_{1}

^{*}

This paper proposes an efficient, high-tech method of construction of pseudorandom binary sequences generators with a repetition period 2
^{n}
for n-bit shift register with a nonlinear feedback function. The developed method is illustrated by constructing a nonlinear function feedback shift register. It is proved that the offered method requires the realization of a memory size proportional to n
^{2}
that allows making successful use of suitable generators for practical use on the shift register of the longer word.

In tasks of information protection, statistical monitoring and diagnosis, modeling and designing, generators of pseudorandom sequences are widely used. The effectiveness of these generators in informational technologies is defined by specific features of using them [

Pseudorandom objects are very important in modern systems of information protection [

Protective features of pseudorandom sequences and functional transformations in theoretical plan are defined by the principal impossibility of analytical solutions of the systems of non-linear Boolean equations [

Thus, at the current stage of development of information protection, the problem of developing methods and approaches for increasing effectiveness of hardware-software means of generation of pseudorandom binary sequences is actual.

· Divergence—the notion which came from the theory of dynamical systems and consisted in the fact that algorithm of a generator should provide diverging sequence of binary n-bit words, that is the sequence, the repetitive cycle of which tends to 2^{n} [

· Nonlinearity of used functions of transformations, which provides complexity of recognition of generation functions of pseudorandom sequences.

· Computing complexity which means computational incompressibility of the procedures for pseudorandom sequences generation.

Mentioned principles, formulated on the theoretical level, are not strictly defined and partly overlap each other [^{n} − 1, theoretically can be solved only for linear feedback functions: they must be isomorphic irreducible polynomials in Galois fields. For nonlinear functions of the bit transformation, divergence problem has a solution only for special cases [

· Statistical criteria which allows to estimate the probability characteristics of the generated sequence [

· Divergence criteria of generator work—is estimated by the minimal length of cycle appeared during the run;

· Unpredictability of the generator—is estimated by the complexity of the special algorithm-recognizer which allows to distinguish the generated sequence from random [

· Rate of sequence generation.

Really important when these criteria are considered is the principle, formulated in [

The third of mentioned earlier criteria of quality of pseudorandom sequences generators is their algorithmic unpredictability, which stipulates the complexity of the algorithm which can predict next values by using data from previous samples [^{n} − 1 with n-bit shift register) along with the simplicity of circuit implementation on a hardware level and high performance [^{n}, period of the generated sequence cannot exceed 2^{n}. If LFSR gets into a state with zero values of all bits, it cannot go to another state. That is why zero state shouldn’t appear if the initial state nonzero. Therefore, the maximum number of possible states is 2^{n} ‒ 1. Maximal length sequence will be provided in case when the feedback function is a simple polynomial in Galois fields [^{n} ‒ 1 formulated by LSFR is determined by the formula:

where f(2^{n} ‒ 1)—Euler number—quantity of integer, including ones, which are less than 2^{n} ‒ 1 and those, which don’t have common divisors with 2^{n} ‒ 1.

Theoretically the maximum possible number of states of n-bit shift register equals 2^{n}. Respectively, maximum repetition period of the binary sequence formulated by a nonlinear shift register of such length is 2^{n} too. Such sequences are called Bruijn sequences. Number N(n) of nonlinear feedback functions of n-bit shift register which provide the maximum repetition period is determined by the formula:

For example, for the 6-bit shift register (n = 6) according to (1) exist only 6 simple polynomials in Galois fields and respectively 6 linear functions which provide period of 2^{6} ‒ 1 = 63 which is close to the maximum, though that number of nonlinear feedback functions for the register with the same bit number which provide the maximum period—2^{6} according to (2) is 2^{26} = 67108864.

Despite such a big number of nonlinear feedback functions, providing the maximum period of repetition of the sequence, finding them is a challenge, which hasn’t acceptable solution to date [^{64}, the maximum period is provided, on average, only by one of 2^{64-26} = 2^{40} functions.

The state of a shift register is characterized by w code which corresponds to the binary vector of X_{w} values of register bits:

During the register shift new value of v code is determined by the following method:

Suppose f(x_{1}, x_{2},…, x_{n})—Boolean feedback function of n-bit shift register for which the following condition is true:

If the feedback function

A set of codes which sequentially formulated in shift register with feedback feature which satisfies the condition [^{n} possible codes in n-bit register is included into one of the rings.

Suppose we have two rings—A and B. If code w is included in A and the symmetrical to it code

Proof: Binary vector

on code w, the following after w will be code u:

Therefore, when inverting functions on symmetrical codes which are included into different rings A and B, after w code there will be transition to code u

Offered method of synthesis of the nonlinear feedback function which provides full period is based on basic procedure of combining rings, obtained during cyclic shift.

The function of cyclic shift of the shift register equals to senior bit of the current code K.

Obviously, that function (4) satisfies the condition (3). Function (4) forms N_{R} rings, each of which includes codes with equal number of ones. Let’s denote with R(k) the ring, which includes code k. Suppose L(A)—num- ber of ones in codes of the cyclic ring A. For example, when n = 4 and k = 6: R(k) = {6(0110), 12(1100), 9(1001), 3(0011)}, L(R(k)) = 2.

Each of rings has only one minimal code. It is obvious that for any cyclic ring A ≠ R(0), minimal code q = min(A) is an odd number

1. Initial value of the current code j is chosen randomly, 0 < j < 2^{n}. Counter of h codes, for which the value of the feedback function is determined, is set to one: h = 1.

2. u = (2∙j) mod 2^{n} + 1 is calculated. If calculated code u is minimal in its ring, which means u = min(R(u)), then the value of the feedback function on code j is determined as an inversion of the cyclic shift:

is greater than x.

3. The new value of the current code j: = (2∙j) mod 2^{n} + f(X_{j}) is calculated. Increment of the counter is performed: h: = h + 1. If h ≤ 2^{n}, then return to item 2, otherwise-end.

The function of cyclic transfer forms N_{R} rings. Described procedure provides a connection of all these rings into one.

Proof: Combining of the rings is performed in pairs. Let’s consider random ring B, which consist of codes which include m ones (0 < m < n), minimum of them is denoted as

Transfer to the minimal code of the B ring possible from one code of the ring A: L(B) = L(A) + 1 except the situation when L(B) = 0. In this case one code is a predecessor of minimal codes for both rings. For example, when n = 4 code 1(0001) precedes the minimal code 0 of the ring {0} and the minimal code 1(0001) of the ring {1, 2, 4, 8}.

The minimal code of each of the rings (except the ring, which consist of zero code) is preceded by the code with less number of ones from other ring. It means that described procedure provides a binding of all rings, made by cyclic shift.

When k = 1 according to (4) RN(5,1) = 1 and, respectively, exist only one partial ring_{w} = {10000}. Respectively,

When k = 2 there are two partial rings:_{w} = {10010};

_{w} = {11000}

and, respectively, _{w} = {11010} is randomly chosen. Respectively, _{w} = {11100}: _{w} = {11101}. Respectively, _{w} = {11111} for which

The resulting table of the values of the Boolean function

In algebraic normal form the synthesized function ^{5} will have the following form:

Let’s demonstrate that the proposed method of synthesis of the feedback function is constructive. An operation of setting value of the function

the ring which includes code

suggests a choice of one X code from all rings then it means that each ring is connected with one of the rings, codes of which have less number of ones. Thus all rings are connected into one that provides the maximum period of 2^{n} repeats of the code in the shift register.

Described procedure for constructing the nonlinear feedback function opens opportunities for optimizations of parameters of generated pseudorandom binary sequences by choosing the ring from set of G. Since the procedure is consistent and includes element of choice, then choice can be done from selected criteria, for example, criterion of the maximum of nonlinearity or compliance to avalanche effect.

For comparative analysis of the effectiveness of the proposed method it is important to estimate the number of nonlinear feedback functions, which can be obtained from its use. The number NF(n) of Boolean functions which allow to synthesize the proposed method is determined by number of variants of choice of codes from partial rings. Since this choice is independent for each partial ring, then numeric value NF(n) is determined as a product of a number of variants for choice. With fixed number of k ones in the code of the ring, which contains n codes, number of variants to choose the code from partial ring is k. The total number of such rings is NF(n), numeric value of which is determined by the formula (2.12). Therefore, the total number of variants for choice of the code which contains k ones from the rings with length n is k^{NR}^{(}^{n}^{,}^{k}^{)}. For rings with less length the number of variants of choice of the code is

X¢ | j(X¢) | X¢ | j(X¢) |
---|---|---|---|

0 0 0 0 | 1 | 1 0 0 0 | 1 |

0 0 0 1 | 0 | 1 0 0 1 | 0 |

0 0 1 0 | 1 | 1 0 1 0 | 1 |

0 0 1 1 | 0 | 1 0 1 1 | 0 |

0 1 0 0 | 0 | 1 1 0 0 | 1 |

0 1 0 1 | 0 | 1 1 0 1 | 1 |

0 1 1 0 | 0 | 1 1 1 0 | 0 |

0 1 1 1 | 0 | 1 1 1 1 | 1 |

NF(n) feedback functions which allows to synthesize the proposed method is defined by the following expression:

Analysis shows that developed method allows synthesizing 10 times more functions comparing with knows methods.

For n = 5 the proposed method allows to obtain NF(5) = 144 feedback functions, when the existent methods propose not more than 15 functions [

The disadvantage of the method of building LFSR based on described procedure of combining elements of closed code groups is the fact, that time and amount of memory proportional to 2^{n} is required for its implementation. A modification is proposed to significantly decrease computational complexity by narrowing the class of synthesized feedback functions and optimization of the procedure of building the function in disjunctive normal form.

Suppose the current vector of the values of bits of n-bit shift register is

_{. }

Feedback function will formed as:

where

m(X) can be formed as disjunction of all t_{ij} terms: _{ }

Set cannot be minimal if it contains at least one sequence of bits

In particular, the set isn’t minimal if i ‒ 1 of corresponding senior bits of this sequence are equal and the junior bit of the sequence S_{0} is greater than junior bit of the sequence S_{j}:

In each term t_{ij} check of satisfying this condition is performed. If _{0} and S_{j} are equal, and_{ij} is equal to one that means that this set isn’t the minimal in its ring.

Condition is checked for all length of sequences_{ij} for a 5-bit register.

To extend the procedure of formation of the feedback functions, which provide full period, the previously described method of pre-unification of the two rings can be used. Let’s consider examples of work of the f_{1}(X) function for n = 5 with different values of bits vector X.

Example 1.

Let’s determine terms for sequences with the length of one. The sequence of senior bits is S_{0} = {x_{0}} = {0}. Next, let’s compare X_{0} with each bit x_{1}, x_{2}, x_{3}, x_{4}:

Note that for all sets with zero senior bit, values of t_{1j} will always be zero.

Let’s determine terms for sequences with length i = 2 : S_{0} = {0, 0}.

It is obvious that all t_{2j} have zero value. As long as values of the following t_{ij} depend on p_{2j}, we will determine terms only for those values j, where p_{2j} has value of one, thus j = 1 and j = 3. The length of the sequence i = 3, S_{0} = {0, 0, 1}. Let’s find terms for j = 1 and j = 3.

Zero values of p_{31} and p_{33} during calculations of the following terms convert the result into zero. Therefore, all t_{ij} for this set are equal to 0. f_{1}(X), formed as disjunction of all t_{ij} terms, also obtains zero value. It means that code

j = 1 | j = 2 | j = 3 | j = 4 | |
---|---|---|---|---|

i = 1 | x_{0}∙x_{1 } | x_{0}∙x_{2 } | x_{0}∙x_{3 } | x_{0}∙x_{4 } |

i = 2 | (x_{0} _{1})∙ ∙x_{1}∙x_{2} | (x_{0} _{2})∙ ∙x_{1}∙x_{3} | (x_{0} _{3})∙ ∙x_{1}∙x_{4} | (x_{0} _{4})∙ ∙x_{1}∙x_{0} |

i = 3 | (x_{0} _{1}). ∙(x_{1 } x_{2}). ∙x_{2}∙x_{3} | (x_{0} _{2}). ∙(x_{1 } x_{3}). ∙x_{2}∙x_{4} | (x_{0} _{3}). ∙(x_{1 } x_{4}). ∙x_{2}∙x_{0} | (x_{0} _{4}). ∙(x_{1 } x_{0}). ∙x_{2}∙x_{1 } |

i = 4 | (x_{0} _{1}). ∙(x_{1} x_{2}). ∙(x_{2 } x_{3}). ∙x_{3}∙x_{4} | (x_{0} _{2}). ∙(x_{1 } x_{3}). ∙(x_{2 } x_{4}). ∙x_{3}∙x_{0} | (x_{0} _{3}). ∙(x_{1 } x_{4}). ∙(x_{2 } x_{0}). ∙x_{3}∙x_{1} | (x_{0} _{4}). ∙(x_{1 } x_{0}). ∙(x_{2} x_{1}). ∙x_{3}∙x_{2} |

w, corresponding to Х = {0, 0, 1, 0, 1} set, has the minimal value in the ring. Really, w = 16 ´ 0 + 8 ´ 0 + 4 ´ 1 + 2 ´ 0 + 1 ´ 1 = 5 and the ring, where it is included, is {5, 10, 20, 9, 18}. We can see that 5 is the minimal value.

Example 2.

2.1 Since x_{0} = 0, then terms t_{11} = t_{12} = t_{13} = t_{14} = 0.

2.2 Let’s determine term for sequences with length of i = 2: S_{0} = {0, 1}.

All terms for t_{2j} have zero values. Among values of p_{2j} there is only one value p_{23} = 1, which can be used for further calculations. The rest of these values turn terms, to which they are included, into zero. Let’s consider the sequence of length i = 3. The sequence of three senior S_{0} = {0, 0, 1}. For all j values except j = 3, terms t_{3}j will be zero. Determining p_{33} and t_{33}:

If we have at least one term with value of 1, the value of the function f_{1}(X) will also be one.

Therefore, for X = {0, 1, 1, 0, 1}, f_{1}(X) = 1, it means code w = 13 isn’t a minimum in its ring. Let’s make sure that it is true. We obtain a ring by cyclic shift: {13, 26, 21, 11, 22}. Here we can see that the minimal value in this ring is 11, not 13.

Complexity of the developed algorithm of construction of the feedback function in Zhegalkin’s algebra is equivalent to the function itself.

Let’s estimate the complexity of the f_{1}(X) function. To calculate one term t_{ij} the following number operations are required:

· i − 1 operations NXOR

· 1 operation AND to check the condition

· i − 1 operations AND to unite all conditions.

So, in total we have 2i − 1 operations. The total complexity of calculation the terms for all values i and j is:

Another (n − 2)^{2} operations OR are required to unite all terms, that is to calculate the function m(X) 2(n − 1)^{3} + (n − 2)^{2} operations are required, therefore, the complexity is proportional to n^{3}.

As we can see, the function is redundant. In each term t_{ij} calculations, which are made for t_{i}_{‒1j}, are performed. During paired comparison of the elements of the sequences S_{0} and S_{j} with length of i > 2 the results of the first i − 2 elements are known form the previous step. That is why the formula to determine t_{ij} can be written as:

where p_{i}_{,j}-term, which compares for equality senior i − 1 bits of the sequences.

p_{ij} can be determined as:

Since for calculations of each t_{ij} constant number of operations is performed (1 operation when i = 1 and 4 otherwise), the complexity of the function m(Х) will be proportional to n^{2}:

The amount of memory required to perform the algorithm is determined by necessity to save all terms t_{ij}, ^{2}.

An approach is proposed for the construction of the important element of the contemporary systems for the pro-

No. | R | X | m | f |
---|---|---|---|---|

0 | 00000 | 00001 | 0 | 1 |

1 | 00001 | 00011 | 0 | 1 |

2 | 00010 | 00101 | 0 | 1 |

3 | 00011 | 00111 | 0 | 1 |

4 | 00100 | 01001 | 1 | 0 |

5 | 00101 | 01011 | 0 | 1 |

6 | 00110 | 01101 | 1 | 0 |

7 | 00111 | 01111 | 0 | 1 |

8 | 01000 | 10001 | 1 | 0 |

9 | 01001 | 10011 | 1 | 0 |

10 | 01010 | 10101 | 1 | 0 |

11 | 01011 | 10111 | 1 | 0 |

12 | 01100 | 11001 | 1 | 0 |

13 | 01101 | 11011 | 1 | 0 |

14 | 01110 | 11101 | 1 | 0 |

15 | 01111 | 11111 | 0 | 1 |

16 | 10000 | 00001 | 0 | 0 |

17 | 10001 | 00011 | 0 | 0 |

18 | 10010 | 00101 | 0 | 0 |

19 | 10011 | 00111 | 0 | 0 |

20 | 10100 | 01001 | 1 | 1 |

21 | 10101 | 01011 | 0 | 0 |

22 | 10110 | 01101 | 1 | 1 |

23 | 10111 | 01111 | 0 | 0 |

24 | 11000 | 10001 | 1 | 1 |

25 | 11001 | 10011 | 1 | 1 |

26 | 11010 | 10101 | 1 | 1 |

27 | 11011 | 10111 | 1 | 1 |

28 | 11100 | 11001 | 1 | 1 |

29 | 11101 | 11011 | 1 | 1 |

30 | 11110 | 11101 | 1 | 1 |

31 | 11111 | 11111 | 0 | 0 |

tection of information-generators of pseudorandom binary sequences with the repetition period 2^{n} on the basis of n-bit shift register with the nonlinear feedback function. Such generators are considerably simpler and more efficient compared with the generators constructed in the form of LFSR system and nonlinear inverter.

Within the common approach, based on the technology of the association “rings”, realization of which requires memory with size 2^{n}, is developed with high-tech modification, which makes it possible to build the generators of pseudorandom sequences on the basis of the shift register with the nonlinear feedback function of with the use of memory, proportional to n^{2}. The use of the method proposed makes it possible to build a suitable for the practical use in the telecommunication technologies. An experimental study made it possible with the use of the method proposed to build generators of word length up to 128 bit.