Algorithms of enciphering

 

The review of the algorithms of enciphering extended in the world allows not only to pick up necessary algorithm in your problem, but also to estimate expenses for its realisation and possibilities expecting the user and the requirement.

Enciphering - a method of protection of the information

   From time immemorial there was no value большей, than the information. The XX-th century - a century of computer science and information. The technology gives the chance to transfer and store the increasing volumes of the information. This blessing has also a back. The information becomes more and more vulnerable for various reasons:

  • Increasing volumes хранимых and the transferred data;

  • Expansion of a circle of the users having access to resources of the COMPUTER, to programs and the data;

  • Complication of modes of operation of computing systems.

   Therefore the increasing importance is got by a problem of protection of the information from unapproved access (НСД) by transfer and storage. Essence of this problem - constant struggle of experts in protection of the information against "opponents".

Characteristics of compound algorithms of enciphering

The algorithm name

The size of a key, bit

The size of the block, bit

The size of a vector of initialization, bit

Quantity of cycles of enciphering

Lucipher

128

128

 

 

DES

56

64

64

16

FEAL-1

64

64

4

 

B-Crypt

56

64

64

 

IDEA

128

64

 

 

GOST 28147-89

256

64

64

32

   Information protection - set of actions, methods and the means providing:

  • Exception НСД to COMPUTER resources, programs and the data;

  • Check of integrity of the information;

  • Exception of unapproved use of programs (protection of programs against copying).

   The obvious tendency to transition to digital methods of transfer and information storage allows to apply the unified methods and algorithms to protection discrete (the text, a fax, a telex) and continuous information (speech).
   The tested method of protection of the information from НСД - enciphering (cryptography). Enciphering (encryption) name process of transformation of the open data (plaintext) in ciphered (шифртекст, ciphertext) or the ciphered data in opened on certain rules with application of keys. In the English-speaking literature zashifrovanie/rasshifrovanie - enciphering/deciphering.
   By means of cryptographic methods probably:

  • Information enciphering;

  • Digital signature realisation;

  • Distribution of keys of enciphering;

  • Protection against casual or deliberate change of the information.

   Certain demands are made to algorithms of enciphering:

  • High level of protection of the data against decoding and possible updating;

  • Security of the information should be based only on knowledge of a key and not depend on that, the algorithm or not (a rule of Kirkhoffa) is known;

  • Small change of the initial text or key should lead to considerable change of a text in code (effect of "collapse");

  • The area of values of a key should exclude possibility of decoding of the values of a key given by search;

  • Profitability of realisation of algorithm at sufficient speed;

  • Cost of decoding of the data without knowledge of a key should exceed cost of the data.

Legends of olden time deep...

Boris Obolikshto

  Cryptology - an ancient science and usually it underline the story about Julia Caesar (100 - 44 BC) which correspondence with Tsitseronom (106 - 43 BC) and other "subscribers" in Ancient Rome was ciphered. Caesar's code number, differently the code number of cyclic substitutions, consists in replacement of each letter in the message the alphabet letter, отстоящей from it on the fixed number of letters. The alphabet is considered cyclic, that is after Z follows A. Caesar replaced the letter with the letter, отстоящей from initial with three.
  Today in cryptology it is accepted to operate with symbols not in the form of letters, and in the form of numbers, to it corresponding. So, in the Latin alphabet we can use numbers from 0 (corresponding A) to 25 (Z). Designating the number corresponding to an initial symbol, x, and coded - y, we can write down an application rule подстановочного the code number:

y = x + z (mod N), (1)

Where z - a confidential key, N - quantity of symbols in the alphabet, and addition on module N - the operation similar to usual addition, with that only difference that if usual summation yields result, больший or equal N value of the sum considers its remainder of division on N.
  Caesar's code number in the accepted designations corresponds to value of a confidential key z = 3 (and at Caesar Avgusta z = 4). Such code numbers reveal extremely simply even without knowledge of value of a key: the nobility only algorithm of enciphering suffices, and the key can be picked up simple search (so-called power attack). The cryptology also consists of two parts - the cryptography studying ways of enciphering and-or check of authenticity of messages, and криптоанализа, a considering way of decoding and substitution of cryptogrammes. Instability of the first code numbers for many centuries has generated atmosphere of privacy round work криптографа, has braked cryptology development as sciences.
  So-called "донаучная" the cryptography more than for two thousand years полуинтуитивно "has groped" very many interesting decisions. The elementary action - to execute substitution not in alphabetic order. It is quite good to rearrange also symbols in the message in places (code numbers of shifts).
  The first regular work on cryptography it is considered to be work of the great architect of Leon Battista Alberti (1404 - 1472). The period to the XVII-th century middle is already sated by works on cryptography and криптоанализу. Intrigues around шифрограмм in Europe that time are surprisingly interesting. Alas, limited to magazine possibilities, we will choose only one known surname from school - François Viet (1540 - 1603) which at court of the king of France Henry IV so successfully was engaged криптоанализом (then yet not carrying this proud name) that the Spanish king Phillip II complained to the Pope of application by Frenchmen of black magic. But all has done without bloodshed - at court of the Daddy at this time advisers from family Ardzhenti which we would name today криптоаналитиками already served.
  It is possible to assert that throughout centuries decoding of cryptogrammes is helped by the frequency analysis of occurrence of separate symbols and their combinations. Probabilities of occurrence of separate letters in the text it is strongly separated (for Russian, for example, the letter "about" appears in 45 times more often letters "ф"). It, on the one hand, forms a basis both for disclosing of keys, and for the analysis of algorithms of enciphering, and with another - is at the bottom of considerable redundancy (in information sense) the text in a natural language. Any simple substitution does not allow to hide frequency of occurrence of a symbol - as sewed from a bag the symbols corresponding to letters "about", "е", "and", "and", "т", "н" stick out in the Russian text. But the theory of the information and a redundancy measure are not created yet, and for struggle against the enemy криптографа - the frequency analysis - RANDOMIZATION is offered. Its author Charles Fridrih Gauss (1777 - 1855) wrongly believed that has created not opened code number.
  The following appreciable person in the history of cryptology which we should not pass, - Dutch Ogjust Kerkhoff (1835 - 1903). It posesses remarkable "a rule of Kerkhoffa": firmness of the code number should be defined ONLY by privacy of a key. Considering time when this rule has been formulated, it is possible to recognise it as the greatest opening (before creation of the regular theory even more half a century!). This rule believes that the ALGORITHM of enciphering is not CONFIDENTIAL so, it is possible to conduct open discussion of merits and demerits of algorithm. Thus, this rule translates works on cryptology in the category of the OPEN scientific works supposing discussions, publications, etc.

The XX-th century - from intuition to a science

  Last name which we name in донаучной cryptology, - the engineer AT&T Zhilber Vernam (G.S. Vernam). In 1926 he has offered really not opened code number. The idea of the code number consists in that in the equation (1) for each following symbol to choose new value z. In other words, the confidential key should be used only once. If such key gets out in a random way, how it has been strictly proved by Shennonom in 23 years, the code number is not opened. This code number is a theoretical substantiation for use so-called "шифроблокнотов" which wide application has begun in days of the Second World War. Шифроблокнот contains set of keys of the unitary use consistently chosen at enciphering of messages. The offer of Vernama, however, does not solve a problem of confidential communication: instead of a way of transfer of the confidential message now it is necessary to find a way of transfer of the confidential key EQUAL to it ON LENGTH, i.e. Containing as much symbols, how many is available in a clear text.
  In 1949 Claude Shennona's article "the communication Theory in confidential systems" has begun scientific cryptology. Шеннон has shown that for some "the casual code number" quantity of signs шифротекста, having received which криптоаналитик at unlimited resources can restore a key (and to open the code number),

H (Z) / (rlog N), (2)

Where H (Z) - entropy of a key, r - redundancy of a clear text, and N - alphabet volume. By efficiency from which archivers compress text files, us well-known as redundancy of the usual text - after all their work is great and consists in redundancy decrease (and only on most easily its eliminated part). At redundancy
The usual text of an order 0,75 and use of a 56-bit key (such as assumes DES), there are enough 11 symbols шифротекста for key restoration at unlimited resources криптоаналитика.
  Strictly speaking, the parity (2) is not proved for any code number, but is true for known special cases. From (2) the remarkable conclusion follows: work криптоаналитика can be complicated not only perfection криптосистемы, but also decrease in redundancy of a clear text. Moreover, if redundancy of a clear text to lower to zero even the short key will give the code number which криптоаналитик cannot open.

   Before enciphering should subject the information statistical coding (to compression, archiving). The volume of the information and its redundancy Thus will decrease, entropy (the average quantity of the information having on one symbol) will raise. As in the compressed text there will be no repeating letters and words, decoding (криптоанализ) will be at a loss.

Classification of algorithms of enciphering

1. Symmetric (with a confidential, uniform key, one-key, single-key).
1.1. Потоковые (data flow enciphering):

  • With a disposable or infinite key (infinite-key cipher);

  • With a final key (system Vernama - Vernam);

  • On the basis of the generator of pseudo-random numbers (ПСЧ).

1.2. Block (enciphering of the data поблочно):
1.2.1. Shift code numbers (permutation, P-blocks);
1.2.2. Replacement code numbers (substitutions, substitution, S-blocks):

  • Monoalphabetic (Caesar's code);

  • Polyalphabetic (the code number of Vidzhenera, Jefferson's cylinder, a disk of Uetstouna, Enigma);

1.2.3. Compound (table 1):

Lucipher (firm IBM, the USA);

  • DES (Data Encryption Standard, THE USA);

  • FEAL-1 (Fast Enciphering Algoritm, Japan);

  • IDEA/IPES (International Data Encryption Algorithm/

  • Improved Proposed Encryption Standard, firm Ascom-Tech AG, Switzerland);

  • B-Crypt (Firm British Telecom, Great Britain);

  • GOST 28147-89 (USSR); * Skipjack (USA).

2. Asymmetric (with an open key, public-key):

  • Diffi-Hellman DH (Diffie, Hellman);

  • Райвест-Шамир-Адлeман RSA (Rivest, Shamir, Adleman);

  • Ale-gamal ElGamal.

   Besides, there is a division of algorithms of enciphering into actually code numbers (ciphers) and codes (codes). Code numbers work with separate bits, letters, symbols. Codes operate with linguistic elements (syllables, words, phrases).

Symmetric algorithms of enciphering

   Symmetric algorithms of enciphering (or cryptography with confidential keys) are based that the sender and the addressee of the information use the same key. This key should be kept secret and be transferred by the way excluding its interception.
   Information interchange is carried out in 3 stages:

  • The sender transfers to the addressee a key (in case of a network with several subscribers each pair of subscribers should have the key which is distinct from keys of other pairs);

  • The sender, using a key, ciphers the message which is sent the addressee;

  • The addressee receives the message and deciphers it.

   If for each day and for each communication session the unique key is used, it will raise security of system.

Potokovye code numbers

   In потоковых code numbers, i.e. At the data flow enciphering, each bit of the initial information is ciphered irrespective of others with the help гаммирования.
   Гаммирование - imposing on the open given scales of the code number (casual or pseudo-casual sequence of units and zero) by a certain rule. It is usually used "excluding OR", named also by addition on the module 2 and realised in ассемблерных programs command XOR. For deciphering the same scale is imposed on the ciphered data.
   At unitary use of casual scale of the identical size with the ciphered data code breaking is impossible (so-called криптосистемы with a disposable or infinite key). In this case "infinite" means that the scale does not repeat.
   In some потоковых code numbers the key is shorter than the message. So, in system Vernama for telegraph the paper ring containing scale is used. Certainly, firmness of such code number is not ideal.
   It is clear that the exchange of keys in size with the ciphered information not always is pertinent. Therefore use the scale received by means of the generator of pseudo-random numbers (ПСЧ) is more often. In this case a key - generating number (initial value, an initialization vector, initializing value, IV) for generator PSCH start. Each generator PSCH has the period after which the generated sequence repeats. It is obvious that the period of pseudo-casual scale should exceed length of the ciphered information.
   Generator PSCH is considered correct if supervision of fragments of its exit does not allow to restore the passed parts or all sequence at known algorithm, but unknown initial value [4, c. 63].
   At generator PSCH use some variants [4, c are possible. 126 - 128]:

1. Bit-by-bit enciphering of the data flow. The digital key is used as initial value of generator PSCH, and the target stream of bits is summarised on the module 2 with the initial information. In such systems there is no property of distribution of errors.
2. Bit-by-bit enciphering of the data flow with a feedback (OS) on шифртексту. Such system is similar previous except that шифртекст comes back as parametre in generator PSCH. Property of distribution of errors is characteristic. The area of distribution of an error depends on generator PSCH structure.
3. Bit-by-bit enciphering of the data flow from OS under the initial text. Base of generator PSCH is the initial information. Property of unlimited distribution of an error is characteristic.
4. Bit-by-bit enciphering of the data flow from OS on шифртексту and under the initial text.

Block code numbers

   At block enciphering the information breaks into blocks of the fixed length and is ciphered поблочно. Block code numbers happen two principal views:

  • Shift code numbers (transposition, permutation, P-blocks);

  • Replacement code numbers (substitutions, substitution, S-blocks).

   Code numbers of shifts rearrange elements of the open data (a bat, the letter, symbols) in some new order. Distinguish code numbers of horizontal, vertical, double shift, a lattice, labyrinths, slogan, etc.
   Replacement code numbers replace elements of the open data with other elements by a certain rule. Paзличают code numbers of simple, difficult, pair replacement, bukvenno-syllabic enciphering and code numbers of columned replacement. Replacement code numbers share on two groups:

  • Monoalphabetic (Caesar's code);

  • Polyalphabetic (the code number of Vidzhenera, Jefferson's cylinder, a disk of Uetstouna, Enigma).

   In monoalphabetic code numbers of replacement the letter of the initial text is replaced with other, in advance certain letter. For example in Caesar's code the letter is replaced with the letter, отстоящую from it in the Latin alphabet on some number of positions. It is obvious that such code number is cracked absolutely simply. It is necessary to count up, as often there are letters in the ciphered text, and to compare result with frequency of occurrence of letters known for everyone language.
   In polyalphabetic substitutions for replacement of some symbol of the initial message in each case of its occurrence various symbols from some set are consistently used. It is clear that this set is not infinite, through any quantity of symbols it needs to be used again. In it weakness of purely polyalphabetic code numbers.
   In modern cryptographic systems, as a rule, use both ways of enciphering (replacements and shifts). Such шифратор name compound (product cipher). Oн more proof, than шифратор, using only replacements or shifts.
   Block enciphering can be carried out doubly [4, c.129-130]:

1. Without a feedback (OS). Some bits (block) of the initial text are ciphered simultaneously, and each bit of the initial text influences each bit шифртекста. However mutual influence of blocks is not present, that is two identical blocks of the initial text will be presented identical шифртекстом. Therefore similar algorithms can be used only for enciphering of casual sequence of bits (for example, keys). Examples are DES in mode ECB and GOST 28147-89 in a mode of simple replacement.

2. With a feedback. Usually OS will be organised so: previous шифрованный the block develops on the module 2 with the current block. As the first block in OS chain initializing value is used. The error in one bit influences two blocks - erroneous and following for it. An example - DES in mode CBC.

   Generator PSCH can be applied and at block enciphering [4, c. 128]:

1. Block enciphering of the data flow. Enciphering of consecutive blocks (substitution and shift) depends on generator PSCH operated a key.

2. Block enciphering of the data flow from OS. Generator PSCH copes шифрованным or the initial text or both together.

   The federal standard of USA DES (Data Encryption Standard) [1, 5] on which the international standard ISO 8372-87 is based is rather extended. DES has been supported by the American national institute of standards (American National Standards Institute, ANSI) and it is recommended for application by the American association of banks (American Bankers Association, ABA). DES provides 4 operating modes:

  • ECB (Electronic Codebook) electronic шифрблокнот;

  • CBC (Cipher Block Chaining) a chain of blocks;

  • CFB (Cipher Feedback) a feedback on шифртексту;

  • OFB (Output Feedback) a feedback on an exit.

   GOST 28147-89 - the domestic standard on enciphering of the data [8]. The standard includes three algorithms зашифровывания (deciphering) of the data: a mode of simple replacement, a mode гаммирования, a mode гаммирования with a feedback - and a development mode имитовставки.
   With the help имитовставки it is possible to fix casual or deliberate updating of the ciphered information. To develop имитовставку it is possible or before зашифровыванием (after deciphering) all message, or simultaneously with зашифровыванием (deciphering) on blocks. Thus the information block is ciphered by first sixteen cycles in a mode of simple replacement, then develops on the module 2 with the second block, the result of summation is ciphered again by first sixteen cycles etc.
    Algorithms of enciphering of GOST 28147-89 possess advantages of other algorithms for symmetric systems and surpass their possibilities. So, GOST 28147-89 (a 256-bit key, 32 cycles of enciphering) in comparison with such algorithms as DES (a 56-bit key, 16 cycles of enciphering) and FEAL-1 (the 64-bit key, 4 cycles of enciphering) possesses higher криптостойкостью at the expense of longer key and большего numbers of cycles of enciphering.
   It is necessary to notice that unlike DES, at GOST 28147-89 block of substitution can be changed any way, that is it is an additional 512-bit key.
    Algorithms гаммирования 28147-89 (a 256-bit key, the 512-bit block of substitutions, a 64-bit vector of initialization) surpass GOST on криптостойкости and algorithm B-Crypt (a 56-bit key, a 64-bit vector of initialization).
   Advantages of GOST 28147-89 are also presence of protection against imposing of the false data (development имитовставки) and an identical cycle of enciphering in all four algorithms STATE THAT.
   Block algorithms can be used and for scale development. In this case the scale is developed by blocks and поблочно develops on the module 2 with the initial text. As an example it is possible to name B-Crypt, DES in modes CFB and OFB, GOST 28147-89 in modes гаммирования and гаммирования c a feedback.

Аcимметричные algorithms of enciphering

   In asymmetric algorithms of enciphering (or cryptography with an open key) for зашифровывания information use one key (opened), and for deciphering - another (confidential). These keys are various and cannot be received one of another.
   The information interchange scheme is that:

  • The addressee calculates the open and confidential keys, the confidential key keeps secret, open does accessible (informs the sender, group of users of a network, publishes);

  • The sender, using an open key of the addressee, ciphers the message which is sent the addressee;

  • The addressee receives the message and deciphers it, using the confidential key.

RSA [4, 5]

   It is protected by the patent of USA N 4405829. It is developed in 1977 in the Massachusetsky institute of technology (USA). Has received the name under the first letters of surnames of authors (Rivest, Shamir, Adleman). Криптостойкость it is based on computing complexity of a problem of decomposition of a great number on simple multipliers.

ElGamal

   It is developed in 1985. It is named on a surname of the author - the Ale-gamal. It is used in the standard of the USA for digital signature DSS (Digital Signature Standard). Криптостойкость it is based on computing complexity of a problem логарифмирования integers in final fields.

Comparison cимметричных and аcимметричных algorithms of enciphering

   In asymmetric systems it is necessary to apply long keys (512 bits and more). The long key sharply increases enciphering time. Besides, generation of keys is rather long. But to distribute keys it is possible on not protected channels.
   In symmetric algorithms use shorter keys, i.e. Enciphering occurs faster. But in such systems difficult distribution of keys.
   Therefore at designing of the protected system often apply both cимметричные, and аcимметричные algorithms. As the system with open keys allows to distribute keys and in symmetric systems, it is possible to unite asymmetric and symmetric algorithms of enciphering in system of transfer of the protected information. By means of the first to dispatch the keys, the second - actually to cipher the handed over information [4, c. 53].
   Information interchange can be carried out as follows:

  • The addressee calculates the open and confidential keys, the confidential key keeps secret, open does accessible;

  • The sender, using an open key of the addressee, ciphers a session key which is sent the addressee on not protected channel;

  • The addressee receives a session key and deciphers it, using the confidential key;

  • The sender ciphers the message a session key and sends the addressee;

  • The addressee receives the message and deciphers it.

   It is necessary to notice that in the governmental and military communication systems use only symmetric algorithms as there is no strictly mathematical substantiation of firmness of systems with open keys as also the return, however, is not proved.

Check of authenticity of the information. The digital signature

   At an information transfer should be provided together or separately:

1. Confidentiality (privacy) - the malefactor should not have possibility to learn the maintenance of the transferred message.

2. Authenticity (authenticity) which includes two concepts

  • Integrity (integrity) - the message should be protected from casual or deliberate change;

  • Identification of the sender (authorship check) - the addressee should have possibility to check up who sends the message.

Enciphering can provide confidentiality, and in some systems and integrity.
   Integrity of the message is checked by calculation of control function (check function) from the message - a certain number of small length. This control function should change with high probability even at small changes of the message (removal, inclusion, shifts or information reordering). Name and calculate control function differently:

  • Code of authenticity of the message (Message Authentical Code, MAC);

  • Square-law конгруэнтный algorithm (Quadratic Congruentical Manipulation Detection Code, QCMDС);

  • Manipulation Detection Code (MDС);

  • Message Digest Algorithm (MD5);

  • The control sum;

  • Symbol of the control of the block (Block Check Character, BCC);

  • Cyclic superfluous code (the Central Electoral Committee, Cyclic Redundancy Check, CRC);

  • Hesh-function (hash);

  • имитовставка in GOST 28147-89;

  • Algorithm with truncation to n bits (n-bit Algorithm with Truncation).

   At calculation of control function any algorithm of enciphering can be used. Enciphering of the most control sum is possible.
   The digital signature (digital addition to the transferred information, guaranteeing integrity of last and allowing to check up its authorship) is widely applied. Models of the digital signature (digital signature) on the basis of algorithms of symmetric enciphering are known, but at use of systems with open keys the digital signature is carried out more conveniently.
   For use of algorithm RSA the message should be compressed function хеширования (algorithm MD5 - Message Digest Algorithm) to 256-bit хеша (H). The signature of message S is calculated as follows:

d
S = H mod n

   The signature is sent together with the message.
   Identification process consists in reception of hesh-function of the message (H ') and comparison with

e
H = S mod n

Where H - хеш messages,

S - its signature,

d - a confidential key,
e - an open key.

   Standards are devoted authenticity check:

  • Authenticity check (аутентификация, authentication) - ISO 8730-90, ISO/IES 9594-90 and ITU X.509;

  • Integrity - GOST 28147-89, ISO 8731-90;

  • The digital signature - ISO 7498, P 34.10-94 (Russia), DSS (Digital Signature Standard, the USA).

ISO - the International organisation on standardization/mos/,
ITU - the International union of telecommunication/MSE/.

Realisation of algorithms of enciphering

   Algorithms of enciphering are realised program or hardware. There is a great variety of purely program realisations of various algorithms. Because of the cheapness (некoторые also are at all free), and also the increasing speed of processors PEVM, simplicity of work and non-failure operation they are rather competitive. Program Diskreet from package Norton Utilities, realising DES is widely known.
   It is necessary to mention package PGP (Pretty Good Privacy, version 2.1, author Philip Zimmermann) in which almost all problems of protection of the transferred information are in a complex solved. Are applied compression of the data before enciphering, powerful management of the keys, symmetric (IDEA) and asymmetric (RSA) algorithms of enciphering, calculation of control function to the digital signature, reliable generation of keys.
   Publications of magazine "Monitor" with detailed descriptions of various algorithms and corresponding listings give the chance to everyone wishing to write the program (or to take advantage of ready listing).
   Hardware realisation of algorithms is possible by means of specialised microcircuits (crystals are made for algorithms DH, RSA, DES, Skipjack, GOST 28147-89) or with use of multipurpose components (in view of cheapness and high speed digital alarm processors - ЦСП, Digital Signal Processor are perspective, DSP).
   Among the Russian workings out it is necessary to note payments "Kripton" (firm "Анкад") [2] and "Make-up" (methodology and algorithms of firm "LAN-KRIPTO", technical working out НПЦ "ЭЛиПС") [7].
    "Криптон" - the one-paid devices using криптопроцессоры (specialised 32-bit microcomputers which also are called "blooming"). Bloomings it is hardware realise algorithms of GOST 28147-89, they consist of the calculator and the RAM for storage of keys. And in криптопроцессоре there are three areas for storage of keys that allows to build multilevel key systems.
   For большей reliability of enciphering two simultaneously work криптопроцессора, and the block of the data in 64 bits is considered correctly ciphered, only if the information on an exit of both bloomings coincides. Speed of enciphering - 250 КБ/c.
   Except two bloomings on a payment are located:

  • The controller of interface to the computer tyre (except for payment "Kripton-EC" are calculated on work with tyre ISA);

  • BIOS the payments, intended for realisation of the interface with the computer both carrying out self-testing of the device and input of keys in криптопроцессоры;

  • The random-number generator (ДСЧ) for development of keys of the enciphering, executed on noise diodes.

   Following versions of payments of "Kripton" are issued:

  • "Kripton-EC" is intended for ПЭВМ to a series of EU 1841-1845;

  • "Криптон-3";

  • "Криптон-4" (overall dimensions at the expense of moving of some discrete elements in base crystals are reduced, it is raised скoрость an exchange thanks to the internal buffer on 8 byte);

  • "Kripton-Ik" it is in addition equipped by controller IK (an intellectual card, a smart card, smart card).

   In devices "Kripton-EC", "Kripton-3", keys are stored by "Kripton-4" in a file kind on a diskette. Keys are in "Kripton-Ik" on ИК that complicates a fake and copying.
   In a payment "Make-up" digital alarm processors of firm Analog Devices ADSP-2105 and ADSP-2101 are used that gives speed of enciphering accordingly 125 and 210 КБ/c. On a payment is physical ДСЧ and ROM with programs of the initial test, check of access rights, loading and generation of keys. Keys are stored on is non-standard formatted to a diskette. The payment realises algorithms of GOST 28147-89 and the digital signature.
   For protection of the information transferred on communication channels, devices of channel enciphering which are produced in the form of the interface card or the independent module serve. Speed of enciphering of various models from 9600 bits per second to 35 Mbit/c.
   In summary we will notice that information enciphering is not panacea. It should be considered only as one of methods of protection of the information and to apply necessarily in a combination to legislative, organizational and other measures.

Cryptology with an open key

Boris Obolikshto

  It would seem, the push given by Shennonom, should cause a collapse of results in scientific cryptology. But it has not occurred. Only rapid development of telecommunications, remote access to the COMPUTER at imperfection existing криптосистем with a confidential key has caused to a life following and, perhaps, most interesting stage of cryptology, readout to which conduct from article which have appeared in November, 1976 Uitfilda Diffi and Marti E. Хеллмана "New directions in cryptography". U.Diffi dates reception of the results published in November, 1976 by May of the same year; thus, we have an occasion since May till November to celebrate TWENTY YEARS' ANNIVERSARY of cryptology with an open key.
  One of problems which remained not resolved in traditional cryptography, - distribution of confidential keys. The idea to transfer "a confidential" key on the open channel seems at first sight mad but if, having refused perfect privacy, to be limited to practical firmness it is possible to think up a way of an exchange of keys.
  It has appeared the first of the ways which have gained distribution экспоненциальный a key exchange. Its essence in the following:
- Алиса and the Bean (attraction as the parties not abstract "And" and, and nice Alisy and the Bean, became tradition in this area of cryptology) choose random numbers Хa and Хb accordingly.
- Алиса transfers to Bean Ya =aXa (mod q), and Bob Alise - Yb =aXb (mod q).
  Here a - a so-called primitive element of a final field of Galua GF (q), remarkable for us which property consists that its degrees give all nonzero values of elements of a field. As a confidential key value is used

Ya =aXaXb (mod q),

Which Alisa receives erection of the number transferred by the Bean in degree Xa known only to it, and the Bean - the number received from Alisy in degree Хb known only to it. Криптоаналитик it is compelled to calculate the logarithm at least one of transferred numbers.
  Stability экспоненциального a key exchange is based on so-called односторонности exponentiation functions: computing complexity of reception Ya from Xa at q in the length of 1000 bits - an order 2000 умножений 1000 bit numbers while return operation will demand approximately 1030 operations. The UNILATERAL functions possessing similar asymmetry of computing complexity of a direct and return problem, play the leading part in cryptography with an open key.
  Unilateral function with a secret passage ("opening") is even more interesting. The idea consists in constructing function, to turn which it is possible only knowing some "opening" - a confidential key. Then function parametres serve as the open key, which Alisa can transfer on not protected channel to the Bean; the Bean, using the received open key, carries out enciphering (calculation of direct function) and transfers on the same channel result of Alise; Алиса, knowing "opening" (a confidential key), easily calculates inverse function whereas криптоаналитик, without knowing a confidential key, it is doomed to the decision much more more a challenge.
  In 1976 R.Merklju (R.C was possible to construct such function. Merkle) on the basis of a problem about satchel packing. An in itself problem - unilateral: knowing a subset of the cargoes laid in a satchel, it is easy to count up total weight, but knowing weight, uneasy to define a subset of cargoes. In our case the one-dimensional variant of a problem was used: a vector of cargoes and the sum of its components подвекторов. Having built in "opening", it was possible to receive so-called ранцевую system Merklja-Helmana. The first криптосистема with an open key has earned, and Merkl has offered $100 to the one who can open it.
   The award has got to A.Shamir (Adi Shamir) six years later after the publication to them in March, 1982 of the message on disclosing ранцевой systems Merklja-Helmana with one iteration. At conference Crypto ' 82 L.Adlman (L. Adleman) has shown on computer Apple II disclosing ранцевой systems. We will notice that Shamir has not constructed a way of the reference of a problem - receptions of value of a confidential key, he has managed to construct a key not necessarily equal confidential, but allowing to open the code number. In it one of the greatest dangers to cryptography with an open key is concealed: there is strict proof односторонности no used algorithms, i.e. Nobody is guaranteed against possibility of a finding of a way of decoding, possibly, and not demanding decision of the return problem which high complexity allows to hope for practical firmness of the code number. It is good, if disclosing of this or that system will be spent by the scientist with a world name (in 1982 And. Shamir was already known as one of authors of system RSA). And if it is possible to the unambitious hacker?
  In conclusion of a drama about ранцевой to system we will mention one bet, which Merkl has concluded with interested persons to open advanced system with many iterations for the sum of $1000. And this sum should be paid. It was received by E.Brikell, having opened summer of 1984 system with forty iterations and with hundred parcels for business hour Cray-1.
  The destiny of system RSA named so under the first letters of surnames of its authors of R.Rivesta (Ronald Rivest) and already familiar to us of A.Shamir and L.Adlmana is much more successful for today. By the way, to the first regular statement of algorithm RSA are obliged by the birth of Alisa and the Bean. With their "help" authors in 1977 have described system on the basis of unilateral properties of function of decomposition on simple multipliers (to multiply simply and to decompose - is not present).

Spaf.gif (5854 bytes)

Dole.gif (7337 bytes)

Lodin.gif (5419 bytes)

E.Spafford

B.Doul

S.Lodin

      Development of cryptology with an open key has allowed криптологическим to systems to find quickly enough wide commercial application. But the heavy use of cryptography does not do without "overlays". From time to time we learn about troubles in this or that system of protection. System Kerberos breaking became last incident which has made a noise in the world. This system developed in the mid-eighties, is popular enough in the world, and its breaking has caused considerable anxiety of users.
  In a case with Kerberos trouble consisted not in algorithm of enciphering, and in a way of reception of random numbers, i.e. In a method of realisation of algorithm. When in October of last year news about miscalculations in system of generation of random numbers in software products Netscape which has been found out by students of university of Berkeley has come, Stephen Lodin has found out similar trouble in Kerberos. Together with Bryan Doulom he has managed to find a gap and in system Kerberos. Characters of this history - not laymans. Graduates of university Purdue (State of Illinois) co-operated with laboratory COAST (Computer Operations, Audit, and Security Technology), computer safety professionally prosecuted by subjects and руководимой prof. Spaffordom, who is also founder PCERT (Purdue Computer Emergency Response Team) - university group "fast reaction" on computer states of emergency. PCERT, in turn, a member of similar international organisation FIRST (Forum of Incident Response Teams). As we see, the mine was found by sappers, and it inspires hope that users криптосистем do not remain defenceless even in case of revealing of defects.
  The maintenance of the first reference to the press (from February, 16th, 1996) which on behalf of pioneers has made prof. Spafford is characteristic. In it, along with the information on unreliability of system of passwords and possibilities of its breaking within five minutes, it is told about a delay of the further distribution of the technical information until developers will not introduce corrective amendments interfering unapproved access.
  Have not bypassed errors and our Penates. Fortunately, there are in our corner of the world the professionals capable in due time to find and show weak places of system of protection. Even a month has not passed since experts of Kiev Open Company "õ¿¡ÔÓ«¡¿¬" of P.V.Leskovym and V.V. Tatjaninym show lacks of one of popular bank systems of protection: opening time шифротекстов has made less than 6 minutes, and time necessary for uncontrollable infringement of integrity of the document (system detour аутентификации), - less than 5 minutes. Here again to us, the reader, also it is necessary to wait, while developers will make necessary changes. And then we can tell more in detail about that as well as that has been made.

The literature:

1. Water Lazsky V.Kommercheskie enciphering systems: the basic algorithms and their realisation. A part 1.//the Monitor. - 1992. - N 6-7. - c. 14 - 19.

2. Игнатенко JU.I.as to make so that?.//the personal computer World. - 1994. - N 8. - c. 52 - 54.

3. Kovalevsky В, Maxims V.Kriptograficheskie methods.//the Computerpress. - 1993. - N 5. - c. 31 - 34.

4. Мафтик S.Mehanizmy of protection in COMPUTER networks. - М: the World, 1993.

5. Spesivtsev A.V., Vegner V. A, Krutjakov A.J., etc. information Protection in personal COMPUTERS. - M.: radio and communication, 1992.

6. Сяо Д, Kerr Д, Mednik S.Zashchita of the COMPUTER. - М: the World, 1982.

7. Shmelev A.Grim - what is it?//Hard'н'Soft. - 1994. - N 5.

8. GOST 28147-89. Systems of processing of the information. Protection cryptographic. Algorithm of cryptographic transformation.



Ð¯Ð½Ð´ÐµÐºÑ Ñ†Ð¸Ñ‚Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ

Subscribe Subscribe.Ru
The Family Tree of Family