A linear feedback shift register (LFSR) is a shift register whose input bit is a linear function of its previous state.
The only linear functions of single bits are xor and inversexor; thus it is a shift register whose input bit is driven by the exclusiveor (xor) of some bits of the overall shift register value.
The initial value of the LFSR is called the seed, and because the operation of the register is deterministic, the stream of values produced by the register is completely determined by its current (or previous) state. Likewise, because the register has a finite number of possible states, it must eventually enter a repeating cycle. However, an LFSR with a wellchosen feedback function can produce a sequence of bits which appears random and which has a very long cycle.
Applications of LFSRs include generating pseudorandom numbers, pseudonoise sequences, fast digital counters, and whitening sequences. Both hardware and software implementations of LFSRs are common.
Contents 
The bit positions that affect the next state are called the taps. In the diagram the taps are [16,14,13,11]. The rightmost bit of the LFSR is called the output bit. The taps are XOR'd sequentially with the output bit and then fed back into the leftmost bit. The sequence of bits in the rightmost position is called the output stream.
The sequence of numbers generated by an LFSR can be considered a binary numeral system just as valid as Gray code or the natural binary code.
The arrangement of taps for feedback in an LFSR can be expressed in finite field arithmetic as a polynomial mod 2. This means that the coefficients of the polynomial must be 1's or 0's. This is called the feedback polynomial or characteristic polynomial. For example, if the taps are at the 16th, 14th, 13th and 11th bits (as shown), the feedback polynomial is
The 'one' in the polynomial does not correspond to a tap — it corresponds to the input to the first bit (i.e. x^{0}, which is equivalent to 1). The powers of the terms represent the tapped bits, counting from the left. The first and last bits are always connected as an input and tap respectively.
Tables of primitive polynomials from which maximumlength LFSRs can be constructed are given below and in the references.
Some example C/C++ code is below (assuming 16bit
short
s):
unsigned short lfsr = 0xACE1u; unsigned bit; unsigned period = 0; do { /* taps: 16 14 13 11; characteristic polynomial: x^16 + x^14 + x^13 + x^11 + 1 */ bit = ((lfsr >> 0) ^ (lfsr >> 2) ^ (lfsr >> 3) ^ (lfsr >> 5) ) & 1; lfsr = (lfsr >> 1)  (bit << 15); ++period; } while(lfsr != 0xACE1u);
The above code assumes the right most bit is actually bit 1, not bit 16.
As well as Fibonacci, this LFSR configuration is also known as Standard, manytoone or external XOR gates. It has an alternative configuration.
Named after the French mathematician Évariste Galois, an LFSR in Galois configuration, which is also known as modular, internal XORs as well as onetomany LFSR, is an alternate structure that can generate the same output stream as a conventional LFSR. In the Galois configuration, when the system is clocked, bits that are not taps are shifted one position to the right unchanged. The taps, on the other hand, are XOR'd with the output bit before they are stored in the next position. The new output bit is the next input bit. The effect of this is that when the output bit is zero all the bits in the register shift to the right unchanged, and the input bit becomes zero. When the output bit is one, the bits in the tap positions all flip (if they are 0, they become 1, and if they are 1, they become 0), and then the entire register is shifted to the right and the input bit becomes 1.
To generate the same output stream, the order of the taps is the counterpart (see above) of the order for the conventional LFSR, otherwise the stream will be in reverse. Note that the internal state of the LFSR is not necessarily the same. The Galois register shown has the same output stream as the Fibonnacci register in the first section.
Below is a code example of a 32bit maximal period Galois LFSR
that is valid in C and C++, (assuming that unsigned int
has
32 bit precision):
unsigned lfsr = 1; unsigned period = 0; do { /* taps: 32 31 29 1; characteristic polynomial: x^32 + x^31 + x^29 + x + 1 */ lfsr = (lfsr >> 1) ^ (unsigned int)(0  (lfsr & 1u) & 0xd0000001u); ++period; } while(lfsr != 1u);
And here is the code for the 16 bit example in the figure
(Assuming 16bit short
s)
unsigned short lfsr = 0xACE1u; unsigned period = 0; do { /* taps: 16 14 13 11; characteristic polynomial: x^16 + x^14 + x^13 + x^11 + 1 */ lfsr = (lfsr >> 1) ^ ((lfsr & 1u) & 0xB400u); ++period; } while(lfsr != 0xACE1u);
These code examples create a toggle mask to apply to the shifted value using the XOR operator. The mask is created by first removing all but the least significant bit (the output bit) of the current value. This value is then negated (two's complement negation), which creates a value of either all 0s or all 1s, if the output bit is 0 or 1, respectively. By ANDing the result with the tapvalue (e.g., 0xB400 in the second example) before applying it as the toggle mask, it acts functionally as a conditional to either apply or not apply the toggle mask based on the output bit. A more explicit but significantly less efficient code example is shown below.
unsigned short lfsr = 0xACE1u; unsigned period = 0; do { unsigned lsb = lfsr & 1; //Get lsb (i.e., the output bit). lfsr >>= 1; //Shift register if(lsb == 1) //Only apply toggle mask if output bit is 1. lfsr ^= 0xB400u; //apply toggle mask, value has 1 at bits corresponding // to taps, 0 else where. ++period; } while(lfsr != 0xACE1u);
Binary Galois LFSRs like the ones shown above can be generalized to any qary alphabet {0, 1, ... , q − 1} (e.g., for binary, q is equal to two, and the alphabet is simply {0, 1}). In this case, the exclusiveor component is generalized to addition moduloq (note that XOR is addition modulo 2), and the feedback bit (output bit) is multiplied (moduloq) by a qary value which is constant for each specific tap point. Note that this is also a generalization of the binary case, where the feedback is multiplied by either 0 (no feedback, i.e., no tap) or 1 (feedback is present). Given an appropriate tap configuration, such LFSRs can be used to generate Galois fields for arbitrary values of q.
Bits  Feedback polynomial  Period 

n  2^{n} − 1  
4  x^{4} + x^{3} + 1  15 
5  x^{5} + x^{3} + 1  31 
6  x^{6} + x^{5} + 1  63 
7  x^{7} + x^{6} + 1  127 
8  x^{8} + x^{6} + x^{5} + x^{4} + 1  255 
9  x^{9} + x^{5} + 1  511 
10  x^{10} + x^{7} + 1  1023 
11  x^{11} + x^{9} + 1  2047 
12  x^{12} + x^{11} + x^{10} + x^{4} + 1  4095 
13  x^{13} + x^{12} + x^{11} + x^{8} + 1  8191 
14  x^{14} + x^{13} + x^{12} + x^{2} + 1  16383 
15  x^{15} + x^{14} + 1  32767 
16  x^{16} + x^{14} + x^{13} + x^{11} + 1  65535 
17  x^{17} + x^{14} + 1  131071 
18  x^{18} + x^{11} + 1  262143 
19  x^{19} + x^{18} + x^{17} + x^{14} + 1  524287 
20 to 168  [1] 
LFSRs can be implemented in hardware, and this makes them useful in applications that require very fast generation of a pseudorandom sequence, such as directsequence spread spectrum radio. LFSRs have also been used for generating an approximation of white noise in various programmable sound generators.
The Global Positioning System uses an LFSR to rapidly transmit a sequence that indicates highprecision relative time offsets.
The repeating sequence of states of an LFSR allows it to be used as a clock divider, or as a counter when a nonbinary sequence is acceptable as is often the case where computer index or framing locations need to be machinereadable.^{[2]} LFSR counters have simpler feedback logic than natural binary counters or Gray code counters, and therefore can operate at higher clock rates. However it is necessary to ensure that the LFSR never enters an allzeros state, for example by presetting it at startup to any other state in the sequence. The table of primitive polynomials shows how LFSRs can be arranged in Fibonacci or Galois form to give maximal periods. One can obtain any other period by adding to an LFSR that has a longer period some logic that shortens the sequence by skipping some states.
LFSRs have long been used as pseudorandom number generators for use in stream ciphers (especially in military cryptography), due to the ease of construction from simple electromechanical or electronic circuits, long periods, and very uniformly distributed output streams. However, an LFSR is a linear system, leading to fairly easy cryptanalysis. For example, given a stretch of known plaintext and corresponding ciphertext, an attacker can intercept and recover a stretch of LFSR output stream used in the system described, and from that stretch of the output stream can construct an LFSR of minimal size that simulates the intended receiver by using the BerlekampMassey algorithm. This LFSR can then be fed the intercepted stretch of output stream to recover the remaining plaintext.
Three general methods are employed to reduce this problem in LFSRbased stream ciphers:
Important LFSRbased stream ciphers include A5/1 and A5/2, used in GSM cell phones, E0, used in Bluetooth, and the shrinking generator. The A5/2 cipher has been broken and both A5/1 and E0 have serious weaknesses.
To prevent short repeating sequences (e.g., runs of 0's or 1's) from forming spectral lines that may complicate symbol tracking at the receiver or interfere with other transmissions, linear feedback registers are often used to "randomize" the transmitted bitstream. This randomization is removed at the receiver after demodulation. When the LFSR runs at the same rate as the transmitted symbol stream, this technique is referred to as scrambling. When the LFSR runs considerably faster than the symbol stream, expanding the bandwidth of the transmitted signal, this is directsequence spread spectrum.
Neither scheme should be confused with encryption or encipherment; scrambling and spreading with LFSRs do not protect the information from eavesdropping. They are instead used to produce equivalent streams that possess convenient engineering properties to allow for robust and efficient modulation and demodulation.
Digital broadcasting systems that use linear feedback registers:
Other digital communications systems using LFSRs:
