极大周期FCSR序列及相关序列伪随机性质的研究
|
摘要
带进位反馈移位寄存器(FCSR)是由美国学者Klapper和Goresky提出的一种新的密钥流发生器.产生的方式决定了FCSR序列天然蕴含了较高的复杂性,它不同于线性移位寄存器序列需要再用其它装置加以改造.由FCSR生成达到最大周期的序列称为l-序列,它有许多类似于m-序列的伪随机性质,如0、1分布均衡,游程分布好等.
序列的2-adic复杂度衡量了能产生该序列的最短FCSR的规模.类似于BM算法,存在相应的有理逼近算法可以方便计算序列的2-adic复杂度.FCSR序列,如l-序列,由于2-adic复杂度不高,并不能直接用作密钥流序列,FCSR的线性过滤(F-FCSR)是目前最有效的基于FCSR的序列密码体制.本文继续深入研究了l-序列的其它伪随机性质,这些研究可以为基于FCSR的序列密码设计提供重要参考.
设a是以q=pe为连接数,周期T=pe-1(p-1)的l-序列或其采样,再设其指数表示为an=(A·g(mod q))(mod 2),其中g为模q的原根,gcd(A,q)=1.
本文第一部分利用剩余类环上的指数和估计研究了l-序列及其采样的自相关性质,结果表明l-序列及其采样具有较好的自相关特性.具体结果如下:
1.证明了当位移τ取遍[0,T-1]时,l-序列或其采样序列旦的自相关函数Ca(τ)的均值为0,方差Var,(Ca(τ)=O(q 1n4q).由Chebyshev不等式知,当连接数q适当大时,l-序列及其采样的绝大多数自相关值都是很理想的.
2.当连接数为素数p时,证明了l-序列或其采样序列旦的自相关函数Ca(τ)满足:通过计算该三角和,容易给出Ca(τ)的估计值.特别,当位移τ满足gτ(mod p)|=2,(p-1)/2时,序列旦的自相关函数值Ca(τ=O(1n2 p),当p适当大时,该值也较小
3.当连接数为素数方幂pe(e≥2)时,证明了对任意正整数i,1≤i≤e/2,当位移τ=kT(2pi)时,l-序列或其采样序列a的自相关函数值为其中1≤k≤2pi-1,gcd(k,p)=1.此结论说明,确实存在某些位移,使得l-序列及其采样的自相关值较大.
本文第二部分利用环上本原权位序列的性质研究了l-序列采样的平移不等价性质.具体结果为:
4.证明了当连接数为素数方幂时l-序列的采样不平移等价,从而说明在素数方幂情形下,Goresky和Klapper提出多年的猜想(猜想1.1)也是正确的.
设丝是环Z/(pe)上由n次本原多项式f(x)生成的本原序列,则称序列:a=u(mod 2)为f(x)导出的n级广义l-序列,简称广义l-序列.它可以看成l-序列的自然推广
本文第三部分利用环上本原权位序列的性质进一步研究了广义l-序列的平移不等价性质.设f(x), g(x)为环Z/(pe)上不同的n次本原多项式,得到的具体结果如下:
5.当e=1时,在已有结论的基础上,证明了几乎对所有奇素数p,由f(x),g(x)导出的广义l-序列都不平移等价.
6.当e≥2时,证明了若f(x)(?) g(x) (mod p),则由f(x), g(x)导出的广义l-序列都不平移等价;而当f(x)(?)g(x)(mod p)时,也几乎对所有本原多项式f(x), g(x),相应的广义l-序列都不平移等价.特别,广义l-序列的任意采样都不平移等价.
Feedback with carry shift register (FCSR) is a new kind of keystream generators proposed by Klapper and Goresky. The architecture determines that FCSR sequences possess high linear complexity naturally, while for linear feedback shift register (LFSR) sequences, some modifications, such as nonlinear filtering and clock-controlling, must be done to obtain high linear complexity. The maximal period sequence generated by an FCSR is called an l-sequence. Such sequences have many fine pseudorandom properties similar to m-sequences, such as 0、1 balanceness, and fine run properties etc.
The 2-adic complexity of a binary sequence characterizes the size of the shortest FCSR that generates the sequence. Similar to BM algorithm, there also exists a corresponding 2-adic rational approximation algorithm, which can efficiently compute the 2-adic complexity of binary sequences. The FCSR sequences, such as l-sequences, cannot be used directly as keystream sequences because of their comparatively low 2-adic complexity. Up to now, the linear filter of FCSR (F-FCSR) is the most efficient stream cipher based on FCSR. In this dissertation, we make a further study on some other pseudorandom properties of l-sequences, which can be a valuable reference for the design of the FCSR-based stream ciphers.
Let a be an l-sequence or its decimation with period T= pe-1(p-1) generated by an FCSR with connection integer q=pe,and let an= (A·gn (mod q)) (mod 2) be its exponential representation, where g is a primitive root modulo q, and gcd(A, q)=1.
In the first part of this dissertation, with the help of estimate of exponential sums over residue rings, we discuss the autocorrelation property of l-sequences and their decimations. Our results show that such sequences have fine autocorrelation properties. The main results are as follows:
1. We show that when the shiftτruns through all integers between 1 and T-1, the expected autocorrelation value of the l-sequence or its decimation a is 0, and the variance is Var(Ca(τ))= O(q ln4q). From Chebyshev's inequality we know that, when the connection integer q is a little larger, most autocorrelations of l-sequences and their decimations are low.
2. When the connection integer is a prime number p, we show that the autocorrelation function Ca(τ) of the l-sequence or its decimation a satisfies Thus by calculating such triangular sum, we can easily obtain an estimate of Ca(τ). Especially, letτbe the shift such that |gτ(mod p)|= 2 or (p-1)/2, then the corresponding autocorrelation value of a is Ca(τ)= O(ln2p), which is also very low when p is a little larger.
3. When the connection integer is a prime power pe (e≥2), we show that for any positive integer i,1≤i≤e/2, when the shift isτ= kT/(2pi), the corresponding autocorrelation value of the l-sequence or its decimation a is where 1≤k≤2pi-1, and gcd(k, p)= 1. This result shows that there do exist some shifts, such that the corresponding autocorrelation values of the l-sequence or its decimation are high.
In the second part of this dissertation, using the fine properties of the level sequences of primitive sequences over residue rings, we analyze the distinctness of decimations of l-sequences, and obtain the following result:
4. When the connection integer is a prime power, we show that the decimations of any l-sequences are cyclically distinct, which verifies the conjecture (Conjecture 1.1) proposed by Goresky and Klapper several years ago in the case of prime powers.
Let u be a primitive sequences over ring Z/(pe), generated by a primitive polynomial f(x) of degree n. Then call the sequence a= u (mod 2) a generalized l-sequence of order n derived by f(x), or call it a generalized l-sequence for simplicity. Such sequences can be seen as a natural generalization of l-sequences.
In the third part of this dissertation, using the fine properties of the level sequences of primitive sequences over residue rings, we further analyze the distinctness of generalized l-sequences. Let f(x), g(x) be two different primitive polynomials of degree n over Z/(pe). The main results are as follows:
5. On the basis of some existing result, we show that when e=1, almost for all odd prime numberp, the generalized l-sequences derived by f(x), g(x) are cyclically distinct.
6. When e≥2, we show that if f(x) (?) g(x)(mod p), then the generalized l-sequences derived by fix), g(x) are cyclically distinct. Furthermore, when f(x)(?) g(x) (mod p), almost for all such primitive polynomials, the corresponding generalized l-sequences are cyclically distinct. Particularly, the decimations of any generalized l-sequence are cyclically distinct.
序列的2-adic复杂度衡量了能产生该序列的最短FCSR的规模.类似于BM算法,存在相应的有理逼近算法可以方便计算序列的2-adic复杂度.FCSR序列,如l-序列,由于2-adic复杂度不高,并不能直接用作密钥流序列,FCSR的线性过滤(F-FCSR)是目前最有效的基于FCSR的序列密码体制.本文继续深入研究了l-序列的其它伪随机性质,这些研究可以为基于FCSR的序列密码设计提供重要参考.
设a是以q=pe为连接数,周期T=pe-1(p-1)的l-序列或其采样,再设其指数表示为an=(A·g(mod q))(mod 2),其中g为模q的原根,gcd(A,q)=1.
本文第一部分利用剩余类环上的指数和估计研究了l-序列及其采样的自相关性质,结果表明l-序列及其采样具有较好的自相关特性.具体结果如下:
1.证明了当位移τ取遍[0,T-1]时,l-序列或其采样序列旦的自相关函数Ca(τ)的均值为0,方差Var,(Ca(τ)=O(q 1n4q).由Chebyshev不等式知,当连接数q适当大时,l-序列及其采样的绝大多数自相关值都是很理想的.
2.当连接数为素数p时,证明了l-序列或其采样序列旦的自相关函数Ca(τ)满足:通过计算该三角和,容易给出Ca(τ)的估计值.特别,当位移τ满足gτ(mod p)|=2,(p-1)/2时,序列旦的自相关函数值Ca(τ=O(1n2 p),当p适当大时,该值也较小
3.当连接数为素数方幂pe(e≥2)时,证明了对任意正整数i,1≤i≤e/2,当位移τ=kT(2pi)时,l-序列或其采样序列a的自相关函数值为其中1≤k≤2pi-1,gcd(k,p)=1.此结论说明,确实存在某些位移,使得l-序列及其采样的自相关值较大.
本文第二部分利用环上本原权位序列的性质研究了l-序列采样的平移不等价性质.具体结果为:
4.证明了当连接数为素数方幂时l-序列的采样不平移等价,从而说明在素数方幂情形下,Goresky和Klapper提出多年的猜想(猜想1.1)也是正确的.
设丝是环Z/(pe)上由n次本原多项式f(x)生成的本原序列,则称序列:a=u(mod 2)为f(x)导出的n级广义l-序列,简称广义l-序列.它可以看成l-序列的自然推广
本文第三部分利用环上本原权位序列的性质进一步研究了广义l-序列的平移不等价性质.设f(x), g(x)为环Z/(pe)上不同的n次本原多项式,得到的具体结果如下:
5.当e=1时,在已有结论的基础上,证明了几乎对所有奇素数p,由f(x),g(x)导出的广义l-序列都不平移等价.
6.当e≥2时,证明了若f(x)(?) g(x) (mod p),则由f(x), g(x)导出的广义l-序列都不平移等价;而当f(x)(?)g(x)(mod p)时,也几乎对所有本原多项式f(x), g(x),相应的广义l-序列都不平移等价.特别,广义l-序列的任意采样都不平移等价.
Feedback with carry shift register (FCSR) is a new kind of keystream generators proposed by Klapper and Goresky. The architecture determines that FCSR sequences possess high linear complexity naturally, while for linear feedback shift register (LFSR) sequences, some modifications, such as nonlinear filtering and clock-controlling, must be done to obtain high linear complexity. The maximal period sequence generated by an FCSR is called an l-sequence. Such sequences have many fine pseudorandom properties similar to m-sequences, such as 0、1 balanceness, and fine run properties etc.
The 2-adic complexity of a binary sequence characterizes the size of the shortest FCSR that generates the sequence. Similar to BM algorithm, there also exists a corresponding 2-adic rational approximation algorithm, which can efficiently compute the 2-adic complexity of binary sequences. The FCSR sequences, such as l-sequences, cannot be used directly as keystream sequences because of their comparatively low 2-adic complexity. Up to now, the linear filter of FCSR (F-FCSR) is the most efficient stream cipher based on FCSR. In this dissertation, we make a further study on some other pseudorandom properties of l-sequences, which can be a valuable reference for the design of the FCSR-based stream ciphers.
Let a be an l-sequence or its decimation with period T= pe-1(p-1) generated by an FCSR with connection integer q=pe,and let an= (A·gn (mod q)) (mod 2) be its exponential representation, where g is a primitive root modulo q, and gcd(A, q)=1.
In the first part of this dissertation, with the help of estimate of exponential sums over residue rings, we discuss the autocorrelation property of l-sequences and their decimations. Our results show that such sequences have fine autocorrelation properties. The main results are as follows:
1. We show that when the shiftτruns through all integers between 1 and T-1, the expected autocorrelation value of the l-sequence or its decimation a is 0, and the variance is Var(Ca(τ))= O(q ln4q). From Chebyshev's inequality we know that, when the connection integer q is a little larger, most autocorrelations of l-sequences and their decimations are low.
2. When the connection integer is a prime number p, we show that the autocorrelation function Ca(τ) of the l-sequence or its decimation a satisfies Thus by calculating such triangular sum, we can easily obtain an estimate of Ca(τ). Especially, letτbe the shift such that |gτ(mod p)|= 2 or (p-1)/2, then the corresponding autocorrelation value of a is Ca(τ)= O(ln2p), which is also very low when p is a little larger.
3. When the connection integer is a prime power pe (e≥2), we show that for any positive integer i,1≤i≤e/2, when the shift isτ= kT/(2pi), the corresponding autocorrelation value of the l-sequence or its decimation a is where 1≤k≤2pi-1, and gcd(k, p)= 1. This result shows that there do exist some shifts, such that the corresponding autocorrelation values of the l-sequence or its decimation are high.
In the second part of this dissertation, using the fine properties of the level sequences of primitive sequences over residue rings, we analyze the distinctness of decimations of l-sequences, and obtain the following result:
4. When the connection integer is a prime power, we show that the decimations of any l-sequences are cyclically distinct, which verifies the conjecture (Conjecture 1.1) proposed by Goresky and Klapper several years ago in the case of prime powers.
Let u be a primitive sequences over ring Z/(pe), generated by a primitive polynomial f(x) of degree n. Then call the sequence a= u (mod 2) a generalized l-sequence of order n derived by f(x), or call it a generalized l-sequence for simplicity. Such sequences can be seen as a natural generalization of l-sequences.
In the third part of this dissertation, using the fine properties of the level sequences of primitive sequences over residue rings, we further analyze the distinctness of generalized l-sequences. Let f(x), g(x) be two different primitive polynomials of degree n over Z/(pe). The main results are as follows:
5. On the basis of some existing result, we show that when e=1, almost for all odd prime numberp, the generalized l-sequences derived by f(x), g(x) are cyclically distinct.
6. When e≥2, we show that if f(x) (?) g(x)(mod p), then the generalized l-sequences derived by fix), g(x) are cyclically distinct. Furthermore, when f(x)(?) g(x) (mod p), almost for all such primitive polynomials, the corresponding generalized l-sequences are cyclically distinct. Particularly, the decimations of any generalized l-sequence are cyclically distinct.
引文
[I]S.W. Golomb. Shift Register Sequences [M]. San Francisco:Holden-Day,1967. Reprinted by Aegean Park Press,1982.
[2]R. Lidl and H. Niedereiter. Finite Field [M]. Canada:Addison-Wesley,1983.
[3]R.A. Rueppel. Analysis and Design of Stream Ciphers [M]. Berlin:Springer-Verlag,1986.
[4]丁存生,肖国镇.流密码学及其应用[M].北京:国防工业出版社,1994.
[5]B. Schneier. Applied Cryptography:Protocols, Algorithms, and Source Code in C[M]. John Wiley & Sons, New York,2nd edition,1996.
[6]A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography [M]. CRC Press, ISBN:0-8493-8523-7, October 1996. The 5th edition, August 2001.
[7]J. L. Massey. Shift register synthesis and BCH decoding [J]. IEEE Trans. Inform. Theory, 1969,15(1):122-127.
[8]R. A. Rueppel. New approaches to stream ciphers [D]. Zurich, Switzerland:Swiss Federal Institute of Technology,1984.
[9]Cunsheng Ding, Guozhen Xiao, Weijuan Shan. The Stability Theory of Stream Ciphers [M]. Berlin:Springer-Verlag,1991.
[10]M. Stamp and C.F.Martin. An algorithm for the k-error linear complexity of binary sequences with period 2" [J]. IEEE Trans. Inform. Theory,1993,39(4):1398-1401.
[11]A. Klapper and M. Goresky.2-adic shift registers [A]. In:Fast Software Encryption [C], LNCS 809, Springer-Verlag, Cambridge,1993,174-178.
[12]A. Klapper and M. Goresky. Large period nearly deBruijn FCSR sequences [A]. In: Advances in Cryptology-EUROCRYPT'95 [C], LNCS 921, Springer-Verlag, Saint-Malo, France,1995,263-273.
[13]A. Klapper and M. Goresky. Cryptanlysis based on 2-adic rational approximation [A]. In: Advances in Cryptology-CRYPTO'95 [C], LNCS 963, Springer-Verlag, Santa Barbara, 1995,262-273.
[14]A. Klapper and M. Goresky. Feedback shift registers,2-adic span, and combiners with memory [J]. J. Cryptology,1997,10(2):111-147.
[15]R. Forre. The strict avalanche criterion, spectral properties of Boolean functions and an extended definition [A]. In:Advances in Cryptology-CRYPTO'88 [C]. LNCS 403, Springer-Verlag, Santa Barbara, California,1988,450-468.
[16]B. Prenel, W. Van Leekwijck, L. Van Linden, et al. Propagation characteristics of Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT'90 [C], LNCS 473, Springer-Verlag, Aarhus,1990,161-173.
[17]B. Preneel, R. Govaerts and J. Vandevalle. Boolean function satisfying higher order propagation criteria [A]. In:Advances in Cryptology-EUROCRYPT'91 [C], LNCS 547, Springer Verlag, Brighton,1991,141-152.
[18]J. Seberry, X. M. Zhang and Y. Zheng. On constructions and nonlinearity of correlation immune Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT''93 [C], LNCS 765, Springer-Verlag, Lofthus, Norway,1993,181-199.
[19]J. Seberry, X. M. Zhang, Y. Zheng. The relationship between propagation characteristics and nonlinearity of cryptographic functions [J]. Journal of Universal Computer Science, 1995,136-150.
[20]W. Millan, A. Clark, E. Dawson. Heuristic design of cryptographically strong balanced Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT'98 [C], LNCS 1403, Springer-Verlag, Espoo, Finland,1998,489-499.
[21]D.K.Dalai, K.C.Gupta and S. Maitra. Results on algebraic immunity for cryptographically significant Boolean functions [A]. In:Advances in Cryptology-INDOCRYPT 2004 [C], LNCS 3348, Springer-Verlag, Chennai,2004,92-106.
[22]A. Braeken and B. Preneel. On the algebraic immunity of symmetric Boolean functions [A]. In Advances in Cryptology-INDOCRYPT 2005 [C], LNCS 3797, Springer-Verlag, Bangalore,2005,35-48.
[23]T.Beth and F. Piper. The stop-and-go generator [A]. In:Advances in Cryptology-EUROCRYPT'84 [C], LNCS 209, Springer-Verlag, Paris,1984,88-92.
[24]D. Gollmann and W.G. Chambers. Clock-controlled shift registers:a review [J]. IEEE Journal on Selected Areas in Communications,7(1989):525-533.
[25]D. Coppersmith, H. Krawczyk and Y. Mansour. The shrinking generator [A]. In:Advances in Cryptology-CRYPTO'93 [C], LNCS 740, Springer-Verlag, Santa Barbara,1993,22-39.
[26]W. Meier and O. Staffelbach, The self-shrinking generator [A]. In:Advances in Cryptology-EUROCRYPT'94 [C], LNCS 950, Springer-Verlag, Perugia, Italy,1994,205-214.
[27]K. Zeng, C. Yang and Y. Rao. On the linear consistency test (LCT) in cryptanalysis with applications [A]. In:Advances in Cryptology-CRYPTO'89[C], LNCS 435, Springer-Verlag, Santa Barbara, California,1989,164-174.
[28]Miodrag V. Zivkovic. An algorithm for the initial state reconstruction of the clock-controlled shift register [J]. IEEE Trans. Inform. Theory,1993,37(5):1488-1490.
[29]Jovan Dj. Golic and L. O'Connor. Embedding and probabilistic correlation attacks on clock-controlled shift registers [A]. In:Advances in Cryptology-EUROCRYPT'94 [C], LNCS 950, Springer-Verlag, Perugia, Italy,1994,230-243.
[30]Jovan Dj. Golic. Towards fast correlation attacks on irregularly clock-controlled generator [A]. In:Advances in Cryptology-EUROCRYPT'95 [C], LNCS 921, Springer-Verlag, Saint-Malo, France,1995,248-262.
[31]T. Johansson. Reduced complexity correlation attacks on two clock-controlled generators [A]. In:Advances in Cryptology-ASIACRYPT'98 [C], LNCS 1514, Springer-Verlag, Beijing, China,1998,342-356.
[32]Jovan D.Golic. Correlation analysis of the shrinking generator [A]. In:Advances in Cryptology-CRYPTO2001 [C], LNCS 2139, Springer-Verlag, Santa Barbara California, 2001,440-457.
[33]F. Jonsson. Some results on fast correlation attacks [D]. Sweden:Department of Information Technology, Lund University,2002.
[34]N. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback [A]. In: Advances in Cryptology-EUROCRYPT 2003 [C], LNCS 2656, Springer-Verlag, Warsaw, Poland,2003,345-359.
[35]N. Courtois. Fast algebraic attacks on stream ciphers with linear feedback [A]. In: Advances in Cryptology-CRYPTO 2003 [C], LNCS 2729, Springer-Verlag, Santa Barbara, 2003,176-194.
[36]F. Armknecht. Improving fast algebraic attacks [A]. In:Fast Software Encryption [C], LNCS 3017, Springer-Verlag, Delhi, India,2004,65-82.
[37]H. Molland. Improved linear consistency attack on irregular clocked keystream generators [A]. In:Fast Software Encryption [C], LNCS 3017, Springer-Verlag, New Delhi, India,2004,109-126.
[38]R. A. Rueppel. Correlation immunity and the summation generator [A]. In:Advances in Cryptology-CRYPTO'85[C], LNCS 219, Berlin:Springer-Verlag,1985,260-272.
[39]W. Meier and O. Staffelbach. Correlation properties of combiners with memory in stream cipher [J]. Journal of Cryptology,5(1992):67-86.
[40]Jovan Dj. Golic, M. Salmasizadeh, and E. Dawson. Fast correlation attacks on the summation generator [J]. Journal of Cryptology,13(2000):245-262.
[41]Jovan Dj. Golic. Edit distances and probabilities for correlation attacks on clock-controlled combiners with memory [J]. IEEE Trans. Inform. Theory,2001,47(3):1032-1041.
[42]F. Armknecht and M. Krause. Algebraic attacks on combiners with memory [A]. In: Advances in Cryptology-CRYPTO 2003 [C], LNCS 2729, Springer-Verlag, Santa Barbara, 2003,162-175.
[43]万哲先,戴宗铎,刘木兰,冯绪宁.非线性移位寄存器[M].北京:科学出版社,1978.
[44]R. L. Rivest. The RC4 Encryption Algorithm. RSA Data Security, Inc., March 1992.
[45]M. J. B. Robshaw. Security of RC4. Technical Report TR-101, RSA Laboratories, July 1994.
[46]A.Klimov and A.Shamir. Cryptographic applications of T-functions [A]. In:Workshop on Selected Areas in Cryptography-SAC 2003 [C], LNCS 3006, Springer-Verlag, Ottawa, Germany,2003,248-261.
[47]A.Klimov and A.Shamir. New cryptographic primitives based on multiword ^-functions [A]. In:Fast Software Encryption-FSE 2004 [C], LNCS 3017, Springer-Verlag, Delhi, Germany,2004,1-15.
[48]M. Ward. The distribution of residues in a sequence satisfying a linear recursion relation [J]. Trans. Amer. Math. Soc.,33(1931):166-190.
[49]M. Ward. Some arithmetical properties of sequences satisfying a linear recursion relation [J]. Ann. of Math.,1931,32(2):734-738.
[50]M. Ward. The arithmetical theory of linear recurring series [J]. Trans. Amer. Math. Soc., 35(1933):600-628.
[51]M. Ward. An arithmetical property of recurring series of the second order [J]. Bull. Amer. Math. Soc. Math.,40(1934):825-828.
[52]M. Ward. Arithmetical properties of sequences in rings [J]. Ann. of Math.,1938,39(2): 210-219.
[53]J. A. Reeds, N. J. A. Sloane. Shift-register synthesis (mod m) [J]. SIAM Journal on Computing,14(1985):505-513.
[54]黄民强.环上本原序列的分析及其密码学评价[D].合肥:中国科技大学,1988.
[55]周锦君,戚文峰.环Z/(m)上线性递归序列的若干特性[J].数学季刊,1990,5(1-2):166-171.
[56]Zong-Duo Dai, Min-Qiang Huang. A criterion for primitiveness of polynomial over Z/(2e) [J]. Chinese Sci. Bull.,36(1991):892-895.
[57]Zong-Duo Dai, Min-Qiang Huang, Linear compexity and the minimal polynomial of linear sequences over Z/(m) [J]. System Science and Mathematical Science,4(1991):51-54.
[58]Min-Qiang Huang. Maximal period polynomials over Z/(pd) [J]. Science in China, Series A,1992,35(3):271-275.
[59]A. S. Kuzmin. The distribution of elements on cycles of linear recurrents ring of residues [J]. Russian Mathmatical Surveys,47(1992):219-221.
[60]戚文峰,周锦君.Z/(pd)上线性序列簇G(f(x))的结构及和序列的若干特性[A].见:密码学进展-ChinaCrypt'92 [C],科学出版社,北京,1992,132-139.
[61]V. L. Kurakin. Representations over Z/(pn) of linear recurring sequences of maximal period over GF(p) [J]. Discrete Math. Appl.,1993,3(2):275-296.
[62]戚文峰,周锦君.环Z/(pd)上乘积序列簇的结构分析[A].见:密码学进展-ChinaCrypt'94 [C],科学出版社,北京,1994,173-179.
[63]戚文峰,周锦君.Z/(pe)上多项式分裂环及线性递归序列根表示[J].中国科学,A辑,1994,24(7):692-696.
[64]戚文峰,戴宗铎.Z/(pd)上序列迹表示及前馈序列空间结构分析[J].应用数学学报,1997,20(1):128-136.
[65]Zong-Duo Dai, T. Beth and D. Gollman. Lower bounds for the linear complexity of sequences over residue ring [A]. In:Advances in Cryptology-EUROCRYPT'90[C], LNCS 473, Springer-Verlag, Aarhus, Denmark,1991,189-195.
[66]Zong-Duo Dai. Binary sequences derived from ML-sequences over rings Ⅰ:periods and minimal polynomials [J].J. Cryptology,1992,5(4):193-207.
[67]A. S. Kuzmin. Low estimates for the ranks of coordinate sequences of linear recurrent sequences over primary residue rings of integers [J]. Russian Mathmatical Surveys, 48(1993):203-204.
[68]V. L. Kurakin. The first coordinate sequence of a linear recurrence of maximal period over a Galois ring [J]. Discrete Math. Appl.,1994,4(2):129-141.
[69]戚文峰,周锦君.环Z/(2e)上本原序列最高权位的0、1分布[J].中国科学,A辑,1997,27(4):311-316.
[70]戚文峰,周锦君.环Z/(2e)上本原序列最高权位的0、1分布(Ⅱ)[J].科学通报,1997, 42(18):1938-1940.
[71]朱凤翔.Z/(2e)上本原序列最高权位的随机性质[D].郑州:信息工程大学,2001年3月.
[72]朱凤翔,戚文峰.Z/(2e)上本原最高权位序列的随机性质[J].应用数学学报,2002,25(2):244-253.
[73]Shu-Qin Fan and Wen-Bao Han. Random properties of the highest level sequences of primitive sequences over Z/(2e) [J]. IEEE Trans. Inform. Theory,2003,49(6):1553-1557.
[74]P. Sole, D. Zinoviev, The most significant bit of maximun length sequences over Z/(2l): autocorrelation and imbalance [J]. IEEE Trans. Inform. Theory,2004,50(8):1844-1846.
[75]Min-Qiang Huang, Zong-Duo Dai. Projective maps of linear recurring sequences with maximal p-adic periods [J]. Fibonacci Quart.,1992,30(2):139-143.
[76]A.S. Kuzmin and A.A. Nechaev, Linear recurring sequences over Galois ring [J]. Russian Mathmatical Surveys,48(1993):171-172.
[77]戚文峰.环Z/(2e)上本原序列的压缩映射及其导出序列的分析[D].郑州:信息工程大学,1997.北京:高等教育出版社,2001.
[78]戚文峰,周锦君.环Z/(2d)上本原序列的保熵映射类[J].自然科学进展,1999,9(3):209-215.
[79]朱宣勇.Galois环上序列特征理想及本原序列压缩映射[D].郑州:信息工程大学,2001年3月.
[80]Wen-Feng Qi and Xuan-Yong Zhu. Compressing mappings on primitive sequences over Z/(2e) and its Galois extension [J]. Finite Fields and Their Applications,2002,8(4): 570-588.
[81]朱宣勇.环上本原序列保熵压缩映射的研究[D].郑州:信息工程大学,2004年12月.
[82]Xuan-Yong Zhu and Wen-Feng Qi. Compression mappings on primitive sequences over Z/(pe) [J]. IEEE Trans. Inform. Theory, Oct.2004,50(10):2442-2448.
[83]Xuan-Yong Zhu and Wen-Feng Qi. The nonlinear complexity of level sequences over Z/(4) [J]. Finite Fields and Their Applications,2006,12(1):103-127.
[84]Tian Tian and Wen-Feng Qi. Injectivity of compressing maps on primitive sequences over Z/(pe) [J]. IEEE Trans. Inform. Theory,2007,53(8):2960-2966.
[85]Xuan-Yong Zhu and Wen-Feng Qi. Further result of compressing maps on primitive sequences modulo odd prime powers [J]. IEEE Trans. Inform. Theory,2007,53(8): 2985-2990.
[86]F.Arnault, T. P. Berger and C. Lauradoux. F-FCSR. ECRYPT Stream Cipher Project Report 2005/008,2005, http://www.ecrypt.eu.org/stream.
[87]E. Jaulmes and F. Muller. Cryptanalysis of ECRYPT candidates F-FCSR-8 and F-FCSR-H. ECRYPT Stream Cipher Project Report 2005/046,2005, http://www.ecrypt.eu.org/stream.
[88]F. Arnault, T. P. Berger and C. Lauradoux. Preventing weaknesses on F-FCSR in IV mode and tradeoff attack on F-FCSR-8. ECRYPT Stream Cipher Project Report 2005/075,2005, http://www.ecrypt.eu.org/stream.
[89]F. Arnault, T. P. Berger and C.Lauradoux. Update on F-FSCR stream cipher. ECRYPT Stream Cipher Project Report 2006/025,2006, http://www.ecrypt.eu.org/stream.
[90]G. Marsaglia and A. Zaman. A new class of random number generators [J]. Annals of Applied Probability,1991,1(3):462-480.
[91]G. Marsaglia. Yet another rng. Posted to the electronic billboard sci.stat.math, August 1, 1994.
[92]S. Tezuka, P. L'Ecuyer and R. Couture. On the lattice structure of add-with-carry and subtract-with-borrow random number generators [J]. ACM Transactions on Modeling and Computer Simulation,1993,3(4):315-331.
[93]R. Couture and P. L'Ecuyer. On the lattice structure of certain linear congruential sequences related to AWC/SWB generators [J]. Math. Comp.,62(1994):799-808.
[94]R. Couture and P. L'Ecuyer. Linear recurrences with carry as uniform random number generators [A]. In:Proceedings of the 27th conference on Winter simulation [C], Arlington, Virginia, United States, Dec.1995,263-267.
[95]R. Couture and P. L'Ecuyer. Distribution Properties of multiply-with-carry random number generators [J]. Math. Comp.,66(1997):591-607.
[96]M. Goresky and A. Klapper. Arithmetic crosscorrelations of feedback with carry shift register sequences [J]. IEEE Trans. Inform. Theory,1997,43(7):1342-1345.
[97]王磊.进位反馈移位寄存器及其序列的流密码应用[D].西安:电子科技大学,1999年1月.
[98]王磊,蔡勉,肖国镇.周期序列2-adic复杂度的稳定性[J].西安电子科技大学学报,2000,27(3):348-350.
[99]M. Goresky, A. Klapper and L. Washington. Fourier transforms and the 2-adic span of periodic binary sequences [J]. IEEE Trans. Inform. Theory,2000,46(3):687-691.
[100]C. Seo, S. Lee, Y. Sung, K. Han and S. Kim. A lower bound on the linear span of an FCSR [J]. IEEE Trans. Inform. Theory,2000,46(3):691-693.
[101]M. Goresky, A. Klapper, R. Murty. On the distinctness of decimations of l-sequences[A]. In:Sequences and their Applications-SETA'01[C], Discrete Mathematics and Computer Science. Springer-Verlag, New York,2002,197-208.
[102]M. Goresky and A. Klapper. Fibonacci and Galois representations of feedback-with-carry shift registers [J]. IEEE Trans. Inform. Theory,2002,48(11):2826-2836.
[103]M. Goresky and A. Klapper. Efficient multiply-with-carry random number generators with optimal distribution properties [J]. ACM Transactions on Modeling and Computer Simulation, October 2003,13(4):310-321.
[104]W. Meidl. Extended Games-Chan algorithm for the 2-adic complexity of FCSR sequences [J]. Theoretical Computer Science,290(2003):2045-2051.
[105]Wen-Feng Qi and Hong Xu. Partial period distribution of FCSR sequences [J]. IEEE Trans. Inform. Theory,2003,49(3):761-765.
[106]徐洪.FCSR序列的伪随机性及线性复杂度[D].郑州:信息工程大学,2003年6月.
[107]F. Arnault, T. P. Berger, and A. Necer. Feedback with carry shift registers synthesis with the Euclidean algorithm [J]. IEEE Trans. Inform. Theory,2004,50(5):910-917.
[108]M. Goresky, A. Klapper, R. Murty, and I. Shparlinski. On decimations of l-sequences [J]. SIAMJournal on Discrete Mathematics,2004,18(1):130-140.
[109]M. Mittelbach and A. Finger. Investigation of FCSR-based pseudorandom sequence generators for stream ciphers [A]. In:Proceedings of the 3rd. International Conference on Networking [C], Guadeloupe, French, February 2004.
[110]A. Klapper. A survey of feedback with carry shift registers [A]. In:Sequences and Their Applications-SETA''04 [C], LNCS 3486, Springer-Verlag, Seoul,2004,56-71.
[111]Honggang Hu and Dengguo Feng. On the 2-adic complexity and k-error 2-adic complexity of periodic binary sequences [A]. In:Sequences and Their Applications-SETA'04 [C], LNCS 3486, Springer-Verlag, Seoul,2004,185-196.
[112]陈兰芳.给定周期的二元序列的2-adic复杂度[D].郑州:信息工程大学,2005年6月.
[113]陈兰芳,戚文峰.周期为2mpn的二元序列的2-adic复杂度[J].通信学报,2005,26(6):6-10.
[114]M. Goresky and A. Klapper. Periodicity and distribution properties of combined FCSR sequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,334-341.
[115]Lihua Dong, Yupu Hu, Yong Zeng. Computing the k-error 2-adic complexity of a binary sequence of period pn[A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,190-198.
[116]Honggang Hu, Lei Hu, Dengguo Feng. On the expected value of the joint 2-adic complexity of periodic binary multisequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,199-208.
[117]Tian Tian, Wen-Feng Qi. On FCSR memory sequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,323-333.
[118]Tian Tian and Wen-Feng Qi. Period and complementarity properties of FCSR memory sequences [J]. IEEE Trans. Inform. Theory,2007,53(8):2966-2970.
[119]F.Arnault, T. P. Berger, A. Necer. A new class of stream ciphers combining LFSR and FCSR architectures [A]. In:Progress in Cryptology-INDOCRYPT2002 [C], LNCS 2551, Springer Verlag, Hyderabad,2002,22-33.
[120]Bin Zhang, Hongjun Wu, Dengguo Feng, and Feng Bao. Chosen Ciphertext Attack on a New Class of Self-Synchronizing Stream Ciphers [A]. In:Progress in Cryptology-INDOCRYPT 2004[C], LNCS 3348, Springer Verlag, Chennai,2004,73-83.
[121]F.Arnault and T. P. Berger. Design of new pseudorandom generators based on a filtered FCSR automaton [A]. In:The State of the Art of Stream Ciphers Workshop-SASC 2004 [C], Brugge, Belgium,2004,109-120.
[122]F. Arnault and T. P. Berger. F-FCSR, design of a new class of stream ciphers [A]. In:Fast Software Encryption [C], LNCS 3557, Springer-Verlag, Paris,2005,83-97.
[123]F. Arnault and T. P. Berger. Design and properties of a new pseudorandom generator based on a filtered FCSR automaton [J]. IEEE Trans, computers,2005,54(11):1374-1383.
[124]T. P. Berger and M. Minier. Two algebraic attacks against the F-FCSRs using the IV mode [A]. In:Progress in Cryptology-INDOCRYPT 2005 [C], LNCS 3797, Springer-Verlag, Bangalore,2005,143-154.
[125]E. Jaulmes and F. Muller. Cryptanalysis of the F-FSCR stream cipher family [A]. In: Selected Areas in Cryptography-SAC 2005 [C], LNCS 3897, Springer-Verlag, Kingston, Ontario, Canada,2005,20-35.
[126]F.Arnault, T. P. Berger and M.Minier. On the security of FCSR-based pseudorandom generators [A]. In:The State of the Art of Stream Ciphers Workshop-SASC 2007 [C], Ruhr University Bochum, Germany,2007,179-190.
[127]N. Koblitz. P-adic Numbers, P-adic Analysis, and Zeta Functions [M]. New York: Springer-Verlag,1984.
[128]B. M. M. de Weger, Approximation lattices of p-adic numbers [J]. J. Number Theory, 24(1986):70-88.
[129]R. A. Games and A.H.Chan. A fast algorithm for determining the complexity of a pseudo-random sequence with period 2"[J]. IEEE Trans. Inform. Theory,1983, 29(1):144-146.
[2]R. Lidl and H. Niedereiter. Finite Field [M]. Canada:Addison-Wesley,1983.
[3]R.A. Rueppel. Analysis and Design of Stream Ciphers [M]. Berlin:Springer-Verlag,1986.
[4]丁存生,肖国镇.流密码学及其应用[M].北京:国防工业出版社,1994.
[5]B. Schneier. Applied Cryptography:Protocols, Algorithms, and Source Code in C[M]. John Wiley & Sons, New York,2nd edition,1996.
[6]A. Menezes, P. van Oorschot and S. Vanstone. Handbook of Applied Cryptography [M]. CRC Press, ISBN:0-8493-8523-7, October 1996. The 5th edition, August 2001.
[7]J. L. Massey. Shift register synthesis and BCH decoding [J]. IEEE Trans. Inform. Theory, 1969,15(1):122-127.
[8]R. A. Rueppel. New approaches to stream ciphers [D]. Zurich, Switzerland:Swiss Federal Institute of Technology,1984.
[9]Cunsheng Ding, Guozhen Xiao, Weijuan Shan. The Stability Theory of Stream Ciphers [M]. Berlin:Springer-Verlag,1991.
[10]M. Stamp and C.F.Martin. An algorithm for the k-error linear complexity of binary sequences with period 2" [J]. IEEE Trans. Inform. Theory,1993,39(4):1398-1401.
[11]A. Klapper and M. Goresky.2-adic shift registers [A]. In:Fast Software Encryption [C], LNCS 809, Springer-Verlag, Cambridge,1993,174-178.
[12]A. Klapper and M. Goresky. Large period nearly deBruijn FCSR sequences [A]. In: Advances in Cryptology-EUROCRYPT'95 [C], LNCS 921, Springer-Verlag, Saint-Malo, France,1995,263-273.
[13]A. Klapper and M. Goresky. Cryptanlysis based on 2-adic rational approximation [A]. In: Advances in Cryptology-CRYPTO'95 [C], LNCS 963, Springer-Verlag, Santa Barbara, 1995,262-273.
[14]A. Klapper and M. Goresky. Feedback shift registers,2-adic span, and combiners with memory [J]. J. Cryptology,1997,10(2):111-147.
[15]R. Forre. The strict avalanche criterion, spectral properties of Boolean functions and an extended definition [A]. In:Advances in Cryptology-CRYPTO'88 [C]. LNCS 403, Springer-Verlag, Santa Barbara, California,1988,450-468.
[16]B. Prenel, W. Van Leekwijck, L. Van Linden, et al. Propagation characteristics of Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT'90 [C], LNCS 473, Springer-Verlag, Aarhus,1990,161-173.
[17]B. Preneel, R. Govaerts and J. Vandevalle. Boolean function satisfying higher order propagation criteria [A]. In:Advances in Cryptology-EUROCRYPT'91 [C], LNCS 547, Springer Verlag, Brighton,1991,141-152.
[18]J. Seberry, X. M. Zhang and Y. Zheng. On constructions and nonlinearity of correlation immune Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT''93 [C], LNCS 765, Springer-Verlag, Lofthus, Norway,1993,181-199.
[19]J. Seberry, X. M. Zhang, Y. Zheng. The relationship between propagation characteristics and nonlinearity of cryptographic functions [J]. Journal of Universal Computer Science, 1995,136-150.
[20]W. Millan, A. Clark, E. Dawson. Heuristic design of cryptographically strong balanced Boolean functions [A]. In:Advances in Cryptology-EUROCRYPT'98 [C], LNCS 1403, Springer-Verlag, Espoo, Finland,1998,489-499.
[21]D.K.Dalai, K.C.Gupta and S. Maitra. Results on algebraic immunity for cryptographically significant Boolean functions [A]. In:Advances in Cryptology-INDOCRYPT 2004 [C], LNCS 3348, Springer-Verlag, Chennai,2004,92-106.
[22]A. Braeken and B. Preneel. On the algebraic immunity of symmetric Boolean functions [A]. In Advances in Cryptology-INDOCRYPT 2005 [C], LNCS 3797, Springer-Verlag, Bangalore,2005,35-48.
[23]T.Beth and F. Piper. The stop-and-go generator [A]. In:Advances in Cryptology-EUROCRYPT'84 [C], LNCS 209, Springer-Verlag, Paris,1984,88-92.
[24]D. Gollmann and W.G. Chambers. Clock-controlled shift registers:a review [J]. IEEE Journal on Selected Areas in Communications,7(1989):525-533.
[25]D. Coppersmith, H. Krawczyk and Y. Mansour. The shrinking generator [A]. In:Advances in Cryptology-CRYPTO'93 [C], LNCS 740, Springer-Verlag, Santa Barbara,1993,22-39.
[26]W. Meier and O. Staffelbach, The self-shrinking generator [A]. In:Advances in Cryptology-EUROCRYPT'94 [C], LNCS 950, Springer-Verlag, Perugia, Italy,1994,205-214.
[27]K. Zeng, C. Yang and Y. Rao. On the linear consistency test (LCT) in cryptanalysis with applications [A]. In:Advances in Cryptology-CRYPTO'89[C], LNCS 435, Springer-Verlag, Santa Barbara, California,1989,164-174.
[28]Miodrag V. Zivkovic. An algorithm for the initial state reconstruction of the clock-controlled shift register [J]. IEEE Trans. Inform. Theory,1993,37(5):1488-1490.
[29]Jovan Dj. Golic and L. O'Connor. Embedding and probabilistic correlation attacks on clock-controlled shift registers [A]. In:Advances in Cryptology-EUROCRYPT'94 [C], LNCS 950, Springer-Verlag, Perugia, Italy,1994,230-243.
[30]Jovan Dj. Golic. Towards fast correlation attacks on irregularly clock-controlled generator [A]. In:Advances in Cryptology-EUROCRYPT'95 [C], LNCS 921, Springer-Verlag, Saint-Malo, France,1995,248-262.
[31]T. Johansson. Reduced complexity correlation attacks on two clock-controlled generators [A]. In:Advances in Cryptology-ASIACRYPT'98 [C], LNCS 1514, Springer-Verlag, Beijing, China,1998,342-356.
[32]Jovan D.Golic. Correlation analysis of the shrinking generator [A]. In:Advances in Cryptology-CRYPTO2001 [C], LNCS 2139, Springer-Verlag, Santa Barbara California, 2001,440-457.
[33]F. Jonsson. Some results on fast correlation attacks [D]. Sweden:Department of Information Technology, Lund University,2002.
[34]N. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback [A]. In: Advances in Cryptology-EUROCRYPT 2003 [C], LNCS 2656, Springer-Verlag, Warsaw, Poland,2003,345-359.
[35]N. Courtois. Fast algebraic attacks on stream ciphers with linear feedback [A]. In: Advances in Cryptology-CRYPTO 2003 [C], LNCS 2729, Springer-Verlag, Santa Barbara, 2003,176-194.
[36]F. Armknecht. Improving fast algebraic attacks [A]. In:Fast Software Encryption [C], LNCS 3017, Springer-Verlag, Delhi, India,2004,65-82.
[37]H. Molland. Improved linear consistency attack on irregular clocked keystream generators [A]. In:Fast Software Encryption [C], LNCS 3017, Springer-Verlag, New Delhi, India,2004,109-126.
[38]R. A. Rueppel. Correlation immunity and the summation generator [A]. In:Advances in Cryptology-CRYPTO'85[C], LNCS 219, Berlin:Springer-Verlag,1985,260-272.
[39]W. Meier and O. Staffelbach. Correlation properties of combiners with memory in stream cipher [J]. Journal of Cryptology,5(1992):67-86.
[40]Jovan Dj. Golic, M. Salmasizadeh, and E. Dawson. Fast correlation attacks on the summation generator [J]. Journal of Cryptology,13(2000):245-262.
[41]Jovan Dj. Golic. Edit distances and probabilities for correlation attacks on clock-controlled combiners with memory [J]. IEEE Trans. Inform. Theory,2001,47(3):1032-1041.
[42]F. Armknecht and M. Krause. Algebraic attacks on combiners with memory [A]. In: Advances in Cryptology-CRYPTO 2003 [C], LNCS 2729, Springer-Verlag, Santa Barbara, 2003,162-175.
[43]万哲先,戴宗铎,刘木兰,冯绪宁.非线性移位寄存器[M].北京:科学出版社,1978.
[44]R. L. Rivest. The RC4 Encryption Algorithm. RSA Data Security, Inc., March 1992.
[45]M. J. B. Robshaw. Security of RC4. Technical Report TR-101, RSA Laboratories, July 1994.
[46]A.Klimov and A.Shamir. Cryptographic applications of T-functions [A]. In:Workshop on Selected Areas in Cryptography-SAC 2003 [C], LNCS 3006, Springer-Verlag, Ottawa, Germany,2003,248-261.
[47]A.Klimov and A.Shamir. New cryptographic primitives based on multiword ^-functions [A]. In:Fast Software Encryption-FSE 2004 [C], LNCS 3017, Springer-Verlag, Delhi, Germany,2004,1-15.
[48]M. Ward. The distribution of residues in a sequence satisfying a linear recursion relation [J]. Trans. Amer. Math. Soc.,33(1931):166-190.
[49]M. Ward. Some arithmetical properties of sequences satisfying a linear recursion relation [J]. Ann. of Math.,1931,32(2):734-738.
[50]M. Ward. The arithmetical theory of linear recurring series [J]. Trans. Amer. Math. Soc., 35(1933):600-628.
[51]M. Ward. An arithmetical property of recurring series of the second order [J]. Bull. Amer. Math. Soc. Math.,40(1934):825-828.
[52]M. Ward. Arithmetical properties of sequences in rings [J]. Ann. of Math.,1938,39(2): 210-219.
[53]J. A. Reeds, N. J. A. Sloane. Shift-register synthesis (mod m) [J]. SIAM Journal on Computing,14(1985):505-513.
[54]黄民强.环上本原序列的分析及其密码学评价[D].合肥:中国科技大学,1988.
[55]周锦君,戚文峰.环Z/(m)上线性递归序列的若干特性[J].数学季刊,1990,5(1-2):166-171.
[56]Zong-Duo Dai, Min-Qiang Huang. A criterion for primitiveness of polynomial over Z/(2e) [J]. Chinese Sci. Bull.,36(1991):892-895.
[57]Zong-Duo Dai, Min-Qiang Huang, Linear compexity and the minimal polynomial of linear sequences over Z/(m) [J]. System Science and Mathematical Science,4(1991):51-54.
[58]Min-Qiang Huang. Maximal period polynomials over Z/(pd) [J]. Science in China, Series A,1992,35(3):271-275.
[59]A. S. Kuzmin. The distribution of elements on cycles of linear recurrents ring of residues [J]. Russian Mathmatical Surveys,47(1992):219-221.
[60]戚文峰,周锦君.Z/(pd)上线性序列簇G(f(x))的结构及和序列的若干特性[A].见:密码学进展-ChinaCrypt'92 [C],科学出版社,北京,1992,132-139.
[61]V. L. Kurakin. Representations over Z/(pn) of linear recurring sequences of maximal period over GF(p) [J]. Discrete Math. Appl.,1993,3(2):275-296.
[62]戚文峰,周锦君.环Z/(pd)上乘积序列簇的结构分析[A].见:密码学进展-ChinaCrypt'94 [C],科学出版社,北京,1994,173-179.
[63]戚文峰,周锦君.Z/(pe)上多项式分裂环及线性递归序列根表示[J].中国科学,A辑,1994,24(7):692-696.
[64]戚文峰,戴宗铎.Z/(pd)上序列迹表示及前馈序列空间结构分析[J].应用数学学报,1997,20(1):128-136.
[65]Zong-Duo Dai, T. Beth and D. Gollman. Lower bounds for the linear complexity of sequences over residue ring [A]. In:Advances in Cryptology-EUROCRYPT'90[C], LNCS 473, Springer-Verlag, Aarhus, Denmark,1991,189-195.
[66]Zong-Duo Dai. Binary sequences derived from ML-sequences over rings Ⅰ:periods and minimal polynomials [J].J. Cryptology,1992,5(4):193-207.
[67]A. S. Kuzmin. Low estimates for the ranks of coordinate sequences of linear recurrent sequences over primary residue rings of integers [J]. Russian Mathmatical Surveys, 48(1993):203-204.
[68]V. L. Kurakin. The first coordinate sequence of a linear recurrence of maximal period over a Galois ring [J]. Discrete Math. Appl.,1994,4(2):129-141.
[69]戚文峰,周锦君.环Z/(2e)上本原序列最高权位的0、1分布[J].中国科学,A辑,1997,27(4):311-316.
[70]戚文峰,周锦君.环Z/(2e)上本原序列最高权位的0、1分布(Ⅱ)[J].科学通报,1997, 42(18):1938-1940.
[71]朱凤翔.Z/(2e)上本原序列最高权位的随机性质[D].郑州:信息工程大学,2001年3月.
[72]朱凤翔,戚文峰.Z/(2e)上本原最高权位序列的随机性质[J].应用数学学报,2002,25(2):244-253.
[73]Shu-Qin Fan and Wen-Bao Han. Random properties of the highest level sequences of primitive sequences over Z/(2e) [J]. IEEE Trans. Inform. Theory,2003,49(6):1553-1557.
[74]P. Sole, D. Zinoviev, The most significant bit of maximun length sequences over Z/(2l): autocorrelation and imbalance [J]. IEEE Trans. Inform. Theory,2004,50(8):1844-1846.
[75]Min-Qiang Huang, Zong-Duo Dai. Projective maps of linear recurring sequences with maximal p-adic periods [J]. Fibonacci Quart.,1992,30(2):139-143.
[76]A.S. Kuzmin and A.A. Nechaev, Linear recurring sequences over Galois ring [J]. Russian Mathmatical Surveys,48(1993):171-172.
[77]戚文峰.环Z/(2e)上本原序列的压缩映射及其导出序列的分析[D].郑州:信息工程大学,1997.北京:高等教育出版社,2001.
[78]戚文峰,周锦君.环Z/(2d)上本原序列的保熵映射类[J].自然科学进展,1999,9(3):209-215.
[79]朱宣勇.Galois环上序列特征理想及本原序列压缩映射[D].郑州:信息工程大学,2001年3月.
[80]Wen-Feng Qi and Xuan-Yong Zhu. Compressing mappings on primitive sequences over Z/(2e) and its Galois extension [J]. Finite Fields and Their Applications,2002,8(4): 570-588.
[81]朱宣勇.环上本原序列保熵压缩映射的研究[D].郑州:信息工程大学,2004年12月.
[82]Xuan-Yong Zhu and Wen-Feng Qi. Compression mappings on primitive sequences over Z/(pe) [J]. IEEE Trans. Inform. Theory, Oct.2004,50(10):2442-2448.
[83]Xuan-Yong Zhu and Wen-Feng Qi. The nonlinear complexity of level sequences over Z/(4) [J]. Finite Fields and Their Applications,2006,12(1):103-127.
[84]Tian Tian and Wen-Feng Qi. Injectivity of compressing maps on primitive sequences over Z/(pe) [J]. IEEE Trans. Inform. Theory,2007,53(8):2960-2966.
[85]Xuan-Yong Zhu and Wen-Feng Qi. Further result of compressing maps on primitive sequences modulo odd prime powers [J]. IEEE Trans. Inform. Theory,2007,53(8): 2985-2990.
[86]F.Arnault, T. P. Berger and C. Lauradoux. F-FCSR. ECRYPT Stream Cipher Project Report 2005/008,2005, http://www.ecrypt.eu.org/stream.
[87]E. Jaulmes and F. Muller. Cryptanalysis of ECRYPT candidates F-FCSR-8 and F-FCSR-H. ECRYPT Stream Cipher Project Report 2005/046,2005, http://www.ecrypt.eu.org/stream.
[88]F. Arnault, T. P. Berger and C. Lauradoux. Preventing weaknesses on F-FCSR in IV mode and tradeoff attack on F-FCSR-8. ECRYPT Stream Cipher Project Report 2005/075,2005, http://www.ecrypt.eu.org/stream.
[89]F. Arnault, T. P. Berger and C.Lauradoux. Update on F-FSCR stream cipher. ECRYPT Stream Cipher Project Report 2006/025,2006, http://www.ecrypt.eu.org/stream.
[90]G. Marsaglia and A. Zaman. A new class of random number generators [J]. Annals of Applied Probability,1991,1(3):462-480.
[91]G. Marsaglia. Yet another rng. Posted to the electronic billboard sci.stat.math, August 1, 1994.
[92]S. Tezuka, P. L'Ecuyer and R. Couture. On the lattice structure of add-with-carry and subtract-with-borrow random number generators [J]. ACM Transactions on Modeling and Computer Simulation,1993,3(4):315-331.
[93]R. Couture and P. L'Ecuyer. On the lattice structure of certain linear congruential sequences related to AWC/SWB generators [J]. Math. Comp.,62(1994):799-808.
[94]R. Couture and P. L'Ecuyer. Linear recurrences with carry as uniform random number generators [A]. In:Proceedings of the 27th conference on Winter simulation [C], Arlington, Virginia, United States, Dec.1995,263-267.
[95]R. Couture and P. L'Ecuyer. Distribution Properties of multiply-with-carry random number generators [J]. Math. Comp.,66(1997):591-607.
[96]M. Goresky and A. Klapper. Arithmetic crosscorrelations of feedback with carry shift register sequences [J]. IEEE Trans. Inform. Theory,1997,43(7):1342-1345.
[97]王磊.进位反馈移位寄存器及其序列的流密码应用[D].西安:电子科技大学,1999年1月.
[98]王磊,蔡勉,肖国镇.周期序列2-adic复杂度的稳定性[J].西安电子科技大学学报,2000,27(3):348-350.
[99]M. Goresky, A. Klapper and L. Washington. Fourier transforms and the 2-adic span of periodic binary sequences [J]. IEEE Trans. Inform. Theory,2000,46(3):687-691.
[100]C. Seo, S. Lee, Y. Sung, K. Han and S. Kim. A lower bound on the linear span of an FCSR [J]. IEEE Trans. Inform. Theory,2000,46(3):691-693.
[101]M. Goresky, A. Klapper, R. Murty. On the distinctness of decimations of l-sequences[A]. In:Sequences and their Applications-SETA'01[C], Discrete Mathematics and Computer Science. Springer-Verlag, New York,2002,197-208.
[102]M. Goresky and A. Klapper. Fibonacci and Galois representations of feedback-with-carry shift registers [J]. IEEE Trans. Inform. Theory,2002,48(11):2826-2836.
[103]M. Goresky and A. Klapper. Efficient multiply-with-carry random number generators with optimal distribution properties [J]. ACM Transactions on Modeling and Computer Simulation, October 2003,13(4):310-321.
[104]W. Meidl. Extended Games-Chan algorithm for the 2-adic complexity of FCSR sequences [J]. Theoretical Computer Science,290(2003):2045-2051.
[105]Wen-Feng Qi and Hong Xu. Partial period distribution of FCSR sequences [J]. IEEE Trans. Inform. Theory,2003,49(3):761-765.
[106]徐洪.FCSR序列的伪随机性及线性复杂度[D].郑州:信息工程大学,2003年6月.
[107]F. Arnault, T. P. Berger, and A. Necer. Feedback with carry shift registers synthesis with the Euclidean algorithm [J]. IEEE Trans. Inform. Theory,2004,50(5):910-917.
[108]M. Goresky, A. Klapper, R. Murty, and I. Shparlinski. On decimations of l-sequences [J]. SIAMJournal on Discrete Mathematics,2004,18(1):130-140.
[109]M. Mittelbach and A. Finger. Investigation of FCSR-based pseudorandom sequence generators for stream ciphers [A]. In:Proceedings of the 3rd. International Conference on Networking [C], Guadeloupe, French, February 2004.
[110]A. Klapper. A survey of feedback with carry shift registers [A]. In:Sequences and Their Applications-SETA''04 [C], LNCS 3486, Springer-Verlag, Seoul,2004,56-71.
[111]Honggang Hu and Dengguo Feng. On the 2-adic complexity and k-error 2-adic complexity of periodic binary sequences [A]. In:Sequences and Their Applications-SETA'04 [C], LNCS 3486, Springer-Verlag, Seoul,2004,185-196.
[112]陈兰芳.给定周期的二元序列的2-adic复杂度[D].郑州:信息工程大学,2005年6月.
[113]陈兰芳,戚文峰.周期为2mpn的二元序列的2-adic复杂度[J].通信学报,2005,26(6):6-10.
[114]M. Goresky and A. Klapper. Periodicity and distribution properties of combined FCSR sequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,334-341.
[115]Lihua Dong, Yupu Hu, Yong Zeng. Computing the k-error 2-adic complexity of a binary sequence of period pn[A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,190-198.
[116]Honggang Hu, Lei Hu, Dengguo Feng. On the expected value of the joint 2-adic complexity of periodic binary multisequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,199-208.
[117]Tian Tian, Wen-Feng Qi. On FCSR memory sequences [A]. In:Sequences and Their Applications-SETA'06 [C], LNCS 4086, Springer-Verlag, Beijing,2006,323-333.
[118]Tian Tian and Wen-Feng Qi. Period and complementarity properties of FCSR memory sequences [J]. IEEE Trans. Inform. Theory,2007,53(8):2966-2970.
[119]F.Arnault, T. P. Berger, A. Necer. A new class of stream ciphers combining LFSR and FCSR architectures [A]. In:Progress in Cryptology-INDOCRYPT2002 [C], LNCS 2551, Springer Verlag, Hyderabad,2002,22-33.
[120]Bin Zhang, Hongjun Wu, Dengguo Feng, and Feng Bao. Chosen Ciphertext Attack on a New Class of Self-Synchronizing Stream Ciphers [A]. In:Progress in Cryptology-INDOCRYPT 2004[C], LNCS 3348, Springer Verlag, Chennai,2004,73-83.
[121]F.Arnault and T. P. Berger. Design of new pseudorandom generators based on a filtered FCSR automaton [A]. In:The State of the Art of Stream Ciphers Workshop-SASC 2004 [C], Brugge, Belgium,2004,109-120.
[122]F. Arnault and T. P. Berger. F-FCSR, design of a new class of stream ciphers [A]. In:Fast Software Encryption [C], LNCS 3557, Springer-Verlag, Paris,2005,83-97.
[123]F. Arnault and T. P. Berger. Design and properties of a new pseudorandom generator based on a filtered FCSR automaton [J]. IEEE Trans, computers,2005,54(11):1374-1383.
[124]T. P. Berger and M. Minier. Two algebraic attacks against the F-FCSRs using the IV mode [A]. In:Progress in Cryptology-INDOCRYPT 2005 [C], LNCS 3797, Springer-Verlag, Bangalore,2005,143-154.
[125]E. Jaulmes and F. Muller. Cryptanalysis of the F-FSCR stream cipher family [A]. In: Selected Areas in Cryptography-SAC 2005 [C], LNCS 3897, Springer-Verlag, Kingston, Ontario, Canada,2005,20-35.
[126]F.Arnault, T. P. Berger and M.Minier. On the security of FCSR-based pseudorandom generators [A]. In:The State of the Art of Stream Ciphers Workshop-SASC 2007 [C], Ruhr University Bochum, Germany,2007,179-190.
[127]N. Koblitz. P-adic Numbers, P-adic Analysis, and Zeta Functions [M]. New York: Springer-Verlag,1984.
[128]B. M. M. de Weger, Approximation lattices of p-adic numbers [J]. J. Number Theory, 24(1986):70-88.
[129]R. A. Games and A.H.Chan. A fast algorithm for determining the complexity of a pseudo-random sequence with period 2"[J]. IEEE Trans. Inform. Theory,1983, 29(1):144-146.