Problems on Permutation and Irreducible Polynomials Over Finite

Problems on permutation and irreducible polynomials over ﬁnite ﬁelds

Aleksandr Tuxanidy

A thesis submitted to the Faculty of Graduate and Postdoctoral Aﬀairs in partial fulﬁllment of the requirements for the degree of

Doctor of Philosophy

Pure Mathematics

Carleton University Ottawa, Ontario

Preface ...... iv Abstract ...... v Acknowledgements ...... viii

1 Introduction 1

2 Preliminaries 29 2.1 Inverses of linearized polynomials inducing bijections of subspaces . . 30 2.2 DFT for ﬁnite ﬁelds, period of functions and cyclotomic polynomials . 39 2.3 Gaussian sums and periods ...... 42

3 On the inverses of some classes of permutations of ﬁnite ﬁelds 48 3.1 Inverses of some classes of permutations ...... 49 3.2 Compositional inverse of a general class ...... 62 3.3 Explicit compositional inverse of a second class ...... 71

4 Compositional inverses and complete mappings over ﬁnite ﬁelds 80 4.1 Inverses of linearized binomials permuting kernels of traces ...... 82 4.1.1 Statement and proof of result ...... 82 4.1.2 Method used to obtain the inverse in Theorem 4.1.4 ...... 87 4.2 Extensions of a class of complete permutation polynomials ...... 91

ii 4.3 Inverse of the complete mapping ...... 97

5 A new proof of the Hansen-Mullen irreducibility conjecture 102 5.1 Least period of the DFT and connection to irreducible polynomials . 103 5.2 Characteristic elementary symmetric and delta functions ...... 108

5.3 Least period of ∆w,c and proof of Theorem 1.0.11 ...... 116

6 On the number of N-free elements with prescribed trace 122

6.1 A formula for Zq,m,N ...... 123 6.2 The case of the zero trace ...... 127

6.2.1 Simpliﬁcation of Zq,m,N (0) and direct consequences ...... 128 6.2.2 Proof of Corollaries 1.0.23 and 1.0.25 ...... 131 6.3 Uniformity in the case of the non-zero trace ...... 137

6.4 Connection to Pq,m,N (c) ...... 140

7 Conclusion 148 7.1 Appendix ...... 151

Bibliography 153

iii Preface

The content of this integrated thesis is primarily based on the following four published articles, co-authored jointly and under the supervision of Qiang Wang. These are released under a Creative Commons Attribution Non-Commercial No Derivatives License. In particular, all mathematical results of the thesis, such as theorems, corollaries, lemmas, propositions, examples, etc., were originally obtained in the following works. Thus in the case the reader wishes to refer to one of these results, he/she should cite instead the corresponding published article in the journal where it was published. We list the works according to the order of the chapters in the thesis.

[70] A. Tuxanidy and Q. Wang, On the inverses of some classes of permutations of finite fields, Finite Fields and Their Applications, v.28 (2014), p.244–281. https: //doi.org/10.1016/j.ffa.2014.02.006 [71] A. Tuxanidy and Q. Wang, Compositional inverses and complete mappings over finite fields, Discrete Applied Mathematics, v.217 no.2 (2017), p.318-329. https: //doi.org/10.1016/j.dam.2016.09.009 [72] A. Tuxanidy and Q. Wang, A new proof of the Hansen-Mullen irreducibility conjecture, Canadian Journal of Mathematics, no.70 (2018), 1373–1389. https:// doi.org/10.4153/CJM-2017-022-1

iv [69] A. Tuxanidy and Q. Wang, On the number of N-free elements with prescribed trace, Journal of Number Theory, v.160 (2016), p.536–565. https://doi.org/10. 1016/j.jnt.2015.09.008

These articles are substantially reproduced in this thesis: The main content of these is reproduced in Chapters 3, 4, 5, 6, respectively. However some of the material in the works, notably parts of the introductions to each of the articles, as well as corresponding preliminaries sections, have been moved to the introduction here in Chapter 1, as well as to the Preliminaries, Chapter 2. This has been done in part to avoid repetitions of literary backgroud and basic concepts, as well as to present a more uniﬁed, self-contained work. The author of the thesis has also jointly co-authored the following two other articles, which will nonetheless not make it into the thesis.

[73] A. Tuxanidy and Q. Wang, Characteristic digit-sum sequences, Cryptogr. Commun. (2018) 10:705–717 [68] A. Tuxanidy and Q. Wang, Composed products and factors of cyclotomic polynomials over ﬁnite ﬁelds, Designs, Codes and Cryptography (2013), v.69, no.2, p. 203–231

v Abstract

This integrated thesis is dedicated to the study of polynomials over finite fields, notably permutation polynomials and their compositional inverses, existence of irreducible polynomials with prescribed coefficients, as well as ennumeration of primitive polynomials with prescribed trace. Here we present several of the results, first attained in [69–72], by the author of the thesis in collaboration with Qiang Wang. In Chapter 3 we showcase our study, in [70], of the compositional inverses of some general classes of permutation polynomials over finite fields. There we showed that we can write these inverses in terms of the inverses of two other polynomials bijecting subspaces of the finite field, where one of these is a linearized polynomial. In some cases we are able to explicitly obtain these inverses, thus obtaining the compositional inverse of the permutation in question. In addition we show how to compute a linearized polynomial inducing the inverse map over subspaces on which a prescribed linearized polynomial induces a bijection. We also obtain the explicit compositional inverses of two classes of permutation polynomials generalizing those whose compositional inverses were recently obtained. In Chapter 4 we present our work from [71] where we study the compositional inverses of permutation polynomials and complete mappings over finite fields. Re- cently the compositional inverses of linearized permutation binomials were obtained in [83]. In Chapter 4 we commence by presenting the compositional inverses of a

vi class of linearized binomials permuting the kernel of the trace map. Note that it was shown in our work in [70] that computing inverses of bijections of subspaces has applications in determining the compositional inverses of certain permutation classes related to linearized polynomials. Consequently, we give the compositional inverse of a new class of complete mappings. This complete mapping class extends several recent constructions given in [46, 63, 85]. We also construct recursively a class of complete mappings involving multi-trace functions. In Chapter 5 we present our work in [72] where we give a new proof of the Hansen- Mullen irreducibility conjecture. The proof relies on an application of a (seemingly new) sufficient condition for the existence of elements of degree n in the support of functions on finite fields. This connection to irreducible polynomials is made via the least period of the discrete Fourier transform (DFT) of functions with values in finite fields. We exploit this relation and prove, in an elementary fashion, that a relevant function related to the DFT of characteristic elementary symmetric functions (which produce the coefficients of characteristic polynomials) has a sufficiently large least period (except for some genuine exceptions). This bears a sharp contrast to mainstream techniques in literature employed to tackle existence of irreducible polynomials with prescribed coefficients. While in Chapter 5 we studied the existence of irreducible polynomials with prescribed coefficients, we are also interested in the ennumeration of irreducible polynomials, in particular primitive polynomials, with prescribed coefficients. Since there is a clear correspondence between primitive polynomials with prescribed trace and primitive elements with prescribed trace, it is equivalent to study the latter. In Chap- ter 6 we explore our work, in [69], regarding primitive elements, and more generally N-free elements, with prescribed trace. We derived a formula for the number of N- free elements over a finite field with prescribed trace, in particular trace zero, in terms

vii of Gaussian periods. As a consequence, we obtain several explicit formulae in special cases. In addition we show that if all the prime factors of q − 1 divide the degree of the extension, m, then the number of primitive elements in Fqm , with prescribed non-zero trace, is uniformly distributed. Finally we explore the related number of elements in Fqm with multiplicative order N and having a prescribed trace.

viii Acknowledgements

First of all, I would like to thank my advisor, Qiang Wang, for all his help and tutelage throughout the years. I am very blessed to have met him, several years ago, and to have had the opportunity to work with him as a team. His enthusiasm for research and curiosity was always contagious from the start, and I always look up to him. I would also like to thank Emmanuel Lorin and Daniel Panario for all their support and guidance throughout the years. The work in this thesis would not have been possible without the love, encourage- ment and support of family and friends, who have always been, and continue to be, there for me. Notably, it would not have been possible without my second, better, half.

ix Chapter 1

Introduction

The topic of finite fields is classical in Mathematics. In recent decades, the advent of computer technology and communication systems has accelerated the resarch input of the mathematical community. In addition, these are fundamental objects in number theory, algebraic geometry, combinatorics, cryptography, coding theory, among others. Polynomials over finite fields are one of the main objects of research in the study of finite fields, both theoretically and practically. This integrated thesis is devoted to the study of polynomials over finite fields, such as permutation polynomials and their compositional inverses, existence of irreducible polynomials satisfying constraints on their coefficients, and number of primitive polynomials (equivalently primitive elements; more generally, N-free elements) with prescribed trace1.

Let q be a power of a prime number p and let Fq be a ﬁnite ﬁeld with q elements.

Let Fq[x] denote the ring of polynomials over Fq. We call f ∈ Fq[x] a permutation q polynomial (PP) of Fq if it induces a permutation of Fq. Note that since x = x for all x ∈ Fq, one only needs to consider polynomials of degree less than q. It is 1The content of this introduction is substantively based on the introductions on the four articles [69–72], written by the author of the thesis in collaboration with Qiang Wang. All rights reserved.

1 clear that permutation polynomials form a group under composition and reduction modulo xq − x that is isomorphic to the symmetric group on q letters. Thus for any

−1 permutation polynomial f ∈ Fq[x], there exists a unique f ∈ Fq[x], of degree less than q, such that f −1(f(x)) ≡ f(f −1(x)) ≡ x (mod xq − x). Here f −1 is defined as the compositional inverse of f, although we may simply call it sometimes the inverse of f on Fq. When we think of x ∈ Fq as fixed and view f ∈ Fq[x] as a mapping of Fq, we call f −1(x) the preimage of x under f. The construction of permutation polynomials over finite fields is an old and difficult subject that continues to attract interest due to their applications in cryptography [61], [64], coding theory [25], [46], and combinatorics [26]. Recently much progress has taken place in this area. See for instance [3], [4], [5],[15], [24], [31], [38], [45], [50], [53], [78], [88], [91], [93], and the references therein for some previous works. However, how to go about inverting such permutations has remained unclear to the present. There is, in contrast, a marked absence of explicit formulas describing compositional inverses, but also a general lack of methods which may be useful to attain these formulas. Nevertheless there is some recent progress (see for instance [23, 76, 79, 81–83] to name a few). In Chapter 3 we contribute to the growing literature on this topic and obtain the compositional inverses of several classes of PPs. The main result of this chapter could viewed as Theorem 1.0.2, obtained via a generalization of a novel method introduced by Wu-Liu in [81]. Theorem 1.0.2 gives a formula for the compositional inverse of a general class of PPs obtained by Akbary-Ghioca-Wang [3], and which may be found here in Theorem 1.0.1. We then apply Theorem 1.0.2 to obtain the compositional inverses of several classes of PPs from literature. See for instance Theorems 1.0.10, 3.1.10, 3.2.4 and Corollaries 1.0.4, 1.0.6, 3.1.2, 3.1.3, 3.1.4, 3.1.11 to name a few.

We say that a polynomial L(x) ∈ Fqn [x] is linearized, also called a q-polynomial, if

2 X qi L(x) has the shape L(x) = aix for some coeﬃcients ai ∈ Fqn . An important class i n−1 X qi of such polynomials is the trace function Tqn|q(x) = x . When it will not cause i=0 confusion, we write T instead of Tqn|q. In [81], Wu-Liu introduced a method to obtain the compositional inverse of the class f(x) = x(L(Tqn|q(x))+aTqn|q(x)+ax) of PPs of

∗ Fqn , in the case when q is even, n is odd, L ∈ Fq[x] is a 2-polynomial and a ∈ Fq. Wu-

Liu start with a decomposition of the finite field, Fqn , into the direct sum Fq ⊕ker(T ). This has the effect of converting the problem of computing the inverse of f into the problem of computing the inverse of a bivariate function permuting Fq ⊕ ker(T ). This in turn is equivalent to obtaining the inverses of two permutation polynomials, ¯ f, ϕ, over the subspaces Fq and ker(T ), respectively, where ϕ is a 2-polynomial (in fact, quadratic). As q is even and n is odd, T is idempotent, i.e., T ◦ T = T , and thus the (bijective) transformation φ : Fqn → Fq ⊕ ker(T ) can be defined by

φ(x) = (T (x), x − T (x)), since T (Fqn ) = Fq additionally. Because computing the inverse of any p-polynomial permutation on a subspace of Fqn amounts to solving a system of linear equations, this problem is thus ﬁnally reduced to computing the ¯ inverse of f|Fq . In Chapter 3 we extend this useful method to other more general classes of permutation polynomials given in [3], and [88], particularly written in terms of arbitrary linearized polynomials ψ (instead of just T ). We write their inverses in terms of the inverses of two other polynomials, one of these being linearized, over subspaces. In some special cases we can determine these inverses, thus obtaining the full result. However, given that we may not always have a “nice enough” expression for ker(ψ), we instead use the map φψ : Fqn → ψ(Fqn ) ⊕ Sψ, where Sψ := {x − ψ(x) | x ∈ Fqn } – a subspace of Fqn , in similarity with ker(T ) as above – deﬁned by φψ(x) = (ψ(x), x − ψ(x)). In the case that ψ induces an idempotent map of Fqn , Sψ = ker(ψ). As φψ is injective

3 for any such ψ (but not surjective in the case that ψ is not idempotent), we similarly transform the problem of computing the inverses of permutation polynomials into the problem of computing the inverses of two other bijections, f,¯ ϕ, over the subspaces

ψ(Fqn ) and Sψ, respectively. Many of our resulting expressions for compositional inverses, or preimages in some cases, are particularly written in terms of linearized polynomials inducing the inverse map over subspaces on which prescribed linearized polynomials induce a bijection. Nonetheless, in Theorem 2.1.5 we show how to obtain such compositional inverses on subspaces. As we show there, obtaining the coeﬃcients of such linearized polynomials is equivalent to solving a system of linear equations. However in order to set up such a system one is required to ﬁrst obtain a linearized polynomial, K ∈ Ln(Fqn ), inducing an idempotent map with a prescribed kernel (we can always do this). But clearly, if we are given an idempotent ψ ∈ Ln(Fqn ), i.e., Sψ = ker(ψ), and Sψ is such a prescribed kernel, then one can simply let K = ψ. In the simultaneous case that

the characteristic p does not divide n, the coeﬃcients of ϕ ∈ Ln(Fqn ) belong to Fq (i.e., the associate Dickson matrix is circulant), and ϕ induces a bijection between

two Fq-subspaces, one can quickly solve the corresponding linear system by using the Circular Convolution Theorem, for the Discrete Fourier Transform (DFT), together with a Fast Fourier Transform (FFT). See [87] for details regarding circulants and their close relation to the DFT.

Before we delve any further, let us ﬁx some notations. If we view f ∈ Fq[x] as

a map of Fq and are given a subspace V of Fq, we denote by f|V the map obtained

by restricting f to V . If f is a bijection from V to a subspace W of Fq, we mean −1 by f |W the inverse map of f|V . When the context is clear we may however mean

−1 by f |W a polynomial in Fq[x] inducing the inverse map of f|V . In this case we call −1 f |W the compositional inverse of f over V . In both of the following cases, if f(x)

4 q−2 is viewed as an element of Fq, or a polynomial in Fq[x], we denote 1/f(x) := f(x) . Thus for instance 1/0 = 0 with our notation. As an example of our results, we obtain in Theorem 1.0.2 the compositional inverse of the permutation f in the following theorem, under the assumption that ϕ bijects ¯ Sψ, and written in terms of the inverses of f|ψ(Fqn ) and ϕ|Sψ . Recall that for a linearized polynomial ψ, we deﬁned Sψ to be the subspace {α − ψ(α): α ∈ Fqn }.

Theorem 1.0.1 (Theorem 5.1, [3]). Consider any polynomial g ∈ Fqn [x], any ¯ additive polynomials ϕ, ψ ∈ Fqn [x], any q-polynomial ψ ∈ Fqn [x] satisfying ϕ ◦ ψ = ¯ ¯ ψ ◦ ϕ and |ψ(Fqn )| = |ψ(Fqn )|, and any polynomial h ∈ Fqn [x] such that h(ψ(Fqn )) ⊆

Fq \{0}. Then f(x) = h(ψ(x))ϕ(x) + g(ψ(x)) permutes Fqn if and only if (i) ker(ϕ) ∩ ker(ψ) = {0}; and ¯ ¯ ¯ (ii) f(x) := h(x)ϕ(x) + ψ(g(x)) is a bijection from ψ(Fqn ) to ψ(Fqn ).

Theorem 1.0.2. Using the same notations and assumptions of Theorem 1.0.1, assume that f is a permutation of Fqn , and further assume that |Sψ| = |Sψ¯| and −1 −1 ¯ ¯ ker(ϕ) ∩ ψ(Sψ) = {0}. Then ϕ induces a bijection from Sψ to Sψ. Let f , ϕ |Sψ¯ ∈

n ¯ Fq [x] induce the inverses of f|ψ(Fqn ) and ϕ|Sψ , respectively. Then the compositional inverse of f on Fqn is given by

! x − ψ¯(x) − g f¯−1 ψ¯(x) + ψ¯ g f¯−1 ψ¯(x) f −1(x) = f¯−1 ψ¯(x) + ϕ−1| . Sψ¯ h f¯−1 ψ¯(x)

¯ Furthermore, if ϕ induces a bijection from ψ(Fqn ) to ψ(Fqn ), then ϕ is a permutation

5 of Fqn and the compositional inverse of f on Fqn is given by

! x − g f¯−1(ψ¯(x)) f −1(x) = ϕ−1 . h f¯−1(ψ¯(x))

Note that condition (i) and the fact that the images of ψ, ψ¯, are equally sized in Theorem 1.0.1 imply that ϕ is a bijection from ker(ψ) to ker(ψ¯), for instance not necessarily satisfying ker(ϕ)∩Sψ = {0} (even though ker(ψ) ⊆ Sψ) required to attain injectivity on Sψ, which is an imposed hypothesis of Theorem 1.0.2. Thus our result is further restricted by our imposed assumption that ϕ bijects Sψ, a superset of ker(ψ). However, as previously described in the Preliminaries chapter, in the case that ψ is idempotent or ϕ is a permutation of Fqn , we can get the inverse of ϕ on Sψ, and hence obtain the compositional inverse of f in terms of a polynomial inducing the inverse ¯ map of f|ψ(Fqn ). Note that one may ﬁnd several linearized polynomials inducing idempotent endomorphisms of Fqn . See Remark 2.1.9 for more details regarding this. As a consequence of this result we obtain several corollaries, like the following, in ¯ terms of the inverse of f|ψ(Fqn ) and the inverse of a linearized permutation polynomial of Fqn , which is already known (see Proposition 2.1.1).

Remark 1.0.3. To clarify an ambiguity in the presentation of our results: In many of the following results we make citations in the style of “See Theorem ‘x’...” or “See Corollary ‘x’...” to refer to a result in another paper where the construction of the considered permutation polynomial was obtained. However the compositional inverses given here in the statements of these results are ours.

¯ Corollary 1.0.4 (See Theorem 5.1 (c), [3]). Consider q-polynomials ϕ, ψ, ψ ∈ Fqn [x] ¯ ¯ satisfying ϕ ◦ ψ = ψ ◦ ϕ and |ψ(Fqn )| = |ψ(Fqn )|. Let g, h ∈ Fqn [x] be such that

6 ¯ n (ψ ◦ g)|ψ(Fqn ) = 0 and h(ψ(Fq )) ⊆ Fq \{0}. If

f(x) = h(ψ(x))ϕ(x) + g(ψ(x))

permutes Fqn , then ϕ permutes Fqn as well, and the inverse of f on Fqn is given by

!! ϕ−1 ψ¯(x) ϕ−1 x − g h f¯−1(ψ¯(x)) f −1(x) = , h f¯−1(ψ¯(x))

¯ ¯ where f(x) := h(x)ϕ(x) induces a bijection from ψ(Fqn ) to ψ(Fqn ). In particular, if

h(ψ(Fqn )) = {c} for some c ∈ Fq \{0}, then f permutes Fqn if and only if ϕ permutes

Fqn , in which case the compositional inverse of f over Fqn is given by

f −1(x) = c−1ϕ−1 x − g c−1ϕ−1 ψ¯(x) .

Note in the above that, in particular, when h(x) = c ∈ Fq \{0}, the inverse of f is

given in terms of the inverse of ϕ on Fqn , which may be obtained via an application of Proposition 2.1.1. As a result of Corollary 1.0.4 we also obtain Corollaries 3.1.2, 3.1.3, and 3.1.4. Here is one example of Corollary 1.0.4 using the fact that T (x)q −T (x) = 0.

q Proposition 1.0.5. Let G ∈ Fq2 [x] be arbitrary, let Q(x) := x −x, let g = T ◦G, let q h(x) = c ∈ Fq \{0}, and let ϕ(x) = ax + bx, where a, b ∈ Fq are such that a 6= ±b. Then both ϕ and

f(x) = h(Q(x))ϕ(x) + g(Q(x)) = c(axq + bx) + T ◦ G ◦ Q(x)

7 are permutations of Fq2 , and the compositional inverse of f on Fq2 is given by

Q(x) T ◦ G ◦ axq − bx c(b − a) f −1(x) = − . c (a2 − b2) c(a + b)

Another consequence of Theorem 1.0.2 is the following.

Corollary 1.0.6 (See Theorem 1, [50]). Let ϕ ∈ Fq[x] be a q-polynomial permuting

Fqn , let G ∈ Fq[x], let γ ∈ Fqn , let c = T (γ), and assume that

f(x) = ϕ(x) + γG(T (x))

permutes Fqn . Then the inverse of f on Fqn is given by

f −1(x) = ϕ−1 x − γG f¯−1(T (x)) ,

¯ where f(x) := cG(x) + ϕ(1)x is a permutation of Fq.

¯ Note in the case that G is a q-polynomial, f|Fq (x) = (cG(1) + ϕ(1))x; thus f¯−1(T (x)) = T (x)/(cG(1) + ϕ(1)) and hence we can obtain the inverse of the permutation polynomial, f, by computing only ϕ−1. We thus obtain Corollary 3.1.5. We also note that if we take G(x) = xr and c = ϕ(1), then f¯(x) in Corollary 1.0.6 has the form c(xr + x) whose inverse can be explicitly computed (see [54], [76], [77]). Therefore the inverse of f is again only dependent on ϕ−1 which can also be obtained in terms of cofactors of the associate Dickson matrix by Proposition 2.1.1. Another straightforward application of Corollary 1.0.6 is the following example.

q Proposition 1.0.7. As before, let ϕ(x) = ax + bx where a, b ∈ Fq are such that a 6= ±b, let G(x) = x, let c = T (γ), where γ ∈ Fq2 is such that a + b + c 6= 0. Then

8 both ϕ and f(x) = ϕ(x) + γT (x)

are permutations of Fq2 , and the compositional inverse of f on Fq2 is given by

axq − bx (aγq − bγ) T (x) f −1(x) = − . a2 − b2 (a2 − b2)(a + b + c)

We have also obtained the following compositional inverse, given in terms of the inverse of a linearized permutation polynomial, which can be obtained.

Corollary 1.0.8 (See Corollary 6.2, [88]). Let n and k be positive integers such that gcd(n, k) = d > 1, let s be any positive integer with s(qk − 1) ≡ 0 (mod qn − 1). Let

n/d−1 X qid L1(x) = aix , ai ∈ Fq, i=0

d be a q -polynomial with L1(1) = 0, let L2 be a q-polynomial over Fq, and let G ∈

Fqn [x]. Assume s f(x) = (G(L1(x))) + L2(x)

permutes Fqn . Then L2 is a permutation of Fqn , and the inverse of f on Fqn is given by

−1 −1 −1 s f (x) = L2 x − G ◦ L2 ◦ L1(x) .

As a result of Corollary 1.0.8 we obtain Corollary 3.1.8 as well. One more example, in this case independent of Theorem 1.0.2, is the following. It makes use of a slight modification of the permutation construction given in Theorem 6.1, [3] (also appearing as Corollary 3.2 in [88]), which now takes into account the fact that p-polynomials over Fq commute with q-polynomials over Fp. Let us first define the natural map

9 n−1 n X qi vq,n : Ln(Fqn ) → Fqn given by vq,n( aix ) = (a0 a1 ··· an−1) (for simplicity we i=0 write vectors horizontally).

Theorem 1.0.9 (See Theorem 6.1, [3]). Let q = pm be the power of a prime number p, let L1,L2 be p-polynomials over Fq, let L3 be a q-polynomial over Fp, and let w ∈ Fqn [x] such that w(L3(Fqn )) ⊆ Fq. Then

f(x) = L1(x) + L2(x)w(L3(x))

¯ permutes Fqn if and only if f(x) := L1(x) + L2(x)w(x) is a permutation of L3(Fqn ),

and ϕy(x) := L1(x) + L2(x)w(y) is a permutation of ker(L3) for any y ∈ L3(Fqn ).

If f induces a permutation of Fqn , we have:

n −1 (a) If x ∈ Fq is such that ker(ϕf¯ (L3(x))) ∩ L3(SL3 ) = {0}, then the preimage of x under f is given by

−1 ¯−1 −1 f (x) = f (L3(x)) + ϕ −1 |S (x − L3(x)) . f¯ (L3(x)) L3

(b) If L3 is idempotent, then the compositional inverse of f on Fqn is given by

−1 ¯−1 −1 f (x) = f (L3(x)) + ϕ −1 |ker(L ) (x − L3(x)) , f¯ (L3(x)) 3

−1 n where, for any ﬁxed y ∈ L3(Fq ), the coeﬃcients, vp,mn ϕy |ker(L3) , of a p-polynomial −1 ϕy |ker(L3) inducing the inverse map of ϕy|ker(L3), are a solution to the linear equation

−1 vp,mn ϕy |ker(L3) Dϕy = vp,mn(x − L3(x)),

where Dϕy is the mn × mn Dickson matrix associated with the p-polynomial ϕy.

n −1 n −1 (c) If x ∈ Fq is such that ϕf¯ (L3(x)) permutes L3(Fq ), then ϕf¯ (L3(x)) permutes

10 Fqn , and the preimage of x under f is given by

−1 −1 f (x) = ϕ −1 (x). f¯ (L3(x))

We remark that Theorem 1.0.9 (b), (c), is a generalization, albeit non-explicit, of the PPs and their inverses considered in [23], [81]. Finally in Section 3.3 we prove Theorem 1.0.10 below, which gives the explicit compositional inverse of a class of permutation polynomials generalizing that of a linearized permutation class whose inverse was recently obtained in [79]. See also Lemma 3.3.3 which corresponds to the case when G(x) = x and c = 1 below. In particular, the method employed here to obtain such a result, as an application of Theorem 1.0.2, seems considerably less complicated than that of [79].

∗ Theorem 1.0.10. Let α ∈ Fqn , c ∈ Fq and G ∈ Fqn [x] be arbitrary. Then

F (x) = c (xq − x + T (αx)) + G(T (αx))q − G(T (αx))

is a permutation polynomial over Fqn if and only if T (α) 6= 0 and the characteristic, p, of Fq, does not divide n. In this case the compositional inverse of F is

F −1(x) = c−1 T (α)−1n−1 (T (x) + B(x))+T (α)−1T αG c−1n−1T (x)−G c−1n−1T (x) ,

n−1 X qk where the coeﬃcients of B(x) = bkx ∈ Fqn [x] are given by k=0

n−1 n−1 X qj X ql bk = jα − n α , 0 ≤ k ≤ n − 1. j=1 l=k+1

An important class of permutation polynomials are the so called complete permuta-

11 tion polynomials (CPP) over Fq, also called complete mappings. These, by deﬁnition,

are permutation polynomials f ∈ Fq[x] such that f(x) + x is also a permutation poly-

nomial over Fq. CPPs have recently become a strong source of interest due to their connection to combinatorial objects such as orthogonal Latin squares [29,62,63], and due to their applications in cryptography; in particular, in the construction of bent functions [55,56,63,66]. See also [67,84–86] and the references therein for some recent work in the area. In Chapter 4 we study complete mappings and give several results in this area. Theorem 4.2.3 there represents an improvement to a result of Wu-Lin [84]. This result generalized some earlier corresponding ones found in [47, 63, 85, 86]. We also give a recursive construction of complete mappings involving multi-trace functions (see Theorem 4.2.6). In addition we employ the CPP class of Theorem 4.2.3 to construct a set of mutually orthogonal complete mappings (see Corollary 4.2.8).

Two mappings f, g, of Fq, are said to be orthogonal if f − g permutes Fq. Note in particular that from such a set one may also readily obtain a set of mutually orthogonal Latin squares, an object of special interest in the literature (see for example [29]). As an application of Theorem 4.1.4 where we obtained the compositional inverses of linearized binomials permuting the kernel of the trace, we derive in Chapter 4 the complete permutation class in Theorem 4.2.3 generalizing some of the classes recently studied in [47,63,84–86]. Note that since inverses of complete mappings are also complete mappings, Theorem 4.3.2 and Corollary 4.3.3 imply the construction of a new, if rather complicated, class of complete permutation polynomials. Another fundamental object of study in ﬁnite ﬁelds are irreducible polynomials.

These are polynomials f(x) ∈ Fq[x] which can not be factored into a product of

polynomials over Fq of degree less than that of f. An important class of irreducible polynomials are the so called primitive polynomials. These are the irreducibles whose roots are generators of the multiplicative group of their splitting ﬁeld. Such generators

12 are called primitive elements. In 1992, Hansen-Mullen [37] conjectured (in Conjecture B there; see Theorem 1.0.11 below) that, except for a few genuine exceptions, there exist irreducible (and

more strongly primitive; see Conjecture A in [37]) polynomials of degree n over Fq with any one of its coeﬃcients prescribed to any value. Theorem 1.0.11 was ﬁrst proved by Wan [75] in 1997 for q > 19 or n ≥ 36, with the remaining cases being computationally

veriﬁed soon after by Ham-Mullen [35]. First for a polynomial f ∈ Fq[x] and an integer w, we let [xw]f(x) denote the coeﬃcient of xw in f(x).

Theorem 1.0.11. Let q be a power of a prime, let c ∈ Fq, and let n ≥ 2 and w be integers with 1 ≤ w ≤ n. If w = n, assume that c 6= 0. If (n, w, c) = (2, 1, 0), further assume q is odd. Then there exists a monic irreducible polynomial P (x) of degree n

n−w over Fq with [x ]P (x) = c.

In 2006, Cohen [19], particularly building on some of the work of Fan-Han [30]

on p-adic series, proved there exists a primitive polynomial of degree n ≥ 9 over Fq with any one of its coeﬃcients prescribed. The remaining cases of Conjecture A were settled by Cohen-Preˇsernin [21,22]. Cohen [19] and Cohen-Preˇsern[21,22] also gave theoretical explanations for the small cases of q, n, missed out in Wan’s original proof [75]. The Hansen-Mullen conjectures have since been generalized to encompass results on the existence of irreducible and particularly primitive polynomials with several prescribed coeﬃcients (see for instance [33, 34, 57, 58, 74] for general irreducibles and [18, 36, 59, 65] for primitives). In particular Ha [34], building on some of the work of Pollack [58] and Bourgain [8], has recently proved that, for large enough q, n, there

exists irreducibles of degree n over Fq with roughly any n/4 coeﬃcients prescribed to any value. This seems to be the current record on the number of arbitrary coeﬃcients one may prescribe to any values in an irreducible polynomial of degree n.

13 There are some diﬀerences of approach in tackling existence questions of either general irreducible or primitive polynomials with prescribed coeﬃcients. For instance, when working on irreducibles, and following in the footsteps of Wan [75], it has been

common practice to exploit the Fq[x]-analogue of Dirichlet’s theorem for primes in

arithmetic progressions; all this is done via Dirichlet characters on Fq[x], L-series, zeta functions, etc. See for example [74]. Recently Pollack [58] and Ha [34], building on some ideas of Bourgain [8], applied the circle method to prove the existence of irreducible polynomials with several prescribed coefficients. On the other hand, in the case of primitives, the problem is usually approached via p-adic rings or fields (to account for the inconvenience that Newton’s identities “break down”, in some sense, in fields of positive characteristic) together with Cohen’s sieving lemma, Vinogradov’s characteristic function, etc. (see for example [19,30]). However there is one common feature these methods share, namely, when bounding the “error” terms comprised of character sums, the function field analogue of Riemann’s hypothesis (Weil’s bound) is used (perhaps without exception here). Nevertheless as a consequence of its O(qn/2) nature it transpires a difficulty in extending the n/2 threshold for the number of coefficients one can prescribe in irreducible or particularly primitive polynomials of degree n. As the reader can take from all this, there seems to be a preponderance of the analytic method to tackle the existence problem of irreducibles and primitives with several prescribed coefficients. One then naturally wonders whether other view-points may be useful for tackling such problems. As Panario points out in [40], p.115,

The long-term goal here is to provide existence and counting results for irreducibles with any number of prescribed coeﬃcients to any given values. This goal is completely out of reach at this time. Incremental steps seem doable, but it would be most interesting if new techniques were introduced

14 to attack these problems [40]

In Chapter 5 we take a different approach and give a new proof of the Hansen- Mullen irreducibility conjecture (or theorem), stated in Theorem 1.0.11. We attack the problem by studying the least period of certain functions related to the discrete Fourier transform (DFT) of characteristic elementary symmetric functions (which produce the coefficients of characteristic polynomials). We emphasize that the work constitutes a sharp contrast to the more mainstream techniques in literature. The heart of the proof relies on Lemma 1.0.13 below, which gives a sufficient condition for a given polynomial to have an irreducible factor of degree n. This together with the exploitation of q-symmetric and r-periodic structures, as done in Dorsey-Hales [28], yields the result. Our proof theoretically explains, in a unified way, every case of the Hansen-Mullen conjecture. These include the small cases missed out in Wan’s original proof [75], computationally verified by Ham-Mullen in [35]. However we should point out that, in contrast, our proof has the disadvantage of not yielding estimates for the number of irreducibles with a prescribed coefficient. It merely asserts their existence. We wonder whether some of the techniques introduced here can be extended to tackle the existence question for several prescribed coefficients, but we for now leave this to the consideration of the interested reader. The proof relies in an application of the sufficient condition in Lemma 1.0.13 below, which follows from that in (i) of the following lemma. First for a function F on a set A, let supp(F ) := {a ∈ A : F (a) 6= 0} be the support of F . It should be observed that, in practice, F will be defined on (a subset of the field) Fqn or on a set of integers. For example, both usages occur in the proof of Lemma 1.0.12

Lemma 1.0.12. Assume ζ is a primitive element of Fqn where q is a prime power k and n ≥ 2. Given a function F : Fqn → Fqn , deﬁne f : Zqn−1 → Fqn by f(k) = F (ζ )

15 −1 and let r be the least period of Fζ [f] (which is the same as the least period of Fζ [f]). Then the following results hold.

n (i) Suppose r - (q − 1)/Φn(q). Then supp(F ) contains an element of degree n over

Fq. d (ii) Suppose supp(F ) contains an element of degree n over Fq. Then r - (q − 1) for every positive divisor d of n with d < n.

(iii) Suppose supp(F ) contains a primitive element of Fqn , or the least common multiple of the multiplicative orders of the elements in supp(F ) equals qn − 1. Then r = qn − 1.

In particular (i) implies the existence of an irreducible factor of degree n for any

polynomial h(x) ∈ Fq[x] satisfying a constraint on the least period as follows. Here × × Fqn and L denote the set of all invertible elements in Fqn and L respectively.

Lemma 1.0.13. Let q be a prime power and n ≥ 2. Suppose h(x) ∈ Fq[x] and L is × any subﬁeld of Fqn containing the image h(Fqn ). Deﬁne the polynomial

#L× qn−1 S(x) = 1 − h(x) mod x − 1 ∈ Fq[x].

qn−2 X i qn−2 Write S(x) = six for some coeﬃcients si ∈ Fq. If the cyclic sequence (si)i=0 i=0 n has least period r satisfying r - (q − 1)/Φn(q), then h(x) has an irreducible factor of

degree n over Fq.

Note Lemma 1.0.13 immediately yields the following suﬃcient condition for a polynomial to be irreducible because h(x) has an irreducible factor of the same degree.

Proposition 1.0.14. With the notations of Lemma 1.0.13, assume h(x) ∈ Fq[x] has qn−2 degree n ≥ 2. If the cyclic sequence (si)i=0 of the coeﬃcients of S(x) has least period n r satisfying r - (q − 1)/Φn(q), then h(x) is irreducible.

16 To give the reader a ﬂavor for the essence of our proof as an application of Lemma 1.0.13, we give the following small example.

Example 1.0.15. Let q = 2, let n = 4, and let

X i1 i2 h(x) = x2 +2

0≤i1

12 10 9 6 5 3 = x + x + x + x + x + x ∈ F2[x].

2 Note that h(F24 ) ⊆ F2. In fact, for any ξ ∈ F24 , h(ξ) is the coeﬃcient of x in the

characteristic polynomial of degree 4 over F2 with root ξ. We may take L = F2 in Lemma 1.0.13; hence #L× = 1. Thus

× 4 S(x) := 1 + h(x)#L mod x2 −1 + 1 = h(x) + 1

12 10 9 6 5 3 = x + x + x + x + x + x + 1 ∈ F2[x].

24−2 X i The cyclic sequence of coeﬃcients s = s0, s1, . . . , s24−2 of S(x) = six is given by i=0

s = 1, 0, 0, 1, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0, 0.

One can easily check that the least period r of s is r = 24 − 1, the maximum possible.

4 4 Because 2 − 1 > (2 − 1)/Φ4(2), Lemma 1.0.13 implies that h(x) has an irreducible factor P (x) of degree 4 over F2. Any root ξ of P (x) must satisfy h(ξ) = 0. This is the coeﬃcient of x2 in P (x). Hence there exists an irreducible polynomial of degree 4

2 4 over F2 with its coeﬃcient of x being zero. Indeed, x + x + 1 is one such irreducible polynomial.

The works mentioned above on irreducibles are primarily concerned with proving existence questions. As such, one ﬁnds it unnecessary to produce exact explicit

17 formulas for the number of such irreducibles; estimates suffice. However there is also intensive research on the exact number of irreducibles or primitives with one or more prescribed coefficients. See for instance [12,32,41–44,90] and the survey [17] or Section 3.5 by S. D. Cohen in the Handbook of finite fields [52]).

n Let α be a primitive element of Fqn . For a positive divisor N of q −1, we say that ∗ k an element ξ ∈ Fqn is N-free if ξ = α for some integer k that is coprime to N. Note that the deﬁnition of N-free is independent of the choice of the primitive element α.

n Clearly the primitive elements of Fqn are exactly the (q − 1)-free elements; thus the notion of N-free generalizes that of primitivity. Note as well the direct connection between the number of primitive elements in Fqm with trace c ∈ Fq and number of primitive polynomials of degree m over Fq having trace −c: The latter equals the former divided by the degree, m. In Chapter 6 we study the number of N-free elements, and in particular primitive elements, with prescribed trace. There we start by deriving a formula for the number of N-free elements over a finite field with prescribed trace, in particular trace zero, in terms of Gaussian periods. See Lemma 6.1.4 for this. Then, by using known results on Gaussian periods, we proceed to obtain several explicit expressions for these. See for instance Corollaries 1.0.19, 1.0.21, 1.0.22, 1.0.23, 1.0.25, 1.0.27. Motivated by a result of Carlitz [12] showing that the number of irreducibles polynomials of fixed degree, with prescribed non-zero trace, is uniform in the trace, we also consider the question of when do primitives satisfy a similar property. Although it could potentially be difficult to characterize all the possible cases when this holds, we give in Theorem 1.0.26 a sufficient criteria for which N-free elements, particularly primitives, satisfy

∗ this requirement. Finally we also explore the related number of elements in Fqn with multiplicative order N and having a prescribed trace. Perhaps one of the earliest results, in the ennumeration of irreducible polynomials

18 with prescribed coeﬃcients, is the following beautiful formula due to Carlitz [12]. It describes the number of monic irreducible polynomials of degree m with a prescribed

m−1 trace coeﬃcient (the coeﬃcient of x ). Let Iq,m(c) denote the number of monic

irreducible polynomials of degree m over Fq with trace c, and let µ denote (as before) the M¨obiusfunction.

Theorem 1.0.16 (Carlitz (1952)). Let q be a power of a prime p and let m ∈

N. Then for any non-zero element c ∈ Fq \{0}, the number of monic irreducible polynomials of degree m over Fq and with trace c is given by

1 X Iq,m − Iq,m(0) I (c 6= 0) = µ(d)qm/d = , q,m qm q − 1 d|m p-d

where 1 X I = µ(d)qm/d q,m m d|m

is the number of monic irreducible polynomials of degree m over Fq.

Note that I − I (0) I (c) = q,m q,m , (1.0.1) q,m q − 1

∗ is a constant for any c ∈ Fq, and so Iq,m(c) is said to be uniformly distributed for ∗ c ∈ Fq. One of the results of Chapter 6 concerns an analogy to (1.0.1) for primitive polynomials in some special cases. We will return to this concept later.

There is a correspondence between the primitive elements in Fqm and the primitive

polynomials of degree m over Fq. In fact the number of primitive elements in Fqm is

m times the number of primitive polynomials of degree m over Fq. In the case of the

primitive polynomials of degree m, or equivalently of primitive elements in Fqm , things are more complicated. Most of the work on primitive polynomials with prescribed

19 coeﬃcients focus on the asymptotic analysis for their number and existence. For example, the following existence result was ﬁrst due to Cohen (see also [20] for a

more self-contained proof). Here we use the notation TrFqm /Fq to denote the trace function from Fqm onto Fq.

Theorem 1.0.17 (Cohen (1990)). Let q be a power of a prime and m > 1 be a positive integer, and let c be an arbitrary element in Fq. If m = 2 or (q, m) = (4, 3), further assume that c 6= 0. Then there exists a primitive element ξ of Fqm with

TrFqm /Fq (ξ) = c.

One can see Section 4.2 by S. D. Cohen and the references therein, in the Handbook of Finite Fields [52]. In fact, except for the trivial cases and those when all the primitive polynomials of degree m are all the irreducibles of degree m (i.e., when q = 2 and m = ` with 2` − 1 a (Mersenne) prime) no explicit formulas are known to date. In particular an analogue, for primitives, to the formula (1.0.1) due to Carlitz is unknown, including in any speciﬁc non-trivial case of q, m.

Let Pq,m be the number of primitive elements in Fqm . It is known that Pq,m = m φ(q − 1), where φ is the Euler function. For c ∈ Fq, let Pq,m(c) denote the number of primitive elements in Fqm with trace c. Then as a corollary of Theorem 1.0.26, the following result (analogous to (1.0.1)) is proved. For a positive integer n, let us denote with Rad(n) the product of all the distinct prime factors of n. By convention Rad(1) = 1.

Corollary of Theorem 1.0.26 Let q be a prime power and m be a multiple of Rad(q − 1). Then, for c 6= 0, we have

P − P (0) P (c) = q,m q,m , q,m q − 1

Although the formula above corresponds to primitive elements and hence primitive

20 polynomials, we will however work with the (more general) N-free elements. Let us first fix the following notations and definitions. Notations: In what follows we let q = ps be a power of a prime number p, m be a positive integer, Q = (qm − 1)/(q − 1), and α be a primitive element of

Fqm . Furthermore, for an element c ∈ Fq, we denote with Zq,m,N (c) the number of ∗ N-free elements ξ in Fqm such that TrFqm /Fq (ξ) = c. Moreover we let Pq,m,N (c) be ∗ the number of non-zero elements ζ in Fqm with multiplicative order N and satisfying

TrFqm /Fq (ζ) = c. In particular we note that

Zq,m,qm−1(c) = Pq,m,qm−1(c) = Pq,m(c)

m is the number of primitive elements ξ in Fq such that TrFqm /Fq (ξ) = c. For an integer k and N | qm − 1, denote

X (d,qm) ∆k(N) := µ(d)ηk , d|N

(d,qm) m where in the sum ηk is the k-th Gaussian period of type (d, q ) Note that the value of ∆k(N) depends only on the square-free part of N.

Previously Cohen and Pre˘sern[20] derived a formula for Zq,m,N (c) in terms of Gaussian sums (see Lemma 2.2 there). From this they were able to obtain lower bounds, through various assisting sieving inequalities, thus proving Theorem 1.0.17 in a more self-contained fashion than previously done in [16]. However as it was perhaps beyond the scope of their work, and except for their Corollary 2.3 where they give an explicit formula for Zq,m,N (c) in a few special cases of Corollary 1.0.23 and Corollary 1.0.27 below, their results were mainly constrained to lower bounds and existence results. It is interesting to note that in the case of trace zero, as they

21 showed in their Lemma 2.1, there is the connection between primitives with trace

zero and Q-free elements with trace zero: Zq,m,qm−1(0) = Θ(K)Zq,m,Q(0). Here K is the part of qm − 1 that is coprime to Q, and Θ(K) = φ(K)/K is the proportion of primitive K-th roots of unity among the K-th roots. But more generally, as we show here thorough our calculations, a lemma due to Ding and Yang [26] (see Lemma 2.3.1 here) implies that something similar holds in general for any divisor N of qm − 1:

Zq,m,N (0) = Θ(K)Zq,m,gcd(Q,N)(0), where K is now the part of N that is coprime to Q. This follows from the following result.

Theorem 1.0.18. Let q be a power of a prime and m be a positive integer. Let

m m N | q −1 and KQ be the largest divisor of N that is coprime to Q = (q −1)/(q −1). Then

(q − 1)φ(KQ) Q Zq,m,N (0) = φ(gcd(Q, N)) + ∆0(gcd(Q, N)) . qKQ gcd(Q, N)

Note that obtaining the value of Zq,m,N (0) boils down to computing ∆0(gcd(Q, N)). Since Gaussian sums and hence periods are known in only very few cases, obtaining images of ∆0 may be quite hard in general. But by using known results on periods we can clearly obtain some explicit expressions. For instance we obtain the following two direct consequences when gcd(Q, N) = 1.

Corollary 1.0.19. Let q be a power of a prime, let m ∈ N and let N | q − 1 such m that N is coprime to (q − 1)/(q − 1). Then the number of N-free elements ξ ∈ Fqm

with TrFqm /Fq (ξ) = 0 is given by

φ(N) Z (0) = qm−1 − 1 . q,m,N N

Setting N = 1 above one obtains the well-known number, qm−1 − 1, of non-zero

22 elements lying in the kernel of the trace map.

Corollary 1.0.20. Let q be a power of a prime p and assume that Q = (q` −1)/(q−1) is prime for some prime `. Then the number of primitive elements ξ ∈ Fq` satisfying Tr (ξ) = 0 is given by Fq` /Fq

  ` φ(q − 1)/q if ` 6= p; Zq,`,q`−1(0) =  ` φ(q − 1)/q − φ(q − 1) otherwise.

Since quadratic and cubic Gaussian periods are known as well, we also immediately obtain Corollaries 1.0.21 and 1.0.22. These two correspond to the cases when gcd(Q, N) is a power of 2 and 3, respectively.

Corollary 1.0.21. Let q = ps, Q = (qm−1)/(q−1), N | qm−1 such that gcd(Q, N) =

n 2 for some n ≥ 1, and KQ be the largest odd divisor of N. Then

  sm m/2 2qK Q − 1 + (−1) q if p ≡ 1 (mod 4); Q Z (0) = q,m,N √ (q − 1)φ(KQ)  sm m/2 Q − 1 + − −1 q if p ≡ 3 (mod 4).

Corollary 1.0.22. Let p ≡ 1 (mod 3), let q = ps, Q = (qm − 1)/(q − 1), N | qm − 1

n such that gcd(N,Q) = 3 for some n ≥ 1, and KQ be the largest divisor of N with

3 - KQ. Let c ∈ Z with c ≡ 1 (mod 3) and p - c be a solution to the equation m/3 2 2 4q = c + 27d with d ∈ Z. Then

m/3 (q − 1)φ(KQ) 2Q − 2 − cq Zq,m,N (0) = . qKQ 3

Thanks in part to well-known explicit expressions for the Gaussian periods in the so called semi-primitive case (see Lemma 2.3.6), we obtain the following result.

23 Corollary 1.0.23. Let sm be even with m > 1, q = ps be a power of a prime p, and Q = (qm − 1)/(q − 1). Let N | qm − 1 be such that n := gcd(Q, N) > 1 is not a power of 2. Further assume there exists a positive integer j such that pj ≡ −1 (mod `) for every prime divisor ` ≥ 3 of n, and that j is the least such. Deﬁne γ = sm/2j. Let

(2,qm) KQ be the part of N that is coprime to Q. Let η0 be as in Lemma 2.3.4. Then

m the number of N-free elements ξ ∈ Fq with TrFqm /Fq (ξ) = 0 is given by

(q − 1)φ(KQ) Q Zq,m,N (0) = φ(n) + ∆0(n) , qKQ n

where the value of ∆0(n) is given in what follows. (a) If γ and p are odd, n is even and (pj + 1)/2 is odd, then

m 1 φ (n) ∆ (n) = −η(2,q ) − 1 + qm/2 + . 0 0 2 n

(b) In all other cases,

γ m/2 γ m/2 (−1) q + 1 m (−1) q − 1 ∆ (n) = − · + η(2,q ) + φ(n), 0 2 2 0 n

where   1 if n is even; 2 =  0 otherwise.

It is a simple matter to show that in the case of quadratic extensions (m = 2) no

primitive element of Fq2 with trace zero, in Fq, exists. In fact, this case falls under the more general category below of Proposition 1.0.24, for which we are able to, in Chapter 6, obtain the corresponding formula for the zero trace.

Proposition 1.0.24. Let q = ps be a power of a prime number p and let m > 1 be

24 an integer. Then there exists a positive integer j such that

qm − 1 pj ≡ −1 (mod Rad ) q − 1

if and only if m = 2, or q = p is a Mersenne prime and m = 4. The latter case holds precisely for every j = 2k with k ≥ 1 odd.

` Recall that a Mersenne prime M` is of the form M` = 2 − 1 for some prime `. Usually the world’s record of the largest prime is broken by a Mersenne prime, and, although only 48 such primes have been discovered thus far (see the Great Internet Mersenne Prime Search (GIMPS) available online) it is a well-known conjecture that there exist infinitely many of them. They appear in various areas of number theory and finite fields, including in the Great Trinomial Hunt [9], an ongoing project for the search of primitive trinomials (i.e., primitive polynomials with exactly three non-zero

terms) over F2 with degree the “exponent” ` of a Mersenne prime M`. We obtain the following simple formula for the number of primitive elements, with absolute trace zero, in quartic extensions of Mersenne prime ﬁelds.

Corollary 1.0.25. Let p be a Mersenne prime. Then the number of primitive elements ξ in 4 satisfying Tr (ξ) = 0 is given by Fp Fp4 /Fp

1 p4 − 1 φ p4 − 1 − φ . p p + 1

In Chapter 6 we also discuss the concept of uniformity, already met in Theorem 1.0.16, now for N-free elements; in particular, for primitive elements. Although it is

easy to ﬁnd examples of q, m, N for which Zq,m,N (c) does not behave uniformly for

∗ m c ∈ Fq (and indeed, when N = q − 1 is ﬁxed as well) it is of special interest to ﬁnd

and classify instances of q, m, N for which Zq,m,N (c 6= 0) does. One of the obvious

25 reasons being that, in this case, in order to obtain the number of N-free elements with a prescribed non-zero trace, it would be enough to ﬁnd the corresponding number for the zero trace. The following theorem gives a suﬃcient criteria for this to happen, but we ask the interested able reader to characterize all such instances of q, m, N.

Theorem 1.0.26. Let q be a power of a prime and N be a positive divisor of qm − 1. If every prime divisor of N divides Q = (qm − 1)/(q − 1), then, for every element

m c ∈ Fq \{0}, the number of N-free elements ξ ∈ Fq satisfying TrFqm /Fq (ξ) = c is given by m q −1 φ(N) − Z (0) Z (c 6= 0) = N q,m,N . q,m,N q − 1

m In particular, setting N = q − 1, we obtain that Zq,m,qm−1(c) is a constant

∗ independent of c ∈ Fq whenever the radical (the product of all the distinct prime divisors) of Q is the same as that of qm − 1. This occurs exactly when all the prime factors of q − 1 divide m; see Corollary 6.3.3 for this. Thus we obtain the following immediate consequence to Theorem 1.0.26 and Corollary 1.0.23.

Corollary 1.0.27. Assume that q, r, N, satisfy the assumptions of Corollary 1.0.23

(2,qm) and further assume that Rad(N) | Q. Let η0 be as in Lemma 2.3.4. Then for any

∗ m non-zero c ∈ Fq, the number of N-free elements ξ ∈ Fq with TrFqm /Fq (ξ) = c is given in what follows. (a) If γ and p are odd, N is even and (pj + 1)/2 is odd, then

1 m 1 φ(N) qQ Z (c 6= 0) = η(2,q ) + 1 + qm/2 + + φ(N) − 1 . q,m,N q 0 2 N N

(b) In all other cases,

γ m/2 φ(N) (−1) q + 1 m Z (c 6= 0) = qm + (−1)γ+1qm/2 + qQ − N + · + η(2,q ) , q,m,N qN 2 2 0

26 where   1 if N is even; 2 =  0 otherwise.

As a consequence of Theorem 1.0.26 one obtains the following interesting property

m m of the sum ∆0(N) for N | q − 1 such that Rad(N) | Q = (q − 1)/(q − 1). It is the constant diﬀerence between the number of N-free elements with zero and non-zero traces in Ft, for any subﬁeld Ft of Fq.

Corollary 1.0.28. Let N | qm − 1 such that every prime divisor of N divides (qm −

∗ 1)/(q − 1). Then for every subﬁeld Ft of Fq and every ct ∈ Ft , we have

∆0(N) = Zt,m[Fq:Ft],N (0) − Zt,m[Fq:Ft],N (ct 6= 0).

Furthermore, if t 6= q, then

qZ (0) − tZ (0) ∆ (N) = q,m,N t,m[Fq:Ft],N . 0 q − t

Although the work is primarily concerned with the number Zq,m,N (c), we also

brieﬂy consider the seemingly closely related number, Pq,m,N (c), of elements with order

N having a prescribed trace c. There we derive a general formula for Pq,m,N (c) (see

Lemma 6.4.3) and show its relation to Zq,m,N (c) as well as Hamming weights of speciﬁc

m codewords in irreducible cyclic codes. Let LQ be the largest divisor of q −1 with the same radical as that of Q. We also show, in Lemma 6.4.3, that if N | qm−1 is such that qm − 1 L | N, then the following simple relation holds: Z (0) = P (0). We Q q,m,N N q,m,N believe it should not be too diﬃcult to generalize this even further for arbitrary N, but we leave this to the interested reader. As a consequence of this and of Cohen’s result (see Theorem 1.0.17 above) we show in Theorem 6.4.4 that there exists an element in

27 ∗ Fqm of order N (with LQ | N) having trace 0 if and only if m 6= 2 and (q, m) 6= (4, 3). In addition Lemma 6.4.3 together with Corollary 1.0.18 yields, in Theorem 6.4.5, an explicit expression for the number of elements of order 2(p + 1)(p2 + 1), in quartic extensions of Mersenne prime fields Fp, having absolute trace zero. We now briefly summarize and recall the content of each chapter. In Chapter 2 we review some preliminary facts and concepts which will be of use in subsequent chapters. These include compositional inverses of linearized polynomials bijecting subspaces, Gaussian sums and periods, as well as the DFT for finite-field-valued functions, period of functions and cyclotomic polynomials. In Chapter 3 we study the compositional inverses of several classes of PPs, while in Chapter 4 we focus on the topic of CPPs and obtain several results in this area. In Chapter 5 we consider existence of irreducibles with a prescribed coefficient and give a new proof of the Hansen-Mullen irreducibility conjecture. Finally in Chapter 6 we work on the ennumeration of N-free and primitive elements with restrictions on their trace.

28 Chapter 2

Preliminaries

In this chapter we go over some preliminary facts which will be of use later in the chapters that follow. The content of this chapter is as follows. In Section 2.1 we study the compositional inverses of linearized polynomials inducing bijections of subspaces. Worth pointing out here is Theorem 2.1.5, where we show how to obtain such compositional inverses on subspaces. As we show there, obtaining the coeﬃcients of such linearized polynomials is equivalent to solving a system of linear equations. It is also important to point out Lemma 2.1.10 there, which will be quite useful in Chapter 3 to obtain the compositional inverses of several classes of PPs. In Section 2.2 we introduce several basic concepts regarding the DFT, period of functions and cyclotomic polynomials. We then conclude this chapter with Section 2.3, where we deﬁne objects such as Gaussian sums and periods, and gather from literature some known explicit formulas for the Gaussian periods. These will be of use later in Chapter 6.

29 2.1 Inverses of linearized polynomials inducing bi-

jections of subspaces

Linearized polynomials play a crucial role throughout the work 1 in Chapters 3, 4 and we thus explore here some of their properties. We recall that we deﬁned L(x) ∈ Fqn [x] m X qi to be linearized, also called a q-polynomial, if L(x) = aix for some ai ∈ Fqn . We i=0 are mainly interested in these from the point of view of a mapping on Fqn , and so we assume here that m = n − 1.

One can show that all the additive maps of Fqn are induced by p-polynomials.

Clearly, q-polynomials are also p-polynomials. The set, Ln(Fqn ), of all q-polynomials over Fqn , forms a unital associative non-commutative Fq-algebra with multiplication given by the composition of polynomials, and using the usual addition of polynomials and scalar multiplication by elements of Fq. In contrast, its subset of all q-polynomials over Fq does form a commutative subalgebra. Even more, q-polynomials over Fp n−1 X qi commute with p-polynomials over Fq. For a q-polynomial L(x) = aix , ai ∈ Fqn , i=0 we associate its so called Dickson matrix DL given by

  a0 a1 ··· an−1    q q q   a a ··· a   n−1 0 n−2  DL =  . . .  .  . . .     qn−1 qn−1 qn−1  a1 a2 ··· a0

It is well-known that L is a permutation polynomial of Fqn if and only if DL is non- 1This section is substantively based on some of the content of the following article originally published in Finite Fields and Their Applications, https://doi.org/10.1016/j.ffa.2014.02.006. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [70] A. Tuxanidy and Q. Wang, On the inverses of some classes of permutations of ﬁnite ﬁelds, Finite Fields and their Applications, v.28 (2014), p.244–281. https://doi.org/10.1016/j.ffa. 2014.02.006

30 singular [48]. Note also that Ln(Fqn ) is isomorphic to the algebras of the n × n matrices over Fq, and the n × n Dickson matrices over Fqn . In particular, the subset of q-polynomial permutations over Fqn forms a group, under composition, that is isomorphic to the group of non-singular n × n matrices over Fq. See the recent work in [80] for known and new characterizations of Ln(Fqn ). It will also be useful to add

the basic fact that a q-polynomial L over Fq permutes Fq if and only if L(1) 6= 0, since L(x) = L(1)x for all x ∈ Fq. In Chapter 3 we shall give expressions for the compositional inverses, or preimages in certain cases, particularly written in terms of linearized polynomials inducing the inverse map over subspaces on which prescribed linearized polynomials induce a bijection. Thus here in this section we show, in Theorem 2.1.5, how to obtain such linearized inverses over subspaces. See Lemma 2.1.4 as well. Note however that in the

case when L(x) is a PP of Fqn , the following result from [80] gives its compositional inverse in terms of cofactors of its associate Dickson matrix. We are however interested in deriving the inverse map of linearized polynomials in the case when these induce bijections of subspaces.

n−1 X qi Proposition 2.1.1 (Theorem 4.8, [80]). Let L(x) = aix ∈ Ln(Fqn ) be a i=0 linearized permutation polynomial and DL be its associate Dickson matrix. Assume n−1 X qi a¯i is the (i, 0)-th cofactor of DL, 0 ≤ i ≤ n − 1. Then det(L) = an−ia¯i and i=0

n−1 1 X i L−1(x) = a¯ xq . det(L) i i=0

We start oﬀ by brieﬂy noting a few basic properties of the set Sψ := {x−ψ(x) | x ∈

Fqn }, which will appear often throughout the work in Chapter 3. For ψ ∈ Ln(Fqn ), we denote by ψi the compositional power of ψ, that is, ψi = ψ ◦ ψ ◦ · · · ◦ ψ, i times.

31 Denote by id ∈ Ln(Fqn ) the identity id(x) = x.

Lemma 2.1.2. Let ψ ∈ Ln(Fqn ). Then the set Sψ := {x − ψ(x) | x ∈ Fqn } is an

Fq-vector subspace of Fqn and ψ(Sψ) ⊆ Sψ. Let K ∈ Ln(Fqn ) such that ker(K) = Sψ. i i l l+1 Then, for all i ≥ 0, K = K ◦ ψ and ker(ψ ) ⊆ Sψ. If ψ = ψ for some positive

l integer l, then Sψ = ker(ψ ).

Proof. The reader can check that Sψ is indeed a vector space over Fq and ψ(Sψ) ⊆ Sψ.

Since ker(K) = im(id −ψ), then for all x ∈ Fqn we have K ◦ (id −ψ)(x) = 0 and thus K(x) = K(ψ(x)) = K(ψ(ψ(x))) = ··· , i.e., K = K ◦ψi for each i ≥ 0. If x ∈ ker(ψi),

i i l l+1 then K(x) = K(ψ (x)) = K(0) = 0. Hence ker(ψ ) ⊆ ker(K) = Sψ. If ψ = ψ ,

l l then Sψ ⊆ ker(ψ ); it follows that Sψ = ker(ψ ).

2 In particular, if ψ is idempotent, i.e., ψ = ψ, then Sψ = ker(ψ). Moreover, if ψ is

l nilpotent, i.e., there exists a positive integer l such that ψ = 0, then Sψ = ker(0) =

Fqn . n Let vq,n : Ln(Fqn ) → Fqn be the natural map deﬁned by

n−1 ! X qi vq,n aix = (a0 a1 ··· an−1) i=0

(for simplicity we write vectors horizontally). Let X = (x, xq, . . . , xqn−1 ) and let Xt denote the transpose of X. The following lemma shows that the composition of two linearized polynomials is essentially induced via a Dickson matrix multiplication.

Lemma 2.1.3. Let ϕ, ψ ∈ Ln(Fqn ), let Dψ be the Dickson matrix corresponding to t ψ. Then ϕ(ψ(x)) = vq,n(ϕ)DψX .

Proof. Write vq,n(ϕ) = (a0 a1 ··· an−1), vq,n(ψ) = (b0 b1 ··· bn−1), for some coeﬃcients

32 ai, bj ∈ Fqn . Then

i n−1 n−1 !q n−1 n−1 n−1 n−1 X X qj X X qi qi+j X X qi qk ϕ(ψ(x)) = ai bjx = aibj x = aibk−ix i=0 j=0 i=0 j=0 i=0 k=0 n−1 n−1 X X qi qk = aibk−ix , k=0 i=0 where the subscripts are reduced modulo n. Since the ik-th entry of Dψ is given by qi bk−i, the result follows.

We recall the well known concept of a projection operator on a vector space. These are the idempotent linear transformations. Let U be a vector space which we write as the internal direct sum of two subspaces V,W , that is, U = V ⊕W , where U = V +W and V ∩ W = {0}. We can write any element u ∈ U uniquely as a sum u = v + w where v ∈ V and w ∈ W . Then the map P : U → U defined by P (v + w) = w is called a projection operator of U onto W along V . It is easy to see that P is a well-defined linear transformation with kernel V and image W , and that P (u) = u if and only if u ∈ W . In fact, P is a projection operator if and only if it is idempotent, i.e., P (P (u)) = P (u) for all u ∈ U. Note that the existence of a projection operator onto any subspace is guaranteed, and thus we can always find at least one idempotent with a prescribed kernel. The following lemma gives the inverse map over subspaces on which a prescribed linear transformation is a bijection. It is true in general for arbitrary vector spaces and linear transformations.

Lemma 2.1.4. Let V, V¯ , be two subspaces of a vector space U over a ﬁeld, each of the same dimension, and let the linear operator ϕ : U → U be bijective from V to V¯ . There exists an idempotent K : U → U such that ker(K) = V . Deﬁne the linear transformation L : ϕ(U) → V by L(ϕ(u)) = u − K(u). Then L|V¯ is the inverse map

33 of ϕ|V .

Proof. Since we can construct a projection operator with kernel V , it is clear that such an idempotent K exists. First note that since V = ker(K) = {u−K(u) | u ∈ U}, then L(ϕ(U)) = V . To show that L is well-deﬁned, assume that ϕ(u) = ϕ(w) and u 6= w (the case u = w is trivial). We need to show that L(ϕ(u)) = L(ϕ(w)). Because ϕ is injective on ker(K), then ker(ϕ)∩ker(K) = {0}; thus, since w−u ∈ ker(ϕ), necessarily w − u∈ / ker(K), otherwise u = w, a contradiction. Since K is idempotent, it is a projection operator of U onto K(U) along ker(K), and thus U = ker(K)⊕K(U). This means that ker(K) ∩ K(U) = {0} and dim(U) = dim(ker(K)) + dim(K(U)) implying U = ker(K) ∪ K(U). Now, since w − u∈ / ker(K), necessarily w − u ∈ K(U) \{0}, say w − u = K(z) for some z ∈ U \ ker(K). Then K(w − u) = K(K(z)) = K(z) = w − u. Hence L(ϕ(w)) − L(ϕ(u)) = w − u − K(w − u) = 0 implying that L is well-deﬁned.

−1 The reader can check that L is a linear transformation. To see that L|V¯ = ϕ |V¯ , note that for all v ∈ V = ker(K), L(ϕ(v)) = v − K(v) = v, from which we get ϕ(L(ϕ(v))) = ϕ(v). Since ϕ(V ) = V¯ , this is the same as ϕ(L(¯v)) =v ¯ for allv ¯ ∈ V¯ .

−1 Then L|V¯ = ϕ |V¯ by the uniqueness of inverse maps.

We can now apply Lemma 2.1.3 and 2.1.4 to obtain linearized polynomials inducing the inverse map over subspaces on which a given linearized polynomial induces a bijection. Obtaining the coeﬃcients of such linearized polynomials is equivalent to solving a system of linear equations.

¯ Theorem 2.1.5. Let V, V , be two equally sized Fq-subspaces of Fqn , let ϕ ∈ Ln(Fqn ) ¯ induce a bijection from V to V , and let Dϕ be the associate Dickson matrix of ϕ. There

exists K ∈ Ln(Fqn ) inducing an idempotent endomorphism of Fqn such that ker(K) =

V . Then the coeﬃcients, c¯ = (c0 c1 ··· cn−1), of one of the linearized polynomials

inducing the inverse map of ϕ|V , satisfy the linear equation cD¯ ϕ = vq,n(id −K).

34 Proof. We make use of the fact that when U = Fqn in Lemma 2.1.4, all the linear transformations are induced by linearized polynomials. Now deﬁne the map L¯ : ¯ Fqn → Fqn by L = L ◦ P , where L is given in Lemma 2.1.4 (with U = Fqn ), and ¯ P is a projection operator of Fqn onto ϕ(Fqn ). Note that L is a well-deﬁned linear ¯ operator. The fact that P is a projection operator onto ϕ(Fqn ) gives L(ϕ(x)) = ¯ −1 L ◦ P (ϕ(x)) = L(ϕ(x)) = x − K(x). In particular, L|V¯ = L|V¯ = ϕ |V¯ . Thus we have obtained a linear operator of Fqn inducing the inverse map of ϕ|V . But all linear ¯ operations of Fqn are induced by linearized polynomials. Since, additionally, V, V , ¯ are Fq-subspaces and ϕ ∈ Ln(Fqn ), it follows that the map of L can be induced by a linearized polynomial in Ln(Fqn ), say R, inducing the inverse map of ϕ|V , and necessarily satisfying the equation R(ϕ(x)) = x − K(x). Then using Lemma 2.1.3 we

obtain the linear equation vq,n(R)Dϕ = vq,n(id −K) (after cancelling out the arbitrary Xt on both sides) as required.

Note that if ϕ induces a permutation of Fqn , i.e., Dϕ is non-singular, then the required idempotent is K = 0, and the coeﬃcients of the compositional inverse of ϕ

−1 −1 are given byc ¯ = vq,n(id)Dϕ , i.e., the coeﬃcients in the ﬁrst row of Dϕ . See (1) in the Introduction and Proposition 2.1.1 for details.

Remark 2.1.6. In the case that the coeﬃcients of ϕ ∈ Ln(Fqn ) belong to Fq, Dϕ becomes a circulant matrix. Then if V is an Fq-subspace and if the characteristic p of Fqn does not divide n, we can quickly solve the linear equation cD¯ ϕ = vq,n(id −K) by using the Circular Convolution Theorem for DFTs together with an FFT. See [87] for details on circulants and DFTs.

An immediate consequence is the following.

Corollary 2.1.7. Let ϕ, ψ ∈ Ln(Fqn ) such that ψ induces an idempotent endomor- ¯ phism of Fqn and ϕ induces a bijection from Sψ = ker(ψ) to an Fq-subspace V of

35 Fqn . Then the coeﬃcients, c¯ = (c0 c1 ··· cn−1), of a linearized polynomial inducing the ¯ inverse map from V to Sψ, satisfy the linear equation cD¯ ϕ = vq,n(id −ψ).

Example 2.1.8. Assume that the characteristic p does not divide n and work over

m −1 −1 −2 2 −2 Fqn , where q = p as before. We have n T (n T (x)) = n T (x) = n nT (x) = −1 −1 q n T (x) and so n T is idempotent with kernel ker(T ) = {β − β | β ∈ Fqn }. Let p ∗ (q−1)/(p−1) m ϕ(x) := x + cx ∈ Lmn(Fpmn ), where c ∈ Fq satisﬁes c = (−1) , and let Dϕ be its associate mn × mn Dickson matrix given by

  c 1 0 0 ··· 0      0 cp 1 0 ··· 0    Dϕ =  . . .  .  . . .      1 0 0 0 ··· cpmn−1

Note that ϕ(ker(T )) ⊆ ker(T ). If ϕ permutes the Fp-subspace, ker(T ), of Fqn , then ¯ by Theorem 2.1.5, the coeﬃcients, d = (d0 d1 ··· dmn−1), of one of the linearized polynomials inducing the inverse permutation of ϕ|ker(T ), are a solution to the linear equation

n−1 ! ¯ −1 −1 X pkm dDϕ = vp,mn id −n T = vp,mn x − n x k=0 = −n−1(1 − n, 0, 0,..., 0, 1, 0, 0,..., 0, 1, 0, 0,..., 0), where the 1 entries occur at indices (which start at 0 and end at mn − 1) that are non-zero multiples of m. Solving this system we obtain a solution

−1 j −(pj+1−1)/(p−1) dkm+j = n (−1) c (n − 1 − k), where 0 ≤ k ≤ n − 1 and 0 ≤ j ≤ m − 1. Thus we have found a linearized polynomial

36 inducing the inverse map of ϕ|ker(T ). In particular, ϕ induces a permutation of ker(T ) as maps are invertible if and only if they are bijections.

Remark 2.1.9. There exist several linearized polynomials inducing idempotents op-

erations of Fqn . In fact, the number of linearized polynomials in Ln(Fqn ) inducing such idempotent maps is given by

n X | GL(n, q)| , | GL(k, q)|| GL(n − k, q)| k=0

where GL(k, q) denotes the group of non-singular k × k matrices over Fq with (well- k−1 Y known) order given by | GL(k, q)| = (qk − qi) for k ≥ 1, and | GL(0, q)| = 1 by i=0 convention. Indeed, we know that internal direct-sum decompositions of Fqn , into

ordered pairs of trivially-intersected Fq-subspaces, are in correspondence with idem-

potent Fq-linear operators of Fqn , which in turn correspond to elements in Ln(Fqn ) inducing such idempotent maps. Fixing an integer k, where 0 ≤ k ≤ n, we note

that the bases of Fqn over Fq are in bijective correspondence with ordered pairs of

disjoint bases with dimensions k and n − k, respectively, over Fq. But to each Fq-

subspace of Fqn of dimension, say l, corresponds | GL(l, q)| bases of it. Then there | GL(n, q)| are decompositions of n into ordered pairs of trivially- | GL(k, q)|| GL(n − k, q)| Fq intersected Fq-subspaces with dimensions k and n − k, respectively. The claim now follows. For example, when n = 2 and q = 2, 3, 4, 5, this number is 8, 14, 22, 32, respectively.

We now place our attention to other preliminary lemmata which will be of use in the following sections. The following lemma is a generalization of Lemma 3.1 in [81] and thus serves in tackling more general classes of permutations of arbitrary ﬁnite ﬁelds.

37 m ¯ Lemma 2.1.10. Let q = p be a prime power, let ψ, ψ ∈ Fqn [x] be additive, and let

f ∈ Fqn [x]. Deﬁne the map φψ : Fqn → ψ(Fqn )⊕Sψ by φψ(x) = (ψ(x), x−ψ(x)). Then −1 φψ is injective for any such ψ, and, for any (y, z) ∈ φψ(Fqn ), φψ (y, z) = y+z. Then f −1 permutes Fqn if and only if the map F : φψ(Fqn ) → φψ¯(Fqn ), given by F = φψ¯ ◦f ◦φψ , −1 −1 −1 is bijective. In this case, F = φψ ◦ f ◦ φψ¯ .

Proof. It is easy to check that φψ is well-deﬁned and injective for any such ψ. Then

|φψ(Fqn )| = |φψ¯(Fqn )| = |Fqn |. Hence, since F ◦ φψ = φψ¯ ◦ f, it follows that f is a permutation if and only if F is a bijection (injectivity implies bijectivity since the respective domain and codomain of f, F , are equally sized and ﬁnite).

This lemma proves valuable since it provides a way of computing the inverses of certain classes of polynomials by computing the inverses of two other polynomials, one of these linearized, on subspaces; this should be easier. First it would be of interest to determine when is a linear map ϕ a bijection ¯ between two similar subspaces Sψ,Sψ¯. Under certain restrictions on ϕ, ψ, ψ, Lemma 2.1.13 shows when this happens. Now we make use of the following lemma which is a slight (more general) variation of the AGW Criterion given in Lemma 1.2, [3].

Lemma 2.1.11. Let A, A,¯ S, S¯, be ﬁnite sets with |A| = |A¯| and |S| = |S¯|, and let f : A → A¯, f¯ : S → S¯, λ : A → S, and λ¯ : A¯ → S¯ be maps such that λ¯ ◦ f = f¯◦ λ. If both λ and λ¯ are surjective, then the following two statements are equivalent: (i) f is a bijection from A to A¯; and (ii) f¯ is a bijection from S to S¯ and f is injective on λ−1(s) for each s ∈ S. Furthermore, if A, A,¯ S, S¯ form groups under some operation + (although the groups may not be abelian) and f, f,¯ λ, λ¯ are homomorphisms on the respective groups, then f is injective on λ−1(s) for each s ∈ S if and only if ker(f) ∩ ker(λ) = {0}.

Proof. The proof of (i), (ii), is identical to the proof of Lemma 1.2 in [3] and we omit

38 it. Now for the group case, assume α, β ∈ λ−1(s) := {a ∈ A | λ(a) = s} such that α 6= β. Then 0 6= f(α) − f(β) = f(α − β) if and only if ker(f) ∩ ker(λ) = {0} (since α − β ∈ ker(λ)) as required.

The following easy consequence gives us a criterion for determining when a linearized polynomial induces a permutation of the ﬁnite ﬁeld in question. We will often apply this useful result in the following sections.

¯ ¯ Lemma 2.1.12. Let ϕ, ψ, ψ ∈ Fqn [x] be additive such that ϕ◦ψ = ψ◦ϕ and |ψ(Fqn )| = ¯ |ψ(Fqn )|. Then ϕ induces a permutation of Fqn if and only if ker(ϕ) ∩ ker(ψ) = ker(ϕ) ∩ ψ(Fqn ) = {0}.

¯ ¯ Lemma 2.1.13. Let ϕ, ψ, ψ ∈ Fqn [x] be additive such that ϕ ◦ ψ = ψ ◦ ϕ, |ψ(Fqn )| = ¯ |ψ(Fqn )|, and |Sψ| = |Sψ¯|. Then ϕ induces a bijection between Sψ and Sψ¯ if and only if ker(ϕ) ∩ ker(ψ) = ker(ϕ) ∩ ψ(Sψ) = {0}.

¯ ¯ Proof. First note that because |ψ(Fqn )| = |ψ(Fqn )|, then | ker(ψ)| = | ker(ψ)|. As ¯ ¯ ker(ψ) ⊆ Sψ, ker(ψ) ⊆ Sψ¯, and |Sψ| = |Sψ¯|, it follows that |ψ(Sψ)| = |ψ(Sψ¯)|. ¯ Moreover, since ψ(Sψ) ⊆ Sψ and ϕ ◦ ψ = ψ ◦ ϕ, we deduce that ϕ(Sψ) ⊆ Sψ¯ and ¯ ¯ ϕ(ψ(Sψ)) ⊆ ψ(Sψ¯). Now Lemma 2.1.11 ﬁnishes the proof if we let A = Sψ, A = Sψ¯, ¯ ¯ ¯ ¯ ¯ S = ψ(Sψ), S = ψ(Sψ¯), f = f = ϕ, λ = ψ, and λ = ψ.

2.2 DFT for ﬁnite ﬁelds, period of functions and

cyclotomic polynomials

We recall some preliminary concepts regarding the DFT for ﬁnite ﬁelds, convolution, least period of functions on cyclic groups, and cyclotomic polynomials 2.

2This section is substantively based on some of the content of the following article ﬁrst published in Canadian Journal of Mathematics at https://doi.org/10.4153/CJM-2017-022-1, Copyright

39 Let N ∈ N such that N | q − 1, and let ζN be a primitive N-th root of unity in ∗ Fq (the condition on N guarantees the existence of ζN ). We shall use the common

notation ZN := Z/NZ. Now the DFT based on ζN , on the Fq-vector space of functions

f : ZN → Fq, is deﬁned by

X ij FζN [f](i) = f(j)ζN , i ∈ ZN . j∈ZN

−1 −1 Note Fζ is a bijective linear operator with inverse given by F = N F −1 . N ζN ζN

For f, g : ZN → Fq, the convolution of f, g is the function f ⊗ g : ZN → Fq given by X (f ⊗ g)(i) = f(j)g(k). j+k=i j,k∈ZN

Inductively, f1 ⊗ f2 ⊗ · · · ⊗ fk = f1 ⊗ (f2 ⊗ · · · ⊗ fk) and so

X (f1 ⊗ · · · ⊗ fk)(i) = f1(j1) ··· fk(jk).

j1+···+jk=i j1,...,jk∈ZN

⊗m For m ∈ N, we let f denote the m-th convolution power of f, that is, the convolution of f with itself, m times. The DFT and convolution are related by the fact that k " k # Y O FζN [fi] = FζN fi . i=1 i=1

Since f, FζN [f], have values in Fq by deﬁnition, it follows from the relation above that f ⊗q = f. Convolution is associative, commutative and distributive with identity

δ0 : ZN → {0, 1} ⊆ Fp, the Kronecker delta function deﬁned by δ0(i) = 1 if i = 0 and

© 2018, Canadian Mathematical Society. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [72] A. Tuxanidy and Q. Wang, A new proof of the Hansen-Mullen irreducibility conjecture, Canadian Journal of Mathematics, no.70 (2018), 1373–1389. https://doi.org/10.4153/ CJM-2017-022-1

40 ⊗0 δ0(i) = 0 otherwise. We set f = δ0.

Next we recall the concepts of a period and least period of a function f : ZN → Fq.

For r ∈ N, we say that f is r-periodic if f(i) = f(i + r) for all i ∈ ZN . Clearly f is r-periodic if and only if it is gcd(r, N)-periodic. The smallest such positive integer r is called the least period of f. Note the least period r satisﬁes r | R whenever f is R-periodic. If the least period of f is N, we say that f has maximum least period. There are various operations on cyclic (i.e., periodic) functions which preserve the least period. For instance the k-shift function fk(i) := f(i + k) of f has the same least period as f. The reversal function f ∗(i) := f(−(1 + i)) of f also has the same

σ least period. Let σ be a permutation of Fq. The function f (i) := σ(f(i)) keeps the least period of f as well.

Next we recall a few elementary facts about cyclotomic polynomials. For n ∈ N,

the n-th cyclotomic polynomial Φn(x) ∈ Z[x] is deﬁned by

Y k Φn(x) = x − ζn , × k∈(Z/nZ)

× where ζn ∈ C is a primitive n-th root of unity and (Z/nZ) denotes the unit group n Y modulo n. Since x − 1 = Φd(x), the M¨obiusinversion formula gives Φn(x) = d|n Y (xn/d − 1)µ(d), where µ is the M¨obiusfunction. d|n For any divisor m of n, with 0 < m < n, we note that

n Q x − 1 d|n Φd(x) Y = = Φ (x). m Q d x − 1 Φd(x) d|m d|n d-m

Hence xn − 1 Φ (x) | ∈ [x]. (2.2.1) n xm − 1 Z

41 In fact, one can show that for n ≥ 2,

qn − 1 Φ (q) = gcd : 1 ≤ d < n, d | n n qd − 1 and so qn − 1 = lcm qd − 1 : 1 ≤ d < n, d | n . Φn(q)

Note also that

Y k Φn(q) = |Φn(q)| = q − ζn k∈(Z/nZ)× > q − 1 (2.2.2)

k k for n ≥ 2, since |q − ζn| > q − 1 for any primitive n-th root ζn ∈ C, whenever n ≥ 2 (as can be seen geometrically by looking at the complex plane) 3.

2.3 Gaussian sums and periods

In this section 4we collect some results from literature about Gaussian sums and periods which will be of use later on. We start oﬀ by recalling some concepts and deﬁnitions. These are well-known and may be found for example in Chapter 5 of [48] and in [26].

Let S = {α ∈ C : |α| = 1}. An additive character on Fq is an (additive) 3The elementary facts in (2.2.1) and (2.2.2) have some historical significance. For instance, these make an appearance in Witt’s classical proof of Wedderburn’s theorem that every finite division ring is a field (see Chapter 5 in [1] for example). 4This section is substantively based on some of the content of the following article originally published in Journal of Number Theory, https://doi.org/10.1016/j.jnt.2015.09.008. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [69] A. Tuxanidy and Q. Wang, On the number of N-free elements with prescribed trace, Journal of Number Theory, v.160 (2016), p.536–565. https://doi.org/10.1016/j.jnt.2015.09.008

42 homomorphism χ : Fq → S. One can show these are exactly the mappings of the √ 2π −1 Tr / (ax)/p form x 7→ e Fq Fp for some a ∈ Fq. Here p is the characteristic of Fq. In the special case when a = 1, we call the corresponding additive character canonical.

Let χq, χqm , be the canonical additive characters of Fq, Fqm , respectively, deﬁned √ 2π −1 Tr (x)/p Fq/Fp m by χq(x) = e for x ∈ Fq, and χq = χq ◦ TrFqm /Fq . By the transitivity √ 2π −1 Tr (z)/p m Fqm /Fp (q ) of the trace function, χqm (z) = e for z ∈ Fqm . Denote with χa the (qm) additive character of Fqm corresponding to a ∈ Fqm ; that is χa (z) = χqm (az) for (qm) any z ∈ Fqm . Clearly χ1 = χqm . The following orthogonality relation will be of use.

  X q if x = 0; χq(ax) = (2.3.1) ∗ a∈Fq  0 if x ∈ Fq.

We similarly deﬁne a multiplicative character on Fqm to be a (multiplicative) ho- × × momorphism ψ : Fqm → S, where Fqm denotes the multiplicative group of Fqm . Let

α be a primitive element of Fqm . Then one can also show that the multiplicative √ v 2π −1jv/N characters on Fqm are exactly the mappings of the form α 7→ e for some positive divisor N of qm − 1 and some integer j coprime to N. In this case we say that ψ is of order N and usually highlight this by writing ψN instead of ψ. The Gaussian sums of order N are given by

(qm) X Gqm ψN , χa = ψN (β)χqm (aβ). ∗ β∈Fqm

(qm) We denote Gqm (ψN ) := Gqm (ψN , χqm ). Note that if a 6= 0, then Gqm (ψN , χa ) =

ψN (a)Gqm (ψN ) (Theorem 5.12 (i), [48]).

m m ∗ m For N | q −1 (i.e., N divides q −1) the cyclotomic classes of Fqm of type (N, q ) (N,qm) k N (N,qm) (N,qm) are deﬁned by Ck = α α , where k ∈ Z. Clearly Ck = C0 whenever

43 k ≡ 0 (mod N). Then the Gaussian periods of type (N, qm) are given by

(N,qm) X ηk = χqm (x). (N,qm) x∈Ck

(1,qm) In the case when N = 1, one can easily show that ηk = −1 for any k ∈ Z. In the cases when N ≥ 2, it is however much more diﬃcult to attain explicit formulas for these and only few results are known, for rather small N. The Gaussian sums are the discrete Fourier transforms of the Gaussian periods and hence the two are related by the equation

N−1 N−1 m (N,q ) 1 X X k j 1 X j k j ηk = χqm α x ψN (x) = ψN (α )Gqm ψN (2.3.2) N ∗ N j=0 x∈Fqm j=0 N−1 ! 1 X j k j = −1 + ψ (α )G m ψ , N N q N j=1 where ψN is a multiplicative character of Fqm with order N (see Equation (9) in [26]). In their study of Hamming weights of irreducible cyclic codes, Ding and Yang [26] recently obtained the following result regarding cyclotomic classes.

m Lemma 2.3.1 (Lemma 5, [26]). Let N be a positive divisor of q −1 and let k ∈ Z. Let Q := (qm − 1)/(q − 1). We have the following multiset equality:

n m o (q − 1) gcd (Q, N) m ax : a ∈ ∗, x ∈ C(N,q ) = ∗ C(gcd(Q,N),q ), Fq k N k where the right hand side denotes the multiset in which each element in the set m (q − 1) gcd (Q, N) C(gcd(Q,N),q ) appears in the multiset with multiplicity . k N

A consequence to the above is the following.

44 m Lemma 2.3.2. Let N | q − 1 and let k ∈ Z. Then

q−2 X (N,qm) (q − 1) gcd (Q, N) (gcd(Q,N),qm) η = η . Qi+k N k i=0

Proof. By the deﬁnition of Gaussian periods and by Lemma 2.3.1,

q−2 q−2 q−2 X (N,qm) X X Qi+k X X Qi ηQi+k = χqm α x = χqm α x i=0 i=0 (N,qm) i=0 (N,qm) x∈C0 x∈Ck X X (q − 1) gcd (Q, N) X = χ m (ax) = χ m (x) q N q ∗ (N,qm) (gcd(Q,N),qm) a∈Fq x∈Ck x∈Ck (q − 1) gcd (Q, N) m = η(gcd(Q,N),q ). N k

(N,qm) Remark 2.3.3. It is known that ηk ∈ Z whenever N | Q (see Theorem 13 (i) in [26]).

The following results about Gaussian periods are well known and may be found for example in [26]. We only give the 0-th Gaussian periods as these will be of greater interest to us in the sections that follow. For the other cases we refer the interested reader to [26].

Lemma 2.3.4. When N = 2, the 0-th Gaussian periods are given by the following:

 −1 + (−1)sm−1qm/2  m  if p ≡ 1 (mod 4); η(2,q ) = 2 √ 0 −1 + (−1)sm−1 −1sm qm/2  if p ≡ 3 (mod 4).  2

In the case when N = 3 we only give a particular instance although the results in

45 other cases are also known.

Lemma 2.3.5. Let N = 3, let sm ≡ 0 (mod 3), let p ≡ 1 (mod 3), and let (c, d) be the unique (up to sign) solutions to the equation 4psm/3 = c2 + 27d2 with c ≡ 1

(mod 3) and p - c. Then m/3 m −1 + cq η(3,q ) = . 0 3

The Gaussian periods in the so called semi-primitive case are known as well and are given in the following lemma. See [26].

Lemma 2.3.6. Assume that N > 2 and there exists a positive integer j such that pj ≡ −1 (mod N) and that j is the least such. Let r = p2jγ for some integer γ. (a) If γ, p and (pj + 1)/N are all odd, then

r1/2 + 1 η(N,r) = − . 0 N

(b) In all other cases,

(−1)γ+1(N − 1)r1/2 − 1 η(N,r) = . 0 N

The following lemma will be useful as well.

Lemma 2.3.7. Let q be a power of a prime p and let Q = (qm − 1)/(q − 1). Then

 −1 if p m; (Q,qm)  - η0 =  q − 1 otherwise.

Proof. By deﬁnition,

(Q,qm) X X X X m m η0 = χq (x) = χq (x) = χq TrFqm /Fq (x) = χq(mx). Q ∗ ∗ ∗ x∈hα i x∈Fq x∈Fq x∈Fq

46 Now the result follows by (2.3.1).

47 Chapter 3

On the inverses of some classes of permutations of ﬁnite ﬁelds

In this chapter 1 we study the compositional inverses of several classes of permutation polynomials and present several results in this area. We apply the method highlighted in the introduction and proceed to obtain inverses of several classes of permutations. The list of chosen permutations for which we study their inverses is by no means exhaustive, although the method could potentially be used to obtain several more inverses of other classes of permutations not given here. Moreover, more corollaries than we have given here may be possible from our results, which could be obtained by choosing speciﬁc instances of the variables ϕ, ψ, g, h, etc.. This chapter is organized as follows. In Section 3.1 we prove Theorems 1.0.2, 3.1.10, where we give the compositional inverses of two classes of permutation polynomials given in [3], [88], respectively, written in terms of the inverses of two poly-

1This chapter is substantively based on the following article originally published in Finite Fields and Their Applications, https://doi.org/10.1016/j.ffa.2014.02.006. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [70] A. Tuxanidy and Q. Wang, On the inverses of some classes of permutations of ﬁnite ﬁelds, Finite Fields and their Applications, v.28 (2014), p.244–281. https://doi.org/10.1016/j.ffa. 2014.02.006

48 nomials permutating subspaces of Fqn . We then proceed to obtain several corollaries from them. In Section 3.2 we explicitly obtain, in Theorem 3.2.4 and Corollary 3.2.6, the preimages and compositional inverses, respectively, of a class of permutation polynomials generalizing those in [23] and [81]. Finally in Section 3.3 we prove Theorem 1.0.10, which gives the explicit compositional inverse of a class of permutation polynomials generalizing that of a linearized permutation class whose inverse was recently obtained in [79]. See also Lemma 3.3.3 which corresponds to the case when G(x) = x and c = 1 below. In particular, the method employed here to obtain such a result, as an application of Theorem 1.0.2, seems considerably less complicated than that of [79].

3.1 Inverses of some classes of permutations

Proof of Theorem 1.0.2. First note that since |Sψ| = |Sψ¯| and ker(ϕ) ∩ ψ(Sψ) = ker(ϕ)∩ker(ψ) = {0}, then ϕ is a bijection from Sψ to Sψ¯ (and hence invertible there) by Lemma 2.1.13. Now letting y := ψ(x), z := x − ψ(x), we obtain

Y := ψ¯(f(x)) = h(ψ(x))ϕ(ψ(x)) + ψ¯(g(ψ(x))) = h(y)ϕ(y) + ψ¯(g(y)) ¯ ¯ = f(y) ∈ ψ(Fqn );

Z := f(x) − ψ¯(f(x)) = h(y)ϕ(x) + g(y) − h(y)ϕ(y) − ψ¯(g(y)) ¯ = h(y)ϕ(z) + g(y) − ψ(g(y)) ∈ Sψ¯.

49 Then by the deﬁnition of F from Lemma 2.1.10, we get

−1 F (φψ(x)) = F (y, z) = φψ¯ f φψ (y, z) = φψ¯(f(y + z)) ¯ ¯ = φψ¯(f(x)) = (ψ(f(x)), f(x) − ψ(f(x)))

= (Y,Z).

Hence F is deﬁned by

F (y, z) = (f¯(y), h(y)ϕ(z) + g(y) − ψ¯(g(y))) = (Y,Z)

for y ∈ ψ(Fqn ) and z ∈ Sψ. Now, from Lemma 2.1.10 we know that F induces a

bijection from φψ(Fqn ) to φψ¯(Fqn ) (because f is a permutation of Fqn , by assumption).

Since ϕ induces a bijection from Sψ to Sψ¯ and h(y) 6= 0 for each y ∈ ψ(Fqn ), it follows ¯ thatϕ ¯y(z) := h(y)ϕ(z) + g(y) − ψ(g(y)) is also bijective from Sψ to Sψ¯ for each ¯ ¯ y ∈ ψ(Fqn ). Moreover, f induces a bijection from ψ(Fqn ) to ψ(Fqn ) by Theorem 1.0.1 ¯ (ii). Thus, since F (y, z) = (f(y), ϕ¯y(z)), we can get the inverse of F (y, z) from the ¯ ¯−1 inverses of f(y)|ψ(Fqn ) andϕ ¯y(z)|Sψ . Now, because y = f (Y ), we obtain

Z − g(y) + ψ¯(g(y)) z = ϕ−1| Sψ¯ h(y) Z − g(f¯−1(Y )) + ψ¯(g(f¯−1(Y ))) = ϕ−1| . Sψ¯ h(f¯−1(Y ))

Hence,

Z − g(f¯−1(Y )) + ψ¯(g(f¯−1(Y ))) F −1(Y,Z) = f¯−1(Y ), ϕ−1| . Sψ¯ h(f¯−1(Y ))

50 −1 −1 −1 ¯ ¯ As f = φψ ◦ F ◦ φψ¯ by Lemma 2.1.10, then letting Y = ψ(x) and Z = x − ψ(x), we ﬁnally obtain

! x − ψ¯(x) − g f¯−1 ψ¯(x) + ψ¯ g f¯−1 ψ¯(x) f −1(x) = f¯−1 ψ¯(x) + ϕ−1| , Sψ¯ h f¯−1 ψ¯(x)

as required. ¯ If ϕ is a bijection from ψ(Fqn ) to ψ(Fqn ), then by Lemma 2.1.12 it permutes Fqn (since additionally ker(ϕ) ∩ ker(ψ) = {0} because f is a permutation). We claim that ¯ ¯−1 for anyy ¯ ∈ ψ(Fqn ), f (¯y) satisﬁes

! y¯ − ψ¯ g f¯−1(¯y) f¯−1(¯y) = ϕ−1 . h f¯−1(¯y)

Indeed,

f¯f¯−1(¯y) = h f¯−1(¯y) ϕ f¯−1(¯y) + ψ¯ g f¯−1(¯y) !! y¯ − ψ¯ g f¯−1(¯y) = h f¯−1(¯y) ϕ ϕ−1 + ψ¯ g f¯−1(¯y) h f¯−1(¯y)

=y. ¯

¯−1 ¯ Similarly one can show that f f(y) = y for each y ∈ ψ(Fqn ). Now the fact that ϕ−1 must be additive yields the result.

We now proceed to obtain several corollaries.

Corollary 3.1.1 (See Theorem 5.5, [3]). Let a ∈ Fq, let b ∈ Fqn , let P,L ∈ Fq[x] be q-polynomials. Let H ∈ Fqn [x] such that H(L(Fqn )) ⊆ Fq \ {−a}, and assume

f(x) = aP (x) + (P (x) + b)H(L(x))

51 permutes Fqn . Then ker(P )∩ker(L) = {0}, and if additionally ker(P )∩L(SL) = {0},

the inverse of f on Fqn is given by

P −1| x − L(x) − bH f¯−1(L(x)) + L bH f¯−1(L(x)) f −1(x) = f¯−1(L(x)) + SL , a + H f¯−1(L(x))

¯ where f(x) = (a + H(x))P (x) + L(b)H(x) is a permutation of L(Fqn ).

Proof. This is Theorem 1.0.1 and 1.0.2 with h = a + H, ϕ = P , ψ = L, and g = bH.

Proof of Corollary 1.0.4. By Theorem 1.0.1, if f is a permutation of Fqn , then ¯ ¯ ¯ f(x) = ψ(g(x)) + h(x)ϕ(x) = h(x)ϕ(x) is a bijection from ψ(Fqn ) to ψ(Fqn ). In

¯ n n particular, f|ψ(Fqn ) is surjective. Thus for any y ∈ Fq , there exists an x ∈ Fq such that ψ¯(y) = h(ψ(x))ϕ(ψ(x)) = ϕ(ψ(x)h(ψ(x))) = ϕ(ψ(xh(ψ(x)))). Hence ϕ is a

n ¯ n n ¯ n surjection from ψ(Fq ) to ψ(Fq ). But |ψ(Fq )| = |ψ(Fq )|. Then ϕ|ψ(Fqn ) is a bijection ¯ ∗ ¯ from ψ(Fqn ) to ψ(Fqn ). In particular, if h(ψ(Fqn )) = c ∈ Fq, then f is a bijection from ¯ ψ(Fqn ) to ψ(Fqn ) if and only if so is ϕ. Now, since ker(ϕ) ∩ ker(ψ) = {0} additionally

(because f is a permutation), ϕ is a permutation of Fqn by Lemma 2.1.12. Now ¯ the rest follows from Theorem 1.0.2 together with the fact that for anyy ¯ ∈ ψ(Fqn ), f¯−1(¯y) = ϕ−1(¯y)/h(f¯−1(¯y)).

q (qn−1)/(q−1) We denote Q(x) := x − x, and N(x) := x . Since q-polynomials over Fq commute under composition, and T ◦Q = Q◦T = Q◦N = 0, the following corollaries are straightforward applications of Corollary 1.0.4.

Corollary 3.1.2 (See Theorem 5.8, [3]). Let ϕ ∈ Fq[x] be a q-polynomial, let G ∈

Fqn [x], let h ∈ Fqn [x] such that h(Fq) ⊆ Fq \{0}. Assume that

f(x) = h(T (x))ϕ(x) + Q(G(T (x)))

52 is a permutation of Fqn . Then ϕ is a permutation of Fqn and the inverse of f on Fqn is given by !! ϕ−1 (T (x)) ϕ−1 x − Q ◦ G h f¯−1(T (x)) f −1(x) = , h f¯−1(T (x)) ¯ where f(x) := ϕ(1)xh(x) is a permutation of Fq.

Corollary 3.1.3 (See Theorem 5.10, [3]). Let ϕ ∈ Fq[x] be a q-polynomial, let G ∈

Fqn [x], let h ∈ Fqn [x] such that h(Q(Fqn )) ⊆ Fq \{0}. Assume that

f(x) = h(Q(x))ϕ(x) + T (G(Q(x)))

is a permutation of Fqn . Then ϕ is a permutation of Fqn and the inverse of f on Fqn is given by !! ϕ−1 (Q(x)) ϕ−1 x − T ◦ G h f¯−1(Q(x)) f −1(x) = , h f¯−1(Q(x)) ¯ where f(x) := h(x)ϕ(x) is a permutation of Q(Fqn ).

As a consequence of Corollary 3.1.3, we get Proposition 1.0.5.

Proof of Proposition 1.0.5. Follows directly from Corollary 3.1.3 by noticing that

−1 q 2 2 −1 q ϕ (x) = (ax − bx)/(a − b ) on Fq2 , ϕ (Q(x)) = Q(x)/(b − a), and T (x) = T (x) for any x ∈ Fq2 .

Corollary 3.1.4 (See Theorem 5.10, [3]). Let ϕ ∈ Fq[x] be a q-polynomial, let G ∈ (qn−1)/(q−1) Fqn [x], let h ∈ Fqn [x] such that h(Q(Fqn )) ⊆ Fq \{0}. Let N(x) := x , and assume that f(x) = h(Q(x))ϕ(x) + N(G(Q(x))) is a permutation of Fqn . Then ϕ is a permutation of Fqn and the inverse of f on Fqn

53 is given by !! ϕ−1 (Q(x)) ϕ−1 x − N ◦ G h f¯−1(Q(x)) f −1(x) = , h f¯−1(Q(x)) ¯ where f(x) := h(x)ϕ(x) is a permutation of Q(Fqn ).

Proof of Corollary 1.0.6. In this case h = 1, g = γG, and ψ = T .

Letting G(x) = x in Corollary 1.0.6, the following is straightforward.

Corollary 3.1.5 (See Corollary 3.5, [88]). Let ϕ ∈ Fq[x] be a q-polynomial permuting

Fqn , let γ ∈ Fqn , let c = T (γ), and assume that

f(x) = ϕ(x) + γT (x)

permutes Fqn . Then c + ϕ(1) 6= 0 and the inverse of f on Fqn is given by

γT (x) f −1(x) = ϕ−1 x − . c + ϕ(1)

Some other consequences of Theorem 1.0.2 are the following corollaries.

Theorem 3.1.6 (Theorem 5.12 (a), [3]). Let k ≥ 2 be an even integer, let L(x) =

q ax + bx, where a, b ∈ Fq such that a 6= ±b. Then both L and

f(x) = L(x) + Q(x)k

are permutations of Fq2 .

Corollary 3.1.7. Using the same notations as in Theorem 3.1.6, the inverse of f on

Fq2 is given by axq − bx 1 Q(x)k f −1(x) = − . a2 − b2 a + b a − b

54 Proof. Here ψ = Q, g(x) = xk, ϕ = L, h = 1, and f¯(x) = Q(xk) + L(x) is a

k permutation of Q(Fqn ). The fact that k ≥ 2 is even gives Q[(Q(x)) ] = 0 for any ¯ ¯−1 −1 x ∈ Fq2 . Then f(Q(x)) = L(Q(x)) = Q(L(x)); thus f (Q(x)) = L (Q(x)). Then by Theorem 1.0.2 we obtain

f −1(x) = L−1 x − L−1(Q(x))k .

2 2 ∗ Note that since a, b ∈ Fq and a 6= ±b, then a − b ∈ Fq. The reader can check that L−1(x) = (axq − bx)/(a2 − b2) from which it follows that L−1(Q(x)) = Q(x)/(b − a). Then using the fact that k is even we obtain

Q(x)qk Q(x)k ! a − b Q(x)k b − a b − a L−1 L−1(Q(x))k = L−1 = b − a a2 − b2 Q(x)k Q(x)k a − b b − a b − a = a2 − b2 1 Q(x)k = , a + b a − b

from which the result follows since L−1 is additive.

Theorem 1.0.2 also yields a proof of Corollary 1.0.8.

Proof of Corollary 1.0.8. We have ψ = L1, ϕ = L2 is a permutation of Fqn and s particularly of L1(Fqn ) by Corollary 6.2 in [26], h = 1, g(x) = (G(x)) . From the s ¯ proof of Corollary 6.2 in [88], L1[(G(L1(x))) ] = 0, and f = L2 is a permutation of

L1(Fqn ). Now Theorem 1.0.2 gives the result.

The following is a direct consequence of Corollary 1.0.8 above and of Corollary 6.2 in [88].

55 Corollary 3.1.8 (See Corollary 6.3, [88]). Let n and k be positive integers such that gcd(n, k) = d > 1, and let s be a positive integer with s(qk − 1) ≡ 0 (mod qn − 1). Then

k s f(x) = x + xq − x + δ permutes Fqn for any δ ∈ Fqn , and the inverse of f on Fqn is given by

k s f −1(x) = x − xq − x + δ .

qk Proof. This is Corollary 1.0.8 with L1(x) = x − x, G(x) = x + δ, L2(x) = x. Since

−1 L2 (x) = x, the result follows.

Next in Theorem 3.1.10 we give an expression for the compositional inverse of the following class of permutation polynomials obtained in [88], given in terms of certain inverses of bijections of subspaces.

Theorem 3.1.9 (Theorem 3.1, [88]). Let r ≥ 1 and n ≥ 1 be positive integers. Let

ψ, L1,...,Lr ∈ Fq[x] be q-polynomials, g ∈ Fqn [x], h1, . . . , hr ∈ Fq[x] and δ1, . . . , δr ∈

Fqn such that ψ(δi) ∈ Fq and hi(ψ(Fqn )) ⊆ Fq. Then

r X f(x) = g(ψ(x)) + (Li(x) + δi)hi(ψ(x)) i=1 is a permutation polynomial of Fqn if and only if the following two conditions hold. r ¯ X (i) f(x) := ψ(g(x)) + (Li(x) + ψ(δi))hi(x) permutes ψ(Fqn ); and i=1 r X (ii) for any y ∈ ψ(Fqn ), ϕy(x) := Li(x)hi(y) permutes ker(ψ). i=1 Theorem 3.1.10. Using the same notations as in Theorem 3.1.9, assume f permutes

−1 n ¯ ¯ n −1 Fq , and let f be the inverse of f|ψ(Fqn ). Then if x ∈ Fq is such that ker(ϕf¯ (ψ(x)))∩

56 ψ(Sψ) = {0}, the preimage of x under f is given by

r −1 ¯−1 −1 ¯−1 X ¯−1 f (x) = f (ψ(x)) + ϕf¯−1(ψ(x))|Sψ x − ψ(x) − g f (ψ(x)) − δihi f (ψ(x)) i=1 r !! ¯−1 X ¯−1 + ψ g f (ψ(x)) + δihi f (ψ(x)) . i=1

Furthermore, if x ∈ Fqn is such that ker(ϕf¯−1(ψ(x))) ∩ ψ(Fqn ) = {0}, then ϕf¯−1(ψ(x)) permutes Fqn , and the preimage of x under f is given by

r ! −1 −1 ¯−1 X ¯−1 f (x) = ϕf¯−1(ψ(x)) x − g f (ψ(x)) − δihi f (ψ(x)) . i=1

Proof. As each Li is q-linear over Fq and each hi(y) ∈ Fq for any y ∈ ψ(Fqn ), then ϕy is also q-linear over Fq for any such y. Then ϕy ◦ψ = ψ◦ϕy. Of course, Li ◦ψ = ψ◦Li as −1 well. Thus we apply Lemma 2.1.10 with F = φψ ◦ f ◦ φψ . As before we let y := ψ(x) and z := x − ψ(x). We have

r X ¯ Y := ψ(f(x)) = ψ(g(y)) + (Li(y) + ψ(δi))hi(y) = f(y); and i=1 r X Z := f(x) − ψ(f(x)) = g(y) − ψ(g(y)) + (Li(z) + δi − ψ(δi))hi(y) i=1 r r ! X X = ϕy(z) + g(y) + δihi(y) − ψ g(y) + δihi(y) . i=1 i=1

¯−1 Hence F is deﬁned by F (y, z) = (Y,Z). If for y = f (Y ), ker(ϕy) ∩ ψ(Sψ) = {0},

then ϕy is invertible on Sψ by Lemma 2.1.13 since ker(ϕy)∩ker(ψ) = {0} additionally (because f is a permutation). For such y we obtain

r r !! −1 X X z = ϕy |Sψ Z − g(y) − δihi(y) + ψ g(y) + δihi(y) . i=1 i=1

57 Hence

r −1 ¯−1 −1 ¯−1 X ¯−1 F (Y,Z) = f (Y ), ϕf¯−1(Y )|Sψ Z − g f (Y ) − δihi f (Y ) i=1 r !!! ¯−1 X ¯−1 + ψ g f (Y ) + δihi f (Y ) . i=1

−1 −1 −1 Since f = φψ ◦ F ◦ φψ, letting Y = ψ(x) and Z = x − ψ(x), we obtain

r −1 ¯−1 −1 ¯−1 X ¯−1 f (x) = f (ψ(x)) + ϕf¯−1(ψ(x))|Sψ x − ψ(x) − g f (ψ(x)) − δihi f (ψ(x)) i=1 r !! ¯−1 X ¯−1 + ψ g f (ψ(x)) + δihi f (ψ(x)) i=1

whenever x ∈ Fqn is such that ker(ϕf¯−1(ψ(x))) ∩ ψ(Sψ) = {0}.

If y ∈ ψ(Fqn ) is such that ϕf¯−1(y) permutes ψ(Fqn ), then ϕf¯−1(y) permutes Fqn by Lemma 2.1.12. We claim that f¯−1(y) satisﬁes

r !! ¯−1 −1 ¯−1 X ¯−1 f (y) = ϕf¯−1(y) y − ψ g f (y) + δihi f (y) . i=1

Indeed,

r !! ¯−1 ¯ −1 ¯ X f (f(y)) = ϕy f(y) − ψ g(y) + δihi(y) i=1 r r !! −1 X X = ϕy ψ(g(y)) + (Li(y) + ψ(δi))hi(y) − ψ g(y) + δihi(y) i=1 i=1 r ! −1 X −1 = ϕy Li(y)hi(y) = ϕy (ϕy(y)) i=1 = y.

¯ ¯−1 −1 Similarly one can show that f f (y) = y. Now using the fact that ϕf¯−1(y) is

58 additive, we get the result.

In particular in the case when ψ = T , Theorem 3.1.10 yields the following.

Corollary 3.1.11 (See Corollary 3.3, [88]). Let r ≥ 1 and n ≥ 1 be positive integers. Let L1,...,Lr ∈ Fq[x] be q-polynomials, g ∈ Fqn [x], h1, . . . , hr ∈ Fq[x], and

δ1, . . . , δr ∈ Fqn . If

r X f(x) = g(T (x)) + (Li(x) + δi)hi(T (x)) i=1

r ¯ X is a permutation of Fqn , then f(x) := T (g(x)) + (Li(1)x + T (δi))hi(x) is a permu- i=1 r X tation of Fq, and ϕy(x) := Li(x)hi(y) is a permutation of ker(T ) for any y ∈ Fq. i=1 r X ¯−1 (i) If p | n or x ∈ Fqn is such that Li(1)hi(f (T (x))) 6= 0 (equivalently, i=1 ϕf¯−1(T (x)) permutes Fq), then ϕf¯−1(T (x)) permutes Fqn , and the preimage of x under f is given by

r ! −1 −1 ¯−1 X ¯−1 f (x) = ϕf¯−1(T (x)) x − g f (T (x)) − δihi f (T (x)) . i=1

(ii) If p - n, the inverse of f on Fqn is given by

f −1(x) = n−1f¯−1(T (x))+

r −1 −1 ¯−1 X ¯−1 +ϕf¯−1(T (x))|ker(T ) x − n T (x) − g f (T (x)) − δihi f (T (x)) i=1 r !! −1 ¯−1 X ¯−1 + n T g f (T (x)) + δihi f (T (x)) . i=1

¯ Proof. That f, ϕy, are permutations of Fq and ker(T ), respectively, follows from The- orem 3.1.9.

59 (i) If p | n, then Fq ⊆ ker(T ) since T (c) = nc = 0 for any c ∈ Fq. But since ϕy

permutes ker(T ) for any y ∈ Fq, and ϕy(Fq) ⊆ Fq, it follows that ϕy permutes Fq.

Now Lemma 2.1.12 implies ϕy permutes Fqn for any y ∈ Fq. That ϕy permuting Fq is r X equivalent with Li(1)hi(y) 6= 0 follows from the fact that each Li is a q-polynomial i=1 over Fq. The rest follows from Theorem 3.1.10. −1 −1 (ii) If p - n, then ker(T ) = {x − n T (x) | x ∈ Fqn }; thus if we let ψ = n T ,

we get Sψ = ker(ψ) = ker(T ). Note that if we deﬁne the polynomial H(x) := f(n−1x), then we obtain an instance of Theorem 3.1.9 with ψ = n−1T , H¯ = n−1f¯ (H) −1 ¯ −1 −1 ¯−1 and ϕy = n ϕy, from which it follows that H (n T (x)) = f (T (x)), and

−1(H) −1 −1 −1 −1 ϕy |ker(T ) = nϕy |ker(T ). Now since f(x) = H(nx), then f (x) = n H (x), and the result follows from Theorem 3.1.10.

We conclude with a few more corollaries. The ﬁrst one below is an application of Theorem 3.1.10.

Corollary 3.1.12 (See Corollary 3.2, [88]). Let L1,L2,L3 : Fqn → Fqn be q-polynomials

over Fq. Let w ∈ Fqn [x] such that w(L3(Fqn )) ⊆ Fq, and assume that

f(x) = L1(x) + L2(x)w(L3(x))

¯ permutes Fqn . Let f(x) = L1(x) + L2(x)w(x), and for y ∈ L3(Fqn ), let ϕy(x) =

n −1 L1(x) + L2(x)w(y). Then if x ∈ Fq is such that ker(ϕf¯ (L3(x))) ∩ L3(SL3 ) = {0}, the preimage of x under f is given by

−1 ¯−1 −1 f (x) = f (L3(x)) + ϕ −1 |S (x − L3(x)) . f¯ (L3(x)) L3

n −1 n −1 Furthermore, if x ∈ Fq is such that ϕf¯ (L3(x)) permutes L3(Fq ), then ϕf¯ (L3(x))

60 permutes Fqn , and the preimage of x under f is given by

−1 −1 f (x) = ϕ −1 (x). f¯ (L3(x))

Proof. Here r = 2, g = 0, h1 = 1, h2 = w, δ1 = δ2 = 0, and ψ = L3. In the case of ϕf¯−1(y) permuting L3(Fqn ) for y ∈ L3(Fqn ), it permutes Fqn since it additionally ¯ permutes ker(L3) because f is a permutation. Then since f(y) = ϕy(y), we get ¯−1 −1 f (y) = ϕf¯−1(y)(y), from which the result follows.

The proof of Theorem 1.0.9 is essentially the same as the proof of Theorem 3.1.12, where the linear equation in part (b) follows from Corollary 2.1.7.

m Theorem 3.1.13 (Theorem 3, [24]). Let q = p be a prime power, let g ∈ Fq[x], let

H ∈ Fq[x] be additive, and let f(x) = H(x) + xg(T (x)). Then f(x) is a permutation polynomial of Fqn if and only if the following two conditions hold.

(i) For any y ∈ Fq and any x ∈ Fqn we have ϕy(x) := H(x) + xg(y) = 0 and T (x) = 0 if and only if x = 0. ¯ (ii) f(x) := H(x) + xg(x) is a permutation polynomial of Fq.

Corollary 3.1.14. Using the same notations as in Theorem 3.1.13, we have that

ϕy(x) = H(x) + xg(y) is a permutation of ker(T ), for any y ∈ Fq.

(i) If p | n or x ∈ Fqn is such that ϕf¯−1(T (x)) permutes Fq, then ϕf¯−1(T (x)) permutes

Fqn , and the preimage of x under f is given by

−1 −1 f (x) = ϕf¯−1(T (x))(x).

(ii) If p - n, then the inverse of f on Fqn is given by

−1 −1 ¯−1 −1 −1 f (x) = n f (T (x)) + ϕf¯−1(T (x))|ker(T ) x − n T (x) .

61 Proof. It follows directly from Corollary 3.1.11, 3.1.12, and Theorem 3.1.13.

3.2 Compositional inverse of a general class

In this section we give the compositional inverse of a class of permutation polynomials generalizing those considered in [23] and [81], respectively. First in Lemma 3.2.1 we give a compositional inverse over ker(T ) of a simple p-polynomial inducing a permutation of ker(T ). Then, using this result, we give, in Theorem 3.2.4 and Corollary 3.2.6, the preimages and compositional inverse, respectively, of a more general class of permutation polynomials. Similarly as done in [81], our result is left as an expression ¯ in terms of the inverse of f over the subspace Fq.

m ∗ p Lemma 3.2.1. Let q = p be a power of a prime p, let c ∈ Fq, let Pc(x) = x + cx, j −(pj+1−1)/(p−1) and for 0 ≤ j ≤ m − 1 let aj = (−1) c . Then Pc permutes ker(T ) =

q {β − β | β ∈ Fqn } if and only if c belongs to any of the following two cases, for which a corresponding compositional inverse on ker(T ) is given as follows.

(pm−1)/(p−1) m Case 1: c = (−1) and p - n.

For any δ ∈ Fp, m−1 n−1 1 X X km+j P −1(x) = a (δ − k)xp . c n j j=0 k=0

n(pm−1)/(p−1) mn Case 2: c 6= (−1) . Equivalently, Pc permutes Fqn .

The inverse of Pc on Fqn , and hence on ker(T ), is given by

mn−1 −1 1 X i Pmn−1 pj pi P (x) = (−1) c j=i+1 x . c cn(pm−1)/(p−1) + (−1)mn−1 i=0

62 (pm−1)/(p−1) m Proof. Case 1: Assuming that c = (−1) , p - n, and using the facts that pj −1 ajc = −aj−1 for j > 0, am−1 = −1, and a0 = c , we get

m−1 n−1 −1 −1 X X p pkm+j Pc (Pc(x)) = n aj(δ − k)(x + cx) j=0 k=0 m−1 n−1 −1 X X pkm+j+1 pj pkm+j = n aj(δ − k) x + c x j=0 k=0 m n−1 m−1 n−1 −1 X X pkm+j −1 X X pj pkm+j = n aj−1(δ − k)x + n aj(δ − k)c x j=1 k=0 j=0 k=0 n−1 n−1 X (k+1)m X km = n−1 (k − δ)xp + n−1 (δ − k)xp k=0 k=0 m−1 n−1 −1 X X pj pkm+j +n (δ − k)(aj−1 + ajc )x j=1 k=0 n n−1 X km X km = n−1 (k − 1 − δ)xp + n−1 (δ − k)xp k=1 k=0 n−1 X km = n−1(n − 1)x − n−1 xp k=1 = n−1(n − 1)x + n−1(x − T (x))

= x − n−1T (x)

= x,

p for all x ∈ ker(T ). Similarly, using the fact that caj = −aj−1 for j > 0, one can −1 −1 show that Pc(Pc (x)) = x for all x ∈ ker(T ). Note that Pc must be unique upon reduction modulo T ; we may set for instance δ = 0. Moreover, the existence of the

−1 inverse Pc on ker(T ) is equivalent with Pc permuting ker(T ) as maps are invertible on a set if and only if they induce bijections of that set.

In the case when p | n, we show that Pc does not permute ker(T ) for any such c.

Note that T (k) = nk = 0 for any k ∈ Fq; thus Fq ⊆ ker(T ). Then since Pc(Fq) ⊆ Fq

63 additionally, it suﬃces to show that Pc does not permute Fq. To do this we show that the determinant of m × m associate Dickson matrix, DPc , is zero. Indeed,

  c 1 0 0 ··· 0      0 cp 1 0 ··· 0  D =   ; Pc  . . .   . . .      1 0 0 0 ··· cpm−1

(pm−1)/(p−1) thus, applying the cofactor expansion in the ﬁrst column, we get det(DPc ) = c + (−1)m−1 = 0, by assumption. This completes the proof of Case 1. Note that we have

(pm−1)/(p−1) m also obtained that Pc is a permutation of Fq if and only if c 6= (−1) . (pm−1)/(p−1) m Case 2: Otherwise assume c 6= (−1) . We show that Pc is a permutation of ker(T ) if and only if it is a permutation of Fqn which happens if and only if cn(pm−1)/(p−1) 6= (−1)mn. Now, from the proof of Case 1 we know that in this case

Pc is a permutation of Fq. Since p-polynomials over Fq commute with q-polynomials over Fp, we have Pc ◦ T = T ◦ Pc. Thus we can apply Lemma 2.1.12 to obtain that

Pc is a permutation of ker(T ) if and only if it permutes Fqn (since T (Fqn ) = Fq additionally). Thus, similarly as done in Case 1, we compute the determinant of the mn × mn associate Dickson matrix. We have

  c 1 0 0 ··· 0      0 cp 1 0 ··· 0  D =   ; Pc  . . .   . . .      1 0 0 0 ··· cpmn−1

Pmn−1 i i=0 p mn−1 hence, using the fact that c ∈ Fq, we get det(DPc ) = c + (−1) = n(pm−1)/(p−1) mn−1 n(pm−1)/(p−1) c +(−1) . Therefore Pc is a permutation of Fqn if and only if c 6=

64 mn −1 (−1) . Here we will use Proposition 2.1.1 to obtain an expression for Pc . For

this we need the (i, 0)-th cofactors, 0 ≤ i ≤ mn − 1, of DPc , which are given by

i Pmn−1 pj a¯i = (−1) c j=i+1 . Now Proposition 2.1.1 gives the result. Indeed,

mn−1 Pmn−1 pj pi X (−1)ic j=i+1 (xp + cx) P −1 (P (x)) = c c cn(pm−1)/(p−1) + (−1)mn−1 i=0 Pmn−1 j i+1 i i mn−1 i j=i+1 p p p p X (−1) c x + c x = cn(pm−1)/(p−1) + (−1)mn−1 i=0 mn Pmn−1 pj i mn−1 Pmn−1 pj i X (−1)i−1c j=i xp X (−1)ic j=i xp = + cn(pm−1)/(p−1) + (−1)mn−1 cn(pm−1)/(p−1) + (−1)mn−1 i=1 i=0 Pmn−1 j Pmn−1 j i mn−1 i−1 j=i p i j=i p p X (−1) c + (−1) c x = x + cn(pm−1)/(p−1) + (−1)mn−1 i=1 = x.

−1 Similarly one can show that Pc(Pc (x)) = x. At this point we have exhausted all the possibilities for c and so the proof is complete.

Remark 3.2.2. Of course one can use Theorem 2.1.5 to obtain the result in Case 1, as we have done in Example 2.1.8 with δ = n − 1 there. As a way of comparison, and in the style of Remark 3.4 in [81], here we give an explanation of the “direct” method the authors used prior to obtaining the aforementioned results. First note that

Pc(ker(T )) ⊆ ker(T ). As the set of p-polynomials over Fq permutating a subspace mn−1 −1 X pi of Fqn forms a group under composition, assume Pc (x) = γ dix for some i=0 ∗ γ ∈ Fp and some elements di ∈ Fq, whenever Pc is invertible on ker(T ). Write m−1 n−1 −1 X X pkm+j Pc (x) = γ dkm+jx . For any x ∈ ker(T ), and using the fact that x − j=0 k=0

65 T (x) = −xpm − xp2m − · · · − xp(n−1)m , assume

m−1 n−1 −1 X X p pkm+j Pc (Pc(x)) = γ dkm+j (x + cx) j=0 k=0 n−1 X pkm = γ(dnm−1 + d0c)x + γ (dkm−1 + dkmc)x k=1 m−1 n−1 X X pj pkm+j + γ dkm+j−1 + dkm+jc x j=1 k=0

= γ(dnm−1 + d0c + 1)x − γT (x)

= γ(dnm−1 + d0c + 1)x

= x.

We must have dnm−1 + d0c + 1 6= 0 and the system of equations

  pi di−1 + dic = 0, if m - i;  di−1 + dic = −1, if m | i,

for 0 < i < mn, with solution given by dkm+j = ajcdkm = ajbk, where

k−1 k X l bk := (−am−1) δ − (−am−1) l=0 with δ := cd0 to be determined, for 0 ≤ j ≤ m − 1 and 0 ≤ k ≤ n − 1. Note that if

−1 δ ∈ Fp, then each bk ∈ Fp as am−1 = −Nq|p(−c ) ∈ Fp, where Nq|p : Fq → Fp is the (q−1)/(p−1) absolute norm function given by Nq|p(y) = y . Hence if dnm−1 + d0c + 1 6= 0,

−1 −1 ∗ we set γ = (dnm−1 + d0c + 1) = (am−1bn−1 + δ + 1) ∈ Fp. It is left to the reader to −1 −1 check that Pc (Pc(x)) = Pc(Pc (x)) = x on ker(T ) if δ ∈ Fp and am−1bn−1 +δ+1 6= 0,

66 in which case the inverse of Pc on ker(T ) is given by

m−1 n−1 −1 −1 X X pkm+j Pc (x) = (am−1bn−1 + δ + 1) ajbkx . j=0 k=0

(pm−1)/(p−1) m Now for Case 1, if we assume c = (−1) , then am−1 = −1; hence bk = δ−k and am−1bn−1 + δ + 1 = −(δ − n + 1) + δ + 1 = n 6= 0 since p - n by assumption.

m Corollary 3.2.3 (Lemma 3.3, [81]). Let q = 2 and n be odd. Let Pc(x) =

2 ∗ x + cx for any c ∈ Fq. Then Pc can induce a permutation of ker(T ) and one of the polynomials that can induce its inverse map is

j  n−1 2 m−1 2 −1 X −(2j+1−1) X q2k Pc (x) = c  x  . j=0 k=0

2m−1 Proof. As 2 - n and c = 1, this is Case 1 of Lemma 3.2.1 with δ = 1.

Denote by Nq|p : Fq → Fp the absolute norm function given by Nq|p(y) = y(q−1)/(p−1).

Theorem 3.2.4. Let q = pm be a power of a prime p, let n be a positive integer, ∗ ¯ p let a ∈ Fq, and assume that g ∈ Fq[x] is such that f(x) := ax + xg(x) induces p a permutation of Fq and ϕy(x) := ax + xg(y) induces a permutation of ker(T ) = q {β − β | β ∈ Fqn }, for each y ∈ Fq. Then

f(x) := axp + xg(T (x))

−1 n ¯ ¯ induces a permutation of Fq . Let f be the inverse of the permutation f|Fq . ¯−1 (a) If x ∈ Fqn is such that g(f (T (x))) = 0, the preimage of x under f is given

67 by xqn/p f −1(x) = . a

Otherwise, if p | n or x ∈ Fqn is such that ϕf¯−1(T (x)) permutes Fq (equivalently, ¯−1 m Nq|p(g(f (T (x)))/a) 6= (−1) ), then ϕf¯−1(T (x)) permutes Fqn and the preimage of x under f is given by

mn−1 i P pj mn−1 i (p −1)/(p−1) ¯−1 j=i+1 X (−1) a g f (T (x)) i f −1(x) = xp . ¯−1 n n i=0 Nq|p g f (T (x)) − Nq|p ((−a) )

¯−1 m (b) Otherwise (if p - n and x ∈ Fqn is such that Nq|p(g(f (T (x)))/a) = (−1) ), the preimage of x under f is given by

 pj  m−1 j (pj −1)/(p−1) n−1 ! −1 −1 ¯−1 X (−1) a X qk −1 f (x) = n f (T (x)) − j+1 k x − n T (x)  . ¯−1 (p −1)/(p−1) j=0 g f (T (x)) k=1

Proof. The fact that f permutes Fqn under the assumptions follows from Theorem 3.1.13 with H(x) = axp.

−1 −1 (a) In this case we have f (x) = ϕf¯−1(T (x))(x) by Corollary 3.1.14. If y ∈ Fq is p −1 qn/p such that g(y) = 0, then ϕy(x) = ax is a permutation of Fqn , and ϕy (x) = (x/a) . p Otherwise, noting that ϕy(x) = aPg(y)/a(x), where Pc(x) = x +cx from Lemma 3.2.1, ¯−1 −1 −1 −1 and substituting y with f (T (x)), we get f (x) = Pg(f¯−1(T (x)))/a(x/a), where Pc , with c = g(f¯−1(T (x)))/a, is given in Case 2 of Lemma 3.2.1. Thus we obtain

Pmn−1 j ! j=i+1 p g f¯−1(T (x)) xpi Pmn−1(−1)i i=0 a a −1 f (x) = !n . g f¯−1(T (x)) N + (−1)mn−1 q|p a

n mn−1 n n − Pmn−1 pj Pmn−1 pj −Pmn−1 pj Now since Nq|p(a) (−1) = −Nq|p(−a) and Nq|p(a) a j=i = a j=0 j=i =

68 Pi−1 pj (pi−1)/(p−1) a j=0 = a , the result follows.

m (b) Assume that y ∈ Fq is such that Nq|p(g(y)/a) = (−1) . Then ϕy(x) = p p ∗ ax + xg(y) = a(x + xg(y)/a) = aPg(y)/a(x) where Pcy , cy = g(y)/a ∈ Fq, is a −1 −1 permutation of ker(T ) in Case 1 of Lemma 3.2.1. Hence ϕy |ker(T )(x) = Pg(y)/a(x/a), −1 ¯−1 where Pg(y)/a is given in Case 1 of Lemma 3.2.1. Then substituting y with f (T (x)) −1 in ϕy |ker(T ) and then using Corollary 3.1.14 together with Case 1 of Lemma 3.2.1 with c = g(f¯−1(T (x)))/a and δ = 0, we get

x − n−1T (x) f −1(x) = n−1f¯−1(T (x)) + P −1 g(f¯−1(T (x)))/a a = n−1f¯−1(T (x))

pj+1−1 m−1 n−1 ! p−1 qkpj X X a x − n−1T (x) − n−1 k(−1)j g f¯−1(T (x)) a j=0 k=1

= n−1f¯−1(T (x))

pj+1−1 m−1 n−1 ! p−1 pj X X a j k − n−1 k(−1)j a−p xq − n−1T (x) g f¯−1(T (x)) j=0 k=1  pj  m−1 j (pj −1)/(p−1) n−1 ! k −1 ¯−1 X (−1) a X q −1 = n f (T (x)) − j+1 k x − n T (x)  , ¯−1 (p −1)/(p−1) j=0 g f (T (x)) k=1 as required.

p Remark 3.2.5. One may ﬁnd several g ∈ Fq[x] such that ϕy(x) = ax + xg(y) = p a(x + xg(y)/a) induces a permutation of ker(T ) for each y ∈ Fq. For instance if

we let m be even and n be such that p - n and gcd(n, p − 1) = 1, then ϕy(x) = p a(x + xg(y)/a) induces a permutation of ker(T ) for each g ∈ Fq[x] and each y ∈ Fq.

Indeed, from Lemma 3.2.1 it follows that ϕy induces a permutation of ker(T ) if and

n only if Nq|p(g(y)/a) = 1 or Nq|p(g(y)/a) 6= 1. Noting that gcd(n, p − 1) = 1 implies

that there does not exist an n-th root of unity in Fp \{1}, then if Nq|p(g(y)/a) 6= 1,

69 n p−1 we get Nq|p(g(y)/a) 6= 1 as required. For example we can pick g(x) = x , and if ¯ p p a 6= −1, then f(x) := ax + xg(x) = (a + 1)x permutes Fq, having inverse (on Fq) given by f¯−1(x) = (x/(a + 1))q/p. As another example we can let g(x) = xq−2L(x) ¯ p p where L ∈ Fq[x] is any p-polynomial such that f|Fq (x) = ax + xg(x) = ax + L(x) is

a permutation of Fq. Then one can use for instance Proposition 2.1.1 to obtain the ¯ inverse of f|Fq .

Corollary 3.2.6. Using the same notations and assumptions of Theorem 3.2.4, the

compositional inverse of f on Fqn [x] is given by

xqn/p f −1(x) = 1 − g f¯−1(T (x))q−1 a  !(q−1)/(p−1) p−1 g f¯−1(T (x)) + g f¯−1(T (x))q−1 − (−1)m  a 

mn−1 i P pj mn−1 i (p −1)/(p−1) ¯−1 j=i+1 X (−1) a g f (T (x)) i · xp ¯−1 n(q−1)/(p−1) n(q−1)/(p−1) i=0 g f (T (x)) − (−a)   !(q−1)/(p−1) p−1 g f¯−1(T (x)) + 1 − − (−1)m   a  

 pj  m−1 j (pj −1)/(p−1) n−1 ! p−2 ¯−1 X (−1) a X qk p−2 · n f (T (x)) − j+1 k x − n T (x)  . ¯−1 (p −1)/(p−1) j=0 g f (T (x)) k=1

Proof. We put the results of Theorem 3.2.4 (a) and (b) together. This is a step function where only one of the three terms is non-zero at a time. Denote cx := ¯−1 g(f (T (x)))/a. The ﬁrst term of the expression is non-zero only if cx = 0 correspond-

(q−1)/(p−1) m ing to the result in (a), while the second is non-zero only if cx 6= 0, (−1) ,

(q−1)/(p−1) m given in (a) as well. The third term is non-zero only if cx = (−1) and p - n, which is given in (b). Because ϕcx is a permutation of ker(T ), then by Lemma 3.2.1 these are all the possibilities of cx; hence we are done.

70 In Theorem 3.2.4, if we let p = 2, n be odd, g(x) = x, and a ∈ Fq \{0, 1}, then we get f(x) = ax2 + xT (x) = x(T (x) + ax), the compositional inverse of which was given in [23]. Similarly, if instead we let g(x) = L(x) + ax for some additive L over

∗ 2 Fq and some a ∈ Fq, then we get f(x) = ax + xg(T (x)) = x(L(T (x)) + aT (x) + ax), whose compositional inverse was obtained in [81]. Thus these compositional inverses should follow from Corollary 3.2.6.

3.3 Explicit compositional inverse of a second class

We further demonstrate the utility of Theorem 1.0.2 by obtaining the explicit compositional inverse of a class of permutation polynomials generalizing that of a linearized class given in Theorem 2.2 of [79], where the corresponding inverse was obtained. Our result is presented in Theorem 1.0.10. See also Lemma 3.3.3 which implies the aforementioned result by giving the compositional inverse of a more general class of linearized permutation polynomials. In particular, the method of our proof, which is an application of Theorem 1.0.2, seems considerably less complicated than that employed in the aforementioned paper; the latter consisted of a direct application of Proposition 2.1.1 and the computation of determinants. First we need the following two lemmas.

q Lemma 3.3.1. Let α ∈ Fqn and denote Tα(x) := T (αx). Then ϕ(x) := x −x induces a bijection from ker(Tα) to ker(T ), in Fqn , if and only if T (α) 6= 0. In the case that

n T (α) 6= 0, one of the polynomials, over Fq , inducing the inverse map of ϕ|ker(Tα), is given by n−1 k −1 −1 X X qj qk ϕ |ker(T )(x) = T (α) α x . k=0 j=0

Proof. If we assume that T (α) = 0, then Tα(1) = T (α) = 0 and ϕ(1) = 0; hence

71 1 ∈ ker(ϕ) ∩ ker(Tα) and ϕ|ker(Tα) is not bijective. Now assume T (α) 6= 0. Since

q ker(T ) = {x − x | x ∈ Fqn } = im(ϕ), then ϕ(ker(Tα)) ⊆ ker(T ). Note that im(Tα) ⊆ −1 Fq (because im(T ) = Fq). Moreover, for any c ∈ Fq, we have c = cT (α) T (α) = −1 T (cT (α) α) ∈ im(Tα); hence im(Tα) = im(T ) = Fq. It follows that | ker(Tα)| =

| ker(T )|. To show that ϕ|ker(Tα) is injective, let k ∈ ker(ϕ) ∩ ker(Tα). In particular,

q ϕ(k) = k − k = 0 implies k ∈ Fq. Then Tα(k) = T (αk) = kT (α) = 0 gives k = 0 as required. Thus ϕ is bijective from ker(Tα) to ker(T ). Next we prove that the given

−1 ϕ |ker(T ) induces the inverse map of ϕ|ker(Tα). Assuming x ∈ ker(Tα), we have

n−1 k −1 −1 X X qj qk+1 qk ϕ |ker(T )(ϕ(x)) = T (α) α x − x k=0 j=0 n k−1 n−1 k ! X X j k X X j k = T (α)−1 αq xq − αq xq k=1 j=0 k=0 j=0 n−1 k−1 k ! X X j X j k = 1 − T (α)−1α x + T (α)−1 αq − αq xq k=1 j=0 j=0 n−1 X qk = 1 − T (α)−1α x − T (α)−1 (αx) k=1

−1 −1 = 1 − T (α) α x − T (α) (Tα(x) − αx)

−1 = x − T (α) Tα(x)

= x,

as required.

Remark 3.3.2. We used Theorem 2.1.5 to obtain the coeﬃcients c¯ = (c0 c1 ··· cn−1)

−1 of ϕ |ker(Tα). That is, we obtained a solution, c¯, to the linear equation

−1 −1 q q2 qn−1 cD¯ ϕ = vq,n(id −T (α) Tα) = −T (α) α − T (α), α , α , . . . , α ,

72 −1 where T (α) Tα is idempotent with kernel ker(Tα), and Dϕ is the n × n associate Dickson matrix of ϕ(x) = xq − x given by

  −1 1 0 0 ··· 0      0 −1 1 0 ··· 0    Dϕ =  . . . . .  .  . . . . .      1 0 0 0 · · · −1

The following lemma gives the compositional inverse of a class of linearized permutation polynomials generalizing that whose inverse was recently obtained in Theorem 2.2, [79]. See Corollary 3.3.5. The method utilized here to obtain such a result, as an application of Theorem 1.0.2, seems much less complicated than that employed in [79].

Lemma 3.3.3. Let α ∈ Fqn , and deﬁne the polynomial

q f(x) := x − x + T (αx) ∈ Fqn [x].

Then the following two results hold.

(a) f is a permutation polynomial over Fqn if and only if T (α) 6= 0, and the

characteristic, p, of Fq, does not divide n.

(b) If T (α) 6= 0 and p - n (equivalently, f is a permutation polynomial over Fqn ),

then the compositional inverse of f over Fqn is

f −1(x) = T (α)−1n−1 (T (x) + B(x)) ,

73 n−1 X qk where the coeﬃcients of B(x) = bkx ∈ Fqn [x] are given by k=0

n−1 n−1 X qj X ql bk = jα − n α , 0 ≤ k ≤ n − 1. j=1 l=k+1

q Proof. (a) As done in Lemma 3.3.1, denote ϕ(x) := x − x, Tα(x) := T (αx). The reader can check that ϕ ◦ Tα = T ◦ ϕ = 0. From the proof of Lemma 3.3.1 we ¯ know that im(Tα) = im(T ) = Fq. Thus letting ψ = Tα, ψ = T , g(x) = x, h = 1, and ϕ as before, we see that the polynomial, f, is an instance of Theorem 1.0.1. Hence, the permutability of f boils down to whether or not both conditions (i), (ii), of Theorem 1.0.1, are satisﬁed. From the proof of Lemma 3.3.1, we know that

ker(ϕ) ∩ ker(Tα) = {0} if and only if T (α) 6= 0. Moreover, for all y ∈ Fq, we have ¯ ¯ f(y) = ϕ(y) + T (y) = ny; thus f permutes im(Tα) = im(T ) = Fq if and only if p - n. Hence, by Theorem 1.0.1, f is a permutation polynomial if and only if T (α) 6= 0 and

p - n. (b) We wish to apply Theorem 1.0.2. However in our speciﬁc case one can show

n that both STα ,ST = Fq which ϕ does not permute. As we shall see, we can bypass this problem by considering instead the permutation polynomial H := T (α)−1f. Noting

−1 −1 −1 −1 that ϕ ◦ T (α) Tα = n T ◦ ϕ = 0 and im(T (α) Tα) = im(n T ) = Fq, we see that −1 ¯ −1 −1 H is an instance of Theorem 1.0.1 with ψ = T (α) Tα, ψ = n T , h = T (α) , and ¯ −1 ϕ, g, as before. We have, for all y ∈ Fq, H(y) = ϕ(y) + n T (y) = y, thus permuting ¯ −1 ¯ −1 Fq = im(ψ) = im(ψ). The reader can check that both ψ = T (α) Tα, ψ = n T , are ¯ idempotent. Then Sψ = ker(ψ) = ker(Tα) and Sψ¯ = ker(ψ) = ker(T ); hence |Sψ| =

from the proof of (a) we know that ker(ϕ)∩Sψ = ker(ϕ)∩ker(Tα) = {0}. In particular

ker(ϕ)∩ψ(Sψ) = {0} since ψ(Sψ) ⊆ Sψ. Thus H satisﬁes the assumptions of Theorem

74 1.0.2, which, after the appropriate substitutions and subsequent simpliﬁcation, yields

−1 −1 −1 −1 H (x) = n T (x) + ϕ |ker(T ) T (α) x − n T (x) .

Now using the fact that f −1(x) = H−1(T (α)−1x), we get

−1 −1 −1 −1 −1 f (x) = T (α) n T (x) + ϕ |ker(T ) x − n T (x) .

n−1 k −1 −1 X X qj qk From Lemma 3.3.1, we may take ϕ |ker(T )(x) = T (α) α x . Thus, k=0 j=0

n−1 k k −1 −1 −1 X X qj −1 q ϕ |ker(T )(x − n T (x)) = T (α) α x − n T (x) k=0 j=0 n−1 k n−1 n−1 k ! X X j k X X X j l = T (α)−1 αq xq − n−1 αq xq k=0 j=0 l=0 k=0 j=0 n−1 k n−1 n−1 ! X X j k X X j l = T (α)−1 αq xq − n−1 (n − j)αq xq k=0 j=0 l=0 j=0 n−1 k n−1 n−1 ! ! X X j k X X j l = T (α)−1 αq xq − n−1 nT (α) − jαq xq k=0 j=0 l=0 j=0 n−1 k n−1 ! X X j X j k = T (α)−1 αq − T (α) + n−1 jαq xq k=0 j=0 j=0 n−1 n−1 n−1 ! X X j X j k = T (α)−1 − αq + n−1 jαq xq k=0 j=k+1 j=0

= T (α)−1n−1B(x).

The result now follows immediately.

Remark 3.3.4. To further convince the reader of the correctness of the result in (b), we give a second, more direct, proof. That is, we show f −1(f(x)) = x. Since B is a

75 q-polynomial, it follows that

f −1(f(x)) = T (α)−1 T (αx) + n−1 (B(xq) − B(x) + B(1)T (αx)) .

We have

n−1 n−1 n−1 ! n−1 n−1 n−1 X X j X j X j X X j n−1B(1) = n−1 jαq − αq = jαq − αq k=0 j=1 j=k+1 j=1 k=0 j=k+1 n−1 n−1 k ! n−1 n−1 k X j X X j X j X X j = jαq − T (α) − αq = jαq − nT (α) + αq j=1 k=0 j=0 j=1 k=0 j=0 n−1 n−1 X j X j = jαq − nT (α) + (n − j)αq j=1 j=0

= 0.

Additionally

n n−1 ! −1 q −1 X qk X qk n (B(x ) − B(x)) = n bk−1x − bkx k=1 k=0 n−1 ! −1 X qk = n (bn−1 − b0) x + (bk−1 − bk) x k=1 n−1 n−1 n−1 n−1 ! X j X X j X j k = αq x + − αq + αq xq j=1 k=1 j=k j=k+1 n−1 n−1 X j X k = αq x − (αx)q j=1 k=1

= (T (α) − α) x − (T (αx) − αx)

= T (α)x − T (αx).

Now the result, f −1(f(x)) = x, follows soon.

Note in Theorem 1.0.10 that if we let G(x) = x and c = 1, we obtain Lemma

76 3.3.3. We are now ready to prove Theorem 1.0.10.

Proof of Theorem 1.0.10. If T (α) = 0, then F ◦ T = F (0) implying F is not injective. If p | n, then T ◦ F = 0 implying F is not surjective. As a result, if

F permutes Fqn , necessarily T (α) 6= 0 and p - n. Assume T (α) 6= 0 and p - n. q We have that f(x) = x − x + T (αx) from Lemma 3.3.3 (b) permutes Fqn , and −1 −1 f ◦ Tα = T (α)n T ◦ f = T (α)Tα. Moreover, im(Tα) = im(T (α)n T ) = Fq, and T (α)n−1T ◦ Q ◦ G = 0, where Q(x) := xq − x (since T ◦ Q = 0). Then letting ϕ = f, ¯ −1 ψ = Tα, ψ = T (α)n T , g = Q ◦ G, and h = c, Corollary 1.0.4 implies that F permutes Fqn . It follows that F permutes Fqn if and only if T (α) 6= 0 and p - n. In this case, Corollary 1.0.4 gives

F −1(x) = c−1f −1 x − Q ◦ G ◦ c−1f −1 ◦ T (α)n−1T (x)

= c−1f −1(x) − c−1f −1 ◦ Q ◦ G ◦ c−1f −1 ◦ T (α)n−1T (x).

From the proof of Lemma 3.3.3 (b), we know that

−1 −1 −1 −1 −1 f (x) = T (α) n T (x) + Q |ker(T ) x − n T (x) ,

−1 where Q |ker(T ) is a q-polynomial inducing the inverse map of Q|ker(Tα). It follows that

−1 −1 −1 −1 f ◦ T (α)n T (x) = n T (x) + Q |ker(T )(0)

= n−1T (x).

Hence, F −1 = c−1f −1 − c−1f −1 ◦ Q ◦ G ◦ c−1n−1T.

77 Using the fact that T ◦ Q = 0, we obtain

−1 −1 −1 −1 −1 −1 f ◦ Q ◦ G ◦ c n T = Q |ker(T ) ◦ Q ◦ G ◦ c n T.

−1 −1 Since for any x ∈ Fqn we have x−T (α) T (αx) ∈ ker(Tα) and Q(x−T (α) T (αx)) = −1 −1 Q(x) ∈ ker(T ), we get Q |ker(T )(Q(x)) = x − T (α) T (αx), for any x ∈ Fqn . Then substituting x with G(c−1n−1T (x)) we ﬁnally obtain

−1 −1 −1 −1 −1 −1 −1 F (x) = c f (x) − c Q |ker(T ) ◦ Q ◦ G ◦ c n T (x)

= c−1T (α)−1n−1 (T (x) + B(x)) − c−1 G(c−1n−1T (x)) − T (α)−1T αG(c−1n−1T (x)) = c−1 T (α)−1n−1 (T (x) + B(x)) − G c−1n−1T (x) + T (α)−1T αG c−1n−1T (x) as required.

Corollary 3.3.5 (Theorem 2.2, [79]). Let n be an odd positive integer, and let

∗ −1 a ∈ F2n such that T2n|2(a ) = 1. Then

2 x f(x) = x + x + T n 2 |2 a is a permutation polynomial over F2n with compositional inverse

−1 f (x) = T2n|2(x) + B(x),

78 n−1 X 2k where the coeﬃcients of B(x) = bkx ∈ F2n [x] are given by k=0

−22 −24 −2n−1 b0 = a + a + ··· + a ,   −2 −23 −2k −2k+1 −2k+3 −2n−1  a + a + ··· + a + a + a + ··· + a if k is odd, bk =  −2 −23 −2k−1 −2k+2 −2k+4 −2n−1  a + a + ··· + a + a + a + ··· + a if k is even,

1 ≤ k ≤ n − 1.

Proof. First note that we can let G(x) = x and c = 1 in Theorem 1.0.10 in order to

−1 obtain Lemma 3.3.3. This is Lemma 3.3.3 with q = 2, n odd, and α = a ∈ Fqn such that T (α) = 1. Since 2 - n and T (α) 6= 0, f is a permutation polynomial by Lemma 3.3.3 (a), whereas the expression for the compositional inverse of f follows from (b). Indeed, in our case of q = 2 and n odd, the coeﬃcients of B are given by

n−1 n−1 k n−1 X qj X ql X 2j X 2l bk := jα − n α = jα + (l + 1)α j=1 l=k+1 j=1 l=k+1 k n−1 X j X l = α2 + α2 , j=1 l=k+1 j odd l even where 0 ≤ k ≤ n − 1. Now the reader can check that the result is obtained by

−1 substituting α with a and computing the three cases of bk.

79 Chapter 4

Compositional inverses and complete mappings over ﬁnite ﬁelds

In this chapter 1 we focus on CPPs and their compositional inverses. Let us recall we say that a permutation polynomial f(x) is a complete permutation polynomial if f(x) + x is also a permutation polynomial. Using Proposition 2.1.1, Wu computed in [81] the compositional inverses, in explicit form, of arbitrary linearized permutation binomials over finite fields. We call a linearized polynomial a binomial if it has exactly two non-zero coefficients. As we showed in Chapter 3, the problem of computing the compositional inverses of certain classes of permutations is equivalent to obtaining the inverses of two other polynomials bijecting subspaces of the finite field, where one of these two is a linearized

1This chapter is substantively based on the following article originally published in Discrete Applied Mathematics, https://doi.org/10.1016/j.dam.2016.09.009. It is released under a Cre- ative Commons Attribution Non-Commercial No Derivatives License. [71] A. Tuxanidy and Q. Wang, Compositional inverses and complete mappings over ﬁnite ﬁelds, Discrete Applied Mathematics, v.217 no.2 (2017), p.318-329. https://doi.org/10.1016/j.dam. 2016.09.009

80 polynomial inducing a bijection between kernels of other linearized polynomials. To this end, we showed in Theorem 2.1.5 how to obtain linearized polynomials inducing the inverse map over subspaces on which a linearized polynomial induces a bijection. This in fact amounts to solving a system of linear equations. Thus, in particular, it is of interest to obtain explicit compositional inverses of linearized permutations of subspaces. We start oﬀ in Section 4.1 by determining a class of linearized binomials permuting the kernel of the trace map and proceed to obtain, in Theorem 4.1.4, its inverse on the kernel. As an application of Theorem 4.1.4, we derive, in Theorem 4.3.2 of Section 4.3, the compositional inverse of the complete permutation class in Theo- rem 4.2.3 generalizing some of the classes recently studied in [47, 63, 84–86]. Note that since inverses of complete mappings are also complete mappings, Theorem 4.3.2 and Corollary 4.3.3 imply the construction of a new, if rather complicated, class of complete permutation polynomials. The reader will also ﬁnd in Theorem 4.2.6 a recursive construction of complete mappings involving multi-trace functions. In addition we employ the CPP class of Theorem 4.2.3 to construct a set of mutually orthogonal complete mappings (see

Corollary 4.2.8). Recall that we say two mappings f, g, of Fq, are orthogonal if f − g permutes Fq. Note in particular that from such a set one may also readily obtain a set of mutually orthogonal Latin squares, an object of special interest in the literature (see for example [29]).

81 4.1 Inverses of linearized binomials permuting ker-

nels of traces

In this section we study the compositional inverses of binomials permuting the kernel of the trace map. More precisely, given a positive integer r < n, consider the binomial

pr Lc,r(x) := x − cx ∈ Fqn [x], where c ∈ Fq. Note that Lc,r(ker(Tqn|q)) ⊆ ker(Tqn|q), q where ker(Tqn|q) = {β − β | β ∈ Fqn } is the kernel of the additive map of Tqn|q on

Fqn . We would like to discover what are the necessary and suﬃcient conditions for

Lc,r to be a permutation of ker(Tqn|q), and in such cases obtain a polynomial in Fqn [x] inducing the inverse map of Lc,r|ker(Tqn|q). We only need to consider the case when Lc,r permutes Fqn and the case when Lc,r permutes ker(Tqn|q) but not Fqn . The former case has already been tackled in [81] (see Theorem 4.1.1 here) and so we focus on the latter case. We give the result in Theorem 4.1.6 of Subsection 4.1.1. Then in Subsection 4.1.2 we explain the method used to obtain the result. We remark that in Corollary 4.1.10 we show that under some restrictions of the characteristic, p, and the extension degree, n, Lc,r permutes ker(Tqn|q) for each c ∈ Fq. Therefore it is quite useful to use this result to construct some permutation polynomials which are also complete mappings. Indeed, we demonstrate the applicability of Corollary 4.1.10 in the proof of Theorem 4.2.3 in Section 4.2.

4.1.1 Statement and proof of result

The following result due to Wu gives the compositional inverses of linearized permu-

qr tation binomials x − cx where c lies in the extension Fqn . In the case when c lies in Fq, the binomial is a permutation of ker(Tqn|q) and thus its inverse map over the kernel is clearly the restriction of the inverse over Fqn to ker(Tqn|q). We state this in Corollary 4.1.2. This accounts for the case when the binomial permuting the kernel

82 of the trace has full rank. Later in Theorem 4.1.4 and 4.1.6 we tackle the case when

the linearized binomial permutes the kernel of the trace map but not Fqn . Denote by (qn−1)/(q−1) Nqn|q : Fqn → Fq the norm function given by Nqn|q(x) = x .

∗ Theorem 4.1.1 (Theorem 2.1, [81]). Let c ∈ Fqn and let d := (n, r). Then qr Lc,r(x) := x − cx ∈ Fqn [x] permutes Fqn if and only if Nqn|qd (c) 6= 1, in which case the compositional inverse of Lc,r over Fqn is given by

n −1 d (i+1)r Nqn|qd (c) q −1 ir −1 X − qr−1 q Lc,r (x) = c x . 1 − N n d (c) q |q i=0

Corollary 4.1.2. Let q = pm be a power of a prime number p, let n, r, be positive integers and denote d := (nm, r). If c ∈ Fq satisﬁes Nqn|pd (c) 6= 1, then Lc,r(x) := pr x − cx ∈ Fqn [x] permutes ker(Tqn|q), having a compositional inverse over ker(Tqn|q) given by nm −1 d (i+1)r Nqn|pd (c) p −1 ir −1 X − pr−1 p Lc,r (x) = c x . 1 − N n d (c) q |p i=0 Proof. Substituting q and n with p and nm, respectively, in Theorem 4.1.1, we obtain

that Lc,r permutes Fqn . But since Lc,r(ker(Tqn|q)) ⊆ ker(Tqn|q) ⊆ Fqn , it follows that −1 Lc,r permutes ker(Tqn|q). It now suﬃces to pick Lc,r as a compositional inverse of Lc,r

over ker(Tqn|q), which is obtained from Theorem 4.1.1 through the aforementioned substitutions.

We now focus on the case when the linearized binomial permutes the kernel of the

trace map but does not permute Fqn . We need the following lemma.

Lemma 4.1.3. Let n, r, s, be positive integers such that s | n and d := (n, r) = (s, r). Then the following two identities hold.

n s (i) Tq |q = Tqnr/d|qsr/d |Fqn ;

s d (ii) Nq |q = Nqsr/d|qr |Fqs .

83 Proof. (i) Since (n/d, r/d) = 1 and n/s | n/d (implying (n/s, r/d) = 1), we have {k (mod n/s) | 0 ≤ k ≤ n/s − 1} = {kr/d (mod n/s) | 0 ≤ k ≤ n/s − 1} from which it follows that {ks (mod n) | 0 ≤ k ≤ n/s − 1} = {ksr/d (mod n) | 0 ≤ k ≤ n/s − 1}.

Hence, for any α ∈ Fqn , we get

n n s −1 s −1 X qks X qksr/d Tqn|qs (α) := α = α =: Tqnr/d|qsr/d (α) k=0 k=0

as required. (ii) Since (s/d, r/d) = 1, we have {k (mod s/d) | 0 ≤ k ≤ s/d − 1} = {kr/d (mod s/d) | 0 ≤ k ≤ s/d − 1}, implying {kd (mod s) | 0 ≤ k ≤ s/d − 1} = {kr

(mod s) | 0 ≤ k ≤ s/d − 1}. Thus, for any β ∈ Fqs , we obtain

s −1 s −1 P d kd P d kr k=0 q k=0 q Nqs|qd (β) := β = β =: Nqsr/d|qr (β).

Theorem 4.1.4. Let q = pm be a power of a prime number p, let n, r, s, be positive

integers such that s | n and d := (n, r) = (s, r), and let c ∈ Fqs such that Nqs|qd (c) = 1. qr Then the binomial Lc,r(x) := x − cx ∈ Fqn [x] induces a permutation of ker(Tqn|qs ) if and only if p - n/s. In this case the compositional inverse of Lc,r over ker(Tqn|qs ) is given by jr s  n q d −1 s −1 q(j+1)r−1 −1 ksr −1 X − r n X q d Lc,r| (x) = c q −1  kx  . ker(Tqn|qs ) s j=0 k=1

Proof. Assume that Lc,r does not permute Fqs , i.e., Nqs|qd (c) = 1. Now suppose on the contrary that p | n/s. Then for any k ∈ Fqs , we have Tqn|qs (k) = kn/s = 0; hence Fqs ⊆ ker(Tqn|qs ). Then noting Lc,r(Fqs ) ⊆ Fqs , we obtain that Lc,r permutes Fqs , a contradiction. Necessarily, if Nqs|qd (c) = 1 and Lc,r permutes ker(Tqn|qs ),

−1 −1 qr −1 Lc,r Lc,r| (x) = Lc,r| (x) − cLc,r| (x) ker(Tqn|qs ) ker(Tqn|qs ) ker(Tqn|qs ) s −1 d q(j+1)r−1 ! −qr q(j+1)r−1 X qr−1 q(j+1)r − +1 qjr = c R(x) − c qr−1 R(x) j=0 s s jr −1 jr d r q −1 d r q −1 X −q qr−1 jr X −q qr−1 jr = c R(x)q − c R(x)q j=1 j=0 s r q d −1 −qr s r = c qr−1 R(x)q d − R(x)

s r = R(x)q d − R(x)

n s −1 −1 (k+1) sr k sr n X d d = k xq − xq s k=1  n n  s s −1 −1 k sr k sr n X d X d = (k − 1)xq − kxq s   k=2 k=1  n  s −1 −1 k sr n n X d = − 1 x − xq s  s  k=1 n−1 = x − T nr/d sr/d (x) s q |q n−1 = x − T n s (x) s q |q = x as required.

Remark 4.1.5. In his PhD thesis Wu [82] had already tackled the case when (n, r) = 1

85 (see Theorem 3.4.6 there) although the result there was obtained through trial and error. In Subsection 4.1.2 we show the methodology from which the more general Theorem 4.1.4 can be obtained. It employs recent techniques from both [81] and [70].

By the means of some substitutions we obtain the following equivalent result.

Theorem 4.1.6. Let q = pm be a power of a prime number p, let n, r, be positive integers such that d := (nm, r) = (m, r), and let c ∈ Fq such that Nq|pd (c) = 1. Then pr Lc,r(x) := x − cx induces a permutation of ker(Tqn|q) if and only if p - n. In this case the compositional inverse of Lc,r over ker(Tqn|q) is given by

m pjr d −1 n−1 ! p(j+1)r−1 kmr −1 X − r −1 X p d Lc,r| (x) = c p −1 n kx . ker(Tqn|q) j=0 k=1

Proof. The result follows from Theorem 4.1.4 if we substitute q, s, n, there with p, m, nm, respectively.

Remark 4.1.7. Theorem 4.1.4 and 4.1.6 are equivalent. Indeed, given xqr − cx ∈

m Fqn [x] satisfying Theorem 4.1.4, i.e., c ∈ Fqs with s | n, (s, r) = (n, r) and q = p , we qr pmr s ms n s get x −cx = x −cx ∈ F n/s [x] where c ∈ Fq1 with q1 := q = p , Tq |q = T n/s , q1 q1 |q1 and (ms · n/s, mr) = (mn, mr) = (ms, mr), satisfying Theorem 4.1.6. Now the fact that Theorem 4.1.6 follows from Theorem 4.1.4 implies the equivalence of the two.

Corollary 4.1.8 (Lemma 3.4, [84]). Let q = pm be a power of a prime number

pr p, let n, r, be positive integers such that (n, r) = 1, and let c ∈ Fq. Then x − cx permutes ker(Tqn|q) if and only if c belongs to any of the following two cases.

(i) Nq|p(m,r) (c) = 1 and p - n;

(ii) Nqn|p(m,r) (c) 6= 1.

Proof. Using the fact that d := (nm, r) = (m, r) because (n, r) = 1 by assumption, the result (i) follows from Theorem 4.1.6, while (ii) follows from Corollary 4.1.2.

86 Remark 4.1.9. By choosing, say n = 8 and m = r = 2, it is easy to see that the hypotheses of Theorem 4.1.6 are in fact more general than those of Corollary 4.1.8.

The following corollary shows that under some restrictions on p and n, Lc,r permutes ker(Tqn|q) for each c ∈ Fq. Later on, in Section 3, we will make use of this result in order to construct a class of complete mappings.

Corollary 4.1.10. Let q = pm be a power of a prime number p, let n, r, be positive

d integers such that d := (nm, r) = (m, r), p - n, and (n, p − 1) = 1. Then Lc,r(x) := pr x − cx induces a permutation of ker(Tqn|q) for each c ∈ Fq.

Proof. Clearly, if c = 0, then Lc,r permutes ker(Tqn|q). We may thus assume that

∗ c ∈ Fq. If Nq|pd (c) = 1, then Lc,r permutes ker(Tqn|q) by Theorem 4.1.6 (because p - n n additionally, by assumption). Now assume Nq|pd (c) 6= 1. We claim that Nq|pd (c) 6= 1;

4.1.2 Method used to obtain the inverse in Theorem 4.1.4

qr We know from Theorem 4.1.1 that Lc,r(x) = x − cx is a permutation polynomial

over Fqn if and only if Nqn|qd (c) 6= 1, where d = (n, r). In this case Lc,r must also −1 permute ker(Tqn|qs ) if c ∈ Fq and thus we may take Lc,r to be the compositional

inverse over ker(Tqn|qs ), as done in Corollary 4.1.2. In this subsection we consider the

case when Lc,r permutes ker(Tqn|qs ) but does not permute Fqn (Theorem 4.1.4), and

attempt to obtain a compositional inverse over ker(Tqn|qs ). Some of the arguments bear similarity to those employed in [81] where the compositional inverse of linearized

87 binomials with full rank was obtained. It consists of modifying the initial problem into an easier one via substitutions of the parameters q, n, and in our case, s as well,

and then computing the inverse over a convenient superspace of ker(Tqn|qs ).

d qr/d If we let q1 := q , where d := (n, r) = (s, r), then Lc,r(x) becomes x 1 − cx ∈

Fqn [x] = F n/d [x] with c ∈ Fqs = F s/d , Tqn|qs = T n/d s/d , Nqn|qd (c) = N n/d s/d (c) = 1, q1 q1 q1 |q1 q1 |q1 and (n/d, r/d) = (s/d, r/d) = 1. Thus we ﬁrst consider the case when (n, r) = (s, r) =

1. Now view Lc,r as a polynomial over the composite ﬁeld Fqnr and observe that Lc,r ∈ r Ln(Fqnr ), i.e., Lc,r is a q -polynomial over Fqnr . From Lemma 4.1.3 we know that

Lc,r(ker(Tqnr|qsr )) ⊆ ker(Tqnr|qsr ). It follows that if Lc,r permutes ker(Tqnr|qsr ), then

r Since ker(Tqnr|qsr ) is an Fqr -subspace of Fqnr , and Lc,r ∈ Ln(Fqnr ) is a q -polynomial

over Fqnr inducing (by assumption) a permutation of ker(Tqnr|qsr ), Theorem 2.1.5 −1 applies. Noting that (n/s) Tqnr|qsr ∈ Ln(Fqnr ) is idempotent on Fqnr having kernel ker(Tqnr|qsr ), we can deduce from Theorem 2.1.5 that Lc,r permutes ker(Tqnr|qsr ) ¯ (hence ker(Tqn|qs )) if and only if there exists a solution d = (d0, . . . , dn−1) to the linear equation

n−1 dD¯ = v r x − T nr sr (x) Lc,r q ,n s q |q n−1 n = − 1 − , 0, 0,..., 0, 1, 0, 0,..., 0, 1, 0, 0,... , s s

where the non-zero entries on the right hand side occur at indices (which start at 0

88 and end at n − 1) given by ks with 0 ≤ k < n/s, and

  −c 1 0 0 ··· 0    r   0 −cq 1 0 ··· 0  D =   Lc,r  . . . . .   . . . . .      1 0 0 0 · · · −cq(n−1)r

is the associate Dickson matrix of Lc,r ∈ Ln(Fqnr ). If so, it follows that the polyno- n−1 X qir mial dix induces the inverse map of Lc,r|ker(Tqnr|qsr ), and hence of Lc,r|ker(Tqn|qs ). i=0 Solving the linear equation we obtain a solution

−1 (j+1)r n − q −1 d = kc qr−1 , ks+j s

where 0 ≤ j < s and 0 ≤ k < n/s. To see this, it suﬃces to show that d¯ satisﬁes the ¯ ¯ linear equation, i.e., that the (ks + j)-th entry, (dDLc,r )ks+j, of the n-tuple dDLc,r ,

satisﬁes  n−1 1 − if j = k = 0;   s ¯  n−1 dDLc,r ks+j = − if j = 0 and k ≥ 1;  s   0 otherwise,

where 0 ≤ j < s and 0 ≤ k < n/s. First recall that we have made the assumptions

−1 that Nqs|q(c ) = 1 (d = 1 since d := (n, r) = (s, r) = 1 by our assumption above)

89 −1 and p - n/s of Theorem 4.1.4. Then Lemma 4.1.3 gives Nqsr|qr (c ) = 1. We have

¯ dDLc,r = −d0c + dn−1 = 0 + d n 0 ( s −1)s+s−1 −1 n n −1 = − 1 N sr r c s s q |q n−1 = 1 − ; s ¯ qksr dDLc,r ks = −dksc + dks−1 = −dksc + d(k−1)s+s−1 0

as required. As a result, if (n, r) = 1, then Nqs|q(c) = 1 and p - n/s are suﬃcient conditions for Lc,r to permute ker(Tqn|qs ) but not Fqn . In this case, one of the polynomials inducing the inverse map of Lc,r|ker(Tqn|qs ) is given by

n −1 s−1 s (j+1)r −1 q −1 (ks+j)r −1 n X X − r q Lc,r| (x) = kc q −1 x ker(Tqn|qs ) s j=0 k=1 jr n q s−1  −1  (j+1)r −1 s X − q −1 n X qksr = c qr−1 kx .  s  j=0 k=1

Now for the general case of 1 ≤ r ≤ n − 1 and d = (n, r) = (s, r), substitute q, n, r, s,

d −1 with q , n/d, r/d, s/d, respectively, in the expression above for Lc,r| , to obtain ker(Tqn|qs ) the result in Theorem 4.1.4.

90 4.2 Extensions of a class of complete permutation

polynomials

In this section we improve upon a result due to Wu and Lin (Theorem 3.7 in [84]). See Theorem 4.2.3 below yielding Corollary 4.2.5. Then in Theorem 4.2.6 we give a recursive construction of complete mappings involving multi-trace functions. First we need the following lemma due to Coulter-Henderson-Mathews, a consequence of the AGW criterion [3].

m Lemma 4.2.1 (Theorem 3, [24]). Let q = p be a prime power, let g ∈ Fq[x], let

H ∈ Fq[x] be a p-polynomial, and let f(x) = H(x) + xg(Tqn|q(x)). Then f(x) is a permutation polynomial over Fqn if and only if the following two conditions hold. q (i) ϕy(x) := H(x)+xg(y) induces a permutation of ker(Tqn|q) = {β −β | β ∈ Fqn } for each y ∈ Fq. ¯ (ii) f(x) := H(x) + xg(x) induces a permutation of Fq.

The following consequence is straightforward.

m Corollary 4.2.2. Let q = p be a prime power and let g ∈ Fq[x]. Then xg(Tqn|q(x))

is a permutation of Fqn if and only if xg(x) is a permutation of Fq and g(0) 6= 0.

The following represents an extension to Theorem 3.7 in [84], replacing the hy-

pothesis of (n, r) = 1 there with a more general case (mn, r) = (m, r). For f ∈ Fq[x]

inducing a permutation of a subspace V of Fq, we say that f is a partial CPP over V if f(x) + x also induces a permutation of V .

m Theorem 4.2.3. Let q = p be a power of a prime number p, let G ∈ Fq[x], and let (m,r) n, r, be positive integers such that d := (m, r) = (mn, r), p - n and (n, p − 1) = 1. Then

pr pr−1 f(x) = ax + x G(Tqn|q(x)) − aTqn|q(x)

91 ∗ is a complete permutation polynomial over Fqn for each a ∈ Fq if and only if xG(x) is a complete permutation polynomial over Fq.

Proof. Note that both f(x) and f(x) + x are instances of Lemma 4.2.1. It follows

pr that f is a complete permutation polynomial over Fqn if and only if ϕy(x) := ax + x(G(y) − aypr−1) = a[xpr + x(G(y) − aypr−1)/a] is a partial complete permutation ¯ pr pr−1 polynomial over ker(Tqn|q), and f(x) := ax +x(G(x)−ax ) = xG(x) is a complete

∗ permutation polynomial over Fq. The former holds for each a ∈ Fq by Corollary 4.1.10, whereas the latter implies the result.

Theorem 4.2.3 generalizes [84, Theorem 3.7], [47, Theorem 3], [63, Theorem 4.1], [85, Theorem 2.1], and [86, Theorem 6].

Example 4.2.4. Let p = 7, m = 1, n = 5, r = 2. Let G(x) = x3 + 3 and thus

4 xG(x) = x + 3x is a complete mapping over F7. Then

72−1 3 72−1 f(x) = ax + x (T75|7(x)) + 3 − aT75|7(x)

∗ is a complete mapping over F75 for each a ∈ F7. For instance, when a = 2, we obtain a complete mapping with degree 14407 and 247 nonzero terms, modulo x75 − x.

Letting G = b ∈ Fq \{−1, 0} be arbitrary in Theorem 4.2.3, the following corollary is straightforward.

Corollary 4.2.5. Let q = pm be a power of a prime number p, and let n, r, be positive

(m,r) integers such that d := (m, r) = (mn, r), p - n and (n, p − 1) = 1. Then

pr pr−1 f(x) = a x − xTqn|q(x) + bx

is a complete permutation polynomial over Fqn for each a ∈ Fq and each b ∈ Fq \ {−1, 0}.

92 Finally we give a recursive construction of CPPs involving multi-trace functions.

Theorem 4.2.6. Let q = pm be a power of a prime number p, let n, r and 1 =:

(m,r) d0 | d1 | · · · | dt := n be positive integers such that p - n, (n, p − 1) = 1

and (dim, r) = (djm, r) for each 0 ≤ i, j ≤ t. Let a0, . . . , at−1, be such that for k X 0 ≤ k ≤ t − 1, ak ∈ Fqdk and al 6= 0. Let f0 ∈ Fq[x]. Then l=0

t−1 ! X pr−1 pr−1 f0 Tqn|q(x) f(x) = x ak x − Tqn|qdk (x) + Tqn|q(x) k=0 is a complete permutation polynomial over Fqn if and only if f0 is a complete permutation polynomial over Fq satisfying f0(0) = 0.

k d Proof. For the sake of brevity denote Tj := Tqdk |q j if j ≤ k. For each 0 ≤ i ≤ t − 1, i X ∗ let ci := al ∈ Fqdi and recursively deﬁne the polynomials l=0

i+1 ! pr−1 i+1 pr−1 fi Ti (x) fi+1(x) := x cix − ciTi (x) + i+1 ∈ Fqdi+1 [x]. Ti (x)

d q i −2 di If we substitute G(x), m, n, q, in Theorem 4.2.3, with x fi(x), dim, di+1/di, q , respectively, then each fi+1 satisﬁes the conditions of Theorem 4.2.3. Indeed, we have di+1 ( · dim, r) = (di+1m, r) = (dim, r) by assumption; p - di+1/di (because p - n) and di d i+1 (dim,r) (m,r) (m,r) ( , p − 1) = (di+1/di, p − 1) = 1 since (di+1/di) | n and (n, p − 1) = 1 di by assumption as well. Then it follows from Theorem 4.2.3 that fi+1 is a CPP over

qdi −1 Fqdi(di+1/di) = Fqdi+1 if and only if x fi(x) is a CPP over Fqdi . Note that

  fi(x), if i ≥ 1 (since fi(0) = 0 for each i ≥ 1); qdi −1  x fi(x)| = Fqdi  q−1 x f0(x), if i = 0.

93 q−1 Denote H(x) := x f0(x). We claim that f1 is a CPP over Fqd1 if and only if f0 is a CPP over Fq satisfying f0(0) = 0. Indeed, if f0(0) = 0, then H|Fq = f0 implying that f1 is CPP over Fqd1 if and only if f0 is a CPP over Fq. On the other hand, if f0(0) 6= 0, write f0(x) = A(x) + b for some A ∈ Fq[x] such that A(0) = 0 and some ∗ b ∈ Fq. We need to show that H is not a CPP over Fq. On the contrary, suppose that H is a CPP (and hence PP) over Fq. Since H(0) = 0, it follows that H permutes ∗ ∗ ∗ ∗ Fq. But H|Fq = f0|Fq . Then f0 permutes Fq. This in turn implies that A permutes ∗ ∗ ∗ Fq. Hence −b ∈ A(Fq) giving f0(e) = 0 for some e ∈ Fq. But then H(e) = f0(e) = 0, a contradiction. The claim follows. Now induction yields that for 1 ≤ i ≤ t, fi is a

CPP over Fqdi if and only if f0 is a CPP over Fq satisfying f0(0) = 0. Next, assuming f0(0) = 0, we claim that for 0 ≤ i ≤ t,

i−1 i ! X r r f0 (T (x)) f (x) = x a xp −1 − T i(x)p −1 + 0 . (4.2.1) i k k T i(x) k=0 0

Proceed by induction on 0 ≤ i ≤ t. When i = 0 the claim is clear. Assume (4.2.1) holds for some i < n. Then by the transitivity of the trace function, we get

i+1 i−1 i+1 fi Ti (x) X r r f0 T0 (x) = a T i+1(x)p −1 − T i+1(x)p −1 + . T i+1(x) k i k T i+1(x) i k=0 0

94 Thus, by the deﬁnition of fi+1, we have

pr−1 i+1 pr−1 fi+1(x) = x cix − ciTi (x)

i−1 i+1 ! X r r f0 T0 (x) + a T i+1(x)p −1 − T i+1(x)p −1 + k i k T i+1(x) k=0 0 i i X pr−1 X i+1 pr−1 = x akx − akTi (x) k=0 k=0 i−1 i+1 ! X r r f0 T0 (x) + a T i+1(x)p −1 − T i+1(x)p −1 + k i k T i+1(x) k=0 0 i i i+1 ! X r X r f0 T0 (x) = x a xp −1 − a T i+1(x)p −1 + k k k T i+1(x) k=0 k=0 0 i i+1 ! X r r f0 T0 (x) = x a xp −1 − T i+1(x)p −1 + , k k T i+1(x) k=0 0 satisfying the expression in (4.2.1). The claim follows. Now it only remains to notice that f = ft.

Theorem 4.2.6 generalizes [63, Corollary 4.4] and [85, Corollary 2.3]. No even n satisﬁes the conditions of Theorem 4.2.6, since p has to be odd but then (n, p(m,r) − 1) 6= 1. Thus n has to be odd. In this case, when r = 1, the result works for any prime p and odd n such that (n, p(p − 1)) = 1. Similarly, let m = r, p be any prime and let n such that q = pm and (n, p(pm − 1)) = 1. For any complete mapping f0(x) ∈ Fq[x] and ai’s satisfying the conditions in Theorem 4.2.6, we obtain complete mappings over Fqn using multi-trace functions. In the following we give another example that does not belong to the above two cases.

Example 4.2.7. Let p = 5, n = 9, m = 1, r = 2. Let d0 = 1, d1 = 3, d2 = 9. Choose

∗ 5 a0 ∈ F5 and a1 ∈ F53 such that a1 + a0 6= 0. It is easy to show that f0(x) = ax − x is a complete mapping over F5 for any a 6= 1. Now the conditions of Theorem 4.2.6

95 are satisﬁed. Hence

52−1 52−1 52−1 52−1 4 f(x) = x a0 x − T59|5(x) + a1 x − T59|53 (x) + aT59|5(x) − 1

52 52−1 52−1 4 = (a0 + a1)x − x a0T59|5(x) + a1T59|53 (x) − aT59|5(x) + 1

is a complete mapping over F59 .

The CPP class of Theorem 4.2.3 yields a set of orthogonal complete mappings. It

is well-known that a set of k pairwise orthogonal complete mappings of Fqn yields a set of k + 1 mutually orthogonal Latin squares (MOLS) [29]. See also [62,63] for details on MOLS and typical construction methods. We have the following consequence of Theorem 4.2.3.

Corollary 4.2.8. Let q = pm be a power of a prime number p and let n, r, be positive

(m,r) integers such that (m, r) = (mn, r), p - n and (n, p − 1) = 1. Let {bi} be a subset ¯ of Fq and let G ∈ Fq[x] such that each fi(x) := x(G(x)+bi) is a complete permutation ∗ polynomial over Fq. For each such bi, let ai ∈ Fq. Then the mappings

pr−1 pr−1 Pi(x) = x aix − aiTqn|q(x) + G(Tqn|q(x)) + bi , i ≥ 1,

n form a set of |{bi}| pairwise orthogonal complete mappings of order q .

¯ Proof. By Theorem 4.2.3, each Pi is a CPP over Fqn since each fi is a CPP over Fq by assumption. Moreover, if i 6= j,

h pr−1 pr−1 i (Pj − Pi)(x) = x (aj − ai) x − (aj − ai) Tqn|q(x) + (bj − bi)

is a permutation over Fqn by Corollary 4.2.5 (since bj 6= bi).

Corollary 4.2.8 generalizes [63, Theorem 5.5].

96 4.3 Inverse of the complete mapping

In this section we obtain the compositional inverse of the complete mapping of The- orem 4.2.3. See Theorem 4.3.2 and Corollary 4.3.3 for this. To achieve this, we make use of the result in Section 4.1 of the compositional inverses of linearized binomials permuting the kernel of the trace map.

Lemma 4.3.1 (Corollary 3.14, [70]). Using the same notations of Lemma 4.2.1 and assuming that f permutes Fqn , the following two results hold:

(i) If p | n or x ∈ Fqn is such that ϕf¯−1(T (x)) permutes Fq, then ϕf¯−1(T (x)) permutes

Fqn , and the preimage of x under f is given by

−1 −1 f (x) = ϕf¯−1(T (x))(x), where f¯−1 := f¯|−1. Fq

(ii) If p - n, then the compositional inverse of f over Fqn is given by

−1 −1 ¯−1 −1 −1 f (x) = n f (T (x)) + ϕf¯−1(T (x))|ker(T ) x − n T (x) .

q−2 Recall that 1/f := f for a polynomial f if im(f) ⊆ Fq when f is viewed as a mapping.

Theorem 4.3.2. Assume that the polynomial f of Theorem 4.2.3 is a permutation ¯ polynomial over Fqn . Then f(x) := xG(x) is a permutation polynomial over Fq and pr pr−1 ϕy(x) := ax +x(G(y)−ay ) induces a permutation of ker(T ) for each y ∈ Fq. Let ¯−1 ¯ f ∈ Fq[x] denote the compositional inverse of f over Fq and deﬁne the polynomial

¯−1 pr−1 −1 ¯−1 C(x) := f (T (x)) − a G f (T (x)) ∈ Fq[x].

97 Then the following three results hold:

(i) If x ∈ Fqn is such that C(x) = 0, then the preimage of x under f is given by

qn x pr f −1(x) = . a

n (ii) Otherwise if x ∈ Fqn is such that Nq|pd (C(x)) 6= 1, then Nq|pd (C(x)) 6= 1, and the preimage of x under f is given by

mn −1 n d (i+1)r Nq|pd (C(x)) p −1 pir −1 X − pr−1 −1 f (x) = n C(x) a x . 1 − N d (C(x)) q|p i=0

(iii) Otherwise the preimage of x ∈ Fqn under f is given by

 m pjr  d −1 n−1 ! p(j+1)r−1 km r −1 −1 −1 X − −1 X p d f (x) = n f¯ (T (x)) + C(x) pr−1 a kx  . j=0 k=1

Proof. Write f(x) = axpr −xg(T (x)) where g(x) := axpr−1 −G(x). As we have seen in ¯ the proof of Theorem 4.2.3, the fact that f is a PP over Fqn implies that f(x) := xG(x) pr pr is a PP over Fq and ϕy(x) := ax −xg(y) = a(x −xg(y)/a) = aLg(y)/a,r(x) induces a −1 −1 −1 permutation of ker(T ) for each y ∈ Fq. Note that ϕy|ker(T )(x) = Lg(y)/a,r|ker(T )(a x), pr ¯−1 where Lc,r(x) := x − cx for c ∈ Fq. Moreover C(x) = g(f (T (x)))/a. pr (i): If x ∈ Fqn is such that C(x) = 0, then ϕf¯−1(T (x))(x) = aLC(x),r(x) = ax permutes Fqn . Now Lemma 4.3.1 (i) gives

qn x pr f −1(x) = ϕ−1 (x) = L |−1(a−1x) = . f¯−1(T (x)) g(y)/a,r a

(ii) Otherwise if x ∈ Fqn is such that Nq|pd (C(x)) 6= 1, then, by similar arguments

98 to those in the proof of Corollary 4.1.10, we get

! !n g f¯−1(T (x)) g f¯−1(T (x)) N n d = N d 6= 1. q |p a q|p a

Then by Corollary 4.1.2, Lg(f¯−1(T (x)))/a,r, and hence ϕf¯−1(T (x)), permute Fqn . Since

ϕy(Fq) ⊆ Fq for each y ∈ Fq, necessarily ϕf¯−1(T (x)) permutes Fq. Thus we can apply Lemma 4.3.1 (i) to obtain

−1 −1 −1 −1 f (x) = ϕf¯−1(T (x))(x) = Lg(f¯−1(T (x)))/a,r a x .

Substituting c with g(f¯−1(T (x)))/a in Corollary 4.1.2, we get

! g f¯−1(T (x)) (i+1)r Nqn|pd nm −1 − p −1 a d ¯−1 ! pr−1 X g f (T (x)) pir f −1(x) = a−1x . ¯−1 ! a g f (T (x)) i=0 1 − N n d q |p a

n Now the result follows from the fact that Nqn|pd (y) = Nq|pd (y) for any y ∈ Fq.

(iii) Here we can use Theorem 4.1.6 to obtain the inverse of Lg(f¯−1(T (x)))/a,r|ker(T ).

Since Lg(f¯−1(T (x)))/a,r, and hence ϕf¯−1(T (x)), do not permute Fqn , we apply Lemma 4.3.1 (ii) instead. This gives

−1 −1 ¯−1 −1 −1 f (x) = n f (T (x)) + ϕf¯−1(T (x))|ker(T ) x − n T (x) −1 ¯−1 −1 −1 −1 = n f (T (x)) + Lg(f¯−1(T (x)))/a,r|ker(T ) a x − n T (x) .

¯ −1 ¯ For the sake of brevity denote L(z) := Lg(f¯−1(T (x)))/a,r|ker(T )(z) ∈ Fq[z]. Since L is a p-polynomial, the above becomes

f −1(x) = n−1f¯−1(T (x)) + L¯ a−1x − L¯ a−1n−1T (x) .

99 By the deﬁnition of L¯ and by Theorem 4.1.6 with c = g f¯−1(T (x)) /a, we get

(j+1)r m −1 − p −1 pjr d −1 ! pr−1 n−1 ! X g f¯ (T (x)) X L¯ a−1n−1T (x) = n−2 ka−1T (x) a j=0 k=1 (j+1)r m −1 − p −1 −1 d ¯−1 ! pr−1 n (n − 1) X g f (T (x)) pjr = a−1T (x) . 2 a j=0

¯ pr ¯−1 pr Since f(y) = yG(y) = ay − yg(y) for any y ∈ Fq, we have y = af (y) − f¯−1(y)g(f¯−1(y)). Then, if we substitute y with T (x), the above becomes

(j+1)r m −1 − p −1 d −1 ! pr−1 n−1(n − 1) X g f¯ (T (x)) L¯ a−1n−1T (x) = 2 a j=0 pjr ¯−1 ! r g f (T (x)) · f¯−1(T (x))p − f¯−1(T (x)) a

(j+1)r m −1 − p −1 −1 d ¯−1 ! pr−1 n (n − 1) X (j+1)r g f (T (x)) = f¯−1(T (x))p 2 a j=0 jr − p −1 ¯−1 ! pr−1 ! jr g f (T (x)) − f¯−1(T (x))p a

 pmr/d−1  !− pr−1 n−1(n − 1) g f¯−1(T (x)) = f¯−1(T (x))  − 1 2  a 

= 0

because, by Lemma 4.1.3 (ii) and by assumption,

pmr/d−1 pm−1 ! pr−1 ! d g f¯−1(T (x)) g f¯−1(T (x)) p −1 = = 1. a a

100 Thus

−1 −1 ¯−1 −1 −1 f (x) = n f (T (x)) + Lg(f¯−1(T (x)))/a,r|ker(T ) a x (j+1)r m −1 − p −1 pjr d −1 ! pr−1 n−1 ! ¯ km r X g f (T (x)) X d = n−1f¯−1(T (x)) + n−1 ka−1xp . a j=0 k=1

The result follows.

Corollary 4.3.3. If the polynomial f in Theorem 4.2.3 is a permutation polynomial over Fqn , then its compositional inverse over Fqn is given by

qn x pr f −1(x) = 1 − C(x)q−1 a n d q−1 p −1 Nq|pd (C(x)) + C(x) Nq|pd (C(x)) − 1 n 1 − Nq|pd (C(x)) mn d −1 p(i+1)r−1 ir X − r −1 p · C(x) p −1 a x i=0 pd−1 + 1 − Nq|pd (C(x)) − 1

 m pjr  d −1 n−1 ! p(j+1)r−1 km r −1 −1 X − −1 X p d · n f¯ (T (x)) + C(x) pr−1 a kx  . j=0 k=1

Proof. We put the results of Theorem 4.3.2 together. Note that this is a step function where only one of the three terms is non-zero at a time. The ﬁrst term of the expression is non-zero only when C(x) = 0 corresponding to the result in (i), while the second term is non-zero only when C(x) 6= 0 and Nq|pd (C(x)) 6= 1 corresponding to (ii). The third term is non-zero otherwise; this corresponds to the result in (iii). These are the only possibilities for C(x) and so we are done.

Corollary 4.3.3 generalizes [70, Corollary 4.6] and [85, Theorem 3.5].

101 Chapter 5

A new proof of the Hansen-Mullen irreducibility conjecture

In this chapter 1 we present a new proof of the Hansen-Mullen irreducibility conjecture, or theorem, stated in Theorem 1.0.11. The content of this chapter is as follows. In Section 5.1 we study the connection, between the least period of the DFT of functions, and irreducible polynomials. In particular we explicitly describe in Proposition 5.1.1 the least period of the DFT of functions, as well as prove Lemmas 1.0.12 and 1.0.13. In Section 5.2 we introduce the characteristic delta functions as the DFTs of characteristic elementary symmetric functions. We then apply Lemma 1.0.13 to give a suﬃcient condition, in Lemma 5.2.2, for the existence of an irreducible polynomial with any one of its coeﬃcients prescribed. This is given in terms of the least period of a certain function ∆w,c, closely

1This chapter is substantively based on the following article ﬁrst published in Canadian Jour- nal of Mathematics at https://doi.org/10.4153/CJM-2017-022-1, Copyright © 2018, Canadian Mathematical Society. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [72] A. Tuxanidy and Q. Wang, A new proof of the Hansen-Mullen irreducibility conjecture, Canadian Journal of Mathematics, no.70 (2018), 1373–1389. https://doi.org/10.4153/ CJM-2017-022-1

102 related to the delta functions. We also review some basic results on q-symmetric functions and their convolutions; this will be needed in Section 5.3. Finally in Section 5.3

n we prove that the ∆w,c functions have period that are not divisors of (q − 1)/Φn(q) (and are suﬃciently large in many cases). The proof of Theorem 1.0.11 then immediately follows from this.

5.1 Least period of the DFT and connection to

irreducible polynomials

In this section we study a connection between the least period of the DFT of a function and irreducible polynomials. We start oﬀ by giving an explicit formula in Proposition

5.1.1 for the least period of the DFT of a function f : ZN → Fq in terms of the values in its support. Then we prove Lemmas 1.0.12 and 1.0.13.

First we may identify, in the usual way, elements of ZN = Z/NZ with their canonical representatives in Z and vice versa. In particular this endows ZN with the natural ordering in Z. We may also sometimes abuse notation and write a | ¯b for ¯ ¯ a ∈ Z and b ∈ ZN to state that a divides the canonical representative of b, and write ¯ a - b to state the opposite. For an integer k and a non-empty set A = {a1, . . . , as}, we write gcd(k, A) := gcd(k, a1, . . . , as).

Proposition 5.1.1. Let q be a power of a prime, let N | q − 1, let f : ZN → Fq and let ζ be a primitive N-th root of unity in ∗. The least period of F [f] and F −1[f] N Fq ζN ζN is given by N/ gcd(N, supp(f)).

Proof. Note that d := N/ gcd(N, supp(f)) is the smallest positive divisor of N with the property that N/d divides every element in supp(f). For the sake of brevity write

103 fb = FζN [f]. Now for i ∈ ZN note that

d−1 d−1 X (i+d)j X N (i+d) N k X N i N k fb(i + d) = f(j)ζ = f k ζ d = f k ζ d N d N d N j∈ZN k=0 k=0

= fb(i).

Thus if r is the least period of fb, necessarily r ≤ d. Since f = F −1[ f ], then ζN b

−1 X −ij f(i) = N fb(j)ζN , i ∈ ZN . j∈ZN

Hence for i ∈ ZN we have

r−1 2r−1 N−1 X −ij X −ij X −ij X −ij Nf(i) = fb(j)ζN = fb(j)ζN + fb(j)ζN + ··· + fb(j)ζN j∈ZN j=0 j=r N j=( r −1)r r−1 r−1 r−1 N X −ij X −i(j+r) X N −i(j+( −1)r) = fb(j)ζ + fb(j + r)ζ + ··· + fb j + − 1 r ζ r N N r N j=0 j=0 j=0 r−1 r−1 r−1 N X −ij −ir X −ij −i( r −1)r X −ij = fb(j)ζN + ζN fb(j)ζN + ··· + ζN fb(j)ζN j=0 j=0 j=0 N r −1 r−1 X −irk X −ij = ζN fb(j)ζN . k=0 j=0

N −1 r −iN N −ir X −irk ζN − 1 If - i, then ζN 6= 1 and ζN = = 0. It follows that f(i) = 0 r ζ−ir − 1 k=0 N N N whenever i. Equivalently, if f(i) 6= 0, then | i. Now the minimality of d r - r implies that d ≤ r. But r ≤ d (see above) now yields r = d.

−1 −1 −1 With regards to the least period of F [f], we know that F [f] = N F −1 [f]. ζN ζN ζN −1 ∗ Since ζN is a primitive N-th root of unity in Fq as well, the previous arguments simi-

104 −1 larly imply that F −1 [f] has the least period d. Then so does the function N F −1 [f], ζN ζN a non-zero scalar multiple of F −1 [f]. ζN

X i In particular, if ζ is primitive in Fq and F (x) = aix ∈ Fq[x] for some subset i∈I I ⊆ [0, q − 2] of integers with each ai 6= 0, i ∈ I, then the least period of the (q − 1)-

i periodic sequence (F (ζ ))i≥0 is given by (q − 1)/ gcd(q − 1,I). We now prove Lemma 1.0.12.

Proof of Lemma 1.0.12. (i) On the contrary, suppose that supp(F ) contains no element of degree n over Fq. Then for each m ∈ supp(f) there exists a proper divisor n d n d d of n with (q −1)/(q −1) | m. Since Φn(q) | (q −1)/(q −1) for all proper divisors d of n, then Φn(q) | m for all m ∈ supp(f). Thus for all k ∈ Zqn−1,

n (q −1)/Φn(q) ˆ X kj X kaΦn(q) f(k) = f(j)ζ = f (aΦn(q)) ζ ,

j∈Zqn−1 a=1

ˆ ˆ n ˆ where f = Fζ [f]. Note that f(k + (q − 1)/Φn(q)) = f(k) for all k ∈ Zqn−1. Thus qn − 1 qn − 1 fˆ is -periodic. Necessarily the least period of fˆ divides , a contradiction. Φn(q) Φn(q)

(ii) Assume supp(F ) contains an element of degree n over Fq. Then there exists n d m ∈ supp(f) with (q − 1)/(q − 1) - m for all proper divisors d of n. Let r be the n n d least period of fˆ. By Proposition 5.1.1,(q − 1)/r | m. Since (q − 1)/(q − 1) - m, d then r - q − 1 for all proper divisors d of n.

(iii) Assume supp(F ) contains a primitive element of Fqn . Then there exists k rela- n n × tively prime to q − 1 such that k¯ ∈ supp(f). Thus (Z/(q − 1)Z) ∩ supp(f) 6= ∅. −1 It follows from Proposition 5.1.1 that both Fζ [f] and Fζ [f] have maximum least period qn − 1. The second part follows similarly.

105 Note that, as the following three examples show, the sufficient (respectively necessary) conditions in Lemma 1.0.12 are not necessary (respectively sufficient). These may possibly be improved in accordance with the needs of whoever wishes to apply these tools. Let us start off by showing that the sufficient condition in (i) is not necessary.

n d Example 5.1.2. Recall that (q − 1)/Φn(q) = lcm{q − 1 : d | n, d < n}. Pick

n d any n with at least two prime factors. Then (q − 1)/Φn(q) - q − 1 for all d | n,

Φn(q) d < n. Thus ζ is of degree n over Fq. Deﬁne the function F : Fqn → Fqn by

Φn(q) F (ζ ) = 1 and F (ξ) = 0 for all other elements ξ ∈ Fqn . Thus supp(F ) contains

an element of degree n over Fq. The associate function f : Zqn−1 → Fqn is deﬁned by

f(k) = 1 if k = Φn(q) and f(k) = 0 otherwise. By Proposition 5.1.1, the least period

n n r of Fζ [f] is the smallest positive divisor of q − 1 such that (q − 1)/r | Φn(q), since

n supp(f) = {Φn(q)}. This is r = (q − 1)/Φn(q). Thus we obtain an example of a

function which contains an element of degree n over Fq in its support but for which n the corresponding least period is a divisor of (q − 1)/Φn(q).

The following example shows that the necessary condition in (ii) is not suﬃcient.

Example 5.1.3. Similarly as before, pick any n with at least two prime factors. Then

n d k (q − 1)/Φn(q) - q − 1 for all d | n, d < n. Deﬁne F : Fqn → Fqn by F (ζ ) = 1 if k = (qn − 1)/(qd − 1) for some d | n, d < n, and F (ξ) = 0 for all other elements

ξ ∈ Fqn . Thus supp(F ) has no element of degree n over Fq. This deﬁnes the associate n d function f : Zqn−1 → Fqn of F with supp(f) = {(q − 1)/(q − 1) : d | n, d < n}. Consider the smallest positive divisor r of qn − 1, with (qn − 1)/r | (qn − 1)/(qd − 1) for all proper divisors d of n. Note that r is divisible by each qd − 1, for d | n, d < n;

d n d it follows r = lcm{q −1 : d | n, d < n} = (q −1)/Φn(q) with r - q −1 for all d | n, n d < n. By Proposition 5.1.1, r = (q − 1)/Φn(q) is the least period of Fζ [f]. Thus we

106 have constructed a function F with supp(F ) having no element of degree n over Fq d but for which the corresponding least period r satisﬁes r - (q − 1) for all d | n, d < n.

This last example shows that the necessary condition in (iii) is not suﬃcient.

Example 5.1.4. Pick q, n such that qn − 1 has at least two non-trivial relatively prime divisors, say a, b > 1 with a, b | (qn − 1) and gcd(a, b) = 1. The smallest positive divisor r of qn − 1 with (qn − 1)/r | a, b is r = qn − 1. Now we note that

a b the function F : Fqn → Fqn deﬁned by F (ζ ) = F (ζ ) = 1 and F (ξ) = 0 for all other elements ξ of Fqn , contains no primitive element in its support, but the corresponding n least period of Fζ [f] is q − 1, by Proposition 5.1.1.

Remark 5.1.5. We remark that Example 5.1.4 together with Lemma 1.0.12 (i) imply

n d that for any such a, b, there exists k ∈ {a, b} such that (q − 1)/(q − 1) - k for all proper divisors d of n; that is, either ζa or ζb (or both) is an element of degree n over

Fq. This may also have applications in determining whether a polynomial h(x) ∈ Fq[x] has an irreducible factor of degree n. Speciﬁcally, if there exist divisors a, b ≥ 1 of qn − 1 with gcd(a, b) = 1 and h(ζa) = h(ζb) = 0, then h(x) has an irreducible factor of degree n.

Finally we prove Lemma 1.0.13.

× Proof of Lemma 1.0.13. As a function on Fqn , note that

  1 if h(ξ) = 0 S(ξ) =  0 otherwise.

Let ζ be a primitive element of Fqn and deﬁne the function f : Zqn−1 → Fq by n f(m) = sm. Thus f has least period r satisfying r - (q − 1)/Φn(q). Note that

107 i X ij X ij S(ζ ) = sjζ = f(j)ζ = Fζ [f](i) for each i ∈ Zqn−1. Since Fζ [S] has the j j −1 same period as Fζ [S] (the inverse is essentially a Fourier multiplied by a non-zero scalar), then by the criteria (i) of Lemma 1.0.12, there exists an element of degree n

over Fq in the support of S. It follows h(x) has a root of degree n over Fq and hence

has an irreducible factor of degree n over Fq.

5.2 Characteristic elementary symmetric and delta

functions

In this section we apply Lemma 1.0.13 for the purposes of studying coefficients of irreducible polynomials. We first place the characteristic elementary symmetric functions in the context of their DFT, which we shall refer to here simply as delta functions. These delta functions are indicators, with values in a finite field, for sets of values in Zqn−1 whose canonical integer representatives have certain Hamming weights in their q-adic representation and q-digits all belonging to the set {0, 1}. Essentially, characteristic elementary symmetric functions are characteristic generating functions of the sets that the delta functions indicate. Then we give in Lemma 5.2.2 sufficient conditions for an irreducible polynomial to have a prescribed coefficient. Because the delta functions are q-symmetric (see Definition 5.2.3), we also review some useful facts needed in Section 5.3.

For ξ ∈ Fqn , the characteristic polynomial hξ(x) ∈ Fq[x] of degree n over Fq with root ξ is given by

n−1 n Y qk X w n−w hξ(x) = x − ξ = (−1) σw(ξ)x , k=0 w=0

where for 0 ≤ w ≤ n, σw(x) ∈ Fq[x] is the characteristic elementary symmetric

108 polynomial given by σ0(x) = 1 and

X qi1 +···+qiw σw(x) = x ,

0≤i1<···

for 1 ≤ w ≤ n. In particular σ1 = TrFqn /Fq is the (linear) trace function and

σn = NFqn /Fq is the (multiplicative) norm function. Whenever q = 2 and ξ 6= 0, then n −1 n σ0(ξ) = σn(ξ) = 1 always. If ξ 6= 0, then (in general) hξ−1 (x) = (−1) σn(ξ )x hξ(1/x) =

∗ ∗ −1 hξ(x), where hξ(x) is the (monic) reciprocal of hξ(x). Thus σw(ξ) = σn(ξ)σn−w(ξ ).

∗ Clearly hξ(x) is irreducible if and only if so is hξ(x). This occurs if and only if deg (ξ) = n. Fq Next we introduce the characteristic delta functions and the sets they indicate.

But ﬁrst let us clarify some ambiguity in our notation: For a, b ∈ Z, we denote by a mod b the remainder of division of a by b. That is, a mod b is the smallest integer c in {0, 1, . . . , b − 1} that is congruent to a modulo b, and write c = a mod b. Similarly ifa ¯ = a + bZ is an element of Zb, we use the notationa ¯ mod b := a mod b to express the canonical representative ofa ¯ in Z. But we keep the usual notation k ≡ a (mod b) to state that b | (k − a).

We can represent a ∈ Zqn−1 uniquely by the q-adic representation (a0, . . . , an−1)q = n−1 X i n aiq , with each 0 ≤ ai ≤ q−1, of the canonical representative of a in {0, 1, . . . , q − i=0 2} ⊂ Z. For the sake of convenience we write a = (a0, . . . , an−1)q. For w ∈ [0, n] :=

{0, 1, . . . , n}, deﬁne the sets Ω(w) ⊆ Zqn−1 by Ω(0) = {0} and

n i1 iw Ω(w) = k ∈ Zqn−1 : k mod (q − 1) = q + ··· + q , 0 ≤ i1 < ··· < iw ≤ n − 1

for 1 ≤ w ≤ n. That is, Ω(w) consists of all the elements k ∈ Zqn−1 whose canonical n representatives in {0, 1, . . . , q − 2} ⊂ Z have Hamming weight w in their q-adic rep-

109 n−1 X i resentation (a0, . . . , an−1)q = aiq , with each ai ∈ {0, 1}. Note this last condition i=0 that each ai ∈ {0, 1} is automatically redundant when q = 2, since in general each ai ∈ [0, q − 1] in the q-adic representation t = (a0, . . . , am)q of a non-negative integer m X i t = aiq . i=0 When q = 2, note Ω(n) = ∅ since there is no integer in {0, 1,..., 2n − 2} with n Hamming weight n in its binary representation. Observe also that |Ω(w)| = w for each 0 ≤ w ≤ n, unless (q, w) = (2, n). Moreover Ω(v) ∩ Ω(w) = ∅ whenever v 6= w, by the uniqueness of base representation of integers. For w ∈ [0, n], deﬁne the

characteristic (ﬁnite ﬁeld valued) function δw : Zqn−1 → Fp of the set Ω(w) by

  1 if k ∈ Ω(w); δw(k) =  0 otherwise.

Observe that our δ0 is the Kronecker delta function on Zqn−1 with values in {0, 1} ⊆

Fp.

Lemma 5.2.1. Let ζ be a primitive element of Fqn and let w ∈ [0, n]. If q = 2, further assume that w 6= n. Then

k σw(ζ ) = Fζ [δw](k), k ∈ Zqn−1.

k k Proof. Note σ0(ζ ) = 1 for each k and so σ0(ζ ) = Fζ [δ0](k). Now let 1 ≤ w ≤ n. By deﬁnition and the assumption that (q, w) 6= (2, n), we have

k X k(qi1 +···+qiw ) X kj σw(ζ ) = ζ = δw(j)ζ

0≤i1<···

= Fζ [δw](k).

110 These functions are related to various mathematical objects in literature: Let m < m n−1 X X q, let r1, . . . , rm ∈ [1, n − 1], and let c0, . . . , cn−1 ∈ [0, m − 1] such that ri = cj. i=1 j=0

View each δr1 , . . . , δrm as having values in Z. Then one can show that

δr1 ⊗ · · · ⊗ δrm ((c0, . . . , cn−1)q) is the number of m × n matrices, with entries in {0, 1} ⊂ Z, such that the sum of the entries in row i, 1 ≤ i ≤ m, is ri, and the sum of the entries in column j, 0 ≤ j ≤ n−1, is cj. Matrices with 0–1 entries and prescribed row and column sums are classical objects appearing in numerous branches of pure and applied mathematics, such as combinatorics, algebra and statistics. See for instance the survey in [7] and Chapter 16 in [49]. An application of Lemma 1.0.13 yields the following suﬃcient condition for the existence of irreducible polynomials with a prescribed coeﬃcient.

Lemma 5.2.2. Fix a prime power q and integers n ≥ 2 and 1 ≤ w ≤ n. Fix c ∈ Fq.

If q = 2, further assume that w 6= n. If the function ∆w,c : Zqn−1 → Fq given by

w ⊗(q−1) ∆w,c = δ0 − ((−1) δw − cδ0)

n has least period r satisfying r - (q − 1)/Φn(q), then there exists an irreducible poly- n−w nomial P (x) of degree n over Fq with [x ]P (x) = c.

w Proof. Take h(x) = (−1) σw(x) − c ∈ Fq[x] in Lemma 1.0.13. Since σw(Fqn ) ⊆ Fq, we can pick L = Fq. Thus S(x) ∈ Fq[x] is given by

w q−1 qn−1 S(x) = 1 − ((−1) σw(x) − c) mod x − 1 .

111 Let ζ be a primitive element of Fqn . By Lemma 5.2.1, the linearity of the DFT, and the fact that c = Fζ [cδ0], we have

i w i q−1 w q−1 S(ζ ) = 1 − (−1) σw(ζ ) − c = Fζ [δ0](i) − (Fζ [(−1) δw − cδ0](i)) .

Since the product of DFTs is the DFT of the convolution, then, as a function on Fqn ,

h w ⊗(q−1)i h w ⊗(q−1)i S = Fζ [δ0] − Fζ ((−1) δw − cδ0) = Fζ δ0 − ((−1) δw − cδ0)

= Fζ [∆w,c].

Thus qn−2 m X mi S(ζ ) = ∆w,c(i)ζ i=0

qn−1 for each m ∈ Zqn−1. As S(x) is already reduced modulo x − 1, it follows (from qn−2 X i the uniqueness of the DFT of a function) that S(x) = ∆w,c(i)x . Since the least i=0 n period of ∆w,c is not a divisor of (q −1)/Φn(q) by assumption, Lemma 1.0.13 implies

h(x) has an irreducible factor P (x) of degree n over Fq. Any of the roots ξ of P (x) w n−w must satisfy h(ξ) = 0, that is, (−1) σw(ξ) = c. This is the coeﬃcient of x in

n−w P (x). Hence [x ]P (x) = c with P (x) irreducible of degree n over Fq.

Note the delta functions also satisfy the property that

δw((a0, . . . , an−1)q) = δw((aρ(0), . . . , aρ(n−1))q) (5.2.1) for every permutation ρ of the indices in [0, n − 1]. In particular such functions have a natural well-studied dyadic analogue in the symmetric Boolean functions.

n These are Boolean functions f : F2 → F2 with the property that f(x0, . . . , xn−1) = f(xρ(0), . . . , xρ(n−1)) for every permutation ρ ∈ S[0,n−1]; hence the value of f(x0, . . . , xn−1)

112 depends only on the Hamming weight of (x0, . . . , xn−1). See for example [10, 13] for some works on symmetric Boolean functions. Nevertheless in our case the domain

n of these δw functions is Zqn−1 rather than F2 . Although one may still represent the elements of Zqn−1 as n-tuples, say by using the natural q-adic representation, the n arithmetic here is not as nice as in F2 . One has to consider the possibility that a “carry” may occur when adding or subtracting (this can make things quite chaotic) and also worry about reduction modulo qn − 1 (although this is much easier to deal with). These issues will come up again in the following section. The symmetry property in (5.2.1) of δw and of its convolutions will be exploited in the proof of Lemma 5.3.1 for the case when (w, c) = (n/2, 0). Before we move on to the following section, we need the fact asserted in Lemma

5.2.4 below. First for a permutation ρ ∈ S[0,n−1] of the indices in the set [0, n − 1],

deﬁne the map ϕρ : Zqn−1 → Zqn−1 by

ϕρ((a0, . . . , an−1)q) = (aρ(0), . . . , aρ(n−1))q. (5.2.2)

−1 Note ϕρ is a permutation of Zqn−1 with inverse ϕρ = ϕρ−1 , for each ρ ∈ S[0,n−1]. For i k ∈ Zqn−1, let i(k), 0 ≤ i ≤ n − 1, denote the digit of q in the q-adic form of its

canonical representative. Thus 0 ≤ i(k) ≤ q − 1. For a, b ∈ Zqn−1 with a + b 6= 0, it

is clear that if i(a) + i(b) ≤ q − 1, then i(a + b) = i(a) + i(b). One can also check, for any a, b ∈ Zqn−1 such that i(a) + i(b) ≤ q − 1 holds for every 0 ≤ i ≤ n − 1, that

ϕρ(a+b) = ϕρ(a)+ϕρ(b) for every ρ ∈ S[0,n−1], regardless of whether a+b = 0 or not.

By induction, ϕρ(a1 + ··· + as) = ϕρ(a1) + ··· + ϕρ(as), whenever a1, . . . , as ∈ Zqn−1 satisfy i(a1) + ··· + i(as) ≤ q − 1 for every 0 ≤ i ≤ n − 1.

Deﬁnition 5.2.3 (q-symmetric). For a function f on Zqn−1, we say that f is q- symmetric if for all a = (a0, . . . , an−1)q ∈ Zqn−1 and all permutations ρ ∈ S[0,n−1], we

113 have f(ϕρ(a)) = f(a); that is,

f((aρ(0), . . . , aρ(n−1))q) = f((a0, . . . , an−1)q).

Note the δw functions are q-symmetric. Because i(m) ≤ 1 for each m ∈ supp(δw) = Ω(w) and each 0 ≤ i ≤ n−1, it follows from the following lemma that the convolution of at most q − 1 delta functions is also q-symmetric.

Lemma 5.2.4. Let R be a ring and let f1, . . . , fs : Zqn−1 → R be q-symmetric functions such that for each ak ∈ supp(fk), 1 ≤ k ≤ s, we have i(a1) + ··· + i(as) ≤ q − 1 for every 0 ≤ i ≤ n − 1. Then f1 ⊗ · · · ⊗ fs is q-symmetric.

Proof. Recall the assumption on the supports imply that ϕτ (a1 +···+as) = ϕτ (a1)+

··· + ϕτ (as) for any ak ∈ supp(fk), 1 ≤ k ≤ s, and any τ ∈ S[0,n−1]. Since each fk is q-symmetric, 1 ≤ k ≤ s, then fk(a) = fk(ϕτ (a)) for every a ∈ Zqn−1. In particular a ∈ supp(fk) if and only if ϕτ (a) ∈ supp(fk); hence ϕτ (supp(fk)) = supp(fk). Now let m ∈ Zqn−1 and let ρ ∈ S[0,n−1]. Then it follows from the aforementioned observations

114 that

X (f1 ⊗ · · · ⊗ fs)(ϕρ(m)) = f1(j1) ··· fs(js)

j1+···+js=ϕρ(m) j1,...,js∈Zqn−1 X = f1(j1) ··· fs(js)

j1+···+js=ϕρ(m) j1∈supp(f1),...,js∈supp(fs) X = f1(j1) ··· fs(js)

ϕρ−1 (j1+···+js)=m j1∈supp(f1),...,js∈supp(fs) X = f1(j1) ··· fs(js)

ϕρ−1 (j1)+···+ϕρ−1 (js)=m j1∈supp(f1),...,js∈supp(fs) X = f1(ϕρ(j1)) ··· fs(ϕρ(js))

j1+···+js=m ϕρ(j1)∈supp(f1),...,ϕρ(js)∈supp(fs) X = f1(j1) ··· fs(js)

j1+···+js=m j1∈ϕρ−1 (supp(f1)),...,js∈ϕρ−1 (supp(fs)) X = f1(j1) ··· fs(js)

j1+···+js=m j1∈supp(f1),...,js∈supp(fs) X = f1(j1) ··· fs(js)

j1+···+js=m j1,...,js∈Zqn−1

= (f1 ⊗ · · · ⊗ fs)(m), as required.

115 5.3 Least period of ∆w,c and proof of Theorem 1.0.11

In this section we prove in Lemma 5.3.1 that the least period of the ∆w,c function of

n Lemma 5.2.2 is not a divisor of (q −1)/Φn(q), at least in the cases which suﬃce for a proof of Theorem 1.0.11. We note the proof of Lemma 5.3.1 is of a rather elementary and constructive type nature. There we treat the cases when c 6= 0 and c = 0 separately. We remark that a version of the case when c 6= 0 and its combinatorial argument was given in [28]. For the sake of completeness, for the case when c 6= 0, we include a proof in the same spirit (see Case 1 of the proof that follows). ∞ ∞ X i X First for an integer k = i(k)q , we let sq(k) = i(k) denote the sum of the i=0 i=0 q-digits of k.

Lemma 5.3.1. Let q be a power of a prime, let n ≥ 2, let w be an integer with

1 ≤ w < n, and let c ∈ Fq. If c = 0 and n = 2, assume that q is odd. If c 6= 0,

further assume that w < n − 1. Then the least period r of ∆w,c is not a divisor of

n (q − 1)/Φn(q).

Proof. First, by the binomial theorem for convolution,

q−1 ⊗(q−1) X q − 1 ((−1)wδ − cδ ) = (−c)q−1−s(−1)wsδ⊗s w 0 s w s=0 q−1 X q − 1 = ((−1)w+1c)−sδ⊗s. s w s=0

Hence

w ⊗(q−1) ∆w,c := δ0 − ((−1) δw − cδ0) q−1 X q − 1 = − ((−1)w+1c)−sδ⊗s. s w s=1

By Lucas’ theorem, none of the binomial coeﬃcients above are 0 modulo p, where p

116 ⊗s is the characteristic of Fq. Now note for any m ∈ Zqn−1 that δw (m) is the number, modulo p, of ways to write m as a sum of s ordered values in Ω(w). Next we treat the cases when c 6= 0 and c = 0 separately. Case 1 (c 6= 0): Here we closely follow the combinatorial argument given in [28].

Now it is known that m ∈ supp(∆w,c) if and only if there exists a unique 1 ≤ s ≤

⊗s n q −1 such that m ∈ supp(δw ). In particular if m ∈ supp(∆w,c), then sq(m mod (q −

n n n 1)) ≤ (q − 1)w. This implies that supp(∆w,c) ∩ {q − 1, q − 2, . . . , q − q} = ∅ if w < n − 1.

By Lemma 5.2.4, ∆w,c is q-symmetric. For each m ∈ supp(∆w,c) and each permu-

tation ρ ∈ S[0,n−1], we have ∆w,c(ϕρ(m)) = ∆w,c(m) and thus ϕρ(m) ∈ supp(∆w,c).

n If r | (q − 1)/Φn(q), then supp(∆w,c) is closed under addition and subtraction of

n n (q − 1)/Φn(q) modulo q − 1, namely, ∆w,c(m + kr) = ∆w,c(m) implies that if

m ∈ supp(∆w,c) then m + kr ∈ supp(∆w,c). In the following, we prove our statement by contradiction. Namely, if r | (qn −

1)/Φn(q) then we can ﬁnd an element in supp(∆w,c), which is greater than or equal to qn − q.

n 2 For n 6= 2, 6, we must have (q −1)/r ≥ Φn(q) > q . If 1 < n−1(m), n−2(m) < q−

0 0 1, we can add multiples of r to m so that m = m+kr satisﬁes that n−1(m ) = n−1(m)

0 and n−2(m ) = n−1(m) + 1. Permuting the highest two signiﬁcant positions (say σ)

00 0 and subtracting kr, we obtain another element m = σ(m ) − kr ∈ supp(∆w,c) such

00 00 that n−1(m ) = n−2(m) + 1 and n−2(m ) = n−1(m) − 1. That is, we can ﬁnd an

0 0 n−1 n−2 element m ∈ supp(∆w,c) such that m − m = q − q . Continue doing this, we can ﬁnd an element, say m abusing notation, in supp(∆w,c) such that one of n−1(m) and n−2(m) is 0 or q − 1.

For each m ∈ supp(∆w,c), we can ﬁnd a sequence of permutations so that any two digits i(m) and j(m) of m could be moved to the highest signiﬁcant positions.

117 0 0 This means that we have another element m in supp(∆w,c) so that n−1(m ) = i(m),

0 0 n−2(m ) = j(m) and k(m ) (0 ≤ k ≤ n − 3) must be one of t(m) such that t 6= i, j. Hence, repeating the above procedures, we can ﬁnd another element, say m, in supp(∆w,c) such that all digits except at most one equal to 0 or q − 1. Without loss of generality, we assume n−1(m) = a. Because w < n − 1, we have at least one j such that j(m) = 0. Again, without loss of generality, we assume that n−2(m) = 0. If a 6= 0, applying the same procedure as above, we can obtain an element m0 ∈

0 0 supp(∆w,c) such that n−2(m ) = q − 1 and n−1(m ) = a − 1. Similarly, we can ﬁnd

an element in supp(∆w,c) such that all digits equal to q−1 except 0. This contradicts

n n n to supp(∆w,c) ∩ {q − 1, q − 2, . . . , q − q} = ∅. If a = 0, then all digits of m are either 0 or q−1. Applying the above procedure on

0 0 n−1(m) = q−1 and n−2(m) = 0, we can obtain m ∈ supp(∆w,c) such that n−1(m ) =

0 q − 2 and n−2(m ) = q − 1. Then we always turn other 0 digits into q − 1 digit.

Eventually we have an element in the supp(∆w,c) such that all digits except the least

n n n signiﬁcant digit are q−1, this contradicts to supp(∆w,c)∩{q −1, q −2, . . . , q −q} = ∅.

For n = 2, r | q−1. If m ∈ supp(∆w,c) then there exists a k such that m+k(q−1) ∈

2 supp(∆w,c) and m + k(q − 1) > q − q, a contradiction.

n 4 3 For n = 6, (q − 1)/Φn(q) = q + q − q − 1. If m contains at most three q − 1

n digits in its q-ary expansion, then n−2(m+(q −1)/Φn(q)) = n−2(m)+1. Permuting

n n the highest signiﬁcant two digits of m + (q − 1)/Φn(q) and subtract (q − 1)/Φn(q)

0 0 from it, we obtain an element m ∈ supp(∆w,c) such that n−1(m ) = n−2(m) + 1 and

0 n−2(m ) = n−1(m) − 1. In this way, we can ﬁnd an element in supp(∆w,c) with four

q −1 digits. Without loss of generality, we can assume that m ∈ supp(∆w,c) such that

n−1(m) = q − 1 and 2(m) = 1(m) = 0(m) = q − 1, namely, m has the q-ary repre-

n sentation q − 1, a, b, q − 1, q − 1, q − 1. Subtracting (q − 1)/Φn(q) from m, we obtain an element in the support such that its q-ary representation is q − 1, a − 1, b, 0, 1, 0.

118 n Permuting the highest two signiﬁcant digits and adding (q − 1)/Φn(q) back, we ob-

0 0 tain m ∈ supp(∆w,c) such that m has q-ary representation a, 0, b, q − 1, q − 1, q − 1. However, m0 and m have diﬀerent weights, a contradiction.

⊗(q−1) Case 2 (c = 0): Assume c = 0. Note ∆w,0 = δ0 − δw and ∆w,0(0) = 1. Thus

n ⊗(q−1) ∆w,0(r) = ∆w,0(0 + r) = 1. Since 0 < r < q − 1, necessarily δw (r) = −1. In par-

⊗(q−1) n ticular r ∈ supp(δw ) and sq(r) = (q − 1)w. Because 1 ≤ r < q − 1 is a period of

0 n 0 n ∆w,0, so is r = q −1−r with 1 ≤ r < q −1. Then the previous arguments similarly

0 0 imply that sq(r ) = (q − 1)w. Given that sq(r ) = (q − 1)n − sq(r), it follows w = n/2

⊗(q−1) and sq(r) = (q − 1)n/2. In particular n is even and ∆w,0 = ∆n/2,0 = δ0 − δn/2 . Consider the case when n > 2: Suppose not all digits of r are the same (since

n sq(r) = (q − 1)n/2, it is equivalent to supposing that r 6= (q − 1)/2; this is the case in particular when q is even). Clearly either there exists k ∈ [0, n − 2] such that rk > rk+1 or the sequence r0, . . . , rn−1 is non-decreasing. Suppose the former holds. Fix any such k and let σ be the permutation of [0, n − 1] which ﬁxes each index in [0, n − 1] \{k, k + 1} and maps k 7→ k + 1 and k + 1 7→ k. Thus

k+1 k X i k+1 k X i ϕσ(r) = rkq +rk+1q + riq > rk+1q +rkq + riq = r, i∈[0,n−1]\{k,k+1} i∈[0,n−1]\{k,k+1} (5.3.1)

since rk > rk+1. Because ϕσ(r) is obtained via a permutation of the digits of r, and

n n 0 < r < q − 1, then 0 < ϕσ(r) < q − 1. Now note

k+1 k ϕσ(r) − r = (rk − rk+1)q − (rk − rk+1)q

k+1 k = (rk − rk+1 − 1)q + (q − (rk − rk+1))q . (5.3.2)

Since 1 ≤ rk − rk+1 ≤ q − 1, it follows the above coeﬃcients are contained in the set

119 [0, q−1]; hence this is the q-adic form of ϕσ(r)−r and one can see that sq(ϕσ(r)−r) = q − 1.

Because δn/2 is q-symmetric with i(m) ≤ 1 for each m ∈ supp(δn/2) = Ω(n/2) ⊗(q−1) and each 0 ≤ i ≤ n − 1, it follows from Lemma 5.2.4 that δn/2 is q-symmetric. ⊗(q−1) ⊗(q−1) In particular δn/2 (ϕσ(r)) = δn/2 (r). Since ϕσ(r) 6= 0, then ∆n/2,0(ϕσ(r)) = ⊗(q−1) ⊗(q−1) −δn/2 (ϕσ(r)) = −δn/2 (r) = 1; hence ϕσ(r) ∈ supp(∆n/2,0). Given that ∆n/2,0 n is r-periodic, then ϕσ(r) − r ∈ supp(∆n/2,0). Since 0 < ϕσ(r) − r < q − 1, then ⊗(q−1) ϕσ(r) − r ∈ supp(δn/2 ). It follows sq(ϕσ(r) − r) = (q − 1)n/2, contradicting sq(ϕσ(r) − r) = q − 1 with n > 2. Necessarily the q-digits r0, . . . , rn−1 of r must form a non-decreasing sequence. Since not all digits of r are the same, in particular rn−1 > r0.

00 n 00 n Since ∆n/2,0 is r-periodic, it is r := (qr mod (q −1))-periodic. Note 0 < r < q −

00 00 00 1 and r = (rn−1, r0, r1, . . . , rn−2)q. However observe that r0 = 1(r ) < 0(r ) = rn−1. Then we can reproduce the previous arguments with r and k substituted with r00 and

0, respectively, to obtain a contradiction. Thus for n > 2, it is impossible that ∆n/2,0 is r-periodic if 0 < r < qn − 1 and not all digits of r are the same. In particular when

n q is even and n > 2, ∆n/2,0 must have maximum least period q − 1. Note that at this point we have proved that: If w 6= n/2, or n > 2 and q is even with w = n/2, then r = qn − 1. In the case when q odd with n > 2 and w = n/2, we have shown that either r = (qn − 1)/2 (all digits of r are the same) or no such r

n with 0 < r < q − 1 can be a period of ∆n/2,0 (when not all digits of r are the same),

n whence the least period of ∆n/2,0 must be the maximum, q − 1. Consider now the case with n = 2 and q odd: Here w = n/2 = 1 and we claim that r > q − 1. On the contrary, suppose r ≤ q − 1. Since sq(r) = (q − 1)n/2 = q − 1, it follows that r = q − 1. Note there is exactly one way to write r = q − 1 as a sum of q − 1 ordered elements in Ω(1) = {1, q}, namely as q − 1 = 1 + ··· + 1, a total of

120 ⊗(q−1) q − 1 times. Thus δ1 (r) = 1. This contradicts the fact (see the beginning of the ⊗(q−1) proof of Case 2) that δ1 (r) = −1 with q odd. Hence the claim follows.

n It remains to notice that the least period r of ∆w,c satisﬁes r > (q − 1)/Φn(q) in

n every case here, and hence r - (q − 1)/Φn(q). Indeed, this follows immediately from

the fact that Φn(q) > q − 1 for n ≥ 2. In the case of n = 2 with w = 1, we have

2 2 r > q − 1 = (q − 1)/(q + 1) = (q − 1)/Φ2(q) as well. This concludes the proof of Lemma 5.3.1.

∗ Proof of Theorem 1.0.11. It is elementary to show that every element of Fq is the

norm of an element of degree n over Fq; see for example [37]. Thus we may assume w < n. If w = n − 1, we claim that the number of monic irreducible polynomials with prescribed coeﬃcient of x is positive; indeed, by Carlitz’s result [12], there exists an irreducible polynomial with both arbitrarily prescribed trace and nonzero norm coeﬃcients, and then the claim follows by taking the appropriate monic reciprocal. The other cases follow from Lemma 5.3.1 together with Lemma 5.2.2.

121 Chapter 6

On the number of N-free elements with prescribed trace

1 In this chapter we study the number of N-free elements, in an extension Fqm of

Fq, with prescribed trace in Fq. We first briefly recall the definition of N-free: For a m ∗ positive divisor N of q − 1, we say that a non-zero element ξ ∈ Fqm is N-free if, for d any d | N, ξ = γ , γ ∈ Fqm , implies d = 1. Equivalently, ξ is N-free if and only if ξ = αk for some integer k that is coprime to N. Note that the definition of N-free is independent of the choice of the primitive element α. The content of this chapter is as follows. We start off in Section 6.1 by deriving a formula for Zq,m,N (c) in terms of Gaussian periods (see Lemma 6.1.4). In Section 6.2 we specifically consider the case of the zero trace and simplify our formula, in Subsection 6.2.1, with the use of a lemma due to Ding and Yang [26]. Then in Subsection 6.2.2 we prove Corollaries 1.0.23 and 1.0.25. In Section 6.3 we give a

1This chapter is substantively based on the following article originally published in Journal of Number Theory, https://doi.org/10.1016/j.jnt.2015.09.008. It is released under a Creative Commons Attribution Non-Commercial No Derivatives License. [69] A. Tuxanidy and Q. Wang, On the number of N-free elements with prescribed trace, Journal of Number Theory, v.160 (2016), p.536–565. https://doi.org/10.1016/j.jnt.2015.09.008

122 suﬃcient criteria for uniformity to occur (see Theorem 1.0.26), as well as some other

related results. Then in Section 6.4 we focus our attention to the number Pq,m,N (c) and give some other related results. In particular we obtain that for p a Mersenne

∗ prime, the number of non-zero elements in Fp4 with the corresponding large order 2(p + 1)(p2 + 1) and having absolute trace zero, is 2φ(p2 + 1) (see Theorem 6.4.5). Finally in Appendix we include a table of data corresponding to Corollary 1.0.25, giving the number of primitive elements in quartic extensions of Mersenne prime ﬁelds, with absolute trace zero, for the ﬁrst ten Mersenne primes.

6.1 A formula for Zq,m,N

In this section we derive, in terms of Gaussian periods, a formula for the number of N- free elements with prescribed trace (see Lemma 6.1.4). Note that Cohen and Pre˘sern [20] already did so in terms of Gaussian sums (see their Lemma 2.2). However by the means of Gaussian periods we will be able to apply Ding-Yang lemmas (Lemma 2.3.1 and 2.3.2) thus obtaining, for the case of the zero trace, the simpliﬁed version of

Theorem 1.0.18 and the fact that Zq,m,N (0) = Θ(K)Zq,m,gcd(Q,N)(0) already mentioned in the introduction. Recall that here K is the part of N that is coprime to Q, and Θ(K) = φ(K)/K. The following characteristic function for N-free elements, due to Vinogradov, is typically used in works on the topic. See for instance [16,17,20,21] and the references therein.

Proposition 6.1.1 (Vinogradov). Let N be a positive divisor of qm − 1 and let

123 ∗ ξ ∈ Fqm . Then

  φ(N) X µ(d) X 1 if ξ is N-free; ψ (ξ) = N φ(d)  d|N ord(ψ)=d 0 otherwise, where in the inner sum ψ runs through all the multiplicative characters of Fqm with order d.

We will however consider the following apparently simpler form of the characteristic function.

m ∗ Lemma 6.1.2. Let N be a positive divisor of q − 1 and let ξ ∈ Fqm . For each positive divisor d of N, ﬁx a multiplicative character ψd of Fqm with order d. Then

 d−1 1 if ξ is N-free; X µ(d) X j  ψd (ξ) = d  d|N j=0 0 otherwise.

k Proof. Let α be primitive in Fqm . Then ξ = α for some integer k. Note that

 d−1  1 X √ 1 if d | k; e2π −1jk/d = d  j=0 0 otherwise.

Hence

  d−1 d−1 √ 1 if gcd(N, k) = 1; X µ(d) X j k X µ(d) X 2π −1jk/d X  ψd α = e = µ(d) = d d  d|N j=0 d|N j=0 d|gcd(N,k) 0 otherwise.

124 m Recall that for a positive divisor N of q − 1, an integer k, and c ∈ Fq, we denote

X (d,qm) ∆k(N) = µ(d)ηk . d|N

The following proposition highlights some of the basic properties of ∆k.

m Proposition 6.1.3. Let N | q − 1 and let k ∈ Z. Then we have the following three identities:

∆Nk(N) = ∆0(N);

N−1 X ∆i(N) = −φ(N); and i=0 qm−1 X i ∆k(N) = χqm α . i=1 gcd(N,i−k)=1

Proof. The ﬁrst identity follows from the fact that the sequence of periods of type

m (N,qm) (N,qm) (N, q ) has period N, i.e., ηk = η0 whenever k ≡ 0 (mod N). To prove the second identity, note that for each positive divisor d of N,

N−1 d−1 X (d,qm) N X (d,qm) N X N ηi = ηi = χqm (x) = − . d d ∗ d i=0 i=0 x∈Fqm

Hence N−1 N−1 X X X (d,qm) X N ∆ (N) = µ(d) η = − µ(d) = −φ(N). i i d i=0 d|N i=0 d|N

125 For the last identity, by (2.3.2) and Lemma 6.1.2, we have

d−1 m X (d,q ) X µ(d) X j k j ∆ (N) = µ(d)η = ψ (α )G m ψ k k d d q d d|N d|N j=0 d−1 qm−1 X µ(d) X j k X i j i = ψ (α ) χ m α ψ α d d q d d|N j=0 i=1 qm−1 d−1 X i X µ(d) X j i−k = χ m α ψ α q d d i=1 d|N j=0 qm−1 X i = χqm α . i=1 gcd(N,i−k)=1

For the sake of brevity let us also ﬁx the following notation for the remaining of the chapter.

q−2 X Qi fk(N, c, ∆) := χq (α c)∆Qi+k(N). i=0

Now we give the general formula for Zq,m,N (c).

Lemma 6.1.4. Let N be a positive divisor of qm −1 and let c be an arbitrary element of Fq. Then

1 qm − 1 Z (c) = φ(N) + f (N, c, ∆) . q,m,N q N 0

Proof. By the orthogonality relation in (2.3.1) and by the transitivity of the trace

126 function, note that

  k 1 if Tr m / (α ) = c; 1 X k 1 X k  Fq Fq m χq(ac)χq aα = χq a TrFqm /Fq α − c = q q  a∈Fq a∈Fq 0 otherwise.

Thus if we multiply the characteristic function above with that of Lemma 6.1.2, and

∗ then sum over all the elements in Fqm , we get

d−1 qm−1 1 X X 1 X X k j k Z (c) = µ(d) χ (ac) χ m aα ψ α q,m,N q q d q d d|N a∈Fq j=0 k=1 qm−1 d−1 q−2 d−1  1 X X µ(d) X j k X Qi X 1 X X Qi j =  ψd α + χq (α c) µ(d) χqm α x ψd (x) q d d ∗ k=1 d|N j=0 i=0 d|N j=0 x∈Fqm   m q−2 1 q − 1 X X (d,qm) = φ(N) + χ (αQic) µ(d)η q  N q Qi  i=0 d|N 1 qm − 1 = φ(N) + f (N, c, ∆) . q N 0

6.2 The case of the zero trace

In this section we consider the special case of the zero trace and prove some of the corresponding assertions already mentioned in the introduction, and give some other related results. We start oﬀ in Subsection 6.2.1 by deriving Theorem 1.0.18 and giving some immediate consequences. See Corolleries 1.0.19, 1.0.20, 1.0.21 and 1.0.22. Then in Subsection 6.2.2 we prove Corollaries 1.0.23 and 1.0.25, and also prove the “semi- primitive” characterization in Proposition 1.0.24.

127 6.2.1 Simpliﬁcation of Zq,m,N (0) and direct consequences

First, in the case of the zero trace, we apply the Ding-Yang lemmas (Lemma 2.3.1

and 2.3.2) to simplify the expression for fk(N, 0, ∆).

m Lemma 6.2.1. Let N | q − 1, k ∈ Z and KQ be the largest divisor of N that is coprime to Q. Then

φ(KQ) fk(N, 0, ∆) = (q − 1) ∆k(gcd(Q, N)). KQ

Proof. For a positive divisor d of qm − 1, let us denote, for the sake of brevity, g(d) = gcd(Q, d). Now, by Lemma 2.3.2,

q−2 X X (d,qm) fk(N, 0, ∆) = µ(d) ηQi+k d|N i=0

X g(d) (g(d),qm) = (q − 1) µ(d) η . d k d|N

Note Rad(N) = Rad(KQ) Rad(gcd (Q, N)) is the product of the two coprime numbers

Rad(KQ) and Rad(gcd (Q, N)). Then we can write any positive divisor d of Rad(N) uniquely as d = yz, where y | Rad(KQ) and z | Rad(gcd (Q, N)). Moreover g(yz) = z for any such y, z. Hence

X X g(yz) (g(yz),qm) f (N, 0, ∆) = (q − 1) µ(yz) η k yz k y|KQ z|gcd(Q,N)

X µ(y) X (z,qm) = (q − 1) µ(z)η y k y|KQ z|gcd(Q,N)

φ(KQ) = (q − 1) ∆k(gcd (Q, N)). KQ

128 Proof of Theorem 1.0.18. By Euler’s product formula for φ, and using the fact

that KQ is coprime to gcd (Q, N) with Rad(N) = Rad(KQ) Rad(gcd (Q, N)), we have

φ(N) Y 1 = 1 − N ` `|N     Y 1 Y 1 = 1 − 1 −  `   `  `|KQ `|gcd(Q,N) φ(K ) φ(gcd (Q, N)) = Q , KQ gcd (Q, N)

where in the three products ` runs through all the distinct prime divisors of N,KQ and gcd (Q, N), respectively. Hence by Lemmas 6.1.4 and 6.2.1,

1 m φ(N) φ(KQ) Zq,m,N (0) = (q − 1) + (q − 1) ∆0(gcd (Q, N)) q N KQ φ(KQ) m φ(gcd (Q, N)) = (q − 1) + (q − 1)∆0(gcd (Q, N)) qKQ gcd (Q, N) (q − 1)φ(KQ) Q = φ(gcd (Q, N)) + ∆0(gcd (Q, N)) . qKQ gcd (Q, N)

In particular one obtains in Lemma 6.2.2 the number of primitives with zero trace. The second equality (on the right) gives Lemma 2.1 in [20].

Lemma 6.2.2. Let D be the smallest positive divisor of q − 1 such that (q − 1)/D is

m coprime to Q. Then the number of primitive elements ξ in Fq with TrFqm /Fq (ξ) = 0

129 is given by

q − 1 φ(Q) + ∆0(Q) Z m (0) = Dφ q,m,q −1 D q q − 1 Z (0) = Dφ q,m,Q . D q − 1

We now derive some other immediate consequences to Theorem 1.0.18.

Proof of Corollary 1.0.19. Follows directly from Theorem 1.0.18 and the fact that

∆0(1) = −1.

Lemma 6.2.3. Let q be a power of a prime p and assume that Q = (q` − 1)/(q − 1) is prime for some prime `. Then

  0 if ` 6= p; ∆0(Q) =  −q otherwise.

(Q,q`) Proof. Since Q is prime, then ∆0(Q) = −1 − η0 . Now the result follows from Lemma 2.3.7.

Proof of Corollary 1.0.20. Note that gcd(q − 1,Q) = 1 since otherwise Q | q − 1 contradicting Q > q − 1 for ` ≥ 2. Now the result follows directly from Lemmas 6.2.3 and 6.2.2.

Proof of Corollary 1.0.21. Follows directly from Theorem 1.0.18 and Lemma 2.3.4.

Proof of Corollary 1.0.22. Note that since gcd(Q, N) = 3, then Q ≡ m ≡ 0 (mod 3). The result now follows from Lemma 2.3.5 and Theorem 1.0.18.

130 6.2.2 Proof of Corollaries 1.0.23 and 1.0.25

In this subsection we prove Corollaries 1.0.23 and 1.0.25, corresponding to the case of the zero trace. We employ the known explicit formulas for the Gaussian periods in the semi-primitive case (see Lemma 2.3.6) to ﬁrst derive, in the following lemma, the value of the sum ∆0(N) for N falling under the category of Lemma 2.3.6. Then by Theorem 1.0.18 we get the result of Corollary 1.0.23. One of course can then naturally consider whether this result applies to primitives, but unfortunately, as Proposition 1.0.24 shows, it only extends to primitives in quartic extensions of Mersenne prime ﬁelds. Mersenne primes also appear in the trivial case for which a formula is known. This is the case when all the irreducibles are also the primitives, that is, when q = 2 and m = ` with 2`−1 being a Mersenne prime. See the comments under the statement of Theorem 1.0.16.

Lemma 6.2.4. Let sm be even with m > 1, let q = ps be a power of a prime p, and suppose that n > 1 is not a power of 2 and satisﬁes n | qm − 1. Further assume there exists a positive integer j such that pj ≡ −1 (mod `) for every prime divisor ` ≥ 3

(2,qm) of n, and that j is the least such. Deﬁne γ = sm/2j and let η0 be as in Lemma 2.3.4. (a) If γ and p are odd, n is even and (pj + 1)/2 is odd, then

m 1 φ (n) ∆ (n) = −η(2,q ) − 1 + qm/2 + . 0 0 2 n

(b) In all other cases,

γ+1 m/2 γ m/2 (−1) q − 1 m (−1) q − 1 ∆ (n) = · − η(2,q ) + φ(n), 0 2 2 0 n

131 where   1 if n is even; 2 =  0 otherwise.

Proof. First note the assumption on n and j means that, for every positive 3 ≤ d | Rad(n), we have that j is the least such that pj ≡ −1 (mod d). (a) Consider any such d as above. If d is odd, then (pj + 1)/d is even and so

(d,qm) η0 belongs to case (b) of Lemma 2.3.6. Moreover since 2 has multiplicity 1 in the

j j (2d,qm) factorization of p + 1, then (p + 1)/2d is odd if so is d; in this case η0 belongs to case (a) in Lemma 2.3.6. Now let V2 be the largest power of 2 dividing n. We then have

X (d,qm) X (d,qm) (2d,qm) X (d,qm) (2d,qm) µ(d)η0 = µ(d)η0 + µ(2d)η0 = µ(d) η0 − η0 3≤d|n 3≤d|n 3≤d|n d odd d odd X (d − 1)qm/2 − 1 qm/2 + 1 X qm/2 + 1 = µ(d) + = µ(d) qm/2 − d 2d 2d 3≤d|n 3≤d|n d odd d odd 1 − qm/2 X qm/2 + 1 = + µ(d) qm/2 − 2 2d d|n d odd 1 − qm/2 X qm/2 + 1 = + µ(d) qm/2 − 2 2d d|n/V2 m/2 m/2 m/2 m/2 1 − q q + 1 X µ(d) 1 − q (1 + q )V2 n = − = − φ 2 2 d 2 2n V2 d|n/V2 1 − qm/2 1 + qm/2 = − φ (n) 2 n

since V2 is coprime to n/V2 and φ(V2) = V2/2. Then we have

m/2 m/2 (2,qm) X (d,qm) (2,qm) 1 − q 1 + q ∆ (n) = −1 − η + µ(d)η = −1 − η + − φ (n) . 0 0 0 0 2 n 3≤d|n

132 Hence the result follows.

(d,qm) (b) As before assume d | n with d ≥ 3 and µ(d) 6= 0. We claim that η0 belongs (d,qm) to case (b) in Lemma 2.3.6. Indeed, if p or γ is even, then η0 belongs to (b). If d is odd, necessarily (pj + 1)/d is even unless p is even; hence (b). This also takes care of the case when n is odd. Finally if n is even and 2 has multiplicity greater than 1 in the factorization of pj + 1, then (pj + 1)/2d is even for any such d odd. The claim follows. Hence by Lemma 2.3.6 (b) we have

γ+1 m/2 γ m/2 X (d,r) X (−1) dq + (−1) q − 1 µ(d)η = µ(d) 0 d 3≤d|n 3≤d|n (−1)γ+1qm/2 − 1 X (−1)γqm/2 − 1 = 1 + · + µ(d) (−1)γ+1qm/2 + 2 2 d d|n (−1)γ+1qm/2 − 1 X (−1)γqm/2 − 1 = 1 + · + µ(d) 2 2 d d|n (−1)γ+1qm/2 − 1 (−1)γqm/2 − 1 X n = 1 + · + µ(d) 2 2 n d d|n (−1)γ+1qm/2 − 1 (−1)γqm/2 − 1 = 1 + · + φ(n). 2 2 n

Hence the result follows.

Proof of Corollary 1.0.23. It follows directly from Lemma 6.2.4 and Theorem 1.0.18.

In order to prove Proposition 1.0.24 we make use of Mih˘ailescu’sbreakthrough result [51], also known as Catalan’s conjecture. Although like Wiles’ Theorem (Fer- mat’s Last Theorem) it is easily stated, it took 160 years for the conjecture to be ﬁnally solved, by Mih˘ailescu[51].

a b Theorem 6.2.5 (Mih˘ailescu (2004)). Let x, y, a, b ∈ N with a, b > 1. If x −y = 1, then x = b = 3 and y = a = 2.

133 For a positive integer k, we let v2(k) denote the multiplicity of 2 in the factorization

of k. For an integer b coprime to k, we let ordk(b) denote the multiplicative order of b modulo k.

Proof of Proposition 1.0.24. Let q = ps be the power of a prime p, with s ≥ 1. The case when m = 2 is clear as (q2 − 1)/(q − 1) = q + 1 and so we can let j = s. We may thus suppose m > 2. Now assume that the congruence is satisﬁed, i.e., that

psm − 1 pj ≡ −1 (mod Rad ) ps − 1

holds. We claim that m is a power of 2. On the contrary, suppose the odd part, k, of

m, satisﬁes k > 1. Let t be the odd part of sk. Then t > 1 and (sk, t) = t - s since k > 1 and k | t. Since t | sk, we have (psk − 1, pt − 1) = pt − 1 > 1. Moreover psk − 1 d := Rad(( , pt − 1)) > 1 since otherwise (pt − 1) | (ps − 1) contrary to t s. ps − 1 - psk − 1 Because k > 1 is odd, then both and hence d are odd. In particular d ≥ 3. ps − 1 Note that pt ≡ 1 (mod d). Thus if a is the smallest positive integer such that pa ≡ 1 (mod d), then a | t and hence a is odd. Now observe that pj ≡ −1 (mod d), psk − 1 psm − 1 since d | Rad( ) | Rad( ). Thus p2j ≡ 1 (mod d). It follows that a j ps − 1 ps − 1 - but a | 2j. This however implies that a is even, a contradiction. The claim follows. Hence m = 2n for some n ≥ 2 and

sm n−1 p − 1 Y i = ps2 + 1 . ps − 1 i=0

Since n ≥ 2, we can let i ≥ 0 be arbitrary such that both ps2i + 1 and ps2i+1 + 1

s2n s divide (p − 1)/(p − 1). Suppose there exist square-free divisors di, di+1 ≥ 3 of

s2i s2i+1 p + 1 and p + 1, respectively. For the sake of brevity let ai := orddi (p) and

134 j ai+1 := orddi+1 (p). Since p ≡ −1 (mod di), we have ai - j but ai | 2j implying that s2i i i v2(j) = v2(ai) − 1. Similarly since p ≡ −1 (mod di), then ai - s2 but ai | 2(s2 ).

This implies that v2(ai) = v2(s)+i+1. It then follows that v2(j) = v2(s)+i. Working with di+1 and ai+1 now we similarly deduce that v2(j) = v2(s)+i+1, a contradiction. Necessarily at least one of ps2i + 1, ps2i+1 + 1, is a power of 2. But note that, for any positive integer b, we have pb + 1 = 2v if and only if pb = 2v − 1. In this case it is clear that v > 1; then we can not have b > 1 since otherwise Theorem 6.2.5 is contradicted. In particular p is a Mersenne prime. Moreover s2i = 1 or s2i+1 = 1. Of these two, only s2i = 1 is possible, whence i = 0, s = 1, and q = p is a Mersenne prime. Because i ≥ 0 was arbitrary such that both ps2i + 1 and ps2i+1 + 1 divide (ps2n − 1)/(ps − 1), necessarily n = 2 is the only possibility, whence m = 4 and (psm − 1)/(ps − 1) = (p + 1)(p2 + 1). Since p is a Mersenne prime, p + 1 is a power of 2 and 2 | (p2 + 1) imply that Rad((p + 1)(p2 + 1)) = Rad(p2 + 1). Thus it only remains to show that Rad(p2 + 1) | (pj + 1) if and only if j = 2k for some odd k ≥ 1. Assume that Rad(p2 + 1) | (pj + 1). First it is easy to check that p2 + 1 is not a power of 2. Hence we can let d ≥ 3 with

2 2 4 d | Rad(p + 1). Then p ≡ −1 (mod d) and p ≡ 1 (mod d) implies ordd(p) = 4.

2 j j Since d | Rad(p + 1) | (p + 1), then p ≡ −1 (mod d) implying 4 - j but 4 | 2j. This means that j = 2k for some odd k ≥ 1. Conversely let j = 2k for any odd k ≥ 1. Note that p2k = (p2)k = [(p2 + 1) − 1]k. Then by the Binomial Theorem we have

k k k X k i X k i p2k = p2 + 1 − 1 = p2 + 1 (−1)k−i = −1 + p2 + 1 (−1)k−i. i i i=0 i=1

Hence k X k i p2k + 1 = p2 + 1 (−1)k−i i i=1 and so (p2 + 1) | (p2k + 1). Consequently Rad(p2 + 1) | (p2k + 1).

135 Proof of Corollary 1.0.25 . By Proposition 1.0.24 we have that Q = (p4 −1)/(p− 1) = (p+1)(p2 +1) satisﬁes pj ≡ −1 (mod Rad(Q)) with j = 2k for every odd k ≥ 1; in particular for j = 2. If ` ≥ 3 is a prime divisor of Q, clearly ` - p + 1 (since p + 1 is a power of 2). Then j = 2 is the least such that pj ≡ −1 (mod `). Corollary 1.0.23 then applies with s = 1, m = 4, N = p4 − 1, j = 2, n = Q = (p + 1)(p2 + 1), and

γ = 1. With the notation of Corollary 1.0.23, it is easy to show that KQ = (p − 1)/2. Since p, γ, are odd while n is even and 2 has multiplicity 1 in the factorization of p2 + 1, then case (a) of Lemma 6.2.4 applies. In this case we get, using the fact that p ≡ 3 (mod 4) together with Lemma 2.3.4,

1 + p2 1 − p2 1 ∆ (p2 + 1) = ∆ ((p + 1)(p2 + 1)) = −1 + + − φ (p + 1)(p2 + 1) 0 0 2 2 p + 1 1 p2 + 1 = − φ((p + 1)(p2 + 1)) = −φ(p2 + 1) = −φ . p + 1 2

It then follows from Lemma 6.2.2 that

2 1 4 p − 1 p + 1 Z 4 (0) = φ p − 1 − 2φ φ . p,4,p −1 p 2 2

It remains to note that

p − 1 p2 + 1 (p − 1)(p2 + 1) 1 p4 − 1 φ φ = φ = φ 2 2 4 2 p + 1

since p − 1 p2 + 1 (p − 1)(p2 + 1) gcd , = gcd 4, = 1 2 2 4

and p4 − 1 = (p − 1)(p + 1)(p2 + 1). The result follows.

136 6.3 Uniformity in the case of the non-zero trace

In this section we explore the concept of uniformity, already discussed at the start of the chapter. That is, the main concern here is as follows: what triples (q, m, N), with

m ∗ N | q −1, are such that Zq,m,N (c) is constant for every non-zero c ∈ Fq? Accordingly, in this section we prove Theorem 1.0.26. As a consequence of this and of Corollary 1.0.23, Corollary 1.0.27 is straightforward. In particular, in the case of primitives,

m i.e., N = q − 1, we give suﬃcient conditions for Zq,m,qm−1(c) to behave uniformly

∗ for c ∈ Fq. See Corollary 6.3.3 for this.

m ∗ Lemma 6.3.1. Let N | q − 1, c ∈ Fq be arbitrary, KQ be the largest divisor of N that is coprime to Q. Then

m qm−1 q − 1 N φ(N) − qZq,m,N (0) qZq,m,N (c 6= 0) = φ(N) + KQ + f0(N, c, ∆) N (q − 1)φ(KQ)

− f0 (gcd (Q, N) , c, ∆) .

X Proof. By Proposition 6.1.3 and using the fact that χq(ac) = −1 for c 6= 0, we ∗ a∈Fq get

q−2 q−2 X Qi X Qi f0(gcd (Q, N) , c, ∆) = χq (α c)∆Qi(gcd (Q, N)) = χq (α c)∆0(gcd (Q, N)) i=0 i=0

= −∆0(gcd (Q, N)).

Hence

f0(N, c, ∆) = −∆0(gcd (Q, N)) + f0(N, c, ∆) − f0(gcd (Q, N) , c, ∆).

By Theorem 1.0.18 we can write ∆0(gcd (Q, N)) in terms of Zq,m,N (0). Now the

137 expression for Zq,m,N (c 6= 0) follows from Lemma 6.1.4.

Proof of Theorem 1.0.26. If every prime divisor of N divides Q, then Rad(N) =

Rad(gcd (Q, N)) and KQ = 1. Now the result follows from Lemma 6.3.1 together

m with the fact that f0(d, c, ∆) = f0(Rad(d), c, ∆) for every d | q − 1.

bm − 1 Lemma 6.3.2. Let b, m > 1. Then Rad(bm − 1) = Rad( ) if and only if every b − 1 prime factor of b − 1 divides m.

bm − 1 Proof. First note that Rad(bm − 1) = Rad( ) if and only if Rad(b − 1) | b − 1 bm − 1 Rad( ). Now b − 1

bm − 1 = 1 + b + b2 + ··· + bm−1 b − 1 = (1 − b) + (b − 1) + (b2 − 1) + ··· + (bm−1 − 1)

+ b + m − 1.

bm − 1 It follows that Rad(b − 1) | Rad( ) if and only if Rad(b − 1) divides m. b − 1

As a consequence of Lemma 6.3.2, we obtain the following immediate result.

Corollary 6.3.3. Let q be a power of a prime and m ∈ N. If every prime factor of ∗ q −1 divides m, then, for every element c ∈ Fq, the number, Zq,m,qm−1(c), of primitive

m elements ξ ∈ Fq with TrFqm /Fq (ξ) = c, is given by

m φ(q − 1) − Zq,m,qm−1(0) Z m (c 6= 0) = . q,m,q −1 q − 1

Some other consequences to Theorem 1.0.26 are the following.

138 m Corollary 6.3.4. Let N | q − 1 such that Rad(N) | Q and let Ft be any subﬁeld of ∗ ∗ Fq. Then, for all ct ∈ Ft and cq ∈ Fq, we have

m q −1 φ(N) − Z (0) q Z (c ) = N t,m[Fq:Ft],N = Z (c ). t,m[Fq:Ft],N t t − 1 t q,m,N q

Proof. Follows from Theorem 1.0.26 together with the fact that, since N | (qm − 1)/(q − 1) and (qm − 1)/(q − 1) | (qm − 1)/(t − 1), then N | (qm − 1)/(t − 1).

Proof of Corollary 1.0.28. The ﬁrst equality follows directly from Theorem 1.0.18 and Theorem 1.0.26 together with the fact mentioned in the proof of Corollary 6.3.4. The second equality follows from the ﬁrst together with Corollary 6.3.4. Indeed,

qZq,m,N (0) − tZt,m[Fq:Ft],N (0) = q (∆0(N) + Zq,m,N (cq)) − t ∆0(N) + Zt,m[Fq:Ft],N (0)

= (q − t)∆0(N) + qZq,m,N (cq) − tZt,m[Fq:Ft],N (0)

= (q − t)∆0(N).

m Corollary 6.3.5. Let N | q − 1 such that Rad(N) | Q. Then Zt,m[Fq:Ft],N (0) is

related to Zq,m,N (0) by the equation

q q qm − 1 (q − 1)Z (0) = q − Z (0) + − 1 φ(N). t,m[Fq:Ft],N t q,m,N t N

Proof. By Corollary 1.0.28 we have

Zt,m[Fq:Ft],N (0) − Zt,m[Fq:Ft],N (ct) = Zq,m,N (0) − Zq,m,N (cq).

139 Hence, by Corollary 6.3.4,

q Z (0) = Z (0) + − 1 Z (c ) t,m[Fq:Ft],N q,m,N t q,m,N q m ! q q −1 φ(N) − Z (0) = Z (0)) + − 1 N q,m,N q,m,N t q − 1

m q − q Z (0) + q − 1 q −1 φ(N) = t q,m,N t N . q − 1

6.4 Connection to Pq,m,N (c)

In this section we brieﬂy explore the seemingly related number, Pq,m,N (c), of elements

∗ in Fqm with order N and with prescribed trace c. We start oﬀ by deriving a formula for the number of elements with order N in an arbitrary subset A of Fqm and apply this to obtain a formula for Pq,m,N (c) (see Lemma 6.4.1).

m Let LQ be the largest divisor of q − 1 with the same radical as that of Q. In the

special case of the zero trace and the case when LQ | N, we show in Lemma 6.4.3 the qm − 1 identity Z (0) = P (0). As a consequence of this and of Cohen’s result q,m,N N q,m,N (see Theorem 1.0.17 in the Introduction) we characterize the existence of elements

∗ of order N (with LQ | N) in Fqm with trace 0. Moreover from this and Corollary 1.0.25 we give in Corollary 6.4.5 the number of elements of order 2(p+1)(p2 +1) with absolute trace zero in quartic extensions of Mersenne prime ﬁelds Fp. m For a subset A ⊆ Fqm and a divisor N of q − 1, denote with Mq,m,N (A) the ∗ number of non-zero elements in A having multiplicative order N in Fqm . In particular,

Mq,m,qm−1(A) denotes the number of primitive elements of Fqm that are contained in A.

140 Lemma 6.4.1. Let q be a prime power and m be a positive integer. Let A be a subset

m of Fqm and N be a positive divisor of q − 1. Then the number of elements in A that have multiplicative order N is given by

m 1 X N n ∗ (q −1) d o M (A) = µ(d) x ∈ m : x N ∈ A . q,m,N qm − 1 d Fq d|N

∗ In particular, for c ∈ Fq, the number of elements β ∈ Fqm with order N and satisfying

TrFqm /Fq (β) = c, is given by

m N X µ(d) X X q −1 d m N Pq,m,N (c) = m χq(ac) χq ax q(q − 1) d ∗ d|N a∈Fq x∈Fqm   q−2 m q −1 d,r 1 X X N = φ(N) + χ (αQic) µ(d)η . q  q Qi  i=0 d|N

X Proof. If we deﬁne the arithmetic function f(n) := Mq,m,d(A), then by the M¨obius d|n inversion formula,

X X X Mq,m,N (A) = µ(d)f(N/d) = µ(d) Mq,m,b(A). d|N d|N b|N/d

Since f(N/d) represents the number of elements in A with orders that are divisors m (q −1) di of N/d, and each such element can be written uniquely as α N for 0 ≤ i < N/d, then

m X n (q −1) di o N Mq,m,b(A) = 0 ≤ i < N/d : α ∈ A b|N/d

m N n ∗ (q −1) d o = x ∈ m : x N ∈ A . d(qm − 1) Fq

∗ With regards to Pq,m,N (c), observe that if we let Ac := {x ∈ Fqm : TrFqm /Fq (x) =

141 c}, then Pq,m,N (c) = Mq,m,N (Ac). Now it remains to obtain the expression for |{x ∈

qm−1 qm−1 ∗ N d ∗ N d Fqm : x ∈ Ac}| = |{x ∈ Fqm : TrFqm /Fq (x ) = c}|, which can be done by applying (2.3.1). Indeed, by (2.3.1) and by the transitivity of the trace function,

m m n ∗ q −1 d o X 1 X q −1 d x ∈ m : Tr x N = c = χ a Tr x N − c Fq Fqm /Fq q Fqm /Fq ∗ q x∈Fqm a∈Fq 1 X X qm−1 N d = χq(ac) χq TrFqm /Fq ax q ∗ a∈Fq x∈Fqm m 1 X X q −1 d = χq(ac) χqm ax N . q ∗ a∈Fq x∈Fqm

Hence the result follows.

m For k ∈ Z and N | q − 1, we denote

m q −1 d,qm X N Γk(N) = µ(d)ηk . d|N

For β ∈ Fqm , let WH (N, β) denote the Hamming weight of the n-tuple, where n = (qm − 1)/N, given by

N (n−1)N c(N, β) := TrFqm /Fq (β) , TrFqm /Fq βα ,..., TrFqm /Fq βα .

For an integer t 6= 0, let ω(t) be the number of distinct prime divisors of t.

The following proposition gives some general identities relating Zq,m,N (c), Pq,m,N (c), through the M¨obiusinversion formula, as well as shows their connection to Hamming weights.

Proposition 6.4.2. Let q be a power of a prime, m be a positive integer, N | qm − 1

142 and k ∈ Z. Then the following identities hold:

Proof. To prove the ﬁrst six identities we use the M¨obiusinversion formula together with Lemma 6.1.4 and Lemma 6.4.1. The last identity follows from the one before it. Indeed, noting that X X WH (d, 1) = Pq,r,b(c), ∗ qm−1 c∈Fq b|( d ) we get

qm − 1 X X X X φ(N) − Z (0) = Z (c) = µ(d) P (c) N q,m,N q,m,N q,r,b ∗ ∗ qm−1 c∈Fq d|N c∈Fq b|( d ) X = µ(d)WH (d, 1). d|N

143 We can obtain a much simpler relation among Zq,m,N (0) and Pq,m,N (0) in the special case when LQ | N.

Lemma 6.4.3. Let D be the smallest positive divisor of q − 1 such that (q − 1)/D

m is coprime to Q, and let N | q − 1 such that DQ | N. Then Zq,m,N (0) is related to

Pq,m,N (0) by the equation

qm − 1 Z (0) = P (0). q,m,N N q,m,N

In particular we have the following relation:

φ(qm − 1) P m (0) = P (0). q,m,q −1 φ(DQ) q,m,DQ

Proof. First note that since N is a multiple of DQ, then (qm −1)/N divides (q −1)/D and hence is coprime to Q. Let K be the largest divisor of N that is coprime to Q. Then similarly as done in the proof of Lemma 6.2.1, we have, by Lemma 2.3.2,

q−2 m q−2 m q −1 d,qm q −1 bd,qm X X N X X X N µ(d) ηQi = µ(bd) ηQi d|N i=0 b|K d|gcd(Q,N) i=0

X X (q − 1)d (d,qm) = µ(b) µ(d) η qm−1 bd 0 b|K d|gcd(Q,N) N N X µ(b) Nφ(K) = ∆ (gcd (Q, N)) = ∆ (gcd (Q, N)). Q b 0 QK 0 b|K

φ(N) φ(K) φ(gcd (Q, N)) Then by Lemma 6.4.1 and using the fact that = , we get N K gcd (Q, N)

N φ(N) φ(K) P (0) = Q + ∆ (gcd (Q, N)) q,m,N qQ N K 0 Nφ(K) Q = φ(gcd (Q, N)) + ∆ (gcd (Q, N)) . qQK gcd (Q, N) 0

144 Now the ﬁrst identity follows from Theorem 1.0.18. For the second, Lemma 6.2.2 and the ﬁrst identity gives

(q − 1)/D q − 1 P m (0) = Z (0) = Z (0) = P (0). φ((q − 1)/D) q,m,q −1 q,m,Q q,m,DQ D q,m,DQ

Hence we obtain q − 1 P m (0) = φ P (0). q,m,q −1 D q,m,DQ

Now the result follows by noticing that, since DQ is coprime to (q − 1)/D, then

q − 1 q − 1 φ(qm − 1) = φ DQ = φ(DQ)φ . D D

m Note that LQ := DQ is the largest divisor of q − 1 with the same radical as

that of Q. Moreover whenever Pq,m,qm−1(0) 6= 0, the ratio, of the number of primitive

elements with zero trace, to the number of elements of order LQ with trace zero, is the same as that of the number of primitive elements to the number of elements of

order LQ. As a consequence of Theorem 1.0.17 and Lemma 6.4.3 we obtain the following existence result. For this we will need the fact that for any N | (qm − 1) and any

d | N, the set of N-free elements is a subset of the set of d-free elements in Fqm .

m Theorem 6.4.4. Let m > 1 and N | q −1 such that LQ | N, where LQ is the largest divisor of qm − 1 with the same radical as that of Q = (qm − 1)/(q − 1). Then there

∗ exists an element ξ ∈ Fqm of order N satisfying TrFqm /Fq (ξ) = 0 if and only if m 6= 2 and (q, m) 6= (4, 3).

Proof. First by Lemma 6.2.2 there exists a primitive element with trace 0 if and only

145 if there exists a Q-free element with trace 0. By Theorem 1.0.17 this happens if and only if m 6= 2 and (q, m) 6= (4, 3). Since a (qm − 1)-free (primitive) element is

m also d-free for any divisor d of q − 1, if follows that Zq,m,N (0) > 0 if m 6= 2 and

(q, m) 6= (4, 3); by Lemma 6.4.3 we also have Pq,m,N (0) > 0. On the other hand,

if m = 2 or (q, m) = (4, 3), suppose on the contrary that Pq,m,N (0) > 0. Then by

Lemma 6.4.3 we have Zq,m,N (0) > 0. Since Q | N, then Zq,m,Q(0) > 0, contradicting

the fact that Zq,m,Q(0) = 0 when m = 2 or (q, m) = (4, 3).

We apply Lemma 6.4.3 together with Corollary 1.0.25 to obtain the following consequence.

Theorem 6.4.5. Let p be a Mersenne prime and let Q = (p4 − 1)/(p − 1) = (p +

2 ∗ 1)(p + 1). Then the number of non-zero elements in Fp4 with order 2Q and absolute trace zero is φ(2Q)/(p + 1) = 2φ(p2 + 1).

Proof. In this case Q = (p + 1)(p2 + 1) and so the only prime diving both p − 1 and Q is 2. Since 2 has multiplicity 1 in the factorization of p − 1, it follows that D = 2, where D is as deﬁned in Lemma 6.4.3. Then by Lemma 6.4.3 and Corollary 1.0.25 we get

4 p4−1 φ(2Q) φ(p − 1) − φ p+1 P (0) = q,m,2Q pφ(p4 − 1) p4−1 φ(2Q) φ(2Q)φ p+1 = − . p pφ(p4 − 1)

By Euler’s product formula for φ and using the fact that 2 | p − 1 while p + 1 is a

146 power of 2, note that

Y 1 (p + 1)φ (p − 1)(p2 + 1) = (p + 1)(p − 1)(p2 + 1) 1 − l l|(p−1)(p2+1) Y 1 = (p + 1)(p − 1)(p2 + 1) 1 − l l|(p+1)(p−1)(p2+1)

= φ(p4 − 1).

Now from the fact that (p4 − 1)/(p + 1) = (p − 1)(p2 + 1), the above yields

φ(2Q) φ(2Q) P (0) = − q,m,2Q p p(p + 1) φ(2Q) = . p + 1

Remains to note that, since p is a Mersenne prime,

φ(2Q) Y 1 = 2(p2 + 1) 1 − = 2φ(p2 + 1). p + 1 l l|p2+1

147 Chapter 7

Conclusion

In this thesis we studied several problems on polynomials over finite fields. We started in Chapter 2 by reviewing some basic preliminary concepts which are required in subsequent chapters. Then we moved on to the other chapters covering compositional inverses of permutation polynomials, complete mappings, existence of irreducibles with prescribed coefficients, and ennumeration of primitive and N-free elements with prescribed trace. In Chapter 3 we have presented the results in [70] where we extended the decomposition method, first used in [81], to find the compositional inverses, and preimages in certain cases, of several more general classes of permutation polynomials over arbitrary finite fields. As a result we showed how the inverses of these classes can be written in terms of the inverses, over subspaces, of two other polynomials, f,¯ ϕ, where ϕ is linearized. In some of these cases one is able to obtain both such inverses, thus obtaining the full explicit result. We also showed that by solving a system of linear equations we can obtain a linearized polynomial inducing the inverse map over subspaces on which a prescribed linearized polynomial induces a bijection. In the special case that the Dickson matrix in such a linear equation is a circulant matrix,

148 and the characteristic p of Fqn does not divide n, the system may be solved quickly by writing said equation as a convolution and then applying an FFT. In addition, we gave the compositional inverse of a class of permutation polynomials generalizing those for which their inverses were obtained in [23] and [81], respectively. We also obtained the explicit compositional inverse of a class of permutation polynomials generalizing that whose inverse was recently given in [79]. However, in many of the

results we imposed the stronger condition that ϕ bijects the subspace Sψ, which is

not a necessary condition for a given polynomial f to induce a permutation of Fqn . It would thus seem to be of interest to “ease” this requirement, or possibly get rid of

it altogether by using a certain bijection φ : Fqn → ψ(Fqn ) ⊕ ker(ψ), instead of our

injective map φψ : Fqn → ψ(Fqn ) ⊕ Sψ. The reason for the preference of ker(ψ) over

Sψ is that in most of the cases of the permutation f, a necessary condition for it to be a permutation is that ϕ is injective on ker(ψ). We for now leave this as future work. In Chapter 4 we showed our results in [71]. There we gave the compositional inverses of linearized binomials permuting the kernel of the trace map under the assumption that it does not permute the entire finite field in question. Recently, the compositional inverses of linearized permutation binomials were obtained in [81]. The significance of our result lies in its applications to obtain the compositional inverses of certain classes of permutation polynomials relying on the trace map, say the complete mapping of Theorem 4.2.3. We gave the compositional inverse of this mapping there. In addition we obtained an extension of a class of complete mappings recently given in [84] as well as obtained a recursive construction of complete mappings involving multi-trace functions. In summary, with regards to compositional inverses, the method first used in [81] and extended in [70] seems quite applicable, and it is expected that it can similarly

149 be applied to several more classes of permutation polynomials. The main drawback seems to be that the inverse results are written in terms of the inverses of f,¯ ϕ, over subspaces, which one may not always be able to easily determine explicitly. It would be interesting to find more classes of permutation polynomials with nice explicit expressions for their compositional inverses. In Chapter 5 we presented the new proof, obtained in [72], of the Hansen-Mullen irreducibility conjecture. The proof partly relied on a (seemingly novel) sufficient condition for a given polynomial to have an irreducible factor of degree n, as well as some of the ideas of Dorsey-Hales [28]. We wonder whether some of the techniques employed here can be extended to tackle the problem of existence of irreducibles with several prescribed coefficients, but we for now leave this to the consideration of the interested reader. Finally in Chapter 6 we presented the results first attained in [69]. In particular we gave a very simple formula for the number of primitive elements in quartic extensions of Mersenne prime fields, having absolute trace zero. In contrast to the case of the irreducible polynomials, no such formulas were known, up to now, in any specific non-trivial case of the primitives. In addition, using the known explicit expressions for Gaussian periods in the semi-primitive case as well as the results on uniformity, we obtained in Corollary 1.0.23 and 1.0.27 an explicit formula for the number of N- free elements with prescribed trace. We also derived in the last section of Chapter 6 an expression, in terms of Gaussian periods, for the number of elements with order N having a prescribed trace. Here we managed to derive an explicit formula, in

Theorem 6.4.5, for the number of elements in Fp4 with absolute trace zero and high order 2(p + 1)(p2 + 1), where p is a Mersenne prime. Previously Cohen [16] proved that, except for a small number of trivial exceptions, there exists a primitive element with any prescribed trace. That is, he showed that

150 ∗ m for all c ∈ Fq, Pq,qm (q − 1, c) > 0, while, if m 6= 2 and (q, m) 6= (4, 3), then m Pq,qm (q − 1, 0) > 0. One can see this as a classiﬁcation of all the pairs (q, m) such

m that there exists an element of order q − 1 in Fqm with any prescribed trace. One could also consider the following more general problem: (1) Classify all the triples (q, m, N) such that there exists an element with order

m ∗ N | q − 1 in Fqm having any prescribed trace. Additionally, the reader might be interested in the following related problems: (2) Find more classes of triples (q, m, c) for which explicit formulas may be obtained for the number of primitive elements in Fqm with trace c ∈ Fq, say in the style of Corollary 1.0.18.

(3) Classify all triples (q, m, N) such that the number of elements in Fqm , with order N and trace c 6= 0, is uniform in the trace. One could also consider speciﬁcally the case when N = qm − 1.

(4) Classify all triples (q, m, N) such that the number of N-free elements in Fqm , with trace c 6= 0, is uniform in the trace, as in Theorem 1.0.26. (5) Find tight bounds for the number of N-free, respectively of order N, with a prescribed trace. In particular, in the case of c = 0, ﬁnd tight bounds for the sum

m ∆0(n) in Chapter 6, where n divides Q = (q − 1)/(q − 1).

7.1 Appendix

The following table gives the numbers of primitive elements in the quartic extensions of Mersenne prime ﬁelds having absolute trace zero, for the ﬁrst ten Mersenne primes. See Corollary 1.0.25 for an explicit formula. SAGE software was used for the computations.

151 Table 7.1: The number of primitive elements of Fp4 with absolute zero trace for the ﬁrst ten Mersenne primes p Mersenne prime, p Zp,4,p4−1(0) 22 − 1 8 23 − 1 80 25 − 1 6, 912 27 − 1 464, 256 213 − 1 111, 974, 400, 000 217 − 1 519, 390, 596, 431, 872 219 − 1 30, 572, 599, 504, 748, 544 231 − 1 1, 968, 482, 608, 781, 191, 263, 129, 600, 000 261 − 1 2, 159, 465, 982, 279, 294, 537, 199, 679, 191, 374, 585, 254, 935, 265, 280, 000, 000, 000 289 − 1 51, 505, 739, 520, 752, 637, 174, 787, 391, 794, 396, 705, 748, 179, 291, 647, 742, 969, 497, 437, 393, 928, 825, 245, 616, 046, 080

152 Bibliography

[1] M. Aigner and G.M. Ziegler, Proofs from the book, 4th ed., Springer-Verlag, Berlin, 2010.

[2] A. Akbary, S. Alaric, Q. Wang, On some classes of permutation polynomials, International Journal of Number Theory, Vol 4, No. 1 (2008), 121–133.

[3] A. Akbary, D. Ghioca, Q. Wang, On constructing permutations of ﬁnite ﬁelds, Finite Fields Appl. 17 (2011), no. 1, 51–67.

[4] A. Akbary, D. Ghioca, Q. Wang, On permutation polynomials with prescribed shape, Finite Fields Appl. 15 (2009), no. 2, 195–206.

[5] A. Akbary and Q. Wang, On polynomials of the form xrf(x(q−1)/l), Int. J. Math. Math. Sci. (2007), Article ID 23408, 7 pages.

[6] E. Bach, J. Shallit, Algorithmic number theory, Vol. 1. Eﬃcient algorithms. Foundations of Computing Series. MIT Press, Cambridge, MA, 1996.

[7] A. Barvinok, Matrices with prescribed row and column sums, Linear Algebra Appl. 436 (2012), no. 4, 820–844.

[8] J. Bourgain, Prescribing the binary digits of primes, II, Israel J. Math. 206 (2015), no. 1, 165– 182.

[9] R.P. Brent, P. Zimmermann, The great trinomial hunt, Notices Amer. Math. Soc. 58 (2011), no. 2, 233–239.

[10] A. Canteaut and M. Videau, Symmetric boolean functions, IEEE Transactions on Information Theory, Institute of Electrical and Electronics Engineers 51 (2005), no. 8, 2791–2811.

[11] X. Cao, L. Hu and Z. Zha, Constructing permutation polynomials from piecewise permutations, Finite Fields Appl. 26 (2014), 162–174.

153 [12] L. Carlitz, A theorem of Dickson on irreducible polynomials, Proc. Amer. Math. Soc. 3 (1952), 693–700.

[13] F.N. Castro and L.A. Medina, Linear recurrences and asymptotic behaviour of exponential sums of symmetric boolean functions, Electr. J. Comb. 18 (2011), no. 2, paper #P9.

[14] A. C¸e¸smelioglu,W. Meidl and A. Pott, Generalized Maiorana-McFarland class and normality of p-ary bent functions, Finite Fields Appl. 24 (2013), 105–117.

[15] P. Charpin and G. Kyureghyan, When does G(x) + γTr(H(x)) permute Fpn ?, Finite Fields Appl. 15 (2009), no. 5, 615–632.

[16] S.D. Cohen, Primitive elements and polynomials with arbitrary trace, Discrete Math. 83 (1990), no. 1, 1–7.

[17] S.D. Cohen, Explicit theorems on generator polynomials, Finite Fields Appl. 11, no. 3 (2005), 337–357.

[18] S.D. Cohen, Primitive polynomials over small ﬁelds, Finite ﬁelds and applications, 197–214, Lecture Notes in Comput. Sci., 2948, Springer, Berlin, 2004.

[19] S.D. Cohen, Primitive polynomials with a prescribed coeﬃcient, Finite Fields Appl. 12 (2006), no. 3, 425–491.

[20] S.D. Cohen, M. Pre˘sern, Primitive ﬁnite ﬁeld elements with prescribed trace, Southeast Asian Bull. Math. 29 (2005), no. 2, 283–300.

[21] S.D. Cohen, M. Pre˘sern, The Hansen-Mullen primitive conjecture: completion of proof, Number theory and polynomials, 89–120, London Math. Soc. Lecture Note Ser., 352, Cambridge Univ. Press, Cambridge, 2008.

[22] S.D. Cohen and M. Preˇsern, Primitive polynomials with prescribed second coeﬃcient, Glasgow Math. J. 48 (2006), 281–307.

[23] R. S. Coulter, M. Henderson, The compositional inverse of a class of permutation polynomials over a ﬁnite ﬁeld, Bull. Austral. Math. Soc. 65 (2002), 521–526.

[24] R. S. Coulter, M. Henderson, R. Mathews, A note on constructing permutation polynomials, Finite Fields Appl. 15 (2009), no. 5, 553–557.

154 [25] C. Ding, Cyclic codes from some monomials and trinomials, SIAM J. Discrete Mathematics, to appear.

[26] C. Ding, J. Yang, Hamming weights in irreducible cyclic codes, Discrete Math. 313 (2013), no. 4, 434–446.

[27] C. Ding, J. Yuan, A family of skew Hadamard diﬀerence sets, J. Combin. Theory Ser. A 113 (2006), 1526–1535.

[28] T. Dorsey and A. W. Hales, Irreducible coeﬃcient relations. Sequences and their applications- SETA 2012, 117-125, Lecture Notes in Comput. Sci., 7280, Springer, Heidelberg, 2012.

[29] A.B. Evans, Orthomorphism graphs of groups, Lecture Notes in Mathematics, volume 1535, Springer-Verlag (1992).

[30] S.Q. Fan and W.B. Han, p-Adic formal series and primitive polynomials over ﬁnite ﬁelds Proc. Amer. Math. Soc. 132 (2004), 15–31.

[31] N. Fernando and X. Hou, A piecewise construction of permutation polynomial over ﬁnite ﬁelds, Finite Fields Appl. 18 (2012), 1184-1194.

[32] R.W. Fitzgerald and J.L. Yucas, Irreducible polynomials over GF(2) with three prescribed coef- ﬁcients, Finite Fields Appl. 9 (2003), 286–299.

[33] T. Garefalakis, Irreducible polynomials with consecutive zero coeﬃcients, Finite Fields Appl. 14 (2008), no. 1, 201–208.

[34] J. Ha, Irreducible polynomials with several prescribed coeﬃcients, Finite Fields Appl. 40 (2016), 10–25.

[35] K.H. Ham and G.L. Mullen, Distribution of irreducible polynomials of small degrees over ﬁnite ﬁelds, Math. Comp. 67 (1998), no. 221, 337–341.

[36] W.B. Han, On Cohen’s problem, Chinacrypt ’96, Academic Press (China) (1996) 231–235 (Chi- nese).

[37] T. Hansen and G.L. Mullen, Primitive polynomials over ﬁnite ﬁelds, Math. Comp. 59 (1992), 639–643.

[38] X. Hou, Two classes of permutation polynomials over ﬁnite ﬁelds, J. Combin. Theory Ser A 118 (2011), no. 2, 448–454.

155 [39] X. Hou, A new approach to permutation polynomials over ﬁnite ﬁelds. Finite Fields Appl. 18 (2012), no. 3, 492–521.

[40] C¸.K. Ko¸c, Open Problems in Mathematics and Computational Science, Springer International Publishing, 2014.

[41] B. Koma, D. Panario, Q. Wang, The number of irreducible polynomials of degree n over Fq with given trace and constant terms, Discrete Mathematics, 310 (2010), 1282–1292.

[42] K. Kononen, M. Moisio, M. Rinta-aho, K. Väänänen, Irreducible polynomials with prescribed trace and restricted norm, JP J. Algebra Number Theory Appl. 11 (2009), 223–248.

[43] E. N. Kuz’min, On irreducible polynomials over a ﬁnite ﬁeld (Russian) Sibirsk. Mat. Zh. 30 (1989), no. 6, 98–109; translation in Siberian Math. J.

[44] E. N. Kuz’min, A class of irreducible polynomials over a ﬁnite ﬁeld, (Russian) Dokl. Akad. Nauk SSSR 313 (1990), no. 3, 552–555; translation in Soviet Math. Dokl. 42 (1991), no. 1, 45–48.

[45] G.M. Kyureghyan, Constructing permutations of ﬁnite ﬁelds via linear translators, J. Combin. Theory Ser. A 118 (2011), no. 3, 1052–1061.

[46] Y. Laigle-Chapuy, Permutation polynomials and applications to coding theory, Finite Fields Appl. 13 (2007), 58–70.

[47] Y. Laigle-Chapuy, A note on a class of quadratic permutation polynomials over F2n , Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, in: Lecture Notes in Comput. Sci., vol. 4851, Springer, (2007), 130–137.

[48] R. Lidl, H. Niederreiter, Finite ﬁelds, 2nd ed., Encyclopedia Math. Appl., vol. 20, Cambridge University Press, Cambridge, (1997).

[49] J.H. van Lint and R.M. Wilson, A course in combinatorics, 2nd ed., Cambridge University Press, Cambridge, 2001.

[50] J. E. Marcos, Specific permutation polynomials over finite fields, Finite Fields Appl. 17 (2011), no. 2, 105–112.

[51] P. Mih˘ailescu, Primary cyclotomic units and a proof of Catalan’s conjecture, J. Reine Angew. Math. 572 (2004), 167–195.

[52] G.L. Mullen and D. Panario, Handbook of ﬁnite ﬁelds, CRC Press, 2013.

156 [53] G.L. Mullen, Q. Wang, Permutation polynomials of one variable, in: Handbook of Finite Fields, Chapman and Hall/CRC, (2013), Section 8.1, 215–230.

[54] A. Muratović-Ribić, A note on the coefficients of inverse polynomials, Finite Fields Appl. 13 (2007), no. 4, 977–980.

[55] A. Muratović-Ribićand E. Pasalic, A note on complete polynomials over finite fields and their applications in cryptography, Finite Fields Appl. 25 (2014), 306–315.

[56] K. Nyberg, Perfect non-linear S-boxes, Proc. Advances in Cryptology, EUROCRYPT (1991), LNCS, vol. 547, Springer, Heidelberg, (1992), 378–386.

[57] D. Panario and G. Tzanakis, A generalization of the Hansen–Mullen conjecture on irreducible polynomials over ﬁnite ﬁelds, Finite Fields Appl. 18 (2) (2012) 303–315.

[58] P. Pollack, Irreducible polynomials with several prescribed coeﬃcients, Finite Fields Appl. 22 (2013), 70–78.

[59] D-B. Ren, On the coefficients of primitive polynomials over finite fields, Sichuan Daxue Xuebao 38 (2001), 33–36.

[60] P. Ribenboim, The New Book of Prime Number Records, 3rd ed., Springer-Verlag, New York, 1995.

[61] R.L. Rivest, A. Shamir, L.M. Adelman, A method for obtaining digital signatures and public-key cryptosystems, ACM Commun. Comput. Algebra 21 (1978), 120–126.

[62] A. Sade, Groupoides automorphes par le groupe cyclique, Canad. J. Math. vol. 9, (1957), 321– 335.

[63] S. Samardjiska and D. Gligoroski, Quadratic permutation polynomials, complete mappings and mutually orthogonal Latin squares, preprint.

[64] J. Schwenk and K. Huber, Public key encryption and digital signatures based on permutation polynomials, Electron. Lett. 34 (1998) 759–760.

[65] I. E. Shparlinski, On primitive polynomials, Prob. Peredachi Inform. 23 (1988), 100–103 (Rus- sian).

157 [66] P. St˘anic˘a,S. Gangopadhyay, A. Chaturvedi, A. K. Gangopadhyay and S. Maitra, Investigations on bent and negabent functions via the nega-Hadamard transform, IEEE Trans. Inf. Theory 58 (6) (2012) 4064–4072.

[67] Z. Tu, X. Zeng, L. Hu, Several classes of complete permutation polynomials, Finite Fields Appl. 25 (2014), 182–193.

[68] A. Tuxanidy, Q. Wang, Composed products and factors of cyclotomic polynomials over ﬁnite ﬁelds, Des. Codes Cryptogr. 69 (2013), 203–231.

[69] A. Tuxanidy and Q. Wang, On the number of N-free elements with prescribed trace, J. Number Theory 160 (2016), 536–565.

[70] A. Tuxanidy, Q. Wang, On the inverses of some classes of permutations of ﬁnite ﬁelds, Finite Fields Appl. 28 (2014), 244–281.

[71] A. Tuxanidy and Q. Wang, Compositional inverses and complete mappings over ﬁnite ﬁelds, Discrete Applied Mathematics, v.217 no.2 (2017), p.318–329

[72] A. Tuxanidy and Q. Wang, A new proof of the Hansen-Mullen irreducibility conjecture,

Canadian Journal of Mathematics, http://dx.doi.org/10.4153/CJM-2017-022-1, Canadian Mathematical Society 2018.

[73] A. Tuxanidy and Q. Wang, Characteristic digit-sum sequences, Cryptogr. Commun. (2018) 10:705–717

[74] G. Tzanakis, On the existence of irreducible polynomials with prescribed coefficients over finite fields, Master’s thesis, Carleton University, 2010, http://www.math.carleton.ca/ gtzanaki/mscthesis.pdf.

[75] D. Wan, Generators and irreducible polynomials over ﬁnite ﬁelds, Math. Comp. 66 (219) (1997) 1195–1212.

[76] Q. Wang, On inverse permutation polynomials, Finite Fields Appl. 15 (2009), 207–213.

[77] Q. Wang, On generalized Lucas sequences, Combinatorics and Graphs: the twentieth anniversary conference of IPM, May 15-21, (2009), Contemporary Mathematics 531 (2010), 127-141.

[78] Q. Wang, Cyclotomy and permutation polynomials of large indices, Finite Fields Appl. 22 (2013), 57–69.

158 [79] B. Wu, The compositional inverse of a class of linearized permutation polynomials over F2n , n odd, arXiv:1305.1411v2 [math.CO], preprint (2013).

[80] B. Wu and Z. Liu, Linearized polynomials over ﬁnite ﬁelds revisited, Finite Fields Appl. 22 (2013), 79–100.

[81] B. Wu and Z. Liu, The compositional inverse of a class of bilinear permutation polynomials over ﬁnite ﬁelds of characteristic 2, Finite Fields Appl. 24 (2013), 136–147.

[82] B. Wu, Linearized and linearized derived permutation polynomials over ﬁnite ﬁelds and their compositional inverses (in Chinese), Ph.D thesis, University of Chinese Academy of Sciences, 2013.

[83] B. Wu, The compositional inverses of linearized permutation binomials over ﬁnite ﬁelds, arXiv:1311.2154v1 [math.NT], preprint (2013).

[84] B. Wu and D. Lin, Complete permutation polynomials induced from complete permutations of subﬁelds, arXiv:1312.5502v1 [math.NT], preprint (2013).

[85] B. Wu and D. Lin, On constructing complete permutation polynomials over ﬁnite ﬁelds of even characteristic, Discrete Applied Math. 184 (2015), 213-222.

[86] G. Wu, N. Li, T. Helleseth and Y. Zhang, More classes of complete permutation polynomials

over Fq, arXiv:1312.4716v2 [cs.IT], preprint (2013).

[87] A. Wyn-jones, Circulants, (2008). Available at: http://www.circulants.org/circ/circall.pdf

[88] P. Yuan and C. Ding, Permutation polynomials over ﬁnite ﬁelds from a powerful lemma, Finite Fields Appl. 17 (2011), no. 6, 560–574.

[89] P. Yuan and C. Ding, Further results on permutation polynomials over ﬁnite ﬁelds. Finite Fields Appl. 27 (2014), 88–103.

[90] J.L. Yucas, Irreducible polynomials over ﬁnite ﬁelds with prescribed trace/prescribed constant term, Finite Fields Appl. 12 (2006), no. 2, 211–221.

[91] Z. Zha and L. Hu, Two classes of permutation polynomials over ﬁnite ﬁelds, Finite Fields Appl. 18 (2012), no. 4, 781-790.

[92] Z. Zha, L. Hu, and X. Cao, Constructing permutations and complete permutations over finite fields via subfield-valued polynomials Finite Fields Appl. 31 (2015), 162-177.

159 [93] M. Zieve, Classes of permutation polynomials based on cyclotomy and an additive analogue, in: Additive Number Theory, Springer, (2010), 355–361.

160