Proof Let $\chi $ be a multiplicative character of $\mathbb {F}_q$ with order d. We have the following double character sum estimate (see, for example, [Reference Yip36, Theorem 2.6]):

(2.1) $$ \begin{align} \bigg|\sum_{a,b\in A}\chi(a+b)\bigg| \leq \sqrt{q}|A|\bigg(1-\frac{|A|}{q}\bigg). \end{align} $$

We first assume that $A+A \subset S_d \cup \{0\}$ . Note that for each $a \in A$ , we have $a+b \in S_d$ for each $b \in A$ , unless $a+b=0$ . It follows that

(2.2) $$ \begin{align} \sum_{a,b\in A}\chi(a+b)=|A|^2-\#\{(a,b) \in A \times A: a+b=0\}\geq |A|^2-|A|, \end{align} $$

and the equality holds if and only if $A=-A$ . Combining inequality (2.1) and inequality (2.2), we have

$$ \begin{align*}|A|^2-|A| \leq \sqrt{q}|A|\bigg(1-\frac{|A|}{q}\bigg). \end{align*} $$

It follows that $|A|\leq \sqrt {q}$ , and the equality holds only if $A=-A$ .

Next, we work under the weaker assumption that $A\hat {+}A \subset S_d \cup \{0\}$ . The proof is essentially the same, and the only difference is $\chi (2a)$ could be anything. We instead have

$$ \begin{align*}|A|^2-3|A| \leq \bigg|\sum_{a,b\in A}\chi(a+b)\bigg|\leq \sqrt{q}|A|\bigg(1-\frac{|A|}{q}\bigg)<\sqrt{q}|A|, \end{align*} $$

which implies that $|A|<\sqrt {q}+3$ .

Proof Let $A=\{a_1,a_2,\ldots , a_N\}$ . If $N=1$ , the statements are trivially true. Next, assume $N \geq 2$ . If $0 \in A$ , without loss of generality we assume that $a_N=0$ . Let $n=N$ if n is odd, and let $n=N-1$ if n is even. Let $m=(n-1)/2$ ; then $m \geq 1$ .

Since $A \hat {+} A \subset S_d$ , we have

(3.1) $$ \begin{align} (a_i+a_j)^{\frac{q-1}{d}} (a_j-a_i)=a_j-a_i \end{align} $$

for each $1 \leq i,j \leq N$ (note that when $i=j$ , both sides are equal to $0$ ). This simple observation will be used repeatedly in the following computation.

The Vandermonde matrix

$$ \begin{align*}(a_i^j)_{1 \leq i \leq n, 0 \leq j \leq n-1}\end{align*} $$

is invertible. Let $c_1,c_2,...,c_n$ be the unique solution of the following system of equations:

(3.2) $$ \begin{align} \left\{ \begin{array}{ll} \sum_{i=1}^n c_i a_i^j=0, &\quad 0 \leq j \leq 2m-1=n-2\\ \\ \sum_{i=1}^n c_i a_i^{n-1}=1.\end{array}\right. \end{align} $$

We note that $c_i \neq 0$ for each $1 \leq i \leq n$ ; otherwise we must have $c_1=c_2=\ldots =c_n=0$ in view of the first $n-1$ equations in system (3.2), which contradicts the last equation in system (3.2).

Consider the following auxiliary polynomial

(3.3) $$ \begin{align} f(x)=-(-1)^m+\sum_{i=1}^n c_i (x+a_i)^{m+\frac{q-1}{d}} (x-a_i)^{m}\in \mathbb{F}_q[x]. \end{align} $$

First, observe that the degree of f is at most $\frac {q-1}{d}$ . Indeed, for each $0 \leq j \leq 2m-1$ , the coefficient of $x^{2m+\frac {q-1}{d}-j}$ in $f(x)$ is

$$ \begin{align*} &\sum_{i=1}^n \sum_{k=0}^j \bigg(\binom{m+\frac{q-1}{d}}{k} c_i a_i^{k} \cdot \binom{m}{j-k} (-a_i)^{j-k}\bigg)\\ &\quad =\sum_{k=0}^j \binom{m+\frac{q-1}{d}}{k} \binom{m}{j-k} \cdot \bigg(\sum_{i=1}^n c_i a_i^{k} (-a_i)^{j-k}\bigg)\\ &\quad =\bigg(\sum_{i=1}^n c_i a_i^{j} \bigg) \cdot \bigg(\sum_{k=0}^j \binom{m+\frac{q-1}{d}}{k} \binom{m}{j-k} (-1)^{j-k}\bigg)=0 \end{align*} $$

by the assumption in system (3.2).

For each $1\leq j \leq N$ , Equation (3.1) and system (3.2) imply that

$$ \begin{align*} E^{(0)} f (a_j) = f (a_j) &= -(-1)^m+\sum_{i=1}^n c_i (a_j+a_i)^{m+\frac{q-1}{d}} (a_j-a_i)^{m} \\ &= -(-1)^m+\sum_{i=1}^n c_i (a_j+a_i)^{m} (a_j-a_i)^{m}\\ &= -(-1)^m+\sum_{i=1}^n c_i (a_j^2-a_i^2)^{m} \\ &= -(-1)^m+ \sum_{\ell=0}^m \binom{m}{\ell} a_j^{2(m-\ell)} (-1)^\ell\bigg(\sum_{i=1}^n c_i a_i^{2\ell}\bigg) \\ &= -(-1)^m+ (-1)^m \bigg(\sum_{i=1}^n c_i a_i^{n-1}\bigg) =0. \end{align*} $$

Next, we compute the hyper-derivatives of f on A. We first prove the following claim: for each $1 \leq j \leq N$ , if $0 \leq k_1\leq m$ and $0\leq k_2<m$ such that $1\leq k_1+k_2 \leq m$ , then we have

(3.4) $$ \begin{align} \sum_{i=1}^n c_i E^{(k_1)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(x-a_i)^m](a_j)=0. \end{align} $$

Indeed, by Lemma 2.1 and Equation (3.1), we have

$$ \begin{align*} &\sum_{i=1}^n c_i E^{(k_1)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(x-a_i)^m](a_j)\\ &= \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \bigg(\sum_{i=1}^n c_i (a_j+a_i)^{m-k_1+\frac{q-1}{d}} (a_j-a_i)^{m-k_2}\bigg) \\ &= \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \bigg(\sum_{i=1}^n c_i (a_j+a_i)^{m-k_1} (a_j-a_i)^{m-k_2}\bigg) \\ &= \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \cdot\sum_{\ell_1=0}^{m-k_1} \sum_{\ell_2=0}^{m-k_2} \binom{m-k_1}{\ell_1} \binom{m-k_2}{\ell_2} \bigg(\sum_{i=1}^n c_i a_j^{m-k_1-\ell_1} a_i^{\ell_1} a_j^{m-k_2-\ell_2}(-a_i)^{\ell_2}\bigg)\\ &= \binom{m+\frac{q-1}{d}}{k_1} \binom{m}{k_2} \cdot\sum_{\ell_1=0}^{m-k_1} \sum_{\ell_2=0}^{m-k_2} \binom{m-k_1}{\ell_1} \binom{m-k_2}{\ell_2}\\ &\quad \times a_j^{(m-k_1-\ell_1)+(m-k_2-\ell_2)} (-1)^{\ell_2}\bigg(\sum_{i=1}^n c_i a_i^{\ell_1+\ell_2} \bigg)\\ &=0, \end{align*} $$

where we again use the assumptions in system (3.2), since we always have $\ell _1+\ell _2\leq 2m-k_1-k_2 \leq 2m-1$ for the exponent in the last summand.

From the above claim (3.4) and Lemma 2.3, it follows that for each $1\leq j \leq N$ and $1 \leq r \leq m-1$ , we have

$$ \begin{align*} E^{(r)} f (a_j) = \sum_{i=1}^n c_i \bigg(\sum_{k=0}^r E^{(k)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(r-k)}[(x-a_i)^{m}](a_j)\bigg) =0. \end{align*} $$

Similarly, for each $1 \leq j \leq N$ , we have

(3.5) $$ \begin{align} E^{(m)} f (a_j) &= \sum_{i=1}^n c_i \bigg(\sum_{k=0}^m E^{(k)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(m-k)}[(x-a_i)^{m}](a_j)\bigg) \notag \\ &= \sum_{i=1}^n c_i E^{(0)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(m)}[(x-a_i)^{m}](a_j) \notag\\ &= \sum_{i=1}^n c_i (a_j+a_i)^{m+\frac{q-1}{d}}. \end{align} $$

Recall that if $j \neq i$ , then $a_j+a_i \in S_d$ and thus $(a_j+a_i)^{\frac {q-1}{d}}=1$ . If $1 \leq j \leq n$ , then Equation (3.5) further simplifies to

(3.6) $$ \begin{align} E^{(m)} f (a_j) &= c_j (2a_j)^{m+\frac{q-1}{d}}+\sum_{\substack{1\leq i \leq n \\i \neq j}} c_i (a_j+a_i)^{m} \notag\\ &= c_j (2a_j)^{m+\frac{q-1}{d}} -c_j (2a_j)^m +\sum_{i=1}^n c_i (a_j+a_i)^{m} \notag\\ &= c_j (2a_j)^m \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg)+\sum_{k=0}^m \binom{m}{k} a_j^{m-k} \bigg(\sum_{i=1}^n c_i a_i^k\bigg) \notag\\ &=c_j (2a_j)^m \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg). \end{align} $$

Note that if $2a_j=0$ , that is, $a_j=0$ , then $E^{(m)} f (a_j)=0$ . If $2a_j \in S_d$ , then $(2a_j)^{\frac {q-1}{d}}=1$ and we also have $E^{(m)} f (a_j)=0$ . Conversely, if $E^{(m)} f (a_j)=0$ , then we must also have $2a_j \in S_d \cup \{0\}$ since $c_j \neq 0$ . Thus, $E^{(m)} f (a_j)=0$ if and only if $2a_j \in S_d \cup \{0\}$ . Since $A +A \not \subset S_d \cup \{0\}$ , there is $1\leq j_0\leq n$ such that $2a_{j_0} \not \in S_d \cup \{0\}$ , and thus $E^{(m)} f (a_{j_0})\neq 0$ , which implies that f is not identically $0$ .

In view of Lemma 2.2, for each $1 \leq j \leq n$ , we have shown that $a_j$ is a root of f with multiplicity at least m; moreover, if additionally $2a_j \in S_d \cup \{0\}$ , then $a_j$ is a root with multiplicity at least $m+1$ . To complete the proof, we consider the parity of N.

(1) N is odd. In this case, $n=N$ and $m=\frac {N-1}{2}$ . We conclude that

$$ \begin{align*} & \frac{N(N-1)}{2}+\#\{a \in A: 2a \in S_d \cup \{0\}\} \\ &\quad =mN+\#\{1 \leq j \leq N: 2a_j \in S_d \cup \{0\}\} \leq \deg f \leq \frac{q-1}{d}. \end{align*} $$

(2) N is even. In this case, $n=N-1$ . Note that $a_i+a_N \in S_d$ for each $1 \leq i \leq n$ , and thus Equation (3.5) and system (3.2) imply that

$$ \begin{align*} E^{(m)} f (a_N)= \sum_{i=1}^n c_i (a_N+a_i)^{m+\frac{q-1}{d}}= \sum_{i=1}^n c_i (a_N+a_i)^{m}=\sum_{k=0}^m \binom{m}{k} a_N^{m-k} \bigg(\sum_{i=1}^n c_ia_i^k\bigg)=0. \end{align*} $$

Thus, $a_j$ is a root of f with multiplicity at least m for each $1 \leq j \leq n$ , and $a_N$ is in fact a root of f with multiplicity at least $m+1$ . It follows that

$$ \begin{align*}\frac{(N-1)^2+1}{2}=\frac{N(N-2)}{2}+1=mN+1\leq \deg f \leq \frac{q-1}{d}. \end{align*} $$

Finally, we additionally assume that $0 \in A$ , that is, $a_N=0$ . Then we must have $a_i \in S_d$ and thus $a_i^{\frac {q-1}{d}}=1$ for each $1 \leq i \leq n$ . A similar computation shows that

$$ \begin{align*} E^{(r)} f (0) &= \sum_{i=1}^n c_i \bigg(\sum_{k=0}^m E^{(r-k)}[(x+a_i)^{m+\frac{q-1}{d}}](0) \cdot E^{(k)}[(x-a_i)^{m}](0)\bigg)\\ &= \sum_{k=0}^m \binom{m+\frac{q-1}{d}}{r-k} \binom{m}{k} \bigg(\sum_{i=1}^n c_i a_i^{m-r+k+\frac{q-1}{d}} (-a_i)^{m-k}\bigg)\\ &= \sum_{k=0}^m \binom{m+\frac{q-1}{d}}{r-k} \binom{m}{k} (-1)^{m-k}\bigg(\sum_{i=1}^n c_i a_i^{2m-r+\frac{q-1}{d}}\bigg)\\ &= \sum_{k=0}^m \binom{m+\frac{q-1}{d}}{r-k} \binom{m}{k} (-1)^{m-k}\bigg(\sum_{i=1}^n c_i a_i^{2m-r}\bigg)=0 \end{align*} $$

for each $m+1 \leq r \leq 2m$ . Thus, in this case, $0=a_N$ is in fact a root of f with multiplicity at least $2m+1=n=N-1$ . Consequently, we have a stronger bound that

$$ \begin{align*} &\frac{N(N-1)}{2}+\#\{a \in A: 2a \in S_d\}\\ &\quad =(N-1) \cdot \frac{(N-2)}{2}+ \#\{1\leq j \leq n: 2a \in S_d\}+(N-1)\leq \deg f \leq \frac{q-1}{d}. \end{align*} $$

Proof Since $A'\hat {+}A' \subset S_d \cup \{0\}$ and $A'+A' \not \subset S_d \cup \{0\}$ , there is $a^* \in A'$ such that $2a^* \not \subset S_d \cup \{0\}$ . Note that $a^* \neq 0$ and thus $-a^* \neq a^*$ . Let $A=A' \setminus \{-a^*\}$ . Then $|A|=|A'|$ or $|A|=|A'|-1$ . Thus, it suffices to show $|A|\leq \sqrt {2(q-1)/d+1}+1$ .

Let $A=\{a_1,a_2, \ldots , a_N\}$ . We can assume that $|A|\geq 2$ . Without loss of generality, we may assume that $a_1=a^*$ . The proof is essentially the same as the proof of Proposition 3.1. We use the same notations and use the same polynomial. While Equation (3.1) may fail, we instead have

$$ \begin{align*}(a_i+a_j)^{\frac{q-1}{d}+1}(a_j-a_i)=(a_j+a_i)(a_j-a_i) \end{align*} $$

for each $1 \leq i, j \leq N$ . Almost identical arguments lead to the following information on f:

• • $\deg f \leq \frac {q-1}{d}$ .

• • $f(a_j)=0$ for each $1 \leq j \leq N$ .

• • A slightly weaker claim, namely

  (3.7) $$ \begin{align} \sum_{i=1}^N c_i E^{(k_1)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(x-a_i)^{m}](a_j)=0. \end{align} $$
  holds for each $1 \leq j \leq N$ , provided that $0 \leq k_1,k_2<m$ and $1 \leq k_1+k_2 \leq m$ . Compared to the claim in the proof of Proposition 3.1, we also need to deal with the cases $k_1=m$ and $k_2=0$ separately.

• • Lemma 2.3 then allows us to deduce that $E^{(r)} f (a_j)=0$ for $1\leq j \leq N$ and $0 \leq r \leq m-1$ .

Since $-a_1=-a^* \notin A$ , it follows that $a_i+a_1 \neq 0$ for each $1 \leq i \leq N$ , so that we have

$$ \begin{align*}(a_i+a_1)^{\frac{q-1}{d}}(a_1-a_i)=a_1-a_i. \end{align*} $$

Thus, following a similar computation as in the deduction of Equations (3.5) and (3.6) in the proof of Proposition 3.1, we have

$$ \begin{align*} E^{(m)} f (a_1) &= \sum_{i=1}^n c_i \bigg(\sum_{k=0}^m E^{(k)}[(x+a_i)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(m-k)}[(x-a_i)^{m}](a_1)\bigg) \\ &= \sum_{i=1}^n c_i E^{(0)}[(x+a_i)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(m)}[(x-a_i)^{m}](a_1)\\ &\quad +\sum_{i=1}^n c_i E^{(m)}[(x+a_i)^{m+\frac{q-1}{d}}](a_1) \cdot E^{(0)}[(x-a_i)^{m}](a_1)\\ &= \sum_{i=1}^n c_i (a_1+a_i)^{m+\frac{q-1}{d}} +\binom{m+\frac{q-1}{d}}{m} \sum_{i=1}^{n} c_i (a_1+a_i)^{\frac{q-1}{d}}(a_1-a_i)^m\\ &= \sum_{i=1}^n c_i (a_1+a_i)^{m+\frac{q-1}{d}} +\binom{m+\frac{q-1}{d}}{m} \sum_{i=1}^{n} c_i (a_1-a_i)^m\\ &= c_1 (2a_1)^m \bigg((2a_1)^{\frac{q-1}{d}}-1\bigg) \neq 0 \end{align*} $$

since $2a_1 \not \in S_d \cup \{0\}$ . In particular, f is not identically zero. Therefore, Lemma 2.2 implies that

$$ \begin{align*}\frac{N(N-2)}{2}\leq Nm \leq \deg f \leq \frac{q-1}{d}. \end{align*} $$

It follows that $N \leq \sqrt {2(q-1)/d+1}+1$ and the proof is complete.

Proof of Theorem 1.6

If $A+A \subset S_d \cup \{0\}$ , then Theorem 2.5 implies that $|A|^2 \leq \frac {p-1}{d}+|A|$ , so $|A|\leq \sqrt {p/d}+1$ . Next assume that $A +A \not \subset S_d \cup \{0\}$ . Then the upper bound on $|A|$ follows from Propositions 3.1 and 3.2.

Proof of Theorem 1.7

When $q \leq 121$ , we have checked the theorem by SageMath. Next, assume that $q>121$ . Let $A \subset \mathbb {F}_q$ such that $A \hat {+} A \subset S_d \cup \{0\}$ .

If $A+A \not \subset S_d \cup \{0\}$ , then Proposition 3.2 implies that $|A|\leq \sqrt {\frac {2(q-1)}{d}+1}+2$ . Note that when $q>121$ , we have

$$ \begin{align*}|A| \leq \sqrt{\frac{2(q-1)}{d}+1}+2 \leq \sqrt{\frac{2(q-1)}{3}+1}+2<\sqrt{q} \end{align*} $$

since $d \geq 3$ . Next we consider the case that $A+A \subset S_d \cup \{0\}$ . By Lemma 2.4, $|A|\leq \sqrt {q}$ , with equality holding only if $A=-A$ . Thus, we have proved the first assertion that $|A|\leq \sqrt {q}$ .

It remains to characterize A such that $|A|=\sqrt {q}$ and $A+A \subset S_d \cup \{0\}$ . The above analysis shows that we must have $A=-A$ and $0 \in A$ (since q is odd). Thus $A-A=A+A \subset S_d \cup \{0\}$ . Since $A-A=-(A-A)$ , we must have $-1 \in S_d$ . Since $q \equiv 1 \ \pmod d$ , this implies that $q \equiv 1 \ \pmod {2d}$ , so that the d-Paley graph over $\mathbb {F}_q$ , is well-defined. Using this terminology, A is a clique in $GP(q,d)$ with size $\sqrt {q}$ . It then follows from [Reference Yip36, Theorem 1.2] that $d \mid (\sqrt {q}+1)$ . Note that the condition $d \mid (\sqrt {q}+1)$ implies that $\mathbb {F}_{\sqrt {q}}^* \subset S_d$ . Moreover, Sziklai [Reference Sziklai33] showed that if $0,1 \in A$ , then $A=\mathbb {F}_{\sqrt {q}}$ ; see also [Reference Yip36, Theorem 2.9] and [Reference Asgarli and Yip2, Section 2]. Note that $0 \in A$ while $1$ is not necessarily in A, so we conclude that $A=\alpha \mathbb {F}_{\sqrt {q}}$ for some $\alpha \in S_d$ . Conversely, it it easy to verify that, if $\alpha \in S_d$ , then $\alpha \mathbb {F}_{\sqrt {q}} \hat {+} \alpha \mathbb {F}_{\sqrt {q}}=\alpha \mathbb {F}_{\sqrt {q}} \subset S_d \cup \{0\}$ . This completes the proof of the theorem.

Proof The statement $A+A \neq S_d$ has already been proved in [Reference Yip37, Corollary 1.3]. Suppose otherwise that $A+A=S_d \cup \{0\}$ . In this case, it is more difficult to derive a contradiction. In the following, we use a similar argument as in the proof of [Reference Yip37, Theorem 1.2] together with a few new ingredients.

For each $x \in A+A$ , let $r(x)$ be the number of pairs $(a,a')$ such that $a,a' \in A$ and $a+a'=x$ . Let $\beta $ be the number of $x \in (A+A)\setminus \{0\}$ such that $r(x)=1$ . Observe the following:

• • $r(0)=|A \cap (-A)|$ . If $a+a'=0$ , then $a'=-a \in A$ and thus $a \in A \cap (-A)$ .

• • $\beta \leq |A|$ . Indeed, if $r(x)=1$ , then there exist $a \in A$ such that $x=a+a$ . Otherwise, if there are $a',a" \in A$ such that $a' \neq a"$ and $a'+a"=x$ , then $r(x) \geq 2$ since we also have $a"+a'=x$ .

It follows that

$$ \begin{align*} |A|^2&=\sum_{x \in A+A} r(x)\geq r(0)+\beta+2(|(A+A) \setminus \{0\}|-\beta) \\ &= |A \cap (-A)|+2|(A+A) \setminus \{0\}|-\beta \geq |A \cap (-A)|+2|(A+A) \setminus \{0\}|-|A|. \end{align*} $$

Therefore,

(4.1) $$ \begin{align} \frac{q-1}{d}=|S_d|=|(A+A) \setminus \{0\}|\leq \frac{|A|^2+|A|-|A \cap (-A)|}{2}. \end{align} $$

Suppose B is a subset of A such that

(4.2) $$ \begin{align} |B|>\frac{|A|+1}{2} \quad \text{ and } \quad \binom{|B|-1+\frac{q-1}{d}}{\frac{q-1}{d}}\not \equiv 0 \ \ \pmod p. \end{align} $$

Note that $A+B \subset A+A=S_d \cup \{0\}$ . Thus, Theorem 2.5 implies that

(4.3) $$ \begin{align} |A||B|\leq \frac{q-1}{d}+|A \cap (-B)|. \end{align} $$

Adding up Equations (4.1) and (4.3) and simplifying, we obtain that

$$ \begin{align*}|A|B| \leq \frac{|A|^2+|A|-|A \cap (-A)|}{2} +|A \cap (-B)|\leq \frac{|A|^2+|A|+|A \cap (-A)|}{2}, \end{align*} $$

with equality holding only if $|A \cap (-A)|=|A \cap (-B)|$ . On the other hand, since $|B|>\frac {|A|+1}{2}$ , we have

$$ \begin{align*}|A|B|\geq \frac{|A|(|A|+2)}{2}\geq \frac{|A|^2+|A|+|A \cap (-A)|}{2} \end{align*} $$

with equality holding only if $|A|=|A \cap (-A)|$ , that is, $-A=A$ . By comparing the above two estimates, we deduce that $A=B$ and $-A=A$ . Thus, Equation (4.3) implies that

$$ \begin{align*}|A^2| \leq \frac{q-1}{d}+|A| \end{align*} $$

while Equation (4.1) implies that

$$ \begin{align*}\frac{q-1}{d} \leq \frac{|A|^2}{2}, \end{align*} $$

It follows that $|A| \leq 2$ and thus $|S_d|=|(A+A) \setminus \{0\}| \leq 2$ , contradicting the assumption that $|S_d|=\frac {q-1}{d} \geq 3$ .

It remains to construct a subset B of A with the property (4.2). Write $|A|-1=(c_k, c_{k-1}, \ldots , c_1,c_0)_p$ in base-p, that is, $|A|-1=\sum _{i=0}^k c_ip^i$ with $0 \leq c_i \leq p-1$ for each $0 \leq i \leq k$ and $c_k \geq 1$ . Next, we construct B according to the size of $c_k$ .

(1) $c_k \leq p-1-\frac {p-1}{d}$ . In this case, let B be an arbitrary subset of A with $|B|-1=(c_k,0, \ldots , 0)_p$ , that is, $|B|=c_kp^k+1$ . It is easy to verify that $\binom {|B|-1+\frac {q-1}{d}}{\frac {q-1}{d}} \not \equiv 0 \ \pmod p$ using Kummer’s theorem. Since $|A| \leq (c_k+1)p^k$ , we also have that $2|B|>|A|+1$ .

(2) $c_k> p-1-\frac {p-1}{d}$ . In this case, let B be an arbitrary subset of A with

$$ \begin{align*}|B|-1=\bigg(\frac{(d-1)(p-1)}{d},\frac{(d-1)(p-1)}{d}, \ldots, \frac{(d-1)(p-1)}{d}\bigg)_p,\end{align*} $$

that is, $|B|=\frac {(d-1)(p-1)}{d} \cdot \sum _{i=0}^k p^i +1$ . Again, it is easy to verify that $\binom {|B|-1+\frac {q-1}{d}}{\frac {q-1}{d}} \not \equiv 0 \ \pmod p$ . Since $d \geq 2$ , it follows that $2|B| \geq (p-1)\sum _{i=0}^k p^i +2= p^{k+1}+1\geq |A|+1$ , where equality holds only if $d=2$ and $|A|=p^{k+1}$ .

(3) It remains to consider the case that $d=2$ and $|A|=p^{k+1}$ . Equation (4.1) implies that $q-1 \leq |A|^2+|A|-|A \cap (-A)|$ and thus $|A|\geq \sqrt {q}-1$ . On the other hand, $|A|\leq \sqrt {q}$ , where equality holds only if $A=-A$ . Therefore, q is a square, $|A|=\sqrt {q}$ and $A=-A$ . Since q is odd, $0 \in A$ and $A \subset S_2 \cup \{0\}$ . It follows that $A-A=A+A=S_2 \cup \{0\}$ . Let $A'=a_0^{-1}A$ , where $a_0$ is a nonzero element of A. Then we have $0,1 \in A'$ , $|A'|=\sqrt {q}$ and $A'-A' \subset S_2 \cup \{0\}$ . Now the conjecture of van Lint and MacWilliams [Reference van Lint and MacWilliams34] mentioned in the introduction (first confirmed by Blokhuis [Reference Blokhuis4]) implies that $A'=\mathbb {F}_{\sqrt {q}}$ and thus $A=a_0\mathbb {F}_{\sqrt {q}}$ . However, this implies that $A+A=a_0\mathbb {F}_{\sqrt {q}} \neq S_2 \cup \{0\}$ , a contradiction.

Proof Let $|A|=\{a_1,a_2, \ldots , a_N\}$ . Note that $A \hat {+} A=S_d$ implies that

(4.4) $$ \begin{align} \frac{q-1}{d}=|S_d| \leq |A \hat{+} A|\leq \binom{N}{2}=\frac{N(N-1)}{2}. \end{align} $$

Next, we divide the discussion according to the following two cases.

(1) N is odd. Then Proposition 3.1 implies that

$$ \begin{align*}\frac{N(N-1)}{2}+\#\{a \in A: 2a \in S_d \cup \{0\}\} \leq \frac{q-1}{d}. \end{align*} $$

It follows from Equation (4.4) that

$$ \begin{align*}N(N-1)=\frac{2(q-1)}{d}, \end{align*} $$

that is, A is a weak Sidon set (the sums $a_i+a_j$ , for $i<j$ , are all distinct). Moreover, $2a \not \in S_d \cup \{0\}$ for each $a \in A$ . Since q is odd, it is clear that $2a_i \neq 2a_j$ for $i \neq j$ . Thus, we conclude that A is a Sidon set.

(2) N is even and $0 \in A$ . Then Proposition 3.1 implies that

$$ \begin{align*}\frac{N(N-1)}{2}+\#\{a \in A: 2a \in S_d\} \leq \frac{q-1}{d}.\end{align*} $$

We can argue similarly to (1) to deduce the desired properties of A.

(3) N is even and $0 \not \in A$ . Then we have the weaker estimate

$$ \begin{align*}\frac{(N-1)^2+1}{2} \leq \frac{q-1}{d} \end{align*} $$

from Proposition 3.1. It follows from Equation (4.4) that

$$ \begin{align*}(N-1)^2< \frac{2(q-1)}{d} \leq N(N-1)<(N-1/2)^2, \end{align*} $$

equivalently,

$$ \begin{align*}\frac{N}{2}-\frac{1}{2}< \sqrt{\frac{q-1}{2d}}<\frac{N}{2}-\frac{1}{4}. \end{align*} $$

Recall that N is even, so $\frac {N}{2}$ is an integer. Thus, N is uniquely determined by

(4.5) $$ \begin{align} N=2\bigg\lceil \sqrt{\frac{q-1}{2d}} \bigg \rceil, \quad \text{and} \quad \sqrt{\frac{q-1}{2d}} \in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1. \end{align} $$

Proof of Theorem 1.4

Let $A \subset \mathbb {F}_q$ such that $A\hat {+}A=S_d$ . In view of Corollary 4.2, it suffices to show that $A+A \not \subset S_d \cup \{0\}$ . Equivalently, it suffices to show that $A+A \neq S_d$ and $A+A \neq S_d \cup \{0\}$ , which have been proved in Proposition 4.1.

Proof of Theorem 1.3

Let $q=p^{2r}$ . Assume that there is $A \subset \mathbb {F}_q$ with $A \hat {+} A= S_d$ .

(1) If $|A|$ is odd, then Theorem 1.4 implies that $q=p^{2r}=k^2 |A|(|A|-1)+1.$ Thus,

$$ \begin{align*}(2p^r)^2=4q=4k^2|A|(|A|-1)+1=(2k|A|-k)^2+(4-k^2). \end{align*} $$

It follows that $(2p^r+2k|A|-k)$ is a divisor of $(k^2-4)$ . In particular, $p \leq 2p^r+2k|A|-k \leq k^2-4<d$ , violating the assumption that $p \equiv 1 \ \pmod d$ .

(2) If $|A|$ is even, then Theorem 1.4 implies that

$$ \begin{align*}\frac{p^r-1}{2k}+\frac{\sqrt{p^{2r}-1}-(p^r-1)}{2k}=\frac{\sqrt{p^{2r}-1}}{2k}=\sqrt{\frac{q-1}{2d}} \in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1. \end{align*} $$

Since $p \equiv 1 \ \pmod d$ and $d=2k^2$ , it follows that $2k \mid (p^r-1)$ and thus

$$ \begin{align*}\frac{\sqrt{p^{2r}-1}-(p^r-1)}{2k}\in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1. \end{align*} $$

However, the number on the left-hand side is in $(0,\frac {1}{2k})$ , while $\frac {1}{2k}\leq \frac {1}{6}<\frac {1}{2}$ , a contradiction.

Proof of Corollary 1.5

Let $p \equiv 1 \ \pmod d$ to be a prime and let $A \subset \mathbb {F}_{p^k}$ such that $A\hat {+}A=S_d(\mathbb {F}_{p^k})$ . Assume that $|A|$ is odd or $0 \in A$ . Then Theorem 1.4 implies that

$$ \begin{align*}p^k=\frac{d|A|(|A|-1)}{2}+1.\end{align*} $$

First, consider the case $d=8$ . Then we have $p^k=4|A|(|A|-1)+1=(2|A|-1)^2$ , which is impossible since k is odd.

Next, we assume that $d \neq 8$ . Note that

$$ \begin{align*}C: y^2=f(x)=\frac{8}{d}(x^k-1)+1 \end{align*} $$

is a smooth affine curve with genus $g=\lceil k/2 \rceil -1 \geq 1$ since $f(x)=\frac {8}{d}(x^k-1)+1$ has no repeated root when $d \neq 8$ (see for example [Reference Hindry and Silverman17, Section A.4.5]). Thus, Siegel’s theorem on integral points [Reference Hindry and Silverman17, Theorem D.9.1] implies the curve C only has finitely many integral points. On the other hand, note that $(p, 2|A|-1)$ is an integral point on the curve C, thus p is upper bounded by a constant $p_0$ depending only on d and k.

Proof Let $A=\{a_1, a_2, \ldots , a_N\}$ and let $m=\frac {N-2}{2}$ . Consider instead the following auxiliary polynomial:

(4.6) $$ \begin{align} f(x)=-(-1)^{m+1}+\sum_{i=1}^N c_i (x+a_i)^{m+\frac{q-1}{d}} (x-a_i)^{m+1}\in \mathbb{F}_q[x], \end{align} $$

where $c_1,c_2,...,c_N$ is the unique solution of the following system of equations:

(4.7) $$ \begin{align} \left\{ \begin{array}{ll} \sum_{i=1}^N c_i a_i^j=0, \quad &0 \leq j \leq 2m=N-2\\\\ \sum_{i=1}^N c_i a_i^{N-1}=1. \end{array}\right. \end{align} $$

With this new polynomial (4.6), similar arguments as in the proof of Proposition 3.1 lead to the following.

• • $\deg f \leq \frac {q-1}{d}$ .

• • $f(a_j)=0$ for each $1 \leq j \leq N.$

• • An analogous claim, namely

  (4.8) $$ \begin{align} \sum_{i=1}^N c_i E^{(k_1)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(k_2)}[(x-a_i)^{m+1}](a_j)=0. \end{align} $$
  holds for each $1 \leq j \leq N$ , provided that $0 \leq k_1,k_2\leq m$ and $1 \leq k_1+k_2 \leq m+1$ .

• • Via claim (4.8), Lemma 2.3 then allows us to deduce that for each $1 \leq j \leq N$ , the multiplicity of $a_j$ as a root of f is at least $m+1$ by showing that $E^{(r)}f(a_j)=0$ for $1 \leq r \leq m$ .

If f is not identically zero, then we obtain the inequality

$$ \begin{align*}\frac{N^2}{2}=N(m+1)\leq \deg f \leq \frac{q-1}{d}, \end{align*} $$

which contradicts inequality (4.4) (a consequence of $A \hat {+} A=S_d$ ). Thus, we deduce that the polynomial f we constructed in Equation (4.6) must be identically zero. Next, we use this strong algebraic condition to deduce some structural information of A.

Since f is identically zero, in particular, $E^{(m+1)} f (a_j)=0$ for each $1 \leq j \leq N$ . For each $1\leq j \leq N$ , note that claim (4.8) and Lemma 2.3 together imply that

(4.9) $$ \begin{align} E^{(m+1)} f (a_j) &= \sum_{i=1}^N c_i E^{(0)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(m+1)}[(x-a_i)^{m+1}](a_j) \notag\\ &\quad +\binom{m+\frac{q-1}{d}}{m+1} \sum_{i=1}^N c_i E^{(m+1)}[(x+a_i)^{m+\frac{q-1}{d}}](a_j) \cdot E^{(0)}[(x-a_i)^{m+1}](a_j) \notag\\ &= \sum_{i=1}^N c_i (a_j+a_i)^{m+\frac{q-1}{d}} +\binom{m+\frac{q-1}{d}}{m+1} \sum_{i=1}^N c_i (a_j+a_i)^{\frac{q-1}{d}-1} (a_j-a_i)^{m+1}. \end{align} $$

In the following discussion, let $1 \leq j \leq N$ be such that $a_j \neq 0$ . The same computation as in Equation (3.6) shows that

$$ \begin{align*}\sum_{i=1}^N c_i (a_j+a_i)^{m+\frac{q-1}{d}}=c_j (2a_j)^m \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg). \end{align*} $$

Also note that for each $i \neq j$ ,

$$ \begin{align*}(a_j+a_i)^{\frac{q-1}{d}-1} (a_j-a_i)^{m+1}=\frac{(a_j-a_i)^{m+1}}{a_j+a_i}, \end{align*} $$

and the above equation holds even when $i=j$ and $a_j=0$ , since both sides are zero. In view of system (4.7), we have the following:

$$ \begin{align*} \sum_{i=1}^N c_i \frac{(a_j-a_i)^{m+1}}{a_j+a_i} &=\sum_{i=1}^N c_i \frac{(2a_j-(a_j+a_i))^{m+1}}{a_j+a_i}\\ &= \sum_{k=0}^{m+1} \binom{m+1}{k} (2a_j)^k (-1)^{m+1-k} \bigg(\sum_{i=1}^N c_i (a_j+a_i)^{m-k}\bigg)\\ &=(2a_j)^{m+1} \sum_{i=1}^N \frac{c_i}{a_j+a_i}. \end{align*} $$

Therefore, using the above three equations, Equation (4.9) simplifies to

(4.10) $$ \begin{align} 0=E^{(m+1)} f (a_j)=c_j (2a_j)^m \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg) +\binom{m+\frac{q-1}{d}}{m+1} (2a_j)^{m+1} \sum_{i=1}^N \frac{c_i}{a_j+a_i}. \end{align} $$

Using the formula for the inverse of a Vandermonde matrix (see, for example, [Reference Horn and Johnson18, Section 0.9.11]), it is easy to verify that

$$ \begin{align*}c_i=\bigg(\prod_{\substack{1 \leq k \leq N\\k \neq i}} (a_i-a_k)\bigg)^{-1}. \end{align*} $$

Consider the polynomial

$$ \begin{align*}g(x)=\sum_{i=1}^N c_i\prod_{k \neq i} (x+a_k)=\sum_{i=1}^N \frac{\prod_{k \neq i} (x+a_k)}{\prod_{k \neq i} (a_i-a_k)} \in \mathbb{F}_q[x]. \end{align*} $$

Note that g has degree at most $N-1$ , and for each $1 \leq i \leq N$ , we have $g(-a_i)=(-1)^{N-1}=-1$ . Therefore, $g \equiv -1$ and thus

$$ \begin{align*}\sum_{i=1}^N \frac{c_i}{a_j+a_i}=\frac{g(a_j)}{\prod_{i=1}^N (a_j+a_i)}=\frac{-1}{\prod_{i=1}^N (a_j+a_i)}. \end{align*} $$

As a summary, if $a_j \neq 0$ , we have shown that

$$ \begin{align*} c_j (2a_j)^m \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg) =\binom{m+\frac{q-1}{d}}{m+1} (2a_j)^{m+1} \frac{1}{\prod_{i=1}^N (a_j+a_i)}, \end{align*} $$

equivalently

(4.11) $$ \begin{align} c_j \bigg((2a_j)^{\frac{q-1}{d}}-1\bigg) \cdot \prod_{i=1}^N (a_j+a_i)= \binom{m+\frac{q-1}{d}}{m+1} \cdot 2a_j. \end{align} $$

Since $A+A \not \subset S_d \cup \{0\}$ , there is $1\leq j_0\leq N$ such that $2a_{j_0} \not \in S_d \cup \{0\}$ . By setting $j=j_0$ in Equation (4.11), it follows that $\binom {m+\frac {q-1}{d}}{m+1}\neq 0$ . Now if $a_j \neq 0$ , Equation (4.11) implies that $(2a_j)^{\frac {q-1}{d}}\neq 1$ , that is, $2a_j \notin S_d$ . Therefore, $\{2a: a \in A\} \cap S_d=\emptyset $ .

Finally, assume that $d=2$ . We have

$$ \begin{align*} 0=f(0) &= -(-1)^{m+1}+\sum_{i=1}^N a_i^{m+\frac{q-1}{2}} (-a_i)^{m+1}\\ &= -(-1)^{m+1}+ (-1)^{m+1} \cdot \sum_{i=1}^N c_i a_i^{N-1+\frac{q-1}{2}}. \end{align*} $$

In view of the equation $\sum _{i=1}^N c_i a_i^{N-1}=1$ in system (4.7), we have

$$ \begin{align*}\sum_{i=1}^N c_i a_i^{N-1+\frac{q-1}{2}}=\sum_{i=1}^N c_i a_i^{N-1}=1. \end{align*} $$

Therefore, $\sum ^* c_i a_i^{N-1}=1$ , where the sum is over those i such that $a_i \in S_2$ . In particular, there is $1\leq k\leq N$ such that $a_k \in S_2$ . If $q \equiv \pm 1 \ \pmod 8$ , then $2 \in S_2$ and thus $2a_k \in S_2$ , contradicting the previous necessary condition. Thus, we must have $q \equiv 3,5 \ \pmod 8$ so that $2 \not \in S_2$ . It follows that $A \subset S_2 \cup \{0\}$ since $2 \not \in S_2$ and $\{2a: a \in A\} \cap S_2=\emptyset $ .

Assume that $0 \not \in A$ so that $A \subset S_2$ . Set $A'=A \cup \{0\}$ . We still have $A' \hat {+}A'=S_2$ since $A \subset S_2$ . Since $|A|$ is even, it follows that $|A'|$ is odd and $A'$ is a Sidon set by Corollary 4.2. In particular, for each $a \in A$ , we have $a=0+a \not \in A+A$ while $a \in S_2$ , which implies that $A\hat {+}A\neq S_2$ , a contradiction. Therefore, we must have $0 \in A$ . Consequently, Corollary 4.2 implies that A is a Sidon set.

Proof of Theorem 1.1

Let $q=p^r>13$ and let $A \subset \mathbb {F}_q$ . Suppose otherwise that $A \hat {+} A=S_2$ . Let $|A|=N$ . By Proposition 4.1, Corollary 4.2, and Proposition 4.3, we deduce that A is a Sidon set and $q=p^r=N^2-N+1$ . If $r=1$ , then $q=p$ , and the possibility that $A \hat {+} A =S_2$ has been ruled out by Shkredov [Reference Shkredov27, Theorem 1.2].

Next, we consider the case $r \geq 2$ . It turns out that $p^r=N(N-1)+1$ (where $r \geq 2$ ) is a special case of the well-studied Nagell–Ljunggren equation. A classical result of Nagell [Reference Nagell22] (see also the survey [Reference Bugeaud and Mignotte5] by Bugeaud and Mignotte) implies that the only solution to

$$ \begin{align*}p^r=N(N-1)+1=\frac{(N-1)^3-1}{N-1}\end{align*} $$

where $r \geq 2$ is $(p,r, N)=(7,3,19)$ . Thus, $q=343$ and $|A|=N=19$ . However, in this case, a simple code via SageMath indicates that such A does not exist; in fact, the largest $B \subset \mathbb {F}_{343}$ such that $B \hat {+}B \subset S_2$ has size $10$ . This completes the proof.

Proof of Theorem 1.2

Let

$$ \begin{align*}\mathcal{B}_d=\{p \in \mathcal{P}_d: \text{there is some } A \subset \mathbb{F}_q \text{ with } A\hat{+}A=S_d(\mathbb{F}_q).\} \end{align*} $$

Our aim is to show the relative upper density of $\mathcal {B}_d \subset \mathcal {P}_d$ is at most $\frac {1}{4} \cdot (\frac {d-1}{d})^r$ .

We first consider the case where s is odd. In this case, $s=2r+1$ . For simplicity, for each $p \in \mathcal {P}_d$ , we write $q=p^{2r+1}$ and

$$ \begin{align*}\alpha_p=\bigg\lceil \sqrt{\frac{q-1}{2d}} \bigg \rceil. \end{align*} $$

Let $p \in \mathcal {B}_d$ . Then there is $A \subset \mathbb {F}_q$ with $A\hat {+}A=S_d$ . By Proposition 4.1, $A+A \not \subset S_d \cup \{0\}$ . Let $|A|=N$ .

(1) If N is odd, then Theorem 1.4 implies that

$$ \begin{align*}q=\frac{dN(N-1)}{2}+1. \end{align*} $$

(2) If N is even, then Theorem 1.4 implies that $N=2\alpha _p$ and

(4.12) $$ \begin{align} \sqrt{\frac{q-1}{2d}} \in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1. \end{align} $$

Let $m=\frac {N-2}{2}$ . By Proposition 4.1, $A+A \not \subset S_d \cup \{0\}$ so that we can apply Proposition 4.3 to deduce that

$$ \begin{align*}\binom{m+\frac{q-1}{d}}{m+1} \not \equiv 0 \ \ \pmod p. \end{align*} $$

Note that $\alpha _p \in (p^r, p^{r+1})$ . Write $\alpha _p=m+1=(c_r, c_{r-1}, \ldots , c_0)_p$ in its base-p representation. Then, Kummer’s theorem implies that $c_j \leq \frac {(d-1)(p-1)}{d}$ for $j \geq 1$ and $c_0 \leq \frac {(d-1)(p-1)}{d}+1$ . Note that $c_j=\lfloor p\{\alpha _p/p^{j+1}\} \rfloor $ for $0 \leq j \leq r$ , where $\{x\}$ denotes the fractional part of a real number x. Indeed, in view of the base-p representation of $\alpha _p$ , we have

$$ \begin{align*}c_jp^j+\sum_{i=j+1}^r c_ip^i\leq \alpha_p <(c_j+1)p^j+\sum_{i=j+1}^r c_ip^i,\end{align*} $$

thus $c_j/p\leq \{\alpha _p/p^{j+1}\}<(c_j+1)/p$ , equivalently, $c_j=\lfloor p\{\alpha _p/p^{j+1}\} \rfloor $ .

The above discussion shows that $\mathcal {B}_d \subset \mathcal {C}_d \cup \mathcal {D}_d$ , where

$$ \begin{align*}\mathcal{C}_d= \bigg\{p \in \mathcal{P}_d: p^{2r+1}=\frac{dk(k-1)}{2}+1 \text{ for some positive integer } k\bigg\} \end{align*} $$

and

$$ \begin{align*} \mathcal{D}_d= &\bigg\{p \in \mathcal{P}_d: \sqrt{\frac{q-1}{2d}} \in \bigg[\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1\bigg\} \bigcap \\ &\qquad\qquad\qquad\bigcap_{j=1}^{r} \bigg\{p \in \mathcal{P}_d: \frac{\alpha_p}{p^{j}} \in \bigg [0,\frac{(d-1)(p-1)}{dp}+\frac{2}{p}\bigg) \ \ \pmod 1 \bigg\}. \end{align*} $$

In view of the prime number theorem for aritheoremetic progressions and Corollary 1.5, it is clear that the relative density of $\mathcal {C}_d \subset \mathcal {P}_d$ is $0$ . Note that as $p \to \infty $ ,

(4.13) $$ \begin{align} \alpha_p=\sqrt{\frac{q}{2d}}+o(1)=\frac{p^{r+1/2}}{\sqrt{2d}}+o(1), \quad \frac{(d-1)(p-1)}{dp}+\frac{2}{p}=\frac{d-1}{d}+o(1). \end{align} $$

Thus, in view of Lemma 4.5, it is easy to verify that the relative upper density of $\mathcal {B}_d \subset \mathcal {P}_d$ is at most the relative upper density of $\widetilde {\mathcal {D}_d} \subset \mathcal {P}_d$ , where $\widetilde {\mathcal {D}_d}$ is essentially obtained by dropping the $o(1)$ error terms from Equation (4.13). More precisely,

$$ \begin{align*} \widetilde{\mathcal{D}_d}=\bigg\{p \in \mathcal{P}_d: &\frac{p^{r+1/2}}{\sqrt{2d}} \in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1, \\ &\frac{p^{j+1/2}}{\sqrt{2d}} \in \bigg(0,\frac{d-1}{d}\bigg) \ \ \pmod 1 \text{ for each } 0 \leq j \leq r-1 \bigg\}. \end{align*} $$

Lemma 4.5 then implies that the relative density of $\widetilde {\mathcal {D}_d} \subset \mathcal {P}_d$ is $\frac {1}{4} \cdot (\frac {d-1}{d})^r$ , as desired.

Finally, we consider the case where s is even. In this case, $s=2r+2$ . Using an almost identical argument, we can show that the relative upper density of $\mathcal {B}_d \subset \mathcal {P}_d$ is at most the relative upper density of $\widetilde {\mathcal {D}_d} \subset \mathcal {P}_d$ , where

$$ \begin{align*} \widetilde{\mathcal{D}_d}=\bigg\{p \in \mathcal{P}_d: &\frac{p^{r+1}}{\sqrt{2d}} \in \bigg(\frac{1}{2},\frac{3}{4}\bigg) \ \ \pmod 1, \\ &\frac{p^{j}}{\sqrt{2d}} \in \bigg(0,\frac{d-1}{d}\bigg) \ \ \pmod 1 \text{ for each } 1 \leq j \leq r \bigg\}. \end{align*} $$

Since $2d$ is not a perfect square, it follows that $\sqrt {2d}$ is not rational, and thus Lemma 4.5 implies that the relative density of $\widetilde {\mathcal {D}_d} \subset \mathcal {P}_d$ is $\frac {1}{4} \cdot (\frac {d-1}{d})^r$ , as desired.