РАЗРАБОТКА МОДИФИЦИРОВАННОЙ НЕСИММЕТРИЧНОЙ КРИПТО-КОДОВОЙ СИСТЕМЫ МАК-ЭЛИСА НА УКОРОЧЕННЫХ ЭЛЛИПТИЧЕСКИХ КОДАХ

-□ □Розглядаються загальна конструкция тео-ретико-кодових схем (ТКС), несиметрична крипто-кодова система (НККС) на основi ТКС Мак-Ел^а на укорочених (модифшованих) елттичних кодах. Пропонуеться матема-тична модель НККС Мак-Ел^а, алгоритми формування та розшифрування/розкодуван-ня криптограми/кодограми, аналiзуються витрати на програмну реалiзацiю крипто-ко-дових засобiв захисту тформаци на основi ТКС Мак-Ел^а

Ключовi слова: несиметрична крипто-ко-дова система, теоретико-кодова схема, модифтоваш перешкодостшт коди

Рассматриваются общая конструкция теоретико-кодовых схем (ТКС), несимметричная крипто-кодовая система (НККС) на основе ТКС Мак-Элиса на укороченных (модифицированных) эллиптических кодах. Предлагается математическая модель НККС Мак-Элиса, алгоритмы формирования и расшифрования/раскодирования криптограммы/кодограммы, анализируются затраты на программную реализацию крипто-кодовых средств защиты информации на основе ТКС Мак-Элиса

модифицированные помехоустойчивые коды -□ □UDC 621.391

|doi: 10.15587/1729-4061.2016.75250|

DEVELOPMENT OF MCELIECE MODIFIED ASYMMETRIC CRYPTO-CODE SYSTEM ON ELLIPTIC TRUNCATED CODES

S. Yevseiev

PhD, Associate Professor, Senior Researcher* E-mail: serhii.yevseiev@m.hneu.edu.ua K. Rzayev PhD, Associate Professor** E-mail: xazail49@mail.ru O. Korol PhD, Associate Professor* E-mail: olha.korol@m.hneu.edu.ua Z. Imanova Assistant** E-mail: zarife1955@mail.ru information Systems Department Simon Kuznets Kharkiv National University of Economics Nauky ave., 9^, Kharkiv, Ukraine, 61166 **Department of Computer Technology and Programming Azerbaijan State University of Oil and Industry Azadlyg ave., 20, Baku, Azerbaijan, AZ1010

Development of telecommunication systems in all areas of their use puts forward stricter requirements to the reliability and security of the entire data processing cycle. To ensure these criteria in telecommunication systems, software/firmware implementation means of error-correcting coding techniques (to ensure reliability) and cryptographic information transformation methods (providing security: confidentiality, integrity and availability), as well as data transfer protocols at different levels of the ISO/OSI model are used. A promising direction in the development of communications technologies and systems are integrated mechanisms that provide the required reliability and safety performance in a single software/hardware and software implementation. For this purpose, the authors suggest the use of the modified asymmetric crypto-code system based on the McEliece theoretical-code scheme (TCS) on elliptic shortened codes. This approach provides the required level of reliability of data transfer through the use of error-correcting coding techniques, and the use of the asymmetric cryptosystem provides the required level of cryptographic performance.

The development of communication technologies is closely related to the quality of services provided to end users of the system and determined by the indicators proposed in the standards and recommendations of the International Communication Union. Among the main service quality indicators discussed in Recommendations ITU E.800, special importance is given to the coefficient of system availability, which provides the required level of reliability and security of the entire data processing and storage cycle [1, 2]. The analysis in the paper [3] showed that the rapidly growing number of users and information consumers, expanding the range of telecommunication services, increased volumes of processed data lead to a tightening of probability-time requirements for the major components of telecommunication systems and networks at all stages of the information data exchange. Thus, according to [4], the relevance of creating telecommunication systems and networks with protected data transmission channels has increased dramatically in recent years. The requirements for data security indicators in telecommunication systems and networks, especially in special-purpose networks in which a denial of service or

output of specific quality parameters out of-the range can lead to catastrophic consequences in the financial sector, industry, energy sector, and so on have also increased. Modern developers of communication technologies are forced to solve several problems simultaneously and ensure not only the security of the information transmitted, but also the speed to transfer large amounts of data. In [5], the authors propose to use a McEliece cryptosystem in the Se-quitur software, which allows integrally solve the problems of performance and security while transmitting sensitive information. In [6], the McEliece cryptosystem is used as a mechanism to ensure integrity in the stegosystem that provides storage information about the artist, lyrics and performance in MPEG Layer-III or MP3 file. The cryptosystem is used to store both personal (private), and public key in the ID3v2 tag format. In [7, 8], it is proposed to use the McEliece cryptosystem for solving authentication (authenticity) problems and forming a digital signature based on algebraic coding theory, as well as for the transmission of confidential (medical) information). The authors of [9] propose to use the McEliece cryptosystem in the Secure Key Management software (SKM, a framework with a high degree of scalability relative to memory), to generate key sequences and their distribution.

To reduce the cost of transmission and processing of data, ensure the required performance and reliability of the information secrecy (security), it is proposed to use asymmetric crypto-code systems on the McEliece theoretical code scheme [10-12]. In [13, 14], the basic principles and mathematical models of asymmetric crypto-code systems construction based on the McEliece and Niederreiter theoretical-code schemes (TCS) on elliptic codes that allow integrally provide the required reliability performance of information secrecy and data transmission speed in communication systems are considered. At the same time the analysis of asymmetric crypto-code system software implementation on the Niederreiter theoretical code scheme (TCS) [15] showed significant implementation complexity that makes it difficult to use theoretical code schemes for the construction of asymmetric cryptographically strong systems. In [16], the new approaches to breaking the McEliece cryptosystem based on randomized concatenated codes are considered. Development of modified crypto-code systems using modified algebraic codes is a perspective direction in solving these scientific and technical problems.

The objective is to analyze the overall design of construction of theoretical code schemes as an integrated mechanism for providing the reliability, efficiency and safety in general data processing cycle. To achieve the goal, are considered the following tasks are considered:

- to analyze the overall structure of asymmetric crypto-code system constructing (ACCS), to assess the effectiveness and performance compared to the symmetric and asymmetric cryptographic algorithms;

- to consider the mathematical model and basic algorithms of information transfer in the McEliece ACCS on shortened codes;

- to analyze the costs of software implementation of crypto-code means of information security based on the McEliece TCS.

Let us consider the overall design of theoretical code schemes. We fix a finite field GF(q). Let us consider the vector space GFn(q) as a set of n-sequences of elements of GF(q) with component wise addition and multiplication by a scalar. Linear (n, k, d) code C is a subspace in GFn(q), i. e. a non-empty set of n-sequences (code words) over GF(q), k -the linear subspace dimension, d - minimum code distance (minimum weight of a non-zero codeword).

The main purpose of information encryption is to control (detect and correct) errors that occurred when sending a message through a channel with noise. For error control, the encoder introduces redundancy (checked part of the length r, r=n-k) in the transmitted data. On the receiving side, analyzing the properties of the test part and its correspondence to the transmitted data, the decoder reduces the effects of errors occurring during transmission.

The decoding problem can be effectively solved (with polynomial complexity) for a narrow class of codes, such as Bose-Chaudhuri-Hocquenghem error-correcting codes (BCH) and Reed-Solomon codes. One of the most effective algorithms for BCH codes algebraic decoding is the Ber-lekamp-Massey algorithm and its modifications (improvements). It is well known [17-20] that the Berlekamp-Massey algorithm contains the number of implementation of multiplications, order t2, or, formally, the complexity of the algorithm O(t2), where t - correcting capability of the code, t= =L(d-1)/2j. For a big t, an accelerated Berlekamp-Massey algorithm, which allows to reduce the computational complexity of the algorithm is used. The recursive Berleka-mp-Massey algorithm is even more effective in terms of computational complexity. The asymptotic complexity of decoding the Reed-Solomon codes in this case does not exceed O(nlog2n), and is very close to the value O(nlogn).

The decoding of an arbitrary linear code (generic code) is a very complicated computational task, the complexity of its solution increases exponentially. Thus, for correlation decoding of random (n, k, d) code over GF(q), it is necessary, in general, to compare the received sequence with all qk code words and select the closest (in the Hamming metric). Even for small n, k, d and q, the correlation decoding task is very labor-intensive. This provision forms the basis of all cryptographic systems on algebraic block codes. By disguising a code with fast decoding algorithm (polynomial complexity) as an arbitrary (random) linear code, the decoding task for an outside observer (an attacker) can be represented as a computational task (with exponential complexity).

For the authorized user of a cryptosystem (having a secret key), the decoding is a polynomially solvable problem. General classification of theoretical code schemes is shown in Fig. 1.

To ensure security in modern communication systems, symmetric and asymmetric cryptographic algorithms, providing the required cryptographic strength are generally used. As the analysis shows, the use of theoretical code scheme allows fast cryptographic transformation providing provable strength (Table 1). The complexity of their implementation is comparable with symmetric crypto algorithms with block symmetric ciphers (BSC). Moreover, their practical application allows using a public key infrastructure and building integrated mechanisms for cryptographic data

transformation and channel coding for the complex security and reliability of data transmission.

Fig. 1. General theoretical-code classification

to-code information conversion with the speed of block symmetric ciphers encryption. Furthermore, the practical use of theoretical-code means of information protection provides security and reliability of transmitted data based on the integration of the channel coding and encryption mechanisms. Hence, the use of theoretical-code schemes on the one hand is more economically advantageous than the use of a whole range of different encryption and channel coding mechanisms, solving individual problems, but on the other - there is a significant reduction in the total computational cost per unit of processed and transmitted information, i. e., reduced processing time increases data transmission efficiency. Let us consider the mathematical model and basic algorithms of the McEliece ACCS.

Table 1 shows the results of comparative studies of cryptographic methods effectiveness of information protection with a fixed level of strength:

- middle (cryptanalysis complexity with the well-known algorithm is not less than 2128 operations);

- high (cryptanalysis complexity with the well-known algorithm is not less than 2256 operations);

- very-high (cryptanalysis complexity with the well-known algorithm is not less than 2512 operations).

Fig. 2. Evaluation of cryptographic conversion performance in BSC and ACCS

The results of comparative studies of cryptographic methods effectiveness of information protection with a fixed level of strength

Cryptographic transformation methods Security model Key data length, bits Encryption speed, bits/s Additional functions

Block symmetric ciphers Practical security 128, 256, 512 106-109 Stream symmetric ciphers Practical security 128, 256, 512 107-1010 RSA-like cryptalgo-rithms Provable security 3248 (128), 15424(256) 102-103 Asymmetric cryptalgo-rithms on elliptic curves Provable security 283 (128), 571(256) 103-104 ACCS Provable security 0.5-106, (128), 2-106 (256) 106-108 Error control, reliability provision

Evaluation results of data conversion algorithms performance in symmetric ciphers and ACCS are shown in Fig. 2.

Thus, as follows from the given results of a comparative analysis, asymmetric crypto algorithms, with the use of theoretical-code schemes allow you to implement cryptographic information protection according to the public-key technology and thus provide the speed of cryp5. Mathematical model and basic algorithms of information conversion in the proposed McEliece system on shortened codes

Known methods for the modification of linear block codes are more fully discussed in [17-20]. Fig. 3 shows the most common modification methods.

Lengthening (n, k, d) of linear block code is to increase the length of n+x by adding new information symbols k+x. Extension (n, k, d) of linear block code is to increase the length of n+x by adding new check symbols r+x. Puncturing (n, k, d) of linear block code is to reduce the length of n-x by decreasing of check symbols r-x. Shortening (n, k, d) of linear block code is to reduce the length of n-x by decreasing of information symbols k-x. Augmentation (n, k, d) of linear block code is to increase the length of k+x information symbols without increasing the code length. Expurgation (n, k, d) of linear block code is to reduce the k-x information symbols without code length increasing.

Potential strength of theoretical code schemes is defined by the complexity of decoding the random (n, k, d) block code. Hence, for the construction of potentially persistent theoretical code schemes, modification techniques that do not allow reducing the minimum code distance should be used. Methods of lengthening and shortening of the linear block codes do not change the minimum distance and, therefore, allow us to construct asymmetric crypto-code systems resistant to breaking.

The simplest and most convenient method of modifying a linear block code, not reducing the minimum code distance is shortening its length by reducing the information

symbols. Let I=(I1, I2, ..., Ik) - information vector (n, k, d) of block code. We chose a subset h of information symbols, |h|=x, x<1 /2k. We put zeros in the information vector I in the subset h, i. e. Ii=0, Vli eh. On the other positions of the vector I, we place the information symbols. While the information vector encoding, the symbols of the set h are not involved (they are null) and can be discarded, and the resulting code word is shorter by x code symbols. For modification (shortening) of elliptic codes, we use the reduced set of the curve points. The following statement is true.

Statement 4. Shortened elliptic (n, k, d) code over GF(2m), built through mapping like j:X^Pr-1, defines the modified theoretical-code scheme with the following parameters:

- the dimension of the secret key is determined by (3);

- the dimension of the information vector (in bits):

lI + q + 1 -a)m; (7)

- the dimension of the codegram is defined by (5);

- relative transmission rate:

Fig. 3. Means of linear block codes modification

Statement 1. Let EC - an elliptic curve over GF(q), g=g(EC) - the curve genus, EC(GF(q)) - a set of its points over a finite field, N=EC(GF(q)) - their number. Let X and h - nonintersecting subsets of points, Xuh=EC(GF(q)), |h|=x. Then shortened elliptic (n, k, d) code over GF(q), built through mapping like j:X^Pk-1, is linked by characteristics k+d>n, where:

n = 2^/q + q +1 - x,

k>a-x,

d>n-a, a=3xdegF. (1)

Statement 2. Shortened elliptic (n, k, d) code over GF(q), built through mapping like j:X^Pr-1, is linked by characteristics k+d>n, where:

n = 2^/q + q +1 - x,

k>n-a,

d>a, a=3xdegF. (2)

Using the result of Statements 1, 2, we set the theoretical-code scheme on modified elliptic codes, built through mapping like j:X^Pk-1 and j:X^Pr-1. The following statements are true.

Statement 3. Shortened elliptic (n, k, d) code over GF(2m), built through mapping like j:X^Pk-1, defines the modified theoretical-code scheme with the following parameters:

li=(a-x)^m; (4)

r=(a-x)/ (2^+q+1—x). (6)

Let us consider the formal description of a modified asymmetric crypto-code information protection system based on the use of modification methods and practical algorithms of formation of codegrams and their decryption in the developed theoretical-code schemes.

Mathematical model of ACCS using the McEliece TCS based on shortening (reduction of information symbols) is formally defined by a combination of the following elements [9]: - a set of plaintexts

M = {M1,M2,...,M „},

where Mj = {I0,Ih ,.. Ih ,Ik-1}, VIj eGF(q), hj - information

symbols equal to zero, |h|=— k, i. e. Ii=0, VIi eh;

- a set of secret texts (codegrams)

C = {C1 ,C2 ,...,Cqk}, where

Ci = fcX^v-vV^X Vc^ eGF(q);- a set of direct mappings (based on public key usage -generating matrix)

*={M2,...,W,

Ck-h , i = 1,2,...,s;

- a set of inverse mappings (based on secret (private) key usage - disguise matrixes)

r1 = №1,^-1,..,C1},

—1 :Ck—h ^M, i = 1,2,...,s;

- a set of keys, parameterizing direct mappings (public key of the authorized user)

K = {K ,K2a,...,Ks } = {GXC1ai,GXC2ai,...,GXCsai},

where G|Cla - generating n x k matrix disguised as a Cj = (mi,GX ) = Mr (GX ) +e,

random code of algebra-geometric block (n, k, d) code with

i 1,2,...,s;

elements from GF(q), i. e. ^¡:M-^Ck-h

ai - a set of polynomial curve coefficients a^.ag, VaieGF(q), uniquely defining a specific set of points on the curve from the space P2.

- a set of keys, parameterizing inverse mappings (private (secret) key of the authorized user)

k* = {k;,k;,...,k;}=«x,p,dux,p,d}2,...,{x,p,du

{X,P,D} = {X&,P&,D&},

where X1 - disguise nondegenerate randomly equiprobably formed by a source of keys k x k matrix with elements from GF(q); P1 - permutation randomly equiprobably formed by a source of keys n x n matrix with elements from GF(q); D1 - diagonal formed by a source of keys n x n matrix with elements from GF(q) , i. e.

: C -»M, i = 1,2,...,s,

where the Hamming weight (number of nonzero elements) of the vector does not exceed the correcting ability of the algebraic block code used:

the complexity of the inverse mapping without knowing the key K* e K* is associated with solving theoretical-complexity problems in random code decoding (general position code).

The initial data in the description of the considered asymmetric crypto-code information protection system are:

- algebrogeometric block (n, k, d) code Ck-h over GF(q), i. e. a set of code words Ci e Ck-h such that the equality is true CiHT = 0, where H - check matrix of algebrogeometric block code;

- ai - a set of the curve polynomial coefficients a1_a6, Vaie GF(q), uniquely defining a specific set of the curve points from space P2 to form the generating matrix;

- hj - information symbols, equal to zero, |h|=1/2k, i. e. Ii=0, Vli eh;

- disguising matrix mappings, given by a set of matrices {X, P, D}i, where X - nondegenerate k x k matrix over GF(q), P - permutation n x n matrix over GF(q) with one non-zero element in each row and each column of the matrix, D - diagonal n x n matrix over GF(q) with non-zero elements on the main diagonal.

In asymmetric crypto-code system based on the McEliece TCS, the modified (shortened) algebrogeometric (n, k, d) code Ck-h with fast decoding algorithm is disguised as a random (n, k, d) code Ck-h * by multiplying the generating matrix GEC of the code Ck-h by the secret disguise matrices Xu, Pu and Du [8], providing the formation of the authorized user&s public key:

GXCu = Xu ■ GEC ■ Pu ■ Du, u e {1,2,...,s},

where GEC - generating n x k matrix of algebrogeometric block (n, k, d) code with elements from GF(q), built on the basis of the user-selected curve polynomial coefficients aj... a6, Vaie GF(q), uniquely defining a specific set of points on the curve from the space P2.

Forming a closed text Cj eCk-h on the basis of the entered plaintext Mi e M and a given public key GXCua, u e{1,2,...,s} is carried out by forming a code word of the disguised code by adding a random vector e = (e0,e1,...,en-1):

[xj - the integer part of a real number x.

For each formed secret text Cj eCk-h , the corresponding vector e = (e0,e1,...,en-1) acts as a one-time session key, i.e. for a particular Ej the vector e is generated randomly equiprobably and independently of the other closed texts.

The communication channel receives

Cj* = Cj-Ck-v

On the receiving side, an authorized user who knows the disguise rule, the number and location of zero information symbols can use a fast algebrogeometric code decoding algorithm (with polynomial complexity) to recover the plaintext [8]:

Mi = ^-1 (Cj*,{X,P,D}u).

To recover the plaintext, an authorized user adds zero information symbols Cj* = Cj + Ck-h , from the recovered secret text Cj , removes the effect of the secret permutation and diagonal matrices Pu and Du:

C = Cj*(D" F> )-1 = (MGX )T + e)(D" )">" )-1 =

= (m (XuGPuDu )T + e) (Du )-1 (Pu )-1 =

= Mi ■(x" )>)>" )T (du )t ■(d" )"> )-1 + +e (Du)-1 ■(P")-1 = Mi ■(X")>)T + e (Du)>")"\\

decodes the received vector by the Berlekamp-Massey algorithm [15]:

C = Mr(X" )T-(GEC )T + e ■ (D-)-1 ■(P" )-1,

i. e. gets rid of the second term and from the multiplier (G) in the first term in the right side of the equation, and then removes the effect of the disguise matrix Xu. For this, the result of decoding Mi ■ (Xu ) should be multiplied by

(X")-1 : (Mi-(X")T)^(X")-1 = Mi.

The resulting solution is the plain text Mi.

Let us consider the practical algorithms of formation and decryption/decoding cryptogram/codegram in a modified asymmetric crypto-code system based on the McEliece TCS on elliptic shortened codes. Fig. 4 shows an algorithm of cryptogram/codegram formation.

The algorithm of codegram formation in the modified McEliece asymmetric crypto-code system with shortened modified code is defined by a sequence of the following steps.

Fig. 4. The algorithm of codegram formation in the modified McEliece ACCS with shortened modified code

Step 1. We fix a finite field GF(q). We fix an elliptic curve y2z+a^yz+a3yz2=x3+a2x2z+a4xz+a6z3 and a set of its points EC(GF(q)):(P1, P2, ...,PN) over GF(q). We fix a subset of points h(GF(q)): (PX1, PX2, .,Pxx), hcEC(GF(q)), |h|=x and keep it secret.

Step 2. We form the initialization vector IV=EC-hj, hj 1

information symbols equal to zero, |h|= —k, i. e. Ii=0, VIieh;

Step 3. By entering the information vector I, we form the codeword c. If (n, k, d) code over GF(q) is given by its generating matrix, then c=IxG.

Step 4. We form the random vector of the error e so that w(e)<t, t = |_(d -1)/2J. We add the formed vector to the code word, receive the code word: c*=c+e.

Step 5. We form the codegram by removing (shortening) the initialization vector symbols: cx*=c*-I V.

The algorithm of codegram decoding in modified theoretical-code schemes on elliptic codes is defined by a sequence of the following steps:

Step 1. Entering the codegram to be decoded. Entering the private key - generating and/or parity-check matrix of the elliptic code.

Step 2. Codegram - a codeword with elliptic code errors. Error vector weight w(e)<t. We decode the codegram - find the error vector.

Step 3. We form the needed information vector.

The proposed algorithm for decoding in the modified asymmetric crypto-code system using the McEliece TCS with shortened modified code is shown in Fig. 5.

The main stage of the codegram decoding algorithm in the theoretical-code scheme on elliptic codes is decoding of the received sequence. While the codegram decoding, an authorized user should consider the shortened code parameters in the theoretical-code schemes on modified elliptic codes.

The block diagram of the real-time information exchange protocol using the asymmetric cryptosystem based on the modified McEliece TCS with modified (shortened) elliptic codes is shown in Fig. 6.

Stage 1. Set of code parameters , Entering personal key and codegram

X - non-degenerate matrix k^k over GF(q), P - permutational matrix n*n over GF(q), D - diagonal matrix n*n over GF(q), HEC- check matrix r^n of elliptic code over GF(q),a - coefficients set of curve polynomial ai... a6,

IV - initialization vector, IV= \\h\\ =% k -reducing elements

Stage 2. Codegram decoding

Fig. 5. Algorithm in the modified McEliece ACCS with shortened modified code

Receiver

Forming error vector e

Receiving key data and initialization vector

Forming code word

C;=% (mGx )=Mr(o&x j + e_

Forming and transmitting key data

Transmitting public key and initialization vector through open channels in IP-networks

Forming key data and initialization vector

Secret key: 1 Public key:

masking matrices^1,P\\DU GlCu = X" - GEC -P11 - D

equation coefficients EC, generating matrix Gm~

Initialization vector IV

Cryptogram decoding

C = Mr(xu )T-(g&c)T + e ■ (d" jr&-p

Forming cryptogram

C = Cj + Ck-j

Forming and transmitting of cryptogram

Adding initialization Cryptogram transmitting through the open vector symbols channels in IP-networks to the cryptogram

C = C+Ck-j

Plaintext

M, &(x" T) &(X" I-1 = M,

Intruder

Fig. 6. Real-time information exchange protocol using the asymmetric cryptosystem based on the modified McEliece TCS with

modified (shortened) elliptic codes

Let us investigate the software implementation energy costs of crypt-code means of information security based on the McEliece TCS on modified (shortened) elliptic codes.

To estimate time and speed parameters, it is common to use the unit of measurement cpb, where cpb (cycles per byte) - the number of processor cycles, which should be spent to process 1 byte of incoming information. Algorithm complexity is computed by the expression:

The investigation results for evaluating time and speed parameters of procedures of forming and decoding information in the asymmetric crypto-code system based on the McEliece TCS

Parameters Code sequence length Algorithm bandwidth, Rate (byte/sec) Utilization of the processor core, (%) Algorithm complexity, Per(cpb)

The number of function calls that implement the basic operations 100 46 125 790 56 61.5

Per = Utl*CPU_ clock / Rate,

where Utl - utilization of the CPU core (%); Rate - algorithm bandwidth (bytes/sec).

Table 2 shows the dependence of the code sequence length of the algebrogeometric code in the McEliece and Niederreiter TCS on the number of CPU cycles to perform elementary operations in the software implementation of crypto-code systems.

Table 3 shows the investigation results for evaluating time and speed parameters of procedures of forming and decoding information in the asymmetric crypto-code system based on the McEliece TCS.

The analysis (Tables 2, 3) enables to conclude about significant energy cost when implementing asymmetric crypto-code systems in the protocols of communication systems and technologies, which greatly complicates their use. To eliminate the disadvantage, it is proposed to use the modified asymmetric crypto-code schemes based on the usage of error-correcting code, which provides decrease of energy costs and users key data volumes by storage of information about coefficients of an elliptic curve in an affine space to build the corresponding matrices (private and public keys).

The dependence of the code sequence length in the McEliece ACCS and modified ACCS on

the number of CPU cycles

Code sequence length McEliece on shortened codes McEliece

The number of function calls realizing elementary operations Symbol reading 10 294 397 28 750 457 76 759 874 11 018 042 30 800 328 80 859 933

String comparing 3 406 921 9 246 748 25 478 498 3 663 356 10 199 898 26 364 634

String concatenation 1 705 544 5 045 748 12 379 422 1 834 983 5 125 564 13 415 329

Sum 15 406 862 43 042 953 114 617 794 16 516 381 46 125 790 120 639 896

Duration of executing functions in processor cycles * Symbol reading 295 374 810 478 2 001167 297 487 831 609 2 183 218

String comparing 178 814 531 379 1 248 684 197 821 550 794 1 423 690

String concatenation 544 990 1 328 114 3 586 486 544 990 1 522 293 3 984 353

Sum 1 006 781 2 749 548 7 247 488 1 040 298 2 904 696 7591261

Duration of executing ** in msec 0.52 1.37 3.4 0.55 1.53 4

References