=Paper=
{{Paper
|id=Vol-2254/10000139
|storemode=property
|title=Two-dimensional
control and assurance of data integrity in information systems based on
residue number system codes and cryptographic hash functions
|pdfUrl=https://ceur-ws.org/Vol-2254/10000139.pdf
|volume=Vol-2254
|authors=Sergey Dichenko,Oleg Finko
}}
==Two-dimensional
control and assurance of data integrity in information systems based on
residue number system codes and cryptographic hash functions==
https://ceur-ws.org/Vol-2254/10000139.pdf
Two-dimensional control and assurance of data integrity
in information systems
based on residue number system codes and
cryptographic hash functions
Sergey Dichenko Oleg Finko
University Teachers Professor
Institute of Computer Systems and Institute of Computer Systems and
Information Security of Kuban Information Security of Kuban
State Technological University State Technological University
Krasnodar, Russia Krasnodar, Russia
dichenko.sa@yandex.ru ofinko@yandex.ru
Abstract
The method of two-dimensional control and assurance of data integrity
with the possibility of their recovery for information systems operating
under conditions of random errors as well as errors generated through
deliberate actions of the attacker is proposed. The data recovery pro-
cedure is based on the application of the mathematical apparatus of
redundant residue number system codes, and the control (verification
of the recovered data validity (reliability, accuracy)) of data integrity
is performed by means of cryptographic methods.
1 Introduction
At present, users of various information systems are facing the tasks of protecting the data processed in them.
One of the measures to ensure the security of data processed in information systems is the protection of their
integrity [ISO05].
The problem solution of data integrity protection becomes especially urgent during the operation of widely
created data processing centers when using different processing facilities in their composition with different
building structures and operating principles under conditions of both random errors and errors generated through
deliberate actions of an attacker (unauthorized data modification (for example, through the action of malicious
code) or the failure of a part of the media (for example, individual cells, sectors)).
The challenge of data integrity protection is complicated because of its complexity, as it involves not only data
integrity control, but also its provision, which means the restoration of data whose integrity has been violated
for some reason.
There are various ways of solving the problem of control and assurance of data integrity, among which the
following are of the greatest interest.
Copyright c by the paper’s authors. Copying permitted for private and academic purposes.
In: Marco Schaerf, Massimo Mecella, Drozdova Viktoria Igorevna, Kalmykov Igor Anatolievich (eds.): Proceedings of REMS 2018
– Russian Federation & Europe Multidisciplinary Symposium on Computer Science and ICT, Stavropol – Dombay, Russia, 15–20
October 2018, published at http://ceur-ws.org
�2 Analysis of existing solutions for control and assurance of data integrity
There are known ways to control the data integrity by calculating checksum values and comparing them with
reference values, as well as methods based on the use of cryptographic methods: key and keyless hashing, means
of electronic signature [Knu73, Men96, Bih07, Bel06]. The disadvantage of these methods is the lack of the
ability to insure their integrity without introducing an additional data recovery mechanism.
There are known ways to ensure the integrity of data through the use of various types of reservation (using
hardware or software implementation of RAID technology (Redundant Array of Independent Disks) (RAID
arrays)), duplication methods, redundant coding methods [Hen13, Mor06, Ham80]. The disadvantage of these
methods is high redundancy.
The presented solutions show that some of the methods allow to control the data integrity by comparing the
values of the reference and calculated hash-codes of the hash function (checksums) when requesting the use of
processed or stored data, but the lack of a mechanism for their recovery does not allow their integrity assurance.
Other methods, on the other hand, provide data integrity by restoring them, for example, from a backup copy,
but their practical use without data integrity control is ineffective. Individual methods allow for control and
ensure the data integrity, however, of valuable high redundancy.
The most popular solutions are the complex protection of data integrity associated with the simultaneous solu-
tion of control tasks and ensuring data integrity, which is achieved by consistently applying first the cryptographic
transformation to data, and then applying the technology of data backup.
At the same time, data integrity protection is relevant both for systems of RAID type, where all media are
located in one constructive block, and for distributed storage systems, that is, for network storage.
Thus, in order to protect the data integrity, when considering this notion in a complex, it is necessary to
aggregate existing solutions. Combining the known methods in one allows you to control and ensure the data
integrity.
3 Choosing ways to control the data integrity and recovery to share them while
ensuring integrity
A method [App05] is known where, before writing to a RAID array (after reading), the data is encrypted
(decrypted) by a dedicated device connected to the PCI-tyre, the encryption key being read from an external
storage device and/or requested from the user. In [Pat12], before writing to the array, the data is divided into
several segments, after which the checksums are calculated separately from the data from each segment. The
data segments and checksums are further distributed over the disks of the RAID array.
In [Pat10], a method of protecting data in a network storage is proposed, where a user’s request for reading
(writing) data first passes the authorization procedure, and only if the operation is allowed, the data on the
network storage is decrypted (encrypted) accordingly. The keys of encryption (decryption) are stored on the
client side.
Another version of combined protection is proposed in [App11], where the data is stored in the cloud, and the
encryption module is stored not on the client side, but on the side of the cloud storage provider. This solution is
intended, as a rule, to protect the backup copies of data in the cloud, although the original data is stored on the
client side in its original form. In order to protect the data, the data file is first divided into parts, and then each
part is transformed using a cryptographic algorithm and written to one or more media in the cloud. Protection
is provided when data is lost on the client side. In this case, the backup is restored from the cloud.
The disadvantage of the presented combined methods is the high redundancy, as well as the lack of the
possibility, without the introduction of an additional monitoring mechanism, to verify the validity (reliability,
accuracy) of the recovered data while ensuring their integrity.
In order to eliminate the drawbacks of the known combined methods, a solution is proposed in which crypto-
graphic methods are chosen to perform data integrity control, in particular, a hash function designed specifically
for this purpose, and the data recovery procedure is performed by using redundant residue number system codes,
the application of the mathematical apparatus of which allows to provide minimal redundancy, and most impor-
tantly, provides, when used together with cryptographic methods the construction of unique scheme which allows
to verify the validity (reliability, accuracy) of recovered data while ensuring its integrity in case of violation.
�4 Structural-parametric synthesis of the system of parallel control and assurance
of data integrity
For control and integrity purposes, the data blocks Mi (i = 1, 2, . . . , n), to be protected are represented in the
form of sub-blocks of fixed length Mi = {mi, 1 ||mi, 2 || . . . ||mi, n }, where 0 ≤ mi, j < pi, j (i, j = 1, . . . , n;
pi, j ∈ N); “||” — is the concatenation operation, n — is the number of data blocks Mi , to be protected, and
also fixed-length sub-blocks in each data block under consideration Mi . And the length of the data blocks Mi .
Obtaining the matrix W:
m1, 1 m1, 2 · · · m1, n
m2, 1 m2, 2 · · · m2, n
W= . .. .
. .. . .
. . . .
mn, 1 mn, 2 · · · mn, n
To implement integrity control, a hash function is applied to the data blocks Mi , the construction rules of
which are defined in [ISO08]. The received hash-codes Si (or MAC) hash functions h(Mi ) (or hk (Mi ), k — secret
key) from data blocks Mi will be the reference codes, we obtain the matrix Ψ:
m1, 1 m1, 2 · · · m1, n → s1, 1 s1, 2 · · · s1, n
m2, 1 m2, 2 · · · m2, n → s2, 1 s2, 2 · · · s2, n
Ψ= . .. ,
.. .. .. .. .. ..
.. . . . ··· . . . .
mn, 1 mn, 2 ··· mn, n → sn, 1 sn, 2 ··· sn, n
where Si = {si, 1 ||si, 2 || . . . ||si, n }; si, j ∈ {0, 1} (i, j = 1, . . . , n).
Now consider the data blocks Mj (j = 1, 2, . . . , n) represented by sub-blocks m1, 1 , m2, 1 , . . . , mn, 1 ;
m1, 2 , m2, 2 , . . . , mn, 2 ; . . . ; m1, n , m2, n , . . . , mn, n . The sub-blocks of the mi, j data blocks under considera-
tion Mj are interpreted as the minimum nonnegative deductions from the generically ordered, mutually simple
modules pi, j , and form an information super-block of the residue number system (RNS) codes.
As a result of the base extension, we obtain redundant sub-blocks mn+1, 1 , mn+2, 1 , . . . , mk, 1 ;
mn+1, 2 , mn+2, 2 , . . . , mk, 2 ; . . . ; mn+1, n , mn+2, n , . . . , mk, n , the set of which together with the sub-blocks form-
ing a single super-block of elements form a vector of redundant residue number system (RRNS) codes.
We get the matrix Υ with redundant sub-blocks of the vector of RRNS codes:
··· s1, 1 s1, 2 · · · s1, n
m1, 1 m1, 2 m1, n
m2, 1 m2, 2 ··· m2, n s2, 1 s2, 2 · · · s2, n
.. .. . .. .. ..
.. .. ..
.
. . . . . .
mn, 1
m n, 2 · · · mn, n s n, 1 sn, 2 · · · sn, n
Υ= ↓ .
.. .
↓ ↓
mn+1, 1 mn+1, 2 · · · mn+1, n
mn+2, 1 mn+2, 2 · · · mn+2, n
. .. .. ..
..
. . .
mk, 1 mk, 2 ··· mk, n
P−1+log pi, j (t) t P−1+log pi, j P−1+log pi, j (t) j−1
Let: si, j = t=0 ςi, j 2 ; mi, j = t=0 µ(t)i, j 2i−n−1 ; gi, j = t=0 ζi, j 2 ;
µi, j , ςi, j , ζi, j ∈ {0, 1}. Then the numbers mi, j , si, j and gi, j can be mapped to binary vectors:
si, j = [ ςi,(0)j ςi,(1)j . . . ςi,(−1+log
j
pi, j )
]; mi, j = [ µ(0)
i, j
(1) (−1+log pi, j )
µi, j . . . µi, j ];
gi, j = [ ζi,(0)j ζi,(1)j . . . ζi,(−1+log
j
pi, j )
]. We add the i-th sub-blocks of hash-codes Si with j-th redundant
∗
sub-blocks of data blocks Mj of the vector of RRNS codes:
Gi = Si ⊕ M∗j = [ si, 1 ⊕ mn+1, j si, 2 ⊕ mn+2, j ... si, n ⊕ mk, j ]
where the sign “⊕” denotes the summation in the GF(2);
Si = [ si, 1 si, 2 ... si, n ]; M∗j = [ mn+1, j mn+2, j ... mk, j ]; Gi = [ gi, 1 gi, 2 ... gi, n ].
� We obtain the matrix Ω:
m1, 1 m1, 2 ··· m1, n g1, 1 g1, 2 ··· g1, n
m2, 1 m2, 2 ··· m2, n g2, 1 g2, 2 ··· g2, n
Ω= . .. . (1)
.. .. .. .. ..
.. . . ··· . . . .
mn, 1 mn, 2 ··· mn, n gn, 1 gn, 2 ··· gn, n
At the end of the preparatory stage of the construction of the system (Figure 1), the data subject to protection
is presented in the form (1), which will allow control and ensuring their integrity.
Input Representing
data Formation data blocks Mi as
of the data block Mi sub-blocks
mi,1, mi,2, …, mi,n
Calculating
Calculation redundant
of the hash-code Si sub-blocks
hash-function h(Mi) mn+1,j, mn+2,j,…, mk,j
Adding sub-blocks Formation
Data blocks Mi Output
si,1, si,2, …, si,n of data blocks Mi
with sub-blocks
with sub-blocks with sub-blocks
gi,1, gi,2, …, gi,n Data
mn+1,j, mn+2,j,…, mk,j gi,1, gi,2, …, gi,n
processing
Trusted hash storage
environment Representing
hash-codes Si
hash-functions h(Mi) in
the form of sub-blocks
si,1, si,2, …, si,n
Figure 1: A diagram explaining the preparatory stage of the system construction
5 Procedure for control of data integrity
When requesting the use of data (the main stage) to be protected, they are control for their integrity, which can
be ensured by performing the base extension the information super-block of RRNS codes [Baj04, Baj05], with
this redundant sub-blocks are created m0n+1, 1 , m0n+2, 1 , . . . , m0k, 1 ; m0n+1, 2 , m0n+2, 2 , . . . , m0k, 2 ; . . .
. . . ; m0n+1, n , m0n+2, n , . . . , m0k, n of the data blocks Mj∗0 of the vector of the RRNS codes, where “•0 ” denotes
that changes could occur in sub-blocks m01, 1 , m01, 2 , . . . , m01, n ; m02, 1 , m02, 2 , . . . , m02, n ; . . . ; m0n, 1 , m0n, 2 , . . . , m0n, n
of data blocks Mi0 .
The matrix Ω with the redundant sub-blocks of the vector of RRNS codes takes the form:
0
m1, 1 m01, 2 ··· m01, n 0
g1, 0
g1, · · · g1, 0
1 2 n
m02, 1 m02, 2 ··· m02, n 0
g2, 1
0
g2, 2 · · · g2, 0
n
.. .. . . . .
.. .. .. .. .. ..
. . . .
0 0 0 0 0 0
mn, 1
m n, 2 · · · m n, n gn, 1 g n, 2 · · · gn, n
0
Ω = ↓ .
.. .
0 ↓ ↓
0 0
n+1, 1 mn+1, 2 · · · mn+1, n
m
m0 0 0
n+2, 1 mn+2, 2 · · · mn+2, n
. .. .. ..
..
. . .
m0k, 1 m0k, 2 ··· m0k, n
0
We perform the inverse transformation (here the bit vectors gi,j , m0i, j is equivalent to the numbers gi,j
0
, m0i,j ):
S0i = G0i ⊕ M∗0 0 0
j = [ gi, 1 ⊕ mn+1, j
0
gi, 0
2 ⊕ mn+2, j ... 0
gi, 0
n ⊕ mk, j ]
� 0
where S0i = [ s0i, 1 s0i, 2 . . . s0i, n ]; M∗0
j = [ mn+1, j m0n+2, j . . . m0k, j ]; i = j.
Compare the values of the hash-codes obtained S0i to the values of the previously calculated hash-codes S00i
(or Si ) hash function h(M0i ). Based on the results of the comparison, let’s make a conclusion:
I about the absence of violation of data integrity, at S0i = S00i (or S0i = Si );
I about data integrity violation, when S0i 6= S00i (or S0i 6= Si ).
6 Procedure of ensuring the data integrity
If the values of the hash-codes of the hash function compared with each other are different, which will be
characterized by the occurrence of an error (violation of integrity) in the data being processed, we shall perform
its localization.
The localization of the detected error (sub-blocks m̃i, j with integrity violation) is performed initially on the
rows of the matrix Ω0 (the i-th data block with the integrity violation, which includes the sub-block m̃i, j is
determined), and then on the columns (the j-th data block with integrity violation, which includes the sub-block
m̃i, j is determined).
A data block M̃i with integrity violation, whose sub-blocks are located along the row of the matrix Ω0 , is
determined from the results of a comparison of the calculated and reference hash-codes of the hash function.
A data block M̃j with an integrity violation whose sub-blocks are arranged along the column of the matrix Ω0
is determined by means of a mathematical apparatus RRNS codes based on the fundamental provisions of the
Chinese remainder theorem.
In accordance with the mathematical apparatus of RNS [Baj04], in which the tested data block Mj will
be interpreted as a nonnegative integer Aj unambiguously represented by a set of residues on RNS basis
p1, j , p2, j , . . . , pn, j < pn+1, j < . . . < pk, j :
Aj = (α1, j , α2, j , . . . , αn, j , αn+1, j , . . . , αk, j ),
where Pn, j = p1, j p2, j . . . pn, j > Aj ; αi, j = |A|pi, j ; | • |p — is the smallest nonnegative residue of the number “•”
modulo p; j = 1, 2, . . . , n, n + 1, . . . , k; i = 1, 2, . . . , n; p1, j , p2, j , . . . , pn, j < pn+1, j < . . . < pk, j — are
pairwise simple.
The resulting residues αi, j will be interpreted as sub-blocks mi, j of the data block Mj , that is, the rem-
nants of the RNS α1, j , α2, j , . . . , αn, j will be interpreted as sub-blocks m1, j , m2, j , . . . , mn, j and will be con-
sidered informational (informational group n sub-blocks), and αn+1, j , . . . , αk, j — interpreted as sub-blocks
mn+1, j , . . . , mk, j and considered as control (redundant) (control (redundant) group (k − n) sub-blocks). The
RNS itself is in this case extended, where Pk, j = Pn, j pn+1, j . . . pk, j , and covers the complete set of states
represented by all k deductions. This area will be the full range of the RNS [0, Pk, j ) and consist of a
working range [0, Pn, j ), where Pn, j = p1, j p2, j . . . pn, j , is defined by nonredundant of the RNS bases (sub-
blocks m1, j , m2, j , . . . , mn, j ), and a range [Pn, j , Pk, j ) defined by redundant of the RNS bases (sub-blocks
mn+1, j , . . . , mk, j ) and representing invalid area. This means that operations on the number Aj are performed
in the range [0, Pk, j ), and if the result of the RNS operation goes beyond the Pn, j , then there is a conclusion
about the calculation error. Checking this rule allows you to localize the error in the data block M̃j of the matrix
Ω0 .
Example 1
Choose a base system p1 = 2, p2 = 3, p3 = 5, p4 = 7 for which the operating range is P4 = p1 p2 p3 p4 =
= 2 · 3 · 5 · 7 = 210. Then introduce the control bases p5 = 11, p6 = 13, then the full range is defined as
P6 = P4 p5 p6 = 210 · 11 · 13 = 30030.
Let us calculate the orthogonal bases of the system: B1 = (1, 0, 0, 0, 0, 0) = 15015; B2 = (0, 1, 0, 0, 0, 0) =
= 20020; B3 = (0, 0, 1, 0, 0, 0) = 6006; B4 = (0, 0, 0, 1, 0, 0) = 25740; B5 = (0, 0, 0, 0, 1, 0) = 16380;
B6 = (0, 0, 0, 0, 0, 1) = 6930.
Given a number A = (1, 2, 2, 3, 6, 4) = 17. Instead of it, after data processing we received
à = (1, 2, 2, 3, 1, 4). To localize the error, calculate the value of the number Ã:
à = 1 · 15015 + 2 · 20020 + 2 · 6006 + 3 · 25740 + 1 · 16380 + 4 · 6930 − R · 30030 = 8207 > 210.
The resulting number is incorrect (Ã > 210), which indicates an error in the processing of data. As a result
of localization, it was determined that the number α̃5 on the base p5 = 11 was wrong.
� After determining the data blocks M̃i and M̃j with broken integrity, a decision is made that an error occurred
in the sub-block m̃i, j , located at the intersection of the localized row and column of the matrix Ω0 an error
occurred (data integrity violation). After localizing the error (finding the sub-block m̃i, j with integrity violation),
we perform a reconfiguration, the possibility of which is provided by RRNS codes [Yan01].
The reconfiguration is performed by calculating A∗ from the system of equations:
A∗ = |α1 |p1 , · · · , A∗ = |αn |pn , · · · , A∗ = |αk |pk ,
on the “correct” bases of the RNS:
A∗ = |α̃1 B1, r + . . . + α̃n Bn, r + . . . + α̃k Bk, r |Pr , (2)
Pr µi, r Pk
where α̃i — residue with error; Bi, r — orthogonal bases; i, r = 1, . . . , n, . . . , k; i 6= r; Bi, r = ; Pr = ;
pi pr
Pr µi, r
µi, r is chosen so that the following comparison takes place: ≡ |1|pi .
pi
Let’s compile Table 1 containing the values of the recalculated orthogonal bases and modules of the system,
provided that a single error occurs on each basis of the RNS, respectively.
Table 1: Table of values of orthogonal bases and modules of the system
i B1, r ··· Bn, r ··· Bk, r Pr
P1 µn, 1 P1 µk, 1
1 0 ··· ··· p2 . . . pn . . . pk
pn pk
.. .. .. .. .. .. ..
. . . . . . .
Pn µ1, n Pn µk, n
n ··· 0 ··· p1 . . . pn−1 pn+1 . . . pk
p1 pk
.. .. .. .. .. .. ..
. . . . . . .
Pk µ1, k Pk µn, k
k ··· ··· 0 p1 . . . pn . . . pk−1
p1 pn
After calculating A∗ on the correct bases of the system, we calculate αi instead of the previously excluded
from the calculation residue with error α̃i :
αi = |A∗ |pi . (3)
Example 2
In accordance with (2) we calculate A∗ (the initial data from Example 1 ), using Table 1, we obtain
A∗ = |α1 B1, r + . . . + α̃5 B5, r + α6 B6, r |P5 = |1 · B1, r + . . . + 0 · B5, r + 4 · B6, r |P5 = 17.
In accordance with (3), we calculate αi , we obtain
αi = |A∗ |pi = |17|11 = 6.
In the proposed system, a set of sub-blocks m1, j , m2, j , . . . , mn, j , mn+1, j , . . . , mk, j , which is interpreted as
RRNS codes that allow to detect an error at any stage of their processing (provided that the multiplicity of the
guaranteed error to be detected tdet = dmin − 1, where dmin — is the minimum code distance).
Restoration of data blocks Mj0 in case of their integrity violation is possible by excluding from the recovery
process any r sub-blocks without sacrificing the unambiguous representation (where r = k −n — is the number of
additional sub-blocks), so that the system of sub-blocks of data blocks Mj0 will be interpreted as nonsystematic
code, or an inseparable code, and then the sub-block is calculated mi, j instead of the previously excluded
sub-block m̃i, j with the detected error.
Thus, the integrity of the data block Mi was ensured by control and restoring the data sub-block m̃i, j with
broken integrity. Performing the verification of the data validity (reliability, accuracy) after recovery while
� Recovered data blocks Mʹi
Output
Input Checking data
the data blocks
Mʹi integrity Mʹi
Calculating Calculating
redundant sub-blocks hash-code Sʹʹi
mʹn+1,j, mʹn+2,j,…, mʹk,j hash-function h(Mʹi)
The operation The result
of comparing of comparison
Input hash-code Sʹ i
Calculating and hash-code Sʹʹi
Gʹi hash-code Sʹ i hash-functions h(Mʹi)
hash-code Si
Ensuring integrity
(restoring
Trusted hash storage data blocks Mʹi)
environment
Figure 2: Scheme explaining the main stage of the system construction
ensuring their integrity in case of violation is performed by comparing the value of the previously calculated
hash-code Si0 with the value of the calculated hash-code Si00 hash function h(Mi0 ) already from the restored data
block Mi0 (Figure 2).
The general scheme of the developed method of two-dimensional control and data integrity in information
systems based on RNSC and cryptographic hash functions is shown in the Figure 3.
Input
data Source Recovery
scheme organ
Output
data
Solver
Decision
to use the data
Control
scheme
Figure 3: The general scheme of the developed method
7 Evaluation of the developed method
Evaluation of the developed method is carried out in comparison with the most popular of existing solutions
integrated protection of data integrity, which consistently applies first cryptographic data transformation to
control their integrity, and then a backup technology copy data to restore them in case of violation of integrity.
The indicator of quality is the redundancy factor Kred , which is calculated by the formula:
(con) (ass)
Vred.d + Vred.d
Kred = , (4)
Vprot.d
(con) (ass)
where Vred.d — is the amount of redundant data entered to control the integrity of the protected data, Vred.d —
is the amount of redundant data entered to assurance the integrity of the protected data, Vprot.d — is the amount
of data to be protected. The criterion of quality is Kred → min.
(con)
Since the amount of redundant data Vred.d introduced to control integrity in the developed method and the
�existing solution are equal, then (4) takes the form:
(ass)
Vred.d
Kred = . (5)
Vprot.d
In accordance with (5) for the existing solution Kred = 1, since the amount of input redundancy is equal to
(ass)
the amount of data being protected (Vred.d = Vprot.d ).
At the same time, to provide a level of data security, implemented in the technology of backup, in case of
violation of integrity up to 2 sub-blocks of the data block you need to use the RRNS codes with two excess
bases, in this case the redundancy of the control information is reduced from 100% (with backup technology) to
30-40% (RNS).
8 Conclusion
The results obtained provide scientific and engineering tools for control and ensuring the data integrity with
the ability to verify their validity (reliability, accuracy) after recovery in case of violation of their integrity and
provide the necessary conditions for creating promising and improving existing information systems for various
purposes.
References
[ISO05] ISO/IEC 17799:2005. Information technology — Security techniques — Code of practice for information
security management, 2005.
[Knu73] D. E. Knuth. The Art of Computer Programming — Volume 3 / Sorting and Searching. Addison-
Wesley, 1973.
[Men96] A. J. Menezes, P. Oorschot, S. Vanstone. Handbook of Applied Cryptography. CRC Press, Inc, 1996.
[Bih07] E. Biham, O. Dunkelman. A framework for iterative hash functions. — HAIFA. ePrint Archive, Report
2007/278, 2007.
[Bel06] M. Bellare. New Proofs for NMAC and HMAC: Security without Collision-Resistance. CRYPTO,
ePrint Archive, Report 2006/043, 2006.
[Hen13] S. Henry, Jr. Warren. Hacker’s delight. Addison-Wesley, 2nd edn, 2013.
[Mor06] R. H. Morelos-Zaragoza. The Art of Error Correcting Coding. Addison-Wesley, 2nd edn, 2006.
[Ham80] R. Hamming. Coding and Information Theory. Prentice-Hall, 1980.
[App05] US Patent Application N20050081048, publ. 14/04/2005.
[Pat12] US Patent N8209551, publ. 26/06/2012.
[Pat10] US Patent N7752676, publ. 06/07/2010.
[App11] US Patent Application N20110107103, publ. 05/05/2011.
[ISO08] ISO/IEC 14888–1:2008. Information technology — Security techniques — Digital signatures with
appendix — Part 1: General, 2008.
[Baj04] J.-C. Bajard, T. Plantard. RNS bases and conversions, SPIE Annual Meeting, Advenced Signal Proc.
Alg., Architectures, and Implementation XIV. 60–69, https://www-almasty.lip6.fr/bajard/MesPublis/
Spie2004.pdf, 2004.
[Baj05] J.-C. Bajard, N. Meloni, T. Plantard. Efficient RNS bases for Cryptography IMACS’05: World
Congress: Scientific Computation, Applied Mathematics and Simulation. Paris, https://www-almasty.
lip6.fr/bajard/MesPublis/IMACS2005.pdf, 2005.
[Yan01] L.-L. Yang, L. Hanzo. Coding Theory and Performance of Redundant Residue Number System
Codes, Vehicular Technology Conference Fall. IEEE VTS 54th, https://pdfs.semanticscholar.org/e1f3/
a5e67c24b5865990af3e8ba0a54bd6a86067.pdf, 2001.
�