MD4511C1 - Device and method for cryptographic protection of binary information (embodiments) - Google Patents

Abstract

The invention relates to the field of cryptographic transformations and protection of confidential information transmitted bit by bit or in packets. A device and methods for cryptographic protection of binary information are to convert speech signals into digital form, their encoding using a speech compression algorithm, followed by encryption on pair communication keys, and encrypted transmission over a duplex data channel from one subscriber to another.

Description

The invention refers to the field of cryptographic transformations and protection of confidential information transmitted by bits or data packets and kept for use in computing information systems, in corporate local networks, radio-communication systems, in command information complexes, in systems of mobile telephony, in communication systems, confidential government telephony, in commercial systems, security companies and financial structures and in the devices of the "Global Messenger" Device for the encryption of binary information, which contains on the transmitting and receiving side the CUG device - voice conversion; (voice conversion device), connected via USB port or Bluetooth, Wi-Fi, WiMax or others to the radio-, mobile (smartphone, iPhone, tablet or other existing and possible future devices), telephone or a some other radio transmitter, which differs in that between the output of the voice conversion device and the mobile communication device or other radio or electro communication device, the encryption block is located, which performs the information protection algorithms.

Dozens of patented methods and corresponding devices for information encryption are known [1-8], as well as Russian patents [9-12], which can be considered equivalent. The known systems are characterized by the complexity of the algorithms, the rather cumbersome execution and the crypto-stability (cryptographic security) of the closed data during online transmission/reception is not ensured.

The proposed method considerably differs from the known encryption devices [13-15], or the Lucifer system of the IBM company and the data encryption standard of the US National Bureau of Standards) by the possibility of bitwise encryption of the binary information with the use of the key of the given length which is unknown to the user. This fact makes it convenient for the proposed approach to be used to solve the concrete problems of hiding information in radio-communication systems.

The known systems are characterized by the insufficient degree of information protection because they are vulnerable from the point of view of the transmission of encrypted information in the network bypassing the cipher (scrambler), when there is a software or hardware failure, or the failure of the microcontroller. In addition, known systems are characterized by reduced functionality, for the reason that one coder is not allowed to serve several subscribers and most importantly, it is not designed for on-line voice data encryption.

Information encryption methods are also known, in which the method of generating keys for information protection is declared, where the sequence of prime numbers is used as keys, where each of the keys corresponds to the respective index, which is assigned to the user's personal number, and respectively at exact moments of time all the keys are moved, receiving in the given way for each unique key a new prime number from the sequence of prime numbers, corresponding to the user's personal number and which is also the user's personal key for a certain interval of time [12].

The disadvantage consists in using the same sequence of prime numbers for encryption keys, and to increase the complexity (stability) of their detection, the random starting point is used for a random range of SNPR keys, where the frequency is preserved. In addition, there must be a generator of prime numbers and their testing for primality, which requires time and for that reason it cannot be used for the protection of the voice signal in real time (on-line).

In fact, in the encryption device, an attempt is made for each informational message portion based on the unique secret key to construct an "individual" stream cipher, depending on the value of the message portion. The disadvantage of this device is its use in the composition of the structure of a rather complex device that raises n-bits of the (i-1) stream cipher group to the power m after the module P, and respectively with the use of a fixed secret key with the number of equal bits with the order of the message [13].

The disadvantage of this device is also the complexity of forming open keys, the need to generate pseudo-random sequences, the reduced speed in real time work.

Also, in the device according to this modality, the information opened for transmission is encrypted in the form of an M-order encrypted data block with the help of an N-order key, by summation and conversion, but upon reception, the encrypted M-order block of data is received and decrypted in the open information with the help of a key of order N through summation and conversion, in the following way - k groups of n bits are formed, where n - is the length of the part of the processed text and each group is processed depending on the value of the secret key of order N, with random law shuffling of the cipher stream. The flow digit is summed modulo two with the message part. The device also contains the secret key register, the command block, four sequential-parallel registers, the order determination register, the bit mixing block, the logic block with modulo two adder, the AND, OR elements, etc. of [14].

Close in terms of technical characteristics to the declared method and device (prototype) is the mobile information protection device with a high level of protection and the mobile protection device intended for carrying out cryptographically protected informational interaction of the user with networks and informational and telecommunication systems, which contain an energy-independent memory, interface adapter and processor equipped with a built-in random number generator made at least on diode noise, and in the second patent made on the basis of the multifunctional microcontroller, which realizes a wide range of encryption algorithms that are widely used and it is built in such a way that all encryption keys are used inside it and never transmitted through the interface, and access to critical data, which is stored in non-volatile memory of the processor, would have been possible to access only from inside the device [ 16-17].

The disadvantages of these methods consist in the fact that all the inventions listed above work with the source information, but not with its analogue of a small volume - suitable images of patterns or convolution, and therefore their working speed does not correspond to these methods and devices to be possible to use for the transmission of the voice signal in online mode due to a high retention, which occurs due to voice encryption procedures.

The encryption-decryption device is known, which contains the data transmission part, the key generator and the cipher which is connected serially, where another input of which is connected with the output of the information source and respectively with the random key generator, but on the side of reception, the reception block is connected, which is made in the form of a received data decryption block, the output of which is connected to the information consumer and the communication channel, and placed at the data transmission part an open key multiplier, where the first input of which is connected to the output of the cipher block, and the second input is connected to the output of the key generator and modulo two adder, the second input of which is connected to the output of the random number generator, and the output is connected to the first input of the channel of communication, but on the receiving side - the block for forming the open keys, transmitted in the communication channel, made in the form of a matrix multiplier, the decoder, which receives the encrypted signal from the decoder [18].

The disadvantage of the device is the complexity of forming open keys, the need to generate pseudo-random sequences, the reduced speed during online work.

The closest analog (prototype) is the RSA asymmetric data encryption module. The name RSA is designed after the first letters of the names of the authors of the respective method (Rivest, Shamir, Adleman), and is intended for the cryptographic protection of information in computer systems and consists in the encryption of digital data, usually blocks of 64 bits, with the help of two keys - open and closed, based on the use of one-way functions and the arithmetic of large numbers 1012 or larger like 1060 ....10150 and the computational complexity of decomposing a large number into simple factors (finding the divisor of a large number) for a reasonably short time [19].

The essential disadvantage of this method is the slow working speed and therefore the impossibility of using the RSA cryptosystem in online information transmission mode.

The objective of the given invention is the real-time (on-line) use of bitwise asymmetric encryption (flow or phoneme block, 32-bit, 64-bit, n-bit block) encryption of the voice message formant through the RSAm algorithm [А.А . Balabanov, A.F. Fyodorov, I. Кожухарь. Possibilities of creating new and modernized algorithms for the RSA system. Journal of scientific-technical development ВНТР, №9(37). Сент.2010], as a suitable analogue of the message, in the form of a mathematical image (convolution image) with the preservation of the high level of cryptostability corresponding to the RSA algorithm, but using short keys, changing with a high frequency those that would be sufficient for ensuring a level of information protection for a short period of time (3-10 minutes), but by increasing the level of protection for a long period (up to several months, years), the length of the keys is changed to the order that would ensure cryptostability for that period longer. The declared method involves the implementation of independent static coding with formant encryption, reducing (compressing) the volume of initial information and its redundancy, as well as increasing its entropy (the average amount of information received per symbol, phoneme or discrete), in the compressed context there will be no letters, words, phonemes, sounds and statistically frequently repeated discretes, which will essentially prevent the enemy from deciphering the information, i.e. cryptanalysis. The problems, the solution of which the declared method helps and is possible based on it, different from the protection of information transmitted through communication channels, is - improving the quality of cryptographic processing of information with different security duration, that is, speed and resistance, raising the work speed of the encryption/decryption procedure by reducing the amount of information in an encrypted message, and expanding the functionalities and areas of applicability of the declared method of binary information protection.

Based on the rule of F. Kerkoff (1835-1903): "the stability of the cipher must be ensured in that case, when all the encryption algorithm is known, except for the secret key", in the declared method for encrypting binary information when transmitting it through an open channel, not the initial information is transmitted, but its image, the appropriate model, i.e. some non-obvious information about the message, being known only to the receiving party, or the internal encryption device, based on which it is easy to restore the initial information. For this, for example, a single formant or multidimensional formant is used (classical number theory is a well-known linear form, used entirely for other purposes that has nothing to do with encryption and information transformation), the values of the parameters of which (the formant) it changes over time, depending on the presentation value of the digital information that needs to be protected. The formant itself is transmitted in encrypted form using the RSA-m algorithm, or any other algorithm, for example, the hybrid algorithm.

The essence of the binary data encryption method consists in using the properties of the formant [А.А. Balabanov, A.F. Fyodorov, I. Кожухарь. Possibilities of creating new and modernized algorithms for the RSA system. Journal of scientific-technical development ВНТР, №9(37). Sent. 2010], through which any number can be uniquely represented in the form of three small numbers, significantly smaller in absolute value than the original large number. Accordingly, the time to encrypt and decrypt the formant of a large number, that is, the formant parameters according to the declared method RSAm , is considerably several orders of magnitude smaller than the encryption/decryption of the initial large number, such as, for example, the 32-bit digital block or 64-bit in the classic RSA system. The advantage of representing numbers by formants for encryption is that the basis of the formant can be any number and both prime and composite, which essentially increases the power of the numerical set for choosing the basis of the formant during encryption, which increases the cryptostability of the algorithm, and during breaking attempts - cryptanalysis essentially complicates this task for the enemy. For example, in the range of numbers 2-3560 we have a total of 500 prime numbers, that is, 7 times less than the total number of numbers in the respective sequence. Formants after the base of prime numbers have a string of characteristics [А.А. Balabanov, A.F. Fyodorov, I. Кожухарь. Possibilities of creating new and modernized algorithms for the RSA system. Journal of scientific-technical development ВНТР, №9(37). Sent.2010], which are important for the RSA algorithm. In the declared method, either only two parameters of the formant are encrypted, or formants already encrypted according to the given algorithm are chosen from the memory (depending on the chosen information protection mode).

In order to carry out the formant approach in preparing the original message for encryption in the declared device, the KN matrix of size is formed to store modulo numbers calculated according to the Ferma algorithm based on the prime numbers p' and q' of the RSA cryptoformation and preventively selected crypto pairs for them -key and of different length µ( ) bits, as well as matrices for keeping the base and nucleus and the remainders of the formant, which correspond to the open code of the message, and matrix R, of size for storing M-bit random sequences for encoding information blocks .

During the conversation broadcast through the communication channel (radio, mobile phone, Internet, etc.) each discrete on ADC output (2), see Fig. 1, with the amplitude of bits is analyzed as the location address of crypto-keys, placed in the ROM memory (4) in matrix of size 232, where crypto-keys are distributed according to the random modality, that is, the address of the matrix does not correspond to the discrete value.

The encryption is carried out in two stages: 1) finding the parameters of the formant - the nucleus and the rest for the amplitude of the discrete (or block of phonemes) with the base; 2) encryption according to the algorithm of the parameters of the formant and according to the module with its individual crypto-key (i - the number of the discrete encryption/decryption or the information block and in accordance with the algorithm of the cryptosystem. After each communication session the addressing of the keys in the ROM memory automatically changes in according to the algorithm in the software application. Thus, the declared method is actually equivalent to encrypting messages with the unique key with a random length, depending on the length of the message or the block (according to the chosen algorithm), which corresponds to the realization of the conditions of the Shannon theorem on the impossibility of decryption [RU 2267155 C2 2005.12.27].Using the hardware but not the software implementation of the automaton ensures a high encryption speed.

The desired result is the rise of crypto-stability. The technical and informational results are ensured thanks to 1) the use of RSAmAB algorithms in real time (on-line) and 2) the algorithms of quick selection from memory of preventively generated sequences of random bits, with the assurance of the prescribed stability of the information protection system to increase efficiency, speed of work, ease of use and the significant expansion of application fields of use for IT - protected technologies. The method of encryption of binary information is based on combinations in a single system of blocks and conversion devices, encryption and cryptographic processing of information, communication channels and the cryptographic processing device are made per channel and there are at least two. The technical results achieved using the declared method consist in raising productivity, reliability of the information protection system and ease of use when expanding the fields of use.

Abbreviations and notations: DCV device, CUG(1) - headset or voice conversion; CAD, CDA - analog-digital and digital-analog converter; ROM - permanent memory; S the software; DC - computing device and software; BIP(7) - unit for generating and processing private information; microcontroller; is the order of crypto-keys to encrypt (decrypt) the message; logical operation mod2; the "classic" RSA encryption algorithm is used for large numbers and for crypto-keys as well as for N-module; the RSAm-ABi encryption algorithm - the use of small numbers for crypto keys as well as for the N module, but with a high frequency of their change; - the product of small prime numbers, chosen in accordance with the Fermat theorem; the current amplitude of the message discrete ; KN, PF and R- respectively the address matrix of the current crypto-key parameters: pair of crypto-keys - formant matrix: the formant basis, the kernel, the remainder and the bit matrix of random numbers, where is the length of the packet transmitted in the communication channel, a phoneme or block-phoneme that is a set of discrete 4, 6, or 8 bytes, viewed as an integer number of bits.

In the information transmission tract (Fig.1) sound, voice, music, i.e. analog signal from the DCV output (1), through CAD (2), is converted into the digital format and then performs the formation of digital blocks of bits of the informational part and additional components for bit coding of each discrete digital block based on the formant analysis method [Агафонов А.Ф., Балабанов А.А. Comparative analysis in numerical theory, in book. Agafonov A.А. Научные труды по математике, физике, социолоии истории: Избранное. Akkadian РАЕН Balabanov A.А. - К. : ТУМ, 2011, 227 с] in the form of a protected information block for transfer in the communication channel in the form of a packet using the discrete register (3), the computing device (DC) and the permanent data storage device (ROM) ( 4), the formant converter (5), the encoder (6), the calculation of the random sequence bit former to protect against the noise of the packets at the output (7) summed after modulo two in the block (8). In the information reception tract, the encrypted packets are restored in communication channels by means of the cipher block (9), decoder (10), the decomposition block (11) on informational and additional formant components in the block (12) based on the analysis algorithms formants through the control program of the functionality of the DC blocks (4) of the microcontroller on the reception side and the transmission side, which represents the technological and informational result, with the restoration of the continuous voice signal based on the converter voice device (1), connected to the CDA output (13), which converts the digital signal to analog. To protect against packet output noise.

The declared method of information encryption is based on the transmission not of the information (content), but of a specific information, which is called the formant or image, model, convolution, the volume of which is essentially smaller than the original one, and respectively can be transmitted in encrypted mode in real time (on-line) with the necessary crypto stability assurance based on "classic" RSA asymmetric cryptographic algorithm.

The proposed encryption method significantly differs from the known ones, for example, the Lucifer system of the IBM company and the data encryption standard of the United States National Bureau of Standards or the RSA crypto-system, with the considerable reduction of the volume of open binary information, due to that the stated method of encrypting the information is not based on the transmission of the information itself but of a message about it, the volume of which is essentially smaller and can be transmitted in encrypted form online with the necessary level of cryptostability, using the system's algorithms RSA, but with unknown to the enemy short keys and other necessary encryption parameters, which makes it possible to use the declared method for online time voice encryption. This fact makes it convenient to use the algorithm in mobile and radio communication systems and in various informational and media-technological applications.

The advantage of the declared method is that it is practically equivalent to the practical encryption of the message with the unique key of random length, depending on the chosen algorithm and the time period of keeping the security of the message, when using real-time encryption, which corresponds to the fulfillment of the conditions of the theorem Shannon on the impossibility of deciphering [И. M. Тепляков, Б.В. Рошчин, А.И. Фомин, В.А. Вейцель. Radio systems of information transfer./ М. Radio and communication, 1982, p. 146-152].

Indeed, block encryption can be done in two ways: without feedback, for example, from 12 discrete - the original text (voice signal discretized with 12-bit CAD) is sequentially encrypted and each bit of the block initially affects every bit of the ciphertext. However, the mutual influence of blocks is not (the previous value of discrete does not influence the next value and vice versa), that is, two blocks similar to the source text (but not the speech) would be presented with the same digit. That is why the respective algorithms can only be used for the random encryption of the sequence of blocks. But in the case of the approach with formants, this fact is not so. One and the same sequence of bits will be presented with a different text cipher. In other words, the declared encryption method ensures the statistical independence of open messages and ciphers. But, as with poly-alphabetic permutations, since the set of number permutations is not infinite, then after a number of blocks it will be necessary to use them again. We note that with random use of numbers such an incident can happen, but very rarely. Indeed, 11,000 discretes/sec (recall that the description of the analog signal is done with a frequency of 11 kHz), in the presence of 10,000 different variants of formant bases, we get the rather low probability of coincidence of two text-digits even at the sound monotone - ideal sine wave):

. (1)

Then 3 min = 180s of the digitized signal is represented by discretes and the probability of coincidence of two discretes coincides with their text digit and will be . But even so the low probability of coincidence of two bits in the time interval in 3 minutes does not say anything, for the reason that only one discrete one is discussed, but to differentiate sounds (or even symbols from the alphabet) a sequence is necessary established not of two but of several discrete ones (from a few hundred to a few thousand). Then, the probability of coincidence of two digit-symbols, or digit-phoneme, essentially decreases due to the appearance of large values of combinatorial character in the denominator of formula (1), because for the text symbol this probability of coincidence of two discrete (phonemes) is approximately , and for phonemes the probability decreases to the order of . Astronomically small numbers! For this reason, the probability of breaking based on the cipher-text statistical analysis with the stated encryption method essentially decreases almost to zero.

Feedback encryption is usually organized to increase noise stability in the following way: the previous encryption block is added modulo two with the current block. The initialization value is used as the first block in the OS network. The error in the respective bit has the influence on two blocks - the erroneous block and the one that follows it.

In the stated method, the RSAmAB algorithm-encrypted packet, before being transmitted in the communication channel, is additionally exposed to the XOR procedure with a random sequence of M-bits (randomized). For this reason, the enemy to break the code will need more time first to decode the text and then to decipher the text, which will require additional time and may essentially exceed the time required to keep the message secure, after which all the data about its encryption will be deleted from the system.

Using the hardware implementation, but not the software implementation of the firmware automaton, increases the encryption speed.

Information - theoretical encryption strength

Let be the set of all possible keys. It is assumed that, in this attack scenario, at the disposal of the analyst are only cryptograms by which he tries to open the key or, equivalently, to break a cryptosystem, restoring the original plaintext. According to information theory, this is possible in principle, if the mutual information average (correlations) between the plaintext X and ciphertext Y assemblies is positive. Consequently, for absolute protection the cryptosystem must fulfill the condition

In other words, the encryption must ensure the statistical independence of the plaintext and cryptograms. According to this condition, the cryptosystem has perfect resistance. It is easy to see that for this it is necessary to satisfy the condition

if and - are volumes of ensembles, respectively (power of sets) of possible open texts and potential keys. Regarding the sufficiency, we can prove that the system where , where - the common number of ciphertext, all keys are selected with equal probability and independent of the plaintext and any plaintext and fixed is converted with different keys into various cryptograms , :

it has perfect resistance. the probability of the appearance of the key; a cryptogram or encrypted version of plaintext

An attempt to approach a perfect resistance is the use of the so-called scrambler. This stream of plaintext bits is passed to the input of the adder via module two, at the second input where the encrypted binary sequence arrives Ideally, the encryption should be created with a memoryless random sequence and equiprobable symbols 0 and 1. In this case , the stream of bits at the output of the scrambler is statistically independent of the stream of bits at the input, which means that the sufficient conditions for perfect resistance are met. In reality, however, absolutely random is not real, because otherwise the beneficiary would not be able to restore the original text. Therefore, we need to use some pseudo-random sequences for encryption, which can be played by the transmitting side. To give the key (encrypted sequence) the greatest possible resistance to cracking, traditionally very long scrambled sequences are used. For example, the scrambled sequence in the IS-95 mobile standard has a length of . At the speed of characters per second in real time its period is more than a month.

Another (new) method of generating pseudorandom sequences, named by the authors as the "billiard principle" or "billiard principle", is to implement at the beginning of the billiard game the breaking of the triangular pyramid of, for example, 15 balls, which corresponds to the base of the 5-ball pyramid and the length made of pseudorandom bit sequences. The number of balls at the bottom of the pyramid does not matter and only increases the length of the random sequence once. All balls have a value of 0 or 1, ie 7 "zeroes" (0) and 8 "ones" (1). To maximize the closeness of each realization to a random distribution of numbers, before each subsequent division into even numbers one of the balls in the "older" group is replaced by its opposite, so in a series of an even number of partitions, for example , two will always be involved 15 "zeros" and 15 "ones" balls, in the series of 2k divisions there will always be k «1» and k «0» present. The table is divided into rectangular cells (with possible minor depressions in the center of each square with a side equal to the diameter of a billiard ball) for a better fixation of the position of the ball in the plane of the table. After breaking the balls from the pyramid, a binary sequence is formed according to a pre-accepted order: winding on a spiral converging towards the center, clockwise and then from the center - on the exit spiral from the center of the table counter-clockwise, and vice-versa, winding along the table horizontally or vertically, winding on each row along the width or length of the table, etc., entering in the numerical sequence the number of the next ball in the reference course. Using these 8 methods described for 1 ball breaking of the pyramid can be obtained pseudo-random sequence of 120 bits. Each partition as a result does not depend on the previous placement of balls on the table, so it is also random. By following the described procedure, you can obtain a sequence of random bits of any length.

If you create a sufficiently long one-dimensional vector ROM from these pseudo-random sequences, then a random sequence of required length can be chosen from this vector, starting from any random projection (bits) of the vector.

In the present method of encryption of binary information in the memory cells of the matrix holds randomly selected bits "chunks", for example, from the algorithms described above pseudo-random bit sequences and the algorithms of using the format approach for encryption of information with camouflage are declared of different long-term, with a significant decrease in encryption and decryption time compared to the classic RSA algorithm.

Known standard DES (Data Encryption Standard, USA) or GOST (Russia) encrypts information with 64-bit blocks, and this requires a preventive storage of 64 bits of information, and for decryption requires an additional synchronization to highlight the beginning of the next block of encrypted information. Apart from these, the process of encrypting the next block is composed of 16 cycles, which introduces a certain delay to encrypt the next block of data.

These characteristics of known data encryption standards make them inconvenient to use in online mode in radio communication systems.

The purpose of the present invention is to provide encryption of one bit at a time (or block of phonemes, a block of 32 bits) forming speech information using short cryptographic keys, the length of which is sufficient to provide short speech protection (3-10 min.). but while increasing the long-term level (up to several months or years) they have foreseen a change in their length to the values that ensure the necessary level of cryptographic resistance.

This purpose is achieved by means of encryption principle or appropriate model (convolution) reduced in volume of the original binary information of the open message So as a formant, is to identify the parameters of the core and the remaining current formants of the discrete unit with the amplitude of the message at the output ADC(2), which then encrypts with an unknown key randomly selected, located in the ROM at the address, which for example, according to the algorithm is determined by the current discrete amplitude, or a derivative of its value, by performing a set of operations, including dividing the 12-digit number Di or the number of 32 digits (depending on the selected encryption algorithm) in case of random selection of the base, after which another discrete represented as H-bit vector discrete parameters: the kernel k_i and the remainders and also the used addresses of the matrix cells KN and R. During the transfer, the block of message bits is converted in turn into an encrypted message bit code, which is directed to the bit input of the format register (8), in the form of an adder through the module 2 outputs of the block (6) and a number of 32 random bits from BPI(7), and then - into the communication channel. At the receiver at the first 32-bit input of the formator register (10) directs coded and encrypted packet bits from the cipher block (9) of the communication channel, but at the second input of the adder (10) - a random 32-bit number, read from ROM(4); the output of the adder (10) is transmitted to the decomposition block (11), where it separates the auxiliary part and the informational part, which are then decrypted, restoring the formant at the output of the decoder (12) in the form of an open sequence bit, and finally as a fragment speech - at output sequentially activated in chain DAC(13) - CUG(1).

Fig. 1 is a block diagram of the encryption and decryption device based on the encryption of binary information. The encryption and decryption device comprises: a headset (1) with built-in CAD (2) and CDA(13) connected to the Cr/Decr (Encryption/Decryption) device (14) via a USB port or the wireless port Bluetooth (WI-FI, WI-MAX and the like), a 32-bit discrete register(3) for receiving and processing each discrete of the speech signal (they are processed at the speed of 4096 discretes/sec) and transmitting its values in software-ROM(4) to calculate the formant of the discrete current on the base current, whose value is on the address, determined by the software-ROM(4) according to the amplitude of the discrete current, the encryption block(5) of the parameters and the rest current discrete formant from the software-ROM, transmitting the encrypted data of the formant parameters to the encryption block (6), which generates bits of the encrypted message packet, with a plus of service information and additional information, and symbols from the block (7) for organizing the transfer process to the communication channel.

The encryption process of each discrete 12-bit open information is carried out in the following way: Contents of m bits ( ) 32-bit register(3) of the discretes transform into original data, the calculations of the formant of the current discrete transmitted to the subroutine(4) according to formula

where the current value of the base of the formant the program extracts from the data matrix cell for the current formant whose address is determined by the Software according to the value identifying the cell address in one of the matrix of encryption/decryption parameters located in ROM, after which the formant parameters of the current discrete - core and the rest calculated by the program are encrypted according to the formulas

(2)

in which, respectively, the first key (in asymmetric cryptosystems it is called "open") and an encryption module, taken from the cell, the values of which change for each discrete or each transmission session (depending on the encryption regime or mode selected), after the encryption result is sent to the encryption block (6), where from the BIS service information block (7) service, additional and special characters are added, which form the 64-bit encrypted packet that is sent in the open communication channel, after mixing in the block(8) with a random number of 64, 32 or 12 bits depending on the number of bits of the CAD and the length of the encryption block packet (phoneme block).

The transmission of information in the communication channel is carried out sequentially "in portions" of (the number of bits added to the beginning and end of the 64-bit block of "pure" information) each of the message portions is exposed to the following transformations: bits, defining a beginning, end and the composition of the shipment, the bit addresses to start the search program for the necessary matrices and cell addresses in them, keeping the parameter values, for encryption/decryption of 64-bit packets, their decomposition and restoring the value of the discrete after the formant to be decoded, and the bits of the cell address from the random number matrix for the operation of blocks (8) and (10), so that:

\tab\tab\tab(3)

We note that 32 bits of random sequences "1" and "0" from the matrix cell are added after module 2 to the input of the decoder (10) as 64-bit functional conversion of the received message information for protection against interference and statistical analysis in case of intentional attacks . The address of this number is identified by the content of the cell, in which the bits of the registers (8) and (10) are 12,16,32 or 64 bits, but the bits of the random numbers in blocks (4) and (7) ROM - 32 bits, which are summed modulo 2 with the outputs of blocks (6) or (10), starting from any position of the bit sequence at outputs (6) or (9), so that, after masking, the packet sent in the open channel is quite unloaded with zeros.

The process of decrypting the discrete encrypted information is carried out in the following way. 64 bits, the content of the encryption block (9) is added after modulo 2 with the number extracted from the cell, and the resulting sum (source code packet) is converted with the block (11) into encrypted values with the formant parameters of a discrete subsequent, which at the output block (12) receive the real values according to the formulas

\tab (4)

where { } - the second crypto-key (usually called "closed"). Decrypted in the block (12) the values of the formant parameters after the expression (2) the recovery of the amplitude value of the discrete current or phoneme block, which is sent to the block (РПУ)(1) from the CDA output (13)

Example of using the binary information encryption method

The digitized signal in the form of a sequence of amplitude values, when the absolute amplitude values are recorded, is called the PCM (Pulse Code Modulation) registration formant. The standard audio CD (CD-DA), which has been used since the early 80s of the 20th century, stores information in PCM format with a sampling frequency of 44.1 kHz and a quantization order of 16 bits. According to Kotelinikov's theorem, for the original signal to be reliably restored, the sampling frequency must be twice the highest frequency in the signal spectrum.

Since the upper limit of hearing is 20 kHz, in this ideal case the sampling frequency should be no lower than 40 kHz. Because of this, the standard sampling frequency used when recording on CD is 44.1 kHz (so-called CD-quality). However, the sampling frequency can be even higher, but such sound quality is only used in recording studios or music lovers.

The sampling frequency of 44.1 kHz - is not always the achievable ideal. When transmitting data in a network with a reduced bandwidth, the sound quality is lost in favor of its volume. In practice, sampling rates of 2, 4, and 8 times lower than 44.1 kHz are usually used:

§ 22.05 kHz is so-called radio quality. It is used for sound coding by FM - radio stations. It can be used to create background music and musical sounds. For the transmission of the human voice it is even excessive;

§ 11.025 KHz is telephone quality. The sampling frequency optimally corresponds to the transmission of the human voice. IP telephony is used;

§ 5.5 kHz is the sound at the limit of loss of the informational component. This sampling frequency can be used for transmitting low sounds, and respectively the voice (but with a rather reduced quality);

Thus, the sampling frequency is chosen equal to 2 in the frequency spectrum of the voice signal. Considering that the limit frequency of the voice signal of the telephone network is 40kHz, we consider for the modeled version the quantization frequency equal to In this way, when transmitting the voice or sound, each discrete digitized amplitude of the analog signal is digitized, with a speed of 12,000 discrete/ seconds.

In case we have 12-bit CAD (the presentation range is of numbers) and the sampling frequency (speed) of digital informational signal in the real-time work process.

Thus, at the sampling frequency of 12 kHz, the discrete values of the voice signal in the case of IP-telephony, with 12-bit CAD represent a random set of natural numbers in the range of numbers. For example, a 3-minute conversation that was not interrupted by "silence breaks" required to process billions of bits, the processing speed and communication bandwidth of the microcontroller or computing device must be quite high.

Indeed, the information is transmitted through the storage buffer from which the packets (blocks) of 32 bits or 4 bytes are formed. These blocks also contain information regarding the restoration of the actual information and the method of reproducing it in real time (or it can be written or encrypted or in the form restored in memory). The data block format contains control bits about the content and structure of the transmitted data packet.

Variant 1 (RSA-mAB1 algorithm) the simplest and most unprotected! Cell addresses are transmitted on the closed channel, in which the value of the next discrete is found, in formant form (p, k, q) encrypted by means of the RSAm algorithm.

It is clear that due to the limitation of the number of possible discretes (they are only 4096) they can all be positioned in memory. The first method - the values of the discrete represent its very address in the ROM memory of the data transmitting or receiving device.

The next main issue is address encryption. For example, through a mask or through the RSA-m algorithm.

Encryption via simple scrambling. The initial state is the value of the cell content, which is the data storage address in the array. For example the number 3253. Must keep in cell №3253. But, apart from this, the values of all the parameters for encryption and decryption of the information are kept there.

We shuffle the addresses of the array of discretes by random mode. For example №3253 will become №1900. The last address is digitized in the formant system (p, k, q) by means of RSAm and transmitted in the open channel. Even if the discrete is the same, its value remains equal to 3253, but now it will be stored in the cell with the number №1900, which depends on the formant of the numbers 1900 (or 3253), depending on the mixing.

1) addresses or 2) the content of these addresses.

Variant 2 (RSA-mAB2 algorithm). Each formant is digitized in part of the discrete (that is, p, k, q the basic kernel and the rest) by means of the RSAm algorithm, which is transmitted online in an open channel.

2.1. Encoding of 4096 possible sound discrete values

For each individual discrete one chooses, for example, 10,000 different pairs of RSA keys (matrix) for different bases. It creates for each discrete its own discrete cipher text or crypto. Because of this, for 4096 real discretes, 32-bit cells of memory will be needed to keep the variants of the discrete-digit records (considering that ) or Kbytes of memory cells, that is, it is greater than 0.5 MB than the ROM memory.

And when selecting for each discrete part 10000 different key pairs of the RSA crypto lock (matrix) for 4096 real discretes, bits or 8.5 MB of memory cells will be needed to keep the variants of the cipher records of the discretes.

2.2 Storage of encrypted discretes (M1)

Given a matrix M1 of cells, which is twice as many as nine we need to accommodate numbers of length up to 32 binary orders. Their positioning must be such that the search time for the random number in this interval is minimal.

2.3 The contents of cells M1 represent formants of the discretes, but more precisely the parameters of the formant - the nucleus k, the remainder q and the base p in the "clean form", or encrypted after some digit.

2.4 RSA key length-m. The key length is chosen depending on the minimum time required for crypto-processing. Because of this, the lengths of open keys and closed keys are practically equal. Often, the open key is chosen so that its length is one or two orders of magnitude smaller than the length of the closed key. In systems with a short protection period, keys in the range of up to 2 bytes can be chosen.

Preventive work for memory work

1. The set of matrices is created: the matrix of the encrypted discretes, the matrix of the current bases of the formants, the matrix of crypto - keys that complement each other, that is, they are written into the ROM memory in the form of integers where all the values of the discretes are out of 4096 possible, that is, the set for the set for the digit values of the matrix discretes and the set of simple and compound values of the bases for the matrix .

2. The formants of all discretes are calculated after 10,000 bases and entered in the matrix. In total we have 500,000 formants.

3. The sequence of placing the discretes in the cells of the 5000x100 matrix is calculated by shuffling (100x100 variants: 100 in rows and 100 in columns. In total 10000 mixing variants for placing the discretes in the matrix). In total there will be 100 matrices of type М1…М100.

4. All the discretes are digitized by means of three parameters of the formant and are written in the memory in the form of indices of the matrix М1. That is, at one and the same discrete in the ROM memory there will be 10000 different address indices in the М1 type matrix.

5. The same placement in ROM is formed in the receiving side.

Operation on the transmission side

1. The sound is discretized via CAD

2. Work with the current discrete and it is entered in the buffer.

a) The discrete value is transferred to the binary integer.

b) The formant is calculated (or a number is searched for in ROM and the address of the RAM memory is entered) after that address in ROM all the information about the current integer will be placed.

3. The text-message signal is formed: 4 addresses are transmitted: 3 addresses for and the fourth address for controlling the information transmitted in the control cell.

Operation on the receiving side

1. Reception of the signal and its analysis. The addresses are read and their values are compared with the data in the control cell.

2. The voice signal is collected according to the addresses of the discretes.

3. The signal is reproduced by means of the voice conversion device.

Example of the practical use of the declared information protection method

Transmission: CAD microphone Calculation of the respective discrete formant (in integer form) finding the cell address of the formant Writing to the memory (buffer) Formation of the ciphertext signal for transmission: Transmission of the ciphertext address of the cell in the ether /// Reception of the ciphertext signal decoding decryption decomposition of the message received sound reproduction.

Mobile (cellular) communication systems using encryption methods based on RSA-m-system.

Due to the fact that communication on the protected line needs to be ensured in real time, then information protection is based on encryption in flow (RSA-mAB1 algorithm), compared to the RSA system, where blocks of information are formed and encrypted. To use the concept of RSA in broadband communication channels as a basic crypto system of information protection, keys of small length with the frequency of their rapid change are formed.

The advantage of the declared method of protecting the voice communication channel consists not in the use of long keys, which require an enormously long time to break the factorization of the large number, but in the permanent and frequent change of the keys of a considerably small length, where each of them is used to encrypt the discrete part. This will require the adversary to spend additional processing resources to find each individual discrete. We emphasize that the breaking of discrete vowels considerably differs from the breaking of textual information. In the latter case, when deciphering the text, the loss of some letters, symbols, or even words is allowed, but regardless of this fact, the text can be restored. Another thing is with the sound!

The procedure for restoring information to hearing is very similar to the TV game "Guess the Melody", when the players tried to restore some melody after hearing a few sounds. But sound is a fairly large set of discretes in the digitized presentation. If the sound has a constant intensity and frequency, then we have monotonous sound. But in the human voice we have a large number of harmonics and tones (discrete of different quantization or just height, amplitude). It is this fact that creates difficulties in breaking the closed information only after a single discrete one, which is at the basis of the crypto stability raised by the declared method of encryption.

As an example, we will estimate the work of the system with concrete numbers. We consider that the discretes are at a distance from each other on the time axis TD=167 ms (sampling frequency 1.67 MHz). In this case, when using keys that change quite quickly, each of which has a length of 19 decimal digits (bits), the system will ensure the preservation of the communication session during 24 hours for 3 years, and with a key length of 9 decimal digits (bits) - up to a few weeks.

Description of the functionality of the totally open system RSA-mAB1, mAB2:

Before the communication session, both sides start the procedure of initializing the references to all the matrix addresses in the initial state, thus in the receiving and transmitting part all the matrices will be completely equal in terms of content and addresses.

At the start of communication, the initiating party (A) sends the receiving party (B) the first encrypted message, which contains the randomly chosen public key { } from its database (preventively generating the private key ). The public key received will be used by party (B) to encrypt its message, which respectively contains a pair of public private keys of party (A). Thus, the basic idea of organizing the protection of information transmission between the parties of the conversation consists in the permanent change of open keys (short enough in length for data transmission), which is an alternative to using long keys, because crypto - the analysis will require a large amount of processing to factor the base number N to compromise the new keys.

In another alternative version (totally closed system RSA-mF) the keys will not be transmitted in encrypted form, but the code information about them will be transmitted, for example, the information about the positioning address on some servers or in the ROM memory (the algorithm RSA-mAB3), or in the form of numerically coded information (RSA-mAB4 algorithm), which allows to form/restore the necessary keys on the receiving side.

1. Водолазский В. Commercial encryption systems: basic algorithms and their implementation. Part 1. Monitor, 1992, N 6-7, c. 14-19

2. Игнатенко Ю.И. Как делать так, очты?.. Мир ПК, 1994, N 8, c. 52-54

3. Kovalevsky V., Maksimov V. Cryptographic methods. КомпьютерПресс, 1993, N 5, c. 31-34

4. Мафтик С. Security mechanisms in computer networks. - Moscow, Mir, 1993

5. Spesivtsev А.В., Вегнер В.А., Крутяков А.Ю. and others Protection of information in personal computers. - Moscow, Radio and Communication, 1992

6. Xiao D., Kerr D., Mednik С. ЕВМ protection. - Moscow, Mir, 1982

7. Shmeleva A. Грим - что это?, Hard'n'Soft. 1994, No. 5

8. GUEST 28147-89. Information processing systems. Cryptographic protection. Algorithm of cryptographic transformation

9. RU 2188513 C2 2002.08.27

10. RU 2212108 C2 2003.09.10

11. RU 2172075 C1 2001.08.10

12. RU 2206182 C2 2003.06.10

13. RU 2091983 C1 1997.09.27

14. RU 2096918 C1 1997.11.20

15. RU 2099885 C1 1997.12.20

16. RU 83861 U1 2009.06.20

17. RU 83862 U1 2009.06.20

18. RU 2108002 C1 1998.03.27

19. US 4405829 A 1983.09.20

Claims (9)

1. Device for cryptographic protection of binary information, which contains a voice conversion device, equipped with headphones and a microphone, an analog-to-digital converter and a digital-to-analog converter, an adapter port and a microcontroller executed in the form of a smart- card for encryption and decryption of information transmitted via duplex data channels, which consists of a 32-bit discrete register for receiving and processing each discrete of the speech signal and transmitting its values to the ROM to calculate the formant of the discrete current on the base current pi, whose value is at the address determined by the software-ROM according to the amplitude of the discrete current, the encryption block of the parameters ki and the remainder qi of the formant of the discrete current from the software-ROM transmitting the encrypted data of the parameters of the formant in the encryption block, which generates M-bit encrypted message package, with a plus of service information and additional information, and symbols from the block for organizing the transfer process to the communication channel. 2. Process of cryptographic protection of binary information, which consists in converting voice signals into digital form, encoding them based on a speech compression algorithm, followed by encryption on a pair of linear cipher keys and transmission in encrypted form on the duplex channel of transmission of data from one subscriber to another using the device defined in claim 1, characterized in that the encryption process takes place in the following way, the voice, from the output of the voice conversion device, through the analog-digital converter is converted into digital format, digital blocks of m-bits of the informational part and additional components are formed for the bit-by-bit encoding of each discrete of the digital block, then through the port-adapter it is transmitted to a microprocessor, where the conversion takes place according to the formula of a number of order l, the parameters of which - the core and the remainder , are encrypted according to the formulas , , in which - the first key and forming a cipher of the message, statistically independent of the speech context, which is added after modulo 2 with the random number of order r , forming a coded message for transmission in the communication channel, and at the receiving end it is deciphered by addition after module 2 with the respective random number of order r, the informational part of the message is highlighted and by means of the second key di of order m restore the parameters of the formant according to the formulas , and , and the formant itself according to the formula , i.e. the context, which is transmitted from the output of the microcontroller to the digital-to-analog converter and the voice conversion device, which reproduces the decoded voice signal, at the same time all encryption keys are not transmitted in the communication channel, data access is possible only from within the device. 3. Process of cryptographic protection of binary information, which consists in converting voice signals into digital form, encoding them based on a speech compression algorithm, followed by encryption on a pair of linear cipher keys and transmission in encrypted form on the duplex channel transmission of data from one subscriber to another using the device defined in claim 1, characterized in that the encryption process takes place in the following manner, the voice, from the output of the voice conversion device, through the analog-to-digital converter, is converted in digital format, digital blocks of m-bits of the informational part and additional components are formed for bit-by-bit encoding of each discrete of the digital block, then through the port-adapter it is transmitted to a microprocessor, where the calculation of the formant of the current discrete takes place according to the formula , where the current value of the base pi of the formant is extracted from the cell of the data matrix for the current formant, the address of which is determined by the value of Di, which identifies the address of the cell in one of the matrices of encryption/decryption parameters located in ROM, after which the parameters of the formant of the discrete current - the core and the rest , are encrypted according to the formulas , , in which - the first key and forming a cipher of the message, statistically independent of the speech context, which is added after modulo 2 with a random number of order r, forming a coded message for transmission in the communication channel, and on the receiving side it is deciphered by addition after module 2 with the respective random number of order r, the informational part of the message is highlighted and by means of the second key di of order m they are restored the parameters of the formant according to the formulas , and , and the formant itself according to the formula , i.e. the context, which is transmitted from the output of the microcontroller to the digital-analog converter and the voice conversion device, which reproduces the decoded voice signal, at the same time cell addresses are transmitted on the closed channel, in which the value of the next discrete formant formant (p, k, q) is found. 4. Process of cryptographic protection of binary information, which consists in converting voice signals into digital form, encoding them based on a speech compression algorithm, followed by encryption on a pair of linear cipher keys and transmission in encrypted form on the duplex channel transmission of data from one subscriber to another using the device defined in claim 1, characterized in that the encryption process takes place in the following manner, the voice, from the output of the voice conversion device, through the analog-to-digital converter, is converted in digital format, digital blocks of m-bits of the informational part and additional components are formed for bit-by-bit encoding of each discrete of the digital block, then through the port-adapter it is transmitted to a microprocessor, where the calculation of the formant of the current discrete takes place according to the formula , where the current value of the base pi of the formant is extracted from the cell of the data matrix for the current formant, the address of which is determined by the value of Di, which identifies the address of the cell in one of the matrices of encryption/decryption parameters located in ROM, after which the parameters of the formant of the discrete current - the core and the rest , are encrypted according to the formulas , , in which - the first key and forming a cipher of the message, statistically independent of the speech context, which is added after modulo 2 with a random number of order r, forming a coded message for transmission in the communication channel, and on the receiving side it is deciphered by addition after module 2 with the respective random number of order r, the informational part of the message is highlighted and by means of the second key di of order m they are restored the parameters of the formant according to the formulas , and , and the formant itself according to the formula , that is, the context, which is transmitted from the output of the microcontroller to the digital-to-analog converter and the voice conversion device, which reproduces the decoded voice signal, at the same time, all encryption keys are used only in inside the microcontroller and are not transmitted in the communication channel, data access is possible only from inside the device. 5. Process of cryptographic protection of binary information, which consists in converting voice signals into digital form, encoding them based on a speech compression algorithm, followed by encryption on a pair of keys with a linear cipher and transmission in encrypted form on the duplex channel of transmission of data from one subscriber to another using the device defined in claim 1, characterized in that the encryption process takes place in the following way, the voice, from the output of the voice conversion device, through the analog-digital converter is converted into digital format, digital blocks of m-bits of the informational part and additional components are formed for the bit-by-bit encoding of each discrete of the digital block, then through the port-adapter it is transmitted to a microprocessor, where the conversion takes place according to the formula of a number of order l, the parameters of which - the core and the remainder , are encrypted according to the formulas , , in which - the first key and forming a cipher of the message, statistically independent of the speech context, which is added after modulo 2 with the random number of order r , forming a coded message for transmission in the communication channel, and at the receiving end it is deciphered by addition after module 2 with the respective random number of order r, the informational part of the message is highlighted and by means of the second key di of order m restore the parameters of the formant according to the formulas , and , and the formant itself according to the formula , i.e. the context, which is transmitted from the output of the microcontroller to the digital-to-analog converter and the voice conversion device, which reproduces the decoded voice signal, at the same time all encryption keys are not transmitted in the communication channel openly, but only the information about their positioning address in the ROM memory. 6. Process of cryptographic protection of binary information, which consists in converting voice signals into digital form, encoding them based on a speech compression algorithm, followed by encryption on a pair of linear cipher keys and transmission in encrypted form on the duplex channel of transmission of data from one subscriber to another using the device defined in claim 1, characterized in that the encryption process takes place in the following way, the voice, from the output of the voice conversion device, through the analog-digital converter is converted into digital format, digital blocks of m-bits of the informational part and additional components are formed for the bit-by-bit encoding of each discrete of the digital block, then through the port-adapter it is transmitted to a microprocessor, where the conversion takes place according to the formula of a number of order l, the parameters of which - the core and the remainder , are encrypted according to the formulas , , in which - the first key and forming a cipher of the message, statistically independent of the speech context, which is added after modulo 2 with the random number of order r , forming a coded message for transmission in the communication channel, and at the receiving end it is deciphered by addition after module 2 with the respective random number of order r, the informational part of the message is highlighted and by means of the second key di of order m restore the parameters of the formant according to the formulas , and , and the formant itself according to the formula , i.e. the context, which is transmitted from the output of the microcontroller to the digital-to-analog converter and the voice conversion device, which reproduces the decoded voice signal, at the same time all encryption keys are not transmitted in the communication channel openly, but only the form of numerically coded information, which allows to form or restore the necessary keys on the receiving side. 7. A method according to claims 2-6, wherein the random number of order r is randomly chosen as a cell address of the ROM random number array on the transmitting side. 8. Method according to claims 2-6, in which the random number of order r is generated by the quasi-random number generator and is digitized for transmission to the receiving side. 9. Method, according to claims 2-6, in which the encryption of the numerical formants of the information is carried out based on any known crypto-algorithm for ciphering on the flow or on the block.