# On the Linear Complexity of Combined Shift Register Sequences

## Abstract

Many proposed keystream generators consist of a number of binary maximum length shift registers combined by a nonlinear binary function. The registers guarantee a long period and the nonlinear function destroys the linearity i.e. it gives the output sequence a large linear complexity <l>, (linear equivalent <2>). In order to avoid correlation attacks the function should also be correlation immune <3> i.e. the output sequence should be statistically independent of the various inputs. There is however a trade off between the linear complexity and the order of correlation immunity, since it is not easy to achieve both properties. The reason for this is that in the binary field GF(2) there are too few functions. As an example the only correlation immune function of two variables is linear.

## References

- <1>.T. Herlestam, “On the Complexity of Functions of Linear Shift Register Sequences”, IEEE 1982, Les ARcs, France.Google Scholar
- <2>.E.J. Groth, “Generation of Binary Sequences with Controllable Complexity”, IEEE Trans. on Inf. Th. It-17 1971.Google Scholar
- <3>.T. Siegenthaler, “Correlation Immunity of Nonlinear Combining Functions for Cryptographic Applications.” IEEE Trans. on Inf. Th. It-30 1984.Google Scholar
- <4>.E.S. Selmer, “Linear Recurrence Relations over Finite Fields”, Dept of Math., Univ. of Bergen, Norway, 1966.Google Scholar
- <5>.N. Zierler and W.H. Mills, “Products of Linear Recurring Sequences”, J. Algebra, 27, 1973.Google Scholar
- <6>.T. Beth, “Stream Ciphers”, Proceedings of Secure Digit Comm. C.I.S.M. Udine 1982.Google Scholar
- <7>.T. Herlestam, private communication, to be published.Google Scholar