C(A) andC(B) are duals of one another, as we will see in the next section.

Observe that we know those code parameters: [16,5,8]2 are the parameters of a Reed-Muller code.

Exercises 13.1

13.1.1. Which powers of the primitive elementα∈F₁₆ are in F₄? 13.1.2. Find the parameters of the code obtained when A={1,3}.

When calculating with exponents ofα,we can calculate mod n.

LetG={g0, . . . , gr−1} be the Galois group (see Definition 12.6).

13.1 Definition. Letibe an integer modn.The setCn(i)consists of all inte- gers modnwhich can be reached by multiplyingiwith a power ofq.In formulas we have j ∈ Cn(i) if there exists an exponenta such that j ≡iq^a (modn).

The Cn(i)are calledcyclotomic cosets.

Observe that the cyclotomic cosets partition Zn (the integers mod n). In practice they are easy to determine. Just keep multiplying by q and do not forget to calculate modn.In the caseq= 2, n= 15 considered in Section 13.1, we obtain the following cyclotomic cosets:

{0}, {1,2,4,8}, {3,6,12,9}, {5,10}, {7,14,13,11}.

The concept of cyclotomic cosets is very natural for us. We think of the inte- gers modnas exponents ofα.The mapping j7→jq corresponds to applying the automorphismg1 toα^j (α^j 7→α^jq).

The final ingredient isA⊂Zn,a set of exponents ofα.

13.2 Definition. Let A ⊆ Zn. The Galois closure A˜ is the union of all cyclotomic cosets which intersectAnontrivially. Denote byAthe complement of Ain Zn.

In the case q = 2, n = 15, A = {0,1}, we have ˜A = C15(0)∪C15(1) = {0,1,2,4,8}.

Finally let B be the negative of the complement of the Galois closure of A, in our exampleB=C15(1)∪C15(3)∪C15(5). ThenB is of course Galois closed (equivalently a union of cyclotomic cosets), and |A˜|+|B|=n. When consideringC(A),we callA or ˜Athedefining set,B theset of zeroes.

Cyclic codes and their parameters

Start from theF-linear codeB(A) whose generator matrix has

• coordinates indexed byβ∈W (we will always write β=α^j, j= 0,1, . . . n−1 and index the coordinates byj),

• rows indexed byi∈A,

• entryβⁱ=α^ij in rowi,columnj.

Because of our preparations and examples, we can be quick on the basic facts, as they are obvious by now.

B(A) is anF-linear code of lengthn, dimension|A|.The Galois closure of B(A) is B( ˜A),of dimension |A˜|and strength at leastt,wheretis the number of exponents i ∈ A˜ in the largest interval contained in A. In fact, we can slightly improve on this.

13.3 Definition. An intervalI⊂Zn is a subsetI={a, a+s, a+ 2s, . . . , a+ (t−1)s},wheresis coprime ton.In other words, an interval is an arithmetic progression with stepwidth coprime ton.

13.4 Proposition. Let t be the number of elements of the largest interval contained inA.˜ Then B( ˜A)has strength at least t.

PROOF The Reed-Solomon codes show that B( ˜A) has strength t if {0,1, . . . , t−1} ⊆A.˜ Exercise 4.1 in Chapter 4 (Lagrange interpolation) shows that the same is true if anyt consecutive numbers are contained in ˜A.

Let β = α^s (recall that s is the stepwidth of the interval). Then β is a primitive element modn,that is, we can useβ in the role ofα.Letα^a =β^a′. Then

{α^a, α^a+s, . . . , α^a+(t−1)s}={β^a′, β^a′+1, . . . , β^a′+(t−1)}.

We think of the property thatB(A) has strength|A|as theinterpolation property. Proposition 13.4 is equivalent to saying that intervals have the interpolation property. It is not easy to find sets of exponents which are not intervals and yet have the interpolation property.

As B( ˜A) is Galois closed of dimension|A˜| and strength t,it follows that tr(B( ˜A)) hasF_q-dimension|A˜|and strengtht.By duality, theF_q-linear code C(A) =tr(B( ˜A))^⊥,our principal aim, has dimensionn− |A˜|=|B|and mini- mum distance≥t+ 1.

13.5 Theorem(BCH bound). IfA˜contains an interval of sizet,thenC(A) = C( ˜A)has minimum distance≥t+ 1.

One speaks of BCH codes ifAis chosen as an interval.

13.6 Theorem. B( ˜A)^⊥=B(B), C(A)^⊥ =C(B)

PROOF It suffices to prove the statement for theBcodes. Observe that the dimension is right. It suffices therefore to prove thatB( ˜A) andB(B) are orthogonal. Because of linearity it suffices to show that each of our standard generators of the first code is orthogonal to each standard generator of the second. Let i∈A, i˜ ^′ ∈B, l =i+i^′. By definition ofB, we havel6= 0 (mod n). The dot product in question is

S= X

β∈W

β^l.

AsW consists precisely of the field elementsβ satisfyingβⁿ= 1,there must exist someβ0∈W such thatβ^l₀ 6= 1.We use the same trick as in the proof of Theorem 4.6: compare β₀^lS and S. As β0β varies over all elements of W whenβ does, it follows that β₀^lS=S,orS(β^l₀−1) = 0.As the second factor is6= 0, we must haveS= 0.

By Delsarte’s theorem and Theorem 12.17, we can write C(A) in various ways:

C(A) =tr(B( ˜A))^⊥=B(B)_Fq = (B( ˜A)_Fq)^⊥=tr(B(B)).

In order to illustrate the general mechanism, consider q = 2, n = 15 again, with its cyclotomic cosets C(0), C(1), C(3), C(5), C(7) (we drop the index n = 15 as there is no danger of confusion). As C(A) = C( ˜A), there is no harm in choosing A to be a union of cyclotomic cosets. As there are five cyclotomic cosets, we have a total of 2⁵ = 32 cyclic codes C(A) in this case.

Some extremal cases are obvious: A = ∅ yields the whole space F¹⁵₂ , and A=Z15 yields the 0-code. It is equally obvious thatC({0}) is the sum zero code [15,14,2]2and its dualC(Z15\ {0}) is the repetition code [15,1,15]2.

The case A = C(0)∪C(1) = {0,1,2,4,8} has been considered in Sec- tion 13.1. Due to the presence of the interval{0,1,2}(also{0,2,4},{0,4,8}, {1,8,0} are intervals) this is a [15,10,4]2 code. Its dual is C(B), where B =C(1)∪C(3)∪C(5).AsB contains the interval{1,2,3,4,5,6},we have a [15,5,7]2 code, after parity check a [16,5,8]2.It meets the Griesmer bound with equality.

As another example letA=C(1)∪C(3),containing the interval{1,2,3,4}. It follows that C(A) is a [15,7,5]2 code. After using a parity check bit, we obtain a [16,7,6]2code.

Parametric examples of cyclic codes

We will simply determine parameters of some cyclic codesC(A),using the BCH bound Theorem 13.5 as the bound on the minimum distance. Recall that the dimension of C(A) is |B|, the number of elements in Zn in cyclo- tomic cosets, which are disjoint from ˜A.Each cyclotomic coset has at mostr elements.

Start from the conceptually simplest case q= 2, n= 2^r−1 (binary, prim- itive). A = {1},A˜ ⊃ {1,2} yields a cyclic code [2^r−1,2^r−1−r,3]2. We recognize the parameters of the binary Hamming codes. It is in fact easy to see that we have rediscovered the binary Hamming codes from Section 2.5;

see Exercise 13.2.5. The choiceA={1,3}yields, because of ˜A⊃ {1,2,3,4}, a code [2^r−1,2^r−1−2r,5]2,with a parity check bit [2^r,2^r−1−2r,6]2.This includes parameters [16,7,6]2, [32,21,6]2and [64,51,6]2.

ChooseA={1,3,5}.As ˜A⊃ {1,2,3,4,5,6},we obtain, after parity check, codes [2^r,2^r−1−3r,6r+ 2]2.It is clear how this generalizes:

13.7 Theorem. For everyranda <2^r−1there is a cyclic binary linear code of length 2^r−1,dimension ≥2^r−1−arand minimum distance≥2a+ 1.

In the caser= 4 the cyclotomic coset C15(5) ={5,10} has only length 2, so we obtain better parameters [16,5,8]2.

Next we construct a family of ternary cyclic codes. Letq= 3,whereris odd, andn= (3^r−1)/2.Asris odd, it follows that nis odd; see Exercise 13.2.7.

ChooseA={1,−1}. Then ˜A contains{−3,−1,1,3}.As nis odd, this is an interval (see Definition 13.3).

13.8 Theorem. The cyclic code C(A) in the case q = 3, n= (3^r−1)/2 (r odd),A={1,−1} has parameters[(3^r−1)/2,(3^r−1)/2−2r,5]3.

The first members of this family are [13,7,5]3, [121,111,5]3.

Letq= 2, n= 2^m+1,sor= 2m.ChooseA={0,1}.As 2^m≡ −1 (modn), the interval {−2,−1,0,1,2} is contained in ˜A. This produces binary cyclic codes

[2^m+ 1,2^m−2m,6]2

for allm,in particular, [17,8,6]2 and [33,22,6]2.

Let q = 3, n= (3^2m+ 1)/2, (so r = 4m) andA ={1}. As n is odd and {−3,−1,1,3} ⊂A,˜ we obtain ternary cyclic codes

[3^2m+ 1

2 ,3^2m+ 1

2 −4m,5]3 for allm, in particular, [41,33,5]3.

More parametric examples will be given shortly, after having proven another bound on the minimum distance of cyclic codes.

An application in fingerprinting

Binary linear codes of minimum distance d= 5 have found an interesting application in the cryptographic problem offingerprinting.For an introduc- tion, see Boneh and Shaw [35]. In the past tables of logarithms were finger- printed by introducing tiny errors in some randomly chosen values. In the era of electronic documents there is the danger that two owners of fingerprinted copies detect the location of the fingerprints (these are the locations where the documents differ) and make them unreadable. Letx, y∈Fⁿ

2 be the versions of the document. The owners will produce a document ζ(x, y) =z ∈ {0,1, ǫ}ⁿ where zi = xi = yi when xi = yi and zi =ǫ when xi 6= yi. These pirates

will then distribute the new document ζ(x, y), hoping these copies cannot be traced back to them. The system designer will choose the fingerprints in such a way that each pirate copy ζ(x, y) generated by collusion of two own- ers can be traced back to one of the owners. This leads to a variant of a famous combinatorial-number theoretic problem, as follows: interpret the bi- nary digits 0,1 as natural numbers. Then knowledge ofζ(x, y)∈ {0,1, ǫ}ⁿ is equivalent to knowledge of the integer sumx+y∈Zⁿ.Each fingerprint is a set of coordinates. We describe it by its characteristic function, an element of{0,1}ⁿ.We want to find a family of fingerprints such that each pair of different fingerprints generates a different sum. Such sets of tuples are known asSidon sets.

13.9 Definition. LetA={0,1} ⊂ZandSnbe the maximum size of a subset S ⊂Aⁿ (a Sidon set) such thatx+y=u+v for x, y, u, v ∈S, x6=y, u6=v implies{x, y}={u, v}. Letσ=limn→∞log2(Sn)/n.

The best known lower bound isσ≥.5 The construction is due to B. Lind- str¨om [135] and uses cyclic codes of minimum distance 5. Use binary cyclic codes of length 2^r−1,withA={0,1,3}.Thentr(B(A)),the dual ofC(A),has dimension 2r+1 and strength 5 (we need only strength 4). A generator matrix oftr(B(A)) has 2r+ 1 rows and 2^r−1 columns. Any four of the columns are linearly independent. Letn= 2r+ 1 and let S be the set of columns of the generator matrix, where the entries 0,1 are interpreted as integers. ThenSis a Sidon set andlog2|S|/(2r+ 1)≈r/(2r+ 1)−→0.5 A recent improvement of the upper bound is in Cohen, Litsyn and Z´emor [56]:σ≤0.5753.

The Roos bound

The BCH bound Theorem 13.5 is not always sufficient. There are quite a number of good cyclic codes whose minimum distance is larger than the BCH bound guarantees. In this section we prove and then apply an important special case of the Roos bound from [176]. We include it here not only in view of the applications. It is attractive also because the proof makes use of some basic linear algebra in an interesting way.

Let 06=v= (vu)∈ C(A) of weightd,wheredis the minimum weight of our cyclic code. The aim is to obtain a lower bound ond.Let S be the support ofv.Consider the spaceF^d with coordinates indexed by theu∈S.Define a scalar product (a symmetric bilinear form)h,ionF^d by

hx, yi=X

u∈S

vuxuyu

where x= (xu), y = (yu) ∈ F^d. As the vu are all nonzero, this symmetric bilinear form is nondegenerate. The situation is exactly as in the case of the

dot product; see Sections 2.4 and 3.4. Bilinear forms will be studied in more generality in Section 17.2.

The idea of the Roos bound is to find two subspaces of large dimension in F^dwhich are orthogonal to one another with respect toh,i.The sum of their dimensions will then be a lower bound on d, the dimension of the space we work in.

13.10 Theorem. Let I1, I2 be intervals such that

I1+I2={i1+i2|i1∈I1, i2∈I2} ⊆A.˜ Then the minimum distancedof the cyclic code C(A)satisfies

d≥ |I1|+|I2|.

PROOF The intervalsI1+j, j ∈I2andi+I2, i∈I1show thatd >|I1|,|I2|. Denote byP(I1) the space of polynomials with coefficients inF all of whose terms have degrees in I1, analogously for P(I2). Clearly these spaces have dimension|I1|,|I2|,respectively. Denote byB^S(I1) the evaluation atS, that is,

B^S(I1) ={(p(u))u∈S|p(X)∈ P(I1)},

analogously forI2.We claim thatB^S(I1) andB^S(I2) are orthogonal underh,i. In fact, leti1 ∈I1, i2∈I2, i1+i2=a. Asa∈A,˜ we have that X^a describes an element of B( ˜A).By the definition of C(A) as dual oftr(B( ˜A)), we have, for everyβ∈F,

0 = X

u∈W

vutr(βu^a) =tr(βX

u∈S

vuu^a).

Asβ∈Fis arbitrary andtrnot the 0 mapping, it follows that 0 =X

u∈S

vuu^a = X

u∈S

vuuⁱ¹uⁱ². This means exactly thatB^S(I1) and B^S(I2) are orthogonal. As the dual space has complementary dimension this shows

d≥dimF(B^S(I1)) +dimF(B^S(I2)).

Recall that P(I1) has dimension |I1|and that B^S(I1) is obtained by projec- tion fromP(I1).However, this projection (evaluation) map has no kernel, as a polynomial in the kernel must be the 0 polynomial by the defining property of an interval (there isexactly onepolynomial fromP(I1) having prescribed values at any |I1| coordinates). It follows thatdimF(B^S(I1)) = |I1|, analo- gously forI2.

This was somewhat harder work than in the rest of this text. The examples will show that it was worthwhile making the effort.

Chooseq= 2, n= 2^2m+ 1 (sor= 4m),A={1}.We have {−4,−2}+{0,3,6}={−4,−2,−1,1,2,4} ⊂A.˜

As n is coprime to 6, we have that I1 = {−4,−2} and I2 = {0,3,6} are intervals, so the Roos bound implies thatC(A) has minimum distance≥5.

13.11 Theorem. The binary cyclic code C({1}) of length n= 2^2m+ 1 has parameters

[4^m+ 1,4^m+ 1−4m,5]2.

In particular, codes [18,9,6]2, [66,53,6]2, [258,241,6]2are obtained.

A proof from scratch is in [21]. The codes of Theorem 13.11 are known as Zetterberg codes.

The next construction is due to C. L. Chen [48]. Letqbe a power of 2 and n=q²+ 1,sor= 4.LetA={1}.We have

A˜=Cq²+1(1) ={±1,±q}={1, q}+{−(q+ 1),0}.

As qis even, both {1, q} and{−(q+ 1),0}are intervals. It follows from the Roos bound that we have minimum distanced≥4.

13.12 Theorem. Letqbe a power of2.Theq-ary cyclic codeC({1})of length n=q²+ 1 has parameters

[q²+ 1, q²−3,4]q.

The Roos theorem as proved in [176] is slightly more general than Theorem 13.10; see Exercise 13.2.10.

The van Lint-Wilson bound

Another method to obtain lower bounds on the minimum distance of cyclic codes is due to van Lint and Wilson [212]. The idea is to build large setsEof exponents such that the projectionB^S(E) still has dimension|E|,which then is a lower bound on d.Use the same conventions as in the previous section.

In particular,A⊆Z/nZis a set of exponents and S⊆W.

13.13 Definition. Call A independent ofS if dim(B^S(A)) =|A| (equiv- alently, the projection : P(A) −→ B^S(A) has trivial kernel). A is t-wise independentif it is independent of every setS of sizet.We say thatA has the interpolation propertyif it is |A|-wise independent.

Observe that A has the interpolation property if and only if B(A) is an orthogonal array of strength |A| (and index λ = 1). Each interval has the interpolation property.

13.14 Lemma. IfAis independent of S,thenA+j is independent ofS, for every j.

PROOF Consider the matrix with rows indexed byi∈A,columns indexed byu∈Sand entriesuⁱ.The fact thatAandSare independent is equivalent to this matrix having rank|A|(the rows are independent). ReplacingAbyA+j has the effect of multiplying columnubyu^j.The rank remains unchanged.

Choose S to be the support of a codeword ofC(A) of minimum weightd, so|S|=d.LetI⊆Z/nZ.

13.15 Lemma. If I is contained in an interval J ⊆A˜ of length at mostd,then I is independent with respect toS.

PROOF AsJ is an interval, the projection fromP(J) toB^S(J) has trivial kernel. If we restrict to the subspaceP(I),this is still true.

The following recursive constructions are used to find large independent sets (with respect to any nonzero codeword of the cyclic code). IfIis independent with respect to every support S, then |I| is a lower bound on the minimum distance dof C(A). If, moreover,I ⊆A,˜ then d≥ |I|+ 1.This follows from the fact thatB^S(I) is contained in a proper subspace ofF^S in this case. The recursive construction is based on the following two lemmas.

13.16 Lemma (shifting).

dim(B^S(I)) =dim(B^S(I+j)) for everyS, I andj. Here I+j={i+j|i∈I}.

In particular: ifIis independent with respect toS,thenI+j has that same property.

PROOF The mappingp(X)7→X^jp(X) induces an isomorphism betweenB^S(I) andB^S(I+j) for everyS.

13.17 Lemma. Let I⊆A, j /˜ ∈A.˜ If S is the support of a codeword ofC(A) but not the support of a codeword in C(A∪ {j}), then

dim(B^S(I∪ {j})) = 1 +dim(B^S(I)).

In particular, ifI is independent with respect toS, then so isI∪ {j}.

PROOF Clearlydim(B^S(I∪ {j}))≤1 +dim(B^S(I)).The tuple ofB^S(I∪ {j}) defined by polynomial X^j is not orthogonal (with respect to the dot

product) to codeword v ∈ C(A) with support S. This follows from the as- sumption of the lemma. As the elements ofB^S(I) are orthogonal tov,we see that the dimension does increase.

As an illustration, consider the binary Golay code, the binary cyclic code of length 23 with defining setA={1}.The cyclotomic cosets in the casen= 23 areC(0) ={0},

C(1) ={1,2,3,4,6,8,9,12,13,16,18}andC(−1) =−C(1).

The dimension is 23−11 = 12. We want to show that C(A) has minimum distance ≥7.Observe that, for every j 6= 0, j /∈A, we have that C(A∪ {j}) is the repetition code of minimum distance 23 (this follows formally from the BCH bound, as this code has as defining set an interval of length 22). It follows that one condition of Lemma 13.17 will always be satisfied.

Let S be the support of a codeword of weight d. Start from the interval {1,2} ⊂ C(1), which shows d ≥3 by the BCH bound. We have 5 ∈/ C(1).

Lemma 13.17 shows that{1,2,5}is independent ofS.The shift lemma shows that{8,9,12}is independent ofSas well. As{8,9,12} ⊂C(1),we haved≥4.

We continue in this way, using alternately Lemma 13.17 and Lemma 13.16:

{8,9,12} −→ {8,9,12,14} −→ {12,13,16,18} −→

{12,13,16,18,5} −→ {2,3,6,8,18} −→ {2,3,6,8,18,5}.

This showsd≥6.Assumed= 6.A codewordv of weight 6 is in the sum zero subcode C(A∪ {0}).Application of the method to this code yields

{2,3,6,8,18,5} −→ {0,1,4,6,16,3} ⊂C(0)∪C(1) which shows thatC({0,1}) hasd >6,a contradiction.

We have shown thatC({1}) is a [23,12,7]2code. This is the

famous binary Golay code, which we constructed in Chapter 7 without any theoretical backing. This application is from the original paper [212].

The following family of cyclic codes of minimum distance 6 was described by Danev and Olsson [63]. Let q ≥ 4 and n = q²−q+ 1. As q³+ 1 = (q+ 1)(q²−q+ 1) and (q³+ 1)|q⁶−1,we haveF =F_q6 and consequently all cyclotomic cosets have as lengths divisors of 6.We use the cyclotomic cosets

C(1) =±{1, q−1, q}andC(q−2) =±{q−2, q+ 1,2q−1}. Consider

C=C({0} ∪C(1))⊃ D=C({0} ∪C(1)∪C(q−2)).

As{0} ∪C(1)∪C(q−2)⊃ {−1,0,1}+{−(q−1),0, q−1} contains the sum of two intervals of length 3, it follows from the Roos bound Theorem 13.10

that D has minimum distance ≥6. We want to show that the same is true of the (n−7)-dimensional cyclic code C. Let dbe the minimum distance of C and assume d < 6. In each application of Lemma 13.17 we choose j ∈ C(q−2).The condition onj from Lemma 13.17 is then satisfied. We start with{q−1, q} −→ {q−1, q,2q−1}and continue

{0,1, q} −→ {0,1, q, q+ 1} −→ {−1,0, q−1, q} −→

−→ {−1,0, q−1, q,2q−1} −→ {−q,−(q−1),0,1, q}.

The resulting independent set of size 5 is contained in {0} ∪C(1). We have proved the following:

13.18 Theorem. Let q≥4.The cyclicq-ary code of length q²−q+ 1withA={0,1}is a[q²−q+ 1, q²−q−6,6]q-code.

Short examples are [13,6,6]4, [21,14,6]5, [43,36,6]7.

Generator matrices of cyclic codes

In order to be able to work with cyclic codes, we have to determine generator matrices for them. It turns out that we can find an almost canonical form.

Recall the situation: we have n|q^r−1, F =F_q(ǫ), where ǫ is a primitive element ofF. Further,W consists of all elements whosen-th power is 1 and W ={1, α, α², . . . , αⁿ⁻¹}.Ourq-ary cyclic code isC(A).Its dimension is|B|, where−Bis the union of the cyclotomic cosets, which are disjoint from ˜A.Let C be a cyclotomic coset disjoint from ˜A. Thentr(B(−C))⊂ C(A) and C(A) is the direct sum of all those codes. In other words, C(A) is the direct sum of the codes tr(B(C)), where C varies over the cyclotomic cosets contained in B. Each such code has dimension |C|. We have tr(B(C)) = B(C)_Fq, but the expression using the trace is handier: it may be hard to find a systematic way to write down the words of anF-linear code all of whose entries happen to be in the subfield F_q, whereas there is no problem in applying the trace mapping.

In particular, each cyclotomic cosetC, C∩A˜=∅contributes|C|rows to a generator matrix ofC(A).

To fix notation, denote v(l, i)∈Fⁿ_q the vector with entry tr(ǫ^lβⁱ) in coor- dinate β ∈ W. If i ∈ C, then v(l, i) ∈ tr(B(C)). Observe that v(l, i) is the codeword in tr(B(C)) corresponding to the monomialǫ^lXⁱ.As 1, ǫ, . . . , ǫ^r−1 is a basis ofF overF_q,we can choose 0≤l≤r−1.

LetC be a cyclotomic coset,C∩A˜=∅.Choosei∈C.In the generic case when |C| = r, there is no problem: the words v(0, i), v(1, i), . . . v(r−1, i) form a basis oftr(B(C)).When|C|< r,these vectors still generatetr(B(C)).

We will have to choose|C|linearly independent among these vectors. If this is done for each cyclotomic coset avoiding ˜A,the corresponding wordsv(l,−i) form the rows of a generator matrix.

13.19 Theorem. Letv(l, i)∈Fⁿ_q be the word with entrytr(ǫ^lβⁱ)in coordinate β ∈W.

For each cyclotomic coset C,choose a representative i∈C and a set S(i) ⊆ {0,1, . . . , r−1} of |C| indices l such that the v(l, i), l ∈ S(i) are linearly independent. The v(l, i), l∈S(i)are a basis of tr(B(C)).

The v(l,−i), l ∈ S(−i) where i varies over representatives of cyclotomic cosetsC avoiding A,˜ form the rows of a generator matrix ofC(A).

Again, the generator matrices as described in Theorem 13.19 are close to being canonically determined. There is the choice of the representatives of cyclotomic cosets, but this does not really matter. When C has full length r, and this is the generic case, we have S(i) ={0,1, . . . , r−1}. A difficulty arises only whenC is shorter.

Check matrices of cyclic codes

It is important to have a concrete representation of a check matrix H of C(A),equivalently a generator matrix oftr(B(A)) =tr(B( ˜A)).Strictly speak- ing, we know this standard form, as the dual of a cyclic code is cyclic, soH is a generator matrix of a cyclic code and we can apply Theorem 13.19. We are redoing the work of the previous section from a slightly different perspective.

The main difference is that we view the entries in each section corresponding to a cyclotomic coset of lengthsnot ass-tuples but as elements ofF_qs.

The Galois closure ˜Ais a union of cyclotomic cosets. LetRbe a set of rep- resentatives for the cyclotomic cosets contained in ˜A.We know thattr(B(A)) is the direct sum of the tr(B(Cn(i))), where i∈R, anddim(tr(B(C(i)))) =

|Cn(i)|; in other words, each cyclotomic coset Cn(i) ⊆ A˜ contributes s =

|Cn(i)|rows ofH.It is proved in Exercise 13.2.9 thatscan also be described as the degree of F_q(αⁱ) over F_q, equivalently F_q(αⁱ) = F_qs. In particular, αⁱ∈F_qs. It is now obvious how a check matrixH ofC(A) can be described:

1. The columns ofH are indexed byβ=α^j∈W, j= 0,1, . . . , n−1.

2. Choose representativesi∈R for the cyclotomic cosets Cn(i)⊆A.˜ Let s=s(i) =|Cn(i)|.Eachi∈Rcontributes a section ofsrows toH.

3. For eachF_qs ⊆F,choose a basis overF_q.

4. The section of column β ∈ W corresponding to i ∈ R is βⁱ, where βⁱ∈F_qs is represented by a column vector of lengths,whose entries are the coefficients of the representation ofβⁱ in terms of the fixed basis.