A New Method for Finding Affine Sub-Families of NFSR Sequences

In this paper, a new and efficient method for solving affine sub-families included in a family of nonlinear feedback shift register (NFSR) sequences is proposed. The linear case is focused on since the affine case is an analogy. Let <inline-formula> <tex-math notation="LaTeX">$f(x_{0},x_{1},\ldots, x_{n}) = x_{0} \oplus f_{1}(x_{1},\ldots, x_{n-1}) \oplus x_{n}$ </tex-math></inline-formula> be a characteristic function of an <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula>-stage NFSR, where <inline-formula> <tex-math notation="LaTeX">$n$ </tex-math></inline-formula> is a positive integer. Let <inline-formula> <tex-math notation="LaTeX">$\deg (f)=d>1$ </tex-math></inline-formula> and <inline-formula> <tex-math notation="LaTeX">$f_{[d]}$ </tex-math></inline-formula> be the summation of all terms in the algebraic normal form of <inline-formula> <tex-math notation="LaTeX">$f$ </tex-math></inline-formula> whose degrees attain the maximum <inline-formula> <tex-math notation="LaTeX">$d$ </tex-math></inline-formula>. First, it is proved that every linear sub-family of <inline-formula> <tex-math notation="LaTeX">$G(f)$ </tex-math></inline-formula> is a sub-family of linear feedback shift register sequences generated by a characteristic polynomial of the form <inline-formula> <tex-math notation="LaTeX">$\sum _{i\in S} c_{i}x^{i}$ </tex-math></inline-formula>, where <inline-formula> <tex-math notation="LaTeX">$c_{i}\in \mathbb {F}_{2}$ </tex-math></inline-formula> and <inline-formula> <tex-math notation="LaTeX">$S$ </tex-math></inline-formula> consists of all subscripts of variables appearing in <inline-formula> <tex-math notation="LaTeX">$f_{[d]}$ </tex-math></inline-formula>. That is to say, every linear sub-family of <inline-formula> <tex-math notation="LaTeX">$G(f)$ </tex-math></inline-formula> is a factor of some polynomial <inline-formula> <tex-math notation="LaTeX">$\sum _{i\in S} c_{i}x^{i}$ </tex-math></inline-formula> over the finite field <inline-formula> <tex-math notation="LaTeX">$\mathbb {F}_{2}$ </tex-math></inline-formula>. This result is a well generalization of linear recurring sequences theory since it also holds if <inline-formula> <tex-math notation="LaTeX">$d=1$ </tex-math></inline-formula>. Based on this result, a candidate set of linear sub-families could be obtained by polynomial factorizations over <inline-formula> <tex-math notation="LaTeX">$\mathbb {F}_{2}$ </tex-math></inline-formula>. Second, we propose a new method to verify a linear sub-family whose memory requirement and time complexity are clearer than the previous method. For instance, all affine sub-families of the 160-bit main register used in Grain v1 could be determined within two seconds by a PC using the new method in this paper, which is unobtainable for previous algorithms.