Cyclic complexity and locator polynomials

In this section, we shall study first the linear complexity of periodic sequences. For emphasis, the linear complexity of a periodic sequence will also be called the cyclic complexity. When we want to highlight the distinction, the linear complexity of a finite, and so nonperiodic, sequence may be called the acyclic complexity. The cyclic complexity is the form of the linear complexity that relates most naturally to the Fourier transform and to a polynomial known as the locator polynomial, which is the second topic of this chapter.

Thus the cyclic complexity of the vector V , having blocklength n, is defined as the smallest value of L for which a cyclic recursion of the form

V_{(( j))}= −

L k=1

kV_{(( j−k))} j= L, . . . , n − 1, n, n + 1, . . . , n + L − 1,

exists, where the double parentheses denote modulo n on the indices. This means that ((x), L) will cyclically produce V from its first L components. Equivalently, the linear recursion ((x), L) will produce the infinite periodic sequence formed by repeating the n symbols of V in each period. The cyclic complexity of the all-zero sequence is zero.

The distinction between the cyclic complexity and the acyclic complexity is illus-trated by the sequence (V0, V₁, V₂, V₃) = (3, 1, −1, 1) of blocklength 4. The linear recursion((x), L) = (1 + x, 2) achieves the acyclic complexity, and the linear recur-sion((x), L) = (1−x+x²−x³, 3) achieves the cyclic complexity. These are illustrated in Figure1.2.

1 1 –1 1

1

+ + 1

. . . , 1,–1, 1, 3

–1 3

–1

1,–1, 1, 3

Figure 1.2. Linear-feedback shift registers.

When expressed in the form

V_{(( j))} = −

L k=1

kV_{(( j−k))} j= 0, . . . , n − 1,

it becomes clear that the cyclic recursion can be rewritten as a cyclic convolution,

L k=0

kV_{(( j−k))}= 0 j = 0, . . . , n − 1,

where0= 1. The left side of this equation can be interpreted as the set of coefficients of a polynomial product modulo xⁿ− 1. Translated into the language of polynomials, the equation becomes

(x)V (x) = 0 (mod xⁿ− 1), with

V(x) =

n−1

j=0

V_jx^j.

In the inverse Fourier transform domain, the cyclic convolution becomesλivi = 0, whereλiandviare the ith components of the inverse Fourier transform. Thusλimust be zero wheneverviis nonzero. In this way, the connection polynomial(x) that achieves the cyclic complexity locates, by its zeros, the nonzeros of the polynomial V(x).

To summarize, the connection polynomial is defined by its role in the linear recur-sion. If the sequence it produces is periodic, however, then it has another property.

Accordingly, we shall now define a polynomial, called a locator polynomial, in terms of this other property. Later, we will find the conditions under which the connection polynomial and the locator polynomial are the same polynomial, so we take the liberty of also calling the locator polynomial(x).

A locator polynomial,(x) or ^◦(x), for a finite set of nonzero points of the form β
orωⁱ
,
= 1, . . . , t, in the field F, is a polynomial of F[x] or F[x]/
xⁿ− 1 that has the points of this set among its zeros, whereω is an element of F of order n. The notation

^◦(x) is used when it is desired to emphasize that the cyclic complexity is under consideration. Then the polynomial^◦(x) is regarded as an element of F[x]/
xⁿ− 1.

Therefore,

^◦(x) =

t

=1

(1 − ω^i
x),

where t is the number of points in the set, and the nonzero valueωⁱ
specifies the
th point of the set of points in F. In the context of the locator polynomial, we may refer

27 1.7 Cyclic complexity and locator polynomials

to the pointsωⁱ
as locations in F. With this notation, we may also call i
(orωⁱ
) the index of the
th location. If the field F is the finite field GF(q), and n = q − 1, then every nonzero element is a power of a primitive elementα of the field and, with ω = α,

^◦(x) =

t

=1

(1 − α^i
x).

Because the finite field GF(q) has a primitive element α of order q − 1, and V (x) is a polynomial in the ring of polynomials GF(q)[x]/
xⁿ− 1, we can find the nonzeros of V(x) at nonzero points of GF(q) by computing V (α⁻ⁱ) for i = 0, . . . , n − 1. This is the computation of a Fourier transform of blocklength n. The polynomial V(x) has a nonzero atα⁻ⁱif V(α⁻ⁱ) = 0. A locator polynomial for the set of nonzeros of V (x) is then a polynomial^◦(x) that satisfies

^◦(α⁻ⁱ)V (α⁻ⁱ) = 0.

This means that a locator polynomial for the nonzeros of V(x) is a polynomial that satisfies

^◦(x)V (x) = 0 (mod xⁿ− 1).

Then, any^◦(x) satisfying this equation “locates” the nonzeros of V (x) by its zeros, which have the formα⁻ⁱ. If V is a vector whose blocklength n is a divisor of q^m− 1, then only the nonzeros of V(x) at locations of the form ω⁻ⁱare of interest, whereω is an element of GF(q^m) of order n. In such a case, the primitive element α can be replaced in the above discussion by anω of order n. The zeros of (x) of the form ω⁻ⁱ locate the indicated nonzeros of V(x).

We have not required that a locator polynomial have the minimal degree, so it need not be unique. The set of all locator polynomials for a given V(x) forms an ideal, called the locator ideal. Because GF(q)[x]/
xⁿ− 1 is a principal ideal ring, meaning that any ideal is generated by a single polynomial of minimum degree, the locator ideal is a principal ideal. All generator polynomials for this ideal have minimum degree and are scalar multiples of any one of them. All elements of the ideal are polynomial multiples of any generator polynomial. It is conventional within the subject of this book to speak of the unique locator polynomial by imposing the requirements that it have minimal degree and the constant term0is equal to unity. The monic locator polynomial is a more conventional choice of generator within the subject of algebra.

Now we will prove the linear complexity property of the Fourier transform, which was postponed until after the discussion of the cyclic complexity. This property may be stated as follows:

“The weight of a vectorvis equal to the cyclic complexity of its Fourier transform V .”

Let wt v denote the weight of the vector v. Then the linear complexity property can be written as

wt v=L(V ).

It is assumed implicitly, of course, that n, the blocklength of v, admits a Fourier transform in the field F (or in an extension of F). Specifically, the field must contain an element of order n, so n must divide q− 1, or q^m− 1, for some integer m.

The proof of the statement follows. The recursion((x), L) will cyclically produce V if and only if

(x)V (x) = 0 (mod xⁿ− 1).

This is the cyclic convolution

∗ V = 0.

By the convolution theorem, the cyclic convolution transforms into a componentwise product. Then

λivi= 0 i = 0, . . . , n − 1,

where λ is the inverse Fourier transform of
. Thereforeλimust be zero everywhere thatviis not zero. But the polynomial(x) cannot have more zeros than its degree, so the degree of(x) must be at least as large as the weight of v. In particular, the locator polynomial

(x) =

t

=1

(1 − xω⁻ⁱ
)

suffices where wt v = t and (i1, i₂, i₃,. . . , it) are the t values of the index i at which vi is nonzero and ω is an element of order n, a divisor of q^m − 1. More-over, except for a constant multiplier, this minimum locator polynomial is unique because every locator polynomial must have these same zeros. Clearly, then, any nonzero polynomial multiple of this minimal degree locator polynomial is a locator polynomial, and there are no others. This completes the proof of the linear complexity property.

Later, we shall want to compute the recursion ((x), L) that achieves the cyclic complexity of a sequence, whereas the powerful algorithms that are known compute instead the recursion((x), L) that achieves the acyclic complexity. There is a simple condition under which the cyclic complexity and the acyclic complexity are the same.

The following theorem gives this condition, usually realized in applications, that allows the algorithm for one problem to be used for the other.

29 1.7 Cyclic complexity and locator polynomials

The locator polynomial of V(x) is properly regarded as an element, ^◦(x), of the ring GF(q) [x]/
xⁿ− 1. However, we will find it convenient to compute the connection polynomial of V(x) by performing the computations in the ring GF(q)[x].

Given polynomial V(x), a connection polynomial for the sequence of coeffi-cients of V(x) in GF(q)[x] need not be equal to a locator polynomial for V (x) in GF(q)[x]/
xⁿ− 1, and this is why we use different names. However, we shall see that, in cases of interest to us, they are the same polynomial.

Theorem 1.7.1 The cyclic complexity and the acyclic complexity of a sequence of