on nonlinear feedback shift registers with short periods
TRANSCRIPT
~ol. 4 No. 3 ACTA MATHEMATICAE APPLIO/ITAE SINICA Aug., 1988
ON NONLINEAR FEEDBACK SHIFT REGISTERS WITH SHORT PERIODS
DAI ZONGDUO (~..~) (Grad~ ~choo~ of U~T~, Academia ~iniva)
C ~ W ~ (~,~ : ~ ) (Ina~tute of ~ystems ~cieme, Acadzraia ~iniea)
Abstract
Motivated by certain cryptological prob]ems, some specific properties of two classes of feedback ~hif~ registers with short periods are discussed in this paper.
§ 1. Introduction
Let F~ be the b ina ry field. I t is weLl-known that any mapping from ~ ({s =- (ao. al, ..', a ,_l) layOFf}) to F~ can be uniquely represented b y a polynomial f (x~ ~ , ..., z ,_l )EF[Xo, ~1, -.-, ~,-~] with deg,,f(xo, xl, " ' , x , _ l ) ~ 1 . We denote the feedback shift register with feedback funct ion v,--f(~o, xl, -'., x._l) by FSR ( x , - - f ) . The complete set of states of FSR (x~ = f ) is ~ , and the state t ransform T t of FSR(x~ = f ) acts on F~ in the following manner ,
T,(ao, al, "., a~_z)= (al, a2, ..., a~_l, f(ao, az, ..., an_z)).
The state graph G(x~=f ) of F S R ( x , = f ) is a subgraph of the de Brui jn-Good graph ( [1] ) with vertex set F~ and edges s ~-+ TI (s). s E F~. For any s = (ao, a~, -.-, a,_~) C F~, the b ina ry sequence
~ = (ao, a~, ..., ~,, . . . ) , a, E F ,
where a t = f (at_,, at-.+1, .-., at-l), ~>~n, is called the sequence generated by FSR ($~--f) with ini t ia l state s. Pu t
s , = (at, at+l, "", a t+ . -1) , t>~O,
obviously, st+~=Tt(st), t~>0. I t is we l l -known that there exists a nonnegat ive integer b and a positive integer T such that
S~q~sj, ~ j , 0<~, j < T + b , S~+bfSb.
We see ]5~a = (ab, ab+l, "', ab+t, "") iS a periodic sequence. Now the ver tex s de~ermines a subgraph
{ s = So--~sl . . . . . s~---" Sb+~ . . . . S~+b = S~}
in G ( x = f ) . We call B = (So-~S~ . . . . . s~} a b ranch of G ( x ~ f f ) de termined b y s, and b, wri t ten as B Z ( s ) , the length of B; G-=(S,--'Sb+~ . . . . . S~+,=S,} a cycle in
Received May 29, 1985.
194 AC~A MATHEMATICAE APPLICATAE SINICA Vol. 4
G(z . f f i f ) , and T, wr i t ten as C/L(s), the l eng th of O. I t is wel l -known that each connected component of G ( ~ . f f ) is a cycle with some branches. We call s an end ver tex in G(~. = f ) if there does not exist a ver~ex s ' in G ( z . = f ) such that s '-~s is. a n edge in 6~(~.=f) ; we call s a b ranch ver tex in G ( z . = f ) ff there exis* twc~ vex~ees s~ mad s~ in 6~ (x. = f ) such tha t sc-~s (~ = 1, 2) a re both edges in G (~, = f ) . I t is easy ~o see tha t (~, a~, ..., a.) is an end ver tex in G ( ~ = f ) if and only if (a~, ~ , ---, 1+~ . ) is a b ranch vertex in G ( ~ . = f ) . Thus the number of end vertices i n the s~ate graph 6~(z.ffif) is equal to the n u m b e r of b ranch vertices.
I n this paper, we shall dwell on iwo classes of feedback shift registers wi th feedback functions
f (z~ zl, "", t r ~ _ l ) = z . . z , . . . . . . zt=g (Zo, x~, . . . , z ._z) and f(z~ ~i, "", z._~) = (I+~o)" (l+zo) ..... (i+z.o)
respectively. Mofivated by certain oryptologie~l problems, we shall consider in the sequel some specific properties of 6~(z .=f) such as cycle lengths, b ranch lengths, condit ions for a ver tex to be an end one, and some other issues.
§ 2. T h e F S R w i t h x , = m ~ . x i , . . . . . m = g (xo, x i , . . . , x , - , )
---, ( i ) whore O < Q < i ~ < - . . < ~ < ~ , and
d = g ~ ( ~ - - ~ , ---, ~ - -4 , ) . (2)
Let L(z.ff) f{a]ais a periodic sequence generated by FSR(z.=f)}. For any in teger 4, let <~> be the unique integer satisfying 0<<~><d, and <~>------4 (rood d).
T h e o r e m l . L e t f be as in (1), d=gcd(~ - -Q , ..., ---4m) and s be a ver tex in G ( ~ . = f ) . Then
2) C L (s) is a divisor of d. 3) I f one wri*es h(~o, ~1, "", za_l)--g(z<_~>, ~<-t,+1>, "", $<-~,+.-z>), then L ( ~ . =
f) = =
4) All *he sequences generated by FSR(z.==f) are periodic if and only i f f =~o. Proof . Let a = (ao, al, ".., at, -.-) be *he sequence generated by F S R ( z . = f )
and st = (at, at+l, -'., a~+~_l). By definition we have
a~+,,+~..~) = a~+, = a~+~-a~+,,.--a~+~q(a~, a~+~, .. . , ~+._~), ~>0. Therefore i f a~=0, ] > ~ , l ~ k < ~ , then
a~+<._,.)=O, j>~, I<~<~. (8) Noticing tha t
s,: --., a,+._i),
s~+¢._,.):. (a~+(..~.), a~+(._,,)+~, ..., a~+(._,.)+._~), a n d (3), we oonclude
NO. 3 NONLINEAR FEEDBACK SHIFT REGISTERS 195
where co(st) = ~{ j l a~=x , ~<y<~+~}. Thus
v(s~) =w(ss.(._,,)) <=>sj--s~.(._,,~, j > ~ , l < k < m . (5)
Now we claim that there exists ~(<~) such Chat
s~,+t(,-,~) = S,~+(l+~)(,-~,). (6 )
In fact, were it not so, then we would have
s,,+~(._,.) ~s,,+(a+~)~,_,,), 0 ~ j ~ n .
So we have by (4) and (5)
w (s,,) > w (s~,+(._,,~) > . . . > ~ (s,.+(~+.)(._,,)) > O,
hence w(s~ , )~ l+n , a contradiction. Now from (6) it follows that
s~.+c~+.)(._~.)---s~.+.(._~.), l ~ k ~ m .
Applying to both sides suitable powers of T1, we have
s~.(._,,~fs~, j > ~ + ~ ( ~ _ ~ ) > ~ 2 _ ( ~ - I ) ~ . . (7)
Now 1) and 2) follow directly from (7). For 3) we only need to show chat for any binary sequence a with period
dividing d, a belongs to L ( x , = f ) if and only if a belongs to L(x~=xoh). Now let a=(ao, a~, ..., at, ...), and for convenience set a~=a<o, V~<0. It suffices ¢o show that for any integer ~, if t , '~ t - -n (mod g), then
a~+~ = a,,+., (S)
a t = a t , +~, • a t , +~, • . . . . a t , + ~., , (9 )
h(a~, at+~, ..., at+~_~)=g(at,, at,+~, " ' , at,+,_:~). (10)
In face (8) and (9) follow easily from t+d=---$'-i-~ (nod d), ~-----t'+~,~ (nod d) and per aid. Furchermore, noticing that if we set x~=a~+t, 0 < j < g , then
x<_~+~>=a<_~+~)+,=a_~,+~+,=a~+,,, O<j<n .
NOW we have
h(a,, a~+~, ..., a~+~_~)= h(zo, ~ , ..., z~-~) I=,=~,+,
= g (z<_,,), z<_.+i) , "", z<_~,+._~)) I =,-,,.,=~÷~
=g(at,, at,+z, "", at,+,-i).
And (10) follows easily. For 4) only the necessity needs a proof. We have dim~, L ( x , = f ) = n by the
assumption. We also know dim~, L(xa=xoh) <d. By 3), we have /~ (~ ,= f ) = L (xa = x~h), so we conclude that n<d. Thus n=d . By the definition of d, we see i,~=O, so f=xog(xo, xz, ..., x,_~). By Theorem 2 in [1, p. 41], we see chat there exists a polynomial
/~(~, z=, ..-, z ._~ )EF [~ , ~ , - " , z._1] such that
Se t xo = 0, w e g e t
~g(xo, ~ , ..., ~ ,_1)=zo+k(~ , ~2, "--, x._0.
l~(~1, z=, ..., z ._l)--o, zog(zo, z~, ..., z._~)=zo.
196 ACTA MATHEMATICAE APPLICATAE SLNICA Vol. 4
Set ~o = 1, we get
~inoe we have
So
g(1, ~ , ..., ~ - 0 = l . de~,, zog(zo, z~, ..., z , -D <1,
dog,.g(Xo, ~ , ..., x ._~)=0.
g(~o, ~, --., ,~.-0 =g (1 , ,~, -.., x._:O =I, T h u s we ge~f--¢og(xo, ~ , .--, ¢,-1) =xo. |
Now T h e o r e m 3 in [1, p. 80] is an immeclia%e consequence of Theorem 1 here. I t is wor thwhi le %o restate tha~ the f~heorem is i n the form of the fol lowing corol lary and we give a s impler proof for i t here.
C o r o l l a r y ([1] p. 8 0 ) . Let
f(zo~ xz, "", x,-1)=xox~g(Xo, ~z, "", x,-x), where l ~ < n , and (k, ~ ) = 1 . T h e n
{0}, if g(1, 1, ---, 1) = O,
L ( ~ , = f ) = {0, 1}, if g(1, 1,--., 1)----1,
where O= (0, O, -.., O, . . .), 1== (1, 1, ---, 1, --.). Pc'eel. Since f is of the form (1), we can apply Theorem 1. Here we have
~-- (~, ~ - k ) --1, and
• ~(~o) =~og(~o, ~o, .- , ~o)=xog(1, 1, . . , 1) . By T h e o re m 1, We have
L ( z , = f ) == B(~o=~oh(~o))=/~(~o----~og(1, 1, ..-, 1)) .
T h u s
= ~ ~ ( ~ = O) = {O}, i f g (1 , 1, ..., 1) = O,
.T_,(x,,=f) L / - - ' ( x = x ) = { 0, 1}, f i g ( l , 1, ..., 1 )=1 .
T h e o r e m 9. Let f = x , , . x , . . . . . . x,. , 0<,/,:t<~;:~<..-/--.4,,.<~, and let s = (al, aa, ..., ~,) be a ver tex in G ( x , = f ) : T h e n
1) I f ix>0, t h e n s is a b ranch ver tex if and on ly if
(a~, a,., ..., a,.)= (I, 1, ..-, i), a,--X, or
(~,,, a,,, --., a,,.)q= (1, 1, .--, 1), ~,,=0.
A n d the n u m b e r of b ranch vertices is 2 "-z. I f tz = 0, ~hen s is a b r anch ver tex i f and on ly if
(~,,, ~,,, . . , ~)= (~, ~, .. . , ~), ~ . - o .
A n d the n u m b e r of b r anch vertices is 2 ~-~. 2) n L ( s ) < ( ~ - ~ + l ) S + l + ~ . Proof. 1) I t is easy to see ~ha~ (a~, a~, ..., a,) is a b ranch ver tex i f an d on ly
t f f ( ~ , ~ , -.-, ~,_z)=~,. Now ff ~ > 0 , we have
f(m, ~ , "", a ~ z ) = { 1, i f (~,, ~,, ..., a~.).= (1, 1, ..., 1), o, if (~,, ~ , . . . . , ~ ÷ (1, i, ..., i),
if ,/,~=0, we have
No. 3 NONLINEAR FEEDBACK SHIFT REGISTERS 197
= ~ ~, i f (a,,, ~,,, ..., a , . ) = (1, 1, -.., 1), $(~, a..-1) al, lmm~
l 0, if (a,,, a,,, ..., a,.)÷ (1, 1, -.., 1) .
Thus 1) follows immediately. 2) I~ is evident i f ~ . = 0 . So we may assume ~.~>~1. Let so= (ao, a~, ---, a._x),
a = (ao, al, ---, a,, .-.) be the sequence generated by FSG (z, =f) and s~ = (~t, a~+~, ..., a~+,_~). As in the proof of Theorem 1, we have
Now we claim %hat there exists ~ (<~- -1 ) such that
S~.+~(._~., = S~+<I+~X._ ~ , ( 1 1 )
I n fao%, were i% no% so, we would have
By (4) and (5), we have
w(s~+~(._~,)) >w(s,A+(~+~)(._,.)), 0 < j < ~ - I. (13)
I t fol]ows that w(s~)>~n, so s,~= (1, 1, ..., 1). But by (13) and x.=z..x~,. .... x~.,, we have S~fS,., j>~i.~, in contradiction to (12).
lqow from (11), we have
So we have
~ ( s ) < ( ~ - 1 p + 1 . (~) Furthermore, let ~'.= ~ - Q, ~ = 4~-- Q, f ' = z~. z~ . . . . . ~ . For any ver tex s = (ao, a;, --., ~._~) in ~ ( z . = / ) , 8'--(a,,, a,.+x, -.-, a._~) is vertex in G ( z . , = / ' ) . I t is not di~ficu]% to see that
BL(s) < 4 ~ + B n ( s ' ) .
And b y (14), we get
Thus
~/~ (s') < ( ~ ' - 1) ~ +1 .
B L ( s ) < I + Q + ( ~ - Q - 1 ) ~. I
T h e o r e m 3. Letf=z~. z,, ..- ~ . , 0 < Q < ~ < . . . < ~ < ~ , and let d be as in (2). Let a ffi (ao, al, ".-, at, ...) be the sequence generated by FSG(~,ffif) . I f Lba is a periodic sequence, then
at= I I ~j, ~ b. t ,~ j <n , i~ t (mod ~t)
P¢oof. I t suffices %o show tha t for any in teger ~(~b), the following ~wo proposit ions (A) and (B) are mutua l ly equivalent :
(A) There exists an integer j such t h a t
Q<j< :~ , j - - t ( m o d d ) , ~5=0.
(B) There exists an integer ] ' such that
b<j', j '--~ (rood d), a~,=O.
Now ff (A) is %rue, i.e. %here exists an in teger j such that a j=0 , Q < ] < ~ , ] ~
198 ACTA MATHEMATICAE APPLICATAE SINICA Vol. 4
(mod ~), then as in the proof of Theorem 1, we have ~+~,_~=0, 4>0 . Taking ~ '==~+~' (~--~)~5, we have j'=--j (mod d). By Theorem 1, per L~a]d, we get ~ , = a~==O. On the other hand, i f (B) is true, i.e. i f there exists an integer j>b such that a~,=O, j--t (rood d), we see from per L~ald that a~,+~=0, 4>0, so we may assume without loss of general i ty that j'~>4z. I t suffices to show that i f j ' ;~n, then there exis~ an in~er j" such that at,=0, ~1~j"<j, j"----~ (rood d). By
0:~,----- ~ ~,_.+~,
~here exists ~(I<~<~) suoh that ~,_.+~,=0. Thus ]" =]'--~+~ is a suitable one and we are done. |
R e m a r k . Fa can be regarded as a Boolean algebra and we have
l+al a= -.. a== (l+m) V (l+a=) V'"V (l+a=), a, EF.
Now we consider a new kind of feedback funct ions f rom ~ to F~:
fz(~'o, zl, ---, z.-z) =z~=Vz,,V-"Vz,=Vgz(zo, m,_, -.., z._z)
with 0~4z<4=<...<~=<~, gz(Zo, zz, ..., z._z) being a funct ion from 2~ to F~. Let
g(l+zo, I+~, .-., l+z._z)=l+gz(zo, ~I, ---, z,_z),
and
~= ( l+ao, 1 + ~ , - - . , l + m , -..).
Then it is not difficult to see that ~ is generated b y the FSR(~ , - - jq ) i f and only if is generated by the F S R ( ~ , = ~ ~,- . . z~.'g(~o, ~z, "", ~,-z)). Thus the above three
theorems on feedback shift registers with
• ,=z~ ~ , -.. ~ , . g ( ~ , ~:L, " " , ~.-z)
can be easily carried over to feedback shift registers with
• .=~V~, ,V ' - 'V~, .Vg~(~o , ~ , "-, ~.-D.
m
§ 3. T h e FSR w i t h x , = ~ (1+ xlc) i=0
¢n
T h e o r e m 4. Letf~H (1+¢~), 0 < ~ o < ~ , and let s be a ver~x in O ( = , = f ) .
Then i) BL(,) <2~ ~ - (~-I)~. 2) BL(s) is a divisor of 2~- -~m Broof. Let s = (=o, ~%, ---, ~.-I), and let
== ( ~ m, -", m, -")
be @he sequence generated by the FSR(z.=f) wi~ i~i~!~] s~ate S. Let ~==2~--¢r~o. For any k > ~ o , i f ~ = 1 , we e ]~m
=~+~=i. (i5) In fact, for any ], 0 ~ ] ~ m , we have
No. S NONLINEAR FEEDBACK SHIFT REGISTERS 199
m
~.+~_jc=rl (l+a~_~+~)=(l+a~) iv[ (l+~_i~+~)=o, i=O O,~i~; m
~+~--~+2.-~o=~.+~.+~-~= II (1+~.+~_.o+~)= II (i+~.+~_~)=I.
This proves (15). Le~ s, = (~,, ~+1, "", ~,+,-1), ~>0. F o r any ~ o , we have b y (15)
~(s~) <~(s~+,). (16) W e claim that there exists Z ( ~ ) such that
s~o+m = s.o+(l+l)~. ( 1 7 )
Otherwise, we would have smc+j~s~+(l+j)~, 0 ~ , ~ . By (16) we have
so ~(s~+(.+~)~)>~l+~, a contradiction. Now from (17), we have s#+~=s~, j~o+ v~=2~ ~- (~--l)~c, and this proves Theorem 4. |
R e f e r e n c e s [ 1 ] Wan Zhexian, Dai Zongduo, Liu Mulan, l%ng Xuning, Non]inear Shift RegesLer Sequencesj Science
Press, Beijing, 1978. (in Chine~) [ 2 ] Go]omb, S. W., Shift Register Sequences, San Francisco, CA, Holden Day, 1967. [ 3 ] I)ing Shisun, Linear Shift Re~4ster Sequences, Science P~essp Beijing, 1982. (in Chinese)