On classical Kloosterman sums V. A. Zinoviev Harkevich Institute - PowerPoint PPT Presentation

On classical Kloosterman sums Kloosterman sums and binary codes Sums and codes Let α be a primitive root of the field F 2 m and β be a primitive (2 m + 1) th root of unity in F 2 2 m . The Melas code M ( α ) is the binary cyclic code of length 2 m − 1 generated by m α ( x ) m α − 1 ( x ) and the Zetterberg code Z ( β ) (introduced in [Ding-Helleseth-Niederreiter-Xing, 2002]) is the binary cyclic code of length 2 m + 1 generated by m β ( x ) (here we denote by m γ the minimal polynomial of γ over F 2 ). MMC-2017. Svolvaer-Lofoten, Norway. 22 / 178

On classical Kloosterman sums Kloosterman sums and binary codes Sums and codes Dlllon [D, 1975] remarks a connection between the weights of the orthogonal M ( α ) ⊥ of the Melas code M ( α ) and the weights of the orthogonal N ( β ) ⊥ of the Zetterberg code N ( β ) involving the Kloosterman sums. Remijn and Tiersma [R-T, 1988] connected weight distributions of cyclic codes M ( α ) ⊥ and Z ( β ) ⊥ dual to M ( α ) and Z ( β ) , respectively, with Kloosterman sums. MMC-2017. Svolvaer-Lofoten, Norway. 23 / 178

On classical Kloosterman sums Kloosterman sums and binary codes Theorem 8. [Lachaud-Wolfmann, 1990] (1) The weights of the nonzero words of the orthogonal M ( α ) ⊥ of the Melas code M ( α ) are the even integers w such that � w − 2 m − 1 � ≤ 2 m/ 2 . � � 2 (2) The weights of the nonzero words of the orthogonal N ( β ) ⊥ of the Zetterberg code N ( β ) are the even integers w such that � w − 2 m + 1 � ≤ 2 m/ 2 . � � 2 MMC-2017. Svolvaer-Lofoten, Norway. 24 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Sums and bent and hyperbent functions A Boolean function is any function from F 2 m (or from ( F 2 ) m ) to F 2 . The Hadamard transform of a Boolean function f is defined as ( − 1) f ( x )+ Tr ( ax ) ˆ � f ( a ) = x ∈ F 2 m where a ∈ F 2 m . A Boolean function f is called bent if f ( a ) | = 2 m/ 2 for all a ∈ F 2 m . Bent functions have the highest | ˆ possible Hamming distance to the set of all affine linear Boolean functions Tr ( ax ) + e , a ∈ F 2 m , e ∈ F 2 . MMC-2017. Svolvaer-Lofoten, Norway. 25 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Sums and bent and hyperbent functions The extended Hadamard transform of f is ( − 1) f ( x )+ Tr ( ax k ) ˆ � f ( a, k ) = x ∈ F 2 m where a ∈ F 2 m and k is an integer relatively prime to 2 m − 1 . A Boolean function is called hyperbent if its extended Hadamard transform takes only the values ± 2 m/ 2 . MMC-2017. Svolvaer-Lofoten, Norway. 26 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Sums and bent and hyperbent functions The remarkable result of Dillon [D., 1975] is the following one. Theorem 9. [Dillon, 1975] Let m = 2 s . The Boolean function from F 2 m to F 2 defined as f λ ( x ) = Tr ( λx 2 s − 1 ) , λ ∈ F ∗ 2 m , is bent if and only if K 2 m ( λ ) = 0 . MMC-2017. Svolvaer-Lofoten, Norway. 27 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Leander [L, 2006] presented the alternative proof to the result above based on Kloosterman sums. Charpin and Gong [C.-G., 2008] extended this result for hyperbent functions. Theorem 10. [Charpin-Gong, 2008] Let m = 2 s . The Boolean function f λ from F 2 m to F 2 defined as f λ ( x ) = Tr ( λx 2 s − 1 ) , ; λ ∈ F ∗ 2 m , is hyperbent if and only if K 2 m ( λ ) = 0 . MMC-2017. Svolvaer-Lofoten, Norway. 28 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Sums and bent and hyperbent functions It is interesting that not only zeroes of Kloosterman sums imply bent and hyperbent functions. Mesnager in 2009 (see reference in [M.,2011]) found that value 4 of binary Kloosterman sum also gives bent and hyperbent functions. For the case m = 2 s , let F 4 ⊂ F 2 m and let a ∈ F ∗ 2 m and b ∈ F 4 . Define a Boolean function f a,b ( x ) = Tr ( ax 2 s − 1 ) + Tr (2) ( bx (2 m − 1) / 3 ) , (1) where Tr (2) denote here the trace from F 4 to F 2 . MMC-2017. Svolvaer-Lofoten, Norway. 29 / 178

On classical Kloosterman sums Kloosterman sums and bent and hyperbent functions Sums and bent and hyperbent functions Using the results from [C-H-Z, 2009], Mesnager proved the following result. Theorem 11. [Mesnager, 2011] Let s > 3 be odd and m = 2 s . Assume that a ∈ F ∗ 2 s and β is a primitive element of F 4 , F 4 ⊂ F 2 m . Let f a, 1 , f a,β , and f a,β 2 be the Boolean function of the type (1). If K 2 s ( a ) = 4 , then functions f a, 1 , f a,β , and f a,β 2 are bent while, if K 2 s ( a ) � = 4 , then f a, 1 , f a,β , and f a,β 2 are not bent. MMC-2017. Svolvaer-Lofoten, Norway. 30 / 178

On classical Kloosterman sums The moments of Kloosterman sums The moments For the Kloosterman sum K ( a ) over F q , q = 2 m , x + a � � � K ( a ) = µ x x ∈ F q denote by K h the h th moment: � K ( a ) h . K h = a ∈ F q These moments are known for all h ≤ 10 . We give first several values. MMC-2017. Svolvaer-Lofoten, Norway. 31 / 178

On classical Kloosterman sums The moments of Kloosterman sums 1 Obviously K 0 = K 1 = q . 2 [Helleseth, 1976] K 2 = q 2 . 3 [Helleseth, 1976]  2 q 2 , if m odd ,  K 3 = 4 q 2 , if m even ,  4 [Charpin-Helleseth-Zinoviev, 2007]  2 q 3 + 8 q 2 , if m even ,  K 4 = 2 q 3 , if m odd ,  MMC-2017. Svolvaer-Lofoten, Norway. 32 / 178

On classical Kloosterman sums The moments of Kloosterman sums The moments Moisio computed the moments K h for h = 5 , 6 , 7 , 8 , 9 , 10 [M., 2007] in order to obtain the weight distribution of Zetterberg code. MMC-2017. Svolvaer-Lofoten, Norway. 33 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities For Kloosterman sum K ( a ) over F q , q = p m we have obviously K ( a ) = K ( a p ) , which was first mentioned by Carlitz [C.,1969]. MMC-2017. Svolvaer-Lofoten, Norway. 34 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities, p = 2 For the case p = 2 which we consider, the following identities are known: Theorem 12. For any a ∈ F 2 m (1) K ( a 3 ( a + 1)) = K ( a ( a + 1) 3 ) [Helleseth-Zinoviev, 2003] ; (2) K ( a 5 ( a + 1)) = K ( a ( a + 1) 5 ) [Helleseth-Zinoviev, 2003] ; (3) K ( a 8 ( a 4 + a )) = K (( a + 1) 8 ( a 4 + a )) (Hollmann-Xiang, 2004] . MMC-2017. Svolvaer-Lofoten, Norway. 35 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities The substitution a = b/ ( b + 1) shows that the first identity in Theorem 12 is equivalent to the identity for any a ∈ F ∗ 2 m a 3 � � � � a (4) K = K , ( a + 1) 4 ( a + 1) 4 which has been proved earlier for odd m in [Shin-Kumar–Helleseth, 2003] and [Shin-Sung, 2003]. MMC-2017. Svolvaer-Lofoten, Norway. 36 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities In the paper [Helleseth-Zinoviev, 2003] we proved these identities above using two following statements which have their own sense. Lemma 13. [Helleseth-Zinoviev, 2003] Let δ ∈ F 2 m be such that Tr ( δ ) = 1 . Then in each of the cases ℓ = 0 and 1 the polynomial � 2 ℓ � 1 p ( x ) = + x (2) x 2 + x + δ is a permutation of F 2 m where m is any positive integer. MMC-2017. Svolvaer-Lofoten, Norway. 37 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities The next theorem answers the question posed in Shin and Sung [S-S, 2003] and generalizes this to other cases. Their result corresponds to the special case ℓ = 0 and m odd. Theorem 14. [Helleseth-Zinoviev, 2003] Let f ( x ) and g ( x ) be functions from a subset D of F 2 m into F 2 m where m is any positive integer. Define the multisets f ( D ) = { f ( x ) : x ∈ D } , g ( D ) = { g ( x ) : x ∈ D } MMC-2017. Svolvaer-Lofoten, Norway. 38 / 178

On classical Kloosterman sums Identities for Kloosterman sums Theorem 17 Let ℓ be an integer such that p ( x ) given in (2) is a permutation of F 2 m . If f ( D ) = g ( D ) and if for all x ∈ D f ( x ) g ( x ) = ( f ( x ) + g ( x )) 2 ℓ +1 +2 (3) then K ( f ( a )) = K ( g ( a )) for all a ∈ D. MMC-2017. Svolvaer-Lofoten, Norway. 39 / 178

On classical Kloosterman sums Identities for Kloosterman sums Explain shortly the approach used in the paper (Hollmann-Xiang, 2004]. For e ∈ F 2 define � T e = { x ∈ F 2 m | Tr ( x ) = e } and K e ( a, b ) = χ ( ax + b/x ) x ∈ T e For the integer c from { 0 , 1 , . . . , 2 m − 1 } , let c m − 1 · · · c 1 c 0 with digits c i ∈ { 0 , 1 } be its binary expansion. Define its reverse ˆ c = c 1 · · · c m − 1 c 0 (so that ˆ c i = c − i with indices considered modulo m ) and weight m − 1 � w ( c ) = c i . i =0 MMC-2017. Svolvaer-Lofoten, Norway. 40 / 178

On classical Kloosterman sums Identities for Kloosterman sums Given two such numbers c, d , define two polynomials m − 1 � c i x 2 i L c ( x ) = i =0 and � L c,d ( x ) = L c ( x ) + L d (1 /x ) where L c,d (0) = 0 . The polynomial L c,d ( x ) is called a Kloosterman polynomial on F 2 m if w ( d ) is even and L c,d is injective on T 1 (that is, if L c,d ( x ) = L c,d ( y ) , and x, y ∈ T 1 , then x = y ). MMC-2017. Svolvaer-Lofoten, Norway. 41 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities Theorem 15. [Hollmann-Xiang, 2004] Let c, d ∈ { 1 , . . . , 2 m − 1 } with w ( d ) even. If L c,d ( x ) is a Kloosterman polynomial on F 2 m , then K ( L ˆ c ( z ) L ˆ d ( z )) = K (( L ˆ c ( z ) + 1) L ˆ d ( z )) for all z ∈ F 2 m such that L ˆ c ( z ) � = 0 , 1 . MMC-2017. Svolvaer-Lofoten, Norway. 42 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities Theorem 16. [Hollmann-Xiang, 2004] The functions 1 L 1 , 3 ( x ) = x + 1 x + 1 x 2 , 2 L 1 , 6 ( x ) = x + 1 x 2 + 1 x 4 , 3 L 1 , 10 ( x ) = x + 1 x 2 + 1 x 8 , are Kloosterman polynomials on F 2 m for all m , that is, they all map T 1 bijectively to T 1 . MMC-2017. Svolvaer-Lofoten, Norway. 43 / 178

On classical Kloosterman sums Identities for Kloosterman sums Identities Theorem 12 can be reformulated as follows: Theorem 17. [Hollmann-Xiang, 2004] Let a, b ∈ F 2 m . We have that K ( a ) = K ( b ) in the following cases: 1 ( a + b ) 4 = ab, 2 ( a + b ) 6 = ab, 3 ( a + b ) 13 = ab ( a 3 + b 3 ) . MMC-2017. Svolvaer-Lofoten, Norway. 44 / 178

On classical Kloosterman sums Identities for Kloosterman sums identities from modular curves Kojo [K, 2002] using the known results on modulr curves obtained the following two new identities: Theorem 18. [Kojo, 2002] For any a ∈ F 2 m , such that a 2 + a + 1 � = 0 , we have a 7 ( a + 1) a ( a + 1) 7 � � � � (5) K = K ( a 2 + a + 1) 4 ( a 2 + a + 1) 4 � a 13 ( a + 1) � a ( a + 1) 13 � � (6) K = K ( a 2 + a + 1) 4 ( a 2 + a + 1) 4 MMC-2017. Svolvaer-Lofoten, Norway. 45 / 178

On classical Kloosterman sums Identities for Kloosterman sums identities Note that the identity (3) in Theorem 12, i.e. K ( a 8 ( a 4 + a )) = K (( a +1) 8 ( a 4 + a )) , ([ Hollmann − Xiang, 2004]) (4) can be obtained from the identity (1) in Theorem 12 [Lison˘ ek, 2012]. MMC-2017. Svolvaer-Lofoten, Norway. 46 / 178

On classical Kloosterman sums Identities for Kloosterman sums Indeed, the identity (3) can be rewritten in the equivalent form as K ( a 9 ( a 3 + 1)) = K ( a ( a + 1) 9 ( a 2 + a + 1)) . (5) By letting a = b 3 in K ( a 3 ( a + 1)) = K ( a ( a + 1) 3 ) we obtain K ( b 9 ( b 3 + 1)) = K ( b 3 ( b 3 + 1) 3 ) (6) and by letting a = c ( c 2 + c + 1) in K ( a 3 ( a + 1)) = K ( a ( a + 1) 3 ) obtain K ( c 3 ( c 2 + c + 1) 3 ( c + 1) 3 ) = K ( c ( c 2 + c + 1)(( c + 1) 3 ) 3 . (7) The equality (5) now follows by combining (6) and (7) MMC-2017. Svolvaer-Lofoten, Norway. 47 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums; p = 2 Let F = F q , where q = 2 m and let µ ( x ) be a nontrivial additive character of F , i.e. µ ( x ) = ( − 1) Tr ( x ) Define µ ( x + a µ ( x + a � � x ) , K ∗ ( a ) = K ( a ) = x ) , x ∈ F x ∈ F ∗ i.e. K ( a ) = K ∗ ( a ) + 1 for any a ∈ F . MMC-2017. Svolvaer-Lofoten, Norway. 48 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3 . Theorem 19. [Helleseth-Zinoviev, 1999] if m is odd, then for any a ∈ F ∗ K ∗ ( a 3 + a 4 ) ≡ 3 (mod 12); if m is even, then for any a ∈ F ∗  7 (mod 12) if Tr ( a ) = 0 , K ∗ ( a 3 + a 4 ) ≡  11 (mod 12) if Tr ( a ) = 1 ,  Garaschuk and Lisonek [G-L, 2008] proved that for odd m ≥ 3 and any a ∈ F ∗ , the value K ∗ ( a ) is divisible by 3 if and only if a = b 4 + b 3 for some b ∈ F ∗ . MMC-2017. Svolvaer-Lofoten, Norway. 49 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3 . Divisibllity by 3 In [Helleseth-Zinoviev, 1999] we solved the following system of equations, defining the number of codewords of weight 4 in the coset of weight 4 in the Z 4 -linear Goethals codes: x + y + z + u = a u 2 + ( x + y )( z + u ) + xy + zu b 2 = x 3 + y 3 + z 3 + u 3 = c, where x, y, z and u are pairwise distinct elements of F 2 m . MMC-2017. Svolvaer-Lofoten, Norway. 50 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3 . Divisibllity by 3 The number of solutions to this system µ ( a, b, c ) (where a � = 0 , b and c are arbitrary elements of F 2 m ) equals µ ( a, b, c ) = 1 6(2 m + ( − 1) Tr ( b ) ( K ( k 1 k 2 ) − 3) − 8) if Tr ( c ) = 1 and µ ( a, b, c ) = 1 6(2 m − ( − 1) Tr ( b ) ( K ( k 1 k 2 ) + 3) − 2) if Tr ( c ) = 0 . Here k 1 = b 2 + c + 1 and k 2 = b 2 + b + c + √ c . Then k 1 k 2 can be presented as ξ 4 + ξ 3 which gives the statement. MMC-2017. Svolvaer-Lofoten, Norway. 51 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 3 . Divisibllity by 3 In [G-L, 2008] two proofs were presented. One based on connection with elliptic curves and the second one based on counting the coset leaders for the Melas code, i.e. solving the following system of equations over F ∗ 2 m : u + v + w = 1 u + 1 1 v + 1 = r, w where r ∈ F and u, v and w are pairwise dictinct elements of F ∗ . MMC-2017. Svolvaer-Lofoten, Norway. 52 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4 . Divisibllity by 4 It is quite easy to see that for any a ∈ F the Kloosterman sum K ( a ) is divisible by 4 . Recall that the elliptic curve E 2 ( a ) defined by the equation y 2 + xy = x 3 + a ) and the Kloosterman sum K ( a ) over F 2 m with a ∈ F ∗ 2 m are connected as follows [Leonard-Williams, 1972]: | E 2 ( a ) | = 2 m + K ( a ) = 2 m + 1 + K ∗ ( a ) . MMC-2017. Svolvaer-Lofoten, Norway. 53 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4 . Divisibllity by 4 Honda in [H, 1968] (see also, [Waterhouse, 1969] and [Schoof, 1987]) proved that for any s in the range [ − 2 ⌊ m/ 2 ⌋ +1 , 2 ⌊ m/ 2 ⌋ +1 ] , such that s ≡ − 1 (mod 4) , there is a curve E 2 ( a ) (defined by the equation above) with 2 m + 1 + s rational points. This means that when a runs over F the sum K ( a ) takes all possible values in the interval guaranted by the Weil upper bound. MMC-2017. Svolvaer-Lofoten, Norway. 54 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 4 . Divisibllity by 4 Theorem 20. [Lachaud-Wolfmann, 1990] For a given F of the order 2 m , m ≥ 3 , for any integer s ≡ − 1 (mod 4) in the range [ − 2 ⌊ m/ 2 ⌋ +1 , 2 ⌊ m/ 2 ⌋ +1 ] there is an element a ∈ F such that K ∗ ( a ) = s . MMC-2017. Svolvaer-Lofoten, Norway. 55 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8 Divisibllity by 8 Theorem 21. ([van der Geer-van der Vlugt, 1991]; [Helleseth-Zinoviev, 1999]; [Charpen; see[H-Z], 1999]; [Charpen-Helleseth-Zinoviev, 2007]; [Lison˘ ek, 2008]; [G¨ olo˘ glu-McGuire-Moloney, 2011], [Bassalygo-Zinoviev, 2011]) For any m  0 (mod 8) if Tr ( a ) = 0 ,  K ( a ) ≡ 4 (mod 8) if Tr ( a ) = 1 .  MMC-2017. Svolvaer-Lofoten, Norway. 56 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8 Divisibllity by 8 In [H-Z, 1999] we solved the following system of equations over F 2 m (where x, y, z, u are pairwise distinct): x + y + z + u = a z 2 + u 2 + ( x + y )( z + u ) + xy + zu b 2 = x 3 + y 3 + z 3 + u 3 = c. MMC-2017. Svolvaer-Lofoten, Norway. 57 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 8 Divisibllity by 8 The number of solutions to this system µ ( a, b, c ) (where a � = 0 , b and c are arbitrary elements of F 2 m ) equals  ( K ( λ − 4) , if Tr ( λ ) = 1 , µ ( a, b, c ) = 2 m − 2 + 1  4 × ( K ( λ − 8) , if Tr ( λ ) = 0 ,  where λ = b 2 + b + √ c + 1 . MMC-2017. Svolvaer-Lofoten, Norway. 58 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16 Divisibllity by 16 Using the theory of division polynomials for elliptic curves (namely, Lemma 7.4 in [Menezes, 1993]), Lison˘ ek [L, 2008] proved the following result. Theorem 22. [Lison˘ ek, 2008] Let m ≥ 4 and a ∈ F 2 m . Then K ( a ) over F 2 m is divisible by 16 if and only if a = z 2 + z for some z ∈ F 2 m satisfying Tr ( z 3 + z ) = 0 . MMC-2017. Svolvaer-Lofoten, Norway. 59 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16 Divisibllity by 16 Denote by N ′ m the number of solutions ( a, z ) in F 2 m × F 2 m of the system z 2 + z = a, Tr ( z 3 + z ) = 0 , The number 2 N ′ m is equal to the number N ′′ m of solutions ( u, z ) of u 2 + u = z 3 + z in ( F 2 m ) 2 which is known from [Stichtenoth, 1993] (see Ex. VI.1.5, page 191). MMC-2017. Svolvaer-Lofoten, Norway. 60 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Divisibllity by 16 Divisibllity by 16 Theorem 23. [Lison˘ ek-Moisio, 2009] Let m ≥ 4 . The number N m of elements a in F 2 m , for which K ( a ) is divisible by 16 is given by  2 m − 2 if m ≡ 2 , 6 (mod 8) ,     2 m − 2 + 2 m/ 2 − 1  if m ≡ 4 (mod 8) ,      2 m − 2 − 2 m/ 2 − 1 N m = if m ≡ 0 (mod 8) ,   2 m − 2 + 2 ( m +1) / 2 − 2  if m ≡ 1 , 7 (mod 8) ,      2 m − 2 − 2 ( m +1) / 2 − 2  if m ≡ 3 , 5 (mod 8) ,  MMC-2017. Svolvaer-Lofoten, Norway. 61 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 16 Sums modulo 16 Using Stickelberger theorem, G¨ olo˘ glu, McGuire and Moloney [G-M-M, 2011] obtained the following result. For a ∈ F q , q = 2 m , denote the following quadratic sum: a 2 i +2 j . � Q ( a ) = 0 ≤ i<j ≤ m MMC-2017. Svolvaer-Lofoten, Norway. 62 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 16 Sums modulo 16 Theorem 24. glu-McGuire-Moloney, 2011] For a ∈ F q , q = 2 m , [G¨ olo˘  0 (mod 16) if Tr ( a ) = 0 and Q ( a ) = 0 ,       4 (mod 16) if Tr ( a ) = 1 and Q ( a ) = 1 ,  K ( a ) ≡ 8 (mod 16) if Tr ( a ) = 0 and Q ( a ) = 1 ,       12 (mod 16) if Tr ( a ) = 1 and Q ( a ) = 0 .  MMC-2017. Svolvaer-Lofoten, Norway. 63 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 First we define two exponential sums. Let F = F q , q = 2 m . The cubic sums are: µ ( x 3 + b x ) , b ∈ F . � C ( b ) = x ∈ F The inverse cubic sums are: µ ( a � x 3 + ax ) , a ∈ F ∗ . G ( a ) = x ∈ F MMC-2017. Svolvaer-Lofoten, Norway. 64 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 Denote by B the binary BCH code of length n = 2 m , m odd and m ≥ 5 , with minimal distance 8 . Finding the number of words of weight 4 in a coset of weight 4 of B needs to solve the following system of equations over F :  x + y + z + u = a     x 3 + y 3 + z 3 + u 3 (8) = b  x 5 + y 5 + z 5 + u 5  = c   MMC-2017. Svolvaer-Lofoten, Norway. 65 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 Here x, y, z and u are pairwise distinct elements of F and a, b, c ∈ F are fixed. Let µ ( a, b, c ) be the number of different such 4 -tuples ( x, y, z, u ) which are solutions to the system (8). Assume that a � = 0 . Then there are ǫ ∈ { 0 , 1 } and η ∈ F such that µ ( a, b, c ) = µ (1 , ǫ, η ) . To be more precise � b a 5 + b 2 � c b ǫ = Tr and η = a 6 + a 3 a 3 are uniquely defined [Charpin-Helleseth-Zinoviev, 2007]. MMC-2017. Svolvaer-Lofoten, Norway. 66 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 Theorem 25. [Charpin-Helleseth-Zinoviev, 2007] Let µ (1 , ǫ, η ) , ǫ ∈ { 0 , 1 } and η ∈ F , be as defined above. Then the number µ (1 , ǫ, η ) is even and can be expressed as follows: for η � = 1 2 m − 8(1 + ( − 1) ǫ +1 ) + 3 · G ( η + 1) 24 × µ (1 , ǫ, η ) = ( − 1) ǫ +1 · 2 · K ( η + 1) + C (( η + 1) 1 / 3 ) � � + . (9) Furthermore, when η = 1 then µ (1 , ǫ, 1) = 0 . MMC-2017. Svolvaer-Lofoten, Norway. 67 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 Theorem 26. [Charpin-Helleseth-Zinoviev, 2007] Let a be any nonzero element of F of order q = 2 m , where m is odd and m ≥ 5 . Then we have If Tr ( a 1 / 3 ) = 0 then (a) if Tr ( a ) = 0 then K ( a ) ≡ 16 (mod 24) ; (b) if Tr ( a ) = 1 then K ( a ) ≡ 4 (mod 24) . MMC-2017. Svolvaer-Lofoten, Norway. 68 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 When Tr ( a 1 / 3 ) = 1 then there is a unique β such that Tr ( β ) = 0 and a 1 / 3 = β 4 + β + 1 . Hence if Tr ( a ) = 0 then (i) if m = 4 h + 3 then  � 2 if µ ( β 3 ) � 0 (mod 24) = 1 ,   m  K ( a ) ≡ � 2  if µ ( β 3 ) �  8 (mod 24) = − 1 .  m (ii) if m = 4 h + 1 then  � 2 if µ ( β 3 ) � 8 (mod 24) = 1 ,   m  K ( a ) ≡ � 2  if µ ( β 3 ) � 0 (mod 24) = − 1 .   m MMC-2017. Svolvaer-Lofoten, Norway. 69 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 if Tr ( a ) = 1 then (i) if m = 4 h + 3 then  � 2 if µ ( β 3 ) � 12 (mod 24) = 1 ,   m  K ( a ) ≡ � 2  if µ ( β 3 ) � 20 (mod 24) = − 1 .   m (ii) if m = 4 h + 1 then  � 2 if µ ( β 3 ) � 20 (mod 24) = 1 ,   m  K ( a ) ≡ � 2  if µ ( β 3 ) �  12 (mod 24) = − 1 .  m MMC-2017. Svolvaer-Lofoten, Norway. 70 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 � 2 � Here is the Jacobi symbol (also called the quadratic m character), which is a generalization of the Legendre symbol defined for any odd prime p :  1 , if 2 is a square modulo p, � 2 �  = (10) p − 1 , otherwise .  MMC-2017. Svolvaer-Lofoten, Norway. 71 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 The exact expression of the Jacobi symbol can be easily written. For odd m set m = m 1 · · · m s , where s ≥ 1 and each m i is an odd prime. Then � 2 � 2 � 2 � � � = · · · . m m 1 m s Moreover � 2  1 for m ≡ ± 1 (mod 8) , �  = ( − 1) ( m 2 − 1) / 8 = (11) m − 1 for m ≡ ± 3 (mod 8) .  MMC-2017. Svolvaer-Lofoten, Norway. 72 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 There is an interesting consequence of the previous theorem concerning the cases where K ( a ) is zero which can be expressed as follows. Corollary 27. If a ∈ F ∗ is such that K ( a ) = 0 then Tr ( a ) = 0 and Tr ( a 1 / 3 ) = 1 . Moreover, in this case, C ( a 1 / 3 ) > 0 for m = 4 h + 3 and C ( a 1 / 3 ) < 0 for m = 4 h + 1 . MMC-2017. Svolvaer-Lofoten, Norway. 73 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 24 Sums modulo 24 For the even m we described Kloosterman sum K ( a ) over F 2 m modulo 24 solving the same system of equations [Charpin-Helleseth-Zinoviev, 2008]. Moisio also characterized Kloosterman sum K ( a ) over F 2 m sums modulo 24 for even m [M, 2008]. MMC-2017. Svolvaer-Lofoten, Norway. 74 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48 Sums modulo 48 The next result in [G¨ olo˘ glu-McGuire-Moloney, 2011] gives the Kloosterman sums K ( a ) modulo 48 . Recall that Q ( a ) , for a ∈ F q , q = 2 m , denote the following quadratic sum: a 2 i +2 j � Q ( a ) = 0 ≤ i<j ≤ m MMC-2017. Svolvaer-Lofoten, Norway. 75 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48 Sums modulo 48 Theorem 28. Let m ≥ 5 be odd and let a ∈ F ∗ q where q = 2 m . If Tr ( a 1 / 3 ) = 0 then  4 (mod 48) if Tr ( a ) = 1 and Q ( a ) = 1 ,      16 (mod 48) if Tr ( a ) = 0 and Q ( a ) = 0 ,   K ( a ) ≡ 28 (mod 48) if Tr ( a ) = 1 and Q ( a ) = 0 ,       40 (mod 48) if Tr ( a ) = 0 and Q ( a ) = 1 ,  MMC-2017. Svolvaer-Lofoten, Norway. 76 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 48 If Tr ( a 1 / 3 ) = 1 , let β be the unique element satisfying Tr ( β ) = 0 and a 1 / 3 = β 4 + β + 1 . Then K ( a ) equals modulo 48 : m + Tr ( β 3 ) 0 (mod 48) if Tr ( a ) = 0 Q ( a ) = 0 , ≡ 5 , 7 m + Tr ( β 3 ) 8 (mod 48) if Tr ( a ) = 0 Q ( a ) = 1 , ≡ 1 , 3 m + Tr ( β 3 ) 12 (mod 48) if Tr ( a ) = 1 Q ( a ) = 0 , ≡ 5 , 7 m + Tr ( β 3 ) 20 (mod 48) if Tr ( a ) = 1 Q ( a ) = 1 , ≡ 1 , 3 m + Tr ( β 3 ) 24 (mod 48) if Tr ( a ) = 0 Q ( a ) = 1 , ≡ 5 , 7 m + Tr ( β 3 ) 32 (mod 48) if Tr ( a ) = 0 Q ( a ) = 0 , ≡ 1 , 3 m + Tr ( β 3 ) 36 (mod 48) if Tr ( a ) = 1 Q ( a ) = 1 , ≡ 5 , 7 m + Tr ( β 3 ) 44 (mod 48) if Tr ( a ) = 1 Q ( a ) = 0 , ≡ 1 , 3 where the value of the last column is modulo 8 . MMC-2017. Svolvaer-Lofoten, Norway. 77 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Sums modulo 64 There are two different approaches by [G¨ olo˘ glu-McGuire-Moloney, 2011] and [G¨ olo˘ glu-Lison˘ ek-McGuire-Moloney, 2012]. The result in [G¨ olo˘ glu-McGuire-Moloney, 2011] used the Gross-Koblitz formula. For a function f : F q → C and a ∈ F q denote the complex number ˆ f ( a ) , which is the Fourier coefficient of f at a . ˆ � f ( a ) = f ( x ) µ ( ax ) . x ∈ F MMC-2017. Svolvaer-Lofoten, Norway. 78 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Theorem 29. [G¨ olo˘ glu-McGuire-Moloney, 2011] For a ∈ F 2 m , K ( a ) is modulo 64 ˆ 0 (mod 64) if Tr ( a ) ≡ 0 (mod 16) , ˆ 4 (mod 64) if Tr ( a ) ≡ 3 (mod 16) , ˆ 8 (mod 64) if Tr ( a ) ≡ 10 (mod 16) , ˆ 12 (mod 64) if Tr ( a ) ≡ 5 (mod 16) , ˆ 16 (mod 64) if Tr ( a ) ≡ 4 (mod 16) , ˆ 20 (mod 64) if Tr ( a ) ≡ 7 (mod 16) , ˆ 24 (mod 64) if Tr ( a ) ≡ 14 (mod 16) , ˆ 28 (mod 64) if Tr ( a ) ≡ 9 (mod 16) , MMC-2017. Svolvaer-Lofoten, Norway. 79 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Sums modulo 64 ˆ 32 (mod 64) if Tr ( a ) ≡ 8 (mod 16) , ˆ 36 (mod 64) if Tr ( a ) ≡ 11 (mod 16) , ˆ 40 (mod 64) if Tr ( a ) ≡ 2 (mod 16) , ˆ 44 (mod 64) if Tr ( a ) ≡ 13 (mod 16) , ˆ 48 (mod 64) if Tr ( a ) ≡ 12 (mod 16) , ˆ 52 (mod 64) if Tr ( a ) ≡ 15 (mod 16) , ˆ 56 (mod 64) if Tr ( a ) ≡ 6 (mod 16) , ˆ 60 (mod 64) if Tr ( a ) ≡ 1 (mod 16) , MMC-2017. Svolvaer-Lofoten, Norway. 80 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Sums modulo 64 The other approach is based on coefficients of the characteristic polynomial [G¨ olo˘ glu-Lison˘ ek-McGuire-Moloney, 2012]. For a ∈ F q , q = 2 m , consider the characteristic polynomial of a m − 1 � x − a 2 i � = x m + ¯ e 1 x m − 1 + ¯ e 2 x m − 2 + · · · + ¯ � e m . i =0 Let e i ∈ { 0 , 1 } denote ¯ e i viewed as an integer. In this terminology the results for q = 8 and for q = 16 can be presented in the following form. MMC-2017. Svolvaer-Lofoten, Norway. 81 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Sums modulo 64 Theorem 30. [G¨ olo˘ glu-McGuire-Moloney, 2011] Let q ≥ 8 . Then for a ∈ F q K q ( a ) ≡ 4 e 1 (mod 8) Let q ≥ 16 . Then for a ∈ F q K q ( a ) ≡ 12 e 1 + 8 e 2 (mod 16) MMC-2017. Svolvaer-Lofoten, Norway. 82 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 For q ≥ 32 we have Theorem 31. [G¨ olo˘ glu-Lison˘ ek-McGuire-Moloney, 2012] Let q ≥ 32 . Then for a ∈ F q K q ( a ) ≡ 28 e 1 + 8 e 2 + 16( e 1 e 2 + e 1 e 3 + e 4 ) (mod 32) Let q ≥ 64 . Then for a ∈ F q K q ( a ) ≡ 28 e 1 + 40 e 2 + 16( e 1 e 2 + e 1 e 3 + e 4 ) + 32( e 1 ( e 4 + e 5 + e 6 + e 7 ) + e 2 ( e 3 + e 4 + e 6 ) + e 3 e 5 + e 1 e 2 e 3 + e 1 e 2 e 4 + e 8 ) (mod 64) MMC-2017. Svolvaer-Lofoten, Norway. 83 / 178

On classical Kloosterman sums Kloosterman sums; p = 2 Kloosterman sums modulo 64 Sums modulo 64 Similar expressions were obtained in [G¨ olo˘ glu-Lison˘ ek-McGuire-Moloney, 2012] for q ≥ 128 and q ≥ 256 . MMC-2017. Svolvaer-Lofoten, Norway. 84 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves Connection with elliptic curves For a given F q , q = 2 m , and any a ∈ F ∗ q define the elliptic curve E ( a ) (see [Silverman, 1986], [Menezes, 1993], [Enge, 1999] and references there) [Leonard-Williams, 1972], [Lachaud-Wolfmann, 1990], [Lisonek, 2008], [Lisonek-Moisio, 2011]) as followe: E ( a ) = { ( x, y ) ∈ F × F : y 2 + xy + x 3 + a 2 = 0 } . (12) For any element a ∈ F ∗ q denote by X 0 ( a ) the set of elements F q , such that Tr (1 /x + ax ) = 0 : X 0 ( a ) = { x ∈ F ∗ : Tr ( x + a x ) = 0 } . MMC-2017. Svolvaer-Lofoten, Norway. 85 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves By the definition of the Kloosterman sum K ( a ) it follows, for the case p = 2 , that K ( a ) = 2 | X 0 ( a ) | − 2 m , (13) On the other hand, a point ( x, y ) belongs to an (elliptic) curve E ( a ) if and only if Tr ( x + a x ) = 0 . For x � = 0 and Tr ( x + a/x ) = 0 the quadratic equation y 2 + x y + x 3 + a 2 = 0 (14) over y has exactly two different solutions y 0 and y 0 + x . MMC-2017. Svolvaer-Lofoten, Norway. 86 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves Connection with elliptic curves Hence the number of F -rational points of the curve E ( a ) is equal to | E ( a ) | = 2 | X 0 ( a ) | . (15) Thus we arrive to the following result for the case p = 2 (which we already formulated above). MMC-2017. Svolvaer-Lofoten, Norway. 87 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves Connection with elliptic curves Theorem 32. [Leonard-Williams, 1972] Let a ∈ F ∗ 2 m and let E 2 ( a ) be the elliptic curve over F 2 m , defined by E 2 ( a ) = { ( x, y ) ∈ F × F : y 2 + xy + x 3 + a 2 = 0 } . Then the number | E ( a ) | of F 2 m -rational points of E ( a ) equals | E 2 ( a ) | = 2 m + K ( a ) . MMC-2017. Svolvaer-Lofoten, Norway. 88 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves Connection with elliptic curves For the case of p = 3 the corresponding result looks as follows. Theorem 33. q , q = 3 m and let e,1989], (Moisio, 2008] Let a ∈ F ∗ [Katz-Livn´ E 3 ( a ) be the elliptic curve over F q , defined by y 2 = x 3 + x 2 − a. E 3 ( a ) : Then the number | E 3 ( a ) | of F q -rational points of E ( a ) equals | E 3 ( a ) | = 3 m + K ( a ) . MMC-2017. Svolvaer-Lofoten, Norway. 89 / 178

On classical Kloosterman sums On Kloosterman sums and elliptic curves Connection with elliptic curves From these results we have the following important statement Theorem 34. p m . Then p k divides [Lisonek, 2008] Let p ∈ { 2 , 3 } and let a ∈ F ∗ K ( a ) if and only if there exists a point of order p k on E p ( a ) , where the elliptic curves E 2 ( a ) and E 3 ( a ) are defined by Theorems 32 and 33 respectively. MMC-2017. Svolvaer-Lofoten, Norway. 90 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k As we know a Kloosterman sum K ( a ) is divisible by 2 k , if and only if the number of points of the curve E ( a ) is divisible by 2 k . In [Lisonek, 2008] it was shown, that | E ( a ) | is divisible by 2 k , if and only if the group E ( a ) contains an element of order 2 k . Now recall the following result from [Menezes, 1993] (namely, Lemma 7.4). MMC-2017. Svolvaer-Lofoten, Norway. 91 / 178

On classical Kloosterman sums Divisibllity by 2 k Lemma 35. [Menezes, 1993] A point ( x, y ) ∈ E ( a ) has the order 2 k , if and only if its x -th coordinate is a root of the polynomial g k − 1 ( x ) , where polynomials g i = g i ( x ) are defined by the following recurrent relation: g 0 = x, g 1 = x + b 1 , · · · · · · · · · (16) i − 2 g 2 � ( g j ) 2 , g i = i − 1 + b i x i ≥ 2 , j =1 MMC-2017. Svolvaer-Lofoten, Norway. 92 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k Here b 2 i i = a for i ≥ 1 . (17) We set by definition that 0 � = 1 . j =1 MMC-2017. Svolvaer-Lofoten, Norway. 93 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k In [Bassalygo-Zinoviev, 2011, 2013] we suggested the other sequence of rational functions f i , which are easily constructed and which permit a simple description of polynomials g i through functions f i : f 0 = x, f 0 + b 0 f 1 = , f 0 · · · · · · · · · (18) f i − 1 + b i − 1 f i = , f i − 1 MMC-2017. Svolvaer-Lofoten, Norway. 94 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k where b i − 1 = b 2 for i ≥ 1 and b 0 = a (19) i (in (17) and (19) the values b i are the same for i ≥ 1 ). MMC-2017. Svolvaer-Lofoten, Norway. 95 / 178

On classical Kloosterman sums Divisibllity by 2 k Lemma 36. [Bassalygo-Zinoviev, 2011, 2013] For any i ≥ 1 the following equality is valid : � g i i − 1 � 2 f 2 i − 1 − r � = f i . (20) r x 2 i − 2 r =1 From Lemma 36 it follows, that the zeroes of f i and g i coincide (here under a zero of the rational function f i , f i = f i − 1 + b i − 1 , f i − 1 we mean naturally the element x ∈ F , such that f i ( x ) = 0 , but f i − 1 ( x ) � = 0) . MMC-2017. Svolvaer-Lofoten, Norway. 96 / 178

On classical Kloosterman sums Divisibllity by 2 k Next, for a ∈ F ∗ define a sequence x 0 , x 1 , . . . , x t − 1 of elements of F by the following recurrent relation:  x 0 = 0 ,  (21) i +1 + √ x i x i +1 + a x 2 = 0 , i = 0 , . . . , t − 2 .  Lemma 37. [Bassalygo-Zinoviev, 2011, 2013] Let f i ( x ) be defined in accordance with (18) and let x 0 , x 1 , . . . , x t − 1 be a sequence of elements of F , obtained according to (21). Then x i is a zero of f i ( x ) , i.e. f i ( x i ) = 0 , i = 0 , 1 , . . . , t − 1 . MMC-2017. Svolvaer-Lofoten, Norway. 97 / 178

On classical Kloosterman sums Divisibllity by 2 k It is obvious that for a given a , there exist many sequences x 0 , x 1 , . . . , x t − 1 , which satisfy (21), so that all of them generate the zeros of functions f i , i ≤ t − 1 . In this way we arrive to the following result. Theorem 38. [Bassalygo-Zinoviev, 2011, 2013] Let a ∈ F ∗ and let the sequence of elements x 0 , x 1 , . . . , x k − 1 be constructed according to the recurrent relation (21), where k is the smallest natural number, such that Tr ( x k − 1 ) = 1 . Then the Kloosterman sum K ( a ) is divisible by 2 k and not divisible by 2 k +1 . MMC-2017. Svolvaer-Lofoten, Norway. 98 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k The algorithm of finding of the largest divisor of the type 2 k of a Kloosterman sum K ( a ) , suggested in Theorem 38, consists on the consequent solution of a quadratic equation in the field F of order 2 m (the number of quadratic equations, needed to solve, is equal to k − 2 ). It is possible to give another algorithm to find this divisor 2 k , which does not require solving the quadratic equations, but only consequent implementation of arithmetic operations in F . MMC-2017. Svolvaer-Lofoten, Norway. 99 / 178

On classical Kloosterman sums Divisibllity by 2 k Divisibllity by 2 k Let a ∈ F ∗ be an arbitrary element and let u 1 , u 2 , . . . , u ℓ be a sequence of elements of F , constructed according to the following recurrent relation: i + a 2 u i +1 = u 2 , (22) u 2 i where u 1 is any nonzero element of F , such that Tr ( u 1 + a Tr ( u 1 ) = 1 , ) = 0 . (23) u 1 MMC-2017. Svolvaer-Lofoten, Norway. 100 / 178