Character Sums, Primitive Elements, and Powers in Finite Fields

Home , Multiplicative character

Journal of Number Theory 91, 153–163 (2001) doi:10.1006/jnth.2001.2675, available online at http://www.idealibrary.comon

Arne Winterhof

Institute of Discrete Mathematics, Austrian Academy of Sciences, Sonnenfelsgasse 19, A-1010 Vienna, Austria E-mail: [email protected]

Communicated by D. J. Lewis

Received October 2, 2000

Consider an extension field Fqm =Fq (a) of the finite field Fq . Davenport proved

that the set Fq +a contains at least one primitive element of Fqm if q is sufficiently large with respect to m. This result is extended to certain subsets of F +a of cardi- View metadata, citation and similar papers at core.ac.uk q brought to you by CORE nality at least of the order of magnitude O(q1/2+e). The proof is based on a new bound for incomplete character sums. Moreover, a new bound for the longest provided by Elsevier - Publisher Connector

1. INTRODUCTION

n Let q=p be a prime power and Fq be the finite field of q elements. For a positive integer m let Fqm be the extension field of Fq of degree m. Let q be a nontrivial multiplicative character of Fqm of order s, {b1 ,...,bn } be a basis of Fq over Fp , and {b1 , ..., bmn } be a completion of {b1 , ..., bn } to a basis of Fqm over Fp .If

mn − 1 k=k1 +k2 p+···+kmn p with 0 [ ki

is the p-adic expansion of 0 [ k

tk =k1 b1 +k2 b2 +···+kmn bmn .

m For an integer K with 1 [ K

K−1 C SK (a)= q(a+tk ). k=0

In Section 3 we derive a new bound for the absolute value of SK (a) which is nontrivial for all K with 4mq1/2 [ K

Fqm over Fq ; i.e., Fqm =Fq (a). We apply this bound to estimate the number of primitive elements in the set {a+tk | k=0, ..., K − 1} where K

a, a+t1 , a+t2 ,...,a+tL−1, a ¥ Fqm , satisfying

q(a)=q(a+t1 )=q(a+t2 )=···=q(a+tL−1) (1) in Section 5. The result is

1/2 1/2 Lqm < 5mq if m [ q /5

and q restricted on Fq is nontrivial. Moreover, we consider the following more general problem for m=1. For 2 [ K [ (q − 1)/s let a1 , ..., aK be distinct elements of Fq . Estimate the number of solutions of

q(t+a1 )=q(t+a2 )=···=q(t+aK ), t ¥ Fq . (2)

In the special case ak+1=tk for k=0, ..., K − 1 and K>Lq this equation system is unsolvable. We show that (2) has at most (q − 1)/s − K+1 solutions. This result can be sharpened for some specializations.

2. AUXILIARY RESULTS

For integers k and j with 0 [ k, j< q we define k À j by

À k j=i . tk +tj =ti ;0[ i

Lemma 2.1. For given integers L and j with 0 [ L, j< q , the number of integers k with 0 [ k [ L for which k À j>Lis at most j. Furthermore, the number of integers k with 0 [ k [ L which are not of the form i À j for some 0 [ i [ L is at most j.

Proof. [22, Lemma 5]. L CHARACTER SUMS AND PRIMITIVE ELEMENTS 155

Lemma 2.2. Let q be a nontrivial multiplicative character of Fqm of order s and a, b ¥ Fqm be nonconjugated defining elements of Fqm over Fq . Then

: C q((t+a)(t+b)s−1): [ (2m − 1) q1/2. t ¥ Fq

Proof. This is a specialization of [27, Corollary 2.4]. L

Lemma 2.3 (The Vinogradov Formula). Let S be a subset of Fq and denote by P(S) the number of primitive elements of Fq contained in S. Then we have

j(q−1) C 1 m(s) C C 2 P(S)= qs (t) , q−1 s|q−1 j(s) qs t ¥ S where m and j denote the Möbius and Euler j functions, respectively, and, where the second summation runs over all multiplicative characters qs of order s in Fq . Proof. [11, Lemma 7.5.3], [15, Exercise 5.14], or [14, pp. 178–180]. L

3. ON INCOMPLETE CHARACTER SUMS

Theorem 3.1. Let q be a nontrivial multiplicative character of Fqm , a be a defining element of Fqm over Fq , and 1 [ K

1/2 1/4 |SK(a)| < 2.2(Km) q .

Proof. We use the method introduced in the series of papers [9, 18–21]. For K < 4.8q1/2 the assertion is trivial and we may assume that

K \ 4.8q1/2. (4)

By Lemma 2.1 we have for any integer j \ 0,

K−1 : C : SK (a)− q(a+tk À j ) [ 2j. k=0

Then for an integer 1 [ J [ q we have

J|SK (a)| [ W+J(J− 1), (5) 156 ARNE WINTERHOF where

K−1 J−1 K−1 J−1 : C C : C : C : W= q(a+tk À j ) [ q(a+tk À j ) . k=0 k=0 k=0 k=0

Using the Cauchy–Schwarz inequality and (3) we obtain

K−1 J−1 2 J−1 2 2 C : C : C : C : W [ K q(a+tk À j ) [ K q(t+a+tj ) k=0 k=0 t ¥ Fq k=0 K−1 C C s−1 =K q((t+a+tj1 )(t+a+tj2 ) ), j1,j2=0 t ¥ Fq where s denotes the order of q. There are at most m possible indices j2 such that a+tj1 and a+tj2 are conjugated for given j1 . For these indices the inner sum is trivially estimated by q.Ifa+tj1 and a+tj2 are not conjugated, then we may apply Lemma 2.2. Hence,

W2 < KJmq+KJ2(2m − 1) q1/2.

Choosing

J=Kq1/2L we get

W2 < K(3m − 1) q1/2 J2 and the assertion by (5) and (4). L Remark. The squaring-trick used in the proof of Theorem 3.1 goes back to Weyl, Vinogradov, and Korobov. In its pure form it was also used in [25].

Corollary 3.1. Let q be a nontrivial multiplicative character of Fqm of order s with s h (qm − 1)/(q − 1) and 1 [ K

1/2 1/4 |SK (a)| < 2.2(Km) q for any a ¥ Fqm .

h m Proof. Since s (q − 1)/(q − 1) the restriction of q on any subfield Fqd of Fqm is nontrivial. Any a ¥ Fqm is a defining element of a certain subfield Fqd of Fqm and Theorem 3.1 yields

1/2 1/4 1/2 1/4 L |SK (a)| < 2.2(Kd) q [ 2.2(Km) q . CHARACTER SUMS AND PRIMITIVE ELEMENTS 157

Remark. The following bounds for |SK (a)| and any a ¥ Fqm are known.

p |S (a)| [ qm/2 11− +m log q2 [28, Theorem 4] (6) K qm and

1/2 m/4 m/2 |SK (a)| < (2K) q +q [30, Theorem 5]. (7)

Equation (6) is only nontrivial if K is at least of the order of magnitude O(qm/2 log q) and (7) is only nontrivial if K is at least of the order of magnitude O(qm/2). In the case m=n=1 Burgess [1] proved bounds for

|SK (a)| which are nontrivial if K is at least of the order of magnitude 1/4+e O(p ) for any e >0.Ifa is a defining element of Fqm over Fq , then we have

1/2 |SK (a)| [ (m − 1) q [13, Theorem 1], which yields

m 1/2 ? q −1 |S (a)| [ (m−1)q for any a ¥ F m if . q q q−1

For the cubes

B(k)={k1 b1 +···+kmn bmn |0[ Ai

- , - mn/2(mn+1)+d : C : −d nm e >0 d >0,p0 p>p0 ,k>p : q(t) <(p k) . t ¥ B(k)

This result was improved to

- , - 1/4+d : C : −d nm e >0 d >0,p0 p>p0 ,k>p : q(t) <(p k) t ¥ B(k) in the special case nm=2 by [3] and in the general case by [12]. The latter result depends on the coefficients of the irreducible polynomial over Fp that generates Fpnm . 158 ARNE WINTERHOF

4. ON THE DISTRIBUTION OF PRIMITIVE ELEMENTS

Theorem 4.1. Let a be a defining element of Fqm over Fq . For 1 [ K

j(qm −1) (K+O(K1/2q1/4+e)) qm −1 primitive elements of Fqm for any e >0, where the implied constant depends on m. Proof. By Lemma 2.3 we have

P=P({a, a+t1 ,i,a+tK−1}) j m m K−1 (q −1)1 C 1 (s) C C 22 = m K+ qs (a+tk m q −1 s|q −1 j(s) qs k=0 s>1 and thus by Theorem 3.1

j m j m K−1 : (q −1) : (q −1) C 1 : C C : P− m K [ m qs (a+tk ) m q −1 q −1 s|q −1 j(s) qs k=0 s>1 m j(q −1) C 1/2 1/4 [ m 2.2(mK) q q −1 s|qm −1 s>1 j(qm −1) [ 2.2(y(qm − 1) − 1)(Km)1/2 q1/4, qm −1 where y(qm −1) denotes the number of divisors of qm −1. The assertion follows since y(u)=o(ueŒ) for any eŒ >0(see, e.g., [10, Chapter 4, Proposi- tion 1]). L Remark. Any algorithm for finding primitive elements consists of two parts: finding a small subset of Fqm containing at least one primitive element and testing primitiveness of all elements of this subset. Let e >0 and B(k) be defined by (8). Then there exists an d >0 such that for any k>p1/4+e the set B(k) contains

j(qm −1) knm(1+O(q −md)) qm −1 primitive elements by [12, Theorem 2], where the implied constant depends on the coefficients of the irreducible polynomial f over Fp that generates CHARACTER SUMS AND PRIMITIVE ELEMENTS 159

Fpnm . The set B(k) contains at least one primitive element if k is at least of the order of magnitude O(p1/4+e) and thus |B(k)| is at least of the order of magnitude O(qm/4+eŒ), where the implied constants depend on f. Shparlinski [24] constructed a set containing a primitive element of cardinality O(qm/4+e), where the implied constant does not depend on f. Theorem 4.1 shows the existence of a set containing a primitive element with cardinality on the order of magnitude O(q1/2+eŒ) for any eŒ >0, i.e. with less elements than any suitable B(k) if m \ 3 and q is sufficiently large. For n=1 this result can already be found in [23].

Corollary 4.1. Let a be a defining element of Fqm over Fq . For m 2 1/2 5(y(q −1)−1) mq 1 such that m \ 2(q logq s+logq (q+1)), g then Fqm is not generated by Fq +a for some a with Fqm =Fq (a) [27, Theorem 3.1].

5. ON THE DISTRIBUTION OF POWERS

Corollary 5.1. Let q be a nontrivial multiplicative character of Fqm of order s with s h (qm − 1)/(q − 1).Ifm [ q1/2/5, then we have

1/2 Lqm < 5mq .

Proof. Let a, a+t1 ,...,a+tL−1 be a sequence satisfying (1) with Fq (a)=Fqd for some d|m. By Theorem 3.1 we have

L−1 : C : 1/2 1/4 1/2 1/q L= q(a+tk ) < 2.2(Ld) q [ 2.2(Lm) q , k=0 and thus L < 5mq1/2 [ q. L Remark. It was shown by the author [28, Theorem 5] that

` m/2 Lqm < 3 q 160 ARNE WINTERHOF and for m=n=1 by [2] that

1/4 Lp =O(p log p).

Now we consider the case m=1 and the more general problem of estimating the number of solutions of (2).

Theorem 5.1. Let q be a character of Fq of order s > 1, 2 [ K [ (q − 1)/s and a1 ,...,aK be distinct elements of Fq . For the number N of solutions of (2) we have

q−1 N [ − K+1. s

Proof. Put l=(q − 1)/s. It is well known (see, e.g., [29]) that

l l q(t)=q(g) if and only if t =g , t, g ¥ Fq .

l l Hence, q(t+a1 )=···=q(t+aK ) if and only if (t+a1 ) =···=(t+aK ) . l We define recursively the polynomials fk, j (x) by fk, 0 (x)=(x+ak ) for k=1, ..., K and for j=1, ..., K − 1

−1 fk, j (x)=(ak − aj ) (fk, j − 1 (x) − fj, j − 1 (x)) for k=j+1, ..., K.

Then we have

l−j l C R S h fk, j (x)= ck, h, j x h=0 l−h for j=0, ..., K − 1 and k=j+1, ..., K, where

C m1 mj mj+1 ck, h, j = a1 ···aj ak , m1+···+mj+1=l − h − j

l−h −1 since ck, h, 0 =ak and ck, h, j =(ak − aj ) (ck, h, j − 1 − cj, h, j − 1 ) for j=1, ..., K−1. In particular, we have

l+1 − K l C R S h fK, K − 1 (x)= cK, h, K − 1 x h=0 l−h CHARACTER SUMS AND PRIMITIVE ELEMENTS 161 which is a polynomial of degree [ l−u, where u is the smallest integer \ K−1 with

l R S – 0 mod p. u

If t satisfies (2) then t is a root of fK, K − 1 . Hence, there are at most l−u[ l − K+1 distinct t satisfying (2). L

Remark. For K=2 equality holds by [28, Theorem 1].

For some specializations the theorem can be improved with the following lemma.

n−1 Lemma 5.1. Let l=l1 +l2 p+···+ln p and K − 1=K1 +K2 p+···+ n−1 Kn p ,0[ li ,Ki < p, i=1, ..., n. Let u be the smallest integer \ K−1 with

l R S – 0 mod p. u

Then we have

u=K − 1 if Ki [ li for all 1 [ i [ n and

1# K−1 $ 2 r −1 u= +1 p 2 pr2 −1

if there exist r1 and r2 with 1 [ r1 lr1 ,Ki =li for r1

Proof. For 0 [ h [ l we have by Lucas’ lemma (see [7, p. 271]; [8], [16], [17], or [26]),

l l1 ln R S — R S ···R S mod p, h h1 hn

n−1 where h=h1 +h2 p+ · · · +hn p with 0 [ hi

li .If l Ki [ li for 1 [ i [ n, then we have (K−1) – mod p and thus u=K − 1. 162 ARNE WINTERHOF

If there exist r1 and r2 with 1 [ r1

r2 −1 r2 n−1 u=(Kr2 +1) p +Kr2+1 p +···+Kn p

1# K−1 $ 2 r −1 = +1 p 2 . L pr2 −1

ACKNOWLEDGMENTS

The author thanks Igor Shparlinski for his comments and suggestions that improved the article, in particular for pointing out [23].

REFERENCES

1. D. A. Burgess, On character sums and primitive roots, Proc. London Math. Soc. (3) 12 (1962), 171–192. 2. D. A. Burgess, A note on the distribution of residues and non-residues, J. London Math. Soc. 38 (1963), 253–256. 3. D. A. Burgess, Character sums and primitive roots in finite fields, Proc. London Math. Soc. (3) 17 (1967), 11–25. 4. F. R. K. Chung, Diameters and eigenvalues, J. Amer. Math. Soc. 2 (1989), 187–196. 5. H. Davenport, On primitive roots in finite fields, Quart. J. Math. 8 (1937), 308–312. 6. H. Davenport and D. J. Lewis, Character sums and primitive roots in finite fields, Rend. Circ. Mat. Palermo (2) 12 (1963), 129–136. 7. L. E. Dickson, ‘‘History of the Theory of Numbers 1,’’ Chelsea, New York, 1952. 8. A. Granville, Arithmetic properties of binomial coefficients. I. Binomial coefficients modulo prime powers, in ‘‘Organic Mathematics, Burnaby, BC, 1995,’’ CMS Conf. Proc. 20, pp. 253–276, Amer. Math. Soc., Providence, RI, 1997. 9. J. Gutierrez, H. Niederreiter, and I. E. Shparlinski, On the multidimensional distribution of inversive congruential pseudorandom numbers in parts of the period, Monatsh. Math. 129 (2000), 31–36. 10. E. Hlawka, J. Schoissengeier, and R. Taschner, ‘‘Geometric and Analytic Number Theory,’’ Springer-Verlag, Berlin, 1991. 11. D. Jungnickel, ‘‘Finite Fields: Structure and Arithmetics,’’ BI-Wiss.-Verl. Mannheim, 1993. 12. A. A. Karacuba, Character sums and primitive roots in finite fields, Soviet Math. Dokl. 9 (1968), 755–757; transl. from Dokl. Akad. Nauk. SSSR 180 (1968), 1287–1289. 13. N. M. Katz, An estimate for character sums, J. Amer. Math. Soc. 2 (1989), 197–199. 14. E. Landau, ‘‘Vorlesungen über Zahlentheorie,’’ Hirzel, Leipzig, 1927. 15. R. Lidl and H. Niederreiter, ‘‘Finite Fields,’’ Cambridge University Press, Cambridge, UK, 1983. 16. M. E. Lucas, Sur les congruences des nombres euleriennes et des coefficients différentiels des fonctions trigonométriques, suivant un module premier, Bull. Soc. Math. France 6 (1878), 49–54. 17. R. J. McIntosh, A generalization of a congruential property of Lucas, Amer. Math. Monthly 99 (1992), 231–238. CHARACTER SUMS AND PRIMITIVE ELEMENTS 163

18. H. Niederreiter and I. E. Shparlinski, On the distribution and lattice structure of non- linear congruential pseudorandom numbers, Finite Fields Appl. 5 (1999), 246–253. 19. H. Niederreiter and I. E. Shparlinski, Exponential sums and the distribution of inversive congruential pseudorandom numbers with prime-power modulus, Acta Arith. 92 (2000), 89–98. 20. H. Niederreiter and I. E. Shparlinski, On the distribution of pseudorandom numbers and vectors generated by inversive methods, Appl. Algebra Engrg. Comm. Comput. 10 (2000), 189–202. 21. H. Niederreiter and I. E. Shparlinski, On the distribution of inversive congruential pseudorandom numbers in parts of the period, Math. Comp. 70 (2001), 1569–1574. 22. H. Niederreiter and A. Winterhof, Incomplete exponential sums over finite fields and their applications to new inversive pseudorandom number generators, Acta Arith. 93 (2000), 387–399. 23. G. I. Perel’muter and I. E. Shparlinskij, The distribution of primitive roots in finite fields, Russian Math. Surv. 45 (1990), 223–224; translation from Uspekhi Mat. Nauk 45 (1990), 185–186. 24. I. Shparlinski, On finding primitive roots in finite fields, Theoret. Comput. Sci. 157 (1996), 273–275. 25. V. M. Sidel’nikov, Estimates for the number of appearances of symbols on a segment of recurrent sequence over a finite field, Discrete Math. Appl. 2 (1992), 473–481; translation from Diskretn. Mat. 3 (1991), 87–95. 26. D. Singmaster, Notes on binomial coefficients I - A generalization of Lucas’ congruence, J. London Math. Soc. (2) 8 (1974), 545–548. 27. D. Wan, Generators and irreducible polynomials over finite fields, Math. Comp. 66 (1997), 1195–1212. 28. A. Winterhof, On the distribution of powers in finite fields, Finite Fields Appl. 4 (1998), 43–54. 29. A. Winterhof, Polynomial spaces over finite fields, Linear Algebra Appl. 295 (1999), 223–229. 30. A. Winterhof, Polynomial interpolation of the discrete logarithm, Des. Codes Cryptogr., in press.