On the cycle structure of iterating Rédei functions
Daniel Panario
School of Mathematics and Statistics
Carleton University
[email protected]
XXI CLA – July 29, 2016
Joint work with Claudio Qureshi and Rodrigo Martins
Daniel Panario
On the cycle structure of Rédei functions
1 / 33
Iterations of functions over finite fields
In general, let Fn be the set of functions (“mappings”) from the set [1..n]
to itself. With any ϕ ∈ Fn there is associated a functional graph on n
nodes, with a directed edge from vertex u to vertex v if ϕ(u) = v . We are
interested here in functions over finite fields.
Functional graphs of mappings are sets of connected components; the
components are directed cycles of nodes; and each of those nodes is the
root of a tree.
The dynamics of iterations of polynomials and rational functions over
finite fields have attracted much attention in recent years, in part due to
their applications in cryptography and integer factorization methods like
Pollard rho algorithm.
Daniel Panario
On the cycle structure of Rédei functions
2 / 33
Finite dynamics
Finite dynamical systems have applications in several areas including
physics, biology, and cryptography:
Pollard’s rho algorithm for integer factorization and improvements.
Algorithms based in the Pollard’s rho method for the discrete
logarithm problem:
I
I
over the multiplicative subgroup of Fq ;
over the additive group of an elliptic curve defined over a finite field.
Let us introduce some definitions...
Daniel Panario
On the cycle structure of Rédei functions
3 / 33
Finite dynamics
Let X be a finite set and f : X → X .
For x ∈ X , let n ≥ 1, m ≥ 0 be the smallest integers such that
f n+m (x) = f m (x). Then, per (x) = n, pper (x) = m.
Daniel Panario
On the cycle structure of Rédei functions
4 / 33
Finite dynamics
Let X be a finite set and f : X → X .
For x ∈ X , let n ≥ 1, m ≥ 0 be the smallest integers such that
f n+m (x) = f m (x). Then, per (x) = n, pper (x) = m.
Functional graph: directed graph G(f /X ) with vertex set X and
edges (x, f (x)) for x ∈ X (indeg (x) = #f −1 (x) and outdeg (x) = 1).
Daniel Panario
On the cycle structure of Rédei functions
5 / 33
Topics of interest in finite dynamics
Iterations of functions over finite fields have centered on:
period and preperiod;
(average) rho length;
number of connected components;
length of cycles (largest, smallest, average);
number of fix points and conditions to be a permutation;
isomorphic graphs (mathematically, algorithmically);
and so on.
Iterations of some functions have strong symmetries that can be
mathematically explained. We show as an example the action of Rédei
functions over non-binary finite fields whose functional graphs present
these type of symmetries.
Daniel Panario
On the cycle structure of Rédei functions
6 / 33
Finite dynamics
Study of certain special cases
(T.Rogers) Dynamics of x 7→ x 2 .
T.Rogers.”The graph of the square mapping on the prime fields”.Disc.Math 148, 317-324,
1996.
(A.Peinado et al.) Dynamics of x 7→ x 2 + c.
A.Peinado, F.Montoya, J.Muñoz, A.Yuste.”Maximal periods of x 2 + c in Fq ”.LNCS 2227,
219-228, 2001.
(T.Vasiga, J.Shallit) Dynamics of x 7→ x 2 − 2.
T.Vasiga, J.Shallit.”On the iteration of certain quadratic maps over GF(p)”.Disc.Math
227, 219-240, 2004.
(S.Ugolini) Dynamics of x 7→ x + x −1 and x 7→ x d + x −d .
S.Ugolini.”Graphs associated with the map x 7→ x + x −1 in finite fields of characteristic
three and five”.Journal of Number Theory 133, 1207-1228, 2013.
(T.Gassert) Dynamics of Chebyshev polynomials.
T.Gassert.”Chebyshev action on finite fields”.Disc.Math 315-316, 83-94, 2014.
Daniel Panario
On the cycle structure of Rédei functions
7 / 33
Finite dynamics
Study of certain special cases
(T.Rogers) Dynamics of x 7→ x 2 .
(A.Peinado et.al) Dynamics of x 7→ x 2 + c.
(T.Vasiga, J.Shallit) Dynamics of x 7→ x 2 − 2.
(S.Ugolini) Dynamics of x 7→ x + x −1 and x 7→ x d + x −d .
(T.Gassert) Dynamics of Chebyshev polynomials.
..
.
→ We focus on Rédei functions
Daniel Panario
On the cycle structure of Rédei functions
8 / 33
Rédei functions
√
√
Rédei function: (x + y )n = N(x, y ) + D(x, y ) y .
N(x,a)
For a ∈ F∗q → Rn (x, a) = D(x,a)
defined over P1 (Fq ).
R1 (x) = x
2
R2 (x) = x 2x+a
3
R3 (x) = x3x+3ax
2 +a
R4 (x) =
R5 (x) =
R6 (x) =
R7 (x) =
..
.
x 4 +6ax 2 +a2
4x 3 +4ax
x 5 +10ax 3 +5a2 x
5x 4 +10ax 2 +a2
x 6 +15ax 4 +15a2 x 2 +a3
6x 5 +20ax 3 +6a2 x
x 7 +21ax 5 +35a2 x 3 +7a3 x
7x 6 +35ax 4 +21a2 x 2 +a3
Daniel Panario
On the cycle structure of Rédei functions
9 / 33
Rédei functions
√
√
Rédei function: (x + y )n = N(x, y ) + D(x, y ) y .
N(x,a)
For a ∈ F∗q → Rn (x, a) = D(x,a)
defined over P1 (Fq ).
We denote by G(n, a, q) its functional graph.
Figure: The functional graph G(3, 1, 37) associated to the Rédei function R3 (x, 1) =
x 3 +3x
3x 2 +1
defined over the projective line P1 (F37 ).
Daniel Panario
On the cycle structure of Rédei functions
10 / 33
Rédei functions
Some applications of Rédei functions
Pseudorandom number generators based on Rédei functions.
J. Gutierrez, A. Winterhof. ”Exponential sums of nonlinear congruential pseudorandom
number generators with Rédei functions”. Finite Fields and Their Appl.14, 410-416, 2008.
Method to solve Pell equation via Rédei functions.
S. Barbero, U. Cerruti, N. Murru. ”Solving the Pell equation via Rédei rational
functions”. The Fibonacci Quarterly 48, 348-357, 2010.
Cryptosystem based on Rédei functions.
R. Nobauer. ”Cryptanalysis of the Rédei scheme”. Contributions to General Algebra 3,
255-264, 1984.
Application to permutation polynomials.
M. Zieve. ”Permutation polynomials on Fq induced from Rédei function bijections on
subgroups of F∗q ”. To appear in Monatsh. Math.
Daniel Panario
On the cycle structure of Rédei functions
11 / 33
Description of the Rédei functional graph
Isomorphism theorem for Rédei functional graph
[Cor.3.8 and Th.3.16 of Qureshi and Panario (2015)]
Let n ∈ Z+ , a ∈ F∗q and χ : Fq → {±1} the quadratic character in Fq .
We express q − χ(a) = νω with rad(ν) | rad(n) and gcd(n, ω) = 1.
Then:
M ϕ(d)
× Cyc(od (n), Tν(n) ) ⊕ (1 + χ(a)) × {•}.
G(n, a, q) '
od (n)
d|ω
Daniel Panario
On the cycle structure of Rédei functions
12 / 33
Rédei functional graph
Example: the functional graph of R3 (x, 1) =
x 3 +3x
3x 2 +1
over P 1 (F37 )
a
q
= 36 = 22 · 32 ⇒ ω = 4, ν = 9, n = 3 and 9(3) = (3, 3)
M ϕ(d)
G(3, 1, 37) '
× Cyc(od (3), T(3,3) ) ⊕ {•, •}
od (3)
q−
d|4
' 2 × Cyc(1, T(3,3) ) ⊕ Cyc(2, T(3,3) ) ⊕ {•, •}
Daniel Panario
On the cycle structure of Rédei functions
13 / 33
Description of the tree Tν(n)
The ν-serie generated by n
For ν and n positive integers with rad(ν) | rad(n), we define the sequence:
(
ν1 = gcd(ν,n),
for i ≥ 1.
νi+1 = gcd ν1 ν2ν...νi , n
If D = max{i ≥ 1 : νi > 1}, we define ν(n) = (ν1 , ν2 , . . . , νD ).
By convention, for ν = 1 we define ν(n) = (1) for all n.
Daniel Panario
On the cycle structure of Rédei functions
14 / 33
Tree associated with ν-series
Definition of TV for V a ν-series
If V = (ν1 , ν2 , . . . , νD ) is a ν-series, we define recursively the tree TV
associated with V as follows:
0
TV = •,
L
i−1
TVk = hνk × TVk−1 ⊕ k−1
i=1 (νi − νi+1 ) × TV i for 1 ≤ k ≤ D,
and
TV = h(νD − 1) × TVD−1 ⊕
D−1
M
(νi − νi+1 ) × TVi−1 i.
i=1
For V = (1) we define TV = •.
Daniel Panario
On the cycle structure of Rédei functions
15 / 33
Tree associated with ν-series
Figure: Inductive definition of TV for V = (ν1 , ν2 , ν3 , ν4 ).
Daniel Panario
On the cycle structure of Rédei functions
16 / 33
Tree associated with ν-series
Example 1
We consider V = 360(30) = (30, 6, 2) ⇒ TV =?
TV1 = h30 × •i
TV2 = h6 × TV1 ⊕ 24 × •i
TV = hTV2 ⊕ 4 × TV1 ⊕ 24 × •i
Daniel Panario
On the cycle structure of Rédei functions
17 / 33
Tree associated with ν-series
Example 1
We consider V = 360(30) = (30, 6, 2) ⇒ TV =?
TV1 = h30 × •i
TV2 = h6 × TV1 ⊕ 24 × •i
TV = hTV2 ⊕ 4 × TV1 ⊕ 24 × •i
Daniel Panario
On the cycle structure of Rédei functions
18 / 33
Tree associated with ν-series
Example 1
We consider V = 360(30) = (30, 6, 2) ⇒ TV =?
TV1 = h30 × •i
TV2 = h6 × TV1 ⊕ 24 × •i
TV = hTV2 ⊕ 4 × TV1 ⊕ 24 × •i
Daniel Panario
On the cycle structure of Rédei functions
19 / 33
Tree associated with ν-series
Example 2
We consider V = 27(3) = (3, 3, 3) ⇒ TV =?
TV1 = h3 × •i
TV2 = h3 × TV1 i
TV = h2 × TV2 i
Daniel Panario
On the cycle structure of Rédei functions
20 / 33
Tree associated with ν-series
Example 2
We consider V = 27(3) = (3, 3, 3) ⇒ TV =?
TV1 = h3 × •i
TV2 = h3 × TV1 i
TV = h2 × TV2 i
Daniel Panario
On the cycle structure of Rédei functions
21 / 33
Tree associated with ν-series
Example 2
We consider V = 27(3) = (3, 3, 3) ⇒ TV =?
TV1 = h3 × •i
TV2 = h3 × TV1 i
TV = h2 × TV2 i
Daniel Panario
On the cycle structure of Rédei functions
22 / 33
New results coming. . .
Daniel Panario
On the cycle structure of Rédei functions
23 / 33
Some estimates on the cycle structure of Rédei functions
√
We fix n ∈ Z+ , Fq and a ∈ F∗q . Let Daq = P1 (Fq ) \ {± a}.
We consider the Rédei function Rn (x, a) as a map in Daq and denote by
G(n, a, q) its functional graph.
We are interested on the following parameters:
N(n, a, q) = number of connected components in G(n, a, q),
T0 (n, a, q) = number of periodic points in G(n, a, q),
P
1
C (n, a, q) = q−χ(a)
u∈Daq per (u),
P
1
T (n, a, q) = q−χ(a)
u∈Daq pper (u);
and also in an asymptotic estimated for
S0 (n, a, N) =
S(n, a, N) =
Daniel Panario
1 P
p≤N T0 (n, a, p),
π(N)
P
1
p≤N T (n, a, p).
π(N)
On the cycle structure of Rédei functions
24 / 33
Previous estimates on the cycle structure of functions
Estimates for N, T0 , C , T , S and S0 respect to other maps
For the map x 7→ x 2 in Fp .
Vasiga and Shallit, On the iteration of certain quadratic maps over GF(p),
Discrete Math., vol. 277, pp. 219-240, 2004.
For the map x 7→ x e in Fp .
Chou and Shparlinski, On the cycle structure of repeated exponentiation
modulo a prime, Journal of Number Theory, vol. 107, pp. 345-356, 2004.
If a is a square element in Fp , then the dynamics of Rn (x, a) over Dap
coincides with the one of x 7→ x e over F∗p . Since our results hold for all
a ∈ F∗q , our work on Rédei functions can be seen as a generalization of
Chou and Shparlinski. Moreover, the dynamics of Rn (x, a) over Dap is
similar to the one of the n-map x 7−→ nx over the integers modulo p ± 1,
depending on the quadratic character of a in Fp ; see also Sha (2012).
Daniel Panario
On the cycle structure of Rédei functions
25 / 33
Estimates on N, T0 , C and T of Rédei functions
Theorem (Estimates for N, T0 , C and T respect to Rédei functions)
Let n ∈ Z+ , a ∈ F∗q and q − χ(a) = νω with rad(ν) | rad(n) and
gcd(n, ω) = 1. Let ν(n) = (ν1 , ν2 , . . . , νD ) be the ν-series associated to n.
For the Rédei function Rn (x, a) on Daq we have the following quantities:
N(n, a, q) =
X ϕ(d)
,
od (n)
T0 (n, a, q) = ω,
d|ω
C (n, a, q) =
1X
ϕ(d)od (n),
ω
T (n, a, q) =
d|ω
Daniel Panario
On the cycle structure of Rédei functions
D−1
1X
ν1 . . . νj .
ν
j=1
26 / 33
Estimates on N, T0 , C and T of Rédei functions
Sketch of proof
√
When χ(a) = 1 we have that {± a} are isolated fixed points of Rn (x, a)
and the isomorphism formula over Daq gives
G(n, a, q) =
M ϕ(d)
d|ω
od (n)
× Cyc(od (n), Tν(n) )
.We obtain
P
N(n, a, q) = d|ω oϕ(d)
.
d (n)
P
P
T0 (n, a, q) = d|ω oϕ(d)
·
o
(n)
=
d
d|ω ϕ(d) = ω.
(n)
d
P
1
C (n, a, q) = νω
u∈Dq per (u)
P
P
ϕ(d)
1
= νω d|ω od (n) · od (n) · #Tν(n) · od (n) = ω1 d|ω ϕ(d)od (n).
Daniel Panario
On the cycle structure of Rédei functions
27 / 33
Estimates on N, T0 , C and T of Rédei functions
Sketch of proof
If h(j) denotes the number of vertices at depth j in Tν(n) , again, from the
P
isomorphism formula we have T (n, a, q) = ν1 D
j=1 jh(j). Let hi (j) be the
i
number of vertices at depth j in T . Using the recurrence formula for
Tν(n) :
 0
 T = •,
Lk−1
T k = hνk × TVk−1 ⊕ i=1
(νi − νi+1 ) × TVi−1 i for 1 ≤ k ≤ D,
L

i−1
Tν(n) = h(νD − 1) × TVD−1 ⊕ D−1
i=1 (νi − νi+1 ) × TV i,
P
we obtain hk (j) = νk hk−1 (j − 1) + k−1
i=1 (νi − νi+1 )hi−1 (j − 1) with
h0 (0) = 1, h0 (j) = 0 for j > 0 implying hi (j) = ν1 · · · νj for 0 ≤ j ≤ i
and h(j) = hD (j) − hD−1 (j − 1) = ν1 · · · νj − ν1 · · · νj−1 . Using partial
P
sums on D
j=1 jh(j) we obtain the desired formula for T (n, a, q).
Daniel Panario
On the cycle structure of Rédei functions
2
28 / 33
Estimates on S0 for Rédei functions
The S0 case
Remember that
S0 (n, a, N) =
1 X
T0 (n, a, p)
π(N)
p≤N
where T0 (n, a, p) = ω is the number of periodic points in the Rédei graph.
We have that ω is the maximum coprime-with-n divisor of p − χp (a)
(that is, p − χp (a) = νω with rad(ν) | rad(n) and gcd(ω, n) = 1).
Daniel Panario
On the cycle structure of Rédei functions
29 / 33
Estimates on S0 for Rédei functions
The S0 case
We denote by n a positive integer and Q = p1 · · · ps the square-free part
of n, L = hp1 , . . . , ps i the multiplicative semigroup generated by the
prime divisors of n. For m ∈ Z+ we denote by [m] = {1, . . . , m} and
Cop(m) = {i ∈ [m] : gcd(i, m) = 1}.
Theorem (Estimates for S0 for the Rédei functions)
Let n and a be positive integers, and p1 , . . . , ps be the distinct prime
divisors of n. Then
s N Y pi2 − pi − 1
·
.
S0 (n, a, N) ∼
2
pi2 − 1
i=1
Daniel Panario
On the cycle structure of Rédei functions
30 / 33
Proof ideas
The key idea used by Chou and Shparlinski and that we follow here is to
express S0 (n, a, N) as a sum in ν ∈ L where every term is a finite sum of
primes in arithmetic progression. To obtain a similar expression in our
case, we need some results that are consequences of the quadratic
reciprocity law. Then, we use asymptotic results of analytic number theory
to estimate the sums.
The results in Chou and Shparlinski for S0 in the exponential case use
similar sums on primes but their final result is S0 ∼ θ0 N, where θ0 is
expressed as an infinite sum over the ν ∈ L. Here we compute the
constant of the main term involving a nice product of primes.
Daniel Panario
On the cycle structure of Rédei functions
31 / 33
Estimates on S for Rédei functions
The S case
Remember that
S(n, a, N) =
1 X
T (n, a, p)
π(N)
p≤N
where T (n, a, p) =
1 PD−1
ν
j=1
ν1 . . . νj is the average value of the tail length.
Theorem (Estimates for S for the Rédei functions)
Let n and a be positive integers, p1 , . . . , ps be the distinct prime divisors of
n with Q P
= p1 · · · ps , and L = hp1 , . . . , ps i. For ν ∈ L we denote by
D−1
1
λ(ν) = ν i=1
ν1 · · · νi where (ν1 , . . . , νD ) is the ν-series generated by n.
Then,
1 X λ(ν)#Uν
lim S(n, a, N) =
,
N→∞
ϕ(Q)
ν
ν∈L
where Uν = {u ∈ {1, . . . , Q} : gcd(u, Q) = gcd(νu + 1, Q) = 1}.
Daniel Panario
On the cycle structure of Rédei functions
32 / 33
Thanks for your attention!
Daniel Panario
On the cycle structure of Rédei functions
33 / 33