IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO.

3, MARCH 2005

where  01

2C

X ;X

. By Lemma 3, item 2

( ) =

01

=0

(e

0 k 0 h 0 i; l 0 k) =

Similarly, we construct X1 as follows:

01

=0

(i; l

0 k)

which equals f by Lemma 3, item 4.

So we have constructed a family of FH sequences with autocorrelation f 0 1 and cross correlation f . We check the conditions under
which it is an optimal pair of FH sequences.
Lemma 6: Let X and Y be two FH sequences of length

p = ef + 1 = (e + 1)(f 0 1) + e 0 f + 2
with frequency set size e+1 and f  2. If e  3f , then H (X; Y )  f .
Proof: According to Theorem 3, the occurrences of symbols in
should be

X and Y

0f +2

f f
f

01

X1 = (1; 1; 2; 3; 3; 0; 4; 9; 4; 5; 1; 7; 5; 0; 10; 2; 5; 8; 6; 0;
2; 11; 8; 4; 6; 11; 1; 7; 11; 10; 3; 10; 6; 9; 9; 8; 7):
It is easy to check that H (X0 ) = H (X1 ) = 2 and then both are
optimal (37; 13; 2)-FH sequences. Also, H (X0 ; X1 ) = 3, and X0 and
X1 are an optimal pair. If we construct all X for 0  i  11, we have
i

an optimal family of 12 FH sequences.

Cyclotomic techniques are of use to construct optimal FH sequences
and optimal FH families. The constructions in this correspondence only
use arithmetic over p and only depend on the factorization of p 0 1.
The input for all the constructions consist of a prime and a primitive element. The simplicity of this technique makes it attractive for practical
use.

 111  f  f 0 1  111  f 0 1

REFERENCES

0f +2

01

f 0 1  111  f 0 1  f  f  111  f :
With some algebraic calculation, we have

H (X; Y )  f 0 3f

2 + 2ef 0 7f + 4
3ef + 1

ef 07f +4
When e  3f and f  2, the fraction 3f +2
is a positive
3ef +1
number smaller than 1. Since H (X; Y ) is an integer, the conclusion
follows.

1141

Theorem 4: Let p = ef + 1 be an odd prime with e  3f and

 2. Then there exists a family F of (p; e + 1; f 0 1)-FH sequences

[1] Specication of the Bluetooth SystemsCore. The Bluetooth Special

Interest Group. [Online]. Available: http://www.bluetooth.com/
[2] R. Fuji-Hara, Y. Miao, and M. Mishima, Optimal frequency hopping
sequences: A combinatorial approach, IEEE Trans. Inf. Theory, to be
published.
[3] A. Lempel and H. Greenberger, Families of sequences with optimal
correlation properties, IEEE Trans. Inf. Theory, vol. IT-20, no. 1, pp.
9094, Jan. 1974.
[4] R. A. Scholtz, The spread spectrum concept, IEEE Trans. Commun.,
vol. COM-25, no. 8, pp. 748755, Aug. 1977.
[5] T. Storer, Cyclotomy and Difference Sets. Chicago, IL: Markham,
1967.

satisfying the following optimality properties.

1) Each FH sequence in F is optimal.
2) Each pair of distinct FH sequences in F is an optimal pair.
3) F is an optimal family with jFj = e.
Proof: Let F = fXk j 0  k  e 0 1g, where Xk is constructed
by Lemma 5. The conclusion follows from Lemma 6.
V. EXAMPLES AND CONCLUSION
To conclude, we give examples to illustrate the constructions.
Example 1: Let p = 19 and  = 2 be a primitive element of
GF (19). The cyclotomic classes are

C0
C1
C2
C3
C4
C5

f1;
f2;
f4;
f8;
f16;
f13;

=
=
=
=
=
=

7;

14;
9;

18;
17;
15;

g
g
6g
12g
5g
10g:
11
3

0 1) + e 0 f + 2 = 7 3 2 + 5

Now let us construct an optimal family of FH sequences following

Theorem 4.

= 37,

= 12,

and

= 3.

AbstractDavis and Jedwabs construction of Golay sequences as Reed

Muller codewords was believed to generate possibly all Golay sequences
of length 2 . From exhaustive search, 1024 quaternary ( = 2)
over
Golay sequences of length 16 (
= 4) are found which are not within
Davis and Jedwabs construction. A table of 16 characteristic sequences is
presented from which all 1024 Golay sequences can be reconstructed. The
pairing information and the PAPRs of associated OFDM signals are given.

I. INTRODUCTION

and following Corollary 3, we have an optimal (19; 7; 2)-FH

(1011242032503515443).

Example 2: Let
follows:

Ying Li, Member, IEEE, and Wen Bin Chu

Index TermsGolay Sequence, OFDM, PAPR.

According to Corollary 2, taking 19 = ef + 1 = 6 1 3 + 1, we

construct an optimal (19; 6; 3)-FH X = (0011242032503515443).
Taking
19 = (e + 1)(f

More Golay Sequences

Construct

X0

as

X0 = (1; 0; 1; 2; 2; 11; 3; 8; 3; 4; 0; 6; 4; 11; 9; 1; 4; 7; 5; 11;

1; 10; 7; 3; 5; 10; 0; 6; 10; 9; 2; 9; 5; 8; 8; 7; 6):

Golay sequences [1] have found many applications in communications, including peak power control for orthogonal frequency-division
multiplexing (OFDM) signals, channel estimation, and complementary code code-division multiple access (CDMA). Davis and Jedwab
[2], [3] discovered an important link between Golay sequences and
ReedMuller codes. Their method of generating binary and nonbinary
Golay sequences is known as the GDJ construction [4]. Altogether
Manuscript received May 1, 2004; revised November 30, 2004. This work
was supported in part by the R. O. C. National Science Council under Grant
NSC-92-2219-E-155-003.
The authors are with the Communications Engineering Department, Yuan Ze
University, Chungli, Taoyuan 320, Taiwan, R.O.C. (e-mail: eeyli@saturn.yzu.
edu.tw).
Communicated by K. G. Paterson, Associate Editor for Sequences.
Digital Object Identier 10.1109/TIT.2004.842775

0018-9448/$20.00 2005 IEEE

1142

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO. 3, MARCH 2005

2h(m+1) 1 m!=2 Golay sequences over Z2 of length 2m can be generated from the GDJ construction as second-order ReedMuller codewords. These sequences belong to m!=2 nonzero cosets (known as
Golay cosets) of the rst-order ReedMuller codes, each containing
2h(m+1) codewords that are proved to be Golay sequences. Golay se-

quences constructed this way are referred to as GDJ sequences [4]. It

was believed that the GDJ construction possibly generates all Golay sequences of length m over Z2 and no other Golay sequences of length
m exist [2], [3].
From exhaustive search, we found 1024 additional Golay sequences
m
over Z4 h
that cannot be generated from
of length
the GDJ construction. For this length and alphabet there are =
Golay cosets in the GDJ construction, each containing 2(5)
codewords. Although the number of non-GDJ Golay sequences equals
the size of a Golay coset, these sequences do not form any coset of
the rst-order ReedMuller code and do not form an afne code themselves. These new found Golay sequences are presented in a lookup
table through 16 characteristic dd-sequences. The 16 characteristic
dd-sequences, to be introduced later, can be used to reconstruct the
1024 non-GDJ Golay sequences.

16 ( = 4)

( = 2)

4! 2 = 12
2 = 1024

II. GOLAY SEQUENCE, OFDM SIGNAL, AND PAPR

= (

= exp(2

...

1 )

( )=

s t

= +1
1

n01
i=0

a (t)+Hf t

(1)

f
i f is the frequency of the ith subcarrier, f is the
where fi
carrier frequency, f is the inverse of the OFDM symbol time period,
and ai t takes on constant value ai over a symbol period.
The aperiodic autocorrelation function of a at displacement u is

()

( )=

Ca u

n0u01
i=0

a 0a

(2)

By denition, two sequences

a

= (a0 ; a1 ; . . . ; an01 ) and b = (b0 ; b1 ; . . . ; bn01);

a i ; bi

2 ZH

form a Golay complementary pair if the sum of their aperiodic autocorrelation functions is the impulse function, i.e.,

( ) + Cb (u) = 0;

Ca u

=(

( )=n+

Pa t

= 0:

for each u 6

...

u6=0 Ca (u)

0Hu1ft :

(4)

( ) + Cb (u) = 0 for each u 6= 0,

When a, b form a Golay pair, Ca u

we have

( ) + Pb (t) = 2n;

8 t:

Pa t

(5)

() ()

Since the instantaneous envelope powers Pa t , Pb t are real and

nonnegative, this means

( )  2n;

Pa t

( )  2n;

8 t:

Pb t

(6)

This property makes Golay sequences suitable as codewords for

PAPR reduction codes of OFDM signals. The PAPR of an OFDM
time signal is dened as

( ) = max
t Pa (t)=E (Pa (t)):

PAPR a

( ( )) = n;

(7)

(3)

Any sequence that is a member of a Golay complementary pair is

called a Golay sequence.
In general, one cannot examine a sequence and decide whether or
not it is a Golay sequence. The other sequence that forms a pair with
it must also be present for the verication. In an exhaustive search of
Golay sequences, this requires checking for each sequence all other
sequences to see whether a pair can be formed, and is time consuming.
A necessary condition for Golay sequence that can be veried by
examining one sequence alone is the OFDM peak power property. As
shown by Popovic [7], the peak envelope power of an OFDM signal

8 a:

E Pa t

(8)

Therefore, the PAPR for an OFDM signal when the codeword a is a

Golay sequence would be limited to (i.e., 3 dB).

...

For PSK OFDM signals

Golay sequences can be used as codewords for OFDM signals to

control the peak-to-average-power ratio (PAPR) [2][6]. The relation
between Golay sequences and OFDM signals PAPR turns out to be
useful in the exhaustive search of Golay sequences. The review below
mainly follows Davis and Jedwab [2], [3].
a0 ; a1 ;
an01 over ZH
Z2
Consider a sequence a
m . Such a sequence is referred to as the codewith length n
word of a phase-shift keying (PSK) OFDM signal that is modulated
; a
, where
by the sequence
of H -PSK symbols  a ;  a ;
p

 0 =H is a complex H th root of unity.
The OFDM time signal is the real part of the complex envelope

=2

using a Golay sequence of length n as the codeword cannot be more

than n [7]. The instantaneous envelope power of the OFDM signal
corresponding to sequence a
a0 ; a 1 ;
; an01 can be shown to
be

III. EXHAUSTIVE SEARCH RESULT

An exhaustive search for Golay sequences was conducted over all
m over ZH Z2 using the corresponding
sequences of length n
OFDM PAPR property. We look for binary Golay sequences up to
and quaternary Golay sequences up to length . The search
length
consists of the following steps for each alphabet size and sequence
length.
Step 1 Find all low PAPR OFDM Signals.
Compute the PAPRs for all OFDM signals. Find those signals with PAPRs of no more than , i.e., with peak power of
no more than n. These are the low-PAPR OFDM signals
whose codewords are candidates for Golay sequences.
Step 2 Find All Golay Sequences.
Compute the autocorrelation functions for the codeword sequences of all low-PAPR OFDM signals. Add each autocorrelation function to each of all the other autocorrelation
functions of low-PAPR OFDM signals to see if the sum is
an impulse function. If so, the corresponding codeword is
a Golay sequence.
Step 3 Find Non-GDJ Golay Sequences.
Compare the number of all Golay sequences found in Step 2
to the number of all GDJ sequences, h(m+1) 1 m = . If the
numbers do not agree, eliminate GDJ sequences from the
set of all Golay sequences to obtain the non-GDJ Golay
sequences.
and
Our search results for binary Golay sequences of length up to
for quaternary Golay sequences of length up to conrm that all Golay
sequences are GDJ sequences for these parameters. This agrees with
the previous report in [6] that Stinchcombes exhaustive search of bim
results only in
nary Golay sequences of length up to
m
quaternary alphabet
GDJ sequences. However, for length
h
there are 13 312 Golay sequences, whereas the number of GDJ
sequences is

=2

32

16

( = 2)

!2

32

64 ( = 6)
16 ( = 4)

2h(m+1) 1 m!=2 = 22(4+1) 1 4!=2 = (1024)(12) = 12288

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO. 3, MARCH 2005

We found 1024 more Golay sequences that cannot be generated from

the GDJ construction.
These additional Golay sequences do not have the structure of an
afne code, and thus will be listed in a table. The table size can be
reduced using PAPR equivalence relations through the concept of the
characteristic dd-sequence as introduced in the following.

1143

TABLE I
CHARACTERISTIC dd-SEQUENCES OF 1024 LENGTH 16 NON-GDJ
QUATERNARY GOLAY SEQUENCES

Denition: The d-Sequence, the dd-Sequence: From a codeword sequence a = (a0 ; a1 ; . . . an01 ) where ai 2 ZH , one can obtain its difference sequence (d-sequence) and double difference sequence (dd-sequence) by taking the difference of neighboring terms as follows:

a = (d0a; d1a ; . . . ; dna 02 )

dd

= (a1 0 a0 ; a2 0 a1 ; . . . ; an01 0 an02 )

a = (dd0a ; . . . ; ddna 03 ) = (d1a 0 d0a ; . . . ; dna 02 0 dna 03 )

where dia , ddia

2 H.
Z

The sequence a = (a0 ; a1 ; . . . an01 ) can be reconstructed from

a 03 ) given two initial values
its dd-sequence dda = (dd0a ; . . . ; ddn
a
(a0 ; d0 ) in a two-step procedure of summations

a = (d0a ; d0a + dd0a ; d0a + dd0a + dd1a ; . . .)

a a a
a
= (d0 ; d1 ; d2 ; . . . ; dn02 )
a
a a
a = (a0 ; a0 + d0 ; a0 + d0 + d1 ; . . .)

= ( a0 ; a 1 ; a 2 ; . . . ; a

n01 ):

There are H 2 different codeword sequences with the same dd-sequence but different initial value combinations (a0 ; da ). The collection
of all codeword sequences can be partitioned into H n02 disjoint sets
of size H 2 , each set corresponding to a particular dd-sequence.
The equivalence of PAPR for codeword variations such as reversal,
adding a constant sequence, or adding a linear sequence has been discussed before [8]. We propose another way to describe these PAPR
equivalence properties through dd-sequences. Any two codewords a,
b whose dd-sequences are equal, or are related by reversal, complement, or reversal plus complement will have the same PAPR. These
relations of dd-sequences can be translated into relations between the
instantaneous envelope power waveforms Pa (t), Pb (t) including time
translation and/or time reversal. None of these variations will change
the PAPR. The proofs and other related results will be given in a forthcoming paper.
Denition: The Characteristic dd-Sequence: Among a dd-sequence
and all its PAPR equivalent reversal and/or complement variations,
take the lexicographically rst dd-sequence as the characteristic dd-sequence.
The PAPR equivalence relations can be summarized into the following property.
The PAPR Equivalence Property: Any two codewords a, b with the
same characteristic dd-sequence will have the same PAPR.
For example, the four quaternary (H = 4) dd-sequences [0; 1],
are related to each other by reversal and/or complement. The characteristic dd-sequence is taken to be [0; 1]. There are
16 codeword sequences associated with each of the four dd-sequences
differing by the initial values (a0 ; d0a ). Altogether 16 3 4 = 64 codeword sequences have characteristic dd-sequence [0; 1] and the same
PAPR = 3:3087 when used for quaternary phase-shift keying (QPSK)
OFDM signals with four subcarriers.
In general, given a quaternary (H = 4) characteristic dd-sequence
of any length, one, two, or four different dd-sequences can be created by reversal and/or complement variations (including the original
one), and exactly 16 different codeword sequences can be reconstructed
[1; 0], [0; 3], [3; 0]

from each of the dd-sequences. The number of quaternary codeword sequences with the same characteristic dd-sequence is thus 16, 32, or 64
for sequences of any length n = 2m . The size of the exhaustive search
can be reduced to between 1=H 2 and 1=(4H 2 ) of the original size if
the search is conducted over all dd-sequences or over all characteristic
dd-sequences.
The 1024 non-GDJ Golay sequences can now be presented in
Table I through 16 characteristic dd-sequences. Each characteristic
dd-sequence in the table corresponds to four different dd-sequences
with reversal/complement variations. For example, characteristic
ddsequence number 2 is associated with the following dd-sequences:
Original
Reversal
Complement
Reversal plus complement

[01200300030001]
[10003000300210]
[03200100010003]
[30001000100230].

Each dd-sequence corresponds to 16 codeword sequences given

all combinations of initial values (a0 ; d0a ). Each characteristic dd-sequence in Table I thus corresponds to 4 3 16 = 64 codewords with
the same PAPR. Altogether there are 16 3 64 = 1024 codewords
associated with the 16 characteristic dd-sequences in Table I. The
PAPRs are computed using 16 times oversampling.
Table I also contains a possible Golay pair for each characteristic
dd-sequence. Although the PAPR is invariant for all codewords with the
same characteristic dd-sequence, the autocorrelation function and thus
the Golay pairing information depends on the d-sequence, or equivalently the dd-sequence and the initial value d0 . When describing a
Golay pair, we specify for each sequence in the pair its characteristic
dd-sequence number, whether or not reversal (r), complement (c) is performed, and the d0 value. Each pair in the table associates four codewords with four pairing codewords, and can be extended into eight to
eight codeword pair since reversing and complementing a codeword
does not change its autocorrelation function. Half of the Golay pairs
in Table I are formed by sequences with the same characteristic dd-sequence. Sequences a, b with the same characteristic dd-sequence have

1144

Fig. 1.

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO. 3, MARCH 2005

OFDM power for two quaternary non-GDJ Golay sequences a = [0002002021102330] and b = [0002002003320112].

the same autocorrelation magnitude function jCa (u)j = jCb (u)j, 8 u.

This is a necessary but not sufcient condition for a, b to form a Golay
pair.
Example 1: Characteristic dd-sequence number 1
possible Golay pair 1(d0 = 0); 1(d0 = 2):
Any sequence with dda = [01112113211301] and d0a = 0 will
form a Golay pair with any sequence having the same dd-sequence,
b = dda , and db = 2. For example, if we take the initial values
dd
0
a0 = b0 = 0, a Golay pair will be formed by the following codeword
sequences:
a

= [0001323102231231]

= [0203303300211033]:

All codewords with characteristic dd-sequence number 14 and

1316 form Golay pairs with codewords that have the same characteristic dd-sequence. If a pair is formed for the same dd-sequence
b
a
a
b
(dd = dd ) and d0 = 0, d0 = 2, then with that same dd-sequence
a
a
d0 = 1, d0 = 3 must form a pair as well.
Example 2: Characteristic dd-sequence number 5
possible Golay pair 5(d0 = 0); 8c(d0 = 0):
Any sequence with dd-sequence number 5 and d0a = 0 will form a
Golay pair with any sequence whose dd-sequence is the complement
of dd-sequence number 8 and d0b = 0. This means that for
dd

= [02022001133331];

dd

= [02022023133331]

a = db = 0 and any combination of a ; b values, the codewords a,

0 0
0

d0

b will form a Golay pair. For example, let a0 = b0 = 0, then a, b as

shown below form a Golay pair
a

= [0002002021102330];

PAPR(a) = 1:9619

= [0002002003320112];

PAPR(b) = 2:

See Fig. 1 for the instantaneous power Pa (t); Pb (t):

All codewords with characteristic dd-sequences 512 will form

Golay pairs with other codewords following the characteristic dd-sequences pairing patterns (5; 8); (6; 7); (9; 12); (10; 11).
The reader can verify that these sequences are not GDJ sequences
by subtracting from each sequence the 12 Golay coset representatives
and comparing with the 1024 codewords of the zero coset to see that
none of the 12 results can be found in the zero coset. An equivalent
check is to note that the conversion from codeword sequences to dd-sequences is linear. Therefore, one can subtract the dd-sequences associated with Table I from the dd-sequences of the 12 coset representatives,
then compare with all the dd-sequences associated with codewords in
the zero coset instead.
IV. CONCLUSION
Davis and Jedwabs construction of Golay sequences as Reed
Muller codewords [2], [3] was believed to possibly generate all
Golay sequences over Z2 of length 2m . An exhaustive search was
conducted and 1024 Golay sequences over Z4 of length 16 were found
that cannot be generated from the GDJ construction. These non-GDJ
Golay sequences are given in a table through 16 characteristic dd-sequences. Longer non-GDJ Golay sequences can be constructed based
on these sequences. Other non-GDJ Golay sequences may exist for
larger sequence lengths and/or alphabets. Analyzing the structures of
these Golay sequences would be an interesting topic for further study.
ACKNOWLEDGMENT
The authors are grateful to Prof. M. S. Lim, Prof. M. H. Lee for
providing motivation and encouragements, to Prof. C. C. Chao for the
helpful discussions, and to the reviewers whose valuable comments
greatly improved this correspondence.
REFERENCES
[1] M. J. E. Golay, Complementary series, IRE Trans. Inf. Theory, vol.
IT-7, no. 2, pp. 8287, Apr. 1961.

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 51, NO. 3, MARCH 2005

[2] J. A. Davis and J. Jedwab, Peak-to-Mean Power Control in OFDM,

Golay Complementary Sequences, and Reed-Muller Codes, HewlettPackard Tech. Rep., HPL-97-158, 1997.
[3]
, Peak-to-mean power control in OFDM, Golay complementary
sequences, and Reed-Muller codes, IEEE Trans. Inf. Theory, vol. 45,
no. 7, pp. 23972417, Nov. 1999.
[4] M. G. Parker, Constabent properties of GolayDavisJedwab sequences, in Proc. IEEE Int. Symp. Information Theory, Sorrento, Italy,
Jun. 2000.
[5] K. G. Paterson, Generalized Reed-Muller codes and power control
in OFDM modulation, IEEE Trans. Inf. Theory, vol. 46, no. 1, pp.
104120, Jan. 2000.
, Sequences for OFDM and Multi-Code CDMA: Two Problems
[6]
in Algebraic Coding Theory, Hewlett-Packard Tech, Rep., HPL-2001146, 2001.
[7] B. M. Popovic, Synthesis of power efcient multitone signals with
at amplitude spectrum, IEEE Trans. Commun., vol. 39, no. 7, pp.
10311033, Jul. 1991.
[8] A. E. Jones, T. A. Wilkinson, and S. K. Barton, Block coding scheme
for reduction of peak to mean envelope power ratio of multicarrier transmission schemes, Electron. Lett., vol. 30, pp. 20982099, 1994.

On the Computation of the Linear Complexity and the

-Error Linear Complexity of Binary Sequences With
Period a Power of Two
Ana Salagean

1145

Index Terms -error linear complexity, linear complexity, repeatedroot codes, stream cipher.

I. INTRODUCTION
The linear complexity of a sequence (i.e., the length of the shortest
recurrence relation, or linear feedback shift register which generates
the sequence) is a fundamental parameter for virtually all applications
of linearly recurrent sequences.
Manuscript received August 13, 2004; revised November 5, 2004. The material in this correspondence was included in part in a paper presented at the International Symposium on Sequences and Their Applications (SETA04), Seoul,
South Korea, November 2004.
The author is with the Department of Computer Science, Loughborough
University, Loughborough LE11 3TU, Leics. U.K. (e-mail: A.M.Salagean@
lboro.ac.uk).
Communicated by K. G. Paterson, Associate Editor for Sequences.
Digital Object Identier 10.1109/TIT.2004.842769

s
s

k
`

k
`

AbstractThe linear GamesChan algorithm for computing the linear

complexity ( ) of a binary sequence of period = 2 requires the
knowledge of the full sequence, while the quadratic BerlekampMassey
algorithm requires knowledge of only 2 ( ) terms. We show that we can
modify the GamesChan algorithm so that it computes the complexity in
linear time knowing only 2 ( ) terms. The algorithms of StampMartin
and LauderPaterson can also be modied, without loss of efciency,
to compute analogs of the -error linear complexity for nite binary
sequences viewed as initial segments of innite sequences with period a
power of two. We also develop an algorithm which, given a constant and
an innite binary sequence with period = 2 , computes the minimum
of errors (and an associated error sequence) needed over a
number
period of for bringing the linear complexity of below . The algorithm
has a time and space bit complexity of ( ). We apply our algorithm to
decoding and encoding binary repeated-root cyclic codes of length in
linear, ( ), time and space. A previous decoding algorithm proposed by
Lauder and Paterson has ( (log ) ) complexity.

Computing the linear complexity c( ) of a linearly recurrent sequence over a eld needs in general quadratic time (Berlekamp
Massey algorithm, [1], [2]). For the particular case of binary sequences
with period a power of two, Games and Chan devised an algorithm with
linear time and space bit complexity [3].
The -error linear complexity of a periodic sequence of period is
the minimum linear complexity that can be obtained for by modifying
up to terms in one period (and modifying all other periods in the same
way). This notion was dened in [4] and is closely related to previously
dened notions of sphere complexity [5] and weight complexity [6].
The GamesChan method has been extended by Stamp and Martin
[4] to computing the -error linear complexity of a binary sequence
with period a power of two, still in linear time. Further, Lauder and
Paterson [7] showed that the whole error linear complexity spectrum
(i.e., the -error complexity for each value of ) of a binary sequence
of period = 2n can be computed in O( (log )2 ) time.
An important application of computing the linear complexity and
-error linear complexity appears in cryptography. If a sequence is used
as a keystream in a stream cipher, an opponent intercepting part of the
sequence will want to recover the whole sequence, thus, breaking the
cipher. If this is not possible, they might hope to at least determine a
sequence which coincides with the correct sequence in all but a small
number of positions.
The initial motivation of our work comes from a remark in [7, Introduction], pointing to the fact that all the previously mentioned efcient
algorithms for binary sequences with period a power of two suffer
from the fact that they require as input an entire period of a sequence
to compute c( ), while the BerlekampMassey algorithm only needs
2c( ) bits. Thus, they are not applicable in realistic cryptographic situations.
The results presented in the current correspondence remedy this
situation. Namely, we prove in Section III that by suitably using the
GamesChan algorithm it is possible to compute the linear complexity
of a binary sequence , given only a nite segment of  2c( ) bits
of the sequence, as long as we know that the period is a power of
two (and we do not need to know in advance which power of two it
is). Moreover, by suitably using the StampMartin algorithm we can
compute the linear complexity of a nite sequence of length , viewed
as an initial segment of an innite sequence with period a power of
two, even in the case when is less than twice the complexity. Hence,
for this particular type of sequences we obtain a linear (rather than
quadratic) complexity algorithm with the input and output specications similar to the BerlekampMassey algorithm.
We cannot expect to be able to compute the -error complexity of
an innite periodic sequence when we know less than one period of
the sequence, as we do not know how many of the errors in an error
pattern that minimizes linear complexity will fall outside our known
portion of the sequence. What we can compute instead is an analogue
notion of -error complexity for nite sequences, which we dene in
Section II as being the minimum complexity of any innite sequence
from a given class, whose initial segment coincides with the given nite sequence on all but possibly up to positions. This denition ts
well the cryptographic application mentioned previously, and could be
used for example in looking for sequences of low complexity which
coincide with the correct sequence except for a certain percentage of
the positions in any initial segment.
In Section III, we also show that by suitably using the StampMartin
algorithm, the -error linear complexity of a nite binary sequence,
viewed as an initial segment of a sequence of period a power of two can
be computed in O( ) time, where is the length of the nite sequence.
The error linear complexity spectrum of such a nite sequence can be

0018-9448/$20.00 2005 IEEE