On the <span class="nowrap"><svg xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://www.w3.org/2000/svg" style="vertical-align:-0.2723999pt" id="M1" height="12.533pt" version="1.1" viewBox="-0.0657574 -12.2606 8.79534 12.533" width="8.79534pt"><g transform="matrix(.017,0,0,-0.017,0,0)"><path id="g113-108" d="M480 416C480 431 465 448 438 448C388 448 312 383 252 330C217 299 188 273 155 237H153L257 680C262 700 263 712 253 712C240 712 183 684 97 674L92 648L126 647C166 646 172 645 163 606L23 -6L29 -12C51 -5 77 2 107 8C115 62 130 128 142 180C153 193 179 220 204 241C231 170 259 106 288 54C317 0 336 -12 358 -12C381 -12 423 2 477 80L460 100C434 74 408 54 398 54C385 54 374 65 351 107C326 154 282 241 263 299C296 332 351 377 403 377C424 377 436 372 445 368C449 366 456 368 462 375C472 386 480 402 480 416Z"/></g></svg>-</span>Error Linear Complexity of Binary Sequences Derived from the Discrete Logarithm in Finite Fields

Chen, Zhixiong; Wang, Qiuyan

doi:https://doi.org/10.1155/2019/8635209

Complexity

On this page

Abstract Introduction Preliminaries Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2019 | Article ID 8635209 | https://doi.org/10.1155/2019/8635209

On the -Error Linear Complexity of Binary Sequences Derived from the Discrete Logarithm in Finite Fields

Zhixiong Chen¹and Qiuyan Wang^1,2

Academic Editor: Carlos F. Aguilar-Ibáñez

Received27 Feb 2019

Accepted13 Jun 2019

Published04 Jul 2019

Abstract

Let be the finite field with elements, where is an odd prime. For the ordered elements , the binary sequence with period is defined over the finite field as follows: where is the quadratic character of . Obviously, is the Legendre sequence if . In this paper, our first contribution is to prove a lower bound on the linear complexity of for , which improves some results of Meidl and Winterhof. Our second contribution is to study the distribution of the -error linear complexity of for . Unfortunately, the method presented in this paper seems not suitable for the case and we leave it open.

1. Introduction

Pseudorandom sequences play an important role in cryptography; for example, they are used as keys in private-key cryptosystems [1, 2]. One of the most remarkable cryptosystems is the one-time pad (also referred to as Vernam cipher), where the plaintext message is added bit by bit (or in general character by character) to a nonrepeating random sequence of the same length [1, 2]. The security of the one-time pad entirely relies on the key sequence with special cryptographic properties, such as the balance, small correlation, and high linear complexity [3]. There are many ways to design suitable sequences. Legendre sequence introduced below is a classic sequence defined using (multiplicative) character of finite fields.

Let be an odd prime; the Legendre sequence of period is defined aswhere is the Legendre symbol. Legendre sequence has a number of good properties; the reader is referred to [4–8] for details.

It is natural to extend the Legendre symbol construction to the extension field of , where . We define below an ordered set for .

For a fix basis of over , we define for ifThen .

Given a primitive element and any , the discrete logarithm of with respect to is the integer , , satisfying the following.We write . The computation of discrete logarithms is of considerable importance in cryptography. The security of many public-key cryptosystems depends on the intractability of the discrete logarithm problem [9].

Then the (-ary) discrete logarithm sequence of period is derived for an integer :where and denotes . The autocorrelation of was analyzed in [10] and its linear complexity was studied in [11, 12].

In cryptographic applications, attention has been focused on the binary sequences over the finite field , since arithmetic is much easier to implement, with respect to both software and hardware. Therefore in this work we consider the case of . Then the binary sequence given by (5) can be defined equivalently aswhere is the quadratic character of and for . Indeed, the multiplicative characters of the finite filed [13] are given byfor a primitive element of and the quadratic character satisfiesIt is easy to see that is balanced ( many 0’s and many 1’s) with least period . The measures of pseudorandomness of the binary sequence were studied in [14] and some related problems were considered in [15–17]. It is noted that when , the is just the Legendre sequence introduced above. Its linear complexity has been determined in [6], and its -error linear complexity over has been calculated by Aly and Winterhof [18]. Therefore, it is natural to investigate the linear complexity of the binary sequence in (6) and its -error linear complexity for .

We organize our contributions as follows. The coming section contains the notions of the linear complexity and -error linear complexity of periodic sequences. In Section 3, we give a lower bound on the linear complexity of in (6) for . In Section 4, we present -error linear complexity of for . It should be noted that the results are different from [18, 19], in which the binary sequence is treated over . Finally in Section 5, we draw some conclusions and present some open problems.

2. Preliminaries

In this section, we recall the notions of linear complexity and -error linear complexity of periodic sequences over the finite field .

Let be a binary sequence over of period . The linear complexity of , denoted by , is the smallest positive integer satisfying the following linear recurrence relationwhere . From the viewpoint of engineers, the linear complexity (also called linear span) of a sequence is the shortest length of a linear feedback shift register (LFSR) that produces . Hence the linear complexity provides information on predictability and thus unsuitability for cryptography and plays an important role in the analysis of stream ciphers.

Let , which is called a characteristic polynomial of . A characteristic polynomial with the smallest degree is called a minimal polynomial of [1]. Let , which is called the generating polynomial of . Then the following lemma gives a way to determine the linear complexity and minimal polynomial of periodic sequences.

Lemma 1 (see [13]). Let be a binary sequence over of period . Then the minimal polynomial of isand the linear complexity of is given bywhere is the generating polynomial of .

Not only should periodic sequences used as key-streams have a large linear complexity, but also altering a few bits should not cause a significant decrease of the linear complexity. Hence we have the following notion.

Definition 2 (see [20]). Let be a binary sequence over of period . For , the -error linear complexity of is the smallest linear complexity of a sequence obtained from by altering at most elements among and continuing these changes periodically with the period .

The concept of -error linear complexity (the sphere complexity, a similar notion of k-error linear complexity, was defined even earlier, please see [1] for details) is very useful in the study of the security of stream ciphers for cryptographic applications. A necessary condition for a key-stream generator is that sequences produced by it should possess high linear complexity and -linear complexity. An efficient algorithm for determining the -error linear complexity of binary sequences of period was designed by Stamp and Martin in [20], and it was generalized to -periodic sequences over the finite field , where is an odd prime [21].

3. A Lower Bound on Linear Complexity

In this section, we prove a lower bound on the linear complexity of the binary sequence defined by (6) for . A bound also has been given in [11, 12], but the result in Theorem 4 improves that in [11, 12] greatly.

Let denote the order of modulo ; i.e., is the smallest positive integer such that .

Lemma 3. Let with . For , if , we have

Proof. Suppose . By , we have for some integer . It is easy to verify that This implies that is a divisor of . Since , we see that .
The assumption implies that . Then we write for some positive integer and . Supposing , we havewhich contradicts the fact that and . Hence and . This completes the proof of this lemma.

Theorem 4. Let symbols be the same as before. If , then the linear complexity of in (6) with period satisfieswhere is the order of 2 modulo and .

Proof. By the definition of , we know that the least period of is . LetThen and has exactly roots, which are -th primitive elements in the algebraic closure of . By Lemma 3, the polynomial can be written as the product of irreducible polynomials of degree , i.e.,In the sequel, we will show that there exists () such that , where is the generating polynomial of .
Suppose ; then for some polynomial of degree . By the product of two polynomials, we obtainfor , which implies for any integer and hence the period of equals . This contradicts the fact that is a -periodic sequence. Hence there exists at least one such that and then . By Lemma 1, we have

The bound is much better than that of [11, Thms. 1 and 2] and [12]. Some examples are listed in Table 1. The bound is tight for certain ; see, for example, in the table. It should emphasized that Theorem 4 is indeed a general result for any -periodic binary sequences over .

Prop. 2 in [22] indicates that the linear complexity of -periodic sequences over is at least . Theorem 4 is a similar statement to that in [22] for binary sequences. We remark that Theorem 4 covers almost all primes. It is shown that primes satisfying are very rare. Up to , there are only two such primes (a prime satisfying is called a Wieferich prime), 1093 and 3511 [23].

4. -Error Linear Complexity

In this section we let . The proof of Theorem 4 helps us to give a lower bound on the -error linear complexity of in (6). We choose as a basis of over . Then for with , we write .

We first prove some lemmas.

Lemma 5. For , let . Then we have

Proof. For each , when runs through the set , so does , where denotes . Then, for , we have if . The proof is finished.

Lemma 6. For the binary sequence in (6), let and denotes the weight of the vector . Then we have the following:(1)for , and if ;(2)for , and if .

Proof. Firstly, we show for any . Since is the quadratic character of , can be written as , where is a character of order of . From for some integer , we haveConsequently, for , we obtain . Then we deriveSecondly, by (6), we see that for any . Hence by Lemma 5, for . Since there are many such that , we haveHence, for

For the binary sequence defined in (6) with , letThen the generating polynomial of is .

Theorem 7. Let symbols be the same as before. If , then the -error linear complexity of in (6) with period satisfieswhere is the order of 2 modulo and

Proof. By Lemma 3, is the product of many irreducible polynomials of degree ; i.e.,Let be a polynomial of degree smaller than over , and has many different terms from , the generating polynomial of . Then we havewhere is a polynomial of degree smaller than and has exactly many monomials. In the sequel, we will find an with the smallest such that .
Supposewhere and the is smaller than . ThenClearly, contains a summation if and otherwise.
If , by Lemma 6 we have and each () has many terms. It can be easily verified that in (32) is the polynomial with the smallest terms such that . The argument implies that if , there is no with terms such that . Among , there exists at least one such that , where . By Lemma 1, we have .
If , letBy Lemma 6, is the polynomial with the smallest terms such that . Using the same method above, we have if .
This completes the proof of this theorem.

Next we consider the case that is primitive modulo and the following lemma is required.

Lemma 8. For , let . Then we havewhere

Proof. The proof can be derived directly from Lemma 6.

Theorem 9. Let symbols be the same as before. If and is primitive modulo , then the -error linear complexity of in (6) with period satisfies the following:
When , we have When , we have

Proof. Since is primitive modulo , the two polynomials and are irreducible over .
For any with many terms, from the proof of Theorem 7 we have and for , where is the generating polynomial of . This means that for .
Now we consider modulo ). By Lemma 8, we haveFor the case , from (38) we obtain the following: (1) and , then we have .(2), which indicates that .(3), which indicates that .Putting everything together, the first statement of Theorem 9 is proved. For the case , it can be easily verified that and the second statement of this theorem can be similarly proved.

Theorem 10. Let symbols be the same as before. If and is primitive modulo , then the -error linear complexity of in (6) with period satisfies the following:
When , we have When , we have

Proof. The proof of Theorem 10 is similar to that of Theorem 9 and we omit it.

Theorems 9 and 10 indicate that defined in (6) has good stability, or, in other words, the linear complexity is not significantly decreased by changing only a few (but not many) terms.

5. Final Remarks

In this work, we have studied an extension of the Legendre sequence, which has been widely considered in the literature. More exactly, we have investigated the linear complexity and -error linear complexity of a binary -periodic sequence derived from the discrete logarithm in finite fields. We only give a lower bound on the linear complexity for and the distribution of the -error linear complexity for . Therefore, it is interesting to consider the -error linear complexity for ; we describe an open problem as follows.

Open Problem. Determine the -error linear complexity of defined in (6) for the case when .

By Lemma 6, we find that and . This sacrifices the pseudorandomness of the sequence. Therefore, we can modify the construction of (with period ) as follows: The method given in this work can be used to consider the linear complexity and -error linear complexity.

Finally it should be remarked that there is another way to order the elements in . Let be a primitive element of and is an ordered set. The sequence is defined asThe sequence is referred to as a generalized Sidelnikov sequence, and the -error linear complexity of was determined over for ) [18]. It is interesting to consider the -error linear complexity over of .

Data Availability

No data were used to support this study.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

The authors wish to thank Prof. Arne Winterhof for helpful suggestions and some corrections of the proof. Z. Chen was partially supported by the National Natural Science Foundation of China under grant No. 61772292, the Projects of International Cooperation and Exchanges NSFC-RFBR No. 61911530130, the Provincial Natural Science Foundation of Fujian under grant No. 2018J01425, and the Program for Innovative Research Team in Science and Technology in Fujian Province University under grant No. 2018-49. Q. Wang was also supported by the National Science Foundation of China under grant No. 61602342, Science Foundation of Tianjin under grant No. 18JCQNJC70300, the Science & Technology Development Fund of Tianjin Education Commission for Higher Education under grant No. 2018KJ215 and No. 16JCYBJC41500, the Key Laboratory of Applied Mathematics of Fujian Province University (Putian University) under grant No. SX201804, and the China Scholarship Council (No. 201809345010).

References

C. Ding, G. Xiao, and W. Shan, The Stability Theory of Stream Ciphers, vol. 561 of Lecture Notes in Computer Science, Springer, Berlin, Germany, 1991.
View at: Publisher Site | MathSciNet
R. A. Rueppel, Analysis and Design of Stream Ciphers, Springer-Verlag, Berlin, Germany, 1986.
View at: Publisher Site | MathSciNet
T. W. Cusick, C. Ding, and A. Renvall, Stream Ciphers and Number Theory, Gulf Professional Publishing, 2004.
A. J. Bromfield and F. C. Piper, “Linear recursion properties of unrelated binary sequences,” Discrete Applied Mathematics, vol. 27, no. 3, pp. 187–193, 1990.
View at: Publisher Site | Google Scholar | MathSciNet
I. B. DamgÅrd, “On the randomness of Legendre and Jacobi sequences,” in Advances in Cryptology, S. Goldwasser, Ed., vol. 403 of Lecture Notes in Comput. Sci., pp. 163–172, Springer, Berlin, Germany, 1990.
View at: Publisher Site | Google Scholar | MathSciNet
D. Cunsheng, T. Hesseseth, and S. Weijuan, “On the linear complexity of Legendre sequences,” IEEE Transactions on Information Theory, vol. 44, no. 3, pp. 1276–1278, 1998.
View at: Publisher Site | Google Scholar
D. Cunsheng, “Pattern distributions of Legendre sequences,” IEEE Transactions on Information Theory, vol. 44, no. 4, pp. 1693–1698, 1998.
View at: Publisher Site | Google Scholar
J. Kim and H. Song, “Trace representation of Legendre sequences,” Designs, Codes and Cryptography, vol. 24, pp. 343–348, 2001.
View at: Google Scholar
A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, New York, NY, USA, 1997.
View at: MathSciNet
W. Meidl and A. Winterhof, “On the autocorrelation of cyclotomic generator,” in Lecture Notes in Computer Science, pp. 1–11, Springer, Berlin, Germany, 2003.
View at: Google Scholar
W. Meidl and A. Winterhof, “Lower bounds on the linear complexity of the discrete logarithm in finite fields,” IEEE Transactions on Information Theory, vol. 47, no. 7, pp. 2807–2811, 2001.
View at: Publisher Site | Google Scholar
A. Winterhof, “A note on the linear complexity profile of the discrete logarithm in finite fields,” in Coding, Cryptography and Combinatorics, K. Feng, H. Niederreiter, and C. Xing, Eds., vol. 23 of Progr. Comput. Sci. Appl. Logic, pp. 359–367, Birkhäuser, Basel, Switzerland, 2004.
View at: Google Scholar | MathSciNet
R. Lidl and H. Niederreiter, Finite Fields, Addison-Wesley, Reading, Mass, USA, 1983.
View at: MathSciNet
A. Sárközy and A. Winterhof, “Measures of pseudorandomness for binary sequences constructed using finite fields,” Discrete Mathematics, vol. 309, no. 6, pp. 1327–1333, 2009.
View at: Publisher Site | Google Scholar
K. Gyarmati, C. Mauduit, and A. Sárközy, “On finite pseudorandom binary lattices,” Discrete Applied Mathematics, vol. 216, pp. 589–597, 2017.
View at: Publisher Site | Google Scholar
K. Gyarmati, A. Sárközy, and C. L. Stewart, “On Legendre symbol lattices,” Uniform Distribution Theory, vol. 4, no. 1, pp. 81–95, 2009.
View at: Google Scholar | MathSciNet
K. Gyarmati, A. Sárközy, and C. L. Stewart, “On Legendre symbol lattices,” II. Uniform Distribution Theory, vol. 8, no. 1, pp. 47–65, 2013.
View at: Google Scholar | MathSciNet
H. Aly and A. Winterhof, “On the k-error linear complexity over of Legendre and Sidelnikov sequences,” Designs, Codes and Cryptography, vol. 40, no. 3, pp. 369–374, 2006.
View at: Publisher Site | Google Scholar | MathSciNet
H. Aly, W. Meidl, and A. Winterhof, “On the k-error linear complexity of cyclotomic sequences,” Journal of Mathematical Cryptology, vol. 1, no. 3, pp. 283–296, 2007.
View at: Publisher Site | Google Scholar
M. Stamp and C. F. Martin, “An algorithm for the k-error linear complexity of binary sequences with period 2n,” Institute of Electrical and Electronics Engineers Transactions on Information &Theory, vol. 39, no. 4, pp. 1398–1401, 1993.
View at: Publisher Site | Google Scholar | MathSciNet
T. Kaida, S. Uehara, and K. Imamura, “A new algorithm for the k-error linear complexity of sequences over GF(pm) with period pn,” in Sequences and Their Applications, C. Ding, T. Helleseth, and H. Niederreiter, Eds., pp. 284–296, Springer, London, UK, 1999.
View at: Google Scholar | MathSciNet
S. R. Blackburn, T. Etzion, and K. G. Paterson, “Permutation polynomials, de bruijn sequences, and linear complexity,” Journal of Combinatorial Theory, Series A, vol. 76, no. 1, pp. 55–82, 1996.
View at: Publisher Site | Google Scholar
A. Akbary and S. Siavashi, “The largest known Wieferich numbers,” Integers. Electronic Journal of Combinatorial Number Theory, vol. 18-A3, pp. 1–6, 2018.
View at: Google Scholar | MathSciNet

Copyright

Copyright © 2019 Zhixiong Chen and Qiuyan Wang. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

542

Downloads

1081

Citations