UA119097C2 - METHOD OF CRYPTOGRAPHIC CONVERSION OF BINARY DATA (OPTIONS) - Google Patents

Abstract

The invention relates to the field of computer engineering, and in particular to methods of cryptographic data conversion. Method for cryptographic conversion of data blocks, comprising splitting the input bit block of data into 64-bit sub blocks, represented as a state matrix consisting of two columns and eight rows of byte segments of the input block of data, further primary whitening of the output block by adding each column of the state modulo 264 with the corresponding parts of the first subkey and subsequent iterative cycle transformations, each of which includes the processing of columns of the state matrix by nonlinear operations other transformations of bytes byte S-blocks, linear transformations of columns of the state matrix, performed by cyclic shift of rows of the state matrix by a certain number of bytes, multiplying the values of the columns of the state matrix on the MDV matrix of size 8 × 8 and summing the resulting elements of the state matrix matrix composed of bytes of the current loop sub-module 2, with only ByteSub operations performed in the last loop and summing the output data block with the last loop sub-mod ulem 2, where for the 128-bit cipher after the operation of whitening at its input instead of the first cycle introduces a new cycle transformation, which includes two layers sequentially included in the chains of two SL conversions, and each SL conversion of the first layer processes the results of addition module 2 next column the state matrix obtained after composing the input data segment modulo 264 with a segment of the loop connection, with the output value of the previous SL conversion, and for a 256-bit cipher after the operation of whitening at its input at the first cycle enters a new cycle transformation, which includes two layers sequentially included in the chain of four SL transformations, each SL transformation of the first layer performs the assembly results of module 2 of the next column of the state matrix obtained after adding the input segment of the module 264 with segment segment 244 connection, with the output value of the previous SL conversion, and then the output value of the last SL conversion in the chain of the first layer is used to form the last column of intermediate m state of the condition. The technical result achieved by the present invention is to increase the speed, reduce the number of cycles of encryption without reducing the stability.

Description

assembly of the input segment of data according to module 269: with the segment of the cyclic subkey, with the output value of the previous 51 transformation, and then the output value of the last 5 transformations in the chain of the first layer is used to form the last column of the intermediate state matrix. The technical result achieved by this invention is an increase in performance, a reduction in the number of encryption cycles without reducing stability indicators.

NxThe current matrix of the state of x p z i for x six of them. , ze ; . Mon

I

B

AND

; дя с вне : их : и Хом! nn jan

Pyhidna em eye KK AK KM ih Ya

Fig. 1

Ж розый феетувиве es Re sazhu tki uki zhh also KKZ

The first cycle of transformation of ShiOruKalyna-! 25.

The invention belongs to the field of computer technology, namely to methods of cryptographic data transformation.

Known methods of cryptographic transformations of data (1-3 and others) using in the formation of cyclic functions the multiplication of the outputs of a set of bytes on a matrix with the maximum permissible distance (MDV matrix). The technology using the multiplication of 5-block outputs on the matrix of MDV codes is today called a wide trace strategy .

The peculiarities of the constructions of these cyclic transformations are that when activating one byte at the input of the cipher, they make it possible to activate only one byte on the first cycle

C-block of the cyclic function, which leads to the fact that on the second cycle it is possible to activate only part of the 5-blocks, and only on the third cycle all the 5-blocks of the cyclic function are already activated. As a result, for the arrival of, for example, ciphers. and Kalina, it takes at least 4 cycles for 128-bit and 256-bit ciphers to reach the state of random substitution based on differential and linear indicators |4).

A method of cryptographic transformation of data blocks |5I| is also known and its improvement

IBI, in which, in order to ensure improved indicators of the arrival of the cipher to the state of random substitution, an additional mixing transformation is introduced at the beginning of the cipher based on the representation of the data block at the input of the first cycle in the form of a summation of its 32-bit segments modulo 2. When constructing this method, the task was set to ensure activation of at least two 5-block cyclic functions. Indeed, one active byte at the input of such a cipher will activate three 5-blocks of the first cycle. But, as the analysis shows, it is possible to activate a smaller number of 5-blocks of the first cycle due to the selection of the differences of the input segments in the first cycle in such a way that there are zero differences for all input segments except the last one (for example, the differences differ from zero only for the right bytes first and last segments of the input data block). In addition, with the considered approach, it is not possible to activate all 5-blocks of the second cycle, only a part of them is activated.

The method implemented in the Kalina cipher (Information technologies. Cryptographic protection of information.

Algorithm of symmetric block transformation: DSTU 7624:2014. - K.: Derzhspozhivstandart

of Ukraine, 2015. - 238 sat. - (National Standard of Ukraine), which consists in implementation

From the multi-cycle procedure of cryptographic transformations, which includes the breakdown of the input block of data into 64-bit sub-blocks (columns of the state matrix), which are subjected to primary whitewashing of the output data block using the summation of the columns of the state matrix modulo 261 (operation АЯааб4НоипаКеу) with the corresponding columns of the cyclic subkey and further multi-cycle iterative transformation, in each cycle of which the columns of the input state matrix are subjected to 4 consecutive operations: Vuiebir, ZNSHNAOom, MixSoYiShtip and

HOVAoipaKeu, and on the last cycle in the Kalina cipher (DSTU 7624:2014) for the compactness of the implementation and to increase the speed, the linear transformation operation is saved

MixSoIptpv, and summation with the last cyclic subkey modulo 2 (operation dDaab4Noypakeu) is also applied.

The shortcoming of the prototype is the speed limitation associated with the low number of 5-blocks that are activated in the first cycles, which limits the minimum number of cycles of cipher output to random substitution even with the use of selected 5-blocks.

The technical task of the invention is to create a method of cryptographic conversion of binary data with increased speed without reducing stability, as well as the implementation of the possibility of using 5-blocks of random type in the cipher by improving the dynamic indicators of the cipher's arrival to the state of random substitution.

If we agree that the acquisition of the asymptotic values of the maxima of differential and linear probabilities by the cipher characterizes the moment from which the cipher reaches potential indicators of stability, then it can be considered that the faster arrival of the cipher to the state of random substitution means an increased level of its resistance to known cryptanalytic attacks. , that when the indicators of the arrival of the cipher to the state of random substitution are improved, it is possible to reduce the number of encryption cycles without reducing the indicators of the stability of the cipher, which is an increase in its speed (the number of encryption cycles is taken to be three to four times greater than the depth of the avalanche effect - the number of cycles of the arrival of the cipher to state of random substitution), and the reserve of the number of 5-blocks activated in the first cycles allows the use of 5-blocks of random type in the cipher.

It was established that the only possibility to increase the minimum number of activated 5-blocks of the first cycle is to make it two-layered and at the same time make sure that the maximum number of 5-blocks of the second layer is activated, and within the limit, if possible, all 5-blocks of the second at once (516) layer

This problem is solved by the fact that in the method of cryptographic transformation of data blocks (option 1), which includes breaking down the input bit block of data into 64-bit sub-blocks, which are represented in the form of a state matrix consisting of two columns and eight rows of byte segments of the input block data, further initial whitewashing of the original block of data by adding each state column modulo 267 with the corresponding fractions of the first subkey (operation Aaaba4NoypakKeu) and subsequent iterative cyclic transformations, each of which includes processing the columns of the state matrix using the operations of non-linear transformations of bytes by 5-blocks ( Vuiebir operations over 8 5-blocks), linear transformations of the columns of the state matrix, which are performed by cyclically shifting the rows of the state matrix by a specified number of bytes (operations ZPNANOm5), multiplication of the values of the columns of the state matrix by the MDV of the 8x8 matrix (operations MixSoYiptp5 over 8 -ma bytes) and summation of the resulting elements iv matrix of states with the elements of the corresponding matrix, consisting of bytes of the current cyclic subkey modulo 2 (operations HOVNoshpackeu), and on the last cycle only operations Vuiebzyi and summation of the output data block with the last cyclic subkey modulo 2697 (operation daaba4Voishpakeu) are performed, according to the invention , for a 128-bit cipher after the whitewashing operation at its input (composition with a cyclic subkey modulo 2594), instead of the first cycle, a new cyclic transformation is introduced, which includes two layers of two 5I transformations sequentially included in chains (for each layer), and each 5I transformation of the first layer performs processing of the results of assembly by module 2 of the next column of the state matrix obtained after assembly of the input segment of data by module 254 3 segment of the cyclic switch (whitening operations), with the output value of the previous

3rd transformation (only the first column of the state matrix is applied to the first 5 transformations), and then the value of the output of the last 5th transformation in the chain of the first layer is used to form the last column of the intermediate state matrix, and the outputs of the other 5 transformations after summation by modulo 2 with the output of the last 5th transformation of the first layer is used to form other columns of the intermediate state matrix, after which the columns of the formed intermediate state matrix are fed to the inputs of 5 transformations of the second layer, and each 5 transformations of the second layer process the results of adding modulo 2 columns of the intermediate state matrix with the output value of the previous 51 transformation ( on

Only the first column of the intermediate state matrix is fed from the first 5 transformations of the second layer) and the new state matrix formed in this way from the outputs of the 5 transformations of the second layer is fed to the input of the second cycle of the cipher of the standard type, and the total number of encryption cycles is reduced to eight, namely 5 transformations at this is carried out using operations of non-linear transformations using 8-byte 5-blocks (operation

Vuiebir for 8th 5-blocks) and multiplying the values of the outputs of the 8th 5-blocks by the MDV matrix of size 8x8 (MixSoYshtp operation as in Vi|paavye!-i, but over the eight 5-blocks).

This problem is solved by the fact that in the method of cryptographic transformation of data blocks (option 2), which includes the division of the input p-bit data block into 64-bit sub-blocks, which are represented in the form of a state matrix consisting of four columns and eight rows of byte segments of the input block of data, further initial whitewashing of the original block of data by adding each column of the state modulo 297 with the corresponding fractions of the first subkey (operation Aaaba4NoypakKeu) and subsequent iterative cyclic transformations, each of which includes processing the columns of the state matrix by means of operations of non-linear transformations of bytes by 5-blocks (operations Vutezyb), linear transformations of the columns of the state matrix performed by cyclically shifting the rows of the state matrix by a specified number of bytes (operations ZNIAOmM5), multiplying the values of the columns of the state matrix by the MDV of the 8x8 matrix (operations MixSoYishtpv) and summing up the resulting elements of the state matrix with elements of the corresponding matrix, consisting of bytes of the current cyclic subkey modulo 2 (operations

HOVAoOypaKeu), and on the last cycle, only the operations Vuiebib and the summation of the output data block with the last cyclic subkey according to modulo 2697 are performed (operation

Adaba4RoypakKeu), according to the invention, for a 256-bit cipher, after the whitewashing operation at its input (composition with a cyclic subkey), a new cyclic transformation is introduced instead of the first cycle, which includes two layers of sequentially included in chains of four (for each layer) 5I transformations, and each The 5I transformation of the first layer processes the results of the assembly by modulo 2 of the next column of the state matrix obtained after the assembly of the input data segment by modulo 291 with the segment of the cyclic subkey (whitening operation), with the output value of the previous 5I transformation, and then the output value of the last 5I transformation in the chain of the first layer is used to form the last column of the intermediate state matrix, and the outputs of the other 5I transformations after summation 60 modulo 2 with the output of the last 5 transformations of the first layer are used to form the other columns of the intermediate state matrix, after which the columns of the formed intermediate state matrix are fed to the inputs 51 again ren of the second layer, and each 5I transformation of the second layer processes the results of adding modulo 2 columns of the intermediate state matrix with the output value of the previous 5I transformation, and the new state matrix formed in this way from the outputs of 5 transformations of the second layer is fed to the input of the second cycle of the standard type cipher, and the total number of encryption cycles is reduced to eight, and the 5I transformation itself is carried out with the help of nonlinear transformation operations using 8-byte 5-blocks (the "Wuieba" operation for the 8th 5-blocks) and multiplication of the output values of the octets of the 5-blocks by the MDV matrices of size 8x8 (MixSoYshtp operation as in Vi|paave!-i, but over eight 5-blocks),

In Fig. 1 presents a diagram of an improved cyclic transformation for a 128-bit cipher.

In Fig. 2 shows the scheme of the improved cyclic transformation for a 256-bit cipher. The elements that make up the circuits and the connections between them have already been discussed above and need no explanation.

The proposed constructions of new cyclic transformations allow, even when activating one byte of the cipher input for the rightmost 5 transformation, to activate in the improved Kalina-128 cipher all 16 5-blocks of the second layer of transformations and subsequent cycles (one active 5-block of the last 51 transformations after the operation MihSoYishtp activates all 5-blocks of the second layer of transformations of the first cycle.

As a result, on the first two cycles of the 128-bit cipher, it is activated with a high probability

C3C3s are 5-blocks, and the cipher reaches the state of random permutation in two cycles.

In a 256-bit cipher, 65 5-blocks are activated in the first two cycles, and the cipher even in this case reaches the state of random substitution in two cycles.

Indicators of randomness of ciphers constructed according to the proposed method. In this section, we present the results of the estimation of the expected parameters of the transition of the cipher to the state of random substitution.

In accordance with the idea of the approach developed in (7, 8|) it is necessary to evaluate the minimum number of active (involved 5-blocks), after passing which

With random substitution. This minimum number is determined by the differential and linear indicators of the 5-blocks themselves, used in the cipher, the constructions and properties of its cyclic transformations, as well as the values of the indicators of the evidential stability of the cipher, which depend on the size of its bit input. In the work (7/I| this relationship between the specified indicators is defined in the form of two ratios: dB IRer - (Orla), IRUu - 2 PE s) t ORlah 5 I Rylyah o . . m shoh . ut and the maximum values of the differential and linear probabilities of the substitution transformations of the cipher(s). IRO differential indicator of proof security (Oipnegepiia|paiKaiogoiRgomabiezesityu) and Re (IpeappaiiisaigoiRgomabiebesityu) - a linear indicator of proof security, KeKap is the minimum number of active 5-blocks participating in the formation of the transition of the cipher to random substitution.

Using the calculated relations established in work (9), we can come to the conclusion that the expected value of the maximum of the differential transition for a cipher with a 128-bit input turns out to be close to 121, and the expected value of the maximum displacement of the linear case for a cipher with a 128-bit input turns out to be close to to 257. Accordingly, we get that the maximum values of the linear and differential probability for a cipher with a 128-bit input are close to each other and equal to approximately 2-20 (close to the complexity of a full key enumeration attack).

Based on the above ratios and the given results, it can be concluded that for a cipher with a 128-bit input, it is necessary to reach the state of random substitution by differential transitions when using 5-blocks of the Kalina cipher with . . with. ОР" -2 o. . . "ro "o 5/ by indicators of 5-uniformity equal to tah (corresponding to the equality ),

Clip 724. active 5-blocks.

Similarly, to arrive at a state of random substitution of a cipher with a 128-bit input according to linear indicators when using 5-blocks with linear probability values equal to l -483 --21.. eok-Che-483 that

INtakh 72 (with nonlinearity 104) will be required (2 -e e Y, Kap -Z2 active 5- blocks.

Recall that in the original design of the Kalina-128 cipher, the number of active 5-blocks for the first two cycles is 9, for three cycles there will be 25, for four there will be A. So, the original 128-bit cipher with 5-blocks with differential indicators ORtakh 72 comes to random substitution in three cycles, and according to linear indicators for 5-blocks with

B ib-e52 07 for four.

We have already established above that the minimum number of active 5-blocks for the first two cycles of the improved Kalina-128 is 33.

This means that the proposed cipher, both by differential and linear indicators, reaches a random substitution in two cycles.

For the arrival of the 256-bit Kalina cipher to the state of random substitution by differential transitions when using 5-blocks with indicators of b-uniformity, . OR - 2. . . at g. equal tachs (according to the equality ), a Ktip-50 of active 5-blocks is required, and for linear indicators when using 5-blocks with marginal indicators of nonlinearity

ORl. With | | ooe-250 nok trv3 equal tah (corresponding to equality), you need Ktip-bo-t active 5-blocks.

For the original design of the Kalina-256 cipher, the number of active 5-blocks for the first two cycles is also 9, for three cycles there will be 24, for four there will be 56. So, even in this case, the original cipher reaches the state of random substitution in four cycles.

In the improved 256-bit cipher, 33 5-blocks are activated in the first two cycles, 65 5-blocks are activated in three cycles.

This means that for 5-blocks with differential and linear exponents of the Kalina cipher, the proposed cipher reaches the state of random substitution in two cycles.

The general conclusion from the given results is that the presented improved designs of ciphers can use a reduced number of encryption cycles, which allows to increase their speed. An important result is also contained in the fact that improved Kalin ciphers practically become random substitutions on the second cycle and when using random 5-blocks (61.

Performance evaluation of improved ciphers

As in the paper (|9), when estimating the computational complexity, we will focus on the number of HOV

From the operations performed by the cipher in the process of encryption and decryption. We will proceed from the fact that in order to perform the MichSoiishtp5 operation in the optimized version of the cipher, when using the MDV matrix of size 8x8, it is necessary to perform 7 HOK operations (101.

Then, in the improved Kalina-128 cipher, the first cycle is 2-3-2x14-35th

HOV-s, and 33416x742-147th HOV operations will be performed on the 8th cycles.

We will remind that in the Kalina-128 cipher there are 16x10-44-164 HOK operations for 10 cycles, that is, our cipher exceeds the performance of the basic version of the Kalina cipher.

For a 256-bit advanced cipher, you need to perform 43x72x28-81-n HOV on the first cycle. For an 8-cycle cipher, then 81432х7-4-309 ХОВ operations will be required.

In the original Kalina-256, there are 32x14-8-456 HOVs for 14 cycles, that is, the improved Kalina cipher will be almost 1.5 times faster than the original development.

However, this does not take into account the costs of the master key deployment procedure,

It is implied that the key deployment scheme, as shown by our studies |10), can be made much simpler.

You can, of course, consider this two-layer transformation as two cycles, but the number of 5-blocks activated in the first encryption cycles of our proposal will significantly exceed the indicators of many known designs. And this leads to the fact that 5-blocks of random type can be used in the improved cipher without reducing stability.

The proposed method can be implemented using devices, the connections between which are illustrated by the block diagram presented in fig. 3. The cipher begins with a non-trivial cycle presented in the upper part of fig. Z, where: 1 - open text storage, 2 - whiteout block, Z - new cyclic transformation, 4 - storage registers of cyclic subkeys. Next are: 5 - block of six-cycle encryption of the main variant of the Kadina cipher, 6 - block of encryption of the 8th cycle of the Kalina cipher, 7 - accumulator-former of the encrypted data block. The connection between blocks does not require detailing.

Sources:

1. Oaetepapam. Virtep AE5Rgorosa!: Viipdaye!i. 14 AEZSopiehepse, Saiyogia, OBA, 1998. pEru/Llimly. half. house/aev. 2. Information technologies. Cryptographic protection of information. Algorithm of symmetric block transformation: DSTU 7624:2014. - K. Derzhspozhivstandard of Ukraine, 2015. - 238 p. - (National Standard of Ukraine). 3. Horbenko I.D. Promising block symmetric cipher "Kalyna" - main provisions and specification / I.D. Horbenko, V.I. Dolgov, R.V. Oliinikov and others // Applied radio electronics. - Kharkiv: Khturoz. - 2007. - Vol. 6, Mo. 2. - P. 195-208. 4. Pat. 111448 Ukraine, IPC NO 29/14 (2006.01) NOo4I. 9/14 (2006.01) НО4 9/06 (2006.01).

Method of cryptographic transformation of binary data / I.D. Horbenko, V.I. Dolgov, Lysytska

I.V. and others (Ukraine); the applicant is JSC IT, Kharkiv. Me a201503976; statement 04/25/2015; published 04/25/2016, Bul. Mo 8-20 p.m. 5. Pat. 111448 Ukraine, IPC НО4И 29/14 (2006.01) НО 89/14 (2006.01) НО4И 9/06 (2006.01). The method of cryptographic transformation of binary data / Horbenko I.D., Dolgov V.Y.,

Lysytska I.V. and others (Ukraine); the applicant is JSC IT, Kharkiv. MO a201503976; statement 04/25/2015; published 04/25/2016, Bul. Mo 8-20 p.m. 6. Dolgov V.I. Improved block symmetric cipher Kalina / V.I. Debt,

I.V. Lysytskaya, K.E. Lysytsky // 0485-8972. - All-Ukrainian radio engineering. interdisciplinary scientific and technical Sat. - 2016. - Issue 186. - pp. 119-131. 26. 7. Lysytsky K.E. Dynamic indicators of the arrival of block ciphers to the state of random substitution / K.E. Lysytsky // Izdatelsky dom GAR Ii AMVEVT AsadetisRybii5pipa, - 2014-60 p. IBVIM-13. 978-3-659-2891 9-4. 8. SbogrepKo I.O. Op Sirneg5 Sotipoa o a biaiopagu biaiye oi Wapdot BiB5yshiop / 1.0.

Syuogrepko, K.E. I izivKiu, O.5. Oepibzom // Opimegza! the children of EIesitis! apa Eiesigopis Epdipeegipa, 2, 206-215. swarms 10.13189/tsieee. 2014.020409. 9. Horbenko I.D. Properties and opportunities for optimization of cryptographic transformations in AE5-VIIIMOAEI / I.D. Horbenko, D.A. Chekalyn // Radio engineering. All-Ukrainian Mezhved scientific and technical Sat. 2001. Vp. 119. P. 36-42. 10. Dolgov V.I. New concept of designing block symmetric ciphers / V.I.

Zo Dolgov, I.V. Lysytskaya, K.E. Lysytsky // 0485-8972. - Radio engineering - All-Ukrainian. interdisciplinary scientific and technical Sat. 2016. - Issue 186. - pp. 132-152. 27.

Claims (2)

FORMULA OF THE INVENTION 35 1. A method of cryptographic transformation of data blocks, which includes the division of the input p-bit data block into 64-bit sub-blocks, presented in the form of a state matrix consisting of two columns and eight rows of byte segments of the input data block, further primary whitewashing of the original data block by adding each column of the state modulo 2 with the corresponding fractions of the first subkey (AdaNoypakKeu) and 40 subsequent iterative cyclic transformations, each of which includes processing the columns of the state matrix using the operations of non-linear transformations of bytes by byte 5-blocks (Vueivrb), linear transformations of the columns of the matrix of states, which are performed using a cyclic shift of the rows of the matrix of states by a specified number of bytes (ZPIYNOmv5), multiplication of the values of the columns of the matrix of the state by the matrix with the maximum permissible distance (MDV) of size 8x8 45 (MixSoishtpv) and summing up the resulting elements of the matrix of states with elements the corresponding matrix, glass denium from the bytes of the current cyclic subkey modulo 2 (AdaKoypakKeu), and on the last cycle only Vuiezib operations and summation of the output data block with the last cyclic subkey modulo 2 (AdaNoshipakKeu) are performed, which differs in that for a 128-bit cipher after the whitewashing operation at its input, a new cyclic 50 transformation is introduced, which includes two layers of sequentially included in chains of two 51 transformations, and each 5I transformation of the first layer performs processing of the results of assembly by module 2 of the next column of the state matrix obtained after assembly of the input data segment by module 261 with the segment cyclic subkey, with the output value of the previous 51 transformation, and then the output value of the last 5I transformation in the chain of the first layer 55 is used to form the last column of the intermediate state matrix, and the outputs of other 51. transformations after summation by modulo 2 with the output of the last 5I transformation of the first layer are used for formation other columns of the intermediate state matrix, after which the columns of the formed intermediate state matrix are fed to the inputs of 51 transformations of the second layer, and each 5I transformation of the second layer performs the processing of the results of adding modulo 2 columns of the intermediate state matrix with the output value of the previous 5 transformation and formed in this way from of the outputs of the transformations of the second layer, the new state matrix is fed to the input of the second cycle of the cipher of the standard type, and the total number of encryption cycles is reduced to eight, namely, 5 transformations are carried out using 8-byte 5-blocks and multiplying the values of the outputs of the 5-blocks by the MDV matrix size 8x8. 2. The method of cryptographic transformation of data blocks, which includes the breakdown of the input data block into eight 64-bit sub-blocks, presented in the form of a state matrix consisting of four columns and eight rows of byte segments of the input data block, further primary whitewashing of the output data block using adding each column of the state modulo 291 with the corresponding fractions of the first subkey (Aaaba4RoypakKeu) and subsequent iterative cyclic transformations, each of which includes processing the columns of the matrix of states using the operations of nonlinear transformations of the bytes of each column by byte 5-blocks (Vuiebib), linear transformations of the resulting columns of the matrix of states performed by cyclic shifting of rows of state matrices (PANOM c) by a specified number of bytes and multiplication of the byte values of the resulting columns of the state matrix by a matrix with the maximum permissible distance (MDV) of size 8x8 (MixSoYshtp5), forming new values of the columns of the state matrix, and further about the summation of the resulting elements of state matrices with the elements of the corresponding matrix, consisting of bytes of the current cyclic subkey modulo 2 (AdaVoipaKeu), and on the last cycle, only Vuieb operations are performed and the summation of the output data block with the last cyclic subkey modulo 2 (Adab4NoypakKeu), which is different by the fact that for a 256b-bit cipher, after the whitewashing operation, a new cyclic transformation is introduced at its input, which includes two layers sequentially included in chains of four 51 transformations, and each 51 transformation of the first layer performs processing of the results of the addition modulo 2 of the next column of the obtained state matrix after assembling the input segment of data according to module 2 with the segment of the cyclic subkey, with the output value of the previous 5 transformation, and then the output value of the last 5I transformation in the chain of the first layer is used to form the last column of the intermediate state matrix, and the outputs of the other 5I transformations after summation by m odule 2 with the output of the last 5 transformations of the first layer is used for the formation of other columns of the intermediate state matrix, after which the columns of the formed intermediate state matrix are fed to the inputs 51 of the transformations of the second layer, and each 5I transformation of the second layer performs the processing of the addition results modulo 2 of the columns of the intermediate matrix of the state with the initial value of the previous 5I transformation, and the new state matrix formed in this way from the outputs of the 5 transformations of the second layer is fed to the input of the second cycle of the cipher of the standard type, and the total number of encryption cycles is reduced to eight, namely, the 5I transformation is carried out with the help of nonlinear transformation operations using 8-byte 5-blocks and multiplying the output values of 5-blocks on the MDV matrix of size 8x8. o Input matrix of the SM pond: you Yv Vykhedna Fig. 1 The first cycle of the transformation of shnfrUKalivani and,