Proof Let $2 \leq i \leq m-3$ . Applying the gap principle from [Reference Dixit, Kim and Murty7, Lemma 2.4] to $a_i, a_{i+1},a_{i+2}, a_{i+3}$ , we have

$$ \begin{align*}a_{i+1}a_{i+3} \geq k^kn^{-k} (a_ia_{i+2})^{k-1} \geq k^k n^{-k} (a_ia_{i+1})^{k-1}. \end{align*} $$

It follows that

$$ \begin{align*}a_{i+3} \geq a_i^{k-1}a_{i+1}^{k-2}n^{-k} \geq a_i^{k-1}.\end{align*} $$

In particular $a_{14} \geq a_2^{(k-1)^4}\geq a_2^{4k}$ . Thus, if $i \geq 14$ , then $v_i \geq a_i^{1/k} \geq a_{14}^{1/k} \geq a_2^4$ and inequality (2.5) follows from Lemma 2.10.

Proof of 3.1

By Lemma 3.2, we can write

$$ \begin{align*} \sum_{a\in A,\, b\in B}\overline{\chi(ab+\lambda)} &=\sum_{a\in A,\, b\in B}\overline{\chi(b)} \overline{\chi(a+\lambda b^{-1})}\\ &=\frac{1}{G(\chi)} \sum_{c \in {\mathbb F}_q} \chi(c) \sum_{a\in A,\, b\in B} \overline{\chi(b)} e_p\big(\operatorname{Tr}((a+\lambda b^{-1})c)\big). \end{align*} $$

It is well-known that $|G(\chi )|= \sqrt {q}$ (see for example [Reference Lidl and Niederreiter26, Theorem 5.11]). Since $|\chi (c)|=1$ for each $c \in {\mathbb F}_q^*$ , we can apply the triangle inequality and Cauchy–Schwarz inequality to obtain

$$ \begin{align*} &\bigg|\sum_{a\in A,\, b\in B}\chi(ab+\lambda)\bigg| \\ &\quad \leq \frac{1}{\sqrt{q}} \sum_{c \in {\mathbb F}_q^*} \bigg|\sum_{a\in A,\, b\in B} \overline{\chi(b)} e_p\big(\operatorname{Tr}((a+\lambda b^{-1})c)\big)\bigg|\\ &\quad \leq \frac{1}{\sqrt{q}} \bigg(\sum_{c \in {\mathbb F}_q^*} \bigg|\sum_{a\in A} e_p\big(\operatorname{Tr}(ac)\big)\bigg|^2\bigg)^{1/2} \bigg(\sum_{c \in {\mathbb F}_q^*}\bigg|\sum_{b\in B} \overline{\chi(b)}e_p\big(\operatorname{Tr}(b^{-1}c)\big)\bigg|^2\bigg)^{1/2}.\end{align*} $$

By orthogonality relations, we have

$$ \begin{align*}\sum_{c \in {\mathbb F}_q^*} \bigg|\sum_{a\in A} e_p\big(\operatorname{Tr}(ac)\big)\bigg|^2=q|A|-|A|^2, \quad \sum_{c \in {\mathbb F}_q^*}\bigg|\sum_{b\in B} \overline{\chi(b)}e_p\big(\operatorname{Tr}(b^{-1}c)\big)\bigg|^2\leq q|B|. \end{align*} $$

Thus, we have

$$ \begin{align*}\bigg|\sum_{a\in A,\, b\in B}\chi(ab+\lambda)\bigg| \leq \sqrt{q|A||B|}\bigg(1-\frac{|A|}{q}\bigg)^{1/2}. \end{align*} $$

By switching the roles of A and B, we obtain the required character sum estimate.

Proof of Proposition 1.4

Let $\chi $ be a multiplicative character of order d.

Let $A \subset {\mathbb F}_q^*$ with property $SD_d(\lambda , {\mathbb F}_q)$ , that is, $AA+\lambda \subset S_d \cup \{0\}$ . Note that $\chi (ab+\lambda )=1$ for each $a,b \in A$ , unless $ab+\lambda =0$ . Note that given $a \in A$ , there is at most one $b \in A$ such that $ab+\lambda =0$ . Therefore, by Proposition 3.1, we have

$$ \begin{align*}|A|^2-|A|\leq \bigg|\sum_{a,b\in A}\chi(ab+\lambda)\bigg|\leq \sqrt{q} |A| \bigg(1-\frac{|A|}{q}\bigg)^{1/2}. \end{align*} $$

It follows that

$$ \begin{align*}(|A|-1)^2 \leq q-|A| \implies |A|\leq \frac{\sqrt{4q-3}+1}{2}. \end{align*} $$

Next we work under the weaker assumption $A \hat {\times } A+\lambda \subset S_d \cup \{0\}$ . In this case, note that $\chi (ab+\lambda )=1$ for each $a,b \in A$ such that $a\neq b$ , unless $ab+\lambda =0$ . Proposition 3.1 then implies that

$$ \begin{align*}|A|^2-3|A|\leq \bigg|\sum_{a,b\in A}\chi(ab+\lambda)\bigg|\leq \sqrt{q} |A| \bigg(1-\frac{|A|}{q}\bigg)^{1/2} \end{align*} $$

and it follows that $|A|\leq \sqrt {q-\frac {11}{4}}+\frac {5}{2}$ .

Proof Let $A, B \subset {\mathbb F}_q^*$ and $\lambda \in {\mathbb F}_q^*$ such that $AB=(S_d-\lambda )\setminus \{0\}$ with $|A|, |B|\geq 2$ . Without loss of generality, we assume that $|A|\geq |B|$ . We first establish a weaker lower bound that $|B|\gg q^{\epsilon /2}$ .

When $d=2$ , Sárközy [Reference Sárközy31] has shown that $|B|\gg \frac {\sqrt {q}}{3\log q}$ . While he only proved this estimate when $q=p$ is a prime [Reference Sárközy31, Theorem 1], it is clear that the same proof extends to all finite fields ${\mathbb F}_q$ .

Next, assume that $d \geq 3$ . Let $B=\{b_1, b_2, \ldots , b_k\}$ and $|B|=k$ . Since $AB \subset S_d-\lambda $ , we have $AB+\lambda \subset S_d$ . Let $\chi $ be a multiplicative character of ${\mathbb F}_q$ with order d. Then it follows that for each $a \in A$ , we have $\chi (a+\lambda b_i^{-1})=1/\chi (b_i)$ for each $1 \leq i \leq k$ . Therefore, by a well-known consequence of Weil’s bound (see for example [Reference Lidl and Niederreiter26, Exercise 5.66]),

$$ \begin{align*}|A|\leq \frac{q}{d^k}+\bigg(k-1-\frac{k}{d}+\frac{1}{d^k}\bigg)\sqrt{q}+\frac{k}{d}< \frac{q}{d^k}+k\sqrt{q}. \end{align*} $$

On the other hand, since $AB=(S_d-\lambda )\setminus \{0\}$ , we have

$$ \begin{align*}|A||B|\geq |AB| \geq |S_d|-1=\frac{q-1}{d}-1. \end{align*} $$

Combining the above two inequalities, we obtain that

$$ \begin{align*}\frac{2q}{d^2}+k^2\sqrt{q}\geq \frac{kq}{d^k}+k^2\sqrt{q}>|A||B| \geq \frac{q-1}{d}-1. \end{align*} $$

Since $d \geq 3$ , it follows that $k^2\sqrt {q}\gg \frac {q}{d}$ and thus

$$ \begin{align*}|B|=k \gg \frac{q^{1/4}}{\sqrt{d}}\gg q^{\epsilon/2}. \end{align*} $$

Let $\nu =\lceil 2/\epsilon \rceil $ . By Lemma 3.3, and as $|B| \gg q^{1/\nu }$ , we have

$$ \begin{align*}|A||B|=\sum_{\substack{a\in A\\ b\in B}} \chi(ab+\lambda) \ll |A|^{(2\nu-1)/2\nu} (|B|^{1/2}q^{1/2\nu}+|B|q^{1/4\nu})\ll |A|^{(2\nu-1)/2\nu}|B|q^{1/4\nu}. \end{align*} $$

It follows that $|A|\ll q^{1/2}$ . Thus, $|B|\gg |S_d|/|A|\gg q^{1/2}/d$ .

Proof If $0 \in G-\lambda $ , let $A'=A \cup \{0\}$ ; otherwise, let $A'=A$ . Then we have $A'B=G-\lambda $ , or equivalently, $A'/(B^{-1})=G-\lambda $ . Note that $|A' \setminus \{0\}|=|A|\geq 2$ and $|B^{-1}|=|B| \geq 2$ , thus, the lemma then follows immediately from [Reference Shkredov33, Lemma 17].

Proof of Theorem 1.1

Let $r=|B \cap (-\lambda A^{-1})|$ . Let $A=\{a_1,a_2,\ldots , a_n\}$ and $B=\{b_1,b_2, \ldots , b_m\}$ such that $b_{r+1}, \ldots , b_m \notin (-\lambda A^{-1})$ . Since $AB+\lambda \subset S_d \cup \{0\}$ , we have

$$ \begin{align*}(a_ib_j+\lambda)^{\frac{q-1}{d}+1}=a_ib_j+\lambda\end{align*} $$

for each $1 \leq i \leq n$ and $1 \leq j \leq m$ . This simple observation will be used repeatedly in the following computation.

Let $c_1,c_2,...,c_n \in {\mathbb F}_q$ be the unique solution of the following system of equations:

(4.1)

This is justified by the invertibility of the coefficient matrix of the system (a Vandermonde matrix). We claim that $\sum _{i=1}^n c_ia_i^n\neq 0$ . Suppose otherwise that $\sum _{i=1}^n c_ia_i^n=0$ , then $c_i=0$ for all i, violating the assumption $\sum _{i=1}^n c_i=1$ in equation (4.1). Indeed, the generalized Vandermonde matrix $(a_i^j)_{1 \leq i \leq n, 1 \leq j \leq n}$ is non-singular since it has determinant

$$ \begin{align*}a_1 a_2 \ldots a_n \prod_{i<j} (a_j-a_i)\neq 0.\end{align*} $$

Consider the following auxiliary polynomial

(4.2) $$ \begin{align} f(x)=-\lambda^{n-1}+\sum_{i=1}^n c_i (a_ix+\lambda)^{n-1+\frac{q-1}{d}}\in {\mathbb F}_q[x]. \end{align} $$

Note that $n=|A| \leq |S_d \cup \{0\}|\leq \frac {q-1}{d}+1$ . Thus, if $q=p$ is a prime, then $n-1+\frac {p-1}{d} \leq \frac {2(p-1)}{d} \leq p-1$ and thus the condition $\binom {n-1+\frac {q-1}{d}}{n} \not \equiv 0 \ \pmod p$ is automatically satisfied. Then f is a non-zero polynomial since the coefficient of $x^n$ in f is

$$ \begin{align*}\binom{n-1+\frac{q-1}{d}}{n} \cdot \lambda^{\frac{q-1}{d}-1} \cdot \sum_{i=1}^n c_i a_i^n \neq 0 \end{align*} $$

by the assumption on the binomial coefficient. Also, it is clear that the degree of f is at most $n-1+\frac {q-1}{d}$ .

Next, we compute the derivatives of f on B. For each $1\leq j \leq m$ , system (4.1) implies that

$$ \begin{align*} E^{(0)} f (b_j) &= -\lambda^{n-1}+\sum_{i=1}^n c_i (a_ib_j+\lambda)^{n-1} \\ &= -\lambda^{n-1}+\sum_{\ell=0}^{n-1} \binom{n-1}{\ell} \lambda^{n-1-\ell}\bigg(\sum_{i=1}^n c_i a_i^\ell\bigg)b_j^{\ell} =0. \end{align*} $$

For each $1\leq j \leq m$ and $1 \leq k \leq n-2$ , we have that

$$ \begin{align*} E^{(k)} f (b_j) &= \binom{n-1+\frac{q-1}{d}}{k} \sum_{i=1}^n c_i a_i^k (a_ib_j+\lambda)^{n-1+\frac{q-1}{d}-k} \\ &= \binom{n-1+\frac{q-1}{d}}{k} \sum_{i=1}^n c_i a_i^k (a_ib_j+\lambda)^{n-1-k} \\ &= \binom{n-1+\frac{q-1}{d}}{k} \sum_{\ell=0}^{n-1-k} \binom{n-1-k}{\ell} \lambda^{n-1-k-\ell} \bigg(\sum_{i=1}^n c_i a_i^{k+\ell}\bigg)b_j^{\ell} =0, \end{align*} $$

where we use Lemma 2.3 and the assumptions in system (4.1).

For each $r+1\leq j \leq m$ , by the assumption, $b_j \notin (-\lambda A^{-1})$ , that is, $a_ib_j+\lambda \neq 0$ for each $1 \leq i \leq n$ . Thus, for each $r+1\leq j \leq m$ , we additionally have

$$ \begin{align*} E^{(n-1)} f (b_j) &= \binom{n-1+\frac{q-1}{d}}{n-1} \sum_{i=1}^n c_i a_i^{n-1}(a_ib_j+\lambda)^{\frac{q-1}{d}} = \binom{n-1+\frac{q-1}{d}}{n-1} \sum_{i=1}^n c_i a_i^{n-1}=0. \end{align*} $$

Therefore, Lemma 2.4 allows us to conclude that each of $b_1,b_2, \ldots b_r$ is a root of f with multiplicity at least $n-1$ , and each of $b_{r+1},b_{r+2}, \ldots b_m$ is a root of f with multiplicity at least n. It follows that

$$ \begin{align*}r(n-1)+(m-r)n= mn-r \leq \operatorname{deg}f \leq \frac{q-1}{d}+n-1. \end{align*} $$

Finally, assuming that $\lambda \in S_d$ . In this case,

$$ \begin{align*}f(0)=-\lambda^{n-1}+\lambda^{n-1+\frac{q-1}{d}}\sum_{i=1}^n c_i=-\lambda^{n-1}+\lambda^{n-1}=0. \end{align*} $$

And the coefficient of $x^j$ of f is $0$ for each $1 \leq j \leq n-1$ by the assumptions on $c_i$ ’s. It follows that $0$ is also a root of f with multiplicity n. Since $0 \notin B$ , we have the stronger estimate that $mn-r+n\leq \frac {q-1}{d}+n-1.$

Proof of Corollary 1.10

Since $0 \notin AB+\lambda $ , we have $B \cap (-\lambda A^{-1})=\emptyset $ , thus Theorem 1.1 implies that $|A||B| \leq |S_d|-1$ . On the other hand, since $(S_d-\lambda ) \setminus \{0\}=AB$ , it follows that $|A||B| \geq |AB|=|(S_d-\lambda ) \setminus \{0\}|=|S_d|-1$ . Therefore, we have $|A||B|=|AB|=|S_d|-1$ .

Proof of Theorem 4.2

Since $A'A'+\lambda \not \subset S_d \cup \{0\}$ , there is $b \in A'$ such that $b^2+\lambda \not \subset S_d \cup \{0\}$ . Let $A"=A' \setminus \{-\lambda /b\}$ . If $|A"|=1$ , then we are done. Otherwise, if $|A"|$ is even, let $A=A"$ ; if $|A"|$ is odd, let $A=A" \setminus \{b'\}$ , where $b' \in A"$ is an arbitrary element such that $b' \neq b$ . Then we have $b \in A$ and $|A|$ is even. Note that $|A| \geq |A'|-2$ , thus it suffices to show $|A|\leq \sqrt {2(q-1)/d}+2$ .

Let $|A|=n$ , where n is even. Write $A=\{a_1, a_2, \ldots , a_n\}$ . Without loss of generality, we may assume that $a_1=b$ . Let $m=n/2-1$ . Let $c_1,c_2,...,c_n \in {\mathbb F}_q$ be the unique solution of the following system of equations:

(4.3)

Indeed, that coefficient matrix of the system is the generalized Vandermonde matrix $(a_i^j)_{1 \leq i \leq n, -m \leq j \leq m+1},$ which is non-singular since it has nonzero determinant $(a_1 a_2 \ldots a_n)^{-m} \prod _{i<j} (a_j-a_i)\neq 0.$ Note that $c_1 \neq 0$ ; for otherwise $c_1=0$ and we must have $c_1=c_2=\cdots =c_n=0$ in view of the first $n-1$ equations in system (4.3), which contradicts the last equation in system (4.3).

Consider the following auxiliary polynomial

(4.4) $$ \begin{align} f(x)=\sum_{i=1}^n c_i (a_ix+\lambda)^{m+\frac{q-1}{d}} (a_i^{-1}x-1)^m\in {\mathbb F}_q[x]. \end{align} $$

It is clear that the degree of f is at most $2m+\frac {q-1}{d}$ . Since $A \hat {\times } A+\lambda \subset S_d \cup \{0\}$ , we have

$$ \begin{align*}(a_ia_j+\lambda)^{\frac{q-1}{d}+1} (a_i^{-1} a_j-1)=(a_ia_j+\lambda)(a_i^{-1} a_j-1)\end{align*} $$

for each $1 \leq i,j \leq n$ . This simple observation will be used repeatedly in the following computation.

First, we claim that for each $0 \leq k_1<m$ , $0\leq k_2<m$ , and $1 \leq j \leq n$ , we have

(4.5) $$ \begin{align} \sum_{i=1}^n c_i E^{(k_1)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(a_i^{-1}x-1)^m](a_j)=0. \end{align} $$

Indeed, by Lemma 2.3, we have

$$ \begin{align*} &\sum_{i=1}^n c_i E^{(k_1)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(a_i^{-1}x-1)^m](a_j)\\ &\quad = \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \bigg(\sum_{i=1}^n c_i a_i^{k_1-k_2} (a_ja_i+\lambda)^{m-k_1} (a_i^{-1}a_j-1)^{m-k_2}\bigg) \\ &\quad = \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \sum_{\ell_1=0}^{m-k_1} \sum_{\ell_2=0}^{m-k_2} \binom{m-k_1}{\ell_1} \binom{m-k_2}{\ell_2} \\ &\qquad \times\bigg(\sum_{i=1}^n c_i a_i^{k_1-k_2} (a_ja_i)^{\ell_1} \lambda^{m-k_1-\ell_1} (a_i^{-1}a_j)^{\ell_2}(-1)^{m-k_2-\ell_2}\bigg)\\ &\quad = \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \sum_{\ell_1=0}^{m-k_1} \sum_{\ell_2=0}^{m-k_2} \binom{m-k_1}{\ell_1} \binom{m-k_2}{\ell_2} a_j^{\ell_1+\ell_2} \lambda^{m-k_1-\ell_1} (-1)^{m-k_2-\ell_2} \\ &\qquad \times \bigg(\sum_{i=1}^n c_i a_i^{(k_1+\ell_1)-(k_2+\ell_2)} \bigg). \end{align*} $$

Note that in the exponent of the last summand, we always have $0 \leq k_1+\ell _1 \leq m$ and $0 \leq k_2+\ell _2 \leq m$ so that $-m \leq (k_1+\ell _1)-(k_2+\ell _2) \leq m$ , and thus

$$ \begin{align*}\sum_{i=1}^n c_i a_i^{(k_1+\ell_1)-(k_2+\ell_2)}=0 \end{align*} $$

by the assumptions in system (4.3). This proves the claim.

Then, for each $1\leq j \leq n$ and $0 \leq r \leq m-1$ , we apply Lemma 2.2 and equation (4.5) in the above claim to obtain that

$$ \begin{align*} E^{(r)} f (a_j) = \sum_{i=1}^n c_i \bigg(\sum_{k=0}^r E^{(k)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(r-k)}[(a_i^{-1}x-1)^m](a_j)\bigg)=0. \end{align*} $$

Similarly, using Lemma 2.2, Lemma 2.3, system (4.3), and equation (4.5), we can compute

$$ \begin{align*} E^{(m)} f (a_1) &= \sum_{i=1}^n c_i \bigg(\sum_{k=0}^m E^{(k)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(m-k)}[(a_i^{-1}x-1)^m](a_1)\bigg)\\ &= \sum_{i=1}^n c_i \bigg(E^{(0)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(m)}[(a_i^{-1}x-1)^m](a_1)\bigg) \\ & \quad + \sum_{i=1}^n c_i \bigg(E^{(m)}[(a_ix+\lambda)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(0)}[(a_i^{-1}x-1)^m](a_1)\bigg)\\ &=\sum_{i=1}^n c_i (a_1a_i+\lambda)^{m+\frac{q-1}{d}} a_i^{-m} \\ &\quad + \binom{m+\frac{q-1}{d}}{m} \bigg(\sum_{i=1}^n c_i a_i^m (a_1a_i+\lambda)^{\frac{q-1}{d}} (a_i^{-1}a_1-1)^{m}\bigg). \end{align*} $$

Since $a_1a_i+\lambda \neq 0$ for each $1 \leq i \leq n$ , we have $(a_1a_i+\lambda )^{\frac {q-1}{d}}=1$ for $i>1$ , and thus

$$ \begin{align*}(a_1a_i+\lambda)^{\frac{q-1}{d}} (a_i^{-1}a_1-1)=a_i^{-1}a_1-1 \end{align*} $$

for all i. Since $a_1^2+\lambda \notin S_d \cup \{0\}$ , we have

$$ \begin{align*}(a_1^2+\lambda)^m \bigg((a_1^2+\lambda)^{\frac{q-1}{d}}-1\bigg) \neq 0. \end{align*} $$

Putting these altogether into the computation of $E^{(m)} f (a_1)$ , we have

$$ \begin{align*} E^{(m)} f (a_1) &=\sum_{i=1}^n c_i (a_1a_i+\lambda)^{m+\frac{q-1}{d}} a_i^{-m} +\binom{m+\frac{q-1}{d}}{m} \sum_{i=1}^n c_i a_i^m (a_i^{-1}a_1-1)^{m}\\ &=c_1 a_1^{-m} \bigg((a_1^2+\lambda)^{m+\frac{q-1}{d}}-(a_1^2+\lambda)^m\bigg)+\sum_{i=1}^n c_i (a_1a_i+\lambda)^{m} a_i^{-m} \\ &+ \binom{m+\frac{q-1}{d}}{m} \sum_{k=0}^m \binom{m}{k} a_1^{m-k}(-1)^k \bigg(\sum_{i=1}^n c_i a_i^k\bigg)\\ &=c_1 a_1^{-m} (a_1^2+\lambda)^m \bigg((a_1^2+\lambda)^{\frac{q-1}{d}}-1\bigg) + \sum_{k=0}^m \binom{m}{k} a_1^{k}\lambda^{m-k} \bigg(\sum_{i=1}^n c_i a_i^{k-m}\bigg) \\ &=c_1 a_1^{-m} (a_1^2+\lambda)^m \bigg((a_1^2+\lambda)^{\frac{q-1}{d}}-1\bigg) \neq 0, \end{align*} $$

where we used the fact $c_1 \neq 0$ . In particular, f is not identically zero.

In conclusion, f is a non-zero polynomial with degree at most $\frac {q-1}{d}+2m$ , and Lemma 2.4 implies that each of $a_1,a_2, \ldots a_n$ is a root of f with multiplicity at least m. Recall that $m=n/2-1$ . It follows that

$$ \begin{align*}\frac{n(n-2)}{2} =mn \leq \operatorname{deg}f \leq \frac{q-1}{d}+2m= \frac{q-1}{d}+n-2, \end{align*} $$

that is, we have $(n-2)^2 \leq \frac {2(q-1)}{d}.$ Therefore, $n \leq \sqrt {2(q-1)/d}+2$ . This finishes the proof.

Proof of Theorem 1.5

(1) Let $A \subset {\mathbb F}_p^*$ with property $SD_d(\lambda , {\mathbb F}_p)$ , that is, $AA+\lambda \subset S_d \cup \{0\}$ . Theorem 1.1 implies that

$$ \begin{align*}|A|^2 \leq |S_d|+|A \cap (-\lambda A^{-1})|+|A|-1 \leq |S_d|+2|A|-1. \end{align*} $$

It follows that $(|A|-1)^2 \leq |S_d|$ . If $\lambda \in S_d$ , we have a stronger upper bound:

$$ \begin{align*}|A|^2 \leq |S_d|+|A \cap (-\lambda A^{-1})|-1 \leq |S_d|+|A|-1.\end{align*} $$

It follows that $(|A|-\frac {1}{2})^2 \leq |S_d|-\frac {3}{4}$ .

(2) Let $A \subset {\mathbb F}_p^*$ with property $D_d(\lambda , {\mathbb F}_p)$ , that is, $A \hat {\times } A+\lambda \subset S_d \cup \{0\}$ . If $AA+\lambda \subset S_d \cup \{0\}$ , then (1) implies that $|A|\leq \sqrt {p/d}+1$ and we are done. If $AA+\lambda \not \subset S_d \cup \{0\}$ , then Theorem 4.2 implies the required upper bound.

Proof (1) Since $r\leq (p-1)\sqrt {q}$ , there is no carry between the addition of $r-1$ and $\sqrt {q}$ in base-p. Thus, there is no carry between the addition of $\frac {q-1}{d}-1$ and $\sqrt {q}$ in base-p. It follows from Lemma 4.4 that

$$ \begin{align*}\binom{\sqrt{q}-1+\frac{q-1}{d}}{\sqrt{q}}\not \equiv 0 \quad\pmod p. \end{align*} $$

Let $A \subset {\mathbb F}_q^*$ with property $SD_d(\lambda , {\mathbb F}_q)$ such that $|A|=MSD_d(\lambda , {\mathbb F}_q)$ . Note that Proposition 1.4 implies that $|A|\leq \sqrt {q}$ . For the sake of contradiction, assume that $|A|=\sqrt {q}$ . Note that $AA+\lambda \subset S_d \cup \{0\}$ and

$$ \begin{align*}\binom{|A|-1+\frac{q-1}{d}}{|A|}=\binom{\sqrt{q}-1+\frac{q-1}{d}}{\sqrt{q}}\not \equiv 0 \quad\pmod p, \end{align*} $$

it follows from Theorem 1.1 that

$$ \begin{align*}|A|^2 \leq |S_d|+|A \cap (-\lambda A^{-1})|+|A|-1 \leq |S_d|+2|A|-1, \end{align*} $$

that is, $|A|\leq \sqrt {|S_d|}+1<\sqrt {q}$ , a contradiction. This completes the proof.

(2) Let $A \subset {\mathbb F}_q^*$ with property $D_d(\lambda , {\mathbb F}_q)$ such that $|A|=MD_d(\lambda , {\mathbb F}_q)$ . Then $A\hat {\times } A+\lambda \subset S_d \cup \{0\}$ . If $AA+\lambda \subset S_d \cup \{0\}$ , we just apply (1). Next assume that $AA+\lambda \not \subset S_d \cup \{0\}$ , then Theorem 4.2 implies that

$$ \begin{align*}|A| \leq \sqrt{\frac{2(q-1)}{d}}+4 \leq \sqrt{\frac{2(q-1)}{3}}+4\leq \sqrt{q} -1, \end{align*} $$

provided that $q \geq 738$ . When $25 \leq q \leq 737$ , we have used SageMath to verify the theorem.

Proof of Theorem 1.6

In both cases, the upper bound $\sqrt {q}-1$ follows from Theorem 4.5. To show that $\sqrt {q}-1$ is a lower bound, we observe that $A=\alpha {\mathbb F}_{\sqrt {q}}^*$ has property $SD_{d}(\lambda ,\mathbb {F}_q)$ (and therefore $D_{d}(\lambda ,\mathbb {F}_q)$ ). Indeed, $AA+\lambda =\alpha ^2 {\mathbb F}_{\sqrt {q}}^*+\lambda \subset \alpha ^2 {\mathbb F}_{\sqrt {q}} \subset S_d \cup \{0\}$ since $\alpha ^2 \in S_d$ and ${\mathbb F}_{\sqrt {q}}^* \subset S_d$ (from the assumption $d \mid (\sqrt {q}+1)$ ).

Proof Let $B \subset {\mathbb F}_q^*$ with property $D_d(\lambda , {\mathbb F}_q)$ , that is, $B\hat { \times } B+\lambda \subset S_d \cup \{0\}$ . If $BB+\lambda \nsubseteq S_d \cup \{0\}$ , we are done by Theorem 4.2. Thus, we may assume that $BB+\lambda \subset S_d \cup \{0\}$ . It suffices to show $|B| \leq \sqrt {2(q-1)/d}+4$ . To achieve that, we try to find an arbitrary subset A of B such that $\binom {|A|-1+\frac {q-1}{d}}{|A|} \not \equiv 0\ \pmod p$ and $|A|$ is as large as possible. With such a subset A, we have $AB+\lambda \subset S_d \cup \{0\}$ so that we can apply Theorem 1.1. In the rest of the proof, we aim to find such an A with $|A|\geq |B|/2$ so that, from Theorem 1.1, we can deduce

$$ \begin{align*}\frac{|B|^2}{2} \leq \frac{q-1}{d}+2|B|-1 \implies |B| \leq \sqrt{\frac{2(q-1)}{d}+2}+2<\sqrt{\frac{2(q-1)}{d}}+4. \end{align*} $$

Write $|B|-1=(c_k, c_{k-1}, \ldots , c_1,c_0)_p$ in base-p, that is, $|B|-1=\sum _{i=0}^k c_ip^i$ with $0 \leq c_i \leq p-1$ for each $0 \leq i \leq k$ and $c_k \geq 1$ . Next, we construct A according to the size of  $c_k$ .

Case 1. $c_k \leq p-1-\frac {p-1}{d}$ . In this case, let A be an arbitrary subset of B with $|A|-1=(c_k,0, \ldots , 0)_p$ , that is, $|A|=c_kp^k+1$ . It is easy to verify that $\binom {|A|-1+\frac {q-1}{d}}{|A|} \not \equiv 0 \ \pmod p$ using Lemma 4.4. Since $|B| \leq (c_k+1)p^k$ , it also follows readily that $|A|\geq |B|/2$ .

Case 2. $c_k> p-1-\frac {p-1}{d}$ . In this case, let A be an arbitrary subset of B with

$$ \begin{align*}|A|-1=\bigg(\frac{(d-1)(p-1)}{d},\frac{(d-1)(p-1)}{d}, \ldots, \frac{(d-1)(p-1)}{d}\bigg)_p,\end{align*} $$

that is, $|A|=\frac {(d-1)(p-1)}{d} \cdot \sum _{i=0}^k p^i +1$ . Again, it is easy to verify that $\binom {|A|-1+\frac {q-1}{d}}{|A|} \not \equiv 0 \ \pmod p$ using Lemma 4.4. Since $d \geq 2$ , it follows that $2|A| \geq (p-1)\sum _{i=0}^k p^i +2= p^{k+1}+1>|B|$ .

Proof of Theorem 1.2

Let $A=\{a_{1},a_{2},\ldots ,a_{m}\}$ be a generalized Diophantine m-tuple with property $D_{k}(n)$ and $k\geq 3$ . Given the assumption that $\log k=O(\sqrt {\log \log n})$ , Proposition 2.9 implies that the contribution of $a_i$ with $a_i>n^{\frac {k}{k-2}}$ is $|A\cap (n^{\frac {k}{k-2}},\infty )|=O(\log k \log \log k)$ is negligible. Thus, we can assume that $A \subset [1, n^{\frac {k}{k-2}}]$ . Let $\mathcal {I}$ be a nonempty subset of $\{1 \leq i \leq k: \gcd (i,k)=1, \gcd (i-1,k)>1\}$ , such that the ratio $|\mathcal {I}|/T_{\mathcal {I}}^2$ in equation (5.1) is minimized by $\mathcal {I}$ . In other words, we have $\eta _k=|\mathcal {I}|/T_{\mathcal {I}}^2$ , where

$$ \begin{align*}T=T_{\mathcal{I}}=\sum_{i \in \mathcal{I}} \sqrt{\gcd(i-1,k)}. \end{align*} $$

To apply the Gallagher sieve inequality (Theorem 2.5), we set $N=n^{\frac {k}{k-2}}$ and define the set of primes

$$ \begin{align*}\mathcal{P}=\{p: p \equiv i \quad\pmod k \text{ for some }i \in \mathcal{I}\} \setminus \{p: p \mid n\}.\end{align*} $$

For each prime $p \in \mathcal {P}$ , denote by $A_{p}$ the image of $A \ \pmod {p}$ and let $A_p^*=A_p \setminus \{0\}$ .

Let $p \in \mathcal {P}$ . We can naturally view $A_p^*$ as a subset of ${\mathbb F}_p^*$ . Since A has property $D_k(n)$ , it follows that $A_p^* \hat { \times } A_p^*+ n \subset \{x^k: x \in {\mathbb F}_p^*\} \cup \{0\}$ . Note that $\{x^k: x \in {\mathbb F}_p^*\}$ is the multiplicative subgroup of ${\mathbb F}_p^*$ with order $\frac {p-1}{\gcd (p-1,k)}$ . Since $\gcd (p-1,k)>1$ and $p \nmid n$ , Theorem 1.5 (2) implies that

$$\begin{align*}|A_{p}| \leq |A_p^*|+1 \leq \sqrt{\frac{2(p-1)}{\gcd(p-1,k)}}+5.\end{align*}$$

Set $Q=2(\frac {\phi (k)\log N}{T})^2$ . Applying Gallagher’s larger sieve, we obtain that

(5.3) $$ \begin{align} |A| \le \frac{\sum_{p \in \mathcal{P},p \le Q}\log p - \log N}{\sum_{p \in \mathcal{P},p \le Q} \frac{\log p}{|A_{p}|}-\log N}. \end{align} $$

Let c be the constant from Corollary 2.7. For the numerator on the right-hand side of inequality (5.3), we have

$$ \begin{align*} \sum_{p \in \mathcal{P},p \le Q}\log p - \log N & \leq \sum_{i \in \mathcal{I}}\bigg(\sum_{\substack{p\equiv i \text{ mod }k, \\p \le Q}}\log p\bigg) - \log N \\ &=\frac{|\mathcal{I}|Q}{\phi(k)}+O\bigg(|\mathcal{I}|Q\exp(-c\sqrt{\log Q})\bigg)-\log N. \end{align*} $$

Next, we estimate the denominator on the right-hand side of inequality (5.3). Note that $|\mathcal {I}|\le T=\sum _{i \in \mathcal {I}} \sqrt {\gcd (i-1,k)}$ . Then we have $T \le |\mathcal {I}| \sqrt {k} \le \phi (k)\sqrt {k}$ , and so $\phi (k)/T \ge 1/\sqrt {k}$ . Since $k=(\log N)^{o(1)}$ , we deduce $Q> 2(\log N)^{2-o(1)}$ . Thus we have $k=Q^{o(1)}$ . This, together with Corollary 2.7 and Lemma 2.8, deduces that for each $i \in \mathcal {I}$ ,

$$ \begin{align*} \sum_{\substack{p \in \mathcal{P}, p \le Q\\ p \equiv i \text{ mod } k}} \frac{\log p}{|A_{p}|} & \geq \sum_{\substack{p \in \mathcal{P}, p \le Q \\ p \equiv i \text{ mod } k}} \frac{\log p}{\sqrt{\frac{2(p-1)}{\gcd(i-1,k)}}+5}\\ &=\sum_{\substack{p \le Q\\ p \equiv i \text{ mod } k}} \frac{\log p}{\sqrt{\frac{2p}{\gcd(i-1,k)}}}+O\bigg(\sum_{p \le Q} \frac{k\log p}{p}\bigg)+O\bigg(\sum_{p \mid n} \frac{\sqrt{k}\log p}{\sqrt{p}}\bigg)\\ &=\sqrt{\frac{\gcd(i-1,k)}{2}} \sum_{\substack{p \le Q\\ p \equiv i \text{ mod } k}} \frac{\log p}{\sqrt{p}}+O(k\log Q)+O(k (\log n)^{1/2})\\ &=\frac{\sqrt{2Q\gcd(i-1,k)}}{\phi(k)} +O\left( \sqrt{Q} \sqrt{\gcd(i-1,k)} \exp(-c\sqrt{\log Q}) \right). \end{align*} $$

Thus we have

$$ \begin{align*} |A| &\le \frac{\sum_{p \in \mathcal{P},p \le Q}\log p - \log N}{\sum_{p \in \mathcal{P},p \le Q} \frac{\log p}{|A_{p}|}-\log N}\\ &\le \frac{\frac{|\mathcal{I}|Q}{\phi(k)}+O(|\mathcal{I}|Q\exp(-c\sqrt{\log Q}))-\log N}{\sum_{i \in \mathcal{I}}\bigg( \sum_{\substack{p \in \mathcal{P}, p \le Q\\ p \equiv i \text{ mod } k}} \frac{\log p}{|A_{p}|}\bigg) -\log N}\\ &\le \frac{\frac{|\mathcal{I}|Q}{\phi(k)}+O(|\mathcal{I}|Q\exp(-c\sqrt{\log Q}))-\log N}{\frac{T\sqrt{2Q}}{\phi(k)}+O\left(T \sqrt{Q} \exp(-c\sqrt{\log Q}) \right)-\log N}. \end{align*} $$

Finally, recall that $Q=2(\frac {\phi (k)\log N}{T})^2$ . It follows that

$$ \begin{align*} |A|&\leq \frac{2|\mathcal{I}|\phi(k)(\frac{\log N}{T})^2+O\left(|\mathcal{I}| (\frac{\phi(k)\log N}{T})^2\exp \Big(-c\sqrt{\log (\frac{\phi(k)\log N}{T})}\Big)\right)}{2\log N+O\left(\phi(k)\log N\exp \Big(-c\sqrt{\log (\frac{\phi(k)\log N}{T})}\Big)\right)-\log N}\\ &= \frac{\frac{2|\mathcal{I}|\phi(k)}{T^2} \log N+O\left(\frac{|\mathcal{I}|\phi(k)^2 \log N}{T^2} \exp \Big(-c\sqrt{\log (\frac{\phi(k)\log N}{T})}\Big)\right)}{1+O\left(\phi(k) \exp \Big(-c\sqrt{\log (\frac{\phi(k)\log N}{T})}\Big)\right)}. \end{align*} $$

Recall that $N=n^{\frac {k}{k-2}}$ . Thus, to obtain our desired result, we need to show

$$ \begin{align*} |A|\leq \frac{(1+o(1))\frac{2|\mathcal{I}|\phi(k)}{T^2} \log N}{1-o(1)}, \end{align*} $$

and it suffices to show that

$$\begin{align*}\phi(k)\exp \Big(-c\sqrt{\log (\frac{\phi(k)\log N}{T})}\Big)=o(1),\end{align*}$$

as $N \to \infty $ , or equivalently,

$$\begin{align*}\log k- c\sqrt{\log \frac{\phi(k)}{T}+\log \log N} \to -\infty,\end{align*}$$

as $N \to \infty $ . We notice that $\phi (k)/T \ge 1/\sqrt {k}$ . Let $c'=c/2$ . Then the assumption $\log k\leq c'\sqrt {\log \log n}<c'\sqrt {\log \log N}$ implies

$$\begin{align*}\log \log N + \log \frac{\phi(k)}{T} \ge \log \log N - \frac{1}{2}\log k = (1-o(1)) \log \log N,\end{align*}$$

and

$$\begin{align*}\log k - c\sqrt{\log \frac{\phi(k)}{T}+\log \log N} \leq -(c'-o(1))\log \log N \to -\infty,\end{align*}$$

as required.

Proof The proof is very similar to the proof of Theorem 1.2 and we follow all the notations and steps as in the proof of Theorem 1.2, apart from the minor modifications stated below.

We prove the first part. For each $p \in \mathcal {P}$ , we have the stronger upper bound that $|A_p| \leq \sqrt {\frac {(p-1)}{\gcd (p-1,k)}}+2$ by Theorem 1.5 (2). To optimize the upper bound obtained from Gallagher’s larger sieve, we instead set $Q=(\frac {\phi (k)\log N}{T})^2$ .

Next, we assume that k is even and prove the second part. Notice that for each $x \in A$ , there is a positive integer y, such that $x^2+n=y^2$ . Thus, $|A|$ is bounded by the number of positive integral solutions to the equation $x^2+n=y^2$ , which is at most $\tau (n)$ . On the other hand, this also implies that all the elements in A are at most n. Thus, we can set $N=n$ instead and obtain the stronger upper bound.

Proof We give an inductive proof. When $\ell =1$ , the inclusion (5.8) holds. We assume that (5.8) holds for some $\ell \geq 1$ . Let $x=i+jP_{\ell } \in \mathcal {I}_{\ell +1}$ . By the assumption, we have $\gcd (i, P_{\ell })=1$ , and it follows that $\gcd (x, P_{\ell +1})=\gcd (x,P_{\ell })\gcd (x,p_{\ell +1})=\gcd (i, P_{\ell })\gcd (x, p_{\ell +1})=1.$ This proves the claim.

Proof We have

$$ \begin{align*} T_{\ell+1} &=\sum_{i \in \mathcal{I}_{\ell}} \sum_{\substack{0 \leq j<p_{\ell+1}\\ p_{\ell+1} \nmid (i+j P_{\ell})}}\sqrt{\gcd(i+jP_{\ell}-1, P_{\ell+1})}\\ &=\sum_{i \in \mathcal{I}_{\ell}} \sum_{\substack{0 \leq j<p_{\ell+1}\\ p_{\ell+1} \nmid (i+j P_{\ell})}}\sqrt{\gcd(i+jP_{\ell}-1, P_{\ell})} \sqrt{\gcd(i+jP_{\ell}-1, p_{\ell+1})}\\ &=\sum_{i \in \mathcal{I}_{\ell}} \sqrt{\gcd(i-1, P_{\ell})} \bigg(\sum_{\substack{0 \leq j<p_{\ell+1}\\ p_{\ell+1} \nmid (i+j P_{\ell})}} \sqrt{\gcd(i+jP_{\ell}-1, p_{\ell+1})}\bigg). \end{align*} $$

It is easy to show that the inner sum consists of $(p_{\ell +1}-2)$ many $1$ and a single $\sqrt {p_{\ell +1}}$ . It follows that

$$ \begin{align*}T_{\ell+1}=(p_{\ell+1}-2+\sqrt{p_{\ell+1}})\sum_{i \in \mathcal{I}_{\ell}} \sqrt{\gcd(i-1, P_{\ell})}=T_{\ell} (p_{\ell+1}-2+\sqrt{p_{\ell+1}}), \end{align*} $$

proving the lemma.

Proof of Theorem 1.3

For each n, we choose $k=k(n)=P_\ell $ , where $\ell =\ell (n)$ is the largest integer such that $\log P_\ell <c' \sqrt {\log \log n}$ . It follows that $\log k=\log P_\ell \asymp \sqrt {\log \log n}$ . Thus, using equations (5.7) and (5.9), we have

$$ \begin{align*}\eta_k \phi(k) \leq \frac{|\mathcal{I}_\ell| \phi(P_\ell)}{T_{\ell}^2} =\prod_{p \leq p_{\ell}} \frac{(p-1)^2}{(p-2+\sqrt{p})^2}. \end{align*} $$

Note that for each prime p, it is easy to verify that $ \frac {p-1}{p-2+\sqrt {p}} \leq 1-\frac {1}{\sqrt {p}}. $ Recall that the inequality $e^x \geq 1+x$ holds for all real x, and a standard application of partial summation gives

$$ \begin{align*}\sum\limits_{p \leq x} \frac{1}{\sqrt{p}} = \frac{2\sqrt{x}}{\log x} + O\left(\frac{\sqrt{x}}{\log ^2x}\right). \end{align*} $$

Also, the prime number theorem implies that

$$ \begin{align*}\log P_\ell=\sum_{p \leq p_{\ell}} \log p=\theta(p_{\ell})=(1+o(1))p_{\ell} \end{align*} $$

and thus $p_{\ell }=(1+o(1))\log P_{\ell }$ . Putting the above estimates altogether, we have

$$ \begin{align*} \eta_k \phi(k) &\leq \prod_{p \leq p_{\ell}} \bigg(1-\frac{1}{\sqrt{p}}\bigg)^2 \leq \exp \bigg(-2\sum_{p \leq p_{\ell}} \frac{1}{\sqrt{p}}\bigg)\\ &=\exp\bigg(-\frac{(4+o(1))\sqrt{p_{\ell}}}{\log p_{\ell}}\bigg) =\exp\bigg(-\frac{(4+o(1))\sqrt{\log P_\ell}}{\log \log P_\ell}\bigg)\\ &\leq \exp\bigg(-\frac{c"(\log \log n)^{1/4}}{\log \log \log n}\bigg). \end{align*} $$

for some absolute constant $c">0$ . It follows from Theorem 1.2 that

$$\begin{align*}M_k(n) \ll \eta_k\phi(k) \log n \ll \exp\bigg(-\frac{c"(\log \log n)^{1/4}}{\log \log \log n}\bigg) \log n. \end{align*}$$

Proof We denote $k=\prod _{j=1}^{\ell } p_j^{\alpha _j}$ , where $p_1,p_2, \ldots , p_\ell $ are distinct primes factors of k such that

$$ \begin{align*}\beta(p_\ell^{\alpha_\ell})=\min\{\beta(p^\alpha): p^\alpha \mid \mid k\}.\end{align*} $$

Define

$$ \begin{align*}\mathcal{I}=\{1 \leq i \leq k: \gcd(k,i)=1, i \equiv 1 \quad\pmod {p_{\ell}}\}, \quad T_{\mathcal{I}}=\sum_{i \in \mathcal{I}} \sqrt{\gcd(i-1,k)}. \end{align*} $$

Then $\mathcal {I}$ is obviously a subset of the set $\{1 \leq i \leq k: \gcd (i,k)=1, \gcd (i-1,k)>1\}$ consisting of residue classes that can be used in Gallagher’s larger sieve in the proof of Theorem 1.2. (In particular, when $p_\ell =2$ , $\mathcal {I}$ consists of all the available residue classes with $|\mathcal {I}|=\phi (k)$ .) In view of the definition of $\eta _k$ , it suffices to show that

$$ \begin{align*}\frac{|\mathcal{I}|}{T_{\mathcal{I}}^2}=\mu_k=R_k \cdot \beta(p_\ell^{\alpha_\ell}).\end{align*} $$

We first compute the size of $\mathcal {I}$ . Equivalently, we can write

$$ \begin{align*}\mathcal{I}=\{1 \leq i \leq k: i \not \equiv 0 \quad\pmod{p_j} \text{ for each }1 \leq j<\ell, \text{ and } i \equiv 1 \quad\pmod {p_{\ell}} \}, \end{align*} $$

and hence, we deduce $|\mathcal {I}|=\prod _{j=1}^{\ell -1} (p_j-1)p_j^{\alpha _j-1} \cdot p_{\ell }^{\alpha _\ell -1}$ . In order to compute $T_{\mathcal {I}}$ , we first count the number of solutions to $v_{p_j}(i-1)=s$ over $1 \leq i \leq p_j^{\alpha _j}$ such that $p_j \nmid i$ for $0 \leq s \leq \alpha _j$ separately, and then use the Chinese remainder theorem. Set

$$ \begin{align*} C_{j,s}&=\{1 \leq i \leq p_j^{\alpha_j}: i\not\equiv 0 \quad\pmod{p_{j}},~ v_{p_j}(i-1)=s \}, \quad \text{for } 0\leq s\leq \alpha_{j}, j<\ell;\\ C_{\ell,s}&=\{1 \leq i \leq p_{\ell}^{\alpha_{\ell}}: i\equiv 1 \quad\pmod{p_{\ell}},~ v_{p_\ell}(i-1)=s \}, \quad \text{for } 0\leq s\leq \alpha_{\ell}. \end{align*} $$

Note that

$$ \begin{align*} |C_{j,s}|&=\phi(p_j^{\alpha_j-s}), \quad \quad \quad \quad \!\text{for } 0<s\leq \alpha_{j}, j<\ell;\\ |C_{j,0}|&=\phi(p_j^{\alpha_j})-p_{j}^{\alpha_{j}-1}, \quad \; \; \text{for } j<\ell;\\ |C_{\ell,s}|&=\phi(p_{\ell}^{\alpha_{\ell}-s}), \quad \quad \quad \quad \!\text{for } 0<s\leq \alpha_{\ell}, \end{align*} $$

and $|C_{\ell ,0}|=0$ . It follows that

$$ \begin{align*} T_{\mathcal{I}}=\sum_{i \in \mathcal{I}} \sqrt{\gcd(i-1,k)}=\sum_{d \mid k} \sqrt{d} \sum_{\substack{i \in \mathcal{I},\\ \gcd(i-1,k)=d}} 1=\prod_{j=1}^{\ell}\left(\sum_{s=0}^{\alpha_{j}}\sqrt{p_{j}^{s}}|C_{j,s}|\right). \end{align*} $$

For each $1 \leq j \leq \ell -1$ , we calculate

$$ \begin{align*} \sum_{s=0}^{\alpha_j} \sqrt{p_j^s} |C_{j,s}| & =\phi(p_{j}^{\alpha_{j}}) - p_{j}^{\alpha_{j}-1} + \sum_{s=1}^{\alpha_{j}}\sqrt{p_{j}^s} \phi(p_{j}^{\alpha_{j}-s}) \\ &=p_{j}^{\alpha_{j}} - p_{j}^{\alpha_{j} -1} - p_{j}^{(\alpha_{j}-1)/2} + p_{j}^{\alpha_{j} -1/2}. \end{align*} $$

Similarly, we have

$$ \begin{align*} \sum_{s=0}^{\alpha_\ell} \sqrt{p_\ell^s} |C_{\ell,s}| & = \sum_{s=1}^{\alpha_\ell} \sqrt{p_\ell^s} \phi(p_\ell^{\alpha_\ell-s})= - p_{\ell}^{(\alpha_{\ell}-1)/2} + p_{\ell}^{\alpha_{\ell}-1} + p_{\ell}^{\alpha_{\ell}-1/2}. \end{align*} $$

Putting these all together, we compute

$$ \begin{align*} T_{\mathcal{I}} &=\prod_{j=1}^{\ell-1} \bigg[p_{j}^{\alpha_{j}} - p_{j}^{\alpha_{j} -1} - p_{j}^{(\alpha_{j}-1)/2} + p_{j}^{\alpha_{j} -1/2} \bigg]\cdot \bigg( - p_{\ell}^{(\alpha_{\ell}-1)/2} + p_{\ell}^{\alpha_{\ell}-1} + p_{\ell}^{\alpha_{\ell}-1/2} \bigg). \end{align*} $$

Hence,

$$ \begin{align*} \frac{|\mathcal{I}|}{T_{\mathcal{I}}^2} &=\prod_{j=1}^{\ell-1} \frac{(p_j-1) p_j^{\alpha_j-1}}{\big(p_{j}^{\alpha_{j}} - p_{j}^{\alpha_{j} -1} - p_{j}^{(\alpha_{j}-1)/2} + p_{j}^{\alpha_{j} -1/2}\big)^2}\cdot \frac{ p_\ell^{\alpha_\ell-1}}{\big( - p_{\ell}^{(\alpha_{\ell}-1)/2} + p_{\ell}^{\alpha_{\ell}-1} + p_{\ell}^{\alpha_{\ell}-1/2}\big)^2}. \end{align*} $$

Proof Let $\mathcal {P}_d$ be the set of primes p such that $p \equiv 1 \ \pmod d$ and $(S_d({\mathbb F}_p)-1) \setminus \{0\}$ admits a non-trivial multiplicative decomposition. By the prime number theorem for arithmetic progressions, it suffices to show that $|\mathcal {P}_d \cap [0,x]|=o(x/\log x)$ .

Let $p \in \mathcal {P}_d$ . Then we can write $(S_d-1) \setminus \{0\}$ as the product of two sets $A,B \subset {\mathbb F}_p^*$ such that $|A|, |B| \geq 2$ . Then Corollary 1.10 implies that $|A||B|=\frac {p-1}{d}-1,$ that is,

(6.1) $$ \begin{align} d |A||B|=p-(d+1). \end{align} $$

On the other hand, Proposition 3.4 implies that we can find an absolute constant $C_d \in (0,1)$ such that

$$ \begin{align*}C_d\sqrt{p}<\min\{|A|, |B|\}<\sqrt{p}. \end{align*} $$

It follows that $p-(d+1)$ has a divisor in the interval $(C_d\sqrt {p}, \sqrt {p})$ . To summarize, if $p \in \mathcal {P}_d$ , then we have $\tau (p-(d+1);C_d\sqrt {p},\sqrt {p}) \geq 1,$ where $\tau (n;y,z)$ denotes the number of divisors of n in the interval $(y,z]$ . Now, we use results by Ford [Reference Ford14, Theorem 6] on the distribution of shift primes with a divisor in a given interval. Denote

(6.2) $$ \begin{align} H(x,y,z)& =\#\{1 \leq n \leq x: \tau (n;y,z) \geq 1\};\ \qquad \end{align} $$

(6.3) $$ \begin{align} P_d(x,y,z)&=\#\{p \leq x: \tau (p-(d+1);y,z) \geq 1\}. \end{align} $$

Setting $y=C_d\sqrt {x}/2$ and $z=\sqrt {x}$ , [Reference Ford14, Theorem 6] and [Reference Ford14, Theorem 1, third case of (v)] imply that

$$ \begin{align*}P_d(x,y,z) \ll \frac{H(x,y,z)}{\log x} \ll \frac{x}{\log x} u^\delta \bigg(\log \frac{2}{u}\bigg)^{-3/2} \end{align*} $$

where $\delta =1-\frac {1+\log \log 2}{\log 2}$ and $u=\log (C_d/2)/\log y$ . It follows that as $x \to \infty $ , we have $P_d(x,y,z)=o(x/\log x)$ . Therefore, we have

$$ \begin{align*}\#\{p \in \mathcal{P}_d: x/2\leq p\leq x\} & \leq \#\{x/2\leq p\leq x: \tau (p-(d+1); C_d\sqrt{x}/2,\sqrt{x}) \geq 1\} \\ &=o(x/\log x). \end{align*} $$

We conclude that as $x \to \infty $ ,

$$ \begin{align*} |\mathcal{P}_d \cap [0,x]| &=O(\sqrt{x})+\#\{p \in \mathcal{P}_d: \sqrt{x}\leq p\leq x\}\\ &=O(\sqrt{x})+\sum_{0\leq j \leq (\log_2 x)/2} o\bigg(\frac{x/2^j}{\log (x/2^j)}\bigg)\\ &=O(\sqrt{x})+\bigg(\sum_{0\leq j \leq (\log_2 x)/2} \frac{1}{2^j}\bigg)o\bigg(\frac{x}{\log x}\bigg) =o\bigg(\frac{x}{\log x}\bigg). \end{align*} $$

Proof of Theorem 1.11

Consider the family of primes p such that $p \equiv 1 \ \pmod d$ and n is a dth power modulo p. By a standard application of the Chebotarev density theorem, the density of such primes is given by $\frac {1}{[\mathbb {Q}(e^{2\pi i/d}, n^{1/d}):\mathbb {Q}]}$ . Among the family of such primes p, we can repeat the same argument as in the proof of Theorem 6.1 to show that if $(S_d({\mathbb F}_p)-n) \setminus \{0\}$ admits a non-trivial multiplicative decomposition, then $p-(d+1)$ necessarily has a divisor which is “close to” $\sqrt {p}$ . We remark that it is important to assume that n is a dth power modulo p, so that we can take advantage of Corollary 1.10. Similar to the proof of Theorem 6.1, we can show that among the family of primes $p \equiv 1 \ \pmod d$ , the property that $p-(d+1)$ has a divisor with the desired magnitude fails to hold for almost all p. This finishes the proof of the theorem.

Proof We assume, otherwise, that $AA=(\xi G-\lambda ) \setminus \{0\}$ for some $A\subset \mathbb {F}_p^{*}$ . Then we observe that $aa'=a'a$ for each $a,a' \in A$ , it follows that

$$ \begin{align*}|G|-1 \leq |AA|\leq \frac{|A|^2+|A|}{2}. \end{align*} $$

Since $|G| \geq 8$ , it follows that $|A| \geq 4$ . Let $B=A/\xi $ , and $\lambda '=\lambda /\xi $ . Then we have $AB=(G-\lambda ')\setminus \{0\}$ and thus Theorem 1.1 implies that $|A|^2=|A||B|\leq |G|+|A|-1$ . Comparing the above two inequalities, we obtain that

$$ \begin{align*}|A|^2-|A| \leq |G|-1 \leq \frac{|A|^2+|A|}{2}, \end{align*} $$

which implies that $|A|\leq 3$ , contradicting the assumption that $|A| \geq 4$ .

Proof It suffices to show $|ABC|^2 \leq |AB||BC||CA|$ , which is a special case of [Reference Ruzsa29, Theorem 5.1] due to Ruzsa.

Proof Assume that there are sets $A,B,C \subset {\mathbb F}_p^*$ with $|A|,|B|,|C| \geq 2$ , such that $ABC=(G-\lambda )\setminus \{0\}$ for some proper multiplicative subgroup G of ${\mathbb F}_p$ and some $\lambda \in {\mathbb F}_p^*$ .

Then we can write $(G-\lambda )\setminus \{0\}$ in three different ways: $A(BC), B(CA), C(AB)$ , so that we can apply the results in previous sections to each of them. Note that Lemma 3.6 implies that

$$ \begin{align*}|A|, |B|, |C| \geq |G|^{1/2+o(1)}.\end{align*} $$

On the other hand, Theorem 1.1 implies that

$$ \begin{align*}|AB||C|,|BC||A|,|CA||B|\ll |G|. \end{align*} $$

Therefore, from Lemma 6.5 and the fact $|ABC| \in \{|G|, |G|-1\}$ , we have

$$ \begin{align*}|G|^2 |A||B||C|\ll |ABC|^2 |A||B||C| \ll (|AB||C|)(|BC||A|)(|CA||B|) \ll |G|^3. \end{align*} $$

It follows that

$$ \begin{align*}|G|^{3/2+o(1)} \ll |A||B||C| \ll |G|, \end{align*} $$

that is, $|G|\ll 1$ , where the implicit constant is absolute. This completes the proof of the theorem.

Proof The proof is similar to the proof of Theorem 6.6. While Lemma 3.6 does not hold in the new setting (see Remark 3.8), we can instead use Proposition 3.4. If $ABC=(S_d({\mathbb F}_q)-\lambda )\setminus \{0\}$ , then Proposition 3.4 implies that

$$ \begin{align*}|A|, |B|, |C| \gg \frac{\sqrt{q}}{d}, \quad |A||BC|,|BC||A|, |CA||B| \ll q. \end{align*} $$

A similar computation leads to $d \gg q^{1/10}$ , which implies that $q \ll _{\epsilon } 1$ since we assume that $d \leq q^{1/10-\epsilon }$ .