2

If $f(x) = \sum_{i=0}^d a_i x^i \in \mathbb{Z}_{2^n}[x]$ is a polynomial with coefficients $a_i \in \mathbb{Z}_{2^n}$, then it is known due to Rivest that $f(x) \mod 2^n$ permutes the elements of $\mathbb{Z}_{2^n}$ if and only if $\Delta_1 = a_2 + a_4 + \ldots$ and $\Delta_2 = a_3 + a_5 + \ldots$ are even, and $a_1$ is odd. Here $\mathbb{Z}_{2^n} = \{0, 1, \ldots, 2^n -1\}$. As a result, there are permutations $F: \mathbb{Z}_{2^n} \to \mathbb{Z}_{2^n}$ that do not have a polynomial $f \in \mathbb{Z}_{2^n}[x]$ such that $F(x) = f(x) \mod 2^n$ for all $x \in \mathbb{Z}_{2^n}$. For example, consider any $F$ such that $F(0)$ and $F(1)$ are even -- see Permutations on $[2^k]$ And the Existance of Permutation Polynomials.

What confuses me is the following. Given a function $G : \mathbb{F}_{2^n} \to \mathbb{F}_{2^n}$, where $\mathbb{F}_{2^n}$ is a finite field of size $2^n$, then $G$ admits a unique univariate polynomial over $\mathbb{F}_{2^n}$ of degree at most $2^n - 1$: $G(x) = \sum_{j=0}^{2^n-1}\delta_j x^j$, where each $\delta_j \in \mathbb{F}_{2^n}$. Notice that there is always a polynomial representation for $G$ (unlike in the case above). Why does going from $\mathbb{Z}_{2^n}$ to $\mathbb{F}_{2^n}$ make such a difference, and what would the coefficients $\delta_j$ look like if they come from a finite field instead? I realize that there isn't a contradiction between both notions but I don't quite understand why, or how polynomials for $G(x)$ and $F(x)$ differ.

user340082710
  • 177
  • 2
    The field of $2^n$ elements, and the ring of integers modulo $2^n$, are completely different structures, with very little in common other than having the same number of elements; there's no reason why going from one to the other shouldn't make a big difference. One is a field, the other isn't; $x+x=0$ for every $x$ in one, but not in the other; one is a cyclic group under addition, the other is not cyclic; and so on, and so on, and so forth. – Gerry Myerson Aug 12 '19 at 23:52
  • What would the $\delta_j$'s look like? I thought we could think of $\mathbb{F}_{2^n}$ as being "similar" to set $(\mathbb{F}_2)^n$, which I thought was basically the same as the set of n-bit integers... – user340082710 Aug 13 '19 at 00:00
  • After more thought, the set of n-bit integers would be $(\mathbb{Z}_2)^n$, so I'm not quite sure what $(\mathbb{F}_2)^n$ would be instead. – user340082710 Aug 13 '19 at 00:04
  • 1
    Consider $(1,1)$ as an element of $F_2^2$, and the "corresponding" $2$-bit integer $11$. In the first, $(1,1)+(1,1)=(0,0)$. In the second, $11+11=110$. They are not "basically the same". – Gerry Myerson Aug 13 '19 at 00:05
  • So the difference between $(\mathbb{Z}_2)^n$ and $(\mathbb{F}_2)^n$ is just how addition is defined? In the first do addition normally, but in the second, we basically take the exclusive-or of its components? – user340082710 Aug 13 '19 at 00:11
  • 1
    @user340082710, $\mathbb{F_{2^n}} \neq (\mathbb{F_2})^n$. The first is a field, the second is not. You should look into the construction of $\mathbb{F}_{p^n}$ to understand what it is - it is not as simple as a product of rings. – Jair Taylor Aug 13 '19 at 00:13
  • @user340082710 Just look at a few small examples: $\mathbb{F}_4$ versus $\mathbb{Z}_4$ or $\mathbb{F}_8$ versus $\mathbb{Z}_8$. Play around with them. Do you know how to construct the fields? – Dzoooks Aug 13 '19 at 00:19
  • Not really. I thought a field was a ring where every element has a multiplicative inverse. $\mathbb{Z}_4$ would contain ${0, 1, 2, 3}$. What four numbers would $\mathbb{F}_4$ contain for example? I find the example given in the Wikipedia page confusing. – user340082710 Aug 13 '19 at 00:21
  • 1
    @user340082710 You can write $\mathbb{F_4} = {0, 1, x, 1+x}$ with appropriate multiplication; in general, $\mathbb{F_{p^n}}$ can be identified with all polynomials $a_0 + a_1 x + \cdots + a_n x^{n-1}$ of degree $< n$ over $\mathbb{F}_p$. Since you have $p$ choices for each $a_i$, there are $p^n$ such polynomials. The addition is the usual pointwise addition of coefficients, but to multiply you take the usual product and reduce it via a fixed irreducible polynomial $Q(x)$ of degree $n$. e.g., for $\mathbb{F}_4$ given above, with $Q(x) = 1 + x + x^2$, you get $x * x = x^2 = 1+x$. – Jair Taylor Aug 13 '19 at 01:06
  • 1
    The multiplication table will depend on your choice of $Q(x)$, but it turns out all these representations are isomorphic. – Jair Taylor Aug 13 '19 at 01:09
  • 1
    See the multiplication table for $\mathbb{F_4}$ here. – Jair Taylor Aug 13 '19 at 01:11

0 Answers0