Randomness and Complexity of Sequences over Finite Fields. Harald Niederreiter, FAMS. RICAM Linz and University of Salzburg (Austria)

Similar documents
Pseudorandom Sequences I: Linear Complexity and Related Measures

Improved Discrepancy Bounds for Hybrid Sequences. Harald Niederreiter. RICAM Linz and University of Salzburg

Existence of a Limit on a Dense Set, and. Construction of Continuous Functions on Special Sets

3.9 Derivatives of Exponential and Logarithmic Functions

Introduction to Modern Cryptography Recitation 3. Orit Moskovich Tel Aviv University November 16, 2016

Pseudo-Random Numbers Generators. Anne GILLE-GENEST. March 1, Premia Introduction Definitions Good generators...

polynomial function polynomial function of degree n leading coefficient leading-term test quartic function turning point

Pseudorandom Sequences II: Exponential Sums and Uniform Distribution

PUTNAM PROBLEMS SEQUENCES, SERIES AND RECURRENCES. Notes

f(x n ) [0,1[ s f(x) dx.

CPSC 467: Cryptography and Computer Security

CSCE 564, Fall 2001 Notes 6 Page 1 13 Random Numbers The great metaphysical truth in the generation of random numbers is this: If you want a function

4.3 General attacks on LFSR based stream ciphers

Pseudo-Random Number Generators

Pseudorandom Generators

RON M. ROTH * GADIEL SEROUSSI **

Kolmogorov Complexity and Diophantine Approximation

PREDICTING MASKED LINEAR PSEUDORANDOM NUMBER GENERATORS OVER FINITE FIELDS

Elliptic Curves Spring 2013 Lecture #4 02/14/2013

On the Linear Complexity of Legendre-Sidelnikov Sequences

Defining the Integral

Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences

MATH 564/STAT 555 Applied Stochastic Processes Homework 2, September 18, 2015 Due September 30, 2015

Error Correcting Codes Questions Pool

Section 4.1 Polynomial Functions and Models. Copyright 2013 Pearson Education, Inc. All rights reserved

An algorithm for computing minimal bidirectional linear recurrence relations

Computing coefficients of modular forms

Power, Taylor, & Maclaurin Series Page 1

Standard forms for writing numbers

Advanced topic: Space complexity

CSCI 2200 Foundations of Computer Science Spring 2018 Quiz 3 (May 2, 2018) SOLUTIONS

Correspondence Principles for Effective Dimensions

Estimates for probabilities of independent events and infinite series

Background: Lattices and the Learning-with-Errors problem

The Derivative of a Function Measuring Rates of Change of a function. Secant line. f(x) f(x 0 ) Average rate of change of with respect to over,

Lecture 3: Randomness in Computation

Stephen Cohen, University of Glasgow Methods for primitive and normal polynomials

Algebra for error control codes

arxiv: v1 [math.co] 8 Feb 2013

QUARTIC POWER SERIES IN F 3 ((T 1 )) WITH BOUNDED PARTIAL QUOTIENTS. Alain Lasjaunias

Cullen Numbers in Binary Recurrent Sequences

McGill University Math 354: Honors Analysis 3

CDM. (Pseudo-) Randomness. Klaus Sutner Carnegie Mellon University Fall 2004

Counting Functions for the k-error Linear Complexity of 2 n -Periodic Binary Sequences

R ij = 2. Using all of these facts together, you can solve problem number 9.

MATH 117 LECTURE NOTES

A Short Overview of Orthogonal Arrays

On The Nonlinearity of Maximum-length NFSR Feedbacks

Exam in Discrete Mathematics

UNIT-II Z-TRANSFORM. This expression is also called a one sided z-transform. This non causal sequence produces positive powers of z in X (z).

Kolmogorov-Loveland Randomness and Stochasticity

Degrees of Streams. Jörg Endrullis Dimitri Hendriks Jan Willem Klop. Streams Seminar Nijmegen, 20th April Vrije Universiteit Amsterdam

5.1 Polynomial Functions

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Characterizing planar polynomial vector fields with an elementary first integral

CMSC Discrete Mathematics FINAL EXAM Tuesday, December 5, 2017, 10:30-12:30

Module 11 Lesson 3. Polynomial Functions Quiz. Some questions are doubled up if a pool wants to be set up to randomize the questions.

Design of Pseudo-Random Spreading Sequences for CDMA Systems

Cover Page. The handle holds various files of this Leiden University dissertation.

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Modified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences

Uniform distribution mod 1, results and open problems

Computer Sciences Department

Kolmogorov structure functions for automatic complexity

PSEUDORANDOM BINARY SEQUENCES GENERATOR

Introduction to Machine Learning

Math 120. Groups and Rings Midterm Exam (November 8, 2017) 2 Hours

ON EXPLICIT FORMULAE AND LINEAR RECURRENT SEQUENCES. 1. Introduction

Notes on uniform convergence

Uniformly distributed sequences of partitions

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

Math 180, Exam 2, Practice Fall 2009 Problem 1 Solution. f(x) = arcsin(2x + 1) = sin 1 (3x + 1), lnx

Counting Prime Numbers with Short Binary Signed Representation

2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3

On the N th linear complexity of p-automatic sequences over F p

NON-LINEAR COMPLEXITY OF THE NAOR REINGOLD PSEUDO-RANDOM FUNCTION

Finish K-Complexity, Start Time Complexity

CRC Press has granted the following specific permissions for the electronic version of this book:

A NOTE ON NORMAL NUMBERS IN MATRIX NUMBER SYSTEMS

Computational Complexity

CS 6260 Some number theory

Solutions Manual for Homework Sets Math 401. Dr Vignon S. Oussa

EASY PUTNAM PROBLEMS

Tropical Polynomials

Berlekamp-Massey decoding of RS code

Chaitin Ω Numbers and Halting Problems

Elliptic Nets and Points on Elliptic Curves

On the computation of the linear complexity and the k-error linear complexity of binary sequences with period a power of two

arxiv: v1 [math.co] 22 May 2014

Show that the following problems are NP-complete

Section 3.1: Characteristics of Polynomial Functions

Least Period of Linear Recurring Sequences over a Finite Field

A parametric family of quartic Thue equations

Analysis II: Basic knowledge of real analysis: Part IV, Series

Section 0.2 & 0.3 Worksheet. Types of Functions

Finite fields, randomness and complexity. Swastik Kopparty Rutgers University

8.5 Taylor Polynomials and Taylor Series

Question 1. Find the coordinates of the y-intercept for. f) None of the above. Question 2. Find the slope of the line:

Transcription:

Randomness and Complexity of Sequences over Finite Fields Harald Niederreiter, FAMS RICAM Linz and University of Salzburg (Austria)

Introduction A hierarchy of complexities Complexity and random sequences -distribution Complexity and -distribution Expansion complexity

Introduction Sequences of random (or pseudorandom) elements are needed for various applications (cryptography, simulation methods, probabilistic algorithms,...). To assess randomness, we can use complexity-theoretic properties and statistical properties of sequences. We focus on sequences over a finite field F q with q an arbitrary prime power.

A hierarchy of complexities We first consider finite sequences. Let S N be a finite sequence over F q of length N. Def. 1. The linear complexity L(S N ) of S N is the least order of a linear recurrence relation over F q that generates S N (with L(S N ) = 0 if S N is the zero sequence). Equivalently, L(S N ) is the length of the shortest linear feedback shift register (FSR) that generates S N.

Def. 2. The quadratic complexity Q(S N ) of S N is the length of the shortest FSR with feedback function of degree 2 that generates S N. We always have 0 Q(S N ) L(S N ) N. Similarly, we can define the cubic complexity, quartic complexity,... At the end of this chain of complexities is the following one.

Def. 3 (Jansen, 1989). The maximum order complexity M(S N ) of S N is the length of the shortest (arbitrary) FSR that generates S N. M(S N ) is a lower bound for all polynomial complexities. M(S N ) can be computed by Blumer s algorithm in graph theory, by reformulating the problem of computing M(S N ) as a problem for directed acyclic graphs. Recall that L(S N ) can be efficiently computed by the Berlekamp-Massey algorithm.

In a different vein, we have the Kolmogorov complexity which is important in theoretical computer science. Def. 4 (Kolmogorov, 1965). The Kolmogorov complexity K(S N ) of S N is the length of the shortest Turing machine program (in an alphabet of size q, say) that generates S N. We always have K(S N ) N +c with an absolute constant c (just list the terms of S N ). Actually, most results hold for the more refined self-delimiting Kolmogorov complexity. These two Kolmogorov complexities differ at most by an additive term of logarithmic order.

For an infinite sequence S over F q we define complexity profiles. Let S N denote the finite sequence consisting of the first N terms of S. Write L N (S) = L(S N ), etc. Def. 5. The sequence L 1 (S), L 2 (S),... is called the linear complexity profile of S. Similarly for the other complexities. Each complexity profile is a nondecreasing sequence of nonnegative integers.

Complexity and random sequences Let F q denote the sequence space over F q and let µ q be the natural probability measure on F q, i.e., the complete product measure of the uniform probability measure on F q (the latter measure assigns measure q 1 to each element of F q ). We say that a property of sequences S over F q is satisfied µ q -almost everywhere if the property holds for all S R F q with µ q (R) = 1. Such properties can be viewed as typical properties of random sequences.

The behavior of the linear complexity profile of random sequences is well understood. Theorem 1 (H.N., 1988). We have µ q -almost everywhere lim N L N (S) N = 1 2. (1) More precisely, we have µ q -almost everywhere lim sup N L N (S) N/2 log q N = 1 2.

Problem 1. Determine the behavior of the quadratic (cubic,...) complexity profile of random sequences. Theorem 2 (Jansen, 1989). For the expected value of the maximum order complexity we have E(M N (S)) log q N = 2. lim N Problem 2. Determine whether lim N M N (S)/ log q N exists for random sequences, i.e., µ q -almost everywhere.

Theorem 3 (Martin-Löf, 1966). For every ε > 0 we have µ q -almost everywhere K N (S) N log q N (1 + ε) log q log N for all sufficiently large N. Moreover, for every sequence S there are infinitely many N for which K N (S) N log q N.

-distribution This concept was popularized by the book of Knuth, The Art of Computer Programming, Vol. binary case. Let S be the sequence s 1, s 2,... over F q. k 1 and n 1, write s (k) n = (s n, s n+1,..., s n+k 1 ) F k q. 2, at least in the For integers For an integer N 1 and a given block b = (b 0, b 1,..., b k 1 ) F k q, let A(b, S; N) = #{1 n N : s (k) n = b}.

Def. 6. For an integer k 1, the sequence S over F q is k-distributed in F q if A(b, S; N) lim = 1 N N q k for all b F k q. The sequence S over F q is -distributed (or completely uniformly distributed) in F q if it is k-distributed in F q for all k 1. Theorem 4. Sequences over F q are -distributed in F q µ q -almost everywhere.

Complexity and -distribution -distribution is clearly a statistical randomness property. Does this property imply, or is it implied by, complexitytheoretic randomness properties? Theorem 5 (Martin-Löf, 1971). If K N (S) N c for some constant c and infinitely many N, then S is - distributed. Thus, Kolmogorov complexity is a sufficiently strong concept to yield -distribution.

How about linear complexity? Does the limit relation (1) imply -distribution? Answer: no. Theorem 6 (H.N., 2012). We can construct a sequence S over F q which satisfies (1), but is not 1-distributed in F q. Proof. Consider the sequence S whose generating function (in the variable x 1 ) is the power series σ F q [[x 1 ]] with continued fraction expansion σ = 1/(x + 1/(x + )), where all partial quotients are equal to x.

Problem 3. If M N (S) 2 log q N, check whether this implies that S is -distributed. For Theorem 6 there is also a result in the opposite direction. Theorem 7 (H.N., 2012). We can construct a sequence S over F q which is -distributed, but for which L N (S) = O((log N) 2 ).

Problem 4. If S is -distributed, then it is trivial that lim L N(S) =. N Determine the minimal growth rate of L N (S) as N. Presumably it is smaller than (log N) 2 in Theorem 7.

Expansion complexity Let S be the sequence s 1, s 2,... over F q. Let its generating function be γ(x) = s i x i 1 F q [[x]]. i=1 Def. 7 (Diem, preprint 2011). The expansion complexity E N (S) is the least degree of a nonzero polynomial h(x, y) F q [x, y] with h(x, γ) 0 mod x N. Remark. If s i = 0 for 1 i N, define E N (S) = 0. Then 0 E N (S) N for any sequence S.

We can also introduce the expansion complexity profile E 1 (S), E 2 (S),... of S. Problem 5. Determine the relationship between the maximum order complexity M N (S) and the expansion complexity E N (S). Problem 6. Determine the behavior of the expansion complexity profile of random sequences. A partial result is that µ q -almost everywhere E N (S) grows at least at the rate N 1/2.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback