Summary -I n this paper the linear feedback shift registers are determined t h a t can generate the output sequence o f t w o types o f clock controlled shift registers suggested by P. Nyffeler. For one type of clock control sufficient conditions are given which guarantee that maximum linear complexity is obtained. Furthermore, it i s shown that the randomness properties for sequences o f maximal linear complexity depend on clocking procedure.
1.
Introduction.
Pseudo random sequences generated b y linear feedback shift registers are used in various crypto systems as running key generators. I n general several linear feedback s h i f t registers are used t o produce t h e f i n a l pseudo random sequence. Since such a sequence i s periodic, it can be generated by one single linear feedback shift register of finite length. The length of shortest linear feedback shift register that is able t o produce the output sequence o f a configuration is referred t o as the linear complexity of the sequence. I f the linear complexity o f some periodic sequence is L, then 2L consecutive symbols w i l l be sufficient t o determine b o t h the linear feedback and the initial state of a linear feedback shift register that can generate the sequence [I] . As a consequence, a configuration o f linear feedback shift registers must be such that the generated sequences do have a large linear complexity.
This paper deals w i t h t w o types o f clock controlled shift registers, suggested by P. 
2.
Cascade Clock Control
Consider the configuration o f two shift registers as given in Fig. 1 . The clock of the first shift register, LFSRa, is controlled by the sequence generated by the second shift register, The sequence (y, ) obtained at the output i s n-I yn=as(n), where
k=O L e t Tb denote the period o f (b"). Furthermore, let S=s(Tb), i.e., the number of clock pulses generated in one period of (bn).
Theorem 1. The sequence (y, ) generated by the cascade clock control configuration of LFSRa and LFSRb has a minimal polynomial f*(x) such that where f(k) denotes the minimal polynomial of the k-decimated sequence of (an), i.e., (akn).
Proof L e t k and I be integers and l e t k>O. Consider now the sequence (akn+,), i.e., the 1-th phase s h i f t o f (akn). It i s easy t o see that 
This implies t h a t y(x)=h(x)/f(')(xTb). However, we also have y(x)=h*(x)/f*(x), deg h*<deg f*, where f*(x) is the minimal polynomial f o r (yn). The theorem follows from the minimality o f f*.
Under favourable conditions i t can be shown that the polynomial given in (2) i s the minimal polynomial o f (yn). Specializing a theorem by Serret on irreducible polynomials, see C31, we obtain the following result:
Theorem 2. Suppose f (x) has degree d and has order Ta,S. Suppose also that
is prime over GF(q). Hence, it i s the minimal polynomial of (yn).
Furthermore it has degree Tbd and has order TbTa,S.
When f(x) is a maximum-length polynomial we have the following interesting special case of Theorem 2. sequence is prime over GF (2) , is o f degree B:=n(2"-1) and has period (pcQ)'.
However we just have shown that deg f=A<B, hence c>d. Finally, l e t n>n'. N o t e that 2"'-11 2"-1 i f f n'] n and n'=crd2pln because 2"=1 mod p. This proves that pdl Zn'-1 12"-1.
Note: this result can be obtained also by using only partial results on which Theorem 2 is based, [31.
Clock Controlled Sampling
Consider the configuration of two linear feedback shift registers as shown in Fig. 2 
(b,) LFSRb
The sequence (yn) obtained a t the output is where g is a mapping as explained above. Furthermore, assume that bo i s such that g(bo)=l. This r e s t r i c t i o n assures that the first output symbol i n (y, )
is a . instead o f the i n i t i a l state of the memory c e l l D. For the binary case this result is connected w i t h a result given i n [Z]. L e t a be a zero of f(x), then it is easily shown t h a t a is also a zero of (7). Thus f(x) divides f(Tb)(x ' ), hence it is much harder t o guarantee that (7) is the minimal polynomial of (ynh In the case of clock controlled sampling a symbol i n the output stream may also be a repetition. This happens when no new symbol i s loaded into the D element. Such repetitions can be avoided when one increases the number of instances in which a new symbol is loaded into 0. However this causes the output sequence t o become more identical t o the sequence generated by LFSRa.
Conclusion
It has been shown that under certain well defined conditions we can guarantee a high linear complexity for the sequences produced by the cascade clock control configuration.
The random properties o f these sequences depend on the method of clocking. Furthermore, for the clock controlled sampling configuration it is much harder t o guarantee a high linear complexity and (or) good random properties.
