0.15 MB·

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

SubmittedexclusivelytotheLondonMathematical Society doi:10.1112/0000/000000 Roots of Sparse Polynomials over a Finite Field 6 1 Zander Kelley 0 2 Abstract n Ju fFoirsabot-unnodmedialabfo(xv)e=byP2(tiq=1−ci1x)1a−iε∈CFεq,[wx]h,ewreeεsh=ow1/t(hta−tt1h)eannudmCbeirsothfedissitziencotf,tnhoenlzaerrgoersotoctosseotf in F∗ on which f vanishes completely. Additionally, we describe a number-theoretic parameter 6 q 1 dependingonlyonqandtheexponentsaiwhichprovidesageneralandeasily-computableupper boundforC.WethusobtainastrictimprovementoveranearlierboundofCanettietal.whichis relatedtotheuniformityoftheDiﬃe-Hellmandistribution.Finally,weconjecturethatt-nomials ] T overprime ﬁelds haveonly O(tlogp) roots in F∗p when C =1. N . h t 1. Introduction a m Overtherealnumbers,theclassicalDescartes’Ruleimpliesthatthenumberofdistinct,real [ roots of a t-nomial f(x)=c1xa1 +···+ctxat ∈R[x] is less than 2t, regardless of its degree. It is a natural algebraic problem to look for analogous sparsity-dependent bounds over other 3 ﬁelds that are not algebraically closed. In [3], Canetti et al. derive the following analogue of v Descartes’ Rule for polynomials in F [x]. 8 q 0 2 0 Theorem 1.1. ([3], Lemma 7) For f(x)=c1xa1 +c2xa2 +···+ctxat ∈Fq[x] (with ci 0 nonzero), if R(f) denotes the number of distinct, nonzero roots of f in Fq, then . 2 R(f)≤2(q−1)1−1/(t−1)D1/(t−1)+O (q−1)1−2/(t−1)D2/(t−1) , 0 6 (cid:16) (cid:17) where 1 : D(f)=minmax (gcd(a −a ,q−1)). v i j i j6=i i X r For ϑ∈F∗, the associated Diﬃe-Hellman distribution is deﬁned by the random variable a p (ϑx,ϑy,ϑxy) where x and y are uniformly random over {1,...,p−1}. The Diﬃe-Hellman cryptosystem relies on the assumption that an attacker cannot easily determine ϑxy given the values ofϑ, ϑx,andϑy.In [3], Canettiet al.showedthatDiﬃe-Hellman distributions arevery nearly uniform (which is an important property for the security of the cryptosystem),and the bound in Theorem 1.1 was the central tool which powered their arguments. Since then, the bound has been a useful tool for studying various algorithmic and number- theoreticproblems:in[8]itwasusedtostudythecomplexityofrecoveringasparsepolynomial from a small number of approximate values (which is relevant to the security of polynomial pseudorandom number generators), in [7] it was used to study the singularity of generalized Vandermonde matrices over F , in [1] it was used to study the solutions of exponential q congruences xx =amodp, and in [5] it was used to study the correlation of linear recurring sequences over F . The main result of this paper is a new bound (Theorem 2.3 of Section 2 2 2000Mathematics SubjectClassiﬁcation00000. Page 2 of 9 ZANDERKELLEY below)improvingTheorem1.1byremovingtheasymptotictermandreplacingD byasmaller, intrinsic parameter. 2. Statement of Results Morerecentlyin[2],Bi,Cheng,andRojasstudiedthecomputationalcomplexityofdeciding whether a t-nomial f has a root in F∗. They gave a sub-linear algorithm for this problem; we q give a rough sketch here. First, they eﬃciently replace any instance with a t-nomial of degree bounded by 2(q−1)1−1/(t−1) (while preserving the answerto the decisionproblem), and then theycomputethegreatestcommondivisorofthis instanceandxq−1−1,whichcanbedonein time proportional to the degree of the instance. As a result of their investigation, they derive the following characterizationof the roots of a sparse polynomial in F [x]. q Theorem 2.1. ([2], Theorem 1.1) For f(x)=c1xa1 +c2xa2 +···+ctxat ∈Fq[x], deﬁne δ(f)=gcd(a ,a ,...,a ,q−1). The set of nonzero roots of f in F is the union of no more 1 2 t q than q−1 1−1/(t−1) 2 δ (cid:18) (cid:19) cosets of two subgroups H ⊆H of F∗, where 1 2 q |H |=δ and |H |≥δ1−1/(t−1)(q−1)1/(t−1). 1 2 This result does not immediately yield any bound on the number of roots R(f) since there is no upper bound given for the size of the H -cosets. However, if for some reason we were 2 assured that the set of roots was a union of only H -cosets, we could conclude 1 1−1/(t−1) q−1 R(f)≤δ·2 =2(q−1)1−1/(t−1)δ1/(t−1), δ (cid:18) (cid:19) which is an improvement on Theorem 1.1 since it can be easily checked that δ(f)≤D(f) always. Theorem 2.2. For f(x)=c1xa1 +···+ctxat ∈Fq[x] (with ci nonzero), deﬁne S(f):={k|(q−1) : for all i, there is a j 6=i with a ≡a modk}. i j If f vanishes completely on a coset of size k, then k ∈S(f). Proof. For some generator g of F∗q, let αhgq−k1i denote a coset of the unique subgroup of orderk in F∗, and let β =αk. The members of this cosetare exactly the roots of the binomial q xk−β. So, f vanishes completely on this coset if and only if (xk −β)|f, or equivalently if f ≡0mod(xk−β). To see when this happens, we view f in the ring F [x]/hxk−βi. In this ring, we have the q relation xk ≡β, so if each a has remainder r modk, then i i f ≡c β⌊a1/k⌋xr1 +···+c β⌊at/k⌋xrt mod (xk−β). 1 t Nowf mightbeidenticallyzero(inthisring)sincether ’sarenotnecessarilydistinct.However, i there is one obvious barrier to this: if just one r is unique, then f in particular contains i the nonzero monomial (ciβ⌊ai/k⌋)xri. f ≡0 requires that each remainder ri has at least one ROOTSOFSPARSEPOLYNOMIALSOVERAFINITEFIELD Page 3 of 9 “partner” r =r so that monomials can cancel. Therefore (xk−β)|f implies that, for each j i i∈{1,2,...,t}, there is some j 6=i with a ≡a modk. i j ThusS(f)liststhesizesofcosetsonwhichf mightpossiblyvanishcompletely.Forexample, if a =0 and the other exponents a are all prime to q−1 then S(f)={1}, and so it is 1 i>1 structurally impossible for f to vanish completely on any nontrivial coset, regardlessof choice of coeﬃcients c ∈F∗. On the other hand whenever k∈S(f), there is some choice of c ∈F∗ i q i q so that f does indeed vanish completely on a given coset of size k. When max(S)<δ1−1/(t−1)(q−1)1/(t−1), Theorem 2.2 can be combined with Theorem 2.1 to get a bound on R(f) by ruling out the possibility of H -cosets. If max(S) is any larger, 2 Theorem 2.1 is no longer helpful; the most we can conclude is that 1−1/(t−1) 1−1/(t−1) q−1 q−1 R(f)≤|H |·2 ≤max(S)·2 , 2 δ δ (cid:18) (cid:19) (cid:18) (cid:19) which is worse than trivial: R(f)<q−1. However, S(f) turns out also to be independently useful for deriving sparsity-dependent bounds. Theorem 2.3. Let f(x)=c1xa1 +···+ctxat ∈Fq[x] (with ci nonzero), and let δ(f) be deﬁned as above, and let C(f) denote the size of the largest coset in F∗ on which f vanishes q completely. If R(f) denotes the number of distinct, nonzero roots of f in F∗, then we have q R(f)≤2(q−1)1−1/(t−1)C1/(t−1), and furthermore if C <δ1−1/(t−1)(q−1)1/(t−1), then R(f)≤2(q−1)1−1/(t−1)δ1/(t−1). ThisresultisastrictimprovementonTheorem1.1,since,aswewillsee,D(f)isinparticular an upper bound for S(f) and therefore also for C(f). In fact, we can get another easily computable upper bound for S(f) that is in general tighter than D(f). Proposition 2.4. For f(x)=c1xa1 +···+ctxat ∈Fq[x] deﬁne the parameters δ(f)=gcd(a ,a ,...,a ,q−1) 1 2 t D(f)=minmax (gcd(a −a ,q−1)) i j i j6=i Q(f)=gcd lcm (gcd(a −a ,q−1)) i j i j6=i K(f)=minmax (gcd(a −a ,Q)) i j i j6=i These parameters relate to S(f) as follows. – δ(f)∈S(f). – For all k∈S(f), k|Q(f). – D(f), Q(f), and K(f) are all upper bounds for S(f), and K(f)≤min(D(f),Q(f)). 3. Optimality of the Bound Since the polynomialwhich deﬁnes a given function on F∗ is unique only up to equivalence q mod xq−1−1, we restrict our attention to polynomials with degree less than q−1. Thus we ﬁx the following notation.Recall that C(f)≤1 indicates that f does not vanish onany entire coset of any nontrivial subgroup of F∗. q Page 4 of 9 ZANDERKELLEY – F(q)={f ∈F [x] : degf <q−1} – F (q)={f ∈F(q) : C(f)≤1} q 1 – F(q,t)={f ∈F(q) : f has t terms} – F (q,t)={f ∈F (q) : f has t terms} 1 1 – F(q,t,r)={f ∈F(q,t) : R(f)=r} – F (q,t,r)={f ∈F (q,t) : R(f)=r} 1 1 In this section, we consider the possibility that the bound in Theorem 2.3 can be improved. Consider the binomial f(x)=x(q−1)/2+1. When q is odd, this binomial vanishes at every non-square in F∗, and consequently R(f)=C(f)=(q−1)/2. More generally, when (q−1) is q divisiblebyt,thet-nomialf(x)=(xq−1−1)/(x(q−1)/t−1)vanishesont−1cosetsofsize(q− 1)/t, and so R(f)=(q−1)(1−1/t). These examples show that there is no hope to improve the bound in Theorem 2.3 by removing the dependence on C(f). However, the proportion of polynomials with C(f)>1 is small, so it may be worthwhile to search for improved bounds for f ∈F (q). 1 Proposition 3.1. |F(q)\F (q)| 1 1 =O . |F(q)| q (cid:18) (cid:19) Proof. If f ∈F(q) vanishes on a nontrivial coset, then it vanishes on a coset of prime order. Thus we can bound the number of such f ∈F(q) by counting polynomials of the form q−2−p (xp−β) c xj, j j=0 X where p divides q−1 and β lies in the subgroup of F∗ of size (q−1)/p. Thus the proportion q of f with C(f)>1 is bounded by 1 q−1 1 logq qq−1−p ≤ q1−p ≤q−1+ q1−p = +O . |F(q)| p q q2 pX|q−1(cid:18) (cid:19) pX|q−1 pX|q−1 (cid:18) (cid:19) p>2 Note that we have used the well-known fact that the number of distinct prime factors of an integer n is bounded by logn. In [4], the authors investigate the existence of sparse polynomials with many roots. When q is a t-th power, they give the t-nomial f(x)=1+ t−1x(qi/t−1)/(q1/t−1) ∈F [x], which has i=1 q R(f)≥q1−2/t.Furthermore,whent isprimetheyshowthatD(f)≤t/2.Inthe casewhenq is anoddsquare,theauthorsof[6]givethetrinomialf(xP)=xq1/2 +x−2whichhasR(f)=q1/2, anditis shownthat C(f)=1.Thus,bothexamples areable to attaina largenumber ofroots in F∗ without vanishing on a large coset, and they show that the O(q1−1/(t−1)) bound from q Theorem 2.3 is nearly optimal in the general setting. However, these examples both share a special property - they vanish on entire translations of a subspace of F . We are unaware of q any example of a sparse polynomial which has a large number of roots in “general position.” Consequently, we propose that a much better bound is possible for the special case of prime ﬁelds F , which have no proper subﬁelds. p LetR =max{R(f) : f ∈F (p,t)}.ObviouslyR =0andR =1,becausemonomials p,t 1 p,1 p,2 havenorootsinF∗,andabinomialdeﬁnesacosetinF∗ ifithasarootatall.Wehavechecked p p by computer that the following inequalities hold. – R <1.8logp for p≤139571 p,3 – R <2.5logp for p≤907 p,4 – R <2.9logp for p≤101 p,5 ROOTSOFSPARSEPOLYNOMIALSOVERAFINITEFIELD Page 5 of 9 Therefore, the current bound of R =O p1−1/(t−1) appears to be far from optimal for t- p,t nomials over F which do not vanish on a nontrivial coset. p (cid:0) (cid:1) Itiseasytoseethattheproportionofpolynomialsf ∈F(p)whichhaveR(f)=risbounded by 1/r!. Indeed, simply count the proportion of polynomials of the form r p−2−r (x−α ) c xi , i i ! ! i=1 i=0 Y X with α ∈F∗ distinct, which gives i p p−1 pp−1−r p−1 1 1 r = ≤ . |F(p)| r pr r! (cid:0) (cid:1) (cid:18) (cid:19) With this in mind, we propose that the observed logarithmic behavior of R can be p,t explained by the following heuristic. Let t(f) denote the number of nonzero terms of f. R(f) and t(f) are statistically independent properties of a random f ∈F (p). 1 This heuristic does not hold precisely, but it motivates the following conjecture, which captures the sentiment while allowing for some error. Conjecture 3.2. There exists a constant γ >0 such that γ |F (p,t,r)| 1 1 ≤ |F (p,t)| r! 1 (cid:18) (cid:19) for all p prime, t∈N, and r ∈N. We have checked by computer that the inequality in Conjecture 3.2 holds with γ =1/2 for all r ∈N in the following cases. – t=3, p≤30977 – t=4, p≤907 – t=5, p≤101 Theorem 3.3. If Conjecture 3.2 is true, then R =O(tlogp). p,t Proof. Suppose Conjecture 3.2 is true. Then we have γ 1 |F (p,t,r)|≤|F (p,t)| ≤p2t/(r!)γ. 1 1 r! (cid:18) (cid:19) If p2t/(r!)γ <1 then the set F (p,t,r) is empty, so we must have p2t/(R !)γ ≥1, or 1 p,t equivalently, log(R !)≤log(p2t/γ). Applying Stirling’s approximation, we get p,t R ≤R logR ∼log(R !)≤(2/γ)tlogp=O(tlogp). p,t p,t p,t p,t For a more detailed account of the computational and heuristic support for the conjectural logarithmic bound in the case of trinomials, see [4] and [6]. Page 6 of 9 ZANDERKELLEY 4. Proofs Thegeneralstrategyemployedhere(andinboth[2]and[3])forobtainingsparsity-dependent bounds on R(f) can be loosely sketched as follows. Consider integers e prime to q−1, which havethe propertythatthemapx7→xe isabijectiononF∗.Since x7→xe simplypermutesthe q elements of F∗, we have R(f(x))=R(f(xe)). Furthermore, f(xe) is equivalent (as a mapping q on F∗q) to any g(x)=c1xb1 +···+ctxbt with bi ≡eai mod(q−1). Thus the basic idea is to ﬁndsomeesothattheremaindersofea mod(q−1)areallsmall,yieldingag ofsmalldegree, i and so R(f)=R(g)≤deg(g). The following lemma, a fact about the geometry of numbers, will be our main tool for achieving the desired degree reduction. Lemma 4.1. Fix the natural numbers a ,a ,...,a ,N. If n≤N/gcd(a ,a ,...,a ,N), 1 2 t 1 2 t there is an e∈{1,2,...,n−1} and a v ∈NZt so that 0< max |ea +v |≤N/n1/t. i i 1≤i≤t Proof. Considerthevectorsl =i(a ,...,a )=(ia ,...,ia )∈(R/NZ)tfori∈{1,2,...n}. i 1 t 1 t Letk·k denotethestandardinﬁnitynormonRt.Wewishtoviewthesevectorsgeometrically ∞ as points in Rt, but they are only deﬁned up to equivalence in (R/NZ)t, so deﬁne klk = min kl+vk , N ∞ v∈NZt whichgivesthe smallestnormofanyrepresentativeofthe equivalenceclassl+NZt viewedas apoint inRt (equivalently, klk givesthe distance froml to the nearestlattice pointin NZt). N Suppose that d=minkl −l k . j i N i6=j Since the vectors are all at least d apart, the sets B ={x∈(R/NZ)t : kx−l k <d/2} i i N are disjoint, so each l sits in its own personal box of volume dt. We may choose to represent i these n disjoint sets uniquely in the fundamental domain [0,N)t, which has volume Nt. Therefore we have a total volume of n·dt sitting in a volume of Nt; we conclude that d≤N/n1/t. Note that the modular deﬁnition of distance is crucial here; consider instead n points in [0,N]t that are d-separated only in the standard l metric. A volume-packing argument ∞ becomes more complicated in this case because the box around a point near the boundary may lie partly outside [0,N]t (it doesn’t “wrap around”), and so some points do not absorb a full dt worth of volume from [0,N]t. To ﬁnish, we ﬁnd i,j (with 1≤i<j ≤n) so that kl −l k =d and set l =l =(j− j i N e (j−i) i)(a ,...,a )=l −l . We have 1 t j i kl k = min k(ea ,...,ea )+vk ≤N/n1/t, e N 1 t ∞ v∈NZt and e satisﬁes 1≤e≤n−1. The subgroup of (Z/NZ)t generated by (a ,...,a ) has 1 n order N/gcd(a ,...,a ,N)≥n. Since 0<e<n, e(a ,...,a )6≡(0,...,0)∈(Z/NZ)t, which 1 t 1 n veriﬁes that kl k >0. e N Lemma 4.1 and its proof are extremely similar in spirit to the argument used by Canetti et al. in [3]. They also viewed the n vectors as points in [0,N)t, but to ﬁnd a pair of nearby ROOTSOFSPARSEPOLYNOMIALSOVERAFINITEFIELD Page 7 of 9 points they partitioned the hypercube into <n equally-sized sub-cubes and appealed to the pigeonhole principle. Here we were able to avoid this discretization of space which lead to the small asymptotic term appearing in Theorem 1.1, which turns out to be unnecessary. Proof of Theorem 2.3. The second claim is immediate from Theorem 2.1, since there can be no H -cosets of roots. We now prove the ﬁrst claim. 2 Let f(x)=c1xa1 +c2xa2 +···+ctxat ∈Fq[x] with ci nonzero, and let C denote the size of the largestcosetin F∗ on which f vanishes completely. For our purposes, we may assume that q a =0, since otherwise we can write 1 f(x)=xa1f˜(x) f˜(x)=c +c xa2−a1 +···+c xat−a1, 1 2 t showingthatf hasarootatzero,butitsnonzerorootsarejusttherootsoff˜,soR(f)=R(f˜) and C(f)=C(f˜). Therefore we continue assuming that a =0. 1 Consider δ(f)=gcd(a2,...,at,q−1). The nonzero roots of f(x)=c1+c2xa2 +···+ctxat are in one-to-one correspondence with the solutions of the system c +c ya2/δ+···+c yat/δ =0 y ∈hgδi 1 2 t xδ =y x∈F∗ q Iff hasnorootsinF∗ thenourboundisofcoursetrue,sosupposethissystemhasatleastone q solution(y ,x ).Theninfactthesystemhasatleastδsolutionsandf vanishesonthecoset{x : 0 0 xδ =y }.ThisallowsustoconcludethatC ≥δ,andso q−1 ≤(q−1)/gcd(a ,...,a ,q−1). 0 C 2 t Therefore we can apply Lemma 4.1 to ﬁnd an e∈{1,2,...,q−1 −1} and a v ∈(q−1)Zt−1 (cid:0) (cid:1) C so that 1/(t−1) q−1 0<k(ea ,...,ea )+vk ≤(q−1)/ . 2 t ∞ C (cid:18) (cid:19) Suppose k =gcd(e,q−1)=1. Then the mapping x7→xe is a bijection on F∗ that simply q re-orders the elements of F∗, thus R(f(x))=R(f(xe)). We are interested in f(xe) only as a q functiononF∗ (ratherthanasaformalobjectinF [x]), andsinceF∗ isagroupoforderq−1, q q q this function is notchangedby shifting its exponents byv ∈(q−1)Z.Thuswe mayrepresent i the function f(xe) as the (possibly Laurent) polynomial f(xe)=c +c xea2+v2 +···+c xeat+vt, 1 2 t which satisﬁes 0<M = max|ea +v |≤(q−1)1−1/(t−1)C1/(t−1). i i 1≤i≤t Again we are only interested in nonzero roots; note that R(f(xe))=R(xMf(xe)). Since xMf(xe) is an honest polynomial in F [x] with non-negative exponents, we have R(f)= q R(xMf(xe))≤deg(xMf(xe))≤2M and we are done. However,wemighthavek =gcd(e,q−1)>1.Inthiscasex7→xe isnotabijection-ittakes F∗ =hgi to a smaller subgroup hgei=hgki of size q−1 . However, we can still cover F∗ by k q k q cosets of this subgroup. We have (cid:0) (cid:1) k−1 1 R(f(xe))= R(f(gixe)), k i=0 X sinceF∗ = k−1gihgei,andxe =y hask solutionsforeachy ∈hgei.Nowwerepeatourearlier q i=0 tricks and arrive at S k−1 1 R(f)≤ deg(xMf(gixe))≤2M, k i=0 X Page 8 of 9 ZANDERKELLEY except that we must be careful that no f(gixe) is identically zero, preventing us from using degree to bound root number. If f(gixe) is identically zero then f vanishes completely on the coset gihgei=gihgki of size q−1 . However, since k =gcd(e,q−1)≤e< q−1 , we have k C (cid:0) (cid:1) q−1 q−1 (cid:0) (cid:1) > =C, k q−1 C sothisisimpossiblebythedeﬁnitionofC;the(cid:0)coset(cid:1)saretoolargeforf tovanishoncompletely. Proof of Proposition 2.4. For f(x)=c1xa1 +···+ctxat ∈Fq[x], we have the following equivalent deﬁnitions for S: S(f)={k|(q−1) : ∀i,∃j 6=i such that a ≡a modk} i j ={k|(q−1) : ∀i,∃j 6=i such that k|(a −a )} i j ={k∈N : ∀i,∃j 6=i such that k| gcd(a −a , q−1)} i j t = {k ∈N : k| gcd(a −a , q−1)}. i j i=1j6=i \ [ Clearlyby the seconddeﬁnition we haveδ(f)=gcd(a ,a ,...,a ,q−1)∈S.Fromthe fourth 1 2 t deﬁnition we can get an upper bound for S by passing to the superset t {k ∈N : k ≤gcd(a −a , q−1)}⊇S, i j i=1j6=i \ [ which has maximal element D =minmax (gcd(a −a ,q−1)). i j i j6=i Alternatively, by considering a diﬀerent lattice structure on the integers, we can pass to the superset t {k ∈N : k| gcd(L ,q−1))}={k∈N : k|Q}⊇S, j i=1 \ where L =lcm(a −a ,...,a −a ,a −a ,...,a −a ), i i 1 i i−1 i i+1 i t Q=gcd(L ,...,L ,q−1)=gcd lcm (gcd(a −a ,q−1)). 1 t i j i j6=i Sincewenowknowthat,intheend,anymemberofS mustbeadivisorofQ,wecanredeﬁne S (equivalently) using a smaller ambient space: S(f)={k|Q : ∀i,∃j 6=i such that k|(a −a )} i j t = {k∈N : k| gcd(a −a , Q)} i j i=1j6=i \ [ t ⊆ {k∈N : k ≤gcd(a −a , Q)}. i j i=1j6=i \ [ Considering the maximal element of this last superset of S gives the ﬁnal upper bound K =minmax (gcd(a −a ,Q)), i j i j6=i which is obviously no larger than either D or Q. ROOTSOFSPARSEPOLYNOMIALSOVERAFINITEFIELD Page 9 of 9 Acknowledgement I would like to thank my advisor, Dr. J.M. Rojas, for introducing me to this problem, and the Texas A&M Supercomputing Facility for access to computational resources. References 1. Balog, Antal; Broughan, Kevin; and Shparlinski, Igor E.“On the number of solutions of exponential congruences”. ActaArithmetica,148(1). pp.93-103.ISSN 0065-1036(print),1730-6264(online) 2. Bi,Jingguo; Cheng, Qi;andRojas,J. Maurice.“Sub-Linear Root Detection, andNew Hardness Results, forSparsePolynomialsOverFiniteFields.”proceedingsofISSAC(InternationalSymposiumonSymbolic andAlgebraicComputation, June26-29,Boston,MA),pp.61-68,ACMPress,2013. 3. Canetti, Ran; Friedlander, John B.; Konyagin, Sergei; Larsen, Michael; Lieman, Daniel; and Shparlinski, IgorE.“OnthestatisticalpropertiesofDiﬃe-Hellmandistributions.”IsraelJ.Math.120(2000),pp.2346. 4. Cheng, Qi; Gao, Shuhong; Rojas, J. Maurice; and Wan, Daqing. “Sparse Univariate Polynomials with ManyRootsOverFiniteFields.”arXivpreprintarXiv:1411.6346(2014). 5. Friedlander,John;Larsen,Michael;Lieman,Daniel;andShparlinski,IgorE.“Onthecorrelationofbinary M-sequences.”Designs,CodesandCryptography16,no.3(1999): 249-256. 6. Kelley, Zander; and Owen, Sean. “Estimating the Number Of Roots of Trinomials over Finite Fields.” arXivpreprintarXiv:1510.01758(2015). 7. Shparlinski, Igor E. “On the singularity of generalised Vandermonde matrices over ﬁnite ﬁelds.” Finite FieldsandTheirApplications11,no.2(2005): 193-199. 8. Shparlinski,IgorE.“Sparsepolynomialapproximationinﬁniteﬁelds.”InProceedings ofthethirty-third annualACMsymposiumonTheoryofcomputing,pp.209-215.ACM,2001.

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.