Weils bounds and basic notions in Algebraic Geometry

Notes by
Ariel Gabizon

and Anat Paskin-Cherniavsky

February 21, 2012

1 Lecture 1 - Weils Bound for the Quadratic Character and its
applications
1.1 administrative
This is an informal course, should take about 8 weeks. If you want credit let me know and a
project/talk for credit can be arranged.
Notation: F
q
-nite eld of q elements. F

q
= F
q
0 We assume q is odd.
Denition 1. We say a F

q
is a quadratic residue if b F
q
such that b
2
= a.
Denition 2. We dene the quadratic character : F
q
1, 0, 1 by
(a) = 1 if a is a q.r., 1 if a ,= 0 is not a q.r. and 0 if a = 0.
Claim 1.1.
(a) = a
q1/2
Proof. Let g be a generator of F
q
. So F

q
= g, g
2
, . . . , q
q1
= 1. It is easy to check, using the fact
that q is odd, that the q.rs are exactly the even powers of g. Given a ,= 0, write a = g
l
.
a
q1
2
= g
l
q1
2
= 1 l
q 1
2
[l 2[l.
Corollary 1.
a, b F
q
(a) (b) = (a b).

Department of Computer Science, Technion, Israel. [email protected]

Department of Computer Science, Technion, Israel. [email protected]

1
Another way to see that exactly half of F

q
are q.r.s, which will be relevant later, is the following:
Dene g(x) = x
q1
2
1. Any q.r. is a root of g thus there are at most (q 1)/2 q.r.s. A tight lower
bound is derived similarly.
Let f(x) be a polynomial of degree d such that f(x) ,= c g(x)
2
for any c F
q
, g F[x]. For how
many as is f(a) a q.r.? Weils Theorem tells us that when d << q, for approximately q/2.
Theorem 2 (Weil). For f as above,
[

aFq
(f(a))[ (d 1)

q.
2 Applications to explicit constructions
In this section we consider two applications of Weils theorem. The exposition is based on a survery
of Noga Alon [1], where the second application is not explicitly given there (or anywhere in the
literature that we are aware of).
Tournaments.
Denition 3. A tournament T
n
on n nodes is an orientation of the complete graph. That is, for every
x ,= y exactly one of (x, y) and (y, x) is an edge.
We say that x dominates y in T
n
if (x, y) is an edge. The following question was asked by
Sch utte:
Sch uttes Problem Given integer k, does there exist n = n(k) and a tournament T
n
on n nodes
such that:
For every set S of k nodes there is a node y / S such that y dominates every x in S.?
Erd os using the probabilistic method showed in 1965 that n = O(k
2
2
k
). In 1971 Graham and
Spencer gave an explicit construction of the desired tournament with n = O(k
2
2
2k
).
Construction: Let q be an odd prime power with q 3 mod 4. Dene a tournament T
q
by :
Nodes - the elements of F
q
(x, y) is an edge iff x y is a q.r.
Note that this indeed denes a tournament as
(x y) = (1) (y x) = (y x)
where the last equality uses q 3 mod 4
Theorem 3. When q 2k
2
2
2k
T
q
is a solution to Sch uttes Problem.
2
Proof. Given S = a
1
, . . . , a
k
F
q
, we want to nd y F
q
S such that
1 i k (y a
i
) = 1.
Let
g(S)

yFq\S
k

i=1
(1 + (y a
i
)).
It is enough to show g(S) > 0. Let
h(S)

yFq
k

i=1
(1 + (y a
i
)).
so
g(S) = h(S)
k

j=1
k

i=1
(1 + (a
j
a
i
)).
Therefore g(S) h(S) k 2
k
and it is enough to show h(S) > k 2
k
.
h(S) = q +

, =T[k]

yFq

iT
(y a
i
).
For , = T [k] denote by h
T
the summand relating to T. That is h
T
=

yFq

iT
(y a
i
) then
[h
T
[ =

yFq
(

iT
y a
i
) ([T[ 1)

q,
where the last inequality follows from Theorem 2. so
h(S) q (k 1) 2
k

q =

q(

q (k 1) 2
k
) > k 2
k
,
when q 2k
2
2
2k
.
Dispersers. A two-source (e
1
, e
2
)-disperser is a function D : X Y Z, such that if x is taken
from a distribution supported by a subset S
X
X of size e
1
, and y from an independent distribution
supported by S
Y
Y of size e
2
, then D(x, y) is non-constant.
1
Dispersers are in particular useful
in constructing extractors, which are similar objects, where the output distribution is not only non-
constant, but also close to uniform on the output domain. The latter, in turn, are very useful objects
in computer science. We suggest the following disperser construction and analyze its parameters.
Theorem 4. Let F
q
denote a eld of size q 3 mod 4. The Caley-graph based two-source disperser
D(x, y) : F
q
F
q
1, 1 is dened by D(x, y) = (x y). It can be shown that D(x, y) is a
(

O(log q),

O(

q))-disperser.
1
The standard denition of dispersers is based on a related notion of min-entropy, rather than support size, but this
is sufcient for our purposes.
3
Proof. Let S
X
denote a set of x values and S
Y
a set of y values, of sizes s
x
, s
y
respectively (to be
decided later). Assume for contradiction that D(S
x
, S
Y
) is constant. Assume wlog. that it is the
constant 1. Consider the following expression:
p
S
X
,S
Y
=

yS
Y

xS
X
(1 + (x y)) (1)
On the one hand, by our assumption, p
X,Y
= s
y
2
sx
, since if (x y) = 1, (1 + (x y)) = 2,
and this is the case for all (x, y) S
x
S
y
. On the other hand, let us bound the right hand side of
Equation 1. We have:
p
S
X
,S
Y
=

yS
Y

xS
X
(1 + (x y))
(1)

yFq

xS
X
(1 + (x y)) =

TS
X
_
s
x
[T[
_

yFq

xT
(x y)
q + 2
sx

T,=S
X

yFq

xT
(x y)
(2)
q + 2
sx

T,=S
Y

yFq
(

xT
(x y))
(3)
q + 2
sx

q(s
x
1)
Intuitively, the key observation, allowing us to use Weils theorem is transition
(1)
, which in turn
holds since

xS
X
(1 + (x y)) is non-negative for all y (it is either 0 or 2
sx
). Now, as in the
tournament example, transition
(2)
relies on the multiplicativity of , and transition
(3)
is by applying
Theorem 2 to

yFq
(

xT
(x y)) (as the polynomial inside the character has degree at most s
x
in y). Finally comparing the two estimations of p
X,Y
, we get
s
y
2
sx
q + 2
sx

q(s
x
1)
Let us choose s
x
such that (s
x
1)2
sx
=

q. Take s
x
=

(log q) (in fact we can take smaller
than log q by logarithmic factors). Now, for large enough s
y
, in particular s
y
=

O(

q) (larger than

q by logarithmic factors), the equality above can not hold. We conclude that for properly picked
e
2
=

(

q), and e
1
=

(log q), D(S
X
, S
Y
) can not be the constant 1. Observe that increasing the
size of S
X
leads to the same conclusion, as we could have taken a subset of S
X
of size

(log q), and
worked with it. Also, clearly increasing the size of S
Y
leads to the same conclusion.
Similarly, assuming by contradiction that D(S
X
, S
Y
) is the constant 1, we could consider
p
S
X
,S
Y
=

yS
Y

yS
X
(1(xy)), to obtain a similar contradiction (with the same parameters).
4
3 Proof of Theorem 2 using the Stepanov Method
Let S = a F
q
[f(a) is a q.r. We rst prove an upper bound on [S[. For simplicity we focus on
a special case. The presentation is based on a write-up of Ernie Croot[3].
Lemma 3.1 (Main Lemma). When deg(f) = 3 and q = p is prime
[S[ q/2 + O(

q).
Let
g(x) f(x)
q1
2
1.
We know that all elements of S are roots of g. Thus, [S[ deg(g), but this is a trivial bound as
deg(g) q. Here is a nice intuition for the Stepanov Method I heard from Avi Wigderson: If g
satises a low-degree differential equation then we can sometimes show it has much less roots
than its degree. For convenience, from now on let t = (q 1)/2 so g(x) = f(x)
t
1. Let us see
what differential equation our g satises:
g
t
(x) = t f(x)
t1
f
t
(x)
so
(g(x) + 1) (t f
t
(x)) = g
t
(x) f(x).
Denition 4. A polynomial r(x) has a root of order M at a F
q
if (x a)
M
[r(x). When M is
smaller than char(F
q
) (which is q in our case, as we are assuming q is prime), this is equivalent to
0 i M 1 r
(j)
(a) = 0,
where r
(j)
denotes the jth derivative of r.
Our strategy will be to construct a non-zero polynomial r(x) of not too high degree that has a
root of high order M at every a S. It will follow that [S[
deg(r)
M
.
3.1 An oversimplied approach
To demonstrate the idea, we rst construct r in an oversimplied way that will have a problem we
will need to x later. We dene
r(x) = f(x)
M
(g(x) U(x) + V (x))
where U and V will be determined later and have degree at most d =
Mp
2
.
r(x) will have a nice form:
r
t
(x) = M f(x)
M1
f
t
(x)(g(x) U(x) + V (x)) + f(x)
M
(g
t
(x) U(x) + g U
t
(x) + V
t
(x))
using the differential equation for g above, we can rearrange the second summand and get
M f
M1
f
t
(g U + V ) + f
M1
((g + 1)t f
t
U + f g U
t
+ f V
t
)
5
= f
M1
(g (M f
t
U + t f
t
U + U
t
) + M f
t
V + t f
t
V + V
t
f)
= f
M1
(g U
1
+ V
1
),
where
deg(U
1
), deg(V
1
) d + 2
The coefcients of U
1
, V
1
are linear combinations of the coefcients of U, V .
Similarly, it can be shown for all 1 j M 1 that
r
(j)
(x) = f(x)
M1
(g(x) U
j
(x) + V
j
(x)),
deg(U
j
), deg(V
j
) d + 2
The coefcients of U
j
, V
j
are linear combinations of the coefcients of U, V .
For a given 0 j M 1, we want to ensure
r
(j)
(a) = 0 a S.
This can be expressed by at most q linear constraints on the coefcients of U and V by requiring
V
j
(x) 0( mod x
q
x) (it is easy to see that these are still linear constraints on the coefcients
of U and V). As then for a S
r
(j)
(a) = g(a) + U
j
(a) + V
t
j
(a) (a
q
a) = 0 + 0 = 0.
Thus, we can ensure r has a zero of multiplicity M at every a S using M q linear constraints. The
number of free variables we have is the number of coefcients of U and V :(M q/2+1) 2 > M q,
so we must have a non-zero solution. Suppose that U, V ,= 0 would imply r ,= 0. Then
[S[ deg(r)/M
3q/2 + M 3/2 + Mq/2
M
q/2 + O(

q),
for M =

q.
However, it is not true that U, V ,= 0 implies r ,= 0: e.g. u = (x
q
x), v = (x
q
x) g(x).
4 The correct proof
To resolve this problem we will have to restrict U and V to a special form. This will reduce the
number of coefcients of U and V , but we will do it in a way that will also reduce the number of
constraints we need to satisfy.
Set N = M/2 (assume for simplicity N is an integer). Specically, we assume
U(x) =
N

i=0
t2

j=0
c
i,j
x
pi+j
.
We assume V has a similar form. That is,
6
U and V have degree at most Mp/2 + t 2 and
the non-zero powers of U and V are in the range [0, t 2] mod p.
We claim that when U and V have this form, U ,= 0 OR V ,= 0 implies r ,= 0: If U = 0, this is
clear. It is easy to check that deg(g) t 1 mod p. This implies, when U ,= 0, that
deg(g U) [t 1, 2t 2] mod p
deg(V ) [0, t 2] mod p
Thus, g U + v ,= 0 and also r ,= 0. The number of free variables we have now, i.e., the number of
coefcients of U and V is 2 (N + 1) (t 1).
How many constraints do we have? Using the description of V
1
we can see that its non-zero
powers will be in the range [0, t] mod p. That implies that the non-zero powers of V
1
mod x
p

x will be in the range [0, N +t]. In general, one can show the non-zero powers of V
j
modx
p
x are
in the range [0, N + t 2(j 1)] so we have
M1

j=0
N + t 2(j 1) = M (N + t 1) + M(M 1)
constraints. For M =

q/2, N = M/2 =

p/4, this is less than
M N +M(t 1) +M
2
p/8 +p/4 +M (t 1) t 1 + 2N(t 1) = 2(N + 1)(t 1).
Thus, we have a solution to the system with a non-zero r , and
[S[ deg(r)/M p/2 + O(

p).
A lower bound on S can be proved similarly by taking g(x) x
(p1)/2
+ 1.
5 Weils general theorem, motivation for Bombieris approach
We denote by F
q
the algebraic closure of F
q
. One concrete way to think of F
q
is that it is the union
of all nite extensions of F
q
. That is F
q
=

l=1
F
q
l .
Denition 5. We say that a polynomial f(x, y) F
x,y
is absolutely irreducible if it is irreducible
over F
q
.
Claim 5.1. Let g(x) be a univariate polynomial of degree 3. Then the polynomial f(x, y) = y
2

g(x) is absolutely irreducible.

Proof. One can check that if f was reducible it must have a factor of the form (y p(x)) for some
univariate polynomial p. Thinking of f is a univariate polynomial over F
q
(x) it follows that p(x) is
a root of f, and p(x)
2
= g(x). This is impossible for g of degree 3.
7
For such an f, let
N
q
= [(a, b) F
2
q
[f(a, b) = 0[
It follows from what we proved in the previous section that [N
q
q[ O(

q): For each a F

q
such that f(a) is a q.r. we have 2 solutions (a, b), (a, b). We showed there are q/2 + O(

q) such
as. (Besides that there are at most 3 as such that f(a) = 0, and the as for which f(a) is non-zero
and not a q.r. do not contribute to the number of solutions).
The more general form of Weils Theorem gives a similar bound for any absolutely irreducible
polynomial.
Theorem 5 (Weil). Let f(x, y) F
x,y
be an absolutely irreducible polynomial of (total) degree d.
Let
N
q
= [(a, b) F
2
q
[f(a, b) = 0[
Then
[N
q
q[ O(d
2
)

q.
Remark 5.1. If we look at individual degrees rather than total degree, the O(d
2
) term can be im-
proved to O(deg
x
(f) deg
y
(f)).
Examples:
It can be seen that a polynomial f of the form y
d
g(x) where g is not of the form c
h(x)
d
for any c F
q
and h F[x] is absolutely irreducible. Applying Weils Theorem on
these polynomials can be used to get bounds on character sums involving any multiplicative
character. To state this implication let us rst dene multiplicative characters.
Denition 6 (Multiplicative character). A function : F
q
C is a multiplicative character
of F
q
if (1) = 1 , (0) = 0 and
(ab) = (a)(b)
for every a, b F
q
. The order of is the smallest integer d such that ((a))
d
= 1 for every
a F

q
.
Theorem 6. [5][Theorem 2C
t
, page 43] Let be a multiplicative character of F
q
of order
d > 1. Let g(x) be a polynomial in F[x] of degree m. Suppose that g(x) is not of the form
c h(x)
d
for any c F
q
and h(x) F[x]. Then

xFq
(g(x))

mq
1/2
.
To see that irreducibility is necessary consider h(x, y) = xy which for any q gives N
q
= 2q1
which is too many solutions.
To see that absolute irreducibility is necessary consider q such that 2, 1 are not quadratic
residues (this happens for example when q is prime of the form 8k + 3). Over such a eld the
8
polynomial x
2
2 is irreducible and there exists an F
q
2 F
q
such that
2
= 1. As / F
q
,
the elements 1, are a basis for F
q
2 over F
q
. Consider
h(x, y) = y 2x
4
4x
2
2.
Then h(x, y) = (y (x
2
+ 1))(y +(x
2
+ 1)) in F
q
2 and h is irreducible over F
q
. We show
that N
q
= 0: Suppose there was an (a, b) F
2
q
with h(a, b) = 0. Then (a, b) must zero one of
the factors of h. W.l.o.g. assume
(b (a
2
+ 1)) = 0
This gives a F
q
-linear combination of 1, that is zero, therefore the coefcients of the
coefcients must be zero. In particular, we have a
2
+ 1 = 0 which is impossible as we
assumed 1 was not a quadratic residue
5.1 Intuition of the proof
For abs. irreducible f, the set of solutions ( = (a, b) F
2
q
[f(a, b) = 0 is called an afne plane
curve
2
. In these notes when we use the term curve, we always refer to an afne plane curve. We
wish to bound the number of points in ( whose coordinates are in F
q
. Let us call this set ((F
q
). That
is, ((F
q
) ( F
2
q
. Here are some ways to think about this set:
For x = (a, b) ( we dene x
q
= (a
q
, b
q
). So this is a mapping from ( to itself. This is
sometimes called the Frobenius Automorphism of (. ((F
q
) is exactly the set of xed points of this
mapping. Also, doing operations coordinate-wise ((F
q
) is exactly the set of zeros of the polynomial
z
q
z. Bombieris approach was to construct a function on ( of not too high degree that vanishes
with high multiplicity on each point of ((F
q
). To present his proof we will have to spend sometime
formally dening these notions. That is , we need to explain
1. What do we mean by a function on a curve?
2. How do we dene a degree of such a function?
3. Given a function f on a curve (, and point x ( how do we dene the multiplicity of f at x?
5.2 Denitions relating to (
1. To answer the rst question we dene
A(() F
x,y
/(h(x, y))
as our set of functions. This is justied as follows. We will ultimately only care about the
values of our functions on point in ((F
q
) and just considering elements of F
x,y
will give
2
as opposed to curves in higher dimensions, or in projective space.
9
us all possible functions on ((F
q
). Furthermore, if f, f
t
F
x,y
are equal mod h , e.g.
f
t
(x, y) = f(x, y) + h(x, y), then restricted to ((F
q
) they dene the same function.
2. The notion of degree and multiplicity in general on A(() is hard to dene and requires moving
to an abstract algebraic view of the curve through its function eld. We do this towards the end
of these notes, but to give more of a feeling of the notions involved we rst follow Kowalski
[4] by looking at a specic curve where the notions can be dened more explicitly. From now
on we assume q = 2
l
and we look at h(x, y) = y
2
y g(x) where deg(g) = d is odd. It
can be shown that in this case h is indeed absolutely irreducible. In this case any element of
f A(() can be represented as
f = g
0
(x) + y g
1
(x), g
0
, g
1
F[x].
we abuse notation and sometimes identify an element f A with the corresponding polyno-
mial f F
x,y
of this form. In this case we can dene multiplicity as follows.
Denition 7. [multiplicity] Given f A(() and x = (a, b) ( we say f vanishes with order
m at x if (the polynomial) f can be represented as
f(x, y) = (x a)
m

f
1
f
2
+ s(x, y) (y
2
y g(x)),
where f
1
, f
2
A(() and f
2
(a, b) ,= 0.
We give some motivation for the denition above. For a univariate polynomial f(x), if
f(a) = 0 then (x a) divides f. This motivates saying f vanishes with multiplicity m at
a if f(x) = (x a)
m
f
1
(x) for some polynomial f
1
. Dening f
t
(x) = f(x + a) we have
f
t
(x) = x
m
f
t
1
(x) for some polynomial f
t
1
. This can be interpreted as saying f looks like an
mth power around a.
Similarly, for f(x, y) we can say f has a zero of order m at (a, b) if f
t
(x, y) = f(x+a, y +b)
has no monomials of total degree smaller than m. This can be interpreted as saying f looks
like an mth power around (a, b). The denition above can be interpreted as f looks like an
mth power around (a, b) when restricted to the curve ( (as on points in ( the s(x, y) (y
2

y g(x)) factor vanishes).

One may wonder why it is sufcient in the denition to have only the (x a)
m
factor, and no
similar factor involving y. Roughly speaking, the fact that one factor is enough has to do with
the fact that valuation rings are principal ideal domains, and the fact that a factor involving
only x is enough is because the function (x a) always has a zero of order 1 at (a, b) for this
particular h.
We show that an f that vanishes at (a, b) will indeed have a zero of order 1 by this denition.
Claim 5.2. Fix f A(() such that f(a, b) = 0 for (a, b) (. Then f vanishes with order
1 at (a, b) according to denition 7.
10
Proof. We denote by equality in A((), that is equality mod h. Note rst that, as b
2
+ b =
g(a)
y
2
y (b
2
+ b) g(x) g(a)
Note that the left hand side is equal to (y +b) (y +b + 1) and the right hand side is equal to
(x a) g(x) for some polynomial g This gives
(y + b) (y + b + 1) (x a) g(x)
and
y + b
(x a) g(x)
(y + b + 1
.
Suppose f = g
0
(x) + y g
1
(x). Write
g
0
(x) = (x a) g
t
0
(x) + g
0
(a)
g
1
(x) = (x a) g
t
1
(x) + g
1
(a)
We have
f = (x a) g
t
0
(x) + g
0
(a) + y ((x a) g
t
1
(x) + g
1
(a))
= (x a) [g
t
0
(x) + y g
t
1
(x)] + y g
1
(a) + g
0
(a)
The rst summand is in the desired form. We handle the other terms:
y g
1
(a) + g
0
(a) = (y + b) g
1
(a) + b g
1
(a) + g
0
(a)
=
(x a) g(x)
(y + b + 1
g
1
(a) + (y
2
y g(x)) s(x, y)
where the rst equality used f(a, b) = 0.
3.
Denition 8 (Degree in A(()). For f A(() written as f = g
0
(x) + g
1
(x) y we dene
deg(f) = max2 g
0
, 2 g
1
+ d.
Intuition: We want the degree to be a bound on the number of common zeros (with multi-
plicity) of f and h. Lets see this is true for monomials f rst without considering multiplicity.
If f = g
0
(x) we need to bound the number of (a, b) F
2
q
such that:
g
0
(a) = 0, b
2
+ b = g(a).
For each root a of g
0
there are at most two such pairs, i.e., at most 2 deg(g
0
) deg(f)
solutions.
If f = g
1
(x) y, we want to bound the number of (a, b) F
2
q
such that
b = 0, g(a) = 0,
11
or
g
1
(a) = 0, b
2
+ b = g(a).
Clearly we have at most d solutions of the rst kind, and at most 2 deg(g
1
) solutions of the
second kind. This is at most deg(f) = d + 2 deg(g
1
).
Lemma 5.2. For f A((), let deg
0
(f)

x(
mult
f
(x), where mult
f
(x) is the maximal k
such that f vanishes with multiplicity k at x. Then
deg
0
(f) deg(f).
Proof. We dene the norm function
3
N : A(() F[x] by
N(f)(x) f(x, y) f(x, y + 1),
where f(x, y) = g
0
(x) + g
1
(x) y. We verify N(f) F[x]:
N(f) = (g
0
(x) + y g
1
(x)) (g
0
(x) + y g
1
(x) + g
1
(x))
= g
2
0
+ y g
1
g
0
+ g
0
y g
1
+ g
2
1
(y g) + g
0
g
1
+ y g
2
1
= g
2
0
g
2
1
g + g
0
g
1
.
It also follows that
deg
F[x]
(N(f)) = max2deg(g
0
), 2deg(g
1
) + d = deg(f).
Suppose that mult
f
((a, b)) = m
1
and mult
f
((a, b+1)) = m
2
. We show (xa)
m
1
+m
2
[N(f):
We know that
N(f)(x) = f(x, y) f(x, y + 1) = (x a)
m
1

f
1
f
2
(x a)
m
2

f
t
1
f
t
2
+ s(x, y) h(x, y),
where f
2
(a, b), f
t
2
(a, b + 1) ,= 0. From this, xing y = 0 we can show
N(f)(x) = (x a)
m
1
+m
2

f
t
1
(x)
f
t
2
(x)
,
where f
2
(a) ,= 0. From this, using (x a) f
t
(x) and unique factorization we can show
N(f) = (x a)
m
1
+m
2
f
tt
2
(x),
for f
tt
2
F[x]. So
deg
0
(f) =

aFq
b,(a,b)(
m
1
(a) + m
2
(a) deg
F[x]
(N(f)) = deg(f).
3
This is actually exactly a restriction of the Norm function of the fraction eld of A(() into F(x) (The fraction eld
of A(() is an algebraic extension of F(x) obtained by adding a root of the polynomial h which is a univariate irreducible
polynomial over F(x)).
12
6 Riemann-Roch properties of the degree function
An advantage of functions on ( over normal bi-variate polynomials is that the degree function
behaves like the degree of univariate polynomials.
Denition 9. For an integer k 0, we denote
1(k) f A(()[deg(f) k 0.
1(k) is a vector space over F
q
analogous to the space of polynomials in F[x] of degree at most
k.
Lemma 6.1. [Riemann-Roch properties]
1. 1(0) = F
q
, i.e., only the constant functions are in 1(0).
2. k 0, dim1(k) dim1(k + 1) dim1(k) + 1.
3. k 0,
(k + 1) (d 1) dim1(k) (k + 1).
4. There exists > 0 such that k d 1,
dim1(k) = k + 1
, (actually =
d1
2
). is called the genus of (.
Proof. We rst observe for f A, f = g
0
(x) +y g
1
(x) (recall that we abuse notation and identify
f A with a representative of this form), as d is odd we have:
If deg(f) is odd, deg(f) = 2 deg(g
1
) + d.
If deg(f) is even, deg(f) = 2 deg(g
0
).
1. It is obvious from the denition of degree that only the constant functions can have degree 0.
2. Obviously 1(k) 1(k + 1) so dim1(k) dim1(k + 1). Fix f
1
, f
2
1(k + 1) 1(k).
Denote f
i
= g
0,i
+g
1,i
y. If k +1 is odd deg(f
i
) = 2 deg(g
1,i
) +d. So deg(g
1,1
) = deg(g
1,2
).
Therefore, for some F
q
deg(g
1,1
g
1,2
) < deg(g
1,1
). So
deg(f
1
f
2
) max2 deg(g
0,1
g
0,2
), deg(g
1,1
) g
1,2
) + d k.
Therefore, f
1
f
2
1(k) which implies dim[1(k + 1) 1(k)] 1. Therefore dim1(k+
1) dim1(k) + 1. The case where k + 1 is even is similar.
13
3. From the previous items it follows that
k 0, dim1(k) (k + 1).
For the lower bound we will show that for any k (d 1) there is an element f A of
degree exactly k. It follows that indeed dim1(k) (k +1) (d 1). We claim rst that for
any k (d 1) there exist integers i 0, j 0, 1 such that i 2 + j d = k:
(d 1) =
d 1
2
2, d = 1 d.
Now to get any k > d add a multiple of 2 to d 1 or d. Now to get an element of degree
exactly k (d 1) take f = x
i
y
j
for the corresponding i, j.
4. From the previous items it follows that for k (d 1)
dim1(k) = k + 1 dim1(d 2).
We end this section with a simple claim we require for Bombieris proof.
Claim 6.1. Given f A(() such that f f
m
1
for some f
1
A((). If mult
f
(x) 1 then
mult
f
(x) m.
Proof. Suppose x = (a, b).
mult
f
1
(x) 1 f(a, b) = f
1
(a, b)
m
+ S(a, b) h(a, b) = 0.
As h(a, b) = 0, the above equation implies f
1
(a, b) = 0. Hence by Claim 5.2
f
1
(x, y) = (x a)
f
t
1
f
t
2
+ S(x, y) h(x, y).
f(x, y) = (x a)
m

f
tt
1
f
tt
2
+ S
t
(x, y) h(x, y).
7 Bombieris proof:(upper bound)
We denote by g the genus of ( (in the previous section we used ). For our curve ( we showed that
g (d 1)/2.
Lemma 7.1 (Weil upper bound). Denote N
q
= [(a, b) F
2
q
[h(x, y) = 0[. If q = p
2
for some
prime power p, and q > (g + 1)
4
then
N
q
q + 1 + (2g + 1)

q.
14
Recall that 1(k) = f A(()[deg(f) k. We record the properties we will need:
For integer k
1. dim1(k + 1) dimH(k) + 1.
2. If k > 2g 2, dim1(k) = k + 1 g.
3. If f 1(k), f
q
1(q k)
4. There exists a basis f
1
, . . . , f
s
of 1(k) with deg(f
i
) < deg(f
i+1
).
Let n = p 1, k = p + 2g. Note by 2 s = k + 1 g. The proof will follow from 2 main claims.
Claim 7.1. There exist u
1
, . . . , u
s
1(n) not all zero, such that u
p
1
f
1
+ . . . + u
p
s
f
s
0.
Proof. Let h
1
, . . . , h
t
A(() be a basis for 1(n) (so t = n + 1 g). Dene r A(() by
r =
s

i=1
_
t

j=1
(a
i,j
h
j
)
_
p
f
i
,
for a
i,j
F
q
to be determined. We have deg(r) n p + k = (p 1) p + p + 2g. Fix
x
1
, . . . , x
np+k1
(. For x = (a, b) (, r(x) = 0 is a linear constraint on the a
i,j
s:
s

i=1
_
t

j=1
a
i,j
h
j
(a, b)
_
p
f
i
(a, b) = 0.

_
s

i=1
t

j=1
h
p
j
(a, b) (f
i
(a, b))
1/p
a
i,j
_
p
= 0,
where we used the fact that raising to the power p is bijective on F
q
and thus we can always take
pth roots. Our number of free variables is
t s = (k + 1 g) (n + 1 g) n p + k.
Thus we have a non-zero solution as claimed.
Claim 7.2. For any u
1
, . . . , u
s
1(n), not all zero.
f = u
p
1
f
q
1
+ . . . + u
p
s
f
q
s
, 0.
Proof. For 1 s, let d

= deg(u
p

f
q

). Fix the maximal j such that u

j
, 0. Using q > p n,
we have
d
j
q deg(f
j
) > q deg(f
j1
) + p n d
j1
.
So u
p
j
f
q
j
cannot be canceled out by the preceding terms.
15
of Lemma 7.1. Fix u
1
, . . . , u
s
as in Claim 7.1. Let f =

s
i=1
u
p
i
f
q
i
. For x = (a, b) ((F
q
)
f((x) =
s

i=1
u
p
i
(a, b) f
q
i
(a, b) =
s

i=1
u
p
i
(a, b) f
i
(a
q
, b
q
) = r(a, b) = 0.
Thus, mult
f
((x) 1. Note that f is a pth power : f = (

s
i=1
u
i
f
p
i
)
p
. Thus, by Claim 6.1
mult
f
(x) p for every x ((F
q
). Therefore,
N
q
= [((F
q
)[
deg(f)
p

p n + q k
p
= n + p k q + (2g + 1) p.
8 Applications to exponential sums of multiplicative characters
In the previous sections we proved Theorem 5 for polynomials of the special form f(x, y) = y
2

y g(x). In this section we prove its implication, Theorem 6. The end result is the following,
somewhat modied, theorem.
Theorem 7. Let be a multiplicative character of F
q
of order d > 1. Let g(x) be a polynomial in
F[x] with m distinct roots in F
q
, where d[q 1 and gcd(deg(g), d) = 1 (in particular, g(x) is not of
the form h(x)
d
for any h(x) F[x]). Then

xFq
(g(x))

mq
1/2
.
Observe that our variant of Theorem 6 is a bit weaker as it replaces the constriant that h(x, y) is
not a dth power in F
q
[x] with the stronger constraint that gcd(g(x), d) = 1. On the other hand, we
obtain a somewhat stronger bound on [N
q
q[, which involves the number of distinct zeros of g(x),
rather than the number of zeros with multiplicity (equivalently, the degree). Our proof is comprised
of two steps:
1. Modify our presentation of Bombieris algebraic geometry based approach to handle polyno-
mials of the form f(x, y) = y
d
g(x). This step is be relatively easy, as the concepts and
techniques used are quite evident from the special case we have seen.
2. Reduce the problem of bounding [
xFq
(g(x))[, where (x) is a multiplicative character of
order d, to estimating N
q
for f(x, y) = y
d
g(x). This step is more interesting, and requires
new ideas.
16
8.1 Some more intuition on step 2
One method to perform the reduction from step 2 is by analyzing the zeros of certain exponential
sums over nite elds. More specically, the proof technique is analogous to (one of the) proofs of
the prime number theorem. That is, lim
x
(x)/(
x
ln(x)
) = 1, where (x) is the number of primes
smaller or equal to x. This proof uses, among other things, analysis of the zeros of the Reimann
zeta function (s) =
n1
1
n
s
. Namely, it uses the fact that Re(z) < 1 for all zeros z satisfying
Re(z) [0, 1] of . Note that this statement is weaker that the RH (Reimann hypothesis), stating
that all (complex) zeros z of (s) with Re(z) [0, 1] in fact satisfy Re(z) = 1/2. Indeed, assuming
the RH, a more accurate approximation of (x) can be obtained [2]. A generalization of the prime
number theorem (Dirichlet, 1837), provides similar estimations of the prime density in arithmetic
progression a, a + d, . . . where a, d > 0 are coprime has. His proof relies on analysis of the zeros
of a generalized version of the zeta function we will now describe (an analogous hypothesis on
its zeros is reffered to as the generalized Reimann hypothesis - GRH). To this end, we will need
a denition of characters for arbitrary rings (rather than just elds). A Dirichlet character
D
is
a function dened over Z as follows. Let k 1, and let denote a multiplicative character of
Z
k
= Z/(kZ) as in Denition 8.1. We dene
D
via

D
(x) =
_
(x) if gcd(x, k) = 1
0 otherwise
Now, the type of generalization of the zeta function used in the proof is called a Dirichlet L-function,
which is dened by L

D(s) =

n1

D
(s)
n
s
.
4
It is indeed a generalization, as (s) is obtained by set-
ting k = 1 and = 1 (the trivial character). This type of functions will be of interest for us, since
an analog of Dirichlet characters (and L-functions based on these) will be used in our proof. The
idea is to consider dened over F[x]/g(x), and translate the arguments to the domain of poly-
nomials (which is plausible given the strong resemblance between integers and polynomials). For
a more detailed outline of this intuition see [4], chapter 3. Interestingly, in the course of our proof,
we will prove an analog of the GRH for Dirichlet characters (for characters over polynomials) using
quite basis techniques, while GRH (in particular, RH) remains one of the biggest open problems in
mathematics for over 150 years.
8.2 Proof of theorem 6
In this section we present a proof of theorem 6. The second step of the proof (reduction to estimating
N
q
) will be proved in a self contained manner (upto leaving various technical claims in functional
analysis that we use without proof, referring to a textbook instead). The rst step is merely an
application of Bombieris approach to a different polynomial, and is very similar to what we have
already seen for the polynomials h(x, y) = y
2
yg(x), so here we only give a very brief overview.
This writeup closely follows [4]. We start with some additional background we will need on
multiplicative characters and nite elds.
4
As an exception, the trivial Dirichlet character
D
(x) = 1 is dened to have (0) = 1 as well.
17
8.2.1 Some background and concepts
Denition 8.1. Let (G, ) be a nite group. Then : G C is a group character if (1) = 1 and
(ab) = (a)(b).
5
Lemma 8.1. Let ( be the of set of all group characters over a nite group (G, ). Then this set
is a nite group under coordinate-wise product (where each ( is viewed as a vector in C
[G[
).
Furthermore, the following zero-sum equalities hold.
1. Let ,= 1, then

xG
(x) = 0.
2. Let (
t
( be a subgroup, and let x be such that g
t
(x) ,= 1 for some g
t
(
t
. Then

g
t
(x) = 0.
Proof. It is easy to see that ( under the operation above forms a group. Since
(x)
[G[
= (x
[G[
) = (1) = 1
for all (, x G, we have that Image()
_
x C[x
[G[=1
_
, which is of size [G[. Thus, there
are at most [G[
[G[
different s (a nite number). As to item 1, since is non-trivial, there exists
some x G such that (x) ,= 1. Thus we have

yG
(y) =
(1)

yG
(xy) = (x)

yG
(y)
where (1) holds since xG = G (since G is a group, f
x
(y) = xy is a permutation over G). Reorga-
nizing, we conclude that ((x) 1)

yG
(y) = 0. Since (x) ,= 0 we can divide by ((x) 1)
to obtain

yG
(y) = 0, as required (note the operations are in C). Item 2 can be obtained by
a nice application of 1: observe that f
x
: (; C dened by f
x
() = (x) is a character of the
(nite) group (
t
. To see multiplicativity holds, note that f
x
(
1

2
) =
1
(x)
2
(x) = (
1

2
)(x)
(by denition of the operation in (). Now, f
x
is not the identity character by the existence of g
t
such that g
t
(x) ,= 1, the conditions of 1 hold, and we are done.
As mentioned in Section 8.1, analogously to Dirichlet characters over the integers mentioned
there, we introduce and make use of Dirichlet characters for polynomial rings.
Denition 8.2. Let F
q
be a nite eld, and g(x) F[x] a non-constant monic polynomial. A
Dirichlet character
D
is a function dened over F[x] as follows. Let denote a multiplicative
character of F[x]/g(x) (the denition differs from that in Dention 6 so that if is trivial over
(F[x]/g(x))

, then it is dened as 1 elsewhere). We dene

D
over F[x] to have
D
(f(x)) =
(f(x) mod g(x)).
5
Denition 6 in fact considers an extension of the notion of a group character to rings R, where a group character
over R

, Rs set of invertible elements (which form a group under multiplication), is extended to equal 0 on elements in
R R

.
18
A crash course on nite elds. We say F/F
q
is a eld extension if an isomorphic copy of F
q
is a subeld of F. A eld extension F/F
q
is algebraic if every t F is a root of a polynomial

t
F[x] (we will consider only such extensions, such as F
q
/F
q
or F
q
/F
q
). The degree [F : F
q
] of
the extension is the dimension of F as a vector space over F
q
, which can be innite, such as [F
q
: F
q
],
or nite, such as [F
q
: F
q
] = . In an algebraic eld extension F/F
q
, we say
t
F[x] is a minimal
polynomial of t F over F
q
if
t
is a monic polynomial of the smallest degree, such that
t
(t) = 0.
It is easy to prove that
t
always exists, is unique, and irreducible over F
q
[x]. Also, if f(t) = 0 for
some f F[x], then
t
(x)[f(x). We have
Fact 8.2. The roots of
t
are precisely t, t
q
, . . . , t
q
d1
, where d = degree(
t
). Additionally, we have
t
q
d
= t.
To prove this, we will need the following basic observation.
Fact 8.3. Let F
q
[x], and let F where [F/F
q
] is a eld extension. Then ()
q
i
= (
q
i
) for
all i 0.
To see Fact 8.3 holds, observe that x
q
= x for all x F
q
, and the fact that (a + b)
q
= a
q
+ b
q
for a, b F (easy exercise, based on the fact that q is a power of Fs characteristic). Next, we prove
Fact 8.2. There are no more roots (counting multiplicity), since a polynomial p(x) F[x] has at
most deg(p) over any (extension) eld. Also, we have that t
q
d
= t. This is the case since in F
q
(t)
(the smallest eld containing both F
q
and t) we also have
t
(t) = 0. That implies t
d
= p
t
(t) where
p
t
is of degree d 1 over F
q
,
()
so we must have t
l
= p
l
(t) where p
l
F[x] is of degree d 1, by
repeatedly using
()
to eliminate higher degrees. We conclude that F
q
(t) as a vector space over F
q
is spanned by 1, t, . . . , t
d1
. This is in fact a basis, or else we would have a lower degree minimal
polynomial for t (in F) over F
q
. In particular, all these roots are therefor distinct. Conversely, every
irreducible monic polynomial of degree > 0 in F
q
[x] is a minimal polynomial of an element t F
q
.
For 1, q a prime power, the norm is dened via N
F
q
/Fq
(x) =

i=1
x
q
i
. (not to confuse
with the norm function N
f
(x, y) used in other parts of the writeup). It is known that the image of
N
F
q
/Fq
is (exactly) F
q
(for all 0).
8.2.2 Step 1
The end result corresponding to step 1 we prove is as follows.
Theorem 8. Let F
q
be a nite eld with q = p
2
for some 1, g(x) F[x] is non-constant
with gcd(deg(g), d) = 1, d[q 1. Then we have [[
_
(x, y) F
q
F
q
[y
d
= g(x)
_
[ q[ Cq
1/2
for
C = (d deg(g)). Observe that C depends only on d, deg(g), and not on the eld size q.
This theoremis a special case of Theorem5. Since here we let both d = deg
y
(y
d
g(x)), deg(g) =
deg
x
(y
d
g(x)) be parameters, rather than xing d(= 2) as done in the proof for the special case
of h(x, y) = y
2
y g(x), it explicitly demonstrates the dependence of the bound on d. Note
that we indeed get a more accurate dependence of deg
x
, deg
y
separately, rather than on the total
degree. However, quite surprisingly, the specic dependence on d we prove here has no effect on
the result in Theorem 7 (as long as this constant is independent of eld size, which is indeed the
case). The proof is very similar to the proof of Theorem 5 we saw in Section 5.2 (for the special
19
case of h(x, y) = y
2
y g(x)), and is merely an application of Bombieris approach to a different
polynomial h(x, y) = y
d
g(x, y), rather than h(x, y) = y
2
yg(x) we considered in Section 5.2.
As before, we consider the set of functions A(() = F[x, y]/h(x, y), and try to nd a function of not
too high a degree that vanishes on each point in ((F
q
) (recall ((F
q
) =
_
(a, b) F
2
q
[h(a, b) = 0
_
)
with high multiplicity. Our denition of degree will satisfy similar properties (Reiman-Roch prop-
erties), and multiplicity is dened as before (except for a mild difference of handling points (x, y)
with y = 0 differently). More specically, the denition of the degree of f(x, y) A(() is
Denition 8.3. Given g(x) F[x] such that gcd(deg(g), d) = 1 for d[q 1 we dene deg(f) =
max(d deg(g
i
) + ideg(g)[i 0, . . . , d 1) for f(x, y) =

d1
i=0
g
i
(x)y
i
,= 0 A((), and
deg(f) = for 0. We adopt the convention that deg(g
i
) = for g
i
= 0, so effectively, the
maximum goes over only the non-zero coefcients of the y
i
s.
Observe that this denition coincides with the denition of degree we had in Section 5.2 for
h(x, y) = y
2
y g(x) where deg
y
(h) = 2. Following similar steps to these in Sections 5.2, 6, 7,
we derive that
[((F
q
) q[ q + (2 + 1)

q + d,
where is the genus of (. It is proved in [4] that (d 1)(deg(g) 1), leading to a bound of
C = (d deg(g)) on [((F
q
) q[.
8.2.3 Step 2
In this section we develop the theory required for reducing the proof of Theorem 5 to Theorem 8.
Given , g(x), where is a multiplicative character of F
q
of order d, g is monic of degree m > 1
we associate a Dirichlet character
D
. We construct the L-function associated with
D
which is
dened by L

D(T) =

f monic in F[x]

D
(f)T
deg(f)
. The main observation is that L

D(T) is in fact a
polynomial (has a nite number of non-0 coefcients), and that [

xFq
(x)[ = [

(1w
i
x)[L

D
w
i
[,
where the w
i
s are reciprocals of the roots of L

D(T). The latter connection is done by consider-

ing T log L

D, which turns out to have [

xFq
(x)[ = [

(1w
i
x)[L

D
w

i
[ as its th coefcient
for all , and the aforementioned connection is obtained by comparing coefcients of the series
L

D and log L

D. Finally we show how to bound the [w

i
[s using Theorem 8, completing the
proof (for this last step, see Section 8.2.4). Observe that although we need only [

xFq
(x)[ =
[

(1w
i
x)[L

D
w
i
[, we use the information about the other coefcients of log L

D to obtain the bound

on the w
i
s.
Dening
D
g,
. Given g(x) F
q
[x], as in the discussion above, we dene a Dirichlet character

D
g,
as follows. Let g(x) =

i
(x)
d
i
be the (unique) decomposition of g(x) into powers of monic
irreducible polynomials,
i
denote the degree of
i
, and
i
be an (arbitrary) root of
i
in F
q
. Given
f, dene

D
g(x),
(f) =

i
(N
F
q

i
/Fq
(f(
i
))) (2)
20
To see that this is indeed a Dirichlet character, observe rst that it is multiplicative (over all of
F[x]). Next, we want to show that the character .
To see that
D
(f) is indeed dened modulo g(x) (
g,
is well-dened), observe that f(x) =
g(x)h(x) + f
t
(x) (where f
t
is its remainder modulo g(x)), we observe that f(
i
) = g(
i
)h(
i
) +
f
t
(
i
) = f
t
(
i
), where the last transition holds since g(
i
) = 0 as g is divisible by
i
. Finally, we
need to show that
g,
obtains the proper values at 0 and 1 (0 and 1 respectively), which follows
easily from denition of
D
(f).
We will need the following property of
D
g,
in the sequel.
6
Lemma 8.4. For any 1, and any t F
q
, we have (N
F
q
/Fq
(g(t))) = ((1)
deg(g)
)
D
g,
(
t
)
deg(t)/d
,
where
t
is the minimal polynomial of t (in F
q
/F
q
).
Proof. First observe that since each
i
is irreducible over F
q
, then it is the minimal polynomial of

i
, and of each of its roots
i
, . . . ,
i
q

i
1
in F
q
. Thus
i
=

i
j=1
(x
i
q
j
). Similarly,
t
, the
minimal polynomial of t F
q
over F
q
, is of the form
t
=

w
i=1
(x t
q
i
), where w = deg(
t
). We
thus have
N
F
q
/Fq
(g(t)) =
(1)

i=1
g(t
q
i
) = (3)

j=1

i
(t
q
j
)
d
i
=

k=1

j=1
(t
q
k

i
q
j
)
d
i
=

j=1
(1)
d
i

k=1
(
i
q
j
t
q
k
)
d
i
=
(2)
(1)
deg(g)

i
(

k=1
(
t
(
i
q
k
))
/w
)
d
i
=
(1)
deg(g)
(

i
N
F
q

i
/Fq
(
t
(
i
)
d
i
))
/w
By denition of
D
g,
, the last expression implies N
F
q
/Fq
(g(t)) = (1)
deg(g)
(
D
g,
(
t
))
/w
, as
required. Here
(1)
holds since N
F
q
/Fq
(g(t)) =

i=1
(g(t)
q
i
) =

i=1
(g(t
q
i
)), where the rst
equality is due to Fact 8.3. Transition
(2)
relies on several standard tricks. First, recall that

t
(x) =

w
i=1
(x t
q
i
), and thus
t
(x)
/w
=

i=1
(x t
q
i
), as t
q
w
= t, by Fact 8.2. Also,
w[, since t
q

= t, and w is the minimal number such that t

q
w
= t. Additionally, we use Fact 8.3 to
replace expressions of the form f(N(x)) by N(f(x)).
6
Jumping ahead, a link between (g(x)), where

xFq
(g(x)) is the quantity we want to bound and
D
,g(x)
is
already established here.
21
Our next step would be to understand when
D
g,
is non-trivial, which is crucial for the proof to
go through, and that it is in fact dened modulo g
t
(x) =

i
, which is used only for a certain
quantitative improvement of the end-result. (which is only useful )
Lemma 8.5. 1.
D
g,
is dened modulo g
t
=

i
.
2. Assume g is not a dth power in F
q
[x] (recall d = order()). Then the underlying multiplica-
tive character
g,
of
D
g,
is non-trivial. That is, there exists f (F
q
[x]/g(x))

such that

g,
(f) ,= 1.
Proof. The rst item follows immediately from the denition of
D
g,
(see discussion upon denition
of
D
g,
- it is shown there that it is dened modulo g(x), but taking g
t
(x) instead works the same
way). For part 2, as g is not a dth power in F
q
[x], it must be that at least one of the
i
s (as dened
above), satises d d
i
. Thus
d
i
is a non-trivial character of F
q
(or else would have had order
gcd(d
i
, d) < d, leading to a contradiction). We construct an f (F
q
[x]/g(x))

that satises
f(
j
) = 1 for j ,= i.
f(
i
) = F
q

i such that N
F
q

i /Fq
() = where
d
i
,= 1.
7
It is easy to see that by denition of
D
g,
, we have
D
g,
(f) =
d
i
,= 1, which implies that
g,
is non-
trivial. To show such an f exists, rst observe that xing some ,= 1, 0 F
q
implies the existence
of some satisfying N
F
q

i
/Fq
() = by surjectivity of N
F
q

i
/Fq
. Next, we use the following eld
isomorphism (well known and not hard to prove). Let h(x) F
q
[x] be an irreducible polynomial
and F
q
denote a root of h. Then F
q
[x]/h(x) (under polynomial addition and multiplication
modulo h(x)), is isomorphic to the (sub-)eld F
q
() (of F
q
) via h(x) h(). Thus, using the
isomorphism, the above requirements on f translate to the following requirements in terms of fs
value modulo the various
j
s.
We require f mod
j
equals 1 for j ,= i.
Let p

denote the element of F

q
[x]/
i
(x) for which

(
i
) = (again, p

exists since the

mapping u(x) u() is an isomorphism between F
q
[x]/
i
(x) and F
q

i ), where is as
xed above. We require that f mod
i
equals (here we dont explicitly compute p

, but this
is not needed).
The rst requirement above is equivalent to the rst requirement in terms of values at
j
(that is,
f(
j
) = 1) for i ,= j. This is clear, since the constant polynomial 1 equals 1 on all inputs, including

j
(also, it is an element of F
q
[x]/
j
(x), in the sense that its degree is <
i
). For the second
condition, we have

(
i
) = . Indeed, since the mapping h(x) h(
j
) between F
q
[x]/
i
(x)
and F
q
(
j
) is an isomorphism, such a preimage

F
q
[x]/
i
(x) of F
q

i

= F
q
(
i
) (Unlike
modulo
j
s for j ,= i, we dont explicitly nd we do not nd ).
7
More accurately, f(
i
), which is a member of F
q
, belongs to an isomorphic copy of F
q

i contained in F
q
. In
particular, N
F
q

i /Fq
() belongs to F
q
.
22
Finally, since the
i
s are co-prime, we can uniquely recover f
t
= f mod g
t
from the set of
requirements above (using Chinese remaindering).
Using Dirichlet L-functions. Given a Dirichlet character
D
dened based on a multiplicative
character over the group F
q
[x]/g(x), we dene the L function associated with it by
L

D(T) =

D
(f)T
deg(f)
where f goes over all non-0 monic polynomials in F
q
[x].
Lemma 8.6. An L-function L

D(T) associated with a Dirichlet character

D
satises:
1. L

D(T) =

(1
D
()T
deg()
)
1
, where runs over all monic irreducible polynomials in
F
q
[x]. This formula is referred as the Euler formula.
2. If is non-trivial, L

D(T) is in fact a polynomial (that is, the series has a nite number of
non-0 monomials), and its degree is < deg(g
t
) (recall g
t
=

i
, where the
i
s are the
distinct irreducible factors of g).
Proof. 1. We have:

(1
D
()T
deg()
)
1
=

l0

D
()
l
T
ldeg()
=
(1)

l0

D
(
l
)T
ldeg()
=

1
e
1...m
em
=f

D
(f)T
deg(f)
=
(2)
L

D(T)
(4)
Where goes over all monic irreducible polynomials in F
q
[x], and f goes over all monic
polynomials in F
q
[x]. Equality
(1)
is due to multiplicativity of . Equality
(2)
is due to unique
factorization in F
q
[x].
2. Let us consider the coefcient of T
l
for l deg(g
t
). it equals

f monic,deg(f)=l

D
(f) =
(1)

f(Fq[x]/g

))

deg(f)=l,ff(g

)
(f) =
(2)
q
ldeg(g

f(Fq[x]/g

))

(f) =
(3)
0
23
Equality
(1)
follows from the rst item of Lemma 8.5, that is, that
D
(f) is dened modulo.
Equality
(2)
follows from the fact that only fs that are coprime to g (equivalently, g
t
) con-
tribute non-0 values to the sum; also, the polynomials f f are precisely those of the form
f = f + g
t
h, where the coefcient of l (the leading coefcient) is 1 (f is monic), so h has
leading coefcient 1 and degree (exactly) l deg(g
t
), so overall, there are q
ldeg(g

)
values
of h, corresponding to the same number of values of f. Finally,
(3)
is due to the fact that
is non-trivial over (F
q
[x]/g)

, which makes it non-trivial when viewed as a character over

(F
q
[x]/g
t
)

. The conclusion now follows by applying Lemma 8.1, part 1, to , when viewed
as a multiplicative character over (F
q
[x]/g
t
)

.
Lemma 8.7. Consider
D
=
D
g,
, dened as in the previous section ( is a multiplicative character
of F
q
). L

D, when
g,
is non-trivial, satises the series identity L

D(T) = exp(

1
S(
D
)

),
where
S

(
D
) = (1)
deg(g)

xF
q

(N
F
q
/Fq
(g(x)))
for 1.
Proof. Let us write
L

D = exp(

1
S

(
D
)

)
for some S

s. The idea is to nd the series representation for log L

t
, once using Eulers formula,
and once using the S

-based representation.
8
T(log(L

D(T)))
t
=
(1)
T(

log(1
D
()T
deg()
))
t
=
T

(log(1
D
()T
deg()
))
t
=
T

deg()

D
()T
deg()1
1
D
()T
deg()
=
(2)

deg()

r1

D
(
r
)T
rdeg()
=

1
S

(5)
Here
(1)
follows from Lemma 8.6 and by using multiplicativity of
D
. Transition
(2)
is by using
Tlog L
t
= T
L

L
= T
exp(...)(

1
S

exp(...)
. We conclude that
S

r,d,s.t rd=
d

deg()=d

D
()
r
(6)
8
As usual, we are neglecting functional analysis issues, such as convergence range of the series, and dont even state
what conditions are required to assure our symbolic manipulations are legal.
24
It remains to see that the S

s are as claimed. For 1 it holds that

xF
q

(N
F
q
/Fq
(g(x))) =
(1)
(1
deg(g)
)

xF
q

D
(
x
)
/deg(x)
=
(2)
(1
deg(g)
)

irreducible,deg()[
deg()
D
()
/deg()
=
(3)
(1
deg(g)
)S

Where
x
denotes the minimal polynomial of x (in [F
q
/F
q
]). Equality
(1)
holds since
D
satises
the conditions of Lemma 8.4. Equality
(2)
holds since every degree- (or smaller) irreducible (over
F
q
) polynomial F[x] is a minimal polynomial of exactly deg() elements of F
q
, and the fact
that each element of F
q
is the root of exactly one such polynomial. Equality
(3)
is by Equation 6,
completing the result.
8.2.4 Putting things together
Let us see what we have achieved by analyzing the L function of
D
. We have obtained two rep-
resentations of L. One via the sums S

for 1 in Lemma 8.7: we proved that L

D(T) =
exp(

1
S(
D
)

), where
S

(
D
) = (1)
deg(g)

xF
q

(N
F
q
/Fq
(f(x)))
whenever
D
is non-trivial. Another important property of L associated with non-trivial
D
we
proved (Lemma 8.6, part 1) is that it is a polynomial (a series with nite degree) with t < deg(g
t
)
roots. In other words, it is determined by its set of roots. We write L

D(T) =

t
i=1
(1
i
T), where
the
i
s are the inverses of L

Ds roots. On the other hand, we showed (Lemma 8.5, part 2) that if

g(x) is not a dth power in F
q
[x] (where, d = order()), which is a precondition of Theorem 7, it
holds that
D
g,
is non-trivial.
Looking more carefully into the two representations of L, we note that we are already not too
far from a solution.
Observe that S
1
= (1)
deg(g)

xFq
(f(x)) (since N
F
q
1
/Fq
(x) = x). Thus, in absolute
value, this is exactly the quantity we want to bound!
If we manage to express the S

s in terms of the
i
s, and bound the
i
s in terms of q, that
would yield a bound on the S

s, including S
1
.
25
Following the above plan, comparing the two representations of L

D(T), we obtain:
L

D(T) = exp(

1
S

(
D
)

) =
t

i=1
(1
j
T)
(1)

1
S

= T
t

j=1
(
j
)

j
T

=
(2)

1
(
t

j=1

)T

The rst implication is by applying the operator Tlog

t
(f) = T
f

f
to both sides, and by expanding
the expression for an innite geometric sum.Transition
(2)
is by changing the order of summation.
Comparing the coefcients of T

, we conclude that
S

=
t

i=1

i
(7)
Next, we show how to bound the
i
s in L

D.
Lemma 8.8. For all 1, d[q 1 we have

d
=1,,=1

xF
q

(N
F
q
/Fq
(g(x))) = [
_
(x, y) F
q
F
q
[y
d
= g(x)
_
[ q

,
where runs over all multiplicative characters of F
q
of order d .
Proof. We have

d
=1,,=1

xF
q

(N
F
q
/Fq
(g(x))) =

d
=1

xF
q

(N
F
q
/Fq
(g(x)))

=1

xF
q

(N
F
q
/Fq
(g(x))) =
(1)
d

xF
q
,yF
q
(y
d
=g(x))
1 q

=
(2)
[
_
(x, y) F
q
F
q
[y
d
= g(x)
_
[ q

where the s go over the group G of group characters of F

q
. To prove the validity of the above
calculations, rst observe that the subset D
t
=
_

d
= 1
_
G is a subgroup of G. Furthermore,
this subgroup is cyclic, generated by
1
(g
t
) = e
2i/d
, where g
t
is a generator of F

q
. Explicitly,

t
(g
t
k
) =
1
(g
t
)
k
for all k 0, . . . , d 1, and
t
(g
t
) for
t
D
t
may only be of the form e
2ji/d
for j 0, . . . , d 1). In particular, we conclude that [D
t
[ = d. Now,
G
t
=
_

t
= N
F
q
/Fq
[
d
= 1, G
_
26
is a subgroup of G

, which is the set of group characters of F

q

. This is not hard to see - in

particular, observe that
(N(x))(N(y)) = (N(x)N(y)) = (N(xy)),
(where N() abbreviates N
F
q
/Fq
).All elements in G
t
are of order dividing d, since N
F
q
/Fq
maps
everything (in particular, a generator of F
q
) to F
q
, and each is a character of F
q
of order dividing
d. However, since N
F
q
/Fq
is multiplicative and surjective on F
q

, it must map a generator g

of F
q

to an element g F
q

for which
1
( g) = e
2ki/d
for some k with gcd(k, d) = 1, or else Im(
1
)
would be a strict subset of
_
e
2ki/d
_
i
. From this we conclude that:
For x F
q
such that g(x) is not a dth power in F
q
, we have g(x) = g
r

where r modulo
d is some 0 < h < d, so we have
1
(N(g(x))) = e
2hki/d
,= 1. By Lemma 8.1, part 2, we
conclude that

(g(x)) =

d
=1
(N(g(x))) = 0.
We conclude that only x for which g(x) is a dth power in F
q
contribute to the sum.
We have [ G
t
[ = [ D
t
[ = d. Thus, for a given x such that g(x) = y
d
for some y F
q
,
we have (N(g(x)) = (N(y))
d
= 1 for all D
t
, so it contributes d to the sum.
Combining the two items about, we conclude that transition
(1)
is valid. To see transition
(2)
holds,
observe that if g(x) = y
d
for some y, then it holds also for all y
t
= yg
k(q

1)/d
where g is a generator
of F

q
, and k 0, . . . , d 1. Since a polynomial of degree d can have at most d roots in any
extension eld, this is the set of all roots, and it is of size d, which happens to equal [D
t
[, and
(2)
follows.
Note that the right hand side is exactly the left hand side expression in Theorem 7. However,
Lemma 8.8 involves an expression depending on all multiplicative characters over F
q
of order d,
while we are interested in a single such character , which was given to us (as in Theorem 7). The
nal link between them is the following technical lemma, that we will not prove (see [4] for details).
Lemma 8.9.
Let 1 be an integer, and let
1
, . . . ,

be complex numbers such that for some constant A 0,

we have [

i=1

i
[ AB

for some constant B and all integers 1. Then we have [

j
[ B for
all j.
We are now ready to prove Theorem 7 assuming Theorem 8 holds. For each multiplicative
character ,= 1 of F

q
of order d[q 1, Equation 7 shows that there exist m deg(g
t
(x)) or less
constants
,1
, . . . ,
,m
such that for all 1 we have

xF
q

(N
F
q
/Fq
(g(x))) = (1)

(
m

i=1

i
),
27
where the
i
s depend only on , g (and not on ). Thus, for each 1, summing up over all
non-trivial group characters of order d of F

q
, we obtain:
[

d
=1,,=1

xF
q
2
(N
F
q
2
/Fq
(g(x)))[ =
[

d
=1,,=1
(1)
2
(
m

i=1

2
,i
)[ = [
_
(x, y) F
q
2 F
q
2 [y
d
= g(x)
_
[ q
2
Cq

(8)
The rst equality is by applying Equation 7 to q
2
. The second equality is by Lemma 8.8, applied
to 2. The last transition is as in Theorem 8, and C is the constant appearing there. In particular,
we use the fact that the g(x) is not a dth power in F
q
[x] to deduce that L

D
,(x)
is non-trivial, and
all the s in the sum are non-trivial. Thus, Lemma 8.9 is satised by the
i
2
s with B = q,
=

d
=1,,=1
deg(L

D
,D
(T)) < (d 1)deg(g
t
), which is a constant (independent of ), and
A = C, and all 1 (as required, not just for even s!). Thus, by Lemma 8.9 we have that
[
,i
2
[ = q
2/2
for all , thus [
,i
[ q
1/2
for all
,i
s in the sum above. Thus for our particular
(from the statement of Theorem 7), we get S
1
=

[
,i
[ deg(g
t
)q
1/2
, which concludes the proof
of Theorem 7.
References
[1] N. Alon. Tools from higher algebra.
[2] Notes on the prime number theorem (PNT). http://math.stanford.edu/ brubaker/pnt.pdf
[3] E. Croot. Stepanovs method for elliptic curves. http://people.math.gatech.edu/ ec-
root/stepanov4.pdf.
[4] E. Kowalski. Exponential sums over nte elds, i: elementary methods (lecture notes).
http://www.math.ethz.ch/ kowalski/exp-sums.pdf.
[5] W. M. Schmidt. Equations over Finite Fields: An Elementary Approach, volume 536. Springer-
Verlag, Lecture Notes in Mathematics, 1976.
28