Information about Linear Feedback Shift Register

A linear feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state.

The only linear functions of single bits are xor and inverse-xor; thus it is a shift register whose input bit is driven by the exclusive-or (xor) of some bits of the overall shift register value.

The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the sequence of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, a LFSR with a well-chosen feedback function can produce a sequence of bits which appears random and which has a very long cycle.

Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.

Fibonacci LFSRs

The list of the bits positions that affect the next state is called the tap sequence. In the diagram below, the sequence is [16,14,13,11,0]. In a Fibonacci LFSR, as below, the taps are XOR'd sequentially with the output and then feed back into the leftmost bit.

• The outputs that influence the input are called taps (blue in the diagram below).
• A maximal LFSR produces an n-sequence (i.e. cycles through all possible states within the shift register except the state where all bits are zero), unless it contains all zeros, in which case it will never change.

The sequence of numbers generated by a LFSR can be considered a binary numeral system just as valid as Gray code or the natural binary code.

The tap sequence of an LFSR can be represented as a polynomial mod 2. This means that the coefficients of the polynomial must be 1's or 0's. This is called the feedback polynomial or characteristic polynomial. For example, if the taps are at the 16th, 14th, 13th and 11th bits (as below), the resulting LFSR polynomial is:

:

The 'one' in the polynomial does not correspond to a tap - it corresponds to the input to the first bit (i.e. x⁰, which is equivalent to 1). The powers of the terms represent the tapped bits, counting from the left. The first and last bits are always connected as an input and tap respectively.

• If (and only if) this polynomial is a primitive, then the LFSR is maximal
• The LFSR will only be maximal if the number of taps is even
• There can be more than one maximal tap sequence for a given LFSR length
• Once one maximal tap sequence has been found, another automatically follows. If the tap sequence, in an n-bit LFSR, is [n,A,B,C,0], where the 0 corresponds to the term, then the corresponding 'mirror' sequence is [n,n-C,n-B,n-A,0]. So the tap sequence [32,3,2,0] has as its counterpart [32,30,29,0]. Both give a maximal sequence.

Output-stream properties

• Ones and zeroes occur in 'runs'. The output stream 0110100, for example consists of five runs of lengths 1,2,1,1,2, in order. In one period of a maximal LFSR, runs occur (for example, a six bit LFSR will have 32 runs). Exactly of these runs will be one bit long, will be two bits long, up to a single run of zeroes bits long, and a single run of ones bits long. This same property is statistically expected in a truly random sequence.
• LFSR outputs streams are deterministic. If you know the present state, you can predict the next state. This is not possible with truly random events such as nuclear decay.
• The output stream is reversible; an LFSR with mirrored tap sequence will cycle through the states in reverse order.

A drop in replacement for Gray Code counters

Some applications need to mark individual locations along a certain distance with unique values. For example, most tape measures mark each inch or centimeter with a unique number using the decimal numeral system. When computer index or framing locations need to be machine-readable, they are often marked using a LFSR sequence, because LFSR counters are simpler and faster than any other kind of binary counter. LFSRs are faster than natural binary counters and Gray code counters. Given an output sequence you can construct a LFSR of minimal size by using the Berlekamp-Massey algorithm.

Galois LFSRs

Named after the French mathematician Évariste Galois, a Galois LFSR, or an LFSR in Galois configuration, is an alternate structure that can generate the same output sequences as a conventional LFSR. In the Galois configuration, when the system is clocked, bits that are not taps are shifted as normal to the next flip-flop. The taps, on the other hand, are XOR'd with the new output, which also becomes the new input. These won't be shifted in until the next clock cycle.



To generate the same output sequence, the order of the taps is the counterpart (see above) of the order for the conventional LFSR, otherwise the sequence will be in reverse. Note that the internal state of the LFSR is not necessarily the same. The Galois register above has the same output as the Fibonnacci register in the first section.

• Galois LFSRs do not concatenate every tap to produce the new input (the XOR'ing is done within the LFSR and no XOR gates are run in serial, therefore the propagation times are reduced to that of one XOR rather than a whole chain), thus it is possible for each tap to be computed in parallel, increasing the speed of execution.
• In a software implementation of an LFSR, the Galois form is more efficient as the XOR operations can be implemented a word at a time: only the output bit must be examined individually.

Below is example of 32-bit maximal period Galois LFSR simulated in C: unsigned int lfsr = 1; while(1) lfsr = (lfsr >> 1) ^ (-(signed int)(lfsr & 1) & 0xd0000001u); /* taps 32 31 29 1 */



Applications

LFSRs can be implemented in hardware, and this makes them useful in applications that require very fast generation of a pseudo-random sequence, such as direct-sequence spread spectrum radio.

The Global Positioning System uses a LFSR to rapidly transmit a sequence that indicates high-precision relative time offsets. The Nintendo Entertainment System video game console also has a LFSR as part of its sound system. ([1])

Uses in cryptography

LFSRs have long been used as a pseudo-random number generator for use in stream ciphers (especially in military cryptography), due to the ease of construction from simple electromechanical or electronic circuits, long periods, and very uniformly distributed outputs. However the outputs of LFSRs are completely linear, leading to fairly easy cryptanalysis.

Three general methods are employed to reduce this problem in LFSR based stream ciphers

• Non-linear combination of several bits from the LFSR state;
• Non-linear combination of the outputs of two or more LFSRs; or
• Irregular clocking of the LFSR, as in the alternating step generator.

Important LFSR-based stream ciphers include A5/1, A5/2, E0, and the shrinking generator.

Uses in digital broadcasting and communications

To prevent short repeating sequences (e.g., runs of 0's or 1's) from forming spectral lines that may complicate symbol tracking at the receiver or interfere with other transmissions, linear feedback registers are often used to "randomize" the transmitted bitstream. This randomization is removed at the receiver after demodulation. When the LFSR runs at the same rate as the transmitted symbol stream, this technique is referred to as scrambling. When the LFSR runs considerably faster than the symbol stream, expanding the bandwidth of the transmitted signal, this is direct-sequence spread spectrum.

Neither scheme should be confused with encryption or encipherment; scrambling and spreading with LFSRs do not protect the information from eavesdropping.

Digital broadcasting systems that use linear feedback registers

• ATSC Standards (HDTV transmission system – North America)
• DAB (Digital audio broadcasting system -- for radio)
• DVB-T (HDTV transmission system – Europe, Australasia)
• NICAM (digital audio system for television)

Other digital communications systems using LFSR:

• IBS (INTELSAT business service)
• IDR (Intermedaite Data Rate service)
• SDI (Serial Digital Interface transmission)
• Data transfer over PSTN (according to the ITU-T V-series recommendations)

See also

• Pinwheel
• Mersenne twister
• PN Sequences
• Maximum length sequence

External links

• International Telecommunications Union Recommendation O.151 (August 1992)
• Maximal Length LFSR table with length from 3 to 168
• Maximal Length LFSR table with length from 1 to 786, also 1024 and 2048.
• Pseudo-Random Number Generation Routine
• http://www.ee.ualberta.ca/~elliott/ee552/studentAppNotes/1999f/Drivers_Ed/lfsr.html
• http://www.quadibloc.com/crypto/co040801.htm
• Simple explanation of LFSRs for Engineers
• Feedback terms
• General LFSR Theory
• Table of Maximal Tap Sequences
• Shift register code generator