 So, we're going to introduce something called a linear feedback shift register, and this emerges from the following problem. The Vernum cipher, also the one-time pad, gives us a cryptographic system that is perfect, that gives us perfect secrecy, and we could, in principle, begin and end with the Vernum cipher. This is a perfect cryptographic system that is impossible to break, and we don't need to do anything else to make use of it, except it's impractical. The problem with the Vernum cipher is we need this completely random sequence of ones and zeros, and importantly, it's not just a random sequence of ones and zeros, but the two values have to be equally likely to occur. We saw what happens if those two are not equally likely to occur. We are able to get some information out of the encrypted text. The sequence has to be different for each message. If you ever reuse the key, you will have compromised the system. And the other problem with the recipient, in order to decrypt the message, has to have the same set of ones and zeros that you use to encrypt the message. And so what this means is that if I want to implement a Vernum cipher, I need to generate a random sequence, and importantly, again, we need to make sure that our probabilities of a one and a zero are exactly one half. Again, any deviation from this equal probability assumption is going to cause our cipher to be much weaker than we might hope it to be. We need to securely deliver the keys to everybody who's going to receive an encrypted message. And again, we need to use the key one time only. That is the reason that this is called a one time pad. This is impractical for pretty much anything. However, one possibility is to use what's known as a pseudo random sequence that's generated by some sort of seed, some sort of initial value. And the idea is that we can use this seed to generate a pseudo random sequence. Every seed is going to generate a different sequence, but what makes this work is that the seed is much, much, much smaller than the sequence itself. In principle, the sequence could contain an infinite number of values, and the seed might just be a fairly small number. Of course, the problem is that if Eve ever determines what the seed is, she'd be able to use the seed to generate the pseudo random sequence and then decrypt the message. So we do need a secure method of transmitting this seed value. And that's an important cryptographic consideration that we'll talk about a little bit later. The advantage here, by the way, is that the Encipherment Project for Vernum Cipher Encryption is extremely fast. We're doing bitwise addition, and that can occur very, very, very, very quickly. So if we can do something like this, if we can make use of a pseudo random sequence, we have a very, very fast method of encryption. And if it really is a Vernum-style cipher, it's going to be reasonably secure. And so a common way of generating a pseudo random sequence uses what's called a linear feedback shift register. And the reason that this is really common is that it's a very easy thing to implement in hardware. And so what we're going to do, where it gets its name from, is the following. So what we're going to start off with is we're going to take a sequence of registers, basically memory locations, and we're going to set these to either on or off any way that we want to. And so I set the first one to on, second off, on, on, off. And what I'm going to do is I'm going to put a one in the leftmost register, the first register, and zeroes in all of the rest of them. So now what I'm going to do is I'm going to add bitwise addition. I'm going to add the values in the on registers, and I can actually hardwire this. I'm going to add the values in the on registers and reduce the mod two. So that's going to be one plus zero plus zero, that's one, reduced mod two, and that's going to be one. I'm going to shift, so there's my shift, I'm going to shift everything over one place and as necessary I'll drop the last value. So I'm going to shift everything over one place, and then I'm going to drop, I'm going to set the value I just computed in the first register. Now that's where the feedback comes in, because when I compute this value it goes into the system itself and starts to affect all of the values. And now I'm going to repeat the process. So I'll take the numbers in the on registers, I'm going to add them together, one, zero, zero, that's going to be one mod two. I'm going to shift everything over, I'm going to drop the computed value into the new place, and there we have it. And again, I'm going to add the values in the on registers, that's going to be zero mod two, I'm going to shift everything over, and I'm going to drop the computed value in the new place, and I'm going to repeat this indefinitely. Mathematically reproduce what's called a linear recurrence relationship. And so the general idea for any sort of linear recurrence relation is follows of the terms of some sequence b, x, zero, and so on. The sequence is recurrent order n if each term can be expressed as some function of the n preceding terms. Note that this doesn't mean that I have to use all n preceding terms. I can ignore some of the preceding terms, but if I use the nth term before as part of that function it's order n. And of course we can have many, many, many, many different types of functions. The relation is going to be linear as the function that we're using is a linear function. Typically we specify the recurrence relation by identifying what the recurrence relation is, and then identifying what the initial values are. So for example some common recurrence relations we have, the whole numbers form a first order linear recurrence relation. Every whole number is one more than the whole number immediately preceding it. So this function is linear, it relies on the first term before the current value, so that's a first order linear recurrence relation. And I have to specify the initial value, x zero is going to be zero. The Fibonacci sequence, so the Fibonacci sequence relies on the two preceding terms. It's the sum of the first of the two preceding terms. So it's a second order linear recurrence relation. And I do have to set two initial values, f zero is one, f one is equal to one. The powers of two, surprisingly enough, form a first order linear recurrence relation. How do I find the powers of two? Well every power of two is two more than the preceding, and this is a linear function. It depends on the one term before it, so it's a first order linear recurrence relation. And my first value, x zero, is equal to one. It's tempting to use these linear feedback shift registers as the basis for avernum cipher. Well let's see how that might work. So what I'll do is I'll define a linear recurrence relation here. Note that each term depends on the eight terms preceding it, so this is an eighth order linear recurrence relation. And I need some set of initial values, I'll write down our initial values this way. And I'll use this to encrypt the message using avernum like cipher. So what do I need to do? Well my initial values correspond to x zero equals one, x one equals one, and so on. So I'll set those down here. And my plain text is down here. And if I want to use avernum cipher, what I need to do is I need to have as many ones and zeros up here as I have ones and zeros in the plain text. And then I'll perform bitwise addition. So I need to find some additional ones and zeros, and I'll use the LFSR to do that. So let's see I need this x eight. So that's going to be found by the preceding value, plus the one before that, plus the fourth value before it, so that's x four, plus the fifth value before it, that's x three, plus the eighth value before it, that's x zero, all taken mod two. And so now I have my numbers in my table, I can look those up. x seven is zero, x six is one, x four is one, x three is zero, x zero is one. And again, taking all of these mod two, that's going to give me one. So my x eight is going to be one. Likewise, I'll find x nine, that's the preceding value, the second value before it, the fourth value before it, that's x five, the fifth value before it, x four, the eighth value before it, x one, all taken mod two. And again, I can look those up. x eight is one, x seven is zero, x five is zero, x four is one, x one is one. All taken mod two, going to be one, I'll fill in that next value. And again, I can find x 10 the same way, linear recurrence relation, find the values, reduce mod two, find x 11, x 12, x 13, and so on. And at this point, I can use bitwise addition to produce my ciphertext. So I'll go ahead and do the bitwise addition along the row with the plain text. And there's my ciphertext. So, well, I think we've just finished every problem in cryptography because now we know how to produce a Vernum cipher encryption of any plain text that we want. Great, we don't have to do anything else. Well, it's not quite that simple. And we'll take a look at what happens in the next video.