Revealing Information with Partial Period Correlations (Extended Abstract)

1 I n t r o d u c t i o n In several applications in modern communication systems periodic binary sequences are employed that must be difficult for an adversary to determine when a short subsequence is known, and must be easy to generate given a secret key. This is true both in stream cypher systems, in which the binary sequence is used as a pseudo-one-time-pad [11], and in secure spread spectrum systems, in which the sequence is used to spread a signal over a large range of frequencies It0]. While theoreticians have long argued that such security can only be achieved by sequencessatisfying very general statistical test such as Yao's and Blum and Micali's next bit test [12,2], practitioners are often satisfied to find sequences that have large linear complexities, thus ensuring resistance to the Berlekamp-Massey algorithm [8]. Linear feedback shift registers are devices that Can easily generate sequences withexponentially larger period than the size of their seeds [6], though with small linear complexity. Thus much effort has gone into finding ways of modifying linear feedback shift registers so that the sequences they generate have large linear complexities, typically by adding some nonlinearity. Chart and Games [4] have suggested using a class of sequences called geometric sequences for these purposes. Geometric sequences are derived from m-sequences over a finite field GF(q) by applying a (nonlinear) map from GF(q) to GF(2). Chan and Games showed that for q odd, geometric sequences have high linear complexities. For this reason, these sequences have been employed in commercial applications, typically with enormous periods. More recently Chan, Goresky, and Klapper [5] derived formulas for the periodic autocorrelation function of a geometric sequence and, in some cases, (with q even) for the periodic cross-correlation function of a pair of geometric sequences with the same period. Knowledge of these correlation function values is essential for applications involving spread Spectrum systems. Furthermore, Brynielsson [3] derived a formula for the linear complexity of a geometric sequence when q is even, showing that such sequences can. be constructed with moderately large linear complexities. The purpose of this paper is to show that a certain statistical attack, partial period autocorre-lation attack, can be used to obtain critical information about geometric sequences fl'om knowledge of a relatively small subsequence when q is odd. Specifically, for a sequence of period q~-1, with q _> 5, q odd, and n _> …