algebra. If the global unit is two-sided, then it is the only one. If an algebra contains two or more global right (left) units, then there are no global left (right) units in the algebra and there is no global two-sided unit.

где Е - единичный элемент алгебры.19. The inverse element with respect to a given element Z of the algebra is some element of the algebra, denoted as Z ^-1 , such that

where E is the unit element of the algebra.

20. A non-commutative algebra is an algebra with a non-commutative multiplication operation, for which, in the general case, the result of its action on two elements of a group depends on their arrangement with respect to the sign of the group operation, for example, for two elements Z ₁ and Z _{2 of the} algebra, in the general case, the following holds: inequality

21. A vector is a set of two or more MDCs, called vector coordinates. The number of coordinates of a vector is called the dimension of the vector.

22. The operation of raising an element of the algebra V to a power equal to the natural number n is the operation of n-fold multiplication of the element V: n = V • V • V… • V (n times), where • is the designation of the multiplication operation. If the multiplication operation is associative, then algorithms for fast exponentiation can be applied, which allow you to quickly carry out exponentiation with a capacity of 1000 bits or more.

Claims (1)

A method for generating a common secret key of two remote subscribers of a telecommunication system, which consists in generating a finite set of algebraic elements Г with an associative operation of multiplication, forming a common element Z of a finite set of algebraic elements Г, the first subscriber generates his personal secret key and his public key in the form of an element Y _{1 of a} finite set of algebraic elements G, transmit the public key of the first subscriber Y _{1 to the} second subscriber, the second subscriber generates his personal secret key and his public key in the form of an element Y _{2 of a} finite set of algebraic elements G, transmit the public key of the second subscriber Y ₂ the first subscriber, the first subscriber generates a shared secret key in the form of an element K of a finite set of algebraic elements G, depending on the public key of the second subscriber Y ₂ and the private secret key of the first subscriber, and the second subscriber generates a shared secret key in the form of an element K of the final pl sets of algebraic elements Г, depending on the public key of the first subscriber Y ₁ and the private secret key of the second subscriber, characterized in that the first subscriber generates a public key Y ₁ by generating his private secret key in the form of an element R of a finite set of algebraic elements Г, which is right a local unit of a common element Z of a finite set of algebraic elements Г, and a natural number x ₁ and the subsequent generation of a public key Y ₁ according to the formula

the second subscriber generates a public key Y ₂ by generating his private secret key in the form of an element L of a finite set of algebraic elements G, which is the right-left local unit of a common element Z of a finite set of algebraic elements G, and a natural number x ₂ and subsequent generation of a public key Y ₂ according to the formula

moreover, as a finite set of algebraic elements Γ with an associative multiplication operation, a finite algebra with a non-commutative associative multiplication operation is generated.