The Asymptotic Behavior of the Joint Linear Complexity Profile of Multisequences

Monatsh. Math. 150, 141–155 (2007)

DOI 10.1007/s00605-005-0392-2

Printed in The Netherlands

The Asymptotic Behavior of the Joint LinearComplexity Profile of Multisequences

By

Harald Niederreiter and Li-Ping Wang

National University of Singapore, Singapore

Communicated by J. Schoissengeier

Received September 26, 2005; accepted December 6, 2005Published online April 20, 2006 # Springer-Verlag 2006

Abstract. We prove a conjecture on the asymptotic behavior of the joint linear complexity profile ofrandom multisequences over a finite field. This conjecture was previously shown only in the specialcases of single sequences and pairs of sequences. We also establish an asymptotic formula for theexpected value of the nth joint linear complexity of random multisequences over a finite field. Somemore precise results are shown for triples of sequences.

2000 Mathematics Subject Classification: 11B99, 11T71, 94A55, 94A60Key words: Multisequences, joint linear complexity, joint linear complexity profile

1. Introduction

Let Fq be the finite field of order q, where q is an arbitrary prime power. By asequence over Fq we mean a sequence of elements of Fq. More generally, for aninteger m5 1, an m-fold multisequence over Fq is an m-tuple of sequences over Fq.In other words, an m-fold multisequence over Fq is given by S ¼ ðS1; . . . ; SmÞ,where each Sj, j ¼ 1; 2; . . . ;m, is a sequence over Fq.

In several areas, such as pseudorandom vector generation and cryptology, one isinterested in how well (initial segments of) multisequences over Fq can be simulatedby linear recurring sequences over Fq. We refer to [8, Chapter 8] for the basicterminology and facts on linear recurring sequences over finite fields. The conceptsintroduced in the following definition are fundamental for the present work.

Definition 1. Let n be a positive integer and let S ¼ ðS1; . . . ; SmÞ be an m-foldmultisequence over Fq. Then the nth joint linear complexity LðmÞn ðSÞ of S is the leastorder of a linear recurrence relation over Fq that simultaneously generates the firstn terms of each sequence Sj, j ¼ 1; 2; . . . ;m. The sequence L

ðmÞ1 ðSÞ, LðmÞ2 ðSÞ; . . . of

nonnegative integers is called the joint linear complexity profile of S.We always have 04LðmÞn ðSÞ4 n and LðmÞn ðSÞ4L

ðmÞnþ1ðSÞ. Note that the defini-

tion of LðmÞn ðSÞ makes sense also if each Sj, j ¼ 1; 2; . . . ;m, is a finite sequencecontaining at least n terms. This remark will be used later on, for instance inSection 2.

An important question, particularly for applications to cryptology (see [14]), isthat of the asymptotic behavior of the joint linear complexity profile of randommultisequences over Fq. For single sequences over Fq, i.e., for m ¼ 1, it is knownfor a long time (see [13]) that

limn!1

Lð1Þn ðSÞn

¼ 1

2�1q -a:e:; ð1Þ

where �1q is the Haar measure on the sequence space F1q over Fq. Here F1q is

viewed as the compact abelian group that is obtained as the product of denumer-ably many copies of the discrete additive group Fq. For m52 there is a folkloreconjecture (see e.g. [18] and [20]) about the result corresponding to (1) for m-foldmultisequences over Fq. Wang and Niederreiter [18] recently proved this conjec-ture for m ¼ 2. The main result of the present paper is a proof of this conjecture forall values of m (see Theorem 5).

We note that the joint linear complexity and the joint linear complexity profile ofmultisequences have received a lot of attention recently. Feng, Wang, and Dai [5],Xing [20], and Xing, Lam, and Wei [21] constructed multisequences with specialjoint linear complexity profiles. Wang, Zhu, and Pei [19] discussed algorithmicaspects of the joint linear complexity profile. The papers by Fu, Niederreiter, andSu [6], Meidl [10], and Meidl and Niederreiter [11] are devoted to the study of thejoint linear complexity of periodic multisequences. Meidl and Winterhof [12] provedbounds for the joint linear complexity profile of a special family of multisequences.Probabilistic results on the joint linear complexity profile of multisequences wereobtained by Feng and Dai [4] and Wang and Niederreiter [18]. Dai, Imamura, andYang [2] considered aspects of the asymptotic behavior of the joint linear complexityprofile of multisequences. A recent survey article on linear complexity, whichincludes material on the joint linear complexity, is Niederreiter [14]. For earlier workwe refer to the books of Cusick, Ding, and Renvall [1] and Ding, Xiao, and Shan [3].

The rest of the paper is organized as follows. In Section 2 we review somebackground from the authors’ paper [18] which is necessary for the proof ofTheorem 5 and for Section 5. We also include other preparatory material in thissection. Section 3 contains the statement and the proof of the main result of thepaper (Theorem 5). An easy consequence for, and other remarks on, expectedvalues of joint linear complexities are given in Section 4. More refined resultsfor the special case m ¼ 3 are shown in Section 5.

2. Preliminaries

We recall some notation from [18]. For any integers m5 1 and L5 1, letPðm; LÞ be the set of m-tuples I ¼ ði1; . . . ; imÞ2Zm with i1 5 i2 5 � � � 5 im 5 0and i1 þ � � � þ im ¼ L. For any I ¼ ði1; . . . ; imÞ2Pðm; LÞ, let �ðIÞ be the number ofpositive entries in I. Then I can be written in the form

I ¼ ði1; . . . ; isI;1|fflfflfflfflfflffl{zfflfflfflfflfflffl}sI;1

; isI;1þ1; . . . ; isI;1þsI;2|fflfflfflfflfflfflfflfflfflfflfflfflffl{zfflfflfflfflfflfflfflfflfflfflfflfflffl}sI;2

; . . . ; isI;1þ��þsI;t�1þ1; . . . ; isI;1þ��þsI;t|fflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflffl{zfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflffl}sI;t

;

. . . ; isI;1þ��þsI;�ðIÞ�1þ1; . . . ; isI;1þ��þsI;�ðIÞ|fflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflffl{zfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflfflffl}sI;�ðIÞ

; i�ðIÞþ1; . . . ; im|fflfflfflfflfflfflfflfflffl{zfflfflfflfflfflfflfflfflffl}sI;�ðIÞþ1

Þ;

142 H. Niederreiter and L.-P. Wang

where isI;1þ��þsI;t�1þ1 ¼ � � � ¼ isI;1þ��þsI;t > isI;1þ��þsI;tþ1 for 14 t4�ðIÞ, i�ðIÞþ1 ¼� � � ¼ im ¼ 0, and �ðIÞ ¼ sI;1 þ � � � þ sI;�ðIÞ. If �ðIÞ ¼ m, then sI;�ðIÞþ1 ¼ 0.Furthermore, we define

cðIÞ ¼Y�ðIÞi¼1

ðqmþ1�i � 1Þðqi � 1Þq� 1

;

dðIÞ ¼Y�ðIÞj¼1

YsI;ji¼1

qi � 1

q� 1:

Put

e�ðIÞ ¼ 2�ð0; 1; 2; . . . ; �ðIÞ; 0; . . . ; 0Þ2Zmþ1:

For I2Pðm; LÞ, let ½I; n� L� denote the vector obtained by arranging the mþ 1numbers between the square brackets in nonincreasing order. Let � denote thestandard inner product in Rmþ1. As in [18], we define bðI; n� LÞ as follows. If04 n� L< i�ðIÞ, then we put

bðI; n� LÞ ¼ e�ðIÞ � ½I; n� L� � �ðIÞð�ðIÞ � 1Þ2

:

If isI;1þ��þsI;wþ14 n� L< isI;1þ��þsI;w for some integer w with 14w4�ðIÞ � 1, then

bðI; n� LÞ ¼ e�ðIÞ � ½I; n� L� � �ðIÞð�ðIÞ þ 1Þ2

� ðsI;1 þ � � � þ sI;wÞ� �

:

Finally, if n� L5 i1, then

bðI; n� LÞ ¼ e�ðIÞ � ½I; n� L� � �ðIÞð�ðIÞ þ 1Þ2

:

For integers m5 1 and n5 1, let Fqðm; nÞ denote the set of m-tuplesT ¼ ðT1; . . . ;TmÞ with each Tj, j ¼ 1; 2; . . . ;m, being a finite sequence over Fqof length n. If L is an integer with 04L4 n, then NðmÞ

n ðLÞ is defined to be thenumber of T2Fqðm; nÞ with LðmÞn ðTÞ ¼ L. It is trivial that NðmÞ

n ð0Þ ¼ 1. For m ¼ 1there is the classical formula of Gustavson [7] (see also [15, Theorem 7.1.6])which says that

Nð1Þn ðLÞ ¼ ðq� 1Þqminð2L�1;2n�2LÞ for 14 L4 n:

For m ¼ 2 a closed-form expression for Nð2Þn ðLÞ was shown by Wang and

Niederreiter [18]. In the range 14L4 n=2 there is the convenient formula ofNiederreiter [14] according to which we have

NðmÞn ðLÞ ¼ ðqm � 1Þqðmþ1ÞL�m for 14L4 n=2 and m5 1: ð2Þ

In the general case, that is, for any integers m51, n51, and 14L4n, we havethe formula

NðmÞn ðLÞ ¼

XI 2 Pðm;LÞ

cðIÞdðIÞ q

bðI;n�LÞ ð3Þ

The Asymptotic Behavior of the Joint Linear Complexity Profile of Multisequences 143

which is obtained from [18, eq. (11) and Theorem 2]. Here we used the notationintroduced at the beginning of this section.

Let Fmq be the set of m-tuples of elements of Fq and let ðFmq Þ1

be the sequencespace over Fmq . It is obvious that the set ðFmq Þ

1can be identified with the set of

m-fold multisequences over Fq, and henceforth we will use this identification. Justas we have the Haar measure �1

q on the sequence space F1q (see Section 1), wehave the Haar measure �1

q;m on ðFmq Þ1

. The probability measure �1q;m can also be

described explicitly as follows. Let �q;m be the uniform probability measure on Fmqwhich assigns the measure q�m to each element of Fmq . Then �1

q;m is the completeproduct measure on ðFmq Þ

1induced by �q;m.

We will need the following elementary inequality in Section 3.

Lemma 2. Let x1 5 x2 5 � � � 5 xm be real numbers. Then

Xmk¼1

ðk � 1Þxk 4m� 1

2

Xmk¼1

xk:

Proof. We proceed by induction on m. The inequality is trivial for m ¼ 1.Suppose that the inequality is shown for m numbers and consider now mþ 1numbers. By the induction hypothesis and simple steps, we obtain

Xmþ1

k¼1

ðk � 1Þxk ¼Xmk¼1

ðk � 1Þxk þ mxmþ1

4m� 1

2

Xmk¼1

xk þ mxmþ1 ¼ m� 1

2

Xmþ1

k¼1

xk þmþ 1

2xmþ1

4m� 1

2

Xmþ1

k¼1

xk þ1

2

Xmþ1

k¼1

xk ¼m

2

Xmþ1

k¼1

xk;

and the induction is complete. &

3. Asymptotics of the Joint Linear Complexity Profile

We first present two upper bounds on NðmÞn ðLÞ. The following bound is derived

from (3).

Lemma 3. For any prime power q and any integers m51 and n51 we have

NðmÞn ðLÞ4Cðq;mÞLmq2mn�ðmþ1ÞL for 14L4 n;

with a constant Cðq;mÞ depending only on q and m.

Proof. Note that for any I2Pðm;LÞ we have dðIÞ51 and cðIÞ4C1ðq;mÞ witha constant C1ðq;mÞ depending only on q and m. Therefore in view of (3),

NðmÞn ðLÞ4C1ðq;mÞ

XI 2 Pðm;LÞ

qbðI;n�LÞ: ð4Þ

Now fix I ¼ ði1; . . . ; imÞ2Pðm;LÞ. Observe that

bðI; n� LÞ4 e�ðIÞ � ½I; n� L�; ð5Þ


where e�ðIÞ ¼ ð0; 2; 4; . . . ; 2�ðIÞ; 0; . . . ; 0Þ2Zmþ1 and ½I; n� L� is the vector withmþ 1 components obtained by rearranging i1; i2; . . . ; im; n� L in nonincreasingorder. Since the last m� �ðIÞ components of ½I; n� L� are 0, we have

e�ðIÞ � ½I; n� L� ¼ em � ½I; n� L�;

and so by (5) we obtain

bðI; n� LÞ4 em � ½I; n� L�: ð6ÞSuppose that n� L is in position r in the vector ½I; n� L�, i.e.,

i1 5 i2 5 � � � 5 ir�1 5 n� L5 ir 5 � � � 5 im:

Then

em � ½I; n� L� ¼ 2Xr�1

k¼1

ðk � 1Þik þ 2ðr � 1Þðn� LÞ þ 2Xmk¼r

kik

¼ 2Xmk¼1

ðk � 1Þik þ 2ðr � 1Þðn� LÞ þ 2Xmk¼r

ik

4 2Xmk¼1

ðk � 1Þik þ 2ðr � 1Þðn� LÞ þ 2ðm� r þ 1Þðn� LÞ

¼ 2Xmk¼1

ðk � 1Þik þ 2mðn� LÞ:

By applying Lemma 2, we get

em � ½I; n� L�4 ðm� 1ÞXmk¼1

ik þ 2mðn� LÞ ¼ 2mn� ðmþ 1ÞL:

In view of (4) and (6) this yields

NðmÞn ðLÞ4C1ðq;mÞq2mn�ðmþ1ÞLjPðm; LÞj;

and by applying the trivial bound jPðm; LÞj4 ðLþ 1Þm we obtain the result of thelemma. &

For integers m5 1, n5 1, and 04L4 n, let MðmÞn ðLÞ be the number of

T2Fqðm; nÞ with LðmÞn ðTÞ4L. In other words, we have

MðmÞn ðLÞ ¼

XLc¼0

NðmÞn ðcÞ: ð7Þ

Lemma 4. For any prime power q and any integers m51 and n51 we have

NðmÞn ðLÞ4MðmÞ

n ðLÞ4 qðmþ1ÞL for 04L4 n:

Proof. The first inequality is trivial. The second inequality is trivial for L ¼ 0,and so we can assume that 14L4 n. Note that if a sequence over Fq satisfies


a linear recurrence relation over Fq of order 4L, then it satisfies a linear recurrencerelation over Fq of order L. If the nth joint linear complexity of the m-fold multi-sequence S ¼ ðS1; . . . ; SmÞ over Fq is 4L, then the first n terms of S1; . . . ; Sm aredetermined by a simultaneous linear recurrence relation over Fq of order L and bythe mL initial values for this linear recurrence relation (i.e., L initial values for eachof the m sequences S1; . . . ; Sm). Since there are qL possibilities for a linear recur-rence relation over Fq of order L and qmL possibilities for the mL initial values fromFq, the desired bound on MðmÞ

n ðLÞ follows. &

We are now ready to prove the main result of this paper which determines theasymptotic behavior of the joint linear complexity profile of random m-fold multi-sequences over Fq. As we mentioned in Section 1, this result was shown previouslyonly for m ¼ 1 and m ¼ 2, but was conjectured to hold for all values of m. In fact,the conjecture was the statement (8) below, and Theorem 5 gives a somewhat moreprecise result.

Theorem 5. For any prime power q and any integer m51 we have �1q;m-a.e.,

� 1

mþ 14 lim inf

n!1

LðmÞn ðSÞ � mnmþ1

log qn4 lim sup

n!1


log qn4 1:

In particular, we have

limn!1

LðmÞn ðSÞn

¼ m

mþ 1�1q;m�a:e: ð8Þ

Proof. Since a more precise result is known for m ¼ 1 (see [13, Theorem 10]),we can assume that m5 2. Let a real number " with 0<"4 1 be given. From thedefinitions of �1

q;m and NðmÞn ðLÞ it follows that

�1q;mðfS2ðFmq Þ

1 : LðmÞn ðSÞ ¼ LgÞ ¼ q�mnNðmÞn ðLÞ: ð9Þ

For n5 1 we now put

aðnÞ ¼ 1

mþ 1ðmn� ð1 þ "Þ log qnÞ

� �

and

An ¼ fS2ðFmq Þ1 : LðmÞn ðSÞ4 aðnÞg:

Then (9) and Lemma 4 imply that

�1q;mðAnÞ ¼ q�mn

XaðnÞL¼0

NðmÞn ðLÞ ¼ q�mnMðmÞ

n ðaðnÞÞ

4 qðmþ1ÞaðnÞ�mn 4 n�1�":

It follows thatP1

n¼1 �1q;mðAnÞ<1. The Borel-Cantelli lemma [9, p. 228] now

shows that the set of all S2ðFmq Þ1

for which S2An for infinitely many n has �1q;m-


measure 0. In other words, �1q;m-a.e. we have S2An for at most finitely many n.

From the definition of An it follows then that �1q;m-a.e. we have

LðmÞn ðSÞ> 1

mþ 1ðmn� ð1 þ "Þ logq nÞ for all sufficiently large n: ð10Þ

For n5 1 let now

bðnÞ ¼ 1

mþ 1ðmnþ ðmþ 1 þ "Þ logq nÞ

� �

and

Bn ¼ fS2ðFmq Þ1 : LðmÞn ðSÞ5 bðnÞg:

Assume first that bðnÞ4 n. Then it follows from (9) and Lemma 3 that

�1q;mðBnÞ ¼ q�mn

XnL¼bðnÞ

NðmÞn ðLÞ4Cðq;mÞq�mn

XnL¼bðnÞ

Lmq2mn�ðmþ1ÞL

4Cðq;mÞq�mnnmXn

L¼bðnÞqðmþ1Þðn�LÞþðm�1Þn

¼ Cðq;mÞq�nnmXn�bðnÞ

L¼0

qðmþ1ÞL

4C2ðq;mÞq�nnmqðmþ1Þðn�bðnÞÞ 4C2ðq;mÞn�1�"

with a constant C2ðq;mÞ depending only on q and m. If bðnÞ> n, then �1q;mðBnÞ ¼ 0,

and so the above bound holds in all cases.It follows that

P1n¼1 �

1q;mðBnÞ<1, and by applying the Borel-Cantelli lemma

as before we deduce that �1q;m-a.e. we have

LðmÞn ðSÞ< 1

mþ 1ðmnþ ðmþ 1 þ "Þ logq nÞ for all sufficiently large n: ð11Þ

By combining (10) and (11), we obtain that �1q;m-a.e. we have

� 1 þ "

mþ 14 lim inf

n!1


log qn4 lim sup

n!1


log qn4

mþ 1 þ "

mþ 1:

Letting " run through the sequence of values 1k, k ¼ 1; 2; . . ., and noting that a

countable intersection of sets of �1q;m-measure 1 has again �1

q;m-measure 1, we ob-tain the result of the theorem. &

We note another implication of Theorem 5, namely that �1q;m-a.e. we have

LðmÞn ðSÞ ¼ mn

mþ 1þ Oð log nÞ as n!1:

4. Expected Values

For given m51 and n51, let EðmÞn be the expected value of the nth joint linear

complexity of random m-fold multisequences over Fq. Since the nth joint linear


complexity depends only on the first n terms of the m sequences over Fq making upan m-fold multisequence over Fq, we can write EðmÞ

n in the form

EðmÞn ¼ q�mn

XT 2Fqðm;nÞ

LðmÞn ðTÞ: ð12Þ

Here Fqðm; nÞ is as in Section 2 the set of m-tuples T ¼ ðT1; . . . ; TmÞ with each Tj,j ¼ 1; 2; . . . ;m, being a finite sequence over Fq of length n.

For m ¼ 1 it was shown by Rueppel [16, Chapter 4] (see also [17, Section 3.2])that

Eð1Þn ¼ n

2þ Oð1Þ as n!1:

For m ¼ 2 and q ¼ 2 it was proved by Feng and Dai [4] and for m ¼ 2 andarbitrary q it was shown by Wang and Niederreiter [18] that

Eð2Þn ¼ 2n

3þ Oð1Þ as n!1:

The following result holds for arbitrary q and m.

Theorem 6. For any prime power q and any integer m51 we have

EðmÞn ¼ mn

mþ 1þ oðnÞ as n!1: ð13Þ

Proof. We note that (12) can be rewritten as the integral

EðmÞn ¼

ð�Fmq

1 LðmÞn ðSÞ d�1q;mðSÞ:

By the dominated convergence theorem [9, p. 125] and Theorem 5, we obtain

limn!1

EðmÞn

n¼ lim

n!1

ð�Fmq

1

LðmÞn ðSÞn

d�1q;mðSÞ

¼ð�Fmq

1 limn!1

LðmÞn ðSÞn

d�1q;mðSÞ ¼

ð�Fmq

1

m

mþ 1d�1

q;mðSÞ

¼ m

mþ 1;

which is the result of Theorem 6. &

By using a different method, we can obtain a lower bound on EðmÞn which

involves a better error term than that in (13).

Theorem 7. For any prime power q and any integers m51 and n51 we have

EðmÞn 5

mn

mþ 1

� �� qmn � 1

qmnðqmþ1 � 1Þ :


Proof. On account of (7) we can write

qmnEðmÞn ¼

XnL¼1

LNðmÞn ðLÞ ¼

XnL¼1

LðMðmÞn ðLÞ �MðmÞ

n ðL� 1ÞÞ

¼XnL¼1

LMðmÞn ðLÞ �

Xn�1

L¼0

ðLþ 1ÞMðmÞn ðLÞ

¼ nMðmÞn ðnÞ �

Xn�1

L¼0

MðmÞn ðLÞ ¼ nqmn �

Xn�1

L¼0

MðmÞn ðLÞ;

and so

EðmÞn ¼ n� 1

qmn

Xn�1

L¼0

MðmÞn ðLÞ: ð14Þ

Now we use the bound MðmÞn ðLÞ4 qðmþ1ÞL in Lemma 4 for the range 04L4

bmn=ðmþ 1Þc, whereas for the range bmn=ðmþ 1Þc< L4 n� 1 we use the trivialbound MðmÞ

n ðLÞ4 qmn. Then (14) implies that

EðmÞn 5 n� 1

qmn

Xbmn=ðmþ1Þc

L¼0

qðmþ1ÞL ��n� 1 �

�mn

mþ 1

��

¼�

mn

mþ 1

�þ 1 � qðmþ1Þðbmn=ðmþ1Þcþ1Þ � 1

qmnðqmþ1 � 1Þ

¼�

mn

mþ 1

�þ 1 þ 1

qmnðqmþ1 � 1Þ �qðmþ1Þðbmn=ðmþ1Þcþ1Þ�mn

qmþ1 � 1:

Now

ðmþ 1Þ��

mn

mþ 1

�þ 1

�� mn ¼ ðmþ 1Þ

��mn

mþ 1

�þ 1 � mn

mþ 1

�4mþ 1;

and then a simple calculation yields the desired result. &

An obvious consequence of Theorem 7 is that for any prime power q and anyinteger m5 1 we have

EðmÞn 5

mn

mþ 1þ Oð1Þ as n!1:

In view of the above results on EðmÞn , we are led to the conjecture that for any prime

power q and any integer m51 we have

EðmÞn ¼ mn

mþ 1þ Oð1Þ as n!1: ð15Þ

We emphasize that the conjecture (15) has been shown for m ¼ 1 and m ¼ 2 (seethe results mentioned at the beginning of this section). We will show this con-jecture for m ¼ 3 in the next section (see Theorem 12).


5. The Case m ¼ 3

We recall from Section 2 that NðmÞn ðLÞ is the number of T2Fqðm; nÞ with

LðmÞn ðTÞ ¼ L. Convenient closed-form expressions for NðmÞn ðLÞ were shown only

for m ¼ 1 and m ¼ 2 (see Section 2). In principle, a general formula for NðmÞn ðLÞ is

given by (3), but this formula cannot be regarded as a convenient closed-formexpression. In this section, we derive such an expression for m ¼ 3. The derivationof such expressions is exceedingly more complicated the larger the value of m.

The formula (3) shows that, for 14L4 n, the number Nð3Þn ðLÞ is a sum over

all I2Pð3;LÞ, where Pð3; LÞ is the set of all triples I ¼ ði1; i2; i3Þ of integers withi1 5 i2 5 i3 5 0 and i1 þ i2 þ i3 ¼ L. Recall that �ðIÞ is the number of positiveentries in I. Then we can write

Nð3Þn ðLÞ ¼

X3

k¼1

Nð3Þn;k ðLÞ; ð16Þ

where

Nð3Þn;k ðLÞ ¼

XI 2 Pð3;LÞ�ðIÞ¼k

cðIÞdðIÞ q

bðI;n�LÞ: ð17Þ

We will obtain a formula for Nð3Þn ðLÞ by evaluating the numbers N

ð3Þn;k ðLÞ,

k ¼ 1; 2; 3, in (17). Note that in view of (2) we can assume that n=2< L4 n.We start with the simplest case k ¼ 1.

Lemma 8. For any prime power q and for n=2< L4 n we have

Nð3Þn;1ðLÞ ¼ ðq3 � 1Þq2ðn�LÞ:

Proof. For k ¼ 1 there is only one term in (17), namely that for I ¼ ðL; 0; 0Þ.For this choice of I we have cðIÞ ¼ q3 � 1, dðIÞ ¼ 1, and bðI; n� LÞ ¼ 2ðn� LÞ.

&

In the following, it will be convenient to put f ¼ n� L. Note that the conditionn=2< L4 n is then equivalent to 04 f < L. We use the abbreviation

C2 ¼ ðq2 � 1Þðq3 � 1Þ:We now consider the case k ¼ 2.

Lemma 9. With the above notation, we have

Nð3Þn;2ðLÞ ¼

C2

q� 1qLþ4f � C2ðq2 � qþ 1Þ

ðq� 1Þðq2 þ 1Þ q6fþ1 � C2

ðq� 1Þðq2 þ 1Þ q2fþ2

for 04 f < L=2 and

Nð3Þn;2ðLÞ ¼

C2

q� 1q3L�2 � C2ðq2 � qþ 1Þ

ðq� 1Þðq2 þ 1Þ q4L�2f�3 � C2

ðq� 1Þðq2 þ 1Þ q2fþ2

for L=24 f < L.


Proof. For k ¼ 2 the triples I in (17) are of the form I ¼ ðL� i2; i2; 0Þ with14 i2 4 bL=2c. By evaluating cðIÞ, dðIÞ, and bðI; f Þ for these triples I, we get for04 f < L=2 and L even,

Nð3Þn;2ðLÞ ¼ C2ðqþ 1Þ

Xf

i2¼1

q2fþ4i2�2 þ C2ðqþ 1ÞXðL�2Þ=2

i2¼fþ1

q4fþ2i2�1 þ C2q4fþL�1:

For 04 f < L=2 and L odd, we obtain


Xf

i2¼1


i2¼fþ1

q4fþ2i2�1:

In both cases, we get the desired result after simple computations. For L=24 f < Land L even, we get


XL�f�1

i2¼1


i2¼L�f

q2Lþ2i2�3 þ C2q3L�3:

For L=24 f < L and L odd, we obtain


XL�f�1

i2¼1


i2¼L�f

q2Lþ2i2�3:

Again, in both cases, straightforward manipulations lead to the desiredresult. &

In the case k ¼ 3, we have I ¼ ði1; i2; i3Þ with i1 5 i2 5 i3 > 0 andi1 þ i2 þ i3 ¼ L. We put

C3 ¼ ðq� 1Þðq2 � 1Þðq3 � 1Þ:Lemma 10. With the above notation, we have

Nð3Þn;3ðLÞ ¼ � C3ðq4 þ 1Þ

ðq� 1Þðq5 � 1Þ q5L�3f�5 þ C3ðq4 þ q2 þ 1Þ

ðq� 1Þðq4 � 1Þ q4L�2f�4

þ C3

ðq� 1Þðq2 � 1Þ q4L�3 � C3

ðq� 1Þ2q3L�2 þ C3ðq2 þ qþ 1Þ

ðq4 � 1Þðq5 � 1Þ q2fþ5

for L=24 f < L, and

Nð3Þn;3ðLÞ ¼

C3ðq6 þ 1Þðq4 � 1Þðq5 � 1Þ q

6L�6f�6 � C3ðq4 þ 1Þðq� 1Þðq5 � 1Þ q

5L�3f�5

� C3ðq2 þ qþ 1Þðq� 1Þðq5 � 1Þ q

Lþ4fþ2 þ C3

ðq� 1Þðq2 � 1Þ q4L�3

þ C3ðq2 þ qþ 1Þðq4 � 1Þðq5 � 1Þ q

2fþ5 þ C3

ðq� 1Þðq4 � 1Þ q6fþ4


for L=34 f < L=2, and

Nð3Þn;3ðLÞ ¼ � C3ðq4 þ 1Þ

ðq� 1Þðq5 � 1Þ qLþ9fþ1 þ C3

ðq� 1Þðq2 � 1Þ q2Lþ6f

� C3ðq2 þ qþ 1Þðq� 1Þðq5 � 1Þ q

Lþ4fþ2 þ C3ðq6 þ 1Þðq4 � 1Þðq5 � 1Þ q

12fþ3

þ C3ðq2 þ qþ 1Þðq4 � 1Þðq5 � 1Þ q

2fþ5 þ C3

ðq� 1Þðq4 � 1Þ q6fþ4

for 04 f < L=3.

Proof. We consider only the case L=24 f < L. The other cases are proved in asimilar way. We split up the sum in (17) according to the value of i3. Thus, forintegers t with 14 t4L=3 we put

Nð3Þn;3;tðLÞ ¼

XI 2 Pð3;LÞ

i3¼t

cðIÞdðIÞ q

bðI;f Þ: ð18Þ

We now determine these numbers Nð3Þn;3;tðLÞ. The triples I ¼ ði1; i2; tÞ occurring in

the sum in (18) satisfy i1 5 i2 5 t and i1 þ i2 ¼ L� t.If 14 t< ðL� f Þ=2 and L� t odd, then by evaluating cðIÞ, dðIÞ, and bðI; f Þ for

the triples I in (18), we obtain

Nð3Þn;3;tðLÞ ¼ C3ðq2 þ qþ 1Þq2fþ10t�5

þ C3ðqþ 1Þðq2 þ qþ 1ÞXL�f�t�1

i2¼tþ1

q2fþ4i2þ6t�5

þ C3ðqþ 1Þðq2 þ qþ 1ÞXðL�t�1Þ=2

i2¼L�f�t

q2Lþ2i2þ4t�6:

If 14 t< ðL� f Þ=2 and L� t even, we have

Nð3Þn;3;tðLÞ ¼ C3ðq2 þ qþ 1Þq2fþ10t�5 þC3ðqþ 1Þðq2 þ qþ 1Þ

XL�f�t�1

i2¼tþ1

q2fþ4i2þ6t�5

þC3ðqþ 1Þðq2 þ qþ 1ÞXðL�tÞ=2�1

i2¼L�f�t

q2Lþ2i2þ4t�6 þC3ðq2 þ qþ 1Þq3Lþ3t�6:

By simple computations, for both L� t odd and L� t even we have

Nð3Þn;3;tðLÞ ¼

C3ðq2 þ qþ 1Þq� 1

q3Lþ3t�5 � C3ðq2 þ qþ 1Þðq5 þ 1Þq4 � 1

q2fþ10t�5

� C3ðq4 þ q2 þ 1Þðq� 1Þðq2 þ 1Þ q

4Lþ2t�2f�6:


Similarly, for ðL� f Þ=24 t<L=3 we have

Nð3Þn;3;tðLÞ ¼

C3ðq2 þ qþ 1Þq� 1

q3Lþ3t�5 � C3ðq4 þ q2 þ 1Þq� 1

q2Lþ6t�6:

For t ¼ L=3 (which can happen only if 3 divides L), we have

Nð3Þn;3;tðLÞ ¼ C3q

4L�6:

The formula for Nð3Þn;3ðLÞ is now obtained since

Nð3Þn;3ðLÞ ¼

XbL=3c

t¼1

Nð3Þn;3;tðLÞ:

&

With (2), (16), and Lemmas 8, 9, and 10, we now arrive at the followingformula for Nð3Þ

n ðLÞ.Theorem 11. For any prime power q and for m ¼ 3 we have

Nð3Þn ðLÞ ¼

1; L ¼ 0;

ðq3 � 1Þq4L�3; 14L4 n2;

ðq3�1Þ2

ðq2þ1Þðq5�1Þ q2n�2L þ ðq3 � 1Þq4L�3

þ ðq2�qþ1Þðq3�1Þq2þ1

q6L�2n�4

� ðq2�1Þðq3�1Þðq4þ1Þq5�1

q8L�3n�5; n2< L4 2n

3;

ðq3�1Þ2

ðq2þ1Þðq5�1Þ q2n�2L þ ðq3 � 1Þq4L�3


q8L�3n�5

� q3�1

q2þ1q6n�6Lþ1 þ ðqþ1Þðq2�1Þðq3�1Þ

q5�1q4n�3L

þ ðq�1Þðq3�1Þðq4�q2þ1Þq5�1

q12L�6n�6; 2n3< L4 3n

4;

ðq3�1Þ2

ðq2þ1Þðq5�1Þ q2n�2L � q3�1

q2þ1q6n�6Lþ1

þ ðqþ1Þðq2�1Þðq3�1Þq5�1

q4n�3L

þ ðq�1Þðq3�1Þðq4�q2þ1Þq5�1

q12n�12Lþ3


q9n�8Lþ1 þ ðq3 � 1Þq6n�4L; 3n4<L4 n:

8>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>:

On the basis of Theorem 11, we can now show our conjecture (15) on theexpected value EðmÞ

n for m ¼ 3.

Theorem 12. For any prime power q and for m ¼ 3 we have

Eð3Þn ¼ 3n

4þ Oð1Þ as n!1:


Proof. We can write

Eð3Þn ¼ q�3n

XnL¼1

LNð3Þn ðLÞ:

From Theorem 11 we get

q3nEð3Þn ¼ ðq3 � 1Þ

Xb3n=4c

L¼b2n=3cþ1

Lq4L�3

� ðq2 � 1Þðq3 � 1Þðq4 þ 1Þq5 � 1

Xb3n=4c

L¼b2n=3cþ1

Lq8L�3n�5

þ ðq� 1Þðq3 � 1Þðq4 � q2 þ 1Þq5 � 1

Xb3n=4c

L¼b2n=3cþ1

Lq12L�6n�6

þ ðq� 1Þðq3 � 1Þðq4 � q2 þ 1Þq5 � 1

XnL¼b3n=4cþ1

Lq12n�12Lþ3

� ðq2 � 1Þðq3 � 1Þðq4 þ 1Þq5 � 1

XnL¼b3n=4cþ1

Lq9n�8Lþ1

þ ðq3 � 1ÞXn

L¼b3n=4cþ1

Lq6n�4L þ Oðq3nÞ:

The result of the theorem is then obtained by a tedious, but straightforward com-putation in which we make use of the well-known formula

XkL¼1

LzL ¼ kz kþ2 � ðk þ 1Þz kþ1 þ z

ðz� 1Þ2

for integers k51 and real numbers z 6¼ 1. &

References

[1] Cusick TW, Ding C, Renvall A (1998) Stream Ciphers and Number Theory. Amsterdam: Elsevier[2] Dai ZD, Imamura K, Yang JH (2005) Asymptotic behavior of normalized linear complexity of

multi-sequences. In: Helleseth T, Sarwate D, Song H-Y (eds) Sequences and Their Applications –SETA 2004. Lect Notes Computer Science 3486: 129–142. Berlin Heidelberg New York: Springer

[3] Ding C, Xiao G, Shan W (1991) The Stability Theory of Stream Ciphers. Lect Notes ComputerScience 561. Berlin Heidelberg New York: Springer

[4] Feng XT, Dai ZD (2005) Expected value of the linear complexity of two-dimensional binarysequences. In: Helleseth T, Sarwate D, Song H-Y (eds) Sequences and Their Applications – SETA2004. Lect Notes Computer Science 3486: 113–128. Berlin Heidelberg New York: Springer

[5] Feng XT, Wang QL, Dai ZD (2005) Multi-sequences with d-perfect property. J Complexity 21:230–242

[6] Fu F-W, Niederreiter H, Su M (2005) The expectation and variance of the joint linear complexityof random periodic multisequences. J Complexity 21: 804–822

[7] Gustavson FG (1976) Analysis of the Berlekamp-Massey linear feedback shift-register synthesisalgorithm. IBM J Res Develop 20: 204–212

[8] Lidl R, Niederreiter H (1997) Finite Fields. Cambridge: Cambridge Univ Press


[9] Lo�eeve M (1963) Probability Theory, 3rd edn. New York: Van Nostrand[10] Meidl W (2005) Discrete Fourier transform, joint linear complexity and generalized joint linear

complexity of multisequences. In: Helleseth T, Sarwate D, Song H-Y (eds) Sequences and TheirApplications – SETA 2004. Lect Notes Computer Science 3486: 101–112. Berlin HeidelbergNew York: Springer

[11] Meidl W, Niederreiter H (2003) The expected value of the joint linear complexity of periodicmultisequences. J Complexity 19: 61–72

[12] Meidl W, Winterhof A (2005) On the joint linear complexity profile of explicit inversivemultisequences. J Complexity 21: 324–336

[13] Niederreiter H (1988) The probabilistic theory of linear complexity. In: G€uunther CG (ed)Advances in Cryptology – EUROCRYPT’88. Lect Notes Computer Science 330: 191–209.Berlin Heidelberg New York: Springer

[14] Niederreiter H (2003) Linear complexity and related complexity measures for sequences. In:Johansson T, Maitra S (eds) Progress in Cryptology – INDOCRYPT 2003. Lect Notes ComputerScience 2904: 1–17. Berlin Heidelberg New York: Springer

[15] Niederreiter H, Xing CP (2001) Rational Points on Curves over Finite Fields: Theory andApplications. Cambridge: Cambridge Univ Press

[16] Rueppel RA (1986) Analysis and Design of Stream Ciphers. Berlin Heidelberg New York:Springer

[17] Rueppel RA (1992) Stream ciphers. In: Simmons GJ (ed) Contemporary Cryptology: The Scienceof Information Integrity, pp. 65–134. New York: IEEE Press

[18] Wang L-P, Niederreiter H (2005) Enumeration results on the joint linear complexity of multi-sequences. Finite Fields Appl (to appear); available online as document doi:10.1016=j.ffa.2005.03.005

[19] Wang L-P, Zhu Y-F, Pei D-Y (2004) On the lattice basis reduction multisequence synthesisalgorithm. IEEE Trans Inform Theory 50: 2905–2910

[20] Xing CP (2000) Multi-sequences with almost perfect linear complexity profile and function fieldsover finite fields. J Complexity 16: 661–675

[21] Xing CP, Lam KY, Wei ZH (1999) A class of explicit perfect multi-sequences. In: Lam KY,Okamoto E, Xing CP (eds) Advances in Cryptology – ASIACRYPT’99. Lect Notes ComputerScience 1716: 299–305. Berlin Heidelberg New York: Springer

Authors’ addresses: H. Niederreiter, Department of Mathematics, National University of Singapore,2 Science Drive 2, Singapore 117543, Republic of Singapore, e-mail: [email protected]; L.-P. Wang,Temasek Laboratories, National University of Singapore, 5 Sports Drive 2, Singapore 117508, Republicof Singapore, e-mail: [email protected]


Documents

The Asymptotic Behavior of the Joint Linear Complexity Profile of Multisequences