Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the Berlekamp-Massey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the Marsaglia-Zaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2-adic numbers, arithmetic code, 1/q sequence, linear span. 1

Introduction 1.1. A pseudorox"q number gener ator (RNG) for high speed simulation and Monte CarS integrSqKx should have sever" pr" er"US : (1) it should haveenor""x perz d, (2) it should e hibitunifor distrqS""xI of d-tuples(for all d), (3) it should exhibit a good lattice str""Ezx in high dimensions, and (4) it should be e#ciently computable(prablexzF with a base b which is a power of 2). Typically the RNG is a member of a family ofsimilar generrxI withdi#erq tparU"xIEU and one hopes that parKq"qxI and seeds may be easily chosen so as toguarF tee pr" er"E" (1), (2), (3) and (4). Ther is no known family of RNG with all four pr" er"KS (see,for example, [M1]). 1.2. In [MZ], Mar aglia and Zaman showed that their add-with-carc (AWC) gener ator satisfy condition (1). By giving up on (4) and using an appr"FxIE" base b, they achieve good distrxSKEKx pr" er"Kq of d-tuplesfor values d wh

A d-feedback-with-carry shift register (d-FCSR) is a finite state machine, similar to a linear feedback shift register, in which a small amount of memory and a delay (by d-clock cycles) is used in the feedback algorithm (see [4, 5]). The output sequences of these simple devices may be described using arithmetic in a ramified extension field of the rational numbers. In this paper we show how many of these sequences may also be described using simple integer arithmetic, and consequently how to find such sequences with large periods. We also analyze the "arithmetic cross-correlation" between pairs of these sequences and show that it often vanishes identically. Finally we study the distribution properties of short sub-sequences of a d-FCSR sequence.

We apply the framework of -adic algebra and algebraic feedback shift registers to polynomial rings over nite elds. We give a construction of new pseudorandom sequences over a non-prime nite eld that satisfy Golomb's randomness criteria.