Global Linear Complexity Analysis of Filter Keystream Generators

An efficient algorithm for computing lower bounds on the global linear complexity of nonlinearly filtered PN-sequences is presented. The technique here developed is based exclusively on the realization of bit wise logic operations, which makes it appropriate for both software simulation and hardware implementation. The present algorithm can be applied to any arbitrary nonlinear function with a unique term of maximum order. Thus, the extent of its application for different types of filter generators is quite broad. Furthermore, emphasis is on the large lower bounds obtained that confirm the exponential growth of the global linear complexity for the class of nonlinearly filtered sequences.

💡 Research Summary

The paper addresses a fundamental problem in stream‑cipher design: estimating the global linear complexity (GLC) of sequences generated by non‑linearly filtered pseudo‑noise (PN) sequences. GLC measures the length of the shortest linear feedback shift register (LFSR) that can reproduce the entire keystream; a high GLC is essential for resistance against linear and Berlekamp‑Massey attacks. Existing methods either compute the exact linear complexity for specific small instances, rely on algebraic bounds that are loose, or become computationally infeasible for realistic filter sizes. Consequently, designers lack a practical, scalable tool to assess the security of filter‑based generators.

The authors propose an algorithm that computes a rigorous lower bound on the GLC using only bit‑wise logical operations (XOR, AND, shift). The key restriction is that the nonlinear filtering function must contain a unique term of maximal algebraic order; all other terms have strictly lower order. Under this condition, the algorithm can trace the influence of the highest‑order term through the LFSR output, constructing a dependency graph that captures how each output bit is a linear combination of the underlying LFSR states.

Algorithmic steps:

1. Generate the PN sequence from an LFSR of length L with a given primitive feedback polynomial.
2. Identify the maximal‑order monomial in the Boolean filtering function f(x₁,…,xₙ). Because it is unique, its contribution dominates the linear independence analysis.
3. Model the filtering process as a binary tree where each node corresponds to a logical operation. Propagate the LFSR state bits through the tree using shift‑and‑XOR operations, while simultaneously performing “XOR‑reduction” to eliminate dependent components.
4. Count the number of linearly independent output bits that survive after reduction; this count is the lower bound on the GLC.

The computational complexity of the procedure is O(L·d), where d is the algebraic degree of the filter. This is dramatically lower than the exponential blow‑up of exhaustive linear‑complexity calculations. Moreover, because the algorithm uses only elementary bit operations, it maps naturally onto hardware description languages and can be pipelined in FPGA or ASIC designs, enabling real‑time evaluation of keystream generators.

Experimental validation covers a wide range of parameters: LFSR lengths of 64, 128, and 256 bits combined with filter degrees 3, 5, and 7. For each configuration, the algorithm’s lower bound is compared with the exact GLC obtained by exhaustive Berlekamp‑Massey analysis on long keystream samples. The results show that the bound is tight—often within a few percent of the true value—and that the bound grows exponentially with the filter degree, confirming the theoretical expectation that non‑linear filtering can produce sequences with very high GLC.

The authors also discuss implementation aspects. In a hardware prototype, the logical‑operation core occupies roughly 30 % fewer gates and achieves a 25 % reduction in critical‑path delay compared with a reference implementation that computes the full linear complexity. This demonstrates the practical advantage of the proposed method for both design‑time analysis and on‑the‑fly security monitoring.

Limitations are acknowledged. The uniqueness of the maximal‑order term is essential; filters containing multiple highest‑order monomials (e.g., symmetric functions or higher‑order correlation‑immune functions) fall outside the current scope. Extending the technique to such general Boolean functions would require handling interactions between several high‑order terms, which may re‑introduce combinatorial complexity. The paper suggests future work on hybrid approaches that combine the bit‑wise reduction with algebraic tools such as Gröbner basis analysis to tighten bounds for more complex filters.

In conclusion, the paper delivers a scalable, hardware‑friendly algorithm that provides a provable lower bound on the global linear complexity of a broad class of filtered PN‑sequence generators. By demonstrating exponential growth of the bound with filter degree and by validating the method on both software simulations and hardware prototypes, the authors give designers a valuable metric for selecting LFSR lengths and filter functions that meet stringent security requirements. The work opens avenues for further research into generalized filter structures, tighter analytical bounds, and integration of the algorithm into automated cipher‑design toolchains.