Permutation polynomials of degree 8 over finite fields of characteristic
2
Xiang Fan
Abstract.
Up to linear transformations, we obtain a classification of permutation
polynomials (PPs) of degree 8 over F2r with r>3.
By [J. Number Theory 176 (2017) 46–66], a polynomial
f of degree 8 over F2r is exceptional if and
only if f−f(0) is a linearized PP. So it suffices to search for
non-exceptional PPs of degree 8 over F2r, which
exist only when r⩽9 by a previous result. This can be exhausted
by the SageMath software running on a personal computer. To facilitate
the computation, some requirements after linear transformations and
explicit equations by Hermite’s criterion are provided
for the polynomial coefficients. The main result is that a non-exceptional
PP f of degree 8 over F2r (with r>3) exists
if and only if r∈{4,5,6}, and such f is explicitly listed
up to linear transformations.
Key words and phrases:
Permutation polynomial; Exceptional polynomial; Hermite’s criterion; SageMath
2000 Mathematics Subject Classification:
11T06, 12Y05
1. Introduction
Let Fq denote the finite field of characteristic p
and order q=pr, and let Fq∗=Fq\{0}.
Reserve the letter x for the indeterminate of the polynomial ring
Fq[x] with coefficients in Fq. We call
f∈Fq[x] a permutation polynomial (PP) over
Fq if the induced map a↦f(a) permutes Fq.
Initiated by Hermite [9] and Dickson [4]
in the 19th century, the study of PPs has drawn much attention, with
more and more classes of PPs (with either nice appearance or certain
desired properties) found or constructed. Some classes of them have
significant applications in wide areas of mathematics and engineering
such as cryptography, coding theory, combinatorial designs. However,
the non-trivial problems of classification of PPs (of certain prescribed
forms) are still challenging.
Especially, the classification of PPs of a given degree d over
an arbitrary Fq is complete known only for d⩽7:
by Dickson’s 1896 thesis [4]
for d⩽5 with any q, and for d=6 with any odd q;
by Li, Chandler and Xiang [10]
in 2010 for d=6 or 7 with q=2r (for any r⩾3);
by the author’s recent work [5] for d=7 with any
odd prime power q.
The present paper aims for a classification of PPs of degree 8
over F2r (with any integer r>3) up to linear
transformations.
Similar to [5], our approach here is based on some
known results on exceptional polynomials. In this paper, an exceptional
polynomial over Fq is defined as a PP over Fq
which is also a PP over Fqm for infinitely many
integers m⩾1. Recall that Fq is of characteristic
p. A polynomial φ in Fq[x] of the form
φ(x)=∑s=0tcsxps (with all cs∈Fq)
is called a linearized polynomial. Clearly, a linearized polynomial
φ induces a Fp-linear map from Fq
to itself, so φ is a PP over Fq if and only
if Fq∗ contains no root of φ. On the one
hand, a linearized PP φ over Fq is always
exceptional. Indeed, let Fqk be the splitting field
of φ over Fq, then every Fqm∗
with gcd(m,k)=1 contains no root of φ. On the
other hand, the recent work of Bartoli, Giulietti, Quoos and Zini
[1, Proposition 7.1] showed
that a polynomial f∈F2r[x] (with r>3) of degree
8 is exceptional if and only if f(x)−f(0) is linearized and
has no root in F2r∗. Also note an explicit criterion
[4, §§58] for a linearized polynomial over
Fq to have no root in Fq∗. Combining
them, we get the following explicit determination of exceptional
polynomials of degree 8 over F2r (with r>3).
Lemma 1** **([1, Proposition 7.1]
and [4, §§58]).
A polynomial
f(x)=∑i=08aixi∈F2r[x] (with r>3,
all ai∈F2r and a8=0) is exceptional
over F2r if and only if a7=a6=a5=a3=0
(i.e. f(x)−a0 is linearized) and det(ci−jpj)0⩽i,j⩽r−1=0,
where
[TABLE]
and all other cs=0.
Thereafter, to complete the classification of PPs of degree 8 over
F2r (with r>3), it suffices to search for the
non-exceptional ones. It is well-known that a non-exceptional PP of
degree n exists over Fq only if q⩽Cn,
where Cn stands for a constant depending only on n. The proof
of this fact can be found in [3, 8, 14]
for abstract Cn, in [7] for Cn=n4,
in [2] for a bound less than n2(n−2)2,
and in [6] for
[TABLE]
where ⌊t⌋ denotes the greatest integer not exceeding
a real number t. When n=8, the last bound is 925, which indicates
the following lemma.
Lemma 2**.**
A non-exceptional PP of degree 8 exists over
F2r only if r⩽9.
In this paper, we search for non-exceptional PPs of degree 8 over
F2r (with 4⩽r⩽9), with the help
of SageMath [13], an
open-source computer algebra system with features covering many aspects
of mathematics, including algebra, calculus, combinatorics, graph
theory, number theory, numerical analysis and statistics. SageMath
uses a syntax resembling Python’s, which is easy to
understand for readers without prior programming experience. We run
all algorithms in this paper on the version 8.6 of SageMath.
Most of our efforts are devoted to reduce the number of searching
candidates for non-exceptional PPs. The structure of this paper is
as follows. Section 2 investigates linear transformations
of polynomials of degree 8 over F2r, and imposes
some constraints on the polynomial coefficients after linear transformations.
Section 3 establishes Algorithm 1 for explicit
equations on coefficients of PPs over F2r, by Hermite’s
criterion and a multinomial analogue of the Lucas theorem. Combining
constraints from Section 2 and equations as outputs
of Algorithm 1, we analysis the polynomial coefficients
of non-exceptional PPs of degree 8 in Section 4,
on a case-by-case basis for 4⩽r⩽9. It is verified
that all PPs of degree 8 over F2r with r∈{7,8,9}
are exceptional. For r∈{4,5,6}, we write explicit SageMath
codes to test all remaining candidates for non-exceptional PPs of
degree 8 over F2r. We also rewrite the SageMath
outputs as Theorem 8, 9, and
10, listing all non-exceptional PPs of degree 8
over F2r, up to linear transformations.
2. Linear Transformations
To reduce the number of candidates in our search for non-exceptional
PPs of degree 8 over F2r, we consider the classification
up to linear transformations. We say that two polynomials f and
g in Fq[x] are related by linear transformations
(linearly related for short) if there exist s,t∈Fq∗
and u,v∈Fq such that g(x)=sf(tx+u)+v. Linearly
related f and g hold the same degree, and f is a (non-exceptional)
PP over Fq if and only if so is g.
Each PP of degree 8 over F2r is linearly ralated
to some f∈F2r[x] in normalized form, i.e. f(x)=x8+∑i=17aixi
with all ai∈F2r. As we mentioned before, a
linearized PP must be exceptional. So (a7,a6,a5,a3)=(0,0,0,0)
for f to be non-exceptional. Furthermore, a case-by-case analysis
in Section 4 by Hermite’s criterion will show that (a7,a6,a5)=(0,0,0)
if f is a non-exceptional PP over F2r with 4⩽r⩽9.
For later use, up to linear transformations, more constraints on the
coefficients ai’s can be imposed by the following Proposition
3.
Proposition 3**.**
Let e be a generator of the multiplicative group
F2r∗. For each a∈F2r∗,
fix an element ω(a) in the set F2r\{u2+au:u∈F2r}.
Then each polynomial of degree 8 over F2r is
linearly ralated to some f(x)=x8+∑i=17aixi∈F2r[x]
with all ai∈F2r satisfying the following requirements
(R1)∼(R3):
(R1)* (a7,a6)∈{(1,0),(0,1),(0,0)}.*
(R2)* if (a7,a6)=(0,1), then a4∈{{0}{0,ω(a5)}if a5=0,if a5=0.*
(R3)* if a7=a6=0=a5, then a4=0 and
a5∈{{1}{1,e,e2}if r is odd,if r is even.*
Moreover, suppose (a7,a6,a5)=(0,0,0) and let g(x)=x8+∑i=17ai′xi∈F2r[x]
with all ai′∈F2r satisfying the same requirements
(R1)∼(R3), then f and g are linearly
related if and only if one of the following happens:
(i)* g=f.*
(ii)* g(x)=f(x+a5)−f(a5) with (a7,a6)=(0,1) and
a5(a3+a53)=0. In this case,*
[TABLE]
(iii)* r is even, a7=a6=a4=0=a5 and g(x)=t−8f(tx)
with t∈{e32r−1,e32(2r−1)}.*
Proof.
By definition, each polynomial of degree 8 over F2r
is linearly ralated to some h(x)=x8+∑i=17cixi∈F2r[x]
with all ci∈F2r. If c7=0, let f(x)=c7−8h(c7x+c7−1c6)−c7−8h(c7−1c6)=x8+x7+∑i=15aixi.
If c7=0=c6, let f(x)=c6−4h(c62r−1x)=x8+x6+∑i=15aixi.
If c7=c6=0, let f=h. In any case, h is linearly related
to f(x)=x8+∑i=17aixi with all ai∈F2r
satisfying (R1). Henceforth, we only need to adjust f
up to linear transformations, to meet (R2) and (R3).
(R2): Suppose (a7,a6)=(0,1). Then f(x)=x8+x6+∑i=15aixi
can be replaced by
[TABLE]
with an arbitrary u∈F2r. If a5=0, take u=a42r−1,
then f(x+u)−f(u) satisfies (R2). Hereafter assume a5=0.
Note that u↦u2+a5u gives a F2-linear
map from F2r to itself, so {u2+a5u:u∈F2r}
is a F2-linear subspace containing exactly one half
of the elements of F2r. Thus {u2+a5u:u∈F2r}
contains either a4 or a4+ω(a5) (but not both).
Take u∈F2r such that u2+a5u∈{a4,a4+ω(a5)},
then f(x+u)−f(u) satisfies (R2).
(R3): Suppose a7=a6=0=a5. If a4=0,
we can replace f(x)=x8+∑i=15aixi by
[TABLE]
with u=a5−1a4 annihilating the coefficient of x4.
Hereafter assume a4=0, and replace f by
[TABLE]
with an arbitrary t∈F2r∗. Let
[TABLE]
which is a complete set of coset representatives of F2r∗/{t3:t∈F2r∗}.
Certain t∈F2r∗ ensures that t−3a5∈Λ,
and thus t−8f(tx) satisfies (R3).
So far we have showed that each polynomial of degree 8 over F2r
is linearly ralated to some f(x)=x8+∑i=17aixi∈F2r[x]
with all ai∈F2r satisfying (R1)∼(R3).
In the following, suppose (a7,a6,a5)=(0,0,0) and let
f(x) be linearly related to g(x)=x8+∑i=17ai′xi∈F2r[x]
with all ai′∈F2r satisfying (R1)∼(R3).
By definition, there exist s,t∈F2r∗ and u,v∈F2r
such that
[TABLE]
Comparing the coefficients of x8, we see that s=t−8.
(1) Suppose (a7,a6)=(1,0). As a7′=st7a7=t−1=0,
(a7′,a6′)=(1,0) by (R1). So s=t=1. Comparing
the coefficients of x6, 0=a6′=a7u+a6=u. So v=g(0)−f(u)=0,
and f=g.
(2) Suppose (a7,a6)=(0,1). Note that
[TABLE]
so a7′=0=a6′=t−2. By (R1), (a7′,a6′)=(0,1)
and t2=1. So t=1, a5′=a5 and a4′−a4=u2+a5u.
By (R2), a4′=a4∈{0,ω(a5)}, and u∈{u∈F2r:u2+a5u=0}={0,a5}.
If u=0, then v=g(0)−f(u)=0 and f=g. Hereafter assume u=a5.
Note that
[TABLE]
So (a7′,a6′,a5′,a4′,a3′,a2′,a1′)=(a7,a6,a5,a4,a3,a2+a3a5+a54,a1+a3a52+a55).
In this case, f=g if and only if a5(a3+a53)=0.
(3) Suppose a7=a6=0=a5. Then a4=0 by (R3).
Note that
[TABLE]
So a7′=a6′=0, and a5′=t−3a5=0. By (R3),
a5=a5′=t−3a5 and 0=a4′=t−4a5u. Thus t3=1
and u=0. Therefore, g(x)=t−8f(tx) with some element t
in the set
[TABLE]
In this case, f=g only when r is even and t∈{e32r−1,e32(2r−1)}.
∎
3. Hermite’s Criterion
Dickson [4, §11] provided a criterion for
PPs over Fq on their coefficients. It is usually called
Hermite’s criterion as Dickson attributed its
prime field case to Hermite. Assuming some notations, we quote an
explicit version of it from [11].
Let N={m∈Z:m⩾0}. For m∈N
and f∈Fq[x], let [xm:f] denote the coefficient
of xm in f(x). In other words, for a nonzero polynomial f∈Fq[x],
we have f(x)=∑m=0deg(f)[xm:f]⋅xm and deg(f)=max{m∈N:[xm:f]=0}.
Lemma 4** (Hermite’s criterion [11, Theorem 7.6]).**
A necessary and sufficient condition for f∈Fq[x]
to be a PP over Fq is
[TABLE]
Recall how to calculate [xm:fk] with the help of multinomial
coefficients. For integers k, j1, j2, …, and
jt, define the multinomial coefficient as
[TABLE]
For f(x)=x8+∑i=17aixi∈F2r[x]
with all ai∈F2r, by the multinomial theorem,
[TABLE]
Let J(k,m) denote the set of all solutions (j1,j2,…,j8)∈N8
of the linear equations:
[TABLE]
Then [xm:fk]=(j1,…,j8)∈J(k,m)∑(j1,j2,…,j8k)a1j1a2j2a3j3a4j4a5j5a6j6a7j7.
Working over F2r, the calculation of multinomial
coefficients can be greatly simplified by the following multinomial
analogue (and corollary) of Lucas’s theorem [12, (137)].
Lemma 5**.**
[4, §§14]* Let
p be a prime, k=∑s=0lksps, and ji=∑s=0lji,sps
for 1⩽i⩽t, with all ks and ji,s∈{0,1,2,…,p−1}.
Then*
[TABLE]
In particular, p∤(j1,j2,…,jtk)
if and only if ks=j1,s+j2,s+⋯+jt,s for any 0⩽s⩽l.
For n=∑s=0⌊log2(n)⌋ns2s∈N
with all ns∈{0,1}, let
[TABLE]
When p=2 in Lemma 5, note that (j1,j2,…,jtk)≡1 (mod 2)
if and only if β(k) is the disjoint union ⨆i=1tβ(ji)
of its subsets β(j1),β(j2)…,β(jt) (i.e.
β(k)=⋃i=1tβ(ji) and β(ji)∩β(ji′)=\O
for any i=i′). Therefore,
[TABLE]
Suppose β(k)={s0,s1,…,sn−1}, then the set {(j1,j2,…,j8)∈N8:β(k)=⨆i=18β(ji)}
contains exactly 8n elements, which can be listed explicitly
by the one-to-one correspondence:
[TABLE]
By the above arguments, we can calculate the left hand side in Lemma
4 (Hermite’s criterion) for the k-th
power of a PP f(x)=x8+∑i=17aixi over Fq
(with q=2r) as
[TABLE]
with ji(u)=∑uv=i0⩽v<n2sv
for 0⩽i⩽7, where {s0,s1,…,sn−1}=β(k),
and u=∑v=0n−1uv8v with all uv∈{0,1,2,…,7}.
Algorithm 1 realizes HC(r,k,a7,a6,a5,a4,a3,a2,a1)
as a SageMath function. When running it, we can either input some
explicit values of ai, or input the indeterminate ai itself
as working over the polynomial ring F2[a1,a2,a3,a4,a5,a6,a7].
For example, we can calculate HC(5,27,a7,0,a5,1,a3,a2,a1)
by the following SageMath codes:
⬇
K.<a1,a2,a3,a4,a5,a6,a7> = PolynomialRing(GF(2))
HC(5,27,a7,0,a5,1,a3,a2,a1)
By Lemma 4 (Hermite’s criterion), an output
of HC for specifice r and k (such that 1⩽k⩽2r−2)
provides an explicit equation satisfied by the polynomial coefficients
of a PP over F2r.
4. Case by Case
In this section, we analysis non-exceptional PPs over F2r
of the form f(x)=x8+∑i=17aixi with all ai∈F2r
subject to requirements (R1)∼(R3) of Proposition
3, on a case-by-case basis for r∈{4,5,6,7,8,9},
in light of the aforementioned equations
[TABLE]
with 1⩽k⩽2r−2, from outputs of Algorithm 1
running on SageMath 8.6.
For later use, we define a SageMath function PP(q,e,a7,a6,a5,a4,a3,a2,a1)
in Algorithm 2 to examine whether f(x)=x8+∑i=17aixi
is a PP over Fq. The following Lemma 6
ensures that it suffices to check whether the values f(ej) for
0⩽j⩽⌊q−8q−1⌋ are distinct,
provided a generator e of the multiplicative group Fq∗.
Lemma 6** (Wan [15]).**
A polynomial f∈Fq[x]
of degree n⩾1 is a PP over Fq if its value
set {f(c):c∈Fq} contains at least ⌊q−nq−1⌋+1
distinct values.
Note that (a7,a6,a5,a3)=(0,0,0,0) for f to be
a non-exceptional PP over F2r.
Let e be a generator of the multiplicative group F2r∗.
For each a∈F2r∗, fix an element ω(a)
in the set F2r\{u2+au:u∈F2r}.
4.1. Case r=4, q=16
Note that
[TABLE]
If a7=a6=0, then a5=a3=0. As (a7,a6,a5,a3)=(0,0,0,0),
we have (a7,a6)=(0,0). By (R1), (a7,a6)=(1,0)
or (0,1).
(1) Suppose (a7,a6)=(1,0). Then a1=a53+a42
and a35=a24+a2.
(2) Suppose (a7,a6)=(0,1). Then a35=1 and a3=a53=0.
By (R2), a4∈{0,ω(a5)}.
Therefore, we write Algorithm 3 to search for all
non-exceptional PPs of degree 8 over F16 up to linear
transformations, and run it in SageMath 8.6.
In Algorithm 3, we take e as a root of the Conway
polynomial111The Conway polynomial Cp,n is a particular irreducible polynomial
of degree n over Fp named after John H. Conway by
Richard A. Parker, satisfying a certain compatibility condition proposed
by Conway. The Conway polynomial is chosen to be primitive, so that
each of its roots generates the multiplicative group Fpn.
See its wikipedia page
and Frank Lübeck’s webpage “Conway polynomials for finite fields
for more information. x4+x+1 in F16, which is a generator of the multiplicative
group F16∗. In the outputs, an element ei
of F16 is represented by the integer i such that
1⩽i⩽q−1, while the zero element of F16
is represented by [math].
The outputs of Algorithm 3 are 113 tuples of
the form (0,1,a5,a4,a3,a2,a1) such that a3=a53=0.
By Proposition 3, they are not linearly related to each
other, and correspond to all 113 linearly related classes of non-exceptional
PPs of degree 8 over F16.
To save space, we will write down the result up to a composition of
the Frobenius automorphism (F2r→F2r
with a↦a2) with itself, as the following Proposition
7 indicates.
Proposition 7**.**
For 1⩽r∈Z, let Γ(r)
be a subset of F2r∗ such that
[TABLE]
For each a∈Γ(r), fix an element ω(a) in the set
F2r\{u2+au:u∈F2r}.
Let h(x)=x8+x6+∑i=15cixi∈F2r[x]
with all ci∈F2r and c5=0. Then h(x)
is linearly related to some x8+x6+∑i=15ai2jxi∈F2r[x]
with 0⩽j⩽r−1, a5∈Γ(r), a4∈{0,ω(a)}
and all ai∈F2r. Moreover, h is a (non-exceptional)
PP over F2r if and only if so is x8+x6+∑i=15aixi.
Proof.
By definition, there exist a5∈Γ(r) and 0⩽j⩽r−1
such that c5=a52j. Let
[TABLE]
By the same arguments for (R2) of Proposition 3,
φ(x) is linearly related to some f(x)=x8+x6+a5x5+∑i=14aixi
with all ai∈F2r and a4∈{0,ω(a)}.
Then h(x) is linearly related to g(x)=x8+x6+a52jx5+∑i=14ai2jxi.
For 1⩽m∈Z, as F2rm→F2rm
(a↦a2j) is a field automorphism, h permutes F2rm
⇔ φ permutes F2rm ⇔
f permutes F2rm ⇔ g permutes
F2rm.
∎
Let us take Γ(4)={1,e,e3,e5,e7}. By Proposition
7, up to a composition of the Frobenius automorphism
with itself, we only need to pick up outputting tuples (0,1,a5,a4,a3,a2,a1)
such that a5∈{1,e,e3,e5,e7}, which gives the following
theorem.
Theorem 8**.**
Let e be a root of the Conway polynomial
x4+x+1 in F16. Each non-exceptional PP of degree
8 over F16 is linearly related to a polynomial of the
form x8+x6+∑i=15ai2jxi, with j∈{0,1,2,3}
and (a5,a4,a3,a2,a1)∈F165 in the
following list:
[TABLE]
Remark*.*
Outside the list of Theorem 8 are there four other
outputting tuples of Algorithm 3 with a5∈Γ(4)={1,e,e3,e5,e7}:
[TABLE]
The first three tuples are clearly equivalent to (1,0,1,e,1) up
to a composition of the Frobenius automorphism with itself. The last
tuple gives g(x)=x8+x6+x5+e3x4+x3+e4x2+e13x,
linearly related to g(x+e3)+e13=x8+x6+x5+e6x4+x3+e2x2+e26x,
corresponding to the tuple (1,e6,1,e2,e26) equivalent
to (1,e3,1,e,e13) up to the Frobenius automorphism. The list
of Theorem 8 for r=4 is actually complete and
non-repetitive up to compositions of linear transformations and Frobenius
automorphisms.
4.2. Case r=5, q=32
As HC(5,7,0,0,0,a4,a3,a2,a1)=a35, so
a3=0 if a7=a6=a5=0. As (a7,a6,a5,a3)=(0,0,0,0),
(a7,a6,a5)=(0,0,0). By (R1), (a7,a6)=(0,0),
(1,0) or (0,1).
(1) Suppose a7=a6=0=a5. By (R3), a5=1
and a4=0. We have a1=a35+a32 as
[TABLE]
(2) Suppose (a7,a6)=(1,0). Then HC(5,5,1,0,a5,a4,a3,a2,a1)=a3=0.
(3) Suppose (a7,a6)=(0,1). By (R2), a4∈{0,ω(a5)}
if a5=0; a4=0 if a5=0.
Therefore, we write Algorithm 4 to search for all
non-exceptional PPs of degree 8 over F32 up to linear
transformations, and run it in SageMath 8.6.
The outputs of Algorithm 4 are 20 tuples of
the form (0,1,a5,a4,a3,a2,a1) such that a5(a3+a53)=0.
By Proposition 3, they are linearly related into exactly
10 pairs, which correspond to all 10 linearly related classes
of non-exceptional PPs of degree 8 over F32.
In the outputs of Algorithm 4, a5∈{e,e2,e4,e8,e11,e13,e16,e21,e22,e26}.
By Proposition 7, up to a composition of the Frobenius
automorphism with itself, we only need to pick up outputting tuples
(0,1,a5,a4,a3,a2,a1) such that a5∈{e,e11}.
Theorem 9**.**
Let e be a root of the Conway polynomial
x5+x2+1 in F32. Each non-exceptional PP of
degree 8 over F32 is linearly related to one of
the following:
[TABLE]
with j running through the set {0,1,2,3,4}.
4.3. Case r=6, q=64
First, a7=0 as HC(6,9,a7,a6,a5,a4,a3,a2,a1)=a79.
Note that
[TABLE]
Note the relations: a3=0⇔a6=0⇒a53=a3a62=0.
Recall that (a6,a5,a3)=(0,0,0). If a6=0, then
a3=0=a5. In any case, we have a5=0. By (R1),
(a7,a6)=(0,0), or (0,1).
(1) Suppose (a7,a6)=(0,0). Already a3=0=a5.
By (R3), a4=0 and a5∈{1,e,e2}.
(2) Suppose (a7,a6)=(0,1). As mentioned above, a3=a53=0.
By (R2), a4∈{0,ω(a5)}.
Therefore, we write Algorithm 5 to search for all
non-exceptional PPs of degree 8 over F64 up to linear
transformations, and run it in SageMath 8.6. The outputs can be reworded
as the following theorem.
Theorem 10**.**
Let e be a root of the Conway polynomial
x6+x4+x3+x+1 in F64. Each non-exceptional
PP of degree 8 over F64 is linearly related to one
of the following:
[TABLE]
4.4. Case r=7, q=128
Theorem 11**.**
All PPs of degree 8 over F128 are exceptional.
Proof.
Let us prove it by reduction to absurdity. Suppose that f is a
non-exceptional PP of degree 8 over F128. Without
loss of generality, we can assume that f(x)=x8+∑i=17aixi
with all ai∈F128 satisfying requirements (R1)
and (R2) of Proposition 3. As we mentioned
in the introduction section, a linearized PP must be exceptional.
In particular, we note that:
(a7,a6,a5,a3)=(0,0,0,0);
(a7,a6)∈{(1,0),(0,1),(0,0)};
if (a7,a6,a5)=(0,1,0) then a4=0.
Note that
[TABLE]
If a7=a6=0, then a5=a3=0. So (a7,a6)=(0,0).
Thus (a7,a6)=(0,1) or (1,0).
(1) Suppose (a7,a6,a5)=(0,1,0). Then a4=0. Note
that
[TABLE]
If a3=0, then a2=a1=0, and f(x)=x8+x6 is not
a PP. So a3=0. Also note that
[TABLE]
Let a3=t2 with t∈F128∗. Then a2=t4+t3,
a1=a33+a22a3−1=t4, and
[TABLE]
Note that f(t+1)=t8+t5=f(t). So f is not a PP over F128.
(2) Suppose (a7,a6)=(0,1) and a5=0. Note that
[TABLE]
As a5=0, we have a3∈{0,a53}.
Suppose a3=0. Note that
[TABLE]
So a1=a521+a2a5. Also note that
[TABLE]
So a4=a264+a232a5+a510+a56+a54.
Then
[TABLE]
and 0=(a532+a516+a5)8=a52+a5+a58.
So a5 is a root of the Conway polynomial x7+x+1 in F128,
and a generator of the multiplicative group F128∗.
The following codes take an arbitrary root e of x7+x+1 as
the inputting value of a5.
⬇
F.<e> = GF(2^7,modulus=x^7+x+1)
L.<a2> = PolynomialRing(F)
HC(7,31,0,1,e,a2^64+a2^32e+e^10+e^6+e^4,0,a2,e^21+a2e)%(a2^128-a2)
Here “%” is the modulus operator, giving the reduction
of a polynomial (in F128[a2]) modulo a2128−a2.
However, the output is a non-zero constant e2+e in F128.
This makes a contradiction.
Suppose a3=a53. Note that
[TABLE]
So a1=a57+a55+a4a53+a2a5, and
[TABLE]
Note that f(a5)=0=f(0) with a5=0. So f is not a
PP over F128.
(3) Suppose (a7,a6)=(1,0). Note that
[TABLE]
So a1=a53+a42 and a2=a333. Also note
that
[TABLE]
So a42a5+a3a52+a32=0. Thus a4=a364a564+a3a563,
and a1=a53+a3a5+a32a5126. Then (a3,a5)∈F128×F128∗
is a common solution of three equations:
[TABLE]
which can be solved by the following SageMath codes:
⬇
F.<e> = GF(2^7,modulus=x^7+x+1)
M.<a3,a5> = PolynomialRing(GF(2))
h23 = HC(7,23,1,0,a5,a3^64a5^64+a3a5^63,a3,a3^33,a5^3+a3a5+a3^2a5^126)
h29 = HC(7,29,1,0,a5,a3^64a5^64+a3a5^63,a3,a3^33,a5^3+a3a5+a3^2a5^126)
h31 = HC(7,31,1,0,a5,a3^64a5^64+a3a5^63,a3,a3^33,a5^3+a3a5+a3^2a5^126)
for (b,c) in [(b,c) for b in F for c in F if c!=0]:
if h23(b,c)==h29(b,c)==h31(b,c)==0:
print(b,c)
Nothing is printed in the output, which means that these three equations
on (a3,a5) have no common solution in F128×F128∗.
This makes a contradiction.
∎
4.5. Case r=8, q=256
Theorem 12**.**
All PPs of degree 8 over F256 are exceptional.
Proof.
Let us prove it by reduction to absurdity. Suppose that f is a
non-exceptional PP of degree 8 over F256. Without
loss of generality, we can assume that f(x)=x8+∑i=17aixi
with all ai∈F256 satisfying requirements (R1)
of Proposition 3. As we mentioned in the introduction
section, a linearized PP must be exceptional. In particular, we note
that:
(a7,a6,a5,a3)=(0,0,0,0);
(a7,a6)∈{(1,0),(0,1),(0,0)}.
Note that
[TABLE]
If a7=a6=0, then a5=a3=0. So (a7,a6)=(0,0).
Thus (a7,a6)=(0,1) or (1,0).
(1) Suppose (a7,a6)=(0,1). Note that
[TABLE]
So a3=a53=0. Also note that
[TABLE]
So a1=a57+a55+a4a53+a2a5, and
[TABLE]
Note that f(a5)=0=f(0) with a5=0. So f is not a
PP over F256.
(2) Suppose (a7,a6)=(1,0). Then HC(8,37,1,0,a5,a4,a3,a2,a1)=a3=0.
Note that
[TABLE]
Therefore, either a2=0 or a1=a53+a42. Also
note that
[TABLE]
So a1=0. Then
[TABLE]
and thus a5=(a532)8=a296. Further, if a2=0,
then a5=a296=0, and a4=0 as
[TABLE]
while f(x)=x8+x7 is not a PP. Therefore, a2=0 in
this case. So a42=a53=(a296)3=a2288,
and a4=a2144. As
[TABLE]
we have a2382=1, and a2=1 as gcd(382,255)=1.
Then a5=a4=a2=1, a3=a1=0, and
[TABLE]
This makes a contradiction.
∎
4.6. Case r=9, q=512
Theorem 13**.**
All PPs of degree 8 over F512 are exceptional.
Proof.
Let us prove it by reduction to absurdity. Suppose that f is a
non-exceptional PP of degree 8 over F512. Without
loss of generality, we can assume that f(x)=x8+∑i=17aixi
with all ai∈F512 satisfying requirements (R1),
(R2) and (R3) of Proposition 3.
As we mentioned in the introduction section, a linearized PP must
be exceptional. In particular, we note that:
(a7,a6,a5,a3)=(0,0,0,0);
(a7,a6)∈{(1,0),(0,1),(0,0)};
if (a7,a6,a5)=(0,1,0), then a4=0;
if a7=a6=0=a5, then (a5,a4)=(1,0).
As HC(9,73,a7,a6,a5,a4,a3,a2,a1)=a773=0,
(a7,a6)=(0,0) or (0,1). Note that
[TABLE]
If a6=a5=0, then a3=0. Recall that (a7,a6,a5,a3)=(0,0,0,0),
so (a6,a5)=(0,0).
(1) Suppose a7=a6=0=a5. Then (a5,a4)=(1,0).
Note that
[TABLE]
So a3=a1=a2=0, and f(x)=x8+x5 is not a PP over
F512.
(2) Suppose (a7,a6,a5)=(0,1,0). Then a4=0. Note
that
[TABLE]
If a3=0, then a2=a1=0 and f(x)=x8+x6 is not
a PP. So a3=0. Note that
[TABLE]
Let a3=t2 with t∈F512∗. Then a2=t4+t3,
a1=a33+a22a3−1=t4, and
[TABLE]
Note that f(t+1)=t8+t5=f(t). So f is not a PP over F512.
(3) Suppose (a7,a6)=(0,1) and a5=0. Note that
[TABLE]
So a3=a53. Also note that
[TABLE]
So a1=a57+a55+a4a53+a2a5, and
[TABLE]
Note that f(a5)=0=f(0) with a5=0. So f is not a
PP over F512.
∎
Acknowledgements. This work was supported by the
Natural Science Foundation of Guangdong Province [No. 2018A030310080].
The author was also sponsored by the National Natural Science Foundation
of China [No. 11801579]. Special thanks go to my lovely newborn
daughter, without whose birth should this paper have come out much
earlier.