Блочные шифры, основанные на обобщенных клеточных
advertisement
Áëî÷íûå øèôðû, îñíîâàííûå íà îáîáùåííûõ êëåòî÷íûõ
àâòîìàòàõ
# 12, äåêàáðü 2012
DOI: 10.7463/0113.0517543
Êëþ÷àð¸â Ï. Ã.
ÓÄÊ 519.713+004.056.55
Ðîññèÿ, ÌÃÒÓ èì. Í.Ý. Áàóìàíà
pk.iu8@yandex.ru
1. Ââåäåíèå
Îäíèì èç âàæíåéøèõ êëàññîâ êðèïòîãðàôè÷åñêèõ àëãîðèòìîâ ÿâëÿþòñÿ
áëî÷íûå øèôðû.  íàñòîÿùåå âðåìÿ ñóùåñòâóåò áîëüøîå êîëè÷åñòâî ðàçíîîáðàçíûõ áëî÷íûõ øèôðîâ (îáçîð íàèáîëåå èçâåñòíûõ èç íèõ ìîæíî íàéòè,
íàïðèìåð, â êíèãàõ [11, 16]), íî âñå âîçðàñòàþùèå òðåáîâàíèÿ, ïðåäúÿâëÿåìûå ê ïðîèçâîäèòåëüíîñòè, è íåîáõîäèìîñòü ðåàëèçàöèè â óñëîâèÿõ äåôèöèòà
âû÷èñëèòåëüíûõ ðåñóðñîâ, ïðèâîäÿò ê íåîáõîäèìîñòè ðàçðàáîòêè íîâûõ, âûñîêîïðîèçâîäèòåëüíûõ, êðèïòîàëãîðèòìîâ.  ÷àñòíîñòè, èíòåðåñ ïðåäñòàâëÿåò
ïîäõîä ê ñèíòåçó áëî÷íûõ øèôðîâ, îñíîâàííûé íà èñïîëüçîâàíèè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ, ïîñêîëüêó îí ïîçâîëÿåò ïîñòðîèòü øèôðû, êîòîðûå
ìîãóò áûòü ñ áîëüøîé ýôôåêòèâíîñòüþ ðåàëèçîâàíû àïïàðàòíî. Ïîäîáíûé
ïîäõîä áûë âïåðâûå ïðåäëîæåí äëÿ ñîçäàíèÿ ïîòî÷íûõ øèôðîâ â ðàáîòàõ [7,8]
è ðàçâèò àâòîðîì â ðàáîòàõ [1{4, 6].
 ðàáîòå [5] àâòîðîì áûëî ïðåäëîæåíî ñåìåéñòâî ïñåâäîñëó÷àéíûõ ôóíêöèé, îñíîâàííûõ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ. Òàêèå ôóíêöèè ìîãóò
èñïîëüçîâàòüñÿ â êà÷åñòâå S-áëîêîâ, ïîäõîäÿùèõ äëÿ ïîñòðîåíèÿ áëî÷íûõ øèôðîâ. Äàííàÿ ðàáîòà ïîñâÿùåíà ìåòîäàì ïîñòðîåíèÿ áëî÷íûõ øèôðîâ, îñíîâàííûõ íà ýòèõ ôóíêöèÿõ.
Ñóùåñòâóåò äâà îñíîâíûõ ìåòîäà ïîñòðîåíèÿ áëî÷íûõ øèôðîâ: SP-ñåòü è
ñõåìà Ôåéñòåëÿ.
http://technomag.edu.ru/doc/517543.html
361
Äëÿ èñïîëüçîâàíèÿ SP-ñåòè íåîáõîäèìà îáðàòèìîñòü S-áëîêîâ, îäíàêî ðàññìàòðèâàåìûå ïñåâäîñëó÷àéíûå ôóíêöèè îáðàòèìûìè íå ÿâëÿþòñÿ. Ïîýòîìó
â äàííîé ðàáîòå èñïîëüçóåòñÿ ñõåìà Ôåéñòåëÿ.
2. Îñíîâíûå ïîíÿòèÿ
 ýòîì ðàçäåëå ìû êðàòêî îïèøåì ìåòîäû ïîñòðîåíèÿ êëåòî÷íûõ àâòîìàòîâ,íà îñíîâå êîòîðûõ áóäóò ïîñòðîåíû S-áëîêè.
Íàçîâåì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îðèåíòèðîâàííûé ìóëüòèãðàô A = (V, E) (çäåñü V = {v1 , . . . , vN } | ìíîæåñòâî âåðøèí, E | ìóëüòèìíîæåñòâî ðåáåð). Ñ êàæäîé åãî âåðøèíîé vi àññîöèèðîâàíû:
• áóëåâà ïåðåìåííàÿ mi , íàçûâàåìàÿ ÿ÷åéêîé;
• áóëåâà ôóíêöèÿ fi (x1 , . . . , xdi ), íàçûâàåìàÿ ëîêàëüíîé ôóíêöèåé ñâÿçè i-é
âåðøèíû.
Ïðè ýòîì âõîäÿùèå â âåðøèíó vi ðåáðà ïðîíóìåðîâàíû ÷èñëàìè 1, . . . , di .
Îïèøåì òåïåðü ðàáîòó îáîáùåííîãî êëåòî÷íîãî àâòîìàòà.  íà÷àëüíûé
ìîìåíò âðåìåíè êàæäàÿ ÿ÷åéêà ïàìÿòè mi , i = 1, . . . , N , èìååò íåêîòîðîå íà÷àëüíîå çíà÷åíèå mi (0). Äàëåå àâòîìàò ðàáîòàåò ïî øàãàì. Íà øàãå ñ íîìåðîì
t ñ ïîìîùüþ ëîêàëüíîé ôóíêöèè ñâÿçè âû÷èñëÿþòñÿ íîâûå çíà÷åíèÿ ÿ÷ååê:
mi (t) = fi (mη(i,1) (t − 1), mη(i,2) (t − 1), . . . , mη(i,di ) (t − 1)),
(1)
ãäå η(i, j) | íîìåð âåðøèíû, èç êîòîðîé èñõîäèò ðåáðî, âõîäÿùåå â âåðøèíó i
è èìåþùåå íîìåð j . Çàïîëíåíèåì êëåòî÷íîãî àâòîìàòà M (t) íà øàãå t áóäåì
íàçûâàòü íàáîð çíà÷åíèé ÿ÷ååê (m1 (t), m2 (t), . . . , mN (t)).
Ïåðèîäîì êëåòî÷íîãî àâòîìàòà áóäåì íàçûâàòü ïåðèîä ïîñëåäîâàòåëüíîñòè åãî çàïîëíåíèé.
Íàçîâåì îäíîðîäíûì îáîáùåííûì êëåòî÷íûì àâòîìàòîì îáîáùåííûé
êëåòî÷íûé àâòîìàò, ó êîòîðîãî ëîêàëüíàÿ ôóíêöèÿ ñâÿçè äëÿ âñåõ ÿ÷ååê îäèíàêîâà è ðàâíà f , ò.å. äëÿ ëþáîãî i ∈ {1, . . . , N } âûïîëíÿåòñÿ fi = f . Ñòåïåíè
çàõîäà âåðøèí òàêîãî êëåòî÷íîãî àâòîìàòà, î÷åâèäíî, îäèíàêîâû: d1 = d2 =
= . . . = dN = d.
10.7463/0113.0517543
362
Íàçîâåì îáîáùåííûé êëåòî÷íûé àâòîìàò íåîðèåíòèðîâàííûì, åñëè äëÿ
ëþáîãî ðåáðà (u, v) â åãî ãðàôå ñóùåñòâóåò è ðåáðî (v, u). Ãðàô òàêîãî àâòîìàòà ìîæíî ðàññìàòðèâàòü êàê íåîðèåíòèðîâàííûé, åñëè çàìåíèòü êàæäóþ
ïàðó ðåáåð (u, v) è (v, u) íà íåîðèåíòèðîâàííîå ðåáðî {u, v}. Îí ÿâëÿåòñÿ
ðåãóëÿðíûì. Äàëåå ìû áóäåì èñïîëüçîâàòü òîëüêî íåîðèåíòèðîâàííûå îäíîðîäíûå îáîáùåííûå êëåòî÷íûå àâòîìàòû, äëÿ êðàòêîñòè íàçûâàÿ èõ ïðîñòî
îáîáùåííûìè êëåòî÷íûìè àâòîìàòàìè.
Íåêîòîðûé íàáîð ÿ÷ååê êëåòî÷íîãî àâòîìàòà áóäåì íàçûâàòü âûõîäîì. Âûõîäíîé ïîñëåäîâàòåëüíîñòüþ êëåòî÷íîãî àâòîìàòà A íàçîâåì ôóíêöèþ FA :
N → B N , àðãóìåíòàìè êîòîðîé ÿâëÿåòñÿ íà÷àëüíîå çàïîëíåíèå è íîìåð øàãà,
à çíà÷åíèåì | çíà÷åíèå âûõîäà íà ýòîì øàãå.
Áîëüøîå çíà÷åíèå èìååò âûáîð ãðàôà îáîáùåííîãî êëåòî÷íîãî àâòîìàòà. Â
ðàáîòå [5] ïîêàçàíî, ÷òî â êà÷åñòâå ãðàôà êëåòî÷íîãî àâòîìàòà, ïðèìåíÿåìîãî
äëÿ êðèïòîãðàôè÷åñêèõ öåëåé, õîðîøî ïîäõîäÿò ãðàôû Ðàìàíóäæàíà [9,10,13].
Ðàññìîòðèì îòñîðòèðîâàííûé ïî óáûâàíèþ ñïåêòð ãðàôà (ò.å. ñîáñòâåííûå
÷èñëà åãî ìàòðèöû ñìåæíîñòè): λ1 ≥ λ2 ≥ · · · ≥ λn .
Ãðàôîì Ðàìàíóäæàíà íàçûâàåòñÿ ãðàô, äëÿ êîòîðîãî ñïðàâåäëèâî íåðàâåíñòâî
√
λ2 ≤ 2 d − 1,
(2)
ãäå d | ñòåïåíü ãðàôà.
Ïî-âèäèìîìó, íàèáîëåå ïîäõîäÿùèì ñåìåéñòâîì ãðàôîâ Ðàìàíóäæàíà, ÿâëÿåòñÿ òàê íàçûâàåìîå ñåìåéñòâî ãðàôîâ Ëþáîöêîãî | Ôèëèïñà | Ñàðíàêà
Y p,q [12, 13, 15]. Ïîñòðîåíèå òàêèõ ãðàôîâ ïðîèçâîäèòñÿ ñëåäóþùèì îáðàçîì.
Âûáåðåì ïðîñòûå ÷èñëà p è q , äëÿ êîòîðûõ âûïîëíÿþòñÿ óñëîâèÿ
p = 1(mod 4);
q = 1(mod 4);
p 6= q;
p
= 1,
q
ãäå
p
q
| ñèìâîë Ëåæàíäðà.
http://technomag.edu.ru/doc/517543.html
363
Ïîñòðîèì íåîðèåíòèðîâàííûé ìóëüòèãðàô G = (V, E). Ìíîæåñòâîì âåðøèí ìóëüòèãðàôà V ÿâëÿåòñÿ ïðîåêòèâíàÿ ïðÿìàÿ íàä êîíå÷íûì ïîëåì Fq ,
äðóãèìè ñëîâàìè, V = Fq ∪ {∞}. Ìóëüòèìíîæåñòâî ðåáåð E ñîñòîèò èç âñåõ
ïàð (u, v), äëÿ êîòîðûõ
v=
(a0 + ia1 )u + (a2 + ia3 )
, (a2 − ia3 )u 6= a0 − ia1 è u 6= ∞;
(−a
+
ia
)u
+
(a
−
ia
)
2
3
0
1
∞,
(a2 − ia3 )u = a0 − ia1 è u 6= ∞;
a0 + ia1
,
−a2 + ia3
a2 6= ia3 è u = ∞;
∞,
a2 = ia3 è u = ∞,
(3)
äëÿ âñåõ ÷åòâåðîê a0 , a1 , a2 , a3 ∈ Z, òàêèõ, ÷òî:
1) a0 íå÷åòíîå ïîëîæèòåëüíîå;
2) a1 , a2 , a3 ÷åòíûå;
3) âûïîëíÿåòñÿ óñëîâèå
a20 + a21 + a22 + a23 = p.
(4)
Ïðè ýòîì i ∈ Fq òàêîâî, ÷òî i2 +1 = 0. Ñòåïåíüþ ãðàôà ÿâëÿåòñÿ êîëè÷åñòâî
ðåøåíèé óðàâíåíèÿ (4), ðàâíîå p + 1.
 ïîñòðîåííîì òàêèì îáðàçîì ãðàôå ñóùåñòâóþò êðàòíûå ðåáðà è ïåòëè.
Êàê ïîêàçàëè ñòàòèñòè÷åñêèå òåñòû, ýòî óõóäøàåò ïîêàçàòåëè ëàâèííîãî ýôôåêòà. Ïîýòîìó íåîáõîäèìî èçáàâèòüñÿ îò êðàòíûõ ðåáåð è ïåòåëü, ïðè÷åì òàê,
÷òîáû ãðàô îñòàëñÿ ðåãóëÿðíûì. Àëãîðèòìû äëÿ ýòîãî îïèñàíû â ðàáîòå [5].
Âàæíûì ÿâëÿåòñÿ ïðàâèëüíûé âûáîð ëîêàëüíîé ôóíêöèè ñâÿçè îáîáùåííîãî êëåòî÷íîãî àâòîìàòà. Òðåáîâàíèÿ ê òàêîé ôóíêöèè ñôîðìóëèðîâàíû àâòîðîì â ðàáîòå [5].
Ìû áóäåì èñïîëüçîâàòü ôóíêöèè èç ñåìåéñòâà, ïîñòðîåííîãî àâòîðîì â
ðàáîòå [4]. Òàê, â ñëó÷àå íå÷åòíîãî ÷èñëà ïåðåìåííûõ èñïîëüçóåòñÿ ôóíêöèÿ:
g1 (u, x1 , y1 , . . . , xk , yk ) =
k
M
xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ u,
i=1
10.7463/0113.0517543
364
ãäå s1 (x1 , . . . , xk ) | ïðîèçâîëüíàÿ áóëåâà ôóíêöèÿ, ïðè÷åì k + t1 = 1(mod 2),
ãäå t1 | ÷èñëî íåíóëåâûõ êîýôôèöèåíòîâ â àëãåáðàè÷åñêîé íîðìàëüíîé ôîðìå
ôóíêöèè s1 è ïðè ýòîì ñâîáîäíûé ÷ëåí ðàâåí 1.
 ñëó÷àå ÷åòíîãî ÷èñëà ïåðåìåííûõ èñïîëüçóåòñÿ ôóíêöèÿ
g2 (v, u, x1 , y1 , . . . , xk , yk ) =
= (1 ⊕ v)(β1 (x1 , y1 , . . . , xk , yk ) ⊕ u) ⊕ v(β3 (x1 , y1 , . . . , xk , yk ) ⊕ u) =
=
k
M
xi yi ⊕ s1 (x1 , . . . , xk ) ⊕ v(s1 (x1 , . . . , xk ) ⊕ s3 (x1 , . . . , xk )) ⊕ u,
i=1
ãäå s1 (x1 , . . . , xk ) è s3 (x1 , . . . , xk ) | ïðîèçâîëüíûå áóëåâû ôóíêöèè, ïðè÷åì
k + t3 = 1(mod 2), ãäå t3 | ÷èñëî íåíóëåâûõ êîýôôèöèåíòîâ â àëãåáðàè÷åñêîé
íîðìàëüíîé ôîðìå ôóíêöèè s3 è, ïðè ýòîì, ñâîáîäíûé ÷ëåí ÀÍÔ ôóíêöèè s1
ðàâåí 1.
Ïðèìåðîì òàêîé ôóíêöèè ìîæåò ñëóæèòü:
f (x1 , x2 , x3 , x4 , x5 , x6 ) = x1 x3 x5 ⊕ x3 x4 ⊕ x5 x6 ⊕ x3 x5 ⊕ x1 x5 ⊕ x1 ⊕ x2 ⊕ 1. (5)
3. Êîíñòðóêöèÿ áëî÷íîãî øèôðà
 ýòîì ðàçäåëå ïðåäëàãàåòñÿ ìåòîä ïîñòðîåíèÿ áëî÷íûõ øèôðîâ, ÿâëÿþùèéñÿ îñíîâíûì ðåçóëüòàòîì íàñòîÿùåé ðàáîòû.
 ðàáîòå [5] àâòîðîì ïðåäëîæåí ñïîñîá ïîñòðîåíèÿ ïñåâäîñëó÷àéíûõ ôóíêöèé âèäà Sc : B k × B n → B m . Òàêèå ôóíêöèè îñíîâàíû íà îáîáùåííûõ
êëåòî÷íûõ àâòîìàòàõ è çàäàþòñÿ âûðàæåíèåì
ScA (key, x) = prm (FA (x k key k c, r)),
ãäå x k y | êîíêàòåíàöèÿ x è y ; r | ÷èñëî øàãîâ êëåòî÷íîãî àâòîìàòà; prm :
B ∗ → B m | ôóíêöèÿ, âîçâðàùàþùàÿ ìëàäøèå m ýëåìåíòîâ àðãóìåíòà; A |
îáîáùåííûé êëåòî÷íûé àâòîìàò; c ∈ B t | íåêîòîðàÿ êîíñòàíòà, äëÿ âåñà
êîòîðîé ñïðàâåäëèâî:
t
,
t ÷åòíîå;
2
|c| =
t+1
, t íå÷åòíîå.
2
http://technomag.edu.ru/doc/517543.html
365
Êîíñòàíòà c ïðåäíàçíà÷åíà äëÿ îáåñïå÷åíèÿ îòñóòñòâèÿ íåïîäâèæíûõ òî÷åê, à òàêæå äëÿ óëó÷øåíèÿ ëàâèííîãî ýôôåêòà.
×èñëî øàãîâ êëåòî÷íîãî àâòîìàòà r è ÷èñëî ñêðûòûõ âåðøèí t âûáèðàþòñÿ òàê, ÷òîáû ôóíêöèþ íåëüçÿ áûëî îòëè÷èòü îò ñëó÷àéíîé ïðè ïîìîùè
ñòàòèñòè÷åñêèõ òåñòîâ. Íàïðèìåð, ìîæíî ðåêîìåíäîâàòü, ÷òîáû âûïîëíÿëîñü:
t > 0.4(k + n).
Àâòîðîì îáîñíîâàíî è ïîäòâåðæäåíî ýêñïåðèìåíòàëüíî [5], ÷òî òàêèå ôóíêöèè íåîòëè÷èìû îò ñëó÷àéíûõ ïðè ïðàâèëüíîì âûáîðå ïàðàìåòðîâ.
Êàê áûëî óêàçàíî âûøå, â êà÷åñòâå ñòðóêòóðû øèôðîâ èñïîëüçóåòñÿ ñõåìà
Ôåéñòåëÿ. Çàìåòèì, ÷òî, íåñìîòðÿ íà ñóùåñòâîâàíèå ðàçëè÷íûõ åå âàðèàíòîâ
è îáîáùåíèé, îïòèìàëüíûì ÿâëÿåòñÿ èñïîëüçîâàíèå êëàññè÷åñêîé ñõåìû Ôåéñòåëÿ. Òàêîå óòâåðæäåíèå ìîæíî ñäåëàòü, ïîñêîëüêó ÷èñëî øàãîâ êëåòî÷íîãî
àâòîìàòà, íåîáõîäèìîå äëÿ òîãî, ÷òîáû ðåàëèçóåìàÿ èì ôóíêöèÿ áûëà ïñåâäîñëó÷àéíîé, ïðîïîðöèîíàëüíà äèàìåòðó åãî ãðàôà, êîòîðûé äëÿ ãðàôîâ Ðàìàíóäæàíà ðàñòåò êàê ëîãàðèôì ÷èñëà âåðøèí. Ñëåäîâàòåëüíî, áîëüøèé ðàçìåð
êëåòî÷íîãî àâòîìàòà ïðèâîäèò ê óâåëè÷åíèþ ïðîèçâîäèòåëüíîñòè. Ìû áóäåì
èñïîëüçîâàòü âàðèàíò êëàññè÷åñêîé ñõåìû Ôåéñòåëÿ, â êîòîðîì ñìåøèâàíèÿ
äàííûõ ñ ðàóíäîâûì êëþ÷îì îñóùåñòâëÿåòñÿ ñ ïîìîùüþ S-áëîêà.
Âîñïîëüçóåìñÿ òåì, ÷òî, êàê ïîêàçàíî â ðàáîòå [14], èç ïñåâäîñëó÷àéíîé
ôóíêöèè ìîæíî ïîñòðîèòü áëî÷íûé øèôð ñ ïîìîùüþ ñõåìû Ôåéñòåëÿ, ïðè÷åì
äëÿ òîãî, ÷òîáû ýòîò øèôð ÿâëÿëñÿ ïñåâäîñëó÷àéíîé ïîäñòàíîâêîé, äîñòàòî÷íî
òðåõ ðàóíäîâ.
Èòàê, äëÿ ïîñòðîåíèÿ áëî÷íîãî øèôðà îïðåäåëèì ñëåäóþùåå ðàóíäîâîå
ïðåîáðàçîâàíèå:
Li = Ri−1 ,
Ri = Li−1 ⊕ ScAi (keyi , Ri−1 ),
ãäå i | íîìåð ðàóíäà; L0 | ëåâàÿ ïîëîâèíà áëîêà îòêðûòîãî òåêñòà; R0 |
ïðàâàÿ ïîëîâèíà áëîêà îòêðûòîãî òåêñòà; Li | ëåâàÿ ïîëîâèíà áëîêà ïîñëå
i-ãî ðàóíäà; Ri | ïðàâàÿ ïîëîâèíà áëîêà ïîñëå i-ãî ðàóíäà; keyi | ðàóíäîâûé
êëþ÷; ci | êîíñòàíòà.
Ïðè ðàñøèôðîâàíèè âûïîëíÿåòñÿ ïðåîáðàçîâàíèå, îáðàòíîå äàííîìó.
10.7463/0113.0517543
366
Äëÿ òîãî ÷òîáû êàæäîå ðàóíäîâîå ïðåîáðàçîâàíèå áûëî ðàçëè÷íûì, êîíñòàíòû ci äîëæíû ïîïàðíî ðàçëè÷àòüñÿ. Ïðè ýòîì, ÷òîáû îòëè÷èÿ ìåæäó ðàóíäàìè ïðîÿâëÿëèñü êàê ìîæíî áûñòðåå, ðàññòîÿíèå Õåììèíãà ìåæäó êàæäîé
ïàðîé êîíñòàíò äîëæíî áûòü áëèçêî ê ïîëîâèíå äëèíû êîíñòàíòû.
Êàê îáû÷íî, àëãîðèòì øèôðîâàíèÿ ñîñòîèò èç íåñêîëüêèõ ðàóíäîâ. Âûøå
óêàçûâàëîñü, ÷òî ÷èñëî ðàóíäîâ äîëæíî áûòü íå ìåíüøå òðåõ. Èç ñîîáðàæåíèé
óäîáñòâà ìîæíî ðåêîìåíäîâàòü ÷åòíîå ÷èñëî ðàóíäîâ. Ñòàòèñòè÷åñêèå òåñòû
ïîêàçàëè, ÷òî ïðè ÷åòûðåõ ðàóíäàõ ïîäñòàíîâêà, ðåàëèçóåìàÿ øèôðîì, íåîòëè÷èìà îò ñëó÷àéíîé. Ïðîöåäóðà ðàñïðåäåëåíèÿ êëþ÷åé èñïîëüçîâàëàñü ïðîñòàÿ | êëþ÷ ðàçáèâàëñÿ íà äâå ðàâíûå ÷àñòè: key = (key1 , key2 ). Òàêèì îáðàçîì, îïðåäåëÿþòñÿ êëþ÷è ïåðâûõ äâóõ ðàóíäîâ. Ðàóíäîâûå êëþ÷è äâóõ îñòàâøèõñÿ ðàóíäîâ îïðåäåëÿþòñÿ ñëåäóþùèì îáðàçîì: key3 = rol(key1 , m/2),
key4 = rol(key2 , m/2), ãäå rol | ôóíêöèÿ, îñóùåñòâëÿþùàÿ öèêëè÷åñêèé
ñäâèã ïåðâîãî îïåðàíäà âëåâî, íà êîëè÷åñòâî ðàçðÿäîâ, ðàâíîå âòîðîìó îïåðàíäó; m | äëèíà ïîäêëþ÷à, ðàâíàÿ ïîëîâèíå äëèíû êëþ÷à.
4. Ñòàòèñòè÷åñêîå òåñòèðîâàíèå
Ñòàòèñòè÷åñêîå òåñòèðîâàíèå ïðîâîäèëîñü ñ ïîìîùüþ íàáîðà ñòàòèñòè÷åñêèõ òåñòîâ NIST Statistical Test Suite [17,19]. Ïðè ýòîì èñïîëüçóåòñÿ ìåòîäèêà,
ïðèâåäåííàÿ â [18] è âêëþ÷àþùàÿ â ñåáÿ òåñòèðîâàíèå ëàâèííîãî ýôôåêòà ïî
êëþ÷ó è ïî îòêðûòîìó òåêñòó, êîððåëÿöèè âõîäà ñ âûõîäîì è äð. Ýòà ìåòîäèêà ïðèìåíÿëàñü NIST äëÿ òåñòèðîâàíèÿ êðèïòîàëãîðèòìîâ, ïðåäñòàâëåííûõ
íà êîíêóðñ AES. Òåñòû áûëè ïðîâåäåíû äëÿ øèôðîâ, ïàðàìåòðû êîòîðûõ ïðèâåäåíû â òàáë. 1 (âî âñåõ ñëó÷àÿõ èñïîëüçîâàëàñü ëîêàëüíàÿ ôóíêöèÿ ñâÿçè,
çàäàííàÿ ôîðìóëîé 5).
Òàáëèöà 1
Ïðîòåñòèðîâàííûå øèôðû
Äëèíà
êëþ÷à
Äëèíà
áëîêà
×èñëî
âåðøèí
Ñòåïåíü
ãðàôà
×èñëî øàãîâ
(òåîð.)
×èñëî øàãîâ
(ýêñïåð.)
1
128
128
182
6
6
6
2
256
128
282
6
7
7
http://technomag.edu.ru/doc/517543.html
367
Âñåìè âàðèàíòàìè øèôðà èç òàáëèöû 1 áûëè ïðîéäåíû âñå ñòàòèñòè÷åñêèå
òåñòû. ×èñëî øàãîâ êëåòî÷íûõ àâòîìàòîâ, íà÷èíàÿ ñ êîòîðîãî âñå òåñòû áûëè
ïðîéäåíû ïðèâåäåíî â ñòîëáöå <×èñëî øàãîâ (ýêñïåð.)>. ×èñëî øàãîâ, äëÿ
êîòîðîãî èñïîëüçóåìûå S-áëîêè íåîòëè÷èìû îò ïñåâäîñëó÷àéíûõ ôóíêöèé,
ñîãëàñíî ðàáîòå [5], ïðèâåäåíî â ñòîëáöå <×èñëî øàãîâ (òåîð.)>.
Ïðîâåäåííûå òåñòû ïîäòâåðæäàþò õîðîøèå ñòàòèñòè÷åñêèå ñâîéñòâà ïîñòðîåííûõ êðèïòîãðàôè÷åñêèõ àëãîðèòìîâ.
5. Ñòîéêîñòü ïî îòíîøåíèþ
ê îñíîâíûì ìåòîäàì êðèïòîàíàëèçà
Ó÷èòûâàÿ òî, ÷òî S-áëîêè íåîòëè÷èìû îò ñëó÷àéíûõ ôóíêöèé, à òàêæå
òî, ÷òî ëîêàëüíàÿ ôóíêöèÿ ñâÿçè êëåòî÷íîãî àâòîìàòà ÿâëÿåòñÿ íåëèíåéíîé
è øåôôåðîâîé [4], ìîæíî óòâåðæäàòü, ÷òî êàæäûé ðàçðÿä âûõîäà S-áëîêà
ñëîæíûì îáðàçîì íåëèíåéíî çàâèñèò îò âñåõ âõîäîâ S-áëîêà (ò.å. îò ñîîòâåòñòâóþùåé ïîëîâèíû áëîêà è ðàóíäîâîãî ïîäêëþ÷à).  ðàáîòå [6] ïîêàçàíî, ÷òî â îáùåì ñëó÷àå, çàäà÷à î âîññòàíîâëåíèè ïðåäûäóùåãî ñîñòîÿíèÿ
îáîáùåííîãî êëåòî÷íîãî àâòîìàòà ÿâëÿåòñÿ NP-ïîëíîé. Ýòî îáñòîÿòåëüñòâî
ÿâëÿåòñÿ àðãóìåíòîì â ïîëüçó êðèïòîñòîéêîñòè ðàññìàòðèâàåìîãî ñåìåéñòâî
øèôðîâ.
Ñòîéêîñòü ê ðàçíîñòíîìó êðèïòîàíàëèçó îáóñëîâëåíà òåì, ÷òî S-áëîêè
èìåþò î÷åíü áîëüøîé ðàçìåð (íàïðèìåð, 128 × 64, â ñëó÷àå, åñëè äëèíà êëþ÷à
ðàâíà 128), ÷òî íå ïîçâîëÿåò ïîñòðîèòü ðàçíîñòíûå õàðàêòåðèñòèêè.
Ñòîéêîñòü ê ëèíåéíîìó êðèïòîàíàëèçó îáóñëîâëåíà âûñîêîé íåëèíåéíîñòüþ S-áëîêîâ, êîòîðàÿ äîñòèãàåòñÿ òåì, ÷òî ëîêàëüíàÿ ôóíêöèÿ ñâÿçè êëåòî÷íûõ àâòîìàòîâ èìååò ìàêñèìàëüíóþ íåëèíåéíîñòü äëÿ ðàâíîâåñíîé ôóíêöèè.
Êðîìå òîãî, ýòó ôóíêöèþ âåñüìà çàòðóäíèòåëüíî îïèñàòü ÿâíî, ââèäó êðàéíåé
ãðîìîçäêîñòè ôîðìóëû, à åå òàáëèöà èñòèííîñòè èìååò î÷åíü áîëüøîé ðàçìåð. Âñå ýòî íå ïîçâîëÿåò èñïîëüçîâàòü ñóùåñòâóþùèå ìåòîäèêè ïðèìåíåíèÿ
ëèíåéíîãî êðèïòîàíàëèçà.
Òàêèì îáðàçîì, øèôðû, ñèíòåçèðîâàííûå ïîñðåäñòâîì ïðåäëîæåííîãî ìåòîäà, îáëàäàþò ñòîéêîñòüþ ïî îòíîøåíèþ ê îñíîâíûì ìåòîäàì êðèïòîàíàëèçà.
10.7463/0113.0517543
368
6. Çàêëþ÷åíèå
Òàêèì îáðàçîì, â ñòàòüå ðàçðàáîòàí íîâûé ìåòîä ïîñòðîåíèÿ áëî÷íûõ øèôðîâ, îñíîâàííûé íà èñïîëüçîâàíèè îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ.
Ðàáîòà âûïîëíåíà ïðè ôèíàíñîâîé ïîääåðæêå ÐÔÔÈ (ãðàíò ¹ 12-07-31012).
Ñïèñîê ëèòåðàòóðû
1. Êëþ÷àð¸â Ï.Ã. Êëåòî÷íûå àâòîìàòû, îñíîâàííûå íà ãðàôàõ Ðàìàíóäæàíà,
â çàäà÷àõ ãåíåðàöèè ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé // Íàóêà è
îáðàçîâàíèå. ÌÃÒÓ èì. Í.Ý. Áàóìàíà. Ýëåêòðîí. æóðí. 2011. ¹ 10. Ðåæèì äîñòóïà:
http://technomag.edu.ru/doc/241308.html (äàòà îáðàùåíèÿ
19.12.2012).
2. Êëþ÷àð¸â Ï.Ã. Î âû÷èñëèòåëüíîé ñëîæíîñòè íåêîòîðûõ çàäà÷ íà îáîáùåííûõ êëåòî÷íûõ àâòîìàòàõ // Áåçîïàñíîñòü èíôîðìàöèîííûõ òåõíîëîãèé.
2012. ¹ 1. Ðåæèì äîñòóïà: http://www.pvti.ru/data/file/bit/2012 1/part 4.pdf
(äàòà îáðàùåíèÿ 19.12.2012).
3. Êëþ÷àð¸â Ï.Ã. Î ïåðèîäå îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà
è îáðàçîâàíèå. ÌÃÒÓ èì. Í.Ý. Áàóìàíà. Ýëåêòðîí. æóðí. 2012. ¹ 2.
Ðåæèì äîñòóïà: http://technomag.edu.ru/doc/340943.html (äàòà îáðàùåíèÿ
19.12.2012).
4. Êëþ÷àð¸â Ï.Ã. Îáåñïå÷åíèå êðèïòîãðàôè÷åñêèõ ñâîéñòâ îáîáùåííûõ
êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. ÌÃÒÓ èì. Í.Ý. Áàóìàíà.
Ýëåêòðîí. æóðí. 2012. ¹ 3. Ðåæèì äîñòóïà: http://technomag.edu.ru/doc/
358973.html (äàòà îáðàùåíèÿ 19.12.2012).
5. Êëþ÷àð¸â Ï. Ã. Ïîñòðîåíèå ïñåâäîñëó÷àéíûõ ôóíêöèé íà îñíîâå îáîáùåííûõ êëåòî÷íûõ àâòîìàòîâ // Íàóêà è îáðàçîâàíèå. ÌÃÒÓ èì. Í.Ý. Áàóìàíà.
Ýëåêòðîí. æóðí. 2012. ¹ 10. DOI: 10.7463/1112.0496381.
6. Êëþ÷àð¸â Ï.Ã. NP-òðóäíîñòü çàäà÷è î âîññòàíîâëåíèè ïðåäûäóùåãî ñîñòîÿíèÿ îáîáùåííîãî êëåòî÷íîãî àâòîìàòà // Íàóêà è îáðàçîâàíèå. ÌÃÒÓ
èì. Í.Ý. Áàóìàíà. Ýëåêòðîí. æóðí. 2012. ¹ 1. Ðåæèì äîñòóïà: http://
technomag.edu.ru/doc/312834.html (äàòà îáðàùåíèÿ 19.12.2012).
http://technomag.edu.ru/doc/517543.html
369
7. Ñóõèíèí Á.Ì. Âûñîêîñêîðîñòíûå ãåíåðàòîðû ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé íà îñíîâå êëåòî÷íûõ àâòîìàòîâ // Ïðèêëàäíàÿ äèñêðåòíàÿ
ìàòåìàòèêà. 2010. ¹ 2. Ñ. 34{41.
8. Ñóõèíèí Á.Ì. Î íåêîòîðûõ ñâîéñòâàõ êëåòî÷íûõ àâòîìàòîâ è èõ ïðèìåíåíèè â ñòðóêòóðå ãåíåðàòîðîâ ïñåâäîñëó÷àéíûõ ïîñëåäîâàòåëüíîñòåé //
Âåñòíèê ÌÃÒÓ èì. Í.Ý. Áàóìàíà. Ñåðèÿ: Ïðèáîðîñòðîåíèå. 2011. ¹ 2.
Ñ. 68{76.
9. Davidoff G., Sarnak P., Valette A. Elementary number theory, group theory
and Ramanujan graphs. Cambridge University Press, 2003. 144 p. (London
Mathematical Society Student Texts, vol. 55.)
10. Hoory S., Linial N., Wigderson A. Expander graphs and their applications //
Bulletin of the American Mathematical Society. 2006. Vol. 43, no. 4. P. 439{562.
11. Knudsen L., Robshaw M. The block cipher companion. Springer, 2011.
12. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the ramanujan
conjectures // STOC '86 Proceedings of the eighteenth annual ACM symposium
on Theory of computing. New York, NY: ACM, 1986. P. 240-246. DOI:
10.1145/12130.12154.
13. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs // Combinatorica. 1988.
Vol. 8, no. 3. P. 261{277.
14. Luby M., Rackoff C. How to construct pseudorandom permutations from
pseudorandom functions // SIAM Journal on Computing. 1988. Vol. 17, no. 2.
P. 373{386.
15. Sarnak P. Some applications of modular forms. Cambridge University Press,
1990. (Cambridge Tracts in Mathematics, vol. 99.)
16. Schneier B., Sutherland P. Applied cryptography: protocols, algorithms, and
source code in C. John Wiley & Sons, Inc., 1995.
17. Soto J. Statistical testing of random number generators // Proceedings of the 22nd
National Information Systems Security Conference / NIST Gaithersburg, MD.
1999. Vol. 10. P. 12.
10.7463/0113.0517543
370
18. Soto J., Bassham L. Randomness testing of the advanced encryption standard
finalist candidates: Rep. / DTIC Document, 2000.
19. Rukhin A., Soto J., Nechvatal J., et al. A statistical test suite for random and
pseudorandom number generators for cryptographic applications: Rep. DTIC
Document, 2001.
http://technomag.edu.ru/doc/517543.html
371
Block ciphers based on generalized cellular automata
# 12, December 2012
DOI: 10.7463/0113.0517543
Klyucharev P. G.
Russia, Bauman Moscow State Technical University
pk.iu8@yandex.ru
In the paper we present a method of constructing block ciphers, based on the
generalized cellular automata. We use the Feistel network as the structure of the
ciphers. The round function construction is based on generalized cellular automata
which graph is a Ramanujan graph. Statistical properties of the ciphers were studied
by means the NIST Statistical Test Suit. We got an empirical evidence that the ciphers
have all necessary statistical properties and indistinguishable from pseudorandom
permutations. There are a number of practical applications in the field of information
security where ciphers constructed by means the method developed can be used.
References
1. Kliucharev P.G. Kletochnye avtomaty, osnovannye na grafakh Ramanudzhana,
v zadachakh generatsii psevdosluchainykh posledovatel'nostei [Cellular automations based on Ramanujan graphs in the field of the generation of pseudorandom sequences]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2011, no. 10. Available at:
http://technomag.edu.ru/doc/241308.html, accessed 19.12.2012.
2. O vychislitel'noi slozhnosti nekotorykh zadach na obobshchennykh kletochnykh avtomatakh [On the computational complexity of some problems on generalized cellular automata]. Bezopasnost' informatsionnykh
tekhnologii [Security of information technologies], 2012, no. 1. Available at:
http://www.pvti.ru/data/file/bit/2012 1/part 4.pdf, accessed 19.12.2012.
10.7463/0113.0517543
372
3. Kliucharev P.G. O periode obobshchennykh kletochnykh avtomatov [About the
period of generalized cellular automatons]. Nauka i obrazovanie MGTU im.
N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 2.
Available at: http://technomag.edu.ru/doc/340943.html, accessed 19.12.2012.
4. Kliucharev P.G. Obespechenie kriptograficheskikh svoistv obobshchennykh
kletochnykh avtomatov [On cryptographic properties of generalized cellular automatons]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 3. Available at:
http://technomag.edu.ru/doc/358973.html, accessed 19.12.2012.
5. Kliucharev P.G. Postroenie psevdosluchainykh funktsii na osnove obobshchennykh kletochnykh avtomatov [Construction of pseudorandom functions based
on generalized cellular automata]. Nauka i obrazovanie MGTU im. N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 10. DOI:
10.7463/1112.0496381.
6. Kliucharev P.G. NP-trudnost' zadachi o vosstanovlenii predydushchego sostoianiia obobshchennogo kletochnogo avtomata [NP-hard of step backward
problem in generalized cellular automaton]. Nauka i obrazovanie MGTU im.
N.E. Baumana [Science and Education of the Bauman MSTU], 2012, no. 1.
Available at: http://technomag.edu.ru/doc/312834.html, accessed 19.12.2012.
7. Sukhinin B.M. Vysokoskorostnye generatory psevdosluchainykh posledovatel'nostei na osnove kletochnykh avtomatov [High-speed generators of pseudorandom sequences based on cellular automata]. Prikladnaia diskretnaia matematika, 2010, no. 2, pp. 34{41.
8. Sukhinin B.M. O nekotorykh svoistvakh kletochnykh avtomatov i ikh primenenii
v strukture generatorov psevdosluchainykh posledovatel'nostei [Some properties
of cellular automata and their application in the structure of pseudorandom
sequences generators]. Vestnik MGTU im. N.E. Baumana. Ser. Priborostroenie
[Herald of the Bauman MSTU. Ser. Instrument Engineering], 2011, no. 2, pp. 68{
76.
9. Davidoff G., Sarnak P., Valette A. Elementary number theory, group theory
and Ramanujan graphs. Cambridge University Press, 2003. 144 p. (London
Mathematical Society Student Texts, vol. 55.)
http://technomag.edu.ru/doc/517543.html
373
10. Hoory S., Linial N., Wigderson A. Expander graphs and their applications.
Bulletin of the American Mathematical Society, 2006, vol. 43, no. 4, pp. 439{
562.
11. Knudsen L., Robshaw M. The block cipher companion. Springer, 2011.
12. Lubotzky A., Phillips R., Sarnak P. Explicit expanders and the ramanujan conjectures. STOC '86 Proceedings of the eighteenth annual ACM symposium
on Theory of computing. New York, NY, ACM, 1986, pp. 240{246. DOI:
10.1145/12130.12154.
13. Lubotzky A., Phillips R., Sarnak P. Ramanujan graphs. Combinatorica, 1988,
vol. 8, no. 3, pp. 261{277.
14. Luby M., Rackoff C. How to construct pseudorandom permutations from pseudorandom functions. SIAM Journal on Computing, 1988, vol. 17, no. 2, pp. 373{
386.
15. Sarnak P. Some applications of modular forms. Cambridge: Cambridge University Press, 1990. (Cambridge Tracts in Mathematics, vol. 99.)
16. Schneier B., Sutherland P. Applied cryptography: protocols, algorithms, and
source code in C. John Wiley & Sons, Inc., 1995.
17. Soto J. Statistical testing of random number generators. Proceedings of the 22nd
National Information Systems Security Conference. Gaithersburg, MD, 1999,
vol. 10, p. 12.
18. Soto J., Bassham L. Randomness testing of the advanced encryption standard
finalist candidates: Rep. DTIC Document, 2000.
19. Rukhin A., Soto J., Nechvatal J., et al. A statistical test suite for random and
pseudorandom number generators for cryptographic applications: Rep. DTIC
Document, 2001.
10.7463/0113.0517543
374
