Self-Invertible Permutation Polynomials over Zm - Semantic Scholar

International Journal of Algebra, Vol. 5, 2011, no. 23, 1135 - 1153

Self-Invertible Permutation Polynomials over Zm Javier Diaz-Vargas Universidad Aut´onoma de Yucat´an, Facultad de Matem´aticas Perif´erico Norte Tablaje 13615, 97119, M´erida, Yucat´an, M´exico [email protected] Carlos Jacob Rubio-Barrios Universidad Aut´onoma de Yucat´an, Facultad de Matem´aticas Perif´erico Norte Tablaje 13615, 97119, M´erida, Yucat´an, M´exico [email protected] Jos´ e Antonio Sozaya-Chan Universidad Aut´onoma de Yucat´an, Facultad de Matem´aticas Perif´erico Norte Tablaje 13615, 97119, M´erida, Yucat´an, M´exico soca [email protected] Horacio Tapia-Recillas Universidad Aut´onoma Metropolitana-I, Departamento de Matem´ aticas 09340, Distrito Federal, M´exico [email protected]

Abstract Necessary and sufficient conditions for a quadratic polynomial to be a self-invertible permutation polynomial over the ring Zm of integers modulo m are given. Also, necessary conditions for a polynomial of higher degree to be self-invertible over the ring Zm are presented.

Mathematics Subject Classification: 11T06, 13M10 Keywords: permutation polynomials, modular integers, self-invertible quadratic permutation polynomials

1136

1

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

Introduction

Historically, permutations have been fundamental to many areas of Mathematics. Recently with the increasing significance of information transmission and security, permutations have came to occupy a central role in these areas. In the design of various private key cipher algorithms such as DES, Twofish ([7]) or AES ([2]) permutations are a main component, for example in the so-called S-boxes. In linear detecting-correcting codes permutations are also very important. In turbo codes, interleavers are one of the central elements as well. An algebraic approach represents one of many ways to determine such objects and several groups have focussed their research in this direction ([10]). This approach leads to the study of Permutation Polynomials (PPs) over algebraic structures such as finite fields ([4], [5])) and rings including the ring Zm of integers modulo m ([9]). Linear PPs do not have suitable properties for applications, but those PPs of degree 2, i.e., quadratic permutation polynomials (QPPs), as well as some of higher degree are more appropriate for such purposes. In [10] several properties of QPPs have been established and an infinite sequence of QPPs achieving the upper bound on the spread factor is described. It is worth mentioning that in [6] the interleave structure on QPPs was endorsed for LTE turbo coding and such interleavers perform well with respect to regularity, complexity and flexibility. For some applications, for a given permutation it is important to determine its inverse in such a way that the cost from a computational point of view is neglible. In particular for those permutations given by PPs and, more concretely, for QPPs it would be useful to determine their inverse easily and quickly. In [8] results on the inverse of QPPs are provided. An interesting question is to determine QPPs that are self-invertible because such permutations could be used in numerous applications where no additional work is needed to obtain the inverse and less computational resources are required. Results in this direction appear in [11]. In the present note, necessary and sufficient conditions for a QPP over the ring Zm of integers modulo m, to be self-invertible are given. The note is organized as follows: in Section 2 conditions for a QPP to be self-invertible on the ring Zpn of integers modulo pn where p is a prime and n ≥ 2 an integer, are given. In Section 3 the case Zm is considered and in Section 4 some results on self-invertible permutation polynomials of higher degree are given. Several examples are included to illustrate the general results. Throughout the manuscript the operations and relations in the ring Zm will be indicated using equality “ = ” if no confusion arises.

Self-invertible permutation polynomials

2

1137

Self-Invertible Quadratic Permutation Polynomials over Zpn

On the ring of polynomials R[x] with coefficients in a ring R, a monoid structure is given by the operation f · g = f ◦ g, where “ ◦ ” is the composition of functions. This operation is associative, but not commutative, and the identity element is the polynomial x. A monoid associated with it, is the monoid of functions f : R → R which are polynomial functions with the usual operation of composition. In this monoid, the identity element is the identity function f (x) = x for all x ∈ R. This association, i.e., to each polynomial we associate the polynomial function, is a surjective homomorphism of monoids. Its kernel is the set of polynomials that are equal to the identity function on R, i.e., such that f (x) = x for all x ∈ R. The kernel is a submonoid, which is not necessarily the trivial monoid, consisting only of the identity element. A polynomial f (x) ∈ R[x] is called a permutation polynomial if the associated polynomial function is a bijective function. We say that a permutation polynomial is self-invertible if f 2 is in the kernel of the homomorphism described above. This means that f (f (x)) = x for all x in R. Note that if a polynomial has order 2 in R[x] then it is a self-invertible permutation polynomial, but the converse is not necessarily true, as shown in the following example. Example 2.1. The polynomial f (x) = 5x + 3x2 + 3x3 is a self-invertible cubic polynomial over Z32 . However, as an element of the monoid Z32 [x], the order of this polynomial is infinite. In this section necessary and sufficient conditions are given for a quadratic permutation polynomial (QPP) to be self-invertible over the ring Zpn where p is a prime and n ≥ 2 an integer. We recall the following result ([3, Theorem 7]). Lemma 2.2. Let p be a prime and n ≥ 1 an integer. Then f : Zpn → Zpn given by f (x) = ax + bx2 is a permutation polynomial if and only if (a, p) = 1 and p divides b. In particular, there are no quadratic permutation polynomials over the finite field Zp . Observe that a polynomial f (x) is a permutation polynomial over Zm if and only if g(x) = af (x) + b is a permutation polynomial over Zm , where gcd(a, m) = 1 and b ∈ Z. Thus, it is suffices to consider polynomials with zero constant terms. First the case p ≥ 3 will be considered.

1138

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

Lemma 2.3. Let p > 3 be an odd prime, n ≥ 2 an integer and f (x) = ax+bx2 a quadratic polynomial over Zpn . Then f (x) is a self-invertible QPP if and only if the following conditions hold in the ring Zpn : (i) a2 = 1, (ii) b2 = 0, (iii) b(1 + a) = 0. If p = 3 and f (x) is a self-invertible quadratic polynomial over Z3n , then the following conditions hold in the ring Z3n−1 : (iv) a2 = 1, (v) b2 = 0, (vi) b(1 + a) = 0. Proof. Suppose that p > 3. Since f (x) is self-invertible if and only if f (f (x)) = x for all x ∈ Zpn , which is equivalent to, f (f (x)) = a2 x + ab(1 + a)x2 + 2ab2 x3 + b3 x4 = x ∀ x ∈ Zpn . If the coefficients of f (x) satisfy the stated conditions, then f (f (x)) = x for all x ∈ Zpn and the claim follows. Now suppose that f (x) is a self-invertible QPP. By evaluating it at 1, −1, 2 and −2 we have the following relations: a2 + ab(1 + a) + 2ab2 + b3 −a2 + ab(1 + a) − 2ab2 + b3 2a2 + 22 ab(1 + a) + 24 ab2 + 24 b3 −2a2 + 22 ab(1 + a) − 24 ab2 + 24 b3

= 1 = −1 = 2 = −2

(1) (2) (3) (4)

Since 2 is a unit in Zpn , relation (3) is equivalent to a2 + 2ab(1 + a) + 23 ab2 + 23 b3 = 1

(5)

and relation (4) is equivalent to −a2 + 2ab(1 + a) − 23 ab2 + 23 b3 = −1.

(6)

Adding relations (1) and (2) and simplifying we obtain ab(1 + a) = −b3 .

(7)

Self-invertible permutation polynomials

1139

From relations (5) and (7) we have, a2 + 2 · 3b3 + 23 ab2 = 1

(8)

and from relations (6) and (7), −a2 + 2 · 3b3 − 23 ab2 = −1.

(9)

Adding relations (8) and (9) we obtain 22 · 3b3 = 0, or equivalently, b3 = 0 (since 2 and 3 are units in Zpn ). From this and relation (7) it follows that ab(1 + a) = 0. Subtracting relation (2) from relation (1) and simplifying, we have a2 + 2ab2 = 1.

(10)

Since b3 = 0, relation (8) reduces to a2 + 23 ab2 = 1.

(11)

Now, from relations (10) and (11) it follows that 2·3ab2 = 0, which is equivalent to ab2 = 0 (2 and 3 are units in Zpn ). From this and relation (10), relation (i) of the Lemma follows. Relation (i) implies that a is a unit in Zpn and claim (ii) follows from relation (10) (or (11)). Also, since a is a unit, relation (iii) follows from the fact that ab(1 + a) = 0. If p = 3 and f (x) is a self-invertible QPP over Zpn , a slight modification of the above argument shows that conditions (iv), (v) and (vi) hold. Remark 2.4. If p ≥ 3 is a prime, f (x) = ax + bx2 is a self-invertible QPP over Zpn and n ≥ 2, Lemma 2.3 implies that b and 1 + a lie in the unique maximal ideal p (here α means the principal ideal of the ring Zpn generated by the element α ∈ Zpn ). Since any ideal of the (finite) local ring Zpn is of the form pi for i = 0, 1, . . . , n, and the lattice of these ideals is such that: Zpn = 1 ⊃ p ⊃ · · · ⊃ pn−1  ⊃ pn  = 0, it follows that b = pr , 1 ≤ r ≤ n − 1, and 1 + a = pk , 1 ≤ k ≤ n. As a result of these relations b = pr v and 1 + a = pk u, where v and u are units in Zpn . Moreover, if p > 3, conditions (ii) and (iii) of Lemma 2.3 imply that n2 ≤ r ≤ n − 1 and r + k ≥ n; and if p = 3, condition (v) implies that n−1 ≤ r ≤ n − 1. 2 For p > 3 we have the following: Theorem 2.5. Let p > 3 be a prime and n ≥ 2 an integer. Then the polynomial f (x) = ax + bx2 is a self-invertible QPP over Zpn if and only if a = −1 and b = pr v, where gcd(v, p) = 1 and

n 2

≤ r ≤ n − 1.

1140

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

Proof. Let p > 3 be a prime and n ≥ 2 an integer. If f (x) = ax + bx2 is a selfinvertible QPP over Zpn , then from Remark 2.4, a = −1+pk u where 0 < k ≤ n and u a unit in Zpn . So we have 1 = a2 = (−1 + pk u)2 = 1 − 2pk u + p2k u2 , and therefore 0 = pk u(−2 + pk u). Thus, in the ring of integers Z, pk u(−2 + pk u) = pn K for some integer K, or equivalently u(−2 + pk u) = pn−k K. If n − k > 0, then p divides u or −2 + pk u, but none of these possibilities are valid since u and −2 + pk u are units in Zpn . Therefore, k = n and a = −1 + pn u, i.e., a = −1 in Zpn in Zpn . Now, from Remark 2.4 it follows that b = pr v, where v is a unit in Zpn and r ≥ n2 . Conversely, suppose that a = −1 and b = pr v where n2 ≤ r ≤ n − 1 and v is a unit in Zpn . It is clear that (a, p) = 1 and p divides b. Thus from Lemma 2.2 it follows that f (x) is a permutation polynomial. Moreover, since n2 ≤ r ≤ n − 1 we have b = pr v = 0 and therefore f is a QPP over Zpn . Finally, it is easy to verify that the relations of Lemma 2.3 hold, and that f is self-invertible. Theorem 2.5 allows us to count the number of self-invertible quadratic permutation polynomials over Zpn , for p > 3. Corollary 2.6. Let p > 3 be a prime, n ≥ 2 an integer and ϕ be the Euler function. Then the number of self-invertible quadratic permutation polynomials over Zpn is equal to:  n ϕ(pn ) for n even, n− 2   n−1 ϕ(pn ) for n odd. 2  Example 2.7. Let f (x) = −x + 73 x2 and g(x) = x + 73 x2 be permutation polynomials over Z75 . Then f (f (x)) = x − 2 · 76 x3 + 79 x4 = x, g(g(x)) = x + 2 · 73 x2 + 2 · 76 x3 + 79 x4 = x + 2 · 73 x2 , showing that f (x) is self-invertible but g(x) is not. Corollary 2.8. Let p > 3 be a prime and f (x) = ax + bx2 be a QPP over Zpn , n ≥ 2. If u is a unit in Zpn such that f (u) = u, then f (x) is not selfinvertible. Proof. Assume that f (x) is self-invertible. By Theorem 2.5, a = −1 in Zpn . Then f (u) = −u + u2 b = u, which implies that ub = 2. Since u and 2 are units in Zpn , it follows that b is also a unit, a contradiction.

Self-invertible permutation polynomials

1141

The case p = 3 is now considered. We have the following, Theorem 2.9. Let p = 3 and n ≥ 2 be an integer. The polynomial f (x) = ax + bx2 is a self-invertible QPP over Z3n if and only if n a = −1 and b = 3r v, where gcd(v, 3n) = 1 and 1 ≤ r ≤ , 2 or a = −1 + 3n−1 u, where n is odd, b = 3(n−1)/2 v, gcd(u, 3n ) = gcd(v, 3n ) = 1 and gcd(u + v 2 , 3) = 3. Proof. From Remark 2.4, a = −1+3k u, 0 < k ≤ n and u is a unit in Z3n . From 3k u(−2 + 3k u) Lemma 2.3, a2 = 1 − 2 · 3k u + 32k u2 = 1 (mod 3n−1 ), then 0 =   (mod 3n−1 ). If k = n, then a = −1. If k < n, then u −2 + 3k u = 0 (mod 3n−1−k ). So k can not be less than n−1 and it follows that a = −1+3n−1 u. n−1 If a = −1 + 3n−1 u then from Remark 2.4, b = 3r v and r ≥ . Thus 2   f (f (x)) = 1 − 2 · 3n−1 u x − 3n−1+r uvx2 − 2 · 32r v 2 x3 . Now, it is clear that f (f (1)) = 1 implies that 3 divides u + 32r−(n−1) v 2 , but this is not possible if 2r > n−1. Hence, 2r = n−1 and therefore n is odd. Thus, the polynomial f (f (x)) takes the form: f (f (x)) = (1 − 2 · 3n−1 u) x − 2 · 3n−1 v 2 x3 . Since f (f (1)) = 1, we have that 3 divides u + v 2 . Conversely, assume that the second conditions hold. Then, f (f (x)) = = = = ≡

(1 − 2 · 3n−1 u)x − 2 · 3n−1 v 2 x3 x − 2 · 3n−1 x(u + v 2 x2 ) x − 2 · 3n−1 x(u + v 2 + (x + 1)(x − 1)v 2 ) x − 2 · 3n−1 (x − 1)x(x + 1)v 2 x (mod 3n ),

because 3 divides (x − 1)x(x + 1). from this and Lemma 2.2, f (x) is a selfinvertible QPP over Z3n . n−1 . Finally, suppose that a = −1. As before, we have b = 3r v, r ≥ 2 n Then f (f (x)) = x − 2 · 32r v 2 x3 , and f (f (1)) = 1 implies that r ≥ . 2 n r Conversely, if a = −1 and b = 3 v, v a unit, where r ≥ , then clearly 2 f (x) is a self-invertible QPP. This completes the proof of the theorem. Example 2.10. Consider the polynomials f (x) = 8x + 12x2 and g(x) = 17x + 12x2 . Observe that g(x) is self-invertible over Z33 but f (x) is not since f (f (x)) = 10x + 9x3 , f (f (1)) = 19 and f (f (20)) = 2.

1142

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

Now we treat the case p = 2. In [11] the analog result of Theorem 2.11 was given for p = 2 but it seems that not all the cases were considered. In the following lines a full description is presented. Theorem 2.11. Let n ≥ 2 be an integer and f (x) = ax + bx2 a QPP over Z2n . If n > 4, then f is self-invertible if and only if one of the following conditions is satisfied: 1. a = 2n−2+i w + z and (3 − z)r = 2(n − 2 + i) with z = ±1, 2. a = 2n−1+i u − 1 and 2r ≥ n − i, 3. a = 1 and r = n − 1, where b = 2r v, i = 0, 1 and u, v, w are units in Z2n . If n ≤ 4, then f is self-invertible if and only if b(1 + a)w = a2 − 1 = 0 in Z2n−1+i , where w is a unit in Z2n and i = 0, 1. Proof. Let n > 4, a = 2s u − 1 and b = 2r v with r, s > 0, u, v units in Z2n and let g(x) = f 2 (x) − x. Then g(x) = 2s+1 u(2s−1 u − 1)x + 2s+r uvax2 + 22r+1 av 2 x3 + 23r v 3 x4 . Assuming that f is a self-invertible permutation polynomial, there are two cases to consider: s = 1 and s > 1. In the first case, since n > 4 it follows that r > 1 and r < 2r < 3r − 1 as r = s = 1 leads to n < 3 after replacing these values at g(1) = 0. Let u = 2α w + 1 with α > 0 and w a unit in Z2n , and for some h ∈ Z2n [x] g(x) = 22 x(2α uw + 2r−1 vxh(x)) = 0. If α = r − 1, min(α, r − 1) ≥ n − 2, r = n − 1, α ≥ n − 1 and a = 1. Therefore (3) is satisfied. If α = r − 1 with x = 2, α + 1 = r ≥ n − 2. Then we have the following: If r = n − 2, a = 2n−2 w + 1 and satisfies case (1) with i = 0, z = 1. If r = n − 1, a = 2n−1 w + 1 and satisfies case (1) with i = 1, z = 1. In the second case s > 1, if s = 2r g(x) − g(−x) = 2s+2 u(2s−1 u − 1)x + 22r+2 av 2 x3 = 0, min(s, 2r) ≥ n − 2, which in turn leads to r > 1 and 2s ≥ n. Then

Self-invertible permutation polynomials

1143

g(x) = 2s+1 ux(2r−1 vax − 1) + 22r+1 v 2 x3 (2r−1 vx + a) = 0 implies that if s > 2r, then 2r ≥ n − 1 and hence s ≥ n. In this situation, case (2) with i = 1 is satisfied. If 2r > s, it follows that s ≥ n − 1 and 2r ≥ n. Then we have the following: If s = n − 1, 2r ≥ n, a = 2n−1 u − 1 and satisfies case (2) with i = 0. If s = n, 2r ≥ n, a = −1 and satisfies case (2) with i = 1. Finally, if s = 2r and since r > 1, g(x) = 22r+1 x(u(22r−1 u − 1) + av 2 x2 ) + 23r vx2 (ua + v 2 x2 ) = 0. By taking x = 2 we have 2r = s ≥ n − 2. We then have the following: If 2r = n − 2, a = 2n−2 w − 1 and satisfies case (1) with i = 0, z = −1. If 2r = n − 1, a = 2n−1 w − 1 and satisfies case (1) with i = 1, z = −1. If 2r = n, a = −1 and satisfies case (2) with i = 1. Assuming now that one of the conditions (1) to (3) of the theorem is satisfied, by a simple calculation it can be seen that f is a self-invertible QPP. Suppose that n ≤ 4. Let a = 2s u − 1 and b = 2r v with r, s > 0, u, v units in Z2n . Note that for n = 2, 3 it holds that a2 − 1 = 2ab2 = b3 = 0 and with this g(x) = ab(1 + a)x2 = 0 if and only if b(1 + a) = 0. If n = 4, then g(x) = (a2 − 1)x + ab(1 + a)x2 = 2s+1 u(2s−1 u − 1)x + 2s+r auvx2 , given that 2ab2 x3 + b3 x4 = 22r+1 v 2 x3 (a + 2r−1 vx) = 0 for any odd or even x. Since f is a self-invertible QPP, g(2) = 0 implies that a2 − 1 = 23 c for some c ∈ Z2n . If c is not a unit in Z2n then g(1) = ab(1 + a) = 0 and then b(1 + a) = 0. On the other hand, if c is a unit in Z2n , we obtain: g(x) = 23 cx + 2r+s auvx2 = 2min(3,r+s) m(x) = 0 for some m(x) ∈ Z2n [x]. Note that if r + s = 3 then m(1) is a unit in Z2n ; n ≤ 3 is not possible, therefore r + s = 3. The converse follows directly.

3

Self-Invertible Quadratic Permutation Polynomials over Zm

As a direct consequence of the Chinese Remainder Theorem we have the following result (see Theorem 2 of [3]),

1144

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

Theorem 3.1. Let m = pe11 pe22 · · · pekk where p1 , . . . , pk are distinct prime numbers and e1 , . . . , ek are positive integers. A polynomial f (x) is a permutation polynomial over Zm if and only if f (x) is a permutation polynomial over Zpei i for all i = 1, . . . , k. Theorems 2.5 and 3.1 give the following result, Theorem 3.2. Let m = pe11 · · · pekk be an integer such that 3 < p1 < p2 < · · · < pk are primes and ei ≥ 2 for i = 1, 2, . . . , k. Let f (x) = ax + bx2 be a QPP over Zm . If b = 0 in Zpei i for all i = 1, . . . , k, then f is self-invertible over Zm if and only if the following conditions are satisfied: (i) a = −1, (ii) b = pr11 · · · prkk u, where

ei 2

≤ ri < ei for all i = 1, . . . , k and gcd(u, pi) = 1.

Proof. Suppose that f is a self-invertible QPP over Zm . Then by Theorem 3.1, f is a self-invertible QPP over Zpei i for all i = 1, . . . , k. From Theorem 2.5, 1. a = −1, and 2. b = pri i ui , where ei /2 ≤ ri < ei for all i = 1, . . . , k and ui gcd (ui, pi ) = 1. r

Since the pi are distinct primes, a = −1 in Zm and since b = pri i ui = pj j uj , r it follows that b = pri i pj j ui,j where ui,j is a unit in Zpei pej . Continuing this i j process it can be seen that the two conditions of the Theorem hold. Conversely, suppose that a = −1 and b = pr11 · · · prkk u, where ei /2 ≤ ri < ei for all i = 1, . . . , k and gcd(u, pi ) = 1. Then by Theorem 2.5, f is a selfinvertible QPP over Zpei i for all i = 1, . . . , k and by Theorem 3.1, f is a self-invertible QPP over Zm . Theorem 3.3. Let p1 , . . . , pr be distinct prime integers and m = p1 · · · pr . Then f (x) = ax + bx2 is a self-invertible permutation polynomial over Zm if and only if the following conditions are satisfied: 1. a2 = 1 in Zm , 2. b = 0 in Zm . Proof. Suppose that f (x) is a self-invertible permutation polynomial over Zm . By Theorem 3.1, f (x) is a permutation polynomial over Zpi for all i = 1, . . . , r. Thus, by Lemma 2.2, b = 0 in Zpi for all i = 1, . . . , r, which implies that b = 0 in Zm . Now, since f (x) is self-invertible, f (f (x)) = a2 x + ab(1 + a)x2 + 2ab2 x3 + b3 x4 = x,

Self-invertible permutation polynomials

1145

for all x ∈ Zm , i.e. a2 x = x for all x ∈ Zm . In particular, for x = 1, a2 = 1 in Zm . Conversely, if the conditions are satisfied then f (f (x)) = x for all x ∈ Zm , and f (x) is a self-invertible permutation polynomial over Zm . Again we see that there is no quadratic self-invertible permutation polynomial over Zm , if m is a square free integer. Before stating the next result of this section we introduce the following mapping. Let R be a finite ring and let τ : R[x] → R be given by τ (a0 + a1 x + · · · + an xn ) = a1 + · · · + an . Clearly the mapping τ is linear. Recall that the binomial coefficient, Ckn , k ≤ n is the coefficient of the term uk v n−k appearing in the expansion of (u + v)n , which is given by Ckn =

n! . k!(n − k)!

  Observe that n if f (x) is the (usual) derivative of f (x), then τ (f ) = 2a2 + · · · + nan = i=2 iai .

Theorem 3.4. Let f (x) = a0 + a1 x + · · · + an xn in R[x]. Then the polynomial f (x + 1) − f (x) can be expressed as f (x + 1) − f (x) =

n−1 τ (f (k) ) k=0

k!

xk

where f (k) is the k-th derivative of f . Proof. Proceed by induction on the degree n of f . The case n = 1 is trivial because f (x + 1) − f (x) = a1 . Suppose the result is valid for any polynomial of degree n and let f (x) = a0 + a1 x + · · · + an xn + an+1 xn+1 . Define g and h in R[x] as h(x) = an+1 xn+1 and g(x) = f (x) − h(x), hence (g + h)(x + 1) − (g + h)(x) = g(x + 1) + h(x + 1) − g(x) − h(x) n−1 τ (g (k) ) k x + h(x + 1) − h(x) = k! k=0  n−1  τ (g (k) ) n+1 + Ck an+1 xk + (n + 1)an+1 xn = k! k=0 and since the k-th derivative of the polynomial an+1 xn+1 is k!Ckn+1 an+1 xn−k+1 , the result follows.

1146

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

The importance of this result lies in the fact that we can express the exact form of a sequence of functions obtained from a given fixed function. For a QPP f (x) = ax + bx2 with b = 0 over the finite ring R, let σ(x) = f 2 (x) − x = (a2 − 1)x + ab(1 + a)x2 + 2ab2 x3 + b3 x4 . Then from Theorem 3.4, a sequence of functions is obtained: σk (x) = σk−1 (x + 1) − σk−1 (x). In particular, σ1 (x) = [a2 − 1 + ab(1 + a) + 2ab2 + b3 + 2b(a(1 + a)] + (3ab + 2b2 )x + + 6b2 (a + b)x2 + 4b3 x3 , σ2 (x) = 2b(a(1 + a) + 6ab + 7b2 ) + 12b2 (a + 2b)x + 12b3 x2 , σ3 (x) = 12b2 (a + 3b) + 24b3 x, where as usual, σ0 = σ. Remark 3.5. If R is a finite local ring and f (x) = a1 x + a2 x2 + · · · + ad xd ∈ R[x] is a permutation polynomial, then by Proposition 3.4.7 of [1], a1 is a unit and a2 , . . . , ad are nilpotents in R. In particular, this result holds in the (finite) local ring Zpn , where p is a prime and n ≥ 1. Thus, if f (x) = ax + bx2 is a self-invertible QPP over a finite local ring R, then a is a unit, b is nilpotent and σ is identically zero as well as each one of the σk ’s defined above. Thus, a + 3b is a unit in R and therefore 12b2 = 0. Using this fact we can establish the following, Theorem 3.6. Let m > 1 be an integer and let f (x) = ax+bx2 be a QPP over Zm . Then, f (x) is self-invertible if and only if 12b2 = 0 and σ(1) = σ(2) = 0. Proof. Write m = pe11 pe22 · · · perr where the pi are primes such that pi = pj if i = j, and each ei is a positive integer. By Theorem 3.1, f (x) is a permutation polynomial over Zm if and only if f (x) is a permutation polynomial over Zpei i for all i = 1, . . . , r. Since Zpei i is a finite local ring, it follows that 12b2 = 0 in Zpei i for all i = 1, . . . , r, and 12b2 = 0 in Zm . Thus, if f (x) is a self-invertible QPP over Zm , then 12b2 = 0 and σ(1) = σ(2) = 0. Conversely, suppose that f (x) is a QP P over Zm such that 12b2 = 0 and σ(1) = σ(2) = 0. Then, by Remark 3.5 b is nilpotent in Zpei i for all i = 1, . . . , r, hence b is nilpotent in Zm . Thus, each prime divisor of m is a divisor of b. m and therefore 2b3 = 0 in Since 12b2 = 0 in Zm it follows that 2b2 = 0 in Z gcd(m,6)

Self-invertible permutation polynomials

1147

Zm . Moreover, σ(2) − 2σ(1) = 2ab(1 + a) = 0 and σ(2) = 2(a2 − 1) + 4ab2 = 0. Using the fact that 12b2 = 0 and 2b3 = 0, a simple calculation shows that σ(s + 2) = σ(s) + σ(2) = σ(s). Finally, as x + 2 is a permutation polynomial we conclude that σ(s + 2) = 0 for all s ∈ Zm , which means that f (x) is self-invertible. In general, this result applies to any finite local ring R with the property that 12b2 = 0 implies that 2b3 = 0. The following two results are additional consequences of Theorem 3.1 and Remark 3.5. Theorem 3.7. Let m be an odd integer and f (x) = ax + bx2 be a QPP over Zm such that a2 = 1 in Zm . Then, f (x) is self-invertible if and only if b · gcd(1 + a, b) = 0. Proof. Let m = pe11 · · · pekk where the pi are distinct odd primes. If f is a self-invertible permutation polynomial over Zm , then f (f (x)) = a2 x + ab(1 + a)x2 + 2ab2 x3 + b3 x4 = x ∀x ∈ Zm , which is equivalent to   bx2 a(1 + a) + 2abx + b2 x2 = 0 ∀x ∈ Zm ,

(12)

since a2 = 1 in Zm . On the other hand, from Theorem 3.1 we have that f (x) is a permutation polynomial over Zpei i for all i = 1, . . . , k. From Remark 3.5 it follows that b is nilpotent and a is a unit in Zpei i for all i = 1, . . . , k. Hence, b is nilpotent and a is a unit in Zm , and therefore 2a + b is also a unit in Zm . Case 1. [1 + a = 0]. By taking x = 1 relation (12) shows that b2 (2a + b) = 0. Since 2a+b is a unit, it follows that b·gcd(1+a, b) = b·gcd(0, b) = b2 = 0. Case 2. [1 + a = 0]. Since f is self-invertible, then from (12) we have b(a(1 + a) + ub(2a + bu)) = 0

(13)

and β = gb where g = gcd(1 + a, b). for all unit u of Zm . Let α = 1+a g Then, (13) is equivalent to bgμ = 0, where μ = aα + uβ(2a + b). Suppose that j ∈ {1, . . . , k} exists such that pj divides μ for all units u in Zm . Then, in particular, pj divides μ for u = 1, 2, which implies that pj | β(2a + b) and pj | aα. Since 2a + b is a unit, pj | β and then pj | α (because a is a unit), which is a contradiction. Therefore, there exists a unit such that pi  μ for all i = 1, . . . , k. Hence, pei i | bg for all i = 1, . . . , k, and therefore b · gcd(1 + a, b) = bg = 0 in Zm .

1148

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

The converse is straightforward. The other result is the following. Theorem 3.8. Let f (x) = ax + bx2 be a self-invertible QPP over Zm , m an odd integer. Then 1. 1 − a2 ∈ b · gcd(b, 1 + a); 2. 1 + a is not a unit in Zm . Proof. The assumptions of the theorem imply that (a2 − 1)x + ab(1 + a)x2 + 2ab2 x3 + b3 x4 = 0, for all x ∈ Zm . Note that for every unit u ∈ Zm we must have 1 − a2 = ab(1 + a)u + 2ab2 u2 + b3 u3 = b(a(1 + a)u + 2abu2 + b2 u3 ),

(14)

and 1 − a2 ∈ b · gcd(b, 1 + a). If u = 1 and u = −1 in the expression (14) above, both values give 1 − a2 and hence ab(1 + a) + 2ab2 + b3 = −ab(1 + a) + 2ab2 − b3 . It follows that 2b(a(1 + a) + b2 ) = 0. If 1 + a is a unit, then a(1 + a) + b2 is also a unit and b should be zero. Since this is not the case, 1 + a is not a unit.

4

Self-Invertible Permutation Polynomials of Higher Degrees

In this section necessary conditions on the coefficients of a polynomial of degree 3 to be a self-invertible permutation polynomial over the ring of integers Zpn are given. Lemma 4.1. Let n be a positive integer and f (x) = ax + bx2 + cx3 be a cubic polynomial over Zn . If the coefficients of f (x) satisfy the following conditions

Self-invertible permutation polynomials

1149

in Zn : a2 = 1, ab(1 + a) = 0, 2 a(ca + 2b2 + c) = 0, b(3a2 c + 2ac + b2 ) = 0, c(3ca2 + 3ab2 + 2b2 ) = 0, bc(6ac + b2 + c) = 0, 3c2 (ac + b2 ) = 0, 3bc3 = 0, c4 = 0,

(15) (16) (17) (18) (19) (20) (21) (22) (23)

then f (x) is self-invertible. Proof. Since f (f (x)) = a2 x + ab(1 + a)x2 + a(ca2 + 2b2 + c)x3 + b(3a2 c + 2ac + b2 )x4 + c(3ca2 + 3ab2 + 2b2 )x5 + bc(6ac + b2 + c)x6 + (3c3 a + 3c2 b2 )x7 + 3bc3 x8 + c4 x9 , the relations listed above show that f (f (x)) = x for all x ∈ Zn . Conditions of Lemma 4.1 are not necessary for a cubic polynomial to be self-invertible over Zn , as shown by the following example. Example 4.2. The polynomial f (x) = 5x + 3x2 + 3x3 is a self-invertible cubic polynomial over Z32 , it is not the identity permutation over Z32 and it does not satisfy, among others, the condition (15) of Lemma 4.1. However, if a self-invertible cubic polynomial satisfies these conditions over Zn for some n, the form of such a polynomial can be given. We first consider the cases p ≥ 3. Theorem 4.3. Let n be a positive integer and p an odd prime. If a selfinvertible cubic polynomial f (x) = ax + bx2 + cx3 over Zpn satisfies conditions (15) to (23) of Lemma 4.1, then the following relations hold in Zpn−2s : a b c v + w2

= = = =

−1, ps w, p2s v, 0,

1150

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

where v and w are such that gcd(v, p) = gcd(w, p) = 1 and n−1 n ≤s≤ if p > 3, 7 2 n−1 n−1 ≤s≤ if p = 3. 7 2 Proof. From relation (15), (a + 1)(a − 1) = 0. If p divides both a + 1 and a − 1, then p | 2, which is not possible. Hence, a − 1 = 0 or a + 1 = 0 in Zpn . If a = 1, then from relation (16), b = 0 because 2 is a unit in Zpn . Thus, from relation (17) we obtain c = 0, a contradiction. Therefore a = −1, and from relation (17), 0 = c + b2 . Consequently: b2 = −c.

(24)

On the other hand, from relation (19): c(3c − b2 ) = 0.

(25)

Relations (24) and (25) give c2 = 0, which together with relation (20) imply that b3 c = 0. Since c = 0, it follows that b is divisible by p, hence b = ps w where w is a unit in Zpn and 1 ≤ s ≤ n. From relation (23), p | c and c = pr v where v is a unit and 1 ≤ r ≤ n − 1. It follows from relation (17) that 0 = c + b2 = pr v + p2s w 2 . If r < 2s, then 0 = pr (v + p2s−r w 2 ) and because v + p2s−r w 2 is a unit Zpn , it follows that r ≥ n, which is a contradiction. Similarly, if r > 2s, then 0 = p2s (pr−2s v + w 2 ), and because pr−2s v + w 2 is a unit it follows that 2s ≥ n . and therefore r > 2s ≥ n, which is a contradiction. Thus, r = 2s and s ≤ n−1 2 2 2s 2 2 From relation (17), we have c + b = p (v + w ) = 0, so v + w = 0 in Zpn−2s . Now, relation (22) implies that, if b = ps w, w a unit, and c = p2s v, v a unit, then we have two cases: if p = 3, then s ≥ n7 ; if p = 3, then s ≥ n−1 . 7 Conversely, for n ≥ 3, if a = −1, b = ps w, c = p2s v, v + w 2 = 0 in Zpn−2s , , then f (x) satisfies the relations of where v and w are units and n3 ≤ s ≤ n−1 2 Lemma 4.1; therefore f (x) is a self-invertible cubic polynomial over Zpn . Now, we consider the case p = 2. Observe that the only cubic polynomials over Z2 are x3 , x2 + x3 , x + x3 and x + x2 + x3 , and only x3 and x + x + x3 are self-invertible. Theorem 4.4. Let n ≥ 2 be an integer. If a self-invertible cubic polynomial f (x) = ax + bx2 + cx3 over Z2n satisfies conditions (15) to (23) of Lemma 4.1, then a = ±1 + 2k u, b is not a unit in Z2n and c = 2r v where 1 ≤ k ≤ n, n ≤ r ≤ n − 1,and u, v are units in Z2n . Moreover, if a = 1 + 2k u and k > 1, 4 then k = n − 1 or k = n, and b = 0 (mod 2n−1 ).

Self-invertible permutation polynomials

1151

Proof. From relation (23) we have 2 | c and because c = 0, we may write c = 2r v where 1 ≤ r ≤ n − 1 and v a unit. Inserting this into relation (23) we get 24r v 4 = 0 from which r ≥ n4 . Now, if b is odd, relations (15) and (18) imply that 2 | 3c + 2ac + b2 and therefore 2 | b2 , which is a contradiction. Thus, 2 | b and hence b is not a unit. From relation (15) it follows that a = ±1 + 2k u where 1 ≤ k ≤ n and u is a unit. Suppose that k > 1. Then, from relation (15) we have, 1 = a2 = (±1 + 2k u)2 = 1 ± 2k+1u + 22k u2 . Thus 2k+1 u(±1 + 2k−1 u) = 0. It follows that 2k+1 = 0 since ±1 + 2k−1 u is a unit, and therefore k ≥ n − 1. (a) If k = n, then a = ±1. If a = 1, from relation (16) we see that 2b = 0 from which b = 0 (mod 2n−1 ). (b) If k = n − 1, then a = ±1 + 2n−1 u is a unit in Z2n , and from relation (16), b(1 + a) = 0. Since k > 1, n > 2. If a = 1 + 2n−1 u, then 0 = b(1 + a) = b(2 + 2n−1 u). Thus 0 = 2b(1 + 2n−2 u) because n > 2, which is equivalent to 2b = 0 since 1 + 2n−2 u is a unit. Thus, b = 0 (mod 2n−1 ). For example polynomials with a = 1+2n−1 u or a = 1 and 2n−1 | b, c = 2n−1 v u, v units in Z2n satisfy relations (15) to (23) and are therefore all self-invertible. We recall a result for a polynomial f (x) to be a permutation polynomial over Zpn , p a prime and n ≥ 2, (see Theorem 6 of [3]): Theorem 4.5. Assume p is a prime and n ≥ 2 an integer. The polynomial f (x) = a1 x + · · · + ad xd is a permutation polynomial over Zpn if and only if the following conditions hold: 1. f (x) is a permutation polynomial over Zp . 2. f  (x) = 0 for all x ∈ Zp . Now a criterion for a polynomial f (x) to be a permutation polynomial over Zpn , p a prime and n ≥ 2 is given. Theorem 4.6. Let p be a prime and n ≥ 2 an integer. Then, f (x) = a1 x + a2 x2 + · · · + ad xd is a permutation polynomial over Zpn if and only if a1 is a unit of Zpn and ai is in the ideal of Zpn generated by p, for i = 2, ..., d. Proof. If f (x) is a permutation polynomial over Zpn , then from Remark 3.5 we see that a1 is a unit in Zpn and a2 , . . . , ad are divisible by p. Conversely, if a1 is a unit in Zpn and a2 , . . . , ad are divisible by p, then f (x) = a1 x and f  (x) = a1 = 0 for all x ∈ Zp . Since (a1 , p) = 1, it follows that f (x) is a permutation polynomial over Zp . Thus, conditions (1) and (2) of Theorem 4.5 hold, and as a result f (x) is a permutation polynomial over Zpn .

1152

J. Diaz-Vargas, C. J. Rubio-Barrios, J. A. Sozaya-Chan, H. Tapia-Recillas

The following result generalizes Theorem 3.3 and shows that there is no self-invertible permutation polynomial of degree greater than 1 over Zm for m a square free integer. Theorem 4.7. Let p1 , p2 , . . . , pk be distinct prime integers and m = p1 · · · pk . Then f (x) = a1 x + · · · + ad xd is a self-invertible permutation polynomial over Zm if and only if the following conditions on Zm hold: 1. a21 = 1. 2. a2 = · · · = ad = 0. Proof. Suppose that f (x) = a1 x + · · · + ad xd is a self-invertible permutation polynomial over Zm . From Theorem 3.1, f (x) is a permutation polynomial over Zpi for all i = 1, . . . , k. Then, by Remark 3.5 it follows that the coefficients a2 , . . . , ad are divisible by pi and a1 is a unit in Zpi for all i = 1, . . . , k. Since the primes pi are distinct, it follows that each one of a2 , . . . , ad is divisible by m, hence f (x) = a1 x in Zm . Finally, since f (x) is self-invertible over Zm it follows that f (f (x)) = a21 x = x for all x ∈ Zm and therefore a21 = 1. The converse is straightforward. Theorem 4.8. Let p > 3 be a prime and n > 1. Then no cubic permutation polynomial of the form f (x) = ax + cx3 is self-invertible over Zpn . Proof. Suppose that f (x) = ax + cx3 is a self-invertible cubic permutation polynomial over Zpn . Then, g(x) = f 2 (x) − x = (a2 − 1)x + ac(1 + a2 )x3 + 3a2 c2 x5 + 3ac3 x7 + c4 x9 = 0 for all x ∈ Zpn . By evaluating g(x) at x = pm with 3m ≥ n and n − m ≥ 1 we have p|a2 − 1. Moreover, g(1) = (a2 − 1) + ac(1 + a2 ) + 3a2 c2 + 3ac3 + c4 = 0, g(2) = (a2 − 1) + 4ac(1 + a2 ) + 48a2 c2 + 192ac3 + 256c4 = 0. 2 Subtracting these relations we obtain, c(3a(1 + a2 ) + 45a2 c + 189ac2 + 255c3 ) = 0. Since f (x) is a permutation polynomial over Zpn , by Remark 3.5 we have p | c and p  a. Thus, p ≤ gcd(c, pn ) < pn and then p | a2 + 1. Since we also have p | a2 − 1, it follows that p | a, a contradiction.

Self-invertible permutation polynomials

1153

References [1] G. Bini and F. Flamini, Finite commutative rings and their applications, Kluwer Academic Publishers, 2002. [2] J. Daemen and V. Rijmen, The Designs of Rinjdael. AES The Advanced Encryption Standard, Information Security and Cryptography, Springer Verlag, 2002. [3] S.Li, Permutation Polynomials http://arxiv.org/abs/math/0509523v6.

modulo

m,

[4] R. Lidl and H. Niederreiter, Finite Fields, Cambridge University Press, 2nd. ed., (1997). [5] R. Lidl and G.L. Mullen, When does a Polynomial over a Finite Field Permute the Elements of the Field? (II), The American Math. Monthly, 100 (1993), 71-74. [6] 3GPP TSG RAN WG1 # 48, (2007). [7] A.J. Menezes, P.C., van Oosrchot,, S.A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996. [8] J. Ryu and Y.O. Takeshita, On Quadratic Inverses for Quadratic Permutation Polynomials over Integer Rings, arXiv:cs/0511060v1 [cs.IT], 16 Nov., (2005). [9] J. Sun and Y.O. Takeshita, Interleavers for turbo codes using PPs over integer rings, IEEE Trans. Inf. Theory, 51 (2005), 101-119. [10] Y.O. Takeshita, Permutation Polynomials Interleavers: An AlgebraicGeometric Perspective, IEEE Trans. Inf. Theory, 53 (2007), 2116-3132. [11] H. Tapia-Recillas, Remarks on Self-Inverse Quadratic Permutation Polynomials, Int. J. Algebra, Vol. 4, 2010, no. 19, 931-938. Received: May, 2011