On classical Kloosterman sums V. A. Zinoviev Harkevich Institute - - PowerPoint PPT Presentation

On classical Kloosterman sums

On classical Kloosterman sums

• V. A. Zinoviev

Harkevich Institute for Problems of Information Transmission, Moscow, Russia

International Workshop ”Mathematical Methods for Cryptography.” Dedicated to Tor Helleseth’s 70th birthday. Svolvaer-Lofoten, Norway, 4 - 8 September, 2017

MMC-2017. Svolvaer-Lofoten, Norway. 1 / 178

On classical Kloosterman sums

Outline

1

Summary

2

Introduction

3

Multiple (or n-dimensional, or hyper) Kloosterman sums

4

Distinctness of Kloosterman sums

5

Kloosterman sums and finite field extensions

6

Upper bounds for Kloosterman sums

7

Integer values of Kloosterman sums

MMC-2017. Svolvaer-Lofoten, Norway. 2 / 178

On classical Kloosterman sums

Outline

8

Kloosterman sums and binary codes

9

Kloosterman sums and bent and hyperbent functions

10 The moments of Kloosterman sums 11 Identities for Kloosterman sums

MMC-2017. Svolvaer-Lofoten, Norway. 3 / 178

On classical Kloosterman sums

Outline

12 Kloosterman sums; p = 2

Divisibllity by 3. Divisibllity by 4. Divisibllity by 8 Divisibllity by 16 Kloosterman sums modulo 16 Kloosterman sums modulo 24 Kloosterman sums modulo 48 Kloosterman sums modulo 64

13 On Kloosterman sums and elliptic

curves

MMC-2017. Svolvaer-Lofoten, Norway. 4 / 178

On classical Kloosterman sums

Outline

14 Divisibllity by 2k 15 Kloosterman sums; p = 3 16 On spectrum of values of

Kloosterman sums

17 Kloosterman sums over integers

MMC-2017. Svolvaer-Lofoten, Norway. 5 / 178

On classical Kloosterman sums Summary

Summary

It is a survey on Kloosterman sums. We consider known results on classical Kloosterman sums, i.e. Kloosterman sums ove finite fields Fq of order q = pm, p ≥ 2 is prime.

MMC-2017. Svolvaer-Lofoten, Norway. 6 / 178

On classical Kloosterman sums Introduction

Introduction

Let F = Fq be a field, q = pm and let F∗ = F \ {0}. Let µ(x) = exp(2πiTr(x) p ), x ∈ F, be an additive nontrivial character of F and where Tr(x) is the trace function from F into Fp. The sums K∗(a) =

• x∈F∗

µ(x + a x), and K(a) =

• x∈F

µ(x + a x), a ∈ F∗, are called the Kloosterman sums, introduced by Kloosterman H. D. in 1926. Recall that under x−i we understand xpm−1−i, avoiding by this way a division into 0.

MMC-2017. Svolvaer-Lofoten, Norway. 7 / 178

On classical Kloosterman sums Multiple (or n-dimensional, or hyper) Kloosterman sums

Multiple Kloosterman sums

Multiple (or n-dimensional, or hyper) Kloosterman sums were introduced by Mordell [M.,1963]: K∗

n(a1, . . . , an, b)) =

• x1,...,xn∈F∗

µ

• a1x1 + · · · + anxn +

b x1 · · · xn

• ,

where a1, . . . , an, b ∈ F∗

• q. In the most cases the following sums

were considered (i.e. when a1 = · · · = an = 1): K∗

n(a) =

• x1,...,xn∈F∗

µ

• x1 + · · · + xn +

a x1 · · · xn

• MMC-2017. Svolvaer-Lofoten, Norway.

8 / 178

On classical Kloosterman sums Distinctness of Kloosterman sums

Distinctness of Kloosterman sums

Denote by K∗

n(q, a) the n-dimensional Kloosterman sum:

K∗

n(q, a) =

• xi∈F∗

q

µ

• x1 + · · · + xn +

a x1 · · · xn

• .

Fisher (1992) showed that if p > (2(n + 1)2m + 1)2 where q = pm then the q − 1 Kloosterman sums K∗

n(q, a) are distinct up to the

action of Gal(F/Fp); namely, if K∗

n(q, a) = K∗ n(q, b), then a and b

are conjugates, i.e. a = bpj for some j. Calculations (Fisher, 1992) show that the bound p > (2(n + 1)2m + 1)2 is too restrictive.

MMC-2017. Svolvaer-Lofoten, Norway. 9 / 178

On classical Kloosterman sums Distinctness of Kloosterman sums

Distinctness of Kloosterman sums

Conjecture 1. (referee of [Fisher 1992]) If p ≥ m(n + 1), then the (q − 1) Kloosterman sums K∗

n(q, a) are distinct up to the action of

Gal(F/Fp); i.e., if K∗

n(q, a) = K∗ n(q, b), then a = bpj for some

integer j.

MMC-2017. Svolvaer-Lofoten, Norway. 10 / 178

On classical Kloosterman sums Distinctness of Kloosterman sums

Distinctness of Kloosterman sums

The following result was proved by Wan in 1995. Define a sequence of numbers Nk(n), k = 1, 2, . . ., by Nk(n) =

k

• s=1

(−1)s−1 s

• k1+···+ks=k
• k

k1, . . . , ks n+1 Theorem 1. [Wan, 1995] Assume that p ≥ (m − 1)(n + 1) + 2 and p does not divide any of the m integers N1(n), . . . , Nm(n). If a and b are two elements of F∗ such that K∗

n(q, a) = K∗ n(q, b) then we have

a = bpj for some integer j.

MMC-2017. Svolvaer-Lofoten, Norway. 11 / 178

On classical Kloosterman sums Kloosterman sums and finite field extensions

Finite field extensions

Let µ be a nontrivial additive character of F = Fq, let a, b ∈ F and K∗

q (µ; a, b) =

• x∈F∗

µ(ax + b x) [Carlitz, 1969]: Let a, b ∈ F, such that ab = 0. Let K = K∗

q (µ; a, b). Let s be any natural number and let µ(s) be a

lifting of µ to the field Fqs. Then the Kloosterman sum K∗

qs(µ(s); a, b) looks as

K∗

qs(µ(s); a, b) = ⌊s/2⌋

• j=0

(− 1)s−j−1 s s − j s − j j

• qjKs−2j.

MMC-2017. Svolvaer-Lofoten, Norway. 12 / 178

On classical Kloosterman sums Kloosterman sums and finite field extensions

Finite field extensions

In terms of Dickson polynomials Dk(x, a), Dk(x, a) =

⌊k/2⌋

• j=0

k k − j k − j j

• (− a)jxk−2j,

the expression above can be written in the following way [Carlitz, 1969]: K∗

qs(µ(s); a, b) = − Ds(− K, q) = (− 1)s−1Ds(K, q)

MMC-2017. Svolvaer-Lofoten, Norway. 13 / 178

On classical Kloosterman sums Kloosterman sums and finite field extensions

Finite field extensions

Another explicit formula is [Carlitz (1969)] K∗

qs(a) = − (αs + βs),

where α, β are the roots of z2 + K∗

q (a)z + q = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 14 / 178

On classical Kloosterman sums Kloosterman sums and finite field extensions

Finite field extensions

For Kloosterman sums K(s) = K∗(µ(s); a, b) the following recurrent relation holds which directly follows from the expression above Theorem 2. Let K(i) = K∗

qi(µ(i); a, b) where a, b ∈ Fq. Then for any ≥ 2

K(s) = − K(s−1)K − K(s−2)q, where K(0) = − 2, and K(1) = K∗

q (µ; a, b)

MMC-2017. Svolvaer-Lofoten, Norway. 15 / 178

On classical Kloosterman sums Upper bounds for Kloosterman sums

Upper bounds

Let F = Fq and K∗(a) =

• x∈F∗

µ(x + a x) then the Weil upper bound states that |K∗(a)| ≤ 2 · q1/2.

MMC-2017. Svolvaer-Lofoten, Norway. 16 / 178

On classical Kloosterman sums Upper bounds for Kloosterman sums

Upper bounds

For the case when q is a prime number, Mordell ([M, 1963] (see also [Carlitz, 1965]) proved for n-dimensional Kloosterman sum that |K∗

n(a1, . . . , an, b))| ≤ q(n+1)/2.

The final bound for this case was established by Deligne [D, 1977]: |K∗

n(a1, . . . , an, b))| ≤ (n + 1)qn/2.

MMC-2017. Svolvaer-Lofoten, Norway. 17 / 178

On classical Kloosterman sums Integer values of Kloosterman sums

Integer values

Let a ∈ F∗

q, where q = pm. Let

Kq(a) =

• x∈Fq

µ

• x + a

x

• .

Theorem 3. [Kononen, Rinta-aho, V¨ a¨ an¨ anen, 2010] Let p > 3, a ∈ F∗

q and

Kq(a) ∈ Z. Then Kq(a) ≡ p (mod 2p).

MMC-2017. Svolvaer-Lofoten, Norway. 18 / 178

On classical Kloosterman sums Integer values of Kloosterman sums

Integer values

It is well known that the integer values satisfy Kq(a) ≡ 0 (mod p). Hence, Theorem 3 implies the following result Corollary 4. [Kononen, Rinta-aho, V¨ a¨ an¨ anen, 2010] There are no Kloosterman zeroes if p > 3.

MMC-2017. Svolvaer-Lofoten, Norway. 19 / 178

On classical Kloosterman sums Integer values of Kloosterman sums

Integer values

It answers the question of Helleseth and Kholosha [H-K, 2006] on Dillon type bent functions as follows. Corollary 5. [K-R-V, 2010] Let q = p2m with p > 3. Then, for any positive integer t satisfying gcd(t, pm + 1) = 1 and for any a ∈ F∗

q, the

function f : Fq → Fp, f(x) = Tr(axt(pm−1)) is not bent.

MMC-2017. Svolvaer-Lofoten, Norway. 20 / 178

On classical Kloosterman sums Integer values of Kloosterman sums

Theorem 6. [K-R-V, 2010] Assume that a ∈ Fq. Then Kqs(a) ∈ Z if and only if Kq(a) ∈ Z. Theorem 7. [K-R-V, 2010] If p > 3 and a ∈ F∗

p, then Kq(a) ∈ Z.

For q = 52 there are 4 elements α3, α9, α15, α21 of F52 giving integer values. For q = 53 there are 6 such elements of F53 [K-R-V, 2010]. If the mentioned above conjecture (of referee) is true then the fields Fpm for which p > 2m + 1 do not have any elements a = 0 such that Kpm(a) ∈ Z.

MMC-2017. Svolvaer-Lofoten, Norway. 21 / 178

On classical Kloosterman sums Kloosterman sums and binary codes

Sums and codes

Let α be a primitive root of the field F2m and β be a primitive (2m + 1)th root of unity in F22m. The Melas code M(α) is the binary cyclic code of length 2m − 1 generated by mα(x)mα−1(x) and the Zetterberg code Z(β) (introduced in [Ding-Helleseth-Niederreiter-Xing, 2002]) is the binary cyclic code

• f length 2m + 1 generated by mβ(x) (here we denote by mγ the

minimal polynomial of γ over F2).

MMC-2017. Svolvaer-Lofoten, Norway. 22 / 178

On classical Kloosterman sums Kloosterman sums and binary codes

Sums and codes

Dlllon [D, 1975] remarks a connection between the weights of the

• rthogonal M(α)⊥ of the Melas code M(α) and the weights of

the orthogonal N(β)⊥ of the Zetterberg code N(β) involving the Kloosterman sums. Remijn and Tiersma [R-T, 1988] connected weight distributions of cyclic codes M(α)⊥ and Z(β)⊥ dual to M(α) and Z(β), respectively, with Kloosterman sums.

MMC-2017. Svolvaer-Lofoten, Norway. 23 / 178

On classical Kloosterman sums Kloosterman sums and binary codes

Theorem 8. [Lachaud-Wolfmann, 1990] (1) The weights of the nonzero words

• f the orthogonal M(α)⊥ of the Melas code M(α) are the even

integers w such that

• w − 2m − 1

2

• ≤ 2m/2 .

(2) The weights of the nonzero words of the orthogonal N(β)⊥ of the Zetterberg code N(β) are the even integers w such that

• w − 2m + 1

2

• ≤ 2m/2 .

MMC-2017. Svolvaer-Lofoten, Norway. 24 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Sums and bent and hyperbent functions

A Boolean function is any function from F2m (or from (F2)m) to

• F2. The Hadamard transform of a Boolean function f is defined as

ˆ f(a) =

• x∈F2m

(− 1)f(x)+Tr(ax) where a ∈ F2m. A Boolean function f is called bent if | ˆ f(a)| = 2m/2 for all a ∈ F2m. Bent functions have the highest possible Hamming distance to the set of all affine linear Boolean functions Tr(ax) + e, a ∈ F2m, e ∈ F2.

MMC-2017. Svolvaer-Lofoten, Norway. 25 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Sums and bent and hyperbent functions

The extended Hadamard transform of f is ˆ f(a, k) =

• x∈F2m

(− 1)f(x)+Tr(axk) where a ∈ F2m and k is an integer relatively prime to 2m − 1. A Boolean function is called hyperbent if its extended Hadamard transform takes only the values ±2m/2.

MMC-2017. Svolvaer-Lofoten, Norway. 26 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Sums and bent and hyperbent functions

The remarkable result of Dillon [D., 1975] is the following one. Theorem 9. [Dillon, 1975] Let m = 2s. The Boolean function from F2m to F2 defined as fλ(x) = Tr(λx2s−1), λ ∈ F∗

2m,

is bent if and only if K2m(λ) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 27 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Leander [L, 2006] presented the alternative proof to the result above based on Kloosterman sums. Charpin and Gong [C.-G., 2008] extended this result for hyperbent functions. Theorem 10. [Charpin-Gong, 2008] Let m = 2s. The Boolean function fλ from F2m to F2 defined as fλ(x) = Tr(λx2s−1), ; λ ∈ F∗

2m,

is hyperbent if and only if K2m(λ) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 28 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Sums and bent and hyperbent functions

It is interesting that not only zeroes of Kloosterman sums imply bent and hyperbent functions. Mesnager in 2009 (see reference in [M.,2011]) found that value 4 of binary Kloosterman sum also gives bent and hyperbent functions. For the case m = 2s, let F4 ⊂ F2m and let a ∈ F∗

2m and b ∈ F4.

Define a Boolean function fa,b(x) = Tr(ax2s−1) + Tr(2)(bx(2m−1)/3), (1) where Tr(2) denote here the trace from F4 to F2.

MMC-2017. Svolvaer-Lofoten, Norway. 29 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions

Sums and bent and hyperbent functions

Using the results from [C-H-Z, 2009], Mesnager proved the following result. Theorem 11. [Mesnager, 2011] Let s > 3 be odd and m = 2s. Assume that a ∈ F∗

2s and β is a primitive element of F4, F4 ⊂ F2m. Let fa,1,

fa,β, and fa,β2 be the Boolean function of the type (1). If K2s(a) = 4, then functions fa,1, fa,β, and fa,β2 are bent while, if K2s(a) = 4, then fa,1, fa,β, and fa,β2 are not bent.

MMC-2017. Svolvaer-Lofoten, Norway. 30 / 178

On classical Kloosterman sums The moments of Kloosterman sums

The moments

For the Kloosterman sum K(a) over Fq, q = 2m, K(a) =

• x∈Fq

µ

• x + a

x

• denote by Kh the hth moment:

Kh =

• a∈Fq

K(a)h. These moments are known for all h ≤ 10. We give first several values.

MMC-2017. Svolvaer-Lofoten, Norway. 31 / 178

On classical Kloosterman sums The moments of Kloosterman sums

1 Obviously K0 = K1 = q. 2 [Helleseth, 1976] K2 = q2. 3 [Helleseth, 1976]

K3 =    2q2, if m

• dd,

4q2, if m even,

4 [Charpin-Helleseth-Zinoviev, 2007]

K4 =    2q3 + 8q2, if m even, 2q3, if m

• dd,

MMC-2017. Svolvaer-Lofoten, Norway. 32 / 178

On classical Kloosterman sums The moments of Kloosterman sums

The moments

Moisio computed the moments Kh for h = 5, 6, 7, 8, 9, 10 [M., 2007] in order to obtain the weight distribution of Zetterberg code.

MMC-2017. Svolvaer-Lofoten, Norway. 33 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

For Kloosterman sum K(a) over Fq, q = pm we have obviously K(a) = K(ap), which was first mentioned by Carlitz [C.,1969].

MMC-2017. Svolvaer-Lofoten, Norway. 34 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities, p = 2

For the case p = 2 which we consider, the following identities are known: Theorem 12. For any a ∈ F2m (1) K(a3(a + 1)) = K(a(a + 1)3) [Helleseth-Zinoviev, 2003]; (2) K(a5(a + 1)) = K(a(a + 1)5) [Helleseth-Zinoviev, 2003]; (3) K(a8(a4 + a)) = K((a + 1)8(a4 + a)) (Hollmann-Xiang, 2004].

MMC-2017. Svolvaer-Lofoten, Norway. 35 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

The substitution a = b/(b + 1) shows that the first identity in Theorem 12 is equivalent to the identity for any a ∈ F∗

2m

(4) K

• a

(a + 1)4

• = K
• a3

(a + 1)4

• ,

which has been proved earlier for odd m in [Shin-Kumar–Helleseth, 2003] and [Shin-Sung, 2003].

MMC-2017. Svolvaer-Lofoten, Norway. 36 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

In the paper [Helleseth-Zinoviev, 2003] we proved these identities above using two following statements which have their own sense. Lemma 13. [Helleseth-Zinoviev, 2003] Let δ ∈ F2m be such that Tr(δ) = 1. Then in each of the cases ℓ = 0 and 1 the polynomial p(x) =

• 1

x2 + x + δ 2ℓ + x (2) is a permutation of F2m where m is any positive integer.

MMC-2017. Svolvaer-Lofoten, Norway. 37 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

The next theorem answers the question posed in Shin and Sung [S-S, 2003] and generalizes this to other cases. Their result corresponds to the special case ℓ = 0 and m odd. Theorem 14. [Helleseth-Zinoviev, 2003] Let f(x) and g(x) be functions from a subset D of F2m into F2m where m is any positive integer. Define the multisets f(D) = {f(x) : x ∈ D}, g(D) = {g(x) : x ∈ D}

MMC-2017. Svolvaer-Lofoten, Norway. 38 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Theorem 17

Let ℓ be an integer such that p(x) given in (2) is a permutation of

• F2m. If f(D) = g(D) and if for all x ∈ D

f(x)g(x) = (f(x) + g(x))2ℓ+1+2 (3) then K(f(a)) = K(g(a)) for all a ∈ D.

MMC-2017. Svolvaer-Lofoten, Norway. 39 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Explain shortly the approach used in the paper (Hollmann-Xiang, 2004]. For e ∈ F2 define Te = {x ∈ F2m|Tr(x) = e} and Ke(a, b) =

• x∈Te

χ(ax + b/x) For the integer c from {0, 1, . . . , 2m − 1}, let cm−1 · · · c1c0 with digits ci ∈ {0, 1} be its binary expansion. Define its reverse ˆ c = c1 · · · cm−1c0 (so that ˆ ci = c−i with indices considered modulo m) and weight w(c) =

m−1

• i=0

ci.

MMC-2017. Svolvaer-Lofoten, Norway. 40 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Given two such numbers c, d, define two polynomials Lc(x) =

m−1

• i=0

cix2i and Lc,d(x) =

• Lc(x) + Ld(1/x)

where Lc,d(0) = 0. The polynomial Lc,d(x) is called a Kloosterman polynomial on F2m if w(d) is even and Lc,d is injective on T1 (that is, if Lc,d(x) = Lc,d(y), and x, y ∈ T1, then x = y).

MMC-2017. Svolvaer-Lofoten, Norway. 41 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

Theorem 15. [Hollmann-Xiang, 2004] Let c, d ∈ {1, . . . , 2m − 1} with w(d) even. If Lc,d(x) is a Kloosterman polynomial on F2m, then K(Lˆ

c(z)L ˆ d(z)) = K((Lˆ c(z) + 1)L ˆ d(z))

for all z ∈ F2m such that Lˆ

c(z) = 0, 1.

MMC-2017. Svolvaer-Lofoten, Norway. 42 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

Theorem 16. [Hollmann-Xiang, 2004] The functions

1 L1,3(x) = x + 1 x + 1 x2 , 2 L1,6(x) = x + 1 x2 + 1 x4 , 3 L1,10(x) = x + 1 x2 + 1 x8 ,

are Kloosterman polynomials on F2m for all m, that is, they all map T1 bijectively to T1.

MMC-2017. Svolvaer-Lofoten, Norway. 43 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Identities

Theorem 12 can be reformulated as follows: Theorem 17. [Hollmann-Xiang, 2004] Let a, b ∈ F2m. We have that K(a) = K(b) in the following cases:

1 (a + b)4 = ab, 2 (a + b)6 = ab, 3 (a + b)13 = ab(a3 + b3).

MMC-2017. Svolvaer-Lofoten, Norway. 44 / 178

On classical Kloosterman sums Identities for Kloosterman sums

identities from modular curves

Kojo [K, 2002] using the known results on modulr curves obtained the following two new identities: Theorem 18. [Kojo, 2002] For any a ∈ F2m, such that a2 + a + 1 = 0, we have (5) K

• a7(a + 1)

(a2 + a + 1)4

• = K
• a(a + 1)7

(a2 + a + 1)4

• (6)

K a13(a + 1) (a2 + a + 1)4

• = K

a(a + 1)13 (a2 + a + 1)4

• MMC-2017. Svolvaer-Lofoten, Norway.

45 / 178

On classical Kloosterman sums Identities for Kloosterman sums

identities

Note that the identity (3) in Theorem 12, i.e. K(a8(a4+a)) = K((a+1)8(a4+a)), ([Hollmann−Xiang, 2004]) (4) can be obtained from the identity (1) in Theorem 12 [Lison˘ ek, 2012].

MMC-2017. Svolvaer-Lofoten, Norway. 46 / 178

On classical Kloosterman sums Identities for Kloosterman sums

Indeed, the identity (3) can be rewritten in the equivalent form as K(a9(a3 + 1)) = K(a(a + 1)9(a2 + a + 1)). (5) By letting a = b3 in K(a3(a + 1)) = K(a(a + 1)3) we obtain K(b9(b3 + 1)) = K(b3(b3 + 1)3) (6) and by letting a = c(c2 + c + 1) in K(a3(a + 1)) = K(a(a + 1)3)

• btain

K(c3(c2 + c + 1)3(c + 1)3) = K(c(c2 + c + 1)((c + 1)3)3. (7) The equality (5) now follows by combining (6) and (7)

MMC-2017. Svolvaer-Lofoten, Norway. 47 / 178

On classical Kloosterman sums Kloosterman sums; p = 2

Kloosterman sums; p = 2

Let F = Fq, where q = 2m and let µ(x) be a nontrivial additive character of F, i.e. µ(x) = (− 1)Tr(x) Define K(a) =

• x∈F

µ(x + a x), K∗(a) =

• x∈F∗

µ(x + a x), i.e. K(a) = K∗(a) + 1 for any a ∈ F.

MMC-2017. Svolvaer-Lofoten, Norway. 48 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3.

Theorem 19. [Helleseth-Zinoviev, 1999] if m is odd, then for any a ∈ F∗ K∗(a3 + a4) ≡ 3 (mod 12); if m is even, then for any a ∈ F∗ K∗(a3 + a4) ≡    7 (mod 12) if Tr(a) = 0, 11 (mod 12) if Tr(a) = 1, Garaschuk and Lisonek [G-L, 2008] proved that for odd m ≥ 3 and any a ∈ F∗, the value K∗(a) is divisible by 3 if and only if a = b4 + b3 for some b ∈ F∗.

MMC-2017. Svolvaer-Lofoten, Norway. 49 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3.

Divisibllity by 3

In [Helleseth-Zinoviev, 1999] we solved the following system of equations, defining the number of codewords of weight 4 in the coset of weight 4 in the Z4-linear Goethals codes: x + y + z + u = a u2 + (x + y)(z + u) + xy + zu = b2 x3 + y3 + z3 + u3 = c, where x, y, z and u are pairwise distinct elements of F2m.

MMC-2017. Svolvaer-Lofoten, Norway. 50 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3.

Divisibllity by 3

The number of solutions to this system µ(a, b, c) (where a = 0, b and c are arbitrary elements of F2m) equals µ(a, b, c) = 1 6(2m + (−1)Tr(b)(K(k1k2) − 3) − 8) if Tr(c) = 1 and µ(a, b, c) = 1 6(2m − (−1)Tr(b)(K(k1k2) + 3) − 2) if Tr(c) = 0. Here k1 = b2 + c + 1 and k2 = b2 + b + c + √c. Then k1k2 can be presented as ξ4 + ξ3 which gives the statement.

MMC-2017. Svolvaer-Lofoten, Norway. 51 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3.

Divisibllity by 3

In [G-L, 2008] two proofs were presented. One based on connection with elliptic curves and the second one based on counting the coset leaders for the Melas code, i.e. solving the following system of equations over F∗

2m:

u + v + w = 1

1 u + 1 v + 1 w

= r, where r ∈ F and u, v and w are pairwise dictinct elements of F∗.

MMC-2017. Svolvaer-Lofoten, Norway. 52 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4.

Divisibllity by 4

It is quite easy to see that for any a ∈ F the Kloosterman sum K(a) is divisible by 4. Recall that the elliptic curve E2(a) defined by the equation y2 + xy = x3 + a) and the Kloosterman sum K(a) over F2m with a ∈ F∗

2m are

connected as follows [Leonard-Williams, 1972]: |E2(a)| = 2m + K(a) = 2m + 1 + K∗(a).

MMC-2017. Svolvaer-Lofoten, Norway. 53 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4.

Divisibllity by 4

Honda in [H, 1968] (see also, [Waterhouse, 1969] and [Schoof, 1987]) proved that for any s in the range [− 2⌊m/2⌋+1, 2⌊m/2⌋+1], such that s ≡ − 1 (mod 4), there is a curve E2(a) (defined by the equation above) with 2m + 1 + s rational points. This means that when a runs over F the sum K(a) takes all possible values in the interval guaranted by the Weil upper bound.

MMC-2017. Svolvaer-Lofoten, Norway. 54 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4.

Divisibllity by 4

Theorem 20. [Lachaud-Wolfmann, 1990] For a given F of the order 2m, m ≥ 3, for any integer s ≡ − 1 (mod 4) in the range [− 2⌊m/2⌋+1, 2⌊m/2⌋+1] there is an element a ∈ F such that K∗(a) = s.

MMC-2017. Svolvaer-Lofoten, Norway. 55 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8

Divisibllity by 8

Theorem 21. ([van der Geer-van der Vlugt, 1991]; [Helleseth-Zinoviev, 1999]; [Charpen; see[H-Z], 1999]; [Charpen-Helleseth-Zinoviev, 2007]; [Lison˘ ek, 2008]; [G¨

• lo˘

glu-McGuire-Moloney, 2011], [Bassalygo-Zinoviev, 2011]) For any m K(a) ≡    (mod 8) if Tr(a) = 0, 4 (mod 8) if Tr(a) = 1.

MMC-2017. Svolvaer-Lofoten, Norway. 56 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8

Divisibllity by 8

In [H-Z, 1999] we solved the following system of equations over F2m (where x, y, z, u are pairwise distinct): x + y + z + u = a z2 + u2 + (x + y)(z + u) + xy + zu = b2 x3 + y3 + z3 + u3 = c.

MMC-2017. Svolvaer-Lofoten, Norway. 57 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8

Divisibllity by 8

The number of solutions to this system µ(a, b, c) (where a = 0, b and c are arbitrary elements of F2m) equals µ(a, b, c) = 2m−2 + 1 4 ×    (K(λ − 4), if Tr(λ) = 1, (K(λ − 8), if Tr(λ) = 0, where λ = b2 + b + √c + 1.

MMC-2017. Svolvaer-Lofoten, Norway. 58 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16

Divisibllity by 16

Using the theory of division polynomials for elliptic curves (namely, Lemma 7.4 in [Menezes, 1993]), Lison˘ ek [L, 2008] proved the following result. Theorem 22. [Lison˘ ek, 2008] Let m ≥ 4 and a ∈ F2m. Then K(a) over F2m is divisible by 16 if and only if a = z2 + z for some z ∈ F2m satisfying Tr(z3 + z) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 59 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16

Divisibllity by 16

Denote by N′

m the number of solutions (a, z) in F2m × F2m of the

system z2 + z = a, Tr(z3 + z) = 0, The number 2N′

m is equal to the number N′′ m of solutions (u, z) of

u2 + u = z3 + z in (F2m)2 which is known from [Stichtenoth, 1993] (see Ex. VI.1.5, page 191).

MMC-2017. Svolvaer-Lofoten, Norway. 60 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16

Divisibllity by 16

Theorem 23. [Lison˘ ek-Moisio, 2009] Let m ≥ 4. The number Nm of elements a in F2m, for which K(a) is divisible by 16 is given by Nm =                      2m−2 if m ≡ 2, 6 (mod 8), 2m−2 + 2m/2−1 if m ≡ 4 (mod 8), 2m−2 − 2m/2−1 if m ≡ 0 (mod 8), 2m−2 + 2(m+1)/2−2 if m ≡ 1, 7 (mod 8), 2m−2 − 2(m+1)/2−2 if m ≡ 3, 5 (mod 8),

MMC-2017. Svolvaer-Lofoten, Norway. 61 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 16

Sums modulo 16

Using Stickelberger theorem, G¨

• lo˘

glu, McGuire and Moloney [G-M-M, 2011]

• btained the following result. For a ∈ Fq, q = 2m, denote the

following quadratic sum: Q(a) =

• 0≤i<j≤m

a2i+2j .

MMC-2017. Svolvaer-Lofoten, Norway. 62 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 16

Sums modulo 16

Theorem 24. [G¨

• lo˘

glu-McGuire-Moloney, 2011] For a ∈ Fq, q = 2m, K(a) ≡                (mod 16) if Tr(a) = 0 and Q(a) = 0, 4 (mod 16) if Tr(a) = 1 and Q(a) = 1, 8 (mod 16) if Tr(a) = 0 and Q(a) = 1, 12 (mod 16) if Tr(a) = 1 and Q(a) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 63 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

First we define two exponential sums. Let F = Fq, q = 2m. The cubic sums are: C(b) =

• x∈F

µ(x3 + b x), b ∈ F. The inverse cubic sums are: G(a) =

• x∈F

µ( a x3 + ax), a ∈ F∗.

MMC-2017. Svolvaer-Lofoten, Norway. 64 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

Denote by B the binary BCH code of length n = 2m, m odd and m ≥ 5, with minimal distance 8. Finding the number of words of weight 4 in a coset of weight 4 of B needs to solve the following system of equations over F : x + y + z + u = a x3 + y3 + z3 + u3 = b x5 + y5 + z5 + u5 = c          (8)

MMC-2017. Svolvaer-Lofoten, Norway. 65 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

Here x, y, z and u are pairwise distinct elements of F and a, b, c ∈ F are fixed. Let µ(a, b, c) be the number of different such 4-tuples (x, y, z, u) which are solutions to the system (8). Assume that a = 0. Then there are ǫ ∈ {0, 1} and η ∈ F such that µ(a, b, c) = µ (1, ǫ, η). To be more precise ǫ = Tr b a3

• and

η = c a5 + b2 a6 + b a3 are uniquely defined [Charpin-Helleseth-Zinoviev, 2007].

MMC-2017. Svolvaer-Lofoten, Norway. 66 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

Theorem 25. [Charpin-Helleseth-Zinoviev, 2007] Let µ (1, ǫ, η), ǫ ∈ {0, 1} and η ∈ F, be as defined above. Then the number µ (1, ǫ, η) is even and can be expressed as follows: for η = 1 24 × µ (1, ǫ, η) = 2m − 8(1 + (−1)ǫ+1) + 3 · G(η + 1) + (−1)ǫ+1 · 2 ·

• K(η + 1) + C((η + 1)1/3)
• .

(9) Furthermore, when η = 1 then µ (1, ǫ, 1) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 67 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

Theorem 26. [Charpin-Helleseth-Zinoviev, 2007] Let a be any nonzero element

• f F of order q = 2m, where m is odd and m ≥ 5. Then we have

If Tr(a1/3) = 0 then (a) if Tr(a) = 0 then K(a) ≡ 16 (mod 24) ; (b) if Tr(a) = 1 then K(a) ≡ 4 (mod 24).

MMC-2017. Svolvaer-Lofoten, Norway. 68 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

When Tr(a1/3) = 1 then there is a unique β such that Tr(β) = 0 and a1/3 = β4 + β + 1. Hence if Tr(a) = 0 then (i) if m = 4 h + 3 then K(a) ≡        (mod 24) if µ(β3) 2

m

• = 1,

8 (mod 24) if µ(β3) 2

m

• = −1.

(ii) if m = 4 h + 1 then K(a) ≡        8 (mod 24) if µ(β3) 2

m

• = 1,

(mod 24) if µ(β3) 2

m

• = −1.

MMC-2017. Svolvaer-Lofoten, Norway. 69 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

if Tr(a) = 1 then (i) if m = 4 h + 3 then K(a) ≡        12 (mod 24) if µ(β3) 2

m

• = 1,

20 (mod 24) if µ(β3) 2

m

• = −1.

(ii) if m = 4 h + 1 then K(a) ≡        20 (mod 24) if µ(β3) 2

m

• = 1,

12 (mod 24) if µ(β3) 2

m

• = −1.

MMC-2017. Svolvaer-Lofoten, Norway. 70 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

Here 2

m

• is the Jacobi symbol (also called the quadratic

character), which is a generalization of the Legendre symbol defined for any odd prime p: 2 p

• =

   1, if 2 is a square modulo p, − 1,

• therwise.

(10)

MMC-2017. Svolvaer-Lofoten, Norway. 71 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

The exact expression of the Jacobi symbol can be easily written. For odd m set m = m1 · · · ms, where s ≥ 1 and each mi is an odd

• prime. Then

2 m

• =

2 m1

• · · ·

2 ms

• .

Moreover 2 m

• = (−1)(m2−1)/8 =

   1 for m ≡ ±1 (mod 8), −1 for m ≡ ±3 (mod 8). (11)

MMC-2017. Svolvaer-Lofoten, Norway. 72 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

There is an interesting consequence of the previous theorem concerning the cases where K(a) is zero which can be expressed as follows. Corollary 27. If a ∈ F∗ is such that K(a) = 0 then Tr(a) = 0 and Tr(a1/3) = 1. Moreover, in this case, C(a1/3) > 0 for m = 4 h + 3 and C(a1/3) < 0 for m = 4h + 1.

MMC-2017. Svolvaer-Lofoten, Norway. 73 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24

Sums modulo 24

For the even m we described Kloosterman sum K(a) over F2m modulo 24 solving the same system of equations [Charpin-Helleseth-Zinoviev, 2008]. Moisio also characterized Kloosterman sum K(a) over F2m sums modulo 24 for even m [M, 2008].

MMC-2017. Svolvaer-Lofoten, Norway. 74 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48

Sums modulo 48

The next result in [G¨

• lo˘

glu-McGuire-Moloney, 2011] gives the Kloosterman sums K(a) modulo 48. Recall that Q(a), for a ∈ Fq, q = 2m, denote the following quadratic sum: Q(a) =

• 0≤i<j≤m

a2i+2j

MMC-2017. Svolvaer-Lofoten, Norway. 75 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48

Sums modulo 48

Theorem 28. Let m ≥ 5 be odd and let a ∈ F∗

q where q = 2m. If Tr(a1/3) = 0

then K(a) ≡                4 (mod 48) if Tr(a) = 1 and Q(a) = 1, 16 (mod 48) if Tr(a) = 0 and Q(a) = 0, 28 (mod 48) if Tr(a) = 1 and Q(a) = 0, 40 (mod 48) if Tr(a) = 0 and Q(a) = 1,

MMC-2017. Svolvaer-Lofoten, Norway. 76 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48

If Tr(a1/3) = 1, let β be the unique element satisfying Tr(β) = 0 and a1/3 = β4 + β + 1. Then K(a) equals modulo 48: (mod 48) if Tr(a) = 0 Q(a) = 0, m + Tr(β3) ≡ 5, 7 8 (mod 48) if Tr(a) = 0 Q(a) = 1, m + Tr(β3) ≡ 1, 3 12 (mod 48) if Tr(a) = 1 Q(a) = 0, m + Tr(β3) ≡ 5, 7 20 (mod 48) if Tr(a) = 1 Q(a) = 1, m + Tr(β3) ≡ 1, 3 24 (mod 48) if Tr(a) = 0 Q(a) = 1, m + Tr(β3) ≡ 5, 7 32 (mod 48) if Tr(a) = 0 Q(a) = 0, m + Tr(β3) ≡ 1, 3 36 (mod 48) if Tr(a) = 1 Q(a) = 1, m + Tr(β3) ≡ 5, 7 44 (mod 48) if Tr(a) = 1 Q(a) = 0, m + Tr(β3) ≡ 1, 3 where the value of the last column is modulo 8.

MMC-2017. Svolvaer-Lofoten, Norway. 77 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Sums modulo 64

There are two different approaches by [G¨

• lo˘

glu-McGuire-Moloney, 2011] and [G¨

• lo˘

glu-Lison˘ ek-McGuire-Moloney, 2012]. The result in [G¨

• lo˘

glu-McGuire-Moloney, 2011] used the Gross-Koblitz formula. For a function f : Fq → C and a ∈ Fq denote the complex number ˆ f(a), which is the Fourier coefficient

• f f at a.

ˆ f(a) =

• x∈F

f(x)µ(ax).

MMC-2017. Svolvaer-Lofoten, Norway. 78 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Theorem 29. [G¨

• lo˘

glu-McGuire-Moloney, 2011] For a ∈ F2m, K(a) is modulo 64 (mod 64) if ˆ Tr(a) ≡ (mod 16), 4 (mod 64) if ˆ Tr(a) ≡ 3 (mod 16), 8 (mod 64) if ˆ Tr(a) ≡ 10 (mod 16), 12 (mod 64) if ˆ Tr(a) ≡ 5 (mod 16), 16 (mod 64) if ˆ Tr(a) ≡ 4 (mod 16), 20 (mod 64) if ˆ Tr(a) ≡ 7 (mod 16), 24 (mod 64) if ˆ Tr(a) ≡ 14 (mod 16), 28 (mod 64) if ˆ Tr(a) ≡ 9 (mod 16),

MMC-2017. Svolvaer-Lofoten, Norway. 79 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Sums modulo 64

32 (mod 64) if ˆ Tr(a) ≡ 8 (mod 16), 36 (mod 64) if ˆ Tr(a) ≡ 11 (mod 16), 40 (mod 64) if ˆ Tr(a) ≡ 2 (mod 16), 44 (mod 64) if ˆ Tr(a) ≡ 13 (mod 16), 48 (mod 64) if ˆ Tr(a) ≡ 12 (mod 16), 52 (mod 64) if ˆ Tr(a) ≡ 15 (mod 16), 56 (mod 64) if ˆ Tr(a) ≡ 6 (mod 16), 60 (mod 64) if ˆ Tr(a) ≡ 1 (mod 16),

MMC-2017. Svolvaer-Lofoten, Norway. 80 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Sums modulo 64

The other approach is based on coefficients of the characteristic polynomial [G¨

• lo˘

glu-Lison˘ ek-McGuire-Moloney, 2012]. For a ∈ Fq, q = 2m, consider the characteristic polynomial of a

m−1

• i=0
• x − a2i

= xm + ¯ e1xm−1 + ¯ e2xm−2 + · · · + ¯ em. Let ei ∈ {0, 1} denote ¯ ei viewed as an integer. In this terminology the results for q = 8 and for q = 16 can be presented in the following form.

MMC-2017. Svolvaer-Lofoten, Norway. 81 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Sums modulo 64

Theorem 30. [G¨

• lo˘

glu-McGuire-Moloney, 2011] Let q ≥ 8. Then for a ∈ Fq Kq(a) ≡ 4e1 (mod 8) Let q ≥ 16. Then for a ∈ Fq Kq(a) ≡ 12e1 + 8e2 (mod 16)

MMC-2017. Svolvaer-Lofoten, Norway. 82 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

For q ≥ 32 we have Theorem 31. [G¨

• lo˘

glu-Lison˘ ek-McGuire-Moloney, 2012] Let q ≥ 32. Then for a ∈ Fq Kq(a) ≡ 28e1 + 8e2 + 16(e1e2 + e1e3 + e4) (mod 32) Let q ≥ 64. Then for a ∈ Fq Kq(a) ≡ 28e1 + 40e2 + 16(e1e2 + e1e3 + e4) + 32(e1(e4 + e5 + e6 + e7) + e2(e3 + e4 + e6) + e3e5 + e1e2e3 + e1e2e4 + e8) (mod 64)

MMC-2017. Svolvaer-Lofoten, Norway. 83 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64

Sums modulo 64

Similar expressions were obtained in [G¨

• lo˘

glu-Lison˘ ek-McGuire-Moloney, 2012] for q ≥ 128 and q ≥ 256.

MMC-2017. Svolvaer-Lofoten, Norway. 84 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

Connection with elliptic curves

For a given Fq, q = 2m, and any a ∈ F∗

q define the elliptic curve

E(a) (see [Silverman, 1986], [Menezes, 1993], [Enge, 1999] and references there) [Leonard-Williams, 1972], [Lachaud-Wolfmann, 1990], [Lisonek, 2008], [Lisonek-Moisio, 2011]) as followe: E(a) = {(x, y) ∈ F × F : y2 + xy + x3 + a2 = 0} . (12) For any element a ∈ F∗

q denote by X0(a) the set of elements Fq,

such that Tr(1/x + ax) = 0: X0(a) = {x ∈ F∗ : Tr(x + a x) = 0}.

MMC-2017. Svolvaer-Lofoten, Norway. 85 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

By the definition of the Kloosterman sum K(a) it follows, for the case p = 2, that K(a) = 2 |X0(a)| − 2m, (13) On the other hand, a point (x, y) belongs to an (elliptic) curve E(a) if and only if Tr(x + a x) = 0. For x = 0 and Tr(x + a/x) = 0 the quadratic equation y2 + x y + x3 + a2 = 0 (14)

• ver y has exactly two different solutions y0 and y0 + x.

MMC-2017. Svolvaer-Lofoten, Norway. 86 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

Connection with elliptic curves

Hence the number of F-rational points of the curve E(a) is equal to |E(a)| = 2 |X0(a)|. (15) Thus we arrive to the following result for the case p = 2 (which we already formulated above).

MMC-2017. Svolvaer-Lofoten, Norway. 87 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

Connection with elliptic curves

Theorem 32. [Leonard-Williams, 1972] Let a ∈ F∗

2m and let E2(a) be the elliptic

curve over F2m, defined by E2(a) = {(x, y) ∈ F × F : y2 + xy + x3 + a2 = 0} . Then the number |E(a)| of F2m-rational points of E(a) equals |E2(a)| = 2m + K(a).

MMC-2017. Svolvaer-Lofoten, Norway. 88 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

Connection with elliptic curves

For the case of p = 3 the corresponding result looks as follows. Theorem 33. [Katz-Livn´ e,1989], (Moisio, 2008] Let a ∈ F∗

q, q = 3m and let

E3(a) be the elliptic curve over Fq, defined by E3(a) : y2 = x3 + x2 − a. Then the number |E3(a)| of Fq-rational points of E(a) equals |E3(a)| = 3m + K(a).

MMC-2017. Svolvaer-Lofoten, Norway. 89 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves

Connection with elliptic curves

From these results we have the following important statement Theorem 34. [Lisonek, 2008] Let p ∈ {2, 3} and let a ∈ F∗

• pm. Then pk divides

K(a) if and only if there exists a point of order pk on Ep(a), where the elliptic curves E2(a) and E3(a) are defined by Theorems 32 and 33 respectively.

MMC-2017. Svolvaer-Lofoten, Norway. 90 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

As we know a Kloosterman sum K(a) is divisible by 2k, if and only if the number of points of the curve E(a) is divisible by 2k. In [Lisonek, 2008] it was shown, that |E(a)| is divisible by 2k, if and

• nly if the group E(a) contains an element of order 2k.

Now recall the following result from [Menezes, 1993] (namely, Lemma 7.4).

MMC-2017. Svolvaer-Lofoten, Norway. 91 / 178

On classical Kloosterman sums Divisibllity by 2k

Lemma 35. [Menezes, 1993] A point (x, y) ∈ E(a) has the order 2k, if and

• nly if its x-th coordinate is a root of the polynomial gk−1(x),

where polynomials gi = gi(x) are defined by the following recurrent relation: g0 = x, g1 = x + b1, · · · · · · · · · (16) gi = g2

i−1 + bix i−2

• j=1

(gj)2, i ≥ 2,

MMC-2017. Svolvaer-Lofoten, Norway. 92 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

Here b2i

i = a for i ≥ 1.

(17) We set by definition that

• j=1

= 1.

MMC-2017. Svolvaer-Lofoten, Norway. 93 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

In [Bassalygo-Zinoviev, 2011, 2013] we suggested the other sequence of rational functions fi, which are easily constructed and which permit a simple description of polynomials gi through functions fi: f0 = x, f1 = f0 + b0 f0 , · · · · · · · · · (18) fi = fi−1 + bi−1 fi−1 ,

MMC-2017. Svolvaer-Lofoten, Norway. 94 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

where bi−1 = b2

i

for i ≥ 1 and b0 = a (19) (in (17) and (19) the values bi are the same for i ≥ 1).

MMC-2017. Svolvaer-Lofoten, Norway. 95 / 178

On classical Kloosterman sums Divisibllity by 2k

Lemma 36. [Bassalygo-Zinoviev, 2011, 2013] For any i ≥ 1 the following equality is valid: gi x2i−2 2 = fi

i−1

• r=1

f2i−1−r

r

. (20) From Lemma 36 it follows, that the zeroes of fi and gi coincide (here under a zero of the rational function fi, fi = fi−1 + bi−1 fi−1 , we mean naturally the element x ∈ F, such that fi(x) = 0, but fi−1(x) = 0).

MMC-2017. Svolvaer-Lofoten, Norway. 96 / 178

On classical Kloosterman sums Divisibllity by 2k

Next, for a ∈ F∗ define a sequence x0, x1, . . . , xt−1 of elements of F by the following recurrent relation: x0 = 0, x2

i+1 + √xi xi+1 + a

= 0, i = 0, . . . , t − 2.    (21) Lemma 37. [Bassalygo-Zinoviev, 2011, 2013] Let fi(x) be defined in accordance with (18) and let x0, x1, . . . , xt−1 be a sequence of elements of F, obtained according to (21). Then xi is a zero of fi(x), i.e. fi(xi) = 0, i = 0, 1, . . . , t − 1.

MMC-2017. Svolvaer-Lofoten, Norway. 97 / 178

On classical Kloosterman sums Divisibllity by 2k

It is obvious that for a given a, there exist many sequences x0, x1, . . . , xt−1, which satisfy (21), so that all of them generate the zeros of functions fi, i ≤ t − 1. In this way we arrive to the following result. Theorem 38. [Bassalygo-Zinoviev, 2011, 2013] Let a ∈ F∗ and let the sequence

• f elements x0, x1, . . . , xk−1 be constructed according to the

recurrent relation (21), where k is the smallest natural number, such that Tr(xk−1) = 1. Then the Kloosterman sum K(a) is divisible by 2k and not divisible by 2k+1.

MMC-2017. Svolvaer-Lofoten, Norway. 98 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

The algorithm of finding of the largest divisor of the type 2k of a Kloosterman sum K(a), suggested in Theorem 38, consists on the consequent solution of a quadratic equation in the field F of order 2m (the number of quadratic equations, needed to solve, is equal to k − 2). It is possible to give another algorithm to find this divisor 2k, which does not require solving the quadratic equations, but only consequent implementation of arithmetic operations in F.

MMC-2017. Svolvaer-Lofoten, Norway. 99 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

Let a ∈ F∗ be an arbitrary element and let u1, u2, . . . , uℓ be a sequence of elements of F, constructed according to the following recurrent relation: ui+1 = u2

i + a2

u2

i

, (22) where u1 is any nonzero element of F, such that Tr(u1) = 1, Tr(u1 + a u1 ) = 0. (23)

MMC-2017. Svolvaer-Lofoten, Norway. 100 / 178

On classical Kloosterman sums Divisibllity by 2k

Theorem 39. [Bassalygo-Zinoviev, 2011, 2013] Let a ∈ F∗ and let u1, u2, . . . , uℓ be a sequence of elements of F, which satisfies the recurrent relation (22), where the element u1 satisfies (23). Then there exists an integer k ≤ m such that one of the two following cases takes place: (i) either uk = 0, but all the previous ui are not equal to zero; (ii) or uk+1 = uk+1+r for a certain r and all ui are different for i < k + 1 + r. In the both cases the Kloosterman sum K(a) is divisible by 2k and is not divisible by 2k+1.

MMC-2017. Svolvaer-Lofoten, Norway. 101 / 178

On classical Kloosterman sums Divisibllity by 2k

Clearly this algorithm needs k + r computations x2 + a2

x2 for finding

the largest divisor of K(a) of the type 2k, for the case (ii). Directly from Theorem 39 we obtain the following necessary and sufficient condition for an element a ∈ F∗ to be a zero of the Kloosterman sum K(a). Corollary 40. [Bassalygo-Zinoviev, 2011, 2013] Let a ∈ F∗

2m and u1, u2, . . . , uℓ

be the sequence of elements of F, which satisfies the recurrent relation (22), where the element u1 satisfies (23). Then K(a) = 0, if and only if um = 0, and ui = 0 for all 1 ≤ i ≤ m − 1.

MMC-2017. Svolvaer-Lofoten, Norway. 102 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

Assume now that the field Fq (q = 2m) is embedded into the field Fqn (n ≥ 2), and a is an element of F∗

• q. Recall that

Tr(x) = x + x2 + x22 + . . . + x2m−1, x ∈ Fq Trqn→q(x) = x + xq + xq2 + . . . + xqn−1, x ∈ Fqn, and for any elements a ∈ F∗

q and b ∈ F∗ qn define

µ(a) = (− 1)Tr(a) , µ(n)(b) = (− 1)Tr(Trqn→q(b)) .

MMC-2017. Svolvaer-Lofoten, Norway. 103 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

Consider the following two Kloosterman sums: the sum K(a) over the field Fq K(a) =

• x∈Fq

µ

• x + a

x

• ;

and the sum Kn(a) over the field Fqn Kn(a) =

• x∈Fqn

µ(n) x + a x

• .

MMC-2017. Svolvaer-Lofoten, Norway. 104 / 178

On classical Kloosterman sums Divisibllity by 2k

Denote by H(a) the maximal degree of 2, which divides K(a), and by Hn(a) the maximal degree of 2, which divides Kn(a). There exists a simple connection between H(a) and Hn(a). Theorem 41. [Bassalygo-Zinoviev, 2011, 2013] Let n = 2h(2s + 1), n ≥ 2 and a ∈ F∗

• q. Then

Hn(a) = H(a) + h, with two following exceptional cases: a = 1, n = 2, q = 4; a = 1, n = 4, q = 2.

MMC-2017. Svolvaer-Lofoten, Norway. 105 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

From Theorem 41 we immediately obtain the following known result. Corollary 42. [Lison˘ ek, 2008], [Lison˘ ek-Moisio, 2011] Let a ∈ F∗

q and n > 1.

Then Kn(a) is not equal to zero with the two exceptional cases mentioned in Theorem 41.

MMC-2017. Svolvaer-Lofoten, Norway. 106 / 178

On classical Kloosterman sums Divisibllity by 2k

Ahmadi and Granger [A-G, 2011, 2014] derived results similar to

• ur Theorem 38.

We give their argumets because there is a small difference in our computations, since our new division polynomials looks a little simpler. Given a point P = (x, y) of the curve E(a), the point 2P = (ξ, η) is given by the formula: λ = x + y/x, ξ = λ2 + λ, η = x2 + ξ(λ + 1).          (24)

MMC-2017. Svolvaer-Lofoten, Norway. 107 / 178

On classical Kloosterman sums Divisibllity by 2k

Divisibllity by 2k

To halve a point, one needs to reverse this process, i.e. given Q = (ξ, η), find (if possible) a point P = (x, y) ∈ E(a) such that 2P = Q. To do so, one first needs to solve (24) for λ, which has a solution in F2m if and only if Tr(ξ) = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 108 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

For a given F and any a ∈ F∗ define the elliptic curve E(a): E(a) = {(x, y) ∈ F × F : y2 = x3 + x2 − a}. (25) The set of F-rational points of the curve E(a) over F forms a finite abelian group, which can be represented as a direct product of a cyclic subgroup G(a) of order 3t and a certain subgroup H(a) of some order s (not multiple to 3): E(a) = G(a) × H(a), such that |E(a)| = 3t · s for some integers t ≥ 2 and s ≥ 1 (see [Enge, 1999]).

MMC-2017. Svolvaer-Lofoten, Norway. 109 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Moisio [M, 2008]) showed that |E(a)| = 3m + K(a), (26) (earlier the same result was obtained by [Katz, Livn´ e, 1989] for the curve y2 + xy + ay = x3). Therefore a Kloosterman sum K(a) is divisible by 3t, if and only if the number of points of the curve E(a) is divisible by 3t. Lisonek [L, 2008] observed, that |E(a)| is divisible by 3t, if and only if the group E(a) contains an element of

• rder 3t.

Since |E(a)| is divisible by |G(a)|, which is equal to 3t, then generator elements of G(a) and only these elements are of order 3t.

MMC-2017. Svolvaer-Lofoten, Norway. 110 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Let Q = (ξ, ∗) ∈ E(a). Then the point P = (x, ∗) ∈ E(a), such that Q = 3P exists, if and only if the equation x9 − ξx6 + a(1 − ξ)x3 − a2(a + ξ) = 0. has a solution in F (see [Enge, 1999). This equation is equivalent to equation x3 − ξ1/3x2 + (a(1 − ξ))1/3x − (a2(a + ξ))1/3 = 0. (27)

MMC-2017. Svolvaer-Lofoten, Norway. 111 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

The equation (27) is solvable in F if and only if (see [Ahmadi-Granger, 2011, 2014] and references there) Tr

• a
• ξ3 + ξ2 − a

ξ3

• = 0 .

(28) Since the point (a1/3, a1/3) of E(a) has the order 3, and hence belongs to G(a), then solving the recursive equation x3

i −x1/3 i−1x2 i +(a(1−xi−1))1/3xi−(a2(a+xi−1))1/3 = 0, i = 0, 1, ...

(29) with initial value x0 = a1/3, we obtain that the point (xi, ∗) ∈ G(a) for i = 0, 1, . . . , t − 1, and the point (xt−1, ∗) is a generator element of G(a).

MMC-2017. Svolvaer-Lofoten, Norway. 112 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Such algorithm of finding of cardinality of G(a) was given in [Ahmadi, Granger, 2011, 2014]. It is known [van der Geer - van der Vlugt, 1991], [Lisonek-Moisio, 2013] that 9 divides K(a) if and only if Tr(a) = 0. In this case a can be presented as follows: a = z27 − z9, where z ∈ F, and, hence x0 = a1/3 = z9 − z3 (see (29)). In [Bassalygo-Zinoviev, 2012] we found the expression for the next element x1, namely: x1 = (z4 − 1)(z3 − 1)z2 and, therefore, from the condition (28), the following result holds [Bassalygo-Zinoviev, 2012]

MMC-2017. Svolvaer-Lofoten, Norway. 113 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Let a ∈ F∗ and Tr(a) = 0, i.e. a can be presented in the form: a = z27 − z9. Then x0 = z9 − z3, x1 = (z4 − 1)(z3 − 1)z2, and, therefore, K(a) is divisible by 27, if and only if Tr z5(z − 1)(z + 1)7 (z2 + 1)3

• = 0,

(30) A characterisation of K(a) over F3m modulo 27 is given by the following result in [G´ ’olo˘ glu-McGuire-Moloney, 2010, 2013].

MMC-2017. Svolvaer-Lofoten, Norway. 114 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Theorem 43. Let m ≥ 3 and q = 3m. Then K(a) equals modulo 27 (mod 27) if Tr(a) = 0 and TY (a) + 2TX(a) = 3 (mod 27) if Tr(a) = 1 and TY (a) + = 6 (mod 27) if Tr(a) = 2 and TY (a) + TX(a) = 9 (mod 27) if Tr(a) = 0 and TY (a) + 2TX(a) = 12 (mod 27) if Tr(a) = 1 and TY (a) + = 15 (mod 27) if Tr(a) = 2 and TY (a) + TX(a) = 18 (mod 27) if Tr(a) = 0 and TY (a) + 2TX(a) = 21 (mod 27) if Tr(a) = 1 and TY (a) + = 24 (mod 27) if Tr(a) = 2 and TY (a) + TX(a) =

MMC-2017. Svolvaer-Lofoten, Norway. 115 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Here TX and TY are functions from Fq into Fp defined as follows: X = {r ∈ {0, . . . , q −2} : r = 3i +3j}, i, j not necessarily distinct Y = {r ∈ {0, . . . , q − 2} : r = 3i + 3j + 3k}, i, j, k distinct. and TS(c) =

• s∈S

cs.

MMC-2017. Svolvaer-Lofoten, Norway. 116 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Similar to the case p = 2 [Bassalygo-Zinoviev, 2011, 2014], we give now also another algorithm to find the maximal divisor of K(a) of the type 3t, which requires at every step the limited number of arithmetic operations in F. Let a ∈ F∗ be an arbitrary element and let u1, u2, . . . , uℓ be a sequence of elements of F, constructed according to the following recurrent relation (compare with (29)): ui+1 = (u3

i − a)3 + au3 i

(u3

i − a)2

, i = 1, 2, . . . , (31) where (u1, ∗) ∈ E(a) and Tr

• a
• u3

1 + u2 1 − a

u3

1

• = 0 .

(32) Then the following result is valid [Bassalygo-Zinoviev, 2012].

MMC-2017. Svolvaer-Lofoten, Norway. 117 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Theorem 44. Let a ∈ F∗ and let u1, u2, . . . , uℓ be a sequence of elements of F, which satisfies the recurrent relation (31), where the element u1 satisfies (32) and (u1, ∗) ∈ E(a). Then there exists an integer k ≤ m such that one of the two following cases takes place: (i) either uk = a1/3, but the all previous elements ui are not equal to a1/3; (ii) or uk+1 = uk+1+r for a certain r and the all elements ui are different for i < k + 1 + r. In the both cases the Kloosterman sum K(a) is divisible by 3k and is not divisible by 3k+1.

MMC-2017. Svolvaer-Lofoten, Norway. 118 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

It is clear, that, for the case (ii) of Theorem 44, this algorithm needs k + r computations of values x3 − a + a x3 (x3 − a)2 for finding the largest divisor of K(a) of the type 3k, but the number k + r might be quite large for some initial points of algorithm (since r depends of the order of the initial point).

MMC-2017. Svolvaer-Lofoten, Norway. 119 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Besides, the following lower bound for the number of F-rational points of the curve E(a) is valid: |E(a)| ≥ 3k(2 r + 1) and, respectively, the following upper bound for the value of Kloosterman sum K(a) takes place: K(a) ≤ 3m − 3k(2 r + 1).

MMC-2017. Svolvaer-Lofoten, Norway. 120 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Directly from Theorem 44 we obtain the following necessary and sufficient condition for an element a ∈ F∗ to be a zero of the Kloosterman sum K(a). Corollary 45. Let a ∈ F∗ and u1, u2, . . . , uℓ be a sequence of elements of F of the order |F| = 3m, which satisfies the recurrent relation (31), where the element u1 satisfies (32). Then K(a) = 0, if and only if um = a1/3, and ui = a1/3 for all 1 ≤ i ≤ m − 1.

MMC-2017. Svolvaer-Lofoten, Norway. 121 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Assume now that the field Fq of order q = 3m is embedded into the field Fqn (n ≥ 2), and a is an element of F∗

• q. Recall that

Trqn→q(x) = x + xq + xq2 + . . . + xqn−1, x ∈ Fqn. For any elements a ∈ Fq and b ∈ Fqn define µ(a) = ωTr(a), µn(b) = ωTr(Trqn→q(b)), where ω is a primitive 3-th root of unity.

MMC-2017. Svolvaer-Lofoten, Norway. 122 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

For a given a ∈ F∗

q it is possible to consider the following two

Kloosterman sums: K(a) =

• x∈Fq

µ

• x + a

x

• ,

Kn(a) =

• x∈Fqn

µn

• x + a

x

• .

Denote by H(a) the maximal degree of 3, which divides K(a), and by Hn(a) the maximal degree of 3, which divides Kn(a). Recall that in the case, when K(a) = 0 over Fq, where q = 3m, we assume that 3m divides K(a), but 3m+1 does not divide. There exists a simple connection between H(a) and Hn(a).

MMC-2017. Svolvaer-Lofoten, Norway. 123 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

Theorem 46. Let n = 3h · s, n ≥ 2, s ≥ 1, where 3 does not divide s, and a ∈ F∗

• q. Then

Hn(a) = H(a) + h.

MMC-2017. Svolvaer-Lofoten, Norway. 124 / 178

On classical Kloosterman sums Kloosterman sums; p = 3

Divisibllity by 3k

From Theorem 46, recalling that equality K(a) = 0 over Fq means divisibility of K(a) by q, we immediately obtain the following known result ([Lison˘ ek, 2008], [Lison˘ ek-Moisio, 2011]). Corollary 47. Let a ∈ F∗

q and n ≥ 2. Then Kn(a) over Fqn is not equal to zero.

MMC-2017. Svolvaer-Lofoten, Norway. 125 / 178

On classical Kloosterman sums On spectrum of values of Kloosterman sums

On spectrum of Kloosterman sums

Consider relation between classes of binary integral positive definite quadratic forms and classes of elliptic curves as established by Honda [Honda, 1968]. Let D ∈ Z with D < 0 and D ≡ 0 or 1 (mod 4). Denote by qua(D) the following set = {aX2+bXY +cY 2 ∈ Z[X, Y ] : (a, b, c) ∈ Z3, a > 0, b2−4ac = D}

• f positive definite integral binary quadratic forms with

discriminant D.

MMC-2017. Svolvaer-Lofoten, Norway. 126 / 178

On classical Kloosterman sums On spectrum of values of Kloosterman sums

On spectrum of Kloosterman sums

Denote by Cl(D) = qua(D)/PSL(2, Z) the set of classes of qua(D) under the action of PSL(2, Z) given by γ · Q(X, Y ) = Q(aX + bY, cX + dY ) for γ =   a b c d   ∈ PSL(2, Z), Q ∈ qua(D)

MMC-2017. Svolvaer-Lofoten, Norway. 127 / 178

On classical Kloosterman sums On spectrum of values of Kloosterman sums

The set Cl(D) is finite. Denote the class number by H(D) = |Cl(D)|. According to Gauss [Gauss, 1801], a system of representatives of H(D) in qua(D) is given by the set of reduced

• forms. A form Q is reduced one if and only if

a > 0, b2 − 4ac = D, |b| ≤ a ≤ c, (33) and b ≥ 0, whenever a = |b| or a = c. (34) In other words, H(D) is the number of triples (a, b, c) ∈ Z3 satisfying (33) and (34).

MMC-2017. Svolvaer-Lofoten, Norway. 128 / 178

On classical Kloosterman sums On spectrum of values of Kloosterman sums

On spectrum of Kloosterman sums

As we know from [Honda, 1968] (see also [Waterhouse, 1969], [Schoof, 1987]) that if N(u) denotes the number of classes of F-isomorphisms of elliptic curves over F such that the number of points over F is equal to q + 1 − u, then N(u) = H(u2 − 4q).

MMC-2017. Svolvaer-Lofoten, Norway. 129 / 178

On classical Kloosterman sums On spectrum of values of Kloosterman sums

On spectrum of Kloosterman sums

So we have the following result: Theorem 48. [Lachaud-Wolfmann, 1990] If u ≡ 0 (mod 4) and |u| ≤ 2m/2+1, then |{a ∈ F∗

2m : K(a) = u}| = H(u2 − 4 · 2m).

MMC-2017. Svolvaer-Lofoten, Norway. 130 / 178

On classical Kloosterman sums Kloosterman sums over integers

Kloosterman sums over integers

Let q = pm, where p be an odd prime, m a positive integer, and n be an integer such that (n, p) = 1. The Kloosterman sum Kq(n) is given by Kq(n) =

′

• x=0,...,q−1

exp

• 2πinx + ¯

x q

• ,

where the dash (′) indicates that x takes values only from 0, 1, . . . , q − 1 which are coprime with p, and ¯ x is the unique solution of the congruence x¯ x ≡ 1 (mod q) satisfying 0 < ¯ x < q.

MMC-2017. Svolvaer-Lofoten, Norway. 131 / 178

On classical Kloosterman sums Kloosterman sums over integers

Theorem 49. [Salie, 1931], [Whiteman, 1945], [Estermann, 1961], [Carlitz, 1965], [Williams, 1971] Let q = pm, m ≥ 2, (n, q) = 1, where p denotes an odd prime. Then, (i) if m is even, Kq(n) = 2q1/2 cos(4πn/k); (ii) if m is odd, Kq(n) =    2

• n

q

• q1/2 cos(4πn/q)

for p ≡ 1 (mod 4), − 2

• n

q

• q1/2 sin(4πn/q)

for p ≡ 3 (mod 4),

MMC-2017. Svolvaer-Lofoten, Norway. 132 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

For the case p = 3 we have Theorem 50. [Katz-Livn´ e, 1989] Let a ∈ F∗

q, q = 3m and let E3(a) be an elliptic

curve over F3m, i.e. it is defined by E3(a) : y2 + xy + ay = x3. (35) Then the number of q-rational points of E3(a) equals |E3(a)| = 3m + K(a).

MMC-2017. Svolvaer-Lofoten, Norway. 133 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Similar result has been proved in [Moisio, 2008] for the curve of the form: E3(a) : y2 = x3 + x2 − a. (36) Using the same approach as for the case p = 2, Lisonek proved the following result: Theorem 51. [Lisonek, 2012] For any a, b ∈ F∗

3m we have K(a) = K(b) if and

• nly if there exists ℓ ∈ N such that

Φℓ 1 a, 1 b

• = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 134 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Identities; p = 3

This implies the following identitites for the Kloosterman sums

• ver F3m. All four identities (as for binary case) are obtained using

the well known parametrizations of X0(ℓ) for ℓ = 2, 5, 7, 13, respectively. Similarly to the case p = 2 (when ℓ = 2 implies K(a) = K(a2)) for the case p = 3 the value ℓ = 3 implies K(a) = K(a3).

MMC-2017. Svolvaer-Lofoten, Norway. 135 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Theorem 52. [Lisonek, 2012] For any a ∈ F3m (1) K(a2(1 − a)) = K(a(1 − a)2); (2) K

• a5(a−1)

(a2+a−1)3

• = K
• a(a−1)5

(a2+a−1)3

• , a2 + a − 1 = 0;

(3) K

• a7(a−1)

(a+1)2

• = K
• a(a−1)7

(a+1)2

• , a = − 1;

(4) K

• a13(a−1)

(a+1)6(a2−a−1)3

• = K
• a(a−1)13

(a+1)6(a2−a−1)3

• ,

a = − 1, a2 − a − 1 = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 136 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Identities; p = 3

For the case p = 3 the following identity is also known. Theorem 53. [Cao-Hollmann-Xiang, 2008] For a ∈ F3m we have (5) K(a3(a − a3)) = K((a3 + 1)(a − a3)).

MMC-2017. Svolvaer-Lofoten, Norway. 137 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

This identity corresponds to ℓ = 4 = 22. It can be proved by combining two times the identity K(a2(1 − a)) = K(a(1 − a)2) in Theorem 52. Indeed, (5) in Theorem 53 can be rewritten as K(a4(1 + a)(1 − a)) = K(a(a + 1)4(1 − a)). (37) By letting b = (1 + a)(1 − a) in (1) of Theorem 52 we obtain K((1 + a)(1 − a)a4) = K(((1 + a)(1 − a))2a2), (38) and by letting b = (1 + a)2 in Theorem 52 we obtain K((1 + a)2((−1 + a)(−a))2) = K(((1 + a)4(−1 + a))(−a)), (39) Equality (37) follows now by combining (38) and (39).

MMC-2017. Svolvaer-Lofoten, Norway. 138 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Lemma 54. [Wolfmann, 1975] Define two sets Ω0 = {x ∈ F∗

2m|Tr(x−1) = 0}, Ω1 = {x ∈ F∗ 2m|Tr(x−1) = 1}.

Then Ω0 = {x ∈ F∗

2m|x = αi + α−i, i = 1, 2, . . . , 2m−1 − 1},

and Ω1 = {x ∈ F∗

2m|x = βi + β−i, i = 1, 2, . . . , 2m−1},

MMC-2017. Svolvaer-Lofoten, Norway. 139 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Sums and codes

Let F be a field of order q = 2m and let n = 2m−1. Define two mappings M0 : F → (F2)n−1, and M1 : F → (F2)n. by M0(a) = (Tr(aω1), . . . , Tr(aωn−1)), with ωi = αi + α−i, M1(a) = (Tr(a ¯ ω1), . . . , Tr(a¯ ωn)), with ¯ ωi = βi + β−i

MMC-2017. Svolvaer-Lofoten, Norway. 140 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Sums and codes

Any linear Boolean function ℓ(a), a ∈ F∗ is of weight n and can be

• btained as follows:

ℓ(a) = (Tr(a), Tr(aα), . . . , Tr(aαq−2)) Then, taking into account Lemma 54 and two mappings we obtain immediately [Lachaud-Wolfmann, 1990] that wt(M0(a)) + wt(M1(a)) = 2m−1.

MMC-2017. Svolvaer-Lofoten, Norway. 141 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

Sums and bent and hyperbent functions

This result is extended [M., 2011] for the functions of the type fr

a,b(x) = Tr(axr(2s−1)) + Tr(2)(bx(2m−1)/3),

(40) where r is a positive integer co-prime with 2s + 1. For even s > 2 Mesnager [M.,2011] proved that fa,b of the type (1) is bent only if K2s(a) = 4. These results have been strengthened in [Flori-Mesnager-Cohen, 2011].

MMC-2017. Svolvaer-Lofoten, Norway. 142 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

The moments

Moisio computed the moments Kh for h = 5, 6, 7, 8, 9, 10 [M., 2007] in order to obtain the weight distribution of Zetterberg code. Theorem 55. [Moisio, 2007] Let Zi be the number of codewords of weight i in Zetterberg code of length n, where n = q + 1, q = 2m. Then, for every positive integer h, the moment Kh of the Kloosterman sum K(a) is given by nKh = f(Z0, . . . , Zh) + g(K0, . . . , Kh−1).

MMC-2017. Svolvaer-Lofoten, Norway. 143 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3

The moments

Here g(K0, . . . , Kh−1) = −

h−1

• i=0

h i

• nh−i+1Ki

f(Z0, . . . , Zh) = q2

h

• i=0

(−1)iZi

h

• t=i

t!S(h, t)2h−t n − i n − t

• .

where S(h, t) is a Stirling number of the second kind, S(h, t) = 1 t!

t

• j=0

(−1)t−j t j

• jh .

MMC-2017. Svolvaer-Lofoten, Norway. 144 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

identities from modular curves

Using results on modular curves Kojo [Kojo, 2002] found two more

• identities. We shortly explain his results following to [Lison˘

ek, 2012]. First, we formulate the result connecting elliptic curves and Kloosterman sums over finite fields of characteristic 2.

MMC-2017. Svolvaer-Lofoten, Norway. 145 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

identities from modular curves

Theorem 56. [Leonard-Williams, 1972] Let a ∈ F∗

q, q = 2m and let E2(a) be an

elliptic curve over F2m, i.e. it is defined by E2(a) = {(x, y) ∈ Fq × Fq : y2 + xy = x3 + ax}. (41) Then the number of q-rational points of E2(a) equals |E2(a)| = 2m + K(a).

MMC-2017. Svolvaer-Lofoten, Norway. 146 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Two elliptic curves E and E′ over Fq have the same number of points over Fq if and only if E and E′ are isogenous (see [Tate, 1966]). Recall that ℓ-isogeny of elliptic curves is parametrized by the modular curve X0(ℓ) (the points of X0(ℓ) may be identified with elliptic curves with a cyclic subgroup of order ℓ). For prime levels ℓ = 2, 3, 5, 7, 13, the curve X0(ℓ) has genus 0 and hence it has a rational parametrization. These parametrizations were first explicitly calculated by Klein in 1879 (see [Maier, 2009]). This curve X0(ℓ) has a model Φℓ(x, y) ∈ Z[x, y] (called the classical modular polynomial of level ℓ, or the modular equation).

MMC-2017. Svolvaer-Lofoten, Norway. 147 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Its j-invariant can be computed using the formula j(E2(a)) = 1 a2 . Elliptic curves E and E′ with j-invariants j(E) and j(E′) are ℓ-isogenous if and only if Φℓ(j(E), j(E′)) = 0. Theorem 57. [Kojo, 2002] For any a, b ∈ F∗m

2 we have K(a) = K(b) if and only

if there exists ℓ ∈ N such that Φℓ 1 a, 1 b

• = 0.

MMC-2017. Svolvaer-Lofoten, Norway. 148 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Sums modulo 24

The value of C(a) is known due to Carlitz [C, 1979]. For G(a) we have the following result. Lemma 58. For any odd m, m ≥ 5, G(a) ≡    8 (mod 16), if Tr(a) = 1, (mod 16), if Tr(a) = 0. This gives the following relations between cubic and Kloosterman sums.

MMC-2017. Svolvaer-Lofoten, Norway. 149 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Sums modulo 24

Theorem 59. [Charpin-Helleseth-Zinoviev, 2007] For any a, a ∈ F∗, we have: If Tr(a) = 0 then C(a1/3) + K(a) ≡ 16 (mod 24). (42) else C(a1/3) + K(a) ≡ 4 (mod 24). (43)

MMC-2017. Svolvaer-Lofoten, Norway. 150 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Sums modulo 24

For the case when F is of order q = 2m and m is even, we have the following results [Charpin-Helleseth-Zinoviev, 2009]). Denote by x → Trm

2 (x) the trace function from F to its subfield F4.

MMC-2017. Svolvaer-Lofoten, Norway. 151 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Sums modulo 24

Theorem 60. [Charpin-Helleseth-Zinoviev, 2008] Let m = 2s ≥ 4 be even and let F be a finite field of order q = 2m. Let a ∈ F∗ be any element. If a is a cube, say, a = β3. Then we have. For the case Trm

2 (β2) = 0

K(a) ≡    16 (mod 24), if Tr(a) = 0, 4 (mod 24), if Tr(a) = 1.

MMC-2017. Svolvaer-Lofoten, Norway. 152 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

For the case Trm

2 (β2) = 0. If Tr(a) = 0, then:

K(a) ≡    (mod 24), if µ(ξ3

0)

= − 1, 8 (mod 24), if µ(ξ3

0)

= 1. where ξ0 is any root of the equation x4 + x = β4. If Tr(a) = 1, then: K(a) ≡    12 (mod 24), if µ(ξ3

0)

= − 1, 20 (mod 24), if µ(ξ3

0)

= 1.

MMC-2017. Svolvaer-Lofoten, Norway. 153 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Now assume that a is not a cube. Then we have for the case Tr(a) = 0 K(a) ≡    (mod 24), if e(ξ3

1)

= − 1, 8 (mod 24), if e(ξ3

1)

= 1, where ξ1 is the unique root of the equation ax4 + x = a. If Tr(a) = 1, then: K(a) ≡    12 (mod 24), if µ(ξ3

1)

= − 1, 20 (mod 24), if µ(ξ3

1)

= 1,

MMC-2017. Svolvaer-Lofoten, Norway. 154 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Sums modulo 24

Theorem 61. [Charpin-Helleseth-Zinoviev, 2008] Let m = 2s ≥ 4 be even and let F be a finite field of order q = 2m. Let a ∈ F∗ be any element. If a is a cube, say, a = β3. Then we have. For the case Trm

2 (β2) = 0

K(a) ≡    16 (mod 24), if Tr(a) = 0, 4 (mod 24), if Tr(a) = 1.

MMC-2017. Svolvaer-Lofoten, Norway. 155 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

For the case Trm

2 (β2) = 0. If Tr(a) = 0, then:

K(a) ≡    (mod 24), if µ(ξ3

0)

= − 1, 8 (mod 24), if µ(ξ3

0)

= 1. where ξ0 is any root of the equation x4 + x = β4. If Tr(a) = 1, then: K(a) ≡    12 (mod 24), if µ(ξ3

0)

= − 1, 20 (mod 24), if µ(ξ3

0)

= 1.

MMC-2017. Svolvaer-Lofoten, Norway. 156 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Now assume that a is not a cube. Then we have for the case Tr(a) = 0 K(a) ≡    (mod 24), if e(ξ3

1)

= − 1, 8 (mod 24), if e(ξ3

1)

= 1, where ξ1 is the unique root of the equation ax4 + x = a. If Tr(a) = 1, then: K(a) ≡    12 (mod 24), if µ(ξ3

1)

= − 1, 20 (mod 24), if µ(ξ3

1)

= 1,

MMC-2017. Svolvaer-Lofoten, Norway. 157 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

Kloosterman sums over integers

Here n k

• denote the Legendre symbol.

Note that for the case m = 1, the sum Kq(n) is unknown.

MMC-2017. Svolvaer-Lofoten, Norway. 158 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

Omran Ahmadi, Robert Granger, An efficient deterministic test for Kloosterman sum zeros, Mathematics of Computation, 2014, 83 (285), pp. 347 - 363; see arXiv:1104.3882v1 [math.NT] 19 Apr 2011.

• L. A. Bassalygo and V. A. Zinoviev, On divisibility of

exponential sums of polynomials of special type over finite fields of characteristic 2, Workshop on Coding and Cryptography (WCC-2011), April 11-15, 2011, Paris, France, Proceedings, INRIA, 2011, pp. 389 - 396.

• L. A. Bassalygo and V. A. Zinoviev, On divisibility of

MMC-2017. Svolvaer-Lofoten, Norway. 159 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• L. A. Bassalygo and V. A. Zinoviev, On Kloosterman sums
• ver finite fields of characteristic 3, in: Proceedings of Thirteenth

International Workshop. Algebraic and Combinatorial Coding Theory, ACCT - 13 (June 15 - 21, Pomorie, Bulgaria, 2012, pp. 83

• 87.
• L. A. Bassalygo and V. A. Zinoviev, On Kloosterman sums
• ver finite fields of characteristic 3, Discrete Applied Mathematics,

2017, vol. 216, part 3, pp. 518 - 523. Xiwang Cao, Henk D.L. Hollmann, Qing Xiang, New Kloosterman sum identities and equalities over finite fields, Finite

MMC-2017. Svolvaer-Lofoten, Norway. 160 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• L. Carlitz, A note on multiple exponential sums, Pacific J.

Math., 1965, vol. 15, pp. 757 - 765.

• L. Carlitz, A note on exponential sums, Pacific J. Math., 1969,
• vol. 30, pp. 35 - 37.
• L. Carlitz, Kloosterman sums and finite field extensions, Acta

Arith., 1969, vol. 16, pp. 179 - 193.

• L. Carlitz, Explicit evaluation of certain exponential sums,
• Math. Scand., 1979, vol. 44, pp. 5-16.

MMC-2017. Svolvaer-Lofoten, Norway. 161 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• L. Carlitz, Multiple exponential sums, Pacific J. Math., 1965,
• vol. 15, 757 - 765.
• P. Charpin, T. Helleseth and V.A. Zinoviev, On cosets
• f weight 4 of binary BCH codes of length 2m (m odd) with

minimal distance 8 and exponential sums, Problems of Information Transmission, 2005, vol. 41, 4, 301 - 320.

• P. Charpin, T. Helleseth and V.A. Zinoviev, Propagation

characteristics of x−1, Finite Fields and Their Applications, 2007,

• vol. 13, pp. 366 - 381.
• P. Charpin, T. Helleseth and V.A. Zinoviev, The

MMC-2017. Svolvaer-Lofoten, Norway. 162 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• P. Charpin, T. Helleseth and V.A. Zinoviev, On cosets
• f weight 4 of binary primitive BCH codes of length 2m (m even)

with minimum distance 8 and exponential sums, SIAM J. of Discrete Math., 2008, vol. 23, no. 1, p. 59 - 78.

• P. Charpin, T. Helleseth and V.A. Zinoviev, On

divisibility properties of classical binary Kloosterman sums, Discrete Mathematics, 2009, vol. 309, no. 12, pp. 3975-3984. [4] P. Charpin & G. Gong, Hyperbent functions, Kloosterman sums, and Dickson polynomials, IEEE Transactions on Information Theory, 2008, vol. 54, no. 9, pp. 4230-4238.

MMC-2017. Svolvaer-Lofoten, Norway. 163 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• H. Davenport, On certain exponential sums, J. reine angew.

Math., 1933, vol. 169, 158 - 176.

• P. Deligne, Applications de la formule des traces aux sommes

trigonometriques, Lecture Notes in Math., Springer-Verlag, 1977,

• vol. 569, pp. 168 - 232.

J.F. Dillon, Elementary Hadamard difference sets. In Proc. Sixth Southeastern Conference on Combinatorics, Graph theory, and Computing. Congressus Numerantium, No. XIV, Utilitas Math., Winnipeg, Man., 1975, pp. 237-249.

• C. Ding, T. Helleseth, H. Niederreiter and C. Xing,

MMC-2017. Svolvaer-Lofoten, Norway. 164 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• A. Enge, Elliptic curves and their applications to cryptography:

an introduction, Klumer Academic Publishers, Boston, 1999.

• N. D. Elkies, Elliptic and modular curves over finite fields and

related computational issues, 1997, March, Preprint. J.-P. Flori, S. Mesnager, G. Cohen, Binary Kloosterman sums with value 4, IMA Int. Conf. 2011, pp. 61-78.

• K. Garaschuk, Petr Lison¨

ek, On binary Kloosterman sums divisible by 3, Des. Codes Cryptogr., 2008, vol. 49, 347 - 357.

MMC-2017. Svolvaer-Lofoten, Norway. 165 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

C.F. Gauss, Disquisitiones Arithmeticae, Leipzig: Fleischer, 1801; English Translation, Yale University Press, 1966.

• F. G¨
• lo˘

glu, G. McGuire, & R. Moloney, Binary Kloosterman sums using Stickelberger’s theorem and the Gross-Koblitz formula, Acta Arithmetica, 2011, vol. 148, no. 3, pp. 269 - 279.

• F. G¨
• lo˘

glu, G. McGuire, & R. Moloney, Some results on Kloosterman sums and their minimal polynomials, in: ”Seventh International Workshop on Coding and Cryptography, WCC 2011”, April 11-15, 2011, Paris, France, Proceedings (eds. D. Augot & A.

MMC-2017. Svolvaer-Lofoten, Norway. 166 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• F. G´

’olo˘ glu, G. McGuire, and R. Moloney, Some congruences on Kloosterman sums and their characteristic polynomials, J. Number Theory, 2013, vol. 143, pp. 1596-1607; see arXiv:1006.1802v1 [math.NT] 9 Jun 2010.

• F. G¨
• lo˘

glu, P. Lison˘ ek, G. McGuire, & R. Moloney, Binary Kloosterman sums modulo 256 and coefficients of the characteristic polynomial, IEEE Transactions on Information Theory, 2012, vol. 58, no. 4, pp. 2516 - 2523.

• G. van der Geer & M. van der Vlugt, Kloosterman sums

and the p-torsion of certain Jacobians, Math. Ann., 1991, vol. 290,

MMC-2017. Svolvaer-Lofoten, Norway. 167 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• B. H. Gross, N. Koblitz, Gauss sums and the p-adic

Γ-function. Ann. Math., 1979, vol. 109, pp. 569581.

• T. Helleseth & V.A. Zinoviev, On Z4-Linear Goethals Codes

and Kloosterman Sums, Designs, Codes and Cryptography, vol. 17,

• No. 1-3, pp. 246-262, 1999.
• T. Helleseth & V.A. Zinoviev, New Kloosterman Sums

identities over F2m for all m, Finite Fields and Their Applications, 2003, vol. 9, pp. 187 - 193.

MMC-2017. Svolvaer-Lofoten, Norway. 168 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• T. Helleseth, A. Kholosha, Monomial and quadratic bent

functions over the finite fields of odd characteristic, IEEE Trans.

• Inform. Theory, 2006, vol. 52, no. 5, pp, 2018 - 2032.
• T. Honda, Isogeny classes of abelian varieties over finite fields, J.
• Math. Soc. Japan, 1968, vol. 20, pp. 83 - 95.
• N. Katz, R. Livn´

e, Sommes de Kloosterman et courbes elliptiques universelles caracteristiques 2 and 3, C. R. Acad. Sci. Paris Ser. I Math. 1989, vol. 309, no. 11, pp. 723 - 726.

MMC-2017. Svolvaer-Lofoten, Norway. 169 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• H. D. Kloosterman, On the representation of numbers in the

form ax2 + by2 + cz2 + dt2, Acta Math. 1926, vol. 49, 407 - 464.

• M. R. S. Kojo, Modular curves and identities of classical

Kloosterman sums, unpublished manuscript, 17 October, 2002. K.P. Kononen, M.J. Rinta-aho, and K. O. V¨ a¨ an¨ anen, On integer values of Kloosterman sums, IEEE Trans. Inform. Theory, 2010, vol. 56, no. 8, pp, 4011 - 4013.

• J. Lahtonen, L. Ojala, Seminar notes, University of Helsinki,

2001.

MMC-2017. Svolvaer-Lofoten, Norway. 170 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

• N. G. Leander, Monomial bent functions, IEEE Trans. Inform.

Theory, 2006, vol. 52, no. 2, pp, 738 - 743.

• P. A. Leonard, K. S. Williams, Quartics over GF(2m),
• Proc. Amer. Math. Soc., 1972, vol. 36, pp. 347 - 350.
• R. Lidl & H. Niederreiter, ”Finite Fields”, Encyclopedia of

Mathematics and Its Applications, Reading, MA: Addison Wesley,

• vol. 20, 1983.
• P. Lison˘

ek, On the connection between Kloosterman sums and elliptic curves. In: Proceedings of the 5th International Conference

• n Sequences and Their Applications (SETA 2008) (S. Golomb et
• al. Eds.), Lecture Notes in Computer Science, Springer, 2008, vol.

5203, pp. 182 - 187.

MMC-2017. Svolvaer-Lofoten, Norway. 171 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• P. Lison˘

ek, Identities for Kloosterman sums and modular curves. Contemporary Mathematics, 2012, vol. 574, 125 - 130. [7] P. Lison˘ ek & M. Moisio, On zeros of Kloosterman sums, Designs, Codes and Cryptography, 2011, vol. 59, pp. 223 - 230.

• R. S. Maier, On rationally parametrized modular equations, J.

Ramanujan Math. Soc. 2009, vol. 24, no. 1, pp. 1 - 73.

• A. Menezes, Elliptic Curve Public Key Cryptosystems, Kluwer

Academic Publishers, Boston-Dordrecht-London, 1993.

MMC-2017. Svolvaer-Lofoten, Norway. 172 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• S. Mesnager, A new class of bent and hyperbent Boolean

functions in polynomial forms, Designs, Codes and Cryptography, 2011, vol. 59, no. 1-3, pp. 265 - 279.

• M. Moisio, On the duals of binary hyper-Kloosterman codes,

SIAM J. Discrete Math., 2008, vol. 22, pp. 273 - 287.

• M. Moisio, The moments of a Kloosterman sum and the weight

distribution of a Zetterberg type binary cyclic code, IEEE Trans.

• Inform. Theory, 2007, vol. 53, 2, pp. 843 - 847.

MMC-2017. Svolvaer-Lofoten, Norway. 173 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• M. Moisio, Kloosterman sums, elliptic curves, and irreducible

polynomials with prescribed trace and norm, Acta Arithmetica, 2008, vol. 132, no. 4, pp. 329 - 350.

• M. Moisio, K. Ranto, Kloosterman sum identities and

low-weight codewords in a cyclic code with two zeros, Finite Fields and Their Applications, 2007, vol. 13, 4, pp. 922 - 935.

• L. J. Mordell, On a special polynomial congruence and

exponential sums, Calcutta Math. Soc., Golden Jubilee Commemoration Volume, 1963, Part. 1, pp. 29 - 32.

MMC-2017. Svolvaer-Lofoten, Norway. 174 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

J.C.C.M. Remijn, H.J. Tiersma, A duality theorem for the weight distribution of some cyclic codes, IEEE Trans. Inform. Theory, 1988, vol. IT-34, no. 4, pt. II, pp. 1348 - 1351.

• A. M. Robert, The Gross-Koblitz formula revised, Rend. Sem.
• Mat. Univ. Padova, 2001, vol. 105, pp. 157 - 170
• R. Schoof,Nonsingular plane cubic curves over finite fields, J.

Combinatorial Theory, 1987, vol. 46, pp. 183 - 211.

MMC-2017. Svolvaer-Lofoten, Norway. 175 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• R. Schoof, M. van der Vlugt, Hecke operators and the

weight distributions of certain codes, J. Combin. Theory Ser. A, 1991, vol. 57, pp. 163 - 186. Dong-Joon Shin, P. Vijay Kumar and Tor Helleseth, 3-Designs from the Z4-Goethals codes via a new Kloosterman sum identity, Designs, Codes and Cryptography, 2003, vol. 28, no. 3,

• pp. 247 - 263.

Dong-Joon Shin, Wonjin Sung, A new Kloosterman sum identity over F2m for odd m, Discrete Math., 2003, vol. 268, pp. 337 - 341.

MMC-2017. Svolvaer-Lofoten, Norway. 176 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• I. Shparlinski, On the values of Kloosterman sums, IEEE Trans.
• Inform. Theory, 2009, vol. 55, no. 6, pp. 2599 - 2601.
• J. H. Silverman, The Arithmetic of Elliptic Curves, New York:

Springer, 1986.

• H. Stichtenoth, Algebraic Function Fields and Codes, Springer,

Berlin, 1993.

MMC-2017. Svolvaer-Lofoten, Norway. 177 / 178

On classical Kloosterman sums Identities for Kloosterman sums; p = 3 Kloosterman sum identities from modular curves

References

• J. Tate, P. Deligne, Modular functions of one variable, 1975,

Berlin: Springer, pp. 53-73.

• W. C. Waterhouse, Abelian varieties over finite fields, Ann.
• Scient. Ec. Norm. Sup., 1969, vol. 4, no. 2, pp. 521 - 560.

MMC-2017. Svolvaer-Lofoten, Norway. 178 / 178