DEVELOPMENT OF NIEDERREITER HYBRID CRYPTO-CODE STRUCTURE ON FLAWED CODES

The use of the Niederreiter modified crypto-code structure (MCCS) with additional initialization vectors (with many invalid positional vectors of the error vector and multiple positions of shortening the error vector) requires an increase in the speed of cryptographic transformation of the system as a whole. For this purpose, it is proposed to use flawed codes. Flawed codes allow you to increase the speed of code transformations by reducing the power of the field while damaging the plaintext and reducing the amount of data transferred by damaging the ciphertext. This approach allows the construction of hybrid crypto-code structures based on the synthesis of Niederreiter modified crypto-code structures on modified (shortened or extended) codes on elliptic curves with damaging procedures. A significant difference from classical hybrid (complex) cryptosystems is the use of asymmetric cryptosystems to ensure data security with fast crypto-transformation procedures (generation and decoding of a codogram). The paper discusses methods for constructing flawed codes and approaches for using the Niederreiter hybrid crypto-code structure on modified elliptic codes. Practical algorithms are proposed for using the MV2 damage mechanism in the Niederreiter crypto-code structure on modified elliptic codes, which makes it possible to implement a hybrid crypto-code structure. The results of a comparative assessment of energy consumption for the formation of an information package with various methods of damage, which determined the choice of damage method in practical algorithms. The conducted studies confirm the competitive efficiency of the proposed cryptosystem in Internet technologies and mobile networks, ensuring practical implementation on modern platforms and the necessary cryptographic strength under post-quantum cryptography


Introduction
Today, cybersecurity can be fully considered an important aspect of the activity of any society.With the rapid development of the information environment of the Internet, the complexity and laboriousness of the formation of information protection from unauthorized access, the growth of vulnerabilities of critical systems to hybrid cyberattacks is
In [8], an approach to using flawed codes in crypto-code systems was proposed.This approach allows building complex cryptosystems based on the synthesis of crypto-code structures (CCS) (a model of provable stability) and cryptosystems on flawed codes (multichannel cryptography).This approach allows reducing energy costs in the practical implementation of the Niederreiter CCS on the modified (MCCS) (shortened/elongated) elliptic codes (MEC) while maintaining the cryptographic resistance of the whole system.

Literature review and problem statement
In [8][9][10][11], approaches to ensuring security and speed of data processing were proposed, but special attention should be paid to crypto-code systems based on the McEliece and Niederreiter schemes, which are quantum-stable [12,13].
In [13], the McEliece-Niederreiter combined scheme was proposed; however, like the traditional Niederreiter scheme, the authors consider equilibrium coding in the Niederreiter scheme on binary codes, which does not allow building cryptosystems with the required level of cryptographic resistance.This is confirmed by the results of studies in [14].An additional complication in the form of using two schemes is a forced step towards the performance of the described construction, which resulted in a decrease in performance and an increase in energy intensity.
In [14], an attack on the McEliece and Niederreiter schemes based on linear-fractional transformations is shown, which allow us to find the generating (check) matrix and crack the cryptosystem.Therefore, a promising direction is the development of McEliece and Niederreiter schemes on algebraic geometric codes (codes based on elliptic curve parameters) or cascade codes.
In [15], the possibility of practical implementation of the Niederreiter asymmetric crypto-code system on elliptic codes was touched upon, but it requires an increase in the speed of crypto-transformations.
In [16,17], approaches to the implementation of McEliece CCS under post-quantum cryptography are proposed.
In [18], an approach to the implementation of the Niederreiter MCCS on MEC is proposed.However, the disadvantage is a slight reduction in energy consumption.
In [19,20], an equilibrium coding method based on m-th codes (Reed-Solomon codes) was proposed; however, the disadvantage is the lack of a practical algorithm for decoding the syndrome on the receiving side and the possibility of hacking based on an adjustable decoder.
In [21], the authors confirm the complexity of the practical implementation of the Niederreiter scheme and consider the possibility of using cryptosystems in VPN channels.
In [22], the authors propose to use Reed-Solomon (RS) codes when constructing an asymmetric crypto-code system based on the McEliece scheme.However, the authors do not take into account the possibility of hacking a cryptosystem based on linear fractional transformations.
In [23], the authors proposed to use the Niederreiter asymmetric crypto-code system on elliptic codes [23].This approach provides protection against possible attacks, and the required level of cryptographic strength.However, an unresolved issue is the difficulty of practical implementation with the required power of the GF(2 10 -2 13 ) field to ensure a guaranteed level of cryptographic strength.
The analysis [13][14][15][16][17][18][19][20][21][22][23] showed a significant interest in the practical implementation and use of McEliece and Niederreiter CCS in the context of post-quantum cryptography.However, the proposed versions of the Niederreiter cryptosystem on binary and non-binary block codes do not take into account the possibility of an attack based on fractional-linear transformations, which does not allow for the required level of stability of the proposed solutions.The proposed approach to reducing energy consumption during the implementation of McEliece CCS on flawed codes in [8] allows for the reduction of energy consumption and the required level of durability.Therefore, it is advisable to develop a Niederreiter CCS using flawed codes, which will reduce the power of the GF(2 4 ) field with a guaranteed level of strength and form the Niederreiter hybrid crypto-code structure (HCCS) on MEC.

The aim and objectives of the study
The aim of the study is to develop the Niederreiter hybrid crypto-code structure based on the analysis of methods of using flawed codes, practical encryption algorithms (codogram generation) and decryption (decoding codogram) on modified (shortened) elliptic codes.
To achieve this aim, the following objectives were considered: -to analyze the principles of formation of the Niederreiter MCCS on flawed codes, taking into account the regularity of the necessary fixation of positional vectors of the plaintext to form the error vector during equilibrium coding of non-binary codes; -to develop practical transformation algorithms in the Niederreiter CCS on modified (shortened) elliptic codes with flawed codes; -to analyze the costs of software implementation of the hybrid cryptosystem on the crypto-code structure with flawed codes, to assess the strength of the proposed cryptosystem.

Analysis of construction principles of Niederreiter MCCS on flawed codes
In [24], a code cryptosystem was proposed based on masking a check matrix of an algebraic block code.The main advantage of Niederreiter ACCS is the high speed of information conversion (the relative coding speed is close to 1).In [19,20], an algorithm for equilibrium coding on non-binary codes and an algorithm for generating cryptograms in the Niederreiter crypto-code system on Reed-Solomon codes are proposed.
To reduce energy costs with a guaranteed level of security, the Niederreiter MCCS on MEC was proposed in the work [8,15].This approach provides a reduction in the field power and allows you to implement the classic version of the Niederreiter scheme with a guaranteed level of cryptographic strength.
Consider the overall Niederreiter MCCS on MEC: let the set { } , ... , which are not suitable for further cryptogram generation.This set is proposed to be used as an initialization vector (IV 1 ).The second vector of initialization forms the vector of positions for shortening the error vector: where IV 2 is the abbreviation element (h e is the error vector symbols, equal to zero, |h|=1/2e, that is, e i =0, e i ∈h).
In the classical Niederreiter scheme at the first stage of cryptogram generation, plaintext characters are converted into error vector symbols based on an equilibrium coding algorithm.The resulting error vector at the second stage of cryptogram generation is "shortened" based on the code shortening algorithm and multiplied by the check matrix of the algebraic (elliptical) code: masking matrix mappings defined by the set of matrices { , , } i X P D , where X is a non-degenerate k×k matrix over GF(q) , P is a permutational n×n matrix over GF(q) with one nonzero element in each row and each column of the matrix, D is a diagonal n×n matrix over GF(q) with nonzero elements on the main diagonal.
After the formation of the key matrices of the private key, the authorized user needs to form elements of the set of fixed open texts that are not suitable for the subsequent formation of a cryptogram (syndrome from the error vector).
Let us consider the basic principles of constructing cryptosystems on flawed codes: in [25,26], the theoretical and practical bases of the construction of flawed codes are considered.The flawed text refers to the text obtained by further deformation of the non-redundant character codes.Thus, a necessary and sufficient condition for the text flaw with a loss of meaning is the reduction of the lengths of the text character codes beyond their redundancy.As a result, the flawed text has a length shorter than the length of the source text, and does not make sense of the source text [25].
The theoretical basis for the construction of flawed texts is the removal of the ordering of the source text characters and, as a consequence, the reduction of the redundancy of the language characters in the flawed text [25].
At the same time, the amount of information expressing this ordering will be equal to the decrease in the text entropy compared to the maximum possible entropy value, i.e., the equiprobable appearance of any letter after any previous letter [25].
The methods of information calculation proposed in [26] make it possible to identify the ratio of the amount of predictable (i.e. generated by certain rules) information and the amount of unexpected information that cannot be predicted in advance.
Text redundancy is calculated by the formula: where M is the source text; B is language redundancy (B=R-r, R is the absolute entropy of the language (R=logN, N is the power of the alphabet, r is the entropy of the language per character, r=H(M)/L, L is the message length M in language characters); H(M) -message entropy (uncertainty); L 0 is the message length M in language symbols with meaning; B A is language redundancy.To obtain a flawed text (FTC) and damage (DСH), the method of "perfect" compression after performing m cycles of the damage mechanism C m is used [25,26].
The number of cycles required to reduce the length of the source text is: where n is the power of the source symbol representation; B A is language redundancy; η is the number of times the length of the source text in MV2 is reduced at each step (some constant factor).
A quantitative measure of damage effectiveness is the degree of meaning destruction, equal to the difference between the entropies of the flawed text and the source text on different segments of the flawed text: where M i is the part of the source text corresponding to the i-th segment, p i is its probability, L 0 is the length of Mi and is equal to the length L FTC -flawed text, s is the number of segments.
For an ergodic source of the source text characters: max log ( ).
Fig. 1 shows a block diagram of one step of the universal mechanism of damage.
The informational core of some text is understood as the flawed text CFT, obtained by cyclic transformation of the universal mechanism of damage C m .
The universal mechanism of damage C m can be described [30,31]: Thus, we have two ciphertexts: (damage (СH D ) and flawed text (FTC)).The resulting texts are meaningless either in the alphabet of the source text, or in the alphabet of the ciphertext.In fact, the ciphertext of the original message (M) is represented as a combination of two flawed ciphertexts, each of which separately cannot restore the original text.
To restore the original sequence, there is no need to know intermediate flawed sequences.It is necessary to know only the last flawed sequence (the last flawed text after performing all the cycles) and all the damages with the rules of their application.
Cryptographic flawed texts are texts obtained in the following ways [26]: -Approach 1: damage to the source text with subsequent encryption of the flawed text and/or its damage (Fig. 2); -Approach 2: damage to the ciphertext (Fig. 3); -Approach 3: damage to the source text and the ciphertext of the flawed text (Fig. 4).
To determine the optimal method, we analyze the ratio of the number of required additional operations to implement the approach to the size of the resulting outgoing data.The dependence of group operations of ACCS implementation field power is given in Table 1.
Table 2 shows the length of transmitted data.The ratio of these values shows the bit rate of throughput for each additional operation (Table 3).Thus, using the approach to damage the ciphertext with the Niederreiter MCCS on MEC, presented in Fig. 4 (third approach) increases throughput starting from the GF field (2 9 ).This method is the best approach for building the Niederreiter hybrid CCS on MEC.The synthesis of the Niederreiter MEC crypto-code structure with a cryptosystem on flawed codes proposed by the authors allows building complex (hybrid) crypto-code structures whose stability is determined by the strength of two cryptosystems to ensure the implementation of fast crypto-transformations by reducing the field power.
Consider the algorithms for the practical implementation of the cryptogram formation and decoding based on the Niederreiter crypto-code structure on MEC using flawed texts and damaging the ciphertext.

Practical algorithms for generating and decrypting cryptograms
The algorithm for generating a cryptogram in the Niederreiter hybrid CCS on MEC using flawed texts will be represented as a sequence of steps (Fig. 5):  Step 2. Formation of the error vector e, the weight of which does not exceed t -corrects the ability of the elliptic code based on the non-binary equilibrium coding algorithm.
Step 3. Formation of the initialization vector IV 1 .
Step 4. Formation of a shortened error vector: e x =e(A)-IV 2 .
Step 5. Formation of the codogram: Step 6. Formation of the flawed text CFT and damage СНD.
The algorithm for decoding a codogram in the Niederreiter hybrid CCS on MEC using flawed texts is presented as a sequence of steps (Fig. 6): Step 1. Entering the flawed text CFT, which is decoded.Introduction of the private key -X, P, D matrices.Introduction of damage CHD.
Step 2. Getting the length of the remnants and splitting the flawed text.
Step 3. Obtaining the S Xi characters of the codogram and forming the complete codogram S X ==S Xi ||S Xi ||…||S Xn .
Step 4. Finding one of the possible solutions of the equation Step 5. Removing the action of the diagonal and permutation matrices:  Step 8. Formation of the desired error vector е: е=е х +IV 2 .
Step 9. Transformation of the vector e based on the use of a non-binary equilibrium code into the information sequence.
Thus, the proposed algorithms make it possible to practically implement the Niederreiter hybrid CCS on MEC using flawed texts.This approach allows the use of the proposed Niederreiter HCCS in Internet protocols and provides a guaranteed level of cryptographic security.
We will conduct a study on the evaluation of the energy costs of the software implementation of the proposed Niederreiter hybrid crypto-code structure MEC with flawed codes, investigating their cryptographic strength based on the NIST STS 822 statistical package.

Evaluation of energy costs for software implementation of the proposed hybrid cryptosystem
To estimate the time and speed indicators, it is common to use the unit of measurement cpb, where cpb (cycles per byte) is the number of processor cycles that need to be spent to process 1 byte of incoming information.The complexity of the algorithm is calculated by the expression where Utl is the utilization of the processor core (%); Rate is the algorithm bandwidth (byte/s).Table 4 shows the results of studies of the dependence of the input sequence length on the MV2 algorithm on the number of processor cycles.Table 5 shows the results of studies assessing the time and speed indicators of the procedures for applying and removing damage.Table 6 shows the results of studies of the dependence of the length of the code sequence of the Niederreiter hybrid CCS on the number of processor cycles for performing elementary operations in the software implementation of crypto-code systems.
Analysis of the results of Table 6 showed that the energy intensity of the practical implementation of the Niederreiter HCCS will decrease by 7 %, while implementation is possible on the main software and hardware platforms that are widely used: -8/16 bit microcontrollers and smart cards; -32-bit microprocessors and microcontrollers (ARM, IA 32); -64-bit general-purpose processors (AMD64, Intel 64).
Table 7 shows the results of studies assessing the time and speed indicators of the procedures for applying and removing damage.Thus, the conducted analysis of the basic principles of constructing Niederreiter modified crypto-code structures and multi-channel cryptography systems on flawed codes allows us to develop hybrid cryptosystems.The main difference from the "classical" approach to the formation of a hybrid cryptosystem is the use of asymmetric crypto-code structures with fast crypto-transformation algorithms (the speed of transformations is comparable to the speed of crypto-transformation in the BSC).The Niederreiter CCS is the main mechanism for ensuring the stability (security) of information with the subsequent use of the MV2 algorithm (a system on flawed codes).This approach reduces energy costs (the power of the Niederreiter MCCS alphabet) and then transfers it in one or more channels.

Table 6
Results of studies of the dependence of the length of the code sequence on the number of processor cycles Note: ** -for the calculation, a processor with a clock frequency of 2 GHz was taken, taking into account the load by the operating system of 5 %

Evaluation of the cryptographic strength of the proposed hybrid cryptosystem
To assess the cryptographic strength of the proposed cryptosystem, we consider separately each of the components of the hybrid (integrated) cryptosystem.
The McEliece and Niederreiter crypto-code structures belong to the secret models of provable resistance [14] based on the theoretical complexity problem -decoding of a random code.Thus, for an authorized user, the encoding and decoding procedures are polynomially complex tasks, and for an attacker, an NP-complete problem, with an increase in (n, k, d) parameters, the complexity increases exponentially.
Suppose a code cryptosystem is used that is constructed by masking an algebraic block (n, k, d) code over GF(q).Cryptanalysis of such a system consists in solving the problem of decoding a masked (n, k, d) code over GF(q) without using a fast (polynomial complexity) rule that defines a secret key.
The volume of the secret key (the dimension of the X, P, D matrices) is ( ) k×k elements from GF(q) of the X matrix and n×n elements from GF(q) of the Λ=P•D matrix.Consequently, the complexity of the implementation of the most simple attack, aimed at a total bust of secret key data, is c.d. p.d.

l S =
At the same time, cryptanalysis can be performed by one of the currently known non-algebraic decoding algorithms, which allow a universal way to solve the decoding problem (n, k, d) of a code over GF(q) by the brute force methods.Let us analyze the most computationally efficient non-algebraic coding methods, investigate their capabilities in solving the cryptanalysis problem of the developed crypto-code information protection tools.
The simplest and most effective method for decoding redundant block codes of small length is the correlation method, which is based on comparing the received code word with errors with all code words and choosing the nearest code word (in the Hamming metric) [28][29][30][31].This method allows decoding according to the maximum likelihood criterion (the maximum similarity criterion of the received word with errors and the code word identified by it) and is optimal from the point of view of minimizing the error of decoding the code word [28][29][30][31].The complexity of the implementation of correlation decoding (n, k, d) of the code over GF(q) is estimated as . .The tabular (syndromic) decoding method is somewhat simpler than the correlation one, but it assumes the linearity of the code word being used [28][29][30][31].The codes used in the developed cryptosystems are linear, therefore, an attacker can use syndromic decoding to solve the cryptanalysis problem.
The basis of tabular (syndromic) decoding is the comparison of the syndrome sequence to possible error vectors.To implement non-algebraic decoding of a linear block code with an arbitrary structure, it is sufficient to keep the correspondence of all syndrome sequences and error vectors, for example, in the form of a 2×N table, where N is the power of the set of error vectors that can potentially be corrected by the used (n, k, d) code over GF(q).Suppose that (n, k, d) code over GF(q) can potentially correct all errors, up to 1 2 and cannot fix other errors.Then ( ) ( ) ∑ and the complexity of the implementation of syndromic decoding is estimated by the expression:

. S N =
Another, the most effective method of non-algebraic decoding is a permutation decoder.This method allows decoding a linear block code with an arbitrary structure in a finite number of steps.
In essence, it consists of a sequential transformation of a codeword and a permutation of characters that are invariant with respect to the code.In the monographs [28][29][30][31], an estimate of the complexity of the implementation of the permutation decoder is obtained as an expression: Fig. 7-9 show the dependences of the complexity of various cryptanalysis methods based on non-algebraic decoding of redundant block codes (on the correlation, syndrome, and permutation decoder).The score is given on a logarithmic scale.As follows from the above dependencies, already with the code length, the correlation and syndromic decoding methods become computationally inefficient, their application for cryptanalysis becomes impractical.In the case of a permu- tation decoder (for this, the attacker must have a generator and/or a check matrix of the code used, which is the public key in the proposed cryptosystems), the cryptanalysis complexity is significantly lower.However, even if the attacker has a public key and uses a permutation decoder, cryptanalysis becomes computationally inefficient.

S n for
It should be noted that for high-speed redundant codes, the correlation decoder is less effective than the syndromic one.With a decrease in the relative coding rate, the computational efficiency of syndromic decoding decreases, and with the correlation decoder is more preferable for the attacker to use it as a method of cryptanalysis.

S
R for 2 q = and fixed length of the code used.The score is given on a logarithmic scale.The analysis of these dependences confirms the conclusion that the computational efficiency of syndrome decoding and the increase in computational efficiency of correlation decoding are reduced while the relative speed of the code used decreases.The computational efficiency of the syndrome and correlation decoders is equivalent with 0,65.R ≈ Fig. 10.Dependencies: 1 - The analysis of the dependences in Fig. 10 shows that the use of a permutation decoder with a public key known to the attacker with the length of the code n=1,000 used for cryptanalysis is computationally inexpedient, the crypto-code information protection system effectively ensures the security of data transmission in computer systems and networks.
Thus, the conducted studies have shown that with a proper choice of parameters of the masked code, the developed cryptosystems on algebraic block codes provide the required resistance to the cryptanalytic attacks of the attacker, based on nonalgebraic decoding methods of the random block code.
The evaluation of the cryptographic strength of multichannel cryptography on flawed codes is given in [25,26].In [32], issues of the cryptographic strength of hybrid crypto-code structures on EC (MEC) with multichannel cryptography based on the McEliece scheme are considered.In [14], an attack on crypto-code structures (theoretic-code schemes) with the possibility of finding the elements of the generating matrix and masking matrices was justified.Due to the fact that the G (generating matrix) and H (check matrix) matrices of an error-resistant code are orthogonal, the author in [14] assumes that the proposed method based on linear fractional transformations can calculate the elements of the G and H matrices.This assumption allows approximating the results of the evaluation of the cryptographic strength of the hybrid crypto-code structure based on the McEliece scheme for the evaluation of the cryptographic stability of the proposed integrated cryptosystem.
However, the proposed solution of the integrated system consists of two cryptosystems and, accordingly, joint cryptographic resistance will be higher each separately.Moreover, additional session keys (IV 1 , IV 2 initialization vectors) provide additional cryptographic strength.

Discussion of the main indicators of Niederreiter hybrid crypto-code structures
The theoretical basis for building flawed texts is to remove the ordering of the source text characters and, as a result, reduce the redundancy of language characters in the flawed text.At the same time, the amount of information expressing this ordering will be equal to the decrease in the entropy of the text compared to the maximum possible entropy value corresponding to the absence of orderliness in the text in general, that is, the equiprobable appearance of any letter after any previous letter.The methods of information calculation proposed by C. Shannon make it possible to identify the ratio of the amount of predictable (i.e.generated by certain rules) information and the amount of unexpected information that cannot be predicted in advance.
To restore the original sequence, there is no need to know intermediate flawed sequences.It is necessary to know only the last flawed sequence (the last flawed text after performing all the cycles) and all the damages with the rules of their application.
Cryptographic flawed texts are texts obtained in the following ways [25,26]: damage to the source text, followed by encryption of the flawed text and/or its damage, damage to the ciphertext, damage to the ciphertext of the flawed text and/or ciphertext.
The main difference of the proposed complex system from the "classical" concept is the use of the whole system at BSC to ensure the cryptographic strength of the system as a whole, and the crypto-code structures based on the McEliece or Niederreiter schemes, which provide stability in post-quantum cryptography.
The paper [32] presents the results of studies of the main criteria for cryptosystems based on the McEliece crypto-code scheme, as well as the theoretical foundations of the cryptographic strength of the proposed McEliece modified crypto-code structures (MCCS) with EC and hybrid MCCS with flawed codes by reducing the power of the Galois field without reducing the level of cryptographic strength of the hybrid cryptosystem as a whole with their software implementation.Taking into account that the McEliece and Niederreiter schemes use one approach to the formation of a private key (masking matrices are similar) and the encoding and decoding algorithms use classical algorithms of the noise-resistant coding theory, it is proposed to use the method for estimating the strength of the HCCS proposed in [32].The overall strength of the proposed approach to the formation of a hybrid cryptosystem consists of the strength of the Niederreiter modified crypto-code structure and the strength of the multi-channel cryptosystem on flawed codes.
Assessment of the implementation complexity of the intruders' attacks.Suppose that a crypto-code cryptosystem, constructed by masking an algebraic block (n, k, d) code over GF(q) is used.Cryptanalysis of such a system consists in solving the problem of decoding a masked (n, k, d) code over GF(q) without using a fast (polynomial complexity) rule that defines a secret key.The volume of the secret key (the dimension of the X, P, D masking matrices) is ( ) (k×k elements from GF(q) of the X matrix and n×n elements from GF(q) of the Λ=P•D matrix) [8,14,15,24] for the classi-cal Niederreiter ACCS.For the Niederreiter MCCS on MEC, the volume of the secret key is ( ) where n is the elements of the initialization vector IV 2 , and for the Niederreiter MCCS on MEC, the volume of the secret key is (Table 8): ( ) ( ) where ( ) − -elements of the initialization vector IV 1 Consequently, the complexity of the implementation of the most simple attack, aimed at a total bust of secret key data, is: One of the main components of the evaluation of the strength of cryptographic algorithms is the assessment of its statistical security.An algorithm is considered to be statistically safe if the sequence it generates is not inferior in its properties to a random sequence -such sequences are called "pseudo-random".
For an experimental assessment of how closely cryptoalgorithms approximate the generators of "random" sequences, statistical tests are used.The proposed NIST (American National Standards Institute) NIST STS 822 test suite for testing random or pseudo-random number generators is one approach to implementing the task of evaluating the statistical security of cryptographic primitives and may provide a preliminary assessment of the cryptographic strength of the complex system as a whole.Using this package allows, with a high degree of probability, drawing conclusions as to how far the sequence that is generated by the primitive under study is statistically safe.
The NIST STS test suite was proposed during the competition for a new US national standard of block encryption.This set was used to study the statistical properties of candidates for a new block cipher.Today, the testing methodology proposed by NIST is the most common among developers of cryptographic information security tools [27].
The research results are summarized in Table 9.
The results presented in Table 9 show that despite the reduction in the field power to GF(2 6 ) for MCCS and GF(2 4 ) for HCCS, the statistical characteristics of such crypto-code structures turned out to be at least as good as the traditional Niederreiter CCS on GF(2 10 ).All cryptosystems passed 100 % of the tests, and the best result was shown by the HCCS on shortened MEC: 155 out of 189 tests were passed at the level of 0,99, which is 82 % of the total number of tests.At the same time, the traditional CCS on GF(2 10 ) showed 149 tests at the level of 0,99.Thus, the proposed methods for providing basic security services of information resources allow integrated (by one mechanism) provision of the necessary level of stability and reliability of data.
Let us examine the speed of the proposed CCS.To do this, we estimate the complexity of cryptographic transformation: the complexity of generating a cryptogram (encryption) S e and the complexity of an inverse cryptographic transformation (decryption) S d in group operations in the final field GF(q).
The formation of a cryptogram corresponds to the calculation of a codeword of a masked (n, k, d) code over GF(q).If the masked code is specified by the generator matrix G, in the general case in a non-systematic form, then to form a code word, it is enough to multiply the information vector of length n characters by the H X matrix.This procedure corresponds to an unsystematic coding rule, the complexity of its implementation will be 2t×n operations of addition and multiplication over a finite field.The complexity of the operation of adding a random error vector to the code word will be n addition operations.Therefore, for the non-systematic coding method: For the MCCC, no additional operations are requiredonly selective reading is required according to the IV2 initialization vector.But for HCCC complication of the damage algorithm.In general terms (Fig. 11): S e(HCCS) =2×t×n+n×m.However, when L>1, then S e(HCCS) =2×t×n+n×m×L.
If the masked code is specified by the check matrix H, in the general case in a non-systematic form, then to form a code word, it is necessary to calculate the check characters and place them in the appropriate place in the code word.
The complexity of decryption is determined by the complexity of the algebraic algorithm for decoding an algebraic block code.For BSC codes, RS codes and their generalizations, alternant codes and their subclasses, error localization is reduced to solving a system of linear equations.The decoding complexity is: S d =n 5/2 +(2×n 3 )+t 5/2 , S d(HCCS) =n×m⋅L+n 5/2 +(2×n 3 )+t 5/2 .The dependence of the operations of addition and multiplication over a finite field in various cryptosystems is presented in Table 10.The results in Table 10 confirm a ≈7-fold decrease in the number of operations of addition and multiplication over a finite field in the proposed Niederreiter hybrid crypto-code structures on flawed codes over GF (2 4 ) compared to the modified Niederreiter crypto-code structure on MEC over GF (2 6 ).The result obtained confirms the competitiveness of the Niederreiter HCCS for post-quantum cryptography.
The use of EC (MEC) ensures protection against the attack proposed in [14], which provides additional security of the system as a whole.

Conclusions
1.The analysis of the principles of the formation of the Niederreiter MCCS on flawed codes, taking into account the regularity of the necessary fixation of the positional vectors of the plaintext to form the error vector in the equilibrium coding of non-binary codes, allows the MV2 algorithm to be used to damage the cryptogram, which allows practical implementation of the Niederreiter hybrid crypto-code structure.In contrast to the classical representation of hybrid (complex) cryptosystems, the Niederreiter CCS on MEC with a fast crypto-transformation algorithm (a cryptosystem  of provable durability) is used to ensure cryptographic resistance.This approach can significantly reduce the energy costs of practical implementation, and the possibility of using the proposed structure in the protocols of the transport level of Internet systems.
2. The proposed algorithms of cryptogram formation, taking into account the mechanism of damage MV2 to the hybrid Niederreiter crypto-code structure, ensure its practical implementation.The presented research results of the energy intensity of the practical implementation of the Niederreiter HCCS confirm the 7 % cost reduction, while implementation is possible on the main software and hardware platforms that are widely used.
3. As a result of the research, it was shown that the use of the developed hybrid cryptosystems with the appropriate code parameters allows ensuring the security and reliability of data transmission in case an attacker uses non-algebraic decoding methods.In addition, the practical use of crypto-code structures of information protection allows you to comprehensively solve the problem of ensuring the security and reliability of data transmission.Statistical analysis of the cryptographic strength of the output sequences of the Niederreiter HCCS based on flawed codes using NIST STS 822 confirms their cryptographic strength, which proves the possibility of their use as an alternative replacement for RSA-like algorithms in Internet applications.

Introduction
Nowadays, in general, more and more attention is paid to the technical diagnostics of sophisticated technological complexes (TCs) in operation and to the prognoses of their further performance.To a large extent, this is due to the role of technical diagnostics in reducing the cost of repair and restoration of TC units by early detection of defects that originate in the assembly parts.Only reliable diagnostics can allow the transition from the system of planned

G . M a r t y n i u k
PhD Department of Information-Measurement Systems* *National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Fig. 5 .
Fig. 5. Algorithm for the formation of codograms in the Niederreiter hybrid CCS on MEC

Fig. 6 .
Fig. 6.Algorithm for decoding codograms in the Niederreiter hybrid CCS on MEC

Table 2
Length of transmitted data in bytes

Table 3
Number of bits per additional operation

Table 1
Dependence of software implementation on field power (number of thousands of additional operations before encryption/after/total) Entering the information to be encoded, one of the elements of the set of suitable open texts.Introduction of the public key .

Table 4
Results of studies of the dependence of the input sequence length on the MV2 algorithm on the number of processor cycles

Table 5
Results of studies assessing the time and speed indicators ofthe procedures for applying and removing damage

Table 7
Results of studies assessing the time and speed indicators of the procedures for applying and removing damage

Table 8
Volume of the secret key, bits

Table 9
Results of statistical security studies

Table 10
Dependence of the operations of addition and multiplication over a finite field in various cryptosystems

M a r c h e n k o
N .