On the largest affine sub-families of a family of NFSR sequences

Recently nonlinear feedback shift registers (NFSRs) have frequently been used as building blocks for designing stream ciphers. Let NFSR (g) be an m-stage NFSR with characteristic function \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$${g=x_{0}\oplus g_{1}(x_{1},\cdots ,x_{m-1})\oplus x_{m}}$$\end{document} . Up to now there has been no known method to determine whether the family of output sequences of the NFSR (g), denoted by S(g), contains a sub-family of sequences that are exactly the output sequences of an NFSR(f) of stage n < m. This paper studies affine cases, that is, finding an affine function f such that S(f) is a subset of S(g). If S(g) contains an affine sub-family S(f) whose order n is close to m, then a large number of sequences generated by the NFSR (g) have low linear complexities. First, we give two methods to bound the maximal order of affine sub-families included in S(g). Experimental data indicate that if S(g) contains an affine sub-family of order not smaller than m/2, then the upper bound given in the paper is tight. Second, we propose two algorithms to solve affine sub-families of a given order n included in S(g), both of which aim at affine sub-families with the maximal order. Algorithm 1 is applicable when n is close to m, while the feasibility of Algorithm 2 relies on the distribution of nonlinear terms of g. In particular, if Algorithm 2 works, then its computation complexity is less than that of Algorithm 1 and it is quite efficient for a number of cases.