Feedback shift registers with carry operation (FCSR’s) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSR’s) are presented, including a synthesis algorithm (analogous to the Berlekamp-Massey algorithm for LFSR’s) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the Marsaglia-Zaman random number generator. Possible variations on the FCSR architecture are indicated at the end. Index Terms – Binary sequence, shift register, stream cipher, combiner with memory, cryptanalysis, 2-adic numbers, arithmetic code, 1/q sequence, linear span. 1

Hankel matrices consisting of Catalan numbers have been analyzed by various authors. DesainteCatherine and Viennot found their determinant to be # 1#i#j#k i+j+2n i+j and related them to the Bender - Knuth conjecture. The similar determinant formula # 1#i#j#k i+j-1+2n i+j-1 can be shown to hold for Hankel matrices whose entries are successive middle binomial coe#cients # 2m+1 m # . Generalizing the Catalan numbers in a di#erent direction, it can be shown that determinants of Hankel matrices consisting of numbers 1 3m+1 # 3m+1 m # yield an alternate expression of two Mills -- Robbins -- Rumsey determinants important in the enumeration of plane partitions and alternating sign matrices. Hankel matrices with determinant 1 were studied by Aigner in the definition of Catalan -- like numbers. The well - known relation of Hankel matrices to orthogonal polynomials further yields a combinatorial application of the famous Berlekamp -- Massey algorithm in Coding Theory, which can be applied in order to calculate the coe#cients in the three -- term recurrence of the family of orthogonal polynomials related to the sequence of Hankel matrices.

We propose a slight modification of the Berlekamp-Massey Algorithm for obtaining the minimal polynomial of a given linearly recurrent sequence. Such a modification enables to explain it in a simpler way and to adapt it to lazy evaluation.

During my years as a graduate student at Tech, I have been privileged to work on many interesting projects with my advisor, Clyde F. Martin. Dr. Martin never ceases to amzize me with his view of the mathematical "big picture." The other members of my committee. Frits H. Ruymgaart, Linda J. S. Allen, Lance D. Drager, and Minerva Cordero-Vourtsanis were extremely helpful in the preparation of this dissertation. I would especially like to thank Drs. Drager and Allen for many suggestions which signific2Lntly improved the exposition. My thanks also goes to Dr. A. H. Chan whose well-timed comments on the paper [77] (which became a major paxt of Chapter III and the heart of Chapter IV) were critical to the success of this project. My lovely wife,i3l ^ 'ff^i deserves special thanks for cheerfully tolerating the long years required to attain this goal. My parents, W. Fred Stamp and Maxilyn J. Stamp, deserve credit for any successes I have haxl in the past or will have in the future. This dissertation is dedicated to my father, W. Fred Stamp, who recently

This paper presents a new algorithm for cryptanalytically attacking stream ciphers. There is an associated measure of security, the 2-adac 8pan. In order for a stream cipher to be secure, its Zadic span must be large. This attack exposes a weakness of Rueppel and Massey's summation combiner. The algorithm, based on De Weger and Mahler's rational approximation theory for 2-adic numbers, synthesizes a shortest feedback with cam shaft qwter that outputs a particular key stream, given a small number of bits of the key stream. It is adaptive in that it does not neeed to know the number of available bits beforehand.