Constructing irreducible polynomials recursively with a reverse composition method

We suggest a construction of the minimal polynomial $m_{\beta^k}$ of $\beta^k\in \mathbb F_{q^n}$ over $\mathbb F_q$ from the minimal polynomial $f= m_\beta$ for all positive integers $k$ whose prime factors divide $q-1$. The computations of our construction are carried out in $\mathbb F_q$. The key observation leading to our construction is that for $k \mid q-1$ holds $$m_{\beta^k}(X^k) = \prod_{j=1}^{\frac kt} \zeta_k^{-jn} f (\zeta_k^j X),$$ where $t= \max \{m\mid \gcd(n,k): f (X) = g (X^m), g \in \mathbb F_q[X]\}$ and $\zeta_{k}$ is a primitive $k$-th root of unity in $\mathbb F_q$. The construction allows to construct a large number of irreducible polynomials over $\mathbb F_q$ of the same degree. Since different applications require different properties, this large number allows the selection of the candidates with the desired properties.


Introduction
Let q be a prime power and F q the finite field with q elements.For β ∈ F q n , we denote by m β ∈ F q [X] the minimal polynomial and by χ β ∈ F q [X] the characteristic polynomial of β over F q .We call β a proper element of F q n if β ∈ F q n and there does not exist a proper subfield F q m < F q n such that β ∈ F q m .For an irreducible polynomial f ∈ F q [X] the smallest positive integer e such that f | X e − 1 or, equivalently, the multiplicative order of all of its roots, is called the order of f and is denoted by e = ord(f ).If f has degree n and the order of f equals q n − 1, we call f a primitive polynomial.Furthermore, for k ∈ N we denote by U k the group of the k-th roots of unity over F q , that is, the roots of the polynomial X k − 1 ∈ F q [X].Note that U k need not be a subset of F q , but U k ⊆ E for an extension field E ≥ F q .If gcd(q, k) = 1, then |U k | = k and throughout this paper we will use the notation ζ k for a generating element of U k .For a prime p and an integer m we denote by ν p (m) the p-adic valuation of m, that is, ν p (m) = v if m = p v • r with gcd(p, r) = 1.
The composition method is widely used to construct irreducible polynomials over finite fields, see for example [3,11,8,9,12,13,14,16].Originally based on a theorem by Cohen [2], with this method one composes an irreducible polynomial with polynomials or rational functions such that the resulting composition is irreducible itself.The composition usually is of higher degree than the initial polynomial.In order to find polynomials with good cryptographic or arithmetic properties, it is of interest to construct a large number of irreducible polynomials of the same degree from which good candidates can be selected.In [10] Kyureghyan and Kyuregyan introduce a recursive construction of irreducible polynomials which reverses the composition method.Here, an irreducible polynomial f is extracted from the composition f (X 2 ), which is obtained from the knowledge of its factorization.This construction yields a large number of polynomials of the same degree as the initial polynomial.During our search for possible generalizations of the recursive construction from [10] (in this paper Construction KK), we noticed that the composition f (X k ) was studied by Albert [1] and Daykin [4].We will use the ideas from [1] and [4] to generalize the results and extend the construction from [10].
Next we present results from [4] and [10].We use a unified notation and terminology so that the similarities of the approaches become visible.The following result [10, Corollary 3] details all the information needed to formulate Construction KK.
Theorem 1 ( [10]).Let q be odd and f ∈ F q [X], f = X, be a monic irreducible polynomial of degree n and order e.Let β ∈ F q n be a root of f .Then the following statements hold: , where c 0 , . . ., c n are the coefficients of f and c u = 0 for u > n.
(ii) If C is irreducible, it is the minimal polynomial of β 2 over F q and ord(C) = e gcd(e,2) .(iii) The polynomial C is irreducible if and only if there does not exist a polynomial Theorem 1 can be proved by elementary means and leads to the following construction, Construction KK, which is the key step of constructions [10, Construction 1] and [10, Construction 2].Note that Theorem 1 (iii) allows to determine whether the polynomial C is irreducible by a simple examination of the coefficients of the polynomial f .Construction KK ( [10]).Let q be odd and f ∈ F q [X], f = X, a monic irreducible polynomial of degree n such that there does not exist a polynomial D ∈ F q [X] with f (X) = D(X 2 ).To construct the monic irreducible polynomial C ∈ F q [X] of degree n over F q , do the following steps: Step 1. Compute the product Step 2. Extract C from the composition C(X 2 ).
A similar transformation with X 3 has been studied in [1] for primitive polynomials over F q .The results from [1] have been generalized in [4].The next theorem shows that the polynomial C from Theorem 1 and Construction KK is in fact the characteristic polynomial of β 2 ∈ F q n over F q .This observation will allow us to develop the generalizations of the results in [10].
Remark 1.The polynomials f (ζ j k ′ X) for 1 ≤ j ≤ k are not necessarily polynomials over F q and need not be irreducible.Thus, in general, Theorem 2 does not describe the factorization of χ β k (X k ) into irreducible factors over F q .Theorem 3 ([4]).Let f ∈ F q [X] be a monic irreducible polynomial of degree n and order e and let β ∈ F q n be a root of f .Then for k ∈ N the characteristic polynomial χ , where the minimal polynomial m β k of β k over F q has order e gcd(e,k) and degree m, which is the least positive integer for which e gcd(e,k) divides q m − 1.
Note that Theorem 1 (i) and (ii) follow directly from Theorems 2 and 3.
Theorems 2 and 3 suggest the following construction of m β k from m β .
Construction AD.Let f ∈ F q [X] be a monic irreducible polynomial of degree n and order e and let β ∈ F q n be a root of f .Given a positive integer k ≤ e define k ′ = k gcd(q,k) .To construct the minimal polynomial m β k of β k ∈ F q n over F q , do the following steps: Step 1. Compute the product Step 2. Extract χ β k from the composition χ β k (X k ).
Step 3. Determine m, the least positive integer for which e gcd(e,k) divides q m − 1.
Step 4. Find the factor m β k in the product χ Remark 2. (a) Note that ζ k ′ is an element of F q if and only if k ′ | q − 1.Therefore, the computations of step 1 in Construction AD are carried out in a pure extension field of F q if k ′ ∤ q − 1.
(b) Construction AD can also be applied without the knowledge of the order e of the polynomial f .In that case we replace Steps 3 and 4 with factorizing χ β k , which will be an unknown power of the minimal polynomial m β k of β k over F q .
(c) On the other hand, if the order e of f is known, it is possible to avoid the computation intensive Step 4 by selecting k such that n = m.Then the characteristic and the minimal polynomial of β k over F q are equal.
(d) Construction KK does not depend on the knowledge of the order of the intial polynomial f .If used iteratively, it can even give information on the order as we will discuss later.
In this paper we suggest a construction of the minimal polynomial m β k of β k ∈ F q n over F q from the minimal polynomial f = m β for all positive integers k whose prime factors divide q − 1 which avoids the computation intensive Step 4 of Construction AD.Additionally, in this construction computations are carried out in F q and it does not depend on the knowledge of the order of the initial polynomial f .While Construction KK only works for finite fields of odd size, our construction can also be used in finite fields of characteristic 2 which is attractive for applications in computer science.The key observation leading to our construction is that for where t = max{m | gcd(n, k) : f (X) = g(X m ) for a polynomial g ∈ F q [X]}.

Theoretical background for the new construction
In Theorem 3 the order of the monic irreducible polynomial f = m β is used to determine the degree of the minimal polynomial m β k or, equivalently, the power to which the minimal polynomial of β k is taken in the characteristic polynomial of β k ∈ F q n over F q .In this section we describe how to determine this exponent without the knowledge of the order of f .Remark 3. If gcd(q, k) > 1, the coefficients of m β k can easily be derived from the coefficients of m β k ′ where k ′ = k gcd(q,k) .Indeed, Theorem 3 implies that ord(m Thus, β k is a root of g and since deg(g Using Remark 3, we can restrict our discussion to the case that gcd(q, k) = 1.Nontheless, note that all results hold also for integers k such that gcd(q, k) > 1.
The main advantage of considering only the case gcd(q, k) = 1 is that there always exist exactly k distinct k-th roots of unity in an extension field E ≥ F q of F q .Theorem 4. Let k ∈ N with gcd(q, k) = 1.Further, let β ∈ F q n be a proper element of F q n and χ β k be the characteristic polynomial of β k ∈ F q n over F q .Then χ β k = m β k t for a positive integer t ∈ N if and only if every root of the polynomial χ β k (X k ) has multiplicity t.That is, the roots of χ β k (X) and the roots of χ β k (X k ) have the same multiplicity t.
Proof.Since χ β k is the characteristic polynomial of β k over F q , there exists a positive integer t ≥ 1 such that were equal, we would have and since the elements are distinct, we have i 1 = i 2 and consequently also j 1 = j 2 .To complete the proof recall that the roots of irreducible polynomials over finite fields are simple.
The roots of the polynomial χ β k (X k ) lie in an extension field of F q .Since we later want to work in F q , we state the following immediate consequence of Theorem 4.
Corollary 5. Let k ∈ N such that gcd(q, k) = 1.Further, let β ∈ F q n be a proper element of F q n and χ β k be the characteristic polynomial of β k ∈ F q n over F q .Then χ β k = m β k t for a positive integer t if and only if every irreducible factor of χ β k (X k ) over F q appears with multiplicity t.
Let f ∈ F q [X] be a monic irreducible polynomial of degree n and β ∈ F q n be a root of f .By Theorem 2, we have is the minimal polynomial of ζ −j k β over F q and (1) yields the factorization of χ β k (X k ) into monic irreducible factors over F q .With Corollary 5 we obtain that the exponent of the minimal polynomial of β k over F q in the characteristic polynomial χ β k is equal to the multiplicity of every polynomial ζ −jn k f (ζ j k X) in the factorization (1).Thus, in the case that k | q − 1, we need to determine under which conditions the polynomials of the form ζ −jn k f (ζ j k X) are equal.For this we need the following easy proposition.Proposition 6.Let k, m ∈ N such that gcd(q, k) = 1 = gcd(q, m) and f ∈ F q [X].Then the following statements hold: The following theorem states that it can be seen directly from the non-zero coefficients of the polynomial f , which polynomials of the form Proof."⇐": Note that since t | k the element ζ k t k = ζ t generates the subgroup U t of the t-th roots of unity of F * q .If j ≡ j ′ mod k t , then j − j ′ = v • k t for an integer v and we have From the definition of t and Proposition 6 follows that f (X) = f (ζ t X) and therefore also If l = d gcd(d,v) , the element ζ v d = ζ l generates the set U l of the l-th roots of unity over F q .Equations ( 2) and (3) yield that f (X) = f (ζ l X).Note that gcd(d, q) = 1 and with Proposition 6 we obtain that and consequently, l ∈ M .Let t := max M .We will prove that M is in fact the set of all divisors of t.Note that if and we have j As a consequence for k | q − 1 we have the following result.
, f = X, be a monic irreducible polynomial of degree n.Further, let β ∈ F q n be a root of f and Proof.Using Theorem 7 we can rewrite equation ( 1) and obtain that the characteristic polynomial of β k ∈ F q n over F q satisfies and that the polynomials Then Corollary 5 completes the proof.
Recall that Construction AD constructs the polynomial χ β k (X k ) with the formula from Theorem 2 and then extracts the irreducible factor of the polynomial χ β k over F q in order to obtain the minimal polynomial m β k of β k .Using Corollary 8, in our construction we directly compute the polynomial m β k (X k ) from which the minimal polynomial m β k can then easily be extracted.
Remark 4. Note that if k | q − 1 and k is prime, then t > 1 if and only if t = k.Thus, if f (X) = g(X k ) for a polynomial g ∈ F q [X], then the minimal polynomial of β k over F q satisfies m β k (X) = g(X).Otherwise, we obtain m β k by extracting it from the composition 3 The new recursive construction of m β k from m β Observe that for k, k 1 , k 2 ∈ N such that k = k 1 • k 2 and a proper element β of F q n , we have β k = β k1 k2 and consequently m β k (X k2 ) = m (β k 1 ) k 2 (X k2 ).Thus, instead of using the direct computation of m β k from m β , we can apply Corollary 8 recursively.Meaning that we first compute the minimal polynomial of β k1 and then with this polynomial compute m (β k 1 ) k 2 (X k2 ) from which m β k = m (β k 1 ) k 2 can easily be extracted.Using the unique prime factorization of an integer k, we can apply Remark 4 to suggest a construction for all k ∈ N whose prime factors divide q − 1.
where k 1 , . . ., k m are prime factors of q − 1 (which are not necessarily distinct).Further, let f ∈ F q [X] be a monic irreducible polynomial of degree n.Set f 0 := f .For 1 ≤ i ≤ m compute the monic irreducible polynomial f i in the following way: If there exists a polynomial g ∈ F q [X] such that f i−1 (X) = g(X ki ), then f i = g.Otherwise, compute and extract f i from the composition.Then f m is the minimal polynomial of β k ∈ F q n over F q , where β ∈ F q n is a root of f .
The main differences between Construction 1 and Construction AD are that all computations of Construction 1 are carried out in F q and the construction relies solely on the examination of the non-zero coefficients of the polynomials f i and not on the order of the initial polynomial f .Furthermore, while in Construction AD the minimal polynomial m β k needs to be extracted from the characteristic polynomial, it is computed directly in Construction 1.
Remark 5. (a) All polynomials obtained with Construction 1 are of the same degree n as the initial polynomial f , if we select integers k such that gcd(n, k) = 1 or such that the order e gcd(e,k) of the minimal polynomial of β k does not divide q n t − 1 for any divisor t of n, whose prime factors divide gcd(n, k).
(b) If there exists a polynomial g ∈ F q [X] such that f = g(X t ) for a prime divisor t of k, then the minimal polynomial of β k will be of lower degree.Observe that in this case the polynomial f (X + a) for any element a ∈ F q \{0} will not be a composition with X m for any positive integer m > 1 and could be used instead of f .This fact was proved in [10] for t = 2.For the convenience of the reader, we include the generalized proof here.
Since gcd(n, q) = 1, char(F q ) does not divide n from which follows that na = 0 and there cannot exist any positive integer m > 1 such that f In [1] Albert defines a "cubing transformation", which is an iterated application of Construction AD for k = 3.He notices that if the order e of the initial polynomial and 3 are coprime, its behaviour is "periodic".That is, after a certain amount of iterations it will yield the initial polynomial again.In [10] a similar construction for k = 2, the repeated application of Construction KK, is presented, which does not need the knowledge of the order e of the initial polynomial but can even be used to gain information on e.Our results allow to generalize the construction from [10] for primes k satisfying k | q − 1 by applying Construction 1 iteratively.Construction 2. Let k be a prime factor of q−1 and f ∈ F q [X] a monic irreducible polynomial of degree n.Further let w = ν k (q n − 1) be the k-adic valuation of q n − 1. Set f 0 := f .For i ≥ 1 compute the monic irreducible polynomial f i in the following way: If there exists a polynomial g ∈ F q [X] such that f i−1 (X) = g(X k ), then f i = g.Otherwise, compute and extract f i from the composition.If f i = f l for an integer l such that 0 ≤ l ≤ w and l < i, then stop.
With the notation from Construction 2, suppose that the construction terminates for the polynomial f l+s which is equal to f l , for integers s ≥ 1 and 0 ≤ l ≤ ν k (q n − 1).Then we call the sequence the tail of the construction and the sequence (f l , . . ., f l+s−1 ) the orbit.Note that the construction would yield the polynomials of the orbit repeatedly if we continued to iterate through the integers i ≥ l + s.Observe that the length of the tail is l and the length of the orbit s. (III) Furthermore, for an integer 0 ≤ j ≤ deg(f l ) − 1, d must satisfy ord r (q j ) = d and k s ≡ q j mod r.
Proof.Let β ∈ F q n be a root of f , that is, f = m β is the minimal polynomial of β over F q .Then with Construction 1 we know that f i = m β k i for every i ≥ 0. Further, let ord(f ) = e and e = k v • r with gcd(k, r) = 1.Then with Theorem 3 the minimal polynomial of β k i , that is, the polynomial f i , has order Since the order of the polynomials (f 0 , f 1 , . . ., f v−1 ) strictly decreases, these polynomials cannot appear twice in the sequence (f i ) i≥0 .Note that v ≤ w = ν k (q n − 1).Thus, the polynomial f v , which is the first polynomial of order r of the sequence (f i ) i≥0 , is an element of the sequence (f 0 , f 1 , . . ., f w ).We need to examine Z * r , the multiplicative group modulo r, to see that f v is the first polynomial to appear twice in the sequence (f i ) i≥0 and therefore v = l.The subgroup k of Z * r generated by k has order ord r (k), which is the multiplicative order of k modulo r.This implies that β k v+ordr (k) = β k v and obviously the minimal polynomials of β k v and β k v+ordr (k) over F q are equal.Thus, f v = f v+ordr (k) and we have shown that f v does appear again in the sequence.
However, the length s of the orbit is not always equal to ord r (k).The polynomials f i1 and f i2 are equal if and only if β k i 1 and β k i 2 are F q -conjugates.Thus, it is possible that there exists a positive integer u smaller than ord r (k) such that β k v+u is an F q -conjugate of β k v and the minimal polynomial To account for this, we choose u ∈ N to be the smallest positive integer that satisfies Note that since k ordr (k) = q 0 such an integer u exists and satisfies u ≤ ord r (k).
Then β k v+u = β k v q j and f v+u = f v .Moreover, the minimal polynomials of β k v+i for 0 ≤ i ≤ u − 1 are distinct because we selected u to be the smallest positive integer to satisfy (5).Consequently, v = l, which shows that (I) holds, and the length s of the orbit equals u. Set which shows that (II) holds.(III) follows directly from equation (4) and our definition of d.
Note that with equation (4) in the proof of Corollary 9 the polynomials f i for 0 ≤ i ≤ l − 1 of the tail of Construction 2 have order k l−i • r and all polynomials of the orbit have order r.
If p 1 , . . ., p m are the distinct prime factors of q−1, and ord(f ) = e = p v1 1 • • • p vm m • r with gcd(q, r) = 1 and v 1 ≥ 0, . . ., v m ≥ 0. Then Construction 2 allows us to determine the p i -adic valuations v 1 , . . ., v m of the order of f .Additionally, Corollary 9 (II) and (III) give further conditions on the factor r. In most of our computations the conditions on the factor r were so restrictive that Construction 2 yielded the exact order e of f .Remark 6.In the original version of [10], the number of distinct polynomials produced by [10, Construction 1], is given as ord r (2) where ord(f ) = 2 v r with v ≥ 0 and r ≥ 1 odd.As we can see from Corollary 9, this number is false, since the authors did not take into consideration that the construction could also yield the minimal polynomials of F q -conjugates over F q .Similarly, in [10, Remark 1] the information about the order of the initial C 0 (X) obtained by the construction should be changed to: 2 l t where t is an odd divisor of q n − 1 and k − l = ordt (2)   d for a divisor d of n.

Implementation of the construction
In this section we discuss which polynomials can be obtained from a given initial polynomial f with Construction 1 and how to select the integers k for which we apply the construction.All discussions in this section are about this fixed polynomial f .Suppose that f is of degree n, has order e and β ∈ F q n is a root of f .Then β has multiplicative order e and the subgroup β = {β k : 0 ≤ k ≤ e − 1} of F * q n contains all elements of F q n with multiplicative order dividing e.Consequently, the set of all polynomials of the form m β k for k ≥ 0 is in fact {m β k : 0 ≤ k ≤ e − 1} and contains all monic irreducible polynomials over F q whose order divides e.
Let p 1 , . . ., p m be the distinct prime factors of q − 1.Then we can apply Construction 1 for any integer k that is an element of the set Since the element β has multiplicative order e, Construction 1 yields the minimal polynomial of β k (mod e) over F q .Thus, the set of polynomials that we can construct with the integers in A is However, we would like to emphasize that the construction should not be restricted to the elements of A which are smaller than e, here denoted by A <e .An integer k ∈ A, k ≥ e, can yield a polynomial that cannot be constructed by choosing all elements of A <e .This is the case if its representative k (mod e) in Z e is not an element of A as can be seen from the following example: where a is a root of the monic irreducible polynomial . We consider the primitive monic irreducible polynomial f = X 5 +aX 4 +X 3 +aX 2 +(a 2 +a)X +a 2 ∈ F 8 [X] of order e = 32.767= 7•31•151.Since 8 − 1 = 7, we can apply Construction 1 for all elements of A = {7 i : i ≥ 0}.
Note that we can use the notation of Construction 2 and say that the construction yields a tail of length 1 and an orbit of length 150.By this we mean that the polynomials m β 7 and m β 7 151 are equal, where β is a root of f .The smallest positive integer i such that 7 i is greater than or equal to e is 6.In fact, 7 6 (mod e) = 117.649(mod e) = 19.348= 2 2 • 7 • 691 / ∈ A. Thus, if we had restricted ourselves to A <e , we would only have found 5 of the 151 possible polynomials.
The number of polynomials that we can construct with Construction 1, which is the size of M, obviously depends on the size of A considered in Z e : Note that in general |M| is smaller than the size of A mod e , because in A mod e exponents can belong to F q -conjugates which then yield the same polynomial multiple times.
We believe that it is not possible to give a closed formula for |M| in general since computing |A mod e | is difficult.Indeed, it is related to determining the order of some prime numbers in Z * r .In order to see this, suppose that e = p v1 1 . . .p vm m •r with gcd(q − 1, r) = 1 and v 1 , . . ., v m ≥ 0. Then by the Chinese Remainder Theorem the ring Z e is isomorphic to To determine |A mod e |, in particular, we need to calculate the size of the multiplicative subgroup p 1 , . . ., p m in Z * r .
The behaviour of Construction 2 allows us to discuss the selection of the integers k = p i1 1 • • • p im m , i 1 ≥ 0, . . ., i m ≥ 0, for Construction 1 so that the number of multiple constructions of the same polynomial is reduced.First, we can obtain a naive upper bound on the exponents i 1 , . . ., i m by computing Construction 2 separately for every prime integer p j , 1 ≤ j ≤ m.Suppose then that the tail has a length of v j and the orbit a length of s j , which is a divisor of the multiplicative order ord e /p v j j (p j ).We set i j ≤ v j + s j .We would like to note that if the order e of the initial polynomial f = m β is known, the values v j and s j can be determined directly with Corollary 9.
In order to eliminate the remaining duplicates, we suggest the following procedure: We select an integer k ).Note that the length s of the orbit depends on k.
Two integers k 1 and k 2 have either the same or a distinct tail.This will happen if and only if k 1 ≡ k 2 • q j mod e for an integer 0 ≤ j ≤ n − 1. Clearly if the tail is the same, the orbits coincide too.Thus, if the first tail polynomial is equal, the computation can be stopped.The polynomials of the orbits of two different integers are also either distinct or equal.Equal orbits can also occur for integers with distinct tails.In this case the orbit polynomials appear in a shifted order.It is easy to see that any other integer of the form k 1 • k2 k1 l with l ≥ 0 will yield the same orbit.For such integers we compute only the tail.
Example 2. As we have seen before, the number of constructed polynomials only depends on the order of the initial polynomial.As an example for our computations we consider the polynomials , where a is a root of the monic irreducible polynomial X 4 + X + 1 over F 2 .
The polynomial f 1 is primitive and has order 4.294.967.295= 3•5•17•257•65537.Construction 1 with f 1 as initial polynomial yields 1.114.113monic irreducible polynomials of degree 8. Computing m β k for values of k of the form 3 j , j ≥ 0, and then applying the construction repeatedly for 5, there are 33 orbits of 32.768 polynomials each.The orbit for k = 1 contains 32.768 of the 67.108.864monic irreducible polynomials of order 3 • 17 • 257 • 65537 over F 16 and the other 32 orbits for k = 3 j , 1 ≤ j ≤ 32, yield 1.048.576 of the 33.554.432monic irreducible polynomials of order 17 • 257 • 65537 over F 16 .f 1 has 5 non-zero coefficients and yields a weight distribution of 4 6 5 384 6 7225 7 65997 8 331084 9 709417 , which means that there exist 6 polynomials with smaller weight and 384 polynomials with the same weight.Hence, from these we could try to choose polynomials with other required properties that our initial polynomial might lack.An interesting class of polynomials are the so-called normal polynomials or Npolynomials (see [5,6,11,13,15]).A monic irreducible polynomial of degree n with a root α is called normal if its roots α, α q . . ., α q n−1 are linearly independent over F q or, equivalently, if the degree of the greatest common divisor of the polynomials g α = αX n−1 +α q X n−2 +. ..+α q n−2 X +α q n−1 and X n −1 over F q n is 0. This concept has been extended in [7] to k-normal polynomials which satisfy that the greatest common divisor of the two polynomials g α and X n − 1 has degree k.Tables 1 and  2 show that Construction 1 also yields a large number of k-normal polynomials for small values of k which could be used for respective applications.Since the number of k-polynomials decreases with k increasing, this distribution of k-normality is to be expected (see [7]).

Corollary 9 .
With the notation from Construction 2, we suppose that Construction 2 terminated after a tail of length l and an orbit of length s.Then ord(f ) = k l • r and r must satisfy (I) gcd(k, r) = 1, (II) s = ordr (k) d for a divisor d of deg(f l ), +s j for every 1 ≤ j ≤ m−1 and compute m β k .Then we construct the polynomials m β k•p i m by applying Construction 1 for p m repeatedly.With this we obtain a tail (m β k , . . ., m β k•p vm−1 m ) and an orbit (m β k•p vm m , . . ., m β k•p vm+(s−1) m
and any divisor m of t satisfies that ζ m = ζ t mt .Thus, all divisors of t are elements of M .Suppose that there exists an element m ∈ M such that m does not divide t.Then for all 0 ≤ i ≤ n such that a i = 0, we have m | i and t | i.Consequently, lcm(m, t) = t • m gcd(m.t)| i and since both m and t divide d, we obtain lcm(t, m) ∈ M .But lcm(t, m) > t, because m ∤ t.This is a contradiction to the choice of t and M is in fact the set of all divisors of t.Consequently, the fact l ∈ M is equivalent to l | t.Recall that l = d gcd(d,v) | t which is equivalent to d t | gcd(d, v) and this again is equivalent to d t | v. Thus, there exists an integer

Table 1 :
Weight and k-normality distribution for f 1

Table 2 :
Weight and k-normality distribution for f 2