Coding Theory*

Mihai Prunescu„

* This is more or less a translation in English of some sections of the book Codierungstheorie from Wolfgang
Willems, published by de Gruyter, Berlin, New York, 1999.
„ University of Bucharest, Faculty of Mathematics and Informatics; and Simion Stoilow Institute of Mathematics
of the Romanian Academy, Research unit 5, P. O. Box 1-764, RO-014700 Bucharest, Romania.
[email protected], [email protected]

1
Contents

I Introduction 4

1 What is a code 5

2 Perfect codes 7

3 Linear codes 8

II Code constructions 10

4 Hamming and Simplex codes 11

5 Classic evaluation codes 12

6 Generalized Reed-Solomon codes 13

7 Binary Reed-Müller codes by Plotkin construction 14

8 Linear code mappings 15

9 Griesmer bound 17

10 Gilbert-Varshamov bound 18

III Duality 19

11 The dual code 20

12 The Golay codes 22

13 Trace and characters 23

14 Weight polynomial 24

15 Theorem of Prange 25

16 Equivalence of codes 25

17 Subfield codes 27

IV Cyclic codes 29

18 Codes as ideals 30

2
19 BCH codes 32

20 Newton’s Equations 35

21 Quadratic Rest codes 37

V Error correction and other topics 42

22 Classic Goppa codes 43

23 The Berlekamp-Welch algorithm 44

24 The Peterson-Gorenstein-Zierler algorithm 45

25 Error correction using Euclid’s algorithm 48

26 The Berlekamp-Masey algorithm 50

27 Unicity of the binary Golay code 52

28 Low density parity check codes 53

29 Exercises 55

3
Part I

Introduction

4
1 What is a code
Definition 1.1 Let F be a finite set with q = |F | elements. We call the set:

C ⊆ F n = {(u1 , . . . , un ) | ui ∈ F }, C 6= ∅,

a block code over the alphabet F .

A code consists of code-words. The number n is called length of C.

If q = 2 we speak about a binary code, and we take F = F2 . Also if q = 3 we have a ternary

code, and we take F = F3 . If |C| = 1 the code is called trivial. In general F = {0, 1, . . . , q − 1} is
identified with Zq . If q is a prime-power, q = pm with m ≥ 1, it is better to identify F with the
finite field Fq , which has a completely different structure than the ring Zq .

Definition 1.2 (R. W. Hamming, 1950) For u, v ∈ F n , we define the function:

d(u, v) = |{i | ui 6= vi }|,

called Hamming distance between u and v.

Theorem 1.3 The Hamming distance induces a structure of metric space over the set F n or over
the code C. With other words, the distance fulfills the following metric properties:

1. d(u, v) ≥ 0 and d(u, v) = 0 ↔ u = v.

2. d(u, v) = d(v, u).
3. Triangle inequality: d(u, v) ≤ d(u, w) + d(w, v).

Moreover, if F is an abelian group, then d is invariant under translations:

d(u + w, v + w) = d(u, v).

Proof: (1) and (2) are immediate. Proof of (3): If we transform u in w and then w in v, we do
more modifications as when we transform u in v, because some coordinates must be modified two
times. Proof of the invariance under translations:

ui 6= vi ↔ ui + wi 6= vi + wi .

Definition 1.4 The set:

Br (u) = {v | v ∈ F n , d(u, v) ≤ r}
is called ball of center u and radius r.

Lemma 1.5 If |F | = q and r ≥ 0 then for all u ∈ F n , one has:

r  
X n
|Br (u)| = (q − 1)j .
j=0
j

Proof: It follows directly from the following remark:

 
n n
|{v | v ∈ F , d(u, v) = j}| = (q − 1)j .
j
2

5
Definition 1.6 The code C is t-error recognizing if for all c ∈ C,

Bt (c) ∩ C = {c}.

Definition 1.7 The code C is e-error correcting if for all c, c0 ∈ C with c 6= c0 ,

Be (c) ∩ Be (c0 ) = ∅.

Definition 1.8 The code C has the minimal distance:

d(C) = min{d(c, c0 ) | c 6= c0 ; c, c0 ∈ C}.

Definition 1.9 If the code C ⊂ F n has the minimal distance d = d(C) and has M = |C| elements,
we say that C is a (n, M, d)-code over F .

Theorem 1.10 If C is a code and d = d(C) its minimal distance, then:

1. If d ≥ t + 1 then C is t-error recognizing.

2. If d ≥ 2e + 1 then C is e-error correcting.

2
Here are some examples of codes used in the every-day life.

Example 1.11 Repetition code of length n:

C = {(c, . . . , c) | c ∈ F }.
n−1
As d(C) = n, C is ≤ 2 -error correcting.

Example 1.12 Bank-account code. Take F = {0, 1, 2, . . . , 9}. Let Q(z) be the digit-sum of z.
We observe that z ; Q(2z) is a permutation of F . The code consists of all (c1 , . . . , cn ) such that:

cn + Q(2cn−1 ) + cn−2 + Q(2cn−3 ) + · · · = 0 mod 10.

The code is 1-error recognizing, but it recognizes also accidental transpositions of neighbor digits.

Example 1.13 ISBN-10 Code. F = {0, 1, 2, . . . , 9, X}. The code is a succession of blocks, repre-
senting the language, the editor house, the book, and a final check digit. Example:

0 − 387 − 96617 − X.

The rule is that 10z1 + 9z2 + · · · + 2z9 + z10 = 0 mod 11. Observe that as Z11 is a field, i ; iz is a
permutation for all z 6= 0. This code recognizes one false digit, but recognizes as well an accidental
transposition.

Example 1.14 EAN-13 Code. F = {0, 1, 2, . . . , 9}. The code-words have length 13, and the
condition is that:

c1 + 3c2 + c3 + 3c4 + · · · + c11 + 3c12 + c13 = 0 mod 10.

Again z ; 3z mod 10 is a permutation of F .

6
2 Perfect codes
Definition 2.1 A code C is called perfect if and only if there is an e ∈ N such that:
G
Fn = Be (c)
c∈C

is a disjoint union of balls.

Theorem 2.2 If |F | = q, C is a code of length n and d(C) ≥ 2e + 1 then the following inequality
holds. This is called Hamming bound.
e  
n
X n
q ≥ |C| (q − 1)j .
j=0
j

Moreover, the code C is perfect if and only if we have equality.

Proof: Let |F | = q, C is a code of length n and d(C) ≥ 2e + 1. We know that for c 6= c0 ,

Be (c) ∩ Be (c0 ) = ∅. Then:
e  
n n
[  X X n
q = |F | ≥  Be (c) =
 |Be (c)| = |C||Be (c)| = |C| (q − 1)j .
j=0
j
c∈C c∈C

2
n
We observe that trivial codes, F and repetition codes of length n = 2e + 1 are perfect.

Example 2.3 The (n, |C|, d) = (7, 24 , 3) Hamming Code. The code consists of all the tuples
(c1 , . . . , c7 ) ∈ F72 such that following equalities are fulfilled:

c1 + c4 + c6 + c7 = 0,
c2 + c4 + c5 + c7 = 0,
c3 + c5 + c6 + c7 = 0.

The code is a linear variety of dimension 4, so it contains |C| = 24 elements. We observe that F72
is an abelian group, so the Hamming distance is invariant under translations. It follows that:

d(C) = min{d(c, 0) | c 6= 0}.

We show now that d(C) ≥ 3. It is to show that every code word contains at least three digits
different from 0. Let c1 = 1. From the first equation, it follows that one of c4 , c6 or c7 is 1. From
the other two equations it follows now that one of c2 , c5 or c7 must be 1. The same happens also
if we start with another ci 6= 0.
Now we show that d(C) ≤ 3. Indeed the point c = (0, 0, 0, 1, 1, 1, 0) ∈ C, and it has d(c, 0) = 3.
So d(C) = 3. If we take e = 1 then d(C) ≥ 2 · 1 + 1 so C is 1-error correcting and 2-error
recognizing.
Moreover, C is perfect:
27 ≥ |C|(1 + n) = 24 (1 + 7) = 27 ,
so the Hamming bound condition is fulfilled.

Remark 2.4 Zinov’ev and Leont’ev, The nonexistence of perfect codes over Galois fields. Prob-
lems of control and information theory 2, 123 - 132, 1973, proved the following: If q is a prime
power, the only perfect codes are:

7
 k
−1 n−k
- The ( qq−1 ,q , 3) Hamming codes,
- The (23, 212 , 7) binary Golay code,
- The (11, 36 , 5) ternary Golay code.
If q is not a prime power, there are not known perfect codes and the problem is open.

The following result is called Singleton Bound Theorem.

Theorem 2.5 C code of length n over F with |F | = q. If d = d(C), then:

d ≤ n − logq |C| + 1.

Proof: Consider some projection α : F n → F n−d+1 , for example α(u1 , . . . , un ) = (u1 , . . . , un−d+1 ).
Because the minimal distance d(C) = d, α|C is an injection, so:

|C| = |α(C)| ≤ |F n−d+1 | = q n−d+1 .

This means that logq |C| ≤ n − d + 1, so d ≤ n − logq |C| + 1. 2

Definition 2.6 Codes C which satisfy:

d = n − logq |C| + 1

are called Maximum Distance Separable codes, shortly MDS-codes.

3 Linear codes
Definition 3.1 Let K be a finite field and C ≤ K n be a vector subspace. We call C linear code
over K. We speak about an:
[n, k, d]
code if k = dimK C and d = d(C).

Definition 3.2 The weight function wt : K n → N is defined as:

wt (u) = |{i | ui 6= 0}|.

For a linear code C we define:

wt (C) = min{wt (c) | 0 6= c ∈ C}.

The set {i | ui 6= 0} is called support of u and denoted supp (u). Shortly, wt (u) = |supp (u)|. For
a subset U ⊆ K n , [
supp (U ) = supp (u).
u∈U

We consider in general codes with supp (C) = {1, 2, . . . , n}.

Lemma 3.3 If C is a linear code, wt (C) = d(C).

Proof: If |C| = 1, there is nothing to prove. Else:

d(C) = min{d(c, c0 ) | c 6= c0 ; c, c0 ∈ C} = min{d(c − c0 , 0) | c 6= c0 ; c, c0 ∈ C} =

= min{wt (c) | c 6= 0, c ∈ C} = wt (C).

2

8
Remark 3.4 To save a linear code, it is enough to keep a basis instead of the whole code.

Definition 3.5 Let Mk×n (K) the set of matrices with k rows and n columns with elements in
K. If A ∈ Mk×n (K) then the transposed matrix AT ∈ Mn×k (K). We denote by rk A the rank of
A, which is the number of linear independent columns or the number of linear independent rows.

Definition 3.6 Let C be an [n, k]-code over K. A matrix G ∈ Mk×n (K) is a generating matrix
of C if we consider G : K k → K n by:

G(u) = uG = (u1 , . . . , uk )G,

and C = G(K k ) = Im(G) is the image of G. The rows of G form a basis for C. Then:

rk (G) = k = dimK (C).

Definition 3.7 Let C be an [n, k]-code over K. A matrix H ∈ M(n−k)×n (K) is a check matrix
for C if :
C = {u | u ∈ K n , HuT = 0} = Ker(H),
the code is the kernel of H. In this case:

rk (H) = n − dim Ker(H) = n − dim C = n − k.

Every subspace of dimension k is an intersection of n − k many hyperplanes, so there is always a

check matrix.
Maximum Likelihood and Syndrome Decoding. Let c̃ ∈ K n a received word, possibly
containing errors. We look for a c ∈ C such that f = c̃ − c ∈ c̃ + C has minimal weight. But:

H c̃T = H(f + c)T = Hf T + HcT = Hf T .

Definition 3.8 Hv T = sv ∈ K n−k is called the syndrome of v ∈ K n .

We observe that c̃ and f have the same syndrome.

For some equivalence class v + C ⊂ K n we find a representative fv ∈ v + C such that:

wt (fv ) = min{wt (v + c) | c ∈ C}.

So decoding works with c̃ ; c = c̃ − fc̃ . 2

Theorem 3.9 Let C be a nontrivial [n, k]-code over K and H its check matrix. Then:

d(C) = wt (C) = min{w | there are w many linear dependent columns in H} =

= max{w | any w − 1 many columns of H are linear independent}.

Proof: Let h1 , . . . , hn be the columns of H. As C 6= {0}, this family of vectors is linear dependent.
Let w ∈ N minimal such that there are w many linear dependent columns hi1 , . . . , hiw . So there
is a relation:
Xn
cj hj = 0,
j=1

with cj ∈ K and all ck 6= 0 if and only if k ∈ {i1 , . . . , iw }.

Choose c = (c1 , . . . , cn ). Then HcT = 0 so c ∈ C. But wt (c) = w so wt (C) ≤ w. Suppose there is
some 0 6= c̃ ∈ C with wt (c̃) < w. But H c̃T = 0, so there are < w many linear dependent columns
in H. Contradiction. 2

9
Part II

Code constructions

10
4 Hamming and Simplex codes
Let K be a finite field with q elements and k ≥ 2 a natural number.
The projective space of dimension k − 1 is the set:

Pk−1 (q) = {hui | 0 6= u = (u1 , . . . , uk )T , ui ∈ K}.

Here hui is the equivalence class of u for the equivalence relation defined as hui = hvi if and only
if ∃ λ ∈ K × , u = λv. The projective space has n elements, where:

qk − 1
n = |Pk−1 (q)| = .
q−1

If Pk−1 (q) = {hh1 i, . . . , hhn i}, we define:

H = (h1 , . . . , hn ) ∈ Mk×n (K).

Definition 4.1 We define a Hamming Code as the code C over K with check matrix H:

C = {c | c ∈ K n , HcT = 0} ≤ K n .

As rk (H) = k, dim C = n − k.
Every two columns of H are linear independent, but hh1 i, hh2 i and hh1 + h2 i are linear dependent.
So wt (C) = d(C) = 3.
So C has the parameters [n, n − k, 3], where n = (q k − 1)/(q − 1). As 3 ≥ 2 · 1 + 1, C is 1-error
correcting.
The fact that C is perfect follows from the sphere-packing equation:
[ qk − 1
B1 (c) = |C| |B1 (0)| = q n−k (1 + n(q − 1)) = q n−k 1 + (q − 1) = q n .



q−1
c∈C

For the Hamming code there is a special notation: Hamq (k).

Definition 4.2 We define a Simplex Code as the code C over K with generating matrix H:

C = {aH | a ∈ K k } ≤ K n .

Theorem 4.3 Let C be a Simplex code and c ∈ C \ {0}. Then wt (c) = q k−1 .

Proof: Let zi be the rows of H.

k
X k
X
0 6= c = (c1 , . . . , cn ) = ai zi = ai (zi1 , . . . , zin ) ∈ C.
i=1 i=1

k
X
T
U = {(b1 , . . . , bk ) | bi ∈ K, ai bi = 0}
i=1

is a (k − 1)-dimensional vector space and contains q k−1 elements. A number of (q k−1 − 1)/(q − 1)
of the columns hj of H are equivalent with elements of U . In fact:

cj = 0 ←→ ∃ b ∈ U ∃j hhj i = hbi.

11
In conclusion:
q k−1 − 1 q k − 1 q k−1 − 1
wt (c) = n − = − = q k−1 .
q−1 q−1 q−1
2
k−1 k−1
So the Hamming distance between two code-words is q , and the minimal distance is q as
well. So the Simplex Code is a
h qk − 1 i
, k, q k−1
q−1
code. For the Simplex Code one has the special notation Simq (k).

5 Classic evaluation codes

Let K be a field with q elements and 1 ≤ k ≤ n ≤ q. Recall that K[x] is the ring of polynomials
in variable x over K. Consider a set M ⊆ K with M = {a1 . . . . , an } with ai 6= aj for i 6= j. We
consider the following linear subspace of K n :
C = {(f (a1 ), . . . , f (an )) | f ∈ K[x], deg f < k}.
C is called classic Reed-Solomon code or RS-code, and is an evaluation code.
Because n ≥ k we can get back the coefficients of f from the code-word. So C has length n and
dimension k. Moreover, every code-word different from 0 has at least n − (k − 1) many coordinates
6= 0, so wt c ≥ n−k+1. For the polynomial f (x) = (x−a1 ) . . . (x−ak−1 ) we have wt cf = n−k+1.
So d(C) = n − k + 1 and the code is a [n, k, n − k + 1]-code.
For the classic Reed-Müller code (Reed, Müller, 1950, introduced independently in different arti-
cles), we present only the situation with K = F2 . Let K[x1 , . . . , xm ] be the polynomial ring in
variables x1 , . . . , xm over K. For a polynomial:
X
0 6= f = k(e1 ,...,em ) xe11 . . . xemm ∈ K[x1 , . . . , xm ],

we define deg f = max{e1 +· · ·+en | k(e1 ,...,em ) 6= 0}, and define deg 0 = −∞. If K m = {P1 , . . . , Pn }
- so n = 2m - we consider the evaluation:
f ; cf = (f (P1 ), . . . , f (Pn )) ∈ K n ,
where f (P ) = f (a1 , . . . , an ) for P = (a1 , . . . , an ). As the polynomials x and x2 define the same
function in K, we evaluate only polynomials like:
X
f= k(e1 ,...,em ) xe11 . . . xemm .
0≤ei ≤1

We stress the fact that the evaluation is done with the convention 00 = 1.
Let V be the vector space of these polynomials and for r ≤ m:
Vr = {f ∈ V | deg f ≤ r}.
Pr
and dim Vr = i=0 mi .


Then dim V = 2m

Definition 5.1 Let K = F2 and 0 ≤ r ≤ m. We define the Reed-Müller code of order r:

RM (r, m) = {(f (P1 ), . . . , f (Pn )) | f ∈ Vr }.

Theorem 5.2 The Reed-Müller code RM (r, m) is a linear code with parameters:
r  
h X m i
2m , , 2m−r .
j=0
j

12
Proof: The linearity and the length are trivial. The dimension of the code comes from the fact
that the evaluation is an injective morphism, like for the Reed-Solomon codes. So in the rest of
the proof we will compute the minimal distance.
The evaluation of the polynomial f (x1 , . . . , xm ) = x1 . . . xr has the weight 2m−r because this is
the number of vectors (x1 , . . . , xm ) that evaluate 1. Now we show that every polynomial f ∈ Vr
generates a code-word of weight ≥ 2m−r . This is done by induction. For m = 0, this is true.
Suppose that this is already true for RM (r, m − 1) for m ≥ 1 and all 0 ≤ r ≤ m − 1. We can write
f ∈ Vr as:
f = f (x1 , . . . , xm ) = g(x1 , . . . , xm−1 ) + h(x1 , . . . , xm−1 )xm .
Consider the cardinalities:
a = |{P = (∗, . . . , ∗, 0) | P ∈ K m , f (P ) 6= 0}|,
b = |{P = (∗, . . . , ∗, 1) | P ∈ K m , f (P ) 6= 0}|.
If h = 0, we get by induction a, b ≥ 2m−1−r so a + b ≥ 2m−r . If h 6= 0, we get by induction
a ≥ 2m−1−r if g 6= 0 and b ≥ 2m−1−r if g + h 6= 0. Finally if g = 0 or if g = −h then deg h ≤ r − 1
and by induction b ≥ 2(m−1)−(r−1) = 2m−r . 2

6 Generalized Reed-Solomon codes

Let K be a field with q elements, and 2 ≤ d ≤ n ≤ q. We fix values a = (a1 , . . . , an ) ∈ K n with
i 6= j → ai 6= aj and v = (v1 , . . . , vn ) ∈ K n such that all vi 6= 0.
One constructs the following matrix H ∈ M(d−1)×n (K):
 
v1 ... ... ... vn
 a1 v1 ... ... ... an vn 
 2
a2n vn

 a1 v1 ... ... ...
H= .

 .. .. .. .. .. 
 . . . . . 
ad−2
1 v1 ... ... ... and−2 vn
Q
Every (d−1)×(d−1) submatrix of H is regular, as it has the determinant vi1 . . . vid−1 i<j (aj −ai ).
We define the Generalized Reed-Solomon Code GRSd (a, v) as:
GRSd (a, v) = {c | c ∈ K n , HcT = 0}.

As all (d − 1) × (d − 1) minors are regular, d(GRSd (a, v)) = d. Also, this code has dimension
n − rk (H) = n − d + 1. So GRSd (a, v) is a code:
[n, n − d + 1, d].

Now recall that for finite fields K, the multiplicative group K × is cyclic. Let α be a generator of
this group. If v = a = (1, α, . . . , αq−2 ) we are dealing with a Reed-Solomon Code of dimension
q − d.

Definition 6.1 A code C is cyclic if for every c = (c1 , . . . , cn ) ∈ C, one has (cn , c1 , . . . , cn−1 ) ∈ C.

Theorem 6.2 A Reed-Solomon code is cyclic.

Proof: Let c = (c0 , . . . , cq−2 ) ∈ RSd . We see that:

q−2
X
ci αij = 0
i=0

13
for all j = 1, . . . , d − 1. So:
q−2
X q−2
X
0 = αj ci αij = ci α(i+1)j = cq−2 + c0 αj + · · · + cq−3 α(q−2)j
i=0 i=0

for j = 1, . . . , d − 1. So c0 = (cq−2 , c0 , . . . , cq−3 ) ∈ C.

7 Binary Reed-Müller codes by Plotkin construction

Put again K = F2 . We start with a method called Plotkin construction:

Lemma 7.1 For i = 1, 2 let Ci be [n, ki , di ] codes over K. Then:

C = C1 & C2 = {(c1 , c1 + c2 ) | c1 ∈ C1 , c2 ∈ C2 } ≤ K 2n

is a [2n, k1 + k2 , min(2d1 , d2 )]-code.

Proof: Consider α : C1 ⊕ C2 → C given by α(c1 , c2 ) = (c1 , c1 + c2 ). As this mapping is injective,

dim C = k1 + k2 . Now wt (c1 ) ≥ |supp (c1 ) ∩ supp (c2 )| so:

wt (c) = wt (c1 ) + wt (c1 + c2 ) ≥ wt (c1 ) + wt (c1 ) + wt (c2 )

−2 |supp (c1 ) ∩ supp (c2 )| ≥ wt (c2 ) ≥ d2 ,

if c2 6= 0. For c2 = 0, wt (c) = 2wt (c1 ) ≥ 2d1 . If one of c1 and c2 is 0 and the other one has
minimal weight, the minimum is also taken. 2
Let K = F2 = {0, 1} and r, m ∈ N, 0 ≤ r ≤ m.
Pr m


The binary Reed-Müller codes RM (r, m) are [2m , i=0 i , 2m−r ] inductively defined as follows:
RM (0, m) is the [2m , 1, 2m ] repetition code of length 2 . m
m
RM (m, m) = {0, 1}2 .
RM (r, m) = RM (r, m − 1) & RM (r − 1, m − 1) for 1 ≤ r ≤ m − 1.
So RM (r, m) has length 2m and minimal distance:

d = min(2 · 2m−1−r , 2m−1−(r−1) ) = 2m−r .

Its dimension can be inductively computed as well:

r   r−1   r−1 h   
X m−1 X m−1 X m−1 m−1 i
dim RM (r, m) = + =1+ + =
i=0
i i=0
i i=0
i+1 i

r−1   X r  
X m m
=1+ = .
i=0
i + 1 i=0
i

We observe also that always RM (r − 1, m) ⊂ RM (r, m) and that (1, 1, . . . , 1) ∈ RM (r, m).
RM (1, 5) is a [32, 6, 16]-code and was used by the Mariner Mars Mission 1969 - 1976. As 7 ≤
(d − 1)/2 = 15/2, so 7 errors per code-word could be corrected. The code-words encoded 26 = 64
different tones of grey for black and white pictures of high resolution.

14
8 Linear code mappings
Recall that GL(n, K) is the group of invertible square matrices with coefficients in K.

Definition 8.1 A matrix A ∈ GL(n, K) is an isometry according to the Hamming metric if for
all u, v ∈ K n , d(uA, vA) = d(u, v).

Let Iso(n, K) mean the set of these matrices, which are Hamming isometries. Iso(n, K) ≤
GL(n, K) is a subgroup. We observe that the group of permutations Sn can be also embed-
ded in GL(n, K), as follows. An element π ∈ Sn corresponds to the permutation matrix P (π),
where: (
1, i = πj,
P (π) = (pij ) =
0, else.

Definition 8.2 A matrix M is called monomial if it has the form:

M = Diag(a1 , . . . , an )P (π),

for some ai 6= 0 and some π ∈ Sn . The monomial matrices build the monomial group M (n, K).

Theorem 8.3 Iso(n, K) = M (n, K).

Proof: It is clear that M (n, K) ⊆ Iso(n, K). For the converse, consider an A ∈ Iso(n, K). When
acting on a standard basis vector ei = (0, . . . , 0, 1, 0, . . . , 0), 1 = wt (ei ) = wt (ei A), so ei A = ai ei0
with ai 6= 0 and such that (i ; i0 ) is a permutation π of {1, . . . , n}.
So A = Diag(a1 , . . . , an )P (π −1 ). 2

Definition 8.4 Consider the linear codes C, C 0 ≤ K n .

1. C and C 0 are equivalent codes, denoted C ' C 0 , if there is A ∈ M (n, K), CA = C 0 .

2. The automorphism group of C is the set:

Aut(C) = {A | A ∈ M (n, K), CA = C}.

3. Consider the mapping α : Aut(C) → Sn given by α(Diag(a1 , . . . , an )P (π)) = π. The group

of permutations of a code C is P er(C) = Im(α).

If we permute columns or rows of the check matrix H or of the generating matrix G, or if we

multiply them with scalars, we obtain equivalent codes.

Definition 8.5 Let C be an [n, k]-code over K.

1. The following code is called the extension of C:

n n+1
X o
Ĉ = (c1 , . . . , cn+1 ) | ci ∈ K, (c1 , . . . , cn ) ∈ C, ci = 0 .
i=1

Ĉ is an [n + 1, k]-code and d(C) ≤ d(Ĉ) ≤ d(C) + 1. Ĉ is recognised by the matrix:

 
1 1 ... 1 1
 0
Ĥ =  .
 H 0
0

15
 2. Let n ≥ 2 and 1 ≤ i ≤ n. The code:

Č = Či = {(c1 , . . . , ci−1 , ci+1 , . . . , cn ) | (c1 , . . . , ci−1 , 0, ci+1 , . . . , cn ) ∈ C}

is called truncation of C. If C has length n, Či is a [n−1, k−1]-code. Also, d(Č) ≥ d(C). The
check matrix Ȟ is the check matrix H without the column corresponding to the coordinate
which is truncated.
3. Let n ≥ 2 and 1 ≤ i ≤ n. The code:

C̊ = C̊i = {(c1 , . . . , ci−1 , ci+1 , . . . , cn ) | (c1 , . . . , ci−1 , ci , ci+1 , . . . , cn ) ∈ C}

is called punctuation of C.

Examples: If C is a binary code with odd d(C), then d(Ĉ) = d(C) + 1 because we have an even
number of ones in every code-word. In particular the extended binary Hamming code has minimal
distance 4.
If C = GRSd (a, v) then Ĉ = GRSd+1 (â, v̂) where â = (a, 0) and v̂ = (v, 1).
If C is an M DS-code, then a truncation of C is an M DS-code again. 2

Observation 8.6 A finite field K with q m elements is a vector space of dimension m over a
field K0 with q elements. So every n-code C over K is an mn-code C0 over K0 . If C is e-error
correcting, C0 can correct e groups of m many consecutive errors, which in a transmision are very
usual.

Observation 8.7 Given a [n, k, d]-code, by simple concatenation of t code-words in all possible
ways, one constructs a [tn, tk, d]-code named interleaving of the original code.

Definition 8.8 Let E be a set and U ≤ S(E) be a subgroup of its permutation group.

1. For some i ∈ E, Ui = {π | π ∈ U, πi = i} is the stabilizer of i in U .

2. U is called k-transitive on E if for every pair of ordered subsets (i1 , . . . , ik ) and (j1 , . . . , jk )
of E, there is a π ∈ U such that πit = jt for all t. For 1-transitive, we say just transitive.

If U is k-transitive, then:
(U is transitive over E) and (every stabilizer Ui is (k − 1)-transitive over E \ {i}).

Theorem 8.9 C is a code of length n over K.

1. If P er(C) is transitive, then all punctuated codes of C are equivalent.

2. If 0 6= C < K n and P er(C) is 2-transitive, then every diagonal automorphism of C has the
shape Diag(a, a, . . . , a).

Proof: (1) Take i ∈ {1, . . . , n − 1}. As P er(C) is transitive, there is a monomial matrix M =
P (π)Diag(a1 , . . . , an ) ∈ Aut(C) with πn = i. For every (c1 , . . . , cn ) ∈ C there is a (c̃1 , . . . , c̃n ) ∈ C
such that:
(c1 , . . . , cn ) = (c̃1 , . . . , c̃n )M = (a1 c̃π1 , . . . , an c̃πn ).
(c1 , . . . , cn−1 ) = (a1 c̃π1 , . . . , an−1 c̃π(n−1) ) =
= (c̃1 , . . . , c̃i−1 , c̃i+1 , c̃n )P (σ)Diag(a1 , . . . , an−1 ),
where σ ∈ Sn−1 is some permutation. So C̊n = C̊i P (σ)Diag(a1 , . . . , an−1 ).

16
(2) Take 0 6= c = (c1 , . . . , cn ) ∈ C with wt (c) minimal. If wt (c) = 1 then c is some ei and with
P er(C) transitive, all ei ∈ C and C = K n , which is a contradiction. So wt (c) ≥ 2. Suppose
that D = Diag(a1 , . . . , an ) ∈ Aut(C) with an 6= ai for some i. As P er(C) is 2-transitive, one can
suppose that ci 6= 0 and cn 6= 0. So:
an c − cD = ((an − a1 )c1 , . . . , (an − an−1 )cn−1 , 0) ∈ C.
But (an − ai ) 6= 0 and wt (can − cD) < wt (c), which is a contradiction to the minimality of wt (c).
So Diag(a, a, . . . , a) with a ∈ K × are the unique diagonal automorphisms of C. 2

Theorem 8.10 Up to a permutation of coordinates, every k-dimensional code C has a generating

matrix in systematic form:
G = (Ek | ∗).

Proof: Let G be the generating matrix of some [n, k]-code over K. As G has rank k, there
are k many columns of G, say si−1 , . . . , si−k ∈ (K k )T such that X = (si−1 , . . . , si−k ) is a
regular matrix. Choose π ∈ Sn such that GP (π) = (X | Y ). It follows that X −1 GP (π) =
(Ek | Z). Because K k X −1 G = K k G = C, the matrix X −1 G is a generating matrix for C. Also,
K k X −1 GP (π) = CP (π) = C 0 , a code obtained from C by permuting some coordinates, and the
matrix X −1 GP (π) = (Ek | Z) is the generating matrix for C 0 . 2

9 Griesmer bound
Theorem 9.1 Let K be a field with q elements and let C be a [n, k, d]-code over K. Then:
k−1
Xl dm
n≥ .
i=0
qi

Proof: Induction over k. The statement is correct for k = 0, 1. Let be k ≥ 2 and G be a

generating matrix for C. We can suppose that the first row of G is a code-word of minimal weight.
Moreover, by applying an equivalence of codes, we can suppose that:
   
1 ... 1 0 ... 0 z
G= = .
G1 G2 G1 G2
Here is G1 a (k − 1) × d matrix and G2 a (k − 1) × (n − d) matrix. We show first that the rank of
G2 is k − 1. (G1 | G2 ) can be taken in the following form:
 
a1 . . . ad 0 . . . 0
∗ ∗
using some elementary transformations. If a1 = a2 = · · · = ad , we get a contradiction with the
fact that G has rank k. So:
0 6= c = a1 z − (a1 , . . . , ad , 0, . . . , 0) ∈ C,
but this is a contradiction because wt (c) < d. So G2 is a generating matrix for a [n − d, k − 1, d2 ]-
code, that we call C2 . Consider now (u | v) some row of the matrix (G1 | G2 ) with u = (u1 , . . . , ud ).
For b ∈ K let nb = |{i | ui = b}|. For some a ∈ K is na = max(nb | b ∈ K). Clearly,
ldm
na ≥ .
q
But 0 6= (u | v) − az ∈ C and wt ((u | v) − az) ≥ d, and so:
ldm
wt (v) ≥ .
q

17
Over elementary transformations of (G1 | G2 ) we can reach every 0 6= v ∈ C2 . The induction
hypothesis reads now:
k−2
X l d2 m k−2 X l d m k−1 Xl d m
n−d≥ i
≥ i+1
= ,
i=0
q i=0
q i=1
qi
k−1 k−1
Xl d m l d m Xl d m
n≥ + 0 = .
i=1
qi q i=0
qi

0
m If there is a [n, k, d]-code over some field, then there is also a [n − d, k − 1, d ]-code
Corollaryl 9.2
with d0 ≥ dq .

Theorem 9.3 The binary Reed-Muller-codes RM (1, m) reach the Griesmer bound. Moreover,
they are uniquely determined by their parameters [2m , m + 1, 2m−1 ] up to code equivalence.

Proof: The Griesmer bound reads:

m l m−1 m
X 2
2m ≥ = 2m−1 + · · · + 2 + 1 + 1 = 2m .
i=0
2i

Second part remains as an exercise. 2

10 Gilbert-Varshamov bound
Theorem 10.1 Let K be a field with q elements and let n, k, d ∈ N with k ≤ n and
d−2  
n−k
X n−1
q > (q − 1)i .
i=0
i

0 0
Then there exists a [n, k, d ]-code with d ≥ d.

Proof: If k = n then d = 1 and the statement is true. So let k < n, V = K n−k , v1 , . . . vn−k be
a basis of V and suppose that we already found vectors vn−k+1 , . . . , vn−k+s ∈ V such that every
d − 1 elements in Vs = {v1 , . . . , vn−k+s } are linear independent. The number of vectors which can
be represented as linear combination of at most d − 2 many elements of Vs , is ≤
d−2  
X n−k+s
(q − 1)i .
i=0
i

If this sum is strictly smaller then q n−k , we can find vn−k+s+1 ∈ V \ hVs i such that every d − 1
vectors in:
Vs+1 = Vs ∪ {vn−k+s+1 }
are linear independent. Finally we get Vk = {v1 , . . . , vn }. We write those vectors as the columns
of a matrix H ∈ M(n−k)×n (K), so is H the check matrix of a [n, k, d0 ]-code with d0 ≥ d. 2

18
Part III

Duality

19
11 The dual code
Definition 11.1 Let K be some field and n ∈ N. The function h , i : K n × K n → K given by:
n
X
hu, vi = u i vi
i=1

defines a symmetric non-degenerated K-bilinear form over K n . For C ⊆ K n (code or just subset),

C ⊥ = {u ∈ K n | ∀ c ∈ C hu, ci = 0}

is the dual code to C. A code is called self-dual if C = C ⊥ and is called self-orthogonal if C ⊆ C ⊥ .

Theorem 11.2 Let C be a [n, k]-code over K. Then:

1. H is the check matrix for C if and only if H is the generating matrix for C ⊥ .
2. (Ek | A) is generating matrix for C if and only if (−AT | En−k ) is generating matrix for C ⊥ .

Proof: Let G be a generating matrix for C. Some (n − k) × n matrix H over K is a check matrix
for C if HGT = 0 and the rank of H is n − k. For the second statement, observe that:
 
Ek
T T T
(−A | En−k )(Ek | A) = (−A | En−k ) T = −AT + AT = 0.
A
2

Theorem 11.3 Let GRSd (a, v) be a generalized Reed-Solomon code over the field K with 2 ≤ d ≤
n ≤ q. Then there is a vector v 0 such that:

GRSd (a, v)⊥ = GRSn−d+2 (a, v 0 ).

This v 0 is determined up to a scalar multiple by the condition hv 0 i = GRSn (a, v).

If K has characteristic 2, and d ≥ (n + 2)/2 then there is v such that the code GRSd (a, v) is
self-orthogonal. If moreover n is even and d = (n + 2)/2, the code is self-dual.

Proof: Observe first that dim GRSn (a, v) = 1, because GRSd (a, v) is a [n, n − d + 1, d]-code. Take
a 0 6= v 0 = (v10 , . . . , vn0 ) such that:
   
1 ... 1  0
 0
 a1 v1 v1
. . . a n  . 

0
 
..   ..  =  ..  .

 ..
 . .  .
n−2 n−2 vn vn0
a1 . . . an 0

Suppose that vi0 = 0 for some i. We exclude the column i from the matrix and the component i in
both vectors. We get a square system of equations with non-singular matrix, so then all vj vj0 = 0,
so v 0 = 0, contradiction. It follows that all components of v 0 are different from 0. For 0 ≤ r ≤ d−2
and 0 ≤ s ≤ n − d we observe:
n
X n
X
ari vi asi vi0 = ar+s
i vi vi0 = 0.
i=1 i=1

This means that GRSd (a, v)⊥ ⊆ (GRSn−d+2 (a, v 0 )⊥ )⊥ ⊆ GRSn−d+2 (a, v 0 ). But they have both
dimension d − 1, so the sets are equal.

20
In order to determine v 0 , we consider the system:
   
1 ... 1   0
 a1 ... an  u 1 0
 
 .. ..   ..   .. 
 
 . .    = . .
 n−2  .  
a1 n−2 
. . . an un 0
an−1
1 . . . an−1
n 1

By Cramer’s Rule we get:

Qi,j6=k
(aj − ai )
Qi<j
Y
uk = (−1) n+k
= (ak − ai )−1 .
i<j (aj − ai )
i6=k

We can take vk0 = uk /vk .

Now, if K has characteristic 2, the Frobenius map x ; x2 is an automorphism of K so every
element in K is a square. So we can choose vk such that vk2 = uk for all k, and so v 0 = v. Then
for d ≥ (n + 2)/2:
GRSd (a, v) ⊆ GRSn−d+2 (a, v) = GRSd (a, v)⊥ ,
This means that GRSd (a, v) is self-orthogonal. If n is even and d = (n + 2)/2, GRSd (a, v) is
self-dual. 2

Theorem 11.4 Let C be a code of dimension ≥ 1.

C is an M DS-code if and only if C ⊥ is an M DS-code.

Proof: As (C ⊥ )⊥ = C, it is enough to prove only one direction. Suppose that n is the length of
C. Suppose there is an element 0 6= c⊥ ∈ C ⊥ with wt (c⊥ ) ≤ k. We can choose c⊥ as row in a
generating matrix G⊥ of C ⊥ . So there are n − k columns in G⊥ , which are linear dependent. But
d(C) = n − k + 1, so every n − k columns must be linear independent. This contradiction shows
that d(C ⊥ ) ≥ k + 1. By the singleton bound, we see that:

k + 1 ≤ d(C ⊥ ) ≤ n − (n − k) + 1 = k + 1,

so is C ⊥ an M DS-code. 2

Definition 11.5 Let r ∈ N, r > 1. A code C is r-divisible if for all c ∈ C, r | wt (c).

Lemma 11.6 If C is a self-orthogonal code over F2 or F3 , then C is 2-divisible, respectively

3-divisible. Moreover, in the first case (1, . . . , 1) ∈ C ⊥ .

Proof: Take some c = (c1 , . . . , cn ) ∈ C. Every ci ∈ {0, 1} for p = 2 or in {0, −1, 1} for p = 3. So
c2i = 1 if ci 6= 0 and
0 = hc, ci = wt (c) mod p.
Moreover for p = 2 and v = (1, . . . , 1),

hc, vi = wt (c) = 0,

so v ∈ C ⊥ . 2

Lemma 11.7 Let C be some binary code.

1. If C ⊆ C ⊥ and if C has a basis consisting of vectors, whose weights are all divisible by 4,
then C is 4-divisible.

21
 2. If C is 4-divisible, then C ⊆ C ⊥ .

Proof: Both follow from the remarks that:

hc, c0 i = |supp (c) ∩ supp (c0 )| mod 2,

wt (c + c0 ) = wt (c) + wt (c0 ) − 2|supp (c) ∩ supp (c0 )|.

2

12 The Golay codes

The following codes have been defined by Golay in 1949.

Definition 12.1 Gol(11) is the ternary code generated by the matrix G11 = (E6 | G) where:
 
0 1 −1 −1 1
1
 0 1 −1 −1 
−1 1 0 1 −1
G=  .
−1 −1 1 0 1
 1 −1 −1 1 0
1 1 1 1 1

For C = Gol(11) call Gol(12) = Ĉ its extension.

Theorem 12.2 Gol(12) is a self-dual [12, 6, 6]-code.

Proof: Gol(12) has length 12 and dimension 6. If we add to G11 the column:
 
−1
−1
 
−1
 ,
−1
 
−1
0

we get G12 , the generating matrix for Gol(12). Let z1 , . . . , z6 the rows of G12 . One verifies
that hzi , zj i = 0 for all pairs (i, j), including the cases i = j. So Gol(12) ⊆ Gol(12)⊥ . But
dim Gol(12)⊥ = 12 − dim Gol(12) = 12 − 6 = 6, Gol(12) = Gol(12)⊥ , so the code is self-dual.
We must show now that d(Gol(12)) = 6. We observe that G12 = (E6 | A6 ) and that G̃12 =
(−AT6 | E6 ) is also a generating matrix for Gol(12). Being self-orthogonal over F3 , Gol(12) is
3-divisible. Suppose now that there is some c ∈ Gol(12) with wt (c) = 3.
We know that wt (zi ) = 6 for all i, so c 6= zi . So is c a linear combination of 2 or 3 different zi .
If it is a linear combination of 2 different zi , in the last 6 coordinates has c exactly one which is
different from 0. If we now look to G̃12 , c has to be ± a row of this matrix. But all such rows have
weight 6. If it is a linear combination of 3 different zi , it must have 0 on all last 6 coordinates,
and this contradicts again G̃12 . As Gol(12) is 3-divisible and all zi have weight 6, it follows that
d(Gol(12)) = 6. 2

Theorem 12.3 Gol(11) is a perfect [11, 6, 5]-code.

22
Proof: It is immediate that the parameter are 11, 6 and 5. To show that it is perfect, compute:
    
[  11 11
311 ≥ | B2 (c)| = |Gol(11)| |B2 (0)| = 36 1 + ·2+ ·4 =
1 2
c∈Gol(11)

= 36 (1 + 22 + 220) = 36 · 35 = 311 .
2

Definition 12.4 Gol(23) is the binary code generated by the matrix G23 = (E12 | G), where the
rows of G are all the 11 rotations of the vector:
(1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0)
completed with a last row of ones. The code Gol(24) is the corresponding extension. They are
the binary Golay code and the extended binary Golay code.

It is a similar job to show that Gol(24) is a [24, 12, 8]-code self-dual and that Gol(23) is a [23, 12, 7]
perfect code.

13 Trace and characters

Let K ≤ E be an extension of finite fields. Let G be the Galois group of this extension. This is the
set of all automorphisms of E that fix K pointwise. We define the mapping Trace T rE/K : E → K
given as: X
T rE/K (a) = γ(a).
γ∈G

As the value T rE/K (a) remains fixed by all the automorphisms γ ∈ G, this value belongs to K.
If K has q elements and [E : K] = n, it is known that the automorphisms are generated by the
Frobenius automorphism x ; xq and consequently the trace can be defined by:
2 n−1
T rE/K (a) = a + aq + aq + · · · + aq .

Let A be an a finite abelian group. A homomorphism χ : A → C× is called character of A. It

fulfills the rule χ(a + b) = χ(a)χ(b). If it is constant equal 1, χ is the trivial character. If χ is a
character, its complex conjugated values χ̄ define a character as well. As every value of a character
is a root of 1, we observe that χ̄(a) = χ(−a). With the complex multiplication, the characters
build a group Ch(A) which is isomorphic with A.
The connection between trace and characters is the following: Let K = Fq and F = Fp the prime
field of K. Let ε ∈ C be a complex p-root of 1. V is a finitely dimensional vector space over K
and its dual space is V ∗ = HomK (V, K). Then:
Ch(V ) = {χf | f ∈ V ∗ },
where we define χf (v) = εT rK/F (f (v)) for v ∈ V . Here we identify F with {0, 1, . . . , p − 1}.
Denote with CA the set of all functions f : A → C. On this set we define the Hermitian product:
1 X
hf, gi = f (x)g(x).
|A|
x∈A

If A is a finite abelian group, and χ, ψ ∈ Ch(A), then:

(
1, χ = ψ,
hχ, ψi =
0, χ 6= ψ.

In particular, the set Ch(A) is an orthonormal basis of CA for the Hermitian product.

23
14 Weight polynomial
Definition 14.1 Let C be a code of length n. Let Ai be the number of code-words of weight i in
C. The polynomial:
X n
AC (z) = Ai z i ∈ Z[z]
i=0

the weight polynomial of C.

The following duality theorem belongs to MacWilliams:

Theorem 14.2 Let C be an [n, k]-code over K = Fq with the weight polynomial A(z), and let
A⊥ (z) be the weight polynomial of C ⊥ , then:
 1−z 
A⊥ (z) = q −k (1 + (q − 1)z)n A .
1 + (q − 1)z

Proof: Let χ be a non-trivial character of the additive group of K, this means a non-constant
homomorphism χ : (K, +, 0) → (C× , ·, 1). For u ∈ K n we define:
X
gu (z) = χ(hu, vi)z wt (v) ∈ C[z].
v∈K n

We observe that:
X X X X
gc (z) = χ(hc, vi)z wt (v) = f (v)z wt (v) ,
c∈C c∈C v∈K n v∈K n

where f (v) = c∈C χ(hc, vi). The mapping c ; χ(hc, vi) is a character χv of C which is trivial
P

1C for v ∈ C ⊥ . The orthogonality relations for characters implies now:

(
X |C|, v ∈ C ⊥ ,
f (v) = χ(hc, vi) = |C|hχv , 1C i =
c∈C
0, v∈/ C ⊥.

So: X X ⊥
gc (z) = |C|z wt (c )
= |C|A⊥ (z).
c∈C c⊥ ∈C ⊥

Now we compute the left side in a different way. For c = (c1 , . . . , cn ) ∈ C one has:
X
gc (z) = z wt (v) χ(hc, vi)
v∈K n
X Pn n
X 
wt (ai )
= z i=1 χ ci ai
(a1 ,...,an )∈K n i=1

X n
Y
= z wt (ai ) χ(ci ai )
(a1 ,...,an )∈K n i=1
n X
Y
= z wt (ai ) χ(ci ai ).
i=1 ai ∈K
P
But as χ 6= 1 is a∈K × χ(a) = −1, so:
(P
X
wt (ai ) z wt (ai ) = 1 + (q − 1)z
ai ∈K ci = 0,
z χ(ci ai ) = P
ai ∈K
1 + z a∈K × χ(a) = 1 − z ci 6= 0.

24
This means that:
gc (z) = (1 − z)wt (c) (1 + (q − 1)z)n−wt (c) .
We can finally conclude:
X
A⊥ (z) = |C|−1 gc (z)
c∈C
X1−z wt (c)
= q −k (1 + (q − 1)z)n
1 + (q − 1)z
c∈C
 1−z 
= q −k (1 + (q − 1)z)n A .
1 + (q − 1)z
2
⊥
In this context we recall that Simq (k) = Hamq (k) and that we already implicitly shown that
the Simplex code has the following weight polynomial:
k−1
A(z) = 1 + (q k − 1)z q .

So using the theorem, one can compute the weight polynomial of the Hammimg code as well.

15 Theorem of Prange
Pn
Theorem 15.1 A binary code C has the weight polynomial A(z) = i=0 Ai z i and its extension
Pn
Ĉ has the weight polynomial  = i=0 Âi z i . Suppose that P er(Ĉ) is transitive. Then:

2iA2i 2iÂ2i
A2i−1 = =
n + 1 − 2i n+1
n+1
for 1 ≤ i ≤ 2 . In particular, the minimal weight of C is odd.

Proof: It is easy to see that Â2i = A2i + A2i−1 and Â2i−1 = 0. In Ĉ exactly A2i−1 many code-
words of weight A2i have the digit 1 in the last coordinate. This is true for all other coordinates,
because P er(Ĉ) is transitive over the set {1, . . . , n + 1}.
X
wt (ĉ) = 2iÂ2i .
wt (ĉ)=2i

This implies:
2iÂ2i
A2i−1 = ,
n+1
and because Â2i = A2i + A2i−1 ,
2iA2i
A2i−1 = .
n + 1 − 2i

16 Equivalence of codes
Let K be a finite field and V ≤ K n . The projection fi (v) = vi is a linear function over V , so
fi ∈ V ∗ . The prime field of K is F = Fp = {0, 1, . . . , p − 1} and ε 6= 1 a complex p-root of 1. We
recall that every f ∈ V ∗ determines a character χf of V over:

χf (v) = εT rK/F f (v)

25
Lemma 16.1 For all v ∈ V ,
n X
X
(n − wt (v))|K| = χafi (v).
i=1 a∈K

P
Proof: If fi (v) = 0 then χafi (v) = 1 and a∈K χafi (v) = |K|.
If fi (v) 6= 0, recall that T r : K → F is surjective, so there is a decomposition:
p−1
[
K= (ai + Kern T r),
i=0

with T r(ai ) = i.

X X X p−1
X
χafi (v) = εT r(afi (v)) = εT r(a) = |Kern T r| εi = 0.
a∈K a∈K a∈K i=0

2
The following theorem was discovered by MacWilliams. The proof is from Ward and Wood.

Theorem 16.2 Let C and C 0 two linear codes of dimension k in K n . Then C ' C 0 if and only
if there is weight preserving K-linear isomorphism of vector spaces ϕ : C → C 0 .

Proof: If C ' C 0 then every isometry is in particular a weight preserving isomorphism from C to
C 0 . Now consider a linear isomorphism ϕ : C → C 0 with wt ϕ(c) = wt c for all c ∈ C. We consider
the projections fi (c) = ci and fi0 (c) = (ϕ(c))i . Both fi , fi0 ∈ C ∗ . We apply the Lemma and we
find out that for all c ∈ C one has:
n X
X
χafi (c) = (n − wt (c))|K| =
i=1 a∈K

n X
X
= (n − wt (ϕ(c)))|K| = χbfj0 (c).
j=1 b∈K

In conclusion the following functions are identic:

n X
X n X
X
χafi = χbfj0 ∈ CC .
i=1 a∈K j=1 b∈K

As χ0 = 1 we can reduce this to:

n
X X n X
X
χafi = χbfj0 .
i=1 a∈K × j=1 b∈K ×

Recall now that the characters of C build a basis of CC , there is a σ(1) ∈ {1, . . . .n} and a a1 ∈ K ×
such that χa1 fσ(1) = χf10 . This implies a1 fσ(1) = f10 . Then one has that:
X X
χafσ(1) = χbf10 ,
a∈K × b∈K ×

X X n X
X
χafi = χbfj0 .
i6=σ(1) a∈K × j=2 b∈K ×

26
Inductively we find a permutation σ ∈ Sn and elements ai ∈ K ∗ such that ai fσ(i) = fi0 for
i = 1, . . . , n.

(f1 (c), . . . , fn (c))Diag(aσ−1 (1) , . . . , aσ−1 (n) )P (σ) = (a1 fσ(1) (c), . . . , an fσ(n) (c))

= (f10 (c), . . . , fn0 (c)).

Theorem 16.3 Both the Hamming code Hamq (k) and the simplex code Simq (k) have the group
of automorphisms isomorphic with GL(k, q).

Proof: It is clear that Aut Hamq (k) ' Aut Simq (k) because the codes are dual. Let C =
Simq (k) ≤ K n with |K| = q and n = (q k − 1)/(q − 1). Every ϕ ∈ GL(C) is weight preserving
because all 0 6= c ∈ C have the same weight. MacWilliams’ Theorem shows that ϕ can be extended
to a monomial application of K n . So GL(C) is a subgroup of Aut(C). We need to show that the
homomorphism of natural restriction Aut(C) → GL(C) corresponding to the restriction of some
C-preserving automorphism of K n to C, is injective. Let M = Diag(a1 , . . . , an )P (π) a monomial
isometry of K n , such that M |C is the identity. Suppose that for some i, π(i) 6= i. But the
columns of the generating matrix of C are linear independent over K, so there exists c ∈ C with
ci 6= aπ(i) cπ(i) . But:

c = (c1 , c2 , . . . , cn ) = (c1 , c2 , . . . , cn )M = (aπ(1) cπ(1) , . . . , aπ(n) cπ(n) ),

so ci = aπ(i) cπ(i) , which is a contradiction. So M was a diagonal matrix, and this has to be the
identity. 2
The linearity is an important hypothesis in the Theorem of Ward and Wood. One knows examples
of codes with the same cardinality and the same distribution of weights, which are not equivalent.

17 Subfield codes
In this section K = Fq ≤ E = Fqm , so m = [E : K]. The Galois group G of E over K is generated
by the Frobenius automorphism x ; xq . The action of G on E can be extended over E n by:

τ (x1 , . . . , xn ) = (τ x1 , . . . , τ xn ).

Similarly one can extend the action of the trace function T r = T rE/K to tuples, as:

T r(x1 , . . . , xn ) = (T r(x1 ), . . . , T r(xn )).

Definition 17.1 Let C be a linear E-vector subspace of E n . The code C|K = C ∩ K n is called
subfield code of C. The set T r(C) ≤ K n is the trace code of C.

It is clear that C|K consists of all elements in C which are let invariant by the Frobenius auto-
morphism of E n .

Theorem 17.2 Hamming codes are subfield codes of GRS codes. If gcd(m, q − 1) = 1, the Ham-
ming code Hamq (m) is equivalent to a cyclic code. In particular, every binary Hamming code is
equivalent to a cyclic code.

Proof: Let n = (q m − 1)/(q − 1). Let hj = (h1j , . . . , hmj )T the column Pm j of a check matrix
of Hamq (m). Consider a K-basis u1 , . . . , um of E over K and vj = i=1 hij ui ∈ E. Let
v = (v1 , . . . , vn ) ∈ E m . Then Hamq (m) = v ⊥ |K. But as v ⊥ = GRS2 (∗, v), Hamming codes are
subfield codes of generalized Reed-Solomon codes.

27
Now consider the case gcd(m, q − 1) = 1. But then:

qm − 1
n= = q m−1 + · · · + q + 1 =
q−1

= (q − 1)[q m−2 + 2q m−3 + · · · + (m − 2)q + (m − 1)] + m,

so it follows gcd(n, q − 1) = 1. Let α be a primitive n-root of 1 in E. We can choose v =
(1, α, . . . , αn−1 ) because αi ∈
/ K for i = 1, . . . , n − 1. Indeed, if αi = a ∈ K, then αi(q−1) = 1,
which is in contradiction with ord(αq−1 ) = ord(α)/ gcd(n, q − 1) = ord(α) = n. So hvi is cyclic,
and hvi⊥ |K is cyclic. 2
The following theorem was discovered by Delsarte:

Theorem 17.3 If C is a code of length n over E, then:

(C|K)⊥ = T r(C ⊥ ).

Proof: We show first that (C|K)⊥ ⊆ T r(C ⊥ ), or equivalent that (T r(C ⊥ ))⊥ ⊆ C|K. Take
x = (x1 , . . . , xn ) ∈ (T r(C ⊥ ))⊥ and y = (y1 , . . . , yn ) ∈ C ⊥ . For every a ∈ E, because x ∈ K n , one
has:
X n
0 = hx, T r(ay)i = xi T r(ayi ) = T r(ahx, yi).
i=1

So hx, yi = 0 and x ∈ C ⊥⊥ = C, but also x ∈ K n , so x ∈ C|K.

For the other inclusion, we must show that if y ∈ C ⊥ and c ∈ C|K, then hc, T r(y)i = 0. Recall
that T r is K-linear.
n
X n
X
hc, T r(y)i = ci T r(yi ) = T r(ci yi ) =
i=1 i=1
n
X 
= Tr ci yi = T r(hc, yi) = T r(0) = 0.
i=1
2

28
Part IV

Cyclic codes

29
18 Codes as ideals
Instead of subset of K n , we can see a code also as subset of R = {f | f ∈ K[x], deg f < n}. The
advantage is that now we have a new operation defined by:

f ◦ g = (f g) mod (xn − 1).

We see that (R, +, ◦, 0, 1) is a ring.

Theorem 18.1 A code C ≤ R is cyclic if and only if C is an ideal in the ring R.

Proof: This follows immediately from the observation that if c(x) = c0 + c1 x + · · · + cn−1 xn−1 ∈ C
then:
c(x) ◦ x = cn−1 + c0 x + · · · + cn−2 xn−1 .
2

Theorem 18.2 If C ≤ R is a cyclic [n, k]-code, then:

1. There is a uniquely determined monic polynomial g ∈ K[x] with deg g = n − k such that
g | xn − 1 and C = g ◦ R.
2. {gxj | j = 0, 1, . . . , k − 1} is a K-basis of C.

Proof: Every ideal in K[x] is a principal ideal and is generated by a polynomial of lest degree,
contained inside. This property is heired by the factor algebra K[x]/(xn − 1)K[x]. So C = g ◦ R.
If we choose g monic, then is g uniquely determined. But xn − 1 = gh + r with deg r < deg g and
because −r = g ◦ h ∈ C it follows that r = 0, so g | xn − 1. Also:

deg g = dim K[x]/gK[x] = dim R/C = dim R − dim C = n − k.

Definition 18.3 If C ≤ R is a cyclic code, the polynomial g given by the theorem above is called
generating polynomial of C. The polynomial
xn − 1
h=
g
is called check polynomial of C.

Lemma 18.4 Let C ≤ R be a cyclic [n, k]-code. Further let g = g0 +· · ·+gn−k xn−k its generating
polynomial and h = h0 + · · · + hk xk the check polynomial of C. Then is:
 
g0 g1 . . . gn−k 0 ... 0
 0 g0 g1 ... gn−k . . . 0 
G=. ..  ∈ Mk×n (K)
 
. . .
 .. .. .. .. . 
0 0 ... g0 g1 ... gn−k
a generating matrix of C, and
 
hk hk−1 ... h0 0 ... 0
0 hk hk−1 ... h0 ... 0
H= . ..  ∈ M(n−k)×n (K)
 
.. .. ..
 .. . . . .
0 0 ... hk hk−1 ... h0
a check matrix of C.

30
Proof: G is of course a generating matrix for C. The equality:
n  n−k
X X 
xn − 1 = gh = gj hi−j xi ,
i=0 j=0

implies that:
n−k
X
gj hi−j = 0
j=0

for all i = 1, . . . , n − 1, which is equivalent with GH T = 0. Also, from gh = xn − 1 follows

g0 h0 = −1, so h0 6= 0. So H has rank equal n − k and is check matrix for C. 2

Definition 18.5 For f ∈ K[x] of degree n we define its dual polynomial:

1
f ∗ (x) = xn f .
x

Corollary 18.6 Let C be a cyclic code of dimension k with generating polynomial g and check
polynomial h. Then is g ⊥ = h(0)−1 h∗ the generating polynomial of C ⊥ . Moreover, C ⊥ is equiva-
lent to the code generated by h.

Using the Theorem of Delsarte, if the caracteristic of K = Fq does not divide the length ofQthe code,
cyclic codes are trace codes. In this case there is an extension of K such that xn − 1 = (x − αi )
where α is a primitive n-root of 1. The polynomials g ∈ K[x] such that g | (xn − 1) correspond
uniquely to sets:
R(g) = {i | i ∈ Zn , g(αi ) = 0}.
where R(g) is closed under the mapping i ; iq mod n. If g is the generating polynomial of a
cyclic code C of length n over K,
n−1
X
C = {(c0 , . . . , cn−1 ) | ci ∈ K, ∀ j ∈ R(g) ci αij = 0}.
i=0

Theorem 18.7 If K is a finite field, its characteristic does not divide n, α is a primitive n-root of
1 in some extension E ≥ K and h ∈ K[x] with h | (xn −1), the following statements are equivalent:

1. C ≤ K n is cyclic with check polynomial h.

2. C = T rE/K (D) where D is the vector space generated by the vectors vj = (1, αj , . . . , αj(n−1) )
over E and j ∈ R(h∗ ).

Proof: h is the check polynomial of C if and only if h∗ is the generating polynomial of C ⊥ , so

n−1
X
C ⊥ = {(c0 , . . . , cn−1 ) | ci ∈ K, ∀ j ∈ R(h∗ ) ci αij = 0}.
i=0

With the definition of D, C ⊥ = D⊥ | K, and the Theorem of Delsarte implies:

C = (D⊥ | K)⊥ = T rE/K (D).

2
Application: Let C be a cyclic [n, k]-code with generating polynomial g. Consider a message
m ∈ Rk,K . To encode this message, one builds the code-word:

c(x) = xn−k m(x) − [xn−k m(x) mod g] ∈ C ≤ Rn,K .

31
For error detection, one checks if the received message v(x) is divisible by g. If yes, we can read
directly xn−k m(x) in v(x), because v(x) = xn−k m(x) + b(x) where deg b(x) < n − k. If there is
an error, one ask for the repetition of the message. This is the principle of the CRC-codes, cyclic
redundancy check codes. 2
This error recognition is even faster if the code is generated by an idempotent element e, that is
an element such that e2 = e. Such elements decompose the ring as:
R = eR ⊕ (1 − e)R.
Indeed, from r = er + (1 − e)r one has R = eR + (1 − e)R. But multiplication with e produces
the identity on eR and the zero function on (1 − e)R, so eR ∩ (1 − e)R = 0 and the sum is direct.
If a code is generated by an idempotent element e, then v 6= ev means that an error occurred
during the transmission.

Theorem 18.8 Suppose that K is a field of characteristic p and that p 6 | n. Let C ≤ R = Rn,K
be a cyclic code. Then there is a uniquely determined e ∈ K[x] with deg e < n such that C = e ◦ R
and e ◦ e = e. We call e the idempotent of C.

Proof: Let g be the generating polynomial of C and h the check polynomial of C. One can prove
that gcd(p, n) = 1 implies that gcd(g, h) = 1. So there are a, b ∈ K[x] such that ga + hb = 1.
Define e = g ◦ a = 1 − h ◦ b ∈ C. For c = g ◦ f ∈ C one has:
e ◦ c = (1 − h ◦ b) ◦ (g ◦ f ) = g ◦ f − h ◦ b ◦ g ◦ f = g ◦ f = c.
This shows also that e ◦ e = e and that C = e ◦ R. If also C = e0 ◦ R with e0 ◦ e0 = e0 then
e0 = e0 ◦ e = e because both multiplications with e and with e0 are identities. 2
We can take:
x ◦ g ◦ h0
e= ,
n
where h0 is the differentiation of h. This can be seen by derivating the identity xn − 1 = gh.

Theorem 18.9 Let the characteristic of K does not divide n and let C ≤ R = Rn,K be a cyclic
code with generating polynomial g. Further α is a primitive n-root of 1 over K and e ∈ K[x] with
deg e < n and e = e ◦ e.
The element e is the idempotent of C if and only if e and g have the same roots in the multiplicative
group generated by α.

Proof: As the characteristic of K does not divide n, all roots of g have multiplicity 1 and are
contained in hαi. Now e ◦ R = g ◦ R if and only if e = g ◦ a and g = e ◦ b for a, b ∈ K[x]. So g
and e have the same roots in hαi. On the other side, if g and e have the same roots in hαi, then
gcd(e, xn − 1) = g. This implies eK[x] + (xn − 1)K[x] = gK[x], so e ◦ R = g ◦ R. 2

19 BCH codes
The following result was discovered by Hocquenghem in 1959 and independently by Bose and
Ray-Chaudhuri in 1960 in the binary case. It is called BCH-bound.

Theorem 19.1 Let K be a finite field and let α be a primitive n-root of 1 over K. Further
l ∈ N \ {0}, 2 ≤ d ≤ n and r ∈ N with gcd(n, r) = 1. If the elements:
αl , αl+r , . . . , αl+(d−2)r
are roots for the generating polynomial of a cyclic code C of length n over K, then C has the
minimal weight d(C) ≥ d.

32
Proof: We define a = (1, αr , . . . , α(n−1)r ) and v = (1, αl , . . . , αl(n−1) ). As gcd(n, r) = 1, αr is
itself a primitive n-root of 1. We observe that C ≤ GRSd (a, v)|K. The bound is true because
d(GRSd (a, v)) = d. 2

Definition 19.2 Let GRSd (a, v) be the generalized Reed-Solomon code with a = (1, α, . . . , αn−1 )
and v = (1, αl , . . . , αl(n−1) ), where α is a primitive n-root of 1 over K = Fq and l ≥ 1. The existence
of α is equivalent with gcd(q, n) = 1. The subfield code C = GRSd (a, v)|K is called BCH-code of
designed distance d. A BCH-code C with n = q m − 1 is called primitive. If moreover l = 1, C is
a classic BCH-code (in narrow sense). All BCH-codes are cyclic.

Theorem 19.3 The generating polynomial of a BCH-code with designated distance d is:

g = lcm(mαi | i = l, . . . , l + d − 2)

where ma is the minimal polynomial of a over K, and its minimal distance is ≥ 2.

Proof: This polynomial is the polynomial of smallest degree with the given roots. The statement
about the minimal distance is just the BCH bound. 2

Example 19.4 A Reed-Solomon code C over K = Fq with minimal distance d has the generating
polynomial
d−1
Y
g= (x − αi ),
i=1

where α generates the multiplicative group of K. So the check polynomial of C is:

q−1
Y
h= (x − αi ).
j=d

The dual check polynomial h∗ has the roots:

{α−d , α−(d+1) , . . . , α−(q−1) } = {αq−1−d , αq−2−d , . . . , 1}.

Using the Theorem of Delsarte applied for cyclic codes, we get:

C = {(f (1), f (α), . . . , f (αq−2 )) | f ∈ K[x], deg(f ) = q − 1 − d}.

Example 19.5 K = Fq and gcd(k, q − 1) = 1. The Hamming code Hamq (k) ' GRS2 (∗, v)|K =
v ⊥ |K with v = (1, α, . . . , αn−1 ). So in this case the Hamming code is a BCH-code. The generating
polynomial is the minimal polynomial mα of α. The minimal distance is ≥ 3 because for each
root α of mα , αq is a root as well. Also, n and q − 1 are relatively prime.

Definition 19.6 For A ∈ GL(V ) and w ∈ V we define the mapping (A, w) : V → V as:

(A, w)(v) = Av + w.

The affine linear group of V is:

AGL(V ) = {(A, w) | A ∈ GL(V ), w ∈ V }.

Theorem 19.7 Let Ĉ be the extension of a primitive classical BCH-code C of length n = q m − 1

over K = Fq . Then AGL(1, E) ≤ P er(Ĉ). In particular, P er(Ĉ) is 2-transitive.

33
Proof: Let α be a primitive n-root of 1 in E = Fqm ≥ K. We identify the indexes 0, 1, . . . n used
to denote positions in a vector v ∈ K n+1 with elements of E, as we identify i with αi for i 6= n
and we identify n with 0 ∈ E. If AGL(1, E) = {(a, b) | a ∈ E × , b ∈ E}, this group operates over
K n+1 as follows:
(c0 , . . . , cn )(a, b) = (c(a,b)−1 (0) , . . . , c(a,b)−1 (n) ).
For (c0 , . . . , cn ) ∈ Ĉ, (c0 , . . . , cn )(α, 0) = (cn−1 , c0 , . . . , cn−3 , cn−2 , cn ) ∈ Ĉ, as C is cyclic. So Ĉ is
invariant for the group {(a, 0) | a ∈ E × }. But (a, b) = (a, 0)(1, a−1 b) and (1, u) = (u, 0)(1, 1)(u−1 , 0),
we must show only that (1, 1) ∈ P er(Ĉ). If d is the designed distance of the BCH-code C, for
1 ≤ j ≤ d − 1 we have:
n−1
X n−1
X n−1
X
c(1,1)−1 (i) αij = c(1,−1)(i) αij = ci (αi + 1)j + cn =
i=0 i=0 i=0, αi 6=−1

n−1 n−1 j  
X
i j
X X j
= ci (α + 1) + cn = ci αir + cn =
i=0 i=0 r=0
r
j   n−1 n
X j X X
= ci αir + cn = ci = 0,
r=0
r i=0 i=0

where we use the fact that (c0 , . . . , cn−1 ) ∈ C, so for 1 ≤ r ≤ j ≤ d − 1,

n−1
X
ci αir = 0.
i=0

So Ĉ is invariant for (1, 1). It follows that ACL(1, q m ) ≤ P er(Ĉ). But it is known that ACL(1, E)
operates 2-transitively on E (exercise!), so P er(Ĉ) operates 2-transitively on {0, . . . , n}. 2

Corollary 19.8 Using the Theorem of Prange, it follows that the minimal distance of binary
primitive classic BCH-codes is always an odd number.

In the following examples, K = F2 and C is a primitive classic BCH-code of designed distance d.

Example 19.9 Take n = 25 − 1 = 31 and d = 7. C has the generating polynomial:

g = lcm{mαi | i = 1, . . . , 6} = mα mα3 mα5 ,
where i 6 | 31 implies ord(αi ) = 31. So deg mαi = 5 for i = 1, 3, 5 and C is a [31, 16]-code with
minimal distance d(C) ≥ d = 7. If we suppose that d(C) ≥ 8, it follows by the previous corollary
that d(C) ≥ 9, because it has to be an odd number. By the Hamming bound,
4  
31−16
X 31
32768 = 2 ≥ = 36457,
i=0
i

which is a contradiction. So C is a [31, 16, 7]-code. 2

Example 19.10 Take n = 25 − 1 = 31 and d = 8. Now the generating polynomial g has degree
20 because also mα7 divides g. So C is a [31, 11]-code with d(C) ≥ d = 8. Because g(αj ) = 0 for
j = 1, 2, . . . , 10, we get with the BCH-bound d(C) ≥ 11. If d(C) ≥ 12, as d(C) must be odd, we
get d(C) ≥ 13. Using the Griesmer bound,
10 l
X dm
31 = n ≥ = 33,
i=0
2i

contradiction. So C is a [31, 11, 11]-code. 2

34
20 Newton’s Equations
For a very special kind of primitive classic BCH-codes, the minimal distance proves to be the same
as the designed distance. But in order to prove this, we must shortly develop some theory about
symmetric polynomials. Recall that the elementary symmetric functions sj = sj (x1 , . . . , xm ) for
j = 0, . . . , m are defined as follows:
s0 = 1,
s1 = x1 + · · · + xm ,
X
s2 = xi xj ,
i<j
.. ..
. .
sm = x1 . . . xm .
We define also another family of symmetric polynomials:
m
X
pr = pr (x1 , . . . , xm ) = xri .
i=1

The next result goes back to Isaac Newton:

Theorem 20.1 The following identities hold for 1 ≤ r ≤ m − 2:

r−1
X
(−1)j sj pr−j + (−1)r rsr = 0.
j=0

The following identities hold for r ≥ m − 1:

m
X
(−1)j sj pr−j = 0.
j=0

Proof: We consider the following polynomial:

m
Y m
X
σ(x) = (1 − xi x) = (−1)j sj xj ∈ K[x1 , . . . , xm ][x].
i=1 j=0

We apply the differentiation ∂/∂x and we develop the result as a sum of power series:
m
X m
X Y
(−1)j jsj xj−1 = σ 0 (x) = − xj (1 − xi x) =
j=0 j=1 i6=j
m m ∞ ∞
X σ(x) X X X
=− xj = −σ(x) xj (xj x)k = −σ(x) pk+1 xk .
j=1
1 − xj x j=1 k=0 k=0
If one compares the coefficients of x in the first and in the last expression, one finds Newton’s
identities. 2

Lemma 20.2 If K = Fq ≤ E = Fqn and u0 , . . . , uh ∈ E linear independent over K, the matrix:

u0 . . . uh
 
 uq0 . . . uqh 
A =  .. .. 
 
 . . 
h h
uq0 ... uqh
is regular.

35
Proof: Of course h + 1 ≤ n. Is E = hai, then 1 = a0 , a, . . . , ah are linear independent over K. So
there is a regular matrix B ∈ M(h+1)×(h+1) (K) such that:

(u0 , . . . , uh )B = (1, a, . . . , ah ).
i i
If we apply different powers of the Frobenius automorphism, we find that for all i ∈ N, (uq0 , . . . , uqh )B =
i i
(1, aq , . . . , ahq ). All together:

a2 ah
 
1 a ...
1 aq a2q ... ahq 
AB =  .. .. .. .. .
 
. . . . 
h h h
1 aq a2q ... ahq

This matrix is regular, being a Vandermonde matrix, so A is regular as well. 2

Theorem 20.3 Let K = Fq ≤ E = Fqn and U a K-linear subspace of E, of dimension h. Then:

Y h h−1
(x − u) = xq + ah−1 xq + · · · + a0 x ∈ E[x].
u∈U

Proof: Fix a K-basis of U : u0 , u1 , . . . , uh−1 . The following system of linear equations:

u0 ... uh
 
 uq0 ... q
uh  h h h
(x0 , x1 , . . . , xh−1 )  .. ..  = −(uq0 , uq1 , . . . , uqh−1 )
 
 . . 
h h
uq0 ... uqh

has a unique solution (a0 , . . . , ah−1 ) ∈ E h . Consequently for i = 0, . . . , h − 1 one has:

h−1
h X j
uqi + aj uqi = 0.
j=0

But the elements ui build a basis of U and raising to the power q is the identity on K = Fq , so it
follows:
h−1
h X j
uq + a j uq = 0
j=0

Q all u ∈ U . On the other hand, all elements u ∈ U solve this equation and the equation
for
u∈U (x − u). As they have the same degree, are both monic and have the same solution, both
polynomials must be equal. 2

Theorem 20.4 Let K = Fq and let C be a primitive classical BCH-code over K with designed
distance d = q h − 1. Then d(C) = d.

Proof: Let n = q m − 1 be the length of C and E = Fqm ≥ K = Fq . Further let U be a K-linear

subspace of E of dimension h. As the minimal distance is always ≥ d, it is enough to find an
element of weight d = q h − 1. In order to show this, we use the following identities:
X
ur = 0 (1)
u∈U

for r = 1, 2, . . . , d − 1, that will be proven afterwards.

36
The code-words from C are indexed again with the elements from E × using i ; αi for i =
0, . . . , n − 1, where α is a primitive root of 1 in E. We choose c as the vector which has 1 exactly
on the positions u ∈ U \ {0}. Then wt (c) = |U \ {0}| = q h − 1 = d, and the formula (1) shows
that c ∈ C.
In order to prove (1) we observe that:
h
Y q
X
(x − u) = (−1)j sj xj =
u∈U j=0

h h−1
= xq + ah−1 xq + · · · + a0 x ∈ E[x].
rsr = 0 for all r = 0, . . . , q h . If we
So if the characteristic of K does not divide j is sj = 0, so P
compute the power functions pr in the elements of u, pr = u∈U ur . According with Newton’s
equations,
r−1
X  r−1
X
pr = − sj pr−j + (−1)r rsr = − sj pr−j
j=1 j=1

for r = 1, . . . , q h −2. We apply now induction over r and find that pr = 0 for all r = 1, . . . , q h −2 =
d − 1. So the relations (1) are proven. 2

21 Quadratic Rest codes

Let p ∈ N be a prime number. The function:
x
: F×
p → Fp ,
×
p
x p−1
=x 2 .
p
is called symbol of Legendre. Its value is 1 if x is a square modulo p and is −1 if this is not the
case. For odd prime numbers p and q one knows the Reciprocity rule of Gauss:
q (p−1)(q−1)
p
= (−1) 4 ,
p q
2 p2 −1
= (−1) 8 ,
p
 −1  p−1
= (−1) 2 .
p
It is also known that given p prime, there exists an infinity of prime numbers r which are squares
(quadratic residuals) modulo p. In fact there are infinitely many primes r = kp + 1 with k ∈ N.
We denote with Qp the nonzero quadratic residues modulo p and with Np the non-quadratic
residues modulo p. Both sets have (p − 1)/2 elements. Let r 6= p another prime, such that
r mod p ∈ Qp . Let K = Fr . Let α be some p-root of 1, that is a root of xp − 1, and E = K[α].
We consider the polynomials: Y
q(x) = (x − αi ) ∈ E[x],
i∈Qp
Y
n(x) = (x − αi ) ∈ E[x].
i∈Np

As r is a quadratic residue modulo p, the Frobenius homomorphism x ; xr acting on these

polynomials permutes the roots. If αi is a root of q(x) then αri is a root of q(x), and the same
for n(x). So the coefficients are preserved by all the powers of Frobenius, and that means that
q(x), n(x) ∈ K[x].

37
Definition 21.1 If p 6= r are odd primes and r mod p is a quadratic residue, we denote by Q, N ,
Q̄, N̄ codes over K = Fr of length p generated by q(x), n(x), (x − 1)q(x) and (x − 1)n(x). They
are quadratic rest codes, or QR-codes.

Lemma 21.2 The following statements are true:

1. dim Q = dim N = (p + 1)/2 and dim Q̄ = dim N̄ = (p − 1)/2.

2. Q ' N and Q̄ ' N̄ .

Proof: The first statement follows from the fact that a cyclic code has dimension n − deg g, where
g is the generating polynomial. For the second one, observe that if l ∈ Np , then the mapping
i ; li mod p is a bijection between Qp and Np . The corresponding permutation matrix produces
both equivalences because:
p−1 p−1 p−1
X X −1 X
ci (αj )i = ci (απ(j) )π (i)
= cπ(i) (απ(j) )i .
i=0 i=0 i=0

Example 21.3 Take p = 7 and r = 2 = 32 mod 7 is a quadratic residuum. Let α 6= 1 be a 7-root

of 1 in F8 with the minimal polynomial:

mα = x3 + x + 1 = (x − α)(x − α2 )(x − α4 ) = q(x)

over K = F2 . The QR-code corresponding to q(x) is a BCH-code. We have already seen that it is
the binary [7, 4, 3] Hamming code.

Example 21.4 Take p = 23 and r = 2. We compute:

2 22·24
= (−1) 8 = 1.
23
In F2 [x] one has the following decomposition:

x23 − 1 = (x − 1)(x11 + x10 + x6 + x5 + x4 + x2 + 1)(x11 + x9 + x7 + x6 + x5 + x + 1)

Both polynomials of degree 11 are irreducible, because if they were reducible, there was a primitive
23-root of 1 in F2t for t ≤ 10. But this is not the case because 23 does not divide any 2t − 1 for
t ≤ 10. For a good choice of a 23-root of 1, we may choose
Y
q(x) = (x11 + x10 + x6 + x5 + x4 + x2 + 1) = (x − αi ).
i∈Q23

so the QR-code is a BCH-code with parameters [23, 12, d]. But the set of squares

Q23 = {1, 2, 3, 4, 6, 8, 9, 12, 13, 16, 18}.

The squares contain the arithmetic progression 1, 2, 3, 4 so the minimal distance is d ≥ 5. We will
show later that d = 7 and that this QR-code is the Golay code Gol(23).

Example 21.5 Take p = 11 and r = 3.

3  11  2
=− =− = −(−1) = 1.
11 3 3

38
In F11 [x] one has the following decomposition:

(x11 − 1) = (x − 1)(x5 + x4 − x3 + x2 − 1)(x5 − x3 + x2 − x − 1)

and both polynomials of degree 5 are irreducible because 11 does not divide any number 2t − 1
for t ≤ 4. Any one of the two polynomials can be chosen to be q(x), and we get a QR-code
with parameters [11, 6, d]. With l = 1 and r = 2 in the definition of the BCH-bound, as Q11 =
{1, 3, 4, 5, 9} we get the minimal distance d ≥ 4. We will show that d = 5. The code is equivalent
with Golay code Gol(11).

Let α 6= 1 a p-root of 1 over K = Fr , where p is an odd prime and r 6= p is a prime such that
r = x2 mod p. We define:
p−1  
X i i
γ= α.
i=1
p
 
As pr = 1 and −1 = 1 in characteristic 2, we get the equation:

p−1   p−1   p−1 

X i r X i X ir 
γr = αir = αir = αir = γ,
i=1
p i=1
p i=1
p
 
−1
hence γ ∈ Fr . It is known that γ 2 = p p 6= 0, so γ 6= 0. (exercize, this is the so called Gauss
sum.)
γ
Now we define the following notion of extension of a QR-code. In the case r = 2 one has p = 1 in
F2 , this notion coincides with the general extension of codes.

Definition 21.6 The extension Q̃ of a QR-code Q is defined as:

p−1
n γX  o
Q̃ = c0 , . . . , cp−1 , − ci | (c0 , . . . , cp−1 ) ∈ Q .
p i=0

Theorem 21.7 Let p = 4k + 3 be a prime number and Q be a QR-code of length p over K = Fr .

In this case:

1. Q⊥ = Q̄.
2. Q̃⊥ = Q̃.

Proof: In the following we use the fact that −1 is not a square modulo p, so the application
x ; −x maps Qp one in one onto Np .
Let q(x) = i∈Qp (x − αi ) be the generating polynomial of Q. As always in cyclic codes, Q⊥ has
Q
as generating polynomial:
p+1
 1  1  Y
q ⊥ (x) = −n(0)−1 x 2 n − 1 = −n(0)−1 (1 − αj x)(1 − x) =
x x
j∈Np
Y Y Y
= (α−j − x)(1 − x) = (αi − x)(1 − x) = (x − αi )(x − 1) = q(x)(x − 1).
j∈Np i∈Qp i∈Qp

So Q⊥ = Q̄.
In order to prove that Q̃ is self-dual, we consider a generating matrix Ḡ of Q̄ and the extended
matrix:  
Ḡ
G= ∈ M p+1 ×p (K).
1 ... 1 2

39
We know that:
p−1
X xp − 1
xi = = q(x)n(x)
i=0
x−1

and that p 6= 0 mod r. Consequently (1, 1, . . . , 1) ∈ Q \ Q̄. So G is a generating matrix for Q.

Now we consider the matrix:
 
0
 .. 
G̃ = 
 Ḡ . 
 ∈ M p+1 ×(p+1) (K).
2
 0 
1 . . . 1 −γ
Pp−1
Because of Q⊥ = Q̄ and because of (1, 1, . . . , 1) ∈ Q we get i=0 ci = 0 for (c0 , . . . , cp−1 ) ∈ Q̄.
Hence G̃ is generating matrix of Q̃. Call z the last row of G̃. It follows:
 −1 
hz, zi = p + γ 2 = p + p = p − p = 0.
p

So Q̃ ⊆ Q̃⊥ but as they have equal dimension (p + 1)/2, they are equal sets. 2
Now we finally can compute the minimal distance of the Golay code as QR-codes.

Example 21.8 The QR-code Q with parameters [23, 12] is equivalent with the Golay code Gol(23).
Q̄ has the generating polynomial (x+1)q(x) = x12 +x10 +x7 +x4 +x3 +x2 +x+1. In particular, Q̄
has a basis consisting of vectors of weight 8. Now we look to the generating matrix of the extended
QR-code G̃ and we observe, that Q̃ has a basis consisting of vectors whose weights are divisible
with 8. But Q̃ is a self-dual binary code, so it is 4-divisible. We know already that d(Q) ≥ 5. So
it is d(Q̃) ≥ 8 and d(Q) ≥ 7. On the other hand, by the Hamming bound d(Q) ≤ 7, so d(Q) = 7.

Example 21.9 The ternary [11, 6]-code Q is equivalent with the Golay code Gol(11).
Because Q̃ is self-dual, it is 3-divisible. We already know d(Q) ≥ 4, so d(Q̃) ≥ 6, which implies
d(Q) ≥ 5. Using again the Hamming bound, we get d(Q) = 5.

The proof that a code with parameters [23, 12, 7] or [11, 6, 5] that contains 0 is always a linear
code, and is isomorphic with Gol(23) or with Gol(11) is more complicated, but the statement is
true.
In the rest of this section we show some interesting properties of the case p = 8k + 7, r = 2. We
define the following polynomials: X
eq = xi ∈ F2 [x],
i∈Qp
X
en = xi ∈ F2 [x].
i∈Np

Theorem 21.10 Let p = 8k − 1 and r = 2. For an adequate choice of α, eq is the idempotent of

Q and 1 + en is the idempotent of Q̄.

Proof: We observe that: 2 8k(8k−2)

= (−1) 8 = 1.
p
Hence: X X
eq ◦ eq = x2i = xi = eq .
i∈Qp i∈Qp

40
Also en ◦ en = en . So eq (α), en (α) ∈ {0, 1}. But:

eq (α) + en (α) = α + · · · + αp−1 = −1 = 1.

It might be necessary to replace α with αj with j ∈ Np , but up to this substitution we may

suppose eq (α) = 0 and en (α) = 1. Then eq (αi ) = 0 and en (αi ) = 1 for all i ∈ Qp . Further
is eq (1) = en (1) = (p − 1)/2 = 1. So eq is idempotent and has the same roots in hαi like the
generating polynomial of Q, and 1 + en has the same roots in hαi like the generating polynomial
of Q̄. The conclusion follows from the unicity of the idempotent of a cyclic code. 2

Theorem 21.11 For p = 8k − 1 and r = 2 is the extended QR-code Q̃ self-dual and 4-divisible.

Proof: We already know that the code is self-dual. We also know that the elements (1 + en ) ◦ xi
(i = 0, . . . , p − 1) generate Q̄. All those elements have weight (p + 1)/2, which is divisible with 4.
So Q̃ has a basis of elements, which have all weights divisible with 4. 2

41
Part V

Error correction and other topics

42
22 Classic Goppa codes
Let K be a field. With K(x) we denote the field of rational functions over K. This is the field
of fractions of the ring of polynomials over K, which is a domain of integrity. If f, h ∈ K(x) and
g ∈ K[x] we write f ≡ h mod g if
u
f −h=
v
with u, v ∈ K[x], gcd(u, v) = 1 and g | u. This congruence is a relation of equivalence over K(x).

Definition 22.1 Consider the fields K = Fq ≤ E = Fqm . Let P = {a1 , . . . , an } a finite subset of
E and g a monic polynomial in E[x] with g(ai ) 6= 0 for all i. The linear code:
n
n X ci o
Γ(P, g) = c = (c1 , . . . , cn ) | ci ∈ K, ≡ 0 mod g
i=1
x − ai

is a classic Goppa code. The polynomial g is the Goppa polynomial. If g is irreducible, we say
that the code is irreducible as well.

The classic Goppa codes are subfield codes for some generalized Reed-Solomon codes.

Theorem 22.2 Let Γ(P, g) be a classic Goppa code with P = {a1 , . . . , an } and deg g = t. Then:

1. If t ≥ n then Γ(P, g) = 0.
2. If t < n then Γ(P, g) = GRSt+1 (a, v)|K, if a = (a1 , . . . , an ) and v = (g(a1 )−1 , . . . , g(an )−1 ).

Proof: Denote Γ(P, g) with C and write g = gt xt + · · · + g0 where gt 6= 0. Define:

g(x) − g(ai )
fi (x) = − g(ai )−1 ,
x − ai
such that:
(x − ai )fi (x) = 1 − g(ai )−1 g(x) ≡ 1 mod g,
1
fi (x) ≡ mod g.
x − ai
The polynomial h(x) = g(x) − g(ai ) has h(ai ) = 0 so is divisible by the polynomial x − ai . It
follows that fi ∈ E[x] and that deg fi = t − 1. It follows that c = (c1 , . . . , cn ) ∈ C if and only
if c1 f1 (x) + · · · + cn fn (x) ≡ 0 mod g. But the left-hand side has degree < t, so the condition is
c1 f1 (x) + · · · + cn fn (x) = 0.
We observe the identity:

g(x) − g(y)
= gt (xt−1 + xt−2 y + · · · + y t−1 ) + gt−1 (xt−2 + xt−3 y + · · · + y t−2 ) + · · · +
x−y

+ g2 (x + y) + g1 .
Put y = ai and vi = g(ai )−1 . Then the condition c1 f1 (x) + · · · + cn fn (x) = 0 can be written down
in the form of a check matrix:
 
gt v1 ... gt vn
 (gt−1 + a1 gt )v1 ... (gt−1 + an gt )vn 
=

.. ..


 . . 
(g1 + a1 g2 + · · · + at−1
1 gt )v1 ... (g1 + an g2 + · · · + at−1
n gt )vn

43
   
gt 0 0 ... 0 v1 ... vn
gt−1 gt 0 ... 0  a1 v1 ... an vn 
= . .

..   ..

..

.. ..
 .. . . .  . . 
g1 g2 g3 ... gt at−1
1 v1 ... at−1
n vn

As gt 6= 0, the right matrix is itself a check matrix for C. In the case t ≥ n, the kernel of the right
matrix consists of 0 only. 2
It follows that d(Γ(P, g)) ≥ 1 + t, for t < n.

Example 22.3 Let C be a classic BCH-code over K of length n and of designed distance d. Let
α be the corresponding primitive n-root of 1 over K. If we define P = {αi | i = 0, 1, . . . , n − 1}
and g = xd−1 , then C ' Γ(P, g).

23 The Berlekamp-Welch algorithm

The Berlecamp-Welch algorithm is a fast error correction procedure for a version of the classic
Reed-Solomon code.

Definition 23.1 Let K be a commutative field, not necessarily finite. Let t ≥ 1 and n = 3t + 1.
We consider the following linear code C of length n over K. Let x1 , . . . , xn ∈ K be fixed pairwise
different elements.
C = {(f (x1 ), . . . , f (xn )) | f ∈ K[x], deg f ≤ t}.

Theorem 23.2 There is a procedure to fast correct e < t many errors in C.

Proof: Consider the polynomial:

Q(x, y) = f0 (x) − f1 (x)y,

where f0 , f1 ∈ K[x], deg f0 ≤ 2t, deg f1 ≤ t and f1 (0) = 1. Suppose that the received code-word is
(y1 , . . . , yn ) and that there are at most e transmission errors. This means that there is a code-word
c = (c1 , . . . , cn ) ∈ C and there is a set of indexes i1 , . . . , ie such that cij 6= yij but ck = yk for
k 6= ij .
We write down the conditions Q(xk , yk ) = 0. This means that we have got a system of n = 3t + 1
equations with (2t + 1) + t = 3t + 1 unknowns, which are the unknown coefficients of f0 and f1 . We
solve the system and we find out the polynomial f which has produced the code-word by division
with remainder in the ring K[x]:
f0 (x)
f (x) = .
f1 (x)
Now we must prove that f1 | f0 and the result of the polynomial division is really f , the polynomial
corresponding to c. Indeed, consider the polynomial P (x) = Q(x, f (x)), where f is the polynomial
we are trying to determine. The polynomial has degree ≤ 2t but at least n − e roots - the valid
points. But:
n − e > n − t > 3t − t = 2t,
so the polynomial has a number of roots which is bigger that its degree. As being defined over a
commutative field, P (x) must be 0, so the equality:

f0 (x) = f (x)f1 (x)

is a polynomial identity.

44
Now we can generate the original code-word:
(c1 , . . . , cn ) = (f (x1 ), . . . , f (xn )).

24 The Peterson-Gorenstein-Zierler algorithm

Let GRSd (a, v) be a generalized Reed-Solomon code of length n over E = Fqm . Recall that
2 ≤ d ≤ n ≤ q m and the components vi of the vector v are all different from 0. The components
ai are pairwise different. In this section we suppose also that ai 6= 0. GRSd (a, v) has the check
matrix:  
v1 ... vn
 a1 v1 ... an vn 
H =  .. ..  .
 
 . . 
d−2 d−2
a1 v1 . . . an vn
Further let K = Fq ≤ E and C = GRSd (a, v)|K. The following algorithm decodes consequently
Reed-Solomon codes, classic Goppa codes and BCH-codes.

Definition 24.1 Let c = (c1 , . . . , cn ) ∈ C. Let c̃ = c+f the received word. f = (f1 , . . . , fn ) ∈ K n
is the error vector, with wt (f ) = t ≤ (d − 1)/2. Let s = (s1 , . . . , sd−1 ) be the syndrome of c̃. This
means:
(s1 , . . . , sd−1 )T = H c̃T = H(c + f )T = Hf T .
The set F = supp f = {i1 , . . . , it } is the set of mistaken positions. The polynomial:
Y
σ(x) = (1 − al x) = σ0 + σ1 x + · · · + σt xt ∈ E[x],
l∈F

with σ0 = 1 is the error localisation polynomial. We observe l ∈ F if and only if σ(a−1

l ) = 0.

Lemma 24.2 1. For i = 1, . . . , d − 1,

X
si = ai−1
l vl f l .
l∈F

2. For i = t + 1, . . . , d − 1,
t
X
si = − σj si−j .
j=1

Proof: (1) follows directly from the definition of the syndrom. In order to prove (2) compute for
i = t + 1, . . . , d − 1:
Xt Xt X i−j−1
σj si−j = σj al vl fl =
j=0 j=0 l∈F
t
X 
σj a−j
X
= ali−1 vl fl l =
l∈F j=0
X
= ai−1
l vl fl σ(a−1
l ) = 0.
l∈F
2
The first part of the Lemma says that if we have the error positions, then we can use the syndrome
in order to compute c. The second part is useful to compute the error location polynomial.

45
Lemma 24.3 Consider η(x) = 1 + η1 x + · · · + ηt xt ∈ E[x]. If for j = t + 1, . . . , d − 1,
t
X
si = − ηj si−j ,
j=1

then η(x) = σ(x).

Proof: With η0 = 1 we get following equations:

t
X X
0= ηj si−j = ali−1 vl fl η(a−1
l )
j=0 l∈F

with i = t + 1, . . . , d − 1. There are d − 1 − t ≥ 2t − t = t equations. The following matrix is

regular:
 i=t+1,...,2t
ai−1
l v l f l .
l∈F

So η(a−1
l ) = 0 for l ∈ F , and η(x) = σ(x). 2
With other words, the error location polynomial is the polynomial of least degree, whose coefficients
satisfy the given linear constraints.

Definition 24.4 For every 1 ≤ r ≤ [(d − 1)/2], we consider the matrix:

 
s1 s2 ... sr
s2 s3 . . . sr+1 
Sr =  . ..  .
 
..
 .. . . 
sr sr+1 ... s2r−1

The term shk is nothing else as shk = sh+k−1 .

Remark 24.5 The first t equations in Lemma 24.2 say that the coefficients σi of the error local-
ization polynomial are solutions of the system:
   
σt st+1
St  ...  = −  ...  .
   

σ1 s2t

If we know the number of mistaken coordinates t, then we can compute the error localization
polynomial, and this results from the following Lemma.

Lemma 24.6 The matrix St is regular.

Proof: We define following t × t-matrices:

A = (ahk ) with ahk = ah−1
i k vi k ,
B = (bhk ) with bhk = δhk fik ,
C = (chk ) with chk = ah−1
ik .

t X
X t
(ABC T )hk = ahj bjm ckm =
j=1 m=1
t X
X t
= aih−1
j
vij δjm fim ak−1
im =
j=1 m=1

46
 t
X
= ah−1 k−1
ij vij fij aij =
j=1

t
X
= aih+k−2
j
vij fij = sh+k−1 = shk = (St )hk
j=1

All three matrices are regular and St = ABC T . 2

Now the only thing that remained to determine is the number of errors t = |F |. This is done with
the following theorem:

Theorem 24.7 Let e = [(d − 1)/2]. Then t = |F | = rk Se and Sr is singular for t < r ≤ e.

Proof: Consider the matrix:

 
s1 s2 ... se
s2 s3 ... se+1 
Se =  . ..  .
 
..
 .. . . 
se se+1 ... s2e−1

As t ≤ e, we already know that the first t columns of Se are linear independent, so rk Se ≥ t. Take
t < r ≤ e. The equalities from Lemma 24.2 mean that the column r of Se is linear dependent on
the t columns preceding it. So rk Se = t. 2
To sum up, the Peterson, Gorenstein and Zierler algorithm works as follows:

1. Compute the syndrome (s1 , . . . , sd−1 )T = H c̃T . If all si = 0, then c = c̃ and STOP.
2. Determine t = max{r | 1 ≤ r ≤ [(d − 1)/2], det Sr 6= 0}. If all det Sr = 0 there are too many
mistakes, return FALSE.

3. Determine the error localization polynomial σ(x) solving the system:

   
σt st+1
St  ...  = −  ...  .
   

σ1 s2t

4. Find out the set F = {i1 , . . . , it } by the equivalence i ∈ F ←→ σ(a−1

i ) = 0.

5. Compute the error f = (f1 , . . . , fn ) solving the system of equations:

 
vi1 ... v it    
 ai1 vi1 . . . fi1 s1
a v
it it  

..  = −  ..  .
 .. ..   . 

.
 . . 
f it st
ad−2
i 1 vi 1 . . . ad−2
i t vi t

6. Return c = c̃ − f .

Steps 2, 3 and 5 are computationally intensive. So new algorithms are done in order to optimize
them.

47
25 Error correction using Euclid’s algorithm
This section is a completion to Section 24. We keep all definitions and notations of this section.
The algorithm was discovered by Sugiama, Kasahara, Hirasawa and Namekawa.

Definition 25.1 We call error evaluation polynomial:

X Y
ω(x) = fl vl (1 − al0 x).
l∈F l0 ∈F \{l}

The syndrome polynomial is:

d−2
X
S(x) = si+1 xi .
i=0

Lemma 25.2 Let σ 0 (x) be the derivative of σ(x). Then we can compute the errors using:

ω(a−1
l ) al
fl = − 0 −1 · v
σ (al ) l

for l ∈ F .

Proof: We observe that: X Y

σ 0 (x) = − al (1 − al0 x).
l∈F l0 ∈F \{l}
2
We can find out the error evaluation polynomial using the error location polynomial, according to
the following Lemma:

Lemma 25.3 S(x)σ(x) ≡ ω(x) mod xd−1 .

Proof: By direct computation, we get:

d−2 X
X  Y 
S(x)σ(x) = ail vl fl xi (1 − al x) =
i=0 l∈F l∈F

X h d−2
X i Y
= vl fl (1 − al x) (al x)i (1 − al0 x) =
l∈F i=0 l0 ∈F \{l}
X h i Y
= vl fl 1 − (al x)d−1 (1 − al0 x) =
l∈F l0 ∈F \{l}
X Y
= vl fl (1 − al0 x) mod xd−1 = ω(x) mod xd−1 .
l∈F l0 ∈F \{l}

2
We show now an algorithm that computes in the same time σ(x) and ω(x). The algorithm works
in the following way. Because S(x)σ(x) ≡ ω(x) mod xd−1 , there is a true polynomial identity:

S(x)σ(x) + u(x)xd−1 = ω(x).

We set r−1 (x) = xd−1 and r0 (x) = S(x), and we compute recursively:

rk−2 (x) = qk (x)rk−1 (x) + rk (x),

48
where deg rk (x) < deg rk−1 (x). This works since finally rm (x) = gcd(xd−1 , S(x)) and rm+1 (x) = 0.
On the way backwards, we find relations for k = −1, 0, 1, . . . , m:

rk (x) = ak (x)xd−1 + bk (x)S(x).

Here we put a−1 (x) = 1, b−1 (x) = 0, a0 (x) = 0, b0 (x) = 1.

Lemma 25.4 The following statements are true:

1. gcd(ak (x), bk (x)) = 1 for all k = −1, 0, . . . , m.

2. deg bk (x) = d − 1 − deg rk−1 (x) for k = 0, 1, . . . , m.

Proof: (1) For k ≥ 1 we have rk (x) = rk−2 (x) − qk (x)rk−1 (x) and so

ak (x) = ak−2 (x) − qk (x)ak−1 (x),

bk (x) = bk−2 (x) − qk (x)bk−1 (x).

It follows:    
ak (x) bk (x) ak−2 (x) bk−2 (x)
det = det = ...
ak−1 (x) bk−1 (x) ak−1 (x) bk−1 (x)
   
a−1 (x) b−1 (x) 1 0
· · · = ± det = ± det = ±1,
a0 (x) b0 (x) 0 1
and it follows also that gcd(ak (x), bk (x)) = 1 for k ≥ 1.
(2) For k = 0 the statement is correct, so take k ≥ 1. We have bk (x) = bk−2 (x) − qk (x)bk−1 (x)
and deg qk ≥ 1, so we get by induction deg bk (x) > deg bk−1 (x). Now we make a new induction
and get:
deg bk (x) = deg qk (x)bk−1 (x) = deg qk (x) + deg bk−1 (x) =
= deg qk (x) + (d − 1 − deg rk−2 (x)) = deg qk (x) + d − 1 − deg qk (x)rk−1 (x) =
= d − 1 − deg rk−1 (x).
2

Theorem 25.5 The following statements are true:

d−1 d−1
1. There is a k ∈ {0, 1, . . . , m} such that rk (x) 6= 0, deg rk (x) < 2 and deg rk−1 (x) ≥ 2 .

2. For this k, σ(x) = µbk (x) and ω(x) = µrk (x), where µ = bk (0)−1 .

Proof: Because of rm (x) = gcd(xd−1 , S(x)) and S(x)σ(x) + u(x)xd−1 = ω(x), rm (x) | ω(x) and :

d−1
deg rm (x) ≤ deg ω(x) ≤ t − 1 < .
2
So there is a k as in the statement.
The following relations are true:

σ(x)rk (x) = σ(x)[ak (x)xd−1 + bk (x)S(x)],

ω(x)bk (x) = [S(x)σ(x) + u(x)xd−1 ]bk (x).

By subtracting them, we get:

σ(x)rk (x) − ω(x)bk (x) = [σ(x)ak (x) − u(x)bk (x)]xd−1 .

49
Because of deg σ(x) = t ≤ (d − 1)/2 and deg rk (x) < (d − 1)/2, deg σ(x)rk (x) < d − 1. Further:

d−1 d−1
deg bk (x) = d − 1 − deg rk−1 (x) ≤ d − 1 − = .
2 2
d−1
deg ω(x) ≤ t − 1 < −→ deg ω(x)bk (x) < d − 1.
2
Sot the congruence says in fact that:

σ(x)rk (x) = ω(x)bk (x),

σ(x)ak (x) = u(x)bk (x).

But by definition, σ(x) and ω(x) have no common root. So is gcd(σ(x), ω(x)) = 1. So σ(x) | bk (x)
and as gcd(ak (x), bk (x)) = 1, bk (x) | σ(x). So σ(x) = µbk (x), σ(0) = 1, so µ = bk (0)−1 . 2

26 The Berlekamp-Masey algorithm

Let K be an arbitrary field and L > 1 a natural number. A sequence (sk ) ⊂ K is a linear
homogeneous recursion sequence over K if there are σ1 , . . . , σL ∈ K such that for all k ≥ L + 1
one has:
XL
sk = − σi sk−i .
i=1
l
The polynomial σ(x) = 1 + σ1 x + · · · + σl x ∈ K[x], with σ0 = 1, is called feedback polynomial.
The pair (L, σ(x)) is a linear recursion of length L. The pair (0, 1) is the trivial recursion.

Theorem 26.1 For r = 1, . . . , N let (Lr , σ (r) ) be a recursion of minimal length, which generates
the sequence (sk ) with k = 1, . . . , r. Let (L0 , σ (0) (x)) the trivial recursion. We define:
Lr−1
(r−1)
X
δr = σj sr−j .
j=0

It follows: (
Lr−1 , δr = 0,
Lr =
max(Lr−1 , r − Lr−1 ), δr 6= 0,
for all 1 ≤ r ≤ N .

Proof: Because of the minimality of the length, Lr ≥ Lr−1 .

Now we show that if δr 6= 0 then Lr ≥ max(Lr−1 , r − Lr−1 ). In order to reach a contradiction,
suppose that Lr < r − Lr−1 . It is sure that Lr−1 ≤ r − 1. Now for j ∈ {1, . . . , Lr−1 } we get:

(1) Lr + 1 ≤ r − Lr−1 ≤ r − j ≤ r − 1,

and for i ∈ {1, . . . , Lr }

(2) Lr−1 + 1 ≤ r − Lr ≤ r − i ≤ r − 1.
The contradiction follows:
Lr−1
(r−1)
X
sr 6= − σj sr−j because δr 6= 0
j=1

50
 Lr−1 Lr
(r−1) (r)
X X
= σj σi sr−j−i because (1)
j=1 i=1

Lr Lr−1
(r) (r−1)
X X
= σi σj sr−j−i
i=1 j=1

Lr
(r)
X
= σi sr−i because (2)
i=1
= sr .

Now we show the Theorem by induction over r. Put r = 1. If δ1 = 0, then 0 = δ1 = s1 is

generated by the trivial recursion (0, 1). So L0 = L1 . If δ1 6= 0, then 0 6= δ1 = s1 is generated by
the minimal recursion (1, 1). So we got 1 = L1 = max{L0 , 1 − L0 } and the start of the induction
is verified. Now suppose that the statement has been proven for k = 1, . . . , r − 1 with 2 ≤ r ≤ N .
We can suppose that δt 6= 0 for at least one 1 ≤ t ≤ r − 1 because if not, then the recursion of
minimal length that generates s1 , . . . , sr would be (0, 1) in the case that δr = sr = 0 and (r, 1) in
the case that δr = sr 6= 0.
Let m ∈ N be determined by the condition:

Lr−1 = Lr−2 = · · · = Lm > Lm−1 .

If δr = 0 then Lr = Lr−1 because of Lr ≥ Lr−1 . So δr 6= 0. We define a recursion (Lr , σ (r) (x))

of minimal length, which generates the sequence s1 , . . . , sr and which verifies Lr = max(Lr−1 , r −
Lr−1 ). We set:
δr r−m (m−1)
σ (r) (x) = σ (r−1) (x) − x σ (x).
δm
We see that Lm > Lm−1 implies δm 6= 0. Also deg σ (r) (x) ≤ max(Lr−1 , r − m + Lm−1 ). The
choice of m and the induction hypothesis imply:

Lm−1 < Lr−1 = Lm = max(Lm−1 , m − Lm−1 ) = m − Lm−1 .

So deg σ (r) (x) ≤ max(Lr−1 , r − Lr−1 ). Set now:

L = max(Lr−1 , r − Lr−1 ).

Now we see that (L, σ (r) (x)) is a recursion that generates the sequence s1 , . . . , sr , because:
L Lr−1
X (r)
X (r−1) δr  Lm−1 (m−1)

sk + σj sk−j = sk + σj sk−j − sk+m−r + σj=1 σj sk+m−r−j =
j=1 j=1
δm
(
δr
δr − δm δm = 0 k = r,
=
0 k = L + 1, . . . , r − 1.
In order to apply this for k = L+1, . . . , r−1, we observe that (L+1)+m−r > (r−Lr−1 )+m−r =
r − (m − Lm−1 ) + m − r = Lm−1 , hence k + m − r ≥ Lm−1 + 1 for k = L + 1, . . . , r − 1. In conclusion
the recursion (L, σ (r) (x)) the sequence s1 , . . . , sr . Also, Lr ≥ L, and by minimality Lr = L. 2
The Berlekamp - Masey Algorithm works as follows:

1. Set (L0 , σ (0) ) = (0, 1) and L−1 = 0.

2. For r = 1, . . . , N execute the following steps:
PLr−1 (r−1)
(a) Compute δr = j=0 σj sr−j .

51
 (b) If δr = 0 set (Lr , σ (r) (x)) = (Lr−1 , σ (r−1) (x)).
(c) If δr 6= 0 set:
Lr = max(Lr−1 , r − Lr−1 ),
δr r−m (m−1)
σ (r) (x) = σ (r−1) (x) − x σ (x),
δm
where m = max{i | 0 ≤ i ≤ r − 1, Li > Li−1 }. If this maximum is 0, set σ (r) (x) = 1.
3. (LN , σ (N ) (x)) is a recursion of minimal length that generates s1 , . . . , sN .

In order to find the error localisation polynomial, one constructs the recursion of minimal length
that generates the syndrome sequence. If L > d−1 2 then send an error message. Else, we have got
σ(x) and we compute ω(x) with S(x)σ(x) ≡ ω(x) mod xd−1 .

27 Unicity of the binary Golay code

We show in this section that the binary Golay code is unique, in the sense that:

Theorem 27.1 Every (23, 212 , 7) binary code C that contains (0, 0, . . . , 0) is a linear code and is
equivalent with the binary Golay code Gol(23).

We first observe that:

Lemma 27.2 Every (23, 212 , 7) binary code C is perfect.

Proof: The Hamming bound theorem is a result about codes in general, not only about linear
codes. We compute that:
     
[  23 23 23
223 ≥ | B3 (c) | = 212 | B3 (0) | = 212 1 + + + = 212 211 .
1 2 3
c∈C

The code is perfect as it satisfies the equality in the Hamming bound theorem. 2
Proof of the theorem: We will show here that the code is linear and is formal equivalent with
Gol(23): has the same weight polynomial, and some other common properties. A complete proof
of the equivalence is too long and not appropriate for this lecture series.
Denote F2 with K. We choose a c0 ∈ C. Let Ai = |{c | c ∈ C, d(c, c0 ) = i}|. Moreover, for
0 ≤ j ≤ 23 we define the set:

Xj = {(x, c) | x ∈ K 23 , c ∈ C, d(x, c0 ) = j, d(x, c) ≤ 3}.

We will count Xj in two different ways. As C is perfect, for every x ∈ K 23 there is exactly one
c ∈ C such that d(x, c) ≤ 3. So one has:
 
23 23 23
|Xj | = |{x | x ∈ K , d(x, c0 ) = j}| = |{x | x ∈ K , d(x, 0) = j}| = .
j
On the other hand:
X
|Xj | = |{x | x ∈ K 23 , d(x, c0 ) = j, d(x, c) ≤ 3}|.
c∈C

If we write now c = c0 + fi with fi ∈ K 23 and d(fi , 0) = i, it follows:

|{x | x ∈ K 23 , d(x, c0 ) = j, d(x, c) ≤ 3}| =

52
 = |{y | y ∈ K 23 , d(y + c0 , c0 ) = j, d(y + c0 , c0 + fi ) ≤ 3}| =
= |{y | y ∈ K 23 , d(y, 0) = j, d(y, fi ) ≤ 3}|.
This quantity depends now only of j and i = d(fi , 0). So we conclude:
  23
23 X
= |Xj | = Ai · |{y | y ∈ K 23 , d(y, 0) = j, d(y, fi ) ≤ 3}|.
j i=0

However |{y | y ∈ K 23 , d(y, 0) = j, d(y, fi ) ≤ 3}| =6 0 at most for j − 3 ≤ i ≤ j + 3. For 3 ≤ j ≤ 20

we get:
j+3 j+2



Aj+3 h3 + Aj+2 2 +

i
+Aj+1 j+1 + j+1 23−(j+1) +




    1 2 1
23  h
j 23−j


i
= +Aj 1 + 1 1 +
j  h
i
23−(j−1) j−1 23−(j−1)



+A + +

j−1



 1 1 2
23−(j−2) 23−(j−3)



+Aj−2 2 + Aj−3 3 .
For j = 4, 5, . . . , 20 we can compute the weight polynomial coefficients A7 , A8 , . . . . We get:

A(z) = 1 + 253z 7 + 506z 8 + 1288z 11 + 1288z 12 + 506z 15 + 253z 16 + z 23 .

In particular Ai 6= 0 implies i = 0, 3 mod 4.

Now we show that the extension Ĉ is a linear, self-dual and 4-divisible code. This implies that C
is also a linear code. Suppose that there are ĉ1 , ĉ2 ∈ Ĉ such that d(ĉ1 , ĉ2 ) 6= 0 mod 4. Then we can
choose a component that we exclude, and we can find two elements in a (23, 212 , 7) code, whose
distance is = 1, 2 mod 4, and this contradicts what we have proven before. So every Hamming
distance in Ĉ is divisible with 4. As proven in the section dedicated to the self-dual codes,
Ĉ ⊂ Ĉ ⊥ , where we recall the fact that A⊥ can be defined also for subsets, not only for subspaces.
But |Ĉ| = 212 and
dim Ĉ ⊥ = dimhĈi⊥ ≤ 24 − dimhĈi ≤ 12,
we get Ĉ ⊥ = Ĉ, so Ĉ is linear and C is linear. 2
6
A similar proof works also for the (11, 3 , 5) ternary Golay code Gol(11).

28 Low density parity check codes

This section deals with a family of binary codes. Consider a 2-party graph with vertex sets
V = {x1 , . . . , xn } and W = {y1 , . . . , yk }. The edges build a relation E ⊂ V × W because they
connect vertexes from V with vertexes from W . One gets a binary check matrix H = (hij ) by
setting:
hij = 1 ←→ (xi , yj ) ∈ E.
This corresponds to a conjunction of linear conditions of the shape:
X
yj = xi = 0,
(xi ,yj )∈E

for j = 1, . . . , k.

Definition 28.1 The 2-party graph is called (l, r) regular if every vertex x ∈ V has degree l and
every vertex y ∈ W has degree r.

53
In this case the check matrix has k lines and n columns and one has the equality:

rk = nl.

Definition 28.2 For a subset U ⊆ V we denote with ∂U the set:

∂U = {w ∈ W | w connected with U }.

Definition 28.3 A (l, r)-regular graph with |V | = n is a (n, l, r, α, δ)-expander if:

∀ U ⊆ V |U | ≤ α|V | −→ |∂U | > δ|U |.

Theorem 28.4 Let E be a (n, l, r, α, δ)-expander such that δ ≥ 2l . Then the corresponding code
C(E) has minimal distance d > αn and consequently can correct < αn 2 many errors.

nl
Proof: Recall that nl = rk. As C(E) is determined by k = r equations, its dimension is:

nl
dim C(E) ≥ n − .
r
Let 0 6= v ∈ C(E). Consider the set U = {i | vi = 1}. A number of l|U | edges start in U . They
end in ≥ 2l |U | many conditions. If wt (v) ≤ αn, there must be a condition that contains only
one edge, because if not there would be less then |U |/2 conditions, and this contradicts with the
property of being an expander. So a condition reads y = vj = 1 and v ∈ / C(E). Contradiction. 2

Definition 28.5 For Low Density Parity Check Codes (LDPCC) one considers the following
correction algorithm:
1. Compute all conditions for v.
2. Find xi present in strictly more false conditions as in correct conditions. If there is no false
condition, then stop.
3. Flip xi in v. This means vi := 1 − vi .
4. Go to 1.

Theorem 28.6 If δ = 34 l then the algorithm corrects < αn

2 errors.

Proof: Consider v = (v1 , . . . , vn ) containing < αn

2 errors. We say that the algorithm is in state
(t, s) if there are t many errors and s many conditions are not verified. Supposed that we are
in the state (t, s) with t < αn = α|V |. Let k be the number of correct conditions that contain
corrupted values. As δ = 34 l, one has:
3
s + k > l,
4
because t corrupted values have edges to s + k conditions.
In a correct condition with corrupted values, one has at least another corrupted value. In an
incorrect condition, one has at least one corrupted value. So the number of conditions with
corrupted variables fulfills:
lt ≥ s + 2k.
All together:
3
tl ≥ s + k + k > lt + k,
4
and this yields:
1
k< lt.
4

54
But as s + k > 34 lt, we get:
lt
s> .
2
So there is a value such that more than half of its edges end in incorrect conditions. This value
will be flipped. The value was not necessarily a corrupted one, but the number s becomes smaller
by every flip, and that is what matters. 2

29 Exercises
Exercise 1: A [7, 4, 3] Hamming code C has the following check-matrix:
 
1 0 0 1 1 0 1
H = 0 1 0 1 0 1 1
0 0 1 0 1 1 1

Find a generating matrix for this code.

The system H~x = ~0 reads:

x1 + x4 + x5 + x7 = 0
x2 + x4 + x6 + x7 = 0
x3 + x5 + x6 + x7 = 0

We define the parameters (x4 , x5 , x6 , x7 ) = (a, b, c, d) ∈ F42 . It follows:

x1 = a+b+d
x2 = a+c+d
x3 = b+c+d

The general solution decomposes as follows:

         
a+b+d 1 1 0 1
 a + c + d 1 0 1 1
         
b + c + d 0 1 1 1
         

 a  = a 1 + b 0 + c 0 + d 0 .
        

 b 

0
 
1
 
0
 
0
 
 c  0 0 1 0
d 0 0 0 1

We have found a basis of the code C. The rows of the generating matrix are the basis vectors. So:
 
1 1 0 1 0 0 0
1 0 1 0 1 0 0
G= 0 1 1 0 0 1 0 .


1 1 1 0 0 0 1
2
Exercise 2: A [7, 4, 3] Hamming code C has the following generating matrix:
 
1 1 0 1 0 0 0
1 0 1 0 1 0 0
G= 0 1 1
.
0 0 1 0
1 1 1 0 0 0 1

Find a check-matrix for this code.

55
A check-matrix H has 3 rows and 7 columns, such that HGT = 0. Let a arbitrary row of H be:

(a, b, c, d, e, f, g).

We observe that the right-most 4 × 4 minor of G is the unit matrix, we can choose the parameters
(a, b, c) ∈ F32 . The general solution decomposes as follows:
       
a 1 0 0

 b 

0
 
1
 
0
 

 c 

0
 
0
 
1
 
 a + b  = a 1 + b 1 + c 0 .
       
 a+c  1 0 1
       
 b+c  0 1 1
a+b+c 1 1 1

Taking for (a, b, c) the standard basis vectors, one finds three linear independent possible rows of
the check-matrix. So we found:
 
1 0 0 1 1 0 1
H = 0 1 0 1 0 1 1 .
0 0 1 0 1 1 1

Observe that neither the generating matrix, nor the check-matrix, are unique. 2
Exercise 3: Compute the error syndromes for one error in the [7, 4, 3] Hamming code C of the
last exercises.
Consider the vectors ei ∈ F72 given by:  
0
0
 .. 
 
.
1 .
ei =  
 
.
 .. 
0
containing only one 1 at position i. Using the known check-matrix H we get:

He1 = (1, 0, 0) He2 = (0, 1, 0) He3 = (0, 0, 1)

He4 = (1, 1, 0) He5 = (1, 0, 1) He6 = (0, 1, 1)

He7 = (1, 1, 1)
2
Exercise 4: Using the syndromes from the previous exercise, correct the word:

c̃ = (1, 1, 0, 0, 1, 1, 1).

We compute immediately:
H c̃ = (1, 1, 1),
so the corrected word will be:

c = c̃ + e7 = (1, 1, 0, 0, 1, 1, 0).

56
Exercise 5: A code C consists of 4 binary words of length 4. Show that this code can NOT be
1-error correcting.
If it was 1-error correcting, the code would have d ≥ 3. But d = 4 is impossible for length 4,
because C would have at most 2 elements. So d = 3. However, any (4, 4, 3) code contradicts the
Hamming bound, because one has:
 
4
16 = 24 ≤ |C| 1 · (2 − 1)0 + (2 − 1)1 = 4(1 + 4) = 20,


1

while the Hamming bound reads 16 ≥ 20 in this situation. 2

Exercise 6: Show that ISBN10 recognises any letter transposition.
Let (c1 , . . . , c10 ) ∈ ISBN10. Let c0k be the letters composing the word after a transposition (i, j).
Suppose that both code words fulfill the conditions:
10
X
kck = 0 mod 11
k=1
10
X
kc0k = 0 mod 11
i=k

By subtracting the relations, we get: (j − i)(ci − cj ) = 0 mod 11. But Z11 is a field and we get
ci = cj unless i = j. 2
Exercise 7: Show that there is no binary code with parameters (7, 8, 5).
If d = 5 then e = 2. By Hamming Bound:
   
7 7 7!

27 ≥ 23 1 + + ) = 23 (1 + 7 + = 23 (1 + 7 + 21) = 23 · 29,
1 2 2!5!

so 16 ≥ 29, which is false. 2

78
Exercise 8: Show that there is no binary code with parameters (90, 2 , 5).
If d = 5 then e = 2. By Hamming Bound:
   
90 90
290 ≥ 278 1 + + )
1 2

is equivalent with 4096 ≥ 4096. As it transform the Hamming Bound in equality, this code, if it
exist, should be perfect. But this code is neither the binary Golay code because 23 6= 90, nor a
Hamming code, because d = 5. So this code cannot exist. 2
Exercise 9: Show that there is no binary code P with parameters (90, 278 , 5), but without using
the characterisation of the perfect codes.
We may suppose that 0 ∈ P . We consider the sets:

V = {v = (v1 , . . . , v90 ) | vi ∈ {0, 1}, v1 = v2 = 1, d(v, 0) = 3},

C = {c = (c1 , . . . , c90 ) ∈ P | c1 = c2 = 1, d(c, 0) = 5},
A = {(v, c) | v ∈ V, c ∈ C, hv, ci = 1}.

We compute in two different ways the cardinality of A.

X X
| {v ∈ V | hc, vi = 1} | = 3 = 3| C |
c∈C c∈C

57
On the other hand, for some v ∈ V , at most one c ∈ C has the property that hc, vi = 1. Of course,
if c1 6= c2 would fulfill this condition, then d(c1 , c2 ) < 5. But there must be at least one c, because
else there would be less then 278 codewords, so there is exactly one.
It follows 88 = 3| C |, contradiction.
Exercise 10: Let p be a prime number, q = pt and n = (q k − 1)/(q − 1) with k ≥ 2. Let C be a
linear code with parameters [n, n − k, 3]. Show that C is a Hamming code.
Let K = Fq , C ≤ K n , dim C = n − k. C is the intersection of k many independent hyperplanes.
If the hyperplane Hi has the equation:

ai1 v1 + · · · + ain vn = 0,

let H = (aij ) ∈ Mk×n the matrix built by those coefficients. Of course,

c ∈ C ↔ HcT = 0.

C has d = 3 so every two columns of H are linear independent. So every two columns generate
different lines in K k . But there are n many columns, so for every line going through 0 in K k , one
has a column generating this line. So H is the check-matrix for the Hamming code. 2
Exercise 11: Let n ≥ 1 and let C be the set of binary words of length n containing an even
number of ones. Show that C is a linear code and analyze this code.
The word 0n belongs to C. Let c1 , c2 ∈ C. If ci contains an even number ki of ones, and s is the
number of positions at which both words contain ones, then c1 + c2 contains (k1 − s) + (k2 − s) =
k1 + k2 − 2s many ones, which is an even number. So C is a vector space.
The condition that determines the code words is:

c1 + c2 + · · · + cn = 0.

This means that the check matrix is the matrix H = (1, 1, . . . , 1) because:
 
c1
 c2 
(1, 1, . . . , 1)  .  = 0.
 
 .. 
cn

The minimal distance is d(C) = min wt (c) = 2 and the parameters of the code are [n, n − 1, 2].
The code is 1-recognising and 0-correcting.
C is the image of the mapping G : Fn−1
2 → Fn2 given by:

G(x1 , . . . , xn−1 ) = (x1 , . . . , xn−1 , x1 + x2 + · · · + xn−1 ).

This can be written as G(x) = ~xG where G is the generating matrix:

 
1 0 ... 0 1
0 1 . . . 0 1
G = . . .
 
 .. .. . . ... ... 

0 0 ... 1 1

with n − 1 rows and n columns.

2
Exercise 12: Find parameters, check-matrix and generating matrix for the repetition code:

C = {(0, . . . , 0), (1, . . . , 1)}.

58
The parameters are [n, 1, n]. The generating matrix is G = (1, 1, . . . , 1) ∈ Fn2 , because the code
words are xG with x ∈ {0, 1}. For a check-matrix, observe that the condition met by the code
words is to satisfy the following system of n − 1 equations:

x1 = xn ,
x2 = xn ,
... = ...
xn−1 = xn ,

The corresponding check-matrix H has n − 1 rows and n columns:

 
1 0 ... 0 1
0 1 . . . 0 1
H = .
 
.. . . . .
 .. . . .. .. 
0 0 ... 1 1

Exercise 13: Over the field K = Fq let C be the code implicitly given by the condition c1 + c2 +
· · · + cn = 0. Study this code.
The check-matrix is the vector (1, 1, . . . , 1). We observe that the minimal distance is 2 because
the words containing one 1 and one −1 have minimal weight. Also, 2 is the minimal number d
such that every family of d − 1 columns of H is linear independent. The dimension of C is n − 1.
All the following n − 1 vectors belong to C:

v1 = (1, −1, 0, . . . , 0, 0)
v2 = (0, 1, −1, . . . , 0, 0)
.. ..
. = .
vn−1 = (0, 0, 0, . . . , 1, −1)

From:
α1 v1 + · · · + αn−1 vn−1 = (α1 , α2 − α1 , . . . , αn−1 − αn−2 , −αn−1 ),
we deduce that those vectors are linear independent, so they build a basis. So they are the rows
of a generating matrix G. The parameters of the code are [n, n − 1, 2] as in the case of the binary
codes. 2
Exercise 14: Show that the Reed-Solomon code is a maximum distance separable code. (MDS
code)
Recall the Singleton Bound:
d ≤ n − logq | C | + 1.

The Reed-Solomon Code with polynomials with degree < k has parameters [n, k, d] with d =
n − k + 1. So:
n − k + 1 ≤ n − logq (q k ) + 1 = n − k + 1,
realizes the equality, so the code is MDS. 2
Exercise 15: Show that the Reed-Solomon code has the generating matrix:
 
1 1 ... 1
 a1 a 2 ... an 
Gk =  .. .. ..  .
 
..
 . . . . 
ak−1
1 ak−1
2 ... ak−1
n

59
For k ≤ n−1 the application given by x ; xG from K k to K n generates the code. This matrix can
be imbedded in the n × n matrix Gn which has determinant 6= 0 as a Vandermonde determinant.
So Gk has maximal rank. (Also, Gk contains a Vandermonde minor, which is invertible. ) 2
P
Exercise 16: Show that RM (m − 1, m) consists of all words with ci = 0.
The parameters of the code are [2m , 2m − 1, 2[m−(m−1)] ] = [2m , 2m − 1, 2]. It follows that the code
is a hyperplane, and the minimal distance is 2. For every monomial xi1 . . . xik , if we evaluate it in
every point (x1 , . . . , xm ) ∈ {0, 1}m , one gets an even mumber of values 1. It follows that only even
code-words are present in RM (m − 1, m). Because of the dimension and of the minimal distance,
there must be all of them and exactly them. 2
Exercise 17: Show that RM (r, m)⊥ = RM (m − r − 1, m).
We observe that:
r   m   r   m   m−r−1
X m
X m X m X m X m
n− = − = = ,
l l l l l
l=0 l=0 l=0 l=r+1 l=0

m m



because l = m−l . It follows that those spaces have the same dimension.
Now take x ∈ RM (r, m) and y ∈ RM (m − r − 1, m). We consider the scalar product:
n
X
hx, yi = xi yi .
i=1

The code-word xy = (x1 y1 , . . . , xn yn ) is the result of the evaluation in all points of a polynomial
P degree less or equal r + (m − r − 1) = m − 1. So this code-word is an even weight word, so
of
xi yi = 0. 2
Exercise 18: Let m be odd and r = (m − 1)/2. Show that RM (r, m) is self-dual.
It follows that r = m − r − 1 and we apply the previous exercise. 2
Exercise 19: Consider the following sequence of Hadamard matrices over the field F2 , defined as
follows: H0 = (0),  
Hn Hn
Hn+1 =
Hn Hn + Un
where the matrix Un ∈ M2n ×2n (F2 ) contains only the digit 1. Show that the rows of the matrix
Hn build together the code RM (1, n).
Exampes:  
  0 0 0 0
0 0 0 1 0 1
H0 = (0), H1 = , H3 =  .
0 1 0 0 1 1
0 1 1 0
We show that the rows of Hn build a vector space of dimension n over F2 . This is true for n = 0
and n = 1.
Suppose the claim true for n. Consider Hn+1 . Let u, v ∈ Hn+1 be two rows.
Case 1: If u, v belong to the first half of Hn+1 , there exist u0 , v 0 ∈ Hn such that u = (u0 , u0 ) and
v = (v 0 , v 0 ). By the hypothesis of induction, u0 + v 0 ∈ Hn so u + v ∈ Hn+1 . Moreover, u + v lies
in the first half of the matrix.
Case 2: If u, v belong to the second half of Hn+1 , there exist u0 , v 0 ∈ Hn such that u = (u0 , ~1 + u0 )
and v = (v 0 , ~1+v 0 ). By the hypothesis of induction, u0 +v 0 ∈ Hn so u+v = (u0 +v 0 , u0 +v 0 ) ∈ Hn+1 .
Moreover, u + v lies in the first half of the matrix.

60
Case 3: If u = (u0 , u0 ) comes from the first half of the matrix and v = (v 0 , ~1 + v 0 ) from the second
hald, then the sum u + v = (u0 + v 0 , ~1 + u0 + v 0 ) is in Hn+1 in the second half of the matrix.
It is immediate that all rows of Hn are pair-wise different, so the dimension is n.
If Bn = {x1 , . . . , xn } is a basis of Hn , then Bn+1 = {y1 , . . . .yn , yn+1 } is a basis of Hn+1 , where
yi = (xi , xi ) for i = 1, . . . , n and yn+1 = (~0, ~1). We observe that for all n, if u ∈ Hn \ {0}, u
contains an equal number of 0 and 1. So ~1 ∈ / Hn . We observe that Hn is the simpex code of length
2n and minimal distance 2n−1 , which is also known as RM (1, n). 2
Exercise 20: Let C be the Simplex Code with parameters [2k − 1, k, 2k−1 ] over F2 . Compute its
weight-polynomial AC (x).
Every c ∈ C \ {0} has weight 2k−1 . So the polynomial is:
k−1
AC (x) = 1 + (2k − 1)x2 .

2
k
Exercise 21: Find out the weight-polynomial of the [n = 2 − 1, n − k, 3] Hamming Code.
We apply MacWilliams for the polynomial corresponding to the Simplex Code:
1h n 2k−1 2k−1 −1
i
AC ⊥ (x) = (1 + x) + n(1 − x) (1 + x)
2k
1 h n−1
i
= (1 + x)n + n(1 − x)(1 − x2 ) 2
n+1
n−1
n   2  n−1 
1 hX n j X i
= x + n(1 − x) 2 (−1)j x2j
n + 1 j=0 j j=0
j

We keep the coefficients A⊥

i and we get:

n−1

 h
i
i
 1 n
n+1 i + n(−1) 2 2i i = 2s
A⊥
i =
h

n
2
i+1 n−1

i
 1 + n(−1) 2 i−1 2
i = 2s + 1
n+1 i 2

2
Exercise 22: A code of length n = 2k over Fq is self-dual. What can we say about the coefficients
A0 , A1 and A2 ?

n
X
A(x) = A⊥ (x) = q −k Aj (1 − x)j (1 + (q − 1)x)n−j =
j=0
n    
−k
X j 2 n−j
=q Aj [1 − jx + x + . . . ][1 + (n − j)(q − 1)x + (q − 1)2 x2 + . . . ]
j=0
2 2

The following was already known:

n
X
1 = A0 = q −k Aj .
j=0

61
But the following are new:
n
X
A1 = q −k Aj ((n − j)(q − 1) − j) =
j=0
Xn
= q −k Aj (n(q − 1) − jq) =
j=0
n
X
−k+1
= n(q − 1) − q jAj .
j=0

n    
−k
X j n−j
A2 = q Aj (−j(n − j)(q − 1) + + (q − 1)2 ).
j=0
2 2
2
Exercise 23: Show that the weight polynomial of the [24, 12, 8] extended Golay code is:

A(x) = 1 + 759x8 + 2576x12 + 759x16 + x24 .

⊥
We know thatP 2C is 4-divisible. We also know that A24−i = Ai . Indeed, because C ⊆ C ,
0 = hc, ci = ci = hc, 1i. But n is even and C is self-dual, so c ; c + 1 is a bijection. On the
~ ~
other hand wt (c) = n − wt (c + ~1). So:

A(x) = 1 + Ax8 + Bx12 + Ax16 + x24 .

We put x = 1 and find out that 2 + 2A + B = |C| = 212 = 4096.

On the other hand, the code is self-dual and we apply:
n    
X j n−j
A2 = 2−12 Aj (−j(n − j)(2 − 1) + + (2 − 1)2 ).
j=0
2 2

So 0 = A2 = 2−12 [552 + 40A − 12B]. This system of equations has the solution: A = 759,
B = 2576. 2
Exercise 24: Show that the weight polynomial of the extended ternary [12, 6, 6] Golay code is:

A(x) = 1 + 264x6 + 440x9 + 24x12 .

The code is self-dual and 3-divisible, so A(x) = 1 + Ax6 + Bx9 + Cx12 . We apply the relations
for self-dual codes and we deduce the following equations:

A+B+C = 36 − 1 = 728
6A + 9B + 12C = 5832
3A − 6B + 66C = −264

By solving the system, we deduce the coefficients above. 2

Exercise 25: Consider the following check matrix:

y1 = x1 + x2 + x3
y2 = x4 + x5 + x6
y3 = x7 + x8 + x9
y4 = x1 + x4 + x7
y5 = x2 + x5 + x8
y6 = x3 + x6 + x9

62
(a) Show that this check matrix corresponds to a (9, 2, 3, 29 , δ)-expander for δ < 23 .
(b) Deduce that the code C has minimal distance d ≥ 3.
(c) Correct the word v = (0, 0, 1, 1, 1, 0, 0, 1, 1).
(a) n = 9, (l, r) = (2, 3), α = 92 .
3
(b) δ < 2 = 34 l. We apply the Theorem. It follows that dim C ≥ 3 and d > αn = 2 so d ≥ 3.
(c) We observe that y1 = 1 and y4 = 1. Also {1, 2, 3} ∩ {1, 4, 7} = {1}. So x1 occurs in two
incorrect conditions and in none correct condition. We flip x1 . The vector (1, 0, 1, 1, 1, 0, 0, 1, 1)
verifies all conditions. 2

63