66

IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.3A, March 2006

Computing the k-error 2-adic complexity of a binary sequence of period pn

Lihua Dong, Yupu Hu Key Laboratory of Computer Networks and Information Security(Ministry of Education)Xidian University, Xian 71007, China Summary
Cryptographically strong sequences should have a large 2-adic complexity to thwart the known feedback with carry shift register (FCSR) synthesis algorithms. At the same time the change of a few terms should not cause a significant decrease of the 2-adic complexity. This requirement leads to the concept of the k-error 2-adic complexity. In this paper, an algorithm for computing the k-error 2-adic complexity of the binary sequence with period N=pn, p is a prime, is proposed by using the 2-adic complexity synthesis algorithm of Wilfried Meidl, and the Stamp-Martin algorithm. This algorithm is the first concrete construction of the algorithm for calculating the k-error 2-adic complexity. Using the algorithm proposed, the upper bound of the k-error 2-adic complexity can be obtained in n steps.

Definition: let s be a binary sequence with period N, then the k-error 2-adic complexity is defined as N ,k ( s ) = min 2 (t )
{ per ( t )= N ,d ( s ,t ) k }

Key words:
Cryptography; FCSR; k-error 2-adic complexity

1. Introduction
The notion of feedback with carry shift registers (FCSRs), introduced by Klapper and Goresky[1], has received a great amount of attention in the Cryptography. Some basic properties of FCSR sequences, such as their periods, rational expressions, exponential representations, rational approximation algorithms and their randomness has been discussed[2-10]. In additionally, Wilfried Meidl[11] presents an FCSR analog of the (extended) Games-Chan algorithm, which determines the 2-adic complexity of a periodic binary sequence with period N=2n or pn, where p is an odd prime and 2 is a primitive element modulo p2. It is well known that the linear complexity of a periodic sequence is unstable under small perturbations[12]. This is also true for the case of the 2-adic complexity. For example, let S=(1,0,0,...,0) or (0,1,1,...,1) with period T. Then the 2-adic complexity is log2(2T-1). However, after changing 1 bit within every period, the 2-adic complexity becomes 0[14]. Hence it is interesting to investigate the properties of the k-error 2-adic complexity of periodic binary sequences. The area of k-error 2-adic complexity was first formally studied by Wang[13]. Then the lower bound of the k-error 2-adic complexity is given by Hu in [14]. The definition of the k-error 2-adic complexity of sequences is described as follows:
Manuscript revised August 22, 2005.

Remark 1: The minimum is extended over all N-periodic sequences t=t0t1tN-1. for which the Hamming distance of the vectors (s0,s1,,sN-1) and (t0,t1,,tN-1) is at most k. In this case we write d(s,t)k. The k-error 2-adic complexity defined above is similar to that of k-error linear complexity. In other words, N,k(s) is the least 2-adic complexity among all N-periodic sequences t that are obtained by changing up to k terms among the first N terms of s and continuing these changes periodically with period N. There are no known algorithms in the literature for calculating the k-error 2-adic complexity of a periodic binary sequence. In this paper, we will construct an algorithm for computing the upper bound of the k-error 2-adic complexity of a periodic binary sequence with period N=pn, p is an prime, based on the 2-adic complexity synthesis algorithm in [11]. In Section 2, the necessary background is established, and the algorithm of [11] is presented. The new algorithm for computing the k-error 2-adic complexity is described in Section 3.

2. Preliminary
We include here just enough detail of the theory of FCSRs for our current purpose. An FCSR is determined by coefficients q1,q2,,qc, and an initial memory mc-1. Then the FCSR iteratively generates an FCSR-sequence S with initial bits s0s1. sc-1 in the following way, for n=c,c+1,: (1) Form the integer sum n

c k =1

q k s n k + mn 1

(2) Shift the contents one step to the right, outputting the rightmost bit sn-c. (3) Put sn=n mod2. (4) Replace the memory integer mn-1 with mn=(n-sn)/2=|_n/2_|. The integer q=qc2c+qc-12c-1++q12-1 is called the connection integer of the FCSR. Any infinite binary sequence S=s0s1 can be interpreted as =s020+s121+s222

IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.3A, March 2006

67

+.. Such a series does not converge in the usual sense, but it nevertheless defines a 2-adic number. The ring Z2 of 2-adic numbers contains all the usual rational numbers with odd denominator. There is a one-to-one correspondence between rational numbers =-r/q where q 1(mod 2) and eventually periodic binary sequence S. If r and q are relatively prime, and q is odd, then the eventual period T of the associated sequence with =-r/q equals T=ordq(2), where ordq(2) is the minimal integer t such that 2t1(mod q). There is a useful polynomial f(x)= s0 x 0+s1 x 1 ..+ sN-1 x N-1 that associates a sequence S with its 2-adic interpretation. In this case the corresponding 2-adic number is given as f (2) = f (2)2 0 + f (2)2 N + f (2)2 2 N + L = N 2 1 Let us write =-r/q as a fraction reduced to lowest terms. Then q=(2N-1)/gcd(2N-1,f(2)) is the connection integer of the smallest FCSR, and log2(q) is the 2-adic complexity of the sequence S. Since the 2-adic complexity 2(S) measures the size of the smallest FCSR that can generate S, it is of comparable significance as the linear complexity of the binary sequence S. Suppose that the period N of a binary sequence S is a n power of a prime p, i.e. N=pn, n1. The integer 2 p 1 can be written as the product . m 1 2 p 1 We will need a key lemma, proved as [11, theorem]. Lemma. Let SN=(s0s1sN-1) be a binary N-tuple, N=pn, n1, let the polynomial f(x)= s0 x 0+s1 x 1+ sN-1 x N-1, and let Aj be the binary pn-1-tuple consisting of the string of consecutive bits beginning at s( j 1) p n 1 , i.e. Aj= ( s( j 1) p n 1 s jp n 1 1 ), j=1,,p. Then we have, 1. 2. Fm(p)divides f(2) if and only if A1=A2==Ap. Fm(p), 1m<n, divides f(2) if and only if it divides A1(2)+A2(2)++Ap(2), where j=1, , p
A j ( x ) = t = 0
p n 1 1

Pn-1+ log 2 ( p) digits. In this case we can write C in the form a+b 2 p with 0a< 2 p and 1b<p. Now, we have n 1 n 1 ( C = a + b2 p = a + b( Fm p ) u =1,u m Fu( p ) + 1)
( = a + b + bFm p ) u =1,u m Fu( p ) n 1
n 1

n 1

Thus Fm(p) divides C if and only if it divides a+b, 1mn. Note that the 2-adic complexity only increases at a step unless A1=A2==Ap. The following algorithm determines for which m the integer Fm(p) divides f(2)= s0 20+s1 21..+ sN-12 N-1, 1mn. Since in general the integer Fm(p) is not a prime, hence the algorithm yields an upper bound for q=(2N-1)/gcd(2N-1, f(2)), and thus for the 2-adic complexity 2(s)=log2(q). Algorithm 1: the 2-adic complexity synthesis algorithm A=S, N=pn, =1; 2(S)=0, while n>0 ,, a n 1 ), j=1,2,, p Aj =( a n 1
( j 1) p jp 1

( ( 2 p 1 = n Fm p ) , Fm p ) = 2 m =1

pm

if A1=A2==Ap A=A1 else =Fm(p) 2(S)=2(S)+pn-1( p-1) A=A1A2Ap if B=( a n 1 , a n 1 ,, a n 1 p p +1 p + log A=(a0,a1,, a A=AB n=n-1 end while
p n 1 1

2 ( p)

)0

s ( j 1) p n 1 +t x t
N

Given the first period S =(s0s1sN-1), N=pn, of a binary sequence S, the following algorithm introduced in [11] is obtained by applying the Lemma recursively. That is, If we have the equation A1=A2==Ap, the 2-adic complexity does not increase and we apply the procedure to A1; Otherwise we increase the 2-adic complexity by pn-1(p-1) and apply the procedure to A1(2)+A2(2)++Ap(2). Since C=A1(2)+A2(2)++Ap(2) has to be not larger n 1 than p( 2 p -1), the 2-adic expansion of it may have up to

Remark 2. Here the algebraic operation is not the termwise addition of bits but the 2-adic addition of finite bit strings. Since 2j+2j=2j+1, 2-adic addition is performed by carrying overflow bits to higher order terms. The output is the connection integer of an FCSR that can generate the given sequence S. Since in general the integer Fm(p) is not a prime, might not be the connection integer of the smallest FCSR that can generate S. Thus, the 2-adic complexity 2(S) satisfies 2(S)log2(). The coefficients of the FCSR correspond to the coefficients of the 2-adic expansion of +1=qc2c+qc-12c-1++q12. If +1= 2 2 ( S )+1 , trivially we have c=2(S)+1. Else we have c= log 2 ( + 1) =2(S). Thus the output 2(S) satisfies 2(S)<log2()<2(S)+1.

68

IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.3A, March 2006

3. Extended Stamp-Martin algorithm for solving the k-error 2-adic complexity synthesis problem
In the algorithm above, we found that the estimate of the 2-adic complexity increases unless A1=A2==Ap. Thus to find the k-error 2-adic complexity, that is, to find the least 2-adic complexity among all N-periodic sequences t that are obtained by changing up to k terms among the first N terms of the sequence S, the principal goal of the algorithm is to change as few terms among the first N terms of the sequence S as possible to make the equation A1=A2==Ap hold. In the following we give an algorithm for estimating the upper bound for the k-error 2-adic complexity of a periodic binary sequence with period N=pn that is an analog of the Stamp-Martin algorithm[15] for computing the k-error linear complexity of a periodic binary sequence with the same period. Here p is a prime. we denote as the 2-adic addition. In this section, we will propose the synthesis algorithm for computing the k-error 2-adic complexity of a periodic binary sequence with period N=pn in Section 3.1, and then give the validity of the proposed algorithm in Section 3.2. Finally, an instance is shown.

2(S)=2(S)+pn-1(p-1), If B=( a p n1 , a pn1 +1 ,, a p n 1 + log

2 ( p)

) 0,

then A=(a0,a1,, a

p n 1 1

);A=AB;

ll/p, For i=1,2,,p, Ai=(a(i-1)l a(i-1)l+1 ail-1), if A1=A2==Ap A=A1 else if we make A1=A2==Ap by completing some bits in the sequence A and the total cost is smaller than k, we do so; while n>0 ll/p, For i=1,2,,p, Ai=(a(i-1)l a(i-1)l+1 ail-1), if A1=A2==Ap A=A1 else 2(S)=2(S)+pn-1( p-1) A=A1A2Ap if B=( a pn 1 , a pn1 +1 ,, a n 1 p + log A=AB n=n-1 end while end if n=n-1 end while 3.2 The validity of proposed algorithm
Theorem. Let s be a binary sequence with period N=pn. Here p is a prime, and 0kpn. Then the integer 2(s) that has been obtained by Algorithm 2 above in n steps is the upper bound for computing the k-error 2-adic complexity of the binary sequence s. Proof: The outline of the proof follows: First two paragraphs will tell us two switches (k>0 and k=0) to be proved; the third paragraph gives some notations; finally, a epagoge is given to prove the switch k>0. When k=0, Algorithm 2 just reduces to Algorithm 1; When k>0, to obtain the k-error 2-adic complexity, we are allowed to make k (or fewer) bit changes in s in order to reduce the 2-adic complexity as much as possible. But as with Algorithm 1, the 2-adic complexity increases unless A1=A2==Ap. Notice that if the equation doesnt hold in step m of Algorithm 2, and we can change up to k terms among the first N terms of s to make it hold, we do
2 ( p)

) 0,

3.1 Proposed algorithm

A=(a0,a1,, a p n 1 1 )

Algorithm 2: k-error 2-adic complexity synthesis algorithm

AsN, lpn, 2(s)0, cost[i]1, i=0,1,2,,l-1. While n>0 ll/p, For i=1,2,,p, Ai=(a(i-1)l a(i-1)l+1 ail-1), For h=0,1,2,,l-1, Th1= p 1 ah+ jl cos t[h + jl ] ,
j =0
j =0

Th0= T=

p 1

cos t[h + jl ] -Th1, Th=min{Th0,Th1},

l 1 h =0

Th .

If Tk, then kk-T, For h=0,1,2,,l-1, cost[h]=max{Th0,Th1}-Th, if Th0Th1, for j=1,2,,p if ah+(j-1)l=0, then ah+(j-1)lah+(j-1)l +1, else if Th1Th0, for j=1,2,,p if ah+(j-1)l=1, then ah+(j-1)lah+(j-1)l +1 AA1. else AA1A2Ap,

IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.3A, March 2006

69

so, by which we can avoid adding the (p-1)pn-m into 2(s), and the total of all remaining possible additions is only pn-m. This is the basic logic of the algorithm--apply the Stamp-Martin algorithm[15] and ours. Now we give some notations. The vector of cost[i]s is intended to measure the cost- in terms of the number of bit changes required in the original sequence s-of changing the current element ai without disturbing the results of any previous steps. The following is a epagogic proof. Now, suppose we have computed to step m, and cost[i] correctly records the cost of complementing bit of ai without disturbing the results of any previous steps. It remains to show that the cost[i]s are correct at the end of step (m+1). When Tk, 1. If not all of the bits ai+(j-1)l, j=1,2,,p, are equal (in step m), then change all of which into 0 by complementing the bit ai+(j-1)l that is equal to 1 (or into 1 by complementing the bit ai+(j-1)l that is equal to 0), j=1,2,,p. The corresponding total cost that makes these bits ai+(j-1)l, j=1,2,,p, equal is denoted as Ti1 (or Ti0). Thus the variable T correctly gives the total minimal cost of forcing all the bits ai+(j-1)l equal, j=1,2,,p. Now, if Ti0Ti1, then in order to minimize the total cost, we have to change all the bit 0 into bit 1. If we want to complete the bit ai in step (m+1), and keep all the ai+(j-1)l, j=1,2,,p are equal in step m, we have to restored all the ai+(j-1)l, j=1,2,,p (in step m) to its previous value, then change all the 1 into 0 of ai+(j-1)l, j=1,2,,p (in step m), which has a net cost of max{Ti0,Ti1}-Ti, and hence cost[i] is computed correctly in this case. If Ti1Ti0, then the case is similar. 2. If all of the bits ai+(j-1)l, j=1,2,,p (in step m) are equal, then Ti=0. If we want to complete the bit ai in step (m+1), and keep all of the bits ai+(j-1)l, are equal in step m, then we have to complement all the bits ai+(j-1)l, j=1,2,,p (in step m). Thus cost[i]= p 1 cost[i+jl]=max{Ti0,Ti1}-Ti. Hence
j =0

the all-0 sequence and the all-1 sequence, the 2-adic complexity is 0. Thus the algorithm is terminated when the vector (0) or the vector (1) is encountered. #

3.2 An illustration Let s be a binary sequence with period N=81=34, s81=11001000111101010010110101011001000111101010 0101101010110010001111010100101011010 be the first period of s, then we can compute the 6-error 2-adic complexity of s as follows. The subscript on the ith bit of Aj is the cost[i+(j-1)l], j=1,2,3. When we can force A1=A2=A3, the subscript on the ith bit of A is the max{Ti0,Ti1}-min{Ti0,Ti1}. While we have no means to make the equation A1=A2=A3 hold, the subscript on the ith bit of A is the min {cost[i+jl], 0jp-1}. Denote as the 2-adic complexity of the sequence.
asN, l81, 2(s)0, cost[i]1, i=0,1,2,,l-1, k6 Step1: l=27, T=2, k=6, 2(s) A1=1111010111010101111111110111011101011101111101 11011101 A2=1111010111010101111111110111011101011101111101 11011101 A3=1111010111010101111111110111011101011101110111 11011101 AA1=131303031303030313131313031303130303130313 110113031303 =0

cost[i] is also computed correctly in this case. If T>k, then AA1A2Ap and AAB. After that, let A=A1||A2||||Ap, here || is denoted as concatenation. Now if we can make A1=A2==Ap by completing some bits in step m and the total cost is smaller than k, we do so. That is, to minimize the 2-adic complexity, we search such changes in the sequence obtained in the step m that the total cost is smaller than k and A1=A2==Ap in the sum sequence. After that, since the calculation of the cost for any bit is difficult, so we just have to compute the 2-adic complexity for the remainder sequence. Hence cost[i] is also computed correctly in this case. Finally, when n=0, there remains only one bit a0. Since for

Step 2: l=9, T=20, k=4 A1= 131303031303030313 A2= 131313031303130303 A3= 130313110113031303 AA1A2A3 = 1 1 1 0 1 0 0 0 0 1 A= 111010000 B= 100000000 AAB = 0 0 0 1 1 0 0 0 0 =18 A1=000 A2=110 A3=000 To minimize the 2-adic complexity, we search such changes in the sequence obtained in the step 1 that the total cost is not larger than 4 and A1=A2=A3 in the sum sequence. For the current example, after changing 6 bits, we have the following sequence: s= 100 0 0001111010100101 0 0 1010 1100 0 0001111010100101 0 0 1010 1100 0 0001111010100101 0 0 1010. AA1=1313030300030303131313130313031303031303130102 13031303 A1=131303030003030313 A2=131313031303130303 A3=130313010213031303 AA1A2A3 =111111111 =18

70

IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.3A, March 2006

[4]

Step 3: l=3, T=0, k=0 A1=111 A2=111 A3=111 AA1=111 Step 4: l=1, T=0, k=0 A1=1 A2=1 A3=1 AA1=1 a0=1,stop;

[5]

=18

[6] [7]

=18

[8] [9] [10]

Finally the 6-error 2-adic complexity of the sequence s is 18, which is the 2-adic complexity of the sequence s obtained by changing sequence s with 6 bits. In the sequence s, the bold is the bit which has been altered. By using proposed algorithm, we obtain that the 2-adic complexity of the sequence s is also 18, which consists with our result.

[11]

5. Conclusion
We have exhibited an efficient algorithm which computes the k-error 2-adic complexity of a periodic binary sequence of period N=pn. The algorithm given in this paper is an extension of the Stamp-Martin algorithm. It remains a challenging open problem to design an algorithm, which efficiently computes the k-error 2-adic complexity of binary sequences of arbitrary period.
[12] [13] [14]

Acknowledgments This work was supported in part by the Nature Science Foundation of China (No. 60273084) and Doctoral Foundation of China (No. 20020701013).

[15] [16]

M. Goresky, A. Klapper, Large periods nearly de Bruijn FCSR sequences, Advances in Cryptology-Eurocrypt95, LNCS, vol. 921, Springer-Verlag, Berlin, 1995, pp. 263-273. A. Klapper, A survey of feedback with carry shift registers, Sequence and Its Application, SETA 2004, LNCS, 3486, Springer-Verlag, Berlin, 2005, pp.56-71. Franois Arnault, Thierry P.Berger, F-FCSR: Design of a new class of stream cipher, Fast Software Encryption, LNCS, 3557, Springer-Verlag, Berlin, 2005, pp.83-97. Franois Arnault, Thierry P.Berger, Design and properties of a new pseudorandom generator based on a filtered FCSR automaton, IEEE Transactions on Computers, 54(11), 2005, pp.1374-1383. A. Klapper, Jingzhong Xu, Register synthesis for algebraic feedback shift registers based on non-primes, Designs, Codes and Cryptography, vol.31, 2004, pp.227-250. A. Klapper, M. Goresky, Feedback shift registers, 2-adic span, and combiners with memory, J. Cryptology, vol.10, 1997, pp.111-147. Franois Arnault, Thiery P. Berger, and Abdelkadar Necer, Feedback with carry shift registers synthesis with the Euclidean algorithm, IEEE Trans. Information Theory, 50(5), 2004, pp.910-917. Wilfried Meidl, Extended GamesChan algorithm for the 2-adic complexity of FCSR-sequences, Theoretical Computer Science, vol.290, Elsevier Science B.V., 2003, pp.2045-2051. Niederreiter,H.: Periodic sequences with large k-error linear complexity. IEEE Trans.Inform. Theor. Vol.49, 2003, pp.501-505. WangLei, CaiMian and Xiao Guozhen, On stability of 2-adic complexity of periodic sequence, Journal of Xidian University (in Chinese), vol.27, 2000, pp.348-350. Honggang Hu, Dengguo Feng, On the 2-Adic Complexity and the k-Error 2-Adic Complexity of Periodic Binary Sequences, Sequence and Its Application, SETA 2004, LNCS, vol.3486, Springer-Verlag, Berlin, 2005, pp.185-196. M. Stamp and C.F. Martin, An algorithm for the k-error linear complexity of binary sequences of period 2n, IEEE Trans. Inform. Theory, 39(1993), pp.1398-1401. Dong Qingkuan, Xiao Guozhen, An efficient algorithm for the k-error linear complexity of periodic sequences, Journal of Xidian University (in Chinese), Vol. 28, No. 4, Aug. 2001, pp.421-424.

References
[1] A. Klapper, M. Goresky, 2-adic shift registers, in: R. Anderson (Ed.), Fast Software Encryption, Lecture Notes in Computer Science, Vol. 809, Springer-Verlag, New York, 1994, pp. 174-178. M. Goresky, A. Klapper, Feedback registers based on ramified extensions of the 2-adic numbers, Advances in Cryptology-Eurocrypt 94, LNCS, vol, 950, Springer-Verlag, Berlin, 1995, pp. 215-222. M. Goresky, A. Klapper, Cryptanalysis based on 2-adic rational approximation, Advances in Cryptology-Crypt 95, LNCS, vol. 963, Springer-Verlag, Berlin, 1995, pp. 262-273.

[2]

[3]