or DEVELOPMENT OF MCELIECE MODIFIED ASYMMETRIC CRYPTO-CODE SYSTEM ON ELLIPTIC TRUNCATED

Symmetric and asymmetric cryptographic algorithms, providing the required level of cryptographic strength are generally used to ensure security in modern communication systems, and error-correcting coding techniques - to ensure reliability. The use of asymmetric crypto-code systems enables integrated (with one mechanism) provision of the required levels of reliability, security and efficiency in the processing and transmission of confidential information via open channels of telecommunication systems. The research confirms that their usage provides high performance on the level of symmetric encryption algorithms with BSSH, provable cryptographic strength based on theoretical and complexity problems in arbitrary code decoding (10 30 – 10 35 group operations are provided), and reliability through the use of a shortened algebra-geometric code (Р ош 10 -9 – 10 -12 is provided). A major disadvantage of the use of the McEliece cryptographic system are large amounts of critical data (to provide the required cryptographic strength it is necessary to build a system in the GF (2 10 –2 13 ). In order to reduce the volume of key data (public key), we propose to use shortened codes, that enables to reduce the GF(2 6 –2 8 ), while maintaining a cryptographic strength level , by introducing the character location entropy at initialization vector.


Introduction
Development of telecommunication systems in all areas of their use puts forward stricter requirements to the reliability and security of the entire data processing cycle. To ensure these criteria in telecommunication systems, software/firmware implementation means of error-correcting coding techniques (to ensure reliability) and cryptographic information transformation methods (providing security: confidentiality, integrity and availability), as well as data transfer protocols at different levels of the ISO/OSI model are used. A promising direction in the development of communications technologies and systems are integrated mechanisms that provide the required reliability and safety performance in a single software/hardware and software implementation. For this purpose, the authors suggest the use of the modified asymmetric crypto-code system based on the McEliece theoretical-code scheme (TCS) on elliptic shortened codes. This approach provides the required level of reliability of data transfer through the use of error-correcting coding techniques, and the use of the asymmetric cryptosystem provides the required level of cryptographic performance.

Literature review and problem statement
The development of communication technologies is closely related to the quality of services provided to end users of the system and determined by the indicators proposed in the standards and recommendations of the International Communication Union. Among the main service quality indicators discussed in Recommendations ITU E.800, special importance is given to the coefficient of system availability, which provides the required level of reliability and security of the entire data processing and storage cycle [1,2]. The analysis in the paper [3] showed that the rapidly growing number of users and information consumers, expanding the range of telecommunication services, increased volumes of processed data lead to a tightening of probability-time requirements for the major components of telecommunication systems and networks at all stages of the information data exchange. Thus, according to [4], the relevance of creating telecommunication systems and networks with protected data transmission channels has increased dramatically in recent years. The requirements for data security indicators in telecommunication systems and networks, especially in special-purpose networks in which a denial of service or output of specific quality parameters out of the range can lead to catastrophic consequences in the financial sector, industry, energy sector, and so on have also increased. Modern developers of communication technologies are forced to solve several problems simultaneously and ensure not only the security of the information transmitted, but also the speed to transfer large amounts of data. In [5], the authors propose to use a McEliece cryptosystem in the Sequitur software, which allows integrally solve the problems of performance and security while transmitting sensitive information. In [6], the McEliece cryptosystem is used as a mechanism to ensure integrity in the stegosystem that provides storage information about the artist, lyrics and performance in MPEG Layer-III or MP3 file. The cryptosystem is used to store both personal (private), and public key in the ID3v2 tag format. In [7,8], it is proposed to use the McEliece cryptosystem for solving authentication (authenticity) problems and forming a digital signature based on algebraic coding theory, as well as for the transmission of confidential (medical) information). The authors of [9] propose to use the McEliece cryptosystem in the Secure Key Management software (SKM, a framework with a high degree of scalability relative to memory), to generate key sequences and their distribution.
To reduce the cost of transmission and processing of data, ensure the required performance and reliability of the information secrecy (security), it is proposed to use asymmetric crypto-code systems on the McEliece theoretical code scheme [10][11][12]. In [13,14], the basic principles and mathematical models of asymmetric crypto-code systems construction based on the McEliece and Niederreiter theoretical-code schemes (TCS) on elliptic codes that allow integrally provide the required reliability performance of information secrecy and data transmission speed in communication systems are considered. At the same time the analysis of asymmetric crypto-code system software implementation on the Niederreiter theoretical code scheme (TCS) [15] showed significant implementation complexity that makes it difficult to use theoretical code schemes for the construction of asymmetric cryptographically strong systems. In [16], the new approaches to breaking the McEliece cryptosystem based on randomized concatenated codes are considered. Development of modified crypto-code systems using modified algebraic codes is a perspective direction in solving these scientific and technical problems.

The aims and objectives of the study
The objective is to analyze the overall design of construction of theoretical code schemes as an integrated mechanism for providing the reliability, efficiency and safety in general data processing cycle. To achieve the goal, are considered the following tasks are considered: -to analyze the overall structure of asymmetric crypto-code system constructing (ACCS), to assess the effectiveness and performance compared to the symmetric and asymmetric cryptographic algorithms; -to consider the mathematical model and basic algorithms of information transfer in the McEliece ACCS on shortened codes; -to analyze the costs of software implementation of crypto-code means of information security based on the McEliece TCS.

The general construction of the theoretical-code schemes, evaluation of their effectiveness as compared to other cryptographic methods
Let us consider the overall design of theoretical code schemes. We fix a finite field GF(q). Let us consider the vector space GF n (q) as a set of n-sequences of elements of GF(q) with component wise addition and multiplication by a scalar. Linear (n, k, d) code С is a subspace in GF n (q), i. е. a non-empty set of n-sequences (code words) over GF(q), kthe linear subspace dimension, d -minimum code distance (minimum weight of a non-zero codeword).
The main purpose of information encryption is to control (detect and correct) errors that occurred when sending a message through a channel with noise. For error control, the encoder introduces redundancy (checked part of the length r, r=n-k) in the transmitted data. On the receiving side, analyzing the properties of the test part and its correspondence to the transmitted data, the decoder reduces the effects of errors occurring during transmission.
The decoding problem can be effectively solved (with polynomial complexity) for a narrow class of codes, such as Bose-Chaudhuri-Hocquenghem error-correcting codes (BCH) and Reed-Solomon codes. One of the most effective algorithms for BCH codes algebraic decoding is the Berlekamp-Massey algorithm and its modifications (improvements). It is well known [17][18][19][20] that the Berlekamp-Massey algorithm contains the number of implementation of multiplications, order t 2 , or, formally, the complexity of the algorithm O(t 2 ), where t -correcting capability of the code, t= =ë(d-1)/2û. For a big t, an accelerated Berlekamp-Massey algorithm, which allows to reduce the computational complexity of the algorithm is used. The recursive Berlekamp-Massey algorithm is even more effective in terms of computational complexity. The asymptotic complexity of decoding the Reed-Solomon codes in this case does not exceed O(nlog 2 n), and is very close to the value O(nlogn).
The decoding of an arbitrary linear code (generic code) is a very complicated computational task, the complexity of its solution increases exponentially. Thus, for correlation decoding of random (n, k, d) code over GF(q), it is necessary, in general, to compare the received sequence with all q k code words and select the closest (in the Hamming metric). Even for small n, k, d and q, the correlation decoding task is very labor-intensive. This provision forms the basis of all cryptographic systems on algebraic block codes. By disguising a code with fast decoding algorithm (polynomial complexity) as an arbitrary (random) linear code, the decoding task for an outside observer (an attacker) can be represented as a computational task (with exponential complexity).
For the authorized user of a cryptosystem (having a secret key), the decoding is a polynomially solvable problem. General classification of theoretical code schemes is shown in Fig. 1.
To ensure security in modern communication systems, symmetric and asymmetric cryptographic algorithms, providing the required cryptographic strength are generally used. As the analysis shows, the use of theoretical code scheme allows fast cryptographic transformation providing provable strength ( Table 1). The complexity of their implementation is comparable with symmetric crypto algorithms with block symmetric ciphers (BSC). Moreover, their practical application allows using a public key infrastructure and building integrated mechanisms for cryptographic data transformation and channel coding for the complex security and reliability of data transmission. Table 1 shows the results of comparative studies of cryptographic methods effectiveness of information protection with a fixed level of strength: -middle (cryptanalysis complexity with the well-known algorithm is not less than 2 128 operations); -high (cryptanalysis complexity with the well-known algorithm is not less than 2 256 operations); -very-high (cryptanalysis complexity with the well-known algorithm is not less than 2 512 operations). Table 1 The results of comparative studies of cryptographic methods effectiveness of information protection with a fixed level of strength Evaluation results of data conversion algorithms performance in symmetric ciphers and ACCS are shown in Fig. 2.
Thus, as follows from the given results of a comparative analysis, asymmetric crypto algorithms, with the use of theoretical-code schemes allow you to implement cryptographic information protection according to the public-key technology and thus provide the speed of cryp-to-code information conversion with the speed of block symmetric ciphers encryption. Furthermore, the practical use of theoretical-code means of information protection provides security and reliability of transmitted data based on the integration of the channel coding and encryption mechanisms. Hence, the use of theoretical-code schemes on the one hand is more economically advantageous than the use of a whole range of different encryption and channel coding mechanisms, solving individual problems, but on the other -there is a significant reduction in the total computational cost per unit of processed and transmitted information, i. e., reduced processing time increases data transmission efficiency. Let us consider the mathematical model and basic algorithms of the McEliece ACCS.

Mathematical model and basic algorithms of information conversion in the proposed McEliece system on shortened codes
Known methods for the modification of linear block codes are more fully discussed in [17][18][19][20]. Fig. 3 shows the most common modification methods.
Lengthening (n, k, d) of linear block code is to increase the length of n+x by adding new information symbols k+x. Extension (n, k, d) of linear block code is to increase the length of n+x by adding new check symbols r+x. Puncturing (n, k, d) of linear block code is to reduce the length of n-x by decreasing of check symbols r-x. Shortening (n, k, d) of linear block code is to reduce the length of n-x by decreasing of information symbols k-x. Augmentation (n, k, d) of linear block code is to increase the length of k+x information symbols without increasing the code length. Expurgation (n, k, d) of linear block code is to reduce the k-x information symbols without code length increasing.
Potential strength of theoretical code schemes is defined by the complexity of decoding the random (n, k, d) block code. Hence, for the construction of potentially persistent theoretical code schemes, modification techniques that do not allow reducing the minimum code distance should be used. Methods of lengthening and shortening of the linear block codes do not change the minimum distance and, therefore, allow us to construct asymmetric crypto-code systems resistant to breaking.
The simplest and most convenient method of modifying a linear block code, not reducing the minimum code distance is shortening its length by reducing the information  symbols. Let I=(I 1 , I 2 , …, I k ) -information vector (n, k, d) of block code. We chose a subset h of information symbols, |h|=x, x≤1/2k. We put zeros in the information vector I in the subset h, i. е. I i =0, ∀I i Îh. On the other positions of the vector I, we place the information symbols. While the information vector encoding, the symbols of the set h are not involved (they are null) and can be discarded, and the resulting code word is shorter by x code symbols. For modification (shortening) of elliptic codes, we use the reduced set of the curve points. The following statement is true.

Statement 1.
Let EC -an elliptic curve over GF(q), g=g(EC) -the curve genus, EC(GF(q)) -a set of its points over a finite field, N=EC(GF(q)) -their number. Let X and h -nonintersecting subsets of points, XÈh=EC(GF(q)), |h|=x. Then shortened elliptic (n, k, d) code over GF(q), built through mapping like j:XP k-1 , is linked by characteristics k+d³n, where: Statement 2. Shortened elliptic (n, k, d) code over GF(q), built through mapping like j:XP r-1 , is linked by characteristics k+d³n, where: Using the result of Statements 1, 2, we set the theoretical-code scheme on modified elliptic codes, built through mapping like j:XP k-1 and j:XP r-1 . The following statements are true. Statement 3. Shortened elliptic (n, k, d) code over GF(2 m ), built through mapping like j:XP k-1 , defines the modified theoretical-code scheme with the following parameters: ( ) K 2 l x log 2 q q 1 ; Statement 4. Shortened elliptic (n, k, d) code over GF(2 m ), built through mapping like j:XP r-1 , defines the modified theoretical-code scheme with the following parameters: -the dimension of the secret key is determined by (3); -the dimension of the information vector (in bits): -the dimension of the codegram is defined by (5); -relative transmission rate: Let us consider the formal description of a modified asymmetric crypto-code information protection system based on the use of modification methods and practical algorithms of formation of codegrams and their decryption in the developed theoretical-code schemes. Mathematical model of ACCS using the McEliece TCS based on shortening (reduction of information symbols) is formally defined by a combination of the following elements [9]: -a set of plaintexts   where i X -disguise nondegenerate randomly equiprobably formed by a source of keys k k × matrix with elements from GF(q); i P -permutation randomly equiprobably formed by a source of keys n n × matrix with elements from GF(q); i D -diagonal formed by a source of keys n n × matrix with elements from GF(q) , i. е. The initial data in the description of the considered asymmetric crypto-code information protection system are: -algebrogeometric block (n, k, d) code -a i -a set of the curve polynomial coefficients a 1 …a 6 , ∀a i ÎGF(q), uniquely defining a specific set of the curve points from space Р 2 to form the generating matrix; -h j -information symbols, equal to zero, |h|=1/2k, i. е. I i =0, ∀I i Îh; -disguising matrix mappings, given by a set of matrices i {X, P, D} , where Х -nondegenerate k k × matrix over GF(q), Р -permutation n n × matrix over GF(q) with one non-zero element in each row and each column of the matrix, D -diagonal n n × matrix over GF(q) with non-zero elements on the main diagonal.
In asymmetric crypto-code system based on the McEliece TCS, the modified (shortened) algebrogeometric (n, k, d) code j k h C − with fast decoding algorithm is disguised as a random (n, k, d) code j k h C − * by multiplying the generating matrix G ЕС of the code j k h C − by the secret disguise matrices u X , u P and u D [8], providing the formation of the authorized user's public key: where EC G -generating n k × matrix of algebrogeometric block (n, k, d) code with elements from GF(q), built on the basis of the user-selected curve polynomial coefficients a 1 … a 6 , ∀a i ÎGF(q), uniquely defining a specific set of points on the curve from the space Р 2 .
Forming a closed text To recover the plaintext, an authorized user adds zero information symbols j * j j k h C C C , − = + from the recovered secret text j C , removes the effect of the secret permutation and diagonal matrices u P and u D : The resulting solution is the plain text i M . Let us consider the practical algorithms of formation and decryption/decoding cryptogram/codegram in a modified asymmetric crypto-code system based on the McEliece TCS on elliptic shortened codes. Fig. 4 shows an algorithm of cryptogram/codegram formation.
The algorithm of codegram formation in the modified McEliece asymmetric crypto-code system with shortened modified code is defined by a sequence of the following steps. Step 1. We fix a finite field GF(q). We fix an elliptic curve y 2 z+a 1 xyz+a 3 yz 2 =x 3 +a 2 x 2 z+a 4 xz+a 6 z 3 and a set of its points EC(GF(q)):(Р 1 , Р 2 , …,Р N ) over GF(q). We fix a subset of points h(GF(q)): (Р x1 , Р x2 , …,Р xx ), hÍEC(GF(q)), |h|=x and keep it secret.
Step 2. We form the initialization vector IV=EC-h j , h jinformation symbols equal to zero, |h|= 1 k, 2 i. е. I i =0, ∀I i Îh; Step 3. By entering the information vector I, we form the codeword с. If (n, k, d) code over GF(q) is given by its generating matrix, then с=I×G.
Step 4. We form the random vector of the error e so that w(e)£t, t (d 1) / 2 . = −   ë û We add the formed vector to the code word, receive the code word: с*=с+e.
The algorithm of codegram decoding in modified theoretical-code schemes on elliptic codes is defined by a sequence of the following steps: Step 1. Entering the codegram to be decoded. Entering the private key -generating and/or parity-check matrix of the elliptic code.
Step 2. Codegram -a codeword with elliptic code errors. Error vector weight w(e)£t. We decode the codegram -find the error vector.
Step 3. We form the needed information vector. The proposed algorithm for decoding in the modified asymmetric crypto-code system using the McEliece TCS with shortened modified code is shown in Fig. 5.
The main stage of the codegram decoding algorithm in the theoretical-code scheme on elliptic codes is decoding of the received sequence. While the codegram decoding, an authorized user should consider the shortened code parameters in the theoretical-code schemes on modified elliptic codes.
The block diagram of the real-time information exchange protocol using the asymmetric cryptosystem based on the modified McEliece TCS with modified (shortened) elliptic codes is shown in Fig. 6. Forming key data and initialization vector Public key: ,  Let us investigate the software implementation energy costs of crypt-code means of information security based on the McEliece TCS on modified (shortened) elliptic codes.

Estimation of energy costs of software implementation of the proposed McEliece system
To estimate time and speed parameters, it is common to use the unit of measurement cpb, where cpb (cycles per byte) -the number of processor cycles, which should be spent to process 1 byte of incoming information. Algorithm complexity is computed by the expression: where Utl -utilization of the CPU core (%); Rate -algorithm bandwidth (bytes/sec). Table 2 shows the dependence of the code sequence length of the algebrogeometric code in the McEliece and Niederreiter TCS on the number of CPU cycles to perform elementary operations in the software implementation of crypto-code systems. Table 3 shows the investigation results for evaluating time and speed parameters of procedures of forming and decoding information in the asymmetric crypto-code system based on the McEliece TCS.
The analysis (Tables 2, 3) enables to conclude about significant energy cost when implementing asymmetric crypto-code systems in the protocols of communication systems and technologies, which greatly complicates their use. To eliminate the disadvantage, it is proposed to use the modified asymmetric crypto-code schemes based on the usage of error-correcting code, which provides decrease of energy costs and users key data volumes by storage of information about coefficients of an elliptic curve in an affine space to build the corresponding matrices (private and public keys).

Conclusions
1. The overall structure of asymmetric crypto-code systems based on the McEliece TCS enabling integrated (with a single device) provision of the required indicators of reliability, efficiency and data security was analyzed. A major shortcoming of ACCS based on the McEliece TCS is a big volume of key data, that constricts their use in different communication system areas (today cryptographic strength on the level of the provable strength model is provided while building ACCS in the Galois field GF(2 13 )). The use of modified (shortened) elliptic (algebraic) codes helps to reduce the volume of key data, while maintaining the requirements for cryptographic strength of ACCS. Estimation the data conversion performance is comparable to the speed of direct and inverse cryptographic conversion of modern BSC, this ensures the cryptographic strength at the level of asymmetric cryptosystems (cryptographic strength is based on the theoretical complexity problem -random code decoding).
2. The proposed mathematical model, practical algorithms for encryption/decryption and coding/decoding of cryptograms/codegrams in the developed modified crypto-code system based on the McEliece TCS allows to realize encryption/decryption at speeds of symmetric cryptosystems with BSC. The complexity of the codegram forming and decoding is determined, accordingly, by encoding/decoding complexity of modified (shortened) elliptic codes and polynomially depends on the code length and correcting dependency. For 100 bytes of transmitted data, the Per algorithm complexity is 61.5 cpb, and for 1000 bytes is 62 cpb, that does not affect the complexity of the algorithm with a significant increase in data to be processed. 3. Transferring a key sequence using the modified McEliece ACCS based on the shortened code allows to use open channels of communication systems for the transmission of confidential information and integrally provide the required indicators of reliability and efficiency of the entire data processing cycle.