Journal of Cryptology

, Volume 10, Issue 2, pp 111–147 | Cite as

Feedback shift registers, 2-adic span, and combiners with memory

  • Andrew KlapperEmail author
  • Mark Goresky


Feedback shift registers with carry operation (FCSRs) are described, implemented, and analyzed with respect to memory requirements, initial loading, period, and distributional properties of their output sequences. Many parallels with the theory of linear feedback shift registers (LFSRs) are presented, including a synthesis algorithm (analogous to the Berlekamp-Massey algorithm for LFSRs) which, for any pseudorandom sequence, constructs the smallest FCSR which will generate the sequence. These techniques are used to attack the summation cipher. This analysis gives a unified approach to the study of pseudorandom sequences, arithmetic codes, combiners with memory, and the Marsaglia-Zaman random number generator. Possible variations on the FCSR architecture are indicated at the end.

Key words

Binary sequence Shift register Stream cipher Combiner with memory Cryptanalysis 2-Adic numbers Arithmetic code 1/q Sequence Linear span 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    E. Bach, Efficient prediction of Marsaglia-Zaman random number generators, Draft, University of Wisconsin, 1993.Google Scholar
  2. [2]
    J. T. Barrows, Jr., A new method for constructing multiple error correcting linear residue codes, Report R-277, Coordinated Science Laboratory, University of Illinois, Urbana, 1966.Google Scholar
  3. [3]
    L. Blum, M. Blum, and M. Shub, A simple unpredictable pseudo-random number generator,SIAM J. Comput., vol. 15, 1986, pp. 364–383.zbMATHCrossRefMathSciNetGoogle Scholar
  4. [4]
    A. Blumer and J. Blumer, Linear size finite automata for the set of all subwords of a word: An outline of results.Bull. European Assoc. Theoret. Comput. Sci., vol. 21, 1983, pp. 68–77.Google Scholar
  5. [5]
    E. Bombieri, Personal communication.Google Scholar
  6. [6]
    A. Chan and R. Games, On the quadratic span of de Bruijn sequences,IEEE Trans. Inform. Theory, vol. 36, 1990, pp. 822–829.zbMATHCrossRefMathSciNetGoogle Scholar
  7. [7]
    U. Cheng, On the continued fraction and Berlekamp's algorithm,IEEE Trans. Inform. Theory, vol. 30, 1984, pp. 541–544.zbMATHCrossRefMathSciNetGoogle Scholar
  8. [8]
    H. Cohen,A Course in Computational Algebraic Number Theory, Springer-Verlag, New York, 1993.zbMATHGoogle Scholar
  9. [9]
    Z. D. Dai and K. C. Zeng, Continued fractions and the Berlekamp-Massey algorithm,Advances in Cryptology—AUSCRYPT '90. Lecture Notes in Computer Science, vol. 453. Springer-Verlag, Berlin, 1990.CrossRefGoogle Scholar
  10. [10]
    C. Ding,Stream Ciphers and Number Theory, to appear.Google Scholar
  11. [11]
    H. D. Ebbinghauset al., Numbers, Graduate Texts in Mathematics, vol. 123, Springer-Verlag, New York, 1990.zbMATHGoogle Scholar
  12. [12]
    C. F. Gauss,Disquisitiones Arithmeticae, 1801; reprinted in English translation by Yale University Press, New Haven, CT, 1966.Google Scholar
  13. [13]
    S. Golomb,Shift Register Sequences, Aegean Park Press, Laguna Hills, CA, 1982.Google Scholar
  14. [14]
    R. T. Gregory and E. V. Krishnamurthy.Methods and Applications of Error-Free Computation, Springer-Verlag, New York, 1984.zbMATHGoogle Scholar
  15. [15]
    G. H. Hardy and J. E. Littlewood, Some problems of “Partitio Numerorum”; III: On the expression of a number as a sum of primes.Acta Mathematica, vol. 44, 1922, pp. 1–70.CrossRefMathSciNetGoogle Scholar
  16. [16]
    G. Hardy and E. Wright,An Introduction to the Theory of Numbers, Oxford University Press, Oxford, 1979.zbMATHGoogle Scholar
  17. [17]
    C. Hooley, On Artin's conjecture,J. Reine Angew. Math., vol. 22, 1967, pp. 209–220MathSciNetGoogle Scholar
  18. [18]
    K. Ireland and M. Rosen,A Classical Introduction to Modern Number Theory, Springer-Verlag, New York, 1990.zbMATHGoogle Scholar
  19. [19]
    C. J. A. Jansen, Information theory of shift registers, In:Proceedings of the Tenth Symposium on Information Theory in the Benelux (A. M. Barbe, ed.), Werkgemeenschap voor Inf.- & Communicatietheorie, Enschede, 1989, pp. 153–160.Google Scholar
  20. [20]
    C. J. A. Jansen and D. E. Boekee, The shortest feedback shift register that can generate a given sequence, In:Advances in Cryptology—CRYPTO '89 (G. Brassard, ed.). Lecture Notes in Computer Science, vol. 435, Springer-Verlag, Berlin, 1990, pp. 90–99.Google Scholar
  21. [21]
    C. J. A. Jansen and D. E. Boekee, On the significance of the directed acyclic word graph in cryptology, In:Advances in Cryptology—AUSCRYPT '90. Lecture Notes in Computer Science, vol. 453, Springer-Verlag, Berlin, 1990, pp. 318–326.Google Scholar
  22. [22]
    A. Klapper, Feedback with carry shift registers over finite fields,Fast Software Encryption, Second International Workshop. Lecture Notes in Computer Science, vol. 1008, Springer-Verlag, Berlin, 1995, pp. 170–178.Google Scholar
  23. [23]
    A. Klapper and M. Goresky, 2-adic shift registers,Fast Software Encryption. Lecture Notes in Computer Science, vol. 809, Springer-Verlag, Berlin, 1994, pp. 174–178.Google Scholar
  24. [24]
    A. Klapper and M. Goresky, Feedback registers based on ramified extensions of the 2-adic numbers,Advances in Cryptology—Eurocrypt 1994, Perugia, Italy. Lecture Notes in Computer Science, vol. 950, Springer-Verlag, Berlin, 1995, pp. 215–222.Google Scholar
  25. [25]
    A. Klapper and M. Goresky, Large period nearly deBruijn FCSR sequences,Advances in Cryptology— Eurocrypt 1995. Lecture Notes in Computer Science, vol. 921, Springer-Verlag, Berlin, 1995, pp. 263–273.Google Scholar
  26. [26]
    A. Klapper and M. Goresky, Cryptanalysis based on 2-adic rational approximation,Advances in Cryptology—CRYPTO '95. Springer Lecture Notes in Computer Science, vol. 963. Springer-Verlag, Berlin, 1995, pp. 262–273.Google Scholar
  27. [27]
    A. Klapper and M. Goresky, Arithmetic cross-correlation of FCSR sequences. University of Kentucky, Technical Report, no. 262-96, 1996.Google Scholar
  28. [28]
    D. Knuth,The Art of Computer Programming, vol. 2,Seminumerical Algorithms, Addison-Wesley, Reading, MA, 1981.Google Scholar
  29. [29]
    N. Koblitz,p-Adic Numbers, p-Adic Analysis, and Zeta Functions, Graduate Texts in Mathematics, vol. 58, Springer-Verlag, New York, 1984.Google Scholar
  30. [30]
    E. V. Krishnamurthy and R. T. Gregory, Mapping integers and Hensel codes onto Farey fractions,BIT, vol. 23, 1983, pp. 9–20.CrossRefMathSciNetGoogle Scholar
  31. [31]
    A. Lempel, M. Cohn, and W. Eastman, A class of balanced binary sequences with optimal autocorrelation properties,IEEE Trans. Inform. Theory, vol. IT-23, 1977, pp. 38–42.zbMATHCrossRefMathSciNetGoogle Scholar
  32. [32]
    K. Mahler, On a geometrical representation ofp-adic numbers,Ann. of Math., vol. 41, 1940, pp. 8–56.CrossRefMathSciNetGoogle Scholar
  33. [33]
    D. Mandelbaum, Arithmetic codes with large distance,IEEE Trans. Inform. Theory, vol. IT-13, 1967, pp. 237–242.zbMATHCrossRefGoogle Scholar
  34. [34]
    D. Mandelbaum, An approach to an arithmetic analog of Berlekamp's algorithm,IEEE Trans. Inform. Theory, vol. IT-30, 1984, pp. 758–762.zbMATHCrossRefMathSciNetGoogle Scholar
  35. [35]
    G. Marsaglia, The mathematics of random number generators,The Unreasonable Effectiveness of Number Theory, American Mathematical Society, Providence, RI, 1992, pp. 73–90.Google Scholar
  36. [36]
    G. Marsaglia and A. Zaman, A new class of random number generators,Ann. Appl. Probab., vol. 1, 1991, pp. 462–480.zbMATHMathSciNetGoogle Scholar
  37. [37]
    J. Massey and R. Rueppel, Method of, and apparatus for, transforming a digital data sequence into an encoded form, U.S. Patent No. 4,797,922. 1989.Google Scholar
  38. [38]
    W. Meier and O. Staffelbach, Correlation properties of combiners with memory in stream ciphers,Advances in Cryptology—EUROCRYPT '90.Workshop on the Theory and Application of Cryptographic Techniques Proceedings, Springer-Verlag, Berlin, 1991, pp. 204–213.Google Scholar
  39. [39]
    W. Meier and O. Staffelbach, Correlation properties of combiners with memory in stream ciphers,J. Cryptology vol. 5, 1992, pp. 67–86.zbMATHCrossRefMathSciNetGoogle Scholar
  40. [40]
    W. H. Mills, Continued fractions and linear recurrences,Math. Comput., vol. 29, 1975, pp. 173–180.zbMATHCrossRefMathSciNetGoogle Scholar
  41. [41]
    W. W. Peterson and E. J. Weldon, Jr.,Error-Correcting Codes, 2nd edn., MIT Press, Cambridge, MA, 1972.zbMATHGoogle Scholar
  42. [42]
    J. Pollard, The fast Fourier transform in a finite field,Math. Comput., vol. 25, 1971, pp. 365–374.zbMATHCrossRefMathSciNetGoogle Scholar
  43. [43]
    T. R. N. Rao,Error Coding For Arithmetic Processors, Academic Press, New York, 1974.zbMATHGoogle Scholar
  44. [44]
    R. Rueppel,Analysis and Design of Stream Ciphers, Springer-Verlag, New York, 1986.zbMATHGoogle Scholar
  45. [45]
    B. Schneier,Applied Cryptography, Wiley, New York, 1996.Google Scholar
  46. [46]
    A. Schönhage and V. Strassen, Schnelle Multiplikation Grosser Zahlen,Computing, vol. 7, 1971, pp. 281–292.zbMATHCrossRefGoogle Scholar
  47. [47]
    B. M. M. de Weger, Approximation lattices ofp-adic numbers,J. Number Theory, vol. 24, 1986, pp. 70–88.zbMATHCrossRefMathSciNetGoogle Scholar
  48. [48]
    L. R. Welch and R. A. Scholtz, Continued fractions and Berlekamp's algorithm,IEEE Trans. Inform. Theory, vol. 25, 1979 pp. 19–27.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© International Association for Cryptologic Research 1997

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of KentuckyLexingtonU.S.A.
  2. 2.School of MathematicsInstitute for Advanced StudyPrincetonU.S.A.

Personalised recommendations