On the 2-Adic Complexity of A Class of Binary Sequences of Period 4 p - - PowerPoint PPT Presentation

Background Previous work Preliminaries Main results

On the 2-Adic Complexity of A Class of Binary Sequences of Period 4p with Optimal Autocorrelation Magnitude

Minghui Yang joint work with Lulu Zhang and Keqin Feng

State Key Laboratory of Information Security Institute of Information Engineering Chinese Academy of Sciences

2020-6-3

1 / 25

Background Previous work Preliminaries Main results

Outline

1

Background

2

Previous work

3

Preliminaries

4

Main results

2 / 25

Background Previous work Preliminaries Main results

Outline

1

Background

2

Previous work

3

Preliminaries

4

Main results

3 / 25

Background Previous work Preliminaries Main results

The encryption process of the stream cipher

Figure: The key stream sequence plays the role of masking the plaintext

• sequence. The key stream sequence should have good pseudorandomness

in order to ensure that the attacker cannot recover the plaintext sequence even if they obtain the ciphertext sequence.

4 / 25

Background Previous work Preliminaries Main results

Both correlation attacks and algebraic attacks cause serious threat to stream cipher system based on the linear feedback shift register.

5 / 25

Background Previous work Preliminaries Main results

Both correlation attacks and algebraic attacks cause serious threat to stream cipher system based on the linear feedback shift register. It is main trend that using nonlinear feedback shift register sequences with good pseudo randomness as driving sequences in stream cipher design.

5 / 25

Background Previous work Preliminaries Main results

Both correlation attacks and algebraic attacks cause serious threat to stream cipher system based on the linear feedback shift register. It is main trend that using nonlinear feedback shift register sequences with good pseudo randomness as driving sequences in stream cipher design. As a class of nonlinear sequence generator, the feedback shift register with carry has received lots of attention.

5 / 25

Background Previous work Preliminaries Main results

Binary sequences with pseudo randomness: long period, low autocorrelation, large linear complexity, etc. the Rational Approximation Algorithm: the 2-adic complexity of a safe sequence should exceed half of its period. It is interesting to investigate the 2-adic complexity of sequences with optimal autocorrelation and large linear complexity.

6 / 25

Background Previous work Preliminaries Main results

The 2-adic complexity of binary sequences S = (s0, s1, . . . , sN−1) with period N can be computed by log2

2N−1 gcd(2N−1,S(2)), where S(2) = s0 + s12 + · · · + sN−12N−1.

The sequence s is called an optimal autocorrelation sequence if for any τ = 0, the autocorrelation function Cs(τ) satisfies (1) Cs(τ) = −1 for N ≡ 3 (mod 4); or (2) Cs(τ) ∈ {1, −3} for N ≡ 1 (mod 4); or (3) Cs(τ) ∈ {2, −2} for N ≡ 2 (mod 4); or (4) Cs(τ) ∈ {0, −4} for N ≡ 0 (mod 4).

7 / 25

Background Previous work Preliminaries Main results

Outline

1

Background

2

Previous work

3

Preliminaries

4

Main results

8 / 25

Background Previous work Preliminaries Main results

The known results about the 2-adic complexity of sequences with optimal autocorrelation

m sequence Type (1) the maxi- mum property of m sequence known sequences Type (1-2) the maxi- mum determinant of a matrix all sequences Type (1) the maxi- mum autocorrelation function DHM sequence Type (3) close to the maximum “Gauss sum- s”, “Gauss period” a kind of sequences Type (4) the maxi- mum direct compu- tation

9 / 25

Background Previous work Preliminaries Main results

The corresponding references

• T. Tian, W. F. Qi, 2-Adic complexity of binary m-sequences, IEEE Trans.
• Inf. Theory, 56(1): 450-454, 2010.
• H. Xiong, L. Qu, C. Li, A new method to compute 2-adic complexity of

binary sequences, IEEE Trans. Inf. Theory, 60(4): 2399-2406, 2014.

• H. Hu, Comments on a new method to compute the 2-adic complexity of

binary sequences, IEEE Trans. Inform. Theory, 60(4): 5803-5804, 2014.

• L. Zhang, J. Zhang, M. Yang, K. Feng, On the 2-adic complexity of the

Ding-Helleseth-Martinsen binary sequences, IEEE Trans. Inf. Theory, DOI 10.1109/TIT.2020.2964171, 2020. Xiong, L. Qu, and C. Li, 2-Adic complexity of binary sequnces with interleaved structure, Finite Fields Appl., 33: 14-28, 2015.

10 / 25

Background Previous work Preliminaries Main results

Outline

1

Background

2

Previous work

3

Preliminaries

4

Main results

11 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

For a sequence with period N ≡ 0 (mod 4), if Cs(τ) ∈ {0, ±4} when τ ranges from 1 to N − 1, then s is referred to as a sequence with optimal autocorrelation magnitude.

• W. Su, Y. Yang, C. Fan, New optimal binary sequences with period

4p via interleaving Ding-Helleseth-Lam sequences, Des. Codes Cryptogr., 86(6): 1329õ1338, 2018.

12 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

The linear complexity of such sequences is close to its period.

• C. Fan, The linear complexity of a class of binary sequences with optimal

autocorrelation, Des. Codes Cryptogr., 86(10): 2441õ2450, 2018. b = (0, 1, 0, 1). The 2-adic complexity of such sequence S with period 4p is proven to be no less than half of its period by using the method of autocorrelation function proposed by Hu. Conjecture: gcd(S(2), 22p + 1) = 5, where S(2) = s0 + · · · + s2p−122p−1.

• Y. Sun, T. Yan, Z. Chen, The 2-adic complexity of a class of binary

sequences with optimal autocorrelation magnitude, The 10th conference

• n sequences and their applications, 2018.

13 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

Let s(t) = (s(t)

0 , s(t) 1 , . . . , s(t) N−1) be a binary sequence of period

N, where 0 ≤ t ≤ M − 1.

14 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

Let s(t) = (s(t)

0 , s(t) 1 , . . . , s(t) N−1) be a binary sequence of period

N, where 0 ≤ t ≤ M − 1. An N × M matrix is obtained from these M binary sequences and given by U =        s(0) s(1) · · · s(M−1) s(0)

1

s(1)

1

· · · s(M−1)

1

. . . . . . ... . . . s(0)

N−1

s(1)

N−1

· · · s(M−1)

N−1

       .

14 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

An interleaved sequence u = (uh) of period MN is obtained by concatenating the successive rows of the matrix and defined by uiM+j = Ui,j, 0 ≤ i < N, 0 ≤ j < M.

15 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

An interleaved sequence u = (uh) of period MN is obtained by concatenating the successive rows of the matrix and defined by uiM+j = Ui,j, 0 ≤ i < N, 0 ≤ j < M. The sequence u is denoted by u = I(s(0), s(1), ..., s(M − 1)) for simplicity.

15 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

Let g be a primitive root of p. Define Dj = {gj+4i : 0 ≤ i ≤ p−1

4

− 1} for 0 ≤ j ≤ 3.

16 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

Let g be a primitive root of p. Define Dj = {gj+4i : 0 ≤ i ≤ p−1

4

− 1} for 0 ≤ j ≤ 3. Let u = (u0, u1, . . . , uN−1) be a binary sequence of period N. The set Bu = {t ∈ ZN : ut = 1} is called the support of u. Let s1, s2, s3 be the Ding-Hellseth-Lam sequences of period p with supports D0 ∪ D1, D0 ∪ D3, D1 ∪ D2, respectively, where p = 4f + 1 = x2 + 4y2 is a prime number, f is odd and y = ±1.

16 / 25

Background Previous work Preliminaries Main results

The known results about interleaved sequences with

• ptimal magnitude

Lemma (Su et al.) Assume that p = 4f + 1 = x2 + 4y2 is a prime number, where f is

• dd and y = ±1. Let b = (b(0), b(1), b(0), b(1)) be a binary
• sequence. Then the binary sequence of period 4p constructed by

S = I(s3 + b(0), Ld(s2) + b(1), L2d(s1) + b(0), L3d(s1) + b(1)) is optimal with respect to the autocorrelation magnitude.

17 / 25

Background Previous work Preliminaries Main results

Outline

1

Background

2

Previous work

3

Preliminaries

4

Main results

18 / 25

Background Previous work Preliminaries Main results

Main results

Theorem For the sequence S with b = (0, 1, 0, 1), we have gcd(S(2), 22p + 1) = 5.

19 / 25

Background Previous work Preliminaries Main results

Sketch of Proof

Lemma (Sun et al.) For the sequence S with b = (0, 1, 0, 1), we have 5| gcd(S(2), 22p + 1). Lemma (Sun et al.) For the sequence S with b = (0, 1, 0, 1), we have S(2)T(2−1) ≡ 2  24p − 1 24 − 1 + (22p + 1)(2p − 1) − 2p(22p − 1)y

• i∈F∗

p

( i p )24i − p   (mod 24p − 1) where S(2) = 4p−1

i=0

si2i, T(2) = 4p−1

i=0 (−1)si 2i. 20 / 25

Background Previous work Preliminaries Main results

Sketch of Proof p = 5

21 / 25

Background Previous work Preliminaries Main results

Sketch of Proof p = 5

gcd

• −2p(22p−1)y
• i∈F∗

p

( i p )24i−p), 22p + 1 5

• = l = 1 (y = ±1).

21 / 25

Background Previous work Preliminaries Main results

Sketch of Proof p = 5

gcd

• −2p(22p−1)y
• i∈F∗

p

( i p )24i−p), 22p + 1 5

• = l = 1 (y = ±1).

Assume that l > 1. 22p+2(

• i∈F∗

p

( i p )24i)2 − p2 ≡ 0 (mod l). Lemma (

i∈F∗

p ( i

p)24i)2 ≡ p (mod 22p+1 5

).

21 / 25

Background Previous work Preliminaries Main results

Sketch of Proof p = 5

gcd

• −2p(22p−1)y
• i∈F∗

p

( i p )24i−p), 22p + 1 5

• = l = 1 (y = ±1).

Assume that l > 1. 22p+2(

• i∈F∗

p

( i p )24i)2 − p2 ≡ 0 (mod l). Lemma (

i∈F∗

p ( i

p)24i)2 ≡ p (mod 22p+1 5

). 0 ≡ 22p+2p − p2 ≡ −4p − p2 (mod l) ⇒ l = p or l|p + 4.

l = p ⇒ p = 5 which contradicts to p = 5. l|p + 4 ⇒ l|15 which contradicts to l = 3, 5.

p = 5 direct verification.

21 / 25

Background Previous work Preliminaries Main results

Main results

Lemma (Sun etc.) For the sequence S with b = (0, 1, 0, 1), we have gcd(S(2), 22p − 1) = 1. Theorem If b = (b(0), b(1), b(2), b(3)) = (0, 1, 0, 1) or (1, 0, 1, 0), then the 2-adic complexity of the sequence S is Φ2(S) = log2

24p−1 5

.

22 / 25

Background Previous work Preliminaries Main results

Main results

Theorem If b = (b(0), b(1), b(0), b(1)) = (0, 0, 0, 0) or (1, 1, 1, 1), then the 2-adic complexity of the sequence S is Φ2(S) =

• log2

24p−1 75 , p = 5

log2

24p−1 15 , p = 5 .

23 / 25

Background Previous work Preliminaries Main results

Main results

Our results show that the 2-adic complexity of the constructed interleaved sequence is close to the period. Hence, the sequence is safe enough to resist attacks with the rational approximation algorithm.

24 / 25

Background Previous work Preliminaries Main results

Thank you!

25 / 25