The linear complexity of new q-ary generalized cyclotomic sequences of pe- riod pn

In this paper, we study the linear complexity of new q-ary generalized cyclotomic sequences of length pn over the finite field of order q. We show that these sequences have the high linear complexity when n≥ 2. These sequences are constructed by new generalized cyclotomic classed prepared by X. Zeng at el.


Introduction
Linear complexity (L) is a very important merit factor for measuring unpredictability of pseudo-random sequences, which are often used as key stream sequences in stream ciphers. It is defined as the length of the shortest linear feedback shift register that can generate the sequence [7]. According to the Berlekamp-Massey algorithm [11], the whole sequences can be deduced from the knowledge of just 2L consecutive digits of the sequence. Thus, it is reasonable to suggest that a "good" sequence should satisfy L > N/2 (where N denotes the period of the sequence) from the viewpoint of cryptography [11].
Cyclotomy is an old topic of elementary number theory and is related to difference sets, sequences, coding theory and cryptography. Using classical cyclotomic classes and generalized cyclotomic classes to construct sequences, which are called classical cyclotomic sequences and generalized cyclotomic sequences, respectively, is an important method for sequence design [2]. There are a lot of papers devoted to studying the linear complexity of cyclotomic sequences and generalized cyclotomic sequences. In particular, in recent years there has been some research on generalized cyclotomic binary and non-binary sequences of period p n [1, 3-5, 10, 13, 15] (see also references therein).
Based on the generalized cyclotomic classes in [17], Xiao et al. presented a new family of cyclotomic binary sequences of period p n . The linear complexity of these sequences was studied in [6,14,16]. In this paper, we generalize the construction from [6] and study the linear complexity of new q-ary generalized cyclotomic sequences of period p n over a finite field of q elements.

Preliminaries
First of all, we will recall some basics of the linear complexity of a periodic sequence, the definition of new gener- * e-mail: Vladimir.Edemsky@novsu.ru. The reported study was funded by RFBR and NSFC according to the research project No 19-55-53003. alized cyclotomic classes from [17] and consider the generalization of binary cyclotomic sequences proposed in [14].

Linear Complexity
Let s ∞ = (s 0 , s 1 , s 2 , . . . ) be a sequence of period N and S(x) = s 0 + s 1 x + · · · + s N−1 x N−1 . It is well known (see, for instance, [2]) that the linear complexity of s ∞ is given by Thus, we can examine the roots of S(x) in an extension of F q (the finite field of q elements) to determine the linear complexity of s ∞ by the above formula. More specifically, by Blahut's theorem the linear complexity of s ∞ can be given by where β is a primitive N-th root of unity in an extension field of F q and Z N is the ring of integers modulo N for a positive integer N. Hence, we will study the discrete Fourier transform of the sequence.

New q-ary Generalized Cyclotomic Sequences
Let p be an odd prime and p = e f + 1, where e, f are positive integers. Let g be a primitive root modulo p n . It is well known that the order of g modulo p j is equal to ϕ(p j ) = p j−1 (p − 1), where ϕ(·) is the Euler's totient function [9]. Below we recall the definition of the new generalized cyclotomic classes introduced in [17]. Let n be a positive integer. For j = 1, 2, · · · , n, denote d j = ϕ(p j )/e = p j−1 f and define (2) The cosets D (p j ) i , i = 0, 1, · · · , d j − 1, are called generalized cyclotomic classes of order d j with respect to p j . It was shown in [17] that D d j −1 forms a partition of the multiplicative group Z * p j for each integer j ≥ 1 and for an integer m ≥ 1, The linear complexity of family of almost balanced binary sequences based on the above generalized cyclotomic classes was studied in [6,14], when f is an even integer. We can generalize this construction and consider q-ary sequences, where q > 2 is a prime.
Let q be an odd prime and q| f and let b be an integer with 0 ≤ b < p n−1 f . Denote d j /q = p j−1 f /q by h j and define q sets H A family of almost balanced q-ary sequences s ∞ = (s 0 , s 1 , s 2 , . . . ) of period p n can thus be defined as In this paper we will study the linear complexity of these sequences over F q . In the particular case when n = 1, q = f the linear complexity of this sequence was studied in [8].

Linear complexity of sequences
First of all, we investigate the linear complexity of s ∞ defined in (3) for p such that q p−1 1 (mod p 2 ). By [12] such p is not frequent. If 2 p−1 1 (mod p 2 ) then p is called Wieferich prime.

Main Result
This subsection will investigate the linear complexity of s ∞ defined in (3) for some integers f such that q| f . The main result of this paper is given as follows.
Theorem 1 Let p = e f + 1 be an odd prime with q p−1 1 (mod p 2 ) and q divides f . Let s ∞ be a generalized cyclotomic q-ary sequence of period p n defined in (3). Let ord p (q) denote the order of q modulo p and v = gcd p−1 ord p (q) , f . Then the linear complexity of s ∞ over GF(q) is given by Below we make some preparations for the proof of the main theorem.

Subsidiary lemmas
Let F q be an algebraic closure of F q and α n ∈ F q be a primitive p n -th root of unity. Denote α j = α p n− j n , j = 1, 2 . . . , n − 1. Then α j is a primitive p j -th root of unity in an extension of the field F q . As usual, we denote by F q (α j ) a simple extension of F q obtained by adjoining an algebraic element α j [11]. The dimension of the vector The following statement we can prove similar to Lemmas 1-3 from [6] Lemma 2 Let p be a prime such that q p−1 1 (mod p 2 ).
2. Let τ = ord p (q) be the order of q modulo p. Then the order of q modulo p j for an integer j ≥ 1 is τ p j−1 . 3.
The following properties of the generalized cyclotomic classes discussed in [6].
The above auxiliary lemmas will be heavily used in our investigation of the linear complexity of s ∞ in the next subsection.

Polynomial Sequences Properties
Before we start with the proof of Theorem 1, we need to introduce some polynomials derived from the sequence s ∞ and investigate their properties.
Let S(x) = s 0 + s 1 x + · · · + s p n −1 x p n −1 for the generalized cyclotomic sequences s ∞ defined in (3) . Then, For convenience of presentation, we define polynomials and Notice that the subscripts i in D are all taken modulo the order d j . In the rest of this paper the modulo operation will be omitted when no confusion can arise.
Since α m is a p m -th primitive root of unity, it follows that 1 + α m + α 2 m + · · · + α p m + · · · + α p m −1 It can be easily seen from (4) . By (1) the linear complexity of s ∞ in (3) can thus be given by In the following we shall study the value of F From the definitions in (5) and (6), the polynomial F for 1 ≤ j ≤ n and 0 ≤ i < d j . Some basic properties of these polynomials are given in the following lemma.
Lemma 4 Let α j = α p n− j n , 1 ≤ j ≤ n, be a p j -th primitive root of unity. Given any element a ∈ D The proof of this lemma is similar to the proof of Lemma 6 from [6].
The following proposition characterizes some proper- Similarly we have The desired result thus follows.
(ii) By definition we see that Further, . .
We now examine the value of F Proposition 2 Let q : Proof. We will show F Suppose q ≡ g u (mod p m ) for some integer u. By Lemma 2 u 0 (mod p). Letting u 1 ≡ u (mod d m ), we have q ∈ D (p m ) u 1 and u 1 0. It then follows from Proposition 1 (i) and from properties of F q that iu 1 (α m ) = 0 for any integer i ≥ 1.
Denote v = gcd(u 1 , d m ). Since the subscript of F (p m ) i (x) is taken modulo d m , it is easily seen that Thus v does not divide d m /q. Since v = gcd(u 1 , d m ) = gcd(u, d m ) and gcd(u, p) = 1 (by Lemma 2), it follows that v divides f but does not divide f /q. A similar argument as in (9) gives On the other hand, by eliminating the overlapping terms in G We recall that h m = d m /q. Observe that ld m /q ≡ l f /q (mod f ) for l = 0, 1 . . . , q − 1 and m > 1 we see that D Thus, by letting t (mod p) =t for any t ∈ D we have and c i ∈ F q (α m−1 ). It means that α m is a root of the polynomial f (x) = F q (α m−1 )] < p, which is in contradiction with Lemma 2. By Proposition 2, we only need to study the values of F (p n ) b (α i n ) for integers i in the set p n−1 Z p . For any a ∈ Z * p , it follows from Proposition 1 and Lemma 4 that where a ∈ D (p) i for some integer i and k ≡ b + i (mod f ). The following proposition examines the value of G (p) k (α 1 ) according to the relation between f and ord p (q).
Proposition 3 Let p = e f + 1 be an odd prime, q divides f and v = gcd( p−1 ord p (q) , f ). Then, k+l f /q (α 1 ) 0 for l = 1, . . . , q − 1 and we obtain the first part of statement of (i).
Further, suppose v = f ; then q ∈ D (p) 0 and G (p) k (α 1 ) ∈ F q for any k. In this case we see that only one from numbers G We shall prove this case by contradiction. Suppose G (p) k (α 1 ) = 0 for some integer k. Without loss of generality, we assume k = 0 and G If v divides f /q, then G f /q+v· f /qv (α 1 ) = G (p) 0 (α 1 ), which is a contradiction.
Let v = 2, v f and v does not divide f /q, it is clear that f /q is odd. In this case we get as above that So, we see that G   For v f we can easily choose an integer j such that Given any a ∈ Z * p , assuming j+k+(q−1) f /q (α) + 1 = 0. That is to say, f (α a 1 ) = 0 for any a ∈ Z * p . This is a contradiction since the polynomial f (x) has degree less than p − 1.

Proof of Theorem
Recall that the linear complexity of s ∞ is given by It is easy to see that F (1) = 0. Proposition 2 we know i ∈ Z p n \ p n−1 Z p | F (p n ) b (α i n ) = 0 = 0. For the remaining set p n−1 Z p , if i = 0, then F for some integer a ∈ Z * p . Suppose G where r is an integer with 0 ≤ r ≤ p−1 q ord p (q) . Furthermore, if v = f or v| f /2 and v f then by Proposition 3 we see that r = p−1 ord p (q) in the first case and r = 0 in the second case. This concludes the proof of Theorem 1.

Remark 6
If v f then r can have different values. For example, let q = 3, f = 24 and p = 193. We obtain by Berlekamp-Massey algorithm that here L = 160. Further, in this case ord p (q) = 16 and r = 2 < p−1 ord p (q) . Also for p = 577.

Additional remark
Let D = {k : q p−1 ≡ 1 (mod p k )} and wn = max k∈D k. In this case we can obtain for n ≥ wn that the linear complexity of s ∞ over F q is given by L = p n − r · ord p (q) − 1, 0 ≤ r ≤ p wn −1 qord p (q) . Furthermore, Here v = gcd p−1 ord p (q) , f as earlier.