Ïðîèçâîäèòåëüíîñòü è ýôôåêòèâíîñòü àïïàðàòíîé ðåàëèçàöèè ïîòî÷íûõ øèôðîâ, îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ # 10, îêòÿáðü 2013 DOI: Êëþ÷àð¸â Ï. Ã. ÓÄÊ 004.056.55 Ðîññèÿ, ÌÃÒÓ èì. Í.Ý. Áàóìàíà [email protected] Ââåäåíèå  íàñòîÿùåå âðåìÿ àêòèâíî ðàçâèâàåòñÿ òàê íàçûâàåìàÿ ëåãêîâåñíàÿ êðèïòîãðàôèÿ (lightweight cryptography). Ïîä ýòèì òåðìèíîì ïîäðàçóìåâàåòñÿ ðàçäåë êðèïòîãðàôèè, çàíèìàþùèéñÿ êðèïòîãðàôè÷åñêèìè àëãîðèòìàìè, êîòîðûå ìîãóò áûòü ýôôåêòèâíî ðåàëèçîâàíû íà âû÷èñëèòåëüíûõ óñòðîéñòâàõ ñ îãðàíè÷åííûìè ðåñóðñàìè. Ëåãêîâåñíîé êðèïòîãðàôèè ïîñâÿùåíî áîëüøîå êîëè÷åñòâî ëèòåðàòóðû, îáçîðû êîòîðîé ìîæíî íàéòè â ðàáîòàõ [18, 28, 33].  ðàáîòå [1] àâòîðîì áûëî ïðåäëîæåíî èñïîëüçîâàòü îáîáùåííûå êëåòî÷íûå àâòîìàòû è ãðàôû Ðàìàíóäæàíà äëÿ ñèíòåçà ïîòî÷íûõ øèôðîâ.  äàëüíåéøåì òåîðåòè÷åñêèå îñíîâû ýòîãî áûëè ðàçðàáîòàíû â ñòàòüÿõ [1, 2, 4, 5] è áûëà âûñêàçàíà ãèïîòåçà î òîì, ÷òî òàêèå øèôðû ìîãóò áûòü ýôôåêòèâíî ðåàëèçîâàíû àïïàðàòíî. Öåëü íàñòîÿùåé ñòàòüè ñîñòîèò â ïîäòâåðæäåíèè ýòîé ãèïîòåçû.  íàñòîÿùåé ñòàòüå ìû ïðèâîäèì ðåçóëüòàòû èçìåðåíèÿ áûñòðîäåéñòâèÿ è ýôôåêòèâíîñòè àïïàðàòíîé ðåàëèçàöèè ïîòî÷íûõ øèôðîâ, îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ (ìû áóäåì íàçûâàòü ñåìåéñòâî òàêèõ øèôðîâ GRACE-S).  êà÷åñòâå ïëàòôîðìû äëÿ ðåàëèçàöèè èñïîëüçóþòñÿ ÏËÈÑ ôèðìû Altera. Ïðîèçâîäèòñÿ òàêæå ñðàâíåíèå áûñòðîäåéñòâèÿ è ýôôåêòèâíîñòè ðåàëèçàöèè ýòèõ øèôðîâ ñ àíàëîãàìè. Ïîëó÷åííûå ðåçóëüòàòû ïîêàçûâàþò, ÷òî ñåìåéñòâî GRACE-S èìååò ïðîèçâîäèòåëüíîñòü çíà÷èòåëüíî (äî 60 ðàç) ïðåâûøàþùóþ ïðîèçâîäèòåëüíîñòü ëó÷øèõ àíàëîãîâ. 1. Òåðìèíû è îïðåäåëåíèÿ  ýòîì ðàçäåëå ìû ââåäåì îñíîâíûå îïðåäåëåíèÿ òåîðèè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ, ÿâëÿþùåéñÿ îñíîâîé äëÿ ðàññìàòðèâàåìûõ ïîòî÷íûõ øèôðîâ. Íàçîâåì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îðèåíòèðîâàííûé ìóëüòèãðàô A = (V, E) (çäåñü V = {v1 , . . . , vN } | ìíîæåñòâî âåðøèí, E | ìóëüòèìíîæåñòâî ðåáåð). Ñ êàæäîé åãî http://technomag.bmstu.ru/doc/.html 299 âåðøèíîé vi àññîöèèðîâàíû: áóëåâà ïåðåìåííàÿ mi , íàçûâàåìàÿ ÿ÷åéêîé, è áóëåâà ôóíêöèÿ fi (x1 , . . . , xdi ), íàçûâàåìàÿ ëîêàëüíîé ôóíêöèåé ñâÿçè i-é âåðøèíû. Ïðè ýòîì äëÿ êàæäîé âåðøèíû vi âõîäÿùèå â íåå ðåáðà ïðîíóìåðîâàíû ÷èñëàìè 1, . . . , di . Îáîáùåííûé êëåòî÷íûé àâòîìàò ðàáîòàåò ñëåäóþùèì îáðàçîì.  íà÷àëüíûé ìîìåíò âðåìåíè êàæäàÿ ÿ÷åéêà ïàìÿòè mi , i = 1, . . . , N , èìååò íåêîòîðîå íà÷àëüíîå çíà÷åíèå mi (0). Äàëåå àâòîìàò ðàáîòàåò ïî øàãàì. Íà øàãå ñ íîìåðîì t ïîñðåäñòâîì ëîêàëüíîé ôóíêöèè ñâÿçè âû÷èñëÿþòñÿ íîâûå çíà÷åíèÿ ÿ÷ååê: mi (t) = fi (mη(i,1) (t − 1), mη(i,2) (t − 1), . . . , mη(i,di ) (t − 1)), (1) ãäå η(i, j) | íîìåð âåðøèíû, èç êîòîðîé èñõîäèò ðåáðî, âõîäÿùåå â âåðøèíó i è èìåþùåå íîìåð j. Çàïîëíåíèåì êëåòî÷íîãî àâòîìàòà M (t) íà øàãå t áóäåì íàçûâàòü íàáîð çíà÷åíèé ÿ÷ååê (m1 (t), m2 (t), . . . , mN (t)). Íàçîâåì îäíîðîäíûì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îáîáùåííûé êëåòî÷íûé àâòîìàò, ó êîòîðîãî ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äëÿ âñåõ ÿ÷ååê îäèíàêîâà è ðàâíà f , ò.å. äëÿ ëþáîãî i ∈ {1, . . . , N } âûïîëíÿåòñÿ fi = f . Ñòåïåíè çàõîäà âåðøèí òàêîãî êëåòî÷íîãî àâòîìàòà, î÷åâèäíî, îäèíàêîâû: d1 = d2 = . . . = dN = d. Íàçîâåì îáîáùåííûé êëåòî÷íûé àâòîìàò íåîðèåíòèðîâàííûì, åñëè äëÿ ëþáîãî ðåáðà (u, v) â åãî ãðàôå ñóùåñòâóåò è ðåáðî (v, u). Ãðàô òàêîãî àâòîìàòà ìîæíî ðàññìàòðèâàòü êàê íåîðèåíòèðîâàííûé ðåãóëÿðíûé ãðàô, åñëè çàìåíèòü êàæäóþ ïàðó ðåáåð (u, v) è (v, u) íà íåîðèåíòèðîâàííîå ðåáðî {u, v}. Äàëåå ìû áóäåì èñïîëüçîâàòü òîëüêî íåîðèåíòèðîâàííûå îäíîðîäíûå îáîáùåííûå êëåòî÷íûå àâòîìàòû, äëÿ êðàòêîñòè íàçûâàÿ èõ ïðîñòî îáîáùåííûìè êëåòî÷íûìè àâòîìàòàìè. Ïóñòü çàäàíà äâîè÷íàÿ ïîñëåäîâàòåëüíîñòü {ξt }. Íàçîâåì îáîáùåííûì êëåòî÷íûì àâòîìàòîì ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ îáîáùåííûé êëåòî÷íûé àâòîìàò, ó êîòîðîãî äëÿ âû÷èñëåíèÿ îäíîé èç ÿ÷ååê mr (áóäåì åå íàçûâàòü çàäàþùåé ÿ÷åéêîé), âìåñòî ôîðìóëû (1) èñïîëüçóåòñÿ ôîðìóëà mr (t) = fr mη(r,1) (t − 1), mη(r,2) (t − 1), . . . , mη(r,dr ) (t − 1) ⊕ ξt . Íåêîòîðûé íàáîð ÿ÷ååê êëåòî÷íîãî àâòîìàòà áóäåì íàçûâàòü âûõîäîì. ×èñëî ÿ÷ååê â ýòîì íàáîðå áóäåì íàçûâàòü äëèíîé âûõîäà èëè äëèíîé âûõîäíîãî ñëîâà. ß÷åéêè, íå âõîäÿùèå â âûõîä íàçîâåì ñêðûòûìè. Âûõîäíîé ïîñëåäîâàòåëüíîñòüþ êëåòî÷íîãî àâòîìàòà íàçîâåì ôóíêöèþ, àðãóìåíòîì êîòîðîé ÿâëÿåòñÿ íîìåð øàãà, à çíà÷åíèåì | çíà÷åíèå âûõîäà íà ýòîì øàãå. Äëÿ êðèïòîñòîéêîñòè øèôðà áîëüøîå çíà÷åíèå èìååò âûáîð ãðàôà îáîáùåííîãî êëåòî÷íîãî àâòîìàòà. Ñîãëàñíî ðàáîòå [6], õîðîøèì âûáîðîì ÿâëÿþòñÿ ãðàôû Ðàìàíóäæàíà [15, 24, 26].  äàííîé ðàáîòå èñïîëüçóþòñÿ òàê íàçûâàåìûå ãðàôû Ëþáîöêîãî | Ôèëèïñà | Ñàðíàêà ñåìåéñòâà Y p,q . Îáñóæäåíèå ýòèõ ãðàôîâ âûõîäèò äàëåêî çà ðàìêè íàñòîÿùåé ðàáîòû. Èõ ïîäðîáíîå îïèñàíèå ìîæíî íàéòè, íàïðèìåð â ðàáîòàõ [25, 26, 30]. Àâòîðîì îíè ðàññìàòðèâàþòñÿ â ñòàòüÿõ [1, 2, 3, 6]. 300 Êðîìå òîãî, âåñüìà âàæíûì ÿâëÿåòñÿ ïðàâèëüíûé âûáîð ëîêàëüíîé ôóíêöèè ñâÿçè îáîáùåííîãî êëåòî÷íîãî àâòîìàòà.  ðàáîòàõ [4, 5] ñôîðìóëèðîâàíû îñíîâíûå ïðèíöèïû âûáîðà òàêèõ ôóíêöèé è ïîñòðîåíî ñåìåéñòâî ôóíêöèé, îòâå÷àþùåå ýòèì òðåáîâàíèÿì.  ÷àñòíîñòè, ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äîëæíà áûòü ðàâíîâåñíîé, øåôôåðîâîé, à åå íåëèíåéíîñòü (ò.å. ðàññòîÿíèå îò ýòîé ôóíêöèè äî ìíîæåñòâà àôôèííûõ áóëåâûõ ôóíêöèé) | êàê ìîæíî áîëåå âûñîêîé. Ñåìåéñòâî ôóíêöèé, óäîâëåòâîðÿþùèõ âñåì íåîáõîäèìûì òðåáîâàíèÿì ïîñòðîåíî â ðàáîòå [5].  ÷àñòíîñòè, â ñëó÷àå ÷åòíîãî ÷èñëà ïåðåìåííûõ èñïîëüçóåòñÿ ôóíêöèÿ g2 (v, u, x1 , y1 , . . . , xk , yk ) = = (1 ⊕ v)(β1 (x1 , y1 , . . . , xk , yk ) ⊕ u) ⊕ v(β3 (x1 , y1 , . . . , xk , yk ) ⊕ u) = = k M xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ v(s1 (x1 , . . . , xk ) ⊕ s3 (x1 , . . . , xk )) ⊕ u, (2) i=1 ãäå s1 (x1 , . . . , xk ) è s3 (x1 , . . . , xk ) | ïðîèçâîëüíûå áóëåâû ôóíêöèè, ïðè÷åì k + t3 = 1 (mod 2), ãäå t3 | ÷èñëî íåíóëåâûõ êîýôôèöèåíòîâ â àëãåáðàè÷åñêîé íîðìàëüíîé ôîðìå ôóíêöèè s3 , è ñâîáîäíûé ÷ëåí ÀÍÔ ôóíêöèè s1 ðàâåí 1.  äàííîé ðàáîòå èñïîëüçóþòñÿ ëîêàëüíûå ôóíêöèè ñâÿçè îò øåñòè ïåðåìåííûõ. Ñëåäóåò îòìåòèòü, ÷òî òàêàÿ ôóíêöèÿ îò øåñòè ïåðåìåííûõ, èìåþùàÿ âèä (2), ìîæåò áûòü ïðåäñòàâëåíà â âèäå ñóïåðïîçèöèè äâóõ ÷åòûðåõìåñòíûõ áóëåâûõ ôóíêöèé. Áîëåå ïîäðîáíî ýòî ïîêàçàíî íèæå. 2. Êîíñòðóêöèÿ ïîòî÷íîãî øèôðà Îïèøåì çäåñü ðàññìàòðèâàåìîå ñåìåéñòâî ïîòî÷íûõ øèôðîâ GRACE-S (åìó òàêæå ïîñâÿùåíû äðóãèå ðàáîòû àâòîðà, íàïðèìåð, [1, 2, 4, 5]). Ñåìåéñòâî îñíîâàíî íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ. Èñïîëüçîâàíèþ êëåòî÷íûõ àâòîìàòîâ â êðèïòîãðàôèè ïîñâÿùåí ðÿä ðàáîò, â òîì ÷èñëå [1, 8]. Ïîòî÷íûé øèôð ïðåäñòàâëÿåò ñîáîé ãåíåðàòîð ãàììû è ñîñòîèò (ðèñ. 1) èç äâóõ îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ CA1 è CA2 è ëèíåéíîãî ðåãèñòðà ñäâèãà ñ îáðàòíîé ñâÿçüþ (LFSR). Àâòîìàòû èìåþò ðàçíûé ðàçìåð è ðàçëè÷íûå ëîêàëüíûå ôóíêöèè ñâÿçè: f1 è f2 . Çàäàþùåé ÿ÷åéêîé ÿâëÿåòñÿ îäíà èç ñêðûòûõ ÿ÷ååê êàæäîãî èç ýòèõ àâòîìàòîâ, à çàäàþùåé ïîñëåäîâàòåëüíîñòüþ ÿâëÿåòñÿ âûõîäíàÿ ïîñëåäîâàòåëüíîñòü ðåãèñòðà ñäâèãà. Ïðè ýòîì ÷èñëî âûõîäíûõ ÿ÷ååê îáîèõ àâòîìàòîâ äîëæíî áûòü îäèíàêîâûì. Ãåíåðàòîð ðàáîòàåò ïîøàãîâî. Íà êàæäîì øàãå âûõîäîì ãåíåðàòîðà ãàììû ÿâëÿåòñÿ ïîðàçðÿäíàÿ ñóììà ïî ìîäóëþ äâà âûõîäîâ àâòîìàòîâ. Ïðè ýòîì íà âûõîäå ãåíåðàòîðà ãàììû íà êàæäîì øàãå ôîðìèðóåòñÿ ñëîâî (áóäåì íàçûâàòü åãî âûõîäíûì ñëîâîì), äëèíà êîòîðîãî ðàâíà äëèíå âûõîäà êàæäîãî àâòîìàòà. Ãàììà ÿâëÿåòñÿ êîíêàòåíàöèåé âûõîäíûõ ñëîâ íà êàæäîì øàãå. http://technomag.bmstu.ru/doc/.html 301 Îáîáùåííûé êëåòî÷íûé àâòîìàò 1 + LFSR Îáîáùåííûé êëåòî÷íûé àâòîìàò 2 Ðèñ. 1. Ñòðóêòóðà ãåíåðàòîðà ãàììû Êðèïòîãðàôè÷åñêèé êëþ÷ ìîæåò èìåòü ëþáóþ äëèíó, ìåíüøóþ ÷èñëà ÿ÷ååê êàæäîãî êëåòî÷íîãî àâòîìàòà íå ìåíåå, ÷åì â ïîëòîðà ðàçà. Ïðè ýòîì, äëèíà LFSR äîëæíà áûòü ðàâíà äëèíå êëþ÷à, à õàðàêòåðèñòè÷åñêèé ìíîãî÷ëåí LFSR äîëæåí áûòü íåïðèâîäèìûì. Íà÷àëüíûì çàïîëíåíèåì êàæäîãî êëåòî÷íîãî àâòîìàòà ÿâëÿåòñÿ êëþ÷, êîíêàòåíèðîâàííûé ñ íåêîòîðîé êîíñòàíòîé, äîïîëíÿþùåé êëþ÷ äî ðàçìåðà àâòîìàòà (ò.å. ÷èñëà ÿ÷ååê). Ýòà êîíñòàíòà äîëæíà èìåòü ïðèáëèçèòåëüíî îäèíàêîâîå êîëè÷åñòâî åäèíèö è íóëåé. Êëþ÷ ÿâëÿåòñÿ òàêæå íà÷àëüíûì çàïîëíåíèåì ðåãèñòðà ñäâèãà. Øèôðîâàíèå, ïðîèçâîäèòñÿ ïóòåì ïîðàçðÿäíîãî ñëîæåíèÿ îòêðûòîãî òåêñòà ñ ãàììîé ïî ìîäóëþ äâà. Ðàñøèôðîâàíèå ïðîèçâîäèòñÿ àíàëîãè÷íî. Îáîçíà÷èì çàïîëíåíèå êëåòî÷íîãî àâòîìàòà CA íà øàãå t êàê CA(t, M0 , ξ), ãäå M0 | íà÷àëüíîå çàïîëíåíèå, à ξ | çàäàþùàÿ ïîñëåäîâàòåëüíîñòü. Âûõîä êëåòî÷íîãî àâòîìàòà îáîçíà÷èì prm (CA(t, M0 , ξ)), ãäå m | äëèíà âûõîäà, à prr | ôóíêöèÿ, âîçâðàùàþùàÿ íåêîòîðûå r ðàçðÿäîâ àðãóìåíòà (èìåþùèå íàïåðåä çàäàííûå íîìåðà). Îáîçíà÷èì ÷åðåç LF SR(L0 ) ïîñëåäîâàòåëüíîñòü, ïîðîæäàåìóþ ëèíåéíûì ðåãèñòðîì ñäâèãà, çäåñü L0 | åãî íà÷àëüíîå çàïîëíåíèå. Òàêèì îáðàçîì, âûõîä ãåíåðàòîðà ãàììû íà øàãå t âû÷èñëÿåòñÿ ïî ôîðìóëå y(t, key) = CA1 (t, key||c1 , LF SR(key)) ⊕ CA2 (t, key||c2 , LF SR(key)), ãäå CA1 è CA2 | äâà îáîáùåííûõ êëåòî÷íûõ àâòîìàòà ñ çàäàþùåé ïîñëåäîâàòåëüíîñòüþ; ⊕ | ïîðàçðÿäíîå ñëîæåíèå ïî ìîäóëþ äâà; c1 è c2 | êîíñòàíòû, äîïîëíÿþùèå êëþ÷ äî ðàçìåðà êëåòî÷íîãî àâòîìàòà. Âåñ ýòèõ êîíñòàíò äîëæåí áûòü áëèçîê ê ïîëîâèíå äëèíû; || | îïåðàöèÿ êîíêàòåíàöèè äâîè÷íûõ âåêòîðîâ. 302 Âûðàáàòûâàåìàÿ ãåíåðàòîðîì ãàììà ïðåäñòàâëÿåò ñîáîé êîíêàòåíàöèþ âûõîäîâ, ïðè÷åì ïîñëå íà÷àëà ðàáîòû àâòîìàòà äåëàåòñÿ íåñêîëüêî õîëîñòûõ øàãîâ: γ = y(τ + 1, key)||y(τ + 2, key)|| . . . , ãäå τ | ÷èñëî õîëîñòûõ øàãîâ. Ýêñïåðèìåíòû ïîêàçàëè, ÷òî ÷èñëî õîëîñòûõ øàãîâ äîëæíî áûòü ïðîïîðöèîíàëüíî äèàìåòðó. Ïîýòîìó â ñëó÷àå èñïîëüçîâàíèÿ ãðàôîâ Ðàìàíóäæàíà τ = Ω(log n), ãäå n | ðàçìåð áîëüøåãî êëåòî÷íîãî àâòîìàòà. Ýêñïåðèìåíòàëüíî ïîêàçàíî, ÷òî íà ïðàêòèêå ÷èñëî õîëîñòûõ øàãîâ äîëæíî áûòü íå ìåíåå ÷åì 2D, ãäå D | äèàìåòð ãðàôà. 3. Ðåàëèçàöèÿ íà ÏËÈÑ è ïðîèçâîäèòåëüíîñòü Ïðîãðàììèðóåìàÿ ëîãè÷åñêàÿ èíòåãðàëüíàÿ ñõåìà (ÏËÈÑ) ðåàëèçóåò íàáîð îäíîòèïíûõ ðåêîíôèãóðèðóåìûõ ÿ÷ååê.  ïðîöåññå ïðîãðàììèðîâàíèÿ ÏËÈÑ îïðåäåëÿåòñÿ êîíôèãóðàöèÿ êàæäîé òàêîé ÿ÷åéêè, à òàêæå ñâÿçè ìåæäó íèìè. C ïîìîùüþ ÏËÈÑ ìîæíî ðåàëèçîâàòü ïðàêòè÷åñêè ëþáóþ öèôðîâóþ ñõåìó. Îïèñàíèå öèôðîâûõ ñõåì îñóùåñòâëÿåòñÿ ïîñðåäñòâîì ñïåöèàëüíûõ ÿçûêîâ, íàèáîëåå èçâåñòíûìè èç êîòîðûõ ÿâëÿþòñÿ VHDL è Verilog.  íàñòîÿùåé ðàáîòå â êà÷åñòâå ïëàòôîðìû áûëè âûáðàíû ÏËÈÑ ôèðìû Altera, à â êà÷åñòâå ÿçûêà îïèñàíèÿ | ÿçûê VHDL. Ïîñêîëüêó òðåáîâàëîñü ïðîâåñòè òåñòèðîâàíèå ïðîèçâîäèòåëüíîñòè øèôðîâ èç ñåìåéñòâà GRACE-S ïðè ðàçëè÷íûõ ïàðàìåòðàõ, áûë ðàçðàáîòàí êîìïëåêñ ïðîãðàìì, ïîçâîëÿþùèé ãåíåðèðîâàòü VHDL-ôàéë, ðåàëèçóþùèé øèôð èç ñåìåéñòâà GRACE-S, çàäàííûé âõîäíûìè ïàðàìåòðàìè, òàêèìè êàê ãðàôû êëåòî÷íûõ àâòîìàòîâ, ëîêàëüíûå ôóíêöèè ñâÿçè, êîëè÷åñòâî âûõîäíûõ ÿ÷ååê è äð. Êîìïëåêñ ïðîãðàìì áûë ðåàëèçîâàí íà ÿçûêå C#. Ïàðàìåòðû çàäàâàëèñü ñ ïîìîùüþ XML-ôàéëà. Äëÿ êîìïèëÿöèè VHDL-ôàéëà è ìîäåëèðîâàíèÿ èñïîëüçîâàëèñü ÑÀÏÐ Altera Quartus II 12.0 è ÑÀÏÐ Altera ModelSim Starter Edition 10.0d. Îñíîâîé àðõèòåêòóðû ÏËÈÑ Altera ÿâëÿþòñÿ ìîäóëè àäàïòèâíîé ëîãèêè (Adaptive Logic Module, ALM). ÏËÈÑ ñîñòîèò èç áîëüøîãî êîëè÷åñòâà òàêèõ ìîäóëåé. Êàæäûé ALM ñîñòîèò èç ýëåìåíòà êîìáèíàòîðíîé ëîãèêè, äâóõ ðåãèñòðîâ è äâóõ ñóììàòîðîâ. Ñ ïîìîùüþ ýëåìåíòà êîìáèíàòîðíîé ëîãèêè ìîæíî ðåàëèçîâàòü áóëåâó ôóíêöèþ. Ïðè÷åì, ìëàäøèå ìîäåëè ÏËÈÑ (ñåìåéñòâî Cyclone) ïîçâîëÿþò ðåàëèçîâàòü â êàæäîì ALM ïðîèçâîëüíóþ áóëåâó ôóíêöèþ îò ÷åòûðåõ ïåðåìåííûõ, â òî âðåìÿ êàê ñòàðøèå ìîäåëè (ñåìåéñòâà Arria è Stratix) | ïðîèçâîëüíóþ áóëåâó ôóíêöèþ îò øåñòè ïåðåìåííûõ. Ïîýòîìó äëÿ îáåñïå÷åíèÿ âûñîêîé ýôôåêòèâíîñòè, ëîêàëüíàÿ ôóíêöèÿ ñâÿçè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ äîëæíà çàâèñåòü íå áîëåå ÷åì îò øåñòè ïåðåìåííûõ è äîëæíà äîïóñêàòü âîçìîæíîñòü ðåàëèçàöèè ñ ïîìîùüþ íàèìåíüøåãî ÷èñëà ôóíêöèé, çàâèñÿùèõ îò ÷åòûðåõ ïåðåìåííûõ. Âûáðàííîå ñåìåéñòâî ôóíêöèé óäîâëåòâîðÿåò ýòèì òðåáîâàíèÿì. http://technomag.bmstu.ru/doc/.html 303 Äåéñòâèòåëüíî, ôóíêöèþ (2) ìîæíî ïðåäñòàâèòü â âèäå ñóïåðïîçèöèè ñëåäóþùèõ äâóõ ôóíêöèé çàâèñÿùèõ îò ìåíüøåãî ÷èñëà ïåðåìåííûõ: g21 (u, x1 , y1 , . . . , xk−ρ , yk−ρ , t) = k−ρ M xi yi ⊕ u ⊕ t; i=1 g22 (v, x1 , . . . , xk , yk−ρ+1 , . . . , yk ) = k M = xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ v(s1 (x1 , . . . , xk ) ⊕ s3 (x1 , . . . , xk )). i=k−ρ+1 Óêàçàííàÿ ñóïåðïîçèöèÿ ââîäèòñÿ ñëåäóþùèì îáðàçîì: g2 (v, u, x1 , y1 , . . . , xk , yk ) = g21 (u, x1 , y1 , . . . , xk−ρ , yk−ρ , g22 (v, x1 , . . . , xk , yk−ρ+1 , . . . , yk )). Âñåãî ôóíêöèÿ g2 èìååò d = 2k + 2 àðãóìåíòîâ. Ôóíêöèÿ g21 èìååò 2(k − ρ) àðãóìåíòîâ, à ôóíêöèÿ g22 èìååò k + ρ + 1 àðãóìåíò. Ïðè ρ áëèçêîì ê (k + 1)/3 = n/6 ó ôóíêöèé g21 è g22 áóäåò ïðèáëèçèòåëüíî ïîðîâíó àðãóìåíòîâ.  ÷àñòíîñòè, ïðè d = 6 è ρ = 1 ýòè äâå ôóíêöèè èìåþò ïî ÷åòûðå àðãóìåíòà, ò.å. øåñòèìåñòíàÿ ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äàííîãî âèäà ìîæåò áûòü ïðåäñòàâëåíà â âèäå ñóïåðïîçèöèè äâóõ ÷åòûðåõìåñòíûõ ôóíêöèé. Áûëî ïðîâåäåíî èññëåäîâàíèå ïðîèçâîäèòåëüíîñòè ïðè ðàçëè÷íûõ çíà÷åíèÿõ ïàðàìåòðîâ (òàáë. 1) íà ðàçëè÷íûõ ÏËÈÑ ôèðìû Altera (Cyclone II, Cyclone V, Arria II GX, Arria V, Stratix III, Stratix V). Äëÿ ÏËÈÑ Cyclone II è Stratix V áûëà ïðîâåðåíà ðàáîòà íà ôèçè÷åñêîé ÏËÈÑ, ñ ïîìîùüþ ñîîòâåòñòâóþùèõ îòëàäî÷íûõ ïëàò ñ âíåøíèì òàêòîâûì ãåíåðàòîðîì. Òàáëèöà 1 Ïàðàìåòðû ïðîòåñòèðîâàííûõ øèôðîâ èç ñåìåéñòâà GRACE-S No ï/ï 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Êîë-âî ÿ÷ååê êëåòî÷íîãî àâòîìàòà ¹ 1 230 390 770 1182 1550 2310 3090 4622 230 390 770 1182 1550 2310 3090 4622 Êîë-âî ÿ÷ååê êëåòî÷íîãî àâòîìàòà ¹ 2 242 402 810 1202 1602 2342 3110 4650 242 402 810 1202 1602 2342 3110 4650 Êîë-âî âûõîäíûõ ÿ÷ååê 128 256 512 768 1024 1536 2048 3072 128 256 512 768 1024 1536 2048 3072 Äëèíà êëþ÷à 128 128 128 128 128 128 128 128 256 256 256 256 256 256 256 256 304 Äàííûå ïî áûñòðîäåéñòâèþ, ìàêñèìàëüíîé òàêòîâîé ÷àñòîòå è ýôôåêòèâíîñòè ðåàëèçàöèè ïðèâåäåíû íà ðèñ. 2, 3, 4. Çäåñü ïîä ýôôåêòèâíîñòüþ àïïàðàòíîé ðåàëèçàöèè ïîíèìàåòñÿ îòíîøåíèþ áûñòðîäåéñòâèÿ ê êîëè÷åñòâó àïïàðàòíûõ ðåñóðñîâ. Äëÿ ðàññìàòðèâàåìûõ ÏËÈÑ åäèíèöåé àïïàðàòíûõ ðåñóðñîâ ÿâëÿåòñÿ ëîãè÷åñêèé ýëåìåíò | LE. 1200,0 Ñêîðîñòü ãåíåðàöèè ãàììû, Ãáèò/ñ 1000,0 800,0 600,0 400,0 200,0 0,0 128 256 512 Arria II GX Arria V 768 1024 Äëèíà âûõîäíîãî ñëîâà Cyclone II Cyclone V 1536 Stratix III Stratix IV 2048 3072 Stratix V Ðèñ. 2. Ñêîðîñòü ãåíåðàöèè ãàììû 800 Ìàêñèìàëüíàÿ òàêòîâàÿ ÷àñòîòà, ÌÃö 700 600 500 400 300 200 100 0 128 256 Arria II GX 512 Arria V 768 1024 Äëèíà âûõîäíîãî ñëîâà Cyclone II Cyclone V Stratix III 1536 Stratix IV 2048 3072 Stratix V Ðèñ. 3. Ìàêñèìàëüíàÿ òàêòîâàÿ ÷àñòîòà http://technomag.bmstu.ru/doc/.html 305 200,0 180,0 Ýôôåêòèâíîñòü ðåàëèçàöèè, Ìáèò/(ñ*LE) 160,0 140,0 120,0 100,0 80,0 60,0 40,0 20,0 0,0 128 256 Arria II GX 512 Arria V 768 1024 1536 2048 Äëèíà âûõîäíîãî ñëîâà Cyclone II Cyclone V Stratix III Stratix IV Stratix V 3072 Ðèñ. 4. Ýôôåêòèâíîñòü ðåàëèçàöèè 4. Ñðàâíåíèå ïàðàìåòðîâ ýôôåêòèâíîñòè è áûñòðîäåéñòâèÿ ñåìåéñòâà êðèïòîàëãîðèòìîâ GRACE-S ñ ñóùåñòâóþùèìè àíàëîãàìè ïðè àïïàðàòíîé ðåàëèçàöèè Ñðàâíåíèå ïðîâîäèëîñü ñ ïîòî÷íûìè êðèïòîàëãîðèòìàìè, ïðåäñòàâëåííûìè íà åâðîïåéñêèé êîíêóðñ eSTREAM, ïðîâîäèâøèéñÿ â 2005{2008 ãã., êîòîðûé áûë íàïðàâëåí íà ïîèñê êðèïòîñòîéêèõ ïîòî÷íûõ øèôðîâ. Äàííûå î áûñòðîäåéñòâèè ðåàëèçàöèé àëãîðèòìîâ ïîëó÷åíû èç ðàáîòû [22]. Ìåòîäèêà ñðàâíåíèÿ àíàëîãè÷íà èñïîëüçóåìîé â ñòàòüå [7]. Ñðàâíåíèå áûñòðîäåéñòâèÿ (ò.å. ñêîðîñòè âûðàáîòêè ãàììû) ïðîâîäèëîñü ïî äâóì ïîêàçàòåëÿì: áûñòðîäåéñòâèå íà ìàêñèìàëüíîé òàêòîâîé ÷àñòîòå è áûñòðîäåéñòâèå íà òàêòîâîé ÷àñòîòå 100 ÌÃö. Ñðàâíåíèå ïðîèçâîäèëàñü ñ êðèïòîàëãîðèòìàìè AES (â ðåæèìå OFB) [14], Achterbahn [19, 20], Grain [21, 23, 32], MICKEY [9, 10, 11, 12], MOSQUITO [13], SFINKS+ [31], Trivium [16, 17], VEST [27], ZK-Crypt [34]. Äàííûå ïðèâåäåíû â òàáë. 2. Îòðàæåíû äàííûå äëÿ ñåìåéñòâà GRACE-S ñ ðàçëè÷íîé äëèíîé âûõîäíîãî ñëîâà (256, 1024, 3072) è ïðè ðåàëèçàöèè íà íàèáîëåå õàðàêòåðíûõ ÏËÈÑ ôèðìû Altera: Stratix V, êàê íàèáîëåå áûñòðîäåéñòâóþùåé, è Cyclone II, êàê íàèáîëåå äåøåâîé. Èç òàáë. 2 âèäíî, ÷òî áûñòðîäåéñòâèå ïðè ðåàëèçàöèè íà Stratix V â 60 ðàç ïðåâûøàåò áûñòðîäåéñòâèå êðèïòîàëãîðèòìà Trivium, èìåþùåãî ìàêñèìàëüíîå áûñòðîäåéñòâèå ñðåäè àëãîðèòìîâ, ïðåäñòàâëåííûõ íà êîíêóðñ eStream. Ñîïîñòàâëåíèå ýôôåêòèâíîñòè àïïàðàòíîé ðåàëèçàöèè ïðèâåäåíî â òàáë. 3. Äàííûå ïî êðèïòîàëãîðèòìàì AES, Trivium, MICKEY è Grain ïðèâåäåíû â ñîîòâåòñòâèè ñî ñòàòüåé [29]. 306 Òàáëèöà 2 Áûñòðîäåéñòâèå àïïàðàòíûõ ðåàëèçàöèé øèôðîâ ñåìåéñòâà GRACE-S â ñðàâíåíèè ñ àíàëîãè÷íûìè ñóùåñòâóþùèìè øèôðàìè Ãåíåðàòîð GRACE-S | 256, Cyclone II GRACE-S | 1024, Cyclone II GRACE-S | 256, Strarix V GRACE-S | 1024, Strarix V GRACE-S | 3072, Strarix V AES (OFB) Achterbahn Grain MICKEY MOSQUITO SFINKS+ Trivium VEST ZK-Crypt Ìàêñ. òàêòîâàÿ ÷àñòîòà, ÌÃö 195 108 700 517 362 182 250 300 308 265 167 312 286 203 Áûñòðîäåéñòâèå ïðè ìàêñ. òàêòîâîé ÷àñòîòå, Ãáèò/ñ 49 110 179 529 1112 0,52 0,46 4,47 0,28 0,73 1,24 18,5 4,25 6,05 Áûñòðîäåéñòâèå ïðè òàêòîâîé ÷àñòîòå 100 ÌÃö, Ãáèò/ñ 25 102 25 102 307 0,29 0,18 1,49 0,93 0,27 0,74 5,95 1,48 2,98 Òàáëèöà 3 Ýôôåêòèâíîñòü àïïàðàòíûõ ðåàëèçàöèé øèôðîâ ñåìåéñòâà GRACE-S â ñðàâíåíèè ñ àíàëîãè÷íûìè ñóùåñòâóþùèìè øèôðàìè Ãåíåðàòîð AES Grain MICKEY Trivium GRACE-S | 256, Cyclone II GRACE-S | 1024, Cyclone II GRACE-S | 256, Strarix V GRACE-S | 1024, Strarix V GRACE-S | 3072, Strarix V Áûñòðîäåéñòâèå, Ìáèò/ñ 0,61 3,44 0,22 16,3 49 110 179 529 1112 Àïïàðàòíûå ðåñóðñû, òûñ. LE 5 0,5 0,5 0,7 1,9 6,7 1 3,4 10,2 Ýôôåêòèâíîñòü, Ãáèò/(ñ · LE) 0,12 6,77 0,41 23,3 26 16 179 155 109 Èç òàáë. 3 âèäíî, ÷òî ýôôåêòèâíîñòü àïïàðàòíîé ðåàëèçàöèè àëãîðèòìîâ GRACE{S â íåñêîëüêî ðàç ïðåâûøàåò ýôôåêòèâíîñòü àïïàðàòíîé ðåàëèçàöèè ëó÷øåãî èç àëãîðèòìîâ, ïðåäñòàâëåííûõ íà êîíêóðñå eStream. Çàêëþ÷åíèå  ñòàòüå ïîêàçàíî, ÷òî ñåìåéñòâî ïîòî÷íûõ øèôðîâ, îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ GRACE-S, äîïóñêàåò âûñîêîýôôåêòèâíóþ àïïàðàòíóþ ðåàëèçàöèþ, ïîêàçûâàþùóþ ñêîðîñòü, êîòîðàÿ â 60 è áîëåå ðàç ïðåâûøàåò ñêîðîñòü èçâåñòíûõ ïîòî÷íûõ øèôðîâ, è ýôôåêòèâíîñòü ðåàëèçàöèè, êîòîðàÿ â 7 è áîëåå ðàç ïðåâûøàåò ýôôåêòèâíîñòü http://technomag.bmstu.ru/doc/.html 307 ðåàëèçàöèè èçâåñòíûõ ïîòî÷íûõ øèôðîâ. Êðîìå òîãî, àïïàðàòíûå ðåñóðñû, íåîáõîäèìûå äëÿ ðåàëèçàöèè øèôðîâ èç ýòîãî ñåìåéñòâà, âåñüìà íåâåëèêè, ÷òî ïîçâîëÿåò îòíåñòè èõ ê ëåãêîâåñíûì (lightweight) êðèïòîàëãîðèòìàì. Àâòîð áëàãîäàðèò À.Â. Äóäèíà çà ïîìîùü â ïîäãîòîâêå ìàòåðèàëîâ äëÿ ýòîé ñòàòüè. Ðàáîòà âûïîëíåíà ïðè ôèíàíñîâîé ïîääåðæêå ÐÔÔÈ (ãðàíò ¹ 12-07-31012). Ñïèñîê ëèòåðàòóðû 1. Êëþ÷àð¸â Ï.Ã. Êëåòî÷íûå àâòîìàòû, îñíîâàííûå íà ãðàôàõ Ðàìàíóäæàíà, â çàäà÷àõ ãåíåðàöèè ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2011. ¹ 10. 2. Êëþ÷àð¸â Ï.Ã. Êðèïòîãðàôè÷åñêèå ñâîéñòâà êëåòî÷íûõ àâòîìàòîâ, îñíîâàííûõ íà ãðàôàõ Ëþáîöêîãî | Ôèëèïñà | Ñàðíàêà// Áåçîïàñíûå èíôîðìàöèîííûå òåõíîëîãèè. Ñáîðíèê òðóäîâ Âòîðîé âñåðîññèéñêîé íàó÷íî-òåõíè÷åñêîé êîíôåðåíöèè. Ì.: ÍÈÈ ðàäèîýëåêòðîíèêè è ëàçåðíîé òåõíèêè, 2011. Ñ. 163{173. 3. Êëþ÷àð¸â Ï.Ã. Áëî÷íûå øèôðû, îñíîâàííûå íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 12. 4. Êëþ÷àð¸â Ï.Ã. Î ïåðèîäå îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 2. 5. Êëþ÷àð¸â Ï.Ã. Îáåñïå÷åíèå êðèïòîãðàôè÷åñêèõ ñâîéñòâ îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 3. 6. Êëþ÷àð¸â Ï.Ã. Ïîñòðîåíèå ïñåâäîñëó÷àéíûõ ôóíêöèé íà îñíîâå îáîáùåêëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íî-òåõíè÷åñêîå èçäàíèå. 2012. ¹ 10. 7. Ñóõèíèí Á. Ì. Ðàçðàáîòêà ãåíåðàòîðîâ ïñåâäîñëó÷àéíûõ äâîè÷íûõ ïîñëåäîâàòåëüíîñòåé íà îñíîâå êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. Ýëåêòðîííîå íàó÷íîòåõíè÷åñêîå èçäàíèå. 2010. ¹ 9. 8. Ñóõèíèí Á.Ì. Î íåêîòîðûõ ñâîéñòâàõ êëåòî÷íûõ àâòîìàòîâ è èõ ïðèìåíåíèè â ñòðóêòóðå ãåíåðàòîðîâ ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé // Âåñòíèê ÌÃÒÓ èì. Í.Ý. Áàóìàíà. Ñåð. Ïðèáîðîñòðîåíèå. 2011. ¹ 2. Ñ. 68{76. 9. Babbage S., Dodd M. The stream cipher mickey (version 1) // ECRYPT Stream Cipher Project Report. 2005. Vol. 15. P. 2005. 10. Babbage S., Dodd M. The stream cipher mickey-128 2.0 // Article for eSTREAM Project. 2006. Avairable at http://www.ecrypt.eu.org/stream/p2ciphers/mickey128/mickey128 p2.pdf. 11. Babbage S., Dodd M. The stream cipher mickey 2.0 // ECRYPT Stream Cipher. 2006. Available at http://www.ecrypt.eu.org/stream/p3ciphers/mickey/mickey p3.pdf. 12. Babbage S., Dodd M. The mickey stream ciphers // New Stream Cipher Designs. Springer, 2008. P. 191{209. 308 13. Daemen J., Kitsos P. The self-synchronizing stream cipher moustique // New Stream Cipher Designs. Springer, 2008. P. 210{223. 14. Daemen J., Rijmen V. The design of Rijndael: AES-the advanced encryption standard. Springer, 2002. 15. Davidoff G., Sarnak P., Valette A. Elementary number theory, group theory and Ramanujan graphs. Cambridge University Press, 2003. Vol. 55. 16. De Canniere C. Trivium: A stream cipher construction inspired by block cipher design principles // Information Security. Springer, 2006. P. 171{186. 17. De Canniere C., Preneel B. Trivium // New Stream Cipher Designs. Springer, 2008. P. 244{266. 18. Eisenbarth T., Kumar S. A survey of lightweight-cryptography implementations // Design & Test of Computers, IEEE. 2007. Vol. 24, no. 6. P. 522{533. 19. Gammel B., G•ottfert R., Kniffler O. The achterbahn stream cipher. estream, ecrypt stream cipher project, report 2005/002, 2005. 20. Gammel B., G•ottfert R., Kniffler O. Achterbahn-128/80: Design and analysis // ECRYPT Network of Excellence-SASC Workshop Record. 2007. P. 152{165. 21. Hell M., Johansson Th., Maximov A., Meier W. The grain family of stream ciphers // New Stream Cipher Designs. Springer, 2008. P. 179{190. 22. Gurkaynak F., Luethi P., Bernold N. et al. Hardware evaluation of eSTREAM candidates: Achterbahn, Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, zk-crypt. 2006. Available at: http://www.ecrypt.eu.org/stream/papersdir/2006/015.pdf. 23. Hell M., Johansson T., Meier W. Grain: a stream cipher for constrained environments // Int. J. of Wireless and Mobile Computing. 2007. Vol. 2, no. 1. P. 86{93. Available at: http://inderscience.metapress.com/index/j463lh7251257262.pdf. 24. Hoory S., Linial N., Wigderson A. Expander graphs and their applications // Bulletin of the American Mathematical Society. 2006. Vol. 43, no. 4. P. 439{562. 25. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the ramanujan conjectures // Proceedings of the eighteenth annual ACM symposium on Theory of computing / ACM. 1986. P. 240{246. 26. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs // Combinatorica. 1988. Vol. 8, no. 3. P. 261{277. 27. O'Neil S., Gittins B., Landman H. A. Vest hardware-dedicated stream ciphers // IACR Cryptology ePrint Archive. 2005. Vol. 2005. P. 413. Available at: https://eprint.iacr.org/2005/413. 28. Poschmann A. Y. Lightweight cryptography: Cryptographic engineering for a pervasive world // PH. D. THESIS / Citeseer. 2009. Available at: http://citeseerx.ist.psu.edu/viewdoc/ summary?doi=10.1.1.182.1450. http://technomag.bmstu.ru/doc/.html 309 29. Rogawski M. Hardware evaluation of eSTREAM candidates: Grain, Lex, Mickey128, Salsa20 and Trivium. 2007. Available at: http://www.ecrypt.eu.org/stream/papersdir/2007/025.pdf. 30. Sarnak P. Some applications of modular forms. Cambridge University Press, 1990. Vol. 99. 31. Braeken A., Lano J., Mentens N. et al. Sfinks: A synchronous stream cipher for restricted hardware environments // SKEW-Symmetric Key Encryption Workshop. 2005. 32. Hell M., Johansson Th., Maximov A., Meier W. A stream cipher proposal: Grain-128 // Information Theory, 2006 IEEE International Symposium on IEEE. 2006. P. 1614{1618. 33. Yalla P., Kaps J.-P. Lightweight cryptography for fpgas // Reconfigurable Computing and FPGAs, 2009. ReConFig'09. International Conference on IEEE. 2009. P. 225{230. 34. Hecht A., Bard G., Dunkelman O. et al. The zk-crypt algorithm specification. 2007. 310 Performance and effectiveness of hardware realization of stream ciphers based on generalized cellular automata # 10, October 2013 DOI: Klyucharev P. G. Bauman Moscow State Technical University 105005, Moscow, Russian Federation [email protected] In this article data on performance and effectiveness of the GRACE-S family of stream ciphers based on generalised cellular automata and expander graphs were discussed. Altera FPGA was used as a platform for hardware implementation. The performance of GRACE-S stream ciphers was compared with the performance of stream ciphers that had won the eSTREAM competition. According to the performed tests, the performance of the GRACE-S family of stream ciphers significantly (up to 60 times) exceeds the performance of the best-known stream ciphers. References 1. Klyucharev P.G. Kletochnye avtomaty, osnovannye na grafakh Ramanudzhana, v zadachakh generatsii psevdosluchaynykh posledovatel'nostey [Cellular automations based on Ramanujan graphs in the field of the generation of pseudorandom sequences]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2011, no. 10. Avilable at: http://technomag.edu.ru/doc/241308.html, accessed 01.09.2013. 2. Klyucharev P.G. Kriptograficheskie svoystva kletochnykh avtomatov, osnovannykh na grafakh Lyubotskogo | Filipsa | Sarnaka [Cryptographic properties of cellular automata based on LPS-graphs]. Bezopasnye informatsionnye tekhnologii: sb. trudov Vtoroy vserossiyskoy nauchno-tekhnicheskoy konferentsii [Proc. of the 2nd All-Rus. sci.-tech. conf. \Secure information technologies"]. Moscow, Publication of Research Institute of Radioelectronics and Laser Technology, 2011, pp. 163{173. 3. Klyucharev P.G. Blochnye shifry, osnovannye na obobshchennykh kletochnykh avtomatakh [Construction of pseudo-random functions based on generalized cellular automata]. Nauka i http://technomag.bmstu.ru/doc/.html 311 obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 12. DOI: 10.7463/0113.0517543. 4. Klyucharev P.G. O periode obobshchennykh kletochnykh avtomatov [About the period of generalized cellular automatons]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 2. Available at: http://technomag.edu.ru/doc/ 340943.html, accessed 01.09.2013. 5. Klyucharev P.G. Obespechenie kriptograficheskikh svoystv obobshchennykh kletochnykh avtomatov [On cryptographic properties of generalized cellular automatons]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 3. Available at: http://technomag.edu.ru/doc/358973.html, accessed 01.09.2013. 6. Klyucharev P.G. Postroenie psevdosluchaynykh funktsiy na osnove obobshchennykh kletochnykh avtomatov [Construction of pseudorandom functions based on generalized cellular automata]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 10. DOI: 10.7463/1112.0496381. 7. Sukhinin B.M. Razrabotka generatorov psevdosluchaynykh dvoichnykh posledovatel'nostey na osnove kletochnykh avtomatov [The Development of Pseudorandom Binary Sequences Generators Based on Cellular Automata]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2010, no. 9. Available at: http://technomag. bmstu.ru/doc/159714.html, accessed 01.09.2013. 8. Sukhinin B.M. O nekotorykh svoystvakh kletochnykh avtomatov i ikh primenenii v strukture generatorov psevdosluchaynykh posledovatel'nostey [Some properties of cellular automata and their application in the structure of pseudorandom sequences generators]. Vestnik MGTU im. N.E. Baumana. Ser. Priborostroenie [Herald of the Bauman MSTU. Ser. Instrument Engineering], 2011, no. 2, pp. 68{76. 9. Babbage S., Dodd M. The stream cipher MICKEY (version 1). From: eSTREAM: the ECRYPT Stream Cipher Project. 2005/015, 2005. Available at: http://www.ecrypt.eu.org/ stream/ciphers/mickey/mickey.pdf, accessed 01.09.2013. 10. Babbage S., Dodd M. The stream cipher MICKEY-128 2.0. From: eSTREAM: the ECRYPT Stream Cipher Project, 2006. Avaiable at: http://www.ecrypt.eu.org/stream/p2ciphers/ mickey128/mickey128 p2.pdf, accessed 01.09.2013. 11. Babbage S., Dodd M. The stream cipher MICKEY 2.0. From: eSTREAM: the ECRYPT Stream Cipher Project, 2006. Available at: http://www.ecrypt.eu.org/stream/p3ciphers/mickey/ mickey p3.pdf, accessed 01.09.2013. 12. Babbage S., Dodd M. The MICKEY stream ciphers. In: New Stream Cipher Designs. Springer, 2008. P. 191{209. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3540-68351-3 15. 312 13. Daemen J., Kitsos P. The self-synchronizing stream cipher MOUSTIQUE. In: New Stream Cipher Designs. Springer, 2008. P. 210{223. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3-540-68351-3 16. 14. Daemen J., Rijmen V. The Design of Rijndael. AES | the Advanced Encryption Standard. Springer, 2002. 238 p. (Ser. Information Security and Cryptography). DOI: 10.1007/978-3662-04722-4. 15. Davidoff G., Sarnak P., Valette A. Elementary Number Theory, Group Theory and Ramanujan Graphs. Cambridge University Press, 2003. 156 p. (Ser. London Mathematical Society Student Texts; vol. 55). 16. De Canniere C. Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles. In: Information Security. Springer, 2006. P. 171{186. (Ser. Lecture Notes in Computer Science; vol. 4176). DOI: 10.1007/11836810 13. 17. De Canniere C., Preneel B. Trivium. In: New Stream Cipher Designs. Springer, 2008. P. 244{ 266. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3-540-683513 18. 18. Eisenbarth T., Kumar S. A survey of lightweight-cryptography implementations. Design and Test of Computers, IEEE, 2007, vol. 24, no. 6, pp. 522{533. DOI: 10.1109/MDT.2007.178. 19. Gammel B., G•ottfert R., Kniffler O. The Achterbahn Stream Cipher. From: eSTREAM: the ECRYPT Stream Cipher Project. 2005/002, 2005. Available at: http://www.ecrypt.eu.org/ stream/ciphers/achterbahn/achterbahn.pdf, accessed 01.09.2013. 20. Gammel B., G•ottfert R., Kniffler O. Achterbahn-128/80: Design and analysis. ECRYPT Network of Excellence | Workshop Record of The State of the Art of Stream Ciphers | SASC 2007, Ruhr University Bochum, Germany, Jan 31 { Feb 1, 2007, pp. 152{165. 21. Hell M., Johansson Th., Maximov A., Meier W. The grain family of stream ciphers. In: New Stream Cipher Designs. Springer, 2008. P. 179{190. (Ser. Lecture Notes in Computer Science; vol. 4986). DOI: 10.1007/978-3-540-68351-3 14. 22. Gurkaynak F., Luethi P., Bernold N., Blattmann R., Goode V., Marghitola M., Kaeslin H., Felber N., Fichtner W. Hardware Evaluation of eSTREAM Candidates: Achterbahn, Grain, MICKEY, MOSQUITO, SFINKS, Trivium, VEST, ZK-Crypt. From: eSTREAM: the ECRYPT Stream Cipher Project. 2006/015, 2006. Available at: http://www.ecrypt.eu.org/ stream/papersdir/2006/015.pdf, accessed 01.09.2013. 23. Hell M., Johansson T., Meier W. Grain: a stream cipher for constrained environments. International Journal of Wireless and Mobile Computing, 2007, vol. 2, no. 1, pp. 86{93. Available at: http://inderscience.metapress.com/index/j463lh7251257262.pdf, accessed 01.09.2013. 24. Hoory S., Linial N., Wigderson A. Expander graphs and their applications. Bulletin of the American Mathematical Society, 2006, vol. 43, no. 4, pp. 439{562. DOI: S0273-0979-0601126-8. http://technomag.bmstu.ru/doc/.html 313 25. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the Ramanujan conjectures. STOC086 Proceedings of the eighteenth annual ACM symposium on Theory of computing, New York, NY, ACM, 1986, pp. 240{246. DOI: 10.1145/12130.12154. 26. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs. Combinatorica, 1988, vol. 8, no. 3, pp. 261{277. DOI: 10.1007/BF02126799. 27. O'Neil S., Gittins B., Landman H. A. VEST Hardware-Dedicated Stream Ciphers. IACR Cryptology ePrint Archive: Report 2005/413. Available at: https://eprint.iacr.org/2005/413, accessed 01.09.2013. 28. Poschmann A. Y. Lightweight cryptography: Cryptographic engineering for a pervasive world. PH.D. Thesis. From: CiteSeerX, 2009. Available at: http://citeseerx.ist.psu.edu/viewdoc/ summary?doi=10.1.1.182.1450, accessed 01.09.2013. 29. Rogawski M. Hardware evaluation of eSTREAM Candidates: Grain, Lex, Mickey128, Salsa20 and Trivium. From: eSTREAM: the ECRYPT Stream Cipher Project. 2007/025 (SASC 2007), 2007. Available at: http://www.ecrypt.eu.org/stream/papersdir/2007/025.pdf, accessed 01.09.2013. 30. Sarnak P. Some applications of modular forms. Cambridge: Cambridge University Press, 1990. (Ser. Cambridge Tracts in Mathematics; vol. 99). 31. Braeken A., Lano J., Mentens N.. Preneel B., Verbauwhede I. SFINKS: A synchronous stream cipher for restricted hardware environments. Proc. of SKEW | Symmetric Key Encryption Workshop, Network of Excellence in Cryptology ECRYPT, Aarhus, Danemark, 2005. 32. Hell M., Johansson Th., Maximov A., Meier W. A stream cipher proposal: Grain-128. 2006 IEEE International Symposium on Information Theory, 2006, pp. 1614{1618. DOI: 10.1109/ISIT.2006.261549. 33. Yalla P., Kaps J.-P. Lightweight cryptography for FPGAs. Reconfigurable Computing and FPGAs, 2009. ReConFigý09. International Conference on IEEE, 2009, pp. 225{230. DOI: 10.1109/ReConFig.2009.54. 34. Hecht A., Bard G., Dunkelman O. et al. Gressel C., Granot R. The ZK-Crypt Algorithm Specication. FortressGB, 2007. 314