On the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers

Size: px

Start display at page:

Download "On the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers"

Francine Walker
5 years ago
Views:

1 On the distinctness of binary sequences derived from primitive sequences modulo square-free odd integers Qun-iong Zheng, Wen-Feng Qi and Tian Tian y August 2, 20 Abstract Let M be a square-free odd integer and Z=(M) the integer residue ring modulo M. This paper studies the distinctness of primitive sequences over Z=(M) modulo 2. Recently, for the case of M = pq, a product of two distinct prime numbers p and q, the problem has been almost completely solved. As for the case that M is a product of more prime numbers, the problem has been quite resistant to proof. In this paper, a partial proof is given by showing that a class of primitive sequences of order 2k + over Z=(M) is distinct modulo 2. Besides as an independent interest, the paper also involves two distribution properties of primitive sequences over Z=(M), which related closely to our main results. Keywords: integer residue rings, linear recurring sequences, primitive polynomials, primitive sequences, modular reduction This work was supported by NSF of China under Grant No. (607078, ). y Qun-iong Zheng, Wen-Feng Qi and Tian Tian are with the department of Applied Mathematics, Zhengzhou Information Science and Technology Institute, Zhengzhou , China. ( qunxiong_- zheng@63.com, wenfeng.qi@263.net and tiantian_d@26.com)

2 2 Introduction Let Z=(M) denote the integer residue ring modulo M for any integer M 2. If a sequence a = (a(t)) t0 over Z=(M) satis es a(i + n) (c n a(i + n ) + + c a(i + ) + c 0 a(i)) mod M; i 0 () with constant coe cients c 0 ; c ; : : : ; c n 2 Z=(M), then a is called a linear recurring sequence of order n over Z=(M) generated by f(x) = x n + c n x n + + c 0 (or a is a sequence of order n over Z=(M) in short) and f (x) is called a characteristic polynomial of a. For convenience, the set of sequences generated by f(x) over Z=(M) is generally denoted by G (f (x) ; M). Let p be a prime number and e a positive integer. A monic polynomial f(x) of degree n over Z=(p e ) is called a primitive polynomial of degree n if the period of f(x) over Z=(p e ), denoted by per(f(x); p e ), is equal to p e (p n ), that is p e (p n ) is the minimal positive integer P such that x P is divisible by f(x) in Z=(p e )[x]. A sequence a = (a(t)) t0 over Z=(p e ) is called a primitive sequence of order n if a is generated by a primitive polynomial of degree n over Z=(p e ) and a mod p = (a(t) mod p) t0 is not an all 0 sequence. The period of a primitive sequence a of order n over Z=(p e ), denoted as per (a; p e ), is equal to p e (p n ), see []. Every element u 2 Z=(p e ) has a unique p-adic expansion as u = u 0 +u p+ +u e p e, where u i 2 f0; ; : : : ; p g and can be naturally seen as an element in Z=(p). Similarly, a sequence a over Z=(p e ) has a unique p-adic expansion as a = a 0 + a p + + a e p e, where a i is a sequence over f0; ; : : : ; p g and can be naturally seen as a sequence over Z=(p). The sequence a i is called the ith-level sequence of a for 0 i e and a e is also called the highest level sequence of a. Let a be a sequence over Z=(p e ) with the p-adic expansion as a = a 0 +a p+ +a e p e and '(x 0 ; : : : ; x e ) an e-variable function over Z=(p). Then '(a 0 ; : : : ; a e ) = ('(a 0 (t) ; : : : ; a e (t))) t0

3 3 is a sequence over Z=(p) and is called a compressing sequence derived from a. When a is a primitive sequence over Z=(p e ), many cryptographical properties of such compressing sequence have been studied during the last 20 years [2]-[7], in particular the distinctness of compressing sequences, that is, a = b if and only if '(a 0 ; : : : ; a e ) = '(b 0 ; : : : ; b e ), where a and b are two primitive sequences generated by a primitive polynomial over Z=(p e ). Obviously, for a given primitive polynomial f(x) over Z=(p e ), if the compressing sequences of all primitive sequences generated by f(x) are pairwise distinct, then there is a one-to-one correspondence between primitive sequences and their compressing sequences, which implies that every compressing sequence preserves all the information of its original primitive sequence. Thus such compressing sequences are thought to be a good type of nonlinear sequences available for the design of stream cipher. Recently, modular reduction, another compressing method of primitive sequences over Z=(p e ), was proposed and has attracted much attention. For example, the well known l- sequences, i.e., maximal length FCSR sequences, introduced by A. Klapper and M. Goresky in [20], are in fact modulo 2 reductions of primitive sequences of order over Z=(p e ). In [9], the distinctness of modular reductions of primitive sequences over Z=(p e ) has been completely solved. It was shown that if a and b are two primitive sequences generated by a primitive polynomial of degree n over Z=(p e ), then a = b if and only if a b mod m, where m is a positive integer with a prime factor other than p. It can be seen that the operation of mod m destroys the inherent structure of sequences over Z=(p e ), and in particular for m = 2, the compression ratio is very large and easy to implement. Let M be an integer greater than and M = p e p e 2 2 p er r the canonical factorization of M. As a natural generalization of the de nitions of primitive polynomials and primitive sequences over Z=(p e ), a monic polynomial f (x) of degree n over Z=(M) is called a primitive polynomial and a sequence a = (a(t)) t0 of order n over Z=(M) is called a primitive sequence, if for every i 2 f; 2; : : : ; rg, f (x) mod p e i i over Z=(p e i i ) and a mod pe i i is a primitive polynomial of degree n is a primitive sequence of order n over Z=(p e i i ), respectively. It is easy to see that the period of a primitive polynomial of degree n over Z=(M) and that

4 4 of a primitive sequence of order n over Z=(M) are both equal to lcm p e (p n ) ; p e 2 2 (p n 2 ) ; : : : ; p er r (p n r ) : For convenience, the set of primitive sequences generated by a primitive polynomial f(x) over Z=(M) is generally denoted by G 0 (f(x); M). If M has at least two di erent prime factors, there indeed exist many primitive sequences of order over Z=(M) such that their modular reductions are the same [2]. It is long not clear, however, whether the modular reductions of primitive sequences of order n 2 over Z=(M) are distinct. Let p and q be two distinct prime numbers. In [2], the authors rst studied the distinctness of primitive sequences over Z=(pq) modulo 2, and a su cient condition was given for (n; p; q) such that primitive sequences of order n over Z=(pq) are distinct modulo 2. Then in [8] based on a new result on the element distribution property of primitive sequences over Z=(pq), the set of primitive sequences that can be proved to be distinct modulo 2 is greatly enlarged and almost includes all primitive sequences. Inspired by the methods of [8], this paper studies a much more general modulus M which is a product of three or more distinct prime numbers. A class of primitive sequences of order n = 2k + over Z=(M) is shown to be distinct modulo 2, where k is an integer. The number of primitive sequences proved to be distinct modulo 2 has close relations with two distribution properties of primitive sequences over Z=(M). One is given s 2 Z=(M) and a primitive sequence a of order n 2 over Z=(M) whether there is an integer t 0 such that a(t) = s. The other is given a primitive sequence a of order over Z=(M) whether there is an integer t 0 such that a(t) is an even number. Based on the estimates of exponential sums over integer residue rings and number theoretical functions, su cient conditions of primitive sequences over Z=(M) satisfying the two properties are obtained, respectively, and corresponding experimental data are provided to show the validity of the su cient conditions. The paper is organized as follows. Section 2 presents some necessary preliminaries. Section 3 discusses distribution properties of primitive sequences over integer residue rings.

5 5 Section 4 is largely devoted to the proof of our main result. Finally, conclusions are drawn in Section 5. Throughout the paper, we assume that M is a square-free odd integer and M = p p 2 p r is the canonical factorization of M, where r 2 and p i is an odd prime number for i r. We choose f0; ; : : : ; M g as the complete set of representatives for the elements of the ring Z=(M). Thus a sequence a over Z=(M) is usually seen as an integer sequence over f0; ; : : : ; M g. Moreover, for an integer x and a positive integer m, we denote the nonnegative minimal residue of x modulo m as [x] mod m and [a] mod m = ([a(t)] mod m ) t0 for a sequence a = (a(t)) t0 over Z=(M). 2 Preliminaries An element 2 Z=(M) is called a primitive element of Z=(M) if [] mod pi is a primitive element of Z=(p i ) for every i 2 f; 2; : : : ; rg, i.e., the multiplicative order of [] mod pi in Z=(p i ) is equal to p i. It can be seen that the multiplicative order of any primitive element in Z=(M) is equal to lcm (p ; p 2 ; : : : ; p r ). Typical primitive polynomials over integer residue rings were rst proposed and studied in [22]. The authors of [22] gave the following equivalent conditions, each of which de nes a typical primitive polynomial. Lemma ([22]) Let f(x) be a primitive polynomial of degree n over Z=(M). Then the following are equivalent: () f(x) divides x S for some positive integer S and some primitive element of Z=(M); (2) there exists a primitive element of Z=(M) such that x M mod f (x) holds over p n Z=(M), where M = lcm ; pn 2 ; : : : ; pn r p p 2 p r ;

6 6 (3) gcd pi p j ; p n i = pn i for any pair of distinct prime divisors p p i i and p j of M, p n where pi p j = lcm i ; pn j p i p j : Remark 2 The conditions (), (2) and (3) correspond to De nition 4, Lemma 5 and formula (9) of [22], respectively. De nition 3 ([22]) A monic polynomial f(x) of degree n over Z=(M) is called a typical primitive polynomial of degree n over Z=(M) if f(x) is primitive and satis es the equivalent conditions of Lemma. It can be seen from the condition (3) of Lemma that the existence of typical primitive polynomials of degree n over Z=(M) only depends on the arithmetic properties of M and n. Thus, for convenience we call (M; n) a typical primitive pair if M and n satisfy the condition (3) of Lemma. To prove the distinctness of primitive sequences over Z=(M) modulo 2 in Section 4, we need another concept named a distinguishable pair, and we make its de nition explicit in the following statement. De nition 4 Let n be a positive integer. Then (M; n) is called a distinguishable pair if p n gcd i p i ; pn j = (2) for any pair of distinct prime divisors p i and p j of M. Remark 5 () If (M; n) is a distinguishable pair, then it is necessary that n is an odd number. This is because if n is an even number, then both pn i = P n p i k=0 pk i and p n j are p n even numbers, and so gcd i ; p i pn j 2 6=. (2) If (M; n) is a distinguishable pair, then (M; n) is a typical primitive pair, but the reverse is not true. For example, it can be veri ed that (77; 3) is a typical primitive pair, but not a distinguishable pair.

7 7 (3) Experimental data show that the proportion of distinguishable pairs (M; n) is about 6:48% when M runs through all possible values between and 0; 000; 000 and n runs through all odd integers between 3 and 9. Finally we recall the estimates of some classical exponential sums over integer residue rings. Let m be a positive integer greater than, and let e m () be the canonical additive character over Z=(m) given by e m (a) = e 2ia=m, where a is an integer. First it is well-known that the complete sum m a=0 8 < e m (ca) = : m; if m j c; 0; otherwise, for any integer c. Second the following estimates are proved in [23]. Lemma 6 [23, Lemma 8.80] For any positive integer H we have m H ln m e m (ax) < 2m + + H, 5 a=0 x=0 where ln () is the natural logarithm. In particular, we have m H ln m e m (ax) < 2m +. 5 a= x=0 3 Distribution Properties of Primitive Sequences over Z=(M) Let a be a periodic sequence over Z=(M) with period T. For any given element s 2 Z=(M), we say that the element s occurs in the sequence a if there exists an integer t 2 f0; ; : : : ; T g such that a (t) = s. Let N a T ; s denote the number of element s occurring in a complete period of the sequence a, that is, N a T ; s = # ft j a (t) = s; 0 t T g.

8 8 In this section, we discuss two distribution problems of primitive sequences over Z=(M), which will be shown to be useful in Section 4. The rst problem is whether every element of Z=(M) occurs in a complete period of a primitive sequence of order n over Z=(M). In Subsection 3., we shall show that the answer is positive for su ciently large n. It is clear that the answer is negative for n =. The second problem is whether there exists an even number of Z=(M) occurs in a complete period of a primitive sequence of order over Z=(M). In Subsection 3.2, we shall show that the answer to this problem is positive for almost all M s. The main results of this section are based on the estimates of exponential sums over integer residue rings. 3. Estimates for the number of a given element occurring in a primitive sequence over Z=(M) Lemma 7 Let f(x) = x n (c n x n + +c x+c 0 ) be a primitive polynomial over Z=(M) with period T and d = (; 0; : : : ; 0) 2 (Z=(M)) n. Then d A h 6= d A k for 0 h < k < T, where 2 A = 6 4 (Here we mean that A = [c 0 ] if n =.) (3) c 0 c c 2 c 3 c n Proof. Suppose there exist two integers h and k, 0 h < k < T, such that d A h = d A k. Then we have d A j A h = d A j A k for 0 j n. (4)

9 9 Note that and so (4) implies that d A j = (0; : : : ; 0; ; 0; : : : ; 0); 0 j n ; {z } j A h = A k. (5) Let d = (d (t)) t0 be a primitive sequence generated by f(x) over Z=(M), and let d t = (d (t) ; d (t + ) ; : : : ; d (t + n )) be the t-th state of the sequence d for any integer t 0. It follows from () that d t = A t d 0, where d t is the transpose of d t. Then by (5) we have d h = A h d 0 = A k d 0 = d k, and so the period of d is not greater than k h < T, a contradiction to the fact that the period of d is equal to T. Therefore we get that d A h 6= d A k for 0 h < k < T. The following lemma is an analogy of Theorem 8.78 of [23]. Lemma 8 Let a be a primitive sequence of order n over Z=(M) with period T = lcm (p n ; p n 2 ; : : : ; p n r ). Then T e M (a (t)) M n 2. Proof. For any vector b = (b 0 ; b ; : : : ; b n ) 2 (Z=(M)) n, let T (b) = e M (b 0 a (t) + b a (t + ) + + b n a (t + n )). (6)

10 0 Note that e M (b 0 a (0) + b a () + + b n a (n )) = e M (b 0 a (T ) + b a (T + ) + + b n a (T + n )), and so we obtain T (b) = e M (b 0 a (t + ) + b a (t + 2) + + b n a (t + n)). (7) Assume f(x) = x n (c n x n + + c x + c 0 ) is a characteristic polynomial of a. Then we have a(t + n) c 0 a(t) + c a(t + ) + + c n a(t + n ) mod M; t 0. (8) Hence, (7) and (8) yield T j (b)j = e M (b 0 a (t + ) + b a (t + 2) + + b n a (t + n)) T n = e M b 0 a (t + ) + b a (t + 2) + + b n c k a(t + k)!! = j ((b n c 0 ; b 0 + b n c ; : : : ; b n 2 + b n c n ))j = j (b A)j, where A is an n n matrix over Z=(M) of the form described in (3). Recursively, we have j (b)j = j (b A)j = b A 2 = = b A T. (9) k=0 Let d = (; 0; : : : ; 0) 2 (Z=(M)) n and = fd A t j 0 t T g. On one hand, it can be seen from (6) that T T e M (a (t)) 2 = T j (d)j 2 : (0) On the other hand, since Lemma 7 implies that the number of elements in equals T, it follows from (9) that T T j (d)j 2 = da t 2 = j (b)j 2 j (b)j 2. () b2 b2(z=(m)) n

11 Thus, (0) and () yield T T e M (a (t)) Note that j (b)j 2 = b2(z=(m)) n = Since 0s;tT 2 b 0 2Z=(M) j (b)j 2. (2) b2(z=(m)) n (b) (b) b2(z=(m)) n e M (b 0 (a (s) a (t))) A b n 2Z=(M) e M (b n (a (s + n ) a (t + n ))) A : (3) (a (s) ; : : : ; a (s + n )) = (a (t) ; : : : ; a (t + n )) if and only if s t mod T; it follows from (3) that j (b)j 2 = T M n. (4) b2(z=(m)) n Finally combining (2) and (4), we get T e M (a (t)) M n 2. Remark 9 Note that r is assumed to be greater than. But Theorem 8.78 of [23] implies that Lemma 8 is also true if r =. Lemma 0 Let p be a prime number and a a primitive sequence of order n over Z=(p). Then for any integer s we have E p (s) = p n 2 8 p < e p (h (a (t) s)) = : h=0 p n p; if s 0 mod p; p n ; if gcd(s; p) =. (5)

12 2 Proof. Since the exponential sum pn 2 p p e p (h (a (t) h=0 counts the number of the element s mod p occurring in a complete period of a, (5) immediately follows from the element distribution properties of m-sequences over nite elds. s)) Let a be a primitive sequence of order n over Z=(M), and let T = per(a; M) = lcm(p n ; p n 2 ; : : : ; p n r ): Given an element s 2 Z=(M), it can be seen that N a T ; s = M T p h =0 For i = ; 2; : : : ; r; let us denote Then N a T ; s = M = M T D i = i= T = T M + M e p (h (a (t) p i h i = ry (D i + ) + p r s)) e pr (h r (a (t) h r=0 e pi (h i (a (t) s)) : r D i + i= r r T D i + M i= Note that for i = ; 2; : : : ; r, we have that T D i = = = T h i = T p i p i h i =0 T p n i k=2 i <<i k r T e pi (h i (a (t) r k=2 i <<i k r s)) D i D i2 D ik! e pi (h i (a (t) s)) T p n i 2 p i h i =0 e pi (h i (a (t) s)) T: s))! D i D i2 D ik : (6).

13 3 It follows from Lemma 0 that T D i = T E p i (s) p n i T; i = ; 2; : : : ; r: (7) Taking (7) into (6) yields N at ; s! T r M r + E pi (s) p n i= i = r T D i D i2 D ik M k=2 i <<i k r p r i p ik T e M pi (h i (a (t) s)) e pik (h ik (a (t) s)) k=2 i <<i k r h i = h ik = = p r i p ik T e M pi (h i a (t)) e pik (h ik a (t)). (8) k=2 i <<i k r h i = h ik = For given i < i 2 < < i k r, set Q jk g id = p i j ; d = ; 2; : : : ; k. p id Then it can be seen that Since the sequence e pi (h i a (t)) e pi2 (h i2 a (t)) e pik (h ik a (t)) = e pi p i2 p ik (( d= k g id h id 6 0 mod p ij ; j k; d= k k ( g id h id ) a = (( g id h id ) a (t)) t0 d= k g id h id ) a (t)). is a primitive sequence over Z=(p i p i2 p ik ) with period lcm p n i ; p n i 2 ; : : : ; p n i k. Then by Lemma 8 we have T e pi (h i a (t)) e pi2 (h i2 a (t)) e pik (h ik a (t)) T (p i p i2 p ik ) n=2 lcm p n i ; p n i 2 ; : : : ; p n i k (9) d=

14 4 for all h id p id, d k. Combining (8) and (9) yields N at ; s! T r M r + E pi (s) p n i= i T Q r M k j= p i j p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k. k=2 i < 0 if r + r i= E pi (s) r p n i > k=2 i <<i k r Q k j= p i j p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k. This leads to the following theorem. Theorem Let a be a primitive sequence of order n over Z=(M). For a given element s 2 Z=(M), the element s occurs in the sequence a if r + r i= E pi (s) r p n i > k=2 i < k=2 i < k=2 i <<i k r Q k j= (p i j )p n=2 i j. (2) lcm p n i ; p n i 2 ; : : : ; p n i k Remark 2 It is trivial that (2) is not true for n =. Next we shall show that (2) is not true for n = 2 either. Since p 2 i mod 4 for all i r, it can be seen that lcm p 2 ; p 2 2 ; : : : ; p 2 r Q r i= (p2 i ) 4 r Q r i= (p2 i ) 2 r.

15 5 Thus we have r k=2 i < > Q r i= (p i ) p i lcm (p 2 ; p 2 2 ; : : : ; p 2 r ) ry 2 r p i p i + i= r i= p i p 2 i. This shows that (2) is not true for n = 2. Table The proportions of M s satisfy (2) of Theorem n n :347% 76:669% 76:8% 2 99:999% 99:999% 99:999% 4 67:98% 69:89% 70:482% 3 00% 00% 00% 5 99:998% 99:998% 99:998% 4 00% 00% 00% 6 95:964% 96:64% 96:204% 5 00% 00% 00% 7 00% 00% 00% 6 00% 00% 00% 8 00% 00% 00% 7 00% 00% 00% 9 00% 00% 00% 8 00% 00% 00% 0 00% 00% 00% 9 00% 00% 00% 00% 00% 00% 20 00% 00% 00% To show the validity of Theorem, we did some experiments on the proportions of M s satisfying (2) of Theorem and we list our results in Table where the notation k denotes the range of M, k 2 f000000; ; g. For example, if n = 3, then the proportion of M s satisfying (2) of all possible values M between and is 76:347%. It can be seen from Table that for n > 6, the proportions of M s satisfying (2) of Theorem are close to 00%. In theory, the best result we can prove is that (2) holds provided n is su ciently large.

16 6 Theorem 3 For each square-free odd integer M, there exists an integer N M such that (2) holds if n > N M. Therefore, if a is a primitive sequence of order n > N M over Z=(M), then every element of Z=(M) occurs in the sequence a. Proof. See Appendix A. 3.2 Estimates for the number of even numbers occurring in a primitive sequence of order over Z=(M) The Carmichael s -function (denote as () ) [25] will be frequently used in this subsection, and so we rst make its de nition explicit here. The Carmichael s -function of m is de ned as the universal exponent for the group of residues modulo m that are coprime to m, i.e., (m) = lcm(q e (q ); q e 2 2 (q 2 ); : : : ; q ev v (q v )) if m = q e q e 2 2 q ev v is the canonical factorization of m. In particular, since M = p p 2 p r, we have (M) = lcm (p ; p 2 ; : : : ; p r ), which is equal to the period of primitive sequence of order over Z=(M). Lemma 4 Let a be a primitive sequence of order over Z=(M) with period T = (M). Set v = [a] mod 2. Then for s 2 f0; g we have where H s = M 2 s. N vt ; s T (H s + ) M < 2T M djm d> d 3=2 ln d (d) +, 5

17 7 Proof. Since N v T ; s = T H s = M x=0 M h=0! M e M (h (a (t) 2x s)) M e M ( = T (H s + ) M h=0 T H s hs) e M (ha (t)) e M ( + M M h= e M ( x=0 2hx)! T H s hs) e M (ha (t)) e M ( x=0 2hx)!, it follows that N vt ; s T (H s + ) M M T e M (ha (t)) M H s e M ( 2hx) h= x=0 = T e M (ha (t)) M H s e M ( = M djm d> hm gcd(h;m)=m=d djm hd d> gcd(h;d)= x=0 T e d (ha (t)) H s e d ( x=0 2hx) 2hx) : (22) Note that given a divisor d > of M, [ha] mod d is a primitive sequence over Z=(d) with period (d) for every integer h coprime with d, and so it follows from Lemma 8 and Remark 9 that T e d (ha (t)) = T (d) (d) e d (ha (t)) T d=2 (d). (23)

18 8 Combining (22) and (23) yields N vt ; s T (H s + ) M T d =2 H s e d ( M (d) = T M T M djm d> djm d> djm d> Since gcd (2; d) =, we get d H s e d ( h= x=0 hd gcd(h;d)= d =2 (d) d =2 d (d) hd gcd(h;d)= h= x=0 H s e d ( x=0 H s e d ( x=0 2hx) 2hx) 2hx). (24) d 2hx) = H s e d (hx). (25) Applying Lemma 6 to the right-hand side of (25) we obtain d H s ln d e d ( 2hx) < 2d +, (26) 5 h= x=0 and so the result follows from (24) and (26). The following Theorem 5 immediately follows from Lemma 4. h= x=0 Theorem 5 Let a be a primitive sequence of order over Z=(M). Then there exists an even number occurring in a if M + 4 djm d> d 3=2 ln d (d) +. (27) 5 Experiments show that there are about 69:720%, 75:862%, 80:787%, 87:459% and 90:69% of M s satisfying (27) among all M s less than 00; 000, 300; 000, ; 000; 000, 0; 000; 000 and 50; 000; 000, respectively. It can be seen that the percentage increases as the range of M increases.

19 9 In fact, our experiments even indicate the following conjecture which has been veri ed for all M s less than 300; 000. Conjecture 6 For every primitive sequence a of order over Z=(M), there exists an even number occurring in a. Remark 7 Conjecture 6 implies that for every primitive element 2 Z=(M), there exists an integer t 0 such that t mod M is a positive even number. Remark 8 If Conjecture 6 is true, then for every typical primitive polynomial f (x) over Z=(M), there always exist a positive integer S and a positive even number C < M such that x S C mod f(x) holds over Z=(M). This is because by Lemma, if f (x) is a typical primitive polynomial over Z=(M), then x S 0 mod f(x) holds over Z=(M) for some positive integer S 0 and some primitive element in Z=(M), and so it follows from Remark 7 that there exists an integer t 0 such that C = t M is a positive even number. Thus we get x S 0t t C mod f(x) holds over Z=(M). Although we could not completely prove Conjecture 6 by now, we obtain a asymptotic result as follows. Let I be a set of positive integers and S a subset of I. For any positive integer n, denote I n = fm 2 I j m ng and S n = fm 2 S j m ng. The asymptotic density of S is the following limit (if it exists) (S) = lim n! #S n #I n, where #S n and #I n are the number of elements in S n and I n, respectively. Theorem 9 Let I be the set of all square-free odd integers. There is a subset S of I with asymptotic density such that Conjecture 6 is true for M 2 S. Proof. See Appendix B.

20 4 The distinctness of primitive sequences over Z=(M) modulo 2 20 This section is mainly devoted to the proof of Theorem 20. Theorem 20 Let f(x) be a typical primitive polynomial of degree n = 2k + over Z=(M) with k. If () Conjecture 6 is true; and (2) for any sequence z 2 G 0 (f(x); M), there exist two nonnegative integers t and t 2 such that z(t ) = 0 and z(t 2 ) 2 f; M g; and (3) (M; n) is a distinguishable pair, then for a; b 2 G 0 (f(x); M), a = b if and only if [a] mod 2 = [b] mod 2. We rst give some necessary lemmas. Lemma 2 Let f(x) be a typical primitive polynomial of degree n = 2k + over Z=(M) with k, and let a; b 2 G 0 (f(x); M) with [a] mod 2 = [b] mod 2. If () Conjecture 6 is true; and (2) for any sequence z 2 G 0 (f(x); M), there exists a nonnegative integer t such that z (t) 2 f; M g, then there is a divisor R > of M such that [a] mod R = [b] mod R but for any prime divisor q of M=R. [a] mod q 6= [b] mod q

21 2 Proof. Set c = [a b] mod M. It is clear that c 2 G(f(x); M). We claim that c =2 G 0 (f(x); M). Otherwise, by assumption there is an integer t 0 such that c (t) 2 f; M g. If c (t) =, i.e., [a(t) b(t)] mod M =. Then [a (t)] mod 2 = [b (t)] mod 2 implies that a (t) = 0 and b (t) = M. Since f (x) is a typical primitive polynomial over Z=(M), it follows from Remark 8 that there exist a positive integer S and a positive even number C < M such that x S C mod f(x) holds over Z=(M), and so we get a (t + S) = [C 0] mod M = 0 and b (t + S) = [C (M )] mod M = M C, which yield [a (t + S)] mod 2 6= [b (t + S)] mod 2, a contradiction to the assumption that [a] mod 2 = [b] mod 2. Similarly, it can be shown that [a] mod 2 6= [b] mod 2 if c (t) = M. Therefore, we get that c =2 G 0 (f(x); M). This implies that there at least exists a prime divisor p of M such that a b mod p. Let R be the largest divisor of M such that a = b mod R. Then R is the desired divisor. Lemma 22 Let f(x) be a typical primitive polynomial of degree n = 2k + over Z=(M) with k and a; b 2 G 0 (f(x); M). Then [a] mod 2 6= [b] mod 2 if () Conjecture 6 is true; and (2) a (t ) = 0 and b (t ) = M R for some nonnegative integer t and some divisor R of M with < R < M. Proof. Since f(x) is a typical primitive polynomial over Z=(M), there exist a positive integer S and a primitive element of Z=(M) such that x S mod f (x) holds over Z=(M). Applying x S mod f (x) to a and b, respectively, we get a (t + k S) = a (t ) k = 0 mod M

22 22 and b (t + k S) = b (t ) k mod M = M R k mod M=R for any integer k 0. By Remark 7 there is an integer k 0 such that mod k is a M=R positive even number. Note that mod k 6= 0, and so we get M=R [a (t + k S)] mod 2 = 0 6= = [b (t + k S)] mod 2 : This implies that [a] mod 2 6= [b] mod 2. Lemma 23 Let a and b be two positive integers with gcd (a; b) =. Then for any two nonnegative integers t and t 2, there exist two integers k and k 2 such that t + k a = t 2 + k 2 b. Proof. Since gcd (a; b) =, by the extended Euclidean algorithm there exist two integers u and v satisfying u a + v b =. Then we get (t 2 t ) u a + (t 2 t ) v b = t 2 t, i.e., t +(t 2 t )ua = t 2 +(t t 2 )v b, and so the lemma follows by setting k = (t 2 t )u and k 2 = (t t 2 ) v. Lemma 24 Let f(x) be a primitive polynomial over Z=(M), and let d > be a divisor of M, and let s be a given element in Z= (M). If for any sequence z 2 G 0 (f(x); M), the element s occurs in z, then for any sequence m 2 G 0 (f(x); d), the element [s] mod d occurs in m. Proof. Since m can be lifted to be a sequence z in G 0 (f(x); M) such that m = [z] mod d, it is easy to see that the lemma holds. With the above preparations, now we are ready to prove Theorem 20. Proof of Theorem 20. Since the necessary condition is trivial, in the following, we only prove the su cient condition.

23 23 If a; b 2 G 0 (f(x); M) and [a] mod 2 = [b] mod 2, then Lemma 2 (Note that f (x) here is a typical primitive polynomial over Z= (M) since (M; n) is a distinguishable pair) implies that there is a divisor R > of M such that [a] mod R = [b] mod R but [a] mod q 6= [b] mod q for any prime divisor q of M=R. Hence it su ces to show that R = M. Suppose R < M. Let us denote Q = M=R. Note that M is a square-free odd integer, and so R and Q are square-free odd integers and gcd(r; Q) =. Since [a] mod R = [b] mod R, by the Chinese Remainder Theorem, a and b can be written as a = [Q m + R m 2 ] mod M and b = [Q m + R m 3 ] mod M, (28) where m 2 G 0 (f(x); R) and m 2 ; m 3 2 G 0 (f(x); Q): Since [a] mod q 6= [b] mod q for any prime divisor q of Q and a b R (m 2 m 3 ) mod M, it follows that [m 2 ] mod q 6= [m 3 ] mod q for any prime divisor q of Q, which implies that [m 2 m 3 ] mod Q 2 G 0 (f(x); Q). Firstly, since m 2 G 0 (f(x); R) and [m 2 m 3 ] mod Q 2 G 0 (f(x); Q), it follows from the condition (2) of Theorem 20 and Lemma 24 that there exist two positive integers t and t 2 such that m (t ) = 0 (29) and [m 2 (t 2 ) m 3 (t 2 )] mod Q = or Q. (30) Secondly, suppose R = r r 2 r u and Q = q q 2 q v are the canonical factorizations of R and Q, respectively. Set r n R = lcm r ; : : : ; rn u r u and T Q = lcm (q n ; : : : ; q n v ).

24 24 Since (M; n) is a distinguishable pair, it follows that p n gcd i p i ; pn j = for any pair of distinct prime divisors p i and p j of M. In particular, we have r n gcd i r i ; qn j = for all i u and all j v, and so we get gcd ( R ; T Q ) =. that Thirdly, since gcd ( R ; T Q ) =, by Lemma 23 there exist two integers k and k 2 such t + k R = t 2 + k 2 T Q : Set t = t + k R = t 2 + k 2 T Q. (3) Note that f (x) is also a typical primitive polynomial of degree n over Z=(R), and so by (2) of Lemma, there exists a primitive element R of Z=(R) such that x R R mod f (x) holds over Z=(R). Applying x R R mod f (x) to m we can get h i m (t + k R ) = m (t ) ( R ) k = 0. (32) Since T Q is the period of m 2 and m 3, we have mod R m 2 (t 2 + k 2 T Q ) = m 2 (t 2 ) and m 3 (t 2 + k 2 T Q ) = m 3 (t 2 ). (33) Then (28), (3), (32) and (33) yield a (t ) = [Q m (t ) + R m 2 (t )] mod M and = [Q m (t + k R ) + R m 2 (t 2 + k 2 T Q )] mod M = R m 2 (t 2 ) (34) b (t ) = [Q m (t ) + R m 3 (t )] mod M = [Q m (t + k R ) + R m 3 (t 2 + k 2 T Q )] mod M = R m 3 (t 2 ). (35)

25 25 Finally, if [m 2 (t 2 ) 8 < : m 3 (t 2 )] mod Q =, then we get 0 < m 2 (t 2 ) = w < Q m 3 (t 2 ) = w or 8 < : m 2 (t 2 ) = 0 m 3 (t 2 ) = Q. If 8 < 0 < m 2 (t 2 ) = w < Q, : m 3 (t 2 ) = w, then (34) and (35) together with the fact that R is an odd integer give [a (t )] mod 2 = [R w] mod 2 = [w] mod 2 6= [w ] mod 2 = [R (w )] mod 2 = [b (t )] mod 2, a contradiction to the assumption that [a] mod 2 = [b] mod 2. If 8 < m 2 (t 2 ) = 0, : m 3 (t 2 ) = Q, then (34) and (35) yield a (t ) = 0 and b (t ) = M R. By Lemma 22 we get [a] mod 2 6= [b] mod 2, a contradiction. Similarly, we can show [a] mod 2 6= [b] mod 2 if [m 2 (t 2 ) m 3 (t 2 )] mod Q = Q. Therefore, we have that R = M. This completes the proof. The following Corollary 25 immediately follows from Theorem and Theorem 20. Corollary 25 Let f(x) be a typical primitive polynomial of degree n = 2k + over Z=(M) with k. If () Conjecture 6 is true; and (2) P r i= p i > P r P p n i k=2 i <<i k r (3) (M; n) is a distinguishable pair, Q k j=(p ij )p n=2 i j lcm p n i ;p n i ;:::;p n 2 i k then for a; b 2 G 0 (f(x); M), a = b if and only if [a] mod 2 = [b] mod 2. ; and

26 26 Remark 26 Experiment shows that there are about 6:48% of (M; n) s satisfying conditions (2) and (3) of Corollary 25 when M runs through all possible values between and 0; 000; 000 and n runs through all odd integers between 3 and 9. Note that Conjecture 6 naturally holds for the case of prime numbers, and so we can immediately get the following Corollary 27 by replacing the condition () of Corollary 25 with the estimate of Theorem 5. Corollary 27 Let f(x) be a typical primitive polynomial of degree n = 2k + over Z=(M) with k. If () Q+ P d 3=2 4 (d) djq d> (2) P r i= ln d + 5 for every nonprime divisor Q of M; and p i > P r P p n i k=2 i <<i k r (3) (M; n) is a distinguishable pair, Q k j=(p ij )p n=2 i j lcm p n i ;p n i ;:::;p n 2 i k then for a; b 2 G 0 (f(x); M), a = b if and only if [a] mod 2 = [b] mod 2. ; and Remark 28 Experiment shows that there are about 38:403% of (M; n) s satisfying the conditions of Corollary 27 when M runs through all possible values between and 0; 000; 000 and n runs through all odd integers between 3 and 9. 5 Conclusion Let m be an integer greater than. This paper studies the distinctness problem of primitive sequences over Z= (m) modulo 2. For the case of m = p e, a prime power, the problem was completely solved in [9]. For the case of m = pq, a product of two distinct prime numbers, [2] rst gave a partial answers, and then [8] almost completely solved it with the help of convincing experimental data. Consequently, the aim of this paper is trying to tackle

27 27 any square-free modulus and a class of primitive sequences of order 2k + is proved to be distinct modulo 2. It is not surprising to nd that as the number of prime factors of the modulus m increases, the problem becomes more and more resistant to be solved. Thus to improve the results of this paper and to completely solve this problem for general modulus will rely on more profound results in number theory. Appendix A: Proof of Theorem 3 As a preparation, we rst introduce a result of Bugeaud, Corvaja and Zannier [24]. Lemma 29 ([24, Theorem ]) If a 0, there exists an integer N " such that gcd (a n ; b n ) < a n" for all integers n > N ". Proof of Theorem 3. Since the left-hand side of (2) is equal to as n!, it su ces to show that the right-hand side of (2) is equal to 0 as n!, i.e., lim n! r k=2 i < 0. For any i < j r, it follows from Lemma 29 that there exists an integer N (i;j) " such that gcd p n i ; p n j N (i;j) ". Set ln pi N " = maxf N " (i;j) j i < j rg, ln p where dae denotes the smallest integer greater than or equal to a. Then it is clear that gcd p n i ; p n j N " : (37)

28 28 Let 2 k r and i < N ", then lcm p n i ; p n i 2 ; : : : ; p n i k Q k j= (pn i j ) Q j<sk gcd(pn i j ; p n i s ) p k2 n"=2 Y k j= (pn i j ) p r2 n"=2 Y k j= (pn i j ): Consequently, we have Q k j= (p i j )p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k pr2 n"=2 Y k p for j k, and so (38) yields Q k j= (p i j )p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k < n"=2 pr2 M p nk=2 p r2 n"=2 M p n = M p n 2 (2 r2 "). Hence it can be seen that r k=2 i <<i k r Q k j= (p i j )p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k < 2r M p n 2 (2 r2 "). Then choosing " < r 2, we get Q r k j= 0 (p i j )p n=2 i j lcm p n i ; p n i 2 ; : : : ; p n i k < 2r M p n=2. (39) k=2 i <<i k r Since r, M and p are all xed integers with p 3, then 2 r M p n=2 is equal to 0 as n!, and so (36) follows from (39). Appendix B: Proof of Theorem 9 Lemma 30 ([26, Theorem 2]) Let N + be the set of all positive integers. There is a subset S of N + with asymptotic density such that, for m 2 S, (m) = m= (ln m) ln ln ln m+a+o((ln ln ln m) +"),

29 29 where A = 0: : : : and " > 0 is xed but arbitrarily small. Let I be the set of all square-free odd integers. Note that the asymptotic density of I in N + is 4 2 Corollary 3. 6= 0 (see [27, Theorem ]), and so by Lemma 30 we can easily get the following Corollary 3 Let I be the set of all square-free odd integers. There is a subset S of I with asymptotic density such that, for m 2 S, (m) = m= (ln m) ln ln ln m+a+o((ln ln ln m) +"), where A = 0: : : : and " > 0 is xed but arbitrarily small. As usual, for an integer m we denote by (m) the number of distinct positive integer divisors of m. We will make use of the following estimate of (m) : ln m ln (m) = O ; (40) ln ln(m + 2) see [28, Theorem 5.2]. With the above preparations, we now can prove Theorem 9. Proof of Theorem 9. By Theorem 5, it su ces to prove that there is a subset S of I with asymptotic density such that the inequality holds for m 2 S. m + 4 djm d> d 3=2 (d) ln d + 5 Let m be a square-free odd integer and d > a divisor of m. Note that (m) = lcm( (m=d) ; (d)) (m=d) (d) ; (4) and (m=d) < m=d (m=d) 3=2 ;

30 30 and so Applying (42) to the right-hand side of (4) we get d 3=2 ln d (d) + 5 djm d> d 3=2 (d) m3=2 (m). (42) djm d> m 3=2 (m) < (m) m3=2 (m) ln m + 5 ln m + 5 < C (m) m3=2 ln m, (m) where C is some absolute constant. Hence the inequality (4) holds if It follows from Corollary 3 that there is a subset S 0 that for m 2 S 0, m 4 m3=2 C (m) ln m. (43) (m) of I with asymptotic density such (m) = m= (ln m) ln ln ln m+a+o((ln ln ln m) +"), (44) where A = 0: : : : and " > 0 is xed but arbitrarily small. Note that (m) = O m = ln ln(m+2), and so the right-hand side of (43) is O m 2 + ln ln(m+2) (ln m) ln ln ln m++a+o((ln ln ln m) +" ). (45) It can be seen that (45) is m =2+o() as m!. Therefore there exists an integer N such that the inequality (43) holds for m 2 S 0 and m N. Set S = fm 2 S 0 j m Ng. Then S is also a subset of I with asymptotic density and the inequality (4) holds for m 2 S. This completes the proof. References [] M. Ward, The arithmetical theory of linear recurring series, Trans. Amer. Math. Soc., vol. 35, pp , 933.

31 3 [2] M. Q. Huang, Analysis and cryptologic evaluation of primitive sequences over an integer residue ring, Ph.D. dissertation, Graduate School of USTC, Academia Sinica, Beijing, China, 988. [3] M. Q. Huang and Z. D. Dai, Projective maps of linear recurring sequences with maximal p-adic periods, Fibonacci Quart., vol. 30, pp , 992. [4] Z. D. Dai, T. Beth and D. Gollman, Lower bounds for the linear complexity of sequences over residue ring, in Advances in Cryptology EUROCRYPT 90, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 99, vol. 473, pp [5] Z. D. Dai, Binary sequences derived from ML-sequences over rings I: periods and minimal polynomials, J. Crypt., vol. 5, pp , 992. [6] A. S. Kuzmin and A. A. Nechaev, Linear recurring sequences over Galois ring, Russian Math. Surv., vol. 48, pp. 7-72, 993. [7] A. S. Kuzmin, G. B. Marshalko and A. A. Nechaev, Reconstruction of a linear recurrence over a primary residue ring, Memoires in Discr. Math., vol. 2, pp , (in Russian) [8] D. N. Bylkov and A. A. Nechaev, An algorithm to restore a linear recurring sequence over the ring R = Z p n from a linear complication of its highest coordinate sequence, Discr. Math. Appl., vol. 20, no. 5-6, pp , 200. [9] A. S. Kuzmin, Lower estimates for the ranks of coordinate sequences of linear recurrent sequences over primary residue rings of integers, Russian Math. Surv., vol. 48, pp , 993. [0] W. F. Qi, J. H. Yang and J. J. Zhou, ML-sequences over rings Z=(2 e ), in Advances in Cryptology ASIACRYPT 98, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 998, vol. 54, pp

32 32 [] W. F. Qi and. Y. Zhu, Compressing mappings on primitive sequences over Z=(2 e ) and its Galois extension, Finite Fields Appl., vol. 8, pp , [2]. Y. Zhu and W. F. Qi, Compression mappings on primitive sequences over Z=(p e ), IEEE Trans. Inf. Theory, vol. 50, pp , [3]. Y. Zhu and W. F. Qi, Further result of compressing maps on primitive sequences modulo odd prime powers, IEEE Trans. Inf. Theory, vol. 53, pp , [4]. Y. Zhu and W. F. Qi, Uniqueness of the distribution of zeroes of primitive level sequences over Z=(p e ), Finite Fields Appl., vol., pp , [5]. Y. Zhu and W. F. Qi, Uniqueness of the distribution of zeroes of primitive level sequences over Z=(p e ) (II), Finite Fields Appl., vol. 3, pp , [6] T. Tian and W. F. Qi, Injectivity of compressing maps on primitive sequences over Z=(p e ), IEEE Trans. Inf. Theory, vol. 53, pp , [7] Q.. Zheng and W. F. Qi, Distribution properties of compressing sequences derived from primitive sequences over Z=(p e ), IEEE Trans. Inf. Theory, vol. 56, pp , 200. [8] Q.. Zheng and W. F. Qi, A new result on the distinctness of primitive sequences over Z=(pq) modulo 2, Finite Fields Appl., vol. 7, pp , 20. [9]. Y. Zhu and W. F. Qi, On the distinctness of modular reductions of maximal length sequences modulo odd prime powers, Math. Comp., vol. 77, pp , [20] A. Klapper and M. Goresky, 2-Adic shift registers, in Fast Software Encryption, Lecture Notes in Computer Science. Berlin, Germany: Springer-Verlag, 993, vol. 809, pp [2] H. J. Chen and W. F. Qi, On the distinctness of maximal length sequences over Z=(pq) modulo 2, Finite Fields Appl., vol. 5, pp , 2009.

33 33 [22] T. Tian and W. F. Qi, Typical primitive polynomials over integer residue rings, Finite Fields Appl., vol. 5, pp , [23] R. Lidl and H. Niederreiter, Finite Fields. Cambridge, U.K.: Cambridge Univ. Press, 983. [24] Y. Bugeaud, P. Corvaja and U. Zannier, An upper bound for the G.C.D. of a n and b n, Math. Z., vol. 243, pp , [25] R. D. Carmichael, On composite numbers p which satisfy the Fermat congruence a p mod p, Amer. Math. Monthly, vol. 9, pp , 92. [26] P. Erd½os, C. Pomerance and E. Schmutz, Carmichael s lambda function, Acta Arith., vol. 58, pp , 99. [27] G. J. O. Jameson, Even and odd square-free numbers, Math. Gazette, vol. 94, pp , 200. [28] K. Prachar, Primzahlverteilung. Springer-Verlag, Berlin, 957.

THE DENOMINATORS OF POWER SUMS OF ARITHMETIC PROGRESSIONS. Bernd C. Kellner Göppert Weg 5, Göttingen, Germany

#A95 INTEGERS 18 (2018) THE DENOMINATORS OF POWER SUMS OF ARITHMETIC PROGRESSIONS Bernd C. Kellner Göppert Weg 5, 37077 Göttingen, Germany b@bernoulli.org Jonathan Sondow 209 West 97th Street, New Yor,