Theory and Applications of Finite Fields

579

The 10th International Conference on Finite Fields and Their Applications July 11–15, 2011 Ghent, Belgium

Michel Lavrauw Gary L. Mullen Svetla Nikova Daniel Panario Leo Storme Editors

American Mathematical Society

Theory and Applications of Finite Fields

The 10th International Conference on Finite Fields and Their Applications July 11–15, 2011 Ghent, Belgium

Michel Lavrauw Gary L. Mullen Svetla Nikova Daniel Panario Leo Storme Editors

579

Theory and Applications of Finite Fields

The 10th International Conference on Finite Fields and Their Applications July 11–15, 2011 Ghent, Belgium

Michel Lavrauw Gary L. Mullen Svetla Nikova Daniel Panario Leo Storme Editors

American Mathematical Society Providence, Rhode Island

EDITORIAL COMMITTEE Dennis DeTurck, Managing Editor Michael Loss Kailash Misra Martin J. Strauss

2010 Mathematics Subject Classiﬁcation. Primary 05Bxx, 11Gxx, 11Lxx, 11Txx, 14Gxx, 51Exx, 94A60, 94Bxx.

Library of Congress Cataloging-in-Publication Data International Conference on Finite Fields and Applications (10th : Ghent, Belgium : 2011). Theory and applications of finite fields : 10th International Conference on Finite Fields and Their Applications, July 11–15, 2011, Ghent, Belgium / Michel Lavrauw, Gary L. Mullen, Svetla Nikova, Daniel Panario, Leo Storme, editors. p. cm. — (Contemporary mathematics ; v. 579) Includes bibliographical references. ISBN 978-0-8218-5298-9 (alk. paper) 1. Finite fields (Algebra)–Congresses. 2. Arithmetical algebraic geometry–Congresses. 3. Num- ber theory–Congresses. 4. Coding theory–Congresses. I. Lavrauw, Michel, 1974-editor of com- pilation. II. Title.

QA247.3.I57 2011 512.3—dc23 2012023438

Copying and reprinting. Material in this book may be reproduced by any means for edu- cational and scientiﬁc purposes without fee or permission with the exception of reproduction by services that collect fees for delivery of documents and provided that the customary acknowledgment of the source is given. This consent does not extend to other kinds of copying for general distribution, for advertising or promotional purposes, or for resale. Requests for permission for commercial use of material should be addressed to the Acquisitions Department, American Math- ematical Society, 201 Charles Street, Providence, Rhode Island 02904-2294, USA. Requests can also be made by e-mail to [email protected]. Excluded from these provisions is material in articles for which the author holds copyright. In such cases, requests for permission to use or reprint should be addressed directly to the author(s). (Copyright ownership is indicated in the notice in the lower right-hand corner of the ﬁrst page of each article.)

c 2012 by the American Mathematical Society. All rights reserved. The American Mathematical Society retains all rights except those granted to the United States Government. Copyright of individual articles may revert to the public domain 28 years after publication. Contact the AMS for copyright status of individual articles. Printed in the United States of America. ∞ The paper used in this book is acid-free and falls within the guidelines established to ensure permanence and durability. Visit the AMS home page at http://www.ams.org/ 10987654321 171615141312

Contents

Preface vii Low dimensional models of the finite split Cayley hexagon John Bamberg and Nicola Durante 1 Davenport’s constant for groups with large exponent Gautami Bhowmik and Jan-Christoph Schlage-Puchta 21 Permanent has less zeros than determinant over finite fields Mikhail V. Budrevich and Alexander E. Guterman 33 On a series of modules for the symplectic group in characteristic 2 Ilaria Cardinali and Antonio Pasini 43 Exact divisibility of exponential sums and some consequences Francis N. Castro, Raul´ Figueroa, and Luis A. Medina 55 Additive character sums of polynomial quotients Zhixiong Chen and Arne Winterhof 67 5-Designs related to binary extremal self-dual codes of length 24m Javier de la Cruz and Wolfgang Willems 75 Sequences of Dedekind sums in function fields Yoshinori Hamahata 81 Niho bent functions and Subiaco hyperovals Tor Helleseth, Alexander Kholosha, and Sihem Mesnager 91 A bound on the number of points of a curve in a projective space over a finite field Masaaki Homma 103 Designs in projective Hjelmslev spaces Michael Kiermaier and Ivan Landjev 111 On the nuclei of a finite semifield Giuseppe Marino and Olga Polverino 123 Small-bias sets from extended norm-trace codes Gretchen L. Matthews and Justin D. Peachey 143 On the Waring problem with multivariate Dickson polynomials Alina Ostafe, David Thomson, and Arne Winterhof 153

vi CONTENTS

Polynomials modulo p and the theory of Galois sets Michael Rosen 163 Additive decompositions induced by multiplicative characters over finite fields Davide Schipani and Michele Elia 179 Graphs associated with the map x → x + x−1 in finite fields of characteristic two Simone Ugolini 187

Preface

This volume of Contemporary Mathematics of the American Mathematical So- ciety contains the proceedings of the 10th International Conference on Finite Fields and Their Applications (Fq 10), held in Ghent, Belgium, July 11–15, 2011. This conference continued the already two-decades long tradition of bringing together researchers working on various topics on finite fields, to present their results, and to discuss problems on finite fields. The local organizing committee consisted of Jan De Beule, Frank De Clerck (Chair), Yves Edel, Michel Lavrauw, Svetla Nikova, Bart Preneel and Leo Storme. The scientific committee consisted of Simeon Ball, Michel Lavrauw, Gary McGuire, Gary L. Mullen, Harald Niederreiter, Svetla Nikova, Daniel Panario, Bart Preneel, Igor Shparlinski and Leo Storme (Chair). At the conference, there were 149 participants, five invited presentations given by Joachim von zur Gathen, Tor Helleseth, Tanja Lange, Olga Polverino and Michael Rosen, together with 97 contributed talks. The conference honored the 64th birthday of Gary L. Mullen, who initiated this series of international conferences on finite fields and the international journal Finite Fields and Their Ap- plications, and the 200th birthday of Evariste´ Galois, the founder of finite fields theory. The present volume contains three invited papers by world experts on diverse topics in finite fields, and 14 contributed papers. All submitted papers, including the invited papers, were strictly refereed according to the high standards required for publication in the Contemporary Mathematics Book Series of the American Mathematical Society. The topics include finite geometry, finite semifields, bent functions, polynomial theory, designs, and function fields. We wish to thank the financial support of (1) BCRYPT: Belgian Fundamental Research on Cryptology and Information Security, (2) Elsevier, (3) FWO: Research Foundation - Flanders, (4) Research Fund of the Faculty of Sciences of Ghent University, (5) Research Group ESAT/COSIC, Department of Electrical Engineering, KU Leuven, (6) Research Group Incidence Geometry, Department of Mathematics, Ghent University. We also wish to thank Samuel Perez and Sonia Surmont, the administrative staff of the Department of Mathematics of Ghent University, and the staff of the conference centre “Het Pand” of Ghent University for their help in organizing Fq 10. A special thank you also goes out to Christine Thivierge (AMS) for her advise and

vii

viii PREFACE help in publishing these conference proceedings in the Contemporary Mathematics Book Series of the American Mathematical Society. The refereeing process of the submitted articles cannot take place without the help of many referees. We thank the referees for their work in helping us to ensure the high quality of the proceedings of this conference. Scientific research on finite fields and their applications still flourishes. Many problems still need to be solved and many paths still are unexplored. It is our pleasure to report that Prof. Dr. Alexander Pott (Otto-von-Guericke Universität, Magdeburg, Germany) will organize Fq 11 from July 22–26, 2013, in Magdeburg, Germany. In this way, the city of Magdeburg will add its name to the list of Las Vegas (Fq 1 and Fq 2), Glasgow (Fq 3), Waterloo (Fq 4), Augsburg (Fq 5), Oaxaca (Fq 6), Toulouse (Fq 7), Melbourne (Fq 8), Dublin (Fq 9), and Ghent (Fq 10) as venues for an Fq conference. The success of all ten previous Fq conferences already convinces us to be certain that Fq 11 will also be a great success. We are looking forward to this next edition within the Fq conferences series, and, together with Prof. Dr. Alexander Pott and his organizing team, invite you to attend the Fq 11 conference, and hope to see you there!

The editors Michel Lavrauw, Gary L. Mullen, Svetla Nikova, Daniel Panario, Leo Storme May 2012

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11514

Low dimensional models of the ﬁnite split Cayley hexagon

John Bamberg and Nicola Durante

Abstract. We provide a model of the split Cayley hexagon arising from the Hermitian surface H(3,q2), thereby yielding a geometric construction of the Dickson group G2(q) starting with the unitary group SU3(q).

1. Introduction A generalised polygon Γ is a point-line incidence structure such that the incidence graph is connected and bipartite with girth twice that of its diam- eter. If the valency of every vertex is at least 3, then we say that Γ is thick, and it turns out that the incidence graph is then biregular1. By a famous result of Feit and Higman [8], a finite thick generalised polygon is a complete bipartite graph, projective plane, generalised quadrangle, generalised hexagon or generalised octagon. There are many known classes of finite projective planes and finite generalised quadrangles but presently there are only two known families, up to isomorphism and duality, of finite generalised hexagons; the split Cayley hexagons and the twisted triality hexagons. The split Cayley hexagons H(q) are the natural geometries for Dickson’s group G2(q), and they were introduced by Tits [21] as the set of points of the parabolic quadric Q(6,q) and an orbit of lines of Q(6,q) under G2(q). If q is even, then the polar spaces W(5,q) and Q(6,q) are isomorphic geometries, and hence H(q) can be embedded into a five-dimensional projective space. Thas and Van Maldeghem [19] proved that if H is a finite thick generalised hexagon embedded2 into the projective space PG(d, q), then d 7 and this embedding is equivalent to one of the standard models of the known generalised hexagons. So in particular, it is impossible to embed the split Cayley hexagon H(q) into a three-dimensional projective space. However,

2010 Mathematics Subject Classiﬁcation. Primary 05B25, 51E12, 51E20. Key words and phrases. Generalised hexagon, Hermitian surface. 1 That is, there are two constants k1 and k2 such that the valency of each vertex in one bipartition is k1, and the valency of each vertex in the other bipartition is k2. 2We will not discuss the various meanings of “embedding” here, but instead refer the interested reader to [18, 19].

c 2012 American Mathematical Society 1

2 JOHN BAMBERG AND NICOLA DURANTE there is an elegant model of H(q) which begins with geometric structures lying in PG(3,q), and it is equivalent to the model provided by Cameron and Kantor [6, Appendix]: Theorem 1.1 (Cameron and Kantor (paraphrased) [6]). Let (p, σ) be a point-plane anti-ﬂag of PG(3,q) and let Ω be a set of q(q2 − 1)(q2 + q +1) parabolic congruences3 each having axis not incident with p or σ, but having a pencil of lines with one line incident with p and another incident with σ. Suppose that for each pencil L with vertex not in σ and plane not incident with p, there are precisely q +1 elements of Ω containing L, whose union are the lines of some linear complex (i.e., the lines of a symplectic geometry W(3,q)). Then the following incidence structure Γ is isomorphic to the split Cayley hexagon H(q).

Points: (a) Lines of PG(3,q). (b) Pencils with a vertex not in σ and plane not incident with p. Lines: (i) Pencils with a vertex in σ and plane through p. (ii) Elements of Ω.

An element of type (a) is incident with an element P of type (i) if is an element of P.IfC is an element of type (ii), then is incident with C if is the axis of C. Elements of type (i) and (b) are never incident. The containment relation deﬁnes incidence between elements of type (b) and (ii).

The central result of this note is a unitary analogue of this model. Theorem 1.2. Let O be a Hermitian curve of H(3,q2) and let Ω be a set of Baer subgenerators with a point in O, such that every point of H(3,q2)\O is on q +1 elements of Ω spanning a Baer subplane. Then the following incidence structure Γ is a generalised hexagon of order (q, q).

Points: (a) Lines of H(3,q2). (b) Aﬃne points of H(3,q2)\O. Lines: (i) Points of O. (ii) Elements of Ω. Incidence: Inclusion or inherited incidence.

3A pencil of lines of PG(3,q) refers to the set of lines passing through a point, lying on a plane. A set of q2 + q + 1 lines concurrent with a common line ,notwoofwhich meet in a point not on , is called a parabolic congruence,andtheline is its axis.The image of a parabolic congruence under the Klein correspondence yields a 3-dimensional quadratic cone of Q+(5,q), and vice-versa (see [10, p. 30]), and so a parabolic congruence is a union of q + 1 pencils sharing a line.

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 3

Moreover, Γ is isomorphic to the split Cayley hexagon H(q). The proof that Γ is a generalised hexagon is presented in Section 2.1. Note that the lines of type (i) form a spread of H(q). There exists a natural candidate for Ω which we explain in detail in Section 2.2, and it is essentially the only one (Theorem 2.6), and this implies the ultimate result that Γ is isomorphic to H(q). By the deep results of Thas and Van Maldeghem [18, 19] and Cameron and Kantor [6], if a set of points P and lines L of PG(6,q) form a generalised hexagon, then it is isomorphic to the split Cayley hexagon H(q)ifP spans PG(6,q) and for any point x ∈P, the points collinear to x span a plane. A similar result was proved recently by Thas and Van Maldeghem [20], by foregoing the assumption that P and L form a generalised hexagon, and instead instituting the following five axioms: (i) the size of L is (q6 −1)/(q − 1), (ii) every point of PG(6,q) is incident with either 0 or q + 1 elements of L, (iii) every plane of PG(6,q)isincidentwith0,1orq + 1 elements of L, (iv) every solid of PG(6,q)contains0,1,q +1or2q + 1 elements of L, and (v) every hyperplane of PG(6,q) contains at most q3 +3q2 +3q elements of L. One could instead characterise the split Cayley hexagon viewed as points and lines of the parabolic quadric Q(6,q), and the best result we have to date follows from a result of Cuypers and Steinbach [7, Theorem 1.1]: Theorem 1.3 (Cuypers and Steinbach [7] (paraphrased)). Let L be a set of lines of Q(6,q) such that every point of Q(6,q) is incident with q +1 lines of L spanning a plane, and such that the concurrency graph of L is connected. Then the points of Q(6,q) together with L define a generalised hexagon isomorphic to the split Cayley hexagon H(q). In Section 4 we will give an elementary proof of Theorem 1.3 by using Theorem 2.6. Some remarks on notation: In this paper, the relative norm and relative trace maps will be defined for the quadratic extension GF(q2)over GF(q). The relative norm N is the multiplicative function which maps an element x ∈ GF(q2) to the product of its conjugates of GF(q2)overGF(q). That is, N(x)=xq+1. The relative trace is instead the sum of the conjugates, T(x):=x + xq.

2. The 3-dimensional Hermitian surface and its Baer substructures The two (classical) generalised quadrangles of particular importance in this note are H(3,q2) and Q−(5,q). First there is the incidence structure of all points and lines of a non-singular Hermitian variety in PG(3,q2), which forms the generalised quadrangle H(3,q2)oforder(q2,q). Its point-line dual is isomorphic to the geometry of points and lines of the elliptic quadric Q−(5,q)inPG(5,q), which yields a generalised quadrangle of order (q, q2)

4 JOHN BAMBERG AND NICOLA DURANTE

(see [16, 3.2.3]). To construct H(3,q2)givenaprimepowerq,wetakea non-degenerate Hermitian form such as q q q q X, Y = X0Y0 + X1Y1 + X2Y2 + X3Y3 and the totally isotropic subspaces of the ambient projective space, with respect to this form. Most of the material contained in this section can be found in Barwick and Ebert’s book [2] and Hirschfeld’s book [11, Chapter 7]. Every line of PG(3,q2)is(i)agenerator (i.e., totally isotropic line) of H(3,q2), (ii) meets H(3,q2) in one point (i.e., a tangent line), or (iii) meets H(3,q2) in a Baer subline (also called a hyperbolic line). A Baer subline of the projective line PG(1,q2) is a subset of q + 1 points in PG(1,q2)which form a GF(q)-linear subspace. We may also speak of Baer subplanes and Baer subgeometries of PG(3,q2) as sets of points giving rise to projective subgeometries isomorphic to PG(2,q) and PG(3,q) respectively. A Baer subgenerator of H(3,q2) is a Baer subline of a generator of H(3,q2). We will often use the fact that three collinear points determine a unique Baer subline ([2, Theorem 2.6]) and a planar quadrangle determines a unique Baer subplane ([2, Theorem 2.8]). In particular, if b and b are two Baer sublines of PG(2,q2) sharing a point, but not spanning the same line, then there is a unique Baer subplane containing both b and b. We say that it is the Baer subplane spanned by b and b. One class of important objects for us in this paper will be the degenerate Hermitian curves of rank 2. Suppose we have a fixed hyperplane, π : X3 =0 say, meeting H(3,q2) in a Hermitian curve O.Let be a generator of H(3,q2). Then the polar planes of the points on meet π in the q2 + 1 lines through L := ∩O. Now suppose we have a Baer subgenerator b contained in , and containing the point L. Then the polar planes of the points of b meet π in q + 1 lines through the point L giving a dual Baer subline of π with vertex L. Moreover, the points lying on this dual Baer subline define a variety with Gram matrix U; a Hermitian matrix of rank 2. So they correspond to solutions of XU(Xq)T =0whereU satisfies U q = U T . For example, if we consider a point P in π,say(1,ω,0, 0) where N(ω)=−1, and two points A :(a0,a0ω, a2, 1), B :(b0,b0ω, b2, 1) spanning a line with P ,thenP, A, B determine a Baer subline. In fact, if we suppose B = P + αA for some α ∈ GF(q2)∗, then this Baer subline is {A}∪{p + t · αa|t ∈ GF(q)} where A = a and P = p. Let u be the polarity defining H(3,q2). Since P is precisely the nullspace of U, and the tangent line P u ∩ π is contained in the dual Baer subline, it is not difficult to calculate that U can be written explicitly as ⎛ ⎞ − q − ⎜ δω δ γω⎟ ⎜ ⎟ ⎜ q q ⎟ q q U : ⎝ δ δ ωγ⎠ ,δω= δ ω. −γqωq γq 0

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 5

If we also suppose that the points of Au ∩ π and Bu ∩ π are contained in the dual Baer subline deﬁned by U, then we can solve for α and γ (but the expressions might be ugly!). Here we explore a simple example where A :(0, 0, 1,ω). Now Au ∩π has points of the form (r, s, 0, 0), N(r)+N(s)=0. So if (r, s, 0, 0) also satisﬁes (r, s, 0)U(rq,sq, 0)T =0,then (r, s, 0)U(rq,sq, 0)T = T(rsqδ)+2N(s)δqω. So T(rsqδ)+2N(s)δqω =0forevery(r, s, 0, 0) satisfying N(r)+N(s)=0. In particular, δ is forced to be zero. Therefore, we can write ⎛ ⎞ − ⎜ 00γω⎟ ⎜ ⎟ ⎜ ⎟ U : ⎝ 00γ ⎠ . −γqωq γq 0

2.1. Proof of the first part of Theorem 1.2. Here we prove that the incidence structure Γ of Theorem 1.2 is a generalised hexagon. Our approach is to use a definition of a generalised hexagon which is equivalent to the one stated in the introduction: (i) it contains no ordinary k-gon for k ∈{2, 3, 4, 5}, (ii) any pair of elements is contained in an ordinary hexagon, and (iii) there exists an ordinary heptagon (see [22, §1.3.1]). A thick generalised polygon has order (s, t) if every line has s + 1 points and every point is incident with t + 1 lines. A counting argument shows that if we know that the number of points and lines of a generalised hexagon are (s + 1)(1 + st + s2t2) and (t + 1)(1 + st + s2t2), then the conditions (ii) and (iii) automatically follow from the first condition.

Proof. First we show that Ω induces a point-partition of each generator (minus its point in the Hermitian curve O). Let be a generator of H(3,q2) and let P be a point of \O. For a point X, we will let X∗ be the q +1 elements of Ω which lie on X. Consider the q + 1 elements P ∗ of Ω on P .SinceP ∗ covers the points of a Baer subplane, it follows that there is a unique element of Ω contained in and containing P . Therefore Ω induces a point-partition of each generator minus its point in the Hermitian curve O. It follows immediately that Γ is a partial linear space (i.e., every two points lie on at most one line). Since H(3,q2) is a generalised quadrangle, Γ has no triangles. So suppose now that we have a quadrangle R, S, T , U of Γ. Then at least three of these points are necessarily affine points. For example, if two of these points were of type (a), two points of type (b), and with one line of type (i) and three of type (ii) making up the quadrangle, the three lines of type (ii) would yield a triangle of generators. So this case is clearly impossible. At least three points, S, T , U say, are necessarily affine points and the lines of the quadrangle are elements of Ω. Moreover, R is also an affine point, since if R were a generator then S and U would lie on R and ST, TU, SU would

6 JOHN BAMBERG AND NICOLA DURANTE then be a triangle in H(3,q2); a contradiction. So all the four points R, S, T , U of a quadrangle must be affine. Recall that u is the polarity defining H(3,q2). Note that Ru ∩T u is equal to SU and that SU ∩ H(3,q2) is a Baer subline with a point on O. Indeed R∗ spans a Baer subplane fully contained in H(3,q2) and it meets O in a Baer subline and since Ru ∩ T u ∩ H(3,q2) is a Baer subline contained in R∗ then SU ∩ H(3,q2) has a point in O. Likewise Su ∩ U u equal to RT and RT ∩ H(3,q2) is a Baer subline with a point in O.SoSU and RT are polar to each other under u, but then each point of H(3,q2)onSU is collinear with each point of H(3,q2)onRT , while the points of O are pairwise non- collinear, a contradiction. Hence Γ has no quadrangles. Suppose we have a pentagon R, S, T , U, W of Γ. Now points of type (b), which are affine points, are collinear in Γ if they are incident with a common element of Ω. Since each element of Ω spans a generator, points of type (b) are also collinear in H(3,q2). So since H(3,q2) is a generalised quadrangle, we see immediately that each point of our pentagon is an affine point. Suppose, by way of contradiction, that our pentagon has a point of type (a), that is, a generator of H(3,q2). Then we would have four generators of H(3,q2) forming a quadrangle and we obtain a similar “forbidden” quadrangle of affine points (i.e., RST U) from the above argument. So there are no pentagons in Γ. A trivial counting argument shows that L has size (q6 − 1)/(q − 1), which is equal to the sum of the number of affine points and the number of generators of H(3,q2), and so it follows that Γ is a generalised hexagon (of order (q, q)).

2.2. Exhibiting a suitable set of Baer subgenerators. In this section, we describe a natural candidate for a set Ω of Baer subgenerators satisfying the hypotheses of Theorem 1.2. Consider the stabiliser GO in PGU4(q) of the Hermitian curve O = π ∩ H(3,q2), where π consists of the elements whose last coordinate is zero. Then the elements of GO can be thought of (projectively) as matrices MA of the form 0 A 0 ∈ MA := 0 ,AGU3(q). 0001

Lemma 2.1. The group GO acts transitively on the set of Baer subgenerators which have a point in O.

Proof. Inside the group PGU4(q), the stabiliser J of a generator in- 2 duces a PGL2(q ) acting 3-transitively on the points of . So the stabiliser in J of a point P of acts transitively on the Baer sublines within which contain P .NowJ meets GO in the stabiliser of a point of , and so GO, acts transitively on Baer subgenerators contained in .SinceGO acts transitively on O, the result follows.

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 7

The key to this construction is the action of a particular subgroup of GO. We will see later that this group naturally corresponds to the stabiliser − in G2(q) of a non-degenerate hyperplane Q (5,q)ofQ(6,q). 2 Definition 2.2 (SU3). Let SU3 be the group of collineations of H(3,q ) obtained from the matrices MA where A ∈ SU3(q).

In short, the orbits of SU3 on Baer subgenerators with a point in O, each form a suitable candidate for Ω, as we will see. 2 Lemma 2.3. Let O = π ∩ H(3,q ),whereπ is the hyperplane X3 =0 2 of PG(3,q ),andletGO be the stabiliser of O in PGU4(q).Letb be a Baer 2 subgenerator of H(3,q ) with a point in O. Then the stabiliser of b in GO is contained in SU3. Proof. Recall from the beginning of Section 2 that given a Baer subgenerator b of H(3,q2)withapointB in O, there is a dual Baer subline of π with vertex B. Sothereisasetof3× 3 Hermitian matrices U of rank 2 ∗ 2, which are equivalent up to scalar multiplication in GF(q ) .NowGO induces an action on the pairs [U, ], where U is a Hermitian matrix of rank 2 and is a generator containing the nullspace of U, which we can write out explicitly by − [U, ]MA =[A 1UA,MA ]. 2 Let ω be an element of GF(q ) satisfying N(ω)=−1, and let U0 and 0 be 00−ω U0 := 001 ,0 := (1,ω,0, 0), (0, 0, 1,ω). −ωq 10 Since GO acts transitively on Baer subgenerators with a point in O (Lemma 2.1), we need only calculate the stabiliser of [U0,0]. Now let MA be an element of GO ﬁxing [U0,0]. Since MA ﬁxes 0, we can see by direct calculation that A is of the form ab−fω de f , ggω 1 with (a + dω)ω = b + eω. Now we see what it means for A to centralise U0 uptoascalark, that is, U0A = kAU0. Hence −gω −gω2 −ω −f −fω b−aω ggω1 = k −fωq fe−dω d−aωq e−bωq 0 −ωq 10 and we obtain k−1−bωq b −k−1gω2 A = (k−1−k−bωq)ωq k+bωq k−1gω ggω1 where k ∈ GF(q), N(g)=k2 + T(bqω) − 1 and T(gω) = 0 (in order for this matrix to be unitary). The determinant of A is 1 − g2ω(N(ω)+1)(ωk−2 + b(N(ω)+1)k−1 + ω)=1 and therefore, the stabiliser of [U0,0]inGO is contained in SU3.

8 JOHN BAMBERG AND NICOLA DURANTE

The above lemma allows us to attach a value to a Baer subgenerator that is an invariant for the action of SU3. Definition 2.4 (Norm of a Baer subgenerator). Let O be the Hermitian 2 2 curve H(3,q ) ∩ π,whereπ is the hyperplane X3 =0ofPG(3,q ) and let 2 GO be the stabiliser of O in PGU4(q). Fix a Baer subgenerator b0 of H(3,q ) withapointinO.Letb be a Baer subgenerator of H(3,q2) with a point in O MA , and suppose MA is an element of GO such that b = b0 . Then the norm of b is b := det(A). Moreover (by Lemma 2.3), the map b → b induces a group homomorphism 2 ∗ φ from GO to the multiplicative subgroup of elements of GF(q ) satisfying N(x)=1.

Note that the kernel of φ is SU3. The homomorphism φ is surjective and hence there is a natural partition of Baer subgenerators with a point in O into q + 1 classes. Each orbit of SU3 consists of Baer subgenerators with a common value for their norm. Lemma 2.5. Let μ be an element of GF(q2) such that N(μ)=1.LetO 2 be a Hermitian curve of H(3,q ) defined by X3 =0,andletΩ be a set of Baer subgenerators with a point in O which have norm equal to μ.Then: (i) Every affine point is on q +1 elements of Ω covering a Baer subplane. (ii) For every point X ∈Oand for every affine point Y in Xu,there is a unique element of Ω through X and Y .

Proof. Recall that Ω is an orbit of SU3 on Baer subgenerators and SU3 acts transitively on the affine points H(3,q2)\O, and so clearly every affine point is on q+1 elements of Ω. Moreover, such a set of q+1 elements of Ω will cover a Baer subplane, as we show now. Let Y be an affine point, let Y ∗ be the set of q +1 elements of Ω through Y and let b0 be one particular element ∗ ∗ of Y . Then every other element of Y is in the orbit of b0 under the stabiliser ∈ g g ∈ ⊥ of Y in SU3.Nowforeveryg (SU3)Y , we know that b0 = b0 Y and so every element of Y ∗ lies in the plane Y ⊥. At infinity, Y ⊥ meets O in a Baer subline and so we have a triangle of Baer sublines spanning a Baer subplane of Y ⊥, and it is covered completely by the elements of Y ∗. To complete the proof, we need only prove (ii). Since the stabiliser of apointinO is transitive on the set of affine points in the perp of that point, we can assume that X =(1,ω,0, 0) and Y =(0, 0, 1,ω)forsomeω satisfying N(ω)=−10. We have already seen, in the proof of Lemma 2.3, that X and Y lie on a Baer subgenerator, which we can assume without loss of generality, is in Ω. This Baer subgenerator is uniquely defined by a 3 × 3 Hermitian matrix U of rank 2 and the generator spanning X and Y , and we assume (as before) that U has the form

00−ω U := 001 . −ωq 10

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 9

Then the two-point stabiliser of X and Y inside SU3 consists of elements MA with A of the form ab0 A = de0 001 ab aq dq where (a + dω)ω = b + eω and de bq eq = I. Let’s consider one of these elements M .Then A − q q q T 00a ω+d (A ) UA = 00−bqω+eq −aωq+d −bωq+e 0 and we see that this matrix is a scalar multiple of U (the scalar being q (−bω + e)). Therefore MA fixes the Baer subgenerator defined by [U, ]. Hence there is a unique element of Ω on X and Y . 2.3. Classifying the suitable sets of Baer subgenerators. Theorem 2.6. Suppose Ω is a set of Baer subgenerators of H(3,q2) with apointinO, such that every affine point is on q +1 elements of Ω spanning a Baer subplane. Then Ω is an orbit under SU3. Proof. Let b be a Baer subgenerator of H(3,q2) with a point in O.Ifb is another Baer subgenerator of H(3,q2) with a point in O such that b and b meet in an affine point and span a fully contained Baer subplane, then we will show that there is some element of SU3 which maps b to b . Without loss of generality, we can choose our favourite Baer subgenerator and our favourite affine point. Suppose we have a fixed Baer subgenerator b giving the dual Baer subline defined by

00−ω U = 001 −ωq 10 and on the generator = (1,ω,0, 0), (0, 0, 1,ω) where N(ω)=−1. Let P betheaffinepoint(0, 0, 1,ω) and consider an arbitrary generator on P where := (0, 0, 1,ω), (1,ν,0, 0) and N(ν)=−1. Suppose we have a Baer subgenerator b on P , on the generator , defined by the matrix U .Since every element of P u ∩O is in the dual Baer subline defined by U ,wehave that U canbewrittenas a 0 β 0 aγ βq γq c where a ∈ GF(q) and β,γ ∈ GF(q2). For (1,ν,0, 0) to be in the nullspace of U ,wemusthavea = 0 and β = −γν. That is, U is just 00−γν 00γ . −γqνq γq c Now b and b span a fully contained Baer subplane if and only if the dual Baer sublines defined by U and U share only the points of P u ∩O,on O. Indeed suppose, by way of contradiction, that there is a point Z of O in common between the dual Baer sublines defined by U and U .ThenZu meets b in a point Q, different from L and P and it meets b in a point Q different from L (L = π ∩ b) and P .ThusZu ∩ P u meets H(3,q2)inaBaer

10 JOHN BAMBERG AND NICOLA DURANTE subline b containing Q and Q. Now the Baer subplane spanned by b and b is fully contained if and only if b has a point T in O. This implies that T and Z are points of O collinear on H(3,q2); a contradiction. Note that P u ∩O consists of the points of the form (1,δ,0, 0) together with (0, 1, 0, 0). Suppose (1,δ,η,0) is an element of both dual Baer sublines. That is, (1,δ,η)U(1,δq,ηq)T = 0 and (1,δ,η)U (1,δq,ηq)T =0.Now

− q q T 00ω q q T (1,δ,η)U(1,δ ,η ) =(1,δ,η) 001 (1,δ ,η ) −ωq 10 = −ηωq + ηδq +(−ω + δ)ηq = T (η(δ − ω)q), − 00γν (1,δ,η)U (1,δq,ηq)T =(1,δ,η) 00γ (1,δq,ηq)T −γqνq γq c = −ηγqνq + ηγqδq +(−γν + δγ + ηc)ηq = −(ηγqνq + ηqγν)+(ηγqδq + ηqγδ)+cηq+1 = T (ηγq(δ − ν)q)+cN(η). Since 1 + N(δ)+N(η) = 0, we see that our equations become (*) T(η(δ − ω)q) = 0 and T(ηγq(δ − ν)q)=c(1 + N(δ)) So since the dual Baer sublines deﬁned by U and U share only the points of P u ∩O, then whenever condition (*) holds for a choice of δ, η, we will have η = 0. Therefore, we must have a priori that c = 0 and γ/∈ GF(q). Let η =(γν − γqω)q and −ηq + ηq−1γq(ω − ν)q δ = . γq − γ Then a straightforward calculation shows that 1 + N(δ)+N(η)=0,T(η(δ − ω)) = 0 and T(ηγ(δ − ν)) = 0, so condition (*) holds, and hence η =0. Therefore, ν = ωγq−1 and − q 00γ ω U = 00γ . −γωq γq 0 We want to show that U is conjugate to U under some element of SU3(q). Now the group SU2(q)ofinvertible2× 2 matrices with unit determinant, q q GF 2 2 and ﬁxing the form X0Y0 +X1Y1 =0on (q ) , has q +1 orbits on totally isotropic vectors of GF(q2)2. Each orbit consists of vectors (x, y)wherey/xq attains a common value. Therefore, there exists some element C0 of SU2(q) T such that C0(−γν,γ) =(−ω, 1). Let ⎛ ⎞ 0 C0 C := ⎝ 0 ⎠ . 00 1

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 11

Then one can check easily that C has determinant 1 and CU(Cq)T = U . Therefore, there is some element of SU3 which maps b to b . For every affine point P ,letP ∗ be the set of q +1 elements of Ω incident with P . Then by the above, every element of P ∗ is contained in a common 2 orbit of SU3. Note that SU3 is transitive on generators of H(3,q ), and the u stabiliser of a point X of O in SU3 is transitive on the affine points of X . Suppose now that b and b do not meet in an affine point. Let P ∈ b.Then ∗ SU g g P ⊂ b 3 .Nowthereexistsg ∈ SU3 such that b = b and P ∈ b . ∗ Thus b ∈ (P g) ⊂ (b )SU3 . Note also that P g ∈ bg, and hence bg ∈ (b )SU3 . Therefore b and b are in the same orbit under SU3.

In Section 4, we will use the above result to prove Theorem 1.3.

3. The connection with the 6-dimensional parabolic quadric A non-degenerate hyperplane section of Q(6,q) can be of one of two types (up to isometry): it could induce a hyperbolic quadric Q+(5,q)oritcould induce an elliptic quadric Q−(5,q). The stabiliser of a hyperbolic quadric section in G2(q) is isomorphic to SL3(q) : 2, whilst the stabiliser of an elliptic quadric section in G2(q) is isomorphic to SU3(q):2(see[12]). These two maximal subgroups bring forth the two low-dimensional models of the Split Cayley hexagon that appear in this paper, and a second way to explain the interplay between these ‘linear’ and ‘unitary’ models is via Curtis-Tits and Phan systems; see Section 5. We begin first with some observations about the situation where we fix a Q+(5,q) hyperplane section. + The stabiliser SL3(q):2ofQ (5,q) fixes two disjoint planes p and σ of Q+(5,q), and then the lines of H(q) contained in Q+(5,q) are just the lines of Q+(5,q) which meet both p and σ in a point. It was noticed in [6] that we can reconstruct H(q) from these two fixed planes together with an orbit 3 2 ΩofSL3(q) on affine lines (of size (q − q)(q + q + 1)). We can capture the affine points by noticing that the q +1 hexagon-lines through an affine point span a totally isotropic plane (sometimes known as an H(q)-plane) meeting Q+(5,q) in a line disjoint from both p and σ. Similarly, we can take the polar image of an affine line and consider its intersection with Q+(5,q). This results in a 3-dimensional quadratic cone of Q+(5,q) meeting both p and σ in a point, but having vertex not in p nor σ. We can then employ the Klein correspondence to map our projection of H(q)onQ+(5,q), to PG(3,q) (see [10, §15.4] for more on the Klein correspondence). We summarise this correspondence below:

12 JOHN BAMBERG AND NICOLA DURANTE

PG(3,q) Q(6,q) Point-plane anti-flag (p, σ) Alatinp and greek plane σ defining a hyperbolic quadric Q+(5,q) Pencils with vertex not in σ and plane not Affine points of Q(6,q)\Q+(5,q) through p Lines Points of Q+(5,q) Pencils with vertex in σ and plane through Lines of Q+(5,q) meeting p and σ in a p point Parabolic congruences Affine lines of Q(6,q), quadratic cones of Q+(5,q) Parabolic congruences having axis not in- Affine lines of H(q) cident with p or σ, but having a pencil of lines with one line incident with p and another incident with σ

Table 1. The extended Klein representation.

Now we describe how we can view H(q) as substructures of the 3- dimensional Hermitian surface H(3,q2). A t-spread of PG(d, q) is a collection of t-dimensional subspaces which partition the points of PG(d, q). So necessarily, t + 1 must divide d + 1 and the size of a t-spread of PG(d, q)is (qd+1 − 1)/(qt+1 − 1). If t + 1 is half of d + 1, we usually call a t-spread just a spread of PG(d, q). Suppose we have a t-spread S of PG(d, q) and embed PG(d, q) as a hyperplane in PG(d +1,q). If we define the blocks to be the (t + 1)-dimensional subspaces of PG(d +1,q) not contained in PG(d, q)incident with an element of the t-spread, then together with the affine points PG(d +1,q)\PG(d, q), we obtain a linear space; in fact, a 2–(qd+1,qt+1, 1) design. This linear representation of a t-spread is a generalisation of the commonly called André/Bruck-Bose construction (where t +1 = (d +1)/2), and is fully explained by Barlotti and Cofman [1]. More generally, it is possible that this construction produces a Desarguesian affine space and we then say that the given t-spread is Desarguesian. It turns out that a t-spread S is Desarguesian if and only if S induces a spread in any subspace generated by two distinct elements of S (see [13] and [17]). Now consider PG(3,q2) and a hyperplane π∞ therein, and identify AG(3,q2) with the affine geometry PG(3,q2)\π∞. We will be considering the correspondence between objects in H(3,q2) and Q(6,q), where S is a Her- mitian spread of a non-degenerate hyperplane section Q−(5,q)ofQ(6,q). One can also obtain this correspondence via field reduction from H(3,q2) to Q+(7,q), and then slicing with a non-degenerate hyperplane section (see [14]). We will call this correspondence the Barlotti-Cofman-Segre representation of H(3,q2). Below we summarise the various correspondences between

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 13 objects in H(3,q2) and objects in Q(6,q) obtained by the Barlotti-Cofman- Segre representation of H(3,q2). Throughout, we fix a hyperplane Σ∞ at infinity intersecting Q(6,q)inaQ−(5,q), which corresponds to a fixed non- degenerate hyperplane π∞ of H(3,q2), and we let S denote a Hermitian spread of Σ∞.

H(3,q2) Q(6,q) − Hermitian curve O of π∞ Hermitian spread S of Q (5,q)

2 − Affine points H(3,q )\π∞ Affine points of Q(6,q)\Q (5,q) Generators of H(3,q2) Generators of Q(6,q)incidentwithsome element of S Baer subplane contained in H(3,q2) meet- Generators of Q(6,q)notincidentwith ing O in a Baer subline any element of S Baer subgenerators with a point in O Affine lines of Q(6,q)

Table 2. The Barlotti-Cofman-Segre representation.

The table below shows how we can directly obtain the model for the split Cayley hexagon on the 3-dimensional Hermitian surface via the Barlotti- Cofman-Segre correspondence. We can recover the aﬃne points of Q(6,q) by noticing that a plane incident with a spread element will correspond to a hexagon-plane; a point of H(q) together with its q + 1 incident lines.

In H(3,q2) Barlotti-Cofman-Segre image in Q(6,q) Points (a) Lines of H(3,q2) Planes of Q(6,q)containing a spread element. (b) Affine points of H(3,q2)\O Affine points of Q(6,q)\ Q−(5,q). Lines (i) Points of O Lines of the Hermitian spread. (ii) Elements of Ω Affine lines spanning a totally isotropic plane with a spread element.

Table 3. The split Cayley hexagon in H(3,q2).

14 JOHN BAMBERG AND NICOLA DURANTE

4. Characterising the split Cayley hexagon in the 6-dimensional parabolic quadric By the Barlotti-Cofman-Segre correspondence, we can translate Theo- rem 1.2 to a statement about substructures of Q(6,q). However, the information that can be transferred via this correspondence is not sufficient to characterise a set of lines Q(6,q) as the lines of a generalised hexagon; there is an additional case. The natural model of the split Cayley hexagon was revised in the introduction, and here we briefly point out a characterisation of it as a set of lines of Q(6,q). It is a special case of a result of Cuypers and Steinbach [7, Theorem 1.1], but we give a direct proof for completeness. Theorem 4.1. Let L be a set of lines of Q(6,q) such that every point of Q(6,q) is incident with q +1 lines of L spanning a plane. Then one of the following occurs: (a) There is a spread S of Q(6,q) such that L is equal to the union of the lines contained in each generator of S. (b) The points of Q(6,q) together with L define the points and lines of a generalised hexagon, and a plane of Q(6,q) contains 0 or q +1 elements of L in it. Proof. Let Γ be the geometry having the points of Q(6,q) as its points, and having L as its set of lines. Clearly Γ is a partial linear space where there are q + 1 lines through every point, and q + 1 points through every line. We will write P ∗ for the pencil of q + 1 lines of L incident with P . Since every plane of PG(6,q) meets Q(6,q) in a full plane, a conic, a line, a pair of concurrent lines or a point, it follows that every plane intersects L in q2 + q +1,q + 1, 1 or 0 lines. We will show now that the first possibility leads to case (a). Suppose there is a plane π with q2 + q + 1 lines of L.Let be an element of L not contained in such a plane. Then the q + 1 planes on the tangent quadric containing (i.e., the points collinear to all the points on )containq + 1 elements of L. Since there is always at least one point p of π collinear with all points of , we see that the point p is now incident with at least q + 2 elements of L; a contradiction. Hence either every point is in a plane with q2 + q + 1 elements of L (and we obtain the spread of Q(6,q)), or no point is. Suppose now that L is not partitioned by a spread of Q(6,q). So no plane of PG(6,q)containsq2 + q + 1 elements of L, and therefore, every plane intersects L in 0, 1 or q + 1 lines. We continue now to prove that Γ is a generalised hexagon. Clearly there is no triangle formed by lines of L, so suppose we have a quadrangle R, S, T , U in Γ. Note that these points do not lie in a common plane. The planes spanning T ∗, U ∗ and R∗ are three totally singular planes contained in a common 3-space, which implies that this 3-space is also totally singular; a contradiction. Suppose now we have a pentagon R, S, T , U, W of Γ, (and the ordering of these points is important). So RST U spans a 3-space intersecting Q(6,q) in two totally

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 15 singular planes, namely S∗ and T ∗.NowW is collinear (in L)withR and U, and therefore the line RU is totally singular; which implies that RST U is totally singular, a contradiction. So there are no k-gons in Γ with k<6. Since L has size equal to the number of points of Q(6,q), it follows that Γ is a generalised hexagon of order q. Let Ni be the number of planes of Q(6,q) containing i elements of L.So 2 3 N0 + N1 + Nq+1 =(q +1)(q +1)(q + 1). Now each point is on a unique 3 2 plane containing q + 1 elements of L, and so Nq+1 =(q +1)(q + q +1). Now for a given point X, all but one of the planes on X would have no 3 3 lines of L on it, which accounts for N0 = q (q + 1) planes (n.b., there are (q +1)(q2 + 1) planes on any point, and a plane contains q2 + q + 1 points). So it follows that N1 =0. Lemma 4.2. Let L be a set of lines of Q(6,q) such that every point X of Q(6,q) is incident with q +1 lines of L spanning a plane X∗, and such that the concurrency graph of L is connected. Suppose Π is a nondegenerate hyperplane meeting Q(6,q) in a Q−(5,q)-quadric. Then the set S := {X∗ ∩ Π:X ∈ Q−(5,q)} defines a Hermitian spread of Q−(5,q). Proof. Any pair of lines of S are disjoint since otherwise they would intersect in a point P and the plane P ∗ spanned by the q + 1 elements of L incident with P would then be contained in Q−(5,q). Therefore, S forms a spread of Q−(5,q). Now consider two elements and m of S. The solid , m meets Q−(5,q) in a Q+(3,q) section. The polar image of , m,withinQ(6,q), is then a plane meeting Q(6,q) in a non-degenerate conic C.Letr be a line in the regulus determined by and m, and suppose for a proof by contradiction that r is not an element of S. Then each of the q +1pointsZi on r defines ∗ ∩ S a different element i := Zi Πof . Since the lines contained in , m concurrent with r form the opposite-regulus to that defined by and m,it follows that none of the i are contained in , m. Since is a line of L and, by Theorem 4.1, a plane of Q(6,q) has 0 or q +1 elements of L contained in it, each of the q +1 planes , Xi for Xi ∈C ∗ is a plane Y for some Y ∈ . Similarly, each of the q + 1 planes m, Xi ∗ ∈ ∈C ∗ is a plane Y for some Y m. Hence for each Xi the plane Xi meets l, m in a line of the opposite regulus. Therefore, there is a one-to-one correspondence between points Xi of C and points Zi of r. That is, the line XiZi is a line of L for every i. Recall that the concurrency graph of L is connected, and so by Theorem 4.1, L forms the lines of a generalised hexagon. Let Z1 and Z2 be two ⊥ ∗ elements on r.NowZ1 is a hyperplane and Z2 isaplane,sowehavetwo ∗ ⊥ ∗ ⊥ cases: (i) Z2 is contained in Z1 , or (ii) Z2 meets Z1 in a line n. The first ⊥ case cannot arise as a plane of Q(6,q) contained in Z1 must go through Z1, and we have assumed that r is not in L. Suppose we have the second ⊥ L case. Since Z2 lies in Z1 , the line n lies on Z2 and so n is a line of in ∗ L Z2 . Note that Z1,n is a plane of Q(6,q) having at least one element of

16 JOHN BAMBERG AND NICOLA DURANTE contained in it. By Theorem 4.1, a plane of Q(6,q) has 0 or q +1 elements of ∗ L contained in it. Therefore, there is some point V on n such that Z1 ∈ V . HencewehavealineofL going through Z1 concurrent with n, and Z1 and ∗ Z2 are at distance 4. This requirement then forces r to lie in V . and hence ∗ each Zi goes through V . C ⊥ ⊥ ∈ ∗ ∈ Now is a non-degenerate plane through Π and Π / Zi : Zi r . ∗ Therefore, each Zi meets the conic only in the point Xi. The lines X1Z1 and L ∈ ⊥ ∗ VZ1 are lines of and since X1,V,Z1 r , we have that Z1 is contained in ⊥ ∗ r ; a contradiction. (Otherwise, Z1 would be a plane through Z2). Hence r ∈Sand S is closed under taking reguli. By [4, §3.1.2] and [15], such a spread of Q−(5,q) is necessarily a Hermitian spread of Q−(5,q).

Proof of Theorem 1.3. First we will translate the hypothesis to the 3-dimensional Hermitian variety H(3,q2) via the Barlotti-Cofman-Segre correspondence. So let us fix a non-degenerate hyperplane section Q−(5,q) and consider the set S of lines of L that are contained in Q−(5,q). By Lemma 4.2, S is a Hermitian spread of Q−(5,q) and so we have the ingredients for the Barlotti-Cofman-Segre correspondence, whereby the spread S corresponds to a fixed Hermitian curve O of H(3,q2). Recall that the elements of L not contained in Q−(5,q) are mapped to a subset Ω of the Baer subgenerators having a point in O. Also,theaffinepointsofQ(6,q) are mapped to the affine points of H(3,q2)\O. We will show that Ω satisfies the hypotheses of Theorem 1.2; that is, a generator spanned by q+1 elements of L corresponds to a Baer subplane of H(3,q2). Now by Theorem 4.1, we have either (a) L is the union of lines of the planes of a spread S of Q(6,q), or (b) L forms the lines of a generalised hexagon. Case (a) cannot occur as the concurrency graph of L is connected. So L is the lines of a generalised hexagon embedded into Q(6,q). Let P be an affine point of Q(6,q) and let P ∗ be the q + 1 elements of L incident with P . By our hypothesis, P ∗ spans a plane πP . If this plane were to be incident with an element of S,thenπP would contain more than q + 1 elements of L thus implying that πP would have all of its lines in L; this would then imply that the concurrency graph of L is disconnected (see the proof of Lemma 4.1). Therefore, πP is not incident − with any element of S, and hence, πP meets Q (5,q) in a transversal line to q + 1 elements of S. By the Barlotti-Cofman-Segre correspondence, πP corresponds to a Baer subplane of H(3,q2), as required. By Theorem 2.6, Ω is an orbit of SU3. Moreover, this group SU3 lies within the stabiliser in PGU4(q) of a non-degenerate hyperplane, and so corresponds to a subgroup SU3 of the stabiliser of S.Nowthereareq+1 split − Cayley hexagons whose lines not lying in Q (5,q) form an orbit under SU3, 3 so it remains to observe that SU3 has only q +1 orbits of size q(q +1)(q +1). Indeed, the orbits of SU3 on lines of Q(6,q) can be described completely geometrically from the corresponding orbits of objects in H(3,q2) (see Table 2). Therefore, Ω is the set of lines of some split Cayley hexagon (having a set of lines containing S).

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 17

Orbits in H(3,q2) Orbits on lines of Q(6,q) Size

3 Hermitian curve O of π∞ Hermitian spread S of q +1 Q−(5,q)

2 − 2 3 Affine points H(3,q )\π∞ Lines of Q (5,q)notinS q (q +1) Baer subgenerators with no Affine lines not meeting an q2(q2 − 1)(q3 +1) point in O element of S in a totally singular plane Baer subgenerators with a Affine lines meeting an ele- (q+1)×q(q+1)(q3 +1) point in O ment of S in a totally singular plane

Table 4. Orbits of SU3 on lines of Q(6,q).

5. A connection with Phan theory In the theory of linear algebraic groups, if a simply connected simple algebraic group G of type Bn, Cn, D2n, E7, E8, F4 or G2 has a Curtis- Tits system for its extended Dynkin diagram then there is a twisted version known as a Phan system for associated finite groups corresponding to fixed points of so-called Frobenius maps of G,wheretheSL2-subgroups of the Curtis-Tits system are replaced with certain SU2-subgroups. This phenom- enon has been known since the 1970’s to both group theorists and those working in the theory of twin buildings. In a Curtis-Tits system for a finite group G (defined over GF(q)), if Kα and Kβ are two SL2-subgroups for two fundamental roots α and β joined by a single bond, then Kα,Kβ is isomorphic to (P)SL3(q). Whereas in the corresponding Phan system, a single bond represents an amalgam Kα,Kβ isomorphic to (P)SU3(q). (See [3], [5] and [9] for more on Phan systems). The geometric model of the split Cayley hexagon that we presented in this paper was inspired by a unitary analogue of the SL3-model introduced by Cameron and Kantor [6].

Curtis-Tits system Phan system

G2(q) SL3(q) G2(q) SU3(q)

α β −3α − 2β α β −3α − 2β

Table 5. A summary of the Curtis-Tits and Phan systems for the extended Dynkin diagram of G2(q).

18 JOHN BAMBERG AND NICOLA DURANTE

Acknowledgements The authors thank Prof Frank De Clerck for various discussions concerning this work (and for ontbijten!), and they also thank Prof Guglielmo Lunardon for his comments on Theorem 4.1. We thank Dr S¸ükrüYal¸cınkaya for his expert advice on Phan systems. This work was supported by the GOA-grant “Incidence Geometry” at Ghent University. The first author acknowledges the support of a Marie Curie Incoming International Fellow- ship within the 6th European Community Framework Programme (MIIF1- CT-2006-040360), and the second author acknowledges the support of a GNSAGA-grant. The author’s are especially grateful to the anonymous referees whose remarks have greatly improved the exposition and clarity of this paper.

References [1] A. Barlotti and J. Cofman. Finite Sperner spaces constructed from projective and affine spaces. Abh.Math.Sem.Univ.Hamburg, 40:231–241, 1974. MR0335305 (49:87) [2] S. Barwick and G. Ebert. Unitals in projective planes. Springer Monographs in Math- ematics. Springer, New York, 2008. MR2440325 (2009h:51002) [3] C. D. Bennett, R. Gramlich, C. Hoffman, and S. Shpectorov. Curtis-Phan-Tits theory. In Groups, combinatorics & geometry (Durham, 2001), pages 13–29. World Sci. Publ., River Edge, NJ, 2003. MR1993197 (2004g:20021) [4] I. Bloemen, J. A. Thas, and H. Van Maldeghem. Translation ovoids of generalized quadrangles and hexagons. Geom. Dedicata, 72(1):19–62, 1998. MR1644139 (99h:51001) [5] A. Borovik and S¸. Yal¸cınkaya. Construction of Curtis-Phan-Tits system in black box classical groups. preprint. [6] P. J. Cameron and W. M. Kantor. 2-transitive and antiflag transitive collineation groups of finite projective spaces. J. Algebra, 60(2):384–422, 1979. MR549937 (81c:20032) [7] H. Cuypers and A. Steinbach. Near hexagons and triality. Beiträge Algebra Geom., 45(2):569–580, 2004. MR2093027 (2005g:51004) [8] W. Feit and G. Higman. The nonexistence of certain generalized polygons. J. Algebra, 1:114–131, 1964. MR0170955 (30:1189) [9] R. Gramlich. Developments in finite Phan theory. Innov. Incidence Geom., 9:123–175, 2009. MR2658896 (2011j:05375) [10] J. W. P. Hirschfeld. Finite projective spaces of three dimensions. Oxford Mathematical Monographs. The Clarendon Press Oxford University Press, New York, 1985. Oxford Science Publications. MR840877 (87j:51013) [11] J. W. P. Hirschfeld. Projective geometries over finite fields. Oxford Mathematical Monographs. The Clarendon Press Oxford University Press, New York, second edition, 1998. MR1612570 (99b:51006) [12] P. B. Kleidman. The maximal subgroups of the Chevalley groups G2(q)withq odd, 2 the Ree groups G2(q), and their automorphism groups. J. Algebra, 117(1):30–71, 1988. MR955589 (89j:20055) [13] G. Lunardon. Normal spreads. Geom. Dedicata, 75:245–261, 1999. MR1689271 (2000i:51033) [14] G. Lunardon. Blocking sets and semifields. J. Combin. Theory Ser. A, 113(6):1172– 1188, 2006. MR2244139 (2007c:51012)

LOW DIMENSIONAL MODELS OF THE FINITE SPLIT CAYLEY HEXAGON 19

[15] D. Luyckx and J. A. Thas. Flocks and locally Hermitian 1-systems of Q(6,q). In Finite geometries, volume 3 of Dev. Math., pages 257–275. Kluwer Acad. Publ., Dordrecht, 2001. MR2061808 (2005c:51016) [16] S. E. Payne and J. A. Thas. Finite generalized quadrangles, volume 110 of Research Notes in Mathematics. Pitman (Advanced Publishing Program), Boston, MA, 1984. MR767454 (86a:51029) [17] B. Segre. Teoria di Galois, fibrazioni proiettive e geometrie non desarguesiane. Ann. Mat. Pura Appl. (4), 64:1–76, 1964. MR0169117 (29:6370) [18] J. A. Thas and H. Van Maldeghem. Embedded thick finite generalized hexagons in projective space. J. London Math. Soc. (2), 54(3):566–580, 1996. MR1413899 (97j:51008) [19] J. A. Thas and H. Van Maldeghem. Flat lax and weak lax embeddings of finite generalized hexagons. European J. Combin., 19(6):733–751, 1998. MR1642738 (99k:51006) [20] J. A. Thas and H. Van Maldeghem. A characterization of the natural embedding of the split Cayley hexagon H(q)inPG(6,q)byintersectionnumbers.European J. Combin., 29(6):1502–1506, 2008. MR2423738 (2009d:51009) [21] J. Tits. Sur la trialité et certains groupes qui s’en déduisent. Inst. Hautes Etudes Sci. Publ. Math., 2:14–60, 1959. MR1557095 [22] H. Van Maldeghem. Generalized polygons,volume93ofMonographs in Mathematics. Birkhäuser Verlag, Basel, 1998. MR1725957 (2000k:51004)

Centre for the Mathematics of Symmetry and Computation, School of Mathematics and Statistics, The University of Western Australia, 35 Stirling Highway, Crawley, W.A. 6009, Australia. E-mail address: [email protected] Dipartimento di Matematica ed Applicazioni, UniversitadiNapoli“Fed-` erico II”, Via Cintia, 80126 Naples, Italy. E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11515

Davenport’s constant for groups with large exponent

Gautami Bhowmik and Jan-Christoph Schlage-Puchta

1. Introduction and results For an abelian group G we denote by D(G) the least integer k, such that every sequence g1,...,gk of elements in G contains a subsequence gi1 ,...,gi with ··· gi1 + + gi =0. Z ⊕ ··· ⊕ Z | | Z Z Z Write G = n1 nr with n1 ... nr, where we write n for /n . Put M(G)= ni − r + 1. In several cases, including 2-generated groups and p- groups, the value of D(G) matches with the obvious lower bound M(G), however, in general this is not true. In fact there are infinitely many groups of rank 4 or more where D(G)isgreaterthanM(G) see, for example, [12]. As far as upper bounds are concerned we have only rather crude ones. One such example, which is ≤ |G| appealing for its simple structure, is the estimate D(G) exp(G) 1+logexp(G) , |G| due to van Emde Boas and Kruyswijk[5]. This bound, for the case when exp(G) is small, was improved by Bhowmik and Balasubramanian [1] who proved that | | | | D(G) ≤ G + k − 1, where k is an integer ≤ min( G , 7), and conjectured that k exp(G) one may replace the constant 7 by |G|. Here we prove this conjecture. It turns out that the hypothesis that k be integral creates some technical difficulties, therefore we prove the following, slightly sharper result. Theorem . ≥ | | ≤ 1.1 For an abelian groupG with exp(G) G we have D(G) |G| − | | ≤ | |− exp(G)+ exp(G) 1,whileforexp(G) < G we have D(G) 2 G 1. We notice that the first upper bound is actually reached for groups of rank 2 |G| − where D(G)=exp(G)+ exp(G) 1. An application of our bound to random groups Z∗ · and ( n, ) will be the topic of a forthcoming paper. Let s≤n(G) be the least integer k, such that every sequence of length k contains a subsequence of length ≤ n adding up to 0 and let s=n(G) be the least integer k such that any sequence of length k in G contains a zero-sum of sequence of length exactly equal to n. In the special case where n =exp(G)weusethemorestandard

2010 Mathematics Subject Classiﬁcation. Primary 11B13.

c 2012 American Mathematical Society 21

22 G. BHOWMIK AND J.-C. SCHLAGE-PUCHTA notation of η(G)ands(G) respectively. Further let Dk(G) be the least integer m such that every sequence of length m in G contains k disjoint zero-sum sequences. These functions are well known in the theory of zero-sums. In particular the use of sk(G) to bound Dk(G) we shall adopt later is similar to the argument by Freeze and Schmid[8]. As the referee poitned out, a similar method has recently also been used by Chintamani, Moriya, Gao, Paul and Thangadurai[2]. We need the following bounds on η and s. Theorem . Z3 Z4 Z5 1.2 (1) We have s( 3)=19, s( 3)=41, s( 3)=91,and Z6 s( 3) = 225. Z3 Z4 ≤ Z5 ≤ Z6 ≤ (2) We have s( 5)=37, s( 5) 157, s( 5) 690,ands( 5) 3091. ≥ ≥ Zd ≤ pd−p − (3) If p 7 is prime and d 3,thenη( p) p2−p (3p 7) + 4.

The above results for Z3 are due to Bose[6], Pellegrino[14], Edel, Ferret, Land- Z3 jev and Storme[7], and Potechin[15], respectively. The value of s( 5)wasdeter- mined by Gao, Hou, Schmid and Thangadurai[11], the bounds for higher rank will be proven in section 4 using the density increment method. The last statement will be proven by combinatorial means in section 5. We further need some information on the existence of zero-sums not much larger then exp(G). Theorem 1.3. Let p be a prime, d ≥ 3 an integer. Then a sequence of length − d−3 Zd ≤ 3p−1 ≥ (6p 4)p +1 in p contains a zero-sum of length 2 .Ifd 4,thena − d−4 Zd ≤ sequence of length (6p 4)p +1 in p contains a zero-sum of length 2p. The proof of Theorem 1.1 uses the inductive method. To deal with the inductive step we require the following. Theorem 1.4. Let p be a prime, d ≥ 2 an integer. Then there exist integers ≥ Zd Zd ≤ ≤ d−1 k, M such that M η( p) and Dk( p) M p + pk. Zd ≤ d−1 Note that the statement is trivial whenever η( p) p . However, this bound is false for p =2andalld,aswellasforthepairs(3, 3), (3, 4), (3, 5) and (5, 3). We believe that this is the complete list of exceptions. From the Alon-Dubiner-theorem and Roth-type estimates one can already deduce that the above bound for η holds for all but ﬁnitely many pairs. However, dealing with the exceptional pairs by direct computation is way beyond current computational means.

2. Systems of disjoint zero-sums The most direct way to prove the existence of many disjoint zero-sums is by proving the existence of rather short zero-sums, therefore we are interested in zero sums of length not much beyond p. Lemma . − Z3 2.1 Every sequence of length 6p 3 in p contains a zero-sum of ≤ 3p−1 − Z4 length 2 , every sequence of length 6p 3 in p contains a zero-sum of length ≤ − Zd 2p, and every sequence of length (d +1)p d in p contains a zero sum of length ≤ (d − 1)p. Proof. − Z3 We claim that a sequence of length 6p 3in p contains a zero sum of length p or 3p. To see this we adapt Reiher’s proof of Kemnitz’ conjecture [17]. For a sequence S denote by N (S) the number of zero-sum subsequences of S of length .LetS be a sequence of length 6p − 3 without a zero sum of length p or

ON DAVENPORT’S CONSTANT 23

3p, T a subsequence of length 4p − 3, and U a subsequence of length 5p − 3. Then the Chevalley-Warning theorem gives the following equations. 1+N p(T )+N 2p(T )+N 3p(T ) ≡ 0(modp) 1+N p(U)+N 2p(U)+N 3p(U)+N 4p(U) ≡ 0(modp) 1+N p(S)+N 2p(S)+N 3p(S)+N 4p(S)+N 5p(S) ≡ 0(modp) By assumption S, and a forteriori U and T do not contain zero sums of length p or 3p, thus all occurrences of N p and N 3p vanish. If N 5p(S) =0,and Z is a zero sum in S, then choosing for T a subsequence of Z of length 4p − 3 we find from the first equation that T contains a zero sum Y of length 2p.ButthenZ \ Y is a zero sum of length 3p, a contradiction. We now add up the first equation over all subsequences T of length 4p − 3, and the second over all subsequences of length 5p−3, and obtain a system of three equations in the two variables N 2p(S), N 4p(S), which is unsolvable. Now let S be a sequence of length 6p − 3, and let Z be a zero sum of length | | ≤ 3(p−1) p or 3p.IfZ = p, then we found a zero sum of length 2 .OtherwiseZ contains a zero sum Y , and then either Y or Z \ Y is the desired zero-sum of length ≤ 3(p−1) 2 . The second claim follows similarly starting from the fact that every sequence − Z4 of length 6p 3in p contains a zero-sum subsequence of length p, 2p or 4p, while the last one follows from the fact proven by Gao and Geroldinger[9, Theorem 6.7], that a sequence of length (d +1)p − d contains a zero sum of length divisible by p. Zd The next result is used to lift results for special groups p to groups of arbitrary rank. The argument is rather wasteful, still the resulting bounds are surprisingly useful. Lemma . ≤ Zd ≤ pd−1 Za − 2.2 If a d,thens≤k( p) pa−1 (s≤k( p) 1) + 1 Proof. pd−1 Za − Zd Let A be a sequence of length pa−1 (s≤k( p) 1) + 1 in p.IfA Zd contains 0, then we found a short zero sum. Otherwise let U be a subgroup of p ∼ Za with U = p chosen at random. The expected number of elements of A,which Za − are in U is sightly bigger than s≤k( p) 1, hence there exists a subgroup which Za contains at least s≤k( p) elements of the sequence. Restricting our attention to this subgroup we obtain the desired zero sum. Lemma 2.3. We have

3(p − 1) D (Z3) ≤ max 5p − 2, k +2p +5 , k p 2 and, for d ≥ 4,

3(p − 1) 1 3 3 1 D (Zd) ≤ max (6p−4)pd−3 +1, k +1+(6p−4)pd−3 + − − k p 2 4 2p 4p2 dp Proof. We only give the proof for the second inequality, the first one being significantly easier. Let S be a sequence of length at least (6p − 4)pd−3 + 1. Then we can find ≤ 3(p−1) a zero sum of length 2 . We continue doing so until there are less than (6p − 4)pd−3 + 1 points left. zero-sums left. Then we remove zero sums of length ≤ 2p, until there are less than (6p − 4)pd−4 + 1 points left. Among the remaining

24 G. BHOWMIK AND J.-C. SCHLAGE-PUCHTA

Zd − points we still ﬁnd zero sums of length at most D( p)=d(p 1) + 1, hence, in total we obtain a system of at least |S|−(6p − 4)pd−3 − 1 (6p − 4)pd−3 − (6p − 4)pd−4 (6p − 4)pd−4 + + 3(p − 1)/2 2p d(p − 1) + 1 disjoint zero sums. Hence, Zd ≤ − d−3 Dk( p) (6p 4)p +1+

3(p − 1) (6p − 4)pd−3 − (6p − 4)pd−4 (6p − 4)pd−4 max 0, k − + , 2 2p d(p − 1) + 1 and our claim follows. The reader should compare our result with a similar bound given by Freeze and Schmid[8, Proposition 3.5]. In our result the coefficient of k is smaller, while the constant term is much bigger. The following result is an interpolation between these results. Lemma 2.4. Let N,d ≥ 3 be integers, p a prime number, and define a to be the d−a+1 ≥ Zd ≤ largest integer such that N>(a +1)p .Ifa 2,thenDk( p) N,where − N d 1 ν +1 N 1 k = − pd−a − 1 ≥ 1 − (a − 1)p ν(ν − 1) (a − 1)p a(1 − p−1) ν=a Proof. Zd Let S be a sequence of length N in p. We have to show that S contains a system of k disjoint zero sums. Since N>(a +1)pd−a+1, S contains a zero sum of length ≤ (a − 1)p. We remove zero sums of this length, until the remaining sequence has length < (a+1)pd−a+1. From this point onward we remove zero sums of length ≤ ap, until the remainder has length < (a +2)pd−a+2,andso on. In this way we obtain a disjoint system consisting of N − (a +1)pd−a+1 (a +1)pd−a+1 − (a +2)pd−a+2 dp2 − (d +1)p + + ···+ +1 (a − 1)p ap ap zero sums. This sum almost telescopes, yielding the first expression for k.Forthe inequality note that the sequence ν+1 is decreasing, hence the summands in the ν(ν−1) series are decreasing faster than the geometrical series p−ν , and we conclude that the whole sum is bounded by the first summand multiplied by (1 − p−1)−1.Our claim now follows. The following result is a special case of a result of Lindström[13](seealso[8, Theorem 7.2, Lemma 7.4]). Lemma . d−1 Zd 2.5 Every sequence of length 2 +1 in 2 contains a zero-sum of length ≤ 3, and this bound is best possible. Every sequence of length 2(d+1)/2 +1 in Zd ≤ 2 contains a zero-sum of length 4.

3. Proof of Theorem 1.1 In this section we show that Theorem 1.4 implies Theorem 1.1. Lemma 3.1. Let G be an abelian group of rank r ≥ 3. Assume that Theorem 1.1 holds true for all proper subgroups of G. Then it holds true for G itself.

ON DAVENPORT’S CONSTANT 25

Proof. Let p be a prime divisor of |G|. Choose an elementary abelian sub- ∼ Zd ≥ | | group U = p of G, such that d 3, exp(G)=p exp(G/U), and U is minimal under these assumptions. Put H = G/U.LetA be a sequence consisting of |G| − | |− | | exp(G)+ exp(G) 1or2 G 1 elements, depending on whether exp(G) > G or not. Denote by A the image of A in H. Then we obtain a zero-sum, by choosing Zd a large system of disjoint zero-sums in p, and then choosing a zero-sum among the elements in H defined by these sums, provided that |A|−M D(H) ≤ + k, p ≥ Zd where M η( p)andk = k(p, d, M) is defined as in Theorem 1.4. The left hand side can be estimated using the induction hypothesis. We have exp(H)= exp(G) , p | | |G| ≥ | | ≥ | | H = pd . Assume first that exp(G) G and exp(H) H . Then our claim follows, provided that exp(G) |G| |A|−M + − 1 ≤ + k, p exp(G)pd p inserting the choice of A and rearranging terms this becomes |G| |G| exp(G)+ − p ≤ exp(G)+ − 1 − M + pk. exp(G)pd−1 exp(G) Zd−1 The quotient of G by its largest cyclic subgroup contains at least p , hence, |G| ≥ d−1 |G| exp(G) p . Clearly, by replacing exp(|G|) with a lower bound we lose something, hence, it suffices to establish the relation 1 − p ≤ pd−1 − 1 − M + pk. However, this relation is implied by Theorem 1.4. Next suppose that exp(G) ≥ |G| and exp(H) < |H|.Then |G|/pd = |H| > exp(H)=exp(G)/p ≥ |G|/p2, thus d<2, but this case was excluded from the outset. If exp(G) < √ |G| and exp(H) < |H|, the same argument as in the first case yields D(G) ≤ 2 G − 1, provided that 2p |H|−p ≤ 2 |G|−1 − M + pN. | | |G| − ≤ d−1 Since H = pd and M pN p this becomes (2 − 2p−(d−2)/2) |G|≥pd−1 − p +1. √ As exp(H) < H we have that H is of rank at least 3, which by our assumption on the size of H implies that |G|≥p2d. This implies 1 (2 − 2p−(d−2)/2) |G|≥(2 − 2p−(d−2)/2)pd > pd >pd−1 − p +1, 2 and our claim is proven. √ If exp(G) < |G| and exp(H) ≥ H, the theorem follows provided that |H| exp(H)+ − 1 p ≤ 2 |G|−1 − M + kp, exp(H)

26 G. BHOWMIK AND J.-C. SCHLAGE-PUCHTA that is |G| exp(G)+ − p ≤ 2 |G|−1 − pd−1. pd−2 exp(G) The bounds for exp(G) and exp(H)imply |G|pd/2−1 ≤ exp(G) < |G|,and in this range the left hand side is increasing as a function of exp(G), hence, this inequality is certainly true if |G|≥1+pd−1 + |G|p2−d − p, which follows from |G|≥pd. If this is not the case, then |H|

Using the trivial bound n1 +n2 −1 ≤ n1n2 we ﬁnd that this inequality follows from apd−a 1 a + p−(d−a) 1 − ≥ ap−a + p−d , (a − 1)p a(1 − p−1) 4a and by direct inspection we see that our claim follows for all a ≥ 2, with exception only the case (p, a)=(2, 2). In this case our claim follows from Lemma 2.5, provided that d>3. Finally, if p =2andd =3,thenD(G)=M(G) was shown by van Emde Boas[4] under the assumption that Lemma 5.1 holds true for all prime divisors of |H|, which we today know to hold for all primes. Hence the proof is complete. Z ⊕Z − We know that D( n1 n2 )=n1 +n2 1, hence Theorem 1.1 holds true for all groups of rank ≤ 2. Hence Theorem 1.1 follows by induction over the group order.

4. Proof of Theorem 1.4: The case p ≤ 7 4.1. The primes 2 and 3. To prove Theorem 1.4 for p =2,wewanttoshow that in a set of 2d points we can ﬁnd a system consisting of many disjoint zero-sums. We ﬁrst remove one zero-sum of length ≤ 2, then zero-sums of length ≤ 3, until this is not possible anymore, and then we switch to zero-sums of length 4. Finally ≤ Zd we remove zero-sums of length d + 1, which is possible in view of D( 2)=d +1. In this way we obtain at least

2d − 2 2d−1 +2− 2(d+1)/2 − 1 2(d+1)/2 − d − 2 + + +1= 3 4 d +1 2d 2d +2 2(d+1)/2 − 1 + − 2(d−3)/2 + 4 24 d +1 zero-sums. Disregarding the last fraction we see that this quantity is ≥ 2d−2, provided that d ≥ 7. For 3 ≤ d ≤ 6 we obtain our claim by explicitly computing this bound. Next we consider p =3.Ford ≥ 6wehave Zd ≤ Zd ≤ d−6 Z6 d−1 η( 3) s( 3) 3 s( 3) < 3 ,

ON DAVENPORT’S CONSTANT 27 hence, Theorem 1.4 holds true with N =0,M =3d−1.Ford = 5 it follows Z5 − from Lemma 2.1 that a sequence of length η( 3) 3 contains a system of N = η(Z5)−2d−6 3 3d−3 disjoint zero-sums, hence, our claim follows provided that η(Z5) − 16 η(Z5) ≤ 3 3 +34, 3 12 that is, 89 ≤ 21 + 81. In the same way we see that for d = 4 a sequence of length Z4 39 in 3 contains a system of 4 disjoint zero-sums, thus our claim follows from 39 ≤ 12 + 27. Finally it is shown in [3, Proposition 1], that a sequence of length Z3 Z3 15 in 3 contains a system of 3 disjoint zero-sums. Together with η( 3) = 17 our claim follows in this case as well. 4.2. The prime 5. We begin by proving the second statement of Theorem 1.2. We do so by using a density increment argument together with explicit calculations. Fd Deﬁne the Fourier bias A u of a sequence A over p as 1 A u := max e(ξ,α), |A| ξ∈Fd\{0} p α∈A · · Fd × Fd → F 2πix/p where , is the scalar product p p p,ande(x)=e .Thenwehave the following. Lemma . ≥ Fd 4.1 Let p 3 be a prime number, A be a sequence over p.ThenA contains a zero-sum of length p, provided that |A|p−1 p − 1 p |A|p−2 > A p−3 A + + p(p−1)d u u 2pd−1 2 p(p−1)d

Proof. Let N be the number of solutions of the equation a1 + ···+ ap =0 with ai ∈ A.From[18, Lemma 4.13] we have |A|p N ≥ − A p−2|A|p(p−2)d. pd u

A solution a1 +···+ap = 0 corresponds to a zero-sum of A,ifa1,...,ap are distinct elements in A.UsingM¨obius inversion over the lattice of set partitions one could compute the over-count exactly, however, it turns out that the resulting terms are of negligible order, which is why we bound the error rather crudely. The number of p solutions M in which not all elements are diﬀerent is at most 2 times the number of solutions of the equation 2a1 + a2 + ···+ ap−1 = 0. Since multiplication by 2 is Fd a linear map in p we have that 2A u = A ,using[18, Lemma 4.13] again we obtain |A|p−1 M ≤ + A p−3|A|p(p−3)d. pd u Hence the number of zero-sums is at least |A|p |A|p−1 N − M ≥ − A p−2|A|p(p−2)d − − A p−3|A|p(p−3)d, pd u pd u and our claim follows. Zd We now use this lemma recursively to obtain bounds for s( 5), starting from Z3 s( 5) = 37. ∈ Z4 Consider a 3-dimensional subgroup U, and let ξ 5 be a vector such that ξ⊥U.Letn1,...,n5 be the number of elements of A in each of the 5 cosets of U,

28 G. BHOWMIK AND J.-C. SCHLAGE-PUCHTA

ζ be a ﬁfth root of unity. If max(ni) ≥ 37, we have a zero-sum of length p in one of the hyperplanes. Hence

1 4 A u ≤ max |n1 + n2ζ + ···+ n5ζ |. |A| n1+···+n5=|A| 0≤ni≤36 Since 1 + ζ + ···+ ζ4 =0,wehave 4 4 n1 + n2ζ + ···+ n5ζ =(36− n1)+(36− n2)ζ + ···+(36− n5)ζ , that is, 4 4 max |n1 + n2ζ + ···+ n5ζ | =max|n1 + n2ζ + ···+ n5ζ |. n1+···+n5=|A| n1+···+n5=180−|A| 0≤ni≤36 0≤ni≤36 For |A|≥144 the right hand side equals 180 −|A|, and we obtain a zero-sum, provided that |A| 4 180 −|A| 2 180 −|A| 2 2 |A| 3 > + + . 625 |A| |A| 125 125 625 | | Z4 ≤ One easily finds that this is the case for A = 157, and we deduce s( 5) 157. The same argument yields for d = 5 the inequality |A| 4 780 −|A| 2 780 −|A| 2 2 |A| 3 > + + , 3125 |A| |A| 625 625 3125 | |≥ Z5 ≤ Z6 which is satisfied for A 690, that is, we obtain s( 5) 690. Finally for 5 we obtain |A| 4 3445 −|A| 2 3445 −|A| 2 2 |A| 3 > + + , 15625 |A| |A| 3125 3125 3125 which is satisfied for |A|≥3091, thus the last inequality follows as well. Hence, Theorem 1.2(2) is proven. Z3 We have η( 5) = 33, and among 33 elements we can find one zero-sum of length ≤ ≤ ≥ Z3 5, one of length 10, and one more among the remaining 18 D( 5)=13 points. Hence we can take M =33,k = 3, and Theorem 1.4 follows. Moreover we Z4 ≤ Z4 − ≤ have η( 5) s( 5) 4 153, and among 153 elements we can find one zero-sum of length ≤ 5, 13 zero-sums of length ≤ 10, and one more zero-sum, that is, we can take k = 15, and Theorem 1.4 follows for d = 4 as well. Z5 ≤ Z5 − ≤ Z For d =5wehaveη( 5) s( 5) 4 686, and among 686 points in 5 we find 24 disjoint zero-sums of length ≤ 20, thus taking M = 686, N = 24, our claim follows since M ≤ 625 + 120. For d ≥ 6wehave Zd ≤ d−6 Z6 ≤ · d−6 d−1 s( 5) 5 s( 5) 3091 5 < 5 , and our claim becomes trivial.

5. Proof of Theorem 1.4: The case p ≥ 7 We begin by proving the last statement of Theorem 1.2. Lemma . − Z2 5.1 Let A be a sequence of length 3p 3 in p without a zero-sum of ≤ { p−1 p−1 p−1} ∈ Z2 length p.ThenA = a ,b ,c for suitable elements a, b, c p.

ON DAVENPORT’S CONSTANT 29

Proof. Aprimep is said to satisfy property B if in every maximal zero-sum Z2 − free subset of p some element occurs with multiplicity at least p 2. Gao and Geroldinger[10] have shown that the condition of the above lemma holds true if p has property B, and Reiher[16] has shown that every prime has property B. For p = 7 we need a little more specific information. Lemma . Z2 5.2 Let A be a sequence of length 15 over 7, which does not contain a zero-sum of length ≤ 7. Then there exist a cyclic subgroup which contains 3 elements of A. Proof. The proof can be done either by a mindless computer calculation or by a slightly more sophisticated human readable argument, however, as the latter also boils down to a sequence of case distinction we shall be a little brief. Let A be a counterexample, that is, a zero-sum free sequence of length 15, such that every cyclic subgroup contains at most 2 points. We shall deduce properties of A in a bootstrap manner. Without loss we may assume that A contains no two elements x, y with y = 2x. Suppose that A contains two such elements. Then replacing y by x gives a Z2 new sequence A , such that for an element in p the shortest representation as a subsum of A is at least as long as the shortest representation as a subsum of A.In particular, A contains no short zero sum. There is at most one subgroup which contains two different elements. Without loss we may assume that (1, 0), (3, 0), (0, 1), (0, 3) are in A. The subgroup generated by (1, 1) can contain either (5, 5) with multiplicity 2, or one of (1, 1), (2, 2), (5, 5) with multiplicity 1. If (5, 5) occurs twice, the remaining elements of the sequence must be among {(2, 3), (2, 4), (3, 2), (3, 5), (4, 2), (4, 5), (5, 3), (5, 4)},whichcaneas- ily be ruled out. If (5, 5) does not occur twice, then all subgroups different from (1, 0), (0, 1), (1, 1) contain one element with multiplicity 2. The only possible elements in (1, −1) are (1, 6), (6, 1), and by symmetry we may assume that (6, 1) occurs twice. Now (1, 2) must contain (6, 5), and we conclude that the remaining points are (2, 6), (3, 1), (5, 4), and we obtain the zero-sum (5, 4) + (6, 1) + (3, 1) + (0, 1). There exist 3 different elements x, y, z, each of multiplicity 2 in A, such that ∈ Z2 x + y z . Otherwise there are 6 elements of 7, such that no two generate the same subgroup, and the sum of two different of them is contained in two fixed cyclic subgroups, which easily gives a contradiction. Not all of (1, 0), (0, 1) and (2, 2) can occur with multiplicity 2. Suppose otherwise. Then the only further elements which can occur with multiplicity 2 are (1, 6), (2, 4), (4, 2), (4, 6), (6, 1), and (6, 4). Moreover, two elements which are exchanged by the map (x, y) → (y, x) cannot both occur in A, hence we may assume that (6, 1) occurs twice in A, while (1, 6) does not. Then (2, 4) and (4, 6) occur twice in A, and we get the zero-sum 2 · (6, 1) + (1, 6) + (1, 0). Not all of (1, 0), (0, 1) and (1, 1) can occur with multiplicity 2. Using the previous result one finds that all further elements of multiplicity 2 have one coordinate equal to 1. By symmetry we may assume that there are two further elements of the form (1,t). If there is an element of the form (x, y), 2 ≤ x ≤ 5, this immediately gives a zero-sum of length 8 − x, hence all elements in A are (1, 0), or of the form (1,t), (6,t). Since there are at least 8 different elements in A,thereareatleast6 different elements of the form (x, 0), which can be written as the sum of one element

30 G. BHOWMIK AND J.-C. SCHLAGE-PUCHTA of the form (1,t) and one of the form (6,t). Hence we obtain a zero-sum of length 2or3. (1, 0), (0, 1) and (4, 4) cannot all occur with multiplicity 2. There are at least 6 elements occurring with multiplicity 2, thus there are at least two further elements outside the subgroup (1, −1). But every element diﬀerent from (2, 4), (3, 5), (4, 2), (5, 3) immediately gives a zero-sum, and (2, 4) and (4, 2) as well as (5, 3) and (3, 5) cannot both occur at the same time, thus we may assume that (5, 3). The only possible element in (3, 1) is (1, 5), and this element can only occur once. Hence (2, 4) becomes impossible, and we conclude that (4, 2) occurs with multiplicity 2. But then all elements in (1, −1) yield zero-sums. We can now ﬁnish the proof. We know that there exist two elements x, y ∈ A, both with multiplicity 2, such that x + y contains an element of multiplicity 2. We may set x =(1, 0), y =(0, 1), and let (t, t) be the element in x + y.Then t =0, 3, 5, 6 immediately yields z short zero-sum, while t =1, 2, 4 was excluded above. Hence no counterexample exists.

≥ Zd Now suppose that p 7 is a prime number, and A is a sequence in p with | | pd−p − ≤ A = n = p2−p (3p 7) + 4 without zero-sums of length p.Let be a one- Zd | ∩ | dimensional subgroup of p, such that m = A is maximal. Now consider all 2-dimensional subgroups containing . Each such subgroup contains p2 − p points p2−p outside . Each point of A is either contained in or occurs in pd−p of all such p2−p − subgroups. Hence among all subgroups there is one which contains pd−p (n m) points outside . Call this subgroup U. Therefore U contains at least p2 − p m − 4 (n − m) + m ≥ 3p − 7+m − pd − p pd−2 + ···+1 Z2 − ≤ − ≤ elements of A.Sinceη( p)=3p 2, this quantity is 3p 3, which implies m 4. ≤ m−4 Hence m 3, which implies that pd−2+···+1 is negative, and we ﬁnd that U contains 3p − 6+m ≤ 3p − 4 points, that is, m ≤ 2. However, this implies that each of the p + 1 one-dimensional subgroups of U contain at most 2 elements of A,thus 3p − 6 ≤|A ∩ U|≤2p + 2, which implies p ≤ 8, hence, by our assumption p =7.In ∼ Z2 the case p = 7 we obtain that U = 7 contains a sequence A of 15 elements, such that no cyclic subgroup contains more than 2 of them, and A contains no zero-sum of length ≤ 7. ≥ pd−p − We can now prove Theorem 1.4 for p 7. We take M = p2−p (3p 7) + 4, and Zd ≤ let k be the largest integer for which Lemma 2.3 ensures Dk( p) M. Then the claim of Theorem 1.4 becomes M − 2p − 5 p + p2 ≥ M 3(p − 1)/2 for d =3,and

d−3 p2+6p−3 1 M − (6p − 4)p 2 − 4p dp p + pd−1 ≥ M 3(p − 1)/2 for d ≥ 4. After some computation one reaches the inequalities 4p2 ≥ 6p +25 and 28p4 ≥ 144p3 + p2 − 33, which are satisﬁed for p ≥ 7. Hence the proof of Theorem 1.4 is complete.

ON DAVENPORT’S CONSTANT 31

References 1. R. Balasubramanian, G. Bhowmik, Upper bounds for the Davenport constant, Integers 7(2) (2007), A03. MR2337038 (2008k:11027) 2. M. N. Chintamani, B. K. Moriya, W. D. Gao, P. Paul, R. Thangadurai, New upper bounds for the Davenport and for the Erd˝os-Ginzburg-Ziv constants, Arch. Math. 98, 133–142. 3. G. Bhowmik, J.-C. Schlage-Puchta, Davenport’s constant for Groups of the Form Z3⊕Z3⊕Z3d, CRM Proceedings and Lecture Notes 43 (2007), 307–326. MR2359480 (2008i:11036) 4. P. van Emde Boas, A combinatorial problem on finite Abelian groups II, Math. Centrum Amsterdam Afd. Zuivere Wisk 1969 ZW-007. MR0255672 (41:332) 5. P. van Emde Boas, D. Kruyswijk, A combinatorial problem on finite Abelian groups III, Math. Centrum Amsterdam Afd. Zuivere Wisk 1969 ZW-008. MR0255672 (41:332) 6. R. C. Bose, Mathematical theory of the symmetrical factorial design, Sankhya 8 (1947), 107– 166. MR0026781 (10:201g) 7. Y. Edel, S. Ferret, I. Landjev, L. Storme, The classification of the largest caps in AG(5, 3), J. Combin. Theory Ser. A 99 (2002), 95–110. MR1911459 (2003f:51022) 8. M.Freeze, W.A. Schmid, Remarks on a generalization of the Davenport constant, Discrete Math. 310 (2010), 3373–3389. MR2721098 (2011m:11051) 9. W. Gao, A. Geroldinger, Zero sum problems in finite abelian groups: a survey, Expo. Math 24 (2006), 337–369 MR2313123 (2008d:11014) 10. W. Gao, A. Geroldinger, On zero-sum sequences in Z/nZ ⊕ Z/nZ, Integers 3 (2003), A8. MR1985670 (2004m:11015) 11. W. Gao, Q. H. Hou, W. A. Schmid, R. Thangadurai, On short zero-sum subsequences II, Integers 7 (2007), A21. MR2299822 (2007m:11012) 12. A.Geroldinger, Additive group theory and non-unique factorizations, in : Combinatorial Number Theory and Additive Group Theory, CRM, Barcelona, Birkhauser, 2009, 1–86. MR2522037 (2011a:20153) 13. B. Lindström, Determination of two vectors from the sum, J. Combinatorial Theory 6 (1969), 402–407. MR0237352 (38:5641) 14. G. Pellegrino, Sul massimo ordine delle calotte in S4,3, Matematiche (Catania) 25 (1970), 149–157. MR0363952 (51:207) 15. A. Potechin, Maximal caps in AG(6, 3), Des. Codes Cryptogr. 46 (2008), 243–259. MR2372838 (2008m:51030) 16. C. Reiher, A proof of the theorem according to which every prime number possesses property B, Ph.D. thesis, Rostock, 2010. 17. C. Reiher, On Kemnitz’ conjecture concerning lattice-points in the plane, Ramanujan J. 13 (2007), 333–337. MR2281170 (2007m:11025) 18. T. Tao, V. H. Vu, Additive combinatorics, Cambridge Studies in Advanced Mathematics, 105. Cambridge University Press, Cambridge, 2006. MR2573797

Universite´ de Lille 1, Laboratoire Paul Painleve´ UMR CNRS 8524, 59655 Villeneuve d’Ascq Cedex, France E-mail address: [email protected] Universiteit Gent, Krijgslaan 281, Gebouw S22, 9000 Gent, Belgium E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11516

Permanent has less zeros than determinant over ﬁnite ﬁelds

Mikhail V. Budrevich and Alexander E. Guterman

Abstract. Let Fq be an arbitrary finite field of characteristic different from two. We show that the permanent function has less zeros than the determinant function for square matrices of an arbitrary size n>2overFq.Asa consequence, we obtain the answer to the Pólya problem over Fq by showing that there are no bijective transformations on matrices with entries from Fq which map the permanent into the determinant.

1. Introduction

Let A =(aij) be a square matrix of order n. The permanent and determinant functions are well-known: per (A)= a1σ(1) ...anσ(n) and det(A)= sgn(σ)a1σ(1) ...anσ(n),

σ∈Sn σ∈Sn here Sn denotes the group of permutations of order n,andsgn(·) denotes the sign function. The above definitions look very similar. They even coincide over a field of characteristic 2. However, these two functions have considerably different behavior for the other fields. For example, the difference between them becomes visible when we consider the complexity of their computation. The determinant function can be computed easily by the Gauss elimination algorithm in the polynomial time. How- ever, it is still an open problem if there exists a polynomial algorithm to compute the permanent. Moreover, Valiant [24] has shown that even computing the permanent of a (0,1)-matrix is a P -complete problem, i.e., this problem is an arithmetic analogue of Cook’s hypothesis P = NP,see[6, 12, 9] for details. To compute the permanent by its definition one needs (n − 1)n! multiplicative operations. One of the standard algorithms for the permanent computation is given by the Ryser formula. The complexity of this algorithm is asymptotically equal to (n − 1)2n. Another situation, when these two functions behave differently appears when we consider the zero locus of these two polynomials. Over algebraically closed fields it was shown that the corresponding algebraic varieties have different geometric structure. The first results in this direction are due to von zur Gathen [10]. See also [4, 18, 19] for further investigations.

2010 Mathematics Subject Classiﬁcation. Primary 15A15.

c 2012 American Mathematical Society 33

34 M.V. BUDREVICH AND A.E. GUTERMAN

Over a finite field the number of n × n matrices with nonzero determinant is equal to the total number of bases over this field, so the number of matrices with zero determinant is given by the classical formula: n 2 qn − (qn − qk−1), k=1 where q is the cardinality of the field. However, it is an open problem to compute the number of matrices having zero permanent over a finite field if n>2, see, for example, [22]. In this paper we show that the number of zeros of the permanent function is strictly less than the number of zeros of the determinant function for square matrices of an arbitrary size over an arbitrary finite field of the characteristic different from 2. This result was conjectured in [8] and proved in [7]forn =3and for sufficiently large fields if n>3 (the size of a field depends on n). However, the technique developed in [7] was based on asymptotic inequalities and it is not clear if it can be utilized to solve the problem in general. Here we propose a new method based on the tensor technique, which allows to obtain the complete solution of the problem. Namely, we associate a certain specific tensor to the permanent function of a given matrix. Then zeros of the permanent correspond to the solutions of a system of linear equations on the components of this tensor. So, by determining the number of components with some prescribed properties we provide an estimation for the number of zeros of the permanent function, which allows us to compare the quantity of zeros for the permanent and determinant functions. The inequality between the number of zeros for the determinant and permanent functions besides its own beauty has the following important application to a certain classical problem which dates back to Pólya [21]. To formulate this problem in details we introduce the following notations: everywhere below, if the converse is not stated, Fq denotes a finite field of q elements, its characteristic char Fq = p>2, F denotes an arbitrary field, Mm×n(F) denotes n the set of m × n matrices with the entries from F, Mn×n(F)=Mn(F), F denotes the linear space of n-vectors over F. In 1913 Pólya in his work [21] asked if there exists a possibility to compute permanent function using the determinant function? The idea is based on the following observation: consider the map T : M2(F) → M2(F) given by the formula: a a a −a (1.1) T : 11 12 → 11 12 a21 a22 a21 a22 The direct computations show that: (1.2) per (A)=det(T (A)) for any A ∈ M2(F). The question of existence of maps T satisfying (1.2) for matrices of an arbitrary size is called Pólya convertibility problem, see [17]. In [23] Szegö proved that there is no generalization of the formula (1.1) for n ≥ 3. In 1961 Marcus and Minc [16], see also Botta [2], proved that if n ≥ 3thereare no linear transformations T : Mn(F) → Mn(F) satisfying equality (1.2). This result was further extended in [3, 5, 14] for matrices over fields of zero characteristic. For finite fields of characteristic different from 2 in [7] it was proved that if n ≥ 3and the cardinality of F is sufficiently large (depending on n), then, no bijective map T : Mn(F) → Mn(F)satisfiesperA =detT (A). When n = 3 the conclusion was

PERMANENT HAS LESS ZEROS THAN DETERMINANT OVER FINITE FIELDS 35 shown to be true for any finite field with char F = 2. However, already for n =4 the result from [7] holds only for fields with more than 42 elements. As a corollary of our results we prove that there are no bijective transformations which converts the permanent to the determinant for square matrices of an arbitrary size over any finite field of characteristic not 2. Our paper is organized as follows. Section 1 is introductory. In Section 2 we show that the permanent function has less zeros than the determinant function for square matrices of an arbitrary size n>2overFq. As a consequence we obtain the answer to the Pólya problem over Fq showing that there are no bijective transformations of matrices over Fq which map the permanent into the determinant. 2. Matrices with zero permanent.

Definition 2.1. Let Mn(Fq) denote the set of square matrices of the size n over the field Fq.ForthesetS ⊂ Mn(Fq) we introduce the following functions: (1) P (S)=|{A ∈ S :per(A)=0}| (2) D(S)=|{A ∈ S :det(A)=0}| Observe that for the space of all matrices over a finite field the second function can be directly computed, i.e., the following classical result is true, see for example [1]: n n2 n k−1 Lemma 2.2. [1, Chapter 4, §3] D(Mn(Fq)) = q − (q − q ). k=1

The problem of the explicit computation of the function P (Mn(Fq)) is still open, see for example [7]. Here we propose the new method to investigate this function and apply it to prove that there are no converters between the determinant and the permanent for square matrices of an arbitrary size over an arbitrary ﬁeld with characteristic diﬀerent from two. In order to do this we show that D(Mn(Fq)) is always greater than P (Mn(Fq)) if n>2.

Definition 2.3. Let A ∈ Mm×n(F). By A(i1,...,ik|j1,...,jl)wedenotethe matrix obtained from A by deleting the rows with the indices i1,...,ik and the columns with the indices j1,...,jl.

Definition 2.4. Let e1,...,en be the standard basis of the linear space Vn = Fn ∈ F ≤ q .LetA Mk×n( q)wherek n. Consider a contravariant tensor TA = i1,...,in−k − n−k ⊗ ⊗ TA of the valency (n k), deﬁned on the space Vn = V n ... Vn.The n−k times tensor components in basis e ,...,e are: 1 n per (A(|i ,...,i − )), if all i ,...,i − are diﬀerent T i1,...,in−k = 1 n k 1 n k A 0, otherwise.

The tensor TA is called tensor of the permanent of A.Inthecasek =1amatrix ∈ F Fn can be considered as a vector A M1×n( q)= q and we consider the tensor TA as a tensor of the vector A. Observe that in the case k = n the value of TA is a constant in Fq and it is equal to the permanent of A.

Below TX denotes the tensor of the permanent of X ∈ Mm×n(F). Lemma . ∈ Fn ≡ ≡ 2.5 Let a vector a q .ThenTa 0 if and only if a 0.

36 M.V. BUDREVICH AND A.E. GUTERMAN

i1,...,in−1 Proof. If a = 0, then it is straightforward to check that Ta =0for any tuple i1,...,in−1. Conversely if there exists such an index i,1≤ i ≤ n that ai =0,thenforthe( n − 1)-tuple (i1,...,in−1)=(1,...,i− 1,i+1,...,n)wehave i1,...,in−1 Ta = ai =0 , therefore, T ≡ 0.

Lemma 2.6. Let A ∈ Mn−k(Fq). Then the tensor TA is symmetric, i.e., ∈ i1,...,in for any tuple (i1,...,in−k) and any permutation σ Sn−k we have: TA = i ,...,i σ(i1) σ(in−k) TA . Proof. Since any permutation is a product of transpositions, it is only necessary to prove this statement for an arbitrary transposition. If there are equal numbers among the indices i1,...,in−k then by the deﬁnition i1,...,in−k of tensor components of TA we have TA = 0. After the permutation of i1,...,in indices there are still equal numbers among them and therefore TA =0= σ(i1),...,σ(in−k) TA . By the above arguments we can assume that the indices i1,...,in−k are dif- i1,...,in−k | ferent. Thus TA =per(A( i1,...,in−k)). The permanent function is invariant with respect to the permutation of columns and therefore for any σ ∈ i1,...,in−k | | Sn−k we have TA =per(A( i1,...,in−k)) = per (A( σ(i1),...,σ(in−k))) = i ,...,i σ(i1) σ(in−k) TA , which is the statement of the lemma. Definition . ∈ Fn ∈ F 2.7 Let a =(a1,...,an) q , A Mk×n( q). The convolution of TA and a is deﬁned to be the tensor T = TA ◦ a of the valency (n − k − 1) with the components given by the following rule: n i ,...,i − − 1 n k 1 i1,...,in−k−1,j T = T · aj j=1

Lemma 2.8. Let B ∈ M(k+1)×n(Fq). Consider the vector a equal to the ﬁrst row of the matrix B, i.e., a = B(2,...,k +1|) ∈ M1×n(Fq), and the submatrix A of B obtained by deleting the ﬁrst row, i.e., A = B(1|) ∈ Mk×n(Fq). Then the following equality holds: TB = TA ◦ a.

Proof. Let us prove that the components of the tensors TB and TA◦a coincide. By the deﬁnition of the convolution operation we have: n ◦ i1,...,ik−1,j · (2.1) TA a = TA aj . j=1

If there are equal numbers among the indices i1,...,ik−1 then by the definition i ,...,i − i ,...,i − ,j 1 k 1 1 k 1 ◦ i1,...,ik−1 TB =0,TA =0foranyj and therefore (TA a) = 0, i.e., our equality is true. Therefore we can assume now that the indices i1,...,in−k are different. We can consider only the summands with different i1,...,ik−1,j components, since the other summands contribute only zero into the sum in the right hand side of (2.1). For these components we have: n i ,...,i − ,j ◦ i1,...,ik−1 1 k 1 · | (TA a) = TA aj = per (A( i1,...,ik−1,j))aj =

j=1 j∈[1,n]\[i1,...,ik−1]

PERMANENT HAS LESS ZEROS THAN DETERMINANT OVER FINITE FIELDS 37

(since A is the submatrix of B formed by all the rows besides the ﬁrst one) | | i1,...,ik−1 = per (B(1 i1,...,ik−1,j))aj =per(B( i1,...,ik−1)) = TB ,

j∈[1,n]\[i1,...,ik−1] the lemma is proved.

Lemma 2.9. Let A =(aij) ∈ Mn(Fq). Consider a = A(2,...n|)=(a11,...,a1n). Then the following equality is true:

per (A)=TA(1|) ◦ a.

Proof. By the deﬁnition of the convolution operation, we have the equality: n ◦ i · (2.2) TA(1|) a = TA(1|) a1i i=1

Corollary 2.10. Let A ∈ Mn(Fq) be formed by the rows a1,...,an. Then for the permanent of A we have:

per (A)=(...(TA(1,...,n−1|) ◦ an−1) ◦ an−2 ...) ◦ a1.

Proof. Subsequently applying Lemma 2.8 to TA(1,...,k|) ◦ ak, we obtain:

(2.3) TA(1|) =(...(TA(1,...,n−1|) ◦ an−1) ◦ an−2 ...) ◦ a2 Then applying Lemma 2.9 we have:

per (A)=TA(1|) ◦ a1. Substituting the last expression into the formula (2.3) we obtain the desired statement.

Lemma 2.11. Let A ∈ Mk×n(Fq) and let TA ≡ 0, i.e., it contains at least one i1,...,in−k k n−k − nonzero component TA . Then there are at least q (q 1) different vectors ∈ n ◦ ≡ x Fq such that R = TA x 0. Proof. 1,...,n−k 1. Without loss of generality we can assume that TA =0. 2. We are going to find all vectors x such that TA ◦ x ≡ 0 in the following way: we fix the last k components of x in an arbitrary way (we have qk possibilities to do this). Then we show that for any such choice there exist at least qn−k − 1 possibilities to choose the other (n − k) components such that the value of R is different from 0. So, if the last k components of a vector are fixed, then no more

38 M.V. BUDREVICH AND A.E. GUTERMAN than one choice of the ﬁrst components provides a nonzero value of the tensor R. To show this we obtain an upper bound for the number of possibilities to choose (n − k) remaining coordinates of x such that the condition R = 0 is satisﬁed. j1,...,j − − 3. If R =0thenR n k 1 = 0 for any tuple of indices j1,...,jn−k−1.In particular, this implies the following set of equalities: R1,...,n−k−1 =0, R2,...,n−k =0, R3,...,n−k,1 =0, ········· Rn−k,1,...,n−k−3 =0, here each subsequent component is obtained by the cyclic shift of coordinates 1,...,n− k and by the cancellation of the last index. 4. Thus we have the system of (n − k) equations on the unknown entries x1,...,xn−k: ⎧ ⎨⎪R1,...,n−k−1 =0 R2,...,n−k =0 ⎩⎪ Rl,...,n−k−1,1,...,l−2 =0,l=3,...,n− k. Note that if R = 0 then this system of equalities should be true, however the converse does not always hold. 5. Let us rewrite the above system expressing the components of R via the components of T and x: ⎧ n ⎪ − − − − ⎪R1,...,n k 1 = T 1,...,n k 1,j · x , ⎪ A j ⎨⎪ j=1 n − R2,...,n−k = T 2,...,n k,j · x , ⎪ A j ⎪ j=1 ⎪ n ⎪ l,...,n−k−1,1,...,l−2 l,...,n−k,1,...,l−2,j · − ⎩R = TA xj ,l=3,...,n k. j=1 Thus taking into account that the tensor components with at least two equal indices are zero, we have: ⎧ n ⎪ 1,...,n−k 1,...,n−k−1,j ⎪T x − + T x =0 ⎪ A n k A j ⎪ j=n−k+1 ⎪ n ⎨⎪ 2,...,n−k,1 2,...,n−k,j TA x1 + TA xj =0 (2.4) j=n−k+1 ⎪ n ⎪ l,...,n−k,1,...,l−1 l,...,n−k,1,...,l−2,j ⎪TA xl−1 + TA xj =0, ⎪ j=n−k+1 ⎩⎪ l =3,...,n− k.

6. The components xn−k+1,...,xn of the vector x are ﬁxed, and therefore, n 1,...,n−k−1,j ∈ F TA xj = c1 where c1 q is a certain constant which does not de- j=n−k+1 n l,...,n−k,1,...,l−2,j pend on the unknown values x1,...,xn−k. Similarly TA xj = j=n−k+1 cl ∈ Fq is a constant for any l =2,...,n− k. 7. By Lemma 2.6 the tensor T is symmetric and therefore we have the equality between the components: T 1,...,n−k = T l,...,n−k,1,...,l−1 = d , l =2,...,n− k

PERMANENT HAS LESS ZEROS THAN DETERMINANT OVER FINITE FIELDS 39 where d ∈ Fq is a constant and d = 0 by the conditions of the lemma. 8. Therefore by collecting the constants ci,i=1,...,n− k to the right-hand side we can rewrite the system (2.4) in the following form: ⎛ ⎞ d 0 ... 0 ⎛ ⎞ ⎛ ⎞ x − c ⎜ . .⎟ n k 1 ⎜0 d .. .⎟ ⎜ ... ⎟ ⎜ ... ⎟ (2.5) ⎜ ⎟ ⎜ ⎟ = ⎜ ⎟ ⎜. . . ⎟ ⎝ ... ⎠ ⎝ ... ⎠ ⎝. .. .. 0⎠ x c − 0 ... 0 d 1 n k 9. Since the constant d is different from 0, the system (2.5) has a nonsingular matrix and therefore it has a unique solution. 10. Thus we obtain that for any tuple xn−k+1,...,xn there exists only one tuple of coordinates x1,...,xn−k which satisfies the condition R1,...,n−k−1 = ...= Rn−k,1,...,n−k−3 =0, thus no more than only one tuple of coordinates satisfies the condition R =0. 11. We considered only necessary conditions for the equality R =0thuswecan choose no more than qk vectors x, satisfying T (A) ◦ x = 0. Therefore there exist at least qn − qk ways to choose the vector x in such a way that R = 0. Therefore, there are qk(qn−k − 1) possibilities to choose the vector x such that R = T ◦ x =0, and the result follows.

NowweemphasizethelastlemmabychoosingthespecialmatrixA ∈ M1×n(Fq): Lemma . ∈ Fn ≥ 2.12 Let a =(1,...,1) q , n 3. Then the number of vectors ∈ Fn ◦ n − x q such that R = Ta x =0is equal to q 1. Proof. Let us show that there exists a unique possibility to choose the vector x such that R = 0. In order to show this we represent the condition R =0asa system of equations on the unknown coordinates of the vector x and then found the number of solutions of this system. 1. Consider the conditions R1,...,n−2 = R1,...,n−3,n−1 = R1,...,n−3,n =0.These equalities are equivalent to x − x x − x x − x − (2.6) per n 1 n =0; per n 2 n =0; per n 2 n 1 =0. 11 11 11 The above system of equations can be rewritten as follows: ⎧ ⎨⎪xn−1 + xn =0 x − + x =0 ⎩⎪ n 2 n xn−2 + xn−1 =0.

The last system has the unique solution xn−2 = xn−1 = xn =0. 2.Letusshowthatxk =0,k =1,...,n − 3 and consider the equalities R1,...,k−1,k+1,...,n−1 =0whichmustbetruesinceR = 0. Therefore we have: − − x x x 0 R1,...,k 1,k+1,...,n 1 =per k n = k = x =0,k=1,...,n− 3. 11 11 k

This implies that there exists a unique vector x =(0,...,0) such that R = Ta ◦ x = 0, thus there are qn − 1 vectors x such that R =0.

40 M.V. BUDREVICH AND A.E. GUTERMAN

Remark 2.13. Part 1 of the proof of Lemma 2.12 provides an essential diﬀer- ence between the determinant and permanent functions since the system of equations corresponding to the system (2.6) for the determinant has at least q solutions.

Theorem 2.14. D(Mn(Fq)) ≥ P (Mn(Fq)) for any n. Proof. We first find the lower bound for the number of matrices with nonzero permanent. For an arbitrary fixed n we use the induction on the number k, the number of rows of the length n, in order to show that there are at least k (2.7) (qn − qj−1) j=1 matrices A from Mk×n(Fq) with nonzero tensor of permanent TA.Thenforn = k we have the statement of the theorem. 1. The base of induction. There are qn − 1 possibilities to choose a nonzero row. By Lemma 2.5 the tensor of permanent for each of these rows is different from zero. 2. The induction step. Assume that for all k × n matrices our statement is proved. Then there is a set S of k×n matrices with the nonzero tensor of permanent, k |S|≥ (qn −qj−1). For any A ∈ S by Lemma 2.11 there are qk(qn−k −1) = qn −qk j=1 possibilities to find a row x in such a way that the tensor of permanent of the matrix k union of A and x is different from zero. In total, we have (qn − qj−1)(qn − qk)= j=1 k+1 (qn − qj−1) matrices, which proves the formula (2.7). j=1 3. By Corollary 2.10 if k = n then the tensor of permanent is just a scalar, which is equal to the permanent of the obtained matrix. Therefore we have constructed at least n (qn − qk−1) k=1 different matrices with nonzero permanent. By Lemma 2.2 this is precisely equal to the number of matrices with nonzero determinant, therefore P (Mn) ≤ D(Mn).

Remark 2.15. It is straightforward to check that D(M2(Fq)) = P (M2(Fq)).

Theorem 2.16. D(Mn(Fq)) >P(Mn(Fq)) for n>2. Proof. Let us choose the vector a =(1,...,1) as the ﬁrst row of the matrix we are constructing in the previous proof. Then by Lemma 2.12 there are qn − 1 possibilities to choose the second row in such a way that the permanent of obtained 2 × n matrix is diﬀerent from zero. Therefore the number of matrices with nonzero permanent has the following lower bound: n n (qn − 2) (qn − qk−1)+(qn − 1) (qn − qk−1)= k=2 k=3 n =((qn − 2)(qn − q)+(qn − 1)) (qn − qk−1). k=3

PERMANENT HAS LESS ZEROS THAN DETERMINANT OVER FINITE FIELDS 41

Here the second summand corresponds to those matrices with nonzero permanent that have the first row equal to the vector a =(1,...,1), and the first summand corresponds to the other matrices with nonzero permanent. n This number is bigger than (qn − qk−1) which is the number of matrices k=1 with nonzero determinant. Therefore we have the strict inequality D(Mn(Fq)) > P (Mn(Fq)). Now we are ready to apply the above result in order to obtain the negative solution of the Pólya problem over a finite field in the class of bijective mappings. Theorem 2.17. Let n ≥ 3. Then there is no a bijective map

T : Mn(Fq) → Mn(Fq) such that per (A)=det(T (A)).

Proof. Since the number of matrices in Mn(Fq) is finite, then the necessary condition for the existence of such a map T is the equality D(Mn(Fq)) = P (Mn(Fq)). By Theorem 2.16 this equality is impossible. Thus there is no a required map T . Remark 2.18. Note that for n = 2 even linear bijective transformations T : M2(F) → M2(F)doexistforanyfieldF,asitwasnotedbyPólya in [21], cf. formula (1.1) from this text. Remark 2.19. It is easy to see that over any field there are non-bijective converters of the permanent into the determinant. We also observe that over infinite fields there do exist bijective non-linear converters. See for example [7, Section 8]. Remark 2.20. The main result of this paper was conjectured in [8] and proved in [7]forn = 3 and for sufficiently large fields if n>3 (the size of a field depends on n) by different method. Remark 2.21. Thesametechniqueasin[7, Lemma 8.7 and Remark 8.6] allows to prove that the results of this paper are also true for the matrices over associative rings without zero divisors. When this article was in press Professor Celino Miguel communicated to the authors and explained how to lift the results of the paper [7] for the case when zero divisors are allowed by means of the the localization technique. According to this information, which is to be published elsewhere, we would like to note that our results are true also for the matrices over arbitrary finite commutative associative rings with identity.

Acknowledgments The second author wishes to thank Gregor Dolinar, Bojan Kuzma, Celino Miguel, and Marko Orel for interesting discussions on the P´olya problem. Also we would like to acknowledge partial ﬁnancial support of the grant MD-2502.2012.1 and RFBR 12-01-00140.

References [1] E. Artin, Geometric Algebra, (1957), Interscience Publishers, Inc., New York. MR0082463 (18:553e) [2] P. Botta, On the conversion of the determinant into the permanent, Canad. Math. Bull. 11 (1968) 31-34. MR0230734 (37:6294)

42 M.V. BUDREVICH AND A.E. GUTERMAN

[3] R. A. Brualdi, B. L. Shader, On sing-nonsingular matrices and the conversion of the permanent into the determinant, DIMACS Series in Discrete Mathematics and Theoretical Com- puter Science 4 (1991), 117-134. MR1116343 (92f:15003) [4] J. Cai, A note on the determinant and permanent problem, Information and Computation, 84 (1990) 119-127. MR1032157 (91d:68028) [5] M. Coelho, A. Duffner, Immanant preserving and immanant converting maps, Linear Algebra Appl. 418, 1, (2006) 177-187. MR2257588 (2007j:15005) [6] S.A. Cook, The complexity of theorem proving procedures, Proc. 3rd Ann. ACM Symp. Theory of Computing, 1971, 151-158. [7] G. Dolinar, A. Guterman, B. Kuzma, M. Orel, On the Pólya permanent problem over finite fields, European Journal of Combinatorics, 32 (2011), 116-132. MR2727466 (2011j:15009) [8]G.Dolinar,A.Guterman,B.Kuzma,M.Orel,Private communication, 2009. [9] M.R. Garey, D.S. Johnson,Computers and Intractability: A Guide to the Theory of NP- completness , W.H. Freeman, San Francisco, 1979. MR519066 (80g:68056) [10] J. von zur Gathen, Permanent and determinant, Linear Algebra Appl. 96 (1987), 87-100. MR910987 (89a:15005) [11] P.M.Gibson, Conversion of the Permanent into the Determinant, Proc. Amer. Math. Soc. 27 (1971), 471-476. MR0279110 (43:4836) [12] R.M. Karp, Reducibility among combinatorial problems, // In: Complexity of Computer Computations, Plenum Press, New-York, 1972, 85-104. MR0378476 (51:14644) [13] V. Klee, R. Ladner, R. Manber, Sing-solvabiliy revisited, Linear Algebra Appl. 59 (1984), 132-157. MR743051 (86a:15004) [14] B. Kuzma, A note on immanant preservers, Fundamental and Applied Mathematics, 13, 4, (2007) 113-120, translated in Journal of Mathematical Sciences (New York) (2008). MR2366239 (2008m:15020) [15] C. H. C. Little, A characterization of convertible (0,1)-matrices, J. Combin. Theory, Ser. B 18 (1975), 187 - 208. MR0424583 (54:12542) [16] M. Marcus, H. Minc, On the relation between the determinant and the permanent, Illinois J. Math. 5 (1961), 376-381. MR0147488 (26:5004) [17] W. McCuaig, Pólya’s permanent problem, The Electronic Journal of Combinatorics, 11 (2004), R79. MR2114183 (2005i:05004) [18] R. Meshulam, On two extremal matrix problems, Linear Algebra Appl., 114-115 (1989), 261-271. MR986879 (90g:15004) [19] Th. Mignon, N. Ressayre, A quadratic bound for the determinant and permanent problem, Int. Math. Res. Not. 79 (2004), 4241-4253. MR2126826 (2006b:15015) [20] H. Minc, Permanents, Encyclopedia of Mathematics and its Applications 6 (1978), Addison- Wesley Publishing Company, Inc. MR504978 (80d:15009) [21] G. Pólya, Aufgabe 424, Arch. Math. Phys., 20, 3, (1913), 271. [22] V.N. Sachkov, V.E. Tarakanov, Combinatorics of Non-Negative Matrices,TVP,Moscow, 2000 [in Russian]. MR1812157 (2002a:05001) [23] G. Szegö: Lösungzu 424,Arch.Math.Phys.21 (1913) 291-292. [24] L.G. Valiant, The complexity of computing the permanent, Theoret. Comput. Sci. 8 (1979) 189-201. MR526203 (80f:68054) [25] V. V. Vazirani, M. Yannakakis, Pfaffian orientations, 0-1 permanents, and even cycles in directed graphs, Discrete Applied Mathematics 25 (1989), 179-190. MR1031270 (91e:05080)

Faculty of Algebra, Department of Mathematics and Mechanics, Moscow State University, GSP-1, 119991 Moscow, Russia

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11517

On a series of modules for the symplectic group in characteristic 2

Ilaria Cardinali and Antonio Pasini

Abstract. Let V be a 2n-dimensional vector space deﬁned over an arbitrary ﬁeld F and G the symplectic group Sp(2n, F) stabilizing a non-degenerate alternating form α(., .)ofV .LetGk be the k-grassmannian of PG(V )andΔk the k k-grassmannian of the Cn-building Δ associated to G.PutWk := ∧ V and let ιk : Gk → Wk be the natural embedding of Gk, sending a k-subspace x1, ..., xk of V to the 1-subspace x1 ∧...∧xk of Wk.Letεk :Δk → Vk be the embedding of Δk induced by ιk,whereVk is the subspace of Wk spanned by theιk-images 2n − 2n of the totally α-isotropic k-spaces of V . Recall that dim(Vk)= k k−2 . (k) For i =0, 1, ..., k/2 let Vk−2i be the subspace of Wk spanned by the ιk- images of the k-subspaces X of V such that the codimension of X ∩ X⊥ in X (k) is at least 2i. The group G stabilizes each of the subspaces Vk−2i. Hence it (k) (k) also acts on each of the sections Vk−2i/Vk−2i+2.In[5], exploiting the fact that the embeddings εk−2i are universal when char(F) = 2, Blok and the authors F (k) (k) of this paper have proved that if char( ) =2thenVk−2i/Vk−2i+2 and Vk−2i areisomorphicasG-modules, for every i =1, ..., k/2. In the present paper we shall prove that the same holds true when char(F)=2.

1. Introduction Let V be a 2n-dimensional vector space over a ﬁeld F and, for a given non- ∼ degenerate alternating form α(., .)ofV ,letG = Sp(2n, F) be the symplectic group associated with it. Let Δ be the building associated to the group G. The elements of Δ of type k =1, 2, ..., n are the k-dimensional subspaces of V totally isotropic for the form α. This building has diagram Cn:

123n − 2 n − 1 n • • • ... • • •

For 1 ≤ k ≤ n,letGk be the k-th grassmannian of PG(V ), where the k-subspaces of V are taken as points. The lines of Gk are the sets lX,Y = {Z | X ⊂ Z ⊂ Y, dim(Z)=k} for a (k + 1)-subspace Y of V and a (k − 1)-subspace X of Y .Put k Wk := ∧ V and let ιk : Gk → PG(Wk) be the natural embedding of Gk in PG(Wk), sending a k-subspace v1, ..., vk of V to the 1-dimensional subspace v1 ∧ ... ∧ vk of Wk.LetΔk be the k-grassmannian of Δ, elements of Δ of type k being taken

2010 Mathematics Subject Classiﬁcation. Primary 20G05, 51A45, 51A50, 20E42, 20F40. Key words and phrases. Symplectic grassmannians, Weyl modules.

c 2012 American Mathematical Society 43

44 ILARIA CARDINALI AND ANTONIO PASINI as points of Δk.When1

0 Vk Wk

(k) where Vk−2i is the subspace of Wk spanned by the vectors ιk(X)forak-subspace X of V such that dim(X ∩ X⊥) ≥ k − 2i, X⊥ being the subspace orthogonal to X (k) (k) (k) with respect to α.Inparticular,Vk = Vk and Vk−k/2 = Wk, while Vk+2 =0by convention. Needless to say, k/2 is the integral part of k/2. So, k − 2k/2 =0 when k is even and k − 2k/2 =1whenk is odd. Accordingly, the second last (k) (k) term of the basic series is V3 when k is odd and V2 when k is even. In view of the next theorem, we need to state one more convention. We have deﬁned Vk for k =1, 2, ..., n. According to that deﬁnition, Vk−2i is the linear span k−2i of ιk−2i(Δk−2i)inWk−2i = ∧ V , but this makes sense only if 2i

(k) (k) 2n − 2n Consequently, dim(Vk−2i/Vk−2i+2)= k−2i k−2i−2 . In particular, when k (k) (k) is even and i = k/2thequotientVk−2i/Vk−2i+2 is isomorphic to the trivial module (k) V0,namelyV2 is a hyperplane of Wk. The proof given in [5] for Theorem 1.1 is outlined in the last paragraph of (k) (k) Section 2.1. The isomorphism between Vk−2i/Vk−2i+2 and Vk−2i is not explicitly

ON A SERIES OF MODULES FOR THE SYMPLECTIC GROUP 45 described in that proof. Indeed it is indirectly obtained from the fact that εk−2i is universal when char(F) =2. In this paper we shall prove that the conclusion of Theorem 1.1 also holds when char(F)=2: Theorem . F (k) (k) 1.2 For any field ,theG-modules Vk−2i/Vk−2i+2 and Vk−2i are isomorphic for every i =0, 1, ..., k/2. A number of consequences are obtained from Theorem 1.1 in [5]. The assumption that char(F) = 2 is not exploited in their proofs, except that it is implicit in the use of Theorem 1.1. In view of Theorem 1.2, all those claims hold true when char(F) = 2 too. We only mention one of them here. Corollary 1.3. When k is odd the group G does not stabilize any hyperplane (k) of Wk.Whenk is even, V2 is the unique hyperplane of Wk stabilized by G. As a consequence of this corollary, when k is odd G acts fixed-point-freely on PG(Wk) while when k is even G fixes a unique point P of PG(Wk)(see[5]). That point is called the pole of G in Wk. The statement of Theorem 1.1 is also exploited in [8]. The hypothesis char(F) = 2isassumedin[8] because of that. However, in view of Theorem 1.2 of this paper, all results obtained in [8] hold when char(F) = 2 as well. Explicitly, let R(Vk)be the radical of Vk, namely the largest proper G-submodule of Vk (see [14], also Blok [4]). With this notation, the next corollary extends [8, Theorem 1.4] to the case of char(F)=2.

Corollary 1.4. Let char(F)=2and k = n. Then the G-module Vn admits a unique composition series

0=S0 ⊂ S1 ⊂ ... ⊂ Sm−2 ⊂ Sm−1 = R(Vn) ⊂ Sm = Vn ∼ where m = log2(n +2). Moreover Si/Si−1 = Vn−2t+2/R(Vn−2t+2) for i = 0, 1, ..., m,wheret = m − i +1. Remark. The hypothesis that char(F) = 2 is also used in the proof of [8, Lemma 3.6], independently of the statement of Theorem 1.1. Indeed in that proof it is assumed that |F|≥3. However, it is not difficult to add a paragraph to it so that to cover the case of F = F2 too. Moreover, that Lemma is a part of the main result of [14] which, in view of Adamovich [1] (see also Baranov and Suprunenko [2]) holds when char(F) = 2 as well. The rest of this paper is devoted to the proof of Theorem 1.2. Since we allow char(F) = 2, we cannot ask the universality of εk−2i for help. Thus our proof is rather different from that of [5]. In fact it is almost entirely algebraic. We warn the reader that our proof also exploits Theorem 1.1. Indeed at a certain point we will use the fact that Theorem 1.1 holds for fields of characteristic 0.

2. Proof of Theorem 1.2 (k) ∈ 2.1. Two geometric lemmas. Let Vk−2i be the set of non-zero vectors w ⊥ Wk such that w = ιk(X)forak-subspace X of V with dim(X ∩ X )=k − 2i. (k) ⊆ (k) Clearly, Vk−2i Vk−2i. The following is proved in [5, Lemma 3.1]. The proof given in [5] for this lemma works for any ﬁeld, of any characteristic. Lemma . (k) (k) 2.1 Vk−2i = Vk−2i for every i =0, 1, ..., k/2 .

46 ILARIA CARDINALI AND ANTONIO PASINI

≤ ≤ → (k) (k) For 0 i k/2 we deﬁne a mapping fk−2i :Δk−2i PG(Vk−2i/Vk−2i+2)as ⊥ follows: for every point X of Δk−2i let Y ⊆ X be a non-singular 2i-dimensional subspace meeting X trivially. Then (k) (2.1) fk−2i(X):=ιk(X + Y )+Vk−2i+2. (k) ⊂ (k) Actually Vk−2i+2 Vk−2i, but a proof of this strict inclusion will be available only at the end of this paper. At the present stage we cannot yet exclude the possibility that (k) (k) (k) (k) Vk−2i+2 = Vk−2i. Thus, we need to give the symbol PG(Vk−2i/Vk−2i+2) a meaning (k) (k) (k) (k) { } even if we had Vk−2i+2 = Vk−2i. In that case we put PG(Vk−2i/Vk−2i+2)= 0 . (k) (k) Accordingly, if Vk−2i+2 = Vk−2i then fk−2i sends the whole of Δk−2i to 0.

Lemma 2.2. The mapping fk−2i is well defined. Moreover, one of the following holds: (k) (k) ≤ (1) dim(Vk−2i/Vk−2i+2) 1; (k) (k) (k) (k) (2) dim(Vk−2i/Vk−2i+2) > 1 and fk−2i embeds Δk−2i in PG(Vk−2i/Vk−2i+2). Proof. The proof of this lemma is contained in [5, Section 3]. The fact that fk−2i is well defined is proved in [5, Lemma 3.3]. The following remark is crucial for that proof: if X = v1,...,vk−2i,u1,u2,w1,...,w2i−2 and Y = ∩ ⊥ v1,...,vk−2i,u1,u2,w1,...,w2i−2 are two k-subspaces of V with X X = ⊥ Y ∩ Y = v1,...,vk−2i and X ∩ Y = v1,...,vk−2i,w1,...,w2i−2 of dimension k − 2, then ∧···∧ ∧ ∧ − ∧ ∧ ∧···∧ ∈ (k) (2.2) v1 vk−2i (u1 u2 u1 u2) w1 w2i−2 Vk−2i+2. The rest of Lemma 2.2 is included in [5, Theorem 3.5]. Theorem 3.5 of [5]is just Theorem 1.1 of this paper, but that part of the proof of Theorem 3.5 of [5] where it is shown that either case (1) or case (2) holds, works for any field, of any characteristic. Note that case (1) of Lemma 2.2 actually holds when k is even and i = k/2. (k) (k) Indeed in that case dim(Vk−2i/Vk−2i+2)=1.When2i

ON A SERIES OF MODULES FOR THE SYMPLECTIC GROUP 47 the image ιk(Δk,K)ofthek-grassmannian Δk,K of the building ΔK associated to GK,andsoon. We ﬁrst recall a few well known facts. For more information on Lie algebras or Chevalley groups we refer the reader to Humphreys [11] and Steinberg [15]. Let LC be the Lie algebra of type Cn over C and let AC be its associative envelope. Given a basis {α1, ..., αn} in the root system of type Cn, ordered as follows

• • • ..... • • < • α1 α2 α3 αn−2 αn−1 αn

2 let αn+1,αn+2, ..., αN be the remaining positive roots, N = n .LetX1, ..., XN ,

Y1, ..., YN , H1, ..., Hn be a Chevalley basis of LC,whereXi = Xαi and Yi = X−αi for i =1, 2, ..., N and H1 =[X1,Y1], ..., Hn =[Xn,Yn] generate the Cartan subalgebra HC of LC. The algebra AC, regarded as a C-vector space, admits a basis formed by the following elements, where a1, ..., aN , b1, ..., bn, c1, ..., cN are arbitrary but nonnegative integers (see [11, 26.4]): Y a1 Y aN H H Xc1 XcN (2.3) 1 · ... · N · 1 · ... · n · 1 · ... · N . a1! aN ! b1 bn c1! cN !

We call them monomial elements. The monomial elements with b1 = ... = bn = c1 = ... = cN = 0 will be called negative monomial elements. (Note that according to this convention, the identity element of AC is one of the negative monomial − elements.) We denote by AC the C-span of the set of negative monomial elements. Let λk be the kth fundamental dominant weight. We recall that αi,λk = δi,k (Kronecker symbol) for i =1, 2, ..., n.LetZC(λk) be the standard cyclic LC-module + + of weight λk. Recall that ZC(λk)=AC(v0 ) for a suitable vector v0 of ZC(λk). The + vector v0 is uniquely determined modulo a scalar and it is called the highest weight + + + vector of ZC(λk). We have Xi(v0 )=0fori =1, 2, ..., N and Hi(v0 )=λk(Hi)v0 − + for i =1, 2, ..., n. Hence ZC(λk)=AC (v0 ). − n Let Λk be the set of weights of the following form: μ = λk i=1 kiαi for ⊕ nonnegative integers k1, ..., kn.ThenZC(λk)= μ∈Λk Vμ where Vμ, called the μ- weight-space of ZC(λk), is the μ-eigenspace of HC in ZC(λk), namely H(v)=μ(H)v ∈ ∈ + for every H HC and every vector v Vμ.Inparticular,Vλk = v0 . The module ZC(λk) admits a unique maximal proper submodule, henceforth denoted by JC(λ ). The quotient VC(λ ):=ZC(λ )/JC(λ ) is the Weyl module for k k ∼ k k GC relative to λk. We recall that VC(λk) = Vk,C. The following convention will be useful: given a vector v of ZC(λk)wedenote its image v + JC(λ )inZC(λ )/JC(λ ) by the letter v. Similarly, if V ⊆ JC(λ ), k k ∼k μ k we put Vμ := (Vμ + JC(λk))/JC(λk) = Vμ/(Vμ ∩ JC(λk)). + − + With the above convention, let L := AZ(v0 )=AZ (v0 ), where AZ is the subring − of AC generated by the monomial elements of AC and AZ is the Z-span of the set of negative monomial elements. Then L is a lattice in VC(λk). In fact, it is the minimal admissible lattice of VC(λ ). k ∼ ∼ Clearly, VC(λk)=C ⊗ L, whence Vk,C = C ⊗ L,sinceVC(λk) = Vk,C.(It is understood that tensor products are taken over Z.) These isomorphisms are ∼ isomorphisms of LC-modules as well as GC-modules. Similarly, Vk,F = VF(λk):= F ⊗ L (compare Premet and Suprunenko [14]). Again, this is an isomorphism of LF-modules as well as GF-modules.

48 ILARIA CARDINALI AND ANTONIO PASINI

⊕ ∩ ∩ We also recall that L = μ∈Λk Vμ L and Vμ L is a lattice in Vμ. Given a ∩ ∪ ∅ basis Bμ of the lattice Vμ L,letB := μ∈Λk Bμ, with the convention that Bμ = if Vμ =0.ThenB is a basis of the lattice L.MoreoverBμ is a basis of F ⊗ (Vμ ∩ L) and B is a basis of VF(λk). + ∩ Put ZZ(λk):=AZ(v0 )andJZ(λk)=JC(λk) ZZ(λk).

Lemma 2.3. For any choice of a basis B of L,theZ-module ZZ(λk) has a basis ∨ ∧ B consisting of the union of a basis B for JZ(λk) andasetB bijectively mapped onto B by the canonical projection of ZZ(λk) onto ZZ(λk)/JZ(λk). Proof. → + → + ∈ The map ZC(λk) VC(λk)givenbygv0 gv0 (g AC)isasur- jective AC module-morphism, which restricts to a surjective AZ module-morphism + + ZZ(λ )=AZ(v ) → L = AZ(v ). Clearly the kernel JZ(λ )=JC(λ ) ∩ ZZ(λ )of k 0 0 k ∼ k k this latter map must be an AZ-module as well. Hence ZZ(λk) = JZ(λk) ⊕ VZ(λk) (as Z-modules). Since Z is a Principal Ideal Domain and ZZ(λk) is free, JZ(λk)is free as well (see e.g. [10, Section I, Theorem 5.1]).

∼ Corollary 2.4. VF(λk) = ZF(λk)/JF(λk),whereZF(λk):=F ⊗ ZZ(λk) and JF(λk):=F ⊗ JZ(λk).

Proof. By the proof of Lemma 2.3 we have an exact sequence

0 → JZ(λk) → ZZ(λk) → L → 0 and tensoring with a ﬁeld F over Z yields another exact sequence

0 → F⊗JZ(λk) → F⊗ZZ(λk) → F⊗L → 0.

Since tensoring respects direct sums, ∼ F⊗ZZ(λk)=F⊗(L ⊕ JZ(λk)) = (F⊗L) ⊕ (F⊗JZ(λk)) ∼ ∼ ∼ and so ZF(λk)/JF(λk) = F⊗ZZ(λk)/F⊗JZ(λk) = F⊗L = VF(λk), which can be interpreted as an isomorphism of AF-modules.

We ﬁnish this subsection with a few remarks on LF and GF.LetLZ := AZ ∩LC, but regarded as a non-associative ring (actually a Lie ring), with the associative product of AZ replaced by the bracket [., .]ofLC.ThenLF = F ⊗ LZ.The associative envelope AF of LF coincides with F⊗AZ.Moreover,AF stabilizes JF(λk) + and ZF(λk)=AF(v0 ). Turning to groups, let K stand for C or F.LetAK ≤ End(VK(λk)) be the algebra induced by AK on VK(λk)andGK the Chevalley group of type Cn associated to K the weight λk and deﬁned over . We recall that GK is generated by the following ∞ j j ∈ K elements of AK: xβ(t):= j=0 Xβt /j!wheret and β is a root, either positive or negative. If k is odd then GK = GK =Sp(2n, K) (universal type), otherwise GK = GK/Z(GK) = PSp(2n, K) (adjoint type), as one can see by recalling that ∼ VK(λk) = Vk,K and noticing that if k is odd then GK acts faithfully on Vk,K while if k is even then Z(GK) is the kernel of the action of GK on Vk,K. Note that, however, when char(K) = 2 the center of GK is trivial. Therefore, in this case GK = GK = Sp(2n, K), regardless of the parity of k.

ON A SERIES OF MODULES FOR THE SYMPLECTIC GROUP 49

(k) (k) 2.3. A few lemmas on Vk−2i,F/Vk−2i+2,F. We keep the notation adopted in the previous subsection, thus putting the letter F as an index in our symbols so that to keep a record of the ﬁeld F that we are considering. Accordingly, we write (k) (k) (k) (k) Vk−2i,F/Vk−2i+2,F instead of Vk−2i/Vk−2i+2. On the other hand, we denote the + + highest weight vectors of ZF(λk)andVF(λk)byv0 and v0 respectively, omitting to put F as an index. We choose a basis {e1, ..., en,f1, ..., fn} of VF, hyperbolic with respect to the alternating form α(., .) associated to GF.So,α(ei,ej )=α(fi,fj )=0fori, j = 1, 2, ..., n and α(ei,fj )=δij (Kronecker symbol). We also give a name to the basis of Wk,F made up of vectors {eJ ∧ fJ }J,J ⊆{1,...,n} where |J| + |J | = k and if { } ··· { } J = j1,j2 ...,js with j1

A subspace X of Wk,F is stabilized by GF if and only if it is stabilized by LF (see Premet and Suprunenko [14, Corollary at page 1317], for instance). Hence (k) (k) (k) all GF-modules Vk−2i,F are stabilized by LF as well as AF.So,Vk−2i,F/Vk−2i+2,F is a GF-moduleaswellasanLF-module and an AF-module. By Theorem 1.1 we immediately obtain the following. Proposition . K C ∼ (k) (k) 2.6 Let be a subﬁeld of .ThenVk−2i,K = Vk−2i,K/Vk−2i+2,K (isomorphism of GK-modules as well as LK-andAK-modules). For i =0, 1, ..., k/2,let + ∧ ∧ ∧ (2.4) vi = ei+1 ei+2 ... ek−i be the highest weight vector of VF(λk−2i)=Vk−2i,F.Put + + ∧ (k) (2.5)v ¯i = vi x + Vk−2i+2,F

50 ILARIA CARDINALI AND ANTONIO PASINI for x = x1 ∧ y1 ∧ ... ∧ xi ∧ yi where X := x1,y1, ..., xi,yi is a non-singular 2i- ⊂{ }⊥ + subspace of VF such that X ei+1, ..., ek−i .Notethat¯vi does not depend on thechoiceofX, by Lemma 2.2. Lemma . + (k) (k) 2.7 AF(¯vi )=Vk−2i,F/Vk−2i+2,F. Proof. (k) (k) + The algebra AF acts on the section Vk−2i,F/Vk−2i+2,F andv ¯i is a (k) (k) + (k) (k) vector of Vk−2i,F/Vk−2i+2,F. Hence AF(¯vi ) is a subspace of Vk−2i,F/Vk−2i+2,F.By + (k) (k) way of contradiction, suppose that AF(¯vi ) = Vk−2i,F/Vk−2i+2,F. By Lemma 2.1 ∈ (k) ∈ + there exists a vector u Vk−2i,F such that u AF(¯vi ). By Lemma 2.2 and since (k) GF is transitive on the set of 1-dimensional linear subspaces of Vk−2i spanned by (k) ∈ + vectors of Vk−2i,F, there exists a g GF such that g(¯vi )=u, modulo rescaling u ∈ + + ∈ + if necessary. However this is impossible, since u AF(¯vi ) whilev ¯i AF(¯vi )and + AF(¯vi )isGF-invariant. 2.4. End of the proof of Theorem 1.2. For i =0, ..., k/2 put

wi = ek−i+1 ∧ fk−i+1 ∧ ... ∧ ek ∧ fk. Then the vector + + ∧ (2.6) ui := vi wi + + where vi is deﬁned in Equation (2.4) can be taken as a representative ofv ¯i (see (k) 2n − 2n Equation (2.5)) in Vk−2i,F.PutNi := k−2i k−2i−2 and let gi,1 =1,gi,2, ..., gi,Ni { + }Ni be elements of AZ such that Bi := gi,j (vi ) j=1 is a basis of the lattice Li := + AZ(vi ). We will now select the elements gi,j ∈ AZ so that to obtain a particular basis of Li. By Lemma 2.5, it is always possible to choose the basis Bi of the lattice Li ∧ in such a way that Bi contains all pure vectors of the form eJ1 fJ2 := eJ1 fJ2 for J1,J2 ⊂{1, 2,...,n} with J1 ∩ J2 = ∅, |J1| + |J2| = k − 2i. These vectors, taken modulo ±1, form an orbit under the action of the Weyl group W (GF)ofGF in VF(λk−2i). Moreover, we can realize W (GF) as a group of monomial matrices with entries equal to 1 or −1. HencewemayassumethatW (GF) ⊂ AZ. So, for every pure ∈ + vector eJ1 fJ2 we can choose an element ωJ1,J2 W (GF) such that ωJ1,J2 (vi )= + − eJ1 fJ2 or ωJ1,J2 (vi )= eJ1 fJ2 . (Note that, in general, for a given eJ1 fJ2 there are + + several elements of W (GF) mapping vi onto eJ1 fJ2 .)IfωJ1,J2 (vi )=eJ1 fJ2 put − gi,J1,J2 = ωJ1,J2 ,otherwisegi,J1,J2 = ωJ1,J2 . Let Ωi be the set of the elements gi,J1,J2 of AZ chosen in this way. We deﬁne the basis Bi of the lattice Li as follows:

+ + si (2.7) Bi = {g(v )}g∈Ω ∪{gi,j (v )} ,si + ti = Ni. i i i j=1 − k−2i n where si = Ni ti and ti =2 k−2i is the number of pure vectors of Vk−2i,F. We recall that Li is a lattice of the C-vector space VC(λk−2i) but we may also regard it as a free commutative group, to be mapped onto a subgroup of the commutative group of VF(λk−2i) for various choices of the ﬁeld F. With Li placed + + ∧ ∈ in this more abstract perspective, we put bi,g := g(ui )=g(vi ) g(wi)forg Ωi + + and bi,j := gi,j (ui )forj =1,...,si where ui is deﬁned as in (2.6). Put

(k) { } ∪{ }si Bi := bi,g g∈Ωi bi,j j=1.

ON A SERIES OF MODULES FOR THE SYMPLECTIC GROUP 51

(k) (k) (k) ∪i (k) We call Bi the realization of Bi in Vk−2i,F. We also put Bi := r=0Br and (k) (k) (k) (k) (k) ∼ B := Bk/2. Clearly, B0 = B0 is a basis of Vk,F = Vk,F = VF(λk). LetusdenotebyWk,Z := BstZ the Z-module spanned by the standard basis (k) (k) Z (k) (k) Bst of Wk,F,byLi := Bi Z the -module spanned by Bi and by L := (k) (k) B Z the Z-module spanned by B . Lemma . + ⊆ 2.8 AZ(ui ) Wk,Z. Proof. + ⊆ The inclusion AZ(ui ) Wk,Z is proved by applying the basis elements + + (2.3) of AZ to ui . Because of the particular choice (2.6) of ui what we get is an integral combination of vectors of Bst, hence the inclusion follows. (k) (k) ∩ ∈ ∩ (k) Put Vk−2i,Z := Vk−2i,F Wk,Z. Every b Bst Vk−2i,Z has the following form ∧ ∧ ∧ ∧···∧ ∧ (2.8) b := eJ1 fJ2 er1 fr1 eri fri ⊆{ } ∩ ∅ | | | | − { }⊆ with J1,J2 1, 2,...,n , J1 J2 = , J1 + J2 =k 2i and er1 ,fr1 ,...,eri ,fri ⊥ (k) { } ∈ ∪{ } ∈ ∈ ∩ ˆ ( ej j J1 fj j J2 ) . For any such b Bst Vk−2i,Z we will denote by b the ∧ ∧ (k) element eJ1 fJ2 g(wi)ofBi where g is the unique element of Ωi such that + ∧ g(vi )=eJ1 fJ2 . Lemma . ∩ (k) ⊆ (k) (k) 2.9 Bst Vk−2i,Z Li + Vk−2i+2,Z. ∈ ˆ (k) ∈ ∩ (k) More precisely, b b + Vk−2i+2,Z for any b Bst Vk−2i,Z. Proof. ∩ (k) Take an arbitrary element b of Bst Vk−2i,Z.By(2.8), ∧ ∧ ∧ ∧···∧ ∧ b = eJ1 fJ2 er1 fr1 eri fri ⊆{ } ∩ ∅ | | | | − { }⊆ with J1,J2 1, 2,...,n , J1 J2 = , J1 + J2 =k 2i and er1 ,fr1 ,...,eri ,fri { } ∪{ } ⊥ ( ej j∈J1 fj j∈J2 ) . ˆ ∧ ∧ ∧ ∧···∧ ∧ With b = eJ1 fJ2 g(wi)letg(wi)=es1 fs1 esi fsi .Then ∧ ∧ ∧ ∧···∧ ∧ eJ1 fJ2 er1 fr1 eri fri = ∧ ∧ ∧ ∧···∧ ∧ − ˆ ˆ = eJ1 fJ2 er1 fr1 eri fri b + b = i ∧ ∧ ∧ ∧ − ∧ ∧ ˆ eJ1 fJ2 xt (ert frt est fst ) yt + b t=1 ∧ ∧···∧ ∧ ∧ ∧···∧ ∧ where xt = es1 fs1 est−1 fst−1 and yt = ert+1 frt+1 eri fri . ∧ ∧ ∧ ∧ − ∧ ∧ (k) The vectors eJ1 fJ2 xt (ert frt est fst ) yt belong to Vk−2i+2,Z − ˆ ∈ (k) (see (2.2)). Hence b b Vk−2i+2,Z In the next two final lemmas we will slightly change the notation in order to K (k) emphasize the underlying field. If is an arbitrary field, we will write Br,K to refer (k) (k) to Br interpreted as a basis of Vr,K . Lemma . (k) (k) 2.10 Vk−2i,F/Vk−2i+2,F is a homomorphic image of VF(λk−2i).

Proof. Let Bi be a basis of ZZ(λk−2i). By Lemma 2.3, we can choose the basis Bi such that ∨ ∪ ∧ Bi = Bi Bi

52 ILARIA CARDINALI AND ANTONIO PASINI

∨ ⊂ ∧ ∩ ∅ where Bi JZ(λk−2i)andBi JZ(λk−2i)= . Moreover, we may assume to have ∧ ∧ + chosen Bi in such a way that Bi maps bijectively onto the basis Bi of Li = AZ(vi ) + deﬁned in (2.7) where vi is the highest weight vector of VF(λk−2i). ∨ + ∈ + The elements of Bi are images of vi by suitable elements g AZ.Ifg(vi )is + (k) one of them, we can realize it as an element g(ui )ofVk−2i,F. + Let Ai,F := {g(u )} + ∈ ∨ .ThenAi,F is the realization of JF(λk−2i)=F⊗ i g(vi ) Bi (k) ⊆ (k) (k) (k) JZ(λk−2i)inVk−2i,F.LetAi,F Vk−2i+2,F. By Corollary 2.4, Vk−2i,F/Vk−2i+2,F is a homomorphic image of VF(λk−2i). More explicitly, the homomorphism of VF(λk−2i) (k) (k) + + (k) ∈ onto Vk−2i,F/Vk−2i+2,F maps g(vi )ontog(ui )+Vk−2i,F, for g AZ. In this case we are done. ⊆ (k) + ∈ By way of contradiction, suppose that Ai,F Vk−2i+2,F and let g(ui,F) \ (k) ∈ + + Ai,F Vk−2i+2,F,forsomeg AZ, where we write ui,F instead of ui in order + ∈ + ∈ (k) to recall that ui,F Wk,F.Puta := g(ui,F) Vk−2i,F. Turning to the ﬁeld of ratio- Q + ∈ (k) nals , put b := g(ui,Q) Vk−2i,Q. ∈ + ∈ ∈ Since b AZ(ui,Q) because g AZ, by Lemma 2.8 it follows that b Wk,Z. Hence there exist integers c1,c2,...,cm ∈ Z and vectors b1, ..., bm of the standard basis Bst of Wk,Q such that

(2.9) b = c1b1 + c2b2 + ... + cmbm. { ∈ (k) } Put r := min j : bs Vk−2j,Q 1≤s≤m. ≥ ∈ ∩ (k) ∩ (k) If r i then b1,...,bm Bst Vk−2r,Q = Bst Vk−2r,Z. We may assume ∈ (k) \ (k) to have ordered b1,...,bm in such a way that b1,...,bt Vk−2r,Z Vk−2r+2,Z and ∈ (k) (k) bt+1,...,bm Vk−2r+2,Z. Evaluate now (2.9) modulo Vk−2r+2,Z. By Lemma 2.9, we have ˆ ˆ ˆ (2.10) b = c1b1 + c2b2 + ... + ctbt ˆ ˆ ˆ ∈ (k) where b1, b2,...,bt Br,Q. ∈ (k) ∈ + However, b Vk−2i+2,Q by Proposition ??.Moreover,b AZ(ui,Q) hence ∈ (k) b Vk−2i+2,Z. Equation (2.10) then becomes

ˆ ˆ ˆ (k) (2.11) 0 = c1b1 + c2b2 + ... + ctbt (mod Vk−2r+2,Z) ∈ Z ˆ ˆ ˆ ∈ (k) with c1,c2,...,ct and b1, b2,...,bt Br,Q. (k) (k) ∼ ˆ ˆ ˆ By Proposition ??, Vk−2r,Q/Vk−2r+2,Q = Vk−2r,Q. Consequently, b1, b2,...,bt are linearly independent. Hence c1 = ···= ct = 0, by (2.11). This contradicts the choice of r. Therefore, r

(2.12) a = c1a1 + c2a2 + ... + cmam.

ON A SERIES OF MODULES FOR THE SYMPLECTIC GROUP 53 (k) m ∈ (k) So, the elements a1, ..., am belong to Vk−2i+2,F whence a = j=1 cj aj Vk−2i+2,F, ∈ (k) contrary to the assumption that a Vk−2i+2,F. Lemma . (k) (k) 2.11 For every i =0, 1, ..., k/2 the set Bi,F is a basis of Vk−2i,F and (k) (k) (k) (k) the projection of B F into Wk,F/V − F is a basis of V − F/V − F. Moreover i, k 2i+2, k 2i, k 2i+2, 2n 2n dim(V (k) /V (k) )= − =: N , k−2i,F k−2i+2,F k − 2i k − 2i − 2 i i 2n 2n dim(V (k) )= N = − . k−2i,F i k k − 2i − 2 r=0 (k) In particular, BF is a basis of Wk,F. Proof. (k) (k) By Lemma 2.10 and Lemma 2.7, the section Vk−2i+2r,F/Vk−2i+2r+2,F (k) (k) is generated by the projection of Bi−r,F into Wk/Vk−2i+2r+2,F,forr =0, 1, ..., i. (k) (k) (k) Hence Bi,F spans Vk−2i,F.Inparticular,BF spans Wk,F. Therefore k/2 k/2 ≤| (k)|≤ | (k)|≤ dim(Wk,F) BF Bi,F Ni = i=0 i=0 k/2 2n 2n 2n = − = = dim(W F). k − 2i k − 2i − 2 k k, i=0 | (k)| Consequently, Bi,F = Ni for every i (namely, the natural mapping from Bi to (k) (k) (k) F Bi,F is injective), the sets Bi,F are pairwise disjoint and BF is -independent. All claims of the lemma follow. Theorem 1.2 follows from Lemma 2.10 and Lemma 2.11.

Acknowledgments The authors wish to thank an anonymous referee for some very valuable comments on an earlier version of this manuscript.

References 1. A. M. Adamovich. The submodule lattice of Weyl modules for symplectic groups with fundamental highest weights. Mosc. Univ. Math. Bull. 41 (1986), 6–9. MR839407 (87f:20056) 2. A. A. Baranov and I. D. Suprunenko. Branching rules for modular fundamental representations of symplectic groups, Bull. L. M. S. 32 (2000), 409–420. MR1760805 (2001c:20099) 3. R. J. Blok. The generating rank of the symplectic Grassmannians: hyperbolic and isotropic geometry. European J. Combin. 28 (2007), no. 5, 1368–1394. MR2320068 (2008f:51003) 4. R. J. Blok. Highest weight modules and polarized embeddings of shadow spaces. J. Alg. Combin. 34, 1, (2011), 67–113. MR2805201 (2012e:20100) 5. R. J. Blok, I. Cardinali, A. Pasini. On natural representations of the symplectic group. Bullettin of the Belgian Mathematical Society 18 (2011), 1–29. MR2808857 (2012d:20093) 6. N. Bourbaki, El´´ ements de mathématique. (French) Fasc. XXXVIII: Groupes at algèbres de Lie. Chapitre VII: Sous-algèbres de Cartan, éléments réguleiers. Chapitre VIII: Algèbres de Lie semi-simples déployeées. Actualités Scientifiques at Industrielles, vol. 1364. Hermann, Paris 1975. MR0453824 (56:12077) 7. W. Burau. Mehrdimensionale projecktive und Höehere Geometrie, Berlin, 1961. MR0142037 (25:5431)

54 ILARIA CARDINALI AND ANTONIO PASINI

8. I. Cardinali and A. Pasini. On Weyl modules for the symplectic group, Innov. Incidence Geometry 12 (2011), 85–110.. 9. B. N. Cooperstein. On the generation of dual polar spaces of symplectic type over ﬁnite ﬁelds. J. Combin. Theory Ser. A 83 (1998), 221–232. MR1636980 (2000d:51005) 10. Hilton and Stammbach A course in homological algebra. Springer-Verlag, New York, 1997. MR1438546 (97k:18001) 11. J. E. Humphreys. Introduction to Lie Algebras and Representation Theory. Springer-Verlag, New York, 1972. MR0323842 (48:2197) 12. A. Kasikova and E. E. Shult. Absolute embeddings of point-line geometries. J. Algebra 238 (2001), 265–291. MR1822192 (2003a:51014) 13. P. Li. On the universal embedding of the Sp2n(2) dual polar spaces. J. Comb. Th. Ser. A 94 (2001), 100–117. MR1816249 (2002a:51018) 14. A. A. Premet and I. D. Suprunenko. The Weyl modules and the irreducible representations of the symplectic group with the fundamental highest weights. Comm. Algebra 11 (1983), 1309–1342. MR697618 (85k:20131) 15. R. Steinberg. Lectures on Chevalley Groups. Yale Lecture Notes. Yale University, 1967. MR0466335 (57:6215)

Department of Information Engineering, University of Siena, Via Roma 56, 53100 Siena, Italy E-mail address: [email protected] Department of Mathematics, University of Siena, Pian dei Mantellini 44, 53100 Siena, Italy E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11518

Exact divisibility of exponential sums and some consequences

Francis N. Castro, Ra´ul Figueroa, and Luis A. Medina

Abstract. In this paper we compute the exact divisibility of some exponential sums of polynomials over the prime field Fp. Our results imply that these families of polynomials are not permutation polynomials of Fp. Also, we apply our results to the polynomial Waring problem in finite fields.

1. Introduction Exponential sums have been applied in many areas of mathematics. Divisibility of exponential sums is an area of the theory of exponential sums that has received considerable attention. Many authors have studied the p-adic divisibility of the roots of the L-function associated to the exponential sum. This information is encoded in the Newton polygon of the L-function [24, 27, 30, 31]. As the value of an exponential sum is equal to the sum of the roots of the associated L-function, any estimate on them implies an estimate for the divisibility of the exponential sum. Sometimes some of the roots of the L-function associated to the exponential sum have the same p-divisibility and when added together, the p-divisibility of the exponential sum increases. In this paper we are interested in the divisibility of the exponential sums associated to polynomials over a finite field of odd characteristic. In general, there are very good estimates for the divisibility of exponential sums, for example see [1, 2, 7, 17, 18, 25]. In this paper, we address the question of computing the exact divisibility of exponential sums associated to polynomials over the prime field Fp. This is a difficult question, but in some cases it can be computed. Every time we compute the exact divisibility of a family of exponential sums we can conclude two things. First, that each value of the exponential sum is not equal to zero and second, that the polynomial associated to the exponential sum is not a permutation of the finite field. In this paper we compute exact divisibility of families of exponential sums associated to the following polynomials: ∗ d1 d2 ∈ F (1) F (X)=aX + bX ,wherea, b p (2) the polynomials containing monomials of type Xd1 and Xd2 satisfying d1 + d2 = p − 1, under some natural conditions.

2010 Mathematics Subject Classiﬁcation. Primary 11L07; Secondary 11P05. Key words and phrases. p-divisibility of exponential sums, Waring Problem, Permutation Polynomials.

c 2012 American Mathematical Society 55

56 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

The Waring problem in Fp is to find the minimum number of variables such d ··· d Fn ∈ F that the equation X1 + + Xn = a has at least one solution in p for any a p. This minimum number is called the Waring number associated to d. Many authors have considered the Waring problem and its generalizations over finite fields. There are many bounds for Waring numbers and some can be found in [4, 11, 29]. Many of these bounds are consequences of good estimates of the absolute value of Gauss sums [10, 12] or methods of arithmetic combinatorics [4, 21]. In the literature of the Waring problem over finite fields, the following generalization has been considered: Given a polynomial F (X)overFp,estimatethe minimum number of variables such that

(1) F (X1)+···+ F (Xn)=a hasatleastonesolutionoverFp for any a ∈ Fp. We denote this number by γ(F, p). The above problem can be related to the following problem: Given polynomials F1(X1),...,Fn(Xn)overFp, ﬁnd conditions such that every a ∈ Fp can be written as

(2) a = F1(x1)+···+ Fn(xn), where x1,...,xn ∈ Fp. In [5], Carlitz et. al. proved that given F1(X1),...,Fn(Xn) polynomials over Fp of degree d1,...,dn, every element a ∈ Fp canbewrittenas a = F1(x1)+···+ Fn(xn), provided that ! n p − 1 + t>p, d i=1 i where t is the number of Fi’s which are neither of degree p − 1 nor of the form 1 (p−1) α(Xi −β) 2 +λ.In[3], Cochrane et. al. used exponential sums to estimate the Waring number of (2). They proved nontrivial upper bounds on exponential sums e2πıjFi(x)/p provided that F is sparse enough. Note that these results are for x∈Fp i polynomials over Fp. Recently in [9, 21, 22], Gomez-Winterhof, Ostafe-Shparlinski, and Ostafe et. al. considered the Waring problem when F = F1 = ···= Fn and F is a Dickson polynomial over ﬁnite ﬁelds. Finally, in this paper we apply our results about divisibility of exponential sums to obtain estimates for the generalization of the Waring problem given in (1).

2. Preliminaries N ··· e1i ··· eni Let F (X1, ,Xn)= i=1 aiX1 Xn be a polynomial in the variables X1, ··· ,Xn over Fp. In this paper we consider p to be odd. Let Qp be the p-adic field with ring of integers Zp, and let K be the extension Q − Q over p obtained by adjoining a primitive (p 1)th root of unity in p, the algebraic closure of Qp. The residue class field is isomorphic to Fp.LetT denote the Teichmüller representatives of Fp in K.Denotebyξ aprimitivepth root of unity Q − l in p.Letθ =1 ξ and define ordθ as ordθ(S)=l if S = θ α with α not divisible − ordθ(S) by θ.Notethatordθ(p)=p 1andordp(S)= p−1 . This follows from the fact that p−1 tp−1 + ···+1= (t − ξj) j=1

EXACT DIVISIBILITY OF EXPONENTIAL SUMS AND SOME CONSEQUENCES 57 and by letting t =1weobtain p−1 p = (1 − ξj)=θp−1u j=1 with u not divisible by θ.See[28] for details. Usually the p-adic absolute value of − S is deﬁned by |S| = p ordp(S) [8]. Let ψ : Fp → Q(ξ) be a nontrivial additive character. The exponential sum associated to F is deﬁned as follows: S(F )= ψ(F (x1,...,xn)).

x1,...,xn∈Fp Note that if we are able to compute the exact p-divisibility of the exponential sum S(F ), then we know that S(F ) will not be divisible by some arbitrary large power of p and therefore S(F ) = 0. The next theorem [18] gives a bound for the valuation of an exponential sum with respect to θ. N Theorem . e1i ··· eni 2.1 Let F (X1,...,Xn)= i=1 aiX1 Xn ,ai =0.IfS(F ) is the exponential sum (3) S(F )= ψ(F (x1, ··· ,xn)),

x1,··· ,xn∈Fp then ordθ(S(F )) ≥ L,where " N L =min ji +(p − 1)s | 0 ≤ ji

N (6) = ji +(p − 1)s, i=1 where s is the number of expressions in (4) that are equal to zero for the vector (j1, ··· ,jN ).

58 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

Sometimes one does not have equality on the valuation of S(F ) because it could happen that there is more than one solution (j1,...,jN ) that gives the minimum N value for i=1 ji and, for example, when the associated terms are similar some could cancel and produce higher powers of θ dividing the exponential sum. However, there are situations in which one is able to compute the exact divisibility. The situation that we consider in this paper is when there is a unique solution (j1,...,jN )in(4). In this case the exact divisibility of S(F ) is obtained. This was used in [6, 23]to obtain that ordθ(S(F )) = L for inﬁnite families of polynomials. From now on we call any solution (j1, ··· ,jN ) of (4) that has ordθ(T )=L of minimum value a minimal solution. In the cases considered in this paper we have s = 0. We use the following lemma and Stickelberger’s Theorem to compute exact divisibility. Lemma . p−1 j ∈ 2.2 ([18]) There is a unique polynomial C(X)= j=0 c(j)X K(ξ)[X] of degree p − 1 such that

trK Q (t) C(t)=ξ / p , for all t ∈T.

Moreover, the coeﬃcients of C(X) satisfy

c(0) = 1 (p − 1)c(p − 1) = −p (p − 1)c(j)=g(j) for 0

Theorem 2.3 (Stickelberger [19]). For 0

Lemma 2.4. Suppose that e1,e2, ··· ,en are non-negative integers such that r of them are non-zero and let e =(e1, ··· ,en).Then, ' − (p − 1)rpn r if all e are divisible by p − 1 (9) te = i 0 otherwise. t∈T n Next we state a theorem about permutation polynomials. This theorem is going to be used in the next section. Theorem . F F 2.5 ([14]) A polynomial F (X) over p in one variable over p is a permutation polynomial of F if and only if S(F )= ψ(F (x)) = 0 for all p x∈Fp nontrivial additive characters of Fp. Theorem 2.5 implies that if S(F ) = 0 for some nontrivial additive character, then F is not a permutation polynomial of Fp.

EXACT DIVISIBILITY OF EXPONENTIAL SUMS AND SOME CONSEQUENCES 59

3. Exact Divisibility of Exponential Sums in One Variable over Fp In this section we compute the p-divisibility of some exponential sums in one variable over Fp. We apply our results about exact divisibility of exponential sums to solutions of equations. Let F (X)beapolynomialoverFp,wherep is an odd d1 d2 dr prime. If F (X)=a1X + a2X + ···+ arX , we need to compute

L =min{j1 + j2 + ···+ jr} for any 0 ≤ j1,j2,...,jr ≤ p − 1 with at least one ji = 0 satisfying

(10) d1j1 + d2j2 + ···+ drjr ≡ 0modp − 1 and prove that this minimum is unique to conclude ordθ(S(F )) = L.Inparticular, d1 dr d d2 dr this implies that S(a1X +···+arX ) =0and F (X)=a1X +a2X +···+arX is not a permutation polynomial of Fp. We assume through the paper that p − 1 > d1 >d2 > ··· >dr ≥ 1anda1 =0.Itisknownthatif d1 divides p − 1, then p − 1 ordθ(S(F )) = . d1 We start our study with exponential sums associated to F (X)=aXd+1 +bXd, where ab =0. Theorem 3.1. Let d be a positive integer greater than 1. Let k ≥ 1 be the smallest integer such that either k(p − 1)/(d +1)∈ Z or k(p − 1)/d ∈ Z or [k(p − 1)/(d +1)]=[ k(p − 1)/d].Then (1) k(p − 1) ord (S(aXd+1 + bXd)) = , θ d +1 when k(p − 1)/(d +1) and k(p − 1)/d are not integers. d+1 d (2) ordθ(S(aX + bX )) is equal to k(p − 1)/(d +1) or k(p − 1)/d when only one of these is an integer. d+1 d (3) ordθ(S(aX + bX )) is the minimum between k(p − 1)/(d +1) and k(p − 1)/d when both are integers.

Proof. Let j1,j2 be integers, 0 ≤ j1,j2 ≤ p − 2, such that

j1(d +1)+j2d = c(p − 1) for some integer c ≥ 0. We rewrite this equation as Sd + j1 = c(p − 1), where S = j1 + j2.Letm>0 denote the smallest sum j1 + j2. Notice that if j1,j2 is another solution of the modular equation associated to aXd+1 + bXd and S = − − − j1 + j2 = j1 + j2,thenj1 j1 =(c c )(p 1) so j1 = j1 and j2 = j2.Thus,there exists a unique pair j1,j2 such that m = j1 + j2. Assume ﬁrst that j1 =0 = j2. From Sd < Sd + j2 = c(p − 1) 0) and [c(p − 1)/(d +1)]=[c(p − 1)/d]for0≤ c

60 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

52 51 • If d =51andp = 757, we have ordθ(S(aX + bX )) = 44 since k =3. 32 31 • If d =31andp = 61, we have ordθ(S(aX + bX )) = 15. Note that c(p − 1)/32 and c(p − 1)/31 are not integers for 1 ≤ c ≤ 7. In this case [c(p − 1)/32] = [c(p − 1)/31] for 1 ≤ c ≤ 8, but 8(p − 1)/32 = 15 is an integer. The exact 61-divisibility of the number of solutions of F (X1)+ m−1 32 31 ···+ F (X4m)=a is 61 ,fora ∈ F61,whereF (X)=aX + bX . Corollary 3.3. With the notation of Theorem 3.1, we have S(aXd+1 + bXd) =0 .

Consider polynomials of degree p − 2overFp.In[13], Konyagin conﬁrmed the common belief that almost all permutation polynomials have degree q − 2. The following theorem provides families of polynomials that cannot be permutation polynomials of Fp.

Theorem 3.4. Let p−2=d1 >d2 > ···>dr =2be positive integers satisfying p−1 d2 < 3 .Then

p−2 d2 2 ordθ(S(a1X + a2X + ···+ arX )) = 3, where a1ar =0 .InparticularS(F ) =0 and F is not a permutation polynomial of Fp.

Proof. Note that we do not have a minimal solution of (p − 2)j1 + ···+2jr ≡ 0modp−1withvalue≤ 2. We are going to prove that the unique minimal solution of (p − 2)j1 + ···+2jr ≡ 0modp − 1isj1 =2,jr =1andj2 = ··· = jr−1 =0. − − ≡ − Note that di1 + di2 + di3

1, p 2+2di1 0modp 1and − ≡ − 2(p 2) + di1 0modp 1 except when di1 = 2. This completes the proof.

Now we apply Theorem 3.4 to the Waring problem over Fp.

Corollary 3.5. Let p − 2=d1 >d2 > ··· > ··· >dr−1 >dr =2be − p 1 d1 d2 ··· dr positive integers satisfying d2 < 3 and F (X)=a1X + a2X + + arX . ··· ∈ F ≥ p−1 Then F (X1)+ + F (Xs)=a is solvable for any a p whenever s 3 and p ≡ 1mod3. Proof. ··· Let N be the number of solutions of the equation F (X1)+ + F (X )=a over F . Using the identity N = 1 ψ(y(F (x )+···+ s p p x1,...,xs,y∈Fp 1 F (xs) − a)), we obtain the following system of modular equations:

(p − 2)j11 + d2j21 + ···+ dr−1jr−11 +2jr1 ≡ 0modp − 1 . .

(p − 2)j1s + d2j2s + ···+ dr−1jr−1s +2jrs ≡ 0modp − 1

j11 + ···+ jrs + j ≡ 0modp − 1

The ﬁrst s-modular equations have an unique minimal solution: j11 = ···= j1s = ··· p−1 2,jr1 = = jrs = 1, the other ji’s equal to zero. Taking s = 3 ,weobtaina minimal solution of the modular system. Therefore p does not divide the number of solutions of F (X1)+···+ F (Xs)=a. Hence, F (X1)+···+ F (Xs)=a is solvable over Fp.

EXACT DIVISIBILITY OF EXPONENTIAL SUMS AND SOME CONSEQUENCES 61

− Remark 1. The bound γ(F, p) ≤ p 1 can be obtained using the (p−1)/(d2+1)−1 Cauchy-Davenport Theorem(|A + B|≥min{|A| + |B|−1,p})sincexp−2 = x−1 for x = 0 and each value of F (x) with x = 0 can be attained at most d2 +1 times − such that the value set contains at least p 1 elements. This is better than the d2+1 p−1 p−1 p−1 bound 3 given by Corollary 3.5 for d2 +1 < 4 and nontrivial for d2 +1 < 2 . Moreover, for small d2 the standard exponential sum method using Moreno-Moreno [16] for exponential sums of rational functions gives much stronger bound.

The following theorem gives a condition for a polynomial not to be a permutation polynomial of Fp, where the exponents of the polynomial satisfy some conditions.

Theorem 3.6. Let p − 2 ≥ d1 >d2 > ··· >dr−1 >dr ≥ 1.Ifatleastoneof ··· − the following conditions happen di1 + di2 = di3 + di4 = = dil−1 + dil = p 1 for p−1 some l or dm = 2 ,then ⎧ ··· ⎨ =2 2(ai1 ai2 + + ai − ai )+ − l 1 l p 2 d2 ··· dr−1 dr 2 ≡ ordθ S(a1X +a2X + +ar−1X +arX ) ⎩ am 0modp > 2.

p−2 d1 dr−1 In particular, S(F ) =0 and F (X)=a1X +a2X +···+ar−1X +arX is not F ··· 2 ≡ a permutation polynomial of p whenever 2(ai1 ai2 + + ail−1 ail )+am 0modp. Proof. The hypothesis in Theorem 3.6 implies that the minimal solutions of the modular equation d1j1 + d2j2 + ···+ drjr ≡ 0modp − 1 are of the following two types:

I. jik = jik+1 = 1 and the rest of the ji’s equal to zero II. jm = 2 and the rest of the ji’s equal to zero.

The minimal solution jik = jik+1 = 1 and the rest of the ji’s equal to zero corre- − sponds to dik ,dik+1 satisfying dik + dik+1 = p 1. The minimal solution jm =2 p−1 and the rest of the ji’s equal to zero corresponds to dm = 2 . The contribution S(F ) of a minimal solution of type I to the divisibility of θ2 is (p − 1)a a c(1)2 (p − 1)a a g(1)2 ik ik+1 ≡ ik ik+1 mod θ θ2 (p − 1)2θ2 a a g(1) 2 a a ≡ ik ik+1 ≡ ik ik+1 mod θ. (p − 1) θ (p − 1)

S(F ) The contribution of a minimal solution of type II to the divisibility of θ2 is (p − 1)a2 c(2) (p − 1)a2 g(2) m ≡ m mod θ θ2 (p − 1)θ2 a2 g(2) · 2! a2 ≡ m ≡− m mod θ. 2 θ2 2

S(F ) The total contribution of all the minimal solutions to θ2 is 1 a2 (a a + ···+ a a ) − m . p − 1 i1 i2 il−1 il 2

62 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

a2 1 ··· − m 1 Note that p−1 (ai1 ai2 + + ail−1 ail ) 2 is a p-adic integer, hence if p−1 (ai1 ai2 + a2 a2 ··· − m ≡ 1 ··· − m ≡ + ail−1 ail ) 2 0modθ,then p−1 (ai1 ai2 + + ail−1 ail ) 2 0modp. Our result follows from this. Now we state several corollaries. Corollary . − ≥ ··· ≥ p−1 3.7 Let p 2 d1 >d2 > >dr−1 >dr 1,anddi = 2 for any i.Then

d1 d2 dr−1 dr ordθ(S(a1X + a2X + ···+ ar−1X + arX )) = 2, whenever l =2.Inparticular,S(F ) =0 and F (X) is not a permutation polynomial of Fp. Proof. − Suppose (di1 ,di2 ) is the only order pair such that di1 + di2 = p 1. ≡ In this case we have ai1 ai2 0modp.

In the next corollary we apply Theorem 3.6 to the Waring problem over Fp. Corollary . − ≥ ··· ≥ p−1 3.8 Let p 2 d1 >d2 > >dr−1 >dr 1,anddi = 2 p−2 dr for any i and F (X)=a1X + ···+ arX .ThenF (X1)+···+ F (Xs)=a is ∈ F ≥ p−1 solvable for any a p whenever s 2 ,andl =2.

Proof. Let N be number the solutions of the equation F (X1)+···+F (Xs)=a over Fp. Then the following system of modular equations is associated to N:

d1j11 + d2j21 + ···+ dr−1jr−11 + drjr1 ≡ 0modp − 1 . .

d1j1s + d2j2s + ···+ dr−1jr−1s + drjrs ≡ 0modp − 1.

j11 + ···+ jrs + j ≡ 0modp − 1 This system has a unique minimal solution since l = 2. Therefore p does not divide the number of solutions of F (X1)+···+ F (Xs)=a. Remark 2. Theorem 3.6 implies that p does not divide the number of solutions of the following system of polynomial equations: d ··· d a1X1 + + ap−1Xp−1 = a p−1−d ··· p−1−d b1X1 + + bp−1Xp−1 = b. ∈ F 2 Hence this system is solvable for any (a, b) p . Corollary . − ··· p−1 ··· 3.9 Let p 2=d1 >d2 > >dm = 2 > >dr−1 >dr =1, d + d = p − 1 for i = j and 1 2 otherwise.

p−1 p−2 d1 where a1amar =0 .Inparticular,F (X)=a1X + a1X + ···+ amX 2 + ···+ dr−1 F 2 ≡ ar−1X + arX is not a permutation polynomial of p whenever 2a1ar + al 0modp.

a2 Proof. a1ar − m ≡ In this case we have (p−1) 2 0modp. Our result follows from this.

EXACT DIVISIBILITY OF EXPONENTIAL SUMS AND SOME CONSEQUENCES 63

Corollary . − ··· p−1 ··· ≥ 3.10 Let p 1 >d1 >d2 > dm = 2 > >dr−1 >dr 1, and d + d = p − 1 for any i, j with i = j.Then i j d1 d2 dr ordθ S(a1X + a2X + ···+ arX ) =2, whenever am =0 .Inparticular,S(F ) =0 and F (X) is not a permutation polynomial of Fp. Proof. The proof is similar to the proof of Corollary 3.9.

As in Corollary 3.8, we apply Theorem 3.6 to the Waring problem over Fp. Corollary . − ··· p−1 ··· ≥ 3.11 Let p 1 >d1 >d2 > > 2 = dm > >dr−1 >dr d1 d2 1,anddi + dj = p − 1 for any i, j with i = j and F (X)=a1X + a2X + ···+ p−1 dr amX 2 + ···+ arX .ThenF (X1)+···+ F (Xs)=a is solvable for any a ∈ Fp ≥ p−1 whenever s 2 and am =0. p−2 d Example 3.12. Let F (X)=X + X + X be a polynomial over Fp. • γ(F, 11) = 2 for 2 ≤ d ≤ 8, d =5and γ(F, 11) = 3 for d =5. • γ(F, 13) = 2 for 2 ≤ d ≤ 10, d =6and γ(F, 11) = 3 for d =6. • γ(F, 17) = 2 for 2 ≤ d ≤ 14. • γ(F, 19) = 2 for 2 ≤ d ≤ 16.

Now, we compute the exact divisibility of exponential sums of type S(aXd1 + d2 bX ), where d1 − d2 divides p − 1.

Theorem 3.13. Let d1,d2 be positive integers satisfying d1 >d2 > 0 and d1 d2 d1 (p−1).LetF (X)=aX +bX (ab =0) be a binomial over Fp and (d1,d2)=1.

(1) If (d1 − d2) | p − 1 then ordθ(S(F )) ≥ d1 − d2.

p−1 (2) If (d1 −d2) | p−1 and >d1 −d2 −d1 ≥ 0,thenordθ(S(F )) = d1 − d2 d1−d2 p−1 where d1 is the smallest nonnegative integer congruent to d1 mod . d1−d2 In this situation, S(F ) =0 and F does not permute Fp. Proof. We can write the modular equation associated to S(F ) as follows (d1−d2)j1+d2(j1+j2) ≡ 0modp−1. Then d2(j1+j2) ≡ 0mod(d1−d2). We obtain j1 + j2 ≡ 0mod(d1 − d2). Hence a minimal solution of d1j1 + d2j2 ≡ 0modp − 1 is ≥ d1 − d2. This completes the proof of the ﬁrst part of Theorem 3.13. p−1 Let j2 = d1 ≡ d1 mod ,andj1 = d1 − d2 − d1. We are going to prove that d1−d2 (j1,j2)isaminimalsolutionofd1j1 + d2j2 ≡ 0modp − 1. We have

d1j1 + d2j2 = d1(d1 − d2 − d1)+d2d1

d1(d1 − d2)+(d2 − d1)d1 =(d1 − d2)(d1 − d1) ≡ 0modp − 1.

Now we are going to prove that this solution is unique. Suppose that (j1,j2)is another minimal solution, i.e., j1 + j2 = d1 − d2.Wehave(d1 − d2)(d1 − d2 − d1)+ d2(d1 − d2)=c1(p − 1), (d1 − d2)j1 + d2(d1 − d2)=c2(p − 1). If c1 = c2 then p−1 j1 = d1 − d2 − d1 and it is unique. If c1 = c2,thenj1 = d1 − d2 + d1 +( )l.If d1−d2 p−1 l ≥ 1, then j1 ≥ d1 − d2 − d1 + . Hence d1−d2 p − 1 p − 1 d1 − d2 = j1 + j2 ≥ d1 − d2 − d1 + ↔ d1 ≥ . d1 − d2 d1 − d2

64 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

p−1 This is a contradiction. If l<0, then j1 ≤ d1 − d2 − d1 − . Thisisa d1−d2 p−1 − − contradiction since d −d >d1 d2 d1. Hence l =0. 1 2

The determination if a binomial is or not a permutation polynomial over arbitrary ﬁnite ﬁeld has been considered for many authors, for example see [20, 26]. Recently in [15], Masuda-Zieve proved the following results about permutation binomials: Let d >d be positive integers. 1 2 √ d1 d2 • If F (X)=X + aX permutes Fp,thens> p − 1, where s = gcd(d1 − − ∈ F∗ d2,p 1), and a p . d1 d2 • If F (X)=X + aX permutes Fp,thenp − 1 ≤ (d1 − 1) · max{d2,s}, − − ∈ F∗ where s = gcd(d1 d2,p 1), and a p .

Example 3.14. Various examples: 29 9 • Consider the polynomial F (X)=X +aX over F61. F is a permutation polynomial of F61 for a ∈{2, 3, 6, 17, 19, 26, 33, 36, 38, 39, 41, 45}. • 31 F Consider the polynomial F (X)=X +aX over 2311.√ Masuda-Zieve’s result implies that F does not permute F2311 since 30 < 2311−1. Theorem 3.13 does not give any information about F since d1 −d2 −d1 = −1 < 0. In this case the minimum is m = 90 and it is unique. Hence ordθ(S(F )) = 90. 17 7 • Consider the polynomial F (x)=X +aX over F61.Inthiscasewehave that 6 > 10 − 5=5> 0. Therefore, Theorem 3.13 implies that F does F not permute 61.Wehaveordθ(S(F√)) = 10. Masuda-Zieve’s results do not give any information since 10 > 61 − 1andp − 1 > 16 × 10 = 160. 151 120 • Consider the polynomial F (X)=X + aX over F683.Inthiscasewe have that 22 > 31 − 27 = 4 > 0. Therefore, Theorem 3.13 implies that F F does not permute 683.Wehaveordθ(S(√F )) = 31. Masuda-Zieve’s results do not give any information since 31 > 683 − 1.

Remark 3. We cannot apply Theorem 3.13 to a polynomial F (X)=Xd1 + d2 aX ,whend1 − d2 does not divide p − 1, but it can be applied to the polynomial s+d2j d2j F (X)=X + ax ,wheres = gcd(d1 − d2,p− 1), js ≡ s mod p − 1and gcd(j, p − 1) = 1. The modular equations associated to F and F are equivalent. Hence ordθ(S(F )) = ordθ(S(F )).

41 13 Example 3.15. Consider the polynomial F (X)=X + aX over F127.Note 79 65 that d1 − d2 = 28 does not divide 126. In this case F (X)=X + aX .NoteF satisﬁes the hypothesis of Theorem 3.13, 9 > 14 − 7=7> 0. Therefore, Theorem 3.13 implies that ordθ(S(F )) = 14 and F does not permute F127. Now we apply Theorem 3.13 to the Waring Problem. Corollary 3.16. With the notation and hypotheses of part 2 of Theorem 3.13. d1 d2 Let F (X)=aX + bX be a polynomial over Fp.ThenF (X1)+···+ F (Xs)=a p−1 is solvable for any a ∈ Fp whenever s ≥ . d1−d2

Remark 4. If d1 and d2 are not too large, the bound of [3] is essentially better. Example . 3.17 Let d1 = 100,d2 =9andp = 5279. Applying Corollary 3.16, s 100 9 ≥ ∈ F the equation i=1 Xi + Xi = a is solvable for s 58, a 5279.

EXACT DIVISIBILITY OF EXPONENTIAL SUMS AND SOME CONSEQUENCES 65

Acknowledgements The authors are grateful to the referees for their detailed comments and sug- gestions that improved the quality of this paper.

References [1] Adolphson, A. and Sperber, S., p-adic Estimates for Exponential Sums and the Theorem of Chevalley-Warning, Ann. Sci. Ecole Norm. Sup. 20, 545-556, 1987. MR932797 (89d:11112) [2] A. Adolphson and S. Sperber, Exponential Sums Nondegenerate Relative to a Lattice, Algebra & Number Theory 8, 881-906, 2009. MR2587407 (2011f:11096) [3] T. Cochrane, C. Pinner and J. Rosenhouse, Bounds on Exponential Sums and the Polynomial Waring Problem Mod p, J. London Math. Soc. 67, 319-336, 2003. MR1956138 (2003m:11129) [4] T. Cochrane and C. Pinner, Sum-Product Estimates Applied to Waring’s Problem Mod p, INTEGERS:ElecJ.Comb.Num.T.8, A46, 2008. MR2472064 (2009m:11163) [5] L. Carlitz, D. J. Lewis, W. H. Mills and E. G. Straus, Polynomials over Finite Fields with Minimal Value Sets, Mathematika 8, 121-130, 1961. MR0139606 (25:3038) [6] Castro, F. N., Rubio, I. and Vega, J., Divisibility of Exponential Sums and Solvability of Certain Equations over Finite Fields, The Quart. J. Math. 60, 169-181, 2008. MR2506381 (2010d:11144) [7] F. Castro, L. Medina, and I. Rubio, Exact Divisibility of Exponential Sums over the Binary Field via the Covering Method, Contemp. Math. 537, 129-136, 2011. MR2799095 [8] F. Gouvêa, p-adic Number: A Introduction, Springer. [9] D. Gomez and A. Winterhof, Waring’s Problem in Finite Fields with Dickson Polynomials. Finite fields: Theory and Applications, Contemp. Math. 518, 185-192, 2010. MR2648548 (2011j:11187) [10] D.R. Heath-Brown and S. Konyagin, New Bounds for Gauss Sums Derived from Kth Pow- ers, and for Heilbronn’s Exponential Sum, Quart. J. Math. 51, 221-235, 2000. MR1765792 (2001h:11106) [11] S. V. Konyagin, Estimates for Gaussian Sums and Waring’s Problem Modulo a Prime, Trudy Mat. Inst. 198(1992), 111-124 (in Russian); English transl.: Proc. Steklov Inst. Math. 1, 105-117, 1994. MR1289921 (96e:11122) [12] S. Konyagin and I. Shparlinski, Character Sums with Exponential Functions and Their Ap- plications 136, Cambridge Univ. Press, 1999. MR1725241 (2000h:11089) [13] S. Konyagin, Enumerating Permutation Polynomials over Finite Fields by Degree, Finite Fields and Their Applications 8, 548-553, 2002. MR1933625 (2003h:11153) [14] R. Lidl, and H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and its Applications 20, Cambridge University Press, 1997. MR1429394 (97i:11115) [15] A. Masuda and M. Zieve, Permutation Binomials over Finite Fields, Trans. Amer. Math. Soc. 361, 4169-4180, 2009. MR2500883 (2009m:11205) [16] C. J. Moreno and O. Moreno, Exponential sums and Goppa codes I, Proc. Amer. Math. Soc. 111, 523-531, 1991. MR1028291 (91f:11087) [17] O. Moreno and C. J. Moreno, Improvements of the Chevalley-Warning and the Ax-Katz theorems, Amer.J.Math. 1, 241-244, 1995. MR1314464 (95j:11116) [18] O. Moreno, K. Shum , F, N. Castro, and P. V. Kumar, Tight Bounds for Chevalley-Warning- Ax Type Estimates, with Improved Applications, Proc. of the London Math. Soc. 88, 545-564, 2004. MR2044049 (2005g:11114) [19] C. J. Moreno, Algebraic Curves over Finite Fields, Cambridge Tracts in Mathematics 97, Cambridge University Press, 1994. MR1101140 (92d:11066) [20] H. Niederreiter and K. H. Robinson, Complete mappings of finite fields, J. Austral. Math. Soc. (Series A) 33 197-212, 1982. MR668442 (83j:12015) [21] A. Ostafe and I. E. Shparlinski, On the Waring Problem with Dickson Polynomials in Finite Fields, Proc.Amer.Math.Soc.139 , 3815-3820, 2011. MR2823028 (2012e:11202) [22] A. Ostafe, D. Thomson, and A. Winterhof, On the Waring problem with multivariate Dickson polynomials. AMS Contemporary Mathematics (CONM) book series. Proceedings of the 10th International Conference on Finite Fields and their Applications Fq10, Ghent, Belgium, July 11-15, 2011.

66 FRANCIS N. CASTRO, RAUL´ FIGUEROA, AND LUIS A. MEDINA

[23] I. Rubio and F. N. Castro, Solvability of systems of polynomial equations with some prescribed monomials. Finite ﬁelds: Theory and Applications, Contemp. Math. 518, 73-81, 2010. MR2648540 (2012b:11056) [24] S. Scholten and H. June Zhu, The First Case of Wan’s Conjecture, Finite Fields and Their Applications 8, 414-419, 2002. MR1933613 (2003h:11155) [25] S. Sperber, On the p-adic Theory of Exponential Sums, Amer.J.Math.108, 255-296, 1986. MR833359 (87j:11055) [26] G. Turnwald, Permutation polynomials of binomial type, Contributions to General Algebra 6, 281-286, Holder-Pichler-Tempsky, Vienna, 1988. MR1078048 (92e:11141) [27] R. Yang, Newton Polygons of L-functions of polynomials of the form xd + λx, Finite Fields and Their Applications 9, 59-88, 2003. MR1954784 (2003i:11180) [28] L. C. Washington, Introduction to Cyclotomic Fields, 2nd edition, Springer, 1996. MR718674 (85g:11001) [29] A. Winterhof, On Waring’s Problem in Finite Fields, Acta Arith. LXXXVII.2, 171-177, 1998. MR1665204 (99k:11154) [30] H. J. Zhu, p-adic Variation of L functions of One Variable Exponential Sums, J. Reine Angew. Math. 572, 219-233, 2004. MR2076126 (2005i:11101) [31] H. J. Zhu, Asymptotic Variation of L functions of One Variable Exponential Sums I, Amer. J. Math. 125, 669-690, 2003. MR1981038 (2004b:11119)

Department of Mathematics, University of Puerto Rico, San Juan, Puerto Rico 00931 E-mail address: [email protected] Department of Mathematics, University of Puerto Rico, San Juan, Puerto Rico 00931 E-mail address: [email protected] Department of Mathematics, University of Puerto Rico, San Juan, Puerto Rico 00931 E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11519

Additive character sums of polynomial quotients

Zhixiong Chen and Arne Winterhof

Abstract. Let p be a prime, f(X) ∈ Z[X] with leading coeﬃcient not divisible by p,andR a complete residue system modulo p.For an integer u we deﬁne the polynomial quotient qf,p,R(u)by f(u) − f (u) q (u) ≡ p,R mod p, 0 ≤ q (u)

where fp,R(u) ≡ f(u)modp and fp,R(u) ∈ R. Among the polynomial quotients are the well-studied Fermat quotients up−1 − up(p−1) q (u) ≡ mod p. p p We study additive character sums of s-dimensional vectors of polynomial quotients which are nontrivial if either the degree of f(X)issmallorf(X) is a monomial of large degree smaller than − uw−u(p 1)w − p.Fors =1and p mod p with a large gcd(w, p 1) we obtain much stronger bounds by a reduction to the Burgess bound.

1. Introduction Let p be a prime, R be a complete residue system modulo p,and f(X) ∈ Z[X] a polynomial with leading coeﬃcient not divisible by p. For an integer u let fp,R(u) ∈ R with

fp,R(u) ≡ f(u)modp.

We call qf,p,R(u) deﬁned by f(u) − f (u) (1) q (u) ≡ p,R mod p, 0 ≤ q (u)

2010 Mathematics Subject Classiﬁcation. Primary 11T23; Secondary 11A07, 11L40. Key words and phrases. Polynomial quotients, Fermat quotients, additive character sums.

c 2012 American Mathematical Society 67

68 ZHIXIONG CHEN AND ARNE WINTERHOF a polynomial quotient. Note that for the set R = {0, 1,...,p− 1} of least residues modulo p we get the integral part of f(u)/p modulo p, ( ) f(u) q (u) ≡ mod p, f,p,R p and for the set R = {−(p−1)/2, −(p−3)/2,...,−1, 0, 1,...,(p−1)/2} of absolute least residues modulo p we get the closest integer of f(u)/p modulo p, ( f(u) q (u) ≡ mod p. f,p,R p It is easy to check that for all integers v and k (2) qf,p,R(v + kp) ≡ qf,p,R(v)+kf (v)(modp), where f (X) is the derivative of f(X), which implies that qf,p,R(u)is periodic with least period p2 if f (X) is not identically zero. p−1 If f(X)=X and 0, 1 ∈ R, qf,p,R(u)isaFermat quotient denoted by qp(u). Fermat quotients have been studied in a series of papers before, see [1, 3, 5, 6, 7, 10, 11, 12, 13, 14, 15] and references therein. In particular, Heath-Brown [7, Theorem 2] proved a bound on the additive character sums M+N ψ(aqp(u)), gcd(a, p)=1, u=M+1 for any integers M and N ≥ p1/2+ε for some fixed ε>0andp →∞, where ψ(x)=exp(2πix/p) denotes the additive canonical character of Fp,seealso[10, Lemma 2]. Ostafe and Shparlinski [10] used a different approach to derive bounds on % & M+N s−1 ψ ajqp(u + j) u=M+1 j=0 for any dimension s ≥ 1, which is nontrivial for N ≥ sp1+ε and any fixed ε>0 provided that gcd(a0,...,as−1,p)=1. In this paper, we extend these bounds on character sums of Fermat quotients to polynomial quotients. More precisely, we study the sums % & M+N s−1 ψ ajqf,p,R(u + j) . u=M+1 j=0

POLYNOMIAL QUOTIENTS 69

In Section 2 we prove a character sum bound for polynomials f(X) and dimensions 1 ≤ s

uw − uwp (3) q (u) ≡ (mod p) p,w p which includes the Fermat quotients if we take w = p − 1. Such bounds on additive character sums have several applications. We only mention results on the uniform distribution and statistical s independence of vectors (qf,p,R(u)/p,...,qf,p,R(u + s − 1)/p) ∈ [0, 1) in terms of discrepancy bounds, see [10] for the case of Fermat quotients. Throughout this paper, the implied constants in the symbols ‘O’, and ‘ ’ are absolute. We recall that the notations U = O(V )and U V are both equivalent to the assertion that the inequality |U|≤ cV holds for some constant c>0.

2. Small degree Theorem 1. Let f(X) ∈ Z[X] with leading coeﬃcient not divisible by p and qf,p,R(u) deﬁned by ( 1). For 1 ≤ s

* % &* * − * * M+N s 1 * * * * ψ ajqf,p,R(u + j) * deg(f)p log p u=M+1 j=0

2 for 1 ≤ N ≤ p and any integers a0,...,as−1 with gcd(a0,...,as−1,p)= 1.

Proof. Since otherwise the result is trivial, we may assume 2 ≤ deg(f)

70 ZHIXIONG CHEN AND ARNE WINTERHOF

Put I = {i :0≤ i

3. Monomials The following result is a direct extension of [10, Theorem 14] which corresponds to the case = 1 of Fermat quotients.

p− Theorem 2. Let be a positive integer, f(X)=X ,andqf,p,R(u) be deﬁned by ( 1). Then we have * % &* * − * * M+N s 1 * * * * ψ ajqf,p,R(u + j) * sp log p u=M+1 j=0 2 for 1 ≤ N ≤ p and any integers a0,...,as−1 with gcd(a0,...,as−1,p)= 1.

POLYNOMIAL QUOTIENTS 71

Proof. The proof follows the same path as for Theorem 1 using f (u) ≡−u− mod p if gcd(u, p)=1. 2

Theorem 2 can be improved for the special case of the polynomial quotients qp,w(u) deﬁned by (3) in the case s =1. Note that Theorems 1 and 2 do not depend on the choice of the residue system R whereas the proof of the following result works only if R contains a subset equivalent to {upw :0≤ u

Proof. Let ξd =exp(2πi/d) be a complex primitive root of unity and d−1 1 − δ (X)= ξ jkXk, 0 ≤ j

72 ZHIXIONG CHEN AND ARNE WINTERHOF by (4) and (5). Applying the Burgess bound, see [4]or[8,Theorem 12.6], to the inner sum we get the desired bound. 2

Acknowledgment Z.X.C. was partially supported by the National Natural Science Foundation of China under grant No.61170246, the Program for New Century Excellent Talents in Fujian Province University of China under grant No.JK2010047 and the Open Funds of State Key Laboratory of Information Security (Chinese Academy of Sciences) under grant No.01-01-1.

References [1] Aly, H., Winterhof, A.: Boolean functions derived from Fermat quotients. Cryptogr. Commun. 3 (3) (2011) 165–174. MR2813879 (2012e:06045) [2] Blackburn, S. R., Etzion, T., Paterson, K. G.: Permutation polynomials, de Bruijn sequences, and linear complexity. J. Combin. Theory Ser. A 76 (1) (1996) 55–82. MR1405990 (97h:94004) [3] Bourgain, J., Ford, K., Konyagin, S. V., Shparlinski, I. E.: On the divisibility of Fermat quotients. Michigan Math. J. 59 (2) (2010) 313–328. MR2677624 (2011j:11182) [4] Burgess, D. A.: On character sums and L-functions, II. Proc. London Math. Soc. 13 (3) (1963) 524–536. MR0148626 (26:6133) [5] Chen, Z., Ostafe, A., Winterhof., A.: Structure of pseudorandom numbers derived from Fermat quotients. in WAIFI 2010, Lecture Notes in Comput. Sci. 6087 (2010) 73–85. MR2674216 (2012b:11122) [6] Gomez, D.; Winterhof, A.: Multiplicative character sums of Fermat quotients and pseudorandom sequences. Period. Math. Hungar., 64 (2) (2012) 161–168. [7] Heath-Brown, D. R.: An estimate for Heilbronn’s exponential sum. Analytic number theory, Vol. 2 (Allerton Park, IL, 1995), 451–463, Progr. Math., 139, Birkhäuser Boston, Boston, MA, 1996. MR1409372 (97k:11120) [8] Iwaniec, H., Kowalski, E.: Analytic number theory. American Mathematical Society Colloquium Publications, 53. American Mathematical Society, Provi- dence, RI, 2004. MR2061214 (2005h:11005) [9] Mauduit, C., Rivat, J., Sárközy, A.: Construction of pseudorandom binary sequences using additive characters. Mh. Math. 141 (3) (2004) 197–208. MR2042211 (2005a:11117) [10] Ostafe, A., Shparlinski, I. E.: Pseudorandomness and dynamics of Fermat quotients. SIAM J. Discr. Math 25 (1) (2011) 50–71. MR2765701 (2012c:11008) [11] Shparlinski, I. E.: Bounds of multiplicative character sums with Fermat quotients of primes. Bull. Aust. Math. Soc. 83 (2011) 456–462. MR2794532 [12] Shparlinski, I. E.: Character sums with Fermat quotients. Quart. J. Math. 62 (2011), no. 4, 1031–1043. MR2853229 [13] Shparlinski, I. E.: On the value set of Fermat quotient. Proc. Amer. Math. Soc. 140 (2012), no. 4, 1199–1206. MR2869105 [14] Shparlinski, I.E.: On vanishing Fermat quotients and a bound of the Ihara sum. Preprint 2011.

POLYNOMIAL QUOTIENTS 73

[15] Shparlinski, I.E.: Fermat quotients: Exponential sums, value set and primitive roots. Bull. Lond. Math. Soc. 43 (2011), no. 6, 1228–1238. MR2861544

Department of Mathematics, Putian University, Putian, Fujian 351100, People’s Republic of China

State Key Laboratory of Information Security, Institute of Soft- ware, Chinese Academy of Sciences, Beijing 100049, People’s Republic of China E-mail address: [email protected] Johann Radon Institute for Computational and Applied Mathe- matics, Austrian Academy of Sciences, Altenberger Straße 69, A-4040 Linz, Austria E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11520

5-Designs related to binary extremal self-dual codes of length 24m

Javier de la Cruz and Wolfgang Willems

Abstract. We prove that the binary code C of length 120 related to a self- orthogonal 5-(120, 24, 8855) design is self-dual and has minimum distance d = 24 (i.e. C is extremal) or d = 16.

1. Introduction A t-(v, k, λ) design D =(P, B), t-design for short, is a set P of v points together with a collection B of k-subsets B of P (called blocks) such that every t distinct points are together incident with exactly λ blocks. The design is called self-orthogonal if |B ∩ B|≡k mod 2 for all blocks B,B ∈B. Let C be a binary extremal self-dual code of length n =24m. According to Mallows and Sloane [12], the minimum distance of an extremal code of length 24m satisﬁes d =4m + 4. We put P = {1,...,24m} and deﬁne the blocks B ∈B as supports of codewords of minimum weight where the support of a vector v = (v1,...,vn)isgivenby{i | vi =0 }. Thus the block size equals 4m +4. Dueto Assmus and Mattson [1], DC =(P, B) forms a self-orthogonal 5-(24m, 4m +4,λ) design. If Ad denotes the number of codewords of minimum weight a double counting argument shows that n d λ = A . 5 d 5 12 Since, according to [ ], n 5m−2 5 m −1 Ad = d 5 we obtain 5m − 2 λ = . m − 1

2010 Mathematics Subject Classiﬁcation. Primary 94B05, 51E05; Secondary 94C30. Key words and phrases. Extremal self-dual codes, 5-designs.

c 2012 American Mathematical Society 75

76 JAVIER DE LA CRUZ AND WOLFGANG WILLEMS

Thus a binary extremal self-dual code of length n =24m yields a self-orthogonal 5m − 2 5-(24m, 4m +4, ) m − 1 design. D 5m−2 Conversely, suppose that is a self-orthogonal 5-(24m, 4m+4, m−1 )design. The related binary code C(D) is deﬁned as the F2-linear span of the rows of the block-point incidence matrix of D. Clearly, C(D) is self-orthogonal since D is self- orthogonal. In order to prove that C(D) is self-dual we may proceed as follows. Let c⊥ ∈ ⊥ ⊥ ⊥ C(D) with wt(c )=w and let S denote the support of c . Hence |S| = w.Ifni denotes the number of blocks intersecting S in exactly i points (the ni are usually called intersection numbers) and

24m−j 5−j (1) λj = λ 4m+4−j 5−j then we have the Mendelsohn equations w 2 2i w (2) n = λ (j =0, 1,...,5) j 2i j j i=0 (see [13]or([3], Satz 2.1.1)). In case we are able to prove that the system (2) of linear equations has nonnegative integer solutions n2i ∈ N0 only if 4 | w then C(D)⊥ is doubly-even which implies C(D)⊥ ⊆ (C(D)⊥)⊥ = C(D). Hence C(D) is self-dual since C(D) ⊆ C(D)⊥.

This approach works properly for m =1,...,25 unless m =7, 13, 14, 15 and 23. In the exceptional cases the method fails since there might be solutions n2i ∈ N0 of (2) for all w ≡ 2mod4. Remark 1. Note that for m = 1 there is exactly one binary extremal self-dual code, namely the [24, 12, 8] extended Golay code and exactly one 5-(24, 8, 1) design, a Steiner system, where the related code is the binary extended Golay code (see ([14], Theorem 5) and ([2], Theorem 8.6.2)). For m = 2 there is again exactly one binary extremal self-dual code, namely the binary extended quadratic residue code [10] and exactly one self-orthogonal 5-(48, 12, 8) design ([9], Theorem 1.1), where the related code is the binary extended quadratic residue code of length 48. In case m =3andm = 4 we do not know about the existence neither of binary extremal self-dual codes of length 72 or 96 nor of self-orthogonal 5-(72, 16, 78) or 5-(96, 20, 816) designs D. However, according to [8]and[7], the related codes C(D) of the putative designs are extremal self-dual in both cases.

2. The case m =5 Unfortunately, for m = 5, we are not able to prove that the related code of the putative 5-design is extremal. More precisely, we have

Theorem Let D be a self-orthogonal 5-(120, 24, 8855) design. Then C(D)=C(D)⊥ with minimum distance d =16ord = 24.

5-DESIGNS RELATED TO BINARY EXTREMAL SELF-DUAL CODES 77

Proof. Let D be a self-orthogonal 5-(120, 24, 8855) design. According to (1) one easily computes λ0 = 39703755, λ1 = 7940751, λ2 = 1534767, λ3 = 286143, ⊥ λ4 = 51359 and λ = λ5 = 8855. Let C = C(D). Clearly C ⊆ C since D is self-orthogonal. ⊥ ⊥ ⊥ Next let c ∈ C with wt(c )=w>0. Since n2i =0for2i>24 the system (2) of equations may be written as (3) xA = b where

x =(n0,n2,n4,n6,n8,n10,n12,n14,n16,n18,n20,n22,n24),

w w w w w b = λ0,λ1 1 ,λ2 2 ,λ3 3 ,λ4 4 ,λ5 5 and ⎛ ⎞ 10 0 0 0 0 ⎜ ⎟ ⎜ 12 1 0 0 0 ⎟ ⎜ ⎟ ⎜ 14 6 4 1 0 ⎟ ⎜ ⎟ ⎜ 1 6 15 20 15 6 ⎟ ⎜ ⎟ ⎜ 1 8 28 56 70 56 ⎟ ⎜ ⎟ ⎜ 1 10 45 120 210 252 ⎟ ⎜ ⎟ A = ⎜ 1 12 66 220 495 792 ⎟ . ⎜ ⎟ ⎜ 1 14 91 364 1001 2002 ⎟ ⎜ ⎟ ⎜ 1 16 120 560 1820 4368 ⎟ ⎜ ⎟ ⎜ 1 18 153 816 3060 8568 ⎟ ⎜ ⎟ ⎜ 1 20 190 1140 4845 15504 ⎟ ⎝ 1 22 231 1540 7315 26334 ⎠ 1 24 276 2024 10626 42504 Solving the system (3) of equations we ﬁnd

n10 = β10 − 6n12 − 21n14 − 56n16 − 126n18 − 252n20 − 462n22 − 792n24, where 1 β = (1771w5 − 120428w4 + 3253580w3 − 41174416w2 + 204795264w). 10 32 · 8 · 3

One easily checks that β10 ∈ Z if w ≡ 0 mod 4. Therefore w ≡ 0mod4which shows that C⊥ is doubly-even. In particular, C⊥ is self-orthogonal which proves that C is self-dual. Finally, in order to compute the minimum distance d of C,letc ∈ C⊥ = C be of minimum weight wt(c)=w = d.Accordingto(2)wehave

w w 2 2 2i w 2 n − 2in =2λ − λ w, 2 2i 2i 2 2 1 i=0 i=0 hence w 2 2i(2i − 2)n2i = w((w − 1)λ2 − λ1). i=0

78 JAVIER DE LA CRUZ AND WOLFGANG WILLEMS

w λ1+λ2 Since 2i(2i − 2)n2i ≥ 0fori =0, ..., we obtain w ≥ > 6. Therefore the 2 λ2 minimum distance d satisﬁes d ≥ 8. Using a computer algebra system we see that for w =8andw = 12 the system (3) of equations has no solution consisting of nonnegative integers. Thus we have d ≥ 16. In contrast to w =8andw = 12 there are nonnegative integer solutions for w =16andw = 20, for instance

x = (1599377, 17248920, 16427320, 4325776, 66690, 35672, 0, 0, 0, 0, 0, 0) and x = (574140, 10214100, 18892755, 8752800, 1200300, 69660, 0, 0, 0, 0, 0, 0), respectively. We claim that d = 20 cannot occur which ﬁnishes the proof.

By Gleason’s theorem [6], the homogeneous weight enumerator WC (x, y)is given by 5 8 4 4 8 15−3i 4 4 4 4 4 i WC (x, y)= ai(x +14x y + y ) (x y (x − y ) ) , i=0 where ai ∈ Z for i =0, ..., 5. Thus 4 8 WC (1,y)=a0 + (210a0 + a1)y + (20595a0 + 164a1 + a2)y + ... 20 24 = A0 + A20y + A24y + ..., where A denotes the number of codewords of weight i. In particular we have i ⎛ ⎞ ⎛ ⎞ ⎛ ⎞ 10000a0 1 ⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ 210 1 0 0 0 ⎟ ⎜ a1 ⎟ ⎜ 0 ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ ⎟ ⎜ 20595 164 1 0 0 ⎟ ⎜ a2 ⎟ = ⎜ 0 ⎟ . ⎝ ⎠ ⎝ ⎠ ⎝ ⎠ 1251460 12282 118 1 0 a3 0 52705485 554740 6085 72 1 a4 0 The unique solution of this system of equations is

(a0,a1,a2,a3,a4)=(1, −20, 13845, −305950, 1571490).

Therefore A20 = 492372 + a5 > 0andA24 = 29856315 − 20a5. Since −a5 < 492372 we get A24 = 29856315 − 20a5 < 29856315 + 9847440 = 39703755 which contradicts the fact that the incidence matrix of the design D has 39703755 row vectors of weight 24. In the proof we used only the Mendelsohn equations from design theory. There are other equations like the K¨ohler equations or higher intersection numbers (see [3]). However neither of them lead to a contradiction in case d = 16.

3. Automorphism groups It is well-known that the automorphism group of the binary extended Golay code coincides with the automorphism group of its related 5-(24, 8, 1) design; it is the Mathieu group M24. The same happens with the binary extended quadratic residue code of length 48 and its related self-orthogonal 5-(48, 12, 8) design. The group is PSL(2, 47). In general we have

5-DESIGNS RELATED TO BINARY EXTREMAL SELF-DUAL CODES 79

Proposition 2. Let C be a binary extremal self-dual [24m, 12m, 4m +4] code 5m−2 D D ⊥ D with related self-orthogonal 5-(24m, 4m +4, m−1 ) design .IfC( ) = C( ) then Aut(C)=Aut(D). Proof. The condition C(D)⊥ = C(D) implies in particular that C is generated { } by the set S = v1,...,vs of all codewords of minimum weightw = d =4m +4. ∈ D s ∈ s Let σ Aut( ). For c = i=1 αivi C we put σ(c)= i=1 αiσ(vi). Note that this is well deﬁned since σ permutes the coordinates {1,...,24m}. Clearly, σ(vi) ∈ S ⊆ C for all i, hence σ(c) ∈ C.Thisprovesthatσ ∈ Aut(C). Conversely, suppose that σ ∈ Aut(C). Since σ acts as a permutation on S it induces a permutation on the blocks which shows that σ ∈ Aut(D). Remarks 3. a) By the Theorem and the computations we mentioned in the ⊥ previous sections we have C(D) = C(D) for all self-orthogonal 5-(24m, 4m + 5m−2 D 4, m−1 )designs with m =1,...,25 unless m =7, 13, 14, 15, 23. Thus for these m the automorphism group of a binary extremal self-dual [24m, 12m, 4m +4]code C is equal to the automorphism group of its related design D. b) Since C(D)isextremalform =3andm = 4 the automorphism group of a self- orthogonal 5-(72, 16, 78) or 5-(96, 20, 816) design equals the automorphism group of the related extremal self-dual code. Thus, according to the main theorem in [4], the automorphism group of a putative self-orthogonal 5-(72, 16, 78) design is solvable of order less or equal to 36. Information on the automorphism group of a self-orthogonal 5-(96, 20, 816) design can be taken from [5].

4. Questions

D 5m−2 D Let be a self-orthogonal 5-(24m, 4m +4, m−1 ) design and let C( )denote its related code as deﬁned in the introduction. Due to the results in the literature and the previous sections we may ask. Question 1 Do we always have C(D)⊥ = C(D)?

Question 2 Is C(D) always an extremal self-dual [24m, 12m, 4m +4]code?

Note, that an aﬃrmative answer to the Question 1 implies that the automorphism group of an extremal self-dual code of length 24m is equal to the automorphism group of its related 5-design. An aﬃrmative answer of Question 2 says that the existence of an extremal self-dual [24m, 12 m, 4m +4]codeisequivalenttothe 5m−2 existence of a self-orthogonal 5-(24m, 4m +4, m−1 )design. References [1] E.F. Assmus, Jr. and H.F. Mattson Jr., New 5-designs. J. Combin. Theory 6 (1969), 122-151. MR0272647 (42:7528) [2] E.F. Assmus, Jr. and J.D. Key, Designs and their Codes. Cambridge University Press 1992 MR1192126 (93j:51003) [3] A. Betten, Schnittzahlen von Designs, Bayreuther Mathematische Schriften, Heft 58, 2000. MR1774817 (2001k:05028) [4] E.A. O’Brien and W. Willems, On the automorphism group of a binary self-dual doubly- even [72,36,16] code. IEEE Trans. Inform. Theory 57 (2011), no. 7, 4445–4451. MR2840465 (2012g:94135) [5] J. de la Cruz and W. Willems, On extremal self-dual codes of length 96. IEEE Trans. Inform. Theory 57 (2011), no. 10, 6820–6823. MR2882263

80 JAVIER DE LA CRUZ AND WOLFGANG WILLEMS

[6] A.M. Gleason, Weight polynomials of self-dual codes and the MacWilliams identities. Actes Congr`es Internat. Math. 3 (1970), 211-215. MR0424391 (54:12354) [7] M. Harada, Remark on a 5-design related to a putative extremal doubly-even self-dual [96, 48, 20] code. Des. Codes Cryptogr. 37 (2005), 355-358. MR2174285 (2006i:94108) [8] M. Harada, M. Kitazume and A. Munemasa, On a 5-design related to an extremal doubly- even self-dual code of length 72. J. Combin. Theory Ser. A 107 (2004), 143-146. MR2063958 (2005c:94070) [9] M. Harada, A. Munemasa and V.D. Tonchev, A characterization of designs related to an extremal doubly-even self-dual code of length 48. Ann. Comb. 5 (2005), 189-198. MR2153737 (2006h:05032) [10] S.K. Houghten, C.W.H. Lam, L.H. Thiel and J.A. Parker, The extended quadratic residue code is the only (48, 24, 12) self-dual doubly-even code. IEEE Trans. Inform. Theory 49 (2003), 53-59. MR1965886 (2004c:94114) [11] J. MacWilliams and N.J.A. Sloane, The Theory of Error-Correcting Codes. North-Holland, Amsterdam 1977. [12] C.L. Mallows and N.J.A. Sloane, An upper bound for self-dual codes. Inform. and Control 22 (1973), 188-200. MR0414223 (54:2326) [13] N.S. Mendelsohn, Intersection numbers of t-designs. In: Studies in Pure Mathematics (presented to Richard Rado), Academic Press, London 1971, 145-150. MR0270936 (42:5819) [14] V. Pless, On the uniqueness of the Golay codes. J. Comb. Theory 5 (1968), 215-228. MR0242561 (39:3892)

Universidad del Norte, Barranquilla, Colombia

Otto-von-Guericke Universitat,¨ Magdeburg, Germany

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11521

Sequences of Dedekind sums in function ﬁelds

Yoshinori Hamahata

Abstract. We introduce some sequences of Dedekind sums in rational function ﬁelds. Our Dedekind sums are very similar to ordinary Dedekind sums and to higher dimensional ones in the classical case. We discuss the rationality, reciprocity law, and the limit for the Dedekind sums.

1. Introduction For relatively prime integers c>0anda, the classical Dedekind sum is defined as − 1 c 1 πk πka s(a, c)= cot cot , 4c c c k=1 which is a rational number. The Dedekind sum satisfies a famous relation called the reciprocity law a2 + c2 +1− 3ac s(a, c)+s(c, a)= (a>0). 12ac The standard reference for the Dedekind sum is Rademacher-Grosswald [7]. A generalization of Dedekind sums to higher dimensions was presented by Zagier [9]. Let p be a positive integer and let a1,...,an−1 be integers relatively prime to p. We assume that n is odd. Zagier defines a higher dimensional Dedekind sum as follows: p−1 (n−1)/2 1 πka1 πkan−1 d(p; a ,...,a − ):=(−1) cot ···cot , 1 n 1 p p p k=1 which is a rational number. For pairwise coprime positive integers a1,...,an (n odd), this sum satisfies the reciprocity law n ln(a1,...,an) d(a ; a ,...,a − ,a ,...,a )=1− , j 1 j 1 j+1 n a ···a j=1 1 n n where ln(a1,...,an) is the polynomial in a1,...,an defined as the coefficient of t in the power series expansion of n a t n 1 1 2 j = 1+ a2t2 − a4t4 + a6t6 −··· . tanh(a t) 3 j 45 j 945 j j=1 j j=1

2010 Mathematics Subject Classiﬁcation. Primary 11F20; Secondary 11G09. Key words and phrases. Dedekind sums, function ﬁelds, Drinfeld modules.

c 2012 American Mathematical Society 81

82 YOSHINORI HAMAHATA

It is known that π cot πz can be expressed as follows: ∞ 1 1 1 (1.1) π cot πz = + + . z z − n z + n n=1 Let A be the affine ring of elements of a fixed function field which are regular away from a place ∞.ForagivenA-lattice we have periodic functions that have expressions analogous to (1.1). Based on this, Okada [6] introduced Dedekind sums associated to the Carlitz module in rational function fields, and established reciprocity laws for them. For each A-lattice, we defined Dedekind sums, which yield a generalization of those of Okada, defined higher dimensional Dedekind sums, and established the reciprocity law ([2]). It should be noted that for each finite dimensional Fq-vector space in a finite field, another type of Dedekind sum and related results exist ([1]). In this paper, we introduce sequences of Dedekind sums in rational function fields. Our Dedekind sums correspond to sequences of finite dimensional Fq-vector spaces, and are very similar to ordinary Dedekind sums and to higher dimensional ones in the classical case. We discuss the rationality and reciprocity law for the Dedekind sums. We show that a certain limit of these Dedekind sums is the non- rational Dedekind sum associated to the A-lattice A. This result yields the relation between two kinds of the Dedekind sums.

Notation. : the sum over non-vanishing elements : the product over non-vanishing elements Fq : the finite field with q elements A = Fq[T ] : the ring of polynomials in an indeterminate T K = Fq(T ) : the quotient field of A || : the normalized absolute value on K such that |T | = q K∞ : the completion of K with respect to || K∞ : a fixed algebraic extension of K∞ C : the completion of K∞

2. Additive functions We refer to [3, 4, 5] for details.

2.1. The function εk(z). Let k be a non-negative integer, and set Ak = {a ∈ A | deg a

{0} = A0 ⊂ Fq = A1 ⊂ A2 ⊂···⊂Ak ⊂··· . For every A , put k z ε (z)=e (z)=z 1 − , k Ak f f∈Ak i dim Ak q → which has the form i=0 aiz .Themapεk : C C satisﬁes the following properties:

• εk is entire in the rigid analytic sense, and surjective; • εk is Fq-linear and Ak-periodic; • εk has simple zeros at the points of Ak, and no other zeros;

SEQUENCES OF DEDEKIND SUMS IN FUNCTION FIELDS 83

• dεk(z)/dz = εk(z)=1.Hencewehave 1 ε (z) 1 = k = ; εk(z) εk(z) z − f f∈Ak

• εk(z) ∈ K[z]. For a positive integer m, −m Em(Ak)= f

f∈Ak is called the Eisenstein series of weight m for Ak. We use the convention E0(Ak)= −1. The function z/εk(z) has the following expression as a formal series: ∞ z = − E (A )zm. ε (z) m k k m=0

2.2. The lattice function eΛ(z). ArankrA-lattice ΛinC is a ﬁnitely generated A-submodule of rank r in C that is discrete in the topology of C.For such an A-lattice Λ, deﬁne the lattice function by

z e (z)=z 1 − . Λ λ λ∈Λ

The product converges uniformly on bounded sets in C, and deﬁnes a map eΛ : C → C.ThemapeΛ has the following properties:

• eΛ is entire in the rigid analytic sense, and surjective; • eΛ is Fq-linear and Λ-periodic; • eΛ has simple zeros at the points of Λ, and no other zeros; • deΛ(z)/dz = eΛ(z)=1.Hencewehave 1 e (z) 1 = Λ = . eΛ(z) eΛ(z) z − λ λ∈Λ Let L = πA be the A-lattice corresponding to the Carlitz module ρ deﬁned by q F∗ ρT (z)=Tz + z .Theperiodπ is well-deﬁned up to an element of q .Thepower πn of this period is transcendental for any natural number n ∈ N ([8]). There is a relation

πeA(z)=eL(πz) between eA(z)andeL(z). Finally we remark that

(2.1) lim εk(z)=eA(z) k→∞ locally uniformly as holomorphic functions in C. Hence it holds that

−1 (2.2) lim εk(z)=π eL(πz). k→∞

3. Inhomogeneous Dedekind sums We choose a, c ∈ A \{0} such that a, c are coprime. Let k, l be non-negative integers.

84 YOSHINORI HAMAHATA

Definition 3.1. The inhomogeneous Dedekind sum sk,l(a, c)forAk is deﬁned as − − 1 af 1 f 1 s (a, c)= ε ε , k,l c l c l c f∈Ak where means the sum over elements f ∈ Ak such that both εl(af/c)andεl(f/c) are non-zero.

Proposition 3.2. The Dedekind sum sk,l(a, c) can be written as − − 1 af 1 f 1 s (a, c)= ε ε k,l c l c l c f∈A \(cA ∩A ) ⎧ k l k −1 −1 ⎨⎪ 1 af f εl εl (if c ∈ Ak) = c ∈ c c . ⎩⎪ f Ak 0(if c ∈ Ak) Proof. The ﬁrst identity is easy. Consider the second identity. Using the degree of c,weseethatcAl ∩ Ak = {0} if and only if c ∈ Ak. This proves the case c ∈ Ak.Whenc ∈ Ak, cAl ∩ Ak is a non-zero ﬁnite dimensional Fq-vector space. Hence sk,l(a, c) can be written as − − 1 af 1 f 1 s (a, c)= |cA ∩ A | ε ε , k,l c l k l c l c f∈Ak/cAl∩Ak where the right hand side is zero since |cAl ∩ Ak| is a power of q.

From this proposition, the condition “c ∈ Ak” is essential. The following result is fundamental. Proposition 3.3. We have

(i) sk,l(a, c) only depends on a + cAk; −1 (ii) sk,l(ζa,c)=ζ sk,l(a, c) for ζ ∈ Fq \{0}; (iii) sk,l(a, ζc)=ζsk,l(a, c) for ζ ∈ Fq \{0}; (iv) sk,l(a, c) is rational, i.e., sk,l(a, c) ∈ K.

Proof. The proof follows from the property of εl(z).

The Dedekind sum sk,l(a, c) has the following reciprocity law: Theorem 3.4 (Reciprocity law). Assume that l ≥ k and q>3.Leta, c ∈ A \ Ak.Ifa, c are coprime, then we have a2 + c2 +1 (3.1) s (a, c)+s (c, a)= E (A ). k,l k,l ac 2 k We will defer the proof of this result to section 5.

4. Higher dimensional Dedekind sums

We introduce higher dimensional Dedekind sums for Ak to generalize the Dede- kind sums deﬁned in the previous section. Assume n ≥ 2. Let a1,a2,...,an ∈ A \{0} be such that a1,a2,...,an−1 are relatively prime to an.Letk, l denote non-negative integers. Then

SEQUENCES OF DEDEKIND SUMS IN FUNCTION FIELDS 85

Definition 4.1. The higher dimensional Dedekind sum is deﬁned as − − 1 1 n−1 1 a1f an−1f sk,l(an; a1,...,an−1)=(−1) εl ···εl , an an an f∈Ak where means the sum over elements f ∈ Ak such that all εl(a1f/an), ..., εl(an−1f/an) are non-zero.

Remark 4.2. The inhomogeneous Dedekind sum sk,l(a, c) is expressed as sk,l(a, c)=sk,l(c; a, 1).

Proposition 4.3. The Dedekind sum sk,l(an; a1,...,an−1) can be written as

s (a ; a ,...,a − ) k,l n 1 n 1 −1 −1 n−1 1 a1f an−1f =(−1) εl ···εl an ∈ \ ∩ an an ⎧ f Ak (anAl Ak) − − ⎪ 1 1 ⎨ n−1 1 a1f an−1f (−1) εl ···εl (if an ∈ Ak) = an ∈ an an . ⎩⎪ f Ak 0(if an ∈ Ak) The proof is similarly checked as the proof of Proposition 3.2. This proposition implies the importance of the condition “an ∈ Ak”. The Dedekind sum sk,l(an; a1,...,an−1) has properties similar to those of Za- gier’s Dedekind sum:

Proposition 4.4. (i) sk,l(an; a1,...,an−1) only depends on ai + anAk; (ii) sk,l(an; a1,...,an−1) is symmetric in a1,...,an−1; −1 (iii) sk,l(an; ζa1,...,an−1)=ζ sk,l(an; a1,...,an−1) for any ζ ∈ Fq \{0}; (iv) sk,l(an; ζa1,...,ζan−1)=sk,l(an; a1,...,an−1) for any ζ ∈ Fq \{0}; (v) sk,l(an; a1,...,an−1) is rational, i.e., sk,l(an; a1,...,an−1) ∈ K. The proof is trivial as the proof of Proposition 3.3, so we omit it. Remark 4.5. By Proposition 4.4 (ii), (iii), and (iv), we have n−1 (−1) sk,l(an; a1,...,an−1)=sk,l(an; a1,...,an−1).

Hence, if Char Fq =2and2 |n, then the sum is equal to zero. Therefore in the case Char Fq = 2, we may suppose in advance that n is odd. We now state the reciprocity law for our higher dimensional Dedekind sums. Theorem 4.6 (Reciprocity law). Let l ≥ k. We assume that there exists an ∈ F∗ n−1 ∈ \ element ζ q such that ζ =1. Choose a1,...,an A Ak.Ifa1,...,an are coprime, then we have n (4.1) sk,l(ai; a1,...,ai−1,ai+1,...,an) i=1 i1 ··· in a1 an ··· = Ei1 (Ak) Ein (Ak). a1 ···an i1+···+in=n−1 i1,...,in≥0 This result will be proved in section 5.

86 YOSHINORI HAMAHATA

5. Proofs of Theorems 3.4, 4.6 5.1. Proof of Theorem 4.6. Put 1 F (z)= . εl(a1z) ···εl(anz) −1 ∩ −1 { } By assumption on a1,...,an,wehaveai Ak aj Ak = 0+if i = j. This implies n −1 that F (z) has a simple pole at any non-zero element of i=1 ai Ak. For any non-zero element f ∈ Ak,wehave −1 −1 aj f Resf/ai (F (z)dz)=Resf/ai (εl(aiz) dz) εl . ai j= i Since ε (a z)−1 = a−1 (z − f/a )−1, l i i f∈Al i −1 Resf/ai (εl(aiz) dz)=1/ai. Hence −1 1 ajf Resf/ai (F (z)dz)= εl . ai ai j= i To prove the theorem, we need the following elementary lemma. Lemma 5.1. Assumptions being as in Theorem 4.6, we have Resf (F (z)dz)=0, α∈S + n −1 where S = i=1 ai Ak. Proof. The contribution of S from the partial fraction decomposition of F (z) is ord(α) C α,r , (z − α)r α∈S r=1 −r where ord(α) is the order of α,andCα,r is the coeﬃcient of (z − α) .Thenwe have Resα(F (z)dz)=Cα,r for any α ∈ S. By assumption, there exists a certain ∈ F∗ n−1 −n ζ q with ζ =1.TheidentityF (ζz)=ζ F (z) induces n−1 ζ Cα,1 = Cα,1, α∈S α∈S which leads the lemma.

We now continue with the proof of the theorem. By the above lemma, we have n n−1 (−1) sk,l(ai; a1,...,ai−1,ai+1,...,an)+Res0(F (z)dz) i=1 n

= Resf/ai (F (z)dz)+Res0(F (z)dz)=0.

i=1 f∈Ak Since ∞ a z i = − E (A )amzm, ε (a z) m k i l i m=0

SEQUENCES OF DEDEKIND SUMS IN FUNCTION FIELDS 87 we have the expression % & ∞ (−1)n n F (z)= E (A )amzm . a ···a zn m k i 1 n i=1 m=0 Hence (−1)n i1 ··· in ··· Res0(F (z)dz)= a1 an Ei1 (Ak) Ein (Ak). a1 ···an i1+···+in=n−1 i1,...,in≥0 This completes the proof of Theorem 4.6. 5.2. Proof of Theorem 3.2. By the reciprocity law (4.1),

sk,l(c; a, 1) + sk,l(1; a, c)+sk,l(a; c, 1) 1 = alcmE (A )E (A )E (A ). ac l k m k n k l+m+n=2 2 By q>3, there exists an element ζ ∈ Fq \{0} such that ζ =1.Wehave −1 −1 −2 sk,l(1; a, c)= εl(aζf) εl(cζf) = ζ sk,l(1; a, c),

ζf∈Ak which yields sk,l(1; a, c)=0.Henceweget

sk,l(a, c)+sk,l(c, a) a2 + c2 +1 ac + a + c (5.1) = E (A )2E (A )+ E (A )E (A )2. ac 0 k 2 k ac 0 k 1 k −1 We now note that E1(Ak) = 0 because of ζ E1(Ak)=E1(Ak). Applying this and E0(Ak)=−1 to (5.1), we have the reciprocity law (3.1). Remark 5.2. In our previous paper ([2], Lemma 5.1), we proved the following claim. Let G(z) be a polynomial over a ﬁeld L of degree > 1 and let R be the set of all roots of G(z). Then we have 1 Res dz =0. a G(z) a∈R From this, the case k = l in the above lemma holds without assumptions. Therefore the statement of the case k = l in Theorem 4.6 is simple.

6. Limits of Dedekind sums

Let us take a1,a2,...,an ∈ A \{0} such that a1,a2,...,an−1 are relatively prime to an.Letk, l be non-negative integers. Theorem 6.1. We have

lim sk,l(an; a1,...,an−1) l→∞ ⎧ − − ⎪ 1 1 ⎨ n−1 1 a1f an−1f (−1) eA ···eA (if an ∈ Ak) = an ∈ an an ⎩⎪ f Ak 0(if an ∈ Ak)

lim sk,l(an; a1,...,an−1) = lim sk,k(an; a1,...,an−1)=0. k→∞ k→∞

88 YOSHINORI HAMAHATA

Proof. The ﬁrst identity follows from (2.1). As for the second identity, let k be fully large. Then Ak ⊃ anAl is valid. Then using Proposition 4.4 (i), we obtain

sk,l(an; a1,...,an−1) − − 1 1 n−1 1 a1f an−1f =(−1) |anAl| εl ···εl an an an f∈Ak/anAl =0.

Similarly, we can show limk→∞ sk,k(an; a1,...,an−1)=0makinguseofAk ⊃ anAk ∩ Ak = {0}.

Taking limit liml→∞ in Theorem 4.6, we have Theorem 6.2 (Reciprocity law). We assume that there exists an element ζ ∈ F∗ n−1 ∈ \ q such that ζ =1. Choose a1,...,an A Ak.Ifa1,...,an are coprime, then we have n lim sk,l(ai; a1,...,ai−1,ai+1,...,an) l→∞ i=1 i1 ··· in a1 an ··· = Ei1 (Ak) Ein (Ak). a1 ···an i1+···+in=n−1 i1,...,in≥0 We now consider the relationship between our Dedekind sums and ones deﬁned in our previous paper [2]. Write tk,l(an; a1,...,an−1)forsk,l(an; a1,...,an−1) with deg an = k.Then Theorem 6.3. We have

(i) liml→∞ tk,l(an; a1,...,an−1) is expressed as − − 1 1 n−1 1 a1f an−1f (−1) eA ···eA , an an an f∈A/anA which is nothing other than the Dedekind sum deﬁned in [2]. (ii) liml→∞ tk,l(an; a1,...,an−1) is not rational when it is not zero. To be exact, it is transcendental.

Proof. (i) Since Ak is the set of representatives of A/anA, Theorem 6.1 yields the result. (ii) By (i) together with (2.2),

lim tk,l(an; a1,...,an−1) l→∞ − − n−1 1 1 n−1 π a1πf an−1πf =(−1) eL ···eL an ∈ an an ⎡ f A/anA ⎤ − − 1 1 n−1 ⎣ n−1 1 a1g an−1g ⎦ (6.1) = π (−1) eL ···eL . an an an g∈L/anL We proved in [2] that the inside of [ ] in (6.1) is contained in K.Sinceπn−1 is transcendental, the proof is completed.

SEQUENCES OF DEDEKIND SUMS IN FUNCTION FIELDS 89

Acknowledgments The author is grateful to the referees for careful reading of the manuscript.

References [1] A. Bayad and Y. Hamahata, Higher dimensional Dedekind sums in finite fields, Finite Fields and Their Applications 18 (2012), 19-25. MR2874902 [2] A. Bayad and Y. Hamahata, Higher dimensional Dedekind sums in function fields, Acta Arithmetica 152 (2012), 71-80. MR2869211 [3] E.-U. Gekeler, On the coefficients of Drinfeld modular forms, Invent. Math. 93 (1988), 667- 700. MR952287 (89g:11043) [4] E.-U. Gekeler, Some new identities for Bernoulli-Carlitz numbers, J. Number Theory 33 (1989), 209-219. MR1034200 (90j:11128) [5] D. Goss, Basic Structures of Function Fields Arithmetic, Springer, 1998. MR1423131 (97i:11062) [6] S. Okada, Analogies of Dedekind sums in function fields, J. Number Theory 130 (2010), 1750-1762. MR2651153 (2011f:11059) [7] H. Rademacher and E. Grosswald, Dedekind Sums, The Mathematical Association of Amer- ica, Washington, D.C., 1972. MR0357299 (50:9767) [8] J. Yu, Transcendence and special values in characteristic p, Ann. of Math. 134 (1991), 1-23. MR1114606 (92g:11075) [9] D. Zagier, Higher dimensional Dedekind sums, Math. Ann. 202 (1973), 149-172. MR0357333 (50:9801)

Institute for Teaching and Learning, Ritsumeikan University, 1-1-1 Noji-higashi, Kusatsu, Shiga 525-8577, Japan E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11522

Niho Bent Functions and Subiaco Hyperovals

Tor Helleseth, Alexander Kholosha, and Sihem Mesnager

Abstract. In this paper, the relation between binomial Niho bent functions discovered by Dobbertin et al. and o-polynomials that give rise to the Subiaco class of hyperovals is found. This allows to expand the original class of bent functions in the case when m ≡ 2 (mod 4). It is also proven that one of the earlier discovered sporadic Niho bent functions, up to EA-equivalence, belongs to the known inﬁnite class.

1. Introduction and Preliminaries

Boolean functions of n variables are binary functions over the Galois field F2n Fn (or over the vector space 2 of all binary vectors of length n). In this paper, we shall always endow this vector space with the structure of a field, thanks to the choice of a basis of F2n over F2 . Boolean functions are used in the pseudo-random generators of stream ciphers and play a central role in their security. Bent functions were introduced by Rothaus [11] in 1976. These are Boolean functions of an even number of variables n, that are maximally nonlinear in the sense that their Walsh transform takes precisely the values ±2n/2. This corresponds to the fact that their Hamming distance to all affine functions is optimal. Bent functions have also attracted a lot of research interest because of their relations to coding theory and applications in cryptography. Despite their simple and natural definition, bent functions turned out to admit a very complicated structure in general. On the other hand, many special explicit constructions are known. Distin- guished are primary constructions giving bent functions from scratch and secondary ones building new bent functions from one or several given bent functions. These constructions often look simpler when written in their bivariate representation but, of course, they also have an equivalent univariate form (see Subsection 1.1). It is well known that some of the explicit constructions belong to the two general families of bent functions which are the original Maiorana-McFarland [8] and the Partial Spreads classes. It was in the early seventies when Dillon in his thesis [5] introduced the two above mentioned classes plus the third one denoted by H, where bentness is proven under some conditions which were not obvious to achieve (in this class, Dillon was able to exhibit only those functions belonging, up to the affine equivalence, to the Maiorana-McFarland class). He defined the functions in class H in their bivariate representation but they can also be seen in the univariate form as found recently by Carlet and Mesnager [3]. They extended

2010 Mathematics Subject Classiﬁcation. Primary 51E20, 51E21, 94C10; Secondary 05B25.

c 2012 American Mathematical Society 91

92 TOR HELLESETH, ALEXANDER KHOLOSHA, AND SIHEM MESNAGER the class H to a slightly larger class denoted by H (see Subsection 1.2), also deﬁned in bivariate representation, and observed that this class contains all bent functions of the, so called, Niho type which were introduced in [6]byDobbertinet al. (see Subsection 1.3).

1.1. Trace representation, Boolean functions in univariate and bivariate forms. For any positive integer k and any r dividing k, the trace function k F F Trr () is the mapping from 2k to 2r deﬁned by

k −1 r k 2ir 2r 22r ··· 2k−r Trr (x):= x = x + x + x + + x . i=0 F k k−1 2i In particular, the absolute trace over 2k is the function Tr1(x)= i=0 x . Recall k r ◦ k that the trace function satisfies the transitivity property Tr1 =Tr1 Trr .From now on assume n is even and n =2m. For any set E,denoteE \{0} by E∗. The univariate representation of a Boolean function is defined as follows: we Fn F F identify 2 (the n-dimensional vector space over 2 ) with 2n and consider the F F · n arguments of f as elements in 2n . An inner product in 2n is x y =Tr1 (xy). There n 2 −1 i F exists a unique univariate polynomial i=0 aix over 2n that represents f (this is true for any vectorial function from F2n to itself). The algebraic degree of f is equal to the maximum 2-weight of an exponent having nonzero coefficient, where the 2- weight w2(i) of an integer i is the number of ones in its binary expansion. Hence, in the case of a bent function, all exponents i whose 2-weight is larger than m have a zero coefficient ai.Moreover,fbeing Boolean, its univariate representation can be written in the form of f(x)= Tro(j)(a xj ), where Γ is the set of integers j∈Γn 1 j n obtained by choosing one element in each cyclotomic coset of 2 modulo 2n − 1, o(j) ∈ F is the size of the cyclotomic coset containing j and aj 2o(j) . This representation is unique up to the choice of cyclotomic coset representatives. Function f can also n F be written in a non-unique way as Tr1 (P (x)) where P (x)isapolynomialover 2n . The bivariate representation of a Boolean function is defined as follows: we iden- F F × F tify 2n with 2m 2m and consider the argument of f as an ordered pair (x, y)of F i j elements in 2m . There exists a unique bivariate polynomial 0≤i,j≤2m−1 ai,j x y over F2m that represents f. The algebraic degree of f is equal to

max (w2(i)+w2(j)) . (i,j) | ai,j =0 And f being Boolean, its bivariate representation can be written in the form of m f(x, y)=Tr1 (P (x, y)), where P (x, y) is some polynomial of two variables over F2m . Let f be an n-variable Boolean function. Its “sign” function is the integer- f valued function χf := (−1) .TheWalsh transform of f is the discrete Fourier transform of χf whose value at point w ∈ F2n is deﬁned by f(x)+Trn(wx) χˆf (w)= (−1) 1 .

x∈F2n Definition 1.1. For even n, a Boolean function f in n variables is said to be n bent if for any w ∈ F2n we haveχ ˆf (w)=±2 2 .

NIHO BENT FUNCTIONS AND SUBIACO HYPEROVALS 93

1.2. Class H of Bent Functions. In his thesis [5], Dillon introduced the class of bent functions denoted by H. The functions in this class are deﬁned in their bivariate form as

m 2m−2 f(x, y)=Tr1 y + xG(yx ) , where x, y ∈ F2m and G is a permutation of F2m such that G(x)+x does not ∈ F∗ vanish and for any β 2m , the function G(x)+βx is 2-to-1 (i.e., the pre-image of any element of F2m is either a pair or the empty set). As observed by Carlet and Mesnager [3, Proposition 1], this class can be slightly extended into a class H deﬁned as the set of (bent) functions g satisfying ' m y Tr1 xH x , if x =0 (1.1) g(x, y)= m Tr1 (μy), if x =0 , where μ ∈ F2m and H is a mapping from F2m to itself satisfying the following necessary and suﬃcient conditions

(1.2) G : z → H(z)+μz is a permutation on F2m → F ∈ F∗ (1.3) z G(z)+βz is 2-to-1 on 2m for any β 2m . As proved in [3, Lemma 13], condition (1.3) implies condition (1.2) and, thus, is necessary and suﬃcient for g being bent. It also follows that polynomials G(z) satisfying (1.3) are so-called o-polynomials (oval polynomials) over F2m (the addi- G(z)+G(0) tional properties of G(0) = 0 and G(1) = 1 can be achieved by taking G(1)+G(0) instead of G(z)). o-polynomials arise from hyperovals and deﬁne them. Note that class H contains all bent functions with the property that their restriction to the multiplicative cosets of F2m is linear.

1.3. Niho bent functions. Recall that a positive integer d (always understood modulo 2n − 1) is said to be a Niho exponent and t → td is a Niho power d function if the restriction of t to F2m (and, therefore, to its cosets uF2m ) is linear ≡ j m − n d or, in other words, d 2 (mod 2 1) for some j

94 TOR HELLESETH, ALEXANDER KHOLOSHA, AND SIHEM MESNAGER

• An extension by Leander and Kholosha [7] of the second class from [6] has the form of − 2r1−1 m m− i n 2 +1 (2 1) 2r +1 (1.4) Tr1 at + t i=1 2m with r>1 satisfying gcd(r, m)=1anda ∈ F2n is such that a + a =1. • Functions in a bivariate form obtained from the known o-polynomials (see [3, Section 6]). m As was noted in [6], all cases except for d2 =(2 −1)3+1 with m ≡ 2 ( mod 4) give n n gcd(d2, 2 −1) = 1 and in the remaining case, gcd(d2, 2 −1) = 5. Therefore, having the condition on b, it can be assumed, without loss of generality, that b = 1 (this is − achieved by substituting t with b 1/d2 t). However, in Subsection 3.2, we show that even in the case when m ≡ 2 (mod 4) the value of b can be taken arbitrary under m the condition that a = b2 +1. Since the restriction to uF2m of these bent functions is linear, they all belong to H. The question left open in [6] was finding the dual and checking if that was of the Niho type (possibly up to affine equivalence). In [3, 2] considered were bent functions from the second class (having degree 3) and multinomial (1.4). It was shown that corresponding o-polynomials are Frobenius mappings and dual functions were found that turned out not to be in the Niho class. Moreover, these cases give bent functions in the completed Maiorana-McFarland class. In this paper, we find o-polynomials that arise from the first class of binomial Niho bent functions. However, it still remains to determine the dual. The third class is completely open.

2. Subiaco Hyperovals Here we define o-polynomials that give rise to the Subiaco family of hyperovals. Theorem 2.1 (Theorems 3-5 [4]). Take polynomials f(x) and g(x) and for any s ∈ F2m define f(x)+esg(x)+s1/2x1/2 f (x)= , s 1+es + s1/2 ∈ F m where e 2m with Tr1 (e)=1is defined further. Then in the following cases, g(x) and fs(x) are o-polynomials: (i) if m is odd then take e =1and 2 4 3 x + x 1 x + x 1 f(x)= + x 2 and g(x)= + x 2 ; (x2 + x +1)2 (x2 + x +1)2 2 (ii) if m ≡ 2(mod4)then take e = w ∈ F2m with w + w +1=0and 2 2 2 2 x (x + wx + w) 2 1 wx(x + x + w ) 2 1 f(x)= + w x 2 and g(x)= + w x 2 ; (x2 + wx +1)2 (x2 + wx +1)2 w2+w5+w1/2 ∈ F 2 (iii) for any m,takee = w(1+w+w2) where w 2m with w + w +1=0and m Tr1 (1/w)=1,and 2 4 2 2 3 2 w (x + x)+w (1 + w + w )(x + x ) 1 f(x)= + x 2 and (x2 + wx +1)2 4 4 3 2 4 3 3 2 1/2 w x + w (1 + w + w )x + w (1 + w )x w 1 g(x)= + x 2 . (w2 + w5 + w1/2)(x2 + wx +1)2 w2 + w5 + w1/2

NIHO BENT FUNCTIONS AND SUBIACO HYPEROVALS 95

It is useful to have the following explicit expressions for fs(x)ineachofthe 1 cases considered. Denote 1 + es + s 2 = A,thenfs(x)isequalto 4 3 2 s(x + x )+x + x 1 (2.1) + x 2 ,modd A(x2 + x +1)2 4 3 2 −1 x + w(sw +1)(x + x )+swx 2 1 1 (2.2) A +(w + s + s 2 )x 2 ,m/2odd (x2 + wx +1)2 2 4 2 2 3 2 2 2 (1 + sw + w )x +(1+w + w ) (sx + x )+(s + w + sw )x (2.3) w 2 2 2 (1 + w + w )( x + wx +1) 1 s +1 1 1 −1 + s 2 + x 2 (e + es + s 2 ) ,marbitrary , w1/2(1 + w + w2) where in (2.3), we changed s +1fors in the original deﬁnition of fs(x). Note that for m odd, taking w = 1 in (2.3) results in (2.1). In each of the cases listed above, the set (f(x),g(x),a) deﬁnes a q-clan. On the other hand, by [4, Theorem 1], the existence of the q-clan is equivalent to the property that g(x) is an o-polynomial and fs(x) is an o-polynomial for any s ∈ F2m .In[10], it was shown that the Subiaco construction provides two inequivalent hyperovals if m ≡ 2 (mod 4) and one hyperoval otherwise.

3. Bent Functions from Subiaco Hyperovals

Take the following function over F2n m 2m+1 n 3(2m−1)+1 f(t)=Tr1 (at )+Tr1 (bt ) , ∈ F∗ ∈ F∗ 2m+1 F where a 2m and b 2n are such that b = a.Let(u, v)beabasisof 2n as a two-dimensional vector space over F2m . Then for any x, y ∈ F2m ,weobtain f(ux + vy) having the form of (1.1) with m 1 2 +1 m− 2 2 n 3(2 1)+1 H(z)=a (u + vz) +Trm b(u + vz) 1 2m+1 m− 2 2 n 3(2 1)+1 μ = a v +Trm(bv ) .

Here all notation are from Subsection 1.2. Therefore, with z ∈ F2m , m m 1 2 +1 1 2 +1 m− m− 2 2 2 2 n 3(2 1)+1 3(2 1)+1 G(z)=a v z + a (u + vz) +Trm b(v z +(u + vz) ) . Further, we have that

2m+1 2m+1 m 1 1 2m+1 2 2 n 2 2 2 2 (u + vz) = u + Trm(u v) z +(vz) and since z ∈ F2m ,

1 2m+1 1 2m+1 1 2m+1 1 m 1 1 2 2 2 2 2 2 2 n 2 2 2 (3.1) a v z + a (u + vz) = a u + a Trm(u v) z . m Now expand the term (u+vz)3(2 −1)+1. To this end, note that 3(2m −1)+1 = 2m+1 − 1+2m − 1. Then m m+1 m (u + vz)3(2 −1)+1 =(u + vz)2 −1(u + vz)2 −1 2m+1−1 2m−1 m+1 m = u2 −1−j(vz)j u2 −1−j(vz)j j=0 j=0 3·2m−2 3·2m−2−i i = (Ni mod 2)u (vz) , i=0

96 TOR HELLESETH, ALEXANDER KHOLOSHA, AND SIHEM MESNAGER where Ni = |Ei| and

m+1 m Ei = {(j1,j2) | j1 + j2 = i, 0 ≤ j1 ≤ 2 − 1, 0 ≤ j2 ≤ 2 − 1} .

We compute Ni by enumerating the elements of Ei as follows: m • for 0 ≤ i ≤ 2 − 1, we have Ei = {(i − j, j) | 0 ≤ j ≤ i} and Ni = i +1; m m+1 m • for 2 ≤ i ≤ 2 − 1, we have Ei = {(i − j, j) | 0 ≤ j ≤ 2 − 1} and m Ni =2 ; m+1 m m+1 • for 2 ≤ i ≤ 3 · 2 − 2, we have Ei = {(i − j, j) | i − 2 +1 ≤ m m j ≤ 2 − 1} and Ni =3· 2 − 1 − i (indeed, j1 + j2 = i implies that m+1 m+1 j2 = i − j1 ≥ i − 2 +1sincej1 ≤ 2 − 1). m−1 Therefore Ni mod2=1ifandonlyifi =2l with 0 ≤ l ≤ 2 − 1or i =2m+1 +2l with 0 ≤ l ≤ 2m−1 − 1and

2m−1−1 2m−1−1 m m m m+1 m+1 (u + vz)3(2 −1)+1 = u3·2 −2−2l(vz)2l + u3·2 −2−2 −2l(vz)2 +2l l=0 l=0 − − 2m1−1 2m1−1 (∗) m m m+1 = u3·2 −2(l+1)(vz)2l + u2 −2(l+1)v2 −2(vz)2(l+1) l=0 l=0 2m−1−1 2m−1 m m m+1 = u3·2 −2(l+1)(vz)2l + u2 −2lv2 −2(vz)2l l=0 l=1 2m−1−1 m m m m+1 2l m = u3·2 −2 +(u3·2 −2 + u2 v2 −2) u−1vz + v3·2 −2z l=1 −1 2m m m m m 1+(u vz) m = u3·2 −2 + u2 (u2(2 −1) + v2(2 −1)) 1+ + v3·2 −2z 1+u−2v2z2 m m m m m m m = u2 v2(2 −1) + u2 (u2(2 −1) + v2(2 −1))(1 + u−1vz)2 −2 + v3·2 −2z m m m m m m = u2 v2(2 −1) + u2(u2(2 −1) + v2(2 −1))(u + vz)2 −2 + v3·2 −2z.

m+1 m In the second sum after (∗), we used that z2 +2l =(z2 )2z2l = z2z2l = z2(l+1). Finally, denoting 1 2m+1 m m− 2 2 n 2 2(2 1) c = a u +Trm(bu v ) and using (3.1), we obtain that (3.2)

1 m 1 1 m− m− m− 2 n 2 2 2 n 2 2(2 1) 2(2 1) 2 2 G(z)=c + a Trm(u v) z +Trm bu (u + v )(u + vz) .

2m+1 Now assume v = 1 and take u ∈ F2n \{1} with u = 1 that means u ∈ F \ F 2m ∈ F∗ m 2n 2m . Also denote u + u = w 2m and observe that Tr1 (1/w)=1(since 2 this is equivalent to u +wu+1 being irreducible over F2m ). Moreover, all w ∈ F2m m with such a trace property are obtained in this way from u.Thenu2 −1 = w/u+1 and

n 2m Trm(u v)=w m m u2 v2(2 −1) + u2(2 −1) = w2 .

NIHO BENT FUNCTIONS AND SUBIACO HYPEROVALS 97

1 n 2m Under these conditions, c = a 2 +Trm(bu )and (3.3) 2 2m 2m 2 1 bw (u + z) b w (u + z) G(z)=c +(awz) 2 + + (u + z)2 (u2m + z)2 3 2m 3 1 2 b(u + w + z) + b (u + z) = c +(awz) 2 + w (u + z)2(u + w + z)2 2m 3 2 2m+1 2 1 2 (b + b )(u + z) + bw(z + wz + u + w ) = c +(awz) 2 + w (z2 + wz + u2m+1)2

(3.4) 1 = c +(awz) 2 m m w2(b + b2 )(z3 + uz2 + u2z)+bw3(z2 + wz)+Trn (b2 (u5 + u)) + m (z2 + wz +1)2 1 m 1 2 n 2 5 2 = a +Trm(b u )+(awz) m m w2(b + b2 )(z3 + uz2 + u2z)+bw3(z2 + wz)+Trn (b2 (u5 + u))(z2 + wz)2 + m (z2 + wz +1)2

(3.5,3.6) 1 m 1 2 n 2 5 2 = a +Trm(b u )+(awz) m m m Trn (b2 (u5 + u))z4 +Trn (b)w2z3 +Trn (b2 u5)w2z2 +Trn (b2 (u4 +1))z + m m m m . (z2 + wz +1)2 Here we used the following identities 2 2m 3 3 2 n 2m 5 (3.4) w (b + b )u + bw (1 + w )=Trm(b (u + u)) ; 2m n 2m 5 n 2m 5 (3.5) u(b + b )+bw +Trm(b (u + u)) = Trm(b u ); 2 2m 2 4 n 2m 4 (3.6) w (b + b )u + bw =Trm(b (u +1)) . Further, we consider three separate cases deﬁned by the value of m.

3.1. m odd. In this case, take u ∈ F4 \{0, 1}.Notethatu ∈ F2n \ F2m and m w = u + u2 = u + u2 = 1. Then, by (3.3), n 4 3 n 2 1 n 1 Trm(b)(z + z )+Trm(bu)(z + z) G(z)=a 2 +Tr (bu)+(az) 2 + m (z2 + z +1)2 −1 4 3 −1 2 2 1 n 1 1 (B + B )(z + z )+(B u + Bu)(z + z) = a 2 +Tr (bu)+(az) 2 + a 2 m (z2 + z +1)2 1 1 2 n 2 = a +Trm(bu)+a fs(z) , − 1 −1 2m − 1 2m 2m+1 where B = ba 2 with B = b a 2 = B since a = b . Polynomial fs(z) 1+B2 ∈ F 2 2 with s = u2+B2u 2m is an o-polynomial (2.1) (assuming u + B u = 0). In the m case when u2 = B2u (or, equivalently, b2 −1 = u2)weobtain 4 3 1 z + z G(z)=bu + buz 2 + bu = bu(1 + g(z)) , (z2 + z +1)2 1 2m+1 1 2m since a 2 =(b ) 2 = bu = b + b and where o-polynomial g(z) comes from Theorem 2.1 Item (i). m− 2m−1 2 b2 1+1 Assuming b = u , note that equation s = b2m−1u2+u canbesolvedfor ∈ F∗ ∈ F the unknown b 2n for any s 2m since s = u. We conclude that the set of

98 TOR HELLESETH, ALEXANDER KHOLOSHA, AND SIHEM MESNAGER

∈ F∗ bent functions with b 2n corresponds exactly to all o-polynomials described in Theorem 2.1 Item (i). This means that the existence of this set of bent functions is equivalent to the existence of the corresponding q-clan.

5 3.2. m ≡ 2(mod4). In this case, take u ∈ F16 \ F4 with u =1.Notethat 2m+1 5 2m 4 u ∈ F2n \ F2m and u = u =1.Thenu + u = u + u = w ∈ F4 ⊂ F2m . Obviously, w = 0. It can be checked directly that u with the prescribed properties also satisﬁes w = 1 and, thus, w2 + w =1.Therearefour options for choosing u with these properties and both w ∈ F4 \{0, 1} can be obtained. Then, by (3.3), 1 1 2 n 2 G(z)=a +Trm(b)+(awz) Trn (b(u4 +1))z4 +Trn (b)w2(z3 + z2)+Trn (b(u +1))z + m m m (z2 + wz +1)2 4 3 2 1 n 1 n 4 z + w(sw +1)(z + z )+swz = a 2 +Tr (b)+(awz) 2 +Tr (b(u +1)) m m (z2 + wz +1)2

(∗) 1 1 2 n 2 n 4 = a +Trm(b)+(1+ws + s )Trm(b(u +1))fs(z) , 2 n w Tr m(b(u+1)) where polynomial fs(z) with s = n 4 is an o-polynomial (2.2) (assuming Tr m(b(u +1)) n 4 n 4 Trm(b(u +1)) = 0). In the case when Trm(b(u + 1)) = 0 (or, equivalently, m b2 −1 =(u +1)3 = u4)weobtain n 2 3 2 n 1 n 1 Trm(b)w (z + z )+Trm(b(u +1))z G(z)=a 2 +Tr (b)+(awz) 2 + m (z2 + wz +1)2 2 2 1 n 2 2 1 2 wz(z + z + w ) = a 2 +Tr (b)+bu w z 2 + bu m (z2 + wz +1)2 1 2 n 2 = a +Trm(b)+bu g(z) , 2m+1 2 4 n 4 4 2 since a = b = b u and Trm(b)w = b(1 + u )(u + u )=bu and where o- m polynomial g(z) comes from Theorem 2.1 Item (ii). On the other hand, if b2 −1 = u4 then it suﬃces just to take another u with the above deﬁned properties (recall that four options exist). To obtain (∗) we used the following identities 2 n 4 2 (w + s + s)Trm(b(u +1)) = wTrn (b(u4 +1))2 + wTrn (b(u +1))2 + w2Trn (b(u + 1))Trn (b(u4 +1)) m m m m 2 n n 4 n n 4 n 2 n 4 2 = w Trm(bu)Trm(bu )+Trm(b)Trm(b(u + u)) + Trm(b) + wTrm(b(u + u)) 2 2m 4 4 2m 2 n 2 = w (bu + b u )(bu + b u)+w Trm(b) = aw . It is important to observe that there are no restrictions on the value of b here. It means that this technique allows to enlarge the original class of Niho bent functions proved in [6]. m− w2Tr n (b(u+1)) 2 1 4 m Assuming b = u , note that equation s = Tr n (b(u4+1)) canbesolvedfor ∈ F∗ ∈ F m the unknown b 2n for any s 2m . Indeed, this equation can be rewritten as m b(u4s + s + uw2 + w2)=b2 (us + s + u4w2 + w2)or m b(u4s + s + u4 + u2)=b2 (us + s + u3 + u) .

Since s ∈ F2m , it is easy to see that this equation has nonzero sides and its right- hand side is a 2mth power of the left-hand side. We conclude that the set of ∈ F∗ bent functions with b 2n corresponds exactly to all o-polynomials described in

NIHO BENT FUNCTIONS AND SUBIACO HYPEROVALS 99

Theorem 2.1 Item (ii). This means that the existence of this set of bent functions is equivalent to the existence of the corresponding q-clan. 3.3. m ≡ 0(mod4). In this case, w2 + w +1 = 0 since the opposite is 4 3 2 equivalent to u + u + u + u + 1 = 0 that gives u ∈ F24 which is a contradiction because F24 ⊂ F2m . As was noted in Subsection 1.3, without loss of generality, we can assume b = a = 1. Then, by (3.3), n 5 4 n 5 2 2 n 4 n 5 1 Trm(u + u)z +Trm(u )w z +Trm(u )z G(z)=1+Tr (u )+(wz) 2 + m (z2 + wz +1)2 ∗ 5 3 4 3 2 2 2 4 ( ) n 5 1 (w + w )z + w (1 + w + w ) z + w z = 1+Tr (u )+(wz) 2 + m (z2 + wz +1)2 1 n 5 2 5 2 =1+Trm(u )+(w + w + w )f0(z) , ∗ 2 2 n 5 where ( ) follows by w(1 + w + w ) =Trm(u )andf0(z)isano-polynomialfrom (2.3). Remark 3.1. In 2004, using computer calculations, the following sporadic bent function of Niho type was found. For m =4,

m 2m+1 n 5(2m−1)+1 7(2m−1)+1 (3.7) f(t)=Tr1 (t )+Tr1 t + t . The question open since then is whether this function is a new one or if it is EA- equivalent to one of the known Niho bent functions. Here we resolve this open problem. m Take basis elements v =1andu with u + u2 =1.Since x16 + x +1=(1+x + x3 + x4 + x5 + x6 + x8)(1 + x3 + x5 + x6 + x8) , wegetthateither (3.8) 1 + u + u3 + u4 + u5 + u6 + u8 =0 or 1+u3 + u5 + u6 + u8 =0 . By direct calculations, we obtain that μ =1and

2m+1 2 n 76 106 G1(z)=z +(u + z) +Trm (u + z) +(u + z) =1+u + u4 + u6 + u8 + u10 + u12 +(u4 + u8)z2 +(1+u2 + u8)z4 + z6 +(1+u2 + u4)z8 + z10 + z12 ,

2 2m+1 2m+1 n 2m+1 since z +(u + z) = u +Trm(u)z = u + z.Asobservedin[3, Sec. 3.1.2], adding a constant to G1(z) results into EA-equivalent bent functions, 4 thus, the constant term in G1(z) can be ignored. Deﬁne β =1+u + u ∈ F2m 4 and note that β = β +1andβ is primitive in F2m (this is checked easily). Then, depending on (3.8), G1(z) without a constant term is respectively equal to either β9z2 + β2z4 + z6 + β11z8 + z10 + z12 or β7z2 + β2z4 + z6 + β12z8 + z10 + z12 . Both polynomials belong to the list of 2040 o-polynomials representing the Lunelli- Sce hyperoval (numbers 119 and 120 in the list [9]). By [1, Theorem 26], the Lunelli-Sce hyperoval is a member of the Subiaco family of hyperovals. Thus, it is natural to expect that function (3.7) is EA-equivalent to the following Niho bent function from Subsection 1.3 m 2m+1 n 3(2m−1)+1 (3.9) f(t)=Tr1 (t )+Tr1 (t )

100 TOR HELLESETH, ALEXANDER KHOLOSHA, AND SIHEM MESNAGER with m = 4. However, this does not come automatically since equivalent hyperovals do not necessarily correspond to EA-equivalent bent functions (see [3, Sec. 3.1.2]). Now, take basis elements v =1andw = u2 (where u is the second element in the basis chosen for analyzing function (3.7)) and recall that diﬀerent choices m of basis lead to EA-equivalent functions. Then w + w2 =1andusing(3.2),we obtain that function (3.9) corresponds to the following polynomial

8(2m+1) 8 n 14 G2(z)=w +1+z +Trm (w + z) =1+w + w2 + w4 + w6 + w10 + w12 +(1+w4 + w8)z2 +(1+w2 + w8)z4 + z6 +(w2 + w4)z8 + z10 + z12 =1+u + u5 + u9 + u12 +(u + u8)z2 +(u + u4)z4 + z6 +(u4 + u8)z8 + z10 + z12 .

4 2 Similarly, if η =1+w + w = β ∈ F2m (obviously, η is also primitive in F2m and 4 η = η + 1) then, depending on (3.8) (where u is replaced by w), G2(z) without a constant term is respectively equal to either η7z2 + η2z4 + z6 + η12z8 + z10 + z12 or η9z2 + η2z4 + z6 + η11z8 + z10 + z12 using the fact that the sum of all coeﬃcients in the latter polynomials has to be equal to one. These are the same Lunelli-Sce o-polynomials as obtained before but in the reverse order. Now observe that 4 8 4 8 2 2 8 4 6 2 4 8 10 12 G2(z +u +u )=cu +(u +u )z +(1+u +u )z +z +(1+u +u )z +z +z , where cu is a constant depending on u. Finally, note that the latter polynomial without the constant term cu is exactly G1(u) without the constant term. Since adding a constant term to the argument of an o-polynomial is one of the transformations that preserves EA-equivalence of the corresponding bent functions (see [3, Sec. 3.1.2]), we conclude that bent functions (3.7) and (3.9) are EA-equivalent.

References [1] Julia M.N. Brown and William E. Cherowitzo, The Lunelli-Sce hyperoval in PG(2, 16), J. Geom. 69 (2000), no. 1-2, 15–36. MR1800454 (2001m:51013) [2] Claude Carlet, Tor Helleseth, Alexander Kholosha, and Sihem Mesnager, On the dual of bent functions with 2r Niho exponents, Proceedings of the 2011 IEEE International Symposium on Information Theory, IEEE, July/August 2011, pp. 657–661. [3] Claude Carlet and Sihem Mesnager, On Dillon’s class H of bent functions, Niho bent functions and o-polynomials, J. Combin. Theory Ser. A 118 (2011), no. 8, 2392–2410. MR2834182 [4] William E. Cherowitzo, Tim Penttila, Ivano Pinneri, and Gordon F. Royle, Flocks and ovals, Geom. Dedicata 60 (1996), no. 1, 17–37. [5] John F. Dillon, Elementary Hadamard diﬀerence sets, Ph.D. thesis, University of Maryland, 1974. [6] Hans Dobbertin, Gregor Leander, Anne Canteaut, Claude Carlet, Patrick Felke, and Philippe Gaborit, Construction of bent functions via Niho power functions, J. Combin. Theory Ser. A 113 (2006), no. 5, 779–798. MR2231087 (2007g:94045) [7] Gregor Leander and Alexander Kholosha, Bent functions with 2r Niho exponents, IEEE Trans. Inf. Theory 52 (2006), no. 12, 5529–5532. MR2300712 (2007k:94072) [8] Robert L. McFarland, A family of diﬀerence sets in non-cyclic groups, J. Combin. Theory Ser. A 15 (1973), no. 1, 1–10. MR0314647 (47:3198)

NIHO BENT FUNCTIONS AND SUBIACO HYPEROVALS 101

[9] Christine M. O’Keefe and Tim Penttila, Polynomials representing hyperovals,Tech.Re- port 26, Department of Mathematics, University of Western Australia, June 1989. [10] Stanley E. Payne, Tim Penttila, and Ivano Pinneri, Isomorphisms between Subiaco q-clan geometries, Bull. Belg. Math. Soc. Simon Stevin 2 (1995), no. 2, 197–222. MR1332395 (96g:51013) [11] Oscar S. Rothaus, On “bent” functions, J. Combin. Theory Ser. A 20 (1976), no. 3, 300–305. MR0403988 (53:7797)

Department of Informatics, University of Bergen, P.O. Box 7800, N-5020 Bergen, Norway E-mail address: [email protected] Department of Informatics, University of Bergen, P.O. Box 7800, N-5020 Bergen, Norway E-mail address: [email protected] Department of Mathematics, University of Paris 8 and University of Paris 13, 2 rue de la liberte,´ 93526 Saint-Denis Cedex, France E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11523

A bound on the number of points of a curve in a projective space over a ﬁnite ﬁeld

Masaaki Homma

Abstract. For a non-degenerate irreducible curve C of degree d in Pr over Fq with r ≥ 3, we prove that the number Nq(C)ofFq-points of C satisﬁes the inequality Nq(C) ≤ (d − 1)q + 1, which is known as Sziklai’s bound if r =2.

1. Introduction In the series of papers [3, 4, 5], we proved that for any plane curve C of degree d over Fq without Fq-linear components, the number Nq(C)ofFq-points of C is bounded by

(1) Nq(C) ≤ (d − 1)q +1 except for the curve over F4 deﬁned by K :(X + Y + Z)4 +(XY + YZ+ ZX)2 + XY Z(X + Y + Z)=0.

Indeed, N4(K) = 14. The bound (1) was originally conjectured by Sziklai [8], and he found that some curves actually achieve this bound. The question we are interested in is whether the bound (1) is valid for curves in higher dimensional projective space. Theorem 1.1. Let C be an absolutely irreducible curve of degree d deﬁned over r Fq in P with r ≥ 3, which is not contained in any plane. Then

Nq(C) ≤ (d − 1)q +1. The main ingredient of our proof of this theorem is the order-sequence1 of a projective curve as in St¨ohr-Voloch theory [7]; however, in our result, unlike St¨ohr- Voloch’s, the bound does not involve the genus of the curve. As a corollary of this theorem, we have the following fact. Corollary 1.2. Let C be a curve, which may have several components, of r degree d in P over Fq without Fq-linear components. In addition, when q = d =4, C is not a planar curve which is isomorphic to K over F4.Then

Nq(C) ≤ (d − 1)q +1.

2010 Mathematics Subject Classification. Primary 14G15, Secondary 11G20, 14H25. Partially supported by Grant-in-Aid for Scientific Research (21540051), JSPS.. 1As for the definition and the basic properties of order-sequence, see [2,7.6]

c 2012 American Mathematical Society 103

104 MASAAKI HOMMA

Throughout this paper, C(Fq) denotes the set of Fq-points of C;inotherwords, r r r C(Fq)=C ∩ P (Fq), where P (Fq)isthesetofFq-points of P .

2. Combinatorial approach r We regard P (Fq)asther-dimensional ﬁnite projective space over Fq.

r 2 Definition 2.1. Suppose r ≥ 2. For a subset X ⊂ P (Fq), the s-degree of X r is the maximum number of points of X that lie on a hyperplane of P (Fq). The s-degree of X is denoted by s-deg X. The total number of points of X is denoted by N.Ifr =2ands-degX = d, X is called an (N,d)-arc [1, (12.1)].

In the following lemma, α denotes the integer part of a real number α.

r Proposition 2.2. For X ⊂ P (Fq) of s-degree d, the cardinality N of X is bounded by ( ) d − 1 (2) N ≤ (d − 1)q +1+ . qr−2 + qr−3 + ···+ q +1

r r Proof. Fix a point P0 ∈ X.LetPˇ0 = {H ∈ Pˇ (Fq) | P0 ∈ H},wherePˇ (Fq) r denotes the set of hyperplanes of P (Fq). Let

P = {(P, H) ∈ (X \{P0}) × Pˇ0 | P ∈ H}.

Moreover, π1 : P→X \{P0} denotes the ﬁrst projection and π2 : P→Pˇ0 the second projection. ∈ \{ } −1 Let P X P0 .Sinceπ1 (P ) consists of pairs (P, H) with H ranging over # −1 r−2 r−3 ··· the set of hyperplanes that contain the line P0P , π1 (P )=q + q + +1. Hence #P # −1 − r−2 r−3 ··· = π1 (P )=(N 1)(q + q + +1).

P ∈X\{P0}

# On the other hand, since s-deg X = d, (H ∩ (X \{P0})) ≤ d − 1 for any H ∈ Pˇ0. Hence # # r−1 r−2 P≤(d − 1) Pˇ0 =(d − 1)(q + q + ···+1). Therefore qr−1 + ···+1 N ≤ (d − 1) +1 qr−2 + ···+1 d − 1 =(d − 1)q +1+ . qr−2 + ···+1 This completes the proof.

Remark 2.3. When r = 2, the bound (2) is rather trivial, that is, N ≤ (d − 1)q + d (see [1, (12.5)]).

2This jargon is an abbreviation for ‘set-theoretic degree’. We want to reserve the simple terminology ‘degree’ for the degree of a curve.

BOUND ON THE NUMBER OF POINTS OF A CURVE 105

3. Number of points of a non-degenerate irreducible curve In this section, we consider an irreducible curve C in Pr with r ≥ 3 deﬁned r over Fq. Moreover we assume C to be non-degenerate, that is, no hyperplane of P contains C. For a point P ∈ C and a hyperplane H of Pr with H # P ,leth be a local equation of H around P . Under this situation, V (h) denotes the hyperplane H. The intersection multiplicity i(H.C; P )ofC with H at P is ¯ i(H.C; P )=dimOP,C/(h), where h¯ is the image of h in the local ring OP,C of P ∈ C.

r Lemma 3.1. For a point P ∈ P (Fq), qr−1 + qr−2 + ···+ q +1− r (i(H.C; P ) − 1) ≥ , q − 1 H∈Pˇ where Pˇ is the set of Fq-hyperplanes passing through P . Proof. First suppose P is a nonsingular point of C. Without loss of generality, we may assume that P =(1, 0,...,0). Let x1,...,xr be a system of affine coordinate functions around P with x1(P )=··· = xr(P ) = 0, each of which is r−1 defined over Fq.ThenPˇ = {V (α1x1 + ···+ αrxr) | (α1,...,αr) ∈ P (Fq)}. We choose a local parameter t at P ∈ C whichisdefinedoverFq. Through the 0 identification OP,C = F¯q[[t]], xi canbewrittenas

2 xi = ai1t + ai2t + ··· (i =1, 2,...,r) in F¯q[[t]], where aij ∈ Fq. Applying elementary row-operations over Fq to (aij) i=1,2,...,r , we have the following form: j=1,2,... ⎧ ⎪ x = tj1 + ··· ··· ··· ⎪ 1 ⎪ . ⎨⎪ . x = tji + ··· ··· , ⎪ i ⎪ . ⎪ . ⎩ jr ··· xr = t + ··· F where 0

ji If H = V (h) ∈ Vi \Vi+1,thenh = αit +··· with αi = 0. Hence i(H.C; P )=ji ≥ i. Therefore r (i(H.C; P ) − 1) ≥ (i − 1)qr−i H∈Pˇ i=1 qr−1 + qr−2 + ···+1− r = . q − 1

106 MASAAKI HOMMA

Secondly, suppose P is a singular point of C. Hence i(H.C; P ) ≥ 2 for any H ∈ Pˇ. Therefore (i(H.C; P ) − 1) ≥ #Pˇ = qr−1 + qr−2 + ···+1 H∈Pˇ qr−1 + qr−2 + ···+1− r > . q − 1 This completes the proof. Theorem 3.2. Let C be a non-degenerate irreducible curve of degree d in Pr over Fq.Then (q − 1)(qr + qr−1 + ···+1) (q − 1)(qr+1 − 1) N (C) ≤ d = d. q qr + qr−1 + ···+ q − r q(qr − 1) − r(q − 1) Proof. Let us consider the point-hyperplane correspondence with respect to C over Fq: r Q := {(P, H) ∈ C(Fq) × Pˇ (Fq) | P ∈ H}. r Let π1 : Q→C(Fq)andπ2 : Q→Pˇ (Fq) be the ﬁrst and second projections ∈ Q ⊆ Pˇr F −1 ∩ F ×{ } respectively. If H π2( ) ( q), then π2 (H)=(H C( q)) H , and − ≥ − d P ∈H∩C(F ) i(H.C; P ) d (H.C)=0. Hence q # −1 ≤ # ∩ F − π2 (H) (H C( q)) + d i(H.C; P ) P ∈H∩C(F ) q = d − (i(H.C; P ) − 1).

P ∈H∩C(Fq ) Hence #Q # −1 = π2 (H) ∈ Q H π2( ) ⎛ ⎞ ≤ ⎝d − (i(H.C; P ) − 1)⎠ H∈π (Q) P ∈H∩C(F ) 2 q (3) ≤ d(qr + qr−1 + ···+1)− (i(H.C; P ) − 1)

P ∈C(Fq ) H∈Pˇ because #π (Q) ≤ qr + qr−1 + ···+1and 2 ⎛ ⎞ ⎛ ⎞ 1 1 1 1 Q = ⎝ {(P, H)}⎠ = ⎝ {(P, H)}⎠ .

H∈π2(Q) P ∈H∩C(Fq ) P ∈C(Fq ) H∈Pˇ Applying Lemma 3.1 to (3), we have qr−1 + qr−2 + ···+1− r (4) #Q≤d(qr + qr−1 + ···+1)− N (C). q − 1 q On the other hand, #Q # −1 r−1 r−2 ··· (5) = π1 (P )=(q + q + +1)Nq(C).

P ∈C(Fq )

From (4) and (5), we have the desired bound for Nq(C).

BOUND ON THE NUMBER OF POINTS OF A CURVE 107

Corollary 3.3. Under the same assumption as Theorem 3.2, r +1 N (C) ≤ (q − 1)d + d. q qr−1 +2qr−2 + ···+(r − 1)q + r

Proof. Let N = Nq(C). By Theorem 3.2, qr + qr−1 + ···+ q − r N ≤ d(qr + qr−1 + ···+1). q − 1 Note that r qr + qr−1 + ···+ q − r = (qi − 1) i=1 r = (q − 1)(qi−1 + qi−2 + ···+1) i=1 ⎛ ⎞ r =(q − 1) ⎝ jqr−j⎠ . j=1 r r−j ≤ − Therefore, if we put S = j=1 jq ,thenSN d((q 1)S+r+1). This completes the proof.

4. Proof of Theorem 1.1 and Corollary 1.2 Now we give proofs of the main theorem and its corollary. Proof of Theorem 1.1. Let L be the minimal linear subspace of Pr such (q) (q) that L ⊃ C.SinceC is deﬁned over Fq, L ∩ L ⊃ C,whereL is the image of L by the q-Frobenius map. By the minimality of L, L = L(q),thatis,L is an Fq-space. Since C is not contained in any plane, dim L ≥ 3. Therefore we may assume that C is non-degenerate in Pr, i.e., Pr = L. r−2 r−3 (i) Suppose d ≤ q +q +···+1. Since deg C = d, the s-degree d of C(Fq) is at most d. By the combinatorial bound (2), together with our assumption, Nq(C) ≤ (d − 1)q +1≤ (d − 1)q +1.

(ii) Suppose d ≥ q. In this case, we have Nq(C) ≤ (d−1)q +1 by Corollary 3.3. In fact, r +1 (d − 1)q +1− (q − 1)d + d r−1 r−2 ··· − q +2q + +(r 1)q + r r +1 (6) = 1 − d − q +1. qr−1 +2qr−2 + ···+(r − 1)q + r Since the coeﬃcient of d is positive and d ≥ q, r +1 (7) the quantity (6) ≥ 1 − q. qr−1 +2qr−2 + ···+(r − 1)q + r Since r ≥ 3, (qr−1 +2qr−2 + ···+(r − 1)q + r) − (r +1)q = qr−1 + ···+(r − 3)q3 +(r − 3)q2 +(q − 1)2 +(r − 1) > 0. Hence the right-hand side of (7) is positive. Obviously, q

108 MASAAKI HOMMA

Proof of Corollary 1.2. If r = 2, this is nothing but the main theorem of [5]. So we assume that r ≥ 3. (i) First we show that we may assume C to be irreducible over Fq.LetC = C1 ∪ ···∪Cs be the decomposition of C into Fq-irreducible components, and deg Ci = di (i =1,...,s). If Nq(Ci) ≤ (di − 1)q + 1 holds true for any Ci,then s s Nq(C) ≤ Nq(Ci) ≤ ((di − 1)q +1) i=1 i=1 =(d − s)q + s<(d − 1)q +1. When q =4ands ≥ 2, suppose each of the ﬁrst s components C1,...,Cs is F − contained in a plane and isomorphic to K over 4, and the remaining s s s ··· components are not. Then d1 = = ds =4,d =4s + i=s+1 di and Nq(C1)=···= Nq(Cs ) = 14. Hence s Nq(C) ≤ 14s + ((di − 1)4+1) i=s+1 =(d − 1)4+1+3− 3s + s ≤ (d − 1)4+1+3− 2s (because s ≤ s) < (d − 1)4 + 1 (because s ≥ 2). (ii) Suppose C is not absolutely irreducible. As in the preliminary step of the proof of Theorem 1.1, we may assume that C is non-degenerate in Pr.LetD be an t−1 irreducible component of C.ThenC = D∪D(q) ∪...D(q ) for some t ≥ 2, because F d ≤ d F ⊂ ∩ (q) ∩ (qt−1) C is irreducible over q. Hence deg D = t 2 ,andC( q) D D ...D . r When C(Fq)doesnotspanP , choose a hyperplane H over Fq such that H ⊃ C(Fq). Since C is non-degenerate, H does not contain any components of C because H is deﬁned over Fq. Hence we have d N (C) ≤ (D.H)=degD ≤ < (d − 1)q +1, q 2 r which is the desired bound. Therefore we may assume that C(Fq) spans P . Hence we can pick up r − 1pointsQ1,...,Qr−1 ∈ C(Fq) such that the linear space L0 spanned by these r − 1pointsisanFq-linear subspace of codimension 2. Put # (L0 ∩ C(Fq)) = r . Obviously r ≥ r − 1. Let {H0,...,Hq} be the set of Fq- F \ ⊂∪q ∩ \ hyperplanes containing L0.SinceC( q) L0 i=0(D Hi L0), d d (8) N (C) ≤ ( − r)(q +1)+r ≤ ( − r)(q +1)+r. q t 2 Since d d (d − 1)q +1− ( − r)(q +1)+r = rq +( − 1)(q − 1) > 0, 2 2 (8) is bounded by (d − 1)q +1. Therefore we may assume that C is absolutely irreducible, which is the case we already considered in Theorem 1.1.

5. Asymptotic behavior In this section, we introduce an analogue of Ihara’s constant3 A(q).

3We use this terminology after [6, 7.1.1].

BOUND ON THE NUMBER OF POINTS OF A CURVE 109

Notation . C˜i F F 5.1 d( q) denotes the set of irreducible curve over q of degree d in a projective space of some dimension, modulo Fq-isomorphisms. Remark . C˜i F 5.2 The set d( q) consists of finitely many elements. In fact, any ∈ C˜i F Ps ≤ F member C d( q) can be embedded into with s d over q as a degree d curve. Just to make sure the italicized statement above, we give its proof. For a r s r degree d curve C over Fq in P , the minimal linear subspace P of P containing C is defined over Fq as we saw in the first paragraph of the proof of Theorem 1.1. s By the minimality of P ,thereares + 1 points over the algebraic closure of Fq on C such that these s +1 pointsspan Ps. Since any s points never span Ps,there is a hyperplane H of Ps such that the number of C ∩ H is finite and is at least s. Hence d =degC ≥ s. Definition . ˜ i { | ∈ C˜i F } 5.3 Let Mq(d):=max Nq(C) C d( q) ,whichmakessense C˜i F because of the finiteness of d( q). The quantity ˜ i D(q) := lim sup Mq(d)/d d→∞ ˜ i measures the asymptotic behavior of Mq(d). We don’t know yet the exact value of D(q) for any q. Here we state just an observation. Proposition 5.4. 1 A(q) ≤ D(q) ≤ q. 2 Proof. ˜ i ≤ − ≤ Since Mq(d) (d 1)q + 1 by Theorem 1.1, we have D(q) q.Let Nq(g) be the maximum number of Fq-points on a nonsingular curve of genus g. By definition, A(q) = lim supg→∞ Nq(g)/g. It is known that A(q) > 0 by Serre (for more and precise information on the Ihara’s constant, see [9, Chap. 3]). For any hyperelliptic curve C over Fq, Nq(C) ≤ 2q + 2. Hence, for most g’s, Nq(g)is g−1 achieved by a nonhyperelliptic curve, which can be embedded into P over Fq as adegree2g − 2 curve. Therefore 1 lim sup Nq(g)/(2g − 2) = A(q) g→∞ 2 is a lower bound for D(q).

References 1. J. W. P. Hirschfeld, Projective geometries over finite fields (second edition), Oxford University Press, Oxford, 1998. MR1612570 (99b:51006) 2. J. W. P. Hirschfeld, G. Korchmáros and F. Torres, Algebraic curves over a finite field, Princeton Univ. Press, Princeton and Oxford, 2008. MR2386879 (2008m:14040) 3. M. Homma and S. J. Kim, Around Sziklai’s conjecture on the number of points of a plane curve over a finite field, Finite Fields Appl. 15 (2009), 468-474. MR2535590 (2010h:11101) 4. M. Homma and S. J. Kim, Sziklai’s conjecture on the number of points of a plane curve over a finite field II, in: G. McGuire, G.L. Mullen, D. Panario, I.E. Shparlinski (Eds.), Finite Fields: Theory and Applications, in: Contemp. Math., vol. 518, AMS, Providence, 2010, 225–234. MR2648551 (2011h:14027) 5. M. Homma and S. J. Kim, Sziklai’s conjecture on the number of points of a plane curve over a finite field III, Finite Fields Appl. 16 (2010) 315–319. MR2678619 (2011h:14028) 6. H. Stichtenoth, Algebraic function fields and codes (second edition), GTM 254, Springer- Verlag, Berlin and Heidelberg, 2008. MR2464941 (2010d:14034)

110 MASAAKI HOMMA

7. K.-O. Stöhr and J. F. Voloch, Weierstrass points and curves over finite fields, Proc. London Math. Soc. (3) 52 (1986) 1–19. MR812443 (87b:14010) 8. P. Sziklai, A bound on the number of points of a plane curve, Finite Fields Appl. 14 (2008) 41–43. MR2381474 (2008k:14054) 9. M. Tsfasman, S. Vlˇadut¸ and D. Nogin, Algebraic geometric codes: Basic notions, SURV 139, AMS, Providence, 2007.

Department of Mathematics, Kanagawa University Yokohama 221-8686, Japan E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11524

Designs in Projective Hjelmslev Spaces

Michael Kiermaier and Ivan Landjev

Abstract. In this paper, we define analogs of designs in the Grassmanian of n all submodules of given shape in the free module RR ,whereR is a finite chain ring. We consider τ-designs for τ =(m, 0,...,0). Such designs are equivalent to spreads in projective Hjelmslev geometries. We give examples of line spreads in which no two lines are neighbours in the 3-dimensional Hjelmslev geometries over the chain rings with four and nine elements. We prove that non-trivial line spreads exist in all 3-dimensional projective Hjelmslev geometries over a commutative chain ring R. We give a necessary and sufficient condition for the existence of spreads of Hjelmslev subspaces. We prove that in case of spreads of non-free subspaces, this necessary condition is not sufficient.

1. Introduction m ∼ Let R be a finite chain ring with |R| = q , R/ Rad R = Fq.Foragivenpositive integer n,letκ =(κ1,...,κn) be a non-increasing sequence of non-negative integers of length n: m ≥ κ1 ≥ κ2 ≥ ...≥ κn ≥ 0. G(l) G(r) n We denote by R (n, κ)(resp. R (n, κ)) the set of all submodules of RR (resp. n RR)ofshapeκ. This set is often referred to as the Grassmanian of all submodules n G(l) G(r) opp of RR of shape κ. It is clear that R (n, κ)= Ropp (n, κ), where R denotes the opposite ring to R. These two sets coincide for commutative rings. In what follows, we shall be confined to left modules and will drop the superscript from the notation. In the last decade there has been increased interest in analogs of designs due to some applications of such designs in coding theory [9] and the nice generalizations of several classical combinatorial results [4, 7, 13]. Analogs of designs are interesting in their own right since they are a generalization of important combinatorial structures [3, 8]. In this paper we consider chain ring analogs of designs. Many results about classical designs generalize also for the chain ring analogs we define, but there are

2010 Mathematics Subject Classiﬁcation. Primary 51C05, 51E23, 51E05; Secondary 05B25, 05B30, 16P10. Key words and phrases. projective Hjelmslev spaces, chain rings, q-analogs of designs, R- designs, spreads, covering designs, Turan designs. The research of the ﬁrst author has been supported by Deutsche Forschungsgemeinschaft under Grant No. WA 1666 4/2. The research of the second author has been supported by the Strategic Development Fund of the New Bulgarian University.

c 2012 American Mathematical Society 111

112 MICHAEL KIERMAIER AND IVAN LANDJEV also some diﬀerences. We start with several deﬁnitions. In all of them n and l are non-negative integers and τ,κ are non-decreasing sequences of length n with ≤ ≤ ≤ ≤ τ κ (m,...,m ). Here τ κ means that τi κi for all i =1,...,n. n Definition 1. A τ − (n, κ, l) R-design is a collection D of elements from GR(n, κ) such that each element of GR(n, τ) is contained in exactly l elements of D. In case of l =1,D is called a Steiner system SR(τ,κ,n).

Definition 2. An R-covering design CR(n, κ, τ) is a collection C of elements from GR(n, κ) such that each element of GR(n, τ) is contained in at least one element of GR(n, κ).

Definition 3. An R-Turan design TR(n, κ, τ) is a collection of elements from GR(n, τ) such that each element of GR(n, κ) contains at least one element of T . The paper is structured as follows. In Section 2 we present some well-known facts on the structure of finitely generated modules over finite chain rings. We give a formula for the number of submodules of given shape μ contained in a module of shape λ. In Section 3 we define projective Hjelmslev geometries and give some facts explaining the structure of these geometries. In Section 4 we prove simple connections between the combinatorial objects discussed in the paper. In Section 5 we consider τ-designs with τ =(m, 0,...,0). Such designs are equivalent to spreads in projective Hjelmslev geometries. They can be viewed as analogs of the classical 1-designs. We prove that there exist non-trivial τ-designs by adapting a familiar construction from the classical projective geometry. In Section 6 we prove that for some types λ of subspaces that are not Hjelmslev subspaces, the necessary condition for the existence of a λ-spread is not sufficient. We end up with posing some open problems.

2. Modules over Finite Chain Rings Let R be a finite chain ring of nilpotency index m with residue field of order q. The following theorem gives the general representation of such chain rings (cf. [2, 15, 16]). Theorem 1. Suppose R is a finite chain ring of nilpotency index m, characteristic ps, and residue field of order q.LetS =GR(qs,ps). Then there exist unique integers k, t satisfying m =(s − 1)k + t, 1 ≤ t ≤ k (k = t = m if s =1), an automorphism σ ∈ Aut S and an Eisenstein polynomial (not necessarily unique) g(X) ∈ S[X; σ] of degree k such that ∼ s−1 t R = S[X; σ]/(g(X),p X ). By an Eisenstein polynomial we mean a polynomial g(X) from the skew polynomial k k−1 ring S[X; σ] which is of the form g(X)=X + p(gk−1X + ... + g0),with ∗ g0 ∈ S \ pS = S . Now let M be a finite left module over the ring R. The structure of any finite module over the chain ring R is given by the following theorem (cf. [6]).

Theorem 2. For every ﬁnite module RM there exists a uniquely determined $ | | ≤ ≤ partition λ =(λ1,...,λk) logq M , 0 λi m, such that

∼ λ1 λk (1) RM = R/(Rad R) ⊕ ...⊕ R/(Rad R) .

DESIGNS IN PROJECTIVE HJELMSLEV SPACES 113

Denote by λ the conjugate partition to λ. The partitions λ and λ are called the shape and the conjugate shape of RM. The integer k = λ1 is called the rank of RM and the integer λm is called the free rank of2RM. A module RM is said to k λi be of shape λ =(λ1,...,λk)ifitisisomorphicto i=1 R/(Rad R) . Aset{x1,...,xs} of elements of RM is said to be independent if a1x1 + ...+ asxs =0,aj ∈ R, implies aj xj = 0 for all j.Theset{x1,...,xs} is said to be linearly independent if a1x1 + ...+ asxs =0,aj ∈ R, implies aj =0forallj.A basis of RM is an independent set {x1,...,xk} of generators of RM.Thiscanbe expressed as

M = Rx1 ⊕ ...⊕ Rxk.

It is known that an n-dimensional vector space over the finite field Fq has exactly ! n (qn − 1)(qn−1 − 1) ...(qn−k+1 − 1) = k − k−1 − − k q (q 1)(q 1) ...(q 1) k-dimensional vector subspaces. A similar counting formula holds true for modules over finite chain rings. Let RM be a module of shape λ and U ≤ RM be a submodule of shape μ.The conjugate partitions λ,μ are related by μ ≤ λ which is equivalent to μ ≤ λ.The next theorem is our main counting tool. For the special case of R = Zm it is known from [1]. For the case of general R we refer to [14].

Theorem 3. Let RM be a module of shape λ. For every partition μ satisfying μ ≤ λ the module RM has exactly ! ! ∞ − λ μ (λ −μ ) λi μi+1 (2) := q i+1 i i · μ μ − μ q i=1 i i+1 q submodules of shape μ. In particular, the number of free rank s submodules of RM equals ! s(λ −s)+...+s(λ −s) λm q 1 m−1 · . s q Remark 2.1. In (2) we transform the finite sequences λ, μ into infinite sequences by completing them with zeros. Nevertheless the product in (2) contains only a finite number of elements that are not equal to 1. Corollary . ≥ ≥ 4 Let m =(m,...,m ) and let μ =(μ1,...,μn),wherem μ1 n ...≥ μ ≥ 0.Then n ! ! m m = , μ q μ q where μ =(m − μn,...,m− μ1).

Remark 2.2. The formula in Corollary 4 can be viewed as analogue of the n n usual binomial identity k = n−k .

114 MICHAEL KIERMAIER AND IVAN LANDJEV

3. Projective Hjelmslev Spaces m ∼ n Consider again a chain ring R with |R| = q , R/ Rad R = Fq.SetM = RR and M ∗ = M \ θM,whereθ is any generator of Rad R.LetP = {Rx | x ∈ M ∗}, and L = {Rx + Ry | x, y linearly independent} be called the set of points and the set of lines, respectively, with incidence I given by set-theoretical inclusion. Two points Rx and Ry are called i-neighbours if Rx ∩ Ry ≤ θiM, i ∈{0,...,m}.Two lines K and L are i-th neighbours if for every point x on K there is a point y on L which is an i-th neighbour to x, and conversely, for every point y on L there is a point x on K which is an i-th neighbour to y. Wedenotetherelationi-th neighborhood by i. Clearly i is an equivalence relation on P as well as on L. The incidence structure (P, L,I), together with the m + 1 neighbourhood relations i defined above, is called a left projective Hjelmslev space over the chain ring n R and is denoted by PHG(RR ). n AsetofpointsH in Π = PHG(RR ) is called a Hjelmslev subspace if for any two points x, y ∈ H there is at least one line incident with x and y which is entirely contained in H. Equivalently, the pointset H is an Hjelmslev subspace if it n contains all free rank 1 submodules in a free submodule of RR . The intersection of Hjelmslev subspaces is not necessarily a Hjelmslev subspace. A nonempty set of points S in Π is called a subspace if it contains all points (free rank 1 submodules) n in any (not necessarily free) submodule of RR . The intersection of two subspaces n of RR is again a subspace. The neighbor relations i defined above can be extended to any two Hjelmslev spaces of the same dimension in an obvious way. A subspace consisting of the points in a submodule of type λ is called a subspace of type λ. n The next theorems explain the structure of PHG(RR )=(P, L,I). Denote by (i) (i) P (resp. L ) the equivalence classes on P (resp. L) with respect to i. Define the incidence relations I(i) ⊆P(i) ×L(i) by (X, Y ) ∈ I(i) ⇔∃x ∈ X, ∃L ∈ Y :(x, L) ∈ I. Theorem 5. The incidence structure (P(i), L(i),I(i)) is isomorphic to the pro- i n (1) (1) (1) jective geometry PHG(R/(Rad R)i (R/(Rad R) ) ).Inparticular,(P , L ,I ) is isomorphic to PG(n − 1,q). n Fix a Hjelmslev subspace Σ in PHG(RR ),andanintegerj with 0

P = {Δ ∩ [x]m−j | x ∈Pj (Σ), Δ iΣ, Δ ∩ [x]m−j = ∅}.

Apoint˜x =Δ∩ [x]m−j ∈ P is said to be incident with the line L ∈Liﬀ Δ ∩ n [x]m−j ∩ L = ∅.DenotebyL the set of the lines in PHG(RR )whichcontainat least on point from P and by J the incidence relation explained above. With this notation, we have the following theorem. Theorem 6. The incidence structure (P, L, J) can be embedded isomorphically m−j n into PHG(R/(Rad R)m−j (R/(Rad R) ) ). The missing part consists of the points of an (n − k − 2)-dimensional Hjelmslev subspace. In the special case where Σ is a point, the missing part is a plane. Thus the j-th neighbour classes of points carry the structure of an aﬃne geometry over

DESIGNS IN PROJECTIVE HJELMSLEV SPACES 115

j n R/(Rad R) . For a more detailed discussion of the structure of PHG(RR ) we refer to [6, 10, 11] and the references there.

4. Relations between the R-designs ⊆G(l) ⊥ { ⊥ | ∈ } ⊥ For a set of submodules S R (n, κ), let S = X X S where X ⊥ ⊆G(r) denotes the orthogonal complement of X. Clearly, S R (n, κ), where κ = (m − κn,...,m− κ1). Theorem . G(l) 7 S is an R-covering design CR(n, κ, τ) in R (n, κ) if and only if ⊥ G(r) S is an R-Turan design TR(n, τ,κ) in R (n, κ). Proof. ⊆G(l) ∈ Let S R (n, κ) be a covering design CR(n, κ, τ). For any Y G(r) ⊥ G(l) (n, τ), Y is a submodule from R (n, τ). Hence there exists an element X ⊥ ⊂ ⊥ ⊂ ⊥ ∈G(r) from S with Y X. This implies that X Y ,whereX R (n, κ). In other G(r) ⊥ words, each submodule Y from R (n, τ)containsatleastonesubmodulefromS ⊥ and thus S is a Turan design TR(n, τ,κ). The other direction of the theorem is proved similarly.

The following theorem is a straightforward necessary condition for the existence of τ − (n, κ, l)-designs. Theorem 8. If there exists a τ − (n, κ, l)-design D then 3 4 m | | · 3τ4 q D = l κ . τ q 3 4 3 4 · m κ In particular, l τ q is divisible by τ q. Proof. The theorem is proved by double counting the ﬂags (X, Y ), where n n X ∈ D is a submodule of RR of shape κ and Y is a submodule of RR of shape τ contained in X.

Theorem 9. Let S be an R-covering design CR(n, κ, τ).Then 3 4 m | |≥ 3τ4 q S κ . τ q 3 4 Proof. Each submodule of shape κ covers κ submodules of shape τ.On 3 4 τ q m n the other hand, there are exactly τ q submodules of shape τ in RR , hence the result.

5. Spreads The simplest designs arise for τ =(m, 0,...,0). They can be considered as analogs of the 1-designs in the classical case. In geometry such designs are known as spreads.

n Definition 4. Let Π = PHG(RR ) and let λ =(λ1,...,λn) be a partition. A λ-spread of Π is a set S of subspaces of type λ that form a partition of the point set of Π.

116 MICHAEL KIERMAIER AND IVAN LANDJEV

In the special case when λ =(m,...,m , 0,...,0), we speak of spreads by r- r+1 dimensional Hjelmslev subspaces, or simply r-spreads. As in the classical projective spaces, for r-spreads the necessary condition given by Theorem 8 is also sufficient [12]. m ∼ Theorem 10. Let R be a chain ring with |R| = q , R/ Rad R = Fq.There n+1 exists a spread S of r-dimensional Hjelmslev subspaces of PHG(RR ) if and only if r +1 divides n +1. Proof. The “only if”-part is straightforward. Assume that r + 1 divides n +1 ∼ − and let l be determined by n+1=(r+1)(l+1). Assume R = S[X; σ]/(g(X),ps 1Xt) for some Eisenstein polynomial g(X)ofdegreek,wherem =(s − 1)k + t (cf. The- orem 1). Consider an extension T of S of degree r + 1, i.e. T = S[Y ]/(f(Y )) for some polynomial f(Y )ofdegreer + 1 which is irreducible modulo p. Clearly, ∼ T = GR(qs(r+1),ps). s−1 t σ Now consider the ring Rr+1 = T [X; σ]/(g(X),p X ), where αX = Xα for every α ∈ T . It is a free module of rank r +1overR. Thus every element b from Rr+1 canbewrittenas r b = b0 + b1Y + ...+ brY ,bi ∈ R. l+1 From this point on, we can complete the proof as in [12]. We have that Rr+1 and n+1 n+1 R are isomorphic as modules over R. Thus each point of PHG(RR )canbe represented by an (l + 1)-tuple of elements from Rr+1. Conversely, every (l +1)- tuple over Rr+1 that has at least one coordinate which is a unit, can be viewed as l+1 apointinPHG(Rr+1). Let γ =(γ0,...,γl) be a non-torsion vector over Rr+1 and assume that γ0 is a unit. The choice of the unit component in γ is not essential. Consider the system * * * −γ1x0 +γ0x1 =0 * * −γ2x0 +γ0x2 =0 (3) * . * .. . * . = . * −γlx0 +γ0xl =0 l+1 The solutions of (3) form a free submodule of rank 1 in Rr+1. This rank one submodule can be considered as a free submodule of rank r +1 in Rn+1, i.e. an r-dimensional Hjelmslev subspace. It is easily checked that two rank r + 1 submod- n+1 l+1 ules of RR obtained from different rank 1 submodules of RRr+1 do not have a common non-torsion vector. Hence the Hjelmslev subspaces represented by them n+1 form a partition of the point set of PHG(RR ) and hence a spread. Inspecting the proof, we note that the r-dimensional Hjelmslev subspaces ob- l+1 tained from neighbor points γ,δ from PHG(Rr+1) are also neighbors. Thus the spreads obtained by the construction in the proof above have the following property: their image under the natural epimorphism η : R → R/ Rad R consists of q(n−r)(m−1) copies of the same spread in PG(n, q). Let us look at this more closely. It is easily checked that some of the modules that are associated with the Hjelmslev subspaces from the spread do not meet trivially (unlike in the finite field case). In fact, the requirement that the Hjelmslev subspaces in the spread partition the point set of the geometry says in module language that the intersection of any two submodules from the spread does not

DESIGNS IN PROJECTIVE HJELMSLEV SPACES 117 contain a free submodule. An important question is whether there exist “nontrivial” spreads whose image under the natural epimorphism is not a multiple of the same r-spread in PG(n, q). We are going to prove that for n =3,r = 1 non-trivial spreads do exist in the projective Hjelmslev geometries over commutative chain rings. The idea is to use the construction of new spreads by switching the lines in a regulus in a given spread. This classical construction for the projective geometries PG(3,q)canbe adapted with some changes for projective Hjelmslev geometries over commutative chain rings. Until the end of the section, let R be a commutative chain ring with |R| = q2, ∼ R/ Rad R = Fq. 4 Lemma 11. Let L1 and L2 be two lines in PHG(RR ), such that [L1] and [L2] are skew in the factor-geometry. For every point x which is not a neighbour to L1 and to L2 there exists a unique line through x which meets both L1 and L2.If[L1], [L2],and[L3] are neighbour classes of lines that are skew in the factor-geometry 4 then there exist exactly q(q +1) lines in PHG(RR ) meeting each one of L1, L2 and L3.

Proof. Obvious. Project the lines L1 and L2 from x onto an arbitrary plane which does not contain x. 4 Definition 5. Let L1,L2,L3 be three lines in PHG(RR ), such that any two of [L1], [L2]and[L3] are skew in the factor-geometry. The set of the q(q +1) transversals of L1,L2 and L3 is called a regulus. ∼ Lemma 12. Let R be a commutative chain ring with R/ Rad R = Fq, q>2. { } { } 4 Let L1,L2,L3,L4 and L1,L2,L3,L4 be two sets of lines in PHG(RR ), such { } { } that any two lines in the set [L1], [L2], [L3], [L4] or [L1], [L2], [L3], [L4] are skew in the factor-geometry. If ﬁfteen of the sixteen line pairs Li,Lj meet then the last pair also does meet. Proof. The proof repeats the steps in the proof of Theorem 15.3.2 from [5]. Eventually one gets that L4 is incident with the point (1,a,b,ab) while L4 is incident with (1,a,b,ba). These two points coincide since R is commutative. Consider the set of all points P incident with the q(q + 1) lines of a regulus. By Lemma 12, P can be represented as the union of the points of q(q + 1) skew lines ∪q(q+1) ∪q(q+1) in two diﬀerent ways, i.e. P = i=1 Li = i=1 Li. If there exists a trivial line spread with a regulus R = {L1,...,Lq(q+1)} then we can reverse this regulus, i.e. replace the lines L1,...,Lq(q+1) by the lines L1,...,Lq(q+1), and the result will be 4 a non-trivial spread. We are going to construct a trivial spread in PHG(RR ) with a regulus from a regular line spread in PG(3,q). 4 For a point x (resp. a line L)inPHG(RR ), we denote by [x](resp.[L]) the set of all points (resp. lines) that are neighbors to x (resp. L). Fix a spread S = {[L1],...,[Lq2+1]} in the factor geometry (which is isomorphic to PG(3,q)) with a regulus T = {[L1],...,[Lq+1]}. Fix a line, Li say, in each of the neighbor classes from T . Fix points xi ∈ L1, i =1,...,q+ 1, in each of the point classes meeting L1.DenotebyLi the unique line (Lemma 11) through xi that meets L2 and L3, i =1,...,q+1. By Lemma 12, every line Li meets every line Lj , i, j =1,...,q+1. Clearly, the neighbor classes of lines [L1],...,[Lq+1] are transversal to the lines in T and form a regulus in the factor geometry.

118 MICHAEL KIERMAIER AND IVAN LANDJEV

∈ ∈ Let y [x1], y = x1, y L1. There exists a unique line M through y which meets L2 and L3. By Lemma 12 M meets also each of the lines L4,...,Lq+1. Furtherwehave[L]=[M]; otherwise there would be two transversals through [x1] ∈ ∩ to [L1],...,[Lq+1] in the factor-geometry. Consider two points y1,y2 L1 [x1] with y1 = y2.DenotebyM1 (resp. M2) the transversal to L2 and L3 through y1 (resp. y2). The lines M1 and M2 do not meet; if we assume that t = M1 ∩ M2 then there exist two transversals to the lines {Li} through the same point, which is impossible. Now it is clear that the set of all transversals to the lines from 4 {Li | i =1,...,q+1} forms a regulus T in PHG(RR ). Analogously, the set of all { | } T transversals to the lines from Li i =1,...,q+1 forms another regulus in 4 PHG(RR ) which contains the same points as the lines in T . Now we are going to construct a spread containing the lines from T .Consider the set T1 consisting of the lines from T containedin[L1]. Recall that [L1]hasthe structure of PG(3,q) with one line deleted, L∞ say. Thus T1 ∪ L∞ forms a regulus in the geometry on [L1]∪L∞ isomorphic to PG(3,q). This regulus can be extended to a spread in [L1]∪L∞ (since we know that for each q there exists a regular spread in PG(3,q)). Repeating this procedure for every line class in T wegetasetofskew 4 lines in PHG(RR ) that contains the regulus T . In order to obtain a spread, it remains to take lines from the classes in S \ T . Each of these classes is isomorphic to PG(3,q) minus a line and these line can be chosen trivially as a spread in PG(3,q) from which one line is deleted. Thus we 4 constructed a spread in PHG(RR ) with a regulus. Now the existence of non-trivial spreads follows almost automatically. ∼ Theorem 13. Let R be a commutative chain ring with |R| = q2 and R/ Rad R = 4 Fq. Then the projective Hjelmslev geometry PHG(RR ) contains non-trivial spreads. Proof. It is known that regular spreads do exist in every geometry PG(3,q). 4 By the above construction we obtain a trivial spread with a regulus in PHG(RR ). Reversing the lines in the regulus, we obtain a non-trivial spread. Hence non-trivial 4 line spreads exist in every geometry PHG(RR ) over a commutative ring R.

Now we require that the intersection of any two submodules in the spread is as small as possible. This is certainly achieved for a spread in which every two lines are non-neighbors. It is an important open question whether spreads with this property do exists for all 3-dimensional Hjelmslev geometries. We were able to construct by computer such spreads in the 3-dimensional Hjelmslev geometries over the chain rings with four and nine elements. For the four element rings, such spreads are given in Tables 1 and 2. In the case of nine element rings, a spread already consists of 90 lines, so we decided not to list the elements explicitly.

6. The Nonexistence of Some Spreads of Non-free Submodules In this section we turn to spreads of subspaces that are not necessarily Hjelmslev subspaces. In other words, we want to cover all free rank 1 submodules by non-free submodules of the same shape λ in such way that the intersection of any two of them does not contain a free submodule. It turns out that in this case the usual necessary divisibility condition given by Theorem 8 is not suﬃcient.

DESIGNS IN PROJECTIVE HJELMSLEV SPACES 119

Table 1. Z4 AspreadinPHG( 4) whose elements are pairwise non-neighbors

(1, 0, 0, 1), (0, 1, 2, 1)(2, 1, 0, 3), (0, 0, 1, 1) (1, 0, 2, 0), (0, 1, 2, 1)(0, 0, 1, 0), (2, 2, 0, 1) (0, 1, 0, 3), (2, 0, 1, 0)(1, 0, 2, 3), (0, 1, 1, 3) (1, 0, 0, 2), (0, 2, 1, 0)(1, 0, 0, 0), (0, 1, 0, 0) (1, 0, 0, 3), (0, 1, 1, 0)(1, 0, 1, 0), (0, 0, 2, 1) (1, 3, 0, 2), (0, 2, 1, 2)(1, 3, 3, 0), (0, 2, 0, 1) (1, 0, 3, 0), (0, 1, 2, 2)(1, 1, 0, 2), (0, 2, 1, 1) (0, 1, 3, 0), (0, 0, 0, 1)(1, 0, 1, 1), (0, 1, 1, 2) (1, 2, 0, 2), (0, 0, 1, 3)(1, 0, 3, 2), (0, 1, 1, 1) (1, 0, 2, 1), (0, 1, 2, 0)(1, 0, 1, 3), (0, 1, 0, 2)

2 4 Table 2. AspreadinPHG(F2[X]/(X ) ) whose elements are pairwise non-neighbors

(1, 0, 0, 1), (0, 1,X,1)(1, 0,X,0), (0, 1, 0, 1) (1, 1+X, 0,X), (0, 0, 1, 1)(1, 0, 0,X), (0,X,1, 0) (1, 0, 0, 0), (0, 1, 0, 0)(1, 0, 0, 1+X), (0, 1, 1, 0) (X, 0, 1, 0), (X, X, 0, 1)(1, 1+X, 1, 0), (0,X,X,1) (1, 1, 0,X), (0, 0, 1,X)(1, 0, 1, 1), (0, 1, 1+X, X) (X, 1, 0, 1+X), (X, 0, 1, 1)(X, 1, 1+X, 0), (0, 0,X,1) (1, 0,X,1+X), (0, 1, 1+X, 1)(1, 0, 1, 0), (0, 1,X,X) (1,X,0,X), (0, 0, 1, 1+X)(1, 0, 1+X, 0), (0, 0, 0, 1) (0, 1, 0, 1+X), (0, 0, 1, 0)(1, 0,X,1), (0, 1,X,0) (1, 0, 1,X), (0, 1, 1, 1)(1, 0, 1, 1+X), (0, 1, 0,X)

Theorem 14. Let R be a chain ring of nilpotency index 2.Letn ≥ 4 be even n and Π=PHG(RR ).Thereexistsnoλ-spread of Π for λ =(2,..., 2, 1,..., 1, 0). n/2 n/2−1 Proof. Assume that S is a λ-spread of Π. We count in two diﬀerent ways the number of pairs (S, [H]), where S ∈Sand [H] is a neighbour class of hyperplanes with S ⊂ [H]. We have that 3 4 qn−1 n 1 q n/2 |S| = 3 n 4 = q(q +1). n−2 2 q 1 q Since a neighbor class [H] is a subspace of type μ =(2,... 2, 1),wehavebyTheo- n−1 rem 3 that S is contained in (qn/2 − 1)/(q − 1) classes [H]. So, the number of such pairs is q(qn − 1)/(q − 1). Each hyperplane meets a neighbor class of points in qn−2 points, i.e. |H ∩[x]| = 0orqn−2. By Theorem 6, [x] has the structure of AG(n − 1,q)andH ∩ [x]isa hyperplane in this geometry. Each hyperplane in [x] parallel to H ∩ [x] belongs to a subspace from the spread that is contained entirely in [H]. The structure consisting of the “points” G ∩ [x] = ∅, G ∈ [H], with the usual incidence is isomorphic to the dual of AG(n − 1,q). In other words, it is isomorphic to PG(n − 1,q) with one point deleted. Call this extra point z.

120 MICHAEL KIERMAIER AND IVAN LANDJEV

n − − The “points” contained in S form a subspace of dimension 2 1inPG(n 1,q). Furthermore, z,S is a n/2-dimensional subspace in PG(n−1,q). Consider another subspace T in S. Assume T containstwo“points”fromz,S.Thenitcontainsa line in z,S, and hence there exists a “point” contained in both S and T .Thisis a contradiction since S and T belong to S and do not meet. Now let us count the number of subspaces of type λ containedin[H]. These include S and one subspace for each “point” of z,S\({z}∪S). This makes a total of qn/2 − 1 qn/2 − 1 1+q − = qn/2 q − 1 q − 1 subspaces. So this is a partial spread of PG(n − 1,q) containing one subspace less than a full spread. But such a partial spread can always be completed to a spread. So a neighbour class of hyperplanes [H] contains either qn/2 or 0 subspaces from S. It follows that qn/2 divides |S|, a contradiction to n ≥ 4. By this theorem, it follows, in particular, that there exists no λ-spread of 4 PHG(RR ) with λ =(2, 2, 1, 0).

7. Open Problems Weendupwithsomeopenproblems: 4 (1) Does there exist a line spread of PHG(RR ) consisting of lines no two of which are neighbours? Here R is an arbitrary chain ring. The answer is yes for the 2 2 chain rings with four and nine elements: Z4, F2[X]/(X ), Z9, F3[X]/(X ). (2) Find a necessary and sufficient condition for the existence of a λ-spread in n PHG(RR ) for arbitrary λ. n (3) If a κ-spreadinPHG(RR ) does not exist, find the smallest l for which there exists a τ − (n, κ, l)-design. Here τ =(m, 0,...,0). (4) Do there exist Steiner systems in GR(n, κ)? This question is probably difficult. It is still open for the q-analogs of designs in the classical projective spaces. (5) What is the smallest possible l such that there exists a τ − (n, κ, l)-design with ≤ τ =(m, 0,..., 0), κ =(2,..., 2, 1,..., 1, 0). It is easily checked that l q.By n−1 n/2 n/2−1 Theorem 14 it holds that l>1, hence we have so far that 2 ≤ l ≤ q.

Acknowledgements The authors thank the reviewers for their critical reading of the manuscript and the valuable remarks.

References [1] G. Birkhoﬀ, Subgroups of abelian groups, Proc. of The London Math. Society 38(2)(1934/35), 385–401. MR1576323 [2] W. E. Clark, D. A. Drake, Finite chain rings, Abh. Math. Sem. der Univ. Hamburg 39(1974), 147–153. MR0332875 (48:11200) [3] T. Etzion, A. Vardy, On q-analogs for Steiner systems and covering designs, Advances in Math. of Comm. 5(2011), 161–176. MR2801584 [4] P. Frankl, R. M. Wilson, The Erd¨os-Ko-Rado theorem for vector spaces, J. Comb. Theory Ser. A 43(1986), 228–236. MR867648 (87k:05005) [5] J. W. P. Hirschfeld, Finite Projective Geometries in Three Dimensions, Clarendon Press, Oxford, 1985. MR840877 (87j:51013)

DESIGNS IN PROJECTIVE HJELMSLEV SPACES 121

[6] Th. Honold, I. Landjev, Linear Codes over Finite Chain Rings and Projective Hjelmslev Geometries, in: Codes over Rings (ed. P. Solé), World Scientific, 2009, 60–123. MR2850302 [7] W. N. Hsieh, Intersection theorems for systems of finite vector spaces, Discrete Math. 12(1975), 1–16. MR0382015 (52:2903) [8] A. Kendziorra, S. E. Schmidt, Network coding with modular lattices, http://arxiv.org/abs/1009.0682v1. MR2864579 [9] R. Koetter, F. R. Kschischang, Coding for errors and erasures in random network coding, IEEE Trans. Inf. Th. 54(2008), 3579–3591. MR2451015 (2009h:94213) [10] A. Kreuzer, Hjelmslev-Räume, Resultate der Mathematik 12(1987), 148–156. MR911468 (88i:51007) [11] A. Kreuzer, Projektive Hjelmslev-Räume, Dissertation, technische Universität München, 1988. MR911468 (88i:51007) [12] I. Landjev, Spreads in Projective Hjelmslev Geometries, Lect. Note in Comp. Science 5527(2009), 186–194. MR2580867 (2011g:51010) [13] J. H. van Lint, R. M. Wilson, A Course in Combinatorics, Cambridge University Press, 1992. MR1207813 (94g:05003) [14] I. G. MacDonald, Symmetric Functions and Hall Polynomilas, Oxford University Press, 2nd edition, 1995. MR1354144 (96h:05207) [15] B. R. McDonald, Finite rings with Identity, Marcel Dekker, New york, 1974. MR0354768 (50:7245) [16] A. A. Nechaev, Finite principal ideal rings, Russian Acad. of Sciences, Sbornik Mathematics 2091973), 364–382.

Mathematisches Institut, Universitat¨ Bayreuth, D-95540 Bayreuth, Germany E-mail address: [email protected] Department Informatics, New Bulgarian University, 21 Montevideo str., 1618 Sofia, Bulgaria E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11525

On the nuclei of a ﬁnite semiﬁeld

Giuseppe Marino and Olga Polverino

Abstract. In this paper we collect and improve the techniques for calculating the nuclei of a semiﬁeld and we use these tools to determine the order of the nuclei and of the center of some commutative presemiﬁelds of odd characteristic recently constructed.

1. Introduction Semifields are algebras satisfying all the axioms for a skewfield except (possibly) associativity of the multiplication. From a geometric point of view, semifields coordinatize certain translation planes (semifield planes) which are planes of Lenz– Barlotti class V (see, e.g., [16, Sec. 5.1]) and, by [1], the isomorphism relation between two semifield planes corresponds to the isotopism relation between the associated semifields. The first example of a finite semifield which is not a field was constructed by Dickson about a century ago in [19], using the term nonassociative division ring. These examples are commutative semifields of order q2k and they exist for each q an odd prime–power and for each k>1 odd. Since then and until 2008, the only other known families of commutative semifields of odd characteristic p, existing for each value of p, have been some Generalized twisted fields constructed by Albert in [2]. The relationship between commutative semifields of odd order and planar DO polynomials has given new impetus to construct new examples of such algebraic structures. Indeed in [33], [9], [6], [26], [7]and[34], several families of commutative semifields in odd characteristic have been constructed. In this paper we collect and improve the results of the last years on techniques for calculating the nuclei of a semifield and we use these tools to determine the order of the nuclei and of the center of the semifields presented in [33], [9]and[6]. From these results we are able to prove that, when the order of the center is larger than 3, the Zha–Kyureghyan–Wang presemifields and the Budaghyan–Helleseth presemifields of [7] are new. Precisely, each Zha–Kyureghyan–Wang presemifield [33]isnot isotopic to any Budaghyan–Helleseth presemifield [9] and both of them are not isotopic to any previously known presemifield. Also, using the same arguments we

2010 Mathematics Subject Classification. Primary 12K10, 51A40. Key words and phrases. Semifield, spread set, isotopy. This work was supported by the Research Project of MIUR (Italian Office for University and Research) “Geometrie su Campi di Galois, piani di traslazione e geometrie di incidenza”.

c 2012 American Mathematical Society 123

124 GIUSEPPE MARINO AND OLGA POLVERINO show that the Bierbrauer presemifields [6] are isotopic neither to a Dickson semifield, nor to a Generalized twisted field or to any of the known presemifields with center of order 3.

2. Isotopy relation and nuclei A finite semifield S =(S, +,) is a finite binary algebraic structure satisfying all the axioms for a skewfield except (possibly) associativity of multiplication. The subsets of S

Nl = {a ∈ S | (ab) c= a(bc), ∀b, c ∈ S},

Nm = {b ∈ S | (ab) c= a(bc), ∀a, c ∈ S},

Nr = {c ∈ S | (ab) c= a(bc), ∀a, b ∈ S} and

K = {a ∈ Nl ∩ Nm ∩ Nr | ab= ba,∀b ∈ S} are fields and are known, respectively, as the left nucleus, middle nucleus, right nucleus and center of the semifield. A finite semifield is a vector space over its nuclei and its center. If S satisfies all axioms for a semifield except, possibly, the existence of an identity element for the multiplication then we call it a presemifield. The additive group of a presemifield is an elementary abelian p–group, for some prime p called the characteristic of S. Two presemifields, say S =(S, +,)andS =(S, +,), with characteristic p, are said to be isotopic if there exist three invertible Fp-linear maps g1,g2,g3 from S to S such that g1(x) g2(y)=g3(xy) for all x, y ∈ S; the triple (g1,g2,g3)isanisotopism between S and S .Ineach isotopy class of a presemifield we can find semifields (see [23, p. 204]). The sizes of the nuclei as well as the size of the center of a semifield are invariant under isotopy; for this reason we refer to them as the parameters of S.Whereas,ifS is a presemifield, then the parameters of S will be the parameters of any semifield isotopic to it. If S =(S, +,) is a presemifield, then Sd =(S, +,d), where xd y = yxis a presemifield as well, and it is called the dual of S. For a recent overview on the theory of finite semifields see Chapter 6 [24] in the collected work [15].

Let S =(S, +,) be a presemifield having characteristic p and order pt.The set C { ∈ → ∈ | ∈ }⊂V = ϕy : x S xy S y S =EndFp (S) is the semifield spread set associated with S (spread set for short): C is an Fp- subspace of V of rank t and each non-zero element of C is invertible. If S is a semifield with identity element e,thenid = ϕe ∈Cand ϕy(e)=y for each y ∈ S. This implies that, if ϕy ◦ ϕz ∈C,then

(2.1) ϕy ◦ ϕz = ϕzy. It can be seen that, by translating the isotopy relation between presemiﬁelds in terms of the associated spread sets, just two maps of the triple (g1,g2,g3)are involved. Indeed

ON THE NUCLEI OF A FINITE SEMIFIELD 125

Proposition 1. [28, Prop.2.1] Let S1 =(S1, +, •) and S2 =(S2, +,) be two presemifields and let C1 and C2 be the corresponding spread sets. Then S1 S C C −1 and 2 are isotopic under the isotopism (g1,g2,g3) if and only if 2 = g3 1g1 = { ◦ ◦ −1| ∈ }1 g3 ϕy g1 y S1 . Proof. C { | ∈ } C { | ∈ } Let 1 = ϕy y S1 and 2 = ϕy y S2 . The necessary condition can be easily proven. Indeed, if (g1,g2,g3)isanisotopismbetweenS1 and S2, then g (ϕ (x)) = ϕ (g (x)) for each x, y ∈ S . Hence, ϕ = g ◦ ϕ ◦ g−1 3 y g2(y) 1 1 g2(y) 3 y 1 ∈ C { | ∈ for each y S1 and the statement follows taking into account that 2 = ϕy y S } = {ϕ | y ∈ S }. 2 g2(y) 1 C { ◦ ◦ −1| ∈ } Conversely, suppose that 2 = g3 ϕy g1 y S1 ,whereg1 and g3 are invertible Fp–linear maps from S1 to S2. Then the map g2, sending each element ∈ ∈ ◦ ◦ −1 ∈C y S1 to the unique element z S2 such that ϕz = g3 ϕy g1 (where ϕz 2), is an invertible Fp–linear map from S1 to S2. Hence, for each x, y ∈ S1 we get ϕ (x)=g (ϕ (g−1(x))), i.e. xg (y)=g (g−1(x) • y) and putting x = g−1(x) g2(y) 3 y 1 2 3 1 1 we have the assertion. Phrasing the study of presemifields in terms of the associated spread sets makes it possible to forego a concrete description of corresponding semifields. The following result generalizes [29, Thm. 2.1]. Theorem 1. Let S =(S, +,) be a presemifield of characteristic p and let C be the associated spread set of Fp–linear maps. Then (1) the right nucleus of each semifield isotopic to S is isomorphic to the largest N S V N S C⊆C field r( ) contained in =EndFp (S) such that r( ) ; (2) the middle nucleus of each semifield isotopic to S is isomorphic to the largest field Nm(S) contained in V such that CNm(S) ⊆C; (3) the left nucleus of each semifield isotopic to S is isomorphic to the largest ∗ ∗ ∗ field Nl(S) contained in V such that Nl(S)C ⊆C ,whereC is the spread set associated with the dual presemifield S∗ of S; (4) the center of each semifield isotopic to S is isomorphic to the largest field Kr,ω (S) contained in Nr(S) such that (2.2) ρ ◦ ϕ = ϕ ◦ (ω−1 ◦ ρ ◦ ω)

for all ρ ∈Kr,ω (S) and ϕ ∈C,whereω is a fixed invertible element of C. Equivalently, the center of each semifield isotopic to S is isomorphic to the largest field Km,σ(S) contained in Nm(S) such that (2.3) ϕ ◦ ρ =(σ−1 ◦ ρ ◦ σ) ◦ ϕ

for all ρ ∈Km,σ(S) and ϕ ∈C,whereσ is a fixed invertible element of C. Also, Km,σ(S) and Kr,ω (S) are conjugated fields. Proof. Let S =(S, +, •) be a semifield isotopic to S and let C and C be the C C −1 associated spread sets. Then by the previous proposition, = g3 g1 for some invertible Fp-linear maps from S to S.IfNr(S ) is the right nucleus of S ,thenfor ∈ ∈ N S ◦ each y S and for each z r( ), we have ϕz ϕy = ϕy•z. This implies that the ∈ N S → ∈N S { ∈ N S } map y r( ) ϕy r( )= ϕy : y r( ) is a field isomorphism. Also, for ∈C ∈N S ◦ ∈C N S each ϕy and ϕz r( ), we have ϕz ϕy .So, r( )isafieldcontained in V such that Nr(S )C ⊆C. On the other hand, if ϕ is an element of V such that

1Here ”◦” stands for composition of maps.

126 GIUSEPPE MARINO AND OLGA POLVERINO

◦ ∈C ∈C ∈C ∈ ϕ ϕy for each ϕy ,sinceid ,wegetϕ = ϕy¯ for somey ¯ S. Hence, ◦ ∈C ∈ N S ∈N S by (2.1), ϕy¯ ϕy = ϕy•y¯ . This impliesy ¯ r( ) and thus ϕ = ϕy¯ r( ). So Nr(S )isthemaximumfieldcontainedinV such that Nr(S )C ⊆C. Then, −1 −1 N S g3 N S V we have that r( ) := g3 r( )g3 is the maximum field contained in with − − g 1 g 1 respect to which Nr(S ) 3 C⊆C, i.e. Nr(S)=Nr(S ) 3 , and, clearly, Nr(S)is isomorphic to Nr(S ). This shows our claim in Case (1). The same arguments can − g 1 be used to prove point (2); in such a case we get that Nm(S)=Nm(S ) 1 . d d Now, noting that Nl(S )=Nr(S ), applying point (1) to S , we get point (3). K S S K S { ∈ K S } Finally, let ( ) be the center of and note that ( )= ϕy : y ( ) can be seen as the maximum subfield contained in Nr(S ) (or contained in Nm(S )) such that μ ◦ ϕ = ϕ ◦ μ for each ϕ ∈C and, obviously, K(S)isisomorphictoK(S). −1 −1 −1 C C N S N S g3 N S N S g1 Now, since = g3 g1 , r( )= r( ) and m( )= m( ) ,wehavethat − g 1 for each element ρ ∈K(S ) 3 and for each ϕ ∈C ρ ◦ ϕ = ϕ ◦ ρω ◦ −1 S C where ω = g3 g1 . Note that, since is a semifield, ω is an element of .Now, − g 1 it is easy to see that K(S ) 3 is the maximum subfield Kr,ω (S) contained in Nr(S) − g 1 satisfying (2.2). In the same way, we have hat K(S ) 1 is the maximum subfield Km,σ(S) contained in Nm(S) satisfying (2.3).

By the previous result it follows that the middle nucleus (resp. right nucleus) of a presemifield S =(S, +,), with associated spread set C, can be equivalently V C described as the largest field contained in =EndFp (S) with respect to which is a right vector space (resp. left vector space); similarly, the left nucleus of S can be described as the largest field contained in V with respect to which Cd (the spread set associated with the dual of S) is a left vector space. Also, regarding the center, note that if S is a semifield, then id ∈Cand hence

Kr,id(S)=Km,id(S)=K(S)=

= {μ ∈Nr(S) ∩Nm(S):μ ◦ ϕ = ϕ ◦ μ ∀ϕ ∈C}. By the proof of the previous theorem we also have the following result.

Corollary 1. If the presemiﬁelds S1 and S2 are isotopic via the isotopy (g1,g2,g3) then N S N S −1 1 r( 2)=g3 r( 1)g3 ; N S N S −1 2 m( 2)=g1 m( 1)g1 ; N S N S −1 3 l( 2)=g3 l( 1)g3 ; K S K S −1 K S K S −1 ∈ 4 r,σ ( 2)=g3 r,ω ( 1)g3 and m,σ( 2)=g1 m,ω( 1)g1 ,whereω C \{ } ◦ ◦ −1 ∈C 1 0 and σ = g3 ω g1 2.

2.1. The Knuth Chain. If S =(S, +,) is a presemiﬁeld n-dimensional over Fp,and{e1,...,en} is an Fp-basis for S, then the multiplication can be written via the multiplication of the vectors ei. Indeed, if x = x1e1 + ··· + xnen and y = y1e1 + ···+ ynen, with xi,yi ∈ Fp,then % & n n n (2.4) xy= xiyj (ei ej )= xiyj aijkek i,j=1 i,j=1 k=1

ON THE NUCLEI OF A FINITE SEMIFIELD 127 for certain aijk ∈ Fp, called the structure constants of S with respect to the basis {e1,...,en}. Knuth noted, in [23], that the action of the symmetric group S3 on the indices of the structure constants gives rise to another five presemifields starting from one presemifield S.Theset[S] of these (at most six) presemifields is called the Knuth Chain of S, and consists of the presemifields {S, S(12), S(13), S(23), S(123), S(132)}, called the derivatives of S (S included). In the same paper, the author proved that the action of S3 on the indices of the structure constants of a presemifield S is well-defined with respect to the isotopism classes of S,andbytheKnuth orbit of S we mean the set of isotopism classes corresponding to the Knuth chain S. The presemifield S(12) is the opposite algebra of S obtained by reversing the multiplication, or in other words, S(12) = Sd, the dual of S. Similarly, it is easy to see that the semifield S(23) can be obtained by transposing the matrices corresponding to the transformations ϕy, y ∈ S, with respect to some Fp-basis of S, and for this reason S(23) is also denoted by St, called the transpose of S. With this notation, the Knuth orbit becomes {[S], [Sd], [St], [Sdt], [Std], [Sdtd]}. Note that t and d are operations of order two, i.e. (St)t = S and (Sd)d = S.

It is possible to describe the transpose of a presemifield without fixing a basis of S. S n V Let =(S, +,) be a presemifield of characteristic p and order p ,let =EndFp (S) and let C be the associated spread set. Denote by , a non-degenerate symmetric bilinear form of S as Fp-vector space and denote by ϕ the adjoint of ϕ ∈ V with respect to , , i.e. x, ϕ(y) = ϕ(x),y for each x, y ∈ S.SincethemapT : ϕ ∈ V → ϕ ∈ V is an involutive antiautomorphism of the endomorphisms ring V C { ∈C} and dimKerϕ = dimKerϕ,wegetthat = ϕy : ϕy is an additive spread S set as well, defining the presemifield =(S, +, )wherexy = ϕy(x)foreach x, y ∈ S. ItispossibletoprovethatS,uptoisotopy,doesnotdependonthe choice of the bilinear form , and that S is isotopic to the presemifield St.For this reason, in what follows, fixed a non-degenerate symmetric bilinear form , of S, the presemifield S, constructed by using the adjoints with respect to , , will be denoted as St and the associated spread set C will be denoted as Ct.Moreover,if X is a subset of V, we will denote by X the set of the adjoint maps, with respect to , , of the elements of X. Now, we are able to describe how the nuclei move in the Knuth chain (see also [27]and[25]). Proposition 2. If S is a presemifield, then d t 1. Nr(S)=Nl(S )=Nm(S ); t ∼ d 2. Nm(S)=Nr(S ) = Nm(S ); d ∼ t 3. Nl(S)=Nr(S ) = Nl(S ). Proof. Point 1. follows from Theorem 1 and from properties of the adjoint maps. Indeed, since T is an antiautomorphism, we get T (ϕ◦μ)=T (μ)◦T (ϕ)=¯μ◦ϕ¯ for each μ, ϕ ∈ V. The first part of 2. and 3. follows from 1..Now,notethatifμ is an element of Nm(S), then for each y ∈ S there exists a unique element z ∈ S such that ϕy ◦ μ = ϕz and the map σμ : y ∈ S → z ∈ S is an invertible Fp-linear map of S;so,F = {σμ : μ ∈Nm(S)} is a field of maps isomorphic to Nm(S) satisfying d ∼ d (b) of Theorem 1 relatively to C , i.e. Nm(S) = F = Nm(S ). Finally, by using the

128 GIUSEPPE MARINO AND OLGA POLVERINO previous relations and taking into account that Sdtd = Stdt we get

t tdd tdt dtd ∼ dtt d N(S )=N(S )=Nm(S )=Nm(S ) = Nr(S )=Nr(S )=N(S).

2.2. Semifields and q-polynomials. If S =(S, +,) is a presemifield of characteristic p and order pn, then we may identify, up to isomorphisms, S with the Fp–vector space Fpn and hence S =(Fpn , +,), where xy = F (x, y). Since F (x, y) is additive with respect to both the variables x and y, it can be seen as the polynomial map associated with a p-polynomial of Fpn [x, y], i.e. n−1 pi pj F (x, y)= ai,j x y i,j=0 where a ∈ F n . Also, each element ϕ of V =EndF (F n )canbewrittenina ij p p p n−1 pi unique way as ϕ(x)= i=0 βix . Now, let , be the symmetric bilinear form of Fpn over Fp defined by the following rule x, y = trpn/p(xy). Then , is a non-degenerate symmetric bilinear form n−1 pi V and the adjointϕ ¯ of the element ϕ(x)= i=0 βix of with respect to , ,is n−i n−1 p pn−i S ϕ¯(x)= i=0 βi x . This implies that the dual and the transpose of are defined, respectively, by the following multiplications xd y = F (y, x) and n−1 t pi pi pi+j x y = an−i,j x y , i,j=0 where the indices i and j are considered modulo n. The polynomial F defining the multiplication of S can be useful to determine the order of the nuclei. In what follows, if Fq is a subfield of Fpn , then we will denote by Fq the corresponding field of scalar maps {tλ : x ∈ Fpn → λx ∈ Fpn | λ ∈ Fq} contained in V. Theorem . S F 2 Let =( pn , +,) be a presemifield whose multiplication is given n−1 pi pj ∈ F F by xy= F (x, y),withF (x, y)= i,j=0 aijx y and aij pn and let q be a subfield of Fpn .

(A) If there exists τ ∈ Aut(Fq) such that τ F (λx, y)=F (x, λ y) for each x, y ∈ Fpn and for each λ ∈ Fq

N S N S ⊆ F n then m( ) contains the field of maps Fq and m( ) EndFq ( p ). (B) If the polynomial F is Fq-semilinear with respect to y,thenNr(S) contains N S ⊆ F n the field of maps Fq and r( ) EndFq ( p ). (C) If the polynomial F is Fq-semilinear with respect to x,thenNl(S) contains N S ⊆ F n the field of maps Fq and l( ) EndFq ( p ).

Proof. Let us prove Statement (A). Recall that Nm(S)isthelargestﬁeld V F n CN S ⊆C ∈ F contained in =EndFp ( p ) such that m( ) .Letλ q, then, for each x, y ∈ Fpn τ ϕy ◦ tλ(x)=ϕy(λx)=F (λx, y)=F (x, λ y)=ϕλτ y(x).

ON THE NUCLEI OF A FINITE SEMIFIELD 129

This means that for each y ∈ Fpn , ϕy ◦ tλ = ϕλτ y ∈C, i.e. C Fq ⊆C. Hence Fq ⊆Nm(S) and since (Nm(S), +, ◦)isaﬁeld,wegetμ ◦ tλ = tλ ◦ μ for each ∈ F ∈N S ∈ F n λ q and μ m( ), i.e. μ EndFq ( p ). Using similar arguments we can prove Statement (B).

Finally, let Cd be the spread set associated with the dual presemiﬁeld Sd of S and let σ be the automorphism of Fq associated with F with respect to the variable σ x, i.e. F (λx, y)=λ F (x, y)foreachx, y ∈ Fpn and λ ∈ Fq. Then, for each λ ∈ Fq and for each x, y ∈ Fpn we have −1 x x σ−1 λσ x tλ ◦ ϕ (y)=λϕ (y)=λF (x, y)=F (λ x, y)=ϕ (y). −1 x λσ x d d d This means that for each x ∈ Fpn , tλ ◦ ϕ = ϕ ∈C , i.e. FqC ⊆C . It follows ⊆N S N S ⊆ F n that Fq ( ) and hence l( ) EndFq ( p ).

Corollary 2. Let S =(Fpn , +,) be a presemiﬁeld whose multiplication is given by xy = F (x, y).IfF (x, y) is a q–polynomial (Fq subﬁeld of Fpn ), i.e. d C C ⊆ F n , EndFq ( p ),then

Fq ⊆Nl(S) ∩Nm(S) ∩Nr(S),

Fq ⊆Kr,ω (S) ∩Km,σ(S) and

K K N S N S N S ⊆ F t m,σ, r,ω , l( ), m( ), r( ) EndFq ( p ) for each ω, σ ∈C\{0}. Proof. It is sufficient to note that in this case we can write F (x, y)= h−1 qi qj ∈ F h n ∈ F i,j=0 aijx y with aij pn and q = p .Thenforeachλ q,weget F (λx, y)=λF (x, y)=F (x, λy) and hence by Theorem 2 and point (d)ofTheorem 1, the assertion follows. Recall that the dual and the transpose operations are invariant under isotopy, i.e. if S and S are two isotopic presemifields, then Sd and S d (St and S t,respectively) are isotopic as well. Hence it makes sense to ask which is the isotopism involving the duals and the transposes of two isotopic presemifields (see [28,proposition 2.3]). Precisely, if , is a given non-degenerate symmetric bilinear form of Fpn over Fp and ϕ denotes the adjoint of ϕ ∈ V with respect to , ,thenwecan prove the following

Proposition 3. Let S1 =(Fpn , +, •) and S2 =(Fpn , +,) be two presemiﬁelds. Then

i)(g1,g2,g3) is an isotopism between S1 and S2 if and only if (g2,g1,g3) is Sd Sd an isotopism between the dual presemifields 1 and 2; −1 −1 ii)(g1,g2,g3) is an isotopism between S1 and S2 if and only if (g3 ,g2, g1 ) St St is an isotopism between the transpose presemifields 1 and 2. Proof. Statement i) easily follows from the definition of dual operation. C { | ∈ F } C { | ∈ F } Let us prove ii). Let 1 = ϕy y pn and 2 = ϕy y pn be the corresponding spread sets. By the previous arguments the corresponding transpose t t presemifields are defined by the following multiplications x• y = ϕy(x)andx y =

130 GIUSEPPE MARINO AND OLGA POLVERINO

S S ϕy(x), respectively. The triple (g1,g2,g3) is an isotopism between 1 and 2 if and only if g3 ◦ ϕy = ϕ ◦ g1 for each y ∈ Fpn .Sinceϕy ◦ g3 = g1 ◦ ϕ for each g2(y) g2(y) y ∈ Fpn ,wehave t t g3(x) • y = g1(x g2(y)) − − 1 t 1 t for each x, y ∈ Fpn . Thisisequivalenttog1 (z • y)=g3 (z) g2(y)foreach z,y ∈ Fpn . So, the assertion follows.

Remark 1. If S1 and S2 are two isotopic presemiﬁelds, by using i)andii) of the previous proposition, it is possible to determine the isotopisms between the other derivatives of S1 and S2.

Finally, if two presemiﬁelds are both deﬁned by Fq-linear maps, then we have a restriction on the possible isotopisms between them (see [28, Thm. 2.2]).

Theorem 3. If (g1,g2,g3) is an isotopism between two presemiﬁelds S1 and S2 n C C F n of order p , whose associated spread sets 1 and 2 are contained in EndFq ( p ) (Fq asubﬁeldofFpn ), then g3 and g1 are Fq–semilinear maps of Fpn with the same companion automorphism.

Proof. C C ⊂ F n Since 1, 2 EndFq ( p ), by Corollary 2, we have that

Fq ⊂Nl(S1) ∩Nl(S2). N S N −1 −1 ⊂N S Also by Corollary 1, l( 2)=g3 l(S1)g3 .Theng3Fqg3 l( 2), and since a −1 finite field contains a unique subfield of given order, it follows g3Fqg3 = Fq. Hence → −1 the map tλ g3tλg3 is an automorphism of the field of maps Fq,andsothere ∈{ − } −1 k ∈ F exists i 0,...,k 1 such that g3tλg3 = tλpi (where q = p )foreachλ q, pi i.e. g3 is an Fq–semilinear map of Fpn with companion automorphism σ(x)=x . C −1 C F Finally, by proposition 1, g3 1g1 = 2, and hence g1 is an q–semilinear map of Fpn as well, with the same companion automorphism σ.

3. The known families of commutative semifields Kantor, in his article [22], pointed out that only a very small number of constructions of commutative semifields in odd characteristic, in particular when the characteristic is greater than 3, were known. Indeed until then the known examples of commutative proper 2 (pre)semifields of odd order were

D) Dickson semiﬁelds [18]: (Fqk × Fqk , +,), q odd and k>1 odd, with (a, b) (c, d)=(ac + jbσdσ,ad+ bc),

where j is a nonsquare in Fqk , σ is an Fq–automorphism of Fqk , σ = id. These presemifields have middle nucleus of order qk and center of order q (see [17], [18], [19]). A) Generalized twisted fields [2]: (Fqt , +,), q odd and t>1 odd, with xy= xαy + xyα, → qn F F t where α : x x is automorphism of qt , with Fix σ = q and gcd(t,n) is odd. These presemifields have middle nucleus and center both of order q (see [3]).

2Here a presemiﬁeld is called proper if it not isotopic to a ﬁeld

ON THE NUCLEI OF A FINITE SEMIFIELD 131

G) Ganley semifields [21]: (F3r × F3r , +,), r ≥ 3 odd, with (a, b) (c, d)=(ac − b9d − bd9,ad+ bc + b3d3). These semifields have middle nucleus and center both of order 3. CG) Cohen–Ganley semifields [11]: (F3s × F3s , +,), s ≥ 3, with (a, b) (c, d)=(ac + jbd + j3(bd)9,ad+ bc + j(bd)3)

where j is a nonsquare in F3s . These semifields have middle nucleus of order 3s and center of order 3. CM/DY) Coulter–Matthews/Ding–Yuan presemifields [14], [20]: (F3e , +,), e ≥ 3 odd, with xy= x9y + xy9 ± 2x3y3 − 2xy. Arguing as in the proof of Theorem 5, straightforward computations show that the CM/DY presemifields have nuclei and center all of order 3. In [12], the authors have showed that, for each e ≥ 5 odd, these two presemifields are not isotopic and they are not isotopic to any previously known commutative semifield. PW/BLP) Penttila–Williams/Bader–Lunardon–Pinneri semifield [31], [4]: (F35 × F35 , +,), with (a, b) (c, d)=(ac +(bd)9,ad+ bc +(bd)27). This commutative semifield arises from the symplectic semifield associated with the Penttila–Williams translation ovoid of Q(4, 35). The PW/BLP semifield has middle nucleus of order 35 and center of order 3. CHK) Coulter–Henderson–Kosick presemifield [13]: (F38 , +,), with xy = xy + L(xy9 + x9y − xy − x9y9)+x243y3 + x81y − x9y + x3y243 + xy81 − xy9,

5 2 where L(x)=x3 + x3 . This presemiﬁeld has middle nucleus of order 32 and center of order 3.

Note that two (pre)semiﬁelds belonging to diﬀerent families of the previous list are not isotopic.

In the last years some other commutative semiﬁelds have been constructed, precisely:

ZKW) Zha–Kyureghyan–Wang presemiﬁelds [33], [5, Thm. 4]: (Fp3s , +,), with

t t s s+t 2s 2s s+t xy= yp x + yxp − up −1(yp xp + yp xp ), F s where u is a primitive element of p3s and 0

132 GIUSEPPE MARINO AND OLGA POLVERINO

In [6], the author has proven that the previous multiplication gives rise to a commutative presemiﬁeld if, instead of Condition (3.1), the following condition is fulﬁlled

(3.2) ps ≡ pt ≡ 1(mod 3).

Moreover, in [5, Thm. 7] it has shown that, when p ≡ 1(mod 3) these presemifields are not isotopic to a Generalized twisted field. B) Bierbrauer presemifields [6]: (Fp4s , +,), p odd prime, with

t t s s+t 3s 3s s+t xy= yp x + yxp − up −1(yp xp + yp xp ),

F 2s where u is a primitive element of p4s and 0 1, these presemifields are not isotopic neither to a Dickson semifield nor to a Generalized twisted field. In [9], two families of commutative presemifields of order p2m, p odd prime, are constructed starting from certain Perfect Nonlinear DO–polynomials over Fp2m labeled as (i∗)and(ii∗). In [10, Thm. 3] it has been shown that the middle nucleus of the presemifields of type (i∗) has square order. In this way the authors have proven that for p =3and m odd the commutative presemifields of type (i∗) are new ([10, Cor. 8]). Later on, in [7], these presemifields are simplified. More precisely, the author proves that these two families of presemifields are contained, up to isotopy, in the following family

BH) Budaghyan–Helleseth presemiﬁelds [9], [7]: (Fp2m , +,), p odd prime and m>1, with

m m s s m s s m (3.3) xy= xyp + xp y +[β(xyp + xp y)+βp (xyp + xp y)p ]ω,

qm where 0

The aim of this paper is to study the isotopy relations involving the commutative presemifields listed above. In order to do this, a very useful tool will be the computation of the order of their middle nucleus and their center. (Recall that, if a presemifield is isotopic to a commutative semifield S,thenN(S)=Nr(S)=K(S).)

4. The isotopy issue In this section we want to face with the isotopy issue between the presemifields listed in the previous section. In order to do this we first compute the nuclei of the involved presemifields.

ON THE NUCLEI OF A FINITE SEMIFIELD 133

4.1. The nuclei of BH presemiﬁelds. Let p be an odd prime, m and s two positive integers such that 0

d d d d (4.1) xy= xyq + xq y +[β(xyq + xq y)+βq (xyq + xq y)q ]ω, where 2− ∗ q 1 ∈ F (q+1,qd+1) (4.2) β q2 : β =1, and ∃ ∈ F∗ q qd (4.3) a q2 : a + a = a + a =0. Referring to Multiplication (4.1) for the two families of commutative presemi- ﬁelds of type (i∗)and(ii∗) presented in [9], it has been proven that in both cases their middle nucleus always contains a ﬁeld of order q (see [10, Prop. 5 and Prop. 7]). Indeed we will prove that it has order q2. In [28, Sec. 3] it has been proved that (4.2) and (4.3) are equivalent to (4.4) + d odd and

(4.5) β nonsquare in Fq2l . Now we can prove Theorem 4. A BH(q, , d, β) presemiﬁeld of order q2, q an odd prime power and >1, has middle nucleus of order q2 and right nucleus, left nucleus and center all of order q.

Proof. Recall that 0

V F 2 contained in the vector space =EndFq ( q ). By (b) of Theorem 1 and by (A) of Theorem 2, the middle nucleus of BH(q, , d, β) is isomorphic to the largest ﬁeld, say Nm(S), contained in the space V and satisfying the property ϕy ◦ ψ ∈C,foreachϕy ∈Cand for each ψ ∈Nm(S). This is equivalent to say that for each x, y ∈ Fq2 there exists an element z ∈ Fq2 such that ϕy(ψ(x)) = ϕz(x), i.e. there exists z ∈ Fq2 such that q q q q ψ(x) ◦ y +[β(ψ(x) ◦d y)+β (ψ(x) ◦d y) ]ω = x ◦ z +[β(x ◦d z)+β (x ◦d z) ]ω for each x, y ∈ Fq2 .Since{1,ω} is an Fq –basis of Fq2 ,thisisequivalenttoshow there exists z ∈ F 2 such that for each x, y ∈ F 2 the following system ' q q ψ(x) ◦ y = x ◦ z (4.7) q q q q β(ψ(x) ◦d y)+β (ψ(x) ◦d y) = β(x ◦d z)+β (x ◦d z)

134 GIUSEPPE MARINO AND OLGA POLVERINO 2−1 qi ∈ V F F 2 admits solutions. Since ψ =End q ( q ), we have ψ(x)= i=0 aix , with ai ∈ Fq2 and looking at the ﬁrst equation of System (4.7) we get qi q q qi+ q q ( aix )y +( ai x )y = xz + x z, i i

q2 for each x, y ∈ Fq2 . Hence, reducing the above equation modulo x − x,wehave that for each y ∈ Fq2 there exists z ∈ Fq2 such that ⎧ ⎨ 0ifi =0 , q q q aiy + ai+y = ⎩ z if i =0 z if i = where ai = aj if and only if i ≡ j (mod 2). From the last equalities we get that q q ai =0foreachi =0, and z = a0 y + ay . Hence, from the ﬁrst equation of q System (4.7), it follows that if ψ ∈Nm(S), then ψ(x)=ψA,B(x)=Ax + Bx , q q with A, B ∈ Fq2 ,andz = A y + By for each y ∈ Fq2 . Substituting these conditions in the second equation of (4.7), we get that for each x, y ∈ Fq2 the following polynomial identity must be satisﬁed

q q q q q q q q q q β((Ax+Bx )◦dy)+β ((Ax+Bx )◦dy) =β(x◦d(A y+By ))+β (x◦d(A y+By )) .

2 Reducing modulo xq − x and equating the coeﬃcients of the obtained reduced polynomials we have that A and B must verify the system +d βA = βAq +d βB = βq Bq .

Note that, since gcd(2, + d)=gcd(, d) = 1 the set of solutions in Fq2 of the q+d−1 equations x = 1 is the set of nonzero elements of Fq. Hence, taking into 2 − q −1 account that β =0and( βq 1) q−1 =1,weget

A ∈ Fq and B = bξ,

q+d−1 1−q where b ∈ Fq and ξ is an element of Fq2 such that ξ = β . It follows that

q Nm(S)={ψa,bξ : x → ax + bξx | a, b ∈ Fq}, and hence the middle nucleus of the presemifield BH(q, , d, β) has order q2. On the other hand, by (a) of Theorem 1 and by (B) of Theorem 1, the right N S nucleus of BH(q, , d, β) is isomorphic to the largest field, say r( ), of the space 2−1 qi V F 2 → ∈ F 2 =EndFq ( q ), whose elements φ: x i=0 aix , with ai q , satisfy the property φ ◦ ϕy ∈C,foreachϕy ∈C. Arguing as above we get that Nr(S)= {x → ax| a ∈ Fq}. Since a presemifield BH(q, , d, β) is commutative, then its left nucleus and its center have both order q. Now the statement has been completely proven.

Recall that in [10, Cor. 8] the authors have proven that some BH presemifields of order p2m, p>3 odd prime and m odd are isotopic nor to a Dickson semifield nor to a Generalized twisted field and, obviously, nor to a presemifiel of characteristic 3. By using the previous theorem we can now prove a stronger result.

ON THE NUCLEI OF A FINITE SEMIFIELD 135

Corollary 3. A BH(q, 2,d,β) presemifield of order q4, q an odd prime power, with Multiplication ( 4.1), is isotopic to a Dickson semifield. A BH(q, , d, β) presemifield of order q2, q an odd prime power and >2,with Multiplication ( 4.1), is isotopic nor to a Dickson semifield nor to a Generalized twisted field. Proof. If = 2, from Theorem 4 each BH(q, , d, β) presemifield is 2–dimensional over its middle nucleus and 4–dimensional over its center. Hence it is isotopic to a Dickson semifield (see [32], [8]) . If >2, by Theorem 4, comparing the dimensions of the involved presemifields over their middle nucleus and over their center (see Table 1), we get the assertion.

4.2. The nuclei of Bierbrauer presemiﬁelds. Set h =gcd(s, t), then s = hm and t = hn with gcd(m, n) = 1. Then the multiplication of a Bierbrauer h presemiﬁeld B =(Fq4m , +,), q = p odd prime power, can be rewritten as

n n m+n 3m 3m m+n (4.8) xy= yq x + yxq − v(yq xq + yq xq ),

qm−1 where v = u , u a primitive element of Fq4m ,and01 odd, a B presemifield is not quadratic over its middle nucleus ([6, Thm. 7]). Finally, if q = p is an odd prime, m =3and n =2,aB presemifield has middle nucleus of order p2 and center of order p ([5, Thm. 6]). Here we determine the orders of the nuclei and the center of the involved presemifields, with no restriction on n, m or q.

Theorem 5. A Bierbrauer presemiﬁeld B =(Fq4m , +,), q an odd prime power, with Multiplication ( 4.8), has middle nucleus of order q2 and center of order q.

Proof. C { → | ∈ F 4m }⊂V F 4m Let = ϕy : x xy y q =EndFq ( q )bethespread set associated with the presemifield B.Notethatifxy = F (x, y), then F (λx, y)= F (x, λy)foreachλ ∈ Fq2 . Hence, by (A) of Theorem 2, we get that the middle nucleus of B is the largest field Nm(B) contained the field of maps Fq2 and contained in the space EndF (F 4m ) satisfying the property ϕ ◦ ψ ∈C,foreachϕ ∈Cand q2 q y y ∈N B ∈ F ψ m( ). This is equivalent to say that for each x, y q4m there exists an ∈ F 2m−1 q2i element z q4m such that ϕy(ψ(x)) = ϕz(x), where ψ(x)= i=0 aix , with ai ∈ Fq4m , i.e. qn qn+2i qn q2i − qm+n q3m q3m+2i q3m qm+n q2i+m+n y ai x + y aix v y ai x + y ai x i i i i n n m+n 3m 3m m+n (4.9) = zq x + zxq − v(zq xq + zq xq ), for each x, y ∈ Fq4m .

136 GIUSEPPE MARINO AND OLGA POLVERINO

4m Now, reduce the above polynomials modulo xq −x and equate the coeﬃcients. n 3m m+n 4m Since the monomials x, xq ,xq ,xq are pairwise distinct modulo xq −x, n+m is odd and gcd(n, m) = 1, we get ⎧ n ⎨ zq if i =0 (a) qn qn a − n y + aiy = z if 2i = n (b) i 2 ⎩ 0otherwise for all y ∈ Fq4m ,whereaj = aj if and only if j ≡ j (mod 4m). From the previous equalities we get ' 5 n (4.10) ai = ai− n =0 ∀ i/∈ 0, modulo 4m. 2 2 Combining (a)and(b)weget

qn qn q2n qn qn q2n (4.11) a − n y + a0y = a y + a n y . 4m 2 0 2 Hence

(4.12) a n = a − n =0 2 4m 2 and q2n qn (4.13) a0 = a0 and z = a0 y. By using (4.10), (4.12) and (4.13) in Equation (4.9), we get that for each x, y ∈ Fq4m there exists z ∈ Fq4m such that qn qn qn − q3m qm+n q3m qm+n q3m qm+n a0y x + a0 yx v(a0 y x + a y x )=

q2n qn qn qn − qm+2n qm+n q3m q3m+n q3m qm+n = a0 y x + a0 yx v(a0 y x + a0 y x ), n m+n 3m which implies, taking into account that y, yq , yq and yq are pairwise distinct 4m modulo yq − y,that q2m a0 = a0 .

From the last equality and from (4.13), since gcd(n, m) = 1, it follows Nm(B)=Fq2 . B N B On the other hand, the right nucleus of is the largest ﬁeld r( )ofthespace 4m−1 qi V F F 4m → ∈ F 4m =Endq ( q ), whose elements φ: x i=0 aix , with ai q ,satisfy the property φ ◦ ϕy ∈C,foreachϕy ∈C. Arguing as above we get Nr(B)=Fq.

In [6, Thm. 7], it has been shown that a B presemifield of order q4m, q = p an odd prime, n =2andm>1 odd, is not isotopic to a Generalized twisted field. By using the previous theorem we can now prove the following Corollary 4. A Bierbrauer presemifield of order q4 (i.e., m =1), q an odd prime power, with Multiplication ( 4.8) is isotopic to a Dickson semifield. A Bierbrauer presemifield of order q4m, q an odd prime power and m>1 odd, with Multiplication ( 4.8), is isotopic neither to a Dickson semifield, nor to a Generalized twisted field and to any of the known commutative presemifields with center of order 3 listed in Table 1.

ON THE NUCLEI OF A FINITE SEMIFIELD 137

Proof. From Theorem 4 a B presemifield of order q4 is 2–dimensional over its middle nucleus and 4–dimensional over its center. Hence it is isotopic to a Dickson semifield (see [32]and[8]). If m>1 odd, by Theorem 4, comparing the orders and the parameters of the involved presemifields over their middle nucleus and over their center (see Table 1), we get the assertion.

Corollary 5. A BH(q, , d, β) presemifield of order q2, q an odd prime power and =2 k with k odd, defined by Multiplication ( 4.1), is not isotopic to any Bierbrauer presemifield with Multiplication ( 4.8). Proof. The assertion again follows by comparing the dimensions of the involved presemifields over their middle nucleus and over their center (see Table 1).

4.3. The nuclei of Zha–Kyureghyan–Wang presemiﬁelds. Set g = gcd(s, t), then s = hg and t = ng with gcd(h, n) = 1. Then the multiplication g of a Zha–Kyureghyan–Wang presemiﬁeld ZKW =(Fq3h , +, ∗), q = p odd prime power, can be rewritten as

n n h+n 2h 2h h+n (4.14) xy= yq x + yxq − v(yq xq + yq xq ),

qh−1 where v = u , u a primitive element of Fq3h ,and01 odd, satisfying Condition (4.15) has middle nucleus of order q. Using similar techniques as in Theorem 5 it can be proven that also the center of a ZKW presemifield has order q. In both cases the arguments do not involve the congruences (4.15) and (4.16). Hence we obtain Theorem 6. A ZKW presemifield of order q3h, q an odd prime power and h an odd integer, with Multiplication ( 4.14), has middle nucleus and center both of order q. Corollary 6. A ZKW presemifield of order q3, q an odd prime power, with Multiplication ( 4.14), is isotopic to a Generalized twisted field. A ZKW presemifield of order q3h, q>3 an odd prime power and h>1 odd integer, with Multiplication ( 4.14), is not isotopic to any known presemifield.

138 GIUSEPPE MARINO AND OLGA POLVERINO

Proof. The first part has been proven above. By [26, Cor. 3], a ZKW presemifield of order q3h, q>3 an odd prime power and h>1 odd integer, is isotopic neither to a Dickson semifield nor to a Generalized twisted field and, by Table 1, it is not isotopic to any presemifield with characteristic 3. Moreover, by Theorems 4, 5 and 6, a ZKW presemifield is isotopic neither to a BH presemifield nor a B presemifield by comparing the dimensions of the involved presemifields over their center.

The following table summarizes the state of the art on the presently known commutative presemiﬁelds whose multiplication are written pointing out their center. In this table we have also written the multiplication and the parameters of some presemiﬁelds very recently constructed in [34].

ON THE NUCLEI OF A FINITE SEMIFIELD 139 ] ] ] ] 7 19 12 5 ] ] ] 4 ], [ 5 3 ] ], [ ], [ ] ] ] ], [ 6 26 ], [ 34 18 20 11 21 13 ], [ ], [ [ [ [ [ 6 2 ], [ [ [ 31 ], [ [ ], [ ], [ 33 REFER. 10 [ 17 14 [ [ [ 3) 3) mod 4), mod 0( 1( ≡ mod ≡ h odd, odd, odd, odd, 1( q q q q q + ≡ n ∃∀ ∃∀ ∃∀ ∃∀ q odd : ∃∀ odd, q q EXIS. RESULTS ∃∀ ∃∀ 9 q F xy ω − − 81 = m xy 4 ω q q ] + ) F ω , ) n q ) odd ) nonsquare of n + h 243 y ) bc k 3 + ) y m α and q d q 3 h 3 q + F q ) F ) t,n q x x t x 3 2 x ) ) bd q + m ( h + ,ad F 3 gcd( j 2 bd 27 y q σ ) d q ) 9 ) y q + y x d odd and +( bd bc + n + xy bc prim. elem. of ) − xy ( q bc + +( 2 n b n u y + q ,n + + 2 + − nonsquare in + bc =1and 81 β 3 h ,ad m , 3 x x j q 2 prim. elem. of s q n ,ad + σ y y α gcd( 3 ,ad q y 9 α d + + 3 )+ nonsquare of u ) F 9 h , σ y x bd m 3 xy 2 5 t β and ,ad ( 2 bd bd 3 d q y 3 q jb ( 9 q q α + x x F )=1and k ) 3 ± − ( x x + q y j ( )=1, + 243 1 9 d F bd 1 α odd, + x c − 9 + )= ac x − m, n b xy d h d n x +( ( q q )=1and q m = )+ − + , n, t + a u jbd L q 9 ac xy y )=( u y nonsquare in ( + ac + − 9 h, n 9 β x − j –autom. of x n n xy c, d ,( ac q ,gcd( q q ( )=( n h = +[ F –autom. of − where )=( q even, gcd( MULTIPLICATION 3 q ac )=1, q xy y ) F n F c, d n xy xy )=( ( q + c, d q , , d ( x xy x + − a, b y )=( m ( ) c, d =1 y y n + 4 ( > s 8 ≥ 10 ≥ 3 , , , 3 r m> s k> h> t> e 2 2 SIZE 2 , , , , , , q q 3 r t e k h m 2 q 2 3 3 4 3 q q q DY BLP P G H / / G B D A KW HK C Z B C TYPE Z CM PW

140 GIUSEPPE MARINO AND OLGA POLVERINO

Some explanatory comments on the above table are needed. The sizes of the middle nucleus and the center of a commutative (pre)semifield belonging to one of the families D, A, ZKW, B, BH, CG, G, CM/DY, PW/BLP, CHK and ZP are listed in the middle columns. The fifth column contains the existence results of commutative presemifields belonging to the above families.

4.4. Final remarks. By comparing the dimensions of the commutative presemifields over their middle nucleus and their center, taking into account their characteristic and using Corollaries 3, 4, 5 and 6, it follows that the family of ZKW presemifields of order q3h (with h>1) and the family of BH presemifields of order q2 (with >2) are not isotopic and they are actually new. More precisely, for q>3, these presemifields are not isotopic to any previously known. Regarding the family of B presemifields, so far it is not yet clear whether it contains new examples of presemifields. Indeed, by Table 1 and by comparing the parameters, it is not possible to exclude the possibility that a B presemifield turns out to be isotopic to a BH presemifield. As well as, it remains to investigate whether a CM/DY presemifield of order 3n, n ≡ 0(mod 3) could be isotopic to a ZKW presemifield and whether the CHK presemifield belongs, up to isotopy, to the family of BH presemifields. Finally in [34], the authors presented a family of presemifields (the ZP presemifields)oforderq2 and center of order q, computing their nuclei. Moreover, they show that, when σ = id, in some cases, the BH presemifields are contained, up to isotopisms, in the family of ZP presemifields, whereas when >3isodd and q ≡ 1(mod 4) the latter family contains presemifields which are non isotopic to any previously known. Obviously, it would be interesting to complete the study of the isotopisms between these two last mentioned families of presemifields for each value of (odd or even) and for each odd characteristic.

References [1] A.A. Albert, Finite division algebras and finite planes, Proc. Symp. Appl. Math., 10 (1960), 53–70. MR0116036 (22:6831) [2] A.A. Albert, Generalized Twisted Fields, Pacific J. Math, 11 (1961), 1–8. MR0122850 (23:A182) [3] A.A. Albert, Isotopy for generalized Twisted Fields, An. Acad. Brasil. Ciênc., 33 (1961), 265–275 MR0139639 (25:3070) [4] L. Bader, G. Lunardon, I. Pinneri, A new semifield flock, J. Combin Theory Ser. A, 86 (1999), 49–62. MR1682962 (2000a:51006) [5] J. Bierbrauer, New commutative semifields and their nuclei, Proceedings of AAECC-18 (Tar- ragoa, Spain), M. Bras-Amorós and T. Høholdt (Eds), Lecture Notes in Computer Science, 5527 (2009), 179–185. MR2580866 (2011k:12010) [6] J. Bierbrauer, New semifields, PN and APN functions, Designs, Codes, Cryptogr., 54 (2010), 189–200. MR2584973 (2011h:12018) [7] J. Bierbrauer, Commutative semifields from projection mappings,Designs,Codes,Cryptogr., 61 (2011), 187–196. MR2826956 [8] A. Blokhuis, M. Lavrauw, S. Ball, On the classification of semifield flocks, Adv. Math., 180 (2003), 104–111. MR2019217 (2004i:51008) F [9] L. Budaghyan, T. Helleseth, New Perfect Nonlinear Multinomials over p2k for any odd prime p, Lecture Notes in comput. Sci., vol. 5203, SETA (2008), 403–414. MR2646419 (2011g:11225) [10] L. Budaghyan, T. Helleseth, New commutative semifields defined by PN multinomials,Cryp- togr. Commun., 3 No.1 (2011), 1–16. MR2762963 (2011m:11240) [11] S.D. Cohen, M.J. Ganley, Commutative semifields, two–dimensional over their middle nuclei, J. Algebra, 75 (1982), 373–385. MR653897 (84g:17002)

ON THE NUCLEI OF A FINITE SEMIFIELD 141

[12] R.S. Coulter, M. Henderson, Commutative presemifields and semifields, Adv. Math., 217 (2008), 282–304. MR2365198 (2009b:12019) [13] R.S. Coulter, M. Henderson, P. Kosick, Planar polynomials for commutative semifields with specified nuclei, Des. Codes Cryptography, 44 (2007), 275–286. MR2336411 (2008h:12007) [14] R.S. Coulter, R.W. Matthews, Planar functions and planes of Lenz–Barlotti clas II,Des. Codes Cryptography, 10 (1997), 167–184. MR1432296 (97j:51010) [15] J. De Beule, L. Storme (Editors): Current research topics in Galois Geometry,NOVAAca- demic Publishers, Pub. Date 2011, ISBN: 978-1-61209-523-3. [16] P. Dembowski, Finite Geometries, Springer Verlag, Berlin, 1968. MR0233275 (38:1597) [17] L.E. Dickson, On finite algebras,Göttingen nachrichtung, (1905), 358–393. [18] L.E. Dickson, Linear algebras in which division is always uniquely possible, Trans. Amer. Math. Soc., 7 (1906), 370–390. MR1500755 [19] L.E. Dickson, On commutative linear algebras in which division is always uniquely possible, Trans. Amer. Math. Soc., 7 (1906), 514–522. MR1500764 [20] C. Ding, J. Yuang, A new family of skew Paley-Hadamard difference sets, J. Combin. Theory, Ser. A, 113 (2006), 1526–1535. MR2259075 (2008c:05020) [21] M.J. Ganley, Central weak nucleus semifields, European J. Combin., 2 (1981), 39–347. MR638409 (83c:51013) [22] W.M. Kantor, Commutative semifields and symplectic spreads,J.Algebra,270 (2003), 96– 114. MR2015931 (2004k:51003) [23] D.E. Knuth, Finite semifields and projective planes,J.Algebra,2 (1965), 182–217. MR0175942 (31:218) [24] M. Lavrauw, O. Polverino, Finite semifields. Chapter 6 in Current research topics in Galois Geometry (J. De Beule and L. Storme, Eds.), NOVA Academic Publishers, Pub. Date 2011, ISBN: 978-1-61209-523-3. [25] G. Lunardon, Symplectic spreads and finite semifields,Designs,Codes,Cryptogr.,44 (2007), 39–48. MR2336392 (2008f:51002) [26] G. Lunardon, G. Marino, O. Polverino, R. Trombetti, Symplectic Semifield Spreads of PG(5,q) and the Veronese Surface, Ricerche di Matematica, 60 No.1 (2011), 125–142. MR2803937 (2012d:51004) [27] D.M. Maduram, Transposed Translation Planes, Proc. Amer. Math. Soc., 53 (1975), 265–270. MR0383237 (52:4118) [28] G. Marino, O. Polverino, On isotopisms and strong isotopisms of commutative presemifields, Journal of Algebraic Combinatoric, to appear. DOI: 10.1007/s10801-011-0334-0. [29] G. Marino, O. Polverino, R. Trombetti, Towards the classification of rank 2 semifields 6– dimensional over their center,Designs,Codes,Cryptogr.,61 No.1 (2011), 11–29. MR2810500 [30] G. Menichetti, On a Kaplansky conjecture concerning three–dimensional division algebras over a finite field,J.Algebra,47 (1977), 400–410. MR0453823 (56:12076) [31] T. Penttila, B. Williams, Ovoids of parabolic spaces, Geom. Dedicata, 82 (2000), 1–19. MR1789057 (2001i:51005) [32] J.A. Thas, Generalized quadrangles and flocks of cones, Europ. J. Combin., 8 (4) (1987), 441–452. MR930180 (89d:51016) [33] Z. Zha, G.M. Kyureghyan, X. Wang, Perfect nonlinear binomials and their semifields, Finite Fields Appl., 15 No. 2 (2009), 125–133. MR2494329 (2010a:12005) [34] Y. Zhou, A. Pott, A new family of semifields with 2 parameters, submitted (arXiv:1103.4555).

Dipartimento di Matematica, Seconda Universita` degli Studi di Napoli, I– 81100 Caserta, Italy E-mail address: [email protected] Dipartimento di Matematica, Seconda Universita` degli Studi di Napoli, I– 81100 Caserta, Italy E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11526

Small-bias sets from extended norm-trace codes

Gretchen L. Matthews and Justin D. Peachey

Abstract. As demonstrated by Naor and Naor [11] among others [1, 2], the construction of small-bias probability spaces, or small-bias sets, is connected to that of error-correcting codes. Small-bias sets are probability spaces that in some sense approximate larger ones. Error-correcting codes have provided explicit constructions of such spaces. For instance, the concatenation of a Reed- Solomon code with a Hadamard code provides a now standard construction. Recently, Ben-Aroya and Ta-Shma used Hermitian codes to construct small- bias sets [4]. In this paper, we consider small-bias sets constructed from the u extended norm-trace function field F r (x, y)/F r defined by TrF F (y)=x q q qr / q qr−1 where q is a power of a prime, r ≥ 2, and u| ; here, TrF F denotes q−1 qr / q the trace with respect to the extension Fqr /Fq. The Hermitian function field yq +y = xq+1,itsquotientyq +y = xu where u|q+1, and the norm-trace function field given by TrF F (y)=NF F (x) are special cases of the extended qr / q qr / q norm-trace function field. We detail the resulting small-bias sets.

1. Introduction and preliminaries

Consider a binary random variable X := x1,...,xk. Let Ω denote the associated sample space. As shown by Varizani in 1986 [13], the bits x1,...,xk of X are independent and uniformly distributed if and only if for all nonempty T ⊆{1,...,k}, % & % & Prob xi =0 = Prob xi =1 i∈T i∈T where the sums are taken in F2, the finite field with two elements. Of course, if Fk these equivalent conditions are satisfied, then Ω = 2 , the set of binary vectors of length k, with the uniform distribution. For a fixed k, it is useful in a number of applications to have a sample space Fk that is smaller than 2 yet retains some of its randomness properties. These applications include derandomization of algorithms, testing of combinatorial circuits, and automated theorem proving [11]. This need for probability spaces that, in some sense, approximate larger ones prompted the notion of a small-bias set.

2010 Mathematics Subject Classiﬁcation. Primary 13P25. The ﬁrst author’s work was supported in part by NSF DMS-090169.

c 2012 American Mathematical Society 143

144 GRETCHEN L. MATTHEWS AND JUSTIN D. PEACHEY

Definition . ⊆ Fk 1.1 A subset X 2 is -biased if and only if for all nonempty ⊆{ } T 1,...,k , * * * * 1 * x * * (−1) i∈T i * ≤ . |X| * * x∈X Example . Fk 1.2 (1) Fix a positive integer k. Then the set 2 is 0-biased { } ∈ Fk whereas the set v , for any v 2 ,is1-biased and is not -biased for any <1.⎧⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤⎫ ⎨ 0 1 1 1 ⎬ (2) Let X = ⎣ 1 ⎦ , ⎣ 0 ⎦ , ⎣ 1 ⎦ , ⎣ 0 ⎦ ⊆ F3. Then X is 1 -biased. ⎩ ⎭ 2 2 0 1 1 0 To see this, consider a nonempty subset T ⊆{1, 2, 3},andlet * * * * 1 * x * S = * (−1) i∈T i * . T |X| * * x∈X

Note that if T ⊆{2, 3}, then ST =0. In addition, * * 1 * 1 1 0 1* 1 S{ } = (−1) +(−1) +(−1) +(−1) = . 1 4 2 ∈ 1 More generally, it is easy to check that 1 T implies ST = 2 .Thus,S is 1 2 -biased. Given an -biased set X, provides a measure of how far from uniform the distribution associated with X is. To make this precise, let Uk denote the uniform distribution on a variable with k bits, and let 1 Δ(X, Y ):= |Prob[X = α] − Prob[Y = α]| 2 α∈{0,1}k be the statistical diﬀerence between two k-bit random variables X and Y (equivalently, the statistical diﬀerence between their distributions). Remark . ⊆ Fk 1.3 ([8]) Suppose X 2 is an -biased set. Then

k ≤ 2Δ(X, Uk) ≤ 2 2 . Certainly, a set is 0-biased if and only if the associated random variable is uniformly distributed. O k While a random set of size 2 is -biased [5], there is a need for explicit constructions of small-bias sets. The goal of this paper is to construct -biased sets ⊆ Fk | | X 2 for fixed k and with X small. Our primary tool in the construction of small-bias sets is error-correcting codes. Thus, this section concludes with terminology and notation from coding theory. Section 2 contains a tutorial on the construction of small-bias sets from linear codes, focusing on algebraic geometric codes in particular. This is followed by Section 3 detailing the application of algebraic geometric codes from the extended norm-trace function field. Notation. The set of positive integers is denoted Z+. Given a prime power q F Fk and a positive integer k, q denotes the field with q elements and q denotes the

SMALL-BIAS SETS FROM EXTENDED NORM-TRACE CODES 145

k th set of vectors of length k with coordinates in Fq.Asusual,givenv ∈ F ,thei coordinate of v is denoted by v . The weight of a vector v ∈ Fk is i * * * * wt(v)=* {i : vi =0 } *.

th th Given a matrix A, RowiA denotes the i row of A and Colj A denotes the j column of A. A linear code over Fq of length n and dimension k is called an [n, k]q code. ∈ Fn |{ }| The Hamming distance between words w, w is d (w, w ):= i : wi = wi . A linear code over Fq of length n,dimensionk, and minimum distance d (resp. at least d)iscalledan[n, k, d]q (resp. [n, k, ≥ d]q)code. Let F/Fq be an algebraic function field of genus g. Given a divisor A on F defined over Fq,letL(A) denote the set of rational functions f on X defined over Fq such that (f)+A is an effective divisor together with the zero function. Let L F (A) denote the dimension of (A)asan q-vector space. An algebraic geometric n (or AG) code CL(D, G) can be constructed using divisors D = i=1 Pi and G on F where P1,...,Pn are pairwise distinct places of F of degree one none of which are in the support of G.Inparticular,

CL(D, G):={(f (P1) ,...,f(Pn)) : f ∈L(G)} .

If deg G

2. Balanced codes and small-bias sets In this section, we review the explicit construction of small-bias sets from balanced codes. Definition 2.1. An -balanced code is a binary code C of length n such that for all nonzero c ∈ C 1 − wt(c) 1+ ≤ ≤ . 2 n 2 The relationship between -balanced codes and -biased sets may be seen in the following lemma.

Lemma 2.2. Suppose C is an [n, k]2 code which is -balanced and M is a generator matrix for C.Then { }⊆Fk X = Col1M,Col2M,...,ColnM 2 is an -biased set with cardinality |X|≤n.

Proof. Suppose C is an [n, k]2 code which is -balanced, and let

X = {Col1M,Col2M,...,ColnM}

146 GRETCHEN L. MATTHEWS AND JUSTIN D. PEACHEY be the set of columns of a generator matrix M of C.GivenT ⊆{1,...,k}, T = ∅, ∈ Fk ∈ deﬁne v 2 by vi = 1 if and only if i T .Then * * * * * x * * n vCol M * 1 * − i∈T i * 1 * − j * |X| x∈X ( 1) = n j=1 ( 1)

1 | − | = n n 2 wt(vM)

≤ 1 n n = . Therefore, X is an -biased set. To obtain -balanced codes, we utilize a Walsh-Hadamard code. Given a positive integer s, the Walsh-Hadamard code C is a [2s,s] code with generator matrix ⎡ s 2⎤ || | ⎣ ⎦ M = v1 v2 ··· v2s || | Fs { } where 2 = v1,...,v2s .Itiswell-knownthatCs is a constant-weight code, and wt(c)=2s−1 for all codewords c ∈ Cs \{0} [3]. The concatenation of an [n, k, ≥ d]2s code C n−d s F → Fs with Cs is an n -balanced code C of length 2 n. To see this, let ϕ : 2s 2 be Fs → ∈ \{ } an isomorphism and φs : 2 Cs be an encoding map for Cs. Suppose c C 0 . Then c =(φs (ϕ (c1)) ,φs (ϕ (c2)) ,...,φs (ϕ (cn))) for some nonzero codeword c ∈ C. Notice that 2s−1d ≤ 2s−1wt(c) ≤ 2s−1n s−1 since wt (φs (ϕ (ci))) = 2 for each nonzero coordinate ci of the codeword c and d ≤ wt(c) ≤ n. Hence, the criteria in Deﬁnition 2.1 are satisﬁed, and C is s ≥ s−1 n−d an [n2 ,sk, 2 d]2 code which is n -balanced. This observation paired with Lemma 2.2 yields the following result.

Proposition 2.3. Given an [n, k, d]2s code C, the set of columns of a generator n−d matrix for the concatenation of C with the Walsh-Hadamard code Cs is an n - ⊆ Fsk | |≤ s biased set X 2 with X n2 . Example . s s − 2.4 Consider the [2 ,k,2 k +1] s Reed-Solomon code.* According* 2 * * k ⊆ Fk * * ≤ 2s to Proposition 2.3, this results in a 2s -bias set X 2 of cardinality X 2 . This now standard construction first appeared in [2]. Of course, one may apply Proposition 2.3 to AG codes over finite fields of characteristic 2. The motivation for doing so is that Hermitian codes have produced explicit small-bias sets which improve over previously known constructions in the range k−1.5 ≤ ≤ k−0.5. Moreover, the small-bias set given by an AG code CL(D, G) may be described explicitly from the divisors G and D = Q1 + ···+ Qn. For easy reference, we record here the corollary one obtains from Proposition 2.3 when C is an AG code over F2s .

Corollary 2.5. An AG code CL (D, G) of length n over F2s ,withdeg G

SMALL-BIAS SETS FROM EXTENDED NORM-TRACE CODES 147

Proof. Fix an algebraic function ﬁeld F/F2s . Consider the AG code CL (D, G) where G and D := P1 + ···+ Pn are divisors on F with Pi ∈/ supp G for all i and deg G < n.ThenCL (D, G)isan[n, (G), ≥ n − deg G]2s code, and the result follows from Proposition 2.3.

To describe explicitly the elements of the set X given in Corollary 2.5, let {f1,...,fk} be a basis for L(G), and let C be the concatenation of CL(D, G)and F∗ F \{ } F → Fs Cs as described above. Fix a generator γ of 2s := 2s 0 .Letϕ : 2s 2 be i the isomorphism given by ϕ γ = Rowi+1M for 0 ≤ i ≤ s − 1. Then a generator matrix M for the concatenated code C is ⎡ ⎤ φs (ϕ(f1(Q1))) φs (ϕ(f1(Q2))) ... φs (ϕ(f1(Qn))) ⎢ ⎥ ⎢ φs (ϕ(γf1(Q1))) φs (ϕ(γf1(Q2))) ... φs (ϕ(γf1(Qn))) ⎥ ⎢ ⎥ ⎢ . . . ⎥ ⎢ . . . ⎥ ⎢ s−1 s−1 s−1 ⎥ ⎢ φs ϕ(γ f1(Q1)) φs ϕ(γ f1(Q2)) ... φs ϕ(γ f1(Qn)) ⎥ ⎢ ⎥ ⎢ . . . ⎥ M = ⎢ . . . ⎥ . ⎢ ⎥ ⎢ φs (ϕ(fk(Q1))) φs (ϕ(fk(Q2))) ... φs (ϕ(fk(Qn))) ⎥ ⎢ ⎥ ⎢ φs (ϕ(γfk(Q1))) φs (ϕ(γfk(Q2))) ... φs (ϕ(γfk(Qn))) ⎥ ⎢ ⎥ ⎣ . . . ⎦ . . . s−1 s−1 s−1 φs ϕ(γ fk(Q1)) φs ϕ(γ fk(Q2)) ... φs ϕ(γ fk(Qn))

The elements of the small-bias set X given in Corollary 2.5 are the columns of the matrix M. Therefore, ⎧⎡ ⎤ ⎫ ⎪ ⎪ ⎪ φs ϕ f1 Q j ⎪ ⎪⎢ 2s j− j −1 2s ⎥ ⎪ ⎪⎢ ( 2s ) ⎥ ⎪ ⎪⎢ ⎥ ⎪ ⎪⎢ φs ϕ γf1 Q j ⎥ ⎪ ⎪ s j s ⎪ ⎪⎢ 2 j−( s −1)2 ⎥ ⎪ ⎪⎢ 2 ⎥ ⎪ ⎪⎢ . ⎥ ⎪ ⎪⎢ . ⎥ ⎪ ⎪⎢ ⎥ ⎪ ⎪⎢ s−1 ⎥ ⎪ ⎪⎢ φs ϕ γ f1 Q j ⎥ ⎪ ⎪ 2s − j − s ⎪ ⎨⎢ j ( 2s 1)2 ⎥ ⎬ ⎢ ⎥ X = ⎢ . ⎥ :1≤ j ≤ n2s ⊆ Fsk ⎪⎢ . ⎥ ⎪ 2 ⎪⎢ ⎥ ⎪ ⎪⎢ φs ϕ fk Q j ⎥ ⎪ ⎪⎢ s j s ⎥ ⎪ ⎪ 2 j−( s −1)2 ⎪ ⎪⎢ 2 ⎥ ⎪ ⎪⎢ ⎥ ⎪ ⎪⎢ φs ϕ γfk Q j ⎥ ⎪ ⎪ s j s ⎪ ⎪⎢ 2 j−( s −1)2 ⎥ ⎪ ⎪⎢ 2 ⎥ ⎪ ⎪⎢ . ⎥ ⎪ ⎪⎢ . ⎥ ⎪ ⎪⎣ ⎦ ⎪ ⎪ s−1 ⎪ ⎩ φs ϕ γ fk Q j ⎭ 2s − j − s j ( 2s 1)2

deg G | |≤ s is a n -bias set with cardinality X n2 . In the next section, we apply the construction in Corollary 2.5 to extended norm-trace codes. This is prompted by the fact that Hermitian codes, which are known to produce improved small-bias sets, are among the extended norm-trace codes. Because the family of extended norm-trace codes is larger, there is the opportunity to obtain new small-bias sets with known parameters.

148 GRETCHEN L. MATTHEWS AND JUSTIN D. PEACHEY

3. Extended norm-trace codes and associated -biased sets In this section, we consider a generalization of the Hermitian function field, associated AG codes, and resulting small-bias sets. The extended norm-trace function field is studied in [6, 7, 10]. While the Hermitian function field is defined over Fq2 , the extended norm-trace function field may be defined over Fqr for any r ≥ 2. Hence, this broader family of function fields provides codes over a wider range of alphabets than the Hermitian function field as well as a larger class of small-bias sets. Definition 3.1. Let q be a power of a prime, r ≥ 2,andx be transcendental over Fqr . The extended norm-trace function field over Fqr is Fqr (x, y) where

r−1 r−2 yq + yq + ···+ y = xu qr −1 and u>1 is a divisor of q−1 . Example . qr −1 F F 3.2 (1) If u = q−1 ,then qr (x, y)/ qr is the norm-trace function ﬁeld deﬁned by

TrFqr /Fq (y)=NFqr /Fq (x),

where TrFqr /Fq (y) (resp., NFqr /Fq (x)) denotes the trace of y (resp., norm of x) with respect to a degree-r extension of Fq. q2−1 F (2) If r =2and u = q−1 = q+1,then q2 (x, y) is the well-studied Hermitian function field with defining equation yq + y = xq+1. | q2−1 (3) Taking r =2and u q−1 yields the quotient of the Hermitian function q u field defined by y + y = x over Fq2 .

r−1 F (u−1)(q −1) The extended norm-trace function ﬁeld F/ qr has genus g = 2 and exactly qr−1 (uq − u +1)+1 places of degree one. Moreover, it was shown in [10] that the dimension of the + divisor αP∞,whereα ∈ Z and P∞ denotes the inﬁnite place of F is − '( ) 5 u1 α − iqr−1 (1) (αP∞)= max +1, 0 . u i=0

Consider the AG code CL(D, αP∞) over the extended norm-trace function ﬁeld, where D = Q1 +···+Qqr−1(uq−u+1) is the sum of all places of degree one other than r−1 P∞ and α

SMALL-BIAS SETS FROM EXTENDED NORM-TRACE CODES 149

Example 3.4 ([4]). Take F to be the Hermitian function field defined by yq + q+1 2 s y = x over Fq2 ,whereq =2. The Hermitian code CL(D, αP∞) gives rise to α ⊆ Fs(αP∞) | |≤ 5 a q3 -biased set X 2 with X q . A key difference in the small-bias sets given in Theorem 3.3 and those in Exam- ple 3.4 is the range of values of k allowed in each construction. Theorem 3.3 yields ⊆ Fk small-bias sets X 2 where k = r log q(G), given that CL(D, αP∞)isacode over Fqr and q is a power of two. Recall that as one considers divisors G = αP∞, α ∈ Z+, (G) takes on all positive integer values in the interval [1,n− g]. Hence, the small-bias sets X constructed from Hermitian codes (meaning those in Example ⊆ Fk 3.4) have the property that X 2 where k is an even multiple of log q whereas those given by the more general family of extended norm-trace codes in Theorem 3.3 allow for k ∈ r log q Z where r ≥ 2. The following example illustrates this more general situation.

Example 3.5. Consider the function ﬁeld F := F8(x, y)/F8 where y4 + y2 + y = x7.

Let G =15P∞,andletD be the sum of all places of F of degree one other than those in the support of G.Thus,CL (D, G) has length 32. By [10],abasisforL(G) is 1,x,x2,x3,y,y2,xy,x2y . Thus, a generator matrix for CL (D, G) is ⎡ ⎤ 1(P1)1(P2) ··· 1(P32) ⎢ ⎥ ⎢ x(P1) x(P2) ··· x(P32) ⎥ ⎢ 2 2 2 ⎥ ⎢ x (P1) x (P2) ··· x (P32) ⎥ ⎢ 3 3 3 ⎥ ⎢ x (P1) x (P2) ··· x (P32) ⎥ M := ⎢ ⎥ . ⎢ y(P1) y(P2) ··· y(P32) ⎥ ⎢ 2 2 2 ⎥ ⎢ y (P1) y (P2) ··· y (P32) ⎥ ⎣ ⎦ xy(P1) xy(P2) ··· xy(P32) 2 2 2 x y(P1) x y(P2) ··· x y(P32) Using the above information, we can construct a small-bias set by concatenating CL (D, G) with the appropriate Walsh-Hadamard code. Let F8 = F2(γ) where γ is arootofx3 + x +1.LetM be a generator matrix for the Walsh-Hadamard code C3. Define the map α as follows: 2 α :1→ Row1M ,γ → Row2M ,γ → Row3M . The rows of the generator matrix for the concatenated code are the images under α applied to the entries of the following rows: 2 2 Row1M,γRow1M,γ Row1M,...,Row7M,γRow7M,γ Row7M. The columns of this generator matrix for the concatenated code are the elements of the associated small-bias set. * * * * ⊆ Fk * * ≥ k k Every -biased set X 2 satisfies X Ω min 2 1 , 2 [2]. With this log in mind, we fix k and and consider |X| for the construction given in Theorem 3.3. As we are interested in finding sets whose size is as small as possible and are given a lower bound on the size of these sets, we now give an upper bound on |X|. Moreover, for the sake of comparison with the lower bounds, we make use of big-O notation. Also, note that utilizing these bounds, we may compare our result to

150 GRETCHEN L. MATTHEWS AND JUSTIN D. PEACHEY previous results given in [4]. Notice, for example, that the small-bias set X given | | O k2 in Example 2.4 has X = 2 .

−√1 Theorem . ≤ l ≥ 3.6 For all k and such that √1 k for some integer l 4, log 1 l ( ) l+1 Ω(k) l ⊆ F | | O √k there exists an -biasedsetX 2 with cardinality X = l− l 1 . log

−√1 Proof. ≤ l ≥ Fix k and so that √1 k for some positive integer l 4. 1 l (log ) Choose ⎡ ⎤ % & 1 % & 1 k l k l q ∈ ⎣ √ , 2 √ ⎦ l− l 1 l− l 1 log log to be a power of 2, say q =2s.Then

√ 1 l l− l log 1 1 ≥ 1 q 2 k √ 1 1 1 l− l log l = l 2 √ k l− l √1 ≥ 1 l l 1 2 = 2 .

We also have that √ l− l 1 1 l √ 1 l log l− l ≤ ≤ l 1 q k l √1 1 log l ≤ since k 1. Hence,

l√ 1 l− l 2 ≤ ≤ , q q and q 1 l log ≤ log ≤ √ log q. 2 l − l 1 It follows that log =Θ(logq). − l+2 q2r 1 Set r = 3 , and let α = 2 . Consider the norm-trace function ﬁeld over F F/ qr . We claim that the set X of columns of a generator matrix for CL(D, αP∞) l+1 Ω(k) l ⊆ F | | O √k is an -biased set with X 2 and X = l− l 1 . log ⊆ FΩ(k) qr −1 α First, we prove that X 2 .Letu = q−1 ,andsetm = qr−1 . As stated in Equation (1), − ' 5 u1 α − iqr−1 (αP∞)= max +1, 0 u i=0 which gives m α − iqr−1 (αP∞) ≥ u i=0

SMALL-BIAS SETS FROM EXTENDED NORM-TRACE CODES 151 since m ≤ u − 1. Simplifying, we see that α qr−1 m(m +1) 1 α (αP∞) ≥ (m +1)− ≥ (m +1) u u 2 2 u ≤ α as m qr−1 . It then follows that

2 1 α 1 l 2 (αP∞) ≥ ≥ q . 2 u 32 As a result, √ k l − l k (αP∞) ≥ ≥ , 32 log 1 32l log q ∈ k ⊆ FΩ(k) and (αP∞) Ω log q . This implies X 2 . α Next, we note that X is 2 -biased as n = 2 . Because > 2 , X is certainly -biased by deﬁnition. 3r−1 Finally, it follows from Theorem 3.3 that | X |≤ q . Therefore, |X| = l+1 l O √k l− l 1 . log

By taking l = 4 in the previous theorem, one may recover the following result due to Ben-Aroya and Ta-Shma. The result when l ≥ 5isnotcoveredin[4]and thus is a contribution on this work. Corollary 3.7 ([4]). For all k and such that √ ≤ √1 , there exists an log 1 k 5 ⊆ FΩ(k) | | O k 4 -biasedsetX 2 with cardinality X = 2 1 . log

Theorem 3.6 is an extension of Corollary 3.7 in that it applies to a wider range of values of k and . To see this, let l>4. If

≤ 1 (2) √1 √1 , 1 l k l log but 1 (3) 1 < 1 , k 2 1 2 log then we may apply Theorem 3.6, but Corollary 3.7 does not apply. Hence, Theorem 3.6 allows for the construction of larger families of small-bias sets than previously identified. Specifically, if we fix and choose k so that

√ log 1 l ≤ <2, k then (2 ) and (3) hold. The following example provides an instance of this. Example . 1 3.8 Let = 4 , l =9,andk =33.Then(2)and(3) hold as 1 ≤ 2 1 64 k < 16 . Applying Theorem 3.6 results in a small-bias set X with cardinality 10 |X| = O 67584 9 .

152 GRETCHEN L. MATTHEWS AND JUSTIN D. PEACHEY

References [1] N. Alon, J. Bruck, J. Naor, M. Naor, and R. Roth, Construction of asymptotically good, low-rate error-correcting codes through pseudo-random graphs, IEEE Trans. Info. Theory 38 (1992), 509–516. [2] N. Alon, O. Goldreich, J. Hastad, and R. Peralta, Simple constructions of almost k–wise independent random variables, Random Structures Algorithms 3 (1992), no. 3, 289–303. MR1164842 (93k:94006a) [3] S. Arora and B. Barak, Computational Complexity: A Modern Approach, Cambridge Uni- versity Press, 2009. MR2500087 (2010i:68001) [4] A. Ben-Aroya and A. Ta-Shma, Constructing small-bias sets from algebraic-geometric codes, FOCS’2009, 191–197. MR2648401 (2011d:68123) [5] E. Ben-Sasson, M. Sudan, S. Vadhan, and A. Wigerson, Randomness-efficient low degree tests and short PCPs via epsilon-biased sets, Proceedings of the Thirty-Fifth Annual ACM Sympo- sium on Theory of Computing, 612–621, ACM, New York, 2003, MR2120440 (2005k:68058) [6] M. Bras-Amorós and M. E. O’Sullivan, Duality for some families of correction capability optimized evaluation codes, Adv. Math. Commun. 2 (2008), no. 1, 15–33. MR2377234 (2009d:94152) [7] O. Geil, On codes from norm-trace curves, Finite Fields Appl. 9 (2003), no. 3, 351–371. MR1983054 (2004g:94092) [8] O. Goldreich, Computational Complexity: A Conceptual Perspective, Cambridge University Press, 2008. MR2400985 (2010i:68002) [9] T. Høholdt, J. H. van Lint, and R. Pellikaan, Algebraic geometry codes, in Handbook of Coding Theory, V. Pless, W. C. Huffman, and R. A. Brualdi, Eds., 1, Elsevier, Amsterdam (1998), 871–961. MR1667946 [10] G. L. Matthews and J. D. Peachey, Explicit bases for Riemann-Roch spaces of the extended norm-trace function field, with applications to AG codes and Weierstrass semigroups, preprint. [11] J. Naor and M. Naor, Small-bias probability spaces: efficient construction and applications, SIAM J. Comput. 22 (1993), 838–856. MR1227764 (94c:68092) [12] H. Stichtenoth, Algebraic Function Fields and Codes, Springer Verlag, 2009. MR2464941 (2010d:14034) [13] U. V. Vazirani, Randomness, adversaries, and computation, Ph.D. thesis, EECS, UC Berke- ley, 1986.

Department of Mathematical Sciences, Clemson University, Clemson, South Car- olina 29634-0975 E-mail address: [email protected] Department of Mathematical Sciences, Clemson University, Clemson, South Car- olina 29634-0975 E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11527

On the Waring Problem with multivariate Dickson polynomials

Alina Ostafe, David Thomson, and Arne Winterhof

Abstract. We extend recent results of Gomez and Winterhof, and Ostafe and Shparlinski on the Waring problem with univariate Dickson polynomials in a finite field to the multivariate case. We give some sufficient conditions for the existence of the Waring number for multivariate Dickson polynomials, that is, the smallest number g of summands needed to express any element of the finite field as sum of g values of the Dickson polynomial. Moreover, we prove strong bounds on the Waring number using a reduction to the case of fewer variables and an approach based on recent advances in arithmetic combinatorics due to Glibichuk and Rudnev.

1. Introduction

For a finite field Fq of q elements and a parameter a ∈ Fq,thevaluesof (i) the multivariate Dickson polynomials of the first kind, denoted De (x1,...,xk,a), i =1,...,k,wheree is any positive integer, are defined by the functional equations

(i) e e ∈ F De (x1,...,xk,a)=si(u1,...,uk+1),x1,...,xk q, where xi = si(u1,...,uk+1), si is the ith symmetric function in the indeterminates u1,...,uk+1 and

u1 ···uk+1 = a, see [11, Chapter 2.4]. Equivalently, u1,...,uk+1 are the zeros of the polynomial

r(Z)=r(Z, x1,...,xk,a) k+1 k+1 k k k+1 = Z − x1Z + ···+(−1) xkZ +(−1) a = (Z − ui) i=1

2010 Mathematics Subject Classiﬁcation. Primary 11P05, 11T06, 11T30. During the preparation of this paper, the ﬁrst author was supported in part by SNF Grant 133399 (Switzerland). The second author was supported in part by NSERC of Canada.

c 2012 American Mathematical Society 153

154 ALINA OSTAFE, DAVID THOMSON, AND ARNE WINTERHOF

e e in the indeterminate Z and u1,...,uk+1 are the zeros of

re(Z)=re(Z, x1,...,xk,a) k+1 − (1) k ··· = Z De (x1,...,xk,a)Z + − k (k) − k+1 e +( 1) De (x1,...,xk,a)Z +( 1) a k+1 − e = (Z ui ). i=1 In particular, if the polynomial r(Z) is irreducible, then the roots are the conjugates qi−1 ui = u , i =1,...,k+ 1, with a deﬁning element u of Fqk+1 = Fq(u), and the condition that k k+1 uuq ···uq = u(q −1)/(q−1) = a.

In general, the ui are in an extension ﬁeld Fqj of Fq with 1 ≤ j ≤ k if a =0, and 1 ≤ j ≤ k +1 if a = 0, respectively. Put =lcm(2,...,k)ifa =0and =lcm(2,...,k+1)ifa =0.Thenwehave (i) (i) ≡ − (1) De (x1,...,xk,a)=Df (x1,...,xk,a)ife f mod q 1. In this paper we will consider the Waring problem with the ﬁrst multivariate Dickson polynomials which have the values (1) e ··· e De (x1,...,xk,a)=u1 + + uk+1,xi = si(u1,...,uk+1), that is, the question of the existence and estimation of the smallest positive integer g = ga(e, k, q) such that the equation (1) ··· (1) ∈ F (2) De (x1,1,...,x1,k,a)+ + De (xg,1,...,xg,k,a)=c, xi,j q, (1) is solvable for any c ∈ Fq.Wecallga(e, k, q)theWaring number of De and put ga(e, k, q)=∞ if such g does not exist. By (1) we have − ga(e, k, q)=gae/d (d, k, q), where d =gcd(e, q 1). e/d More precisely, De(x1,...,xk,a)andDd(x1,...,xk,a ) have the same value sets e ··· e e/d d ··· e/d d e/d ··· e/d since on the one hand u1 + + uk+1 =(u1 ) + +(uk+1) and u1 uk+1 = ae/d, and on the other hand we have d = ex + q−1y for some integers x and y, q −1 d ··· d x e ··· x e x ··· x ui = 1, and thus u1 + + uk+1 =(u1 ) + +(uk+1) with u1 uk+1 = aex/d = a. Since we focus on the case a = 1 (but present the results for an arbitrary a whenever it is possible), we may assume from now on that (3) e | q − 1,e

(1) Note that for e = q −1thevaluesetofDe contains only the element k+1 and only g(k+1) is representable with exactly g summands. In this case, ga(q −1,k,q)=∞. We note that the Waring number associated to the shifted Dickson polynomial with values (1) De (x1,...,xk,a)+d for some d ∈ Fq is equal to ga(e, k, q). Indeed, if (2) has a solution for any c ∈ Fq and ﬁxed g,thensodoes (1) ··· (1) ∈ F De (x1,1,...,x1,k,a)+ + De (xg,1,...,xg,k,a)+dg = c ,xi,j q, where c = c + dg.

WARING PROBLEM WITH DICKSON POLYNOMIALS 155

The existence of ga(e, k, q) is guaranteed when q = p is a prime by the Cauchy- Davenport inequality

|A + B|≥min{|A| + |B|−1,p} for any A, B ⊆ Fp (1) (1) with B the value set of De and A = Aj the set of sums of j values of De . (1) Since the value set of De contains at least two elements by (3), we have either |Aj+1| > |Aj| or Aj+1 = Fp. For q = pm with a prime p and m>1, the existence was characterized for a =0andk = 1 in [1]andfora = k = 1 in [10]. By [1, Theorem G] we have q − 1 g (e, 1,q) < ∞ if and only if e for all t | m with t = m, 0 pt − 1 or equivalently the eth powers generate Fq over Fp and do not fall into a proper subﬁeld.

m k Lemma 1. [10, Theorem 2.1] Let q = p for a prime p and let m =20, where k is a nonnegative integer and 0 is odd. Then g1(e, 1,q) < ∞ if and only if at least one of the following two conditions is satisfied. q − 1 1. e for all t | m with t = m, pm/2 − 1 e if k ≥ 1, pt − 1 q − 1 and e if > 1. (2,p+1) 0 q +1 q +1 2. e, e for all t | m, t < m, m/t odd. (2,p+1) pt +1 We note that there is a typo in [10, Theorem 2.1] where the expression reads q +1 instead of q − 1 in the last line of 1. Moreover, there is a small gap in the proof which is filled in Theorem 10 of this paper, namely that ga(e, k, q) < ∞ if the value (1) set of De contains a basis of Fq. e In the univariate case for a =0wehaveDe(X, a)=X , which corresponds to the classical Waring problem in finite fields where recently quite substantial progress has been achieved, see [3, 4, 5, 6, 15]. A survey of earlier results can also be found in [14]. However, recently it has become apparent that the methods of arithmetic combinatorics provide a very powerful tool for the Waring problem and lead to results which are not accessible by other methods, see [4, 5]. In particular, we have, by [4, Corollary 7], 1/2 g0(e, 1,q) ≤ 8ife

ga(e, 1,q) ≤ 16 holds for ∈ F∗ − ≤ −3/2 − 1/2 1. any a q and gcd(e, q 1) 2 (q 2) ; F∗ ≤ −3/2 − 1/2 2. a that is a square in q and gcd(e, q +1) 2 (q 2) .

156 ALINA OSTAFE, DAVID THOMSON, AND ARNE WINTERHOF

Throughout this paper we use the following notation. Let m be a positive m integer, let p be a prime and let q = p .Thevaluesu1,...,uk+1 are in the algebraic closure of Fq (precisely, u1,...,uk+1 are in the splitting ﬁeld of the polynomial r(Z)), and −1 (4) xi = si(u1,...,uk,uk+1),uk+1 = a(u1 ···uk) , −1 yi = si(v1,...,vk,vk+1),vk+1 =(v1 ···vk) . Furthermore, for any j ∈ N we denote by j j−1 q −1 q q − Nmj (u)=uu ···u = u q 1 the Fqj norm over Fq and by q qj−1 Trj (u)=u + u + ···+ u the Fqj trace over Fq. In this paper we study the existence problem for g1(e, k, q), and get bounds on ga(e, k, q) by reducing the case of k ≥ 2 variables to the case of fewer variables. We also use the same techniques of additive combinatorics as in [13] to prove bounds on ga(e, k, q) and extend the range of nontrivial results. Our results become stronger with increasing k.

2. Preparations

Results on the value set. We consider the set E (1) qi = De (x1,...,xk, 1) : ui+1 = u1 ,i=0,...,k, (qk+1−1)/(q−1) ∈ F∗ Nmk+1(u1)=u1 =1,u1 qk+1 , where the xi are defined by (4). A simple remark is that E⊆Fq. Indeed, we have − (1) e eq ··· eqk 1 eqk e ∈ F (5) De (x1,...,xk, 1) = u1 + u1 + + u1 + u1 =Trk+1(u1) q. Lemma 3. Let E be defined as above. Then, (qk+1 − 1) #E≥ , dd0(q − 1) k−1 k k+1 where d = q +(q − 1)/(q − 1) and d0 =gcd(e, (q − 1)/(q − 1)). Proof. To estimate #E,wenoticethat − k (1) e eq ··· eqk 1 −e(q −1)/(q−1) De (x1,...,xk, 1) = u1 + u1 + + u1 + u1 k−1 k − − e e has degree d = q +(q 1)/(q 1) as a rational function in u1.Moreover,u1 k+1 (1) takes any value at most d0 =gcd(e, (q − 1)/(q − 1)) times. Hence, De takes k+1 any value at most dd0 times. Since there are (q − 1)/(q − 1) different u1 with Nmk+1(u1) = 1, the result follows. Moreover, the value sets of different Dickson polynomials can coincide.

−1 (1) Lemma 4. If ab is a (k+1)th power in Fq, the value sets of De (X1,...,Xk,a) (1) and De (X1,...,Xk,b) are the same and thus we have

ga(e, k, q)=gb(e, k, q).

WARING PROBLEM WITH DICKSON POLYNOMIALS 157

Proof. If ab−1 = ck+1,wehave (1) e ··· e De (x1,...,xk,a)=u1 + + uk+1 e −1 e −1 e = c ((c u1) + ···+(c uk+1) ) e = c De(y1,...,yk,b) −(k+1) −(k+1) for some y1,...,yk ∈ Fq since c u1 ···uk+1 = c a = b. Reduction from k variables to fewer variables. Theorem . ≤ 5 For 1 k0

g0(ek0 ,k0,q) g0(e, k, q) ≤ , k/k0

g1(ek0 ,k0,q) k+1 ga(e, k, q)=g1(e, k, q) ≤ if a = b (k +1)/(k0 +1) for some b ∈ F , and otherwise q

g1(ek0 ,k0,q) ga(e, k, q) ≤ . k/(k0 +1) Proof. We start with the case a =0,where (1) e ··· e De (x1,...,xk, 0) = u1 + + uk.

Since k0

Setting k0 = 1 in Theorem 5, together with the ﬁrst condition of Lemma 2, gives the following consequence. Corollary . ∈ F∗ − −3/2 − 1/2 6 Suppose a q and gcd(e, q 1) < 2 (q 2) or gcd(e, q+ 1) < 2−3/2(q − 2)1/2.Then, 16 g (e, k, q) ≤ if a = bk+1,k≥ 1, a (k +1)/2 and 16 g (e, k, q) ≤ if a = bk+1,k≥ 2. a k/2

158 ALINA OSTAFE, DAVID THOMSON, AND ARNE WINTERHOF

Set products and sums. We recall the following result of A. Glibichuk and M. Rudnev [9, Theorem 6]. Lemma 7. For any two sets A, B⊆F ,with#A#B > 2q we have ⎧ q ⎫ ⎨8 ⎬ ∈A ∈B F ⎩ aj bj : aj ,bj ,j=1,...,8⎭ = q. j=1 We will need the following extension of the Cauchy-Davenport inequality. Lemma 8. [12] Let B be a finite non-empty subset of an Abelian group G.Then the following conditions are equivalent: 1. For every finite non-empty subset A of G, |A+B| ≥ min(|A|+|B|−1, |G|). 2. For every finite subgroup H of G, |H + B| ≥ min(|H| + |B| − 1, |G|).

m Lemma 9. For q = p ,letB be a basis of Fq over Fp. For any subgroup H of Fq, |H + B| ≥ min(|H| + |B| − 1,q). j Proof. We may restrict ourselves to the case {0} = H = Fq.Put|H| = p with 1 ≤ j

3. Existence of g1(e, k, q)

In this section we give conditions on the existence of g1(e, k, q). Theorem . 10 For k0 =1,...,k +1 put k0 =lcm(2,...,k0 +1) and ek0 = 2 gcd(e, q k0 − 1). We have g1(e, k, q) < ∞ if either e1 = q − 1 and one of the two conditions of Lemma 1 with e1 instead of e is satisﬁed or there exists 2 ≤ k0 ≤ k+1 k0 − such that ek0 = q 1 and qk0 − 1 gcd(e(q − 1),qk0 − 1) for all t | k m with t

WARING PROBLEM WITH DICKSON POLYNOMIALS 159 must contain a basis B of Fq over Fp since the trace is linear and surjective, and the existence follows by Lemmas 8 and 9.

4. Estimates for ga(e, k, q) We prove the following estimates which follow from Theorem 5 and the same argument as in [13, Theorem 1] using Lemma 7. We also improve Corollary 6 in some cases.

Theorem 11. Let 1 ≤ k0 ≤ k be minimal such that 3 gcd e, (qk0+1 − 1)/(q − 1) ≤ √ q1/2. 8 2 F∗ If a is a (k +1)th power in q ,then 8(k0 +1) ga(e, k, q) ≤ (k +1)/(k0 +1) and otherwise if k>k0 +1, 8(k0 +1) ga(e, k, q) ≤ . k/(k0 +1) Proof. If a = bk+1, by Theorem 5 we may assume a =1. By Lemma 3 we see that 3 gcd(e, (qk0+1 − 1)/(q − 1)) ≤ √ q1/2 8 2 implies #E > 21/2q1/2 since k0+1 − √3 1/2 −1/2 q 1 q < 2 − . 8 2 (2qk0 − qk0 1 − 1)q1/2

Thus, by Lemma 7 applied with the sets A = B = E,weseethatforanyc ∈ Fq

∈ F k +1 there are uj ,vj q 0 with Nmk0+1(uj)=Nmk0+1(vj )=1,j =1,...,8such that 8 e e Tr(uj )Tr(vj )=c, j=1 by (5). Since

k0 e e e eqi Trk0+1(uj )Trk0+1(vj )= Trk0+1(uj vj ) i=0 again by (5), we get

g1(e, k0,q) ≤ 8(k0 +1) if gcd(e, (qk0+1 − 1)/(q − 1)) ≤ √3 q1/2. Theorem 5 completes the proof. Note that 8 2 we get the strongest bound if k0 is minimal.

160 ALINA OSTAFE, DAVID THOMSON, AND ARNE WINTERHOF

5. Final remarks We remark that, using [8, Theorem 6], [13, Theorem 2] and Theorem 5, one can obtain easily a generalisation of [13, Theorem 2] for multivariate Dickson polynomi- (1) 2/3 als De , which we do not present here. We note, however, if gcd(e, q−1) < 0.75q , from [13]weget 92160 g (e, k, q) ≤ . 1 (k +1)/2 For a = 0 a similar result as [13, Theorem 2] immediately follows from the character sum bound of Chang and Bourgain. More precisely, from [3, Theorem 1] 1−ε it follows that for any ε>0, if e ≤ q and g0(e, 1,q) exists, there is a constant c(ε) such that g0(e, k, q) ≤ c(ε). Furthermore, for a = 0 we easily get 8k0 g0(e, k, q) ≤ k/k0 if gcd(e, qk0 − 1)

References [1] M. Bhaskaran, ‘Sums of mth powers in algebraic and Abelian number fields’, Arch. Math., 17 (1966), 497–504. MR0204400 (34:4242) [2] A. Bodin, P. Dèbes and S. Najib, ‘Irreducibility of hypersurfaces’, Commun. Algebra, 37 (2009), 1884-1900. MR2530750 (2010d:12002) [3] J. Bourgain and M.-C. Chang, ‘A Gauss sum estimate in arbitrary finite fields’, C. R. Math. Acad. Sci. Paris, 342 (2006), 643–646. MR2225868 (2007c:11143) [4] J. Cipra, ‘Waring’s number in a finite field’, Integers, 9 (2009), 435–440. MR2592521 (2010m:11116) [5] J. Cipra, T. Cochrane and C. G. Pinner, ‘Heilbronn’s conjecture on Waring’s number mod p’, J. Number Theory, 125 (2007), 289–297. MR2332590 (2008d:11116) [6] T. Cochrane and C. Pinner, ‘Sum-product estimates applied to Waring’s problem mod p’, Integers, 8 (2008), A46, 1–18. MR2472064 (2009m:11163) [7] P. Deligne, ‘La conjecture de Weil I’, Publ. Math. IHES, 43 (1974), 273-307. MR0340258 (49:5013) [8] A. Glibichuk, ‘Sums of powers of subsets of arbitrary finite fields’, Izv. Ross. Akad. Nauk Ser. Mat. (in Russian), 75 (2011), 35–68; translation in Izvestiya. Mathematics, 75, 253– 285. MR2830242 (2012e:11016) [9] A. Glibichuk and M. Rudnev, ‘On additive properties of product sets in an arbitrary finite field’, J. d’Analyse Math., 108 (2009), 159–170. MR2544757 (2010i:11018)

WARING PROBLEM WITH DICKSON POLYNOMIALS 161

[10] D. Gomez and A. Winterhof, ‘Waring’s problem in finite fields with Dickson polynomials’, Finite Fields: Theory and applications, Contemp. Math., v.477, Amer. Math. Soc., 2010, 185–192. MR2648548 (2011j:11187) [11] R. Lidl, G. L. Mullen, and G. Turnwald, Dickson polynomials, Pitman Monographs and Surveys in Pure and Applied Math., Longman, London-Harlow-Essex, 1993. MR1237403 (94i:11097) [12] H.B. Mann, ‘An addition theorem for sets of elements of an abelian group’, Proc. Am. Math. Soc., 4 (1953), 423. MR0055334 (14:1058h) [13] A. Ostafe and I. E. Shparlinski, ‘On the Waring problem with Dickson polynomials in finite fields’, Proc. Amer. Math. Soc., 139 (2011), 3815–3820. MR2823028 (2012e:11202) [14] A. Winterhof, ‘On Waring’s problem in finite fields’, Acta Arith., 87 (1998), 171–177. MR1665204 (99k:11154) [15] A. Winterhof and C. van de Woestijne, ‘Exact solutions to Waring’s problem in finite fields’, Acta Arith., 141 (2010), 171–190. MR2579843 (2011a:11184)

Department of Computing, Macquarie University, Sydney NSW 2109, Australia E-mail address: [email protected] School of Mathematics and Statistics, Carleton University, 1125 Colonel By Dr., Ottawa ON, Canada, K1S 5B6 E-mail address: [email protected] Johann Radon Institute for Computational and Applied Mathematics, Austrian Academy of Sciences, Altenbergerstr. 69, A-4040 Linz, Austria E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11528

Polynomials modulo p and the theory of Galois sets

Michael Rosen

Abstract. This paper concerns reduction modulo p of integral polynomials. A variety of questions are raised and partially answered using classical density theorems. In the last section most of the results are generalized to the category of Galois sets, i.e. zero dimensional algebraic sets deﬁned over the rational numbers.

Introduction In this paper, we will address a number of interesting arithmetic questions about integral polynomials, i.e. elements of Z[x]. We also broaden the discussion to a larger category of objects called “Galois sets” (see Section 4). For each such polynomial, f(x), and prime number p, define Np(f)tobethe number of solutions of f(x) ≡ 0(modp). There are many interesting questions one can ask about the numbers Np(f). For example, how big is the set of primes p such that Np(f) = 0? For a discussion of this and other questions see the elegant paper of J.-P. Serre On a Theorem of Jordan [11]. In an other direction, suppose that f(x) is irreducible. One can ask whether there are infinitely many primes p so that f(x) remains irreducible modulo p.More generally, one can ask about the ways in which f(x) factors modulo p.Thetools which help answer all these questions come from Galois theory, analytic number theory, and group theory. The theory of permutation groups will play an especially large role. In 1880, L. Kronecker presented a paper to the Academy of Sciences in Berlin entitled Uber¨ die Irreductibilität von Gleichungen (On the Irreducibility of Equa- tions) [5]. At the beginning of his paper he enunciates, without proof, a version of the following theorem.

Theorem 1 (Kronecker). The average value of the numbers Np(f) is equal to the number of irreducible factors of f(x). More precisely, let m denote the number of irreducible factors of f(x).Then, −1 lim π(x) Np(f)=m. x→∞ p≤x Corollary 1. The polynomial f(x) is irreducible if and only if the average value of the Np(f) is 1.

2010 Mathematics Subject Classiﬁcation. 11C08, 11G05, 11R09, 12E05. Key words and phrases. Polynomials, reduction modulo p, density theorems, Galois sets.

c 2012 American Mathematical Society 163

164 MICHAEL ROSEN

Kronecker used an analytic definition for the average value of the numbers Np(f). The above formulation is more intuitive and is, in fact, somewhat stronger than the original. F.G. Frobenius was fascinated by this paper of Kronecker. It stimulated his most important work in number theory [3] which was first published in 1896 many years after he wrote it. Among other things, it contains the definition of the Frobe- nius automorphism and a proof of what we now call the Frobenius density theorem. His density theorem is a powerful tool for attacking problems of how integral polynomials factor modulo p. Frobenius also conjectured a stronger density theorem which he was unable to prove. A proof was obtained by N. Chebotarev in 1925 [2]. Chebotarev’s theorem is one of the most important results in the analytic theory of algebraic numbers. Moreover, the methods which Chebotarev used to prove his density theorem provided the key to Emil Artin’s proof of his famous reciprocity law [1] in 1927. Thus, Kronecker’s theorem started a chain of discoveries which laid the foundation for the modern theory of algebraic numbers. In Section 2 will use the Chebotarev density theorem to prove Kronecker’s result, and also give a function field version. It is interesting to note that Kronecker does not seem to have published a proof of Theorem 1. Nevertheless, Frobenius uses it to establish his density theorem. Conversely, the Frobenius density theorem implies Kronecker’s result. For more about this tangled tale see the forthcoming book on Frobenius’ mathematical work by Thomas Hawkins. In Section 3, we will give a fairly satisfactory answer to the question of when an irreducible integral polynomial f(x) is irreducible modulo p for infinitely many primes p.Iff(x) has prime degree, the answer to this question is always yes. If thedegreeoff(x)isnotprime,theanswerissometimesyesandsometimeno. We will give a group theoretic criterion for deciding which case holds and apply it successfully to a number of families of irreducible polynomials. Finally, in Section 4 we will sketch a generalization of the whole framework to “Galois Sets” and apply the theory to points of finite order on an elliptic curve. In a subject as old as the one considered in this paper, it is difficult to say with confidence that this or that result is new. However, it might be useful to point out what in this partly expository paper appears to be new. To begin with, there does not seem to be a published proof of Kronecker’s theorem, Theorem 1. In [11], Serre says it follows readily from Chebotarev’s density theorem, which indeed it does. We felt it is useful to spell out the details. Moreover, there is apparently no discussion in the literature of Kronecker’s theorem as it applies to the function field case, so Theorem 7 is probably new. Secondly, Theorem 8 and, especially, Theorem 9 are new, as are some of the examples which follow Theorem 9. In lectures, J. P. Serre has discussed algebraic varieties over the rational numbers, and generalizations of Kronecker’s theorem. Galois sets are just zero dimensional algebraic varieties defined over Q, so parts of Section 4 of this paper have appeared in lectures, if not in print. However, Theorems 12, 13, and 14, also seem to be new.

1. Background We begin by reviewing some deﬁnitions and some classical results which will be needed.

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 165

If n is a positive integer, a partition of n is a t-tuple of positive integers, ≤ t d =(d1,d2,...,dt), such that for all i, di di+1,and i=1 di = n.Parti- tions will arise in two ways in what follows; factoring of polynomials as a product of irreducibles, and factoring permutations as a product of disjoint cycles. Let f(x) ∈ Z[x] be a monic polynomial of degree n without repeated roots. Set f(x)=f1(x)f2(x) ···ft(x) be its factorization into a product of monic irreducibles. Set di =degfi(x). We can suppose di ≤ di+1 for all i. Then, d =(d1,d2,...,dt)is a partition of n.Next,ifπ ∈ Sn is a permutation on n letters, let π = C1C2 ...Ct be the decomposition of π as a product of t disjoint cycles. Let di equal the length of Ci and arrange things so that di ≤ di+1 for all i. Then, d =(d1,d2,...,dt)is also a partition of n. Our next task is to connect factoring of polynomials with permutations via Galois theory. Let f(x) ∈ Z[x] be a monic irreducible polynomial with roots R = {α1,α2,...αn} in some extension field (C,say).SetK = Q(α1)andL = Q(α1,...,αn). The extension L/Q is Galois. Let G denote the Galois group of L/Q. G is called the Galois group of f(x). Let H be the Galois group of L/K. We have Q ⊆ K ⊆ L and H ⊆ G. It is, of course, possible that H =(e)sothat L = K. In general though, H is a proper subgroup of G. The notations introduced in this paragraph will be used from now on. The elements of G permute the roots of f(x) transitively and we get a homomorphism ρ : G → Sn as follows. If σ ∈ G,letσ(αi)=απ(i).Thenρ is defined to be the map which takes σ to π. This is easily seen to be a homomorphism. In fact, ρ is a monomorphism since if σ is in the kernel, it leaves all the roots of f(x) fixed and thus leaves L fixed, i.e. σ = e, the identity element of G.Thus,ρ(G)is a transitive subgroup of Sn with order divisible by n. The latter fact follows from #ρ(G)=#G =[L : Q] which is divisible by [K : Q]=n. We introduce some terminology which will be needed for the statement of Theo- rem 2, an important result of Frobenius on the factorization of polynomials modulo ¯ ¯ ¯ ¯ p. Suppose f(x) modulo p is equal to f1(x)f2(x) ...ft(x), where fi(x)isirreducible in Z/pZ[x]ofdegreedi. Then, d =(d1,d2,...,dt) is a partition of n called the decomposition type of f(x)atp.Ifπ ∈ Sn, then the partition d associated to the decomposition of π as a product of disjoint cycles will be called the cycle pattern of π. We are following the terminology of the paper [6] which is a very interesting exposition of the history and content of the Chebotarev density theorem. Finally, we recall the definition of the natural density δ(S)ofasetS of prime numbers. #{p ∈ S | p ≤ x} δ(S) = lim . x→∞ π(x) Of course, this limit need not exist. The natural density of S is said to be defined if and only if the limit does exist. All the sets of prime numbers we encounter in this paper do have a natural density (which we refer to as “density” from now on). The following theorem is a consequence of an even more general density theorem of Frobenius which we will discuss later. Let Δf denote the discriminant of f(x).

Theorem 2(Frobenius). Let f(x) ∈ Z[x] be a monic irreducible polynomial of degree n.Letd =(d1,d2,...,dt) be a partition of n,andletS be the set of primes p not dividing Δf for which f(x) modulo p has decomposition type d. Then, δ(S) is equal to 1/#G times the number of σ ∈ G such that ρ(σ) has cycle pattern d.

166 MICHAEL ROSEN

It is interesting to see what the consequences of Theorem 2 are for the extreme cases when d consists of all ones and when d consists of the single entry n. When d consists of all ones, there is one and only one automorphism σ with this cycle pattern, namely e, the identity. Thus, we have Corollary 2. The set of primes p at which f(x) modulo p is a product of linear factors has density 1/g where g =#G. It is clear from the definitions that f(x) modulo p is irreducible if and only if its decomposition pattern is d =(n). Thus Theorem 4 implies Corollary 3. The set of primes p where f(x) modulo p is irreducible has positive density if and only if there is a σ ∈ G such that ρ(σ) is an n-cycle. It is conceivable that the set of primes defined in Corollary 3 is infinite, but with density zero. However, this doesn’t happen. If there is no σ such that ρ(σ)is an n-cycle, then f(x) decomposes modulo p for all p. This will be explained shortly. Let’s briefly recall the definition of the Frobenius automorphism and a few of its properties. Suppose that L/Q is a Galois extension with group G.IfP ⊂OL is a prime ideal over a prime p ∈ Z,setFP = OL/P , the residue class field at P ,andf(P/p)=[FP : Fp]. The group D(P )={σ ∈ G | σP = P } is called the decomposition group of P . There is a natural map from D(P ) → Gal(FP /Fp) which is onto and has trivial kernel when P/p is unramified. For unramified P we have an isomorphism λ : D(P ) → Gal(FP /Fp)givenbyλ(σ)(x + P )=σ(x)+P for all x ∈OL. It will be useful to denote the image of α ∈OK in FP byα ¯.Also, ¯ f(x) will stand for “f(x) modulo P ”. With this convention, R¯ = {α¯1, α¯2,...,α¯n} ¯ ¯ is the set of roots of f(x)inFP . Since Δf is not divisible by p,therootsoff(x) are distinct and so R and R¯ have the same number of elements. As is well known, the Galois group Gal(FP /Fp)iscyclicoforderf(P/p), and p is generated by the automorphism φp : x → x . In the unramified case, there is a unique automorphism Frob(P ) ∈ D(P ) such that λ(Frob(P )) = φp.This automorphism is called the Frobenius automorphism at P . The order of Frob(P ) is clearly f(P/p). The Frobenius automorphism is characterized by the congruence p Frob(P )(ω) ≡ ω (mod P ) for all ω ∈OL. With the above definitions and notations, we are in a position to prove the following simple, but important, lemmas. Lemma 1. Suppose P is a prime of L unramified over p,aprimeofQ.The cycle pattern of Frob(P ) acting on R, the roots of f(x), is the same as the cycle ¯ pattern of φp acting on R¯, the roots of f(x). Proof. Set π equal to the permutation associated to the action of Frob(P )on R. By definition, Frob(P )(αi)=απ(i). For any σ ∈ D(P )andx ∈OL,wehave λ(σ)(¯x)=σ(x). Apply this to x = αi and σ =Frob(P ). We get λ(Frob(P ))(¯αi)= Frob(P )(αi)=¯απ(i).Sinceλ(Frob(P )) = φp, we find φp(¯αi)=¯απ(i).Thus, Frob(P ) acting on R gives rise to the same permutation, π,asφp acting on R¯.This proves the Lemma.

Lemma 2. With the above assumptions and notations, the cycle pattern of φp acting on R¯ is the same as the decomposition type of f¯(x).

Proof. Since φp generates Gal(FP /Fp) this is standard. The point is that there is a one to one correspondence between the orbits of φp and the irreducible

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 167 factors of f¯(x). Each orbit consists of the roots of an irreducible polynomial in Z/pZ[x]. Also, the length of an orbit is equal to the size of the corresponding cycle of φp considered as a permutation of R¯. We leave the details to the reader.

It is now possible to strengthen Theorem 2. Recall that S is the set of rational primes p such that p does not divide Δf and the decomposition type of f(x) modulo p is a ﬁxed decomposition type d =(d1,d2,...,dt). If there is no σ ∈ G such that ρ(σ) has cycle pattern d,thenδ(S) = 0 but it might be possible that S is non-empty. In fact, this can’t happen for the following reason. Chose any p ∈ S (assuming S is non-empty) and P aprimeaboveitinL. P is unramiﬁed because, as is easily seen, the discriminant of L/Q divides Δf and is thus not divisible by p. Then, by Lemmas 1 and 2, the cycle pattern of Frob(P ) acting on R is equal to the cycle ¯ pattern of φp acting on R¯ which is equal to the decomposition type of f(x), namely d.Thus,Frob(P ) ∈ G is an element of G with cycle pattern d, contradicting the assumption that there no such group element. It follows that either S is empty, or it has a positive density given by Frobenius’ theorem. Summing up,

Theorem 3. Let f(x) ∈ Z[x] be a monic irreducible polynomial of degree n.Let d =(d1,d2,...,dt) be a partition of n,andletS be the set of primes not dividing Δf at which f(x) has decomposition type d. Then, S is either empty or of positive density equal to 1/#G times the number of σ ∈ G such that ρ(σ) has cyclic pattern d.

The next order of business is to state the Chebotarev density theorem. For this we need to associate to each rational prime p which is unramiﬁed in L a conjugacy class of the Galois group G.LetP and P be two primes of L lying above p.How are Frob(P )andFrob(P ) related? It is a standard fact that there is a τ ∈ G such that P = τP and a simple calculation shows Frob(τP)=τFrob(P )τ −1. It follows that the set (p, L/Q):={Frob(P ) | P ⊂OL above p} is a conjugacy class in G. The conjugacy class, (p, L/Q), is sometime called the Artin class associated with p.

Theorem 4 (The Chebotarev Density Theorem). Let L/Q be a Galois extension with Galois group G.LetC ⊂ G be a conjugacy class, and S the set of rational primes p which are unramified in L,andforwhich(p, L/Q)=C.Then,S has a natural density given by #C δ(S)= . #G This is a deep result whose proof is given in most advanced books on algebraic number theory. Usually, these proofs use class field theory, but Chebotarev’s own proof [2] does not. A rather full sketch of Chebotarev’s proof is given in [6]. We will not give the proof here, but will base some of our later deductions on this very important result. Let G be a finite group. let us call two elements a and b in G quasi-conjugate if the cyclic groups they generate are conjugate. Equivalently, a and b are quasi- conjugate if there is a σ ∈ G and an integer m relatively prime to the order of a such that σaσ−1 = bm. This is easily checked to be an equivalence relationship. Also, it is not hard to see that if two elements of Sn are quasi-equivalent, then they have the same cycle pattern. The Frobenius density theorem is identical to Theorem 4 with the word “conjugate” replaced by “quasi-conjugate”.

168 MICHAEL ROSEN

Theorem 5 (The Frobenius Density Theorem). Let L/Q be a Galois extension with Galois group G.LetC ⊂ G be a quasi-conjugacy class, and S the set of rational primes which are unramified in L and for which (p, L/Q) ⊂ C.Then,S has a natural density given by #C δ(S)= . #G As mentioned earlier, Frobenius conjectured Theorem 4, but was unable to prove it. Nevertheless, one can show that his weaker version is sufficient to prove Theorem 1 and Theorem 2. For later purposes, we want to give a reformulation of Theorem 4. Let F : G → C be a class function, i.e. F (τ −1στ)=F (τ) for all σ, τ ∈ G. Suppose p is unramified in L and that P is any prime in L above p. Define F (p)= F (Frob(P )). Since F is a class function, this definition is independent of the choice of P above p. Theorem 6. Let L/Q be a Galois extension with group G. As usual denote by π(x) the number of primes p ≤ x.Then, lim π(x)−1 F (p)=#G−1 F (σ) . x→∞ p≤x σ∈G Proof. Let F denote the set of complex valued class functions on G.Thisis a finite dimensional vector space over C generated by the characteristic functions of the conjugacy classes. Since both sides of the equality are linear in F , it suffices to prove the Theorem when F =ΦC , the characteristic function of the conjugacy class C. In this case, the left hand side, before taking the limit, is the number of p ≤ x such that (p, L/Q)=C divided by π(x). The right hand side is simply #C/#G. Thus, in this case, the equality of the two sides is just the assertion of the Chebotarev density theorem, Theorem 4.

2. A Proof of Kronecker’s Average value Theorem In this part, we will give a proof of the Kronecker average value theorem, Theorem 1, and also state an analogue in the function field case. We will need the following Lemma about groups acting on sets which due to W. Burnside. Lemma 3. Let G be a finite group G acting on a finite set S.Forσ ∈ G define ψ(σ) to be the number of fixed points of σ. The number of orbits of this action is given by #G−1 ψ(σ) . σ∈G Proof. (Sketch) By breaking up S into orbits, we see it is sufficient to consider the case where the action is transitive and to prove, in that case, that the sum in the Lemma is 1. Let T be the set of pairs (σ, s)whereσ ∈ G, s ∈ S,andσs = s. Consider the projection on the first coordinate from T to G. Adding up the number of points in the fibers yields #T = σ∈G ψ(σ). Consider the projection on the second factor from T to S. The fibers consist of the isotropy groups of the points of S.Since the action is transitive these all have the same size and the sum of the number of

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 169 elements in the ﬁbers is #T =#H#S =#G,whereH is any one of the isotropy groups. The Lemma follows.

We note that ψ(σ) is a class function on G.Infact,ifF ⊆ S is the fixed point set of σ,thenτF is the fixed point set of τστ−1. Proof of Theorem 1 To prove the theorem, it suffices to consider the case where f(x) ∈ Z[x] is irreducible. To see this, suppose f(x)=f1(x)f2(x) is a proper factorization. Then, for any prime p, the definitions show that Np(f)=Np(f1)+Np(f2). From this it is clear that if we can prove the theorem for f1(x)andf2(x) it will follow for f(x). Thus we are reduced to proving that if f(x) is irreducible, the sum on the left and side of Theorem 1 is equal to 1. Assume now that f(x) is irreducible. From Lemmas 1 and 2 of the last section, we can conclude that the number of linear factors of f(x) modulo p is equal to the number of fixed points of Frob(P ) acting on R,thesetofrootsoff(x). Here, P is any prime lying above p in L.Thus,Np(f)=ψ(Frob(P )) = ψ(p). Since ψ is a class function, the last equality follows from the definition given before Theorem 6. Invoking that theorem we find −1 −1 −1 lim π(x) Np(f) = lim π(x) ψ(p)=#G ψ(σ) . x→∞ x→∞ p≤x p≤x σ∈G If f(x) is irreducible, the Galois group acts transitively on the roots. Thus, by Burnside’s lemma, Lemma 3, the last sum is equal to 1. Kronecker’s theorem is proved! As an exercise, the reader may want to show that the Frobenius density theorem can be used in the proof, so that it is not necessary to invoke the full strength of Chebotarev’s theorem. There is an appealing function field version of Kronecker’s average value theorem. Before giving the statement, we will need to set the notation and give some new definitions. Let F be a finite field with q elements, and Fn be the unique subfield inside an algebraic closure of F with qn elements. Let A = F[t]bethe polynomial ring in one variable over F and k = F(t), the quotient field of A.In function field arithmetic, A is analogous to Z and k is analogous to Q. n n−1 Let f(t, x)=x +a1(t)x +···+an(t) ∈ A[x] be a monic polynomial of degree n with coefficients in A. We will assume that f(t, x) is a separable polynomial, i.e. it has no repeated roots in the algebraic closure of k.SinceA[x]isaUFD,wecan speak of the number of irreducible factors of f(t, x)consideredasapolynomialin x.Letm be that number. Finally, for each α ∈ Fn,letNα(f)bethenumberof linear factors of f(α, x)consideredasanelementofFn[x]. Then Theorem . 7 −n lim q Nα(f)=m. n→∞ α∈Fn We will not prove this theorem here. The proof follows the proof of Theorem 1 rather closely, except that in the case of function fields the Chebotarev density theorem concerns averages over all primes of a fixed degree rather than all primes of bounded degree. See, for example, Theorem 9.13B of [8].

170 MICHAEL ROSEN

3. Irreducibility of Polynomials Modulo p In this part we take up a problem mentioned in the introduction. If f(x) ∈ Z[x] is irreducible, do there exist infinitely many primes p such that f(x) modulo p is irreducible? Let’s call this question, Question A. If f(x) is of prime degree, the answer to Question A is always yes. and, in fact, the set of primes for which f(x) modulo p is irreducible has a positive density which we will determine. If the degree of f(x) is not prime, the answer to the question is sometime yes and sometimes no. We will give a criterion which involves the Galois group of G and a certain subgroup. The criterion is quite effective so that we are able to determine the answer completly for several families of examples. First, we consider the case where the degree of f(x), n, is a prime number. Lemma 4. Let n be a prime number and let G be a finite group of order exactly divisible by n.LetT be an n-Sylow subgroup of G and N(T ) the normalizer of T in G.Then, #{σ ∈ G | σ of order n} n − 1 = . #G #N(T ) Proof. By hypothesis every n-Sylow subgroup has order n. Any two distinct n-Sylow subgroups have trivial intersection. Since the number of n-Sylow subgroups is [G : N(T )], the number of elements in G of order n is [G : N(T )](n − 1). The Lemma follows from this. The following result give a satisfactory answer to question A when the degree of f(x)isaprime. Theorem 8. Let f(x) ∈ Z[x] be a monic irreducible polynomial of prime degree n.LetSf be the set of primes p for which f(x)(modp) is irreducible. Then, Sf has positive density. In fact, δ(Sf )=k/n where k is a divisior of n − 1. Every divisor of n − 1 occurs in this fashion for some f(x). In all cases, Sf is infinite.

Proof. By Theorem 2, the density of Sf is the number of σ ∈ G such that ρ(σ)isann-cycle divided by #G. We claim that ρ(σ)isann-cycle if and only if σ has order n. If ρ(σ)inann-cycle, it has order n.Butthen,σ has order n since ρ is one to one. Conversely, if σ has order n then ρ(σ) has order n. Suppose ρ(σ) is not an n-cycle and let (d1,d2,...,dt) be its cycle pattern. We must have di

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 171

ρ(N(T ) ⊆ N(ρ(T )) which shows, since ρ is one to one, that #N(T ) has order dividing n(n − 1). So, #N(T )=nm with m dividing n − 1. By Theorem 4 and Lemma 4 we ﬁnd

n − 1 n − 1 k δ(S )= = = , f #N(T ) nm n where k =(n − 1)/m. This finishes the first part of the proof. To show that every divisor k of n − 1 occurs in this way, consider the group of affine mappings x → ax¯ + ¯b wherea ¯ is taken from the unique subgroup of (Z/nZ)∗ of order k =(n − 1)/k. This subgroup of the group of affine mappings is a solvable group, so by a classical theorem of Shafarevich, it occurs as a Galois group G of a Galois extension L/Q. The dilations x → ax¯ form a subgroup H ⊂ G of order k. Let K be the fixed field of H and α ∈ K a primitive element. Thus, K = Q(α)and [K : Q]=n.Letf(x) be the minimal polynomial for α over Q. The translations inside G form a normal subgroup of order n. Call this group T .SinceT is an n-Sylow subgroup, and N(T )=G, Lemma 4 shows n − 1 n − 1 k δ(S )= = = . f #N(T ) nk n The proof of Theorem 8 is now complete.

The question now becomes what happens when n, the degree of f(x), is not a prime. To ﬁx ideas, we review the assumptions and the notation we have been using. We assume f(x) is irreducible and that α is a root (in C say). Let α = α1 and let {α1,α2,...,αn} be the complete set of roots. Let K = Q(α)andL = K(α1,α2,...,αn). The L is the splitting ﬁeld of f(x)overQ.LetG be the Galois group of L over Q and H the Galois group of L over K. We will say that H has a cyclic complement in G if there is a cyclic subgroup C of G such that G = HC and H ∩ C =(e). The group C, if it exists, must have order n. The following theorem gives a fairly satisfactory answer to Question A in the general case.

Theorem 9. With the above notations and assumptions, let Sf denote the set of primes p in Z such that f(x) modulo p is irreducible. Then Sf has positive density if and only if H has a cyclic complement in G.IfSf does not have positive density, it is empty. Proof. Suppose that H has a cyclic complement C in G.Letσ be a generator of C. We claim that ρ(σ)isann-cycle. By Theorem 2, this will show that the i density of Sf is positive. Let i be the smallest positive integer such that σ (α1)=α1. By the deﬁnition of H, σi ∈ H.SinceC ∩ H =(e), it follows that i = n, i.e. that ρ(σ)isann-cycle. Now, suppose that there is a σ in G such that ρ(σ)isann-cycle. Then, σ has order n.LetC be the group it generates. We claim that C is a cyclic complement for H. We ﬁrst show that H ∩ C =(e). Let i be the smallest positive integer such i i that σ ∈ H.Wehaveσ (α1)=α1 so ρ(σ) contains a cycle of length i.Sinceρ(σ) is an n-cycle, this shows that i = n and so C ∩ H =(e). It follows that the number of elements in HC is #G,andsoHC = G. The last assertion of the theorem follows, as we have seen before, from a property of the Frobenius automorphism. See the discussion just prior to Theorem 3.

172 MICHAEL ROSEN

To conclude this section, we present an number of examples of the usefulness of the criterion given by Theorem 9. Let G be a finite group and H a subgroup of −1 index n such that τ∈G τ Hτ =(e). Suppose that G occurs as the Galois group of some Galois extension L/Q.LetK bethefixedfieldofH.Notethat[K : Q]=n. Let α ∈ K be a primitive element over Q,andf(x) ∈ Q[x] the minimal polynomial for α. It is then a simple matter to show that L is the splitting field of f(x)whose behavior modulo p is governed by the pair H ⊂ G.

Examples. 1. Suppose G is abelian. Then, L = K and H =(e). Abelian groups always ∼ occur as Galois groups, so let L/Q be such that Gal(L/Q) = G. H has a cyclic complement if and only if G is cyclic. Thus Sf is non-empty with positive density if and only if G is cyclic. This also follows from properties of the Frobenius element. If G is cyclic of order n,wehaveδ(Sf )=φ(n)/n. As speciﬁc examples, we choose the cyclotomic extensions of Q.LetΦd(x) be the cyclotomic polynomial which is the minimal polynomial of ζd, a primitive ∗ d’th root of unity. The Galois group of Q(ζd)isisomorphicto(Z/dZ) .Gauss showed that this group is cyclic if and only if d =1, 2, an odd prime power pt, t or twice an odd prime power 2p .Ifd is not one of these four types, Φd(x)is reducible modulo p for all primes p.

2. Suppose G = Dn, the dihedral group of order 2n generated by {a, b} with the relations a2 = e, bn = e, aba−1 = b−1.LetH be the subgroup generated by a. Then, deg f(x)=[K : Q]=n.SinceH has a cyclic complement, the subgroup generated by b, it follows that Sf has positive density. In fact the density is φ(n)/2n as can be seen by combining Theorem 2 with the proof of Theorem 8. 1 3. Suppose G = Sn and H = Sn, the subgroup of permutations leaving 1 fixed. Here again, deg f(x)=n =[K : Q]. In this case we can use Theorem 4 directly. There are (n − 1)! n-cycles, so δ(Sf )=(n − 1)!/n!=1/n. Hilbert showed that there are infinitely many non-isomorphic examples of Galois extensions of Q having Sn as Galois group. 1 4. Suppose G = An, the alternating group on n letters and H = An the subgroup consisting of even permutations which leave 1 fixed. Once again,

deg f(x)=[K : Q]=n.

However, there is a surprise. If n is odd, there is a cyclic complement to H given by the subgroups generated by an n-cycle. Since n is odd, n-cycles are in An. On the other hand, if n is even, n-cycles are not in An.Thus,Sf is empty if n is even and has positive density 2/n if n is odd. It is interesting to note that A10 has elements of order 10, even though the answer to Question A is negative. For example σ = (12345)(67)(89) ∈ A10 is of order 10. I would like to thank the referee for supplying this example. My original “example” was in error. Once again, it was Hilbert who showed that there are inﬁnitely many Galois extensions of Q having An as Galois group. 5. In 1969, A.M. Macbeath published a paper establishing the fact that the projective general linear group PGL2(Z/nZ) with n a positive integer, occurs as a Galois group over Q inﬁnitely often. His construction is based on properties of

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 173

the classical modular function j(τ). The modular polynomial of level n is defined to be the polynomial φn(x, y) of least degree such that φn(j(nτ),j(τ)) = 0. He shows that this polynomial has coefficients in Q and that the Galois group of φn(x, y), as a polynomial over Q(y), is PGL2(Z/nZ). By the Hilbert irreducibility theorem, there are infinitely many rational numbers r such that φn(x, r) ∈ Q[x] is irreducible over Q and has the same Galois group as φn(x, y) over Q(y). The degree of these polynomials is given by the function ψ(n)=n (1 + p−1) . p|n One can ask Question A about these polynomials. When n = ,aprime, thedegreeofφ(x, r)is + 1 and it is possible to show the answer to Question A is yes. To invoke Theorem 9, one has to determine a subgroup H which fixes a root and find a cyclic complement to H. We will not work this out here, but a similar analysis in an easier case is worked out in the discussion leading up to the proof of Theorem 10 in the next section.

4. The Theory of Galois Sets In this section, we widen our perspective by applying the ideas we have been discussing to the category of Galois sets. Let Ω be an algebraic closure of Q and set, as usual, GQ equal to the Galois group of Ω over Q. Definition 1. Let V be a projective variety defined over Q. A Galois set will be a finite subset R of V (Ω) which is invariant under the action of GQ, i.e. for all σ ∈ GQ, σR = R. It is not hard to show that R is a Galois set if and only if it is a zero dimensional algebraic set defined over Q. In other words, it is a finite subset of Pn(Ω) which is the simultaneous zero set of a collection of homogeneous polynomials with coefficients in Q. We begin by noting a few examples. Let f(x) ∈ Q[x]and{α1,α2,...,αn} its set of roots. Then, the set of points {[αi, 1] | i =1, 2,...,n} on the projective line form a Galois set. This has been the topic of the first three sections of this article. Let f(x, y, z),g(x, y, z) ∈ Q[x, y, z] be homogeneous polynomials of degree n 2 and m respectively. These define curves Cf and Cg in P . In general, the intersection Cf (Ω) ∩ Cg(Ω) is a finite set with nm elements if multiplicity is taken into account (Bézout’s theorem). If the intersection set is finite, it is a Galois set. These first two examples are special cases of zero dimensional algebraic sets defined over Q. Let A be an abelian variety defined over Q and n a positive integer. The set A[n]ofpointsonA with order dividing n is a Galois set with n2d elements. It is, in fact, a group which is abstractly isomorphic to Z/nZ ⊕···⊕Z/nZ,thesumtaken 2d times. Let V be a projective variety defined over Q and L/Q a finite dimensional Galois extension. Then, V (L) is invariant under GQ. It will be a Galois set if it is finite. By Falting’s theorem (formerly Mordell’s conjecture), this happens whenever V is a curve, defined over Q, of genus 2 or greater. These examples should suffice to show that Galois sets are abundant and interesting. What are the natural mappings between such sets?

174 MICHAEL ROSEN

Let S and T be Galois sets. A morphism from S to T is a set mapping φ : S → T for which φ(σx)=σφ(x) for all σ ∈ GQ and all x ∈ T . An isomorphism is a morphism which is one to one and onto. We say a Galois set is irreducible if and only if it cannot be written as the disjoint union of two non-empty Galois subsets. One can show that R is irreducible iff the action of GQ is transitive. Moreover, every Galois set is uniquely the disjoint union of irreducible subsets. This decomposition is, in fact, the decomposition of R into orbits under the action of GQ. This decomposition is the analogue of the decomposition of a polynomial as a product of irreducible polynomials. Just as a polynomial has a splitting field and a corresponding Galois group, every Galois set R has an analogous field and group. Suppose R has n elements, so that R = {r1,r2,...,rn}. The definition of a Galois set gives rise to a homomorphism ρ from GQ to Sn as follows. If σ ∈ GQ we have σ(ri)=rπ(i) where π ∈ Sn. We set ρ(σ)=π.LetN be the kernel of this map. Then, GQ/N is a finite group which we will denote by GR and call it the Galois group of R. The induced map from G to S is one to one. We continue to call this map ρ.LetL be the fixed R n R ∼ field of N. It is a finite dimensional Galois extension of Q and Gal(LR/Q) = GR. In the following, we identify GR with the Galois group of LR/Q. Another way to get to GR is as follows. By taking a projective embedding of V into some PN , we can assign projective coordinates to each of the points in R.AdjointoQ the ratio of these coordinates for each of the points in R.The resulting field is a Galois extension of Q. Indeed, it is LR, as defined above, and GR =Gal(LR/Q) Suppose R is an irreducible Galois set and r is an element of R.LetHr ⊆ GR be the isotropy group of r, i.e. Hr = {σ ∈ GS | σr = r}. Define Kr to be the fixed field of Hr.Ifs ∈ R,thenHr is conjugate to Hs,andKr is isomoprhic to Ks over Q. This setup, Q ⊆ Kr ⊆ LR and Hr ⊆ GR is perfectly analogous to taking an irreducible polynomial f(x) ∈ Q[x], adjoining one root to get K and adjoining all the roots to get L. So we are almost ready to restate the problems considered in Section 1 though 3 in the context of Galois sets. We need one more notion, that of reduction modulo a prime. The classic paper on this subject was written by Shimura [12]. Nowadays the subject is usually approach via scheme theory. We will be content with a very naive approach. Let p be a rational prime and K/Q an algebraic number field. Let P be a prime of K lying over p and OP ⊂ K the corresponding discrete valuation ring. The prime P can be identified with the maximal ideal of OP .SetOP /P = FP .We want a map N N redP : P (K) → P (FP ) . N Let [a0,a1,...,aN ] be a representative of a point of P (K). One of the coordinates, ai say, will have the largest valuation at P . Divide each coordinate by ai. The resulting N + 1 - tuple will have a 1 at the i’th place and all the rest of the coordinates will be in OP . Now reduce each of these coordinates modulo P N and one gets a point in P (FP ). It is a simple matter to check that this result is independent of all choices and produces the desired map redP . There are three important properties of redP which we will need. 1. Suppose L/Q is Galois, and that P is a prime of L lying above p. Suppose σ ∈ D(P ), the decomposition group at P (see the discussion in Section 1 after N Corollary 3). If x ∈ P (L), setx ¯ =redP (x). We have redP (σx)=¯σ(¯x). This is

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 175

clear from the definitions. It follows that if P is unramified and Frob(P )isthe Frobenius automorphism, then redP (Frob(P )x)=φp(¯x), where φp is the map → p p p [a0,a1,...,an] [a0,a1,...,an]. 2. Continuing with the notation used in 1), let P be another prime of L lying above p. Then, there is a natural isomorphismτ ¯ : FP → FP which extends to an N N isomorphism, which we continue to callτ ¯,fromP (FP )toP (FP ). Moreover, τ¯ commutes with φp which can be thought of as belonging to both Gal(FP /Fp) and Gal(FP /Fp). To prove this one begins by choosing an automorphism τ ∈ Gal(L/Q) such that τP = P . Further details are easily supplied. N 3. Suppose that xi ∈ P (K)for1≤ i ≤ m and xi = xj for i = j. Then for all but finitely many primes P of K we have redP (xi) =red P (xj )fori = j.Inother words, for all but finitely many primes P , the reduction map is one to one on a fixed finite set. If we can show this for two points, a simple induction will complete the proof. N So, let x1 and x2 be two distinct points in P (K). By scaling, we can suppose the coordinates of both points are algebraic integers, x =[a0,a1,...,aN ]and y =[b0,b1,...,bN ]. Since the points are not equal, there exist indices i and j such that aibj − aj bi =0.If P is any prime not containing this integer we see redP (x1) =red P (x2). We are now in a position to find analogues of the problems we considered in the first three Sections. Let R be a Galois set with n elements. What shall we define to be its decomposition type modulo p,wherep is a rational prime? We may assume N that R ⊂ P (LR) for a suitable N. Since, by definition, R is finite, we know from property 3) above that for all but finitely many primes P of LR the reduction map, redP , restricted to R is one to one. Let’s only consider such primes from now on. Suppose P is such a prime and that it lies above the rational prime p.Denoteby ¯ ⊂ PN F ¯ R the set redP (R) ( P ). By Property 1) above, R is a Galois set for GFp .In particular, it is mapped into itself by φp. The partition of n corresponding to the orbit structure of R¯ under the action of φp will be called the decompostion type of R modulo p. To see that this is the “right” definition, look again at Lemma 2 of Section 1. Define Np(R) to be the number of fixed points of φp acting on R¯. Another way to say this is that Np(R) is the number of points in the intersection N R¯ ∩ P (Fp). Finally, we say that R is irreducible modulo p if Gal(FP /Fp)acts transitively on R¯.Inotherwords,φp acting on R¯ has only one orbit, R¯ itself. In giving the above definitions, it may seem that they depend on the choice of aprimeP of LR lying over p. However, if P is another prime of LR lying above p, one can use Property 2) to show that the decomposition type of R modulo p, Np(R), and irreducibility modulo p, depend only on p and not on whether one works with redP or redP . We can now generalize many of the results about polynomials modulo p to the context of Galois sets. In particular, Theorems 1, 2, and 9. Here they are:

Theorem 10. Let R be a Galois set. The average of the numbers Np(R) is equal to the number of orbits of R under the action of GQ. More precisely, let m denote the number of orbits. Then, −1 lim π(x) Np(R)=m. x→∞ p≤x

176 MICHAEL ROSEN

This is clearly a generalization of Kronecker’s average value theorem. Next we have, Theorem 11. Let R be an irreducible Galois set with n elements. Let d = (d1,d2,...,dt) be a partition of n,andletS be the set of rational primes where the reduction type of R modulo p is d.Then,δ(S) is equal to 1/#GR times the number of σ ∈ GR such that ρ(σ) has cycle pattern d. This is clearly a generalization of the theorem of Frobenius on the decomposition type of f(x) modulo p. Finally, how do we treat Question A in the context of Galois sets?

Theorem 12. Let R be an irreducible Galois set, and Hr ⊂ GR the isotropy group of an element r ∈ R.LetSR be the set of primes with the property that R modulo p is irreducible. Then, SR has positive density if and only if Hr has a cyclic complement in GR.IfSR does not have positive density, it is empty. For emphasis, we remind the reader that in all three theorems we only consider primes p which have a prime P above p in LR such that redP is one to one on R. This is true with at most finitely many exceptions. The proofs of all three results follow closely the proofs which we have given in the special case of polynomials modulo p. As before, the main tool is the Chebotarev density theorem or the corresponding theorem of Frobenius. We leave the details of the proofs aside in favor of giving an interesting application of these definitions and results to torsion points on elliptic curves. Let E be an elliptic curve defined over Q having no complex multiplication. Let be a prime and let E[] denote the set of points on E of order dividing . Algebraically, we have ∼ E[] = F ⊕ F .

Clearly, E[] is a Galois set. The Galois group, G =Gal(Q(E[])/Q)actson E[]. By picking a basis for E[] as a vector space over F we get a monomorphism

λ : G → GL2(F) .

By an important theorem of J-P Serre (see [9]), the map λ is an isomorphism for all but finitely many primes . Let’s fix a prime for which λ is an isomorphism. The points of E[]are represented column vectors and the action of GL2(F) is represented by left multiplication. Let a point of E[] correspond to the unit column vector with first entry 1 and second entry 0. The isotropy group of this point is all matrices such that ab 1 1 = . cd 0 0 Thus, the isotropy group is the set of all matrices 1 b H = 0 d ∈ F ∈ F∗ − where b and d . This group has order ( 1). The index of this group 2 in GL2(F)is − 1. So, if our isotropy group is to have a cyclic complement, the complement must be a cyclic subgroup of order 2 − 1. There is a natural candidate, the non-split Cartan subgroup. To describe it, let E be a quadratic field

POLYNOMIALS MODULO p AND THE THEORY OF GALOIS SETS 177

∗ extension of F and let {α, β} be a basis for E/F.Forγ ∈ E write γα = aα + cβ and γβ = bα + dβ.Themap ab γ → cd ∗ is an monomorphism from E into GL2(F). Call this image C. This is the non-split Cartan subgroup. It is well deﬁned up to conjugacy. We claim that it is a cyclic complement to H. Since it is cyclic and has the right order, all that we need to prove is that C ∩ H =(I), where I is the identity matrix. 2 Since the order of C, − 1, is prime to the characteristic of F, C is diag- onalizable. The characteristic polynomial of each member of C satisﬁes a monic quadratic polynomial ove F. It follows that if A ∈ C, the eigenvalues of A are of the form ζ and ζ,whereζ is a 2 −1 root of unity. In particular, if one eigenvalue is 1, then both eigenvalues are 1. Since all the elements of H have 1 as an eigenvalue, it follow that H ∩ C =(I) as desired. Thus, Theorem 13. Let E be an elliptic curve over Q,andE[] the torsion points on E with order dividing . Assume that the Galois group of E[] is isomorphic to GL2(F) (if E has no complex multiplication, this is true almost always by Serre’s theorem). Then, a) E[] − (0) modulo p is irreducible for a set of primes p with positive density. b) The average value of the numbers Np(E[]) is 2. Proof. It is clear from the hypothesis that the Galois group acts transiively on the non-zero elements of E[]. Thus, E[] − (0) is irreducible. We have shown that H, the isotropic group of an element, has a cyclic complement. So, part a) follows from Theorem 12. Part b) of the theorem follows from Theorem 10 upon observing that E[]has two orbits; the points of order and the point 0.

Of course, it is natural to ask what happens when E is an elliptic curve over Q which has complex multiplication? We sketch the answer in this case. Suppose the ring of complex multiplications for E is O, the full ring of algebraic integers in a complex, quadratic field k. It is most convenient to work over k as the base field. In all our previous work, we assumed Q was the base field, but the theory works equally well for any algebraic number field as base. It is necessary to modify a number of the definitions. In most cases the necessary modifications are straightforward. Instead of Galois set, we will speak of a k-Galois set as a finite subset of PN (Ω) which is invariant under Gk, the Galois group of Ω over k. The advantage of doing this in the present case is that for every rational prime ,thesetE[] is a module over O. In fact, in the present situation, E[] is isomorphic to O/O as an O module. In this case, Gal(k(E[])/k)imbedsinto(O/O)∗.Infact,if does not divide the conductor of E/Q, this imbedding is an isomorphism. I am indebted to Ken Ribet for this observation. For a proof, he refers to the classic paper of J. Coates and A. Wiles, “On a conjecture of Birch and Swinnerton-Dyer”. Assuming is not a divisor of the conductor of E,weseethattheorbitstructureofE[] under the action of Gal(k(E[])/k) the same as the orbit structure of O/O under the action of (O/O)∗. The answer depends on whether remains prime in O or splits in O. If remains prime, there are two orbits, (O/O)∗ and 0. If splits, one can check quickly that there are four orbits. Thus,

178 MICHAEL ROSEN

Theorem 14. Assume E/Q is an elliptic curve with complex multipication by the ring of integers O in a complex, quadratic number ﬁeld k.Let be a rational prime that does not divide the conductor of E. Consider E[] as a k-Galois set. Then, a) If remains prime in O, E[] − (0) is irreducible as a k-Galois set, and remains irreducible modulo P for a set of prime ideals P of positive density. The average value of the numbers NP (E[]) is 2. b) If splits in O, the number of orbits of E[] under the action of Gal(k(E[])/k) is 4 so that the average value of the numbers NP (E[]) is 4. Proof. For the ﬁrst part of a) observe that the Galois group Gal(k(E[])/k) is isomorphic to (O/O)∗ which is cyclic when remains prime in O. Now apply Theorem 12. For the second part of both a) and b), one invokes Theorem 10.

References [1] E. Artin. Beweis des allgemeinen Reziprozitätsgesetzes. Abhandlungen Hamburg, 5:353–363, 1927. [2]N.G.Chebotarëv. Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, welche zu einer gegebenen Substitutionsklasse gehören. Math. Ann., 95:191–228, 1925. [3] F. G. Frobenius. Uber¨ Beziehungen zwischen den Primidealen eines algebraischen Körpers und den Substitutionen seiner Gruppe. Berl. Ber., 689-703 , 1896. [4] R. Guralnick, M. M. Schacher, and J. Sonn. Irreducible polynomials which are locally reducible everywhere. Proc. Amer. Math. Soc., 133(11):3171–3177, 2005. MR2160178 (2006g:11228) [5] L. Kronecker. Ueber die Irreductibilität von Gleichungen. Berl. Monatsber. 1880., pages 155– 162, 1880. [6] H. W. Lenstra, Jr. and P. Stevenhagen. Chebotarëv and his density theorem. Math. Intelli- gencer, 18(2):26–37, 1996. MR1395088 (97e:11144) [7] A. M. Macbeath. Extensions of the rationals with Galois group PGL(2,Zn). Bull. London Math. Soc., 1:332–338, 1969. MR0258801 (41:3447) [8] M. Rosen. Number theory in function fields, volume 210 of Graduate Texts in Mathematics. Springer-Verlag, New York, 2002. MR1876657 (2003d:11171) [9] J.-P. Serre. Propriétés galoisiennes des points d’ordre fini des courbes elliptiques. Invent. Math., 15(4):259–331, 1972. MR0387283 (52:8126) [10] J.-P. Serre. A course in arithmetic. Springer-Verlag, New York, 1973. Translated from the French, Graduate Texts in Mathematics, No. 7. MR0344216 (49:8956) [11] J.-P. Serre. On a theorem of Jordan. Bull.Amer.Math.Soc.(N.S.), 40(4):429–440 (electronic), 2003. MR1997347 (2004f:11040) [12] G. Shimura. Reduction of algebraic varieties with respect to a discrete valuation of the basic field. Amer.J.Math., 77:134–176, 1955. MR0066687 (16:616d)

Mathematics Department, Box 1917, Brown University, Providence, Rhode Island 02912 E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11529

Additive decompositions induced by multiplicative characters over ﬁnite ﬁelds

Davide Schipani and Michele Elia

Abstract. In 1952, Perron showed that quadratic residues in a field of prime order satisfy certain additive properties. This result has been generalized in different directions, and our contribution is to provide a further generalization concerning multiplicative quadratic and cubic characters over any finite field. In particular, recalling that a character partitions the multiplicative group of the field into cosets with respect to its kernel, we will derive the number of representations of an element as a sum of two elements belonging to two given cosets. These numbers are then related to the equations satisfied by the polynomial characteristic functions of the cosets. Further, we show a connection, a quasi-duality, with the problem of determining how many elements can be added to each element of a subset of a coset in such a way as to obtain elements still belonging to a subset of a coset.

1. Introduction

Back in 1952, Perron [7] proved that every quadratic residue in Fp, with p an odd prime, can be written as the sum of two quadratic residues in exactly p+1 − p+1 4 1 ways, and as the sum of two quadratic non-residues in exactly 4 ways, a symmetric statement also holding for quadratic non-residues. Winterhof [11] generalized this result, proving that if xj is a nonzero element in a finite field Fq, χ a nontrivial multiplicative character of order n and ω aprimitive ··· q−1 − n-th root of unity, then σ0 +1 = σ1 = = σn−1 = n ,whereσi, i =0,...,n 1, i stands for the number of field elements x such that χ(x)¯χ(x + xj )=ω . A generalization in a different direction was provided by Monico and Elia [4, 5]: they proved that the only partition of the field satisfying the additive properties found by Perron is that of quadratic residues and non-residues, providing a sort of converse and a way to define residues additively; moreover, they generalized Perron’s result for any multiplicative character defined over a prime field. Lastly, in his dissertation [8] Raymond showed how to generalize the case of the quadratic character to any finite field. We provide here further generalizations considering quadratic and cubic characters over any finite field. Section 2 provides notations and preliminaries for the rest of the paper. In Section 3 we derive expressions for the number of (ordered)

2010 Mathematics Subject Classiﬁcation. Primary 12Y05, 12E20, 12E30. The Research was supported in part by the Swiss National Science Foundation under grant No.132256.

c 2012 American Mathematical Society 179

180 DAVIDE SCHIPANI AND MICHELE ELIA representations of an element as a sum of two elements belonging to two given cosets of the character partition. Furthermore, these expressions are shown to be related to the equations satisﬁed by the polynomial characteristic functions of the cosets. In Section 4 we point out a sort of duality relationship with another problem, and mention how the two problems are involved in polynomial factorization.

2. Preliminaries Throughout the paper we will deal with multiplicative characters, which are supposed to be non-trivial. m−1 Let Fpm , p an odd prime, be a finite field with polynomial basis {1,η,...,η } where η is a root of an irreducible polynomial of degree m over Fp, and let B0 be the B F∗ set of squares (excluding 0) and 1 the complementary set in pm .Thequadratic F∗ character is a mapping from pm into the complex numbers defined as h h χ2(α θ)=(−1) ,θ∈B0,h=0, 1 , F∗ where α is a primitive element in pm . Furthermore, we set χ2(0) = 0. We can define an indicator function of the sets Bj using the quadratic character, namely, for every γ =0, ' − j 1+( 1) χ2(γ) 1ifγ ∈Bj IB (γ)= = j =0, 1 . j 2 0otherwise m−1 Also, writing γ = γ0 + γ1η + ···+ γm−1η , a polynomial characteristic function that identifies the set B canbedefinedas j γ fBj (X)= IBj (γ)X , ∈F∗ γ pm γ γ0 γ1 ··· γm−1 where X is a short notation standing for the monomial x0 x1 xm−1 .Note that this notation allows us to formally write γ δ γ+δ X X = X mod IX , p − p − Q where IX = (x1 1),...,(xm 1) is an ideal in [X]. It is immediate to see that, if Φp(x)isthep-th cyclotomic polynomial, m−1 γ (2.1) fB0 (X)+fB1 (X)+1= X +1= Φp(xi) . ∈F∗ γ pm i=0 In the following we will indicate the last product with the notation Φ(X).

In the case of cubic characters, non-trivial characters exist only if p is 2 with even exponent m,orp is an odd prime congruent to 1 modulo 6, or p is an odd prime congruent to 5 modulo 6 with even exponent m. Let us write any nonzero element of the field as αk+3n, with k ∈{0, 1, 2} and A { 3i pm−1 − } α a primitive element: we define 0 = α : i =0,..., 3 1 , that is the F∗ A A A 2A subgroup of the cubic powers in pm , and let 1 = α 0 and 2 = α 0 be the two cosets that complete the coset partition of the set of nonzero elements of Fpm . Similarly to the case of the quadratic character, we define an indicator function of the sets Aj using a cubic character, that is a mapping of the type h h χ3(α θ)=ω ,θ∈A0,h=0, 1, 2 , with ω a primitive cubic root of unity in C (and χ3(0) = 0 by definition).

ADDITIVE DECOMPOSITIONS INDUCED BY MULTIPLICATIVE CHARACTERS 181

The indicator function, for every x =0,isthen ' 2j j 1+ω χ3(x)+ω χ¯3(x) 1ifx ∈Aj IA (x)= = j =0, 1, 2 , j 3 0otherwise (where the bar denotes complex conjugation), and a characteristic function that identifies the set Aj can be defined in the same way as above: γ fAj (X)= IAj (γ)X ,j=0, 1, 2 . ∈F∗ γ pm Again it is immediate to see that γ (2.2) fA0 (X)+fA1 (X)+fA2 (X)+1= X +1=Φ(X) . ∈F∗ γ pm Remark 1. It is worthwhile to note that the use of the indicator functions provides a sort of bridge between our problems about the sums of residues and the classical problem of counting the number of solutions of certain diagonal equations over finite fields [1, 3]. The special diagonal equations we refer to are equations of k k ··· k the form a1x1 + a2x2 + + anxn = α,wherea1,a2,...,an,αare fixed elements of a finite field Fq, the exponents k is a positive integer, and the unknowns x1,...xn may assume any value in the same field. A difference between the two problems is evident when the exponent k is a factor of q−1, for example counting the number of solutions (x, y)ofx3 + y3 = α with q − 1 divisible by 3, is not the same as counting the number of representations of a given element α as a sum of cubic residues, that is counting the number of solutions of the equation x + y = α where x and y are constrained to be cubic residues. The count of the number of solutions of diagonal equations includes all x’s whose power xk has the same value, while the sum of k-th residues does not consider this multiplicity, and also excludes the zero value. Therefore, the two problems are clearly related, but a considerable effort is needed to obtain the solution of one of them from the solution of the other.

3. Results

To count the number of representations of a β = 0 in the field Fpm as the sum of an element in Bj andanelementinBi (i not necessarily different from j), it suffices to compute 1+(−1)j χ (z) 1+(−1)iχ (β − z) (3.1) 2 2 2 2 z=0 ,β Analogously, when we have a cubic character, to count the number of representations of a β = 0 in the field Fpm as the sum of an element in Aj and an element in Ai (i not necessarily different from j), it suffices to compute 1+ω2j χ (z)+ωj χ¯ (z) 1+ω2iχ (β − z)+ωiχ¯ (β − z) (3.2) 3 3 3 3 . 3 3 z=0 ,β We summarize the conclusions in the next three theorems. Theorem . (2) 3.1 The number of representations Rpm (β,i,j) of a β =0in the field Fpm , p an odd prime, as the sum of an element in Bj and an element in Bi is

(2) 1 m i j i+j (3.3) R m (β,i,j)= p − 2 − χ (β)(−1) − χ (β)(−1) − (−1) χ (−1) , p 4 2 2 2

182 DAVIDE SCHIPANI AND MICHELE ELIA and depends only on the quadratic residuacity of β.

Proof. The proof is immediate from (3.1), since, for any nontrivial character χ, χ(x)=0and χ(x)¯χ(x + γ)=−1([1, 6, 9, 11]). x∈Fpm x∈Fpm Remark 2. From (3.3) the desired values can be easily read, depending on m whether β is in B0 or B1 and whether p is congruent to 1 or 3 modulo 4 (which determines χ2(−1) by the properties of the Jacobi symbol and the quadratic reciprocity law); in particular, we can also read the values for which i = j, that are not usually explicitly included in the literature; in this case equation (3.3) becomes 1 (3.4) (pm − 2+χ (−1)) . 4 2 Theorem . (3) 3.2 The number of representations Rpm (β,i,j) of a β =0in the ﬁeld Fpm as the sum of an element in Aj and an element in Ai is

(3) 1 m (3.5) R m (β,i,j)= (p − 2 − K − K¯ ) p 9 with K = χ (β)(ω2i + ω2j )+ω2i+j − ω2i+2j χ¯ (β)J(χ ,χ ), 3 3 3 3 J(χ ,χ ) being a Jacobi sum ( χ (c )χ (c )), and depends only on the 3 3 c1+c2=1 3 1 3 2 cubic residuacity of β. Proof. Expanding equation (3.2), using ∈F χ3(x)¯χ3(x + γ)=−1and x pm χ (x) = 0, and given that χ (−1) = 1, we get x∈Fpm 3 3 1 m − − 2i 2j − 9 [p 2 χ3(β)(ω + ω ) i j 2i+j i+2j 2i+2j i+j χ¯3(β)(ω + ω ) − (ω + ω )+ω A(β)+ω A¯(β)], − where A(β)= x∈F m χ3(x)χ3(β x); this summation can be manipulated as p χ (x)χ (β − x)=χ (β2) χ (β−1x)χ (1 − β−1x) x∈Fpm 3 3 3 x∈Fpm 3 3 =¯χ(β)A(1) =χ ¯(β)J(χ3,χ3), whence the conclusion follows. Remark 3. The last expression can be further simpliﬁed taking into account that J(χ3,χ3) can be computed [3, Th. 5.21] with the Gauss sums of cubic characters (cf. also [10, 9]), as 2 Gm(1,χ3) J(χ3,χ3)= . Gm(1, χ¯3) In particular, if p =2, m/2 χ3(x)χ3(x +1)=J(χ3,χ3)=Gm(1,χ3)=−(−2) .

x∈F2m Theorem . ≡ (2) p−1 3.3 If p 1 mod 4,thenRpm (0,i,j) is 2 for i = j or 0 if i = j; ≡ (2) p−1 (3) p−1 if p 3 mod 4,thenRpm (0,i,j) is 2 for i = j or 0 if i = j. Rpm (0,i,j) is 3 for i = j or 0 if i = j. Proof. The proof is immediate, taking into account that an element α is in the same coset as −α exactly when χ2(−1) = 1 (resp. χ3(−1) = 1).

ADDITIVE DECOMPOSITIONS INDUCED BY MULTIPLICATIVE CHARACTERS 183

Working with the characteristic functions, the counterpart of the above theorems would be to multiply fBi (X)andfBj (X)(orfAi (X)andfAj (X)) modulo IX, and then read the coefficients in the output, which involves exactly the same computations as above. But there is more: the characteristic functions fBi (X)and fAj (X) satisfy equations of second and third degree, respectively, whose coefficients are intrinsically related to the number of representations of the field elements as sums of elements with given quadratic or cubic residuacity. Theorem . 3.4 The characteristic functions fB0 (X) and fB1 (X) are roots of a quadratic equation 2 (3.6) y − σ1y + σ2 =0modIX in the residue ring of multivariate polynomials Z[X]/IX. The sum and the product of the roots (polynomials) are ' σ1 = −1+Φ(X)modIX − 1 m − − − m − − σ2 = 4 [p χ2( 1) 1 Φ(X)(p 2+χ2( 1))] mod IX . Proof. Throughout the proof all the multivariate polynomials should be in- tended modulo the ideal IX. The coefficient σ1 is directly obtained from equation (2.1), that is γ − σ1 = fB0 (X)+fB1 (X)= (IB0 (γ)+IB1 (γ))X = 1+Φ(X) . ∈F∗ γ pm (2) The coefficient σ2 is computed using the symbols Rpm (β,i,j) as follows. Starting from γ+κ σ2 = fB0 (X)fB1 (X)= IB0 (γ)IB1 (κ)X , ∈F∗ ∈F∗ γ pm κ pm and observing that exchanging the summation indices (variables) leaves the result invariant, we may consider the symmetric summation 1 γ+κ σ2 = [IB0 (γ)IB1 (κ)+IB0 (κ)IB1 (γ)] X . 2 ∈F∗ ∈F∗ γ pm κ pm With the index substitution κ = β − γ and after some manipulation, we may write m − − − p 1 1 χ2( 1) 1 β (2) (2) σ2 = + X Rpm (β,0, 1) + Rpm (β,1, 0) . 2 2 2 ∈F∗ β pm (2) (2) In conclusion, since Rpm (β,0, 1) = Rpm (β,1, 0) does not depend on β,weobtain m p − 1 1 − χ2(−1) (2) σ = + R m (β,0, 1)(Φ(X) − 1) , 2 2 2 p and, using (3.4), we finally obtain 1 σ = − [pmχ (−1) − 1 − Φ(X)(pm − 2+χ (−1))] . 2 4 2 2 Theorem . 3.5 The characteristic functions fA0 (X), fA1 (X),andfA2 (X) are roots of a cubic equation 3 2 (3.7) y − σ1y + σ2y − σ3 =0 modIX ,

184 DAVIDE SCHIPANI AND MICHELE ELIA where the elementary symmetric polynomials, considered modulo I ,are ⎧ X ⎨ σ1 =Φ(X) − 1 σ = 1 (pm − 1)(Φ(X) − 1) ⎩ 2 3 3 4 1 − 3 − ¯ m − σ3 = 27 (Φ(X) 1) +(3 3Φ(X)+J(χ3,χ3)+J(χ3,χ3))(p Φ(X)) . Proof. Throughout the proof all the multivariate polynomials should be in- tended modulo the ideal I . The coeﬃcient σ is easily computed as X 1 γ − fA0 (X)+fA1 (X)+fA2 (X)= (IA0 (γ)+IA1 (γ)+IA2 (γ))X = 1+Φ(X) , ∈F∗ γ pm because IA0 (γ)+IA1 (γ)+IA2 (γ) = 1 and equation (2.1) is used. The elementary symmetric function σ2 is the sum

fA0 (X)fA1 (X)+fA1 (X)fA2 (X)+fA2 (X)fA0 (X) , then we need to compute the summation γ+θ σ2 = (IA0 (γ)IA1 (θ)+IA1 (γ)IA2 (θ)+IA2 (γ)IA0 (θ))X . ∈F∗ ∈F∗ γ pm η pm Using (3.5), we get 1 1 σ = − (pm − 1) + (pm − 1)Φ(X) . 2 3 3

Lastly, the elementary symmetric function σ3 = fA0 (X)fA1 (X)fA2 (X)isgivenby the summation γ+θ+κ σ3 = IA0 (γ)IA1 (θ)IA2 (κ)X . ∈F∗ ∈F∗ ∈F∗ γ pm θ pm κ pm Expanding the product of the indicator functions and performing the summations, most of the 27 sums are canceled, and it remains to compute the following: 1 γ+θ+κ (1 − 3χ3(γ)¯χ3(θ)+χ3(γ)χ3(θ)χ3(κ)+¯χ3(γ)¯χ3(θ)¯χ3(κ)) X . 27 ∈F∗ γ,θ,κ q To complete the task we then need to compute three summations, which after some manipulations turn out to be: (1) Xγ+θ+κ =(Φ(X) − 1)3 ; γ∈F∗ θ∈F∗ κ∈F∗ pm pm pm γ+θ+κ m (2) χ3(γ)¯χ3(θ)X (Φ(X) − 1)(p − Φ(X)) . ∈F∗ ∈F∗ ∈F∗ γ pm θ pm κ pm (3) γ+θ+κ m χ3(γ)χ3(θ)χ3(κ)X = A(1)(p − Φ(X)), ∗ γ,θ,κ∈F m p where as above A(1) = χ (x)χ (1 − x)=J(χ ,χ ). x∈Fpm 3 3 3 3 In conclusion, collecting the results, we obtain for σ3 the following expression: 1 (Φ(X) − 1)3 −3(Φ(X) − 1)(pm − Φ(X))+[J(χ ,χ )+J¯(χ ,χ )](pm − Φ(X)) 27 3 3 3 3

ADDITIVE DECOMPOSITIONS INDUCED BY MULTIPLICATIVE CHARACTERS 185

Remark 4. Note that J(χ3,χ3)+J¯(χ3,χ3) is always an integer, being twice the sum of real parts of cubic roots of unity. Remark 5. Even though its derivation involved handling products of three characters, the expression of σ3 only involves the Jacobi sum A(1), i.e. fundamentally only the number of representations as the sum of two elements of two given cosets.

4. Connections with other problems In this section we point out a sort of duality relationship with the following problem. Suppose that we have t elements of a finite field Fpm all belonging to one of the cosets determined by the character partition. We would like to know how many βs there are in the field such that, adding β to all the t elements, we get t elements (n) still belonging to a common coset. If the character has order n,weletNpm (t)be the number of βs; i.e. it is the number of solutions β of a system of t equations in Fpm of the form ⎧ j n k n ⎪ α z1 + β = α y1 ⎨⎪ j n k n α z2 + β = α y2 (4.1) . ⎪ . ⎩⎪ . j n k n α zt + β = α yt j n j n ··· j n where α z1 ,α z2 , ,α zt are given and distinct, α being a primitive element, whereas the elements yis must be chosen in the field to satisfy the system, and the n values {0, 1,...,n− 1} for k and j are all considered. However, we may assume j = 0, since dividing each equation by αj , and setting β = βα−j and k = k − j mod n, we see that the number of solutions of the system is independent of j. An explicit solution when the character is quadratic or cubic can be obtained, again by means of the indicator functions. For example, if we have a cubic character F 3 F over 2m , given a zi we can partition the elements β = zi in 2m into subsets ∈{ } 3 k depending on the k 0, 1, 2 such that χ(β + zi )=ω . Therefore, a solution of (4.1) for a fixed k and j = 0 is singled out by the product

t t 3 1 (k) IA (β + z )= [1 + σ ] , k i 3t i i=1 i=1

(k) where each σi is a homogeneous sum of monomials which are products of i char- 3 3 (3) acters of the form χ(β + zh)or¯χ(β + zh). Thus N2m (t)is # $ t t t (3) 3 3 3 (4.2) N2m (t)= IA0 (β + zi )+ IA1 (β + zi )+ IA2 (β + zi ) . ∈F β 2m i=1 i=1 i=1 ∈{ 3} β zi

3 3 The zi are excluded from the sum, since zi + zi = 0 does not belong to any coset. In [2], which deals with this problem to analyse the success rate of the Cantor- Zassenhaus polynomial factorization algorithm, we computed exactly some of the above expressions for small values of t, and gave bounds for more general cases. In

186 DAVIDE SCHIPANI AND MICHELE ELIA particular, we found that ' 1 m m/2 − (3) 9 (2 +2 2) for m/2even 1+ max N m (3) = 2 1 m m/2+1 z1=z2=z3 9 (2 +2 +1)form/2odd and ⎧ ⎨ 1 m − 4 (p 1) for p =4k +1 (2) 1 m 1+ max N m (3) = (p +1)forp =4k +3,modd . p ⎩ 4 z1=z2=z3 1 m − 4 (p 1) for p =4k +3,meven (n) Recalling that Rpm (β,i,j), n =2, 3, denotes the number of representations of a β = 0 in a finite field Fpm as the sum of two element belonging to two cosets indexed by i and j in the partition given by a character of order n, we find the remarkable identities: (3) (3) max R2m (β,i,j)=1+ max N2m (3) i,j,β z1= z2= z3 and (2) (2) max Rpm (β,i,j)=1+ max Npm (3) . i,j,β z1= z2= z3 In [2] this quasi-duality had the following interesting interpretation: the maximum t such that it is still possible to fail to split a polynomial of degree t with two attempts is equal to the maximum number of attempts to split a polynomial of degree 3.

References 1. B.C. Berndt, R.J. Evans, K.S. Williams, Gauss and Jacobi Sums, Wiley, 1998. MR1625181 (99d:11092) 2. M. Elia, D. Schipani, Improvements on the Cantor-Zassenhaus Factorization Algorithm, arXiv:math.NT/1012.5322, 2011. 3. R. Lidl, H. Niederreiter, Finite Fields, Cambridge Univ. Press, 1997. MR1429394 (97i:11115) 4. C. Monico, M. Elia, Note on an Additive Characterization of Quadratic Residues Modulo p, J.Comb.Inf.Syst.Sci., 31, 2006, pp.209-215. MR2351719 (2008g:11004) F∗ 5. C. Monico, M. Elia, An Additive Characterization of Fibers of Characters on p, Int. J. Algebra, 4(3), 2010, pp.109-117. MR2577460 (2011b:11007) 6. R.E.A.C. Paley, On orthogonal matrices, J. Math. Phys., 12, 1933, pp.311-320. 7. O. Perron, Bemerkungen uber die Verteilung der quadratischen Reste, Math. Z., Vol. 56, 1952, pp.122-130. MR0051246 (14:450b) 8. D. Raymond, An Additive Characterization of Quadratic Residues, Master Degree thesis, Texas Tech University (Lubbock), 2009. 9. D. Schipani, M. Elia, Gauss Sums of the Cubic Character over F2m : an elementary derivation, Bull. Polish Acad. Sci. Math., 59(1), 2011, pp.11-18. MR2810967 (2012d:11240) 10. D. Schipani, M. Elia, Gauss sums of cubic characters over GF (pr), p odd, Bull. Polish Acad. Sci. Math., 60(1), 2012, pp.1-19. 11. A. Winterhof, On the Distribution of Powers in Finite Fields, Finite Fields Appl., 4, 1998, pp.43-54. MR1612072 (99b:11136)

University of Zurich, Switzerland E-mail address: [email protected] Politecnico di Torino, Italy E-mail address: [email protected]

Contemporary Mathematics Volume 579, 2012 http://dx.doi.org/10.1090/conm/579/11530

Graphs associated with the map x → x + x−1 in ﬁnite ﬁelds of characteristic two

S. Ugolini

Abstract. In this paper we study the structure of the graphs associated with the iterations of the map x → x + x−1 over ﬁnite ﬁelds of characteristic two. Formulas are given for the length of the cycles and the depth of the trees relying upon the structure of the group of the rational points of Koblitz curves and the congruences of Kloosterman sums modulo powers of 2.

1. Introduction The map which sends x to x + x−1 in a finite field (with a point ∞ added to it) plays a role in various investigations. The so-called Q-transform depends on it, as it takes a polynomial f of degree n to the self-reciprocal polynomial f Q(x)=xnf(x+x−1)ofdegree2n (see [4]). Also, the possible correlation between the multiplicative orders of x and x + x−1 was studied in [9]. Iteration of maps on finite fields are also important. For example, Pollard’s integer factoring algorithm is based on the iteration of a quadratic map x → x2 + c (mod N), where c =0 , −2 is a randomly-chosen constant and N is the integer to be factored. See [10] for one of several studies on iterations of maps of this form in a finite field. Our work focuses on iterations of the map ϑ : x → x + x−1 on the projective 1 line P (F2n )=F2n ∪{∞},whereF2n is a finite field of characteristic 2. A directed 1 graph on P (F2n )isassociatedwiththemapϑ in an obvious way. Each connected component consists of a cycle and directed binary trees entering the cycle at various points. Experimental evidence has shown that such graphs present remarkable sym- metries. In fact, it turns out that the map ϑ is closely related to the duplication map on a certain elliptic curve, the Koblitz curve Kob0 defined by the equation 2 3 y + xy = x +1 over F2. Using this fact we give a precise description of the structure of such graphs, including the length of the cycles and the depth of the trees. After the submission of the present paper we discovered a doctoral thesis [6] regarding the discrete dynamics over finite fields. In Sections 3.2-3.7 of his doctoral thesis the author concentrates on the same map ϑ, which he calls f, observing that f can be covered by the dynamics of a certain isogeny, which he calls g,onthe Koblitz curve Kob0, which in his paper is called E. In Section 3.4 he describes the

2010 Mathematics Subject Classiﬁcation. 37P55.

c 2012 American Mathematical Society 187

188 S. UGOLINI group structure of the set of rational points E(F2n )overF2n and then, in Sections 3.5-3.6, the cycles and the trees given by the action of the isogeny g over E(F2n )are studied. The last Section, 3.7, deals with the iterations of f over the set F2n ∪{∞}. The author deduces the properties of the length of the cycles and of the height of the trees associated with the iterations of the map f over F2n ∪{∞}by the action of the isogeny g over E(F22n ). 1 While the author of [6] and us use the same connection between ϑ over P (F2n ) and the isogeny over the Koblitz curve, in our paper we rely on a diﬀerent approach in proving the depth of the trees. In particular, in the forthcoming Section “Prelim- inaries” we prove a result about congruences of Kloosterman sums modulo powers of two, which we later use in the description of the depth of the trees. Such a result is a generalization of a previous result furnished by Carlitz in [1]. In [6] there is no mention of Kloosterman sums. Moreover, in our paper we partition the elements 1 ∈ ∗ of P (F2n )intwosets,An and Bn. The membership of an element α F2n to −1 An or Bn depends upon the values of the absolute traces of α and α .Inthe fourth Section of this paper, where the structure of the graphs is studied in detail, such a distinction plays a crucial role in the study of the depth of the trees. While in [6] the depth of the trees is described in detail, the author does not make a ∗ distinction based on the absolute traces of the elements of F2n . In addition in the fourth Section of the present work we give an enumeration formula for the number of cycles associated with the map ϑ (see Lemma 4.2).

2. Preliminaries n 1 For a fixed positive integer n let F2n be the field with 2 elements and P (F2n )= 1 F2n ∪{∞}the projective line over F2n . We define a map ϑ over P (F2n )insuch away: ' ∞ if α =0or∞ ϑ(α)= α + α−1 otherwise.

We can associate a graph with the map ϑ over the ﬁeld F2n in a natural way. The 1 1 vertices of the graph are labelled by the elements of P (F2n ). If α ∈ P (F2n )and β = ϑ(α), then we connect with a directed edge the vertex α with the vertex β.If 1 k γ ∈ P (F2n )andϑ (γ)=γ, for some positive integer k,thenγ belongs to a cycle of length k or a divisor of k.Anelementγ belonging to a cycle can be the root of a reverse-directed tree, provided that γ = ϑ(α), for some α which is not contained in any cycle.

Example 2.1. Consider the graph associated with the map ϑ in the ﬁeld F25 , 5 2 constructed as the splitting ﬁeld over F2 of the polynomial x +x +1 ∈ F2[x]. If α 1 i is a root of such a polynomial in F25 ,thenP (F25 )={0}∪{α :1≤ i ≤ 31}∪{∞}. We will label the nodes denoting the elements αi by the exponent i and the zero element by ‘0’.

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 189

22 9

23 19 5 10

1 3 31 30 29 28 14 4 8 24 12 26 21 ‘0’

16 2 6 17 ∞

20 27 15 13 7 25

11 18

In the following we will denote the absolute trace of an element α ∈ F2n by Trn(α), namely n−1 2i Trn(α)= α . i=0 1 Since Trn(α) ∈ F2, the set of points belonging to the projective line P (F2n )can be partitioned in the subsets { ∈ ∗ −1 }∪{ ∞} An = α F2n :Trn(α)=Trn(α ) 0, { ∈ ∗ −1 } Bn = α F2n :Trn(α) =Trn(α ) . The following holds. ∗ Lemma 2.2. If α is an element of F n \{1},then 2 −1 −1 Trn (α + α ) =0. Proof. We compute explicitly the trace of β =(α + α−1)−1:

− i n1 α 2 n 1 1 Tr (β)= = + =0. n α2 +1 α2i−1 +1 α2i +1 i=0 i=1

Remark 2.3. As a consequence of previous Lemma, if one considers the re- ⊆ strictions ϑAn and ϑBn of ϑ at An (respectively Bn), then Im(ϑAn ) An and ⊆ Im(ϑBn ) Bn. This amounts to saying that the graph associated with the map ϑ n in the field F2 is the union of the graphs associated with the maps ϑAn over An and ϑBn on Bn. The map ϑ is strictly related to the duplication map defined over Koblitz curves. We remind that a Koblitz curve is an elliptic curve defined over F2 by an equation of the form y2 + xy = x3 + ax2 +1,

190 S. UGOLINI where a ∈ F2. In particular, for a = 0 we get the curve Kob0 deﬁned by y2 + xy = x3 +1.

If P =(x1,y1) ∈ Kob0(F2n ), namely P is a rational point of Kob0 over the ﬁeld F2n ,then2P =(x2,y2), where

2 1 2 x2 = x1 + 2 = ϑ(x1) x1

Moreover, if P =(x, y) ∈ Kob0(F2n ), then −P =(x, x + y). The following result holds (see [5]).

Lemma 2.4. Let β ∈ F2n .Then,Trn(β)=0if and only if there exists α ∈ F2n such that β = α + α2. We make immediately use of the Lemma above, proving the following.

Lemma 2.5. Let x ∈ F2n .Then,thereexistsy ∈ F2n such that (x, y) ∈ −1 Kob0(F2n ) if and only if x =0or x =0 and Trn(x)=Trn(x ).

Proof. Let y ∈ F2n such that (x, y) ∈ Kob0(F2n ). If x =0,then y2 y + = x + x−2. x2 x y2 y Since Tr =Tr and Tr (x−1)=Tr (x−2), then Tr (x + x−1)=0. n x2 n x n n n Conversely, if x =0,then(x, y)=(0, 1) ∈ Kob0(F2n ). If x =0andTr n(x)= −1 Trn(x ), then the equation z2 + z = x + x−2 has two solutions z1,z2.Letyi = zi · x,fori = 1 or 2. Since y 2 y i + i = x + x−2, x2 x 2 3 we get that yi + xyi = x + 1 and we are done.

If a is an element of F2n , then we can deﬁne the Kloosterman sum −1 S(n)(a)= (−1)Trn(x +ax). ∈ ∗ x F2n The values of the Kloosterman sums for a = 1 are strictly related to the number of rational points of Kob0 over F2n (see [5] for more details). We have that n (n) |Kob0(F2n )| =2 +1+S (1). In [1] some relations for S(n)(1) are given. It is proved that ' −1(mod8)forn even, n =2 (2.1) S(n)(1) ≡ 3(mod8)forn odd. Moreover (2.2) S(n)(1) = −2 · 2n/2 cos(nϕ), where

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 191

√ 1 7 cos(ϕ)= √ ; sin(ϕ)= √ . −2 2 2 2 As a consequence of (2.2) the following relation between S(2n)(1) and S(n)(1) holds: (2.3) S(2n)(1) = −S(n)(1)2 +2n+1. Using (2.3) it is possible to generalize (2.1). Lemma 2.6. Let n =2lm be a positive integer greater than 1 such that n ∈ {2, 4}, for some non-negative integer l and odd integer m.Then ' −1(mod2l+2) S(n)(1) ≡ −1+2l+2 (mod 2l+3). Proof. Let m ≥ 3. We prove the thesis by induction on l ≥ 0. Let l =0.Inthiscasen is odd and the thesis follows from (2.1). Suppose that the thesis holds for some non-negative integer l − 1. Let n = 2lm =2(2l−1m). For the sake of clarity denote k =2l−1m. Then, S(n)(1) = −S(k)(1)2 +2k+1 ≡−1(mod2l+2), being k +1=2l−1m +1≥ 2l−13+1≥ l + 3. As regards the second congruence, since S(k)(1) ≡−1+2l+1 (mod 2l+2), then S(k)(1)2 ≡ 1−2l+2 (mod 2l+3). Hence, S(n)(1) ≡−1+2l+2 +2k+1 ≡−1+2l+2 (mod 2l+3). Now we deal with the case n =2l,wherel ≥ 3. When n =8,namelyl = 3, the Kloosterman sum S(8)(1) = 31. Hence we are done. Suppose that the thesis holds for some integer l − 1 greater than or equal to 3. Let n =2k,wherek =2l−1. Then, S(2k)(1) = −S(k)(1)2 +2k+1 ≡−1(mod2l+2), since k +1=2l−1 +1≥ l +3forl ≥ 4. The second congruence holds too, since S(2k)(1) = −S(k)(1)2 +2k+1 ≡−1+2l+2 (mod 2l+3).

3. The structure of the group of the rational points of an elliptic curve over a finite field In this Section we will briefly recall some results concerning the number of rational points and the structure of the group of rational points of an elliptic curve defined over a finite field of arbitrary characteristic. More details can be found for example in [8]or[11]. If E is an elliptic curve defined over a finite field Fq of characteristic p,then the structure of the group E(Fqk ) of the rational points of E over Fqk is strictly related to the ring EndFq (E) of the endomorphisms of E over Fq. Among all the endomorphisms, the Frobenius endomorphism πq plays a special role, as we will see q q later. It maps a point P =(xP ,yP )ofE to (xP ,yP ). Note in passing that the ring

Z of integers can be viewed as a subring of EndFq (E). The following Theorem holds.

192 S. UGOLINI

Theorem 3.1. Let E be an elliptic curve defined over a finite field Fq and h the number of rational points of E over Fq.Then, h =1+q − β, √ where β is an integer with |β|≤2 q. Moreover, if (β,p)=1,thenQ(πq) is an imaginary quadratic field over Q and all the orders in Q(πq) are possible endomorphism rings of E over Fq. We remind that an order D in a number field K is a subring of K such that K is its quotient field, D ∩ Q = Z and the additive group of D is finitely generated. The structure of the group E(Fqk ) of rational points over Fqk of an elliptic curve defined over a finite field Fq such that πq ∈ Z is as follows. Theorem . 3.2 Let E be an elliptic curve defined over Fq, R =EndFq (E) and k Fqk the field with q elements. If πq ∈ Z, then there is an isomorphism ∼ k − E(Fqk ) = R/(πq 1)R of R-modules. Theorem . | | 3.3 In the same hypotheses of Theorem 3.2,ifm √= E(Fq) and − 2 − d =(q +1 m) 4q,thend<0 and EndFq (E) is an order in Q( d). The proof of Theorem 3.3, which can be found in√ [11], yields a representation of the q-Frobenius endomorphism as an element of Q( d), namely √ q +1− m + d (3.1) π = . q 2

Consider now the Koblitz curve Kob0. The number of rational points of Kob0 over F2 is 4.√ Hence the representation of the Frobenius endomorphism π2 as an − element of Q( 7) is √ −1+i 7 π2 = . 2√ We remind that the ring of integers of Q( −7), which is also its unique maximal order, is Z[ω], where √ 1+i 7 ω = . 2 √ In particular we can write π2 = −1+ω. Since End(Kob0)isanorderinQ( −7) and contains {1,π2},thenω ∈ End(Kob0). Therefore R = End(Kob0)=Z[ω]and n − the group of rational points of Kob0 over F2n is isomorphic to R/(π2 1)R.The ring R is euclidean with respect to the norm N(a + bω)=(a + bω)(a + bω). In particular N(π2)=2,namely

(3.2) π2π2 =2∈ R, where 2 is the duplication map, seen as an endomorphism of Kob0. ∈ 2 −1 2 If P =(x1,y1) Kob0(F2n )and2P =(x2,y2), then x2 = x1 +(x1 ) . −1 Therefore, if π2(P )=(x ,y ), then x = x1 + x1 . We have obtained that the conjugated of the Frobenius endomorphism takes the x-coordinate of a point P ∈ Kob0 to ϑ(x). Relying upon this consideration we can study the structure of the graph associated with the map ϑ over a ﬁnite ﬁeld of characteristic two.

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 193

4. The structure of the graphs In this Section we will describe the structure of the graphs associated with the 1 map ϑ. We deﬁne the orbit of an element x ∈ P (F2n ), under the action of the map ϑ,astheset O(x)= ϑk(x):k ≥ 0 . The point x is said to be periodic if ϑk(x)=x, for some positive integer k.The smallest such k is called the period of x. The following holds.

Lemma 4.1. Let x ∈ F22n and P =(x, y) ∈ Kob0(F22n ).DenotebyO the point at inﬁnity of Kob .Then, 0 ⎧ ⎨ x =0 n ⇐⇒ (π2 +1)P = O ⎩ or ∈ ∗ −1 x F2n and Trn(x + x )=1. Proof. n n − Suppose that (π2 +1)P = O. Then, π2 (P )= P =(x, x + y)and 2n −1 x = x. Hence, x ∈ F2n .Ifx =0andTr n(x + x )=0,theny ∈ F2n , ∈ 2 as a consequence of Lemma 2.5. But this implies that (x, y) F2n . Therefore n − π2 (P )=P and (x, y)=P = P =(x, x + y). Hence x =0andy =1,in contradiction with the assumption that x =0. ∈ ∗ −1 Conversely, suppose that x F2n and Trn(x + x ) = 1. This implies that n 2n 2n ∈ π2 (P )=(x, y ). If y = y,thenP Kob0(F2n ). But this is in contradiction n with Lemma 2.5. Hence, (π2 +1)P = O. Our ﬁnal goal is to describe the structure of the graph associated with the map 1 ϑ over P (F2n ). As remarked in Section 2, this can be done describing separately the structure of the graphs associated with the maps ϑAn and ϑBn on the sets An and Bn respectively (see Section 2 for the details).

• Graph An. We remind that, for each x ∈ An\{0, ∞},thereexisttwo distinct points in Kob0(F2n )havingthesamex-coordinate. Moreover, there is an isomorphism n ψ : Kob0(F2n ) → R/(π − 1)R, √ 2 being R the ring of integers of Q( −7). • Graph Bn. Let x ∈ Bn. In this case there are exactly two distinct points n in Kob0(F22n ) with such an x-coordinate. By Lemma 4.1, (π2 +1)P = O. ∈ n ∈ Viceversa, if P =(x, y) Kob0(F22n )and(π2 +1)P = O,thenx F2n −1 and Trn(x + x )=1orP =(0, 1). Hence, there is an isomorphism n 2n → ψ : Kob0(F2 )Bn R/(π2 +1)R, where

2n { ∈ 2n ∈ }∪ Kob0(F2 )Bn = (x, y) Kob0(F2 ):x Bn or x =0 O.

Before dealing with graphs An and Bn we recall just some facts√ about the ring Z[ω], which is the ring of integers of the quadratic number ﬁeld Q( −7). Since the ring Z[ω] is euclidean, it is also a unique factorization domain. Moreover, the only positive rational prime which ramiﬁes in R is 7, while all other (positive) rational primes either split in R or are inert.

194 S. UGOLINI

n − n We can factor the element π2 1(resp. π2 +1)inprimesofR. Notice that n − n π2 divides neither π2 1norπ2 +1. Suppose that πn − 1(resp.πn + 1) factors as 2 % 2 & % & v w √ e0 · ei · ei · − f π2 pi ri ( 7) , i=1 i=v+1 where

(1) all ei and f are non-negative integers; ≤ ≤ ∈ ei (2) for 1 i v the elements pi Z aredistinctprimesofR and N(pi )= 2ei pi ; ≤ ≤ ∈ \ (3) for v +1 i w√the elements ri R Z are distinct primes of R, diﬀerent − ei ei from π2, π2 and 7, and N(ri )=pi , for some rational integer pi such that riri = pi. The ring R/(πn − 1)R (resp. R/(πn +1)R)isisomorphicto 2 % & %2 & v w √ e0 × ei × ei × − f (4.1) R/π2 R R/pi R R/ri R R/( 7) R. i=1 i=v+1 ≤ ≤ ei For any 1 i v the additive group of R/pi R is isomorphic to the direct sum ei ≤ ≤ of two cyclic groups of order pi . Thisimpliesthat,foreachinteger0 hi ei, ei hi there are Nh points in R/p R of order p ,where i i' i 1ifh =0 N = i hi 2hi 2(hi−1) pi − pi otherwise. ≤ ≤ ei ei For any v +1 i w the additive group of R/ri R is cyclic of order pi . hi ei hi ≤ ≤ Hence, there are ϕ(pi )pointsinR/ri √R of order pi , for each integer 0 hi ei. Finally, the additive group of R/( −7)f R is isomorphic to the direct sum of two cyclic groups of order 7f/2,iff is even, or to the direct sum of two cyclic groups − of order respectively 7(f 1)/2 and 7(f+1)/2,iff is odd. In the√ case that f is even, ≤ ≤ − f hf for each integer 0 hf f/2thereareNhf points in R/( 7) R of order 7 , where ' 1ifhf =0 Nh = − f 72hf − 72(hf 1) otherwise. If, on the contrary, f is odd, then ⎧ ⎨ 1ifhf =0 − N = 72hf − 72(hf 1) if 1 ≤ h ≤ (f − 1)/2 hf ⎩ f 2h −1 2(h −1) 7 f − 7 f if hf =(f +1)/2

An element x ∈ An\{0, ∞} (resp. Bn), which is periodic under the action of the n 2n map ϑ,isthex-coordinate of a rational point of Kob0(F2 ) (resp. Kob0(F2 )Bn ), ∈ n − which corresponds to a point of the form P =(0,P1,...,Pw,Pf ) R/(π2 1)R n ≤ ≤ hi (resp. R/(π2 +1)R). Each Pi,for1 i w, has order pi , for some integer 0 ≤ hi ≤ ei.Moreover,Pf has order hf , for some integer such that 0 ≤ hf ≤ f/2if f is even or 0 ≤ hf ≤ (f +1)/2iff is odd. For any Pi let li be the smallest among k the positive integers k such that [π2] Pi = Pi or −Pi. In a similar way, we deﬁne k lf to be the smallest among the positive integers k such that [π2] Pf = Pf or −Pf .

• If 1 ≤ i ≤ v,thenli is the smallest among the positive integers k such hi k k − that pi divides π2 +1orπ2 1inR.

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 195

• If v +1 ≤ i ≤ w,thenli is the smallest among the positive integers k such hi k k − that ri divides π2 +1orπ2 1inR. • √The integer lf is the smallest among the positive integers k such that − hf k k − 7 divides π2 +1orπ2 1inR. Let l =lcm(l1,...,lw,lf ).

We introduce parameters εi,for1≤ i ≤ w,andεf such deﬁned: ' ' li l 1if[π2] Pi = Pi 1if[π2] f Pf = Pf εi = li εf = l 0if[π2] Pi = −Pi. 0if[π2] f Pf = −Pf . Let ' 0ifanyε =1andε = 1 or any ε =0andε =0 ε = i f i f 1otherwise. Then, the period of x with respect to ϑ is l =2ε · l. n − We note that the number of points P =(0,P1,...,Pw,Pf )inR/(π2 1)R n hi hf (resp. R/(π +1)R), where each Pi has order p and Pf has order 7 ,is 2 % & % i & v w · hi · m = Nhi ϕ(pi ) Nhf i=1 i=v+1 Let P = ψ(x, y)(resp. ψ (x, y)) be one of such points. The period l of x can be calculated as above. In particular, we note that also −P = ψ(x, x + y)(resp. n − n ψ(x, x + y)) has the same additive order in R/(π2 1)R (resp. R/(π2 +1)R). This m amounts to saying that the m points give rise to 2l cycles of length l. { } ≤ ≤ NowwedeﬁnethesetsZei = 0, 1,...,ei , for any 1 i w,andZf = {0, 1,...,f/2} if f is even or Zf = {0, 1,...,(f +1)/2} if f is odd. Let w × H = Zei Zf . i=1

For any h ∈ H denote by Ch the set of all cycles formed by the elements ∈ ∈ n 2n x An (resp. Bn) such that (x, y) Kob0(F2 ) (resp. Kob0(F2 )Bn )forsome ∈ ∈ n − y F2n (resp. F22n )andψ(x, y)=P =(0,P1,...,Pw,Pf ) R/(π2 1)R (resp. ∈ n ψ(x, y)=P R/(π2 +1)R), where • ≤ ≤ hi ei each Pi,for1 i v, has additive order pi in R/pi R; • ≤ ≤ hi ei each Pi,forv +1 i w, has additive√ order pi in R/ri R; h f • Pf has additive order 7 f in R/( −7) R.

Let lh be the length of the cycles formed by these points. Finally, denote by CAn the set of all cycles in graph An and by CBn the set of all cycles in graph Bn. The following holds. Lemma . 4.2 With the above notation, CAn (resp. CBn )isequalto Ch, h∈H being % & % & 1 v w |C | = N · ϕ(phi ) · N h 2l hi i hf h i=1 i=v+1 for any non-zero h ∈ H.

196 S. UGOLINI

In the following we will denote by VAn (respectively VBn ) the set of the elements n of F2 belonging to some cycle of CAn (respectively CBn ). Before characterizing the e0 trees rooted in vertices of VAn (respectively VBn ), we observe that R/π2 R consists − e0 1 i of the elements ji · [π2] ,whereeachji is 0 or 1 (see [2] for more details). i=0

4.1. Trees rooted in vertices of VAn . The following Lemma characterizes the reversed trees having root in VAn . Lemma . ∈ 4.3 Any element x VAn is the root of a reversed binary tree of depth e0 with the following properties. • If x = ∞, then there are 2k−1 vertices at the level k of the tree. More- over, the root has one child, while all other vertices have two children. • If x = ∞, then there are 2k−2 vertices at the level k of the tree. More- over, the root and the vertex at the level 1 have one child, while all other vertices have two children. • If l is the greatest power of 2 which divides n,thene0 = l +2. Proof. ∈ ∈ n − For a ﬁxed element x VAn ,let(0,P1,...,Pw,Pf ) R/(π2 1)R be one of the (at most two) points with such an x-coordinate. An elementx ˜ ∈ F2n belongs to the non-zero level k of the reversed binary tree rooted in x if and only if ϑk(˜x)=x, ϑi(˜x) = x and none of the ϑi(˜x) is periodic for any i

i=e0−k+1 where each ji ∈{0, 1}. The second condition is satisﬁed if and only if −k −k Qi =[π2] Pi, for any i,andQf =[π2] Pf or −k −k Qi = −[π2] Pi, for any i,andQf = −[π2] Pf .

Hence, fixed the values of ji for e0 − k +1≤ i ≤ e0 − 1, there are at most two possibilities for Q,namely (1) −k −k −k Q =(Q0, [π2] P1,...,[π2] Pw, [π2] Pf )or (2) −k −k −k Q =(Q0, −[π2] P1,...,−[π2] Pw, −[π2] Pf ). Therefore, for a fixed positive integer k there are 2k points Q,whosex-coordinate belongs to the level k of the tree, provided that not all Pi are zero (in which case x = ∞). If Q = ψ(˜x, y˜)isoneofsuchpoints,then−Q = ψ(˜x, x˜ +˜y) has the same ∈ ∞ k−1 x-coordinate. Hence, for any x CAn different from there are 2 vertices at the level k of the reversed binary tree rooted in x.

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 197

(1) (2) If all Pi are zero (and x = ∞), then the points Q and Q coincide. There- fore, for any k>0thereare2k−1 points, whose x-coordinate belongs to the level k of the tree. Moreover, if Q is one of such points, also −Q has the same x-coordinate and is diﬀerent from Q, unless Q is the only point belonging to the ﬁrst level of the tree. This amounts to say that there are 2k−2 vertices at the level k of the tree. Consider now an elementx ˜ belonging to the level k1 and all the Pi are zero, then Q = −Q . Hence, each of the vertices at the levels k>1 of the tree rooted in ∞ has two children. n − | | As regards the number e0,wenotethatN(π2 1) = Kob0(F2n ) . We remind that n (n) |Kob0(F2n )| =2 +1+S (1) n − and that R/(π2 1)R is isomorphic to a product of rings as in (4.1). Since π2π2 =2 in R,thene0 is the greatest power of 2 which divides |Kob0(F2n )|.Wewantto l prove that, if n =2m,forsomeoddm,thene0 = l + 2. Firstly we consider the cases n =2andn =4. (2) 3 If n =2,andl =1,thenS (1) = 3 and |Kob0(F22 )| =8=2. Hence e0 =3=l +2. (4) 4 If n =4,andl =2,thenS (1) = −1and|Kob0(F24 )| =16=2. Hence e0 =4=l +2. Now consider a positive integer n ∈{2, 4} greater than 1. Then, as a consequence of Lemma 2.6 ' 0(mod2l+2) |Kob (F n )|≡ 0 2 2l+2 (mod 2l+3).

198 S. UGOLINI

4.2. Trees rooted in elements of VBn . The following Lemma characterizes the reversed trees having root in VBn . Lemma . ∈ 4.4 Any element x VBn is the root of a reversed binary tree of depth 1 and has one child.

Proof. We remind that the elements of Bn are the x-coordinates of the points 2n \{ } in Kob0(F2 )Bn (0, 1),O . Moreover there is an isomorphism n 2n → ψ : Kob0(F2 )Bn R/(π2 +1)R. n We want to prove that the greatest power of π2 which divides π2 + 1 is 1. Since n π2π2 =2inR, then the greatest power of π2 which divides π2 + 1 is the greatest n power of 2 which divides N(π2 + 1). We consider the fact that 2n − n − n N(π2 1) = N(π2 1)N(π2 +1). We know that n − n (n) N(π2 1) = 2 +1+S (1) 2n − 2n (2n) N(π2 1) = 2 +1+S (1). Now it is an easy matter to check that n n − (n) N(π2 +1)=2 +1 S (1). Since S(n)(1) ≡−1(mod4),forn ≥ 2, then n ≡ N(π2 +1) 2(mod4) and we are done. Note in passing that for n =1theﬁeldF2n = F2 and there are ∈ ∗ −1 no elements x F2 such that Tr1(x) =Tr1(x ). n Hence, R/(π2 +1)R is isomorphic to a product of ring as in (4.1), where e0 =1. ∈ This implies that any x VBn is the root of a tree of depth 1. Consider now a ∈ n point P =(0,P1,...,Pw) R/(π2 +1)R. The only point Q such that [π2]Q = P is −1 −1 ∈ Q =(1, [π2] P1,...,[π2] Pw). Hence, any x VBn is the root of a tree of depth 1 and has one child.

5. Examples In this Section we analyse the structure of the graphs associated with ϑ over the ﬁelds F25 and F28 . Some details about the construction of the graphs are given in the last section of this paper.

5.1. Graph associated with ϑ in F25 . At the beginning of this paper we constructed explicitly the graph over the ﬁeld F25 . The structure of the graph is as follows:

Graph A5 Length of the cycles Number of cycles Depth of the trees 1 1 2 5 1 2

Graph B5 Length of the cycles Number of cycles Depth of the trees 5 1 1

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 199

Let us analyse separately graphs A5 and B5. Graph A5. The rational points of Kob0(F25 ) diﬀerent from the point at inﬁnity are all of the form (x, y), for some x ∈ A5, and, for any non-zero x ∈ A5,thereare exactly two elements y1,y2 ∈ F25 such that (x, y1), (x, y2) are points of Kob0(F25 ). − 5 − Moreover, there is a 1 1 correspondence between Kob0(F25 )andR/(π2 1)R, where R = Z[ω]. 5 − The factorization of π2 1inprimesofR is

5 − 2 · π2 1=π2 (1+2ω).

If we denote p1 =1+2ω,then

5 − ∼ 2 × R/(π2 1)R = R/π2R R/p1R.

∈ 2 × ∈ Consider the points P =(0,r) R/π2R R/p1R,wherer R is not divisible by 1 + 2ω. Such points have additive order 11 in R/p1R. The integer lr =5is k the smallest among the positive integers k such that [π2] P = P or −P ,namely | k k − the smallest among the positive integers k such that p1 (π2 +1)or(π2 1). | 5 In particular, p1 (π2 + 1). There are 10 points of this form, corresponding to 5 diﬀerent values of x ∈ F25 . Hence such points give rise to just one cycle of length 5. Moreover, each of these nodes is the root of a reversed binary tree of depth 2, 5 − since2isthegreatestpowerofπ2 which divides π2 1. Finally, consider the point O =(0, 0). The corresponding node is labelled by ∞, belongs to a cycle of length one, namely a loop, and is the root of a binary tree of depth 2. Graph B5. The nodes belonging to the graph B5 are the x-coordinate of −1 points of Kob0(F210 ) such that x ∈ F25 and Tr5(x) =Tr 5(x ). We remind the isomorphism

5 10 → Kob0(F2 )B5 R/(π2 +1)R.

We have that

5 ∼ × − R/(π2 +1)R = R/π2R R/(3 2ω)R.

Consider the points P =(0,r)wherer =0in R/(3−2ω)R. Hence, 3−2ω does not divide r. The integer lr = 5 is the smallest among the positive integers k such k that [π2] P = P or −P . Since there are 10 points P of this form, corresponding to 5 diﬀerent x in F25 , then there is just a cycle of length 5 in graph B5.Moreover each of the nodes of the cycle is the root of a reversed binary tree of depth 1.

8 5.2. Graph associated with ϑ over F28 . We can construct the ﬁeld with 2 8 4 3 2 elements as the splitting ﬁeld of the primitive polynomial x +x +x +x +1 over F 2. 1 i If α is a root of this polynomial in F28 ,thenP (F28 )={0}∪ α :1≤ i ≤ 255 ∪ {∞}.The graph is formed by the following three connected components.

200 S. UGOLINI

69 186 65 190 235 171 20 84 202 244 53 11 191 4 176 64 251 172

79 241 224 83

93 125 14 76 196 31 162 130 179 59 10 223 8 87 150 105 245 168 32 247 38 137 101 136 233

154 248 193 22 75 210 187 88 166 217 118 7 62 167 89 68 221 119 17 122 158 112 28 157 103 133 97 238 180 45 86 143 227 149

169 34 106 98 152 253 128 42 215 90 165

213 2 127 40 49 19 95 138 1 206 236 16 160 117

80 254 239 250 175 56 131 5 199 124 21 174 234 81 61 211 194 44 43 212 77 178

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 201

183 164 177 226 192 35 208 134 100 6 63 72 91 78 92 47 29 189 155 220 54 37 163 121

148 201 249 141 107 66 246 23 9 218

24 231 114 25

229 232 26 52

115 230 140 48 116 203

139 237 57 207

198 109 18 41

146 33 214 108

252 147 222 184

188 71 3 200 110 55

67 161 142 94

145 39 126 129

173 144 113 111 36 182 216 159 156 73 151 58 82 99 205 185 219 209 242 197 228 181 132 243 96 70 104 13 50 12 46 27 74 123

202 S. UGOLINI

15 240 60 195 30 225 120 135

51 204 102 153

170 85

‘0’

∞

The structure of the graph is summarized in the following tables.

Graph A8 Length of the cycles Number of cycles Depth of the trees 1 1 5 4 1 5

Graph B8 Length of the cycles Number of cycles Depth of the trees 56 1 1

Graph A8. The points belonging to Kob0(F28 ) different from the point at infinity are all of the form (x, y), for some x ∈ A8, and, for any non-zero x ∈ A8,thereare exactly two elements y1,y2 ∈ F28 such that (x, y1), (x, y2) are points of Kob0(F28 ). 8− Moreover, there is a bijection between Kob0(F28 )andR/(π2 1)R,whereR = Z[ω]. After factorization in primes of R we get that 8 − 5 · π2 1=π2 3. Hence, 8 − ∼ 5 × R/(π2 1)R = R/π2R R/3R. Consider the points P of the form (0,r), being r an element of R/3R different from zero. The additive order of r in R/3R is 3. The integer lr = 4 is the smallest k among the positive integers k such that [π2] P = P or −P . In particular, 3 | 4 (π2 + 1). Hence, the x-coordinate of each of these points belongs to a cycle of length 4. Since there are 8 points of this form, corresponding to 4 different elements x ∈ F28 , then these 8 points give rise to just one cycle of length 4. Moreover, being 8 − 5thegreatestpowerofπ2 which divides π2 1, each of the nodes in the cycle is the root of a reversed binary tree of depth 5. Finally, the x-coordinate of the point (0, 0) is ∞ and forms a loop. This node is the root of a reversed binary tree of depth 5. Graph B8. The graph associated with the action of the map ϑ on the points belonging to B8 can be studied relying upon the structure of the quotient ring

GRAPHS ASSOCIATED WITH THE MAP X → X + X−1 203

8 8 R/(π2 +1)R which is isomorphic, after factorization in primes of π2 +1,to

R/π2R × R/(5 − 8ω)R. Let us deﬁne p =5− 8ω.Theperiodofthex-coordinate of a point P =(0,r), where r =0in R/pR, under the action of the map ϑ is lr,beinglr the smallest k among the positive integers k such that [π2] P = P or −P . The smallest such | 56 integer is 56. In particular p (π2 + 1). Since there are 112 such points, then there is just a cycle of length 56 whose nodes represent the x-coordinate of the 112 points. Moreover each of these nodes is the root of a reversed binary tree of depth one.

6. A note on the construction of the graphs The graphs of the previous Section have been manually constructed for the sake of clearness. In this Section we describe a possible procedure for obtaining those and other examples using GAP [3] and Graphviz [7]. Details about GAP, Graphviz and DOT language can be found in the official websites of GAP and Graphviz. The following GAP function generates a .dot file encoding all information about the directed graph associated with the map ϑ over the field F2n for a chosen positive integer n. graph := function(n) local k, gen,a ,b, j, f; f:="./graph.dot"; gen:=Z(2^n); PrintTo(f, "digraph{ \n"); for j in [0..2^n-2] do a:=gen^j; b:=((a)+(a)^(-1)); if b = 0*Z(2) then AppendTo(f, j, "-> zero; \n"); else for k in [0..2^n] do if gen^k = b then break;fi; od; AppendTo(f, j, "->", k, "; \n"); fi; od; AppendTo(f, "zero -> inf; \n inf -> inf;}"); end;;

It can be convenient to filter all connected components of the graph using the tool ccomps included in Graphviz. Once the file graph.dot has been created, the data files of the connected components can be generated as follows: ccomps -x -o graph_con graph.dot The i-th connected component’s file will be named graph_con_i. Finally, it is possible to give the connected components a layout using one of the Graphviz layout commands as dot, circo, neato or twopi.

204 S. UGOLINI

References 1. L. Carlitz, Kloosterman sums and finite field extensions, Acta Arithmetica XVI (1969), no. 2, 179–193. MR0250982 (40:4213) 2. W. J. Gilbert, Radix representations of quadratic fields, J. Math. Anal. Appl. 83 (1981), no. 1, 264–274. MR632342 (83m:12005) 3. The GAP Group, GAP - Groups, Algorithms and Programming, version 4.4.12, http://www. gap-system.org, 2008. 4. D. Jungnickel, Finite fields: Structure and arithmetics, Bibliographisches Institut, Mannheim, 1993. MR1238714 (94g:11109) 5. G. Lachaud and J. Wolfmann, The weights of the orthogonals of the extended quadratic binary goppa codes, IEEE Transactions on Information Theory 36 (1990), no. 3, 686–. MR1053865 (92b:94040) 6. Jang-Woo Park, Discrete dynamics over finite fields, http://gradworks.umi.com/3369446.pdf. 7. AT&T Labs Research and Contributors, Graphviz - Graph Visualization Software, http:// graphviz.org. 8. Hans-Georg Rück, A note on elliptic curves over finite fields,Math.Comp.49 (1987), no. 179, 301–304. MR890272 (88d:11058) 9. I. Shparlinski, On the multiplicative orders of γ and γ + γ−1 over finite fields, Finite Fields and Their Applications (2001), no. 7, 327–331. MR1826341 (2002a:11143) 10. J. Shallit T. Vasiga, On the iteration of certain quadratic maps over GF (p), Discrete Math- ematics (2004), no. 277, 219–240. MR2033734 (2004k:05104) 11. C. Wittmann, Group structure of elliptic curves over finite fields, Journal of Number Theory 88 (2001), 335–344. MR1832010 (2002e:11080) E-mail address: [email protected]

Selected Published Titles in This Series

579 Michel Lavrauw, Gary L. Mullen, Svetla Nikova, Daniel Panario, and Leo Storme, Editors, Theory and Applications of Finite Fields, 2012 575 Yunping Jiang and Sudeb Mitra, Editors, Quasiconformal Mappings, Riemann Surfaces, and Teichmüller Spaces, 2012 573 Francis Bonahon, Robert L. Devaney, Frederick P. Gardiner, and Dragomir Sari´ˇ c, Editors, Conformal Dynamics and Hyperbolic Geometry, 2012 572 Mika Seppälä and Emil Volcheck, Editors, Computational Algebraic and Analytic Geometry, 2012 571 José Ignacio Burgos Gil, Rob de Jeu, James D. Lewis, Juan Carlos Naranjo, Wayne Raskind, and Xavier Xarles, Editors, Regulators, 2012 570 Joaqu´ın Pérez and JoséA.Gálvez, Editors, Geometric Analysis, 2012 569 Victor Goryunov, Kevin Houston, and Roberta Wik-Atique, Editors, Real and Complex Singularities, 2012 568 Simeon Reich and Alexander J. Zaslavski, Editors, Optimization Theory and Related Topics, 2012 567 Lewis Bowen, Rostislav Grigorchuk, and Yaroslav Vorobets, Editors, Dynamical Systems and Group Actions, 2012 566 Antonio Campillo, Gabriel Cardona, Alejandro Melle-Hernández, Wim Veys, and Wilson A. Zúñiga-Galindo, Editors, Zeta Functions in Algebra and Geometry, 2012 565 Susumu Ariki, Hiraku Nakajima, Yoshihisa Saito, Ken-ichi Shinoda, Toshiaki Shoji, and Toshiyuki Tanisaki, Editors, Algebraic Groups and Quantum Groups, 2012 564 Valery Alexeev, Angela Gibney, Elham Izadi, János Kollár, and Eduard Looijenga, Editors, Compact Moduli Spaces and Vector Bundles, 2012 563 Primitivo B. Acosta-Humánez, Federico Finkel, Niky Kamran, and Peter J. Olver, Editors, Algebraic Aspects of Darboux Transformations, Quantum Integrable Systems and Supersymmetric Quantum Mechanics, 2012 562 P. Ara, K. A. Brown, T. H. Lenagan, E. S. Letzter, J. T. Stafford, and J. J. Zhang, Editors, New Trends in Noncommutative Algebra, 2012 561 Oscar´ Blasco, José A. Bonet, José M. Calabuig, and David Jornet, Editors, Topics in Complex Analysis and Operator Theory, 2012 560 Weiping Li, Loretta Bartolini, Jesse Johnson, Feng Luo, Robert Myers, and J. Hyam Rubinstein, Editors, Topology and Geometry in Dimension Three, 2011 559 Guillaume Bal, David Finch, Peter Kuchment, John Schotland, Plamen Stefanov, and Gunther Uhlmann, Editors, Tomography and Inverse Transport Theory, 2011 558 Martin Grohe and Johann A. Makowsky, Editors, Model Theoretic Methods in Finite Combinatorics, 2011 557 Jeffrey Adams, Bong Lian, and Siddhartha Sahi, Editors, Representation Theory and Mathematical Physics, 2011 556 Leonid Gurvits, Philippe Pébay,J.MauriceRojas,andDavidThompson, Editors, Randomization, Relaxation, and Complexity in Polynomial Equation Solving, 2011 555 Alberto Corso and Claudia Polini, Editors, Commutative Algebra and Its Connections to Geometry, 2011 554 Mark Agranovsky, Matania Ben-Artzi, Greg Galloway, Lavi Karp, Simeon Reich, David Shoikhet, Gilbert Weinstein, and Lawrence Zalcman, Editors, Complex Analysis and Dynamical Systems IV: Part 2. General Relativity, Geometry, and PDE, 2011

For a complete list of titles in this series, visit the AMS Bookstore at www.ams.org/bookstore/conmseries/.

CONM 579 hoyadApiain fFnt Fields Finite of Applications and Theory

This volume contains the proceedings of the 10th International Conference on Finite Fields and their Applications (Fq 10), held July 11–15, 2011, in Ghent, Belgium. Research on finite fields and their practical applications continues to flourish. This volume’s topics, which include finite geometry, finite semifields, bent functions, polynomial theory, designs, and function fields, show the variety of research in this area and prove the tremendous importance of finite field theory. • aru ta. Editors al., et Lavrauw

ISBN 978-0-8218-5298-9

9 780821 852989

CONM/579 AMS