An Introduction to Coding Theory: Lecture

Notes
Vladimir D. Tonchev
Department of Mathematical Sciences
Michigan Technological University
Houghton, Michigan 49931, USA

http://www.math.mtu.edu/∼tonchev/Coding-Theory-Tohoku-June-09.pdf
May 16, 2009

Contents
1 Error-correcting codes 12

2 Linear codes 14

3 Syndrome decoding of linear codes 20

4 The sphere-packing bound 24

5 The Hamming codes 26

6 Vasil’ev codes 27

7 The binary Golay codes 29

8 The ternary Golay codes 33

9 The Assmus-Mattson characterization of perfect codes 35

1
10 Perfect codes and data compression 39

11 MacWillimas identities 40

12 The Assmus-Mattson Theorem 43

13 Self-dual codes and t-designs 47

14 Pless symmetry codes 50

15 Quadratic-residue codes 51

16 Cyclic codes 56

17 Factoring xn − 1 58

18 Idempotent generators of cyclic codes 61

2
 Often, when I say my name, Vladimir, over the phone, I am asked the
question:

- ”Can you spell it, please?”

3
 Often, when I say my name, Vladimir, over the phone, I am asked the
question:

- ”Can you spell it, please?”

Then I reply:

• V as in Victor

• L as in Lancing

• A as in Apple

• D as in David

• I as in Igor

• M as in Mary

• I as in Igor

• R as in Richard

4
The original message (essential information) is:

V ladimir

( 8 information symbols ).

5
The original message (essential information) is:

V ladimir

( 8 information symbols ).

The encoded message:

V ictorLancingAppleDavidIgorMaryIgorRichard

(42 symbols).

6
 The original message (essential information) is:

V ladimir

( 8 information symbols ).

The encoded message:

V ictorLancingAppleDavidIgorMaryIgorRichard

(42 symbols).

The added symbols

ictor ancing pple avid gor ary gor ichard

are 42 − 8 = 34 redundancy symbols.

7
Questions:

• Can we do better than that?

8
Questions:

• Can we do better than that?

• What is the smallest number of redundancy symbols that would insure

the detection and correction of a single error?

9
Questions:

• Can we do better than that?

• What is the smallest number of redundancy symbols that would insure

the detection and correction of a single error?

• What is the smallest number of redundancy symbols that would insure

the detection and correction of a double error?

10
 A basic model of a Communication Channel

1100 → 1100100 → 1110100 → 1110100 → 1100

message encoder channel receiver decoder

11
1 Error-correcting codes
The mathematical theory of error-correcting codes originated in a paper by
Claude Shannon [25] from 1948.
A code (or a block code) C of length n over a finite alphabet Fq of size q
is a subset C of the set Fqn of all n-letter words with components from Fq .
We refer to the elements of C as words, codewords, or vectors. A code over
Fq is called a q-ary code. A code is binary if q = 2, ternary if q = 3, etc.
The Hamming distance d(x, y) between x = (x1 , . . . , xn ), y = (y1 , . . . , yn )
is defined as the number of positions in which x and y differ:
d(x, y) = |{i | xi 6= yi}|.
The Hamming distance enjoys the usual properties of a distance function:
1. d(x, y) ≥ 0, and d(x, y) = 0 if and only if x = y.
2. d(x, y) = d(y, x).
3. d(x, y) ≤ d(x, z) + d(z, y) for arbitrary x, y, z ∈ Fqn ; (the triangle in-
equality).
A Hamming sphere Srn,q (x) of radius r with center x ∈ Fqn is defined as
the set of all words being at distance at most r from x:
Srn,q (x) = {y | y ∈ Fqn , d(x, y) ≤ r}.
Exercise 1.1 Prove that a sphere of radius r in Fqn is of size
r
!
n
(q − 1)i
X
(1)
i=0 i
The minimum distance d of a code C is defined as the smallest Hamming
distance between pairs of words from C:
d = min d(x, y) : x, y ∈ C, x 6= y.
A code can be thought as a collection of messages that are being transmitted
over a communication channel. If the channel is subject to noise, some of the
components of a message x = (x1 , . . . , xn ) ∈ C may be corrupted. Thus, the
received message y = (y1 , . . . , yn ) may differ from x, and the distance d(x, y)
counts the number of errors in y.
The process of recovering the original message x from the received mes-
sage y is called decoding.

12
Theorem 1.2 If C is a code with minimum distance d ≥ 3, there is a de-
coding algorithm that corrects up to [(d − 1)/2] errors.

Proof. Assume that a message x ∈ C is sent, and the number of positions of

x that have been corrupted does not exceed [(d − 1)/2]. The received vector
y belongs to the sphere Srn,q (x), where r = [(d − 1)/2].
It follows from the triangle inequality that the spheres of radius r =
[(d − 1)/2] around all codewords from C are pairwise disjoint. Thus, the
codeword x can be recovered from y as the unique word from C being at
distance at most [(d − 1)/2] from y.

The proof of Theorem 1.2 implies the following simple decoding algorithm,
known as maximum likelihood decoding: the received vector y is decodes as
x ∈ C where x is the closest codeword to y:

min d(y, z) = d(y, x).

z∈C

Exercise 1.3 Show that a code with minimum distance d can detect up to
d − 1 errors.

Exercise 1.4 Prove the triangle inequality for the Hamming distance.

Exercise 1.5 Give an example of a binary code of length 7, size 7, and

minimum distance 4, or prove that such a code does not exist.

Exercise 1.6 Give an example of a binary code of length 7, size 17, and
minimum distance 3, or prove that such a code does not exist.

13
2 Linear codes
A field is a set F with two operations, addition +, and multiplication ·,
satisfying the following axioms:

a0. For every a, b ∈ F there is a unique c ∈ F such that a + b = c.

a1. (a + b) + c = a + (b + c).
a2. a + b = b + a.
a3. There is an element 0 ∈ F such that a + 0 = a for every a ∈ F .
a4. For every a ∈ F there is an element −a ∈ F such that a + (−a) = 0.
m0. For every a, b ∈ F there is a unique d ∈ F such that ab = d.
m1. (ab)c = a(bc).
m2. ab = ba.
m3. There is an element 1 ∈ F such that a · 1 = a for every a ∈ F .
m4. For every a ∈ F , a 6= 0, there is an element a−1 ∈ F such that aa−1 = 1.
d. a(b + c) = ab + ac, (a + b)c = ac + bc.

Equivalently, a set F with two operations +, · is a filed if (F, +) and

(F \ {0}, ·) are commutative groups.
Familiar examples of fields are the filed of real numbers and the field of
complex numbers. These fields contain infinitely many elements.
A field is finite if in contains a finite number of elements. The number of
elements of a finite field F , q = |F |, is called the order of F .

Example 2.1 The smallest field of order 2 consists of two elements:

F2 = {0, 1}.

Multiplication is the same as for real numbers:

0 · 0 = 0 · 1 = 1 · 0 = 0, 1 · 1 = 1.

Addition is modulo 2:

0 + 0 = 1 + 1 = 0, 0 + 1 = 1 + 0 = 1.

A finite field of order q is usually denoted by Fq or GF (q) (Galois Field

of order q). The order q of a finite field is necessarily a prime power. If q is
a prime number, then GF (q)=Zq ={0, 1, . . . , q − 1}, and the operations are
addition and multiplication modulo q.

14
 If Fq is a field of order q, the set

Fqn = { (x1 , . . . , xn ) | xi ∈ Fq }

of all n-letter words with components from Fq is an n dimensional vector

space, with addition of vectors and multiplication of vectors by a scalar
performed in Fq :

(x1 , . . . , xn ) + (y1 , . . . , yn ) = (x1 + y1 , . . . , xn + yn ),

α(x1 , . . . , xn ) = (αx1 , . . . , αxn ), α ∈ Fq .

Definition 2.2 A linear code over Fq is a linear subspace of the n-dimensional

vector space Fqn .

Definition 2.3 A k × n matrix G whose rows form a basis of an [n, k] code

C is called a generator matrix of C.

Exercise 2.4 Find the number of distinct generator matrices of a q-ary lin-
ear [n, k] code.

Definition 2.5 Given a code C ⊆ Fqn , the dual code C ⊥ is defined as the
orthogonal space of C:

C ⊥ = {y ∈ Fqn | y · x = 0 for every x ∈ C},

where x = (x1 , . . . , xn ), y = (y1 , . . . , yn ) and

x · y = x1 y1 + · · · + xn yn (2)

is the ordinary scalar product in Fqn (note that other inner products are used
sometimes).

If C is a linear [n, k] code then C ⊥ is a linear [n, n − k] code.

Definition 2.6 Any generator matrix of C ⊥ is called a parity check matrix
of C.
If H is a parity check matrix, the code C consists of all vectors x = (x1 , . . . , xn )
which are solutions of the homogeneous system of linear equations with co-
efficient matrix H:
C = {x ∈ Fqn | HxT = 0.} (3)

15
Definition 2.7 The Hamming weight w(x) of a vector x ∈ Fqn is defined as
the number of its nonzero components:

w(x) = |{i | xi 6= 0}|.

Clearly, d(x, y) = w(x − y), where d is the Hamming distance. In particular,

w(x) = d(x, 0̄), where 0̄ is the all-zero vector.

Definition 2.8 The minimum weight of a code C is defined as the smallest

among the weights of all nonzero vectors in C.

An important property of the Hamming distance is that it is invariant under

translation:
d(x, y) = d(x + z, y + z)
for arbitrary vectors x, y, z. This property implies the following result.

Theorem 2.9 The minimum distance of a linear code is equal to its mini-
mum weight.

We use the notation [n, k, d] for a linear [n, k] code with minimum distance,
or equivalently, minimum weight d. For example, the whole space Fqn is an
[n, n, 1] code.
In the binary case (q = 2), the weight function satisfies the following
identity:
w(x + y) = w(x) + w(y) − 2w(x ∗ y) (4)
for arbitrary vectors x = (x1 , . . . , xn ), y = (y1 , . . . , yn ), x, y ∈ F2n , where x∗y
is defined as
x ∗ y = (x1 y1 , . . . , xn yn ).

Exercise 2.10 Prove the identity (4).

Exercise 2.11 (i) Show that the set C of all binary vectors of length n ≥ 2
of even weight form an [n, n − 1, 2] code.
(ii) Find a parity check matrix of C.
(iii) Find a generator matrix of C.

The minimum weight of a linear code can be determined by linear dependen-

cies of columns of its parity check matrix. Assume that C is a linear code
of length n with a parity check matrix H = [h1 , . . . , hn ], where hi is the ith

16
column of H, 1 ≤ i ≤ n. Let x be a nonzero vector from C of weight w, and
let xi1 , . . . , xiw be the nonzero components of x. We have

HxT = hi1 xi1 + · · · + hiw xiw = 0,

hence, the columns hi1 , . . . , hiw are linearly dependent. This implies the
following simple, but very useful result.
Theorem 2.12 The minimum weight of a linear code with a parity check
matrix H is equal to the largest integer d such that every d − 1 columns of
H are linearly independent.

Corollary 2.13 A linear code with a parity check matrix H can correct sin-
gle errors if every two columns of H are linearly independent. In particular,
a binary linear code can correct single errors if all columns of its parity check
matrix are nonzero and distinct.

Example 2.14 All columns of the following matrix

 
11110
H =  01101 
 

00111

are nonzero and distinct. Thus, H is a parity check matrix of a binary code
with minimum weight d ≥ 3.

Exercise 2.15 Determine the minimum distance of the code from Example
2.14.

Another immediate corollary of Theorem 2.12 is the following inequality

known in coding theory as the Singleton Bound .
Theorem 2.16 (The Singleton Bound). If C is an [n, k, d] code then

d ≤ n − k + 1. (5)

Proof. Let H be an (n − k) × n parity check matrix of C. The rank of H

does not exceed the number of rows n − k. Consequently, the largest number
of linearly independent columns of H is n − k, while every n − k + 1 columns
of H are linearly dependent.

17
Definition 2.17 An [n, k, d] code with d = n − k + 1 is called maximum
distance separable code, or an MDS code.
Exercise 2.18 Give a generator matrix of a binary [5, 4, 2] MDS code.
Definition 2.19 A generator matrix of the form G = (Ik |B), where Ik is
the identity matrix of order k, is called a standard generator matrix.
Exercise 2.20 If G = (Ik |B) is a generator matrix of an [n, k] code C then
H = (−B T |In−k ) is a parity check matrix of C.
For the next definition, it is convenient to think of a code C of length n as
an array with n columns having as rows the words of C.
Definition 2.21 Two codes C ′ C ′′ ⊆ Fqn are permutation equivalent, if C ′′
can be obtained by permuting the columns of C ′ . If Fq is a finite field of
order q, two codes C ′ , C ′′ ∈ Fqn are monomially equivalent if C ′′ can be
obtained by permuting the columns of C ′ and multiplying some columns of
C ′ by nonzero elements from Fq .
Definition 2.22 An automorphism of a code is any any equivalence of the
code to itself. The set of ll automorphisms of a code forms a group under
composition, called the automorphism group of the code.
Exercise 2.23 Find the automorphism group of the binary [6, 3] code with
generator matrix G = (I3 |J3 − I3 ).
Exercise 2.24 (1) Show that every linear [n, k] code is equivalent to a code
which has a standard generator matrix.
(2) Give an example of a code which does not have a standard generator
matrix.
Definition 2.25 A set of k coordinate positions i1 , i2 , . . . ik of a linear [n, k]
code C ⊆ Fqn is called an information set if the k columns of G with indices
i1 , i2 , . . . ik are linearly independent over Fq .
Clearly, an [n, k] code admits a standard generator matrix if and only if the
first k coordinate positions form an information set.
The meaning of an information set is the following: any codeword is ob-
tained by recording in the k information positions any of the possible q k
words of length k over Fq , and the remaining n − k coordinates are calcu-
lated as linear combinations of the k information symbols. The exact linear
combinations are determined by using a parity check matrix of the code.

18
Exercise 2.26 List all information sets of the binary [5, 2] code with gener-
ator matrix !
11010
G= .
10111

19
3 Syndrome decoding of linear codes
The decoding algorithm implied by Theorem 1.2 requires computing the
Hamming distances between the received message and all codewords. This
algorithm is inefficient for codes containing a large number of words. There
is a more efficient decoding algorithm for linear codes known as syndrome
decoding .
Suppose that C ⊆ Fqn is a linear [n, k] code over a finite field Fq , and let
b ∈ Fqn be a vector. The coset of C with representative b is defined as the set
of vectors
C + b = {c + b | c ∈ C}. (6)
The main properties of cosets are summarized in the following lemma.

Lemma 3.1 Assume that C ⊆ Fqn is a linear [n, k] code.

(i) Any coset of C contains the same number of vectors as C.
(ii) C + b1 = C + b2 if and only if b2 − b1 ∈ C.
(iii) Two cosest of C are either disjoint or identical (as sets of vectors).
(iv) The whole space Fqn is a union of q n−k disjoint cosets of C:

Fqn = C ∪ (C + b1 ) ∪ · · · ∪ (C + bqn−k −1 ).

Exercise 3.2 Prove Lemma 3.1.

A vector of minimum weight in a given coset is called a coset leader. A

coset may have more than one leader. The leader of the code itself is the
zero vector.

Example 3.3 The cosets of the binary [4, 2] code C with generator matrix
!
1011
G=
0101

are given in Table 3.4. For each coset, a leader is chosen as a representative
and listed in the first column. Note that the coset with a leader 0001 contains
a second vector of weight one, 0100, which also is a leader.

Table 3.4 The cosets of a binary [4, 2] code

20
 Leader Coset
0000 0000 1011 0101 1110
0001 0001 1010 0100 1111
0010 0010 1001 0111 1100
1000 1000 0011 1101 0110
Suppose that C ⊆ Fqn is an [n, k] code with a parity check matrix H. The
syndrome s(b) of a vector b ∈ Fqn is defined as the (n − k) × 1 column vector
equal to
s(b) = HbT .
Lemma 3.5 All vectors in a given coset have the same syndrome.

Proof. If x, y are two vectors belonging to a coset C + b, we have

x = x′ + b, y = y ′ + b
for some x′ , y ′ ∈ C, and
s(x) = H(x′ + b)T = H(x′ )T + HbT = HbT ,
s(y) = H(y ′ + b)T = H(y ′)T + HbT = HbT ,
thus s(x) = s(y).

Example 3.6 The following is a parity check matrix of the binary [4, 2] code
from Example 3.3: !
1010
H= .
1101
The syndromes of the coset leaders are listed in Table 3.7.
Table 3.7 Coset leaders and their syndromes
Leader Syndrome
!
0
0000
0 !
0
0001
1 !
1
0010
0 !
1
1000
1

21
Suppose now that a vector x ∈ Fqn belonging to a linear code C with a parity
check matrix H has been sent over a noisy channel, and a vector y ∈ Fqn has
been accepted at the receiving end. The vector
e = y − x,
called the error vector, determines whether any errors have occurred in the
process of transmitting x. If e = 0 no errors have occurred, hence y = x.
Otherwise, the weight of e is equal to the number of errors, i.e., the number
of coordinates of x which have been altered during the transmission. Note
that
Hy T = HeT .
This observation is the base of the following decoding algorithm, known as
Syndrome Decoding.
1. Compute the syndrome s(y) = Hy T of the received vector y.
2. Find a coset leader e having the same syndrome as y.
3. If e is the only leader in the coset with syndrome s(y), decode y as
x = y − e. Otherwise, conclude that an error pattern has been detected
that cannot be corrected.
Theorem 3.8 The syndrome decoding algorithm determines correctly the
initial codeword x provided that the number of errors t does not exceed [(d −
1)/2], where d is the minimum distance of the code.

Proof. Note that any two distinct vectors of weight t ≤ [(d − 1)/2] belong
to distinct cosets. Thus, the error vector e is equal to the unique coset leader
having the same syndrome as y.

An implementation of the syndrome decoding algorithm requires finding

the coset leaders and computing their syndromes, which is done only once
and recorder in a table similar to Table 3.7.
Example 3.9 The [4, 2] binary code from Example 3.3 has minimum dis-
tance d = 2. Thus, [(d − 1)/2] = [(2 − 1)/2] = 0 and the code cannot correct
arbitrary single errors. However, the vectors 0010 and 1000 are unique leaders
in their cosets, thus represent error patterns which can be corrected by syn-
drome decoding. In other words, the code can correct a single error affecting
the first or the third coordinate of any codeword.

22
Example 3.10 The binary Hamming code of length 7 is a linear [7, 4] code
with parity check matrix H having as columns all distinct nonzero (0, 1)-
vectors with three components, ordered lexicographically. Since the columns
of H are nonzero and distinct, the minimum distance d of the code is at least
3. On the other hand, there are triples of linearly dependent columns, hence
d = 3 and the code can correct any single error. There are 27−4 = 23 = 8
cosets, with coset leaders the zero vector (for the code itself), and the seven
vectors in F27 of weight 1. The syndrome of a leader of weight one having ith
nonzero coordinate (1 ≤ i ≤ 7), is equal to the ith column of H. Thus, the
syndrome decoding algorithm for correcting single errors with the Hamming
code reads as follows:

1. Given a vector y ∈ F27 , compute its syndrome s(y).

2. If s(y) = 0, no errors have occurred, thus x = y. Otherwise, if s(y) is

equal to the ith column of H, decode y as the vector x obtained from
y by replacing the ith coordinate yi of y with 1 − yi .

23
4 The sphere-packing bound
The length n, the minimum distance d, and the total number of codewords
(or size) M = |C| are the main parameters of a code C. Increasing d is
generally possible at the expense of decreasing M or increasing n. If d and
M are fixed, the most interesting codes are those of shortest length n. If d
and n are fixed, one looks for a code of largest possible size M. Thus, there
are three fundamental optimization problems imposed by fixing two of the
parameters n, d, M and optimizing with respect to the third. Explicit
solutions of any of these optimization problems are rarely known in general.
However, there are estimates, or bounds for the optimal values in terms of
inequalities.
The following theorem gives an upper bound on the size of a q-ary code
of given length and minimum distance.

Theorem 4.1 (The Sphere-packing, or Hamming bound) .

Suppose that C is a q-ary code of length n and minimum Hamming distance
d. Then
qn
|C| ≤ P[(d−1)/2] n (7)
(q − 1)i
i=0 i

Proof. The spheres of radius r = [(d − 1)/2] around the codewords of C

are pairwise disjoint. Every word of length n belongs to at most one such
sphere. Thus, using the formula (1) for the volume of a sphere, we have
[(d−1)/2] !
n
(q − 1)i) ≤ q n ,
X
|C|(
i=0 i

and (7) follows.

A code that satisfies the equality in (7) is called perfect.

A trivial example of a perfect code with d = 1 is the set Fqn of all words
of length n.
Another example is the binary repetition code of odd length n = 2m + 1,
consisting of the all-one vector 1̄ = 111 . . . 1, and the zero vector. In this
case, d = n = 2m + 1, and the size of a sphere of radius m = (n − 1)/2 is
(n−1)/2 !
n 1
= 2n = 2n−1 .
X

i=0 i 2

24
Nontrivial examples of perfect codes with d = 3 are discussed in the next
section.

Exercise 4.2 Is it possible to find 16 binary vectors of length 7 such that

any two are at Hamming distance at least 4?

25
5 The Hamming codes
In this section, we describe a class of linear perfect single error-correcting
codes (d = 3) known as Hamming codes.
We know from 2.13 that a linear binary code has minimum distance at
least 3 if and only if all columns in the parity check matrix are nonzero and
distinct.
The binary Hamming code Hm (2) of length n = 2m − 1, (m ≥ 2) and
dimension k = n − m is defined as a linear code with a parity check matrix
H having as columns all distinct nonzero vectors with m components. By
Definition 2.21, all binary Hamming codes of given length n = 2m − 1 are
equivalent. It is convenient to assume that the columns of H are ordered
lexicographically, that is, the ith column of H is the binary presentation
of the number i, 1 ≤ i ≤ 2m − 1. Clearly, the first three columns of H
are linearly dependent over the field of order 2, F2 = GF (2). By 2.13, the
minimum distance of Hm (2) is equal to 3. A sphere of radius 1 in F2n is of
size n+ 1. Since
2n m
= 22 −1−m = 2n−m ,
n+1
the Hamming code Hm (2) is perfect.
Clearly, any binary linear code of length n = 2m −1, dimension k = n−m,
and minimum distance d = 3, is equivalent to Hm (2).
The binary Hamming codes were introduced by Richard Hamming [6] in
1950, who proposed also a simple decoding algorithm for such codes. Suppose
that y ∈ F2n (n = 2m − 1) is a vector obtained from some codeword x ∈ F2n
by changing at most one coordinate of x (from 0 to 1 or vice versa). Then x
can be recovered from y as fallows. We compute the column-vector S, called
the syndrome of y, as
S = Hy T , (8)
where H is the parity check matrix of Hm (2).
If S is the zero vector then y ∈ Hm (2) and we assume that no errors have
occurred, i.e., x = y. Otherwise, S is identical with one of the columns of H.
If S is equal to the ith column of H then x is obtained from y by replacing
the ith component yi of y by 1 − yi .
The decoding algorithm of the Hamming code is a special case of the
syndrome decoding.

26
Nonbinary Hamming Codes.

For every prime power q and every length n = (q m − 1)/(q − 1), (m ≥ 2),
there are linear perfect single-error-correcting codes over the finite field of
order q, GF (q), being analogues of the binary Hamming codes.
The q-ary Hamming code Hm (q) is defined as a linear code over GF (q)
with parity check matrix H having as columns representatives of all 1-
dimensional vector spaces of the m-dimensional vector space GF (q)m .
Exercise 5.1 Verify that Hm (q) is perfect.
Exercise 5.2 Describe a decoding procedure for correcting single errors us-
ing Hm (q).

6 Vasil’ev codes
All examples of nontrivial perfect codes discussed so far are linear codes.
Exercise 6.1 If C is a perfect code, any coset C + y, where y ∈
/ C, is a
perfect nonlinear code.
Vasil’ev [29] described the following “doubling” construction that starts
from a binary single-error-correcting perfect code of length n and produces
a perfect code of length 2n + 1 which is often nonlinear and not a coset of
any linear code.
Let E be a perfect binary code of minimum distance 3 and length n =
2m − 1 containing the zero vector (for example, E could be the Hamming
code Hm (2)). Let f be a function that assigns value 0 or 1 to every vector
from E, such that f (0̄) = 0, where 0̄ denotes the zero vector. Let π be the
function defined on F2n that assigns 0 to all vectors of even weight, and 1 to
all vectors of odd weight. Equivalently, if x = (x1 , . . . , xn ) ∈ F2n then
π(x) = (x1 + · · · + xn ) mod 2.
Theorem 6.2 Let C be a binary code of length 2n + 1 defined as follows:
C = {(v, (v + a) mod 2, (π(v) + f (a)) mod 2) | a ∈ E, v ∈ F2n }. (9)
Then
(i) C is a perfect binary single error-correcting code.
(ii) If f is nonlinear then the code C is nonlinear, and is not a coset of a
linear code.

27
Proof. Let x, y ∈ C, where
x = (v, v+a, π(v)+f (a)), y = (u, u+b, π(u)+f (b) : a, b ∈ E; u, v ∈ F2n . (10)
The Hamming distance d(x, y) between x and y is equal to
d(x, y) = d(v, u) + d(v + a, u + b) + d(π(v) + f (a), π(u) + f (b)).
If u = v then x 6= y only if a 6= b, in which case
d(x, y) ≥ d(a, b) ≥ 3.
If u 6= v, but a = b, we have
d(x, y) = 2d(v, u) + d(π(v), π(u)),
hence d(x, y) ≥ 4 whenever d(u, v) ≥ 2.
If d(v, u) = 1 then the Hamming weights of v and u are of different parity
modulo 2, hence d(π(v), π(u)) = 1 and d(x, y) = 3.
If a 6= b then d(a, b) = w(a − b) ≥ 3, and
d(x, y) ≥ w(v−u)+w(v−u+a−b) ≥ w(v−u)+w(a−b)−w(v−u) = w(a−b) ≥ 3.
Thus, the minimum distance of C is 3. The size of C is
m+1 −m−2
2n · 2n−m = 22n−m = 22 ,
hence C is a perfect code.
To prove (ii), we note that choosing v = a = 0 in (9) gives the zero vector,
thus C is either linear, or a nonlinear code that is not a coset of a linear code.
Let x, y ∈ C be defined as in (10). We have
x + y = (v + u, v + u + a + b, π(v) + π(u) + f (a) + f (b)),
where all additions are modulo 2. Since
π(v) + π(u) = π(v + u),
the vector x + y belongs to C if and only if a + b ∈ E and
f (a) + f (b) = f (a + b).
Thus, the code C is linear if E is linear and f is a linear function, and
nonlinear if f is nonlinear.

A code obtained via the construction of Theorem 6.2 is called a Vasil’ev

code.

28
Exercise 6.3 Let C be a binary linear code of dimension k and
f : C → {0, 1} be a function such that f (0̄) = 0 and
f (a + b) = f (a) + f (b)
for all a, b ∈ C, where all additions are modulo 2. Prove that either f is
constant or f takes value 1 at exactly 2k−1 vectors from C.
Exercise 6.4 Show that a Vasil’ev code of length 7 is necessarily linear.
Exercise 6.5 Find an explicit example of a nonlinear Vasil’ev code of length
15.
Note 6.6 There are exactly nineteen equivalence classes of Vasi’ev codes of
length 15 (F. Hergert [8]).
Note 6.7 All perfect binary single-error-correcting codes of length 15 have
been enumerated recently by Östergard and Pottonen [19].
Note 6.8 Nonlinear perfect single-error-correcting q-ary codes exist for ar-
bitrary prime power q (Schönheim [27], Lindström [9]).

7 The binary Golay codes

In this section, we describe a perfect binary 3-error-correcting code, namely,
a [23, 12, 7] code, discovered by Golay in 1949 [5].
Definition 7.1 A code C is self-orthogonal if C ⊆ C ⊥ , and self-dual if C =
C ⊥.
Note 7.2 Any generator matrix of a self-dual code is also a parity check
matrix of the same code, and vice versa.
Since the dual code C ⊥ of a linear [n, k] code C is an [n, n−k] code, it follows
that if C is self-orthogonal then k ≤ n/2. If C is self-dual then k = n/2,
hence n is even.
In what follows, we assume that any dual code is defined with respect to
the ordinary inner product (2). Any vector x = (x1 , . . . , xn ) which belongs
to a self-orthogonal code is orthogonal to itself:
x · x = x21 + · · · + x2n = 0, (11)
where all operations are evaluated in the corresponding finite field.

29
Note 7.3 Equation (11) implies that all vectors in a binary self-orthogonal
code are of even weight, and all vectors in a ternary self-orthogonal code have
weights divisible by 3.

Exercise 7.4 Prove that in a binary linear code either all codewords are of
even weight or exactly half of the codewords are of even weight.

Exercise 7.5 Prove that if C is a binary linear self-orthogonal code then

either all vectors in C have weights divisible by 4, or exactly half of the
vectors have weights divisible by 4.

Definition 7.6 A code C is called even if all vectors in C have even weights,
and doubly-even if all vectors in C have weights divisible by 4.

Exercise 7.7 A binary linear code with a generator matrix G is self-orthogonal

if and only if the rows of G are pairwise orthogonal and all rows have even
weights.

Exercise 7.8 A binary linear self-orthogonal code with a generator matrix

G is doubly-even if and only if all rows of G have weights divisible by 4.

The extended binary Golay code G24 is a linear [24, 12] code with a gen-
erator matrix
1
 

 I .. 
G=  12 . A 
, (12)
1

 
0 1 ... 1
where A is an 11 by 11 circulant matrix with six nonzero entries (equal to 1)
in the first row located positions 2, 6, 7, 8, 10, 11.

Theorem 7.9 The extended Golay code is a doubly-even self-dual code with
minimum distance 8.

Proof. The last row of G is of weight 12, while all other rows are of weight 8.
The inner product of the last row of G with any other row is 6. The product
of any two distinct rows of A is 3, hence the product of the corresponding
rows of G is 4. It follows from 7.7 and 7.8 that G generates a doubly-even

30
self-orthogonal code, and since the rank of G is 12 = 24/2, this code is
self-dual. Consequently, the matrix

1 ... 1 0
 

 1 

H=  ..  (13)
AT . I12
 
 
1

is both a parity check matrix and another generator matrix of G24 . Since G24
is doubly-even and G has rows of weight 8, the minimum weight of G24 is
either 4 or 8.
Assume that x = (x1 , . . . , x12 , x13 , . . . , x24 ) ∈ G24 is a codeword of weight
4. Let i be the weight of the first 12 positions of x, (x1 , . . . , x12 ). Then x is
the sum of i of rows of G and 4 − i rows of H. Since neither G nor H has
any rows of weight 4, it follows that i = 2. Using formula (4), one verifies
that the weight of the sum of any two rows of G is 8, a contradiction. Thus,
the minimum weight of G24 is 8.

The Golay code G23 of length 23 is a [23, 12, 7] code having a generator
matrix obtained by deleting one of the columns of G (12). Since

223 223
 
23
 
23
 
23
 
23
= 11
= 212 ,
+ + + 2
0 1 2 3

the code G23 is perfect.

Definition 7.10 The weight distribution of a code of length n is the sequence

a0 , a1 , . . . , an , where ai is the number of codewords of weight i (0 ≤ i ≤ n).

Exercise 7.11 Prove that if C is a binary linear code of length n with

weight distribution {ai }ni=0 containing the the all-one vector 1̄=(1, . . . , 1),
then ai = an−i for all 0 ≤ i ≤ n.

Exercise 7.12 Prove that if C is a binary linear [n, k] code with a generator
matrix having a nonzero ith column (1 ≤ i ≤ n), there are exactly 2k−1
vectors in C with ith coordinate equal to zero.

Exercise 7.13 Find the weight distribution of the extended Golay code G24 .

31
Exercise 7.14 Find the weight distribution of the perfect Golay code G23 .

Definition 7.15 The support sup(x) of a vector x = (x1 , . . . , xn ) is the set

of indices of its nonzero coordinates:

sup(x) = {i | xi 6= 0}.

Definition 7.16 Given integers t, v, k, λ with v ≥ k ≥ t ≥ 0, λ ≥ 0, a t-

(v, k, λ) design D is a pair (X, B), where X is a finite set of v points, and B
is a collection of k-subsets of X called blocks such that every t-subset of X
is contained n exactly λ blocks.
A design is simple if there are no repeated blocks.
A t-design with λ = 1, i.e., a t-(v, k, 1) design, is also called a Steiner
system, and often denoted by S(t, k, v).

Exercise 7.17 Prove that if D is a t-(v, k, λ) design with point set X and s
is an integer in the range 0 ≤ s ≤ t, any s-subset of X is contained in
 
v−s
t−s
λs = 
k−s

t−s

blocks of D. In particular, the total number of blocks is

 
v
t
b = λ0 =  .
k
t

Exercise 7.18 Show that the collection of the supports of vectors of weight
8 in G24 is a 5-(24, 8, 1) design.

Exercise 7.19 Show that the collection of the supports of vectors of weight
7 in G23 is a 4-(23, 7, 1) design.

Note 7.20 The full automorphism group of G24 is the 5-transitive Mathieu
group M24 [18], while the full automorphism group of G23 is the 4-transitive
Mathieu group M23 [18].

32
8 The ternary Golay codes
In [5], Golay described also a ternary perfect double-error-correcting code,
namely an [11, 6, 5] code, widely known in the literature as the ternary Golay
code.
The extended ternary Golay code G12 is a linear ternary [12, 6] code with
a generator matrix
1
 

 I .. 
6 . A 
G= , (14)
1
 
 
0 1 ... 1
where A is the 5 by 5 circulant matrix with first row 012210.
Theorem 8.1 The extended ternary Golay code is a self-dual code with min-
imum distance 6.

Proof. Since all rows of G are of weight 6 (a multiple of 3), and the inner
product of every two rows of G is a multiple of 3, G12 is self-dual, with
minimum weight D equal to 3 or 6. A codeword of weight 3 has to be either
a row of G (14), or a row of the parity check matrix H given by (15).
2 ... 2 0
 

 2 

H=  ..  (15)
−AT . I6
 
 
2
Since neither G nor H has any rows of weight 3, it follows that d = 6.

Puncturing one of the twelve coordinates of G12 yields an [11, 6, 5] code

G11 . Since
311
  = 36 ,
1 + 2 · 11 + 2 11
2
2
the code G11 is perfect.
Exercise 8.2 Let A be the 11 by 11 circulant from (12). Prove that the
matrix  
1
 .. 
 J −A . 


1

33
is a generator matrix of a ternary self-dual [12, 6, 6] code.

Exercise 8.3 Let H12 be an Hadamard matrix of order 12. Show that H12
is a generator matrix of a ternary self-dual [12, 6, 6] code.

Exercise 8.4 Find the weight distribution of the extended Golay code G12 .

Exercise 8.5 Find the weight distribution of G11 .

Exercise 8.6 Prove that the supports of all vectors of weight 5 in G11 are
the blocks of a 4-(11, 5, 1) design.

Exercise 8.7 Prove that the supports of all vectors of weight 6 in G12 are
the blocks of a 5-(12, 6, 1) design.

Note 8.8 Any automorphism of a ternary code is a signed permutation be-

ing a composition of a permutation of the coordinates followed by a negation
of coordinates. The set of all permutations obtained by neglecting the nega-
tions in automorphisms of G11 is a permutation group isomorphic to the
4-transitive Mathieu group M11 [17] of order 7920 = 11 · 10 · 9 · 8. Similarly,
the permutations obtained by neglecting the negations in automorphisms of
G12 is a permutation group isomorphic to the 5-transitive Mathieu group M12
[17] of order 95040 = 12 · 11 · 10 · 9 · 8.

Note 8.9 In [5], Golay introduced not only the perfect binary [23, 12, 7] and
ternary [11, 6, 5] codes, but also all linear binary and q-ary perfect single-
error-correcting codes, widely known in the literature as Hamming codes.

Note 8.10 The parameters of all perfect codes over a finite filed were de-
termined in a series of papers by van Lint [10], [11], [12], Tietäväinen [28],
and Zinoviev and Leontiev [30]. The main result is that a nontrivial linear
perfect code is either a Hamming code or a Golay code. In addition, any
nonlinear perfect code with minimum distance greater than 3 is a coset of a
Golay code, and any perfect single-eerror-correcting codes has the parame-
ters of a Hamming code. For a proof of the uniqueness (up to equivalence) of
the Golay codes see Pless [22], [23, Chapter 10], and Delsarte and Goethals
[4]. A more recent survey on perfect codes is the paper by Heden [7].

34
9 The Assmus-Mattson characterization of per-
fect codes
Suppose that q is a prime power, and let C ⊆ GF (q)n be a linear q-ary code
of length n. Let w be an integer, 0 < w < n. If q > 2 and x ∈ C is a vector
of weight w, all q − 1 nonzero multiples αx of x, where α ∈ GF (q), α 6= 0,
share the same support. We associate with x and its multiples the support
sup(x), and define a collection of w-subsets D of the set of coordinate indices
{1, 2, . . . , n}, consisting of the supports of all codewords in C of weight w.
The next theorem, due to Assmus and Mattson [2], describes a relation-
ship between perfect codes and t-designs supported by their codewords of
minimum weight.

Theorem 9.1 A linear code C over GF (q) of length n and minimum dis-
tance d = 2e + 1 is perfect if and only if the collection of supports of all
codewords of weight d is a simple (e + 1) − (n, 2e + 1, (q − 1)e ) design.

Proof. Assume that C is a perfect code with minimum distance d = 2e + 1.

Let T be an arbitrary (e + 1)-subset of {1, 2, . . . , n}. Any vector x ∈ GF (q)n
of weight e + 1 with support sup(x) = T is at distance e from exactly one
codeword y ∈ C, and the weight of y is equal to d = 2e + 1. The number
of all vectors in GF (q)n having T as a support is equal to (q − 1)e+1 , and
each two such vectors are at distance e from distinct codewords. Therefore,
not counting scalar multiples, T is contained in exactly (q − 1)e supports of
codewords of weight d = 2e + 1. Consequently, the collection of supports of
codewords of minimum weight is an (e + 1) − (n, 2e + 1, (q − 1)e ) design.
Let us assume now that the supports of all codewords of minimum weight
d = 2e + 1 in a linear code C ⊆ GF (q)n form a simple (e + 1) − (n, 2e +
1, (q − 1)e ) design. Any vector u ∈ GF (q)n of weight not exceeding e is
at distance at most e from the zero codeword. Suppose that the spheres of
radius e around all codewords of C do not contain all vectors of GF (q)n , and
let y be a vector of smallest weight among all vectors which are at distance
greater than or equal to e + 1 from every codeword. It follows that y is of
weight at least e + 1. Let yi1 , . . . , yie+1 be a set of e + 1 nonzero coordinates
of y. The set of indices T = {i1 , . . . , ie+1 } is contained in (q − 1)e supports
of codewords of minimum weight. The number of codewords of minimum
weight whose supports contain T is equal to (q − 1)e+1 , and any two such
codewords differ in at least one position from T . Thus, there is a codeword

35
z of minimum weight which coincides with y in all positions from T :

zi1 = yi1 , . . . , zie+1 = yie+1 .

Consequently, the vector y ′ = z − y is of weight smaller than the weight of

y, and is at distance at least e + 1 from all codewords, which contradicts to
the choice of y.

Corollary 9.2 The number of codewords of minimum weight 2e + 1 in a

linear perfect q-ary code of length n is equal to
n(n − 1) · · · (n − e)
(q − 1)e .
(2e + 1)(2e) · · · (e + 1)

Corollary 9.3 The supports of minimum weight vectors of the binary Golay
code G23 form a 4-(23, 7, 1) design.

Corollary 9.4 The supports of minimum weight vectors of the ternary Go-
lay code G11 form a 3-(11, 5, 4) design.

Note 9.5 The 3-(11, 5, 4) design from 9.4 is actually a 4-(11, 5, 1) design.

We note that if q = 2, the only nonzero multiple of a vector x 6= 0̄ is x itself.

Thus, the proof of Theorem 9.1 implies the following result.
Theorem 9.6 A binary code of length n = 2m − 1 (m ≥ 2) and minimum
distance 3 which contains the zero vector is perfect if and only if the collection
of the supports of all codewords of weight 3 is a 2-(2m − 1, 3, 1) design.

Corollary 9.7 The supports of minimum weight vectors of any Vasil’ev code
of length 2m − 1 form a 2-(2m − 1, 3, 1) design.

Note 9.8 A 2-design with block size 3 and λ = 1, i.e., a 2-(v, 3, 1) design is
also called a Steiner triple system, and is often denoted by ST S(v).

Exercise 9.9 (i) Use the construction from [9] or [27] to find a nonlinear
perfect single-error-correcting ternary code of length 13 that contains the
zero vector.
(ii) Find the weight distribution of the code.
(iii) Verify whether the supports of codewords of weight 3 support a 2-design.

36
Definition 9.10 Given a binary code C of length n, the extended code Ĉ
is defined as a code of length n + 1 obtained by adding to each codeword
x = (x1 , . . . , xn ) ∈ C a new coordinate xn+1 equal to the overall parity check,
that is, xn+1 = 0 if the weight of x is even, and xn+1 = 1 if the weight of x
is odd.

Clearly, all vectors of the extended code are of even weight. If C is a linear
[n, k] code with minimum distance d, the extended code Ĉ is a linear [n+1, k]
code with minimum distance d, ˆ with d=d
ˆ if d is even, and dˆ = d + 1 if d is
odd.
If C is a binary perfect code, the extended code Ĉ also yields a design.
Theorem 9.11 (Assmus and Mattson [2]). If C is a perfect binary code
of length n and minimum weight d = 2e + 1 containing the zero vector, the
supports of the codewords of weight 2e + 2 in the extended code Ĉ form an
(e + 2)-(n + 1, 2e + 2, 1) design.

Proof. Let û be a binary vector of length n + 1 and weight e + 2. We

will show that the support of û is contained in the support of exactly one
codeword of Ĉ of weight 2e + 2. The supports of any two distinct codewords
x, y ∈ Ĉ of weight 2e + 2 can share at most e + 1 coordinates. Thus, the
support of û can be covered by the support of at most one codeword of weight
2e + 2. We denote by u the vector of length n obtained by removing the last
coordinate ûn+1 of û. Assume that ûn+1=0. Let c ∈ C be a vector which is
at distance at most e from u. The weight of x is equal to w(c) = 2e + i for
some integer i ≥ 1. We have

d(c, u) = w(c + u) = 3e + i + 2 − 2w(c ∗ u) ≤ e,

and
w(c ∗ u) ≤ e + 2,
hence
i
e+1+ ≤ w(c ∗ u) ≤ e + 2.
2
Thus, i = 2, w(c) = 2e + 2, and the support of û is covered by the support of
ĉ ∈ C, where w(ĉ) = 2e + 2 and ĉ is obtained by extending c with an overall
parity check equal to zero.
Assume now that ûn+1=1. The shortened vector u is of weight e + 1, and
according to Theorem 9.1, the support of u is covered by the support of a

37
codeword c ∈ C of weight 2e + 1. The extended word ĉ is of weight 2e + 2
and has (n + 1)st coordinate equal to 1, and the support of ū is contained in
the support of c̄.

Corollary 9.12 The minimum weight vectors of the extended code of a bi-
nary perfect single-error-correcting code of length 2m − 1 containing the zero
vector support a 3-(2m , 4, 1) design.

Definition 9.13 A 3-(v, 4, 1) designs is also called a Steiner quadruple sys-

tem, and is often denoted by SQS(v).

Corollary 9.14 The minimum weight vectors in the extended Golay code
G24 support a 5-(24, 8, 1) design.

Exercise 9.15 Find the number of codewords of weight 4 in the binary

Hamming code of length 2m − 1.

Exercise 9.16 Find the number of codewords of weight 4 in the extended

code of a prefect binary single-error-correcting code of length 2m − 1 contain-
ing the zero vector.

Exercise 9.17 Find the weight distribution of the dual code of the binary
Hamming code of length 2m − 1.

38
10 Perfect codes and data compression
The major use of error-correcting codes is, as their name suggests, for de-
tection and correction of random errors that may occur in the encoded data
during transmission or while the data is being stored on some memory device.
However, codes can also be used for data compression, a process that allows
for adding some noise to the data with the purpose of achieving a higher
transmission rate or saving memory space. In this application, perfect codes
have some advantages, as noted by Shannon in 1959 [26].
Suppose that some data of nature that can tolerate up to a certain degree
of noise is to be stored or transmitted, and the purpose is to save memory
space or increase the transmission speed, hence reduce the cost of storage or
transmission. A typical example is data being transmitted over a telephone
line, or other type of audio or visual data.
Let us assume that data is recorded in messages of length n over a finite
field GF (q) of order q. Assume further that C is a perfect [n, k, d = 2e + 1]
code over GF (q). Let y ∈ GF (q)n be an arbitrary data string of length n.
There exist a unique codeword x ∈ C such that x differs from y in at most
e positions. The message y is compressed to a string x̄=(xi1 , . . . , xik ) of k
information symbols of x, where i1 , . . . , ik are k linearly independent columns
of a generator matrix of C, and x̄ is then transmitted over a noiseless channel
or stored instead of y. At the receiving end, x̄ is decompressed to the whole
codeword x of length n, and x is being tilized instead of y. Assuming that
no errors have occurred during transmission or while x̄ was being stored, this
procedure can alter up to e components of the original data y. For many
applications, such a loss of precision may be tolerable.

Example 10.1 If C is a binary linear Hamming code of length n = 2m −1, a

compressed message consists of n − m bits only, and a decompressed message
differs from the original data in at most one of the n bits.

Example 10.2 Using the binary perfect Golay code G23 , any message of 23
bits is compressed to a shorter message of 12 bits only, and the decompressed
message differs from the original data in at most 3 out of 23 bits.

Exercise 10.3 Use the binary Hamming code of length 7 to compress and
decompress the data message (1, 1, 0, 0, 0, 1, 1).

39
11 MacWillimas identities
In this section, we discuss a relation between the weight distribution of a
linear code and that of its dual code, discovered by F. J. MacWilliams [13],
[14].
The weight enumerator of a code C of length n is a polynomial
n
ai xi ,
X
A(x) =
i=0

where ai is the number of codewords of C of weight i.

Theorem 11.1 (MacWillimas). Suppose that C is a linear [n, k] code over
GF (q) with weight distribution {ai }ni=0 , and let {bi }ni=0 be the weight distri-
bution of the dual code C ⊥ . The weight enumerators of C and C ⊥ are related
by the equation
n n
k i
aj (1 − x)j (1 + (q − 1)x)n−j .
X X
q bi x = (16)
i=0 j=0

Proof. There are several identities equivalent to (16), all known as MacWilliams
identities. We will prove one such identity, from which (16) will follow.
Comparing the coefficients of xi in the left and right-hand sides of equa-
tion (16), we can find a formula expressing b0 , . . . , bn in terms of a0 , . . . , an .
For this purpose, we expand (16) as follows:
n n
bi xi = q −k aj (1 − x)j (1 + (q − 1)x)n−j =
X X

i=0 j=0
j n−j
n X
! !
j n−j
−k
(−1)s xs (q − 1)t xt .
X X
q aj
j=0 s=0 t=0 s t

Let s + t = i. Then
n n n−j+s
n X
! !
i j n−j
−k
(−1)s (q − 1)i−s xi =
X X X
bi x = q aj
i=0 j=0 s=0 i=s s i−s
n Xn Xn
! !
j n−j
−k
(−1)s (q − 1)i−s xi =
X
q aj
j=0 s=0 i=0 s i−s
n n n
! !
i j n−j
−k
(−1)s (q − 1)i−s .
X X X
q x aj
i=0 j=0 s=0 s i−s

40
Note that extending the summation from i = s to n − j + s, to i = 0 to n
is possible because all additional terms are equal to 0. After this, we can
change the order of summation. Comparing the coefficients of xi , we have
n n
! !
j n−j
−k
(−1)s (q − 1)i−s .
X X
bi = q aj
j=0 s=0 s i−s

Substituting x = 1 + y in (16) gives

n n
qk bi (1 + y)i = aj (−y)j (q + (q − 1)y)n−j .
X X

i=0 j=0

Extending the limits of summation and comparing the coefficients of y m , we

have
n m
! !
i n−k−m n−j
(−1)j (q − 1)m−j .
X X
bi =q aj
i=m m j=0 n−m
Similarly, substituting x = 1/(1 + y) in (16) gives
n n
qk bi (1 + y)n−i = aj y j (y + q)n−j ,
X X

i=0 j=0

which implies
n−m m
! !
n−i n−j
= q n−k−m
X X
bi aj . (17)
i=0 m j=0 n−m

Now we will prove equation (17). Let s = {s1 , . . . , sm } be a set of m distinct

integer numbers in the range 1 ≤ si ≤ n, and let t = {t1 , . . . , tn−m } be the
complementary set of s in the set of integers between 1 and n. Let Fs be
the subspace of GF (q)n consisting of all vectors having zeros in positions
t1 , . . . , tn−m . The subspace Ft is defined similarly with respect to the set of
indices s. Note that Ft = Fs ⊥ .
The subspace of C ⊥ consisting of all codewords having zeros in positions
s1 , . . . , sm coincides with C ⊥ ∩ Ft . Note that

(C ∩ Fs )⊥ = C ⊥ ⊕ Fs ⊥ = C ⊥ ⊕ Ft ,

where ⊕ denotes the sum of the corresponding subspaces, that is,

U ⊕ V = {αu + βv | u ∈ U, v ∈ V ; α, β ∈ GF (q).}

41
Let ds denote the dimension of C ∩Fs , and let dt be the dimension of C ⊥ ∩Ft .
Since (C ⊥ ⊕ Ft )⊥ = C ∩ Fs , the dimension of C ⊥ ⊕ Ft is equal to n − ds . On
the other hand,

dim(C ⊥ ⊕ Ft ) = dim C ⊥ + dim Ft − dim(C ⊥ ∩ Ft ) = (n − k) + (n − m) − dt ,

thus
n − ds = (n − k) + (n − m) − dt ,
or
dt = ds + n − k − m.
Let us count in two was the ordered pairs (s, v), where s is an m-subset of
N = {1, . . . , n}, and v ∈ C ∩ Fs . For any given s, there are q ds such pairs.
The total number of pairs is
q ds .
X

s⊂N

Each vector v ∈ C of weight j contains n − j nonzero coordinates, and each

set t, which is an (n − m)-subset of these coordinates defines
  a set s that
n−j
forms a pair with v. For any given m, we can choose s in n−m ways. Thus,
we have n
!
X
ds
X n−j
q = aj .
s⊂N j=0 n−m
Similarly, counting the pairs (t, v), where t is an (n − m)-subset of N, and
v ∈ C ⊥ ∩ Ft , we have
n
!
n − i
q dt =
X X
bi .
t⊂N i=0 m
Since dt = ds + n − k − m and every subset t defines a unique s, we have

q dt = q ds +n−k−m = q n−k−m q ds ,
X X X

t⊂N s⊂N s⊂N

which implies (17), and consequently (16).

Corollary 11.2 (Pless power moment identities [20]).

n r r
!
X
r
X X
k−v n−i
(n − i) ai = bi ( v!S(r, v)q ), r = 0, 1, . . . , n, (18)
i=0 i=0 v=i n−v

42
where S(r, v) is a Stirling number of the second kind,
v
!
1 X v r
S(r, v) = (−1)v−i i.
v! i=1 i

Note 11.3 The equation (16) can be rewritten more compactly as

1−x
q k B(x) = (1 + (q − 1)x)n A( ).
1 + (q − 1)x

Exercise 11.4 Find the weight enumerators of the binary Hamming codes
of length 3 and 7 and their dual codes, and then use (16) to verify your
results.

Exercise 11.5 Find the weight distribution of the dual code of the binary
Hamming code H4 (2) of length 15 by a direct computation, and then use
(16) to find the weight distribution of H4 (2).

Exercise 11.6 Use the results from 11.4 and 11.5 to make a conjecture for
the weight enumerator of the dual code of the binary Hamming code of length
n = 2m − 1, for any m ≥ 2.

12 The Assmus-Mattson Theorem

In this section we discuss a theorem proved by Assmus and Mattson [3] in
1969, which gives a sufficient condition for the codewords of given weight in
a linear code to support a t-design. We start with two lemmas.

Lemma 12.1 Suppose that G is a k × n generator matrix of a linear [n, k, d]

code. Any k × (n − d + 1) matrix G′ obtained by removing d − 1 columns of
G is of rank k.

Proof. Suppose the contrary, that is, the rank of G′ is smaller than k. Then
there exists a nonzero linear combination of the rows of G′ which is equal to
the zero vector of length n − d + 1. The linear combination with the same
coefficients of the corresponding rows of G is a nonzero vector of weight at
most d − 1, a contradiction.

43
Lemma 12.2 Let C be a q-ary [n, k, d] code. Let u0 be the largest integer
such that
u0
u0 − ⌈ ⌉ < d,
q−1
where ⌈x⌉ denotes the smallest integer number greater than or equal to x. If
a, b ∈ C are codewords having the same weight u ≤ u0 and share the same
support, then a = βb for some β ∈ GF (q), β 6= 0.

Proof. Let a = (a1 , . . . , an ), b = (b1 , . . . , bn ), and let i1 , . . . , iu be the

nonzero positions of a and b. We consider the set
aij
M ={ | j = 1, . . . , u.}
bij

There exists a nonzero element β ∈ GF (q) which occurs at least ⌈u/(q − 1)⌉
times in M. It follows that the weight of a − βb is at most u − ⌈u/(q − 1)⌉.
Since u ≤ u0 , we have
u
u−⌈ ⌉ < d.
q−1
Thus, u − ⌈u/(q − 1)⌉ = 0, and a = βb.

Theorem 12.3 (Assmus and Mattson [3]). Let C be a linear [n, k, d] code,
and let d¯ be the minimum distance of the dual code C ⊥ . Denote by u0 the
largest integer such that u0 −⌈u0 /(q−1)⌉ < d, and let w0 be the largest integer
satisfying w0 − ⌈w0 /(q − 1)⌉ < d. ¯ If q = 2, we set u0 = w0 = n. Suppose
that the number s of distinct nonzero weights in C ⊥ which are smaller than
or equal to n − t, satisfies s ≤ d − t. Then, for each weight u, such that
d ≤ u ≤ u0 the supports of codewords of weight u in C, yield a t-design.
Furthermore, for each weight w such that d¯ ≤ w ≤ min{n − t, w0 }, the
supports of codewords of weight w in the dual code C ⊥ , also yield a t-design.

Proof. Let T be a fixed t-subset of the set of coordinates X = {1, 2, . . . , n}.

We denote by C ′ the code of length n−t obtained by removing the coordinates
contained in T from all codewords of C. Let C0 denote the subcode of C
consisting of all codewords having zeros in all t coordinates from T . Assume
now that t < d. It follows from Lemma 12.1 that C ′ is an [n − t, k] code.
Clearly,
(C0⊥ )′ ⊆ (C ′ )⊥ .

44
Since the dimension of (C0⊥ )′ is greater than or equal to n − k − t, we have
(C0⊥ )′ = (C ′ )⊥ .
Let wi, 1 ≤ i ≤ r be all distinct nonzero weights in C ⊥ which are smaller
than or equal to n − t. These are also the only possible nonzero weights of
(C0⊥ )′ . Since the minimum weight of C ′ is greater than or equal to d − t,
we know the first d − t coefficients of the weight enumerator of C ′ . The
number d − t is greater than or equal to the number of nonzero coefficients
of the weight enumerator of (C0⊥ )′ . The MacWilliams identities (17) give a
system of independent linear equations with a unique solution which does
not depend on the choice of T , but only on its size t. Thus, the weight
distribution of (C0⊥ )′ is independent of the choice of T . Since C ′ = ((C0⊥ )′ )⊥ ,
the same holds for the weight distribution of C ′ . In particular, the number
of codewords of weight d − t in C ′ does not depend on the choice of T , hence
every t-subset of the set of coordinate indices is contained in the supports of
a constant number of codewords of minimum weight d. Thus, the supports
of minimum weight vectors in C form a t-design.
Suppose now that w is an integer in the range d¯ ≤ w ≤ min{n − t, w0 },
and let D be the collection of supports of all codewords of weight w in C ⊥ .
We consider the family D ′ consisting of the complements of the sets in D. If
T is a t-subset of X = {1, . . . , n}, the number of bocks of D ′ containing T
is equal to the number of codewords of weight w in (C0⊥ )′ divided by q − 1
according to Lemma 12.2, and this number does not depend on the choice of
T . Thus, D ′ is a t-design, and consequently, D is also a t-design.
We now prove that the supports of codewords of C of any weight u,
d ≤ u ≤ u0 , form a t-design. We already know that this is true for u = d. We
prove the statement by induction. Suppose that the supports of all codewords
of C of any weight u′ such that d ≤ u′ < u form a t-design, and let D be the
collection of supports of all codewords of C of weight u. By Lemma 12.2, the
number of blocks of D containing a given t-subset T ⊂ {1, . . . , n} is equal to
the number of codewords of weight u − t in C ′ divided by q − 1. The total
number of words of weight u −t in C ′ is independent of the choice of T . Thus
D is a t-design.

Example 12.4 The extended binary Golay code G24 is a self-dual [24, 12, 8]
code with nonzero weights 8, 12, 16, and 24. There are three nonzero weights
smaller than n = 24, and d − 5 = 8 − 5 = 3. Hence, the supports of any

45
given weight form a 5-design. The weight distribution of the code is

a0 = a24 = 1, a8 = a16 = 759, a12 = 2576.

It follows from Theorem 12.3 that the codewords of weight 8 form a 5-(24, 8, 1)
design (or a Steiner system S(5, 8, 24)), while the codewords of weight 12 form
a 5-(24, 12, 48) design. The design supported by codewords of weight 16 is a
5-(24, 16, 78) design having as blocks the complements of blocks of the design
supported by codewords of weight 8.

Example 12.5 The extended ternary Golay code G12 is a self-dual [12, 6, 6]
code. The nonzero weights are 6, 9, and 12, hence the Assmus-Mattson
Theorem 12.3 applies for t = 5. The weight distribution is

a0 = 1, a6 = 264, a9 = 440, a12 = 24.

The codewords of minimum weight support a 5-(16, 6, 1) design, while the

vectors of weight 9 support a 5-(12, 9, 70) design. Note that
! !
12 12
= = 220.
9 3

Thus, the 5-(12, 9, 70) design supported by codewords of weight 9 is a com-

plete, or trivial design, having all possible 9-subsets as blocks.

Exercise 12.6 Prove that the supports of codewords of weight 4 of the

binary code with generator matrix
0 1 1 1
 
 1 
G = I4
 
 1 J3 − I3


1

support a 3-(8, 4, 1) design.

Exercise 12.7 Prove that the code from Exercise 12.6 is equivalent to the
extended code of the binary Hamming code of length 7.

Exercise 12.8 Prove that the codewords of any nonzero weight smaller than
2m −1 of the binary Hamming code of length 2m −1 form a 2-design. In partic-
ular, the minimum weight codewords support a Steiner system S(2, 3, 2m −1).

46
Exercise 12.9 Prove that the codewords of any nonzero weight smaller
than 2m of the extended binary Hamming code of length 2m form a 3-
design. In particular, the minimum weight codewords support a Steiner
system S(3, 4, 2m).

Exercise 12.10 Prove that for any prime power q ≥ 2, and any m ≥ 2, the
codewords of any nonzero weight smaller than (q m − 1)/(q − 1) of the q-ary
Hamming code of length (q m − 1)/(q − 1) form a 2-design.

13 Self-dual codes and t-designs

The Assmus-Mattson Theorem 12.3 applies to codes with relatively high
minimum distance and few distinct nonzero weights in their dual codes.
The extended Golay codes and the [8, 4, 4] code from Exercise 12.6 all
yield designs via Assmus-Mattson’s Theorem, and are all self-dual. Self-dual
codes, and more generally, self-orthogonal codes over a field of order 2 or 3
have regular gaps in their weight distribution. In the binary case, all weights
are even, and it is possible also that all weights are divisible by 4 (in the
latter case the code is called doubly-even; otherwise, a binary self-orthogonal
code containing words of weight not divisible by 4 is called singly-even.) In
a ternary self-orthogonal code, all weights are divisible by 3. If q = 4 and
the dual code is defined with respect to the Hermitian inner product

x · y = x1 y12 + · · · + xn yn2 , (19)

for x = (x1 , . . . , xn ), y = (y1 , . . . , yn ) ∈ GF (4)n , all weights in a quaternary

Hermitian self-orthogonal code are even.
The following upper bounds on the minimum distance of a self-dual code
were proved by Mallow and Sloane [16], and MacWilliams, Odlyzko, Sloane
and Ward [15].

Theorem 13.1 Let C be a self-dual [n, n/2, d] code over GF (q), where q =
2, 3, or 4.
(i) If q = 2 and C is singly-even, then d ≤ 2⌊n/8⌋ + 2.
(ii) If q = 2 and C is doubly-even, then d ≤ 4⌊n/24⌋ + 4.
(iii) If q = 3, then d ≤ 3⌊n/12⌋ + 3.
(iv) If q = 4 and C is Hermitian self-dual, then d ≤ 2⌊n/6⌋ + 2.

47
A self-dual code whose minimum distance meets the corresponding upper
bound in 13.1 is called extremal.
The extended binary and ternary Golay codes, as well as the extended
[8, 4, 4] Hamming code, are all extremal.

Exercise 13.2 Verify that the [6, 3] code over GF (4) = {0, 1, α, α2} with a
generator matrix  
1 0 0 1 1 1
G= 0 1 0 1

α α2 

0 0 1 1 α2 α
is Hermitian self-dual and extremal.

Theorem 13.3 An extremal self-dual [n, n/2] code yields t-designs, where:
(a) if q = 2 and C is singly-even, then t = 3 if n ≡ 0 (mod 8), t = 2 if
n ≡ 2 (mod 8), and t = 1 if n ≡ 4 (mod 8);
(b) if q = 2 and C is doubly-even, then t = 5, 3, or 1 according to n ≡ 0, 8,
or 16 (mod 24);
(c) t = 5 if q = 3 and n ≡ 0 (mod 12);
(d) t = 5 if q = 4 and n > 6 and n ≡ 0 (mod 6).

Exercise 13.4 Prove Theorem 13.3.

48
Table 13.5 Some 5-Designs derived from self-dual codes

Design Code Comments

5-(12,6,1) [12, 6, 6], q = 3 Extended ternary Golay
code
Golay code 5-(18,8,6) [18, 9, 8], q = 4 Extended cyclic code
5-(18,10,180)
5-(24,8,1) [24, 12, 8], q = 2 Extended binary Golay code
5-(24,12,48)
5-(24,9,6)
5-(24,12,576) [24, 12, 9], q = 3 Extended QR code;
5-(24,15,8580) Pless symmetry code [21]
5-(30,12,220)
5-(30,14,5390) [30, 15, 12], q = 4 Extended QR code
5-(30,16,123000)
5-(36,12,45)
5-(36,15,5577) [36, 18, 12], q = 3 Pless symmetry code
5-(36,18,209685)
5-(36,21,2438973)
5-(48,12,8)
5-(48,16,1365) [48, 24, 12], q = 2 Extended QR code
5-(48,20,36176)
5-(48,24,190680)
5-(48,15,364)
5-(48,18,50456)
5-(48,21,2957388) [48, 24, 15], q = 3 Extended QR code
5-(48,24,71307600) Pless symmetry code
5-(48,27,749999640)
5-(60,18,3060)
5-(60,21,449820)
5-(60,24,34337160) [60, 30, 18], q = 3 Pless symmetry code
5-(60,27,1271766600) Extended QR code
5-(60,30,24140500956)
5-(60,33,239329029060)

49
14 Pless symmetry codes
The symmetry codes are a class of ternary self-dual codes introduced by Pless
[21]. The smallest symmetry code is the extended ternary Golay code, and
a few more symmetry codes of larger length also yield 5-designs.
Let p > 2 be a prime, and let χ be the Legendre symbol, defined as follows:


0 if i = 0,
χ(i) = 1 if i is a quadratic residue (mod p), (20)
−1 if i is not a quadratic residue (mod p).



Since half of the integers between 1 and p − 1 are quadratic residues, and the
other half are non-residues, we have
p−1
X
χ(i) = 0.
i=0

If 1 ≤ a, b ≤ p − 1, then χ(ab) = 1 if a and b are both quadratic residues or

non-residues, and χ(ab) = −1 if one of a, b is a quadratic residue and the
other is a non-residue. Thus

χ(ab) = χ(a)χ(b) (21)

for any a, b ∈ GF (p).

Lemma 14.1 For every integer i in the range 1 ≤ i ≤ p − 1, we have
p−1
X
χ(a)χ(a + i) = −1. (22)
a=0

Proof. If 1 ≤ a ≤ p − 1, the equation a + i = ax has a unique solution

x = (a + i)/a in GF (p). In addition, if a 6= b, 1 ≤ a, b ≤ p − 1, then
(a + i)/a 6= (b + i)/b. Note also that (a + i)/a 6= 1 for i 6= 0. Thus,
p−1
X p−1
X p−1
X
χ(a)χ(a + i) = χ(a)χ(a + i) = χ(a)χ(ax).
a=0 a=1 a=1

Using (21), we have

p−1 p−1 p−1 p−1 p−1
χ(a2 x) = χ(a2 )χ(x) =
X X X X X
χ(a)χ(ax) = χ(x) = −χ(1)+ χ(x) = −1.
a=1 a=1 a=1 x=0, x6=1 x=0

50
 Let Q = (qij ) be the p × p matrix qi,j = χ(j − i) for 0 ≤ i, j ≤ p − 1.
Using Lemma 22, it is easy to prove the following.

Lemma 14.2 (i) QJ = JQ = 0.

(ii) QQT = pI − J.

Exercise 14.3 Prove Lemma 14.2.

Given an odd prime p ≡ 2 (mod 3), the symmetry code C(p) [21] is defined
as the ternary code with generator matrix

0 1 ··· 1
 

 χ(−1) 

G= Ip+1 .. .
. Q
 
 
χ(−1)

Theorem 14.4 The symmetry code C(p) is a self-dual [2p + 2, p + 1] code.

Exercise 14.5 Prove Theorem 14.4.

Exercise 14.6 Show that the symmetry code C(5) is equivalent to the ex-
tended ternary Golay code.

The minimum distances of C(11), C(17), C(23), and C(29) are 9, 12, 15,
and 18, respectively. Thus, all these codes are extremal and yield 5-designs.

15 Quadratic-residue codes
Let p > 2 be a prime, and let χ be the Legendre symbol (22). Let Q =
(qij )p×p , where qij = χ(j − i).

Lemma 15.1 (
T Q if p ≡ 1 (mod 4),
Q = (23)
−Q if p ≡ 3 (mod 4).

51
Proof. We have

qij = χ(j − i) = χ(−1)χ(i − j) = χ(−1)qji .

Let β be a primitive element of GF (p) = Zp . Then β p−1 = 1 and

p−1 p−1
β p−1 − 1 = (β 2 − 1)(β 2 + 1) = 0.
p−1
Since β 2 − 1 6= 0, it follows that
p−1
β 2 = −1.

If p ≡ 1 (mod 4), p = 4m + 1, then

p−1
β 2 = β 2m = −1

and −1 is a quadratic residue modulo p, hence χ(−1) = 1 and qij = qji.

If p ≡ 3 (mod 4), p = 4m + 3, then
p−1
β 2 = β 2m+1 = −1

and −1 is a quadratic nonresidue modulo p, hence χ(−1) = −1 and qij =

−qji .

The matrix M = (Q + J − I)/2 is a square (0, 1)-matrix with constant

row and column sum equal to (p − 1)/2. Alternatively, M = (mij )p×p , where
(
1 if i 6= j and j − i is a quadratic residue (mod p),
mi,j = (24)
0 otherwise.

Lemma 15.2
p−1 p−1
(
T 4
I + 4
J − M if p ≡ 1 (mod 4),
MM = p+1 p−3 (25)
4
I + 4
J if p ≡ 3 (mod 4).

Proof. Use Lemma 23.

Corollary 15.3 The matrix M is the incidence matrix of a 2 − (p, (p −

1)/2, (p − 3)/4) design if p ≡ 3 (mod 4), and the adjacency matrix of a
strongly regular graph with parameters n = p, k = (p − 1)/2, λ = (p −
5)/4, µ = (p − 1)/4 if p ≡ 1 (mod 4).

52
 A 2-(v, k, λ) design having equal number of points and blocks, v = b, is
called symmetric. If D is a symmetric design, every point is contained in k
blocks, every two blocks share exactly λ points, and k(k − 1) = λ(v − 1).
Thus, the incidence matrix A of a symmetric 2-(v, k, λ) design satisfies the
equations
AJ = JA = kJ, AAT = AT A = (k − λ)I + λJ. (26)

Lemma 15.4 Let p be a prime and let A be the incidence matrix of a sym-
metric 2-(v, k, λ) design such that p | k −λ, but p2 6 |k −λ and p 6 |k. Then the
rank of A over GF (q), rankq (A)), where q = ps , s ≥ 1, is equal to (v + 1)/2.

Proof. The determinant of AAT can be found easily by using (26) and
applying elementary row operations (adding multiples of rows to other rows):

det(AAT ) = k 2 (k − λ)v−1 . (27)

Consequently, det(A2 ) = (k − λ)k 2 , and

v−1
det(A) = ±k(k − λ) 2 .

Applying elementary operations of adding a multiple of a row (or column) to

another row (or column) and permuting rows and columns, we can put A into
diagonal form. These operations are equivalent to multiplying A from the
left and from the right by integral matrices with determinant 1 (unimodular
matrices) B, C so that

BAC = diag(d1 , d2 , . . . , dv )

for some integer d1 , . . . , dv . Hence,

v−1
det(BAC) = d1 d2 · · · dv = det(A) = ±k(k − λ) 2 .

The largest power of p that divides det(A) is (v − 1)/2. Consequently, p can

divide at most (v − 1)/2 of the numbers d1 , . . . , dv , and the p-rank of BAC,
and consequently,
v+1
rankp (A) ≥ .
2
On the other hand, we have

(J − A)(J − A)T = (k − λ)I + (v − 2k + λ)J.

53
Note that k(k − 1) = λ(v − 1) implies

λ(v − k) = (k − λ)(k − 1),

and since p 6 |k, we have p 6 |λ, hence p|(v − k), and p|(v − 2k + λ = (v − k) −
(k − λ)). Thus, the weight of every row of J − A, as well as the product of
every two rows of J − A, is divisible by p, hence the row space of J − A over
GF (p) is a self-orthogonal code, hence rankp (J − A) ≤ v/2. Equation (27)
implies that k − λ is a square if v is even. Thus, by the assumptions of the
theorem, v is odd and
v−1
rankp (J − A) ≤ .
2
Since p 6 |k, the all-one vector 1̄ is contained in the row (and column) space
of A over GF (q), and since p 6 |v, the vector 1̄ is not contained in the row (or
column) space of J − A over GF (q). Thus
v+1
rankp (A) = rankp (J − A) + 1 ≤ ,
2
which completes the proof.

Corollary 15.5 (Assmus and Maher [1]). Let A be the incidence matrix
of a symmetric 2-(v, k, λ) design and let p be a prime such that p | k − λ,
p2 6 |k − λ, p 6 |k, and −λ is a square in GF (p). The code C over GF (q) of
length (v + 1)/2 with a generator
√ matrix obtained by adding to A a constant
v+1
column with entries equal to −λ, is a self-dual (v + 1, 2 ) code.

Exercise 15.6 Prove Corollary 15.5.

Given a prime p > 2 and a prime power q, the q-ary quadratic-residue

code QR = QR(p, q) is defined as a linear code of length n = p over GF (q)
with generator matrix M defined by (24). A extended quadratic-residue code
QR∗ is a code over GF (q) of length p + 1 having as generator matrix the
matrix M bordered by the all-one column.

Theorem 15.7 Let n ≡ 3 (mod 4) be a prime.

(i) If p1 is a prime such that n ≡ −1 (mod p1 ), the code QR∗ (n, q), where
q = ps1 , s ≥ 1, is self-orthogonal.
(ii) If, in addition, p1 6 |n − 1 and p21 6 |n + 1, the code QR ∗ (n, q) is self-dual.

54
Exercise 15.8 Prove Theorem 15.7.

Exercise 15.9 If n ≡ −1 (mod 8) is prime, the binary extended code QR∗

of length n + 1 is self-orthogonal and doubly-even.

Example 15.10 The binary extended quadratic-residue codes of length 8,

24, 32, 48, 72 are doubly-even self-orthogonal codes. In addition, the codes
of length 8, 24 and 72 are self-dual by Theorem 15.7. The codes of length
32 and 48 are also self-dual, although their self-duality does not follow from
Theorem 15.7. The codes of length 8, 24, 32, and 48 are extremal. The
codes of length 8 and 32 yield 3-designs, while the codes of length 24 and 48
yield 5-designs by the Assmus-Mattson Theorem 12.3. The code QR(23, 2)
is equivalent to the binary Golay code, while QR(7, 2) is equivalent to the
Hamming code.

Example 15.11 The ternary extended quadratic-residue codes of length

12, 24, 48, and 60 are self-dual and extremal, hence yield 5-designs by the
Assmus-Mattson Theorem. The code QR(11, 3) is equivalent to the perfect
ternary Golay code, while the extended code QR(11, 3)∗ is equivalen to the
extended ternary Golay code.

Exercise 15.12 Give an example of a symmetric 2-(15, 8, 4) design of 2-rank

4.

Exercise 15.13 Give an example of a symmetric 2-(15, 7, 3) design of 2-rank

5.

Exercise 15.14 Give an example of a 3-(16, 8, 3) design of 2-rank 5.

Exercise 15.15 (i) Prove that if A is the incidence matrix of a symmetric

2-(31, 15, 7) design then
6 ≤ rank2 (A) ≤ 16.
(ii) Give an example of a symmetric 2-(31, 15, 7) design with incidence matrix
of 2-rank 6.
(iii) Give an example of a symmetric 2-(31, 15, 7) design with incidence matrix
of 2-rank 16.

55
16 Cyclic codes
A code C ⊆ GF (q)n is cyclic if the permutation (1, 2, . . . , n) is an automor-
phism of the code. Thus, for every vector (a0 , a1 , . . . , an−1 ) ∈ C, we have
also (an−1 , a0 , . . . , an−2 ) ∈ C. Consequently, along with every codeword, the
code contains all of its cyclic shifts.
A cyclic code does not have to be linear, but an elegant algebraic theory
has been developed for linear cyclic codes. If a = (a0 , . . . , an−1 ) is a vector
of a cyclic code C ⊆ GF (q)n , we can associate with a the polynomial

a(x) = a0 + a1 x + · · · + an−1 xn−1 ,

where x is a variable. With this in mind, we can think of C as a set of

polynomials in x of degree at most n − 1. The cyclic property of C implies
that if a(x) ∈ C then xm a(x) (mod (xn −1)) ∈ C for all m = 0, 1, . . . , n−1.
Pn−1
If C is a linear cyclic code and a(x) ∈ C then a(x) i=0 bi xi (mod (xn − 1))
belongs to C for arbitrary b0 , . . . , bn−1 ∈ GF (q). Thus, C is closed under
multiplication with polynomials in x modulo xn − 1. In algebraic terms, a
linear cyclic code is an ideal in the ring of polynomials Rn = F [x]/(xn − 1),
where F [x] is the ring of all polynomials in x over the field GF (q). Thus, we
have the following.

Theorem 16.1 A subset C ⊆ Rn is a linear cyclic code if and only if C is

an ideal in Rn .

A polynomial a(x) = a0 + a1 x + · · · + an−1 xn−1 is monic if an−1 = 1. The

next theorem shows that cyclic codes are principal ideals in Rn .

Theorem 16.2 Assume that C ⊆ Rn is a linear cyclic [n, k] code with k ≥ 1,

and let g(x) be a monic polynomial of minimum degree in C. Then

C =< g(x) >= {b(x)g(x) (mod (xn − 1)) |b(x) ∈ Rn }.

Proof. Since k ≥ 1, C contains nonzero polynomials. Let g(x) be a monic

polynomial of minimum degree in C. If a(x) is an arbitrary nonzero poly-
nomial in C, we can divide a(x) by g(x) in Rn : there are b(x) ∈ Rn and
r(x) ∈ Rn , where the degree of r(x) is smaller than the degree of g(x), such
that
a(x) = b(x)g(x) + r(x) (mod xn − 1),

56
hence r(x) = a(x) − b(x)g(x) ∈ C. The choice of g(x) now implies that
r(x) = 0.
Note that if g1 (x) is another monic polynomial of minimum degree in C
then g1 (x) = b(x)g(x) implies deg(b(x)) = 0 and b(x) = 1, thus, g1 (x) = g(x),
and the polynomial g(x) is the unique monic polynomial of minimum degree
in C.

The polynomial g(x) from Theorem 16.2 is called the generator polynomial
of the cyclic code C. By definition, the zero polynomial is the generator
polynomial of the cyclic (n, 0] code consisting of the zero vector only. The
constant 1 is the generator polynomial of the whole space, the [n, n] code
Rn = GF (q)n .
Theorem 16.3 If g(x) is the generator polynomial of a cyclic [n, k] code
C ⊆ Rn with k ≥ 1, then
(i) The degree of g(x) is equal to n−k, and if g(x) = g0 +g1 x+. . . gn−k−1xn−k−1 +
xn−k , the following circulant k × n matrix G is a generator matrix of C:
g0 g1 . . . gn−k−1 1 0 ... 0
 

 0 g0 . . . 0 gn−k−1 1 ... 0 

G=  .. . (28)
.
 
 
0 0 ... g0 ... ... 1
(ii) g(x) divides xn − 1.

Proof. (i) Since |C| = q k , it follows from Theorem 16.2 that the degree
of g(x) is equal to n − k. Thus, a generator matrix must have k linearly
independent rows, all being vectors from C, and the matrix (28) has these
properties.
(ii) We can divide xn − 1 by g(x) in the ring F [x]:
xn − 1 = h(x)g(x) + r(x), (29)
where deg(r(x)) < deg(g(x)). Equation (29) implies that in the ring Rn we
have
r(x) = −b(x)g(x) ∈ C,
hence r(x) must be the zero polynomial and xn − 1 = h(x)g(x).

If g(x) is a generator polynomial of a cyclic code C ⊆ Rn , the polynomial

h(x) = (xn − 1)/g(x) is called the check polynomial of C.

57
Theorem 16.4 If h(x) = h0 +h1 x+. . . hk−1 xk−1 +xk is the check polynomial
of a cyclic [n, k] code then the following (n − k) × n circulant matrix H,
1 hk−1 . . . h0 0 . . . 0
 

 0 1 . . . h1 h0 . . . 0 

H=  .. , (30)
.
 
 
0 0 ... 1 ... h0
is a parity check matrix of C.
Exercise 16.5 Prove Theorem 16.4.
If a(x) is a polynomial of degree m, the polynomial xm a( x1 ) is called the
reciprocal of a(x).
Exercise 16.6 Prove that if h(x) is the check polynomial of a cyclic code C
then the reciprocal polynomial of h(x) is a generator polynomial of the dual
code C ⊥ .
Exercise 16.7 Find generator polynomials for all binary cyclic codes of
length 7.
Exercise 16.8 Find generator polynomials for all ternary cyclic codes of
length 11.

17 Factoring xn − 1
Finding cyclic codes of length n over a finite field GF (q) requires factoring
xn − 1 in the ring of polynomials Fq [x] over GF (q).
Lemma 17.1 If f (x) ∈ Fps [x] then
s s
f (xp ) = (f (x))p .
Exercise 17.2 Prove Lemma 17.1.
If β ∈ GF (q), where q = ps , s ≥ 1, and p is a prime, then
β q = β,
hence β is a root of the polynomial xq − x ∈ Fp [x].
The minimal polynomial m(x) = mβ (x) over GF (p) of an element β ∈
GF (ps ) is defined as a monic polynomial of smallest degree with coefficients
in GF (p) having β as a root.

58
Lemma 17.3 The minimal polynomial m(x) = mβ (x) of an element β ∈
GF (ps ) has the following properties.
(a) m(x) is irreducible over Fp [x].
(b) m(x) divides every polynomial in Fp [x] having β as a root.
(c) m(x) is unique.
s
(d) m(x) divides xp − x.
(e) The degree of m(x) does not exceed s.
Exercise 17.4 Prove Lemma 17.3.
Corollary 17.5
s
xp − x =
Y
mβ (x). (31)
β∈GF (ps )

Exercise 17.6 Let q be a prime power. How many distinct cyclic codes of
length n = q − 1 over GF (q) are there?
Exercise 17.7 How many distinct cyclic codes of length 40 over GF (41) of
dimension 35 are there?
The multiplicative group of GF (q) is a cyclic group. Any generator of this
group is called a primitive element of GF (q). Thus, β ∈ GF (q) is primitive
if β i 6= 1 for 0 < i < q − 1, and
GF (q) = {0, β, β 2, . . . , β q−2 , β q−1 = 1}.
Exercise 17.8 List the primitive elements of GF (17).
An element β ∈ GF (q) is a primitive nth root of unity if β n = 1 and β i 6= 1
for 0 < i < n. It follows that n divides q − 1, and n = q − 1 if and only if
β is a primitive element of GF (q). If β is a primitive element of GF (q) then
γ = β d is a primitive nth root of unity with n = (q − 1)/d.
Given a prime power q and a positive integer n relatively prime to q, the
order of q modulo n is defined as the smallest positive integer d such that
q d ≡ 1 (mod n).
Let s be an integer with 0 ≤ s < n. The q-cyclotomic coset of s modulo
n is the set
Cs = {s, sq, . . . , sq d−1 (mod n)},
where d is the smallest positive integer such that sq d ≡ s (mod n). Note
that the order of q modulo n is equal to the size of the q-cylotomic coset of
1.

59
Lemma 17.9 Let n be a positive integer such that gcd(n, q) = 1. Let t be
the order of q modulo n, and let β be a primitive nth root of unity in GF (q t ).
For every integer s with 0 ≤ s < n, the minimal polynomial of β s over GF (q)
is given by
(x − β j ).
Y
mβ s (x) =
j∈Cs

Exercise 17.10 Prove Lemma 17.9.

Theorem 17.11 Let n be a positive integer such that gcd(n, q) = 1. Let t be

the order of q modulo n, and let β be a primitive nth root of unity in GF (q t ).
The factorization of xn − 1 into irreducible factors over GF (q) is given by

xn − 1 =
Y
mβ s (x),
s

where mβ s (x) is the minimal polynomial of β s over GF (q).

Corollary 17.12 If q is a prime power and n is a positive integer such that

gcd(n, q)=1 then xn − 1 has n distinct roots in GF (q t ), where t is the order
of q modulo n.
t
Proof. Since n divides q t − 1, the polynomial xn − 1 divides xq −1 − 1. Thus,
t t
every root of xn − 1 is also a root of xq −1 − 1. The polynomial xq −1 − 1 has
q t − 1 distinct roots in GF (q t ) being the nonzero elements of GF (q t ).

Exercise 17.13 Prove Theorem 17.11.

Exercise 17.14 Factor x15 − 1 over GF (2).

Exercise 17.15 Factor x23 − 1 over GF (2).

Exercise 17.16 How many distinct cyclic binary linear codes of length 17
are there? List the dimensions of these codes.

Exercise 17.17 Give the generator polynomial g(x), check polynomial h(x),
and the parity check-matrix matrix associated with h(x), of a linear binary
cyclic code length 15 which is equivalent to the Hamming code of length 15.

60
Exercise 17.18 (i) Find a generator polynomial for a cyclic ternary [11, 6]
code.
(ii) Show that a cyclic ternary [11, 6] code has minimum distance 5 (conse-
quently, it is equivalent to the perfect ternary Golay code).

Exercise 17.19 Find the minimal polynomials of the elements of GF (16)

over GF (2).

Exercise 17.20 Find the minimal polynomials of the elements of GF (35 )

over GF (3).

Exercise 17.21 Determine the smallest field of characteristic 3, GF (3t ),

that contains all roots of x23 − 1.

Exercise 17.22 Determine the number of cyclic ternary codes of length 13.

Exercise 17.23 Give the generator polynomial of a cyclic ternary [13, 10]
code.

18 Idempotent generators of cyclic codes

An element e of the ring Rn is called an idempotent if e2 = e. Trivial examples
are e = 0 and e = 1.

Theorem 18.1 Let q be a prime power and n be a positive integer such that
gcd(n, q) = 1, and let C be a linear cyclic code of length n over GF (q). There
exists an idempotent e(x) ∈ C such that

C =< e(x) >= {a(x)e(x) | a(x) ∈ Rn }.

Proof. If C is the code of dimension zero then e(x) is the zero polynomial.
If C = Rn is the whole space, we can take e(x) = 1. Suppose that C is a
code of dimension k, 1 < k < n. The generator polynomial g(x) and check
polynomial h(x) of C are both nonzero polynomials such that g(x)h(x) =
xn − 1. Since all roots of xn − 1 in Rn are distinct (by Corollary 17.12), it
follows that gcd(g(x), h(x)) = 1. By the Euclidean algorithm, there exist
polynomials a(x), b(x) ∈ Fq [x] such that

a(x)g(x) + b(x)h(x) = 1 (32)

61
in Fq [x]. Consider the polynomial e(x) = a(x)g(x) ∈ C. Multiplying both
sides of (32) by e(x) gives
e2 (x) = a2 (x)g 2 (x) + a(x)g(x)b(x)h(x) = a(x)g(x) = e(x). (33)
Since
a(x)g(x)b(x)h(x) = (a(x)b(x))(g(x)h(x)) = 0
in Rn , e(x) = a(x)g(x) is an idempotent in Rn . Since e(x) is a multiple of
g(x) in Rn , it follows that e(x) ∈ C and < e(x) >⊆ C.
If c(x) ∈ C then c(x) = f (x)g(x) for some f (x) ∈ Rn . Multiplying both
sides of (32) by c(x) = f (x)g(x) gives
f (x)g(x)a(x)g(x) + f (x)g(x)b(x)h(x) = c(x),
and since f (x)g(x)b(x)h(x) = 0 in Rn , we have
c(x) = (f (x)g(x))e(x) ∈< e(x) > .
Thus, C ⊆< e(x) >, and consequently, C =< e(x) >.

An idempotent e(x) of a cyclic code C such that C =< e(x) > is called
an idempotent generator of C.
Exercise 18.2 Prove that a cyclic code has only one idempotent generator.

Exercise 18.3 Find an idempotent generator for the ternary Golay code of
length 11.

Idempotents are very easy to find in the binary case. If q = 2 and n is

an odd integer, a polynomial e(x) ∈ Rn , e(x) = xi1 + xi2 + · · · + xis is an
idempotent if and only if
xi1 + xi2 + · · · + xis = x2i1 + x2i2 + · · · + x2is
in Rn . Thus, the set of exponents {i1 , . . . , is } is a union of 2-cyclotomic
cosets modulo n.
Example 18.4 If n = 7, the 2-cyclotomic cosets are
{0}, {1, 2, 4}, {3, 6, 5},
and the idempotents in R7 are 0, 1 = x0 , x+x2 +x4 , x3 +x6 +x5 , 1+x+x2 +x4 ,
1 + x3 + x6 + x5 , x + x2 + x4 + x3 + x6 + x5 , and 1 + x + x2 + x4 + x3 + x6 + x5 .

62
Theorem 18.5 If C is a cyclic code with an idempotent generator e(x), the
generator polynomial of C is g(x) = gcd(e(x), xn − 1).
Exercise 18.6 Prove Theorem 18.5.
Example 18.7 The generator polynomial of the binary cyclic code of length
7 with idempotent generator x3 + x6 + x5 is
gcd(x3 +x6 +x5 , x7 −1) = gcd(x3 (1+x2 +x3 ), (x−1)(x3 +x+1)(x3 +x2 +1) = x3 +x2 +1.
Idempotent generators are used in the traditional definition of binary quadratic
residue ( QR ) codes. Let n ≡ ±1 (mod 8) be a prime. Then 2 is a quadratic
residue modulo n. We denote by Q the set of quadratic residues, and by N
the set of quadratic nonresidue modulo n:
Q = { i | 1 ≤ i ≤ n−1, i ≡ a2 (mod n), a ∈ Z}, N = { j | 1 < j ≤ n−1, j ∈
/ Q}.
The binary cyclic codes CQ , CN having as idempotent generators the poly-
nomials
xi , eN = xj
X X
eQ =
i∈Q j∈N

respectively, are known as quadratic residue codes.

Theorem 18.8 Let n ≡ −1 (mod 8) be a prime.
(a) CQ and CN are equivalent.
(b) CQ ∩ CN =< 1̄ >.
(c) dim(Cq ) = dim(CN ) = (n + 1)/2.
(d) The extended quadratic residue codes are self-dual and doubly-even.
(e) (The square root bound) The minimum distance d of CQ satisfies the
inequality d2 − d + 1 ≥ n.
Exercise 18.9 Prove Theorem 18.8.
Example 18.10 If n = 31 or n = 47, the extended binary quadratic-residue
codes are self-dual. In these cases, Theorem 15.7 only implies that the ex-
tended quadratic residue codes are self-orthogonal. See also Exercise 15.9
and Example 15.10.
Exercise 18.11 Give the idempotent generator of CQ for n = 23.
Exercise 18.12 Prove that the minimum distance of the binary quadratic-
residue code CQ of length 23 is 7, thus, the code is perfect.

63
References
[1] E.F. Assmus, Jr., and D. P. Maher, Nonexistence proofs for projective
designs, Amer. Math. Monthly, 85 (1978), 110-12.
[2] E.F. Assmus, Jr., H.F. Mattson, Jr., Coding and Combinatorics, SIAM
Review, 16 (1974), 349-388.
[3] E. F. Assmus, Jr., and H. F. Mattson, Jr., New 5-designs, J. Combin.
Theory, 6, (1969), 122-151.
[4] P. Delsarte and J. -M. Goethals, Unrestricted codes with the Golay
parameters are unique, Discrete Math., 12 (1975), 211-224.
[5] M. J. E. Golay, Notes on digital coding, Proc. IEEE, 37 (1949), 657.
[6] R. W. Hamming, Error detecting and error correcting codes, Bell Syst.
Tech. J., 29 (1950), 147-160.
[7] O. Heden, A survey of perfect codes, Advances in Mathematics of Com-
munications, 2 (2008), 223-247.
[8] F. Hergert, The equivalence classes of the Vasil’ev codes of length 15,
Lecture Notes in Math., 969 (1982), 176-186.
[9] B. Lindström, On group and nongroup perfect codes in q symbols, Math.
Scand., 25 (1969), 149-158.
[10] J.H. van Lint, On the nonexistence of perfect 2- and 3-Hamming-error-
correcting codes over GF (q), Information and Control, 16 (1970), 396-
401.
[11] J.H. van Lint, A survey of perfect codes, Rocky Mountain J. Math. 5
(1975), 199-224.
[12] J.H. van Lint, Introduction to Coding Theory, Springer-Verlag, Berlin,
1982.
[13] F. J. MacWilliams, Combinatorial problems of elementary group theory,
PhD Thesis, Department of Math., Harvard University, May 1962.
[14] F. J. MacWilliams, A theorem on the distribution of weights in a sys-
tematic code, Bell Syst. Tech. J., 42 (1963), 79-94.

64
[15] F.J. MacWilliams, A.M. Odlyzko, N.J.A. Sloane, and H.N. Ward, Self-
dual codes over GF (4), J. Combin. Theory A 25 (1978), 288-318.

[16] C.L. Mallows and N.J.A. Sloane, An upper bound for self-dual codes,
Information and Control 22 (1973), 188-200.

[17] E. Mathieu, Memoire sur létude des fonctions de plusiers quantités, J.

Math. p. et a., 6 (1861), 241-323.

[18] E. Mathieu, Sur la fonction cinq fois transitive de 24 quantités, J. Math.

p. et a., 18 (1873), 25-46.

[19] Patric R.J. Östergard, Olli Pottonen, The perfect binary one-error-
correcting codes of length 15: Part I - classification, arXiv:0806.2513v1
[cs.IT], 16 June 2008.

[20] V. Pless, Power moment identities on weight distributions in error cor-

recting codes, Information and Control 6 (1963), 147-152.

[21] V. Pless, Symmetry codes over GF (3) and new five-designs, J. Combin.
Theory 5 (1968), 215-228.

[22] V. Pless, On the uniqueness of the Golay codes, J. Combin. Theory, 5

(1968), 215-228.

[23] V. Pless, Introduction to the Theory of Error-Correcting Codes, 3d Ed.,

Wiley, 1998.

[24] C. R. Rao, Factorial experiments derivable from combinatorial arrange-

ments of arrays, J. Royal Statist. Soc., Supplement, 9 (1947), 128-139.

[25] C. Shannon, A mathematical theory of communication, Bell System J.,

27 (1948), 623-656.

[26] C. Shannon, Coding theorems for a discrete source with a fidelity crite-
rion, IRE Nat. Conv. Rec., Part 4, (1959), 142-163.

[27] J. Schönheim, On linear and nonlinear single-error-correcting q-ary per-

fect codes, Information and Control, 12 (1968), 23-26.

[28] A. Tietäväinen, On the nonexistence of perfect codes over finite fields,

SIAM J. Appl. Math. 24 (1973), 88-96.

65
[29] J. L. Vasil’ev On nongroup close-packed codes (in Russian), Probl.
Kibernet., 8 (1962), 337-339, translated in Probleme der Kibernetik 8
(1965), 375-378.

[30] V.A. Zinoviev, V.K. Leontiev, The nonexistence of perfect codes over
Galois fields, Problems of Control and Information 2 (1973), 123-132.

66
Index
automorphism group, 18 maximum likelihood, 13
syndrome, 20
bound design
Hamming, 24 t-(v, k, λ), 32
Singleton, 17 simple, 32
sphere-packing, 24 symmetric, 53
code, 12 equivalent, 18
automorphism, 18 monomially, 18
block, 12 permutation, 18
cyclic, 56 error, 12
doubly-even, 30, 47
dual, 15 generator matrix, 15
even, 30 standard, 18
extended, 37 generator polynomial, 57
Hamming, 23, 26 Golay
linear, 15 binary
maximum distance separable, 18 extended, 30
MDS, 18
Hamming distance, 12
perfect, 24
Hermitian inner product, 47
quadratic residue, 63
quadratic-residue, 54 idempotent, 61
extended, 54 generator, 62
repetition, 24 information set, 18
self-dual, 29
extremal, 48 Legendre symbol, 50
self-orthogonal, 29
MacWilliams identities, 40
singly-even, 47
minimal polynomial, 58
size of, 24
minimum distance, 12
ternary Golay, 33
monic polynomial, 56
Vasil’ev, 28
coset, 20 overall parity check, 37
leader, 20
cyclotomic coset, 59 parity check matrix, 15
primitive n-th root of unity, 59
decoding, 12 primitive element, 59

67
reciprocal polynomial, 58
representative, 20

Singleton Bound, 17
sphere, 12
sphere-packing bound, 24
Steiner system, 32
Steiner triple system, 36
support, 32
symmetry code, 51
syndrome, 20, 21, 26
decoding, 22
syndrome decoding, 26

weight, 16
minimum, 16
weight distribution, 31
weight enumerator, 40

68