On error linear complexity of new generalized cyclotomic binary sequences of period p2

https://doi.org/10.1016/j.ipl.2018.08.006Get rights and content

Highlights

  • We study a family of binary generalized cyclotomic sequences with period p2 that was introduced recently by Z. Xiao, X. Zeng, C. Li, T. Helleseth.

  • We determine the values of k-error linear complexity of the new sequences, and the results indicate that such sequences have good stability.

  • The theory of Fermat quotients is a crucial tool in our proofs.

Abstract

We consider the k-error linear complexity of a new generalized cyclotomic binary sequence of period p2 for an odd prime p. The new sequences were introduced recently by Z. Xiao, X. Zeng, C. Li and T. Helleseth by defining a new kind of generalized cyclotomic classes modulo p2. They proved that the sequences had large linear complexity. In this work, we determine the values of the k-error linear complexity in terms of the theory of Fermat quotients. The results indicate that such sequences have good stability, that is, the linear complexity does not significantly decrease by changing a few terms.

Introduction

The theory of cyclotomy is widely adopted in cryptography. A typical application is the design of pseudorandom sequences. By defining the (generalized) cyclotomic classes modulo an integer, it can design a family of pseudorandom sequences with desired cryptographic features. The classical examples are the Legendre sequences that derived from cyclotomic classes modulo an odd prime and the Jacobi sequences that derived from generalized cyclotomic classes modulo a product of two odd distinct primes. Attention is also paid to the generalized cyclotomic classes modulo a general number (such as a prime-power) in the literature. Such sequences include the Hall' sequence of length p, the Ding–Helleseth–Lam sequence of length p, Ding–Helleseth generalized cyclotomic sequence of length pq, and generalized cyclotomic sequences of length pr or length N (a general number). The cryptographic measures-autocorrelation, crosscorrelation, linear complexity, trace representation are considered for such kind sequences. See the related works such as [2], [9], [10], [12], [15], [17], [20], [22], [23], [24] and the references therein.

Recently, a new family of binary sequences were introduced by Xiao, Zeng, Li and Helleseth [21] by defining the generalized cyclotomic classes modulo p2 for odd prime p. Now we introduce the generalized cyclotomic classes modulo p2.

Let p1=ef and g be a primitive root1 modulo p2. The generalized cyclotomic classes for 1j2 is defined byD0(pj,f){gkfpj1(modpj):0k<e} andDl(pj,f)glD0(pj,f)={glgkfpj1(modpj):0k<e},1l<fpj1. Then the authors of [21] chose even f and an integer bZ:0b<fp to define a new p2-periodic binary sequence (sn):sn={0,ifn(modp2)C0,1,ifn(modp2)C1, whereC0=i=f/2f1pDi+b(modf)(p,f)i=pf/2pf1Di+b(modpf)(p2,f) andC1=i=0f/21pDi+b(modf)(p,f)i=0pf/21Di+b(modpf)(p2,f){0}. The notation pDj(p,f) above means that pDj(p,f)={pv:vDj(p,f)}. They determined the linear complexity (see below for the notion) of the proposed sequences (sn) for f=2r for some integer r1.

Theorem 1

([21, Thm. 1]) Let (sn) be the binary sequence of period p2 defined in Eq. (1) with f=2r (integer r>0) and any b for defining C0 and C1. If 2(p1)/f1(modp2), then the linear complexity of (sn) isLCF2((sn))={p2(p1)/2,if2D0(p,f),p2,if2D0(p,f).

The linear complexity is an important cryptographic characteristic of sequences and provides information on the predictability and thus unsuitability for cryptography. Here we give a short introduction of the linear complexity of periodic sequences. Let F be a field. For a T-periodic sequence (sn) over F, we recall that the linear complexity over F, denoted by LCF((sn)), is the least order L of a linear recurrence relation over Fsn+L=cL1sn+L1++c1sn+1+c0snforn0, which is satisfied by (sn) and where c00,c1,,cL1F. LetS(X)=s0+s1X+s2X2++sT1XT1F[X], which is called the generating polynomial of (sn). Then the linear complexity over F of (sn) is computed byLCF((sn))=Tdeg(gcd(XT1,S(X))), see, e.g. [8] for details.

For a sequence to be cryptographically strong, its linear complexity should be large, but it's not significantly reduced by changing a few terms. This directs to the notion of the k-error linear complexity. For integers k0, the k-error linear complexity over F of (sn), denoted by LCkF((sn)), is the smallest linear complexity (over F) that can be obtained by changing at most k terms of the sequence per period, see [19], and see [11] for the related even earlier defined sphere complexity. Clearly LC0F((sn))=LCF((sn)) andTLC0F((sn))LC1F((sn))LCwF((sn))=0 when w equals the number of nonzero terms of (sn) per period, i.e., the weight of (sn).

The main contribution of this work is to determine the k-error linear complexity of (sn) in Eq. (1) for any even number f (including f=2r considered in [21]). The main results are presented in the following two theorems. The proof of Theorem 2 appears in Section 4. Some necessary lemmas are introduced in Section 3. A crucial tool for the proof is the Fermat quotients, which is introduced in Section 2. In Section 5, Theorem 3 gives a lower bound on the k-error linear complexity when 2 is not a primitive root modulo p2.

Theorem 2

(Main theorem) Let (sn) be the binary sequence of period p2 defined in Eq. (1) with even f and any b for defining C0 and C1. If 2 is a primitive root modulo p2, then the k-error linear complexity of (sn) satisfiesLCkF2((sn))={p2,ifk=0,p21,if1k<(p1)/2,p2p,if(p1)/2k<(p2p)/2,p1,ifk=(p2p)/2,1,ifk=(p21)/2,0,ifk(p2+1)/2, if p3(mod8), andLCkF2((sn))={p2,ifk=0,p21,if1k<(p1)/2,p2p+1,ifk=(p1)/2,p2p,if(p+1)/2k<(p2p)/2,p,ifk=(p2p)/2,1,ifk=(p21)/2,0,ifk(p2+1)/2, if p3(mod8).

Section snippets

Fermat quotients

In this section, we interpret that the construction of (sn) in Eq. (1) is related to Fermat quotients. Certain similar constructions can be found in [3], [4], [5], [6], [7], [13], [16].

For integers u0, the Fermat quotient qp(u) is the value in {0,1,,p1} at u defined byqp(u)up11p(modp), where gcd(u,p)=1, if p|u we set qp(u)=0, see [18].

Thanks to the facts that{qp(u+p)qp(u)u1(modp),qp(uv)qp(u)+qp(v)(modp), for gcd(u,p)=1 and gcd(v,p)=1, we defineDl={u:0u<p2,gcd(u,p)=1,qp(u)=l},0l

Auxiliary lemmas

In this section, we present some necessary lemmas needed in the proofs. In the sequel, the notation |Z| denotes the cardinality of the set Z.

Lemma 1

Let Dl be defined for 0l<p by Fermat quotients as in Sect. 2. Then we have for 0l<p,{nmodp:nDl}={1,2,,p1}.

Proof

Since Dl={gl+ip(modp2):0i<p1} for 0l<p, we get{gl+ip(modp):0i<p1}={gl+i(modp):0i<p1}, which completes the proof. 

Lemma 2

Let Dl be defined for 0l<p by Fermat quotients as in Sect. 2. Let v{1,2,,p1} and Vv={v,v+p,v+2p,,v+(p1)p}. Then for each

Proof of the main theorem

Proof of Theorem 2

From the construction (1), we see that the weight of (sn) is (p21)/2+1, i.e., there are (p21)/2+1 many 1's in one period. Changing all terms of 0's of (sn) will lead to the constant 1-sequence, whose linear complexity is 1. And changing all terms of 1's will lead to the constant 0-sequence. So we always assume that k<(p21)/2.

The generating polynomial of (sn) is of the formS(X)=1+i=0pf/21di+b(modpf)(p2,f)(X)+i=0f/21di+b(modf)(p,f)(Xp)F2[X], where dl(pj,f)(X) is defined in Eq. (6). We

A lower bound

We have the following lower bound on the k-error linear complexity when 2 is not a primitive root modulo p2.

Theorem 3

Let (sn) be the binary sequence of period p2 defined in Eq. (1) with even f and any b for defining C0 and C1. If 2p11(modp2), then the k-error linear complexity of (sn) satisfiesLCkF2((sn))λpfor0k<(p2p)/2, where 1<λ<p is the order of 2 modulo p.

Proof

First we show the order of 2 modulo p2 is λp. Under the assumption on 2p11(modp2), we see that the order of 2 modulo p2 is of the form mp

Acknowledgements

Parts of this work were written during a very pleasant visit of Chenhuang Wu and Zhixiong Chen to the Hong Kong University of Science and Technology and the Hong Kong Polytechnic University in 2018. They wish to thank the host for the hospitality and the Fujian Provincial Department of Human Resources and Social Security of P. R. China for financial support (File No. 2017-368). The authors also wish to thank the anonymous referees and the editor for their time and positive comments.

The work was

References (24)

  • Z. Chen et al.

    On the k-error linear complexity of binary sequences derived from polynomial quotients

    Sci. China Inf. Sci.

    (2015)
  • Z. Chen et al.

    Structure of pseudorandom numbers derived from Fermat quotients

  • Cited by (0)

    View full text