On the Stability of the Linear Complexity of Some Generalized Cyclotomic Sequences of Order Two

Abstract

Linear complexity is an important pseudo-random measure of the key stream sequence in a stream cipher system. The 1-error linear complexity is used to measure the stability of the linear complexity, which means the minimal linear complexity of the new sequence by changing one bit of the original key stream sequence. This paper contributes to calculating the exact values of the linear complexity and 1-error linear complexity of the binary key stream sequence with two prime periods defined by Ding–Helleseth generalized cyclotomy. We provide a novel method to solve such problems by employing the discrete Fourier transform and the M–S polynomial of the sequence. Our results show that, by choosing appropriate parameters p and q, the linear complexity and 1-error linear complexity can be no less than half period, which shows that the linear complexity of this sequence not only meets the requirements of cryptography but also has good stability.

1. Introduction

Stream cipher is an important encryption system, which has been widely used in the military, diplomacy, and other fields. The security of a stream cipher mainly depends on the pseudo-random property, including the linear complexity of the key stream sequences. If the binary sequence $s^{\infty }=(s_0,s_1,s_2,\cdots )$ with the symbols in ${\mathrm{F}}_2$ satisfying $s_j+c_1{s}_{j-1}+\cdots +c_L{s}_{j-L}=0,j\ge L,$ where L is a positive integer, $c_1,c_2,\cdots ,c_L\in {\mathrm{F}}_2$, and ${\mathrm{F}}_2$ denotes the finite field of order 2, then the least L is called the linear complexity of the sequence $s^{\infty }$, denoted by $LC\left(s^{\infty }\right)$, which is the length of the shortest linear feedback shift register (LFSR) that can generate this sequence [1,2]. The famous BM algorithm shows that the whole sequence with period N can be recovered by the $2LC\left(s^{\infty }\right)$ successive terms, so $LC\left(s^{\infty }\right)$ is required to be not less than $N/2$ [3]. Ding and Helleseth introduced a new generalized cyclotomic class of order two and defined the new generalized cyclotomic sequences from them in 1998. Many modified versions of the sequence were considered after that [4]. In 2005, the linear complexity and the minimal polynomial of the new generalized cyclotomic sequences of order two of period $pq$ were determined by Bai and He et al., where $p,q$ are distinct odd primes [5,6]. In 2008, Du et al. provided the linear complexity of Ding–Helleseth generalized cyclotomic sequences of arbitrary order by their trace representation [7]. In 2019, a modified version of Ding–Helleseth generalized cyclotomic sequences of order two were presented and the 2-adic linear complexity was demonstrated to be sufficient [8].

The k-error linear complexity was defined as the smallest value of linear complexity that can be obtained by changing at most k terms of the sequence in the first period and periodically continued [9], which is an important measure of the stability of linear complexity. Please refer to the literature for the research on k-error linear complexity [1,2,10,11,12]. Zhou and Liu studied the k-error linear complexity of binary sequences by using the cube theory [13]. Chang and Ke studied the properties of the error linear complexity spectrum of binary sequences with the period of a power of two [14]. Xiao et al. introduced a new family of binary generalized cyclotomic sequences of period $p^2$ for an odd prime p [15]. Then, Wu et al. calculated the k-error linear complexity of the sequences [16]. Alecu and Sălăgean transformed the calculation of the k-error linear complexity into the calculation of the Hamming weight of the discrete Fourier transform (DFT) spectrum of the sequence by Blahut’s theorem [17]. In 2019, Chen and Wu discussed the k-error linear complexity for Legendre, Ding–Helleseth–Lam, and Hall’s sextic residue sequences of odd prime period p by this method [18]. In 2022, Wu provided the k-error linear complexity of q-ary Euler quotient sequences [19] and Pazilaiti et al. determined the linear complexity and the 1-error linear complexity of some Whiteman generalized cyclotomic binary sequences [20].

This paper determines the linear complexity and the 1-error linear complexity of a class of Ding–Helleseth generalized cyclotomic sequences s of order two of period $pq$. First of all, we introduce some related algebraic preliminaries and the construction of the sequence in Section 2, and then present the M–S polynomial over an extension field of ${\mathrm{F}}_2$, from whose coefficient sequence we obtain its DFT spectrum, and then the linear complexity is calculated as the Hamming weight of the DFT spectrum in Section 3. In Section 4, by a similar approach, we calculate the minimal linear complexity of the sum sequence of the sequence s and the error sequence e of the Hamming weight not more than 1; actually, it is just the 1-error linear complexity of the sequence. Section 5 concludes the main results and presents a discussion about the implementation and application of this sequence finally.

2. Preliminary

The sequence $s={\left\{s_u\right\}}_{u=0}^{\infty }$ with the period N is often defined as

$$s_u=\left\{\begin{array}{cc}1,\hfill & ifumodN\in D,\hfill \\ 0,\hfill & \mathrm{otherwise},\hfill \end{array}\right.$$

where the subset D of the residue class ring $Z_N$ is called the defining set of the sequence s. Thus, constructing a binary sequence of period N is actually equivalent to defining a binary partition of $Z_N$.

Now, we consider the case $N=pq$, where p and q are two odd primes larger than 3 with the greatest common divisor $\gcd (p-1,q-1)=2$ and $e=(p-1)(q-1)/2$. It is guaranteed by Chinese Remainder Theorem that there exists a common primitive root g of both p and q, such that ${\mathrm{ord}}_N\left(g\right)=\mathrm{lcm}(p-1,q-1)=e$, where ${\mathrm{ord}}_N\left(g\right)$ denotes the multiplicative order of g modulo N. The set of all invertible elements of ${\mathrm{Z}}_N$ [21] can be provided by

$${\mathrm{Z}}_N^{*}=\{g^j{x}^i:j=0,1,\cdots ,e-1;i=0,1\},$$

where x satisfies $x=gmodp$ and $x=1modq$.

Some subsets of ${\mathrm{Z}}_N$ are defined as

$$\begin{array}{ccc}\hfill D_{0i}& =& \{g^{2j}{x}^i:j=0,1,\cdots ,e/2-1\},\hfill \\ \hfill D_{1i}& =& \{g^{2j+1}{x}^i:j=0,1,\cdots ,e/2-1\},\hfill \end{array}$$

where $i=0,1$. Denote

$$\begin{array}{cc}\hfill & D_i^{\left(q\right)}=\{g^{i+2j}:j=0,1,\cdots ,(q-1)/2-1\},P_i=p{D}_i^{\left(q\right)},\hfill \\ \hfill & D_i^{\left(p\right)}=\{g^{i+2j}:j=0,1,\cdots ,(p-1)/2-1\},Q_i=q{D}_i^{\left(p\right)},\hfill \end{array}$$

where $i=0,1$.

It is obvious that

$$\begin{array}{cc}\hfill D_{0i}modp& =\{g^{2j}{x}^{i}modp:j=0,1,\cdots ,e/2-1\}\hfill \\ \hfill & =\{g^{2j+i}modp:j=0,1,\cdots ,e/2-1\}\hfill \\ \hfill & =D_i^{\left(p\right)},\hfill \end{array}$$

(1)

$$\begin{array}{cc}\hfill D_{0i}modq& =\{g^{2j}{x}^{i}modq:j=0,1,\cdots ,e/2-1\}\hfill \\ \hfill & =\{g^{2j}modq:j=0,1,\cdots ,e/2-1\}\hfill \\ \hfill & =D_0^{\left(q\right)}.\hfill \end{array}$$

(2)

Then, $D_{0i}$ consists of all the quadratic residues of modulo q, where $i=0,1$, and $D_{00}$ consist of all the quadratic residues of modulo p and $D_{01}$ consists of all the quadratic nonresidues of modulo p. Similarly, by the fact that

$$\begin{array}{ccc}\hfill D_{1i}modp& =& \{g^{2j+1}{x}^{i}modp:j=0,1,\cdots ,e/2-1\}\hfill \\ & =& \{g^{2j+i+1}modp:j=0,1,\cdots ,e/2-1\}\hfill \\ & =& D_{i+1}^{\left(p\right)},\hfill \\ \hfill D_{1i}modq& =& \{g^{2j+1}{x}^{i}modq:j=0,1,\cdots ,e/2-1\}\hfill \\ & =& \{g^{2j+1}modq:j=0,1,\cdots ,e/2-1\}\hfill \\ & =& D_1^{\left(q\right)}.\hfill \end{array}$$

Then, $D_{1i}$ consists of all the quadratic nonresidues of modulo q, where $i=0,1$, and $D_{10}$ consist of all the quadratic nonresidues of modulo p and $D_{11}$ consists of all the quadratic residues of modulo p. Ding and Helleseth defined the generalized cyclotomic classes as $D_0=D_{00}\cup D_{01}$, $D_1=D_{10}\cup D_{11}$ and the subsets $P=P_0\cup P_1$, $Q=Q_0\cup Q_1$. Thus, the partition of $Z_N$ can be denoted as

$$\begin{array}{c}\hfill {\mathrm{Z}}_N=D_0\cup D_1\cup P\cup Q\cup \left\{0\right\}\end{array}$$

and $D_0\cup D_1={\mathrm{Z}}_N^{*}$. It is clear that $|D_{00}|=|D_{01}|=|D_{10}|=|D_{11}|=(p-1)(q-1)/4$, $|P_0|=|P_1|=(q-1)/2$, and $|Q_0|=|Q_1|=(p-1)/2$.

Define the Ding–Helleseth generalized cyclotomic sequence of order two $s={\left\{s_u\right\}}_{u=0}^{\infty }$ with the defining set $Q_1\cup P_0\cup D_1$ [5,22]. It is obvious that this sequence possesses the property of the balance of the symbols “0” and “1”. This paper first contributes to calculation of the linear complexity of s by its DFT spectrum and M–S polynomial.

3. Linear Complexity and Discrete Fourier Transform

The DFT spectrum of s is provided by

$$A_i=\sum _{u=0}^{N-1}{s}_u{\alpha }^{-iu},0\le i\le N-1.$$

(3)

where $\alpha \in {\mathrm{F}}_{2^m}$ is a primitive N-th root of unity and m is the order of 2 modulo, the odd number N. Blahut’s Theorem [23] shows that the linear complexity of s is equal to the Hamming weight of its DFT spectrum, namely

$$LC\left(s\right)=\#\{i:A_i\ne 0,0\le i\le N-1\},$$

(4)

where # means the cardinality of the set, which is also equal to $\left|G\right(X\left)\right|$, which denotes the number of nonzero terms of the Mattson–Solomon polynomial (M–S polynomial) [24] of s obtained by

$$G\left(X\right)=\sum _{i=0}^{N-1}{A}_i{X}^i\in {\mathrm{F}}_{2^m}\left[X\right].$$

(5)

It is noted that, based on the inverse DFT [25], the sequence can be provided by

$$s_u=\sum _{i=0}^{N-1}{A}_i{\alpha }^{iu}=G\left({\alpha }^u\right),0\le u\le N-1.$$

(6)

In the remainder of this paper, denote $p\equiv vmod8$ and $q\equiv wmod8$, where $v,w=\pm 1,\pm 3$.

Lemma 1

([26]). Let p and q be distinct odd primes.

1. 

If $(v,w)=(\pm 1,\pm 1)$, then $2\in D_{00}$.

2. 

If $(v,w)=(\pm 3,\pm 1)$, then $2\in D_{01}$.

3. 

If $(v,w)=(\pm 3,\pm 3)$, then $2\in D_{10}$.

4. 

If $(v,w)=(\pm 1,\pm 3)$, then $2\in D_{11}$.

Lemma 2.

Let p and q be distinct odd primes.

1. 

$-1\in D_{01}$ if and only if

$$(v,w)\in \left\{\right(3,-3),(3,1),(-1,-3),(-1,1\left)\right\};$$

2. 

$-1\in D_{10}$ if and only if

$$(v,w)\in \left\{\right(3,3),(3,-1),(-1,3),(-1,-1\left)\right\};$$

3. 

$-1\in D_{11}$ if and only if

$$(v,w)\in \left\{\right(-3,3),(-3,-1),(1,3),(1,-1\left)\right\}.$$

Proof. 

If $(v,w)=(1,-1)$, by the definition of g, we have

$$\begin{array}{cc}\hfill & -1=g^{{\displaystyle \frac{p-1}{2}}}modp=g^{4k_1}modp,\hfill \\ \hfill & -1=g^{{\displaystyle \frac{q-1}{2}}}modq=g^{4k_2-1}modq,\hfill \end{array}$$

where $k_1$ and $k_2$ are positive integers. Hence, $-1$ is a quadratic residue modulo p and a quadratic nonresidue modulo q. Thus, $-1\in D_{11}$. The rest can be proved similarly.  □

Lemma 3

([27]). Let p and q be distinct odd primes. If $t\in D_i$, then $t{P}_j=P_{i+jmod2}$, $t{D}_j=D_{i+jmod2}$ for $i,j=0,1$.

Lemma 4. 

Let p and q be distinct odd primes.

1. 

If $t\in D_{00}\cup D_{11}$, then $t{Q}_0=Q_0$, $t{Q}_1=Q_1$.

2. 

If $t\in D_{01}\cup D_{10}$, then $t{Q}_0=Q_1$, $t{Q}_1=Q_0$.

Proof. 

The proof is obvious since $D_{00}\cup D_{11}$ and $D_{01}\cup D_{10}$ are all quadratic residues and quadratic nonresidues of modulo p, respectively.  □

Lemma 5 

([27]). Let p and q be distinct odd primes.

$$\sum _{i\in P}{\alpha }^i=\sum _{i\in Q}{\alpha }^i=\sum _{i\in {\mathrm{Z}}_N^{*}}{\alpha }^i=1.$$

Lemma 6 

([5]). Let p and q be distinct odd primes.

• If $t\in P$, then

  $$\begin{array}{cc}\hfill & \sum _{j\in Q_i}{\alpha }^{tj}=(p-1)/2mod2,\hfill \\ \hfill & \sum _{j\in D_i}{\alpha }^{tj}=0.\hfill \end{array}$$
• If $t\in Q$, then

  $$\begin{array}{cc}\hfill & \sum _{j\in P_i}{\alpha }^{tj}=(q-1)/2mod2,\hfill \\ \hfill & \sum _{j\in D_i}{\alpha }^{tj}=(q-1)/2mod2.\hfill \end{array}$$

Theorem 1.

Let $p\equiv vmod8$ and $q\equiv wmod8$, where $v,w=\pm 1,\pm 3$. Then, the results of computing $LC\left(s\right)$ by DFT are shown in

Table 1. The 1-error linear complexity of s.

$(\mathit{v},\mathit{w})$	${\mathit{LC}}_1\left(\mathit{s}\right)$	$(\mathit{v},\mathit{w})$	${\mathit{LC}}_1\left(\mathit{s}\right)$
(−3,3)	$pq$	(1,3)	${\displaystyle \frac{q(p+1)}{2}}$
(3,−3)	$pq$	(−1,−3)	${\displaystyle \frac{q(p+1)}{2}}$
(3,3)	$pq-1$	(−1,3)	${\displaystyle \frac{q(p+1)}{2}}-1$
(−3,−1)	${\displaystyle \frac{2pq-q+1}{2}}$	(−1,1)	${\displaystyle \frac{pq+1}{2}}$
(3,1)	${\displaystyle \frac{2pq-q+1}{2}}$	(1,−1)	${\displaystyle \frac{pq+1}{2}}$
(3,−1)	${\displaystyle \frac{2pq-q-1}{2}}$	(−1,−1)	${\displaystyle \frac{pq-1}{2}}$

.

Proof. 

If $-1\in D_{11}$, by Lemmas 3 and 4, we have

$$\begin{array}{cc}\hfill A_i& =\sum _{u=0}^{N-1}{s}_u{\alpha }^{-iu}=\sum _{u\in Q_1}{\alpha }^{-iu}+\sum _{u\in P_0}{\alpha }^{-iu}+\sum _{u\in D_1}{\alpha }^{-iu}\hfill \\ \hfill & =\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\hfill \end{array}$$

If $-1\in D_{01}\cup D_{10}$, by Lemmas 3 and 4, we have

$$\begin{array}{ccc}\hfill A_i& =& \sum _{u=0}^{N-1}{s}_u{\alpha }^{-iu}=\sum _{u\in Q_1}{\alpha }^{-iu}+\sum _{u\in P_0}{\alpha }^{-iu}+\sum _{u\in D_1}{\alpha }^{-iu}\hfill \\ & =& \sum _{u\in Q_0}{\alpha }^{iu}+\sum _{u\in P_0}{\alpha }^{iu}+\sum _{u\in D_1}{\alpha }^{iu}\hfill \\ & =& \sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_0}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}+1\hfill \end{array}$$

for $i=1,2,\dots ,N-1$. Note that

$$A_0=\sum _{u\in Q_1}1+\sum _{u\in P_0}1+\sum _{u\in D_1}1={\displaystyle \frac{p+q-2}{2}}(mod2).$$

(7)

So, we first consider the case

$$A_i=\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu},$$

and the remaining cases can be provided similarly.

$$\begin{array}{cc}\hfill G\left(X\right)=& \sum _{i\in D_{00}}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{01}}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{10}}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{11}}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in P_0}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in P_1}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in Q_0}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +\sum _{i\in Q_1}\left(\sum _{u\in Q_1}{\alpha }^{iu}+\sum _{u\in P_1}{\alpha }^{iu}+\sum _{u\in D_0}{\alpha }^{iu}\right)X^i\hfill \\ \hfill & +A_0.\hfill \end{array}$$

Let $t=iu$; then, by Lemmas 3–6,

$$\begin{array}{cc}\hfill G\left(X\right)=& \sum _{i\in D_{00}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{01}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{10}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{11}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_0}\left((p-1)/2+\sum _{t\in P_1}{\alpha }^t+0\right)X^i\hfill \\ \hfill & +\sum _{i\in P_1}\left((p-1)/2+\sum _{t\in P_0}{\alpha }^t+0\right)X^i\hfill \\ \hfill & +\sum _{i\in Q_0}\left(\sum _{t\in Q_1}{\alpha }^t+(q-1)/2+(q-1)/2\right)X^i\hfill \\ \hfill & +\sum _{i\in Q_1}\left(\sum _{t\in Q_0}{\alpha }^t+(q-1)/2+(q-1)/2\right)X^i\hfill \\ \hfill & +A_0\hfill \\ \hfill =& G_1\left(X\right)+G_2\left(X\right)+G_3\left(X\right)+A_0.\hfill \end{array}$$

(8)

where

$$\begin{array}{cc}\hfill G_1\left(X\right)=& \sum _{i\in D_{00}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{01}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{10}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{11}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill G_2\left(X\right)=& \sum _{i\in P_0}\left((p-1)/2+\sum _{t\in P_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_1}\left((p-1)/2+\sum _{t\in P_0}{\alpha }^t\right)X^i\hfill \\ \hfill G_3\left(X\right)=& \sum _{i\in Q_0}\sum _{t\in Q_1}{\alpha }^t{X}^i+\sum _{i\in Q_1}\sum _{t\in Q_0}{\alpha }^t{X}^i.\hfill \end{array}$$

In the following, the numbers of the nonzero terms of $G_i\left(X\right)s,i=0,1,2,$ will be considered, respectively.

If $2\in D_{10}\cup D_{01}$, by Lemma 4, we have

$$\begin{array}{cc}\hfill & {\left(\sum _{t\in Q_i}{\alpha }^t\right)}^2=\left(\sum _{t\in Q_i}{\alpha }^{2t}\right)=\sum _{t\in Q_{i+1}}{\alpha }^t\notin {\mathrm{F}}_2,\hfill \\ \hfill & {\left(\sum _{t\in Q_i}{\alpha }^t\right)}^4={\left(\sum _{t\in Q_{i+1}}{\alpha }^t\right)}^2=\left(\sum _{t\in Q_{i+1}}{\alpha }^{2t}\right)=\sum _{t\in Q_i}{\alpha }^t\in {\mathrm{F}}_4.\hfill \end{array}$$

(9)

As far as Lemma 5 is concerned, we have

$$\omega =\sum _{t\in Q_0}{\alpha }^t\ne 0,1+\omega =\sum _{t\in Q_1}{\alpha }^t\ne 0.$$

If $2\in D_{00}\cup D_{11}$, by Lemmas 4 and 5, we have

$${\left(\sum _{t\in Q_i}{\alpha }^t\right)}^2=\sum _{t\in Q_i}{\alpha }^{2t}=\sum _{t\in Q_i}{\alpha }^t\in {\mathrm{F}}_2.$$

(10)

And, by Lemma 5, we have

$$|G_3\left(X\right)|=\left\{\begin{array}{cc}p-1,\hfill & \mathrm{if} 2\in D_{10}\cup D_{01},\hfill \\ {\displaystyle \frac{p-1}{2}},\hfill & \mathrm{if} 2\in D_{00}\cup D_{11}.\hfill \end{array}\right.$$

(11)

If $2\in D_0$, by Lemmas 3 and 5, we have

$${\left(\sum _{t\in P_i}{\alpha }^t\right)}^2=\left(\sum _{t\in P_i}{\alpha }^{2t}\right)=\sum _{t\in P_i}{\alpha }^t\in {\mathrm{F}}_2.$$

If $2\in D_1$, by Lemmas 3 and 5, we have

$$\begin{array}{cc}\hfill & {\left(\sum _{t\in P_i}{\alpha }^t\right)}^2=\left(\sum _{t\in P_i}{\alpha }^{2t}\right)=\sum _{t\in P_{i+1}}{\alpha }^t\notin {\mathrm{F}}_2,\hfill \\ \hfill & {\left(\sum _{t\in P_i}{\alpha }^t\right)}^4={\left(\sum _{t\in P_{i+1}}{\alpha }^t\right)}^2=\sum _{t\in P_{i+1}}{\alpha }^{2t}=\sum _{t\in P_i}{\alpha }^t\in {\mathrm{F}}_4.\hfill \end{array}$$

Thus, we have

$$\lambda =\sum _{t\in Q_0}{\alpha }^t\ne 0,1+\lambda =\sum _{t\in Q_1}{\alpha }^t\ne 0.$$

So, we have

$$|G_2\left(X\right)|=\left\{\begin{array}{cc}{\displaystyle \frac{q-1}{2}},\hfill & \mathrm{if} 2\in D_0,\hfill \\ q-1,\hfill & \mathrm{if} 2\in D_1.\hfill \end{array}\right.$$

(12)

Since $2\in Z_{pq}^{*}$, by Lemma 3, we have

$$\begin{array}{c}\hfill {\left(\sum _{t\in P_i}{\alpha }^t+\sum _{t\in D_i}{\alpha }^t\right)}^2=\sum _{t\in P_i}{\alpha }^t+\sum _{t\in D_i}{\alpha }^t\in {\mathrm{F}}_2,\end{array}$$

and

$$\sum _{t\in P_i}{\alpha }^t+\sum _{t\in D_i}{\alpha }^t=\sum _{t\in P_{i+1}}{\alpha }^t+\sum _{t\in D_{i+1}}{\alpha }^t.$$

If

$$\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t=\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t=0,$$

then,

$$\begin{array}{cc}\hfill G_1\left(X\right)=& (1+\omega )\sum _{i\in D_{00}}{X}^i+\omega \sum _{i\in D_{01}}{X}^i+(1+\omega )\sum _{i\in D_{10}}{X}^i\hfill \\ \hfill & +\omega \sum _{i\in D_{11}}{X}^i\hfill \end{array}$$

If

$$\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t=\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t=1,$$

it can be similarly proved that

$$\begin{array}{cc}\hfill G_1\left(X\right)=& \omega \sum _{i\in D_{00}}{X}^i+(1+\omega )\sum _{i\in D_{01}}{X}^i+\omega \sum _{i\in D_{10}}{X}^i\hfill \\ \hfill & +(1+\omega )\sum _{i\in D_{11}}{X}^i.\hfill \end{array}$$

Thus, in detail, we always have

$$|G_1\left(X\right)|=\left\{\begin{array}{cc}(p-1)(q-1),\hfill & \mathrm{if} 2\in D_{10}\cup D_{01},\hfill \\ {\displaystyle \frac{(p-1)(q-1)}{2}},\hfill & \mathrm{if} 2\in D_{00}\cup D_{11}.\hfill \end{array}\right.$$

(13)

By Equations (7) and (11)–(13), for the case $-1\in D_{11}$, we have

$$\left|G\left(X\right)\right|=\left\{\begin{array}{cc}pq,\hfill & \mathrm{if} (v,w)=(-3,3),\hfill \\ {\displaystyle \frac{2pq-q+1}{2}},\hfill & \mathrm{if} (v,w)=(-3,-1),\hfill \\ {\displaystyle \frac{q(p+1)}{2}},\hfill & \mathrm{if} (v,w)=(1,3),\hfill \\ {\displaystyle \frac{pq+1}{2}},\hfill & \mathrm{if} (v,w)=(1,-1).\hfill \end{array}\right.$$

(14)

From the above discussion, we can see that all $A_i$s lie in ${\mathrm{F}}_4\backslash {\mathrm{F}}_2$ or ${\mathrm{F}}_2$, and the latter case means that half the number of $A_i$s are 0 and the other half are 1. So, even if each $A_i$ changes into $A_i+1$, just as in Equation (7), the same $\left|G\right(X\left)\right|$ can be obtained for the case $-1\in D_{10}\cup D_{01}$. Thus, all the linear complexity can be provided as the list in Table 1.  □

Now, the linear complexity of s is provided by its DFT spectrum and M–S polynomial. More interestingly, this approach can be extended to calculate the 1-error linear complexity of this sequence as in the following section, which is the main contribution of this paper.

4. The 1-Error Linear Complexity

Let $\tilde{s}={\left\{{\tilde{s}}_u\right\}}_{u=0}^{\infty }$ be the new sequence obtained by changing at most 1 term of the original sequence s such that $\tilde{s}=s+e$, where $e={\left\{e_u\right\}}_{u=0}^{\infty }$ is the N periodic error sequence. The 1-error linear complexity of s

$$L{C}_1\left(s\right)=\underset{W_H\left(e\right)\le 1}{min}\left\{LC\left(\tilde{s}\right)\right\},$$

where $W_H\left(e\right)$ is the Hamming weight of e.

Let $G_e\left(X\right)$ and $\tilde{G}\left(X\right)$ be the M–S polynomials of e and $\tilde{s}$ periodically and $E_i$ and $B_i$ be the DFTs of them. Then, from Equations (3) and (5), we have

$$E_i=\sum _{u=0}^{N-1}{e}_u{\alpha }^{-iu},B_i=\sum _{u=0}^{N-1}{\tilde{s}}_u{\alpha }^{-iu},$$

$$G_e\left(X\right)=\sum _{i=0}^{N-1}{E}_i{X}^i,\tilde{G}\left(X\right)=\sum _{i=0}^{N-1}{B}_i{X}^i.$$

Hence,

$$B_i=A_i+E_i,0\le i\le N-1.$$

(15)

By Equation (6) and the definition of $\tilde{s}$, the M–S polynomial

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& G\left(X\right)+G_e\left(X\right)\hfill \\ \hfill =& \sum _{i\in D_{00}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{01}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{10}}\left(\sum _{t\in Q_1}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{11}}\left(\sum _{t\in Q_0}{\alpha }^t+\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_0}\left((p-1)/2+\sum _{t\in P_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_1}\left((p-1)/2+\sum _{t\in P_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in Q_0}\sum _{t\in Q_1}{\alpha }^t{X}^i+\sum _{i\in Q_1}\sum _{t\in Q_0}{\alpha }^t{X}^i+1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

$$\begin{array}{cc}\hfill =& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}\sum _{t\in Q_1}{\alpha }^t{X}^i+\sum _{i\in D_{01}\cup D_{10}\cup Q_1}\sum _{t\in Q_0}{\alpha }^t{X}^i\hfill \\ \hfill & +\sum _{i\in D_{00}}\left(\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{01}}\left(\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{10}}\left(\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in D_{11}}\left(\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_0}\left((p-1)/2+\sum _{t\in P_1}{\alpha }^t\right)X^i\hfill \\ \hfill & +\sum _{i\in P_1}\left((p-1)/2+\sum _{t\in P_0}{\alpha }^t\right)X^i+1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(16)

We assume that $e_{u_0}=1$ for some $0\le u_0\le N-1$ and $e_u=0$ for $u\ne u_0$ in the first period of e. Then, the DFT of the 1-error sequence is

$$E_i=\sum _{u=0}^{N-1}{e}_u{\alpha }^{-iu}={\alpha }^{-i{u}_0},0\le i\le N-1.$$

Specifically, if $u_0=0$, then $E_i=1$ for all $0\le i\le N-1$; otherwise, $E_0=1$, $E_i\ne ,0,1$, and the order of $E_i$ is a divisor of N for $1\le i\le N-1$.

Theorem 2.

Let $p\equiv vmod8$ and $q\equiv wmod8$, where $v,w=\pm 1,\pm 3$. Then, the 1-error linear complexity of s is shown in

Table 2. The 1-error linear complexity of s.

$(\mathit{v},\mathit{w})$	${\mathit{LC}}_1\left(\mathit{s}\right)$	$(\mathit{v},\mathit{w})$	${\mathit{LC}}_1\left(\mathit{s}\right)$
(−3,3)	$pq-1$	(1,3)	${\displaystyle \frac{pq+q-2}{2}}$
(3,−3)	$pq-1$	(−1,−3)	${\displaystyle \frac{pq+q-2}{2}}$
(3,3)	$pq-2$	(−1,3)	${\displaystyle \frac{pq+q-4}{2}}$
(−3,−1)	${\displaystyle \frac{2pq-q-1}{2}}$	(−1,1)	${\displaystyle \frac{pq-p+q-1}{2}}$
(3,1)	${\displaystyle \frac{2pq-q-1}{2}}$	(1,−1)	${\displaystyle \frac{pq-p+q-1}{2}}$
(3,−1)	${\displaystyle \frac{2pq-q-3}{2}}$	(−1,−1)	${\displaystyle \frac{pq-p+q-3}{2}}$

.

Proof. 

According to Lemmas 3 and 4 and the proof of Theorem 1, we can make the following assumption that

$$\sum _{t\in Q_0}{\alpha }^t=0\mathrm{and}\sum _{t\in Q_1}{\alpha }^t=1$$

for $2\in D_{00}\cup D_{11}$;

$$\sum _{t\in Q_0}{\alpha }^t=\omega \mathrm{and}\sum _{t\in Q_1}{\alpha }^t=1+\omega$$

for $2\in D_{01}\cup D_{10}$, where $\omega \in {\mathrm{F}}_4\backslash {\mathrm{F}}_2$; we can also select that

$$\sum _{t\in P_0}{\alpha }^t=0\mathrm{and}\sum _{t\in P_1}{\alpha }^t=1$$

for $2\in D_0$;

$$\sum _{t\in P_0}{\alpha }^t=\gamma \mathrm{and}\sum _{t\in P_1}{\alpha }^t=1+\gamma$$

for $2\in D_1$, where $\gamma \in {\mathrm{F}}_4\backslash {\mathrm{F}}_2$; and we can also select that

$$\sum _{t\in P_0}{\alpha }^t+\sum _{t\in D_0}{\alpha }^t=\sum _{t\in P_1}{\alpha }^t+\sum _{t\in D_1}{\alpha }^t=0.$$

We first consider the case $2\in D_{00}$.

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}{X}^i+\sum _{i\in D_{00}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{11}}{X}^i\hfill \\ \hfill & +\sum _{i\in P_0}\left\{(p-1)/2+\gamma +1\right\}{X}^i+\sum _{i\in P_1}\left\{(p-1)/2+\gamma \right\}{X}^i\hfill \\ \hfill & +1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(17)

For the subcase $p\equiv 1mod8$ and $q\equiv -1mod8$, by Lemmas 2–6, Equation (15), and the proof of Theorem 1, we have

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}{X}^i+\sum _{i\in D_{00}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{11}}{X}^i\hfill \\ \hfill & +\sum _{i\in P_0}(\gamma +1)X^i+\sum _{i\in P_1}\gamma X^i\hfill \\ \hfill & +1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(18)

Thus, its coefficient for $X^i$ can be provided as

$$\begin{array}{cc}\hfill B_i& =\left\{\begin{array}{cc}{E}_i,\hfill & i\in D_{00}\cup D_{11},\hfill \\ 1+E_i,\hfill & i\in D_{01}\cup D_{10}\cup Q_0,\hfill \\ \gamma +1+E_i,\hfill & i\in P_0,\hfill \\ \gamma +E_i,\hfill & i\in P_1,\hfill \\ 0,\hfill & i\in \left\{0\right\}\cup Q_1.\hfill \end{array}\right.\hfill \end{array}$$

(19)

If $u_0=0$, then $E_i=1$ for all $0\le i\le N-1$. Thus, $B_i\ne 0$ for all $i\in D_{00}\cup D_{11}\cup P_0\cup P_1$, and $B_i=0$ otherwise. So, $LC\left(\tilde{s}\right)={\displaystyle \frac{pq-p+q-1}{2}}$. If $u_0\ne 0$, $E_i\ne ,0,1$ and the order of $E_i$ is a divisor of N for $1\le i\le N-1$. So, $E_i$ possesses the order of $p,q$ or $pq$ for $1\le i\le N-1$. Note that $\gamma$ possesses the order of $3<p,q$. Thus, $B_i\ne 0$ for all $1\le i\le N-1$ and $B_0=0$. So, $LC\left(\tilde{s}\right)=pq-1$. Based on the above discussion, the 1-error linear complexity $L{C}_1\left(s\right)={\displaystyle \frac{pq-p+q-1}{2}}$.

For the subcases $p\equiv -1mod8$ and $q\equiv -1mod8$, and $p\equiv -1mod8$ and $q\equiv 1mod8$, it is very similar to obtain $L{C}_1\left(s\right)={\displaystyle \frac{pq-p+q-1}{2}},{\displaystyle \frac{pq-p+q-3}{2}}$, respectively.

Next, we consider the case $2\in D_{10}$.

For the subcase $p\equiv -3mod8$ and $q\equiv 3mod8$, by Lemmas 2–6, Equation (15), and the proof of Theorem 1, we have

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}(1+\omega )X^i\hfill \\ \hfill & +\sum _{i\in D_{01}\cup D_{10}\cup Q_1}\omega X^i+\sum _{i\in D_{00}}{X}^i\hfill \\ \hfill & +\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{11}}{X}^i\hfill \\ \hfill & +\sum _{i\in P_0}\gamma X^i+\sum _{i\in P_1}(1+\gamma )X^i\hfill \\ \hfill & +1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(20)

Thus, its coefficient for $X^i$ can be provided as

$$\begin{array}{cc}\hfill B_i& =\left\{\begin{array}{cc}\omega +E_i,\hfill & i\in D_{00}\cup D_{11}\cup Q_1,\hfill \\ 1+\omega +E_i,\hfill & i\in D_{01}\cup D_{10}\cup Q_0,\hfill \\ \gamma +E_i,\hfill & i\in P_0,\hfill \\ \gamma +1+E_i,\hfill & i\in P_1,\hfill \\ 0,\hfill & i=0.\hfill \end{array}\right.\hfill \end{array}$$

Based on a similar discussion following Equation (19), we have the 1-error linear complexity $L{C}_1\left(s\right)=pq-1$.

For the subcases $p\equiv 3mod8$ and $q\equiv 3mod8$, and $p\equiv 3mod8$ and $q\equiv -3mod8$, it is very similar to obtain $L{C}_1\left(s\right)=pq-1,pq-2$, respectively.

Next, we consider the case $2\in D_{01}$.

For the subcase $p\equiv 3mod8$ and $q\equiv 1mod8$, by Lemmas 2–6, Equation (15), and the proof of Theorem 1, we have

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}(1+\omega )X^i\hfill \\ \hfill & +\sum _{i\in D_{01}\cup D_{10}\cup Q_1}\omega X^i+\sum _{i\in D_{00}}{X}^i\hfill \\ \hfill & +\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{11}}{X}^i\hfill \\ \hfill & +\sum _{i\in P_1}{X}^i\hfill \\ \hfill & +1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(21)

Thus, its coefficient for $X^i$ can be provided as

$$\begin{array}{cc}\hfill B_i& =\left\{\begin{array}{cc}\omega +E_i,\hfill & i\in D_{00}\cup D_{11}\cup Q_1,\hfill \\ 1+\omega +E_i,\hfill & i\in D_{01}\cup D_{10}\cup Q_0,\hfill \\ +E_i,\hfill & i\in P_0,\hfill \\ 1+E_i,\hfill & i\in P_1,\hfill \\ 0,\hfill & i=0.\hfill \end{array}\right.\hfill \end{array}$$

Based on a similar discussion following Equation (19), the 1-error linear complexity $L{C}_1\left(s\right)={\displaystyle \frac{2pq-q-1}{2}}$.

For the subcases $p\equiv 3mod8$ and $q\equiv -1mod8$, and $p\equiv -3mod8$ and $q\equiv -1mod8$, it is very similar to obtain $L{C}_1\left(s\right)={\displaystyle \frac{2pq-q-1}{2}},{\displaystyle \frac{2pq-q-3}{2}}$, respectively.

Next, we consider the case $2\in D_{11}$.

For the subcase $p\equiv 1mod8$ and $q\equiv 3mod8$, by Lemmas 2–6, Equation (15), and the proof of Theorem 1, we have

$$\begin{array}{cc}\hfill \tilde{G}\left(X\right)=& \sum _{i\in D_{00}\cup D_{11}\cup Q_0}{X}^i\hfill \\ \hfill & +\sum _{i\in D_{00}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{01}}{X}^i+\sum _{i\in D_{11}}{X}^i\hfill \\ \hfill & +\sum _{i\in P_0}\gamma X^i+\sum _{i\in P_1}(1+\gamma )X^i\hfill \\ \hfill & +1+\sum _{i=0}^{N-1}{E}_i{X}^i.\hfill \end{array}$$

(22)

Thus, its coefficient for $X^i$ can be provided as

$$\begin{array}{cc}\hfill B_i& =\left\{\begin{array}{cc}{E}_i,\hfill & i\in D_{00}\cup D_{11}\cup Q_1,\hfill \\ 1+E_i,\hfill & i\in D_{01}\cup D_{10}\cup Q_0,\hfill \\ 1+\gamma +E_i,\hfill & i\in P_0,\hfill \\ \gamma +E_i,\hfill & i\in P_1,\hfill \\ 0,\hfill & i=0.\hfill \end{array}\right.\hfill \end{array}$$

Based on a similar discussion following Equation (19), the 1-error linear complexity $L{C}_1\left(s\right)={\displaystyle \frac{pq+q-2}{2}}$.

For the subcases $p\equiv 1mod8$ and $q\equiv -3mod8$, and $p\equiv -1mod8$ and $q\equiv 3mod8$, it is very similar to obtain $L{C}_1\left(s\right)={\displaystyle \frac{pq+q-2}{2}},{\displaystyle \frac{pq+q-4}{2}}$, respectively.  □

5. Conclusions

In this paper, the exact values of linear complexity and the 1-error linear complexity of a Ding–Helleseth generalized cyclotomic sequence of order two of period $pq$ are calculated by using its DFTs and M–S polynomial. From the proof process of Theorems 1 and 2, we can include that this method, compared to the other existing methods, is suitable for the calculation of the linear complexity and 1-error linear complexity of binary sequences whose exact values regarding the DFT spectrum can be obtained, and this method can also be used to estimate the k-error linear complexity of these sequences for the other cases of small k.

In practical applications, in order to obtain a large-period key stream sequence, the values of p and q should be large enough. So, the results in Theorems 1 and 2 show that, no matter the choice regarding the parameters p and q, both the linear complexity and the 1-error linear complexity are not much less than $N/2$, and the linear complexity can even reach the bounds for the cases $p=3(mod8),q=-3(mod8)$, or $p=-3(mod8),q=3(mod8)$. Moreover, by comparing the results of Theorems 1 and 2, we find that $L{C}_1\left(s\right)$ is only 1 lower than $LC\left(s\right)$. Therefore, we can conclude that this sequence as a key stream satisfies the cryptographic requirements in terms of linear complexity and its stability index.

For the application, we are concerned with the implementation of a generator that can produce this sequence. A hardware implementation of a similar sequence was described in [28]. It possesses a performance estimated to be 30 kbytes/s when p and q are about 48 bits and was suggested for military and diplomatic applications. The sequences studied in this paper can be similarly efficient and hardware-generated, and can also have similar applications.