Exponential sums over finite fields

Transcription

1 Exponential sums over finite fields Tim Browning Autumn, Introduction Let p be prime and let F p = Z/pZ. Given polynomials f, g F p [X] with g non-zero, sums of the sort S = e 2πif(x)/g(x) p C arise frequently in number theory. Typical questions / objectives: x F p, g(x) 0 [G1 ] Is there an explicit expression for S? [G2 ] Can we obtain upper bounds for S beyond the trivial one S #F p = p? The square-root philosophy suggests S should have order p unless there is bias. [G3 ] Can we obtain lower bounds for S? [G4 ] If S depends on further parameters l L how does it vary as a function of l? [G5 ] The function e 2πi p defines an additive character on F p. What about multiplicative characters? What about mixed characters? [G6 ] What happens in higher dimensions? Typical applications: Counting points on varieties over finite fields ( 5). Existence of rational points on varieties over number fields (circle method). Bounds for Fourier coefficients of cusp forms (Poincaré series). Let s proceed with some easy examples, illustrating the phenomena [G1] [G6]. 1.1 Linear sums Take f(x) = ax, g(x) = 1, so S = x F p e 2πiax p. If ζ a = e 2πia p then { S = 1 + ζ a + ζa ζa p 1 p, p a, = 0, p a. Hence we have an example of [G1] above. 1

2 1.2 Gauss sums Take f(x) = ax 2, g(x) = 1, so G a = S = x F p e 2πiax2 p. Assume a 0 and p > 2. Let ζ = e 2πi p and let T a = x F p ( x p ) ζ ax, where ( p ) is the Legendre symbol. We may write ( ) x 1 + = #{y F p : y 2 = x}. p Hence G a = x F p ζ ax #{y F p : y 2 = x} = x F p ζ ax + T a = T a by 1.1. Lemma 1.1 We have (1) T a = ( a p )T 1. (2) G 2 a = T 2 a = ( 1) p 1 2 p. Proof: For (1) we note that ( ) a T a = ( ) ax ζ ax = T 1, p p x F p since for a 0 we see that ax runs over a complete set of residues modulo p when x does. For (2) it suffices to take a = 1 since G 2 a = T1 2 by (1). For any b 0 we have T bt b = ( 1 p )T 1 2 by (1). Hence ( ) 1 T b T b = (p 1)T1 2. p But we also have Hence 1.1 yields T b T b = b F p x,y F p b F p T b T b = x,y F p ( ) ( ) x y ζ b(x y). p p ( ) ( ) x y y b(x y) 1 = p ( ) x 2 = p(p 1), p p p b F p x Fp since x F p ( x p 1 1 p ) = 0. Comparing these expressions and recalling that ( p ) = ( 1) 2 completes the proof. 2

3 Lemma 1.1 implies that there exists ɛ p {±1} such that { ɛp p, p 1(mod4), G 1 = T 1 = ɛ p i p, p 3(mod4). In fact one always has ɛ p = +1, so Gauss sums give examples of the phenomena [G1], [G2], [G5]. They are ubiquitous in number theory and (in particular) can be used to give a short proof of quadratic reciprocity: ( ) ( ) Theorem A If p q are odd primes then p q q p = ( 1) p 1 2 q 1 2. Proof: For any n N let e 2πi x 1 F q x 2 F p G a,n = x Z/nZ x2 2πia e n Since any x Z/pqZ can be written in a unique way as x = px 1 + qx 2 where x 1 is welldefined modulo q and x 2 modulo p, we see that G 1,pq = ( ) ( ) (px 1 +qx 2 ) 2 pq p q = G p,q G q,p = G 1,p G 1,q q p by Lemma 1.1. But then the theorem follows from the fact that { n, n 1(mod4), G 1,n = i n, n 3(mod4). for any odd n N. In a similar spirit higher degree Gauss sums can be used to study higher reciprocity laws. 1.3 Kloosterman sums Take f(x) = ax 2 + b, g(x) = X, so K(a, b; p) = S = x F p e (ax+bx 1 ) 2πi p. Getting a non-trivial upper bound for K(a, b; p) is most crucial ingredient in: Theorem B (Kloosterman) Let a 1,..., a n N, with n 4. Then for sufficiently large N N there are infinitely many solutions x Z n of the Diophantine equation a 1 x a n x 2 n = N, provided that there is no congruence condition. As we shall see in 6 Weil s resolution of the Riemann Hypothesis for function fields yields K(a, b; p) 2 p, 3

4 if a, b F p. To illustrate some useful ideas we present the proof of: Theorem C (Kloosterman) Let p be prime and a, b F p. Then K(a, b; p) 2p 3 4. Proof: The idea is to try and understand Kloosterman sums globally and not individually, through consideration of moments a,b, F p K(a, b; p) 2k = M k, say. If we can show M k M for some M 0 then since K(a, b; p) = K(ac, bc 1 ; p) for any c F p we deduce that whence Now for any k 1 we have (p 1) K(a, b; p) 2k = c F p K(a, b; p) K(ac, bc 1 ; p) 2k M, ( ) 1 M 2k. p 1 M k = K(a, b; p) 2k 2 K(a, 0; p) 2k K(0, 0; p) 2k. a,b F p a F p But a 0 implies that K(a, 0; p) = 1 by 1.1. Expanding the definition of the Kloosterman sums and their conjugates we deduce that M k = a,b F p x (F p) k 2(p 1) (p 1) 2k, where ζ = e 2πi p. But then 1.1 yields y (F p) k ζ a(x1+ +xk y1 yk) ζ b(x M k = p 2 N k 2(p 1) (p 1) 2k, where N k is the number of x, y (F p) k such that If k = 1 then N 1 = p 1 and so x x k = y y k, x x 1 k = y y 1 k x 1 k y 1 1 y 1 k ) M 1 = p 3 p 2 2p + 2 (p 2 2p + 1) = p 3 2p If k = 2 then there are 2(p 1) 2 (p 1) obvious solutions in which y = (x 1, x 2 ) or (x 2, x 1 ). Moreover there are (p 1) 2 solutions in which x 1 + x 2 = 0 or y 1 + y 2 = 0, 4

5 of which 2(p 1) have already been counted via (x 1, x 1, x 1, x 1 ) or (x 1, x 1, x 1, x 1 ). Suppose x, y is any other solution. Then Eliminating x 1 we are left with x 1 + x 2 = y 1 + y 2, y 1 y 2 (x 1 + x 2 ) = x 1 x 2 (y 1 + y 2 ). y 1 y 2 (y 1 + y 2 ) = x 2 (y 1 + y 2 x 2 )(y 1 + y 2 ), whence y 1 y 2 = x 2 (y 1 + y 2 x 2 ). This implies y 1 (y 2 x 2 ) = x 2 (y 2 x 2 ). Thus either y 2 = x 2 or y 1 = x 2, both of which are impossible. We conclude that whence as required. N 2 = 2(p 1) 2 (p 1) + (p 1) 2 2(p 1) = 3(p 1)(p 2), K(a, b; p) ( ) 1 M2 4 ( 3(p 2)p 2 2 (p 1) 3) 1 4 2p 3 4, p 1 How about lower bounds for K(a, b; p)? Noting that we see that there exist a, b F p such that M 2 max a,b K(a, b; p) 2 M 1, K(a, b; p) 2 M 2 = 2p3 3p 2 3p 1 M 1 p 2 > 2p 2. p 1 This shows that the Weil bound is (essentially) best possible. Now it is clear that K(a, b; p) = K(a, b; p). Hence K(a, b; p) R. Lemma 1.2 For a, b 0 and p prime we have K(a, b; p) 0. Proof: Let K = Q(ζ) be the cyclotomic field generated by ζ = e 2πi p. This field is Galois of degree p 1 with ring of integer O K = Z[ζ]. Moreover we have (p) = po K = p p 1, where p is the prime ideal generated by p and 1 ζ. In particular ζ 1 modulo p, and it follows that K(a, b; p) = x F p ζ ax+bx 1 x F p 1 (mod p) 1 (mod p). In particular K(a, b; p) is non-zero. 5

6 Theorem D (Fouvry) For a, b 0 and p prime we have ( 1 K(a, b; p) 2p 3 4 ) p 2. Proof: Let K = Q(ζ) be as before. Since Gal(K/Q) is formed from the p 1 automorphisms of K defined by ζ ζ l for 1 l < p, we see that the conjugates of the sum K(a, b; p) are just K(al, bl; p) for 1 l < p. Since K(a, b; p) O K it follows from Lemma 1.2 that p 1 1 N K/Q (K(a, b; p)) = K(al, bl; p) K(a, b; p) (2p 3 4 ) p 2, by Theorem C. l=1 It seems hard to do much better than this (after substituting Weil for Kloosterman in the proof). Thus Kloosterman sums illustrate the phenomena [G2] and [G3]. 1.4 Equidistribution Take f(x) = ax 3 + bx, g(x) = 1, so S(a, b; p) = S = x F p ζ ax3 +bx, where ζ = e 2πi p and a 0. Then S(a, b; p) R and the Weil bound is S(a, b; p) 2 p, which we will establish in 6. It is natural to ask how the numbers are distributed on [ 1, 1]. θp a,b S(a, b; p) = 2 p Horizontal distribution: fix a, b Z with a 0 and vary p. Vertical distribution: fix p and vary a, b F p with a 0. become equidistributed for the Sato Tate mea- In both cases it is conjectured that the θp a,b sure For the vertical version this is: µ([α, β]) = 2 π β Theorem E (Livné) For all α, β [ 1, 1] we have α 1 x 2 dx. 1 p(p 1) #{(a, b) F p F p : α θp a,b β} 2 β 1 x π 2 dx, α 6

7 as p. Thus as p the numbers θp a,b get more and more equidistributed. If χ is the characteristic function of the interval [α, β] then the left hand side is and the right hand side is 1 p(p 1) (a,b) F p Fp χ ( θ a,b p 2 1 χ(x) 1 x π 2 dx. 1 Characteristic functions are typically difficult to investigate using harmonic analysis so one tries instead to prove that as p we have 1 p(p 1) (a,b) F p Fp φ ( θ a,b p ) 2 π 1 1 ), φ(x) 1 x 2 dx, for nicer functions φ: [ 1, 1] C. Then (roughly) if one can do this for large enough class of φ then there is equidistribution. Since polynomials are dense in the set of nice functions it suffices to take φ(x) = x k and show, for every integer k 0, 1 p(p 1) say, as p. One calculates (a,b) F p F p c k = ( θ a,b p ) k 2 π 1 1 { 0 if k is odd, 1 2 k 1 k/2+1 ( ) k k/2 x k 1 x 2 dx = c k, if k is even. Let V M k = = 1 p(p 1) (a,b) F p F p ( θ a,b P ( ) 1 1 k p(p 1) 2 p ) k a F p b F p ζ ax3 +bx x Fp k, where ζ = e 2πi p. Arguing as in our treatment of Kloosterman s bound in 1.3 we see that the inner sum over a, b is T = ζ ax3 1 +bx 1... ζ ax3 k +bx k a 0 b x 1,...,x k = a 0 b x 1,...,x k ζ a( P x3 i )+b(p x i ). 7

8 But and Hence and it follows that b F p ζ b( P xi) = ζ a(p x 3 i ) = a F p T = V M k = x 1,...,x k pδ P x i =0 { p, if xi = 0, 0, if x i 0, { p 1, if x 3 i = 0, 1, if x 3 i 0. (pδp x 3i =0 1 ), 1 p(p 1) 1 ( (2 p) k p 2 #X k (F p ) p k), where X k A k denotes the affine variety k x 3 i = i=1 k x i = 0. i=1 In order to understand equidistribution we are therefore led to seek precise estimates for the counting function #X(F p ) associated to a higher-dimensional variety. Thus we are presented with phenomena [G4] and [G6] in this example. When k = 0 we have MV 0 = 1. When k = 1 we have as p. MV 1 = 1 p(p 1) 1 2 p (p2 1 p) = 1 2 0, p Exercise 1 Let k = 2, 3. Calculate #X k (F p ) and deduce that MV k c k. 8

9 2 Finite Fields Let F be any field, with multiplicative identity 1 F. The map λ : Z F such that λ(n) = n1 F is a ring homomorphism. It has kernel (n) = nz for some integer n 0. Hence we have a ring isomorphism Z/nZ G, where G is the integral domain obtained from the image of λ in F. If n = 0 then F contains a subring which is isomorphic to Z and we say F has characteristic 0. If n 0 then n = p for some prime p and F contains a subring which is isomorphic to F p = Z/pZ. We say F has characteristic p in this case. Let F be a finite field with cardinality q. Then char(f ) = p for some prime p, else F would contain a subfield isomorphic to Q (the field of fractions of G). Thus F contains a subfield K isomorphic to F p, which one usually identifies with K. Let f = [F : F p ]. Then q = p f. Theorem A Let F q be a finite field with q elements. Then q = p f for p prime and f N. For every such q there exists exactly one field F q. This field is the splitting field of X q X over F p, and all its elements are roots of X q X. Proof: We have already established the first part. Now let F q be given and let F q be the multiplicative group. Then #F q = q 1. If x F q then x q 1 = 1. Hence x q x = 0 for every x F p. Therefore X q X = x F q (X x), and it follows that F q is the splitting field of X q X over F q. But a splitting field is uniquely determined up to isomorphism. Now let F be the splitting field of X q X over F p, with q = p f. We claim F is the set of roots of X q X in F q. Let x 1,..., x q be the roots. These are distinct since d dx (Xq X) = 1 0. Also, x i + x j, x i x j are roots since (x i + x j ) q (x i + x j ) = x q i + xq j x i x j = 0 and (x i x j ) q x i x j = x q i xq j x ix j = x i x j x i x j = 0. Likewise x 1 j is a root if x j 0 and also x j is a root. Thus the roots form a field and so F = {x 1...., x q }. This completes the proof. Let F q be a finite field and let n N be given. Then q n = p nf. By Theorem A the splitting field of X qn X is precisely F p nf and has degree nf over F p. It follows that F q n has degree n over F q. Conversely any extension of degree n over F q has degree nf over F p and so must be F p nf. We have therefore established the following consequence: Corollary Given F q and n N there is a unique extension of F q of degree n and this is F q n. 9

10 We now investigate the nature of F q. Lemma 2.1 We have n = d n φ(d), where φ is the Euler totient function. Proof: Since φ is a multiplicative arithmetic function, so is h(n) = d n φ(d). Hence it suffices to check that p f = h(p f ). But as desired. h(p f ) = 1 e f ( p e 1 1 ) ( + 1 = pf+1 p 1 1 ) + 1 = p f, p p 1 p Lemma 2.2 Let H be a finite group of order n. Suppose that for every d n there are at most d elements x H such that x d = 1. Then H is cyclic. Proof: Let d n. Suppose there exists x H of order d. Then (x) = {1, x, x 2,..., x d 1 } is cyclic of order d. By hypothesis all elements y H such that y d = 1 belong to (x). In particular all elements of H of order d are generators of (x). There are φ(d) such elements. Hence the number of elements of H of order d is 0 or φ(d). By Lemma 2.1 it can t be 0, else n = φ(d) > #H = n, d n which is impossible. Hence there is an element x H of order n and H = (x). Taking H = F q and n = q 1 in Lemma 2.2 we obtain the following result: Theorem B F q is cyclic of order q 1. In particular it follows that F q = F p (x), if x is a generator of F q. We proceed to determine the automorphisms of a finite field. Let F q F r. Then r = q n. The Frobenius automorphism is the map ω = ω q : F r F r, given by ω(x) = x q. This is injective since if x q = y q then 0 = x q y q = (x y) q, whence x = y. Thus ω is also surjective (since it is injective on a finite set to itself). Moreover ω is an automorphism since ω(x+y) = (x+y) q = x q +y q = ω(x)+ω(y) and ω(xy) = ω(x)ω(y). It leaves F q fixed since if x F q then ω(x) = x q = x. Thus ω Gal(F r /F q ). If r = q n then 1, ω, ω 2,..., ω n 1 are automorphisms of F r over F q. They are distinct since if i, j such that ω i (x) = ω j (x) for all x F r, then i, j such that x qi x qj = 0 for all x F r. But the polynomial X qi X qj = 0 has degree less than r = q n. Hence the polynomial is identically zero and i = j. Since the order of the Galois group is n we have shown: 10

11 Theorem C The Galois group of F r over F q is cyclic with generator ω = ω q. Much of these lectures will be concerned with equations over finite fields. As a taster we establish the following basic result: Theorem D (Chevalley Warning) Let f 1,..., f k that k i=1 deg(f i) < n. Then N = #{x F n q : f 1 (x) = = f k (x) = 0} 0 F q [X 1,..., X n ] be polynomials such (mod p). Proof: Let P = k P = 0. Hence i=1 q 1 (1 fi ) and let x F n q. If f i (x) 0 then f i (x) q 1 = 1 and so N x F n q P (x) (mod p). By hypothesis deg P < n(q 1). Thus P is a linear conbination of monomials X u = X u 1 1 Xun n with n i=1 u i < n(q 1). Suppose without loss of generality that u 1 < q 1. If u 1 = 0 then x u1 = q = 0. x F q If u 1 1 then by Theorem B there exists y F q such that y u1 1, since u 1 < q 1. Hence x u1 = y u 1 x u 1 = y u 1 x u 1, x F q x F q x F q so that (1 y u 1 ) x F q x u 1 = 0 This implies that N 0(mod p) as required. Suppose that f 1,..., f k are homogeneous and let X P n 1 denote the corresponding variety f 1 = = f k = 0. Then clearly 0 is a trivial solution of the equations. Hence Theorem D implies that X(F q ) if deg f i < n. Corollary F q is a C 1 -field. Let s return to our general discussion of finite fields. Let F q n/f q be a finite extension. The trace map is the F q -linear map { Fq n F q Tr = Tr Fq n/f q : x x + x q + + x qn 1. The norm map is the multiplicative map { Fq n F q N = N Fq n/f q : x x x q x qn 1 = x (qn 1)/(q 1). 11

12 The latter restricts to a group homomorphism N : F q n F q. Furthermore, it is clear that N(ω(x)) = N(x) and Tr(ω(x)) = Tr(x) for any ω Gal(F q n/f n ) and x F q n. Lemma 2.3 (i) The trace map Tr : F q n F q is a surjective linear map with Ker(Tr) = {x F q n : x = y q y for some y F q n} (ii) The norm map N : F q n F q is a surjective homomorphism with Ker(N) = {x F q n : x = yq 1 for some y F q n}. Proof: For (i) we define δ : F q n F q n given by δ(y) = y q y. This is a F q -linear map with Ker(δ) = {y F q n : y q = y} = F q by Theorem C. Hence Im(δ) has dimension n 1. We claim that Ker(Tr) = Im(δ), which will be enough to conclude the proof of (i) since then dim Im(Tr) = n dim Ker(Tr) = 1, so that Tr is surjective. To establish the claim we have Im(δ) Ker(Tr), since for any y F q n, Tr(y q y) = Tr(y q ) Tr(y) = 0. On the other hand Ker(Tr) = {x F q n : P (x) = 0}, where P (X) = X + X q + + X qn 1 is a polynomial of degree q n 1. Hence # Ker(Tr) deg P q n 1, and so the inclusion already known must be an equality. Exercise 2 Establish the second part of Lemma 2.3 using the group homomorphism : F q n F q n given by (x) = xq 1. Lemma 2.3 shows that we have exact sequences of abelian groups 0 F q F q n δ F q n Tr F q 0, and 1 F q F q n F q n N F q 1. 12

13 3 Characters of Finite Abelian Groups Let G be any group. A character of G is a group homomorphism χ : G C. The set of characters of G forms a group Ĝ called the dual of G, with operation: (χ 1 χ 2 )(x) = χ 1 (x)χ 2 (x) inverse: χ 1 (x) = χ(x) 1 unit: trivial homomorphism χ 0 : x 1. If G is a finite group of order n then any χ Ĝ takes values in µ n = {z C : z n = 1}. Indeed for any x G we have χ n (x) = χ(x n ) = χ(1) = 1. Let e(x) = e 2πix. It is easily checked that the map x e(x/p) gives a group homomorphism for G = F p. More generally we have: Lemma 3.1 Let C n be the cyclic group of order n, with generator g. Given a residue class a(mod n), the map { Cn µ χ a : n g t e(at/n) is a character of C n. Every character of C n is of this type and Ĉn is cyclic of order n. Proof: The first part is clear. Moreover distinct residue classes give distinct characters. Since χ a χ b = χ a+b, the characters χ a form a group which is isomorphic to the integers modulo n, and hence it is cyclic of order n. Finally if χ Ĉn then χ n (g) = 1, so χ(g) = e(a/n) for some a. But than χ(g t ) = e(at/n), and so χ = χ a. Lemma 3.2 Let G = G 1 G 2 be a direct product of abelian groups G 1, G 2. Then. Ĝ = Ĝ1 Ĝ2 Proof: For every χ 1 Ĝ1 and χ 2 Ĝ2 we associate the map χ : G C, with χ(x 1, x 2 ) = χ 1 (x 1 )χ 2 (x 2 ). It is easy to check that χ is a character of G and in fact the map (χ 1, χ 2 ) χ is an isomorphism Ĝ1 Ĝ2 Ĝ. To check surjectivity we note that if χ Ĝ then χ(x 1, x 2 ) = χ(x 1, 1)χ(1, x 2 ) = χ 1 (x 1 )χ 2 (x 2 ), 13

14 with χ 1 (x) = χ(x, 1) and χ 2 (x) = χ(1, x). Clearly χ i Ĝi for i = 1, 2. Now any finite abelian group G is isomorphic to C n1 C n2 C nk, for cyclic groups C ni. Applying Lemma 3.1 and Lemma 3.2 repeatedly, we obtain: Theorem A For any finite abelian group G we have Ĝ = G. Given a group G we let χ 0 be the trivial character. The following facts will be used frequently. Theorem B Let G be a finite abelian group of order n. Then we have the orthogonality relations: (a) For any χ Ĝ (b) For any x G χ(x) = x G χ(x) = χ Ĝ { n : if χ = χ0, 0 : if χ χ 0. { n : if x = 1, 0 : if x 1. Proof: For part (a) we note that the formula is obvious if χ = χ 0. If χ χ 0 choose y G such that χ(y) 1. Then χ(y) x G χ(x) = x G χ(xy) = x G χ(x), whence the result. For part (b) apply part (a) to Ĝ, which is a finite abelian group of order n by Theorem A. We now focus on the two abelian groups (F q, +) and (F q, ), for a finite field F q, which we term additive and multiplicative, respectively. 3.1 Additive Characters of F q It is easy to give a uniform description of additive characters. If F q is a finite field with q = p f then we have an isomorphism of groups F q = (Fp ) f. Mimicking the proof of Lemma 3.1 one can show: Lemma 3.3 Let F q be a finite field of characteristic p. There is an isomorphism { Fq ˆF q a ψ a, 14

15 where ψ a is the character ( ) TrFq/F ψ a (x) = e p (ax). p More generally, if ψ is an additive character of F q, then the map is a character of F q n. x ψ(tr Fq n/f q (x)) Proof: That these maps are characters follows from linearity of the trace in Lemma 2.3 (i). Moreover, by Theorem A we have #F q = #ˆF q = q. Since a a implies that ψ a ψ a, it follows that ψ a runs through all additive characters of F q as a runs through F q. 3.2 Multiplicative Characters of F q By Theorem 2.B and Theorem A it follows that ˆF q is cyclic of order q 1. However it is still quite a complicated object to describe, since it is hard to give an explicit isomorphism ˆF q = Z/(q 1)Z. Nonetheless we know every χ ˆF q will have χ q 1 = χ 0, where χ 0 is the trivial (or principal) character. We say χ is of order d if χ d = χ 0, and if d is the least positive integer with this property. Clearly d q 1. By the structure of cyclic groups, the characters of order dividing d form a subgroup of order d. As an analogue of Lemma 3.3 we have: Lemma 3.4 If χ is a character of F q then the map x χ(n Fq n/f q (x)), is a character of F qn, with order equal to the order of χ. Proof: The first part is clear, and the second part follows from the surjectivity of the norm map in Lemma 2.3(ii). It is convenient to extend the definition of a character χ to all of F q by setting χ(0) = { 1 : χ = χ0, 0 : χ χ 0. 15

16 Exercise 3 Let F q be a finite field with q elements and let d q 1. For any x F q show that χ ˆF q χ d =χ 0 χ(x) = #{y F q : y d = x}. This sort of identity is very useful in analytic number theory to detect dth powers. 16

17 4 Gauss and Jacobi Sums Let F q be a finite field with q elements. Throughout this section we will let ψ be an additive character of F q and χ will always be a multiplicative character of F q. We will reserve ψ 0 (resp. χ 0 ) for the trivial additive (resp. multiplicative) character of F q. In Section 1 we met quadratic Gauss sums. We begin by discussing their generalisation. 4.1 Gauss Sums The Gauss sum associated to ψ and χ is g(χ, ψ) = x F q χ(x)ψ(x). By Theorem 3.B we have g(χ 0, ψ) = 0, if ψ ψ 0, g(χ, ψ 0 ) = 0, if χ χ 0, g(χ 0, ψ 0 ) = q. If q odd and χ = χ 2 is a non-trivial character of order 2 on F q, then for ψ ψ 0 we have g(χ 2, ψ) = 1 1 ψ(x) x F q y 2 =x = x F q ψ(x 2 ), by Exercise 3. If q = p and ψ(x) = e(x/p) then we retrieve the usual Gauss sum from Section 1 since then ( ) x χ 2 (x) =. p Indeed χ 2 (being of order 2) is trivial on the subgroup (F p) 2 of squares x 2, with x F p, and maps non-squares to 1 since χ 2 must factor F p F p/(f p) 2 { 1, +1}. If ψ 1 is any fixed non-trivial additive character on F q and ψ is any other character, then ψ(x) = ψ 1 (ax) for some a F q by Lemma 3.3. It is easy to see that g(χ, ψ) = x F q χ(x)ψ 1 (ax) = y F q χ(a 1 y)ψ 1 (y) = χ(a)g(χ, ψ 1 ). 17

18 We can also compute the modulus of Gauss sums: Theorem A If χ χ 0 and ψ ψ 0 then g(χ, ψ) = q 1 2. Proof: Let g = g(χ, ψ). We have Putting u = xy 1 we obtain g 2 = χ(x)ψ(x)χ(y) ψ(y) x F q y F q = χ(xy 1 )ψ(x y). x F q g 2 = y F q y F q u F q χ(u)ψ(y(u 1)), where we have now isolated a pure additive inner sum. By orthogonality (Theorem 2.B) we have ψ(y(u 1)) = ψ(y(u 1)) 1 y F q y F q = { 1 : if u 1, q 1 : if u = 1, whence g 2 = q u F q χ(u) = q, as required. Gauss sums are quite remarkable, being algebraic integers of modulus precisely q 1 2 which arise as a sum of roots of unity. Moreover if σ is any field automorphism of C then g(χ, ψ) σ = g(σ χ, σ ψ). Let q be a power of a prime p and let m Z. A q-weil number of weight m is an algebraic integer α such that i(α) = q m 2 for any embedding i : Q(α) C. A Gauss sum is an example of a q-weil number of weight 1 and p-th roots of unity give examples of q-weil numbers of weight Jacobi Sums Let F q be a finite field and let χ, λ be multiplicative characters of F q. The Jacobi sum associated with χ and λ is J(χ, λ) = χ(x)λ(y). x+y=1 18

19 To illustrate their use let N p denote the number of solutions of the equation x 2 + y 2 = 1 over F p, for p > 2. Then N p = 1 a+b=1 = a+b=1 1 x 2 =a y 2 =b ( ( a 1 + p = p + J(χ 2, χ 2 ), with χ 2 (x) = ( x p ). We need the following result: )) ( 1 + ( )) b p Lemma 4.1 For any non-trivial multiplicative character χ we have J(χ, χ 1 ) = χ( 1). Proof: It is clear that J(χ, χ 1 ) = x+y=1 y 0 χ ( ) x = ( ) x χ. y 1 x x 1 Setting z = as claimed. x (1 x) we see x = z 1+z if z 1, whence J(χ, χ 1 ) = χ(z) = χ( 1), It follows from Lemma 4.1 that ( ) 1 N p = p = p z 1 { p 1 : if p 1 (mod 4), p + 1 : if p 3 (mod 4). It turns out that Jacobi sums can be simply expressed in terms of Gauss sums. Theorem B Let χ, λ be non-trivial multiplicative characters on F q with χλ χ 0. For any non-trivial additive character ψ on F q we have J(χ, λ) = g(χ, ψ)g(λ, ψ). g(χλ, ψ) Proof: Expanding the definitions of the two sums involved we get J(χ, λ)g(χλ, ψ) = χ(x)λ(1 x)χ(y)λ(y)ψ(y). x y The sum can be restricted to x / {0, 1} and y 0, since χ and λ are non-trivial. Defining u = xy and v = y xy we get a bijective change of variables from (x, y) (F q \ {0, 1}) F q 19

20 to {(u, v) F q F q : u + v 0}. Indeed we can recover (x, y) by y = v + u and x = u/(u + v). Hence J(χ, λ)g(χλ, ψ) = χ(u)λ(v)ψ(u + v) since χλ χ 0. u,v F q u+v 0 = g(χ, ψ)g(λ, ψ) u F q = g(χ, ψ)g(λ, ψ), χ(u)λ( u) It follows from Theorems A and B that J(χ, λ) = q 1 2, and one sees that J(χ, λ) forms a q-weil number of weight 1. As a further application of Jacobi sums we quickly derive: Theorem C (Fermat) Let p 1 (mod 4) be a prime. Then there exists a, b Z such that p = a 2 + b 2. Proof: Let χ 2 be the Legendre character of order 2 on F p and let χ be a character of order 4. By Theorem B we have J 2 = p, with J = J(χ, χ 2 ). But J is a sum of terms χ(x)χ 2 (y), with χ(x) {±1, 0, ±i}, χ 2 (y) {0, ±1}. Hence J = a + bi for a, b Z and so p = J 2 = a 2 + b 2. Exercise 4 Let q be odd and let χ 2 be the non-trivial multiplicative character of order 2 on F q. Let χ, ψ be multiplicative, additive characters on F q, respectively. Use Theorem 4.B to show that g(χ 2, ψ)g(χ 2, ψ) = χ(4)g(χ, ψ)g(χχ 2, ψ). 4.3 Salié Sums One can generalise the notion of Kloosterman sums from Section 1 by defining K(ψ, η) = x F q ψ(x)η(x 1 ), for any additive characters ψ, η of F q. A related (but easier sum) is the Salié sum T (ψ, η) = x F q χ 2 (x)ψ(x)η(x 1 ), where ψ, η are additive characters of F q and χ 2 is the non-trivial multiplicative character of order 2 of F q. 20

21 Theorem D (Salié) Assume ψ, η ψ 0. Then we have T (ψ, η) = g(χ 2, ψ) y 2 =4a where a F q is such that η(x) = ψ(ax) for all x F q. Proof: The idea is to study the variation of the function φ(b) = T (ψ b, η) = x F q ψ(y), χ 2 (x)ψ(bx + ax 1 ). We represent this function using the discrete multiplicative Fourier expansion φ(b) = χ ˆφ(χ)χ(b), where χ runs over multiplicative characters of F q and ˆφ(χ) = 1 φ(b)χ(b). q 1 b F q This expression follows from orthogonality (Theorem 3.B). We now compute the Fourier coefficients ˆφ(χ) = 1 χ(b) χ 2 (x)ψ(bx + ax 1 ) q 1 b F q x F q = 1 q 1 = g(χ, ψ) q 1 χ 2 (x)ψ(ax 1 ) x F q b F q x F q χ 2 (x)χ(x)ψ(ax 1 ), χ(b)ψ(bx) by the property of Gauss sums recorded before Theorem A. Reapplying this property we deduce that ˆφ(χ) = g(χ, ψ)g(χ 2χ, ψ a ) q 1 An application of Exercise 4 now yields = χ 2(a)χ(a)g(χ, ψ)g(χ 2 χ, ψ). q 1 g(χ, ψ)g(χ 2 χ, ψ) = χ(4)g(χ 2, ψ)g(χ 2, ψ), whence ˆφ(χ) = χ 2(a)χ(4)χ(a)g(χ 2, ψ)g(χ 2, ψ). q 1 21

22 Finally we see that T (ψ, η) = φ(1) = χ ˆφ(x) = χ 2(a)g(χ 2, ψ) q 1 χ(4a)g(χ 2, ψ). χ Opening up the inner Gauss sum we obtain T (ψ, η) = χ 2(a)g(χ 2, ψ) q 1 χ(4ax 2 )ψ(x) χ = χ 2 (a)g(χ 2, ψ) x F q 4a=x 2 x F q ψ(x), by orthogonality. Finally we can remove the factor χ 2 (a), since if χ 2 (a) = 1 then the inner sum is zero anyway. Since a 0 the equation x 2 = 4a has either 0 or 2 solutions in F q. Since g(χ 2, ψ) is a q-weil number of weight 1 we deduce that T (ψ, η) is a sum of two q-weil numbers of weight 1, with T (ψ, η) 2 q. 22

23 5 Equations over Finite Fields Given a field F we write A n (F ) for the set of vectors x = (x 1,..., x n ), with x i F for 1 i n. The set A n (F ) is affine n-space over F and can be considered as a vector space by defining addition and scalar multiplication in the usual way. On the set A n+1 (F ) \ {0} we define the equivalence relation if and only if there exists γ F such that (x 0, x 1,..., x n ) (y 0, y 1,..., y n ) x i = γy i, for 0 i n. We define projective n-space P n (F ) to be the set of equivalence classes. If x A n+1 (F ), with x 0, then [x] will denote the corresponding equivalence class in P n (F ). (Note that the points of P n (F ) are in bijection with the lines in A n+1 (F ) passing through the origin). Points in P n (F ) represented by x = (x 0, x 1,..., x n ) with x 0 0 are called the finite points. Points in P n (F ) represented by (0, x 1,..., x n ) are called the points at infinity. Lemma 5.1 There is a bijection between finite points of P n (F ) and A n (F ). Proof: This follows on noting that every finite point can be uniquely represented by some (1, x 1,..., x n ). Thus P n (F ) has 2 pieces: a copy of A n (F ) (the finite points) and a copy of P n 1 (F ) (the points at infinity). Henceforth let F = F q be a finite field with q elements. We will be concerned in this section with the number of affine/projective zeros of polynomials with coefficients in F q. Lemma 5.2 We have #A n (F q ) = q n and #P n (F q ) = q n + q n Proof: The first part is trivial and the second part follows on noting that A n+1 (F q ) \ {0} has q n+1 1 elements and each equivalence class has #F q = q 1 elements. Given a polynomial f(x) = f(x 1,..., X n ) = with coefficients in F q, we will be interested in i 1 + +i n d N f = # {x A n (F q ) : f(x) = 0}. a i1,...,i n X i 1 1 Xin n, The equation f(x) = 0 defines a hypersurface in affine n-space. Likewise, given a homogeneous polynomial (a form) F (X) = F (X 0,..., X n ) = a i0,...,i n X i 0 0 Xin n, i 0 + +i n=d 23

24 with coefficients in F q, we will be interested in N F = # {[x] P n (F q ) : F (X) = 0}. The equation F (X) = 0 defines a hypersurface in projective n-space. 5.1 Crude Estimates Let f F q [X 1,..., X n ] be a non-zero polynomial of degree d. Then we have: Theorem A [Lang-Weil] N f dq n 1. Proof: If d = 0 then trivially N f = 0. If d = 1 then f(x 1,..., X n ) = a 1 X a n X n + c, and it is clear that N f = q n 1. If n = 1 then clearly N f d. Thus the result holds if n = 1 or if d 1. We proceed by double induction. Suppose n > 1 and d > 1. There are two cases: Case (i): x F q such that X 1 x divides f(x). Then f(x) = (X 1 x)g(x), where g is a non-zero polynomial with at most n variables and degree d 1. The induction hypothesis implies that N f q n 1 + (d 1)q n 1 = dq n 1. Case (ii): x F q such that X 1 x divides f(x). Then for any x F q, g x (X 2,..., X n ) = f(x, X 2,..., X n ) is a non-zero polynomial with n 1 variables and degree at most d. Hence the induction hypothesis implies that N f x F q N gx dq n 1. This completes the proof of the result. Given f F q [X 1,..., X n ] as above we may introduce the polynomial which will be homogeneous of degree d. f (X 0,..., X n ) = X d 0 f(x 1 /X 0,..., X n /X 0 ), Lemma 5.3: We have N f N f N f + dq n 2 (1 1 q ) 1. Proof: It is clear that N f = N f + N F, where F (X 1,..., X N ) = f (0, X 1,..., X n ). In particular Nf N f. Moreover Theorem A implies that N F dq n 1. Since any zeros counted by NF are considered the same when they are proportional, it follows that N f N f + dqn 1 q 1, 24

25 as required. Let us proceed to discuss how N f behaves on average. Given d let Ω d = {f F q [X 1,..., X n ] : deg f d}, ω d = { (i 1,..., i n ) Z N 0 : i i n d }. Then f Ω d if and only if f(x) = a i1,...,i n X i1 1 Xin (i 1,...,i n) ω d n, for a i1,...,i n F q. It is clear that #Ω d = q #ω d, with ( n + d #ω d = d ). Theorem B We have 1 #Ω d f Ω d N f = q n 1. Proof: Clearly, on reordering the summation, we have N f = 1 = f Ω d x F n q x F n q f Ω d f(x)=0 q #ω d 1, since for fixed x, the equation f(x) = 0 is linear in the coefficients. But then the result follows on noting that #F n q = q n. Exercise 5 : Apply Theorem B to show that 1 #Ω d f Ω d (N f q n 1 ) 2 = q n 1 q n 2. Exercise 5 shows that the average value of (N f q n 1 ) 2 is q n 1 q n 2 = O(q n 1 ). One might therefore expect that for most f one has N f = q n 1 + O(q n 1 2 ). We proceed to discuss some examples where this sort of estimate can actually be proved. 5.2 Quadric Hypersurfaces Assume F q is a finite field with q odd. A quadratic form over F q is given by Q(X) = Q(X 1,..., X n ) = a ij X i X j, 25 1 i,j n

26 with a ij = a ji F q. We have Q(X) = X T AX, where A = (a ij ) i,j n is a symmetric n n matrix. We define the determinant of Q to be det Q = det A. Two quadratic forms Q 1, Q 2 over F q are said to be equivalent, written Q 1 (X) Q 2 (X), if there is a non-singular matrix T such that Q 1 (X) = Q 2 (T X). If Q 1 (X) Q 2 (X), then det Q 1 = det Q 2 (det T ) 2. In particular, if Q 1 is non-singular and Q 1 (X) Q 2 (X), then Q 2 is also non-singular and det Q 1 / det Q 2 is a square in F q. We say Q represents a F q if there exists x F n q such that Q(x) = a. We say Q represents zero (or Q is isotropic) if there exists x F n q, with x 0, such that Q(x) = 0. Lemma 5.4 Suppose Q represents a F q. Then Q(X) ax P (X 2,..., X n ) for some quadratic form P (X 2,..., X n ) over F q. Proof: Let A be the underlying matrix of Q. Then there exists x F n q such that x T Ax = a. Since x 0 we may find a non-singular matrix B = x 1 c 12 c 1n.. x n c n2 c nn with c ij F q. Now Q(BX) = X T B T ABX, and the entry in the upper left corner of B T AB is x T Ax = a. Hence there exist b 2,..., b n F q such that Q(X) ax b 2 X 1 X b n X 1 X n + h(x 2,..., X n ). After completing the square on the right hand side, one is easily led to statement of lemma. Lemma 5.5 If a nonsingular quadratic form represents zero then it represents every element of F q. Proof: Equivalent forms clearly represent the same elements of F q. By linear algebra every quadratic form is equivalent to a diagonal form. (This can also be seen by applying Lemma 5.4 and induction). It follows we may assume that we are given a diagonal quadratic form n Q(X) = a i Xi 2, i=1 with a i F q for 1 i n. By assumption there exists x F n q \ {0} such that Q(x) = 0. Without loss of generality we may assume x 1 0. Put y 1 = x 1 (1 + t) and y i = x i (1 t) for 2 i n, for a parameter t F q. Then Q(y) = 2t(a 1 x 2 1 a 2 x 2 2 a n x 2 n) = 4ta 1 x 2 1. Clearly, given a F q, we deduce that Q represents a on choosing t = a/(4a 1 x 2 1 ). 26

27 Suppose now that Q F q [X 1,..., X n ] is a non-singular quadratic form with n 3. By Chevalley Warning (Theorem 2.D) we know Q represents zero. Hence Q represents 1 F q by Lemma 5.5. Hence Q(X) X P (X 2,..., X n ) by Lemma 5.4, for some quadratic form P. Hence there exist x 1,..., x n F q, not all zero, with x P (x 2,..., x n ) = 0. If x 1 0 then P represents 1. If x 1 = 0 then P represents 0, and so represents 1 by Lemma 5.5. Thus Lemma 5.4 yields Q(X) X 2 1 X R(X 3,..., X n ) X 1 X 2 + R(X 3,..., X n ), for some non-singular quadratic form R in n 2 variables. We may use these facts to study the cardinality N Q = #{x F n q : Q(x) = 0}. For d F q we introduce the symbol ( ) { d +1 : if d (F = q ) 2 q 1 : if d / (F q) 2 By our remarks above we have ( ) ( ) det Q1 det Q2 = q q for any non-singular equivalent quadratic forms Q 1, Q 2. We have the following result: Theorem C Let Q F q [X 1...., X n ] be a non-singular quadratic form with det Q = and n 3. Then q n 1 ( : n odd, N Q = q n 1 + (q 1)q n 2 2 : n even. ) ( 1) n 2 q Proof: By our work above we may assume that Q(X) = X 1 X 2 + R(X 3,..., X n ), for a non-singular quadratic form R. There are 2q 1 choices for x 1, x 2 F q such that x 1 x 2 = 0. Hence the number of x counted by N Q for which R(x 3,..., x n ) = 0 is (2q 1)N R. Likewise given x 3,..., x n such that R(x 3,..., x n ) 0, there are q 1 choices of x 1, x 2 such that Q(x) = 0. Hence the number of x counted by N Q for which R(x 3,..., x n ) 0 is (q 1)(q n 2 N R ). 27

28 Adding these together we find that N Q = q n 1 q n 2 + qn R. Suppose that n is odd. If n = 1 then N Q = 1. If n 3 then induction implies that N Q = q n 1 q n 2 + q q n 3 = q n 1, as required. Suppose now that n is even. If n = 2 then there exist a 1, a 2 F q such that Q(X 1, X 2 ) a 1 (X1 2 + (a 2/a 1 )X2 2 ). Moreover ( ) ( ) a1 a 2 =. q q If ( q ) = 1 then ( (a 2/a 1 ) q ) = 1 and so Q(X 1, X 2 ) has only the trivial zero, so that N Q = 1. If If ( q ) = 1 then ( (a 2/a 1 ) q ) = 1 and so there exist 2(q 1) non-trivial solutions to Q(X 1, X 2 ) = 0. Hence N Q = 1 + 2(q 1) = 2q 1 in this case. If n 4 then induction reveals that { )} (( 1) n 2 N Q = q n 1 q n 2 + q q n 3 + (q 1)q n 4 2 ( ) 2 as required. = q n 1 + (q 1)q n 2 2 ( ) ( 1) n 2, q q 5.3 Diagonal Hypersurfaces Given any polynomial f F q [X 1...., X n ] it follows from Theorem 3.B that N f = 1 ψ(f(x)), q ψ x F n q where the sum runs over additive characters ψ of F q. If ψ ψ 0 is a fixed additive character of F q then by Lemma 3.3 we see that ψ (a) (x) = ψ(ax) runs through all additive characters as a runs through F q. Hence N f = 1 q a F q x F n q ψ(af(x)). We will use this expression to calculate N f when f is a diagonal form of degree d. Theorem D Assume d q 1 and f(x) = a 1 X1 d + + a nxn, d with a i F q for 1 i n. Then for any additive character ψ of F q we have ( N f = q n ) χ q 1 (a 1 ) χ n (a n )g(χ 1, ψ) g(χ n, ψ), χ 1,...,χ n 28

29 where g(χ i, ψ) is a Gauss sum for each 1 i n and the sum is over multiplicative characters χ 1,..., χ n of F q, with χ i χ 0, such that χ 1 χ n = χ 0 and χ d i = χ 0. Proof: By our work above we have qn f = a F q ψ(aa 1 x d aa n x d n) x F n q = a F q n i=1 = q n + a F q By Exercise 3 (since d q 1) we have x i F q ψ(aa i x d i ) = ψ(aa i x d i ) x i F q n i=1 x i F q ψ(aa i x d i ). y i F q ψ(aa i y i ) χ d i =χ 0 χ i (y i ). If a 0 we may make the change of variables y i y i /(aa i ), to obtain ψ(aa i x d i ) = χ i (aa i ) χ i (y i )ψ(y i ) x i F q y i F q χ d i =χ 0 = χ d i =χ 0 χ i (aa i )g(χ i, ψ). Thus qn f q n = χ 1,...,χ n χ d i =χ 0 χ 1 (a 1 ) χ n (a n )g(χ 1, ψ) g(χ n, ψ) a F q χ 1 (a) χ n (a). If χ 1 χ n χ 0 then χ 1 (a) χ n (a) = χ 1 χ n (a) = 0, a F q a F q by Theorem 3.B (orthogonality). But if χ 1 χ n = χ 0 then χ 1 (a) χ n (a) = q 1. a F q Moreover if χ i = χ 0 then g(χ i, ψ) = 0 by 4.1. We deduce that qn f q n = (q 1) χ 1 (a 1 ) χ n (a n )g(χ 1, ψ) g(χ n, ψ), χ 1,...,χ n where the sum is over characters χ 1,..., χ n of F q for which χ i χ 0 and χ d i χ 1 χ n = χ 0. The theorem follows. = χ 0 and 29

30 Let g be a fixed generator of the cyclic group F q (Theorem 2.B). By Lemma 3.1 any multiplicative character χ i of F q, with χ d i = χ 0, is of the form χ i (g t ) = e(b i t/d), where b i [0, d) is an integer. In fact b i 0 if χ i χ 0. We have χ 1 χ n = χ 0 precisely when b 1 d + + b n d Z. Let A(d) be the number of b = (b 1,..., b n ) Z such that 0 < b i < d for 1 i n and b b n 0 (mod d). Then A(d) is the number of summands in Theorem D, whence: Corollary D.1 Let f(x) be as in the statement of Theorem D, with d q 1. Then ( N f q n 1 A(d) 1 1 ) q n 2. q by Theo- Proof: This follows on noting that each Gauss sum g(χ i, ψ) has modulus q 1 2 rem 4.A Note that A(d) < (d 1) n. In fact it is not hard to show that A n (d) = A(d) = d 1 d ( (d 1) n 1 ( 1) n 1), by induction on n. For n = 1 or n = 2 it is trivial to see that A 1 (d) = 0 and A 2 (d) = d 1. For n 2 we see that (b 1,..., b n ) is counted by A n (d) precisely if 0 < b i < d and b n b b n 1 0 (mod d) The number of possibilities for b 1,..., b n 1 is (d 1) n 1 A n 1 (d), whence A n (d) = (d 1) n 1 A n 1 (d). The claim then follows from the induction hypothesis. We note that Theorem D implies that for diagonal hypersurfaces the error term N f q n 1 is a sum of A(d) q-weil numbers. We would now like to study the dependence of the number of solutions on the field of coordinates. For any ν N let us write N f (ν) for the number of x F n qν such that n f(x) = a i x d i = 0, i=1 30

31 with a 1,..., a n F q and d q 1. If χ i is a character of F q, with χ d i = χ 0, Lemma 3.4 implies that χ ν,i (x) = χ i (N Fq ν /F q (x)) is a character of F q ν with the same order as χ i. Since the norm map is surjective (by Lemma 2.3) it follows that χ ν,i χ ν,i if χ i χ i. Hence as χ i runs through characters of F q with χ d i = χ 0, so χ ν,i runs through characters of F q ν with χ d ν,i = χ 0. Moreover we may replace ψ by ψ ν (x) = ψ(tr Fq ν /F q (x)), which is an additive character of F q ν. Thus in the formula of Theorem D, to get an expression for N f (ν), we must replace q by q ν, χ i (a i ) by χ ν,i (a i ) = (χ(a i )) ν, and g = g(χ i, ψ) by g ν = g(χ ν,i, ψ ν ). The Hasse-Davenport relation, which we shall prove in the following section (Theorem E), shows that g ν = ( g) ν. But then Theorem D implies that ( N f (ν) q ν(n 1) = ( 1) (ν 1)n 1 1 ) ( n ν q ν χ i (a i )g(χ i, ψ)), χ 1,...,χ n i=1 where the sum is over multiplicative characters of F q as in statement of Theorem D. Thus N f (ν) = i α ν i j β ν j for suitable q-weil numbers α i, β j of various weights. Weil (1949) conjectured that such a formula always holds for the counting function N f (ν) associated to a polynomial f F q [X 1,..., X n ]. We will return to this topic in Hasse-Davenport Relation Let χ (respectively, ψ) be a multiplicative (respectively, additive) character of F q. For an extension F q ν /F q we let χ ν = χ N Fq ν /F q and ψ ν = ψ Tr Fq ν /F q, as above. We wish to compare the Gauss sums g = g(χ, ψ) and g ν = g(χ ν, ψ ν ). Given a monic polynomial we define λ(f) = ψ(c 1 )χ(c n ). f(x) = X d c 1 X d ( 1) d c d F q [X], Lemma 5.6 For any monic f, g F q [X] we have λ(fg) = λ(f)λ(g). Proof: If g(x) = X e b 1 X e ( 1) e b e then Thus f(x)g(x) = X d+e (b 1 + c 1 )X d+e ( 1) d+e b e c d. λ(fg) = ψ(b 1 + c 1 )χ(b e c d ) = ψ(b 1 )ψ(c 1 )χ(b e )χ(c d ) = λ(f)λ(g), 31

32 as required. Lemma 5.7 Let α F q ν and let f F q [X] be the monic irreducible polynomial for α over F q. Then λ(f) ν d = χ ν (α)ψ ν (α), where d = deg f. Proof: Suppose f(x) = X d c 1 X d ( 1) d c d. Then Tr Fq ν /F q (α) = ν d c 1, N Fq ν /F q = c ν d d, by the transitivity of the trace and norm. But then λ(f) ν d = ψ(c1 ) ν d χ(cd ) ν d ( ν ) = ψ d c 1 χ(c ν d d ) = ψ ν (α)χ ν (α), as required. We now show how the Gauss sum g ν can be represented using the λ-function. Lemma 5.8 We have g ν = (deg f)λ(f) ν deg f, where the sum is over all monic irreducible polynomials f F q [X] with (deg f) ν. Proof: By the properties of finite field elucidated in 2 we have f(x) = X qν X, d ν deg f=d where the product is over all monic irreducible polynomials f F q [X] with degree dividing ν. Indeed the roots of the right hand side are exactly the elements x F q ν of multiplicity 1 and, conversely, every such x has a minimal polynomial which must occur, exactly once, among the polynomials on the left hand side. Now let f F q [X] be a monic irreducible polynomial with d = (deg f) ν and roots α 1,..., α d F q ν. Then Lemma 5.7 implies that d χ ν (α i )ψ ν (α i ) = dλ(f) ν d. i=1 Summing over all polynomials of the required type yields the result. We are now ready to prove: Theorem E (Hasse-Davenport relation) Let χ χ 0 (resp. ψ ψ 0 ) be a multiplicative (resp. additive) character of F q. Let ν N. Then g(χ ν, ψ ν ) = ( 1) ν 1 g(χ, ψ) ν. Proof: Expanding (1 λ(f)t deg f ) 1 as a geometric series and using unique factorisation in F q [X], we obtain the identity λ(f)t deg f = (1 λ(f)t deg f ) 1, f f 32

33 where the sum (resp. product) is over monic (resp. monic irreducible) f F q [X]. We define λ(1) = 1, for this to make sense. Now For d = 1 we have λ(f)t deg f = f deg f=1 by definition. Moreover, for d > 1 we have deg f=d d=0 deg f=d λ(f)t d. λ(f) = a F q λ(x a) = g(χ, ψ), λ(f) = λ(x d c 1 X d ( 1) d c d ) c 1,...,c d F q = q s 2 χ(c d )ψ(c 1 ) c 1,c d F q = 0, by orthogonality and the assumption χ χ 0, ψ ψ 0. Hence λ(f)t deg f = 1 + g(χ, ψ)t f = f (1 λ(f)t deg f ) 1. Taking logarithms of both sides gives log(1 + g(χ, ψ)t ) = f log(1 λ(f)t deg f ). Differentiating with respect to T and multiplying through by T we obtain g(χ, ψ)t 1 + g(χ, ψ)t = f (deg f)λ(f)t deg f 1 λ(f)t deg f. Expanding the denominators as power series yields u=1( 1) u 1 g(χ, ψ) u T u = f (deg f)λ(f) v T v deg f. v=1 Equating the coefficients of T u, we deduce that ( 1) u 1 g(χ, ψ) u = deg f u = g(χ u, ψ u ), (deg f)λ(f) u deg f by Lemma 5.8. This completes the proof of the theorem. 33

34 5.5 The Zeta Function of a Hypersurface Let F F q [X 0,..., X n ] be a form of degree d. For any ν N let N F (ν) = #{[x] P n (F q ν ) : F (x) = 0}. These numbers are naturally studied via the zeta function ( ) NF Z F (T ) = exp (ν)t ν. ν ν=1 It is possible to regard Z F (T ) either as a formal power series in Q[[T ]], or as a function of a complex variable which is defined and analytic on the disc By Lemma 5.2 it follows that {T C : T < q n }. #P n (F ν q ) = (qν ) n+1 1 q ν. 1 Hence the zeta function attached to projective n-space is ( n 1 ) (q m T ) ν Z 0 (T ) = exp ν m=0 ν=1 ( ) n 1 = exp log(1 q m T ) In particular we have Z 0 (T ) Q(T ). m=0 = (1 q n 1 T ) 1 (1 qt ) 1 (1 T ) 1. As a further example we calculate the zeta function associated to the curve X X3 1 + X 3 2 = 0 in P2 (F q ). Lemma 5.0 Let F (X) = X0 3 + X3 1 + X3 2. Then there exists a q-weil number π of weight 1 such that (1 + πt )(1 + πt ) Z F (T ) = (1 T )(1 qt ). Proof: It is clear that for each ν N we have NF (ν) = N F (ν) 1 q ν, 1 where N F (ν) = #{x A 3 (F q ν ) : F (x) = 0}. But then Theorem D (with n = 3 and a i = 1), together with the final part of 5.3, implies that ( N F (ν) = q 2ν + ( 1) ν ) {g(χ, ψ) 3 q ν + g(χ 2, ψ) 3}. 34

35 Here ψ is any additive character of F q and χ is the non-trivial cubic character of F q. Hence By Theorem 4.B we have N F (ν) = q ν ( 1)ν 1 {g(χ, ψ) 3ν + g(χ 2, ψ) 3ν } q ν. g(χ, ψ) 2 = J(χ, χ)g(χ 2, ψ), where J is the Jacobi sum. But χ 2 = χ 1 = χ, so that g(χ, ψ)g(χ 2, ψ) = g(χ, ψ)g(χ, ψ) = g(χ, ψ) χ( 1)g(χ, ψ) = χ( 1)q, by 4.1 and Theorem 4.A. Since χ( 1) = χ(( 1) 3 ) = 1, as χ is a cubic character, it follows on multiplying both sides by g(χ, ψ) that g(χ, ψ) 3 = πq, g(χ 2, ψ) 3 = πq, where π = J(χ, χ) is a q-weil number of weight 1. Direct calculation now shows that ( ) T ν (q ν ( 1) ν 1 (π ν + π ν )) Z F (T ) = exp ν as required = ν=1 (1 + πt )(1 + πt ) (1 T )(1 qt ), Lemma 5.9 provides a further example in which Z F (T ) Q(T ). Given any non-zero form F F q [X 0, X 1, X 2 ] which is non-singular over every algebraic extension of F q, Weil (1948) proved that P (T ) Z F (T ) = (1 T )(1 qt ), for P Z[T ] of degree (d 1)(d 2) = 2g, where d = deg F and g is the genus of curve defined by F. Furthermore he showed that each root α of P is a q-weil number of weight -1 (i.e. α = q 1 2 ). This last statement is called the Riemann Hypothesis for curves. To see the analogy set T = q s. Then ζ F (s) = Z F (q s ) = (1 q s ) 1 (1 q 1 s ) 1 P (q s ), and roots of Z F (T ) having absolute value q 1 2 R(s) = 1 2. is equivalent to the roots of ζ F (s) having In fact for any form F F q [X 0,..., X n ] Dwork (1959) proved the rationality of Z F (T ), whence there is a factorisation Z F (T ) = i(1 α it ) j (1 β jt ), 35

36 with α i, β j C. (Note that the constant term is 1, as can be seen by expanding definition of Z F (T ) as a power series about the origin). Lemma 5.10 Assume Z F (T ) C(T ) as above. Then N F (ν) = j βν j i αν i. Proof: Taking logarithmic derivatives we see that Z F (T ) Z F (T ) = i α i 1 α i T j β j 1 β j T. Multiplying by T and using geometric series (cf Theorem E), we obtain T Z F (T ) Z F (T ) = βj ν α ν i T ν. ν=1 j i But from the definition we see that the left hand side is Comparing coefficients gives the lemma. T Z F (T ) Z F (T ) = NF (ν)t ν. ν=1 In fact the converse of the lemma is easily seen to be true. Let us end this section with a brief discussion of the cohomological interpretation of the zeta function. Let V be a non-singular projective hypersurface defined by a form F F q [X 0...., X n ]. Let Ω : V V, Ω([x 0,..., x n ]) = [x q 0,..., xq n] be the (n + 1)-fold Frobenius automorphism from 2. For any ν let V ν = {[x] P n (F q ν ) : F (x) = 0}, so that N F (ν) = #V ν. Then if Ω ν denotes the composition of Ω with itself ν times we see that V ν is the set of fixed points of Ω ν on V. The Lefschetz Grothendieck fixed point formula states that for any prime we have N F (ν) = l p = char(f q ), 2(n 1) i=0 ( 1) i Tr(Ω ν ; H i (V, Q l )), where H i denotes the ith étale cohomology group and Ω denotes the induced mapping of Ω on the cohomology group. In fact H i = H i (V, Q γ ) is a finite dimensional vector 36

37 space over Q l, with dim H i = B i, the ith Betti number. Note that the cohomology groups vanish for i > 2 dim V = 2(n 1). By linear algebra we deduce that Z F (T ) = = 2(n 1) i=0 2(n 1) i=0 ( Tr(Ω ν ; H i )T ν exp ν ν=1 det(i T Ω ; H i ) ( 1)i+1 = P 1(T )P 3 (T ) P 2(n 1) 1 (T ) P 0 (T )P 2 (T ) P 2(n 1) (T ), ) ( 1) i with P i (T ) = det(i T Ω ; H i ) Q[T ] and deg P i = B i. Let P i (T ) = j (1 α ijt ). The values α ij are called the characteristic values of the zeta function (they are the eigenvalues of the Frobenius morphisms Ω j ). In fact, when V is non-singular, most of the cohomology groups vanish and we get: Theorem F (Deligne) Let e = n 1 dim V. (i) P i (T ) Z[T ] and P 0 (T ) = 1 T and P 2e (T ) = 1 q e T. (ii) [RH] For any 0 i 2e the characteristic value α ij is a q-weil number of weight i. (iii) [Functional equation] Let χ(v ) = 2e i=0 ( 1)i B i and { 1 : 2 e, ε = ( 1) N : 2 e, where N is the multiplicity of the eigenvalue q e 2 of Ω H e. Then ( ) 1 Z F q e = εq eχ(v ) 2 T χ(v ) Z F (T ). T (iv) Z F (T ) = P e (T ) ( 1)e 1 e j=o (1 qj T ) 1, where P e (T ) = { Pe (T ) : 2 e, P e (T )(1 q e 2 T ) 1 : 2 e. We will not prove this here. Grothendieck (1971) has calculated B e = d 1 d ( (d 1) n + ( 1) n+1) + { 0 : 2 e, 1 : 2 e, if F has degree d. Hence Lemma 5.10 yields the following result, which retrieves Corollary D.1 for diagonal hypersurfaces. Corollary F.1 If V is a non-singular hypersurface of dimension e defined over F q then #V (F q ) (q e + q e ) B e q e 2. 37

38 6 Riemann Hypothesis for sums in one variable In this section we record the Weil estimate for exponential sums in one variable and provide a self-contained proof for hyperelliptic curves. Let F q be a finite field and let χ (resp. ψ) be a non-trivial multiplicative (resp. additive) character of F q. Let f F q [X] be a polynomial of degree d. Then we have the following results. Theorem A (Weil) Assume χ has order e > 1 with e q 1. Let 1 m d be the number of distinct zeros of f in F q and assume there does not exist h F q [X] such that f = h e. Then χ(f(x)) x F q (m 1) q. Theorem B (Weil) Assume ψ non-trivial and d < q with (d, q) = 1. Then ψ(f(x)) x F q (d 1) q. By introducing the companion sums S ν (1) (f) = χ(n Fq ν /F q (f(x))), x F q ν S ν (2) (f) = ψ(tr Fq ν /F q (f(x))), x F q ν one can form associated zeta functions ( Z (i) f (T ) = exp ν=1 S (i) ν ) (f)t ν ν for i = 1, 2. As in 5.5 these are rational functions and one sees the analogy between the estimates in Theorems A, B and the Riemann Hypothesis for the ordinary zeta function. More generally we have: Theorem C (Dwork) Let f, g F q (X) and let χ (resp. ψ) be a multiplicative (resp. additive) character of F q. Let S ν = χ(n Fq ν /F q (f(x)))ψ(tr Fq ν /F q (g(x))). x F q ν Then there exist coprime polynomials P, Q C[T ], with P (0) = Q(0) = 1, such that ( ) S ν T ν Z(T ) = exp = P (T ) ν Q(T ). ν=1 38