A New Method to Compute the 2-adic Complexity of Binary Sequences
aa r X i v : . [ c s . CR ] S e p A New Method to Compute the 2-adic Complexity of BinarySequences
Hai Xiong, Longjiang Qu, and Chao Li
College of Science, National University of Defense Technology, Changsha 410073, China [email protected],[email protected],[email protected]
Abstract.
In this paper, a new method is presented to compute the 2-adic complexity ofpseudo-random sequences. With this method, the 2-adic complexities of all the known sequenceswith ideal 2-level autocorrelation are uniformly determined. Results show that their 2-adiccomplexities equal their periods. In other words, their 2-adic complexities attain the maximum.Moreover, 2-adic complexities of two classes of optimal autocorrelation sequences with period N ≡ Index Terms—
Linear feedback shift registers (LFSRs) and feedback with carry shift registers (FCSRs)are two classes of pseudo-random sequence generators. The sequences produced by themcould have good randomness, such as low correlation, long period and so on. These pseudo-random sequences are widely used in cryptography and communication systems.For any binary periodic sequence s , it always can be generated by an LFSR or anFCSR. The length of the shortest LFSR resp. FCSR which can generate s is called the lin-ear complexity resp. 2-adic complexity of s , symbolically LC ( s ) resp. AC ( s ). Since s canbe completely determined by the Berlekamp-Massey algorithm [1] resp. rational approxima-tion algorithm [2] with 2 LC ( s ) resp. 2 AC ( s ) consecutive bits, linear complexity and 2-adiccomplexity are two of the most important security criteria of binary sequences.It is of interest to investigate the relationship between linear complexity and 2-adiccomplexity. However, it may be quite difficult in general since little is known in the literature.Hence a natural tradeoff is to investigate the linear complexity of sequences whose 2-adiccomplexity is known or the 2-adic complexity of sequences whose linear complexity is known.Until now, there are only a few classes of pseudo-random sequences whose linear complexityand 2-adic complexity both are clear. Seo et. al. [3] and Qi et. al. [4] got a lower bound onthe linear complexity of a special class of l -sequences respectively. Klapper and Goresky [5]derived a simple result about the 2-adic complexity of m -sequences. A breakthrough of this Xiong Hai, Longjiang Qu, Chao Li problem was given by Tian et. al. [6]. They completely determined the 2-adic complexity of m -sequences and showed that all the m -sequences have optimal 2-adic complexity. m -sequences is a class of ideal 2-level autocorrelation sequences which play a significantrole in applications for their optimal autocorrelation. A large amount of ideal 2-level auto-correlation sequences other than m -sequences have been constructed, for example Legendresequences, twin-prime sequences and Hall’s sextic residue sequences [7]. The linear complex-ities of these sequences have all been determined; see [8] for a survey. However, as far asthe authors known, no result about the 2-adic complexities of these sequences other than m -sequences is known yet.In this paper, we will present a new method to compute the 2-adic complexity of binarysequences. According to [5], to determine 2-adic complexity of a binary sequence is equivalentto determine the greatest common divisor of two numbers which are associated with thesequence. Here, we convert this problem to compute the determinant of a circulant matrixand the greatest common divisor of two other integers. Then by using the new method, weprove that all the known sequences with ideal 2-level autocorrelation have the maximum2-adic complexities, i.e. their 2-adic complexities equal their periods. We also prove thatLegendre sequences and Ding-Helleseth-Lam sequences with period N ≡ In this section, we will introduce some notations and review some well-known results.
1. The symbol “+” has a multiple meaning: it stands for the integer addition, or for theaddition over F , or even for the addition over integer residue rings. But this will notbring confusion in concrete situations. -adic complexity 3
2. A sequence is called binary if its elements consist of 0 and 1.3. For a binary sequence s = ( s , s , · · · , s N − ), its sequence polynomial is P s ( x ) = N − P i =0 s i x i .The complementary sequence of s , denoted by s , is defined as (1 − s , − s , · · · , − s N − ).Let D s denote the support set of s , which is defined as D s = { ≤ i ≤ N − s i = 1 } .4. Let Q denote the complete field of Q with respect to the 2-adic absolute value.5. Assume that p = df + 1 is a prime. Let α be a primitive element of F p . The cyclotomicclasses of order d with respect to F p , denoted by D ( d,p ) i (0 ≤ i ≤ d − D ( d,p ) i = { α i + kd : 0 ≤ k ≤ f − } .6. Let S be a subset of Z /N Z with k elements. For any integer τ , define S + τ = { ( a + τ )mod N : a ∈ S } . If there exists a positive integer λ such that | S ∩ ( S + τ ) | = λ for any τ N , then S is called an ( N, k, λ ) cyclic difference set . Let s = ( s , s , · · · , s N − ) be a binary sequence with period N . The autocorrelationfunction of s is defined by C s ( τ ) = N − X i =0 ( − s i + s i + τ , τ ∈ Z /N Z . Clearly, C s (0) = N .We say that s is an optimal autocorrelation sequence if for any τ = 0,(1) C s ( τ ) = − N ≡ − C s ( τ ) ∈ { , − } and N ≡ C s ( τ ) ∈ { , − } and N ≡ C s ( τ ) ∈ { , − } and N ≡ ideal -level autocorrelation . Many classes ofsuch sequences have been reported, such as Legendre sequence, Hall’s sextic residue sequence,twin-prime sequence, and m -sequence, GMW sequences, Maschiettie’s hyperoval sequences,etc. For a list of such sequences and detailed definitions of these sequences, please refer to [9]or [10]. The following characterization of such sequences is from [7]. Lemma 1. [7] Let s be a binary ideal -level autocorrelation sequence with period N . Then D s , the support set of s , is an ( N, N +12 , N +14 ) or ( N, N − , N − ) cyclic difference set. Basedon their periods, all the known ideal -level autocorrelation sequences can be divided intothree classes: (1) N = 2 n − ; (2) N = p , where p ≡ is a prime; (3) N = p ( p + 2) ,where both p and p + 2 are primes. All the known binary sequences with optimal autocorrelation until 2009 are surveyedby Cai and Ding [10]. Here we only recall the definitions of Legendre sequences and Ding-Helleseth-Lam sequences with period of N ≡ Xiong Hai, Longjiang Qu, Chao Li
Legendre Sequences : Let p ≡ s be a binary sequence definedby s i = , if i ∈ D (2 ,p )0 ;0 , otherwise . Then s has optimal out-of-phase autocorrelation values { , − } . Ding-Helleseth-Lam Sequences : Let p ≡ s be a binarysequence defined by s i = , if i ∈ D (4 ,p )0 ∪ D (4 ,p )1 ;0 , otherwise . Then s has optimal out-of-phase autocorrelation values { , − } . A feedback with carry shift register (FCSR) consists of a feedback register and a memorycell. It is designed by Klapper and Goresky [11]. The form of an r -stage FCSR is presentedin Fig. 1, where q i (1 ≤ i ≤ r − ∈ { , } , q r = 1. We call q = P ri =1 q i i − connection Fig. 1.
Feedback with carry shift register number of this FCSR and its operation is defined as follows:1. Give an initial state ( a r − , a r − , · · · , a ) of the register and m of the memory, where a i ∈ { , } , m ∈ Z ;2. Compute an integer sum σ = P r − i =0 q i a i + m ;3. Shift the register one step to right with outputting the rightmost bit a ;4. Put a r = ( σ mod 2) into the leftmost of the register;5. Put σ − a r into the memory;6. Return to Step 2.The following result about 2-adic complexity of binary sequences was firstly presentedby Klapper et. al. [5]. -adic complexity 5 Lemma 2. [5] (1)
Let s be a periodic sequence generated by the FCSR with connectionnumber q . Assume that s = ( s , s , · · · ) . Then, in Q , P ∞ i =0 s i i = pq , where p is an integersuch that − q ≤ p ≤ . Particularly, if gcd( p, q ) = 1 , then this FCSR is the shortest onewhich can produce s and hence AC ( s ) = ⌊ log( q + 1) ⌋ . (2) Conversely, let s = ( s , s , · · · ) be a binary periodic sequence. If P ∞ i =0 s i i = pq in Q ,then s can be produced by the FCSR with connection number q . Let s be a periodic sequence and s its complementary sequence. It follows from Lemma2 and the fact P ∞ i =0 s i i + P ∞ i =0 s i i = P ∞ i =0 i = − s and s have the same 2-adiccomplexity. Hence when we refer to an ideal 2-level autocorrelation sequence, we alwaysassume that, without loss of generality, its support set is an ( N, N +12 , N +14 ) cyclic differenceset. An r -stage linear feedback shift register (LFSR) over a finite field F q is given in Fig. 2,where q i (1 ≤ i ≤ r ) ∈ F q , q r = 0. We call f ( x ) = P ri =1 q i x i − connection polynomial Fig. 2.
Linear feedback shift register of this LFSR and its operation is defined as follows:1. Give an initial state ( a r − , a r − , · · · , a ), where a i ∈ F q ;2. Compute a sum σ = P r − i =0 q i a i over F q ;3. Shift the register one step to right with outputting the rightmost bit a ;4. Put a r = σ into the leftmost of the register;5. Return to Step 2.The following is a well-known result on the linear complexity of periodic sequences. Xiong Hai, Longjiang Qu, Chao Li
Lemma 3. [7, 12] (1)
Let s = ( s , s , · · · ) be a periodic sequence generated by the LFSRwith connection polynomial f ( x ) . Then P ∞ i =0 s i x i = g ( x ) f ( x ) . Particularly, if gcd( g ( x ) , f ( x )) = 1 ,then this LFSR is the shortest one which can produce s and hence LC ( s ) = deg( f ( x )) . (2) Conversely, let s = ( s , s , · · · ) be a periodic sequence over F q . If P ∞ i =0 s i x i = g ( x ) f ( x ) , then s can be produced by the LFSR with connection polynomial f ( x ) . Let p be a prime and let ψ be a multiplicative character of F p . Define G ( ψ ; α ) = X x ∈ F ∗ p ψ ( x ) w αxp and g ( k ; α ) = X x ∈ F p w αx k p , where k is an integer, w p = e πip is a p -th primitive unity of C and α ∈ F p . Both the abovesums are called Gauss sums and they are connected by the following results.
Lemma 4. [13] Let ψ be a multiplicative character of F p with order k . Then, g ( k ; α ) = k − X j =1 G ( ψ j ; α ) = k − X j =1 ψ j ( α − ) G ( ψ j ; 1) . Lemma 5. [13] Assume that p ≡ . One has (1) If ψ is the quadratic character of F p , then G ( ψ ; 1) = g (2; 1) = √ p ; (2) If ψ is a character of order , then G ( ψ ; 1) + G ( ψ ; 1) = ± (cid:26) (cid:18) p (cid:19) ( p + a √ p ) (cid:27) / , where (cid:16) p (cid:17) ≡ p − mod p is the Legendre symbol, a is an integer such that a + b = p , a ≡ − (cid:16) p (cid:17) ( mod 4) ; (3) If ψ is a nontrivial character, then | G ( ψ ; 1) | = √ p . In this section, we will present a new method of computing the 2-adic complexity ofbinary sequences. The following is a key lemma of our method. -adic complexity 7
Lemma 6.
Let s = ( s , s , · · · , s N − ) be a binary sequence with period N and let P s ( x ) = P N − i =0 s i x i ∈ Z [ x ] . Let A = ( a i,j ) N × N be the matrix defined by a i,j = s ( i − j ) mod N , and letus view A as a matrix over Q . If det( A ) = 0 , then there exist u ( x ) , v ( x ) ∈ Z [ x ] such that u ( x ) P s ( x ) + v ( x )(1 − x N ) = det( A ) , (1) where deg u ≤ N − , deg v ≤ N − .Proof. It suffices to prove that the following equation system has a solution ( u , u , · · · , u N − ,v , v , · · · , v N − ) T ∈ Z N − , where u i and v i are the coefficients of u ( x ) and v ( x ) respectively. s u + v = det( A ) s u + s u + v = 0... = ... N − X i =0 s N − − i u i + v N − = 0 N − X i =0 s N − − i u i = 0 N − X i =1 s N − i u i − v = 0 N − X i =2 s N +1 − i u i − v = 0... = ... s N − u N − − v N − = 0 . (2)The coefficient matrix C of the above equation system is C = s · · · · · · s s · · · · · · · · · ... ... ... · · · ... s N − s N − · · · · · · s N − s N − · · · s · · · s N − · · · s − · · · · · · ... ... ... · · · ...0 0 · · · s N − · · · − . Xiong Hai, Longjiang Qu, Chao Li
Adding the last ( N −
1) rows of C on the first ( N −
1) rows, we get a new matrix C ′ = s s N − · · · s · · · s s · · · s · · · · · · ... ... ... · · · ... s N − s N − · · · s N − · · · s N − s N − · · · s · · · s N − · · · s − · · · · · · ... ... ... · · · ...0 0 · · · s N − · · · − . Then we have det( C ) = det( C ′ ) = det( A )( − N − = ± det( A ) = 0. Hence Equation (2) has aunique solution α = ( u , · · · , u N − , v , · · · , v N − ) T = C − β , where β = (det( A ) , , · · · , T .Noting that C is a matrix over Z and det( C ) = ± det( A ), we have α = C − β ∈ Z N − . Wefinish the proof. (cid:4) The following is our first main result on the 2-adic complexity of binary periodic se-quence.
Theorem 1.
Let the symbols be defined as in Lemma 6. If gcd(1 − N , det( A )) = 1 , then AC ( s ) = N .Proof. Since gcd(1 − N , det( A )) = 1, we have det( A ) = 0. According to Lemma 6, thereexist u ( x ) , v ( x ) ∈ Z [ x ] such that u ( x ) P s ( x ) + v ( x )(1 − x N ) = det( A ) . (3)Substituting x = 2 into the above equation and letting M = P s (2), we have u (2) M + v (2)(1 − N ) = det( A ) . (4)Hence we have gcd( M, − N ) = 1 since gcd(1 − N , det( A )) = 1. The result then followsfrom Lemma 2. (cid:4) Before processing further discussions, we make two remarks on Theorem 1. Firstly, let d = gcd( M, − N ) and d = gcd(1 − N , det( A )). Then it follows from (4) that d is dividedby d . Hence by Lemma 2, the smallest connection number q of s is − N d , which is lowerbounded by − N d . Thus one can get a lower bound on q and consequently a lower boundon the 2-adic complexity of s if d = gcd(1 − N , det( A )) = 1. It is a more general resultthan Theorem 1. However, for simplicity, we would like to keep Theorem 1 as its presentform. Secondly, it is clear that Theorem 1 can be naturally generalized to p -ary sequences.However, we focus on binary sequences in the present paper. -adic complexity 9 Theorem 1 provides a new method to compute the 2-adic complexity of binary sequences.The key point of this method is to compute det( A ) and then verify whether gcd(2 N − , det( A )) = 1 , where A is the circulant matrix constructed from the sequence. Accordingto linear algebra, det( A ) can be computed as follows. Lemma 7. [14] Let s be a sequence with period N and let A = ( a i,j ) N × N be the matrixdefined by a i,j = s ( i − j ) mod N . Then det( A ) = Q N − j =0 P s ( w jN ) , where w N = e πiN is an N -thprimitive unity of C . It is clear that P s (1) = P N − i =0 s i = | D s | . For 1 ≤ j ≤ N −
1, we have P s ( w jN ) = N − X i =0 s i ( w jN ) i = X i ∈ D s ( w jN ) i . Hence computing P s ( w jN ) is related to some exponential sums. If the corresponding ex-ponential sums can be computed, then one can compute det( A ) and check whether gcd(2 N − , det( A )) = 1 holds. This is the case of Legendre Sequence, Ding-Helleseth-Lam Sequenceand Ding-Helleseth-Martinsen Sequence, as we will see in Section 4.2. On the other hand, ifthe exponential sums can not be easily computed, we may use other methods to computedet( A ). This is the case of all the known binary sequences with ideal 2-level autocorrelation,as we will see in Section 4.1. In this section, as applications of our new method, we will determine the 2-adic com-plexities of many binary sequences. They are examples of the two cases discussed in the lastsection.
In this subsection, we will use Theorem 1 to uniformly determine the 2-adic complexitiesof all the known binary ideal 2-level autocorrelation sequences. Two lemmas will be needed.The first one is a well-known result from linear algebra.
Lemma 8. [15] Let B = ( b i,j ) n × n be a matrix defined by b i,j = x, if i = j ; y, if i = j. Then det( B ) = ( x + ( n − y )( x − y ) n − . Lemma 9. (1)
Let p be an odd prime. If q is a prime factor of (2 p − , then q ≥ ( p + 2) . (2) Let N = p ( p +2) , where p and p +2 both are odd primes. If q is a prime factor of (2 N − ,then q ≥ ( p + 2) .Proof. We only give a proof for (2). The proof for (1) is similar and is left to the interestedreaders. We regard 2 as an element of F q , and denote by ord(2) the order of 2 in F ∗ q .Since 2 p ( p +2) ≡ q , we have ord(2) | p ( p + 2). Noting that ord(2) = 1, thereforeord(2) = p, p + 2 , or N . Clearly, we also have ord(2) | ( q − q ≥ p + 2. (cid:4) Now we can introduce the second main result.
Theorem 2.
Let s be any known ideal -level autocorrelation sequence with period N . Thenits -adic complexity is N .Proof. By Theorem 1, it suffices to prove that gcd(1 − N , det( A )) = 1, where A = ( a i,j ) N × N is the matrix defined by a i,j = s ( i − j ) mod N .Let B = A T A = ( b i,j ) N × N , where A T is the transpose of the matrix A . Then b i,j = N − X k =0 s k − i s k − j = N − X k =0 s k s k + i − j . Thus b i,j = | D s ∩ ( D s + ( i − j )) | . Noting that D s is an ( N, N +12 , N +14 ) cyclic difference set,we have b i,j = N + 12 , if i = j ; N + 14 , if i = j. Hence, by Lemma 8 we have det( B ) = ( N +12 ) ( N +14 ) N − . Then | det( A ) | = p det( B ) = N +12 ( N +14 ) N − .According to Lemma 1, there are only three cases for N .If N = 2 n −
1, then | det( A ) | = 2 n − ( n − N − . Since 1 − N is odd, we have gcd(1 − N , det( A )) = 1.If N = p , then it follows from Lemma 9 that gcd(2 p − , p + 1) = 1. Hence gcd(2 N − , det( A )) = 1.If N = p ( p + 2), then | det( A ) | = ( p +1) ( ( p +1) ) N − . Similarly, it follows from Lemma 9that gcd( p + 1 , − N ) = 1 and gcd(1 − N , det( A )) = 1.We are done. (cid:4) Theorem 2 gives a uniform proof that all the known binary sequences with ideal 2-levelautocorrelation have the maximum 2-adic complexities. To the authors’ best knowledge, the2-adic complexities of all these sequences except m -sequences are firstly determined. Anotherconsequence of Theorem 2 is that one can say more about the relation of linear complexity -adic complexity 11 and 2-adic complexity. As we recalled, m -sequences are a class of sequences with minimumlinear complexity and maximum 2-adic complexity, while some l -sequences are a class ofsequences with minimum 2-adic complexity and maximum linear complexity. Now Legendresequences, twin-prime sequences and Hall’s sextic residue sequences are examples of thesequences whose linear complexity and 2-adic complexity both attain the maximum. In this subsection, we will use Theorem 1 to determine 2-adic complexities of Legendresequence and Ding-Helleseth-Lam sequence. According to Theorem 1 and the analysis fol-lowed, we need to compute P s ( w j ), which is related to some exponential sums. For Legendresequence, it is related to quadratic Gauss sum; while for Ding-Helleseth-Lam sequence, it isrelated to quartic Gauss sum. Theorem 3.
Let s be a Legendre sequence with period p ≡ . Then AC ( s ) = p .Proof. By Theorem 1, it suffices to prove that gcd(1 − p , det( A )) = 1, where A = ( a i,j ) p × p is the matrix defined by a i,j = s ( i − j ) mod p .Let w p = e πip , B = P x ∈ D (2 ,p )0 w xp and B = P x ∈ D (2 ,p )1 w xp . According to the definitionof Legendre sequence, we have P s ( w jp )= X i ∈ D (2 ,p )0 w ijp = p − , if j = 0; B , if j ∈ D (2 ,p )0 ; B , if j ∈ D (2 ,p )1 . By Lemma 5, we have 1 + 2 B = g (2; 1) = √ p . Besides, one can easily deduce 1 + B + B = 0. Hence, B = √ p − and B = − √ p +12 . Thus, it follows from Lemma 7 thatdet( A ) = p − Y j =0 P s ( w jp )= p − (cid:18) √ p − (cid:19) p − (cid:18) −√ p − (cid:19) p − = p − (cid:18) p − (cid:19) p − . Similar argument as in Theorem 2 shows that gcd(det( A ) , p −
1) = 1. (cid:4)
Before introducing the result on the 2-adic complexity of Ding-Helleseth-Lam sequence,we need a lemma.
Lemma 10.
Let p ≡ be a prime and a be an odd integer such that a + b = p .Then gcd(1 ± p + a p, p −
1) = 1 . Proof.
We only prove that gcd(1 + 2 p + a p, p −
1) = 1 and the other case can be provedsimilarly.Assume on the contrary that gcd(1+2 p + a p, p −
1) = d >
1. Let r > d . Then one can deduce that r − ≡ p as in the proof of Lemma 9. Thus r = kp + 1, where k ≥ r and p are odd. Let 1 + 2 p + a p = ur .Then u is an even integer since 1 + 2 p + a p is even. Clearly, u ≡ p . On the otherhand, u = p + a pr < p + p r < p + 1. Thus we get u = 1 which contradicts that u is aneven integer. Hence gcd(1 + 2 p + a p, p −
1) = 1. (cid:4)
Theorem 4.
Let s be a Ding-Helleseth-Lam sequence with period p ≡ . Then AC ( s ) = p .Proof. By Theorem 1, it suffices to prove that gcd(1 − p , det( A )) = 1, where A = ( a i,j ) p × p is the matrix defined by a i,j = s ( i − j ) mod p .Let α be a primitive element of F p and w p = e πip . Let λ be a multiplicative characterof F p defined by λ ( α ) = i . Then the order of λ is 4. For 0 ≤ i ≤
3, let B i = P x ∈ D (4 ,p ) i w xp .According to the definition of Ding-Helleseth-Lam sequence, we deduce P s ( w jp )= X i ∈ D (4 ,p )0 ∪ D (4 ,p )1 w ijp = p − , if j = 0; B + B , if j ∈ D (4 ,p )0 ; B + B , if j ∈ D (4 ,p )1 ; B + B , if j ∈ D (4 ,p )2 ; B + B , if j ∈ D (4 ,p )3 . (5)Hence det( A ) = (cid:18) p − (cid:19) [( B + B )( B + B )( B + B )( B + B )] p − . (6)It follows from Lemma 9 that gcd( p − , − p ) = 1.By Lemma 4, we have B = g (4; 1) = G ( λ ; 1) + G ( λ ; 1) + G ( λ ; 1);1 + 4 B = g (4; α ) = λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1);1 + 4 B = g (4; α ) = λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1);1 + 4 B = g (4; α ) = λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1) + λ ( α − ) G ( λ ; 1) . One can easily verify that G ( λ ; 1) = λ ( − G ( λ ; 1). Noting that λ ( α ) = i , the above equationcan be reduced as B = g (4; 1) = G ( λ ; 1) + G ( λ ; 1) + λ ( − G ( λ ; 1);1 + 4 B = g (4; α ) = − iG ( λ ; 1) − G ( λ ; 1) + iλ ( − G ( λ ; 1);1 + 4 B = g (4; α ) = − G ( λ ; 1) + G ( λ ; 1) − λ ( − G ( λ ; 1);1 + 4 B = g (4; α ) = iG ( λ ; 1) − G ( λ ; 1) − iλ ( − G ( λ ; 1) . (7) -adic complexity 13 Let R = Re( G ( λ ; 1)) and I = Im(G( λ ; 1)).If p ≡ λ ( −
1) = λ ( α p − ) = i p − = 1. From Eq. (7), we get B + B ) = R + I − B + B ) = I − R − B + B ) = − R − I − B + B ) = − I + R − . (8)Hence 16( B + B )( B + B )( B + B )( B + B )= (cid:0) − ( R + I ) (cid:1) (cid:0) − ( R − I ) (cid:1) =1 − R − I + ( R − I ) . (9)It follows from Lemma 5 that R + I = p and 4 R = 2( p + a √ p ). Hence we deduce R = ( p + a √ p ) and I = ( p − a √ p ). Thus16( B + B )( B + B )( B + B )( B + B ) = 1 − p + a p. It then follows from Eq. (6), gcd( p − , − p ) = 1 and Lemma 10 that gcd(det( A ) , − p ) = 1.Similarly, if p ≡ B + B )( B + B )( B + B )( B + B ) = 1 + 2 p + a p. Hence we also have gcd(det( A ) , − p ) = 1.The proof is finished. (cid:4) In this section, by using our new method, the 2-adic complexities of many binary se-quences with optimal autocorrelation are determined. We believe that it can be used todetermine the 2-adic complexities of more binary sequences. The reader is cordially invitedto join this adventure.On the other hand, we must mention that this method has its own drawback. It can notwork for those binary sequences for which one has det( A ) = 0, where A is the circulant matrixdefined by the sequence. For example, let s be a Ding-Helleseth-Martinsen sequence [10] withperiod N = 2 q , where q ≡ s , we have P s ( w qN ) = P s ( −
1) = 0, where w N = e πiN . Then one can deduce that det( A ) = 0 from Lemma7. Similarly, when s is a Sidelnikov-Lempel-Cohn-Eastman sequence [10] with period N ≡ A ) = 0. Other methods may be needed to compute the2-adic complexities of these sequences. For a binary sequence s , since its elements consist of 0 and 1, it can also be viewedas a sequence over another finite field. Let us denote by LC q ( s ) the linear complexity of s when we regard it as a sequence over finite field F q . Clearly, LC q ( s ) may be differentwhen q differs. For example, let s = 11000 , , · · · be a binary sequence with period 5.Then one can verify that LC ( s ) = 4. However, if we regard s as a sequence over F , then LC ( s ) = 5 = 4. It is natural to ask what is the relationship of the different linear complexityof the same binary sequence. In this section, we will investigate this problem and will presentsome interesting results. To our knowledge, there are only a few results about this problem;see [16].Firstly, we have the following observation. Proposition 1.
Let s be a binary periodic sequence and F q be a finite field with character p . Then LC q ( s ) = LC p ( s ) .Proof. Denote by N the period of s . Then P ∞ i =0 s i x i = P s ( x )1 − x N , where P s ( x ) is the sequencepolynomial of s . Since the greatest common divisor of P s ( x ) and 1 − x N over F q is equal tothat of these two polynomials over F p , the result then follows from Lemma 3. (cid:4) Thanks to Proposition 1, we will focus on the odd prime fields in the following. Let s be a binary sequence with period N . Now, view P s ( x ) and 1 − x N as polynomials in Z [ x ].Let g ( x ) = gcd( P s ( x ) , − x N ) be a monic polynomial. Then g ( x ) ∈ Z [ x ]. Clearly, there existpolynomials u ( x ) , v ( x ) ∈ Z [ x ] and a nonzero integer a such that u ( x ) P s ( x ) + v ( x )(1 − x N ) = ag ( x ) . (10)Note that a = 1 may hold since we are working not on the fields but on the rings. For example,let P s ( x ) = 1 + x and N = 5 as in the before example. It is clear that gcd( P s ( x ) , − x N ) = 1in Z [ x ]. Substituting P s ( x ) = 1 + x , N = 5 and g ( x ) = 1 into (10), one gets u ( x )(1 + x ) + v ( x )(1 − x ) = a , which will force a to be even since both 1 + x and 1 − x are even if x isan odd integer. Hence a = 1. Theorem 5.
Let p be a prime. The other notations are the same as defined in the aboveparagraph. Then LC p ( s ) ≤ N − deg g ( x ) . If p a , then the equality holds.Proof. Let us view P s ( x ) and 1 − x N as polynomials in F p [ x ] and denote by d ( x ) theirgreatest common divisor in F p [ x ]. If we also view g ( x ) as a polynomial over F p , then g ( x ) | d ( x ).Hence, by Lemma 3, we deduce that s can be generated by the LFSR over F p with connectionpolynomial (1 − x N ) /g ( x ). Therefore, LC p ( s ) ≤ N − deg g ( x ).If p a , then a = 0 in F p . By Equation (10), we have d ( x ) | g ( x ), which means d ( x ) = g ( x ).Thus, it follows from Lemma 3 that LC p ( s ) = N − deg g ( x ). (cid:4) -adic complexity 15 We should remind the reader that the inequality in the above theorem holds sometimes.For example, let s = (11010) be a sequence of period 5. Then we have g ( x ) = gcd( P s ( x ) , − x ) = 1 in Z [ x ] while d ( x ) = gcd( P s ( x ) , − x ) = x − F [ x ]. Hence LC ( s ) = 4 < N − deg g ( x ). Corollary 1.
Let s be a binary ideal -level autocorrelation sequence with period N , and let p be an odd prime.(1) If | D s | = N +12 and p ( N + 1) , then LC p ( s ) = N ;(2) If | D s | = N − , p ( N + 1) and p | ( N − , then LC p ( s ) = N − ;(3) If | D s | = N − and p ( N − , then LC p ( s ) = N .Proof. (1) Assume that | D s | = N +12 . Then D s is an ( N, N +12 , N +14 ) cyclic difference set. Inthe proof of Theorem 2, it is proved that det( A ) = ± ( N +12 )( N +14 ) ( N − ) , where A = ( a ij ) =( s ( i − j ) mod N ) be the matrix defined by s . Comparing (1) and (10), one has g ( x ) = 1 and a = det( A ). Hence p a by the assumption p ( N + 1). The result then follows from Theorem5. (2) Assume that | D s | = N − . Then D s is an ( N, N +12 , N +14 ) cyclic difference set. Accord-ing to the result of the first part, we have gcd( P s ( x ) , − x N ) = 1. Noting that P s ( x ) + P s =(1 − x N ) / (1 − x ), one can deduce gcd( P s ( x ) , (1 − x N ) / (1 − x )) = 1. Because p | ( N − P s (1) = 0 which means (1 − x ) | P s ( x ). Therefore gcd( P s ( x ) / (1 − x ) , (1 − x N ) / (1 − x )) = 1.The result then follows from Lemma 3.(3) One can deduce the result similarly as the second part. (cid:4) Since N is finite, the number of primes dividing N − Theorem 6.
Let s be a binary ideal -level autocorrelation sequence with period N = 2 n − .Let F q be a finite field with an odd character p .(1) If | D s | = N +12 , then LC q ( s ) = N ;(2) If | D s | = N − and p | ( N − , then LC q ( s ) = N − ;(3) If | D s | = N − and p ( N − , then LC q ( s ) = N . To summarize, the contributions of this paper are threefold. Firstly, a new method ispresented to compute the 2-adic complexity of binary sequences. Secondly, all the knownbinary sequences with ideal 2-level autocorrelation are uniformly proved to have the max-imum 2-adic complexities, i.e. their 2-adic complexities equal their periods. As far as the authors known, the 2-adic complexities of all these sequences except m -sequences are notknown before this paper. We also investigated the 2-adic complexities of two classes of opti-mal autocorrelation sequences with period N ≡ Acknowledgments
The work was supported by the Natural Science Foundation of China (No. 61272484)and Basic Research Fund of National University of Defense Technology (No. CJ 13-02-01).
References
1. J. L. Massery, “Shift-Register Synthesis and BCH Decoding,” IEEE Trans. Inf. Theory, no. 1, vol. 15, pp.122-127, 19692. A. Klapper and M. Goresky, “Cryptanalysis based on 2-adic rational approximation,” in Advances inCryptology-CRYPTO’95, vol. 963, pp. 262-273, 19953. C. Seo, S. Lee, Y. Sung, K. Han and S. Kim, “ A lower bound on the linear span of an FCSR,” IEEETrans. Inf. Theory, vol. 46, pp. 691-693, 20004. W. F. Qi and H. Xu, “On the linear complexity of FCSR sequences,” Applied mathematics-A journal ofChinese universities, vol. 18, no. 3, pp. 318-324, 20035. A. Klapper and M. Goresky, “Feedback shift registers, 2-adic span, and combiners with memory” J.Cryptology, vol. 10, pp. 111-147, 19976. T. Tian and W. F. Qi, “2-adic complexity of binary mm