CONSTRUCTION OF HYBRID SECURITY SYSTEMS BASED ON THE CRYPTO- CODE STRUCTURES AND FLAWED CODES

4 propose a completely new approach to the formation of hybrid (integrated) cryptosystems, allowing us to build multichannel cryptosystems based on crypto-code structures with flawed codes (CCSFC) that ensure the required indicators of safety, reliability, and efficiency. The key feature of constructing the proposed structures is the use of crypto-code systems (CCS), which provide integrated security (they make it possible to build asymmetric cryptosystems of provable stability), and reliability (they employ noise-resistant codes on elliptic curves). Performance efficiency (rate of transformations in CCS is comparable to the crypto-transformations of block symmetric ciphers) of the transmitted information, and the use of flawed codes make it possible to to reduce the power of the CCS alphabet, without compromising crypto stability that expands the scope of their use in many applied applications.

propose a completely new approach to the formation of hybrid (integrated) cryptosystems, allowing us to build multichannel cryptosystems based on crypto-code structures with flawed codes (CCSFC) that ensure the required indicators of safety, reliability, and efficiency.The key feature of constructing the proposed structures is the use of crypto-code systems (CCS), which provide integrated security (they make it possible to build asymmetric cryptosystems of provable stability), and reliability (they employ noise-resistant codes on elliptic curves).Performance efficiency (rate of transformations in CCS is comparable to the crypto-transformations of block symmetric ciphers) of the transmitted information, and the use of flawed codes make it possible to to reduce the power of the CCS alphabet, without compromising crypto stability that expands the scope of their use in many applied applications.

Literature review and problem statement
Development of computing equipment and communication technologies make it possible to create elements of IES based on the services provided by the global Internet technologies, further development of remote access technologies, and the informatization of educational processes and services.This has led to the fact that more and more components and technologies of CES, its software applications and

Introduction
The evolutionary development of the global Internet computer network based on open protocols and interconnection models of open systems, rapid development of informational, communication, computer, collaborative technologies have led to the creation of new patterns in the functioning of educational organizations in the world, transition to control systems with a critical cybernetic infrastructure (SCCI) [1][2][3][4][5][6][7][8].Further informatization of corporate educational systems (CES), development of remote access to information assets based on the intensive development of information and computing networks (ICS) of educational institutions creates on their basis the informational educational systems (IES).The negative aspect, however, is the reduction in the level of literacy of users, significant growth of cybercrimes in recent months, using social networks in IES, modernization of the old, and the emergence of new, cyberattacks leads to the aggravation of problems that are related to data protection and security of information assets of SCCI [9,10].In this regard, one of the most relevant tasks facing developers and users of IES is the full -scale solution to the problem of information securityfrom envisaging the strategy, policy and standards of information security in IES all the way to developing specific technologies, as well as procedures to ensure information security [1].For this purpose, authors of the present work

Рассматриваются принципы построения крипто-кодовых конструкций на алгеброгеометрических (эллиптических) кодах, многоканальных криптосистем на основе ущербных кодов. Предлагаются гибридные крипто-кодовые конструкции на ущербных кодах, алгоритмы формирования и расшифрования криптограммы в гибридных криптосистемах на основе крипто-кодовых систем Мак-Элиса с ущербными кодами. Обосновывается эффективность и стойкость предложенных гибридных конструкций на основе оценки энергозатрат и предложенной методики оценки стойкости Ключевые слова: гибридные криптосистемы, несимметричная крипто-кодовая конструкция, алгеброгеометрические коды, ущербные коды
tools, e-courses and educational modules, data in the distributed databases become available to more users who are geographically dispersed.This creates considerable advantages and benefits in their work and makes it possible to consider IES as a system with critical cybernetic infrastructure objects [10,11].In article [7], authors address issues on providing an access to information assets of CES through a remote connection, which is one of the most promising directions in the development of information systems.In addition to the benefits attained from the mobilization of IES users, the problematic areas are also evidentfirst of all, this relates to the security of data that are available at remote access.An integral part of CES (IES) of educational institutions is social networks whose portals contain personal data from millions of users, thereby representing huge online directories that are available to everyone at will [5].Modern university stores and processes a huge amount of various data related not only to supporting the educational process, but also to scientific research as well as design and engineering, personal data on students and staff, service, commercial and other confidential information [6].The conceptual strategy, however, policies and procedures that would ensure safety of information assets, utilized and stored in IES, are lacking at the legislative level.In paper [1], authors systematized the concepts of policies, standards, technologies, and procedures of information security (IS) of CES, as well as proposed methods for ensuring IS based on the construction of virtual private networks -VPN-networks.In [4], authors dealt with the concept of integrated protection of network resources of IES based on a three-level process-service model of IS control system.In article [9], authors propose a synergistic approach to the model of safety assessment of IES and proposed a procedure for the construction of a modified system for electronic document management at a university on the basis of electronic digital signature in line with the Х.509 standard.An analysis of protection tools, performed in [4], revealed that modern information-computing networks (ICN) are still dominated by the traditions of using standard hardware and software tools to protect information, which practically exhausted their potential in terms of the neutralization of possible informational threats.
Under such circumstances, one of the promising directions to provide security of the information flows (SFI), utilized in IES, might prove to be creation of a system of integrated protection of network resources based on the asymmetric crypto-code systems (ACCS).Their application makes it possible to ensure with one integrated mechanism the required levels of reliability indicators, security and efficiency in the processing and transmission of confidential information using open channels of the global Internet (GIN).
Contemporary developers of communication technologies have to simultaneously resolve multiple tasks and to provide not only the safety of the information transmitted, but also the efficiency of transferring large amounts of data.In article [12], authors propose employing the McEliece cryptosystem in the Sequitur software, which makes it possible to integrally solve the tasks on performance efficiency and security when transmitting confidential information.In paper [13], authors use the McEliece cryptosystem as a mechanism to ensure integrity in the stegasystems, which enables storing in a MPEG Layer III or an MP3 file performer's information, a song lyric, and its performance.The cryptosystem is applied to store both personal (private) and open key in the tag format ID3v2.In papers [14,15], au-thors propose using the McEliece cryptosystem for solving the tasks on authentication and the formation of a digital signature based on algebraic coding theory, as well as for transmitting confidential (medical) information.Authors of article [16] propose employing the McEliece cryptosystem in the software Secure Key Management (SKM, a framework with a high degree of scalability relative to memory) to generate the key sequences and their allocation.
In paper [17], authors examined basic principles and a formal notation of the mathematical model for a modified asymmetric crypto-code system based on the McEliece theoretical-code scheme (TCS) on the modified (cropped) elliptic codes that make it possible to provide integrated reliability indicators required for information secrecy and efficiency when transmitting data in communication systems.
In article [18], new approaches are considered to breaking the McEliece cryptosystem based on randomized concatenated codes.Development of hybrid cryptosystems based on the modified asymmetric crypto-code constructions of McEliece on flawed codes is a promising direction in solving the given scientific and technical task.

The aim and objectives of the study
The goal of present work is to develop a hierarchical structure of the control systems with a critical cybernetic infrastructure, to analyze principles of the construction of crypto-code structures, systems of multichannel cryptography on flawed codes, to design hybrid cryptosystems based on the modified asymmetric crypto-code constructions by McEliece on flawed codes, to devise a procedure for the estimation of stability of the proposed hybrid cryptosystems based on an entropy method.
To accomplish the goal, the following tasks should be considered: -to perform an analysis of control systems with a critical cybernetic infrastructure and to develop a hierarchical structure of the critical infrastructure of a state metasystem on example of Ukraine; -to analyze the principles of formation of the McEliece modified asymmetric crypto-code systems (MACCS) on algebraic geometric codes, as well as multichannel systems on flawed codes, the principles of their construction; -to design a hybrid cryptosystem based on the McEliece MACCS on flawed codes (HCCSFC) and basic algorithms for the crypto-transformations in HCCSFC; -to analyze the cost of software implementation of the hybrid cryptosystem on the crypto-code construction with flawed codes; -to devise a procedure for the estimation of stability of the proposed cryptosystem based on an entropy method.

Analysis of systems with a critical cybernetic structure
An analysis of the main provisions of the systems with a critical cybernetic structure, conducted in articles [10,11], allows us to use the basic concepts, proposed by the authors, related to the formation of a hierarchical structure of the critical infrastructure of a state metasystem: Critical infrastructure (CI) of the system, network, and/ or individual objects, the purposeful or incidental failure of which may potentially lead to irreparable consequences for the sustainable development of economy and political processes in the state, social well-being, and health of the population.
System with a critical cybernetic infrastructure (SCCI) is a set of interrelated elements combined into a whole, correct functioning and interaction of which significantly affects the cybernetic safety of the state over a specific time interval.
Object with a critical cybernetic infrastructure (OCCI) is an element of SCCI, the cybernetic influence on which leads to a decrease in the level of its cybernetic protection against cyber threats.
On the basis of the attributive approach proposed in paper [11], we propose a hierarchical structure of the critical infrastructure of a state metasystem on example of Ukraine is shown in Fig. 1.A distinctive feature of the proposed approach is the inclusion in OCCI of the elements of e-education system (IES, CES).Such an approach allows timely development of mechanisms to ensure security of the information utilized by IES (CES).As well as provide the required level of service quality to the users of IES (CES) in the course of further informatization of the system's elements.

SECTOR OF CRITICAL INFRASTRUCTURE
Critical infrastructure -systems, networks, and(or) individual objects, the purposeful or incidental failure of which may potentially lead to irreparable consequences for the sustainable development of economy and political processes in the state, social well-being and health of the population.

Banks and finances
Level II

Level III
Object with a critical cybernetic infrastructure -an element of the system with a critical cybernetic infrastructure, the cybernetic influence on which leads to a decrease in the level of its cybernetic protection against cyber threats  In this case, a metasystem of the critical infrastructure of a state (MCIS) refers to a system of strategic scale, representing a large number of diverse elements, combined within a framework of a unified critical cybernetic architecture into a united system.MCIS possesses synergy and has a common emergent property (purpose, function), different from the properties of individual elements of the entire totality [11].
Thus, based on the conducted analysis [1][2][3][4]11] and the proposed hierarchical critical infrastructure metasystem on example of Ukraine, further development of the services and functions of IES (CES) on the basis of informatization of education services and further implementation of the functions of remote access, it is suggested that IES be considered a system with the SCCI objects.

Basic principles for building the crypto-code constructions
We shall examine a general structure of the crypto-code systems.We shall define a finite field GF(q), vector space GF n (q) as a set of n-sequences of elements from GF(q) with a component by component addition and multiplication by a scalar.Linear (n, k, d) code C is the subspace in GF n (q), that is, a non-empty set of n-sequences (codewords) over GF(q), k is the dimensionality of linear subspaces, d is the minimal code distance (minimal weight of a non-zero codeword).
The main objective of encoding an information is to control (detect and correct) the errors that appeared when sending a message along a channel with noise.In order to control the errors, an encoder contributes redundancy (verification part of length r, r=n-k) to the transmitted data.
The problem of decoding can be efficiently solved (with a polynomial complexity) to a narrow class of codes, for ex-ample, noise-resistant codes of Bose-Chowdhury-Hocquingham (BCH) and the Reed-Solomon codes.One of the most efficient algorithms for algebraic decoding of the BCH codes is the Berlekamp-Massey algorithm and its modifications (improvements).The Berlekamp-Massey algorithm contains the number of implementation of multiplications of the order of t 2 or, formally, the complexity of algorithm O(t 2 ), where t the correcting ability of the code, t=ë(d-1)/2û.For a large t, there is the accelerated Berlekamp-Massey algorithm used, which makes it possible to reduce computational complexity of the algorithm.Even more effective, in terms of computational complexity, is the recurrent Berlekamp-Massey algorithm [24][25][26][27][28].
Asymptotic complexity of decoding the Reed-Solomon codes in this case does not exceed the magnitude O(nlog 2 n), and it is very close to the magnitude O(nlogn).
Decoding an arbitrary linear code (code of general position) is a very complicated computational task with the difficulty of solving it growing exponentially.Thus, for the correlation decoding of an arbitrary (n, k, d) code over GF(q), it is required, in a general case, to compare the accepted sequence with all q k codewords and to choose the nearest (in the Hamming metric).Even for small n, k, d, and q, a problem of correlation decoding is rather labor-consuming.This position underlies all cryptosystems on the algebraic block codes.Masking a code with a fast decoding algorithm (polynomial complexity) for an arbitrary (random) linear code, it is possible to represent a problem of decoding for an outsider observer (possible attacker) as a computationally complex task (of exponential complexity).For the authorized user of the cryptosystem (the one possessing the secret key), decoding is the polynomially solvable task.However, in article [29], authors report algorithms for hacking the McEliece and Niederreiter ACCS by finding elements of the generating (check) matrix.
General classification of the crypto-code systems (ACCS) and the security services, provided by them, is shown in Fig. 2.

. General classification of the crypto-code systems
One of the promising directions in the development of algebraic theory of codes are the algebraic geometric methods of encoding.Nonbinary algebraic block codes built on the algebraic curves (algebraic geometric codes) possess good asymptotic properties.It is proved that at great length these codes lie above the Varshamov-Gilbert boundary [24][25][26][27][28].
Fix a finite field GF(q).Let X be a smooth projective algebraic curve in projective space P n over GF(q), g=g(X) is the genus of the curve, X(GF(q)) is the set of its points over a finite field, N=X(GF(q)) is their number.Let C be the class of divisors on X degree a>g-1.Then C determines mapping j: XP k-1 , where k³a-g+1.Set y i =j(x i ) assigns the code.The number of points in the intersection j(X) with a hyperplane equals a, that is, n-d£a.This construction allows us to build codes with parameters k+d³n-g+1, whose length n is less than or equal to the number of points on the X curve.At 2g<a£n, algebraic geometric code has parameters (n, a-g+1, d), d³n-a.Its dual code is also algebraic geometric, and has parameters (n, n-a+g-1, d ^), d ^³a-2g+2.Structural characteristics of the elliptic codes, constructed through representation of the form j: ECP k-1 over GF(q), q=2 m , 2,6, = m are given in Table 1.
Table 1 Structural code characteristics of the elliptic codes, constructed through representation j: ECpk -1 over GF(q), q=2m, 4) GF( 8) GF( 16) GF( 32) GF( 64 We shall give the following definition to an algebraic geometric code: Definition 1 [17].Let X be a smooth projective algebraic curve in projective space P n , that is, a totality of solutions to the homogeneous unreduced algebraic equation of degree degX with coefficients from GF(q).Consider the manifolds corresponding to projective hyperplanes assigned in P n by equations F=0, where F are the homogeneous monomials of degree degF.Let I(i 1 , i 2 ,…, i n ) be the informational sequence.Algebraic geometric code along the X curve over GF(q) is a linear code of length n£N, whose codewords C(с 1 , с 2 , …, с n ) are assigned by equality 1 0 ( ) , This definition is equivalent to the matrix representation of algebraic geometric code: where G is the generating matrix of dimension k´n, k= =a-g+1, a=degX´degF.
( ) Definition 2 [17].An elliptic curve (EC) in the affine space A 2 over field GF(q) is a smooth curve given by equation or in P 2 given by homogeneous equation y 2 z+a 1 xyz+a 3 yz 2 =x 3 +a 2 x 2 z+a 4 xz+a 6 z 3 , a i ÎGF(q), the genus of the curve g=1.
Definition 3 [17].Let X be a smooth projective algebraic curve in P n , that is, a totality of the solutions to a homogeneous unreduced algebraic equation of degree degX with coefficients from GF(q), F are the homogeneous monomials of degree degF.Algebraic geometric code along the X curve over GF(q) is a linear code, consisting of all words (с 1 , с 2 , …, с n ) of length n£N, for which equality d+g-1 of equations holds This definition is equivalent to the matrix representation of algebraic geometric code: where H is the test code matrix of dimension r´n, r= =n-k=d+g-2 ( )  [17].Elliptical (n, k, d) code over GF(q), constructed through representation of the form j: ECP r-1 is bound by characteristics k+d³n; in this case: 2 1, £ + + n q q k³n-a, d³a, a=3´degF.
Definitions 1, 2 and the result of assertion 1 make it possible to set the McElice theoretical-code scheme on the basis of the elliptic codes in the following way.Let G EC be a generating matrix of elliptical (n, k, d) code over GF(q) of the form ( ) and a dimension of k´n, k=a, a=3´degF.
Let X be a nondegenerate k´k-matrix over GF(q), D is the diagonal matrix with elements that are non-zero along the diagonal, P is the permutation matrix of dimension n´n.We shall determine the asymmetric McEliece crypto-code system with an elliptical code [22]: public keymatrix secret (closed) keymatrices X, P, and D.
Closed information (a codogram) is a vector of length n and is calculated by rule where vector = ⋅ EC X X c i G belongs to elliptical (n, k, d) code with generative matrix EC X G , i is the k-digit information vector, vector e is the secret weight error vector £t.
In order to assign the asymmetric Niederreiter scheme on elliptic codes, we shall refer to a different definition of the algebraic geometric code.
Definition 4 [20].Let X be a smooth projective algebraic curve in P n , that is, a totality of the solutions of a homogeneous unreduced algebraic equation of degree degX with coefficients from GF(q), F are the homogeneous monomials of degree degF.Algebraic geometric code along the X curve over GF(q) is a linear code, consisting of all words (с 1 , с 2 , …, с n ) of length n£N, for which equality d+g-1 of the equations holds This definition is equivalent to the matrix representation of algebraic geometric code: where H is the test code matrix of dimension r´n, r= =n-k=d+g-2 ( ) Definition 4 and result of assertion 2 allow us to determine the theoretical-code Niederreiter scheme on the basis of elliptic codes in the following way.Let Н EC be a test matrix of elliptic (n, k, d) code over GF(q) of the form ( ) Let X be a nondegenerate k´k-matrix over GF(q), D is the diagonal matrix with nonzero diagonal elements, P is the permutation matrix of dimension n´n.We shall determine the asymmetric Niederreiter scheme with elliptical code [23]: - X Н P D secret (closed) keymatrices X, P and D. Closed information (a codogram) is a vector of length n and it is calculated by rule where vector e is the vector of length n and weight £t, which carries confidential information (informational message subject to be closed).
Proven assertions 1, 2 and the proposed theoretical-code scheme with elliptic codes allow us to create codograms by a nonsymmetrical algorithm, that is, to use a public key for the exchange of closed information.
Nevertheless, an analysis conducted in [17,21] of the software implementation of an asymmetric crypto-code system on the theoretical-code scheme (TCS) by McEliece and Niederreiter revealed considerable complexities in the software implementation, which significantly complicates the application of ACCS in the GIN open systems protocols.Dependence of group operations of the ACCS implementation on field power is given in Table 2.
In order to reduce energy consumption for the crypto-transformations into the McEliece ACCS, authors ofn paper [17] propose to use the modified ACCS (MCCS) on the modified ASC on EC.The easiest and most convenient way of modifying a linear block code, not reducing the minimal code distance, is to shorten its length by reducing informational symbols.Let I=(I 1 , I 2 , …, I k ) be the information vector (n, k, d) of a block code.Choose subset h of informational symbols, |h|=x, x≤1/2k.Put zeroes into information vector I in the subset h, that is, I i =0, I i Îh.We shall place informational symbols on the remaining positions in vector I.When encoding an information vector, the symbols of set h are not involved (they are zero) and can be discarded, while the resulting codeword will be shorter by x code symbols.To modify (truncate) elliptic codes, we shall use a reduced set of points of the curve.The following assertion is true.
Assertion 3. Let EC be an elliptic curve over GF(q), g=g(EC) is the curve genus, EC(GF(q)) is the set of its points over a finite field, N=EC(GF(q)) is their number.Let X and h be the disjoint subsets of points, XÈh=EC(GF(q)), |h|=x.Then the truncated elliptical (n, k, d) code over GF(q), constructed through representation of the form j: XP k-1 , is bound by characteristics k+d³n; in this case: Assertion 4. Truncated elliptical (n, k, d) code over GF(q), constructed through representation of the form j: XP r-1 , is bound by characteristics k+d³n; in this case: Using the result of assertions 3, 4, we shall assign a theoretical-code scheme on the modified elliptical codes, constructed through representation of the form j: XP k-1 and j: XP r-1 .The following assertions are true.
Assertion 5. Truncated elliptical (n, k, d) code over GF (2 m ), constructed through representation of the form j: XP k-1 , determines a modified theoretical-code scheme with the following parameters: ( ) (2 m ), constructed through representation of the form j: XP r-1 , determines a modified theoretical-code scheme with the following parameters: -dimensionality of the secret key is given by expression ( ) -dimensionality of the informational vector (in bits): ( ) -dimensionality of the codogram is determined by expression ( ) -relative transmission rate: Article [17] gave a formal description of the modified asymmetric crypto-code information protection system based on the use of methods of modification and practical algorithms for the formation of codograms and their decoding in the McEliece MACCS.
To further reduce the cost of software implementation, authors of the paper propose employing flawed codes in the McEliece MACCS.
The second technique for the modification of a linear block code that maintains minimal code distance and increases the amount of transmitted data implies extending its length after the formation of an initialization vector, by reducing the informational symbols.Let I=(I 1 , I 2 ,…, I k ) be the informational vector (n, k, d) of a block code.Choose subset h of informational symbols, |h|=x, x≤1/2k and generate an initialization vector.Put in informational vector I in the subset h zeros, that is, I i =0, I i Îh.We shall put informational symbols in the remaining positions of vector I. Next, we add informational symbols to the positions of initialization vector.For the modification (extending) of elliptic codes, we shall use a reduced set of points of the curve.The following assertion is true.
Assertion 7. Let EC be an elliptic curve over GF(q), g=g(EC) is the curve genus, EC(GF(q)) is the set of its points over a finite field, N=EC(GF(q)) is their number.Fix a subset h 1 Íh, |h 1 |=x 1 .Let the elliptical (n, k, d) code over GF(q) be assigned, constructed through representation of the form j: XP k-1 .Then parameters of the elliptic code, extended by x 1 symbols from GF(q), constructed through representation of the form j: (XÈh 1 )P k-1 , 1 2 1 = + + − + n q q x x will be bound by relations: k³a-x+x 1 , d³n-a, a=3´degF.
Proof.If x 1 <x, then extending the code by x 1 is equivalent to the truncation of source code by x-x 1 .Substituting these parameters in expression 1 2 1 , = + + − + n q q x x we shall obtain the result of corollary 7.
Corollary 1.If one knows the shape of elliptical curve (set a 1 …a 6 , a i ÎGF(q)), then subsets h and h 1 completely determine the modified elliptical (n, k, d) codes over GF(q), constructed through representation of the form: j: XP k-1 and j:(XÈh 1 )P k-1 .
Proof.Set of coefficients a 1 …a 6 , a i ÎGF(q) unambiguously assigns the shape of elliptic curve and, consequently, the set of its points EC(GF(q)).Employing representation of the form j: ECP М and results of assertions 1, 2, we shall construct elliptical (n, k, d) code over GF(q).If one knows the symbols of extension, then we shall construct extended codes.
According to assertion 7, these are the symbols of set h 1 , which completely determine the modified elliptical (n, k, d) code over GF(q).Assertion 8. Fix a subset h 1 Íh, |h 1 |=x 1 .Assume that the elliptical (n, k, d) code over GF(q) is assigned, constructed through representation of the form j: XP r-1 .Then parameters of the elliptic code, extended by x 1 symbols from GF(q), constructed through representation of the form j: (XÈh 1 )P r-1 , will be bound by relations: x x k³n-a, d³a, a=3´degF.Corollary 2. If one knows the shape of an elliptic curve (set a 1 …a 6 , a i ÎGF(q)), then subsets h and h 1 completely determine the modified elliptical (n, k, d) codes over GF(q), constructed through representation of the form: j: XP r-1 and j: (XÈh 1 )P r-1 .
Proof.Set of coefficients a 1 …a 6 , a i ÎGF(q) unambiguously assigns the shape of elliptic curve and, consequently, the set of its points EC(GF(q)).Applying representation of the form j: ECP М and results of assertions 1, 2, we shall construct elliptical (n, k, d) code over GF(q).If one knows the symbols of extension, then we shall construct extended codes.According to assertion 8, these are the symbols of sets h and h 1 , which completely determine the modified elliptical (n, k, d) code over GF(q).
Results of assertions 7, 8 and their corollaries allow us to construct modified (extended within 2 1 £ + + n q q ) elliptical (n, k, d) codes over GF(q).Thus, the proposed crypto-code constructions make it possible to build asymmetric cryptosystems (of provable stability) that comprehensively (applying one mechanism) provide the speed of crypto/code-transformations at the BSE level and the required confidence level (P err 10 -9 -10 -12 ).

Basic principles for the construction of cryptosystems on flawed codes
In articles [30,31], authors considered theoretical and practical fundamentals for the construction of flawed codes.

A flawed text is understood to be a text obtained by further deformation of the non-redundant letter codes.
Thus, the necessary and sufficient condition for the flawed text with its meaning lost is a reduction in the lengths of text character codes outside of their redundancy.Consequently, a flawed text is of length that is less than the length of the original text, and it has no meaning of the original text [30].
Theoretical basis for constructing flawed texts is the removal of the orderliness of the original text characters and, consequently, a reduction in the redundancy of language symbols in the flawed text.
In this case, amount of information indicating this orderliness will be equal to a reduction in entropy of the text as compared to the maximally possible magnitude of entropy, that is, equiprobable appearance of any letter after any previous letter.Methods for computing the information, proposed in paper [32], make it possible to identify a ratio of predictable (that is, generated according to certain rules) information and the quantity of the unexpected information that cannot be predicted in advance.
Text redundancy will be calculated from formula where M is the original text; B is the language redundancy ( , = − B R r R is the absolute entropy of a language ( log , = R N N is the alphabet power, r is the entropy of language per one character, ( ) / , = r H M L L is the length of message M in language characters); H(M) is the entropy (uncertainty) of the message; L 0 is the length of message M in language characters with a meaning; B A is the language redundancy.
In order to obtain a flawed text (FTC) and a damage (DCH), a "perfect" compression method is used after performing m cycles of damaging mechanism C m [30,31].
The number of cycles required to minimize the length of the original text is equal to: log , log where n is the representation power of the original text character; B A is the language redundancy; η is the number of times the length of the original text in MV2 is reduced in each step (a certain constant coefficient).
A quantitative measure of the effectiveness of damage is the degree of destruction of the meaning, equal to the difference in entropies of the flawed text and the original text in different intervals of length of the flawed text: where М i is part of the original text, corresponding to the i-th interval, р i is its probability, L 0 is the length М i equal to length of L FTC of the flawed text, s is the number of intervals.
For an ergodic source of characters for the original text:  A universal mechanism for causing damage C m can be described [30,31]:

Ciphertext of the flawed text
To restore the original sequence, it is not required to know the intermediate flawed sequences.One only needs to know the latest flawed sequence (the resulting flawed text after performing all cycles) and all damages with the rules that caused them.
The main techniques for causing damage are shown in Fig. 4; Fig. 5 exhibits main protocols for providing security services based on the use of flawed codes.
Cryptographic flawed texts are the texts obtained by the following ways [30]: -causing damage to the original text with subsequent encryption of the flawed text and/or its damages; -causing damage to a ciphertext; -causing damage to the ciphertext of a flawed text and/ or to the ciphertext of damages.
The main advantage in the proposed techniques and protocols for providing security services based on the use of flawed codes is not the application of BSE but the Distance of singularity for the model of a random cipher, for which there is a probability of obtaining a meaningful text at random and equiprobable selection of key K and while attempting to decrypt the ciphertext at 2 ( ) 1; where B is the redundancy of the original text; H is the entropy per a letter of meaningful text in the input alphabet I, |I|>2, 2 HL is the approximated value of the number of meaningful texts.
In articles [30,31], a cyclic algorithm for obtaining the flawed texts refers to the universal mechanism of causing damage (C m , where m is the number of cycles), which implies a random replacement of the bit representation of each character of the original text with a tuple of a smaller or equal number of bits with their subsequent concatenation.Fig. 6 shows a universal mechanism of causing damage (algorithm MV2 (formation of a flawed text)).
Domain of transformation determination in the MV2 algorithmthe set {0, 1} nis considered to be the alphabet power of certain family of original texts, which are associat-ed with a certain probability distribution of the letters of the given alphabet, while the characters of the original text are the value of a discrete random element [24].
Let X be a random discrete element that takes values with probabilities p i and ( ) T c f F is the arbitrary fixed transformation MV2.Then for any 1 − Î r n y U (a certain binary line from a set of variable-length strings) and for any 1£ £ i y, the following holds: Then, regardless of the probability distribution of random element X, for the entropies of random elements FTC/ FT CH (flawed ciphertext) and CHD (damage), the following equalities hold: − + £ H n r CHD Thus, under uniform distribution of inputs (flags) of the algorithm MV2, a uniform distribution of the output (remainder) forms:

FTC FT P c k
Generation of random order of alphabet characters from 0 to (2 n ) -1

Input r, n
Determining the values of replacement symbols in line with replacement table

Symbol
Length of remainder Fig. 6.Universal mechanism for causing damage (algorithm MV2) An analysis that we performed on the techniques of causing damage revealed that in order to use in IES, the most appropriate one is the first technique -causing damage with subsequent crypto-transformation, which makes it possible to reduce the alphabet power in the formation of a cryptogram in the McEliece MCCS.The distance of singularity for the given method (expression 1) will be transformed to: Such a system is based on the permanent distortion of damage and ensuring stability due to the subsequent use of the encryption based on MCCS.This leads to the impossibility to learn the ciphertext of the flawed text.
Thus, the analysis we performed of the basic principles for the construction of the McEliece MCCS and the multichannel cryptography systems on flawed codes allows us to design hybrid cryptosystems based on the modified asymmetric McEliece crypto-code systems and multichan-nel cryptography systems on flawed codes.A distinctive difference from the "classical" approach to the formation of a hybrid cryptosystem is the exploitation of asymmetric crypto-code constructions (that relate to secret models with provable stability) with fast crypto-transformations (a rate of transformation is comparable to the crypto-transformations in block-symmetric cipher (BSC) as a key mechanism for ensuring stability (safety) of information with subsequent application of the algorithm MV2 (a system on flawed codes) in order to reduce energy consumption (alphabet power of the McEliece MACCS) with the subsequent transmission along one or several channels.shall consider practical algorithms for the formation of a cryptogram and decryption in the proposed hybrid cryptosystem.

Practical algorithms for the formation and decryption of a cryptogram in hybrid cryptosystems
If the original text had a certain meaning, then, for such a system, flawed texts when using a brute force method over the entire field of encryption keys and key of damage have the only meaningful text equivalent to the original, provided that the length of the ciphertext exceeds the distance of singularity [30].Fig. 9 shows the decryption/decoding algorithm of a cryptogram in the proposed hybrid cryptosystem.
The algorithms proposed for the hybrid cryptosystem make it possible, when hiding the flawed ciphertext СFТ/ CH FT , to improve entropy of the public key: In the case of additional hiding of the last ciphertext of damage СНD/CH D due to its smallness and proportionality with the flawed text ciphertext СFТ/CH FT , the distance of singularity can be further extended: Thus, a multichannel cryptography based on flawed codes makes it possible to integrate cryptographic systems, combining within the framework of one concept the crypto-code constructions (the McEliece MACCS) and the systems on flawed codes, which, by complementing each other, will ensure the required safety and reliability parameters, as well as enrich the resulting system with their properties.Х -non-degenerate k×k matrix over GF(q), Р -permutational n×n matrix over GF(q), D -diagonal n×n matrix over GF(q), G EC -generating k×n matrix of elliptical code over GF(q), a i -set of coefficients of the polynomial of curve a 1 … a

Discussion of the research results
The hybrid crypto-code constructions on flawed codes, proposed in the present work, make it possible to obtain maximum quantity of the emergent properties at minimal resource cost, aimed at triggering in the system a synergistic effect of security provision.The main difference between the proposed HCCSFC and the "classical" hybrid cryptosystem is not the application of BSC (a temporary stable model) as the basic mechanism for encryption, but rather the asymmetric cryptosystem (a model of provable stability) based on the McEliece MACCS.Thus, it is possible to ensure a provable resistance at the encryption rate comparable to the crypto-transformations in BSC, with integrated reliability enabled through the use of interference-resistant codes on elliptic curves.To reduce energy consumption, the algorithm MV2 is employed, which provides for an increase in the entropy of a ciphertext and makes it possible to transmit a message along one channel (a damage vector can be used in the McEliece MCCS as an error vector e), or along two independent channels.Therefore, the application of the algorithm MV2 improves crypto resistance of the system, it makes it possible to "reduce" the alphabet power (di- Removal of diagonal and permutational matrices ( ) ( ) Adding zero symbols of initialization vector Decoding the vector by the Berlekamp-Massey algorithm.Formation of vector i *

Symbol
Length of the remainder Х -non-degenerate k×k matrix over GF(q), Р -permutational n×n matrix over GF(q), D -diagonal n×n matrix over GF(q), G EC -generating k×n matrix of elliptical code over GF(q), a i -set of coefficients of the polynomial of curve a 1 … a 6 , IV -initialization vector, IV= |h| =½ k -reduction elements We shall estimate energy cost and stability of the proposed HCCSFC.
Estimation of energy cost for the software implementation of the proposed hybrid cryptosystem.
In order to evaluate temporal and speed indicators, a cpb unit of measurement is typically applied, where cpb (cycles per byte) is the number of cycles of the processor required to spend to process 1 byte of incoming information.
The algorithm complexity will be to computed from expression where Utl is the processor's core utilization (%); Rate is the algorithm throughput (byte/sec).
Table 3 gives results of examining a dependence of the length of code sequence of the algebraic geometric code in the McEliece MACCS on the number of processor cycles to perform elementary operations in the software implementation of crypto-code systems.
Table 4 gives results of the study into dependence of length of the input sequence on the algorithm MV2 on the number of processor cycles to perform elementary operations in the software implementation.
Table 5 gives research results of the estimation of temporal and speed parameters of the procedures to form and decode information in the asymmetric crypto-code systems based on the McEliece TCS.Notes: * -duration of 1000 operations in processor cycles: symbol readout -27 cycles, string comparison -54 cycles, string concatenation -297 cycles; ** -in the calculation we used processor with a clock frequency of 2 GHz, taking into account loading the operating system by 5 % 4. Actual ciphers differ from the ideal in that the entropy of the cryptogram created by them will not be maximal.However, it is clear that in the course of processing the incoming message entropy will increase.
5. We shall compute the cryptogram entropy in the way similar to the incoming message: ( ) Magnitude d characterizes the degree of disorderliness of the flawed text characters compared to the orderliness of the original text [24].
This contribution may consist of various componentsthe entropy of key, the entropy of replacement blocks and entropy of the MV2-trasformation: By changing encryption keys, replacement blocks, number of cycles, etc., it is possible to investigate their influence on the resulting ciphertext entropy and thus establish its optimal structure and components.
The best cipher (in terms of entropy) will be considered the one whose entropy H Cypher is maximal.This is consistent with the notion of a cipher as the ideal oracle, which should match each open message to a random number.The closer the resulting encrypted cryptogram to the random number (a maximum of entropy, which in this case is determined by the Hartley formula), the higher resistance of the crypto algorithm.7. The measure of difference between the examined cipher and the ideal can also be expressed using the entropy.The bigger the difference: the less resistant is the examined crypto algorithm.Thus, the basic steps in the procedure for the estimation of crypto stability based on the entropy randomness evaluation method are: Stage 1. Calculation of entropy of the input information vector (expression 8).
Stage 2. Calculation of entropy of the cryptogram (expression 10).
Stage 3. Calculation of the extent of disorderliness in the flawed text characters compared to the orderliness of the original text (expressions 11, 12).
Stage 4. Estimation of stability of the cryptosystem (expression 13).
The given approach to the estimation of resistance is the most applicable to the developed hybrid cryptosystem on the McEliece MACCS on flawed codes.

Conclusions
1. We performed an analysis of the development of services and functionality of IES (CES), which revealed that such systems should regarded as OCCI that form part of MCIS.With the growth of informatization and further development of remote access to sociosystems and CES, a relevant issue is to provide security and reliability in order to ensure the required level of quality service for the IES users.
2. We analyzed a general structure for building the asymmetric crypto-code constructions based on the McEliece TCS, which comprehensively (employing one mechanism) provide the required indicators of reliability, efficiency, and security of data.A major shortcoming of ACCS is a large amount of key data that narrows the scope of their application in various areas of communications systems.In order to ensure the required parameters of stability, it is required to use the alphabet power over GF (2 13 ).Application of the modified (truncated/extended) elliptical codes makes it possible to reduce the volume of key data, while maintaining the requirements to the ACCS crypto resistance.The data conversion performance efficiency estimation is comparable to the rate of crypto-transformations in modern BSE; in this case, crypto resistance is provided at the level of the NP-problemdecoding a random code.
3. The employment of the algorithm MV2 of the systems on flawed codes improves crypto stability of the proposed hybrid system, and makes it possible to "reduce" the alphabet power (dimensionality of field GF(2 6 -2 8 ) for the construction of the McEliece MCCS) without compromising reliability of the system as a whole.
The given approach allows constructing hybrid cryptosystems whose main feature is a new approach to their formationthe asymmetric cryptosystems based on MACCS are used for encryption, while in order to improve resistance, the multichannel systems on flawed codes are employed.To assess their stability, we propose in the present work to use a technique based on the entropy assessment method that makes it possible to estimate total resistance of a hybrid cryptosystem.
4. Transmission of confidential data and key sequences of standard encryption algorithms in IES on the basis of the proposed hybrid cryptosystem allows the use of open channels of GIN and CES.For the IES users, the required parameters of safety, reliability, and efficiency over the entire cycle of information processing are provided.

Fig. 3
Fig. 3 shows a block diagram of one step of the universal damaging mechanism.

Fig. 3 .
Fig. 3. Block diagram of one step of the universal mechanism for causing damage An informational nucleus of some text is understood to be a flawed text CFT, obtained by cyclic transformation of the universal mechanism for causing damage C m .A universal mechanism for causing damage C m can be described[30,31]: have two ciphertexts (damage (damage (СH D ) and the flawed text (FTC)), each of which makes no sense neither in the alphabet of the original text, nor in the ciphertext alphabet.Actually, a ciphertext of the original message (M) is represented as a totality of two flawed ciphertexts, each of which cannot recover the original text separately.

Fig. 4 .Fig. 5 .
Fig. 4. Basic techniques to cause damage text СFТ and damage СНD by the concatenation of the received flags f(x) i and remainder C(x) i Formation of flag and remainder C(x) by replacing symbols M i СFТ/ CH FTciphertext of flawed text СНD/CH Dciphertext of damage FТC/ FT CHdamaged ciphertext DСH/D CHdamage to ciphertext f(x)flag (damage) C(x)remainder (flawed code) 1< r < npositive integer nalphabet power

Fig. 7 ,
Fig. 7, 8 show the algorithm for the formation of a cryptogram/codogram in a hybrid cryptosystem.

Fig. 7 .
Fig. 7. Stages 1, 2 of the formation of a cryptogram in a hybrid cryptosystem based on the McEliece MACCS with flawed codes

Formation
of error vector e Formation of the flawed text СFТ and damage СНD by the concatenation of the obtained flags f(x) i and remainders C(x) i Formation of flag f(x) and remainder C(x) with the replacement of symbols M i Х, P, D, G EC ,

Fig. 10 .
Fig. 10.Algorithm for testing a hybrid cryptosystem in terms of resistance based on the entropy randomness assessment method

System with a critical cybernetic infrastructure -
a set of interrelated elements combined into a whole, correct functioning and interaction of which significantly affects the cybernetic safety of the state over a specific time interval.

Table 2
Dependence of software implementation on field power

Table 3
Results of examining a dependence of the length of code sequence of code in the McEliece ACCS and the modified ACCS on the number of processor cycles

Table 4
Results of the study into dependence of length of the input sequence on the algorithm MV2 on the number of processor cycles