Maximal nonassociativity via nearfields

Maximal nonassociativity via nearfields

Finite Fields and Their Applications 62 (2020) 101610 Contents lists available at ScienceDirect Finite Fields and Their Applications www.elsevier.co...
Download PDF
548KB Sizes 0 Downloads 73 Views
Report

Finite Fields and Their Applications 62 (2020) 101610

Contents lists available at ScienceDirect

Finite Fields and Their Applications www.elsevier.com/locate/ffa

Maximal nonassociativity via nearfields Aleš Drápal a , Petr Lisoněk b,∗ a

Department of Mathematics, Charles University, Sokolovská 83, 186 75 Praha 8, Czech Republic b Department of Mathematics, Simon Fraser University, 8888 University Drive, Burnaby, BC, Canada V5A 1S6

a r t i c l e

i n f o

Article history: Received 16 January 2019 Received in revised form 30 September 2019 Accepted 1 November 2019 Available online xxxx Communicated by Olga Polverino MSC: 05B15 12C25

a b s t r a c t We say that (x, y, z) ∈ Q3 is an associative triple in a quasigroup Q(∗) if (x ∗ y) ∗ z = x ∗ (y ∗ z). It is easy to show that the number of associative triples in Q is at least |Q|, and it was conjectured that quasigroups with exactly |Q| associative triples do not exist when |Q| > 1. We refute this conjecture by proving the existence of quasigroups with exactly |Q| associative triples for a wide range of values |Q|. Our main tools are quadratic Dickson nearfields and the Weil bound on quadratic character sums. © 2019 Elsevier Inc. All rights reserved.

Keywords: Nearfield Character sum Weil bound Quasigroup Associativity

1. Introduction A quasigroup Q(∗) is a set Q with a binary operation ∗ such that for all a, b ∈ Q there exist unique x, y ∈ Q such that a ∗ x = b and y ∗ a = b. Obviously, a binary operation upon a finite set yields a quasigroup if and only if its operational table is a Latin square. * Corresponding author. E-mail addresses: [email protected]ff.cuni.cz (A. Drápal), [email protected] (P. Lisoněk). https://doi.org/10.1016/j.ffa.2019.101610 1071-5797/© 2019 Elsevier Inc. All rights reserved.

2

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Let Q(∗) be a quasigroup of order n. By the definition for each a ∈ Q there exist elements ea , fa ∈ Q such that ea ∗ a = a = a ∗ fa . Observe that (ea ∗ a) ∗ fa = a ∗ fa = a = ea ∗ a = (ea ∗ a) ∗ fa . Say that a triple (x, y, z) ∈ Q3 is associative if (x ∗y) ∗z = x ∗(y ∗z). We have seen that (ea , a, fa ) is an associative triple for each a ∈ Q. There are thus at least n associative triples. The question is whether it is possible to choose Q(∗) in such a way that every associative triple is of this form, i.e. that Q(∗) yields exactly n associative triples. This is a question of long standing. In print it was first formulated by Kepka [7] in 1981, elaborated by Kotzig and Reischer [8], and raised again by Grošek and Horák [6]. An opinion seems to have been leaning towards the nonexistence of such quasigroups when n > 1 (see Conjecture 1.2 in [6]). Hence it was quite a surprise when an example was found already at order nine [4]. For n < 9 no such example exists [3]. We call Q(∗) maximally nonassociative if it yields exactly n associative triples. It was proposed [6] that quasigroups with few associative triples can be used in the design of hash functions in cryptography. In this paper we show a construction of a maximally nonassociative quasigroup for every order m2 where m = 23k r, k ≥ 0 is an integer and r is odd. The quasigroups that we use in our construction have been known for a long time. They were introduced by Stein [10] and are defined by means of a nearfield. A nearfield N (+, ◦, 0, 1) is a set with binary operations + and ◦ such that N (+, 0) is an abelian group, N (◦, 1) is a monoid, x ◦ (y + z) = (x ◦ y) + (x ◦ z) for all x, y, z ∈ N , and for each nonzero u ∈ N there exists v ∈ N such that u ◦ v = 1. (This means that N ∗ (◦, 1) is a group, N ∗ = N \ {0}.) Our definition is thus of the left nearfield, not of the right nearfield that assumes the right distributive law and that is nowadays more common. We call a nearfield proper if it is not a field. These are the nearfields of Dickson [2] and Stein [10]. We use Dickson’s nearfield construction in the special case when the nearfield of order q 2 is obtained by modifying the multiplication operation of the finite field of order q 2 , where q is an odd prime power. Such nearfields are called quadratic in this paper. The term “nearfield” (“Fastkörper”) was coined by Zassenhaus [11] who classified all finite nearfields. For each c ∈ N , c = 0, 1, define a binary operation ∗c by x ∗c y = x + (y − x) ◦ c. Following Stein we prove that N (∗c ) is always an idempotent quasigroup, cf. Lemma 2.2. A quasigroup Q(∗) is idempotent if x ∗ x = x for all x ∈ Q. It is relatively easy to show [7,6,3,4] that if a quasigroup of order n yields exactly n associative triples, then this quasigroup is idempotent. This means that each of the n associative triples of a maximally nonassociative quasigroup is diagonal, i.e. equal to some (x, x, x). The main results are formulated in Theorem 5.6 and Corollary 5.8. Theorem 5.6 states that if N is a quadratic nearfield of order q 2 , then N (∗c ) is maximally nonassociative for at least one c ∈ N , c = 0, 1. The strategy of the proof is as follows: Section 2 uses the 2-transitivity of Aut(N ) to show that N (∗c ) is maximally nonassociative if and only if there exists no x ∈ N that fulfills a certain equation that involves c and x as

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

3

variables (equation (2.3)). For each pair (x, c) there is defined a triple ε(x, c) ∈ {0, 1}3 that expresses the parity (that is, squareness or nonsquareness) of three elements of N that are derived from x and c (cf. (3.3)). The parity is considered in the field Fq2 . It turns out that for each ε ∈ {0, 1}3 there exists a polynomial wε ∈ Fq2 [x, y] such that (x, c) induces an associative triple if and only if wε (x, c) = 0 and ε(x, c) = ε. The rest of Section 3 consists in describing subsets of Fq2 that can be used to determine the number of all (x, c) for which both wε (x, c) = 0 and ε(x, c) = ε are true. The description of Proposition 3.4 is further transformed in Section 4 to allow an application of the Weil bound for quadratic character sums on Fq . In Section 5 it is then proved, using this technique, that the aggregate number of all (x, c) is small enough to force out the existence of c for which there exists no x that would induce an associative triple. That means that N (∗c ) is maximally nonassociative. Corollary 5.8 then uses a simple product construction to cover a wider range of orders for which the existence of a maximally nonassociative quasigroup can be proved. The final part of Section 5 reacts to comments of an anonymous referee. The idea is to consider only those c that fulfill cq+1 = 1. This approach yields a shorter proof that allows to skip Section 4 nearly completely, and to diminish the number of applications of the Weil bound in Section 5. These are obvious advantages. A disadvantage of the alternative approach is that it does not work in characteristic 5 and for q = 19. Also, our original approach gives an asymptotic lower bound for the number of c that yield the maximal nonassociativity at 0.125q 2 . Computations show that the fraction of such c may converge to a number between 0.288 and 0.29 (cf. Conjecture 5.10). 2. Nearfields and quasigroups A group G ≤ Sym(X) is 2-transitive if for all pairs (x1 , x2 ), (y1 , y2 ) ∈ X 2 such that x1 = x2 and y1 = y2 there exists ϕ ∈ G for which ϕ(x1 ) = y1 and ϕ(x2 ) = y2 . If ϕ is always determined uniquely, G is sharply 2-transitive. Lemma 2.1. Let Q be a quasigroup such that Aut(Q) is a 2-transitive group. Then Q is idempotent. Proof. First note that there cannot be |Q| = 2 since if |Q| = 2, then | Aut(Q)| = 1. We may thus assume that |Q| ≥ 3. Let x, y ∈ Q be such that x ∗ x = y. If y = x, then there exists ϕ ∈ Aut(Q) such that ϕ(x) = x and ϕ(y) = y. This yields y = x ∗ x = ϕ(x) ∗ ϕ(x) = ϕ(y) = y. Therefore x = y. 2 Let N (+, ◦, 0, 1) be a (left) nearfield. For each c ∈ N such that c = 0 and c = 1 define a binary operation ∗c by x ∗c y = x + (y − x) ◦ c for all x, y ∈ N .

(2.1)

4

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Note that x ◦ 0 = 0 for all x ∈ N since x ◦ 0 = x ◦ (0 + 0) = x ◦ 0 + x ◦ 0. Note also that 0 = x ◦ (y − y) = x ◦ y + x ◦ (−y) implies that x ◦ (−y) = −x ◦ y for all x, y ∈ N . Lemma 2.2. Assume c ∈ N \ {0, 1}. Then N (∗c ) is an idempotent quasigroup. Proof. Denote by d the inverse element of c, and by e the inverse element of 1 − c. Thus d ◦ c = c ◦ d = 1 = (1 − c) ◦ e = e ◦ (1 − c). Consider equations a ∗c x = b and y ∗c a = b, where a, b ∈ N . If b = a + (x − a) ◦ c, then x is uniquely determined because (b −a) ◦d = x −a. If b = y +(a −y) ◦c, then b −a = −(a −y) +(a −y) ◦c = (a −y) ◦(c −1), and (a − b) ◦ e = a − y. 2 If u, v ∈ N and u = 0, then x → u ◦ x + v permutes N . These are the affine mappings of N . All of them form a sharply 2-transitive group upon N . Lemma 2.3. Let u, v, c ∈ N be such that c, u = 0 and c = 1. Then x → u ◦ x + v is an automorphism of N (∗c ). Proof. Indeed, (u ◦ a + v) ∗c (u ◦ b + v) is equal to u ◦ a + v + u ◦ (b − a) ◦ c = u ◦ (a + (b − a) ◦ c) + v. 2 Corollary 2.4. Let N be a nearfield and let c be an element of N such that c = 0, 1. Then Aut(N (∗c )) contains a sharply 2-transitive group. In finite case sharply 2-transitive groups are in one-to-one correspondence to nearfields. That can be used to show that Corollary 2.4 can be reversed. I.e., if Q is a quasigroup such that Aut(Q) contains a sharply 2-transitive subgroup, then upon Q there can be defined a structure of a nearfield such that Q coincides with Q(∗c ), c∈ / {0, 1}. All of that has been established by Stein [10]. Lemma 2.5. Let Q(∗) be an idempotent quasigroup. A triple (x, x, y) ∈ Q3 is associative if and only if x = y. Proof. Indeed, x ∗ (x ∗ y) = (x ∗ x) ∗ y implies that x ∗ (x ∗ y) = x ∗ y, x ∗ y = x and x = y. 2 Proposition 2.6. Let N be a finite nearfield of order n, and let c ∈ N be such that c = 0, 1. Denote by k the number of z ∈ N such that 0 ∗c (1 ∗c z) = c ∗c z. Then N (∗c ) contains exactly n(nk − k+1) associative triples. Proof. The condition 0 ∗c (1 ∗c z) = c ∗c z means that (0, 1, z) is an associative triple since c = 0 ∗c 1. Hence (ϕ(0), ϕ(1), ϕ(z)) = (v, u+v, ϕ(z)) is an associative triple whenever 0 ∗c (1 ∗c z) = c ∗c z and ϕ : x → u ◦ x + v, u = 0. If (u, w, z  ) is an associative triple such that u = w, then (u, w, z  ) = (u, u+v, z  ) for some v = 0, and 0 ∗c (1 ∗c z) = c ∗c z, where

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

5

z = ϕ−1 (z  ). There are thus n(n − 1)k associative triples (x, y, z) such that x = y. The remaining associative triples are diagonal, by Lemma 2.5. 2 By (2.1), the equality 0 ∗c (1 ∗c z) = c ∗c z is true if and only if (1 + (z − 1) ◦ c) ◦ c = c + (z − c) ◦ c

(2.2)

holds. This is closely related to x ◦ c + (x+1 − x ◦ c) ◦ c = (x+c) ◦ c.

(2.3)

Lemma 2.7. Let x, z and c be elements of a nearfield N such that c = 0, 1, z = 1, x = 0 and x ◦(z −1) = 1. Then (z, c) fulfills (2.2) if and only if (x, c) fulfills (2.3). Furthermore, (1, c) never fulfills (2.2) and (0, c) never fulfills (2.3). Proof. None of the equalities c = c + (1 − c) ◦ c and c ◦ c = c may be true since c ∈ / {0, 1}. This explains why (1, c) never fulfills (2.2) and (0, c) never fulfills (2.3). Assume z = 1. Switch the sides of (2.2) and put y = z − 1. The obtained equation c + (y+1 − c) ◦ c = (1 + y ◦ c) ◦ c

(2.4)

turns into (2.3) when both sides of it are multiplied by x from the left. 2 Corollary 2.8. Let c be an element of a finite nearfield N , c = 0, 1. The number of z ∈ N such that 0 ∗c (1 ∗c z) = c ∗c z is equal to the number of x ∈ N such that (x, c) fulfills (2.3). Whenever (x, c) fulfills (2.3), then x = 0. Proof. This follows directly from Lemma 2.7 since (2.2) expresses the equality 0 ∗c (1 ∗c z) = c ∗c z. 2 Proposition 2.9. Let N be a nearfield of finite order n. Let m be the number of all (x, c) ∈ N ×(N \{0, 1}) for which (2.3) holds. If m < n −2, then there exists c ∈ N \{0, 1} such that every associative triple of N (∗c ) is diagonal. Proof. For each c ∈ N , c = 0, 1, denote by a(c) the number of x such that (x, c) fulfills  (2.3). Clearly, m = a(c). If m < n − 2, then there exists c such that a(c) = 0. By Corollary 2.8 and Proposition 2.6 this means that N (∗c ) contains exactly n associative triples. 2 A quasigroup Q(∗) is called flexible if and only if x ∗(y ∗x) = (x ∗y) ∗x for all x, y ∈ Q. Proposition 2.10. Let c be an element of a nearfield N , c = 0, 1. Quasigroup N (∗c ) is flexible if and only if (1 − c) ◦ c = c ◦ (1 − c).

6

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Proof. By Lemma 2.3, N (∗c ) is flexible if and only if 0 ∗c (1 ∗c 0) = (0 ∗c 1) ∗c 0. Plugging z = 0 into (2.2) yields (1 − c) ◦ c = c ◦ (1 − c) since c ◦ (1 − c) = c + (−c) ◦ c. 2 For each quasigroup Q(∗) there exists an opposite quasigroup Q(∗op ) such that x ∗op y = y ∗ x for all x, y ∈ Q. Lemma 2.11. Let c be an element of a nearfield N , c = 0, 1. Quasigroup N (∗c ) is opposite to the quasigroup N (∗1−c ). Proof. By (2.1), x ∗1−c y = x +(y −x) ◦(1 −c) = x +(y −x) −(y −x) ◦c = y +(x −y) ◦c = y ∗c x. 2 Corollary 2.12. Quasigroups N (∗c ) and N (∗1−c ) have the same number of associative triples, for any nearfield N and any c ∈ N , c = 0, 1. Proof. This follows from Lemma 2.11 immediately since opposite quasigroups have the same number of associative triples. 2 3. Quadratic nearfields Fix an odd prime power q and a field F = Fq2 . Define binary operation ◦ upon F by  x◦y =

xy

xy

if x is a square, q

if x is a nonsquare.

(3.1)

As is well known, F (+, ◦) is a nearfield [2]. Denote it by N . This notation should be regarded as fixed throughout this section. Each element of Fq ⊆ F is a square in F . If c ∈ Fq and c = 0, 1, then N (∗c ) is flexible, by Proposition 2.10. For each binary vector ε = (ε0 , ε1 , ε2 ) ∈ {0, 1}3 define a polynomial wε (x, y) ∈ F [x, y]: (ε0 , ε1 , ε2 ) (0, 0, 0) (0, 0, 1) (0, 1, 0) (0, 1, 1) (1, 0, 0) (1, 0, 1) (1, 1, 0) (1, 1, 1)

wε (x, y) y(x+1)(y − 1)   y x(y q−1 +y − 2) + (y q − 1)   y 2 xy q−2 (y − 1) − (y q−2 − 1)   y(y − 1) x(y − 1)q−1 + y q−1 y(y − 1)(xy q−1 + 1) y(y − 1)q (x + 1)   y x(2y q−1 − y 2q−1 − 1) + (y q−1 − y) y q (y − 1)(x(y − 1)q−1 + 1)

(3.2)

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

7

For x, y ∈ F define ε(x, y) = (ε0 , ε1 , ε2 ) ∈ {0, 1}3 by ε0 = 0



x is a square,

ε1 = 0



x+1 − x◦y is a square, and

ε2 = 0



x+y is a square.

(3.3)

Lemma 3.1. Let x, c ∈ F be such that c = 0, 1. Then (x, c) fulfills (2.3) if and only if wε (x, c) = 0, where ε = ε(x, c). Proof. Put ε = ε(x, c). Then it is always possible to express (2.3) as an equation in terms of the field F . The equation depends only upon the value of ε. For example suppose that ε = (1, 0, 1). The equation gets the form xcq + (x+1 − xcq )c = (x+c)cq . This is true if and only if c(1 − cq )(x+1) vanishes. As another example consider ε = (0, 1, 1). That yields xc + (x+1 − xc)cq = xcq + cq+1 , which means the vanishing of c(x(1 − c)q + cq−1 (1 − c)) = c(1 − c)(x(c − 1)q−1 + cq−1 ). The other cases are similar. 2 Define Ki , 0 ≤ i ≤ 4, as sets of y ∈ F \ {0, 1} that satisfy the following conditions. K0 : y and y − 1 are squares, K1 : y − 1 and y q−1 (y 2 − y+1) − 1 are nonsquares, while y((y − 1)2−q +1) is a square, K2 : y, (y+1) − (y − 1)q−1 and y −1 − (y −1 − 1)q−1 are nonsquares, K3 : (y −1 − 1)q−1 + (y − 1) and y(y −1 − 1)q−1 − 1 are nonsquares, K4 : (y 2q − 2y q +y)(y q − y 2 ) is a nonsquare, y q (y q+1 − 2y+1)(y q − y 2 ) is also a nonsquare, and (y − 1)(y q+1 +y q − y)(y q − y 2 ) is a square. Proposition 3.2. Let N be the quadratic nearfield upon F = Fq2 , q an odd prime power, and let c be an element of N , c = 0, 1. The number of z ∈ N for which 0 ∗c (1 ∗c z) = c ∗c z  holds is equal to ki , 0 ≤ i ≤ 4, where ki = 1 if c ∈ Ki , and ki = 0 otherwise. Proof. Denote by k the number of z ∈ N for which 0 ∗c (1 ∗c z) = c ∗c z, and by A the set of all x ∈ F such that (x, c) fulfills (2.3). By Corollary 2.8, k = |A| and 0 ∈ / A.  For ε = (ε0 , ε1 , ε2 ) ∈ {0, 1}3 put Aε = {x ∈ A | ε(x, c) = ε}. Clearly, k = ε |Aε |. By Lemma 3.1, x ∈ Aε



wε (x, c) = 0 and ε(x, c) = ε.

(3.4)

8

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

When considering wε (x, y) the factors that are powers of y or y − 1 may be removed since c = 0, 1 is assumed. Therefore assuming ε = (1, 1, 1) implies that x(c − 1)q−1 + 1 = 0. That means that x is a square because −1 ∈ Fq is a square and (c − 1)q−1 is a square. At the same time, x is assumed to be a nonsquare since ε0 = 1. Hence A(1,1,1) = ∅. Similarly it can be proved that Aε = ∅ if ε = (1, 0, 0) or ε = (1, 0, 1) . In the former case x has to be a square because xy q−1 + 1 = 0 is supposed to hold, while in the latter case x is equal to −1. Assume that ε = (0, 0, 0) . Then wε (x, c) = 0 if and only if x = −1. The set A(0,0,0) is thus either empty, or contains a single element that is equal to −1. The latter takes place if and only if both −1+1 − (−1) ◦ c = c and c − 1 are squares, i.e. if and only if c ∈ K1 . Let ε = (0, 1, 1) . Assume that wε (x, c) = 0. Then x = −(c/(c −1))q−1 . Since −(y/(y − 1))q−1 is a square for every y ∈ F , y = 1, the incidence of x to Aε is equivalent to x+c =

−cq−1 + c(c − 1)q−1 −cq−1 + (c − 1)q−1 + cq and x+1 − xc = (c − 1)q−1 (c − 1)q−1

being both nonsquares. Of course, this is the same as to say that −cq−1 + c(c − 1)q−1 and −cq−1 + (c − 1)q−1 + cq are nonsquares. Dividing by cq−1 yields −1+c(1 − c−1 )q−1 and (c − 1) + (1 − c−1 )q−1 . Hence Aε is either empty, or contains exactly one element, and that element is equal to −(c/(c − 1))q−1 . The latter alternative takes place if and only if c ∈ K3 . Let ε = (0, 1, 0) . Then Aε = ∅ if and only if |Aε | = 1, Aε contains x = (cq−2 − 1)c2−q (c − 1)−1 = (1 − c2−q )/(c − 1), both x and x+c are squares, and x+1 − xc is a nonsquare. The latter condition is equivalent to c being a nonsquare since x+1 − xc =

1 − c2−q + c − 1 − c + c · c2−q c2−q (c − 1) = = c2−q . c−1 c−1

Let us hence assume that c is a nonsquare. Since 1 − c−q = (c − 1)q /cq , x+c =

1 − c2−q + c2 − c c2 (1 − c−q ) = − 1 = c2−q (c − 1)q−1 − 1. c−1 c−1

Thus x+c is a square if and only if (c − 1)q−1 − cq−2 is a nonsquare. Dividing the latter value by cq−1 establishes that x+c is a square if and only if (1 − c−1 )q−1 − c−1 is a nonsquare. Since (y − 1)q−1 − (y+1) 1 − y 2−q = y−1 yq

(3.5)

holds for every y ∈ F , y = 0, 1, the element x is a square if and only if (c − 1)q−1 − (c+1) is a nonsquare. This concludes the proof that k2 = 1 if c ∈ K2 , and k2 = 0 if c ∈ / K2 .

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

9

Suppose that ε = (0, 0, 1) . Then x(cq−1 +c − 2) = (1 − c)q . Since c = 1, the set Aε is empty if cq−1 +c − 2 vanishes. If cq−1 = 2 − c, then (c − 1)q = c(2 − c) − 1 = −(c − 1)2 and (c − 1)q−2 = −1. If this holds, then c − 1 is a square and c ∈ / K1 . Hence cq−1 +c − 2 = 0 may be assumed. Plugging y = 1 − c into (3.5) gives x−1 =

cq−1 +c − 2 (1 − c)2−q − 1 . = q 1−c c

This means that x is a square if and only if c((1 − c)2−q − 1) is a square. Let it be true. Then x+c is a nonsquare if and only if 1+cx−1 = (1 − c)2−q is a nonsquare, i.e. if and only if c − 1 is a nonsquare. Let that be true as well. Now, x+1 − xc is a square if and only if 1 + x−1 − c = ((1 − c)2−q − 1+c − c2 )/c is a square. That is true if and only if c((1 − c)2−q − 1+c − c2 )(1 − c)q = c(1+c2 − 2c − 1+c − c2 +cq (c2 − c+1)) = c2 (cq−1 (c2 − c+1) − 1) is a nonsquare. Finally, assume ε = (1, 1, 0) . Then wε (x, c) = x(2cq−1 − c2q−1 − 1) + (cq−1 − c) = 0. This can be also written as x(c2q − 2cq +c) = cq − c2 .

(3.6)

If c2q − 2cq +c = (c − 1)2q + (c − 1) vanishes, then (c − 1)2 + (c − 1)q vanishes as well. In such a case cq = −c2 +2c. If at the same time cq − c2 = 0, then 2c2 = 2c. That cannot be since c ∈ / {0, 1}. Hence c2q − 2cq +c = 0 implies wε (x, c) = 0 for every x ∈ F , and that implies Aε = ∅, by (3.4). Since c2q − 2cq +c = 0 also implies that c ∈ / K4 , it may be assumed that c2q − 2cq +c = 0. Let this be true. Obviously, c ∈ / K4 if cq − c2 = 0. On the other hand, x = 0 if cq − c2 = 0 and wε (x, c) = 0, by (3.6). In such a case c ∈ / Aε , by q 2 Lemmas 3.1 and 2.7. Hence c − c = 0 may be assumed as well. Let x fulfill (3.6). The assumption ε(x, c) = (1, 1, 0) means that x−1 is a nonsquare, 1 + x−1 − cq is a square, and 1 + x−1 c is a nonsquare. It remains to observe that c2q − 2cq +c , cq − c2 cq (cq+1 − 2c+1) 1 + x−1 c = , and cq − c2 x−1 =

1 + x−1 − cq =

(c − 1)(cq+1 +cq − c) . cq − c2

2

Lemma 3.3. Let y be an element of F . Then y ∈ K2 if and only if 1 − y ∈ K1 . Proof. Put v = 1 − y. Obviously, y is a nonsquare ⇔ −y is a nonsquare ⇔ v − 1 is a nonsquare. Hence assuming that y is a nonsquare it suffices to prove that

10

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

1. (y+1) − (y − 1)q−1 is a nonsquare ⇔ v((v − 1)2−q +1) is a square; and 2. y −1 − (y −1 − 1)q−1 is a nonsquare ⇔ v q−1 (v 2 − v+1) − 1 is a nonsquare. To prove (1) note that v((v − 1)2−q +1) = (1 − y)(−y 2−q +1) is a square if and only if (1 − y 2−q )/(y − 1) is a square. By (3.5) this is equal to ((y − 1)q−1 − (y+1))y −q . To prove (2) start from v q−1 (v 2 − v+1) − 1 = (y − 1)q−1 (y 2 − y+1) − 1. This is a nonsquare if and only if   1 y−1 −y q = (1 − y) 1+ q + y2 = (y − y+1) − q + y2 y −1 y −1 (y − 1)q−1 2

is a nonsquare. When multiplied by −(y − 1)q−1 y −2 this gives y q−2 − (y − 1)q−1 . The final step is to divide the latter value by y q−1 . 2 Proposition 3.4. Let N be the quadratic nearfield of order q 2 , q an odd prime power. If 2|K2 | + |K3 | + |K4 | < 3(q 2 − 1)/4, then there exists c ∈ N such that all associative triples of N (∗c ) are diagonal. Proof. Coupling Proposition 3.2 with Corollary 2.8 and Proposition 2.9 shows the sought  c has to exist if |Ki | < q 2 − 2, 0 ≤ i ≤ 4. By Lemma 3.3, |K1 | = |K2 |. By a theorem due to Perron [9, Satz 3] there are exactly (q 2 + 3)/4 squares y (including 0) such that y − 1 is also a square. (We note that results in [9] are stated only for fields of odd prime order, however the proofs in [9] clearly work for any finite field of odd order.) Since cases y = 0 and y = 1 have to be excluded, |K0 | = −2 + (q 2 +3)/4. The rest is clear since 4q 2 − (q 2 +3) = 3(q 2 − 1). 2 4. Going low Sets Ki , 2 ≤ i ≤ 4, are described in Section 3 by means of polynomials in y ±1 of degrees close to q. In order to be able to estimate |Ki | it is desirable to describe these sets by means of polynomials of smaller degrees. Suppose again that F = Fq2 , q an odd prime power. Fix ϑ ∈ F such that ϑ2 ∈ Fq and F = Fq (ϑ). Denote ϑ2 by c. Each element of Fq2 may be thus expressed uniquely as a + ϑb where a, b ∈ Fq . Obviously (a+ϑb)(x+ϑy) = (ax+cby) + ϑ(ay+bx) and (a + ϑb)q = a − ϑb. Therefore (a + ϑb)q−1 =

(a2 +cb2 ) − 2ϑab a − ϑb = . a + ϑb a2 − cb2

(4.1)

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

11

Note that a + ϑb ∈ Fq ⇔ b = 0. Set D = {x ∈ F | xq+1 = 1 and x = 1}, and for each ξ ∈ Fq put i(ξ) =

2ξϑ ξ2 + c − 2 . 2 ξ −c ξ −c

(4.2)

Lemma 4.1. If y = a +ϑb ∈ F \Fq , then y q−1 = i(a/b). Furthermore, D = {i(ξ) | ξ ∈ Fq }. Proof. The equality i(a/b) = y q−1 follows from (4.1). The set D ∪ {1} is the subgroup of F ∗ that is formed by all (q − 1)th powers, |D| = q. Obviously, y q−1 = 1 ⇔ y ∈ Fq∗ . 2 Lemma 4.2. Map an element y ∈ F \ Fq upon (ξ, η) ∈ Fq2 in such a way that i(ξ) = (y − 1)q−1 and i(η) = (y −1 − 1)q−1 . Then y → (ξ, η) is a bijection of F \ Fq upon (Fq × Fq ) \ Δ(Fq ), where Δ(Fq ) = {(α, α); α ∈ Fq }. If y = a + bϑ, b = 0, is mapped upon (ξ, η), then a=

η−ξ ηξ − c η2 − c 2 2 , b = and a . − cb = ξ2 − c ξ2 − c ξ2 − c

(4.3)

Proof. Suppose that y = 0 and (y − 1)q−1 = (y −1 − 1)q−1 . Then y q−1 = 1 since y −1 − 1 = (1 − y)/y, and that implies y ∈ Fq . Assume y = a + bϑ ∈ / Fq . Thus b = 0 and (y − 1)q−1 = (y −1 − 1)q−1 . Define ξ and η by (y − 1)q−1 =

2ξϑ 2η ϑ ξ2 + c η2 + c −1 q−1 − and (y − . − 1) = ξ2 − c ξ2 − c η2 − c η2 − c

(4.4)

Since y −1 − 1 =

a − a2 + cb2 − bϑ and y − 1 = a − 1 + bϑ, a2 − cb2

there has to be ξ = (a − 1)/b and η = (a2 − cb2 − a)/b = aξ − cb. From that the equalities of (4.3) can be computed directly. Since (4.4) implies (4.3), the mapping y → (ξ, η) is injective. Both image and preimage have q 2 − q elements. The mapping is thus also a bijection. 2 Lemma 4.3. The number of points in K2 is the same as the number of pairs (ξ, η) ∈ Fq2 such that the following elements are nonsquares in Fq2 : ξη − c + ϑ(η − ξ), ξη − 3c + ϑ(η + ξ) and ξη − η 2 − 2c + ϑ(η + ξ).

12

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Proof. An element y of F belongs to K2 if it is a nonsquare, and both (y+1) − (y − 1)q−1 and y −1 − (y −1 − 1)q−1 are nonsquares as well. Express y as a + bϑ. Note that y does not belong to Fq since y is nonsquare. Thus b = 0. By Lemma 4.2 there exist unique ξ, η ∈ Fq such that ξ = η, (y − 1)q−1 = i(ξ) and (y −1 − 1)q−1 = i(η). By (4.3), y=

ξη − c + ϑ(η − ξ) , ξ2 − c

y+1 − (y − 1)q−1 =

ξη − 3c + ϑ(η + ξ) , and ξ2 − c

y −1 − (y −1 − 1)q−1 =

ξη − η 2 − 2c + ϑ(ξ + η) . η2 − c

The condition ξ = η may be dropped since if ξ = η, then ξη − c + ϑ(η − ξ) is a square. 2 Lemma 4.4. The number of points in K3 is the same as the number of pairs (ξ, η) ∈ Fq2 such that ξ = η and both   3   η ξ + c(2ξ 2 − η 2 − ηξ) − c2 + ϑ (η 3 − 2ηξ 2 − ξη 2 ) + c(η+ξ) and     3 (η ξ − η 2 ξ 2 ) + c(ξ 2 − 2η 2 +3ξη) − 2c2 + ϑ (η 3 − 3η 2 ξ) + c(3η − ξ) are nonsquares in Fq2 . Proof. The set K3 consists of y = a + ϑb such that both (y − 1) + (y −1 − 1)q−1 and y(y −1 −1)q−1 −1 are nonsquares. Define ξ and η as in (4.4). Then (4.3) gives the expression of a and b in terms of ξ and η. By Lemma 4.2 any pair (ξ, η), ξ = η, may be obtained in this way. Since η was chosen to express (y −1 − 1)q−1 , both (y − 1) + (y −1 − 1)q−1 and y(y −1 − 1)q−1 − 1 can be expressed in terms of ξ and η. By direct computation their (ξ 2 − c)(η 2 − c) multiples give the values of the statement. 2 Lemma 4.5. The number of points in K4 is the same as the number of pairs (ξ, η) ∈ Fq2 such that ξ = η, s(ξ, η)ti (ξ, η) is a nonsquare for i ∈ {1, 2}, and (η + ϑ)s(ξ, η)t3 (ξ, η) is a square, where s(ξ, η) = (−ηξ 2 +2cξ − cη) + ϑ(−3ξ 2 +2ξη+c), t1 (ξ, η) = (ξ 2 η+3cη) + ϑ(ξ 2 − 4ηξ − c), t2 (ξ, η) = (η 2 − c) + 2ϑ(η − ξ), and t3 (ξ, η) = (ξ 3 +cξ − 2cη) + ϑ(−3ξ 2 +2ξη+c). Proof. The terms that determine K4 can be divided by y 2 . We are thus concerned with y q−1 − y multiples of y 2q−1 − 2y q−1 + 1, y q+1 − 2y + 1 and (y − 1)(y q + y q−1 − 1). The product should be a square in the latter case, and a nonsquare in the former two cases. If y ∈ Fq , then all three cases yield a square. Hence y ∈ / Fq may be assumed.

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

13

Let ξ, η ∈ Fq be such that y q−1 =

ξ 2 +c − 2ξϑ η 2 +c − 2ηϑ q−1 and (y − 1) . = ξ2 − c η2 − c

(4.5)

Suppose that y = a + ϑb. Then ξ = a/b and (a − 1)/b = η = ξ − b−1 . Therefore a=

1 ξ+ϑ η+ϑ ξ , b= , y= and y − 1 = . ξ−η ξ−η ξ−η ξ−η

(4.6)

Elements ξ and η are different because otherwise there would be ((y − 1)/y)q−1 = 1, implying thus that y − 1 = λy for some λ ∈ Fq . In such a case y ∈ Fq , contrary to an assumption above. If ξ, η and y = a + ϑb are as in (4.6), then (4.5) holds by Lemma 4.1. Hence (4.5) defines a bijection y → (ξ, η) between F \ Fq and (Fq × Fq ) \ Δ(Fq ). What remains is to use this bijection to express polynomials in y as polynomials in ξ and η. First note that (ξ − η)(ξ 2 − c)(y q−1 − y) = (ξ − η)(ξ 2 +c − 2ξϑ) − (ξ 2 − c)(ξ+ϑ) = (−ηξ 2 +2cξ − cη) + (−3ξ 2 +2ξη+c)ϑ. This is denoted by s(ξ, η). Since (ξ 2 − c)(ξ − η)y q y q−1 = (ξ 3 +3cξ) − ϑ(3ξ 2 +c), −2(ξ 2 − c)(ξ − η)y q−1 = −2ξ 3 +2ξ 2 η − 2cξ+2cη + (4ξ 2 − 4ηξ)ϑ, and (ξ 2 − c)(ξ − η) = ξ 3 − cξ+cη − ξ 2 η, the product of (ξ 2 − c)(ξ − η) and y 2q−1 − 2y q−1 +1 is equal to t1 (ξ, η) = (ξ 2 η+3cη) + (ξ 2 − 4ηξ − c)ϑ. The parity of s(ξ, η)t1 (ξ, η) thus expresses the parity of the first term in the definition of K4 . The definition of t2 follows immediately from (ξ − η)2 (y q+1 − 2y+1) = (ξ 2 − c) − 2(ξ+ϑ)(ξ − η)+(ξ − η)2 = (η 2 − c) − 2ϑ(ξ − η). Since y − 1 = (η+ϑ)/(ξ − η) it remains to observe that y q + y q−1 − 1 is equal to (y − 1)q + y q−1 and to (ξ 3 +cξ − 2cη) + ϑ(−3ξ 2 +2ξη+c) η − ϑ ξ 2 + c − 2ξϑ + = . ξ−η ξ2 − c (ξ − η)(ξ 2 − c)

2

14

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

5. Main results We continue to use the notation F = Fq2 where q is an odd prime power. In the previous sections, by “x is a (non-)square” we meant that x is a (non-)square in F . In this section, we encounter squares and nonsquares both in Fq and in Fq2 , and therefore we will always mention the field explicitly. For z ∈ Fq2 we denote z = z q , the image of z under the Frobenius automorphism. Recall that the norm of z ∈ Fq2 over Fq is defined by N (z) = zz, and N (z) ∈ Fq for  each z ∈ Fq2 . For a polynomial f (x, y) = i,j ai,j xi y j , where ai,j ∈ Fq2 , we define its  conjugate f (x, y) = i,j ai,j xi y j . Lemma 5.1. (i) Let f ∈ Fq2 [x, y]. The polynomial f f has coefficients in Fq . (ii) For x0 , y0 ∈ Fq the value f (x0 , y0 ) is a square in Fq2 if and only if (f f )(x0 , y0 ) is a square in Fq .  Proof. (i) For any b, c ∈ Fq2 we have bc+bc ∈ Fq . Let f (x, y) = i,j ai,j xi y j . We observe that the coefficient at xi y j in f f is the sum of terms of the form aγ aδ + aγ aδ over all {γ, δ} such that γ + δ = (i, j) and γ = δ, plus the term aγ aγ where γ = 12 (i, j) in case that i, j are both even. Therefore this coefficient is in Fq . (ii) For each x0 , y0 ∈ Fq we have (f f )(x0 , y0 ) = f (x0 , y0 )f (x0 , y0 ) = f (x0 , y0 )f (x0 , y0 ) = N (f (x0 , y0 )). The statement now follows from the fact that z ∈ Fq2 is a square in Fq2 if and only if N (z) is a square in Fq . 2 We state the well known Weil bound on multiplicative character sums. Theorem 5.2. [5, Theorem 6.2.2] Let g ∈ Fq [x] be a polynomial of degree d > 0 and χ : Fq∗ → C ∗ a non-trivial multiplicative character of order m (extended by zero to Fq ). Then, if g is not an m-th power in F q [x] (where F q is the algebraic closure of Fq ),       √  χ(g(x)) ≤ (d − 1) q.  x∈Fq 

(5.1)

Throughout the rest of the paper let χ be the quadratic character on Fq∗2 , extended by zero to Fq2 , and let χ be the quadratic character on Fq∗ , extended by zero to Fq . In the next three propositions we will use the Weil bound to give bounds on the sizes of sets K2 , K3 and K4 defined in Section 2.

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

15

Proposition 5.3. We have |K2 | ≤

17 q2 35 + q 3/2 + q. 8 8 4

Proof. Denote f1 (x, y) = xy − c + ϑ(y − x) f2 (x, y) = xy − 3c + ϑ(y + x) f3 (x, y) = xy − y 2 − 2c + ϑ(y + x) the polynomials occurring in the statement of Lemma 4.3. We know that |K2 | equals the number of pairs (x, y) ∈ Fq2 such that fi (x, y) is nonsquare in Fq2 for i = 1, 2, 3. Let gi = fi fi for i = 1, 2, 3. By Lemma 5.1(ii) we have χ (fi (x, y)) = χ(gi (x, y)) for all (x, y) ∈ Fq2 . Let κ : Fq2 → Q be defined by 1

1

(1 − χ (fi (x, y))) = (1 − χ(gi (x, y))). 8 i=1 8 i=1 3

κ(x, y) =

3

(5.2)

We have

|K2 | ≤

κ(x, y).

(5.3)

(x,y)∈Fq2

Fix w ∈ Fq and let Nw = the sums we get Nw −

 x∈Fq

1 q = 8 8

κ(x, w). By multiplying out (5.2) and rearranging



−χ(gi (x, w))

x∈Fq ∅=S⊆{1,2,3} i∈S

=

1 8

1 = 8



(−1)|S|

∅=S⊆{1,2,3}

∅=S⊆{1,2,3}



χ(gi (x, w))

x∈Fq i∈S |S|

(−1)

x∈Fq



χ



gi (x, w) .

(5.4)

i∈S

The coefficient at x in f1 (x, y), in f2 (x, y) and in f3 (x, y) is y − ϑ, y + ϑ and y + ϑ, respectively. Since w ∈ Fq and ϑ = −ϑ, the degree in x of each fi (x, w) and fi (x, w) is one, for each substitution y = w. We would like to apply the Weil bound on the character sums in (5.4). Let us first consider the exceptional values of w and S when the bound may not apply. Those are

the cases when i∈S gi (x, w) may be a perfect square in Fq [x]. If a univariate polynomial h(x) is a perfect square, then all its roots have multiplicity greater than one. Hence the

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

16

discriminant of h with respect to x, denoted discx (h), is equal to 0. Using a computer algebra system we find that discx (g1 g2 g3 ) = 220 ϑ18 (−w + ϑ)22 (w + ϑ)22 (3ϑ2 + w2 )6 × (5ϑ3 − ϑ2 w + 3ϑw2 + w3 )2 (ϑ2 + w2 )2 (5ϑ3 + ϑ2 w + 3ϑw2 − w3 )2 .

Since w = ±ϑ, there are at most 10 exceptional values w such that i∈S gi (x, w) may be   a perfect square in Fq [x] for some S. For the exceptional values w we use Nw − 8q  ≤ 78 q. For all other w we apply the Weil bound to each S. By summing over all S, using triangle

inequality, and noticing that deg i∈S gi (u, w) = 2|S| we get  q  1 17 √ √  q. Nw −  ≤ (3 · (2 − 1) + 3 · (4 − 1) + (6 − 1)) q = 8 8 8 By summing the above inequalities over all w ∈ Fq we get  ⎛ ⎞   2  17 3/2 35 q ⎝ q κ(x, y)⎠ −  ≤ + q.  8 8 4  (x,y)∈Fq The desired result now follows by combining the above inequality and (5.3). 2 Proposition 5.4. We have |K3 | ≤

13 q2 15 + q 3/2 + q. 4 4 2

Proof. We follow the structure of the proof of Proposition 5.3. Denote     f1 (x, y) = y 3 x + c(2x2 − y 2 − yx) − c2 + ϑ (y 3 − 2yx2 − xy 2 ) + c(y+x)     f2 (x, y) = (y 3 x − y 2 x2 ) + c(x2 − 2y 2 +3xy) − 2c2 + ϑ (y 3 − 3y 2 x) + c(3y − x) the polynomials occurring in the statement of Lemma 4.4. We know that |K3 | equals the number of pairs (x, y) ∈ Fq2 such that x = y and fi (x, y) is nonsquare in Fq2 for i = 1, 2. Let gi = fi fi for i = 1, 2. Let κ : Fq2 → Q be defined by κ(x, y) =

1 1 (1 − χ (f1 (x, y)))(1 − χ (f2 (x, y))) = (1 − χ(g1 (x, y)))(1 − χ(g2 (x, y))). 4 4

We have |K3 | ≤

(x,y)∈Fq2

κ(x, y).

(5.5)

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Fix w ∈ Fq and let Nw = Nw −



1 q = 4 4 1 = 4

x∈Fq

17

κ(x, w). Then



(−1)|S|

∅=S⊆{1,2}

∅=S⊆{1,2}



χ(gi (x, w))

x∈Fq i∈S |S|

(−1)

x∈Fq



χ



gi (x, w) .

(5.6)

i∈S

The coefficient at x2 in f1 (x, y) and in f2 (x, y) is −2ϑ(y − ϑ) and −y 2 + c, respectively. Since w ∈ Fq and c is nonsquare in Fq , the degree in x of each fi (x, w) and fi (x, w) is two, for each substitution y = w. Again we would like to apply the Weil bound on (5.6). Again let us first consider the

exceptional values of w when i∈S gi (x, w) may be a perfect square in Fq [x] for some S, and the Weil bound may not apply. We find that polynomials g1 and g2 have the same discriminant, namely discx (g1 ) = discx (g2 ) = 26 ϑ4 (w − ϑ)10 (w + ϑ)10 (w2 + 3ϑ2 )4 (w2 + ϑ2 )2 .

(5.7)

Further we compute g1 g2 = (w − ϑ)2 (w + ϑ)2 (x − ϑ)2 (x + ϑ)2 G where G = (ϑ2 + 2ϑx + w2 )(ϑ2 − 2ϑx + w2 )(2ϑ2 + ϑw + ϑx + w2 − wx)(2ϑ2 − ϑw − ϑx + w2 − wx), and discx (G) = 28 (ϑ − w)2 (w + ϑ)2 (5ϑ3 − ϑ2 w + 3ϑw2 + w3 )2 × (5ϑ3 + ϑ2 w + 3ϑw2 − w3 )2 (3ϑ2 + w2 )4 (ϑ2 + w2 )4 ϑ4 .

(5.8)

By considering (5.7) and (5.8) we find that there are at most 10 exceptional values w for which the Weil bound may not apply for some S. For each w that is not exceptional the Weil bound yields   Nw −

q  1 13 √ √ q.  ≤ (2 · (4 − 1) + (8 − 1)) q = 4 4 4   For the exceptional w we use Nw − 4q  ≤ 34 q. By summing over all w ∈ Fq we get ⎛  ⎞   2  13 3/2 15 q ⎝ ⎠ q κ(x, y) −  ≤ + q.  4 4 2  (x,y)∈Fq

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

18

The desired result now follows by combining the previous inequality with inequality (5.5). 2 Proposition 5.5. We have |K4 | ≤

57 q2 105 + q 3/2 + q. 8 8 8

Proof. Let s, t1 , t2 , t3 be the polynomials defined in Lemma 4.5. We follow the structure of the proofs of Propositions 5.3 and 5.4. Unlike in the previous two proofs, in which the Weil bound was applied to univariate polynomials in x (and the value of y was set to the constant w), in the present proof the Weil bound will be applied to univariate polynomials in y, because the degrees in y of the polynomials to which the bound will be applied are less than or equal to their degrees in x. Let us define the polynomials f1 (x, y) = s(x, y)t1 (x, y) = ((−yx2 +2cx − cy) + ϑ(−3x2 +2xy+c))((x2 y+3cy) + ϑ(x2 − 4yx − c)) f2 (x, y) = s(x, y)t2 (x, y) = ((−yx2 +2cx − cy) + ϑ(−3x2 +2xy+c))((y 2 − c) + 2ϑ(y − x)) f3 (x, y) = (y + ϑ)s(x, y)t3 (x, y) = (y + ϑ)((−yx2 +2cx − cy) + ϑ(−3x2 +2xy+c)) × ((x3 +cx − 2cy) + ϑ(−3x2 +2xy+c)). According to Lemma 4.5, the size of K4 is equal to the number of pairs (x, y) ∈ Fq2 such that x = y, fi (x, y) is a nonsquare in Fq2 for i ∈ {1, 2}, and f3 (x, y) is a square in Fq2 . Let gi = fi fi for i = 1, 2, 3. Let ε1 = −1, ε2 = −1, ε3 = 1. Let κ : Fq2 → Q be defined by 1

1

(1 + εi χ (fi (x, y))) = (1 + εi χ(gi (x, y))). 8 i=1 8 i=1 3

κ(x, y) =

3

We have |K4 | ≤



κ(x, y).

(x,y)∈Fq2

Fix w ∈ Fq and let Nw = Nw −

1 q = 8 8

 y∈Fq

κ(w, y). Then

∅=S⊆{1,2,3}

(−1)|S|



y∈Fq i∈S

εi χ(gi (w, y))

(5.9)

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

1 = 8



|S|

(−1)

∅=S⊆{1,2,3}



i∈S

εi

y∈Fq

χ



19

gi (w, y) .

(5.10)

i∈S

The coefficient at y in s(x, y), in t1 (x, y) and in t3 (x, y) is −(x − ϑ)2 , (x − ϑ)(x − 3ϑ) and 2ϑ(x − ϑ) respectively. It follows that the degree in y of s(w, y), t1 (w, y) and t3 (w, y) is one, for each substitution x = w. Further, the coefficient at y 2 in t2 (x, y) is 1, hence the degree in y of t2 (w, y) is two, for each substitution x = w. Again we would like to apply the Weil bound on (5.10). Let us first consider the

exceptional cases when the bound may not apply. Those are the cases when i∈S gi (x, w) may be a perfect square in Fq [x] for some S. Let u(x, y) = y + ϑ. We have uusst1 t1 t2 t2 t3 t3 = −(w − ϑ)3 (w + ϑ)3 G where G = (y + ϑ)(−y + ϑ)(ϑ2 + 3ϑw − ϑy + wy)(ϑ2 − 3ϑw + ϑy + wy) × (ϑ2 + ϑw − 3ϑy + wy)(ϑ2 − ϑw + 3ϑy + wy)(ϑ2 + 2ϑw − 2ϑy − y 2 ) × (ϑ2 − 2ϑw + 2ϑy − y 2 )(ϑ2 + 2ϑw − 2ϑy − w2 )(ϑ2 − 2ϑw + 2ϑy − w2 ). We have discy (G) = 284 (3ϑ − w)2 (5ϑ2 − w2 )4 (3ϑ2 + w2 )6 (ϑ2 + 3w2 )2 (7ϑ2 + 4ϑw + w2 )4 × (7ϑ2 − 4ϑw + w2 )4 (3ϑ + w)2 (ϑ2 − 4ϑw − w2 )14 (ϑ2 + 4ϑw − w2 )14 × (−w + ϑ)47 (w + ϑ)47 w4 ϑ66 . Since w ∈ / {±ϑ, ±3ϑ}, there are at most 15 exceptional values of w for which the Weil bound may not apply for some S. For each w that is not exceptional the Weil bound yields  q  57 √  q. Nw −  ≤ 8 8   For the exceptional w we use Nw − 8q  ≤ 78 q. By summing over all w ∈ Fq we get ⎛  ⎞   2  ⎝ ⎠ − q  ≤ 57 q 3/2 + 105 q. κ(x, y)  8  8 8  (x,y)∈Fq The desired result now follows by combining the previous inequality with inequality (5.9). 2 We now state our main results.

20

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Theorem 5.6. Let q be an odd prime power. Dickson nearfield of order q 2 , obtained as a quadratic extension of Fq , produces at least one maximally nonassociative quasigroup. Proof. By Proposition 3.4 it is sufficient to show that 2|K2 | + |K3 | + |K4 | < 3(q 2 − 1)/4.

(5.11)

By combining Propositions 5.3, 5.4 and 5.5 we get 2|K2 | + |K3 | + |K4 | ≤

5 2 117 3/2 305 q + q q. + 8 8 8

(5.12)

Let f (q) and h(q) be the right-hand sides of (5.11) and (5.12) respectively. Using Descartes’ rule of signs implemented in function realroot() in Maple, one shows that the function q → f (q) − h(q) has exactly one positive root, which lies in the interval (1192 , 1202 ). For each q ≤ 1202 we found one example of maximally nonassociative quasigroup from Dickson nearfield of order q 2 by generating random elements of the nearfield and applying Proposition 3.2. The computation time for this task in Magma [1] was 14 seconds. For q > 1202 the result follows from the earlier part of this proof. 2 Lemma 5.7. There exists a maximally nonassociative quasigroup of order 64. Proof. Using Magma [1] we found that Dickson nearfield N64 of order 64, which is obtained as a cubic extension of F4 , contains 18 elements c such that N64 (∗c ) is maximally nonassociative. 2 Corollary 5.8. Let m = 23k r where k ≥ 0 is an integer and r is odd. There exists a maximally nonassociative quasigroup of order m2 . Proof. It is immediate to observe that if Q1 and Q2 are maximally nonassociative quasigroups, then Q1 × Q2 is also a maximally nonassociative quasigroup. The statement now follows by applying this product construction to quasigroups obtained in Theorem 5.6 and in Lemma 5.7. 2 We performed exhaustive computations with all proper nearfields N of orders less than 105 in Magma [1]. These computations revealed that the proportion of elements c such that N (∗c ) is maximally nonassociative is about 1/4 or larger, for all nearfields considered. We therefore state the following conjecture. Conjecture 5.9. For each finite proper nearfield N there exists c ∈ N such that (N, ∗c ) is a maximally nonassociative quasigroup. For a given proper nearfield N it is interesting to examine the density of those c such that N (∗c ) is maximally nonassociative, in the set of all admissible choices for c (that

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

21

Fig. 1. The density of c such that Nq2 (∗c ) is maximally nonassociative.

is, the set N \ {0, 1}). If ρ(N ) denotes this density, then the expected number of trials 1 required to find c such that N (∗c ) is maximally nonassociative is ρ(N ) , assuming that we draw elements from N \ {0, 1} uniformly at random. Let Nq2 denote the quadratic Dickson nearfield of order q 2 . It follows from the calculations in the proof of Theorem 5.6 that ρ(Nq2 ) is bounded below by about 1/8 = 0.125 for large q. We performed exact computations based on Proposition 3.2 for q < 4900. The graph in Fig. 1 shows that in this range, ρ(Nq2 ) settles at about 0.289 near the upper end of this range. We state this observation as a conjecture. Conjecture 5.10. Let q be an odd prime power and let Nq2 denote the quadratic Dickson nearfield of order q 2 . There exists a real number 0.288 < d < 0.29 such that ρ(Nq2 ) → d as q → ∞.

5.1. Results for the subset D Recall the definition of the set D in Section 4: For q an odd prime power and F = Fq2 , let D = {x ∈ F | xq+1 = 1 and x = 1}. Note that all elements of D are squares in Fq2 , because they are (q − 1)th powers. One of the anonymous referees suggested that elements c ∈ N such that N (∗c ) is maximally nonassociative might be sought and found in the set D. The advantage of this approach is the simplification of proofs of existence of such c, due to the special form of the elements of D. On the other hand, there are also limitations to this approach, and those will be discussed in Section 5.3. Propositions 5.11 and 5.12 with proofs are due to the anonymous

22

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

referee. Proposition 5.13 and Theorem 5.14 are due to the authors of the paper. Recall that sets Ki were defined in Section 3. Proposition 5.11. For i = 2, 3, 4 we have D ∩ Ki = ∅. Proof. For K2 , it is obvious since elements of D are squares. For y ∈ K4 , let y = xq−1 , and observe that y q (y q+1 − 2y + 1)(y q − y 2 ) is nonsquare ⇐⇒ 2(y − 1)(y 3 − 1) is nonsquare ⇐⇒ (y − 1)2 (y 2 + y + 1) is nonsquare ⇐⇒ y 2 + y + 1 is nonsquare ⇐⇒ x2(q−1) + xq−1 + 1 is nonsquare ⇐⇒ x2q + xq+1 + x2 is nonsquare. Being in Fq last line cannot be satisfied. For y −1 ∈ K3 we have (y − 1)q−1 +

1−y is nonsquare y

⇐⇒ y(y − 1)q−1 + 1 − y is nonsquare ⇐⇒ (y − 1)y(y − 1)q + (1 − y)(y − 1)2 is nonsquare ⇐⇒ (y − 1)(1 − y) + (1 − y)(y − 1)2 is nonsquare ⇐⇒ (y − 1)(1 − y)(1 + y − 1) is nonsquare ⇐⇒ (y − 1)2 y is nonsquare, a contradiction. 2 Proposition 5.12. Let y ∈ D. (i) We have y ∈ K0 if and only if y − 1 is a square. (ii) We have y ∈ K1 if and only if y − 1 is a nonsquare and y 2 − y − 1 is a square. Proof. (i) This immediately follows from the definition of the set K0 . (ii) Assume y ∈ D ∩ K1 . We know that y − 1 must be nonsquare. Therefore (y − 1)2 + 1 is a square (y − 1)q ⇐⇒ (y − 1)2 + (y − 1)q is a nonsquare ⇐⇒ y 2 + 1 − 2y + y q − 1 is a nonsquare ⇐⇒ y 3 − 2y 2 + 1 is a nonsquare

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

23

⇐⇒ y 2 − y − 1 is a square. Finally we compute y q−1 (y 2 − y + 1) − 1 = (y q+1 − 1) + (−y q + y q−1 ) = −y q−1 (y − 1) which is nonsquare. Therefore the third condition for set K1 is always satisfied when y ∈ D, and it does not need to be stated explicitly. 2 Proposition 5.13. Let q = pe where e is a positive integer and p is an odd prime different from 5. We have   4   q  √   Ki  ≥ − 9 q. D \   4 i=0 Proof. Let C =D\

4 

Ki .

i=0

It follows from Propositions 5.11 and 5.12 that C = {y ∈ D | y − 1 is a nonsquare and y 2 − y − 1 is a nonsquare}. Recall from Lemma 4.1 that D = {i(x) | x ∈ Fq } where i(x) =

2xϑ x−ϑ x2 + c − 2 = 2 x −c x −c x+ϑ

and ϑ ∈ F is such that F = Fq2 = Fq (ϑ), and c = ϑ2 ∈ Fq . Hence c is nonsquare in Fq , and an easy calculation shows that ϑ is square in Fq2 exactly when q ≡ 3 (mod 4), regardless of the choice of c. For an arbitrary y ∈ D let x ∈ Fq be such that y = i(x) = x−ϑ x+ϑ , then y−1=−

2ϑ x+ϑ

and y2 − y − 1 = −

x2 + 4ϑx − ϑ2 . (x + ϑ)2

If q ≡ 1 (mod 4), then y − 1 is nonsquare exactly when x + ϑ is square. If q ≡ 3 (mod 4), then y − 1 is nonsquare exactly when x + ϑ is nonsquare. For each odd q, y 2 − y − 1 is nonsquare exactly when x2 + 4ϑx − ϑ2 is nonsquare.

24

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

To obtain a bound on |C| we apply techniques used in proofs of Propositions 5.3, 5.4 and 5.5. Recall that χ is the quadratic character on Fq∗2 , extended by zero to Fq2 , and χ is the quadratic character on Fq∗ , extended by zero to Fq . Define the polynomials f1 (x) = x + ϑ f2 (x) = x2 + 4ϑx − ϑ2 and gi = fi fi for i = 1, 2. By Lemma 5.1(ii) we have χ (fi (x)) = χ(gi (x)) for all x ∈ Fq . If q ≡ 1 (mod 4), then let ε = −1. If q ≡ 3 (mod 4), then let ε = 1. Let κ : Fq → Q be defined by κ(x) =

1 1 (1 − εχ (f1 (x)))(1 − χ (f2 (x))) = (1 − εχ(g1 (x)))(1 − χ(g2 (x))). 4 4

(5.13)

The polynomials f1 and f2 have no roots in Fq . Therefore |C| =



κ(x).

(5.14)

x∈Fq

By expanding (5.13), summing over Fq and applying (5.14) we get |C| =

q −ε χ(g1 (x)) − χ(g2 (x)) + ε χ((g1 g2 )(x)). 4 x∈Fq

x∈Fq

(5.15)

x∈Fq

We wish to apply the Weil bound on the three character sums. We have to investigate when some of the polynomials may be perfect squares over Fq , as the Weil bound does not apply in those cases. Clearly g1 (x) = (x + ϑ)(x − ϑ) is never a perfect square. On the other hand, we have discx (g2 ) = 216 52 ϑ12 discx (g1 g2 ) = 234 52 ϑ30 . Since q is odd, the polynomials g2 and g1 g2 have repeated roots in Fq , and thus may be perfect squares over Fq , only if the characteristic of the field is 5. When the characteristic of the field is different from 5, the Weil bound (Theorem 5.2) applies to all character sums in (5.15). By applying triangle inequality we get |C| ≥

q q √ √ − ((2 − 1) + (4 − 1) + (6 − 1)) q = − 9 q. 4 4

2

Theorem 5.14. Let q be an odd prime power. The set D contains an element c such that N (∗c ) is maximally nonassociative if and only if q = 19 and q is not a power of 5.

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

25

Proof. If q is a power of 5, then y 2 −y−1 = (y+2)2 for each y ∈ D. From Proposition 5.12 we get D ⊂ K0 ∪ K1 and the result follows. √ If q is not a power of 5 and q > 1296, then 4q − 9 q > 0 and D\

4 

Ki = ∅

i=0

by Proposition 5.13. 4 For all odd prime powers q < 1296 we determined the set D \ i=0 Ki in 4 seconds using Magma [1]. We found that this set is nonempty exactly when q = 19 and q is not a power of 5. 2 5.2. Isomorphism Let N be the Dickson quadratic nearfield of order q 2 and F the field of order q 2 . It follows from the result of Zassenhaus [11, Satz 18] that the automorphisms of N are exactly the automorphisms of F , except the case q = 3 when Aut(N ) is isomorphic to the symmetric group on three elements. Further it was proved by Stein [10, Theorem 2.7] that if f is an automorphism of N and a ∈ N , then the quasigroups N (∗a ) and N (∗f (a) ) are isomorphic. If a ∈ N is such that it belongs to no proper subfield of N , then N (∗a ) ∼ = N (∗b ) implies the existence of f ∈ Aut(N ) for which b = f (a), by [10, Theorem 2.8]. k

Proposition 5.15. Let N be a quadratic nearfield of order q 2 , q > 3 and q = p2 , k ≥ 0 and p a prime. Put A = {a ∈ N | a = 0, 1 and N (∗a ) is maximally nonassociative}. Then 2k+1 divides |A|. For each a ∈ A there exist exactly 2k+1 elements b ∈ A such that N (∗a ) ∼ = N (∗b ). If q = 3, then A = N \ F3 and N (∗a ) ∼ = N (∗b ) for any a, b ∈ A. Proof. Let S be a subnearfield of N . If S is not a field, then S ∩ Fq has to contain an element u with the property that if u = v ◦ v, then v ∈ N \ Fq . This cannot happen if S ∩ Fq is a proper subfield of Fq . Hence every proper subnearfield of N is contained in Fq . No element of A belongs to Fq , by Proposition 2.10. Therefore if a, b ∈ A yield i isomorphic quasigroups, then b = ap for some i, 0 ≤ i < 2k+1 , by the above mentioned results of Stein. There cannot be a = aq since a ∈ / Fq . If q = 3, then Aut(N ) acts upon N \ F3 transitively. 2 Numerical results for small q are summarized in Table 5.1. The meaning of the values in columns I, II, III, IV is as follows: I – number of maximally nonassociative quasigroups N (∗c ), c ∈ N , II – number of isomorphism types of maximally nonassociative quasigroups N (∗c ), c ∈ N,

26

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

Table 5.1 Number of maximally nonassociative quasigroups N (∗c ). q 3 5 7 9 11 13 17 19

I 6 4 16 20 48 56 80 108

II 1 2 8 5 24 28 40 54

III 2 0 4 4 4 4 4 0

IV 1 0 2 1 2 2 2 0

III – number of maximally nonassociative quasigroups N (∗c ), c ∈ D, and IV – number of isomorphism types of maximally nonassociative quasigroups, N (∗c ), c ∈ D, where D is the subset of N studied in Section 5.1. We note that the values in columns II and IV can be computed from those in columns I and III using Proposition 5.15; we include these values explicitly as they compare the results obtained in Theorem 5.6 and Theorem 5.14. 5.3. Conclusion We have presented two results on the existence of maximally nonassociative quasigroups, Theorem 5.6 (extended in Corollary 5.8) and Theorem 5.14. Theorem 5.6 is stronger than Theorem 5.14 in the sense that it produces many more (about q times more) nonisomorphic maximally nonassociative quasigroups, and also because Theorem 5.14 does not apply in characteristic 5 and for q = 19. On the other hand, Theorem 5.14 has a simpler proof. Therefore we include both results. Acknowledgment Research of the second author was supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC), grant number RGPIN-2015-06250. References [1] W. Bosma, J. Cannon, C. Playoust, The magma algebra system. I. The user language, J. Symb. Comput. 24 (3–4) (1997) 235–265. [2] L.E. Dickson, On finite algebras, Nachr. Akad. Wiss. Gött. Math.-Phys. Kl. II (1905) 358–393. [3] A. Drápal, V. Valent, High nonassociativity in order 8 and an associative index estimate, J. Comb. Des. 27 (2019) 205–228. [4] A. Drápal, V. Valent, Extreme nonassociativity in order nine and beyond, J. Comb. Des. (2019) (accepted). [5] R.J. Evans, Exponential and character sums, in: G.L. Mullen, D. Panario (Eds.), Handbook of Finite Fields, CRC Press, 2013. [6] O. Grošek, P. Horák, On quasigroups with few associative triples, Des. Codes Cryptogr. 64 (2012) 221–227.

A. Drápal, P. Lisoněk / Finite Fields and Their Applications 62 (2020) 101610

27

[7] T. Kepka, A note on associative triples of elements in cancellation groupoids, Comment. Math. Univ. Carol. 21 (1980) 479–487. [8] A. Kotzig, C. Reischer, Associativity index of finite quasigroups, Glas. Mat. Ser. III 18 (1983) 243–253. [9] O. Perron, Bemerkungen über die Verteilung der quadratischen Reste, Math. Z. 56 (1952) 122–130. [10] S.K. Stein, Homogeneous quasigroups, Pac. J. Math. 14 (1964) 1091–1102. [11] H. Zassenhaus, Über endliche Fastkörper, Abh. Math. Semin. Univ. Hamb. 11 (1936) 187–220.