A link between two classes of permutation polynomials

A link between two classes of permutation polynomials

Finite Fields and Their Applications 63 (2020) 101641 Contents lists available at ScienceDirect Finite Fields and Their Applications www.elsevier.co...
Download PDF
410KB Sizes 0 Downloads 36 Views
Report

Finite Fields and Their Applications 63 (2020) 101641

Contents lists available at ScienceDirect

Finite Fields and Their Applications www.elsevier.com/locate/ffa

A link between two classes of permutation polynomials ✩ Kangquan Li a , Longjiang Qu a,b , Yue Zhou a a

College of Liberal Arts and Sciences, National University of Defense Technology, Changsha, 410073, China b State Key Laboratory of Cryptology, Beijing, 100878, China

a r t i c l e

i n f o

Article history: Received 18 May 2019 Received in revised form 6 October 2019 Accepted 13 January 2020 Available online xxxx Communicated by Qiang Wang MSC: 11T06 11T55 Keywords: Finite field Permutation polynomial Hasse-Weil bound

a b s t r a c t The study of permutation polynomials over finite fields has attracted many scholars’ attentions due to their wide applications and there are several different forms of permutations over finite fields. However, there is little literature on the relation between different forms of permutations. In this paper, we find an equivalent relation between  n  permutation polynomials of the form f (x) = xh x2 −1 over H1 (Δ) F22n and permutations of the form F (x) = H (Δ)+H +x (Δ) 1

2

1 on F2n , where Δ = x2 +x+δ , δ ∈ F2n with Tr2n (δ) = 1 and H1 , H2 are the x-coordinate and 1-coordinate of h (see Definition 2.4), respectively. A special  case with H1 + H2 = 1,

which means F (x) = H1

1 x2 +x+δ

+x, has been already stud-

ied [8,16,21,22]. We summarize the known permutations and then construct 8 new classes of permutations of such form, from which one  ncanderive some permutation polynomials of the form xh x2 −1 over F22n directly. Finally, we give an

✩ This work is supported by the Nature Science Foundation of China (NSFC) under Grant 61722213, 11531002, 61572026, National Key R&D Program of China (No. 2017YFB0802000), and the Open Foundation of State Key Laboratory of Cryptology. E-mail addresses: [email protected] (K. Li), [email protected] (L. Qu), [email protected] (Y. Zhou).

https://doi.org/10.1016/j.ffa.2020.101641 1071-5797/© 2020 Elsevier Inc. All rights reserved.

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

2

 asymptotic result about

1 x2 +x+δ

2k + x to be a permutation

over F2n using the Hasse-Weil bound. © 2020 Elsevier Inc. All rights reserved.

1. Introduction Let q be a prime power and Fq be the finite field with q elements. A polynomial f (x) ∈ Fq [x] is called a permutation polynomial (PP) if the induced mapping x → f (x) is a permutation on Fq . The study of PPs over finite fields has caught scholars’ attentions recently due to their wide applications in coding theory [6,13], cryptography [19] and combinatorial designs [7]. In the recent survey about PPs by Hou [9], we can find that there are several different   forms of PPs over finite fields, such as PPs of the form xr h x(q−1)/ over Fq with  | (q − 1), permutation  and trinomials, PPs defined by functional equations,  k binomials p PPs of the form h x − x + δ + L(x) and so on. In fact, there exist some intersections and connections among these PPs of different forms in various ways. For example, it   is well-known that some permutation trinomials are also of the form xr h xq−1 over Fq2 , which are also called PPs with Niho exponents and have been summarized by Li and Zeng [17]. Recently, using AGW Criteria [1], Zheng,Yuan and Yu [24] found a k

relation between PPs over Fqm of the form h xq − x + δ + cx and ones of the form k

h(x)q − h(x) + cx over the same finite field Fqm . In this paper, our motivation is to find more relations among permutations of different forms over finite fields with even characteristic. Using the multiplicative version of AGW Criterion (see Lemma 2.2) and a rational function of degree 1 from F2n ∪ {∞} to μ2n +1 , n where μ2n +1 := {x ∈ F22n | x2 +1 = 1}, we find an equivalent relation between PPs of the  2n −1  H1 (Δ) form f (x) = xh x over F22n and permutations of the form F (x) = H1 (Δ)+H +x 2 (Δ) 1 on F2n , where Δ = x2 +x+δ , δ ∈ F2n with Tr2n (δ) = 1 (Tr2n denotes the absolute trace n−1

function over F2n , i.e., Tr2n (x) = x + x2 + · · · + x2 for any x ∈ F2n ) and H1 , H2 are the x-coordinate and 1-coordinate (see Definition 2.4) ofh, respectively. Particularly,  1 when H1 + H2 always equals 1, then F (x) = H1 x2 +x+δ + x, which has been widely  2n −1  over F22n directly. studied. Thus we can construct many PPs ofthe form  xh x 1 Besides known permutations of the form H1 x2 +x+δ + x, we also present 8 classes k

of permutations of such form. When H1(x) = x2 , it is well-known that Helleseth and  1 Zinoviev [8] showed that if H1 x2 +x+δ + x permutes F2n , the integer k gives rise to certain identities for the Kloosterman sums over F2n and they proved that for k = 0, 1,  2k 1 + x is indeed a permutation over F2n . However, from experimental results x2 +x+δ  2k 1 by MAGMA, it seems that there is no other positive integer k such that x2 +x+δ +x

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

3

is a permutation over F2n . Motivated by the experimental results, the other part of this  2k 1 paper is devoted to an asymptotic result about x2 +x+δ + x to be a permutation over F2n when k > 3n 4 . The main tool is the Hasse-Weil bound. More applications of the Hasse-Weil bound to PPs recently can be found in [2,10–12]. The remainder of this paper is organized as follows. In Section 2, we present the equivalent relation between two permutations of different forms. Using a special case 1 of this relation, in Section 3, we construct permutations of the form H x2 +x+δ +x  2n −1  over F22n after a summary of known results. over F2n and ones of the form xh x Finally, in Section 4, we use the Hasse-Weil bound to prove an asymptotic result about  2k 1 + x to be a permutation over F2n . Throughout this paper, we use x−1 to x2 +x+δ n

denote x2 for mappings of μ2n +1 in this paper. 2. An equivalence between permutations of two forms   k k Connections between permutations of the form h xq − x + δ + cx and h(x)q − h(x) + cx have been already investigated, see [24]. Two classes of permutations, one  n  1 of which is of the form xr h x2 −1 over F22n and the other with x2 +x+δ over F2n , have been studied adequately, see [8,16,21,22]. In this section, we give an equivalent relation between these two classes of permutations. Particularly, we assume r = 1 and the coefficients of h(x) belong to F2n . In 2011, Akbary, Ghioca and Wang [1] gave the following result, which is called the AGW Criterion. Lemma 2.1. ([1], AGW Criterion) Let A, S and S be finite sets with #S = #S, and let ¯ ◦ φ = ψ ◦ λ. If φ : A → A, ψ : S → S, λ : A → S and λ : A → S be maps such that λ ¯ both λ and λ are surjective, then the following statements are equivalent: (i) φ is a bijection; and (ii) ψ is a bijection from S to S and φ is injective on λ−1 (s) for each s ∈ S. The AGW Criterion can be represented by the following simple diagram. A

φ

A

λ

λ

S

ψ

S

  In the AGW Criterion, let A = Fq , φ(x) = xr h x (q−1)/ , S = S = μ and λ = λ = x (q−1)/ , we can directly obtain the following multiplicative version of the AGW Criterion. In fact, the AGW Criterion is a generalization of the following lemma obtained by several authors [18,20,23].

4

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

Lemma 2.2. [18,20,23] Pick , r > 0 with  | q − 1, and let h(x) ∈ Fq [x]. Then f (x) =   xr h x (q−1)/ permutes Fq if and only if both (1) gcd (r, (q − 1)/ ) = 1 and (2) xr h(x) (q−1)/ permutes μ .  n  Lemma 2.2 reduces the problem of proving that f (x) = xh x2 −1 permutes F22n to n the determination of g(x) = xh(x)2 −1 permuting μ2n +1 . Based on Lemma 2.2, a further reduction using the additive version of the AGW Criterion was introduced in [15]   inwhich  n 2 ∗ A = μ2n +1 , φ = g, λ = λ = x +x , S = S = {0} ∪T with T = η ∈ F2n : Tr2n η1 = 1 and ψ is a rational function over T . It should be noted that the method of [15] is suitable for any characteristic. n In this paper, we use the additive mapping λ = x + x2 : μ2n +1 → S = {0} ∪ T .  n Clearly, the mapping λ is 2-to-1 except a unique point x = 1. Moreover, λ(x) = λ x2 , i.e. λ(x−1 ) for any x ∈ μ2n +1 \{1}. The following algorithm will be needed in the sequel. Algorithm 2.3. Let x ∈ μ2n +1 and η = x + x−1 . 1: Input h(x); 2: Plugging x2 = ηx + 1 into h(x) and simplifying h(x) completely; 3: Output the coefficients H1 (η), H2 (η) of h(x) such that h(x) = H1 (η)x + H2 (η). For convenience, we introduce the following definition. Definition 2.4. Let h(x) ∈ F2n [x]. The outputs H1 (x) and H2 (x) in Algorithm 2.3 are called x-coordinate and 1-coordinate of h(x), respectively. According to Algorithm 2.3, it is clear that for any x ∈ μ2n +1 ,h(x) H1 (η)x +H2 (η),  = 1 2n −1 ∗ n where η = x + x , i.e., x + x and η ∈ {0} ∪ η ∈ F2n : Tr2 η = 1 . Furthermore, n

since for i = 1, 2, Hi (x) ∈ F2n [x], Hi (η)2 = Hi (η), H1 and H2 are mappings from F2n to F2n . In return, given mappings H1 (x), H2 (x) ∈ F2n [x], we have     n n h(x) = H1 x + x2 x + H2 x + x2 . The following is an example to illustrate what we discussed above. Example 1. Let h(x) = 1 + x2 + x−1 : μ2n +1 → F22n . Then h(x) = 1 + ηx + 1 + η + x = (η + 1)x + η. Therefore, H1 (η) = η + 1 and H2 (η) = η in this case. Conversely, when     H1 (x) = x + 1 and H2 (x) = x, we have h(x) = H1 x + x−1 x + H2 x + x−1 =   x + x−1 + 1 x + x + x−1 = x2 + x−1 + 1. By the way, we note that h(x) actually is n 1 + x2 + x2 in this example because we use x ∈ μ2n +1 to derive H1 (x), H2 (x) from h(x).

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

5

Next, we give the main theorem of this section.  n  Theorem 2.5. Let f (x) = xh x2 −1 , where h(x) ∈ F2n [x]. Let H1 and H2 be the xcoordinate and 1-coordinate of h, respectively. Let δ be an arbitrary element in F2n with H1 (Δ) Tr2n (δ) = 1. Then f permutes F22n if and only if F (x) = H1 (Δ)+H + x permutes 2 (Δ) 1 F2n , where Δ = x2 +x+δ .     Proof. It is clear that h(x) = H1 x + x−1 x + H2 x + x−1 for any x ∈ μ2n +1 and h(x) = 0 for any x ∈ μ2n +1 if f permutes F22n . According to Lemma 2.2, f permutes n F22n if and only if g permutes μ2n +1 , where g(x) = xh(x)2 −1 , i.e.,     H1 x + x−1 + H2 x + x−1 x . g(x) = H1 (x + x−1 ) x + H2 (x + x−1 ) By Tr2n (δ) = 1 and Lemma 3.2, the equation x2 + x + δ = 0 has no solution in F2n and n n we assume γ ∈ F22n is a solution. Then γ + γ 2 = 1 and γ 2 +1 = δ. n 2 n n Let ϕ(x) = x+γ x+γ . Then ϕ(x) is from F2 ∪ {∞} to μ2 +1 with ϕ(∞) = 1. Moreover, 2n

+γx 1 ϕ(x) + 1 = x+γ and ϕ−1 (x) = γ x+1 . Since g(1) = h(1)2 −1 = 1, we have ϕ−1 ◦ g ◦ −1 ϕ(∞) = ϕ (1) = ∞. Therefore, g(x) permutes μ2n +1 if and only if ϕ−1 ◦ g ◦ ϕ permutes F2n . In the following, it suffices to compute ϕ−1 ◦ g ◦ ϕ. Firstly, for any x ∈ F2n , we have n

ϕ(x) +

1 ϕ(x)

n

=

x+γ x + γ2 + x+γ x + γ 2n

=

γ2 + γ2 n 2 2 x + (γ + γ ) x + γ 2n +1

=

1 , x2 + x + δ

n+1

n

n

since γ + γ 2 = 1 and γ 2

+1

= δ. For convenience, we let Δ =

g(ϕ(x)) = n

n

and using γ + γ 2 = 1, γ 2

+1

n

=

1 (Δ)+H2 (Δ)ϕ(x) γ2 + γ H H1 (Δ)ϕ(x)+H2 (Δ)

H1 (Δ)+H2 (Δ)ϕ(x) H1 (Δ)ϕ(x)+H2 (Δ)

H1 (Δ) + H2 (Δ)ϕ(x) H1 (Δ)ϕ(x) + H2 (Δ)

= δ and ϕ(x) + 1 =

ϕ−1 ◦ g ◦ ϕ(x)

+1

1 x2 +x+δ .

1 x+γ ,

we obtain

Moreover,

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

6 n

γ 2 (H1 (Δ)ϕ(x) + H2 (Δ)) + γ (H1 (Δ) + H2 (Δ)ϕ(x)) = H1 (Δ) + H2 (Δ)ϕ(x) + H1 (Δ)ϕ(x) + H2 (Δ) n

n

γ 2 H1 (Δ)ϕ(x) + γ 2 H2 (Δ) + γH1 (Δ) + γH2 (Δ)ϕ(x) = (H1 (Δ) + H2 (Δ)) (ϕ(x) + 1)   n   n n n γ 2 H1 (Δ) x + γ 2 + γ 2 H2 (Δ) + γH1 (Δ) (x + γ) + γH2 (Δ) x + γ 2 = H1 (Δ) + H2 (Δ) =

H1 (Δ)x + H2 (Δ)x + H1 (Δ) H1 (Δ) + H2 (Δ)

=

H1 (Δ) +x H1 (Δ) + H2 (Δ)

We have finished the proof. 2 In Theorem 2.5, we find an equivalent relation between permutations of the form  n  H1 (Δ) f (x) = xh x2 −1 over F22n and those of the form F (x) = H1 (Δ)+H +x on F2n , where 2 (Δ) 1 n n Δ = x2 +x+δ , δ ∈ F2 with Tr2 (δ) = 1 and H1 , H2 are the x-coordinate and 1-coordinate   1 of h, respectively. When H1 (x) + H2 (x) = 1 for any x ∈ F2n , F (x) = H1 x2 +x+δ + x, which has been studied by many researchers [8,16,21,22]. Consequently, we can obtain  2n −1  plentiful PPs of the form f (x) over F22n from permutations over F2n of   = xh x the form F (x) = H1 of the two forms.

1 x2 +x+δ

+ x. In the next section, we first consider permutations 

3. Permutations of the forms H

1 x2 +x+δ



 n  + x and xh x2 −1

  1 In this section, we mainly review and construct permutations of the form H x2 +x+δ +  2n −1  over F22n by Theorem 2.5. x over F2n and then obtain permutations of form xh x In Theorem 2.5, we assume H1 (x) + H2 (x) = 1 for any x ∈ F2n and use H(x) to denote H1 (x). Then we can get the following result directly from Theorem 2.5. Corollary 3.1. Let H(x) ∈ F2n [x]. Let δ be arbitrary element in F2n with Tr2n (δ) = 1.   n  n 2n n Then f (x) = x2 + x H x2 −1 + x2 −2 + x permutes F22n if and only if F (x) = H (Δ) + x permutes F2n , where Δ =

1 x2 +x+δ .

The following two lemmas are about solutions of equations and will be needed later. Lemma 3.2. [14] Let u, v ∈ F2n and u = 0. Then the quadratic equation x2 + ux + v = 0   has solutions in F2n if and only if Tr2n uv2 = 0. Lemma 3.3. [4] Let u, v ∈ F2n , where v = 0. Then equation x3 + ux + v = 0   3 the cubic has a unique solution in F2n if and only if Tr2n uv2 + 1 = 0.

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

7

Next, we recall some known permutations and present some new ones of the form 1 H x2 +x+δ + x, where H(x) are monomials, binomials or trinomials, respectively. 3.1. H(x) = αxs Let δ ∈ F2n with Tr2n (δ) = 1 and k ≥ 0 be an integer. In [8], Helleseth and Zi 2k 1 + x permutes F2n , identities for the Kloosterman noviev claimed that if x2 +x+δ sums over F2n can be determined by the integer k. They also proved that for k = 0 or  2k 1 1, x2 +x+δ + x does permute F2n . Furthermore, Yuan and Ding continued to study s  permutations of the form x2 + x + δ + x over F2n in [21]. The following lemma is a  s summary about known permutations with the form of x2 + x + δ + x over F2n .  s Lemma 3.4. Let δ ∈ F2n and Tr2n (δ) = 1. Then F (x) = x2 + x + δ + x permutes F2n when one of the following holds: 1) 2) 3) 4)

s = −1, −2 [8]; n is odd and 3s ≡ 1 (mod 2n − 1) [21]; n is even and s = 2n−1 − 2n/2−1 [21]; n+1 n/2 n ≡ 0 (mod 4) and s = 2 −23 −1 [21];

From experimental search, we find that there is a general result about such permutations. Theorem 3.5. Let m be a positive integer, n = 2m and α, δ be arbitrary elements in F2n  2n−1 −2m−1 with α ∈ F2m and Tr2n (δ) = 1. Then F (x) = α x2 + x + δ + x permutes F2n . Proof. It suffices to show that for any a ∈ F2n , F (x) = a, or equivalently F (x)2 = a2 , i.e.,  1−2m α 2 x2 + x + δ = a2 + x2

(1)

has a unique solution in F2n . Taking the (2m + 1)-th power of Eq. (1), we have  2 2 2m +1 2 2 x +a = 1. Thus there exists certain ∈ μ2m +1 such that x α+a = 2 , i.e., 2 α2 x = a + α . Plugging it into Eq. (1) and after simplifying, we obtain 

m+1

a2

 m   m m m+1 + a2 + δ 2 + α2 2 + α2 + α + a2 + a + δ + α2 = 0.

  m+1 Since α ∈ F2m , we have Tr2n δ + α2 = Tr2n (δ) = 1, which means that a2 + a + δ +   m m+1 m+1 1−2 α2 = 0 for any a ∈ F2n . Thus 2 = a2 + a + δ + α2 and Eq. (1) has only one solution in F2n . 2

8

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

Together with Corollary 3.1, Lemma 3.4 and Theorem 3.5, we can obtain some per n  mutations with the form xh x2 −1 over F22n as follows.   n  n 2n n s Corollary 3.6. Let f (x) = α x2 + x x2 −1 + x2 −2 + x. Then f (x) permutes F22n when one of the following conditions holds: 1) 2) 3) 4)

α = 1, s = 1 or 2; n is odd, α = 1 and 3s ≡ −1 (mod 2n − 1); n is even, α ∈ F2n/2 and s = 2n−1 − 2n/2−1 ; n+1 n/2 n ≡ 0 (mod 4), α = 1 and s = 2 −23 −1 ;

3.2. H(x) = xs1 + xs2 Recently, the authors of [16,22] constructed permutation polynomials of the form s1  i s2  i + x2 + x + δ + x, x2 + x + δ where i, s1 , s2 are integers and δ ∈ F2n , and some new permutation polynomials with the form were presented. We mainly summarize the results of the case i = 1 as follows. Lemma 3.7. [16,22] Let δ be arbitrary element in F2n with Tr2n (δ) = 1. Then F (x) =  2  s1  2 s2 x +x+δ + x +x+δ + x permutes F2n when one of the following holds: 1) (s1 , s2 ) = (−2, −4);   2) n = 3m and (s1 , s2 ) = 22m +1, 2m + 1 ; 3) n ≡ 1 (mod 4) and (s1 , s2 ) = 4) n ≡ 2 (mod 4) and (s1 , s2 ) = 5) n ≡ 3 (mod 4) and (s1 , s2 ) = 6) n ≡ 1 (mod 3) and (s1 , s2 ) =

n 3(2n −2) + 1, 4(2 5−2) 5  2n +1 3·2n −2  ;  5 , 5  n+1  n+1 −1 2 −1 2 2 , ; 5 5

 

2n+2 −1 6·2n −5 , 7 7

 +1 ;



; 

7) n ≡ 0 (mod 2) and (s1 , s2 ) = 2 3 +1 , 5·2 3 −1 ;  n  n 8) n even and (s1 , s2 ) = 2 3−1 + 2j , 2·(2 3 −1) + 2j , j ∈ {0, n − 1}. n−1

n−1

  s1   s2  s2 When s1 = 1, F (x) +δ = x2 + x + δ + x2 + x + δ +x +δ = x2 + x + δ +x2 .  2n−1 ·s2 Then F (x) permutes F2n if and only if x2 + x + δ +x permutes F2n . In addition,    2s2 2  2s2 when s1 = 2n−1 , F (x)2 +δ = x2 + x + δ + x2 + x + δ +x +δ = x2 + x + δ +x.  2 2·s2 Then F (x) permutes F2n if and only if x + x + δ + x permutes F2n . Namely, when n−1 s1 = 1 or 2 , the binomial H(x) can be reduced to the monomial case. Thus we only have to consider the case s1 , s2 = 1, 2n−1 .

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

9

  Theorem 3.8. Let n = 2m and (s1 , s2 ) = 2n−2 − 2m−2 , 2n−1 . Let δ be arbitrary element   s1  2  s2 in F2n with Tr2n (δ) = 1. Then F (x) = x2 + x + δ + x +x+δ + x is a PP over F2n . Proof. It suffices to show that for any a ∈ F2n , F (x) = a, or F (x)4 = a4 equivalently, has only one solution in F2n . Simplifying F (x)4 = a4 , we have     m+1 m m x2 + x + δ = x2 + δ 2 + a4 x2 + x2 + δ 2 .

(2)

Taking the (2m + 1)-th power of Eq. (2), we obtain 

x 2 + δ 2 + a4

2m +1

= 1.

Thus there exists certain ∈ μ2m +1 such that x + δ + a2 = . Then x = + a2 + δ. Plugging it into Eq. (2), we get   m+2 m+1 m+1 2 + + a4 + a2 + δ 2 = 2 −2 + −1 + a2 + a2 + δ2 , i.e., =

a

a2 + a + δ + 1 , + a2m + δ 2m + 1

2m+1

where for any a ∈ F22m , a2 + a + δ + 1 = 0 since Tr2n (δ + 1) = 1. Thus x = a2 +a+δ+1 + a2 + δ is the unique solution of F (x) = a. 2 a2m+1 +a2m +δ 2m +1 Theorem 3.9. Let  δ be arbitrary element in F2n , n ≡ 2 (mod 3) and (s1 , s2 ) =  n+1  n+1  s1   s2 −1 2 −1 3· 2 , . Then F (x) = x2 + x + δ + x2 + x + δ +x is a PP over F2n . 7 7 Proof. It suffices to show that for any a ∈ F2n , F (x) = a has a unique solution in F2n . Since gcd (7, 2n − 1) = 1, there exists a unique y such that x2 + x + δ = y 7 for any given x ∈ F2n . Together with F (x) = a, we have y 3 + y + x = a. Thus x = y 3 + y + a. Plugging it into x2 + x + δ = y 7 , we obtain y 7 + y 6 + y 3 + y 2 + y + a2 + a + δ = 0. Assume y = z + 1 in the above equation and we get z 7 + z 5 + z = a2 + a + δ + 1, which has a unique solution in F2n since D7 (z) = z 7 + z 5 + z, the first kind Dickson polynomial of order 7, permutes F2n . Therefore, F (x) = a has a unique solution in F2n for any a ∈ F2n . 2   s1 Theorem 3.10. Let δ be arbitrary element in F2n . Then F (x) = x2 + x + δ +  s2  2 + x is a PP over F2n when one of the following conditions satisfies: x +x+δ

10

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

1) n ≡ 0 (mod 3) and (s1 , s2 ) = 2) n ≡ 1 (mod 6) and (s1 , s2 ) =

 

2n+1 +2 2n+1 −1 , 3 9 5·2 −1 2 , 9 n

n+1

3

−1





; .

Proof. It suffices to prove that for any a ∈ F2n , F (x) = a has a unique solution in F2n . Since gcd (9, 2n − 1) = 1, there exists a unique y such that x2 + x + δ = y 9 for any given x ∈ F2n . Together with F (x) = a, we have y 4 + y 3 + x = a for both cases. Thus x = y 4 + y 3 + a. Plugging it into x2 + x + δ = y 9 , we obtain y 9 + y 8 + y 6 + y 4 + y 3 + a2 + a + δ = 0.  3 Assume y = z + 1 in the above equation and we get z 3 + 1 = a2 + a + δ, which has a unique solution in F2n since gcd (3, 2n − 1) = 1. Therefore, F (x) = a has a unique solution in F2n for any a ∈ F2n . 2  s1  2  s2 + x +x+δ + x, we Using the above permutations of the form x2 + x + δ have the following corollary.   n   n 2n n Corollary 3.11. Let f (x) = x2 + x H x2 −1 + x2 −2 + x, where H(x) = xt1 + xt2 , t1 ≡ −s1 (mod 2n − 1) and t2 ≡ −s2 (mod 2n − 1). Then f permutes F22n when n and (s1 , s2 ) satisfy one of these conditions in Lemma 3.7, Theorems 3.8, 3.9 and 3.10. 3.3. H(x) = xs1 + xs2 + xs3  In this subsection, we present three classes of permutations of the form H with H(x) = xs1 + xs2 + xs3 over F2n . 

1 x2 +x+δ

 +x

 n+1 − 1, 2 3 −1 , 2n − 2 . Let δ be ar  s1   s2 bitrary element in F2n with Tr2n (δ) = 1. Then F (x) = x2 + x + δ + x2 + x + δ +  s3  2 + x is a PP over F2n . x +x+δ Theorem 3.12. Let n be odd and (s1 , s2 , s3 ) =

2n+1 −1 3

Proof. It suffices to prove that for any a ∈ F2n , F (x) = a has at least one solution in F2n . Since gcd (3, 2n − 1) = 1, there exists a unique y such that x2 + x + δ = y 3 for any given x ∈ F2n . With F (x) = a, we have y +y −2 +y −3 = a. Namely, x = y +y −2 +y −3 +a. Plugging it into x2 + x + δ = y 3 , we get y 9 + y 7 + (b + 1) y 6 + y 5 + by 4 + (b + 1)y 2 + y + b + 1 = 0, where b = a2 + a + δ. It is routine to check that the following factorization holds y 9 + y 7 + (b + 1) y 6 + y 5 + by 4 + (b + 1)y 2 + y + b + 1   = y 3 + b1/3 y 2 + y + b1/3 + 1

(3)

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

11

   × y 6 + b1/3 y 5 + b2/3 y 4 + b1/3 + 1 y 2 + b1/3 y + b2/3 + b1/3 + 1 Letting y = z + b1/3 , from y 3 + b1/3 y 2 + y + b1/3 + 1 = 0, we have   z 3 + b2/3 + 1 z + 1 = 0.

(4)

Since Tr2n

 3   b2/3 + 1 + 1 = Tr2n b2 + b4/3 + b2/3 = Tr2n (b) = 1,

Eq. (4) has exactly one solution in F2n , indicating that Eq. (3) has at least one solution in F2n for any a ∈ F2n . 2  n  n Theorem 3.13. Let n be even and (s1 , s2 , s3 ) = 2 3−1 , 2·(2 3 −1) , 2n − 2 . Let δ be arbi  s1  2  s2 trary element in F2n with Tr2n (δ) = 1. Then F (x) = x2 + x + δ + x +x+δ +  2  s3 x +x+δ + x is a PP over F2n . 2n −1

Proof. nLet γ be a primitive element of F2∗n and ω := γ 3 . Define Ci := {x ∈ 2 −1 F2∗n |x 3 = ω i } for i = 0, 1, 2. Then F2∗n = C0 ∪C1 ∪C2 . Since Tr2n (δ) = 1, x2 +x +δ = 0 for any x ∈ F2n and  s1  2  s2  2 s3 F (x) = x2 + x + δ + x +x+δ + x +x+δ +x ⎧ 1 ⎪ ⎨ + x , if x2 + x + δ ∈ C0 , 2+x+δ x = 1 ⎪ ⎩ + x + 1, if x2 + x + δ ∈ C1 ∪ C2 . 2 x +x+δ Firstly, for any x = y ∈ F2n , which satisfy that x2 + x + δ and y 2 + y + δ exactly both 1 belong to one of C0 and C1 ∪ C2 , F (x) = F (y) since x2 +x+δ + x permutes F2n . Next, 2 n assume there exist x, y ∈ F2 satisfying x + x + δ ∈ C0 and y 2 + y + δ ∈ C1 ∪ C2 such that F (x) = F (y). Namely,

x2

1 1 +x= 2 + y + 1. +x+δ y +y+δ

After simplifying, we have    (x + y)(x + y + 1) = (x + y + 1) x2 + x + δ y 2 + y + δ . Since x2 + x + δ ∈ C0 and y 2 + y + δ ∈ C1 ∪ C2 , x + y + 1 = 0. Therefore, we get    x + y = x2 + x + δ y 2 + y + δ .

(5)

Denote x + y = u and xy = v. Plugging them into Eq. (5) and simplifying it, we obtain

12

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

v 2 + (u + 1)v + δu2 + (δ + 1)u + δ 2 = 0. That is to say, v is one solution of x2 + (u + 1)x + δu2 + (δ + 1)u + δ 2 = 0 in F2n . However,

Tr2n

δu2 + (δ + 1)u + δ 2 u2 + 1





(δ + 1)u + δ 2 + δ u2 + 1

δ+1 δ2 + 1 + 2 = Tr2n δ + u+1 u +1

= Tr2n



δ+

= Tr2n (δ) = 1. According to Lemma 3.2, x2 + (u + 1)x + δu2 + (δ + 1)u + δ 2 = 0 has no solutions in F2n , which is contradictory. Thus for any x = y ∈ F2n , F (x) = F (y), indicating that F (x) permutes F2n . 2  n  n n Theorem 3.14. Let n be even and (s1 , s2 , s3 ) = 2 3−1 − 1, 2 3−1 , 2·(2 3 −1) − 1 . Let  s1 δ be arbitrary element in F2n with Tr2n (δ) = 1. Then F (x) = x2 + x + δ +  2  s2  2 s3 x +x+δ + x +x+δ + x is a PP over F2n . 2n −1

Proof. nLet γ be a primitive element of F2∗n and ω := γ 3 . Define Ci := {x ∈ 2 −1 F2∗n |x 3 = ω i } for i = 0, 1, 2. Then F2∗n = C0 ∪C1 ∪C2 . Since Tr2n (δ) = 1, x2 +x +δ = 0 for any x ∈ F2n and  s1  2  s2  2 s3 F (x) = x2 + x + δ + x +x+δ + x +x+δ +x ⎧ x + 1, if x2 + x + δ ∈ C0 , ⎪ ⎪ ⎪ ⎨ 1 + x + ω, if x2 + x + δ ∈ C1 , = 2+x+δ x ⎪ ⎪ 1 ⎪ ⎩ + x + ω 2 , if x2 + x + δ ∈ C2 , 2 x +x+δ Firstly, for any x = y ∈ F2n , which satisfy that x2 + x + δ and y 2 + y + δ exactly both 1 belong to one of C0 and C1 ∪ C2 , F (x) = F (y) since x and x2 +x+δ + x permute F2n . Next, assume that there exist some i, j ∈ {0, 1, 2} with i = j and x, y ∈ F2n satisfying x2 + x + δ ∈ Ci and y 2 + y + δ ∈ Cj such that F (x) = F (y). 1 When i = 0, j = 1, from F (x) = F (y), we have x = y2 +y+δ + y + ω 2 . Moreover, x2 + x + δ =

1 1 z2 + z (z+1)3 z2

+z+1 =

(z+1)3 z2 ,

where z = y 2 + y + δ. It is clear that when z ∈ C1 ,

x2 + x + δ = ∈ C1 , which is contradictory with x2 + x + δ ∈ C0 . When i = 0, j = 2, the proof is similar to that of i = 0, j = 1 and when i = 1, j = 2, the proof is similar to that of Theorem 3.13. Thus we omit them here. In conclusion, for any x = y ∈ F2n , F (x) = F (y). The proof is completed. 2

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

13

Similarly, we have the following corollary.   n   n 2n n Corollary 3.15. Let f (x) = x2 + x H x2 −1 + x2 −2 +x, where H(x) = xt1 +xt2 + xt3 , ti ≡ −si (mod 2n − 1) for i = 1, 2, 3. Then f permutes F22n if n and (s1 , s2 , s3 ) satisfy one of these conditions in Theorems 3.12, 3.13 and 3.14. 4. An asymptotic result by the Hasse-Weil bound  2k 1 In [8], Helleseth and Zinoviev proved that for k = 0, 1, x2 +x+δ + x permutes F2n . However, from experimental results by MAGMA, it seems that there is no other  2k 1 positive integers k such that x2 +x+δ + x is a PP over F2n . In this section, we use  2k 1 the Hasse-Weil bound to give the following asymptotic result about x2 +x+δ + x to be a PP over F2n . Theorem 4.1. Let δ be arbitrary element in F2n with Tr2n (δ) = 1 and F (x) = 2k  1 + x ∈ F2n [x], where k > 3n x2 +x+δ 4 is a positive integer. Then F (x) does not n permute F2 . Before proving the above theorem, we give some lemmas firstly. Lemma 4.2. [5] Let G(X, Y ) be an absolutely irreducible polynomial in Fq [X, Y ] of degree d and let #VFq2 (G) be the number of zeros of G in Fq2 . Then     #VFq2 (G) − q  ≤ (d − 1)(d − 2)q 1/2 + d + 1. The key point of using the Hasse-Weil bound is to show that a special polynomial is absolutely irreducible over F2n and the following lemma will be used in the proof. Lemma 4.3. [3] Let G ∈ F2n [X, Y ] be a nonzero polynomial and define G1 (X, Y ) =

G(X, XY ) , Xm

where m is the smallest degree of a monomial in G. If G1 (X, Y ) is irreducible in F¯2n [X, Y ], so is G(X, Y ). 

Lemma 4.4. Let G(X, Y ) = (X + Y )2 ¯2n [X, Y ]. G(X, Y ) is irreducible in F

−1

   2 X + X + δ Y 2 + Y + δ + X + Y + 1. Then

Proof. Let       ¯ G(X, Y, Z) = (X + Y )2 −1 X 2 + XZ + δZ 2 Y 2 + Y Z + δZ 2 + (X + Y )Z 2 +2 + Z 2 +3

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

14

¯ be the homogenization of G(X, Y ). It suffices to show that G(X, 1, Z) is irreducible in ¯ n F2 [X, Z]. Moreover, we have       ¯ G(X, 1, Z) = (X + 1)2 −1 X 2 + XZ + δZ 2 1 + Z + δZ 2 + (X + 1)Z 2 +2 + Z 2 +3 . ¯  It is clear that the irreducibility of G(X Z) is the same as + 1, 1, Z) denoted by G(X, ¯ that of G(X, 1, Z). Clearly,        G(X, Z) = X 2 −1 X 2 + ZX + δZ 2 + Z + 1 δZ 2 + Z + 1 + XZ 2 +2 + Z 2 +3 .  1 (X, Z) = Let G  1 (X, Z) = G



 G(X,XZ) . X 2 −1

Then

       δZ 2 + Z + 1 X 2 + ZX + 1 δZ 2 X 2 + ZX + 1 + Z 2 +3 + Z 2 +2 X 4

= A1 (Z)X 4 + A2 (Z)X 3 + A3 (Z)X 2 + 1, where 

A1 (Z) = Z 2

+3



+ Z2

+2

+ δ 2 Z 4 + δZ 3 + δZ 2 , 2

(6)

A2 (Z) = Z + Z

(7)

A3 (Z) = Z 2 + Z + 1,

(8)

and

 1 (X, Z) is irreducible in F¯2n [X, Y ]. Let G  2 (X, Z) = and it suffices to prove that G 1 4 4 2 X G1 ( X , Z) = X + A3 (Z)X + A2 (Z)X + A1 (Z). In the following, we prove that  2 (X, Z) is irreducible in F¯2n [X, Z] by way of contradiction and so is G  1 (X, Z). G ¯ (1) Assume that there exist B1 [Z], B2 [Z], B3 [Z] ∈ F2n [Z] such that     2 (X, Z) = X 2 + B1 (Z)X + B2 (Z) X 2 + B1 (Z)X + B3 (Z) . G Then after comparing the coefficients, we have B3 (Z) + B1 (Z)2 + B2 (Z) = A3 (Z),

(9)

B1 (Z)B3 (Z) + B1 (Z)B2 (Z) = A2 (Z)

(10)

B2 (Z)B3 (Z) = A1 (Z).

(11)

and

From Eq. (9), Eq. (10) and the relation A2 (Z) + A3 (Z) = 1, we have B3 (Z) + B1 (Z)2 + B2 (Z) = B1 (Z)B3 (Z) +B1 (Z)B2 (Z) +1, i.e., (B1 (Z) +1)(B1 (Z) +B2 (Z) +B3 (Z) +1) =

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

15

0. Hence B1 (Z) = 1 or B1 (Z) + B2 (Z) + B3 (Z) + 1 = 0. When B1 (Z) = 1, then B2 (Z) +B3 (Z) = A2 (Z) = Z 2 +Z. From B2 (Z)B3 (Z) = A1 (Z), we can see that deg B2 = deg B3 ≥ 2. However, deg A1 is odd which is a contradiction with that deg B2 B3 is even. When B1 (Z) + B2 (Z) + B3 (Z) + 1 = 0, from Eq. (10), we have B1 (Z)2 + B1 (Z) = Z 2 + Z and thus B1 (Z) = Z or B1 (Z) = Z + 1. Moreover, B2 (Z) + B3 (Z) = Z or Z + 1 and thus deg B2 B3 = 2 deg B2 is even, which is a contradiction with that deg B2 B3 = deg A1 is odd. (2) Assume that there exist B1 [Z], B2 [Z], B3 [Z] ∈ F¯2n [Z] such that    2 (X, Z) = (X + B1 (Z)) X 3 + B1 (Z)X 2 + B2 (Z)X + B3 (Z) . G Then after comparing the coefficients, we have B1 (Z)2 + B2 (Z) = A3 (Z),

(12)

B3 (Z) + B1 (Z)B2 (Z) = A2 (Z)

(13)

B1 (Z)B3 (Z) = A1 (Z).

(14)

and

From Eq. (12) and Eq. (8), we have B1 (Z) = Z + α and B2 (Z) = Z + α2 + 1 with α ∈ F¯2n , or deg B2 = 2 deg B1 ≥ 2. If B1 (Z) = Z + α and B2 (Z) = Z + α2 + 1, then B3 (Z) = (α2 + α)Z + α3 + α from Eq. (13) and it is impossible due to Eq. (14). Thus deg B2 = 2 deg B1 ≥ 2. Moreover, deg B3 = deg B1 + deg B2 = 3 deg B1 from Eq. (13). Furthermore, deg B1 B3 = deg B1 + deg B3 = 4 deg B1 = deg A1 = 2 + 3, which is wrong since 4  2 + 3. Thus the assumption is also invalid.  2 (X, Z) is irreducible in F¯2n [X, Z] and From the above two cases, we can see that G we complete the proof. 2 Finally, we finish the proof of our main result in this section. 



1 Proof of Theorem 4.1. It suffices to show that F1 (x) = F (x)2 = x2 +x+δ + x2 does n not permute F2n , where  = n − k < 4 . Assume, by way of contradiction, that F1 (x) permutes F2n . Then

F1 (x) + F1 (y) =0 x+y has no solutions (x, y) ∈ F22n with x = y, which is equivalent to that the polynomial    F1 (X) + F1 (Y ) ∈ F2n [X, Y ] G(X, Y ) = X 2 + X + δ Y 2 + Y + δ X +Y has no zeros (x, y) ∈ F22n with x = y. After a direct computation, we have

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

16



G(X, Y ) = (X + Y )2

−1



X2 + X + δ



 Y 2 + Y + δ + X + Y + 1.

From Lemma 4.4, G(X, Y ) is absolutely irreducible in F2n [X, Y ] and the degree of G(X, Y ) is d = 2 + 3. Let #VFq2 (G) be the number of solutions of G(X, Y ) = 0 in F22n . According to Lemma 4.2, we have #VFq2 (G) ≥ 2n − (d − 1)(d − 2)2n/2 − d − 1. Let λ be the larger zero of X 2 − (d − 1)(d − 2)X − d − 2 in R. Then we have  1 (d − 1)(d − 2) + (d − 1)2 (d − 2)2 + 4d + 4 2  1 = (d − 1)(d − 2) + d4 − 6d3 + 13d2 − 8d + 8 2 1 < [(d − 1)(d − 2) + d(d − 2)] 2   n 1 1  +1 = (2d − 1)(d − 2) = 2 + 5 2 + 1 ≤ 2 2 , 2 2

λ=

since  < n4 . Thus #VFq2 (G) ≥ 1. Furthermore, G(X, X) = 1, which means that G(X, Y ) = 0 has no solutions (x, y) in F22n with x = y. Namely, G(X, Y ) = 0 has solutions (x, y) ∈ F22n with x = y, which means that F (x) is not bijective on F2n . 2 Acknowledgment We would like to thank the editor and the anonymous referees whose valuable comments and suggestions improve both the technical quality and the editorial quality of this paper. References [1] A. Akbary, D. Ghioca, Q. Wang, On constructing permutations of finite fields, Finite Fields Appl. 17 (2011) 51–67. [2] D. Bartoli, On a conjecture about a class of permutation trinomials, Finite Fields Appl. 52 (2018) 30–50. [3] D. Bartoli, K.-U. Schmidt, Low-degree planar polynomials over finite fields of characteristic two, J. Algebra 535 (2019) 541–555. [4] E.R. Berlekamp, H. Rumsey, G. Solomon, On the solution of algebraic equations over finite fields, Inf. Control 10 (1967) 553–564. [5] J.S. Chahal, S.R. Ghorpade, Carlitz-Wan conjecture for permutation polynomials and Weil bound for curves over finite fields, Finite Fields Appl. 54 (2018) 366–375. [6] C. Ding, Cyclic codes from some monomials and trinomials, SIAM J. Discrete Math. 27 (2013) 1977–1994. [7] C. Ding, J. Yuan, A family of skew Hadamard difference sets, J. Comb. Theory, Ser. A 113 (2006) 1526–1535. [8] T. Helleseth, V. Zinoviev, New Kloosterman sums identities over F2m for all m, Finite Fields Appl. 9 (2003) 187–193. [9] X. Hou, Permutation polynomials over finite fields - a survey of recent advances, Finite Fields Appl. 32 (2015) 82–119.

K. Li et al. / Finite Fields and Their Applications 63 (2020) 101641

17

[10] X. Hou, Applications of the Hasse-Weil bound to permutation polynomials, Finite Fields Appl. 54 (2018) 113–132. [11] X. Hou, On a class of permutation trinomials in characteristic 2, Cryptogr. Commun. (2018), https://doi.org/10.1007/s12095-018-0342-1. [12] X. Hou, Determination of a class of permutation trinomials in characteristic three, arXiv:1811.11949. [13] Y. Laigle-Chapuy, Permutation polynomials and applications to coding theory, Finite Fields Appl. 13 (2007) 58–70. [14] R. Lidl, H. Niederreiter, Finite Fields, 2nd ed., Cambridge Univ. Press, Cambridge, 1997. [15] K. Li, L. Qu, Q. Wang, New constructions of permutation polynomials of the form xr h (xq−1 ) over Fq2 , Des. Codes Cryptogr. 86 (2018) 2379–2405.  m s  m s [16] L. Li, S. Wang, C. Li, et al., Permutation polynomials xp − x + δ 1 + xp − x + δ 2 + x over Fpn , Finite Fields Appl. 51 (2018) 31–61. [17] N. Li, X. Zeng, A survey on the applications of Niho exponents, Cryptogr. Commun. (2018), https:// doi.org/10.1007/s12095-018-0305-6. [18] Y.H. Park, J.B. Lee, Permutation polynomials and group permutation polynomials, Bull. Aust. Math. Soc. 63 (2001) 67–74. [19] R.L. Rivest, A. Shamir, L.M. Aselman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM 21 (1978) 120–126. [20] Q. Wang, Cyclotomic mapping permutation polynomials over finite fields, in: S.W. Golomb, G. Gong, T. Helleseth, H.-Y. Song (Eds.), Sequences, Subsequences, and Consequences, in: Lect. Notes Comput. Sci., vol. 4893, Springer, Berlin, 2007, pp. 119–128. [21] J. Yuan, C. Ding, Four classes of permutation polynomials of F2m , Finite Fields Appl. 13 (2007) 869–876.  i s1 + [22] X. Zeng, X. Zhu, N. Li, X. Liu, Permutation polynomials over F2n of the form x2 + x + δ  i s2 2 x +x+δ + x, Finite Fields Appl. 47 (2017) 256–268.   [23] M.E. Zieve, On some permutation polynomials over Fq of the form xr h x(q−1)/d , Proc. Am. Math. Soc. 137 (2009) 2209–2216. [24] D. Zheng, M. Yuan, L. Yu, Two types of permutation polynomials with special forms, Finite Fields Appl. 56 (2019) 1–16.