Vectorial Feedback with Carry Registers and Memory requirements

V ectorial F eedbac k with Carry Registers and Memory requiremen ts Ab delaziz MARJANE, Ab dellah MOKRANE and Boufeldja ALLAILOU LA GA, UMR CNRS 7539, Université P aris 13, Villetaneuse, F rance LA GA, UMR CNRS 7539, Université P aris 8, Sain t-Denis, F rance LA GA, UMR CNRS 7539, Université P aris 8, Sain t-Denis, F rance marjane, allailou, mokrane@math.univ-paris13.fr Marc h 3, 2022 Abstract In [3], w e ha ve introduced vectorial conception of F CSR’s in Fibonacci mo de. This conception allo ws us to easily analyze FCSR’s o ver binary finite fields F 2 n for n ≥ 2 . In [4], w e describ e and study the corresp onding Galois mo de and use it to design a new stream cipher. In this pap er, we introduce the Ring mo de for vectorial FCSR, explain the analysis of such F eedbac k registers and illustrate with a simple example. k eywords:LFSR, FCSR, stream ciphers, 2-adic, sequences, V ectorial register 1 In tro duction The Ring mode was first introduced for LFSR’s in [1] and adapted to binary F CSR in [2]. In this mo de, any cell can b e used as a feedbac k bit for an y other cell. Registers in Ring mo de are represen ted by a matrix which can b e chosen arbitrarily . The classical Fib onacci and Galois mo des are in fact sp ecial cases of the Ring mo de. Recall the notion of LFR and Ring mo de. Definition 1.1 (LFR) . L et n and r b e two p ositive inte gers and T a squar e r × r matrix with c o efficients in the binary field F 2 n . A Line ar F e e db ack R e gister (LFR) over F 2 n of length r with tr ansition matrix T is a se quenc e gener ator whose state is an element s ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t )) ∈ ( F 2 n ) r and whose op er ation state change is given by s ( t + 1) = s ( t ) .T . The Ring mo de corresp onds to the case where the matrix T = ( t i,j ) i,j is suc h that t i +1 ,i = 1 and t 1 ,r 6 = 0 . This mo de generalizes b oth Fib onacci and Galois mo des given resp ectiv ely b y the follo wing transition matrix : F =      0 . . . 0 q r 1 . . . 0 q r − 1 . . . . . . . . . . . . 0 . . . 1 q 1      G =      q 1 . . . q r − 1 q r 1 . . . 0 0 . . . . . . . . . . . . 0 . . . 1 0      . (1.1) Theorem 1.1 ([5],p.268) . The output se quenc e of an LFR with tr ansition matrix T c an b e gener ate d by an LFSR with c onne ction p olynomial e qual to det( I − X T ) . 1 2 BINAR Y FEEDBA CK WITH CARR Y REGISTERS IN DIFFERENTS MODES 2 So from a theoritical point of view, LFRs are no more p ow erful than LFSRs but they can pro vide efficien t soft ware implemen tations b y reducing the num b er of connections and operations (see [5]). FCSR is a class of non linear FSR with goo d prop erties as for LFS R. In this pap er, after review of differen t mo des of binary FCSR and vectorial FCSR, we introduce the analog of LFR for registers with carry ov er F 2 n in a general setting and establishe its basic prop erties. T o b e more precise, fix a primitive p olynomial P ( X ) of d egree n o ver F 2 and T a square r × r matrix with co efficients in the binary field F 2 n ∼ = F 2 [ X ] / ( P ( X )) . W e asso ciate to T in a canonical w ay a nr × nr square matrix T with co efficients in Z and define F eedback with carry registers ov er F 2 n of length r with transition matrix T as a sequence generator whose state is an element pair ( a ( t ) , m ( t )) where a ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t )) ∈ ( F 2 n ) r and m ( t ) = ( m 1 ( t ) , . . . , m r ( t )) ∈ ( Z n ) r and whose op eration state change is given by a ( t + 1) =  a ( t ) ⊗ T ⊕ m ( t )  mod 2 m ( t + 1) =  a ( t ) ⊗ T ⊕ m ( t )  div 2 where ⊗ is defined in section 5. W e prov e the following structural theorem: Theorem 1.2. The 2 -adic exp ansion t =+ ∞ P t =0 c ( t )2 t wher e c ( t ) is any binary c omp onent of a i ( t ) is e qual to a r ational numb er p q wher e q = det( I rn − 2 T ) . 2 Binary F eedbac k with Carry Registers in Differen ts Mo des F eedbac k with carry shift registers or FCSRs w ere developped b y Goresky and Klapp er [6] [7] and [9]. These registers rely o ver a 2 -adic elegan t structure which is an alternative to the linear arc hitecture of LFSRs. They differ from LFSRs by adding memories and using computations o ver Z . Definition 2.1. A binary FCSR in Fib onac ci mo de of length r and c onne ction c o efficients q 1 , . . . , q r ∈ { 0 , 1 } is an automaton se quenc e gener ator whose state is an element ( a 0 , a . . . , a r − 1 , m r − 1 ) wher e a i ∈ { 0 , 1 } for al l i and m r − 1 ∈ Z and whose op er ation state change is given by the fol- lowing pr o c e dur e: • Compute the inte ger σ r = q r a 0 + . . . + q 1 a r − 1 + m r − 1 in Z . • Compute a r = σ r (mo d 2) and m r − 1 = σ r div 2 . • Output a 0 and m r − 1 , shift the other c o efficients a 1 , . . . , a r − 1 and enter a r and m r . ( a 0 , a 1 , . . . ) is c al le d the output se quenc e and q = q r 2 r + . . . + q 1 2 − 1 is c al le d the c onne ction inte ger of the F CSR. Definition 2.2. A binary FCSR in Galois mo de of length r with c onne ction c o efficients q 1 , . . . , q r ∈ { 0 , 1 } is an automaton whose state at the t th steps is an element s ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t ) , m 1 ( t ) , . . . , m r ( t )) ∈ { 0 , 1 } r × Z r and whose state change op er ation is as fol lows: • Compute σ i ( t + 1) = q i a 0 ( t ) + a i +1 ( t ) + m i +1 ( t ) for al l 0 ≤ i ≤ r − 2 and σ r − 1 ( t + 1) = q r a 0 ( t ) + m r ( t ) . • Compute a i ( t + 1) = σ i ( t + 1) (mod 2) and m i +1 ( t + 1) = σ i ( t + 1) div 2 for al l 1 ≤ i ≤ r . • Output a 0 ( t ) and r eplac e a i ( t ) by a i ( t + 1) and m i +1 ( t ) by m i +1 ( t + 1) for al l 1 ≤ i ≤ r . 3 VECTORIAL FCSR IN FIBONACCI MODE 3 s (0) is the initial state, ( a 0 (0) , a 0 (1) , a 0 (2) , . . . ) the output se quenc e. Unlik e the Fib onacci mo de, all cells are simultaneously up dated in Galois mo de. Galois mo de is more con venien t for cryptographic applications. Whatever the mo de, we asso ciate a 2 -adic in teger i =+ ∞ P i =0 a i 2 i to the output sequence. Theorem 2.1. The 2-adic inte ger asso ciate d to the output se quenc e is a r ational p q wher e q is the c onne ction inte ger (Definition 2), − p = i = r − 1 P i =0 a i 2 i + m r − 1 2 r − k = r − 1 P i =1 j = i P j =1 q i a i − j 2 i in Fib onac ci mo de and − p = i = r − 1 P i =0 a i (0)2 i + i = r P i =1 m i (0)2 i in Galois mo de . F CSR sequences hav e go o d randomness prop erties lik e p erio dicity , distribution of blo c k, balanced prop ert y , maximal p erio d sequences called l -sequences, cross-correlation of tw o level, etc. The Ring mo de for FCSR developped in [2] generalizes b oth Fibonacci and Galois mo des and has many adv antages o ver these b oth mo des. Definition 2.3 (F CR) . A binary F e e db ack with Carry R e gister (FCR) of length r with tr ansition matrix T is a se quenc e gener ator whose state is a p air ( a ( t ) , m ( t )) wher e a ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t )) ∈ { 0 , 1 } r and m ( t ) = ( m 1 ( t ) , . . . , m r ( t )) ∈ Z r ; and whose op er ation state change is given by a ( t + 1)) =  a ( t ) .T + m ( t )  mod 2 and m ( t + 1) =  a ( t ) .T + m ( t )  div 2 . (2.1) Fib onacci and Galois mo des of F CSR can b e represented as a Ring F CSR with a sp ecial transition matrix of the form (1.1). The analysis of binary F CR can b e made as in the Fib onacci case. Theorem 2.2. The output se quenc e ( a i (0) , a i (1) , . . . ) of a binary FCR defines a 2-adic inte ger which is a r ational numb er p i q wher e q = det( I − 2 T ) . T o generate l -sequences in Ring mo de, we hav e to choose a matrix T such that det( I − 2 T ) is prime and 2 is a primitive ro ot mo dulo det( I − 2 T ) . Unfortunately there is no simple metho d for general T to do this. 3 V ectorial F CSR in Fib onacci mo de T o construct FCSR ov er an y finite fields F 2 n , we use a v ectorial conception introduced by Klapp er [8]. W e ha ve completely developed the vectorial analysis of these registers [3]. They presen t the same basic prop erties as in the binary case. Description of the Automaton: Let P b e a primitiv e polynomial ov er F 2 of degree n . F 2 [ X ] / ( P ) is a vector space of dimension n o ver F 2 , w e consider its canonical basis  1 , ¯ X , . . . , ¯ X n − 1  . P is identified to its canonical lift in Z [ X ] and consider the free Z -mo dule Z [ X ] / ( P ) of rank n and its canonical basis B =  1 , ¯ X , . . . , ¯ X n − 1  . 3 VECTORIAL FCSR IN FIBONACCI MODE 4 Definition 3.1. A V e ctorial F CSR in Fib onac ci mo de over ( F 2 , P , B ) of length r with c on- ne ction c o efficients q 1 , . . . , q r ∈ F 2 [ X ] / ( P ) is an automaton whose state is an element s = ( a 0 , . . . , a r − 1 , m r − 1 ) wher e a i ∈ F 2 [ X ] / ( P ) and m r − 1 ∈ Z [ X ] / ( P ) and whose state change op er- ation is describ e d as fol lows: • Expr ess the elements a i , q i , m i in the b asis  1 , ¯ X , . . . , ¯ X n − 1  . ∀ i ∈ N , a i = a i 0 + a i 1 ¯ X + . . . + a i n − 1 ¯ X n − 1 wher e a i j ∈ { 0 , 1 } , ∀ 1 ≤ i ≤ r , q i = q i 0 + q i 1 ¯ X + . . . + q i n − 1 ¯ X n − 1 wher e q i j ∈ { 0 , 1 } , ∀ i ≥ r − 1 , m i = m i 0 + m i 1 ¯ X + . . . + m i n − 1 ¯ X n − 1 wher e m i j ∈ Z . • T ake the c anonic al lift of a i and q i in Z [ X ] / ( P ) with r esp e ct B . • Compute σ r = q r a 0 + . . . + q 1 a r − 1 + m r − 1 as a ve ctor in B . • Compute the c o or dinates of a r and m r with r esp e ct B : a r j = σ r j (mo d 2) and m r j = σ r j ( div 2) = 1 2 ( σ r j − a r j ) . (3.1) The fe e db ack function is f ( s ) = ( a 1 , . . . , a r , m r − 1 ) and the output function is g ( x 0 , . . . , x r − 1 , y ) = x 0 . The VF CSR gener ate a ve ctorial se quenc e a = ( g ( s ) , g ( f ( s )) , g ( f 2 ( s )) , . . . ) = ( a 0 , a 1 , a 2 , . . . ) . Figure 1 illustrates a VFCSR ov er ( F 2 , X 2 − X − 1 , B ) called VFCSR-Q in Fib onacci mo de. Analysis: W e decomp ose the output sequence a into n comp onen ts a j = ( a 0 j , a 1 j , · · · ) and asso ciate to each comp onent its 2-adic expansion β j = a 0 j + a 1 j 2 + · · · and form a 2-adic vector β = ( β j ) j . The connection in teger q = q r 2 r + . . . + q 1 2 − 1 is an element in Z [ X ] / ( P ) and its comp onen ts with resp ect B are ( ˜ q 0 − 1 , ˜ q 1 , . . . , ˜ q r ) where ˜ q j = q r j 2 r + . . . + q 1 j 2 . W e call ( ˜ q 0 , . . . , ˜ q r ) the c onne ction ve ctor of the VF CSR . Using simple computations, w e sho w that β is a solution of a linear system with integral co efficien ts represented b y an in vertible n × n matrix called the c onne ction matrix of the VF CSR and denoted M . Note that there is a subtile relation b etw een the transition matrix T used in the conception of a binary Ring mo de and the connection matrix M used in the analysis of a V ectorial FCSR (see Example 1 after Theorem 7). Theorem 3.1. Consider a VFCSR in Fib onac ci mo de over ( F 2 , P , B ) of length r with c onne ction ve ctor ( ˜ q 0 , . . . , ˜ q n − 1 ) , c onne ction inte ger q and c onne ction matrix M . Then for any se quenc e a gener ate d by this VF CSR, the asso ciate d 2-adic ve ctor β is in 1 | det M| Z n and | det M| is o dd. M is the matrix in the c anonic al b asis B of the line ar tr ansformation define d as the multiplic ation by − q and det( M ) = N ( − q ) = ( − 1) n N ( q ) wher e N = N Q [ X ] / ( P ) Q is the norm of the numb er field Q [ X ] / ( P ) over Q . The comp onen ts sequences a j are all p erio dic and the p erio ds divide the order of 2 mo dulo | N ( q ) | . The perio d of a is the lcm of the p eriods of the comp onen ts sequences. W e denote | N ( q ) | b y ˜ q and call it the c onne ction norm of the VFCSR . ˜ q can b e represented as an n -form with argumen ts ( ˜ q 0 , . . . , ˜ q r − 1 ) . This n -form is determined b y the form of the connection matrix. T o generate sequences with maximal p eriod, we must generate num b ers ˜ q suc h that ˜ q is a prime, 2 is a primitive ro ot mo dulo ˜ q and ˜ q is represented by the n -form defined by M . F or example, in the case where n = 2 , ˜ q must b e represented by the quadratic form u 2 + uv − v 2 with u = ˜ q 0 − 1 and v = ˜ q 1 . 4 VECTORIAL FCSR IN GALOIS MODE 5 Figure 1: VFCSR-Q in Fib onacci mo de. Pseudorandom Prop erties of VF CSRs: VFCSRs sequences hav e goo d pseudorandom prop- erties. In fact, we hav e tested VFCSR in the quadratic case ( n = 2) for several triplets ( ˜ q , u, v ) giv en in T able 1, using the pack age NIST STS [3]. This pack age consists of 15 different statisti- cal tests like p erfect balance, goo d uniform distribution, the Matrix rank, the Maurer test, the compressibilit y of sequences, etc. . . F or the quadratic case, we hav e t wo comp onen ts sequences a 0 and a 1 whic h hav e passed succesful all statistical tests. T o read T able 1, l x is the 2-adic length of x and is the size of the corresp onding binary FCSR; and l ( x,y ) = max( l x , l y ) is the size of the corresp onding VFCSR-Q. 4 V ectorial F CSR in Galois mo de In [4], w e developed the conception of VFCSR in Galois mo de, esp ecially the quadratic c ase called VFCSR-Q (see Fig 2) and w e ha ve presented a new stream cipher design based on a filtered quadratic VF CSR automaton and called F-VF CSR-Q. In the following, we briefly describe VF CSR in Galois mo de, analyses basic properties. F or more details, w e refer to [4]. Definition 4.1. A V e ctorial F CSR in Galois mo de over ( F 2 , P , B ) of length r with c onne c- tion c o efficients q 1 , . . . , q r ∈ F 2 [ X ] / ( P ) is an automaton whose state is an element s ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t ) , m 1 ( t ) , . . . , m r ( t )) wher e a i ( t ) ∈ F 2 [ X ] / ( P ) and m i ( t ) ∈ Z [ X ] / ( P ) and whose state change op er ation is describ e d as fol lows: 4 VECTORIAL FCSR IN GALOIS MODE 6 l e q e q l ( u,v ) u v l e q e q l ( u,v ) u v 4 11 2 3 2 16 101419 8 331 354 4 11 5 31 50 16 109891 8 331 330 10 1259 5 35 34 16 115259 8 339 338 9 829 5 35 44 16 103451 8 339 370 13 8821 6 85 28 16 112181 8 351 380 11 2389 6 85 124 16 121421 8 351 332 12 8179 6 89 86 17 132499 8 373 390 11 3581 6 89 124 17 157141 8 373 316 13 9949 6 95 84 18 389219 9 637 662 12 7621 6 95 108 18 395429 9 651 692 18 411491 9 639 634 18 424451 9 651 650 18 428339 9 657 662 18 443771 9 657 638 18 467171 9 683 682 18 481619 9 675 634 18 502499 9 689 646 20 1164589 9 1001 204 20 3932741 10 2001 2036 T able 1: Some triplets and their length. • W rite elements in the b asis B . ∀ 0 ≤ i < r , a i ( t ) = a i 0 ( t ) + a i 1 ( t ) ¯ X + . . . + a i n − 1 ( t ) ¯ X n − 1 wher e a i j ( t ) ∈ { 0 , 1 } , ∀ 1 ≤ i ≤ r , q i = q i 0 + q i 1 ¯ X + . . . + q i n − 1 ¯ X n − 1 wher e q i j ∈ { 0 , 1 } , ∀ 1 ≤ i ≤ r , m i ( t ) = m i 0 ( t ) + m i 1 ( t ) ¯ X + . . . + m i n − 1 ( t ) ¯ X n − 1 wher e m i j ( t ) ∈ Z . (4.1) • T ake the c anonic al lift of the c ol le ction of a i ( t ) and q i in Z [ X ] / ( P ) with r esp e ct B . • Compute σ i ( t + 1) = q i +1 a 0 ( t ) + a i +1 ( t ) + m i +1 ( t ) as a ve ctor in B . • Compute the c o or dinates of a i ( t + 1) and m i +1 ( t + 1) wrt B : a i l ( t + 1) = σ i l ( t + 1) (mo d 2) and m i l ( t + 1) = 1 2 ( σ i l ( t + 1) − a i l ( t + 1)) . (4.2) s (0) is the initial state, the fe e db ack function is f ( s ( t )) = s ( t + 1) and the output function is g ( s ) = g ( x 0 , . . . , x r − 1 , y 1 , . . . , y r ) = ( g 0 ( s ) , . . . , g r − 1 ( s )) = ( x 0 , . . . , x r − 1 ) . The Galois VF CSR gener ates r ve ctorial infinite output se quenc es, for al l 0 ≤ i ≤ r − 1 : a i = ( g i ( s (0)) , g i ◦ f ( s (0)) , g i ◦ f 2 ( s (0)) , . . . ) = ( a i (0) , a i (1) , a i (2) , . . . ) . Analysis: W e use the same metho d as in the Fib onacci case except that we study r output v ectorial sequences. Eac h vectorial outp ut sequence a i corresp onds to n binary sequences a i j = ( a i j (0) , a i j (1) · · · ) . Let β i j = a i j (0) + a i j (1)2 + · · · b e the 2 -adic expansion of a i j and β a 2 -adic 4 VECTORIAL FCSR IN GALOIS MODE 7 Figure 2: VFCSR-Q in Galois mo de. v ector asso ciated to a v ectorial sequence a b oth of length nr . Simple computations shows that β satisfies a linear system with integral co efficients. This system is represented by an inv ertible r n × r n matrix called the c onne ction matrix of the Galois VFCSR also denoted M . M is equal to the identit y matrix minus a matrix with ev en coefficients. M =             1 − ∗ · · · ∗ − 2 (0) . . . . . . . . . − 2 ∗ · · · 1 − ∗ (0) . . . ∗ · · · ∗ 1 (0) . . . . . . 1 ∗ · · · ∗ (0) . . .             (4.3) Theorem 4.1. Consider a VFCSR in Galois mo de over ( F 2 , P , B ) of length r with c onne ction inte ger q and c onne ction matrix M . Then for any se quenc e a gener ate d by this VFCSR, the asso ciate d 2-adic ve ctor β is in 1 | det M| Z nr , | det M| is o dd and det( M ) = N ( − q ) . VF CSR in Galois mode ha ve the same prop erties of VFCSRs in Fib onacci mo de : perio dicity , existence of l -sequences etc. . . Figure 2 illustrates VFCSR-Q in Galois mo de. W e hav e tak en the 5 VECTORIAL FCSR IN RING MODE 8 ˜ q = 3974140296190695420616004753553979604200521434082 082527268932790276172312852637472641991806538949 u = 1993524591318275015328041611344215036460140087963 v = 1993524591318275015328041611344215036460140087860 T able 2: Example of triplet connection in Galois mo de quadratic case n = 2 (VF CSR-Q) and the triplet connection in T able 2 to design a cryptographic random generator. F or more detail see [4]. 5 V ectorial F CSR in Ring mo de Definition 5.1 (VF CR) . A V e ctorial F e e db ack with Carry R e gister over ( F 2 , P , B ) of length r with r × r tr ansition matrix T = ( t i,j ) and c o efficients in F 2 [ X ] / ( P ) is an automaton whose state is a p air ( a ( t ) , m ( t )) wher e a ( t ) = ( a 0 ( t ) , . . . , a r − 1 ( t )) ∈ ( F 2 [ X ] / ( P )) r and m ( t ) = ( m 1 ( t ) , . . . , m r ( t )) ∈ ( Z [ X ] / ( P )) r ; and whose op er ation state change is given by: • W rite the c ol le ction of a i ( t ) , m i ( t ) and t i,j in the b asis B . • T ake the c anonic al lift of the c ol le ction of a i ( t ) and of t i,j in Z [ X ] / ( P ) with r esp e ct B . • W rite a ( t ) and m ( t ) as ve ctors of dimension nr a ( t ) = ( a 0 0 ( t ) , . . . , a 0 n − 1 ( t ) , . . . , a r − 1 0 ( t ) , . . . , a r − 1 n − 1 ( t )) m ( t ) = ( m 1 0 ( t ) , . . . , m 1 n − 1 ( t ) , . . . , m r 0 ( t ) , . . . , m r n − 1 ( t )) . (5.1) • R eplac e the multiplic ation a i ( t ) t i,j in (2.1) by the "ve ctorial" multiplic ation ⊗ in (5.2) and wher e M t i,j is the matrix in the c anonic al b asis B of the line ar tr ansformation define d by the multiplic ation by t i,j . a i ( t ) t i,j = ( a i 0 ( t ) , . . . , a i n − 1 ( t )) ⊗ M t i,j (5.2) • F r om the blo cks M t i,j , c onsider the big r n × rn matrix T = ( M t i,j ) i,j with c o efficients in Z . • W rite the addition with m ( t ) in (2.1) as a ve ctorial addition ⊕ with the c omp onents of m ( t ) in (5.1) and c ompute a ( t ) ⊗ T ⊕ m ( t ) . • Apply mod 2 and div 2 c omp onentwise in this e quation. The Ring mo de for VFCSR is the c ase wher e t i +1 ,i = 1 for al l i . Theorem 5.1. Consider a VF CR. F or al l 0 ≤ i ≤ r − 1 and 0 ≤ j ≤ n − 1 , the output se quenc e ( a i j (0) , a i j (1) , . . . ) is asso ciate d to a r ational numb er p i,j ˜ q wher e ˜ q = det( I rn − 2 T ) . Example 1: FCSR and VFCSR in Fibonacci and Galois mode. VFCSR in these b oth mo des can b e represen ted respectively by the following F and G F =      0 . . . 0 M q r I n . . . 0 M q r − 1 . . . . . . . . . . . . 0 . . . I n M q 1      and G =      M q 1 . . . M q r − 1 M q r I n . . . 0 0 . . . . . . . . . . . . 0 . . . I n 0      , (5.3) 5 VECTORIAL FCSR IN RING MODE 9 where I n is the identit y matrix of dimension n , 0 is the zero matrix and M q i is the matrix of the linear transformation in B defined as the m ultiplication by q i . Using linear transformations on lines, w e show that I nr − 2 F can b e reduced to a 2 × 2 low er triangular block-matrix with the connection matrix M in the Fib onacci case and the iden tity I n ( r − 1) on the diagonal. The connection matrix of Galois VFCSR in (4.3) is I rn − 2 G t where G t is the transp ose of G . F or binary FCSR in Ring mo de, M q i = q i . Example 2: VF CR-Q of size 2 . a VFCR-Q is a VFCSR o v er ( F 2 , X 2 − X − 1 , B ) . F or r = 2 , the register can b e represented by t wo registers: the main register and the carry register. Eac h register can b e decomp osed in to tw o mo dules of t wo cells or tw o carries (see Fig 3). The Figure 3: V ectorial F eedback with Carry for ˜ q = 61 . transition matrix T is of the form (5.4) and the computations are given by (5.5) T =     t 1 , 1 0 t 1 , 1 1 t 1 , 1 1 t 1 , 1 0 + t 1 , 1 1 t 1 , 2 0 t 1 , 2 0 t 1 , 2 1 t 1 , 2 0 + t 1 , 2 1 t 2 , 1 0 t 2 , 1 1 t 2 , 1 1 t 2 , 1 0 + t 2 , 1 1 t 2 , 2 0 t 2 , 2 1 t 2 , 2 1 t 2 , 2 0 + t 2 , 2 1     (5.4) ( a 0 0 ( t ) , a 0 1 ( t ) , a 1 0 ( t ) , a 1 1 ( t )) ⊗ T ⊕ ( m 1 0 ( t ) , m 1 1 ( t ) , m 2 0 ( t ) , m 2 1 ( t )) . (5.5) W e can built 2 nr 2 distinct VFCRs o ver F 2 n of size r . Among all binary FCR of size 4 , the maximal p erio d is 60 and there is a VF CR-Q of size 2 generating a sequence with this p eriod (see T able 3). F or example, with the transition matrix T b ellow which correp onds to the transition matrix T (5.6), we can generate tw o vectorial sequences with p erio d ord ˜ q (2) = 60 where ˜ q = | det( I − 2 T 0 ) | = 61 . W e hav e loading initial state ( a 0 , a 1 , m 1 , m 2 ) = (1 + ¯ X , 1 , 0 , ¯ X ) and output 6 VECTORIAL MEMOR Y REQUIREMENTS 10 the sequence of T able 4. T =  X X 1 + X 0  , T =     0 1 0 1 1 1 1 1 1 1 0 0 1 2 0 0     (5.6) Registers differen ts v alues maximal p erio d mo dels ˜ q = | det( I − 2 T ) | ord ˜ q (2) = ˜ q − 1 binary FCR of size 2 2 4 1,3,5 2,4 binary FCR of size 4 2 16 1,3,5,7,9, · · · ,59,61,63, 2,4,10,12,18, 69,75,77,81,87,91,99,135 28,36,52,58,60 VF CSR-Q in Fib. 2 4 1,5,9,11,19,25,29 4,10,18,28 and Gal. of size 2 ,31,41 VF CR-Q 2 8 1,5,9,11,19,25,29, 4,10,18,28,60 of size 2 31,41,45,49,55,61,99 T able 3: Comparaison of maximal p erio ds of F CR of size 2 , 4 and VFCR-Q of size 2 . a 0 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 0 0 0 1 0 1 1 0 1 1 0 0 a 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 1 a 1 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 a 1 1 0 1 0 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 a 0 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0 0 0 0 1 1 0 1 0 1 a 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 0 a 1 0 1 1 0 0 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 1 1 0 1 0 0 1 0 0 1 1 0 0 a 1 1 0 1 0 0 0 0 0 1 1 0 1 0 1 1 1 0 0 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 1 1 1 1 1 0 0 1 0 1 0 0 0 1 T able 4: Example of VF CR-Q sequence of perio d 60. 6 V ectorial memory requirements It’s important to describ e the memory b ehavior when the register runs. Concretely , each cell has a determined num b er of connections (with other cells of the main register) ov er the connection to the memory cell corresponding (see figure 4). It exists a range of v alues stable for the memory . Theorem 6.1. Consider a VFCR with ve ctorial tr ansition matrix T . Cal l C i j the ( in + j ) - th c olumn of T and w i j the sum of its c o efficients. L et ( a ( t ) , m ( t )) the state of the t -th step of the r e gister. The c o or dinates of the next state ar e given by the fol lowing r e cursive r elat ion: a ( t ) . C i j + m i j ( t ) = a i j ( t + 1) + 2 m i j ( t + 1) . If m i j ( t ) ∈ [0 , w i j [ , then m i j ( t + 1) ∈ [0 , w i j [ . F or example, with the transition matrix T (5.6) and the initial state (1 + ¯ X , 1 , 0 , ¯ X ) , w e obtain these following v alues for the memories: F or example, with the vectorial transition matrix T (5.6) and the initial state (1 + ¯ X , 1 , 0 , ¯ X ) , we obtain the memory v alues of the T able 5 and w e can see that m 0 0 returns and remains in the interv al [0 , w 0 0 [ , m 0 1 in [0 , w 0 1 [ , m 1 0 in [0 , w 1 0 [ and m 1 1 in [0 , w 1 1 [ where w 0 0 = 3 , w 0 1 = 5 , w 1 0 = 1 and w 1 1 = 2 . 7 CONCLUSION 11 Figure 4: Representation of cell and its connections. m 0 0 0 1 2 2 1 1 1 2 2 2 2 1 1 1 1 1 1 1 1 2 2 2 2 2 1 1 1 0 1 1 1 0 0 0 1 1 1 0 0 0 0 1 1 1 1 · · · m 0 1 0 1 2 2 1 2 2 3 3 3 3 2 2 1 2 3 3 2 1 2 3 3 3 3 1 1 2 1 2 2 2 1 2 2 3 2 2 1 1 1 1 2 2 3 2 · · · m 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 · · · m 1 1 1 1 1 1 0 1 1 1 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 1 1 0 1 1 · · · T able 5: Memory v alues. 7 Conclusion W e extended the notion of VFCSR to the notion of VF CR which are defined by an arbitrary transition matrix. This allo ws to v ary the mo del register pla ying with the connections and to construct F CR ov er F 2 n . On the other hand, VFCR structure allow ed to extract n bytes every time the generator is clock ed, it is more efficient than the classical FCR. Moreo ver, we can obtain maximal p erio ds greather than those of the classical models called Fib onacci, Galois or Ring. References [1] G. Mrugalski, J. Ra jski, and J. T yszer, Ring generators - new devices for embedded test applications, IEEE T rans. on CAD of Integrated Circuits and Systems 23(9) (2004), 1306- 1320. 267 [2] F. Arnault, T. Berger, C. Lauradoux, M. Minier, and B. Pousse, A New Approach to F CSRs, In Selected Areas in Cryptography - SAC 2009, Sep. 13, 2009, Calgary , Canada, col. LNCS, v ol. 5867, pp. 433-448 REFERENCES 12 [3] A. Marjane and B. Allailou: V ectorial Conception of FCSR, SET A 2010, in LNCS, vol. 6338, Springer V erlag (September 2010), pp. 240–252. [4] B. Allailou, A. Marjane and A. Mokrane: Design of a No vel Pseudo-Random Generator Based on V ectorial F CSRs, WISA 2010, in LNCS, 6513, Springer V erlag, pp. 76-91. [5] Mark Goresky , Andrew Klapp er: Algebraic Shift Register Sequences. h ttp://www.cs.uky .edu/ ∼ klapp er/algebraic.html (2009) [6] M. Goresky and A. Klapp er: 2-adic shift registers, Proceedings, F ast Soft ware Encryption LNCS, vol. 809, Springer V erlag, 1994. pp. 174-178. [7] M. Goresky and A. Klapp er: F eedbac k shift registers, com biners with memory , and 2-adic span, Journal of Cryptology , 10 (1997), 111-147. [8] Andrew Klapp er: F eedback with C arry Shift Registers ov er Finite Fields (extended abstract). FSE 1994: 170-178. [9] A. Klapper and M. Goresky: Fibonacci and Galois Representations of F eedbac k-With-Carry Shift Registers, IEEE transactions on information theory , V ol. 48, No. 11, Nov ember 2002.