[Show abstract][Hide abstract] ABSTRACT: Recently, primitive sequences over are shown to have many desirable properties, which makes them of potential interest for cryptographic applications. To further support the applications of this kind of sequences, in this paper, we consider the problem whether primitive sequences generated by two distinct primitive polynomials over are pairwise distinct modulo 2. A sufficient condition is given for ensuring that the answer to this problem is positive.
[Show abstract][Hide abstract] ABSTRACT: Recently nonlinear feedback shift registers (NFSRs) have frequently been used as building blocks for designing stream ciphers. Let NFSR (g) be an m-stage NFSR with characteristic function
${g=x_{0}\oplus g_{1}(x_{1},\cdots ,x_{m-1})\oplus x_{m}}$
. Up to now there has been no known method to determine whether the family of output sequences of the NFSR (g), denoted by S(g), contains a sub-family of sequences that are exactly the output sequences of an NFSR(f) of stage n < m. This paper studies affine cases, that is, finding an affine function f such that S(f) is a subset of S(g). If S(g) contains an affine sub-family S(f) whose order n is close to m, then a large number of sequences generated by the NFSR (g) have low linear complexities. First, we give two methods to bound the maximal order of affine sub-families included in S(g). Experimental data indicate that if S(g) contains an affine sub-family of order not smaller than m/2, then the upper bound given in the paper is tight. Second, we propose two algorithms to solve affine sub-families of a given order n included in S(g), both of which aim at affine sub-families with the maximal order. Algorithm 1 is applicable when n is close to m, while the feasibility of Algorithm 2 relies on the distribution of nonlinear terms of g. In particular, if Algorithm 2 works, then its computation complexity is less than that of Algorithm 1 and it is quite efficient for a number of cases.
[Show abstract][Hide abstract] ABSTRACT: This paper studies the distinctness of modular reductions of primitive sequences over
${\mathbf{Z}/(2^{32}-1)}$
. Let f(x) be a primitive polynomial of degree n over
${\mathbf{Z}/(2^{32}-1)}$
and H a positive integer with a prime factor coprime with 232−1. Under the assumption that every element in
${\mathbf{Z}/(2^{32}-1)}$
occurs in a primitive sequence of order n over
${\mathbf{Z}/(2^{32}-1)}$
, it is proved that for two primitive sequences
${\underline{a}=(a(t))_{t\geq 0}}$
and
${\underline{b}=(b(t))_{t\geq 0}}$
generated by f(x) over
${\mathbf{Z}/(2^{32}-1), \underline{a}=\underline{b}}$
if and only if
${a\left( t\right) \equiv b\left( t\right) \bmod{H}}$
for all t ≥ 0. Furthermore, the assumption is known to be valid for n between 7 and 100, 000, the range of which is sufficient for practical applications.
[Show abstract][Hide abstract] ABSTRACT: Let n be a positive integer. An NFSR of n stages is called irreducible if the family of output sequences of any NFSR of stages less than n is not included in that of the NFSR. In this paper, we prove that the density of the irreducible NFSRs of n stages is larger than 0.39. This implies that it is expected to find an irreducible NFSR of n stages among three randomly chosen NFSRs of n stages.
IEEE Transactions on Information Theory 06/2013; 59(6):4006-4012. DOI:10.1109/TIT.2013.2247093 · 2.33 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Grain is one of eSTREAM hardware-oriented finalists. It uses a 160-bit NFSR as a primitive which is a cascade connection of an 80-bit LFSR into an 80-bit NFSR. In this paper, we study affine sub-families of the family of output sequences of this 160-bit NFSR and prove that it includes no affine sub-families of order greater than 31 or less than 28 except for an affine sub-family of order 2.
[Show abstract][Hide abstract] ABSTRACT: Nonlinear feedback shift registers (NFSRs) are widely used in stream cipher design as building blocks. In this paper, we study the problem of decomposing an NFSR into the cascade connection of an NFSR into a linear feedback shift register (LFSR), which is a kind of concatenation of an NFSR and LFSR. A necessary and sufficient condition for such decomposition is provided and other algebraic properties about such decomposition are also studied. Based on these theoretical results, a binary decision diagram (BDD)-based algorithm for such decomposition is proposed. Compared with the previous algorithm proposed by Ma et al., our algorithm can find more accurate candidate LFSR and the algebraic properties presented in this paper guarantee that the memory requirement during our verification is linear in the size of the BDD of the NFSRs characteristic function.
Journal of Complexity 04/2013; 29(2):173–181. DOI:10.1016/j.jco.2012.09.003 · 1.50 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Based on single cycle T-functions over Z/(2n)Z/(2n), two classes of pseudorandom sequences are proposed in this paper. The periods of all their coordinate sequences can reach the maximal value 2n2n, and the distribution properties and linear complexities of the sequences are also studied. For the first class of sequences, it is shown that the less significant half of the coordinate sequences are uniformly distributed over F2F2 and the exact linear complexities are also derived. For the second class of sequences, lower bounds on the linear complexities of their coordinate sequences are given.
Finite Fields and Their Applications 09/2012; 18(5):993–1012. DOI:10.1016/j.ffa.2012.05.003 · 0.93 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: This paper presents some nonrandom distribution properties of two generalized cyclotomic binary sequences of length
$2p^{m}$
constructed by Zhang et al. (Appl Algebra Eng Commun Comput 21:93–108, 2010). Using these properties we further study the
$k$
-error linear complexity and autocorrelation of these sequences. For some small values of
$k$
, the upper bounds on the
$k$
-error linear complexity are derived, which are far less than their linear complexity. Finally the bounds on the autocorrelation of these sequences are also presented. Our results show that there exist some drawbacks in application of these two sequences.
Applicable Algebra in Engineering Communication and Computing 01/2012; 23(5-6). DOI:10.1007/s00200-012-0177-5 · 0.46 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Linear complexity and k-error linear complexity are the important measures for sequences in stream ciphers. This paper discusses the asymptotic behavior
of the normalized k-error linear complexity $${L_{n,k}(\underline{s})/n}$$ of random binary sequences $${\underline{s}}$$ , which is based on one of Niederreiter’s open problems. For k = n
θ, where 0 ≤ θ ≤ 1/2 is a fixed ratio, the lower and upper bounds on accumulation points of $${L_{n,k}(\underline{s})/n}$$ are derived, which holds with probability 1. On the other hand, for any fixed k it is shown that $${\lim_{n\rightarrow\infty} L_{n,k}(\underline{s})/n = 1/2}$$ holds with probability 1. The asymptotic bounds on the expected value of normalized k-error linear complexity of binary sequences are also presented.
[Show abstract][Hide abstract] ABSTRACT: Let M be a square-free odd integer and Z/(M) the integer residue ring modulo M . This paper studies the distinctness of primitive sequences over Z/(M) modulo 2. Recently, for the case of M=pq, a product of two distinct prime numbers p and q, the problem has been almost completely solved. As for the case that M is a product of more prime numbers, the problem has been quite resistant to proof. In this paper, a partial proof is given by showing that a class of primitive sequences of order 2n'+1 over Z/(M) is distinct modulo 2, where n' is a positive integer. Besides as an independent interest, this paper also involves two distribution properties of primitive sequences over Z/(M), which are related closely to our main results.
IEEE Transactions on Information Theory 01/2012; 2012(6):3. DOI:10.1109/TIT.2012.2212694 · 2.33 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Let Z/(pq)Z/(pq) be the integer residue ring modulo pq with odd prime numbers p and q. This paper studies the distinctness problem of modulo 2 reductions of two primitive sequences over Z/(pq)Z/(pq), which has been studied by H.J. Chen and W.F. Qi in 2009. First, it is shown that almost every element in Z/(pq)Z/(pq) occurs in a primitive sequence of order n>2n>2 over Z/(pq)Z/(pq). Then based on this element distribution property of primitive sequences over Z/(pq)Z/(pq), previous results are greatly improved and the set of primitive sequences over Z/(pq)Z/(pq) that are known to be distinct modulo 2 is further enlarged.
Finite Fields and Their Applications 05/2011; 17(3):254-274. DOI:10.1016/j.ffa.2010.12.004 · 0.93 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: This paper studies the stability of the linear complexity of l-sequences. Let s̲ be an l-sequence with linear complexity attaining the maximum per(s̲)/2+1. A tight lower bound and an upper bound on minerror(s̲), i.e., the minimal value k for which the k-error linear complexity of s̲ is strictly less than its linear complexity, are given. In particular, for an l-sequence s̲ based on a prime number of the form 2r+1, where r is an odd prime number with primitive root 2, it is shown that minerror(s̲) is very close to r, which implies that this kind of l-sequences have very stable linear complexity.
Finite Fields and Their Applications 11/2010; 16(6):420-435. DOI:10.1016/j.ffa.2010.07.002 · 0.93 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Let Z/(p<sup>e</sup>) be the integer residue ring with odd prime p and integer e Â¿ 2. Any sequence a over Z/(p<sup>e</sup>) has a unique p-adic expansion a = a<sub>0</sub> + a<sub>1</sub> Â· p + Â·Â·Â· + a<sub>e-1</sub> Â· p<sup>e-1</sup>, where a<sub>i</sub> can be regarded as a sequence over Z/(p) for 0 Â¿ i Â¿ e - 1. Let f(x) be a strongly primitive polynomial over Z/(p<sup>e</sup>) and a, b be two primitive sequences generated by f(x) over Z/(p<sup>e</sup>). Assume Â¿(x<sub>0</sub>,..., x<sub>e-1</sub>) = x<sub>e-1</sub> + Â¿(x<sub>0</sub>,..., x<sub>e-2</sub>) is an e-variable function over Z/(p) with the monomial (p+1)/2 x<sub>e-2</sub> <sup>p-1</sup> ...x<sub>1</sub> <sup>p-1</sup> not pearing in the expression of Â¿(x<sub>0</sub>,x<sub>1</sub>,..., x<sub>e-2</sub>). It is shown that if there exists an s Â¿ Z/(p) such that Â¿(a<sub>0</sub>(t),..., a<sub>e-1</sub> (t)) = s if and only if Â¿(b<sub>0</sub> (t),..., b<sub>e-1</sub> (t)) = s for all nonnegative t with Â¿(i) Â¿ 0, where Â¿ is an m-sequence determined by f(x) and a<sub>0</sub>, then a = b. This implies that for compressing sequences derived from primitive sequences generated by f(x) over Z/(p<sup>e</sup>), single element distribution is unique on all positions t with Â¿(t) Â¿ 0. In particular, when Â¿(x<sub>0</sub>,x<sub>1</sub>,..., x<sub>e-2</sub>) = 0, it is a completion of the former result on the uniqueness of distribution of element 0 in highest level sequences.
IEEE Transactions on Information Theory 02/2010; 59(1-56):555 - 563. DOI:10.1109/TIT.2009.2034782 · 2.33 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Although 2 -adic complexity was proposed more than ten years ago, even for m -sequences which are thought of as the most important linear recurring sequences, no theoretical results about their 2-adic complexity has been presented. In this paper, it is shown that for a binary m-sequence, its 2-adic complexity attains the maximum, which implies that no feedback with carry shift registers (FCSRs) with connection integer less than 2 2 n -1 - 1 can generate m-sequences of order n .
IEEE Transactions on Information Theory 01/2010; 56(1):450-454. DOI:10.1109/TIT.2009.2034904 · 2.33 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: 2-Adic complexity plays an important role in cryptology. It measures the difficulty of outputting a binary sequence using
a feedback with carry shift register. This paper studies the 2-adic complexity of finite sequences by investigating the corresponding
rational complexity whose logarithm to the base 2 is just equal to the 2-adic complexity. Experiments show that the logarithm
to the base 2 of the expected values for rational complexity is a good approximation to the expected values for the 2-adic
complexity. Both a nontrivial lower bound and a nontrivial upper bound on the expected values for the rational complexity
of finite sequences are given in the paper. In particular, the lower bound is much better than the upper bound.
[Show abstract][Hide abstract] ABSTRACT: Let N be a product of distinct prime numbers and Z/(N)Z/(N) be the integer residue ring modulo N. In this paper, a primitive polynomial f(x)f(x) over Z/(N)Z/(N) such that f(x)f(x) divides xs−cxs−c for some positive integer s and some primitive element c in Z/(N)Z/(N) is called a typical primitive polynomial. Recently typical primitive polynomials over Z/(N)Z/(N) were shown to be very useful, but the existence of typical primitive polynomials has not been fully studied. In this paper, for any integer m⩾1m⩾1, a necessary and sufficient condition for the existence of typical primitive polynomials of degree m over Z/(N)Z/(N) is proved.
Finite Fields and Their Applications 12/2009; 15(6):796-807. DOI:10.1016/j.ffa.2009.08.003 · 0.93 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: Maximal length FCSR sequences, or l-sequences, are an important type of nonlinear sequences used for building stream ciphers. This paper studies the linearity
properties of l-sequences. Although it is widely accepted that l-sequences have high linear complexities close to their half periods, it is shown that for most of the l-sequences, linear relations with large statistical advantage exist.
[Show abstract][Hide abstract] ABSTRACT: A maximal length feedback with carry shift register sequence is also called an l-sequence. Although termwise exclusive ors of l-sequences are long thought to be a type of good pseudorandom sequences, few of their statistical properties have been proved yet. This paper completely determines the period of a termwise exclusive or of several l-sequences generated by FCSRs with distinct nonprime connection integers. The main result shows that either it attains the maximum or half of it and the associated sufficient conditions are also presented. Moreover, this periodicity property also holds for generalized l-sequences of the form {Aξtmodpemod2}t=0∞ where ξ is a primitive root modulo odd prime number power pe and A is an integer relatively prime to p.
Finite Fields and Their Applications 04/2009; 15(2):214-235. DOI:10.1016/j.ffa.2008.12.002 · 0.93 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: In this note it is shown that if the connection integers of two maximal length FCSR sequences have a common prime factor,
then any crosscorrelation between them can be converted into some autocorrelation of the sequence with smaller period.