Sign of Permutation Induced by Nagata Automorphism over Finite Fields

Transcription

1 Journal of Mathematics Research; Vol. 9, No. 5; October 217 ISSN E-ISSN Published by Canadian Center of Science and Education Sign of Permutation Induced by Nagata Automorphism over Finite Fields Keisuke Hakuta 1 & Tsuyoshi Takagi 2,3 1 Interdisciplinary Graduate School of Science and Engineering, Shimane University, Shimane, Japan 2 Department of Mathematical Informatics, Graduate School of Information Science and Technology, The University of Tokyo, Tokyo, Japan 3 Japan Science and Technology Agency, CREST, Japan Correspondence: Keisuke Hakuta, Interdisciplinary Graduate School of Science and Engineering, Shimane University, 16 Nishikawatsu-cho, Matsue, Shimane, Japan. hakuta@cis.shimane-u.ac.jp Received: July 2, 217 Accepted: August 4, 217 Online Published: September 8, 217 doi:1.5539/jmr.v9n5p54 Abstract URL: This paper proves that the Nagata automorphism over a finite field can be mimicked by a tame automorphism which is a composition of four elementary automorphisms. By investigating the sign of the permutations induced by the above elementary automorphisms, one can see that if the Nagata automorphism is defined over a prime field of characteristic two, the Nagata automorphism induces an odd permutation, and otherwise, the Nagata automorphism induces an even permutation. Keywords: polynomial automorphism, finite field, permutation, nagata automorphism, multivariate polynomial cryptography 1. Introduction Throughout the paper K denotes a field and char(k) denotes the characteristic of the field K. Let K[X 1,..., X n ] be the polynomial ring in n indeterminates X 1,..., X n over K. For polynomials f 1,..., f n K[X 1,..., X n ], the n-tuple of polynomials F = ( f 1,..., f n ) is called a polynomial map. The set of polynomial maps over K and the set of maps from K n to itself are denoted by ME n (K) and Maps(K n, K n ), respectively. We can identify each polynomial map with a map from K n to itself via the following natural map π : ME n (K) Maps(K n, K n ). We denote the set of polynomial automorphisms (resp. affine automorphisms, elementary automorphisms) of K n by GA n (K) (resp. Aff n (K), EA n (K)). Recall that Aff n (K) K n GL n (K). We use the symbol TA n (K) to represent the subgroup of GA n (K) generated by two subgroups Aff n (K) and EA n (K). For F GA n (K), F is called tame automorphism if F TA n (K), and otherwise (F GA n (K) \ TA n (K)) F is called wild automorphism. The Tame Generators Problem asks whether GA n (K) = TA n (K), and is related to the Jacobian conjecture. The equality is trivially true for n = 1 and the equality still holds for n = 2 (Jung-van der Kulk theorem (Jung, 1942), (Kulk, 1953)). For n = 3, Nagata proved that σ GA 2 (K[X 3 ]) \ TA 2 (K[X 3 ]) (Nagata, 1972, Part 2, Theorem 1.4), and he conjectured that σ GA 3 (K) \ TA 3 (K) (Nagata, 1972, Part 2, Conjecture 3.1). The map σ is called the Nagata automorphism (See Equation (1) for the definition of σ). Shestakov and Umirbaev in (Shestakov & Umirbaev, 24, Corollary 9) finally gives an affirmative answer in the case where char(k) =. An algebro-geometric proof of this fact is given by Kishimoto (Kishimoto, 28). Smith (Smith, 1989) shows that the Nagata automorphism is stably tame, and Spodzieja (Spodzieja, 27) gives a direct proof of this fact. We refer to (Essen, 2) for more details. For any finite set T, we denote by Sym(T) (resp. Alt(T)) the symmetric group on T (resp. the alternating group on T). Let us denote by sgn : Sym(T) {±1} the sign function. When K is a finite field F q with q elements (p = char(f q ), q = p m, and m 1), we use the symbol π q instead of π: π q : ME n (F q ) Maps(F n q, F n q). If we restrict the map π q to GA n (F q ), π q (G) is a subgroup of Sym(F n q) for any subgroup G GA n (F q ). Maubach has investigated the subgroup π q (G) in the case G = TA n (F q ) (Maubach, 21, Theorem 2.3). 54

2 Theorem 1. If n 2, then π q (TA n (F q )) = Sym(F n q) if q is odd or q = 2. If q = 2 m where m 2 then π q (TA n (F q )) = Alt(F n q). If there exists F GA n (F 2 m) such that sgn (π 2 m(f)) = 1, then we must have F GA n (F 2 m) \ TA n (F 2 m). This indicates that the polynomial automorphism F is wild. Thus, the following question is very important (Maubach, 28, page 3, Problem). Question 1. For q = 2 m and m 2, do there exist polynomial automorphisms such that the permutations induced by the polynomial automorphisms belong to Sym(F n q) \ Alt(F n q)? It is a natural question to ask the sign of the famous polynomial automorphisms such as the Nagata automorphism (Nagata, 1972, Section 2.1, Equation (1.1)), the Anick automorphism (Cohn, 26, Section 6.1, page 398), and the Nagata- Anick automorphism (Cohn, 26, Section 6.1, page 398). This question is partially solved in the case of the Anick automorphism and the Nagata-Anick automorphism by Hakuta (Hakuta, 217b, Main Theorem 1 and Main Theorem 2). Hakuta also derives the sign of the permutations induced by the affine automorphisms and the elementary automorphisms (Hakuta, 217a, Main Theorem 1 and Main Theorem 2). Moreover, for a given tame automorphism over F q, we can compute the sign of the permutation induced by the tame automorphism over F q under the knowledge of a decomposition of the tame automorphism into a finite number of affine automorphisms and elementary automorphisms (Hakuta, 217a, Corollary 5). However, we emphasize that, at least in our knowledge, the answer of the above problem for the case of the Nagata automorphism over F q is unknown yet. Another motivation for considering the above question comes from multivariate polynomial cryptography (Ding, Gower, & Schmidt, 26). Multivariate polynomial cryptography is a potential candidate for post-quantum cryptography. One such example is the Tame Transformation Method (See, for example, (Chen & Moh, 21), (Ding & Hodges, 24), (Ding & Schmidt, 24), (Goubin & Courtois, 2), (Hakuta, Sato, & Takagi, 216), (Hrdina, Kureš, & Vašík, 21), (Moh, 1999), (Moh, 23), (Moh, Chen, & Yang, 24)). One of the building blocks for multivariate polynomial cryptography is a bijective polynomial map over F q. Thus, it is important to investigate mathematical properties of bijective polynomial maps over F q such as the sign of the permutations induced by bijective polynomial maps over F q, the classification of bijective polynomial maps over F q by individual computation (Maubach & Willems, 214), and so on. This paper proves that the Nagata automorphism over a finite field can be mimicked by a tame automorphism which is a composition of four elementary automorphisms. By investigating the sign of the permutations induced by the above elementary automorphisms, one can see that if the Nagata automorphism is defined over a prime field of characteristic two, the Nagata automorphism induces an odd permutation, and otherwise, the Nagata automorphism induces an even permutation. 2. Sign of Permutation Induced by Nagata Automorphism The Nagata automorphism is defined by The inverse of the Nagata automorphism σ is given by σ := (x 2(xz + y 2 )y (xz + y 2 ) 2 z, y + (xz + y 2 )z, z) GA 3 (K). (1) σ 1 = (x + 2(xz + y 2 )y (xz + y 2 ) 2 z, y (xz + y 2 )z, z). (2) We call π q (σ) the permutation induced by the Nagata automorphism. This section investigates the sign of the permutation π q (σ). Let t be a new variable. We first show that there exists a polynomial h(t) F q [t] such that h(α) = for α F q and h() = 1 for α =. In order to prove this claim, we define the polynomial f (t) F q [t] as follows: f (t) := (t c) F q [t]. c F q We put c := f (). By (Hakuta, 217b, page 26), we have c F q and h(t) := c 1 f (t) F q [t] satisfies the condition (α F h(α) = q), (3) 1 (α = ). We say that F GA n (F q ) can be mimicked by an element of a certain group G if there exists G G such that π q (F) = π q (G) (See (Maubach & Willems, 211, page 35) for more details). We prove the following lemma (Lemma 1) which states that the Nagata automorphism over F q can be mimicked by a composition of four elementary automorphisms. 55

3 Lemma 1. Let ϕ, λ, and ˆλ be elementary automorphisms defined by Then we have ϕ := (x + z q 2 y 2, y, z), λ := (x, y + z 2 x, z), ˆλ := (x 2h(z)y 3, y, z) EA 3 (F q ). π q (σ) = π q (ˆλ ϕ 1 λ ϕ). (4) In other words, the Nagata automorphism σ can be mimicked by ˆλ ϕ 1 λ ϕ TA 3 (F q ) which is a composition of four elementary automorphisms. Proof. It is easy to see that Since ϕ 1 = (x z q 2 y 2, y, z) EA 3 (F q ), we obtain π q (λ ϕ) = π q ((x, y + z 2 x, z) (x + z q 2 y 2, y, z)) π q (ϕ 1 λ ϕ) = π q ((x + z q 2 y 2, y + z 2 (x + z q 2 y 2 ), z)) = π q ((x + z q 2 y 2, y + (xz 2 + z q y 2 ), z)) = π q ((x + z q 2 y 2, y + (xz 2 + zy 2 ), z)) = π q ((x + z q 2 y 2, y + z(xz + y 2 ), z)). = π q ((x z q 2 y 2, y, z) (x + z q 2 y 2, y + z(xz + y 2 ), z)) = π q (((x + z q 2 y 2 ) z q 2 (y + z(xz + y 2 )) 2, y + z(xz + y 2 ), z)) = π q ((x 2(xz + y 2 )yz q 1 (xz + y 2 ) 2 z, y + (xz + y 2 )z, z)). Then we can see that (ϕ 1 σ(x, y, z) (z F λ ϕ)(x, y, z) = q), (x, y, ) σ(x, y, z) = (x 2y 3, y, ) (z = ). From Equation (3), we have (ˆλ ϕ 1 λ ϕ)(x, y, z) = σ(x, y, z) for all (x, y, z) F 3 q. Therefore, π q (σ) = π q (ˆλ ϕ 1 λ ϕ). From Lemma 1, it is sufficient to derive the sign of π q (λ) and π q (ˆλ). We compute sgn(π q (λ)) (resp. sgn(π q (ˆλ))) in Lemma 2 (resp. Lemma 3). We will use these lemmas to prove the main result of this paper (Main Theorem 1). Lemma 2. (Sign of π q (λ)) Let λ be as in Lemma 1. Then we have sgn(π q (λ)) = ( 1) pm 1 (p 1)(q 1) 2. (5) Namely, if q is odd or q = 2 m, m 2 then we have π q (λ) Alt(F 3 q). If q = 2 then we have π q (λ) Sym(F 3 q) \ Alt(F 3 q). Proof. Let us take two elements, z F q. We consider the following map λ (x,z ) : F 3 q F 3 q, One can see that the map λ (x,z ) is bijective. We take Since B ( λ (x,z )) B ( λ(x,z )) = for any ( x, z λ (x,z ) : F 3 q F 3 q (x, y, z) (x, y + z 2 x, z), if x = and z = z, (x, y, z) (x, y, z), otherwise. B ( λ (x,z )) := { (x, y, z) F 3 q λ(x,z )(x, y, z) (x, y, z) }. ) F q F q \ {(, z )}, we have λ =,z F q λ (x,z ), 56

4 which is a composition of disjoint permutations on F 3 q. We decompose the permutation λ (x,z ) as a composition of disjoint cycles on F 3 q for each (, z ) F q F q. In order to find such a decomposition, we define an equivalence relation (λ) on F q : y F q and y F q are equivalent if and only if there exists l {, 1,..., p 1} such that y = y lz 2. We set C (λ) y := {y F q y (λ) y }. We fix a complete system of representatives R λ for the equivalence relation (λ) on F q. Remark that R λ = q/p = p m /p = p m 1. For arbitrary R λ, we define the bijective map λ y,(,z ) : F 3 q F 3 q by λ y,(,z ) : F 3 q F 3 q (x, y, z) ( x, y + z 2 x, z ), if y C y (λ), x =, and z = z, (x, y, z) (x, y, z), otherwise. It is obvious from the definition of the map λ y,(,z ) that λ y,(,z ) is a cycle of length p. Namely, Let us take y R λ. If y C(λ) y then from C (λ) y sgn ( π q ( λy,(,z ))) = ( 1) p 1. C (λ) y λ (x,z ) = =, we have y R λ λ y,(,z ), which is a composition of disjoint cycles on F 3 q. Since π q and sgn are homomorphisms of groups, we obtain sgn ( π q (λ) ) ( ( = sgn πq λy,(,z ))),z F q,y R λ =.,z F q,y R λ ( 1) p 1 = ( 1) pm 1(p 1)(q 1)2 Thus, Equation (5) holds. Lemma 3. (Sign of π q (ˆλ)) Let ˆλ be as in Lemma 1. Then we have sgn(π q (ˆλ)) = 1. (6) Namely, we have π q (ˆλ) Alt(F 3 q). Proof. Since sgn(π q (ˆλ)) = 1 when char(f q ) = 2, it is sufficient to show the assertion for char(f q ) 2. We suppose that char(f q ) 2. By the definition of ˆλ and by Equation (3), we can easily see that (x, y, z) (z F ˆλ(x, y, z) = q), (x 2y 3, y, ) (z = ). Let us take an element y F q and we put z :=. We consider the following map ˆλ (y,z ) : F 3 q F 3 q, One can see that the map ˆλ (y,z ) is bijective. We take ˆλ (y,z ) : F 3 q F 3 q (x, y, z) (x 2y 3, y, z), if y F q and z =, (x, y, z) (x, y, z), otherwise. B (ˆλ (y,z )) := { (x, y, z) F 3 q ˆλ (y,z )(x, y, z) (x, y, z) }. Since B (ˆλ ) (y,z )) B (ˆλ (y,z ) = for any y F q \ {y }, we have ˆλ = ˆλ (y,z ), y F q 57

5 which is a composition of disjoint permutations on F 3 q. We decompose the permutation ˆλ (y,z ) as a composition of disjoint cycles on F 3 q for each y F q. In order to find such a decomposition, we define an equivalence relation (ˆλ) on F q : x F q and x F q are equivalent if and only if there exists l {, 1,..., p 1} such that x = x 2ly 3. We set C (ˆλ) x := {x F q x (ˆλ) x }. (ˆλ) We fix a complete system of representatives Rˆλ for the equivalence relation on F q. Remark that Rˆλ = q/p = pm /p = p m 1. For arbitrary Rˆλ, we define the bijective map ˆλ x,(y,z ) : F 3 q F 3 q by ˆλ x,(y,z ) : F 3 q F 3 q (x, y, z) ( x, y + z 2 x, z ), if x C (ˆλ), y = y, and z = z, (x, y, z) (x, y, z), otherwise. It is obvious from the definition of the map ˆλ x,(y,z ) that ˆλ x,(y,z ) is a cycle of length p. Namely, Let us take x Rˆλ. If x C(ˆλ) then from C (λ) sgn ( π q (ˆλ x,(y,z ))) = ( 1) p 1. C (ˆλ) =, we have ˆλ (y,z ) = ˆλ x,(y,z ), which is a composition of disjoint cycles on F 3 q. Since π q and sgn are homomorphisms of groups, we obtain sgn ( π q (ˆλ )) = sgn ( )) π q (ˆλ x,(y,z ) = Rˆλ,y F q Rˆλ,y F q Rˆλ ( 1) p 1 = ( 1) pm 1 (p 1)(q 1) = 1. Thus we always have sgn(π q (ˆλ)) = 1. Hence, Equation (6) holds. From Lemma 2 and Lemma 3, we have the following main result of this paper (Main Theorem 1). Main Theorem 1. (Sign of Nagata automorphism) If q is odd or q = 2 m, m 2 then we have π q (σ)) Alt(F 3 q). If q = 2 then we have π q (σ) Sym(F 3 q) \ Alt(F 3 q). Namely, 1 (q is odd or q = 2 m and m 2), sgn(π q (σ)) = (7) 1 (q = 2). Proof. From Lemma 1, we have Since π q and sgn are group homomorphisms, we can derive sgn(π q (σ)) = sgn(π q (ˆλ ϕ 1 λ ϕ)). sgn(π q (ˆλ ϕ 1 λ ϕ)) = sgn(π q (ˆλ)π q (ϕ 1 )π q (λ)π q (ϕ)) Thus, it follows immediately from Lemma 2 and Lemma 3. = sgn(π q (ˆλ)) sgn(π q (ϕ 1 )) sgn(π q (λ)) sgn(π q (ϕ)) = sgn(π q (ˆλ)) sgn(π q (ϕ)) 1 sgn(π q (λ)) sgn(π q (ϕ)) = sgn(π q (ˆλ)) sgn(π q (λ)). Remark 1. One can also prove Lemma 2 and Lemma 3 by avoiding the cycle decomposition of permutations. Here, we give a more simple proof of Lemma 2 and Lemma 3. It follows immediately from (Hakuta, 217a, Main Theorem 1) that sgn(π q (ˆλ)) = 1. Again from (Hakuta, 217a, Main Theorem 1), we have 1 (q is odd or q = 2 m and m 2), sgn(π q (λ)) = 1 (q = 2). Thus, Lemma 2 and Lemma 3 hold. 58

6 References Chen, J.-M., & Moh, T. T. (21). On the Goubin-Courtois attack on TTM. Cryptology eprint Archive, Report 21/72. Cohn, P. M. (26). Free Ideal Rings and Localization in General Rings. Cambridge University Press. van den Essen, A. (2). Polynomial Automorphisms and the Jacobian Conjecture. Birkhäuser. Ding, J., Gower, J. E., & Schmidt, D. S. (26). Multivariate Public Key Cryptosystems. Springer. Ding, J., & Hodges, T. (24). Cryptanalysis of an implementation scheme of TTM. J. Algebra Appl., 3(3), Ding, J., & Schmidt, D. (24). The new implementation schemes of the TTM cryptosystem are not secure. In Feng, K., Niederreiter, H., & Xing, C. (Eds.), Coding, Cryptography and Combinatorics, Birkhäuser Verlag. 6 Goubin, L., & Courtois, N., (2). Cryptanalysis of the TTM cryptosystem. In Okamoto, T. (Eds.), Advances in Cryptology ASIACRYPT 2, Springer. 4 Hakuta, K. (217a). On permutations induced by tame automorphisms over finite fields. Acta Math. Vietnam., to appear. Hakuta, K. (217b). Sign of permutations induced by Anick and Nagata-Anick automorphisms over finite fields. Journal of Mathematics Research, 9(4), Hakuta, K., Sato, H., & Takagi, T. (216). On tameness of Matsumoto-Imai central maps in three variables over the finite field F 2. Adv. Math. Commun., 1(2), Hrdina, J., Kureš, M., & Vašík, P. (21). A note on tame polynomial automorphisms and the security of TTM cryptosystem. Appl. Comput. Math., 9(2), Jung, H. W. E. (1942). Über ganze birationale Transformationen der Ebene. J. Reine Angew. Math., 184, Kishimoto, T. (28). A new proof of the non-tameness of the Nagata automorphism from the point of view of the Sarkisov program. Compositio Math., 144, van der Kulk, W. (1953). On polynomial rings in two variables. Nieuw Archief voor Wiskunde, 3(1), Maubach, S. (21). Polynomial automorphisms over finite fields. Serdica Math. J., 27(4), Maubach, S. (28). A problem on polynomial maps over finite fields. arxiv preprint, arxiv: Maubach, S., & Willems, R. (211). Polynomial automorphisms over finite fields: Mimicking tame maps by the Derksen group. Serdica Math. J., 37(4), Maubach, S., & Willems, R. (214). Keller maps of low degree over finite fields. In Cheltsov, I., Ciliberto, C., Flenner, H., McKernan, J., Prokhorov, Y., & Zaidenberg, M. (Eds.), Automorphisms in Birational and Affine Geometry, Springer Moh, T. T. (1999). A Fast Public Key System with Signature and Master Key Functions. Comm. Algebra, 27(5), Moh, T. T. (23). An application of algebraic geometry to encryption: tame transformation method. Rev. Mat. Iberoamericana, 19(2), Moh, T. T., Chen, J.-M., & Yang, B.-Y. (24). Building instances of TTM immune to the Goubin-Courtois attack and the Ding-Schmidt attack. Cryptology eprint Archive, Report 24/168. Nagata, M. (1972). On automorphism group of k[x, y]. Kinokuniya Book Store Co. Ltd. Smith, M. K. (1989). Stably tame automorphisms. J. Pure Appl. Algebra, 58(2), Spodzieja, S. (27). On the Nagata automorphism. Univ. Iagell. Acta Math., 1298(45), Shestakov, I. P., & Umirbaev, U. U. (24). The tame and the wild automorphisms of polynomial rings in three variables. J. Amer. Math. Soc., 17,

7 Copyrights Copyright for this article is retained by the author(s), with first publication rights granted to the journal. This is an open-access article distributed under the terms and conditions of the Creative Commons Attribution license ( 6