On the Complexity of the Dual Bases of the Gaussian Normal Bases

Size: px

Start display at page:

Download "On the Complexity of the Dual Bases of the Gaussian Normal Bases"

Ralph Ferguson
5 years ago
Views:

1 Algebra Colloquium 22 (Spec ) (205) DOI: 0.42/S Algebra Colloquium c 205 AMSS CAS & SUZHOU UNIV On the Complexity of the Dual Bases of the Gaussian Normal Bases Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Alok Mishra Rajendra Kumar Sharma Wagish Shukla Department of Mathematics, Indian Institute of Technology Delhi, New Delhi 006, India alok.mishra.@gmail.com rksharma@maths.iitd.ac.in wagishs@maths.iitd.ac.in Received 2 September 202 Revised 2 March 203 Communicated by Zhongming Tang Abstract. In this paper, we study the complexity of the dual bases of the Gaussian normal bases of type (n, t), for all n and t 3, 4, 5, 6, of F q n over F q and provide conditions under which the complexity of the Gaussian normal basis of type (n, t) is equal to the complexity of the dual basis over any finite field. 200 Mathematics Subject Classification: T99, 2E20, 2E30 Keywords: finite fields, trace map, complexity of a normal basis, Gaussian normal basis of type (n, t), dual bases Introduction Let F q be a finite field, where q is a prime or a prime power. Consider an extension F q n of F q, and α F q n. A normal basis of F q n over F q is a basis of the form N {α, α q,..., α qn }, where we say that α is a normal element of F q n, or that α generates the normal basis N. It is well-known that the normal bases exist in any finite extension of a finite field (see [5, Theorem 2.34]). Let N {α 0, α,..., α n } be a normal basis of F q n over F q, where α i α qi for 0 i n. Then for any 0 i, j n, α i α j is a linear combination of α 0, α,..., α n with coefficients in F q. In particular, αα i n t ijα j, 0 i n and t ij F q. For the normal basis N there is an associated matrix T α (t ij ) given by above relations. The number of nonzero entries in T α is called the complexity of the normal basis N, denoted by c N. It is proved that c N 2n for any normal basis N of F q n over F q (see [, Theorem 5.]). Let M {β 0, β,..., β n } be another basis of F q n over F q ; M is said to be the dual basis of N if Tr Fq n /F q (α i β j ) δ ij, i, j n. Here, δ ij denotes the Kronecker delta function, i.e., δ ij 0 if i j, and δ ij if

2 90 A. Mishra, R.K. Sharma, W. Shukla Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. i j. If α generates a normal basis N of F q n over F q and β generates the dual basis of N, then β is a dual element of α. We know that the dual basis of a normal basis is also a normal basis (see [, Corollary.4]). With the development of coding theory and appearance of several cryptosystems using finite fields, the implementation of finite field arithmetic, in either hardware or software, is required. Of course, the advantages of using a normal basis representation have been known from many years. The complexity of the hardware design of multiplication schemes due to Mullin, Onyszchuk and Vanstone [8] and Massey and Omura [6] by using normal bases to represent finite fields heavily depends on the choice of normal bases used. Normal bases are widely used in applications of finite fields in many areas, such as coding theory, cryptography and signal processing. In particular, optimal normal bases are desirable, but not all finite fields have optimal normal bases. So, to work efficiently in other fields for practical applications, one needs to construct a normal basis of complexity as low as possible. Christopoulou, Garefalaakis, Panario, et al. [2] gave the complexity of the Gaussian normal basis of type (n, t) for all n and t 3, 4, 5 and 6 over any finite field. In this paper, we study the complexity of the dual basis of the Gaussian normal basis of type (n, t) for all n and t 3, 4, 5 and 6 over any finite field, and give conditions under which the complexity of the Gaussian normal basis of type (n, t) is equal to the complexity of the dual basis over any finite field. 2 Preliminaries In this section, we recall some notions and results on Gauss periods and Gaussian normal bases. Definition 2.. Let r nt be a prime not dividing q and κ be the unique subgroup of order t in Z r. Let κ 0,..., κ n be cosets of κ in Z r and β be a primitive r-th root of unity in F q nt. The elements α i, i 0,,..., n, are given by α i a κ i β a, where κ i {a q i : a κ} Z r. The elements α 0, α,..., α n are called Gauss periods of type (n, t) over F q. Note that Gauss periods are elements of F q n and Tr Fq n /F q (α). The following theorem gives conditions under which Gauss periods define normal elements. Theorem 2.2. [2, 3] Let α F q n be a Gauss period of type (n, t) as defined above. The following are equivalent: The set N {α, α q,..., α qn } forms a normal basis of F q n over F q. If e is the order of q modulo r, then gcd(nt/e, n). The (disjoint) union of κ 0, κ,..., κ n is Z r. Equivalently, Z r q, κ. Let α 0, α,..., α n be the Gauss periods forming a normal basis of F q n over F q. We follow the form of the multiplication table of normal bases due to Gauss periods presented by Gao, Panario, Shoup, et al. [3]. First we define cyclotomic numbers t ij ( κ i ) κ j. Also, let j 0 < n be the unique index such that κ j0. If t is even then j 0 0, and if t is odd then j 0 n/2. Finally, define { 0 if j j0, µ j if j j 0.

3 On Complexity of Dual Bases of Gaussian Normal Bases 9 Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Then the form of the multiplication table T α is αα i µ i t n t ijα j. An explicit determination of the multiplication table T α, therefore, depends on the cyclotomic numbers t ij. In our results we use an equivalent form of the rows of the multiplication table. We have n t ij α j n (t ij µ i t)α j n µ i tα j, where the last sum is µ i t Tr Fq n /F q (α) µ i t. Thus, αα i n (t ij µ i t)α j. Lemma 2.3. [2, Lemma 2.3] Let n, t N with n, t >, and r nt be an odd prime. Let ω be a primitive t-th root of unity in F r, and let κ be the subgroup of F r of order t. Then there are (t )(t 2) 2 distinct subsets {x, y} F r \{0, } such that x y and x y κ, given by S i,j, where x i,j ωj ω, y ij i,j w i x i,j, i, j t, i j < t. Furthermore, S t 2j, j κ, j t 2. Lemma 2.4. [4] Suppose that N is the Gaussian normal basis of type (n, t) generated by α and t n. Then tn α t if t 0 (mod 2), tn δ tn α n t otherwise 2 tn generates the dual basis of N. Hence, N is self-dual if and only if one of the following is true: (i) t 0 (mod 2) and p 2. (ii) p (mod 2) and t 0 (mod 2p). (iii) t (mod 2) and n p 2. 3 Main Results In this paper, we give the complexities of the dual bases of the Gauss periods of type (n, 3), (n, 4), (n, 5) and (n, 6), and also conditions for which the complexity of the Gaussian normal basis of type (n, t) and its dual basis are the same. For finding the multiplication table of the Gauss periods of type (n, 3), we have the following lemma. Lemma 3.. [2, Lemma 3.] Let n N with n > 3 and let r 3n be a prime. Let ω be a primitive 3rd root of unity in F r and let κ ω. There is one subset S {x, y} F r \{0, } such that x y, x x y κ and y κ. In particular, S {ω, ω 2 } κ. Theorem 3.2. Let α be a Gauss period of type (n, 3) and N be the Gaussian normal basis of type (n, 3) generated by α. Further, let δ be a generator of the dual basis M of N. Then (i) The complexity of the dual basis M is bounded by 5n 3 when q is a power of some odd prime p > 3. (ii) The complexity of the dual basis M is 3n 2 when q is a power of 3.

4 92 A. Mishra, R.K. Sharma, W. Shukla Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. (iii) The complexity of the dual basis M is bounded by 3n when q is a power of 2. Proof. (i) Let r 3n be a prime and q be a power of some odd prime such that (3n, q). Let κ {, τ, τ 2 }, where τ is a primitive 3rd root of unity in Z r and κ i {q i a : a κ}. Let α be a Gauss period of type (n, 3) over F q and N {α 0, α,..., α n }, where α i α qi, 0 i n, is the Gaussian normal basis of type (n, 3) generated by α. The multiplication table T α of N is given by αα i n (t ij µ i t)α j, 0 i n. Let M {δ 0, δ,..., δ n }, where δ i δ qi, 0 i n, be the dual basis of N of F q n over F q. In this case δ 3n α n/2 3n. To examine the multiplication table T δ of the dual basis M generated by δ, we require the expression of the products δδ i in terms of the basis elements δ, δ,..., δ n. For i 0,,..., n, ( 3n α n/2 3 )( 3n 3n α n/2i 3 ) 3n (3n ) 2 (αα 3 i) qn/2 (3n ) 2 α 3 n/2 (3n ) 2 α 3 2 n/2i (3n ) 2 ( n )( αjn/2 (t ij µ i 3) 3n 3n 3 ) 3 ( αn/2 3n 3n 3n 3 ) 3n 3 ( αn/2i 3n 3n 3 ) 3 ( n ) 3 2 3n (3n ) 2 (t ij µ i 3) (3n ) 2 ( n ) ij µ i 3)δ jn/2 3n (t 3 3n δ n/2 3 3n δ in/2 3 ( n ) 3 2 (3n ) 2 (t ij µ i 3) (3n ) 2. () Now we consider different cases for i. Case : i 0. The first row of the multiplication table T δ of the dual basis M is given by ( n ) t 0j δ jn/2 3 3n 3 ( n ) (3n ) 2 t 0j 3n δ n/2 3 3n δ n/2 3 2 (2) (3n ) 2 as µ 0 0. Since all κ i for i 0,,..., n form a partition of Z r and n t 0j 3, it follows from Lemma 3. that t 0j 2 for exactly one j, where 0 j n. Thus from (2), 3n (2δ j δ j2 ) 6 3n δ, 0 j, j 2 n. Hence, the first row of the multiplication table T δ of M contains at most three nonzero entries.

5 On Complexity of Dual Bases of Gaussian Normal Bases 93 Case 2: i n/2. In this case µ n/2, so from () we have δδ n/2 ( n (t n/2, j 3)δ jn/2 ) 3 3n 3 ( n (3n ) 2 ) (t ij 3) 3n δ n/2 3 3n δ 3 2 (3) (3n ) 2. Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Since κ 0 and n t n/2, j 2, by Lemma 3. there exist j, j 2 such that t n/2, j t n/2, j2. So from (3) we get δδ n/2 3n ( 2δ j 2δ j2 3δ j3 3δ jn ) 3 3n δ n/2 3 3n δ 3 n δ j 3n 3n (δ j δ j2 ) 3 3n δ n/2 3 3n δ. Thus, the n 2 -th row of the multiplication table T δ of M contains at most four nonzero entries. Case 3: i 0, n/2. As µ 0, from () we have ( n ) t ij δ jn/2 3 3n 3 ( n ) (3n ) 2 t ij 3n δ n/2 3 3n δ in/2 3 2 (4) (3n ) 2. By Lemma 3. and the fact that n t mj 3, it follows that each nonzero t ij. So from (4), 3n (δ h δ h2 δ h3 ) 3 3n δ n/2 3 3n δ in/2, 0 h, h 2, h 3 n. Thus for all i 0, n/2, the i-th row of the multiplication table T δ of M contains at most five nonzero entries. Hence, the multiplication table T δ of M contains at most 34(n 2) 5 5n 3 nonzero entries. Consequently, the complexity of the dual basis M generated by δ is bounded by 5n 3. (ii) The first row of the multiplication table T δ of the dual basis M is given by 3n (2δ j δ j2 ) 6 3n δ 3 ( n ) 3 2 (3n ) 2 t 0j (3n ) 2 3n (2δ j δ j2 ), 0 j, j 2 n, since the characteristic is 3. Thus, the first row of the multiplication table T δ of the dual basis M contains exactly two nonzero entries.

6 94 A. Mishra, R.K. Sharma, W. Shukla Since κ n/2 and n t n/2, j 2, it follows from Lemma 3. that t n/2, j < 2 for all j. Thus from (), the n 2 -th row of the multiplication table T δ of the dual basis M is given by δδ n/2 n t n/2, j δ jn/2 3n 3n (δ j δ j2 ), 0 j, j 2 n. Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Therefore, the n 2 -th row contains exactly two nonzero entries. For i 0, n/2, the i-th row of the multiplication table T δ of M is of the form 3n (δ h δ h2 δ h3 ), because by Lemma 3. and the fact n t ij 3 we get that each nonzero t ij is equal to. Thus, each of the remaining n 2 rows of T δ of the dual basis M contains exactly three nonzero entries. Consequently, the complexity of the dual basis M is exactly 2 2 (n 2) 3 3n 2. In this case, the complexities of the Gaussian normal basis of type (n, 3) and its dual basis are the same. (iii) The proof is the same as above except for the first row and the n 2 -th row. When q is a power of 2, the expression for the first row of the multiplication table T δ of the dual basis M is given by 3n (2δ j δ j2 ) 3n δ j 2, 0 j 2 n. So the first row of the multiplication table T δ of the dual basis M contains only one nonzero entry. The n 2 -th row of T δ of the dual basis M is of the form δδ n/2 3n ( δ j δ jn 2 ) 3n δ n/2 3n δ 3n 3n (δ j h δ jh2 ) 3n δ n/2 3n δ, n δ j where 0 j hi n. Thus, the n 2 -th row of the multiplication table T δ of the dual basis M contains at most four nonzero entries. Hence, the complexity of the dual basis M is at most 4 (n 2) 3 3n. For finding the multiplication table of the Gauss periods of type (n, 4), we have the following lemma. Lemma 3.3. [2, Lemma 3.5] Let n N with n > 2 and r 4n be an odd prime. Let ω be a primitive 4th root of unity in F r and κ ω. There are three distinct subsets {x, y} F r \{0, } such that x y, x x y κ and y κ. These sets are disjoint and exactly one is a subset of κ. Theorem 3.4. Let α be a Gauss period of type (n, 4) and N be the Gaussian normal basis of type (n, 4) generated by α. Further, let δ ( 4n α 4n) 4 be a generator of the dual basis M of N. Then (i) The complexity of the dual basis M is bounded by 6n 5 when q is a power of some odd prime p > 4.

7 On Complexity of Dual Bases of Gaussian Normal Bases 95 (ii) The complexity of the dual basis M is 4n 7 when q is a power of 2. (iii) The complexity of the dual basis M is bounded by 6n 5 when q is a power of 3. Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Proof. (i) The i-th row of the multiplication table T δ of the dual basis M generated by δ is given by ( n ) ij µ i 4)δ j 4n (t 4 4n δ 4 4n δ i 4 ( n ) 4 2 (4n ) 2 (t ij µ i 4) (4n ) 2. From Lemma 3.3, we observe that t ij < 3 for all 0 i, j n and the case where t ij t ij2 2 is invalid. Now we give the number of nonzero entries in each row of the multiplication table T δ. The first row of the multiplication table T δ of the dual basis M is given by ( n ) 0j 4)δ j 4n (t 8 4n δ 4 ( n ) 6 (4n ) 2 (t 0j 4) (4n ) 2. (5) Since κ 0 and n t 0j 3, it follows from Lemma 3.3 that t 0j 2 for some unique j, where j {0,,..., n }. Thus from (5), we have ( n ) 0j 4)δ j 4n (t 8 4n δ 4 n δ j 4n 4n (2δ j δ j2 ) 8 4n δ, 0 j, j 2 n. Thus, the first row of the multiplication table T δ of the dual basis M contains at most three nonzero entries. The i-th (i 0) row of the multiplication table T δ of the dual basis M is given by 4n n t ij δ j 4 4n δ 4 4n δ i 4 n (4n ) 2 t ij 6 (4n ) 2. From n t ij 4 and Lemma 3.3, we have precisely two entries t ij 2 and t i j 2, where i i. Thus, there are exactly two rows of the form 4n (2δ j δ 2 δ 3 ) 4 4n δ 4 4n δ i, having at most five nonzero entries, and n 3 rows are of the form 4n (δ j δ 2 δ 3 δ 4 ) 4 4n δ 4 4n δ i, having at most six nonzero entries. Hence, the complexity of the dual basis generated by δ is at most (n 3) 6 6n 5.

8 96 A. Mishra, R.K. Sharma, W. Shukla (ii) The i-th row of the multiplication table T δ of the dual basis M generated by δ is ( n ) ij δ j. 4n t Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. The first row (i 0) of the multiplication table T δ of the dual basis M is given by 4n δ j 2. Thus, the first row of the multiplication table T δ has only one nonzero entry. For i 0, exactly two rows are of the form 4n (δ j δ j2 ), and n 3 rows are of the form 4n (δ j δ j2 δ j3 δ j4 ). Hence, the number of nonzero entries of T δ is 2 2 (n 3) 4 4n 7. Thus when the characteristic is 2, the complexity of the Gaussian normal basis of type (n, 4) is the same as that of the dual basis, i.e, 4n 7. (iii) The i-th row of the multiplication table T δ of the dual basis M generated by δ is given by ( n ) ij µ i )δ j 4n (t 4n δ 4n δ i ( n ) (4n ) 2 (t ij µ i ) (4n ) 2. By Lemma 3.3, µ 0 and the fact n t 0j 3, the first row of the multiplication table T δ of the dual basis M is given by 4n (2δ j δ j2 ) 2 4n δ, and it contains at most three nonzero entries. For i 0, we observe that there are exactly two rows of the form 4n (2δ j δ 2 δ 3 ) 4n δ 4n δ i, having at most five nonzero entries, and n 3 rows of the form 4n (δ j δ 2 δ 3 δ 4 ) 4n δ 4n δ i, having at most six nonzero entries. Hence, the complexity of the dual basis M is bounded by (n 3) 6 6n 5. For finding the multiplication table of the Gauss periods of type (n, 5), we have the following lemma. Lemma 3.5. [2, Lemma 3.9] Let n N with n > 2 and r 5n be an odd prime. Let ω be a primitive 5th root of unity in F r and κ ω. There are six distinct subsets {x, y} F r \{0, } such that x y, x x y κ and y κ, and these sets are disjoint. Furthermore, exactly two of these subsets are subsets of κ. Theorem 3.6. Let α be a Gauss period of type (n, 5) and N be the Gaussian

9 On Complexity of Dual Bases of Gaussian Normal Bases 97 normal basis of type (n, 4) generated by α. Furthermore, let δ be a generator of the dual basis M of N. Then (i) The complexity of the dual basis M is bounded by 7n 8 when q is a power of some odd prime p 5. (ii) The complexity of the dual basis M is bounded by 7n 5 when q is a power of 2. (iii) The complexity of the dual basis M is 5n 7 when q is a power of 5. Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Proof. (i) The i-th row of the multiplication table T δ of the dual basis M generated by δ is of the form 5n 5 ( n (5n ) 2 ( n (t ij µ i 5)δ jn/2 ) 5 ) (t ij µ i 5) 5n δ n/2 5 5n δ in/2 5 2 (6) (5n ) 2, where µ i if i n/2 and µ i 0 if i n/2. By Lemma 3.5, we have t ij < 3 for 0 i, j n, i n/2. Next, we observe that the case t ij t ij2 2 is invalid for a fixed i. Finally, we analyze the multiplication table T δ for different rows. Case : i 0. The first row of the multiplication table T δ of the dual basis M generated by δ is given by 5n ( n ) t 0j δ jn/2 0 5n δ n/2 5 ( n ) (5n ) 2 t 0j 5 2 (5n ) 2. By Lemma 3.5 and n t 0j 5, it follows that t 0j t 0j2 2 for j j 2. Thus, 5n (2δ j n/2 2δ j2n/2 δ j3n/2) 0 5n δ n/2. Hence, there are at most four nonzero entries in the first row of the multiplication table T δ of the dual basis M. Case 2: i n/2. Since κ n/2, n t n/2, j 4 and µ n/2, from (6) the n 2 -th row of the multiplication table T δ of the dual basis M is given by ( n ) δδ n/2 n/2, j 5)δ jn/2 5n (t 5 5n δ n/2 5 5n δ 5 ( n ) 5 2 (5n ) 2 (t ij 5) (5n ) 2 5n (δ j δ j2 δ j3 δ j4 ) 5 5n δ n/2 5 5n δ, where j h {0,,..., n }. Consequently, the n 2 -th row of the multiplication table T δ contains at most six nonzero entries. Case 3: i 0, n/2.

10 98 A. Mishra, R.K. Sharma, W. Shukla The i-th row of the multiplication table T δ of the dual basis M is given by ( n ) t ij δ jn/2 5 5n 5 ( n ) (5n ) 2 t ij 5n δ n/2 5 5n δ in/2 5 2 (5n ) 2. Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. By Lemma 3.5 and n t ij 5, we get t ij 2 for four different i. Thus, we observe that there are exactly four rows of the form δδ m 5n (2δ j δ 2 δ 3 δ 4 ) 5 5n δ n/2 5 5n δ mn/2, having at most six nonzero entries, and n 6 rows of the form δδ m 5n (δ j δ 2 δ 3 δ 4 δ 5 ) 5 5n δ n/2 5 5n δ mn/2, having at most seven nonzero entries. Hence, the complexity of the dual basis M generated by δ is at most 4 6 (n 6) n 8. (ii) The i-th row of the multiplication table T δ of the dual basis M generated by δ is given by ( n ) ij µ i )δ jn/2 5n (t 5n δ n/2 5n δ in/2 ( n (5n ) 2 ) (t ij µ i ) (5n ) 2. The first row of the multiplication table T δ of the dual basis M is given by 5n δ n/2j. Thus, the first row of the multiplication table T δ contains only one nonzero entry. The n 2 -th row of the multiplication table T δ of the dual basis M is given by δδ n/2 5n (δ j δ j2 δ jn 4 ) 5n δ n/2 5n δ δ j 5n 5n (δ j δ j2 δ j3 δ j4 ) 5n δ n/2 5n δ. Thus, the n 2 -th row of the multiplication table T δ contains at most six nonzero entries. For i 0, n/2, there are exactly four rows of the form 5n (δ j δ j2 δ j3 ) 5n δ n/2 5n δ mn/2, having at most five nonzero entries, and n 6 rows of the form 5n (δ j δ j2 δ j3 δ j4 δ j5 ) 5n δ n/2 5n δ mn/2, having at most seven nonzero entries. n

11 On Complexity of Dual Bases of Gaussian Normal Bases 99 Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Hence, the complexity of the dual basis M is at most 6 (n 6) n 5. (iii) The i-th row of the multiplication table T δ of the dual basis M generated by δ is given by ( n ) ij δ jn/2. 5n t Then the first row of the multiplication table T δ of the dual basis M is given by 5n (2δ j n/2 2δ j2n/2 δ j3n/2). Thus, the first row of the multiplication table T δ contains exactly three nonzero entries. The n 2 -th row of the multiplication table T δ of the dual basis M is given by δδ n/2 5n (δ j δ j2 δ j3 δ j4 ). So the n 2 -th row of the multiplication table T δ contains four nonzero entries. We observe that there are exactly four rows of the form δδ m 5n (2δ j δ 2 δ 3 δ 4 ), having four nonzero entries, and n 6 rows of the form δδ m 5n (δ j δ 2 δ 3 δ 4 δ 5 ), having five nonzero entries. Hence, the complexity of the dual basis M is 3 4 (n 6) n 7. Thus when the characteristic is 5, the complexity of Gaussian normal basis of type (n, 5) is the same as the complexity of the dual basis, i.e, 5n 7. For finding the multiplication table of the Gauss periods of type (n, 6), we have the following lemma. Lemma 3.7. [2, Lemma 3.3] Let n N with n > 2 and r 6n be an odd prime. Let ω be a primitive 6th root of unity in F r and κ ω. There are ten distinct subsets {x, y} F r \{0, } such that x y, x x y κ and y κ. These sets are disjoint and exactly two of them are subsets of κ. Theorem 3.8. Let α be a Gauss period of type (n, 6) and N be the Gaussian normal basis of type (n, 6) generated by α. Further, let δ be a generator of the dual basis M of N. Then (i) The complexity of the dual basis M is bounded by 8n 2 when q is a power of some odd prime p > 3. (ii) The complexity of the dual basis M is 6n 2 when q is a power of 2. (iii) The complexity of the dual basis M is bounded by 6n when q is a power of 3.

12 920 A. Mishra, R.K. Sharma, W. Shukla Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. Proof. (i) The first row of the multiplication table T δ of the dual basis M is given by ( n ) 0j 6)δ j 6n (t 2 6n δ 6 ( n ) 36 (6n ) 2 (t 0j 6) (6n ) 2. Since κ 0 and n t 0j 5, it follows from Lemma 3.7 that there exist exactly two j for which t 0j 2, 0 j n. Therefore, ( n ) 0j 6)δ j (t 2 6n δ 6 n 6n 6n 6n (2δ j 2δ j2 δ j3 ) 2 6n δ δ j for some 0 j, j 2, j 3 n. Thus, the first row of the multiplication table T δ contains at most four nonzero entries. The i-th (i 0) row of the multiplication table T δ of the dual basis M is given by 6n n t ij δ j 6 6n δ 6 6n δ i 6 n (6n ) 2 t ij 36 (6n ) 2. By n t ij 6 and Lemma 3.7, we have precisely eight entries having t ij 2 for distinct i. Thus, there are exactly eight rows of the form 6n (2δ j δ 2 δ 3 δ 4 δ 5 ) 6 6n δ 6 6n δ i, having at most seven nonzero entries, and n 9 rows of the form 6n (δ j δ 2 δ 3 δ 4 δ 5 δ 6 ) 6 6n δ 6 6n δ i, having at most eight nonzero entries. Consequently, the complexity of the dual basis M generated by δ is at most (n 9) 8 8n 2. (ii) The first row of the multiplication table T δ of the dual basis M is given by 6n δ j. Thus, the first row of the multiplication table T δ contains only one nonzero entry. If the characteristic is 2, then in the multiplication table T δ there are exactly eight rows of the form 6n (δ j δ 2 δ 3 δ 4 ), having four nonzero entries, and n 9 rows of the form 6n (δ j δ 2 δ 3 δ 4 δ 5 δ 6 ), having six nonzero entries. Consequently, the complexity of the dual basis M is 8 4 (n 9) 6 6n 2, which is the same as that of the Gaussian normal basis of type (n, 6). (iii) The first row of the multiplication table T δ of the dual basis M is given by 6n (2δ j 2δ j2 δ j3 ). Thus, the first row of the multiplication table T δ contains three nonzero entries. If the characteristic is 3, then in the multiplication

13 On Complexity of Dual Bases of Gaussian Normal Bases 92 Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. table T δ there are exactly eight rows of the form 6n (2δ j δ 2 δ 3 δ 4 δ 5 ), having exactly five nonzero entries, and n 9 rows of the form 6n (δ j δ 2 δ 3 δ 4 δ 5 δ 6 ), having exactly six nonzero entries. Therefore, the complexity of the dual basis M is (n 9) 6 6n, which is the same as that of the Gaussian normal basis of type (n, 6). From the previous discussion, we observe that in some cases the complexity of the dual basis is the same as that of the corresponding Gaussian normal basis. So now we give conditions for which the complexity of the Gaussian normal basis of type (n, t) is the same as that of its dual basis. Theorem 3.9. Let α be a Gauss period of type (n, t) and N be the Gaussian normal basis of type (n, t) generated by α. Further, let δ generate the dual basis M of N. If the Gaussian normal basis is a self-dual basis or t is odd and t 0 (mod p), then the complexities of the Gaussian normal basis N and its dual basis M are the same. Proof. Let α generate the Gaussian normal basis of type (n, t). Furthermore, let δ be the dual element of α and generate the dual normal basis M. The multiplication table T α of N is given by the expression αα i µ i t n t ijα j, 0 i n, which is equivalent to αα i n (t ij µ i t) α j (7) since Tr Fq n /F q (α). Let the complexity of the Gaussian normal basis N be C N. Now we consider two cases. Case : t is odd. The multiplication table T δ of the dual basis M generated by δ is given by the following expression tn t ( n (tn ) 2 ( n (t ij µ i t) δ jn/2 ) t ) (t ij µ i t) t tn δ in/2 tn δ n/2 t 2 (tn ) 2, 0 i n. If t 0 (mod p), where p is the characteristic of the field F q, then it follows that ( n ) ij µ i t) δ jn/2. (8) tn (t Since the complexities of the Gaussian normal basis of type (n, t) and its dual basis M depend on cyclotomic numbers t ij, from (7) and (8) the complexity of the dual basis M is the same as that of the Gaussian normal basis N.

14 922 A. Mishra, R.K. Sharma, W. Shukla Case 2: t is even. The multiplication table T δ of the dual basis M is given by the following expression ( n ) ij µ i t) δ j tn (t t tn δ t ( n ) (tn ) 2 (t ij µ i t) t tn δ i t 2 (tn ) 2, 0 i n. (9) Algebra Colloq : Downloaded from by INDIAN INSTITUTE OF TECHNOLOGY DELHI on 07/26/6. For personal use only. If the characteristic is 2 or t 0 (mod p), where p > 3 is the characteristic of the field F q, then from (9) we have ( n ) ij µ i t) δ jn/2. (0) tn (t From (7) and (0), it is easy to see that the complexity of the Gaussian normal basis N is the same as that of its dual basis M. As we know that the Gaussian normal basis of type (n, t) is a self-dual normal basis if and only if t is even and t 0 (mod p), where p is the characteristic (see [7]), so in this case the Gaussian normal basis is a self-dual basis. Acknowledgements. The authors gratefully acknowledge the valuable comments and suggestions from the anonymous referees. References [] I.F. Blake, X. Gao, A.J. Menezes, R.C. Mullin, S.A. Vanstone, T. Yaghoobian, Applications of Finite Fields, Kluwer Academic Publishers, Boston-Dordrecht-Lancaster, 993. [2] M. Christopoulou, T. Garefalaakis, D. Panario, D. Thomson, Gauss periods as constructions of low complexity normal bases, Des. Codes Cryptogr. 62 (202) [3] S. Gao, D. Panario, V. Shoup, J. Von Zur Gathen, Algorithms for exponentiation in finite fields, J. Symbol. Comput. 29 (2000) [4] Q. Liao, The Gaussian normal basis and its trace basis over finite fields, J. Number Theory 32 (202) [5] R. Lidl, H. Niederreiter, Finite Fields, Encyclopedia of Mathematics and Its Applications 20, Cambridge University Press, Cambridge, 997. [6] J. Massey, J. Omura, Computational method and apparatus for finite field arithmetic, U.S. Patent Number 4, 745, 568, May 986. [7] Y. Morikawa, Y. Nogami, H. Nasu, S. Uehara, A method for constructing a self-dual normal basis in odd characteristic extension fields, Finite Fields Appl. 4 (2008) [8] R. Mullin, I. Onyszchuk, S. Vanstone, Computational method and apparatus for finite field multiplication, U.S. Patent Number 4, 745, 568, May 988.

Gauss periods as low complexity normal bases

Gauss periods as low complexity normal bases With M. Christopoulou, T. Garefalakis (Crete) and D. Panario (Carleton) July 16, 2009 Outline 1 Gauss periods as normal bases Normal bases Gauss periods 2 Traces of normal bases The trace of Gauss periods