In the Institute of the Information and Computational Technologies, under the authority of R.G. Biyashev there were developed nonconventional algorithms for encryption (including a symmetric block data encryption algorithm), digital signature, and cryptographic key exchange on the basis of non-positional polynomial notations (NPNs) with the benefit of properties of algebraic methods [1,2,3,4]. Besides, the developed methods are examined with respect to their reliability or rather their strength against cryptanalysis.
This paper presents the results of work on modification of the encryption algorithm aimed at improving the cryptostrength of the algorithm. The properties of a model developed on an SP-network basis are studied.
An SP-network (Substitution-Permutation network) is a block cipher variation put forward by Horst Feistel in 1971 . A cipher developed on an SP-network consists of an S-box and a P-box.
An S-box (substitution box) substitutes a block of input bits with another block of output bits. This substitution should be one-to-one to ensure its invertibility. Since an S-box implements a nonlinear conversion, this enables the cipher to withstand the linear cryptanalysis.
A P-box (permutation box) is a permutation of all the bits of a block.
2 Encryption algorithm based on non-positional polynomial notations and constructed on an SP-network
While developing the encryption algorithm, we used an encryption method based on NPNs, transformations of substitution (S), permutation (P), and so-termed LT-conversion. All the four transformations are described below. A software implementation model of the algorithm was developed. A flow diagram of the model is shown in Figure 1.
Before encryption, any input data are split into 16-byte ore 128-bit blocks. The last block is completed up to the length of 16 bytes, when required, according to a rule specified in advance (e.g. with zeroes). The encryption begins with the addition of the first block of plaintext bits to the respective key bits. Further transformations are as follows.
2.1 Conversion S
An S-box is used as a nonlinear bijective conversion (substitution table). The S-box is a one-dimensional array consisting of 256 elements. As a rule, S-boxes are included in the transformation function, and they are essential for the encryption algorithm strength. It is important that any changes in the input data of an S-box would change the output data in a random-looking way. The relationship between an input and the respective output should not be linear or easily approximated by linear functions (this very property is used in the linear cryptanalysis) [6,7].
Transformation S substitutes each input byte by another byte through the S-box (Figure 2).
From the scheme of conversion S it is easily seen that encrypting two identical 16-byte blocks of a plaintext results in two identical blocks of ciphertext. This is a weakness hat can be used by a cryptanalyst. In order to eliminate the weakness, an LT-conversion was developed.
2.2 Conversion LT
Developing an encryption algorithm, presumes that the algorithm must be analyzed with regard to its strength against various types of cryptographic attacks. Among the most common standard methods now in use are attacks on the basis of linear and differential analyses . Essentially, the latter traces the differences between output bits (in the ciphertext) as a function of differences between input bits (in the plaintext) at different rounds of the base transformation. The precondition to ensure that an encryption algorithm is strong against the differential analysis is the “avalanche effect” in the base transformation.
The LT-conversion serves to comply with the requirement of avalanche effect.
The avalanche effect is an important cryptographic property for encryption, where a small change in the input plaintext bits or the key results in a drastic change in the output ciphertext bits. In other words, all output bits depend on each input bit. It is known that such encryption algorithms as AES, RC4, Kuznyechik and others use transformations that meet the requirements of “avalanche effect” to increase their cryptostrength [8, 9, 10, 11].
Before conversion LT, the bytes of a block are placed in a 4x4 two-dimensional array, as is shown in Figure 3.
At the first step, the bytes of the first row in the array are added to each other modulo 256. The new byte obtained in such a way is stored in the place of the leftmost byte, while the rest bytes are rotated right shift of one position.
The procedure is performed four times for the row. As a result, we will get four new bytes in the first row. We then repeat the operation for each row in the array.
At the next step, the operation above is implemented for the columns of the array. The obtained new bytes are placed here from up to down. After the LT-conversion, the bytes in the array will receive new values.
2.3 Conversion P
For this transformation, the bytes in a block are considered as bits, which are permutated with a specially designed P-box (a permutation table).
As a result of the bit permutation, the bytes receive new values. After the conversion, the obtained bit sequences are sent to the encryption module. The module encrypts the block of bytes on the basis of NPNs.
Examples that meet the requirements of the avalanche effect are shown below.
2.4 Description of a nonpositional encryption scheme
As distinct from a classical residue number system, irreducible polynomials over GF(2) serve as bases in an NPN.
over GF(2) of degrees m1, m2, …, mS respectively . Polynomials (1) subject to their arrangement constitute a certain base system. All bases (1) are to be different including the case when they have the same degree. The working range of the NPN is specified by polynomial (modulus)
of degree Therefore, a message of N-bit length could be interpreted as a sequence of remainders α1(x), α2(x), …, αS(x) of dividing a polynomial F(x) by working bases p1(x) ⋅ p2(x) ⋅ … ⋅ pS(x):
where F(x) ≡ αi(x)(modpi(x)), i = 1, S.
In expression (2) remainders α1(x), α2(x), …, αS(x) are chosen so that the first l1 bits of a message associate to binary coefficients of remainder α1(x), the next l2 bits associate to binary coefficients of remainder α2(x), etc., and the last lS bits associate to binary coefficients of αS(x).
To encrypt a message, it is used a secret key of N bits, which is also interpreted as a sequence of remainders resulting from dividing some other polynomial G(x) by the same working bases of the system:
where G(x) ≡ βi(x)(mod pi(x)), i = 1, S.
Hence, some function H(F(x), G(x)) is considered as a cryptogram:
where H(x) ≡ ωi(x)(mod pi(x)), i = 1, S.
In NPNs, a cryptogram is the result of multiplying polynomial F(x) by G(x). The members of residue sequence ω1(x), ω2(x), …, ωS(x) are the least remainders on dividing products αi(x) βi(x) by respective bases pi(x):
The binary form of cryptogram H(x) is as follows. The binary coefficients of residue ω1(x) associate to first consecutive l1 bits of H(x). The binary coefficients of residue ω2(x) associate to further consecutive l2 bits of H(x), etc. The binary coefficients of the last residue ωS(x) associate the last consecutive lS binary bits of the cryptogram.
When decrypting cryptogram H(x) with a known key G(x), for each βi(x) it is calculated, as follows from (5), a reciprocal (inverse) polynomial (x) under the following condition:
The result is polynomial
inverse to polynomial G(x). The original message then could be calculated according to (5) and (6) through remainders of the following congruence:
3 The encryption algorithm analysis
Computer-based experiments to test statistical properties of the algorithm ciphertext have been conducted. The developed software package implementing a quality assessment system based on graphical and assessment tests was used to test the output ciphertexts. The results of the statistical analysis of the ciphertexts are detailed in .
The results for each test are represented in the form of histogram per key and per the number of files under study are shown in Figure 6.
To evaluate if the developed algorithm is secure, mathematical models of cryptanalysis involving algebraic, linear and differential methods have been designed.
The cryptanalysis is as follows. A system of nonlinear equations is obtained from a function transforming plaintext into ciphertext with a key. Next, a possibility of transition of the nonlinear system to a linear one is considered. The cryptanalysis of the algorithm under investigation was conducted for the cases with known: 1) ciphertext; 2) plaintext and the related ciphertext; 3) plaintext file format; and 4) ASCII-encoded plaintext [5, 6]. When performing the cryptanalysis, it is believed that an encryption scheme has been known in advance. The cryptanalyst needs to derive:
Plaintext and a key from a ciphertext;
Secret key from a plaintext-ciphertext pair.
To conduct algebraic and linear analyses of a nonpositional encryption algorithm, a set of equations is built subject to regularities of ring multiplication.
The results of the linear and differential analyses were compared against each other with respect to uniformity. Table 2 shows the results for the linear and differential cryptanalyses of S-boxes for certain known and developed algorithms.
The study results (Table 2) suggest as follows. To ensure the strength of S-box against the linear cryptanalysis, the elements of the table obtained during the linear cryptanalysis should take the values close to half the quantity of all possible combinations of input vectors in the binary notation. To ensure the strength of an S-box against the differential analysis, the elements of the table (difference matrix) obtained during the differential analysis should take the values close to 1.
The results of the encryption algorithm analysis are detailed in .
A software application to implement the encryption algorithm model has been developed, and the application is currently under testing. To study the statistical security of the proposed algorithm model, it has been developed a software package embedding statistical and assessment tests.
The work on improving and updating the software applications for the encryption algorithm based on nonpositional polynomial notations will continue. A computational model to keep and transfer key information for the algorithm is the next step of our studies.
It is further planned to use a round mode on the algorithm model, and develop a round key generation scheme.
Ongoing studies are funded by the Ministry of Education and Science of the Republic of Kazakhstan.
I. Ya. Akushskii, D. I. Juditskii, “Machine Arithmetic in Residue Classes,” Moscow: Sov. Radio, 1968 (in Russian) Google Scholar
R. G. Biyashev, “Development and investigation of methods of the overall increase in reliability in data exchange systems of distributed ACSs,” Doctoral Dissertation in Technical Sciences, Moscow, 1985 (in Russian) Google Scholar
R. G. Bijashev, S. E. Nyssanbayeva Algorithm for Creation a Digital Signature with Error Detection and Correction, Cybernetics and Systems Analysis. – 2012, Vol. 48, No 4, 489-497 Google Scholar
R. Biyashev, S. Nyssanbayeva, N. Kapalova, The Key Exchange Algorithm on Basis of Modular Arithmetic, Proceedings of International Conference on Electrical, Control and Automation Engineering (ECAE2013), Hong Kong— Lancaster, U.S.A.:DEStech Publications, 2013, pp.16-21 Google Scholar
W. Stallings, Cryptography and Network Security: Principles and Practice, 2nd Edition, Transl. from English, M: Williams, 2001, 672 p. Google Scholar
L. K. Babenko, E. A. Ischukova, Modern Block Encryption Algorithms and Methods of their Analysis, Moscow, Helios, ARV, 2006, 376 Google Scholar
B. Schneier, Applied Cryptography, 2nd ed.; Transl. from English — Triumf, 2002, 816 Google Scholar
National Standard of the Russian Federation GOST R 34.13, http://www.tc26.ru/standard/gost/GOSTR34.13-2015.pdf, 2015, 21 p.
FIPS 46 3, Data Encryption Standard (DES). — USA, NIST, 1977 Google Scholar
FIPS PUB 197. Advanced Encryption Standard (AES). – USA, NIST, 2002 Google Scholar
Recommendation for Block Cipher Modes of Operation // NIST Special Publication 800-38A. Technology Administration U.S. Department of Commerce. - 2001,10 p. Google Scholar
R. Biyashev, N. Kapalova, S. Nyssanbayeva, A. Haumen, Construction and analysis of models of increasing reliability for modular encryption algorithm // Proceedings of the 10th International Conference on Computer Engineering and Applications (CEA ’16). – Barcelona, Spain, 2016. –pp. 161-165 Google Scholar
R. Biyashev, S. Nyssanbayeva, N. Kapalova, A. Haumen, Modified symmetric block encryption-decryption algorithm based on modular arithmetic // Proceedings of the International Conference on Wireless Communications, Network Security and Signal Processing (WCNSSP2016). – Chiang Mai, Thailand,2016. – pp. 263-265. Google Scholar
R.G Biyashev, S.E. Nyssanbayeva, N.A. Kapalova, et al., FRP R&D F.0678, Developmen and study of national encryption algorithm models based on modular arithmetic, State Registration No. 0115RK01304. 175 p. Google Scholar
About the article
Published Online: 2018-05-31
Citation Information: Open Engineering, Volume 8, Issue 1, Pages 140–146, ISSN (Online) 2391-5439, DOI: https://doi.org/10.1515/eng-2018-0013.
© 2018 N.Kapalova and A. Haumen. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License. BY-NC-ND 4.0