Maximum order complexity of the sum of digits function in Zeckendorf base and polynomial subsequences

Let us first introduce some measures of complexity that we will focus on in the present paper.

A sequence with small maximum order complexity is not suitable for cryptographic applications. Indeed, such a sequence can be built with relatively short blocks of consecutive terms. However, a sequence with large maximum order complexity can still be predictable, as it is known for the Thue–Morse sequence, see [15, 28]. Note also that the largest possible order of magnitude of \(M(\mathcal {S},N)\) is N and the expected value of \(M(\mathcal {S},N)\) is \(\log N\), see [12, 20].

The maximum order complexity has been studied by several authors, for general results see [11‐13, 20, 31] or [21, 27‐29] for applications to some particular sequences such as the Thue–Morse sequence or the Rudin–Shapiro sequence. From a computational perspective, Jansen [12, Proposition 3.17] showed how Blumer’s DAWG (Direct Acyclic Weighted Graph) algorithm [3] can be used to compute the maximum order complexity in linear time and memory. In the last section of this paper, we use DAWG algorithm to formulate some conjectures (Section 3.2).

Diem [7] introduced the expansion complexity of a sequence as follows.

A truly random sequence has expected value \(E(\mathcal {S},N)\) of order N^1/2, see [17].

Binary, and more generally, p-ary automatic sequences are not good pseudorandom sequences since their expansion complexity satisfies \(E(\mathcal {S},N)<+\infty \) by Christol’s theorem, see [6]. In fact, automatic sequences generated by a finite automaton do not have sufficiently many different factors of a fixed length.

The subword complexity, denoted by \(p_{\mathcal {S}}(k)\), counts how many different subwords of fixed length k the sequence contains. It can again serve as a measure of pseudorandomness. A sequence \(\mathcal {S}\) over {0,1} is normal if for every k ≥ 1 and for any block of length (b₀,…,b_k− 1) ∈{0,1}^k, we have

One can associate to a binary sequence a symbolic dynamical system based on the shift on \(\{0,1\}^{\mathbb {N}}\). The topological entropy of such a dynamical system is \(\lim _{k\rightarrow +\infty } \frac {\log _{2} p_{\mathcal {S}}(k)}{k}\), where \(\log _{2}\) denotes the base 2-logarithm. A sequence with 0 topological entropy is said to be deterministic and it should not provide a pseudo-random sequence since such a sequence has a small subword complexity, see [23].

Let k ≥ 2 and Σ be a finite alphabet. We denote by Σ^∗ the set of all finite or infinite words over Σ. A morphism f is a mapping \(f:{{{\varSigma }}}^{*} \rightarrow {{{\varSigma }}}^{*}\) satisfying f(uv) = f(u)f(v) for all words u and v. A morphism is said to be k-uniform if |f(x)| = k for all x ∈Σ, where |x| is the length of the word x. If there is b ∈Σ such that f(b) starts with b, i.e. f(b) = bu for some u ∈Σ^∗, we say that f is b-prolongable. In this case, let us denote f^ω(b) the fixed point of f given by f^ω(b) = bf(u)f²(u)…

For equivalent definitions of automatic sequences, we refer to [2]. An emblematic example of automatic sequence is the Thue–Morse sequence, or Prouhet–Thue–Morse sequence, independently introduced by Thue [30], Morse [18] and Prouhet sixty years before [22]. This sequence appears in many different fields of mathematics, see [14], and is still an important object of recent work.

The Thue–Morse sequence is 2-automatic and the corresponding morphism is

The Thue–Morse sequence has a large maximum order complexity, see [28], but this sequence is far from being pseudorandom. Indeed, it is well-known that \(E(\mathcal {T},N)\leq 5\) for all N since h(x,y) = (x + 1)³y² + (x + 1)²y + x satisfies \(h(x,G_{\mathcal {T}}(x))=0\) where \(G_{\mathcal {T}}(x)\) is the generating function of \(\mathcal {T}\), see [2, Example 12.1.12]. Also, its subword complexity is small, \(p_{\mathcal {T}}(k)\ll k\) (see [2, Corollary 10.3.2] for a general result for all automatic sequences).

The behavior of this sequence regarding the defined pseudorandomness measures changes when this sequence is rarefied along specific subsequences. Drmota, Mauduit et Rivat [8] showed that the Thue–Morse sequence along squares is normal and Moshe [19] showed that the polynomial subsequences of degree d ≥ 2 of the Thue–Morse sequence have an exponential subword complexity. Sun and Winterhof [27] and Popoli [21] showed that the maximum order complexity of the Thue–Morse sequence along polynomial subsequences remains comparatively large. A large maximum order complexity is desired, however, it should be noted that it should be not too large since the correlation measure of order 2 gets large in that case (see [12, Proposition 3.1]).

Furthermore, these polynomial subsequences are no longer automatic sequences, see [2, Theorem 6.10.1], and their expansion complexity is no longer bounded by Christol’s theorem. These statements mean that the polynomial subsequences of the Thue–Morse sequence are better candidates for cryptographic applications than the original sequence.

In order to generalize the investigation to other morphic sequences and sum of digits function, let us introduce the Zeckendorf base sum of digits function, which is related to the Fibonacci sequence (see [2, Theorem 3.8.1], [32]).

Since \(F_{n}=\lfloor \frac {\varphi ^{n}}{\sqrt {5}}+\frac {1}{2} \rfloor \) for n ≥ 0, the index n(a) of the largest Fibonacci number that is not greater than an integer a > 1 is \(\lfloor \frac {\log (a \sqrt {5}+1/2)}{\log (\varphi )} \rfloor \). We call n(a) − 1 the length of a.

Thus we can define the sum of digits function in Zeckendorf base by \(s_{Z}(n)={\sum }_{i \geq 0} \varepsilon _{i}(n)\), see [9, 24, 26] or sequence A007895 in On-Line Encyclopedia of Integer Sequences (OEIS) for discussions on this sequence. We denote by \(\mathcal {S}_{Z}\) the sequence defined by \(\mathcal {S}_{Z}=\left (s_{Z}(n)\mod 2\right )_{n\geq 0}\), an analog of the Thue–Morse sequence. It is known that \(\mathcal {S}_{Z}\) is a morphic sequence, see for example [4, p.14] or [2, Examples 7.8.2, 7.8.4]. An example of the corresponding morphism and coding is Thus, the sequence modulo 2 is obtained by iterating f on the letter a and recoding with g : \(\mathcal {S}_{Z}=\texttt {0}\texttt {1}\texttt {1}\texttt {1}\texttt {0}\texttt {1}\texttt {0}\texttt {0}\texttt {1}\texttt {0}\texttt {0}\texttt {0}\texttt {1}\texttt {1}\texttt {0}\texttt {0}\texttt {0}\texttt {1}\texttt {0}\texttt {1}\texttt {1}\ldots \) This sequence is not automatic, see [9, Remark 1]. Indeed the authors show that the k-kernel is infinite for every k, see [2] for more details on equivalent definitions of automatic sequences. This implies that the expansion complexity of \(\mathcal {S}_{Z}\) is not bounded, since this sequence is not automatic, and motivates our study of this sequence. In fact, morphic non-automatic sequences are better candidates for cryptographic applications regarding this complexity. However morphic sequences have subword complexity at most bounded by a quadratic function, see [2, Corollary 10.4.9], and their associated dynamical system has 0 topological entropy, see [23, Corollary V.20] for an alternative proof.

As the sum of digits function for the usual q-base, s_Z is a subadditive function, i.e. for any integers n₁,n₂ ≥ 0 we have s_Z(n₁ + n₂) ≤ s_Z(n₁) + s_Z(n₂), see [26, Proposition 1]. Consider the Zeckendorf expansion of n₁ and n₂,

with \(\varepsilon _{k_{i}}^{(i)}=\varepsilon _{K_{i}}^{(i)}=1\). Without loss of generality suppose that k₁ ≤ k₂. We say that n₁ and n₂ are non-interfering if k₂ − K₁ ≥ 2. This means that non-interfering integers have digital blocks that do not overlap and no normalization after the addition has to be executed. We therefore have

In the following we will determine a lower bound for the maximum order complexity of \(\mathcal {S}_{Z}=(s_{Z}(n) \mod 2)_{n}\) and for \(\mathcal {S}_{Z,P}=(s_{Z}(P(n)) \mod 2)_{n}\) with \(P \in \mathbb {Z}[X]\) a monic polynomial such that \(P(\mathbb {N}_{0}) \subset \mathbb {N}_{0}\). In what follows, we use Vinogradov’s notation f ≪ g is defined as |f|≤ c|g| for some c > 0.

Since the correlation measure is bounded below by the maximum order complexity (see [17]), Theorem 1.1 shows that \(\mathcal {S}_{Z}\) is non-random in this specific respect. We mention also the recent result of Shutov [25] that shows that the autocorrelation of order 2 with lag equal to 1 of \((-1)^{s_{Z}(n)}\) is large. This serves as motivation to look at subsequences, that we address in following result.

We will discuss the heuristics that supports the real growth of the maximum order complexity in the final part of the paper (Section 3.2). In particular, we conjecture that the lower bound is indeed the actual growth of the maximal order complexity.

The rest of the paper is structured as follows. In Section 2, we prove Theorems 1.1 and 1.2 where we first prove the linear case and the particular case P(X) = X^d for d ≥ 2 before tackling the general case. We conclude the paper with some final remarks (Section 3) about possible generalizations of this result to other numerations systems and some heuristically supported conjectures.

We first study the maximum order complexity of \(\mathcal {S}_{Z}\).

We are now able to prove Theorem 1.1.

We now study the sequence \(\mathcal {S}_{Z}\) along polynomial values. In a classical q-base, xq^j is a shift of length j for the expansion of x. In Zeckendorf base, the Fibonacci numbers do not have this property since a power of a Fibonacci number is in general not a Fibonacci number (note that the only exceptions of pure powers that are Fibonacci numbers are 1,8 and 144, see [5]). The Lucas numbers are an interesting analogue of powers of q in q-base.

We have for all j ≥ 1, the basic relation L_j = F_j+ 1 + F_j− 1, which means that the expansion of Lucas numbers in Zeckendorf base is simple. Moreover we have the following formulas.

The last statement of Lemma 3 has an important role for the construction of sums with non-interfering terms. Indeed, for an integer m and k large enough (of order of length of m), the expansion of mL_k is the expansion of m centered around F_k. Notice that this result is different from the q-base since the digits here appear on both sides of the expansion of m. We will see the impact in our main result Theorem 1.2 with the occurence of N^1/(2d) in the place of N^1/d that we got in the case of q-base expansion, see [21].

Let us start with the case P(X) = X^d for d ≥ 2. In the following we write \(\overline {\lambda }=\lambda \mod 2\) with \(\overline {\lambda }\in \{0,1\}\). This case is the building brick for the general case of \(P(X) \in \mathbb {Z}[X]\) with \(P(\mathbb {N}_{0}) \subset \mathbb {N}_{0}\).

To begin with, we study the expression of (n + L_ℓ)^d in terms of a sum of distinct Lucas numbers.

Now, for k ≥ 1 consider

with real parameters m_i, see [26]. For d ≥ 1 set

Note that for k sufficiently large, the coefficients c_i are independent from k.

We will need the following auxiliary result [26, Lemma 4].

This lemma will be useful to construct two elements with different sums of digits in Zeckendorf base when we take their d th powers. Indeed, only the subdominant coefficient is negative so we are able to create a block of digits 1010⋯10 of length k for any k large enough. Indeed, as we will state later, the transition from k to k + 1 adds exactly one block of 10. We have already used a similar method in the usual 2-base, see [21, proof of Lemma 6].

In the following, let α ≥ 1 be an integer such that

and m₂ = 1 and m₀,m₁,m₃ integers such that

Under these conditions, T_d(k) and T_d(k + 1) have all positive integral coefficients with the only exception of the coefficient of L_{2k(3d− 1)} and L_{2(k+ 1)(3d− 1)} respectively, see [26]. Notice that these coefficients are the same for these two polynomials for k large enough.

We are now able to prove Theorem 1.2 in the particular case P(X) = X^d.

We consider now the general case with P(X) = α_dX^d + ⋯ + α₀ a polynomial such that \(P(\mathbb {N}_{0}) \subset \mathbb {N}_{0}\) and α_d = 1. Such as before, we shall determine exactly P(n + L_k) for the integers n ≥ 0 et k ≥ 0.

Let μ be an integer. We have by Lemma 8

To prove a lower bound on the Nth maximum order complexity of \(\mathcal {S}_{Z,P}\), we look for an analogue of Lemma 7. The analogue of the first part of this lemma is described as follows.

In order to obtain the analogue of the second part of Lemma 7, we are now looking for an integer n of the form L_λ for some λ and r > 1 such that According to Lemma 10, we need λ ≥ μk. Note that we want to prove that \(M(\mathcal {S}_{Z,P},N)\gg N^{1/(2d)}\) in order to have the same bound as the one for the monomial case. The following result gives sufficient conditions for the size of λ and r for this bound.

We are now looking for (λ,r) such that μk ≤ λ ≤ 2dμk, r constant and (12) is verified.

As we will state later, only two Lucas numbers will interfere. The following lemma describes all the possibilities for this interference.

Our result can be generalized to other numeration systems without new methods. Let us first comment on Ostrowski’s α-numeration system, see [2, Theorem 3.9.1], related to the continued fraction of an irrational number.

For the specific case α = φ, we have the Zeckendorf expansion since φ = [1,1,1,…].

Our result might be generalized to a quadratic irrational α such that the continued fraction of α is of the form α = [1,a,a,…]. In this particular case, we have \(q_{n+2}=\frac {1}{a}q_{n+1}+q_{n}\). We denote by γ the zero of the polynomial \(x^{2}-\frac {1}{a}x-1\) such that its Galois conjugate \(\overline {\gamma }\) verifies \(|\overline {\gamma }|<|\gamma |\). Thus we have \(q_{n}=\frac {1}{\sqrt {a^{-2}+4}}(\gamma ^{n}-\overline {\gamma }^{n})\), an analogous formula that for Fibonacci numbers. We define an analogue of Lucas numbers by \(L^{\prime }_{n}=\gamma ^{n}+\overline {\gamma }^{n}\) for all n ≥ 0. Then, in this particular case, our new notion of “Lucas numbers” verifies \(L^{\prime }_{n}=q_{n+1}+q_{n-1}\) and an analogous formula of Lemma 3 holds true. So it might be possible to generalize our result in this case since no more input in the proof is needed.

We can compute the maximum order complexity thanks to Blumer’s DAWG (Direct Acyclic Weighted Graph) algorithm (see [3] and [12]). The C++ program that computes the maximum order complexity of a sequence is available on the web page of the second author.¹ By using this program, we are able to formulate some heuristically supported conjectures.

Let us compare the maximum order complexity along polynomial subsequences of the Thue–Morse sequence to the Zeckendorf expansion sequence.

The plots for squares and cubes (and the large values of R²), see Figs. 2 and 3, indicate that the growth is close to x^1/2 and x^1/3, respectively. We therefore formulate the following conjecture :

A proof of this conjecture would imply that the lower bound proved by Popoli [21] is optimal.

The maximum order complexity of \(\mathcal {S}_{\varphi }\) is algorithmically more difficult to handle. Motivated by the results on Thue–Morse we conjecture the following:

This is, to some extent, supported by the plot for squares, see Fig. 4. Again, a proof of this conjecture would imply that the lower bound in Theorem 1.2 is sharp. Notice that there is a larger gap for the maximum order complexity between the linear case and the quadratic case for \(\mathcal {S}_{Z}\) compared to the classical Thue–Morse sequence.

We conclude the discussion by a surprising phenomenon on steps. Since the maximum order complexity is integer-valued and an increasing function, it is a step function. Each time \(M(\mathcal {S},N)\) has a different value from \(M(\mathcal {S},N-1)\), we say that N is a step. The ratio of successive steps is the ratio N₁/N₂ for two steps N₁,N₂ such that there is no N ≥ 1 with \(M(\mathcal {S},N_{1})<M(\mathcal {S},N)<M(\mathcal {S},N_{2})\).

We observed that the ratio of successive steps seems to converge.

This phenomenon seems to be related to numeration systems, and not directly to the fact that a sequence is automatic or morphic.

The plot for cubes, see Fig. 5, does not enlighten Conjecture 3.3 and Conjecture 3.4. With our program and our machine, it is not possible to compute the maximum order complexity of a sequence any further than 10⁹ terms. Nevertheless, we believe that if it were possible to compute for a few more terms, both of theses conjectures should appear more clearly.

To perform all these plots, we used the cluster yeti that consists of 4 nodes, 4 x Intel Xeon Gold 6130 CPU and 16 cores / CPU, with 768 GiB of memory, see https://​www.​grid5000.​fr/​w/​Grenoble:​Hardware#yeti.