Strength of the encryption system, classification of encryption systems by strength. Types of attacks on the encryption system.
Persistence- the ability to withstand all kinds of intruder attacks aimed at finding (calculating) the key, or open message under the assumption that a number of conditions are met.
Intruder attacks
1. Cryptanalysis is carried out only on the basis of intercepted cryptograms;
2. Cryptanalysis is carried out on the basis of intercepted cryptograms and their corresponding open messages.
3. Cryptanalysis is carried out on the basis of an open message chosen by the enemy;
Classes of encryption systems
· Certainly persistent or perfect, perfect
· Computationally robust
Unconditionally strong (ideal) encryption systems
An unconditionally strong encryption system (BSSS) is an encryption system in which any cryptogram (if the attacker does not have a key) does not contain additional information to a priori known about the message encrypted in this cryptogram.
In the best way decryption of the BSSSH cryptogram is guessing
one of possible messages source Mathematically, the ACSS condition can be written in the form:
The conditional probability that the message M i was encrypted with a cryptogram E j;
- a priori (with an unknown cryptogram) probability of the presence of a message M i.
Computationally resistant systems encryption
The encryption system is called computationally resistant(VSSH), if opening such a system is possible, but even best algorithm opening takes an immensely long time or immeasurably great memory devices with which cryptanalysis is carried out.
The cryptanalysis time is determined by:
1. The complexity of the decryption algorithm;
2. The speed of computing devices,
decrypting
The complexity of cryptanalysis algorithms must match the complexity of solving a complex problem.
Basic approaches to cryptanalysis:
1. Busting of keys
2. Analysis of the statistical features of cryptograms
3. Linear cryptanalysis
4. Differential cryptanalysis
Speed of computing devices 10 10 - 10 12 operations / s
Computer speed increases 4 times every 3 years
Replacement code, its properties.
Simple replacement cipher, simple substitution cipher, mono-alphabetic cipher - a class of encryption methods that boil down to the creation of an encryption table according to a specific algorithm, in which for each letter plain text there is only one letter of the cipher-text associated with it. The encryption itself consists in replacing letters according to the table. For decryption, it is enough to have the same table, or to know the algorithm by which it is generated.
Column replacement ciphercalled a cipher with the alphabet of open messages Z m coinciding with the alphabet of encrypted messages and the key set K.
Thus, the column replacement cipher consists in applying substitutions from the symmetric group to the characters of the plaintext of the order of the cardinality of the alphabet of open messages. In this case, each substitution is selected depending on the key and the previous characters of the plain text.
Replacement cipher properties.
1. If all substitutions in the substitution table are equally probable and mutually independent, then the encryption system using this method will certainly be strong.
2. Unlike the gamma method, the implementation this method encryption is more complex, which is determined by the need to build managed node permutations with m outputs.
3. When encrypting by the replacement method, there is no multiplication of errors arising in the communication channel due to interference.
4. Overlapping cipher, ie encryption with the same table different messages does not lead to a simple and unambiguous decryption, as in the gamma method. However, the robustness of the method decreases, since repeated substitutions make it possible to carry out cryptanalysis based on the repetition rates of the letters of the cryptogram.
ten). Block cipher, Feistel scheme, block cipher properties
Block cipher called a cryptosystem in which each new block an open message is converted into a block of a cryptogram according to the same rule determined by the encryption algorithm and the key. The decryption procedure is performed according to the same principle.
According to the Kerchhoff principle, the encryption and decryption algorithms are fully known to the cryptanalyst. Only the key is unknown, which is used for both encryption and decryption. The same message blocks Mi and Mj are always converted into the same blocks of cryptograms Ei and Ej. If this property is undesirable, then another modification of the same block encryption algorithm is used.
The principles of building block ciphers are that the block cipher algorithm must use:
a) substitutions (nonlinear transformations of short parts (for blocks of a block cipher);
b) permutations of symbols in blocks;
c) iterating operations (a) and (b) (i.e., repeating them multiple times with different keys).
Feistel's scheme.
To simplify the encryption and decryption procedures, the Feistel scheme is used, based on the following principles:
a) each current block is divided into two equal parts - the left Li and the right Ri, where i is the iteration (round) parameter;
b) the method of forming the next "halves" of blocks from the previous ones is determined as shown in Fig. 3.3, where ki is the key of the i-th round.
Let's represent this transformation in analytical form:
L i = R i-1, R i = L i-l + f (R i-1, k i),
where f () is a nonlinear function of two arguments, in which nonlinearity is determined, for example, by a table.
Features of the Feistel scheme:
1) The reversibility of the encryption procedure turns out to be possible when the function / () in the scheme is not necessarily reversible.
2) Both halves of the block are constantly changing places and therefore, despite the apparent asymmetry, they are encrypted with the same strength.
Characteristics of the AES cipher
1.Can be faster than normal block cipher;
2.Can be implemented on a smart card using a small PAM and having small number cycles;
3. Round transformation allows parallel execution;
4. Does not use arithmetic operations, so the type of processor architecture does not matter;
5. Can be used to calculate MAC-code and hash-function.
This cipher is based on the principle of iteration (iteration is the repetition of some mathematical operation, using the result of the previous analogous operation) SD-transformations and uses the so-called architecture "square", that is, all transformations are performed within one square.
The current data (including the original message and the received cryptogram) is written one byte (8 bits) into each of the 16 cells, which gives a total encryption block length of 8x16 -128 bits.
The first transformation of this algorithm is performed as the computation of the inverse element in the field GF () modulo the irreducible polynomial + + + x +1, which ensures the provable stability of the cipher with respect to linear and differential cryptanalysis, while the zero element of the field is preserved without transformation (Fig. 3.16 ).
The next transformation consists in multiplying each cell of the square, represented as a binary column vector (,), by a fixed matrix and adding also a fixed column vector, and all operations here are performed in the GF (2) field:
The matrix and column vector used in this transformation are kept the same across all rounds and are independent of the key.
Note that matrix multiplication and vector addition improve cryptographic properties cipher for the case when zero elements appear in the cells of the square.
As the next transformation, a byte cyclic shift of the message array by a different number of bytes (cells) is used, shown in Fig. 3.17.
The next transformation is called column shuffling. At this step, everyone C-th column square matrix is represented as a 4-dimensional vector over the field GF (), and then multiplication is performed in this field, given by the irreducible polynomial + + + x +1, by a certain matrix with elements from the same field:
where the elements shown in this matrix are specified as elements of the GF () field (i.e., as binary sequences of length 8), as illustrated following example:
Finally, the round key addition is performed, which is performed simply as a bitwise addition of all elements of the last square with 128 elements of the round key mod 2. After one round is completed, all the operations described above are repeated using other round keys. Round keys are generated from a single secret key with a length of 128, 192 or 256 bits (depending on the selected encryption mode) using special transformations, including cyclic shifts and expansions. The number of rounds of the cipher depends on the selected mode of its operation and varies from 10 to 14.
For decryption, the sequence is used inverse transformations with reverse order following round keys, which turns out to be quite possible, since all operations performed in each round, as it is easy to see, are reversible. However, it should be noted that unlike ciphers based on the Feistel structure (for example, DES cipher), this cipher must use different electronic circuits or programs for encryption and decryption, respectively.
Features of the AES cipher
1) AES is focused mainly on implementation with 8-bit processors;
2) all round transformations are performed in finite fields, which allows simple implementation on various platforms.
AES cipher strength
It is obvious that enumeration of all keys (even with their minimum number - 2) turns out to be impossible. Linear and differential cryptanalysis are also practically impossible due to the choice of optimal transformation procedures and, in particular, due to the use of computation return elements in the final field.
Cryptanalysis based on the solution of a nonlinear system of equations over the field GF (2) describing the cipher is theoretically possible, including due to the appearance of additional equations. However, this procedure requires an immensely large computational resource. Thus, at present, the AES cipher can be considered strong against any known attacks.
Speed AES encryption
At software implementation this algorithm is most efficiently implemented on 8- and 32-bit platforms. For typical PCs, the encryption speed can be in the order of 1 MB / s - 500 KB / s. With hardware implementation high speeds encryption (about 100 MB / s and higher) will require an increase in hardware resources and, consequently, an increase in the size of the device.
Cipher strength A5 / 1
When developing this cipher, it was assumed that it would have a high
durability, since the number of its keys is large enough, however
further research by independent cryptographers
They showed that this cipher has weak sides... One of them consists
the fact that the LRRs included in the encoder have small lengths, and therefore
they are susceptible to some modification of statistical attacks, and
attacks based on exchange ratios between the required memory size
and analysis time.
Ultimately, the studies that have been conducted since
2000 (i.e., almost immediately after the introduction of this standard), showed that this
the cipher can be "cracked" using an ordinary PC in real
22. Raising to a power, finding the discrete logarithm
Exponentiation modulo is the calculation of the remainder of the division of a natural number b(base) raised to the power e(exponent), on natural number m(module).
. Quick way construction by D. Knut.
Let's represent the exponent in binary form;
We replace each unit with a pair of letters KU (square + multiplication);
We replace each zero with the letter K (square);
In the resulting sequence, cross out the first pair of KUs;
We carry out calculations over the base a, according to the obtained sequence.
Example: 3 37 (mod7)
37 = 100101 = KUKKKUKKU = KKKKUKKU
3®3 2 (mod7) = 2®2 2 (mod7) = 4®4 2 (mod7) = 2®2 × 3 (mod7) = 6®6 2 (mod7) = 1®1 2 (mod7) = 1 ®1 × 3 (mod7) = 3
Computational complexity for the exponentiation operation: [email protected](2logx).
Computational complexity for the discrete logarithm operation: [email protected]((n) 1/2).
Finding the discrete logarithm by the "meeting in the middle" method
Build a database of size O ((n) 1/2) of the form a z (modn) for random numbers zÎ and sort it.
For random numbers b such that gcd (b, n-1) = 1, calculate y b (modn) and compare with the numbers in the database.
With a high probability, after several attempts, we get
a z (modn) = y b (modn)
4. Raise both sides to the power b -1, we get a z · b-1 (modn) = y (modn). Where does it follow
This method has complexity N t @O ((n) 1/2 logn), N v @O ((n) 1/2)
Exponentiation is fairly easy, even with large input values. But the calculation of the discrete logarithm, that is, finding the exponent e given b, c and m is much more complicated. This one-way behavior of the function makes it a candidate for use in cryptographic algorithms.
El Gamal COP.
This is some modification of the RSA CS, the stability of which is not directly related to the factorization problem. It is widely used in standards digital signature and admits a natural generalization to the case of CSs constructed based on the use of elliptic curves, which will be considered below.
Generating keys.
User A performs the following operations to generate keys:
1) generates a prime number p and a primitive element ɑ∈GF (p);
2) selects random number but such that 1<= a<= p-2, и вычисляет число ɑ^a;
3) chooses the set: (p, ɑ, ɑ ^ amodp) as the public key, and the number a as the private key.
Encryption.
User B takes the following steps to encrypt a message M intended for user A:
1) Receives public key A;
2) Represents the message M in the form of a chain of numbers Mi, each of which does not exceed p-1;
3) Chooses a random number k such that 1<=k<=p-2;
4) Calculates ɣ = (ɑ ^ k) mod p, b = Mi ((ɑ ^ a) ^ k) mod p;
5) Sends cryptogram C = (ɣ, b) to user A.
Decryption
User A takes the following steps to decrypt the message received from User B:
1) using its private key, calculates (ɣ ^ (- a)) mod p
2) restores the message Mi = (ɣ ^ (- a)) * b mod p
Indeed, ɣ ^ (- a)*b=(ɑ^(- a k)) * Mi * (ɑ ^ ( a k)) = Mi mod p
A feature of the El-Gamal scheme is that it belongs to the so-called randomization encryption schemes, since it uses an additional randomness in the form of the number k when encrypting it.
The advantage of the El Gamal QS is also in the fact that then all users on the network can choose the same ɑ and R, which is impossible for the CS of the RSA. Moreover, as will be shown below, this scheme can be naturally extended to the case of elliptic curves.
A significant drawback of the scheme is that the length of the cryptogram in it is 2 times the length of the message.
Resilience of El Gamal QS
The problem of restoring the message M on the given p, ɑ, ɑ ^ a, b, ɣ for unknown a is equivalent to solving the Diffie-Hellman problem.
It is also clear that if the problem of finding the discrete logarithm is solved, then El-Gamal's cryptosystem will be opened. When choosing R with a capacity of 768 bits (for increased security - up to 1024 bits), the security of El-Gamal's CS will be the same as that of RSA's CS when choosing the same parameters for the module in the latter.
It is important to note that to encrypt different messages Mi, Mj, it is necessary to use different values of the numbers k, since in the opposite case b1 / b2 = Mi / Mj, and then the message Mj can be easily found if the message Mi is known.
Generating keys.
Two primes p and q are chosen at random. Located
module N = pq. Find the Euler function φ (N) = (p-1) (q-1).
Choose a number e such that GCD (e, φ (N)) = 1.
Find d as the inverse of e, de = 1 (mod φ (N)).
We declare d = SK, (e, N) = PK. PK is communicated to everyone
correspondents.
Encryption.
Corr. A transmits an encrypted message to correspondent B
(uses public key corr. B)
Decryption.
Corr. B decrypts the received cryptogram from
Correspondent A using your private key.
Attacks.
1. The RSA system can be opened if it is possible to find p and q, that is, to factor N.
Proceeding from this fact, p and q should be chosen with such a large bit depth that factorization of the number n would require an immeasurably long time, even with the use of all available and modern means of computing.
Currently, the problem of factorizing numbers has no polynomial solution. Only a few algorithms have been developed that simplify factorization, but their implementation for factorizable numbers of large digits still requires an immeasurably long time. Indeed, the complexity of solving the factorization problem for the best currently known factorization algorithm is
So, for example ln n = 200, if, then the number of operations will be approximately equal to 1.37 ∙ 10 14.
With an increase in the number of bits n to 1000 or more, the factorization time becomes completely immeasurable.
2. Another natural attack on the RSA CS is discrete logarithm. This attack (with a known message) is performed as follows: d = log E M mod N. However, the problem of discrete logarithm modulo multidigit numbers is also difficult in mathematics, and it turns out that it has almost the same complexity as the problem of factorization.
3. Cyclic attack. We will sequentially raise the resulting cryptogram to a power equal to the value of the public key, i.e. (((((E e) e)… ..) e.
If at some step it turns out that E i = E, then this means
that E i-1 = m. It is proved that this attack is no better than the attack of factorization N.
4. Lack of encryption. This case is possible if, as a result of encryption, we obtain an open message, i.e., M e mod n = M. Such a condition must be fulfilled for at least one of the messages, for example, for messages M = 0, 1, n - 1. In fact, such messages are generally! not encrypted, exists exactly. Their number is always at least 9. However, with a random choice of q and p, the proportion of such messages will be negligible and they will almost never be encountered in practice.
5. Attack with a small amount of possible messages
Suppose that the number of messages is limited by the values M1, M2,…, Mr, where r is observable. (These can be, for example, different commands - forward, backward, left, right, etc.). Then the message can be easily decrypted.
Indeed, let the cryptogram C be intercepted. Then you need to try to encrypt all commands with a known public key and determine the cryptogram that matches the received C:
The way to combat such an attack is to add some salt to messages (that is, attach small bit strings to them, obtained using a purely random sensor).
VIEWS
Simple ES is a signature that, by using codes, passwords or other means, confirms the fact of the formation of an ES by a certain person.
Unqualified:
Received as a result of cryptographic transformation of information using the ES key;
Allows you to identify the person who signed the document;
Allows you to detect the fact of changes in the ED;
Created using ES tools;
Qualified:
Complies with all the signs of an unqualified electronic signature;
The ES verification key is specified in the qualified certificate.
To create and verify the ES, ES means are used, which have received confirmation of conformity in accordance with the law on ES.
RSA EP scheme.
Let there be some message M and some user A generated a public / private key pair for the RSA system, that is, numbers e A, n A; d A. Then the message M is divided into blocks, each of which can be represented by an integer not exceeding n A. For each of such message-digits M, the CPU S is formed according to the following rule: S = M dA mod (n A). Then the CPU joins the message, forming the so-called signed message, that is, a pair of M, S. To verify the CPU, the user must obtain the public key A, as well as the “signed” (but possibly falsified) message M, S and calculate Ṁ = S eA mod (e A). Further, he compares Ṁ with M and, if they coincide, assumes that the message M is indeed signed by A, otherwise he rejects it as a forgery or distortion.
Scheme of EP El-Gamal.
ES - Electronic signature (CPU - Digital Signature)
ES (CPU) is some additional data attached to the main message, which are formed depending both on the message and on the secret key of the author of the message. To verify the authenticity of the message (otherwise called the verification procedure), the public key of the author of the message is used, which can be accessed by any user.
Generating keys:
1) a large prime is generated R and primitive element a over a finite field GF (p);
2) a number is generated x: 1
3) y = a x mod (p) is calculated;
4) the public key of the CPU verification is selected: ( p, a, y) and the secret key to create the CPU: x.
CPU shaping
If user A wants to sign a message m, represented as a number belonging to Zp, then he performs the following operations:
1) generates a secret number k: 1 ≤ k≤ p - 2; gcd ( k, p - l) = 1, where gcd is the gcd
2) calculates r = a k mod (p);
3) calculates k -1 mod (p - 1);
4) calculates s = k -l (m - xr) mod (p - l);
5) Forms the CPU S to the message m as a pair of numbers S = (r, t).
CPU verification (verification)
In order to verify the signature S created by A under the message M, any user takes the following steps:
1) obtains the public key A: (p, a, y);
2) verifies that 1 ≤ r ≤ p - 1, and if it fails, then rejects the CPU;
3) calculates V 1 = y r r s mod (p);
4) calculates V 2 = a m mod (p);
5) accepts the CPU as correct provided that V 1 = V 2
CPU Resilience Based on ElGamal's COP
1) An attacker can try to forge a signature to his message M as follows: generate a random number k, calculate r = a k mod (p), and then try to find s = k - l (m - xr) mod (p - l).
However, in order to perform the last operation, he needs to know a, which cannot be calculated with the appropriate choice of CPU parameters.
3) It should be noted that if not fulfilled step 2 of the CPU verification algorithm then an attacker can correctly sign any message of his choice, provided he has some other message with the correct CPU at his disposal. Thus, when choosing a module R, which in binary representation has a length of about 768 bits, provides good CPU stability, and to ensure long-term stability it is advisable to increase it to 1024 bits.
Requirements for cryptographic HF
1. Unidirectionality, when for a known hash h it is computationally unfeasible (that is, it requires an unrealizable large number of operations) to find at least one value of x for which, that is, h (x) turns out to be a unidirectional function (ONF).
2. Weak collision resistance, when for given x, h (x) = h it is computationally unfeasible to find another x 'value that satisfies the equation h (x') = h.
3. Strong collision resistance, when it is computationally impracticable to find a pair of arguments x, x ’for which the relation h (x) = h (x’) holds.
Vulnerability fix
Denning and Sacco suggested using timestamps in messages to prevent attacks like the one discussed above. Let us denote such a label by the letter t. Consider the option to fix the vulnerability:
PKI components
· Certificate Authority (CA)- the part of the public key system that issues a certificate to validate the rights of users or systems making a request. She creates a certificate and signs it using a private key. Due to its function of creating certificates, the CA is the central part of the PKI.
· Certificate Repository... Repository for valid certificates and Certificate Revocation Lists (CRLs). Applications verify the validity of the certificate and the level of access it grants by checking against the sample contained in the repository.
· Key Recovery Server- a server that performs automatic key recovery, if this service is installed.
· PKI-Enabled Application- applications that can use PKI tools for security. PKI manages digital certificates and keys used to encrypt information held on web servers when using e-mail, exchanging messages, browsing the Internet, and transferring data. Some applications may use PKI natively, while others require programmers to modify.
· Registration Authority- a module responsible for registering users and accepting requests for a certificate.
· Security Server- A server that manages user access, digital certificates, and strong relationships in a PKI environment. The Security Server centrally manages all users, certificates, CA connections, reports, and verifies the certificate revocation list.
PKI functions
· Registration- the process of collecting information about a user and verifying its authenticity, which is then used during user registration, in accordance with security rules.
· Certificate Issuance... Once the CA has signed the certificate, it is issued to the applicant and / or sent to the certificate store. CA affixes a validity period to the certificates, thus requiring periodic renewal of the certificate.
· Certificate Revocation... A certificate can become invalid before expiration for various reasons: the user has left the company, changed his name, or if his private key has been compromised. Under these circumstances, the CA will revoke the certificate by entering its serial number on the CRL.
· Key Recovery... An additional PKI function allows you to recover data or messages in the event of a lost key.
· Lifecycle Management- Continuous support of certificates in PKI, including renewal, restoration and archiving of keys. These functions are performed periodically and not in response to ad hoc requests. Automated key management is the most important feature for large PKIs. Manual key management can limit PKI scalability.
Basic definitions
· Certificate Revocation Lists (CRLs)- list of canceled certificates. Cancellations may be due to a change of job, private key theft, or other reasons. PKI applications can check user certificates against a CRL before granting access against that certificate.
· Digital Certificate / X.509 Certificate... A data structure used to associate a specific module with a specific public key. Digital certificates are used to authenticate users, applications and services, and to control access (authorization). Digital certificates are issued and distributed by CAs.
· Digital Envelope... A method of using public key encryption to securely distribute secret keys used in symmetric encryption and to send encrypted messages. The key distribution problem associated with symmetric encryption is greatly reduced.
· Digital Signature... A method of using public key encryption to ensure data integrity and inability to refuse a parcel. The encrypted block of information, after decryption by the recipient, identifies the sender and confirms the safety of the data. For example: the document is "compressed", HASH is encrypted using the sender's private key and attached to the document (in fact, this means attaching the "fingerprint" of this document). The recipient uses the public key to decrypt the received message to the "squeeze" state, which is then compared to the "squeeze" obtained after the sent document is "compressed". If both "squeezes" did not match, then this means that the document was changed or damaged during the transfer.
· Public Key Cryptography... There are two main types of encryption: public key and secret (symmetric) key. Public key encryption uses a key pair: open, i.e. freely available, and its corresponding private key, known only to the specific user, application or service that owns this key. This key pair is linked in such a way that what is encrypted with the private key can only be decrypted with the public key and vice versa.
· Symmetric encryption (Shared Secret Cryptography)... There are two main types of encryption: public key and secret (symmetric) key. With symmetric encryption, the recipient and sender use the same key for encryption and decryption. This means that many users must have the same keys. Obviously, until the user receives the key, encryption is not possible, and the distribution of the key over the network is not secure. Other distribution methods, such as a special courier, are expensive and slow.
· RSA Algorithm is the first public key encryption system named after its inventors: Ronald Rivest, Adi Shamir and Leonard Adleman.
· Smart card. A credit card-like device with built-in memory and a processor used to securely store user keys and certificates and other information (usually social and medical).
· Digital Credentials. Within the framework of PKI technology, the ISO / TS 17090-1 standard defines this term as a cryptographically protected object that can contain individual user keys, certificates of individual keys, certificates of CAs of the user's PKI structure, a list of trusted CAs, and other parameters related to user domain - user identifier, names of applied cryptographic algorithms, values of starting values, etc. Credentials can be placed on hardware or software media.
Principle of operation
Certificates are typically used to exchange encrypted data over large networks. A public key cryptosystem solves the problem of exchanging secret keys between participants in a secure exchange, but does not solve the problem of trusting public keys. Suppose that Alice, wanting to receive encrypted messages, generates a pair of keys, one of which (public) she publishes in some way. Anyone who wants to send her a confidential message has the ability to encrypt it with this key, and be sure that only she (since only she has the corresponding secret key) will be able to read this message. However, the described scheme can in no way prevent the attacker David from creating a key pair and publishing his public key, passing it off as Alice's key. In this case, David will be able to decrypt and read at least that part of the messages intended for Alice, which were mistakenly encrypted with his public key.
The idea behind a certificate is that there is a third party that is trusted by the other two parties to the information exchange. It is assumed that there are few such third parties, and their public keys are known to everyone in some way, for example, stored in the operating system or published in logs. Thus, a forgery of the public key of a third party is easily detected.
Cryptographic systems with public encryption keys allow users to transfer data securely over an unsecured channel without any prior preparation. Such cryptosystems must be asymmetric in the sense that the sender and the receiver have different keys, and neither of them can be deduced from the other by computation. In these systems, the encryption and decryption phases are separated and the message is protected without the encryption key being made secret, since it is not used in decryption.
Using the public encryption key, user i encrypts message M and sends it to user j via an unprotected data transmission channel. Only user j can decrypt to recover M, since only he knows the secret decryption key.
Among asymmetric (open) cryptosystems, the most widespread is the RSA cryptographic system. In this system, the recipient of the message chooses two large primes p and q so that the product n = pq is beyond computational capabilities. The original message M can be of arbitrary length in the range 1 The original text M is restored from the encrypted C by the reverse transformation The recipient chooses e and d so that the following conditions are met: where is the Euler function equal to (p - 1) (q - 1); (a, b) is the greatest common divisor of two numbers. That is, e and d in the multiplicative group are reciprocals in residue arithmetic mod. Obviously, the main purpose of cryptographic disclosure is to determine the secret key (exponent at C - the value of d). There are three known ways that a cryptanalyst could use to disclose the value of d from open information about the pair (e, n). Factorization n Prime factorization of n allows us to compute the function, and hence the hidden value of d, using the equation Various algorithms for such decomposition are presented in. The fastest algorithm currently known can factorize n in steps of order Analysis of this expression shows that the number n with 200 decimal digits will be well protected from known expansion methods. Direct computation Another possible way of cryptanalysis is associated with the direct calculation of the Euler function without factoring n. Direct computation is not at all simpler than factorizing n, since it then makes it easy to factorize n. This can be seen from the following example. Let be x = p + q = n + 1 -, y = (p - q) 2 = x 2 - 4n. Knowing, you can determine x and, therefore, y, knowing x and y, prime p and q can be determined from the following relations: Direct estimate d The third method of cryptanalysis is to directly calculate the value of d. The reasoning behind this method is based on the fact that if d is chosen large enough for simple enumeration to be unacceptable, computation of d is no simpler than factoring n, since if d is known, then n is easily factorized. This can be shown as follows. If d is known, then we can calculate a multiple of the Euler function using the condition where k is an arbitrary integer. You can factorize n using any multiple of. The decryptor, on the other hand, might try to find some value d "that is equivalent to the hidden value d used in the design of the cipher. If there are many such d", then brute force can be attempted to break the cipher. But all d "differ by a factor equal to and if this factor is calculated, then n can be factorized. Thus, finding d is as difficult as factoring n. Thus, the main task of cryptanalysis of asymmetric encryption systems is reduced mainly to the problem of factorization (factorization). This problem is one of the main ones in number theory and is formulated as follows: Let us be given an integer n> 0, and it is required, if possible, to find two numbers a and b such that ab = n. There are actually two different tasks: the first, called the simplicity test, is to check if such a and b exist; the second, called decomposition, is the problem of finding them. Let's consider both of these tasks. First deterministic test. This test is based on Fermat's Little Theorem, which states that if p is a prime number, then a p-1 1 (mod p) for all a, 1 Thus, the test consists in choosing a number a that is less than b and checking b for belonging to the class of prime numbers according to the condition a b-1 1 (mod b) in accordance with the above expression. In practice, only a few values of a need to be checked. Choosing a equal to 3 reveals all composite numbers. However, this test is known to skip the composite Carmichael numbers (for example, 561 = 3 x 11 x 17). Second deterministic test. Let us divide the number “b” sequentially by 2, 3, ...,. If at some division we get a zero remainder, then the number “b” is composite, and the divisor and the quotient are its factors; otherwise b is prime. Since it is necessary to perform divisions, the time it takes to check the prime of the number “b” is O (). This very slow exponential test not only determines if a number is prime, but also finds the factors of a composite number. Third deterministic test. The number "b" is simple if and only if b | ((b-1)! + 1). Factorial (b-1)! and the divisibility test (b-1)! + 1 for large “b” destroys any interest in this test. If `b 'has 100 decimal digits, then (b-1)! Is approximately 100 102 digits long. All of the above tests were deterministic. This means that for a given number "b" we always get an answer, whether it is simple or composite. If we replace the word “always” with “with some probability”, then it turns out to be possible to construct probabilistic tests, which are also called pseudo-simplicity tests. First probabilistic test. This test allows you to identify all the composite numbers of Carmichael. A random number a is selected in the range from 1 to b-1 and the fulfillment of the conditions is checked. (a, b) = 1, J (a, b) a (b-1) / 2 (mod b), where J (a, b) is the Jacobi symbol. The Jacobi symbol is defined by the following relations: J (a, p) = 1 if x 2 a (mod p) has solutions in Z p, J (a, p) = -1 if x 2 a (mod p) has no solution in Z p, where Z p is a residue ring mod p. If b is a prime number, the above conditions are always met, and if b is composite, then they are not met with probability. Therefore, running k tests ensures that the answer is incorrect with probability 2 -k. Second probabilistic test. Since the number b, which must be prime, is always odd, it can be represented as where s is an even number. Then, in the test, a number a is randomly selected in the range from 1 to b-1 and the fulfillment of the conditions is checked 1 (mod b) for 0< j Both tests are used to check whether a number belongs to the prime class and require O (log 2 b) operations on large numbers. Third probabilistic test. For a given b, we randomly choose m, 1 The probability that the answer “b is a composite number” is given is equal to the probability that m | b. If d (b) the number of divisors b and m is randomly chosen within 1 This is a very weak test. Fourth probabilistic test. For a given “b”, we randomly choose m, 1 If b is a composite number, then the number of numbers m Fifth probabilistic test. This is a test of strong pseudo-simplicity. Let b and m be given. Let be where t is an odd number and consider the numbers for (x r is the smallest absolute value of the remainder modulo b). If either x 0 = 1, or there is an index i, i Let us prove it by contradiction. Suppose b is an odd prime. Let us show by induction that 1 (mod b) for, which would contradict the hypothesis of the theorem. Obviously, this is true for r = S by Fermat's theorem. Assuming the statement is true for i, it is easy to see that it is true for i-1, because the equality implies that the number to be squared is ± 1. But -1 does not match the condition (otherwise the test would have produced the answer "could not be determined"). It has been proven that if b is a composite number, then the probability that the test will give the answer "b is a composite number" is not less. Factoring large integers. The situation with the problem of finding divisors of large primes is much worse than with the test of simplicity. The following is the most powerful known method. The method is based on Legendre's idea if U 2 V 2 (mod b) 0 Suppose we want to factor the number b. Let n = be the maximum number not exceeding, and calculate the numbers a k = (n + k) 2 - b for small k (numbers k can be negative). Let (q i, i = 1, 2,…, j) be a set of small primes that can divide an expression like x 2 - b (ie b is a square modulo q i). Such a set is usually called the multiplicative base B. Let us remember all the numbers a k that can be expanded in terms of the multiplicative base, i.e. written as Such ak are called B-numbers. Each B-number ak is associated with a vector of indicators If we find enough B-numbers for the set of corresponding exponent vectors to be linearly dependent modulo 2 (any set of j + 2 B-numbers has this property), then it will be possible to represent the zero vector as a sum of vectors of exponents of some set S, say Define integers i = 0, 1, ..., j, It follows from the above that U 2 V 2 (mod b) and (U-V, b) can be a nontrivial divisor of b. Decryption by iterations is performed as follows. The enemy picks up a number j for which the following ratio is fulfilled: That is, the adversary simply encrypts j times on the public key of the intercepted ciphertext. It looks like this: (C e) e) e ..) e (mod n) = C e j (mod n)). Having found such j, the adversary calculates C e (j-1) (mod n) (i.e. repeats the encryption operation j-1 times) - this value is the plain text M. This follows from the fact that C ej (mod n ) = (C e (j-1) (mod n)) e = C. That is, some number C e (j-1) (mod n) in power e gives ciphertext C. And this is plain text M. Example. p = 983, q = 563, e = 49, M = 123456. C = M 49 (mod n) = 1603, C497 (mod n) = 85978, C498 (mod n) = 123456, C499 (mod n) = 1603. Academic year Theoretical part 1. The main types of cryptographic information transformations. The essence of each transformation, scope. 2. Representation of an encryption system by a graph, the principle of uniqueness of encryption-decryption. 3. Mathematical model of the information encryption-decryption system. 4. Strength of the encryption system, classification of encryption systems by strength. Types of attacks on the encryption system. 5. Definition of an unconditionally secure encryption system, a statement about the necessary conditions for the existence of an unconditionally secure system. 6. Definition of an unconditionally secure encryption system, a statement about sufficient conditions for the existence of an unconditionally secure system. 7. Computationally strong encryption systems, the concept of the complexity of cryptanalysis, the main approaches to breaking cryptographic systems, analysis of brute-force attacks and attacks based on message statistics. 8. Block cipher, Feistel scheme, block cipher properties. 9. Replacement code, its properties. 10. Gamma code and its properties. 11. Modes (operating modes) of block ciphers, a brief description of the modes. 12. Encryption standard GOST R34.12-2015, basic encryption algorithm for a 64-bit block. 13. Encryption standard GOST R34.12-2015, basic encryption algorithm for a 128-bit block. 14. Encryption standard GOST R34.13-2015, encryption algorithm in simple replacement mode, encryption algorithm in gamma and gamma modes with feedback. Comparison of modes. 15. Linear recurrent register, algebraic properties of a linear recurrent sequence, analysis of the property of predictability. 16. Linear recurrent register, statistical properties of linear recurrent sequence. 17. Principles of constructing cipher gamut shapers (the concept of equivalent linear complexity, the use of nonlinear nodes to increase linear complexity). 18. Code A5 / 1, characteristics of the code, principle of construction, application. 19. The principle of construction and characteristics of the AES cipher. 20. The concept of one-way function, the general principle of building cryptographic systems with a public key. 21. The concept of a hash function, requirements for cryptographic hash functions. 22. Hash function according to GOST R34.11-12, characteristics, construction principle, application. 23. El Gamal encryption system, attacks on the system. 24. RSA encryption system, attacks on the system. 25. Definition, classification, basic properties, EP model. 26. EP RSA scheme. 27. Scheme of the EP El-Gamal. 28. EDS in accordance with GOST 34.10-12, general characteristics, the principle of formation and verification of the signature. 29. Authentication of messages in telecommunication systems (model of the imitation protection system, imposition strategies, indicators of imitation security). 30. The concept of a key hash function. A class of strictly universal hash functions, examples of the implementation of these hash functions. 31. Construction of authentication systems with guaranteed imposition probability. 32. Construction of an authentication system for multiple transmission of messages. 33. Computationally resistant authentication systems. 34. Development of an imitation insert according to GOST R34.12-2015. 35. Model of key management in symmetric cryptographic systems, characteristics of the key life cycle. 36. Methods of key distribution based on mutual exchange of messages between correspondents. Diffie-Hellman method. 37. Methods for generating random numbers when generating keys. 38. Methods for distributing keys using the CRC at the initial stage. 39. Methods for distributing keys using the CRC in interactive mode. Needham-Schroeder Protocol. 40. The principle of distribution of public keys. 41. The concept of public key infrastructure (PKI), composition, principle of interaction of structure elements. 42. Purpose, principle of formation and characteristics of the public key certificate. Practical part 1. Encrypt (decrypt) a message manually with a substitution, permutation and gamma coding. LR1_1.exe program. 2. Decrypt the cryptogram based on the analysis of its statistics using the CHANGE.EXE program. 3. Find the multiplication factor of errors when decrypting the cryptogram of a block substitution-permutation cipher with a block length of 16 bits. The tst program. 4. Decrypt the cryptogram of the permutation-permutation cipher by brute-force enumeration of the keys using the tst program. Substantiate the parameters for making a decision on the correct decoding. 5. Encrypt a 64-bit message with the basic encryption algorithm GOST R 34.12-2015 (1 round) 6. Encrypt a 128-bit message using the AES.exe program. Check that the first transformation (operation SubBytes) uses an element inversion in the GF field (2 8). 7. Using the characteristic polynomial h (x), construct the LRR (initial filling 10 ... 01) Determine the period of the sequence. Find the balance, check the properties of the series and the window. Check the result using the LRR 1 program. 8. Find the sequence at the output of the cipher gamut generator containing elements OR, AND NOT, Jeff. Using the LRR 2 program, determine the equivalent complexity of the sequence. Construct an equivalent LRR. Draw conclusions. 9. Perform the following calculations for the discrete mathematics section: Find the greatest common factor using Euclid's algorithm; Calculate a x modp using the fast exponentiation algorithm; Find the inverse of a number mod p. Find Euler's function of x; 10. - using Fermat's test to check whether the number x is prime, find the probability that the check gives an erroneous result. 11. The parameters of the El-Gamal encryption system are set a = 4, p = 11, private key x = 7, encrypt the message M =. Decrypt the cryptogram. 12. The parameters of the RSA encryption system are set p = 11, q = 13, encrypt the message M = 5. Decrypt the cryptogram. 13. The parameters of the El-Gamal encryption system are set a = 4, p = 11, private key x = 8, sign the message, the hash code of which is h (M) =. Check signature. 14. The parameters of the RSA encryption system are set p = 11, q = 13, sign the message, the hash code of which is h (M) = 6. Check the signature. 15. Using the RSA program, encrypt the large file with the secure RSA cryptosystem and estimate the encryption and decryption time. 16. Using the RSA program, sign messages and verify the signature. The message capacity is at least 100 bits. 17. An elliptic curve E13 (1,1) is set. Find point C equal to the sum of two points, the coordinates of the points and x 1 =, y 1 =, x 2 =, y 2 =. Find the opposite point. Calculate the point where k =3. 18. Form an authenticator for a binary message M= 1010 based on strictly universal hash functions according to the algorithm Ciphertext- the result of the encryption operation. It is also often used instead of the term "cryptogram", although the latter emphasizes the very fact of the message being transmitted, not encryption. The process of applying an encryption operation to a ciphertext is called re-encryption. Ciphertext properties Considering the ciphertext as a random variable depending on the corresponding random values of the plaintext X and the encryption key Z, the following properties of the ciphertext can be determined: The property of unambiguous encryption: The chain equalities imply (from the decryption unambiguity property) (from the principle of independence of the plaintext from the key and the property of unambiguous encryption) then this equality is used to derive the uniqueness distance formula. For an absolutely reliable cryptosystem That is Usage for cryptanalysis Shannon in his 1949 article "Theory of communication in secret systems" showed that for some random cipher it is theoretically possible (using unlimited resources) to find the original plaintext if the letters of the ciphertext are known, where is the entropy of the cipher key, r is the redundancy of the plaintext (including number including checksums, etc.), N is the size of the alphabet used. Encryption- reversible transformation of information in order to hide it from unauthorized persons, with the provision, at the same time, authorized users of access to it. Mainly, encryption serves the purpose of maintaining the confidentiality of transmitted information. An important feature of any encryption algorithm is the use of a key that approves the choice of a specific transformation from the set of possible ones for this algorithm. In general, encryption has two parts - encryption and decryption. With the help of encryption, three states of information security are provided: · Privacy: encryption is used to hide information from unauthorized users during transmission or storage. · Integrity: encryption is used to prevent information being changed during transmission or storage. · Identifiability: encryption is used to authenticate the source of information and prevent the sender of information from denying the fact that the data was sent to them. Encryption and decryption As it was said, encryption consists of two mutually opposite processes: encryption and decryption. Both of these processes at the abstract level are representable by mathematical functions to which certain requirements are imposed. Mathematically, the data used in encryption can be represented in the form of sets over which these functions are built. In other words, suppose there are two sets representing data - M and C; and each of the two functions (encryption and decryption) is a mapping of one of these sets to the other. Encryption function: Decryption function: The elements of these sets - ~ m and ~ c - are the arguments of the corresponding functions. Also, the concept of a key is already included in these functions. That is, the required key for encryption or decryption is part of the function. This allows us to consider encryption processes in an abstract way, regardless of the structure of the keys used. Although, in general, for each of these functions, the arguments are data and an input key. If the same key is used for encryption and decryption, then such an algorithm is referred to as symmetric. If it is algorithmically difficult to obtain the decryption key from the encryption key, then the algorithm is referred to as asymmetric, that is, to public-key algorithms. · For use for encryption purposes, these functions must first of all be mutually inverse. An important characteristic of the encryption function E is its cryptographic strength... An indirect assessment of cryptographic strength is an assessment of the mutual information between the plaintext and the ciphertext, which should tend to zero. Cryptographic strength of the cipher Cryptographic strength- the property of a cryptographic cipher to resist cryptanalysis, that is, an analysis aimed at studying the cipher in order to decrypt it. To study the crypto resistance of various algorithms, a special theory was created that considers the types of ciphers and their keys, as well as their strength. The founder of this theory is Claude Shannon. The cryptographic strength of a cipher is its most important characteristic, which reflects how successfully the algorithm solves the encryption problem. Any encryption system, except for absolutely cryptographically secure ones, can be broken by a simple enumeration of all the keys possible in this case. But you will have to sort it out until the only key is found that will help decrypt the ciphertext. Absolutely resistant systems Shannon's assessment of the cryptographic strength of the cipher determines the fundamental requirement for the encryption function E. For the most cryptographically strong cipher, the uncertainties (conditional and unconditional), when intercepting messages, must be equal for an arbitrarily large number of intercepted ciphertexts. Thus, an attacker would not be able to extract any useful information about the plaintext from the intercepted ciphertext. A cipher with this property is called absolutely resistant. Requirements for absolutely strong encryption systems: · A key is generated for each message (each key is used once). · The key is statistically reliable (that is, the probabilities of occurrence of each of the possible symbols are equal, the symbols in the key sequence are independent and random). · The length of the key is equal to or greater than the length of the message. The durability of such systems does not depend on the capabilities of the cryptanalyst. However, the practical application of absolutely secure cryptosystems is limited by considerations of the cost of such systems and their convenience. Ideal secret systems have the following disadvantages: The encryption system must be created with an extremely deep knowledge of the structure of the used message transmission language · The complex structure of natural languages is extremely complex and an extremely complex device may be required to eliminate the redundancy of the transmitted information. · If an error occurs in the transmitted message, then this error grows strongly at the stage of encoding and transmission, due to the complexity of the devices and algorithms used. Public Key Cryptographic System(or asymmetric encryption, asymmetric cipher) - a system of encryption and / or electronic signature (ES), in which the public key is transmitted over an open (that is, unprotected, accessible for observation) channel and is used to verify the ES and to encrypt the message. A private key is used to generate ES and to decrypt the message. Public key cryptographic systems are now widely used in various network protocols, in particular in the TLS protocols and its predecessor SSL (underlying HTTPS), in SSH. Also used in PGP, S / MIME. Symmetric cryptosystems(also symmetric encryption, symmetric ciphers) - an encryption method in which the same cryptographic key is used for encryption and decryption. Before the invention of the asymmetric encryption scheme, the only existing method was symmetric encryption. The algorithm key must be kept secret by both parties. The encryption algorithm is chosen by the parties prior to starting the exchange of messages. The mathematical model of the encryption / decryption system for discrete messages is a pair of functions , which transform the message The Dutch cryptographer A. Kerkhoffs (1835 - 1903) suggested that the secrecy of ciphers should be based only on the secrecy of the key, and not on the secrecy of the encryption algorithm, which, in the end, may be known to the enemy. If the encryption key is equal to the decryption key, i.e. then the system is called symmetrical(single-key). For it to work, the same keys must be secretly delivered to the encryption and decryption points. If There are two main classes of security for cryptosystems: Ideally(certainly) persistent or perfect cryptosystems for which resistance to cryptanalysis (decryption) without knowing the key does not depend on the opponent's computing power. They are called theoretically undecipherable(TNDSH) systems. Computationally strong cryptosystems, in which the resistance to cryptanalysis depends on the power of the opponent's computing system. An integer is chosen for encryption
N
=p
q, where p and q
- two large primes. Message
M
is represented by one of the numbers M
{2,3,...,N
–1}. Encryption / decryption formulas are as follows: where K- public encryption key, k- private decryption key. These two relations imply the equality which in ordinary arithmetic is performed if kK= 1, and in modular arithmetic and for kK = 1 + l
(N
), (*) where l- whole. Indeed, using Euler's theorem, we check if M
and N- coprime numbers. The considered ratios indicate the way of forming the keys. Very large random primes are chosen first. p and q
with a slightly different number of digits so that the product
N = pq had at least 768 bits (according to 2001 data). Compute the Euler function (N
) = (p
–1)(q
–1). Equality (*) is equivalent to Kk= 1 mod ( N
), whence it follows that both keys are mutually inverse modulo ( N
). Public key K choose, observing the necessary conditions: K< (N
), Gcd ( K, (N
)) = 1. Private key k calculate k = K
–
1 mod ( N
), using Euclid's algorithm. After completing the preparatory work, the public key K
and module N placed in an open directory, taking measures to ensure the impossibility of substitution. Numbers p
and
q kept secret. Note that the condition of mutual simplicity of numbers M and
N failure to do so makes decoding impossible does not create serious restrictions. First, among the numbers smaller N fraction of coprime numbers with N is equal to ( p–1)(q–1)/(pq), i.e. is indistinguishable from unity, and, secondly, the condition is easily provided by an insignificant modification of the message. Also the degree M K should not be less N... If this condition is not met, the cryptogram has the form and without calculations modulo it can be easily opened, since K known. Obviously, in the considered relations, the numbers K and k are equal, i.e. keys can be swapped and used k as a public encryption key, and K
as a private decryption key. Thus, both RSA keys are specified in pairs of integers :( K, N) and ( k, N). When the authors R. Rivest, A. Shamir, L. Adleman (Rivest, Shamir, Adleman) in 1977 proposed the RSA cryptosystem, they encrypted the phrase “ItsallGreektome”, presented in digital form. Values have been posted M,
K,
N indicating that 129 decimal places N obtained by multiplying 64- and 65-bit numbers p
and q... Factorization N and the opening of the cryptogram was performed in about 220 days only in 1994 after preliminary theoretical training. The work was attended by 600 volunteers and 1600 computers networked via the Internet. The strength of a public key system, and in particular RSA, depends on the choice of its parameters. If you choose log 2 N= 200 bits, then factorization will require approximately 2.710 11 operations, which will take several days on a personal computer. If you choose log 2 N= 664 bits, then factorization requires 1210 23 operations. At a speed of 10 6 operations per second, factorization will take several billion years. Thus, if the RSA cipher parameters are selected correctly and the module N
taken large enough, for example The implementation of the RSA cipher has been worked out both in software and hardware versions. Used by RSA and for encryption in smart cards. In the software version, the encryption rate is of the order of 1 kbps, in the hardware version - 10-50 kbps. The relatively low speed of encryption and decryption in comparison with symmetric, block or streaming systems is a drawback of all asymmetric encryption systems, including RSA. The authenticity of the document is traditionally certified by the usual “paper” signature. Strength of a signature, i.e. the impossibility of its forgery by unauthorized persons is ensured by two main conditions: firstly, its uniqueness, based on the individual characteristics of the handwriting, and secondly, the physical integrity of the paper document on which the signature was made. Moreover, the signature cannot be forged even by the person who verifies its authenticity. However, when transmitting documents over computer networks, it is impossible to use these conditions, including when transmitting facsimile messages (FAX), since they can be easily counterfeited. Documents transmitted over computer networks are certified with a digital signature. A digital signature solves the problem of a possible dispute between the sender and the recipient, including in court, if there is a legal basis for its application. A digital signature must have the properties of a regular signature and at the same time be a chain of data that can be transmitted over networks, i.e. it must meet the following four basic requirements: the digital signature must be unique, i.e. no one, except the author, can create the same signature, including persons verifying its authenticity; every netizen, legal or illegal, can verify the validity of a digital signature; the signer cannot refuse a message certified by his digital signature; both the implementation and the verification of the digital signature should be fairly simple. To satisfy all of the above requirements, a digital signature, as opposed to a "paper" one, must depend on all the bits of the message and change even when one bit of the signed message changes. To implement a digital signature based on symmetric cryptosystems, the participation of a trusted person - an arbitrator - is required. The implementation of a digital signature without an arbiter is possible only through the use of asymmetric systems. There are various types of digital signatures based on public key cryptosystems. Consider a CPU implementation based on the RSA cryptosystem. In this case, the user A signing the message M, generates a key pair k A
,K A and informs netizens of the values K A and N... Next user A creates a control group which will be the digital signature (Fig. 17). The control group is assigned to the message and sent along with it. It is easy to verify that in this case all four requirements for digital signatures formulated earlier are met if the RSA cipher is chosen strong enough. However, the considered system for generating a digital signature has two significant drawbacks: there is significant redundancy due to the assignment of a control group, the length of which is equal to the length of the message, which requires doubling the amount of memory, transmission time, etc .; for long messages, the exponentiation operation in calculating the control group and checking it will take an unacceptably long time.
K 0 = 0101, K 1= (ticket number). Calculations in the field are carried out modulo the irreducible polynomial 
, b=4.Cryptographic System Models
,
into cryptogram 
using an encryption key 
and, conversely, a cryptogram 
in the message 
using the decryption key 
... Both functions defining the cryptosystem must meet the following requirements:
= 
=
,
.
, i.e. the encryption key is not equal to the decryption key, then the encryption system is called asymmetrical(two-key). In this case, the key 
delivered to the encryption point, and the key 
- to the decryption point. Both keys should obviously be linked by functional dependency. 
, but such that according to the known encryption key 
it would be impossible to recover the decryption key 
... This means that for an asymmetric encryption system, the function () must be hard to calculate.Crete system RSA
,
,
,
,
, then this system can be considered quite stable. To date, there are no methods for its successful cryptanalysis.Digital signature
,
