Simulate a Linear Feedback Shift Register for pseudorandom number generation, stream ciphers, and error detection. Essential for cryptography and digital circuit design.
Last updated: March 2026 | By Patchworkr Team
Comma-separated (e.g., 4,3)
A Linear Feedback Shift Register (LFSR) is a shift register whose input bit is a linear function of its previous state. The most commonly used linear function is exclusive-OR (XOR). LFSRs are widely used in cryptography, pseudorandom number generation, and error detection codes.
The register consists of a series of bits (the state) and tap positions that determine which bits are XORed together to produce the feedback bit. On each clock cycle, all bits shift right by one position, and the feedback bit is inserted at the leftmost position.
With properly chosen tap positions, an n-bit LFSR can cycle through all 2ⁿ - 1 possible non-zero states before repeating (called a maximal-length or maximum-length LFSR). This property makes them excellent for generating pseudorandom sequences.
Common tap positions for maximum-length LFSRs:
Seed: 1011, Taps: [4,3]
LFSRs are used in cryptography (stream ciphers), pseudorandom number generation, error detection codes (CRC), digital watermarking, GPS signal generation, and hardware testing. Their simplicity makes them ideal for hardware implementation.
If the LFSR starts with all zeros, it will remain stuck at zero forever since XORing zeros produces zero. The all-zero state is called the 'lock-up' state and must be avoided by choosing a non-zero seed.
Maximal-length tap positions ensure the LFSR cycles through all 2ⁿ-1 possible non-zero states before repeating. These tap positions correspond to primitive polynomials in Galois field theory. Not all tap combinations are maximal.
Standard LFSRs alone are NOT cryptographically secure. Their output is predictable from just 2n bits of output for an n-bit LFSR. However, they're used in combination with other techniques in secure systems like A5/1 (GSM) and E0 (Bluetooth).
For maximal-length sequences, use published tables of primitive polynomials. For 4-bit use [4,3], 8-bit use [8,6,5,4], 16-bit use [16,15,13,4], etc. Random tap selection will likely not produce maximal-length sequences.
Yes! LFSRs can be any bit width. Common sizes are 4, 8, 16, 32, and 64 bits. Larger LFSRs have longer periods (2ⁿ-1 states) and better statistical properties for pseudorandom generation.
This calculator implements a Fibonacci LFSR where taps feed back to the input. Galois LFSRs have taps that affect multiple positions simultaneously. Both produce the same output sequence but differ in hardware implementation.
Run it for 2ⁿ-1 steps and verify all non-zero states appear exactly once. For a 4-bit LFSR, that's 15 unique states. If it repeats earlier or skips states, the tap positions aren't maximal.
Related Tools
Check password security.
Calculate password strength.
Calculate possible passwords.
Encode with Caesar cipher.
RSA encryption demo.
Generate error correction codes.