Linear Feedback Shift Registers

Updated 19 December 2025

Linear Feedback Shift Registers (LFSRs) are deterministic finite-state machines that generate pseudorandom sequences using linear feedback polynomials over finite fields.
They leverage algebraic structures and cycle properties to produce maximum-length m-sequences and de Bruijn sequences for cryptographic and digital applications.
Modern designs employ techniques such as feedback polynomial analysis, spectral evaluation, and cycle-joining to enhance security and implementation efficiency.

A linear feedback shift register (LFSR) is a deterministic finite-state machine widely used in cryptography, coding theory, digital communications, and random sequence generation. An LFSR generates sequences over finite fields by iteratively shifting a register of length $n$ and feeding back a linear function of its contents—the feedback polynomial—according to fixed algebraic rules. The mathematical structure, cycle properties, and spectral characteristics of LFSRs undergird their applications in pseudorandom number generation, stream ciphers, and implementation-efficient digital systems.

1. Algebraic Structure and Feedback Polynomials

An $n$ -stage LFSR over a field $K$ is defined by a state vector $s = (s_0, s_1, ..., s_{n-1}) \in K^n$ and a feedback polynomial

$f(x) = x^n + p_{n-1}x^{n-1} + \cdots + p_1x + p_0 \in K[x].$

The state evolves via the recurrence

$s_j = p_{n-1}s_{j-1} + p_{n-2}s_{j-2} + \cdots + p_0s_{j-n}$

or, equivalently, with a shift and companion matrix $L$ ,

$w_{j+1} = w_j L,$

where $L$ is an $n \times n$ matrix whose characteristic polynomial is $f(x)$ . The feedback can adopt various forms, such as the “Fibonacci” or “Galois” structure, differing in their internal wiring but equivalent under a change of basis (Capuano et al., 2020, Arnault et al., 2010).

Over finite fields, especially $\mathbb{F}_2$ , the feedback polynomial $f(x)$ determines key properties of the output sequence:

Irreducibility: Ensures nontrivial period properties.
Primitivity: If $f(x)$ is primitive, the LFSR produces a maximum-length sequence (“ $m$ -sequence”) that cycles through all possible non-zero states in $K^n$ with period $q^n-1$ ( $q=|K|$ ) (Capuano et al., 2020, 0904.1331).

2. Cycle Structure and State Space Decomposition

The theory of LFSRs over arbitrary characteristic polynomials distinguishes the role of polynomial factorization in structuring the state space into disjoint cycles. For an LFSR of characteristic polynomial

$f(x) = \prod_{i=1}^k g_i(x)^{b_i},\ \ g_i \text{ irreducible},$

each $g_i$ of degree $n_i$ and multiplicity $b_i$ , the set of all generated sequences (state space) decomposes as

$\Omega(f) = \bigoplus_{i=1}^k \Omega\bigl(g_i^{b_i}\bigr),$

where each summand is itself a (multi-)cycle system determined by the roots and multiplicities (Chang et al., 2016).

For each irreducible component $g(x)$ , the number of distinct nonzero cycles is $t = (q^{n}-1)/e$ , where $e$ is the order of a root of $g$ in $\mathbb{F}_{q^n}^\times$ . The explicit period and cycle-count formulas allow efficient cycle membership tests, explicit state representatives per cycle, and enumeration algorithms, all underpinned by the Chinese Remainder Theorem for coprime-period LFSRs (Chang et al., 2016, Chang et al., 2016).

3. Spectral Properties and Transform Domain Analysis

In the transform domain, LFSR sequences are naturally analyzed via the Discrete Fourier Transform (DFT) over extension fields. If $s_t$ is a periodic binary LFSR sequence, its DFT coefficients $S_k$ reflect deep algebraic and cryptanalytic properties:

Zeros of $S_k$ reveal annihilating polynomials.
The linear complexity equals the Hamming weight of the nonzero DFT spectrum.
The spectrum of a filter or combiner generator—obtained by nonlinear functions applied to multiple LFSR outputs—can be exploited for DFT-based attacks such as selective (targeted) spectrum recovery and initial state reconstruction (Khan et al., 2015).

The CRT organizes the shift structure of multi-LFSR combiners: cyclic shifts of constituent registers correspond to single global shifts of the output, determined uniquely modulo the least common multiple of the constituent periods. Selective DFT-based fast attacks leverage this correspondence to recover internal states efficiently under certain nonlinear combinations.

4. Special Constructions and Symmetry Properties

Capuano and Di Scala characterized LFSRs with “reflection” power symmetry: when the companion matrix $L$ satisfies $L = \tau L^n \tau$ (where $\tau$ reverses coordinates). They showed that over $\mathbb{F}_p$ , the only irreducible feedback polynomials admitting this symmetry are cyclotomic polynomials $\Phi_d(x)$ with $(d,\varphi(d))=1$ or have decompositions tightly constrained by field and order. These symmetry conditions are directly linked to the closure property $f(\alpha) = 0 \Rightarrow f(\alpha^n) = 0$ on roots, yielding precise classification and design constraints for cryptographic LFSRs (Capuano et al., 2020).

For certain singular LFSRs (e.g., $F(x_1, ..., x_n) = x_{n-1} \oplus x_n$ ), the state diagram breaks into a union of cycles and perfect binary trees, enabling new types of de Bruijn sequence constructions by controlled rewiring and conjugate-pair joining (Wang et al., 2018).

5. Cycle-Joining, de Bruijn Sequences, and Enumeration

Cycle joining (CJM) exploits the cycle structure of LFSRs with reducible or composite characteristic polynomials to merge cycles via conjugate-pair swaps, producing binary de Bruijn sequences—sequences of period $2^n$ in which every $n$ -tuple appears exactly once (Zhu et al., 2020, Chang et al., 2016, Chang et al., 2016). The adjacency graph encodes all possible conjugate pairs among cycles; spanning trees of this graph correspond to distinct de Bruijn sequences.

Key features of modern algorithms:

Explicit determination of cycle representatives via matrix mappings.
Enumeration of the number of de Bruijn sequences produced by a given LFSR system as the number of spanning trees in the adjacency graph.
Use of weight-threshold, Chinese Remainder, or structural rules to efficiently produce large families ( $\ge 2^{n-3}$ ) of inequivalent sequences, each generated with $O(n)$ per-bit complexity (Zhu et al., 2020).

In the special case of products of primitive polynomials, closed-form formulas enumerate all 4-nomial and 5-nomial sparse multiples, which directly influences the resistance of LFSR-based stream ciphers to fast correlation attacks (Takshak et al., 24 Jul 2025).

6. Applications in Pseudorandomness, Cryptography, and Hardware

LFSRs are central to keystream generation in stream ciphers, either as stand-alone maximal-length sequences or as components of filter/combiner generators (Takshak et al., 24 Jul 2025, Khan et al., 2015). Primitivity, period, and the statistics of sparse polynomial multiples fundamentally influence linear complexity and resistance to fast attacks.

Pseudorandom number generators: LFSRs combined with output extractors (e.g., von Neumann, three-bit, or run extractors) enhance linear complexity and bias removal, but with trade-offs in throughput and cryptographic strength (Nobach, 18 Apr 2024).
Hardware-aware design: In deep neural network accelerators, LFSR-based random index generation provides low-overhead, deterministic, and memory-efficient mechanisms for pruning and pseudo-randomization (Karimzadeh et al., 2019). Reversible LFSR schemes enable efficient replay of random patterns with zero additional storage (Wan et al., 2021).
Coding theory: Encoding and decoding of affine variety and algebraic geometry codes can be reduced in computational complexity via LFSR-extensions and transform maps, replacing cubic-time Gaussian elimination with $O(q n^2)$ -time algorithms (Matsui, 2012).
Sparse/LFSR design: Rational/fractional representations and random-sparse selection algorithms yield LFSRs with minimal diffusion delay, optimized for hardware or software implementation (Arnault et al., 2010).
Word-oriented (“ $\sigma$ -LFSRs”): Enumeration results relate the number of primitive word-oriented LFSRs to the statistics of Singer cycles in general linear groups, with conjectured explicit formulas linking primitive $\sigma$ -LFSRs to splitting subspaces in finite fields (0904.1331).

7. Design, Security, and Open Problems

Designing LFSRs for security and implementation efficiency involves several constraints:

Selecting primitive polynomials of large degree with few low-weight sparse multiples to resist fast correlation attacks (Takshak et al., 24 Jul 2025).
Ensuring cycle structure avoids unintended algebraic symmetries, which can collapse periods or introduce exploitable linear relations (Capuano et al., 2020).
Choosing structures and feedbacks that minimize diffusion delay for rapid mixing in hardware stream ciphers (Arnault et al., 2010).
For serious cryptographic use, LFSRs must be seeded securely, with length and feedback structure well above minimum cryptographic thresholds (Nobach, 18 Apr 2024).

Enumeration of primitive $\sigma$ -LFSRs and splitting subspaces remains an open topic, with the Zeng-Han-He conjecture (and its fiber cardinality reduction to splitting subspace counts) still unsolved in full generality (0904.1331).

References:

(Capuano et al., 2020) Capuano, Di Scala, "A note on cyclotomic polynomials and Linear Feedback Shift Registers"
(Chang et al., 2016) Ma, Wei, "The Cycle Structure of LFSR with Arbitrary Characteristic Polynomial over Finite Fields"
(Khan et al., 2015) Khan, Asim, et al., "Transform Domain Analysis of Sequences"
(Arnault et al., 2010) Arnault, Berger, Minier & Pousse, "Revisiting LFSMs"
(Matsui, 2012) Matsui, "Lemma for Linear Feedback Shift Registers and DFTs Applied to Affine Variety Codes"
(Takshak et al., 24 Jul 2025) "The Exact Enumeration of 4-nomial and 5-nomial Multiples of the Product of Primitive Polynomials over GF(2)"
(Zhu et al., 2020) Huang, Mauduit, Wang, "An Efficiently Generated Family of Binary de Bruijn Sequences"
(Chang et al., 2016) Chang, Qi, Li, "Construction of de Bruijn Sequences from Product of Two Irreducible Polynomials"
(Chang et al., 2016) Chang, Qi, Li, "On Binary de Bruijn Sequences from LFSRs with Arbitrary Characteristic Polynomials"
(Wang et al., 2018) Wang, Sun, Zhang, "State Diagrams of a Class of Singular LFSR and Their Applications to the Construction of de Bruijn Cycles"
(0911.04468) "Hardware-aware Pruning of DNNs using LFSR-Generated Pseudo-Random Indices"
(Wan et al., 2021) "Shift-BNN: Highly-Efficient Probabilistic Bayesian Neural Network Training via Memory-Friendly Pattern Retrieving"
(Nobach, 18 Apr 2024) "Pseudo-random generators using linear feedback shift registers with output extraction"
(0904.1331) Ghorpade, Hasan, Kumari, "Primitive Polynomials, Singer Cycles, and Word-Oriented Linear Feedback Shift Registers"