Linear-feedback shift register


In computing, a linear-feedback shift register is a shift register whose input bit is a linear function of its previous state.
The most commonly used linear function of single bits is exclusive-or. Thus, an LFSR is most often a shift register whose input bit is driven by the XOR of some bits of the overall shift register value.
The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a well-chosen feedback function can produce a sequence of bits that appears random and has a very long cycle.
Applications of LFSRs include generating pseudo-random numbers, pseudo-noise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.
The mathematics of a cyclic redundancy check, used to provide a quick check against transmission errors, are closely related to those of an LFSR. In general, the arithmetics behind LFSRs makes them very elegant as an object to study and implement. One can produce relatively complex logics with simple building blocks. However, other methods, that are less elegant but perform better, should be considered as well.

Fibonacci LFSRs

The bit positions that affect the next state are called the taps. In the diagram the taps are . The rightmost bit of the LFSR is called the output bit, which is always also a tap. To obtain the next state, the tap bits are XOR-ed sequentially; then, all bits are shifted one place to the right, with the rightmost bit being discarded, and that result of XOR-ing the tap bits is fed back into the now-vacant leftmost bit. To obtain the pseudorandom output stream, read the rightmost bit after each state transition.
  • A maximum-length LFSR produces an m-sequence, unless it contains all zeros, in which case it will never change.
  • As an alternative to the XOR-based feedback in an LFSR, one can also use XNOR. This function is an affine map, not strictly a linear map, but it results in an equivalent polynomial counter whose state is the complement of the state of an LFSR. A state with all ones is illegal when using an XNOR feedback, in the same way as a state with all zeroes is illegal when using XOR. This state is considered illegal because the counter would remain "locked-up" in this state. This method can be advantageous in hardware LFSRs using flip-flops that start in a zero state, as it does not start in a lockup state, meaning that the register does not need to be seeded in order to begin operation.
The sequence of numbers generated by an LFSR or its XNOR counterpart can be considered a binary numeral system just as valid as Gray code or the natural binary code.
The arrangement of taps for feedback in an LFSR can be expressed in finite field arithmetic as a polynomial mod 2. This means that the coefficients of the polynomial must be 1s or 0s. This is called the feedback polynomial or reciprocal characteristic polynomial. For example, if the taps are at the 16th, 14th, 13th and 11th bits, the feedback polynomial is
The "one" in the polynomial does not correspond to a tap – it corresponds to the input to the first bit. The powers of the terms represent the tapped bits, counting from the left. The first and last bits are always connected as an input and output tap respectively.
The LFSR is maximal-length if and only if the corresponding feedback polynomial is primitive over the Galois field GF. This means that the following conditions are necessary :
  • The number of taps is even.
  • The set of taps is setwise co-prime; i.e., there must be no divisor other than 1 common to all taps.
Tables of primitive polynomials from which maximum-length LFSRs can be constructed are given below and in the references.
There can be more than one maximum-length tap sequence for a given LFSR length. Also, once one maximum-length tap sequence has been found, another automatically follows. If the tap sequence in an n-bit LFSR is, where the 0 corresponds to the x0 = 1 term, then the corresponding "mirror" sequence is. So the tap sequence has as its counterpart. Both give a maximum-length sequence.
An example in C is below:

  1. include
unsigned lfsr_fib

If a fast parity or popcount operation is available, the feedback bit can be computed more efficiently as the dot product of the register with the characteristic polynomial:
  • bit = parity;, or equivalently
  • bit = popcnt /* & 1u */;.
If a rotation operation is available, the new state can be computed as
  • lfsr = rotateright | ;, or equivalently
  • lfsr = rotateright ^ lfsr, 1);
This LFSR configuration is also known as standard, many-to-one or external XOR gates. The alternative Galois configuration is described in the next section.

Example in Python

A sample python implementation of a similar Fibonacci LFSR would be

start_state = 1 << 15 | 1
lfsr = start_state
period = 0
while True:
# taps: 16 15 13 4; feedback polynomial: x^16 + x^15 + x^13 + x^4 + 1
bit = ^ ^ ) & 1
lfsr = |
period += 1
if lfsr start_state:
print
break

Where a register of 16 bits is used and the xor tap at the fourth, 13th, 15th and sixteenth bit establishes a maximum sequence length.

Galois LFSRs

Named after the French mathematician Évariste Galois, an LFSR in Galois configuration, which is also known as modular, internal XORs, or one-to-many LFSR, is an alternate structure that can generate the same output stream as a conventional LFSR. In the Galois configuration, when the system is clocked, bits that are not taps are shifted one position to the right unchanged. The taps, on the other hand, are XORed with the output bit before they are stored in the next position. The new output bit is the next input bit. The effect of this is that when the output bit is zero, all the bits in the register shift to the right unchanged, and the input bit becomes zero. When the output bit is one, the bits in the tap positions all flip, and then the entire register is shifted to the right and the input bit becomes 1.
To generate the same output stream, the order of the taps is the counterpart of the order for the conventional LFSR, otherwise the stream will be in reverse. Note that the internal state of the LFSR is not necessarily the same. The Galois register shown has the same output stream as the Fibonacci register in the first section. A time offset exists between the streams, so a different startpoint will be needed to get the same output each cycle.
  • Galois LFSRs do not concatenate every tap to produce the new input, thus it is possible for each tap to be computed in parallel, increasing the speed of execution.
  • In a software implementation of an LFSR, the Galois form is more efficient, as the XOR operations can be implemented a word at a time: only the output bit must be examined individually.
Below is a C code example for the 16-bit maximal-period Galois LFSR example in the figure:

  1. include
unsigned lfsr_galois

The branch if lfsr ^= 0xB400u;can also be written as lfsr ^= & 0xB400u; which may produce more efficient code on some compilers. In addition, the left-shifting variant may produce even better code, as the msb is the carry from the addition of lfsr to itself.

Galois LFSR parallel computation

State and resulting bits can also be combined and computed in parallel. The following function calculates the next 64 bits using the 63-bit polynomial :

  1. include
uint64_t prsg63

Non-binary Galois LFSR

Binary Galois LFSRs like the ones shown above can be generalized to any q-ary alphabet . In this case, the exclusive-or component is generalized to addition modulo-q, and the feedback bit is multiplied by a q-ary value, which is constant for each specific tap point. Note that this is also a generalization of the binary case, where the feedback is multiplied by either 0 or 1. Given an appropriate tap configuration, such LFSRs can be used to generate Galois fields for arbitrary prime values of q.

Xorshift LFSRs

As shown by George Marsaglia and further analysed by Richard P. Brent, linear feedback shift registers can be implemented using XOR and Shift operations. This approach lends itself to fast execution in software because these operations typically map efficiently into modern processor instructions.
Below is a C code example for a 16-bit maximal-period Xorshift LFSR using the 7,9,13 triplet from John Metcalf:

  1. include
unsigned lfsr_xorshift

Matrix forms

Binary LFSRs of both Fibonacci and Galois configurations can be expressed as linear functions using matrices in . Using the companion matrix of the characteristic polynomial of the LFSR and denoting the seed as a column vector, the state of the register in Fibonacci configuration after steps is given by
Matrix for the corresponding Galois form is :
For a suitable initialisation,
the top coefficient of the column vector :
gives the term of the original sequence.
These forms generalize naturally to arbitrary fields.