Autocorrelation and Lower Bound on the 2-Adic Complexity of LSB Sequence of $p$-ary $m$-Sequence

In modern stream cipher, there are many algorithms, such as ZUC, LTE encryption algorithm and LTE integrity algorithm, using bit-component sequences of $p$-ary $m$-sequences as the input of the algorithm. Therefore, analyzing their statistical property (For example, autocorrelation, linear complexity and 2-adic complexity) of bit-component sequences of $p$-ary $m$-sequences is becoming an important research topic. In this paper, we first derive some autocorrelation properties of LSB (Least Significant Bit) sequences of $p$-ary $m$-sequences, i.e., we convert the problem of computing autocorrelations of LSB sequences of period $p^n-1$ for any positive $n\geq2$ to the problem of determining autocorrelations of LSB sequence of period $p-1$. Then, based on this property and computer calculation, we list some autocorrelation distributions of LSB sequences of $p$-ary $m$-sequences with order $n$ for some small primes $p$'s, such as $p=3,5,7,11,17,31$. Additionally, using their autocorrelation distributions and the method inspired by Hu, we give the lower bounds on the 2-adic complexities of these LSB sequences. Our results show that the main parts of all the lower bounds on the 2-adic complexity of these LSB sequencesare larger than $\frac{N}{2}$, where $N$ is the period of these sequences. Therefor, these bounds are large enough to resist the analysis of RAA (Rational Approximation Algorithm) for FCSR (Feedback with Carry Shift Register). Especially, for a Mersenne prime $p=2^k-1$, since all its bit-component sequences of a $p$-ary $m$-sequence are shift equivalent, our results hold for all its bit-component sequences.


INTRODUCTION
period p n − 1 for any n ≥ 2. Through these autocorrelation properties, the problem of computing the autocorrelation value AC s (τ ) for 1 ≤ τ ≤ p n − 2 can be simplified to the problem of computing the autocorrelation AC b (τ ′ ) of LSB sequence b of period p − 1 (See Definition 2) only for 1 ≤ τ ′ ≤ p−3 4 (If p ≡ 3 mod 4) or for 1 ≤ τ ′ ≤ p−5 4 (If p ≡ 1 mod 4). As a consequence, we give explicit formula of the autocorrelation distributions of LSB sequences of p-ary m-sequences for some small p = 3, 5, 7, 11, 17, 31.
Another consequence of our result is to give lower bounds on the 2-adic complexities of these LSB sequences. Our results show that the main parts of the lower bounds on the 2-adic complexity have a unified form of N 2 + N p−1 , which is larger than N 2 , i.e., the 2-adic complexity is large enough to resist RAA for FCSRs. According to our discussion and this unified form, we also present an open problem about the lower bound on the 2-adic complexity of the LSB sequence of any prime p-ary m-sequence.
Particularly, since all the bit-component sequences of a p-ary m-sequence are shift equivalent for a Mersenne prime p, our results are available for all its bit-component sequences. Here, our method of determining the lower bounds on the 2-adic complexity is inspired by Hu [17].
The rest of this paper is organized as follows. We introduce notations and some well-known results in Section 2. The autocorrelation properties of LSB sequences of p-ary m-sequences for any prime p, as well as the autocorrelation distributions of LSB sequences of p-ary m-sequences for some small prime p, such as p = 3, 5, 7, 11, 17, 31, are given in Section 3. In Section 4, the lower bounds on 2-adic complexities of these LSB sequences are derived.

Preliminaries
In this section, we will introduce some notations and some well-known results, which will be used throughout this paper unless specified.
Let p be any prime, n a positive integer, and α a primitive element of F p n . Then a t = Tr(α t ), t = 0, 1, 2, · · · , p n − 2 is a p-ary m-sequence, where Tr(x) = x + x p + x p 2 + · · · + x p n−1 is the trace function from F p n to F p .
For each element a t of {a t } p n −2 t=0 , we have the following 2-adic expansion a t = a t,0 + a t,1 × 2 + a t,2 × 2 2 + · · · + a t,k−1 × 2 k−1 , a t,i ∈ {0, 1}, i = 0, 1, · · · , k − 1, where k = ⌈log 2 p⌉ and ⌈x⌉ is the least integer that is larger than or equal to x. Here, we identify the bit string (a t,0 , a t,1 , a t,2 , · · · , a t,k−1 ) of length k with the element a t and call the i-th element a t,i−1 the i-th bit-component of a t . But the element 0 ∈ F p is written as p, i.e., 0 is identified with (p 0 , p 1 , p 2 , · · · , p k−1 ), where the 2-adic expansion of p is p 0 + p 1 × 2 + · · · + p k−1 × 2 k−1 (This is to be in accordance with ZUC algorithm).
Definition 2 Suppose that β = α p n −1 p−1 , a primitive element of F p . Then the sequence {b j } p−2 j=0 of period p − 1 is defined as b j = β j (mod 2).
Definition 3 A function from F p n to F p is said to be balanced if the element 0 appears one less time is balanced for any z ∈ F p n but z = 1.

Remark 2
It is well known that the trace function Tr(x) from F p n to F p is difference-balanced, which is in fact a linear function over F p .
3 Autocorrelation properties of LSB sequences of p-ary msequences In this section, we will derive some autocorrelation properties of LSB sequences of p-ary m-sequence and give autocorrelation distributions of the LSB sequences for some small prime p, such as 3,5,7,11,17,31.
In the following, we will determine the values of (7)-(10) respectively. From Definition 1, it is obvious For a fixed t satisfying s t = s t+τ , without loss of generality, we suppose Tr(α t ) − Tr(α t+τ ) = a = 0, i.e., Tr(x) − Tr(α τ x) = a = 0. By Remark 2 we know that the trace function Tr(x) is difference-balanced, namely, for each fixed a ∈ F * p , the number of x's in F * p n satisfying the equation Tr(x) − Tr(α τ x) = a is p n−1 . And the number of x's to the equation Tr(x) − Tr(α τ x) = a is exactly the sum of the numbers of x's to the following p equation systems where c runs through F p . Note that F p n is an n-dimensional vector space over F p . Then, for each fixed a ∈ F * p and c ∈ F p , the above equation system is equivalent to a linear equation system over F p with n unknowns. when α τ / ∈ F * p , i.e., τ / ∈ {M τ ′ |τ ′ = 1, 2, · · · , p − 1}, the vectors composed of coefficients on the left side of the equations are linearly independent, which implies that there are p n−2 solutions in F p n to the equation system (11) for each a ∈ F * p and c ∈ F p . Therefore, we can determine the values of (7)-(10) by discussing the values of c + a and c.
Note that the addition c + a is operated in F p and that p is odd. Then, for an even c = 2k ∈ F * p , 1 ≤ k ≤ p−1 2 , c+a ∈ F * p is odd if and only if a is odd but c < c+a < p or a is even but p < c+a ≤ c+p−1 (Here the comparison and the addition in c < c + a < p and p < c + a ≤ c + p − 1 are operated in integer set Z). Furthermore, for odd a but 0 < a < p − c = p − 2k, the number of a's is p−1 2 − k, and for even a but p − c = p − 2k < a ≤ p − 1, the number of a's is k. Therefore, for a fixed c = 2k, the number of pairs (c + a, c) satisfying the condition in the set of (7) is p−1 2 . Note that the number of c's is p−1 2 . Hence Eq. (12) holds. Similarly, we can get the values of (8) is |{x|Tr(x) ∈ F * p , Tr(α τ x) ∈ F * p , Tr(x) ≡ 0 (mod 2), and Tr(α τ x) ≡ 1 (mod 2), x ∈ F * p n }| =p n−2 × |{(c + a, c)|c + a ∈ F * p , c ∈ F * p , c + a ≡ 0 (mod 2), and c ≡ 1 (mod 2), where a ∈ F * p }|.
Through the results of Lemmas 1 and 2, we have simplified the problem of computing the autocorrelation of the LSB sequence {s t } N −1 t=0 of period p n − 1 for any positive integer n ≥ 2 to the problem of computing the autocorrelation of the LSB sequence {b j } p−2 j=0 . Next, we will present the autocorrelation properties of the sequence {b j } p−2 j=0 .

Lemma 3
With the symbols be the same as above, we have the following results.
(2) For p ≡ 1 mod 4 and 1 ≤ τ ′ ≤ p−1 4 or for p ≡ 3 mod 4 and Proof : (1) From the discussion in Lemma 2, for a fixed 1 ≤ τ ′ ≤ p − 2, the autocorrelation value (2) Similar to the above argument, let c = β l and c ′ = β τ ′ +l . Then we get (c, β τ ′ c) = (β l , β τ ′ +l ) and (3) Note that β For c ∈ F * p , the pair (c, −c) has always different LSB. In convenience, we will always use the following notations: Combining all the results above, we can give the following Theorem 1.  Then the autocorrelation of {s t } N −1 t=0 can be expressed as otherwise. (23) Consequently, since I = ∅ for p = 3, 5, the corresponding autocorrelations AC s (τ ) for p = 3 and p = 5 can be given directly by and respectively.
Through Theorem 1, for any odd prime p ≥ 7, the problem of determining the autocorrelation values of the LSB sequence {s t } N −1 t=0 of a p-ary m-sequence {a t } N −1 t=0 of period p n − 1 has been converted to the problem of determining the autocorrelation of the sequence {b j } p−2 j=0 of period p − 1. Not only that, for the autocorrelation of {b j } p−2 j=0 of period p − 1, we have reduced this problem from a set {1, 2, · · · , p − 2} with relatively large size to a set {1, 2, · · · , p−5 4 } or {1, 2, · · · , p−3 4 } with relatively small size, which can in fact be determined by computer. And we also present the corresponding ordered array AC b (I) for all odd primes smaller than 100 in Table 1. It can be observed from these examples that all the Finding out the complete and theoretical result of the autocorrelation of {b j } p−2 j=0 will be an interesting research work and we also sincerely invite the reader to participate in this work.
It is well-known that sequences with cyclic shift equivalent property have the same autocorrelation and 2-adic complexity. In fact, for a Mersenne prime p, all the bit-component sequences of a p-ary m-sequence are equivalent to its LSB sequence. In the following Fact 1, we give a simple proof about this conclusion. Therefore, we know that our results in this paper are available for all the bit-component sequences of p-ary m-sequences for a Mersenne prime p.
Proof . For the element 2 ∈ F p , there exists some 1 ≤ j 0 ≤ p − 2 and τ 0 = p n −1 p−1 j 0 such that 2 = α τ0 . Note that the trace function Tr(x) from F p n to F p is linear over F p . Then that is, the binary string of 2a t is the left cyclic shift of the binary string of a t by 1. Therefore, we know that, for 1 ≤ i ≤ k, the ((i mod k)+1)-th bit-component sequence is the left cyclic shift of the i-th bitcomponent sequence by τ 0 , which implies that all the bit-component sequences of a p-ary m-sequence are cyclic shift equivalent.
In this paper, our another main aim is to find the lower bounds on the 2-adic complexities of the LSB sequences of p-ary m-sequences. Here, our method of determining the lower bounds on the 2-adic complexity is inspired by Hu [17], which will involve the autocorrelation of these sequences. Due to the complexity of the autocorrelation of {b j } p−2 j=0 , we cannot give a uniform proof for the lower bounds on the 2-adic complexity of all the LSB sequences of m-sequences using this method in this paper. Therefore, we will take p = 3, 5, 7, 11, 17, 31 as examples to give the 2-adic complexity property of LSB sequences of m-sequences. Of course, for other primes, the corresponding results can be obtained similarly. It needs to be explained that when different primitive element α of F p n is taken, different β ∈ F p might be resulted in, which correspondingly maybe give different order of the autocorrelation values of {b j } p−2 j=0 . And on the face of the method of calculating the 2-adic complexity in this paper, it seems that different Besides Table 1, we also give a detailed autocorrelation distribution of the LSB sequence for p = 7, 11, 17, 31 in the following Corollary 1 so that we can more conveniently use them for determining the lower bound on the 2-adic complexity of these sequences.
, and for 0 < τ < N the autocorrelation of {s t } N −1 t=0 is given by 0, −4), and for 0 < τ < N , the autocorrelation of {s t } N −1 t=0 is given by  s t x t . Then, we describe the method of Hu [17] as the following Lemma 4 and give some other useful lemmas.
and AC s (τ ) the autocorrelation value of the sequence Proof . According to the definition of T (x), we have Furthermore, we have Combining Eqs. (31)-(32), we get the result.
Lemma 5 Let the notations be the same as above. Suppose that n ≥ 2 is a positive integer and that I is the same as that in Theorem 1. Then we have Proof. We only prove this result for the case of p ≡ 3 (mod 4) and the other case can be similarly proved. Substituting Eq. (23) in Theorem 1 into Eq. (30) in Lemma 4, we have Notice that 2 M× p−1 2 = 2 N 2 . Substituting x for 2, then we have The results follow.
Furthermore, let p = 2 k −1 be a Mersenne prime. Then k = 2 or k is an odd prime. If k = 2, i.e., p = 3, then we have p 2 ∤ 2 p−1 − 1, which implies p 2 ∤ 2 p n −1 − 1 by the above discussion. Now suppose that k is an odd prime and that p 2 |2 p−1 − 1. Lemma 7 Let the notations be the same as above. Suppose that n ≥ 2 is a positive integer and that I is the same as in Theorem 1. Then we have the following two results: and n is odd, or n is even where AC b (τ ′ ) is the autocorrelation of {b j } p−2 j=0 and Ord p (2) is the multiplicative order of 2 modular p. Particularly, for p = 3 we have and for p = 5 we have (2) If p = 2 k − 1 is a Mersenne prime and k is odd, then gcd S(2)T (2 −1 ), 2 and n is odd, where AC b (τ ′ ) is the autocorrelation of {b j } p−2 j=0 and Ord p (2) is the multiplicative order of 2 modular p.
(2) Note that, for a Mersenne prime p = 2 k − 1, we have p 2 ∤ 2 N 2 + 1 and p 2 ∤ 2 M − 1. The rest of proof is similar to the above discussion.

2-adic complexity of the LSB sequence for p = 3
Now, we present the lower bound on the 2-adic complexity of the LSB sequence of ternary m-sequence.

2-adic complexity of the LSB sequence for p = 5
Now, we present the lower bound on the 2-adic complexity of the LSB sequence of 5-ary m-sequence. (47) Consequently, the 2-adic complexity Proof . The proof is similar to that of Theorem 2 except to using Eq. (39) in Lemma 7.

2-adic complexity of the LSB sequence for p = 11
Now, we present the lower bound on the 2-adic complexity of the LSB sequence of 11-ary m-sequence. Therefore, the lower bound on the 2-adic complexity Φ 2 (s) of {s t } N −1 t=0 is given by Consequently, the 2-adic complexity Proof . By the result (2) in Corollary 1, we know that I = {1, 2} and AC b (I) = (−2, 2) for p = 11.

2-adic complexity of the LSB sequence for p = 31
Finally, we will give a lower bound on the bit-component sequence of 31-ary m-sequence, which needs the following result.

Remark 3
In the process of computing the lower bounds on the 2-adic complexities of the above six classes of LSB sequences, we always suppose n ≥ 2. In fact, it can be testified by simply calculation that all the lower bounds also hold for n = 1.

Remark 4
We have pointed out that different primitive element of F p maybe lead to different order of autocorrelation values of the sequence in Definition 2, which perhaps result in different lower bound on the 2-adic complexity. This point can also be observed from Lemma 7. In fact, we can take the sequence {b j } p−2 j=0 based on p = 31 for example. It can be calculated by computer that Φ 2 (b) = 13 for the primitive elements 11,13,21,22 of F 31 but Φ 2 (b) = 11 for the primitive elements 3,12,17,24 of F 31 .
However, we claim that the main part, i.e., the nonconstant part of the lower bound on the 2-adic complexity of the bit-component sequence of 31-ary m-sequence remains unchanged. Now, we explain this conclusion simply. Without loss of generality, let β ′ = β d be another primitive element of F 31 , where gcd(d, p − 1) = 1. Suppose {b ′ j1 } p−2 j1=0 is the sequence defined by β ′ through Definition 2. Then we know that {b ′ j1 } p−2 j1=0 = {b dj (mod p−1) } p−2 j=0 , which implies that we need to determine gcd(h(γ d ), 2 N 2 + 1) to find out the lower bound on the 2-adic complexity of the bit-component sequence of 31-ary m-sequence defined by some primitive element α ′ of F p n satisfying (α ′ ) M = β ′ . Here h(·) is the same as that in Remark 5 In order to resist RAA, the 2-adic complexity of a binary sequence should be larger than half of its period. From the results of Theorems 2-7, it is obvious that, for n ≥ 2, the lower bounds of the 2adic complexity of the LSB sequences (all the bit-component sequences for a Mersenne prime) of ternary, 5-ary, 7-ary 11-ary, 17-ary and 31-ary m-sequences are large enough to achieve this requirement. In fact, it is not difficult to find from our discussions that all the main parts of these six lower bounds have a unified form, i.e., N 2 + N p−1 , and we can also get a similar lower bound on the 2-adic complexity of the LSB sequences of p-ary m-sequences through similar method for other odd prime, such as 13, 19, 23, 29 and so on. Therefore, we give the following conjecture.
Conjecture 1 Let p be any odd prime, n a positive integer, N = p n −1, and {s t } N −1 t=0 the LSB sequence of a p-ary m-sequence of order n. Then the 2-adic complexity Φ 2 (s) of {s t } N −1 t=0 is lower bounded by p+1 2(p−1) N − C p which is larger than N 2 when n ≥ 2, where the constant number C p has nothing to do with n but only has relation to p.