A note on the paper arXiv:2112.14547

1. Introduction

A polynomial $f (X) \in F_{q} [X]$ is called a permutation polynomial if the function $c \mapsto f (c)$ permutes $F_{q}$ . The recent paper [2] purports to provide new classes of permutation polynomials, and to resolve three conjectures from the literature. Here we show that the permutation polynomials in that paper are in fact well-known, and that the conjectures had been resolved previously.¹¹1Shortly after [2] appeared on the arXiv, I emailed the content of this note to the third and fifth authors of that paper (I was not able to find email addresses for the other authors), and suggested that [2] should be revised in light of the content of this note. Since I did not receive a reply, and no new version of [2] has been posted, I am posting this note now, in order to help members of the permutation polynomials community avoid spending further time and effort on rediscovering known results. We also give a new proof of the main result of [2], which is significantly simpler and more direct than all previous proofs, and which demonstrates the general method of producing permutation polynomials that was introduced in [11].

The main result of [2] is as follows.

Theorem 1.1.

Let $k, ℓ, m$ be positive integers with $ℓ \neq m$ , and write $q := 2^{k}$ , $Q := 2^{ℓ}$ , and $R := 2^{m}$ . Let $u$ be an integer, and let $d_{1}, d_{2}, d_{3}$ be positive integers such that

	$d_{1}$	$\equiv Q - R + u (q + 1) (mod q^{2} - 1)$
	$d_{2}$	$\equiv Q + R + (u - R) (q + 1) (mod q^{2} - 1)$
	$d_{3}$	$\equiv - (Q + R) + (u + Q) (q + 1) (mod q^{2} - 1) .$

If $gcd (d_{1}, q^{2} - 1) = 1$ then $f (X) := X^{d_{1}} + X^{d_{2}} + X^{d_{3}}$ permutes $F_{q^{2}}$ .

Remark.

The above statement includes all permutation polynomials that can be inferred from any interpretation of [2, Thm. 3.1]. The statement of the latter result does not require the $d_{i}$ to be positive, and does not say that its expressions for the $d_{i}$ ’s should be interpreted as congruences mod ( $q^{2} - 1$ ). However, we assume that the authors of [2] intended to state their result as above. The positivity condition is needed in order to make their result be true (and indeed, negative $d_{i}$ ’s would not yield polynomials), and after imposing positivity then the congruences becomes natural, since such congruences do not affect whether $f (X)$ permutes $F_{q^{2}}$ .

We will use the following definition.

Definition 1.2.

We say that polynomials $f, g \in F_{q} [X]$ are multiplicatively equivalent if $f (X) \equiv α g (β X^{n}) (mod X^{q} - X)$ for some $α, β \in F_{q}^{*}$ and some positive integer $n$ such that $gcd (n, q - 1)$ .

The following properties of multiplicative equivalence are immediate:

Multiplicative equivalence is an equivalence relation on $F_{q} [X]$ .
If $f, g \in F_{q} [X]$ are multiplicatively equivalent then $f (X)$ permutes $F_{q}$ if and only if $g (X)$ permutes $F_{q}$ .
If $f (X)$ and $g (X)$ are multiplicatively equivalent and $deg (f) < q$ then $f (X)$ has at most as many terms as does $g (X)$ .

In light of the above properties, multiplicative equivalence is a natural equivalence relation to use when deciding whether one permutation polynomial with few terms is essentially the same as another.

Remark.

What we call multiplicative equivalence has been called “quasi-multiplicative equivalence” in previous papers. The term “multiplicative equivalence” has been defined previously to mean two different things, neither of which is equivalent to the above definition. However, we suggest that the above definition should be used in the future, for the betterment of the subject – for instance, the use of the previous definitions has led authors to spend time and effort producing permutation polynomials that could have been obtained immediately from previously known permutation polynomials by composing with $β X$ .

We will show that the permutation polynomials in Theorem 1.1 have appeared in the following previous results (listed according to the order in which the relevant papers were posted in the public domain):

Some instances of the permutation polynomials in Theorem 1.1 are special cases of the much more general classes of permutation polynomials in [11, Thm. 1.1 and 1.2]; however, the paper [11] does not draw attention to the relevant special cases.
If $ℓ$
is odd and
$m$ is even then every permutation polynomial in Theorem 1.1 appears in one of [7, Cor. 3.8, 3.9, 3.12, and 3.13]. If $ℓ$ is even and $m$ is odd then every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in one of [7, Cor. 3.8, 3.9, 3.12, and 3.13].
Every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in [4, Thm. 1].
Every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in [1, Thm. 4.2].
Every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in [8, Thm. 3.2].
If $k$ is odd and $gcd (2 k, ℓ - m) = 1$ then every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in [5, Thm. 1].
Every permutation polynomial in Theorem 1.1 is multiplicatively equivalent to a permutation polynomial in [9, Thm. 1.1].

In addition, [2] purports to be the first paper to resolve three conjectures. We note that those conjectures were proved previously. Specifically, the two conjectures from [6] were first resolved as parts (a) and (b) of [11, Cor. 1.4], and Conjecture 2 of [3] was first resolved in [7, Thm. 4.2].

In the next section we give a very short and simple proof of Theorem 1.1, based on the arguments in [11], which pinpoints the key reason why $f (X)$ permutes $F_{q^{2}}$ . This proof avoids the non-conceptual computations occurring in all previous proofs of Theorem 1.1. It turns out that the same approach can be used to deduce all the results mentioned above, in addition to dozens of other results from the literature and arbitrarily many as-yet unpublished results. We encourage readers interested in permutation polynomials to look into [11], so that they can focus their attention and time on producing results which do not follow immediately from the arguments in that paper. We conclude this note in Section 3 by explaining how Theorem 1.1 connects with previous results.

2. Proof of Theorem 1.1

In this section we give a new proof of Theorem 1.1. We write $μ_{q + 1}$ for the set of $(q + 1)$ -th roots of unity in $F_{q^{2}}$ , and if $A (X) \in F_{q^{2}} [X]$ then we write $A^{(q)} (X)$ for the polynomial obtained from $A (X)$ by raising all coefficients to the $q$ -th power. We first restate the condition for certain polynomials to permute $F_{q^{2}}$ in terms of whether an associated polynomial permutes $μ_{q + 1}$ , via the following special case of an easy and much-used lemma from [10].

Lemma 2.1.

Write $f (X) := X^{r} A (X^{q - 1})$ where $r$ is a positive integer, $q$ is a prime power, and $A (X) \in F_{q^{2}} [X]$ . Then $f (X)$ permutes $F_{q^{2}}$ if and only if $gcd (r, q - 1) = 1$ and $g_{0} (X) := X^{r} A (X)^{q - 1}$ permutes $μ_{q + 1}$ .

We next translate the condition that $g_{0} (X)$ permutes $μ_{q + 1}$ into the condition that an associated rational function $g (X)$ permutes $μ_{q + 1}$ , where typically $g (X)$ has much lower degree than does $g_{0} (X)$ . We do this in the following trivial lemma, which encodes a procedure introduced in [11].

Lemma 2.2.

Write $g_{0} (X) := X^{r} A (X)^{q - 1}$ where $r$ is an integer, $q$ is a prime power, and $A (X) \in F_{q^{2}} [X]$ . Then $g_{0} (X)$ maps $μ_{q + 1}$ into $μ_{q + 1} \cup {0}$ , and if $A (X)$ has no roots in $μ_{q + 1}$ then $g_{0} (X)$ induces the same function on $μ_{q + 1}$ as does $g (X) := X^{s} A^{(q)} (1 / X) / A (X)$ for any integer $s$ with $s \equiv r (mod q + 1)$ . In particular, $g_{0} (X)$ permutes $μ_{q + 1}$ if and only if $g (X)$ permutes $μ_{q + 1}$ and $A (X)$ has no roots in $μ_{q + 1}$ .

A key ingredient in [11] is degree-one rational functions which map $μ_{q + 1}$ to either $μ_{q + 1}$ or $P^{1} (F_{q}) := F_{q} \cup {\infty}$ . In this note we use

ρ (X) := \frac{X + ω}{ω X + 1}

where $ω$ is a prescribed order- $3$ element of $F_{q^{2}}^{*}$ , with $q$ being a power of $2$ . The following result is a special case of [11, Lemmas 2.1 and 3.1], and also is easy to verify directly.

Lemma 2.3.

Let $q := 2^{k}$ where $k > 0$ . If $k$ is even then $ρ (X)$ permutes $μ_{q + 1}$ , and if $k$ is odd then $ρ (X)$ interchanges $μ_{q + 1}$ and $P^{1} (F_{q})$ .

Pick any nonconstant $h (X) \in F t o 0.0 p t {$ ¯ ¯ ¯ $}_{q} (X)$ . In light of Lemma 2.3, if $k$ is even then $ρ \circ h \circ ρ$ permutes $μ_{q + 1}$ if and only if $h (X)$ permutes $μ_{q + 1}$ , and if $k$ is odd then $ρ \circ h \circ ρ$ permutes $μ_{q + 1}$ if and only if $h (X)$ permutes $P^{1} (F_{q})$ . We will show that the permutation polynomials $f (X)$ in Theorem 1.1 correspond to rational functions $g (X)$ permuting $μ_{q + 1}$ (via Lemmas 2.1 and 2.2) where $g (X) = X^{i} \circ ρ \circ X^{R + j Q} \circ ρ$ with $i, j \in {1, - 1}$ . The following result presents these compositions in the cases we need; it can be verified by a routine computation.

Lemma 2.4.

Let $k, ℓ, m$ be positive integers with $ℓ \neq m$ , and write $q := 2^{k}$ , $Q := 2^{ℓ}$ , and $R := 2^{m}$ . Then

X^{(- 1)^{m}} \circ \frac{X^{Q + R} + X^{Q} + 1}{X^{Q + R} + X^{R} + 1} = {\begin{matrix} ρ \circ X^{R - Q} \circ ρ & if ℓ \equiv m (mod 2) ρ \circ X^{R + Q} \circ ρ & if ℓ \equiv̸ m (mod 2) . \end{matrix}

Now we prove Theorem 1.1.

Proof of Theorem 1.1.

Note that $d_{1} \equiv d_{2} + R (q - 1) (mod q^{2} - 1)$ and $d_{3} \equiv d_{2} + (Q + R) (q - 1) (mod q^{2} - 1)$ . Thus $d_{2} \equiv d_{1} (mod q - 1)$ , so the hypothesis $gcd (d_{1}, q - 1) = 1$ implies that $gcd (d_{2}, q - 1) = 1$ . By Lemma 2.1 and Lemma 2.2, it suffices to show that $A (X) := X^{R} + 1 + X^{Q + R}$ has no roots in $μ_{q + 1}$ and $g (X)$ permutes $μ_{q + 1}$ , where

g (X) := X^{Q + R} \frac{A^{(q)} (1 / X)}{A (X)} = \frac{X^{Q + R} + X^{Q} + 1}{X^{Q + R} + X^{R} + 1} .

We first show that $A (X)$ has no roots in $μ_{q + 1}$ . Suppose to the contrary that $α \in μ_{q + 1}$ satisfies $A (α) = 0$ . Then also

0 = α^{Q + R} A (α)^{q} = α^{Q + R} A (α^{q}) = α^{Q + R} A (\frac{1}{α}) = α^{Q} + α^{Q + R} + 1.

Thus $0 = A (α) + α^{Q + R} A (α)^{q} = α^{R} + α^{Q}$ , so $α^{Q - R} = 1$ . Since $gcd (Q - R, q + 1) = 1$ , it follows that $α = 1$ ; but plainly $A (1) = 1 \neq 0$ , contradiction.

It remains to show that $g (X)$ permutes $μ_{q + 1}$ . First suppose $ℓ \equiv m (mod 2)$ . Then the hypothesis $gcd (Q - R, q + 1) = 1$ implies that $k$ is even, so that $X^{R - Q}$ permutes $μ_{q + 1}$ and also $ρ (X)$ permutes $μ_{q + 1}$ by Lemma 2.3. Thus Lemma 2.4 implies that $g (X)$ permutes $μ_{q + 1}$

Now suppose $ℓ \equiv̸ m (mod 2)$ . If $k$ is odd then $ρ (X)$ interchanges $μ_{q + 1}$ and $P^{1} (F_{q})$ , and we have $gcd (Q + R, q - 1) = 1$ so that $X^{Q + R}$ permutes $P^{1} (F_{q})$ , whence $g (X)$ permutes $μ_{q + 1}$ by Lemma 2.4. Finally, if $k$ is even then $ρ (X)$ permutes $μ_{q + 1}$ , and since $k \equiv̸ ℓ - m (mod 2)$ we have $gcd (Q + R, q + 1) = 1$ , so that $X^{Q + R}$ permutes $μ_{q + 1}$ , whence again $g (X)$ permutes $μ_{q + 1}$ . ∎

Remark.

The method used in the above proof can be used to produce enormous collections of permutation polynomials over $F_{q^{2}}$ , for any prime power $q$ . One can start with any rational function $h (X) \in F_{q} (X)$ which permutes $P^{1} (F_{q})$ , and any degree-one $ρ, η \in F_{q^{2}} (X)$ such that $ρ (μ_{q + 1}) = P^{1} (F_{q})$ and $η (P^{1} (F_{q})) = μ_{q + 1}$ , in order to obtain a rational function $g (X) := η \circ h \circ ρ$ which permutes $μ_{q + 1}$ . It turns out that $g (X)$ can always be written in infinitely many ways as $X^{s} A^{(q)} (1 / X) / A (X)$ where $s \in Z$ and $A (X) \in F_{q^{2}} [X]$ has no roots in $μ_{q + 1}$ . If either $q$ is even or $s$ is odd then there exist positive integers $r$ such that $r \equiv s (mod q + 1)$ and $gcd (r, q - 1) = 1$ , so that $X^{r} A (X^{q - 1})$ permutes $F_{q^{2}}$ . By applying this procedure to the most well-known permutation rational functions over $F_{q}$ , and using certain choices of $ρ (X)$ , $η (X)$ , and $A (X)$ , one obtains huge classes of permutation polynomials over $F_{q^{2}}$ which include as very special cases essentially all known permutation polynomials of the form $X^{r} B (X^{q - 1})$ . We will elaborate on this remark in forthcoming joint papers with Zhiguo Ding.

3. Connection with previous results

In this section we explain the connection between Theorem 1.1 and previous results. The combination of [7, Cor. 3.8, 3.9, 3.12, and 3.13] is as follows.

Proposition 3.1.

Let $k, s, t, r$ be positive integers with $s$ odd and $t$ even, and write $q := 2^{k}$ , $S := 2^{s}$ , and $T := 2^{t}$ . If $r \equiv S + T (mod q + 1)$ then

g (X) := X^{r} (X^{(S + T) (q - 1)} + X^{T (q - 1)} + 1)

permutes $F_{q^{2}}$ if and only if $gcd (r, q - 1) = 1$ .

This implies Theorem 1.1 in case $ℓ$ is odd and $m$ is even, since if we put $s := ℓ$ , $t := m$ , and $r := d_{2}$ then the polynomial $g (X)$ in Proposition 3.1 is congruent mod $X^{q^{2}} - X$ to the polynomial $f (X)$ in Theorem 1.1. Next suppose that $ℓ$ is even and $m$ is odd, and put $s := m$ , $t := ℓ$ , and $r \equiv - d_{3} - (Q + R) (q - 1) (mod q^{2} - 1)$ . Then one can check that the polynomials $g (X)$ from Proposition 3.1 and $f (X)$ from Theorem 1.1 satisfy

f (X) \equiv g (X^{q^{2} - 2}) (mod X^{q^{2}} - X),

so that $f (X)$ and $g (X)$ are multiplicatively equivalent.

Theorem 1 of [4] is as follows:

Proposition 3.2.

Let $k$ and $n$ be positive integers, and write $q := 2^{k}$ and $T := 2^{n}$ . Suppose that $gcd (T - 1, q + 1) = 1$ , and let $r$ and $s$ be positive integers such that $r (T - 1) \equiv T (mod q + 1)$ and $s (T - 1) \equiv - 1 (mod q + 1)$ . Then $g (X) := X + X^{1 + r (q - 1)} + X^{1 + s (q - 1)}$ permutes $F_{q^{2}}$ .

Remark.

The statement of [4, Thm. 1] has the additional hypothesis $n < k$ , but that hypothesis is not used in the proof of that result.

We now show that all the permutation polynomials in Theorem 1.1 are multiplicatively equivalent to permutation polynomials in Proposition 3.2. Assume the hypotheses of Theorem 1.1. Replace $ℓ$ by $ℓ + 2 k i$ for a positive integer $i$ which is large enough so that $Q > R$ ; note that this replacement does not change the congruence class of $Q$ mod $(q^{2} - 1)$ , and hence does not affect the truth of the hypotheses or conclusion of Theorem 1.1, while also not affecting the multiplicative equivalence class of the permutation polynomial $f (X)$ in Theorem 1.1. Write $n := ℓ - m$ and $T := 2^{n}$ , so that the hypotheses of Theorem 1.1 imply that $gcd (T - 1, q + 1) = 1$ . Writing $v := d_{1}$ , we see that the polynomial $g (X)$ in Proposition 3.2 satisfies

g (X^{v}) = X^{v} + X^{v + r v (q - 1)} + X^{v + s v (q - 1)} .

Since $v \equiv Q - R (mod q + 1)$ , we have

	$r v (q - 1)$	$\equiv r (Q - R) (q - 1) (mod q^{2} - 1)$
		$= r (T - 1) R (q - 1)$
		$\equiv T R (q - 1) (mod q^{2} - 1)$
		$= Q (q - 1),$

and likewise

s v (q - 1) \equiv - R (q - 1) (mod q^{2} - 1) .

It follows that the polynomial $f (X)$ in Theorem 1.1 satisfies

g (X^{v}) \equiv f (X) (mod X^{q^{2}} - X),

so that $f (X)$ and $g (X)$ are multiplicatively equivalent.

Each of the results [1, Thm. 4.2], [8, Thm. 3.2], and [9, Thm. 1.1] generalizes [4, Thm. 1], and hence includes special cases that are multiplicatively equivalent to each of the permutation polynomials in Theorem 1.1. If $k$ is odd and $gcd (2 k, ℓ - m) = 1$ then the same is true of [5, Thm. 1].

References

[1] D. Bartoli and L. Quoos, Permutation polynomials of the type $x^{r} g (x^{s})$ over $F_{q^{2 n}}$ , Des. Codes Cryptogr. 86 (2018), 1589–1599.
[2] H. Guo, S. Wang, H. Song, X. Zhang, and J. Liu, A new method of construction of permutation trinomials with coefficients $1$ , arXiv:2112.14547v1, 29 Dec 2021.
[3] R. Gupta and R. K. Sharma, Some new classes of permutation trinomials over finite fields with even characteristic, Finite Fields Appl. 41 (2016), 89–96.
[4] N. Li and T. Helleseth, New permutation trinomials from Niho exponents over finite fields with even characteristic, Cryptogr. Commun. 11 (2019), 129–136.
[5] N. Li, M. Xiong, and X. Zeng, On permutation quadrinomials and 4-uniform BCT, IEEE Trans. Inf. Theory 67 (2021), 4845–4855.
[6] T. Tu, X. Zeng, L. Hu, and C. Li, A class of binomial permutation polynomials, arXiv:1310.0337v1, 28 Sep 2013.
[7] D. Wu, P. Yuan, C. Ding, and Y. Ma, Permutation trinomials over $F_{2^{m}}$ , Finite Fields Appl. 46 (2017), 38–56.
[8] L. Zheng, H. Kan, and J. Peng, Two classes of permutation trinomials with Niho exponents over finite fields with even characteristic, Finite Fields Appl. 68 (2020), 101754, 14 pp.
[9] L. Zheng, B. Liu, H. Kan, J. Peng, D. Tang, More classes of permutation quadrinomials from Niho exponents in characteristic two, Finite Fields Appl. 78 (2022), Paper No. 101962, 22 pp.
[10] M. E. Zieve, Some families of permutation polynomials over finite fields, Int. J. Number Theory 4 (2008), 851–857.
[11] M. E. Zieve, Permutation polynomials on $F_{q}$ induced from Rédei function bijections on subgroups of $F_{q}^{*}$ , arXiv:1310.0776v2, 7 Oct 2013.

A note on the paper arXiv:2112.14547

Authors

Permutation polynomials and complete permutation polynomials over F_q^3

New Results about the Boomerang Uniformity of Permutation Polynomials

A New Method of Construction of Permutation Trinomials with Coefficients 1

A Recursive Construction of Permutation Polynomials over F_q^2 with Odd Characteristic from Rédei Functions

A general cipher for individual data anonymization

C-OPH: Improving the Accuracy of One Permutation Hashing (OPH) with Circulant Permutations

C-MinHash: Practically Reducing Two Permutations to Just One

1. Introduction

Theorem 1.1.

Remark.

Definition 1.2.

Remark.

2. Proof of Theorem 1.1

Lemma 2.1.

Lemma 2.2.

Lemma 2.3.

Lemma 2.4.

Proof of Theorem 1.1.

Remark.

3. Connection with previous results

Proposition 3.1.

Proposition 3.2.

Remark.

References

A note on the paper arXiv:2112.14547

Authors

Related Research

Permutation polynomials and complete permutation polynomials over F_q^3

New Results about the Boomerang Uniformity of Permutation Polynomials

A New Method of Construction of Permutation Trinomials with Coefficients 1

A Recursive Construction of Permutation Polynomials over F_q^2 with Odd Characteristic from Rédei Functions

A general cipher for individual data anonymization

C-OPH: Improving the Accuracy of One Permutation Hashing (OPH) with Circulant Permutations

C-MinHash: Practically Reducing Two Permutations to Just One

This week in AI

1. Introduction

Theorem 1.1.

Remark.

Definition 1.2.

Remark.

2. Proof of Theorem 1.1

Lemma 2.1.

Lemma 2.2.

Lemma 2.3.

Lemma 2.4.

Proof of Theorem 1.1.

Remark.

3. Connection with previous results

Proposition 3.1.

Proposition 3.2.

Remark.

References