Finding Nice Permutation Polynomials over Finite Fields By Karl Wallulis A MTH 501 – Mathematical Literature Project Under the direction of Dr. John Caughman IV 2nd Reader: Dr. Derek Garton Submitted in partial fulfillment of the requirements for the degree of Masters of Science in Mathematics Portland State University Fariborz Maseeh Department of Mathematics & Statistics June 16, 2017 Wallulis 2 Introduction. A polynomial over a finite field 픽q is defined to be a permutation polynomial if it permutes the elements of the field. Permutation polynomials were first studied by Betti, Mathieu and Hermite as a way of representing permutations. In this mathematical literature project, we work through a 2008 paper by Michael E. Zieve [1] that describes a set of necessary and sufficient conditions under which a specific family of polynomials over 푟 푣 푡 푘−1 a finite field 픽q of the form 푓(푥) = 푥 ℎ푘(푥 ) permutes the field, where ℎ푘(푥) ∶= 푥 + 푥푘−2 + ⋯ + 1 and r, k, v and t are positive integers. These results coincide with those of previous authors in special cases, but with simpler proofs. §1 Families of “nice” permutation polynomials. Recent attention has been focused on finding permutation polynomials of “nice” 푢 forms. Akbary, Q. Wang and L. Wang [2, 3] studied binomials in 픽q of the form 푓(푥) = 푥 + 푥푟, with the condition that 푑 ∶= gcd(푞 − 1, 푢 − 푟) satisfies (푞 − 1)/푑 ∈ {3, 5, 7}. They found necessary and sufficient conditions for such polynomials to permute 픽q. However, their proofs contained “lengthy calculations involving coefficients of Chebyshev polynomials, lacunary sums of binomial coefficients, determinants of circulant matrices […] among other things” (Zieve pg. 1). Their proofs also required completely different arguments in each of the aforementioned cases. More recently, Zieve proved a set of necessary and sufficient conditions for a more 푟 푣 푡 general family of functions 푓(푥) = 푥 ℎ푘(푥 ) to be permutation polynomials (where 푘−1 푘−2 ℎ푘(푥) ∶= 푥 + 푥 + ⋯ + 1 and r, k, v and t are positive integers). Note that this family Wallulis 3 contains as a subset the family of polynomials 푓(푥) = 푥푢 + 푥푟, with 푘 = 2 and 푣 = 푢 − 푟. First, the main result (using the notation 푠 ∶= gcd(푞 − 1, 푣), 푑 ≔ (푞 − 1)/푠, and 푒 ∶= 푣/푠): 푟 푣 푡 푘−1 푘−2 Proposition 1.1 (Zieve pg. 2) Let 푓(푥) = 푥 ℎ푘(푥 ) , where ℎ푘(푥) ∶= 푥 + 푥 + ⋯ + 1 and r, k, v and t are positive integers. Then f permutes 픽q if and only if all of the following conditions hold: (1) gcd(푟, 푠) = gcd(푑, 푘) = 1 (2) gcd(푑, 2푟 + 푣푡(푘 − 1)) ≤ 2 (3) 푘푠푡 ≡ (−1)(푑+1)(푟+1)(푚표푑 푝) 푠푡 1−푥푘푒 (4) 푔(푥) ≔ 푥푟 ( ) is injective on 휇 \ 휇 1−푥푒 푑 1 (푑+1)(푟+1) (5) (−1) ∉ 푔(휇푑 \ 휇1) th where, for any positive integer i, the symbol 휇푖denotes the set of i roots of unity. Conditions 4 and 5 are obviously more complicated than the first three. In the cases 푑 ∈ {3, 5, 7}, if just the first three conditions hold, a corollary allows us to determine whether 푓(푥) permutes the field from a simpler set of conditions: Corollary 1.3 (Zieve pg. 2) Suppose the first three conditions of Proposition 1.1 hold, and d is an odd prime. Pick 휔 ∈ 픽q of order d. (1) If 휁푘− 휁−푘 (*) ∈ 휇 for every 휁 ∈ 휇 \ 휇 휁−휁−1 푠푡 푑 1 Then f permutes 픽q. (2) If d = 3 then f always permutes 픽q. (3) If d = 5 then f permutes 픽q if and only if (*) holds. (4) If d = 7 then f permutes 픽q if and only if either (*) holds or there exists 휖 ∈ {−1,1} such that 푠푡 휔푖푘푒 − 휔−푖푘푒 ( ) = 휔2휖(2푟+(푘−1)푣푡)푖 휔푖푒 − 휔−푖푒 for every 푖 ∈ {1,2,4}. Wallulis 4 Before diving into the proofs, it will serve to go through a worked example in detail. The field 픽16 should be simple enough to allow for computations by hand but rich enough to demonstrate the complexity of the algebra. Line (2) of Corollary 1.3 gives us a great foothold for finding a permutation polynomial within this field: we simply need positive integers r, v, k and t satisfying 푑 = 3 and meeting the first three conditions of Proposition 1.1. Since q = 16, we must have 푑 = 15/푠 = 3 , so 푠 = 5. As 푠 = gcd(15, 푣), we can choose 푣 = 5. Choosing 푟 = 4, 푘 = 5 and 푡 = 1 satisfies Conditions 1-3 of Proposition 1.1, as gcd(4, 5) = gcd(3, 5) = 1, gcd(3, 2(4) + 5(4)) = gcd(3, 28) ≤ 2 and 55 = (−1)20 (mod 2). Our chosen polynomial is therefore 4 5 4 20 15 10 5 푓(푥) = 푥 ℎ5(푥 ) = 푥 (푥 + 푥 + 푥 + 푥 + 1) which we hope to see permute the elements of the field 픽16. Now that we have defined our polynomial, if we are to find its image in 픽16 we need a characterization of the field that allows for straightforward evaluation of polynomials. It is a basic result of abstract algebra that every finite field is a finite extension of a prime field 픽p, p a prime, with 픽p ≈ ℤp. Therefore, 픽16 is an extension of degree 4 over the prime field 픽2 ≈ ℤ2. This finite extension can be obtained by taking the quotient of ℤ2[푥] by the ideal generated by an irreducible polynomial 푝(푥) of degree 4 in ℤ2[푥]. The polynomial 4 푝(푥) = 푥 + 푥 + 1 meets these conditions, therefore 픽16 ≈ ℤ2[푥] / 〈푝(푥)〉 . The elements of 픽16 can then be expressed as the sixteen distinct residue classes under division of polynomials in ℤ2[푥] by 푝(푥), which means every element corresponds bijectively to a polynomial of degree less than 4 in ℤ2[푥]. Wallulis 5 Even using this representation, evaluating 푓(푥) would still be a chore – consider evaluating 4 20 15 푓(̅푥̅3̅̅̅+̅̅̅푥̅̅+̅̅̅1̅) = (̅푥̅3̅̅̅+̅̅̅푥̅̅+̅̅̅1̅) ((푥̅̅3̅̅+̅̅̅̅푥̅̅+̅̅̅1̅) + (푥̅̅3̅̅+̅̅̅̅푥̅̅+̅̅̅1̅) + ⋯ + 1) by hand. To further simplify matters, we make use of the fact that the nonzero elements of ∗ a finite field comprise a cyclic multiplicative subgroup 픽q, and we can therefore express all nonzero elements of 픽16 as powers of any generator β of this group. It so happens that in 픽16, the element 훽 ∶= 푥 +<푝(푥)> is a generator of the group, and we have β2 = 푥2 β3 = 푥3 β4 = 푥 + 1 β5 = 푥2 + 푥 β6 = 푥3 + 푥2 β7 = 푥3 + 푥 + 1 β8 = 푥2 + 1 β9 = 푥3 + 푥 β10 = 푥2 + 푥 + 1 β11 = 푥3 + 푥2 + 푥 β12 = 푥3 + 푥2 + 푥 + 1 β13 = 푥3 + 푥2 + 1 β14 = 푥3 + 1 β15 = 1 (all mod <푝(푥)>). This representation of the elements of 픽16 permits straightforward evaluation of our 4 5 4 20 15 10 5 polynomial 푓(푥) = 푥 ℎ5(푥 ) = 푥 (푥 + 푥 + 푥 + 푥 + 1) by hand. For example, 푓(푥3 + 푥 + 1) = 푓(훽7) = (훽7)4((훽7)20 + (훽7)15 + ⋯ + 1) = 훽28(훽140 + 훽105 + 훽70 + 훽35 + 1) = 훽13(훽5 + 1 + 훽10 + 훽5 + 1) = 훽13(훽10) = 훽8 = 푥2 + 1 It is no coincidence that 푓(훽7) = 훽15−7. This polynomial has the interesting property that k 15−k ∗ 푓(훽 ) = 훽 over 픽16 (the motivated reader can verify this using similar computations as ∗ above for the other elements of 픽16). This, together with the fact that 푓(0) = 0, proves that 푓(푥) is indeed a permutation polynomial over 픽16, as we hoped. Wallulis 6 §2 An important preliminary lemma. We begin with a preliminary lemma that defines an auxiliary polynomial of great use in the proof of the main proposition. We show that the question of whether 푓(푥) th permutes 픽q can be reduced to whether this auxiliary polynomial permutes the d roots of unity µd of 픽q. Lemma 2.1 (Zieve pg. 3) Pick 푑, 푟 > 0 with 푑 | (푞 − 1), and let ℎ ∈ 픽q[푥]. Then 푓(푥) ≔ 푟 (푞−1)/푑 푥 ℎ(푥 ) permutes 픽q if and only if both (1) gcd(푟, (푞 − 1)/푑) = 1 and 푟 (푞−1)/푑 (2) 푥 ℎ(푥) 푝푒푟푚푢푡푒푠 µd. Proof. Let (a) denote the statement “푓(푥) permutes 픽q.” Zieve proves that (a) ↔ (1) ∩ (2) by showing that (a) implies (1) and that (1) implies the equivalence of (a) and (2). The underlying logic ought to be made explicit: 1. 푎 → 1 2. 퐼푓 1, 푎 ↔ 2 a. ∴ 푎 → 2 b. ∴ 푎 → 1 ∩ 2 3. ∴ 1 ∩ 2 → 푎 4. ∴ 푎 ↔ 1 ∩ 2 We need to show that if 푓(푥) permutes 픽q, then gcd(푟, (푞 − 1)/푑) = 1. Let 푠 ≔ (푞 − 1)/푑. Assume that 푓(푥) permutes 픽q and assume by way of contradiction that ′ ′ ′ ′ + gcd(푟, 푠) = 푔 > 1. We can then write 푟 = 푟 푔, 푠 = 푠 푔 (푟 , 푠 ∈ ℤ ). For 휁 ∈ 휇푠, we have 푓(휁푥) = (휁푥)푟ℎ((휁푥)푠) = 휁푟푥푟ℎ(푥푠) = 휁푟푓(푥) Choose 휁푠′ with ζ primitive, so that 휁푠′ ≠ 1. We have Wallulis 7 ′ ′ ′ ′ ′ ′ ′ 푓(휁푠 푥) = (휁푠 )푟푓(푥) = (휁푠 )푟 푔푓(푥) = (휁푠 푔)푟 푓(푥) = (휁푠)푟 푓(푥) = 푓(푥), so 푓(푥) fails to permute 픽q, a contradiction. We must now show that if gcd(푟, 푠) = 1, then 푓(푥) permutes 픽q if and only if 푟 푠 푔(푥) ≔ 푥 ℎ(푥) permutes µd, and then the proof will be complete. To show this, Zieve first argues that that “if gcd(푟, 푠) = 1, then the values of f on 픽q consist of all the sth roots of the values of 푓(푥)푠 = 푥푟푠ℎ(푥푠)푠” (pg.