2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3

Transcription

1 2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3 Ramakanth Kavuluru Department of Computer Science University of Kentucky SEequences and Their Applications 2008 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 1 / 14

2 Outline 1 Preliminaries Linear Complexity k-error Linear Complexity 2 Our Contribution Problem and Motivation Basic Characterization Counting Functions 3 Concluding Remarks Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 2 / 14

3 Linear Complexity Definition The linear complexity L(S) of a sequence S = (s 0, s 1, ) over F q is the length of smallest LFSR that can generate S. Let S be a periodic sequence with period T. Let S(x) = s 0 + s 1 x + + s T 1 x T 1. Then s i x i = S(x) 1 x T = u(x), gcd(u(x), g(x)) = 1. g(x) i=0 g(x) - minimal connection polynomial. L(S) = T deg(gcd(s(x), 1 x T )) = deg(g(x)). Shift register synthesis: Berlekamp-Massey algorithm. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 3 / 14

4 k-error Linear Complexity In practice, if an attacker can recover all but a few symbols of the keystream then the system is insecure. Attacker: Try all k = 1 symbol changes of the known keystream. Choose the one that leads to a message that makes sense. Then try all k = 2 symbol changes and so on. Definition (Ding et al., Martin and Stamp) The k-error linear complexity L k (S) of a periodic sequence S is the smallest linear complexity that can be obtained by performing up to k symbol changes in a single period of S. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 4 / 14

5 k-error Linear Complexity In practice, if an attacker can recover all but a few symbols of the keystream then the system is insecure. Attacker: Try all k = 1 symbol changes of the known keystream. Choose the one that leads to a message that makes sense. Then try all k = 2 symbol changes and so on. Definition (Ding et al., Martin and Stamp) The k-error linear complexity L k (S) of a periodic sequence S is the smallest linear complexity that can be obtained by performing up to k symbol changes in a single period of S. Proposition 1 (Kurosawa et al.) For a 2 n -periodic binary sequence S the minimum number of changes required to lower the linear complexity of S is merr(s)= 2 wh(2n L(S)). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 4 / 14

6 Notation and Approach A(L) - The set of 2 n -periodic binary sequences S with L(S) = L. A k (L) - The set of 2 n -periodic binary sequences S with L k (S) = L. Problem: Characterize and count sequences in A 2 (L) and A 3 (L), when w H (2 n L) 2. Approach: 1 Derive some useful properties of A(L) and L k (S). 2 Use them to characterize and count sequences in A 2 (L) and A 3 (L). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 5 / 14

7 Notation and Approach A(L) - The set of 2 n -periodic binary sequences S with L(S) = L. A k (L) - The set of 2 n -periodic binary sequences S with L k (S) = L. Problem: Characterize and count sequences in A 2 (L) and A 3 (L), when w H (2 n L) 2. Approach: 1 Derive some useful properties of A(L) and L k (S). 2 Use them to characterize and count sequences in A 2 (L) and A 3 (L). E i1,,i t = (e 0,, e 2n 1) : e l = 1, l = i 1,, i t ; e l = 0 otherwise. E t = {E i1,,i t : 0 i 1 < < i t 2 n 1}. A(L) + R = {S + R : S A(L)}, where R is any sequence. A(L)[R] - The set of sets {A(L) + R : R R}, where R is a set of sequences Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 5 / 14

8 Motivation and Previous Work Counting functions are useful To determine the expected value and variance of linear complexity and k-error linear complexity of a family of sequences. To also know the exact number of sequences available with high linear complexity and high k-error linear complexity. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 6 / 14

9 Motivation and Previous Work Counting functions are useful To determine the expected value and variance of linear complexity and k-error linear complexity of a family of sequences. To also know the exact number of sequences available with high linear complexity and high k-error linear complexity. Previous work on counting functions and expected values. Counting functions for linear and error linear complexity of sequences over finite fields: Gustavson, 1976; Meidl and Niederreiter Counting functions for error linear complexity measures for multisequences: Meidl, Niederreiter, and Venkateswarlu Counting functions and expected values for k-error linear complexity of 2 n -periodic binary sequences: Meidl 2005; Fu, Niederreiter, and Su 2006; Fengxiang and Wenfeng Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 6 / 14

10 Characterization When w H (2 n L) = 0 or 1 Proposition 2 (Fu et al.) For any sequence S A(2 n ) we have L 2 (S) = L 1 (S) < 2 n. Proposition 3 (Meidl) For any 2 n -periodic binary sequence S and for k 2, L k (S) is different from 2 n 2 t for every integer t with 0 t < n. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 7 / 14

11 Characterization When w H (2 n L) = 0 or 1 Proposition 2 (Fu et al.) For any sequence S A(2 n ) we have L 2 (S) = L 1 (S) < 2 n. Proposition 3 (Meidl) For any 2 n -periodic binary sequence S and for k 2, L k (S) is different from 2 n 2 t for every integer t with 0 t < n. ( ) 2 n A 2 (0) = E 1 E 2 {0} and A 2 (0) = + 2 n Proposition 2 = A 2 (2 n ) =. Proposition 3 = A 2 (L) = for L = 2 n 2 t, 0 t < n. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 7 / 14

12 Characterization When w H (2 n L) 3 Theorem 1 Let S be a T-periodic binary sequence. Consider any two positive integers u, v such that 0 v u and u + v < merr(s). Then for any T-periodic binary sequence E such that w H (E) = v we have L u (S + E) = L(S). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 8 / 14

13 Characterization When w H (2 n L) 3 Theorem 1 Let S be a T-periodic binary sequence. Consider any two positive integers u, v such that 0 v u and u + v < merr(s). Then for any T-periodic binary sequence E such that w H (E) = v we have L u (S + E) = L(S). Theorem 2 If w H (2 n L) 3, then A 2 (L) = A(L) ( ) (A(L) + E i ) (A(L) + E i,j ). E i E 1 E i,j E 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 8 / 14

14 A 2 (L) and A 2 (L) When 0 < L < 2 n 2 Theorem 3 For a given r {1,, n 1}, let 1 L < 2 n r. Then for any two distinct sequences S, S A(L) we have d H (S, S ) = t 2 r+1 for some t {1, 2, 3,, 2 n r 1 }, which implies d H (S, S ) 2 r+1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 9 / 14

15 A 2 (L) and A 2 (L) When 0 < L < 2 n 2 Theorem 3 For a given r {1,, n 1}, let 1 L < 2 n r. Then for any two distinct sequences S, S A(L) we have d H (S, S ) = t 2 r+1 for some t {1, 2, 3,, 2 n r 1 }, which implies d H (S, S ) 2 r+1. Theorem 4 If w H (2 n L) 3 and 1 L < 2 n 2, then the sets A(L), A(L) + E i, E i E 1, and A(L) + E i,j, E i,j E 2, are disjoint. Furthermore, (( ) ) 2 n A 2 (L) = + 2 n L 1. 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 9 / 14

16 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14

17 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. For any L where w H (2 n L) 3 we have unique r 1 and r 2 such that 1 r 1 r 2 and 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), which implies 2 n 2 n r1+1 < L < 2 n 2 n r1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14

18 Cardinality of A(L)[E 1 ] and 2 n 2 < L < 2 n 3 Theorem 5 (Fu et al.) For any sequence S A(L), where 2 n 2 n r < L < 2 n 2 n r 1 for some 1 r n 2, and for any integer 0 i 2 n 1, the number of sequences S + E i,j A(L), where 0 j 2 n 1 and j i, is exactly 2 r 1 corresponding to all j {i t2 n r : 1 t 2 r 1}. For any L where w H (2 n L) 3 we have unique r 1 and r 2 such that 1 r 1 r 2 and 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), which implies 2 n 2 n r1+1 < L < 2 n 2 n r1. Theorem 5 = (A(L) + E u ) (A(L) + E v ) =, 0 u < v 2 n r Also, for each u = 0,, 2 n r1+1 1, A(L) + E u = A(L) + E u+t2 n r 1 +1, t = 0,, 2 r Thus A(L)[E 1 ] = 2 n r1+1. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 10 / 14

19 Cardinality of A(L)[E 2 ] and 2 n 2 < L < 2 n 3 Theorem 6 Let S A(L) where 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ), for some r 1, r 2 {2,, n 1} satisfying 1 < r 1 r 2 or 1 = r 1 < r 2. We have the following two results. 1 Consider any four integers i, j, k, and l such that 0 i < j < k < l 2 n r Then L(S + E i,j,k,l ) = L(S) if and only if i, j, k, and l are in the form i = u + g 1 2 n r2, j = u + g 2 2 n r2, k = i + 2 n r1, and l = j + 2 n r1, where 0 u 2 n r2 1 and 1 g 1 < g 2 2 r2 r There do not exist integers i 1,, i 6 such that 0 i 1 < < i 6 2 n r1+1 1 and L(S + E i1,,i 6 ) = L(S). Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 11 / 14

20 Cardinality of A(L)[E 2 ] and 2 n 2 < L < 2 n 3 We only need to find A(L)[D 2 (L)], D 2 (L) = {E i,j : 0 i < j 2 n r1+1 1}. For all settings of i and j in part 1 of Theorem 6 we have set equalities A(L) + E i,j = A(L) + E i+2 n r 1,j+2 n r 1, A(L) + E i,j+2 n r 1 = A(L) + E i+2 n r 1,j, ( 2 r 2 r 1 ) resulting in 2 2 n r2 doubly counted sets. 2 Also, for each u = 0,, 2 n r2 1, we have 2 r2 r1 1 set equalities A(L) + E u,u+2 n r 1 = A(L) + E i,i+2 n r 1, where i = u + t2 n r2 for 1 t 2 r2 r1 1, resulting in 2 n r2 (2 r2 r1 1) doubly counted sets. ( 2 n r 1+1) ( ( 2 r 2 r 1 )) Thus A(L)[E 2 ] = A(L)[D 2 (L)] = 2 n r2 2 r2 r Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 12 / 14

21 A 2 (L) and A 2 (L) When 2 n 2 < L < 2 n 3 Theorem 7 Let w H (2 n L) 3 where 2 n (2 n r1 + 2 n r2 ) < L < 2 n (2 n r1 + 2 n r2 1 ) for some r 1, r 2 satisfying 1 < r 1 r 2 n 1. Define the sets D 1 (L) = {E i : 0 i < 2 n r1+1 } and D 2 (L) = {E i,j : 0 i < j < 2 n r1+1 }. For u = 0,, 2 n r2 1 define the sets D 1 u(l) = {E i,i+2 n r 1 : i = u + t2 n r2, 1 t 2 r2 r1 1}, D 2 u(l) = {E i,j, E i,j+2 n r 1 : i = u + t 1 2 n r2, j = u + t 2 2 n r2, 0 t 1 < t 2 2 r2 r1 1}. Consider the set D(L) = D 2 (L) 2 n r 2 1 u=0 (D 1 u(l) D 2 u(l)). Then the sets A(L), A(L) + E i, E i D 1 (L), and A(L) + E i,j, E i,j D(L), are disjoint. Furthermore, (( 2 n r 1+1) ) A 2 (L) = 2 n r2 (2 2r2 2r1 1) + 2 n r L 1. 2 Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 13 / 14

22 Final Remarks 1 The results for k = 3 are stated in the proceedings. 2 We also obtained results when w H (2 n L) = 2 with some further analysis. 3 Similar approach can be used for p n -periodic sequences over F p. 4 Results for arbitrary periods or for periods of other forms are desirable. Ramakanth Kavuluru (Univ. of Kentucky) Sequences with Fixed k-error LC SETA 2008, Lexington 14 / 14