Feedback with carry shift register ciphers

In 1991 G. Marsaglia and A. Zaman [MZ] introduced a new class of pseudo-random number sequences. The shift register analogs of these have been investigated by A. Klapper and M. Goresky in several papers (see [GK1], for example).

The general idea is very simple. Let $ p$ be any integer and let $ a,b$ be positive integers with no factors in common with $ p$ or each other. If you take any rational number $ a/b$ then the coefficients $ {\bf c} ={\bf c}(a,b)$ in the $ p$-adic expansion

$\displaystyle {a\over b}=c_{-N}p^{-N}+...+{c_{-1}\over p} +c_0+c_1p+...\ , $

are eventually periodic. Like decimal expansions and unlike power series expansions, the coefficients are NOT in general unique (for example, in the case $ p=10$ we have $ 1=.999999...$). There is an analog of the Berlekamp-Massey decryption method [GK2]. What is worst (depending on your point of view) is that if you add two such sequences then the sequence $ {\bf c}+{\bf c'}$ (defined using the carry operation) can be decrypted using at most $ S+S'$ terms, where $ S=S({\bf c})= \log_2(\max\{\vert a\vert _2,\vert b\vert _2\})$ is the $ 2$-adic span of $ {\bf c} ={\bf c}(a,b)$. In particular, the stream cipher, when viewed from the perspective of FCSR's is even less secure than previously thought.

Example 1.7.26   Let $ a=10,b=3$, so

$\displaystyle {10\over 3}=2+2^2+2^3+2^5+2^7+2^9+2^{11}+... $

whose coefficients are $ 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, ...$.

The coefficients in the $ 2$-adic expansion of $ a/b$ are very easy to determine from the following algorithm:

Theorem 1.7.27   When $ b$ is a power of a prime and when $ 2$ is primitive mod $ b$ (i.e., $ 2$ generates the cyclic group $ (\mathbb{Z}/b\mathbb{Z})^\times$) then the coefficients of the $ 2$-adic expansion of $ 1/b$ satisfy analogs of Golomb's randomness conditions.

For a proof, see [GK2].


David Joyner 2007-09-03