Characterization of 2 n -Periodic Binary Sequences with Fixed 2-error or 3-error Linear Complexity

Similar documents
Counting Functions for the k-error Linear Complexity of 2 n -Periodic Binary Sequences

2 n -Periodic Binary Sequences with Fixed k-error Linear Complexity for k = 2 or 3

Counting Functions for the k-error Linear Complexity of 2 n -Periodic Binary Sequences

On the k-error linear complexity for p n -periodic binary sequences via hypercube theory

4.3 General attacks on LFSR based stream ciphers

Design of Pseudo-Random Spreading Sequences for CDMA Systems

Lecture 10-11: General attacks on LFSR based stream ciphers

An algorithm for computing minimal bidirectional linear recurrence relations

Mathematics Course 111: Algebra I Part I: Algebraic Structures, Sets and Permutations

Berlekamp-Massey decoding of RS code

Algebra Review 2. 1 Fields. A field is an extension of the concept of a group.

Part V. Chapter 19. Congruence of integers

Moreover this binary operation satisfies the following properties

Pseudorandom Sequences I: Linear Complexity and Related Measures

Chapter 6 Reed-Solomon Codes. 6.1 Finite Field Algebra 6.2 Reed-Solomon Codes 6.3 Syndrome Based Decoding 6.4 Curve-Fitting Based Decoding

ANALYSIS OF SECURITY MEASURES FOR SEQUENCES

Course 311: Michaelmas Term 2005 Part III: Topics in Commutative Algebra

Analysis of Modern Stream Ciphers

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

ECEN 604: Channel Coding for Communications

Combinatorics of p-ary Bent Functions

Week 15-16: Combinatorial Design

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

On the Linear Complexity of Feedback Registers

Graphs with few total dominating sets

Math 5707: Graph Theory, Spring 2017 Midterm 3

Stream Ciphers: Cryptanalytic Techniques

EE 229B ERROR CONTROL CODING Spring 2005

Reverse Berlekamp-Massey Decoding

Correcting Codes in Cryptography

Cryptographic D-morphic Analysis and Fast Implementations of Composited De Bruijn Sequences

Algebraic Feedback Shift Registers Based on Function Fields

0 Sets and Induction. Sets

COUNTING NUMERICAL SEMIGROUPS BY GENUS AND SOME CASES OF A QUESTION OF WILF

The cocycle lattice of binary matroids

Cyclic codes: overview

A Questionable Distance-Regular Graph

3. Coding theory 3.1. Basic concepts

Some Results Concerning Uniqueness of Triangle Sequences

2-7 Solving Quadratic Inequalities. ax 2 + bx + c > 0 (a 0)

Course 212: Academic Year Section 1: Metric Spaces

Introduction to finite fields

Irredundant Families of Subcubes

On the number of cycles in a graph with restricted cycle lengths

Largest Values of the Stern Sequence, Alternating Binary Expansions and Continuants

The primitive root theorem

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

A Linear Round Lower Bound for Lovasz-Schrijver SDP Relaxations of Vertex Cover

First-Return Integrals

The Adjacency Graphs of Linear Feedback Shift Registers with Primitive-like Characteristic Polynomials

Lecture 2 Linear Codes

DEPTH OF FACTORS OF SQUARE FREE MONOMIAL IDEALS

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Statistical Properties of the Arithmetic Correlation of Sequences. Mark Goresky School of Mathematics Institute for Advanced Study

ADVANCED CALCULUS - MTH433 LECTURE 4 - FINITE AND INFINITE SETS

Improvements to Correlation Attacks Against Stream. Ciphers with Nonlinear Combiners. Brian Stottler Elizabethtown College

Antipodal Gray Codes

Scalar multiplication in compressed coordinates in the trace-zero subgroup

Rings If R is a commutative ring, a zero divisor is a nonzero element x such that xy = 0 for some nonzero element y R.

Boolean Inner-Product Spaces and Boolean Matrices

5 Set Operations, Functions, and Counting

Perfect Two-Fault Tolerant Search with Minimum Adaptiveness 1

Factorization in Integral Domains II

DISTINGUISHING PARTITIONS AND ASYMMETRIC UNIFORM HYPERGRAPHS

POSITIVE DEFINITE n-regular QUADRATIC FORMS

UNPREDICTABLE BINARY STRINGS

Solutions to the 74th William Lowell Putnam Mathematical Competition Saturday, December 7, 2013

On The Nonlinearity of Maximum-length NFSR Feedbacks

Partial cubes: structures, characterizations, and constructions

REPRESENTATIONS FOR A SPECIAL SEQUENCE

Shortest paths with negative lengths

NONABELIAN GROUPS WITH PERFECT ORDER SUBSETS

4 Linear Recurrence Relations & the Fibonacci Sequence

Chapter 1 Vector Spaces

On the Average Complexity of Brzozowski s Algorithm for Deterministic Automata with a Small Number of Final States

A Z q -Fan theorem. 1 Introduction. Frédéric Meunier December 11, 2006

Equivalence constants for certain matrix norms II

ELEMENTARY LINEAR ALGEBRA

EE512: Error Control Coding

Finite Fields: An introduction through exercises Jonathan Buss Spring 2014

Sequences, DFT and Resistance against Fast Algebraic Attacks

A PASCAL-LIKE BOUND FOR THE NUMBER OF NECKLACES WITH FIXED DENSITY

4. What is the probability that the two values differ by 4 or more in absolute value? There are only six

Periodicity and Distribution Properties of Combined FCSR Sequences

Notes 10: List Decoding Reed-Solomon Codes and Concatenated codes

An Algebraic Interpretation of the Multiplicity Sequence of an Algebraic Branch

1 Topology Definition of a topology Basis (Base) of a topology The subspace topology & the product topology on X Y 3

On a Balanced Property of Compositions

x 9 or x > 10 Name: Class: Date: 1 How many natural numbers are between 1.5 and 4.5 on the number line?

2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!

g(x) = 1 1 x = 1 + x + x2 + x 3 + is not a polynomial, since it doesn t have finite degree. g(x) is an example of a power series.

Modified Berlekamp-Massey algorithm for approximating the k-error linear complexity of binary sequences

The natural numbers. Definition. Let X be any inductive set. We define the set of natural numbers as N = C(X).

Discrete Applied Mathematics

Elementary 2-Group Character Codes. Abstract. In this correspondence we describe a class of codes over GF (q),

PolynomialExponential Equations in Two Variables

A Solution to the Checkerboard Problem

Measures and Measure Spaces

arxiv: v1 [math.co] 3 Nov 2014

FIBONACCI NUMBERS AND DECIMATION OF BINARY SEQUENCES

Transcription:

Characterization of n -Periodic Binary Sequences with Fixed -error or 3-error Linear Complexity Ramakanth Kavuluru Department of Computer Science, University of Kentucky, Lexington, KY 40506, USA. Abstract The linear complexity of sequences is an important measure of the cryptographic strength of key streams used in stream ciphers. The instability of linear complexity caused by changing a few symbols of sequences can be measured using k-error linear complexity. In their SETA 006 paper, Fu, Niederreiter, and Su [3] studied linear complexity and 1-error linear complexity of n -periodic binary sequences to characterize such sequences with fixed 1-error linear complexity. In this paper we study the linear complexity and the k-error linear complexity of n -periodic binary sequences in a more general setting using a combination of algebraic, combinatorial, and algorithmic methods. This approach allows us to characterize n -periodic binary sequences with fixed -error or 3-error linear complexity. Using this characterization we obtain the counting function for the number of n -periodic binary sequences with fixed k-error linear complexity for k = and 3. Using the characterization we also show that there many n -periodic binary sequences with high linear complexity and high -error or 3-error linear complexity. 1 Introduction The linear complexity of a sequence is the length of the shortest linear feedback shift register (LFSR that can generate the sequence. The LFSR that generates a given sequence can be determined using the Berlekamp-Massey [6] algorithm using only the first L elements of the sequence, where L is the linear complexity of the sequence. Hence for cryptographic purposes sequences with high linear complexity are essential as an adversary would then need large initial segments of the sequences to recover the LFSRs that generate them using the Berlekamp-Massey algorithm. A portion of this paper has appeared in the proceedings of the 5th international conference on Sequences and their Applications (SETA 008.This material is based upon work supported by the National Science Foundation under Grant No. CCF-0514660. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author and do not necessarily reflect the views of the National Science Foundation. 1

A system is insecure if all but a few symbols of the key stream can be extracted. Hence for a cryptographically strong sequence, the linear complexity should not decrease drastically if a few symbols are changed. If it did, an attacker could modify the known prefix of the key stream and try to decrypt the result using the Berlekamp-Massey algorithm. If the resulting sequence differed from the actual key stream by only a few symbols, the attacker could extract most of the message. This observation gives rise to k-error linear complexity of sequences introduced in [13] based on the earlier concepts of sphere complexity and weight complexity, see []. The k-error linear complexity of a periodic sequence is the smallest linear complexity achieved by making k or fewer changes per period. Besides having large linear complexity, cryptographically strong sequences should, thus, also have large k-error linear complexity at least for small k. Let S = (s 0,,s T 1 be a periodic binary sequence with period T. We associate the polynomial S(x = s 0 + s 1 x + + s T 1 x T 1 and the corresponding T-tuple S (T = (s 0,,s T 1 to S. The relationship between the linear complexity, denoted L(S, of S and the associated polynomial S(x is given by L(S = T deg(gcd(x T 1,S(x, (1 see e.g. [1], Lemma 8..1. Let w H (S denote the Hamming weight of the T-tuple S (T. For 0 k T, the k-error linear complexity of S, denoted L k (S, is given by L k (S = min E L(S + E, where the minimum is taken over all T-periodic binary sequences E with w H (E k. Since we consider only n -periodic sequences, we use T = n and the observation x T 1 = x n 1 = (x 1 n ( for the rest of the paper. Let merr(s denote the minimum value k such that the k-error linear complexity of a n -periodic sequence S is strictly less than its linear complexity. That is merr(s = min{k : L k (S < L(S}. Kurosawa et al. [5] derived a formula for the exact value of merr(s. Lemma 1.1. For any nonzero n -periodic sequence S, we have merr(s = w H( n L(S, where w H (j, 0 j n 1, denotes the Hamming weight of the binary representation of j. The counting function of a sequence measure gives the number of sequences with a given measure value. Rueppel [1] determined the counting function of linear complexity for n - periodic binary sequences. Using equations (1 and ( it is straightforward to characterize the n -periodic sequences with fixed linear complexity.

Lemma 1. ([3]. Let N(L and A(L denote, respectively, the number of and the set of n -periodic binary sequences with given linear complexity L, 0 L n. Then N(0 = 1 and N(L = L 1 for 1 L n. (3 Also, A(0 = {(0, 0, } and A(L, where 1 L n, is equal to the set of n -periodic binary sequences S with the corresponding polynomials S(x = (1 x n L a(x, where a(x is a binary polynomial with deg(a(x L 1 and a(1 0. Counting functions and expected values for linear complexity and k-error linear complexity were extensively explored by Meidl and Niederreiter [8, 9, 10]. Using efficient algorithms to compute the linear complexity of p n -periodic sequences over F p, Meidl [7] obtained the counting function and the expected value for the 1-error linear complexity of n -periodic binary sequences. Meidl and Venkateswarlu [11] extended these results to p n -periodic sequences over F p. Recently, using algebraic and combinatorial methods Fu et al. [3] characterized n - periodic binary sequences with fixed 1-error linear complexity. They derived some properties of the set A(L that deal with changing two symbols per period at fixed positions in sequences in A(L and used them to obtain the characterization. For 0 L n and 1 k n, denote by A k (L the set of n -periodic binary sequences with given k-error linear complexity L and let N k (L = A k (L, the cardinality of A k (L. With this notation the characterization of A 1 (L by Fu et al. can be summarized as follows. Theorem 1.3 ([3]. Let E i, 0 i n 1, be the n -periodic binary sequence with a 1 at position i and 0 elsewhere in each period and 0 be the zero sequence. We have A(0 = {0,E 0,,E n 1} and N 1 (0 = n + 1. 1. If n n r < L < n n r 1 for some 0 r n, then A 1 (L = A(L ( n r 1 (A(L + E i and N 1 (L = ( n r + 1 L 1.. If L = n n r, r = 1,,,n, then A 1 (L = A(L and N 1 (L = L 1. For a n -periodic sequence S and t integers i 1,,i t such that 0 i j n 1, j = 1,,t, denote by S i1,,i t the n -periodic binary sequence with the corresponding polynomial S i1,,i t (x = S(x + x i 1 + + x it. The sequence S i1,,i t is said to be a formed by a t symbol change in S. In this paper we first study the effect of t symbol changes in n -periodic binary sequences for small t. Specifically, for various special cases of L we determine some t symbol changes of sequences in A(L that result in sequences in A(L for t =, 4, and 6. We also characterize 3 i=0

specific, 4, and 6 symbol changes of sequences in A(L that result in n -periodic binary sequences with linear complexity strictly less than L. We use these characterizations to construct disjoint decompositions of the sets A (L and A 3 (L of sequences with fixed - error or 3-error linear complexity L. Each set in the decompositions arises by changing all sequences in A(L in a fixed set of positions. Using the characterizations of A (L and A 3 (L we determine the expressions for N (L and N 3 (L. The rest of this section discusses some basics and is organized to present a summary of the main results of the paper. By Lemma 1.1 the linear complexity of any n -periodic sequence S with 0 < L(S < n and merr(s = m+1, m {1,,n 1}, can be uniquely expressed as L(S = n m+1 i=1 n r i, (4 where 1 r 1 < < r m+1 n. From equation (4, the linear complexity of any n -periodic binary sequence S with 0 < L(S < n and merr(s m+1, m {1,,n 1}, can be bounded as ( m 1 m n n r i + n rm+1 < L(S < n n r i, (5 i=1 for some r i {1,,n}, i = 1,,m, satisfying 1 r 1 < < r m. Note that for any sequence S satisfying the inequality (5, we have merr(s m+1. We also note that the bounds in (5 are unique in the sense that the linear complexity of any n -periodic sequence S with merr(s m+1 satisfies exactly one inequality of the particular form given in equation (5. Note that by equation (5 any L such that w H ( n L 3 can be bounded as n ( < L < n ( 1 for some 1 r 1 r < n. With this, i=1 L n (, 1 r 1 r < n (( +1 N (L 3 n+r r 1 1 + n r1+1 + 1 L 1 (( ( +1 +1 N 3 (L + 7 n+r r 1 1 + n r1+1 + 1 L 1 3 Table 1: N (L and N 3 (L when w H ( n L = we give the expressions for N (L and N 3 (L derived in this paper. When w H ( n L = 0 or 1 and k =, 3 we have k ( n N k (0 =, N k ( n = 0, and N k ( n t = 0, 0 t < n. i i=0 The results when w H ( n L = are shown in Table 1. The results when w H ( n L 3 are shown in Table. The characterizations of A (L and A 3 (L are complicated to describe without resorting to much additional notation. Hence these details are directly handled in Sections 4 and 5. 4

L n ( < L < n ( + n r 1, 1 r 1 r < n (( +1 N (L n r ( r r 1 1 + n r1+1 + 1 L 1 (( ( +1 N 3 (L N (L + 4 n r r r 1 L 1 3 Table : N (L and N 3 (L when w H ( n L 3 Effect of Small Changes On the Linear Complexity We recall that A(L is the set of n -periodic sequences with fixed linear complexity L, 0 L n. For any two n -periodic sequences S 1 and S, let d H (S 1,S denote the Hamming distance between the tuples S (n 1 and S (n. In this section we study the effect of small changes on the linear complexity of sequences in A(L and derive some properties of A(L which extend those in Fu et al. s paper [3]. First we state a well known result on n -periodic binary sequences. Lemma.1 ([3]. For any n -periodic sequence S, L(S = n if and only if w H (S is odd. We give a generalization of [3, Theorem 1] using a more straightforward approach. Theorem.. For a given r {1,,n 1}, let 1 L < n r. Then for any two distinct sequences S,S A(L we have which implies d H (S,S r+1. d H (S,S = t r+1 for some t {1,, 3,, n r 1 }, Proof. For any sequence S A(L, consider the corresponding polynomial S(x = (1 + x n L a(x, where a(x F [x] such that deg(a(x L 1 and a(1 0. Since 1 L < n r, we have n L > n n r. The generating function for S is given by S(x 1 x n = (1 + x(n n r+(n r L a(x (1 + x n = (1 + xn r L a(x 1 x n r, which implies n r is a period of S. Corresponding to any sequence M A(L, let M (r denote the n r -periodic sequence (m 0,m 1,,m n r 1. Since 1 L < n r, from Lemma.1 we know that w H (S (r and w H (S (r are even. Hence the Hamming distance between S (r and S (r is even. That is d H(S (r,s (r = t for some t {1,, 3,, n r 1 }. Since n r is a period of S and S, we have d H (S,S = r d H (S (r,s (r = t r+1. This completes the proof of the theorem. We use the following result by Fu et al. [3] for the main results of this section. For the rest of the paper we use for the operation of addition modulo n. 5

CG (S,n begin if n = 0 then return (S 0 fi if S (n 1 L = S (n 1 R then return CG (S L,n 1 else return n 1 + CG (S L + S R,n 1 fi end Figure 1: The Games-Chan Algorithm Lemma.3. For any sequence S A(L, where n n r < L < n n r 1 for some 1 r n, and for any integer 0 i n 1, the number of sequences S i,j A(L, where 0 j n 1 and j i, is exactly r 1 corresponding to all j {i t n r : 1 t r 1}. The first main result of this section deals with extending Lemma.3 to the case when four symbols per period are changed. The Games-Chan algorithm [4] is a fast algorithm to compute the linear complexity of a n -periodic binary sequence, which we use for the rest of this section. For any S A(L with period S (n = (s 0,,s n 1, denote the left and right halves of S (n by S (n 1 L = (s 0,,s n 1 1 and S (n 1 R = (s n 1,,s n 1. Let S L and S R denote the n 1 periodic sequences S L = (s 0,,s n 1 1 and S R = (s n 1,,s n 1. The Games-Chan algorithm can be recursively described as in Figure 1. We make some observations and establish notation we use for the rest of the section. Note that the recursive procedure of the Games-Chan algorithm in Figure 1 is called a total of n + 1 times to compute the linear complexity of any S A(L. In the ith step, i = 0,,n, the algorithm computes the linear complexity of a n i -periodic binary sequence. Let ψ i (S, i = 0,,n, denote the first period of the n i -periodic binary sequence considered in the ith step of the algorithm when run with input sequence S. For i = 0,,n 1, let ψ i L (S and ψi R (S denote, respectively, the left and right halves of ψ i (S. Let m i (S denote the total value contributed to L(S in the algorithm during the execution from the 0-th step to the i-th step of the algorithm. For any two finite binary sequences of the same length, S and S, let d H (S,S denote the Hamming distance between S and S. We slightly abuse the notation because we also use d H (S,S to denote the Hamming distance between the first periods of S, S A(L. The next lemma follows from the Games-Chan algorithm. 6

Lemma.4. Let S be a n -periodic binary sequence. For any t integers r 1,,r t such that 0 < r 1 < r < < r t n, we have if and only if ψ u 1 L L(S = n ( + + n rt (6 (S = ψu 1 R (S exactly when u {r 1,,r t }. (7 We describe four symbol changes for sequences in A(L such that the linear complexity of the modified sequences remains L. We assume that the four positions where the changes are made are distinct since the cases of four symbol changes when more than two positions are identical are covered by Lemma.3. Theorem.5. Let S A(L where n ( < L < n ( 1, (8 for some r 1 and r satisfying 1 r 1 r < n. 1. Consider any four integers i, j, k, and l such that 0 i < j < k < l +1 1. Then L(S i,j,k,l = L(S if and only if i, j, k, and l are in the form i = u + g 1 n r, j = u + g n r, k = i +, and l = j +, (9 where 0 u n r 1 and 0 g 1 < g r r 1 1.. There do not exist integers i 1,,i 6 such that 0 i 1 < < i 6 +1 1 and L(S i1,,i 6 = L(S. Proof. We only prove the forward direction of part 1 of the theorem. The other direction is straightforward and can be proved by reversing the argument used for the forward case. Consider any sequence From equation (8 we have S i,j,k,l A(L, where 0 i < j < k < l +1 1. (10 w H ( n L 3 and L = n ( 1 + c, (11 for some 0 < c < n r 1. From equations (6, (7, and (11, we have S A(L, ψ r 1 1 L (S = ψ r 1 1 R (S and ψ r L (S = ψr (S. (1 R By Lemma.4 and equation (11 the left and right halves are not equal during the first r 1 steps of the Games-Chan procedure for any S A(L. Thus, since 0 i,j,k,l +1 1, by the procedure of the Games-Chan algorithm we get d H (ψ r 1 1 (S,ψ r 1 1 (S i,j,k,l = 4. (13 7

By equations (1 and (13, the four positions where the vectors ψ r 1 1 (S, ψ r 1 1 (S i,j,k,l differ are of the form c 1, c, c 1 +, and c +, for some 0 c 1 < c 1. (14 From equations (1 and (13, we have d H (ψ r 1 1 L (S,ψ r 1 1 L (S i,j,k,l =. This implies d H (ψ r 1 (S,ψ r 1 (S i,j,k,l =. (15 Now we treat ψ r 1 (S and ψ r 1 (S i,j,k,l as the first periods of -periodic binary sequences S and S i,j,k,l, respectively, that differ at positions. With this notation, from equations (14 and (15 we have S = (ψ r 1 (S, S i,j,k,l = (ψr 1 (S i,j,k,l, and S i,j,k,l(x = S (x + x c 1 + x c. (16 As a consequence of the procedure of the Games-Chan algorithm, since the left and right halves are different in the first r 1 steps for both S and S i,j,k,l, we have m r 1 1 (S = m r 1 1 (S i,j,k,l = n 1 + + +1 = n +1. (17 Using Lemma.4 and by equations (10, (16, and (17 we have S,S i,j,k,l A(L where L = L ( n +1. (18 Equations (8 and (18 imply that L satisfies n r < L < n r 1. (19 By Lemma.3 and equation (19, the positions c 1 and c in equations (14 and (16 must be in the form c i = u + g i n r, i = 1,, where 0 u n r 1, 0 g 1 < g r r 1 1. (0 From equations (14 and (0, the four positions, denoted f 1, f, f 3, and f 4, where ψ r 1 1 (S and ψ r 1 1 (S i,j,k,l differ are of the form f 1 = c 1, f = c, f 3 = c 1 +, and f 4 = c +, (1 where c 1 and c are as in equation (0. From the procedure of Games-Chan algorithm observe that a symbol change at any position c in ψ r 1 1 (S, 0 c +1 1, can be effected by changing the symbol at one of the corresponding positions {(c + b +1 mod n : b = 0,, r 1 1 1} in each period of S. Thus from equations (0 and (1, i, j, k, and l must be in the form given in equation (9. To prove part assume that there exist integers i 1,,i 6 such that 0 i 1 < < i 6 +1 1 and L(S i1,,i 6 = L(S. ( 8

From the procedure of the Games-Chan algorithm, using an argument similar to that used to arrive at equation (15 we have d H (ψ r 1 (S,ψ r 1 (S i1,,i 6 = 3. (3 By equation (11 and Lemma.4 we know w H (ψ r 1 (S is even since otherwise L(S = n. Using this, equation (3 implies that w H (ψ r 1 (S i1,,i 6 is odd, which contradicts equation (. Thus part of the theorem is proved. Remark 1. Note that in Theorem.5(1 when r 1 = r = 1 there are no possible distinct values for g 1 and g in equation (9. Thus when 0 < L < n there do not exist distinct four symbol changes to any sequence in A(L that result in sequences with linear complexity L. This is an alternative proof of Theorem. when r =. Also, for some values of L in equation (8, in order to write L in the form as in equation (5, we must allow r 1 = r. Next we extend Lemma.3 to the case when the linear complexity is of the form L = n n r, 1 r n. Lemma.6. For any sequence S A(L, where L = n n r for some 1 r n, and for any integer 0 i n 1, the number of sequences S i,j A(L, where 0 j n 1 and j i, is exactly r 1 1 corresponding to all j {i t n r+1 : 1 t r 1 1}. Proof. First we prove the reverse direction of the lemma. Say j = i t n r+1 for some 1 t r 1 1. Let the polynomial corresponding to S be S(x = (1 + x n r a(x, (4 for some a(x F [x] such that deg(a(x n n r 1 and a(1 = 1. Consider the polynomial x i + x i+tn r+1 = x i (1 + x t n r+1 = x i (1 + x n r+1 (1 + + x t 1 n r+1. (5 By equations (4, (5 and the definition of linear complexity we have L(S i,j = n deg(gcd(1 + x n,s i,j (x = n deg(gcd(1 + x n,s(x + x i + x i tn r+1 = n deg(gcd(1 + x n,s(x + x i + x i+tn r+1 = n deg(gcd((1 + x n, (1 + x n r a(x + x i (1 + x n r+1 (1 + + x t 1 n r+1 = n n r = L. Now we prove the forward direction. We have S i,j A(L. From Lemma.4 we have ψ r 1 L (S = ψr 1 R (S and ψr 1 L (S i,j = ψ r 1 R (S i,j. (6 Assume j {i t n r+1 : 1 t r 1 1}. That is i and j are not congruent modulo n r+1. By the procedure of the Games-Chan algorithm, since the left and right halves are not equal during the first (r steps of the algorithm for both S and S i,j we have d H (ψ r 1 (S,ψ r 1 (S i,j =. (7 9

By equations (6 and (7 we have d H (ψ r (S,ψ r (S i,j = 1. This implies that w H (ψ r (S and w H (ψ r (S i,j can not both be odd, which contradicts the fact that L(S = L(S i,j = n n r. Thus it must be the case that j {i t n r+1 : 1 t r 1 1}. The following result can be proved using Lemma.6 and the approach used in Theorem.5. Theorem.7. Let S A(L where L = n ( for some r 1, r such that 1 r 1 < r n. 1. Consider any four integers i, j, k, and l such that 0 i < j < k < l +1 1. Then L(S i,j,k,l = L(S if and only if i, j, k, and l are in the form i = u + g 1 n r +1, j = u + g n r +1, k = i +, and l = j +, (8 where 0 u n r +1 1 and 1 g 1 < g r r 1 1 1. (9. There do not exist integers i 1,,i 6 such that 0 i 1 < < i 6 +1 1 and L(S i1,,i 6 = L(S. For any polynomial a(x F [x] given by a(x = 1 + x a 1 + + x a q 1, define the weight W(a(x = q. We also need to handle two symbol changes that decrease the linear complexity of n - periodic binary sequences. Lemma.8. For any sequence S A(L, where L = n n r for some 1 r n, and for any integer 0 i n 1, the number of sequences S i,j such that L(S i,j < L, where 0 j n 1 and j i, is exactly r 1 corresponding to all j {i (t + 1 n r : 0 t r 1 1}. Proof. First we prove the forward direction of the result. Let S(x = (1 + x n r a(x for some a(x F [x] such that deg(a(x n n r 1 and a(1 = 1. The corresponding polynomial for S i,j is S i,j (x = (1 + x n r a(x + x i + x j. So L(S i,j = n deg(gcd((1 + x n, (1 + x n r a(x + x i + x j and hence we have L(S i,j < L if and only if gcd((1 + x n,x i + x j = (1 + x n r. (30 Without loss of generality we may assume i < j. It is a well known fact that gcd(1 + x a, 1 + x b = 1 + x gcd(a,b. Hence we get gcd((1 + x n,x i + x j = gcd(1 + x n, 1 + x j i = 1 + x gcd(n,j i = 1 + x n r if and only if n r divides j i and no higher power of divides j i. Thus equation (30 implies that L(S i,j < L if and only if j = i + d n r for some odd integer d which proves the forward direction. The reverse direction can be proved using an argument similar to that used in proving the reverse direction of Lemma.6. 10

Corollary.9. For any sequence S A(L, where L = n n r for some 1 r n, there are n+r distinct pairs i, j, 0 i < j n 1, such that L(S i,j < L. All such i, j are described as i and j = i + (t + 1 n r, (31 where 0 i n n r 1 and 0 t r 1 1 ( i/ n r /. (3 Also, the distinct pairs i, j, 0 i < j n 1, such that 1 + x j i = (1 + x n r b(x, (33 for some b(x F [x], b(1 = 1, deg(b(x n n r 1, are exactly those described in equations (31 and (3. Proof. By Lemma.8 for each i n n r there are no js such that i < j n 1 and L(S i,j < L. Also, for each 0 i n n r 1 there are exactly r 1 ( i/ n r / odd multiples of n r corresponding to 0 t r 1 1 ( i/ n r / such that L(S i,i+(t+1 n r < L. Thus all i, j, 0 i < j n 1, such that L(S i,j < L are as described in equations (31 and (3. The number of distinct pairs i, j obtained from equations (31 and (3 is n 1 i=0 ( r 1 ( i/ n r / n r 1 r 1 1 (l+1 n r 1 = r 1 + ( r 1 l i=0 l=1 i=(l 1 n r ( r 1 1 = n r r 1 + n r+1 ( r 1 l = n+r. By the definition of linear complexity it is straightforward to see that the integers i, j in equations (31 and (3 are exactly those that satisfy equation (33. Our next result deals with four symbol changes that decrease the linear complexity of n -periodic binary sequences. Theorem.10. Let S A(L where L = n ( for some r 1, r such that 1 r 1 < r n. 1. Consider any four integers i, j, k, and l such that 0 i < j < k < l +1 1. Then L(S i,j,k,l < L if and only if i, j, k, and l are in the form where l=1 (34 i, j = i + (t + 1 n r, k = i +, and l = j +, (35 0 i n r 1 and 0 t r r 1 1 1 ( i/ n r /. (36 Furthermore, if K(L is the set of four symbol changes to S described in equations (35 and (36 that decrease its linear complexity, then K(L = {{i,j,k,l} : 0 i < j < k < l +1 1 and L(S i,j,k,l < L} = n+r r 1. (37 11

. For any four integers i t, t = 1,, 4, such that 0 i 1 < i < i 3 < i 4 n 1, we have L(S i1,i,i 3,i 4 < L if and only if {i t mod +1 : t = 1,, 4} K(L. 3. There do not exist integers i 1,,i 6, 0 i 1 < < i 6 n 1, such that L(S i1,,i 6 < L. Proof. First we prove the forward direction of part 1. Let S(x = (1 + x + n r a(x for some a(x F [x] such that deg(a(x n n r 1 and a(1 = 1. The corresponding polynomial for S i,j,k,l is S i,j,k,l (x = (1 + x + n r a(x + x i + x j + x k + x l. So L(S i,j,k,l = n gcd((1 + x n, (1 + x + n r a(x + x i + x j + x k + x l and hence L(S i,j,k,l < L if and only if gcd((1 + x n,x i + x j + x k + x l = (1 + x + n r. This holds if and only if 1 + x j i + x k i + x l i = (1 + x + n r b(x = (1 + x n r b(x + x (1 + x n r b(x (38 for some b(x F [x] such that b(1 = b(0 = 1. Since 0 i < j < k < l +1 1 we have deg(b(x n r 1. (39 Since W((1 + x n r b(x, by equations (38 and (39 we see that 1 + x j i = (1 + x n r b(x. (40 By Corollary.9 and equations (38, (39, and (40 we see that i, j, k, and l should be as in equation (35. The proof of the reverse direction of part 1 is straightforward and is similar to the proof of the reverse direction of Lemma.6. Equation (37 follows from equations (35, (36, (39, (40, Lemma.8, and an argument similar to that used in Corollary.9 by substituting n by n r 1 and r by r r 1 in equation (34. To prove the forward direction of part, we first note that L(S i1,i,i 3,i 4 < L if and only if the polynomial e(x = x i 1 + x i + x i 3 + x i 4 = (1 + x + n r b (x (41 for some b (x F [x] such that deg(b (x n n r 1 and b (1 = 1. Let u be the largest power of (1 + x dividing so that e (x = x i 1 mod +1 + x i mod +1 + x i 3 mod +1 + x i 4 mod +1 (4 e (x = (1 + x u b (x (43 for some b (x F [x] such that deg(b(x +1 u and b (1 = 1. For t = 1,, 4 denoting q t = i t / +1 we have x it mod +1 + x it = x it mod +1 + x it mod +1 +q t +1 = x it mod +1 (1 + x +1 (1 + + x qt 1 +1. 1

By equations (41 and (43, this implies So (1 + x +1 e(x + e (x = (1 + x + n r b (x + (1 + x u b (x. u = (44 since n r1+1 >. Since L = n (, by equations (4-(44, and the definition of linear complexity we see that the four symbol changes at positions i t mod n r1+1, t = 1,, 4, lower the linear complexity of any S A(L. Thus {i t mod n r1+1 : t = 1,, 4} K(L, which concludes the proof of the forward direction of part. The reverse direction of part can be proved similarly. To prove part 3, let there be integers i 1,,i 6, 0 i 1 < < i 6 n r1+1 1, such that L(S i1,,i 6 < L. By the argument used to arrive at equation (38 we have x i 1 + + x i 6 = (1 + x n r c(x + x (1 + x n r c(x, (45 for some c(x F [x] such that c(1 = 1 and deg(c(x n r 1. By equation (45 and the upper bound on deg(c(x it follows that (1 + x n r c(x = x i 1 + x i + x i 3, which is not possible since (1 + x n r c(x has an even number of terms. So the result follows when 0 i 1 < < i 6 +1 1. The result holds even when 0 i 1 < < i 6 n 1 due to an argument similar to that used to prove part. Remark. Theorem.5 can also be proved with the approach of Theorem.10 by using results on polynomial weights [5, Proposition 3.]. 3 Notation and Auxiliary Results In this section we establish the notation used for the rest of the paper and derive some auxiliary results on the k-error linear complexity of n -periodic binary sequences. Recall that A k (L is the set of n -periodic binary sequences with k-error linear complexity L and N k (L = A k (L. For any 1 t n, let E i1,,i t, 0 i 1 < < i t n 1, denote the n -periodic binary sequence of weight t with a 1 at positions with subscripts i 1,,i t in the first period and 0 elsewhere. Further let E t = {E i1,,i t : 0 i 1 < i < < i t n 1} for t 1 and E 0 = {0}. We denote by A(L +E i1,,i t the set {S +E i1,,i t : S A(L}. For the rest of the paper, for any set R of n -periodic binary sequences, by A(L[R] denote the set of sets {A(L + R : R R}. We have two simple results that will be used in the rest of the paper. Lemma 3.1 ([3]. For any n -periodic sequence S, if w H (S is even then L 1 (S = L(S. If w H (S is odd, then L (S = L 1 (S < L(S = n. Lemma 3. ([7]. For any n -periodic binary sequence S and for k, L k (S is different from n t for every integer t with 0 t < n. We derive two auxiliary results used for the rest of the paper. 13

Theorem 3.3. Let {i 1,,i t1 } and {j 1,,j t } denote two sets of subscripts where 0 i l,j m n 1 for l = 1,,t 1 and m = 1,,t. Then Proof. We assume (A(L + E i1,,i t1 (A(L + E j1,,j t = or A(L + E i1,,i t1 = A(L + E j1,,j t. 0 < L n (46 since the result holds trivially for L = 0. Suppose (A(L+E i1,,i t1 (A(L+E j1,,j t. So there exist sequences S, S A(L such that S + E i1,,i t1 = S + E j1,,j t. This implies that Consider the corresponding polynomials of S and S given by S + E i1,,i t1 + E j1,,j t = S. (47 S(x = (1 x n L a(x and S (x = (1 x n L a (x, (48 where a(1 = a (1 = 1. From equations (46 and (48 we have From equations (47 and (49 we have deg(gcd((1 x n,s(x + S (x > n L. (49 deg(gcd((1 x n,x i 1 + + x it 1 + x j 1 + + x jt > n L. (50 To prove the theorem we first show that every sequence in A(L + E i1,,i t1 is in A(L + E j1,,j t. Consider any R A(L with the corresponding polynomial R(x = (1 x n L b(x, where b(1 = 1. (51 Then let R = R+E i1,,i t1 +E j1,,j t with the corresponding polynomial R (x. By equations (50 and (51 we have deg(gcd((1 x n,r (x = deg(gcd((1 x n,r(x + x i 1 + + x it 1 + x j 1 + + x jt = n L. (5 From equation (5, using the definition of linear complexity we have R A(L, which implies A(L+E i1,,i t1 A(L+E j1,,j t. By symmetry A(L+E j1,,j t A(L+E i1,,i t1, which proves the theorem. We need the following generalization of [3, Theorem 4] in the latter sections. Lemma 3.4. Let S be a T-periodic binary sequence. Consider any two positive integers u, v such that 0 v u and u + v < merr(s. Then for any T-periodic binary sequence E such that w H (E = v we have L u (S + E = L(S. 14

Proof. First we note that L i (S = L(S for i = 0,,merr(S 1. Since u + v < merr(s, by definitions of L u (S and L u+v (S we get L u (S + E L u+v (S = L(S. (53 Also, from the observations that (S + E + E = S and w H (E = v u, we get The lemma follows from equations (53 and (54. L u (S + E L(S. (54 Next we prove a generalized result on the characterization and counting function of A k (L for certain specific values of k and L. Theorem 3.5. Consider L 0 such that w H ( n L r + 1 for some 0 r n 1. 1. The set A k (L = k (A(L + E i1,,i t for k = 1,, r 1. (55 E i1,,i t E t t=0. Furthermore, if 1 L < n r then the sets A(L + E i1,,i t, E i1,,i t E t for t = 0,, r 1 are disjoint and ( k ( n N k (L = L 1 for k = 1,, r 1. (56 i Proof. First we make these two observations to show part 1. i=0 1. Hypothesis w H ( n L r+1 implies that for any S A(L we have merr(s r+1.. For k = 1,, r 1, we have k r+1. From these two observations and using Lemma 3.4 we have k (A(L + E i1,,i t A k (L. t=0 E i1,,i t E t Using this, equation (55 follows from the definition of k-error linear complexity. To show part assume that 1 L < n r. To show that the sets A(L + E i1,,i t, E i1,,i t E t, t = 0,, r 1, are all disjoint, by Theorem 3.3, it is enough to show that no two of these sets are equal. We show this by contradiction. Any two sets A(L +E i1,,i u and A(L + E j1,,j v, 0 u,v r 1, are equal if and only if A(L + E i1,,i u,j 1,,j v = A(L with u + v r+1. (57 By Theorem. for any two sequences S, S A(L we have d H (S,S r+1. Thus the set equality in equation (57 does not hold and all the sets A(L + E i1,,i t, E i1,,i t E t, t = 0,, r 1, are disjoint. Using this, the counting function in equation (56 follows from equation (55. 15

4 Characterization When w H ( n L In this section we characterize the n -periodic binary sequences with fixed -error or 3-error linear complexity when the linear complexity is not of the form n ( i + j, 1 i < j n 1, by using the results from the previous section. First we obtain the results for -error linear complexity and then extend them to the 3-error case. It is straightforward to see that ( n A (0 = E 1 E {0} and N (0 = + n + 1. (58 From Lemmas.1 and 3.1 we have From Lemma 3. we get A ( n = and N ( n = 0. (59 A (L = and N (L = 0 for L = n t, 0 t < n. (60 A characterization of n -periodic binary sequences with fixed -error linear complexity L such that w H ( n L = 0 or 1 is given in equations (58-(60. Next we give the characterization when w H ( n L 3. For any 1 L < n 1, from Theorem. we know that for any two sequences S,S A(L, d H (S,S 4. Hence we have for all E t E 1 and E i,j E. Theorem 4.1. Let w H ( n L 3 where A(L (A(L + E t =, (61 A(L (A(L + E i,j =, and (6 (A(L + E t (A(L + E i,j =, (63 n ( < L < n ( 1, (64 for some r 1 and r satisfying 1 r 1 r n 1. Then A (L = A(L ( (A(L + E i (A(L + E i,j. (65 E i E 1 E i,j E Define the sets D 1 (L = {E i : 0 i +1 1} and D (L = {E i,j : 0 i < j +1 1}, (66 where the definitions implicitly depend on L. Define the sets D 1 (L and D (L by D 1 (L = {E i,i+ : i = u + t n r, 1 t r r 1 1, and 0 u n r 1} (67 16

and D (L ={E i,j,e i,j+ : i = u + t 1 n r,j = u + t n r, 0 t 1 < t r r 1 1, and 0 u n r 1}. (68 Consider the set D(L formed from the sets in equations (66, (67, and (68 by D(L = D (L (D 1 (L D (L. (69 Then the sets A(L, A(L + E i, E i D 1 (L, and A(L + E i,j, E i,j D(L, are disjoint and constitute all of A (L. Furthermore, (( +1 N (L = n r ( r r 1 1 + n r1+1 + 1 L 1. (70 Proof. Note that any L such that w H ( n L 3 can be expressed as in equation (64. The characterization in equation (65 follows by using r = in the hypothesis of Theorem 3.5 and k = in equation (55. The rest of the proof deals with determining the disjoint set decomposition of A (L in equation (65 there by obtaining the expression for N (L. Case 1: r 1 = r = 1 When r 1 = r = 1 we have 1 L < n and the characterization and counting function are already covered by part of Theorem 3.5 with r = and k = in equation (56. Also, note that the expression for the counting function in equation (56 with k = equals that in equation (70 with r 1 = r = 1. Case : 1 = r 1 < r or 1 < r 1 r First we determine the disjoint sets in A(L[E 1 ]. By equation (64 we have n +1 < L < n. (71 Using Theorem 3.3 and Lemma.3, from equation (71 we have and for u = 0,, +1 1, (A(L + E u (A(L + E v =, 0 u < v +1 1, (7 A(L + E u = A(L + E u+t +1, t = 0,, r 1 1 1. (73 Thus, from equation (7 there are n r1+1 disjoint sets A(L+E i, E i D 1 (L, in A(L[E 1 ]. To obtain the disjoint sets in A(L[E ], we only have to characterize the disjoint sets in A(L[D (L] because from equation (73 we have A(L + E i,j,i+v +1,j+w +1 = A(L, for 0 i < j n r1+1 1 and 0 v,w r1 1 1. From Theorem 3.3, we know that A(L + E i,j = A(L + E k,l if and only if there exists a sequence S A(L such that S + E i,j,k,l A(L. Hence we observe that redundantly counted sets in A(L[D (L] arise if only if there exist integers i, j, k, and l, 0 i < j < k < l n r1+1 1, that are in the form given in equation (9. So the sets of integers i, j, 17

k, and l, 0 i < j < k < l +1 1, such that L(S i,j,k,l = L(S for any S A(L are thus the i, j, k, and l in the form where and i = u + g 1 n r, j = u + g n r, k = i +, l = j +, (74 0 u n r 1 and 0 g 1 < g r r 1 1. (75 So for all settings of i and j in equation (74 we have the set equalities A(L + E i,j = A(L + E i+,j+ (76 A(L + E i,j+ = A(L + E i+,j. (77 Also, for each u = 0,, n r 1, we have r r 1 1 set equalities A(L + E u,u+ = A(L + E i,i+, where i = u + t n r (78 for 1 t r r 1 1. Note that each error vector appearing on the left hand side or right hand side of equations (76 or (77 corresponding to all settings of i and j in equation (74 appears only in one of those equations and does not appear in the set equalities in equation (78. Also note that each error vector appearing on the left hand side or right hand side of set equalities in equation (78 does not appear in left hand side or right hand side of equations (76 and (77. Thus by equation (74, each of the set equalities in equations (76 and (77 results in a redundantly counted set in A(L[D (L]. These redundantly counted sets for all settings of i and j in equation (74 are listed as A(L + E i,j, E i,j D (L. Similarly, for each u = 0,, n r 1, the set equalities in equation (78 result in r r 1 1 redundantly counted sets in A(L[D (L]. These redundantly counted sets are listed as A(L + E i,j, E i,j D 1 (L. Note that any L such that n 1 L < n and w H ( n L 3, satisfies equations (61 and (63. From Lemma.3 and equation (71 we have A(L (A(L + E i,j =, E i,j D (L. (79 Thus, from equations (65, (61-(63, (69, (74-(78, and (79, the sets A(L, A(L + E i, E i D 1 (L, and A(L + E i,j, E i,j D(L, are disjoint and constitute all of A (L. From equations (67 and (68 we get D 1 (L = n r ( r r 1 1 and D (L = n r ( ( r r 1. (80 The number of disjoint sets in A(L[E ] is equal to D(L. From equations (69 and (80 we have D(L = D (L ( D 1 (L + D (L ( ( ( +1 = n r r r 1 r r 1 1 +. From Lemma 1. we have A(L = L 1, 1 L n. Hence the counting function in equation (70 follows from equations (65, (61-(63, (7, (79, and (81. This completes the proof of the theorem. 18 (81

Next we give the characterization of n -periodic binary sequences with fixed 3-error linear complexity L when w H ( n L. Using the characterization we also obtain the corresponding counting function. For convenience we use the notation established in the statement of Theorem 4.1. It is straightforward to see that ( ( n n A 3 (0 = E 1 E E 3 {0} and N 3 (0 = + + n + 1. 3 We also have A 3 ( n = and N 3 ( n = 0. From Lemma 3. we also get A 3 (L = and N 3 (L = 0 for L = n t, 0 t < n. Theorem 4.. Let 1 L < n be a positive integer such that w H ( n L 3. Then A 3 (L = A (L (A(L + E i,j,k. (8 E i,j,k E 3 Furthermore, let L be uniquely bounded as n ( < L < n ( 1, for some r 1 and r satisfying 1 r 1 r n 1. Let D(L be as in equation (69. Define the sets D 3 (L, D 3 (L, and E(L by and D 3 (L = {E i,j,k : 0 i < j < k +1 1}, D 3 (L = {E i,j,k,e i,j,l,e j,k,l,e i,k,l : i = u + g 1 n r, j = u + g n r, k = i +, l = j +, 0 g 1 < g < r r 1, and 0 u n r 1}, (83 E(L = D 3 (L D 3 (L. (84 Then the sets A(L, A(L + E i, E i D 1 (L, A(L + E i,j, E i,j D(L, and A(L + E i,j,k, E i,j,k E(L are disjoint and constitute all of A 3 (L. Furthermore, (( ( +1 N 3 (L = N (L + 4 n r r r 1 L 1. (85 3 Proof. The characterization in equation (8 follows by using r = in the hypothesis of Theorem 3.5 and k = 3 in equation (55. The rest of the proof deals with determining the disjoint set decomposition of A 3 (L in equation (8 there by obtaining the expression for N 3 (L. The case when r 1 = r = 1, that is, when 1 L < n, is covered by part of Theorem 3.5 with r = and k = 3 in equation (56. It is straightforward to verify that the results using Theorem 3.5 when r 1 = r = 1 agree with those stated in this theorem statement. 19

The rest of the proof handles the case when r 1 = 1 < r or 1 < r 1 r. We characterize the disjoint sets in the union given in equation (8. From Theorem 4.1 the disjoint sets in A (L in equation (65 are A(L, A(L + E i, E i D 1 (L, and A(L + E i,j, E i,j D(L. Next we characterize the disjoint sets in A(L[E 3 ]. For this, from equations (7 and (73 we only have to describe the disjoint sets in A(L[D 3 (L]. From part of Theorem.5 we can see that all sets in A(L[D 3 (L] are disjoint. Finally, we show that the sets in A(L[D 3 (L] are disjoint from the sets A(L, A(L+E i, E i D 1 (L, and A(L + E i,j, E i,j D(L. Since Hamming weights of all sequences in the sets in A(L[D 3 (L] are odd, these sets are disjoint from sets A(L and A(L + E i,j, E i,j D(L. From Theorem 3.3 a set A(L + E i, 0 i n r1+1 1, is equal to some set A(L + E j,k,l, 0 j,k,l n r1+1 1, if and only if there exists a sequence S A(L such that S i,j,k,l A(L. Exactly all such i, j, k, and l are described in equations (74 and (75. From equations (74 and (75, for each u = 0,, n r 1 there are exactly ( r r 1 distinct pairs i, j and hence distinct sets {i,j,k,l} such that 0 i < j < k < l n r1+1 1 and A(L + E i,j,k,l = A(L. For each such distinct set {i,j,k,l} we have four set equalities A(L + E i,j,k = A(L + E l, A(L + E i,j,l = A(L + E k, A(L + E j,k,l = A(L + E i, and A(L + E i,k,l = A(L + E j. (86 Based on the settings of possible i, j, k, and l in equations we note that each error vector with Hamming weight 3 that appears in the set equalities in equation (86 appears in exactly one of them. This leads to four redundantly counted sets for each distinct setting of i, j, k, and l as described above. Thus all the redundantly counted sets in the intersection of A(L[D 3 (L] and A(L[D 1 (L] are A(L + E i,j,k, E i,j,k D 3 (L. Hence the sets in E(L in equation (84 are disjoint from the sets A(L, A(L + E i, E i D 1 (L, and A(L + E i,j, E i,j D(L. Using the definition of k-error linear complexity the sets A(L, A(L + E i, E i D 1 (L, A(L + E i,j, E i,j D(L, and A(L + E i,j,k, E i,j,k E(L, are disjoint and thus constitute all of A 3 (L. Using this, the counting function in equation (85 follows from the definition of E(L in equation (84. 5 Characterization When w H ( n L = We use results in Section and the notation established in Section 4 to obtain the characterization of sequences in A(L with fixed -error or 3-error linear complexity when L = n (, 1 r 1 < r n. Theorem 5.1. Let L = n ( for some 1 r 1 < r n. Define the sets G 1 (L = {E i : 0 i +1 1} and G (L = {E i,j : 0 i < j +1 1}. (87 Consider the sets H 1 (L = {E i,i+ : 0 i 1}, (88 H (L = {E i,j,e i+,j+,e i,j+,e j,i+ : 0 i n r 1, j = i + (t + 1 n r, and 0 t r r 1 1 1 ( i/ n r (89 / }, 0

and H 3 (L = {E i,j,e i,j+ : i = u + g 1 n r +1, j = u + g n r +1, 0 g 1 < g r r 1 1 1, and 0 u n r +1 1}. (90 Finally, define the set H(L = G (L (H 1 (L H (L H 3 (L. (91 Then the sets A(L, A(L + E i, E i G 1 (L, A(L + E i,j, E i,j H(L, are disjoint and constitute all of A (L. That is A (L = A(L (A(L + E i (A(L + E i,j. (9 E i G 1 (L E i,j H(L Furthermore, (( +1 N (L = 3 n+r r 1 1 + n r1+1 + 1 L 1. (93 Proof. By the definition of k-error linear complexity we have A (L A(L ( (A(L + E i (A(L + E i,j. (94 E i E 1 E i,j E For the rest of the proof let S be any sequence in A(L. By Lemma 1.1 we have L (S = L and by Lemma 3.4 we get L (S + E i = L for any E i E 1. Thus A(L ( (A(L + E i A (L. (95 E i E 1 Since n n r1+1 < L < n, equations (7 and (73 also hold in the current setting. Thus there are n r1+1 disjoint sets A(L + E i, E i G 1 (L, in A(L[E 1 ]. So we have (A(L + E i = (A(L + E i. (96 E i E 1 E i G 1 (L Equations (7 and (73 also imply that A(L[E ] = A(L[G (L]. Next we determine which of the sets in A(L[G (L] have sequences that belong to A (L. Equations (35 and (36 describe all distinct four symbol changes i, j, k, and l, 0 i < j < k < l +1 1, such that L(S i,j,k,l < L. By equations (35 and (36 it is evident that for each integer u, 0 u 1, there exist integers v 1 and v, 0 v 1,v +1 1, such that L(S + E u,u+ + E v1,v < L. Thus S A(L i,j : L (S + E i,j < L, E i,j H 1 (L. (97 1

For each set of four symbol changes in equation (35 there are four distinct sequences E i,j, E i,j+, E j,i+, and E i+,j+ in G (L that when added to S result in sequences with -error linear complexity less than L. That is S A(L i,j : L (S + E i,j < L, E i,j H (L. (98 By equations (97, (98, and part of Theorem.10 we have S A(L and i,j : L (S + E i,j = L, E i,j G (L (H 1 (L H (L and thus (A(L + E i,j A (L and E i,j G (L (H 1 (L H (L E i,j H 1 (L H (L (A(L + E i,j A (L =. (99 Next we describe the disjoint sets in {A(L + E i,j : E i,j G (L (H 1 (L H (L}. From Theorem 3.3, we know that A(L + E i,j = A(L + E k,l if and only if there exists a sequence R A(L such that the new sequence R + E i,j,k,l A(L. Exactly all such i, j, k, and l are in the form given in equations (8 and (9. From the definitions in equations (88-(90 we see the following. 1. If E i,j H 1 (L then j i is.. If E i,j H (L then j i is an odd multiple of n r. 3. If E i,j H 3 (L then j i is an even multiple of n r and j i <. From these observations we conclude H 3 (L H 1 (L H (L =. (100 For each of the ( n r +1 r r 1 1 distinct settings of i and j in equations (8 and (9 the set equalities in equations (76 and (77 hold. By equation (100 and using an argument similar to that used in Theorem 4.1, this implies that there are ( n r +1 r r 1 1 redundantly counted sets in {A(L + E i,j : E i,j G (L (H 1 (L H (L} enumerated as A(L + E i,j, E i,j H 3 (L. So we have E i,j G (L (H 1 (L H (L (A(L + E i,j = E i,j G (L (H 1 (L H (L H 3 (L (A(L + E i,j. (101 Since n +1 < L < n, by Lemma.3 and Theorem 3.3 we can see that A(L (A(L + E u =, A(L (A(L + E i,j =, (A(L + E u (A(L + E i,j =, and (10

for all E u G 1 (L and E i,j G (L. Thus by equations (94-(96 and (99-(10 the sets A(L, A(L + E i, E i G 1 (L, A(L + E i,j, E i,j H(L, are disjoint and constitute all of A (L and the characterization in equation (9 follows. By equations (88 and (90 we have ( H 1 (L = and H 3 (L = n r +1 r r 1 1 = n+r r 1 1. (103 Each set of four symbol changes in equation (8 contributes four elements to the cardinality of H (L as specified in equation (89. So by equations (37 and (89 we have H (L = 4 n+r r 1 = n+r r 1. (104 Thus by equations (87, (91, (100, (103, and (104 we obtain H(L = G (L ( H 1 (L + H (L + H 3 (L ( +1 = ( + n+r r 1 + n+r r 1 1 ( +1 = 3 n+r r 1 1. (105 The counting function in equation (93 follows from equations (3, (87, (9, and (105. For convenience, we use the notation established in the statement of Theorem 5.1 in the next result. Theorem 5.. Let L = n ( for some 1 r 1 < r n. Define the sets G 3 (L, M 1 (L, and M (L by G 3 (L = {E i,j,k : 0 i < j < k +1 }, and M 1 (L = n r 1 i=0 {E i,j,k,e i,j,l,e i,k,l,e j,k,l : j = i + (t + 1 n r, k = i +, l = j +, and 0 t r r 1 1 1 ( i/ n r / }, (106 n r +1 1 M (L = {E i,j,k,e i,j,l,e i,k,l,e j,k,l : i = u + g 1 n r+1, j = u + g n r+1, u=0 k = i +, l = j +, and 0 g 1 < g r r 1 1 1}. (107 Finally, define the set M(L = G 3 (L (M 1 (L M (L. (108 3

Let H(L be as in equation (91 in Theorem 5.1. Then the sets A(L, A(L + E i,j, E i,j H(L, A(L + E i,j,k, E i,j,k M(L, are disjoint and constitute all of A 3 (L. That is A 3 (L = A(L (A(L + E i,j (A(L + E i,j,k. (109 E i,j H(L Furthermore, (( ( +1 +1 N 3 (L = + 3 E i,j,k M(L 7 n+r r 1 1 + n r1+1 + 1 L 1. (110 Proof. By the definition of k-error linear complexity we have 3 A 3 (L A(L (A(L + E i1,,i t. (111 t=1 E i1,,i t E t For the rest of the proof let S be any sequence in A(L. By Lemma 1.1 we have L 3 (S = L and so A(L A 3 (L. (11 Since n +1 < L < n, equations (7 and (73 also hold in the current setting. Thus there are +1 disjoint sets A(L + E i, E i G 1 (L, in A(L[E 1 ] and thus equation (96 holds. By the format of four symbol changes that decrease the linear complexity of S given in equations (35 and (36, for each i 1 = 0,, +1 1, there exist three integers i, i 3, and i 4 such that L(S i1,i,i 3,i 4 < L, which implies E i G 1 (L (A(L + E i A 3 (L =. (113 By the proof of Theorem 5.1 we know that sequences in sets A(L +E i,j, E i,j E, with 3-error linear complexity L are given by the disjoint union (A(L + E i,j A 3 (L. (114 E i,j H(L Equations (7 and (73 imply A(L[E 3 ] = A(L[G 3 (L]. So it is sufficient to determine the sequences in sets A(L + E i,j,k, E i,j,k G 3 (L, that belong to A 3 (L. For each set of four symbol changes in equation (35 there are four distinct sequences E i,j,k, E i,j,l, E i,k,l, and E j,k,l in G 3 (L that when added to S result in sequences with 3-error linear complexity less than L. That is (A(L + E i,j,k A 3 (L =. (115 E i,j,k M 1 (L Equations (8 and (9 describe all i, j, k, and l, 0 i < j < k < l +1 1, such that L(S i,j,k,l = L. For each set of these four symbol changes we have four set equalities 4

A(L + E i = A(L + E j,k,l, A(L + E j = A(L + E i,k,l, A(L + E k = A(L + E i,j,l, and A(L + E l = A(L + E i,j,k. By equation (113 this implies that (A(L + E i,j,k A 3 (L =. (116 E i,j,k M (L By equation (106 for each E i,j,k M 1 (L we have either i j, j k, or k i is an odd multiple of n r. By equation (107 for each E i,j,k M (L we have i j, j k, and k i are all even multiples of n r. From this we see that M 1 (L M (L =. (117 By equations (115, (116, and (117, part of Theorem.5 and part 3 of Theorem.10, and using the fact that an odd number of changes to S results in an sequence with linear complexity n, sequences in sets A(L +E i,j,k, E i,j,k G 3 (L, with 3-error linear complexity L are given by the disjoint union (A(L + E i,j,k A 3 (L. (118 E i,j,k G 3 (L (M 1 (L M (L By equations (111-(114, (118, and using the fact that odd number of changes to S result in sequences with linear complexity n, the sets A(L, A(L + E i,j, E i,j H(L, A(L + E i,j,k, E i,j,k M(L, are disjoint and constitute all of A 3 (L and the characterization in equation (109 follows. From equations (8, (35, (37, and (106-(108 we have M(L = G 3 (L ( M 1 (L + M (L ( ( ( +1 = 4 n+r r 1 + 4 n r +1 r r 1 1 3 ( +1 = + n r1+1 4 n+r r 1 1. 3 (119 The counting function in equation (110 follows from equations (3, (105, (109, and (119. 6 Concluding Remarks In this paper, we characterized n -periodic binary sequences with fixed -error or 3-error linear complexity. First we derived some properties of n -periodic binary sequences with fixed linear complexity. We used the Games-Chan algorithm to find the exact form of specific four symbol changes that can be made in a n -periodic sequence so that the resulting sequence has the same linear complexity as the original sequence. Using straightforward algebraic methods we also described four symbol changes to a n -periodic binary sequence so that the resulting sequence has smaller linear complexity than the original sequence. We used these properties to obtain the characterizations and the corresponding counting functions. Here we make some observations based on the counting functions derived in the paper. 5

Let N (L, 0 L n, be the number of n -periodic binary sequences with linear complexity at least L. From Lemma 1. we have ( n L+1 1 N (L = n. (10 Define f k (L, 1 k n, by n L+1 f k (L = N k(l N (L. (11 So f k (L describes the proportion of sequences with k-error linear complexity L among sequences with linear complexity at least L. For cryptographic purposes we would like to have f k (L as high as possible for large L and at least for small k. By equations (70, (93, (10 and (11 after simplification we obtain f (L = +1 + + 1 n+r r 1 n L+1 1 (1 when n ( < L < n ( 1 with 1 r 1 r n 1 and f (L = +1 + + 1 3 n+r r 1 1 n L+1 1 (13 when L = n (, 1 r 1 < r n. Using these formulae we find f (L for L = n 3, n 5, n 6, and n 7. When L = n 7, we have w H ( n L = 3 and we can uniquely bound L as n ( < L < n ( 1 with r 1 = r = n. Using L = n 7 and r 1 = r = n in equation (1 we have f ( n 7 = 37/55 1/7. When L = n 3, we have w H ( n L = and L = n ( with r 1 = n 1 and r = n. So we have f ( n 3 = 5/15 = 1/3 by equation (13. Similarly we obtain f ( n 5 = 13/63 1/5 and f ( n 6 = 5/17 1/5. Using equations (85, (110, (10, and (11 we also obtain corresponding values for f 3 (L. Using Theorem 1.3 we determine the corresponding values for f 1 (L. All these values are summarized in Table 3. Since the L f 1 (L f (L f 3 (L n 3 1/3 1/3 1/15 n 5 1/7 13/63 1/5 37/63 1/ n 6 9/17 1/14 5/17 1/5 65/17 1/ n 7 9/55 1/8 37/55 1/7 93/55 1/3 Table 3: f 1 (L, f (L, and f 3 (L for large L number of sequences with high linear complexity is large for n -periodic binary sequences, we see that considerable number of sequences have high linear complexity and high -error or 3-error linear complexity. 6

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback