AUTOCORRELATION AND DISTINCTNESS OF ... - Semantic Scholar

Comment

Report 2 Downloads 30 Views

c 2009 Society for Industrial and Applied Mathematics

SIAM J. DISCRETE MATH. Vol. 23, No. 2, pp. 805–821

AUTOCORRELATION AND DISTINCTNESS OF DECIMATIONS OF l-SEQUENCES BASED ON PRIMES∗ TIAN TIAN† AND WEN-FENG QI† Abstract. It has long been open whether all pairs of proper decimations of l-sequences based on primes are cyclically distinct. By determining the nontrivial maximal autocorrelation of l-sequences, this paper presents a partial proof of the distinctness problem. Since the proof idea is completely diﬀerent from former ones, the set of decimations that are known to be cyclically distinct is further enlarged. On the basis of convincing experimental data, the proof seems to ensure that more than 79% of l-sequences based on diﬀerent primes satisfy the fact that every pair of proper decimations is cyclically distinct. In particular, a complete proof is provided for l-sequences based on primes of the form 2 · r + 1, where r is an odd prime number. Key words. feedback with carry shift registers, l-sequences, decimations, autocorrelations, cyclically distinct AMS subject classifications. 11A07, 11B50, 94A55, 94A60, 94B40 DOI. 10.1137/080721200

1. Introduction. Feedback with carry shift registers (FCSRs) (see [1]) are one class of promising nonlinear sequence generators which output precisely 2-adic expansions of rational numbers. It turns out that sequences generated by an FCSR share many of the important properties enjoyed by linear feedback shift register (LFSR) sequences. Reference [2] is a good introduction on FCSR sequences. The particular sequences of interest are called long sequences or l-sequences for they are in many ways analogous to the binary m-sequences. It is widely believed that l-sequences have very good pseudorandom properties, and research has been done on distribution properties, linear complexities, and correlation properties of them; see [2], [3], [4], [5], and [6]. Let p be a prime number such that 2 is a primitive root modulo p. An l-sequence a = {ai }∞ i=0 based on p is the output sequence from a maximal period FCSR with connection integer p. It also can be algebraically deﬁned by (1)

ai = (A · 2−i mod p mod 2),

i ≥ 0,

where A ∈ Z/(p) is nonzero. Here the notation (mod p mod 2) means ﬁrst that the number A·2−i is reduced modulo p to give a number between 0 and p−1 and then that number is reduced modulo 2 to give an element in {0, 1}. The sequence a = {ai }∞ i=0 is strictly periodic with period p − 1, and the p − 1 possible diﬀerent nonzero choices of A ∈ Z/(p) give cyclic shifts of a which account for all the binary l-sequences based on prime number p. Again, it is just the 2-adic expansion of the rational number −A/p. Recall that the ordinary cross-correlation Ca,b (τ ) at shift τ of two binary peri∞ odic sequences a = {ai }∞ i=0 and b = {bi }i=0 with the same period T can be deﬁned either as the number of zeros minus the number of ones in one period of the bitwise exclusive or of a and the τ -shifted sequence Lτ b = {bi+τ }∞ i=0 or simply as the sum ∗ Received by the editors April 14, 2008; accepted for publication (in revised form) December 17, 2008; published electronically April 16, 2009. This work was supported by the National Natural Science Foundation of China (grants 60673081 and 60833008) and the National 863 Plan of China (grants 2006AA01Z417 and 2007AA01Z212). http://www.siam.org/journals/sidma/23-2/72120.html † Department of Applied Mathematics, Zhengzhou Information Science and Technology Institute, Zhengzhou, 450002, People’s Republic of China (tiantian [email protected], [email protected]).

805

806 T −1

TIAN TIAN AND WEN-FENG QI

(−1)ai +bi+τ . If the sequences a and b are the same, we call it the autocorrelation and denote it by Ca (τ ). For many classes of sequences, these correlations are quite diﬃcult to evaluate, and l-sequences are just one of them. Instead of directly evaluating the autocorrelations of an l-sequence, [6] investigated the expected value and the variance of them. It was shown in [6] that, asymptotically for large p, the set of autocorrelations of an l-sequence based on p which are greater than T 1/2 is a vanishingly small fraction of all T autocorrelations where T = p − 1. An arithmetic version of the cross-correlation of two sequences was deﬁned in [5] by generalizing Mandelbaum’s arithmetic autocorrelations. If a and b are binary periodic sequences with the same period T , let us associate toa the formal power i a · 2i and to Lτ b the formal power series β= ∞ series α = ∞ i i=0 i=0 bi+τ · 2 , which ∞ i can be regarded as the 2-adic numbers. Let γ = α − β = i=0 ci · 2 be the diﬀerence of the two 2-adic numbers. The sequence of bits c = {ci }∞ i=0 is eventually periodic with period T . The arithmetic cross-correlation Θa,b (τ ) at shift τ of a and b is deﬁned to be the number of zeros minus the number of ones in a complete period of length T of c. If a and b are the same, the arithmetic cross-correlation is called the arithmetic autocorrelation of a. If for all such τ that a and Lτ b are distinct we have Θa,b (τ ) = 0, then a and b are said to have ideal arithmetic correlations. Let a(d) denote the d-fold decimation of a, that is, a(d) = {adi }∞ i=0 . If a is periodic with period T and d is coprime with T , then a(d) is called a proper decimation of a. If a and b are periodic binary sequences with the same period T , we say they are cyclically distinct if a = Lτ b for every 0 ≤ τ ≤ T − 1. In [5] it was shown that cyclically distinct proper decimations of a single l-sequence have ideal arithmetic cross-correlations. Theorem 1. Let p be a prime number such that 2 is a primitive root modulo p, and let a be an l-sequence of period p − 1. Let a(d) and a(e) be two proper decimations of a. If a(d) and a(e) are cyclically distinct, then for any shift the arithmetic crosscorrelation of a(d) and a(e) vanishes. This theorem implies that if all pairs of proper decimations could be proved to be cyclically distinct, then large families of cyclically distinct sequences with ideal arithmetic correlations will be produced. However, this has turned out to be surprisingly resistant to proof. The following conjecture was made in [5]. Conjecture 2. If p > 13 is a prime number, 2 is a primitive root modulo p, and a is an l-sequence based on p, then every pair of (distinct) proper decimations of a is cyclically distinct. This conjecture has been veriﬁed for all primes less than 2000000; see [8]. Until now no complete proof of the conjecture has been reported in the literature as far as we know. But it is worth noticing that [5], [7], and [8] have made much progress toward proving it (refer to section 3 for more information), and for certain prime numbers p of the form p = 2 · r + 1 = 8 · q + 3 with r and q prime, it was shown in [8] that Conjecture 2 holds for suﬃciently large p. On the other hand, we remark that the original version of Conjecture 2 made in [5] also involved the case of l-sequences based on prime powers, and such a nonprime case has already been completely proved by Xu and Qi in [9]. The goal of this paper is also to prove Conjecture 2. We do not present a complete proof either, but we show a new possible way to tackle it, and so the known set of cyclically distinct proper decimations is further enlarged. First, we investigate autocorrelations of l-sequences based on prime numbers in section 2. The nontrivial maximal autocorrelation of an l-sequence is completely determined. Second, on the basis of the ﬁrst result, we present a partial proof of Conjecture 2 in section 3. It is shown that Conjecture 2 is valid if the multiplicative order of 3 modulo p is not less i=0

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

807

than (p − 1)/4. Experimental evidence suggests that there are more than 79% of all diﬀerent prime connection integers of l-sequences satisfying the additional condition. This immediately implies that Conjecture 2 is valid for more than 79% of l-sequences based on diﬀerent primes. Moreover, it is proved that Conjecture 2 holds for prime numbers of the form 2 · r + 1, where r is an odd prime. Throughout the paper, for positive integers a, b, and n, the notation “b ≡ a mod n” means the usual congruence, while the notation “b = (a mod n)” means b is equal to the nonnegative minimal residue of a modulo n. 2. Determine the nontrivial maximal autocorrelation. In this section, we work on the ordinary autocorrelation of l-sequences based on primes. Recall that an autocorrelation function at shift τ of a binary sequence a with period T is deﬁned by Ca (τ ) =

T −1

(−1)ai +ai+τ ,

i=0

which measures the amount of similarity between the sequence and its τ -phase shift. At ﬁrst, let us see the well-known complementarity property of l-sequences [5]. ∞ Lemma 3. If a = {ai }i=0 is an l-sequence of period T , then ai + ai+T /2 = 1 for every i ≥ 0. Because of the complementarity property shown in Lemma 3, autocorrelation functions of l-sequences have the following distribution characteristic. Lemma 4. If a is an l-sequence of period T , then Ca (τ ) = −Ca (T /2 − τ ) = −Ca (T /2 + τ ) = Ca (T − τ ) for any 0 ≤ τ ≤ T /4 ( denotes the integer part). In particular, Ca (T /2) = −T. Proof. First, by the deﬁnition of autocorrelation functions, we have (2)

Ca (T − τ ) =

T −1

T −1

i=0

i=0

(−1)ai +ai+T −τ =

(−1)ai+τ +ai+T = Ca (τ )

for any 0 ≤ τ ≤ T − 1. Second, it can be deduced from Lemma 3 that (3)

Ca (τ + T /2) =

T −1

T −1

i=0

i=0

(−1)ai +ai+τ +T /2 =

(−1)ai +ai+τ +1 = −Ca (τ )

for any 0 ≤ τ ≤ T /2. It follows from (2) and (3) that Ca (τ ) = −Ca (T /2 − τ ) = −Ca (τ + T /2) = Ca (T − τ ) for any 0 ≤ τ ≤ T /4. This completes the proof. This simple lemma will play an important role in the later proofs. Now by putting it here we want to show that except Ca (0), Ca (T /2) also takes on the trivial value T . The following Theorem 5 is the main result that we intend to derive in this section, which clearly states the nontrivial maximal autocorrelation of l-sequences based on prime numbers and what kind of autocorrelation functions can take on it. Before presenting it, we introduce a useful notation. For any prime number p > 3, let EL3 (p) denote the greatest even number that is less than p/3. Theorem 5. If p > 3 is a prime number, 2 is a primitive root modulo p, and ∞ a = {ai }i=0 is an l-sequence based on p of period T = p − 1, then Ca (τ ) ≤ EL3 (p)

808

TIAN TIAN AND WEN-FENG QI

for 0 < τ ≤ T − 1 and τ = T /2. Moreover, for k = 0, 1, Ca (τ ) = (−1)k · EL3 (p) if and only if 2−τ ≡ (−1)k · 3 or (−1)k · 3−1 mod p. Let a be as described in Theorem 5. From (1) we know that there exists an A ∈ Z/(p) such that A = 0 and ai = (A · 2−i mod p mod 2),

i ≥ 0.

Then, for 0 ≤ τ ≤ T − 1, we have ai + ai+τ = (A · 2−i mod p mod 2) + (2−τ · A · 2−i mod p mod 2),

i ≥ 0.

Since 2 is a primitive root modulo p, it follows that {(A · 2−i mod p) | 0 ≤ i ≤ T − 1} = {1, 2, . . . , p − 1}. For any integer 1 ≤ u ≤ p − 1, let us deﬁne fu (x) = x ⊕ (u · x mod p),

(4)

x ∈ {1, 2, . . . , p − 1},

where “⊕” denotes addition modulo 2. By the above analysis, the autocorrelation function of a at shift τ can be written as Ca (τ ) =

T −1

p−1

(−1)ai +ai+τ =

−τ

(−1)x+(2

·x mod p)

=

x=1

i=0

p−1

(−1)f(2−τ

mod p) (x)

.

x=1

We remark that the trivial autocorrelations Ca (0) and Ca (T /2) correspond to u = 1 and u = p−1, respectively. Therefore, it can be seen that in order to proving Theorem 5 it is equivalent to proving the following theorem. Theorem 6. If p > 3 is a prime number and 2 is a primitive root modulo p, then p−1 fu (x) ≤ EL3 (p) (−1) x=1

for 1 < u < p − 1. Moreover, for k = 0, 1, p−1

(−1)fu (x) = (−1)k · EL3 (p)

x=1

if and only if u ≡ (−1)k · 3 or (−1)k · 3−1 mod p. Next, we make some necessary preparations for the proof of Theorem 6. Let p > 3 be a ﬁxed odd prime for which 2 is a primitive root. It can be observed from Lemma 4 that (5)

p−1

(−1)fu (x) = −

x=1

p−1

(−1)fp−u (x) ,

x=1

1 ≤ u ≤ (p − 1)/2,

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

809

p−1 and so it suﬃces to consider only the distribution of | x=1 (−1)fu (x) | for 2 ≤ u ≤ (p − 1)/2. Lemma 7. Let u be an odd number between 3 and (p − 1)/2. Then p−1 β − 1 + p/u if β < (u + 1)/2; fu (x) (6) ≤ (−1) u − β + p/u if β ≥ (u + 1)/2, x=1

where β = (p mod u). Proof. If 1 ≤ x ≤ p−1 , then u fu (x) ≡ x + (u · x mod p) ≡ (u + 1) · x ≡ 0 mod 2.

(7)

Generally, for any 1 ≤ k ≤ u − 1, if (k + 1) · p − 1 k·p−1 <x≤ , u u then fu (x) ≡ x + (u · x mod p) ≡ x + u · x − k · p ≡ k mod 2.

(8)

Note that for k = u − 1 (k + 1) · p − 1 u·p−1 1 = = p− = p − 1, u u u and so (9)

p−1

(−1)fu (x) =

x=1

p−1 u

(−1)fu (x) +

x=1

u−1

(k+1)p−1 u

k=1 x=

kp−1 u

(−1)fu (x) .

+1

Thus it follows from (7) and (8) that

u−1 p−1 p−1 (k + 1) · p − 1 k·p−1 (−1)fu (x) = (−1)k · + − u u u x=1 k=1 u−1 u−1 (k + 1) · p − 1 k·p−1 p−1 (−1)(k+1) · (−1)k · = − − u u u k=1 k=1 u−1 u·p−1 k·p−1 (−1)k · = −(−1)u · −2· u u k=1 u−1 k·p−1 (−1)k · =p−1−2· u k=1

(u−1)/2

(10)

=p−1−2·

k=1

2·k·p−1 (2 · k − 1) · p − 1 − . u u

Let αl = (l · p − 1 mod u), 1 ≤ l ≤ u − 1. Then we have (2 · k − 1) · p − 1 p 2·k·p−1 + = u u u β + α2k−1 (2 · k − 1) · p − 1 p + = (11) + u u u

810

TIAN TIAN AND WEN-FENG QI

for 1 ≤ k ≤ (u − 1)/2. Taking (11) into (10) yields p−1

(−1)fu (x) = p − 1 − 2 ·

(u−1)/2

x=1

k=1

= p − 1 − (u − 1) · =β−1+

(12)

p u

p u

β + α2k−1 p + u u (u−1)/2

−2·

(u−1)/2

−2·

k=1

k=1

β + α2k−1 u

β + α2k−1 . u

If β ≥ (u + 1)/2, then the number of 1 ≤ k ≤ (u − 1)/2 for which β + α2k−1 = 0, u that is, 0 ≤ α2k−1 < u − β, is not more than u − β. Besides for diﬀerent k and k , it can be seen that α2k−1 = α2k −1 . Therefore, in this case, we have u−1 − (u − β) ≤ 2

(13)

(u−1)/2

k=1

β + α2k−1 u

≤

u−1 . 2

It can be deduced from (12) and (13) that β−u+

(14)

p u

≤

p−1

(−1)fu (x) ≤ u − β +

x=1

Note that u−β+

p u

.

p > β − u + u u

p

always holds, and so p−1 p fu (x) . ≤u−β+ (−1) u x=1

If β < (u + 1)/2, then the number of 1 ≤ k ≤ (u − 1)/2 for which β + α2k−1 = 1, u that is, u − β ≤ α2k−1 ≤ u − 1, is not more than β. Therefore, in this case, we have (u−1)/2

0≤

(15)

k=1

β + α2k−1 u

≤ β.

It can be deduced from (12) and (15) that (16)

p u

−β−1≤

p−1

(−1)fu (x) ≤ β − 1 +

x=1

p u

.

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

Note that β−1+

811

p ≥ − β − 1 u u

p

always holds, and so p−1 p . (−1)fu (x) ≤ β − 1 + u x=1

This completes the proof. The following corollary easily derived from the proof of Lemma 7. p−1 canf3be (x) Corollary 8. (−1) = EL3 (p). x=1 Proof. Let β = (p mod 3). It follows from (12) that p−1

(−1)f3 (x) = β − 1 +

x=1

p 3

−2·

2·β−1 = 3

p−1 3 p−5 3

if β = 1; if β = 2.

Lemma 9. Let u be an even number between 2 and (p − 1)/2. Then p−1 min{u − 2, 2 · β} if p/u is even; fu (x) (17) ≤ (−1) 2 + min{u − 2, 2 · (u − β)} if p/u is odd, x=1

where β = (p mod u). Moreover, for u > EL3 (p) p−1 fu (x) (18) ≤ EL3 (p), (−1) x=1

and the equality holds if and only if u = (p + 1)/3 and p ≡ 2 mod 3. , then Proof. If 1 ≤ x ≤ p−1 u fu (x) ≡ x + (u · x mod p) ≡ x + u · x ≡ x mod 2.

(19)

It immediately follows from (19) that p−1 u

x=1

fu (x)

(−1)

=

p−1 u

x=1

p−1 (−1) u − 1 . (−1) = 2

x

(k+1)p−1 Generally, for any 1 ≤ k ≤ u − 1 , if kp−1 , then u < x≤ u

fu (x) ≡ x + (u · x mod p) ≡ x + u · x − k · p ≡ x + k mod 2, which implies that (k+1)p−1 u x=

kp−1 u

(−1)fu (x) = (−1)k ·

+1

(k+1)p−1 u x=

= (−1) · k

kp−1 u

(−1)

(−1)x

+1

(k+1)p−1 u

− (−1) kp−1 u 2

.

812

TIAN TIAN AND WEN-FENG QI

lp−1 Let I(l) = (−1) u for integer 1 ≤ l ≤ u. Then by combining the above analysis and (9) we get

p−1

I(1) − 1 I(k + 1) − I(k) (−1)k · + 2 2 u−1

(−1)fu (x) =

x=1

k=1

=

I(1) − 1 − 2

u−1

I(k + 1) I(k) − (−1)k · 2 2 u−1

(−1)k+1 ·

k=1

k=1

I(1) − 1 I(1) I(u) − (−1)u · − (−1) · − (−1)k · I(k) 2 2 2 u−1

=

k=2

= I(1) − 1 −

u−1

(−1)k · I(k)

k=2

= I(1) − 1 +

(u−2)/2

(2h+1)p−1 − (−1) 2hp−1 . u u (−1)

h=1

Let αl = (l · p − 1 mod u) for 2 ≤ l ≤ u − 1. Then p−1

(20)

(−1)

= I(1) − 1 +

x=1

If

p u

h=1

≡ 0 mod 2, then (20) gives p−1

(21)

β+α2h p 2hp−1 u + u u (−1) −1 . · (−1)

(u−2)/2 fu (x)

β+α2h 2hp−1 (−1) u · (−1) u −1 .

(u−2)/2

(−1)fu (x) =

x=1

h=1

Since the number of 1 ≤ h ≤

u−2 2

for which

u − 1 ≥ α2h ≥ u − β is not more than β, by (21) we have p−1 fu (x) (22) ≤ min{u − 2, 2 · β}. (−1) If (23)

p u

x=1

≡ 1 mod 2, then (20) gives p−1

β+α2h 2hp−1 u u · (−1) (−1) +1 .

(u−2)/2 fu (x)

(−1)

= −2 −

x=1

h=1

Since the number of 1 ≤ h ≤

u−2 2

for which 0 ≤ α2h < u − β

is not more than u − β, by (23) we have p−1 fu (x) (24) (−1) ≤ 2 + min{u − 2, 2 · (u − β)}. x=1

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

813

Thus (22) and (24) imply that (17) holds. fu (x) If u ≥ EL3 (p)+2, then instead of directly discussing | p−1 | we consider x=1 (−1) p−1 fp−u (x) | because of the upper bound of | x=1 (−1) p−1 p−1 fu (x) fp−u (x) (−1) = (−1) x=1

x=1

implied by Lemma 4. Let u = p − u and β = (p mod u ). Since u is even, it follows that u is odd. It can be observed that actually the proof of Lemma 7 does not depend on the condition of u ≤ p−1 2 at all, and so Lemma 7 holds for any odd number between 3 and p − 2. Thus the result of Lemma 7 implies that p−1 β − 1 + p/u if β < u 2+1 ; fu (x) (25) ≤ (−1) u − β + p/u if β ≥ u +1 . x=1

2

Since EL3 (p) + 2 ≤ u ≤ (p − 1)/2, we get p+1 ≤ u ≤ p − EL3 (p) − 2 2

(26) and

β = p − u = u ≥ EL3 (p) + 2.

(27)

It can be seen from (26) and (27) that β ≥

u + 1 , 2

and so (25) implies that p−1 p fu (x) (28) (−1) ≤ u − β + ≤ p + 1 − 2 · u. u x=1

If p ≡ 1 mod 3, then it follows from (28) that p−1 fu (x) (−1) < EL3 (p). x=1

If p ≡ 2 mod 3 and u ≥ EL3 (p) + 4, then (28) also implies that p−1 fu (x) (−1) < EL3 (p). x=1

If p ≡ 2 mod 3 and u = EL3 (p) + 2 = (p + 1)/3, then, since u ≡ 3−1 mod p, it follows from Lemma 4 and Corollary 8 that p−1

(−1)fu (x) =

x=1

This completes the proof.

p−1

(−1)f3 (x) = EL3 (p).

x=1

814

TIAN TIAN AND WEN-FENG QI

The result of the following lemma is elementary, and so we omit its proof. Lemma 10. Let b be a positive integer and g(x) =

x−1 b + 2 x

be a function with variable x over R. If b ≥ 36, then g(x) < (b − 5)/3 for all x ∈ [4, (b − 1)/2]. We are now ready to prove Theorem 6. Proof of Theorem 6. First, note that the conclusions of Theorem 6 are trivial for prime number 5, and so p is assumed to be greater than 5 in the following discussion. Second, it can be seen from Corollary 8 and Lemma 4 that p−1

(−1)fu (x) = (−1)k · EL3 (p)

x=1

if u ≡ (−1)k · 3 or (−1)k · 3−1 mod p. Thus in the following it suﬃces to show that p−1 fu (x) (29) (−1) < EL3 (p) x=1

for u ∈ {2, 3, . . . , p − 2}\{3, p − 3, (3−1 mod p), (−3−1 mod p)}. Third, by (5) we know it suﬃces to prove (29) holds for integer u between 2 and (p − 1)/2. If u is an odd number between 2 and (p − 1)/2, then by Lemma 7 we have p−1 β − 1 + p/u if β < u+1 u − 1 p 2 ; + , ≤ (−1)fu (x) ≤ 2 u u − β + p/u if β ≥ u+1 , x=1 2

where β = (p mod u). It follows from Lemma 10 that p−1 p−5 fu (x) (30) max (−1) < 3 5≤u≤ p−1 2 x=1

for p ≥ 36. As for 5 < p < 36, it is easy to verify that (30) holds by direct computing. If u is an even number between 2 and (p − 1)/2, then Lemma 9 implies that p−1 (−1)fu (x) < EL3 (p) x=1

if u = EL3 (p) and u = (p + 1)/3. Note that u = (p + 1)/3 if and only if p ≡ 2 mod 3 and (p + 1)/3 ≡ 3−1 mod p, so we need only to discuss the case of u = EL3 (p). To prove it we consider (u−1 mod p) and (−u−1 mod p) instead of u based on the result of Lemma 4. Case 11. If p ≡ 1 mod 3, then u = EL3 (p) =

p−1 , 3

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

815

which implies that u ≡ −3−1 mod p. Case 12. If p ≡ 2 mod 3, then u = EL3 (p) =

p−5 . 3

In this case, let 2·p+3 5 p+3 v2 = 5 p−3 v3 = 5 2·p−3 v4 = 5 Then it can be veriﬁed that v1 =

if p ≡ 1 mod 5, if p ≡ 2 mod 5, if p ≡ 3 mod 5, if p ≡ 4 mod 5.

u · v1 ≡ u · v2 ≡ −1 mod p, while u · v3 ≡ u · v4 ≡ 1 mod p. It follows from Lemma 4 that p−1 p−1 fvp mod 5 (x) fu (x) = (−1) . (−1) x=1

x=1

Since v1 and v4 are odd and are not greater than (p − 1)/2, we have p−1 p−5 fu (x) (−1) < 3 x=1

if p ≡ 1 or 4 mod 5 by (30). Since v2 and v3 are even and are not greater than (p − 1)/2, we have p−1 p−5 (−1)fu (x) ≤ vp mod 5 < 3 x=1

if p ≡ 2 or 3 mod 5 by Lemma 9. This completes the proof. 3. Distinctness of decimations of l-sequences. Recall that, for an l-sequence a based on prime number p, its d-fold decimation is denoted by a(d) and is called a proper decimation if gcd(d, p − 1) = 1. Then it follows that, given two proper decima−1 tions a(d) and a(e) , a(d) is cyclically distinct from a(e) if and only if a(de ) is cyclically −1 distinct from a (where de is computed modulo p − 1). Thus to prove Conjecture 2 it is equivalent to consider a(d) and a for 1 ≤ d ≤ p − 2. In [5], [7], and [8], the following results were shown. Theorem 13. Let p > 13 be a prime number such that 2 is a primitive root modulo p, a be an l-sequence based on p, and d be a positive integer coprime with p − 1. Then the proper decimation a(d) is cyclically distinct from a if

816

TIAN TIAN AND WEN-FENG QI

(1) either d = −1(or equivalently d = p − 2); (2) or p ≡ 1 mod 4 and d = (p + 1)/2; (3) or 1 < d ≤ (p2 − 1)4 /224 p7 ; (4) or d < 0 and |d| ≤ (p2 − 1)4 /225 p7 . Here we make a remark about Theorem 13. By characterizing the numbers of occurrences of certain bit patterns of a, (1) was proved in [5], and so a(−1) is the ﬁrst decimation proved to be cyclically distinct from a. Then [7] reported that the proper decimation a(d) was cyclically distinct from a if 1 < d ≤ p/28 (1 + loge p)4 and also d = (p + 1)/2 as a special case. The latest results, say, (3) and (4), were given by [8]. Both [7] and [8] got their bounds by estimating certain exponential sums of analytical number theory. Moreover, in [8], it was proved that, for certain p, Conjecture 2 held. Theorem 14. If p = 2·r+1 = 8·q+3 with p, r, and q prime, 2 is a primitive root modulo p, and a is an l-sequence based on p, then Conjecture 2 holds for p suﬃciently large. On the other hand, asymptotically for large p, [8] also showed that the collection of counterexamples to Conjecture 2 is a vanishingly small fraction of the set of all proper decimations. Theorem 15. For any ﬁxed ε > 0 there is a constant C0 (ε) > 0 depending only on ε such that there are at most C0 (ε) · p2/3+ε decimations of an l-sequence a based on p that are cyclic permutations of a. It can be seen that [5], [7], and [8] have made much progress toward proving Conjecture 2. In this section, on the basis of the results proved in section 2, we also provide a partial proof of Conjecture 2. Because our proof idea is completely diﬀerent from those of [5], [7], and [8], the results further enlarge the set of decimations that are known to be cyclically distinct, and for a large number of l-sequences, it is shown that every pair of proper decimations is cyclically distinct. A detailed comparison of our new results and former ones will be oﬀered in subsection 3.3. 3.1. Basic results. Autocorrelation functions of proper decimations have the following property if they are not cyclically distinct. Lemma 16. Let p > 3 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If proper decimation a(d) is a phase shift of a, then Ca(d) (τ ) = Ca (d · τ ) = Ca (τ ) for 0 ≤ τ ≤ p − 2, where d · τ is computed modulo p − 1. Proof. If τ = 0, then the result is trivial. Assume τ > 0. On one hand, since d is coprime with p − 1, we have Ca(d) (τ ) =

p−2 p−2 (−1)adi +ad(i+τ ) = (−1)ai +ai+dτ = Ca (d · τ ). i=0

On the other hand, since a which

i=0 (d)

is a phase shift of a, there exists a positive integer v for a(d) = Lv a.

Thus it follows that Ca(d) (τ ) = CLv a (τ ) = Ca (τ ). This completes the proof. Next, we prove the main result of this section.

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

817

Theorem 17. Let p > 3 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If proper decimation a(d) satisﬁes that d + 1 and d − 1 are not divisible by ordp (3), then a(d) is cyclically distinct from a. (ordp (3) denotes the multiplicative order of 3 modulo p.) Proof. Suppose a(d) is a phase shift of a and integer τ > 0 satisﬁes 2−τ ≡ 3 mod p.

(31)

Then it follows from Lemma 16 and Theorem 5 that Ca (d · τ ) = Ca (τ ) = EL3 (p). Again, Theorem 5 implies that (32)

2−d·τ ≡ 3 mod p or 2−d·τ ≡ 3−1 mod p.

Taking (31) into (32) yields (33)

3d−1 ≡ 1 mod p or 3d+1 ≡ 1 mod p,

a contradiction to the assumption that d + 1 and d − 1 are not divisible by ordp (3). This completes the proof. Remark 18. If we use the other three analog equations from Theorem 5 apart from (31), they would lead to the same result. In general, Theorem 17 does not yield a complete proof for all decimations. But if ordp (3) is large enough, a complete proof is still probable. For example, 3 is a primitive root modulo p. We make this explicit in the following statement. Corollary 19. If p > 3 is a prime number such that both 2 and 3 are primitive roots modulo p, and a is an l-sequence based on p, then every pair of (distinct) proper decimations of a is cyclically distinct. Proof. Since ordp (3) = p − 1, it immediately follows from Theorem 17 that a(d) is cyclically distinct from a for 1 ≤ d ≤ p − 3. The remaining case d = p − 2 follows from Theorem 13. This completes the proof. Experimental evidence shows that 3 is a primitive root for about 39% of all different prime connection integers of l-sequences. In addition, according to Heilbronn’s conjecture (revising Artin’s conjecture) that Hooley proved in [10], it can be estimated that 3 is a primitive root for about 37.4% of all diﬀerent prime connection integers of l-sequences, which provides a theoretical support to the validity of our data. Besides such an extreme case described in Corollary 19, by Theorem 17, we can measure the number of counterexamples to Conjecture 2 for more general cases. Corollary 20. If p is a prime number, 2 is a primitive root modulo p, and ordp (3) > pε , then there are at most 2 · p1−ε proper decimations of an l-sequence a based on p that are cyclic permutations of a. Proof. By Theorem 17, we know that if a proper decimation a(d) is a cyclic permutation of a, then it is necessary that either d + 1 or d − 1 be divisible by ordp (3). Since ordp (3) > pε , the number of x between 1 and p − 1 that is divisible by ordp (3) is at most p1−ε . Moreover, for each x divisible by ordp (3), one can derive at most two proper decimations, say, a(x+1) and a(x−1) , that are cyclic permutations of a. Hence, in all, there are at most 2 · p1−ε proper decimations of a that are cyclic permutations of a. It can be seen that Corollary 20 provides a better estimation for prime numbers p with ordp (3) > p1/3 than Theorem 15. Actually, most of the prime numbers p satisfy ordp (3) > p1/2 . For instance, among the ﬁrst 10000 prime numbers, there are 9928 prime numbers p with ordp (3) > p1/2 which account for 99.28%.

818

TIAN TIAN AND WEN-FENG QI

3.2. Further investigations. Replacing the condition that 3 is a primitive root modulo p in Corollary 19 by a weaker one that ordp (3) is divisible by the greatest odd factor of (p − 1), the percentage 39% can be further increased to 79%. This subsection deals with the weaker condition. First of all, we determine all the possible values of ordp (3). Let p be an odd prime and a be an integer not divisible by p. Then a is called a quadratic residue modulo p if there exists an integer y such that a ≡ y 2 mod p. Otherwise, a is called a quadratic nonresidue. The following two facts can be found from any textbook on elementary number theory, for example, Nathanson [11]. Lemma 21 (Euler’s criterion). Let p be an odd prime number. Then, for every integer a, a is a quadratic residue modulo p if and only if a(p−1)/2 ≡ 1 mod p. Lemma 22. Let p be an odd prime number. Then 2 is a quadratic residue modulo p if and only if p ≡ ±1 mod 8. The above two lemmas lead to the following corollary. Corollary 23. If p is a prime number such that 2 is a primitive root modulo p, then, p ≡ 3 or 5 mod 8. Proof. If p ≡ ±1 mod 8, then, by Lemma 22, we know 2 is a quadratic residue modulo p. Thus Lemma 21 implies that ordp (2) is a factor of (p−1)/2, a contradiction to the assumption that 2 is a primitive root modulo p. This completes the proof. It follows from Corollary 23 that p− 1 is not divisible by 23 for a prime connection integer p of an l-sequence. Therefore, if ordp (3) is divisible by the greatest odd factor of (p−1), then ordp (3) takes on only four possible values: (p−1), (p−1)/2, 3·(p−1)/4, and (p − 1)/4. Note that the case of ordp (3) = p − 1 has already been proved by Corollary 19, and so this subsection focuses on the cases of ordp (3) = (p − 1)/2, ordp (3) = 3 · (p − 1)/4, and ordp (3) = (p − 1)/4. 3.2.1. Primes congruent to 3 modulo 8. If p ≡ 3 mod 8, the case ordp (3) = (p − 1)/4 does not exist, and so it suﬃces to consider only ordp (3) = (p − 1)/2. Lemma 24. Let p > 3 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If p ≡ 3 mod 8 and ordp (3) = (p − 1)/2, then every pair of (distinct) proper decimations of a is cyclically distinct. Proof. Since p ≡ 3 mod 8, we can write p = 2 · k + 1, where k is an odd number. If a d-fold proper decimation a(d) is a phase shift of a, then Theorem 13 part (1) and Theorem 17 imply that d < p − 2 and at least one of d + 1 and d − 1 is divisible by ordp (3) = k. Thus we have either d = k + 1 or d = k − 1. Both k + 1 and k − 1 are even numbers, and so they are not coprime with p − 1, a contradiction to the assumption that a(d) is a proper decimation. This completes the proof. If p is a prime number of the form 2 · r + 1, where r is also an odd prime number, then it is evident that p ≡ 3 mod 8 and ordp (3) is divisible by (p − 1)/2. For such special kinds of prime numbers, the following result is directly deduced from Corollary 19 and Lemma 24. Corollary 25. Let p = 2 · r + 1 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If r is an odd prime number, then every pair of (distinct) proper decimations of a is cyclically distinct. It can be seen that Corollary 25 improves substantially on Theorem 14. 3.2.2. Primes congruent to 5 modulo 8. Let p be a prime such that p ≡ 5 mod 8 and 2 is a primitive root modulo p. In this case, except ordp (3) = (p − 1)/2, both ordp (3) = 3 · (p − 1)/4 and ordp (3) = (p − 1)/4 may also occur. Consequently, by Theorem 17, if proper decimation a(d) is a phase shift of a, where a is an l-sequence

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

819

based on p, then there must be p−1 p−1 3 · (p − 1) d∈ ± 1, ± 1, ± 1, p − 2 . 4 2 4 First, we observe that p − 2 and (p + 1)/2 are impossible because of Theorem 13. 3·(p−1) Second, since p ≡ 5 mod 8, it follows that p−1 ± 1 are even numbers. 4 ± 1 and 4 3·(p−1) p−1 Thus 4 ± 1 and ± 1 are not coprime with p − 1, and so a(d) is not a proper 4 p−1 decimation for d ∈ { 4 ± 1, 3·(p−1) ± 1}. Now it is clear that d = (p − 3)/2 is the 4 only remaining case, and so the main task of this part is to show that a(d) is cyclically distinct from a for d = (p − 3)/2. To proceed we need two additional lemmas. First, let us come back to Lemma 7 again. Because the aim of section 2 is to derive the nontrivial maximal autocorrelation, other distribution properties of autocorrelations are completely ignored. Reviewing the proof of Lemma 7, the following result is easy to get, which will be very useful in this part. Lemma root modulo p. p−1 26. Let p be a prime number such that 2 is a primitive √ Then x=1 (−1)fu (x) > 0 for every odd number u between 3 and p. Proof. Taking (14) and (16) into consideration, we know the inequality p−1

(−1)fu (x) ≥

x=1

holds. Since

p u

−

p u

−

u−1 2

u−1 p u−1 > −1− 2 u 2

and p u−1 −1− ≥0 u 2

√ for u ≤ p, the lemma follows. Second, we are concerned with the distribution of the least odd quadratic nonresidue modulo a prime. About the distribution of the least quadratic residue and the least quadratic nonresidue, many excellent estimations have been done decades ago. We now refer to the following theorem of Brauer; see [12]. Lemma 27. The least odd quadratic nonresidue u modulo a prime p satisﬁes u < 23/5 p2/5 + 2−(6/5) · 25 · p1/5 + 3 for p ≡ 5 mod 8. √ This implies that there exists an odd quadratic nonresidue u less than p if p > 38,659. Therefore, the next lemma is an immediate consequence of Lemmas 26 and 27. Lemma 28. Let p be a prime number such that 2 is a primitive root modulo p. If p ≡ 5 mod 38659, then there exists a quadratic nonresidue u modulo p 8 and pfu> (x) (−1) > 0. such that p−1 x=1 To simplify the latter proof of the distinctness, we show the validity of the following claim before it. Claim 29. Let p be a prime number such that p ≡ 5 mod 8 and 2 is a primitive root modulo p. Let a be an l-sequence based on p and d = (p − 3)/2. If proper decima fu (x) = 0 for all quadratic nonresidue u tion a(d) is a phase shift of a, then p−1 x=1 (−1) modulo p.

820

TIAN TIAN AND WEN-FENG QI

Proof. Since a(d) is a phase shift of a, we have Ca (τ ) = Ca (d · τ ),

(34)

τ ≥ 0,

by Lemma 16. Then, for every odd number τ , it can be deduced from (34) and Lemma 4 that

p−1 p−1 Ca (τ ) = Ca · τ − τ = Ca − τ = −Ca (τ ), 2 2 that is, Ca (τ ) = 0. Since 2 is a primitive root modulo p, it follows from Lemma 21 that (2−τ mod p) runs through all quadratic nonresidues modulo p if τ runs through all odd numbers between 1 and p − 1. Therefore, the claim follows from the relation Ca (τ ) =

p−1

(−1)f(2−τ

mod p) (x)

x=1

and the analysis presented above. Lemma 30. Let p > 13 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If p ≡ 5 mod 8, then the proper decimation a(d) is cyclically distinct from a for d = (p − 3)/2. p−1 Proof. If a(d) is a phase shift of a, then by Claim 29 we know that x=1 (−1)fu (x) = 0 for all quadratic nonresidue u modulo p. If p > 38659, this is a contradiction to Lemma 28. As for 13 < p ≤ 38659, the lemma follows from known experimental evidence. We conclude all the discussions involved in this part with a lemma. Lemma 31. Let p > 13 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If p ≡ 5 mod 8 and ordp (3) is divisible by (p − 1)/4, then every pair of (distinct) proper decimations of a is cyclically distinct. 3.3. Summary. We make a summary about the results obtained in this section. The goal of this section is to investigate the validity of Conjecture 2. Combining the results of Corollary 19 and Lemmas 24 and 31, we arrive at this ﬁnal conclusion. Theorem 32. Let p > 13 be a prime number such that 2 is a primitive root modulo p and a be an l-sequence based on p. If ordp (3) ≥ (p − 1)/4, then every pair of (distinct) proper decimations of a is cyclically distinct. Table 1 shows the distribution of primes p such that 2 is a primitive root modulo p and ordp (3) is not less than (p − 1)/4. The ﬁrst row of the table indicates the range of ordinary primes under consideration. Type I primes refer to primes for which 2 is a primitive root, while Type II primes refer to primes that belong to Type I with ordp (3) ≥ (p − 1)/4. The proportion of Type II primes in Type I primes is given by the last row of the table. With these data presented in Table 1, it is reasonable to think that Theorem 32 implies that Conjecture 2 is valid for more than 79% of l-sequences based on diﬀerent primes. Table 1 Distribution of primes. The ﬁrst k primes Type I primes Type II primes Proportion

k = 5000 1877 1483 > 79.0%

k = 10000 3752 2968 > 79.1%

k = 20000 7478 5947 > 79.5%

k = 40000 14935 11847 > 79.3%

DECIMATIONS OF l-SEQUENCES BASED ON PRIMES

821

Finally, we make a comparison between the main results proved in this paper and former progress obtained in [5], [7], and [8] on Conjecture 2: 1. no complete proof is provided yet; 2. the proof presented in this paper is relatively independent of former ones; 3. it can be seen that the range of d lack of proof implied by Theorem 17 has no direct relation with that implied by Theorem 13; 4. if ordp (3) > p1/3 , then Corollary 20 provides a better estimation for the number of counterexamples to Conjecture 2, and the probability that a prime number p with ordp (3) > p1/2 is very high; 5. the number of primes with a complete proof is larger in this paper, and Theorem 32 provides a convenient way to check whether Conjecture 2 holds for certain large primes. Considering these diﬀerences, the authors of this paper thought there was a chance to completely prove Conjecture 2 by combining two distinct proofs oﬀered by this paper and [8], but, unfortunately, no breakthrough has been made. 4. Conclusions. This paper presents a new eﬀective way to investigate the distinctness problem on proper decimations of l-sequences based on primes. The problem was ﬁrst observed and proposed by Goresky and Klapper when they were working on the arithmetic cross-correlation. It is shown that a large number of l-sequences satisfy the fact that every pair of proper decimations is cyclically distinct. Experimental evidence further suggests that such sequences account for more than 79% of all lsequences based on diﬀerent primes. In particular, as for l-sequences based on primes of the form 2 · r + 1, where r is an odd prime, the distinctness problem is completely solved. REFERENCES [1] A. Klapper and M. Goresky, 2-adic shift registers, in Fast Software Encryption, Cambridge Security Workshop, Lecture Notes in Comput. Sci. 809, R. Anderson, ed., Springer-Verlag, New York, 1993, pp. 174–178. [2] A. Klapper and M. Goresky, Feedback shift registers, 2-adic span, and combiners with memory, J. Cryptology, 10 (1997), pp. 111–147. [3] W. F. Qi and H. Xu, Partial period distribution of FCSR sequences, IEEE Trans. Inform. Theory, 49 (2003), pp. 761–765. [4] C. Seo, S. Lee, Y. Sung, K. Han, and S. Kim, A lower bound on the linear span of an FCSR, IEEE Trans. Inform. Theory, 46 (2000), pp. 691–693. [5] M. Goresky and A. Klapper, Arithmetic crosscorrelations of feedback with carry shift register sequences, IEEE Trans. Inform. Theory, 43 (1997), pp. 1342–1345. [6] H. Xu and W. F. Qi, Autocorrelations of maximum period FCSR sequences, SIAM J. Discrete Math., 20 (2006), pp. 568–577. [7] M. Goresky, A. Klapper, and R. Murty, On the distinctness of decimations of l-sequences, in Sequences and Their Applications (Proceedings of SETA’01), T. Helleseth, P. V. Kumar, and K. Yang, eds., Discrete Math. Theor. Comput. Sci., Springer-Verlag, New York, 2002. [8] M. Goresky, A. Klapper, R. Murty, and I. Shparlinski, On decimations of l-sequences, SIAM J. Discrete Math., 18 (2004), pp. 130–140. [9] H. Xu and W. F. Qi, Further results on the distinctness of decimations of l-sequences, IEEE Trans. Inform. Theory, 52 (2006), pp. 3831–3836. [10] C. Hooley, On Artin’s conjecture, J. Reine Angew. Math., 22 (1967), pp. 209–220. [11] M. B. Nathanson, Elementary Methods in Number Theory, Grad. Texts Math. 195, SpringerVerlag, London, 2000. [12] A. Brauer, On the non-existence of the Eucilidean algorithm in certain quadratic number fields, Amer. J. Math., 62 (1940), pp. 697–716.

Recommend Documents

Autocorrelation and Partial autocorrelation

Convergence Properties of Autocorrelation-Based ... - Semantic Scholar

Additive Autocorrelation of Resilient Boolean ... - Semantic Scholar