Results 1  10
of
21
Feedback shift registers, 2adic span, and combiners with memory
 Journal of Cryptology
, 1997
"... Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presen ..."
Abstract

Cited by 57 (7 self)
 Add to MetaCart
(Show Context)
Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the BerlekampMassey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the MarsagliaZaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2adic numbers, arithmetic code, 1/q sequence, linear span. 1
Fibonacci and Galois Representations of FeedbackWithCarry Shift Registers
 IEEE Trans. Inform. Theory
, 2002
"... A feedbackwithcarry shift register (FCSR) with "Fibonacci" architecture is a shift register provided with a small amount of memory which is used in the feedback algorithm. Like the linear feedback shift register (LFSR), the FCSR provides a simple and predictable method for the fast gener ..."
Abstract

Cited by 34 (2 self)
 Add to MetaCart
A feedbackwithcarry shift register (FCSR) with "Fibonacci" architecture is a shift register provided with a small amount of memory which is used in the feedback algorithm. Like the linear feedback shift register (LFSR), the FCSR provides a simple and predictable method for the fast generation of pseudorandom sequences with good statistical properties and large periods. In this paper, we describe and analyze an alternative architecture for the FCSR which is similar to the "Galois" architecture for the LFSR. The Galois architecture is more efficient than the Fibonacci architecture because the feedback computations are performed in parallel. We also describe the output sequences generated by theFCSR, a slight modification of the (Fibonacci) FCSR architecture in which the feedback bit is delayed for clock cycles before being returned to the first cell of the shift register. We explain how these devices may be configured so as to generate sequences with large periods. We show that the FCSR also admits a more efficient "Galois" architecture.
Period of the power generator and small values of Carmichael’s function
 Math.Comp.,70
"... Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same ..."
Abstract

Cited by 27 (12 self)
 Add to MetaCart
(Show Context)
Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same magnitude. It is known from work of the first and third authors that for moduli m = pl, if the period of the sequence (un) exceeds m3/4+ε, then the sequence is uniformly distributed. We show rigorously that for almost all choices of p, l it is the case that for almost all choices of ϑ, e, the period of the power generator exceeds (pl) 1−ε. And so, in this case, the power generator is uniformly distributed. We also give some other cryptographic applications, namely, to rulingout the cycling attack on the RSA cryptosystem and to socalled timerelease crypto. The principal tool is an estimate related to the Carmichael function λ(m), the size of the largest cyclic subgroup of the multiplicative group of residues modulo m. In particular, we show that for any ∆ ≥ (log log N) 3,wehave λ(m) ≥ N exp(−∆) for all integers m with 1 ≤ m ≤ N, apartfromatmost N exp −0.69 ( ∆ log ∆) 1/3) exceptions. 1.
Almost Difference Sets and Their Sequences With Optimal Autocorrelation
, 2001
"... Almost difference sets have interesting applications in cryptography and coding theory. In this paper, we give a wellrounded treatment of known families of almost difference sets, establish relations between some difference sets and some almost difference sets, and determine the numerical multiplie ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
Almost difference sets have interesting applications in cryptography and coding theory. In this paper, we give a wellrounded treatment of known families of almost difference sets, establish relations between some difference sets and some almost difference sets, and determine the numerical multiplier group of some families of almost difference sets. We also construct six new classes of almost difference sets, and four classes of binary sequences of period H @�� � RA with optimal autocorrelation. We have also obtained two classes of relative difference sets and four classes of divisible difference sets (DDSs). We also point out that a result due to Jungnickel can be used to construct almost difference sets and sequences of period R with optimal autocorrelation.
Y.: Trace representation and linear complexity of binary eth residue sequences
 Proceedings of International Workshop on Coding and Cryptography (WCC2003
, 2003
"... Let p = ef + 1 be an odd prime for some e and f. In this paper, eth residue sequences of period p and their dening pairs are dened, and the problem of determining their trace representations is reduced to that of determining their dening pairs, and the latter is further reduced to that of evaluatin ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
Let p = ef + 1 be an odd prime for some e and f. In this paper, eth residue sequences of period p and their dening pairs are dened, and the problem of determining their trace representations is reduced to that of determining their dening pairs, and the latter is further reduced to that of evaluating the values of some etuples which are associated with eth residue classes, and some properties of those etuples are discussed. Finally, trace representations and linear complexities of the binary characteristic sequences of all the eth residue cyclic dierence sets modulo p with e 12 and some other eth residue sequences are determined, based on the theory developed in this paper, and some open problems are proposed. Key Words: Cyclic dierence sets, eth residue cyclic dierence sets, Trace representations, Linear complexity, Dening pairs, Binary sequences with twolevel autocorrelation, Binary Hadamard sequences.
On the uniformity of distribution of the RSA pairs
 Math. Comp
"... Abstract. Let m = pl be a product of two distinct primes p and l. Weshow that for almost all exponents e with gcd(e, ϕ(m)) = 1 the RSA pairs (x, xe) are uniformly distributed modulo m when x runs through • the group of units Z ∗ m modulo m (that is, as in the classical RSA scheme); • the set of kp ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Let m = pl be a product of two distinct primes p and l. Weshow that for almost all exponents e with gcd(e, ϕ(m)) = 1 the RSA pairs (x, xe) are uniformly distributed modulo m when x runs through • the group of units Z ∗ m modulo m (that is, as in the classical RSA scheme); • the set of kproducts x = ai1 ···ai, 1 ≤ i1 < ·· · < ik ≤ n, where k a1, ·· ·,an ∈ Z ∗ m are selected at random (that is, as in the recently introduced RSA scheme with precomputation). These results are based on some new bounds of exponential sums. 1.
On the linear complexity of the power generator
 Designs, Codes and Cryptography
, 1998
"... ..."
(Show Context)
Logarithm Cartesian authentication codes
, 2003
"... Chanson, Ding and Salomaa have recently constructed several classes of authentication codes using certain classes of functions. In this paper, we further extend that work by constructing two classes of Cartesian authentication codes using the logarithm functions. The codes constructed here involve t ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Chanson, Ding and Salomaa have recently constructed several classes of authentication codes using certain classes of functions. In this paper, we further extend that work by constructing two classes of Cartesian authentication codes using the logarithm functions. The codes constructed here involve the theory of cyclotomy and are better than a subclass of Helleseth–Johansson’s codes and Bierbrauer’s codes in terms of the maximum success probability with respect to the substitution attack.
Oneerror linear complexity over Fp of Sidel’nikov Sequences
 in Proceedings of SETA’04, Lecture Notes in Computer Science 3486 (T. Helleseth et al., Eds
, 2005
"... Abstract. Let p be an odd prime and m be a positive integer. In this paper, we prove that the oneerror linear complexity over Fp of Sidelnikov sequences of length pm − 1 is ( p+1 2)m − 1, which is much less than its (zeroerror) linear complexity. 1 ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Let p be an odd prime and m be a positive integer. In this paper, we prove that the oneerror linear complexity over Fp of Sidelnikov sequences of length pm − 1 is ( p+1 2)m − 1, which is much less than its (zeroerror) linear complexity. 1