POLYNOMIAL CODES OVER CERTAIN FINITE FIELDS

多变量公钥密码系统摘要量子计算机的出现对传统公钥密码体制的安全构成威胁，多变量公钥密码应运而生，并成为近年来密码学的研究热点之一。

多变量公钥密码的安全性依赖于解多变量非线性多项式方程组的困难性，并且多变量公钥密码在存储空间和执行时间上比起传统公钥密码体制具有明显的优势。

本文对多变量公钥密码系统进行了学习与研究，总结了多变量公钥密码学的发展历史和研究现状，对陷门函数的构造做了简要介绍，并阐述了针对多变量公钥密码体制的主要攻击方法。

关键词：公钥密码数字签名多变量AbstractThe appearance of the quantum computer is a threat to the security of traditional cryptosystems, so the multivariable cryptography was born, and attracted more and more attentions recently. The multivariate public key cryptosystems are connected to the hardness of solving randomly chosen systems of multivariate polynomial equations over a finite field, and it has better performance both in memory space and time efficiency than the traditional cryptosystems.This paper does some study and research on the MPKCs, sums up the development history and research situation, does a brief introduction to the implementation of trapdoor functions, and presents the main attacks. On this basis, the main contributions are as follows.Keyword : Public key cryptography Signature Multivariate一、研究多变量公钥密码系统的背景及意义信息安全技术是一门综合的学科，它涉及信息论、计算机科学、密码学等多方面的知识，它的主要任务是研究计算机系统和通信网络内信息的保护方法以实现系统内信息的安全、保密、真实和完整。

有限交换环上的Chowla定理马宁;彭国华【摘要】设R=｛r0,r1,…,rn-1}是一个有限含幺交换环,若对于r0,r1,…,rn-1的任意排列s0,s1,…,sn-1都有{risi｜0≤i≤n-1｝≠R,则称R为M-环.讨论了M-环的基本性质,利用有限交换环的结构定理,得到了R为M-环的判定条件.这些结论将整数环上关于剩余系的Chowla定理推广到M-环上,进而统一证明了Chowla定理以及孙琦和旷京华给出的代数整数环上的Chowla定理.此外还给出有限交换环上置换多项式一个结论的简单证明.【期刊名称】《四川师范大学学报（自然科学版）》【年(卷),期】2018(041)003【总页数】3页(P296-298)【关键词】完全剩余系;有限交换环;M-环;置换多项式【作者】马宁;彭国华【作者单位】四川大学数学学院,四川成都610064;四川大学数学学院,四川成都610064【正文语种】中文【中图分类】O151948年,Vijayaraghavan等[1]证明了一个关于整数环上的完全剩余系的定理：设整数q>2，r1,r2,…,rn和s1,s2,…,sn分别是模q的两组完全剩余系，则r1s1,r2s2,…,rnsn不是模q的完全剩余系．1954年，Coles等[2]利用数学归纳法又给出这一定理的一个简单证明．1987年，孙琦等[3]将这一定理推广到了Dedekind整环中．本文将Chowla定理推广到一般有限含幺交换环．为此，定义了M-环，还讨论了这类有限交换环的基本性质及判定的充要条件．设R={r0,r1,…,rn-1}是一个有限含幺交换环，始终假定r0=0，相应地r1,r2,…,rn-1是R中的全体非零元素．若s0,s1,…,sn-1是r0,r2,…,rn-1的任意一个排列且s0≠0, 则存在k≥1使得sk=0.此时r0s0=rksk=0，集合S={risi|0≤i≤n-1}至多含有n-1个元素，从而S≠R．这表明，只要R不是零环[4]，则总存在r0,r1,…,rn-1的一个排列s0,s1,…,sn-1，使得S≠R．对于集合S={risi|0≤i≤n-1}，是否总有S≠R成立？定义一个有限含幺交换环R为M-环，如果对于R中全体元素的任意一个排列s0,s1,…,sn-1，总有{risi|0≤i≤n-1}≠R．假设s0=0且R=Fq是q元有限域，q为一个素数的方幂，那么环R的乘法群注意到方程Xq-1-1=0的解集为R×，有若S=R，则必然有另一方面，所以q必为偶数．若q为2的方幂，即R=F2m，m是正整数，则Frobenius映射σ(x)=x2是R上的自同构．取si=ri，i=0,1,…,q-1，则有这表明R不是M-环．定理 1 有限域是M-环的充要条件是它的特征为奇数．设R=R1⊕R2⊕…⊕Rm是有限含幺交换环R的一个直和分解．对0≤i≤n-1，可以令ri=(ri1,ri2,…,rim)，si=(si1,si2,…,sim)，其中,rij,s ij∈Rj，1≤j≤m．所以S=R当且仅当Sj={rijsij|0≤i≤n-1}=Rj对每个1≤j≤m均成立．于是，有定理 2 设R为有限含幺交换环，则R是M-环的充要条件是其直和因子中至少有一个是M-环．如下的结构性质保障了可以将一般的有限交换环分解成一些小的环的直和．引理 1 任意有限含幺交换环可分解为有限交换局部环的直和．证明设R是一有限含幺交换环，P1,P2,…,Pm是R的全部素理想，则每个商环是有限整环，也是有限域．所以每个Pi是极大理想且i≠j时，Pi和Pj互素．故Pi∩Pj=P iPj．另一方面，R的幂零根所以R的Jacobson根但Nil(R)中的每个元素均为幂零元，J(R)是幂零理想．因此存在正整数t使得注意到i≠j时，理想和仍然互素．由交换环的中国剩余定理[4]，有≅⊕⊕…⊕即得R≅⊕⊕…⊕其中每个环是局部环，其极大理想为根据定理2和引理1，只需要讨论有限局部交换环何时是M-环．引理 2 若一个有限局部交换环不是域，则它是M-环．证明设R={r1,r2,…,rn}是有限局部交换环．若R不是M-环，则存在r1,r2,…,rn的一个排列s1,s2,…,s n使得S={risi|0≤i≤n}=R．设P是R的唯一极大理想且|P|=k，则R恰有k个不可逆元，且Jacobson根J(R)=P为幂零理想．因此存在正整数n0使得Pn0=(0)．不失一般性，可设r1,r2,…,rk∈P, rk+1,rk+2,…,rn∈R×,则必有s1,s2,…,sk∈P且sk+1,sk+2,…,sn∈R×．否则，若存在j0>k，sj0∈P，则有r1s1,r2s2,…,rksk,rj0sj0∈P且这些元素两两不同.这与R 恰有k个不可逆元的假设矛盾．于是P={r1s1,…,rksk}⊆P2，从而P=P2，故P=Pn0=(0)．这表明零理想是极大理想，R必为域，与假设矛盾．定理 3 设R为有限含幺交换环，则R是M-环的充要条件是R不能分解为特征为2的有限域的直和．证明由引理1，R=R1⊕R2⊕…⊕Rm，其中Ri(1≤i≤m)是有限交换局部环．若R不能被分解为特征为2的有限域的直和，则存在1≤i0≤m，使得Ri0不是域或者Ri0是奇特征的有限域．根据定理1和引理2，Ri0是M-环．再由定理2可知，R 是M-环．反之，若R是特征为2的有限域的直和，则由定理1和定理2可知，R不是M-环．注 1 若为剩余类环，其中Z为整数环，m≠2为正整数，则定理3就是整数环上的Chowla定理[1]．若OK是数域K的Dedekind整环，I为OK的理想且I≠P1P2…Ps，其中P1,P2,…,Ps为不同的素理想且每个Pi∩Z=2Z，则孙琦等在文献[3]中的结果，正是定理3中取时的特殊情况．注 2 根据定理1，奇特征的有限域是M-环，但奇特征并不是得到M-环的必要条件．换句话说，特征为2的有限交换环也可能是M-环．例如，设环它的特征显然为2，且有唯一的非零极大理想(X)mod(X3)，从而R是局部环，但不是域．根据引理2，R是M-环．下面考虑定理3在置换多项式方面的应用．环R上的多项式f(X)∈R[X]称为R的置换多项式，如果对应的多项式函数f:R→R诱导出R中元素的一个置换．有关有限交换环上的置换多项式及其应用的讨论，可参考文献[5-10]．因为一个置换多项式可以产生环中元素的一个置换，所以立即得到以下推论.推论 1 M-环上的两个置换多项式的乘积不再是置换多项式．参考文献[1] VIJAYARAGHAVAN T, CHOWLA S. On complete residue sets[J]. Q J Math,1948,19(1)：193-199.[2] COLES W, OLSON F. A note on complete residue systems[J]. Am Math Monthly,1954,61(9)：662-622.[3] 孙琦，旷京华. 关于代数数域中的完全剩余系[J]. 数学学报,1987,30(2)：226-228.[4] ATIYAH M, MACDONALD I. Introduction to commutative algebra[M]. New Jersey:Addison-Wesley,1969.[5] BINI G, FLAMINI F. Finite commutative rings and their applications[M]. New York: Spring Science and Business Media,LLC,2002.[6] 孙琦,万大庆. 置换多项式及其应用[M]. 沈阳:辽宁教育出版社,1987.[7] LIDL R, NIEDERREITER H. Finite Fields[M]. Encyclopedia Math Appl 20.Cambridge:Cambridge Univ Press,1997.[8] COHEN S D. Permutation Group Theory and Permution Polynomials in Algebras and Combintorics[M]. Hong Kong:Springer-Verlag,1997.[9] FRISCH S. Polynomial functions on finite commutative rings[M]. Lecture Notes in Pure and Appl Mathematics 205.New York:Dekker,1999.[10] ZHANG Q. Polynomial functions and permutation polynomials over some finite commutative rings[J]. J Number Theory,2004,105(1):192-202.。

Divide-and-Conquer Interpolation for List Decoding of Reed-Solomon CodesJun MaDepartment of Electrical and Computer Engineering University of California San Diego9500Gilman Drive,La Jolla,CA92093–0407,U.S.A.jma@Peter TrifonovDistributed Computing and Networking Department St.Petersburg State Polytechnic University Polytechnicheskaya29,St.Petersburg195251,Russia petert@dcn.nord.nw.ruAlexander VardyDepartment of Electrical and Computer EngineeringUniversity of California San Diego9500Gilman Drive,La Jolla,CA92093–0407,U.S.A.vardy@AbstractAlgebraic soft-decision decoding of Reed-Solomon codes delivers promising coding gains over conventionalhard-decision decoding.The most computationally demanding step in algebraic soft-decoding(as well asSudan-type list-decoding)is bivariate polynomial interpolation.We discuss a divide-and-conquer algorithmthat could potentially reduce the complexity of the interpolation step.I.I NTRODUCTIONRecently Sudan[14]and Guruswami-Sudan[5]introduced a powerful algorithm for list decoding of Reed-Solomon and some other codes.This list-decoding method was later extended by Koetter and Vardy[9]toan algebraic soft-decision decoding algorithm,which significantly outperforms hard-decision list-decoding. Both list-decoding and algebraic soft-decision rely on interpolation of bivariate polynomials,which is much more computationally complex than hard-decision decoding.The high complexity of the interpolation re-sults from the large-degree polynomials manipulated in the iterative interpolation procedure,thus efficient implementations of the interpolation algorithm are desired.Section II gives a brief review of the interpolation algorithm based on[3,10].In section III,we present a matrix interpretation and an algebraic geometry interpretation of the interpolation algorithm.The later leadsto a divide-and-conquer algorithm.II.B ACKGROUNDLet q be thefinitefield with q elements.The ring of polynomials over q is denoted q X.Reed-Solomon codes are obtained by evaluating certain subspaces of q X in a set of points x1,x2,...,x n q. Specifically,the RS code q n,k of length n and dimension k is defined as follows:qn,k def f x1,...,f x n:x1,...,x n,f X q X,deg f X k(1)The interpolation step solves the following problem:Given a set of points x1,y1,x2,y2,...,x s,y s and a set of multiplicities M m1,m2,...,m s,find a nonzero polynomial X,Y of minimal1,k1-weighted degree,such that X,Y passes through points in with prescribed multiplicities.Fast algorithmto solve the interpolation problem can be found in[3,11].And in this paper,we refer the algorithm as IIA (iterative interpolation algorithm).The Iterative Interpolation AlgorithmInitialization:v X ,Y ∑l t 0q v ,t X Y t ,for 0v r .Iteration:Input:x i ,y i ,m x i ,y i :x i ,y i–For each triple x i ,y i ,m x i ,y i ,O v deg 1,k 1v X ,Y ,for 0v r .for a 0to m x i ,y i 1for b 0to m x i ,y i 1a Discrepancy Computation:for v 0to rd a ,b v coef v X x i ,Y y i ,X a Y b endPolynomial Update:if there exist ηargmin 0v r d a ,b v 0O vfor v 0to rif v ηand d a ,b v 0v X ,Y :v X ,Y d a ,bvr pass through points in with corresponding multiplicities M can be represented asX,Yr∑j0p j X j X,YProof.Let X,Y:wdeg0,1X,Y r be a polynomial having points from as roots of corre-sponding multiplicities from M.The following procedure is very similar both to the multivariate polynomial division[2]and matrix polynomial division algorithms[4,8].1)Order X,Y terms accordingly to deg1,k1and let R X,Y0,p j X0.2)Let LT X,Yαx a y b and LT b X,Y x c y b.(Note that the IIA guarantees that LT b X,YX c Y b throughout the whole iterative procedure.)If a c,then p b X:p b Xαx a c,X,Y:X,Yαx a c b X,Y.Otherwise,R X,Y:R X,Y LT X,Y,X,Y:X,Y LT X,Y.3)Repeat step2until X,Y0.Clearly,this procedure would lead to X,Y∑j p j X j X,Y R X,Y.Since all j X,Y have points from as roots of corresponding multiplicities M,these points will be roots of the same multiplicity of R X,Y.Thus we have obtained a polynomial with degree j wdeg0,1R X,Y r in y,having roots of multiplicities in M at all points of such that deg1,k1R X,Y deg1,k1j X,Y,which contradicts to the property of j X,Y minimality(see[10]for proof).Thus R X,Y0.This lemma proves that the j X,Y polynomials form a basis of a polynomial module and any polynomial X,Y as described in Lemma1may be represented as algorithm isX,Y X P X(2)1y...y r q00X q01X...q0r Xq10X q11X...q1r Xq r0X q r1X...q r r Xp0Xp1X...p r XThen each step of the IIA may be represented as multiplication of matrix polynopmial X obtained during previous steps by matrix10...0 001...0 0...j0...x x i...rdeterminants in GF q 0)of linear transformations required to obtain an equation.Thus the problem of ”merging”two sets of interpolation polynomials may be considered as finding a least common right multiple of the respective matrix polynomials.Unfortunately,even the most recent algorithms for performing this task (e.g.[1])appear to be too computationally expensive.B.Algebraic-geometric interpretation of the interpolation algorithmAs it can be seen from (4),the divide-and-conquer interpolation method may be considered as intersection of two modules.However,these modules posess certain additional properties which may be used to simplify computations:1)It is possible to introduce the multiplication operation for two module elements.However,its result belongs to a module of higher dimension.2)The module may be considered as a subset of bivariate polynomial ideal.Thus one can perform intersection operation in an ideal which is a superset of a module,and then convert its result back into the module.Actually we have the following lemma.Lemma 2.Let j X ,Y ,j 0,...,r be a set of polynomials,produced by the IIA after processing the set of interpolation points with corresponding multiplicities M .If LT r X ,Y Y r ,then 0X ,Y ,...,r X ,Y is a basis (actually a Groebner basis)for ideal of polynomials X ,Y that pass through points in with corresponding multiplicities M .Proof.Similar to the proof of Lemma 1,thus omitted here.It is possible to generalize the definition of affine variety to accommodate the case of roots with high mul-tiplicity.Then the IIA may be considered as a process of adding interpolation points to an affine variety defined by the ideal of interpolation polynomials.Thus the operation of module intersection may be replaced with intersection of two ideals.But again,the ideal intersection algorithm [2]appears to be too complex.However,in some cases computation of ideal intersection may be replaced with computation of their product.Let be a polynomial ideal.Then the quotient ring is isomorphic to the q -vector space spanned by the setX a Y b :X a Y b LTwhere LT denotes the ideal generated by the leading terms of the elements of .This is Proposition 4of [2,p.229].We let dim q denote the dimension of this vector space.The footprint of ,also called the deltaset of ,can be defined as the set of all monomials in that are not the leading monomials of elements of .It is known [7]that dim q ,provided is finite.However,we will not need this result.Theorem 1.Letx 1,y 1,x 2,y 2,...,x s ,y s be a set of s distinct points in 2q and let M m 1,m 2,...,m s be a sequence of positive integers,called the multiplicities of the points in .Consider the idealdef X ,Y :coef X x i ,Y y i ,X a Y b 0for a b m i (5)Following [9],define the cost of M as M 1order.Specifically,c a,b;j Q precedes c a,b;i Q in the n-dimensional vector Q iff j i or j i and a,b a,b,where is the graded lex order on2(actually,any graded order on2would suffice for our purposes).Now let us define the following polynomials:G a,b;i X,Y def X x i a Y y i b∏x r x i X x r m i Y y r m i∏x r x iy r y iY y r m i(6)for all nonnegative integers a,b such that a b m i and for all i1,2,...,s.By definition,these polynomials satisfy c a,b;i G a,b;i0.Moreover,c a,b;j G a,b;i0if j i or if j i and either a a or b b—in particular,if a,b a,b.Let us arrange the n polynomials G a,b;i in(6)in the same order as the n coefficients c a,b;i Q in the vector Q,and consider the n n matrix A having G a,b;i as itsrows.It follows from the properties of the polynomials G a,b;i that the matrix A is upper triangular.Hence its rows constitute a basis for n q.This implies that for each vector v n q,we can construct a polynomial Q X,Y such that Q v.Indeed,if v is expressed as a linear combination of the rows of A,then Q X,Y is just the corresponding linear combination of the polynomials G a,b;i in(6).This shows that the mapping is surjective.Now consider the mapping:n q defined by Q Q,where Q is the equivalence class of Q in.It follows from[2,Chapter5]that the mapping is well-defined.Moreover,since is surjective,then so is.The mapping,on the other hand,is also injective.Indeed,if Q Q0 in n q,then Q by(5)and the definition of Q.Hence Q0if and only if Q0. Together with the linearity of,this shows that is an injection,as claimed.We thus conclude that is a bijection from to n q.Hence dimqn.Theorem3.Let,M denote the ideal defined in(5)with respect to the point set and multiplicity vector M.Suppose1,M1and2,M2are such that12.Then1,M12,M21,M12,M2(7) Proof.Let11,M1and22,M2.Then V11and V22by Corollary2.It follows thatV12V1V212Hence,by the weak Nullstellensatz[2,p.168],we have12¯F X,Y,where¯F is the algebraic closure of q.Thus1and2are co-prime,which implies(7)by the Chineese remainder theorem for polynomials.The Divide-and-Conquer Interpolation AlgorithmSplitInterpolation s ,,M1:x i ,y i ,M 1:m i ,i 1,...,s 2;2:x i ,y i ,M 2:m i ,i s 21,...,s ;1:SplitInterpolation s 2,1,M 1;2:SplitInterpolation s s 2,2,M 2;:1j 1X ,Y 2j 2X ,Y ,i j i i ;:Eliminate Q ;Return One can see that the complexity of this algorithm is C n ,r ,ρ2C n 2,r ,ρ2C m C e ,,where C m is the cost of polynomial multiplication and C e is the cost of the elimination step.For the multiplication step there is a problem of efficient multiplication of large polynomials which may appear after processing of many interpolation points.Thus one has either to use FFT-based algorithm operating over some sextension of the original field,or apply a combination of Winograd linear convolution algorithm with some other methods (e.g.,again FFT-based algorithm).For the elimination step,the task is to find a Groebner basis of the poly-nomial module.One can use either the Buchberger algorithm or perform elimination in spectral domain [6].IV.C ONCLUSIONSThe main difference between our approach and the one suggested in [3]is that interpolation subproblems are solved independently and only afterwards their solutions are “merged.”This allows one to solve these subproblems in parallel.Moreover,each of the subproblems has a much smaller dimension than the original problem.However,further analysis is required to find an efficient way for eliminating the redundant entries in module bases obtained during the merging step.R EFERENCES[1] B.Beckermann and bahn.Fraction-free computation of matrix rational interpolants and matrix GCDs.SIAM Journal on Matrix Analysis and Applications ,22(1):114–144,2001.[2] D.Cox,G.Little,and D.O’Shea.Ideals,varieties and algorithms .Springer-Verlag,1992.[3]G.-L.Feng and X.Giraud.Fast algorithm in sudan decoding procedure for reed-solomon codes.preprint ,August 2002.[4] F.R.Gantmakher.Matrices theory .Moscow:Nauka,In Russian,4edition,1988.[5]V .Guruswami and M.Sudan.Improved decoding of Reed-Solomon and algebraic-geometric codes.IEEE Transactions on Information Theory ,45(6):1757–1767,September 1999.[6] D.Henrion and M.Sebek.Reliable numerical methods for polynomial matrix triangularization.IEEE Transactions on Automatic Control ,44(3),March 1999.[7]T.H ØHOLDT ,J.H.VAN L INT ,and R.P ELLIKAAN ,Algebraic geometry codes,in V .S.Pless and W.C.Huffman,Editors,Handbook of Coding Theory ,Elsevier 1998.[8]T.Kailath.Linear systems .Prentice Hall,1985.[9]R.K OETTER and A.V ARDY ,Algebraic soft-decision decoding of Reed-Solomon co-des,IEEE rm.Theory ,vol.49,pp.2009–2025,November 2003.[10]R.Refslund Nielsen and T.Hoholdt.Decoding Reed-Solomon codes beyond half the minimum distance.In Proceedings of theInternational Conference on Coding Theory and Cryptography,Mexico 1998.Springer-Verlag,1998.[11]R.R.Nielsen.List decoding of linear block codes .PhD thesis,Technical University of Denmark,2001.[12]H.O’Keeffe and P.Fitzpatrick.Groebner basis solution of constrained interpolation problems.Linear Algebra and Applications ,351-352:533–551,2002.[13]R.Roth and G.Ruckenstein.Efficient decoding of Reed-Solomon codes beyond half the minimum distance.IEEE Transactionson Information Theory ,46(1):246–257,2000.[14]M.Sudan,“Decoding of Reed-Solomon codes beyond the error correction bound,”Journal of Complexity ,vol.12,pp.180–193,1997.6。

a rXiv:077.1111v1[math.N T]7J ul27SOME F AMILIES OF PERMUTATION POLYNOMIALS OVER FINITE FIELDS MICHAEL E.ZIEVE Abstract.We give necessary and sufficient conditions for a poly-nomial of the form x r (1+x v +x 2v +···+x kv )t to permute the elements of the finite field F q .Our results yield especially simple criteria in case (q −1)/gcd(q −1,v )is a small prime.1.Introduction A polynomial over a finite field is called a permutation polynomial if it permutes the elements of the field.These polynomials first arose in work of Betti [3],Mathieu [6]and Hermite [5]as a way to represent permutations.A general theory was developed by Hermite [5]and Dickson [4],with many subsequent developments by Carlitz and others.It is a challenging problem to produce permutation polynomials of ‘nice’forms.Recently,Akbary,Wang and Wang [2,9]studied binomi-als of the form x u +x r over F q in the case that d :=gcd(q −1,u −r )satisfies (q −1)/d ∈{3,5,7}.Their results were surprising:they gave necessary and sufficient criteria for such binomials to permute F q ,in terms of the period of a (generalized)Lucas sequence in F q .Their proofs were quite complicated,using lengthy calculations involving co-efficients of Chebychev polynomials,lacunary sums of binomial coef-ficients,determinants of circulant matrices,and various unpublished results about factorizations of Chebychev polynomials,among otherthings.Also,their proofs required completely different arguments in each of the cases (q −1)/d ∈{3,5,7}.One naturally wonders whether there might be a uniform approach which works for arbitrary d ,and yields the results of [9,2]as special cases.We present such an approach in this paper,giving short and simple proofs which do not use any of the above-mentioned ingredients.Our results apply to the more general class of polynomials f (x ):=x r h k (x v )t ,where h k (x ):=x k −1+x k −2+···+1and r,v,k,t are positive2MICHAEL E.ZIEVEintegers.The forthcoming paper[1]uses the same methods as[2]toprove some partial results in case t=1and v|(q−1).The statements of our results use the notation s:=gcd(v,q−1),d:=(q−1)/s,and e:=v/s.Note that gcd(d,e)=1.Alsoµd denotesthe set of d th roots of unity in F q,and p is the characteristic of F q.Ourfirst result gives necessary and sufficient conditions for f to bea permutation polynomial:Proposition1.1.f permutes F q if and only if all of the following hold:(1)gcd(r,s)=gcd(d,k)=1(2)gcd(d,2r+vt(k−1))≤2(3)k st≡(−1)(d+1)(r+1)(mod p)(4)g(x):=x r((1−x ek)/(1−x e))st is injective onµd\µ1(5)(−1)(d+1)(r+1)/∈g(µd\µ1).In case d is an odd prime,this specializes to the following: Corollary1.2.Suppose thefirst three conditions of Proposition1.1 hold,and d is an odd prime.Pickω∈F q of order d.Then f permutes F q if and only if there existsθ∈F d[x]withθ(0)=0such that(2r+ (k−1)vt)x+θ(x2)permutes F d and,for every i with0<i<d/2,wehaveωθ(i2)= ωike−ω−ike∈µst for everyζ∈µd\µ1ζ−ζ−1then f permutes F q.(2)If d=3then f always permutes F q.(3)If d=5then f permutes F q if and only if(∗)holds.(4)If d=7then f permutes F q if and only if either(∗)holds orthere existsǫ∈{1,−1}such thatωike−ω−ikePERMUTATION POLYNOMIALS3 for every i∈{1,2,4}.It is straightforward to deduce the results of[9,2,1]from this result, by writing the generalized Lucas sequences in terms of roots of unity. However,our formulation seems to be more useful for both theoretical and practical purposes.We can treat larger values of d as well,but at the cost of having a longer list of possibilities.For instance,with the hypotheses and notation of the above result,if d=11then f permutes F q if and only if either(∗)holds or there is someψ∈C such thatωike−ω−ike4MICHAEL E.ZIEVE3.ProofsIn this section we consider polynomials of the form f(x):=x r h k(x v)t, where h k(x)=x k−1+x k−2+···+1and r,v,k,t are positive integers. We maintain this notation throughout this section,and we also define s:=gcd(v,q−1),d:=(q−1)/s,and e:=v/s.Note that gcd(d,e)=1. We begin with some easy cases with d small:Proposition 3.1.If d=1then f(x)permutes F q if and only if gcd(k,p)=gcd(r,s)=1.If d=2then f(x)permutes F q if and only if gcd(k,2p)=gcd(r,s)=1and k st≡(−1)r+1(mod p).Proof.By Lemma2.1,f permutes F q if and only if gcd(r,s)=1and g(x):=x r h k(x e)st permutesµd.If d=1,the latter condition just says gcd(k,p)=1,since g(1)=k(q−1)t.If d=2then we must have h k(−1)=0,so k odd,whence g(−1)=(−1)r;since g(1)=k st,the result follows. We could treat a few more values of d by the same method as above, but this requires handling several cases already for d=3.We will return to this question later in this section,after proving some results which simplify the analysis.Our next result gives necessary and sufficient conditions for f to per-mute F q;these conditions refine the ones we get directly from Lemma2.1. Proposition3.2.f permutes F q if and only if all of the following hold:(1)gcd(r,s)=gcd(d,k)=1(2)gcd(d,2r+vt(k−1))≤2(3)k st≡(−1)(d+1)(r+1)(mod p)(4)g(x):=x r((1−x ek)/(1−x e))st is injective onµd\µ1(5)(−1)(d+1)(r+1)/∈g(µd\µ1).Proof.By Lemma2.1,f permutes F q if and only if gcd(r,s)=1and ˆg(x):=x r h k(x e)st permutesµd.So assume gcd(r,s)=1.Forζ∈µd\µ1,we haveˆg(ζ)=ζr 1−ζkePERMUTATION POLYNOMIALS 5If ˆg permutes µd then ζ∈µd ˆg (ζ)=ζ∈µdζ=(−1)d +1,but we computeζ∈µd ˆg (ζ)=k st ζ∈µd \µ1ζr1−ζke ωie −ω−ie st.Proof.Since d is odd,squaring permutes µd ,so condition (4)of Propo-sition 3.2is equivalent to injectivity of ˆg (x 2)on µd \µ1.For ζ∈µd \µ1,we haveg (ζ2)=ζ2r 1−ζ2keζe −ζ−e st .For i ∈Z \d Z ,let ψ(i )be theunique element of Z /d Z such that ωψ(i )= ωike −ω−ike6MICHAEL E.ZIEVEDefining ψ(i )=0if i ∈d Z ,it follows that ψinduces a map from Z /d Z to itself,with the properties ψ(−i )=ψ(i )and g (ω2i )=ωi (2r +(k −1)vt )+ψ(i ).Conditions (4)and (5)are equivalent to bijectivity of the map χ:i →in +ψ(i )on Z /d Z ,where n :=2r +(k −1)vt .Since ψ(−i )=ψ(i ),we can write ψ(i )=θ(i 2)where θ∈F d [x ]has degree less than (d −1)/2and has no constant term. Forsmall d ,there are only a few maps ˆθ:F d →F d for whichx +ˆθ(x 2)permutes F d ;this in turn yields manageable descriptionsof the possible permutation polynomials in these cases.Assuming ˆθ(0)=0and deg(ˆθ)<(d −1)/2,the only such map for d =3and d =5is ˆθ=0.For d =7there are three possibilities for ˆθ,namely ˆθ=µx 2with µ∈{0,2,−2}.For d =11there are 25possibilities for ˆθ,but up to the equivalence ˆθ(x )∼ˆθ(α2x )/αwith α∈F ∗d ,there are just fivepossibilities.For d =13there are 133possibilities for ˆθ,including 14classes under the above equivalence.We checked via computer that,for these values of d ,every such map ˆθoccurs as θ/(2r +(k −1)vt )for some permutation polynomial f as in Corollary 3.3,even if we restrict to k =2and t =e =1.Corollary 3.4.Suppose the first three conditions of Proposition 3.2hold,and d is an odd prime.Pick ω∈F q of order d .(a)If(∗)ζk −ζ−kωie −ω−ie st=ω2ǫ(2r +(k −1)vt )ifor every i ∈{1,2,4}.(e)If d =11then f permutes F q if and only if either (∗)holds orthere is some ψ∈C such thatωike −ω−ikePERMUTATION POLYNOMIALS7for every i∈(F∗11)2,where C is the union of the sets{mi:m∈{±3,±5}},{5m3i4+m7i3−2mi2−4m5i:m∈F∗11},and{4m3i4+m7i3−2mi2−5m5i:m∈F∗11}.Proof.We maintain the notation of Corollary3.3.Condition(∗)is the trivial caseθ=0.If d=3or d=5,we plainly must haveθ=0(as wasfirst proved by Betti in1851[3]).This proves the result for d=5. For d=3,condition(3)implies k≡±1(mod3),so forζ∈µd\µ1 we haveζk−ζ−k=±(ζ−ζ−1);since either q or s is even,this implies (ζk−ζ−k)s=(ζ−ζ−1)s,so(∗)holds.Suppose d=7,and write n:=2r+(k−1)vt;then gcd(7,n)=1by condition(2).It is easy to determine the possibilities forθ,as wasfirst done by Hermite in1863[5]:θ=µx2whereµ∈{0,2n,−2n}.The result follows.The case d=11is treated similarly.References[1]A.Akbary,S.Alaric and Q.Wang,On some classes of permutation polynomials,Int.J.Number Theory,to appear.[2]A.Akbary and Q.Wang,On some permutation polynomials overfinitefields,Int.J.Math.Math.Sci.(2005)2631–2640.[3]E.Betti,Sopra la risolubilit`a per radicali delle equazioni algebriche irriduttibilidi grado primo,Annali di Scienze Matematiche e Fisiche2(1851)5–19.(=Opere Matematiche,v.1,17–27)[4]L.E.Dickson,The analytic representation of substitutions on a power of aprime number of letters with a discussion of the linear group,Ann.of Math.11 (1896-7)65–120and161–183.[5]Ch.Hermite,Sur les fonctions de sept lettres,C.R.Acad.Sci.Paris57(1863)750–757.[6]´E.Mathieu,M´e moire sur l’´e tude des fonctions de plusieurs quantit´e s,sur lamani`e re de les former et sur les substitutions qui les laissent invariables,J.Math.Pures Appl.6(1861)241–323.[7]Y.H.Park and J.B.Lee,Permutation polynomials with exponents in an arith-metic progression,Bull.Austral.Math.Soc.57(1998)243–252.[8]D.Wan and R.Lidl,Permutation polynomials of the form x r f(x(q−1)/d)andtheir group structure,Monatsh.Math.112(1991)149–163.[9]L.Wang,On permutation polynomials,Finite Fields Appl.8(2002)311–322.Center for Communications Research,805Bunn Drive,Princeton NJ08540E-mail address:zieve@URL:/∼zieve/。

不可约多项式外文文献加翻译不可约多项式外文文献加翻译= irreducible polynomialLet f (x) = fl (x)ll--fk(x)lk be the standard factorization of f(x) in the polynomial ring F[x], where fi (x) is an irreducible polynomial with leading coefficient 1 and degree ni.f (x) =f_l (x) 1・・・f_k (x) ~lk是f (x)在多项式环F[x]中的标准分解式,f_i (x)是最高系数为1、次数为n_i的不可约多项式.In this note, we suppose n is a composite, Z_n is a residue class ring mod n> r (x) WZ_n[x] and r (x) is a monic irreducible polynomial of degree k (k>0) over Z_n.设n是一个合数,Z_n表示模n的剩余类环,r (x) EZ_n[x]是一个首一的k(>0)次不可约多项式。

From these, the cyclic Zq? code with the generator hm(x) whichis primitive basic irreducible polynomial over Zq can be mapped for nonlinearcode with big distance over Zp.由此将Zq上的一类由本原基本不可约多项式hm(x)生成的循环码映射成Zp上具有较大距离的非线性码，其中本原基本不可约多项式hm(x)是指hm(x)在模p映射下的象hm(x)是Zp [x]中的本原多项式.As a matter of fact, the met hod starts from Z_2, and t here is an irreducible polynomial x~2+x+l over Z_2. As a generating element, which may be regarded as a Princpal Ideal (x~2+x+l). Therefore, as are know from the thory of Modern Algebra, Z_2[x]/(x~2+x+l) is a Finite Fields.这一方法实质上是从Z_2岀发，以Z_2上的一个不可约多项式x~2+x+l 为生成元做一个主理想(x~2+x+l),然后由近世代数的理论知Z_2[x]/(x~2+x+l)是一个有限域，从而得到了GF⑷。

chevalley-warning定理-回复Chevalley's Theorem, also known as the Chevalley Warning Theorem, is an important result in algebraic geometry. This theorem provides a necessary condition for a polynomial equation to have a solution in a finite field. In this article, we will dive into the details of Chevalley’s Theorem, step by step, explaining its significance and proofs.To understand Chevalley's Theorem, let's start with some foundational concepts. A finite field is a mathematical structure in which addition, subtraction, multiplication, and division are defined in such a way that the set of elements is finite. For example, the set of integers modulo a prime number, denoted as Z/pZ, where p is a prime number, is a finite field. In algebraic geometry, finite fields play a crucial role in studying polynomial equations.Now, let's state Chevalley's Theorem formally. Given a polynomial equation over a finite field, the theorem states that if the number of variables is greater than the total degree of the polynomials involved, then the equation has a solution in the finite field.To understand this theorem better, let's consider an example.Suppose we have the equation:f(x, y, z) = 0where f is a polynomial of degrees n, m, and k in variables x, y, and z, respectively. Chevalley's Theorem tells us that if n + m + k < p, where p is the order of the finite field, then the equation has a solution in the finite field.The significance of Chevalley's Theorem lies in its ability to provide a necessary condition for solutions to exist in a finite field. It tells us that if there are too many variables relative to the degrees of the polynomials involved, then the equation won't have a solution in the finite field. This condition is crucial in algebraic geometry and has applications in various fields, including coding theory and cryptography.The proof of Chevalley's Theorem involves utilizing the concept of algebraic varieties and their corresponding coordinate rings. An algebraic variety is a set of points that satisfy a system of polynomial equations. The coordinate ring of an algebraic variety provides a way to assign algebraic structures to the points on thevariety. The key to proving Chevalley's Theorem lies in establishing a connection between the number of variables, the degrees of the polynomials, and the dimension of the variety.To provide a step-by-step proof of Chevalley's Theorem within the word limit of this article is a challenging task. However, I can outline the general steps involved:1. Define the algebraic variety corresponding to the polynomial equation.2. Establish a connection between the coordinate ring of the variety and the polynomial equation.3. Use the concept of degrees of polynomials and the coordinate ring to derive the dimension of the variety.4. Show that if the number of variables is greater than the dimension of the variety, then the equation has a solution in the finite field.5. Prove that if the number of variables is less than or equal to the dimension of the variety, then the equation does not have a solution in the finite field.Each of these steps requires intricate mathematical reasoning andcan be explored in more detail in research papers and textbooks that focus on algebraic geometry and finite fields.In conclusion, Chevalley's Theorem, also known as the Chevalley Warning Theorem, provides a necessary condition for a polynomial equation to have a solution in a finite field. This theorem helps us understand the relationship between the number of variables, the degrees of the polynomials involved, and the existence of solutions in finite fields. Its significance lies in its applications in various fields and its role in understanding algebraic varieties and coordinate rings. While providing a detailed step-by-step proof is beyond the scope of this article, the overall approach involves connecting algebraic varieties, coordinate rings, and dimensions of varieties.。

Binary-Input RS EncoderThe Binary-Input RS Encoder block creates a Reed-Solomon code with message length K and codeword length N. You specify both N and K directly in the dialog box. The symbols for the code are binary sequences of length M, corresponding to elements of the Galois field GF(2M), where the first bit in each sequence is the most significant bit. Restrictions on M and N are given in the section Restrictions on the M and the Codeword Length N below. The difference N-K must be an even integer. The input and output are binary-valued signals that represent messages and codewords, respectively. The input must be a frame-based column vector whose length is an integer multiple of M*K. For more information on representing data for Reed-Solomon codes, see the section Integer Format (Reed-Solomon only)." The default value of M is the smallest integer that is greater than or equal to log2(N+1), that is, ceil(log2(N+1)). If N is less than 2M-1, the block uses a shortened Reed-Solomon code. Each M*K input bits represent K integers between 0 and 2M-1. Similarly, each M*N output bits represent N integers between 0 and 2M-1. These integers in turn represent elements of the Galois field GF(2M). An (N,K) Reed-Solomon code can correct up to floor((N-K)/2) symbol errors (not bit errors) in each codeword.Specifying the Primitive PolynomialYou can specify the primitive polynomial that defines the finite field GF(2M), corresponding to the integers that form messages and codewords. To do so, first select the box next to Specify primitive polynomial. Then, in the Primitive polynomial field, enter a binary row vector that represents a primitive polynomial over GF(2) of degree M, in descending order of powers. Forexample, to specify the polynomial ,enter the vector [1 0 1 1]. If you do not select the box next to Specify primitive polynomial, the block uses the default primitive polynomial of degree M = ceil(log2(N+1)). You can display the default polynomial by entering primpoly(ceil(log2(N+1))) at the MATLAB prompt.Restrictions on the M and the Codeword Length NThe restrictions on the degree M of the primitive polynomial and the codeword length N are as follows:If you do not select the box next to Specify primitive polynomial, N mustlie in the rangemust lie in the range .If you do select the box next to Specify primitive polynomial, N must lie inthe range and M must lie in the range .Specifying the Generator PolynomialYou can specify the generator polynomial for the Reed-Solomon code. To do so, first select the box next to Specify generator polynomial. Then, in the Generator polynomial field, enteran integer row vector whose entries are between 0 and 2M-1. The vector represents a polynomial, in descending order of powers, whose coefficientsare elements of GF(2M) represented in integer format. See the section Integer Format (Reed-Solomon only) for more information about integer format. The generator polynomial must be equal to a polynomial with a factored form, where a is the primitive element of the Galois field over which the input message is defined, and b is anon-negative integer. If you do not select the box next to Specify generator polynomial, the block uses the default generator polynomial, corresponding tob=1, for Reed-Solomon encoding. You can display the default generator polynomial by typing rsgenpoly(N1,K1), where N1=2^M-1 and K1=K+(N1-N),at the MATLAB prompt, if you are using the default primitive polynomial. If the Specify primitive polynomial box is selected, and you specify the primitive polynomial specified as poly, the default generator polynomial is rsgenpoly(N1,K1,poly).Binary-Output RS DecoderThe Binary-Output RS Decoder block recovers a binary message vectorfrom a binary Reed-Solomon codeword vector. For proper decoding, the parameter values in this block should match those in the corresponding Binary-Input RS Encoder block. The Reed-Solomon code has message lengthK and codeword length N. You specify both N and K directly in the dialog box.The symbols for the code are binary sequences of length M, corresponding to elements of the Galois field GF(2M), where the first bit in each sequence isthe most significant bit. Restrictions on M and N are described in the section Restrictions on the M and the Codeword Length N. The difference N-K mustbe an even integer. The input and output are binary-valued signals that represent messages and codewords, respectively. The input must be a frame-based column vector whose length is an integer multiple of M*K. The output isa frame-based column vector whose length is the same integer multiple ofM*N. For more information on representing data for Reed-Solomon codes,see the section Integer Format (Reed-Solomon only)." The default value of Mis ceil(log2(N+1)), that is, the smallest integer greater than or equal tolog2(N+1). You can change the value of M from the default by specifying the primitive polynomial for GF(2M), as described in the section Specifying the Primitive Polynomial below. If N is less than 2M-1, the block uses a shortenedReed-Solomon code. You can also specify the generator polynomial for theReed-Solomon code, as described in the section Specifying the Generator Polynomial. Each M*K input bits represent K integers between 0 and 2M-1. Similarly, each M*N output bits represent N integers between 0 and 2M-1. These integers in turn represent elements of the Galois field GF(2M). The second output is a vector of the number of errors detected during decoding ofthe codeword. A -1 indicates that the block detected more errors than it could correct using the coding scheme. An (N,K) Reed-Solomon code can correct up to floor((N-K)/2) symbol errors (not bit errors) in each codeword. You can disable the second output by clearing the box next to Output port for number of corrected errors. This removes the block's second output port.Integer-Input RS EncoderThe Integer-Input RS Encoder block creates a Reed-Solomon code with message length K and codeword length N. You specify both N and K directly in the block dialog. The symbols for the code are integers between 0 and 2M-1, which represent elements of the finite field GF(2M). Restrictions on M and N are described in the section Restrictions on M and the Codeword Length N below. The difference N - K must be an even integer. The input and output are integer-valued signals that represent messages and codewords, respectively. The input must be a frame-based column vector whose length is an integer multiple of K. The output is a frame-based column vector whose length is the same integer multiple of N. For more information on representing data for Reed-Solomon codes, see the section Integer Format (Reed-Solomon only)." The default value of M is the smallest integer that is greater than or equal to log2(N+1), that is, ceil(log2(N+1)). You can change the value of M from the default by specifying the primitive polynomial for GF(2M), as described in the section Specifying the Primitive Polynomial following. If N is less than 2M-1, the block uses a shortened Reed-Solomon code. An (N, K) Reed-Solomon code can correct up to floor((N-K)/2) symbol errors (not bit errors) in each codeword.Specifying the Primitive PolynomialYou can specify the primitive polynomial that defines the finite fieldGF(2M), corresponding to the integers that form messages and codewords. To do so, first check the box next to Specify primitive polynomial. Then, in the Primitive polynomial field, enter a binary row vector that represents a primitive polynomial over GF(2) of degree M, in descending order of powers. For example, to specify the polynomial, enter the vector [1 0 1 1].If you do not select the box next to Specify primitive polynomial, the block uses the default primitive polynomial of degree M = ceil(log2(N+1)). You can display the default polynomial by entering primpoly(ceil(log2(N+1))) at the MATLAB prompt.Restrictions on M and the Codeword Length NThe restrictions on the degree M of the primitive polynomial and the codeword length N are as follows:If you do not select the box next to Specify primitive polynomial, N mustlie in the rangeIf you do select the box next to Specify primitive polynomial, N must lie inthe range and M must lie in the rangeSpecifying the Generator PolynomialYou can specify the generator polynomial for the Reed-Solomon code. To do so, first select the box next to Specify generator polynomial. Then, in the Generator polynomial field, enter an integer row vector whose entries are between 0 and 2M-1. The vector represents a polynomial, in descending order of powers, whose coefficients are elements of GF(2M) represented in integer format. See the section Integer Format (Reed-Solomon only) for more information about integer format. The generator polynomial must be equal to a polynomial with a factored formwhere a is the primitive element of the Galois field over which the input message is defined, and b is an integer. If you do not select the box next to Specify generator polynomial, the block uses the default generator polynomial, corresponding to b=1, for Reed-Solomon encoding. You can display the default generator polynomial by typing rsgenpoly(N1,K1), where N1 = 2^M-1 and K1 = K+(N1-N), at the MATLAB prompt, if you are using the default primitive polynomial. If the Specify primitive polynomial box is selected, and you specify the primitive polynomial specified as poly, the default generator polynomial is rsgenpoly(N1,K1,poly).Integer-Output RS DecoderThe Integer-Output RS Decoder block recovers a message vector from a Reed-Solomon codeword vector. For proper decoding, the parameter values in this block should match those in the corresponding Integer-Input RS Encoder block.The Reed-Solomon code has message length K and codeword length N. You specify both N and K directly in the block dialog. The symbols for the code are integers between 0 and 2M-1, which represent elements of the finite field GF(2M). Restrictions on M and N are described in the section Restrictions on M and the Codeword Length N following. The difference N - K must be an even integer.The input and output are integer-valued signals that represent messages and codewords, respectively. The input must be a frame-based column vectorwhose length is an integer multiple of K. The output is a frame-based column vector whose length is the same integer multiple of N. For more informationon representing data for Reed-Solomon codes, see the section Integer Format (Reed-Solomon only)."The default value of M is ceil(log2(N+1)), that is, the smallest integer greater than or equal to log2(N+1). You can change the value of M from the default by specifying the primitive polynomial for GF(2M), as described in the section Specifying the Primitive Polynomial below. If N is less than 2M-1, the block uses a shortened Reed-Solomon code.You can also specify the generator polynomial for the Reed-Solomon code, as described in the section Specifying the Generator Polynomial.An (N, K) Reed-Solomon code can correct up to floor((N-K)/2) symbol errors (not bit errors) in each codeword.The second output is the number of errors detected during decoding of the codeword. A -1 indicates that the block detected more errors than it could correct using the coding scheme. An (N,K) Reed-Solomon code can correct up to floor((N-K)/2) symbol errors (not bit errors) in each codeword.You can disable the second output by clearing the box next to Output number of corrected errors. This removes the block's second output port.The sample times of the input and output signals are equal.二进制输入RS编码二进制输入的RS编码器的结构创建一个消息长度为k和码字长度n的Reed - Solomon码。

Improved Decoding of Reed-Solomon and Algebraic-Geometric Codes Venkatesan Guruswami Madhu SudanAbstractGiven an error-correcting code over strings of length and an arbitrary input string also of length,the list decod-ing problem is that offinding all codewords within a specified Hamming distance from the input string.We present an im-proved list decoding algorithm for decoding Reed-Solomon codes.The list decoding problem for Reed-Solomon codes reduces to the following“curve-fitting”problem over afield :Given points,,and a degree parameter and error parameter,find all univariate poly-nomials of degree at most such that for all but at most values of.We give an algorithm that solves this problem for,where the result yields thefirst asymptotic improvement in four decades[15].The algorithm generalizes to solve the list decoding prob-lem for other algebraic codes,specifically alternant codes(a class of codes including BCH codes)and algebraic-geometric codes.In both cases,we obtain a list decoding algorithm that corrects up toLaboratory for Computer Science,MIT,545Technology Square,Cambridge,MA02139, USA.email:venkat,madhu@.that yield codes for any.The alphabet for such a code is afinitefield.The messagespecifies a polynomial of degree over in some formal variable(by giving its coefficients).The mapping maps this code to its evaluation at distinct values of chosen from(hence it needs).The distanceproperty follows immediately from the fact that two degreepolynomials can agree in at most places.The decoding problem for an code is the problemoffinding a codeword in that is within a distance of from a“received”word.In particular it is interesting to study the error-rate that can be corrected as a function of the message rate.For a family of Reed-Solomon codes of constant message rate and constant error rate,thetwo brute-force approaches to the decoding problem(comparewith all codewords,or look at all words in the vicinity of thereceived word)take time exponential in.It is therefore a non-trivial task to solve the decoding problem in polynomial time in.Surprisingly,a classical algorithm due to Peterson[15] manages to solve this problem in polynomial time,as long asthen there may exist several different codewords within distance of a received word,and so the decoding algorithm cannot possibly always recover the“correct”message if it outputs only one solution.This motivates the list decoding problem,first defined in[6] (see also[7])and sometimes also termed the bounded-distance decoding problem,that asks,given a received word, to reconstruct a list of all codewords within a distance from the received word.List decoding offers a potential for re-covery from errors beyond the traditional“error-correction”bound(i.e.,the quantity)of a code.Loosely,we refer to a list decoding algorithm reconstructing all codewords within distance of a received word as an“error-correcting”algo-rithm.Again we can study as a function of. Till recently,no asymptotic benefits were achieved using the list decoding approach to recover from errors.The only im-provements known over the algorithm of[15]were decoding algorithms due to Sidelnikov[20]and Dumer[5]which correcterrors, thus achievingerrors(and thus achieves.Our algorithm is based on the algorithm of[22]in that it uses properties of algebraic curves in the plane. The main modification is in the fact that we use the proper-ties of“singularities”of these curves.As in the case of[22] our algorithm uses the notion of plane curves to reduce our problem to a bivariate polynomial factorization problem over (actually only a root-finding problem for univariate polyno-mials over the rational functionfield).This task can be solved deterministically overfinitefields in time polynomial in the size of thefield or probabilistically in time polynomial in the logarithm of the size of thefield and can also be solved deterministically over the rationals and reals[10,12,13].Thus our algorithm ends up solving the curve-fitting problem over fairly generalfields.It is interesting to contrast our algorithm with results which show bounds on the number of codewords that may exist with a distance of from a received word.One such result,due to Goldreich et al.[9],shows that the number of solutions to the list decoding problem is bounded by a polynomial in ifas wefix and let.These bounds are of interest in that they hint at a potential limitation to further improvements to the list decoding approach.Finally we point out that the main focus of this paper is on getting polynomial time algorithms maximizing the number of errors that may be corrected.Extensions to Algebraic-Geometric Codes Algebraic-geometric codes are a class of algebraic codes that include the Reed-Solomon codes as a special case.These codes are of significant interest because they yield explicit construction of codes that beat the Gilbert-Varshamov bound over small al-phabet sizes[24](i.e.,achieve higher value of for infinitely many choices of and than that given by the probabilistic method).Decoding algorithms for algebraic-geometric codes are typically based on decoding algorithms for Reed-Solomon codes.In particular,Shokrollahi and Wasserman[19]gener-alize the algorithm of Sudan[22]for the case of algebraic-geometric codes.Specifically,they provide algorithms for factoring polynomials over some algebraic functionfields;and then show how to decode using this factoring ing a similar approach,we extend our decoding algorithm to the case of algebraic-geometric codes and obtain a list decoding algorithm correcting an algebraic-geometric code for up toerrors(here is the genus of the algebraic curve underlying the code).This algorithm uses a root-finding algorithm for univariate polyno-mials over algebraic functionfields as a subroutine and some additional algorithmic assumptions about the underlying alge-braic structures:The assumptions are described precisely inSection4.Other extensions One aspect of interest with decoding al-gorithms is how they tackle a combination of erasures(i.e, some letters are explicitly lost in the transmission)and er-rors.Our algorithm generalizes naturally to this case.An-other interesting extension of our algorithm is the solution to a weighted version of the curve-fitting problem:Given a set of pairs and associated non-negative in-teger weights,find all polynomials such thatThe evolution of the solution to the“curve-fitting”problem is some-what interesting.The initial solutions of Peterson[15]did not explicitly solve the curvefitting problem at all.The solution provided by Welch and Berlekamp[27,3]do work in this setting,even though the expositions there do not mention the curvefitting problem(see in particular,the description in[8]).Their problem statement,however,disallows repeated values of. Sudan’s[22]allows for repeated’s but does not allow for repeated pairs of .Our solution generalizes this one more step by allowing a weighting of!thefirst phase itfinds a polynomial in two variables which “fits”the points,wherefitting impliesfor all.Then in the second phase itfinds all small degree roots of i.efinds all polynomials of degree at most such that or equivalently is a factor of;and these polynomials form candidates for the output.The main assertions are that(1)if we allowto have a sufficiently large degree then thefirst phase will be successful infinding such a bivariate polynomial,and(2)if and have low degree in comparison to the number of points where,then will be a factor of.Our algorithm has a similar plan.We willfind of low weighted degree that“fits”the points.But now we will expect more from the“fit”.It will not suffice that is zero—we will require that every point is a“singularity”of. Informally,a singularity is a point where the curve given by intersects itself.We will make this notion formal as we go along.In ourfirst phase the additional constraints will force us to raise the allowed degree of.However we gain(much more)in the second phase.In this phase we look for roots of and now we know that passes through many singularities of,rather than just points on.In such a case we need only half as many singularities as regular points,and this is where our advantage comes from.Pushing the idea further,we can force to intersect itself at each point as many times as we want:in the algorithm described below,this will be a parameter.There is no limit on what we can choose to be:only our running time increases with.We will choose sufficiently large to handle as many errors as feasible.(In the weighted version of the curvefitting problem,we force the polynomial to pass through different points a different number times,where is proportional to the weight of the point.)Finally,we come to the question of how to define“singu-larities”.Traditionally,one uses the partial derivatives of to define the notion of a singularity.This definition is,however, not good for us since the partial derivatives overfields with small characteristic are not well-behaved.So we avoid this direction and define a singularity as follows:Wefirst shift our coordinate system so that the point is the origin.In the shifted world,we insist that all the monomials of with a non-zero coefficient be of sufficiently high degree.This will turn out to be the correct notion.(The algorithm of[22]can be viewed as a special case,where the coefficient of the constant term of the shifted polynomial is set to zero.)Wefirst define the shifting method precisely:For a polyno-mial and we will say that the shifted poly-nomial is the polynomial given byNotice that shifting does not change the weighted degree for any weighting.Also,observe that follow-ing explicit relation between the coefficients of andthe coefficients of holds:In particular observe that the coefficients are obtained by a linear transformation of the original coefficients.2.2AlgorithmDefinition2(weighted degree)For non-negative weights ,the-weighted degree of the monomial is defined to be.For a bivariate polynomial, and non-negative weights,the-weighted de-gree of,denoted--,is the maximum over all monomials with non-zero coefficients in of the-weighted degree of the monomial.We now describe our algorithm for the polynomial reconstruc-tion problem.Parameters:,:and.Step1:Find a polynomial such that--,i.e.,find values for its coefficients such that the following conditions hold:1.At least one is non-zero2.For every,if is the shift of to,then all coefficients of of total degree less thanare.More specifically:s.t.Step2:Find all polynomials of degree at most such that is a root of(i.e,is a factor of ).For each such polynomial check iffor at least values of,and if so,include in output list.Remark:Step2above can be performed in polynomial time by using the bivariate polynomial factorization algorithm of Grigoriev[10]or Kaltofen[12](that work over thefinitefields as well as the rationals)or by using the more efficient root-finding algorithm of Shokrollahi[18](for thefinitefield case).2.3Analysis of the AlgorithmWe now proceed to prove our main result on polynomial reconstruction,stated as Theorem7at the end of this section. We willfirst prove a few necessary lemmas.In what follows can be any polynomial returned in Step1of the algorithm. Lemma3If is an input point and is any poly-nomial such that,then divides.Proof:Let be the polynomial given by.Notice that.Hence,for some polynomial.Now,considerWefirst argue that. To see this,observe thatNow,by construction,has no coefficients of total degree less than.Thus by substituting for,we are left with a polynomial such that divides.Shifting back we have divides. Lemma4If is a polynomial of degree at most such that for at least values of and, then divides.Proof:Consider the polynomial.By the definition of weighted degree,and the fact that the-weighted degree of is at most,we have that is a polynomial of degree at most.By Lemma3,for every such that,we know that divides .Thus if is the set of such that, then divides.(Notice in particular that for any pair,since then we would have.)By the hypothesis,and hence we have a polynomial of de-gree at least dividing which is a polynomial of degree at most.This can happen only if.Thus wefind that is a root of(where the latter is viewed as a polynomial in with coefficients from the ring of polynomials in).By the division algorithm,this implies that divides.All that needs to be shown now is that a polynomial as sought for in Step1does exist.The lemma below shows this conditionally.Lemma5IfProof:Notice that the computational task in Step1is that of solving a homogeneous linear system.A non-trivial solution exists as long as the rank of the system is strictly smaller than the number of unknowns.The rank of the system may be bounded from above by the number of constraints,which is.The number of unknowns equals the number of monomials of-weighted degree at most and this number equalsand the result follows.Lemma6If satisfy,then for the choice of made in our algorithm,which simplifies to or,equivalently,Hence it suffices to pick to be an integer greater than the larger root of the above quadratic,and therefore pickingsuffices,and this is exactly the choice made in the algorithm.Theorem7The polynomial reconstruction problem problem can be solved in time polynomial in,providedcan be list-decoded in polynomial time.Remark:Since affects the running time of our algorithm, we point out that if one is given,for some constant,then may be set to some constant depending on alone(and independent of),assuming the rateof the code is a constant.In this case,therefore,the number of polynomials output will be at most a constant(that depends on).3Some easy extensionsWe start by describing some easy consequences and ex-tensions of the algorithm of Section2.Thefirst three results are just applications of the curve-fitting algorithm.The fourth result revisits the curve-fitting algorithm to get a solution to a weighted curve-fitting problem.3.1Alternant codesWefirst describe a generalization of Reed Solomon codes termed alternant codes that includes a wide family of codes such as BCH codes,Goppa codes etc.Definition9(Alternant Codes([14],12.2))For positive in-tegers,prime power,vector of distinct ele-ments,and vector of nonzero elements,the Generalized Reed-Solomon code is the code whose messages cor-respond to polynomials of degreeand where the encoding of the message is the string.The alternant code is the intersection of with.It is obvious that the Generalized Reed-Solomon code has distance at least.Thus this holds also for the alternant code.We term this the designed distance of the alternant code.The actual rate and distance of the code are harder to determine.The rate lies somewhere betweenand and thus the distance lies between and.Playing with the vector might alter the rate and the distance(which is presumably why it is used as a parameter).The decoding algorithm of the previous section can be used to decode alternant codes as well.Given a received word,we use as input to the polynomial reconstruction problem the pairs,where and are elements of.The list of polynomials output includes all possible codewords from the alternant code.Thus the decoding algorithm for the earlier section is really a decoding algorithm for alternant codes as well;with the caveat that its performance can only be compared with the designed distance,rather than the actual distance. The following theorem summarizes the scope of the decoding algorithm.Theorem10Let be an alternant code with de-signed distance(and thus satisfyingerrors.(We note that decoding algorithms given in classical texts seem to correct errors.We are unaware of the more recent work on this topic.)3.2Other models of errorThe algorithm of Section2is also capable of dealing with other notions of corruption of information.A much weaker notion of corruption(than an“error”)in data transmission is that of an“erasure”:Here a transmitted symbol is either simply“lost”or received in obviously corrupted shape.We now note that the decoding algorithm of Section2handles the case of errors and erasure naturally.Suppose symbols were transmitted and were received and symbols got erased.(We stress that the problem definition specifies that the receiver knows which symbols are erased.)The problem just reduces to a polynomial reconstruction problem on points.An application of Theorem7yields that errors can be corrected provided.The classical results of this nature show that one can solve the decoding problem if.To compare the two results we restate both result.The classical result can be rephrased asBy the AM-GM inequality it is clear that the second one holds whenever thefirst holds.3.3Decoding with uncertain receptionsConsider the situation when,instead of receiving a single word,for each we receive a list of possibilities such that one of them is correct (but we do not know which one).Once again,as in normal list decoding,we wish tofind out all possible codewords which could have been possibly transmitted,except that now the guarantee given to us is not in terms of the number of errors possible,but in terms of the maximum number of uncertain possibilities at each position of the received word.Let us call this problem decoding from uncertain receptions.One can prove,along the lines of the proof of Theorem7,that: Theorem12List decoding from uncertain receptions on aReed-Solomon code can be done in polynomial time provided the number of“uncertain possibili-ties”at each position is(strictly)less than. 3.4Weighted curvefittingAnother natural extension of the algorithm of Section2is to the case of weighted curvefitting.This case is somewhat moti-vated by a decoding problem called the soft-decision decoding problem(see[26]for a formal description),as one might use the reliability information on the individual symbols in the re-ceived word moreflexibly by encoding them appropriately as the weights below instead of declaring erasures.At this point we do not formalize the explicit connection between the two. Instead we just state the weighted curvefitting problem and describe our solution to this problem.Problem3(Weighted polynomial reconstruction)I NPUT:points,non-negative in-teger weights,and parameters and.O UTPUT:All polynomials such that is at least.The algorithm of Section2can be modified as follows: In Step1,we couldfind a polynomial which has a sin-gularity of order at the point.Thus we would now have constraints.If a polynomial passes through the points for,then will ap-pear as a factor of provided is greater than --.Optimizing over the weighted degree of yields the following theorem.Theorem13The weighted polynomial reconstruction prob-lem can be solved in time polynomial in the sum of’s pro-videdinevitable:the class of algebraic geometric codes are vast and not all of them have constructive algorithms associated with them.Our assumptions are nearly the same as those of[19].)Our algorithm yields an algorithm for list decod-ing which corrects up toerrors.4.1DefinitionsAn algebraic-geometric code is built over a structure termed an algebraic functionfield.An algebraic functionfield is described by a six-tupleis afinitefield with elements,with,but this will be irrelevant to us).,called the rational points ofis a set of functions from(where is a special symbol representing an undefined value).It is usually customary to refer to just as the functionfield (and letting the other components of be implicit)..is called the order of the function at point..(In what follows we let denote the function.)2.Rational points:For every and,.3.Order properties:(The order is a common generalizationof the degree of a function as well as its r-mally,the quantity:the order function satisfies:(a);.(b).(c).4.Distance property:Ifand.Of particular interest will be functions which may have positive order at only one point.Since,.Finally at we have.Thus summing over all and thus using Property4above.This yields the distance property as required.Codes constructed as above and achieving(in the limit of large)are known for constant alphabet size. In fact,such codes achieving bounds better than those known by probabilistic constructions are known for[24]. 4.2The Decoding AlgorithmWe now describe the extension of our algorithm to the case of algebraic-geometric codes.As usual we will try to describe the data points by some polynomial.We follow[19]and let be a polynomial in a formal variable with coefficients from(i.e.,).Now given a value of,will yield an element of.By definition such an element of has a value at andjust as in[19]we will also require to evaluate to zero.We,however,will require more and insist that“behave”like a zero of multiplicity of;since and,we need to be careful in specifying the conditions to achieve this.We,as in[19],also insist that has a small(but positive)order at for any substitution of with a function in of order at most at the point.Having found such a,we then look for roots of.What remains to be done is to explicitly express the condi-tions(i)behaves like a zero of order of for ,and(ii)for any,where is a parameter that will be set later(and which will play the same role as the in our decoding algorithm for Reed-Solomon codes).To do so,we assume that we are explicitly given func-tions such that and such that.Let1.The setsuch that for every,.This assumption is a very rea-sonable one since Lemma16essentially describesan algorithm to compute this set given the ability toperform arithmetic in the functionfield.2.A polynomial-time algorithm tofind roots(in)of polynomials in where the coefficients(ele-ments of)are specified as a formal sum of’s.(The cases for which such algorithms are known aredescribed in[19,18].)The Algorithm:Algorithm Parameters:,:and.(Recall that.)Step1:Find of the form,i.efind values of the coefficients such that the following conditions hold:1.At least one is non-zero.2.For every,,,such that,Step2:Find all roots of the polynomial .For each such,check if for at least values of,and if so,include in output list.(This step can be performed by either completely factoringusing algorithms presented in[19],or more efficiently by using the root-finding algorithm of[18].)4.3Analysis of the AlgorithmWe start by looking at.Recall that for any, .By the condition(2)which we imposed on,we have whenever.Lemma17For,if satisfies,then.Proof:We have,for any such,and using(2), this yields Since for,, and if is defined by,then,we get as desired.Lemma18If is such that for at least values of and,then divides .Proof:Using Lemma17,we get.Since,we have,then a as sought in Step1does exist(and can be found in polynomial time by solving a linear system).Proof:The proof follows that of Lemma5.The computa-tional task in Step1is once again that of solving a homoge-neous linear system.A non-trivial solution exists as long as the number of unknowns exceeds the number of constraints.The number of constraints in the linear system is,while the number of unknowns equalsand both hold.Proof:Analogous to the proof of Lemma6.Our main theorem now follows from Lemmas18-20. Theorem21Let be an algebraic-geometric code over an algebraic functionfield of genus(with).Then there exists a polynomial time list decoding algorithm for that works for up toerrors(provided the assumptions of the algorithm of Section4.2are satisfied).References[1]S.A R,R.L IPTON,R.R UBINFELD AND M.S UDAN.Re-constructing algebraic functions from mixed data.SIAM Journal on Computing,28(2):488-511,1999.[2]E.R.B ERLEKAMP.Algebraic Coding Theory.McGrawHill,New York,1968.[3]E.R.B ERLEKAMP.Bounded Distance Soft-DecisionReed-Solomon Decoding.IEEE Transactions on Infor-mation Theory,42(3):704-720,1996.[4]R.E.B LAHUT.Theory and Practice of Error ControlCodes.Addison-Wesley,Reading,Massachusetts,1983.[5]I.I.D UMER.Two algorithms for the decoding of linearcodes.Problems of Information Transmission,25(1):24-32,1989.[6]P.E LIAS.List decoding for noisy channels.TechnicalReport335,Research Laboratory of Electronics,MIT, 1957.[7]P.E LIAS.Error-correcting codes for list decoding.IEEETransactions on Information Theory,37:5-12.1991. [8]P.G EMMELL AND M.S UDAN.Highly resilient correctorsfor multivariate rmation Processing Letters,43(4):169-174,1992.[9]O.G OLDREICH,R.R UBINFELD AND M.S UDAN.Learningpolynomials with queries:The highly noisy case.FOCS, 1995.[10]D.G RIGORIEV.Factorization of Polynomials over a Fi-nite Field and the Solution of Systems of Algebraic Equations.Translated from Zapiski Nauchnykh Sem-inarov Lenningradskogo Otdeleniya Matematicheskogo Instituta im.V.A.Steklova AN SSSR,137:20-79,1984.[11]J.J USTESEN.Bounds on list decoding of MDS codes.Manuscript,April1998.[12]E.K ALTOFEN.A Polynomial-Time Reduction from Bi-variate to Univariate Integral Polynomial Factorization.FOCS,1982.[13]E.K ALTOFEN.Polynomial factorization1987–1991.LATIN’92,I.Simon(Ed.)Springer LNCS,v.583:294-313,1992.[14]F.J.M AC W ILLIAMS AND N.J.A.S LOANE.The Theoryof Error-Correcting Codes.North-Holland,Amsterdam, 1981.[15]W.W.P ETERSON.Encoding and error-correction proce-dures for Bose-Chaudhuri codes.IRE Transactions on Information Theory,IT-60:459-470,1960.[16]J.R ADHAKRISHNAN.Personal communication,January,1996.[17]R.M.R OTH AND G.R UCKENSTEIN.Efficient decod-ing of Reed-Solomon codes beyond half the minimum distance.Manuscript,August1998.Submitted to IEEE Transactions on Information Theory.[18]M.A.S puting roots of polynomialsover functionfields of curves.Manuscript,June1998.[19]M.A.S HOKROLLAHI AND H.W ASSERMAN.Decodingalgebraic-geometric codes beyond the error-correction bound.STOC,1998.[20]V.M.S IDELNIKOV.Decoding Reed-Solomon codes be-yond and zeros of multivariate polynomi-als.Problems of Information Transmission,30(1):44-59, 1994.[21]H.S TICHTENOTH.Algebraic Function Fields and Codes.Springer-Verlag,Berlin,1993.[22]M.S UDAN.Decoding of Reed-Solomon codes be-yond the error-correction bound.Journal of Complexity, 13(1):180-193,1997.[23]M.S UDAN.Decoding of Reed-Solomon codes beyondthe error-correction diameter.Proceedings of the35th Annual Allerton Conference on Communication,Control and Computing,1997.[24]M.A.T SFASMAN,S.G.V L˘ADUT AND T.Z INK.Mod-ular curves,Shimura curves,and codes better than the Varshamov-Gilbert bound.Math.Nachrichten,109:21-28,1982.[25]J.H.V AN L INT.Introduction to Coding Theory.Springer-Verlag,New York,1982.[26]A.V ARDY.Algorithmic complexity in coding theory andthe minimum distance problem.STOC,1997.[27]L.W ELCH AND E.R.B ERLEKAMP.Error correction ofalgebraic block Patent Number4,633,470, issued December1986.。

2024 年 3月第 61 卷第 2 期Mar. 2024Vol. 61 No. 2四川大学学报（自然科学版）Journal of Sichuan University （Natural Science Edition）形式幂级数∏n=0∞(1-x2n)m系数的无界性朱朝熹，赵伟（保密通信全国重点实验室，成都 610041）摘要: 设∏n=0∞(1-x2)为Prouhet-Thue-Morse序列的生成级数.设m≥2为正整数.令F m(x)=(F(x))m=(∏n=0∞()1-x2)m≔∑n=0∞t m(n)x n.2018年，Gawron，Miska和Ulas猜想：当m≥2时序列{t m(n)}∞n=1无界.对于m=3及m=2k的情形，他们通过研究t m(n)的2-adic赋值证明猜想部分成立.本文发展了一种新方法，即由序列{t m(n)}∞n=1的递推关系式得到一类反中心对称矩阵，然后通过计算其相应矩阵的特征值来证明猜想.利用这种方法，本文证明当m=5和6时猜想成立.此外，本文还给出了序列{t5(n)}∞n=1和{t6(n)}∞n=1的无界子列，以及{t5(n)}∞n=1的一个子列的2-adic 赋值表达式，进而证明了另一个关于{t5(n)}∞n=1的2-adic赋值的猜想部分成立.关键词: Prouhet-Thue-Morse 序列；无界性；特征值中图分类号: O156.2 文献标志码: A DOI:10.19907/j.0490-6756.2024.021003On the unboundedness of the coefficients of power series ∏n=0∞(1-x2n)mZHU Chao-Xi， ZHAO Wei（National Key Laboratory of Communication Security， Chengdu 610041， China）Abstract: Let∏n=0∞(1-x2) be the generating function of the Prouhet-Thue-Morse sequence.Let F m(x)=(F(x))m=(∏n=0∞()1-x2)m≔∑n=0∞t m(n)x n.In 2018，Gawron，Miska and Ulas proposed a conjecture on the unboundedness of the sequence{t m(n)}∞n=1 for m≥2. They also proved this conjecture for m=3and m=2k by studying the 2-adic of t m(n)，where k is a positive integer.In this paper，we intro‑duce a new method for this conjecture. In this method， a class of anti-centrosymmetric matrices are firstly ob‑tained by studying the recursive relation of t m(n). Then the conjecture may be proved by calculating the ei‑genvalues of the matrices.In particular，we prove the conjecture for m=5and 6 by presenting unbounded sub-sequences of {t5(n)}∞n=1and{t6(n)}∞n=1. Meanwhile， we also partially prove another conjecture on the 2-adic values of t5(n) by calculating the 2-adic value of a sub-sequence of{t5(n)}∞n=1.Keywords: Prouhet-Thue-Morse sequence； Unboundedness； Eigenvalue（2010 MSC 11R09， 11R04）收稿日期: 2022-09-20基金项目: 保密通信重点实验室基金资助（61421030111012101）作者简介: 朱朝熹（1992―），男，重庆人，博士，主要研究方向为数论及密码学. E-mail: zhuxi0824@通讯作者: 赵伟. E-mail: zhaowei9801@第 61 卷四川大学学报（自然科学版）第 2 期1　IntroductionLet n ∈Z and s 2(n ) be the sum of binary digits function of n ，i.e .，if n =∑i =0s k i 2i， k i ∈{0，1} isthe unique expansion of n in base 2，then s 2(n )=∑i =0s k i .Write the Prouhet -Thue -Morse sequenceas t 1(n )=(-1)s ()n .The Prouhet -Thue -Morse se‑quence has many remarkable properties in combina‑torics on words ，analysis on manifolds ，number theory and even physics ［1-6］.In 2018，Gawron ， Miska and Ulas ［7］ initiatedthe study of the sequence {t m (n )}∞n =1，which is gen‑erated by the coefficient of the power seriesF m (x )=(F (x ))m=(∏n =0∞()1-x 2)m≔∑n =0∞tm(n )xn.They obtained some interesting properties of{t m(n )}∞n =1 and pointed that the sequence{t m(n )}∞n =1is deeply involved into some partitionproblems ［8-10］.Particularly ， they proposed the fol‑lowing two conjectures.Conjecture 1.1［7］ Let m be a positive integerwith m ≥2.Then {t m (n )}∞n =1is unbounded.Conjecture 1.2［7］ For each n ∈N ，we have ν2(t 5(4n +j))=4éêêêùúúúν2()n +12-(ν2(n +1) (mod 2)), j ∈{0,1,2,3},where ν2(n +1) is the 2-adic value of n +1，éêêêùúúúν2()n +12 stands for the minimal integer k such that k ≥ν2()n +12and (ν2(n +1) (mod 2)) is theminimal nonnegative residue of ν2(n +1) modulo 2.Meanwhile ，they also obtained the exact 2-adicvalue of the sequences {t 2(n )}∞n =1and {t 3(n )}∞n =1and further proved that Conjecture 1.1 is true for m =2k and m =3.When m =2，they presented aninteresting conclusion that the equation t 2(n )=k has infinity many solutions for n ∈N +，i.e .，everypositive integer can be found in the expansion of∏n =0∞()1-x 22，where k is a positive integer.In this paper ，we try to prove Conjecture 1.1for m =5，6 and show that Conjecture 1.2 is true for (n ，j )=(2k -1，3).In fact ， we have the follow‑ing results ：Theorem 1.3 The sequence {t m (n )}∞n =1is un‑bounded for m =5 and 6.As a result of Theorem 1.3，we can declaim that Conjecture 1.1 is true for m ≤6 and m =2k .As for Conjecture 1.2， we haveTheorem 1.4 Let k be a positive integer and n =2k -1.We haveν2(t 5(4n +3))=4éêêêêùúúúν2()n +12-(ν2(n +1) (mod 2)).2　Double -cyclic matricesWe introduce a class of double -cyclic matrices which play the key role in the proof of Conjec‑ture 1.1.Definition 2.1 Let n ≡0 (mod 2) be a posi‑tive integer and A =(a ij)n ×nbe a matrix of order n .If a ij =a i +2，j +2 holds for all integers i and j such that 1≤i ≤n -2 and 1≤j ≤n -1，then A is called a double -cyclic matrix.Lemma 2.2［7］Let m be a positive integer.Then t m (0)=1，t m (1)=-m and t m (2n )=∑j =0éëêêùûúúm 2C 2j m t m (n -j ),t m (2n +1)=-∑j =0éëêêùûúúm -12C 2j +1m t m ()n -j ,where we additionally define t m (n )=0 for n ≤0.If m ≡0(mod 2)，then we have from Lemma2.2 thatæèççççççöø÷÷÷÷÷÷t m (2n +1)t m (2n )⋮t m (2n -m +2)=A m æèççççççöø÷÷÷÷÷÷t m (n )t m (n -1)⋮t m (n -m +1)(1)where第 2 期朱朝熹，等： 形式幂级数∏n =0∞(1-x 2)m系数的无界性第 61 卷A m ≔æèçççççççöø÷÷÷÷÷÷÷-C 1m⋯-C m -1mC 0m⋯C m -2m0-C 1m ⋯0 0 0C m m 0 0-C m -1m 0 0⋯⋯⋯C 0m ⋯⋱ ⋱⋱⋯0 -C 1mC m -2m C mm 0⋱⋱⋱-C 3m ⋯-C 1m⋯⋱0⋯0 C 0mC 2m ⋯C m -2mC m mOn the other hand ， if m ≡1 (mod 2) then we haveA m ≔æèçççççççöø÷÷÷÷÷÷÷-C 1m⋯-C m -2m C 0m⋯C m -3m-C 1m ⋯-C mm 0 0C m -1m 0 0-C m -2m -C mm0⋯⋯⋯0 C 0m⋯⋱ ⋱⋱⋯0 -C 1mC m -3m C m -1m0⋱⋱⋱-C 3m⋯-C m -2m⋯⋱-C m m ⋯ 0 C 0mC 2m⋯C m -3mC m -1m One can check that the order of A m is 2[m 2].There are many interesting properties about A m .We present some of them as follows.Proposition 2.3 Let m =p kwith p being anodd prime and k being a positive integer.Thendet (A m )≡0 (mod 2).ProofLet r be an integer with 0≤r ≤m -12.We have C 2r m +C 2r +1m =C 2r +1m +1=m +12r +1C 2rm .Since m +1 is even ， 2r +1 is odd and C 2rm is an in‑teger ， then we haveC 2r m +C 2r +1m =C 2r +1m +1=m +12r +1C 2rm ≡0 (mod 2)(2)Denote by a 1 and a 2 the first and the second row vec‑tors of A m ，respectively.One hasa 1-a 2=(C 0m+C 1m,…,Cm -1m+C m m,0, 0.By （2），it follows that a 1-a 2≡()0，…，0 (mod 2).Therefore ，one can deduce that det (A m )≡0(mod 2).This completes the proof.Proposition 2.4 Let m =p k with p being an odd prime and k being a positive integer.Thendet (A m )≡±1 (mod p ).ProofLet r be an integer with 0<r <p k .Then C r m=p k r C r -1p -1≡0 (mod p ).It is clear thatC 0m =C m m =1≡1 (mod p ).Therefore ，we can findthat there is one and only one element in each row of A m is 1 or -1 modulo p .For the same reason there is one and only one element in each column of A m is 1 or -1 modulo p .Hence ，one can deduce that det (A m )≡±1 (mod p ).So Proposition 2.4 is proved.Since A m is an integer matrix ，then det (A m )must be an integer.By Proposition 2.3，one can de‑duce that det (A m )≠±1.By Proposition 2.4，onecan derive that det (A m )≠0.It then follows that |det (A m)|≥2.This infers there is at least one ofthe eigenvalues λ of A m such that |λ|>1.Proposition 2.5 Let m =p k with p being an odd prime and k being a positive integer.The eigen‑values of A m are pairwise different.Proof Let f (λ)=det (λE -A m )，where E isthe identity matrix.Then we need to prove the poly‑nomial f (λ) has no multiple roots.Noticing that iff (λ)hasmultipleroots ，thenf ˉ(λ)≔f ()λ (mod p ) still has multiple roots ，where f ˉ(λ) isa polynomial over the finite field F p .Now we prove that gcd (f ˉ(λ)，-f ′(λ))=1，where -f ′ is the derivation of f ˉ. By the fact第 61 卷四川大学学报（自然科学版）第 2 期A m -λE =æèçççççççöø÷÷÷÷÷÷÷-C 1m-λ⋯-C m -2m C 0m ⋯ C m -3m0-C 1m ⋯-C mm 0 0C m -1m 00-C m -2m -C mm⋯⋯⋯0 C 0m⋯ ⋱ ⋱ ⋱⋯0 -C 1mC m -3m C m -1m0⋱⋱⋱-C 3m ⋯-C m -2m -λ⋯⋱-C mm⋯ 0 C 0mC 2m ⋯C m -3mC m -1m -λ=æèçççççççöø÷÷÷÷÷÷÷-λ⋯01⋯000⋯-1000000-10⋯⋯⋯1⋯ ⋱⋱⋱ ⋯00 0 00 ⋱ ⋱⋱0 ⋯-λ⋯⋱-1⋯ 0 1⋯0-λ (mod p ),one can derive that f ˉ(λ)=λm -1±1 by the defini‑tion of the determinant.It follows thatgcd (f ˉ(λ), f ˉ′(λ))=gcd (λm -1±1,(m -1)λm -2)=1,as desired.It follows that f ˉ()λ has no multiple roots.This finishes the proof.3　Proof of the main resultsProof of Theorem 1.3 Let d be a positive in‑teger.When m =6，we haveæèççççççççççççöø÷÷÷÷÷÷÷÷÷÷÷t 6(2d n +2d -1)t 6(2d n +2d -2)t 6(2d n +2d -3)t 6(2d n +2d -4)t 6(2d n +2d -5)t 6(2d n +2d-6)=A d 6æèççççççççççççöø÷÷÷÷÷÷÷÷÷÷÷t 6(n )t 6(n -1)t 6(n -2)t 6(n -3)t 6(n -4)t 6(n -5)(3)for any positive integer n by （1），whereA 6=æèççççççççççöø÷÷÷÷÷÷÷÷÷÷-6-20-6115150-6-20 0 0 01 0 0-6 0 0 0 1 150 0 -60 0 1151 0-20-6 01515 1.One can find that all the eigenvalues of A 6 are λ1=1， λ2=4-45， λ3=4+45，λ4=α+3889α-103， λ5=e 4πi 3α+3889αe 2πi 3-103，λ5=e 2πi 3α+3889αe 4πi 3-103，whereα=(+159227)13in the first quartile.Then there exist a matrix T such thatA 6=T æèççççççççççöø÷÷÷÷÷÷÷÷÷÷λ1000λ2000λ30 0 00 0 00 0000 00 0 00 0 0λ4000λ500λ6T -1(4)By （3） and （4），we haveæèççççççççççççöø÷÷÷÷÷÷÷÷÷÷÷t 6(2d n +2d -1)t 6(2d n +2d -2)t 6(2d n +2d -3)t 6(2d n +2d -4)t 6(2d n +2d -5)t 6(2d n +2d-6)=T æèççççççççççöø÷÷÷÷÷÷÷÷÷÷λd 1000λd 2000λd 30 0 00 0 0000 0 00 0 000 0λd 4000λd 5000λd 6T -1æèççççççççççççöø÷÷÷÷÷÷÷÷÷÷÷t 6(n )t 6(n -1)t 6(n -2)t 6(n -3)t 6(n -4)t 6(n -5)(5)It then follows thatt 6(2d -1)=f 1λd 1+f 2λd 2+f 3λd 3+f 4λd 4+f 5λd5+f 6λd 6（6）for some f i ∈C ， i =1，2，3，4，5，6.One can check that |α|=3889 and the argument of α is close to π6.Hence one can derive that |λ6|>|λ5|>|λ4|>|λ3|>|λ2|>|λ1|=1.Since t 6(1)=1，we set d =1.Then we have 1=f 1λ1+f 2λ2+f 3λ3+f 4λ4+第 2 期朱朝熹，等： 形式幂级数∏n =0∞(1-x 2)m系数的无界性第 61 卷f 5λ5+f 6λ6.One can confirm that it is impossible for all of f i ，i =1，2，3，4，5，6，being zero.Let i be thelargest number such that f i ≠0.We havelim d →∞t 6(2d -1)λd i=f i ≠0.so we have the sequence {t 6(2d -1)}∞d =1is un‑bounded.When m = 5， by （1），we haveæèççççççöø÷÷÷÷÷÷t 5(2d n +2d -1)t 5(2d n +2d -2)t 5(2d n +2d-3)t 5(2d n +2d-4)=A d 5æèççççççöø÷÷÷÷÷÷t 5(n )t 5(n -1)t 5(n -2)t 5(n -3)(7)holds for any positive integer n ， whereA 5=æèçççöø÷÷÷-5-10110-1 05 00-50 1 -10-1 105.One can find all the eigenvalues of A 5 is 8，4，-4，-8.Then there exist a matrixT =æèçççöø÷÷÷2-911-131-4-4-131-1192such thatA 5=T æèçççöø÷÷÷-800-400000 00 04008T -1(8)By （7） and （8）， we haveæèççççççöø÷÷÷÷÷÷t 5(2d n +2d -1)t 5(2d n +2d -2)t 5(2d n +2d-3)t 5(2d n +2d-4)=T æèçççöø÷÷÷-800-400000 00 04008T -1æèççççççöø÷÷÷÷÷÷t 5(n )t 5(n -1)t 5(n -2)t 5(n -3)(9)By Lemma 2.2，we have t 5(0)=1，t 5(-1)=0，t 5(-2)=0，t 5(-3)=0. Let n =0.It then fol‑lows from （9） thatt 5(2d -1)=-1964d +3332(-4)d-1168d +124(-8)d(10)Clearly ，we have lim d →∞|t 5(2d -1)|=+∞.This com ‑pletes the proof of Theorem 1.3.Proof of Theorem 1.4 Let d =k +2.It fol‑lows from （10） thatt 5(4n +3)=t 5(2k +2-1)=4k +2×-1+99()-1k +2-6×2k +2+4()-2k +296(11)If k ≡0 (mod 2)，then by the factν2(98)=1<3≤ν2(-6×2k +2+4(-2)k +2)it follows from （10） thatν2()t 5()4n +3=2(k +2)+ν2(-1+99×(-1)k +2-6×2k +2+4(-2)k +2)-ν2(96)=2k =4éêêêêùúúúν2()n +12-(ν2(n +1) (mod 2)).If k ≡1 (mod 2)，then by the factν2(-100)=2<4≤ν2(-6×2k +2+4(-2)k +2)we haveν2(t 5(4n +3))=2(k +2)+ν2(-1+99×(-1)k +2-6×2k +2+4(-2)k +2)-ν2(96)=2k +1=4éêêêêùúúúν2()n +12-(ν2(n +1) (mod 2)),as desired.The proof is end.4　ConclusionsIn 2018，Gawron ， Miska and Ulas proposed aconjecture that the sequence {t m (n )}∞n =1is un‑bounded for m ≥2.They also proved this conjec‑ture for m =3 and m =2k with k being positive inte‑ger by studying the 2-adic value of t m (n ).In this pa‑第 61 卷四川大学学报（自然科学版）第 2 期per，we obtained a class of anti-centrosymmetric ma‑trices A m by studying the recursive relation of t m(n) and introduce a new method to prove this conjecture for m=5and 6 by focusing on the eigenvalues of A m.Thus we conclude that the conjecture is true for m≤6.We also obtain the 2-adic value of a sub-sequence of {t5(n)}∞n=1.Finally，we should point that the anti-centrosymmetric matrices A m play im‑portant role in solving the conjecture and it is quite difficult to determine the eigenvalues for variable m. References:［1］Ding C，Helleseth T，Niederreiter H.Sequences and their applications ［M］.London： Springer， 1999.［2］Allouche J P，Shallit J.Automatic sequences：Theory，application，generalizations ［M］.Cam‑bridge： Cambridge University Press， 2003.［3］Gawron M.A note on the arithmetic properties of Stern polynomials ［J］.Pub Math Debr，2014，85： 453.［4］Mahler K.On a special functional equation ［J］.J London Math Soc， 1940， 15： 115.［5］Ulas M.On certain arithmetic properties of Stern polynomials ［J］.Pub Math Debr， 2011， 79： 55.［6］Ulas M.Arithmetic properties of the sequence of de‑grees of Stern polynomials and related results ［J］.IntJ Number Theory， 2012， 8： 669.［7］Gawron M， Miska P， Ulas M.Arithmetic properties of coefficients of power series expansion of∑n=0∞(1-x2)^t［J］.Monatsh Math，2018，185： 307.［8］Bruijn N G.On Mahler′s partition problem ［J］.Indag Math， 1948， 10： 210.［9］Churchhouse R F.Congruence properties of the bi‑nary partition function ［J］.Proc Cambridge PhilSoc， 1969， 66： 371.［10］Gupta H.Proof of the Churchhouse conjecture con‑cerning binary partition ［J］.Proc Cambridge PhilSoc， 1971， 70： 53.。

关于有限交换环上多项式函数的一个注记(英文)Polynomial function in finite exchange ringPolynomial function, also known as algebraic function or rational function, is an important research content in mathematics. It appears in many important fields such as calculus, linear algebra and engineering mathematics, which directly affects the development of modern science and technology. In this paper, finite exchange ring on polynomial function annotation.In abstract algebra, finite exchange ring refers to the algebraic structure composed of a finite number of elements, in which each element is associated with a corresponding action and is composed of a set of elements under some binaryoperations. It is one of the most important abstract algebra systems.As one of the special forms of finite exchange ring, polynomial function refers to the mathematical expression of the algebraic expression of the finite exchange ring, whichis the execution result corresponding to a certain amount of interest. Specifically, polynomial function is the polynomial expression of the element in the finite exchange ring, andits specific form is the sum of the coefficients multiplied by the multiple base elements of the finite exchange ring.For example, if the finite exchange ring has only two basis elements, 0 and 1, then the polynomial expression of an element in the finite exchange ring is 0 + 0x + 1x^2. That is to say, the coefficient of the finite exchange ring is 0 and the coefficient of 1 is 1.In summary, the polynomial function in the finite exchange ring is a special way of representation of theelement in the finite exchange ring. It is the execution result corresponding to a certain amount of interest, and its specific expression is the sum of the coefficients multiplied by the base elements in the finite exchange ring.。