The linear complexity of binary sequences of length 2p with optimal three-level autocorrelation

The linear complexity of binary sequences of length 2p with optimal three-level autocorrelation

Information Processing Letters 116 (2016) 153–156 Contents lists available at ScienceDirect Information Processing Letters www.elsevier.com/locate/i...
Download PDF
240KB Sizes 0 Downloads 37 Views
Report

Information Processing Letters 116 (2016) 153–156

Contents lists available at ScienceDirect

Information Processing Letters www.elsevier.com/locate/ipl

The linear complexity of binary sequences of length 2p with optimal three-level autocorrelation V. Edemskiy ∗ , A. Palvinskiy Department of Applied Mathematics and Informatics, Novgorod State University, Veliky Novgorod, Russia

a r t i c l e

i n f o

Article history: Received 1 March 2015 Received in revised form 10 August 2015 Accepted 15 September 2015 Available online 25 September 2015 Communicated by S.M. Yiu

a b s t r a c t In this paper we derive the linear complexity of binary sequences of length 2p with optimal three-level autocorrelation. These almost balanced and balanced sequences are constructed by cyclotomic classes of order four using a method presented by Ding et al. We investigate the linear complexity of above-mentioned sequences over the finite fields of different orders. © 2015 Elsevier B.V. All rights reserved.

Keywords: Cryptography Linear complexity Binary sequences

1. Introduction Autocorrelation is an important measure of pseudorandom sequence for their application in code-division multiple access systems, spread spectrum communication systems, radar systems and so on [5]. An important problem in sequence design is to find sequences with optimal autocorrelation. In their paper, Ding et al. [3] give several new families of binary sequences of period 2p with optimal autocorrelation {−2, 2}. These sequences have also been referred to as generalized cyclotomic sequences. The linear complexity is another important characteristic of pseudo-random sequence significant for cryptographic applications. It is defined as the length of the shortest linear feedback shift register that can generate the sequence [8]. The linear complexity of above-mentioned sequences over the finite field of order two was investigated in [11] (see also references therein). Also, the linear complexity of several cyclotomic sequences of length p was derived in [1,2] over the finite field F p and Legendre sequences over Fq in [10].

*

Corresponding author. Tel.: +78162629972; fax: 78162624110. E-mail address: [email protected] (V. Edemskiy).

http://dx.doi.org/10.1016/j.ipl.2015.09.007 0020-0190/© 2015 Elsevier B.V. All rights reserved.

In this paper we derive the linear complexity of binary sequences of length 2p from [3] over the finite field of odd characteristic q, q = p in Section 3 and q = p in Section 4. We show the linear complexity of these sequences to be high for any length. 2. The definition of sequences First, we briefly repeat the basic definitions from [3]. Let p be a prime of the form p ≡ 1(mod 4), and let θ be a primitive root modulo p [7]. By definition, put D 0 = {θ 4s mod p ; s = 1, . . . , ( p − 1)/4} and D n = θ n D 0 , n = 1, 2, 3. Then D n are cyclotomic classes of order four [6]. The ring residue classes Z2p ∼ = Z2 × Z p relative to isomorphism φ(a) = (a mod 2, a mod p ) [7]. Ding et al. considered sequences defined as



if i mod 2p ∈ C ; (1) if i mod 2p ∈ / C,   for C = φ −1 {0} × ( D k ∪ D j ) ∪ {1} × ( D l ∪ D j ) where i , j, si =

1, 0,

and l are pairwise distinct integers between 0 and 3, also for C (0) = C ∪ {0} [3]. By [3], if {si } have an optimal autocorrelation value then p ≡ 5( mod 8) and p = 1 + 4 y 2 or p = x2 + 4, y = 1.

154

V. Edemskiy, A. Palvinskiy / Information Processing Letters 116 (2016) 153–156

Here x, y are integers and x ≡ 1( mod 4). In what follows, we will consider only these p. To begin with, we give another definition of the sequence {si }. It is known that if g is an odd number in the pair θ , θ + p, then g is a primitive root modulo 2p [7]. By definition, put H 0 = { g 4s mod 2p ; s = 1, . . . , ( p − 1)/4}. Denote by H n a set g n H 0 , n = 1, 2, 3. Further, we will consider the indices of H n modulo 4. Since p ≡ 5( mod8), it follows that indθ 2 ≡ 1( mod4) or indθ 2 ≡ 3(mod4) [7]. If indθ 2 ≡ 1(mod4) then indθ −1 2 ≡ 3(mod4). Hence, without loss of generality, we can assume that indθ 2 ≡ 3( mod4). We choose indθ 2 ≡ 3( mod4) because below we will investigate the sequences for y = 1. Lemma 1.

1, 0,

if

L = 2p − min{ j : S ( j ) (1) = 0}

− min{ j : S ( j ) (−1) = 0}

(3)

2p −1

where S (x) = i =0 si xi is the polynomial of {si }. By definition S (1) = p − 1. Further, by (2) and by Lemma 1 we obtain

+



xi + x p



xi

i∈ Hk

  i

2p

x mod (x

 − 1) .

(4)

i∈ Hl

Therefore, since

i mod 2p ∈ 2H k−3 ∪ 2H j −3 ∪ Hl ∪ H j ; else.

if

Proof. In this case, by Günther–Blahut theorem we have

i∈ H j

Lemma 1 follows from our definitions. So, if {si } is defined by (1) then

si =

Theorem 4. Let the almost   balanced binary sequences {si } be defined by (1) for C = φ −1 {0} × ( D k ∪ D j ) ∪ {1} × ( D l ∪ D j ) . Then L = (7p + 1)/4.

S (x) ≡ (x p + 1)

(i) φ −1 ({0} × D n ) = 2H n−3 , n = 0, . . . , 3; (ii) φ −1 ({1} × D n ) = H n , n = 0, . . . , 3; (iii) 2H n−3 = H n + p, n = 0, . . . , 3.



Our first contribution in this paper is the following.

(n)

(2)

 i∈ Hm

xi

(n)

(n)

= F m (x) by definition of

F m (x), it follows that



(n)

(n)

S (n) (±1) = (x p + 1) F j (x) + x p F k (x)

 + F l(n) (x) x=±1 .

3. The linear complexity of sequences over F p r

(5)

First of all, we derive the linear complexity of {si } for q = p. In this case we use Günther–Blahut theorem (see, for example [9]).

So, by Lemma 3 we see S (n) (−1) = 0 if 0 ≤ n ≤ ( p − 5)/4 and S (( p −1)/4) (−1) = 0. Then the conclusion of this theorem follows from (3). 2

Lemma 2. Let 0 ≤ m ≤ 3 and d = m( p − 1)/4. Then

Theorem 5. Let the balanced binary sequences {si } be defined by (1) for C (0) = C ∪ {0}. Then L = (7p + 1)/4.





in =

i∈ Hm

0, if 1 ≤ n ≤ ( p − 5)/4, g d ( p − 1)/4, if n = ( p − 1)/4.

Proof. By definition of H m we have



g d ( p − 1)/4. Suppose n < ( p − 1)/4; denote

i∈ Hm



i ( p −1)/4 =

i∈ H

in by A.

3 0 Since j = 0, it follows that 0 = in = j =1  t =0 n i ∈ H t 4n n A ( g − 1)/( g − 1). Hence, A = 0 and i ∈ H m i = 0. 2  p −1

n

introduce the auxiliary polynomials F m (x) =  Let us i i∈ Hm

x.

(n)

Lemma 3. Let F m (x) be a formal derivative of order n of the polynomial F m (x). Then



(n)

F m (±1) =

0, if 1 ≤ n ≤ ( p − 5)/4, g d ( p − 1)/4, if n = ( p − 1)/4.

(x) and T (x) = xT Proof. Let T 1 (x) = xF m n n−1 (x), n = 2,  3, . . . . Then T n (±1) = ± i ∈ H m in , n = 1, 2, . . . , and by Lemma 2 T n (±1) = 0 if 1 ≤ n ≤ ( p − 5)/4; T ( p −1)/4 (±1) = ± g d ( p − 1)/4. To conclude the proof, it remains to note that by definin−1 ( j) n (n) tion T n (x) = j =1 a j (x) F m (x) + x F m (x), where a j (x) are polynomials. 2

Proof. Let S 0 (x) be the polynomial of {si } defined by (1) for C (0) = C ∪ {0}. Then S 0 (x) = S (x) + 1 where S (x) satisfies (4). Therefore, using (5), we can write S (n) (1) = 0 if 0 ≤ n ≤ ( p − 5)/4, S (( p −1)/4) (1) = 0 and S (−1) = 0. Then the conclusion of this theorem follows from (3). 2 The results of computing the linear complexity by Berlekamp–Massey algorithm when p = 5, 37, 101, 197, 677 (x = 1) and p = 5, 13, 29, 53, 173, 229, 293 ( y = 1) confirm Theorems 4 and 5. 4. The linear complexity of sequences over F qr for q = p Now we derive the linear complexity of {si } over Fqr for q = p. Let α be a primitive 2p-th root of unity in the extension of the field Fqr . Then by Blahut’s theorem for the linear complexity L of the sequence {si } we have

   

 

L = 2p −  i  S (α i ) = 0, i = 0, 1, . . . , 2p − 1  .

(6)

Let us derive L using the procedure proposed in [4]. In the next subsections we consider the values S (α i ), i = 0, 1, . . . , 2p − 1. But first we need to prove intermediate lemmas.

V. Edemskiy, A. Palvinskiy / Information Processing Letters 116 (2016) 153–156

4.1. Auxiliary lemmas introduce the auxiliary polynomial S 4 (x) =  Let us i i∈ H 0

x.

1, 2, 3, and m = 0, 1, 2, 3; Lemma 6. (i) Let f ∈ H n , n = 0, then





−S4 α 

i∈ Hm

g m+n+3

α

= S4 α

fi





and

;

(ii) Let f ∈ 2H n ; then



i ∈2H m

g m+n

α f i = −S4 α g



m+n+2

i ∈2H m



i∈ Hm



α f i = −S4 α g

α

m+n+3

=

fi

Now with the help of Lemma 8 and (8) we will obtain n the equations for the values of S 4 (α g ). Theorem 9. Let p ≡ 5( mod8). Then: (i) S 2 (α ) and S 2 (α g ) satisfy the equation z2 − z − ( p − 1)/4 = 0; 2

(ii) S 4 (α ) and S 4 (α g ) are roots of the equation



v 2 − S 2 (α ) v − (x − 1)/4S 2 (α )

and

+ (3p − 1 + 2x)/16 = 0;

.

(9)

3

(iii) S 4 (α g ) and S 4 (α g ) satisfy the equation

Lemma 6 follows from our definitions and Lemma 1. Farther, since α p = −1, it follows that

u 2 − S 2 (α g )u + (x − 1)/4S 2 (α )

+ (3p + 3 − 2x)/16 = 0.

α + α 3 + · · · + α p−2 + α p+2 + · · · + α 2p−1 = 1. From Lemma 6 we get 2

3

S 4 (α ) + S 4 (α g ) + S 4 (α g ) + S 4 (α g ) = 1.

(7)

Lemma 7. Let a binary sequence {si } be defined by (1). Then (i) S (α f ) = S 4 (α g

n+l

k+n

) − S 4 (α g ) if f ∈ H n ; n+m+3 j +n+3 ) − S 4 (α g ) if f ∈ 2H n . (ii) S (α f ) = −1 + S 4 (α g Here m ∈ {0, 1, 2, 3} \ {k, j , l}. Proof. By (2) and Lemma 1 we have that

S (α f ) =

155



αfi +

i ∈2H k−3



αfi +

i ∈2H j −3



αfi +

i∈ H j



α f i.

i∈ Hl

Then the conclusion of this lemma follows from Lemma 6 and (7). 2 i

So, in order to determine the values of S (α ) it is suffin cient to find S 4 (α g ), n = 0, 1, 2, 3, which we will investigate in the next subsection. 4.2. Properties of the polynomial S 4 (x) Let F m = H m ∪ H m+2 , m = 0, 1, and S 2 (x) = definitions, (7) and Lemma 6, we have n

n

S 2 (α g ) = S 4 (α g ) + S 4 (α g

n +2



i∈ F 0

xi . By

n = 0, 1 and S 2 (α ) + S 2 (α g ) = 1.

(8)

Let (m, n)d be cyclotomic numbers of order d [6]. The following statement is a generalization of Theorem 1 from [4].

(i) S 2 (α ) S 2 (α g ) = −(1, 0)2 S 2 (α ) − (1, 1)2 S 2 (α g ); n n+2 n (ii) S 4 (α g ) S 4 (α g ) = −(0, 0)4 S 2 (α g ) − n+1 (1, 0)4 S 2 (α g ) + ( p − 1)/4, n = 0, 1; n+1

Theorem 9 defines systems of equations for the values n S 4 (α g ), n = 0, 1, 2, 3. Corollary 10. Let p = x2 + 4 y 2 and x = 1 or y = 1. (i) if roots of the equation (9) or (10) are equal then p ≡ 1( mod q); (ii) if w , w + 1 are roots of the equation (9) or (10) then p 2 + 3p + 4 ≡ 0( mod q); (iii) if y = 1, w is a root of the equation (9) and w + 1 is a root of (10) then p ≡ 1(mod q) or p ≡ 4(mod q) or p 2 + 3p + 4 ≡ 0( mod q).

First of all, we consider the case when p ≡ 5( mod 8) and p = 1 + 4 y 2 . Then {si } have optimal autocorrelation iff (k, j , l) = (0, 1, 2), (1, 0, 3) [3]. Theorem 11. Let {si } be defined by (1) for (k, j , l) = (0, 1, 2), (1, 0, 3) and x = 1. Then

Lemma 8. Let p ≡ 5( mod8). Then:

n

Proof. (i) Since (1, 0)2 = (1, 1)2 = ( p − 1)/4 for p ≡ 1 (mod 4) [6], it follows from Lemma 8 that S 2 (α ) S 2 (α g ) = −( p + 1)/4. (ii) In this case (0, 0)4 = ( p − 7 + 2x)/16 and (1, 0)4 = ( p − 3 − 2x)/16 [6]. Hence, −(0, 0)2 S 2 (α ) − (1, 0)2 S 2 (α g ) + ( p − 1)/4 = −(x − 1)/4S 2 (α ) + (3p − 1 + 2x)/16. The conclusion of this case then follows from Lemma 8 and (8). 3 (iii) By (8) we have that S 4 (α g ) + S 4 (α g ) = S 2 (α g ). 3 Further, by Lemma 8 it follows that S 4 (α g ) S 4 (α g ) = g −(0, 0)2 S 2 (α ) −(1, 0)2 S 2 (α ) +( p − 1)/4. Using the abovementioned formulas for the cyclotomic numbers, we ob3 tain that S 4 (α g ) S 4 (α g ) = (x − 1)/4S 2 (α ) + (3p + 3 − 2x)/16. The proposition (iii) is now established. 2

4.3. The results of computing the linear complexity of sequences over Fqr

),

(iii) S 4 (α g ) S 4 (α g ) = −t 2 −(t + 1) S 4 (α g for p = 16t 2 + 8t + 5, n = 0, 1, 2, 3.

(10)

n+2

) − t S 4 (α g



L= n+3

)

3( p − 1)/2, (7p − 3)/4, 2p − 1,

if p ≡ 1( mod q); if p : p 2 + 3p + 4 ≡ 0( mod q); else.

Proof. We consider the case when (k, j , l) = (0, 1, 2). Suppose f ∈ H n and S (α f ) = 0; then by Lemma 7 we obtain

156

V. Edemskiy, A. Palvinskiy / Information Processing Letters 116 (2016) 153–156 2+n

n

that S 4 (α g ) = S 4 (α g ). Hence, by Corollary 10 we have p ≡ 1( mod q). On the other hand, if p ≡ 1( mod q) then by Theorem 9 2 3 S 4 (α ) = S 4 (α g ) = 1/2 and S 4 (α g ) = 1/2, S 4 (α g ) = −1/2 (or vice versa). So, by Lemma 7 we have

Theorem 14. Let {si } be defined by (1) for C (0) = C ∪ {0} and (k, j , l) = (0, 1, 3), (0, 2, 3), (1, 2, 0), (1, 3, 0), and y = 1. Then⎧ 2

|{i : S (α i ) = 0, i ∈ Z∗2p }|  0, if p ≡ 1( mod q); = ( p − 1)/2, if p ≡ 1( mod q).

The results of direct computing of the linear complexity by Berlekamp–Massey algorithm for 3 ≤ q ≤ 81, 5 ≤ p ≤ 733 and other values confirm the results of Theorems 11–14.

Let now i ∈ 2H n and S (α i ) = 0. In this case by Lemma 7 2+n n we see that S 4 (α g ) − S 4 (α g ) = 1. Hence, by Corollary 10 p 2 + 3p + 4 ≡ 0( mod q). Further, if p 2 + 3p + 4 ≡ 0( mod q) then numbers ( p + 3)/2 and −( p + 1)/2 are roots of the equation y 2 − y − ( p − 1)/4 = 0. Without loss of generality, we can take 2

S 2 (α ) = −( p + 1)/2. So, by Theorem 9 S 4 (α ), S 4 (α g ) are roots of the equation u 2 + ( p + 1)/2u + (3p + 1)/16 = 0 3

and S 4 (α g ) = ( p + 1)/4, S 4 (α g ) = ( p + 5)/4. From this we can establish by Lemma 7 that

|{i : S (α i ) = 0, i ∈ 2Z∗2p }|  0, if p : p 2 + 3p + 4 ≡ 0( mod q); = ( p − 1)/4, if p : p 2 + 3p + 4 ≡ 0( mod q). To conclude the proof, it remains to note that S (1) = p − 1, S (−1) = 0. The case when (k, j , l) = (1, 0, 3) may be investigated similarly. 2 Now we consider computing the linear complexity of balanced binary sequence with optimal autocorrelation value. Theorem 12. Let {si } be defined by (1) for C (0) = C ∪ {0} and (k, j , l) = (0, 1, 2), (0, 3, 2), (1, 0, 3), (1, 2, 3) and x = 1. Then



L=

(3p + 1)/2, (7p + 1)/4, 2p ,

if p ≡ 1( mod q); if p : p 2 + 3p + 4 ≡ 0( mod q); else.

Theorem 12 may be proved similarly as Theorem 11. Our examples q = 3, p = 37; q = 5, p = 101, and q = 7, p = 37; q = 11, p = 5, and q = 3, p = 5; q = 5, p = 57 show that all the cases of Theorems 11 and 12 are possible. Now, let p = x2 + 4. In this case x = 1 + 4t and p = 16t 2 + 8t + 5. Theorems 13 and 14 may be proved similarly as Theorem 11. Theorem 13. Let {si } be defined by (1) for (k, j , l) = (0, 1, 3), (0, 2, 1) and y = 1. Then



L=

7( p − 1)/4, (7p − 3)/4, 2p − 1,

if p ≡ 1( mod q); if p 2 + 3p + 4 ≡ 0( mod q); else.

L=

⎨ (7p + 1)/4, ⎩

2p ,

if p ≡ 1( mod q) or p + 3p + 4 ≡ 0( mod q); else.

5. Conclusion We derive the linear complexity of binary sequences of length 2p with optimal three-level autocorrelation over the finite fields of different orders. These almost balanced and balanced sequences are constructed by cyclotomic classes of order four using a method presented by Ding et al. We show the linear complexity of considered sequences to be high for all values of p. Acknowledgements The authors acknowledge the patient referees for their valuable and constructive comments which helped to improve this work. This work was supported by the Ministry of Education and Science of the Russian Federation as a part of statesponsored project no 1.949.2014/K. References [1] H. Aly, A. Winterhof, On the k-error linear complexity over F p of Legendre and Sidelnikov sequences, Des. Codes Cryptogr. 40 (2006) 369–374. [2] H. Aly, W. Meidl, A. Winterhof, On the k-error linear complexity of cyclotomic sequences, J. Math. Cryptol. 1 (2007) 1–14. [3] C. Ding, T. Helleseth, H. Martinsen, New families of binary sequences with optimal three-level autocorrelation, IEEE Trans. Inf. Theory 47 (2001) 428–433. [4] V.A. Edemskii, On the linear complexity of binary sequences on the basis of biquadratic and sextic residue classes, Discrete Appl. Math. 20 (1) (2010) 75–84, translation from Diskretn. Mat. 22 (4) (2010) 74–82. [5] S.W. Golomb, G. Gong, Signal Design for Good Correlation: For Wireless Communications, Cryptography and Radar Applications, Cambridge University Press, 2005. [6] M. Hall, Combinatorial Theory, Wiley, New York, 1975. [7] K. Ireland, M. Rosen, A Classical Introduction to Modern Number Theory, Springer, Berlin, 1982. [8] R. Lidl, H. Niederreiter, Finite Fields, Addison-Wesley, 1983. [9] J.L. Massey, S. Serconek, Linear complexity of periodic sequences: a general theory, in: Advances in Cryptology, Crypto’96, in: Lect. Notes Comput. Sci., vol. 1109, Springer, 1996, pp. 358–371. [10] Q. Wang, D. Lin, X. Guang, On the linear complexity of Legendre sequences over F q , IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 97-A (7) (2014) 1627–1630. [11] J. Zhang, C. Zhao, The linear complexity of a class of binary sequences with period 2p, Appl. Algebra Eng. Commun. Comput. (09 May 2015), http://dx.doi.org/10.1007/s00200-015-0261-8.