Modular and p-adic cyclic codes*

A. R. Calderbank and N. J. A. Sloane

Mathematical Sciences Research Center
AT&T Bell Laboratories
Murray Hill, NJ 07974
arXiv:math/0311319v1 [math.CO] 18 Nov 2003

ABSTRACT

This paper presents some basic theorems giving the structure of cyclic codes of length
n over the ring of integers modulo pa and over the p-adic numbers, where p is a prime not
dividing n. An especially interesting example is the 2-adic cyclic code of length 7 with generator
polynomial X 3 + λX 2 + (λ − 1)X − 1, where λ satisfies λ2 − λ + 2 = 0. This is the 2-adic
generalization of both the binary Hamming code and the quaternary octacode (the latter being
equivalent to the Nordstrom-Robinson code). Other examples include the 2-adic Golay code
of length 24 and the 3-adic Golay code of length 12.

1. Introduction

This paper was prompted by the following questions. It is known [14], [16] that the binary
polynomial X 3 +X +1 that generates the cyclic Hamming code of length 7 lifts to a polynomial
X 3 + 2X 2 + X + 3 over Z4 that generates the octacode, equivalent to the binary nonlinear
Nordstrom-Robinson code. What codes are obtained if we continue to lift this polynomial to
Z8 , Z16 , . . ., and even to the 2-adic integers Z2∞ ? What is the general structure of cyclic codes

over these rings? (Solé [23] had already suggested in 1988 that p-adic cyclic codes should be
investigated.)
The answer to the first question is given in Example 1 of Section 4, where we describe the
“2-adic Hamming code” of length 7 in detail. This is in a certain sense the first interesting
2-adic code. In Examples 2 and 4 we give 2-adic versions of the Golay code and more generally
of extended quadratic residue codes of length 8m, where 8m − 1 is prime, and a 3-adic version
of the Golay code of length 12. Furthermore, this Hamming code and the two Golay codes
(and more generally a large class of quadratic residue codes) are all MDS codes. In particular
the 2-adic Golay code has minimal Hamming distance 13, even though every projection of it
∗
A version of this paper appeared in Designs, Codes and Cryptography, 6 (1995), pp. 21–35. The references
have now been updated.
onto the integers modulo 2a has minimal distance 8. Section 4 also gives p-adic generalizations
for other classical families of codes, including BCH, Reed-Muller and quadratic residue codes.
The answer to the second question is given in Theorems 5 and 6 of Section 3, which are
the main theoretical results of this paper. It will be seen that modular and p-adic cyclic codes
have a simple and elegant structure.
Although cyclic codes over the integers modulo q have been discussed by a number of
authors ([5], [6], [9], [12], [21]–[26]), these results seem to have been overlooked.
The results in Section 3, although not at all obvious, are easily verified by the methods of
commutative algebra or representation theory [13], [28], so we shall mostly not give proofs.
As far as we know, this paper is the first to consider p-adic codes. (However, several
authors ([2], [10], [20]) have studied “global” or complex-valued codes in connection with the
representation theory of P SL2 (n) and other groups, and our p-adic codes are analogues of
those complex codes.) For general background on p-adic numbers, see [3], [8], [15], [17].

2. Codes mod pa and p-adic codes

We use the symbol Zpa to denote the ring Z/pa Z of integers modulo pa , for any prime p
and positive integer a, and Zp∞ for the ring of p-adic integers. This slightly unconventional
notation has the advantage of allowing us to use Zq (where q = pa , 1 ≤ a ≤ ∞) to denote any
one of these rings, and allows us to state our results in a uniform way.
An element u ∈ Zpa may be written uniquely as a finite sum

u = u0 + pu1 + p2 u2 + · · · + pa−1 ua−1 ,

and any element of Zp∞ as an infinite sum

u = u0 + pu1 + p2 u2 + · · · ,

where 0 ≤ ui ≤ p − 1. The units in Zpa or Zp∞ are precisely the u for which u0 6= 0. Zpa has
characteristic pa , and Zp∞ has characteristic 0.
The following definitions and remarks are straightforward generalizations of notions for Z4
codes given in [12] and [16].
Let Zq = Zpa , where 1 ≤ a ≤ ∞. The set Znq of n-tuples from Zq is of course a Zq -module,
and by a linear code over Zq we mean any Zq sub-module of Znq . We equip Znq with the inner

2
product v · w = v1 w1 + · · · + vn wn evaluated in Zq , and define dual and self-dual codes in the
usual way.
A nonzero linear code C over Zpa , for a finite, has a generator matrix which after a suitable
permutation of the coordinates can be written in the form
 
I A01 A02 A03 ··· A0,a−1 A0a
0 pI pA12 pA13 ··· pA1,a−1 pA1a 
 
 
G = 0 0 p2 I p2 A23 ··· p2 A2,a−1 p2 A2a  , (1)
 
· · · · ··· · · 
0 0 0 0 ··· pa−1 I pa−1 Aa−1,a

where the columns are grouped into blocks of sizes k0 , k1 , . . . , ka−1 , ka , and the ki are nonneg-
ative integers adding to n. This means that C consists of all codewords

[v0 v1 v2 · · · va−1 ]G ,

where each vi is a vector of length ki with components from Zpa−i , so that C contains pk
codewords, where
a−1
X
k= (a − i)ki .
i=0

We say that C has type∗

1k0 pk1 (p2 )k2 · · · (pa−1 )ka−1 . (2)

The zero code (containing only the zero codeword) has type 10 . It is easy to see that the code
C with generator matrix (1) has a dual C ⊥ with generator matrix of the form
 
B0a B0,a−1 ··· B03 B02 B01 I
 pB pB1,a−1 ··· pB13 pB12 pI 0
 1a 
 
 p2 B2a p2 B2,a−1 ··· p2 B23 p2 I 0 0 , (3)
 
 · · ··· · · · ·
a−1
p Ba−1,a a−1
p I ··· 0 0 0 0

where the column blocks have the same sizes as in (1). The dual code therefore contains pk⊥
codewords, where
a
X
k⊥ = iki ,
i=1

and has type

1ka pka−1 (p2 )ka−2 · · · (pa−1 )k1 . (4)

Also |C||C ⊥ | = pk+k⊥ = pan , and (C ⊥ )⊥ = C.

∗
This definition of type differs from the one given in [12] , [16]. The present definition has the advantage
that it applies also to p-adic codes.

3
 Similarly, a nonzero linear code C over Zp∞ has a generator matrix which can be written
in the form
 
pm0 I pm0 A01 pm0 A02 ··· pm0 A0,b−1 pm0 A0,b
 0 pm1 I pm2 A12 ··· · · 
G=
 ·
 ,
 (5)
· · ··· · ·
0 0 0 ··· pmb−1 I m
p b−1 Ab−1,b

where 0 ≤ m0 < m1 < · · · mb−1 , for some integer b, the column blocks have sizes k0 , k1 , . . . , kb
and the ki are nonnegative integers adding to n. This means that C consists of all codewords

[v0 v1 v2 · · · vb ]G ,

where each vi is a vector of length ki with components from Zp∞ . We say that C has type

(pm0 )k0 (pm1 )k1 · · · (pmb−1 )kb−1 . (6)

Now the code contains infinitely many codewords (although it is still finitely generated).
If m0 > 0 in (5), all the codewords are multiples of pm0 , and (since Zp∞ has characteristic
0) we may divide the whole code by pm0 . We shall therefore usually only consider codes in
which m0 = 0. In this case the dual code has a generator matrix similar to (3), with type

1kb (pm1 )kb−1 · · · (pmb−1 )k1 , (7)

and (C ⊥ )⊥ = C. (If m0 > 0 then (C ⊥ )⊥ = p−m0 C.)

The automorphism group Aut(C) of a linear code C over Zq is defined to be the set of all
monomial matrices over Zq that preserve the code. Since it contains all scalar matrices uI,
where u is a unit in Zq , this group is infinite if q = p∞ . We therefore define the projective
automorphism group to be the quotient group Aut(C)/{uI : u = unit}.
A cyclic code C of length n over Zq (q = pa , 1 ≤ a ≤ ∞) is a linear code with the property
that if (c0 , c1 , . . . , cn−1 ) ∈ C then (c1 , c2 , . . . , cn−1 , c0 ) ∈ C. We assume throughout that n and
p are relatively prime. As usual we represent codewords by polynomials, so cyclic codes are
precisely the ideals in the ring
R = Zq [X]/(X n − 1) .

3. Rings

We now discuss the properties of the ring R and of certain Galois rings GR(q m ).

4
 Let q = pa (1 ≤ a ≤ ∞), and let π1 (X) ∈ Zp [X] be a monic primitive irreducible polynomial
of degree m, so that π1 (X) divides X n − 1 mod p, where n = pm − 1. The following are
straightforward generalizations of results given in [16], [19], [27]. There is a unique monic
irreducible polynomial πa (X) ∈ Zq [X] such that πa (X) ≡ π1 (X) mod p and πa (X) divides
X n − 1 over Zq (see Theorem 1 below).
Let ξ be a root of πa (X), so that ξ n = 1. Then the Galois ring GR(q m ) is by definition
the ring Zq [ξ]. There are two canonical ways to represent the elements of this ring. In the first
representation, every element has a unique expansion

u = u0 + pu1 + p2 u2 + · · · + pa−1 ua−1

(an infinite sum if a = ∞), where ui ∈ J = {0, 1, ξ, ξ 2 , . . . , ξ n−1 }. The map τ : u 7→ u0 is given
by
m
τ (u) = up , u ∈ Zq [ξ] ,

and satisfies
τ (uv) = τ (u)τ (v) , u, v ∈ Zq [ξ] .

In the second representation u is written as

n−1
X
u= vr ξ r , vr ∈ Zq .
r=0

The Frobenius map φ from Zq [ξ] to Zq [ξ] takes

a−1
X a−1
X
p r ur to pr upr .
r=0 r=0

Then φ generates the Galois group of Zq [ξ] over Zq , and φm is the identity map.
The following theorem plays a central role in studying cyclic codes over Zq . It shows that
the irreducible factors of X n − 1 over Zq are in one-to-one correspondence with the factors over
Zp .

Theorem 1. Let q = pa , 1 ≤ a ≤ ∞. If h1 (X) ∈ Zp [X] is a monic irreducible divisor of

X n − 1 over Zp , then there is a unique monic irreducible polynomial ha (X) ∈ Zq [X] which
divides X n − 1 over Zq and is congruent to h1 (X) mod p.

Proof. This result can be obtained from Hensel’s Lemma, but we prefer to sketch a constructive
proof (by induction).

5
 For 1 ≤ r < ∞, suppose hr (X) ∈ Zpr [X] is a monic irreducible polynomial such that
hr (X) ≡ h1 (X) mod p, and hr (X) | X n − 1 over Zpr . We will show that hr (X) can be lifted
uniquely to a monic irreducible polynomial hr+1 (X) ∈ Zpr+1 [X] which divides X n − 1 over
Zpr+1 . Then h∞ (X) is defined as the (p-adic) limit of hr (X) as r → ∞.

Let h(X) ∈ Zpr+1 [X] be any lift of hr (X), say h(X) = hr (X) + pr g(X), and let α be a root
of hr (X) and β a corresponding root of h(X), so that β = α + pr δ. Then

αn = 1 + pr ǫ , β p = (α + pr δ)p = αp ,

β np = (1 + pr ǫ)p = 1 .

Therefore the monic polynomial whose roots are the p-th powers of the roots of h(X) divides
X n − 1, and mod pr has the same roots as hr (X), and so may be taken as hr+1 (X). This
polynomial is irreducible since its roots form one orbit under the Frobenius map. To show that
hr+1 (X) is unique, we argue as follows. Let h(X) and h′ (X) be two different possibilities for
hr+1 (X), and let β and γ be zeros of h and h′ respectively, with β ≡ γ mod pr , say β = γ +pr δ.
Then β n = γ n = 1, β p = γ p , hence (β/γ)n = (β/γ)p = 1. Since n and p are relatively prime,
β = γ, and so h = h′ . 

We now investigate the structure of ideals in R. The units in R are precisely the elements
n−1
P
u= ur X r , ur ∈ Zq , such that at least one of the ur is a unit in Zq . We denote the natural
r=0
map from R to Zp [X]/(X n − 1) by µ.
If A is an ideal in R with generators f1 , f2 , . . ., we write A = (f1 , f2 , . . .). The radical
Rad(A) of A is the set of all elements of R, some power of which is in A. The radical of the
ideal {0} is called the radical of R, and denoted by Rad(R). Then Rad(R) = (p) if q = pa is
finite, or (0) if q = p∞ .
The ring Zp∞ is a principal ideal domain, hence Noetherian. This implies that Zpa [X] and
R = Zpa [X]/(X n − 1) are Noetherian for all 1 ≤ a ≤ ∞. R satisfies the descending chain
condition if q = pa is finite (since then R is finite), but not if q = p∞ (we will see examples
later). Hence every maximal ideal in R is prime, and if q is finite every prime ideal different
from (0) and (1) is maximal ([28], pp. 150, 203).
It is well-known that the prime ideals in Zp [X]/(X n − 1) are (0), (1) and (π1 ), where π1 is
any monic irreducible divisor of X n − 1 over Zp .

Theorem 2. If q = pa is finite the prime ideals in R are (0), (1) and (πa , p), where πa is any
monic irreducible divisor of X n − 1 over Zq . If q = p∞ there are in addition the prime (but

6
nonmaximal) ideals (πa ).

Proof. Let A be a prime ideal in R different from (0) and (1). Then µ(A) = (π1 ), say, so
A contains πa , where µ(πa ) = π1 . If q is finite then p ∈ A, or else R/A would contain zero
divisors, so A ⊃ (πa , p), and it is easily seen that this ideal is maximal. If q is infinite and
p 6∈ A then the only other possibility is A = (πa ). 

Note that the ideal (p) is not prime, since it contains the product of all the πa — which is
0 — but none of the πa themselves.
It is also known that every ideal A in Zp [X]/(X n − 1) contains an idempotent e1 (say),
such that A = (e1 ) ([18], Chapter 8, Theorem 1; [13], §24.2).

Theorem 3. Every prime ideal A = (πa , p) in R contains an idempotent ea with e2a = ea ,

A = (ea , p). Furthermore, if q is infinite then every prime ideal A = (πa ) has an idempotent
generator.

Proof. We establish the first assertion by induction. Let (πr , p) be the projection of A onto
Zpr [X]/(X n − 1), and suppose er ∈ (πr , p) is an idempotent with (er , p) = (πr , p). Then

e2r = er +pr h in Zpr+1 [X]/(X n −1), for some h in Zpr+1 [X]/(X n −1). If we take er+1 = er +pr θ,
then e2r+1 − er+1 = pr (h − θ(1 − 2er )), and er+1 is an idempotent in Zpr+1 [X]/(X n − 1) if we
choose θ = h (if p = 2) or θ = h(1 − 2er )−1 (if p > 2). (Note that (1 − 2er )2 = 1 + 4pr h, so
1 − 2er is a unit.) It is easily verified that (er+1 , p) = (πr+1 , p). By repeating this process we
obtain an idempotent ea ∈ A with (ea , p) = (πa , p).
To prove the second assertion, since πa and (X n − 1)/πa are relatively prime, we can find
h ∈ Zp∞ [X] such that
hπa − 1 ≡ 0 mod (X n − 1)/πa ,

so hπa (hπa − 1) = 0 in R, and hπa is the desired idempotent. 

Next, every primary ideal is a power of a prime ideal.

Theorem 4. The primary ideals in R are (0), (1), (πa ) and (πa , pi ), where πa is an irreducible
divisor of X n − 1 over Zq and 1 ≤ i < a.

We omit the proof. The key steps are (i) to show that if A = (πa , p) = (ea , p) is a prime
ideal then
Ai = (πa , p)i = (πa , pi ) = (ea , pi ) , (8)

7
for 1 ≤ i < a, and (ii) to show that if B is a primary ideal whose associated prime ideal is
A = (πa , p) then (by [28], p. 200, Ex. 2) there is an integer j such that Aj ⊆ B ⊆ A, and from
this that B = Ai for some i.
Note that when q = pa is finite then (πa , p)a = (πa ), and

(πa , p) ⊃ (πa , p2 ) ⊃ · · · ⊃ (πa , pa−1 ) ⊃ (πa )

is a finite descending sequence. When q = p∞ , however,

(π∞ , p) ⊃ (π∞ , p2 ) ⊃ (π∞ , p3 ) ⊃ · · · ⊃ (π∞ )

is an infinite descending sequence of primary ideals, the first and last of which are prime. In
this case we adopt the convention that (π∞ , p)∞ denotes (π∞ ).

(i)
Theorem 5. Let πa , i = 1, . . . , A, denote the distinct monic irreducible divisors of X n − 1
over Zq . Any ideal in R can be written in a unique way as
A
Y
A= (πa(i) , p)mi , (9)
i=1

where 0 ≤ mi ≤ a. In particular if a is finite there are (a + 1)A distinct ideals.

This is a consequence of Theorem 4 and the Lasker-Noether decomposition theorem ([28],

p. 209). The product symbol in (9) may also be replaced by an intersection symbol.

Theorem 6. If q = pa , 1 ≤ a < ∞, any ideal in R has the form

(f0 , pf1 , p2 f2 , . . . , pa−1 fa−1 ) , (10)

where the fi are divisors of X n − 1 satisfying

fa−1 fa−2 ··· f1 f0 . (11)

If q = p∞ , any ideal in R has the form

(pm0 f0 , pm1 f1 , . . . , pmb−1 fb−1 ) , (12)

where 0 ≤ m0 < m1 < · · · < mb−1 , for some b, and

fb−1 fb−2 ··· f1 f0 .

8
Proof. This follows by expanding the product in (9) and using (8). 

Corollary. Every ideal in R is principal.

Proof. (i) If q = pa , 1 ≤ a < ∞, then the ideal defined by (10) has the generator

g = f0 + pf1 + p2 f2 + · · · + pa−1 fa−1 .

We prove this for a = 2 and 3, leaving the general case to the reader. Let fb0 = (X n − 1)/f0 ,
fbi = fi−1 /fi for 1 ≤ i < a. Case a = 2: Then g = f0 + pf1 , and (g) contains pg = pf0 = pf1 fb1
and fb0 g = pf1 fb0 , hence pf1 (since fb0 and fb1 have no common factors), hence f0 . Case
a = 3: Now g = f0 + pf1 + p2 f2 , and (g) contains p2 g = p2 f2 fb1 fb2 , pfb0 g = p2 f2 fb0 fb2 , and
fb0 fb1 g = p2 f2 fb0 fb1 , hence p2 f2 , hence f0 + pf1 . So (g) = (f0 + pf1 , p2 f2 ). Arguing as in case
a = 2 it follows that (g) = (f0 , pf1 , p2 f2 ).
(b) Suppose q = p∞ . Let ga be a generator for the principal ideal given by the projection
of the ideal onto Z2a , for a = 1, 2, . . . . Since R is compact in the p-adic metric, the sequence
{ga } has a subsequence which converges to a limit g (say). Then g generates the ideal. 

Finally, although we have not made any use of this, it is worth noting that R has a
decomposition into a direct product of Galois rings:
A
Y
Z [X]/(X − 1) ∼
pa
n
= Zpa [X]/(πa(i) ) .
i=1

4. Generalizations of classical codes to Zq

Theorem 1 provides a mechanism for generalizing any class of cyclic codes from GF (p) to
Zpa (for finite a) and even to the p-adic integers Zp∞ . For example we define a BCH code of

length n over Zq (q = pa , 1 ≤ a ≤ ∞) to be the cyclic code whose generator polynomial is

obtained by lifting the generator polynomial for a BCH code over GF (p) to Zq . The resulting
polynomial has a string of consecutive roots in the appropriate Galois ring GF (q m ). (For finite
q this is essentially the same as Shankar’s [22] definition of BCH codes over Zq .) The code has
type 1k , where k is the dimension of the BCH code over GF (p). One of the main unsolved
questions here is to determine how the minimal Lee distance of these BCH codes varies as
a → ∞. (Similar questions can be asked about all the codes in this section.) We investigate
the first nontrivial case of these BCH codes later in this section.
We define Reed-Muller codes (since they are extended cyclic codes [1], [18]) and quadratic-
residue codes over Zq in an analogous way.

9
 If C is a code of length n over Zq with generator matrix (1) or (5) and type (2) or (6), we
define k by
a−1
X b−1
X
k= ki (for (2)), ki (for (6)) .
i=0 i=0

The usual argument ([18], Chapter 2) then gives the Singleton bound:

d≤n−k+1 , (13)

where d is the minimal Hamming distance of the code. We say that C is maximal distance
separable, or MDS, if equality holds in (13). Since codes over Zp∞ have infinitely many code-
words, it is better to use the equivalent definition (see [18], Chapter 11, Corollary 3) that a
code is MDS if and only if every k columns of the generator matrix are linearly independent
over Zq .

Example 1. The 2-adic Hamming code of length 7. In the binary case, X n − 1 factors
trivially over Zq , q = 2a , 1 ≤ a ≤ ∞, for n = 1, 3 and 5. The first nontrivial factorization is
for n = 7, where it is easy† to find the 2-adic factorization

X 7 − 1 = (X − 1)(X 3 + λX 2 + (λ − 1)X − 1)(X 3 − (λ − 1)X 2 − λX − 1) , (14)

where
λ = 0 + 2 + 4 + 32 + 128 + 256 + · · · (15)

is a 2-adic number satisfying

λ2 − λ + 2 = 0 . (16)

The first 32 terms in the 2-adic expansion (15) of λ are

0110010111111001110011011000110 . . . . (17)

There is no pattern to these digits.

Then the 2-adic code of length 7 and type 14 with generator polynomial

X 3 + λX 2 + (λ − 1)X − 1
†
Guided by the factorizations mod 2 and mod 4, one guesses that X 6 + X 5 + · · · + 1 = (X 3 + λX 2 + µX − 1)·
reciprocal; hence µ = λ − 1, λ2 = λ − 2.

10
is the 2-adic lift of the familiar binary [7, 4] Hamming code. The generator polynomials for the
versions of this code over Z2 , Z4 , . . . are:
Z2 : X3 + X + 1
Z4 : X 3 + 2X 2 + X − 1
Z8 : X 3 − 2X 2 − 3X − 1
(18)
Z16 : X 3 + 6X 2 + 5X − 1
Z32 : X 3 + 6X 2 + 5X − 1
···
(The coefficients can be read off (15).) By appending a 1 to the generating vectors of these
codes, we obtain a sequence H2 , H4 , H8 , . . . , H∞ of self-dual codes. In particular,
0 1 2 3 4 5 6 ∞
1 λ λ − 1 −1 0 0 0 1
0 1 λ λ − 1 −1 0 0 1 (19)
0 0 1 λ λ − 1 −1 0 1
0 0 0 1 λ λ − 1 −1 1
is the generator matrix for a self-dual 2-adic code H∞ of length 8 and type 14 that we call the
2-adic Hamming code. This is in some sense the smallest interesting 2-adic code.
The Z2 version of this code, H2 , is the [8, 4] Hamming code, and the Z4 version, H4 , is the
octacode, studied in [11], [12], [14], [16], and equivalent to the binary nonlinear Nordstrom-
Robinson code.
The minimal Hamming and Lee distances of these codes are as follows:
H2 H4 H8 H16 H32 H64 · · ·
Hamming 4 4 4 4 4 4 ···
Lee 4 6 8 12 14 18 · · ·
The minimal Hamming distance of H2a for 1 ≤ a < ∞ is always 4, since the codeword obtained
by multiplying any of the generators by 2a−1 has Hamming weight 4. However it follows from
Theorem 8 below that the 2-adic Hamming code H∞ has minimal Hamming distance 5, and
is an MDS code.
On the other hand the sequence of Lee distances of these codes, 4, 6, 8, 12, 14, 18, . . ., ap-
proaches infinity as a → ∞. Unfortunately it appears that this sequence does not converge
2-adically, so one obvious definition of the minimal Lee distance of H∞ fails. Even the Lee
weight of the projections of the integer λ onto Z2m do not converge 2-adically as m → ∞. For
∞
P m−1
P
let λ = λi 2i (the λi are given in (15), (18)), so the projection onto Z2m is αm = λi 2i ,
i=0 i=0
m ≥ 1. The Lee weight of αm is wm = min{αm , 2m − αm }, and one can show that

wm = (1 − 2λm−1 )αm−1 + λm−1 2m−1 , m≥2.

11
This shows that {w1 , w2 , . . .} = {0, 2, 2, 6, 6, 26, . . .} does not converge 2-adically.
There are several other natural ways to define the minimal distance of this code, but none
are completely satisfactory. This is a question that requires further investigation.
The automorphism group of H∞ contains operations corresponding to x 7→ x + 1, x 7→ 2x
and x 7→ −1/x, namely the monomials

(0, 1, 2, 3, 4, 5, 6)(∞) ,
(0)(1, 2, 4)(3, 6, 5)(∞) ,
(0, ∞)(1, 6)(2, 3)(4, 5) & negate 0, 1, 2, 4 ,

which generate the central product Z2 .P SL2 (7), as well as all scalar matrices uI, u = unit in
Z2∞ . Then the full projective automorphism group of H∞ is P SL2 (7), of order 168.

Example 2. The 2-adic Golay code of length 24. The binary Golay code can be lifted
in a similar way. The factorization of X 23 − 1 over Z2∞ is

X 23 − 1 = (X − 1)π∞
(1) (2)
(X)π∞ (X) ,

where

(1)
π∞ (X) = X 11 + νX 10 + (ν − 3)X 9 − 4X 8 − (ν + 3)X 7

− (2ν + 1)X 6 − (2ν − 3)X 5 − (ν − 4)X 4 + 4X 3

+ (ν + 2)X 2 + (ν − 1)X − 1 , (20)

ν = 0 + 2 + 8 + 32 + 64 + 128 + · · · (21)

is a 2-adic number satisfying

ν2 − ν + 6 = 0 , (22)
(2) (1)
and π∞ (X) is the reciprocal polynomial to π∞ (X). The first 32 terms in the 2-adic expansion
(21) are
0101011110010010110010000110000 . . . .
(1)
Then the cyclic code generated by π∞ (X), extended by appending a 1 to the generators, is a
self-dual 2-adic code G∞ of length 24 and type 112 , the 2-adic Golay code. The full projective
automorphism group of G∞ is P SL2 (23).

The projection on Z2 of G∞ is the binary Golay code G2 of length 24 and minimal Hamming
distance 8, and in fact every projection G2a of this code onto Z2a for finite a has minimal

12
Hamming distance 8. However it follows from Theorem 8 that the 2-adic Golay code G∞ has
minimal Hamming distance 13, and is an MDS code.
As in the previous example, the Z4 version of this code, G4 , is especially interesting. Bon-
necaze and Solé [7] have shown that by applying Construction A to this code, i.e. by taking
all vectors in Z24 which project onto G4 modulo 4, one obtains the Leech lattice. This is one
of the simplest constructions known for this lattice (cf. [11]).

Example 3. The 3-adic Golay code of length 12. We lift the ternary Golay code in the
same way, using the irreducible divisor

X 5 + θX 4 − X 3 + X 2 + (θ − 1)X − 1

of X 11 − 1 over Z3∞ , where

θ = 0 + 3 + 9 + 2.27 + 2.81 + · · ·

is a 3-adic number satisfying

θ2 − θ + 3 = 0 . (23)

By appending a 1 to each generator we obtain a self-dual 3-adic code T∞ of length 12 and type
16 , the 3-adic Golay code. This has minimal Hamming distance 7 and is an MDS code. Its full
projective automorphism group is P SL2 (11).

Example 4. Binary quadratic residue codes. Examples 1 and 2 may be generalized

as follows. Let n be a prime of the form 8m − 1, so that X n − 1 factorizes over Z2 into
(1) (2)
(X −1)π2 (X)π2 (X), where all the factors are irreducible, with a corresponding factorization
(1) (2)
(X − 1)π∞ (X)π∞ (X) over Z2∞ . Let Q and N denote the nonzero quadratic residues and
nonresidues modulo n, and set
X X
fQ (X) = Xi , fN (X) = Xi .
i∈Q i∈N

Then as in the binary case there are two inequivalent 2-adic quadratic residue codes of length
n.

Theorem 7. The two quadratic residue codes of prime length n = 8m − 1 over Z2∞ have
(1) (1)
generator polynomials π∞ and (X − 1)π∞ (X), and idempotents

α1 + βfQ (X) + γfN (X) ,

13
where the coefficients α, β, γ are the 2-adic numbers
√ √
n+1 1 + −n 1 − −n
α= , β= , γ=
2n 2n 2n

for the first code, and

√ √
n−1 −1 + −n −1 − −n
α= , β= , γ=
2n 2n 2n
q
−1
for the second code. By appending n to each generator of the first code we obtain a self-dual
code of length n + 1 and type 1(n+1)/2 .

We omit the straightforward proof, which includes the verification that when n = 7 and
(1)
23 the codes generated by π∞ (X) coincide with those constructed in Examples 1 and 2. The
full projective automorphism group of the self-dual code of length n + 1 is P SL2 (n).

Theorem 8. The self-dual extended quadratic residue code of length n + 1 described in Theo-
rem 7 has minimal Hamming distance (n + 3)/2, and is an MDS code.

Proof. It follows from Blahut [4] that this code consists of all vectors (c0 , c1 , . . . , cn−1 , c∞ ) ∈
Zn+1
2∞ that satisfy r
−1 n−1
X
cj + c∞ = 0 ,
n j=0
n−1
X
cj ξ jq = 0, q∈Q,
j=0

where ξ = e2πi/n . The usual Vandermonde argument then shows that this is an MDS code. 

Example 5. Cyclic codes of length 7 over Z4 and Z2∞ . As an illustration of the structure
theorems of Section 3 (and also because one of them is the octacode) we enumerate the cyclic
codes of length 7 over Z4 . We factorize X 7 − 1 over Z4 from (14), obtaining

(X − 1)(X 3 + 2X + X − 1)(X 3 − X 2 + 2X − 1) = f0 f1 f2 (24)

(say). The nontrivial prime ideals are, from Theorem 2,

P0 = (f0 , 2), P1 = (f1 , 2), P2 = (f2 , 2) ,

and the other primary ideals are

P02 = (f0 ), P12 = (f1 ), P22 = (f2 ) .

14
There are 27 codes, by Theorem 5, and they are displayed in Table 1 (except that we have
omitted codes 4, 6, . . . , 27, which are equivalent to codes 3, 5, . . . , 26 under the symmetry inter-
changing f1 and f2 ). The fourth column gives the canonical forms for these codes as described
in Theorems 5 and 6.

In Examples 1–4 we extended the codes to length n + 1 by appending a symbol that made
them self-dual. For the codes in Table 1 it is more appropriate to append a zero-sum check
symbol. The two extensions agree in the case of the octacode, which is number 12. The
second column gives representative generators for the cyclic code (with the extending symbol
in parentheses). The last column gives the minimal Lee distance d of the cyclic code (and the
minimal distance d∗ of the extended code in parentheses).

Table 1: Cyclic (and extended cyclic) codes of length 7 over Z4 . Number 12 is the octacode.

# generators type ideal d(d∗ )

1 0000000(0) 10 0 = P02 P12 P22 -(-)
2 2222222(2) 2 1 (2f1 f2 ) = P0 P12 P22 14(16)
3 2220200(0) 23 (2f0 f1 ) = P02 P12 P2 8(8)
5 2022000(2) 2 4 2
(2f1 ) = P0 P1 P2 6(8)
7 2200000(0) 26 (2f0 ) = P02 P1 P2 4(4)
8 2000000(2) 2 7 (2) = P0 P1 P2 2(4)
9 1000000(1) 17 (1) = 1 1(2)
10 1300000(0) 16 (f0 ) = P02 2(2)
11 6
1300000(0), 2000000(0) 1 2 1 (f0 , 2) = P0 2(2)
12 1213000(1) 14 (f1 ) = P12 4(6)
14 4
1213000(1), 2000000(0) 1 2 3 (f1 , 2) = P1 2(4)
16 1132100(0) 13 (f0 f1 ) = P02 P12 6(6)
18 1132100(0), 2000000(0) 13 24 (f0 f1 , 2) = P0 P1 2(4)
20 3 3 2
1132100(0), 2200000(0) 1 2 (f0 f1 , 2f0 ) = P0 P1 4(4)
22 1132100(0), 2022000(2) 13 21 (f0 f1 , 2f1 ) = P0 P12 4(6)
24 1111111(1) 11 (f1 f2 ) = P12 P22 7(8)
25 1
1111111(1), 2000000(0) 1 2 6 (f1 f2 , 2) = P1 P2 2(4)
26 1111111(1), 2022000(0) 11 23 (f1 f2 , 2f1 ) = P12 P2 6(8)

It is easy to extend this table to obtain a list of all possible types of cyclic codes over length
n over Zq , q = pa , 1 ≤ a ≤ ∞, for any prime p such that X n − 1 factorizes modulo p into three
irreducible factors, as in (24). It follows from Theorem 6 that there are 24 types of such codes,
namely
(pm0 g0 ), (pm0 g0 , pm1 ) ,

15
where g0 ∈ {f0 , f1 , f2 , f0 f1 , f0 f2 , f1 f2 }, and

(pm0 g0 , pm1 g1 ), (pm0 g0 , pm1 g1 , pm2 ) ,

where g0 ∈ {f0 f1 , f0 f2 , f1 f2 }, g1 |g0 , and

0 ≤ m0 < m1 < m2 .

Similar enumerations can be obtained for any n, once the factorization of X n − 1 is known.

Acknowledgements

We thank Mira Bernstein, Joe Buhler and especially John Conway for helpful conversations,
and Christine Chang for assistance in tabulating cyclic codes over Z4 .

16
References

[1] E. F. Assmus, Jr. and J. D. Key, Designs and Their Codes, Cambridge Univ. Press, 1992.

[2] E. F. Assmus, Jr. and H. F. Mattson, Jr., New 5-designs, J. Combinat. Theory, 6 (1969),
122–151.

[3] G. Bachman, Introduction to p-Adic Numbers and Valuation Theory, Academic Press,
New York, 1964.

[4] R. E. Blahut, The Gleason-Prange theorem, IEEE Trans. Inform. Theory, 37 (1991),
1269–1273.

[5] I. F. Blake, Codes over certain rings, Inform. Control 20 (1972), 396–404.

[6] I. F. Blake, Codes over integer residue rings, Inform. Control, 29 (1975), 295–300.

[7] A. Bonnecaze and P. Solé, Quaternary constructions of formally self-dual binary codes
and unimodular lattices, Lect. Notes Computer Sci., 781 (1994), 194–206.

[8] Z. I. Borevich and I. R. Shafarevich, Number Theory, Academic Press, New York, 1966.

[9] G. Caire and E. Biglieri, Linear block codes over cyclic groups, IEEE Trans. Inform.
Theory, 41 (1995), 1246–1256.

[10] A. R. Calderbank, Topics in Algebraic Coding Theory, Ph.D. Dissertation, California

Institute of Technology, Pasadena, Calif., 1980.

[11] J. H. Conway and N. J. A. Sloane, Sphere Packings, Lattices and Groups, Springer-Verlag,
New York, 2nd edition, 1993.

[12] J. H. Conway and N. J. A. Sloane, Self-dual codes over the integers modulo 4, J. Combinat.
Theory, A 62 (1993), 30–45.

[13] C. W. Curtis and I. Reiner, Representation Theory of Finite Groups and Associative
Algebras, Wiley, 1962.

[14] G. D. Forney, Jr., N. J. A. Sloane and M. Trott, The Nordstrom-Robinson code is the
binary image of the octacode, In Coding and Quantization: DIMACS/IEEE Workshop
1992, ed. A. R. Calderbank et al., Amer. Math. Soc., 1993, pp. 19–26.

17
[15] F. Q. Gouvêa, p-adic Numbers, Springer-Verlag, New York, 1993.

[16] A. R. Hammons, Jr., P. V. Kumar, A. R. Calderbank, N. J. A. Sloane and P. Solé, The

Z4 -linearity of Kerdock, Preparata, Goethals and related codes, IEEE Trans. Inform.

Theory, 40 (1994), 301–319.

[17] N. Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions, Springer-Verlag, New
York, 1977.

[18] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes, North-

Holland, Amsterdam, 1977.

[19] B. R. McDonald, Finite Rings with Identity, Dekker, New York, 1974.

[20] D. W. Newhart, Information sets in quadratic residue codes, Discrete Math., 42 (1982),
251–266.

[21] R. M. Roth and P. H. Siegel, Lee-metric BCH codes and their application to constrained
and partial-response channels, IEEE Trans. Inform. Theory, 40 (1994), 1083–1096.

[22] P. Shankar, On BCH codes over arbitrary integer rings, IEEE Trans. Inform. Theory, 25
(1979), 480–483.

[23] P. Solé, Open problem 2: cyclic codes over rings and p-adic fields, in G. Cohen and J.
Wolfmann (eds.), Coding Theory and Applications, Lect. Notes Comp. Sci. 388, Springer-
Verlag, New York, 1988, p. 329.

[24] E. Spiegel, Codes over Zm , Inform. Control, 35 (1977), 48–51.

[25] E. Spiegel, Codes over Zm , revisited, Inform. Control, 37 (1978), 100–104.

[26] S. K. Wasan, On codes over Zm , IEEE Trans. Inform. Theory, 28 (1982), 117–120.

[27] M. Yamada, Distance-regular digraphs of girth 4 over an extension ring of Z/4Z, Graphs
and Combinatorics, 6 (1990), 381–394.

[28] O. Zariski and P. Samuel, Commutative Algebra, Van Nostrand, New York, vol. 1, 1958.

18