Table Of Content

ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 L. A. BASSALYGO AND V.A. ZINOVIEV 6 1 Abstract. We study the divisibility by 3k of Kloosterman sums K(a) over finite 0 fields of characteristic 3. We give a new recurrent algorithm for finding the largest 2 n k, such that 3k divides the Kloosterman sum K(a). This gives a new simple test for a J zeros of such Kloosterman sums. 3 2 ] 1. Introduction T N Let F = F be a field of characteristic p of order q = pm, where m ≥ 2 is an integer q . h and let F∗ = F\{0}. By F denote the field, consisting of p elements. For any element t p a a ∈ F∗ the Klosterman sum can be defined as m [ (1.1) K(a) = ωTr(x+a/x), 1 x∈F v X 9 where ω = exp2πi/p is a primitive p-th root of unity and 3 0 7 (1.2) Tr(x) = x+xp +xp2 +···+xpm−1. 0 1. Recall that under x−i we understand xpm−1−i, avoiding by this way a division into 0. 0 Kloosterman sums are used for solutions of equations over finite fields [19], in the 6 1 theory of error correcting codes [18], for studying and constructing of bent and hyper- : v bent functions [8, 16] and so on. Surely, any Kloosterman sum K(a) for a given a can i X be found directly computing its value for every element of the field, but this method r a requires a large amount of computations, which is a multiple of the size of the field. HencemoresimplemethodsofcomputationsofKloostermansumsarequiteinteresting. The values of characteristic p ∈ {2,3} are especially interesting in connection with the number of q-rational points of some elliptic curves [17, 18, 20, 23]. Divisibility of binary Kloosterman sums by numbers 8,16,...,256 and computations of such sums modulo somenumberswasconsideredinpapers[6,7,14,10,11,12,15,20,21,24].Divisibilityof ternary Klosterman sums K(a) by 9 andby 27 was considered in [11, 12, 13, 14, 20, 21]. 2010 Mathematics Subject Classification. Primary 11T23; Secondary 11L05. Keywords andphrases. KloostermansumsoverF3m,divisibilityby3k,zerosofKloostermansums. THIS WORK HAS BEEN PARTIALLY SUPPORTED BY THE RUSSIAN FUND OF FUNDAMENTAL RESEARCHES (NUMBER OF PROJECT 15 - 01 - 08051). 1 2 L. A. BASSALYGOAND V.A.ZINOVIEV Furthermore, in [11, 12, 13] a complete characterization of K(a) modulo 9, 18 and 27 was obtained for any m and a. In the recent papers [2, 3] we provide two algorithms to find the maximum divisor of K(a) of type 2k. Similar results for the case p = 3 have been announced in [4] and here we prove these results. In particular, we give a simple test of divisibility of K(a) by 27. We suggest also a new recursive algorithm of finding the largest divisor of K(a) of the type 3k which needs at every step the limited number of arithmetic operations in F. For the case when m = gh we derive the exact connection between the divisibility by 3k of K(a) in F , a ∈ F , and the divisibility by 3k′ of K(a) in F . 3g 3g 3gh 2. Known results In this section we state the known results about Kloosterman sums K(a) [20, 23] and elliptic curves E(a) [9, 22] over finite fields F of characteristic 3. Our interest is the divisibility of such sums by the maximal possible number of type 3k (i.e. 3k divides K(a), but 3k+1 does not divide K(a); in addition, when K(a) = 0 we assume that 3m divides K(a), but 3m+1 does not divide; recall that q = 3m = |F|). For a given F and any a ∈ F∗ define the elliptic curve E(a) as follows: (2.1) E(a) = {(x,y) ∈ F×F : y2 = x3 +x2 −a}. The set ofF-rationalpoints of thecurve E(a) over F forms a finiteabelian group, which canberepresentedasadirectproductofacyclicsubgroupG(a)oforder3t andacertain subgroup H(a) of some order s (which is not multiple to 3): E(a) = G(a)×H(a), such that |E(a)| = 3t ·s for some integers t ≥ 2 and s ≥ 1 (see [9]), where s 6≡ 0 (mod 3). Moisio [23] showed that (2.2) |E(a)| = 3m +K(a), where |A| denotes the cardinality of a finite set A (earlier the same result was obtained in [17] for the curve y2+xy+ay = x3). Therefore a Kloosterman sum K(a) is divisible by 3t, if and only if the number of points of the curve E(a) is divisible by 3t. Lisonek [20] observed, that |E(a)| is divisible by 3t, if and only if the group E(a) contains an element of order 3t. Since |E(a)| is divisible by |G(a)|, which is equal to 3t, then generator elements of G(a) and only these elements are of order 3t. Let Q = (ξ,∗) ∈ E(a). Then the point P = (x,∗) ∈ E(a), such that Q = 3P exists, if and only if the equation x9 −ξx6 +a(1−ξ)x3 −a2(a+ξ) = 0. ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 1 3 F has a solution in (see [9]). This equation is equivalent to equation (2.3) x3 −ξ1/3x2 +(a(1−ξ))1/3x−(a2(a+ξ))1/3 = 0. F The equation (2.3) is solvable in if and only if (see, for example, [1]) a ξ3 +ξ2 −a (2.4) Tr = 0 . ξ3 p ! Since the point (a1/3, a1/3) of E(a) has the order 3, and hence belongs to G(a), then solving the recursive equation (2.5) x3 −x1/3x2 +(a(1−x ))1/3x −(a2(a+x ))1/3 = 0, i = 0,1,... i i−1 i i−1 i i−1 withinitialvaluex = a1/3,weobtainthatthepoint(x ,∗) ∈ G(a)fori = 0,1,...,t−1, 0 i and the point (x ,∗) is a generator element of G(a). Such algorithm of finding of t−1 cardinality of G(a) was given in [1]. Similar method was presented in our previous papers [2, 3] for finite fields of charac- teristic 2. Besides, some another results have been obtained in [2, 3] for the case p = 2. Our purpose here is to generalize these results for finite fields of characteristic 3. 3. New results We begin with a simple result. It is known [1, 14, 21], that 9 divides K(a) if and only if Tr(a) = 0. In this case a can be presented as follows: a = z27 − z9, where z ∈ F, and, hence x = a1/3 = z9−z3 (see (2.5)). We found the expression for the next 0 element x , namely: 1 x = (z4 −1)(z3 −1)z2 1 and, therefore, from the condition (2.4), the following result holds. Proposition 3.1. Let a ∈ F∗ and Tr(a) = 0, i.e. a can be presented in the form: a = z27 − z9. Then x = z9 − z3, x = (z4 − 1)(z3 − 1)z2, and, therefore, K(a) is 0 1 divisible by 27, if and only if z5(z −1)(z +1)7 (3.1) Tr = 0, (z2 +1)3 (cid:18) (cid:19) This condition (3.1) is more compact than the corresponding condition from the papers [12, 13], where it is proven that K(a) is divisible by 27, if Tr(a) = 0 and 2 a3i+3j + a3i+3j+3k = 0. 1≤i≤j≤m−1 1≤i<j<k≤m−1 X X Emphasize once more, that similar conditions permit in [11, 12, 13] to find all values of K(a) modulo 9, 18 and 27, while the condition (3.1) gives only divisibility of K(a) by 27. 4 L. A. BASSALYGOAND V.A.ZINOVIEV Similar to the case p = 2 [2, 3], we give now also another algorithm to find the maximal divisor of K(a) of the type 3t, which requires at every step the limited number F of arithmetic operations in . Let a ∈ F∗ be an arbitrary element and let u ,u ,...,u be a sequence of elements 1 2 ℓ F of , constructed according to the following recurrent relation (compare with (2.5)): (u3 −a)3 + au3 (3.2) u = i i , i = 1,2,..., i+1 (u3 −a)2 i where (u ,∗) ∈ E(a) and 1 a u3 +u2 −a (3.3) Tr 1 1 6= 0 . u3 p 1 ! Then the following result is valid. Theorem 3.2. Let a ∈ F∗ and let u ,u ,...,u be a sequence of elements of F, which 1 2 ℓ satisfies the recurrent relation (3.2), where the element u satisfies (3.3) and (u ,∗) ∈ 1 1 E(a). Then there exists an integer k ≤ m such that one of the two following cases takes place: (i) either u = a1/3, but the all previous elements u are not equal to a1/3; k i (ii) oru = u fora certain r and the all elements u are differentfori < k+1+r. k+1 k+1+r i In the both cases the Kloosterman sum K(a) is divisible by 3k and is not divisible by 3k+1. Proof. Let a ∈ F∗ and let u ,u ,...,u be a sequence of elements of F, which 1 2 ℓ satisfies the recurrent relation (3.2), where the element u satisfies (3.3) and the point 1 P = (u ,∗) belongs to E(a). Assume that E(a) has the order 3t ·s, where s is prime 1 1 to 3. We have to show that k = t. Denote P = (u ,∗). Since P = (u ,∗) belongs to E(a), it follows from the addition i i 1 1 operation in the additive abelian group E(a) (Table 2.3 in [9]) and from (3.2), that for i ≥ 2 all points P belongs to E(a) and P = 3i−1P for i ≥ 2. i i 1 There are only two possibilities: either P ∈ G(a), or P ∈ E(a)\G(a). 1 1 First consider the case P ∈ G(a). We claim that the condition (3.3) implies that 1 P is a generating element of the (cyclic) group G(a). Indeed, assume that it is not the 1 case. Then it means that there is the point Q ∈ G(a) such that P = 3Q. Assuming 1 that Q = (x,∗) and using the addition operation in E(a) [9], we arrive to the following equation for x: x3 −u1/3x2 +(a(1−u ))1/3x−(a2(a+u ))1/3 = 0. 1 1 1 ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 2 5 As we already mentioned in Section 2, this equation has a solution, if and only if a u3 +u2 −a Tr 1 1 = 0, u3 p 1 ! that contradicts to (3.3). We conclude that P is a generating point of G(a) and, 1 therefore, has the order 3t. This means that the point P = (u ,∗) = 3t−1P is of the t t 1 order 3. Since there are exactly two points in E(a) of the order 3 [9], namely, the points (a1/3,±a1/3), it means that for any i ≤ t−1 we have that u 6= a1/3. Therefore, k = t i and K(a) is divisible by 3t. Now consider the case when P ∈ E(a) \ G(a). Then the order d of the point 1 3tP = (u ,∗) divides s. The point dP belongs to the cyclic group G(a), and it 1 t+1 1 is a generating element, since the equality dP = 3Q for some Q ∈ E(a) implies the 1 equality P = 3Q′, that contradicts to (3.3). Therefore the order of the point P is 1 1 equal to d·3t and K(a) is divisible by 3t. Denote by r the least integer, such that d divides 3r − 1 or 3r + 1. Then we have the following equalities: in the first case 3t+r ·P = 3t ·P 1 1 and in the second case 3t+r ·P = −3t ·P . 1 1 Inthe bothcases we obtain, that u = u andour sequence u ,u ,...,u becomes t+1 t+1+r 1 2 ℓ periodic with a period r, starting from the elemnt u . (cid:3) t+1 Remark 3.3. It is clear, that, for the case (ii) of Theorem 1, this algorithm needs k+r computations of values ax3 x3 −a+ (x3 −a)2 for finding the largest divisor of K(a) of the type 3k. Besides, the following lower bound for the number of F-rational points of the curve E(a) is valid: |E(a)| ≥ 3k(2r+1) and, respectively, the following upper bound for the value of Kloosterman sum K(a) takes place: K(a) ≤ 3m − 3k(2r+1). DirectlyfromTheorem3.2weobtainthefollowingnecessaryandsufficient condition for an element a ∈ F∗ to be a zero of the Kloosterman sum K(a). 6 L. A. BASSALYGOAND V.A.ZINOVIEV Corollary 3.4. Let a ∈ F∗ and u ,u ,...,u be a sequence of elements of F of the order 1 2 ℓ |F| = 3m, which satisfies the recurrent relation (3.2), where the element u satisfies 1 (3.3). Then K(a) = 0, if and only if u = a1/3, and u 6= a1/3 for all 1 ≤ i ≤ m−1. m i Example 3.5. SupposethefieldFoforder35 isgeneratedbyφ(x) = x5+x4+x2+1and its root α is a primitive element of F. Take a = α31. Following to Statement 3.7, present a as a = z27−z9. We find that z ∈ {α16,α106,α231}. The corresponding possible values of x are α7,α19 and α105, respectively. For all these values of z the condition (3.1) is 1 satisfied. We conclude that K(a) is divisible by 27. Choosing x = α7 and solving the 1 cubic equation (2.5), we obtain three solutions for x , namely, x ∈ {α138,α196,α237}. 2 2 Choose x = α138. Then the condition (2.4) (with ξ = x ) is not valid: 2 2 a x3 +x2 −a Tr 2 2 = Tr(α202) = 1 . x3 p 2 ! It means that we find the exact divisor 3k of K(α31) and the maximal cyclic subgroup G(α31) of the curve E(α31) is of the order 27. The x-th coordinates of all points (x,∗) of the cyclic group G(α31) are presented below as a graph, which gives all possible nine sequences x = a1/3,x ,x . 0 1 2 α91 α✘7✘✘✘✘✘✘✘✘✘✘✘❳sα❳19❳❳❳❳❳❳❳❳❳❳α105 s s s (cid:0)❅ (cid:0)❅ (cid:0)❅ (cid:0) ❅ (cid:0) ❅ (cid:0) ❅ (cid:0)(cid:0)s s ❅❅s (cid:0)(cid:0)s s ❅❅s (cid:0)(cid:0)s s ❅❅s α138 α196 α237 α9 α100 α175 α76 α202 α219 As the condition (2.4) for all elements of the last third level (numeration of the levels 0,1,... is starting from the top) is not satisfied, then k = 3, and we conclude that K(α31) is divisible by 27 (indeed, K(α31) = 27). Note that all points P = (x ,y ), i i i corresponding to the i-th level of the graph satisfy the condition 3i+1P = O, where O i is the identity element of the group E(a). Now start from the down, choosing the point u = α159, which satisfies (3.3). Then 1 using (3.2), we obtain the sequence α159,α15,α44,α162,α162,.... We conclude that k = 3 (see Theorem 3.2) and K(a) is divisible by 33 (here r = 1). The choice u = α193 results in the following sequence: 1 α193,α199,α50,α197,α223,α197α223,.... We again conclude that k = 3 (and here r = 2). ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 3 7 Assume now that the field F of order q = 3m is embedded into the field F (n ≥ 2), q qn and a is an element of F∗. Recall that q Tr (x) = x+xq +xq2 +...+xqn−1, x ∈ F . qn→q qn For any elements a ∈ F and b ∈ F define q qn e(a) = ωTr(a), e (b) = ωTr(Trqn→q(b)), n where ω is a primitive 3-th root of unity. For a given a ∈ F∗ it is possible to consider q the following two Kloosterman sums: a a K(a) = e x+ , K (a) = e x+ . n n x x xX∈Fq (cid:16) (cid:17) xX∈Fqn (cid:16) (cid:17) Denote by H(a) the maximal degree of 3, which divides K(a), and by H (a) the n maximal degree of 3, which divides K (a). Recall that in the case, when K(a) = 0 over n F , where q = 3m, we assume that 3m divides K(a), but 3m+1 does not divide. There q exists a simple connection between H(a) and H (a). n Theorem 3.6. Let n = 3h ·s, n ≥ 2, s ≥ 1, where 3 and s are mutually prime, and a ∈ F∗. Then q H (a) = H(a) + h. n The proof follows from two simple statements. Proposition 3.7. Let h = 0 (that is n and 3 are coprime). Then H (a) = H(a). n Proof. By definition of the trace we have for any element x ∈ F q Tr(Tr (x)) = Tr(x+xq +xq2 +···+xqn−1) = qn→q = Tr(x)+Tr(xq)+Tr(xq2)+···+Tr(xqn−1) = = nTr(x) = = ±Tr(x), where the last equality follows, since n and 3 are coprime. Therefore, Tr (x) = 0 qn→p for any x ∈ F , if and only if Tr (x) = 0. And, since a,a1/3 ∈ F , then all solutions q q→p q F (cid:3) of the equation (2.5) belong to , that gives the statement. q Proposition 3.8. Let n = 3 and a ∈ F∗. Then q H (a) = H(a)+1. 3 8 L. A. BASSALYGOAND V.A.ZINOVIEV Proof. It is known [5] that (3.4) K (a) = K(a)3 −3K(a)2 +3K(a)−3qK(a). 3 Assume that K(a) is divisible by 3k. Then it is easy to see that K (a) is divisible by 3 3k+1 and is not divisible by 3k+2. (cid:3) From Theorem 3.6, recalling that equality K(a) = 0 over F means divisibility of q K(a) by q, we immediately obtain the following known result [21]. Corollary 3.9. Let a ∈ F∗ and n ≥ 2. Then K (a) is not equal to zero. q n References [1] O. Ahmadi and R. Granger, An efficient deterministic test for Kloostermansum zeros, Math. of Computation, 83 (2014), 347 - 363. [2] L.A. Bassalygo and V.A. Zinoviev, On divisibility of exponential sums of polynomials of special typeoverfieldsofcharacteristic2,in:SeventhInternationalWorkshoponCodingandCryptogra- phy,WCC2011(April11-15,2011,Paris,France)Proceedings(eds.D.AugotandA.Canteaut), 2011,389 - 396. [3] L.A. Bassalygo and V.A. Zinoviev, On divisibility of exponential sums of polynomials of special type over fields of characteristic 2, Designs, Codes and Crypt., 66 (2013), 1-3, 129-143. [4] L.A.BassalygoandV.A. Zinoviev,OnKloostermansums overfinite fields of characteristic3,in: ProceedingsofThirteenthInternationalWorkshop.AlgebraicandCombinatorialCodingTheory, ACCT - 13 (June 15-21,2012), Pomorie, Bulgaria), 83-87. [5] L. Carlitz, Kloosterman sums and finite field extensions, Acta Arithmetica, vol. XVI (1969), pp. 179-193. [6] P. Charpin, T. Helleseth and V.A. Zinoviev, The divisibility modulo 24 of Kloostermansums on GF(2m), m odd, J. Comb. Theory Ser. A, 114 (2007), 2, 322-338. [7] P.Charpin, T. Helleseth and V.A. Zinoviev,On divisibility properties of classicalbinary Kloost- erman sums, Discrete Math., 309 (2009), 12, 3975-3984. [8] P. Charpin and G. Gong, Hyperbent functions, Kloosterman sums, and Dickson polynomials, IEEE Trans. Inform. Theory, 54 (2008), 9, 4230-4238. [9] A. Enge, Elliptic curves and their applications to cryptography: an introduction, Klumer Aca- demic Publishers, Boston, 1999. [10] F.G´’olog˘lu,P.Lisonek,G.McGuire,andR.Moloney,BinaryKloostermansumsmodulo256and coefficientsofthecharacteristicpolynomial,IEEETrans.Inform.Theory,58(2012),4,2516-2523. [11] F. G´’olog˘lu, G. McGuire, and R. Moloney, Binary Kloosterman sums using Stickelberger’s theo- rem and the Gross-Koblitz formula, Acta Arithmetica, 148 (2011), 3, 269-279. ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 4 9 [12] F.G´’olog˘lu,G.McGuire,andR.Moloney,Some results onKloostermansumsandtheir minimal polynomials,in:SeventhInternationalWorkshoponCodingandCryptography,WCC2011(April 11-15,2011, Paris, France,), Proceedings (eds. D. Augot and A. Canteaut), 2011, 403 - 412. [13] F. G´’olog˘lu, G. McGuire, and R. Moloney, Some congruences on Kloosterman sums and their characteristic polynomials, J. Number Theory, 143 (2013), 1596-1607; see arXiv:1006.1802v1 [math.NT] 9 Jun 2010. [14] G.vanderGeerandM.vanderVlugt,Kloostermansumsandthep-torsionofcertainJacobians, Math. Ann., 290 (1991), 3, 549 - 563. [15] T. Helleseth and V.A. Zinoviev, On Z4-Linear Goethals Codes and Kloosterman Sums, Designs, Codes and Crypt., 17 (1999), 1-3, 246-262. [16] T. Helleseth and A. Kholosha, Monomial and quadratic bent functions over the finite fields of odd characteristic, IEEE Trans. Inform. Theory, 52 (2006), 2018-2032. [17] Katz N. and Livne R., Sommes de Kloosterman et courbes elliptiques universelles en caracteris- tiques 2 et 3, C. R. Acad. Sci. Paris Ser. I Math., 309 (1989), 11, 723-726. [18] Lachaud, G. and Wolfmann, J., The Weights of the Orthogonals of the Extended Quadratic Binary Goppa Codes, IEEE Trans. Inform. Theory, 36 (1990), 3, 686-692. [19] R. Lidl and H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and Its Applications, Reading, MA: Addison Wesley, 20, 1983. [20] P. Lisonek, On the connection between Kloostermansums and elliptic curves, in: Proceedingsof the 5th InternationalConference on Sequences and Their Applications (SETA 2008)(S. Golomb et al. Eds., Lecture Notes in Computer Science, Springer, 5203 (2008), 182 - 187. [21] P.Lisonek,anbdM.Moisio,OnzerosofKloostermansums,Designs,CodesandCrypt.,59(2011), 1 - 3, 223 - 230. [22] A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Boston- Dordrecht-London,1993. [23] M. Moisio, Kloosterman sums, elliptic curves, and irreducible polynomials with prescribed trace and norm, Acta Arithmetica, 132 (2008), 4, 329 - 350. [24] M. Moisio, The divisibility modulo 24 of Kloosterman sums on GF(2m), m even, Finite Fields and Their Appl., 15 (2009, 174 - 184. Kharkevich Institute for Problems of Information Transmission of the Russian Academy of Sciences,, Russia, 127994, Moscow, GSP-4, B. Karetnyi per. 19 E-mail address: [email protected], [email protected]

ebook img

On Kloosterman sums over finite fields of characteristic 3 PDF

0.15 MB·
by  Leonid Bassalygo
#journals #arxiv
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview On Kloosterman sums over finite fields of characteristic 3

ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 L. A. BASSALYGO AND V.A. ZINOVIEV 6 1 Abstract. We study the divisibility by 3k of Kloosterman sums K(a) over finite 0 fields of characteristic 3. We give a new recurrent algorithm for finding the largest 2 n k, such that 3k divides the Kloosterman sum K(a). This gives a new simple test for a J zeros of such Kloosterman sums. 3 2 ] 1. Introduction T N Let F = F be a field of characteristic p of order q = pm, where m ≥ 2 is an integer q . h and let F∗ = F\{0}. By F denote the field, consisting of p elements. For any element t p a a ∈ F∗ the Klosterman sum can be defined as m [ (1.1) K(a) = ωTr(x+a/x), 1 x∈F v X 9 where ω = exp2πi/p is a primitive p-th root of unity and 3 0 7 (1.2) Tr(x) = x+xp +xp2 +···+xpm−1. 0 1. Recall that under x−i we understand xpm−1−i, avoiding by this way a division into 0. 0 Kloosterman sums are used for solutions of equations over finite fields [19], in the 6 1 theory of error correcting codes [18], for studying and constructing of bent and hyper- : v bent functions [8, 16] and so on. Surely, any Kloosterman sum K(a) for a given a can i X be found directly computing its value for every element of the field, but this method r a requires a large amount of computations, which is a multiple of the size of the field. HencemoresimplemethodsofcomputationsofKloostermansumsarequiteinteresting. The values of characteristic p ∈ {2,3} are especially interesting in connection with the number of q-rational points of some elliptic curves [17, 18, 20, 23]. Divisibility of binary Kloosterman sums by numbers 8,16,...,256 and computations of such sums modulo somenumberswasconsideredinpapers[6,7,14,10,11,12,15,20,21,24].Divisibilityof ternary Klosterman sums K(a) by 9 andby 27 was considered in [11, 12, 13, 14, 20, 21]. 2010 Mathematics Subject Classification. Primary 11T23; Secondary 11L05. Keywords andphrases. KloostermansumsoverF3m,divisibilityby3k,zerosofKloostermansums. THIS WORK HAS BEEN PARTIALLY SUPPORTED BY THE RUSSIAN FUND OF FUNDAMENTAL RESEARCHES (NUMBER OF PROJECT 15 - 01 - 08051). 1 2 L. A. BASSALYGOAND V.A.ZINOVIEV Furthermore, in [11, 12, 13] a complete characterization of K(a) modulo 9, 18 and 27 was obtained for any m and a. In the recent papers [2, 3] we provide two algorithms to find the maximum divisor of K(a) of type 2k. Similar results for the case p = 3 have been announced in [4] and here we prove these results. In particular, we give a simple test of divisibility of K(a) by 27. We suggest also a new recursive algorithm of finding the largest divisor of K(a) of the type 3k which needs at every step the limited number of arithmetic operations in F. For the case when m = gh we derive the exact connection between the divisibility by 3k of K(a) in F , a ∈ F , and the divisibility by 3k′ of K(a) in F . 3g 3g 3gh 2. Known results In this section we state the known results about Kloosterman sums K(a) [20, 23] and elliptic curves E(a) [9, 22] over finite fields F of characteristic 3. Our interest is the divisibility of such sums by the maximal possible number of type 3k (i.e. 3k divides K(a), but 3k+1 does not divide K(a); in addition, when K(a) = 0 we assume that 3m divides K(a), but 3m+1 does not divide; recall that q = 3m = |F|). For a given F and any a ∈ F∗ define the elliptic curve E(a) as follows: (2.1) E(a) = {(x,y) ∈ F×F : y2 = x3 +x2 −a}. The set ofF-rationalpoints of thecurve E(a) over F forms a finiteabelian group, which canberepresentedasadirectproductofacyclicsubgroupG(a)oforder3t andacertain subgroup H(a) of some order s (which is not multiple to 3): E(a) = G(a)×H(a), such that |E(a)| = 3t ·s for some integers t ≥ 2 and s ≥ 1 (see [9]), where s 6≡ 0 (mod 3). Moisio [23] showed that (2.2) |E(a)| = 3m +K(a), where |A| denotes the cardinality of a finite set A (earlier the same result was obtained in [17] for the curve y2+xy+ay = x3). Therefore a Kloosterman sum K(a) is divisible by 3t, if and only if the number of points of the curve E(a) is divisible by 3t. Lisonek [20] observed, that |E(a)| is divisible by 3t, if and only if the group E(a) contains an element of order 3t. Since |E(a)| is divisible by |G(a)|, which is equal to 3t, then generator elements of G(a) and only these elements are of order 3t. Let Q = (ξ,∗) ∈ E(a). Then the point P = (x,∗) ∈ E(a), such that Q = 3P exists, if and only if the equation x9 −ξx6 +a(1−ξ)x3 −a2(a+ξ) = 0. ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 1 3 F has a solution in (see [9]). This equation is equivalent to equation (2.3) x3 −ξ1/3x2 +(a(1−ξ))1/3x−(a2(a+ξ))1/3 = 0. F The equation (2.3) is solvable in if and only if (see, for example, [1]) a ξ3 +ξ2 −a (2.4) Tr = 0 . ξ3 p ! Since the point (a1/3, a1/3) of E(a) has the order 3, and hence belongs to G(a), then solving the recursive equation (2.5) x3 −x1/3x2 +(a(1−x ))1/3x −(a2(a+x ))1/3 = 0, i = 0,1,... i i−1 i i−1 i i−1 withinitialvaluex = a1/3,weobtainthatthepoint(x ,∗) ∈ G(a)fori = 0,1,...,t−1, 0 i and the point (x ,∗) is a generator element of G(a). Such algorithm of finding of t−1 cardinality of G(a) was given in [1]. Similar method was presented in our previous papers [2, 3] for finite fields of charac- teristic 2. Besides, some another results have been obtained in [2, 3] for the case p = 2. Our purpose here is to generalize these results for finite fields of characteristic 3. 3. New results We begin with a simple result. It is known [1, 14, 21], that 9 divides K(a) if and only if Tr(a) = 0. In this case a can be presented as follows: a = z27 − z9, where z ∈ F, and, hence x = a1/3 = z9−z3 (see (2.5)). We found the expression for the next 0 element x , namely: 1 x = (z4 −1)(z3 −1)z2 1 and, therefore, from the condition (2.4), the following result holds. Proposition 3.1. Let a ∈ F∗ and Tr(a) = 0, i.e. a can be presented in the form: a = z27 − z9. Then x = z9 − z3, x = (z4 − 1)(z3 − 1)z2, and, therefore, K(a) is 0 1 divisible by 27, if and only if z5(z −1)(z +1)7 (3.1) Tr = 0, (z2 +1)3 (cid:18) (cid:19) This condition (3.1) is more compact than the corresponding condition from the papers [12, 13], where it is proven that K(a) is divisible by 27, if Tr(a) = 0 and 2 a3i+3j + a3i+3j+3k = 0. 1≤i≤j≤m−1 1≤i<j<k≤m−1 X X Emphasize once more, that similar conditions permit in [11, 12, 13] to find all values of K(a) modulo 9, 18 and 27, while the condition (3.1) gives only divisibility of K(a) by 27. 4 L. A. BASSALYGOAND V.A.ZINOVIEV Similar to the case p = 2 [2, 3], we give now also another algorithm to find the maximal divisor of K(a) of the type 3t, which requires at every step the limited number F of arithmetic operations in . Let a ∈ F∗ be an arbitrary element and let u ,u ,...,u be a sequence of elements 1 2 ℓ F of , constructed according to the following recurrent relation (compare with (2.5)): (u3 −a)3 + au3 (3.2) u = i i , i = 1,2,..., i+1 (u3 −a)2 i where (u ,∗) ∈ E(a) and 1 a u3 +u2 −a (3.3) Tr 1 1 6= 0 . u3 p 1 ! Then the following result is valid. Theorem 3.2. Let a ∈ F∗ and let u ,u ,...,u be a sequence of elements of F, which 1 2 ℓ satisfies the recurrent relation (3.2), where the element u satisfies (3.3) and (u ,∗) ∈ 1 1 E(a). Then there exists an integer k ≤ m such that one of the two following cases takes place: (i) either u = a1/3, but the all previous elements u are not equal to a1/3; k i (ii) oru = u fora certain r and the all elements u are differentfori < k+1+r. k+1 k+1+r i In the both cases the Kloosterman sum K(a) is divisible by 3k and is not divisible by 3k+1. Proof. Let a ∈ F∗ and let u ,u ,...,u be a sequence of elements of F, which 1 2 ℓ satisfies the recurrent relation (3.2), where the element u satisfies (3.3) and the point 1 P = (u ,∗) belongs to E(a). Assume that E(a) has the order 3t ·s, where s is prime 1 1 to 3. We have to show that k = t. Denote P = (u ,∗). Since P = (u ,∗) belongs to E(a), it follows from the addition i i 1 1 operation in the additive abelian group E(a) (Table 2.3 in [9]) and from (3.2), that for i ≥ 2 all points P belongs to E(a) and P = 3i−1P for i ≥ 2. i i 1 There are only two possibilities: either P ∈ G(a), or P ∈ E(a)\G(a). 1 1 First consider the case P ∈ G(a). We claim that the condition (3.3) implies that 1 P is a generating element of the (cyclic) group G(a). Indeed, assume that it is not the 1 case. Then it means that there is the point Q ∈ G(a) such that P = 3Q. Assuming 1 that Q = (x,∗) and using the addition operation in E(a) [9], we arrive to the following equation for x: x3 −u1/3x2 +(a(1−u ))1/3x−(a2(a+u ))1/3 = 0. 1 1 1 ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 2 5 As we already mentioned in Section 2, this equation has a solution, if and only if a u3 +u2 −a Tr 1 1 = 0, u3 p 1 ! that contradicts to (3.3). We conclude that P is a generating point of G(a) and, 1 therefore, has the order 3t. This means that the point P = (u ,∗) = 3t−1P is of the t t 1 order 3. Since there are exactly two points in E(a) of the order 3 [9], namely, the points (a1/3,±a1/3), it means that for any i ≤ t−1 we have that u 6= a1/3. Therefore, k = t i and K(a) is divisible by 3t. Now consider the case when P ∈ E(a) \ G(a). Then the order d of the point 1 3tP = (u ,∗) divides s. The point dP belongs to the cyclic group G(a), and it 1 t+1 1 is a generating element, since the equality dP = 3Q for some Q ∈ E(a) implies the 1 equality P = 3Q′, that contradicts to (3.3). Therefore the order of the point P is 1 1 equal to d·3t and K(a) is divisible by 3t. Denote by r the least integer, such that d divides 3r − 1 or 3r + 1. Then we have the following equalities: in the first case 3t+r ·P = 3t ·P 1 1 and in the second case 3t+r ·P = −3t ·P . 1 1 Inthe bothcases we obtain, that u = u andour sequence u ,u ,...,u becomes t+1 t+1+r 1 2 ℓ periodic with a period r, starting from the elemnt u . (cid:3) t+1 Remark 3.3. It is clear, that, for the case (ii) of Theorem 1, this algorithm needs k+r computations of values ax3 x3 −a+ (x3 −a)2 for finding the largest divisor of K(a) of the type 3k. Besides, the following lower bound for the number of F-rational points of the curve E(a) is valid: |E(a)| ≥ 3k(2r+1) and, respectively, the following upper bound for the value of Kloosterman sum K(a) takes place: K(a) ≤ 3m − 3k(2r+1). DirectlyfromTheorem3.2weobtainthefollowingnecessaryandsufficient condition for an element a ∈ F∗ to be a zero of the Kloosterman sum K(a). 6 L. A. BASSALYGOAND V.A.ZINOVIEV Corollary 3.4. Let a ∈ F∗ and u ,u ,...,u be a sequence of elements of F of the order 1 2 ℓ |F| = 3m, which satisfies the recurrent relation (3.2), where the element u satisfies 1 (3.3). Then K(a) = 0, if and only if u = a1/3, and u 6= a1/3 for all 1 ≤ i ≤ m−1. m i Example 3.5. SupposethefieldFoforder35 isgeneratedbyφ(x) = x5+x4+x2+1and its root α is a primitive element of F. Take a = α31. Following to Statement 3.7, present a as a = z27−z9. We find that z ∈ {α16,α106,α231}. The corresponding possible values of x are α7,α19 and α105, respectively. For all these values of z the condition (3.1) is 1 satisfied. We conclude that K(a) is divisible by 27. Choosing x = α7 and solving the 1 cubic equation (2.5), we obtain three solutions for x , namely, x ∈ {α138,α196,α237}. 2 2 Choose x = α138. Then the condition (2.4) (with ξ = x ) is not valid: 2 2 a x3 +x2 −a Tr 2 2 = Tr(α202) = 1 . x3 p 2 ! It means that we find the exact divisor 3k of K(α31) and the maximal cyclic subgroup G(α31) of the curve E(α31) is of the order 27. The x-th coordinates of all points (x,∗) of the cyclic group G(α31) are presented below as a graph, which gives all possible nine sequences x = a1/3,x ,x . 0 1 2 α91 α✘7✘✘✘✘✘✘✘✘✘✘✘❳sα❳19❳❳❳❳❳❳❳❳❳❳α105 s s s (cid:0)❅ (cid:0)❅ (cid:0)❅ (cid:0) ❅ (cid:0) ❅ (cid:0) ❅ (cid:0)(cid:0)s s ❅❅s (cid:0)(cid:0)s s ❅❅s (cid:0)(cid:0)s s ❅❅s α138 α196 α237 α9 α100 α175 α76 α202 α219 As the condition (2.4) for all elements of the last third level (numeration of the levels 0,1,... is starting from the top) is not satisfied, then k = 3, and we conclude that K(α31) is divisible by 27 (indeed, K(α31) = 27). Note that all points P = (x ,y ), i i i corresponding to the i-th level of the graph satisfy the condition 3i+1P = O, where O i is the identity element of the group E(a). Now start from the down, choosing the point u = α159, which satisfies (3.3). Then 1 using (3.2), we obtain the sequence α159,α15,α44,α162,α162,.... We conclude that k = 3 (see Theorem 3.2) and K(a) is divisible by 33 (here r = 1). The choice u = α193 results in the following sequence: 1 α193,α199,α50,α197,α223,α197α223,.... We again conclude that k = 3 (and here r = 2). ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 3 7 Assume now that the field F of order q = 3m is embedded into the field F (n ≥ 2), q qn and a is an element of F∗. Recall that q Tr (x) = x+xq +xq2 +...+xqn−1, x ∈ F . qn→q qn For any elements a ∈ F and b ∈ F define q qn e(a) = ωTr(a), e (b) = ωTr(Trqn→q(b)), n where ω is a primitive 3-th root of unity. For a given a ∈ F∗ it is possible to consider q the following two Kloosterman sums: a a K(a) = e x+ , K (a) = e x+ . n n x x xX∈Fq (cid:16) (cid:17) xX∈Fqn (cid:16) (cid:17) Denote by H(a) the maximal degree of 3, which divides K(a), and by H (a) the n maximal degree of 3, which divides K (a). Recall that in the case, when K(a) = 0 over n F , where q = 3m, we assume that 3m divides K(a), but 3m+1 does not divide. There q exists a simple connection between H(a) and H (a). n Theorem 3.6. Let n = 3h ·s, n ≥ 2, s ≥ 1, where 3 and s are mutually prime, and a ∈ F∗. Then q H (a) = H(a) + h. n The proof follows from two simple statements. Proposition 3.7. Let h = 0 (that is n and 3 are coprime). Then H (a) = H(a). n Proof. By definition of the trace we have for any element x ∈ F q Tr(Tr (x)) = Tr(x+xq +xq2 +···+xqn−1) = qn→q = Tr(x)+Tr(xq)+Tr(xq2)+···+Tr(xqn−1) = = nTr(x) = = ±Tr(x), where the last equality follows, since n and 3 are coprime. Therefore, Tr (x) = 0 qn→p for any x ∈ F , if and only if Tr (x) = 0. And, since a,a1/3 ∈ F , then all solutions q q→p q F (cid:3) of the equation (2.5) belong to , that gives the statement. q Proposition 3.8. Let n = 3 and a ∈ F∗. Then q H (a) = H(a)+1. 3 8 L. A. BASSALYGOAND V.A.ZINOVIEV Proof. It is known [5] that (3.4) K (a) = K(a)3 −3K(a)2 +3K(a)−3qK(a). 3 Assume that K(a) is divisible by 3k. Then it is easy to see that K (a) is divisible by 3 3k+1 and is not divisible by 3k+2. (cid:3) From Theorem 3.6, recalling that equality K(a) = 0 over F means divisibility of q K(a) by q, we immediately obtain the following known result [21]. Corollary 3.9. Let a ∈ F∗ and n ≥ 2. Then K (a) is not equal to zero. q n References [1] O. Ahmadi and R. Granger, An efficient deterministic test for Kloostermansum zeros, Math. of Computation, 83 (2014), 347 - 363. [2] L.A. Bassalygo and V.A. Zinoviev, On divisibility of exponential sums of polynomials of special typeoverfieldsofcharacteristic2,in:SeventhInternationalWorkshoponCodingandCryptogra- phy,WCC2011(April11-15,2011,Paris,France)Proceedings(eds.D.AugotandA.Canteaut), 2011,389 - 396. [3] L.A. Bassalygo and V.A. Zinoviev, On divisibility of exponential sums of polynomials of special type over fields of characteristic 2, Designs, Codes and Crypt., 66 (2013), 1-3, 129-143. [4] L.A.BassalygoandV.A. Zinoviev,OnKloostermansums overfinite fields of characteristic3,in: ProceedingsofThirteenthInternationalWorkshop.AlgebraicandCombinatorialCodingTheory, ACCT - 13 (June 15-21,2012), Pomorie, Bulgaria), 83-87. [5] L. Carlitz, Kloosterman sums and finite field extensions, Acta Arithmetica, vol. XVI (1969), pp. 179-193. [6] P. Charpin, T. Helleseth and V.A. Zinoviev, The divisibility modulo 24 of Kloostermansums on GF(2m), m odd, J. Comb. Theory Ser. A, 114 (2007), 2, 322-338. [7] P.Charpin, T. Helleseth and V.A. Zinoviev,On divisibility properties of classicalbinary Kloost- erman sums, Discrete Math., 309 (2009), 12, 3975-3984. [8] P. Charpin and G. Gong, Hyperbent functions, Kloosterman sums, and Dickson polynomials, IEEE Trans. Inform. Theory, 54 (2008), 9, 4230-4238. [9] A. Enge, Elliptic curves and their applications to cryptography: an introduction, Klumer Aca- demic Publishers, Boston, 1999. [10] F.G´’olog˘lu,P.Lisonek,G.McGuire,andR.Moloney,BinaryKloostermansumsmodulo256and coefficientsofthecharacteristicpolynomial,IEEETrans.Inform.Theory,58(2012),4,2516-2523. [11] F. G´’olog˘lu, G. McGuire, and R. Moloney, Binary Kloosterman sums using Stickelberger’s theo- rem and the Gross-Koblitz formula, Acta Arithmetica, 148 (2011), 3, 269-279. ON KLOOSTERMAN SUMS OVER FINITE FIELDS OF CHARACTERISTIC 3 4 9 [12] F.G´’olog˘lu,G.McGuire,andR.Moloney,Some results onKloostermansumsandtheir minimal polynomials,in:SeventhInternationalWorkshoponCodingandCryptography,WCC2011(April 11-15,2011, Paris, France,), Proceedings (eds. D. Augot and A. Canteaut), 2011, 403 - 412. [13] F. G´’olog˘lu, G. McGuire, and R. Moloney, Some congruences on Kloosterman sums and their characteristic polynomials, J. Number Theory, 143 (2013), 1596-1607; see arXiv:1006.1802v1 [math.NT] 9 Jun 2010. [14] G.vanderGeerandM.vanderVlugt,Kloostermansumsandthep-torsionofcertainJacobians, Math. Ann., 290 (1991), 3, 549 - 563. [15] T. Helleseth and V.A. Zinoviev, On Z4-Linear Goethals Codes and Kloosterman Sums, Designs, Codes and Crypt., 17 (1999), 1-3, 246-262. [16] T. Helleseth and A. Kholosha, Monomial and quadratic bent functions over the finite fields of odd characteristic, IEEE Trans. Inform. Theory, 52 (2006), 2018-2032. [17] Katz N. and Livne R., Sommes de Kloosterman et courbes elliptiques universelles en caracteris- tiques 2 et 3, C. R. Acad. Sci. Paris Ser. I Math., 309 (1989), 11, 723-726. [18] Lachaud, G. and Wolfmann, J., The Weights of the Orthogonals of the Extended Quadratic Binary Goppa Codes, IEEE Trans. Inform. Theory, 36 (1990), 3, 686-692. [19] R. Lidl and H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and Its Applications, Reading, MA: Addison Wesley, 20, 1983. [20] P. Lisonek, On the connection between Kloostermansums and elliptic curves, in: Proceedingsof the 5th InternationalConference on Sequences and Their Applications (SETA 2008)(S. Golomb et al. Eds., Lecture Notes in Computer Science, Springer, 5203 (2008), 182 - 187. [21] P.Lisonek,anbdM.Moisio,OnzerosofKloostermansums,Designs,CodesandCrypt.,59(2011), 1 - 3, 223 - 230. [22] A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer Academic Publishers, Boston- Dordrecht-London,1993. [23] M. Moisio, Kloosterman sums, elliptic curves, and irreducible polynomials with prescribed trace and norm, Acta Arithmetica, 132 (2008), 4, 329 - 350. [24] M. Moisio, The divisibility modulo 24 of Kloosterman sums on GF(2m), m even, Finite Fields and Their Appl., 15 (2009, 174 - 184. Kharkevich Institute for Problems of Information Transmission of the Russian Academy of Sciences,, Russia, 127994, Moscow, GSP-4, B. Karetnyi per. 19 E-mail address: [email protected], [email protected]

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users