Probabilistic Models of Cryptographic Systems and Their Applications
Total Page:16
File Type:pdf, Size:1020Kb
Probabilistic models of cryptographic systems and their applications Vorobyev G.A., Ryndjuk V.A. Kozlov V.A., Makarov A.M. Chair of information and communication technologies, Chair of information security, systems and technologies maths and information security Pyatigorsk branch of the North-Caucasus Federal Pyatigorsk State Linguistic University University Pyatigorsk, Russia Pyatigorsk, Russia [email protected] [email protected] Abstract — The article describes the probabilistic model of a same source text will always generate the same text of the cryptosystem, that provides getting different from each other cryptogram [1, 2]. cryptograms in case of multiple encryption of the same source text. The model is realized by the insertion of the initialization In case of encryption of the same text with the same key the vector into the block scheme of the encryption algorithm, that is application of InVect lets us get different texts of cryptograms sent to the recipient encrypted together with the cryptogram of in each new session. In this variant of a probabilistic model it is the source text. The article presents a description of several not supposed to bosom the initialization vector, but it must be applications built on the base of the hybrid probabilistic model of random and unpredictable. the system of cryptographic transformations. Nevertheless, in the whole range of practical applications, Keywords — initialization vector, symmetric cryptosystems, e.g. providing distant control of an object via an open asymmetric cryptosystems, probabilistic model of the system of communication channel, such variant of a probabilistic model cryptographic transformations. is impossible to use. The thing is that an intruder [3] having some number of cryptograms (controlling impacts being sent I. INTRODUCTION encrypted to the controlled object) and even not decrypting The probabilistic model of a cryptosystem is a complex them can send these cryptograms in a chaotic order to the variant of the well-known deterministic model [1] and differs controlled object via the same communication channel. And from it by the fact that a special probabilistic block is inserted this will unavoidably lead to the loss of control of the object. into the composition of the block scheme of the algorithm, the The number of such practical applications is increasingly goal of which is to provide the possibility of getting different more each year. That is why the development of the variants of cryptograms for the same source text in case of probabilistic model, which provides effective control of the encryption by the same key. The probabilistic models in object via an open communication channel and guarantees contrast to deterministic ones have much more functional foolproof protection from interference of an intruder into the possibilities, that distinctly widens the area of their use in control process, is highly relevant. practical applications. In this article we suggest several variants of hybrid The model of the symmetric cryptosystem, which (including blocks of both symmetric and asymmetric composition includes a special block using in the encryption cryptographic transformations) probabilistic models using a algorithm the so called Initialization vector – InVect, may be probabilistic block with InVect, which, in contrast to the above considered as one of the first variants of the probabilistic model mentioned probabilistic model, is sent encrypted to the of a cryptographic system. controlled object [4-6]. InVect, as a rule, has small dimension and is present This will provide first, that the same controlling impact will unencrypted at the beginning of the cryptogram in order to have different cypher in each session of the communication, provide the recipient of the cryptogram to use it successfully in and second, that a repeated sending by an intruder of the the algorithm of decryption. It is supposed to use InVect intercepted, but not decrypted cryptograms will not pass together with the gamma algorithm and Pseudorandom number authentication and will not be able to impact the process of generator (PRNG). controlling an object via an open communication channel. For PRNG initialization it is necessary to set initial II. HYBRID PROBABILISTIC MODELS conditions. In our case it is the aggregation of a secret key and a session random initialization vector. If we take InVect out of Let’s have a look at several variants of the hybrid this aggregation, evidently the use of the same key and the probabilistic model, that includes both symmetric (SCS) and asymmetric cryptosystems (ACS). ISBN: 978-1-4673-9379-9 ©2016 IEEE 160 SCS uses the common secret key for the procedures of encryption and decryption: this key must be known both to the sender and to the recipient. SCS consists of separate executable in series primitives (elementary algorithms). Each such primitive is a separate elementary algorithm of symmetric transformations. Cryptographic security of SCS is provided by the sufficient number and the correct selection of primitives included in its composition: the used selection of primitives must provide high-quality dispersion and shuffling of the source text [7]. On the stages of encryption and decryption ACS use two different keys: an open key for encryption and a closed one for decryption. An open key can be stored in a public place and sent via open communication channels. At the same time a closed key cannot be got from an open key by using any statistic data, computing procedures or analytical transformations. After a pair of keys is generated, a closed key remains with the owner of this pair, who must provide its reliable protection from unauthorized access. The owner of an open key makes it accessible to all who want to have confidential relations with him. Exactly the open key provides the encryption of the source text, which can be decrypted only by the owner of the closed key. Let’s have a look at the hybrid probabilistic model consisting of two segments: the segment of encryption and the segment of decryption. The segment of encryption includes (Figure 1) the block of formation of InVect gamma, two modules of encryption on the base of the algorithm of asymmetric cryptographic transformations (ACT) and one module of encryption with the use of the algorithm of symmetric cryptographic transformations (SCT). A. The segment of encryption The segment of encryption consists of two sectors: probabilistic (the left side of the figure) and determinate (the right side of the figure). Figure 1. The Segment of encryption The probabilistic sector includes the PRNG block and the InVect. The input parameters of the left sector are InVect and At the input of PRNG InVect comes as the vector of initial the open key of the recipient (the controlled object) of the ACT conditions. A good vector of initial conditions can be, for algorithm in the encryption mode. example, a mark of the current time. With the help of the PRNG program module a random gamma-sequence is generated (let’s name it “Gamma IV Key”), which is sent to the right sector of the encryption segment, where it is used as a secret key of the SCT algorithm. Besides, InVect comes as the source text to the input of ACT algorithm, which also works in the mode of encryption and uses the open key of the controlled object, i.e. the recipient, as a key of encryption. After the realization of encryption we get the encrypted variant of InVect (let’s name it “ACT cypher IV”). The determinate model includes two algorithms: SCT and ACT. The SCT algorithm uses as the secret encryption key the “Gamma IV Key” got in the left sector, and as the source text – the code of the sender authenticator and the code of the controlling impact. In the simplest case we can ISBN: 978-1-4673-9379-9 ©2016 IEEE 161 use, for example, date, exact time and the number of the The determinate sector on the first stage, using the SCT communication session as a sender authenticator. This is algorithm, gets the “ACT cypher of the source text” and on the quite enough to detect and not to pass malicious controlling second stage – using the ACT algorithm together with the impacts. closed key of the controlled object, restores codes of the Then the source text passes the two staged encryption with authenticator and the controlling impact. If the authentication the use of SCT and ACT algorithms. Thanks to the fact that is successfully passed, the controlling impact is accepted for “Gamma IV Key” is a session encryption key of the SCT execution. algorithm it, as well as SCT cypher of the source text, unpredictably changes every time. III. THE PROBABILISTIC MODEL OF THE ELECTORNIC DIGITAL SIGNATURE The traditional demands of crypto security are made for One more example of application of probabilistic models the SCT algorithm: it must have in its composition sufficiently of cryptographic systems is the model of the electronic digital crypto secure algorithms of shuffling and dispersion. [1-2]. signature (EDS). Nowadays the use of electronic documents After the source text is encrypted with the SCT algorithm (ED), signed with EDS is rather usual thing. we get "SCT cypher” of the source text, which comes as the More often EDS is used in banking, including the service source text to the input if the ACT algorithm, that works in the of the deposit bank cells. With the growth of functional mode of encryption and uses the open key of the controlled possibilities and areas of application of EDS grows the object as the encryption key. number of attempts of thefts of EDS keys, especially in After the execution of the ACT algorithm we get “ACT internet online banking. cypher of the source text”, which after the concatenation with The mathematic basement of EDS is the same ACS.