Key’s Bound on Linear Span

Một phần của tài liệu spread spectrum communications handbook (Trang 311 - 315)

5.6 NON-LINEAR FEED-FORWARD LOGIC

5.6.2 Key’s Bound on Linear Span

Suppose that a binary NLFFL function is put in Reed-Muller canonic form, i.e., described as a sum of products of its inputs. Let’s investigate the poten- tial number of terms contributed to the powers-of-aexpansion of the logic’s output by one product term containing Jfactors, each factor being the con- tents of some memory element in an m-sequence generator. Assuming the characteristic polynomial of the m-sequence generator is ma(z), the trace function Tr(jn) can be used to represent the j-th factor (sequence) in the productpn, giving

(5.167) pn q

J j1

Tr1gjan2 q

J j1 a

M1 i0

1gjan22i, +z2+z+1.

+z16+z15+z8+z7+z4+z3 +z23+z22+z20+z19+z18+z17 Q(z) = z38+z37+z31+z27+z26+z25

Q1z2ma1z2ma31z2ma51z2ma71z2ma111z2ma131z2ma211z2. Tr241a21n212.

Tr2641a11n282Tr2641a13n292 Tr2641a5n472Tr2641a7n62 Tr2641an172Tr2641a3n282

Tr1an2Tr1an22Tr1an52 bnTr1an42Tr1an12Tr1an32

wheregj,j1, . . . ,J, and aare elements of GF(2M),Mbeing the number of memory elements in the m-sequence generator and also the degree of ma(z). (This representation is valid for a linear m-sequence generator in any configuration.)

Converting the product of sums in (5.167) to a sum of products gives (5.168) where

(5.169) (5.170) the latter sum being modulo the multiplicative order of the element a. The base 2 representation of c(i), thus, is limited to a binary M-tuple, and (5.170) indicates that at most Jof these Msymbols can be ones. Since each of the integersijin (5.170) ranges independently between zero and M1, it fol- lows that the number MNJof distinct values that c(i) can assume is given by the number of binary M-tuples with at most Jones, excluding the all-zeros n-tuple.

(5.171) Two different products (AND gates), with distinct sets of Jinputs from the memory cells of an m-sequence generator, potentially produce the same set of powers-of-asequences for their output representations. Furthermore, when one product has Jinputs and another has Kinputs,J,K, the repre- sentation of the K-fold product can potentially contain all powers-of-a sequences which occur in the J-fold product, and more. The word “poten- tially” is used because multiple terms with the same time coefficient c(i) (5.170) are produced, and there is a small likelihood that the coefficients of these terms will add to zero.

The order D of an NLFFL function is defined as the largest number of factors in any product from its sum-of-products representation. The follow- ing theorem is a consequence of the above arguments.

THEOREM5.10 (KEY’SBOUND[23]). The linear span L of a sequence {bn} produced by NLFFL of order D operating on the contents of an M-stage m-sequence generator is bounded by

(5.172) LMND a

D j1

aM

j b.

MNJ a

J j1

aM

j b. c1i2 a

J j1

2ij mod 2M1, gi q

J j1

gj2ij, pn a

M1 i10

# # #Ma1

iJ0

giac1i2n

If the logic function includes the possibility of complementation by the use of an additional constant input term “1” in its sum-of-products representa- tion, then the lower limit on the sum in Key’s bound (5.172) must be reduced to zero.

Example 5.11. Key’s bound on the linear span Lfor the output of third- order logic operating on a six-stage m-sequence generator is

(5.173) The linear span achieved under these conditions in Example 5.10 is 38.

Binary 6-tuple representations of the time coefficients (5.170) occuring in {bn}’s powers-of-aexpansion in the example include the ones shown in Table 5.11 and their cyclic shifts. This list includes cyclically equivalent represen- tatives of all 6-tuples having weight 3 or less, with the exception of 001001 which in decimal is 9. It can be verified that a9nis produced eight different ways in the product-of-sums to sum-of-products conversion (5.164) in the example, and that the eight corresponding coefficients from GF(64) sum to zero, thereby eliminating {a9n} as a component in the representation of {bn}.

Sincea9has order 7, it is an element of GF(8) and, therefore, has a three term trace and a degree-three minimum polynomial. Hence, this missing term accounts for the difference of three between Key’s bound and the achieved linear span.

It has been pointed out [24] that for cryptographic applications, linear span is only one of several measures that must be considered in selecting a key sequence. This note of caution applies equally well to the selection of spectrum-spreading sequences. For example, the logic imposed on the m- sequence generator of Figure 5.11 produces an output whose linear span is 31, the period of the m-sequence generator. On the other hand, the AND gate output will be a “1” only when the all-ones 5-tuple appears in the reg- ister, an event which occurs only once in the 31 bit period of the generator.

L a6

1b a6

2b a6

3b 41.

Table 5.11

Cyclic equivalence class representatives of non-zero coefficients in the powers-of-arepresentation in Example 5.11.

coefficients

base-2 base-10

000001 1

000011 3

000101 5

000111 7

001011 11

001101 13

010101 21

The output of such a generator can hardly be called pseudorandom, when a prediction that an output bit will be zero is correct 96.7% of the time.

The following result suggests a simple way to guarantee nearly equal num- bers of zeros and ones in the output of a generator.

THEOREM 5.11. Lets (r1, r2, . . . , rM)denote the memory state of an m- sequence generator. If the output of NLFFL on the memory state can be represented in the form

(5.174) for some i,where f() is any Boolean function independent of ri, then the NLFFL output sequence will be balanced.

Proof. Since the state M-tuple takes on all possible values except all-zeros during one period of operation, then the states (r1, . . .ri1, 0,ri1, . . . ,rM) and (r1, . . . ,ri1, 1,ri1, . . . ,rM) each occur once for each choice of the remain- ing values of the rj’s,ji, excluding all-zeros. Each such state pair will con- tribute one 0 and one 1 in one period of the NLFFL output when (5.174) holds. Therefore, one full period of the output will have either (a) one more 0 than 1, or (b) one more 1 than 0, depending on the output value when the register memory is in the state having rj0 for all j1, and ri1. 䊏 Figure 5.12, which illustrates a modification of the generator of Figure 5.11, provides a balanced pseudorandom sequence. However, balance and large linear span do not together guarantee the generation of unpredictable sequences.

A preliminary design for the NLFFL to be attached to an M-stage m- sequence generator can be mapped out with the aid of Key’s bound, the result being an estimate of the number of multipliers required and the num-

brif1r1,p,ri1,ri1,p,rM2 Figure 5.11. A high-linear-span generator.

ber of inputs for each multiplier in a sum-of-products form. To complete the design, one must choose the connections between multiplier inputs and shift register memory elements, and then determine, on a case by case basis, whether or not the other statistics (e.g., correlation properties, run-length sta- tistics, etc.) constitute a satisfactory design. Very little has appeared in the open literature on this problem, although it was stated in [24], in the con- text of quadratic NLFFL and on the basis of experimental results, that each memory element should connect to at most one multiplier, and that the spac- ing between memory elements connected to one multiplier should differ from the spacing between connections to any other multiplier. These sug- gestions may serve as initial guidelines in selecting an NLFFL design which will generate a sequence with good statistical properties.

Một phần của tài liệu spread spectrum communications handbook (Trang 311 - 315)

Tải bản đầy đủ (PDF)

(1.269 trang)