SYNTHESIS OF СRYPTORESISTANT GENERATORS OF PSEUDORANDOM NUMBERS BASED ON GENERALIZED GALOIS AND FIBONACCI MATRIXES

Context. The problem to form generalized primitive matrixes on the Galois and Fibonacci any order over the field characteristics 2 for the construction by the generators gamma functions for cryptographically stable algorithms of inline data encryption, free from the attack of Berlekamp-Messi (BM). Objective. Development of a way to eliminate the threat an attack using the BM algorithm on LFSR-generators of pseudorandom numbers (PRN) to increase their crypto stability. Method. Linear Feedback Shift Registers (LFSR) are themselves good pseudorandom PRN generators, but they have undesirable properties that reduce the efficiency of their use. For the registers of length shift n their internal state is a function of the previous output bits of the generator. Even if the feedback scheme is kept the secret, it can be determined by 2n output bits of the generator with the help of BM algorithm, which reduces the crypto-resistance of the generator PRN. The basis for single loop feedback circuits, which cover the classical LFSR-generators of PRN, are primitive polynomials. There are various ways to increase the crypto-resistance of LFSR-generators. To their number concern: introduction of nonlinear transformations, use poly register generators (as, for example, in the algorithm of encryption А5) and several others. The transition from classical LFSR-generators to generators basis on the generalized matrixes of Galois and Fibonacci leads to the fact that the algorithm of BM loses the ability to determine the unattainable polynomials generating multi-circuit feedback circuits in LFSRgenerators. The reason for this feature is that the series of bits generated by the generalized generator becomes dependent not only on the selected irreducible polynomial but also on the primitive element that participates in the creation of the feedback loop generator. Results. The PRN generators developed by LFSR were used to organize bytes of streaming information encryption. Conclusions. Statistical tests of the proposed PRN generators carried out with the help of NIST STS, and Diehard [16–18] packages have confirmed the high quality of the generated sequences. Moreover, the generators turned out to be cryptographically resistant to BM attacks. The use of these generators in the formation of long keys, necessary, for example, in RSA encryption protocols and other applications is promising. As an area of further researches, development of the generalized generators of PRN above a field of Galois of any characteristic.


ABBREVIATIONS
BM is a Berlekamp-Messi; CGM is a classical Galois matrix; GGM is a generalized Galois matrix; IP is an irreducible polynomial; LFSR is a linear feedback shift register; PRN is a pseudorandom number; PrP is a primitive polynomial. θ is a primitive Galois field element; ω is a forming generalized Galois element matrix; n f is an IP of n-degree; ( ) , is a Galois matrix of n-degree, generated by an IP n f and forming element ω ; ( ) n f F is a Fibonacci matrix of n-degree, generated by an IP n f and forming element ω ; ( ) n f * F is a Fibonacci conjugate matrix of n-degree, generated by an IP n f and forming element ω ; E is an identity matrix; Е is a cyclic shift operator one step to the left; Е is a cyclic shift operator one step to the right; n is a degree of matrix or polynomial;

INTRODUCTION
One of the most prime problems in the theory and practice of cryptographic information protection is the problem of constructing PRN generators of maximum length (period) with acceptable statistical properties, which are usually realized by means of linear feedback shift registers (LFSR) in the configuration (according to the scheme) of Galois or Fibonacci [1][2][3][4].
Structural schemes of classical n -bit LFSRgenerators of PRN are clearly defined by n-th degree IP ( ) n f x , using of which single-circuit feedback in shift registers is established. It is known, that for the shift register to be the maximum period register, and the corresponding feedback polynomial must be primitive. For LFSR discharges are usually used D-triggers that overwrite the input signal to the trigger output at the time of receipt of the synchroimpulse. The main disadvantage of LFSR-generators of PRN is that the linearity of the sequence at the register output allows us to determine the feedback polynomial ( ) n f x by 2n consecutive bits using the BM algorithm [13].
The object of the study is the process of building LFSR-generators of the PRN, providing cryptographic security to attacks based on the algorithm of BM.
As a rule, the problem of providing reliable cryptoresistance of LFSR-generators is solved by introducing nonlinearity of the formed flow of PRN. However, this method of constructing generators, as a rule, is possible, if the order of the generator does not exceed 32. Therefore, the problem of synthesis of multi-digit linear generators of the PRN, providing at the same time nonlinearity of the flow of PRN.
The subject of the study is the methods of construction of LFSR-generators of PRN, covered by multi-circuit feedback circuits.
Such circuits arise as a result of the replacement of PrP on polynomials, not necessarily be primitive. However, the element θ , forming a pseudorandom sequence, must be the primitive element of the expanded field of Galois, generated by an IP, such that 10 θ > .
The purpose of the work is to eliminate the threat of an attack using the Berlekemp-Messi algorithm on LFSRgenerators of the PRN.

PROBLEM STATEMENT
It is known that LFSR in itself is an excellent PRN generator, but they have undesirable properties, which reduce the efficiency of their use. For length register n , their internal state is a function of the n previous output bits of the generator. Even if the feedback scheme is kept a secret, by the output 2n bits of the generator, using the algorithm of BM, can determine it. The BM-attack can be eliminated by introducing the nonlinearity in the process of formation of the PRN. However, this method of attack elimination may not be acceptable, because we implement it only when the register length does not exceed, as a rule, n=32.
Proceeding from the above-stated, the main purpose of the given research is working out of a way of elimination of the threat of a BM-attack on LFSR-generators PRN of any length for an increase of their cryptographic safety.

REVIEW OF THE LITERATURE
Random numbers are used in many areas of research, including cryptography and information security [1,4], computer and mathematical modeling [6,7], sociological analysis [3], innovative work, based on the "trial and error" method and in other areas of scientific knowledge. Numerous monographs [1,2], journal publications [5,11], reports at scientific conferences [13,15,16] and Web publications [9][10][11]18] are devoted to the issues of building LFSR-generators PRN.
Let us note the fundamental differences both in the presentation of the problem of synthesis of LFSRgenerators and the methods of their implementation, adopted in this paper in comparison with the cited sources. First, note that the numbering of register digits and shift of the generator contents in Galois configurations is performed from right to left. The chosen order of numerical of cells the register and the direction of their contents displacement are not only natural (as, for example, in decimal numbering), but also lead to more transparent algorithms of generalized Galois matrices construction. And, secondly, if in classical (named by us single-circuit) LFSR-generators feedback in registers is created by PrP, and the matrixes of Galois are generated by the primitive forming element, polynomials, using which feedback in the generalized (multi-circuit) LFSRgenerators of PRN, should not be primitive at all. Regardless of whether primitive or non-primitive is polynomic of feedback, the primitive constituent element the GGM must exceed 10. It is under such conditions that the increase in the crypto-resistance of the proposed variants of LFSR-generators of PRN in comparison with the cryptoresistance of classical generators is provided. The reason for such phenomenon consists that the generalized LFSRgenerators appear protected from the attack of BM [14].

MATERIALS AND METHODS
Each LFSR-generator of PRN according to the scheme of Galois or Fibonacci is answered by unequivocally connected matrixes which we will name as well as corresponding generators, and to designate symbols G and F . A distinctive feature of matrixes of Galois and Fibonacci consists that on their basis it is possible to create the binary m-sequence similar to the numbers formed by classical LFSR-generator of PRN.
Let's the ( ) S k -state of the n -bit generator in the configuration of Galois after the k -th synchroimpulse, the calculation scheme of which is represented by the matrix expression, Our task is to make sure that the given PrP  The numeric above of the generator discharge characterize the logical signal level at the output of the corresponding register cell (trigger). As synchronous sends are received, a unit from the lower (right) digit of the generator moves to its higher digits, as it is shown in Fig. 2.
Note that the lower index 13 in the matrix designation ( ) n f G in (2) is nothing, but a 16-number system a record of PrP 1'0011 f = . We will use the same form of representation of numerical values of polynomials f in the future. Besides, we will take into account that the numbering of rows of Galois matrix is carried out from bottom to top and the columns -from right to left, different from the generally accepted ones. The chosen way of the numbering of matrix rows and columns ( ) n f G simplifies, as we will see later, the separate tasks of building a structural scheme of PRN LFSR-generators.
The sequence of PRN, formed by the LFSR-generator of Galois (Fig. 1), coincides with the sequence, calculated by the formula (1) for the matrix (2), and is summarized in Table 1.  It is easy to see that, firstly, the matrix rows (2) make up a set of linearly independent vectors, which makes (4) 13 G is a nonsingular matrix. Secondly, the matrix (4) 13 G , being substituted in equation (1), forms several four-digit codes, summarized in Table 1. In addition, thirdly, the top line of the matrix (2) is nothing but the PrP of the fourthdegree 1'0011 f = , in which the older unit is removed.
Based on the analysis of the matrix (4) 13 G , written out by the ratio (2), we come to the following rule of construction of CGM ( ) n f G of the order n generated by PrP degree n . Let us call it the Rule of GGM (1) . In item 4 the Rule of GGM will be introduced.
Rule of GGM (1) : The basis of the matrix By the general form (3) we will make, for example, the matrix of the eighth-order The scheme of LFSR-generator PRN in Galois configuration, corresponding to the matrix (4), is presented in Fig. 4  transposition relative to an auxiliary diagonal, The transformation (5) of the Galois matrix (4) leads to the Fibonacci's matrix, ( The scheme of LFSR-generator PRN in Fibonacci configuration, corresponding to the matrix (4), is presented in Fig. 4 The conjugate matrixes of Galois and Fibonacci of the eighth order, generated by matrixes (4) and (6) and transformations (5), look like: A structural scheme of conjugate LFSR-generators of PRN, corresponding to matrixes of Galois (8) 165 * G from (8) and Fibonacci (8) The set of  … V corresponding to this row is reduced to the remainder modulo PrP n f and, thus, the row becomes a n − bit because the vector deduction V is equal to the polynomial n f , which ejected the older unit. Synthesized by Rule (2) (as well as by Rule (1) ) the Galois matrixes Using ratio (10) and taking into account how GGM is formed, record the transformation chain x x Elements of the right vector-column inequality (11) are monomers, which, being represented in binary form, convert this vector-column into a single matrix, i.e.
which makes it possible to formulate the following statement.
Affirmation. The GGM ( ) , n f ω G of the order n above IP n f isomorphous to its constitutive element, which is a Therefore, according to the expressions (12) and (13), there is a mutually unambiguous correspondence (isomorphism) between GGM ( ) , which must satisfy the commutative product, are equivalent to the products of elements It is most convenient to choose the permutation matrixes P of the order n as matrixes for transformation (14) because reverse matrixes are just calculated for them The most important feature of the generalized of Galois matrixes is that the PRN generators based on linear shift registers with feedback formed by GGM are cryptoresistant about to the BM attack, which is explained in more detail in the next chapter.
Definition. Linear PRN generators will be called generalized if the feedback in the linear shift registers that make up the basis of the generators are formed by generalized matrixes of Galois or Fibonacci.
The relationships (5) and (7) enable the following representation of the relationship between the generalized Galois and Fibonacci matrixes, including their associated variants (Fig. 7)

Figure 7 -Transpose operators in multiple Galois and Fibonacci matrixes
All GGMs (as well as KGMs), which will include not only the Galois matrix G itself, but also those formed from G the right-hand transposition of the Fibonacci matrix F , as well as the corresponding conjugate matrixes * G and * F , are mutually unambiguously connected by the transformation of similarity (11), as shown in Fig. 8.
The .
Let us briefly explain the technology of using operators (15) and (16) whereas the operators (16) carry out transformations of this type: Let us consider an example of the synthesis of generalized primitive matrixes and generators of Galois, choosing as an irreducible binary polynomial of the fourth degree, which is not primitive and primitive SE, equal to 111. The matrices corresponding to the selected parameters are represented by the system (17).
The structural scheme of the generalized basic fourdigit of Galois generator, corresponding to GGM (4) , 7 f G , is presented in Fig. 9. .
Replacing in Fig. 9 the contents of cells of vertical registers of feedback by matrix elements (4) , 7 f F from the system (17), we get the scheme of PRN generator in the configuration of Fibonacci.
Structural scheme of the PRN generator, the conjugate scheme of the considered Galois generator, is presented in Fig. 10. If in the scheme in Fig. 10 to carry out the replacement of contents of cells of feedback registers by matrix elements (4) , 7 f * F from the system (17) we come to the conjugate generator of PRN in a configuration of Fibonacci.
Vertically arranged registers of generators, marked with a symbol at the top, implement the operation of bit multiplication and registers marked with a symbol ⊕the operation of adding the contents of the register on module 2.
Note that if the generators of PRN, which are shown in Fig. 9, the feedback circuits are "twisted" in a clockwise direction, and in the conjugate generators (Figures 10) -in a counter-clockwise direction. The binary sequences, formed by these generators, are given in Tables 3 and 4.
The general rules of conversion of linear operating systems of a known generator to feedback circuits of any of the remaining generators are shown in Table 2.  Table 3 -The multiplicative group formed by the PRN generator ( Fig. 9 or matrix (4) ,7 f G from (17) From the comparison of this Tables 1, 3 and 4 we can easily see that the binary sequences formed in the different bits of generators differ only in the order of the cyclic shift and satisfy all the postulates of Golomb [20], as it should be.
The meaning of the term "feedback schemes" of PRN LFSR-generators (by the example of generators, the structural schemes of which are presented in Fig. 4, 5) can be explained by referring to their stylized representation shown in Fig. 11.
Let's pay attention to such peculiarities of the links presented in Fig. 11. Feedback in the registers of basic generators G and F is done in a clockwise direction, while in the registers of conjugate generators * G and * F -counterclockwise.
Let's clarify the physical meaning of transformation operators in Table 1. The operator 1 means that the feedback scheme indicated by the symbol undergoes rotation on 180° relatively vertical axis. The operation 1 is similar to the operation of inverse permutation of matrix columns M , which is realized by multiplying it by the inverse permutation matrix 1 on the right. In turn, the operator 1

EXPERIMENTS
The attempt to increase the crypto-resistance of LSFRgenerators by increasing the order of registers and, accordingly, the degree of PrP used in the feedback circuits, comes up against a known problem [13]. The essence of it consists is as follows. In the open literary sources are given, as a rule, strongly rarefied IP of high orders. The use of such polynomials reduces the cryptographic strength of PRN generators. Besides, classic LFSRgenerators are subject to BM attacks, which narrows the scope of their applications.
The cryptographic strength of PRN LFSR generators is the ability of generators to withstand attacks, which allow us to calculate the minimum IP used in the feedback circuit of the shift registers. There are various ways to increase the cryptographic security of PRN generators. To their number concern: an introduction of nonlinear transformations, use of multi-register generators and several others.
Below it will be shown, that the transition from classical LFSR-generators of PRN to generators based on generealized matrixes of Galois and Fibonacci leads to the fact, that the algorithm of BM loses the ability to determine the IP is generating the generator of PRN. The reason for the noted feature of such generators is that the series of bits formed by them depends not only on the chosen IP, but also on the primitive constituent element involved in the formation of the feedback chain of the generator. For experimental confirmation of the stated statement, and the basic theoretical positions concerning properties of matrixes of a feedback, we shall address to results of computer modelling (reduced in Table 5) of the generalized eightdigit Galois generator of PRN. The PrP 100011101 f = was chosen as the polynomial forming the feedback loop of the generator.
According to Table 5, the eight forming elements located in the top row of the table is such that each of them leads to the correct solution produced by the BM tester. We will call such forming elements "weak keys" of the flow code, the encrypting gamma of which is formed by the analyzed PRN generator. It is quite easy to eliminate weak keys. For this purpose, it is enough to choose a polynomial that is not primitive.

RESULTS
The main research results achieved in this work are as follows. Firstly, the so-called generalized matrixes of Galois and Fibonacci are offered, which essentially expand the set of classical matrixes, involved in the construction of PRN generators in the corresponding configurations. Expansion of a set of matrixes is reached in two ways. In the first of them, the synthesis of matrixes is carried out using not reducible polynomials at all primitive. In classical PRN LSFR generators, only PrP can be used as generators. The second way of construction of matrixes it is supposed that as a forming element of matrixes any element (different from value 10), is a primitive element of the expanded field of Galois generated by the chosen IP can be accepted.
Another one significant scientific result can be formulated as follows. Unlike classical LSFR of PRN generalized generators are not subject to hacking according to BM algorithm. The reason for this property is that an attack on generalized generators can only be successful if, in addition to calculating the generating polynomial, the forming element of the generalized matrix is also determined. This pair of parameters together determine the structure of the feedback chain in the generator.
However, the BM algorithm is not designed to calculate both of these characteristics. This precisely explains the fact that the generalized PRN generators are not subject to BM-attacks and, thus, have a crypto-resistance that exceeds the crypto-resistance of classic PRN generators.

DISCUSSION
Visual perception of vectors adjoining the main diagonal of the square in Fig. 6, may give rise to an erroneous assumption. Indeed, the hypothesis that these vectors can be positioned relative to the auxiliary diagonal of the square (as shown, for example, in Fig. 12) may seem consistent. None of the variants of vectors placement on the auxiliary diagonal of the square can be considered as an alternative to their placement on the main diagonal. The reason for this conclusion is as follows. Let us consider, for example, the classical of Galois matrix represented by expression (2). Having unfolded this matrix relative to the vertical axis, we obtain The PRN sequence, generated by the matrix (18) and ratio (1), is presented in Table 6.  As it follows from Table 6, the sequence of PRN formed by the generator (18) does not produce a multiplicative group. In addition, the sequence length equal to two is not a divider of the maximum order, which is 15 for the considered four-digit generator. Therefore, the variant of arrangement of vectors of forming elements in the vicinity of the auxiliary diagonal (as shown in Fig. 12) is unacceptable for the construction of generating matrices.

CONCLUSIONS
The main problem with the stream ciphers, whose gamma function is generated by LFSR-generators (such as A5 ciphers used for encoding in GSM standard), is the following. The cryptanalyst with the help of the BM algorithm has an opportunity to reconstruct the PrP, using which a one-loop feedback circuit is formed in the LFSRgenerator under test. This attack on the LFSR-stream ciphers is easily eliminated. For this purpose, it is enough to refuse from the use of classical registers with single-loop feedback circuits, having replaced them with generalized LFSR with multiline feedback circuits. Such multiline circuits can easily be constructed using generalized Galois, Fibonacci matrices or their associated variants.
The scientific novelty of obtained results is that the unlike classical LFSR-generators of PRN, the scheme of single-circuit feedback in which is defined by a PrP, in the developed generalized LFSR-generators of PRN multi-circuit feedback in registers of the shift are formed not necessarily PrP. Feedback polynomial can be an ordinary IP. However, the element participating together with the IP in the formation of generalized matrixes of Galois and Fibonacci, using which the multi-circuit feedback circuits are created, should be a primitive element of the expanded field of Galois, generated by IR. The main advantage of the proposed PRN generators is that they are free from BM attack.
The practical significance of the obtained results is that the development of purely software algorithms for generating PRN basis on generalized Galois and Fibonacci matrices or their associated variants. Such way of construction, the generators PRN, unlike hardware LFSRsystems, provides the possibility of more flexible control the parameters of the generator, such as not reducible polynomials and primitive forming elements, which gives the basis to recommend the offered algorithms for use in practice.
Prospects for further research are too focused on the generalization of BM algorithm in such a way that to provide the possibility of calculation not only IP of feedback but also the forming element of the generalized matrix of Galois or Fibonacci.