Trace Representations and Multi-rate Constructions of Two Classes of

International Journal of Network Security, Vol.7, No.2, PP.269–272, Sept. 2008

269

Trace Representations and Multi-rate Constructions of Two Classes of Generalized Cyclotomic Sequences Tongjiang Yan1,2 , Xiaoni Du2,3 , Shuqing Li4 , and Guozhen Xiao2 (Corresponding author: Tongjiang Yan)

College of Mathematics and Computational Sciences, China University of Petroleum, Dongying 257061, China.1 ISN National Key Laboratory, Xidian University, Xi’an 710071, China.2 Math. and Inform. Sci., Northwest Normal University, Lanzhou, 730070, China.3 Comp. and Comm. Eng., China University of Petroleum, Dongying, 257061, China.4 (Email: [email protected]) (Received June 28, 2006; revised Nov. 7, 2006, and accepted May 2, 2007)

Abstract In this paper, two classes of generalized cyclotomic sequences of period pq are reconstructed by means of multirate parallel combinations of binary Legendre sequences which are clocked at different rates. Then these generalized cyclotomic sequences can be generated by combinations of short and cheap LFSR’s. From the multi-rate constructions and the trace representation of binary Legendre sequences, we present trace representations of these generalized cyclotomic sequences, which is important to the investigation of cryptographic properties of these sequences. Keywords: Cyclotomic sequence, linear complexity, minimal polynomial, stream cipher

1

Introduction and Preliminaries

pq produce these sequences must be longer than . Our 2 results show that they can be produced by modifying two LFSR’s with length p and q. Section 1 introduces the DGCS and WGCS. In Section 2, Legendre sequence and its trace representation are proposed. In Sections 3 and 4, Multi-rate constructions and trace representations of DGCSs and WGCSs are obtained. ∗ In this paper, ZN denotes the residue ring of N , ZN = n ZN \{0}. GF(N ) is a finite field with N elements. T rm (x) denotes the trace function from GF(pm ) to GF(pn ). Let F be a subset of ZN and a be an element of ZN . Define aF = {af : f ∈ F }.

2

DGCS and WGCS

Let p and q (p < q) be two odd primes with gcd(p − 1, q − 1) = 2. Define N = pq, e = (p − 1)(q − 1)/2. The Chinese Remainder Theorem guarantees that there exists a common primitive root g of both p and q. Then the order of g modulo N is e. Let x be an integer satisfying x ≡ g mod p, x ≡ 1 mod q. Thus we can get a subgroup of the residue ring ZN with its multiplication ([9])

This paper investigates the trace representations and generations of a binary Ding Generalized Cyclotomic Sequence (DGCS) and a binary Whiteman Generalized Cyclotomic Sequence (WGCS) by means of multi-rate parallel combinations of constituent binary Legendre sequences ∗ which are clocked at different rates. These combinations, ZN = {g u xi : u = 0, 1, · · · , e − 1; i = 0, 1}. proposed initially by M. G. Parker ([8]), demonstrate that sequences with large linear complexity can be generated The sets without resorting to linear feedback shift registers (LFSR) e of large length. Trace representation is an important tool Di = {g 2u+i xj : u = 0, 1, · · · , − 1, j = 0, 1} 2 in the investigation of sequences, by which we can yield some properties such as linear complexity, correlation and and distribution of runs. DGCS and WGCS, introduced by Di0 = {g u xi ; u = 0, 1, · · · , e − 1}, C. Ding in 1998 and 1997 respectively, are interesting for pq ) and low au- i = 0, 1, are defined as DGCs and WGCs of order 2 with their large linear complexity (larger than 2 tocorrelation ([1, 2, 4, 5, 6]). Obviously, the LFSR’s to respect to p and q([6, 4]) respectively.

270


Define

and

(p)

Di = {g 2u+i : u = 0, 1, · · · , p−3 2 }, (q) Di = {g 2u+i : u = 0, 1, · · · , q−3 2 }, P = {p, 2p, · · · , (q − 1)p}, Q = {q, 2q, · · · , (p − 1)q}, R = {0}, (p) (q) C1 = qD1 ∪ pD1 ∪ D1 , C10 = P ∪ D10 .

δp (t) =

0, if t ≡ 0 mod p, 1, otherwise.

Theorem 1. Ding generalized cyclotomic sequence s(t) of order 2 with respect to p and q can be constructed by

t t The binary DGCS and binary WGCS of order 2 are des(0) = 0, s(t) = s0q (t)δp (t) + s0q ( ) + s0p ( ). fined respectively as p q 1, if i mod N ∈ C1 , si = (p) (p) Proof. If t ∈ qD1 ∪ qD0 , then s0q ( pt ) = 0, s0q (t) = 0, 0, otherwise, t (p) and δp (t) = 1. So s(t) = s0p ( ). From Lemma 1, D1 = and q 0 1, if i mod N ∈ C1 , (p) (p) si = QN Rp , D0 = QRp . For the case t ∈ qD1 , we have qt ∈ 0, otherwise. (p)

D1 . Then

3

Legendre Sequence and Trace Representation

its

t q

∈ QN Rp . Namely s0p ( qt ) = 1. So we have (p)

(p)

s(t) = 1. For the case t ∈ qD0 , we have qt ∈ D0 . Then t 0 t q ∈ QRp . Namely sp ( q ) = 0. It follows that s(t) = 0. (q)

(q)

If t ∈ pD1 ∪ pD0 , then s0p ( qt ) = 0, and δp (t) = 0. So Let QRp and QN Rp be the sets of quadratic residue and (q) 0 t quadratic nonresidue of prime p respectively. Then QRp + s(t) = sq ( ). From Lemma 1, we have D1 = QN Rq and p ∗ QN Rp = Zp and it follows that (q) (q) (q) D0 = QRq . For the case t ∈ pD1 , we have pt ∈ D1 . Lemma 1. Let the symbols be the same as before. Hence pt ∈ QN Rq , and s0q ( pt ) = 1. Then s(t) = 1. For the (p) (p) (q) (q) D0 = QRp , D1 = QN Rp , D0 = QRq , D1 = QN Rq . case t ∈ pD(q) , we have t ∈ D(q) . So we have t ∈ QR . 0

0

p

q

p

0 t Lemma 2. ([8]) Let x0 , x1 ∈ QRp , y0 , y1 ∈ QN Rp .Then It follows that sq ( p ) = 0. Thus s(t) = 0. x0 y0 , x1 y1 ∈ QN Rp and x0 x1 , y0 y1 ∈ QRp . If t ∈ Di , i = 0, 1, then s0q ( pt ) = s0p ( qt ) = 0, and 0 Legendre sequence sp (t) of period p is defined as fol- δp (t) = 1. So s(t) = sq (t), and there exists t such that t = 2u+i j g x . Since x ≡ 1 mod q, t mod q = g 2u+i xj mod q = lows:  2u+i g mod q. For the case i = 1, t ∈ QN Rq . Thus 1, if t = 0 mod p,    s0q (t) = 1. So we have s(t) = 1. For the case i = 0, 1, if t ∈ QN Rp , sp (t) = 0, if t ∈ QRp , we have t ∈ QRq . Then s0q (t) = 0. We get s(t) = 0. The    theorem is proved. 0, if t is non-integer.

The Witness Set W S(q, n) is the set of all factors of q n − 1 which do not occur as factors of q t − 1, t | n, t 6= n.

By Definition 1 and Theorem 1, we obtain the following Lemma 3. ([8]) The Legendre sequence sp (t) of prime consequence: period p has a minimal trace representation defined by p−1 2v −1

sp (0) = 1, sp (t) =

X

2i T r2na (αu t

u2i k

+α

),

i=0

where k ∈ QRp , t > 0, α is a pth root of 1, p ∈ W S(2, n), α ∈ GF (2n ), n = 2a v, v is odd, and u is a primitive element of Zp . Without loss of generality, k can be chosen as 1.

Theorem 2. The trace representation of the DGCS s(t) of order 2 with respect to primes p and q is given by s(0) = 0 and q−1 2vq −1

s(t) =

P

i=0 u2i kq +αq q ]

u2i t

n

p−1 2vp −1

+

P

i=0

4

Multi-rate Construction and Trace Representation of DGCS

Definition 1. In this paper, we define 0, if t ≡ 0 mod p, 0 sp (t) = sp (t), otherwise,

u2i kq

T r2aqq [(αq q + αq q n

u2i qt

T r2app (αp p

u2i pt

)δp (t) + αq q 2i

+ αup

kp

),

where kp ∈ QRp , kq ∈ QRq , t > 0, αp and αq are pth and q th roots of 1 respectively, p ∈ W S(2, np ), q ∈ W S(2, nq ), αp ∈ GF (2np ), αq ∈ GF (2nq ), np = 2ap vp , nq = 2aq vq . vp , vq are odd, and up , uq are primitive elements of Zp and Zq respectively. Without loss of generality, kp and kq can be chosen as 1.

271


5

Multi-rate Construction and Trace Representation of WGCS

If t ∈ P , then there exists integer m such that t = mp mp and δp (t) = 0, sp ( ) = 0. Thus q

mp A Modified Jacobi sequence {s(t)} of period pq for t = s(mp) = sq (mp) + sp ( ) + sq (m) = sq (mp) + sq (m). 0, 1, 2, · · · , pq − 1 is given by: q   From Lemma 2, for the case p ∈ QN Rq , sq (mp)+sq (m) =  0, if t = 0 mod pq,    0, if t ∈ (QN Rp ∩ QN Rq ) ∪ (QRp ∩ QRq ), 1. So s(mp) = 1. 1, if t ∈ (QRp ∩ QN Rq ) ∪ (QN Rp ∩ QRq ), s(t) =   Lemma 3 and Theorem 3 yield the following conse 0, if t 6≡ 0 mod p and t ≡ 0 mod q,   quence: 1, if t 6≡ 0 mod q and t ≡ 0 mod p. A WGCS of order 2 is actually a special case of Mod- Theorem 4. A Whiteman generalized cyclotomic seified Jacobi sequences where gcd(p − 1, q − 1) = 2. The quence on the residue ring Zpq has a trace representation as follows: fact is proved as the following: If q ∈ QN Rp , and p ∈ QN Rq , s(0) = 0, Since x ≡ g mod p, x ≡ 1 mod q, we have g u xj mod p = g u+j mod p, g u xj mod q = g u mod q.

P p−1 2vp −1

u2i t

n

u2i kp

T r2app [(αp p + αp p

)δp (t) i=0 t u2i u2i p q p kp If t ∈ D00 , then t = g u mod p, which is equivalent to +αp + αp ] t ∈ QN Rp ∩ QN Rq if u is odd and t ∈ QRp ∩ QRq if u is P q−1 u2i t u2i t 2vq −1 nq + i=0 T r2aq (αq q + αq q p ). even. If t ∈ D10 , then t = g u+1 mod p, which is equivalent to t ∈ QRp ∩ QN Rq if u is odd and t ∈ QN Rp ∩ QRq if u is even. It is obvious that t ∈ P if and only if t 6≡ 0 mod q If q ∈ QRp and p ∈ QRq , s(0) = 0, and t ≡ 0 mod p, and t ∈ Q if and only if t 6≡ 0 mod p P p−1 u2i t u2i t 2vp −1 n and t ≡ 0 mod q. T r2app (αp p + αp p q ) s(t) = i=0 P q−1 u2i t u2i kq 2v −1 n T r2aqq [(αq q + αq q )δq (t) + i=0q Theorem 3. Whiteman generalized cyclotomic sequence u2i t u2i kq s(t) of order 2 with respect to p and q can be constructed +αq q p + αq q ]. by the following: If q ∈ QN Rp and p ∈ QN Rq , then If q ∈ QRp and p ∈ QN Rq , s(0) = 0, t t s(t) = sp (t)δp (t) + sq (t) + sp ( ) + sq ( ). q p If q ∈ QRp and p ∈ QRq , then t t s(t) = sp (t) + sq (t)δq (t) + sp ( ) + sq ( ). q p If q ∈ QRp and p ∈ QN Rq , then t t s(t) = sp (t)δp (t) + sq (t)δq (t) + sp ( ) + sq ( ). q p If q ∈ QN Rp and p ∈ QRq , then t t s(t) = sp (t) + sq (t) + sp ( ) + sq ( ). q p

s(t) =

s(t) =

P p−1 2vp −1 i=0 u2i t +αp p q

+

u2i t

n

u2i kp + αp p ] P q−1 2vq −1 nq

u2i t

)δp (t)

u2i kq

T r2aq [(αq q + αq q

i=0

u2i t +αq q p

u2i kp

T r2app [(αp p + αp p

+

)δq (t)

u2i kq αq q ].

If q ∈ QN Rp and p ∈ QRq , s(0) = 0, s(t) = +

P p−1 2vp −1

n

u2i t

u2i t

n

u2i t

u2i

i=0

T r2app (αp p + αp p q )

i=0

T r2aqq (αq q + αq q p ).

P q−1 2vq −1

t

where αp and αq are pth and q th roots of 1 respectively, p ∈ W S(2, np ), q ∈ W S(2, nq ), αp ∈ GF (2np ), αq ∈ GF (2nq ), np = 2ap vp , nq = 2aq vq . vp , vq are odd, and Proof. We prove only the case that q ∈ QN Rp and p ∈ up , uq are primitive elements of Zp and Zq respectively. QN Rq . The other cases can be proved similarly. Without loss of generality, kp and kq can be chosen as 1. It is obvious that the theorem is right for position t, gcd(t, pq) = 1. Remark 1. Let n = lcm(np , nq ), αp = β q , αq = β p , If t ∈ Q, then there exists integer k such that t = kq where β is a pq th root of 1 in GF(2n ). We can get trace t representations of a DGCS and a WGCS from the extenand δp (t) = 1, sq (t) = 1, sq ( ) = 0, Thus p sion field GF(2n ). kq ) = sp (kq)+sp (k)+1. Remark 2. Since a WGCS is a special Modified Jacobi p sequence, the multi-rate construction and trace represenFrom Lemma 2, for the case q ∈ QN Rp , sp (kq) + sp (k) = tation of it were actually given by other types in [7] and [3] respectively. 1. It follows that s(kq) = 0. s(kq) = sp (kq)+sq (kq)+sp (k)+sq (


272

Acknowledgments

Tongjiang YAN is a lecturer of China University of Petroleum. He received his Dr. degree in cryptography This work was supported by the China University of from the Xidian University, Xi’an, China, in 2007. His Petroleum Doctor Foundation (Y080806) and the Science research interests include cryptography and algebra. He and Research Foundation (Y080803). The authors wish has published 10 scientific papers. to thank two referees for their comments that improved the readability of this paper. Xiaoni Du is a lecturer of Northwest Normal University, Lanzhou, China. She received her M. S degree in algebra from the Lanzhou University, Lanzhou, References China, in 1997. Her research interests include cryptog[1] E. Bai, X. Liu, and G. Xiao, “Linear complexity of raphy and algebra. She has published 10 scientific papers.

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

new generalized cyclotomic sequences of order two of length pq,” IEEE Transactions on Information Theory, vol. 51, no. 5, pp. 1849-1854, 2005. E. Bai, X. Fu, and G. Xiao, “On the linear complexity of generalized cyclotomic sequences of order four over Zpq ,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E88-A, no. 1, pp. 392-395, 2005. Z. Dai, G. Gong, and H. Song, “Trace representation of binary Jacobi sequences,” ISIT 2003, pp. 379, 2003. C. Ding, “Linear complexity of generalized cyclotomic binary sequence of order 2,” Finite Fields and Their Applications, vol. 3, pp. 159-174, 1997. C. Ding, “Autocorrelation values of generalized cyclotomic sequences of order two,” IEEE Transactions on Information Theory, vol. 44, no. 5, pp. 1699-1702, 1998. C. Ding, and T. Helleseth, “New generalized cyclotomy and its application,” Finite Fields and Their Application, vol. 4, pp. 140-166, 1998. D. H. Green, P. R. Green, “Modified Jacobi sequences,” Computers and Digital Techniques, vol. 147, no. 4, pp. 241-251, 2000. M. G. Parker, Legendre and Twin-Prime Sequences: Trace and Multi-Rate Representaion, 1999. (www.ii.uib.no/mattew/MattWeb.html) T. Storer, Cyclotomy and Difference Set, Chicago: Markham, 1967.

Guozhen XIAO is now a professor and Ph. D. advisor of cryptography in Xidian University, Xi’an, China. He received the M. S. degree in mathematics from the East China Normal University, Shanghai, in 1956. Now his research interests include cryptography, coding and information theory. He has published 50 scientific papers.