Symmetric encryption. Data encryption algorithms. Symmetric encryption algorithms. RSA encryption algorithm. DES encryption algorithm. Selecting an encryption algorithm

A symmetric encryption system uses the same key to encrypt and decrypt information. This means that anyone with access to the encryption key can decrypt the message. In order to prevent unauthorized disclosure of encrypted information, all encryption keys in symmetric cryptosystems must be kept secret. This is why symmetric cryptosystems are called secret-key cryptosystems—the encryption key must be accessible only to those to whom the message is intended. Symmetric cryptosystems are also called single-key cryptographic systems. The diagram of a symmetric encryption cryptosystem is shown in Fig. 4.3.

Rice. 4.3. Symmetric cryptosystem encryption system

These cryptosystems are characterized by the highest encryption speed, and with their help, both confidentiality and authenticity, as well as the integrity of the transmitted information, are ensured.

Confidentiality of information transfer using a symmetric cryptosystem depends on the strength of the cipher and ensuring the confidentiality of the encryption key. Typically, the encryption key is a file or data array and is stored on a personal key medium, such as a floppy disk or smart card; It is mandatory to take measures to ensure that the personal key media is not accessible to anyone other than its owner.

Authenticity is ensured due to the fact that without prior decryption it is almost impossible to carry out semantic modification and cryptographically forgery private message. A fake message cannot be encrypted correctly without knowledge secret key.

Data integrity is ensured by attaching a special code (imitation prefix) generated using a secret key to the transmitted data. The imitation prefix is a type of checksum, that is, some reference characteristic of a message against which the integrity of the latter is checked. The algorithm for generating an imitation prefix must ensure its dependence, according to some complex cryptographic law, on each bit of the message. The integrity of the message is verified by the recipient of the message by generating, using a secret key, an imitation prefix corresponding to the received message and comparing it with the received value of the imitation prefix. If there is a match, it is concluded that the information was not modified on the way from the sender to the recipient.

Symmetric encryption is ideal for encrypting information “for oneself”, for example to prevent unauthorized access to her in the absence of the owner. This can be either archival encryption of selected files or transparent (automatic) encryption of entire logical or physical drives.

Possessing high encryption speed, single-key cryptosystems allow solving many important information security problems. However standalone use symmetric cryptosystems in computer networks raises the problem of distributing encryption keys between users.

Before you begin exchanging encrypted data, you must exchange secret keys with all recipients. The transfer of the secret key of a symmetric cryptosystem cannot be carried out over public communication channels; the secret key must be transferred to the sender and recipient via a secure channel.

There are implementations of symmetric encryption algorithms for subscriber data encryption - that is, for sending encrypted information to the subscriber, for example, over the Internet. The use of one key for all subscribers of such a cryptographic network is unacceptable for security reasons. Indeed, if the key is compromised (lost, stolen), the document flow of all subscribers will be at risk. In this case, a key matrix can be used (Fig. 4.4).

The key matrix is a table containing the keys of the pairwise connection of subscribers. Each element of the table is intended to connect subscribers i And j and is available only to these two subscribers. Accordingly, for all elements of the key matrix the equality is observed

. (4.3)

Fig.4.4. Key Matrix

Each i The -th row of the matrix represents a set of keys for a specific subscriber i to communicate with others N- 1 subscribers. Key sets (network sets) are distributed among all subscribers of the cryptographic network. Similar to the above, network sets must be distributed via secure channels communication or from hand to hand.

Characteristic feature symmetric cryptographic algorithms is that in the course of their work they transform a block of input information of a fixed length and obtain a resulting block of the same size, but inaccessible for reading by third parties who do not own the key. The operation scheme of a symmetric block cipher can be described by the functions

Where M– original (open) data block; WITH– encrypted block of data.

Key TO is a parameter of the symmetric block cryptoalgorithm and represents a block binary information fixed size. Original M and encrypted WITH data blocks also have a fixed width, equal to each other, but not necessarily equal to the length key TO.

Block ciphers are the basis on which almost all symmetric cryptosystems are implemented. Symmetric cryptosystems allow files of arbitrary length to be encoded and decoded. Almost all algorithms use a certain set of reversible mathematical transformations for transformations.

The technique of creating chains of bytes encrypted with block algorithms allows them to encrypt information packets of unlimited length. The lack of statistical correlation between the bits of the block cipher output stream is used to calculate checksums data packets and password hashing.

A cryptographic algorithm is considered ideally strong if reading an encrypted block of data requires searching through all possible keys until the decrypted message makes sense. In general, the strength of a block cipher depends only on the key length and increases exponentially with its growth.

To obtain strong block ciphers, use two general principles:

¨ diffusion– is the spread of the influence of one plaintext character over many ciphertext characters, which makes it possible to hide the statistical properties of the plaintext.

¨ mixing– the use of encryption transformations that complicate the restoration of the relationship statistical properties open and encrypted texts.

However, the cipher should not only make it difficult to crack, but also provide ease of encryption and decryption if the secret key is known to the user.

A common way to achieve scattering and mixing effects is to use a compound cipher, that is, one that can be implemented as a sequence of simple ciphers, each of which contributes a significant amount of total scattering and mixing.

In compound ciphers, simple permutations and substitutions are most often used as simple ciphers. Permutation simply shuffles plaintext characters, with the specific type of shuffle determined by the secret key. In substitution, each plaintext character is replaced by another character from the same alphabet, and the specific type of substitution is also determined by the secret key. It should be noted that in a modern block cipher, the plaintext and ciphertext blocks are binary sequences typically 64 or 128 bits long. With a length of 64 bits, each block can take 2 64 values. Therefore, substitutions are performed in a very large alphabet containing up to 2 64 ~ 10 19 "characters".

By repeatedly alternating simple permutations and substitutions, controlled by a sufficiently long secret key, a strong cipher with good scattering and mixing can be obtained.

All actions performed by the block cryptoalgorithm on data are based on the fact that the converted block can be represented as a non-negative integer number from the range corresponding to its bit depth. For example, a 32-bit block of data can be interpreted as a number in the range 0...4294 967 295. In addition, a block whose bit depth is a "power of two" can be interpreted as a concatenation of several independent non-negative numbers from a smaller range (mentioned above 32 -bit block can also be represented as a concatenation of two independent 16-bit numbers from the range 0...65535 or as a concatenation of four independent 8-bit numbers from the range 0...255).

With these numbers, the block cryptographic algorithm performs the actions listed in Table 1 according to a certain scheme. 4.1.

Table 4.1. Actions performed by cryptoalgorithms on numbers

As a parameter V for any of these transformations can be used:

¨ fixed number (for example, X"= X + 125);

¨ number obtained from the key (for example, X"= X + F(K));

¨ a number obtained from the independent part of the block (for example, X 2" = X 2 + F(X 1)).

The sequence of operations performed on a block, combinations of the above options V and the functions themselves F and make up distinctive features specific symmetric block cryptoalgorithm.

A characteristic feature of block algorithms is the repeated and indirect use of key material. This is determined primarily by the requirement that reverse decoding is impossible with respect to the key when the original and ciphertexts are known. To solve this problem, the above transformations most often use not the key value itself or its part, but some, sometimes irreversible, function of the key material. Moreover, in such transformations the same block or key element is used repeatedly. This allows, if the condition of reversibility of the function with respect to the quantity is met, X make the function irreversible with respect to the key TO.

specific algorithm encryption, the input of which is the original unencrypted message, also called plaintext, and the key. Algorithm output is an encrypted message, also called ciphertext. The key is a value independent of the message being encrypted. Changing the key should change the encrypted message.

The encrypted message is sent to the recipient. The recipient converts the encrypted message to the original unencrypted message using a decryption algorithm and the same key used in encryption, or a key easily obtained from encryption key.

The unencrypted message will be denoted by P or M, from the words plaintext and message. We will denote the encrypted message C, from the word ciphertext.

The security provided by traditional cryptography depends on several factors.

First, the cryptographic algorithm must be strong enough so that the encrypted message being transmitted cannot be decrypted without the key, using only various statistical patterns of the encrypted message or some other means of analyzing it.

Secondly, the security of the transmitted message must depend on the secrecy of the key, but not on the secrecy of the algorithm. The algorithm must be analyzed by specialists to eliminate the presence of weaknesses, in the presence of which the relationship between unencrypted and encrypted messages is poorly hidden. In addition, if this condition is met, manufacturers can create cheap hardware chips and freely distributed programs that implement this encryption algorithm.

Thirdly, the algorithm must be such that it is impossible to find out the key, even knowing quite a lot of pairs (encrypted message, unencrypted message) obtained during encryption using this key.

Claude Shannon introduced the concepts of diffusion and confusion to describe algorithm strength encryption.

Diffusion is the dispersion of statistical features of plaintext across a wide range of statistical features of ciphertext. This is achieved by the fact that the value of each plaintext element affects the values of many ciphertext elements, or, equivalently, any ciphertext element depends on many plaintext elements.

Confusion is the destruction of the statistical relationship between the ciphertext and the key.

If X is the original message and K is cryptographic key, then the encrypted transmitted text can be written in the form

The recipient, using the same key, decrypts the message

The enemy, without access to K and X, must try to find out X, K, or both.

Symmetric encryption algorithms differ in the way the source text is processed. Block encryption or stream encryption is possible.

A block of text is treated as a non-negative integer, or as several independent non-negative integers. The block length is always chosen to be a power of two. In most block algorithms symmetric encryption are used following types operations:

These operations are repeated cyclically in the algorithm, forming the so-called rounds. The input of each round is the output of the previous round and the key that is obtained by specific algorithm from the encryption key K. The round key is called plug-in. Each encryption algorithm can be represented as follows:

Rice. 2.2.

Applications

Standard encryption algorithm should be applicable in many applications:

Data encryption. The algorithm must be effective when encrypting data files or large data streams.
Creation random numbers. The algorithm must be efficient at generating a certain number of random bits.
Hashing. The algorithm must translate efficiently into a one-way hash function.

Platforms

Standard encryption algorithm must be implemented on different platforms, which accordingly have different requirements.

The algorithm must be effectively implemented on specialized hardware designed to perform encryption/decryption.
Large processors. Although for the most fast applications Special equipment is always used, software implementations are used more often. The algorithm must allow efficient software implementation on 32-bit processors.
Medium-sized processors. The algorithm should work on microcontrollers and other mid-size processors.
Small processors. It should be possible to implement the algorithm on smart cards, even subject to severe restrictions on the memory used.

Additional Requirements

Encryption algorithm must, where possible, satisfy certain additional requirements.

The algorithm should be easy to code to minimize the likelihood of programming errors.
The algorithm must have a flat key space and accept any random string of bits of the required length as possible key. Having weak keys is undesirable.
The algorithm must be easily modified for different security levels and satisfy both minimum and maximum requirements.
All data operations must be performed on blocks that are multiples of a byte or a 32-bit word.

Symmetric cryptosystems

Symmetric cryptosystems (also symmetric encryption, symmetric ciphers) are an encryption method in which the same cryptographic key is used for encryption and decryption. Before the invention of the asymmetric encryption scheme, the only method that existed was symmetric encryption. The algorithm key must be kept secret by both parties. The algorithm key is chosen by the parties before the exchange of messages begins.

Currently, symmetric ciphers are:

1. Block ciphers - process information in blocks of a certain length (usually 64, 128 bits), applying a key to the block in in the prescribed manner, usually through several cycles of shuffling and substitution, called rounds. The result of repeating rounds is an avalanche effect - an increasing loss of bit correspondence between blocks of open and encrypted data.

2. Stream ciphers - in which encryption is carried out on each bit or byte of the original (plain) text using gamma. A stream cipher can be easily created based on a block cipher (for example, GOST 28147-89 in gamma mode), launched in a special mode.

Public key cryptographic system

Public key cryptographic system (or Asymmetric encryption, Asymmetric cipher) is an information encryption system in which the key with which the message is encrypted and the encrypted message itself is transmitted over an open (that is, unprotected, observable) channel. The recipient uses a private key to generate the public key and to read the encrypted message. Public key cryptographic systems are currently widely used in various network protocols, in particular, in the SSL protocol and protocols based on it application level HTTPS, SSH, etc.

Rice. 7.

1. The recipient generates a key. The key is divided into an open and closed part. At the same time public key must not be transmitted over an open channel. Or its authenticity must be guaranteed by some certifying authority.

2. The sender encrypts the message using the public key.

3. The recipient decrypts the message using the private key.

Disadvantage of the method: Although the message is securely encrypted, the recipient and the sender are exposed by the very fact of sending an encrypted message.

The general idea of a public key cryptographic system is to use, when encrypting a message, such a function from the public key and the message (cipher function), which is algorithmically very difficult to reverse, that is, to calculate its argument from the value of the function, even knowing the value of the key.

System Features

Advantage The advantage of asymmetric ciphers over symmetric ciphers is that there is no need to transmit a secret key. The party wishing to receive ciphertexts, in accordance with the algorithm used, generates a “public key - private key” pair. The key values are related, but calculating one value from another should be impossible from a practical point of view. The public key is published in open directories and is used to encrypt information by the counterparty. The private key is kept secret and is used to decrypt the message sent to the owner of the key pair. Asymmetric ciphers were pioneered in 1976 by Whitfield Diffie and Martin Hellman, New Directions in Modern Cryptography. They proposed a shared secret key exchange system based on the discrete logarithm problem. In general, the basis of the known asymmetric cryptosystems is one of the complex mathematical problems, which allows the construction of one-way functions and trap functions. For example, the Rivest-Shamir-Adelman cryptosystem uses the factorization problem large numbers, and the Merkle-Hellman and Hoare-Rivest cryptosystems rely on the so-called knapsack problem.

Flaws- asymmetric cryptosystems require significantly greater computing resources. In addition, it is necessary to ensure the authenticity (authenticity) of the public keys themselves, for which certificates are usually used.

A hybrid (or combined) cryptosystem is an encryption system that has all the advantages of a public key cryptosystem, but without its main drawback - low encryption speed.

Principle: Cryptographic systems take advantage of two main cryptosystems: symmetric and asymmetric cryptography. Programs such as PGP and GnuPG are built on this principle.

Main disadvantage Asymmetric cryptography is characterized by low speed due to the complex calculations required by its algorithms, while symmetric cryptography has traditionally shown brilliant performance. However, symmetric cryptosystems have one significant drawback - their use requires the presence of a secure channel for transmitting keys. To overcome this drawback, they resort to asymmetric cryptosystems that use a pair of keys: public and private.

Encryption: Most encryption systems work as follows. For a symmetric algorithm (3DES, IDEA, AES or any other), a random key is generated. Such a key usually has a size from 128 to 512 bits (depending on the algorithm). A symmetric algorithm is then used to encrypt the message. In case block encryption you must use an encryption mode (for example, CBC), which will allow you to encrypt a message with a length greater than the block length. As for the random key itself, it must be encrypted with the public key of the message recipient, and it is at this stage that a public key cryptosystem (RSA or Diffie-Hellman Algorithm) is applied. Since the random key is short, encrypting it takes little time. Encrypt a set of messages using asymmetric algorithm This is a computationally more complex task, so it is preferable to use symmetric encryption here. Then it is enough to send a message encrypted with a symmetric algorithm, as well as the corresponding key in encrypted form. The recipient first decrypts the key using his private key, and then uses the resulting key to receive the entire message.

A digital signature provides:

* Identification of the source of the document. Depending on the details of the document definition, fields such as “author”, “changes made”, “time stamp”, etc. may be signed.

* Protection against document changes. Any accidental or intentional change to the document (or signature) will change the cipher, therefore, the signature will become invalid.

The following digital signature threats are possible:

*An attacker may try to forge a signature for a document of his choice.

*An attacker may try to match a document to a given signature so that the signature matches it.

When using a strong cipher function, it is computationally difficult to create a counterfeit document with the same cipher as the genuine one. However, these threats can be realized due to weaknesses in specific caching algorithms, signatures, or errors in their implementations. However, the following threats to digital signature systems are still possible:

*An attacker who steals a private key can sign any document on behalf of the key owner.

*An attacker can trick the owner into signing a document, for example using a blind signature protocol.

*An attacker can replace the owner's public key with his own, impersonating him.

Means of cryptographic protection of state secrets are still equated to weapons. Very few countries in the world have their own cryptographic companies that actually do good means information protection. Even in many developed countries there is no such opportunity: there is no school there that would allow these technologies to be supported and developed. Russia is one of the few countries in the world - there may be five or so such countries - where all this is developed. Moreover, both in the commercial and public sectors there are companies and organizations that have maintained the continuity of the school of cryptography from the times when it was just in its infancy.

Encryption algorithms

Today, there are a lot of encryption algorithms that have significant resistance to cryptanalysis (cryptographic strength). Encryption algorithms are divided into three groups:

Symmetric algorithms
Asymmetric Algorithms
Hash Function Algorithms

Symmetric Algorithms

Symmetric encryption involves using the same key for both encryption and decryption. Two main requirements apply to symmetric algorithms: complete loss of all statistical patterns in the encryption object and lack of linearity. It is customary to divide symmetric systems into block and flow ones.

In block systems, the source data is divided into blocks and then transformed using a key.

In streaming systems, a certain sequence (output gamma) is generated, which is subsequently superimposed on the message itself, and data encryption occurs in a stream as the gamma is generated. A communication diagram using a symmetric cryptosystem is shown in the figure.

Where where M is the plaintext, K is the secret key transmitted via closed channel, En(M) is the encryption operation, and Dk(M) is the decryption operation

Typically, symmetric encryption uses a complex and multi-stage combination of substitutions and permutations of the original data, and there can be many stages (passes), and each of them must correspond to a “pass key”

The substitution operation fulfills the first requirement of a symmetric cipher, getting rid of any statistics by shuffling the message bits according to a certain specified law. The permutation is necessary to fulfill the second requirement - to make the algorithm nonlinear. This is achieved by replacing a certain part of a message of a given size with a standard value by accessing the original array.

Symmetrical systems have both their advantages and disadvantages over asymmetrical ones.

The advantages of symmetric ciphers include high speed encryption, shorter required key length with similar strength, greater knowledge and ease of implementation. The disadvantages of symmetric algorithms are primarily considered to be the complexity of key exchange due to the high probability of the key being compromised during the exchange that is necessary, and the complexity of key management in a large network.

Examples of symmetric ciphers

GOST 28147-89 - domestic encryption standard
3DES (Triple-DES, triple DES)
RC6 (Rivest Cipher)
Twofish
SEED - Korean encryption standard
Camellia – Japanese encryption standard
CAST (after the initials of the developers Carlisle Adams and Stafford Tavares)
XTEA is the easiest algorithm to implement
AES - American standard encryption
DES – data encryption standard in the USA up to AES

Asymmetric Algorithms

Asymmetric systems are also called public key cryptosystems. This is a method of data encryption in which the public key is transmitted over an open channel (not hidden) and is used for verification electronic signature and for data encryption. To decrypt and create an electronic signature, a second key, a secret one, is used.

The very design of asymmetric cryptosystems uses the idea of one-way functions ƒ(x), in which it is easy to find x, knowing the value of the function itself, but it is almost impossible to find ƒ(x) itself, knowing only the value of x. An example of such a function would be telephone directory a large city in which it is easy to find a person’s number if you know his last name and initials, but it is extremely difficult to find out the owner if you know the number.

Operating principle of asymmetric systems

Let's say there are two subscribers: A and B, and subscriber B wants to send an encrypted message to subscriber A. He encrypts the message using a public key and transmits it already encrypted over an open communication channel. Having received the message, subscriber A decrypts it using the secret key and reads it.

A clarification needs to be made here. When receiving a message, subscriber A must authenticate his identity to subscriber B so that an ill-wisher cannot impersonate subscriber A and replace his public key with his own.

Examples of asymmetrical fonts

RSA (Rivest-Shamir-Adleman, Rivest - Shamir - Adleman)
DSA (Digital Signature Algorithm)
Elgamal (El-Gamal Cipher System)
Diffie-Hellman (Diffie-Hellman Key Exchange)
ECC (Elliptic Curve Cryptography, elliptic curve cryptography)

Hash functions

Hashing (from the English hash) is the transformation of an initial information array of arbitrary length into a bit string of a fixed length.

There are many hash function algorithms, but they differ in their characteristics - cryptographic strength, bit depth, computational complexity, etc.

We are interested in cryptographically strong hash functions. These usually have two requirements:

For a given message C, it is almost impossible to find another message C with the same hash
It is almost impossible to find pairs of messages (SS") that have the same hash.

The requirements are called resistance to collisions of the first kind and second kind, respectively. For such functions, another requirement remains important: with a slight change in the argument, a significant change in the function itself must occur. Thus, the hash value should not provide information even about individual bits of the argument.

Examples of hash algorithms

Adler-32
SHA-1
SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)
HAVAL
N-Hash
- RIPEMD-160
RIPEMD-256
RIPEMD-320
Skein
Snefru
Tiger (TTH)
Whirlpool
GOST R34.11-94 (GOST 34.311-95)
IP Internet Checksum (RFC 1071)

Cryptographic primitives

To give encrypted information greater cryptographic strength, relatively simple transformations - primitives - can be repeatedly used in a cryptographic system. Substitutions, permutations, cyclic shifts or gammas can be used as primitives.

Quantum cryptography

Cryptography in digital technologies

Story

Cryptography is an ancient science, and its original objects were text messages, which, with the help of certain algorithms, were rendered meaningless for anyone who did not have special knowledge of decrypting this message - the key.

Initially, methods were used that today are used only for puzzles, that is, in the opinion of a contemporary, the simplest. Such encryption methods include, for example, the replacement method, when each letter is replaced by another, spaced from it at a strictly defined distance in the alphabet. Or the permutation encryption method, when letters are swapped in a certain sequence within a word.

In ancient times, encryption was used mainly in military and commercial affairs, espionage, and among smugglers.

Somewhat later, historians determine the date of appearance of another related science - steganography. This science deals with masking the very fact of transmitting a message. It originated in antiquity, and an example here is the receipt by the Spartan king Leonidas before the battle with the Persians of an engraved tablet with text, covered with a dry, easily washable solution. When cleaning, the marks left on the wax with the stylus became clearly visible. Today, sympathetic ink, microdots, microfilms, etc. are used to hide the message.

With the development of mathematics began to appear mathematical algorithms encryption, but all these types of cryptographic information protection preserved statistical data to varying degrees and remained vulnerable. The vulnerability became especially noticeable with the invention frequency analysis, which was developed in the 9th century AD allegedly by the Arab encyclopedist al-Kindi. And only in the 15th century, after the invention of polyalphabetic fonts by Leon Battista Alberti (presumably), protection moved to a qualitatively new level. However, in the mid-17th century, Charles Babbage presented convincing evidence of the partial vulnerability of polyalphabetic fonts to frequency analysis.

The development of mechanics made it possible to create devices and mechanisms that facilitate encryption - devices such as the Trithemius square board and Thomas Jefferson's disk cipher appeared. But all these devices cannot be compared with those created in the 20th century. It was at this time that various encryption machines and mechanisms of high complexity began to appear, for example, rotary machines, the most famous of which is Enigma.

Before the rapid development of science in the 20th century, cryptographers had to deal only with linguistic objects, and in the 20th century the possibilities of using various mathematical methods and theories, statistics, combinatorics, number theory and abstract algebra.

But the real breakthrough in cryptographic science came with the advent of the ability to represent any information in binary form, divided into bits using computers, which made it possible to create fonts with hitherto unprecedented cryptographic strength. Such encryption systems, of course, can be hacked, but the time spent on hacking is not worth it in the vast majority of cases.

Today we can talk about significant developments in quantum cryptography.

Literature

Barichev S.G., Goncharov V.V., Serov R.E. Fundamentals of modern cryptography. - M.: *Varfolomeev A. A., Zhukov A. E., Pudovkina M. A. Stream cryptosystems. Basic properties and methods of resistance analysis. M.: PAIMS, 2000.
Yashchenko V.V. Introduction to cryptography. St. Petersburg: Peter, 2001. .
GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic conversion algorithm. M.: USSR Civil Code according to standards, 1989.
GOST R 34.10-94. Information technology. Cryptographic protection information. *GOST R 34.11-94. Information technology. Cryptographic information protection. Hash function. M., 1995.
GOST R 34.10-2001 Information technology. Cryptographic information protection. Processes for generating and verifying electronic digital signatures. M., 2001.
Nechaev V.I. Elements of cryptography (Fundamentals of the theory of information security). M.: Higher School, 1999.
Zhelnikov V. Cryptography from papyrus to computer. M.: AVR, 1996.

Under symmetric cryptosystems refers to systems in which the same key is used to encrypt and decrypt messages (Fig. 9.1).

The entire variety of symmetric systems is based on the following basic classes:

Mono- and multi-alphabetic substitutions;

Rearrangements;

Block ciphers;

Gumming.

Substitutions

In direct substitutions, each character in the source text is replaced by one or more characters. One of the important subclasses of direct substitutions is monoalphabetic substitutions, in which a one-to-one correspondence is established between the character e i of the original alphabet and the corresponding character c j of the ciphertext. All monoalphabetic substitution methods can be represented as numeric transformations of source text letters, considered as numbers, using the following formula:

c ≡ (a*e +s) mod K , (5.1)

where a is the decimal coefficient; s – shift coefficient; e – source text letter code; c – code of the encrypted letter; K – alphabet length; mod is the operation of calculating the remainder of dividing the expression in parentheses by modulus K.

Example. Caesar Cipher

Let's consider encryption in an alphabet consisting of 26 Latin letters and a space character (the space will be represented by the # sign). We assign code 0 to the # sign, code 1 to the letter A, code 2 to B, code 26 to the letter Z.

Let's take the following parameters: a = 1 s = 2 K = 27

The encryption formula will take the form

c ≡ (e + 2) mod 27 (5.2)

Input alphabet:

# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Output alphabet

B C D E F G H I J K L M N O P Q R S T U V W X Y Z # A

(The letters are shifted by two positions: A-C B-D, etc.)

Then the original message in encrypted form will look like this:

To decrypt (for the case when a=1) the following formula is used

e ≡ (K+ c - s) mod K (5.3)

Simple polyalphabetic substitution sequentially and cyclically changes the alphabets used (in the previous case, one alphabet was used for encryption). With m-alphabetic substitution, the sign a 1 from the original message is replaced with a sign from the alphabet B 1, the sign a 2 - with a sign from the alphabet B 2, ... the sign a m - with a sign from the alphabet B m, the sign a m +1 - with a sign from the alphabet B 1, etc. .d. The effect of using multi-alphabetic substitution is that it provides masking of the frequency statistics of the source language, since a specific character from alphabet A is converted into several different characters from cipher alphabet B.

Example

Original message: WE#NEED#SNOW

Key: SECURITYSECU

The word SECURITY is selected as the key. The word is written under the original message, when the letters of the key are exhausted, we begin to repeat the word until the letters of the original message run out. Each letter of the key (more precisely, its code) will specify a shift in the source alphabet to obtain the encrypted symbol. We use it as an alphabet latin letters and a # sign instead of a space.

Initial key Cipher

(W + S) mod 27 = (23 + 19) mod 27 = 15→O

(E + E) mod 27 = (5 + 5) mod 27 = 10 → J

(# + C) mod 27 = (0 + 3) mod 27 = 3 → C

Exercise

We suggest as an exercise to compose the encryption to the end.

Rearrangements

The characters in the source text can be rearranged according to a certain rule.

Example 1. Linear permutation

Suppose you need to encrypt the following text:

LOAD#ORANGES#BARRELS

Let's divide the text into groups of length, for example 4 characters:

GRUZ ITe# APEL BSIN Y#BO CHKAH

Let us set the following permutation rule: “rearrange groups of four letters in the order 1-2-3-4 into the order 3-1-4-2.”

We get the following ciphertext:

UGRZ EI#T EALP INS BYO# ACHK

Comment

If the message length is not a multiple of the group length, then the last group is supplemented with symbols (for example, spaces) to the required length.

Writing the original text and then reading the ciphertext can be done along different paths of some geometric figure, for example, a square or rectangle.

Example 2. Cardano lattice

A Cardano grid is a rectangular card with holes, usually square, which when placed on a sheet of paper leaves only some parts of it exposed. The number of rows and columns is even. The card is made in such a way that when it is rotated sequentially, each cell of the sheet underlying it will be occupied. If the grid is square, then you can successively rotate it around the center of the square by 90°.

Encryption:

VAVOCHS MUNOTI MYZHROE UXOY MDOSTO YASNTV

Decipher the message by rotating the grating clockwise 90°. Write the message in the square, line by line.

Substitution and permutation methods alone do not provide the necessary cryptographic strength. Therefore, they are used together, as well as using the additive method. In additive encryption, the original text is first encrypted using the substitution method, converting each letter into a number, and then a secret gamma (see below) is added to each number - a pseudo-random number sequence.

Block ciphers

Block ciphers are a family of reversible transformations of blocks (fixed length parts) of the source text.

By N-bit block we mean a sequence of zeros and ones of length N:

x = (x 0 , x 1 , …x N -1) . (5.5)

x in Z 2, N can be interpreted as a vector and as a binary representation of an integer

(5.6)

By block cipher we mean the element

Where x = (x 0 , x 1 , …x N -1), y = (y 0 , y 1 , …y N -1)

Although block ciphers are a special case of substitutions, they should be considered specially because, firstly, most symmetric ciphers used in data transmission systems are block ciphers, and secondly, block ciphers are more conveniently described in algorithmic form rather than as ordinary ones. substitutions.

Stream ciphers

Stream ciphers are a type of gamma and convert plaintext into encrypted text one bit at a time. A key sequence generator, sometimes called a running key generator, produces a sequence of bits k 1 , k 2 , … k N . This key sequence is added modulo 2 (“exclusive or”) with the sequence of bits of the source text e 1, e 2, ..., e N:

On the receiving side, the ciphertext is added modulo 2 with an identical key sequence to obtain the original text:

The stability of the system depends entirely on the internal structure of the key sequence generator. If the generator produces a sequence with a short period, then the stability of the system is low. On the contrary, if the generator produces an infinite sequence of truly random bits, then we will get a one-time pad with ideal durability.

Stream ciphers are most suitable for encrypting continuous streams of data, for example in data networks.