Further results on the 2-adic complexity of a class of balanced generalized cyclotomic sequences
aa r X i v : . [ c s . I T ] F e b Noname manuscript No. (will be inserted by the editor)
Further results on the 2-adic complexity of a class ofbalanced generalized cyclotomic sequences
Chun-e Zhao ∗ · Yuhua Sun · Tongjiang Yan
Received: date / Accepted: date
Abstract
In this paper, the 2-adic complexity of a class of balanced Whiteman gen-eralized cyclotomic sequences of period pq is considered. Through calculating thedeterminant of the circulant matrix constructed by one of these sequences, we de-rive a lower bound on the 2-adic complexity of the corresponding sequence, whichfurther expands our previous work (Zhao C, Sun Y and Yan T. Study on 2-adic com-plexity of a class of balanced generalized cyclotomic sequences. Journal of Crypto-logic Research,6(4):455-462, 2019). The result shows that the 2-adic complexity ofthis class of sequences is large enough to resist the attack of the rational approxima-tion algorithm(RAA) for feedback with carry shift registers(FCSRs), i.e., it is in factlower bounded by pq − p − q −
1, which is far larger than one half of the period ofthe sequences. Particularly, the 2-adic complexity is maximal if suitable parametersare chosen.
Keywords · generalized cyclotomic sequences · circulant matrix The concept of the 2-adic complexity of a binary sequence was originally consideredby Klapper and Goresky , meanwhile, the rational approximation algorithm (RAA)to attack a given key stream sequence with low 2-adic complexity was also presentedby them [2]. Therefore, the 2-adic complexity of a key stream sequence has becomean important security criterion and it should be no less than one half of the period ofthe sequence according to RAA.
This work is financially supported by the National Natural Science Foundation of China (No. 61902429),Fundamental Research Funds for the Central Universities (No. 19CX02058A), Shandong Provincial Nat-ural Science Foundation of China (ZR2019MF070). ∗ The corresponding author: [email protected] Zhao, Yuhua Sun, Tongjiang YanCollege of Sciences, China University of Petroleum, Qingdao 266555, Shandong, China Chun-e Zhao ∗ et al. In the past few decades, many generalized cyclotomic sequences with high lin-ear complexity have been constructed and have been widely used in communicationsystems. However, the 2-adic complexity of only a small part of these sequences hasbeen completely determined. For example, the 2-adic complexity of twin-prime se-quences is maximal which has been proved as a class of sequences with ideal 2-levelautocorrelation by Xiong et al. [4]. And the 2-adic complexity of modified Jacobi se-quences of period pq was originally showed to satisfy a lower bound pq − p − q − q + ≤ p ≤ q − pq has also been proved tohave large 2-adic complexity by Zeng et al. [7] and Sun et al. [9]. It should be pointedout that all the above sequences are unbalanced.In this paper, we aim to analyze the 2-adic complexity of a class of balancedWhiteman generalized cyclotomic sequences whose linear complexity has been provedto be large enough to resist B-M algorithm by Bai et al. [12]. Our result shows thatthe 2-adic complexity of these sequences is also large enough and it is even optimalwhen the parameters are suitable chosen.The rest of the paper is organized as follows. We give the relevant definitionsof Whiteman generalized cyclotomic sequences and some known results Whitemangeneralized cyclotomic classes in Section 2. In Section 3, by means of a new propertyof Gaussian periods and the method of Xiong et al. [4], we study the 2-adic complex-ity of a class of balanced Whiteman generalized cyclotomic sequences and give anontrivial lower bound on the 2-adic complexity. Finally, we summarize our resultsin Section 4. Firstly, we give some definitions and symbols which will be always used in the wholepaper unless otherwise specified.Let p , q be two different primes satisfying gcd ( p − , q − ) = g be a com-mon primitive root of p and q . Denote N = pq . By China Remainder Theorem, thesystem of the congruence equations (cid:26) x ≡ g ( mod p ) , x ≡ ( mod q ) has only one solution x in the ring Z N of residue classes modulo N . Denote e =( p − )( q − ) /
2. Then the Whiteman generalized cyclotomic classes D i of order 2with resect to p and q are defined as D i = { g s x i ( mod N ) : s = , , · · · , e − } , i = , . Let Z ∗ N be the multiplicative group of integers modulo N . Whiteman has showed that Z ∗ N = D ∪ D , D ∩ D = /0 , utocorrelation distribution and 2-adic complexity 3 where /0 is the empty set. The cyclotomic numbers associated with the Whitemangeneralized cyclotomic classes of order 2 with respect to p and q are defined by ( i , j ) = | ( D i + ) ∩ D j | , where D i + = { x + | x ∈ D i } , i = , j = ,
1. Let D ( p ) = { g t ( mod p ) : t = , , · · · , p − − } , D ( p ) = { g t + ( mod p ) : t = , , · · · , p − − } , D ( q ) = { g t ( mod q ) : t = , , · · · q − − } , D ( q ) = { g t + ( mod q ) : t = , , · · · , q − − } . Then P = { p , p , · · · , ( q − ) p } = D ( q ) p ∪ D ( q ) p , Q = { q , q , · · · , ( p − ) q } = D ( p ) q ∪ D ( p ) q , where D ( p ) i q = { xq | x ∈ D ( p ) i } , D ( q ) i p = { xp | x ∈ D ( q ) i } , i = , . Let C = { } ∪ D ∪ D ( p ) q ∪ D ( q ) p , C = D ∪ D ( p ) q ∪ D ( q ) p . Then Z N = C ∪ C . Define the sequence s = { s i } N − i = of period N as s i = (cid:26) , i ( mod N ) ∈ C , , i ( mod N ) ∈ C , (1)which was originally given by Ding and Helleseth[11] and has been proved by Bai etal. to have high linear complexity [12].For an arbitrary binary sequence s = { s i } N − i = of period N , let S ( x ) = N − ∑ i = s i x i ∈ Z [ x ] . If S ( ) N − = N − ∑ i = s i i N − = mn , ≤ m ≤ n , gcd ( m , n ) = , (2)then the 2-adic complexity ϕ ( s ) of s is defined by ⌊ log ( n + ) ⌋ , where gcd ( m , n ) isthe greatest common divisor of the integers m , n and ⌊ log n ⌋ is the maximal integerno more than log n .From Eq. (2), we know that ϕ ( s ) can be calculated by ϕ ( s ) = j log (cid:16) N − (cid:0) N − , S ( ) (cid:1) + (cid:17)k . (3) Chun-e Zhao ∗ et al. Let ω p = e π ip be a complex p th primitive root of unity and ω N = e π iN be a com-plex N th primitive root of unity, then δ pi = ∑ k ∈ D ( p ) ω kp and η i = ∑ k ∈ D i ω kN are calledGauss periods based on classical cyclotomic classes D ( p ) i and generalized cyclotomicclasses D i respectively, where i = , Lemma 1 [8] Let p , q be two distinct primes with gcd ( p − , q − ) = . Then(1) η + η = , η η = + pq ;(2) for an odd prime p ≡ ( mod 4 ) , δ p + δ p = − , δ p δ p = − p ;(3) for an odd prime p ≡ ( mod 4 ) , δ p + δ p = − , δ p δ p = + p . In this section, using the method of Xiong et al.[4], a lower bound on the 2-adiccomplexity of the balanced Whiteman generalized cyclotomic sequences defined in(1) for the case of | q − p | < √ pq −
1. To this end, we list the following lemmas inturn.
Lemma 2
Let p ≡ ( mod 4 ) , q ≡ ( mod 4 ) , then η ( δ p δ q + δ p δ q ) + η ( δ p δ q + δ p δ q ) = − pq ± pq . Proof
By lemma 1 (2)-(3), we have δ p = − ± √ p , δ p = − ∓ √ p , δ q = − ± √ qi , δ q = − ∓ √ qi . Then, by direct calculation, we get δ p δ q + δ p δ q = ± √ pqi , δ p δ q + δ p δ q = ∓ √ pqi . Again, by Lemma 1 (1) and direct calculation, we can further obtain η ( δ p δ q + δ p δ q ) + η ( δ p δ q + δ p δ q )= η × + √ pqi + η × − √ pqi = ( η + η ) + √ pqi ( η − η )= − pq ± pq . utocorrelation distribution and 2-adic complexity 5 Lemma 3 [1],[4] Let s = { s i } N − i = be a binary sequence of period N and denoteS ( x ) = N − ∑ i = s i x i ∈ Z [ x ] . Suppose A = ( a i , j ) N × N is the matrix defined by a i , j = s i − j ( mod N ) .Viewing A as a matrix over the rational field Q . Then(1) det ( A ) = ∏ N − a = S ( ω aN ) ;(2) If the determinant of A satisfies det ( A ) = , then gcd (cid:0) S ( ) , N − (cid:1) | gcd (cid:0) det ( A ) , N − (cid:1) . (4)From Lemma 3, to get a lower bound of the 2-adic complexity of a binary se-quence we need to determine the value of det ( A ) and the value of det ( A ) can beobtained by ∏ N − a = S ( ω aN ) . The following three lemmas provide the desired results. Lemma 4 [13] For any a ∈ Z N and B ⊂ Z N , denote aB = { ab ( mod N ) | b ∈ B } , thenthere are following properties .(1) For every fixed a ∈ D i , aP = P , aQ = Q and aD j = D ( i + j ) ( mod 2 ) , where i , j = , .(2) For every fixed a ∈ P, if b runs through D i , then ab runs though P every elements p − times, and aP = P , aQ = R.(3) For every fixed a ∈ Q, if b through D i , then ab runs through Q every elements q − times. and aQ = Q , aP = R.(4) For every fixed a ( mod p ) ∈ D ( p ) i , then aD ( p ) j = D ( p ) i + j ( mod 2 ) , i , j = , .(5) For every fixed a ( mod p ) ∈ D ( q ) i , then aD ( q ) j = D ( q ) i + j ( mod 2 ) , i , j = , . In convenience, we denote D = { g t ( mod N ) : t = , , · · · , e − } , D = { g t + ( mod N ) : t = , , · · · , e − } , D = { g t x ( mod N ) : t = , , · · · , e − } , D = { g t + x ( mod N ) : t = , , · · · , e − } , i.e., D = D ∪ D and D = D ∪ D . Lemma 5
Let { s i } N − i = be the sequence defined in Eq.(1), thenS ( ω aN ) = pq − a ∈ R δ p a ∈ D ( q ) p δ p a ∈ D ( q ) p δ q a ∈ D ( p ) q δ q a ∈ D ( p ) q η + δ q + δ p a ∈ D η + δ q + δ p a ∈ D η + δ q + δ p a ∈ D η + δ q + δ p a ∈ D Chun-e Zhao ∗ et al. Proof
We need only apply the results of Lemma 4 to the definition of S ( ω aN ) accord-ing to the set to which a belongs. For the sake of brevity, here we omit the details. Lemma 6
Let s = ( s , s , · · · , s N − ) be the binary sequence defined in Eq.(1) andA = ( a i , j ) N × N be the matrix defined by a i , j = s ( i − j ) ( mod N ) . Then det ( A ) = ( pq − )( − p ) p − ( + q ) q − ∆ e , where ∆ = [ ( + pq ) + ( ± − d ) pq + d + d + ] and d = q − p − .Proof By Lemmas 3 and 5, we have det ( A ) = N − ∏ a = S ( ω aN ) = ( pq − )( δ q δ q ) q − ( δ p δ p ) p − ∆ e ,here we temporarily denote ∆ = ( η + δ q + δ p )( η + δ q + δ p )( η + δ q + δ p )( η + δ q + δ p ) . By Lemmas 4 and 5, we know that δ q δ q = + q and δ p δ p = − p . Next, wefocus on ∆ . ∆ =( η + δ q + δ p )( η + δ q + δ p )( η + δ q + δ p )( η + δ q + δ p )=[ η + ( δ q + δ p + δ q + δ p ) η + ( δ q + δ p )( δ q + δ p )][ η + ( δ q + δ p + δ q + δ p ) η + ( δ q + δ p )( δ q + δ p )]=[ η − η + + q − p + ( δ q δ p + δ p δ q )][ η − η + + q − p + ( δ q δ p + δ q δ p )]=( A + B )( A + B )= A A + A B + A B + B B , where A i = η i − η i + q − p + and B i = δ p δ qi + δ p δ qi + ( i = , ) . Following, weanalyze A A , A B + A B and B B , respectively. A A =[ η − η + q − p + ][ η − η + q − p + ] ( by Lemma )=[ η − + q − p + ][ η − + q − p + ]=[ η + q − p − ][ η + q − p − ] ( denote q − p − by d )= ( + pq ) + d [ − + pq ] + d . A B + A B =[ η − η + q − p + ][ δ p δ q + δ p δ q ] + [ η − η + q − p + ][ δ p δ q + δ p δ q ] ( by Lemma )=[ η + d ][ δ p δ q + δ p δ q ] + [ η + d ][ δ p δ q + δ p δ q ]= η [ δ p δ q + δ p δ q ] + η [ δ p δ q + δ p δ q ] + d [ δ p δ q + δ p δ q + δ p δ q + δ p δ q ] ( by Lemma )= − pq ± pq + d [( δ p + δ p )( δ q + δ q )] ( by Lemmas and )= − pq ± pq + d . utocorrelation distribution and 2-adic complexity 7 B B =[ δ p δ q + δ p δ q ][ δ p δ q + δ p δ q ]= δ q δ q ( δ p ) + δ p δ p ( δ q ) + δ p δ p ( δ q ) + δ q δ q ( δ p ) ( by Lemmas and )=[( δ p ) + ( δ p ) ] δ q δ q + [( δ q ) + ( δ q ) ] δ p δ p =( − δ p δ p ) δ q δ q + ( − δ q δ q ) δ p δ p =( − × − p ) × + q + ( − × + q ) × − p = + pq ∆ = [ ( + pq ) + ( ± − d ) pq + d + d + ] . Lemma 7 [8] Let p and q be different primes with N = pq, then gcd ( p − , N − p − ) = gcd ( p − , q ) and gcd ( q − , N − q − ) = gcd ( q − , p ) . Especially, if p < q, then gcd ( q − , N − q − ) = . Theorem 1
Let p and q be two primes satisfying p ≡ , q ≡ with | q − p | < √ pq − . Let { s i } N − i = be the Whiteman generalized cyclotomic sequencedefined in Eq.(1). Then the lower bound of the 2-adic complexity φ ( s ) is pq − p − q − .Proof Let r be a prime factor of 2 N − r ( ) be the multiplicative order of 2modulo r . Since 2 N − = r , Ord r ( ) | N . So we get Ord r ( ) ∈ { pq , p , q } . ByFermat’s little theorem, we know that 2 r − = r . Then Ord r ( ) | r −
1, therefore r = k Ord r ( ) + k is a positive integer. From Lemma 7, we first calculate thevalue of gcd ( det ( A )) , N − ) for different cases.(1) Ord r ( ) = pq .In this case, we have pq | r −
1, i.e., r > pq . Among the factors in det ( A ) , pq − , − p , + q are less than pq . So we only need to analyze ∆ . ( i ) If ∆ = [ ( + pq ) + − d pq + d + d + ] , then there exist two integers t and k such that r = kpq + ∆ = [ ( + pq ) + − d pq + d + d + ] = t ( kpq + ) ,i.e. ( + pq ) + pq + d + d + = t ( kpq + ) which is equivalent to pq ( pq + − d ) + ( d + ) = pq ( tk ) + t . (5)By the fact that | q − p | < √ pq −
1, we have that ( d + ) = ( q − p + ) < pq .If 16 t < pq , then 16 t = ( d + ) which is impossible for any integers t and d .So 16 t > pq . By the eq.(5), 16 t > pq and 16 kt < pq + − d , again by thefact that | q − p | < √ pq −
1, then 8 d = ( q − p − ) and 16 kt < pq + − d < pq + √ pq + < pq . So k = r = pq + r is a prime. So gcd ( r , ∆ ) = ( ii ) If ∆ = [ ( + pq ) + − d pq + d + d + ] , using the same method as that in thecase ( i ) , we also have gcd ( r , ∆ ) = r ( ) = pq , we have gcd ( r , det ( A )) = Chun-e Zhao ∗ et al. (2) Ord r ( ) = p .By Lemma 7, gcd ( p − , N − p − ) = gcd ( p − , q ) . 2 r − = r , So p | r − r > p . If q < p , then q is not a prime factor of 2 p −
1. So gcd ( p − , q ) = r is a factor of 2 p −
1. If q > p , suppose gcd ( r , q ) = ( r , q ) = q , so there exists a positive integer k such that kp + = q (6)which is equivalent to q − = kp . Because 2 = gcd ( p − , q − ) = gcd ( p − , kp ) = gcd ( p − , k ) , so k = k = , p = q = ( r , q ) =
1. Then gcd ( p − , N − p − ) = r ( ) = q .Using the same method as that in the case ( ) , we also have gcd ( q − , N − q − ) = gcd ( q − , p ) = (cid:4) N − ( s ( ) , N − ) (cid:5) ≥ log ⌊ N − ( det ( A ) , N − ) ⌋≥ log ⌊ N − ( p − )( q − ) ⌋ ≥ N − p − q − . Theorem 2
Let p and q be two primes satisfying p ≡ , q ≡ withq − p = . Let { s i } N − i = be the Whiteman generalized cyclotomic sequence defined inEq.(1). Then the 2-adic complexity of { s i } N − i = is maximal, i.e., φ ( s ) = N . Proof
Let r be a prime factor of 2 N − r ( ) be the multiplicative order of 2modulo r . Since 2 N ≡ r , so Ord r ( ) | N . Then we get Ord r ( ) ∈ { pq , p , q } . ByFermat’s little theorem, we know that 2 r − = r . Then Ord r ( ) | r −
1, therefore r = k Ord r ( ) + k is a positive integer. From Lemma 7, we first calculate thevalue of gcd ( det ( A )) , N − ) for different cases. For the case of ord r ( ) = pq , wehave gcd ( r , det ( A )) = gcd ( r , det ( A )) forthe r ’s satisfying Ord r ( ) ∈ { p , q } . For the reason that such r ’s satisty r > min { p , q } .Among the factors in det ( A ) , p − and + q are less than r . So we only need to analyzegcd ( r , pq − ) and gcd ( r , ∆ ) for the case of Ord r ( ) ∈ { p , q } .(1) Ord r ( ) = p .(i)gcd ( r , ∆ ) = ∆ = [ ( + pq ) + + pq ] , suppose r = kp + ∆ . Then there existsan integer t such that ( + pq ) + + pq = t ( kp + ) , i.e. ( p + ) + ( p + ) = t ( kp + ) which is equivalent to ( p + ) + ( p + ) = t ( kp + ) i.e. ( p + ) [( p + ) + ] = t ( kp + ) . By the fact that r = kp + k > kp + ∤ p +
1. So kp + | ( p + ) +
8. Suppose ( p + ) + = t ( kp + ) (7) utocorrelation distribution and 2-adic complexity 9 i.e. p ( p + ) + = t kp + t . If t < p , then t = k = p + = q which con-tradicts with q is prime. So t > p and then t k < p +
2. So k = r = kp + ( r , ∆ ) = ∆ = [ ( + pq ) + − pq ] , suppose ( + pq ) + − pq = t ( kp + ) i.e. ( p + ) + [ − p − p ] = t ( kp + ) . That is [( p + ) − ] = t ( kp + ) . Then kp + | p + p + | p − ( r , ∆ ) = ( r , pq − ) = pq − = t ( kp + ) i.e. pq − = t ( kp + ) , that is to say, p ( p + ) + ( p − ) = tkp + t . (8)If 2 t < p , in Eq. (8),then 2 t = p − ( p − ) kp = p ( p + ) so k ( p − ) = p + t > p and 2 tk < p + ( r , ( pq − ) ) = r ( ) = q .By the same method as that used in (1), we also get gcd ( r , ∆ ) = ( r , pq − ) =
1. Furthermore, gcd ( r , det ( A )) = ( N − , det ( A )) =
1. Then N − ≥ log (cid:4) N − ( s ( ) , N − ) + (cid:5) ≥ log ⌊ N − ( det ( A ) , N − ) + ⌋ = N . Remark 1
For the results obtained in this paper, we make the following two expla-nations:(1) For the result of Lemma 6, we have verified its correctness by Matlab and Math-ematica programs through several examples.(2) Through direct calculation using Mathematica programs, we get and list the ex-act values of 2-adic complexity and the lower bounds of the 2-adic complexityobtained in this paper for different cases of ( p , q ) in the following table. From thetable, we found that the exact values of the 2-adic complexity in all the followingexamples attain the maximal. So we conjecture that the 2-adic complexity of thesequences discussed in this paper may be really maximal for all possible param-eters but we are not able to prove it in our ability. We also sincerely invite thosereaders who are interested in it to take part in this work. ( p , q ) − adic Lower bound ( p , q ) − adic Lower bound ( , )
15 6 ( , )
187 158 ( , )
35 22 ( , )
323 286 ( , )
55 38 ( , )
391 350 ( , )
143 118 ( , )
527 478 ( , )
299 262 ( , )
731 670 ∗ et al. In this paper, we study the 2-adic complexity of a class of balanced generalized cy-clotomic sequences, which has been proved to have high linear complexity to resistlinear attacks. The results of this paper show that it has also have large 2-adic com-plexity, i.e., it is larger than half of the period and is large enough to resist the attackof the RAA.
References
1. P. J. Davis, ”Circulant Matrices.” New York, NY, USA: Chelsea, 1994.2. Klapper, A., Goresky, M.: Feedback shift registers, 2-adic span, and combiners with memory. Journalof Cryptology 10, 111-147 (1997).3. Tian, T., Qi, W.: 2-Adic complexity of binary mm