整数剩余类环上本原序列压缩导出序列的保熵性
|
摘要
在欧洲NESSIE计划和eSTREAM计划的带动下,采用非线性驱动部件已成为当前序列密码设计的一个明显趋势.相应地,有关非线性序列的设计与分析自然成为当前序列密码领域研究的一个重要课题.
由于整数的进位运算,整数剩余类环上的线性递归序列(简称环上序列)天然蕴含丰富的非线性结构.按照压缩方式的不同,先后提出了两类基于环上序列的非线性序列模型,即权位压缩导出序列和模压缩导出序列.本文分析这两类非线性序列的性质,旨在为它们进一步的应用提供理论支撑和技术参考.
设pe是奇素数方幂, f(x)是Z/(p~e)上的强本原多项式, a=a_0+a_1p++a_(e-1) p~(e-1)是由f(x)生成的本原序列, η(x_0, x_1,…, x_(e-2))是Z/(p)上的e-1元多项式函数.本文第一部分研究形如a_(e-1)+η(a_0, a_1,…, a_(e-2))的权位压缩导出序列的局部保熵性,进一步挖掘这类非线性序列的信息分布规律,得到了如下结论:
1.若η的x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)项系数不为(-1)~e(p+1)/2,则对任意的s∈Z/(p)和k∈(Z/(p)),序列a_(e-1)+η(a_0, a_1,…, a_(e-2))在时刻集{t≥0|α(t)=k}上元素s的分布包含了压缩前序列a的所有信息,即若存在由f (x)生成的两条本原序列a和b,使得a_(e-1)+η(a_0, a_1,…, a_(e-2))和b_(e-1)+η(b_0, b_1,…, b_(e-2))在时刻集{t≥0|α(t)=k}上元素s的分布是一致的,则a=b,其中α是Z/(p)上由f(x)和a_0唯一确定的m-序列.此外,还说明了条件中η的x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)项系数不为(-1)~e (p+1)/2以及k∈(Z/(p))*都是必需的,否则存在反例.
本文第二部分研究环Z/(M)上本原序列及其模压缩导出序列的元素分布性质,其中M是无平方因子的奇合数.该部分内容既是对环上序列基础理论的进一步补充,也是第三部分Z/(M)上模压缩导出序列保熵性研究的基础,得到了如下主要结论:
2.利用指数和估计,给出了Z/(M)上任意n阶本原序列包含Z/(M)中所有元素的一个充分条件.理论分析表明对任意给定的M,当n充分大时,该充分条件总是成立的.实验进一步显示,对绝大部分的M而言,当n≥7时即可保证该条件成立.
3.估计了Z/(M)上n阶本原序列的模2压缩导出序列在长为L=「μ·T」的一个序列段内0,1出现的频率,其中T是压缩前本原序列的周期,0<μ≤1是任意给定的常数.然后基于此估计说明,对任意给定的M和μ,当n稍大时,0,1出现的频率的偏差约为1/M.但是这种不平衡性并不影响Z/(M)上模2压缩导出序列的密码应用,只要引入少量的异或运算,0,1之间的这种不平衡性很容易降到不可区分的程度.
4.给出偶元素出现的猜测:即Z/(M)上的任意1阶本原序列必含有非0偶元素.实验显示,当15≤M <300,000时,该猜想总是成立的.利用指数和及若干数论函数估计,本文给出了该猜想的部分证明:即存在无平方因子奇整数集的一个渐近密度为1的子集,使得该猜想总是成立的.
本文第三部分研究Z/(M)上模压缩导出序列的保熵性.设f(x)是Z/(M)上的n次本原多项式,整数H 5.当M=pq是两个不同奇素数乘积时,给出了Z/(pq)上n次本原多项式生成的本原序列是模2保熵的一个新的充分条件.虽然该结论未能完全涵盖2009年陈华瑾等所给出的结论,但与其相比,该结论所能涵盖的本原多项式的比例却得到了大大的提高.
6.具有模2保熵性的Z/(2~e-1)上的本原序列被认为特别适合用于构建序列密码的驱动部件.当e∈{4,8,16,32,64}时,本文证明了若Z/(2~e-1)上的n次本原多项式f(x)生成的任意本原序列均包含Z/(2~e-1)中的所有元素,则由f(x)生成的本原序列是模2保熵的.由第二部分元素分布的估计可知,当7≤n≤10000时,所述模2保熵性总是成立的.
7.当M是无平方因子的奇合数时,给出了Z/(M)上n次本原多项式生成的本原序列是模2保熵的首个充分条件.满足该充分条件的本原多项式集合的大小与第二部分中元素分布的研究密切相关.实验分析进一步显示,该集合涵盖了Z/(M)上绝大部分的n次本原多项式.
8.当M是无平方因子的奇合数时,证明了若Z/(M)上的本原多项式f (x)生成的任意本原序列均包含Z/(M)中的所有元素,则由f(x)生成的本原序列是模H保熵的,其中H被4整除或者H含有一个奇素数因子与M互素.
最后,本文给出了Z/(2~e-1)上本原序列快速生成的若干思考.通过分级多点反馈以及巧用分配律等技巧,有效地提高了Z/(2~e-1)上本原序列的软件生成效率.
Under the influence of NESSIE project and eSTREAM project, it is universally acceptedthat a secure stream cipher should be built on nonlinear driving blocks. Accordingly, how todesign and analyse sequences with desirable nonlinear structure naturally become one ofimportant topics in the field of stream ciphers.
Since the existence of carry operations, the linear recurring sequences over integer residuerings (called sequences over rings in short) inherently have complex nonlinear structure. Inliterature, two kinds of compression mappings have been proposed to derive nonlinear sequences:one is based on e-variable functions over Z/(p); the other is based on the modular operation. Thisdissertation is dedicated to study these two kinds of nonlinear sequences, in order to providemore theoretical foundations and technologies for their further applications.
Let pebe an odd prime power, f (x) a strongly primitive polynomial over Z/(pe), and a=a_0+a_1p++a_(e-1) p~(e-1)a primitive sequence generated by f (x) over Z/(pe). Let η (x_0, x_1,…, x_(e-2)) bean e1-variable function over Z/(p). The first part of this dissertation focus on sequences of theform a_(e-1)+η(a_0, a_1,…, a_(e-2)) and investigates their information distribution law. The mainresult is as follow.
1. If the coefficient of x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)in η is not equal to (-1)~e (p+1)/2, then for any s∈Z/(p) and any k∈(Z/(p))*, the distribution of element s of a_(e-1)+η(a_0, a_1,…, a_(e-2)) at times twith α(t)=k contains all the information of the original sequence a. That is to say, if thedistribution of element s of a_(e-1)+η(a_0, a_1,…, a_(e-2)) is the same as that of b_(e-1)+η(b_0,b_1,…, b_(e-2) at times t with α(t)=k, then a=b, where a and b are two primitive sequencesgenerated by f (x) over Z/(pe), and α is an m-sequence over Z/(p) uniquely determined by f (x)and a_0. Moreover, it is shown that the two conditions: the coefficient of x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1) in η isnot equal to (-1)~e (p+1)/2and k∈(Z/(p))*, are both necessary, since otherwise there existcounterexamples.
The second part of this dissertation focus on the element distribution of primitive sequencesover Z/(M), as well as the element distribution of their modulo2reductions, where M is an oddinteger that is composite and square-free. This part is not only independently interest, but alsoserves an important foundation for the next part. The main results we obtained are as follows.
2. Based on the estimates of exponential sums over integer residue rings, a sufficientcondition is given for ensuring that every element in Z/(M) occurs in any given primitivesequence of order n over Z/(M). Then it is shown that for any fixed M, the sufficient condition isalways satisfied if n is sufficiently large. Experimental data further implies that for the greatmajority of M, n≥7is already large enough.
3. Let a be a primitive sequence of order n over Z/(M) with period T and [a]mod2the modulo2reduction of a. For any s∈{0,1} and0<μ≤1, it is shown that the proportion of s within asegment of [a]mod2of length L=「μ·T」 tends to the average value (M+12s)/2M as n→∞.This implies that the element distribution of [a]mod2is often imbalanced, and the bias of theproportion of0and1is about1/M. However the bias can be easily reduced to anundistinguishable grade since a termwise exclusive or of several phase-shifts of [a]mod2will havedesirable element distribution property.
4. For any primitive sequence a of order1over Z/(M), it is conjectured that there must be anonzero even element occurring in a, which has been verified for all square-free odd integersless than300,000. Based on the estimates of exponential sums over integer residue rings andseveral number theoretical functions, the conjecture is partial proven by showing that there is asubset of square-free odd integers with asymptotic density1such that the conjecture is alwaystrue.
The third part of this dissertation focus on the distinctness of modular reductions ofprimitive sequences over Z/(M). Let f (x) be a primitive polynomial of degree n over Z/(M),H 5. A new sufficient condition is given for ensuring that primitive sequences generated by aprimitive polynomial of degree n over Z/(pq) are pairwise distinct modulo2, where p and q aretwo distinct odd prime numbers. Comparing with the previous result obtained by H.J. Chen in2009, the set of primitive sequences that can be included by the new sufficient condition isgreatly enlarged.
6. For e∈{4,8,16,32,64}, it is shown that primitive sequences generated by a primitivepolynomial f (x) of order n over Z/(2~e-1) are pairwise distinct modulo2. This result is obtainedbasing on the assumption that every element in Z/(2~e-1) occurs in any given primitive sequencegenerated by f (x) over Z/(2~e-1), which it is known to be valid for7≤n≤10000.
7. For a general odd integer M that is composite and square-free, a sufficient condition isgiven for ensuring that primitive sequences generated by a primitive polynomial of degree n overZ/(M) are pairwise distinct modulo2. The number of primitive polynomials satisfying thesufficient condition is highly related to two distribution properties of primitive sequences overZ/(M), which have been studied in the second part of this paper. Moreover, expermental dataimply that the great majority of primitive polynomials of order n over Z/(M) can be included by the sufficient condition.
8. As for an odd integer M that is composite and square-free, under the assumption thatevery element in Z/(M) occurs in any given primitive sequence generated by f (x) over Z/(M), itis shown that primitive sequences generated by f (x) over Z/(M) are pairwise distinct modulo H,where H is an integer divisible by4or by an odd prime number coprime with M.
The last part of this paper focus on the software implemention of primitive sequences overZ/(2~e-1), and some effective technologies are introduced to improve its efficiency.
由于整数的进位运算,整数剩余类环上的线性递归序列(简称环上序列)天然蕴含丰富的非线性结构.按照压缩方式的不同,先后提出了两类基于环上序列的非线性序列模型,即权位压缩导出序列和模压缩导出序列.本文分析这两类非线性序列的性质,旨在为它们进一步的应用提供理论支撑和技术参考.
设pe是奇素数方幂, f(x)是Z/(p~e)上的强本原多项式, a=a_0+a_1p++a_(e-1) p~(e-1)是由f(x)生成的本原序列, η(x_0, x_1,…, x_(e-2))是Z/(p)上的e-1元多项式函数.本文第一部分研究形如a_(e-1)+η(a_0, a_1,…, a_(e-2))的权位压缩导出序列的局部保熵性,进一步挖掘这类非线性序列的信息分布规律,得到了如下结论:
1.若η的x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)项系数不为(-1)~e(p+1)/2,则对任意的s∈Z/(p)和k∈(Z/(p)),序列a_(e-1)+η(a_0, a_1,…, a_(e-2))在时刻集{t≥0|α(t)=k}上元素s的分布包含了压缩前序列a的所有信息,即若存在由f (x)生成的两条本原序列a和b,使得a_(e-1)+η(a_0, a_1,…, a_(e-2))和b_(e-1)+η(b_0, b_1,…, b_(e-2))在时刻集{t≥0|α(t)=k}上元素s的分布是一致的,则a=b,其中α是Z/(p)上由f(x)和a_0唯一确定的m-序列.此外,还说明了条件中η的x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)项系数不为(-1)~e (p+1)/2以及k∈(Z/(p))*都是必需的,否则存在反例.
本文第二部分研究环Z/(M)上本原序列及其模压缩导出序列的元素分布性质,其中M是无平方因子的奇合数.该部分内容既是对环上序列基础理论的进一步补充,也是第三部分Z/(M)上模压缩导出序列保熵性研究的基础,得到了如下主要结论:
2.利用指数和估计,给出了Z/(M)上任意n阶本原序列包含Z/(M)中所有元素的一个充分条件.理论分析表明对任意给定的M,当n充分大时,该充分条件总是成立的.实验进一步显示,对绝大部分的M而言,当n≥7时即可保证该条件成立.
3.估计了Z/(M)上n阶本原序列的模2压缩导出序列在长为L=「μ·T」的一个序列段内0,1出现的频率,其中T是压缩前本原序列的周期,0<μ≤1是任意给定的常数.然后基于此估计说明,对任意给定的M和μ,当n稍大时,0,1出现的频率的偏差约为1/M.但是这种不平衡性并不影响Z/(M)上模2压缩导出序列的密码应用,只要引入少量的异或运算,0,1之间的这种不平衡性很容易降到不可区分的程度.
4.给出偶元素出现的猜测:即Z/(M)上的任意1阶本原序列必含有非0偶元素.实验显示,当15≤M <300,000时,该猜想总是成立的.利用指数和及若干数论函数估计,本文给出了该猜想的部分证明:即存在无平方因子奇整数集的一个渐近密度为1的子集,使得该猜想总是成立的.
本文第三部分研究Z/(M)上模压缩导出序列的保熵性.设f(x)是Z/(M)上的n次本原多项式,整数H
6.具有模2保熵性的Z/(2~e-1)上的本原序列被认为特别适合用于构建序列密码的驱动部件.当e∈{4,8,16,32,64}时,本文证明了若Z/(2~e-1)上的n次本原多项式f(x)生成的任意本原序列均包含Z/(2~e-1)中的所有元素,则由f(x)生成的本原序列是模2保熵的.由第二部分元素分布的估计可知,当7≤n≤10000时,所述模2保熵性总是成立的.
7.当M是无平方因子的奇合数时,给出了Z/(M)上n次本原多项式生成的本原序列是模2保熵的首个充分条件.满足该充分条件的本原多项式集合的大小与第二部分中元素分布的研究密切相关.实验分析进一步显示,该集合涵盖了Z/(M)上绝大部分的n次本原多项式.
8.当M是无平方因子的奇合数时,证明了若Z/(M)上的本原多项式f (x)生成的任意本原序列均包含Z/(M)中的所有元素,则由f(x)生成的本原序列是模H保熵的,其中H被4整除或者H含有一个奇素数因子与M互素.
最后,本文给出了Z/(2~e-1)上本原序列快速生成的若干思考.通过分级多点反馈以及巧用分配律等技巧,有效地提高了Z/(2~e-1)上本原序列的软件生成效率.
Under the influence of NESSIE project and eSTREAM project, it is universally acceptedthat a secure stream cipher should be built on nonlinear driving blocks. Accordingly, how todesign and analyse sequences with desirable nonlinear structure naturally become one ofimportant topics in the field of stream ciphers.
Since the existence of carry operations, the linear recurring sequences over integer residuerings (called sequences over rings in short) inherently have complex nonlinear structure. Inliterature, two kinds of compression mappings have been proposed to derive nonlinear sequences:one is based on e-variable functions over Z/(p); the other is based on the modular operation. Thisdissertation is dedicated to study these two kinds of nonlinear sequences, in order to providemore theoretical foundations and technologies for their further applications.
Let pebe an odd prime power, f (x) a strongly primitive polynomial over Z/(pe), and a=a_0+a_1p++a_(e-1) p~(e-1)a primitive sequence generated by f (x) over Z/(pe). Let η (x_0, x_1,…, x_(e-2)) bean e1-variable function over Z/(p). The first part of this dissertation focus on sequences of theform a_(e-1)+η(a_0, a_1,…, a_(e-2)) and investigates their information distribution law. The mainresult is as follow.
1. If the coefficient of x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1)in η is not equal to (-1)~e (p+1)/2, then for any s∈Z/(p) and any k∈(Z/(p))*, the distribution of element s of a_(e-1)+η(a_0, a_1,…, a_(e-2)) at times twith α(t)=k contains all the information of the original sequence a. That is to say, if thedistribution of element s of a_(e-1)+η(a_0, a_1,…, a_(e-2)) is the same as that of b_(e-1)+η(b_0,b_1,…, b_(e-2) at times t with α(t)=k, then a=b, where a and b are two primitive sequencesgenerated by f (x) over Z/(pe), and α is an m-sequence over Z/(p) uniquely determined by f (x)and a_0. Moreover, it is shown that the two conditions: the coefficient of x_(e-2)~(p-1) x_1~(p-1)x_0~(p-1) in η isnot equal to (-1)~e (p+1)/2and k∈(Z/(p))*, are both necessary, since otherwise there existcounterexamples.
The second part of this dissertation focus on the element distribution of primitive sequencesover Z/(M), as well as the element distribution of their modulo2reductions, where M is an oddinteger that is composite and square-free. This part is not only independently interest, but alsoserves an important foundation for the next part. The main results we obtained are as follows.
2. Based on the estimates of exponential sums over integer residue rings, a sufficientcondition is given for ensuring that every element in Z/(M) occurs in any given primitivesequence of order n over Z/(M). Then it is shown that for any fixed M, the sufficient condition isalways satisfied if n is sufficiently large. Experimental data further implies that for the greatmajority of M, n≥7is already large enough.
3. Let a be a primitive sequence of order n over Z/(M) with period T and [a]mod2the modulo2reduction of a. For any s∈{0,1} and0<μ≤1, it is shown that the proportion of s within asegment of [a]mod2of length L=「μ·T」 tends to the average value (M+12s)/2M as n→∞.This implies that the element distribution of [a]mod2is often imbalanced, and the bias of theproportion of0and1is about1/M. However the bias can be easily reduced to anundistinguishable grade since a termwise exclusive or of several phase-shifts of [a]mod2will havedesirable element distribution property.
4. For any primitive sequence a of order1over Z/(M), it is conjectured that there must be anonzero even element occurring in a, which has been verified for all square-free odd integersless than300,000. Based on the estimates of exponential sums over integer residue rings andseveral number theoretical functions, the conjecture is partial proven by showing that there is asubset of square-free odd integers with asymptotic density1such that the conjecture is alwaystrue.
The third part of this dissertation focus on the distinctness of modular reductions ofprimitive sequences over Z/(M). Let f (x) be a primitive polynomial of degree n over Z/(M),H
6. For e∈{4,8,16,32,64}, it is shown that primitive sequences generated by a primitivepolynomial f (x) of order n over Z/(2~e-1) are pairwise distinct modulo2. This result is obtainedbasing on the assumption that every element in Z/(2~e-1) occurs in any given primitive sequencegenerated by f (x) over Z/(2~e-1), which it is known to be valid for7≤n≤10000.
7. For a general odd integer M that is composite and square-free, a sufficient condition isgiven for ensuring that primitive sequences generated by a primitive polynomial of degree n overZ/(M) are pairwise distinct modulo2. The number of primitive polynomials satisfying thesufficient condition is highly related to two distribution properties of primitive sequences overZ/(M), which have been studied in the second part of this paper. Moreover, expermental dataimply that the great majority of primitive polynomials of order n over Z/(M) can be included by the sufficient condition.
8. As for an odd integer M that is composite and square-free, under the assumption thatevery element in Z/(M) occurs in any given primitive sequence generated by f (x) over Z/(M), itis shown that primitive sequences generated by f (x) over Z/(M) are pairwise distinct modulo H,where H is an integer divisible by4or by an odd prime number coprime with M.
The last part of this paper focus on the software implemention of primitive sequences overZ/(2~e-1), and some effective technologies are introduced to improve its efficiency.
引文
[1] M. Briceno, I. Goldberg and D. Wagner. A pedagogical implementation of A5/1[EB/OL].http://www.scard.org, May1999.
[2] B. Schneier. Applied Cryptography[M]. New-York: Wiley,1996.
[3] Bluetooth SIG. Specification of the bluetooth system, Version1.1[EB/OL]. http://www.bluetooth.com,Feburary22,2001.
[4] ETSI/SAGE. Specification of the3GPP confidentiality and integrity algorithms UEA2&UIA2. Document2: SNOW3G specification[EB/OL]. http://www.3gpp.org/ftp,2006.
[5] ETSI/SAGE. Specification of the3GPP confidentiality and integrity algorithms128-EEA3&128-EIA3.Document4: design and evalutation report, version:2.0[EB/OL]. http://zuc.dacas.cn/thread.aspx?ID=2304,2011.
[6] C.E. Shannon. Communication theory of secrecy systems[J]. Bell System Technical Journal,1949,28:657-715.
[7] J.L. Masssey. Shift register sysnthesis and BCH decoding[J]. IEEE Transactions on Information Theory,1969,15(1):122-127.
[8] A. Menezes, P. Orschot and S. Vanstone. Handbook of Applied Cryptography[M]. Florida: CRC Press,October1996. The5th edition, August,2001.
[9] T. Siegenthaler. Decrypting a class of stream ciphers using ciphertext only[J]. IEEE Transactions onComputers,1985, C-34(1):81-85.
[10] W. Meier and O. Staffelbach. Fast correlation attacks on certain stream ciphers[J]. Journal of Cryptology,1989,1:159-176.
[11] N.T. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback[A]. In: Advances inCryptology-EUROCRYPT2003, LNCS2656[C]. Berlin: Springer-Verlag,2003,345-359.
[12] N.T. Courtois. Fast algebraic attacks on stream ciphers with linear feedback[A]. In: Advances inCryptology-CRYPTO2003, LNCS2729[C]. Berlin: Springer-Verlag,2003,176-194.
[13] eSTREAM the ECRYPT stream cipher project[EB/OL]. http://www.ecrypt.eu.org/stream/,2004.
[14] S. Babbage, C.De Cannière, A. Canteaut, et al. The eSTREAM portfolio[EB/OL]. http://www.ecrypt.eu.org/stvl/,2008.
[15] H.G Hu and G. Gong. Periods on two kinds of nonlinear feedback shift registers with time varyingfeedback functions[J]. International Journal of Foundations of Computer Science,2011,22(6):1317-1329.
[16]章佳敏. Galois NFSR与Fibonacci NFSR等价性的研究[D].郑州:解放军信息工程大学(硕士学位论文),2011.
[17]黄民强.环上本原序列的分析及其密码学评价[D].合肥:中国科技大学(博士学位论文),1988.
[18] A.S. Kuzmin and A.A. Nechaev. Linear recurring sequences over Galois ring[J]. Russian MathmaticalSurveys,1993,48:171-172.
[19]朱宣勇.环上本原序列保熵压缩映射的研究[D].郑州:解放军信息工程大学(博士学位论文),2004.
[20] X.Y. Zhu and W.F. Qi. On the distinctness of modular reductions of maximal length sequences moduloodd prime powers[J]. Mathematics of Computation,2008,77(263):1623-1637.
[21] M. Ward. The distribution of residues in a sequence satisfying a linear recursion relation[J]. Transactionsof the American Mathematical Society,1931,33:166-190.
[22] M. Ward. Some arithmetical properties of sequences satisfying a linear recursion ralation[J]. Annals ofMathematics,1931,32(2):734-738.
[23] M. Ward. The arithmetical theory of linear recurring series[J]. Transactions of the American MathematicalSociety,1933,35:600-628.
[24] M. Ward. An arithmetical property of recurring series of the second order[J]. Bulletin of the AmericanMathematical Society,1934,40(12):825-828.
[25] M. Ward. Arithmetical properties of sequences in rings[J]. Annals of Mathematics,1938,39(1):210-219.
[26] J.A. Reeds and N.J.A. Sloane. Shift-register synthesis (modulo m)[J]. SIAM Journal of computing,1985,14(3):505-513.
[27] A. Klapper and M. Goresky. Feedback shift register,2-adic span, and combiners with memory[J]. Journalof Cryptology,1997,10(2):111-147.
[28]周锦君,戚文峰.环Z/(m)上线性递归序列的若干特性[J].数学季刊,1990,5(1-2):166-171.
[29] A.S. Kuzmin and A.A. Nechaev. Construction of noise-resistant codes by means of linear recurrencesover Galois rings[J]. Russian Mathmatical Surveys,1992,47(5):189-190.
[30] A.S. Kuzmin. The distribution of elements on cycles of linear recurrents over ring of residues[J]. RussianMathmatical Surveys,1992,47(6):219-221.
[31]张亚娟. GR(4, r)上本原序列的元素分布[D].郑州:解放军信息工程大学(硕士学位论文),2000.
[32]祝跃飞,张亚娟. GR(4, r)上本原序列的元素分布[J].数学进展,2002,31(1):20-30.
[33] O.V. Kamlovski and A.S. Kuzmin. Distribution of elements on cycles of linear recurrent sequences overGalois rings[J]. Russian Mathmatical Surveys,1998,53(2):392-393.
[34] W.F. Qi and J.J. Zhou. The distribution of0and1in the highest level of primitive sequences over Z/(2e)(II)[J]. Chinese Science Bulletin,1998,43(8):633-635.
[35]戚文峰.环Z/(2e)上本原序列的压缩映射及其导出序列的分析[D].郑州:解放军信息工程大学(博士学位论文),1997.
[36]朱凤翔,戚文峰. Z/(2e)上本原最高权位序列的随机性质[J].应用数学学报,2002,25(2):244-253.
[37] H.J. Chen and W.F. Qi. On the distinctness of maximal length sequences over Z/(pq) modulo2[J]. FiniteFields and Their Applications,2009,15(2):23-39.
[38]戚文峰,周锦君.环Z/(2d)上本原序列的保熵映射类[J].自然科学进展,1999,9(3):209-215.
[39] W.F. Qi, J.H. Yang and J.J. Zhou. ML-sequences over rings Z/(2e)[A]. In: Advances inCryptology-ASIACRYPT’98, LNCS1514[C]. Berlin: Springer-Verlag,1998:315-325.
[40] X.Y. Zhu and W.F. Qi. Compression mappings on primitive sequences over Z/(pe)[J]. IEEE Transactionson Information Theory,2004,50(10):2442-2448.
[41] X.Y. Zhu and W.F. Qi. Further result of compressing maps on primitive sequences modulo odd primepowers[J]. IEEE Transactions on Information Theory,2007,53(8):2985-2990.
[42] T. Tian and W.F. Qi. Injectivity of compressing maps on primitive sequences over Z/(pe)[J]. IEEETransactions on Information Theory,2007,53(8):2960-2966.
[43] Z.H. Sun and W.F. Qi. Injective maps on primitive sequences over Z/(pe)[J]. Applied Mathematics-AJournal of Chinese Universities, B,2007,22(4):496-477.
[44] X.Y. Zhu and W.F. Qi. Uniqueness of the distribution of zeroes of primitive level sequences over Z/(pe)[J].Finite Fields and Their Applications,2005,11(1):30-44.
[45] X.Y. Zhu and W.F. Qi. Uniqueness of the distribution of zeroes of primitive level sequences overZ/(pe)(II)[J]. Finite Fields and Their Applications,2007,13(2):230-248.
[46]郑群雄,戚文峰.环Z/(2e)上压缩序列ae1+η(a0, a1,…, ae2)的局部保熵性[J].信息工程大学学报,2009,10(3):301-305.
[47] W.F. Qi and J.J. Zhou. The distribution of0and1in the highest level of primitive sequences overZ/(2e)[J]. Science in China, Series A,1997,40(6):606-611.
[48]戴宗铎,叶顶锋,王平,方根溪. Galois环导出p元序列中元素组的分布及其渐近均匀性[J].通信学报,2005,23(5):39-44.
[49] S.Q. Fan and W.B. Han. Random properties of the highest level sequences of primitive sequences overZ/(2e)[J]. IEEE Transactions on Information Theory,2003,49(6):1553-1557.
[50] P. Sole and D. Zinoviev. The most significant bit of maximum length sequences over Z/(2l):autocorrelation and imbalance[J]. IEEE Transactions on Information Theory,2004,50(8):1844-1846.
[51] H.G. Hu, D.G. Feng and W.L. Wu. Imcomplete exponential sums over galois rings with applications tosome binary sequences derived from Z/(2l)[J]. IEEE Transactions on Information Theory,2006,52(5):2260-2265.
[52] P. Sole and D. Zinoviev. Distribution of r-pattern in the most significant bit of maximum length sequencesover Z/(2l)[A]. In: Sequences and Their Applications-SETA2004, LNCS3486[C]. Berlin: Springer-Verlag,2004:275-281.
[53]胡红钢.几类伪随机序列的研究[D].北京:中国科学院研究生院(博士学位论文),2005.
[54] S.W. Golomb. Shift Register Seuqences[M]. San Franscisco, CA: Holden-Day,1967.
[55] S. Boztas, R. Hammons and P.V. Kumar.4-phase sequences with near-optimum correlation properties[J].IEEE Transactions on Information Theory,1992,38(3):1101-1113.
[56] S. Barg. On small families of sequences with low periodic correlation[A]. In Algebraic Coding, LNCS781[C]. Berlin: Springer-Verlag,1994:154-158.
[57] T. Helleseth and P.V. Kumar. Sequences With Low Correlation (Handbook of Coding Theory, vol II)[M].Amsterdam: Elsevier,1998.
[58] J. Lahtonen, S. Ling, P. Sole and D. Zinoviev. Z8-Kerdock codes and pseudo-random binary sequences[J].Journal of Complexity,2004,20(2-3):318-330.
[59] X.H. Tang, T. Helleseth and A. Johansen. On the correlation distribution of Kerdock sequences[A]. In:Sequences and Their Applications-SETA2008, LNCS5203[C]. Berlin: Springer-Verlag,2008:121-129.
[60] V.L. Kurakin. The first coordinate sequence of a linear recurrence of maximal period over a Galois ring[J].Discrete Math. Appl.,1994,4(2):129-141.
[61] Z.I. Borevich and I.R. Shafarcvich. Number Theory[M]. Nauka, Moscow,1985.
[62] Z.D. Dai, T. Beth and D. Gollman. Lower bounds for the linear complexity of sequences over residuering[A]. In: Advances in Cryptology-EUROCRYPT’90, LNCS473[C]. Berlin: Springer-Verlag,1991:189-195.
[63] A.S. Kuzmin and A.A. Nechaev. Linear recurring sequences over Galois ring[J]. Russian MathmaticalSurveys,1993,48(1):171-172.
[64] A.S. Kuzmin. Low estimates for the ranks of coordinate sequences of linear recurrent sequences overprimary residue rings of integers[J]. Russian Mathmatical Surveys,1993,48(3):203-204.
[65] Z.D. Dai. Binary sequences derived from ML-sequences over rings I: periods and minimal polynomials[J].Journal of Cryptology,1992,5(4):193-207.
[66] X.Y. Zhu and W.F. Qi. The nonlinear complexity of level sequences over Z/(4)[J]. Finite Field and TheirApplications,2006,12(1):103-127.
[67]刘峰.剩余类环Z/(2e)上一类保熵映射的还原问题[D].郑州:解放军信息工程学院(硕士学位论文),1999.
[68]刘峰,刘春雷. Z(n)p/peZ(n)p上序列的一类保熵映射的还原问题[J].信息工程学院学报,1999,18(2):5-9.
[69] D.N. Bylkow and A.A. Nechaev. An algorithm to restore a linear recurring sequence over the ring R=Zpnfrom a linear complication of its highest coordinate sequence[J]. Discrete Mathematics and Applications,2010,20(5-6):591-609.
[70] A.S. Kuzmin, G.B. Marchalko and A.A. Neachev. Reconstruction of a linear recurrence over a primaryresidue ring[J]. Memoires in Discr. Math.,2009,12:155-194.(in Russian)
[71] A.H. Chan and R.A. Games. On the linear span of binary sequences obtained from finite geometries[A].In: Advances in Cryptology-CRYPTO’86, LNCS263[C]. Berlin: Springer-Verlag,1987:405-417.
[72] Z.D. Dai. Binary sequences derived from ML-sequences over rings I: periods and minimal polynomials[J].Journal of Cryptology,1992,5(3):193-207.
[73] A. Klimov and A. Shamir. A new class of invertible mappings[A]. In: Cryptographic Hardware andEmbedded Systems: CHES2002, LNCS2523[C]. Berlin: Springer-Verlag,2003:470-483.
[74]陈华瑾.环Z/(pq)上本原序列模压缩映射的保熵性[D].郑州:解放军信息工程大学(硕士学位论文),2009.
[75] T. Tian and W.F. Qi. Typical primitive polynomials over integer residue rings[J]. Finite Fields and TheirApplications,2009,15(6):796-807.
[76] H. Xu and W.F. Qi. Further result on the distinctness of decimations of l-sequences[J]. IEEE Transactionson Information Theory,2006,52(8):3831-3836.
[77] T. Cochrane and S. Konyagin. Proof of the Goresky Klapper conjecture on decimations of L-sequences[J].SIAM Journal on Discrete Mathematics,2011,25(4):1812-1831.
[78] M. Goresky and A. Klapper. Arithmetic crosscorrelations of feedback with carry shift registersequences[J]. IEEE Transactions on Information Theory,1997,43(4):1342-1345.
[79] M. Goresky, A. Klapper and R. Murty. On the distinctness of decimations of l-sequences[A]. InSequences and Their Applications-SETA’01(Discrete Mathematics and Theoretical ComputerScience)[C]. New York: Springer-Verlag,2002.
[80] M. Goresky, A. Klapper, R. Murty and I. Shparlinski. On decimations of l-sequences[J]. SIAM Journalon Discrete Mathematics,2004,18(1):130-140.
[81] T. Tian and W.F. Qi. Autocorrelation and distinctness of decimations of l-sequences based on primes[J].SIAM Journal on Discrete Mathematics,2009,23(2):805-821.
[82] J. Bourain, T. Cochrane, J. Paulhus and C. Pinner. Decimations of l-sequences and permutations of evenresidues mod p[J]. SIAM Journal on Discrete Mathematics,2009,23(2):842-857.
[83]徐洪.极大周期FCSR序列及相关序列伪随机性质的研究[D].郑州:解放军信息工程大学(博士学位论文),2007.
[84]田甜.带进位反馈移位寄存器序列的分析[D].郑州:解放军信息工程大学(博士学位论文),2010.
[85] M. Goresky and A. Klapper. Algebraic Shift Register Sequences[M]. Cambridge: Cambridge UniversityPress,2012.
[86] M. Hell and T. Johansson. Breaking the F-FCSR-H stream cipher in real time[A]. In: Advances inCryptology-ASIACRYPT2008, LNCS5350[C]. Berlin: Springer-Verlag,2008,557-569.
[87] H. Xu and W.F. Qi. On the distinctness of decimations of Generalized l-sequences[A]. In Sequences andTheir Applications-SETA2006, LNCS4086[C]. Berlin: Springer-Verlag,2002:313-322.
[88] V.L. Kurakin, A.S. Kuzmin, A.V. Mikhalev and A.A. Nechaev. Linear recurring sequences over rings andmodules[J]. Journal of Mathematical Sciences,1995,76(6):2793-2915.
[89] R. Lidl and H. Niederreiter. Finite Fields[M]. MA: Addison-Wesley,1983.
[90]郑群雄.环Z/(pe)上压缩导出序列局部保熵性研究[D].郑州:解放军信息工程大学(硕士学位论文),2009.
[91] T. Cochrane. On a trigonometric inequality of Vinogradov[J]. Journal of Number Theory,1987,27(1):9-16.
[92] N.M. Korobov. Exponential Sums and Their Applications[M]. Dordrecht: Kluwer,1992.
[93]陈传璋等.数学分析(第二版上册)[M].北京:高等教育出版社,1983.
[94] Y. Bugeaud, P. Corvaja and U. Zannier. An upper bound for the G.C.D. of an1and bn1[J].Mathematische Zeitschrift,2003,243(1):79-84.
[95] K. Prachar. Primzahlverteilung[M]. Berlin: Springer-Verlag,1957.
[96] P. Erdos, C. Pomerance and E. Schmutz. Carmichael’s lambda function[J]. Acta Arithmetica,1991,58:363-385.
[97] G.J.O. Jameson. Even and odd square-free numbers[J]. The Mathematical Gazette,2010,94:123-127.
[98] H.L. Garner. The residue number system[J]. IRE Transactions on Electronic Computers,1959, EC-8(2):140-147.
[99] D. Hankerson, A. Menezes and S. Vanstone. Guide to Elliptic Curve Cryptography[M]. New York:Springer,2004.
[2] B. Schneier. Applied Cryptography[M]. New-York: Wiley,1996.
[3] Bluetooth SIG. Specification of the bluetooth system, Version1.1[EB/OL]. http://www.bluetooth.com,Feburary22,2001.
[4] ETSI/SAGE. Specification of the3GPP confidentiality and integrity algorithms UEA2&UIA2. Document2: SNOW3G specification[EB/OL]. http://www.3gpp.org/ftp,2006.
[5] ETSI/SAGE. Specification of the3GPP confidentiality and integrity algorithms128-EEA3&128-EIA3.Document4: design and evalutation report, version:2.0[EB/OL]. http://zuc.dacas.cn/thread.aspx?ID=2304,2011.
[6] C.E. Shannon. Communication theory of secrecy systems[J]. Bell System Technical Journal,1949,28:657-715.
[7] J.L. Masssey. Shift register sysnthesis and BCH decoding[J]. IEEE Transactions on Information Theory,1969,15(1):122-127.
[8] A. Menezes, P. Orschot and S. Vanstone. Handbook of Applied Cryptography[M]. Florida: CRC Press,October1996. The5th edition, August,2001.
[9] T. Siegenthaler. Decrypting a class of stream ciphers using ciphertext only[J]. IEEE Transactions onComputers,1985, C-34(1):81-85.
[10] W. Meier and O. Staffelbach. Fast correlation attacks on certain stream ciphers[J]. Journal of Cryptology,1989,1:159-176.
[11] N.T. Courtois and W. Meier. Algebraic attacks on stream ciphers with linear feedback[A]. In: Advances inCryptology-EUROCRYPT2003, LNCS2656[C]. Berlin: Springer-Verlag,2003,345-359.
[12] N.T. Courtois. Fast algebraic attacks on stream ciphers with linear feedback[A]. In: Advances inCryptology-CRYPTO2003, LNCS2729[C]. Berlin: Springer-Verlag,2003,176-194.
[13] eSTREAM the ECRYPT stream cipher project[EB/OL]. http://www.ecrypt.eu.org/stream/,2004.
[14] S. Babbage, C.De Cannière, A. Canteaut, et al. The eSTREAM portfolio[EB/OL]. http://www.ecrypt.eu.org/stvl/,2008.
[15] H.G Hu and G. Gong. Periods on two kinds of nonlinear feedback shift registers with time varyingfeedback functions[J]. International Journal of Foundations of Computer Science,2011,22(6):1317-1329.
[16]章佳敏. Galois NFSR与Fibonacci NFSR等价性的研究[D].郑州:解放军信息工程大学(硕士学位论文),2011.
[17]黄民强.环上本原序列的分析及其密码学评价[D].合肥:中国科技大学(博士学位论文),1988.
[18] A.S. Kuzmin and A.A. Nechaev. Linear recurring sequences over Galois ring[J]. Russian MathmaticalSurveys,1993,48:171-172.
[19]朱宣勇.环上本原序列保熵压缩映射的研究[D].郑州:解放军信息工程大学(博士学位论文),2004.
[20] X.Y. Zhu and W.F. Qi. On the distinctness of modular reductions of maximal length sequences moduloodd prime powers[J]. Mathematics of Computation,2008,77(263):1623-1637.
[21] M. Ward. The distribution of residues in a sequence satisfying a linear recursion relation[J]. Transactionsof the American Mathematical Society,1931,33:166-190.
[22] M. Ward. Some arithmetical properties of sequences satisfying a linear recursion ralation[J]. Annals ofMathematics,1931,32(2):734-738.
[23] M. Ward. The arithmetical theory of linear recurring series[J]. Transactions of the American MathematicalSociety,1933,35:600-628.
[24] M. Ward. An arithmetical property of recurring series of the second order[J]. Bulletin of the AmericanMathematical Society,1934,40(12):825-828.
[25] M. Ward. Arithmetical properties of sequences in rings[J]. Annals of Mathematics,1938,39(1):210-219.
[26] J.A. Reeds and N.J.A. Sloane. Shift-register synthesis (modulo m)[J]. SIAM Journal of computing,1985,14(3):505-513.
[27] A. Klapper and M. Goresky. Feedback shift register,2-adic span, and combiners with memory[J]. Journalof Cryptology,1997,10(2):111-147.
[28]周锦君,戚文峰.环Z/(m)上线性递归序列的若干特性[J].数学季刊,1990,5(1-2):166-171.
[29] A.S. Kuzmin and A.A. Nechaev. Construction of noise-resistant codes by means of linear recurrencesover Galois rings[J]. Russian Mathmatical Surveys,1992,47(5):189-190.
[30] A.S. Kuzmin. The distribution of elements on cycles of linear recurrents over ring of residues[J]. RussianMathmatical Surveys,1992,47(6):219-221.
[31]张亚娟. GR(4, r)上本原序列的元素分布[D].郑州:解放军信息工程大学(硕士学位论文),2000.
[32]祝跃飞,张亚娟. GR(4, r)上本原序列的元素分布[J].数学进展,2002,31(1):20-30.
[33] O.V. Kamlovski and A.S. Kuzmin. Distribution of elements on cycles of linear recurrent sequences overGalois rings[J]. Russian Mathmatical Surveys,1998,53(2):392-393.
[34] W.F. Qi and J.J. Zhou. The distribution of0and1in the highest level of primitive sequences over Z/(2e)(II)[J]. Chinese Science Bulletin,1998,43(8):633-635.
[35]戚文峰.环Z/(2e)上本原序列的压缩映射及其导出序列的分析[D].郑州:解放军信息工程大学(博士学位论文),1997.
[36]朱凤翔,戚文峰. Z/(2e)上本原最高权位序列的随机性质[J].应用数学学报,2002,25(2):244-253.
[37] H.J. Chen and W.F. Qi. On the distinctness of maximal length sequences over Z/(pq) modulo2[J]. FiniteFields and Their Applications,2009,15(2):23-39.
[38]戚文峰,周锦君.环Z/(2d)上本原序列的保熵映射类[J].自然科学进展,1999,9(3):209-215.
[39] W.F. Qi, J.H. Yang and J.J. Zhou. ML-sequences over rings Z/(2e)[A]. In: Advances inCryptology-ASIACRYPT’98, LNCS1514[C]. Berlin: Springer-Verlag,1998:315-325.
[40] X.Y. Zhu and W.F. Qi. Compression mappings on primitive sequences over Z/(pe)[J]. IEEE Transactionson Information Theory,2004,50(10):2442-2448.
[41] X.Y. Zhu and W.F. Qi. Further result of compressing maps on primitive sequences modulo odd primepowers[J]. IEEE Transactions on Information Theory,2007,53(8):2985-2990.
[42] T. Tian and W.F. Qi. Injectivity of compressing maps on primitive sequences over Z/(pe)[J]. IEEETransactions on Information Theory,2007,53(8):2960-2966.
[43] Z.H. Sun and W.F. Qi. Injective maps on primitive sequences over Z/(pe)[J]. Applied Mathematics-AJournal of Chinese Universities, B,2007,22(4):496-477.
[44] X.Y. Zhu and W.F. Qi. Uniqueness of the distribution of zeroes of primitive level sequences over Z/(pe)[J].Finite Fields and Their Applications,2005,11(1):30-44.
[45] X.Y. Zhu and W.F. Qi. Uniqueness of the distribution of zeroes of primitive level sequences overZ/(pe)(II)[J]. Finite Fields and Their Applications,2007,13(2):230-248.
[46]郑群雄,戚文峰.环Z/(2e)上压缩序列ae1+η(a0, a1,…, ae2)的局部保熵性[J].信息工程大学学报,2009,10(3):301-305.
[47] W.F. Qi and J.J. Zhou. The distribution of0and1in the highest level of primitive sequences overZ/(2e)[J]. Science in China, Series A,1997,40(6):606-611.
[48]戴宗铎,叶顶锋,王平,方根溪. Galois环导出p元序列中元素组的分布及其渐近均匀性[J].通信学报,2005,23(5):39-44.
[49] S.Q. Fan and W.B. Han. Random properties of the highest level sequences of primitive sequences overZ/(2e)[J]. IEEE Transactions on Information Theory,2003,49(6):1553-1557.
[50] P. Sole and D. Zinoviev. The most significant bit of maximum length sequences over Z/(2l):autocorrelation and imbalance[J]. IEEE Transactions on Information Theory,2004,50(8):1844-1846.
[51] H.G. Hu, D.G. Feng and W.L. Wu. Imcomplete exponential sums over galois rings with applications tosome binary sequences derived from Z/(2l)[J]. IEEE Transactions on Information Theory,2006,52(5):2260-2265.
[52] P. Sole and D. Zinoviev. Distribution of r-pattern in the most significant bit of maximum length sequencesover Z/(2l)[A]. In: Sequences and Their Applications-SETA2004, LNCS3486[C]. Berlin: Springer-Verlag,2004:275-281.
[53]胡红钢.几类伪随机序列的研究[D].北京:中国科学院研究生院(博士学位论文),2005.
[54] S.W. Golomb. Shift Register Seuqences[M]. San Franscisco, CA: Holden-Day,1967.
[55] S. Boztas, R. Hammons and P.V. Kumar.4-phase sequences with near-optimum correlation properties[J].IEEE Transactions on Information Theory,1992,38(3):1101-1113.
[56] S. Barg. On small families of sequences with low periodic correlation[A]. In Algebraic Coding, LNCS781[C]. Berlin: Springer-Verlag,1994:154-158.
[57] T. Helleseth and P.V. Kumar. Sequences With Low Correlation (Handbook of Coding Theory, vol II)[M].Amsterdam: Elsevier,1998.
[58] J. Lahtonen, S. Ling, P. Sole and D. Zinoviev. Z8-Kerdock codes and pseudo-random binary sequences[J].Journal of Complexity,2004,20(2-3):318-330.
[59] X.H. Tang, T. Helleseth and A. Johansen. On the correlation distribution of Kerdock sequences[A]. In:Sequences and Their Applications-SETA2008, LNCS5203[C]. Berlin: Springer-Verlag,2008:121-129.
[60] V.L. Kurakin. The first coordinate sequence of a linear recurrence of maximal period over a Galois ring[J].Discrete Math. Appl.,1994,4(2):129-141.
[61] Z.I. Borevich and I.R. Shafarcvich. Number Theory[M]. Nauka, Moscow,1985.
[62] Z.D. Dai, T. Beth and D. Gollman. Lower bounds for the linear complexity of sequences over residuering[A]. In: Advances in Cryptology-EUROCRYPT’90, LNCS473[C]. Berlin: Springer-Verlag,1991:189-195.
[63] A.S. Kuzmin and A.A. Nechaev. Linear recurring sequences over Galois ring[J]. Russian MathmaticalSurveys,1993,48(1):171-172.
[64] A.S. Kuzmin. Low estimates for the ranks of coordinate sequences of linear recurrent sequences overprimary residue rings of integers[J]. Russian Mathmatical Surveys,1993,48(3):203-204.
[65] Z.D. Dai. Binary sequences derived from ML-sequences over rings I: periods and minimal polynomials[J].Journal of Cryptology,1992,5(4):193-207.
[66] X.Y. Zhu and W.F. Qi. The nonlinear complexity of level sequences over Z/(4)[J]. Finite Field and TheirApplications,2006,12(1):103-127.
[67]刘峰.剩余类环Z/(2e)上一类保熵映射的还原问题[D].郑州:解放军信息工程学院(硕士学位论文),1999.
[68]刘峰,刘春雷. Z(n)p/peZ(n)p上序列的一类保熵映射的还原问题[J].信息工程学院学报,1999,18(2):5-9.
[69] D.N. Bylkow and A.A. Nechaev. An algorithm to restore a linear recurring sequence over the ring R=Zpnfrom a linear complication of its highest coordinate sequence[J]. Discrete Mathematics and Applications,2010,20(5-6):591-609.
[70] A.S. Kuzmin, G.B. Marchalko and A.A. Neachev. Reconstruction of a linear recurrence over a primaryresidue ring[J]. Memoires in Discr. Math.,2009,12:155-194.(in Russian)
[71] A.H. Chan and R.A. Games. On the linear span of binary sequences obtained from finite geometries[A].In: Advances in Cryptology-CRYPTO’86, LNCS263[C]. Berlin: Springer-Verlag,1987:405-417.
[72] Z.D. Dai. Binary sequences derived from ML-sequences over rings I: periods and minimal polynomials[J].Journal of Cryptology,1992,5(3):193-207.
[73] A. Klimov and A. Shamir. A new class of invertible mappings[A]. In: Cryptographic Hardware andEmbedded Systems: CHES2002, LNCS2523[C]. Berlin: Springer-Verlag,2003:470-483.
[74]陈华瑾.环Z/(pq)上本原序列模压缩映射的保熵性[D].郑州:解放军信息工程大学(硕士学位论文),2009.
[75] T. Tian and W.F. Qi. Typical primitive polynomials over integer residue rings[J]. Finite Fields and TheirApplications,2009,15(6):796-807.
[76] H. Xu and W.F. Qi. Further result on the distinctness of decimations of l-sequences[J]. IEEE Transactionson Information Theory,2006,52(8):3831-3836.
[77] T. Cochrane and S. Konyagin. Proof of the Goresky Klapper conjecture on decimations of L-sequences[J].SIAM Journal on Discrete Mathematics,2011,25(4):1812-1831.
[78] M. Goresky and A. Klapper. Arithmetic crosscorrelations of feedback with carry shift registersequences[J]. IEEE Transactions on Information Theory,1997,43(4):1342-1345.
[79] M. Goresky, A. Klapper and R. Murty. On the distinctness of decimations of l-sequences[A]. InSequences and Their Applications-SETA’01(Discrete Mathematics and Theoretical ComputerScience)[C]. New York: Springer-Verlag,2002.
[80] M. Goresky, A. Klapper, R. Murty and I. Shparlinski. On decimations of l-sequences[J]. SIAM Journalon Discrete Mathematics,2004,18(1):130-140.
[81] T. Tian and W.F. Qi. Autocorrelation and distinctness of decimations of l-sequences based on primes[J].SIAM Journal on Discrete Mathematics,2009,23(2):805-821.
[82] J. Bourain, T. Cochrane, J. Paulhus and C. Pinner. Decimations of l-sequences and permutations of evenresidues mod p[J]. SIAM Journal on Discrete Mathematics,2009,23(2):842-857.
[83]徐洪.极大周期FCSR序列及相关序列伪随机性质的研究[D].郑州:解放军信息工程大学(博士学位论文),2007.
[84]田甜.带进位反馈移位寄存器序列的分析[D].郑州:解放军信息工程大学(博士学位论文),2010.
[85] M. Goresky and A. Klapper. Algebraic Shift Register Sequences[M]. Cambridge: Cambridge UniversityPress,2012.
[86] M. Hell and T. Johansson. Breaking the F-FCSR-H stream cipher in real time[A]. In: Advances inCryptology-ASIACRYPT2008, LNCS5350[C]. Berlin: Springer-Verlag,2008,557-569.
[87] H. Xu and W.F. Qi. On the distinctness of decimations of Generalized l-sequences[A]. In Sequences andTheir Applications-SETA2006, LNCS4086[C]. Berlin: Springer-Verlag,2002:313-322.
[88] V.L. Kurakin, A.S. Kuzmin, A.V. Mikhalev and A.A. Nechaev. Linear recurring sequences over rings andmodules[J]. Journal of Mathematical Sciences,1995,76(6):2793-2915.
[89] R. Lidl and H. Niederreiter. Finite Fields[M]. MA: Addison-Wesley,1983.
[90]郑群雄.环Z/(pe)上压缩导出序列局部保熵性研究[D].郑州:解放军信息工程大学(硕士学位论文),2009.
[91] T. Cochrane. On a trigonometric inequality of Vinogradov[J]. Journal of Number Theory,1987,27(1):9-16.
[92] N.M. Korobov. Exponential Sums and Their Applications[M]. Dordrecht: Kluwer,1992.
[93]陈传璋等.数学分析(第二版上册)[M].北京:高等教育出版社,1983.
[94] Y. Bugeaud, P. Corvaja and U. Zannier. An upper bound for the G.C.D. of an1and bn1[J].Mathematische Zeitschrift,2003,243(1):79-84.
[95] K. Prachar. Primzahlverteilung[M]. Berlin: Springer-Verlag,1957.
[96] P. Erdos, C. Pomerance and E. Schmutz. Carmichael’s lambda function[J]. Acta Arithmetica,1991,58:363-385.
[97] G.J.O. Jameson. Even and odd square-free numbers[J]. The Mathematical Gazette,2010,94:123-127.
[98] H.L. Garner. The residue number system[J]. IRE Transactions on Electronic Computers,1959, EC-8(2):140-147.
[99] D. Hankerson, A. Menezes and S. Vanstone. Guide to Elliptic Curve Cryptography[M]. New York:Springer,2004.