Performance Analysis of Maximum Length LFSR
and BBS Method for Cryptographic Application
N.S.Abinaya
PG Scholar, VLSI Design
Tagore Institute of Engineering and Technology
Attur- 636 1 12, Tamil Nadu, India
abinaya.ns001@gmail.com
Abstract- Today cryptography is an integral part of our
lives. PRNG's are used in modern cryptography.
maximal length PN-sequence (m-sequence) is the best known
best-described PN-sequence whose length is equal to its
period. Various PN-codes can be generated using Linear
Feedback Shift Register (LFSR). The generator polynomial
provides the necessary feedback taps for the LFSR circuit.
The implementation of the LFSR circuit with
technology makes it useful in low-power communication
system design. This paper presents the performance
comparison of 4 bit LFSR method with BBS and the reported
results show that LFSR is more suitable for cryptographic
application.
Index terms - Cryptography, Linear Feedback Shift
Register, and Low power VLSI.
I INTRODUCTION
In modern world, Cryptographic systems have become
a part of our daily life due to the need of security of many
common activities such as communication, payments, data
transfers etc. Rapid expansion of internet and wireless
based communications. Cryptography provides the support
to design the necessary data protection services. The
fundamental of cryptography is illustrated in Fig l. Hence
this has been attracted by many researchers in recent past.
The best support in design and implementation of
cryptographic applications is offered by embedded
systems such as ASICs and FPGAs [1].FPGA is more
suitable because of its re-configurability and better
performance. PRNGs are used for modern cryptography
applications [1], [2].Cryptography is the science of secret
writing. A cipher is a secret method of writing; where by
plain text is transformed into a cipher text. Encryption and
decryption are controlled by cryptographic keys.
Linear feedback shift registers as maximal length
sequence generators are widely used in stream ciphers for
key stream generation due to their good statistical
properties, large period, and low implementation costs,
and are readily analyzed using algebraic techniques.
Maximal length sequences are generated when the LFSR
passes through every non-zero state once and only once
and are obtained when the feedback polynomial to which
LFSR corresponds is primitive [3], a feedback polynomial
of degree n is primitive if it is irreducible (cannot be
factored) and has a period equivalent to 2"-1.
P.Prakasam
Dept. of Electronics and Communication Engineering
Tagore Institute of Engineering and Technology
Attur- 636 1 12, Tamil Nadu, India
prakasamp@gmail.com
Key Key
The
Stream Stream
VLSI Cipher Cipher
Plaintext Plaintext
Cipher text
Figure 1 Fundamental of Cryptography
In this paper, 8, 16 and 32 bit maximum length LFSR
which can give the maximum states of PN sequence has
been implemented. Also presented the comparison of
performance analysis of 4 bit LFSR and 16 bit BBS based
on synthesis and simulation result on FPGA using
hardware descriptive language(HDL) with maximum
length feedback polynomial to understand the area, speed
and power requirement. The target device we have used is
Xilinx Virtex6 XA9572XL FPGA and performed
simulation and synthesis using Xilinx ISE 12.l. FPGA is a
predesigned reconfigurable Ie. It has the ability to
reconfigure its circuitry for a desired application or
function at any time after manufacturing. It is an adaptive
hardware that continuously changes in response to the
input data or processing environment. The FPGA
configuration is generally defmed using a hardware
description language (HDL), similar to circuit
(ASIC).FPGAs can be used to implement any logical
function that an ASIC can perform. Because of various
advantages and rapid prototype development can possible,
so FPGA is chosen.
The remainder of the paper is organized as follows:
Section II focuses on the literature review related with
various methods. Section III emphasizes on analysis of
data collection related to reported techniques. Section IV
focuses the performance analysis of the same and Section
V reports the conclusion of the research work.

II LITERATURE REVIEW
A .Blum Blum shub sequence generator (BBS)
The comparative study between BBS and LFSR PN
Sequence Generator [1] LFSR is periodic were as BBS
method is a non-periodic PRNG. The feedback shift
register permits very fast generation of PN sequence.4 bit
LFSR can generate 15-bit sequence with maximum length
polynomial. But only 16-bit BBS can generate 16-bit
sequence. CPU time is taking for 4-Bit LFSR is 0.39 sec
whereas for BBS it is 4.11 sec. Number of flip flop
required for LFSR is 4 and in BBS, it is 16. Hence,
memory utilization is more in BBS.
Blum Blum Shub was the pseudo random number
generator proposed in 1986 by Lenore Blum, Manuel
Blum, and Mike shub. It have presented two pseudo­
random number sequence generators and discussed their
properties [4], [5].They are,
(1) The 1 IP generator-predictable.
(2) The x2 mod N generator - unpredictable.
The liP generator has applications to the generation of
generalized maximum-length shift-register sequences.
Thex2modNgenerator has applications to public-key
cryptography.
B. LFSR sequence generator
This application note [6] describes 4- and 5-bit
universal LFSR counters, very efficient RAM-based 32-bit
and 100-bit shift registers, and pseudo-random sequence
generators with repetition rates of thousands and even
trillions of years, useful for testing and encryption
purposes. The appropriate taps for maximum-length LFSR
counters of up to 168 bits are listed.
The multi-bit LFSR PNRG and performance
comparison [1].The analysis is restricted to fmd number
gates, memory and speed requirement in FPGA as the
number of bits is increased. Tapping is the main function
for generating PNRG. In this only one tapping (one XOR
operation) is used.8bit, 16bit, 32bit with single tapping has
been generated only 63,255 and 2046 random output
instead of 255, 65535 and 4,29,49,67,295.By increasing
the tapping in future, more random output sequence may
be generated. With maximum length feedback polynomial
[7] produces the long sequence of pattern generation for
cryptography. More secure than that of minimum length
feedback polynomial.8 bit LFSR with maximum feedback
16
generates 28-1=255 random outputs.16 bit generates 2 _
32
1=65535.32 bit generates 2 _1 =429,49,67,295.Cipher
based LFSR and modular division circuit[9]Polynomial
modular division is combined with LFSR generator to
yield stream generator with much higher periodicity.
Among various possible stream ciphers LFSR is more
popular. Simple structures and low hardware cost.
Modular division is used to increase the periodicity. By
combining both LFSR and Modular Division circuit
throughput of the system is increased by 2"_1 times as
compared with LFSR method alone. Security increased as
number of bits increased in LFSR.
LFSR in CDMA application [8] PN sequence
generation is considered to be the heart of CDMA system.
The maximum length PN sequence is described as best PN
sequence. Currently CDMA uses Gold codes for PN
sequence. Gold codes are formed by combining two PN
sequences which require more hardware area. The role of
feedback taps in LFSR is very important in the design of
low power communication system. Selection of higher
length of LFSRs with feedback gives much better
attributes in comparison with the selection of lower
lengths of the LFSRs. Secure transmission of message
using LFSR [9] method increases the security of the
transmission over an unsecured channel. LFSR is a good
function to generate RNs because logical circuit variations
are high. Software and hardware implementation of LFSR
is very easy. The Revisiting LFSRs [10] describes the 2
types LFSMs Galosis LFSR and Fibonacci LFSR,
- The galosis LFSR also known as internal
XOR LFSR or canonical LFSR.
- The Fibonacci LFSR also known as
external XOR LFSR or just LFSR.
�-- - - �
"./ J
11-2 0
Figure 2 Galosis LFSR
Figure 3 Fibonacci LFSR
Fig 2 and 3 represents about the Galosis LFSR and
Fibonacci LFSR respectively. Galois LFSRs do not
concatenate every tap to produce the new input (the
XOR'ing is done within the LFSR and no XOR gates are
run in serial, therefore the propagation times are reduced
to that of one XOR rather than a whole chain), thus it is
possible for each tap to be computed in parallel, increasing
the speed of execution. In a software implementation of an
LFSR, the Galois form is more efficient as the XOR
operations can be implemented a word at a time: only the
output bit must be examined individually.
C. Mersenne Twister algorithm
The true random number generation using Mersenne
Twister algorithm has been presented [11]. In this paper,
design and implementation of a parallel implementation
has been done using FPGA, CPU and GPU. Resource
utilization is 128slices and 193 FFs for 32bit word length.
And also it has been reported that FPGA based
implementation can achieve 25x speed-up compared with
CPU and 9x with GPu. High performance mersenne
twister [12] reported that the fast generation of very high
quality PRN using LFSR. The performance of proposed
algorithm required only330 slices and 539LUTs for 32
bit word length.
D. Digital map approach
The digital maps [13] for PRNGs and also compared
this with LFSR PRNGs. Digital map approach is the non­
periodic approach with Complex circuit this approach is
polynomial must be 1's or O's. This is called the feedback
polynomial or characteristic polynomial. For example, in 4
bit LFSR if the taps are at the 4th and 3rd bits (as shown),
then the feedback polynomial is
X4+X3+1
1) The Rules for Selecting Feedback Polynomial:
The rules for selecting feedback polynomial which is
given in [1], [7] are as follows:
1. The 'one' in the polynomial does not correspond to
a tap it corresponds to the input to the first bit (i.e.
Xo which is equivalent to 1).

not able to reduce or simplify the polynomials. LFSR is
low circuit complexity, low power dissipation and capable
of generating PRS at high bit rate. Logistic digital map
required at least 30 bit to achieve above 20,000 period
sequences, only 15bit LFSR enough to generate the same
sequence.
III. ANALYSIS OF DATA COLLECTION
A.BBS Method
DEFINITION (liP generator): lip generator is
completely predictable and one can infer the 'seed' and
continue the sequence backwards and forwards. To defme
the seed space, let N = {integers P>1 relatively prime to b}
be the parameter values, and let the seed domain X be the
disjoint union.
DEFINITION [x2 mod N generator]: X2 mod N
generator is unpredictable and one can generate the
sequence forward and one cannot generate the sequence
backward. Let N= {integers NIN= P*Q, such that P, Q are
equal length (IPI=IQI) distinct primes 3 mod 4} be the set
of parameter values.
Size of
B. Basic models analysis of LFSRs
2. The powers of the terms represent the tapped bits,
counting from the left. The first and last bits are
always connected as an input and output tap
respectively.
3. The LFSR will only be maximum-length if the
number of taps is even; just 2 or 4 taps can suffice
even for extremely long sequences.
4. The set of taps taken all together, not pair wise (i.e.
as pairs of elements) must be relatively prime. In
other words, there must be no common divisor to all
taps.
5. Once one maximum-length tap sequence has been
found, another automatically follows. If the tap
sequence, in an n-bit LFSR is [n, A, B, C, 0],
where the 0 corresponds to the xO = 1 term, then the
corresponding 'mirror' sequence is [n, n -C, n -B, n
-A, 0]. So the tap sequence [32, 7,3, 2, and 0] has as
its counterpart [32, 30, 29, 25, 0]. Both give a
maximwn-Iength sequence.
TABLE I. POSSIBLE AND MAXIMUM LENGTH
POLYNOMIAL
Possible feedback Maximum
LFSR Polynomial length

LFSR is a shift register whose input bit is a linear feedback

polynomial
function of its previous state. The most commonly used
4bit
linear function of single bits is XOR. Thus, an LFSR is a X4+X2+I,X4+X3+I etc., X4+X2+1

shift register whose input bit is driven by the exclusive-or 8bit

X8+X' + I,X8+X5+ I, X8+X' +X6+
(XOR) of some bits of the overall shift register value. [14]. X; + I
The initial value of the LFSR is called the seed. Because X8+X' +X6+X5+ I,

the register has a fmite number of possible states, it must 4 3 l

X8+X6+X +X +X2 +X + I,Etc.,
eventually enter a repeating cycle. However, an LFSR 16bit
XI6 +X15+ I, X16 +X14+XIJ
with a well-chosen feedback function can produced +X"++ I
9
sequence of bits which appears random and which has a XI6 +XIJ +XI2 +X + I,

very long cycle. Applications of LFSRs include generating X16+X"+XIO +X'+X3+Xl+ I,

pseudo-random numbers, pseudo-noise sequences, fast '
XI6 +X15+Xl" +XI2+X +X6+
digital counters, and whitening sequences. Both hardware
3
and software implementations of LFSRs are common [9]. +X +X2+ I, etc.,
32bit
The bits in the LFSR state which influence the input X32+X31+ 1, X32+X22+X2
are called taps. A maximum-length LFSR produces an m­ 9 +XI+ I
X32 8
+X2 +X27 +X + I,
sequence (i.e. it cycles through all possible 2n-1 states
X32+X21+X15+X13+X12+XIO+
within the shift register except the state where all bits are
X8+X4 + I,
zero), unless it contains all zeros, in which case it will
never change. . The arrangement of taps for feedback in an X32+X3I+X27 +X24 +XI9+XIS
4 5
LFSR can be expressed in finite field arithmetic as a +XI7 +X1 +XIJ +X"+X +X"+
X " etc.,
polynomial mod 2. This means that the coefficients of the

The most commonly used linear function of single bits
is XOR. Thus, an LFSR is most often a shift register
whose input bit is driven by the exclusive-or (XOR) of
some bits of the overall shift register value. [2], [14]. The
4-bit Fibonacci LFSR and PN Sequence for 4bit Fibonacci
LFSR is shown in Fig 4 and 5 respectively. The initial
value of the LFSR is called the seed. Because the register
has a finite number of possible states, it must eventually
enter a repeating cycle. However, an LFSR with a well­
chosen feedback function can produce sequence of bits
which appears random and which has a very long cycle.
Applications of LFSRs include generating pseudo-random
numbers, pseudo-noise sequences, fast digital counters,
and whitening sequences. Both hardware and software
implementations of LFSRs are common [1].
IV. RESULTS AND DISCUSSION
The comparison between 4 bit LFSR and BBS method
has been carried out for further analysis. This has been
illustrated in Table II. The generated 15 bit sequence of 4-
bit LFSR is taking 1260ns simulation time at 20ns clock
cycle whereas 16-bit BBS generates sequence after 450ns
on the single clock cycle. It can be observed the sequence
is repeating after 15 clock periods in LFSR where as in
BBS after 15 clock period another random bit generate.
Total number of random state generating in 4 bit LFSR is
15, for same random states in BBS it required 16 bit .
Table II shows that in LFSR as compared with BBS,
number of shift register required and number of flip flops
utilized has been found very low. Hence, this consumed
less power.

fT,� TABLE II. COMPARISON BETWEEN LFSR AND BBS

\ 1 '-"
�
PERFORMANCE 4 BIT LFSR 16 BIT BBS
Time to complete the 20ns to It takes only
total states 1280ns=1260 Ins,after 450ns
� � � -�
Total no. of random
FFI FF2 FF3 FF3 15 16
states generating

P P P Clock 20ns 20ns

Shift Register 04 one bit One 16 bit

Number of slices 02 00

No. oftlip-tlops 04 16

elk CPU time 0.39sec. 4. l lsec.

Figure4. 4-bit Fibonacci LFSR
Total pins 06 18

A maximal-length LFSR produces the maximum

number of PRPG and has a pattern count equal to 2" -
l.The initial value of the LFSR - Seed. LFSR with a well­
chosen feedback function can produce a better sequence of
bits, appears random in nature& which has a very long
cycle. LFSR is a shift register whose input bit is a linear
function of its previous state.
The synthesis and simulation report for 8bi LFSR by
using maximum length feedback polynomial and
minimum length feedback polynomials are given in Table
III. Form the table we can find the total memory usage,
total number of random states generating and simulation
time of different length LFSR.

TABLE III.COMPARISON BETWEEN 8 BIT MTNTMUN AND

MAXIMUM LENGTH FEEDBACK LFSR

MINIMUM MAXIMUM
PERFORMANCE LENGTH LENGTH
FEEDBACK FEEDBACK

Time to complete the 20 ns to 1280 ns 40 ns to 5140

total states =1260 ns ns=5100 ns

Total no. of Random

63 255
States generating

Clock 20ns 20ns

Shift Register 8 8

Xor gate 01 01

No. of Slice Flip Flops 08 08

Total memory usage 185904 kb 185904 kb

GCLK 01 01
FigureS. PN Sequence for 4bit Fibonacci LFSR
Total pin 10 10
 From the above TABLEIII it is clear that by using
[9]. Dr.AshishNegi, Jayveer Singh Farswan,
maximum length feedback LFSR increases the total
V.MThakkar, SiddharthGhansala "Cryptography Play fair Cipher
random output states than that of minimum length using Linear Feedback Shift Register", IOSR Journal of
feedback LFSR. Engineering May. 2012, Vol. 2(5) pp: 1212-1216.
[10]. Arnault. F, Berger. T, Minier. M and Pousse. M, "Revisiting
LFSRs for cryptographic applications", IEEE Transactions on
V. CONCLUSION
Information Theory, Vol. 57, No. 12, Dec 2011, pp.8095-8113.
[II]. Xiang Tian and KhaledBenkrid, "Mersenne Twister Number
This paper described the BBS method, LFSR sequence Generation on FPGA, CPU and GPU",Proc. Of NASAIESA
generator, Mersenne Twister algorithm and Digital map Conference on Adaptive Hardware and Systems, 2009, pp.460-
464.
approach for cryptographic application. The performance
[12]. ShrutisagarChandrasekaran and Abbes Amira "High Performance
analysis of BBS technique and 4 bit LFSR has been FPGA implementation of the Mersenne Twister", Proc. Of 4th
simulated and compared. As compared with BBS method, IEEE International Symposium on Electronic Design, Test &
LFSR utilized less number of flip flops and also shift Application, Jan 2008, pp.482-485.
[13]. Massimo Alioto, Simone Bernardi, Ada Fort, Santina Rocchi,
register. Hence it has been observed that it consumes less
Valerio Vignoli, "On the Suitability of Digital Maps for Integrated
power. And also selection of higher lengths of LFSRs with Pseudo-RNGs", Proc. Of ECCTD'03 - European Conference on
feedback gives much better attributes in comparison with Circuit Theory and Design, September 1-4, 2003, Cracow, Poland,
the selection of lower length of the LFSRs. pp.349-352.
[14]. Goresky, M.; Klapper, A.M.; Fibonacci and Galois representations
of feedback-with-carry shift registers, "IEEE Transactions on
REFERENCES Information Theory", Vol. 48, Issue II, Nov 2002, pp.2826-2836.
[15]. Deepthi P.P. and P.S. Sathidevi "Hardware Stream Cipher Based
[I]. KhushbooSewak, Panda Amit K, Rajput P, "FPGA Implementation on LFSR and Modular Division Circuit", International Journal of
of 16 bit BBS and LFSR PN Sequence Generator: A Comparative Electrical and Computer Engineering 3:12 2008.
Study", In Proc. of the IEEE Student Conference on Electrical, [16]. Elena Dubrova "A List of Maximum Period NLFSRs", Royal
Electronics and Computer Sciences 2012, 1-2 Mar 2012, NIT Institute oITechnology (KTH), Forum 120, 164 40 Kista, Sweden,
Bhopal, India, pp. 1-3. pp.I-9.
[2]. Panda Amit K, Rajput P, Shukla B, "Design of Multi Bit LFSR [17]. AlexandruComan, RaduFratila, "Cryptographic Applications
PNRG and Performance comparison on FPGA using VHDL", using FPGA Technology"Journal of Mobile, Embedded and
International Journal of Advances in Engineering & Distributed Systems, vol. lll, no. 1, 2011, pp. 10-16.
Technology(IJAET), Mar 2012, Vol. 3, Issue 1, pp. 566-571. [18]. KaustubhGawande,MaithilyMundle"Variouslmplementations of
[3]. Sun Jing, Yang jing-yu, Fu De-sheng: Research On the Security of Blum BlumShubPseudo-Random Sequence
Key Generator in Stream Ciphers: The 1st International Conference enerator"http:lcs.ucsb.edul-koclaclprojectI2003Igawande­
on information Science and engineering (ICISE2009) pp. 1831- mundle.pdJ
83. [19]. Lecuyer, Pierre, "Tables of Linear Congruential Generators of
[4]. Lenore Blum, Manuel Blum, Mikeshub, "A Simple unpredictable DifferentSizes and Good Lattice Structure," Mathematics of
pseudo random number generator", SIAM Compute 0111986. Computation, Vo1.68, No. 225, 1999, pp. 249-260.
[5]. M.Luby, Pseudo randomness and Cryptographic Applications,
Princeton Computer Science Notes, 1996.
[6]. Efficient Shift Registers, LFSR Counters, and Long Pseudo­
Random Sequence Generators, Application Note,Xilinx Inc.
[7]. Amit Kumar Panda*, Praveena Rajput, BhawnaShukla, "FPGA
Implementation of 8, 16, and 32 bit LFSR with Maximum length
feedback polynomial using VHDL", Proc. Of International
Conference on Communication Systems and Network
Technologies, 2012, pp.769-773.
[8]. Afaq Ahmad "Better PN Generators for CDMA Application - A
Verilog-HDL Implementation Approach", International Journal of
Information Engineering (IJlE) Vol.2, No.1, Mar. 2012, pp. 6-11.