Large Families of Pseudorandom Sequences of k ... - CiteSeerX

Large Families of Pseudorandom Sequences of k Symbols and Their Complexity – Part I R. Ahlswede, C. Mauduit, and A. S´ ark¨ozy Dedicated to the memory of Levon Khachatrian

1

Introduction

In earlier papers we introduced the measures of pseudorandomness of finite binary sequences [13], introduced the notion of f –complexity of families of binary sequences, constructed large families of binary sequences with strong PR (= pseudorandom) properties [6], [12], and we showed that one of the earlier constructions can be modified to obtain families with high f –complexity [4]. In another paper [14] we extended the study of pseudorandomness from binary sequences to sequences on k symbols (“letters”). In [14] we also constructed one “good” pseudorandom sequence of a given length on k symbols. However, in the applications we need not only a few good sequences but large families of them, and in certain applications (cryptography) the complexity of the family of these sequences is more important than its size. In this paper our goal is to construct “many” “good” PR sequences on k symbols, to extend the notion of f –complexity to the k symbol case and to study this extended f –complexity concept.

2

A Special Case

First we will study the special case when k, the number of symbols (the “size of the alphabet”) is a power of 2: k = 2r . We will show that in this case any “good” PR binary sequence EN = (e1 , e2 , . . . , eN ) ∈ {−1, +1}N

(2.1)

defines a sequence on k symbols with “nearly as good” PR properties so that the constructions given in the binary case can be used in the k = 2r symbol case nearly as effectively. First we have to recall several definitions from earlier papers. If EN is a binary sequence of the form (2.1), then write U (EN ; t, a, b) =

t−1 

ea+jb

j=0 

Research partially supported by the Hungarian National Foundation for Scientific Research, Grant No. T043623.

R. Ahlswede et al. (Eds.): Information Transfer and Combinatorics, LNCS 4123, pp. 293–307, 2006. c Springer-Verlag Berlin Heidelberg 2006 

294

R. Ahlswede, C. Mauduit, and A. S´ ark¨ ozy

and, for D = (d1 , . . . , d ) with non–negative integers d1 < · · · < d

V (EN , M, D) =

M 

en+d1 en+d2 . . . en+d .

n=1

Then the well–distribution measure of EN is defined by      t−1  ea+jb  , W (EN ) = max |U (EN , t, a, b)| = max  a,b,t a,b,t   j=0 where the maximum is taken over all a, b, t ∈ N and 1 ≤ a ≤ a + (t − 1)b ≤ N , while the correlation measure of order  of EN is defined by   M     C (EN ) = max |V (EN , M, D)| = max  eN +d1 en+d2 . . . en+d  ,  M,D M,D  n=1

where the maximum is taken over all D = (d1 , d2 , . . . , d ) and M such that M + d ≤ N . Then the sequence EN is considered as a “good” PR sequence if both these measures W (EN ) and C (EN ) (at least for small ) are “small” in terms of N (in particular, both are o(N ) as N → ∞). Indeed, it is shown in [5], [10] that for a “truly random” EN ∈ {−1, +1} both W (EN ) and, for fixed , C (EN ) are around N 1/2 with “near 1” probability. In [13] a third measure was introduced, which will be needed here: the combined (well–distribution–correlation) PR measure of order  is defined by    t    Q (EN ) = max  ea+jb+d1 ea+jb+d2 . . . ea+jb+d  a,b,t,D   j=0 = max |Z(a, b, t, D)| a,b,t,D

(2.2)

where Z(a, b, t, D) =

t 

ea+jb+d1 ea+jb+d2 . . . ea+jb+d

j=0

is defined for all a, b, t, D = (d1 , d2 , . . . , d ) such that all the subscripts a + jb + di belong to {1, 2, . . . , N } (and the maximum in (2.2) is taken over D’s of dimension ). In [14] we extended these definitions to the case of k symbols. It is not at all clear how to do this extension and, indeed, in [14] we introduced two different ways of extension which are nearly equivalent. Here we will present only one of them which is more suitable for our purpose.

Large Families of Pseudorandom Sequences of k Symbols – Part I

295

Let k ∈ N, k ≥ 2, and let A = {a1 , a2 , . . . , ak } be a finite set (“alphabet”) of k symbols (“letters”) and consider a sequence EN = (e1 , e2 , . . . , eN ) ∈ AN of these symbols. Write x(EN , a, M, u, v) = |{j : 0 ≤ j ≤ M − 1, eu+jv = a}| and for W = (ai1 , . . . , ai ) ∈ A and D = (d1 , . . . , d ) with non–negative integers d1 < · · · < d , g(EN , W, M, D) = |{n : 1 ≤ n ≤ M, (en+d1 , . . . , en+d ) = W }|. Then the f –well–distribution (“f ” for “frequency”) measure of EN is defined as

   M   δ(EN ) = max x(EN , a, M, u, v) − a,M,u,v k 

where the maximum is taken over all a ∈ A and u, v, M with u + (M − 1)v ≤ N , while the f –correlation measure of order  of EN is defined by    M γ (EN ) = max g(EN , W, M, D) −   W,M,D k where the maximum is taken over all W ∈ A , and D = (d1 , . . . , d ) and M such that M + d ≤ N . We showed in [14] that in the special case k = 2, A = {−1, +1} the f – measures δ(EN ), γ (EN ) are between two constant multiples of the binary measures W (EN ), resp. C (EN ), so that, indeed, the f –measures can be considered as extensions of the binary measures. Now let EN be the binary sequence in (2.1), and to this binary sequence assign a sequence ϕ(EN ) whose elements are the 2n letters in the alphabet {−1, +1}r , and whose length is [N/r]:   ϕ(EN ) = (e1 , . . . , er ), (er+1 , . . . , e2r ), . . . , (e([N/r]−1)r+1, . . . , e[N/r]r ) . We will show that if EN is a “good” PR binary sequence, then ϕ(EN ) is also a “good” PR sequence on the k = 2r letters in the alphabet {−1, +1}r. Indeed, this follows from the inequalities in the following theorem: Theorem 1. If EN and ϕ(EN ) are defined as above, then we have r     1  r δ ϕ(EN ) ≤ r Qs (EN ) 2 s=1 s

(2.3)

296

R. Ahlswede, C. Mauduit, and A. S´ ark¨ ozy

and, for  ∈ N r        1  r γ ϕ(EN ) ≤ r Qqs (EN ). 2 s=1 q=1 s q

(2.4)

Proof of Theorem 1. Clearly, for all a = (ε1 , . . . , εr ) ∈ {−1, +1}r , M , u and v we have   x ϕ(EN ), a, M, u, v   =  j : 0 ≤ j ≤ M − 1, (e(u+jv−1)r+1 , . . . , e(u+jv)r ) = (ε1 , . . . , εr )  =

M−1 r 

j=0

=

e(u+jv−1)r+i εi + 1 2 i=1

r 1  M + 2r 2r s=1



εi1 . . . εis

1≤i1