Injectivity of Compressing Maps on Primitive Sequences Over Z/(pe)

2960 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 53, NO. 8, AUGUST 2007

Let (�; �; �; �1) be the set of parameters achieving the minimum. Thenby Theorem 8, we have

RHB(D1; D2) = SD (�; �; �; �1)

� [1� h(D1 � p) + �G(�0)]

where D2 = ��0 + (1� �)p. Moreover 0 � �0 � p, because both �and � are in this range, and �0 is the convex combination of them. Thus

RHB(D1;D2) � 1� h(D1 � p) + minD =�� +(1��)p

[�G(�0)]

with the minimization range 0 � �0 � p and 0 � � � 1. Comparingit with the rate distortion function R�

X jY (D) of (35) establishes theclaim.

C. Proof of Corollary 2

In [4], it was proved that when D2 � dc; R�X jY (D2) = G(D2),

and by Corollary 1, RHB(D1;D2) � 1�h(D1 � p)+G(D2) for thiscase. To show RHB(D1;D2) � 1 � h(D1 � p) + G(D2), considerthe following test channel. Let W2 be the output of a binary symmetricchannel (BSC) with crossover probability D2 and input X , let W1 bethe (cascade) output of a BSC with crossover probability � with inputW2, such that ��D2 = D1; such an � always exists becauseD2 � D1.It can then be easily verified that

I(X;W1) + I(X;W2 jW1; Y ) = 1� h(D1 � p) +G(D2) (102)

and the distortion is D1 and D2 by taking f1(W1) = W1 andf2(W1;W2; Y ) = W2. The rate distortion theorem for this problemimplies that RHB(D1;D2) � 1 � h(D1 � p) + G(D2), whichcompletes the proof.

ACKNOWLEDGMENT

The authors wish to thank Dr. Jun Chen for reading an early draft andprovided valuable comments. The comments and suggestions by thereviewers and the Associate Editor Yossi Steinberg are also gratefullyacknowledged.

REFERENCES

[1] W. H. R. Equitz and T. M. Cover, “Successive refinement of informa-tion,” IEEE Trans. Inf. Theory, vol. 37, pp. 269–275, Mar. 1991.

[2] V. N. Koshelev, “Hierarchical coding of discrete sources,” Probl.Pered. Inform., vol. 16, no. 3, pp. 31–49, 1980.

[3] B. Rimoldi, “Successive refinement of information: Characterizationof achievable rates,” IEEE Trans. Inf. Theory, vol. 40, pp. 253–259,Jan. 1994.

[4] A. D. Wyner and J. Ziv, “The rate-distortion function for source codingwith side information at the decoder,” IEEE Trans. Inf. Theory, vol. 22,pp. 1–10, Jan. 1976.

[5] Y. Steinberg and N. Merhav, “On successive refinement for theWyner-Ziv problem,” IEEE Trans. Inf. Theory, vol. 50, pp. 1636–1654,Aug. 2004.

[6] C. Heegard and T. Berger, “Rate distortion when side information maybe absent,” IEEE Trans. Inf. Theory, vol. 31, pp. 727–734, Nov. 1985.

[7] A. Kaspi, “Rate-distortion when side-information may be present at thedecoder,” IEEE Trans. Inf. Theory, vol. 40, pp. 2031–2034, Nov. 1994.

[8] K. J. Kerpez, “The rate-distortion function of a binary symmetricsource when side information may be absent,” IEEE Trans. Inf.Theory, vol. 33, pp. 448–452, May 1987.

[9] M. Fleming and M. Effros, “Rate-distortion with mixed types of sideinformation,” in Proc. IEEE Symp. Inf. Theory, June–July 2003, p. 144.

[10] M. Fleming, “On Source Coding for Networks,” Ph.D. dissertation,California Institute of Technology, Pasadena, CA, 2004.

[11] Y. Steinberg and N. Merhav, “On hierarchical joint source-channelcoding with degraded side information,” IEEE Trans. Inf. Theory, vol.52, pp. 886–903, Mar. 2006.

[12] M. Effros, “Distortion-rate bounds for fixed- and variable-rate multires-olution source codes,” IEEE Trans. Inf. Theory, vol. 45, pp. 1887–1910,Sept. 1999.

[13] A. J. Grant, B. Rimoldi, R. L. Urbanke, and P. A. Whiting, “Rate-split-ting multiple access for discrete memoryless channels,” IEEE Trans.Inf. Theory, vol. 47, pp. 873–890, Mar. 2001.

[14] R. G. Gallager, Information Theory and Reliable Communication.New York: Wiley, 1968.

[15] A. D. Wyner, “The rate-distortion function for source coding with sideinformation at the decoder II: General sources,” Inform. contr., vol. 38,pp. 60–80, 1978.

[16] T. M. Cover and J. A. Thomas, Elements of Information Theory. NewYork: Wiley, 1991.

[17] I. Csiszar and J. Korner, Information Theory: Coding Theorems forDiscrete Memoryless Systems. New York: Academic, 1981.

Injectivity of Compressing Maps on PrimitiveSequences Over

Tian Tian and Wen-Feng Qi

Abstract—Let Z=(p ) be the integer residue ring with odd prime p andinteger e � 2. For a sequence a over Z=(p ), one has a unique p-adicexpansion a = a + a � p + � � � + a � p , where a can be re-garded as a sequence over Z=(p) for 0 � i � e � 1. Let f(x) be astrongly primitive polynomial over Z=(p ) and G (f(x); p ) be the setof all primitive sequences generated by f(x) over Z=(p ). Recently, theauthors, Xuan-Yong Zhu and Wen-Feng Qi, have proved that for a func-tion '(x ; . . . ; x ) = g(x ) + �(x ; . . . ; x ) over Z=(p) and a;b 2 G (f(x); p ), where 2 � deg g � p � 1; '(a ; a ; . . . ; a ) ='(b ; b ; . . . ; b ) if and only if a = b. To further complete their work,we show that such injectivity also holds for deg g = 1. That is for a func-tion '(x ; . . . ; x ) = x + �(x ; . . . ; x ) over Z=(p) and a; b 2G (f(x); p ); '(a ; a ; . . . ; a ) = '(b ; b ; . . . ; b ) if and only ifa = b.

Index Terms—Compressing map, integer residue ring, linear recurringsequence, primitive sequence.

I. INTRODUCTION

For a prime p and a positive integer e let Z=(pe) denote the integerresidue ring. Then, with the notation, Z=(p) is actually a finite field oforder p. In this correspondence, given an integer a 2 Z, we alwaystreat a(mod pe) as an element in f0; 1; . . . ; pe � 1g.

Let R be a ring and R1 be the set of all sequences overR, i.e., R1 = f(a(0); a(1); . . .) j a(i) 2 R; i � 0g. Fora = (a(0); a(1); . . .) 2 R1; b = (b(0); b(1); . . .) 2 R1 andc 2 R, define

a+ b = (a(0) + b(0); a(1) + b(1); . . .)

a � b = (a(0) � b(0); a(1) � b(1); . . .)

Manuscript received August 8, 2005; revised August 24, 2006. This work wassupported by the National Science Foundation of China under Grant 60673081and the National 863 Plan under Grant 2006AA01Z417.

The authors are with the Department of Applied Mathematics, University ofInformation Engineering University, P.O. Box 1001-745, Zhengzhou 450002,China (e-mail: [email protected]; [email protected]).

Communicated by K. G. Paterson, Associate Editor for Sequences.Digital Object Identifier 10.1109/TIT.2007.901214

0018-9448/$25.00 © 2007 IEEE

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 53, NO. 8, AUGUST 2007 2961

c � a = (c � a(0); c � a(1); . . .)

xa = (a(1); a(2); . . .):

If a sequence a = (a(0); a(1); . . .) over Z=(pe) satisfies a linearrecurring relation

a(i+ n) = �(cn�1a(i+ n� 1) + cn�2a(i+ n� 2) + � � �

+ c0a(i))(mod pe); i � 0 (1)

with constant coefficients c0; c1; . . . ; cn�1 2 Z=(pe), then a is calleda linear recurring sequence of degree n overZ=(pe) and f(x) = xn+cn�1x

n�1+� � �+c0 is called the characteristic polynomial of a. Obvi-ously, with the notation of left shift operator, the recurring relation (1)is equivalent to f(x)a = 0(mod pe). Let G(f(x); pe) denote the setof all sequences generated by f(x) over Z=(pe), i.e., G(f(x); pe) =fa 2 (Z=(pe))1 j f(x)a = 0(modpe)g. Furthermore, denote

G0(f(x); pe) = fa 2 G(f(x); pe) j a 6= 0(mod p)g:

If f(0) 6= 0(modp), then there must exist a positive integer P suchthat xP�1 is divisible by f(x) overZ=(pe). The minimum of suchP iscalled the period of f(x) overZ=(pe) , denoted by per (f(x); pe). Ref-erence [1] proved that per (f(x); pe) is upper bounded by pe�1(pn �1). If per (f(x); pe) = pe�1(pn � 1), then f(x) is called a primitivepolynomial overZ=(pe) and a 2 G0(f(x); pe) is called a primitive se-quence generated by f(x) over Z=(pe). The primitive sequence overZ=(p) is the well-known m-sequence. More details and general theo-ries on polynomials and linear recurring sequences of maximal periodover integer residue rings and Galois rings can refer to [2]–[5].

For a sequence a overZ=(pe), there exists a unique p-adic expansionsuch as

a = a0+ a

1� p+ � � �+ a

e�1� pe�1

where ai= (ai(0); ai(1); . . .) is a sequence over Z=(p) and is called

the ith-level sequence of a for 0 � i � e�1. Often ae�1

is also calledthe highest level sequence of a.

For a polynomial f(x) over Z=(pe) and a function'(x0; . . . xe�1) over Z=(p); ' : G0(f(x); pe) ! (Z=(pe))1;a 7! '(a

0; a

1; . . . ; a

e�1), is called a compressing map. One of the

main research subjects on primitive sequences over Z=(pe) is theinjectivity of such compressing map.

As for p = 2, there are many papers on the uniqueness of the highestlevel sequences and the injectivity of the compressing maps, such as[5]–[9]. Kuzmin and Nechaev in [5] and Huang and Dai in [6] inde-pendently proposed the following theorem which has important cryp-tographic significance.

Theorem 1: Let f(x) be a primitive polynomial over =(pe) withprime p and integer e � 1. Then a = b if and only if a

e�1= b

e�1for

a; b 2 G(f(x); pe); that is, the compressing map

' : G0(f(x); pe)! ( =(p))1; a 7! ae�1

is injective.

Remark 1: Theorem 1 demonstrates that a can be uniquely deter-mined only by the highest level sequence a

e�1theoretically.

For a strongly primitive polynomial f(x) over =(2e) withe � 2 and a Boolean function '(x0; x1; . . . ; xe�1) = xe�1 +cxe�2 + �(x0; . . . ; xe�3), where c = 0 or 1, reference [7] provedthat the compressing map ' : G0(f(x); pe) ! ( =(p))1; a 7!'(a

0; a

1; . . . ; a

e�1), is injective. Reference [8] improved the result

of [7] and proved that for a Boolean function '(x0; x1; . . . ; xe�1) =

xe�1 + �(x0; . . . ; xe�2), the compressing map ' is injective, too.Furthermore, [8] and [9] discussed any Boolean function with eindeterminates and proved that if '(x0; x1; . . . ; xe�1) containedindeterminate xe�1 and neither x0 nor x1 appeared in the highestmonomial, then the compressing map ' is injective. Some of theresults above were generalized to Galois rings with characteristic 2e

in [5] and [10]. Additionally, researches on linear complexity as [11]and [12], nonlinear complexity of level sequences as [13] and thedistribution of elements as [8], [14]–[17] show that the highest levelsequences of primitive sequences over =(2e) have good pseudo-random properties.

For an odd prime p, [18] improved Theorem 1 by discussing theunique distribution of element 0 in the highest level sequence for p � 5.Later in [19], the case of p = 3 was also proved. Thus the completeresult is following.

Theorem 2: Let f(x) be a primitive polynomial of degreen over =(pe) with odd prime p and integer e � 2. Assumea; b 2 G0(f(x); pe); � 2 G0(f(x); p) and � = h(x)a

0(modp)

(h(x) is given in Proposition 1 and Remark 2). If ae�1(t) = 0 if andonly if be�1(t) = 0 for all nonnegative integer t with �(t) 6= 0, thena = b.

But for an odd prime p, the injectivity of the general compressingmaps are not proved as completely as the prime 2. The first result on anodd prime is in [20] published in 2004, and the paper proved followingresult.

Theorem 3: Let f(x) be a primitive polynomial of degree n over=(pe) with odd prime p � 5 and integer e � 2. Assume

'(x0; x1; . . . ; xe�1) = xke�1 + �(x0; x1; . . . ; xe�2)

is a function over =(p), where 2 � k � p � 1 and � 2=(p)[x0; x1; . . . ; xe�2], then the compressing map

' : G0(f(x); pe)! ( =(p))1; a 7! '(a0; a

1; . . . ; a

e�1)

is injective, that is to say, for primitive sequences a; b 2 G0(f(x); pe);a = b if and only if '(a

0; a

1; . . . ; a

e�1) = '(b

0; b

1; . . . ; b

e�1).

Then, very recently, following the idea of [20], the authors of [20]present a more general result under the condition that f(x) is a stronglyprimitive polynomial. The definition of a strongly primitive polynomialis given by Definition 1 in Section 2, from which we can see almost allthe primitive polynomials are strongly primitive. The following resultis proved in [21].

Theorem 4: Let f(x) be a strongly primitive polynomial of degreen over =(pe) with odd prime p and integer e � 2. Set

� = fg(xe�1) + �(x0; x1; . . . ; xe�2) j g 2 =(p)[xe�1];

2 � deg g � p� 1; � 2 =(p)[x0; x1; . . . ; xe�2]g:

Then

'(a0; a

1; . . . ; a

e�1) = (b

0; b

1; . . . ; b

e�1)

if and only if

a = b and ' =

for '; 2 � and a; b 2 G0(f(x); pe).

Continuing their work, in this correspondence, we generalize The-orem 3 to k = 1. Then drawing together the result of Theorem 4, wehave following result.


Theorem 5: Let f(x) be a strongly primitive polynomial of degreen over =(pe) with odd prime p and integer e � 2. Assume

'(x0; x1; . . . ; xe�1) = g(xe�1) + �(x0; x1; . . . ; xe�2)

is a function over =(p), where g 2 =(p)[xe�1]; 1 � deg g � p�1;� 2 =(p)[x0; x1; . . . ; xe�2], then the compressing map

' : G0(f(x); pe)! ( =(p))1; a 7! '(a0; a1; . . . ; ae�1)

is injective, that is to say, for primitive sequences a; b 2 G0(f(x); pe);a = b if and only if '(a0; a1; . . . ; ae�1) = '(b0; b1; . . . ; be�1).

As we can see that Theorem 4 also shows different functionshave different effects on primitive sequences. But it is not true forthe case of Theorem 5, that is to say, for '(x0; x1; . . . ; xe�1) =xe�1 + �(x0; x1; . . . ; xe�2) and (x0; x1; . . . ; xe�1) = xe�1 +�(x0; x1; . . . ; xe�2) over =(p), even if ' 6= , we canget '(a

0; a

1; . . . ; ae�1) = (b

0; b1; . . . ; be�1) for certain

primitive sequences a and b. Take the primitive polynomialf(x) = x2 + x + 2 over =(32), two primitive sequencesa = (1; 2; . . .); b = (4; 8; . . .) 2 G0(f(x); 32), two functions'(x0; x1) = x1 and (x0; x1) = x1 + 2x0 over =(3) for example,and it is easily verified that '(a0; a1) = (b0; b1).

II. POLYNOMIALS AND SEQUENCES OVER =(pe)

In this section, we introduce some of the basic properties of polyno-mials and sequences over =(pe). During this and next section, alwaysassume that p is a given odd prime.

The following proposition can be found in both [6] and [12]. It de-scribes one of basic properties of primitive polynomial over =(pe).

Proposition 1: Let f(x) be a primitive polynomial of degree n over=(pe) with integer e � 2. Then there exists nonzero polynomialsh1(x); h2(x); . . . ; he�1(x) of degree less thann over =(pe) such that

xp T = 1 + pi � hi(x)(modf(x)) (2)

for 1 � i � e � 1, where T = pn � 1 and h1(x) = h2(x) = � � � =he�1(x) 6= 0(modp).

Remark 2: For a given f(x), we always assume h(x) 2 =(p)[x]and h(x) = h1(x)(modp).

In [1], the author gives following sufficient and necessary conditionsof a monic polynomial over =(pe) being primitive, which show thatif a polynomial is primitive over finite fields =(p), then it is easy tojudge whether it is primitive over the integer residue ring =(pe) fore � 2.

Proposition 2: Let integer e � 2. For a monic polynomial f(x)of degree n over =(pe) with f(0) 6= 0(modp); f(x) is a primitivepolynomial of degree n over =(pe) if and only if f(x)(modp) is aprimitive polynomial of degree n over =(p) and h(x) 6= 0.

The concept of a strongly primitive polynomial is used very often inpapers on this subject, and is defined in [3] and [5] as following.

Definition 1: Let integer e � 2. For a primitive polynomial f(x)of degree n over =(pe), if deg h � 1, then f(x) is called a stronglyprimitive polynomial of degree n over =(pe).

Remark 3: It follows that of all the primitive polynomials of degreen over =(pe), few are not strongly primitive.

We have following conclusions on the periodic properties of se-quences over =(pe) which are analogous to the conclusions provedin [22].

Proposition 3: Let integer e � 2, let f(x) be a polynomial of degreen over =(pe) and let T = pn � 1. Then for a 2 G(f(x); pe)

i) per (ae�1) = per (a);ii) per (a) = per (f(x); pe) = pe�1 � T and per (amod pi) =

pi�1 � T for 1 � i � e, if a06= 0;

iii) per (a) = p�i � per (f(x); pe) = pe�1�i � T , if a0 = a1 =� � � = ai�1 = 0 and ai 6= 0 for 1 � i � e� 1.

Remark 4: Though [22] proved above conclusions for p = 2, it iseasy seen that they are true for odd primes as well.

According to the definition of G0(f(x); pe), primitive sequencesgenerated by a primitive polynomial f(x) of degree n over =(pe)are actually the maximal length sequences generated by f(x). On onehand, from Proposition 3, following result can be deduced. (See also[6].)

Corollary 1: Let f(x) be a primitive polynomial of degreen over =(pe) with odd prime p and integer e � 2. Thena = b(mod pe�1) if and only if ae�1 � be�1 2 G(f(x); p) forsequences a; b 2 G(f(x); pe).

On the other hand, by Proposition 1 and Proposition 3, it is also easyto get that

Corollary 2: Let integer e � 2 and f(x) be a primitive polynomialof degree n over =(pe). Then

xp T� 1 (ak + ak+1 � p+ � � �+ ae�1 � p

e�1�k)

= hk(x)(a0 + a1 � p+ � � �+ ae�1�k � pe�1�k)(modpe�k)

holds for a 2 G0(f(x); pe) and 1 � k � e� 1, where T = pn � 1.

III. INJECTIVITY OF COMPRESSING MAPS

The following Lemma 1, Lemma 2, and above Corollary 2 all showthat although sequences over integer residue rings involve complex car-ries between level sequences (see [22]), the high-level sequences stillhave some close relationship with low-level sequences.

Lemma 1: Let integer e � 2 and f(x) be a primitive polynomialof degree n over =(pe). Assume a 2 G(f(x); pe) and T = pn � 1.Then, we have the following.

1) The equality

xj�p T� 1 (ae�2 + ae�1 � p)

= j � he�2(x)(a0 + a1 � p)(modp2) (3)

holds for integer j � 0 if e � 4, and it also holds for j = 1 ife = 3.

2) The equality

xj�p T� 1 ae�1 = j � h(x)a0(modp) (4)

holds for integer j � 0.Proof: Let � = ae�2+ae�1 �p(mod p2) and� = he�2(x)(a0+

a1 � p)(modp2). By Corollary 2, we have

xp T� 1 � = �(mod p2) (5)

Thus, (3) holds for j = 1 and e = 3.Let e � 4. From (5), we obtain

�(t+ pe�3T )� �(t) = �(t)(modp2)


for any integer t � 0. Since per (�) divides pe�3T , we have

�(t+ j � pe�3T )

= �(t+ (j � 1) � pe�3T ) + �(t)(mod p2)

= �(t+ (j � 2) � pe�3T ) + 2 � �(t)(modp2)

= � � � = �(t) + j � �(t)(modp2)

for any integer t � 0 and j � 0. Thus (xj�p T� 1)� = j �

�(mod p2). Part 1) is proved.The proof of part 2) is an analogous to the proof of part 1) above (or

see [3]–[5]).

Definition 2: Let integer e � 2. For any m = m0 + m1 � p +� � � +me�1 � p

e�12 =(pe), where mi 2 =(p) for 0 � i � e� 1,

define a function C1(x) from =(pe) into =(p) as C1(m) = m1. Fora sequence a = a

0+ a

1� p + � � � + ae�1

� pe�1 over =(pe), defineC1(a) = a

1as well.

Remark 5: C1( � ) defined by Definition 2 is used to deal with car-ries. Note that the arithmetic operations in the parentheses of C1( � )belongs to the ring =(pe).

Lemma 2: Let integer e � 3 and f(x) be a primitive polynomial ofdegree n over =(pe). Assume a 2 G0(f(x); pe) and T = pn � 1.Then

xj�p T� 1 ae�1

= j � (h(x)a1) + C1(j � (he�2(x)a0))

+ C1(ae�2+ [j � h(x)a

0(mod p)])(modp)

(6)

holds for any integer j � 0 if e � 4, and it also holds for j = 1 ife = 3.

Proof: Let e � 4. By Lemma 1, we have

xj�p T� 1 (ae�2

+ ae�1� p)

= j � he�2(x)(a0 + a1� p)(modp2)

for any integer j � 0. It follows that


� p+ xj�p T ae�2

= ae�2+ j � (he�2(x)a0) + j � (he�2(x)a1) � p(modp2)

holds for any integer j � 0. Comparing the level sequences and thecarries of two sides of above equality, we obtain


=j � (h(x)a1)+C1(j � (he�2(x)a0))

+ C1(ae�2+[j � (h(x)a

0)(modp)])(modp):

For e = 3, also by Lemma 1, we have

(xT � 1)(a1+ a

2� p) = h1(x)(a0 + a

1� p)(modp2)

Then, for the same reason, (6) holds for j = 1 and e = 3 as well.

Lemma 3: Let integer e � 2 and f(x) be a primitive polynomial ofdegree n over =(pe). Assume

'(x0; x1; . . . ; xe�1) = xe�1 + �(x0; x1; . . . ; xe�2)

is a function over =(p), where � 2 =(p)[x0; x1; . . . ; xe�2]. For a;b 2 G0(f(x); pe), if

'(a0; a

1; . . . ; ae�1

) = '(b0; b

1; . . . ; be�1

) (7)

holds, then a0= b

0.

Proof: Let T = pn � 1. Apply the operator xp T� 1 to

both sides of the equality (7). Since both per (�(a0; a

1; . . . ; ae�2

))and per(�(b

0; b

1; . . . ; be�2

)) divide pe�2T , we have

xp T� 1 ae�1

= xp T� 1 be�1

(modp):

Then by Corollary 2, we get

h(x)a0= h(x)b

0(modp):

Thus, h(x)(a0� b

0) = 0(mod p). Since a

0� b

02 G(f(x); p) and

deg h < deg f , it follows that a0= b

0. The lemma is proved.

Lemma 4: Let integer e � 3 and f(x) be a primitive polynomial ofdegree n over =(pe). If (7) holds for '(x0; x1; . . . ; xe�1) describedin Lemma 3 and a; b 2 G0(f(x); pe), then there exists an � 2 =(p)with a

1� b

1= �a

0(mod p).

Proof: Let j be a nonnegative integer. Applying the operatorxj�p T

� 1 to both sides of the equality (7), then


+ xj�p T� 1 �(a

0; a

1; . . . ; ae�2

)

= xj�p T� 1 be�1

+ xj�p T� 1 �(b

0; b

1; . . . ; be�2

)(modp)

Let e � 4. By Lemma 2, we get

j � (h(x)a1) + C1(j � (he�2(x)a0))

+ C1(ae�2+ [j � h(x)a

0(mod p)])

+ xj�p T� 1 �(a

0; a

1; . . . ; ae�2

)

= j � (h(x)b1) + C1(j � (he�2(x)b0))

+ C1(be�2+ [j � h(x)b

0(mod p)])

+ (xj�p T� 1)�(b

0; b

1; . . . ; be�2

)(modp): (8)

Since a0= b

0by Lemma 3, we can get a

1� b

12 G(f(x); p)

from Corollary 1. Assume � 2 G0(f(x); p); � = h(x)a0

=h(x)b

0(mod p); � 2 G(f(x); p) and � = h(x)(a

1� b

1)(modp),

then

j � � + C1(ae�2+ [j � �(mod p)])� C1(be�2

+ [j � �(mod p)])

= xj�p T� 1 [�(b

0; b

1; . . . ; be�2

)

� �(a0; a

1; . . . ; ae�2

)](modp):

Hence, we have

j � � (t) + C1(ae�2(t) + [j � �(t)(modp)])

� C1(be�2(t) + [j � �(t)(modp)])

= �(b0(t+ j � pe�3T ); . . . ; be�2(t+ j � pe�3T ))

� �(b0(t); b1(t); . . . ; be�2(t))

� [�(a0(t+ j � pe�3T ); . . . ; ae�2(t+ j � pe�3T ))

� �(a0(t); . . . ; ae�2(t))](modp)

for any integer t � 0. Since per (ai) = piT; 0 � i � e� 1, it followsthat

j � � (t) + C1(ae�2(t) + [j � �(t)(modp)])

� C1(be�2(t) + [j � �(t)(modp)])

= �(b0(t); . . . ; be�3(t); be�2(t+ j � pe�3T )

� �(b0(t); . . . ; be�2(t)

� [�(a0(t); . . . ; ae�3(t); ae�2(t+ j � pe�3T ))

� �(a0(t); . . . ; ae�2(t))](modp): (9)


Note that (8) holds for e = 3 and j = 1 by Lemma 2, so that (9) holdsfor e = 3 and j = 1 as well. Thus, for the case of e � 3, evaluating(9) with j = 1, we get

� (t) + C1(ae�2(t) + �(t))� C1(be�2(t) + �(t))

= �(b0(t); . . . ; be�3(t); be�2(t+ pe�3T ))

� �(b0(t); . . . ; be�2(t))

� [�(a0(t); . . . ; ae�3(t); ae�2(t+ pe�3T ))

� �(a0(t); . . . ; ae�2(t))](mod p): (10)

Besides, by Lemma 1, we have

ae�2(t+ pe�3T ) = ae�2(t) + �(t)(modp) (11)

be�2(t+ pe�3T ) = be�2(t) + �(t)(modp) (12)

Finally, from (10), (11), and (12), it is easy to deduce that � (t) = 0for all nonnegative integer twith�(t) = 0. Since� 2 G0(f(x); p) and� 2 G(f(x); p), there exists an � 2 =(p) such that � = ��(mod p),that is, a

1� b

1= �a

0(mod p). The lemma is proved.

Remark 6: Let ' and f(x) be described in Lemma 4 . From theproof of Lemma 4, it is can be seen that for any nonnegative integers jand t satisfying equalities

'(a0(t); . . . ; ae�1(t)) = '(b0(t); . . . ; be�1(t))

and

'(a0(t+ j � pe�3T ); . . . ; ae�1(t+ j � pe�3T ))

= '(b0(t+ j � pe�3T ); . . . ; be�1(t+ j � pe�3T ))

where a; b 2 G0(f(x); pe), (9) holds if e � 4, and (10) holds for j = 1if e = 3.

Lemma 5: Let f(x) be a strongly primitive polynomial of degree nover =(p3) and a; b 2 G0(f(x); pe) with a

1� b

1= �a

0(mod p)

where � 2 =(p). Assume '(x0; x1; x2) = x2 + �(x0; x1) is a func-tion over =(p), where � 2 =(p)[x0; x1]; � 2 G0(f(x); p) and � =h(x)a

0(modp). Then a = b if and only if '(a0(t); a1(t); a2(t)) =

'(b0(t); b1(t); b2(t)) for all nonnegative integer t with �(t) 6= 0.Proof: Put T = pn� 1. If a = b, the proof is trivial. Conversely,

since �(t+ T ) = �(t) 6= 0 and per (a0) = per (b

0) = T , we have

a2(t) + �(a0(t); a1(t)) = b2(t) + �(b0(t); b1(t))(modp)

and

a2(t+ T ) + �(a0(t); a1(t+ T ))

= b2(t+ T ) + �(b0(t); b1(t+ T ))(modp)

for all nonnegative integer t with �(t) 6= 0. By (10) (see Remark 6)and h(x)(a

1� b

1) = ��(mod p), we get

��(t) + C1(a1(t) + �(t))� C1(b1(t) + �(t))

= �(b0(t); b1(t+ T ))� �(b0(t); b1(t))

� [�(a0(t); a1(t+ T ))� �(a0(t); a1(t))](modp) (13)

Since f(x) is a strongly primitive polynomial, there exists an s suchthat a0(s) = 0 and �(s) 6= 0. On one hand, we have a

0= b

0by

Corollary 1. On the other hand, a1(s) = b1(s) and a1(s + T ) =b1(s+T ) since a0(s+T ) = a0(s). Therefore, from (13) we can obtainthat ��(s) = 0(modp). Since �(s) 6= 0, we get � = 0, implyinga1= b

1. Since '(a0(t); a1(t); a2(t)) = '(b0(t); b1(t); b2(t)) for all

nonnegative integer t with �(t) 6= 0, then a2(t) = b2(t) for such ttoo. Finally, by Theorem 2, a = b can be proved.

Lemma 6: [23]: For prime power q, letFq be the finite field of orderq. If � : Fq ! Fq is an arbitrary function from Fq into Fq , then thereexists a unique polynomial g 2 Fq[x] with deg g < q representing �,in the sense that g(c) = �(c) for all c 2 Fq . The polynomial g can befound by the formula

g(x) =c2F

�(c)(1� (x� c)q�1) (14)

Lemma 7: Let u; v 2 f0; 1; . . . ; p�1g. Then c(x) = C1(u+x)�C1(v + x)(modp) is a polynomial of degree less than p over =(p)and the coefficient of xp�1 is u � v(mod p).

Proof: By (14) of Lemma 6, c(x) can be uniquely represented as

p�v�a�p�u�1(�1)(1� (x� a)p�1)(modp); if v > u

p�u�a�p�v�1(1� (x� a)p�1)(modp); if v < u

0; if v = u:(15)

Thus, the lemma follows from (15).

Lemma 8: Let integer e � 4 and f(x) be a primitive polynomial ofdegree n over =(pe). Let'(x0; x1; . . . ; xe�1) = xe�1 + �(x0; x1; . . . ; xe�3)x

p�1

e�2

+ �(x0; x1; . . . ; xe�2)

be a function over =(p), where the degree of xe�2 in�(x0; x1; . . . ; xe�2) is less than p � 1. Assume a; b 2 G (f(x); pe)with a

1� b

1= �a

0(mod p); � 2 G0(f(x); p) and

� = h(x)a0(mod p). If

'(a0(t); . . . ; ae�1(t)) = '(b0(t); . . . ; be�1(t)) (16)

holds for nonnegative integer t with �(t) 6= 0, then

ae�2(t) + �(a0(t); a1(t); . . . ; ae�3(t))

= be�2(t) + �(b0(t); b1(t); . . . ; be�3(t))(modp)

holds for nonnegative integer t with �(t) 6= 0.Proof: Let T = pn � 1. Assume �(t) 6= 0. Then �(t + j �

pe�3T ) = �(t) 6= 0 for any integer j � 0. On one hand, by theassumptions of the lemma, we have

'(a0(t+ j � pe�3T ); . . . ; ae�1(t+ j � pe�3T ))

= '(b0(t+ j � pe�3T ); . . . ; be�1(t+ j � pe�3T )) (17)

for j � 0. On the other hand, from Lemma 1, we have

ae�2(t+ j � pe�3T ) = ae�2(t) + j � �(t)(modp) (18)

be�2(t+ j � pe�3T ) = be�2(t) + j � �(t)(modp) (19)

for j � 0. Then by (17), (9) (see Remark 6), (18), (19), and h(x)(a1�

b1) = ��(modp), we obtain

� � j � �(t) + C1(ae�2(t) + [j � �(t)(modp)])

� C1(be�2(t) + [j � �(t)(modp)])

= �(b0(t); . . . ; be�3(t); be�2(t) + j � �(t))

� �(b0(t); . . . ; be�2(t))

� [�(a0(t); . . . ; ae�3(t); ae�2(t) + j � �(t))

� �(a0(t); . . . ; ae�2(t))](modp) (20)

where

�(x0; x1; . . . ; xe�2) = �(x0; x1; . . . ; xe�3)xp�1

e�2

+ �(x0; x1; . . . ; xe�2):


When j runs over the set f0; 1; . . . ; p� 1g; j � �(t)(mod p) runs overf0; 1; . . . ; p � 1g too. Hence from (20) we have

�x+ C1(ae�2(t) + x)� C1(be�2(t) + x)

= �(b0(t); . . . ; be�3(t); be�2(t) + x)

� �(b0(t); b1(t); . . . ; be�2(t))

� [�(a0(t); . . . ; ae�3(t); ae�2(t) + x)

� �(a0(t); a1(t); . . . ; ae�2(t))](mod p) (21)

for any x 2 =(p).Suppose c(x) = C1(ae�2(t)+x)�C1(be�2(t)+x)(modp). From

Lemma 3.7, we know the coefficient of xp�1 of c(x) is ae�2(t) �be�2(t)(modp). Since p � 3, the coefficient of xp�1 on the leftside of (21) is ae�2(t) � be�2(t)(modp). Besides, the coefficientof xp�1 on the right side of (21) is �(b0(t); b1(t); . . . ; be�3(t)) ��(a0(t); a1(t); . . . ; ae�3(t)). It follows that

ae�2(t) + �(a0(t); . . . ; ae�3(t))

= be�2(t) + �(b0(t); . . . ; be�3(t))(modp)

In the following we give the main result of this correspondence.

Theorem 6: Let integer e � 2 and f(x) be a strongly primitivepolynomial of degree n over =(pe). Assume

'(x0; x1; . . . ; xe�1) = xe�1 + �(x0; x1; . . . ; xe�2)

is a function over =(p), where � 2 =(p)[x0; x1; . . . ; xe�2], then thecompressing map

' : G0(f(x); pe)! ( =(p))1; a 7! '(a0; a1; . . . ; ae�1)

is injective, that is to say, for primitive sequences a; b 2 G0(f(x); pe);a = b if and only if '(a0; a1; . . . ; ae�1) = '(b0; b1; . . . ; be�1).

Proof: Assume

'(a0; a1; . . . ; ae�1) = '(b0; b1; . . . ; be�1) (22)

In the following we are going to prove a = b.First of all, by Lemma 3, we get a0 = b0 from (22).If e = 2, it is clear that a = b by a0 = b0 and (22).Suppose e � 3. Since a0 = b0, we have a1 � b1 2 G(f(x); p) by

Proposition 3. Assume � 2 G(f(x); p); � = h(x)(a1 � b1)(modp);� 2 G(f(x); p) and � = h(x)a0(mod p). By Lemma 4, there existsan � 2 =(p) with � = ��(mod p).

For the case of e = 3, the proof is complete by Lemma 5.Suppose e � 4 in the following. If the degree of xe�2 in

�(x0; x1; . . . ; xe�2) is less than p � 1, then by Lemma 8,be�2(t) = ae�2(t) for all nonnegative integer t with �(t) 6= 0.Thus, a = b(mod pe�1) by Theorem 2. Then we have ae�1 = be�1by (22). Thus, we get a = b.

Otherwise, assume the degree of xe�2 in �(x0; x1; . . . ; xe�2) isp � 1. Set�(x0; x1; . . . ; xe�2) = xp�1e�2�e�3(x0; x1; . . . ; xe�3)

+ �e�2(x0; x1; . . . ; xe�2) (23)where the degree of xe�2 in �e�2(x0; x1; . . . ; xe�2) is less than p�1,and set�s(x0; x1; . . . ; xs) = xp�1s �s�1(x0; x1; . . . ; xs�1)

+ �s(x0; x1; . . . ; xs)

for r � s � e�3, where the degree of xs in �s(x0; x1; . . . ; xs) is lessthan p� 1; �s(x0; x1; . . . ; xs�1) 6= 0; �r�1(x0; x1; . . . ; xr�1) = 0and ��1(x0; x1; . . . ; xs�1) = c 2 =(p) if r = 0.

Then by (22), (23), � = ��(mod p) and Lemma 8, we getae�2(t) + �e�3(a0(t); . . . ; ae�3(t))

= be�2(t) + �e�3(b0(t); . . . ; be�3(t))(modp) (24)for all nonnegative integer t with �(t) 6= 0. Then similarly, we canrecursively getas(t) + �s�1(a0(t); . . . ; as�1(t))

= bs(t) + �s�1(b0(t); . . . ; bs�1(t))(modp) (25)

holds for s = e � 2; e � 3; . . . ;maxf2; rg and nonnegative integer twith �(t) 6= 0.

Suppose r � 2. Let s = 2 in (25), then we have

a2(t) + �1(a0(t); a1(t)) = b2(t) + �1(b0(t); b1(t))(modp)

for nonnegative integer t with �(t) 6= 0. Combining that with � =��(mod p), we obtain a = b(mod p3) by Lemma 5.

Suppose r > 2. We can recursively prove a = b(modpi+1) for r �i � e�2. First, let s = r in (25). Since �r�1(x0; x1; . . . ; xr�1) = 0,then we have ar(t) = br(t) for all nonnegative integer twith�(t) 6= 0.So, a = b(modpr+1) by Theorem 2. If r = e � 2, then obviouslythe conclusion has been proved. Otherwise, suppose a = b(mod pk),where r � k � e � 2. Let s = k in (25). Thenak(t) + �k�1(a0(t); a1(t); . . . ; ak�1(t))

= bk(t) + �k�1(b0(t); b1(t); . . . ; bk�1(t))(modp)

holds for all nonnegative integer t with �(t) 6= 0. Moreover, by theassumption a = b(mod pk), we get ak(t) = bk(t) for all nonneg-ative integer t with �(t) 6= 0. Then it follows from Theorem 2 thata = b(modpk+1). Hence, by mathematical induction, we get a =b(modpi+1) for r � i � e � 2.

Finally, by (22), we have ae�1 = be�1. Therefore, a = b. Thetheorem is proved.

Remark 7: It is clear that the conclusion of Theorem 6 is also truefor '(x0; x1; . . . ; xe�1) = w � xe�1 + �(x0; x1; . . . ; xe�2), wherew 2 =(p)�.

ACKNOWLEDGMENT

The authors would like to thank the anonymous referees for theirhelpful comments and suggestions.

REFERENCES

[1] M. Ward, “The arithmetical theory of linear recurring series,” Trans.Amer. Math. Soc., vol. 35, pp. 600–628, Jul. 1933.

[2] A. A. Nechaev, “Linear recurring sequences over commutative rings,”Discrete Math., vol. 3, no. 4, pp. 107–121, 1991.

[3] A. S. Kuzmin, V. L. Kurakin, A. V. Mikhalev, and A. A. Nechaev,“Linear recurring sequences over rings and modules,” J. Math. Sci.,vol. 76, no. 6, pp. 2793–2915, 1995.

[4] A. S. Kuzmin and A. A. Nechaev, “Linear recurring sequences overGalois rings,” Algebra Logic, vol. 34, no. 2, pp. 87–100, 1995.

[5] A. S. Kuzmin and A. A. Nechaev, “Linear recurring sequences overGalois ring,” Russian Math. Surv., vol. 48, no. 1, pp. 171–172, 1993.

[6] M. Q. Huang and Z. D. Dai, “Projective maps of linear recurring se-quences with maximal p-adic periods,” Fibonacci Quart., vol. 30, no.2, pp. 139–143, 1992.

[7] M. Q. Huang, “Analysis and Cryptologic Evaluation of Primitive Se-quences over an Integer Residue Ring,” Ph.D. dissertation, GraduateSchool of USTC, Academia Sinica, Beijing, China, 1988.

[8] W. F. Qi, “Compressing Maps of Primitive Sequences Over =(2 )and Analysis of Their Derivative Sequences,” Ph.D. dissertion,Zhengzhou Inform. Eng. Univ., Zhengzhou, China, 1997.

[9] W. F. Qi, J. H. Yang, and J. J. Zhou, “ML-sequences over rings=(2 ),” in Advances in Cryptology—ASIACRYPT’98 (Lecture Notes

in Computer Science). Berlin, Germany: Springer-Verlag, 1998, vol.1514, pp. 315–325.

[10] W. F. Qi and X. Y. Zhu, “Compressing mappings on primitive se-quences over =(2 ) and Its Galois extension,” Finite Fields Appl.,vol. 8, no. 4, pp. 570–588, Oct. 2002.

[11] Z. D. Dai, T. Beth, and D. Gollman, “Lower bounds for the linear com-plexity of sequences over residue ring,” in Advances in Cryptology-EU-ROCRYPT’90 (Lecture Notes in Computer Science). Berlin, , Ger-many: Springer, 1991, vol. 473, pp. 189–195.

[12] A. S. Kuzmin, “Lower estimates for the ranks of coordinate sequencesof linear recurrent sequences over primary residue rings of integers,”Russian Math. Surv., vol. 48, no. 3, pp. 203–204, 1993.

[13] X. Y. Zhu and W. F. Qi, “The nonlinear complexity of level sequencesover =(4),” Finite Fields Appl., vol. 12, no. 1, pp. 103–127, Jan. 2006.


[14] W. F. Qi and J. J. Zhou, “The distribution of 0 and 1 in the highest levelsequence of primitive sequences over =(2 ),” Sci. China, ser. A, vol.27, no. 4, pp. 311–316, 1997.

[15] W. F. Qi and J. J. Zhou, “The distribution of 0 and 1 in the highest levelsequence of primitive sequences over =(2 ) (II),” Chinese Sci. Bull.,vol. 42, no. 18, pp. 1938–1940, 1997.

[16] S. Q. Fan and W. B. Han, “Random properties of the highest levelsequences of primitive sequences over ,” IEEE Trans. Inf. Theory,vol. 49, no. 6, pp. 1553–1557, June 2003.

[17] P. Solé and D. Zinoviev, “The most significant bit of maximum-lengthsequences over : Autocorrelation and imbalance,” IEEE Trans. Inf.Theory, vol. 50, no. 8, pp. 1844–1846, Aug. 2004.

[18] X. Y. Zhu and W. F. Qi, “Uniqueness of the distribution of zeros ofprimitive level sequences over =(p ),” Finite Fields Appl., vol. 11,no. 1, pp. 30–44, Jan. 2005.

[19] X. Y. Zhu, “Some Results on Injective Mappings of Primitive Se-quences Modulo Prime Powers,” Ph.D. dissertation, ZhengzhouInform. Eng. Univ., Zhengzhou, China, Dec. 2004.

[20] X. Y. Zhu and W. F. Qi, “Compression mappings on primitive se-quences over =(p ),” IEEE Trans. Inf. Theory, vol. 50, no. 10, pp.2442–2448, Oct. 2004.

[21] X. Y. Zhu and W. F. Qi, “Further result of compressing maps on prim-itive sequences modulo odd prime powers,” IEEE Trans. Inf. Theory,to be published.

[22] Z. D. Dai, “Binary sequences derived from ML-sequences over rings I:Periods and minimal polynomials,” J. Crypt., vol. 5, no. 4, pp. 193–207,1992.

[23] R. Lidl and H. Niederreiter, “Finite fields,” in Encyclopedia of Math-ematics and Its Applications. Cambridge, U.K.: Cambridge Univ.Press, 1983, vol. 20.

Period and Complementarity Properties ofFCSR Memory Sequences

Tian Tian and Wen-Feng Qi

Abstract—In this correspondence, we investigate feedback with carryshift register (FCSR) memory sequences. For an l-sequence a generatedby an FCSR with connection integer q and initial memory m , we provethat m + m = wt(q + 1) � 1 for i � 0, where T = per(a) andm is the memory sequence. Generally speaking, the period of a memorysequence is a factor of that of the FCSR output binary sequence. We showthere are a large number of connection integers, with which an FCSR cangenerate sequences that have the same period as their memory sequences,especially including all connection integers for -sequences.

Index Terms—Complementrity property, feedback with carry shift reg-ister (FCSR) sequences, memory sequences, period.

I. INTRODUCTION

Feedback with carry shift registers (FCSRs) were introduced byGoresky and Klapper in [1]. The main characteristic of an FCSR is thefact that the elementary additions are not additions modulo 2 but withpropagation of carries.

Manuscript received October 6, 2006; revised March 23, 2007. This work wassupported by the National Science Foundation of China under Grant 60673081and by the National 863 Plan under Grant 2006AA01Z417.

The authors are with the Department of Applied Mathematics, University ofInformation Engineering University, P.O. Box 1001-745, Zhengzhou 450002,China (e-mail: [email protected]; [email protected]).

Communicated by G. Gong, Associate Editor for Sequences.Digital Object Identifier 10.1109/TIT.2007.899534

Fig. 1. An r-stage FCSR.

Assume q is a positive odd integer, r = blog2(q + 1)c(where b cdenotes the integer part), and q + 1 = q12 + q22

2 + � � � + q 2r isthe binary representation of q + 1. Let wt(q + 1) be the number ofnonzero qi for 1 � i � r, the Hamming weight of q+1. Fig. 1 depictsan r-stage FCSR with connection integer q, where denotes integeraddition.

The shift registers and the memory register at any given clocktime consist of r bits and a memory integer, respectively, which isdenoted by (mn; an+r�1; an+r�2; . . . ; an) and called the state ofthe FCSR at the nth clock time or just state for short, where mn

is nonnegtive integer and an; . . . ; an+r�1 2 f0; 1g. In particular,(m0; ar�1; ar�2; . . . ; a0) is called the initial state. We shall say that astate is periodic if, left to run, the FCSR will eventually return to thatsame state. The operation of the FCSR at the nth clock time is definedas follows:

1) Compute integer addition: �n = rk=1 qkan+r�k +mn.

2) The contents of r cells are shifted one step to the right, out-putting the rightmost bit an.

3) Place an+r = �n mod 2 into the leftmost shift register.4) Replace the memory integer mn with mn+1=(�n�an+r)=2

= b�n=2c.Recently, many research papers have been written on FCSR se-

quences. [2] is a good introduction to the basic knowledge of FCSR,[3]–[11] are about the cryptographic properties and [12], [13] are onthe cryptanalysis. On the other hand, new pseudorandom generatorsbased on FCSRs have also been designed and studied, such as F-FCSR[14]. Although so much progress has been achieved on FCSRs andtheir output sequences, there are still some basic properties of FCSRarchitecture worth discovering.

The memory register introduces the nonlinear architecture intoFCSR, which results in that sequences generated by FCSRs have quitedifferent cryptographical properties from those generated by tradi-tional LFSRs. In this correspondence, we shift our attention on FCSRsequences to their memory sequences and are mainly concerned withtheir complementarity and periodicity. In Section III, we show that foran l-sequence a generated by an FCSR with connection integer q andinitial memory m0, mi +mi+T=2 = wt(q+ 1)� 1 for i � 0, whereT = per(a) and m is the memory sequence. This property is quitesimilar to the fact that the second half of one period of an l-sequenceis the bitwise complement of the first half. For the periodicity, inSections IV and V, we get a large number of connection integers, withwhich an FCSR can generate sequences that have the same period astheir memory sequences, which include all connection integers forl-sequences and greatly improve the result of a previous version [15].

II. PRELIMINARIES

In this section, we briefly introduce some fundamental concepts andresutls on FCSR output sequences and memory sequences. More basicproperties of FCSR sequences can refer to [2].

0018-9448/$25.00 © 2007 IEEE

Injectivity of Compressing Maps on Primitive Sequences Over Z/(pe)

Documents

Transcript of Injectivity of Compressing Maps on Primitive Sequences Over Z/(pe)