On the existence of primitive completely normal bases of finite fields

Transcription

1 On the existence of primitive completely normal bases of finite fields Theodoulos Garefalakis a, Giorgos Kapetanakis b, a Department of Mathematics and Applied Mathematics, University of Crete, Voutes Campus, 7003 Heraklion, Greece b Sabanci University, FENS, Orhanli-Tuzla, Istanbul, Turkey Abstract Let F q be the finite field of characteristic p with q elements and F q n its extension of degree n. We prove that there exists a primitive element of F q n that produces a completely normal basis of F q n over F q, provided that n = p l m with m, p) = and q > m. Keywords: finite fields, character sums, primitive elements, normal basis, completely normal basis 200 MSC: T24. Introduction Let F q be the finite field of cardinality q and F q n its extension of degree n, where q is a prime power and n is a positive integer. A generator of the multiplicative group F q is called primitive. Besides their theoretical interest, n primitive elements of finite fields are widely used in various applications, including cryptographic schemes, such as the Diffie-Hellman key exchange [5]. An F q -normal basis of F q n is an F q -basis of F q n of the form {x, x q,..., x qn } and the element x F q n is called normal over F q. These bases bear computational advantages for finite field arithmetic, so they have numerous applications, mostly in coding theory and cryptography. For further information we refer to [6] and the references therein. It is well-known that primitive, see [5, Theorem 2.8], and normal, see [5, Theorem 2.35], elements exist for every q and n. The existence of elements that are simultaneously primitive and normal is also well-known. Theorem. Primitive normal basis theorem). Let q be a prime power and n a positive integer. There exists some x F q n that is simultaneously primitive and normal over F q. Corresponding author addresses: tgaref@uoc.gr Theodoulos Garefalakis), gnkapet@gmail.com Giorgos Kapetanakis) Preprint submitted to Elsevier April 7, 208

2 Lenstra and Schoof [4] were the first to prove Theorem.. Subsequently, Cohen and Huczynska [3] provided a computer-free proof with the help of sieving techniques. Several generalizations of this have also been investigated [2, 4,, 2, 3]. An element of F q n that is simultaneously normal over F q l for all l n is called completely normal over F q. The existence of such elements for any q and n is well-known []. Morgan and Mullen [6] conjectured that for any q and n, there exists a primitive completely normal element of F q n over F q. Conjecture.2 Morgan-Mullen). Let q be a prime power and n a positive integer. There exists some x F q n that is simultaneously primitive and completely normal over F q. In order to support their claim, Morgan and Mullen provide examples for such elements for all pairs q, n) with q 97 and q n < 0 50, see [6]. This conjecture is yet to be completely resolved. Partial results, covering certain types of extensions have been given, see [9] and the references therein. Recently, Hachenberger [0], using elementary methods, proved the validity of Conjecture.2 for q n 3 and n 37. In this work, we begin by proving the following theorem in Section 4. Theorem.3. Let n N and q a prime power with q n, then there exists a primitive completely normal element of F q n over F q. Then, we extend Theorem.3 by pushing our methods further and obtain the following generalization in Section 5. Theorem.4. Let q a power of the prime p and l, m Z with l 0, m, m, p) =. If n = p l m and m < q, then there exists a primitive completely normal element of F q n over F q. Our method is based on the work of Lenstra and Schoof [4]. In particular, we give sufficient conditions, for our existence results, that are progressively easier to check, but harder to satisfy. This way, me manage to prove our theorems theoretically for all pairs n, q) that satisfy the stated conditions, with the exception of 8 resilient pairs. For all those pairs, however, examples of primitive and completely normal elements have been given in [6]. For the reader s convenience, these pairs are displayed in Table Preliminaries Before we move on to our results, we note that, in addition to the special cases mentioned in [9], the case when F q n is completely basic over F q can be excluded from our calculations. Namely, F q n is completely basic over F q if every normal element of F q n is also completely normal over F q and it is clear that in that case, Theorem. implies Conjecture.2. Furthermore, we can characterize such extensions using the following, see [9, Theorem 5.4.8] and, for a proof, see [7, Section 5]. 2

3 Theorem 2.. Let q be a power of the prime p. F q n is completely basic over F q if and only if for every prime divisor r of n, r ord n/r) q), where n/r) stands for the p-free part of n/r and ord n/r) q) for the multiplicative order of q modulo n/r). With the above and Theorem. in mind, it is straightforward to check the validity of the following: Corollary 2.2. Let q be a power of the prime p and n = p l m, where l 0 and m, p) =. If. m q or 2. m = or 3. n = r or n = r 2 for some prime r, then F q n is completely basic over F q and there exists a primitive complete normal element of F q n over F q. The above results imply that F q n is completely basic over F q when n 5 or m =. They also imply Theorems.3 and.4 for q 5. This is straightforward to check for Theorem.3, as our cases of interest are q > n and the case n 5 is already settled. For Theorem.4 we demonstrate the case q = 5 and we notice that the cases q 4 are proven in a similar way. Write n = 5 l m, where m, 5) =. Since our cases of interest are m < q, we get that m =, 2, 3 or 4. The cases m =, 2 and 4 are covered directly from Corollary 2.2, while the case m = 3, i.e. when n = 5 l 3, satisfies the conditions of Theorem 2., hence in any case F 5 5 l m is completely basic over F 5. Summing up, from now on we may assume that q 7, n 6 and m >. Characters and their sums play a crucial role in characterizing elements of finite fields with the desired properties and in estimating the number of elements that combine all the desired properties. Definition 2.3. Let G be a finite abelian group. A character of G is a group homomorphism G C. The characters of G form a group under multiplication, which is isomorphic to G. This group is called the dual of G and denoted by Ĝ. Furthermore, the character χ 0 : G C, where χ 0 g) = for all g G, is called the trivial character of G. Finally, by χ we denote the inverse of χ. The finite field F q n is associated with its multiplicative and its additive group. From now on, we will call the characters of F q multiplicative characters and n the characters of F q n additive characters. Furthermore, we will denote by χ 0 and ψ 0 the trivial multiplicative and additive character respectively and we will extend the multiplicative characters to zero with the rule { 0, if χ χ0) := F q \ {χ 0}, n, if χ = χ 0. A character sum is a sum that involves characters. In this work we will use the following well-known results on character sums. 3

4 Lemma 2.4 Orthogonality relations). Let χ be a non-trivial character of a group G and g a non-trivial element of G. Then χx) = 0 and χg) = 0. x G Lemma 2.5 Gauss sums). Let χ be a non-trivial multiplicative character and ψ be a non-trivial additive character. Then χx)ψx) = qn/2. The additive and the multiplicative groups of F q n can also be seen as modules. In particular F q the multiplicative group) can be seen as a Z-module and F n q n the additive group) as a F q l[x]-module, where l n, under the rules r x = x r and F x = k i=0 F ix qli, where r Z and F X) = k i=0 F ix i F q l[x]. Since both primitive elements and normal elements over F q l are known to exist, it follows that both modules are cyclic. Let q be the square-free part of q n. The characteristic function for primitive elements of F q n is given by Vinogradov s formula ωx) := θq ) d q µd) φd) χ Ĝ χ F q n, ordχ)=d χx), where θq ) = φq )/q, µ is the Möbius function, φ is the Euler function and the order of a multiplicative character is defined as its multiplicative order in F q n. Similarly, the characteristic function for elements of F q n that are normal over F q l is Ω l x) := θ l X n/l ) F X n/l µ l F ) φ l F ) ψ F q n, ord l ψ)=f ψx), where θ l X n/l ) := φ l F l )/ql degf l ), F l is the square-free part of Xn/l F q l[x], µ l and φ l are the Möbius and Euler functions in F q l[x], the first sum extends over the monic divisors of X n/l in F q l[x] and the second sum runs through the additive characters of F q n of order F over F q l. The order of an additive character of F q n over F q l, denoted as ord l, is defined as the lowest degree monic polynomial G F q l[x] such that ψg x) = for all x F q n. We note that the order of an additive character of F q n over F q l always divides X n/l in F q l[x]. Furthermore, an additive or a multiplicative character has order equal to if and only if it is the trivial character. It is easy to see that the above characteristic functions can be written in the following more compact 4

5 form, which we will use later ωx) = θq ) χ F q n, ordχ) q Ω l x) = θ l X n/l ) ψ F q n µordχ)) φordχ)) χx), µ l ord l ψ)) φ l ord l ψ)) ψx). Let PCN q n) be the number of primitive completely normal elements of F q n over F q and CN q n) be the number of completely normal elements of F q n over F q. Let { = l <... < l k < n} be the set of proper divisors of n. Since all x F q are normal over F n q n, it follows that an element of F qn is completely normal over F q if and only if it is normal over F q l i for all i =,..., k. To simplify our notation, we denote q = X n/l,..., X n/l k ) and θq) = k i= θ l i X n/li ). We compute CN q n) = = θq) Ω l x) Ω lk x) ψ,...,ψ k ) i= µ li ord li ψ i )) φ li ord li ψ i )) ψ ψ k x), where the sums extends over all k-tuples of additive characters. Noting that ψ ψ k x) = 0, for ψ ψ k ψ 0, we obtain CN q n) = q n θq) ψ,...,ψ k ) i= ψ ψ k =ψ 0 µ li ord li ψ i )) φ li ord li ψ i )). 3. Sufficient conditions In this section we prove some sufficient conditions that ensure PCN q n) > 0. Theorem 3.. Let q be a prime power, n N, then PCN q n) θq ) CN q n) q n/2 W q )W l F l ) W lk F l k )θq )θq), where W q ) is the number of positive divisors of q and W li F l i ) is the number of monic divisors of F l i in F q l i [X]. 5

6 Proof. Using the characteristic functions, as presented in Section 2 we deduce that PCN q n) = ωx)ω l x) Ω lk x) = θq )θq) χ ψ,...,ψ k ) = θq )θq)s + S 2 ), µordχ)) φordχ)) i= µ li ord li ψ i )) φ li ord li ψ i )) where the term S is the part of the above sum for χ = χ 0, ψ ψ k x)χx) S = ψ,...,ψ k ) i= µ li ord li ψ i )) φ li ord li ψ i )) ψ ψ k x) = CN qn) θq) ) and S 2 is the part for χ χ 0, S 2 = χ χ 0 ψ,...,ψ k ) µordχ)) φordχ)) i= µ li ord li ψ i )) φ li ord li ψ i )) ψ ψ k x)χx). 2) In the last sum, note that the summations runs on multiplicative characters χ of order dividing q and may be restricted to additive characters of order dividing the square-free part of X n/li, which we denoted by F l i. For the last sum we have S 2 χ χ 0 ψ,...,ψ k ) q n/2 φordχ)) φordχ)) χ χ 0 = q n/2 W q ) ) i= i= φ li ord li ψ i )) φ li ord li ψ i )) ψ i i= W li F l i ), ψ ψ k x)χx) where we used Lemma 2.4 and Weil s bound, as seen in Lemma 2.5, for the second inequality. The result follows. Remark. The sieving techniques of Cohen and Huczynska [3, 4] could be applied here, albeit only on the multiplicative part. The potential advantage of implementing them would be reducing the number of pairs q, n) that we rely on the examples given in [6] see Table 2). However, since this number is already small, the current simpler approach was favored. From the above, it is clear that we will also need the following lemma: 6

7 Lemma 3.2. For any r N, W r) c r,a r /a, where c r,a = 2 s /p p s ) /a and p,..., p s are the primes 2 a that divide r. In particular, c r,4 < 4.9, c r,8 < for all r N and c r,4 < 2.9, c r,8 < and c r,2 < if r is odd. Proof. It is clear that it suffices to prove the above for r square-free. Assume that r = p p s q q t, where p,..., p s, q,..., q t are distinct primes and p i 2 a and q j > 2 a. We have that W r) = 2 s+t = 2 s 2 } {{ 2 } = 2 s 2 } a {{ 2 a } ) /a 2 s q... q t ) /a = c r,a r /a. t times t times The bounds for c r,a can be easily computed. Also, in order to apply the results of this section, we need a lower bound for CN q n). Proposition 3.3. Let q be a power of the prime p and n N, then CN q n) q n φ dx n/d ) ) q n d n In particular, for every n and p, we have that CN q n) q n nq + ) q 2 ), 3) while for n = p l m, with l and m, p) =, we get CN q n) q n m q + q 2 + q p + 4 )) q 2p, for p > 2 4) CN q n) q n m q + q q )) q 4, for p = 2. 5) Proof. For d n, the number of elements of F q n that are normal over F q d is equal to φ d X n/d ). Therefore, the number of elements of F q n that are not completely normal over F q is at most d n qn φ d X n/d )). The first bound follows. For the bound of Eq. 3), we observe that φ d X n/d ) = q n P ) q n ) n/d q d degp ) q d, where the product extends over the prime factors of X n/d in F q d[x]. Substituting in the first bound we obtain CN q n) q n ) ) n/d q d q n n dq d. d n d n 7

8 The result follows upon noting that n dq d n q + dq d n d n d n d> q + 2 ) n q d nq 2 q + ), since n d=2 q d 2q 2. We next move on to the next two inequalitites. Let n = p l m, with m, p) =. Then the by the first bound we have l CN q p l m) q pl m φ ) p j dx pl jm/d ). q pl m j=0 d m Since p is the characteristic of F q, X pl jm/d = X m/d ) pl j, and we may compute φ pj dx pl jm/d ) q pl m ) m/d q pl m m ). q dpj dq dpj Therefore, CN q p l m) q pl m m First, we consider the case p > 2. We compute, d m dq dpj q pj + 2 m d=2 Substituting in Eq. 6), and using the fact that we have l j=0 CN q p l m) q pl m m q pl m m d=2 l dq dpj j=0 d m q dpj q pj + q 2pj. q pj q + q p + 2 q 2p, l j=0 + ) q pj q 2pj q + q p + 2 q 2p + q q 2p which immediately yields Eq. 4). In the case p = 2, we note that m is odd. Then d m + dq d2j q 2j 3 m d= q d2j q 2j 3q 3 2j. 6) )), 8

9 Substituting in Eq. 6), and using the bound we obtain l j=0 CN q 2 l m) q 2l m m q 2l m m q 2j q + q q 4, l j=0 The last bound of the statement follows. + 2 ) q 2j 3q 3 2j q + q q q q 6 )). We note that the bound of Eq. 3) is meaningful for q n + and the ones in Eqs. 4) and 5) are meaningful for q > m >, with the sole exception of q = 4 and m = 3. This covers all our cases of our interest that are not covered directly by Corollary Proof of Theorem.3 In this section, we use the theory developed earlier to prove Theorem.3. All the described computations were performed with the SageMath software. From Theorem 3., we get PCN q n) > 0 provided that CN q n) > q n/2 W q ) i= W li F l i )θ li F l i ). 7) Clearly, θ li F l i ) < for all i and W li F l i ) 2 n/li, so we have that i= W li F l i )θ li F l i ) < 2 k i= n/li = 2 tn). Plugging this and Eq. 3) of Proposition 3.3 into Eq. 7), it suffices to show that ) q n/2 nq + ) q 2 W q )2 tn). 8) We combine the above with Lemma 3.2, applied for a = 8, and a sufficient condition for PCN q n) > 0 would be ) q 3n/8 nq + ) q tn). 9) By Robin s theorem [7], tn) e γ n log log n n, n 3, log log n 9

10 where γ is the Euler-Mascheroni constant, therefore the condition of Eq. 9) becomes ) q 3n/8 nq + ) q 2 > nlog log n e log log n). Since the cases q = n and q = n + are already settled by Corollary 2.2, we check the above for q n + 2 and verify that it holds for n > 22. A quick computation shows that, within the range 2 n 22, Eq. 9) is satisfied for all but 42 values of n, if we substitute q by the least prime power greater or equal to n +, tn) by its exact value and we exclude the cases when n is a prime or a square of a prime, as in those cases n Theorem.3 is implied by Corollary 2.2. For those values for n, we compute the smallest prime power q that satisfies Eq. 9), where tn) is replaced by its exact value. The results are presented in Table. In this region, there is a total of 62 pairs n, q) to deal with. n q 0 q n q 0 q n q 0 q n q 0 q Table : Values for 2 n 984 that are not primes or square of primes, not satisfying Eq. 9) for q 0, the least prime power n + 2, where q stands for the least prime power satisfying Eq. 9) for that n. By combining Eq. 7) and the first bound of Proposition 3.3, we get another condition, namely q n/2 φ dx n/d ) ) q n > W q ) W li F l i )θ li F l i ). 0) d n i= By using the estimate W q ) c q,6q n/6 from Lemma 3.2 and Eq. 0) the list is furtherer reduced to a total of 47 pairs, if we compute all appearing quantities explicitly, in particular the constant c q,6 is computed exactly for each value of q of interest. The list can be shrinked even more, to a total of 37 pairs, if we replace W q ) by its exact value in Eq. 0). These pairs n, q) are 0

11 6, 8), 6, 9), 6, ), 6, 3), 6, 6), 6, 7), 6, 9), 6, 23), 6, 25), 6, 29), 6, 3), 6, 37), 6, 43), 6, 49), 6, 6), 8, ), 8, 3), 8, 7), 8, 9), 8, 25), 2, 7), 2, 9), 2, 23), 2, 25), 2, 29), 2, 3), 2, 37), 2, 4), 2, 43), 2, 49), 2, 6), 2, 73), 8, 37), 24, 29), 24, 37), 24, 4) and 24, 49). However, 24 of those pairs correspond to completely basic extensions, as we directly check the conditions of Theorem 2.. The remaining 3 pairs are 6, 8), 6, ), 6, 7), 6, 23), 6, 29), 8, ), 8, 9), 2, 7), 2, 23), 2, 29), 2, 4), 24, 29) and 24, 4) and they all satisfy q 97 or q n < 0 50 and examples of primitive completely normal elements are given in [6]. This completes the proof of Theorem Proof of Theorem.4 Let n = p l m, with m, p) = and m < q. Our goal is to prove that PCN q p l m) > 0 for l 0 and m. First, we notice that if l = 0, then Theorem.3 implies Theorem.4, hence we only need to consider the case l. Also, the case m = is settled by Corollary 2.2, so from this point on, we assume that l and m 2. The set of proper divisors of n is {p j d : 0 j l, d m} \ {n}. From Theorem 3., we get PCN q n) > 0 provided that CN q n) > q n/2 W q ) j=0,...,l, d m j,d) l,m) W p j df p j d )θ p j df p j d ), ) where F p j d = Xm/d. Clearly, θ p j df p j d ) < for all 0 j l, d m and W p j dx m/d ) 2 m/d, so we have j=0,...,l, d m j,d) l,m) W pj df p j d )θ p j df p j d ) < 2l+) d m m/d = 2 l+)tm), where tm) denotes the sum of divisors of m. So a sufficient condition is CN q n) q n/2 W q )2 l+)tm). 2) The p > 2 case. For p > 2, using Eq. 4) from Proposition 3.3 and Lemma 3.2, applied for a = 8, we obtain the sufficient condition, q 3pl m/8 m q + q 2 + q p + 4 )) q 2p l+)tm). 3) The RHS of Eq.3) does not depend on q, while the LHS is an increasing function of q, so, since we are interested in q > m and the case q = m+ or q 5 is settled by Corollary 2.2, it suffices to prove Eq. 3) for q = maxm + 2, 7).

12 First we consider the case m = 2. A short calculation shows that the condition becomes q 3pl /4 2 q + q 2 + q p + 4 )) q 2p l+), which is satisfied for q 7 and l, with the exceptions l, m, q) =, 2, 7) or, 2, 9). For m 3, we upper bound tm) by Robin s theorem [7], tm) e γ m log log m m, m 3, log log m where γ is the Euler-Mascheroni constant. Furthermore, for m q we have m q + q 2 + q p + 4 ) q 2p m q 4 and the condition becomes mq 3pl m/ l+)eγ m log log m m log log m). Since q m + 2 and p 3, it suffices to show that mm + 2) 3l+ m/ l+)eγ m log log m m log log m), which is true for l 4 and m 3. The inequality is violated for the following 54 pairs l, m) =, 3 m 49), 2, 3 m 8), 3, 3). For those pairs l, m) we go back to Eq. 3), and check for which prime powers q it is violated. Since the LHS is an increasing function of q, this process will produce one more exceptional triple l, m, q), namely, 7, 9)). So, in total there are 3 exceptional triples l, m, q),, 2, 7),, 2, 9),, 7, 9), but only, 7, 9) corresponds to a non completely basic extension, by Theorem 2.. For this case, an example of primitive completely normal basis is given in [6]. The p = 2 case. For p = 2, the argument is nearly identical, the only difference being the choice of the bound of Eq. 5) from Proposition 3.3. Since m > and m, 2) = we consider only m 3, while from Corollary 2.2, it suffices to work with q 8. In Eq. 2), q is odd and an application of Lemma 3.2 for a = 8 yields W q ) q ) / q n/8. 2

13 Using this, Eq. 5) from Proposition 3.3 and Eq. 2), we obtain the sufficient condition q 3 2l m/8 m q + q q )) q l+)tm). 4) Using Robin s bound and the fact that m q + q q ) q 4 m 2q 3 we obtain the condition m q 3 2l m/ l+)eγ m log log m m log log m). Since q m + 2, it suffices to show that and m m + 2) 3 2l m/ l+)eγ m log log m m log log m), for m 7 m 8 3 2l m/ l+)eγ m log log m m log log m), for 3 m 5. The above inequalities are true for l 2 with the exceptions l, m) = 2, 3 m 57), 3, 3 m 9), 4, 3), 4, 5), 5, 3), 6, 3). For those pairs l, m) we go back to Eq. 4), and check for which values of q 8 that are powers of 2 the condition is violated. Those triples l, m, q) are 2, 3, 8), 2, 3, 6), 2, 5, 8), 2, 7, 8), 3, 3, 8), but only 2, 3, 8), 2, 5, 8) and 3, 3, 8) correspond to a non-completely basic extension, by Theorem 2.. Examples of primitive completely normal bases for the corresponding extensions are given in [6]. The remaining cases to check are for l =, m 3 and q 8. An application of Lemma 3.2 for a = 2 yields W q ) q ) / q n/2. Using this, Eq. 5) from Proposition 3.3 and Eq. 2), we obtain the sufficient condition q 5 2 m/2 m q + q q )) q 4 2 2tm). 2 Using Robin s bound it is sufficient to show that for q m + 2, and q 8, q 5m/6 m 2q e 3 γ m log log m m log log m.

14 This leads to the conditions m8 5m/ eγ m log log m m log log m, for 3 m 5, mm + 2) 5m/ eγ m log log m m log log m, for m 7. The conditions are satisfied for m > 873. For 3 m 873, we obtain the following 6 exceptions l, m, q) =, 3, 2 3 q 2 34 ),, 5, 2 3 q 2 2 ),, 7, 2 4 q 2 6 ),, 9, 2 4 q 2 3 ),,, 2 4 q 2 ),, 3, 2 4 q 2 9 ),, 5, 2 5 q 2 0 ),, 7, 2 5 q 2 8 ),, 9, 2 5 q 2 7 ),, 2, 2 5 q 2 8 ),, 23, 2 5 q 2 6 ),, 25, 2 5 q 2 6 ),, 27, 2 5 q 2 7 ),, 29, 2 5 ),, 33, 64),, 35, 64),, 45, 64). After removing the triples which are covered by Corollary 2.2, that is where m q, the list shrinks to the following list of 85 possible exceptions:, 3, 8),, 3, 32),, 3, 28),, 3, 52),, 3, 2048),, 3, 892),, 3, 32768),, 3, 3072),, 3, ),, 3, ),, 3, ),, 3, ),, 3, ),, 3, ),, 3, ),, 3, ),, 5, 8),, 5, 32),, 5, 64),, 5, 28),, 5, 52),, 5, 024),, 5, 2048),, 5, 892),, 5, 6384),, 5, 32768),, 5, 3072),, 5, 26244),, 5, ),, 5, ),, 7, 6),, 7, 32),, 7, 28),, 7, 256),, 7, 024),, 7, 2048),, 7, 892),, 7, 6384),, 7, 65536),, 9, 6),, 9, 32),, 9, 28),, 9, 256),, 9, 52),, 9, 024),, 9, 2048),, 9, 892),,, 6),,, 32),,, 64),,, 28),,, 256),,, 52),,, 2048),, 3, 6),, 3, 32),, 3, 64),, 3, 28),, 3, 256),, 3, 52),, 5, 32),, 5, 64),, 5, 28),, 5, 52),, 5, 024),, 7, 32),, 7, 64),, 7, 28),, 9, 32),, 9, 64),, 9, 28),, 2, 32),, 2, 28),, 2, 256),, 23, 32),, 23, 64),, 25, 32),, 25, 64),, 27, 32),, 27, 64),, 27, 28),, 29, 32),, 33, 64),, 35, 64) and, 45, 64) Each of the above triples, with the sole exception of, 3, 8), satisfy the initial condition of Eq. ), but the latter is already covered by the examples provided in [6]. This concludes the proof of Theorem.4. n q n q n q n q n q n q Table 2: Pairs n, q) that were not dealt with theoretically. 4

15 6. Conclusions In this work, a step towards the proof of Conjecture.2 was taken. We note that our restrictions q < n and q < m are direct consequences of the lower bounds for CN q n) from Proposition 3.3. For our methods to work more generally, new bounds for CN q n) are required. We believe that this would be an interesting and challenging direction for further research. Acknowledgments The authors are grateful to the anonymous referee for his/her comments that significantly improved the quality and readability of this paper. References [] D. Blessenohl and K. Johnsen. Eine verschärfung des satzes von der normalbasis. J. Algebra, 03):4 59, 986. [2] S. D. Cohen and D. Hachenberger. Primitive normal bases with prescribed trace. Appl. Algebra Engrg. Comm. Comput., 95): , 999. [3] S. D. Cohen and S. Huczynska. The primitive normal basis theorem without a computer. J. London Math. Soc., 67):4 56, [4] S. D. Cohen and S. Huczynska. The strong primitive normal basis theorem. Acta Arith., 434): , 200. [5] W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. Information Theory, 226): , 976. [6] S. Gao. Normal Basis over Finite Fields. PhD thesis, University of Waterloo, 993. [7] D. Hachenberger. Finite Fields: Normal Bases and Completely Free Elements, volume 390 of Kluwer Internat. Ser. Engrg. Comput. Sci. Kluwer Academic Publishers, Boston, MA, 997. [8] D. Hachenberger. Primitive complete normal bases: Existence in certain 2-power extensions and lower bounds. Discrete Math., 3022): , 200. [9] D. Hachenberger. Completely normal bases. In G. L. Mullen and D. Panario, editors, Handbook of Finite Fields, pages CRC Press, Boca Raton, 203. [0] D. Hachenberger. Asymptotic existence results for primitive completely normal elements in extensions of Galois fields. Des. Codes Cryptogr., 803): ,

16 [] C. Hsu and T. Nan. A generalization of the primitive normal basis theorem. J. Number Theory, 3):46 57, 20. [2] G. Kapetanakis. An extension of the strong) primitive normal basis theorem. Appl. Algebra Engrg. Comm. Comput., 255):3 337, 204. [3] G. Kapetanakis. Normal bases and primitive elements over finite fields. Finite Fields Appl., 26:23 43, 204. [4] H. W. Lenstra, Jr and R. J. Schoof. Primitive normal bases for finite fields. Math. Comp., 4877):27 23, 987. [5] R. Lidl and H. Niederreiter. Finite Fields. Cambridge University Press, Cambridge, second edition, 997. [6] I. H. Morgan and G. L. Mullen. Completely normal primitive basis generators of finite fields. Util. Math., 49:2 43, 996. [7] G. Robin. Grandes valeurs de la fonction somme des diviseurs et hypothèse de Riemann. J. Math. Pures Appl., 632):87 23,