ŠIFROVACÍ SYSTÉM ZALOŽENÝ NA TECHNIKÁCH KOREKČNÝCH KÓDOV CIPHERING SYSTEMS BASED ON THE ERROR-CORRECTING CODING TECHNIQUES ŠIFROVACÍ SYSTÉM ZALOŽENÝ NA TECHNIKÁCH KOREKČNÝCH KÓDOV CIPHERING SYSTEMS BASED ON THE ERROR-CORRECTING CODING TECHNIQUES

29 K O M U N I K Á C I E / C O M M U N I C A T I O N S 3 / 9 9 Článok poukazuje na možnosť použitia šifrovacieho algoritmu s použitím štandardných kódovacích techník z množiny lineárnych samoopravných kódov. Kvalita dešifrovacieho algoritmu je určená pre Hammingove (n, k) kódy. Zároveň je stanovené pre aké dimenzie Hammingových (n, k) kódov je uvedený algoritmus prakticky použiteľný. Uvedený princíp sa dá zovšeobecniť aj pre iné typy samoopravných kódov.


INTRODUCTION
The communication subsystem as an important part of an information system is a neglected area for passive and active attacks against transferred information. Specifically, the public networks are regarded as non-trusted networks. This is why a solution for data security problems during transmission plays a very important role.
The network security services according to USA standard "Trusted Network Interpretation" are classified into three groups [5]: G Communications Integrity, G Denial of Service, G Compromise Protection.

The draft of paragraph version of New Telecommunication
Law solves the problem of information, networks and intermediate protection in Slovak Telecommunication, too (the part IV, §26 "System of increased rate of secrete and transmitted information protection"). The aim of the new telecommunication legislation in Slovakia is to achieve a level of telecommunication services provided in selected European Union (EU) members.
The confidentiality of data transmission according to recommendation ISO -7498-2 Security Architecture is provided in the second, the third, the fourth, the sixth and the seventh layer of OSI (Open System Interconnection) [2].
The ciphering of data in the line layer of OSI can be used only for the protection of the connection end-to -end. The advantage of this realisation is the transparency of data for all network protocols and applications. The communication between entity A and B in networks with interface X.25 can be realised according to Figure 1. In the bottom of the picture the model shows which layers of OSI participate in communication according to followed element of network.
If the entities A and B require to keep privacy of information, the communications system must be expanded by a ciphering encoder before the error-correcting encoder at the transmitter side and the ciphering decoder after error-control coding at the receiver side. For the increasing of data rate (mainly by modem data transmission) it is necessary to use the data compression. The advantage of the compressed cipher text is its resistantancy against some cryptoanalytict's attack. In the paper the authors do not solve problems of data compression. Further, the described algorithm is supposed to be applied only for the noiseless channel. For the noise channel for the elimination of noise must be channel code included.

PROPERTIES OF THE CRYPTOSYSTEM ON THE BASE OF HAMMING (n,k) CODES
Generally it is well known that principles of encoding, decoding, detection and correction of errors with linear systematic (n, k) codes use [1], [4]. The basic principles of these codes can be used also for ciphering. Kódovanie zdrojovej k-tice z ϭ (z 1 , z 2 , ..., z k ) lineárneho systematického kódu k x n sa realizuje prostredníctvom rovnosti: kde G je generujúca matica k ϫ n lineárneho systematického kódu, ktorá ho jednoznačne určuje.
The encoding of a plain text word z ϭ (z 1 , z 2 , ..., z k ) is as follows: where G is generating matrix of linear systematic code of the size k ϫ n and u are the code words.
The Hamming (n, k) codes are the linear block codes with following properties: The main idea of the use Hamming (n, k) codes for ciphering a plain text is based on the masking of the generating matrix G. Generating matrix is transformed by binary matrixes S and P to the matrix K according to: where: S is the binary convertible matrix of the side k ϫ k, P is the permutation matrix of the side n ϫ n, which it is created from the eye matrix by changing its rows and columns.
This system can be classified as the public key cryptosystem. The private key consists of three matrixes S, G and P and the public key of the matrix K only, which is publicly known with the algorithm, too.
The Hamming (n, k) codes can be used as the cipher codes when the following conditions are kept: G transmitting side knows the matrix K (public key), G receiving side knows the type of Hamming (n, k) code, the matrixes G, S, P (private key) and the check matrix H for correction of random error vector.
Transformation of this cryptosystem T k (z) is given by where c is the n-bits error vector of weight Յ t, that is at random generated from the transmitting side for every code word. The receiving side receives the signal, which can be represented by vector y ϭ T k (z) The deciphering process is realised according to the following steps [3]: G determination of the inverse permutation matrix P Ϫ1 and calculation y . P Ϫ1 , G elimination of error vector c by check matrix H by calculation (y . P Ϫ1 ) . H, G determination of the code z . S by means of the G G calculation the original vector z by the binary inverse matrix S Ϫ1 use.

ANALYSIS OF CIPHER QUALITY
The cipher quality is given by the complexity of deciphering algorithm. The complexity of deciphering algorithm can be determined by the number of cycles that the algorithm needs for deciphering cryptogram in average. The complexity of the cipher is proportional to time for the breaking of deciphering algorithm. Many of cryptoanalytic attacks are well known today [3]. Quality cipher algorithm assumes the brute force attack only. It means trying all combinations of key.
The quality of analysed cipher algorithm resides in determination of inverse ciphering transformation T k (z) Ϫ1 . This determination is not able to be realised by inverse matrix K Ϫ1 , because for every transmitted code word is created the randomisation of cryptosystem by n-bits error vector c. In respect to it deciphering is complicated already for small (n, k) dimension and it is impossible to solve in real time operation.
The second way for breaking deciphering algorithm is based on the knowledge not only of the public key K and also algorithm. It means that potential hacker must find and test all submatrixes P, S, G (which can be the part of key K) and eliminate the error vector by check matrix H.
Authors tried to analyse the cipher quality of cryptographic system based on Hamming (n, k) codes because the commercial equipment with these types of codes (for correction of simply error) is very often used. A list of the valid Hamming code parameters with check parity m from m ϭ 3 to m ϭ 13 is provided in the Table 1. This table shows how redundancy r [%] decreases for larger dimension of n (for n larger than 1023 is redundancy less than 1 %).

ZÁVER
Z tab. 1 vidieť, že už pre malé dimenzie Hammingových (n, k) kódov je počet kombinácií pri výpočte čiastkových častí kľúča značný. Výpočet všetkých kombinácií jednotlivých častí kľúča pre dimenzie od (n, k) → (511, 502) je obtiažne realizovateľný v reálnom čase. Pre nájdenie originálneho kľúča je potrebné všetky vypočítané kombinácie správne skombinovať, čo je tiež n t n 1 n 0 The following factors influence the quality of deciphering algorithm: A. calculation of inverse permutation matrixes P Ϫ1 Permutation matrix P is of the side n ϫ n. The determination of all permutation matrixes P is a complicated problem mainly for larger dimension of code word n as the number of all combinations is n factorial. N factorial in Table 1 is computed maximally for (n, k) code (2047,2036). After the determination of all inverse permutation matrixes P Ϫ1 it is necessary to calculate y . P Ϫ1 for all received vectors y.

B. elimination of error vector c
The error vector c is n-bits vector with the weight w(c) Յ t, where t is number of correcting errors. The total number of various errors vectors c . P Ϫ1 for code word of length n then is The error vector can be detected with the help errorcorrecting techniques. This algorithm is based on knowledge of the check matrix H of the side n ϫ (n Ϫ k) which can be determined by generating matrix of the side n ϫ k and from the eye matrix I of the side (n Ϫ k) ϫ (n Ϫ k). The column of matrix with error is determined according to expression (y . P Ϫ1 ) . H T . In the next step the error is eliminated. (Note: H T is a transposed matrix of H matrix ).

C. determination of original vector z . S
If G is generating matrix of systematic code, this process of determination of vector z . S is easier as it is enough to examine the combination of source subarea V k from area of all combination V n . Number of such possibilities is [3]:

Recenzenti: D. Levický, P. Tomašov
We can say that the analysed cipher system is complex of computation (assuming only brute force attack). We would recommend its use in special applications for fast and confidential transmission in the line layer of the OSI.
If cipher-decipher algorithms had also the error-correcting coding function (i. e. elimination influences of channel), it would be a big advantage. For this application we assume using of multierror correcting coding algorithms, e. g. algorithm of BCH codes, whose ciphering algorithm is more resistant against the other cryptoanalytick attacks.
This work is a part of grant research projects: 1/5255/98 with the title "Theoretical apparatus for analysis and synthesis of communication system protocol with special service set", 1/5230/98 with the title: "Theoretical apparatus for analysis and synthesis of system with defined level of safety".