We present a new approach to constructing of pseudo-random binary sequences (PRS) generators for the purpose of cryptographic data protection, secured from the perpetrator's attacks, caused by generation of masses of hardware errors and faults. The new method is based on use of linear polynomial arithmetic for the realization of systems of boolean characteristic functions of PRS' generators. "Arithmetizatio" of systems of logic formulas has allowed to apply mathematical apparatus of residue systems for multisequencing of the process of PRS generation and organizing control of computing errors, caused by hardware faults. This has guaranteed high security of PRS generator's functioning and, consequently, security of tools for cryptographic data protection based on those PRSs.
Introduction
PRS' generators play an important role in building of communication with cryptographic data protection [1, 2] . From the list of known attacks on information security is important type of attacks, based on the generation of hardware errors functioning of the nodes forming the binary PRS [3] . To ensure the required level of interference and fault tolerance of digital devices developed many methods, the most common of which are backup methods and methods of errorcorrecting coding [4] . However, allocation methods do not provide the required levels of fault tolerance for restrictions on hardware costs, and methods of errorcorrecting coding is not adapted to the specifics of construction and operation means of data protection (MDP), in particular, the generators of the PRS.
Analysis of attacks based on hardware faults generation
Currently, the following types of attacks on sites of formation of binary PRS are considered (attack on) [5] :
• analysis of results of power consumption measurements;
• analysis of results of operations performance duration;
• analysis of accidental hardware faults;
• analysis of intentionally generated hardware faults, etc.
The last two types of faults are not investigated enough currently and thus are threatening to the information security of the functioning of modern and perspective MDP. The origin of those attacks lies in the use of thermal, high frequency, ionizing and other types of external influences onto MDP for the purpose of creation of masses of faults in hardware functioning by initialising of computing errors.
Hardware attacks can be divided into two classes:
1. Direct hardware attacks. The consequences of those attacks are failures of data protection tools. There is a method of analysis of the consequences of those failures. These types of attacks mean that in distortion in the certain places algorithm of transformation, which results in computing errors. Those errors can lead, for example, to repeated generation of the elements of PRS or in generation of faulty elements of PRS, which is unacceptable 2. Attacks on post failure recovery means. Some systems do not recovery means. If the system protection is destroyed, it is impossible to restore the operational mode. That is why such systems need to have means of protection against attacks of the malefactor and to support the possibility of updating the security system without stopping the programme running.
Attacks, based on errors generation by means of external influence are highly efficient for the majority of currently known and used algorithms of PRS generation. It is known that probability of error generation is proportional to the time corresponding registers has been affected by the radiation, if the registers are in favourable condition for error occurrence, and to the quantity of bits, in which the error occurrence is expected. The most widely used and proven means of creating PRS are algorithms and structures -Linear feedback shift register (LFSR) -of PRS generation, based on the use of feedback functions of logic [1, 2] .
The structure of LFSR is determined by the forming polynomial:
where τ, t i ∈ N and characteristic equation based on it:
where x p , c i ∈ {0, 1}; p ∈ N ; i = 0, 1, . . . , τ − 1; c i∈{0, t1, t2, ..., t l } = 1.
In linear algebra the next element of PRS x p+τ is calculated as the following multiplication:
When the described attack is performed the conditions arise for PRS modification or its repeated generation. The effect of repeated generation of a site of PRS is explained by means of Fig. 1 (the forming polynomial: D(χ) = χ 4 +χ+1; the characteristic equation: x p+4 = x p+1 ⊕ x p ; the initial conditions:
Thus, those attacks, which are based on creating the conditions under which mass hardware errors occur, are threatening for MDP. One of the ways of solving this problem is development of methods for increasing the reliability of the functioning of sites of data protection tools, mostly subjected to attacks oft he described type, in particular the sites of forming of the encryption algorithm (cipher), based on PRS generation.
Analysis of methods for reliable binary PRS generation
Currently the required level of functional reliability of the sites of binary PRS generation is reached both by using of excessive devices (reservation) and timely excess by various repetitions of the calculations. In digital schemotechnics there are solutions known, based on use of methods of error-correction coding [4] . In order to use those methods for PRS generators it is necessary preliminary to solve the issue multisequencing the process of PRS calculations. The solution is based on the use of classic parallel algorithms of recursion [10] .
For example, for the characteristic equation:
corresponding to treen D(χ) = χ τ + χ t + 1, it is possible to build a system of characteristic equations: Similarly, for the general equation (1):
where c
. The principle of parallel lasing elements PRS based on (3) is illustrated by a graph (see Fig. 2 )
Step q System (3) forms an information matrix:
Thus we obtain the q-th block of the PRS:
To create the conditions for the application of separable linear redundant code will get form a matrix G Gen , consisting of the information and the check matrix by adding (3) validation expressions:
where r -the number of redundant symbols used linear code, a A generator matrix takes the form: Then the q-th block of the PRS with the control numbers (linear block code):
⊤ is calculated by:
Procedure error-correcting decoding is performed using the known rules [4] . The application of linear redundant codes and methods "hot" standby is not the only option for the implementation of functional diagnostics and fault tolerance of digital devices. Example graph parallel generation elements PRS error control computations is shown in Fig. 3 .
Important advantages for these purposes have redundant arithmetic codes, in particular, so-called AN -codes and residue number systems (RNS) codes. The application of these codes to monitor logical data types and fault tolerance implementing devices became possible with the introduction of logical operations arithmetic expressions [11] , in particular linear numerical polynomials (LNP) and modular forms [12] .
Step q y y y y y y y y y y ✤ ✤ ✤
y y k k ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳ ❳❳
Step
Step 1 
Error control operation of the PRS generators, based on "arithmetization" logical account
At the end of the last century there was formed a new direction parallel logic computation by the arithmetic (numeric) polynomials [11] . In particular received position "Modular arithmetic parallel logic computation" of the unification of the theoretical foundations of RNS [13, 14, 15] and theoretical foundations of parallel logic computation by the arithmetic of polynomials. The objective of the Association is to use advantages of RNS, i.e. parallelization arithmetic, error control calculations [16] in real time and ensure high availability of computing equipment, in the field of parallel logical account. In the following, these provisions were developed in various aspects, in particular, to-wards the implementation of cryptographic functions [17, 18] . In particular, it was considered parallel generators PRS based, in General, nonlinear (canonical) arithmetic polynomials. Using use of LNP proposed by prof. V.D. Malyugin [11] for the construction of parallel generators PRS possible to reduce the maximum length of realizing polynomial to a value of n + 1, where n -number of arguments of a Boolean function implemented [18] . In this paper, this method is used as the basis for the construction of safe (self-checking, fault-tolerant) generators on the basis of the excess bandwidth RNS.
It is known [19] that the q-th block of land PRS can be represented by a single LNP. The system of characteristic equations (3) must submit, as a system of Boolean functions, which in turn must be converted into a system:
where g
j (here and then) takes the value "0" or "1" depending on the entry in the i-th LNP x q−1, j ; i, j = 0, 1, . . . , τ − 1.
The result of the calculation of i-LNP system appears to be a binary word of length l i = ⌊log(
j )⌋ + 1, where ⌊a⌋ -the largest integer. Calculated total LNP:
The final result is formed by implementing operator masking Ξ ϕ {U }, which is used to determine the values of the ϕ-th Boolean function representation figure 3 .
In RNS a nonnegative coefficient LNP (4) h j is uniquely represented by a set of residues on the grounds RNS (m 1 , m 2 , . . . , m n < m n+1 < . . . < m k -pairwise simple): Consider RNS specified grounds m 1 , m 2 , . . . , m n , m n+1 . Each coefficient LNP h j can be written as (5) and get redundant code RNS represented by the LNP system:
(6) Substituting in (6) values of RNS residue on the appropriate grounds for each coefficient (4) and the values of the variables x q−1, 0 , . . . , x q−1, τ −1 , get the values of LNP system (6), where
In accordance with the Chinese remainder theorem solve the system of equations:
Since m 1 , m 2 , . . . , m n , m n+1 are pairwise prime, then the only solution of (7) gives the expression:
where
Graph parallel generation PRS based on (8) is shown in Fig. 4 . The occurrence of the result of the calculation (8) in the range (control expression):
means the absence of detectable errors of calculations.
y y 
Reconfiguration of equipment
Restore reliable operation of the generator of the PRS in the case of longterm failure is possible by correcting an error or reconfiguration of equipment generator (active redundancy). The first option is unacceptable because it does not guarantee no penetration of undetectable errors in the result of the encryption. By methods of modular redundant coding is made possible to apply a variant of the reconfiguration of the equipment by excluding from the operation of the failed equipment.
After localization of the faulty equipment -for example -a single channel operation RNS, the reconfiguration operation is performed by the calculation custom integrated circuits, in particular used for the implementation of number theoretic transformations in the field of digital signal processing.
The implementation of the PRS generators using LNP and redundant RNS allows to obtain a new class of solutions aimed at the safe implementation of the logical cryptographic functions, in particular parallel generators PRS. This is provided as a functional control equipment (in real time), and its fault tolerance through reconfiguration of the structure of the evaluator in the process of its degradation. Classic LFSR considered in the present work, is the basis and more complex, for example, combining generators PRS. Use for the implementation of the PRS generator modular arithmetic provides the possibility of applying the proposed solutions in the hybrid cryptosystems (including asymmetric) [18] . When this arithmetic calculator that supports the implementation of asymmetric cryptographic algorithms may be used to implement systems of Boolean functions (elements PRS).
