STEPHEN D. COHEN Department of Mathematics, University of Glasgow,. Glasgow, G12 8QW, Scotland. 1. ... In 1968, Davenport [13] realised a complete. 43 ...
Primitive Elements and Polynomials: Existence Results
STEP HEN D. COHEN Department of Mathematics, University of Glasgow, Glasgow, G12 8QW, Scotland.
1.
INTRODUCTION
The theme underlying existence of primitive degree
n over IF
for all (Here IF of
q q (and n) except those in a small, precisely identifiable denotes the finite field of order q). By means of the powerful
q character
properties
this paper is the exposure of properties involving the elements of IF (or IF n) or primitive polynomials of q q which hold for virtually all q (and n, if appropriate), i.e.
sums,
it
is
fairly
clear
we have in mind hold whenever
(in
principle
at
least)
that
set. tool the
q (or qn) > Q, say, where often, fairly
directly, an explicit value (such as 1018) can be assigned to Q. But, inevitably, the property will hold for many smaller values too: our task is to identify the set of genuine exceptions (if any). Naturally a complete answer has aesthetic merit and that is motivation enough. Yet it might be of practical value also. For a practitioner, whether a theorist considering an arbitrary field or an applied worker calculating in his favourite finite field (which might have order around 103 or 106, say) has the assurance that the field does possess primitive elements with the desired properties (which he may then try to find, if necessary). There is also a historical perspective which we can illustrate by the question of whether there exists a primitive normal basis of IF n over IF , i. e. q q n-l
a basis of the form (or generator existence
{y,yq, ... ,yq
of the cyclic
of a primitive
group
normal
} in which y is a primitive IF *n
). (An equivalent q polynomial P of degree
element
question n over
asks IF
q
of IF n q for the
: thus the
roots of P form a primitive normal basis and P is automatically irreducible over IF). In 1952, Carlitz [1], [2] demonstrated the existence of a primitive q normal basis for sufficiently large (but unspecified) qn; he might well have been able to produce an explicit lower bound but such, perhaps, might have seemed less important at the time. In 1968, Davenport [13] realised a complete
43
Cohen
44
answer was attainable (at least for prime q) with some calculation and direct verification in a few fields. Lenstra and Schoof [21] in 1987 streamlined the method and showed that it applied to all q and n. They eliminated the need for direct verification in any field; nevertheless considerable calculation was involved because the character sum argument of Carlitz on which their working remained based is most effective asymptotically. An additional idea, an elementary type of sieve, which features in the present paper, renders the character sum estimates more suitable for smaller values of qn. A few remarks on this modification occur in Section 6. A stimulus for definite and, if possible, complete answers to an existence problem was given by some conjectures of Golomb [15] in 1984 who, for the purpose of the construction of Costas arrays (useful for radar) postulated that an element of IF could virtually always be expressed as the sum of two q (Conjectures A;....C of [15]). All these conjectures can be primitive elements. included in a more general one we shall refer to as Conjecture G which asserts that for virtually all q, given arbitrary a, p*"O in IF, there exists a q pnmitrve element )I for which a)l + P is also a primitive element. Independently, a number of workers produced papers such as [29], [32], [20] (these are just a sample) in which some aspect of Conjecture G was treated by character sums. The outcomes were consistent: Conjecture G holds if q> w4(q - 1), w
where W(m)=2 (m) number of distinct
is the number prime factors
(1.1)
of square-free divisors of m, w(m) being the of m. Now (1.1) is bound to be true if 60
w(q - 1);a: 16, hence the conjecture is valid for q > 2 = 1.16 X 1018• In one instance, Moreno and Sotero [26] used extensive and exhaustive computation to check directly that 1 is the sum of two primitive elements (Conjecture A of [15]) for the remaining fields (with q > 2) for which (1.1) is false. But clearly there is no hope of establishing more general results (such as Conjecture G) without further theoretical input tailored particularly to smaller values of q. The idea of using a sieve for the purpose just mentioned occurs in rudimentary and implicit form in papers of Vegh [30], [31] and Giudici and Margaglio [14]. More elaborate ones (still not in the best formulations available) are found in [23], [24] (by Madden and Ve lez). None of these items use character sums (though Madden and Ve lez employ some deep algebraic number theory). Yet, as the author would claim by virtue of several applications [4]-[11], it is the alliance of careful character sum analysis with a sieve which is most telling for smaller values of q (and n). By these means a lower bound for the cardinality of the set of primitive elements with the desired property is obtained. It may not be good asymptotically but may often be more readily proved positive than one which is asymptotically virtuous. Most of the details which follow attend the "sieve + character sum" technique applied to Conjecture G, accomplishing, incidentally, stronger results than those previously announced in [12] and bringing the whole problem closer to computable range. That stage has not been reached yet but we note the following achievements. Conjecture G holds for even q (> 4), [7] (slightly extended). For all q ,*2, 3, 7, IF contains a pair of consecutive primitive elements )I, q )I + 1, [6]-[8]. For q> 3, each of ± 1 is the sum of two primitive elements of IF (Conjectures q A and B of [15]), [12]. Also from the ideas of this paper, it might be practical to complete the proof of Conjecture C of [15], that every element P of IF is the sum of two
q
1-
Primitive Elements and Polynomials
45
primitive elements, along with the companion result (which is nevertheless distinct for q - 3 (mod 4), that P is the difference of two primitive elements. We also summarise some other applications of the method and indicate some of the most likely problems which might be candidates for similar treatment.
CONJECTURE G
2.
a,p of IF . Our aim is to show that N, the q number of { for which both { and a{ + P are primitive elements, is positive. For any divisors el' e2 of q - 1 introduce the subset T(e , e2) of IFq
We are
given
non-zero
defined
as the
elements
l
power kind
nor a{ of
eth
N(e , e )
be
1
2
-pIa)
set of {(:~O,
for
which
neither
{ is any
kind
of elth
+P
any kind of e th power in IF . (By saying that { is not any 2 q power, we mean that {=,tl, JEIF , die only if d = 1). Let q the cardinality of T(e , e ). Of course, N = N(q - 1, q - 1) but 1
2
rather than estimate this quantity directly, it is advantageous to below by other values of the function; in other words we define process. Now suppose e11e21q-1. Since, trivially, T(e1, q-l)~T(el' e ) then 2
bound it a sieving
(2.1) where
n T(q-l,
1)
T(e , q1
e
1, q- 1)
) = T(q-
1
and T(e , e ) () T(e , 1
Thus, by considering sieve inequality N 2: N(e , 1
the
q - 1)
2
2
cardinalities
+ N(q
Actually, (2.2) is a more in this problem, for example,
l
of
= T(e , e )· 2
each
- 1, et) - N(e , l
2
side
of
(2.1),
we
e ) - N(e ,
e)
+ N(e2,
e ).
2
l
2
derive
the (2.2)
2
flexible development of the sieves used previously in [12], where we took e = e = e yielding 1
N 2: N(e, q - 1)
the
e)
+
2
N(q - 1, e) - N(e, e).
(2.3)
The next stage is to estimate the quantities appearing in (2.2). Begin with valuable expression (derived from the classical one of Vinogradov) for the.
characteristic
function
of
the
subset
are not any kind
of eth power
all
characters
multiplicati v e
stands order Mobius,
(e
of
Iq -
IF *
q
1) as
compri s ing 6(e)I(x)x({),
e
those
a weighted
X of IF of orders dividing q I (the last sum being over all die I2l(d)x(modd) d) and .p, J.l are the classical functions respectively. Further 6(e) denotes .p(e)le whence
for I
elements
J.l(d)
e in .p(d)
which
sum over
which characters
of 6(e) =
I(x)
e
of
Euler and n (p - l)lp,
pie the product being over all prime divisors p of e. Then, easily N(e , 1
e ) = 2
6 6 I 1 2
et
(x)I
('1)x(-lIa)(x'1){P)
e2
J(x,
11),
(2.4)
46
Cohen
where
=
()j
B(e ),
j
j
= 1, 2 and lex, '1) = I
XW'1(1 - ~)
~EIF
is the standard Jacobi sum. Now, ,of course, if X = X
o'
q
'1 = '10
are
principal
characters
(with
order
1
and satisfying Xo(O) = '10(0) = 0), then lex while, if X = X
o
or '1 = '1
0
= q - 2,
0 , '1 ) 0
or X'1 = Xo but X and '1 are not both principal, '1) = -1.
lex,
Thus, as in [6], Theorem 2.7, in an abbreviated are as in (2.4), N(e , e ) = () () I 12 12e(>I) (X)
indicates
notation in which the summands
('1)
e 2 (>
1
I
where
I
(X)
then (2.5)
(2.6)
1)
that the principal
character
e (>I) 1
P
is I if
is not any kind of e th power (e th power), respectively.
(-pIa)
A more principal is
2
general
estimate
for
1
a Jacobi
Ilex,
sum
when
X
and' '1 are
not
'1)Is.vq.
both (2.7)
In fact, equality holds in (2.7) unless (2.5) is valid. We shall use (2.7) to estimate all Jacobi sums on the right side of (2.2) when each term is expressed in the form (2.6). Although there would be minor savings to be gained by using (2.5) instead of (2.7) whenever '1 = X -1, we content ourselves with the observation that these at least would outweigh the influences of the a's arising from (2.6) in any application we make and therefore we ignore the 8
latter. (In any case, for fields of order about 10, say, these effects, when aggregated properly, are tiny). With this in mind and retaining an abbreviated notation
in which
I e
2
but
exceeding
e
1
(
are
and (2.6) that N ~ (()
(X) >e )
mean s that
only characters
of order
dividing
e
2
1
involved,
etc.,
and
() = ()(q - 1),
we deduce
from
(2.2)
[
e - e () +.! 8 2)
2q
11222
+
I e(>I)
(X)
1
+
()1() [
I (X) e (>I) 1
+ .! () 2 [ 22
I (X) e (>I) 2
2
I ('1) e (>e ) 2
+
I ('1) q-l(>e )
1
+
I (X) q-l(>e ) 2
I (X) e (>e ) 2
1
I ('1)] e (>I)
I ('1)] e (>I)
1
2
a subtler approach offset each other,
I
I
in which some of using simply the
(2.8)
2
Because (behind the notation) the Mobius function is lurking, Jacobi sums in, say, the first double sum of (2.8) we need (2.7) is (W - 1)(W - 1), where W. = W(e.), i = 1, 2. While contemplate conceivably
1
the number of to estimate by we shall later
the Jacobi sums triangle inequality
may we
47
Primitive Elements and Polynomials conclude that (2.8) implies that N ~
(2() () - 2() ()
1
12
- (2() 1()(W1 where
+ () 2)(q -
(W - 1)(W - 1)lq) 1 2
2
+ () \W
1)(W - W) 2 It
W = W(q - 1).
- W)(W
2212
follows
from
(2.9)
(2.9)
- 1»)lq, N
that
is
positive
provided
()
8>()2(1-
2():J >0 and ()2 2
(W -1)(W-W 1
2
)
+
(W -1)(W 2
2
-W)
2()
1
Iq >
()
+ (W
1
1
- 1)(W - 1). 2
(2.10)
~J }
1 _ { ., [ 1 :
For comparison purposes note that when e 1 = e2 then (2. 10) becomes
Iq
(W -1)(W-W)
>
1
+
1
(W
1)2,
_ 1
(»~
and, in particular,
1
2
2
(2.12)
1) ,
which, of course, is derivable without the sieve at all. As mentioned in the introduction, it follows from
(2.12)
that
Conjecture
G
60
whenever w = w(q - 1) > 15 or q> 2 . To apply (2.10), it is vital that e2 are selected in order that p, the main denominator of (2.10), is
positive. Very roughly, p-1W1W,
(2.11)
r
2() when e = e = q - 1, it is Iq>(W-
is true eland
() 2
() 1
when all is under
in comparison
1/8, say, for p
with the
W
control,
the right
side of (2.10) is around
from (2.12). If we could achieve a value of
for a choice of e
1
with w(e
)
1
= 2,
then this would imply that
(2.12) is a manifold improvement on (2.10) for values of w~8, say. We pu; in some numerical values to show that this promise can be fulftlled. It suffices to investigate the most delicate cases when () is relatively small, i.e. q - 1 is divisible by the smallest primes 2, 3, 5, 7, 11, . . . . Put another way, if this is not the case the working becomes easier. Suppose therefore that q-l (mod 210) and take e = 6, e = 210. Then 1
()1
=
1/3, ()2
=
2
8/35 and N is positive provided 3(W-
+
16)
14.11
e Iq > --------
+ 45.
(2.13)
1_°·15
e Clearly,
for
(2.13)
to
be
operative
8>0.15
is
a requirement.
Next,
increase
Cohen
48 w(e ) 2
to
5
by
setting
q-1 (mod 2310)). Then 8
2
e
2
= 2310
but
retain
= 6.
e
1
= 16/77 and N is positive if 8>0.143
3(W-
+
32)
(This
assumes
and
56.22 8
+
-Iq > --------
(2.14)
93.
1 _ O. 143 When simply q-1
8 (mod 30) the choice e = e = 30 used in [12] ensures that N>O 1
2
whenever 8> 0.133 and
-Iq >
7 (W 1-
8)
-
+ 49.
(2.15)
0.133 8
In fact, (2.15) is a stronger formulation of the inequality derived through this sieve in [12]. With its aid Conjecture G can be validated for 10sws 15. Actually (2.13) and (2.14) represent intermediate stages between (2.15) and the corresponding inequality obtained when e = e = 6, 8> 1/6. To demonstrate 1
2
how they function, take (}) = 9, W = 512. Then 8>0.16358 (the .r;ninimum occurring when all primes up to 23 are divisors of q - 1, which might happen) and, by (2.14), N> 0 if 2 ilj
q > [1440 + 340 + 93] 0.1257 which is bound to be the case. Now suppose conclude that N is positive provided q > [672 + 329 0.1637 When
(}) = 7,
(2.13)
+
eo
8
= 2.04x 10
= 8,
W = 256 and 8>0.171.
93]2 = 3.854x 107•
can be used to guarantee
an affirmative
I
We
'
answer
whenever
6
q > 6.23 X 10 , and so on. The outcome is that around a thousand fields remain for direct verification. For a given pair (a, P) this can be done even for the largest of these fields; what prevents completion is that checking has to be carried out for each pair. As hinted at earlier, in deriving (2.10) from (2.9) no allowance was made for any cancellative effect there might be amongst the constituent weighted Jacobi sums which would reduce the initial constant 3 in the numerators of (2.13) and (2.14) to k < 3. That there can be some which is measurable can be seen from the author's efforts on Conjectures A and B and the problem of consecutive primitive elements [7], [8], [12] in which values of k: such as 5/2, 2 or 5/4 were licensed. The two sources of these reductions (which have potential in the general case too - it is simply a case of assessing their influence) are as follows. First, because J(x, 'l) = J('l, X), by aggregating the central pair of double sums in (2.8), we obtain a reduction in k providing we can estimate
I
(X)
e 1 ( > I)
I ('l) "' XC-a) - 'l(-a) q-l (> e2)
,
non-trivially.
Of course
this
is impossible if a = -1 (which explains why Conjectures A and C, regarding sums of primitive elements, are, in a sense, more liable to have exceptions) but, in principle, could be achieved otherwise. The other reason, more subtle, is based on the identity
49
Primitive Elements and Polynomials Jex, TT)= X(-I)Jex, Write
a
typical
Jacobi
I
Jex- , Xi TT) where
sum
appearing
X has order
d,
X
in
-I
one
a divisor
-I
TT ).
of
of
the
same
double
TT has order
el'
sums
as
a divisor
of
q-l but prime to d and Isisd. If we take into account the first effect too, we can associate with this Jacobi sum a coefficient of the form e(i)exi-1TT)(p)[x(-a)
+
e(d
+
+
£iTT-l(_a»)
1- i)x(-I)exi-1TT-l)(p)
+
[x(-a)
exi-1TT)(_a»),
where e(i) = p«d, i»tfJ«d, i». The idea is to estimate (weighted) sums. of the absolute values of such coefficients over i, X, TT, as appropriate, non-trivially. We note here that when q-3 (mod 4) and a = 1 (thus we are considering expressing an arbitrary P as the difference of two primitive elements) then the first of the above simplifications is effective in reducing k to 3/2; indeed it halves the right side of (2.3), with the consequence that this case of Conjecture G holds whenever eo ~ 8 or q> 1.58 X 106. This offers a real prospect of completion through computation. We note finally that there is numerical evidence [3] to suggest Conjecture G holds for all but nine odd prime fields, the largest being If so, failure occurs only in fields in which some element two primitive elements, i.e. Conjecture C fails too.
3.
that IF
61
.
is not the sum of
PRIMITIVE VALUES OF QUADRATIC POLYNOMIALS
Until Conjecture G, postulating the existence of a primitive value fly) of a linear polynomial f at a primitive element y is fully settled, it would be unreasonable to expect a complete answer to the corresponding question when
f( *" Cf12)
is
an
arbitrary
quadratic
polynomial.
Nevertheless
because
numerical
results have been obtained without a sieve which can be bettered with its use, it is worth reporting some details. Moreover, it is quite reasonable to expect that certain specific cases could be wholly resolved with the aid of computation. We note here that in the general case Han [16] and Chou, Mullen, Shiue and Sun [3] guaranteed the existence of a pair of primitive elements as 62
required when eo [ = w(q - 1») ~ 16 or q> 2
18
= 4.61 X 10
.
For this problem the sieve inequality (2.2) remains intact. In the of (2.4) the summands are more general character sums of the form sex, TT)=
I 0 (where p is the denominator of (2.10), as before) then N is positive whenever
Yq > ~ P -I [(4W1
- 3)(W - W ) 2
+
+ !. (4W where a For
the
2310».
=
21212
2
6 /26
+
W - 3W - 3W
2),
(3.3)
6.
2
most
(4W2 - 3)(W2 - wl)a]
1
critical
application
take
el = 6,
e
2
= 2310
(assuming
q-l (mod
By (3.3), N>O provided 6.5(W - 32)
+
113.4 8
+
Yq > --------
203,
8>0.143.
1 __0 ._1_4_3 6 This must be so if «o = 10 and even if eo = 9 it yields success if q> 109• Thus 9
it remains to investigate fields for which w~9 and q< 10 . (In fact, according to numerical .evidence in [3] just 24 fields of odd order are likely to be true exceptions, the largest being IF211)' As mentioned above for a specific quadratic, one might hope to obtain a complete solution. For example, as a variation of the problem of consecutive primitive elements, there is the question (for odd q) of whether there exists a primitive element )' such that )' + 1 is the square of a primitive element. Here we can assume q -1 (mod 4) (in which case the density of the squares of primitive
elements
is
to a linear one. exist a pair of exist
