A New Approach to Determine the Minimal Polynomials of Binary Modified de Bruijn Sequences

A binary modified de Bruijn sequence is an infinite and periodic binary sequence derived by removing a zero from the longest run of zeros in a binary de Bruijn sequence. The minimal polynomial of the modified sequence is its unique least-degree characteristic polynomial. Leveraging on a recent characterization, we devise a novel general approach to determine the minimal polynomial. We translate the characterization into a problem of identifying a Hamiltonian cycle in a specially constructed graph. Along the way, we demonstrate the usefullness of computational tools from the cycle joining method in the modified setup.


Introduction
Given a positive integer n, a binary de Bruijn sequence of order n is an infinite sequence over F 2 with period 2 n .Each binary n-tuple appears exactly once per period.Much has been done in the studies of such sequences.One can start from a primitive polynomial p(x) ∈ F 2 [x] with deg(p(x)) = n.The linear feedback shift register (LFSR) whose characteristic polynomial is p(x) produces a maximum length sequence m, also known as an m-sequence, of period 2 n − 1. Appending a 0 to the longest run of zeroes in m results in a de Bruijn sequence.
We know from [1], which independently rediscovered the result in [2], that the number of binary de Bruijn sequences of order n is 2 2 n−1 −n .The number of primitive polynomial over F 2 is n −1 ϕ(2 n − 1), where ϕ(•) is the Euler totient function.The number of de Bruijn sequences from the set of all primitive polynomials becomes miniscule compared to 2 2 n−1 −n as n grows.
There are other methods than the route via m-sequences.Interested readers may want to consult Fredricksen's survey [3] and more recent works, such as the ones by Chang, Ezerman, Ling, and Wang in [4], by Gabric, Sawada, Williams, and Wong in [5], and in many of their respective references.
The sequence m produced by a primitive polynomial p(x) can also be seen as a modification of the corresponding de Bruijn sequence by removing a 0 from the longest run of zeros.We call a sequence modified from any de Bruijn sequence by such removal of a 0 a modified de Bruijn sequence.
A measure of predictability of a sequence is given by its linear span or linear complexity.It is defined to be the degree of the shortest linear recursion or minimal polynomial that produces the sequence.The higher the span is the less predictable the sequence becomes.For cryptographic applications, for example, sequences with large spans are desirable.
The respective minimal and maximal values for the linear span of de Bruijn sequences are 2 n−1 + n and 2 n − 1, for n ≥ 3.This fact and further results on the distribution of the linear span values can be found in [6].The extremal values were initially established as bounds in [7], where the upper bound was then shown to be achievable.Etzion and Lempel showed how to construct de Bruijn sequences of minimal span in [8].
Let s denote a modified binary de Bruijn sequence of order n and period 2 n − 1.Let s be its corresponding de Bruijn sequence.One often prefers using s, instead of s, since the presence of the all zero string of length n can be undesirable.On the other hand, there are instances when s has an optimal linear complexity but s performs poorly in this measure.
Much less is known regarding the minimal polynomials of modified de Bruijn sequences.An early work on this topic was done by Mayhew and Golomb in [9].Subsequent works by Kyureghyan in [10], by Tan, Xu, and Qi in [11], and a more recent one by Wang, Cheng, Wang, and Qi in [12] have not managed to supply any systematic method to determine the minimal polynomials.
For any n ≥ 4, let Ω be the set of all nonzero polynomials of degree < n, that is, In this work, we propose a general method to design the minimal polynomial of a modified de Bruijn sequence.To briefly outline our method, we defer the formal definition of terms related to polynomials to Section 2. We pick up from where the work by Tan et al. in [11] ends.In particular, we rely on the following useful characterization.
of degree m is the minimal polynomial of a modified de Bruijn sequence of order n if and only if the following conditions hold: 1.The polynomial f (x) satisfies Theorem 1 requires the two polynomials f (x) and g(x) not only to satisfy their respective conditions in ( 2) and ( 3), but also to simultaneously meet the requirements in ( 4) and (5) with Ω as defined in (1).
Our first step is to posit an auxiliary self-reciprocal polynomial by taking the product of all elements in the set Since the product of all irreducible polynomials whose degrees divide n is x 2 n + x and the only irreducible polynomials of degree 1 are x and x + 1, it is clear that .
The next move is to transform the problem of finding a suitable g(x) into a problem of determining a Hamiltonian cycle H in a specially constructed graph Γ n .We give a systematic way to determine g(x).The details are to be covered in Sections 3 and 4.
Our main contributions 1.For a given n ≥ 3, we construct a graph Γ n with the property that every Hamiltonian cycle H in Γ n corresponds to a modified de Bruijn sequence.We then propose basic algorithms to identify numerous Hamiltonian cycles in Γ n .

To each Hamiltonian cycle
3. We supply basic computational tools as proofs of concept.

Preliminaries
Let s := s 0 , s 1 , . . .be an infinite sequence over a given finite field F q .If there is a positive integer N for which N is the smallest number such that s i = s i+N for all i ≥ 0, then s is an N -periodic sequence and we write s = (s 0 , s 1 , . . ., s N −1 ).Such an N is the period per(s) of s.The sum of two infinite sequences s := s 0 , s 1 , . . .and t := t 0 , t 1 , . . .over the same finite field is s + t = s 0 + t 0 , s 1 + t 1 , . . .and the scalar multiple c s with c ∈ F q is simply c s 0 , c s 1 , . ... Henceforth, unless otherwise stated, all sequences in this work are binary, that is, q = 2.
Let L be the (left) shift operator that sends By convention L 0 fixes the sequence.Two sequences a and b are called distinct or (cyclically) inequivalent if one is not the cyclic shift of the other, that is, there is no integer k ≥ 0 such that a = L k b.
A monic polynomial f (x) in the ring of binary polynomials F 2 [x] of indeterminate x is a characteristic polynomial of s = (s 0 , s 1 , . . ., s N −1 ) if f (L)(s) = (0, 0, . . ., 0).One can then call s a linear feedback shift register (LFSR) sequence.As an LFSR sequence, s may have many characteristic polynomials.We identify the unique characteristic polynomial m s (x) of least degree as its minimal polynomial.Any characteristic polynomial of s is divisible by m s (x).
The minimal polynomial of a sequence gives the sequence's measure of predictability.The degree ∆ := ∆ s = deg(m s (x)) is the linear complexity or the linear span of s.Knowing any ∆-tuple in s allows us to reconstruct s completely.The zero sequence has linear span 0.
The reciprocal polynomial of a(x) A polynomial is self-reciprocal if it is its own reciprocal.The order of a(x), denoted by ord(a(x)), is the least positive integer λ for which a(x) divides x λ − 1.The minimal polynomial of an N -periodic sequence has order N .We will use the rational fraction representation of any s = (s 0 , s 1 , . . ., s N −1 ).Further details can be found in [13,Chapter 6 Section 3].The generating function of s is the element in the ring of formal power series over F 2 .Since s is periodic, it can be represented as a rational function with f (x) and g(x) in The minimal polynomial m s (x) of s is the reciprocal f * (x) of the denominator f (x) in (11).The converse also holds.For any f (x) and g(x) in F 2 [x] satisfying (12), there exists a periodic sequence s for which (11) holds.The requirement that gcd(g(x), f (x)) = 1 is not strictly necessary.Indeed, there will be occasions in the sequel that we relax this condition and allow for a rational function representation s(x) with gcd(g(x), f (x)) = d(x) = 1.The context will make it clear whether the representation is the simplest one or the more relaxed version.
Theorem 2. [7, Section 2] If a is binary de Bruijn sequence, then the minimal polynomial of a has the form a(x) = (x + 1) z for some integer z satisfying Let I(n) denote the number of binary irreducible polynomials of degree n in F 2 [x].Let µ(n) be the Möbius function.Gauss' general formula [13,Theorem 3.25] says that . Sequence A001037 in [14] lists I(n).
Theorem 3. [9, Theorem 2] Let s be a de Bruijn sequence of order n ≥ 4 whose modified sequence is s.Then Let s be a modified de Bruijn sequence of order n.For small values of n, it is known If s is not an m-sequence, then we know from [12, Corollary 3] that ∆ s > 5  4 n.We now recall useful results on the rational fraction representations of modified de Bruijn sequences over F q established by Tan et al. in [11].For any nonnegative integer k, the k-shifted sequence of a = (a 0 , a 1 , . . ., a N −1 ) is The set of all shifted sequences of a is L k a : 0 ≤ k < N .
Lemma 4. [11, Lemma 3.5] Let a = (a 0 , a 1 , . . ., a N −1 ) be a given N -periodic sequence with rational fraction representation g(x) f (x) .Then, for any 0 ≤ k < N , the rational fraction representation of its k-shifted sequence L k a is Lemma 5. [11,Lemma 3.6] Let a = (a 0 , a 1 , . . ., a 2 n −2 ) be a sequence of period as its rational fraction representation.Then a is a modified de Bruijn sequence of order n if and only if Lemma 5 asserts that a is a modified de Bruijn sequence if and only if g k (x) (mod x n ) traverses all nonzero polynomials of degree less than n as k goes from 0 to 2 n − 2. The preparation in Lemmas 4 and 5 leads to Theorem 1 in the introduction.
We use graph theoretic notions commonly defined in standard textbooks.A directed gaph or a digraph is an ordered pair G := (V, E) where V is a set of vertices and E a set of ordered pairs called directed edges or arcs.In this work, a digraph does not have multiple arcs on the same ordered pair of vertices, altough it may contain a loop.A Hamiltonian path (cycle) is a path (cycle) that visits every vertex exactly once, with each arc traced according to its direction.We will often use the terms Hamiltonian cycle and Hamiltonian path interchangably, without causing ambiguity or losing generality.

From Polynomials to Directed Graphs
From the work of Mayhew and Golomb in [9] we know that the minimal polynomial of modified binary de Bruijn sequences of order n is a product of distinct irreducible polynomials of degree d = 1, with d | n.Setting aside the m-sequences built from primitive polynomials of degree n, there had not been any systematic way to determine the minimal polynomial of a given modified de Bruijn sequence.
Not all possible values given in (13) are in fact the actual values of the linear span.For n = 5, for instance, there is no modified binary de Bruijn sequence with minimal polynomial f (x) = (x 5 + x 2 + 1)(x 5 + x 3 + 1) although this degree 10 polynomial is a product of distinct irreducible polynomials of degrees dividing 5.The degrees taken by the actual minimal polynomials for n ∈ {4, 5, 6} are listed in Table 1.Example 2. For n = 4 there are exactly 10 modified de Bruijn sequences having the maximal linear span 14.Their minimal polynomial is F (x) = 1 + x + x 3 + . . .+ x 14 .The 10 polynomials g(x) that, each, satisfies the requirements in Theorem 1 with F (x) taking the place of f (x), are given in Table 2. Performing long division, we easily confirm that the first entry in Table 2 with g(x) = x 10 + x 8 + x 5 + x + 1 has a representation g(x) F (x) = 1 + x 2 + x 5 + x 6 + x 8 + x 9 + x 10 + x 11 + x 15 g(x) F (x) , corresponding to the modified de Bruijn sequence (1, 0, 1, 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0).The rest of the entries can be similarly interpreted.

g(x)
Modified de Bruijn Sequence s g(x) Modified de Bruijn Sequences We define a digraph (directed graph) Γ n (V, E), or simply Γ when n is clear from the context, based on the set Ω in (1) as follows.We associate each nonzero polynomial with the n-string a := a n−1 , a n−2 , . . ., a 1 , a 0 and its integer representation Hence, there is a one-to-one correspondence between elements in Ω and the integers in {1, 2, . . ., 2 n −1}, which we use as the vertex set V .Let a(x), b(x) ∈ Ω be seen as vertices A, B ∈ V .We add an arc from A to B if and only if The arc governed by ( 16) is from A to B := 2A (mod (2 n − 1)) while the one defined by ( 17) is from A to B := (2 n − 1) − (2A (mod (2 n − 1))).We call the former the doubling arc, marked in blue and labelled by a 0, and the latter the double-then-complement arc, marked in red and labelled by a 1.For brevity, the names are abbreviated to double and complement arcs.
The outdegree of each vertex is 2, except for the vertex 2 n−1 whose outdegree is 1 since 0 / ∈ Ω.This vertext has only a red arc to its complement vertex 2 n − 1.Each vertex has indegree 2, except for the vertex 2 n − 1 whose only inbound edge comes from 2 n−1 .There is a loop from vertex A to itself if and only if 3A = 2 n − 1.This vertex is clearly unique.The graph Γ n is simple for all n such that 3 ∤ (2 n − 1).
Example 3. The graph Γ 4 is in Figure 1 Top.The loop is from A = 5 to itself.
x i as in (6).The indexed set forms a walk generated by g(x) and we say that g(x) generates the walk W g .
Our task is to identify polynomials g(x), with g(0) = 1 and gcd(g(x), F (x)) = d(x), that generate Hamiltonian cycles in Γ n .Once such a g(x) is found, Theorem 1 concludes is the minimal polynomial of a modified binary de Bruijn sequence.

Hamiltonian Cycles in Γ n
Deciding whether a directed graph is Hamiltonian is hard.A survey on this topic was done by Kühn and Osthus in [15].Further references and discussion can be found in [16,Section 6.1].Fortunately, Γ n has many nice properties that allow us to explicitly determine some Hamiltonian cycles for all n.

Hamiltonian Cycles by Two Greedy Algorithms
Inspired by some greedy algorithms in the construction of certain classes of de Bruijn sequences discussed by Chang, Ezerman, and Fahreza in [17], we devise two basic algorithms.Algorithm 1 prefers the complement over the double arcs when moving from the current vertex to the next vertex.Algorithm 2 swaps the preference, with a modification imposed to avoid the inclusion of 0, since 0 / ∈ Ω.The two algorithms produce paths, starting from an initial vertex v init .While each initial vertex produces a path, only several of them lead to Hamiltonian cycles.Table 3 lists the Hamiltonian cycles produced for n ∈ {4, 5, 6}.
reasoning.To identify Hamiltonian cycles beyond those produced by the two algorithms, we establish a general result on the paths produced by Algorithm 1.The result will be used in the next subsection to identify many more Hamiltonian cycles in Γ n by cycle joining.
Theorem 6.Let V (Γ n ) := {1, . . ., 2 n − 1}.Given an indexed set whose elements are vertices in Γ n in the form of let Ψ be a mapping on Θ defined by, for Then Ψ is a permutation on Θ.
Proof.We show that Ψ is a bijection on Θ.It is immediate to verify that there exist Thus, Ψ is injective.Let α be an arbitrarily selected element of Θ.If α is even, then there exists an integer k ∈ 1, 2, . . ., 2 n −2 2 such that α = 2k.Hence, either Ψ(k) = α or Ψ(k + 2 n−1 ) = α.If α is odd, then there exists an integer t ∈ 0, 1, 2, . . ., We conclude that Ψ is surjective and the proof is now complete.Since the function Ψ in ( 19) is a permutation on a finite set Θ, then Ψ can be written as a composition of j disjoint cycles Definition 2. Let (α k,1 , α k,2 , . . ., α k,ℓ ) be a cycle C k generated by Ψ.We say that C k starts at α k,1 and ends at α k,ℓ since, by then, both possible images Ψ(α k,ℓ ), one of which being α k,1 , have all appeared.The elements α k,1 and α k,ℓ are, respectively, the starting element and the terminating element of C k .
Lemma 7. Let the indexed set Θ and the function Ψ be as defined in Theorem 6.Let γ ∈ Θ be an even number which is not a starting element in any cycle.Then the complement 2 n − 1 − γ of γ is an odd number that occurs before γ in the said cycle.
Proof.By how Ψ is defined and since γ ∈ Θ is not the starting element, it is impossible for γ to appear in the cycle before its complement, which is an odd number.
By the time both 2 n −1−2β and 2β appear in a cycle C, we know that both β and β +2 n−1 must have appeared earlier.
Proof.Since Ψ is bijective, the appearance of both 2 n − 1 − 2β and 2β requires prior inclusion of both possible predecessors in the cycle.
The conclusion that Γ n is Hamiltonian for all n ≥ 4 follows from the next theorem.
Theorem 9. Let the set Θ and function Ψ be as defined in Theorem 6.The function Ψ produces a single cycle of length 2 n − 1 that starts at 1 and ends at 2 n − 1.
Proof.Let C be the circle ( Consider the shift-equivalent cycle ( For a contradiction, let us assume that α = 2 n−1 − 1.Since 1 has already appeared in C, the only other possible successor of 2 n−1 − 1, namely 2 n − 2, must have appeared in C. The two possible predecessors of 2 n − 2 are 2 n−1 − 1 and 2 n − 1.Hence, C must have the form On the other hand, since 2 n−1 − 1 is both an odd number and the terminating element, its complement, namely 2 n−1 , must not have appeared in C.But this rules out 2 n − 1 from C as well, contradicting (24).Thus, the terminating element must be α = 2 n − 1.
We now show that all elements of Θ appear in C. The computations are done modulo 2 n .It is clear that δ = 2 n−1 , since it is the only preimage of 2 n − 1.Hence, we have Aided by Lemmas 7 and 8, we proceed by induction to confirm that each even number 2 ≤ k ≤ 2 n − 2 appears.
Lemma 7 ensures the appearance of each odd number j such that 3 ≤ j ≤ (2 n − 3), completing the proof.
Corollary 10.The graph Γ n for each n ≥ 4 is Hamiltonian.

More Hamiltonian Cycles by Cycle Joining
Theorem 9 guarantees that, starting from v init = 1, Algorithm 1 produces a cycle of length 2 n − 1.However, for most other v init , we obtain disjoint cycles as in (22) with j > 1.The following lemma gives a condition for when two disjoint cycles can be joined into a longer cycle.Theorem 12.If Ψ generates disjoint cycles as in ( 22), then all of the cycles can be joined into a single cycle of length 2 n − 1.
Proof.If Ψ generates only one cycle, then it is clear that the length of the cycle must be 2 n − 1. Suppose that Ψ generates at least two cycles and we take any cycle C.It suffices to show that there exists c ∈ C whose complement c := 2 n − 1 − c does not appear in C. For a contradiction, let there be no such element.Hence, every element in C has its complement in C, that is, c ∈ C for any c ∈ C. By definition, exactly one of either c or c is an even number e. Therefore, the predecessors of c and c, namely, k := e 2 and 2 n−1 + k also appear in C. Following this fact, all integers in {1, 2, .., 2 n − 1} appear in C.This contradicts the assumption that Ψ generates two or more cycles.13  We can implement Theorem 12 and enumerate the number of resulting Hamiltonian cycles that can be constructed by adopting the cycle joining method from the theory of feedback shift registers.
Let Ψ be expressed in terms of its disjoint cycles as in (22).For distinct 1 ≤ i = k ≤ j, let τ i,k := (r, s) denote r ∈ C i and s ∈ C k with r + s = 2 n − 1.The tuple joins C i and C k by interchanging the respective predecessors of r and s.
To count the number of inequivalent Hamiltonian cycles that can be produced from Ψ, we build the associated undirected multigraph G Ψ as follows.The vertices are C 1 , . . ., C j .We add an edge labelled (r, s) between C i and C k whenever there is a pair (r, s) with the property that r ∈ C i , s ∈ C k , and r + s = 2 n − 1.The graph G Ψ has no loops but may have multiple edges connecting the same pair of vertices.The number of Hamiltonian cycles that can be constructed in this manner is equal to the number of subgraphs of G Ψ which are rooted spanning trees.
The following well-known counting formula is a variant of the BEST (de Bruijn, Ehrenfest, Smith, and Tutte) Theorem.More detail on graphical approaches to the generation of full cycles, including the BEST Theorem and its history, can be found in [3,Section 2].The cofactor of entry m i,k in a matrix M := (m i,k ) is (−1) i+k times the determinant of the matrix obtained by deleting the i th row and k th column of M .Theorem 13. (BEST) Let V := {C 1 , . . ., C j } be the vertex set of G Ψ .Let M = (m i,k ) be the j × j matrix derived from G Ψ in which m i,i is the number of edges incident to C i and m i,k is the negative of the number of edges between vertices C i and C k for i = k.Then the number of rooted spanning trees of G Ψ is the cofactor of any entry of M .Example 5. A randomized instance for n = 4 picks Ψ = (6, 3, 9, 13, 5, 10, 11) • (4, 7, 1, 2) • (14,12,8,15).
We label the cycles from left to right as C 1 , C 2 , and C 3 to get the associated graph G Ψ in Figure 3.
The associated matrix is By BEST Theorem, there are 8 Hamiltonian cycles that can be constructed from Ψ.

The Canonical Generator Polynomial
In this section we show that there exists a canonical generator c H (x) ∈ F 2 [x] for every Hamiltonian cycle H ∈ Γ n .
The de Bruijn graph, denoted by B n or simply B when n is understood, is also known as the Good graph and de Bruin-Good graph.It was introduced independently by de Bruijn in [1] and by Good in [18].Its set of vertices consists of binary n-strings An arc from vertex c 1 , c 2 , . . ., c n to vertex c 2 , c 3 , . . ., c n+1 is labelled 0 and 1, respectively, if c n+1 = 0 and c n+1 = 1.Theorem 14.If H is a Hamiltonian cycle in Γ n , then H corresponds to a modified binary de Bruijn sequence.
Proof.We revert back to the binary string representation of the vertices in Γ n .Let e 1 , e 2 , . . ., e 2 n −1 be the labels, each is either 0 or 1, on the ordered arcs in H.If e i = 0, then the i th arc connects the exact same pair of vertices in both Γ n and in the original de Bruijn graph B n .Moreover, if e j = 1, then it corresponds to an arc with label 1 in B n .Thus, the sequence (e 1 , e 2 , . . ., e 2 n −1 ) that corresponds to H is a modified de Bruijn sequence.
Corollary 15.If H is a Hamiltonian cycle in Γ n , then there exists a polynomial g(x) ∈ F 2 [x] that generates H.The consecutive elements in Proof.Since H is a Hamiltonian cycle in Γ n , it corresponds to a modified binary de Bruijn sequence s which can be represented as g(x) F (x) , with deg(g(x)) < 2 n − 2. Lemma 5 ensures the existence of the required g(x) and, by Definition 1, g(x) generates H.
generates the Hamiltonian cycle H in Figure 1 Bottom.
Thus, deg(g u (x)) = 2 n − n − 2. By Corollary 15 and Definition 3, we confirm that g k (x) is precisely c H (x) of s.
This work has, thus, provides a systematic method to determine the minimal polynomial of a modified binary de Bruijn sequence.As a concluding remark we highlight that if one can, for any n ≥ 3, characterize the occasions for which gcd((c H (x), F (x)) = 1, then we can confirm that there exist modified de Bruijn sequences with maximal complexity 2 n − 2. Computational evidences for small values of n strongly suggest that most modified de Bruijn sequences have maximal complexity.Determining a closed formula for the number of such sequences is a worthy research challenge to solve.

Figure 3 :
Figure 3: The associated graph G Ψ for Example 5.

Definition 3 .
Let H be a Hamiltonian cycle in Γ n .The polynomial with the least degree ℓ among all of the polynomials that generate H is the canonical generator c H (x) of H. Theorem 17.Let n ≥ 4 be given and let g(x) F (x) be a rational fraction representation of a modified binary de Bruijn sequence s.Then, there exists a polynomial g k(x) ∈ F 2 [x] of degree 2 n − n − 2 such that g k (x) F (x)is a rational fraction representation of the k-shifted sequence L k s for some 0 ≤ k < N .The polynomial g k (x) is the canonical generator of the Hamiltonian cycle H that corresponds to s.Proof.We claim that deg(g k (x)) ≥ 2 n − n − 2. Suppose, on the contrary, that there exists some r, with 0 ≤ r < 2 n − 1, such that deg(g r (x)) < 2 n − n − 2. Let [n − r] := n − r if n ≥ r, n − r + 2 n − 1 if n < r.

Table 4
list them.All but one of the sequences have maximal linear complexity 14.