SECURITY OF MULTIDIMENSIONAL ARRAYS

FIELD OF THE INVENTION

The present invention relates to the security of multidimensional, multi- periodical arrays. In particular, embodiments of the present invention relate to methods and apparatus for determining the security of two, three and higher dimensional encoding arrays, which can be used for applications including, but not limited to watermarking, digital communications and encryption.

BACKGROUND

Patent application PCT/AU2010/000990 entitled "Digital Watermarking" discloses the Applicant's processes that produce new multi-dimensional and multi-periodical arrays which have numerous areas of application including watermarking for use in multimedia applications, where the multi-dimensional nature of watermarking has been desirable, but not generally available. The media and entertainment industry, for example, is asking for digital watermarks for images, audio, video, and synchronized video-audio applications. Authorised copies of digital media are imprinted with a watermark, which identifies the owner of a specific copy. Good watermarks imply that even if users collude in trying to erase the watermark, the copy would retain enough information to track down the original owner, in case the file is copied and distributed. Additionally, watermarks are applied to measure audiences and penetration. PCT/AU2010/000990 presents methods of array construction which can be generalized to any number of dimensions. They are based on composing a shift sequence with a column sequence/array and suitable choices of shift sequences and column sequences/arrays for digital watermarking applications are disclosed in PCT/AU2010/000990.

The Applicant's patent application PCT/AU2012/001473 entitled "Algebraic Generator of Sequences for Communication Signals" discloses families of sequences derived from the work disclosed in PCT/AU2010/000990, which can be unfolded into one dimension using the Chinese remainder Theorem (CRT) and have the best normalized linear complexity in one dimension. Linear complexity is the most respected measure of how complex a one dimensional sequence can be. For one dimensional sequences, a measure of linear complexity is simply the degree of the minimum recursion polynomial which can be used to construct the sequence.

High linear complexity is desirable for video watermarks because usually there are parts of a video which have low contrast within a frame or have regions which change slowly with time. This exposes sections of a watermark to an attacker, who may try to reverse engineer the whole watermark from such sections. Similar comments apply to audio and still images.

High linear complexity may also be desirable in many other applications, including, but not limited to, optical orthogonal codes, acoustics, such as acoustic diffusers, correlated magnetics, x-ray image reconstruction and structured light, and crypto systems.

However, there is no universal measure of the security of arrays for such applications, and in particular no standard measure for multidimensional arrays. Another problem is that known linear complexity measures vary upon the application of upwards dimensional transformations, such as folding and upon the application of downwards dimensional transformations, such as unfolding using the Chinese Remainder Theorem. Therefore, the various industries are unable to assess the levels of security provided by the different watermarking, encoding etc. methods.

OBJECT OF THE INVENTION

It is a preferred object of the present invention to provide a method and/or an apparatus and/or a system for determining the security of multi- dimensional encoding arrays, and in particular two, three and higher- dimensional encoding arrays having high linear complexity that at least provide a useful commercial alternative to existing methods and/or apparatus and/or systems for determining the security of multi-dimensional encoding arrays.

SUMMARY OF THE INVENTION

Generally, the present invention relates to methods and apparatus for determining the security of multi-dimensional encoding arrays used for applications such as, but not limited to multimedia watermarking, mobile communications, radar, sonar, ultrasound and cryptography. Embodiments of the methods include the generation of two, three and higher-dimensional constructions based on logarithmic and exponential quadratic maps, rational function maps and Legendre arrays. Several methods of constructing arrays and families of arrays are provided with unprecedented security according to the measurement protocols described in this application.

According to one aspect, but not necessarily the broadest aspect, the present invention resides in a method of measuring a level of security of an n- dimensional encoding array u, irrespective of the value of n, the method comprising:

computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials;

determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the

Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.

The measure of the level of security is invariant irrespective of one or more of the following: the choice of Groebner basis; the number of valid polynomials; the dimensionality of the array; the size of the array.

Preferably, the method further comprises determining the set of valid polynomials for the encoding array u one of the following: the Berlekamp- Massey-Sakata algorithm; Rubio's analog to the Sweedler-Taylor algorithm; any other accelerated algorithm.

Preferably, an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem (CRT) retains the same linear complexity when its dimensionality is altered.

Suitably, the n-dimensional encoding array u is generated by:

raising the powers of a primitive element in Finite Field GF(p ²ⁿ ) to all its powers in a grid table;

applying a logarithmic mapping to the grid table to generate a shift array;

applying a column sequence below every entry in the shift array to generate an impulse column array; and

replacing the columns of the impulse column array with a commensurate Sidelnikov sequence to produce the three-dimensional encoding array over +1 ,-1 , and 0.

Suitably, the step of replacing the columns of the impulse column array comprises cyclically shifting a ternary Sidelnikov sequence of length p ² - 1 using a shift sequence s; belonging to each co-ordinate on the grid table.

Suitably, the n-dimensional encoding array u is generated by:

raising the powers of a primitive element in Finite Field GF(p ⁿ ) to all its powers in a grid table;

applying an exponential, logarithmic, or rational mapping to the grid table to generate a shift array; and

applying the shift array to a commensurate Legendre array to produce the three-dimensional encoding array.

Suitably, the n-dimensional encoding array u is constructed over a binary alphabet, an alphabet over higher roots of unity possibly including 0 and commensurate with the structure of the Finite Field of characteristic p.

Suitably, the n-dimensional encoding array u is generated by mapping all the elements of the finite field GF(p ^m ) onto an m-dimensional grid, particularly for cases where m is even, where this results in the construction of families of arrays with optimum cross-correlation and auto-correlation and linear complexity higher than has been achieved until now.

Suitably, for an n-dimensional array with periods Ti,...T _n constructed in accordance with the claimed methods described in PCT/AU2010/000990 and/or PCT/AU2012/001473, the linear complexity is greater than or equal to Ti T2... Tn/2 for large enough Ti,.. T _n . Suitably, for an n-dimensional array with periods Ti,...T _n constructed in accordance with the claimed methods described in PCT/AU2010/000990 and/or PCT/AU2012/001473, the relative linear complexity is greater than or equal to 1/2.

The constructed arrays are therefore immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.

According to another aspect, the present invention resides in an apparatus for measuring a level of security of an n-dimensional encoding array u, irrespective of the value of n, the apparatus comprising a processor in communication with a memory, the memory comprising computer readable program code components, the execution of which causes:

computing a Groebner basis for a set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials;

determining the delta set (footprint) of the Groebner basis; and counting the number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.

Preferably, the apparatus further comprises an output means in communication with the processor for outputting the measure of the linear complexity of the encoding array u.

Suitably, the minimal connection polynomial is implemented in a Field Programmable Gate Array (FPGA) to generate array u using minimum gate count possible and executing the array generation in the shortest time possible.

Further aspects and/or features of the present invention will become apparent from the following detailed description. BRIEF DESCRIPTION OF THE DRAWINGS

In order that the invention may be readily understood and put into practical effect, reference will now be made to preferred embodiments of the present invention with reference to the accompanying drawings, wherein like reference numbers refer to identical elements. The drawings are provided by way of example only, wherein:

FIG 1 illustrates methods of construction of 3D arrays using 2D logarithmic shift sequences and mapping according to embodiments of the present invention; FIG 2 illustrates methods of construction of 3D arrays using exponential shift sequences to shift 2D Legendre arrays according to other embodiments of the present invention;

FIGS 3A, 3B & 3C show examples of known Moreno-Tirkel arrays;

FIGS 4A, 4B & AC show an example of generating a known Moreno- Tirkel array of Family C by rotating the original shift array by 90° before substitution;

FIG 5 illustrates an apparatus for implementing the methods for computing the linear complexity of multidimensional arrays of the present invention; and FIG 6 is a general flow diagram illustrating the methods of computing the linear complexity of multidimensional arrays according to embodiments of the present invention.

Skilled addressees will appreciate that elements in the drawings are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, drawings may be schematic and the relative dimensions of some of the elements in the drawings may be distorted or restricted to help improve understanding of embodiments of the present invention. DETAILED DESCRIPTION

Embodiments of the present invention relate to methods and apparatus for measuring the security of multidimensional arrays having a range of applications. Embodiments of the present invention also relate to methods and apparatus for constructing families/cliques of multidimensional, multi- periodical arrays having maximal auto-correlation and minimal cross- correlation.

Generally, the multidimensional arrays associated with the present invention are constructed using a method of composition. The methods include constructing a family of doubly or multi-periodic shift sequences with constrained auto-correlation and cross-correlation. The doubly or multi- periodic shift sequences can be used in their own right, for example as 2D or 3D frequency hopping or time hopping codes for ultra-wideband (UWB) communications, radar or sensing, or they can shift a commensurate pseudo- noise sequence or array to produce dense binary or almost binary 2D, 3D or higher dimensional arrays suitable for, for example, watermarking. The multidimensional, multi-periodical arrays associated with the present invention have good auto and cross-correlation. The family size and correlation bound are dictated by the degree of a polynomial employed in the construction of the shift sequence or array. The multidimensional arrays have high linear complexity, rendering them suitable for a range of secure applications.

Similar arrays in 2D have been constructed, where the array length and width are relatively prime, so they can be converted into equivalent one dimensional sequences using the Chinese remainder Theorem (CRT) [6, 7]. Such sequences have linear complexities between 0.5/ and 1.0/ where / is the sequence length. This is very high for sequences, where traditionally the linear complexity is of the order of where L is the sequence length.

To illustrate the methods of construction, first, methods of construction of two dimensional logarithmic shift sequences are described and how they are used to shift a column sequence to produce a 3D watermark array. Secondly, methods of construction of an exponential shift sequence are described and how they can be employed to shift a 2D Legendre array to produce a 3D array.

Logarithmic Shift Sequences

Methods of construction of two dimensional logarithmic shift sequences and using them to shift a column sequence to produce a 3D watermark array are described with reference to FIG 1. Table 100 shows the powers of a primitive element in Finite Field GF(3 ² ) raised to all its powers in a square grid format. Vertical arrow 102 represents a logarithmic mapping of the grid table 100, which results in shift array 104. Shift array 104 is used to shift a column sequence 106, such as a Sidelnikov sequence of length 8. The methods of construction thus comprise generating a three dimensional array 108 using the shift array 104 and the column sequence 106.

The methods of construction include placing the column sequence 106, such as a column of length 8, below every entry in the shift array 104. The column contains all zeroes if the entry in the shift array 104 is ^* . Otherwise, the column contains a solitary entry of one (i.e. an impulse column) in the position determined by the entry in the corresponding location of the shift array 104. This results in the impulse column array 108. The methods of construction include replacing the impulse columns of the impulse column array 108 with a commensurate Sidelnikov sequence to produce 3D watermarking array 1 10 over +1 ,-1 , and 0.

The 3D array shown in FIG. 1 is solitary, so by itself it does not address the requirement of delivering large families of arrays with low off-peak autocorrelation and low cross-correlation. There are several ways of modifying and extending the method used to construct two dimensional arrays to produce families of three dimensional arrays. The resulting three dimensional arrays differ in their size and shape, the family size and the correlation values. For Finite Field GF, prime p,

Take A, B, C e GF(p ² ), A≠ 0 Eqn (1)

Let s = log _a (AX ² + BX + C) Eqn (2) where A, B, C are elements of the base field Z _p . In this family, two different shift sequences si and Sj are equivalent if the arrays they generate are multi-periodical shifts of each other. The number of non-equivalent classes is approximately p ² . The methods of constructions include using s _f belonging to each co-ordinate on the grid table 100 to cyclically shift a ternary Sidelnikov sequence of length p ² - 1 to construct a 3D watermarking array. The quadratic shift in Eqn (2) guarantees that no more than 2 such Sidelnikov columns can match and therefore the worst case autocorrelation and cross- correlation for this construction is of the order of 2p ² . The peak autocorrelation is of order p ⁴ . For polynomials of degree m, the off-peak autocorrelation and cross-correlation are bounded by mp ² .

In accordance with other embodiments, the method of connecting elements of Finite Field GF(p ^m ) - {0} with Z _p m _ ₁ using a logarithmic function where m is any positive integer has an inverse. GF(p ^m ) - {0}and Z _p m_ ₁ have the same cardinality and consequently there exists an inverse function since we are using a 1-1 onto function, so every element in GF(p ^m )— {0} is mapped onto every element of Z _p m_ . Consider now the inverse (exponential) function g.- Z _p m_ ₁ → z - {0}. Take a, the corresponding primitive element of the finite field GF. As in coding theory, the elements of GF(p ^m ) are written as m-tuples based on a, the primitive element: a ¹ = (0,0,0 1,0), a ² = ( ) , a^ ¹ = (0,0,0 0,1) Eqn (3) where each m-tuple has entries from the base field Z _p . ^έ can be written as an m-tuple on the grid table 100. Consequently, g is taken to be g{K) = a ¹ for any i e Z _p m _→ . Note that g is multi-periodic, and therefore g has the distinct difference property:

V h≠ 0, a ^i+h - a ¹ = ^j+h - a ^j i≡ j Eqn (4) This is true since: ai+h _ _a i _ _a i^ _a h _ i) = _a j( _a n - l) = a ^j+h - a ^j Eqn (5) Therefore, divide by (a ^h - 1) since h≠ 0 and we obtain ¹ = a ^j which implies t = j.

Exponential Shift Sequences

Methods of construction of 3D arrays using exponential shift sequences to shift 2D Legendre arrays are described with reference to FIG. 2. Consider a shift sequence ; = ' which generates a solitary array. FIG. 2 illustrates an example of such a construction over GF (3 ² ) in which the grid coordinates are used to shift a 3x3 Legendre Array described in PCT/AU2010/000990. The methods of construction include representing the primitive elements of GF(3 ² ) in a two dimensional grid table 200. The methods of construction include applying an exponential mapping to the grid table 200 to generate a shift array or sequence. The grid co-ordinates for ascending powers of a are shown in shift array 202. A shift of (2, 1 ) corresponds to a shift of two squares down and one square to the right. A 3x3 Legendre array 204 is commensurate with the two dimensional shift sequence in shift map 202. The methods of construction include applying the exponential shift array 202 to the 3x3 Legendre array 204 to generate the 3D array 206, which is depicted in FIG 2 constructed plane by plane.

The methods of construction can include constructing a family of arrays by applying a quadratic map to the shift sequence/array, instead of the (linear) exponential construction discussed in Fig. 2, as below:

f _A,B, c( = Λ(α ¹ ) ² + Ba ^l + C , f: Z _pm→ → Z™ - {0} Eqn (6)

where A, B, C are elements of the finite field GF(p ^m ). Any two arrays which are multi-dimensional cyclic shifts of one another are called equivalent. The autocorrelation of such arrays and the cross-correlation between any non-equivalent arrays constructed using the quadratic in Eqn (6) is bounded by two. For shift polynomials of degree m, the off-peak autocorrelation and the cross-correlation are bounded by m. Other shift sequences are possible, making use of rational function maps and related functions as explained in patent application PCT/AU2010/000990.

Complexity and Security In order to be useful in secure applications, such as digital watermarking, wireless communications and cryptography, the arrays need to be robust to attack. For example, an attacker can have access to parts of the array and attempt to reconstruct the rest of the array by applying linear algorithms such as the Berlekamp-Massey-Sakata algorithm. According to one aspect, the present application introduces a general and invariant measure of the linear complexity of arrays in any number of dimensions.

The following definitions can be recalled from [1]:

Let Z ₀ denote the set of non-negative integers and let∑ ₀ = 1%

An n-dimensional array over a field K is a mapping u: Γ→ K, and it is written as u = (i½) , where the image u _x : = u(x) , x ε F, is the "value" of u at x. Let < T be the total degree ordering on Z ₀ . Linear recurrence relations which are satisfied by a given array can be represented by a n-variate polynomial/ e K[z], where K[z] = A ^r [z ₁ , z ₂ .■■■- ½] is the n-variate polynomial ring over K. Any such polynomial can be written as

where / is a finite subset of c s.t. f _x ≠ 0 for x e / . The maximum element (w. r. t. < _T is called the "degree" of / and is written Deg(J) . Corresponding to a polynomial / with Deg f) = s we consider a linear recurrence relation at a point x ε∑ ₀ for an array u:

Let for s, p e∑o s.t. S<T p

Σξ: = {x E∑o\s < x <T p} Eqn (9) and ∑Ρ , _{= ∑} ν _{= [χ e ∑q < t V } Eq n ( 0} )

An array u with support∑ ^p is written as u ^v and if q≤ _T p then u ^q is the restriction of u ^v within ∑ ^q . An array with the support „ = Γ ₀ is called a perfect array.

For an array u = u ^p , a polynomial f with Deg(f) = s is said to be valid (up to p) iff either p < _r s or /[u] _¾ = 0, x E∑ξ. The set of all valid polynomials for an array u is denoted VALPOL(u).

We have from [1], Theorem 1 :

If u is a perfect array, then VALPOL (u) is an ideal in K[z].

A finite subset 5 of ∑ ₀ is called non-degenerate iff for any s E S, there exists no other point t e S such that s≤t.

Let

∑s = Uses{ x £∑o \s≤x] Eqn (11 ) We can now formulate a first definition, also from [1], Definition 1 :

A finite subset F of K[z] and a finite subset S of∑ ₀ are called "a minimal polynomial set" and the "minimal degree set" of an array u, respectively, iff the following conditions are satisfied:

^■ F c VALPOL(u)

^■ S: = {s = Deg(f~) \f E F} is a non-degenerate set

^■ there exists no polynomial g s. t. g E VALPOL(U) and Deg(g) e∑ ₀ \∑ _s

For a given array u, and a given ordering on Z ₀ , there can be more than one minimal polynomial set, however the sets S and ∑ ₀ \∑ _S : = A (U) are unique. For different orderings of 1 ₀ the Δ (U) might be different, but their sizes are the same. The set Δ (U) is called many things in the literature e.g. the delta set, the excluded point set, the footprint and appears naturally in Groebner basis theory. With this we can now provide Definition 2: The linear complexity of an n-dimensional array u is the number of elements in Δ (U) .

[1 ] contains an algorithm for the calculation of a Groebner basis for VALPOL(u), and hence Δ (U) . The algorithm is an extension of an earlier 2D version [2] which has been used for decoding algebraic geometry codes. See e.g. [3] and [4]. The thesis of Rubio [12] also contains an algorithm that computes a Groebner basis for VALPOL(u) by reducing a matrix whose rows consist of mappings of the array u. Rubio's algorithm is an analog of an algorithm, due to Moss Sweedler and Lee Taylor (referred to herein as the Sweedler-Taylor algorithm), for computing Groebner bases for 0-dimensional ideals without necessarily knowing a basis for the ideal. In other embodiments, any other accelerated algorithm could be used.

It is possible to use the one dimensional Berlekamp-Massey algorithm to analyse the linear complexity of arrays in cases where the array dimensions are relatively prime. This is achieved using the Chinese Remainder Theorem (CRT) as described in PCT/AU2012/001473. CRT converts two dimensional arrays into one dimensional sequences. Then, the one dimensional sequences can be analyzed with regard to their linear complexity, using the standard Berlekamp-Massey algorithm. A reverse process to CRT, called folding, can be applied to convert one dimensional sequences into two dimensional arrays. Sequence families constructed using Bent, Small Kasami, No-Kumar, Generalized No-Kumar, Gold, and Kerdock can be folded into two dimensional arrays [8]. These have known linear complexities. The Moreno- Tirkel arrays are two dimensional versions of the three-dimensional examples, the subject of the present invention, except that their dimensions are relatively prime. Their construction is explained below. Their linear complexity is obtained by using the CRT to convert them from two dimensions to one dimension and then applying the Berlekamp-Massey algorithm.

The linear complexity is the degree of the polynomial obtained by the Berlekamp-Massey algorithm, which is also the number of elements in Δ (U). Hence, the same complexity will be obtained if one computes the size of Δ ( ) by computing a Groebner basis for VALPOL(u) with respect to another total ordering. For the Groebner basis method one does not need to assume that the dimensions of the array are relatively prime.

Regarding the Moreno-Tirkel arrays, with reference to FIGS 3A and 3B and the first two families, Family A is obtained by applying an exponential quadratic shift sequence to commensurate columns as described before [5] and [6]. Family B is obtained by applying a rational function map to GF(p ^m ) ]{∞} to map p ^m + 1 entries onto p ^m . When m=1 the columm of length p can be substituted by a Legendre sequence or any other pseudonoise sequence of prime length. The entry which cannot be mapped can have the column below it be substituted by a constant which can be used to balance the array and the correlation. Family C is obtained by applying a similar process to a rational function cycle through a finite field by mapping p ^m + 1 onto entries onto p ^m - 1. For p=2 p ^m - 1 can be prime (Mersenne prime) and then the column can be substituted by a Legendre sequence or any suitable prime length pseudonoise sequence. Sometimes 2 ^m + 1 is prime, in which case the array can be rotated and the rows substituted by Legendre or other suitable prime length pseudonoise sequence. Also, for p=2, 2 ^m + 1 and 2 ^m - 1 are relatively prime, so the array can be unfolded along a diagonal, using the Chinese Remainder Theorem (CRT). FIG 3A shows the array form (19x 18) of a sequence obtained from Family A. FIG 3B shows the array form (1 9x20) of a sequence obtained from Family B. FIG 3C shows the array form (15x 17) of a sequence obtained from Family C, where the rows have been substituted by binary Legendre sequences of length 17. These are the closest values to compare with the array format (1 5x 17) of the previous known constructions. Note that there are no apparent symmetries.

The array of Family C is obtained by rotating the original shift array before substitution. This can be done because the original array has at most one dot per column and exactly one dot per row. The process is shown in FIGS 4A, 4B and 4C. Using the aforementioned methods, the linear complexity for the known

CDMA sequences and the three families of Moreno-Tirkel constructions with Legendre sequence columns were analyzed and the results are presented in Table 1. The comparison has been restricted to sizes for which all constructions exist, so that a quantitative comparison between the constructions can be made. Note, that the Moreno-Tirkel arrays are available in many more sizes than the classical counterparts. Also, note that some of the sequences/arrays can be folded into higher dimensions e.g. 255 can be folded into 15x17 or 3*5* 17, 1023 can be folded into 31 *33 or 31 *1 1 *3, and 4095 can be folded into 63*65 or 7*9*65 or 7*9*5* 13 or various other two, three, or four dimensional arrays.

It is evident that the Moreno-Tirkel families are the only ones to have high linear complexity, and that this complexity remains high as the sequence length/array size asymptotes to infinity. Therefore, the Moreno-Tirkel sequences/arrays are inherently more secure when used as arrays for watermarking or as sequences for wireless communications or in other applications requiring such security.

Family/Length 255 1023 4095 Asym tote

Bent 0.125 - 0.018 2-1.7(n-8)

Small Kasami 0.047 0.015 0.004396 1.5nx2r°

No-Kumar 0.235 0.152 0.031 0

Generalized N-K - 0.132 - 0

Gold 0.063 0.02 0.005861 n2r ⁿ⁺¹

Kerdock 0.142 0.054 0.019 2-1.4(n-8)

Moreno-Tirkel 0.947 0.485 0.985 0.5 for p=8k+3 or 8k+5 Family A (length=342) (length=930) (length=

1 .0 for

4422) p=8k±1

Moreno-Tirkel 0.985 0.46875 0.970588 * 0.5 for p=8k+3 or 8k+5 Family B (length=380) (length=992) (length=

1.0 for

4556) p=8k±1

Moreno-Tirkel 0.4706 0.5 for p=8k+3 or 8k+5 Family C (length=255)

1.0 for p=8k±1

Table 1. Linear Complexity Comparison

Result: For Family A and C of the Moreno-Tirkel constructions, the recursion polynomial of the long sequence is obtained from that of the column sequence by raising each term to the power equal to the number of columns in the array. So far, no counter examples have been found.

For Example, consider the array of FIG. 4C. The column is a binary Legendre sequence of length 17: 0, 1 , 1 ,0, 1 ,0,0,0, 1 , 1 ,0,0,0, 1 ,0, 1 , 1. Column recursion polynomial: x ⁸ + x ⁷ + x ⁶ + x ⁴ + x ² + x ¹ + 1. Recursion polynomial for long sequence: x ¹²⁰ + x ¹⁰⁵ + x ⁹⁰ + x ⁶⁰ + x ³⁰ + x ¹⁵ + 1.

The number of columns in the array is 15.

With reference to FIG 5, according to some embodiments of the present invention, an apparatus 500 for measuring a level of security of an n- dimensional encoding array u, irrespective of the value of n, can be implemented in a combination of hardware and software. Apparatus 500 comprises a processor 505 in communication with a memory 510 and an output means 507, such as display. The memory 510 comprises a computer readable medium 515 having stored thereon computer readable program code components 520. Selective execution of the computer readable program code components 520 by the processor 505 causes the apparatus 500 to perform the steps of the methods according to embodiments of the present invention as described herein. Hence, apparatus 500 performs the step of computing, via the processor 505, a Groebner basis for the set of valid polynomials for the encoding array u using n-variate recurrence or connection polynomials. Apparatus 500 performs the step of determining, via the processor 505, a delta set (footprint) of the Groebner basis. Apparatus 500 then performs the step of counting, via the processor 505, a number of points of the delta set (footprint) of the Groebner basis to generate a measure of the linear complexity of the encoding array u, and outputting, via the output means, the measure of the linear complexity of the encoding array u, wherein the measure of the linear complexity is a measure of the level of security and the count of the delta set is an invariant.

Further details of the methods for measuring a level of security of an n- dimensional encoding array u according to embodiments of the present invention will now be described with reference to the general flow diagram in FIG 6. At step 605, the method 600 includes taking an n dimensional array, such as a 2D array u and at step 610 associating the array u to a power series u(x,y) with terms uijxy.

At step 615, the method includes determining a list of monomials M ordered w.r.t. a total order < _r and ordering the terms in the power series u(x,y) w.r.t. the total order < _T .

With reference to step 620, the first row of the array equals the coefficients of the ordered power series u(x,y). The method 600 includes removing monomial 1 from the list of monomials M. With reference to step 630, F equals the first monomial in M and the new row of the array equals the coefficients of terms with positive exponents in the ordered power series u(x,y).F ^'1 .

At step 635, the method 600 includes partially reducing the new rows of the array with the previous rows. At step 640, the method 600 includes determining whether the new row of the array is partially dependent on one or more previous rows. If not, at step 645 the method includes removing the first monomial F from the list of monomials M. If so, at step 655 the method includes removing all multiples of the first monomial F from the list of monomials M and adding the first monomial to LM.

At steps 650 and 660, the method includes determining whether the list of monomials M is empty. If not, the method returns to step 630. If so, at step 665 delta is defined as the set of all monomials that are not divisible by any element in LM, represented by Δ and at step 670 ΙΔΙ is the measure of linear complexity of the n-dimensional encoding array u.

Hence, the methods of generating three-dimensional encoding arrays introduced in PCT/AU20 0/000990 produce arrays with good asymptotic properties. The methods of determining the security of such multi-dimensional encoding arrays are also invariant under the Chinese remainder process. Further work demonstrates that for an m-dimensional array with periods Ti, ... T _n and constructed with the methods presented in the Applicant's patent application PCT/AU20 0/000990, the linear complexity is greater than or equal to Ti T2. .. Tn/2 for large enough Ti,..J _n . This is equivalent to the relative complexity of the arrays constructed with these methods being greater than or equal to 1/2. This complexity is much better than the linear complexity of sequences obtained by other known constructions, as illustrated by Table 1 herein.

The further work also demonstrates that the linear complexity of arrays produced by these constructions is determined by the linear complexity of the sequences used in the composition, i.e. the Legendre or Sidelnikov sequences. This has been proved theoretically for some cases and verified experimentally for 2-dimensional arrays for primes up to 30,000. This has also been verified extensively for arrays of dimension 3. This implies that the constructed arrays are immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.

In the further work, N refers to the set of positive integers including 0, p denotes a prime and q = p ^r for an integer r≥ 1 . Let F _q be the finite field of q elements, then if q = p, the elements of the finite field are identified with integer numbers in the range {0, . . . , p - 1 and vice versa.

For F _q , we consider the elements F _q = {ξ ₀ , ξ^, . . . , ξ _η -ι} using an ordered basis {y-i , y _r } of F _q over F _p for 0 < n < q, ξ _η = n^γ^ + n ₂ y ₂ + ^■■■ + n _r y _r , Eqn (12)

if n = ?i + n ₂ p + ^■ · ^■ + n _r p ^r 0≤ n, < p, i = 1, . . . , r.

Employing this order, it is easy to relate the elements of a finite field with an r-dimensional array. The multiplicative group of any finite filed is cyclic, so for any generator (also called a primitive element) a eF _q and ο φ e

F _q , s = log _a β is the unique integer 0 < s < q - 1 such that a ^s = β. All arrays considered are cf-periodic, which means that there exist positive integers J^, . . . , re called periods such that: s(i + T _k e _k ) = s{\), v\ e H ^d , where ei, . . . , e _d is the canonical basis of H ^d .

As described in PCT/AU20 0/000990, the general idea for constructing multidimensional arrays is to start from lower dimensional constructions with good linear complexity and perform shifts depending on another array. FIG 1 shows an example of a three dimensional array.

The construction takes as a column a Sidelnikov sequence which is shifted using the two dimensional logarithm. In the next paragraph, we explain how to generate the array for any dimension.

The general construction takes the one dimensional Sidelnikov array S,

S(/ ^' i ) = ((σ' ^{1 +} † ^~ + 1) and the logarithmic map T, where ξ _η = n< _\ Y† + η ₂ γ ₂ + ^■ + n _r y _r , to produce an r+ 1 dimensional array,

S( , I ^' r, / 1 ) = S(/ ^' i + T (/ ₂ , . . . , i _n ΓΗ )).

The first period is q - 1 , and the other ones are p. The normalized linear complexity of this construction for all primes between 2 and 17 has been compared with the normalized linear complexity of Sidelnikov sequence using a computer. The normalized linear complexity of the multidimensional construction is always less than the normalized linear complexity of the Sidelnikov sequence, but the difference is always less than 1/(p ² -1 ).

A closed formula for normalized linear complexity of the general multidimensional construction is not known, but computer simulations suggest that the normalized linear complexity of multi-dimensional arrays s is greater 1/2 as p tends to infinity. It is clear that the normalized linear complexity of s is, at most the normalized linear complexity of S, and there are many values where the exact value is known.

With respect to the Moreno-Tirkel array constructions, the normalized linear complexity of Moreno-Tirkel construction tends to the normalized linear complexity of S as p tends to infinity, for any one-dimensional array S. For example, consider the constructions for two dimensional arrays, double periodic with periods p, T ₂ , The construction for two dimensional arrays follows the following steps:

• Take a one dimensional array S : N i→F ₂ with high linear complexity and period p. For example, the Legendre sequence (see A. Topuzoglu and A. Winterhof, "Pseudorandom sequences," in Topics in geometry, coding theory and cryptography. Springer, 2007, pp. 135— 166 for the calculation of the linear complexity.

• Select another one dimensional array T : N *→F _P with period T2 which will represent the shifts.

• Define the two dimensional array in the following way:

(ii, i ₂ ) >→ S(ii + T(i ₂ )).

In the next lemma, the first result regarding the maximal linear complexity of these families of arrays is presented.

Lemma 1: For an array constructed as defined above, the maximal linear complexity is:

LC(s) = 8, Eqn (13) Notice that for p≡3, 5 mod 8, the upper bound is twice the expected linear complexity of a random array. Using a shift sequence, the quadratic sequence defined by T(i)=i ² mod p with period p. Equation 14 gives the construction for p = 5:

This sequence has been studied and provides a construction which gives a maximal set of arrays. Following similar methods, the high linear complexity of the Moreno-Tirkel families A, B and C has been demonstrated.

In the present patent application it has been demonstrated that the linear complexity has been extended from one to higher dimensional arrays and it has been demonstrated that the arrays of PCT/AU2010/000990 and PCT/AU2012/001473 also have very good linear complexity for dimensions > 2. Furthermore, the new multidimensional concepts of linear complexity described herein can be used as a metric to measure whether an array has good cryptographic properties. The arrays constructed according to the claimed methods described in PCT/AU2010/000990 and PCT/AU2012/001473 are therefore immune or at least robust to linear attack and therefore offer superior security when used in applications such as, but not limited to watermarking, cryptography or communications.

Also, the one dimensional shift register implementation works only if the array length and width are relatively prime. The minimum unit cell (memory) and the linear complexity of both designs should be the same, whenever both designs are applicable. In other words, an array which can be folded or unfolded to change its dimensionality using the Chinese Remainder Theorem retains the same linear complexity when its dimensionality is altered. The Groebner bases method allows arrays to be used where the dimensions of the arrays are not relatively prime.

Sequences with high-peak auto-correlation, low off-peak and cross- correlation between family members play an important role in applications such as spread-spectrum wireless communications, radar and acoustic diffusers. Periodic correlation is used in wireless communications, whilst aperiodic correlation is used in radar and signal synchronisation. Sequence values are usually binary, i.e. a (0, 1) alphabet for optical orthogonal codes, and bi-phase, i.e. (+1, -1) in CDMA communications or radar. Alphabets over higher roots of unity (polyphase, often including some nulls) have also been used. The small Kasami set is optimal for the periodic bi-phase case for one dimensional sequences.

In this specification, the terms "comprise", "comprises", "comprising" or similar terms are intended to mean a non-exclusive inclusion, such that a system, method or apparatus that comprises a list of elements does not include those elements solely, but may well include other elements not listed.

Throughout the specification the aim has been to describe the preferred embodiments of the invention without limiting the invention to any one embodiment or specific collection of features. It is to be appreciated by those of skill in the art that various modifications and changes can be made in the particular embodiments exemplified without departing from the scope of the present invention.

References

1. Sakata S.: Extension of the Berlekamp - Massey Algorithm to N Dimensions. Information and Computation. 84, 207 - 239 (1990)

2. Sakata S. : Finding a minimal set of linear recurring relations capable of generating a given finite two - dimensional array, J. Symbolic Comput. 5,

321 - 337 (1988)

3. Sakata S., Jensen H. E., H0holdt T.: Generalized Berlekamp - Massey decoding of algebraic geometric codes up to the Feng - Rao bound. IEEE - Trans. Inform. Theory. 41 No. 6, 1762 - 1768 (1995)

4. H0holdt T , Pellikaan R.: On the decoding of algebraic - geometric codes. IEEE Trans. Inform. Theory. 41 No. 6, 1551 - 1556 (1995)

5. Moreno O., Tirkel A.: Digital Watermarking. PCT/AU2010/000990 (2010)

6. Moreno O., Tirkel A. : Algebraic generator of sequences for communication signals PCT/AU2012/001473 (2012)

7. Moreno O., Tirkel A.Z.: New Optimal Low Correlation Sequences for Wireless Communications. SETA, Waterloo, Canada. 212-223 (2012) 8. Leukhin A. , Moreno O., Tirkel A. : Secure CDMA and Frequency Hop Sequences, The Tenth International Symposium on Wireless Communication Systems, llmenau, Germany. 819-825 (2013)

9. Bomer L. and Antweiler M., "Construction of a new class of higher- dimensional Legendre and pseudonoise arrays", IEEE Symposium on Information Technology. San Diego, 1990, p. 76.

10. Moreno O. and Tirkel A. , "Digital Watermarking", US 2012213402, AU 2010312302.

H . Keiichi Iwamura, Polynominal-Set Deriving Apparatus And Method, US 5,535, 140 - Jul. 9, 1996

12. Rubio, I .: Groebner Bases for 0-Dimensional Ideals and Applications to Decoding. Ph. D. Thesis, Cornell University (1998)