Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Coding theory lectures By Dr. Mohammed M. AL-Ashker Associated professor Mathematics Department E.mail:mashker @ mail.iugaza.edu Islamic University of Gaza P.O.Box 108, Gaza, Palestine 1 Contents 1 Basic concepts of linear codes 4 1.1 Three fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2 Linear codes, generators and parity check matrices . . . . . . . . . . . . . . 6 1.2.1 Subcode: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.3 Dual codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.4 Weights and distances: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.5 New codes from old . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.5.1 Puncturing codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 1.5.2 Extending codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 1.5.3 Shortening codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 1.5.4 Direct sums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 1.5.5 The ( u|u + v) construction . . . . . . . . . . . . . . . . . . . . . . 27 1.6 Permutation equivalent codes: . . . . . . . . . . . . . . . . . . . . . . . . . 29 1.7 Hamming codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 1.8 The Golay codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 1.9 1.8.1 The Golay code G24 . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 1.8.2 The ternary Golay codes . . . . . . . . . . . . . . . . . . . . . . . . 36 Reed- Muller codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 1.10 Encoding, decoding, and Shannon’s theorem . . . . . . . . . . . . . . . . . 38 1.10.1 Decoding and shannon’s theorem . . . . . . . . . . . . . . . . . . . 41 1.11 Sphere packing bound, covering radius and perfect codes . . . . . . . . . . 49 2 2 Bounds on the size of codes 51 2.1 Aq (n, d) and Bq (n, d) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 2.2 Singleton upper bound and MDS codes. 2.3 Lexicodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3 Finite fields . . . . . . . . . . . . . . . . . . . 53 58 3.1 Introduction to finite fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.2 Polynomials and the Euclidean algorithm . . . . . . . . . . . . . . . . . . . 59 3.3 Primitive elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.4 Constructing finite fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.5 Subfields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 3.6 Field automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.7 Cyclotomic cosets and minimal polynomilals . . . . . . . . . . . . . . . . . 69 4 Cyclic codes 75 4.1 Factoring xn − 1 4.2 Basic theory of cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . 78 4.3 Idempotent and multipliers . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.4 Zeros of a cyclic code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 4.5 Meggitt decoding of cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . 96 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 3 Chapter 1 Basic concepts of linear codes Introduction: Coding theory began in the late 1948’s with work of C.Shannon, hamming, Golay and others. Historically coding theory originated as the mathematical foundation for transmission of messages over noisy channels. In fact a multitude of diverse applications have been discovered such as the minimization of noise from compact disc recording, the transmission of financial information a cross telephone lines, data transfer from one computer to another and so on. Coding theory deals with the problem of detecting and correcting transmission errors caused by noise on the channel. The following diagram provides a rough idea of a general information transmission system. Information source → (Transmitter) Encoder → Communication Channel ↑ → (Receiver) Decoder → Information sink Noise Communication channel The most important part of the diagram, as far as we are concerned is the noise, for 4 without it there would be no need for the theory. 1.1 Three fields A field F is an algebraic structure consisting of a set together with two operations, usually called addition (+) and multiplication (·) which satisfy certain axioms 1) (F, +) is an abelian group 2) · is associative a · (b · c) = (a · b) · c for all a, b, c in F 3)· is left and right distributive over +, a · (b + c) = a · b + a · c and (b + c) · c = b · c + c · a. If F is commutative over · and F∗ = F/0 is a group over, then f is a field. The three fields that are very common in the study of linear codes are the binary field Z2 = F2 = {0, 1} with tow elements, the ternary field with three elements Z3 = F3 = {0, 1, 2} and the quaternary field with four elements is F4 = {0, 1, ω, ω̄ = 1 + ω = ω 2 } the addition and multiplication tables of the above fields are: The field F2 + 0 1 · 0 1 0 0 1 0 0 0 1 1 0 1 0 1 The field F3 + 0 1 2 · 0 1 2 0 0 1 2 0 0 0 0 1 1 2 0 1 0 1 2 2 2 0 1 2 0 2 1 And addition and multiplication table for F4 are 5 + 0 1 ω ω̄ · 0 1 ω ω̄ 0 0 1 ω ω̄ 0 0 0 0 0 1 1 0 ω̄ ω 1 0 1 ω ω̄ ω ω ω̄ 0 1 ω 0 ω ω̄ 1 ω̄ ω̄ ω 1 0 ω̄ 0 ω̄ 1 ω 1.2 Linear codes, generators and parity check matrices Let Fnq be denote the vector space of all n−tuples over the finite field Fq . n is the length of the vectors in Fnq witch is the dimension of Fnq . An (n, M ) code C over Fq is a subset of Fnq of size M , that is |C| = M = (the number of all codewords in C) Remark 1.2.1. We write the vectors (a1 , a2 · · · , an ) in Fnq in the form a1 a2 · · · an and call the vectors in C codewords. The codes over Z2 = F2 are called binary codes and the codes over Z3 = F3 are called ternary codes and over F4 are called quaternary codes. Also the term quaternary has also been used to refer to codes over Z4 the integers modulo 4. Definition 1.2.1. Linear codes: If C is a k− dimensional subspace of Fnq , then C will be called an [n, k] linear code over Fq . and the linear [n, k] code C has q k codewords Definition 1.2.2. Generator matrices and parity check matrices: A generator matrix for an [n, m] code C is any k × n matrix G whose rows form a basis for C. Remark 1.2.2. In general for any code C there are many generator matrices of size k × n. If C is any [n, k]-code, with generator matrix G, then the codewords in C are the linear combination of the rows of G. 6 Example 1.2.1. : Consider the binary code with 1 1 0 G= 0 1 1 1 0 1 generator matrix 0 1 , 0 this matrix has three rows, then the dimension of the code is 3 and has 23 codewords. Definition 1.2.3. For any set of k independent columns of a generator matrix G, the corresponding set of coordinates form an information set of C. and the remaining r = n−k coordinates are called the redundancy set and r is called the redundancy of C. Definition 1.2.4. a generator matrix of the form h i G= Ik A , where Ik is the k × k identity matrix of size k is said to be in the standard form. Example 1.2.2. : The binary [7, 4]-code 1 0 0 1 G= 0 0 0 0 with generator matrix 0 0 1 0 1 0 0 1 0 0 , 1 0 1 1 0 0 1 0 1 1 in standard form the first 4 coordinates form information set. Definition 1.2.5. Let C be a linear [n, k] code. The set C ⊥ = {x ∈ Fnq : x · c = 0 for all c ∈ C} is called the dual code of C. If C is a linear code with k × n generator matrix h G= i Ik in standard form, and if H is the matrix h H= −A> A i In−k , where A> is the transpose of A. Then HG> = −A> + A> = 0. Hence the rows of H are orthogonal to the rows of G and since rank H=n − k=dim (C ⊥ ), we deduce that H is a 7 generator matrix for the dual code C ⊥ . The matrix H is called the parity check matrix for the [n, k]− code C of size (n − k × n). The matrix H is defined also by C = {x ∈ Fnq : Hx> = 0}. The code C is the kernel of the linear transformation L : x −→ Hx> , dim(ker L)=dim C = k, because H has rank n − k. h i Theorem 1.2.1. If G = Ik A is a generator matrix for the [n, k] code C in standard h i > form then H = In−k ,is a parity check matrix for C. −A Example 1.2.3. Binary repetition code: The repetition code C is [n, 1] binary linear code if it consisting only the two codewords 0 = 00 · · · 0 and 1 = 11 · · · 1. This code can correct up to e = b (n−1) c errors. 2 The generator matrix of the repetition code is h i G= 1 1 1 ··· 1 in standard form. The parity check matrix has the form 1 1 . H = .. In−1 1 1 The first coordinate is an information set and the last n − 1 coordinates form a redundancy set. Example 1.2.4. The matrix 1 0 h G= 0 1 A , where G = 0 0 0 0 i Ik 0 0 0 1 0 0 1 0 1 0 1 1 0 1 1 1 8 1 1 0 1 is a generator matrix in standard form for a [7, 4] binary code that we denote by H3 . The parity check matrix for H3 is 0 1 1 1 1 0 0 h i H= A> I3 = 1 0 1 1 0 1 0 . 1 1 0 1 0 0 1 This code H3 is called the [7, 4] Hamming code. 1.2.1 Subcode: If C is not linear code, a subcode of C is any subset of C. If C is linear, a sub code will be a subset of C which must also be linear, in this case a subcode of C is a subspace of C. 1.3 Dual codes Inner products: Let x = x1 x2 · · · xn , y = y1 y2 · · · yn ∈ Fqn be two vectors, then the inner P product is denoted by the formula x · y = ni=1 xi yi = x1 y1 + · · · + xn yn . If C is a code over Fq then C ⊥ = {x ∈ Fqn : x · c = 0 for all c ∈ C}, is the dual code of C. If G is the generator matrix for [n, k] code C then H is the generator matrix for [n, n − k] code C ⊥ . Example 1.3.1. The generator matrix for the repetition code C [n, 1] is h i G= 1 1 1 1 · · · 1 1 and the generator matrix for the dual code C ⊥ [n, n−1] 1 1 .. is H = . In−1 1 1 9 H consists of all binary n−tuples a1 a2 · · · an−1 b, where b = a1 + a2 + · · · + an−1 . (The nth coordinate b is an over all parity check for the first n − 1 coordinates chosen, therefore so that the sum of all the coordinates equal 0). Then G is the parity check matrix for C ⊥ . Remark 1.3.1. The code C ⊥ has the property that a single transmission error can be detected (since the sum of the coordinates will be 0) but not corrected (since changing any one of the received coordinates will give a vector whose sum of coordinates will be 0.) Definition 1.3.1. A code C is self-orthogonal if C ⊆ C ⊥ and is self-dual if C = C ⊥ . The length n of a self-dual code is even and the dimension is n 2 because dim(C) + dim(c⊥ ) = n and C = C ⊥ so dim(C) = n2 . The [7, 4] Hamming code H3 is presented by the generator matrix 1 0 0 0 0 1 1 0 1 0 0 1 0 1 length 7, dimension 4. G= 0 0 1 0 1 1 0 0 0 0 1 1 1 1 c3 be the code of length 8 and dimension 4 obtained from H3 by adding an over all Let H parity check coordinate to each vector of G 1 0 0 0 1 0 b G= 0 0 1 0 0 0 and thus to each codeword H3 . Then 0 0 1 1 1 0 1 0 1 1 , 0 1 1 0 1 1 1 1 1 0 c3 , we can easy verify that H c3 is self-dual because n = 8, is a generator matrix for H c3 is equal dimension of H n 2 = 4 and all codewords are orthogonal in pairs and in there self. Example 1.3.2. The ternary [4, 2] code H3,2 is called tetracode has generator matrix in standard form given by G= 1 0 1 0 1 1 -1 10 1 . This code is also self dual because n = 4, dimension of H3,2 is equal n 2 = 2 and all codewords are orthogonal in pairs and in there self. Definition 1.3.2. The Hermitian inner product over the quaternary field F4 is given by hx, yi = x · ȳ = n X xi ȳi , i=1 ¯ = ω, ω̄ = ω 2 = 1 + ω. where¯, called conjugation and is given by 0̄ = 0, 1̄ = 1, ω̄ Definition 1.3.3. The Hermitian dual of a quaternary code C by C ⊥H = {x ∈ F4n : hx, ci = x · c̄ = 0 for all c ∈ C}. Definition 1.3.4. We define the conjugate of C to be C̄ = {c̄|c ∈ C}. where c̄ = c¯1 c¯2 · · · c¯n when c = c1 cc · · · cn . ⊥ C ⊥H = C̄ . Remark 1.3.2. Definition 1.3.5. The code C is called self-orthogonal if C ⊆ C ⊥H and is called Hermitian self-dual if C = C ⊥H . Example 1.3.3. The [6, 3] quaternary code G6 has generator matrix G6 in standard form given by 1 G6 = 0 0 This code is 1.4 0 0 1 ω ω 1 0 ω 1 ω . 0 1 ω ω ω called the hexacode. It is Hermitian self-dual. Weights and distances: Definition 1.4.1. The Hamming distance d(x, y) between two vectors x, y ∈ Fqn is defined to be the number of coordinates in which x and y differ and is denoted by d. For example if x = 10112, and y = 20110, then d(x, y) = 2. 11 Theorem 1.4.1. The distance function d(x, y) satisfies the following four properties: (i) (non-negativity) d(x, y) ≥ 0 for all x, y ∈ Fnq . (ii) d(x, y) = 0, if and only if x = y. (iii) (Symmetry), d(x, y) = d(y, x)∀x, y ∈ Fnq . (iv) (Triangle inequality), d(x, z) ≤ d(x, y) + d(y, z) for all x, y, z ∈ Fnq . Proof. (i),(ii) and (iii) are obvious from the definition of the Hamming distance. It is enough to prove (iv) when n = 1. If x = z then (iv) is obviously true since d(x, z) = 0. If x 6= z, then either y 6= x or y 6= z, so (iv) is again true. Remark 1.4.1. (C, d) is a metric space. Definition 1.4.2. The minimum distance of a code C is the smallest Hamming distance d(x, y), where x 6= y. Definition 1.4.3. The minimum weight of x ∈ Fnq , wt(x) is the number of nonzero coordinates in x which equals d(x, 0). Theorem 1.4.2. If x, y ∈ Fnq , then d(x, y) = wt(x − y). If C is a linear code, the minimum distance d is the same as the minimum weight of the nonzero codewords of C. Proof. d(x, y) = d(0, y − x) = wt(y − x) or wt(x − y) where y − x ∈ C. So the minimum distance {d(x, y), where x 6= y, x, y ∈ C} = the minimum weight {wt(x− y), where x 6= y, x, y ∈ C}. Then the minimum distance d(C) = the minimum weight of nonzero codeword of C = minimum{wt(a) : a 6= 0, a ∈ C}. Remark 1.4.2. If the minimum distance of the [n, k]− code C is d then the code will now be defined as [n, k, d] code. Definition 1.4.4. If x = x1 x2 · · · xn and y = y1 y2 · · · yn are binary words then x ∩ y = (x1 y1 , x2 y2 , · · · , xn yn ). Thus x ∩ y has a 1 in the ith position if and only if both x, y have a 1 in the ith position. 12 Theorem 1.4.3. The following hold: (i) If x, y ∈ Fn2 , then wt(x + y) = wt(x) + wt(x) − 2wt(x ∩ y), where x ∩ y is a vector in Fn2 , which has 1’s precisely in those positions where both x and y have 1’s (ii) If x, y ∈ Fn2 , then wt(x ∩ y) ≡ x · y mod 2. (iii) If x ∈ Fn2 , then wt(x) ≡ x · x mod 2. (iv) If x ∈ Fn3 , then wt(x) ≡ x · x mod 3. (v) If x ∈ Fn4 , then wt(x) ≡ hx · xi mod 2. Proof. (i) If x, y ∈ Fn2 , then wt(x + y) = wt(x − y) = d(x − y, 0) = the number of nonzero coordinates of x+the number of nonzero coordinates of y− 2(the number of nonzero coordinates of x ∩ y) = wt(x) + wt(y) − 2wt(x ∩ y). (ii) wt(x ∩ y) = wt(x1 y1 , x2 y2 , · · · , xn yn ) = the number of nonzero coordinates of (x ∩ y) ≡ (x1 y1 + x2 y2 + · · · + xn yn ) (mod 2). (iii) If x ∈ Fn2 , then wt(x) = (iv) If x ∈ Fn3 , then wt(x) = (v) If x ∈ Fn4 , then wt(x) = P xi 6=0 P xi 6=0 P xi 6=0 xi = xi = xi = P xi 6=0 P xi 6=0 P xi 6=0 x2i ≡ x · x (mod 2). x2i ≡ x · x (mod 3). x2i ≡ x · x̄ (mod 2) ≡ hx · xi (mod 2). Definition 1.4.5. Let Ai or Ai (C) be the number of codewords of weight i in C. The list Ai for 0 ≤ i ≤ n is called the weight distribution or weight spectrum of C. Example 1.4.1. Let C be the binary code 1 1 G= 0 0 0 0 with generator matrix 0 0 0 0 1 1 0 0 . 0 0 1 1 13 All codewords are 000000, 110000, 111100, 110011, 001111, 111111, 001100, 000011. The weight distribution of C are A0 = 1, A6 = 1, A2 = 3, A4 = 3 Theorem 1.4.4. Let C be an [n, k, d] code over Fq , then (i) A0 (C) + A1 (C) + · · · + An (C) = q k . (ii) A0 (C) = 1 and A1 (C) = A2 (C) = · · · = Ad−1 (C) = 0. (iii) If C is a binary code containing the codeword 1 = 11 · · · 1, then Ai (C) = An−i (C) for 0 ≤ i ≤ n. (iv) If C is a binary self-orthogonal code, then each codeword has even weight, and C ⊥ contains the codeword 1 = 11 · · · 1. (v) If C is a ternary self-orthogonal code, then the weight of each codeword is divisible by three. (vi) If C is a quaternary Hermitian self-orthogonal code, then the weight of each codeword is even. Proof. (i) Since Ai (C) ranges over all codewords of C then A0 (C)+A1 (C)+· · ·+An (C) = qk . (ii) If d is the minimum distance of C then the minimum weight of C is d and no codeword in C with weight less than d so A0 (C) = 1 and A1 (C) = A2 (C) = · · · = Ad−1 (C) = 0. (iii) If C is binary code and 1 = 11 · · · 1 is a codeword in C, then if x ∈ C 3 wt(x) = i then wt(x + 1) = wt(y) = n − i, where y = x + 1 has weight n − i, then the number of words of weight i equals the number of words of weight n − i, that is Ai (C) = An−i (C). 14 (iv) Let C ⊆ C ⊥ and C be binary code, if x ∈ C then x · x ≡ 0 (mod 2), then wt(x) is even and 1 = 11 · · · 1 ∈ C ⊥ , because it is orthogonal to any codeword x ∈ C and because x has even weight so x · 1 ≡ 0 (mod 2). (v) If C ⊆ C ⊥ and C is any ternary code, if x ∈ C, =⇒ wt(x) = x · x ≡ 0 (mod 3), then wt(x) is divisible by 3. (vi) If C ⊆ C ⊥H and C is quaternary code then hx, xi ≡ 0 (mod) 2 =⇒ wt(x) is even, because wt(x) = hx, xi ≡ 0 (mod) 2. Remark 1.4.3. The subset of codewords of a binary self-orthogonal code C that have weight divisible by four form a subspace of C, this is not necessarily the case for non-selforthogonal codes. Theorem 1.4.5. Let C be an [n, k] self-orthogonal binary code. Let C0 be the set of codewords in C whose weights are divisible by four then either: (i) C = C 0 or (ii) C0 is an [n, k − 1] subcode of C and C = C0 ∪ C1 , where C1 = x + C0 for any codeword x whose weight is even but not divisible by four. Furthermore C1 consists of all codewords of C whose weights are not divisible by four. Proof. Since C is self-orthogonal then all codewords have even weight, then either (i) holds or there exists a codeword x of even weight but not of weight a multiple of four. Assume the later and let y be another codeword whose weight is even but not a multiple of four, then by previous theorem (3.3) =⇒ wt(x + y) = wt(x) + wt(y) − 2wt(x ∩ y) ≡ 2+2−2wt(x ∩ y) )(mod 4). But wt(x ∩ y) ≡ x · y (mod 2) ≡ 0 (mod 2). Hence wt(x + y) is divisible by 4 then x + y ∈ C0 . this shows that y ∈ x + C0 and C = C0 ∪ (x + C0 ). That is C0 is a subcode of C and that C1 = x + C0 consists of all codewords of C whose weight are not divisible by 4 follow from a similar argument. 15 Theorem 1.4.6. Let C be an [n, k] binary code. Let Ce be the set of codewords in C whose weights are even. Then either (i) C = Ce or, (ii) Ce is an [n, k] subcode of C and C = Ce ∪ C0 , where C0 = x + Ce for any codeword x whose weight is odd. Furthermore C0 consists of all codewords of C whose weight are odd. Theorem 1.4.7. Let C be a binary linear code. (i) If C is self-orthogonal and has a generator matrix each of whose rows has weight divisible by 4, then every codeword of C has weight divisible by 4. (ii) If every codeword of C has weight divisible by four, then C is self-orthogonal. Proof. (i) Let x, y be tow rows of a generator matrix G, then wt(x + y) = wt(x) + wt(y) − 2wt(x ∩ y) ≡ 0 + 0 − 2wt(x ∩ y) ≡ 0 + 0 − 2(x · y) ≡ 0(mod 4). We proceed by induction as every codeword is a sum of rows of the generator matrix. (ii) Let x, y ∈ C, then by previous theorem wt(x ∩ y ≡ x · y(mod 2) =⇒ 2(x · y) ≡ 2wt(x ∩ y) ≡ 2wt(x ∩ y) − wt(x) − wt(y) ≡ −wt(x + y) ≡ 0 (mod 4) =⇒ x · y ≡ 0(mod 2) =⇒ C is self-orthogonal. Example 1.4.2. The dual of the [n, 1] binary repetition code C, consists of all the even weight vectors of length n and has generator matrix 1 1 1 1 0 1 In−1 = H= .. .. .. . . . 1 1 0 0 ··· 0 1 .. . ··· .. . 0 .. . 0 ··· 1 . If n > 2 this code is not self-orthogonal because any two different codewords are not orthogonal. 16 Theorem 1.4.8. Let C be a code over Fnq , with q = 3 or 4. (i) when q = 3, every codeword of C has weight divisible by three if and only if C is self-orthogonal. (ii) when q = 4, every codeword of C has weight divisible by two if and only if C is Hermitian self-orthogonal. Proof. (i) If C is self-orthogonal. Then the codewords have weights divisible by three ( by theorem (1.3.4)(v).) For the converse let x, y ∈ C and x, y has weight divisible by three. We need to show that x · y = 0. We can view the codewords x and y having the following parameters. x : ∗ 0 =6= 0 y : 0 ∗ =6= 0 : a b c d e. Where there are a coordinates where x is non zero and y is zero, b coordinates where y is nonzero and x is zero, c coordinates where both agree and are nonzero, d coordinates where both disagree and are nonzero, and e coordinates where both are zero. So wt(x + y) = a+b+c and wt(x − y) = a+b+d, but x ± y ∈ C =⇒ a+b+c ≡ a + b + d ≡ 0(mod 3). In particular c ≡ d (moa 3) =⇒ x · y = c + 2d ≡ 0 (mod 3) (because x · y = 0 + 0 + c + 2d ≡ 0 (mod 3) and because c ≡ d (mod 3)). (ii) If C is Hermitian self-orthogonal, then the codewords have even weights, by the (1.3.4)(vi) wt(x) = hx, xi ≡ 0 (mod 2). For the converse, let x ∈ C. If x has a 0’s b 1’s, cw’s and dω̄’s then b + c + d is even as wt(x) = a + c + d. However hx, xi also equals b + c + d (as an element of F4 ), then hx, xi = 0 for all x ∈ C. Now let x, y ∈ C. So both x + y and ωx + y are in C. We have 0 = hx + y, x + yi = hx, xi + hx, yi + hy, xi + hy, yi = 0 + hx, yi + hy, xi + 0.....(1) Also 0 = hωx + y,ωx + yi = hx, xi + ωhx, yi + ω̄hy, xi + hy, yi = ωhx, yi + 17 ω̄hy, xi...(2) From (1) and (2) 0 = (1 + ω)hx, yi + (1 + ω̄)hy, xi = ω̄hx, yi + ωhy, xi =⇒ hx, yi = 0 and hy, xi = 0 =⇒ C is self-orthogonal. Theorem 1.4.9. Let C be a binary code with a generator matrix each of whose rows has even weight. Then every codeword of C has even weight. Proof. Let x, y be rows of the generator matrix wt(x + y) = wt(x)+wt(y)−2wt(x ∩ y) ≡ 0 + 0 − 2wt(x ∩ y) ≡ 0(mod 2) =⇒ wt(x + y) is even, so we proceed by induction every codeword is a sum of rows of the generator matrix. Definition 1.4.6. Binary codes for which all codewords have weight divisible by 4 are called doubly even and by theorem 1.4.7 doubly even codes are self-orthogonal. A self-orthogonal code must be even by theorem 1.4.4(iv). The code that is not doubly even is called singly even. Definition 1.4.7. A vector x = x1 x2 · · · xn ∈ Fnq is called even-like if n X xi = 0 and is i=1 called odd like otherwise. A binary vector is even like if and only if it has even weight for F33 the vector (1, 1, 1) ∈ F33 is even like but not of even weight. Also (1, ω, ω̄) ∈ F33 is even like but not of even weight. Definition 1.4.8. A code is even like if it has only even like codewords, a code is odd like if it is not even like. Theorem 1.4.10. Let C be an [n, k] code over Fq , let Ce be the set of even like codewords in C, then either. (i) C = Ce or, (ii) Ce is an [n, k − 1] subcode of C. P P Proof. Either (i) holds or if x, y ∈ Ce and α, γ ∈ Fq =⇒ α ni=1 xi = 0, γ ni=1 yi = 0 =⇒ Pn i=1 αxi + γyi = 0 =⇒ αx + γy is even like =⇒ αx + γy ∈ Ce =⇒ Ce is a subcode of C. 18 If z is odd like codeword, then z + Ce is a code of odd like codewords. Let C1 = z + Ce =⇒ C = Ce ∪ C1 and dimCe = k − 1. The relation ship between the weight of a codeword and a parity check matrix for a linear code. Theorem 1.4.11. Let C be a linear code with parity check matrix H. If c ∈ C, the columns of H corresponding to the nonzero coordinates of C are linearly dependent. Conversely if a linear dependence relation with nonzero coefficients exists among w columns of H, then there is a codeword in C of weight w whose nonzero coordinates correspond to these columns. Proof. If G is a generator matrix of size k × n for the code C and H is the parity check matrix for C, then H is of size n − k × n and rank(H) = n − k. If c = c1 c2 · · · cn ∈ C and if H1 , H2 , · · · Hn are the columns of H, then c 1 h i c2 > Hc = H1 H2 · · · Hn .. = 0 =⇒ c1 H1 + c2 H2 + · · · + cn Hn = 0. . cn Since c = c1 c2 · · · cn is non zero codeword so there exists i, 1 ≤ i < n 3 ci 6= 0 then the columns of H corresponding to the nonzero coordinates of C are linearly dependent. Conversely if there exists some i such that ci 6= 0 and c1 H1 + c2 H2 + · · · + cw Hw = 0 where H1 , H2 , · · · , Hw are the w columns of H which are linearly dependent, then there exists c = c1 c2 · · · cn 6= 0 ∈ C such that Hc> = 0 and wt(c) = w. Corollary 1.4.12. A linear code has minimum weight d if and only if its parity check matrix has a set of d linearly dependent columns but no set of d − 1 linearly dependent columns. h Proof. Let H = i H1 H2 ··· Hn and c = c1 c2 · · · cn be a codeword in C with Hamming weight w > 0. Let J = {j1 , j2 , · · · , jw } be the set of indexes of the nonzero 19 > entries in c. Since Hc = 0 then linearly dependent. w X cji Hji = 0 =⇒ the columns of H indexed by J are i=1 Conversely, every set of w linearly dependent columns of H correspond to at least one nonzero codeword c ∈ C with wt(c) ≤ w. Let d = the minimum distance of C then no nonzero codewords of C has Hamming weight less than d, but there is at least one codeword in C whose hamming weight is d. Example 1.4.3. Consider the generator matrix 1 0 i h 0 1 G= In A = 0 0 0 0 0 0 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 0 1 for the Hamming binary [7, 4] code H3 its parity check matrix H is of the form 0 1 1 1 1 0 0 h i > H= A I3 = 1 0 1 1 0 1 0 . 1 1 0 1 0 0 1 Every two columns in H are linearly independent and so, the minimum distance of the Hamming code H3 is at least 3. In fact the minimum distance is exactly 3 since there are three dependent columns which are (001)> , (0, 1, 0)> , (011)> . Theorem 1.4.13. If C is an [n, k, d] code, then every n−d+1 coordinate position contains an information set. Furthermore, d is the largest number with this property. Proof. Let G be a generator matrix for C, consider any set X of s coordinate positions. Assume that X is the set of the last s positions. Suppose X does not contain an inh i formation set. Let G = A B , where A is k × (n − s) and B is k × s. Then the column rank of B and the row rank of B, is less than k. Hence there exists a non trivial linear combination of the rows of B which equals 0, and hence a codeword c which is 0 in the last s positions. Since the rows of G are linearly independent, c 6= 0 and hence d ≤ n − s =⇒ s ≤ n − d. Then the theorem now follows. 20 Remark 1.4.4. for theorem 1.4.13. The parity check matrix H of an [n, k, d] linear code C is (n−k)×n matrix such that every d−1 columns of H are linearly independent. Since the columns of H have length n−k, we can never have more than n−k independent columns, then d−1 ≤ n−k =⇒ k ≤ n−d+1. 1.5 New codes from old 1.5.1 Puncturing codes Definition 1.5.1. Let C be an [n, k, d] code over Fq , we can puncture C by deleting the same coordinate i in each codeword. the puncture code of C denoted bey C ∗ has length n − 1. Theorem 1.5.1. Let C be an [n, k, d] code over Fq , and let C ∗ be the code C punctured on the ith coordinate. (i) If d > 1, C ∗ is an [n − 1, k, d∗ ] code where d∗ = d − 1 if C has a minimum weight codeword with a non zero ith coordinate and d∗ = d otherwise. (ii) When d = 1, C ∗ is an [n − 1, k, 1] code, if C has no codeword of weight 1 whose nonzero entry is in coordinate i; otherwise, if k > 1, C ∗ is an [n − 1, k − 1, d∗ ] code with d∗ ≥ 1. Example 1.5.1. Let C be the [5, 2, 2] binary code with generator matrix 1 1 0 0 0 . G= 0 0 1 1 1 Let C1∗ and C5∗ be the code C punctured on coordinate 1 and 5, respectively, they have generator matrices G∗1 = 1 0 0 0 0 1 1 1 G∗5 = , So C1∗ is a [4, 2, 1] code, while C5∗ is a [4, 2, 2] code. 21 1 1 0 0 0 0 1 1 . Example 1.5.2. Let D be the [4, 2, 1] binary code with generator matrix 1 0 0 0 . G= 0 1 1 1 Let D1∗ and D4∗ be the code D punctured on coordinate 1 and 4, respectively, they have generator matrices D1∗ = i h 1 1 1 D4∗ = , 1 0 0 0 1 1 . So D1∗ is a [3, 1, 3] code, while D4∗ is a [3, 2, 1] code. In General a code C can be punctured on the coordinate set T by deleting T components in all codewords of C. If T has size t, the resulting code, which we will often denoted C T is an [n − t, k ∗ , d∗ ] where k ∗ ≥ k − t, d∗ ≥ d − t 1.5.2 Extending codes We can create longer codes by adding a coordinate. Definition 1.5.2. If C is an [n, k, d] code over Fq , define the extended code Cˆ to be the code Cˆ = {x1 x2 · · · xn+1 ∈ Fn+1 |x1 x2 · · · xn ∈ C with x1 + x2 + · · · + xn+1 = 0}. q ˆ code, where dˆ = d or d + 1. If G and H be generator and parity In fact Cˆ is an [n + 1, k, d] check matrices for C, then a generator matrix Ĝ of Cˆ can be obtained from G by adding an extra column to G, so the sum of the coordinates of each row of Ĝ is 0. A parity check matrix for Cˆ is the matrix 1 1 ··· H 1 0 .. . . 0 This construction is referred to as adding an over all parity check. 22 Remark 1.5.1. * If C is an [n, k, d] binary code, then the extended code C contains ˆ code, where dˆ equals d if d is even only even weight vectors and is an [n + 1, k, d] and equals d + 1 if d is odd. ** If C is an [n, k, d] code over Fq , call the min. weight of the even-like codewords, respectively the odd-like codewords, the min. even-like weight, respectively the min. odd-like weight of the code. Denote the min. even like weight by de and the min. odd-like weight by d0 . So d = min[de , d0 ]. If de ≤ d0 , then Cˆ has min. weight dˆ = de . If d0 < de , then dˆ = d0 + 1. Example 1.5.3. The tetracode H3,2 is a [4, 2, 3] code over F3 with generator matrix G and parity check matrix H given by 1 0 1 1 -1 -1 and H = G= 0 1 1 -1 -1 1 1 0 0 1 . The codewords (1, 0, 1, 1) extends to (1, 0, 1, 1, 0) and the codeword (0, 1, 1, −1) extends to (0, 1, 1, −1, −1). Hence d = de = d0 = 3 and dˆ = 3. the generator and parity check matrices for Ĥ3,2 are Ĝ = 1 1 and Ĥ = -1 -1 0 1 1 -1 -1 -1 1 1 0 1 1 0 1 1 1 0 0 1 1 0 . 0 Remark 1.5.2. If we extend a code and then puncture the new coordinate, we obtain the original code, but if we performing the operations in the other order will in general result in a different code. Example 1.5.4. If we puncture the binary code C with generator matrix 1 1 0 0 1 G= 0 0 1 1 0 on its last coordinate and extend on the right, the resulting code has generator matrix 1 1 0 0 0 . G= 0 0 1 1 0 23 1.5.3 Shortening codes Definition 1.5.3. Let C be an [n, k, d] code over Fq and let T be any set of t coordinates. Consider the set C(T ) of codewords which are 0 on T ; this set is a subcode of C, puncturing C(T ) on T gives a code over Fq of length n − t called the code shortened on T and denoted CT . Example 1.5.5. Let C be the [6, 3, 2] binary code 1 0 0 1 G = 0 1 0 1 0 0 1 1 with generator matrix 1 1 1 1 . 1 1 C ⊥ is also [6, 3, 2] code with generator matrix 1 1 1 1 0 0 G⊥ = 1 1 1 0 1 0 . 1 1 1 0 0 1 If the coordinates are labeled 1, 2, · · · 6, let t = {5, 6}, then the generator matrices for the shortened code CT and the punctured code C > are 1 0 0 1 and GT = GT = 0 1 0 1 0 1 1 0 0 0 1 1 1 0 1 0 because the set C(T ) of codewords which are zero on T are 1 1 0 0 0 0 1 0 1 0 0 0 0 1 1 0 0 0 . By puncturing C(T ) on T gives the code CT whose generator matrix is GT . The shortening and puncturing the dual code gives the code (C ⊥ )T and (C ⊥ )T which have 24 generator matrices ³ (G⊥ )T = 1 1 1 1 ´ 1 1 1 1 . and (G⊥ )T = 1 1 1 0 From the generator matrices GT and GT , we find that the duals of CT and C T have generator matrices (GT )⊥ = 1 1 1 0 0 0 0 1 ³ ´ and (GT )⊥ = 1 1 1 1 . Notice that these matrices show that (C ⊥ )T = (C T )⊥ and (C ⊥ )T = (CT )⊥ . Theorem 1.5.2. Let C be an [n, k, d] code over Fq . Let T be a set of t coordinates. Then: (i) (C ⊥ )T = (C T )⊥ and (C ⊥ )T = (CT )⊥ , and (ii) if t < d, then C T and (C ⊥ )T have dimensions k and n − t − k, respectively; (iii) if t = d and T is the set of coordinates where a minimum weight codeword is non zero, then C T and (C ⊥ )T have dimensions k − 1 and n − d − k + 1, respectively. Proof. (i) Let C be a codeword of C ⊥ which is 0 on T and c∗ the codeword with coordinates in T removed. So c∗ ∈ (C ⊥ )T . If x ∈ C, then 0 = x · c = x∗ · c∗ where x∗ is the codeword x punctured on T . Thus (C ⊥ )T ⊆ (C T )⊥ .....(1). Any vector c ∈ (C T )⊥ can be extended to the vector ĉ by inserting 0,s in the position of T . If x ∈ C, puncture x on T to obtain x∗ . As 0 = x∗ · c = x · ĉ, c ∈ (C ⊥ )T =⇒ (C T )⊥ ⊆ (C ⊥ )T .....(2). Thus from (1) and (2) we have (C ⊥ )T = (CT )⊥ . We complete the proof of (i) (ii) Assume t < d. Then n − d + 1 ≤ n − t, implying any n − t coordinates of C contain an information set (By theorem 1.4.13). Therefore C T must be k− dimensional and hence (C ⊥ )T = (C T )⊥ has dimension n − t − k this proves (ii). (iii) As in (ii), (iii) is completed if we show that C T has dimension k − 1. If S ⊂ T with S of size d − 1, C S has dimension k by part (ii) clearly C S has minimum distance 1 and 25 C T is obtained by puncturing C S on the nonzero coordinate of a weight 1 codeword in C S . By theorem 1.5.1 C T has dimension k − 1. 1.5.4 Direct sums For i ∈ {1, 2} let Ci be an [ni , ki , di ] code, both over the same finite field Fq . Then their direct sum is the [n1 + n2 , k1 + k2 , min{d1 , d2 }] code C1 ⊕ C2 = {(c1 , c2 )|c1 ∈ C1 , c2 ∈ C2 }. If Ci has generator matrix Gi and parity check matrix Hi , then G1 0 H 0 and H1 ⊕ H2 = 1 G1 ⊕ G2 = 0 G2 0 H2 are a generator matrix and parity check matrix for C1 ⊕ C2 . Example 1.5.6. Let C be the binary code with 1 1 0 0 1 0 1 0 G = 1 0 0 1 1 0 1 0 1 0 0 1 generator matrix 1 1 0 1 0 1 1 1 0 . 1 1 0 0 1 1 Give another generator matrix for C that shows that C is a direct sum of two binary codes. 26 Solution:By elementary row operations G has equivalent matrix in the form 1 1 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 1 0 0 0 , 0 0 0 0 0 1 1 0 0 0 0 1 1 0 which is equivalent to G1 ⊕ G2 = G1 0 0 G2 , where 1 1 0 0 G1 = 0 1 1 0 is a generator matrix for [4, 3, 2] − code C1 and 0 0 1 1 G2 = 1.5.5 0 1 1 1 1 0 is a generator matrix for [3, 2, 2] − code C2 . The ( u|u + v) construction Two codes of the same length can be combined to form a third code of twice of length in a way similar to the direct sum construction. Let Ci be an [n, ki , di ] code for i ∈ {1, 2} over Fq . Then the ( u|u + v) construction produces the [2n, k1 + k2 , min{2d1 , d2 }]- code C = {(u|u + v)|u ∈ C1 , v ∈ C2 }. If Ci has the generator matrix Gi and the parity check matrix Hi , then the generator matrix and the parity check matrices for C are H 0 G G1 . and 1 1 −H2 H2 0 G2 27 Example 1.5.7. Consider the [8, 4, 4]− 1 0 1 0 1 0 0 0 1 0 0 0 binary code C with generator matrix 0 1 0 1 0 1 0 1 0 1 . 1 0 0 1 1 0 1 1 1 1 Then C can be produced from the [4, 3, 2] code C1 and the [4, 1, 4] code C2 with generator matrices 1 0 1 0 ´ ³ G1 = 0 1 0 1 , and G2 = 1 1 1 1 , 0 0 1 1 respectively using the ( u|u + v) construction. Notice that the code C1 is also constructed using the ( u|u + v) construction from the [2, 2, 1] code C3 and the [2, 1, 2] code C4 with generator matrices G3 = 1 0 0 1 ³ ´ and G4 = 1 1 . Remark 1.5.3. The ( u|u + v) construction are used to construct the family of Reed Muller codes. Example 1.5.8. Prove that the ( u|u + v) construction using [n, ki , di ] codes Ci produces a code of dimension k = k1 + k2 and minimum weight d = min[2d1 , d2 ]. Proof. Let x1 = (u1 |u1 + v1 ) and x2 = (u2 |u2 + v2 ) be distinct two codewords in the ( u|u + v) construction. If v1 = v2 , then d(x1 , x2 ) = 2d(u1 , u2 ) ≥ 2d1 . On the other hand, if v1 6= v2 then d(x1 , x2 ) = wt(x1 − x2 ) = wt(u1 − u2 )+wt(u1 − u2 + v1 − v2 ) ≥ wt(v1 − v2 ) = d(v1 , v2 ) ≥ d2 . Hence the minimum distance of the ( u|u + v) construction code d ≥ min[2d1 , d2 ], since equality can hold in all cases, then d = min[2d1 , d2 ]. The dimension of C is equal k1 + k2 from the generator matrix of ( u|u + v) construction. 28 1.6 Permutation equivalent codes: Definition 1.6.1. two linear codes C1 and C2 are called permutation equivalent provided there is a permutation of coordinates which sends C1 to C2 . This permutation can be described using a permutation matrix, which is a square matrix with exactly one 1 in each row and column and 00 s elsewhere. * C1 and C2 are permutation equivalent provided that there is a permutation matrix P such that G1 is a generator matrix of C1 if and only if G1 P is a generator matrix of C2 . ** If P is a permutation sending C1 to C2 we will write C1 P = C2 when C1 P = {y|y = xP for x ∈ C1 }. Example 1.6.1. If C1 and C2 are permutation equivalent codes then (1) C1⊥ P = C2⊥ . (2) If C1 is self dual, so is C2 . Proof. (1) C1⊥ = {x ∈ Fnq : x · c1 = 0 ∀c1 ∈ C1 }, then C1⊥ P = {xP ∈ Fnq : xP · c1 P = 0 ∀c1 ∈ C1 } = {y ∈ Fnq : y · c2 ∀c2 ∈ C2 } = C2 , where xP = y and c2 = c1 P. (2) Let C1 = C1⊥ =⇒ C1⊥ P = C2⊥ =⇒ C1 P = C2⊥ =⇒ C2 = C2⊥ . so C2 is self dual. Example 1 G1 = 0 0 1.6.2. Let C1 , C2 and C3 be binary codes 1 0 0 0 1 0 0 0 0 0 1 1 0 0 , G2 = 0 0 1 1 0 1 0 0 0 0 0 1 1 with generator matrices 1 1 0 0 0 0 0 1 and G 1 0 1 0 0 0 . 0 0 3 1 1 1 1 1 1 1 0 These codes have weight distributions A0 = A6 = 1 and A2 = A4 = 3. The permutation switching columns 2 and 6 sends G1 to G2 , showing that C1 and C2 are permutation 29 equivalent. C1 and C2 are self-dual. C3 is not self-dual so C1 and C3 are not permutation equivalent. Theorem 1.6.1. Let C be a linear code. (i) C is permutation equivalent to a code which has generator matrix in standard form. (ii) If and I and R are information and redundancy positions for C, then R and I are information and redundancy positions respectively for the dual code C ⊥ . Proof. (i) If we apply the elementary row operations to any Generator matrix of C. This will produce a new generator matrix of C which has columns the same as those in Ik , but possibly in a different order. Now choose a permutation of the columns of the new generator matrix so that these columns are moved to the order that produces [Ik |A]. The code generated by [Ik |A] is equivalent to C. (ii) If I is an information set for C, then by row reducing a generator matrix for C, we obtain columns in the information positions that are the columns of Ik in some order. As above, choose a permutation matrix P to move the columns so that CP has generator matrix [Ik |A]; P has moved I to the first k coordinate positions. By previous theorem (2.1.2) (CP )⊥ has the last n − k coordinates as information positions, but (CP )⊥ = C ⊥ P , imply that R is a set of information positions for C ⊥ . Let Symn be the set of all permutations of the set of n coordinates. If σ ∈ Symn and x = x1 x2 · · · xn , define xσ = y1 y2 · · · yn where yj = xjσ−1 for 1 ≤ j ≤ n. So xσ = xP, where P = [pi,j ] is the permutation matrix given by 1 if j = iσ, pi,j = 0 otherwise. 30 Example 1.6.3. Let n = 3, x = x1 x2 x3 , σ = (1, 2, 3). −1 −1 Then 1σ −1 = 3, 2σ = 1, 3σ = 2, so xσ = x3 x1 x2 . 0 1 0 Let P = 0 0 1 . 1 0 0 Then xP also equals x3 x1 x2 . Definition 1.6.2. The set of coordinate permutation that map a code C to itself forms a group. That is a set with an associative binary operation which has an identity and all elements have inverses, called permutation automorphism group of C. This group is denoted by PAut(C). So if C is a code of length n, then PAut(C) is a subgroup of the symmetric group Symn . Example 1.6.4. Show that (1, 2)(5, 6), ( (1, 2, 3)(5, 6, 7) and (1, 2, 4, 5, 7, 3, 6) are automorphisms of the [7, 4] binary code H3 which has the following generator matrix, 1 0 0 0 0 1 1 0 1 0 0 1 0 1 . 0 0 1 0 1 1 0 0 0 0 1 1 1 1 The Automorphism (1, 2)(5, 6) gives 0 1 0 0 the generator matrix of the form 1 0 0 1 0 1 0 0 0 0 1 1 . 0 1 0 1 1 0 0 0 1 1 1 1 This generator matrix is the same as the above generator matrix if we interchange rows 1 and 2. Theorem 1.6.2. Let C, C1 and C2 be codes over Fq . Then: (i) PAut(C) = PAut(C ⊥ ). 31 (ii) If q = 4, PAut(C) = PAut(C ⊥H ) (iii) If C1 P = C2 for a permutation matrix P , then P −1 PAut(C1 )P = PAut (C2 ). Proof. (i) Let φ ∈ PAut(C) =⇒ φ(C) = C, then there exists a permutation matrix P 3 CP = C. But (CP )⊥ = C ⊥ P = C. Then P is a permutation matrix for C ⊥ corresponding to φ, so φ ∈ PAut(C ⊥ ) =⇒ PAut(C) ⊆ PAut(C ⊥ )..........(1). Similarly if α ∈ PAut(C ⊥ ) =⇒ αC ⊥ = C ⊥ =⇒ (αC ⊥ )⊥ = (C ⊥ )⊥ = C. then αC = C =⇒ α ∈ PAut(C) =⇒ PAut(C ⊥ ) ⊆ PAut(C)..........(2). From (1) and (2) we have PAut(C) = PAut(C ⊥ ). (ii) Same as (i) (iii) If C1 P = C2 for a permutation matrix P , then P −1 PAut(C1 )P = PAut(C2 ), for P 6∈ PAut(C1 ). If Q ∈ PAut(C1 ) =⇒ QC1 = C1 =⇒ P −1 QC1 P = P −1 C1 P =⇒ P −1 QC2 = P −1 C1 P. Then P P −1 QC2 = P P −1 C1 P = In C1 P = C2 =⇒ QC2 = C2 =⇒ Q ∈ PAut(C2 ) =⇒ P −1 PAut(C1 )P ⊆ PAut(C2 )..........(1). Let Q ∈ PAut(C2 ) =⇒ QC2 = C2 =⇒ QC1 P = C1 P =⇒ QC1 P P −1 = C1 P P −1 =⇒ QC1 = C1 =⇒ Q ∈ PAut(C1 ) =⇒ PAutC2 ⊆ P −1 PAutC1 P..........(2) From (1) and (2) we have P −1 PAut(C1 )P = PAut (C2 ). 1.7 Hamming codes We have obtained the parity check matrix of 0 1 1 H= 1 0 1 1 1 0 32 the Hamming code H3 , [7, 4, 3] in the form 1 1 0 0 1 0 1 0 . 1 0 0 1 Notice that the columns of this parity check matrix are all the distinct nonzero binary columns of length 3. So H3 is equivalent to the 0 0 0 1 0 H = 0 1 1 0 1 0 1 0 code with parity check matrix, 1 1 1 0 1 1 . 1 0 1 Whose columns are the numbers 1 through 7 written as binary numerals (with leading 0;s as necessary to have a 3-tuple in their natural order. We generalize this form in the following. Let n = 2r − 1 with r ≥ 2. Then the r × (2r − 1) matrix Hr whose columns are 1, 2, · · · 2r − 1 written as binary numerals is the parity check matrix of the hamming code [n = 2r − 1, k = n − r] binary code. Any arrangement of columns of Hr gives an equivalent code, these codes denoted by Hr or H3r . The columns of Hr are distinct and nonzero, the minimum distance is at least 3. Since there are three columns linearly dependent, so the minimum distance of the Hamming code is 3. So Hr is a binary [2r − 1, 2r − 1 − r, 3] code and these codes are unique. Theorem 1.7.1. Any [2r −1, 2r −1−r, 3] binary code is equivalent to the binary hamming code Hr . Proof. The parity check matrix is r × (2r − 1), so dim(C ⊥ ) = r and the maximum number of linearly independent columns is 2, so d = 3 and dim(C) = 2r − 1 − r. Hamming codes Hq,r can be defined over an arbitrary finite field Fq . For r ≥ 2, Hq,r has parity check matrix Hq,r defined by choosing for its columns a non zero vector from each 1-dimensional subspace of Frq . There are Hq,r has length n = (q r −1) q−1 (q r −1) q−1 1-dimensional subspaces. Therefore , dimension n − r, redundancy r. No two columns are multiple of each other. So Hq,r has minimum distance 3. r r −1) (q −1) Theorem 1.7.2. Any [ (qq−1 , q−1 − r, 3] code over Fq is monomially equivalent to the Hamming code Hq,r 33 Remark 1.7.1. The duals of the Hamming codes are called simplex codes. They are r −1 [ qq−1 , r] codes, denoted by Sr and has minimum weight q r−1 . r −1 Theorem 1.7.3. The non zero codewords of the [ qq−1 , r] simplex code over Fq all have weights q r−1 . Construction of binary simplex code. Let G2 be the matrix G2 = 0 1 1 1 0 1 , for r ≥ 3, define Gr inductively by 0···0 Gr = Gr−1 1 1···1 0 .. . Gr−1 . 0 Gr has nr = 2r − 1 distinct nonzero columns. The weight of the simplex code is 2r−1 . We claim the code Sr generated by Gr is the dual of the Hamming code Hr . Since Gr has one more row than Gr−1 and, as G2 has 2 rows, Gr has r rows, let Gr have nr columns. So n2 = 22 − 1 and nr = 2nr−1 + 1; by induction nr = 2r − 1. The columns of G2 are nonzero and distinct; by construction the columns of Gr are nonzero and distinct if the columns of Gr−1 are also nonzero and distinct. So by induction Gr has 2r − 1 distinct nonzero columns of length r. But there are only 2r − 1 possible distinct nonzero r− tuples; these are the binary expansions of 1, 2, · · · , 2r − 1. So Sr = Hr⊥ . The nonzero codewords S2 have weight 2. Assume the nonzero codewords of Sr−1 have weight 2r−2 . Then the nonzero codewords of the subcode generated by the last r − 1 rows of Gr have weight (a, 0, b), where a, b ∈ Sr−1 . So these codewords have weight 2 · 2r−2 = 2r−1 . Also the top row of Gr has weight 1 + 2r−1 − 1 = 2r−1 . The remaining non zero codewords of Sr have the form (a, 1, b + 1), where a, b ∈ Sr−1 . As wt(b + 1) = 2r−2 − 1, wt(a, 1, b + 1) = 2r−2 + 1 + 2r−2 − 1 = 2r−1 . Thus by induction Sr has all nonzero codewords of weight 2r−1 . 34 1.8 The Golay codes The binary codes of length 23 and the ternary code of length 11 were first described by Golay in 1949. 1.8.1 The Golay code G24 We let G24 be the [24, 12] code with generator matrix G24 = [I12 |A] in standard form were I12 is the identity matrix and A is a 0 1 1 1 1 1 1 1 0 1 0 1 1 1 1 1 1 1 A= 1 1 0 1 0 0 1 0 0 1 0 1 1 1 0 1 0 1 matrix of size 12 × 12 defined by 1 1 1 1 1 1 1 1 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 1 0 1 1 0 0 0 0 1 0 1 1 0 1 . 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 1 1 0 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 0 1 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 1 Lable the columns of A by ∞, 0, 1, 2, · · · 10. The first row contains 0 in column ∞ and 1 elsewhere. To obtain the second row, a 1 is placed in column ∞ and a 1 is placed in columns 0, 1, 3, 4, 5 and 9, these numbers are the squares of the integers modulo 11. That is 02 = 0, 12 = 102 ≡ 1 (mod 11), 22 ≡ 92 ≡ 4 (mod 11) etc. The first third row of A is obtained by putting a 1 in column ∞ and then shifting the components in the second row one place to the left and wrapping the entry in column 0 around to column 10, and so on all other rows. 35 Remark 1.8.1. (1) All rows has weight divisible by 4 and dim G24 = 12, it is self-dual binary code. (2) The minimum weight of G24 is 8 (3) If we puncture in any of the coordinates we obtain a [23, 12, 7] binary code G23 called binary Golay code has minimum weight 7 (4) The extended code of G23 is G24 so G24 is called extended Golay code. 1.8.2 The ternary Golay codes The ternary Golay code G12 is [12, 6, 6] code over F3 with generator matrix G12 = [I6 |A] in standard form where A= 0 1 1 1 1 1 0 1 −1 −1 1 1 1 0 1 −1 −1 1 −1 1 0 1 −1 1 −1 −1 1 0 1 1 −1 −1 1 0 1 Remark 1.8.2. 1 (1) The G12 is self-dual ternary code [12, 6, 6] (2) The G11 is a [11, 6, 5] code obtained from G12 by puncturing (3) The extended code of G11 is not G12 it will give either a [12, 6, 6] code or a [12, 6, 5] code depending upon the coordinate. 1.9 Reed- Muller codes Definition 1.9.1. Let m be a positive integer and r a nonnegative integer with r ≤ m. The binary codes we construct will have length 2m . For each length there will be m + 1 linear codes denoted by R(r, m) and called the rth order Reed-Muller or RM , code of 36 length 2m . * The codes R(0, m) R(m, m) are trivial codes the first is called 0th order RM code R(0, m) which is a binary repeation code of length 2m with bases [1], and the mth m order RM code R(m, m) is the entire space F22 . ** For 1 ≤ r ≤ m, define R)(r, m) = {(u, u + v)|u ∈ R(r, m − 1), v ∈ R(r − 1, m − 1)}. *** Let G(0, m) = [11 · · · 1] and G(m, m) = I2m be the generator matrices for R(0, m) and R(m, m) respectively for 1 ≤ r < m, using (u|u + v) construction, a generator matrix G(r, m) for R(r, m) is G(r, m) = G(r, m − 1) G(r, m − 1) 0 G(r − 1, m − 1) Example 1.9.1. The generator matrices for R(r, m) with 1 G(1, 1) G(1, 1) = G(1, 2) = 0 0 G(0, 1) 0 and 1 ≤ r ≤ 3 : are 0 1 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 1 0 1 0 1 0 0 G(1, 2) G(1, 2) G(1, 3) = = 0 0 1 1 0 0 1 1 0 G(0, 2) 0 0 0 0 1 0 1 0 37 and G(2, 2) G(2, 2) = G(2, 3) = 0 G(1, 2) 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 1 1 Note:(1) R(1, 2) and R(2, 3) are both the set of all even weight vectors in F4 and F8 respectively. (2)R(1, 3) is an [8, 4, 4] self-dual code which must be the extended Hamming code Ĥ3 . Theorem 1.9.1. Let r be an integer with 0 ≤ r ≤ m. Then the following are hold: (i) R(i, m) ⊆ R(j, m) if 0 ≤ i ≤ j ≤ m. (ii) The dimension of R(r, m) equals m m m + + ··· + . 0 1 r (iii) The minimum weight of R(r, m) equals 2m−r . (iv) R(m, m)⊥ = {0}, and if 0 ≤ r < m, then R(r, m)⊥ = R(m − r − 1, m). 1.10 Encoding, decoding, and Shannon’s theorem Let C be an [n, k] linear code over the field Fq , with generator matrix G. This code has q k codewords which will be in one to one correspondence with q k messages. The simplest way to view these messages is as k− tuples x ∈ Fkq . To encode the message x as a codeword c = xG, if G = [Ik |A] in standard form, then the first k coordinates of the codeword C are the information symbol x; the remaining n − k 38 symbols are the parity check symbols, that is a redundancy added to x in order to help recover x if errors occur. If G is not in standard form then there exists indices i1 , i2 , · · · , ik such that the k × k matrix consisting of these k columns of G is the k × k identity matrix consisting of those k columns of G. Then the message is found in the k− coordinates i1 , i2 , · · · , ik of the codeword scrambled but otherwise unchanged, that is the message symbol xj is in the component ij of the codeword. This encoder is called systematic. Encoder Let x be a message x = x1 x2 · · · xk . Let G = [Ik |A], H = [−A> |In−k ]. Suppose x = x1 x2 · · · xk is encoded as a codeword c = c1 c2 · · · cn as G in standard form, c1 c2 · · · ck = x1 x2 · · · xk . So we need to determine the n − k parity check symbols (redundancy symbols) ck+1 ck+2 · · · cn . As 0 = HC > = [−A> |In−k ]C > =⇒ 0 = −A> x> + In−k [ck+1 · · · cn ]> =⇒ A> x> = [ck+1 · · · cn ]> Example 1.10.1. Let G be the [6, 3, 3] binary code with generator matrix and parity check matrices 1 0 0 1 0 1 1 1 0 1 0 0 G = 0 1 0 1 1 0 and H = 0 1 1 0 1 0 0 0 1 0 1 1 1 0 1 0 0 1 Let x = x1 x2 x3 to obtain the codeword C = c1 c2 · · · c6 using G to encode yields C = xG = (x1 , x2 , x3 , x1 + x2 , x2 + x3 , x1 + x3 ). Using H to encode 0 = HC > leads to the system 0 = c1 + c2 + c4 0 = c2 + c3 + c5 0 = c1 + c3 + c6 As G in standard form c1 c2 c3 = x1 x2 x3 and solving this system clearly gives the same codeword c4 = c1 + c2 = x1 + x2 c5 = c2 + c3 = x2 + x3 c6 = c1 + c3 = x1 + x3 39 ∴ C = (x1 , x2 , x3 , x1 + x2 , x2 + x3 , x1 + x3 ). If G is not in standard form, since G has k independent rows, so there exists n × k matrix K such that GK = Ik , K is called a right inverse for G and is not necessarily unique. As c = xG =⇒ cK = xGK = xIk = x. 40 Figure 1.1: B.S.C 1.10.1 Decoding and shannon’s theorem The process of decoding, that is, determining which codeword was sent when a vector y is received. Binary symmetric channel is a mathematical model of a channel that transmits binary data. This model is called (BSC) with crossover probability p and illustrated in figure 1.1. If 0 or 1 is sent, the probability it received without error is 1 − p, If a 0 (respectively 1) is sent, the probability that a1 (respectively 0) is received is p, where 0 ≤ p < 1 2 < 1. 1 − p, if y = c ; i i Prob(yi was received|ci was sent) = p, if yi 6= ci , where yi , ci ∈ F2 . Discrete memoryless channel (or DMC) a channel in which inputs and outputs are discrete and the probability of error in one bit is independent of previous bits. 0 ≤ p < 12 . conditional probability 41 Assume c ∈ Fn2 is sent and y ∈ Fn2 is received and decoded as ĉ ∈ Fn2 . prop(c|y) = prop(y|c)prop(c) prop(y) where prop(c) is the probability that c is sent and prop(y) is received. There is two choice of the decoder (1) The decoder could choose ĉ = c for the codeword c with prop(c|y) max. Such decoder is called a maximum a posteriori probability or (MAP) decoder, in symbols MAP decoder makes the decision ĉ = arg max prob(c|y). Here arg max prob(c|y), c∈C c∈C is the argument c of the probability function prob(c|y) that maximizes this probability. (2) The decoder could choose ĉ = c for the codeword c with prob(y|c) maximum, such a decoder is called a maximum likelihood (or ML) decoder in symbols, a ML decoder makes the decision ĉ = arg max prob(y|c). c∈C Consider ML decoding over a B.S.C. if y = y1 y2 · · · yn ∈ Fn2 , and c = c1 c2 · · · cn ∈ Fnn prob(y|c) = n Y prob(yi |ci ) = pd(y,c) (1 − p)n−d(y,c) = (1 − p)n ( i=1 where o < p < 1 , 2 0< p 1−p p d(y,c) ) , 1−p < 1. So prob(y|c) is maximum when d(y, c) is minimum. That is finding the codeword c is closest to the received vector y in Hamming distance, this is called nearest neighbor decoding. Hence A B.S.C, maximum likelihood and nearest neighbor decoding are the same. Let e = y − c so that y = c + e, where e is an error vector added to the codeword c on the effect of noise in the communication channel. The goal of decoding is to determine e. Nearest neighbor decoding is equivalent to finding a vector e of smallest weight such that y − e is in the code. e need not be unique since there may be more than one codeword closest to y. 42 When we have a decoder capable of finding all codewords nearest to the received vector y, then we have a complete decoder. Sphere of radius r A set of words in Fnq at Hamming distance r or less from a given codeword u ∈ Fnq is called a sphere of radius r. Sr (u) = {v ∈ Fnq | d(u, v) ≤ r}. The number of words or vectors in Sr (u) or the volume of Sr (u) is equal r X n (q − 1)i . i i=0 Theorem 1.10.1. If d is the minimum distance of a code c (linear or non linear) and t = b d−1 c, then spheres of radius t a bout distinct codewords are disjoint. 2 Proof. If z ∈ St (c1 ) ∩ St (c2 ), where c1 , c2 are codewords, then by triangle inequality d(c1 , c2 ) = d(c1 − z, c2 − z) ≤ d(c1 , z) + d(c2 , z) ≤ 2t ≤ d − 1 < d contradiction so c1 = c2 . Corollary 1.10.2. with the notation of previous theorem, if a codeword c is sent and y is received where t or fewer errors have occurred, then c is the unique codeword closest to y. In particular, nearest neighbor decoding uniquely and correctly decodes any received vector in which at most t errors occurred in transmission. Proof. Let c and y be the transmitted codeword and received word, respectively, and write y = c + e where wt(e) ≤ d−1 , 2 suppose that c0 6= c and c0 is closest to y in C also, d(c0 , y) ≤ d(c, y) ≤ d−1 . 2 By triangle inequality d ≤ d(c0 , c) ≤ d(c, y) + d(c0 , y) ≤ d − 1 which is a contradiction, so c0 = c. Remark 1.10.1. (1) Given n and d, a code with largest number of codewords, with highest dimension and high minimum weight is an efficient code for decoding 43 (2) Since the minimum distance of C is d, there exist two distinct codeword such that the spheres of radius t + 1 a bout them are not disjoint. Therefore if more than t errors occur, nearest neighbor decoding may yield more than one nearest codeword. Thus C is a t-error correcting code but not (t + 1)− error correcting code. (3) The packing radius of a code is the largest radius of spheres centered at codewords so that the spheres are pairwise disjoint. Theorem 1.10.3. Let C be an [n, k, d] code over Fq . The following hold: (i) The packing radius of C equals t = b d−1 c. 2 (ii) The packing radius t of C is characterized by the property that nearest neighbor decoding always decode correctly a received vector in which t or fewer errors have occurred but will not always decode correctly a received vector in which t + 1 errors have occurred. The decoding problem becomes one of finding an efficient algorithm that will correct up to t errors one of the most obvious decoding algorithm is to examine all codewords until one is found with distance t or less from the received vector. But this is efficient for codes of number of codewords. Another obvious algorithm is to make a table consisting of a nearest codeword for each of the q n vectors in Fnq and then look up a received vector in the table in order to decode it. This is impractical if q n is very large. Syndrome decoding for [n, k, d] linear code C We can devise an algorithm using a table with q n−k rather than q n entries where one can find the nearest codeword by looking up one of those q n−k entries. The code C is abelian subgroup of the additive group Fnq . If x ∈ Fnq , then x + C is a coset of C. The cosets of C form a partition of Fn into q n−k sets, each of size q n . Two vectors x, y ∈ Fnq belong to the same coset if and only if y − x ∈ C. The weight of a coset is the smallest weight of a vector in the coset. 44 A coset leader is the vector in the coset of smallest weight. The zero vector is the unique coset leader of the code C. In general every coset of weight at most t = b d−1 c has a unique coset leader. 2 Definition 1.10.1. Let H be the parity check matrix for C. The syndrome of a vector x in Fnq with respect to the parity check matrix H is the vector in Fqn−k defined by syn(x) = Hx> . The code C consists of all vectors whose syndrome equal 0. As rank H = n − k every vector in Fn−k is a syndrome. q Theorem 1.10.4. Two vectors belong to the same coset if and only if they have the same syndrome. Proof. If x1 , x2 ∈ Fnq are in the same coset of C, then x1 − x2 = c ∈ C =⇒ x1 = x2 + c. > > Therefore syn(x1 ) = H(x2 + c)> = Hx> 2 + Hc = Hx2 = syn(x2 ), then x1 , x2 have the same syndrome and then lie on the same coset of C. If syn(x1 ) = syn(x2 ) =⇒ H(x1 − x2 )> = 0 =⇒ x2 − x1 ∈ C =⇒ x2 ∈ x1 + C. So x1 , x2 lie on the same coset of C. There is one to one correspondence between cosets of C and syndromes. We denote by Cs the coset of C consisting of all vectors in Fnq with syndrome s. So there is a one to one correspondence between the q n−k cosets of C in Fnq and the q n−k possible values of the syndromes. The trivial coset C corresponding to the syndrome 0. Nearest codeword decoding can thus be performed by the following steps: (1) Let y be a received vector, we seek an error vector e of smallest weight such that c = y − e ∈ C. We find the syndrome of (the coset of) the received vector y ∈ Fnq . That is we compute s = syn(y) = Hy> . 45 (2) Finding a coset leader e in the coset of the received vector y. Find a minimum weight vector e ∈ Fnq such that s = syn(y) = H(c + e)> = Hc> + He> = He> . (3) Create a table pairing the syndrome with the coset leader, y is decoded as the code word y − e. The table is used to look up the syndrome and find the coset leader. How do we construct a table of syndromes in step (1). Let C be t correcting code of [n, k, d], with parity check matrix H, we construct the syndromes as follows. (1) The coset of weight 0 has coset leader 0. (2) Consider the n cosets of weight 1. (3) Choose an n- tuple with a 1 in position i and 00 s elsewhere, the coset leader is the n- tuple and the associated syndrome is column i of H. n (4) For the cosets of weight 2, choose an n-tuple with two 1’s in positions i and 2 j, with i < j and the rest 0’s, the coset leader is the n-tuple and the associated syndrome is the sum of columns i and j of H. (5) continue in this manner through the cosets of weight t. (6) We could choose to stop. if we do we can decode any received vector with t or fewer errors. Remark 1.10.2. To find the syndrome s = He> = syn(y) is equivalent to finding a smallest set of columns in H whose linear span contains the vector s. The syndrome decoding for binary Hamming codes [2r − 1, 2r − 1 − r, 3] takes the form. (i) After receiving a vector y, compute its syndrome s using the parity check matrix Hr of the Hamming code Hr . (ii) If s = 0, then y is in the code and y is decoded as y; otherwise, s is the binary 46 numeral for some positive integer i and y is decoded as the codeword obtained from y by adding 1 to its ith bit. Example 1.10.2. Construct the parity check matrix of the binary Hamming code H4 of length 15 where the columns are the binary numbers 1, 2, · · · , 15 in that order. Using this parity check matrix decode the following vectors, and then check that your decoded vectors are actually codewords. (a) y1 = 001000001100100 (b) y2 = 101001110101100, (c) y3 = 000100100011000. Solution: 0 0 0 0 H= 0 1 1 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 (a) Let y1 = 001000001100100 Then 1 1 > Hy1 = = col13 . 0 1 So e1 = 000000000000100 ∴ c1 = y1 − e1 = 001000001100000. (b) 0 0 > Hy2 = = col2 1 0 47 .So e2 = 010000000000000 ∴ c2 = y2 − e2 = 111001110101100. Example 1.10.3. Let C be a linear [5, 2, 3] code over F2 with generator matrix 1 0 1 1 0 . G= 0 1 0 1 1 The cosets of the code C are shown in the following table. 00000 10110 01011 11101 00001 10111 01010 11100 00010 10100 01001 11111 00100 100010 01111 11001 01000 11110 00011 10101 10000 00110 11011 01101 00101 10011 01110 11000 10001 00111 11010 01100 Each row in the table is a coset of C and the first vector in each row is the coset leader of minimum weight. The last two rows could start with any of the words 00101, 11000, 10001, or 01100. Suppose that the received word is y = 01111. This word appears in the fourth row and the third column. The coset leader of the fourth row is 00100, and the decoded codeword is 01011, which is the first entry in the third column. We can use the syndrome decoding to decode the receive word y by using the parity check matrix 1 0 1 0 0 H= 1 1 0 1 0 0 1 0 0 1 Hy> = H(01111)> = (100)> = col3 . e = (00100) so c = y − e = (01111) − (00100) = (01011). 48 1.11 Sphere packing bound, covering radius and perfect codes Definition 1.11.1. Given n and d, the maximum number of codewords in a code over Fq of length n and minimum distance d is denoted by Aq (n, d). For binary field it is denoted by A2 (n, d) or A(n, d). Definition 1.11.2. For linear codes the maximum number of codewords is denoted by Bq (n, d) and B(n, d) for binary case. Theorem 1.11.1. (Sphere packing bound) Bq (n, d) ≤ Aq (n, d) ≤ t X qn n i i=0 (q − 1)i wher t = b d−1 c. 2 Proof. Let C be a code over Fq of length n and minimum distance d (possibly nonlinear). Suppose that C contains M codewords. By previous theorem 1.10.1, the spheres of radius t a bout distinct codewords are disjoint. Since the volume of any sphere contains α = t X i=0 n i (q − 1)i total vectors, and the n spheres are disjoint M α cannot exceed the number q of vectors in Fnq , then M α ≤ q n =⇒ M ≤ qn qn = α t X n (q − 1)i i i=0 Definition 1.11.3. If M= t X i=0 qn n i (q − 1)i then the code is called perfect code. That is Fnq is filled by disjoint spheres of radius t. 49 Example 1.11.1. Consider the Hamming code Hq,r over Fq with parameters [n = q r −1 ,k q−1 = n − r, d = 3], then t = 1. Since n(q − 1) = q r − 1 then q r = n(q − 1) + 1 =⇒ 1 X i=0 qn n i qn qn = r = q n−r = q k 1 + n(q − 1) q = (q − 1)i but M = q k so Hq,r is a perfect code. Example 1.11.2. Prove that the [23, 12, 7] binary and the [11, 6, 5] ternary Golay codes are perfect. As n = 23, k = 12, t = b 7−1 c = 3. Then 2 3 X 223 23 i=0 i = 212 = 2k so [23, 12, 7] is (2 − 1)i perfect code. Definition 1.11.4. The covering radius ρ = ρ(C) is the smallest integer s such that Fnq is the union of the spheres of radius s centered at the codewords of C. ρ(C) = maxn min d(x, c). x∈Fq c∈C t ≤ ρ(C), and t = ρ(C) if and only if C is a perfect code. So the code is perfect if the packing radius equals the covering radius. If C is a code with packing radius t and covering radius t + 1, C is called quasi-perfect. There is no general classification of quasi-perfect. 50 Chapter 2 Bounds on the size of codes 2.1 Aq (n, d) and Bq (n, d) An (n, M, d) code C over Fq is a code of length n with M codewords whose minimum distance is d. If C is linear it is an [n, k, d] code, where k = logq M . Definition 2.1.1. A code of length n over Fq and minimum distance at least d will called optimal if it has Aq (n, d) codewords or (Bq (n, d) codewords in the case that C is linear). Theorem 2.1.1. Bq (n, d) ≤ Aq (n, d) and Bq (n, d) is a nonnegative integer of q. Bq (n, d) is a lower bound for Aq (n, d) and An (n, d) is an upper bound for Bq (n, d). The sphere packing bound is an upper bound on Aq (n, d) and hence on Bq (n, d). Theorem 2.1.2. Let d > 1. Then (i) Aq (n, d) ≤ Aq (n − 1, d − 1) and Bq (n, d) ≤ Bq (n − 1, d − 1) and (ii) If d is even, A2 (n, d) = A2 (n−1, d−1) and B2 (n, d) = B2 (n−1, d −1), Furthermore (iii) If d is even and M = A2 (n, d) then there exists a binary (n, M, d) code such that all codewords have even weight and the distance between all pairs of codewords is also even. 51 Proof. (i) Let C be a code (linear or non linear) with M codewords and minimum distance d. Puncturing on any coordinate gives a code C ∗ , also with M codewords; otherwise if C ∗ has fewer codewords, there would exist two codewords of C which differ in one position implying d = 1. Contradiction because d > 1. Then Aq (n, d) ≤ Aq (n − 1.d − 1) and Bq (n, d) ≤ Bq (n − 1.d − 1). (ii) To complete (ii) we only need to show that A2 (n, d) ≥ A2 (n−1, d−1) or (Bn (n, d) ≥ B2 (n − 1, d − 1) where C is linear). Let C be a binary code with M codewords, length n − 1, minimum distance d − 1. Extend C by adding an over all parity check to obtain a code Cˆ of length n and minimum distance d, since d − 1 is odd, then d is even. Because Cˆ has M codewords, A2 (n, d) ≥ A2 (n − 1, d − 1) or B2 (n, d) ≥ B2 (n − 1, d − 1) then B2 (n, d) = B2 (n − 1, d − 1) and A2 (n, d) = A2 (n − 1, d − 1). (iii) If C is a binary (n, M, d) code with d even, the punctured code C ∗ is an (n−1, M, d−1) code, extending C ∗ produces an (n, M, d) code Cˆ∗ , since d − 1 is odd. Further this code has only even weight codewords, since d(x, y) = wt(x + y) = wt(x) + wt(y) − 2wt(x ∩ y), the distance between codewords of even weight is even. Example 2.1.1. Let n = 7, d = 4, t = b d−1 c =⇒ A2 (7, 4) ≤ 16. 2 If n = 6, d = 3, t = 1 then the Sphere Packing bound wields 64 7 implying that A2 (6, 3) ≤ 9. But by theorem 2.1.2(ii) A2 (n, d) ≤ A2 (n − 1, d − 1) so 9 is an upper bound for both A2 (7, 4), A2 (6, 3). Theorem 2.1.3. A2 (n, 2) = B2 (n, 2) = 2n−1 . Proof. By theorem 2.1.2(ii) A2 (n, 2) = A2 (n − 1, 1), but A( n − 1, 1) ≤ 2n−1 , and the entire space Fn−1 is a code of length n−1 and minimum distance 1, implying A2 (n−1, 1) = 2n−1 , 2 as Fn−1 is linear 2n−1 = B2 (n − 1, 1) = B2 (n, 2). 2 Theorem 2.1.4. Aq (n, n) = Bq (n, n) = q. 52 Proof. The linear code of size q consisting of all multiple of all one vector of length n (that is the repetition code) has minimum distance n. So q ≤ Bq (n, n) ≤ Aq (n, n). If Aq (n, n) > q, there exists a code with more than q codewords and minimum distance n. Hence at least two of the codewords agree on some coordinate, but then these two codewords are less than distance n a part, a contradiction. So Aq (n, n) = Bq (n, n) = q. Theorem 2.1.5. Aq (n, d) ≤ qAq (n − 1, d) and Bq (n, d) ≤ qBq (n − 1, d). Proof. Let C be a (possibly nonlinear) code over Fq of length n and minimum distance at least d with M = Aq (n, d) codewords. Let C(α) be the subcode of C in which every codeword has α in coordinate n. Then, for some α, C(α) contains at least M q codewords. Puncturing this code on coordinate n produces a code of length n − 1 and minimum distance d. Therefore M q ≤ Aq (n − 1, d) giving Aq (n, d) = M ≤ qAq (n − 1, d). Theorem 2.1.6. Let C Be either a code over Fq with Aq (n, d) codewords or a linear code over Fq with Bq (n, d) codewords. Then C has covering radius d − 1 or less. Proof. t = b d−1 c ≤ ρ(C) where ρ(C) is the covering 2 radius which is greater than t. t X n n (q − 1)i =⇒ αAq (n − 1, d − 1) ≤ Aq (n, d) ≤ Aq (n − 1, d − 1) ≤ qα where α = i i=0 n q =⇒ ρ(C) = d − 1 or less. 2.2 Singleton upper bound and MDS codes. Theorem 2.2.1. Singleton bound. for d ≤ n, Aq (n, d) ≤ q n−d+1 . Furthermore if an [n, k, d] linear code over Fq exists then k ≤ n − d + 1. Proof. When d = n, then Aq (n, n) = q. Assume that d ≤ n, by theorem 2.1.5 Aq (n, d) ≤ qAq (n − 1, d). Inductively we have that Aq (n, d) ≤ q n−d Aq (d, d). Since Aq (d, d) = d then Aq (n, d) ≤ q n−d+1 . Example 2.2.1. For the code [6, 3, 4] over F4 , k = 3 = 6 − 4 + 1 = n − d + 1 and Singleton bound is met so A4 (6, 4) = 43 . 53 Definition 2.2.1. A code for which equality holds in the singleton bound is called maximum distance separable (MDS). That is if k = n − d + 1 holds then a code is called (MDS). Remark 2.2.1. No code of length n and minimum distance d has more codewords than (MDS) with n, d. Theorem 2.2.2. Let C be an [n, k] code over Fq with k ≥ 1. Then the following are equivalent: (i) C is MDS. (ii) Every set of k coordinates is an information set for C. (iii) C ⊥ is MDS. (iv) Every set of n − k coordinates is an information set for C ⊥ . Proof. (i) =⇒ (ii) as [n, k] is MDS if and only if k = n − d + 1, so any set n − d + 1 contains an information set if and only if every k columns of the generator matrix are linearly independent if and only if every n − k columns of the parity check matrix are linearly independent. Similarly the last two items are equivalent, (ii) =⇒ (iv). if I and R are the information and the redundancy positions for the code C then R and I are the information and redundancy positions for C ⊥ . So every set of n − k coordinates is an information set for C ⊥ . (ii) =⇒ (iii). Since any (n − k) × (n − k) sub-matrix of H is invertible and all nontrivial linear combinations of the rows of H have at most n − k − 1 zero coordinates, therefore all non trivial linear combinations of rows of H have weight at least n − (n − k − 1) = k + 1. Since d for C is equal d = n−k +1, for C ⊥ , d = n−(n−k)+1 == n−dim (C ⊥ )+1 = k +1. So C ⊥ is MDS. Definition 2.2.2. We say that C is a trivial MDS code over Fq if and only if C = Fnq or C is monomially equivalent to the code generated by 1 or its dual. 54 Theorem 2.2.3. Let C be an [n, k, d] binary code. (i) If C is MDS, then C is trivial. (ii) If 3 ≤ d and 5 ≤ k, then k ≤ n − d − 1. Proof. (i) Let C be MDS, then B2 (n, d) = 2n−d+1 but B2 (n, d) = 2n or 21 or 2n−1 . Then n − d + 1 = n =⇒ d = 1 or n − d + 1 = 1 =⇒ d = n or n − d + 1 = n − 1 =⇒ d = 2. The C = Fn2 or C = [n, 1, n] is repeation code. So if C is MDS then [n, n, 1], [n, 1, n], [n, n − 1, 2] are binary trivial codes. (ii) 2.3 Lexicodes The algorithm for constructing lexicodes of length n and minimum distance d proceeds as follows: (I) Order all n− tuples in lexicographic order 0 0 ··· 0 0 0 0 0 ··· 0 0 1 0 0 ··· 0 1 0 0 0 ··· 0 1 1 0 0 ··· .. . 1 0 0 (ii) Construct the class L of vectors of length n as follows: (a) Put the zero vector 0 in L. (b) Look for the first vector x of weight d in the lexicographic ordering. Put x in L. 55 (c) Look for the next vector in the lexicographic ordering whose distance from each vector in L is d or more and add this to L. (d) Repeat (c) until there are no more vectors in the lexicographic list to look at. The set L is a linear code, called the lexicode of length n and minimum distance d. Note: If u and v are binary vectors of length n, we say u < v provided that u comes before v in the lexicographic order. Lemma 2.3.1. If u, v and w are binary vectors of length n with u < v + w and v < u + w, then u + v < w. Proof. If u < v + w then u and v + w have the same leading entries after which u has a 0 and v + w has a 1. We can represent this as follows: u = a0 · · · v + w = a1 · · · Similarly as v < u + w, we have v = b0 · · · , u + w = b1 · · · , However, we do not know that the length i of a and the length j of b are the same. Assume they are different and by symmetry, that i < j. Then we have v = b0 x · · · , u + w = b0 x · · · , where b0 is the first i entries of b. Computing w in two ways, we obtain w = u + (u + w) = (a + b0 )x · · · , w = v + (v + w) = (a + b0 )(1 + x) · · · , a contradiction. So a and b are the same length, giving u + v = (a + b)0 · · · , w = (a + b)1 · · · , showing u + v < w. 56 Theorem 2.3.2. Label the vectors in the lexicode in the order in which they are generated so that c0 is the zero vector. (i) L is a linear code and the vectors c2i are a basis of L. (ii) After c2i is chosen, the next 2i −1 vectors generated are c1 +c2i , c2 +c2i , · · · , c2i −1 + c2i . (iii) Let Li = {c0 , c1 , · · · , c2i −1 }. Then Li is an [n, i, d] linear code. Proof. If we prove (ii), we have (i) and (iii). Then proof of (ii) is by induction on i. Clearly it is true for i = 1. Assume the first 2i vectors generated are as claimed. The Li is linear with basis {c1 , c2 , · · · , c2i−1 }. We show that Li+1 is linear with next 2i vectors generated in order by adding c2i to each of the previously chosen vectors in Li . If not, there is an r < 2i such that c2i +r 6= c2i + cr . choose r to be the smallest such value. As d(c2i + cr , c2i + cj ) = d(cr , cj ) ≥ d for j < r, c2i + cr was a possible vector to be chosen. Since it was not, it must have come too late in the lexicographic order, so c2i +r < c2i + cr ............(1) As d(cr + c2i +r , cj ) = d(c2j +r , cr + cj ) ≥ d for j < 2i by linearity of Li , cr + c2i +r could have been chosen to be in the code instead of c2i (which it cannot equal). So it must be that c2i < cr + c2i +r ......(2). If j < r, then c2i +j = c2i + cj by the assumption on r. Hence d(c2i +r + c2i , cj ) = d(c2i +r , c2i +j ) ≥ d for i < r. So c2i +r + c2i could have chosen to be a codeword instead of cr . The fact that it was not implies that cr < c2i +r + c2i .....(3). But then (2) and (3) with previous lemma 2.3.1 imply c2i + cr < c2i +r contradicting (1). Note: The codes Li satisfy the inclusions L1 < L2 < · · · < Lk = L, where k is the dimension of L. 57 Chapter 3 Finite fields 3.1 Introduction to finite fields Definition 3.1.1. A Field is a set F together with two operations + and . which satisfy the following axioms: (1) F is an abelian group under + with additive identity called zero denoted by 0. (2) F∗ = F/{0} is an abelian group under multiplication with multiplicative identity called one and denoted by 1; (3) multiplication distributes over addition. If p is a prime we let GF (p) (Galois field with p elements) denote the integer ring modulo p. Zp = {0, 1, 2, · · · , p − 1}, group under + mod p, the order of Zp is p. Z∗ = {1, 2, · · · , p − 1} = Zp /{0} is cyclic group under multiplication mod p and order Zp /{0} = p − 1. Zp = Fp = Z/pZ = GF (p). p is called the characteristic of Fp . Fields of order q = pm : 58 Let Fp be a field, the set F[x] of all polynomials over Fp , is a P.I.D (principal ideal domain). Definition 3.1.2. A polynomial f (x) is called irreducible in Fp [x] if f cannot be written as the product of two non constant polynomial in Fp [x]. Let f (x) be irreducible polynomial over Fp of degree m, then hf (x)i is a maximal ideal in Fp [x] generated by f (x). hf (x)i = {q(x)f (x) : q(x) ∈ Fp [x]} =⇒ Fp [x]/hf (x)i is a field = {hf (x)i+g(x) : g(x) ∈ Fp [x]}. Where g(x) = q(x)f (x) + r(x) where r(x) = 0 or deg r(x) < deg f (x) Fp [x]/hf (x)i = {hf (x)i+r(x) : r(x) = 0 or deg r(x) < m} = {a0 +a1 x+· · · am−1 xm−1 : ai ∈ Fp [x].} We denote this field by Fq where q = pm or Fq = GF (pm ) the Galois field of order q = pm which is the extension of the prime field Fp . The characteristic of Fpm is p. The field Fpm is a vector space over Fp of dim m and Fp is a prime subfield of Fq . Theorem 3.1.1. Let Fq be a finite field with q elements. Then (i) q = pm for some prime p, (ii) Fq contains the subfield Fp , (iii) Fq is a vector space over Fp of dimension m, (iv) pα = 0 for all α ∈ Fq , and (v) Fq is unique up to isomorphism. 3.2 Polynomials and the Euclidean algorithm The polynomial f (x) = n X = ai xi = a0 + a1 x + · · · + an xn ∈ Fq , where ai ∈ Fq is called i=0 a polynomial of degree n over Fq . 59 The coefficient of the highest degree term is called the leading coefficient. The polynomial is called monic if its leading coefficient is 1. Let f (x), g(x) ∈ Fq [x] we say that f (x)|g(x) if there exists a polynomial h(x) ∈ Fq [x] such that g(x) = f (x)h(x). If g(x), f (x) 6= 0 then gcd(f (x), g(x)) is the monic polynomial in Fq [x] of largest degree dividing both f (x) and g(x). If gcd(f (x), g(x)) = 1, then f (x), g(x) are called relatively prime, and deg gcd(f (x), g(x)) = 0. Theorem 3.2.1. Let f (x), g(x) be in Fq [x] with g(x) non-zero. (i) (Division algorithm) There exist unique polynomials h(x), r(x) ∈ Fq [x] such that f (x) = g(x)h(x) + r(x), where deg r(x) < deg g(x) or r(x) = 0. (ii) If f (x) = g(x)h(x) + r(x), then gcd(f (x), g(x)) = gcd(g(x), r(x)). Theorem 3.2.2. (Euclidean algorithm) Let f (x), g(x) be polynomials in Fq [x] with g(x) nonzero (i) Perform the following sequence of steps until rn (x) = 0 for some n: f (x) = g(x)h1 (x) + r1 (x), where deg r1 (x) < deg g(x), g(x) = r1 (x)h2 (x) + r2 (x), where deg r2 (x) < deg r1 (x), r1 (x) = r2 (x)h3 (x) + r3 (x), .. . where deg r3 (x) < deg r2 (x), rn−3 (x) = rn−2 (x)hn−1 (x) + rn−1 (x), where deg rn−1 (x) < deg rn−2 (x), rn−2 = rn−1 (x)hn (x) + rn (x), where rn (x) = 0. Then gcd(f (x), g(x)) = crn−1 (x), where c ∈ Fq [x] is chosen so that crn−1 (x) is monic. (ii) There exist polynomials a(x), b(x) ∈ Fq [x] such that a(x)f (x)+b(x)g(x) = gcd(f (x), g(x)). 60 By applying theorem 3.2.1(ii) repeatedly, we have that crn−1 (x) = gcd(rn−2 (x), rn−3 (x)) = gcd(rn−3 (x), rn−4 (x)) = · · · = gcd(f (x), g(x)). Part (ii) is obtained by beginning with the next to last equation rn−3 (x) = rn−2 hn−1 (x) + rn−1 (x) and solving for rn−1 (x) in terms of rn−2 (x) and rn−3 (x) using the previous equations, solve rn−2 (x) and substitute into the equation for rn−1 (x) to obtain rn−1 (x) as a combination of rn−3 (x) and rn−4 (x). Continue up through the sequence until we obtain rn−1 (x) as a combination of f (x) and g(x). Example 3.2.1. Let f (x) = x4 + x2 + x + 1, and g(x) = x3 + 1 in F2 [x]. Compute gcd(f (x), g(x)) and find a(x), b(x) ∈ F2 [x] 3 a(x)f (x) + b(x)g(x) = gcd(f (x), g(x)). Solution: Divide x4 + x2 + x + 1, by x3 + 1 we get x4 + x2 + x + 1 = x(x3 + 1) + (x2 + 1). Now divide x3 + 1 by the remainder x2 + 1 we get x3 + 1 = x(x2 + 1) + x + 1. Now divide x2 + 1 by x + 1 we get x2 + 1 = (x + 1)(x + 1). gcd(x4 + x2 + x + 1, x3 + 1) = x + 1. To find a(x) and b(x), by reversing the above steps we get, gcd(f (x), g(x)) = x + 1 = x3 + 1 + x(x2 + 1) = (x3 + 1) + x[x4 + x2 + x + 1 + x(x3 + 1)] = x(x4 + x2 + x + 1) + (x3 + 1)(1 + x2 ) = a(x)f (x) + b(x)g(x). Where a(x) = x and b(x) = x2 + 1. 61 Remark 3.2.1. (x−α)|f (x) if and only if α is a root of f (x) =⇒ there exist k(x) ∈ Fq [x] 3 f (x) = (x − α)k(x). 3.3 Primitive elements The set F∗q = Fq /{0} is the set of non zero elements in Fq and it is a multiplicative group. Theorem 3.3.1. (i) The group F∗q is cyclic of order q − 1 under the multiplication of Fq . (ii) If γ is a generator of this cyclic group, then Fq = {0, 1 = γ 0 , γ, γ 2 , · · · , γ q−2 } and γ i = 1 if and only if (q − 1)|i. Definition 3.3.1. A generator γ ∈ F∗q is called a primitive element of Fq . Theorem 3.3.2. Let Fq be a finite field. For every a ∈ Fq , a|Fq | = aq = a. Proof. 0|Fq | = 0, and by Lagrange theorem applied to the multiplicative group F∗q , we ∗ have a|Fq | = aq−1 = 1 =⇒ aq = a. If γ is a primitive element of Fq . Then γ q−1 = 1, hence (γ i )q−1 = 1 for 0 ≤ i ≤ q − 1, then any element of F∗q are roots of the polynomial xq−1 − 1 ∈ Fq [x] and hence xq − x, and 0 is a root of xq − x, so all elements of Fq are roots of xq − x. Theorem 3.3.3. The elements of Fq are precisely the roots of xq − x. Definition 3.3.2. The field Fq with q = pm elements is the smallest field containing Fq and all the roots of xq − x. Such a field is called a splitting field of the polynomial xq − x over Fq containing all the roots of the polynomial xq − x. in general splitting fields of a fixed polynomial over a given field are isomorphic. Definition 3.3.3. Let φ(n) be the number of integers i with 1 ≤ i ≤ n such that the gcd(i, n) = 1. φ is called the Euler φ -function. 62 Definition 3.3.4. If G is any cyclic group of order n with generator g, then the generators of G are the elements g i where gcd(i, n) = 1. So φ(n) = the number of generators of G. Definition 3.3.5. If α ∈ G where G is a group of order n. Then the order of α, o(α) is the smallest positive integer i such that αi = 1 and an element of G has order d if and only if d|n. If g is a generator of G then g i has order d = n gcd(i,n) and there are φ(d) elements of order d. Theorem 3.3.4. Let γ be a primitive element of Fq . (i) There are φ(q−1) primitive elements in Fq ; these are the elements γ i where gcd(i, q− 1) = 1. (ii) For any d where d|(q − 1), there are φ(d) elements in Fq of order d; these are the elements γ (q−1)i/d where gcd(i, d) = 1. Definition 3.3.6. An element ξ ∈ Fq is an nth root of unity provided ξ n = 1, and is a primitive nth root of unity if in addition ξ s 6= 1 for 0 < s < n. A primitive element γ ∈ Fq is a primitive (q − 1)st root of unity. By theorem 3.3.1 the field Fq contains primitive nth root of unity if and only if n|(q − 1), in which case γ (q−1)/n is a primitive nth root of unity. 3.4 Constructing finite fields Definition 3.4.1. An integral domain is a commutative ring R with unity such that the product of two nonzero elements in the ring is also nonzero. In fact Fq [x] is an integral domain. Definition 3.4.2. A non constant polynomial f (x) ∈ Fq [x] is irreducible over Fq provided it dose not factor into a product of two polynomials in Fq [x] of smaller degree. Definition 3.4.3. The ring Fq [x] is a unique factorization domain and every polynomial in Fq [x] is factored into a product of irreducible polynomials in unique form. 63 Theorem 3.4.1. Let f (x) be a non constant polynomial. Then f (x) = p1 (x)a1 p2 (x)a2 · · · pakk (x), where each pi (x) is irreducible, the pi (x)0 s are unique up to scalar multiplication and the a0i s are unique Definition 3.4.4. An ideal I in a commutative ring R is a nonempty subset of the ring that is closed under subtraction such that the product of an element in I with an element in R is always in I. Definition 3.4.5. The ideal I is a principal ideal in a ring R if there exists a ∈ R, such that I = {ra|r ∈ R}, this is denoted by (a). A principal ideal domain is an integral domain in which each ideal is principal. In fact Fq [x] is a principal ideal domain. Theorem 3.4.2. Let F be a field. The ideal (f (x)) is maximal in Fq [x] if and only if f (x) is irreducible polynomial. Theorem 3.4.3. Every P ID is U F D. Theorem 3.4.4. If f (x) is irreducible of degree m in Fp [x], then the residue class ring Fp [x]/(f (x)) is a field contains q = pm elements. Every element in the field Fp [x]/(f (x)) is a coset g(x) + (f (x)) where deg g(x) ≤ m − 1. We can write each coset or each element in Fq [x] = Fp [x]/(f (x)) as a vector in Fm p with the correspondence, gm−1 xm−1 + gm−2 xm−2 + · · · g1 x + g0 + (f (x)) ↔ gm−1 gm−2 · · · g1 g0 . Example 3.4.1. We construct the field GF (24 ) as a ring of polynomials over F2 = {0, 1} modulo the polynomial f (x) = x4 + x + 1. f (x) is irreducible polynomial over F2 , so F16 = F2 [x]/(f (x)), the elements of F16 are given the following table, where x = α = 0α3 + 0α2 + 1α + 0 · 1. 64 Cosets elements Vectors in F42 0 + (f (x)) 0 0000 1 + (f (x)) α0 = 1 0001 x + (f (x)) α 0010 x2 + (f (x)) α2 0100 x3 + (f (x)) α3 1000 x + 1 + (f (x)) α + 1 = α4 1000 x2 + 1 + (f (x)) α2 + 1 = α8 0101 x3 + 1 + (f (x)) α3 + 1 = α14 1001 x2 + x + (f (x)) α2 + α = α5 0110 x3 + x + (f (x)) α3 + α = α9 1010 x3 + x2 + (f (x)) α3 + α2 = α6 1100 x3 + x + 1 + (f (x)) α3 + α + 1 = α7 1011 x3 + x2 + 1 + (f (x)) α3 + α2 + 1 = α13 1101 x2 + x + 1 + (f (x)) α2 + α + 1 = α10 0111 x3 + x2 + x + (f (x)) α3 + α2 + α = α11 1110 x3 + x2 + x + (f (x)) α3 + α2 + α + 1 = α12 1111 Where α4 = α + 1, α5 = αα4 = α(α + 1) = α2 + α, α9 = α5 α4 = (α2 + α)(α + 1) = α3 + α2 + α2 + α = α3 + α. Adding x + (f (x)) to x3 + x + 1 + (f (x)) gives x3 + 1 + (f (x)), which corresponds to adding 0010 to 1011 and obtaining 1001 ∈ F42 . How we multiply?. To multiply g1 (x) + (f (x)) times g2 (x) + (f (x)), first use the division algorithm to write, g1 (x)g2 (x) = f (x)h(x) + r(x) when deg r(x) ≤ m − 1 or r(x) = 0 (g1 (x) + (f (x)))(g2 (x) + (f (x))) = r(x) + (f (x)). We can simplify if we replace x by α and let f (α) = 0, g1 (α)g2 (α) = r(α) and we extend our correspondence to gm−1 gm−2 · · · g1 g0 = gm−1 αm−1 + gm−2 αm−2 · · · g1 α + g0 . 65 So to multiply in Fq we simply multiply polynomials in α in the ordinary way and use the equation f (α) = 0 to reduce powers of α higher than m − 1 to polynomials in α of degree less than m. The subset {0αm−1 + 0αm−2 + · · · + 0α + a0 : a0 ∈ Fp } = {a0 : a0 ∈ Fp } = Fp . We describe the construction of obtaining Fq from Fp by adjoining a root α of f (x) to Fp , this root is given by α = x + (f (x)) in Fq = Fp [x]/(f (x)) therefore g(x) + (f (x)) = g(α) and f (α) = f (x + (f (x))) = f (x) + (f (x)) = 0 + (f (x)). Definition 3.4.6. An irreducible polynomial over Fp of degree m is called primitive provided if it has a root that is primitive element of Fq = Fpm Theorem 3.4.5. For any prime p and any positive integer m, there exists a finite field, unique up to isomorphism, with q = pm elements. Remark 3.4.1. In the construction of Fq by adjoining a root of an irreducible polynomial f (x) to Fp , the field Fp can be replace by any finite field Fr , where r is a power of p and f (x) be an irreducible polynomial of degree m in Fr [x] for some positive integer m. The field constructed contains Fr as a subfield is of order rm . 3.5 Subfields Let Fq be a field with primitive element of order q − 1 = pm − 1. If Fs is a subfield of Fq then Fs has a primitive element of order s − 1 where (s − 1)|(q − 1) because the identity element 1 is the same for both Fq and Fs . Fs has charactrristic p and s = pr . So (pr − 1)|(pm − 1). Lemma 3.5.1. Let a > 1 be an integer. Then (ar − 1)|(am − 1) if and only if r|m. m r Proof. If r|m, then m = rh and a − 1 = (a − 1) h−1 X i=0 arh − 1 am − 1 = (ar − 1) r . a −1 66 ir a because h−1 X i=0 air = arh − 1 =⇒ ar − 1 Conversely, by division algorithm, let m = rh + n, 0 ≤ u < r, then am − 1 arh+u − 1 arh+u − 1 + au − au arh · au − au au − 1 au (arh − 1) au − 1 = = = + = + r . ar − 1 ar − 1 ar − 1 ar − 1 ar − 1 ar − 1 a −1 Since r|rh, =⇒ au −1 ar −1 arh −1 ar −1 is integer, also < 1 a contradiction, since am −1 ar −1 is integer, then au −1 ar −1 = 0 =⇒ u = 0 =⇒ r|m. Remark 3.5.1. (xs−1 − 1)|(xq−1 − 1) if and only if (s − 1)|(q − 1) thus (xs − x)|(xq − x) if and only if (s − 1)|(q − 1). So if s = pr , q = pm , (xs − x)|(xq − x) if an only if r|m. Lemma 3.5.2. Let s = pr , q = pm . Then (xs − x)|(xq − x) if an only if r|m. Proof. (xs − x)|(xq − 1) if and only if xs−1 − 1|xq−1 − 1 if and only if s − 1|q − 1 if and only if pr − 1|pm − 1 if and only if r|m. Theorem 3.5.3. When q = pm , (i) Fq has a subfield of order s = pr if and only if r|m, (ii) the elements of the subfield Fs are exactly the elements of Fq that are roots of xs − x, and (iii) for each r|m there is only one subfield Fpr of Fq . Proof. Let s = pr and q = pm . Then by previous lemma 3.5.2 (xs − x)|(xq − x) if and only if r|m if and only if pr − 1|pm − 1. Since xq − x siplits into linear factors over Fq = Fpm , so does xs − x siplits into linear factors over Fs = Fpr . So Fq contains all the roots of xr − x in Fs implies Fs is a subfield of Fq and Fs contains s = pr elements which are the roots of xs − x. Corollary 3.5.4. If γ is a primitive element of Fq and Fs is a subfield of Fq , then the elements of Fs are {0, 1, α, · · · , αs−2 }, where α = γ (q−1)/(s−1) . Proof. The elements of Fs are the roots of the polynomial xs − x = x(xs−1 − 1), so Fs has s elements. If x = 0 then 0s = 0. If x 6= 0, x = α = γ (q−1)/(s−1) =⇒ xs−1 = αs−1 = γ q−1 = 1 =⇒ xs = x =⇒ α is a root of xs − x, and α is a generator of F∗s so all elements of Fs are {0, 1, α, · · · , αs−2 } 67 3.6 Field automorphisms Definition 3.6.1. An automorphism σ of Fq is a bijection (isomorphism) σ : Fq =⇒ Fq such that σ(α + β) = σ(α) + σ(β) and σ(αβ) = σ(α)σ(β) for all, α, β ∈ Fq . Definition 3.6.2. (Frobenius automorphism) is defined by σp (α) = αp for all α ∈ Fq . σp (αβ) = σp (α)σp (β) and σp (α + β) = σp (α) + σp (β),, ker(σp ) = {0}. So σp is an automorphism of Fq , called the Frobenius automorphism. r Simellarly σpr (α) = αp is also a Frobenius automorphism. Definition 3.6.3. The set of all aoutomorphism of a field Fq onto itself is a group under composition of functions denoted by Gal(Fq ) called the Galois group of Fq . Theorem 3.6.1. (i) Gal(Fq ) is cyclic of order m and is generated by the Forbenius automorphism σp . (ii) The prime subfield of Fq is precisely the set of elements in Fq such that σp (α) = α. (iii) The subfield Fq of Fqt is precisely the set of elements in Fqt such that σq (α) = α. Proof. (i) Let γ be a primitive element of Fq = Fpm . Thus γ has order q − 1 = pm − 1, 2 m −1 and its minimal polynomial m(x) has roots, γ, γ p , γ p , · · · , γ p . Now let f (x) be a polynomial over Fp . Since an automorphism τ of Fpm over Fp fixes the coefficients of f (x), we see that f (α) = 0 if and only if f (τ (α)) = 0. In otherwords, τ permutes the roots of f (x) that lie in Fpm . In particular, τ σ must send i the root γ of m(x) to another root, say τ (γ) = γ q . But since γ is a primitive element i of Fpn , τ is completely determend by its value on γ, and since σpi (γ) = γ p = τ (γ). We denote τ = σpi . Hence all automorphism of Fq = Fpn over Fp have the form σpi for some i. (ii) Let F = {α ∈ Fq : σp (α) = α}. Let a, b ∈ F, then σp (a − b) = σp (a) − σp (b) = a − b. σp (ab) = σp (a)σp (b). So a − b ∈ F, ab ∈ F. 68 (iii) Let Fq = {α ∈ Fqt : σq (α) = α}. Let a0 , b0 ∈ Fq then σq (a0 − b0 ) = σq (a0 ) − σq (b0 ) = a0 − b0 . Also σq (a0 b0 ) = σq (a0 )σq (b0 ) = a0 b0 ∈ Fq ∴ Fq is a subfield of Fpt . Remark 3.6.1. Gal(Fq ) is a cyclic group (denote automorphism of Fq = Fpm with Fp fixed). The generator of Gal(Fq ) is the Frobinous automprphism. Remark 3.6.2. We use σp to denote the Forbenius automorphism of any field of characteristic p. If E and F are fields of characteristic p with E an extension field of F, then the Forbenius automorphism of E when restricted to F is the Frobenius automorphism of F. An element α ∈ F is fixed by an automorphism σ of F provided σ(α) = α. Let r|m. Then σpr generates a cyclic subgroup of Gal(Fq ) of order m/r. The elements of Fq fixed by this subgroup are precisely the elements of the subfield of Fpr . We let Gal(Fq : Fpr ) denote automorphisms of Fq which fix Fpr . Theorem 3.6.2. Gal(Fq : Fpr ) is the cyclic group generated by σpr . Proof. The Forbinous automorphism is a generator of the cyclic group Gal(Fq : Fp ). Gal(Fq ) = Gal(Fq : Fp ) = {σ i : 0 ≤ i ≤ m−1}. The group Gal(Fq : Fpr ) is a subgroup of Gal(Fq ) r because σpr (α) = αp = σpr (α) ∈ Gal(Fq : Fpr ) =⇒ σpr ∈ Gal(Fq ) =⇒ Gal(Fq : Fpr ) ⊆ Gal(Fq ). The subgroups of Gal(Fq ) are cyclic, so ◦(σpr ) = ◦(σpr ) = m/r. Since m (σpr (α))m/r = σpm (α) = αp = α, so (σpr )m/r = σpm =⇒ σpr is a generator of Gal(Fq : Fpr ) =⇒ |Gal(Fq : Fpr )| = m/r. 3.7 Cyclotomic cosets and minimal polynomilals Definition 3.7.1. If E is the extension field Fq , then E is a vector space over Fq , and t E = Fqt for some positive t. Each element α ∈ E is a root of the polynomial xq − x. Thus there is a monic polynomial Mα (x) in Fq [x] of smalest degree which has α as a root, this polynomial is called the minimal polynomial of α over Fq . 69 Theorem 3.7.1. Let Fqt be an extension field of Fq and let α be an element of Fqt with minimal polynomail polynomial Mα (x) in Fq [x]. The following hold: (i) Mα (x) is irreducible over Fq . (ii) If g(x) is any polynomial in Fq [x] satisfying g(α) = 0, then Mα (x)|g(x). (iii) Mα (x) is unique, that is there is only one monic polynomial in Fq [x] of smallest degree which has α as a root. Proof. (i) If Mα (x) is reducible then Mα (x) = u(x)v(x), with degu(x) < degMα (x) and degv(x) < degMα (x). Then u(α)v(α) = 0. So either u(α) = 0 or v(α) = 0. Contradictin, because Fq [x] is an integral domain and Mα (x) is of minimal degree over Fq [x] having α as a root. (ii) Let I = {g(x) ∈ Fq [x] : g(α) = 0}. I is an ideal of Fq [x] because if g1 (x), g2 (x) ∈ I then g1 (α) − g2 (α) = 0 =⇒ g1 (x) − g2 (x) ∈ I and if g(x) ∈ I and f (x) ∈ Fq [x] =⇒ g(α)f (α) = 0 =⇒ g(x)f (x) ∈ I then I is an ideal of Fq [x]. Also I 6= 0 because α is a root of a non zero polynomial over Fq , where α ∈ Fqt with minimal polynomial Mα (x). But Fq [x] is P.I.D, hence there exist a generator h(x) for I. I = hh(x)i. Let p1 (x) be the polynomial of minimal degree that generates I. If p1 (x) = a0 + a1 x + · · · + at xt then Mα (x) = 1 (p1 (x)) at is a monic polynomial that generates I having minmal degree. I = hMα (x)i and Mα (x) is of minimal degree. Let g(x) ∈ I, since Mα (x) 6= 0, so by division algorithm there exists q(x), r(x) ∈ Fq [x] 3 g(x) = q(x)Mα (x) + r(x), where r(x) = 0 or deg r(x) < deg Mα (x), but g(α) = g(α)Mα (α) + r(α) =⇒ r(α) = 0. If r(x) 6= 0, then we get a contradiction, because Mα (x) is of minimal degree, hence r(x) = 0 and so g(x) = q(x)Mα (x), so Mα (x)|g(x). 0 0 (iii) Assume that hMα (x)i = hMα (x)i where Mα (x) and Mα (x) are monic irreducible 0 polynomial. Then Mα (x) = Mα (x) since both are monic generated the same ideal, so Mα (x) is unique. 70 Theorem 3.7.2. Let f (x) be a monic irreducible polynomial over Fq of degree r. Then (i) all the roots of f (x) lie in Fqr and any field containing Fq along with one root of f (x), r Y (ii) f (x) = (x − αi ), where αi ∈ Fqr for 1 ≤ i ≤ r, and i=1 qr (iii) f (x)|x − x. Proof. (i) Let α be a root of f (x) which we adjoin to Fq to form a field Eα with q r elements. If β is another root of f (x), not in Eα it is a root of some irreducible factor, over Eα of f (x). Adjoining β to Eα forms an extension field E of Eα . However, inside E, there is a subfield Eβ obtained by adjoining β to Fq . Eβ must have q r elements because f (x) is irreducible of degree r over Fq . Since Eα and Eβ are subfields of E of same size, then by theorem 3.5.3(iii) Eα = Eβ proving that all roots of f (x) lie in Fqr . Since any field containing Fq and one root of f (x) contains Fqr , so part (i) follows. (ii) If αi ∈ Fqr is a root of f (x) for 1 ≤ i ≤ r then (x − αi ) is a factor of f (x), then r Y f (x) = (x − α1 )(x − α2 ) · · · (x − αr ) = (x − αi ). i=1 r (iii) Every element of Fqr is a root of the polynomial xq − x, therefore x − α is a factor r Y Y r qr q of x − x ∀α ∈ Fqr =⇒ x − x = (x − α). Since f (x) = (x − αi ), then α∈Fqr r i=1 f (x)|xq − x. Theorem 3.7.3. Let Fqt be an extension field of Fq and let α be an element of Fqt with minimal polynomial Mα (x) in Fq [x]. The following hold: t (i) Mα (x)|xq − x. (ii) Mα (x) has distinct roots all lying in Fqt . (iii) The degree of Mα (x) divides t. 71 t (iv) xq − x = Y Mα (x) where α runs through some subset of Fqt which enumerates the α minimal polynomial of all elements of Fqt exactly once. t (v) xq − x = Y f (x), where f runs through all monic irreducible polynomials over Fq f whose degree divides t. Proof. (i) If α ∈ Fqt and if g(x) is any polynomial in Fq [x] satisfying g(α) = 0, then t t Mα (x)|g(x). But g(x)|xq − x =⇒ Mα (x)|xq − x. t t (ii) Since the roots of xq − x are the q t elements of Fqt , xq − x has distinct roots and so by part (i) and part (i) of theorem 3.7.2 implies Mα (x) has distinct roots all lying in Fqt . (iii) If Mα (x) has degree r, adjoining α to Fq gives the subfield Fqr = Fpmr of Fqt = Fpmt then by theorem 3.5.3 mr|mt then r|t. t (iv) There exist irreducible polynomial pi (x) over Fq such that xq − x = n Y pi (x). As i=1 t xq − x has distinct roots, the factors pi (x) are distinct. By scaling them, we assume t that each is monic as xq − x is monic. So pi (x) = Mα (x) for any α ∈ Fqt , with Y t pi (α) = 0 =⇒ xq − x = Mα (x). α (v) Follows from (iv) if we show that every monic irreducible polynomial over Fq of t t degree r dividing t is a factor of xq − x. But f (x)|xq − x by theorem 3.7.2 (iii). Y r t t Since mr|mt, xq − x|xq − x =⇒ xq − x = f (x). f Definition 3.7.2. Two elements of Fqt which have the same minimal polynomial in Fq [x] are called conjugate over Fq . Remark 3.7.1. All the roots of Mα (x) are distinct and lie in Fqt , so they are conjugates, we can fiend them by the following theorem. Theorem 3.7.4. Let f (x) be a polynomial in Fq [x] and let α be a root of f (x) in some extension field Fqt . Then: 72 (i) f (xq ) = f (x)q , and (ii) αq is also a root of f (x) in Fq . n X ai xi . Since q = pm , where p is the charactrristic of Fq , then Proof. (i) Let f (x) = q f (x) = ( n X i=0 i q ai x ) = i=0 n X aqi xiq , but aqi = ai ∀ai ∈ Fq because the elements in Fq are i=0 q q the roots of x − x =⇒ f (x) = n X ai xiq = f (xq ). i=0 q (ii) f (α ) = n X i=0 iq ai α = n X ai αi = f (α) = 0 = f (α)q =⇒ αq is a root of f (x) in Fq . i=0 2 Remark 3.7.2. By theorem 3.7.4 α, αq , αq , · · · are all roots of Mα (x). This sequence will r stop after r terms, where αq = α. r If γ is a primitive element of Fqt . Then α = γ s for some s.Hence αq = α if and only if r γ sq = γ s if and only if γ sq r −s = 1. By theorem 3.3.1 (γ i = 1 if and only if q − 1|i), So q t − 1|sq r − s =⇒ sq r ≡ s(mod q t − 1). Definition 3.7.3. The set of q- cyclotomic cosets of s modulo q t − 1 is the set Cs = {s, sq, · · · , sq r−1 } (mod q t − 1), where r is the smallest positive integer such that sq r ≡ s (mod q t − 1). the set Cs partition the set {0, 1, 2, · · · , q t − 2} of integers into disjoint sets. Example 3.7.1. The 2- cyclotomic cosets modulo 15 are C0 = {0}, C1 = {1, 2, 4, 8}, C3 = {3, 6, 12, 9}, C5 = {5, 10} and C7 = {7, 14, 13, 11}. Remark 3.7.3. The roots of Mα (x) = Mγ s (x) include {γ i |i ∈ Cs }. In fact these are all the roots of mα (x). So if we know the size of Cs , we know the degree of Mγ s (x), as these are the smae. Theorem 3.7.5. If γ is a primitive element of Fqt , then the minimal polynomial of γ s = α over Fq is Mγ s (x) = Y i∈Cs 73 (x − γ i ). Proof. We will claim that, Y f (x) = (x − γ i ) = X f j xj j i∈Cs is a polynomial in Fq [x] not in Fqt [x]. Y Y Let g(x) = f (x)q . Then g(x) = (x − γ i )q = (xq − γ qi )( Because if q = pr , (x − r r i∈Cs r γ i )p = xp − γ ip = xq − γ iq ). i∈Cs As Cs is a q− cyclotomic coset, qi runs through Cs as i does. Then g(x) = f (xq ) = P P P q qj qj q q j q j fj x , but g(x) = f (x ) = f (x) = ( j fj x ) = j fj x . Equating coefficients, we have fjq = fj and hence by theoerm 3.6.1 (iii)(The subfield Fq of Fqt is precisely the set of elements in Fqt such that σq (α) = α), then f (x) ∈ Fq [x]. Example 3.7.2. We are constructed F16 previously using the irreducible polynomial x4 + x+1 over F2 . With α as a root of this polynomial, we give the minimal polynomial over F2 of each element of F16 and the associated 2− cyclotomic coset modulo 15 in the table below. Rooots Minimal polynomial 2-cyclotomic coset 0 x 1 x+1 {0} α, α2 , α4 , α8 x4 + x + 1 {1, 2, 4, 8} α3 , α6 , α9 , α12 x4 + x3 + x2 + x + 1 {3, 6, 9, 12} α5 , α10 x2 + x + 1 {5, 10} α7 , α11 , α13 , α14 x4 + x3 + 1 {7, 11, 13, 14} The factorization of x15 − 1 into irreducible polynomials in F2 [x] is (x + 1)(x4 + x + 1)(x4 + x3 + x2 + x + 1)(x2 + x + 1)(x4 + x3 + 1). 74 Chapter 4 Cyclic codes Introduction A linear code C of length n over Fq is cyclic provided that for each vector c = c0 c1 · · · cn−2 cn−1 in C the vector cn−1 c0 c1 · · · cn−2 obtained from c by the cyclic shift of coordinate i 7−→ i + 1 (mod n), is also in C. So a cyclic code contains all n cyclic shifts of any codeword. We will represent the codewords in a polynomial form. If c0 c1 · · · cn−2 cn−1 ∈ Fnq then c(x) = c0 + c1 x + · · · + cn−1 xn−1 ∈ Fq [x] of degree at most n − 1. We order the terms of our polynomial from smallest to largest degree. If c(x) = c0 + c1 x + · · · + cn−1 xn−1 , then xc(x) = cn−1 xn c0 x + c1 x2 + · · · + cn−2 xn−1 which would represent the codeword c cyclically shifted one to right, if xn = 1. Cylcic code C is invariant under a cyclic shift implies that if c(x) is in C, then so is xc(x) provided we multiply modulo xn − 1. Remark : (1) A linear code C is cyclic if and only if c(x) ∈ C =⇒ x · c(x) (mod xn − 1) ∈ C. It follows that when c(x) is a codeword in a cyclic code, so are the words xi · c(x)(mod xn − 1) for i ≥ 0. (2) By linearity we conclude that in a cyclic code C, c(x) ∈ C =⇒ u(x)c(x)(mod xn − 1) ∈ C for every u(x) ∈ Fq [x], hence C is an ideal in Rn = Fq [x]/(xn − 1). 75 4.1 Factoring xn − 1 For f (x) = a0 + a1 x + · · · + an xn ∈ Fq [x] define the formal derivative of f (x) to be the polynomial f 0 (x) = a1 + 2a2 x + · · · + nan xn−1 ∈ Fq [x]. From this definition, show that the following rules hold: (a) (f + g)0 (x) = f 0 (x) + g 0 (x) (b) (f g)0 (x) = f 0 (x)g(x) + f (x)g 0 (x). (c) f (x)m )0 = m(f (x)m−1 )f 0 (x) for all positive integers m. (d) If f1 (x)a1 f2 (x)a2 · · · fn (x)an , where a1 , · · · , an are positive integers and f1 (x), · · · , f2 (x) are distinct and irreducible over Fq , the f (x) = f( x) · · · fn (x). gcd(f (x), f 0 (x)) (e) Show that f (x) has no repeated irreducible factors, if and only if f (x) and f 0 (x) are relatively prime. (f) Show that xn − 1 has no repeated irreducible factors, if and only if q and n are relatively prime. Proof. (f) Let c be a root of xn − 1 in an extension field E of Fq . Then xn − 1 = (x − c)(xn−1 + cxn−2 + c2 xn−3 + · · · cn−2 x + cn−1 ). Let f (x) = xn−1 + cxn−2 + · · · + cn−1 , f (c) = cn−1 + c · cn−2 + · · · + cn−1 = ncn−1 . Since q - n =⇒ f (c) 6= 0 =⇒ c is not a root of f (x) =⇒ xn − 1 has no repeated roots. ⇐= if f (c) = ncn−1 and q|n =⇒ f (c) = 0 =⇒ xn − 1 has repeated root. A contradiction. So q and n are relatively prime. A method of factoring xn − 1: Let Fqt be a field extension of Fq that contains all of the roots of xn − 1. Fqt contains a primitive nth root of unity when n|q t − 1. 76 Definition 4.1.1. The order ordn (q) of q modulo n is the smallest positive integer a such that q a ≡ 1(mod n). That is if q a ≡ 1(mod n) =⇒ ordn (q) = a. If t = ordn (q), then Fqt contains a primitive nth root of unity α, but no smaller extension field of Fq contains such a primitive root. As αi are distinct for 0 ≤ i < n and (αi )n = 1, Fqt contains all the roots of xn − 1. So Fqt is called a splitting field of xn − 1 over Fq . So the irreducible factors of xn − 1 over Fq must be the product of the distinct minimal polynomials of the roots of unity in Fq . Suppose γ is a primitive element of Fqt . Then α = γ d is a primitive nth root of unity where d= q t −1 . n 2 The roots of mα (x) are {γ ds , γ dsq , γ dsq , · · · , γ dsq r−1 2 } = {αs , αsq , αsq , · · · , αsq r−1 }, where r is the smallest positive integer such that dsq r ≡ ds(mod q t −1) (by theorem 3.7.6). But dsq r ≡ ds(mod q t −1) if and only if sq r ≡ s(mod n), because (dsq r ≡ ds(mod dn) =⇒ sq r ≡ s(mod n)). This leads us to extend the notion of q-cyclotomic cosets. Let s be an integer with 0 ≤ s < n. The q-cyclotomic cosets of s modulo n is the set Cs = {s, sq, · · · , sq r−1 } (mod n), where r is the smallest positive integer such that sq r ≡ s (mod n). It follows that Cs is the orbit of the permutation i 7−→ iq (mod n) that contins s. The distinct q− cyclotomic cosets modulo n partition the set of integers {0, 1, 2, · · · , n − 1} into disjoint sets. Theorem 4.1.1. Let n be a positive integer relatively prime to q. Let t = ordn (q). Let α be a primitive nth root of unity in Fqt . (i) For each integer s with 0 ≤ s < n, the minimal polynomial of αs over Fq is Mαs (x) = Q i i∈Cs (x − α ), where Cs is the q-cyclotomic cosets of s modulo n. (ii) The conjugates of αs are the elements αi with i ∈ Cs . (iii) Furthermore xn − 1 = Q s Mαs (x) in the factorization of xn − 1 into irreducible factors over Fq , where s runs through a set of representation of the q-cyclotomic cosets modulo n. 77 Example 4.1.1. Consider the polynomial x9 −1 over F2 . Since q = 2 and n = 9, then the 2− cyclotomic cosets of 9 are C0 {0}, C1 = {1, 2, 4, 8, 7, 5}, C3 = {3, 6}. So ordn (2) = 6 and the primitive ninth root of unity lie in F64 but no smaller extension field of F2 . Hence x9 − 1 factors into an irreducible factors as x9 − 1 = (x3 )3 − 1 = (x3 − 1( x6 + x3 + 1) = (x − 1)(x + x + 1)(x6 + x3 + 1). The polynomial mα0 (x) = M1 (x) = x + 1, Mα (x) = x6 + x3 + 1, Mα3 (x) = x2 + x + 1, where α is a primitive ninth root of unity in F64 . The only irreducible polynomial of degree 2 over F2 is x2 + x + 1 = Mα3 (x) (α3 is a primitive third root of unity in F64 . Theorem 4.1.2. The size of each q- cyclotomic coset is a divisor of ordn (q). Furthermore the size of C1 is ordn (q). Proof. Let t = ordn (q) and let m be the size of Cs . Then Mαs (x) has degree m where α is a primitive nth root of unity, so m|t by theorem 3.7.3 there exists a subfield Fqm = Fpmr of Fqt = Fpmt =⇒ mr|mt =⇒ m|t. The fact that the size of C1 is ordn (q) follows directly from the definitions of q− cyclotomic cosets and ordn (q) as mentioned prior to theorem 4.1.1, because C1 = {1, q, q 2 , · · · , q r−1 } (mod q t − 1), where r is the smallest positive integer such that q r ≡ 1 (mod q t − 1) =⇒ r = t. 4.2 Basic theory of cyclic codes The cyclic codes of length n over Fq are precisely the ideals of Rn = Fq [x]/(xn − 1), Fq [x] is principal ideal domain also the ring Rn is principal, hence cyclic codes are the principal ideal of Rn , when writing a codeword of a cyclic code as c(x), we technically mean the coset c(x) + (xn − 1) in Rn . We think the elements of Rn as the polynomial in Fq [x] of degree less than n with multiplication being carried out modulo xn − 1. To multiply two polynomials we multiply them as we would in Fq [x] and then replace any term of the form axni+j where 0 ≤ j < n by axi . Theorem 4.2.1. Let C be a nonzero cyclic code in Rn . There exists a polynomial g(x) ∈ C with the following properties: 78 (i) g(x) is the unique monic polynomial of minimum degree in C, (ii) C = hg(x)i, and (iii) g(x)|(xn − 1). let k = n − deg g(x), and let g(x) = Pn−k i=0 gi xi , where gn−k = 1. Then: (iv) The dimension of C is k and {g(x), xg(x), · · · , xk−1 g(x)} is a basis for C, (v) every element of C is uniquely expressible as a product g(x)f (x), where f (x) = 0 or deg f (x) < k, (vi) g g1 0 0 g0 G= ··· 0 g2 ··· g1 ··· ··· ··· g0 ··· gn−k 0 gn−k−1 gn−k ··· ··· ↔ g(x) xg(x) ··· gn−k xk−1 g(x) is a generator matrix for C, and (vii) if α is a primitive nth root of unity in some extension field of Fq , then g(x) = Y Mαs (x). s Where the product is over a subset of representatives of the q-cyclotomic cosets modulo n. Proof. Let g(x) be a monic polynomial of minimum degree in C. Since C is nonzero, such a polynomial exists. If c(x) ∈ C, then by division algorithm in Fq [x], c(x) = g(x)h(x)+r(x), where either r(x) = 0 or deg r(x) < deg g(x). As C is an ideal in Rn , r(x) ∈ C and the minimality of degree of g(x) implies r(x) = 0 =⇒ C = hg(x)i. To proof uniqueness: let g1 , g2 be two distinct monic polynomials of minimum degree m then g1 − g2 = 0 or deg g1 − g2 < m, a contradiction, then g1 = g2 . This gives (i) and (ii). (iii) By division algorithm xn −1 = g(x)h(x)+r(x), where r(x) = 0 or deg r(x) < deg g(x) 79 in Fq [x]. As xn −1 corresponds to the zero codeword in C and C is an ideal in Rn , r(x) ∈ C, a contradiction, unless r(x) = 0 =⇒ g(x)|xn − 1, proving (iii). Suppose that deg g(x) = n − k. By parts (ii) and (iii), if c(x) ∈ C with c(x) = 0 or deq c(x) < n, then c(x) = g(x)f (x) ∈ Fq [x]. If c(x) = 0, then f (x) = 0. If c(x) 6= 0, deg c(x) < n implies that deg f (x) < k, (because the degree of the product of two polynomials is the sum of degrees of polynomials.) Therefore C = {g(x)f (x)|f (x) = 0 or deg f (x) < k}. So C has dimension at most k and {g(x), xg(x), · · · , xk−1 g(x)} spans C. Since these k polynomials are of different degrees they are independent in Fq [x]. Since they are of at most n − 1, they remain independent in Rn , yielding (iv) and (v). The codewords in this basis, written as n− tuples, give G in part (vi). Part (vii) follows from theorem 4.1.1. Remark 4.2.1. (i) Rn = Fq [x]/(xn − 1) is a principal ideal ring. (ii) Part (vii) requires that gcd(n, q) = 1 because xn − 1 has no repeated roots if and only if gcd(n, q) = 1. Corollary 4.2.2. Let C be nonzero cyclic code in Rn . The following are equivalent: (i) g(x) is monic polynomial of minimum degree in C. (ii) C = hg(x)i, g(x) is monic, and g(x)|xn − 1. Proof. (i) =⇒ (ii) was shown in the proof of theorem 4.2.1. Assume (ii). Let g1 (x) be monic polynomial of minimum degree in C. By part (i) and (ii) of theorem 4.2.1 g(x) = g1 (x)h(x) + r(x), deg r(x) < deg g1 (x) or r(x) = 0 =⇒ g1 (x)|g(x) in Fq [x] and C = hg1 (x)i. As g1 (x) ∈ C = hg(x)i, g1 (x) = g(x)a(x)(mod xn − 1) =⇒ g1 (x) = g(x)a(x) + (xn − 1)b(x) ∈ Fq [x]. Since g(x)|xn − 1 =⇒ g(x)|g(x)a(x) + (xn − 1)b(x) or g(x)|g1 (x). As both g1 (x) and g(x) are monic and divide one another in Fq [x] =⇒ g1 (x) = g(x). Definition 4.2.1. The monic polynomial g(x)|xn −1, generating C is called the generator matrix polynomial of the cyclic code C. So there exists one to one correspondence between the nonzero cyclic codes and the divisors of xn − 1, not equal to xn − 1. 80 Remark 4.2.2. The generator of the zero cyclic code {0} is xn − 1. Corollary 4.2.3. The number of cyclic codes in Rn equals 2m is the number of q− cyclotomic cosets modulo n. Moreover, the dimension of cyclic codes in Rn are all possible sums of sizes of the q-cyclotomic cosets modulo n. Example 4.2.1. We showed that, over F2 , x9 − 1 = (x + 1)(1 + x + x62)(1 + x3 + x6 ), and so there are eight binary cyclic codes Ci of length 9 with generator polynomials gi (x) are given in the following table i dim gi (x) 0 0 1 + x9 1 1 (1 + x + x2 )(1 + x3 + x6 ) = 1 + x + x2 + x3 + x4 + x5 + x6 + x7 + x8 2 2 (1 + x)(1 + x3 + x6 ) = 1 + x + x3 + x4 + x6 + x7 3 3 1 + x3 + x 6 4 6 (1 + x)(1 + x + x2 ) = 1 + x3 5 7 1 + x + x2 6 8 1+x 7 9 1 Corollary 4.2.4. Let C1 and C2 be cyclic codes over Fq with generator polynomials g1 (x) and g2 (x) respectively. Then C1 ⊆ C2 if and only if g2 (x)|g1 (x). Proof. Let deg g1 (x) = t1 , deg g2 (x) = t2 . If g2 (x)|g1 (x) =⇒ deg g2 ≤ deg g1 =⇒ −deg g1 ≤ −deg g2 =⇒ n − deg g1 ≤ n − deg g2 =⇒ dimC1 ⊆ dimC2 . ⇐= if C1 ⊆ C2 =⇒ n − deg g1 ≤ n − deg g2 =⇒ deg g2 ≤ deg =⇒ g2 |g1 . Example 4.2.2. Consider R3 = F2 [x]/hx3 − 1i and consider the cyclic code C = h1 + xi, then dim C = 3 − 1 = 2 and C contains the codewords, 0, 1 + x, x(1 + x) = x + x2 , x2 (1 + x) = x2 +x3 = x2 +1 = (x+1)(x+1), because x3 = 1. Thus C = {0, 1+x, 1+x2 , x+x2 } = {000, 110, 101, 011}. Also we can verify that h1 + x2 i = {f (x)(1 + x2 )|f (x) ∈ R3 } = C and so C is generated by the polynomial 1 + x2 as well. 81 Example 4.2.3. x9 − 1 factors over F2 into irreducible factors x9 − 1 = (x + 1)(x2 + x + 1)(x6 + x3 + 1). Consider C = hx6 + x3 + 1i, therefore dim C = 9 − 6 = 3 x6 + x3 + 1 1 0 0 1 G = x(x6 + x3 + 1) = 0 1 0 0 2 6 3 x (x + x + 1) 0 0 1 0 and has generator matrix, 0 0 1 0 0 1 0 0 1 0 0 1 0 0 1 Theorem 4.2.5. The dual code of a cyclic code is cyclic. Proof. If a · b = 0, then π(a) · π(b) = 0, where π is the cyclic shift. As a · b = a0 b0 + a1 b1 + · · ·+an bn then π(a)·π(b) = an bn +a1 b1 +· · ·+a0 b0 = 0. Consider the cyclic code C which is generated by the word v; so C = {v, π(v), π ( v), · · · , π n−1 (v)}. If u ∈ C ⊥ =⇒ π i (v) · u = 0, for i = 0, · · · , n − 1. However this means that π i+1 (v).π(u) = 0 =⇒ π(u) is orthogonal to C, because π n (v) = v. Since u ∈ C ⊥ =⇒ π(u) ∈ C ⊥ =⇒ C ⊥ is cyclic. Definition 4.2.2. The generator matrix of the dual code of cyclic code C is the parity check matrix of the original cyclic code. Theorem 4.2.6. Let C be an [n, k] cyclic code with generator polynomial g(x). Let h(x) = k X n n (x − 1)/g(x) = (x − 1)/g(x) = hi xi . Then the generator polynomial of C ⊥ is g ⊥ (x) = xk h(x−1 ) . h(0) is i=0 Furthermore, a generator matrix for C ⊥ , and hence a parity check matrix for C hk hk−1 hk−2 · · · 0 H= 0 h0 h1 0 hk hk−1 · · · h0 ··· ··· ··· ··· ··· hk ··· h0 Proof. he dual of a cyclic code is cyclic, we will show that g ⊥ (x) divides xn − 1, then we will know that it is the generator polynomial for a cyclic code hg ⊥ (x)i that has generator matrix H, and so hg ⊥ (x)i = C ⊥ . Let h(x)g(x) = xn − 1, then h(0)g(0) = −1 =⇒ h(0) = −1 since g(0) = 1 as g(x) = g0 + g1 x + · · · + gn−k xn−k , gn−k = 1. 82 =⇒ h(x−1 )g(x−1 ) = x−n − 1, xn h(x−1 )g(x−1 ) = 1 − xn , xk h(x−1 ) · xn−k g(x−1 ) = 1 − xn , xk h(x−1 ) h(0) · xn−k g(x−1 ) = xn − 1, g ⊥ · xn−k g(x−1 ) = xn − 1, =⇒ g ⊥ (x)|xn − 1 ∴ g ⊥ (x) is a generator polynomial of C ⊥ . Since g(x) is the generator polynomial for C, and h(x) = xn −1 , g(x) then g(x)h(x) = 0. If c(x) ∈ C, then c(x)h(x) = 0. Now deg (c(x)h(x) < n + k = n + n − deg g(x) = 2n − deg g(x), from this we deduce that the coefficients of xk , xk+1 , · · · , xn−1 in the product c(x)h(x) must be 0, that is c0 hk + c1 hk−1 + · · · + ck h0 = 0, c1 hk + c2 hk−1 + · · · + ck+1 h0 = 0, ··· ··· ··· ··· cn−k−1 hk + cn−k hk−1 + · · · + cn−1 h0 = 0.. But this is equivalent to c0 c1 · · · cn−1 )H ⊥ = 0, and so H generates a code C 0 that is orthogonal to C, that is C 0 ⊂ C ⊥ . However, sim=nce hk 6= 0, it follows that dim (C 0 ) = deg g(x) and so C 0 = C ⊥ =⇒ H is the parity check matrix for C. Example 4.2.4. The code C = hx6 + x3 + 1i has generator polynomial g(x) = x6 + x3 + 1 and has dimension k = 9 − 6 = 3. ∴ h(x) = x9 −1 g(x) = (1 + x)(1 + x + x2 ) = 1 + x3 . The generator polynomial of C ⊥ is g ⊥ (x) = xk h(x−1 ) h(0) 83 = x3 (1+x−3 ) 1 = x3 + 1, ∴ The generator matrix for C bot is 1 0 0 H= 0 0 0 Remark 4.2.3. 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 0 0 1 (i) The polynomial h(x) is called the check polynomial for a cyclic code C it is not the generator polynomial for C ⊥ . (ii) The polynomial g ⊥ (x) = xk h(x−1 ) h(0) is called the reverse polynomial of the check poly- nomial h(x) and g ⊥ (x) is the generator polynomial for C ⊥ . If h(x) = h0 + h1 x + · · · + hk xk , then the generator polynomial of C ⊥ is g ⊥ (x) = xk h(x−1 ) h(0) = h−1 (0)(xk )(h0 + h1 x−1 + · · · + hk x−k ) = h−1 (0)(h0 xk + h1 xk−1 + · · · + hk )= h−1 (0)(hk + hk−1 + · · · + h0 xk ) Theorem 4.2.7. Let C be a cyclic code over Fqt . Then C|Fq is also cyclic. Proof. Since C is cyclic code over Fqt , there exists a generator polynomial g(x) over Fqt [x] that generates C and C = hg(x)i, g(x)|xn − 1 such that gcd(q t , n) = 1 and g(x) containing a primitive nth root of unity of the extension field Fqs of Fqt , when n|(q t )s − 1. Since Fqt contains a primitive nth root of unity, so there exists g( x) over Fq and g1 (x)|xn − 1, gcd(q, n) = 1 so C|Fq = hg1 (x)i, so C|Fq is cyclic. Encoding and decoding cyclic codesThere is three ways to encode the cyclic codes. If C is a cyclic code of length n over Fq with generator polynomial g(x) of degree n − k, so C has dimension k. The first way:(This method is non systematic) Let G be the generator matrix obtained 84 from the shifts of g(x) in Theorem 4.2.1 g(x) g ··· 0 xg(x) 0 g0 = G= ··· ··· xk−2 g(x) 0 gn−k ··· 0 gn−k ··· g0 ··· . gn−k To encode the message m ∈ Fkq as the codeword c = mG, let m(x) = a0 + a1 x + · · · + ak−1 xk ∈ Fq [x]. Then to encode m(x) as a codeword c(x) by forming the product c(x) = m(x)g(x). Example 4.2.5. Let C be a cyclic code of length 15 with generator polynomial g(x) = (1 + x + x4 )(1 + x + x2 + x3 + x4 ). Encode the message m(x) = 1 + x2 + x5 using the first encoding procedure. Solution: g(x) = (1 + x + x4 )(1 + x + x2 + x3 + x4 ) = 1 + x4 + x6 + x7 + x8 . Then c(x) = m(x)g(x) = (1 + x2 + x5 )(1 + x4 + x6 + x7 + x8 ) = 1 + x2 + x4 + x5 + x7 + x10 + x11 + x12 + x13 as a vector in F15 2 = (101001101001111). The secod way of encoding cyclic codes:(This method is systematic). The polynomial m(x) associated to the message is of degree at most k − 1 or (the zero polynomial). The polynomial xn−k m(x) has degree at most n − 1 and has its first n − k coefficients equals to 0. Thus the message is contained in the coefficients of xn−k , xn−k+1 , · · · , xn−1 . By the division algorithm, xn−k m(x) = g(x)a(x) + r(x), where deg r(x) < n − k or r(x) = 0. Let c(x) = xn−k m(x) − r(x), as c(x) is a multiple of g(x), c(x) ∈ C. Also c(x) differes from xn−k m(x) in the coefficients of 1, x, · · · , xn−k−1 as deg r(x) < n−k. So c(x) contains the message m in the coefficients of the terms of degree at least n − k. Example 4.2.6. Encode the message m(x) = 1 + x2 + x5 using the second encoding procedure.( The systematic encoding). Solution:Since from previous example g(x) = 1 + x4 + x6 + x7 + x8 , n = 15, k = n − deg g(x) = 15 − 8 = 7 85 ∴ xn−k = x15−7 = x8 =⇒ xn−k m(x) = x8 (1 + x2 + x5 ) = x8 + x10 + x13 . By dividing x8 + x10 + x13 by g(x) = 1 + x4 + x6 + x7 + x8 we get x13 + x10 + x8 = (x5 + x4 + x + 1)g(x) + (x6 + x + 1) where a(x) = x613 + x10 + x8 and r(x) = x6 + x + 1. c(x) = x13 + x10 + x8 + x6 + x + 1. The message is contained in the coefficients xn−k , xn−k+1 , · · · , xn−1 systematics. The third method of encoding: this method is systematic. Let C = hg(x)i be a cyclic code. Let g ⊥ (x) be the generator polynomial of C ⊥ and C is an [n, k]-code. If c = (c0 c1 · · · cn−1 ) ∈ C once c0 c1 · · · ck−1 are known, then the remaining components ck , · · · , cn−1 are determined form Hc⊥ = 0, where H is the parity check matrix. We can scale the rows of H so that its rows are shifts of the monic polynomial g ⊥ (x) = h00 + h01 x + · · · + h0k−1 xk−1 + xk . To encode C, we chose k information bits k−1 X c0 c1 · · · ck−1 , then ci = − h0j ci−k+j , where the computation ci is performed in the order j=0 i = k, k + 1, · · · , n − 1. Example 4.2.7. Encode the message m(x) = 1 + x2 + x5 using the third encoding procedure. Solution: h(x) = x15 −1 , g(x) where g(x) = 1 + x4 + x6 + x7 + x8 . Then h(x) = x7 + x6 + x4 + 1. n = 15, deg g(x) = 8 =⇒ k = 7. g ⊥ (x) = xk h(x−1 )/h(0) = x7 (x−7 + x−6 + x−4 + 1)/1 = 1 + x + x3 + x7 . h0 = 1, h1 = 1, h2 = 0, h3 = 1, h4 = 0, h5 = 0, h6 = 0, h7 − 1. 1 + x + x3 + x 7 x + x2 + x4 + x8 2 x + x 3 + x5 + x9 1 + x + x3 + x7 ⊥ xg (x) = x(1 + x + x3 + x7 ) x3 + x4 + x6 + x10 = H= 4 .. x + x5 + x7 + x11 . 5 7 3 7 x + x6 + x8 + x12 x (1 + x + x + x ) 6 x + x7 + x9 + x13 x7 + x8 + x10 + x14 86 1 1 0 0 1 1 0 0 1 = ··· ... 0 0 0 1 0 0 1 0 0 0 0 1 0 0 1 0 0 1 0 1 0 0 1 0 ··· ... 0 0 ··· ... 0 1 ··· ... 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 . ··· ... ... 0 0 0 1 0 Let the information bits are (c0 c1 · · · c6 ), since m(x) = 1 + x2 + x5 ←→ (1010010). Then 6 X c7 = − hj c7−7+j = +(h0 c0 + h1 c2 + h2 c2 + · · · + h6 c6 ) = (c0 + c1 + 0 + c3 + 0 + 0 + 0) = j=0 (c0 + c1 + c3 ) 6 X c8 = hj c8−7+j = +(h0 c1 + h1 c2 + h2 c3 + · · · + h6 c7 ) = (c1 + c2 + c4 ) j=0 similarly we do for all other bits. 4.3 Idempotent and multipliers An element e of a ring satisfying e2 = e is called an idempotent. each cyclic code in Rn = fq [x]/h xn − 1h contains a unique idempotent which generates the ideal. This idempotent is called the generating idempotent of the cyclic code. Definition 4.3.1. the unity in a ring is (anon zero) multiplicative identity in the ring. Example 4.3.1. e(x) = x3 + x5 + x6 ∈ R7 over F2 [x] =⇒ e2 (x) = (x3 + x5 + x6 )2 = x3 + x5 + x6 . ∴ e(x) is an idempotent in R7 . Example 4.3.2. The generating idempotent for the zero cyclic code {0} is 0, while that for the cyclic code Rn is 1. Theorem 4.3.1. Let C be a cyclic code in Rn . Then: (i) there exists a unique idempotent e(x) ∈ C such that C = he(x)i, and 87 (ii) if e(x) is a nonzero idempotent in C, then C = he(x)i if and only if e(x) is a unity of C. Proof. If C is the zero code, then the idempotent is the zero polynomial and (i) is clear. To prove (ii). Assume C is nonzero cyclic code. Suppose that e(x) is a unity, then he(x)i ⊆ C as C is an ideal....(1) . If c(x) ∈ C, then c(x)e(x) = c(x) ∈ C =⇒ c(x) ∈ he(x)i =⇒ C ⊆ he(x)i...(2). From (1) and (2), we have C = he(x)i. Conversely, suppose that e(x) 6= 0 idempotent such that C = he(x)i. Then every element c(x) ∈ C can be written in the form c(x) = f (x)e(x). but c(x)e(x) = f (x)(e(x))2 = f (x)e(x) = c(x) implying e(x) is a unity for C. To prove (i). As C is nonzero by part (ii), if e1 (x) and e2 (x) are generating idempotents, then both are unities and e( x) = e2 (x)e1 (x) = e2 (x) =⇒ e1 (x) = e2 (x). So the generating idempotent is unique. To prove the existence of generating idempotent. If g(x) is the generator polynomial for C, then g(x)|xn − 1, by theorem 4.2.1, let h(x) = xn −1 . g(x) Thus gcd(g(x), h(x)) = 1 in Fq [x] because xn − 1 has distinct roots. Now by Euclidean algorithm there exist polynomials a(x), b(x) ∈ Fq [x], so that a(x)g(x) + b(x)h(x) = 1. Let e(x) ≡ a(x)g(x)(mod xn − 1); that is e(x) is the coset representative of e(x) = a(x)g(x) + (xn − 1) ∈ Rn . Then (e(x))2 ≡ a(x)g(x)(1 − b(x)h(x)) ≡ a(x)g(x) − a(x)g(x)b(x)h(x) ≡ a(x)g(x) ≡ e(x)(mod xn − 1), (because g(x)h(x) = xn − 1). Also if c(x) ∈ C, then c(x) = f (x)g(x) implying c(x)e(x) ≡ f (x)g(x)(1 − b(x)h(x)) ≡ f (x)g(x) − f (x)g(x)b(x)h(x) ≡ f (x)g(x) ≡ c(x)(mod xn − 1). So e(x) is a unity in C and (i) follows from (ii). Remark 4.3.1. to find the generating idempotent e(x) for a cyclic code C from the generator polynomial g(x) is to solve 1 = a(x)g(x) + b(x)h(x) for a(x) using the Euclidean algorithm, where h(x) = xn −1 . g(x) Then reducing a(x)g(x) modulo xn − 1 produces e(x). Theorem 4.3.2. Let C be a cyclic code over Fq with generating idempotent e(x). Then the generator polynomial of C is g(x) = gcd(e(x), xn − 1) computed in Fq [x]. 88 Proof. Let d(x) = gcd(e(x), xn − 1) in Fq [x], and let g(x) be the generator polynomial for C. As d(x)|e(x) =⇒ e(x) = d(x)k(x) implying that every element of C = he(x)i is also a multiple of d(x), thus C ⊆ hd(x)i....(1). By theorem 4.2.1 in Fq [x], g(x)|xn − 1 and g(x)|e(x) as e(x) ∈ C =⇒ g(x)| gcd(e(x), xn − 1) =⇒ g(x)|d(x) =⇒ d(x) = g(x)l(x) =⇒ d(x) ∈ C. Thus hd(x)i ⊆ C...(2). From (1) and (2) C = hd(x)i. Since d(x) is a monic divisor of xn − 1 generating C =⇒ d(x) = g(x) by corollary 4.2.2 Example 4.3.3. the following table gives all the cyclic codes Ci of length 7 over f2 together with their generator polynomials gi (x) and their generating idempotents e(x). i dim gi (x) ei (x) 0 0 1 + x7 0 1 1 1 + x + x2 + x3 + x4 + x5 + x6 1 + x + x2 + x3 + x4 + x5 + x6 2 3 1 + x2 + x3 + x4 1 + x3 + x5 + x 6 3 3 1 + x + x2 + x4 1 + x + x2 + x4 4 4 1 + x + x3 x + x2 + x4 5 4 1 + x2 + x3 x3 + x5 + x6 6 6 1+x x + x2 + x3 + x4 + x5 + x6 7 7 1 1 To find e1 (x) if g(x) = 1 + x + x2 + x3 + x4 + x5 + x6 we first find h(x) = x7 +1 g(x) = x + 1. Then we form the equation 1 = a(x)b(x) + b(x)h(x) by using Euclidean algorithm, we divide g(x) by h(x) we get g(x) = (x + 1)(x5 + x3 + x) + 1, then 1 = 1 · g(x) + (x + 1)(x5 + x3 + x), where b(x) = (x5 + x3 + x) and a(x) = 1 ∴ e(x) = 1 · g(x) = 1 + x + x2 + x3 + x4 + x5 + x6 . Theorem 4.3.3. Let C be an [n, k] cyclic code with generating idempotent e(x) = n−1 X i=0 89 e i xi . Then the k × n matrix e0 e1 e2 · · · en−2 en−1 en−1 e0 e1 · · · en−3 en−2 .. . . . . . . . . . . . . . . . . en−k+1 en−k+2 · · · · · · en−k−1 en−k is a generator matrix for C. Proof. The matrix is equivalent to {e(x), xe(x), · · · , xk−1 e(x)}. The basis of C. Therefore it suffices to show that a(x) ∈ Fq [x] has degree less than k such that a(x)e(x) = 0 then a(x) = 0. Let g(x) be the generator polynomial for C. If a(x)e(x) = 0, then 0 = a(x)e(x)g(x) = a(x)g(x) as e(x) is the unity of C, contradiction to theorem 4.2.1(v). Definition 4.3.2. If C1 and C2 are codes of length n over Fq , then C1 + C2 = {c1 + c2 |c1 ∈ C1 and c2 ∈ C2 } is the sum of C1 and C2 . Both the sum of and intersection of two cyclic codes are cyclic. Theorem 4.3.4. Let Ci be a cyclic code of length n over Fq with generator polynomial gi (x) and generating ei (x) for i = 0 and 2. Then (i) C1 ∩ C2 has generator polynomial lcm(g1 (x), g2 (x)) and generating idempotent e1 (x)e2 (x), and (ii) C1 +C2 has generator polynomial gcd(g1 (x), g2 (x)) and generating idempotent e1 (x)+ e2 (x) − e1 (x)e2 (x). Proof. (i) Let l(x) = lcm(g1 (x), g2 (x)) =⇒ g1 (x)|l(x), g2 (x)|l(x) =⇒ e(x) = g1 (x)k1 (x), l(x) = g2 (x)k2 (x) =⇒ e(x) ∈ C1 and l(x) ∈ C2 , since C1 ∩ C2 is cyclic, then hl(x)i ⊆ C1 ∩ C2 ....(1) Let l0 (x) ∈ C1 ∩C2 =⇒ l0 (x) ∈ C1 , l0 (x) ∈ C2 =⇒ l0 (x) = g1 (x)f1 (x), l0 (x) = g2 (x)f2 (x) =⇒ g1 |l0 and g2 (x)|l0 (x) =⇒ l0 is a common multiple =⇒ l(x)|l0 (x) =⇒ hl0 (x)i ⊆ hl(x)i =⇒ C1 ∩ C2 ⊆ hl(x)i....(2) From (1) and (2) we have C1 ∩C2 = lcm(g1 (x), g2 (x)), since g1 (x)|xn −1 and g2 (x)|xn −1 =⇒ l(x)|xn − 1 =⇒ l(x) is a monic polynomial and generates C1 ∩ C2 . 90 If c(x) ∈ C1 ∩ C2 =⇒ c(x) ∈ C1 , c(x) ∈ C2 and c(x)(e1 (x)e2 (x) = c(x)e2 (x) = c(x) =⇒ e1 e2 ∈ C1 ∩ C2 and e1 e2 is the unity generator idempotent of C1 ∩ C2 . (ii) Let g(x) = gcd(g1 (x), g2 (x)) It follows from the Euclidean algorithm that g(x) = g1 (x)a(x) + g2 (x)b(x) for some a(x) and b(x) in Fq [x]. So g1 (x) ∈ C1 + C2 . Since C1 + C2 is cyclic, hg(x)i ⊆ C1 + C2 . On other hand g(x)|g1 (x), which shows that C1 ⊆ hg(x)i, simillarly C2 ⊆ hg(x)i implying that C1 + C2 ⊆ hg(x)i. So C1 + C2 = hg(x)i. Since g(x)|xn − 1 as g(x)|g1 (x) and g(x) is monic, g(x) is the generator polynomial for C1 + C2 . If c(x) = c1 (x) + c2 (x) where ci (x) ∈ Ci for i = 1 and 2, then c(x)(e1 (x) + e2 (x) − e1 (x)e2 (x)) = c1 (x) + c1 (x)e2 (x) − c1 (x)e2 (x) + c2 (x)e1 (x) + c2 (x) − c2 (x)e1 (x) = c(x). Thus (ii) follows, since e1 (x) + e2 (x) − e1 (x)e2 (x) ∈ C1 + C2 and (e1 + e2 − e1 e2 )2 = e1 + e2 − e1 e2 . Example 4.3.4. If e1 (x) and e2 (x) are idempotents, so e1 (x)e2 (x), e( x)+e( x)−e1 (x)e2 (x) and 1 − e1 (x). Solution: (e1 e2 )2 = e21 e22 = e1 e2 and (1 − e1 )2 = 1 − 2e1 + e21 = 1 − 2e1 + e1 = 1 − e1 . primitive idempotents: Let xn − 1 = f1 (x) · · · f2 (x), where f( x) is irreducible over Fq for 1 ≤ i ≤ s. Then fi (x)0 s are distinct as xn − 1 has distinct roots. Let fˆi (x) = xn −1 , fi (x) the ideals hfˆi (x)i of Rn are the minimal ideals of Rn . Definition 4.3.3. An ideal I in a ring R is a minimal ideal provided there is no proper ideal between {0} and I. The generating idempotent of hfˆi (x)i is êi (x) and is called the primitive idempotents of Rn . Theorem 4.3.5. The following hold in Rn . (i) The ideals hfˆi (x)i for 1 ≤ i ≤ s are all the minimal ideals of Rn . (ii) Rn is the vector space direct sum of hfˆi (x)i for 1 ≤ i ≤ s. (iii) If i 6= j, then êi (x)êj (x) = 0 in Rn . (iv) s X êi = 1 in Rn . i=1 91 (v) The only idempotents in hfˆi (x)i are 0 and êi (x). (vi) If e(x) is a non zero idempotent in Rn , then there is a subset T of {1, 2, · · · , s} such X X that e(x) = êi (x) and he(x)i = hfˆi (x)i. i∈C Proof. i∈C (i) Suppose that hfˆi (x)i is not a minimal ideal of Rn . So there is a generator polynomial g(x) of a nozero ideal properly contained in hfˆi (x)i such that fˆi (x)|g(x) g(x) 6= fˆi (x). As fˆi (x) is irreducible and g(x)|xn − 1, this is impossible, so hfˆi (x)i is minimal ideal. (ii) As {fˆi (x)| 1 ≤ i ≤ s} has no common irreducible factor of xn − 1 and each polynomial in the set divides xn − 1, gcd(fˆ1 (x), · · · , fˆs (x)) = 1. Applying the Euclidean s X algorithm inductively, 1 = ai (x)fˆi (x)......(1), for some ai (x) ∈ Fq [x]. So 1 is i=1 the sum ao the ideals hfˆi (x)i, which is itself an ideal of Rn . In any ring, the only ideal containing the identity of the ring is the ring itself. This proves that Rn is the vector space sum of the ideals hfˆi (x)i. To prove it is a direct sum, we must show X hfˆj i = {0}, for 1 ≤ i ≤ s. that hfˆi (x)i ∩ j6=i As fi (x)|fˆj (x) for j 6= i, fj (x) - fˆj (x), and the irreducible factors of xn − 1 are distinct, we conclude that fi (x) = gcd{fˆj (x)|1 ≤ j ≤ s, j 6= i}. Applying inducX hfˆj (x)i. So tion to the results of the previous theorem (ii) shows that hfi (x)i = hfˆi i ∩ X j6=i hfˆj (x)i = hfˆi (x)i ∩ hfi (x)i = hlcm(fˆi (x), fi (x))i = hxn − 1i = {0} (by j6=i theorem 4.3.7) Then part (ii) is completed. To complete the proof of part (i). Let M = hm(x)i be any minimal ideal of Rn . s X As 0 6= m(x) = m(x) · 1 = m(x)ai (x)fˆi (x), by (1) there is an i such that i=1 m(x)ai (x)fˆi (x) 6= 0. Hence M ∩ hfˆi (x)i 6= {0} as m(x)ai (x)fˆi (x) ∈ M ∩ hfˆi (x)i, and therefore M = hfˆi (x)i by minimality of M and hfˆi (x)i. Thus complets the proof of (i). (iii) If i 6= j, êi (x)êj (x) ∈ hfˆi (x)i ∩ hfˆj (x)i = {0} by (ii) we have êi êj = 0 in Rn . 92 (iv) By using (iii) and applying induction to theorem 4.3.7 (ii), s X êi (x) is the generating i=1 s X idempotent of hfˆi (x)i = Rn , by part (ii). The generating idempotent of Rn is 1. i=1 (v) If e(x) is a nonzero idempotent in hfˆi (x)i, then he(x)i is an ideal contained in hfˆ( x)i. By minimality as e(x) is nonzero, hfˆi (x)i = he(x)i, implying that e(x) = êi (x) as both are the unique unity of hfˆi (x)i. (vi) Note that e(x)êi (x) is an idempotent in hfˆi (x)i. Thus either e(x)êi (x) = 0 or êi (x) s X by (v). Let T = {i|e(x)êi (x) 6= 0}. Then by (iv), e(x) = e(x) · 1 = e(x) êi (x) = s X i=1 e(x)êi (x) = X i=1 X X ê( x). Furthermore he(x)i = h êi (x)i = hêi (x)i by theorem i∈T i∈T 4.3.7 (ii) and induction. i∈T Theorem 4.3.6. Let M be a minimal ideal of Rn . Then M is an extension field of Fq . Proof. We will show that every nonzero element in M has a multiplicative invese in M. Let a(x) ∈ M with a(x) 6= 0. Then ha(x)i is a nonzero ideal of Rn contained in M, and hence ha(x)i = M. So e(x) is the unity of M, there is an element b(x) in Rn with a(x)b(x) = e(x). Now c(x) = b(x)e(x) ∈ M as e(x) ∈ M. Hence a(x)c(x) = e2 (x) = e(x). 4.4 Zeros of a cyclic code If t = ordn (q), then Fqt is a splitting field of xn − 1, so Fqt contains a primitive nth root of i n unity α, and xn − 1 = Πn−1 i=0 (x − α ) is the factorization of x − 1 into linear factors over Fqt . Furthermore xn − 1 = Πs Mαs (x) is the factorization of xn − 1 into irreducible factors over Fq , where s runs through a set of representatives of q− cyclotomic cosets modulo n. Let C be a cyclic code in Rn with generator polynomial g(x). Then g(x) = Πs Mαs (x) = Πs Πi∈Cs (x − αi ), where s runs through some subset of representatives of q− cyclotomic 93 cosets Cs modulo n. Let T = ∪s Cs be the union of these q− cyclotomic cosets. The roots of unity Z = {αi |i ∈ T } are called the zeros of the cyclic code C and {αi |i 6∈ T } are nonzeros of C. The set T is called defining set of C. It follows that c(x) belomgs to C if and only if c(αi ) = 0 for each i ∈ T (because c(x) = g(x)f (x) where f (x) ∈ Fq (x) and deg f (x) < k). Note The set T where T = ∪s Cs and hence either the set of zeros or the set of nonzeros, completely determines the generator polynimial g(x), and since |T | = deg g(x), then dim C = n − |T |. Example 4.4.1. In the following table we give, generator polynomial gi (x) and generating idempotents ei (x) for all the cyclic codes Ci of length 7 over F2 and we add in the table the defining sets of each code relative to the primitive root α given in example 4.3.4. i dim gi (x) ei (x) Defining set 0 0 1 + x7 0 {0, 1, 2, 3, 4, 5, 6} 1 1 1 + x + x2 + x3 + x4 + x5 + x 6 1 + x + x2 + x3 + x4 + x5 + x6 {1, 2, 3, 4, 5, 6} 2 3 1 + x2 + x3 + x4 1 + x3 + x5 + x6 {0, 1, 2, 4} 3 3 1 + x + x2 + x4 1 + x + x2 + x4 {0, 3, 5, 6} 4 4 1 + x + x3 x + x2 + x4 {1, 2, 4} 5 4 1 + x2 + x3 x3 + x5 + x6 {3, 5, 6} 6 6 1+x x + x 2 + x3 + x4 + x5 + x6 {0} 7 7 1 1 ∅ α0 , α = α, α2 = α2 , α3 = α + 1, α4 = α2 + α, α5 = α2 + α + 1, α6 = α2 + 1 Exercise: What would be the defining sets of each of the codes in the above example if the primitive root β = α3 were used to determine the defining set rather than α?. Solution:If β = α3 is a primitive 7 th root of unity then the defining sets for the a bove 94 codes is given in the following table i dim gi (x) Defining set 0 0 1 + x7 {0, 1, 2, 3, 4, 5, 6} 1 1 1 + x + x2 + x3 + x4 + x5 + x6 {1, 2, 3, 4, 5, 6} 2 3 1 + x2 + x3 + x4 {0, 3, 5, 6} 3 3 1 + x + x2 + x4 {0, 1, 2, 4} 4 4 1 + x2 + x3 {1, 2, 4} 5 4 1 + x + x3 {3, 5, 6} 6 6 1+x {0} 7 7 1 ∅ To explaine the code C5 . Since the generator polynomial g(x) = 1 + x + x3 , then β = α3 is a primitive 7−th root of unity, then the roots of the cyclic code are (α3 )3 = α2 , (α3 )5 = α, (α3 )6 = α4 , becuase g(α2 ) = 1 + α2 + α6 = 1 + α2 + 1 + α2 = 0, g(α) = 1 + α + α3 = 1 + α + α + 1 = 0, g(α4 ) = 1 + α4 + α12 = 1 + α2 + α + α5 = 1 + α2 + α + α2 + α + 1 = 0, Or g(x) = (x − α2 )(x − α)(x − α4 ) = 1 + x + x3 . Theorem 4.4.1. Let α be a primitive nth root of unity in some extension field of Fq . Let C be a cyclic code of length n over fq with defining set T and generator polynomial g(x). The following hold. (i) T is a union of q-cyclotomic cosets modulo n. ((ii) g(x) = Πi∈T (x − αi ). ((iii) c(x) ∈ Rn is in C if and only if c(αi ) = 0 for all i ∈ T . (iv) The dimension of C is n − |T |. For a cyclic code C in Rn , there are in general many polynomials r(x) ∈ Rn such that C = h r(x)i. However by theorem 4.2.1 and its corollary, there is exactly one such 95 polynomial, namely the monic polynomial in C of minimal degree, which also divides xn −1 and which we call the generator polynomial of C. in the next theorem we characterize all polynomials r(x) which generates C. Theorem 4.4.2. Let C be a cyclic code of length n over Fq with generator polynomial g(x). Let v(x) be a polynomial in Rn . (i) C = hv(x)i if and only if gcd(v(x), xn − 1) = g(x). (ii) v(x) generates C if and only if the nth roots of unity which are zeros of v(x) are precisely the zeros of C. Proof. (i)Let g(x) = gcd(v(x), xn − 1) =⇒ g(x)|v(x), so multiples of v(x) are multiples of g(x) in Rn and so hv(x)i ⊆ C = hg(x)i....(1). By the Euclidean algorithm there exist polynomials a(x) and b(x) in Fq [x] such that g(x) = a(x)v(x) + b(x)(xn − 1). Hence g(x) = a(x)v(x) in Rn and so multiples of g(x) are multiples of v(x) in Rn implying, h v(x)i ⊇ C = hg(x)i....(2). So from (1) and (2) we have C = hv(x)i. Convesely, assume that C = hv(x)i. Let d(x) = gcd(v(x), xn − 1). As g(x)|v(x) and g(x)|xn − 1 =⇒ g(x)|d(x). As g(x) ∈ C = hv(x)i, so there exist a(x) such that g(x) = a(x)v(x) ∈ Rn . So there exists b(x) such that g(x) = a(x)v(x)+b(x)(x6n−1) in Fq [x] =⇒ d(x)|g(x). Hence as both d(x) and g(x) are monic and divide each other d(x) = g(x). and (i) holds. (ii) As the only roots of both g(x) and xn −1 are nth roots of unity, g(x) = gcd(v(x), xn −1) if and only if the nth roots of unity which are zeros of v(x) are precisely the zeros of g(x), the latter are the zeros of C. 4.5 Meggitt decoding of cyclic codes There are several variations of Miggitt decoding; we will present two of them. Let C be an [n, k, d] cyclic code over Fq with generator polynomial g(x) of degree n − k; 96 C will correct t = b (d−1) c errors. Let c(x) ∈ C is transmitted and y(x) = c(x) + e(x) is 2 received, where e(x) = e0 + e1 x + · · · + en−1 x6n − 1 is the error vector with wt(e(x)) ≤ t. The Miggitt decoder stores syndromes of erroe patterns with coordinate n− in error. The first version of Meggitt decoding algorith described as foolws: By shifting y(x) at most n times, the decoder finds the error vector e(x) fromthe list and corrects the errors. In the second version, by shifting y(x) until an error appears in coordinate n − 1, the decoder findes the error in that coordinate, correct only that error, and then corrects errors in coordinates n − 2, n − 3, · · · , 1, 0 in that order by further shifting. For any vector v(x) ∈ Fq [x] let Rg(x) (v(x) be the unique remainder when v(x) is divided by g(x) according to the divison algorithm, that is Rg(x) )(v(x)) = r(x) where v(x) = g(x)f (x) + r(x) where r(x) = 0 or deg r(x) < n − k. The function Rg(x) (v(x)) satisfies the following properties, Theorem 4.5.1. With the preceding notation the following hold: (i) Rg(x) (av(x) + bv 0 (x)) = aRg(x) (v(x)) + bRg(x) (v 0 (x)) for all v(x), v 0 (x) ∈ Fq [x] and all a, b ∈ Fq . (ii) Rg(x) (v(x) + a(x)(xn − 1)) = Rg(x) (v(x)) (iii) Rg(x) (v(x)) = 0 if and only if v(x) mod (xn − 1) ∈ C. (iv) If c(x) ∈ C, then Rg(x) (c(x) + e(x)) = Rg(x) (e(x)) (v) If Rg(x) (e(x)) = Rg(x) (e0 (x)), where e(x) and e0 (x) each have weight at most t, then e(x) = e0 (x) (vi) Rg(x) (v(x)) = v(x) if deg v(x) < n − k. Proof. (i) Let r(x) = Rg(x) (v(x)), r0 (x) = Rg(x) (v 0 (x)) where v(x) = g(x)f (x) + r(x), v 0 (x) = g(x)f 0 (x) + r0 (x) with r(x) = 0 or deg r(x) < n − k, and r0 (x) = 0 or deg r0 (x) < n − k. r(x) = v(x) − g(x)f (x), r0 (x) = v 0 (x) − g(x)f 0 (x).. 97 ar(x) = av(x) − ag(x)f (x), br0 (x) = bv 0 (x) − bg(x)f 0 (x) ar(x) + br0 (x) = av(x) − ag(x)f (x) + bv 0 (x) − bg(x)f 0 (x) av(x) + bv 0 (x) = ag(x)f (x) + bg(x)f 0 (x) + ar(x) + br0 (x) = g(x)(af (x) + bf 0 (x) + ar(x) + br0 (x)), where deg ar(x) + br0 (x) < n − k or ar(x) + br0 (x) = 0 =⇒ Rg(x) (av(x)+bv 0 (x)) = ar(x)+br0 (x) = aRg(x) (v(x))+bRg(x) (v 0 (x)) for all v(x), r0 (x) ∈ Fq [x] and a, b ∈ Fq . (ii) Let v(x) = g(x)f (x) + r(x) where r(x) = 0 or deg r(x) < n − k. Rg(x) (v(x)) = r(x) = v(x) − g(x)f (x) since g(x) is a generator polynomial, then g(x)|xn − 1 =⇒ xn − 1 = k(x)g(x) =⇒ a(x)(xn − 1) = a(x)k(x)g(x) =⇒ v(x) + a(x)(xn − 1) = g(x)f (x) + r(x) + a(x)k(x)g(x) = g(x)[f (x) + a(x)k(x)] + r(x). r(x) = Rg(x) (v(x)) = Rg(x) (v(x) + a(x)(xn −)). (iii) If r(x) = Rg(x) (v(x)) = 0 =⇒ v(x) = g(x)f (x) =⇒ v(x)+a(x)(xn −1) ≡ g(x)f (x)+ a(x)k(x)g(x) = g(x)(f (x) + a(x)k(x)) ∈ C =⇒ v(x) mod (xn − 1) ∈ C. Convesely, if v(x)(mod xn − 1) ∈ C =⇒ v(x) + a(x)(xn − 1) ∈ C =⇒ Rg(x) (v(x)) = 0. (iv) If c(x) ∈ C, then Rg(x) (c(x)) = 0 and =⇒ Rg(x) (c(x))+Rg(x) (e(x)) = 0+Rg(x) (e(x)) (v) If Rg(x) (e(x)) = Rg(x) (e0 (x)) then there exists c(x) ∈ C such that Rg(x) (c(x) + e(x)) = Rg(x) (e(x)) and Rg(x) (c(x) + e0 (x)) = Rg(x) (e0 (x)) =⇒ Rg(x) (c(x) + e0 (x)) − Rg(x) (e0 (x)) = Rg(x) (e(x) − e0 (x)) = 0 =⇒ e(x) − e0 (x) mod (xn − 1) ∈ C where deg (e(x) − e0 (x) < n − k but g(x) is a unique monic polynomial of minimal degree n − k =⇒ e(x) − e0 (x) = 0 =⇒ e(x) − e0 (x). (vi) Rg(x) (v(x)) = v(x) if deg v(x) < n − k. If deg v(x) < n − k =⇒ v(x) = 0 · g(x) + v(x) =⇒ Rg(x) (v(x)) = v(x). Theorem 4.5.2. Let g(x) be a monic divisor of xn − 1 of degree n − k. If Rg(x) (v(x)) = S(x), then Rg(x) (xv(x))mod (xn −1)) = Rg(x) (xS(x)) = xS(x)−g(x)Sn−k−1 , where Sn−k−1 is the coefficient of xn−k−1 in S(x). 98 Proof. By definition v(x) = g(x)f (x) + S(x) where S(x) = n−k−1 X Si xi . So xv(x) = i=0 xg(x)f (x) + xs(x) = xg(x) · f (x) + g(x)f1 (x) + S 0 (x), where S 0 (x) = Rg(x) (xS(x)). Also xv(x) mod (xn − 1) = xv(x) − (xn − 1)vn−1 . (Because xv(x) = v0 x + · · · + vn−1 xn =⇒ xv(x) (mod xn − 1) = xv(x) − (xn − 1). Thus xv(x) mod (xn − 1) = xg(x) + f (x)f1 (x) + S 0 (x) − (xn − 1)vn−1 = (xf (x) + f1 (x) − h(x)vn−1 )g(x) + s0 (x), where g(x)h(x) = xn · 1. Therefore Rg(x) (xv(x)) mod (xn −1) = s0 (x) = Rg(x) (xS(x)), because deg S 0 (x) < n−k = n−k−1 X deg g(x). As g(x) is monic of degree n − k and xS(x) Si xi+1 , the remainder when i=0 xS(x) is divided by g(x) is xS(x) − g(x)Sn−k−1 , (because xS(x) = S0 x + S1 x2 + · · · + Sn−k−1 xn−k ) = g(x)Sn−k−1 + Rg(x) (xS(x)) =⇒ Rg(x) (xS(x)) = xS(x) − g(x)Sn−k−1 . Definition 4.5.1. The weight of a polynomial is the number of nonzero coefficients. Definition 4.5.2. The syndrome S(v(x)) of v(x) is defined by S(v(x)) = Rg(x) (xn−k v(x)). Remark 4.5.1. If v(x) ∈ Rn , then S(v(x)) = 0 if and only if v(x) ∈ C. The first version of Meggitt decoding algorithm Step I: We find all the syndrome polynomials S(e(x)) of error patterns e(x) = n−1 X ei xi i=0 such that wt(e(x)) ≤ t and en−1 6= 0. Example 4.5.1. Let C be the [15, 7, 5] binary cyclic code with defining set T = {1, 2, 3, 4, 6, 8, 9, 12}. Let α be a 15th root of unity in F16 . Then g(x) = 1 + x4 + x6 + x7 + x8 is the generator polynomial of C and the syndrome of e(x) is S(e(x)) = Rg(x) (x8 e(x)). Step I produces the 99 following syndrome polynomials: e(x) S(e(x)) x14 x7 x13 + x14 x6 + x7 x12 + x14 x5 + x7 x11 + x14 x4 + x7 x10 + x14 x3 + x7 x9 + x14 x2 + x7 x8 + x14 x + x7 x7 + x14 1 + x7 x6 + x14 x3 + x 5 + x6 x5 + x14 x2 + x4 + x 5 + x6 + x7 x4 + x14 x + x3 + x4 + x5 + x7 x3 + x14 1 + x 2 + x3 + x4 + x7 x2 + x14 x + x2 + x5 + x6 x + x14 1 + x + x4 + x5 + x6 + x7 1 + x14 1 + x4 + x6 for example tp compute S(x12 + x14 ) = Rg(x) (x8 (x12 + x14 )) = Rg(x) (x20 + x22 ) = Rg(x) (x5 +x7 ) = x5 +x7 because deg x7 +x7 < 8 = deg g(x) also S(1+x14 ) = Rg(x) (x8 (1+ x14 )) = Rg(x) (x8 + x7 ) = Rg(x) (x8 ) + Rg(x) (x7 ) = (1 + x4 + x6 + x7 ) + x7 = 1 + x4 + x6 . For Rg(x) (x9 ) = Rg(x) (xx8 ) by theorem 4.6.2 we have Rg(x) (x9 ) = Rg(x) (x(1 + x4 + x6 + x7 )) = Rg(x) (x + x5 + x7 + x8 ) = Rg(x) (x + x5 + x7 + 1 + x4 + x6 + x7 ) = Rg(x) (1 + x + x4 + x5 + x6 ) = 1 + x + x4 + x5 + x6 . For S(x + x14 ) = Rg(x) (x8 (x + x14 ) = Rg(x) (x9 + x7 ) = Rg(x) (x9 ) + Rg(x) (x7 ) = 1 + x + x4 + x5 + x6 + x7 . Step II: Suppose that y(x) is the received vector, compute the syndrome S(y(x)) = Rg(x) (xn−k y(x)), since y(x) = x(x) + e(x), with c(x) ∈ C =⇒ S(y(x)) = S(c(x)) + S(e(x)) = 0 + s(e(x)). 100 Example 4.5.2. Let y(x) = 1 + x4 + x7 + x9 + x10 + x12 is received. Then S(y(x)) = x + x2 + x6 + x7 . Step III: If S(y(x)) is in the list computed in step I, then you know the error polynomial e(x) and this can be subtracted from y(x) to obtain the codeword c(x). If S(y(x)) is not in the list go on step (iv). Step iv: Compute the syndrome polynomial of xy(x), x2 y(x), · · · in succession until the syndrome polynomial is in the list from step I. If S(xi y(x)) is in the list and is associated with the error polynomial e0 (x), then the received vector is decoded as y(x) − xn−i e0 (x). The computation in step (iv) is most easily carried out using theorem 4.6.12 as n−k−1 X n−k Si xi , Rg(x) (x y(x)) = S(y(x)) = i=0 S(xy(x)) = Rg(x) (xn−k xy(x)) = Rg(x) (x(xn−k y(x))) = Rg(x) (xS(y(x))) = xS(y(x)) − Sn−k−1 g(x)....(1) We proceed in the same fashion to get the syndrome of x2 y(x) from that of xy(x). Example 4.5.3. From example 4.5.2 S(y(x)) = x + x2 + x6 + x7 , that S(xy(x)) = x(x + x2 + x6 + x7 ) − 1 · g(x) = x2 + x3 + x7 + x8 − (1 + x4 + x6 + x7 + x8 ) = 1 + x2 + x3 + x4 + x6 which is not in the list, from equation (1), we have, S(x2 y(x)) = x · S(xy(x)) − 0 · g(x) ∴ S(x2 y(x)) = x(1 + x2 + x3 + x4 + x6 ) − 0 = x + x3 + x4 + x5 + x7 , which is in the list, which corresponds to the error x4 + x14 =⇒ y(x) is decoded as y(x) − (x15−2 )(x4 + x14 ) = y(x) − (x17 + x27 ) = y(x) − (x2 + x15 ) = 1 + x4 + x7 + x9 + x10 + x12 − (x2 + x12 ) = 1 + x2 + x4 + x7 + x9 + x10 . Note: this codeword is (1 + x2 )g(x). 101