CS681 Computational Number Theory

Lecture 14: BCH Codes

Instructor: Piyush P Kurur Scribe: Ramprasad Saptharishi

Overview
We shall look a a special form of linear codes called cyclic codes. These
have very nice structures underlying them and we shall study BCH codes.

1 General Codes
Recall that a linear code C is just a subspace of Fnq . We saw last time that
by picking a basis of C we can construct what is known as a parity check
matrix H that is zero precisely at C.
Let us understand how the procedure works. Alice has a message, of
length k and she wishes to transmit across the channel. The channel is
unreliable and therefore both Alice and Bob first agree on some code C.
Now how does Alice convert her message into a code word in C? If Alice’s
message could be written as (x1 , x2 , · · · , xk ) where each xi ∈ Fq , then Alice
simply sends ki=1 xi bi which is a codeword.
P
Bob receives some y and he checks if Hy = 0. Assuming that they
choose a good distance code (the channel cannot alter one code into an-
other), if Bob finds that Hy = 0, then he knows that the message he received
was untampered with.
But what sort of errors can the channel give? Let us say that the channel
can change atmost t positions of the codeword. If x was sent and x0 was
received with atmost t changes between them, then the vector e = x0 −x can
be thought of as the error vector. And since we assumed that the channel
changed atmost t positions, the error vector can have weight atmost t.
This then means that Alice sent an x and Bob received x + e. Bob runs
the parity check matrix on x + e to get H(x + e) = Hx + He = He. The
quantity He is called the syndrome, which is just the evaluation of Bob’s re-
ceived message by the parity check matrix. If the syndrome is zero, Bob
knows that the received word is a valid codeword.

1
 Of course, in order to determine what the actual message was, Bob
needs to figure out what e is (for then he knows the message was x0 − e)
but recovering e from He is still a hard thing. It is not clear how this can be
done efficiently on a general setting.

2 Cyclic Codes
Definition 1. A cyclic code C is a linear code such that if (c0 , c1 , · · · , cn−1 ) is a
codeword, then so is (cn−1 , c0 , c1 , · · · , cn−2 ). To put it algebraically, the space of
codewords is invariant under cyclic shifts.
If course any codeword that is shifted by i places, to the left or the right,
will also be a codeword. In order to be able to see the strong structure
behind them, we need a different perspective on Fnq .

2.1 Codewords as Polynomials

Given a vector (c0 , c1 , · · · , cn−1 ), we can associate a polynomial naturally
which is c(X) = c0 + c1 X + · · · + cn−1 X n . This is just interpretting the
vector space Fnq as the additive group of the ring Fq [X]/(f (X)) where f is
a polynomial of degree n, since they are both isomorphic.
The ring picture has the extra multiplicative structure which is very
useful here. Suppose we have a codeword c = (c0 , · · · , cn−1 ), what can
we say about the codeword c0 = (cn−1 , c0 , · · · , cn−2 )? As a polynomial,
c = c0 + c1 X + · · · + cn−1 X n−1 and c0 = cn−1 + c0 X + · · · + cn−2 X n−1 .
So essentially we just took the polynomial c and multiplied by X. The last
term cn−1 X n , however, was changed to cn−1 . How do we achieve this? Do
the multiplication modulo X n − 1 which is just identifying X n by 1.
Thus, cyclic shifts is just multiplication of polynomials in Fq [X]/(X n −
1) by powers of X. With this observation, the following theorem summa-
rizes the strong underlying structure in cyclic codes.
Theorem 1. Any cyclic code C is an ideal of R = Fq [X]/(X n − 1). And con-
versely, every ideal is a cyclic code
Proof. Let us prove the easier converse first. Let f (X) ∈ R be an element
of the ideal C. Then it follows that for any polynomial a(X), a(X)f (X) ∈ C
and in particular X i f (X) ∈ C. But we already say that multiplying by pow-
ers of X was just shifting and therefore our code is also invariant under
shifts.

2
 The other direction is straightforward too. We want to show that given a
cyclic code C, for any code word f (X) and any polynomial a(X), a(X)f (X) ∈
C.

a(X)f (X) = (a0 + a1 X + · · · + an−1 X n−1 )f (X)

= a0 f (X) + a1 (Xf (X)) + · · · + an−1 (X n−1 f (X))
= a0 f0 (X) + a1 f1 (X) + · · · + an−1 fn−1 X X i f (X) is shifting
= f 0 (X) ∈ C

Suppose X n − 1 factorizes into irreducible polynomials over Fq , say

X n − 1 = g1 g2 · · · gk

Then it easy to check that infact all ideals of R are principle, of the form
g(X)R where g(X) is a factor of X n − 1. And hence, we have a simple
corollary to above theorem.
Corollary 2. Every cyclic code C is just the set of multiples of a single polynomial
g(X) ∈ R.
This polynomial is called the generator polynomial. Let us say we pick
a factor g(X) of X n − 1 and let its degree be d. What can we say about
the dimension of the code (g(X))? For this, we will need the rank-nullity
theorem.
Theorem 3 (Rank-Nullity). If T is a linear map from a between two vector spaces
V and W , then rank(T ) + nullity(T ) = dim V where rank(T ) is defined to be the
dimension of the image of V and nullity the dimension of the kernel.
Now look at the map φ : R −→ R/(g(X)). This, being a homomor-
phism of rings will also be a linear map on the additive groups which are
vector spaces. The dimension of R is n and the dimension of the image,
which is R/(g(X)), is d. And therefore, the dimension of the kernel which
is C = (g(X)) is n − d.

What about the parity check matrix? That is extremely simple here.
Since the ideal is generated by a single polynomial g(X), we just need to
check if any given polynomial is in the code or not by just checking if g
divides it. Thus, just the modulo operation is the parity check. This can be
written as a matrix as well but the idea is clear.

3
3 BCH Codes
BCH1 codes is an example of a cyclic code that is widely studied in coding
theory. In order to get a cyclic code, we just need to get the generating
polynomial of that code.
Instead of asking for the polynomial in terms of the coefficient, what if
we identify the polynomial by the roots instead? This is the general idea of
a BCH code.

We are working in a vector space of dimension n over Fq and identifying

cyclic codes as ideals of R = Fq [X]/(X n − 1). Let us further impose the
constraint that the roots of X n − 1 are distinct by making sure gcd(n, q) = 1
so that the derivative is non-zero.
Let ζ be a primitive n-th root of unity in R and look at the set ζ, ζ 2 , · · · , ζ d


where d < φ(n) (to prevent some ζ i = ζ j )2 . Now we ask for the smallest
degree polynomial g that has ζ i as a root for 1 ≤ i ≤ d. This polynomial is
going to be our generating polynomial for the cyclic code.

The parity check matrix of a BCH code is pretty simple. Note that if
c(X) ∈ C, then c(X) is a multiple of g(X) and in particular c(X) will also
have the ζ i as roots. And therefore, all we need to check is if c(ζ i ) = 0
for all 1 ≤ i ≤ d. Now interpretting c(X) as a vector (c0 , c1 , · · · , cn−1 ) of
coefficients, the parity check reduces to the following matrix multiplication.

ζ2 ··· ζ n−1
    
1 ζ c0 0
 1 ζ 2 (ζ 2 )2 · · · ζ 2 n−1   c1   0 
  ..  =  .. 
    
 . . . . .
.
 . . . .
. . . .
.  .   . 
1 ζ d (ζ d )2 · · · (ζ d )n−1 cn−1 0
Note that the parity check matrix H is a (n − d) × d matrix.

3.1 Distance of a BCH Code

Suppose g(X) is the generating polynomial for the set being the first d pow-
ers of ζ, what can we say about the distance of the cyclic code (g(X))?

Theorem 4. A BCH code obtained by considering the first d powers of ζ has

distance d + 1.
1
Bose, Ray-Chaudhuri, Hocquenghem
2
why won’t d < n suffice?

4
Proof. We would like to show that the minimum weight of the code C =
(g(X)) has to be atleast d + 1. Suppose not, then there is a codeword c such
that the weight of c is less than or equal to d. Then this polynomial has
atmost d positions with non-zero entries. Let us denote those coefficients
by {ci1 , ci2 , · · · , cid } and say in increasing order of indices.
We just need to check that for each 1 ≤ k ≤ d
d
X
cij (ζ k )ij = 0
j=1

But the above equation corresponds to the following matrix product

ζ i1 ζ i2 ζ id
    
··· ci1 0
 (ζ i1 )2 (ζ i2 )2 · · · (ζ id )2   ci   0 
 2   
  ..  =  .. 

 .. .. .. ..
 . . . .  .   . 
(ζ i1 )d (ζ i2 )d · · · (ζ id )d cid 0

Note that the d × d matrix is essentially in the form of a vandermonde

matrix:  
1 1 ··· 1
 x1
 x2 · · · xn 

 x2 x 2 · · · x2n 
 1 2 
 .. .. .. .. 
 . . . . 
xn−1
1 xn−1
2 · · · xn−1
n
Q
and it is well known that the determinant of this matrix is i<j (xi − xj )
and therefore non-zero if each xi is distinct as in our case of ζ ij . Therefore,
Hc = 0 and H being invertible forces that c has to be the zero vector as
well!
Therefore, the only codeword that can have weight less than or equal to
d is the zero vector. And therefore the minweight of the BCH code is atleast
d + 1.

Now that we have this, we can use ζ, ζ 2 , · · · , ζ d−1 to get a guarantee

that our code has distance atleast d. This is called the designed distance of
the BCH code. Note that the actual distance you could be larger than d. We
just have a guarantee that it is atleast d but the could potentially give you
codes of larger distance. There are examples of BCH codes with the actual
distance larger than the designed distance.