On the Multidimensional Distribution of Numbers Generated ... · e(X + X 1; ) = Xe + eX e. I D f (D...

On the Multidimensional Distribution of NumbersGenerated by Dickson Polynomials

Domingo Gomez

University of Cantabria

Domingo Gomez University of Cantabria

On the Multidimensional Distribution of Numbers Generated by Dickson Polynomials

Notation

Let p be a prime number, ep(x) = exp(2πIx/p) and Fp the finitefield with p elements,{0, . . . , p − 1}. X1, . . . ,Xk will denoteindeterminates and Fp[X1, . . . ,Xk ] will denote the ring ofpolynomials with coefficients in Fp over X1, . . . ,Xk .



Problem

Generate sequences (un) un ∈ Fkp , with good pseudorandom

properties.

I Good distribution properties;

I Difficult to predict;

I Easy to generate.



Pseudorandom Number Generators

Each element, un = (un,1, . . . , un,k) is defined by the followingrecurrence,

un+1,i = Fi (un,1, . . . , un,k), i = 1, . . . , k , n = 0, 1, . . .

For short, we will write,

un = F(un−1)



Pseudorandom Number Generators

Also, we introduce the following notation,

F(n+1)i (X1, . . . ,Xk) = Fi (F

(n)1 (X1, . . . ,Xk), . . . ,F

(n)k (X1, . . . ,Xk)),

F (n) = {F (n)1 , . . . ,F

(n)k }.

Another way of defining the sequence (un) is,

un = F (n)(u0).



Results in the Multivariate Case

I NonLinear PRNG of Higher orders (Ostafe, Pelican,Shparlinski);

I Recursive PRNG based on Rational Functions (Ostafe,Shparlinski) generalizes Inversive Generator(Niederreiter,Rivat);

I Multivariate generalisation of the Power Generator (Ostafe,Shparlinski).

I Multivariate version of the Dickson Generator?



Dickson Polynomials

Denoted by De(X , α)

De+2(X , α) = XDe+1(X , α)− αDe(X , α)

with

D0(X , α) = 2, D1(X , α) = X .



Properties of Dickson Polynomials

I De(X + αX−1, α) = X e + αeX−e .

I Df (De(X + αX−1, α), αe) = X ef + αef X−ef .

I De(x1, x21α) = xe

1De(1, α).

I If gcd(e, p2 − 1) = 1, then De(X , α) is a permutationalpolynomial.



Construction for k = 2

Take gcd(e, p2 − 1) = 1, define F = {F1(X1,X2),F2(X2))} where

F1(X1,X2) = De(X1,X2),

F2(X2) = X e2 .



Construction for k = 2

Now, we notice that

F(n)1 (X1,X2) = Den(X1,X2),

F(n)2 (X2) = X en

2 .



Exponential Sums with This Generator

We start defining,

Sa1,a2(N) =N−1∑n=0

ep(a1un,1 + a2un,2)

and notice that∣∣∣∣∣Sa1,a2(N)−N−1∑n=0

ep(a1un+k,1 + a2un+k,2)

∣∣∣∣∣ ≤ 2k.




For any set of integers K whose maximum is K ≥ 1,

(#K)|Sa1,a2(N)| ≤W + (#K)K ,

where

W =N−1∑n=0

∣∣∣∣∣∑k∈K

ep (a1un+k,1 + a2un+k,2)

∣∣∣∣∣ .




We use the Cauchy inequality to obtain

W 2 ≤ NN−1∑n=0

∣∣∣∣∣∑k∈K

ep (a1un+k,1 + a2un+k,2)

∣∣∣∣∣2

≤ N∑k,`∈K

∑x1,x2∈Fp

ep(

a1(Dek (x1, x2)− De`(x1, x2))− a2(xek2 − xe`

2 ))




To bound this sum∣∣∣∣∣∣∑

x1,x2∈Fp

ep(

a1(Dek (x1, x2)− De`(x1, x2))− a2(xek2 − xe`

2 ))∣∣∣∣∣∣ .

we notice that the following application,

x2 7→ x21x2,

is invertible if x1 6= 0. Making that substitution, we also notice that

Dek (x1, x2x21 ) = xek

1 Dek (1, x2), De`(x1, x2x21 ) = xe`

1 De`(1, x2).



A Technical Lemma

Lemma (Friedlander,Hansen,Shparlinski)

For any set K ⊂ Zt , containing only units of Zt of cardinality K,any fixed δ > 0 and any integer h ≥ tδ there exists an integer rgcd(r , t) = 1, such that the number of solutions of the congruenceLr (h),

rk ≡ y (mod t), k ∈ K, 0 ≤ y ≤ h − 1,

satisfies that is greater than certain constant times Kh/t.




So, we apply last lemma with

t = p−1, K′ = {ek (mod p−1) | k = 0, 1, . . .}, h = p3/4T−1/2

where T is the multiplicative order of e modulo p − 1. Now, applythe transformation x1 7→ x r

1 here∑x1,x2∈Fp

ep(a1(x rek1 Drek (1, x2)− x re`

1 Dre`(1, x2))

− a2((x2r1 x2)e

k − (x2r1 x2)e

`))




So, we apply last lemma with

t = p−1, K′ = {ek (mod p−1) | k = 0, 1, . . .}, h = p3/4T−1/2

where T is the multiplicative order of e modulo p − 1. Now, applythe transformation x1 7→ x r

1 here∑x1,x2∈Fp

ep(a1(xh11 Drek (1, x2)− xh2

1 Dre`(1, x2))

− a2(x2h11 (x2)e

k − x2h21 (x2)e

`))




If k = ` then we use the trivial bound, otherwise, we use the Weilbound and this gives (#K)2hp3/2 + #Kp2. Substituting,

|Sa1,a2(N)| = O(N1/2T−1/4p9/8).



Remarks

I The previous bound is not trivial when N ≥ p;

I The multiplicative order of e modulo p − 1 must be large aswell;

I A bound for the exponential sum gives a bound for thediscrepancy using standard techniques. In this case,O(N−1/2T−1/4p9/8 log2(N)).



Further Remarks

The multivariate power generator admits a more general form thatsimple monomials, with multipliers and shifts. Also the bounds forexponential sums are better than in this case.



Even Further Remarks

The generalisation for k ≥ 3 should be done using multivariateDickson polynomials. The construction is very similar butunfortunately there are some technical difficulties in the proof ofbounds for the corresponding exponential sums.



Open Problems

These are the open problems

I Is there a way to improve the bound of the exponential sum?

I Is there a generalisation for pseudorandom number generatorswith Dickson polynomials for k > 2?

I Is it possible to add multipliers and still get a good lowerbound?



On the Multidimensional Distribution of Numbers Generated ... · e(X + X 1; ) = Xe + eX e. I D f (D...

Documents

Transcript of On the Multidimensional Distribution of Numbers Generated ... · e(X + X 1; ) = Xe + eX e. I D f (D...