Research of crypto-code designs construction for using in post quantum cryptography

ARTICLE INFO Serhii Yevseiev, Alla Gavrilova, Bogdan Tomashevsky and Firuz Samadov (2018). Research of crypto-code designs construction for using in post quantum cryptography. Development Management, 16(4), 26-39. doi:10.21511/dm.4(4).2018.03 DOI http://dx.doi.org/10.21511/dm.4(4).2018.03 RELEASED ON Monday, 04 February 2019 RECEIVED ON Monday, 12 November 2018 ACCEPTED ON Friday, 14 December 2018


INTRODUCTION
The age of high technology is characterized by the sharp increase in the volume of processed data, quantum technologies and artificial intelligence development in all spheres of human activity, the emergence of hybrid threats in cyberspace and the reduction of the stability of classical algorithms of traditional and asymmetric cryptography.Research in the field of quantum computing impact, using the phenomena of quantum superposition and quantum confusion for the transmission and data processing, has shown that quantum computers that use special algorithms (for example, Shore's algorithm) will be able to factorize numbers at polynomial time (Androshchuk, 2017;Babych, 2016;Baldi et al., 2016;Chen, 2016; Grischuk & Danik, 2016; Leonenko & Yudin, 2013).Therefore, cryptographic systems on asymmetric cryptography algorithms (RSA, ECC, DSA) will be vulnerable to brute force attacks using a full-scale quantum computer.So that, the main research and development of cryptographic information security (KPI) is aimed at finding solutions that would not be vulnerable to quantum computing and would be simultaneously resistant to attacks using conventional computers.Such algorithms refer to the section of quantum-safe cryptography (or quantum-resistant cryptography) (De Vries, 2016;Hryshchuk & Molodetska-Hrynhchuk, 2018;Hryshchuk & Molodetska, 2016;Kuchuk et al., 2016;Kuchuk et al., 2017;Mozhaev et al., 2017), among which NIST specialists distinguish cipher-code systems of Mac-Alice and Niederreiter.The main disadvantage is the computational complexity of their implementation.To insure guaranteed stability, the power of the GF (210-213) field is required.In addition, the possibility of implementing Sidelnikov's attack when using blocking codes BCH, Hopp's, Reed-Solomon's codes, alternative Hopp's codes (De Vries, 2016;Dinh et al., 2011;Sidelnikov, 2008).In the view of V. Sidelnikov, the perspective direction is the use of algebra-geometric (built using curves, for example, elliptic, Fermat, Suzuki, Hermite, etc.) or cascading codes (Baldi et al., 2016;Cho et al., 2017;Dudikevich et al., 2010;Morozov et al., 2017;Sidelnikov, 2008).

LITERATURE REVIEW
The main advantage of the symmetric (Rao-Nama scheme) and non-symmetric McEliece and Niederreiter crypto-code systems is the high speed of cryptographic transmissions and the simultaneous securing of the confidentiality of data transmitted by open communication channels (Baldi et al., 2016;Morozov et al., 2017;Niederreiter, 1986).The general classification of crypto-code systems and security services that provide their use are shown in Figure 1.
In the paper (Evseev et al., 2016), it is proposed to use modified NKSKS (IKSS) for modified EC (MEC) to reduce the power consumption of cryptanalons in the Nuclear Physics and Mathematics Laboratory of McEliece.

AIMS
The purpose of the article is a research of the crypto-code designs construction on the basis of elliptic codes modification with further lossy based on multichannel cryptography, analysis of the properties of safety and energy of modified Mak-Alice constructions in the conditions of post-quantum cryptography.

METHODS
To modify the linear block code, which does not reduce the minimum code distance, remains shortening its length by reducing the information symbols (Evseev et al., 2016;Yevseiev, et al., 2016).In works (Evseev et  To modify (shorten) elliptic codes, we will use a decrease in the set of points of the curve.The following statements are true (Babych, 2016;Baranov, 2014).
Statement 1 (Evseev et al., 2016;Yevseiev & Korol, 2018).Let EC -elliptic curve over GF(q), g=g(EC) -the curve type, EC(GF(q)) -the set of its points over the finite field, N=EC(GF(q)) -their number.Let X and h -non-disjoint subsets of the points, ( ) ( ) , When encoding an information vector, the characters of the set of h do not participate (they are zero) and they can be discarded, and the resulting codeword will be shorter on x code symbols.Then the shortened elliptic (n, k, d) code over GF(q), is constructed by displaying the form Advantages: realization MCCS GF(2 6 -2 8 ), HCCS GF(2 4 -2 6 ) resistance to Sidelnikov's attack provides guaranteed stability

Figure 1. Classification of cryptosystems based on CCS
• the dimension of the secret key: • the dimension of the information vector (in bits): ( ) • the codec dimension: ( ) • relative encoding speed: • the dimension of the secret key is determined by the expression (3); • the dimension of the information vector (in bits): ( ) • the codec dimension is determined by the expression (3.16); • relative transmission rate: The second way of modifying a linear block code that retains the minimum code distance and increases the amount of data transmitted is to extend its length after the formation of the initialization vector, by reducing the information symbols.), constructed by displaying the form , defines the MCCS with the parameters: • the dimension of the secret key (in bits): ( ) ( ) • the dimension of the information vector (in bits): ( ) • the size of the cryptogram (in bits): ( ) • relative transmission speed: The analysis carried out in (Evseev et  The theoretical basis for constructing unprofitable texts is the disturbance of the ordering of the characters of the source text and because of the reduction of redundancy of the symbols of the language in the redundancy text.At the same time, the amount of information that expresses this ordering will be equal to the decrease in the entropy of the text as compared with the maximum possible amount of entropy, that is, the equally probable appearance of any letter after any previous letter.Methods of calculating the information proposed in (Mishchenko & Vilansky, 2007) allow us to find out the ratio of the amount of predicted (that is, formed according to certain rules) information and the amount of unexpected information that cannot be foreseen in advance.The redundancy of the text is determined by the expression (Yevseiev, 2017; Yevseiev & Korol, 2018): ( ) ( ) where M -is the original text, B -redundancy of the language ( B R r, = − , R -redundancy of the language ( ) R log N = , N -capacity of the alphabet, r -entropy of the language for one character, ( ) / = r HM L , L -the length of the message М in the characters of the language), H(M) -entropy (uncertainty) of the message, L0 -the length of the message М of the characters of the language with the contents, BА -redundancy of the language.
A quantitative measure of the effectiveness of causing damage is the degree of change in meaning, equal to the difference in entropy of the lossy text and source text at different segments of the length of the redundancy text: where Mi -is the part of the source text corresponding to the i -th segment, рi -it's probability, L0 -the length Мi, equal to the length of the LFTC -redundancy text, s -the number of segments.
In Figure 2 shows the structural scheme of one step of the universal mechanism of causing damage.
Under the information core of some text is understood the laconic text of the СFТ, obtained as a result of the cyclic transformation of the universal mechanism of causing damage to C m .
The universal mechanism for causing damage to Cm can be described (Sidelnikov, 2008;Yevseiev, 2017):

=
The main methods of causing damage are shown in Figure 3, 4 shows the basic protocols of security services based on the use of loss-making codes.
The unity distance for a random cipher model for which there is a probability of obtaining meaningful text in random and equally probable choices of the key K and an attempt to decrypt the encrypt text where B -redundancy of the source text, Н -entropy on the letter of meaningful text in the input alphabet I, |I| > 2, 2 HL -he approximate value of the number of meaningful texts.5, 6 respectively.The unity distance for the first method (Expression 15) will be transformed:

WAYS OF SHIFTING BASED ON DAMAGED TEXTS
Such system is based on the incorrect distortion of the damage and stability through the use of subsequent encryption on the basis of MCCS.This leads to the inability to find out the encryption text of the redundancy text.The unity distance for the second method (Expression 16) will be transformed: The second option allows you to increase the distance of unity compared to the first way.
To estimate the reduction of energy costs for the practical implementation of crypto-code designs in (Yevseiev & Tsyhanenko, 2018) the results of the evaluation of the complexity of the formation of cryptograms and its decoding with the use of the Niederreiter's CCS, the evaluation of the hurdle's complexity by the most effective method of decoding (permutations by a decoder) are given.
Further reduction of the Galois field power leads to a significant reduction in the complexity of the formation (≈ in 3 times) and decoding (≈ in 5 times) of cryptograms and provides a guaranteed level of crypto stability (Yevseiev & Korol, 2018;Yevseiev, & Tsyhanenko, 2018).
To estimate time and speed indicators, it is accepted to use a unit of measurement cpb, where cpb (cycles per byte) -the number of processor counts that need to be spent to handle 1 byte of input information.The complexity of the algorithm is determined by the formula: where Utl -utilization of the core of the processor (%), Rate -bandwidth of the algorithm (bytes/s).

RESULTS
In Table 1 the results of studies of the dependence of the length of the input sequence on the MV2 algorithm from the number of processor cycles to perform elementary operations in the program implementation are presented.In Table 2 the results of researches of the estimation of time and speed indicators of procedures of drawing and removal of damage are resulted.The difference between the HCCS in the McEliece or Niederreiter schemas of the "classic" approach to the formation of a hybrid (integrated) cryptosystem is the use of asymmetric crypto-code structures with fast algorithms of cryptographic transformations as the main mechanism for ensuring the stability (security) of information followed by the use of MV2 algorithm (multichannel system on loss codes), which reduces energy costs (the capacity of the MCCS alphabet on the MEC).
In the works (Yevseiev, 2017 In the case of additional concealment of the last encryption text, the damage to the D CHD CH due to its small- ness and the admissibility with the ciphertext of the redundancy text FT CFT CH the distance of unity can be further increased: Thus, multichannel cryptography on the basis of the loss-making codes allows for the integration of cryptographic systems, combining crypto-code designs with the same concept (McEliece and Niederreiter MCCS on МЕС) and the systems on the loss-making codes that complement each other providing the necessary security measures and reliability, and enrich the total system with its properties.In addition, such an approach provides for counteracting V. Sidelnikov's attack on the basis of fine-linear transformations (Sidelnikov, 2008).
In works (Evseev et  In (Yevseiev & Tsyhanenko, 2018) a formal description of the mathematical model of the hybrid Niederreiter's HCCS is presented.An analysis of the practical implementation of the encryption/decryption algorithms in the HCCS of the Niederreiter shows that when forming a cryptogram (syndrome) after the formation of an error vector by an algorithm of equilibrium coding, the initialization vector that defines the reduction of symbols to the error vector -he (error vector symbols equal to zero), |h|=1/2е, that is 0 = ∀ ∈ , ii , e eh encrypted by the MV2 algorithm and transmitted by two independent open channels.When encrypting cryptograms (after receiving the error vector, before using the equilibrium coding algorithm), for the information to be entered, the "zero" characters are shortened.
The algorithm for forming a cryptogram in a modified HCCS of Niederreiter is presented in the form of a sequence of steps: Step 1. Entering information that is subject to coding.
Entering the public key EC X H .
Step 2. Formation of the error vector e, the weight of which does not exceed ≤ t -corrects the ability of the elliptic code based on the algorithm of non-dual equilibrium coding.
Step 3. Formation of the initialization vector IV 1 , IV 1 -where the set of fixed open texts, which are not suitable for the further formation of cryptograms.
Step 4. Formation of the truncated error vector: e x =e(A) -IV 2 , where IV 2 -is the elements of the reduction (h e - Step 6. Formation of the redundancy text of the СFТ and the damage to the СНD.
The algorithm for decoding the codec in the modified of Niederreiter's CCS is presented in the form of a sequence of steps: Step 1. Entering the redundancy text of the СFТ, that is decomposable.The introduction of a private key -the matrices X, P, D. The introduction of the redundancy of СНD.
Step 2. Getting the length of the remainder and splitting the redundancy text.
Step 3. Get the S Xi character of the codec and create a complete codec Step 4. Finding one of the possible solutions of the equation Step 5. Removal of diagonal and residual matrices: Step 6. Decoding the vector * .c Formation of the vector õ å '.
Step 7. Converting the vector õ å ' : Step 8. Formation of the desired error vector 2 õ å : å å IV .= + Step 9. Transforming the vector e based on the use of non-binary equilibrium code into the information sequence.

DISCUSSION
In the works (Evseev et   . In Table 3 shows the results of investigations of capacitive characteristics in the program realization of the field power of the HCCS scheme of McEliece on the МЕС.In addition, the use of EU (MES) constructed on flat curves of the third kind provides formation of generating or verification matrices by finding the value of generator functions at the points of the curve.This allows to synthesize methods of constructing corresponding matrices with elements of geometric curves, which cannot be achieved by V. Sidelnikov's attack.For statistic studies of the stability of the investigated cryptosystems we will use the package NIST STS 822 (Yevseiev et al., 2017).The results of the studies are shown in Table 4.

CONCLUSIONS
The analysis of the crypto-code designs construction on modified elliptic codes and synthesis with multi-channel cryptography lossy procedures allow to build complex (hybrid) cryptosystems that provide the basic data security services in the conditions of hybrid threats of post-quantum cryptography.The proposed CCS provide the of information resources (the safe time - ) and reduction of energy costs for their practical realization in 10 -12 (encryption, decryption) by reducing the order GF(q).Using of algebra-geometric codes (codes on elliptic curves) and their modifications eliminates the possibility of implementing V. Sidelnikov's attack (finding an impedance-proof verification matrix), which greatly enhances the crypto stability of the system under post-quantum cryptography.The implementation of the proposed cryptosystems allows to increase the level of protection of information resources of Internet protocols and to create competitive conditions for alternative use in post-quantum cryptography.

Figure 4 .
Figure 4. Basic protocols for providing security services

Figure 5 .Figure 6 .
Figure 5. Structural diagram of construction of a hybrid crypto-code system on the basis of causing damage to open text ; Yevseiev & Korol, 2018; Yevseiev, & Tsyhanenko, 2018) algorithms of the hybrid crypto-code system of McEliece on МЕС are proposed which allow in case of concealing of loss-making ciphertext FT CFT CH all its possible values are determined by an additional key field: al., 2016; Yevseiev, 2017; Yevseiev, & Korol, 2018; Yevseiev et al., 2017) a formal description of the McEliece's MCCS mathematical model on modified elliptic codes is considered, (Mishchenko et al., 2006) considered the universal mechanism of causing losses and methods of transmission in systems on redundancy codes.The main difference between mathematical models is the formation of a codogram based on shortening or lengthening, as well as the method of causing damage.The main difference between elongated codes is the use of the abbreviation symbols in the McEliece's MCCS, with the subsequent replacement of the information symbols of the open information.In Figures 7, 8 the structural protocols based on the McEliece's HCCS with modified (shortened / extended) elliptic-curve codes according to the second method of causing damage are given.
(Mishchenko & Vilansky, 2007;Mishchenko et al., 2006)e theoretical and practical bases of the construction of loss codes are considered.Lucrative text is understood the text obtained because of further deformation of non-redundant codes of letters(Mishchenko & Vilansky, 2007;Mishchenko et al., 2006).
The block diagram of one step of the universal mechanism of causing damage (Mishchenko & Vilansky, 2007;Mishchenko et al., 2006;Yevseiev, 2017;Yevseiev & Korol, 2018;Yevseiev, & Tsyhanenko, 2018) 2018;Yevseiev, & Tsyhanenko, 2018)showed that hybrid cryptographic code structures provide the possibility of their practical implementation, with a significant reduction of field strength.In this way, it ensures its competitiveness and the possibility of considering as an alternative to classical algorithms of asymmetric cryptography.
Figure 3.The main ways of causing damage

Table 1 .
The results of studies on the dependence of the length of the input sequence on the MV2 algorithm from the number of processor counts

Table 2 .
Results of research of time кand speed indicators of procedures of drawing and removal of damage al., 2016; Yevseiev, 2017; Yevseiev, & Korol, 2018; Yevseiev et al., 2017), comparisons were made between the McEliece's MCCS on MEC and HCCS with the use of modified elliptic codes.Results of researches of practical realization MCCS on MEC confirm that the number of group operations has been reduced by 4.5 times due to the construction of the GF

Table 3 .
The dependence of the software implementation speed on the power of the field (number of group operations)

Table 4 .
Results of research on statistical safety

tests in which the testing passed more than 99% of the sequences The number of tests in which tests were over 96% of the sequences The number of tests in which testing was less than 96% of the sequences
Listed in Table4indicators showed that despite the decrease of the Galois field power to GF(26) for MCCS and GF(2 4 ) for HCCS respectively, the statistical characteristics of such cryptographic code designs were at least not worse than the traditional McEliece's CCS on GF(2 10 ).All cryptosystems passed 100% tests, with the best result revealed by the HCCSRC on shortened МЕС: 155 out of 189 tests passed at the level of 0.99, which is 82% of the total number of tests.At the same time, the traditional McEliece's CCS on GF(2 10 ) showed 149 tests at 0.99.