Finding Nice Permutation Polynomials Over Finite Fields

Finding Nice Permutation Polynomials over Finite Fields

By Karl Wallulis

A MTH 501 – Mathematical Literature Project

Under the direction of Dr. John Caughman IV 2nd Reader: Dr. Derek Garton

Submitted in partial fulfillment of the requirements for the degree of

Masters of Science in Mathematics Portland State University Fariborz Maseeh Department of Mathematics & Statistics

June 16, 2017 Wallulis 2

Introduction.

A polynomial over a finite field 픽q is defined to be a permutation polynomial if it permutes the elements of the field. Permutation polynomials were first studied by Betti,

Mathieu and Hermite as a way of representing permutations. In this mathematical literature project, we work through a 2008 paper by Michael E. Zieve [1] that describes a set of necessary and sufficient conditions under which a specific family of polynomials over

푟 푣 푡 푘−1 a finite field 픽q of the form 푓(푥) = 푥 ℎ푘(푥 ) permutes the field, where ℎ푘(푥) ∶= 푥 +

푥푘−2 + ⋯ + 1 and r, k, v and t are positive integers. These results coincide with those of previous authors in special cases, but with simpler proofs.

§1 Families of “nice” permutation polynomials.

Recent attention has been focused on finding permutation polynomials of “nice”

푢 forms. Akbary, Q. Wang and L. Wang [2, 3] studied binomials in 픽q of the form 푓(푥) = 푥 +

푥푟, with the condition that 푑 ∶= gcd(푞 − 1, 푢 − 푟) satisfies (푞 − 1)/푑 ∈ {3, 5, 7}. They found necessary and sufficient conditions for such polynomials to permute 픽q. However, their proofs contained “lengthy calculations involving coefficients of Chebyshev polynomials, lacunary sums of binomial coefficients, determinants of circulant matrices […] among other things” (Zieve pg. 1). Their proofs also required completely different arguments in each of the aforementioned cases.

More recently, Zieve proved a set of necessary and sufficient conditions for a more

푟 푣 푡 general family of functions 푓(푥) = 푥 ℎ푘(푥 ) to be permutation polynomials (where

푘−1 푘−2 ℎ푘(푥) ∶= 푥 + 푥 + ⋯ + 1 and r, k, v and t are positive integers). Note that this family Wallulis 3

contains as a subset the family of polynomials 푓(푥) = 푥푢 + 푥푟, with 푘 = 2 and 푣 = 푢 − 푟.

First, the main result (using the notation 푠 ∶= gcd(푞 − 1, 푣), 푑 ≔ (푞 − 1)/푠, and 푒 ∶= 푣/푠):

푟 푣 푡 푘−1 푘−2 Proposition 1.1 (Zieve pg. 2) Let 푓(푥) = 푥 ℎ푘(푥 ) , where ℎ푘(푥) ∶= 푥 + 푥 + ⋯ + 1 and r, k, v and t are positive integers. Then f permutes 픽q if and only if all of the following conditions hold: (1) gcd(푟, 푠) = gcd(푑, 푘) = 1 (2) gcd(푑, 2푟 + 푣푡(푘 − 1)) ≤ 2 (3) 푘푠푡 ≡ (−1)(푑+1)(푟+1)(푚표푑 푝) 푠푡 1−푥푘푒 (4) 푔(푥) ≔ 푥푟 ( ) is injective on 휇 \ 휇 1−푥푒 푑 1 (푑+1)(푟+1) (5) (−1) ∉ 푔(휇푑 \ 휇1)

th where, for any positive integer i, the symbol 휇푖denotes the set of i roots of unity.

Conditions 4 and 5 are obviously more complicated than the first three. In the cases

푑 ∈ {3, 5, 7}, if just the first three conditions hold, a corollary allows us to determine whether 푓(푥) permutes the field from a simpler set of conditions:

Corollary 1.3 (Zieve pg. 2) Suppose the first three conditions of Proposition 1.1 hold, and d is an odd prime. Pick 휔 ∈ 픽q of order d. (1) If

휁푘− 휁−푘 (*) ∈ 휇 for every 휁 ∈ 휇 \ 휇 휁−휁−1 푠푡 푑 1

Then f permutes 픽q.

(2) If d = 3 then f always permutes 픽q. (3) If d = 5 then f permutes 픽q if and only if (*) holds. (4) If d = 7 then f permutes 픽q if and only if either (*) holds or there exists 휖 ∈ {−1,1} such that

푠푡 휔푖푘푒 − 휔−푖푘푒 ( ) = 휔2휖(2푟+(푘−1)푣푡)푖 휔푖푒 − 휔−푖푒 for every 푖 ∈ {1,2,4}.

Wallulis 4

Before diving into the proofs, it will serve to go through a worked example in detail.

The field 픽16 should be simple enough to allow for computations by hand but rich enough to demonstrate the complexity of the algebra. Line (2) of Corollary 1.3 gives us a great foothold for finding a permutation polynomial within this field: we simply need positive integers r, v, k and t satisfying 푑 = 3 and meeting the first three conditions of Proposition

1.1. Since q = 16, we must have 푑 = 15/푠 = 3 , so 푠 = 5. As 푠 = gcd(15, 푣), we can choose

푣 = 5. Choosing 푟 = 4, 푘 = 5 and 푡 = 1 satisfies Conditions 1-3 of Proposition 1.1, as gcd(4, 5) = gcd(3, 5) = 1, gcd(3, 2(4) + 5(4)) = gcd(3, 28) ≤ 2 and 55 = (−1)20 (mod 2).

Our chosen polynomial is therefore

4 5 4 20 15 10 5 푓(푥) = 푥 ℎ5(푥 ) = 푥 (푥 + 푥 + 푥 + 푥 + 1) which we hope to see permute the elements of the field 픽16.

Now that we have defined our polynomial, if we are to find its image in 픽16 we need a characterization of the field that allows for straightforward evaluation of polynomials. It is a basic result of abstract algebra that every finite field is a finite extension of a prime field

픽p, p a prime, with 픽p ≈ ℤp. Therefore, 픽16 is an extension of degree 4 over the prime field

픽2 ≈ ℤ2. This finite extension can be obtained by taking the quotient of ℤ2[푥] by the ideal generated by an irreducible polynomial 푝(푥) of degree 4 in ℤ2[푥]. The polynomial

4 푝(푥) = 푥 + 푥 + 1 meets these conditions, therefore 픽16 ≈ ℤ2[푥] / 〈푝(푥)〉 . The elements of

픽16 can then be expressed as the sixteen distinct residue classes under division of polynomials in ℤ2[푥] by 푝(푥), which means every element corresponds bijectively to a polynomial of degree less than 4 in ℤ2[푥]. Wallulis 5

Even using this representation, evaluating 푓(푥) would still be a chore – consider evaluating

4 20 15 푓(̅푥̅3̅̅̅+̅̅̅푥̅̅+̅̅̅1̅) = (̅푥̅3̅̅̅+̅̅̅푥̅̅+̅̅̅1̅) ((푥̅̅3̅̅+̅̅̅̅푥̅̅+̅̅̅1̅) + (푥̅̅3̅̅+̅̅̅̅푥̅̅+̅̅̅1̅) + ⋯ + 1) by hand. To further simplify matters, we make use of the fact that the nonzero elements of

∗ a finite field comprise a cyclic multiplicative subgroup 픽q, and we can therefore express all nonzero elements of 픽16 as powers of any generator β of this group. It so happens that in

픽16, the element 훽 ∶= 푥 +<푝(푥)> is a generator of the group, and we have

β2 = 푥2 β3 = 푥3 β4 = 푥 + 1 β5 = 푥2 + 푥 β6 = 푥3 + 푥2 β7 = 푥3 + 푥 + 1 β8 = 푥2 + 1 β9 = 푥3 + 푥 β10 = 푥2 + 푥 + 1 β11 = 푥3 + 푥2 + 푥 β12 = 푥3 + 푥2 + 푥 + 1 β13 = 푥3 + 푥2 + 1 β14 = 푥3 + 1 β15 = 1 (all mod <푝(푥)>).

This representation of the elements of 픽16 permits straightforward evaluation of our

4 5 4 20 15 10 5 polynomial 푓(푥) = 푥 ℎ5(푥 ) = 푥 (푥 + 푥 + 푥 + 푥 + 1) by hand. For example,

푓(푥3 + 푥 + 1) = 푓(훽7) = (훽7)4((훽7)20 + (훽7)15 + ⋯ + 1)

= 훽28(훽140 + 훽105 + 훽70 + 훽35 + 1) = 훽13(훽5 + 1 + 훽10 + 훽5 + 1)

= 훽13(훽10) = 훽8 = 푥2 + 1

It is no coincidence that 푓(훽7) = 훽15−7. This polynomial has the interesting property that

k 15−k ∗ 푓(훽 ) = 훽 over 픽16 (the motivated reader can verify this using similar computations as

∗ above for the other elements of 픽16). This, together with the fact that 푓(0) = 0, proves that

푓(푥) is indeed a permutation polynomial over 픽16, as we hoped. Wallulis 6

§2 An important preliminary lemma.

We begin with a preliminary lemma that defines an auxiliary polynomial of great use in the proof of the main proposition. We show that the question of whether 푓(푥)

th permutes 픽q can be reduced to whether this auxiliary polynomial permutes the d roots of unity µd of 픽q.

Lemma 2.1 (Zieve pg. 3) Pick 푑, 푟 > 0 with 푑 | (푞 − 1), and let ℎ ∈ 픽q[푥]. Then 푓(푥) ≔ 푟 (푞−1)/푑 푥 ℎ(푥 ) permutes 픽q if and only if both (1) gcd(푟, (푞 − 1)/푑) = 1 and 푟 (푞−1)/푑 (2) 푥 ℎ(푥) 푝푒푟푚푢푡푒푠 µd.

Proof. Let (a) denote the statement “푓(푥) permutes 픽q.” Zieve proves that (a)

↔ (1) ∩ (2) by showing that (a) implies (1) and that (1) implies the equivalence of (a) and

(2). The underlying logic ought to be made explicit:

1. 푎 → 1 2. 퐼푓 1, 푎 ↔ 2 a. ∴ 푎 → 2 b. ∴ 푎 → 1 ∩ 2 3. ∴ 1 ∩ 2 → 푎 4. ∴ 푎 ↔ 1 ∩ 2

We need to show that if 푓(푥) permutes 픽q, then gcd(푟, (푞 − 1)/푑) = 1. Let

푠 ≔ (푞 − 1)/푑. Assume that 푓(푥) permutes 픽q and assume by way of contradiction that

′ ′ ′ ′ + gcd(푟, 푠) = 푔 > 1. We can then write 푟 = 푟 푔, 푠 = 푠 푔 (푟 , 푠 ∈ ℤ ). For 휁 ∈ 휇푠, we have

푓(휁푥) = (휁푥)푟ℎ((휁푥)푠) = 휁푟푥푟ℎ(푥푠) = 휁푟푓(푥)

Choose 휁푠′ with ζ primitive, so that 휁푠′ ≠ 1. We have Wallulis 7

′ ′ ′ ′ ′ ′ ′ 푓(휁푠 푥) = (휁푠 )푟푓(푥) = (휁푠 )푟 푔푓(푥) = (휁푠 푔)푟 푓(푥) = (휁푠)푟 푓(푥) = 푓(푥), so 푓(푥) fails to permute 픽q, a contradiction.

We must now show that if gcd(푟, 푠) = 1, then 푓(푥) permutes 픽q if and only if

푟 푠 푔(푥) ≔ 푥 ℎ(푥) permutes µd, and then the proof will be complete. To show this, Zieve first argues that that “if gcd(푟, 푠) = 1, then the values of f on 픽q consist of all the sth roots of the values of 푓(푥)푠 = 푥푟푠ℎ(푥푠)푠” (pg. 3). To see why this is the case, pick a nonzero value in the

푠 푟푠 푠 푠 푘 ∗ range of 푓(푥) = 푥 ℎ(푥 ) . We have 푥 = 훽 for a generator 훽 of 픽q. If we can show that the set

Γ ≔ {푓(훽푘+푛푑), 푛 ∈ {1,2, … 푠}}

consists of s distinct elements in the range of 푓(푥) and that for all n, 푓(훽푘+푛푑)푠 = 푓(훽푘)푠, then we are done.

푠푑 푞−1 ∗ Recall that 푑 = (푞 − 1)/푠, so 푥 = 푥 = 1 for all 푥 ∈ 픽q. We have

푓(훽푘+푛푑) = (훽푘+푛푑)푟ℎ((훽푘+푛푑)푠) = 훽푘푟(훽푑푟)푛ℎ(훽푘푠)

푑푟 The order of 훽 in 픽q is

푞 − 1 푞 − 1 푞 − 1 = = = 푠 gcd(푑푟, 푞 − 1) 푑(gcd(푟, 푠)) 푑

Therefore, each of the elements of Γ are distinct. Finally, we have

푠 푓(훽푘+푛푑)푠 = (훽푘+푛푑)푟푠(ℎ((훽푘+푛푑)푠))푠 = (훽푘)푟푠(ℎ(훽푘푠)) = 푓(훽푘)푠 and we’re done.

With that important fact established, the rest of the proof is straightforward. It is at this point that we first use the important auxiliary polynomial 푔(푥). We see that the values Wallulis 8

푠 푟 푠 ∗ 푠 of 푓(푥) consist of 푓(0) = 0 and all the values of 푔(푥) = 푥 ℎ(푥) on (픽q) . It follows that if

∗ 푠 푔(푥) permutes the elements of (픽q) = 휇푑, then the range of 푓(푥), which consists of all of the sth roots of the elements in the range of 푔(푥), will be all of 픽q. And if 푔(푥) fails to permute 휇푑, then 푓(푥) will consist only of the set of sth roots of a proper subset of 휇푑, and consequently will not permute 픽q. ⧠

4 5 4 Returning to our worked example of 푓(푥) = 푥 ℎ5(푥 ) in 픽16, where ℎ5(푥) = 푥 +

푥3 + ⋯ + 1, we hope to have

푔(푥) = 푥4(푥4 + 푥3 + ⋯ + 1)5

5 10 5 5 20 20 permute 휇3 = {1, β , β }. We have 푔(1) = (1 + 1 + 1 + 1 + 1) = 1, 푔(β ) = β (β +

β15 + β10 + β5 + 1)5 = β5(β5 + 1 + β10 + β5 + 1)5 = β5(β10)5 = β55 = β10, and

푔(β10) = β40(β40 + β30 + β20 + β10 + 1)5 = β10(β10 + 1 + β10 + β5 + 1)5 = β10(β5)5 =

β35 = β5.

The auxiliary polynomial 푔(푥) proves to be a useful tool for producing simple

푟 푣 푡 results. For the next two propositions, we use the notation 푓(푥) = 푥 ℎ푘(푥 ) (where

푘−1 푘−2 ℎ푘(푥) ∶= 푥 + 푥 + ⋯ + 1 and r, k, v and t are positive integers) and 푠 ∶= gcd(푞 − 1, 푣),

푑 ≔ (푞 − 1)/푠, 푒 ∶= 푣/푠).

Proposition 3.1 (Zieve pg. 4) If 푑 = 1 then 푓(푥) permutes 픽q if and only if gcd(푘, 푝) = gcd(푟, 푠) = 1. If 푑 = 2 then 푓(푥) permutes 픽q if and only if gcd(푘, 2) = gcd(푟, 푠) = 1 푎푛푑 푘푠푡 = (−1)푟+1(푚표푑 푝).

Proof. These results follow easily from Lemma 2.1. Note that 푔(푥) is obtained from

푞−1/푑 (푞−1)/푑 푓(푥) by replacing ℎ푘(푥 ) 푤푖푡ℎ ℎ푘(푥) . Given the above definition of 푓(푥), we then

푟 푒 푠푡 have 푔(푥) = 푥 ℎ푘(푥 ) . If 푑 = 1, then 휇푑 = 휇1 = {1}, so we only need gcd(푟, 푠) = 1 and Wallulis 9

푔(1) = 1. But we have

푔(1) = (1)푟(1 + 1 + ⋯ + 1)푠푡 = 푘푠푡 = 푘(푞−1)푡

(note that 푑 = 1 implies 푠 = 푞 − 1), so 푔(푥) permutes 휇푑 if and only if gcd(푘, 푝) = 1.

푠푡 If 푑 = 2, then 푔(푥) acts on 휇2 = {−1, 1}. We still have 푔(1) = 푘 , and we also have

푟 푒 푠푡 푟 푒 푘−1 푠푡 푔(−1) = (−1) ℎ푘(−1 ) = (−1) ((−1 ) + ⋯ + 1)

This implies that k must be odd (otherwise 푔(−1) = 0), and consequently 푔(−1) = (−1)푟, which in turn forces 푔(1) = 푘푠푡 to be (−1)푟+1 (푚표푑 푝). ⧠

§3 Main proposition and two useful corollaries.

We are finally ready for the main result. I will deviate slightly from Zieve’s version for reasons explained in a subsequent remark.

Proposition. f permutes 픽q if and only if all of the following conditions hold: (1) gcd(푟, 푠) = gcd(푑, 푘) = 1 (2) 푘푠푡 ≡ (−1)(푑+1)(푟+1)(푚표푑 푝) 푠푡 1−푥푘푒 (3) 푔(푥) ≔ 푥푟 ( ) is injective on 휇 \ 휇 1−푥푒 푑 1 (푑+1)(푟+1) (4) (−1) ∉ 푔(휇푑 \ 휇1)

Proof. 푓 푝푒푟푚푢푡푒푠 픽q ⇒ (1) − (4)

We established in Lemma 2.1 that f permutes 픽q if and only if gcd(푟, 푠) = 1 and

푟 푒 푠푡 푔̂(푥) ≔ 푥 ℎ푘(푥 ) permutes 휇푑. Assume throughout that gcd(푟, 푠) = 1 and 푔̂(푥) permutes

휇푑. We will show that gcd(푑, 푘) = 1 and (2) – (4) must hold. For 휁 ∈ 휇푑 \ 휇1, we have

푠푡 1 − 휁푘푒 푔̂(푥) = 휁푟 ( ) . 1 − 휁푒 Wallulis 10

If 휁 ∈ 휇푘푒, then 푔̂(휁) = 0. So for 푔̂ to permute 휇푑, we need gcd(푑, 푘) = 1. To see why, assume by way of contradiction that gcd(푑, 푘) = 푚 > 1; we can then write 푑 = 푚푑′, 푘 =

푚푘′. For a primitive 휁 ∈ 휇푑, we see that

푠푡 푠푡 1 − 휁푚푑′푘′푒 1 − 휁푑푘′푒 푔̂(ζ푑′) = ( ) = ( ) = 0 1 − 휁푒 1 − 휁푒 so 푔̂ does not permute 휇푑, a contradiction.

푠푡 Recall that 푔̂(1) = 푘 . Since 푔̂ permutes 휇푑, we have

푑 2휋푘 2휋푘 2휋 푑(푑+1) 푖 푖 ∑ 푖 ∗ ∏ 푔̂ (휁) = ∏ 휁 = ∏ 푒 푑 = 푒 푑 = 푒 푑 2 = 푒푖휋(푑+1) = (−1)푑+1

휁∈휇푑 휁∈휇푑 푘=1

Additionally,

푠푡 1 − 휁푘푒 ∏ 푔̂ (휁) = 푘푠푡 ∏ 휁푟 ( ) 1 − 휁푒 휁∈휇푑 휁∈휇푑\휇1

푖푘 푗푘 (푗−푖)푘 Since gcd(푑, 푘) = 1, for all 휁 ∈ 휇푑, 0 < 푖 < 푗 < 푑 − 1, 휁 = 휁 ⇒ 휁 = 1 ⇒ 푖 = 푗, so

푘 휁 permutes 휇푑, therefore

푠푡 1 − 휁푘푒 ∏ ( ) = 1. 1 − 휁푒 휁∈휇푑\휇1

Therefore, we have (−1)푑+1 = 푘푠푡(−1)(푑+1)푟, so 푘푠푡 = (−1)(푑+1)(푟+1).

푠푡 Finally, (3) and (4) follow from the fact that 푔̂(푥) permutes 휇푑 and 푔̂(1) = 푘 =

(−1)(푑+1)(푟+1).

Wallulis 11

푓 푝푒푟푚푢푡푒푠 픽q ⇐ (1) − (4)

For 휁 ∈ 휇푑 \ 휇1, we have

푠푡 1 − 휁푘푒 ( ) ∈ 휇 1 − 휁푒 푑

∗ 푠 푠푡 (since gcd(푑, 푘) = gcd(푑, 푒) = 1) and (픽q) = 휇푑). From (2), we have 푔̂(1) = 푘 =

(푑+1)(푟+1) 푟 푒 푠푡 (−1) (푚표푑 푝), so 푔̂(1) ∈ 휇푑. Therefore 푔̂(푥) ≔ 푥 ℎ푘(푥 ) maps 휇푑 into 휇푑, so that bijectivity is equivalent to injectivity. From (3) and (4), we have

푠푡 1 − 푥푘푒 푔(푥) ≔ 푥푟 ( ) 1 − 푥푒 is injective on 휇푑 \ 휇1 and 푔̂(1) ∉ 푔(휇푑 \ 휇1), so 푔̂ is injective and therefore bijective on 휇푑.

Since gcd(푟, 푠) = 1, f permutes 픽q by Lemma 2.1. ⧠

Remark. Zieve put an extra condition (pg. 4) that I believe to be superfluous and only included as an aid in the corollaries:

gcd (푑, 2푟 + 푣푡(푘 − 1) ≤ 2

This is a necessary condition for g to permute 휇푑 (and therefore for f to permute 픽q), but it is implied by condition (3), which gives injectivity of 푔(푥) on 휇푑 \ 휇1.

Proof. As 푔̂(푥) permutes 휇푑, we must have 푔(휁) ≠ 푔(1/휁) if 휁 ≠ (1/휁). But

푠푡 푠푡 푠푡 휁푟 (1 − 휁푘푒)(휁푒(1−푘) (휁−푘푒 − 1)휁푒 1 − 휁−푘푒 푔̂(휁)/휁2푟+푒푠푡(푘−1) = ( ) = 휁−푟 ( ) = 휁−푟 ( ) 휁2푟 1 − 휁푒 1 − 휁푒 1 − 휁−푒

= 푔̂(1/휁). Wallulis 12

Therefore, if 푔(휁) ≠ 푔(1/휁), then 휁2푟+푒푠푡(푘−1) ≠ 1. Let 푚 = 2푟 + 푒푠푡(푘 − 1). Assume by way of contradiction that gcd(푑, 푚) = 푔 > 2. We can then write 푚 = 푚′푔 and 푑 = 푑′푔 for

′ ′ 푑′ −푑′ 푚 < 푚, 푑 < 푑. For a primitive 휁 ∈ 휇푑, we clearly have 휁 ≠ 휁 (since 푔 > 2). But

′ ′ ′ (휁푑 )푚 = (휁푑 )푚′푔 = (휁푑 푔)푚′ = (휁푑)푚′ = 1

′ ′ Therefore 푔(휁푑 ) = 푔(1/휁푑 ), a contradiction. Thus, gcd(푑, 2푟 + 푣푡(푘 − 1)) ≤ 2. ⧠

The next two corollaries follow logically from Zieve’s version of Proposition 3.2, so I will reproduce it here for the sake of the reader:

Proposition 3.2 (Zieve pg. 4) f permutes 픽q if and only if all of the following conditions hold: (1) gcd(푟, 푠) = gcd(푑, 푘) = 1 (2) gcd (푑, 2푟 + 푣푡(푘 − 1) ≤ 2 (3) 푘푠푡 ≡ (−1)(푑+1)(푟+1)(푚표푑 푝) 푠푡 1−푥푘푒 (4) 푔(푥) ≔ 푥푟 ( ) is injective on 휇 \ 휇 1−푥푒 푑 1 (푑+1)(푟+1) (5) (−1) ∉ 푔(휇푑 \ 휇1)

The first three conditions of Proposition 3.2 can be easily checked, while the last two require significantly more work. The work is simplified if d is an odd prime (even more so if it is a small one). In this case, we have a corollary that assumes the first three conditions of

2 Proposition 3.2 and identifies a polynomial 휒(푥) = 푛푥 + 휃(푥 ) ∈ 픽d[푥] that permutes 픽d if and only if f permutes 픽q.

Corollary 3.3 (Zieve pg. 5) Suppose the first three conditions of Proposition 3.2 hold, and d is an odd prime. Pick 휔 ∈ 픽q of order d. Then f permutes 픽q if and only if there exists 2 휃 ∈ 픽d[푥] with 휃(0) = 0 and deg(휃) < (푑 − 1)/2 such that (2푟 + (푘 − 1)푣푡)푥 + 휃(푥 ) permutes 픽d and, for every i with 0 < 푖 < 푑/2, we have

푖푘푒 −푖푘푒 푠푡 2 휔 − 휔 휔휃(푖 ) = ( ) . 휔푖푒 − 휔−푖푒 Wallulis 13

2 Proof. Our focus will be on 푔(휁 ), 휁 ∈ 휇푑 \ 휇1, with 푔(푥) defined as earlier. As a preliminary step, we show that squaring permutes 휇푑 if d is odd. As 휇푑 is a cyclic group of

2 푑−1 order (푑 − 1), we have 휇푑 = {1, 훽, 훽 , … , 훽 } for a primitive 훽 ∈ 휇푑. Assume by way of

2푎 2푏 contradiction that squaring does not permute 휇푑; then 훽 = 훽 for some a and b, 0 ≤ 푎 < 푏 < 푑. Then 훽2(푏−푎) = 1 ⇒ 푑 | (푏 − 푎) (as d is odd), a contradiction.

Since squaring permutes 휇푑, condition (4) of Proposition 3.2 is equivalent to

푠푡 1−휁2푘푒 injectivity of 푔(휁2) on 휇 \ 휇 . For 휁 ∈ 휇 \ 휇 , we have 푔(휁2) = 휁2푟 ( ) . But 푑 1 푑 1 1−휁2푒

1 − 휁2푘푒 1 − 휁2푘푒 1 − 휁2푘푒 휁−푘푒 − 휁푘푒 ( ) = ( ) = ( ) = ( ) (1 − 휁2푒)(휁푒(푘−1)) 휁푒(푘−1) − 휁푒(푘+1) 휁푘푒(휁−푒 − 휁푒) 휁−푒 − 휁푒

푠푡 휁푘푒 − 휁−푘푒 (푎) 푔(휁2) = 휁2푟+푒푠푡(푘−1) ( ) 휁푒 − 휁−푒

For 푖 ∈ ℤ \ 푑ℤ, let 휓(푖) be the unique element of ℤ/푑ℤ such that

푠푡 휔푖푘푒 − 휔−푖푘푒 (푏) 휔휓(푖) = ( ) 휔푖푒 − 휔−푖푒

Which is guaranteed to exist and be unique since gcd(푑, 푘푒) = 1 and 휔 has order d. If we let 휓(푖) = 0 for 푖 ∈ 푑ℤ, then “휓 induces a map from ℤ/푑ℤ to itself, with the properties

휓(−푖) = 휓(푖) and 푔(휔2푖) = 휔푖(2푟+(푘−1)푣푡)+휓(푖)” (Zieve pg. 5). We have 휓(−푖) = 휓(푖)

휔푖푘푒−휔−푖푘푒 휔푖푘푒−휔−푖푘푒 because ( ) = − ( ), and by (a) and (b), 휔푖푒−휔−푖푒 휔푖푒−휔−푖푒

푔(휔2푖) = 휔2푟+푒푠푡(푘−1)휔휓(푖) = 휔푖(2푟+(푘−1)푣푡)+휓(푖)

Observe that Conditions (4) and (5) of Proposition 3.2, which guarantee that 푔̂ permutes Wallulis 14

휇푑, are equivalent to the bijectivity of the map 휒: ℤ/푑ℤ → ℤ/푑ℤ given by 휒(푖) = 푛푖 + 휓(푖)

2 (with 푛 ∶= 2푟 + (푘 − 1)푣푡). Since 휓(−푖) = 휓(푖), we must have a 휃(푖 ) ∈ 픽d[푥] of degree less than (푑 − 1)/2 (since i is of order (푑 − 1) with 휃(푖2) = 휓(푖), and 휃(0) = 0. This completes the proof. ⧠

We first reduced the question of whether a polynomial 푓 ∈ 픽q[푥] permutes 픽q to whether a related polynomial permutes the smaller group 휇푑. Corollary 3.3 now allows to

2 consider only whether the related polynomial 휒 = 푛푖 + 휃(푖 ) permutes 픽d. As earlier, considering small values of d gives us simple and useful results. Let 휃̂ denote 휃/푛. For

푑 = 3 and 푑 = 5, only the trivial 휃̂ = 0 gives us bijectivity of 휒, as proven by Betti in 1851

[4]. For 푑 = 7, bijectivity of 휒 holds if and only if 휃̂ = 휇푥2 where 휇 ∈ {0, 2, −2}, proven by

Hermite in 1863 [5]. For 푑 = 11, “there are 25 possibilities for 휃̂, but these comprise just

̂ ̂ 2 ∗ five classes modulo the equivalence 휃(푥) ~ 휃(훼 푥)/훼 with 훼 ∈ 픽d” (Zieve pg. 6). We collect these results in a final corollary.

Corollary 3.4 (Zieve pg. 6) Suppose the first three conditions of Proposition 3.2 hold, and d is an odd prime. Pick 휔 ∈ 픽q of order d. (a) If 휁푘−휁−푘 (*) ∈ 휇 for every 휁 ∈ 휇 \휇 휁−휁−1 푠푡 푑 1 Then f permutes 픽q. (b) If 푑 = 3 then f always permutes 픽q. (c) If 푑 = 5 then f permutes 픽q if and only if (*) holds. (d) If 푑 = 7 then f permutes 픽q if and only if either (*) holds or there exists 휖 ∈ {−1, 1} such that 푠푡 휔푖푘푒 − 휔−푖푘푒 ( ) = 휔2휖(2푟+(푘−1)푣푡)푖 휔푖푒 − 휔−푖푒 For every 푖 ∈ {1,2,4}. (e) If 푑 = 11 then f permutes 픽q if and only if either (*) holds or there is some 휓 ∈ 풞 such that Wallulis 15

푠푡 휔푖푘푒 − 휔−푖푘푒 ( ) = 휔2휖(2푟+(푘−1)푣푡)휓(푖) 휔푖푒 − 휔−푖푒 ∗ 2 For every 푖 ∈ (픽11) , where 풞 is the union of the sets {푚푖 ∶ 푚 ∈ {±3, ±5}}, 3 3 7 3 2 5 ∗ 3 4 7 3 2 5 {5푚 푖 + 푚 푖 − 2푚푖 − 4푚 푖 ∶ 푚 ∈ 픽11}, 푎푛푑 {4푚 푖 + 푚 푖 − 2푚푖 − 5푚 푖 ∶ ∗ 푚 ∈ 픽11}. Proof. Recall that for 푑 ∈ {3, 5}, only the trivial 휃 = 0 meets the conditions of

Corollary 3.3. Therefore, we have

푖푘푒 −푖푘푒 푠푡 2 휔 − 휔 휔휃(푖 ) = 1 = ( ) 휔푖푒 − 휔−푖푒 which gives us condition (*):

휁푘 − 휁−푘 ∈ 휇 휁 − 휁−1 푠푡 for every 휁 ∈ 휇푑\휇1. So for 푑 = 5, 푓 permutes 픽q if and only if (*) holds.

For 푑 = 3, Condition (1) of Proposition 3.2 gives us gcd(푑, 푘) = 1 ⇒ 푘 ≡

±1 (푚표푑 3) so (휁푘 − 휁−푘) = ±( 휁 − 휁−1). As 푞 − 1 = 푠푑, either q or s is even. If s is even, then (휁푘 − 휁−푘)푠 = ( 휁 − 휁−1)푠, so (*) holds. If q is even, then 푝 = 2, so (휁푘 − 휁−푘) ≡

−1 ( 휁 − 휁 ) (푚표푑 2), and again (*) holds. Therefore, if 푑 = 3, f permutes 픽q.

For 푑 = 7, we must have 휃 = 휇푥2 where 휇 ∈ {0, 2푛, −2푛}. From Corollary 3.3, we therefore must have

푖푘푒 −푖푘푒 푠푡 2 4 휔 − 휔 휔휃(푖 ) = 휔2휖(2푟+(푘−1)푣푡)푖 = ( ) 휔푖푒 − 휔−푖푒

2 4 4 4 for (푖 | 푖 ∈ ℤ/7ℤ) = {1, 2, 4}. But in 픽7, 1 ≡ 1, 2 ≡ 2, and 4 ≡ 4, so we can write

푠푡 휔푖푘푒 − 휔−푖푘푒 휔2휖(2푟+(푘−1)푣푡)푖 = ( ) 휔푖푒 − 휔−푖푒

The case 푑 = 11 is treated similarly. ⧠ Wallulis 16

References

[1] Michael E. Zieve. Some families of permutation polynomials over finite fields, Int. J Number Theory (2008), 851-857. [2] A. Akbary and Q Wang. On some permutation polynomials over finite fields, Int. J Math. Math. Sci. (2005) 2631-2640. [3] L. Wang, On permutation polynomials, Finite Fields Appl. 8 (2002) 311-322. [4] E. Betti, Sopra la risolubilità per radicali delle equazioni algebriche irriduttibili di grado primo, Ann. Sci. Mat. Fis. 2 (1851) 5-19; (=Opere Matematiche, v.1, 17-27). [5] Ch. Hermite, Sur les fonctions de sept lettres, C. R. Acad. Sci. Paris 57 (1863) 750-757.