RU2503135C1 - Method for cryptographic transformation of information and apparatus for realising said method - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: method is based on breaking down an initial 32-bit input vector into eight serial 4-bit input vectors. Conversion tables are placed in each replacement unit, each table having sixteen rows, each row having four padding bits corresponding to 4-bit output vectors. Four replacement units are used, one for each pair of 4-bit input vectors, wherein each replacement unit employs a 16-byte or more central processing unit register in which two conversion tables are placed, and conversion of pairs of 4-bit input vectors to pairs of 4-bit output vectors in accordance with the conversion unit is carried out by switching the rows of the conversion tables to the central processing unit register of the corresponding replacement unit using pairs of 4-bit input vectors in form of switching addresses, after which the 4-bit output vectors are combined in series into a 32-bit output vector.

EFFECT: high security and fast transformation of data in a processor.

3 cl, 2 dwg

Description

The invention relates to methods and means of cryptographic information conversion in electronic computing systems and computers.

A known method of stream cryptographic information conversion [RU 2357365, C2, H04L 9/06, 05/27/2009], which consists in the fact that cryptographic calculation is carried out in an electronic component according to a specific cryptographic algorithm, including at least one well-defined non-linear operation on k-bit data blocks, with k being an integer greater than 2, generate several intermediate masked data blocks of j bits (b ^⊕ m, with ^⊕ m2, ^Δ⊕ n) based on the original data block of k bits, where j is an integer chi scrapping less than k, then perform non-linear operation S on at least one j-bit masked intermediate data block ( ^Δ⊕ n) using the substitution table with 2 ^j inputs, obtaining a j-bit modified data block (S ( ^Δ ) ^⊕ n), which is combined with at least some of the indicated j-bit masked intermediate data blocks into one final k-bit block corresponding to the original k-bit data block, through a conversion including the specified precisely defined non-linear operation [RU 2357365 , C2, H04L 9/06, 05/27/2009].

The disadvantage of this method is its relatively high complexity in hardware and software implementation.

There is also a method of encrypting and decrypting information [RU 2266622, C1, H04L 9/06, 12/20/2005], characterized by the use of block reciprocal single-valued two-parameter, encryption and decryption, transformations based on tables with random filling of N lines each with a gamma sequence from random number sensor independent of information, and for an encryption block of length α bytes, a sequence of gamma lengths of α bytes is generated, changing for each block, and each byte is converted using two-parameter conversion of bytes v _i = F (u _i , ξ _i ) with the participation of quasi-random values of the gamma sequence ξ _i of 1 byte length, then the two-step operation is to generate an encryption block by combining bytes, the encryption conversion of combining bytes of the first stage with numbers i having values from 1 to α are performed by summing certain initial u _i and converted values v _i bytes:

and _i = v _i + v _{i + 1} + u _i for i = l, ..., (α-1); aα = vα + u ₁ + u ₂ + ... + uα,

the encryption conversion of the combination of second-stage bytes a _i with numbers i having values from 1 to α is performed in the form of recurrence operations F as follows: X _i = F (a _i , a _{i + 1} ) for i = l, ..., (α -one); Xα = aα, the decoding byte conversion is performed in the reverse order, and the second stage decryption conversion is first performed for the values of each received byte X ′ _i with number i having values from 1 to α, in the form of recurrent operations F ^-1 as follows: a ' α = X′α; a ' _I = F ^-1 (X' _i, a ' _{i + 1} ) for i = α-1, α-2, ..., 1, then the first stage decryption conversion is performed for the values of each byte a _i with number i having values from 1 to α, in the form of recurrent operations F ¹ as follows:

$${u^{\prime }}_i=F^{-\mathrm{one}}\left[\left({\displaystyle \sum _{j=\mathrm{one}}^{\alpha }{a^{\prime }}_j+{\displaystyle \sum _{j=\mathrm{one}}^{i-\mathrm{one}}{u^{\prime }}_j}}\right),{\xi }_i\right]dl\mathrm{I\; am}i=\mathrm{one,}...,\alpha .$$

The disadvantage of this method is its relatively high complexity in hardware and software implementation.

In addition, there is a method of encrypting binary information [RU 2091983, C1, H04L 9/00, G06F 12/16, 09/27/1997], which consists in the fact that they form an N-bit secret key with which to generate a stream cipher, which summarize modulo two with informational text, the stream cipher being formed in the form of K groups of N bits in each, where KN is the length of the binary information text, the first group of the stream cipher is formed by raising the N-bit secret key to the power n modulo P, the second group a stream cipher is formed by erecting an N-bit code of the first load the stream cipher is n-power modulo P, where n is the value of the bits of the least significant bits of the secret key, with 1 <n N <P 1, and each subsequent i group of the stream cipher, where i 3, 4, K is formed by raising the N-bit the code of the (i 1) -group of the stream cipher to the power m modulo P, where m is the bit value of the least significant bits of the (i 2) -group of the stream cipher, m <n, and before summing modulo two in each of the K groups of the formed stream cipher the bits are randomly mixed and stored.

The disadvantage of this method is its relatively high complexity in hardware and software implementation.

The closest in technical essence to the proposed method is a method of streaming cryptographic information conversion based on a breakdown of the original 32-bit input vector into eight consecutive 4-bit input vectors, each of which is converted into a 4-bit output vector by its corresponding replacement node, which carries out converting a 4-bit input vector to a 4-bit output vector by using the hexadecimal conversion table previously placed in it twenty rows containing four bits of padding per line, with each of the 4-bit input vectors determining the address of the line in the table, and filling the corresponding line in the table is the corresponding 4-bit output vector, which are sequentially combined into a 32-bit output vector [Information processing systems. Cryptographic protection. Cryptographic conversion algorithm. GOST 28147-89, p.1.2, p.2].

The disadvantage of this method is the relatively low stealth of cryptographic conversion when it is implemented in a computer, since the method implements tetrad (four bits) permutations in a 32-bit word, but the implementation of such permutations on the registers of modern computer processors is difficult, since the architecture of the x86 / 64 processors and its system teams not able to manipulate notebooks. For this reason, the implementation of such a conversion in the form of a software-implemented substitution block of eight replacement nodes with 64 bits of memory each is carried out in the main memory of the computer, which reduces the speed of the cryptographic conversion due to slow access to the tables located in the main memory, as well as the secrecy of the cryptographic conversion due to the placement of confidential information in shared memory.

The required technical result is to increase the secrecy and efficiency of cryptographic conversion when it is implemented on personal computers.

The required technical result with respect to the proposed method is achieved by the fact that in the method based on the breakdown of the original 32-bit input vector into eight consecutive 4-bit input vectors, each of which is converted by a corresponding replacement node into a 4-bit output vector, which are sequentially combined into a 32-bit output vector, and previously, at each replacement node, conversion tables of sixteen rows each containing four bits of filling in the order are placed e, which are the corresponding 4-bit output vectors, use four replacement nodes, one for each pair of 4-bit input vectors, and at each replacement node use a central processor register with a size equal to or greater than 16 bytes, into which two conversion tables are placed and the conversion of pairs of 4-bit input vectors into pairs of 4-bit output vectors in the corresponding replacement node is carried out by switching the previously placed rows of the conversion tables into the register of the central processor and replacing the corresponding unit by use of pairs of 4-bit input vectors as switching addresses.

In addition, the required technical result is achieved by the fact that SSE registers are used as the registers of the central processor.

Also known devices for cryptographic conversion of information.

One of such devices [RU 2091983, C1, H04L 9/00, G06F 12/16, 09/27/1997] contains a first adder modulo two, a register for storing a secret key, a block raising to an n degree modulo P, parallel-serial register a key group, four series-parallel registers, an exponent register, a bit sequence mixing unit, a second adder modulo two, a control unit, a key and AND and OR elements, and the output of the raising block to n degree modulo P is connected to the corresponding register inputs for secret key storage and the parallel-serial register of the key group, with the input of the base of the degree of the block raising to the n degree modulo P, with the outputs of the first serial-parallel register and the register for storing the secret key, the outputs of the n least significant bits of the block raising to the n degree modulo P are connected to the corresponding inputs of the exponent register, the outputs of the digits of which are connected to the inputs of the n least significant digits of the exponent of the block of raising to the n degree modulo P, the inputs of all the digits of the exponent are connected with the outputs of the corresponding bits of the second series-parallel register, the outputs of the m high bits of the block raising to the n degree modulo P, where m <n, are connected to the first information inputs of the mixing block bits of the sequence, the inputs of the module and the reciprocal of the module of the block raising to the n degree by module P are connected, respectively, with the corresponding outputs of the third and fourth series-parallel registers, and the information inputs of the second, third and fourth series-parallel reg strov are respectively inputs of the initial setting of the exponent, module and reciprocal, device module, and the information input of the first serial-parallel register is connected to the output of the OR element, the first input of which is the input of the initial setting of the value of the degree basis of the device, the second input of the OR element is connected to the output of the first AND element and the input of the signal for receiving the ciphertext of the control unit, the output of the second AND element is connected to the first inputs of the control unit and the second the adder is modulo two and with a key input-output and is the device’s plaintext input, the inputs of the initial installation of the first, second, third and fourth serial-parallel registers and the block of raising to the n degree modulo P are connected to each other and to the corresponding output of the control unit, the first inputs of the first and second elements And are interconnected and are the input for receiving the closed text of the device, the second inputs of the first and second elements And are connected with the corresponding outputs of the control unit, the second the input of the second adder modulo two is connected to the output of the mixing unit of the bit sequence and the first input of the first adder modulo two, the second input of which is connected to the output of the key, the input of which is connected to the output of the second adder modulo two, and the control input of the key is connected to the corresponding output of the block control and is the output of the output signal permission to receive the plaintext of the device, the output of the first adder modulo two is connected to the output of the third element And is the output of the closed text properties, the first input of the third element And is connected to the output of the register of the key group and the second information input of the mixing bit of the sequence bit, the control input of which is connected to the corresponding output of the control unit, the other outputs of which are connected respectively to the second input of the third element And, the inputs of the reception signals degree and clock pulses of the support of the raising blocks to n degree modulo P and the inputs of the control registers of the exponent of the secret key and key group, exit end signal exponentiation block construction in degree n modulo P is connected to the corresponding input of the control unit, the other inputs of which are respectively input mode determination encryption-decryption, generating a key sequence, the public key, the feed driving frequency and the initial installation of the device.

The disadvantage of this device is its relatively high complexity.

A device is also known [RU 2389141, C2, H04L 9/00, 05/10/2010], comprising, on the transmitting side, a key generator, a key matrix generation unit, an encryption unit, the second input of which is connected to the output of the information vector generation unit, the first input of which is connected in series connected to the output of the generating matrix generating unit, the second input is the information input of the device, and on the receiving side, the vector element sorting unit is connected in series, the other input of which is connected to the output of the generating unit a key matrix, the input of which is connected to the output of the key generator, a block for replacing the elements of the code vector, a block for multiplying the code vector by the Hadamard matrix, another input of which is connected to the output of the block for generating the Hadamard matrix, a decision block, the second input of which is connected to the output of the generating block matrix, the inverse transform unit, the output of which is the information output of the device, while the transmitting side also contains a control unit that generates a control signal for selection the length of the information vector to be encrypted, the output of which is the other input of the encryption block, and on the receiving side, the comparison block, the output of which is connected to the corresponding input of the decision block, the first input of the comparison side is connected to the output of the multiplication block, and the second input to the output of the block optimization, the input of which is connected to the output of the inverse transform block.

The disadvantage of the device is its relatively high complexity.

The disadvantage of this device is the relatively low secrecy of the cryptographic conversion during its software and hardware implementation using computers, since the implementation of the functional units and transformations proposed in the known device, for example, the block of multiplying the code vector by the Hadamard matrix, can be carried out in the main memory of the computer, which reduces the secrecy of cryptographic transformations due to the placement of confidential information in shared memory, as well as performance troystva because of the complex data transformations.

The required technical result is to increase the secrecy of cryptographic conversion, as well as the speed of the device, which increases the efficiency of cryptographic conversion when it is implemented on personal computers.

The required technical result is achieved by the fact that the input 32-bit register and four replacement nodes, each of which contains the SSE-register and two switches, are introduced into the device containing the information vector generation unit, while the information vector generation unit is made in the form of 32-bit an output register, eight inputs of which are connected to the outputs of the corresponding switches of the replacement nodes, information inputs of which are connected to the outputs of the SSE register of the corresponding replacement nodes, and address inputs are connected Nena to the respective outputs of the input 32-bit register.

The drawing shows:

figure 1 is an electrical block diagram of a device for cryptographic information conversion;

figure 2 is an example of a control circuit of the switches.

The device for cryptographic information conversion contains an input 32-bit register 1 and four replacement nodes, each of which contains a central processor register 2, for example SSE-registers of 16 or 32 bytes in size (ХММ or UMM registers), and two switches 3-1 and 3 -2, the management of which is implemented either by the standard command for managing switches, or by a command implemented in the microprogram control unit of the central computer processor.

In addition, the device for cryptographic information conversion contains a 32-bit output register 4, eight inputs of which are connected to the outputs of the corresponding switches 3-1 and 3-2, the information inputs of which are connected to the outputs of the register 2 of the central processor of the corresponding replacement nodes, and address inputs connected to the corresponding outputs of the input 32-bit register 1.

The proposed method of cryptographic information conversion is implemented in the device for its implementation as follows.

The device uses four replacement nodes, made, for example, on SSE-registers of the central processor, which relate to the internal equipment of the central processors of modern computers - 128-bit XMM registers, or 256-bit YMM registers. Modern x86 / 64 architecture processors incorporate a set of 16 byte SSE registers and specialized FPU multi-input byte switches (at least two) to perform various operations on these registers. On one SSE register, you can place two tables of 16 rows at once. Thus, four SSE registers will allow you to completely place all the replacement tables. The only condition for such placement is the interleaving requirement, according to which tetrads of one byte must be placed in different SSE registers. In addition, it is advisable to place the lower and upper tetrads of input bytes, respectively, in the lower and upper tetrads of bytes of SSE registers. These requirements are determined by optimization for the existing set of AVX commands.

Thus, each byte of the SSE register will contain two tetrads related to different bytes of the input register of the substitution block, while the position of the byte on the SSE register uniquely corresponds to the index in the conversion table of the replacement node.

Placing confidential information in the proposed device using SSE registers increases the secrecy of cryptographic conversion and its efficiency.

For effective selection from SSE registers, multi-input byte switches available as part of FPU processors can be used. These switches allow forwarding from any source byte to any receiver byte, using the indices in the special index SSE register. Moreover, forwarding is performed in parallel for all 16 bytes of the SSE-register-receiver. The switches are controlled either by the standard switch management command or by a special command implemented in the microprogram control unit of the central processor. In this case, the operation of the switches is controlled by a special three-address command AVX VPSHUFB, the first operand of which is the receiver of information from the switches, the second operand is the source to which the inputs of the switches are connected, and the third operand is the control register for the switches, each byte of which is associated with the corresponding switch and value it sets the direction number from which the switch reads information.

The implementation of this command is shown in figure 2 as an example of half of the SSE registers, since for the second half everything is similar.

Having nodes of substitution storage on SSE registers and a multi-input switch in FPUs, it is possible to organize the following transformation in a substitution block. In this scheme, the input register in each notebook sets the address for the corresponding switch, which transfers information from the SSE registers to the output register via the data bus. This makes it possible to simultaneously process four blocks of 32 bits at a time, i.e. count four crypto procedures in parallel.

Thus, thanks to the proposed implementation of the method of cryptographic information conversion and the device that implements this method, the required technical result is achieved in increasing the secrecy of the conversion and its efficiency in the program-technical implementation of the method in modern computers, since the efficiency and corresponding speed are ensured by the exclusion of the use of random access memory, and secrecy - for account excluding the placement of confidential information in random access memory room

Claims (3)

1. The method of cryptographic information conversion, based on the breakdown of the original 32-bit input vector into eight consecutive 4-bit input vectors, each of which is replaced by a corresponding replacement node into a 4-bit output vector, which are sequentially combined into a 32-bit output vector moreover, preliminary, in each replacement node, conversion tables of sixteen rows each containing four fill bits per line are placed, which are corresponding 4-bit output vectors, characterized in that use four replacement nodes, one for each pair of 4-bit input vectors, with each replacement node using a central processor register with a size equal to or greater than 16 bytes, into which two conversion tables are placed, and the conversion of pairs of 4-bit input vectors to pairs of 4-bit output vectors in the corresponding replacement node are switched by switching previously placed rows of conversion tables into the register of the central processor of the corresponding replacement node by using 4-bit pairs s input vectors as switching addresses. 2. The method according to claim 1, characterized in that SSE registers are used as the registers of the central processor. 3. A device for implementing the method according to claim 1, containing a block for generating an information vector, characterized in that an input 32-bit register and four replacement nodes were introduced, each of which contains an SSE-register and two switches, while the information vector generation unit is made in the form of a 32-bit output register, eight inputs of which are connected to the outputs of the corresponding switches of the replacement nodes, information inputs which are connected to the outputs of the SSE register of the corresponding replacement nodes, and the address inputs are connected to the corresponding outputs of the input 32-bit register.

Images