Encryption algorithm

Philosophy of the need to develop a new encryption algorithm

Symmetric encryption algorithms currently used, such as AES and SEA64 (a full-fledged non-degraded predecessor of GOST), use encryption keys with a maximum length of 256 bits (32 bytes). Nowadays, when the computing power of computers is constantly increasing and supercomputers and quantum computers are also mentioned, there is also a demand for the development of stronger encryption algorithms, which should form the basis of the so-called postquantum cryptography. In the context of post-quantum cryptography, it is assumed that the encryption algorithm should work with at least a 512-bit encryption key. It is not a problem to use a key with a longer length, but the longer the key, the more processing demands are placed on the processing of the algorithm by the processor. From the cryptographic point of view, it is advantageous to use the Feistel scheme to implement the algorithm for several reasons, which will be described later. A suitable compromise between the processing speed of the algorithm and the length of the key is to use a key with a length of 512 bits.

The use of a high-quality encryption algorithm is a necessary condition, but far from sufficient. To ensure the security criteria for encryption, set by globally recognized standards, it is necessary to provide several factories in the design and development of both a stand-alone algorithm, as well as in the implementation of the algorithm in the application environment and especially in the implementation of key economy. In addition to the quality of the algorithm, the strength of the encryption depends on the quality of the generated keys. Quality keys must be generated by a non-deterministic generator based on hardware. An important factor is the use of the Central Security Authority (CBA), which generates keys, oversees the quality of the key generator, performs statistical tests of the generated sequence according to standards (NIST 800-22) and FIPS, manages work with hardware security devices (tokens) and distributes keys to resources with encryption software installed.
The systems designed in this way can then be used for individual classification levels. For the first level of classification “V” it is sufficient to use the implementation of the encryption algorithm in software form. However, for the second classification level “D” and higher levels, the implementation of an encryption algorithm in a hardware device, for example in a PCI add-on card with a signal processor, is required.
Therefore, a new symmetric encryption algorithm SEA512 (Super Encryption Algorithm) with the length of the used encryption key of 512 bits was developed. It follows the SEA64 algorithm, which is also implemented on the basis of the Feistel scheme, but with a key length of only 256 bits, similar to AES256. SEA512 is a candidate for use in postquantum cryptography.

Basic properties and method of implementation

1. SEA512 algorithm is implemented on the basis of Feistel’s scheme,
2. The length of the processed key is 512 bits,
3. The key is processed sequentially in 32 bits in 16 rounds,
4. It is implemented in the ECB (Electronic Code Book),
5. The ECB consists of the so-called by simple exchange encryption using 16-tic rounds,
6. Rounds are processed in ascending order and descending order,
7. 4 16-bit, 3 up and 1 down are used for simple exchange encryption (SJZ),
8. 4 16-tags are used for decryption by simple exchange in the reverse order,
9. 2 SJZ encryption or decryption operations are performed on the ECB with a block of 16 bytes,
10. SAE512 uses large S-boxes (substitution boxes) with a size of 2 kilobytes,
11. The structure of S-boxes is 2 * 4 * 256 bytes, which are 2 blocks of 4 permutation tables,
12. S-boxes also form a long-term key and the properties of the ECB algorithm depend on them,
13. S-boxes were generated by specially authorized software for the given purpose,
14. At the ECB with a block of 16 bytes, processing of 16 * 4 * 2 = 128 rounds is performed,
15. At the ECB with a block of 8 bytes, 64 rounds are processed,
16. The algorithm is implemented in a highly optimized form in assembler,
17. An assembler of Intel and Amd processors is used,
18. The algorithm is implemented in parallel in the language “C” as a model,
19. These implementations are fully compatible,
20. ECB SEA512 is used for 2 types of interfaces and encryption modes,
21. One interface is compatible with the AES algorithm and has the same encryption modes,
22. The second interface is compatible with the SEA64 algorithm and has the same encryption modes,
23. A test application with application examples is also supplied,
24. Complete source codes with detailed comments are provided,
25. A complete project of test and sample application of use is delivered.