Graphs associated with the map X\mapsto X+X^{-1}

Graphs associated with the map
in finite fields of characteristic two

S. Ugolini sugolini@gmail.com
August 30, 2011
Abstract.

In this paper we study the structure of the graphs associated with the iterations of the map over finite fields of characteristic two. Formulas are given for the length of the cycles and the depth of the trees relying upon the structure of the group of the rational points of Koblitz curves and the congruences of Kloosterman sums modulo powers of 2.

1. Introduction

The map which sends to in a finite field (with a point added to it) plays a role in various investigations. The so-called -transform depends on it, as it takes a polynomial of degree to the self-reciprocal polynomial of degree (see [Jun93]). Also, the possible correlation between the multiplicative orders of and was studied in [Shp01].

Iteration of maps on finite fields are also important. For example, Pollard’s integer factoring algorithm is based on the iteration of a quadratic map , where is a randomly-chosen constant and is the integer to be factored. See [TV04] for one of several studies on iterations of maps of this form in a finite field.

Our work focuses on iterations of the map on the projective line , where is a finite field of characteristic 2. A directed graph on is associated with the map in an obvious way. Each connected component consists of a cycle and directed binary trees entering the cycle at various points.

Experimental evidence has shown that such graphs present remarkable symmetries. In fact, it turns out that the map is closely related to the duplication map on a certain elliptic curve on , the Koblitz curve over . Using this fact we give a precise description of the structure of such graphs, including the length of the cycles and the depth of the trees.

2. Preliminaries

For a fixed positive integer let be the field with elements and the projective line over . We define a map over in such a way:

We can associate a graph with the map over the field in a natural way. The vertices of the graph are labelled by the elements of . If and , then we connect with a directed edge the vertex with the vertex . If and , for some positive integer , then belongs to a cycle of length or a divisor of . An element belonging to a cycle can be the root of a reverse-directed tree, provided that , for some which is not contained in any cycle.

Example 2.1.

Consider the graph associated with the map in the field , constructed as the splitting field over of the polynomial . If is a root of such a polynomial in , then . We will label the nodes denoting the elements by the exponent and the zero element by ‘0’.



‘0’

In the following we will denote the absolute trace of an element by , namely

Since , the set of points belonging to the projective line can be partitioned in the subsets

The following holds.

Lemma 2.2.

If is an element of , then

Proof.

We compute explicitly the trace of :

Remark 2.3.

As a consequence of previous Lemma, if one considers the restrictions and of at (respectively ), then and . This amounts to saying that the graph associated with the map in the field is the union of the graphs associated with the maps over and on .

The map is strictly related to the duplication map defined over Koblitz curves. We remind that a Koblitz curve is an elliptic curve defined over by an equation of the form

where . In particular, for we get the curve defined by

If , namely is a rational point of over the field , then , where

Moreover, if , then .

The following result holds (see [LW90]).

Lemma 2.4.

Let . Then, if and only if there exists such that .

We make immediately use of the Lemma above, proving the following.

Lemma 2.5.

Let . Then, there exists such that if and only if or .

Proof.

Let such that . If , then

Since and , then .

Conversely, if , then . If and , then the equation

has two solutions . Let , for or . Since

we get that and we are done. ∎

If is an element of , then we can define the Kloosterman sum

The values of the Kloosterman sums for are strictly related to the number of rational points of over (see [LW90] for more details). We have that

In [Car69] some relations for are given. It is proved that

(2.1)

Moreover

(2.2)

where

As a consequence of (2.2) the following relation between and holds:

(2.3)

Using (2.3) it is possible to generalize (2.1).

Lemma 2.6.

Let be a positive integer greater than 1 such that , for some non-negative integer and odd integer . Then

Proof.

Let . We prove the thesis by induction on .

Let . In this case is odd and the thesis follows from (2.1).

Suppose that the thesis holds for some non-negative integer . Let . For the sake of clarity denote . Then,

being . As regards the second congruence, since , then . Hence,

Now we deal with the case , where .

When , namely , the Kloosterman sum . Hence we are done. Suppose that the thesis holds for some integer greater than or equal to 3. Let , where . Then,

since for .

The second congruence holds too, since

3. The structure of the group of the rational points of an elliptic curve over a finite field

In this Section we will briefly recall some results concerning the number of rational points and the structure of the group of rational points of an elliptic curve defined over a finite field of arbitrary characteristic. More details can be found for example in [Rüc87] or [Wit01].

If is an elliptic curve defined over a finite field of characteristic , then the structure of the group of the rational points of over is strictly related to the ring of the endomorphisms of over . Among all the endomorphisms, the Frobenius endomorphism plays a special role, as we will see later. It maps a point of to . Note in passing that the ring of integers can be viewed as a subring of .

The following Theorem holds.

Theorem 3.1.

Let be an elliptic curve defined over a finite field and the number of rational points of over . Then,

where is an integer with . Moreover, if , then is an imaginary quadratic field over and all the orders in are possible endomorphism rings of over .

We remind that an order in a number field is a subring of such that is its quotient field, and the additive group of is finitely generated.

The structure of the group of rational points over of an elliptic curve defined over a finite field such that is as follows.

Theorem 3.2.

Let be an elliptic curve defined over , and the field with elements. If , then there is an isomorphism

of -modules.

Theorem 3.3.

In the same hypotheses of Theorem 3.2, if and , then and is an order in .

The proof of Theorem 3.3, which can be found in [Wit01], yields a representation of the -Frobenius endomorphism as an element of , namely

(3.1)

Consider now the Koblitz curve . The number of rational points of over is . Hence the representation of the Frobenius endomorphism as an element of is

We remind that the ring of integers of , which is also its unique maximal order, is , where

In particular we can write . Since is an order in and contains , then . Therefore and the group of rational points of over is isomorphic to . The ring is euclidean with respect to the norm . In particular , namely

(3.2)

where is the duplication map, seen as an endomorphism of .

If and , then . Therefore, if , then .

We have obtained that the conjugated of the Frobenius endomorphism takes the -coordinate of a point to . Relying upon this consideration we can study the structure of the graph associated with the map over a finite field of characteristic two.

4. The structure of the graphs

In this Section we will describe the structure of the graphs associated with the map . We define the orbit of an element , under the action of the map , as the set

The point is said to be periodic if , for some positive integer . The smallest such is called the period of .

The following holds.

Lemma 4.1.

Let and . Denote by the point at infinity of . Then,

Proof.

Suppose that . Then, and . Hence, . If and , then , as a consequence of Lemma 2.5. But this implies that . Therefore and . Hence and , in contradiction with the assumption that .

Conversely, suppose that and . This implies that . If , then . But this is in contradiction with Lemma 2.5. Hence, . ∎

Our final goal is to describe the structure of the graph associated with the map over . As remarked in Section 2, this can be done describing separately the structure of the graphs associated with the maps and on the sets and respectively (see Section 2 for the details).

  • Graph . We remind that, for each , there exist two distinct points in having the same -coordinate. Moreover is isomorphic to , being the ring of integers of .

  • Graph . Let . In this case there are exactly two distinct points in with such an -coordinate. By Lemma 4.1, . Viceversa, if and , then and or . Hence, there is an isomorphism

    where

Before dealing with graphs and we recall just some facts about the ring , which is the ring of integers of the quadratic number field . Since the ring is euclidean, it is also a unique factorization domain. Moreover, the only positive rational prime which ramifies in is , while all other (positive) rational primes either split in or are inert.

We can factor the element (resp. ) in primes of . Notice that divides neither nor .

Suppose that (resp. ) factors as

where

  1. all and are non-negative integers;

  2. for the elements are distinct primes of and ;

  3. for the elements are distinct primes of , different from and , and , for some rational integer such that .

The ring (resp. ) is isomorphic to

(4.1)

For any the additive group of is isomorphic to the direct sum of two cyclic groups of order . This implies that, for each integer , there are points in of order , where

For any the additive group of is cyclic of order . Hence, there are points in of order , for each integer .

Finally, the additive group of is isomorphic to the direct sum of two cyclic groups of order , if is even, or to the direct sum of two cyclic groups of order respectively and , if is odd. In the case that is even, for each integer there are points in of order , where

If, on the contrary, is odd, then

An element (resp. ), which is periodic under the action of the map , is the -coordinate of a rational point of (resp. , which corresponds to a point of the form (resp. ). Each , for , has order , for some integer . Moreover, has order , for some integer such that if is even or if is odd. For any let be the smallest among the positive integers such that or . In a similar way, we define to be the smallest among the positive integers such that or .

  • If , then is the smallest among the positive integers such that divides or in .

  • If , then is the smallest among the positive integers such that divides or in .

  • The integer is the smallest among the positive integers such that divides or in .

Let

We introduce parameters , for , and such defined:

Let

Then, the period of with respect to is

We note that the number of points in (resp. ), where each has order and has order , is

Let (resp. ) be one of such points. The period of can be calculated as above. In particular, we note that also (resp. ) has the same additive order in (resp. ). This amounts to saying that the points give rise to cycles of length .

Now we define the sets , for any , and if is even or if is odd. Let

For any denote by the set of all cycles formed by the elements (resp. ) such that (resp. ) for some (resp. ) and (resp. ), where

  • each , for , has additive order in ;

  • each , for , has additive order in ;

  • has additive order in .

Let be the length of the cycles formed by these points. Finally, denote by the set of all cycles in graph and by the set of all cycles in graph .

The following holds.

Lemma 4.2.

With the above notation, (resp. ) is equal to , being

for any non-zero .

In the following we will denote by (respectively ) the set of the elements of belonging to some cycle of (respectively ). Before characterizing the trees rooted in vertices of (respectively ), we observe that consists of the elements , where each is or (see [Gil81] for more details).

4.1. Trees rooted in vertices of

The following Lemma characterizes the reversed trees having root in .

Lemma 4.3.

Any element is the root of a reversed binary tree of depth with the following properties.

  • If , then there are vertices at the level of the tree. Moreover, the root has one child, while all other vertices have two children.

  • If , then there are vertices at the level of the tree. Moreover, the root and the vertex at the level 1 have one child, while all other vertices have two children.

  • If is the greatest power of 2 which divides , then .

Proof.

For a fixed element , let be one of the (at most two) points with such an -coordinate. An element belongs to the non-zero level of the reversed binary tree rooted in if and only if , and none of the is periodic for any . Since (see Lemma 2.2 and the subsequent Remark), there exists such that and , where . Moreover, since in , we have that .

For a fixed positive integer we aim to find all points in such that

  1. and ;

  2. for any and , or for any and