Linear Complexity of A Family of Binary $pq^2$-periodic Sequences From Euler Quotients
Jingwei Zhang, Shuhong Gao, Chang-An Zhao

TL;DR
This paper introduces a new family of binary sequences based on Euler quotients with high linear complexity, useful for cryptographic applications, and provides their minimal polynomials under specific conditions.
Contribution
The paper determines the minimal polynomials and linear complexities of a new family of binary $pq^2$-periodic sequences derived from Euler quotients, under certain modular conditions.
Findings
Sequences have high linear complexity
Minimal polynomials are explicitly determined
Sequences are suitable for cryptographic use
Abstract
We first introduce a family of binary -periodic sequences based on the Euler quotients modulo , where and are two distinct odd primes and divides . The minimal polynomials and linear complexities are determined for the proposed sequences provided that The results show that the proposed sequences have high linear complexities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCoding theory and cryptography · Analytic Number Theory Research · graph theory and CDMA systems
Linear Complexity of A Family of Binary -periodic Sequences From Euler Quotients
Jingwei Zhang, Shuhong Gao and Chang-An Zhao∗ The work of Chang-An Zhao is partially supported by National Key RD Program of China under Grant No. 2017YFB0802500, by NSFC under Grant No. 61972428 and by the Major Program of Guangdong Basic and Applied Research under Grant No. 2019B030302008. The work of Shuhong Gao was partially supported by the National Science Foundation under grants DMS-1403062 and DMS-1547399. The work of Jingwei Zhang was partially supported by the National Social Science Fund of China under Grant No.14BXW031 and by Guangdong Basic and Applied Basic Research Foundation under Grant No. 2019A1515011797. J.W. Zhang is with School of Information Science, Guangdong University of Finance and Economics, Guangzhou, 510320, P.R. China (E-mail: [email protected]) S. Gao is with School of Mathematical and Statistical Sciences, Clemson University, Clemson, S.C.,29634, U.S.A (E-mail: [email protected])C.-A, Zhao is with School of Mathematics, Sun Yat-sen University, Guangzhou 510275, P.R.China and with Guangdong Key Laboratory of Information Security, Guangzhou 510006, P.R. China. Corresponding author. (E-mail: [email protected])
Abstract
We first introduce a family of binary -periodic sequences based on the Euler quotients modulo , where and are two distinct odd primes and divides . The minimal polynomials and linear complexities are determined for the proposed sequences provided that The results show that the proposed sequences have high linear complexities.
Index Terms:
Cryptography, linear complexity, binary sequences, Euler quotients.
I Introduction
We will begin by the following definition of the Euler quotient modulo a product of two distinct odd primes. Let and be two distinct odd primes. For a nonnegative integer that is relatively prime to , the Euler quotient is defined as a unique integer in with
[TABLE]
where is the well-known Euler-phi function. We also define if and are not relatively prime.
It can be seen easily that the Euler quotient has the following property:
[TABLE]
where and is relatively prime to
In 2010, Chen, Ostafe and Winterhof[11] introduced families of binary sequences using Fermat/Euler quotients. Then several nice cryptographic properties of these sequences were proved in [6, 7, 8, 3, 5, 4]. Based on the distribution and algebraic structure of the Fermat quotients, the linear complexity was determined for a binary threshold sequence defined from Fermat quotients [8]. Naturally, the definition of the Euler quotient can be generalized by Euler’s Theorem [1]. Chen and Winterhof extended the distribution of pseudorandom numbers and vectors derived from Fermat quotients to Euler quotients [6]. Moreover, linear complexities were calculated for binary sequences derived from Euler quotients with prime-power modulus. Trace representations and linear complexities were investigated for binary sequences derived from Fermat quotients [3]. Subsequently, a trace representation was given for a family of binary sequences derived from Euler quotients modulo a fixed power of a prime [4]. Chen and Winterhof generalized Fermat quotients to the so-called polynomial quotients in [7]. Then the -error linear complexity was determined for binary sequences derived from the polynomial quotient modulo a prime [5] or its power [21], respectively. In [22], a series of optimal families of perfect polyphase sequences were derived from the array structure of Fermat-quotient sequences. All of the above results show that pseudorandom sequences derived from Fermat quotients, Euler quotients or their variants can be regarded as an important class of sequences from a cryptographic point of view.
In this paper, we study binary sequences derived from the Euler quotient modulo . Using the same notation as above, a binary threshold sequence from the Euler quotient modulo can be defined as
[TABLE]
For our purpose, we introduce the concept of the linear complexity of binary sequences now. The linear complexity of an -periodic sequence over the binary field is the smallest nonnegative integer for which there exist elements such that
[TABLE]
Let be the generating polynomial of . By [13], the minimal polynomial of is defined as
[TABLE]
where denotes the greatest common divisor of two polynomials over and the linear complexity of is
[TABLE]
Note that the linear complexity is of fundamental importance as a complexity measure for binary sequences in sequences designs [13, 14, 15]. Besides the measure of the linear complexity for sequences, other measures are also required according to different specific requirements from applications, for example, low autocorrelations or cross-correlations [25, 26], good nonlinear properties [28, 17, 27], and sphere complexities (or -error complexities) [10, 9].
For a binary sequence to be cryptographically strong, the linear complexity of the sequence should be at least a half of the least period of the sequence. In fact, if the linear complexity of a binary sequence for additive stream ciphering purposes is , then consecutive bits of the sequence can be employed to “recover” the whole key stream with the well-known Berlekamp-Massey algorithm [19, 13]. Therefore, it is necessary that key stream sequences must have large linear complexity in additive stream ciphers to resist the Berlekamp-Massey attack from a point of cryptographic view.
The main contribution of this paper is to determine the minimal polynomial and the linear complexity of the sequence defined in (3). We state our main result as follows.
Theorem 1
Let and be two distinct odd primes with dividing . Assume that Then the binary threshold sequence defined in (3) has period at least The minimal polynomial of is
[TABLE]
where denotes the -th cyclotomic polynomial for any positive integer and the linear complexity of is
[TABLE]
To the best of our knowledge, this is the first time to introduce this kind of sequences based on the Euler quotient modulo a product of two distinct odd primes. Under the condition that divides , we will show that the binary sequence has period at least . Furthermore, minimal polynomials and linear complexities of this class of binary sequences are determined. It turns out that the proposed sequence has linear complexity which is much higher than a half of the least period. This means that it can be employed in stream ciphers. Note that the sphere complexity [13] (or -error linear complexity [24]) of key stream sequences which measures the stability of linear complexity is also cryptographically important. Several classes of sequences derived from Euler (or Fermat) quotients modulo a fixed prime power have good -error linear complexities (see [5, 21]). We expect that the proposed sequence also posses such good properties. In fact, some experimental results have indicated that -error linear complexity of the presented sequence here is still equal to the original linear complexity, which means that it is entirely possible to have good linear complexity stability for the proposed sequence. We leave this problem as future work.
By using the generalized cyclotomic techniques, one can also construct other binary sequences with period . We refer the reader to see [12, 2, 16] for more details. We emphasize that our results are new. In particular, we point out that our results are not special cases of Theorem 4.2 of [16] although both may give a sequence with period . In fact, this can be seen easily by comparing linear complexities of the two families of binary sequences.
In the rest of the paper, we give a proof of the above theorem in Section II, and conclude with a few remarks in Section III.
II Proof of Main Results
In this section, we are devoting to the proof of the main results.
We first show that is one of the periods of sequence under the condition that is a divisor of . Setting in (2), we see that
[TABLE]
which implies for all . Thus the sequence is periodic with period . We will demonstrate that is the least period of the sequence in the following lemma.
Lemma 1
With the notation above, the sequence has period at least .
Proof:
We first prove that is not a period of the sequence . By (2), we have
[TABLE]
It follows from that the -th term of the sequence is equal to 1, i.e., . Note that according to the definition of the sequence . Hence is not a period of the sequence .
Now we prove that is not a period of the sequence . We can assume that is a period of the sequence . Let . It follows from (2) that
[TABLE]
and thus . This means that the sequence satisfies . However, we have according to the definition of the sequence and It follows that , a contradiction.
Hence the least period of the sequence is which completes the proof of the lemma. ∎
For any integer , we denote by all representatives for the residue classes of integers modulo and by all representatives that are relatively prime to in respectively. Since the least period of is , we restrict the action of on sometimes. With a slight abuse of notation, we shall still use the same symbol to denote this restriction of the Euler quotient on .
Let be a fixed common primitive root of both and . The Chinese Reminder Theorem(CRT) [23] guarantees that there exists an element of such that
[TABLE]
Put and where lcm denotes least common multiple. Then the unit group of the ring [12] can be written as follows
[TABLE]
The following lemma shows that the map is a group homomorphism when we restrict the action of the map to the unit group .
Lemma 2
Let be the map from to where contains exactly all of the residue classes which are divisible by in the addition group . Then is a surjective group homomorphism.
Let and be defined as above. Then the image and kernel of are given as
[TABLE]
and
[TABLE]
respectively.
Proof:
Note that for . We can write for some integer . Substituting it into (1), we have
[TABLE]
as divides . This means that is divisible by and thus the map is well defined.
For it follows from Euler’s Theorem that
[TABLE]
which yields the map is a group homomorphism.
Now we show that the map is surjective. There exists some integer such that with since is a primitive root in . This implies that
[TABLE]
Note that . It follows from the CRT that there exists some positive integer with such that
[TABLE]
It follows that is one generator of the addition group . Consequently, the map is surjective and .
It is known that both and are divisible by . Also,
[TABLE]
On the basis of the CRT, we have . Hence . Observe that . We can write . Hence
[TABLE]
Combining the above equation with , we get Therefore, we have
[TABLE]
Now we need to show that the kernal and the subgroup have the same cardinality. By the Third Isomorphism Theorem [20], we have
[TABLE]
This yields that are all cosets of the subgroup of . It follows that . On the other hand, according to the Fundamental Homomorphism Theorem [20], we see that
[TABLE]
and so . This completes the proof of the lemma. ∎
Note that Lemma 2 gives that with some . This means that by the CRT. Let be the inverse of in , i.e., . Define in . Then
[TABLE]
by the homomorphism property of the map . It follows from that
[TABLE]
Combining the above equality with , we get . The following lemma describes a partition of which will give a new explanation of the definition of the sequence .
Lemma 3
Let be an element in with Define
[TABLE]
and
[TABLE]
for Then and for all .
Proof:
We first prove that for all . Note that Lemma 2 gives that It is easy to see that for with . We have
[TABLE]
This implies that . Conversely, for , we have
[TABLE]
and thus
[TABLE]
by the homomorphism property of . This means that
[TABLE]
Therefore, there exists some element such that
[TABLE]
Hence we have and so . This completes the whole proof of the lemma. ∎
By the definition of and , Lemma 3 gives that for Let . The sequence can be rewritten as
[TABLE]
The new explanation of the sequence will be helpful to determine linear complexities. We will make extensive use of the following lemmas for completing the proof of Theorem 1.
Lemma 4
For any if for some we have
[TABLE]
where all the subscripts are certainly understood modulo . In particular, for .
Proof:
If , then and with . Hence This implies that . Conversely, it can be seen easily that . This finishes the proof of the lemma. ∎
The study of the behavior of the coset modulo various divisors of leads to a number of useful lemmas.
Lemma 5
For we have the following two multiset equalities
[TABLE]
where is the multiset in which each element of appears with multiplicity , and
[TABLE]
where is the multiset in which each element of appears with multiplicity .
Proof:
Note that can be written as for and Recall that with some fixed in Lemma 3. Then in and so
[TABLE]
According to we see that is also a primitive root of . If we fix some , then runs through when runs through . Now we count the multiplicity of each element in when and run through and respectively. Assume that
[TABLE]
where This means that
[TABLE]
for . According to it is equivalent to
[TABLE]
There exist many solutions in the form of Note that has choices. This implies that there are many elements of mapping into one element in In a similar manner, we can prove the second multiset equality in the lemma. This completes the proof of the lemma. ∎
Lemma 6
For we have
[TABLE]
Proof:
It is obvious that the map from to with is well-defined. Thus it is sufficient to prove that the map is one-to-one since both and have the same cardinality.
For we write and with and respectively. Assume that
[TABLE]
We will illustrate that and .
Note that
[TABLE]
as . It follows from the CRT that
[TABLE]
This implies that
[TABLE]
Note that . It follows from the above equality that
[TABLE]
This gives that
[TABLE]
Since and belong to , we have . In the following, we will show that on the basis of the fact that . Now we have
[TABLE]
Since , it follows that
[TABLE]
Recall . It follows from the above equations that
[TABLE]
Since and belong to , we have . This completes the proof of the lemma.
∎
Lemma 7
Let be the same notations as above. For we have the following multiset equality
[TABLE]
where and denote and respectively. The set is contained in and is the multiset in which each element of appears with multiplicity .
Proof:
Note that
[TABLE]
This means that belongs to indeed. So the map from to with is well-defined. Now we count the multiplicity when runs through the set . Assume that
[TABLE]
for some fixed It follows that
[TABLE]
i.e.,
[TABLE]
There exist many solutions for in the form of Note that has choices. Altogether, there are many elements of mapping into one element in This finishes the proof of the lemma. ∎
Define There exists an important connection between the polynomial and the cyclotomic polynomial that will allow us to determine the minimal polynomial of sequences
Lemma 8
Let be a fixed -th primitive root of unity in the algebraic closure of and an element in . Then
[TABLE]
and
[TABLE]
Proof:
We distinguish two cases according to the distinct value of the greatest common divisor of and .
For with , it follows that is a -th primitive root of unity . On the basis of Lemma 6, we have
[TABLE]
Note that is equal to the sum of all -th primitive roots of unity that is also the coefficient of the second highest term of the cyclotomic polynomial . According to Exercise 2.57 of [18], we see that
[TABLE]
This indicates that
[TABLE]
for with . 2. 2.
For with , it follows that is a -th primitive root of unity. It follows from Lemma 5 and the even parity of that
[TABLE]
For with , then is a -th or -th primitive root of unity respectively. Using a similar argument, it follows from Lemmas 5 and 7 and the even parity of that in this case.
It follows from the definition of cyclotomic polynomials that
[TABLE]
Therefore, we get the desired result since the cyclotomic polynomials and over are relatively prime. ∎
We are now in a position to give a proof of Theorem 1.
Proof:
For , we denote where all the subscripts are understood modulo here. Note that is the generating polynomial of the sequence exactly. Now we claim that for all .
We first prove under the condition that . Suppose that i.e., according to the definition of Euler quotients. This implies that
[TABLE]
and thus
[TABLE]
This means that the order of is a factor of However, it follows from that the order of is exactly equal to . This implies that divides which contradicts the condition that Hence, there exists some fixed nonzero such that .
In the following we argue by contradiction. Assume that there exists some such that where is a -th primitive root of unity. By Lemma 4 we get
[TABLE]
for any . According to in , the number runs through when runs through . This means that for all In particular, we can choose .
For any with it follows from Lemma 4 that
[TABLE]
Note that It is immediate that for any Thus the cyclotomic polynomial divides . By Lemma 8, we see that divides Then divides since On the basis of Exercise 2.57 of [18], we have
[TABLE]
We write
[TABLE]
Note that
[TABLE]
We can restrict and thus can be written as where Then
[TABLE]
However has terms and has terms, which is a contradiction since the prime does not divide . It follows that for any
This implies that for all and In particular, we have for all . By Lemma 8, for and we get
[TABLE]
This implies that divides if . Hence the minimal polynomial in the case that is
[TABLE]
by using the basic properties of cyclotomic polynomials. In a similar manner, if , then divides . This yields that the minimal polynomial in the case that is
[TABLE]
Note that the linear complexity of is equal to the degree of the minimal polynomial of the sequence and so the third assertion in Theorem 1 follows. This completes the whole proof of Theorem 1. ∎
In the following, we will give a small example for confirming our main results.
Example 1
Let and . The least period of the binary threshold sequence derived from modulo is . The sequence in one period is
[TABLE]
The minimal polynomial of the sequence over is
[TABLE]
and so the linear complexity of this sequence is exactly
III Conclusion Remarks
In this paper, we determined the linear complexities of a class of binary sequences with period based on the Euler quotients modulo . In addition, the proposed sequences have a good balance asymptotically if the prime tends to infinity, i.e., the number of 1’s is asymptotically equal to the number of 0’s in one period if tends to infinity. Finally, there are several unsolved problems about the proposed sequence. Below are some of them.
- •
Determine -error linear complexity of the proposed sequence. This problem is closely related to the stability of linear complexity of the proposed sequence from a cryptographic point of view.
- •
Explore whether this family of sequences derived from the Euler quotient modulo can induce more optimal families of perfect polyphase sequences similar to [22].
- •
Regard the proposed sequence as the sequence over the ring or other finite fields with odd prime characteristics and analyze its cryptographic properties ( for example, linear complexity and -error linear complexity).
- •
Determine the autocorrelation of the proposed sequence although it may be hard to tackle this problem.
- •
Analyze properties of sequences derived from the Euler quotient with other modulus (for example, the modulus is equal to the product of more odd distinct primes).
Acknowledgment
The authors would like to thank the associate editor Prof. Sihem Mesnager and the two anonymous referees for their helpful suggestions which improved this manuscript.
Part of the work were done while the first and third authors were Visiting Scholars at Clemson University.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] T. Agoh, K. Dilcher, and L. Skula, “Fermat quotients for composite moduli,” Journal of Number Theory , vol. 66, no. 1, pp. 29–50, 1997.
- 2[2] E. Bai, X. Liu, and G. Xiao, “Linear complexity of new generalized cyclotomic sequences of order two of length p q 𝑝 𝑞 pq ,” IEEE Trans. Inform. Theory , vol. 51, no. 5, pp. 1849–1853, May 2005.
- 3[3] Z. Chen, “Trace representation and linear complexity of binary sequences derived from Fermat quotients,” Sci. China Inform. Sci. , vol. 57, no. 11, pp. 1–10, 2014.
- 4[4] Z. Chen, X. Du, and R. Marzouk, “Trace representation of pseudorandom binary sequences derived from Euler quotients,” Appli. Alg. Eng. Commun. Comp. , vol. 26, no. 6, pp. 555–570, 2015.
- 5[5] Z. Chen, Z. Niu, and C. Wu, “On the k 𝑘 k -error linear complexity of binary sequences derived from polynomial quotients,” Sci. China Inform. Sci. , vol. 58, no. 9, pp. 1–15, 2015.
- 6[6] Z. Chen and A. Winterhof, “Additive character sums of polynomial quotients,” Contemp Math. , vol. 579, pp. 67–73, 2012.
- 7[7] ——, “On the distribution of pseudorandom numbers and vectors derived from Euler-Fermat quotients,” Int J. Number Theory , vol. 8, pp. 631–641, 2012.
- 8[8] Z. Chen and X. Du, “On the linear complexity of binary threshold sequences derived from Fermat quotients,” Designs, Codes and Cryptography , vol. 67, no. 3, pp. 317–323, 2013.
