Jacobi sequences

Information Sciences 177 (2007) 4820–4831 www.elsevier.com/locate/ins Sequences related to Legendre/Jacobi sequences Zhixiong Chen a,* , Xiaoni Du ...

Download PDF

219KB Sizes 5 Downloads 84 Views

Report

PDF Reader
Full Text

Information Sciences 177 (2007) 4820–4831 www.elsevier.com/locate/ins

Sequences related to Legendre/Jacobi sequences Zhixiong Chen

a,* ,

Xiaoni Du

b,c

, Guozhen Xiao

b

a

Department of Mathematics, Putian University, Putian, Fujian 351100, China National Key Laboratory of I.S.N, Xidian University, Xi’an 710071, China Department of Mathematics, Northwest Normal University, Lanzhou 730070, China b

c

Received 6 October 2006; received in revised form 11 February 2007; accepted 13 February 2007

Abstract Two families of binary sequences are constructed from dth order cyclotomic generator and from dth order generalized cyclotomic generator with respect to two distinct primes respectively. By using estimates of certain exponential sums over rings or ﬁelds, the upper bounds of both the well-distribution measure and the order k (at least for small k) correlation measure of the resulting binary sequences are evaluated, and some lower bounds on the linear complexity proﬁle of d-ary cyclotomic sequences and d-ary generalized cyclotomic sequences are presented. Our results indicate that such binary sequences possess ‘‘very good’’ local pseudo-randomness. Ó 2007 Elsevier Inc. All rights reserved. Keywords: Legendre and Jacobi sequences; Generalized cyclotomic sequences; Exponential sums; Well-distribution measure; Correlation measure of order k; Linear complexity proﬁle

1. Introduction Legendre sequence is a well-known binary sequence with ideal periodic and aperiodic autocorrelation functions, it is also known to exhibit large linear complexity, which makes it signiﬁcant for cryptographic applications. Jacobi and modiﬁed Jacobi sequences are constructed by combining two appropriate Legendre sequences, and they also have good correlation properties and large linear complexity. For more information on this subject the reader is referred to [6,9,8,16,10,13,18,19,21]. Ding et al. applied the theory of cyclotomy, which is an old topic of elementary number theory, to construct and study a family of pseudo-random sequences, which are called (generalized) cyclotomic sequences, which include Legendre sequences, Jacobi and modiﬁed Jacobi sequences [6,7,10–12,14,15,22,23,1,2,27]. Most generalized cyclotomic sequences have good periodic/aperiodic correlation properties and large linear complexity, which give them some cryptographic signiﬁcance. Cyclotomic classes and generalized cyclotomic classes play an important role in constructing generalized cyclotomic sequences.

*

Corresponding author. E-mail address: [email protected] (Z. Chen).

0020-0255/$ - see front matter Ó 2007 Elsevier Inc. All rights reserved. doi:10.1016/j.ins.2007.02.012

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4821

Let m be a positive integer. We identify Zm , the residue ring modulo m, with the set f0; 1; ; m 1g and we denote Zm by the unit group of Zm . A partition fD0 ; D1 ; Dd1 g of Zm is a family of sets with Di \ Dj ¼ ; for

i 6¼ j;

Zm ¼

d[ 1

Di :

i¼0

If D0 is a multiplicative subgroup of Zm , then there exist elements g1 ; . . . ; gd1 of Zm such that Di ¼ gi D0 for all i 2 ½1; d 1. The Di’s are called (classical) cyclotomic classes of order d when m is prime and generalized cyclotomic classes of order d when m is composite. Diﬀerent D0 gives diﬀerent (generalized) cyclotomies of order d. Two important measures, the well-distribution measure and the correlation measure of order k, were introduced by Mauduit and Sa´rko¨zy [25] to evaluate the (local) pseudo-randomness of a ﬁnite binary sequence: S N ¼ fs1 ; s2 ; . . . ; sN g 2 fþ1; 1gN : The well-distribution measure of SN is deﬁned as X t1 W ðS N Þ ¼ max saþjb ; a;b;t j¼0 where the maximum is taken over all a; b; t such that a; b; t 2 N and 1 6 a 6 a þ ðt 1Þb 6 N , while the correlation measure of order k (or order k correlation measure) of SN is deﬁned as X M snþd 1 snþd 2 snþd k ; C k ðS N Þ ¼ max M;D n¼1 where the maximum is taken over all D ¼ ðd 1 ; ; d k Þ with non-negative integers 0 6 d 1 < < d k and M such that M þ d k 6 N . SN is considered as a ‘‘good’’ pseudo-random sequence, if both W ðS N Þ and C k ðS N Þ (at least for small k) are ‘‘small’’ in terms of N (in particular, both are oðN Þ as N ! 1). It was shown in [4] that for a ‘‘truely’’ random N N sequence S N 2 fþ1; 1g (i.e., choosing S N 2 fþ1; 1g with probability 1/2N), both W ðS N Þ and C k ðS N Þ (for some ﬁxed k) are around N1/2 with ‘‘near 1’’ probability. p For the Legendre sequence S p ¼ fs1 ; s2 ; ; sp g 2 fþ1; 1g with ( n ; if gcdðn; pÞ ¼ 1; p sn ¼ 1; if pjn; it was shown by Mauduit and Sa´rko¨zy in [25] that W ðS p Þ ¼ Oðp1=2 logðpÞÞ and

C k ðS p Þ ¼ Oðkp1=2 logðpÞÞ;

which indicate that the Legendre sequence forms a ‘‘good’’ pseudo-random sequence. Many other ‘‘good’’ (but slightly inferior) binary sequences were designed in the literature, see for example [4,5,17,20,26,28,29] and references therein. In this article, we continue to study the cyclotomic sequences and generalized cyclotomic sequences of order d. We ﬁrst deﬁne cyclotomic classes of order d for Fp and generalized cyclotomic classes of order d for Zpq , respectively, where p; q are two distinct primes. Then we deﬁne d-ary cyclotomic sequences (resp. d-ary generalized cyclotomic sequences) from the corresponding cyclotomic classes (resp. generalized cyclotomic classes) and construct binary sequences from d-ary cyclotomic sequences and d-ary generalized cyclotomic sequences respectively. Using estimates of certain exponential sums, we investigate the well-distribution measure and the correlation measure of order k of the resulting binary sequences and the linear complexity proﬁle of the resulting polyphase (generalized) cyclotomic sequences respectively. This article is organized as follows. In Section 2, some basic results on the exponential sums over residue ring Zm are introduced. In Section 3, polyphase cyclotomic sequences and binary sequences are constructed. The well-distribution measure and the correlation measure of order k of the resulting binary sequences are

4822

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

estimated. A lower bound on linear complexity proﬁle of the resulting polyphase cyclotomic sequences is presented. Another family of binary sequences and polyphase generalized cyclotomic sequences are constructed in Section 4. A conclusion is drawn in Section 5. As usual, we suppose that a binary sequence is always deﬁned over f0; 1g. 2. Exponential sums over rings For any positive integer m > 1, a group homomorphism v : Zm ! C1 is called a multiplicative character modulo m, where C1 is the multiplicative group of complex numbers of absolute value 1. A character with vðxÞ ¼ 1 for any x 2 Zm is called the principal character and denoted by c is denoted by the set of all multiplicative characters of Z . It is easy to see that Z c forms a group, v0 ¼ 1. Z m m m which is isomorphic to Zm , with the principal character v0 as the neutral element under the multiplication of characters. c , we set vðxÞ ¼ vðx1 Þ, i.e., v is the inverse of v. For convenience, we extend the deﬁnition v For any v 2 Z m to Zm only by deﬁning vðxÞ ¼ 0 for x with gcdðx; mÞ > 1. c denote the cardinality of Z c . For any element x 2 Z , Lemma 1 [24]. Let # Z m m m ( X 0; if x 6¼ 1; vðxÞ ¼ c # Zm ; otherwise: v2 Zbm And for any character v 2 ( X 0; vðxÞ ¼ c ; #Z x2Zm

m

c , Z m if

v 6¼ v0 ;

otherwise:

c in Lemma 1 can be replaced by any ﬁnite Abelian groups G and G, b the character group Remark 1. Zm and Z m of G, respectively. When m ¼ p is a prime. Let g be a ﬁxed primitive root modulo p. For each x 2 Fp , let indðxÞ denote the index (or discrete logarithm) of x to the base g so that gindðxÞ x ðmod pÞ: We add the condition 1 6 indðxÞ 6 p 1 to make the value of index unique. c Fp , the multiplicative characters group of Fp , is exactly equal to the following set: 2pia indðxÞ va jva ðxÞ ¼ exp for all x 2 Fp and a 2 Zp2 : p1 c Fp forms a cyclic group with the principal character v0 ¼ 1 under the multiplication of characters. Lemma 2. Let 1 6 d 6 p 1 and djp 1. Let g be a primitive root of Fp . For 0 6 x < x þ y 6 p 1, the following bound holds: xþy X X j vðg Þ < 2d logð1 þ dÞ; v6¼1 j¼x vd¼1

where v 2 c Fp .

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4823

Proof. For each v 6¼ 1 with vd ¼ 1, we have xþd1 X

vðgj Þ ¼ vðgx Þ

j¼x

d1 X

vðgj Þ ¼ 0:

j¼0

Now the result follows from the proof of [20, Lemma 3].

h

Lemma 3 [25]. Suppose that p is a prime, v is a non-principal multiplicative character modulo p of order d, f ðxÞ 2 Fp ½x has s distinct roots in Fp and it is not a constant multiple of a dth power of a polynomial over Fp . Let y be a real number with 0 < y 6 p. Then any x 2 R: X vðf ðnÞÞ < 9sp1=2 logðpÞ: x
Dl ¼ gdiþl ji ¼ 0; 1; . . . ; f 1 ; l ¼ 0; 1; . . . ; d 1: The cyclotomic sequence S1 ¼ fs1 ; s2 ; . . .g of order d over Zd with respect to the prime p is deﬁned by l; if ½n mod p 2 Dl ; sn :¼ ð1Þ 0; if pjn; for each n P 1, where l ¼ 0; 1; . . . ; d 1. S1 is also called the polyphase (or d-ary) cyclotomic sequence. When d ¼ 2, the cyclotomic sequence deﬁned as above is the Legendre sequence, whose linear complexity has been presented in [16] and pattern distributions in [12]. When d is an odd prime, the linear complexity of the corresponding cyclotomic sequence can be found in [15]. Now we suppose that d > 2 is even in this section. We deﬁne a binary sequence U1 ¼ fu1 ; u2 ; g from the cyclotomic sequence S1 (deﬁned as in (1)) of order d over Zd : ( 0; if 0 6 sn 6 d2 1; un ¼ ð2Þ 1; if d2 6 sn 6 d 1; for each n P 1. Obviously the period of U1 is p. Equivalently, if we set C 0 ¼ D0 [ D1 [ [ Dd21 ; then we have 8 > < 0; if un ¼ 1; if > : 0; if

C 1 ¼ Dd2 [ Dd2þ1 [ [ Dd1

½n mod p 2 C 0 ; ½n mod p 2 C 1 ;

ð3Þ

pjn:

One can deﬁne diﬀerent C 0 ; C 1 to construct diﬀerent binary sequence. For example, if we set d 1 2

C 00

¼

[

d 1 2

D2i ;

i¼0

C 01

¼

[

D2iþ1

i¼0

then a binary sequence can be constructed in a similar way as in (3) with C 00 ; C 01 in place of C 0 ; C 1 . In fact this sequence is the Legendre sequence. Another example is the Hall’s sextic residue sequence (hi),1 which is deﬁned as follows: 1

In this case, d = 6.

4824

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

hi ¼

½i mod p 2 D0 [ D1 [ D3 ;

1;

if

0;

otherwise;

for i P 1. The linear complexity and trace representation of the Hall’s sextic residue sequence are determined in [22,23] respectively. 3.1. Distribution and correlation of U1 Suppose U1 is deﬁned as in (3) and c Fp is the set of all multiplicative characters of Fp . Let n o G¼ v2c Fp jvd ¼ 1 : It is easy to see that G is a cyclic subgroup of c Fp with #G ¼ d. From the deﬁnition of U1 , we have d 1 2 X 1; if ½n mod p 2 C 0 ; 1X j vðnÞvðg Þ ¼ d j¼0 v2G 0; if ½n mod p 2 C 1 ; for any n P 1 with gcdðp; nÞ ¼ 1 by Lemma 1 and Remark 1. Hence for any n P 1 with gcdðp; nÞ ¼ 1, d 1 2 X þ1; if ½n mod p 2 C 0 ; 2X u ð4Þ ð1Þ n ¼ vðnÞvðgj Þ ¼ d j¼0 v2G 1; if ½n mod p 2 C 1 ; where G ¼ G n fv0 }. Theorem 1. Let Up ¼ fu1 ; u2 ; . . . ; up g be a sequence generated as in (3). Then the well-distribution measure of Up satisfies: W ðUp Þ < 36p1=2 logðpÞ logð1 þ dÞ: Proof. According to Eq. (4), for any a; b; t 2 N with 1 6 a 6 a þ ðt 1Þb 6 p, d 1 d 1 X X 2 X X t1 t1 X t1 2 2 X X 2 uaþib j j vða þ ibÞvðg Þ ¼ vðg Þ vða þ ibÞ ð1Þ ¼ d i¼0 j¼0 v2G i¼0 d v2G j¼0 i¼0 d t1 21 X 2 X X j 6 vðg Þ vða þ ibÞ : d v2G j¼0 i¼0 Now by Lemmas 2 and 3, we obtain the desired result.

h

Theorem 2. Let Up ¼ fu1 ; u2 ; . . . ; up g be a sequence generated as in (3). Then the correlation measure of order k of Up holds: C k ðUp Þ < 9k4k p1=2 logk ð1 þ dÞ logðpÞ: Proof. According to Eq. (4), for integers D ¼ ðd 1 ; . . . ; d k Þ and M with 0 6 d 1 < < d k 6 p M, we have 0d 1 2k X X M M Y k 2 1 X X u þu þþunþd k @ vðn þ d j Þvðgi ÞA ¼ k ð1Þ nþd 1 nþd 2 d n¼1 j¼1 i¼0 v2G n¼1 d 1 d 1 M Y k k X 2 2 X X X 2 ¼ k v1 ðgi1 Þ vk ðgik Þ vj ðn þ d j Þ d v1 ;;vk 2G i1 ¼0 ik ¼0 n¼1 j¼1 d 1 d 1 M Y k k X X 2 2 X X X 2 i1 ik ¼ k v1 ðg Þ vk ðg Þ vj ðn þ d j ÞðÞ d v1 2G i1 ¼0 n¼1 j¼1 vk 2G ik ¼0

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4825

We recall that G is a cyclic subgroup of c Fp with #G ¼ d. Suppose w is a generator of G, i.e., the order of w is d. Then for each vj , 1 6 j 6 k, there exists an integer aj 2 ½1; d 1 such that vj ¼ waj . So by Lemma 3 we obtain X X X M Y k M Y k M a1 ak aj vj ðn þ d j Þ ¼ w ðn þ d j Þ ¼ wððn þ d 1 Þ ðn þ d k Þ Þ < 9kp1=2 logðpÞ: n¼1 j¼1 n¼1 n¼1 j¼1 Hence

d 1 d 1 d 1 X X k X X k 2 2 2 X X Y 2k 2 1=2 1=2 i1 ik ij v1 ðg Þ vk ðg Þ ¼ k 9kp logðpÞ vj ðg Þ ðÞ < k 9kp logðpÞ d d v1 2G i1 ¼0 j¼1 vj 2G ij ¼0 vk 2G ik ¼0 d 21 k X X Y 2k 1=2 ij 6 k 9kp logðpÞ vj ðg Þ: d j¼1 vj 2G ij ¼0

We complete the proof by Lemma 2.

h

We note that the construction of Up is an extension of a binary sequence derived from discrete logarithm in [29]. Theorems 1 and 2 indicate that Up forms a ‘‘good’’ (but slightly inferior)2 pseudorandom binary sequence, which is somewhat superior to the sequence in [29]. 3.2. Linear complexity of S1 Ding [15] determined the linear complexity (and minimal polynomials) of the dth order cyclotomic sequences over Zd when d is an odd prime. We recall that the linear complexity proﬁle of a sequence S ¼ fs0 ; s1 ; g over the ring Zd is the function LðS; N Þ deﬁned for every positive integer N, as the least order L of a linear recurrence relation over Zd sn ¼ c1 sn1 þ þ cL snL ; for all L 6 n 6 N 1, which S satisﬁes. We use the convention that LðS; N Þ ¼ 0 if the ﬁrst N elements of S are all zero and LðS; N Þ ¼ N if the ﬁrst N 1 elements of S are zero and sN 1 6¼ 0. The value LðSÞ ¼ sup LðS; N Þ N P1

is called the linear complexity of the sequence S, see for example [3,6]. For the linear complexity of any periodic sequence of period t one easily veriﬁes that LðSÞ ¼ LðS; 2tÞ 6 t. It is desirable to have sequences with large linear complexity for cryptographic applications. Proposition 1 [15]. The dth order cyclotomic sequence S1 ¼ fs1 ; s2 ; . . .g is defined as in (1). If d is an odd prime then the linear complexity LðS1 Þ satisfies ( p 1; if d 62 D0 ; 1 LðS Þ ¼ ðd1Þðp1Þ ; if d 2 D0 : d Theorem 3. The dth order cyclotomic sequence S1 ¼ fs1 ; s2 ; . . .g is defined as in (1). The linear complexity profile LðS1 ; N Þ satisfies N þ1 1: LðS1 ; N Þ P 1 þ 9p1=2 logðpÞ for N < p and any d (prime or composite). Proof. Suppose LðS1 ; N Þ ¼ L and 0 ¼ snþL þ cL1 snþL1 þ cL2 snþL2 þ þ c0 sn 2

A comparison of certain binary sequences constructed in a similar way was made in [5].

4826

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

for all 0 < n 6 N L, where c0 ; c1 ; ; cL1 2 Zd . So 1 ¼ g0 ¼ gsnþL þcL1 snþL1 þcL2 snþL2 þþc0 sn : Let v 2 c Fp be a multiplicative character of order d. From Eq. (1) it is easy to see that vðgsi Þ ¼ vðiÞ: We obtain c

vð1Þ ¼ vðgsnþL þcL1 snþL1 þcL2 snþL2 þþc0 sn Þ ¼ vððn þ LÞðn þ L 1Þ L1 nc0 Þ: Hence we have N L N L X X c vð1Þ ¼ vððn þ LÞðn þ L 1Þ L1 nc0 Þ: n¼1

n¼1

By Lemma 3, N L 6 9ðL þ 1Þp1=2 logðpÞ; we obtain the desired result.

h

The bound in Theorem 3 is of the order of magnitude OðNp1=2 log1 ðpÞÞ. 4. Sequences related to the Jacobi sequences In this section, let p and q be two distinct primes with gcdðp 1; q 1Þ ¼ d and let n ¼ pq, e ¼ ðp 1Þðq 1Þ=d. By the Chinese Remainder Theorem there exists a common primitive root g of both p and q. There also exists an integer x satisfying x gðmod pÞ;

x 1ðmod qÞ:

Since g is a primitive root of both p and q, by the Chinese Remainder Theorem again ordn ðgÞ ¼ lcmðordp ðgÞ; ordq ðgÞÞ ¼ lcmðp 1; q 1Þ ¼ e; where ordm(g) denotes the multiplicative order of g modulo m. The generalized cyclotomic classes of order d with respect to p and q are deﬁned by Di ¼ fgs xi js ¼ 0; 1; . . . ; e 1g; i ¼ 0; 1; . . . ; d 1:

ð5Þ

It is easy to see that Z n ¼

d[ 1

Di ; Di \ Dj ¼ ; for i 6¼ j:

i¼0

We set Q ¼ fq; 2q; . . . ; ðp 1Þqg; Q0 ¼ Q [ f0g; P ¼ fp; 2p; . . . ; ðq 1Þpg: One can deﬁne the d-ary generalized cyclotomic sequence R1 ¼ fr1 ; r2 ; . . .g of order d over Zd with respect to two distinct primes p and q: 8 > < l; if ½i mod n 2 Dl ; l ¼ 0; 1; . . . ; d 1; ð6Þ ri :¼ A; if ½i mod n 2 P ; > : B; if ½i mod n 2 Q0 ; for each i P 1, where A and B are ﬁxed numbers chosen from f0; 1; . . . ; d 1g, each Dl is deﬁned as in (5). R1 is periodic with n ¼ pq. The generalized cyclotomic binary sequence V1 ¼ fv1 ; v2 ; . . .g of order d with respect to the primes p and q is deﬁned by ( 0; if 0 6 ri 6 d2 1 or ri ¼ B; vi ¼ ð7Þ 1; if d2 6 ri 6 d 1 or ri ¼ A;

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4827

for all i P 1. V1 is periodic with period n ¼ pq. If we suppose 0d 1 0 1 d[ 1 21 [ C 0 ¼ Q0 [ @ Di A; C 1 ¼ P [ @ Di A; i¼d2

i¼0

then we have Zn ¼ C 0 [ C 1 ; C 0 \ C 1 ¼ ;: So the binary sequence V1 ¼ fv1 ; v2 ; . . .g deﬁned as in (7) is equivalent to 0; if ½i mod n 2 C 0 ; vi ¼ 1; if ½i mod n 2 C 1 ;

ð8Þ

for all i P 1. We remark that when d ¼ 2, the linear complexity of V1 has been determined in [9], when d ¼ 4, the linear complexity of V1 has been determined in [1]. We also remark that if we deﬁne 0d 1 0d 1 1 1 2 2 [ [ C 00 ¼ Q0 [ @ D2i A; C 01 ¼ P [ @ D2iþ1 A i¼0

i¼0

and wi ¼

0; 1;

if if

½i mod n 2 C 00 ; ½i mod n 2 C 01 ;

for all i P 1, then the sequence (wi) can be expressed as 8 if ½i mod n 2 Q0 ; > < 1; wi 1; if ½i mod n 2 P ; ð1Þ ¼ > : ð i Þð i Þ; if ½i mod n 2 Z : n p q The correlation and linear complexity proﬁle of (wi) have been estimated in [27]. In this section, we always suppose that d > 2 is even. 4.1. Distribution and correlation of V1 c jvðgi Þ ¼ 1; i ¼ 0; 1; . . . ; e 1g. Obviously H is a cyclic subgroup of Z c with #H ¼ d by Let H ¼ fv 2 Z n n [24, Theorem 5.6]. Let H ¼ H n fv0 g. From (8) and by Lemma 1 and Remark 1, for any i P 1 with gcdði; nÞ ¼ 1 d 1 2 X X d; ½i mod n 2 C 0 ; vðiÞvðxj Þ ¼ 0; ½i mod n 2 C 1 : j¼0 v2H Then we have (

d

21 X X

j

vðiÞvðx Þ ¼

j¼0 v2H

d ; 2

½i mod n 2 C 0 ;

d2 ;

½i mod n 2 C 1 ;

for any i P 1 with gcdði; nÞ ¼ 1. Hence we obtain 8 þ1; if ½i mod n 2 Q0 ; > > > > < 1; if ½i mod n 2 P ; v ð1Þ i ¼ d 1 > 2 > > 2 P P vðiÞvðxj Þ; if ½i mod n 2 Z : > n :d j¼0 v2H

ð9Þ

4828

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

c jvðgi Þ ¼ 1; i ¼ 0; 1; . . . ; e 1g. Then Lemma 4. Let g and x be defined as in Section 4 above. Let H ¼ fv 2 Z n the following bound holds: d21 X X j vðx Þ < 2d logð1 þ dÞ: v2H j¼0 Proof. Each v 2 H is a primitive multiplicative character and it can be expressed as v ¼ vp vq , where vp is a character modulo p of order d p > 1 and vq is a character modulo q of order d q > 1. By the deﬁnitions of H and x, we have vðxj Þ ¼ vp ðxj Þvq ðxj Þ ¼ vp ðgj Þ: Hence we obtain d21 d21 X X X X j j ¼ vðx Þ v ðg Þ p < 2d logð1 þ dÞ: vdp ¼1 j¼0 v2H j¼0

vp 6¼1

Lemma 5 [28]. Let p; q be distinct prime numbers and f ðxÞ ¼ al xl þ þ a1 x þ a0 2 Z½x and a 2 Z. Let v be a primitive multiplicative character modulo pq and write v ¼ vp vq , where vp is a character modulo p of order d p > 1 and vq is a character modulo q of order d q > 1. If f(x) is not the constant multiple of the dp-power of a polynomial in Fp ½x and it has sp distinct zeros in Fp , f ðxÞ is not the constant multiple of the dq-power of a polynomial in Fq ½x and it has sq distinct zeros in Fq , then pq X vðf ðiÞÞepq ðaiÞ 6 sp sq p1=2 q1=2 ; i¼1 and X vðf ðiÞÞ 6 sp sq p1=2 q1=2 ð1 þ logðpqÞÞ; X
Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4829

Theorem 5. Let n ¼ pq and Vn ¼ fv1 ; v2 ; . . . ; vn g a sequence defined as in (7). Then the correlation measure of order k of Vn holds: C k ðVn Þ < 4k k 2 n1=2 logk ð1 þ dÞð1 þ logðnÞÞ þ kðp þ q 1Þ: Proof. According to Eq. (9), for integers D ¼ ðd 1 ; ; d k Þ and M with 0 6 d 1 < < d k 6 n M, there are at most kd, where d ¼ p þ q 1, elements mð1 6 m 6 M < nÞ such that at least one number m þ d j 2 P [ Q0 , where 1 6 j 6 k. Hence, we get X X M M vmþd 1 þvmþd 2 þþvmþd k v þv þþv mþd 1 mþd 2 mþd k ð1Þ 6 ð1Þ þ kd m¼1 m¼1 mþd j 2Zn 16j6k 0d 1 M k 21 X Y X 2k X i A @ ¼ k vðm þ d j Þvðx Þ þ kd d m¼1 j¼1 i¼0 v2H d 1 d 1 M Y k 2 2 X X 2k X X ¼ k v1 ðxi1 Þ vk ðxik Þ vj ðm þ d j Þ þ kd d v1 ;;vk 2H i1 ¼0 ik ¼0 m¼1 j¼1 d 1 d 1 M Y k k X X 2 2 X X X 2 ¼ k v1 ðxi1 Þ vk ðxik Þ vj ðm þ d j Þ þ kd ðÞ d v1 2H i1 ¼0 m¼1 j¼1 vk 2H ik ¼0 c with #H ¼ d, let / be a generator of H, i.e., the order of / is d. Then for Since H is a cyclic subgroup of Z n each vj , 1 6 j 6 k, there exists an integer aj 2 ½1; d 1 such that vj ¼ /aj . So by Lemma 5 we obtain X X X M Y k M Y k M a1 ak aj vj ðm þ d j Þ ¼ / ðm þ d j Þ ¼ /ððm þ d 1 Þ ðm þ d k Þ Þ 6 k 2 n1=2 ð1 þ logðnÞÞ: m¼1 j¼1 m¼1 m¼1 j¼1 Hence

d 1 d 1 2 2 X X X X 2k 2 1=2 i1 ik ðÞ 6 k k n ð1 þ logðnÞÞ v1 ðx Þ vk ðx Þ þ kd d v1 2H i1 ¼0 vk 2H ik ¼0 d 1 k X X 2 Y 2k 2 1=2 ij 6 k k n ð1 þ logðnÞÞ vj ðx Þ þ kd d j¼1 vj 2H ij ¼0 d 1 k 2 X X Y 2k 2 1=2 ij 6 k k n ð1 þ logðnÞÞ v ðx Þ j þ kd: d j¼1 vj 2H ij ¼0

Using the bound in Lemma 4, we obtain the desired result.

h

In the most interesting case, when jp qj is small (e.g., when p and q are twin primes), the bound in Theorem 4 is of order of Oðn1=2 logðnÞ logðdÞÞ, the bound in Theorem 5 is of order of Oðn1=2 logðnÞlogk ðdÞÞ. Remark 2. In [2], the generalized cyclotomic classes of order two (i.e., d ¼ 2) are deﬁned by D0 ¼ fg2s ; g2s xjs ¼ 0; 1; . . . ; ðe 2Þ=2g; D1 ¼ fg2sþ1 ; g2sþ1 xjs ¼ 0; 1; . . . ; ðe 2Þ=2g: And the generalized cyclotomic sequence (si) of order two with length pq is deﬁned by 0; ½i mod n 2 D0 ; si ¼ 1; ½i mod n 2 D1 ;

4830

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

for any i 2 Zpq (si is also deﬁned when ijp or ijq in [2]). It is easy to see that for any i 2 Zpq , i ; ð1Þsi ¼ q where is the Legendre symbol. It indicates that the sequence (si) has large autocorrelation for some values, hence it lacks of use although it possesses large linear complexity. 4.2. Linear complexity proﬁle of R1 Theorem 6. The d-ary generalized cyclotomic sequence R1 ¼ fr1 ; r2 ; . . .g of order d is defined as in (6). The linear complexity profile LðR1 ; N Þ satisfies sﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃﬃ 2 ðp þ qÞ N þ1 pþq 1 1 þ 1=2 LðR ; N Þ P 2 n ð1 þ logðnÞÞ 2n1=2 ð1 þ logðnÞÞ 4nð1 þ logðnÞÞ for 1 6 N < n. Proof. The proof is similar to that of Theorem 3. Let LðR1 ; N Þ ¼ L and 0 ¼ riþL þ cL1 riþL1 þ cL2 riþL2 þ þ c0 ri for all 1 6 i 6 N L, where c0 ; c1 ; ; cL1 2 Zd . We note that at least N L ðL þ 1Þðp þ q 1Þ many i 2 f1; 2; . . . ; N Lg satisfy i þ l 2 Zn ; for all l ¼ 0; . . . ; L: c jvðgi Þ ¼ 1; i ¼ 0; 1; . . . ; e 1g, we obtain For such i and each v 6¼ v in H ¼ fv 2 Z 0

0

1 ¼ vðx Þ ¼ vðx

n

riþL þcL1 riþL1 þcL2 riþL2 þþc0 ri

c

Þ ¼ vðði þ LÞði þ L 1Þ L1 ic0 Þ:

Hence we have X N L cL1 c0 vðði þ LÞði þ L 1Þ i Þ P N L ðL þ 1Þðp þ q 1Þ: i¼1 By Lemma 5, we get N L ðL þ 1Þðp þ q 1Þ 6 ðL þ 1Þ2 n1=2 ð1 þ logðnÞÞ: After some simple computation we obtain the desired result.

h

The bound in Theorem 6 is of the order of magnitude OðN 1=2 n1=4 log1=2 ðnÞÞ in the case when jp qj is small. 5. Conclusions Using cyclotomic classes and generalized cyclotomic classes of order d, we have constructed two families of binary sequences with strong pseudo-random properties. That is, we estimate the upper bounds of two important pseudorandom measures, the well-distribution measure and the correlation measure of order k, which is very close to that of ‘‘truely’’ random sequences. In [28] three families of binary sequences are constructed in diﬀerent ways with respect to the primes p and q, which are extensions of the constructions over Fp . It seems that the binary sequence V1 ¼ fv1 ; v2 ; . . .g derived from generalized cyclotomic classes with respect to the primes p and q in Section 4 is somewhat superior to those sequences in [28], since the order k correlation measure of those sequences in [28] is large for some special small values k. For d-ary cyclotomic sequences and d-ary generalized cyclotomic sequences, we have also estimated a lower bound on the linear complexity proﬁle respectively, which is an important cryptographic characteristic of pseudo-random sequences.

Z. Chen et al. / Information Sciences 177 (2007) 4820–4831

4831

Acknowledgements This work was supported by the National Natural Science Foundation of China (No. 60473028). The research of the ﬁrst author was also supported in part by the Natural Science Foundation of Fujian Province of China (No. A0540011) and the Science and Technology Foundation of Putian City (No. 2005S04). The authors wish to thank the anonymous referees for their detailed and very helpful comments and suggestions that improved this article. References [1] E. Bai, X. Fu, G. Xiao, On the linear complexity of generalized cyclotomic sequences of order four over Zpq, IEICE Trans. Fundamentals of Electron. Commun. Comput. Sci. E88–A (1) (2005) 392–395. [2] E. Bai, X. Liu, G. Xiao, Linear complexity of new generalized cyclotomic sequences of order two of length pq, Trans. Inf. Theory 51 (5) (2005) 849–1853. [3] P. Caballero-Gil, A. Fu´ster-Sabater, A wide family of nonlinear ﬁlter functions with a large linear span, Inf. Sci. 164 (1–4) (2004) 197– 207. [4] J. Cassaigne, C. Mauduit, A. Sa´rko¨zy, On ﬁnite pseudorandom binary sequences, VII: the measures of pseudorandomness, Acta Arithm. 103 (2002) 97–118. [5] Z. Chen, S. Li, G. Xiao, Construction of pseudo-random binary sequences from elliptic curves by using discrete logarithm, in: Proc. Int. Conf. Sequences Appl. – SETA’06, LNCS, vol. 4086, Springer-Verlag, Berlin, 2006, pp. 285–294. [6] T.W. Cusick, C. Ding, A. Renvall, Stream Ciphers and Number Theory, Elsevier, Amsterdam, 1998. [7] Z.D. Dai, J.H. Yang, G. Gong, P. Wang, On the linear complexity of generalized Legendre sequences, http://www.cacr.math.uwaterloo.ca/, Technical Reports CORR 2001–34, 2001. [8] Z.D. Dai, G. Gong, H.Y. Song, Trace representation of binary Jacobi sequences, http://www.cacr.math.uwaterloo.ca/, Technical Reports CORR 2002–32, 2002. [9] I. Damga˚rd, On the randomness of Legendre and Jacobi sequences, Adv. Cryptol.: CRYPTO’88, LNCS, vol. 403, Springer-Verlag, Berlin, 1990, pp. 163–172. [10] C. Ding, Binary cyclotomic generators, Fast Software Encrytion, LNCS, vol. 1008, Springer-Verlag, Berlin, 1995, pp. 20–60. [11] C. Ding, Linear complexity of generalized cyclotomic binary sequences of order 2, Finite Fields Appl. 3 (2) (1997) 159–174. [12] C. Ding, New generalized cyclotomy and its applications, Finite Fields Appl. 4 (2) (1998) 140–166. [13] C. Ding, Pattern distributions of Legendre sequences, IEEE Trans. Inf. Theory 44 (4) (1998) 1693–1698. [14] C. Ding, Autocorrelation values of generalized cyclotomic sequences of order two, IEEE Trans. Inf. Theory 44 (4) (1998) 1699–1702. [15] C. Ding, T. Helleseth, On cyclotomic generator of order r, Inf. Process. Lett. 66 (1) (1998) 21–25. [16] C. Ding, T. Helleseth, W. Shan, On the linear complexity of Legendre sequences, IEEE Trans. Inf. Theory 44 (3) (1998) 1276–1278. [17] L. Goubin, C. Mauduit, A. Sa´rko¨zy, Construction of large families of pseudorandom binary sequences, J. Number Theory 106 (1) (2004) 56–69. [18] D.H. Green, P.R. Green, Modiﬁed Jacobi sequences, IEE Proc.: Comput. Digital Tech. 147 (4) (2000) 241–251. [19] D.H. Green, J. Choi, Linear complexity of modiﬁed Jacobi sequences, IEE Proc.: Comput. Digital Tech. 149 (3) (2002) 97–101. [20] K. Gyarmati, On a family of pseudorandom binary sequences, Period. Math. Hungarica 49 (2) (2004) 45–63. [21] J.H. Kim, Trace representation of Legendre sequences, Design, Codes Cryptogr. 24 (3) (2001) 343–348. [22] J.H. Kim, H.Y. Song, On the linear complexity of Hall’s sextic residue sequences, IEEE Trans. Inf. Theory 47 (5) (2001) 2094–2096. [23] J.H. Kim, H.Y. Song, G. Gong, Trace representation of Hall’s sextic residue sequences of period p 7 (mod 8), http:// www.cacr.math.uwaterloo.ca/, Technical Reports CORR 2002–23, 2002. [24] R. Lidl, H. Niederreiter, Finite Fields, Addison-Wesley, Reading, MA, 1983. [25] C. Mauduit, A. Sa´rko¨zy, On ﬁnite pseudorandom binary sequences I: measures of pseudorandomness, the Legendre symbol, Acta Arithm. 82 (1997) 365–377. [26] C. Mauduit, J. Rivat, A. Sa´rko¨zy, Construction of pseudorandom binary sequences using additive characters, Mh. Math. 141 (3) (2004) 197–208. [27] B. Nina, A. Winterhof, Some notes on the two-prime generator of order 2, Trans. Inf. Theory 51 (10) (2005) 3654–3657. [28] J. Rivit, A. Sa´rko¨zy, Modular constructions of pseudorandom binary sequences with composite moduli, Period. Math. Hungarica 51 (2) (2005) 75–107. [29] A. Sa´rko¨zy, A ﬁnite pseudorandom binary sequence, Stud. Sci. Math. Hungarica 38 (1–4) (2001) 377–384.

Jacobi sequences

Jacobi sequences

Recommend Documents