STUDIES ON ERROR LINEAR COMPLEXITY MEASURES FOR MULTISEQUENCES AYINEEDI VENKATESWARLU (M.Tech, ISI Kolkata) A THESIS SUBMITTED FOR THE DEGREE OF DOCTOR OF PHILOSOPHY DEPARTMENT OF MATHEMATICS NATIONAL UNIVERSITY OF SINGAPORE 2007 Acknowledgments First of all, I would like to express my heartfelt gratitude to my supervisor, Prof. Harald Niederreiter, for his continuous support and inspiration. He has been very kind to me and helped me throughout these four years of my stay at the National University of Singapore. His vast knowledge in many areas, attention to details, and patience, are a great inspiration for me and they added significantly to my research experience. Many thanks to Dr. Wilfried Meidl, with whom I shared office for over a year. Part of this thesis work has been done in collaboration with him. I sincerely express my thanks to Prof. Ling San and Prof. Xing Chaoping for their support by giving me an opportunity to work in the Coding and Cryptology group. I thank Prof. A. J. Berrick and Prof. Zhu Chengbo for their inspiring lectures. I would like to thank the head of the department, Prof. Chong Chi Tat, for providing me generous financial support to attend the conference WCC 2007. I also appreciate the assistance of the office and technical staff at the department, especially Shanthi, Lee, Ghazali and Jess for their quick response and help. A very special thanks goes to Prof. Bimal Roy, A/Prof. Subhamoy Maitra, Prof. Palash Sarkar, and Prof. Rana Barua, at the Indian Statistical Institute Kolkata, without whose motivation and encouragement I would not have considered this doctoral study. I would also like to thank the faculty members at the Department of Mathematics, University of Hyderabad, whose teachings are the foundation of my career now. ii I am greatly indebted to my parents, brothers, and in-laws, without whom, I would not be the person that I am today. I have no words to express my gratitude to my family for their love and continuous support. I doubt that I will ever be able to convey my appreciation fully, but I owe them my eternal gratitude. The road to my doctoral study has been long and winding. I am fortunate to have many good friends along the way. I am thankful to all those friends and individuals who helped me, in one way or the other, to reach this position: Harikrishna, Pradyumna, Ramesh, VVSN Raju, Satyababu, Anil, Ramu, Hema, Nagender, Pradeep, KLM, Anji, Vidyasagar, Sreenaiah, Misraji, Rao garu, Sujit, Sangam, Kummi, Ramesh Raju, G Ramesh, Piyush, Sourav, Ratna, Kishanda, Tanmoy, RK, Siva, Bipin, Raju, and especially the Pinegrove gang. Finally, I express my gratitude to the Department of Mathematics and the Temasek Laboratories, National University of Singapore, for the financial assistance during this doctoral study. Singapore, October 2007 Ayineedi Venkateswarlu To my Family Contents Introduction 1.1 Outline of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . Background 2.1 Basics and Notation . . . . . . . . . . . . . . . . . . . . . . . . . 2.2 Linear Feedback Shift Registers . . . . . . . . . . . . . . . . . . . 2.3 Stream Ciphers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2.3.1 Word-Based Stream Ciphers . . . . . . . . . . . . . . . . . 15 2.3.2 Berlekamp-Massey Type Attacks . . . . . . . . . . . . . . 16 2.4 Complexity Measures for Sequences . . . . . . . . . . . . . . . . . 17 2.4.1 Linear Complexity . . . . . . . . . . . . . . . . . . . . . . 17 2.4.2 Linear Complexity Profile . . . . . . . . . . . . . . . . . . 24 2.4.3 k-Error Linear Complexity . . . . . . . . . . . . . . . . . . 27 2.5 Complexity Measures for Multisequences . . . . . . . . . . . . . . 31 2.5.1 Joint Linear Complexity . . . . . . . . . . . . . . . . . . . 32 2.5.2 Joint Linear Complexity Profile . . . . . . . . . . . . . . . 39 Error Linear Complexity Measures for Multisequences 41 3.1 Definitions in the Finite Length Case . . . . . . . . . . . . . . . . 43 3.2 Definitions in the Periodic Case . . . . . . . . . . . . . . . . . . . 44 CONTENTS v Error Linear Complexity of Finite Length Multisequences 47 4.1 Enumeration Results . . . . . . . . . . . . . . . . . . . . . . . . . 47 4.2 Expected Values 59 . . . . . . . . . . . . . . . . . . . . . . . . . . . Error Linear Complexity of Prime Periodic Multisequences 65 5.1 Enumeration Results . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.2 Expected Values . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.3 Counting Functions for k = . . . . . . . . . . . . . . . . . . . . 75 Multisequences over Fq with Period pv , char(Fq ) = p 79 6.1 Relationship Between Joint Linear Complexity and Error Linear Complexities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 6.2 Counting Functions for the 1-Error Joint Linear Complexity . . . 81 6.3 Algorithm for Computing the Joint Linear Complexity . . . . . . 86 6.4 Algorithm for Computing the k-Error Joint Linear Complexity . . 89 6.4.1 On the k-Error Joint Linear Complexity Profile . . . . . . 94 Multisequences over Fq with Period pn , q is a Primitive Root Modulo p2 96 7.1 On the Joint Linear Complexity . . . . . . . . . . . . . . . . . . . 97 7.2 Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 7.2.1 Computing the k-Error Joint Linear Complexity . . . . . . 102 7.3 Enumeration Results . . . . . . . . . . . . . . . . . . . . . . . . . 106 7.3.1 Counting Functions for k = . . . . . . . . . . . . . . . . 107 7.4 On the Minimum Value of k for Which Lk (S) < L(S) . . . . . . . 111 7.4.1 Lower Bound on kmin (S) . . . . . . . . . . . . . . . . . . . 112 Periodic Multisequences with Large Error Linear Complexity 114 8.1 A General Upper Bound . . . . . . . . . . . . . . . . . . . . . . . 116 8.2 Lower Bounds and Counting Functions . . . . . . . . . . . . . . . 118 CONTENTS vi 8.3 Asymptotic Results . . . . . . . . . . . . . . . . . . . . . . . . . . 122 8.4 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Concluding Remarks 128 Bibliography 130 Summary Complexity measures for keystream sequences over finite fields, such as the linear complexity and the k-error linear complexity, play a crucial role in stream cipher cryptology. Most of the research so far has been concentrated on single keystream sequences. Recently, in the study of word-based stream cipher systems, generalizing the concept of the linear complexity of single keystream sequences to parallel streams of finitely many sequences, the joint linear complexity of multisequences has been investigated. But there is no theory of k-error linear complexity of multisequences so far. In this thesis we develop a theory of k-error linear complexity for multisequences by introducing three new complexity measures, namely k-error joint linear complexity, k-error Fq -linear complexity and k-error joint linear complexity. We find analogs of some of the known results in the single sequence case for the multisequence case. Mainly, we establish various enumeration results and lower bounds on the expected values of these error linear complexity measures in both the finite length as well as the periodic case. Multisequences with period length a prime or a prime power receive greater attention in this thesis. In particular, in the latter case, we devise algorithms to compute the error linear complexity measures. In this case, we also give formulas for counting functions for the 1-error joint linear complexity. We also present some results on periodic multisequences which possess maximal joint linear complexity and large error linear complexity, and demonstrate that, for multisequences with suitable parameters, a major proportion of them have this property. List of Symbols The following is a list of important symbols used throughout the thesis. Fq : the finite field containing q elements Ht : entropy function S = (S1 , . . . , Sm ) : an m-fold multisequence Finite Length Case: Ln (S) : nth joint linear complexity of S Ln,k (S) : nth k-error joint linear complexity of S Lqn,k (S) : nth k-error Fq -linear complexity of S Ln,k (S) : nth k-error joint linear complexity of S m Nn,k (L) : number of m-fold multisequences of length n with k-error joint linear complexity L m,q Nn,k (L) : number of m-fold multisequences of length n with k-error Fq -linear complexity L Nn,mk (L) : number of m-fold multisequences of length n with k-error joint linear complexity L m En,k : expected k-error joint linear complexity m,q En,k : expected k-error Fq -linear complexity m En, : expected k-error joint linear complexity k CONTENTS ix Periodic Case: L(S) : joint linear complexity of S Lk (S) : k-error joint linear complexity of S Lqk (S) : k-error Fq -linear complexity of S Lk (S) : k-error joint linear complexity of S m PN,k (L) : number of m-fold N-periodic multisequences with k-error joint linear complexity L m,q PN,k (L) : number of m-fold N-periodic multisequences with k-error Fq -linear complexity L m PN, (L) : number of m-fold N-periodic multisequences with k k-error joint linear complexity L Gm N,k : expected k-error joint linear complexity Gm,q N,k : expected k-error Fq -linear complexity Gm : expected k-error joint linear complexity N,k 8.4 Examples 126 modulo N satisfies d ≥ ηN ≥ 2. Then Q3 (γ, N) > (1 − q −m(η−Hq (γ))N ) )1/η . In particular, if there exists an infinite set Pq,η of N with gcd(N, q) = and d ≥ ηN, then lim Q3 (γ, N) = 1. N→∞ N ∈Pq,η 8.4 Examples In Theorems 8.3.1-8.3.3 we need the condition d N ≥ η for fixed η (0 < η < 1), i.e., the multiplicative order d = ordN (q) of q modulo N is a positive proportion of N for all N ∈ Pq,η . Here we can make use of many number-theoretic results to get examples of Pq,η for suitable values of q and η. The examples presented in [52, 67] are applicable for the multisequence case as well. Here we point out a few of them. According to a famous conjecture by Artin, for any q which is not a perfect square, q is a primitive root modulo infinitely many primes N, i.e., ordN (q) = N −1 (see [75, p. 81]). Hooley [33] has shown that the Extended Riemann Hypothesis (ERH) is enough to prove the Artin’s conjecture. Then from Theorems 8.3.18.3.3 we can observe that almost all N-periodic multisequences have error linear complexities φ(N) = N − 1. Suppose N = nτ , where τ ≥ and n is an odd prime different from the characteristic of Fq . Let d1 be the order of q modulo n. Thus q d1 = + cnρ , ρ ≥ 1, for an integer c with gcd(c, n) = 1. By an argument in [50, p. 2820], for τ ≥ ρ the multiplicative order dτ of q modulo nτ is given by d1 nτ −ρ . Now choose η = d1 n−ρ and < γ < (q − 1)/q with Hq (γ) < η. Then all the conditions of Theorem 8.3.1 are satisfied for the integers nτ with τ ≥ ρ, and so this theorem yields lim Q1 (γ, N) = 1. τ →∞ 8.4 Examples 127 We can get similar results for the other two options from Theorems 8.3.2 and 8.3.3 with suitable γ. The error linear complexities are greater than N − N/n in this case. These number-theoretic results establish that there are infinitely many integers N for which the error linear complexities of N-periodic multisequences are close to the period length N. Chapter Concluding Remarks The goal of this thesis work has been the extension of the stability theory of stream ciphers and the theory of error linear complexity measures from single sequences to multisequences. The case of multisequences is relevant for the design and the analysis of word-based stream ciphers. For multisequences there are various possibilities of defining analogs of the k-error linear complexity of single sequences. We considered the k-error joint linear complexity, the k-error Fq -linear complexity, and the k-error joint linear complexity for finite as well as for periodic multisequences. Some of the results in this thesis work have appeared in the papers [53] and [68]. We considered finite length multisequences in Chapter and prime periodic multisequences in Chapter 5. Various enumeration results and lower bounds on the expected values of these error linear complexity measures were established. We considered pv -periodic multisequences over Fq , where char(Fq ) = p, in Chapter 6, and pn -periodic multisequences, where q is a primitive root modulo p2 , in Chapter 7. Algorithms to compute the error linear complexity of multisequences were presented in these cases. A generalization of the algorithms for the general case of arbitrary period length is interesting. Counting functions for the 1-error joint linear complexity were established. 129 We established general upper bounds on these error linear complexity measures in Section 8.1. The remaining results in Section 8.2 provided lower bounds on the number of m-fold N-periodic multisequences over Fq with maximum joint linear complexity N and large error linear complexity. The asymptotic analysis in Section 8.3 showed that, under certain conditions, a large proportion of the m-fold N-periodic multisequences over Fq with joint linear complexity N can be expected to have large error linear complexity. Our results in this chapter point out suitable parameters but not lead to explicit construction of multisequences with large error linear complexity. It is interesting to devise methods for the explicit construction of multisequences having this property. In this thesis, we have developed the theory of error linear complexity measures for multisequences to some extent and a lot remains to be done. The general aim should be to find analogs of all major results on the k-error linear complexity of single sequences (see the survey [63]) for the case of multisequences. Bibliography [1] ECRYPT stream cipher project – eSTREAM. http://www.ecrypt.eu.org/ stream/. Accessed Oct. 2007. [2] T. M. Apostol. Introduction to Analytic Number Theory. Springer, Berlin, 1976. [3] E. R. Berlekamp. Algebraic Coding Theory. McGraw-Hill, New York, 1968. [4] R. E. Blahut. Theory and Practice of Error Control Codes. Addison-Wesley, Reading, MA, 1983. [5] C. Carlet. Boolean Functions for Cryptography and Error Correcting Codes. Boolean Methods and Models. Cambridge University Press, Cambridge, 2007. [6] P. H. Chen. Multisequence linear shift register synthesis and its application to BCH decoding. IEEE Trans. Commun., 24(4):438–440, 1976. [7] T. H. Cormen, C. Stein, R. L. Rivest, and C. E. Leiserson. Introduction to Algorithms. McGraw-Hill, New York, 2nd edition, 2001. [8] T. W. Cusick, C. Ding, and A. Renvall. Stream Ciphers and Number Theory, volume 55 of North-Holland Mathematical Library. Elsevier Science B.V., Amsterdam, 1998. BIBLIOGRAPHY 131 [9] Z. Dai. Multi-continued fraction algorithms and their applications to sequences. In G. Gong, T. Helleseth, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2006, volume 4086 of Lect. Notes Comput. Sci., pages 17–33, Berlin, 2006. Springer. [10] E. Dawson, K. Chen, M. Henricksen, W. Millan, L. Simpson, H. Lee, and S. Moon. DRAGON, ECRYPT candidate. http://www.ecrypt.eu.org/ stream/dragonp3.html. Accessed Oct. 2007. [11] E. Dawson and L. Simpson. Analysis and design issues for synchronous stream ciphers. In H. Niederreiter, editor, Coding Theory and Cryptology, pages 49– 90. World Scientific, Singapore, 2002. [12] C. Ding. Proof of Massey’s conjectured algorithm. In C. G. G¨ uenther, editor, Advances in Cryptology – EUROCRYPT ’88, volume 330 of Lect. Notes Comput. Sci., pages 345–349, Berlin, 1988. Springer. [13] C. Ding. Lower bounds on the weight complexities of cascaded binary sequences. In J. Seberry and J. Pieprzyk, editors, International Conference on Cryptology – AUSCRYPT ’90, volume 453 of Lect. Notes Comput. Sci., pages 39–43, Berlin, 1990. Springer. [14] C. Ding, G. Xiao, and W. Shan. The Stability Theory of Stream Ciphers, volume 561 of Lect. Notes Comput. Sci. Springer, Berlin, 1991. [15] P. Ekdahl and T. Johansson. A new version of the stream cipher SNOW. In K. Nyberg and H. M. Heys, editors, Selected Areas in Cryptography – SAC 2002, volume 2595 of Lect. Notes Comput. Sci., pages 47–61, Berlin, 2002. Springer. BIBLIOGRAPHY 132 [16] H. J. Fell. Linear complexity of transformed sequences. In G. D. Cohen and P. Charpin, editors, EUROCODE ’90, volume 514 of Lect. Notes Comput. Sci., pages 205–214, Berlin, 1991. Springer. [17] G. L. Feng and K. K. Tzeng. A generalized Euclidean algorithm for multisequence shift-register synthesis. IEEE Trans. Inform. Theory, 35(3):584–594, 1989. [18] G. L. Feng and K. K. Tzeng. A generalization of the Berlekamp-Massey algorithm for multisequence shift-register synthesis with applications to decoding cyclic codes. IEEE Trans. Inform. Theory, 37(5):1274–1287, 1991. [19] X. Feng and Z. Dai. Expected value of the linear complexity of two- dimensional binary sequences. In T. Helleseth, D. V. Sarwate, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2004, volume 3486 of Lect. Notes Comput. Sci., pages 113–128, Berlin, 2004. Springer. [20] X. Feng, Q. Wang, and Z. Dai. Multi-sequences with d-perfect property. J. Complexity, 21(2):230–242, 2005. [21] F.-W. Fu, H. Niederreiter, and M. Su. The expectation and variance of the joint linear complexity of random periodic multisequences. J. Complexity, 21(6):804–822, 2005. [22] F.-W. Fu, H. Niederreiter, and M. Su. The characterization of 2n -periodic binary sequences with fixed 1-error linear complexity. In G. Gong, T. Helleseth, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2006, volume 4086 of Lect. Notes Comput. Sci., pages 88–103, Berlin, 2006. Springer. BIBLIOGRAPHY 133 [23] R. A. Games and A. H. Chan. A fast algorithm for determining the complexity of a binary sequence with period 2n . IEEE Trans. Inform. Theory, 29(1):144–146, 1983. [24] M.Z. Garaev, F. Luca, I.E. Shparlinski, and A. Winterhof. On the lower bound of the linear complexity over Fp of Sidelnikov sequences. IEEE Trans. Inform. Theory, 52(7):3299–3304, 2006. [25] S.W. Golomb. Shift Register Sequences. Holden-Day, San Francisco, CA, 1967. [26] F. Griffin and I.E. Shparlinski. On the linear complexity profile of the power generator. IEEE Trans. Inform. Theory, 46(6):2159–2162, 2000. [27] F. G. Gustavson. Analysis of the Berlekamp-Massey linear feedback shiftregister synthesis algorithm. IBM J. Res. Develop., 20(3):204–212, 1976. [28] J. Gutierrez, I. Shparlinski, and A. Winterhof. On the linear and nonlinear complexity profile of nonlinear pseudorandom number generators. IEEE Trans. Inform. Theory, 49(1):60–64, 2003. [29] Y. K. Han, J.-H. Chung, and K. Yang. On the k-error linear complexity of pm -periodic binary sequences. IEEE Trans. Inform. Theory, 53(6):2297–2304, 2007. [30] P. Hawkes, M. Paddon, G. G. Rose, and M. Wiggers de Vries. NLS, ECRYPT candidate. http://www.ecrypt.eu.org/stream/nlsp3.html. Accessed Oct. 2007. [31] P. Hawkes and G. G. Rose. Exploiting multiples of the connection polynomial in word-oriented stream ciphers. In T. Okamoto, editor, Advances in Cryptology – ASIACRYPT 2000, volume 1976 of Lect. Notes Comput. Sci., pages 303–316, Berlin, 2000. Springer. BIBLIOGRAPHY 134 [32] T. Helleseth, M. Maas, J.E. Mathiassen, and T. Segers. Linear complexity over Fp of Sidel’nikov sequences. IEEE Trans. Inform. Theory, 50(10):2468– 2472, 2004. [33] C. Hooley. On Artin’s conjecture. J. Reine Angew. Math., 225:209–220, 1967. [34] D. Huffman. A linear circuit viewpoint on error-correcting codes. IEEE Trans. Inform. Theory, 2(3):20–28, 1956. [35] D. Jungnickel. Finite Fields: Structure and Arithmetics. Bibliographisches Institut, Mannheim, 1993. [36] T. Kaida. On the generalized Lauder-Paterson algorithm and profiles of the kerror linear complexity for exponent periodic sequences. In T. Helleseth, D. V. Sarwate, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2004, volume 3486 of Lect. Notes Comput. Sci., pages 166–178, Berlin, 2004. Springer. [37] T. Kaida, S. Uehara, and K. Imamura. An algorithm for the k-error linear complexity of sequences over GF (pm ) with period pn , p a prime. Information and Computation, 151(1-2):134–147, 1999. [38] S. Konyagin, T. Lange, and I. Shparlinski. Linear complexity of the discrete logarithm. Des. Codes Cryptography, 28(2):135–146, 2003. [39] K. Kurosawa, F. Sato, T. Sakata, and W. Kishimoto. A relationship between linear complexity and k-error linear complexity. IEEE Trans. Inform. Theory, 46(2):694–698, 2000. [40] D. Laksov. Linear recurring sequences over finite fields. Math. Scand., 16:181– 196, 1965. BIBLIOGRAPHY 135 [41] A.G.B. Lauder and K.G. Paterson. Computing the error linear complexity spectrum of a binary sequence of period 2n . IEEE Trans. Inform. Theory, 49(1):273–280, 2003. [42] R. Lidl and H. Niederreiter. Finite Fields. Cambridge University Press, Cambridge, 2nd edition, 1997. [43] F. J. MacWilliams and N. J. A. Sloane. The Theory of Error-Correcting Codes, volume 16 of North-Holland Mathematical Library. North-Holland Publishing Co., Amsterdam, 1977. [44] J. L. Massey and S. Serconek. Linear complexity of periodic sequences: a general theory. In Advances in cryptology – CRYPTO ’96, volume 1109 of Lect. Notes Comput. Sci., pages 358–371. Springer, Berlin, 1996. [45] W. Meidl. How many bits have to be changed to decrease the linear complexity? Des. Codes Cryptography, 33(2):109–122, 2004. [46] W. Meidl. Linear complexity and k-error linear complexity for pn -periodic sequences. In Coding, Cryptography and Combinatorics, volume 23 of Progr. Comput. Sci. Appl. Logic, pages 227–235. Birkh¨auser, Basel, 2004. [47] W. Meidl. On the stability of 2n -periodic binary sequences. IEEE Trans. Inform. Theory, 51(3):1151–1155, 2005. [48] W. Meidl and H. Niederreiter. Counting functions and expected values for the k-error linear complexity. Finite Fields and their Applications, 8(2):142–154, 2002. [49] W. Meidl and H. Niederreiter. Linear complexity, k-error linear complexity, and the discrete Fourier transform. J. Complexity, 18(1):87–103, 2002. BIBLIOGRAPHY 136 [50] W. Meidl and H. Niederreiter. On the expected value of the linear complexity and the k-error linear complexity of periodic sequences. IEEE Trans. Inform. Theory, 48(11):2817–2825, 2002. [51] W. Meidl and H. Niederreiter. The expected value of the joint linear complexity of periodic multisequences. J. Complexity, 19(1):61–72, 2003. [52] W. Meidl and H. Niederreiter. Periodic sequences with maximal linear complexity and large k-error linear complexity. Appl. Algebra Eng. Commun. Comput., 14(4):273–286, 2003. [53] W. Meidl, H. Niederreiter, and A. Venkateswarlu. Error linear complexity measures for multisequences. J. Complexity, 23(2):169–192, 2007. [54] W. Meidl and A. Venkateswarlu. Remarks on the k-error linear complexity of pn -periodic sequences. Des. Codes Cryptography, 42(2):181–193, 2007. [55] W. Meidl and A. Winterhof. Lower bounds on the linear complexity of the discrete logarithm in finite fields. IEEE Trans. Inform. Theory, 47(7):2807– 2811, 2001. [56] W. Meidl and A. Winterhof. On the linear complexity profile of some new explicit inversive pseudorandom numbers. J. Complexity, 20(2-3):350–355, 2004. [57] W. Meidl and A. Winterhof. On the joint linear complexity profile of explicit inversive multisequences. J. Complexity, 21(3):324–336, 2005. [58] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, Florida, 1996. [59] H. Niederreiter. Sequences with almost perfect linear complexity profile. In D. Chaum and W.L. Price, editors, Advances in Cryptology – EURO- BIBLIOGRAPHY 137 CRYPT ’87, volume 304 of Lect. Notes Comput. Sci., pages 37–51, Berlin, 1987. Springer. [60] H. Niederreiter. The probabilistic theory of linear complexity. In C.G. G¨ uenther, editor, Advances in Cryptology – EUROCRYPT ’88, volume 330 of Lect. Notes Comput. Sci., pages 191–209, Berlin, 1988. Springer. [61] H. Niederreiter. The linear complexity profile and the jump complexity of keystream sequences. In I. B. Damgard, editor, Advances in Cryptology – EUROCRYPT ’90, volume 473 of Lect. Notes Comput. Sci., pages 174–188, Berlin, 1990. Springer. [62] H. Niederreiter. Some computable complexity measures for binary sequences. In Sequences and their applications – SETA 1998, Discrete Math. Theor. Comput. Sci., pages 67–78. Springer, London, 1999. [63] H. Niederreiter. Linear complexity and related complexity measures for sequences. In T. Johansson and S. Maitra, editors, Progress in Cryptology – INDOCRYPT 2003, volume 2904 of Lect. Notes Comput. Sci., pages 1–17, Berlin, 2003. Springer. [64] H. Niederreiter. Periodic sequences with large k-error linear complexity. IEEE Trans. Inform. Theory, 49(2):501–505, 2003. [65] H. Niederreiter. The probabilistic theory of the joint linear complexity of multisequences. In G. Gong, T. Helleseth, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2006, volume 4086 of Lect. Notes Comput. Sci., pages 5–16, Berlin, 2006. Springer. [66] H. Niederreiter and H. Paschinger. Counting functions and expected values in the stability theory of stream ciphers. In Sequences and their applications BIBLIOGRAPHY 138 – SETA 1998, Discrete Math. Theor. Comput. Sci., pages 318–329. Springer, London, 1999. [67] H. Niederreiter and I. Shparlinski. Periodic sequences with maximal linear complexity and almost maximal k-error linear complexity. In K. G. Paterson, editor, 9th IMA International Conference on Cryptography and Coding, volume 2898 of Lect. Notes Comput. Sci., pages 183–189, Berlin, 2003. Springer. [68] H. Niederreiter and A. Venkateswarlu. Periodic multisequences with large error linear complexity. Des. Codes Cryptography, 2007. to appear. [69] H. Niederreiter and L.-P. Wang. Proof of a conjecture on the joint linear complexity profile of multisequences. In S. Maitra, C. E. Veni Madhavan, and R. Venkatesan, editors, Progress in Cryptology – INDOCRYPT 2005, volume 3797 of Lect. Notes Comput. Sci., pages 13–22, Berlin, 2005. Springer. [70] H. Niederreiter and L.-P. Wang. The asymptotic behavior of the joint linear complexity profile of multisequences. Monatshefte f¨ ur Mathematik, 150(2):141–155, 2007. [71] M. J. B. Robshaw. Stream ciphers (version 2.0). Technical report, RSA Laboratories, Redwood City, CA, 1995. [72] R. A. Rueppel. Analysis and Design of Stream Ciphers. Communication and Control Engineering Series. Springer, Berlin, 1986. [73] R. A. Rueppel. Stream ciphers. In Contemporary Cryptology – The Science of Information Integrity, pages 65–134. IEEE Press, New York, 1992. [74] S. Sakata. Extension of the Berlekamp-Massey algorithm to N dimensions. Information and Computation, 84(2):207–239, 1990. BIBLIOGRAPHY 139 [75] D. Shanks. Solved and Unsolved Problems in Number Theory. Chelsea Publishing Co., New York, 3rd edition, 1985. [76] C. E. Shannon. Communication theory of secrecy systems. Bell Syst. Tech. J., 28:656–715, Oct. 1949. [77] I. Shparlinski. Linear complexity of the Naor-Reingold pseudo-random function. Inf. Process. Lett., 76(3):95–99, 2000. [78] I. Shparlinski. On the linear complexity of the power generator. Des. Codes Cryptography, 23(1):5–10, 2001. [79] B. Smeets. The linear complexity profile and experimental results on a randomness test of sequences over the field Fq . Technical report, University of Lund, 1988. [80] M. Stamp and C.F. Martin. An algorithm for the k-error linear complexity of binary sequences with period 2n . IEEE Trans. Inform. Theory, 39(4):1398– 1401, 1993. [81] M. Su and L. Chen. The properties of the 1-error linear complexity of pn periodic sequences over Fp . In IEEE International Symposium on Information Theory 2006, pages 1998–2002, 2006. [82] A. S˘al˘agean. On the computation of the linear complexity and the k-error linear complexity of binary sequences with period a power of two. IEEE Trans. Inform. Theory, 51(3):1145–1150, 2005. [83] J. H. van Lint. Introduction to Coding Theory. Springer, Berlin, 2nd edition, 1992. [84] L.-P. Wang and H. Niederreiter. Enumeration results on the joint linear complexity of multisequences. Finite Fields and their Applications, 12(4):613– 637, 2006. BIBLIOGRAPHY 140 [85] L.-P. Wang, Y.-F. Zhu, and D.-Y. Pei. On the lattice basis reduction multisequence synthesis algorithm. IEEE Trans. Inform. Theory, 50(11):2905–2910, 2004. [86] Q. Wang, K. Wang, and Z. Dai. Implementation of multi-continued fraction algorithm and application to multi-sequence linear synthesis. In G. Gong, T. Helleseth, H.-Y. Song, and K. Yang, editors, Sequences and Their Applications – SETA 2006, volume 4086 of Lect. Notes Comput. Sci., pages 248–258. Springer, 2006. [87] S. Wei, G. Bai, and G. Xiao. A fast algorithm for determining the linear complexity of a binary sequence with period pn . J. China Institute of Communications, 20(8):36–40, 1999. [88] S. Wei, Z. Chen, and G. Xiao. A fast algorithm for the k-error linear complexity of a binary sequence. In International Conferences on Info-tech and Info-net – ICII 2001, volume 5, pages 152–157, 2001. [89] S. Wei, G. Xiao, and Z. Chen. An efficient algorithm for k-error linear complexity. Chinese Journal of Electronics, 11(2):265–267, 2002. [90] G. Xiao and S. Wei. Fast algorithms for determining the linear complexity of period sequences. In A. Menezes and P. Sarkar, editors, Progress in Cryptology – INDOCRYPT 2002, volume 2551 of Lect. Notes Comput. Sci., pages 12–21, Berlin, 2002. Springer. [91] G. Xiao, S. Wei, K.-Y. Lam, and K. Imamura. A fast algorithm for determining the linear complexity of a sequence with period pn over GF (q). IEEE Trans. Inform. Theory, 46(6):2203–2206, 2000. [92] C. P. Xing. Multi-sequences with almost perfect linear complexity profile and function fields over finite fields. J. Complexity, 16(4):661–675, 2000. BIBLIOGRAPHY 141 [93] C. P. Xing. Applications of algebraic curves to constructions of sequences. In K. Y. Lam, I. E. Shparlinski, H. Wang, and C. P. Xing, editors, Cryptography and Computational Number Theory, volume 20 of Progr. Comput. Sci. Appl. Logic, pages 137–146, Basel, 2001. Birkh¨auser. [94] C. P. Xing and K.-Y. Lam. Sequences with almost perfect linear complexity profiles and curves over finite fields. IEEE Trans. Inform. Theory, 45(4):1267– 1270, 1999. [95] C. P. Xing, K.-Y. Lam, and Z. Wei. A class of explicit perfect multi-sequences. In K.-Y. Lam, E. Okamoto, and C. Xing, editors, Advances in Cryptology – ASIACRYPT ’99, volume 1716 of Lect. Notes Comput. Sci., pages 299–305, Berlin, 1999. Springer. [96] C. P. Xing and H. Niederreiter. Applications of algebraic curves to constructions of codes and almost perfect sequences. In D. Jungnickel and H. Niederreiter, editors, Finite Fields and Applications, pages 475–489, Berlin, 2001. Springer. [97] C. P. Xing, H. Niederreiter, K.-Y. Lam, and C. Ding. Constructions of sequences with almost perfect linear complexity profile from curves over finite fields. Finite Fields and their Applications, 5:301–313, 1999. [98] M. Zhang, C. Carroll, and A. H. Chan. The software-oriented stream cipher SSC2. In B. Schneier, editor, Fast Software Encryption – FSE 2000, volume 1978 of Lect. Notes Comput. Sci., pages 31–48, Berlin, 2000. Springer. [99] N. Zierler. Linear recurring sequences. J. Soc. Indust. Appl. Math., 7:31–48, 1959. [...]... kerror joint linear complexity, for multisequences in the finite length case as well as the periodic case We use error linear complexity as a general term to refer 1.1 Outline of the Thesis 5 to the above mentioned error linear complexity measures In Chapter 4, we consider finite length multisequences and establish formulas for counting functions for the error linear complexity measures Lower bounds on. .. develop a theory of kerror linear complexity for multisequences We introduce various options for error linear complexity measures for multisequences, analogous to the framework of the k -error linear complexity of single sequences (see Chapter 3) We will establish various enumeration results and lower bounds for the expected values of these 1.1 Outline of the Thesis 4 error linear complexity measures We also... specific values In Chapter 6, we consider pv -periodic multisequences over Fq with char(Fq ) = p We first look at a relationship between joint linear complexity and error linear complexity in Section 6.1, and then we give formulas for counting functions for the 1 -error joint linear complexity We then develop an algorithm for computing the k -error joint linear complexity Similarly, multisequences over Fq with... to linear complexity include the linear complexity profile (see Section 2.4.2) and the k -error linear complexity (see Section 2.4.3) The linear complexity profile is suitable for the study of arbitrary infinite sequences The idea of k -error linear complexity stems from the stability theory of stream ciphers as described in the book of Ding et al [13] In this theory one studies the behavior of linear complexity. .. expected values of the error linear complexity measures and asymptotic behavior of these bounds are also shown In Chapter 5, we consider prime periodic multisequences and establish formulas for counting functions and lower bounds on the expected error linear complexities We also present formulas for the number of prime periodic multisequences with fixed 1 -error joint linear complexity for specific values... definitions for these terms and also give a brief overview of the known results Lastly, we consider the joint linear complexity and the joint linear complexity profile of multisequences In this part we develop techniques that are useful in the later chapters In Chapter 3, we formally define the notions of error linear complexity, namely the k -error joint linear complexity, the k -error Fq -linear complexity, ... root modulo p2 , are considered in Chapter 7 In this chapter we first present an algorithm to compute the k -error joint linear complexity, and then formulas for counting functions for the 1 -error joint linear complexity are established In a different direction, we establish several results on the periodic multisequences having maximal joint linear complexity and large error linear complexity in Chapter... ciphers (see Section 2.3.1) The theory of such stream ciphers requires the study of the complexity measures for multisequences, i.e., for parallel streams of finitely many sequences In this direction, the joint linear complexity and the joint linear complexity profile of multisequences have been investigated (see Sections 2.5.1 and 2.5.2) But there is no theory of k -error linear complexity for multisequences. .. efficiently by one or more short LFSRs are combined into a nonlinear function We can distinguish these generators into two classes: the first one is nonlinearly filtering the state of an LFSR, known as nonlinear filter generator; the second one is combining the outputs of several LFSRs into a nonlinear function, known as nonlinear combiner generator The keystream is formed by termwise combination of individual... in Section 2.4.2 2.4.1 Linear Complexity The linear complexity is a basic complexity measure for keystreams in the systemtheoretic approach to stream ciphers Another commonly used term in place of 2.4 Complexity Measures for Sequences 18 linear complexity is linear span Definition 2.4.1 The linear complexity L(S) of an ultimately periodic sequence S over Fq is defined by the least order of a linear recurrence . of k- error linear complexity for multisequences. We introduce various o ptions for error linear complexity measures for multisequences, analogous to the framework of the k -error linear complexity. formally define the notions of error linear complexity, namely the k -error joint linear complexity, the k -error F q -linear complexity, and the  k- error joint linear complexity, for multisequences in. k -error linear complexity for multisequences by introducing three new complexity measures, namely k -error joint linear complexity, k -error F q -linear complexity and  k -error joint linear com- plexity.