Upload
phungnhu
View
264
Download
0
Embed Size (px)
Citation preview
PRIMITIVE RECURSIVE VECTOR SEQUENCES,
POLYNOMIAL SYSTEMS AND
DETERMINANTAL CODES OVER FINITE FIELDS
A Thesis
Submitted in Partial Fulfillment of the Requirements
For the Degree of
Doctor of Philosophy
by
Sartaj Ul Hasan
(02409003)
Under the Supervision of
Supervisor: Professor Sudhir R. Ghorpade
External Supervisor: Dr. Meena Kumari
DEPARTMENT OF MATHEMATICS
INDIAN INSTITUTE OF TECHNOLOGY, BOMBAY
2009
Approval Sheet
The thesis entitled
“PRIMITIVE RECURSIVE VECTOR SEQUENCES, POLYNOMIAL
SYSTEMS AND DETERMINANTAL CODES OVER FINITE FIELDS”
by
Sartaj Ul Hasan
is approved for the degree of
DOCTOR OF PHILOSOPHY
Examiners
Supervisor (s)
Chairman
Date :
Place :
To My Teachers
i
Abstract
This thesis consists of two parts. The first part deals with problems arising in cryptography,
while the second part is related to the theory of linear error correcting codes.
PART-1: In this part, we consider a recent generalization of recursive sequences generated
by LFSRs, i.e., linear feedback shift registers, over finite fields. More specifically, we discuss
a conjecture due to Zeng, Han and He (2007) on the number of primitive σ-LFSRs over
the binary field F2. This is closely related to an open question of Niederreiter (1995). We
formulate a q-ary version of this conjecture and prove that it holds in the affirmative in a
special case. Moreover, we describe a plausible approach to prove the q-ary conjecture in
the general case by first establishing the surjectivity of a certain characteristic map, and
proposing a conjectural description of the size of fibres of this map. The key tools used
include the structure of Singer cycles in general linear groups, Galois theory of extensions
of finite fields, and certain aspects of linear algebra. Several results and questions related
to the general case of the Zeng, Han and He Conjecture are also discussed.
We also propose the design of a nonlinear feedforward σ-LFSR by using the so-called
Langford arrangements, and provide some experimental evidences to support that they are
cryptographically strong with respect to linear complexity.
PART-2: In this part, we begin with an expository account of certain results and conjec-
tures about the number of solutions of polynomial systems over finite fields. This includes a
self-contained proof of a theorem of Serre for projective hypersurfaces over finite fields and
a simpler proof of a theorem of Boguslavasky about systems of two projective hypersurfaces
of the same degree. A conjecture due to Tsfasman and Boguslavasky in the general case is
also stated. These results and conjectures are closely related to the determination of higher
weights of projective Reed-Muller codes, and this connection is outlined.
Next, we introduce a new family of linear error correcting codes, called determinantal
codes that are associated to determinantal varieties over finite fields. We explicitly deter-
mine the length and the dimension of these codes, and obtain bounds on their minimum
Hamming distance in certain special cases.
Contents
1 Introduction 1
2 Primitive Polynomials, Singer Cycles and σ-LFSRs 8
2.1 Primitive Polynomials and Primitive LFSRs . . . . . . . . . . . . . . . . . 8
2.2 Singer Cycles and Singer Subgroups . . . . . . . . . . . . . . . . . . . . . . 11
2.3 Word-Oriented Feedback Shift Register: σ-LFSR . . . . . . . . . . . . . . . 13
2.4 Block Companion Matrices . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.5 The Characteristic Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.6 The Case n = 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.7 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3 Word-Oriented Nonlinear Feedforward σ-LFSR 25
3.1 Linear Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.2 Linear complexity of σ-LFSR . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.3 Word-oriented nonlinear feedforward σ-LFSR . . . . . . . . . . . . . . . . 29
4 Polynomial Systems Over Finite Fields 33
4.1 Elementary Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.2 Projective Hypersurfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
4.3 Systems of Homogeneous Polynomials . . . . . . . . . . . . . . . . . . . . . 40
4.3.1 Basic Definitions and Results . . . . . . . . . . . . . . . . . . . . . 40
4.3.2 Boguslavasky’s Inequality . . . . . . . . . . . . . . . . . . . . . . . 43
ii
CONTENTS iii
4.4 Connection with Coding Theory . . . . . . . . . . . . . . . . . . . . . . . . 46
4.4.1 Polynomials Over Fq . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.4.2 Generalized Hamming Weights . . . . . . . . . . . . . . . . . . . . 47
4.4.3 Affine Reed-Muller codes . . . . . . . . . . . . . . . . . . . . . . . . 48
4.4.4 Projective Reed-Muller codes . . . . . . . . . . . . . . . . . . . . . 49
4.4.5 Tsfasman-Boguslavasky’s Conjecture . . . . . . . . . . . . . . . . . 51
5 Codes Associated to Determinantal Varieties 53
5.1 Linear codes and projective systems . . . . . . . . . . . . . . . . . . . . . . 54
5.2 Determinantal varieties over finite fields . . . . . . . . . . . . . . . . . . . . 56
5.3 Determinantal codes and their basic parameters . . . . . . . . . . . . . . . 59
Bibliography 61
Chapter 1
Introduction
This thesis comprises of a study of some combinatorial and geometric problems, which have
their origin in cryptography and coding theory, and it consists of two parts.
1. Enumeration of primitive σ-linear feedback shift registers (σ-LFSRs) and the design
of word-oriented nonlinear feedward σ-LFSRs.
2. Linear codes associated to projective varieties over finite fields.
Chapters 2 and 3 of thesis cover the first part, while Chapters 4 and 5 constitute the second
part. In the following, we explain some relevant background and give a brief motivated
account of the contents of the two parts.
PART-1
Enumeration of primitive σ-LFSRs and the design of
word-oriented nonlinear feedforward σ-LFSRs
Denote, as usual, by Fq the finite field with q elements and by Fq[X] the ring of poly-
nomials in one variable X with coefficients in Fq. It is elementary and well known that if
f(X) ∈ Fq[X] is of degree n and f(0) 6= 0, then f(X) divides Xe − 1 for some positive
integer e ≤ qn−1. The least such e is called the order of f(X) and is denoted by ord f(X).
We say that a monic polynomial f(X) ∈ Fq[X] of degree n is primitive if f(0) 6= 0 and
1
CHAPTER 1. INTRODUCTION 2
ord f(X) = qn − 1. The study of primitive polynomials goes back to Gauss and is an
interesting and important part of the theory of finite fields. A basic reference is [29, Ch.
3] and some of the relevant facts about primitive polynomials are recalled in Chapter 2.
Elements of the maximum possible order in the finite group GLn(Fq) of n × n non-
singular matrices with entries in Fq are called Singer cycles. These are closely related to
primitive polynomials since this maximum possible order is, in fact, qn − 1, and more-
over, characteristic polynomials of Singer cycles are primitive. We refer to [24] and [42] for
some basic aspects of the study of Singer cycles and provide a brief outline of basic results
together with some relevant consequences in Chapter 2
Linear feedback shift registers (LFSRs) are devices frequently used in cryptography
and coding theory (cf. [18, 29]). In effect, a LFSR can be viewed as a homogeneous
linear recurrence relation of finite order over the field Fq. Such a LFSR gives rise to an
infinite sequence of elements of Fq. In the binary case (q = 2), these sequences are used for
efficient encryption of data in designing stream ciphers. In general, it can be shown that
these sequences are (ultimately) periodic and the maximum possible period of an nth order
linear recurring sequence is qn − 1. In order to have good cryptographic properties [18],
one is mainly interested in the sequences generated by LFSRs of a given order that have
the maximum period. The LFSRs corresponding to sequences with maximum period are
known as primitive LFSRs. Using the connection with primitive polynomials or otherwise,
it is readily seen that the number of primitive LFSRs of order n over Fq is given by
φ(qn − 1)
n(1.1)
where φ is the Euler totient function.
Recently, Zeng, Han and He, in their preprint [48] of 2007, have proposed a gener-
alization of a (traditional) LFSR to a word-oriented linear feedback shift register, called
σ-LFSR. It is argued in [48] that the σ-LFSRs meet the dual demands of high efficiency
and good cryptographic properties, and that these can be viewed as a solution to a problem
of Preneel [37] on designing fast and secure LFSRs with the help of the word operations of
CHAPTER 1. INTRODUCTION 3
modern processors and the techniques of parallelism. Notions of primitivity readily extend
from LFSRs to σ-LFSRs although the connection with primitive polynomials and matri-
ces is a little more intricate. Unlike (1.1), a simple formula for the number of primitive
σ-LFSRs of order n over Fqm is not known, but an intriguing explicit formula in the binary
case has been conjectured. Motivated by this and based on empirical evidence, we have
formulated a version of this conjecture in the more general q-ary case. It states that the
number of primitive σ-LFSRs of order n over Fqm is given by
φ(qmn − 1)
mn.qm(m−1)(n−1)
m−1∏i=1
(qm − qi). (1.2)
We have also found that the seemingly new notion of a σ-LFSR can, in fact, be traced back
to the work of Niederreiter (1993-1996) mainly in the context of pseudorandom number
generation. Indeed, in a series of papers [32, 33, 34, 35], Niederreiter has introduced the
so called multiple recursive matrix method and the notion of recursive vector sequences.
The latter are essentially the same as sequences generated by a σ-LFSR, modulo a natural
isomorphism the field Fqm with qm elements and the vector space Fmq of dimension m over
Fq. The question of counting the number of primitive σ-LFSRs of a given order n over Fqm
is considered in [33, p. 11] under a different guise (cf. Remark 2.5.3 in Chapter 2), and
is termed as open problem. However, no explicit formula for this number is given, even
conjecturally, in the work of Niederreiter, and therefore, the credit for formulating (1.2)
should go to Zeng, Han and He [48] at least in the binary case. Moreover, in a personal
communication, Professor Niederreiter has informed us that the problem of counting the
number of primitive σ-LFSRs of a given order n over Fqm is still open to the best of his
knowledge. Our contribution to this problem can be summarized as follows.
To begin with, we note that in one initial case m = 1, the conjectural formula (1.2) is
an immediate consequence of (1.1). The other initial case n = 1 is not altogether trivial,
and we use certain properties of Singer cycles to prove that (1.2) holds in this case. In
the general case, we propose a plausible approach to derive (1.2) by noting that it suffices
CHAPTER 1. INTRODUCTION 4
to analyze the image and the fibers of a natural map from a certain class of mn × mn
matrices to the set of primitive polynomials of degree mn. We accomplish the first task by
showing that this map is surjective. As for the second, we give a conjectural description of
the fibers, which is again shown to be valid in the case n = 1 and illustrated in a few other
small cases. In the course of obtaining these results, we also give a number of equivalent
formulations of the q-ary version of the conjecture of Zeng, Han and He.
In Chapter 3, we initiate the study of a word-oriented nonlinear feedforward σ-LFSR.
This is based on an idea of Groth [19], which advocates the use of a Langford arrangement
[28] on LFSR in a clever fashion. Combining Langford arrangements with σ-LFSRs appears
to be a new and useful idea. Indeed, it seems that the resulting sequences generated
by nonlinear feedforward σ-LFSRs will have high linear complexity together with good
randomness properties as compared to simple σ-LFSRs. To support this, some experimental
results have been illustrated in Chapter 3. Work of this chapter is still in progress.
PART-2
Linear codes associated to projective varieties over finite fields
Let n, k be integers with 1 ≤ k ≤ n. A linear [n, k]q-code is, by definition, a k-
dimensional subspace C of the n-dimensional vector space Fnq . The parameters n and k
are referred to as the length and the dimension of the corresponding code. If C is linear
[n, k]q-code, then the minimum distance d = d(C) of C is given by
d(C) := min{|χ(x)| : x ∈ C, x 6= 0}
where χ(x) := {i ∈ {1, . . . , n} : xi 6= 0} is the support of the element x in Fnq . More
generally, the support of a subspace D of C is defined by
χ(D) := {i ∈ {1, . . . , n} : ∃ (x1, x2, ..., xn) ∈ D such that xi 6= 0}.
CHAPTER 1. INTRODUCTION 5
We shall use this to define the so-called higher weights or generalized Hamming weights of
a code. The notion of higher weights was introduced by Victor Wei in his seminal paper
[47] with the motivation of applying it in cryptology (codes for wire-tap channel of type
II, t-resilient functions). He viewed the minimum Hamming weight as a certain minimum
property of one-dimensional subcodes, and obtained a notion of higher dimensional Ham-
ming weights for linear codes. Given any positive integer r, the rth higher weight dr = dr(C)
of C is defined by
dr(C) := min{|χ(D)| : D is a subspace of C with dimD = r}.
Note that d1(C) = d(C).
An alternative way to describe linear codes is via the language of projective systems.
The notion of projective system was introduced by Tsfasman and Vladut [45], and they
showed that there is a one-to-one correspondence between projective systems and linear
codes, up to certain natural notions of equivalence on both these objects. Briefly, a pro-
jective system is a (multi)set X of n points in the projective space Pk−1 over Fq, and it
gives rise to a linear [n, k]q-code CX . Finding the higher weights of CX corresponds to
determining the maximum number of Fq-rational points on the sections of X by linear
subvarieties of Pk−1 of a given codimension. This geometric approach to higher weights of
codes is explained in [46] and a number of examples of determination of higher weights are
also discussed. In general, it is seen that to explicitly determine all the higher weights of a
linear code is usually interesting and also difficult.
Using the connection with projective systems or otherwise, several classes of linear codes
associated to higher dimensional projective algebraic varieties have recently been studied.
A few specific examples are cited in the introduction to Chapter 5, and we refer to the
above-mentioned work of Tsfasman and Vladut [46] and the recent survey of Little [30] for
more on this. In this thesis, we are particularly interested in the projective Reed-Muller
codes, which may be viewed as linear codes associated to Veronese varieties, and the linear
codes associated to determinantal varieties.
CHAPTER 1. INTRODUCTION 6
The question of determining the higher weights of projective Reed-Muller codes is open,
in general, and has been of considerable interest. This question can be viewed purely in
terms of the number of zeros of (homogeneous) polynomial systems over finite fields, and
is motivated as such in the Introduction of Chapter 4. Subsequently, we give in Chapter 4
a fairly self-contained account of the main results known concerning this question. This
includes a result of Serre on the number of points of projective hypersurfaces, and a simpler
proof of a result of Boguslavsky. As a consequence, it is seen that if Rq(u,Pm) denotes the
q-ary projective Reed-Muller code of order u on Pm, then
d1 (Rq(u,Pm)) = (q − u+ 1)qm−1.
Moreover, the second higher weight is given by
d2 (Rq(u,Pm)) =
qm + qm−1 if u = 1,
qm − (u− 2)qm−1 − qm−2 if u > 1.
It may be remarked that the formula for d2 as stated in the paper of Boguslavsky [1] is
incorrect in the case u = 1. In fact, the case u = 1 is relatively easy and, as noted in
Chapter 4, it can be shown, in general, that
dr (Rq(1,Pm)) = qm + qm−1 + · · ·+ qm−r+1 for 1 ≤ r ≤ m+ 1 = dim Rq(1,Pm).
In Chapter 5, we introduce a new class of linear codes, called determinantal codes.
These arise from determinantal varieties over finite fields. More specifically, we consider
the generic determinantal variety given by the vanishing of all (t + 1) × (t + 1) minors of
a ` × m matrix whose entries are independent indeterminates over Fq. The linear codes
associated to these determinantal varieties are denoted by Dt(`,m) and they may be viewed
as analogues of the codes associated to Schubert varieties that have recently been of some
interest (cf. [12, 15, 20]). We explicitly determine the length n and the dimension k of
CHAPTER 1. INTRODUCTION 7
determinantal codes, and show that
n =t∑
j=1
qj2−j
2
(q − 1).
j−1∏i=0
(q`−i − 1)(qm−i − 1)
(qi+1 − 1)and k = `m.
The former uses an old result of Landsberg (1893). Further, we use Serre’s inequality
proved in Chapter 4 to obtain the following lower bound on the minimum distance of
determinantal codes in the case ` = m = t+ 1:
d (Dt(`,m)) ≥ q`2−1 + q`
2−2 + (1− `)q`2−3 − q
`(`−1)2
∏i=2
(qi − 1).
Moreover, it is seen that the equality holds if ` = m = 2.
Results of Chapter 2 are contained in our preprint [17], which is now accepted for
publication in Designs, Codes and Cryptography. The study initiated in chapter 3 is still in
progress and we are likely to write a paper based on this chapter in near future. Chapter
4 is mostly expository in nature and an article based on this chapter is under preparation.
A manuscript based on the results of chapter 5 is ready to be submitted for publication.
Chapter 2
Primitive Polynomials, Singer Cycles
and σ-LFSRs
As indicated in the Introduction to this thesis, the notion of a primitive polynomial is quite
classical and is closely related to the notion of primitivity for a linear feedback shift register
(LFSR). In Section 2.1 below, we begin by reviewing a few basic facts about primitive
polynomials and LFSRs. Next, in Section 2.2, we show how primitive polynomials and
Singer cycles in general linear groups are related to each other. The σ-LFSRs of Zeng, Han
and He [48] are defined in Section 2.3 and the q-ary version of their conjecture concerning
the number of primitve σ-LFSRs is also given there. Subsequently, in Sections 2.4, 2.5,
2.6 and 2.7, we describe equivalent formulations of this conjecture and the results we have
obtained concerning the validity of this conjecture in certain special cases.
2.1 Primitive Polynomials and Primitive LFSRs
Recall that if f(X) ∈ Fq[X] is a polynomial of degree n such that f(0) 6= 0, then there is
a positive integer e ≤ qn − 1 such that f(X) divides Xe − 1. The least such e is called
the order of f(X) and is denoted by ord f(X). More generally, if f(X) is any nonzero
polynomial in Fq[X], then we can write f(X) = Xdg(X), where d ≥ 0 and g(X) ∈ Fq[X]
8
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 9
with g(0) 6= 0, and we define ord f(X) := ord g(X). A monic polynomial in Fq[X] of degree
n is said to be primitive if its order is qn − 1.
By a primitive element in a finite cyclic group G we mean a generator of G. Primitive
polynomials in Fq[X] are related to primitive elements by the following characterization
[29, Thm. 3.16], which is sometimes used to give an alternative definition of primitive
polynomials.
Proposition 2.1.1. Let f(X) ∈ Fq[X] be of degree n ≥ 1. Then f(X) is a primitive
polynomial if and only if f(X) is the minimal polynomial of a primitive element of the
cyclic group F∗qn of nonzero elements of the finite field Fqn.
Using the above theorem together with the fact that the number of primitive elements in
a cyclic group of order N is φ(N), we readily see that the number of primitive polynomials
in Fq[X] of degree n is given by (1.1).
We shall now proceed to review the basic definitions and some of the basic results
concerning linear feedback shift registers.
Definition 2.1.2. Let n be a positive integer and let c0, c1, . . . , cn−1 ∈ Fq. Given any n-
tuple (s0, s1, . . . , sn−1) ∈ Fnq , let s
∞ = (s0, s1, . . . ) denote the infinite sequence of elements
of Fq determined by the following linear recurrence relation:
si+n = sic0 + si+1c1 + · · ·+ si+n−1cn−1 for i = 0, 1, . . . (2.1)
The system (2.1) is called a linear feedback shift register (LFSR) of order1 n over Fq,
while the sequence s∞ is referred to as the sequence generated by the LFSR (2.1). The
n-tuple (s0, s1, · · · , sn−1) is called the initial state of the LFSR (2.1) and the polynomial
Xn − cn−1Xn−1 − · · · − c1X − c0 is called the characteristic polynomial of the LFSR (2.1).
The sequence s∞ is said to be ultimately periodic if there are integers r, n0 with r ≥ 1 and
n0 ≥ 0 such that sj+r = sj for all j ≥ n0. The least positive integer r with this property
1Some times order of LFSR is also referred as length of LFSR.
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 10
is called the period of s∞ and the corresponding least nonnegative integer n0 is called the
preperiod of s∞. The sequence s∞ is said to be periodic if its preperiod is 0.
It is customary to depict the LFSR (2.1) as in Figure 2.1.
Figure 2.1: Model of a linear feedback shift register (LFSR)
Some basic facts about LFSRs are summarized in the two propositions below. Proofs
can be found, for example, in [29, Ch. 8].
Proposition 2.1.3. For the sequence s∞ generated by the LFSR (2.1) of order n over Fq,
we have the following.
(i) s∞ is ultimately periodic and its period is ≤ qn − 1.
(ii) If c0 6= 0, then s∞ is periodic. Conversely, if s∞ is periodic whenever the initial state
is of the form (b, 0, . . . , 0), where b ∈ Fq with b 6= 0, then c0 6= 0.
We say that a LFSR of order n over Fq is primitive if for any choice of a nonzero initial
state, the sequence generated by that LFSR is periodic of period qn − 1. Primitive LFSRs
admit the following characterization.
Proposition 2.1.4. A LFSR of order n over Fq is primitive if and only if its characteristic
polynomial is a primitive polynomial of degree n in Fq[X].
As an immediate consequence of Propositions 2.1.1 and 2.1.4, we see that the number
of primitive LFSRs of order n over Fq is given by (1.1).
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 11
2.2 Singer Cycles and Singer Subgroups
The following result about orders of elements in a general linear group over finite field is
well known. We include a more elaborate version and a quick proof since it seems a bit
difficult to locate in or extract from the literature. An alternative (and somewhat longer)
proof of the inequality below can be found, for example, in [6, p. 742]. In what follows, for
an element A of a finite group G, we denote by o(A) the order of A in G.
Proposition 2.2.1. Let A ∈ GLn(Fq) and let p(X) ∈ Fq[X] be the minimal polynomial of
A and χ(X) ∈ Fq[X] be the characteristic polynomial of A. Then p(0) 6= 0 and o(A) =
ord p(X). In particular,
(i) o(A) ≤ qn − 1,
(ii) if the equality holds, then p(X) = χ(X). Also, we have:
o(A) = qn − 1 ⇐⇒ p(X) is primitive of degree n ⇐⇒ χ(X) is primitive. (2.2)
Proof. Since A is nonsingular, 0 is not an eigenvalue of A and hence p(0) 6= 0. Now, if I
denotes the n× n identity matrix over Fq, then for any positive integer e, we clearly have
Ae = I ⇐⇒ p(X) divides Xe − 1.
Consequently, o(A) = ord p(X). Further, degχ(X) = n and in view of the Cayley-Hamilton
Theorem, p(X) divides χ(X). In particular, deg p(X) ≤ n and hence o(A) = ord p(X) ≤
qn − 1. Moreover, if ord p(X) = qn − 1, then deg p(X) = n = degχ(X), and hence
p(X) = χ(X). On the other hand, if χ(X) is primitive, then it is irreducible and so
χ(X) = p(X). This yields the equivalence in (2.2).
Alternative proof of part (i) and (ii) of Proposition 2.2.1
Proof. By the Cayley-Hamilton Theorem, χ(A) = 0. In particular, if d = deg p(X), then
p(X) divides χ(X) and d ≤ n = degχ(X). Further, if G denotes the cyclic subgroup of
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 12
GLn(Fq) generated by A, then the group algebra Fq[G] is isomorphic to R = Fq[X]/ 〈p(X)〉.
Now G is a subgroup of the group Fq[G]× of units in Fq[G], and therefore
o(A) = |G| ≤∣∣Fq[G]×
∣∣ = ∣∣R×∣∣ ≤ qd − 1 ≤ qn − 1.
Also, it is clear that if o(A) = qn − 1, then d = n and hence χ(X) = p(X).
A cyclic subgroup of GLn(Fq) of order e = qn−1 is called a Singer subgroup of GLn(Fq)
and an element of GLn(Fq) of order e is called a Singer cycle in GLn(Fq). This terminology
stems from [42] and seems appropriate since GLn(Fq) can be viewed as a subgroup of the
symmetric group Se via the natural transitive action of GLn(Fq) on the set Fnq \ {0}, and
elements of GLn(Fq) of order e evidently correspond to e-cycles in Se. We now recall two
results from [24, II.§7] (see also [4]) about Singer subgroups that will be useful to us later.
Proposition 2.2.2. Any two Singer subgroups in GLn(Fq) are conjugate.
Proposition 2.2.3. Let σ be the Frobenius automorphism of order n of the field Fqn.
Identify Fqn with the vector space Fnq and regard σ as an element of GLn(Fq). Also, let
H be a Singer subgroup of GLn(Fq) and N denote its normalizer in GLn(Fq). Then N is
isomorphic to the semi-direct product H o 〈σ〉 of H and the cyclic subgroup of GLn(Fq)
generated by σ.
It may be noted that Proposition 2.2.1 relates Singer cycles to primitive polynomials.
To work in the other direction, we can use companion matrices. Recall that if f(X) =
Xn − cn−1Xn−1 − · · · − c1X − c0 is a monic polynomial of degree n ≥ 1 in Fq[X], then the
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 13
companion matrix Cf of f(X) is the n× n matrix
Cf =
0 0 0 . . 0 0 c0
1 0 0 . . 0 0 c1
. . . . . . . .
. . . . . . . .
0 0 0 . . 1 0 cn−2
0 0 0 . . 0 1 cn−1
.
It is clear that detCf = (−1)n+1c0. In particular, Cf ∈ GLn(Fq) if and only if f(0) 6= 0.
Also, we know from linear algebra that f(X) is the minimal polynomial as well as the
characteristic polynomial of Cf . Thus, in view of Proposition 2.2.1, we see that if f(0) 6= 0,
then ord f(X) = o(Cf ) and that f(X) is a primitive polynomial if and only if Cf is a Singer
cycle in GLn(Fq). In turn, primitive LFSRs of order n over Fq are related to Singer cycles
in GLn(Fq). To see the latter in a more direct way, it may be useful to observe that the
companion matrix, say A, of the characteristic polynomial of the LFSR (2.1) is its state
transition matrix. Indeed, the kth state Sk := (sk, sk+1, . . . , sk+n−1) of the LFSR (2.1) is
obtained from the initial state S0 := (s0, s1, . . . , sn−1) by Sk = S0Ak, for any k ≥ 0.
2.3 Word-Oriented Feedback Shift Register: σ-LFSR
Given any ring R and any positive integer d, let Md(R) denote the set of all d× d matrices
with entries in R. Fix throughout this and the subsequent sections, positive integers m
and n, and a vector space basis {α0, . . . , αm−1} of Fqm over Fq. Given any s ∈ Fqm , there
are unique a0, . . . , am−1 ∈ Fq such that s = a0α0 + · · · + am−1αm−1, and we shall denote
the corresponding co-ordinate vector (a0, . . . , am−1) of s by s. Evidently, the association
s 7−→ s gives a vector space isomorphism of Fqm onto Fmq . Elements of Fm
q may be thought
of as row vectors and so sC is a well-defined element of Fmq for any s ∈ Fm
q and C ∈ Mm(Fq).
Following [48], and in analogy with LFSRs, we define a (q-ary) σ-LFSR as follows.
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 14
Definition 2.3.1. Let C0, C1, . . . , Cn−1 ∈ Mm(Fq). Given any n-tuple (s0, . . . , sn−1) of
elements of Fqm , let s∞ = (s0, s1, . . . ) denote the infinite sequence of elements of Fqm
determined by the following linear recurrence relation:
si+n = siC0 + si+1C1 + · · ·+ si+n−1Cn−1 for i = 0, 1, . . . (2.3)
The system (2.3) is called a sigma linear feedback shift register (σ-LFSR) of order n over
Fqm , while the sequence s∞ is referred to as the sequence generated by the σ-LFSR (2.3).
The n-tuple (s0, s1, · · · , sn−1) is called initial state of the σ-LFSR (2.3) and the polynomial
Xn−Cn−1Xn−1−· · ·−C1X−C0 with matrix coefficients is called the σ-polynomial of the
σ-LFSR (2.3). The sequence s∞ is said to be ultimately periodic if there are integers r, n0
with r ≥ 1 and n0 ≥ 0 such that sj+r = sj for all j ≥ n0. The least positive integer r with
this property is called the period of s∞ and the corresponding least nonnegative integer n0
is called the preperiod of s∞. The sequence s∞ is said to be periodic if its preperiod is 0.
It is customary to depict the σ-LFSR (2.3) as in Figure 2.2.
Figure 2.2: Model of a sigma linear feedback shift register (σ-LFSR)
The following analogue of Proposition 2.1.3 is easily proved in a similar manner as in
the classical case of LFSRs.
Proposition 2.3.2. For the sequence s∞ generated by the σ-LFSR (2.3) of order n over
Fqm, we have the following.
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 15
(i) s∞ is ultimately periodic, and its period is ≤ qmn − 1.
(ii) If C0 is nonsingular, then s∞ is periodic. Conversely, if s∞ is periodic whenever
the initial state is of the form (b, 0, . . . , 0), where b ∈ Fqm with b 6= 0, then C0 is
nonsingular.
We say that a σ-LFSR of order n over Fqm is primitive if for any choice of nonzero initial
state, the sequence generated by that σ-LFSR is periodic of period qmn − 1. Since the σ-
polynomial of a σ-LFSR has coefficients in the noncommutative ring of matrices, notions
such as irreducibility or primitivity are not readily applicable to it, and an analogue of
Proposition 2.1.4 is not obvious. However, as stated in [48, Thm. 2] and proved in [49,
Thm. 3], we have the following characterization of primitive σ-LFSRs.
Proposition 2.3.3. Let f(X) = Xn − Cn−1Xn−1 − · · · − C1X − C0 ∈ Mm(Fq)[X] be the
σ-polynomial of a σ-LFSR of order n over Fqm, where C0 ∈ GLm(Fq) and C` ∈ Mm(Fq)
for ` = 1, . . . , n − 1. For 1 ≤ i, j ≤ m, let f ij(X) ∈ Fq[X] be the polynomial of degree n
given by
f ij(X) = δijXn −n−1∑`=0
cij` X`,
where δij is the Kronecker delta and cij` is the (i, j)th entry of the m × m matrix C` for
` = 0, 1, . . . , n− 1. Finally, let ∆(X) denote the determinant of the m×m matrix (f ij(X))
with polynomial entries. Then the σ-LFSR is primitive if and only if the ∆(X) is a primitive
polynomial over Fq of degree mn.
The q-ary version of Conjecture 1 of [48] is the following.
Conjecture 2.3.4. The number of primitive σ-LFSR of order n over Fqm is given by the
formula (1.2) stated in the Introduction.
We note that since |GLm(Fq)| = (qm− 1)(qm− q) · · · (qm− qm−1), the formula (1.2) can
be equivalently written as
Υ(m,n; q) =|GLm(Fq)|qm − 1
.φ(qmn − 1)
mn.qm(m−1)(n−1) (2.4)
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 16
In fact, it appears in [48] in this form in the case q = 2. As noted in [48], the number
Υ(m,n; q) is significantly larger than the number of traditional LFSRs of order n over Fqm ,
namely, φ(qmn − 1)/n, and this is partly a reason why σ-LFSRs are deemed superior than
the LFSRs.
Remark 2.3.5. The significance of the power of q in Υ(m,n; q) is not completely clear. We
merely mention that qm(m−1) is the number of nilpotentm×mmatrices over Fq, thanks to an
old result of Fine and Herstein [8] (see [5] or [10] for a more accessible proof). Consequently,
|GLm(Fq)|qm(m−1)(n−1) is the number of n-tuples (C0, C1, . . . , Cn−1) of m×m matrices over
Fq where C0 is nonsingular and C1, . . . , Cn−1 are nilpotent. However, the relation of such
tuples with primitive σ-LFSRs is not at all clear.
2.4 Block Companion Matrices
By a (m,n)-block companion matrix over Fq we mean T ∈ Mmn(Fq) of the form
T =
0 0 0 . . 0 0 C0
Im 0 0 . . 0 0 C1
. . . . . . . .
. . . . . . . .
0 0 0 . . Im 0 Cn−2
0 0 0 . . 0 Im Cn−1
, (2.5)
where C0, C1, . . . , Cn−1 ∈ Mm(Fq) and Im denotes the m×m identity matrix over Fq, while
0 indicates the zero matrix in Mm(Fq). The set of all (m,n)-block companion matrices over
Fq shall be denoted by BCM(m,n; q). Using a Laplace expansion or a suitable sequence
of elementary column operations, we see that if T ∈ BCM(m,n; q) is given by (2.5), then
detT = ± detC0. Consequently,
T ∈ GLmn(Fq) ⇐⇒ C0 ∈ GLm(Fq). (2.6)
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 17
It may be noted that the block companion matrix (2.5) is the state transition matrix for
the σ-LFSR (2.3).
The following elementary observation reduces the calculation of a mn×mn determinant
to an m×m determinant. It is implicit in [49] in the binary case, but one has to be a little
careful with the signs in the q-ary case.
Lemma 2.4.1. Let T ∈ BCM(m,n; q) be given by (2.5) and let F (X) ∈ Mm (Fq[X]) be
defined by F (X) := ImXn−Cn−1X
n−1−· · ·−C1X−C0. Then the characteristic polynomial
of T is equal to detF (X).
Proof. Consider the mn×mn matrix
XImn − T =
XIm 0 0 . . 0 0 −C0
−Im XIm 0 . . 0 0 −C1
. . . . . . . .
. . . . . . . .
0 0 0 . . −Im XIm −Cn−2
0 0 0 . . 0 −Im XIm − Cn−1
Add X times each row in the nth row-block to the corresponding row in the (n − 1)-st
row-block. This will remove the XIm in the (n − 1)-st row-block and it will not alter
the determinant. Next, add X times each row the new in the (n − 1)-st row-block to the
corresponding row in the (n− 2)-nd row-block. Continue successively until all of the XI ′ms
on the main diagonal have been removed. The result is the matrix
0 0 0 . . 0 0 XnIm − Cn−1Xn−1 − · · · − C1X − C0
−Im 0 0 . . 0 0 Xn−1Im − · · · − C2X − C1
. . . . . . . .
. . . . . . . .
0 0 0 . . −Im 0 X2Im − Cn−1X − Cn−2
0 0 0 . . 0 −Im XIm − Cn−1
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 18
which has the same determinant as XImn−T . We can clean up the last column by adding
to it appropriate multiples of the other columns so as to obtain
det (XImn − T ) = det
0 0 0 . . 0 0 F (X)
−Im 0 0 . . 0 0 0
. . . . . . . .
. . . . . . . .
0 0 0 . . −Im 0 0
0 0 0 . . 0 −Im 0
.
Finally, we can slide the last column-block to the first by successive column interchanges.
We need m(n − 1) interchanges for each of the m columns in the last column-block, and
so the determinant changes by (−1)m2(n−1). Further, if we pull out the negative sign in
each of the rows in all except the first row-block, then the determinant gets multiplied
by (−1)m(n−1). It follows that the characteristic polynomial of T is (−1)m(m+1)(n−1) times
the determinant of the block diagonal matrix diag (F (X), Im, . . . , Im). Since m(m + 1) is
always even, the lemma is proved.
As a corollary, we can obtain a more amenable form of Conjecture 2.3.4.
Proposition 2.4.2. Conjecture 2.3.4 is equivalent to showing that
|{T ∈ BCM(m,n; q) ∩GLmn(Fq) : o(T ) = qmn − 1}| = Υ(m,n; q), (2.7)
where Υ(m,n; q) is given by the formula (1.2) or the equivalent formula (2.4).
Proof. If T ∈ BCM(m,n; q)∩GLmn(Fq) is given by (2.5) and if F (X) is as in Lemma 2.4.1,
then detF (X) is precisely the polynomial ∆(X) in Proposition 2.3.3. Now, the desired
result follows readily from Propositions 2.2.1 and 2.3.3 together with Lemma 2.4.1.
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 19
2.5 The Characteristic Map
Let
BCMS(m,n; q) := {T ∈ BCM(m,n; q) ∩GLmn(Fq) : o(T ) = qmn − 1}
be the set of Singer cycles among (m,n)-block companion matrices, and
P(mn; q) := {p(X) ∈ Fq[X] : p(X) is primitive of degree mn}
be the set of all primitive polynomials of degree mn over Fq. In view of Proposition 2.2.1,
the restriction to BCMS(m,n; q) of the characteristic map
Φ : Mmn(Fq) → Fq[X] defined by Φ(T ) := det (XImn − T )
gives a map from BCMS(m,n; q) to P(mn; q), which we shall denote by Ψ. Clearly,
BCMS(m,n; q) =∐
f(X)∈ im(Ψ)
Ψ−1 (f(X)) ,
where, as usual,∐
denotes disjoint union, im(Ψ) denotes the image of Ψ, and
Ψ−1 (f(X)) := {T ∈ BCMS(m,n; q) : Ψ(T ) = f(X)}
denotes the fiber of f(X) for any f(X) ∈ P(mn; q). Thus, to prove (2.7), it suffices to
determine im(Ψ) and the cardinality of each of the fibers. The former is answered by the
following.
Proposition 2.5.1. The map Ψ : BCMS(m,n; q) → P(mn; q) is surjective.
Proof. Let f(X) ∈ P(mn; q). By Proposition 2.1.1, there is a primitive element γ of F∗qmn
such that f(γ) = 0. Since f(X) ∈ Fq[X], the Frobenius automorphism x 7−→ xq of Fqmn
permutes the roots of f(X), and thus γ, γq, γq2 , . . . , γqmn−1are precisely the mn distinct
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 20
roots of f(X). Hence
f(X) =m−1∏j=0
fj(X) where fj(X) :=n−1∏i=0
(X − γqim+j
)for j = 0, . . . ,m− 1.
Note that the map given by x 7−→ xqm is a generator of the Galois group of Fqmn over Fqm ,
and for each j = 0, . . . ,m − 1, it permutes the roots of fj(X) among themselves, and so
fj(X) ∈ Fqm [X]. Moreover, since qj and qmn − 1 are relatively prime, we see that each
fj(X) is the minimal polynomial over Fqm of a primitive element of F∗qmn , namely, γqj , and
thus fj(X) is a primitive polynomial in Fqm [X]; in particular, fj(X) is irreducible in Fqm [X]
and fj(0) 6= 0 for j = 0, . . . ,m− 1. Write
f0(X) = Xn − βn−1Xn−1 − · · · − β1X − β0 where β0, β1, . . . , βn−1 ∈ Fqm .
LetB = Cf0 be the companion matrix of f0(X). By the Cayley-Hamilton Theorem, f0(B) =
0 and hence f(B) = 0. Now, choose a Singer cycle A ∈ GLm(Fq) and let g(X) ∈ Fq[X] be
the minimal polynomial of A. By Proposition 2.2.1, we have g(X) ∈ P(m; q). Moreover,
p(X) 7−→ p(A) defines a Fq-algebra homomorphism of Fq[X] into Mm(Fq) and its image is
the group algebra Fq[A] of the cyclic subgroup of GLm(Fq) generated by A while its kernel
is the ideal of Fq[X] generated by g(X). Since g(X) is irreducible of degree m, the residue
class ring Fq[X]/ 〈g(X)〉 is Fq-isomorphic to Fqm . Thus we obtain a Fq-algebra isomorphism
θ : Fqm → Fq[A], which induces a Fq-algebra homomorphism
θ : Mn (Fqm) → Mn (Mm(Fq)) ' Mmn(Fq) given by θ ((βij)) = (θ (βij))
of the corresponding rings of matrices. It may be noted that since o(A) = qm − 1, we
have Fq[A] ={0, A,A2, . . . , Aqm−1
}, where 0 denotes the zero matrix in Mm(Fq). Now let
Ci := θ(βi) for i = 0, . . . , n − 1, and let T ∈ BCM(m,n; q) be the matrix given by (2.5)
corresponding to thesem×mmatrices C0, C1, . . . , Cm−1. Note that since β0 = f0(0) 6= 0 and
θ is an isomorphism, C0 is nonsingular and hence by (2.6), T ∈ BCM(m,n; q)∩GLmn(Fq).
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 21
Also note that T = θ(B). Now, since f(B) = 0 and θ is a Fq-algebra homomorphism, it
follows that f(T ) = 0. Moreover, since f(X) ∈ Fq[X] is primitive of degree mn, it must be
the minimal polynomial of T and further, by Proposition 2.2.1, we see that o(T ) = qmn−1
and f(X) is the characteristic polynomial of T . Thus, T ∈ BCMS(m,n; q) and Φ(T ) =
f(X). This proves that Ψ is surjective.
As for the fibers of Ψ, we propose the following.
Conjecture 2.5.2 (Fiber Conjecture). For any f(X) ∈ P(mn; q), the cardinality of the
fiber Ψ−1 (f(X)) := {T ∈ BCMS(m,n; q) : Ψ(T ) = f(X)} is independent of the choice of
f(X) and, in fact, given by the following formula:
∣∣Ψ−1 (f(X))∣∣ = qm(m−1)(n−1)
m−1∏i=1
(qm − qi).
It is clear that Conjecture 2.5.2 together with Theorem 2.5.1 implies Conjecture 2.3.4.
We remark that the fibers of the ambient map Φ have been studied in the literature (cf.
[10, 38]). The Fiber Conjecture facilitates a connection between Conjecture 2.3.4 and a
question of Niederreiter (which is still open) as indicated below.
Remark 2.5.3. Let α be a primitive element of F∗qmn . A subspaceW of Fqmn of dimensionm
is said to be α-splitting if Fqmn = W⊕αW⊕· · ·⊕αn−1W . Niederreiter [33, p. 11] asks for the
total number of α-splitting subspaces of dimension m. In view of Proposition 2.1.1, fixing a
primitive element of F∗qmn is essentially the same as fixing a primitive polynomial in Fq[X] of
degree mn. Now let Lα : Fqmn → Fqmn be the linear transformation defined by Lα(x) := αx.
Note that the characteristic polynomial of Lα is precisely the minimal polynomial of α.
Moreover, if a subspace W of dimension m is α-splitting and {u1, . . . , um} is an ordered
basis of W , then Bα(u1,...,um) = {u1, . . . , um, αu1, . . . , αum, . . . , α
n−1u1, . . . , αn−1um} is a Fq-
basis of Fqmn and with respect to this ordered basis, the matrix of Lα is a (m,n)-block
companion matrix. Moreover, thanks to Proposition 2.2.1, this block companion matrix is
a Singer cycle. Conversely, a Singer cycle in GLmn(Fq) of the form (2.5) must be the matrix
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 22
of Lα with respect to a basis of the form Bα(u1,...,um) and then {u1, . . . , um} clearly spans a
α-splitting subspace. In this way, the enumeration of α-splitting subspaces of dimension m
is essentially equivalent to the determination of cardinalities of the fibers of Ψ.
2.6 The Case n = 1
As noted in the introduction, whenm = 1, (1.2) reduces to (1.1) and hence Conjecture 2.3.4
readily follows from Proposition 2.1.1. Also, when m = 1, the map Ψ is clearly bijective
and hence Conjecture 2.5.2 holds trivially. We will show below that when n = 1, both the
conjectures follow from the structure of Singer cycles.
Proposition 2.6.1. If n = 1, then Conjecture 2.3.4 as well as Conjecture 2.5.2 hold in
the affirmative.
Proof. Suppose n = 1. Then BCMS(m,n; q) is simply the set of all Singer cycles in
GLm(Fq). By Proposition 2.2.2, GLm(Fq) acts transitively on the set of all Singer sub-
groups by conjugation, and hence the number of Singer subgroups of GLm(Fq) is given by
|GLm(Fq)| /|N |, where N denotes the normalizer of a Singer subgroup of GLm(Fq). More-
over, by Proposition 2.2.3, we see that |N | = m(qm−1). Finally, since any Singer subgroup
of GLm(Fq) contains φ(qm − 1) generators, i.e., φ(qm − 1) Singer cycles, it follows that
|BCMS(m, 1; q)| = |GLm(Fq)|m(qm − 1)
φ(qm − 1) = Υ(m, 1; q).
Thus, in view of Proposition 2.4.2, Conjecture 2.3.4 is established when n = 1. To show
more generally, that Conjecture 2.5.2 holds in the affirmative when n = 1, let f(X) ∈
P(m; q) and T ∈ BCMS(m, 1; q) be such that Ψ(T ) = f(X). By Proposition 2.2.1, the
minimal polynomial as well as the characteristic polynomial of T is f(X). In particular, T
and the companion matrix Cf of f(X) have the same set of invariant factors, and therefore,
they are similar (cf. [3, p. VII.32]). It follows that Ψ−1(f(X)) = {P−1CfP : P ∈
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 23
GLm(Fq)}. Consequently,
∣∣Ψ−1(f(X))∣∣ = |GLm(Fq)|
|Z(Cf )|where Z(Cf ) := {P ∈ GLm(Fq) : CfP = PCf} .
Further, the linear transformation of Fqm ' Fmq corresponding to Cf is cyclic and hence
by a theorem of Frobenius [25, Thm. 3.16 and its Corollary], the centralizer Z(Cf ) of Cf
consists only of polynomials in Cf . Now, the Fq-algebra of polynomials in Cf is readily seen
to be isomorphic to Fq[X]/ 〈f(X)〉, and so its cardinality is qm. Consequently, Z(Cf ) =
{Cjf : 0 ≤ j < qm} and |Z(Cf )| = qm − 1. Thus,
∣∣Ψ−1(f(X))∣∣ = |GLm(Fq)|
qm − 1=
m−1∏i=1
(qm − qi),
as desired.
Remark 2.6.2. An alternative proof of Conjecture 2.5.2 in the case n = 1 can be obtained
using the Reiner-Gerstenhaber formula for the number of square matrices over Fq with the
given characteristic polynomial (cf. [38, Thm. 2] and [10, §2]) together with Proposition
2.2.1.
2.7 Examples
In this section we outline some small examples to illustrate Conjecture 2.3.4 and its refined
version Conjecture 2.5.2. Throughout, we take q = 2 and for 1 ≤ i, j ≤ 2, we let eij denote
the 2 × 2 matrix over Fq with 1 in (i, j)th place and 0 elsewhere. Also, let I = e11 + e22
be the 2× 2 identity matrix and J = e11 + e12 + e21 + e22 be the 2× 2 matrix with all the
entries equal to 1.
Example 2.7.1. Consider m = 2 and n = 2. There are only 2 primitive polynomials of
degree 2×2 = 4 over F2 and, in fact, we have P(4, 2) = {x4+x+1, x4+x3+1}. It is easily
verified that |BCMS(2, 2; 2)| = 16, i.e., the number of nonsingular (2, 2)-block companion
CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 24
matrices over F2 of order 24 − 1 = 15 is 16, as predicted by Conjecture 2.3.4. Moreover,
the elements
T =
0 C0
I C1
of BCMS(2, 2; 2) for which Ψ(T ) = x4+x+1 are precisely those for which the corresponding
pair (C0, C1) of 2× 2 matrices is given by either of the following.
(J − e21, e21) , (J − e21, J) , (e12 + e21, e21) , (e12 + e21, e12) ,
(J − e11, I) , (J − e22, I) , (J − e12, e12) , (J − e12, J) .
On the other hand, T ∈ BCMS(2, 2; 2) for which Ψ(T ) = x4 + x3 + 1 are precisely those
for which the corresponding pair (C0, C1) is given by either of the following.
(J − e21, e21 + e22) , (J − e21, e11 + e21) , (e12 + e21, e22) , (e12 + e21, e11),
(J − e11, J − e11) , (J − e22, J − e22) , (J − e12, e12 + e22) , (J − e12, e11 + e12).
Thus, both the fibers have cardinality 8, as predicted by Conjecture 2.5.2.
Example 2.7.2. Consider m = 2 and n = 3. Then P(6, 2) consists of six polynomials,
namely, x6+x5+x4+x+1, x6+x+1, x6+x5+x3+x2+1, x6+x5+1, x6+x4+x3+x+1,
and x6 + x5 + x2 + x + 1. The fibers of Ψ for each of these consists of 32 elements of
BCMS(2, 3; 2), which together, constitute the 192 elements of BCMS(2, 3; 2). It is seen,
therefore, that Conjecture 2.3.4 as well as Conjecture 2.5.2 is valid in this case.
Chapter 3
Word-Oriented Nonlinear
Feedforward σ-LFSR
By using the binary sequences generated by traditional linear feedback shift registers (LF-
SRs), Groth in his paper [19] suggested various schemes to derive binary sequences with
high linear complexity and good statistical randomness properties ([18], [31, Ch. 5]). One
of his schemes uses Langford arrangement [28]. It appears that Groths’s idea of using
Langford arrangement for the number g (if at all there exists one such arrangement for
g) on primitive σ-LFSRs of order n = 2g may give rise the sequences having high linear
complexity with good statistical randomness properties. In support of above, we provide
some experimental results in this chapter.
3.1 Linear Complexity
In this section, we recall some definition and results from [31, Ch.6]. Let s∞ denotes an
infinite sequence whose terms are s0, s1, . . . , sn−1, sn, . . . and sn denotes a finite sequence
of length n whose terms are s0, s1, . . . , sn−1.
Definition 3.1.1. An LFSR is said to generate a sequence s∞ if there is some initial state
for which the output sequence of the LFSR is s∞. Similarly, an LFSR is said to generate
25
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 26
a finite sequence sn if there is some initial state for which the ouput sequence of the LFSR
has sn as its first n terms.
Definition 3.1.2. The linear complexity of an infinite binary sequence s∞, denoted L(s∞),
defined as follows:
(i) if s∞ is the zero sequence, then L(s∞) = 0;
(ii) if no LFSR generates s∞, then L(s∞) = ∞;
(iii) otherwise, L(s∞) is the length of the shortest LFSR that generates s∞.
Example 3.1.3. If the sequence s∞ is generated by primitive LFSR of order n, then
L(s∞) = n.
Definition 3.1.4. The linear complexity of a finite binary sequence sn, denotes L(sn), is
the length of a shoetest LFSR that generates a sequence having sn as its first n terms.
Fact 3.1. (Properties of linear Complexity). Let s∞ and s∞′ be binary sequences.
(i) For any n ≥ 1, the linear complexity of the subsequence sn satisfies 0 ≤ L(sn) ≤ n.
(ii) L(sn) = 0 if and only if sn is the zero sequence of length n.
(iii) L(sn) = n if and only if sn = 0, 0, 0, . . . , 0, 1.
(iv) If s∞ is periodic with period N , then L(s∞) ≤ N .
(v) L(s∞ ⊕ s∞′) ≤ L(s∞) + L(s∞′), where s∞ ⊕ s∞′ denotes the bitwise XOR1
of s∞ and s∞′.
Definition 3.1.5. Let s∞ = s0, s1, . . . be a binary sequence, and let LN denote the linear
complexity of the subsequence sN = s0, s1, . . . , sN−1, N ≥ 0. The sequence L1, L2, . . . is
called the linear complexity profile of s∞. Similarly, if sn = s0, s1, . . . , sn−1 is finite binary
sequence, the sequence L1, L2, . . . , Ln is called the linear complexity profile of sn.
1Note that XOR is defines as : 0⊕ 0 = 0, 1⊕ 0 = 1, 0⊕ 1 = 0, 1⊕ 1 = 0.
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 27
The linear complexity profile of sequence can be computed using the Berlekamp-Massey
algorithm.
Fact 3.2. (Properties of linear complexity profile). Let L1, L2, . . . be the linear
complexity profile of a sequence s∞ = s0, s1, . . .
(i) If j > i, then Lj ≥ Li.
(ii) LN+1 > LN is possible only if LN ≤ N2.
(iii) If LN+1 > LN , then LN+1 + LN = N + 1.
The linear complexity profile of a sequence s∞ can be graphed by plotting the points
(N,LN), N ≥ 1, in the N ×L plane. The expected linear complexity of a random sequence
should closely follow the line L = N2.
3.2 Linear complexity of σ-LFSR
Linear complexity issues of σ-LFSR have been considered in [48]. However, for the sake of
completeness and comparing results with nonlinear feedforward σ-LFSR, some experimen-
tal results concerning σ-LFSR are presented in this section.
We begin by recalling some facts and results from [48, 49]. In order to achieve high speed
implementation in software, we have to confine ourself to some special kind of coefficient
matrices (linear transformations) in the σ-polynomial of a σ-LFSR, namely the word op-
erations provided by modern processor. These word operations are:
1. And Operation Λγ : Λγ(a) =m−1∑i=0
aiciαi, where α0, . . . , αm−1 is basis of F2m over F2,
a =m−1∑i=0
aiαi and γ =m−1∑i=0
ciαi.
2. Circular Rotation Operation σ : σk(a) =m−1∑i=0
ai+k(mod m)
, where k is a positive
integer.
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 28
3. Left Shift Operation L : L(a) =m−1∑i=1
aiαi−1.
4. Right Shift Operation R : R(a) =m−2∑i=0
aiαi+1.
5. LR Shift Combination Operation ∪s,t : ∪s,t = Ls +Rt.
Although, we have carried our experiments on many primitive σ-polynomials of degree
n = 16 with coefficient matrices each of order m = 32 (that is primitive σ-LFSRs of length
16 over F232) which are listed in [48] and in each case, we notice the same results. However,
Figure 3.1: Linear Complexity profile for HHZ1.
we will present here our experimental results only in case of HHZ1 and HHZ2 corresponding
to primitive σ-polynomial as given below:
HHZ1: f1(x) = x16 + Λγ1x10 + Lx6 +Rx5 + 1, where γ1 = 0× 5e8491f8.
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 29
HHZ2: f2(x) = x16 + Λγ2x9 + ∪3,1, where γ2 = 0× bffffe4f .2
Our experimental results show that the sequences generated by HHZ1 and HHZ2 have
linear complexity 16384(= mn×m) and satisfy randomness properties too. Moreover, bit
coordinate sequences have linear complexity 512(= mn), which actually verifies Theorem
3 in [48]. The Figure 3.1 shows linear complexity profile for HHZ1.
3.3 Word-oriented nonlinear feedforward σ-LFSR
In this section, we shall define word-oriented nonlinear feedforward σ-LFSR by using Lang-
ford arrangements [28].
Definition 3.3.1. Arrange the numbers 11223344 . . . gg in a sequence such that between
equal numbers h there are exactly h other numbers. This type of arrangement of numbers
is know as Langford arrangement, which is named after the Scottish mathematician C.
Dudley Langford.
Example 3.3.2. For g = 4 and g = 8, the Lagford Arrangement are 41312432 and
6751814657342832 respectively.
It is important to note that Langford arrangements are not possible for every number
g. For example, Langford arrangement is not possible for g = 5, 6, 9, or 10.
Definition 3.3.3. Let s∞ = s0, s1, . . . be the sequence over Fqm generated by σ-LFSR
of order 2g. Let there exist Langford arrangement for the number g and let `i and ri
respectively denote the left and right positions of the number i in the Langford arrangement
of g from the left. Then ri = `i + i+ 1. Now we define a sequence t∞ = t0, t1, . . . obtained
from s∞ by the following recurrence relation:
ti =i∑
j=0
uj for i = 0, 1, . . . (3.1)
2γ1, γ2 are hexadecimal numbers. Hexadecimal is numeral system with a base of 16. It uses sixteendistinct symbols, most often the symbols 0−9 to represent values zero to nine and a, b, c, d, e, f to representvalues ten to fifteen.
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 30
where uj =
g∑k=1
s2g+j−`ks2g+j−rk .
The system (3.1) is called a nonlinear feedforward σ-LFSR (NLFF σ-LFSR) of order 2g
over Fqm , while the sequence t∞ is referred to as the sequence generated by the nonlinear
feedforward σ-LFSR (3.1).
Note that the multiplication of the states in above expression 3.1 is either field multipli-
cation in Fqm or some suitable multiplication (e.g. AND operation) such that the resultant
element must necessarily be in Fqm .
The following Figure 3.2 is the nonlinear feedforward σ-LFSR of order 16, where the num-
bers in the Langford arrangement for g = 8 are assigned sequentially to register stages and
the two inputs of a multiplier are connected to the two stages with same number.
⊕
6 7 5 1 8 1 4 6 5 7 3 4 2 8 3 2
&
&
&
&
&
&
&
&
⊕ ⊕t∞
s∞
Figure 3.2: NLFF σ-LFSR based on Langford arrangement for g = 8.
We present here our experimental results when the numbers in the Langford arrange-
ment for g = 8 are assigned sequentially to register stages of HHZ1 and HHZ2 in the same
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 31
fashion as in Figure 3.2. However, we have carried out experiments for many primitive
σ-polynomials of degree n = 16 with coefficient matrices of order m = 32 as listed in [48]
and in each case, we obtain the same results.
For our experiments concerning nonlinear feedforward primitive σ-LFSR based on Lang-
ford arrangement, we are multiplying the two states by using And operation.
If we consider 1000000 bits of the output sequence, then the complexity profile follows
the line L = N2(see Figure 3.3) and the linear complexity is atleast 500000, which is much
higher than the linear case.
Figure 3.3: Linear complexity profile of nonlinear feedforward HHZ1 based on Langfordarrangement for g = 8.
We also observe that each bit coordinate sequence has linear complexity mn(mn+1)2
=
131328 or mn(mn+1)2
+ 1 = 131329, which is much higher than the linear case.
CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 32
∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣
Sr. No. Name of Test Passed Failed
1. Frequency Test 94 6
2. Binary Derivative Test 97 3
3. Change point Test 88 12
4. Poker Test 97 3
5. Runs Test 93 7
6. Universal Test 81 19
7. Linear Complexity Test 95 5
8. Longest Run of Ones Test 94 6
9. Binary Matrix Rank Test 98 2
10. Approximate Entropy Test 97 3
11. Lempel Ziv Compression Test 90 10
12. Non-overlapping Template Matching Test 100 0
∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣Table 1: Randomness Tests for NLFF HHZ1 (multiplication uses And operation).
Moreover, if we take 100 files of the sequences generated by nonlinear feedforward HHZ1
based on Langford arrangement, each of size 1000000 bits, then apply statistical test
reccomended by National Institute of Standards and Technology (NIST) to check non-
randomness of the sequences. The Table 1 shows that fairly good number of files have
passed statistical randomness tests.
The study of nonlinear feedforward σ-LFSR is still under progress.
Chapter 4
Polynomial Systems Over Finite
Fields
Let Am = Am(Fq) denote the affine space of dimension m over Fq. Fix any integers u and
m with u ≥ 0 and m ≥ 1. We begin by asking the following.
Question 1. What is the maximum number of zeros in Am that a polynomial of degree u
in m variables with coefficients in Fq can have?
The answer is easy, and just what one would expect. Namely, uqm−1 unless of course
u > q in which case the answer is qm.
In geometric terms, Question 1 asks about the maximum number of Fq-rational points
on an affine hypersurface defined over Fq. We could ask for the corresponding question for
projective hypersurfaces. So let Pm = Pm(Fq) denote the projective space of dimension m
over Fq, and let us ask the following.
Question 2. What is the maximum number of zeros in Pm that a homogeneous polynomial
of degree u in m+ 1 variables with coefficients in Fq can have?
Intuitively, or in analogy with the affine case, one might expect that the answer in this
case is uπm−1, where
πj := |Pj(Fq)| = qj + qj−1 + · · ·+ q + 1 for any nonnegative integer j,
33
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 34
and where we have assumed that u ≤ q (lest uπm−1 > πm). While it is not difficult to show
that uπm−1 is an upper bound for the number of common zeros, an example where this
bound is attained is hard to come by. This is not surprising because the analogous and
intuitively obvious bound is, in fact, not the right one. Realizing this, Tsfasman conjectured
that the correct bound is uqm−1 + πm−2. An elegant proof of Tsfasman’s conjecture was
given by Serre [40] and we refer to Section 4.2 for further details.
Now, let us look at a more general situation. Namely, instead of one polynomial, con-
sider several of them. However, if we consider arbitrary number of polynomials of arbitrary
degrees, then the situation becomes much too general—indeed, we will then be considering
arbitrary affine and projective varieties over finite fields. It is rather unreasonable to expect
precise and succinct answers in this case.1 Thus, in the spirit of Questions 1 and 2, we will
fix the degree and ask the following.
Question 3. What is the maximum number of common zeros in Am that a system of r
linearly independent polynomials, each of degree u in m variables with coefficients in Fq,
can have?
Question 4. What is the maximum number of common zeros in Pm that a system of r
linearly independent homogeneous polynomials, each of degree u in m + 1 variables with
coefficients in Fq, can have?
The status of these questions is as follows. A complete answer to Question 3 is known
and can be seen in [22]. Question 4 is open, in general, except of course in the case r = 1
where it reduces to Question 2 that has been settled by Serre [40] (and, independently, by
Sørrensen [44]) in 1991. The case r = 2 has also been settled, by Boguslavasky in 1997 and
we give an a somewhat simpler proof of his result in Section 4.3.
As remarked in the Introduction of this thesis, each of the above questions are intimately
related to Coding Theory. In greater detail, Questions 1 and 3 correspond to determining
the minimum distance and the rth higher weight, respectively, of q-ary affine Reed-Muller
1See, however [13] for an expository account of results such as Weil conjectures, Lang-Weil inequalitythat are available in the general case.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 35
codes. On the other hand, Questions 2 and 4 correspond to determining the minimum
distance and the rth higher weight, respectively, of q-ary projective Reed-Muller codes. In
fact, this connection with Coding Theory has provided a major impetus for progress on
these questions. We review some basics of Coding Theory and describe this connection in
Section 4.4.
4.1 Elementary Bounds
Let us first settle notations and terminology. Given a ring (always assumed commutative
and with identity) R, we denote, as usual, by R[X] the ring of polynomials in one variable
X with coefficients in R. More generally, R[X1, . . . , Xm] denotes the ring of polynomials in
m variables X1, . . . , Xm with coefficients in R. A nonzero polynomial in R[X1, . . . , Xm] is
said to have degree u if u is its total degree. Here, and hereafter, it is tacitly assumed that
m and u denote integers with m ≥ 1 and u ≥ 0. In particular, if we say that a polynomial
is of degree u, then it necessarily means that the said polynomial is nonzero. Given any
set S, we denote by |S| the number of elements in S if S is finite, and the symbol ∞ if S
is infinite. By convention, u < ∞ for any u ∈ Z.
The simplest and most basic bound is given by the following well known result that is
sometimes ascribed to Lagrange.
Proposition 4.1.1. Let F be a field and f(X) ∈ F [X] be of degree u. Then f(X) has at
most u roots in F . Moreover, if u ≤ |F |, then there exist polynomials of degree u in F [X]
with exactly u roots.
Classically, there is no analogue of the above result for polynomials in two or more
variables because the set of zeros of such polynomials is, in general, infinite. But when the
ground field is finite, one has the following natural analogue.
Proposition 4.1.2. Let f(X1, . . . , Xm) ∈ Fq[X1, . . . , Xm] be of degree u. Then the set
Z(f) := {c = (c1, . . . , cm) ∈ Am(Fq) : f(c1, . . . , cm) = 0} has at most uqm−1 elements.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 36
Moreover, if u ≤ q, then there exists f ∈ Fq[X1, . . . , Xm] such that Z(f) has exactly uqm−1
elements.
Proof. We apply double induction on u and m. When u = 0, 1 or m = 1, the result follows
trivially. Suppose u > 1 and m > 1. We analyze the two cases.
Case 1: (X1 − c) | f(X1, . . . , Xm) for some c ∈ Fq.
In this case, f(X1, . . . , Xm) = (X1 − c)g(X1, . . . , Xm), where g is a polynomial of degree
u− 1. Therefore,
Z(f) = {c ∈ Am(Fq) : c1 = c} q {c ∈ Am(Fq) : c1 6= c and g(c1, . . . , cm) = 0}
and
|Z(f)| ≤ qm−1 + |V (g)|
≤ qm−1 + (u− 1)qm−1 (by induction hypothesis)
= uqm−1.
Case 2: (X1 − c) - f(X1, . . . , Xm), ∀c ∈ Fq.
In this case, we have, f(c,X2, . . . , Xm) 6= 0 and deg f(c,X2, · · · , Xm) ≤ u. For each c ∈ Fq,
f(c,X2, · · · , Xm) has at most uqm−2 solutions in Fm−1q . Since we have q choices for c ∈ Fq,
therefore, |Z(f)| ≤ q(uqm−2) = uqm−1.
For second part of the Proposition, consider the following polynomial f(X1, . . . , Xm) =
(X1 − a1)(X1 − a2) . . . (X1 − au) with distinct elements a1, a2, . . . , au ∈ Fq. We have
deg f(X1, . . . , Xm) = u and f(X1, . . . , Xm) has exactly uqm−1 solutions in Am(Fq).
4.2 Projective Hypersurfaces
We have the following projective analogue of the Proposition 4.1.2.
Proposition 4.2.1. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be a homogeneous polynomial of
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 37
degree u. Then the set V (f) := {c = (c0, . . . , cm) ∈ Pm(Fq) : f(c) = 0} has at most uπm−1
elements. Equivalently, the set
Z∗(f) := {(c0, . . . , cm) ∈ Fm+1q \ {(0, . . . , 0)} : f(c0, . . . , cm) = 0}
has at most u(qm − 1) elements.
Proof. We apply double induction on u and m. When u = 0, u = 1 or m = 1, the result
follows trivially. Suppose u > 1 and m > 1. We analyze the two cases.
Case 1: X0 | f .
Then f = X0g, where g is a homogeneous polynomial in Fq[X0, . . . , Xm] of degree u − 1
and hence by induction,
|Z∗(f)| = |{c ∈ Fm+1q \ {0} : f(c) = 0}| ≤ qm − 1 + (u− 1)(qm − 1) = u(qm − 1).
Case 2: X0 - f .
In this case, if (c0, . . . , cm) ∈ Fm+1q with c0 6= 0 is such that f(c0, . . . , cm) = 0, then
f( c1c0, . . . , cm
c0) = 0, where f(Y1, . . . , Ym) = f(1, Y1, . . . , Ym) is polynomial of degree u in m
variables. Furthermore, f(0, X1, . . . , Xm) is a homogeneous polynomial of degree u in m
variables. Therefore,
Z∗(f) = {c ∈ Fm+1q \{0} : c0 6= 0, f(c1, . . . , cm) = 0}q{c ∈ Fm+1
q \{0} : c0 = 0, f(c) = 0}
and hence by Proposition 4.1.2 and the induction hypothesis,
|Z∗(f)| = |{c ∈ Fm+1q \ {0} : f(c) = 0}| ≤ (q − 1)(uqm−1) + u(qm−1 − 1)
= u(qm − 1),
as desired.
The Proposition given below gives the exact bound on the number of points on a
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 38
projective hypersurface, which was conjectured by M. Tsfasman and proved by J.-P. Serre.
Proposition 4.2.2. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be a homogeneous polynomial of
degree u. Then the set V (f) := {c = (c0, . . . , cm) ∈ Pm(Fq) : f(c) = 0} has at most
uqm−1 + πm−2 elements. Moreover, if u ≤ q, then the bound on the right hand side is
attained only if V (f) is a union of u hyperplanes whose intersection contains a subspace of
Pm(Fq) of codimension 2.
Proof. (Serre). If u ≥ q + 1, then uqm−1 + πm−2 ≥ qm + qm−1 + πm−2 = πm and the
bound holds trivially. Assume u < q + 1. We apply induction on m. The case m = 0 is
just trivial and the case m = 1 follows from Proposition 4.1.1. Suppose m > 1 and result
holds for homogeneous polynomials in < m + 1 variables. Let g1, . . . , gl be distinct (up
to multiplication by a constant) linear factors of f . Then l ≤ u and each gi is necessarily
homogeneous; further, if we let
Gi = {c ∈ Pm(Fq) : gi(c) = 0} and G =r⋃
i=1
Gi,
then G ⊆ V (f). We analyze the following two cases.
Case 1: G = V (f).
We apply induction on l. If l = 1, then
|G| = |G1| = πm−1 ≤ uqm−1 + πm−2.
If l > 1, then
(l−1⋃i=1
Gi
)∩Gl ⊇ G1 ∩G2 and |G1 ∩G2| = πm−2, and hence,
∣∣∣∣∣l⋃
i=1
Gi
∣∣∣∣∣ =
∣∣∣∣∣l−1⋃i=1
Gi
∣∣∣∣∣+ |Gl| −
∣∣∣∣∣(
l−1⋃i=1
Gi
)∩Gl
∣∣∣∣∣≤
((l − 1)qm−1 + πm−2
)+ πm−1 − πm−2 (by induction hypothesis)
= lqm−1 + πm−2.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 39
Since l ≤ u, the desired inequality follows.
Moreover, we observe that |V (f)| = uqm−1 + πm−2, only if l = u and if G1, . . . , Gl have a
space of dimension (m− 2) in common.
Case 2: G 6= V (f).
Choose a point P ∈ V (f) with P 6∈ G. If H is a hyperplane in Pm containing P , then the
restriction of f to H is not identically zero, by the choice of P . Let V = V (f). We have
H ' Pm−1 and by induction hypothesis, |V ∩H| ≤ uqm−2 + πm−3. Consider the set
T := {(P ′, H) : P ′ ∈ V \ {P} and H is a hyperplane in Pm through P and P ′}.
Now we determine cardinality of the set T in two different ways. For a fixed H passing
through P , the number of P ′ ∈ V \ {P} lying on H is equal to |V ∩ H| − 1, which is at
most uqm−2 + πm−3 − 1. As the number of H passing through P is πm−1, we see that
|T | ≤ πm−1(uqm−2 + πm−3 − 1).
On the other hand, for a fixed P ′ ∈ V \ {P}, the number of H passing through P and P ′
is equal to πm−2. It follows that
|T | = (N − 1)πm−2, where N = |V (f)|.
Thus, (N − 1)πm−2 ≤ πm−1(uqm−2 + πm−3 − 1), and hence,
N ≤ πm−2 + πm−1(uqm−2 + πm−3 − 1)
πm−2
=πm−2 + uqm−2πm−1 + πm−1πm−3 − πm−1
πm−2
=−qm−1 + uqm−2πm−1 + πm−1πm−3
πm−2
=−qm−1 + uqm−1πm−2 + uqm−2 + πm−1πm−3
πm−2
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 40
= uqm−1 +uqm−2 − qm−1 + πm−3(q
m−1 + πm−2)
πm−2
= uqm−1 + πm−2 −(q + 1− u)qm−2
πm−2
< uqm−1 + πm−2 (since q + 1− u > 0).
So in case 2, we have |V (f)| < uqm−1 + πm−2. This completes the proof.
4.3 Systems of Homogeneous Polynomials
In this section, we will consider the system of two homogeneous polynomial of the same
degree. Let us first recall some basic definitions and results from algebraic geometry. For
more details as well as proofs of these results, one may refer to [9, 41, 43].
4.3.1 Basic Definitions and Results
For all the definitions and results of this sub-section, we denote by F a field.
Definition 4.3.1. For a subset S ⊆ F [X0, X1, . . . , Xm] of homogeneous polynomials, we
define
V (S) := {c ∈ Pm(F ) : f(c) = 0, ∀ f ∈ S}.
A projective variety or projective algebraic set is a subset V of Pm such that V = V (S)
for some set S of homogeneous polynomials in F [X0, X1, . . . , Xm] . If the set S consists of
only linear homogeneous polynomials, then the variety V = V (S) is called linear variety.
Definition 4.3.2. Let V be a projective variety in Pm(F ). Then the ideal
I(V ) :=< {f ∈ F [X0, . . . , Xm] : f is homogeneous and f(c) = 0,∀c ∈ V } >
generated by homogeneous polynomials which vanish on V , is a homogeneous ideal of
F [X0, X1, . . . , Xm] and is called the homogeneous ideal of V .
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 41
Definition 4.3.3. Let V be a projective algebraic set in Pm. We say that V is reducible if
V = V1 ∪ V2, where V1, V2 are algebraic sets in Pm, and Vi 6= V , i = 1, 2. We say that V is
irreducible if V is nonempty and V is not reducible.
Proposition 4.3.4. A projective algebraic set V ⊂ Pm is irreducible if and only if I(V ) is
prime.
Proposition 4.3.5. Any projective algebraic set can be written uniquely as a finite union
of irreducible subvarieties, called its irreducible components.
Definition 4.3.6. The dimension of an irreducible variety V ⊂ Pm is the supremum of
all integers m such that there exists a chain of distinct irreducible subvarieties V0 ⊂ V1 ⊂
· · · ⊂ Vm = V . In general, the dimension of a variety is the maximum dimension of its
irreducible components. The dimension of V is denoted by dimV .
Definition 4.3.7. The codimension of a projective variety V ⊂ Pm is the number
codimV = m− dimV .
Of course, the codimension depends on the ambient space: A line in the plane has
codimension one, whereas a line in 3-space has codimension two.
Definition 4.3.8. The degree of the projective variety V in Pm is the greatest possible
number of intersection points of V with a linear subvariety L ⊂ Pm of dimension equal to
the codimension of V :
deg(V ) := max{|V ∩ L| < ∞ : L is linear subvariety in Pm, dimL+ dimV = m}.
Fact: A subvariety of Pm has degree one if and only if it is a linear subvariety.
Example 4.3.9. The degree of the conic V (yz − x2) ⊂ P2(C) is 2, because a typical line
meets a conic in two points.
Proposition 4.3.10. Every irreducible component of a hypersurface has codimension 1.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 42
Proposition 4.3.11. If f is an irreducible homogeneous polynomial of degree u, then degree
of the hypersurface V (f) ⊂ Pm is u.
Definition 4.3.12. A projective variety V in Pm is called a complete intersection if its
homogeneous ideal I(V ) can be generated by exactly codim(V ) elements.
Example 4.3.13. The twisted cubic V in P3(C) is the intersection of two surfaces defined
by xw = y2 and xw2 = z3, the radical homogeneous ideal of V can not be generated by
two elements. However , this ideal can be generated by three polynomials,
I(V ) = (y2 − xz, z2 − wy, xw − yz) ⊆ C[x, y, z, w].
It can be checked that no two of these polynomials suffice to generate I(V ): Any two cut
out a reducible variety consisting of the twisted cubic plus a line.
We observe that although the twisted cubic curve in P3 has codimension two, its radical
homogeneous ideal requires more than two generators. The twisted cubic is not a complete
intersection of two surfaces.
Notice that a complete intersection V is the intersection of codimV hypersurfaces,
namely, the hypersurfaces whose equations generate the radical ideal of V . However, the
twisted cubic tells us that not every variety is complete intersection, even when the variety
is the intersection of codimV hypersurfaces. The twisted cubic belongs to the somewhat
broader class of varieties that are “set theoretically” like complete intersection.
Definition 4.3.14. A projective variety V of codimension c in Pm is called a set theoretic
complete intersection if V is the intersection of c hypersurfaces.
Of course, every complete intersection is a set-theoretic complete intersection. The
difference is that while a set-theoretic complete intersection is defined by an ideal generated
by c elements, we do not require that this ideal to be a radical ideal.
Proposition 4.3.15. If V = V (f1, · · · , fc) is a complete intersection, then
deg V = deg f1. deg f2 · · · deg fc,
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 43
where c = codimV .
4.3.2 Boguslavasky’s Inequality
We recall the following Proposition proved in [1, 14], which gives the cardinality of a general
projective algebraic set over a finite field.
Proposition 4.3.16. Let X ⊂ Pm(Fq) be an algebraic set of degree δ and dimension s.
Then |X| ≤ δπs.
In the following Proposition, we present a simpler version of the proof of Boguslavasky,
although, in same lines.
Proposition 4.3.17. (Boguslavsky) Let F1, F2 ∈ Fq[X0, . . . , Xm] be linearly independent
homogeneous polynomials of degree u such that u < q − 1. Then the projective algebraic
set X := V (F1, F2) = {c = (c0, . . . , cm) ∈ Pm(Fq) : F1(c) = F2(c) = 0} has at most
(u− 1)qm−1 + πm−2 + qm−2 elements.
Proof. Write F1 =t∏
i=1
faii and F2 =
t∏i=1
f bii , where f ′
is are factors of F1 and F2 over Fq such
that fi - fj, ∀i 6= j and ai, bi ≥ 0 ∀ i. Define G :=t∏
i=1
fmin(ai,bi)i ∈ Fq[X0, . . . , Xm]. Let
degree of G be v and, Y := V (G) = {c ∈ Pm(Fq) : G(c) = 0}. We have, 0 ≤ v ≤ u − 1
and the degree of the hypersurface Y is same as the degree of its defining polynomial G,
that is, v. By Proposition 4.2.2, |Y | ≤ vqm−1 + πm−2. Let X ′ = V (F1
G, F2
G). Then clearly
X = X ′∪Y . Note that, by Krull’s Principal Ideal Theorem, height of the ideal (F1
G, F2
G) ≤ 2.
One can easily see that ht(F1
G, F2
G) is infact 2 as gcd(F1
G, F2
G) = 1. We have,
dim(X ′) = dimV (F1
G,F2
G) = dim
Fq[X0 : X1 : · · · : Xm]
(F1
G, F2
G)
− 1 = m− 2.
This shows that X ′ is complete intersection and hence degree of X ′ is δ = (u − v)2 (by
Proposition 4.3.15). Thus by Proposition 4.3.16, |X ′| ≤ (u− v)2πm−2. We analyze three
cases.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 44
Case 1: v = 0.
In this case, X = X ′ and |X| ≤ u2πm−2. So
|X| ≤ u2πm−2
= (u2 − 1)πm−2 + πm−2
≤ (u− 1)(q − 1)πm−2 + πm−2, since u < q − 1
= (u− 1)(qm−1 − 1) + πm−1
< (u− 1)qm−1 + qm−2 + πm−2.
Case 2: 0 < v < u− 1.
In this case, |X| ≤ |Y |+ |X ′| ≤ vqm−1 + πm−2 + (u− v)2πm−2. This implies that,
|X|− (u−1)qm−1−qm−2−πm−2 ≤ − 1
q − 1(qm−1(u−v−1)(q−u+v−2)+(u−v)2−qm−2).
Since 0 < v < (u− 1) ⇒ u− v − 1 > 0. Also q − 1 > u ⇒ q − u+ v − 2 > 0. So
qm−1(u− v − 1)(q − u+ v − 2)− qm−2 ≥ qm−1 − qm−2 > 0
⇒ − 1
q − 1(qm−1(d− u− 1)(q − u+ v − 2) + (u− v)2 − qm−2) < 0
⇒ |X| ≤ (u− 1)qm−1 + qm−2 + πm−2.
Case 3: v = u− 1.
We have deg(X ′) = 1, so X ′ is a linear subspace of codimension 2. We can not apply
Proposition 4.2.2 directly, since we would get
|X| ≤ |Y |+ |X ′| ≤ (u− 1)qm−1 + πm−2 + πm−2
> (u− 1)qm−1 + qm−2 + πm−2.
If Y contains an Fq-hyperplane H, then Y ∩ X ′ contains a linear subspace of dimension
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 45
m− 3, hence
|X| ≤ |Y |+ |X ′| − πm−3 ≤ (u− 1)qm−1 + πm−2 + πm−2 − πm−3
= (u− 1)qm−1 + qm−2 + πm−2.
Suppose Y does not contain any Fq-hyperplane, then G is not identically zero on any
hyperplane H and hence we can apply Serre’s inequality to get,
|Y ∩H| ≤ (u− 1)qm−2 + pm−3.
As in the proof of Proposition 4.3.16, we use the induction on the dimension m and Serre’s
construction.
The casem = 1 is trivial (as in this case there are two linearly independent homogeneous
polynomials in two variables which can not have more than u− 1 zeros in common). Now
suppose we proved the Proposition for the dimension m−1. If Y ⊂ X ′ then the Proposition
is evident. Otherwise fix an Fq-point Q ∈ (Y \X ′). There exists a unique hyperplane H0
passing through Q and X ′. Since X ′ ⊆ H0, this would imply that X ′ ∩H0 = X ′.
Now,
X = Y ∪X ′
⇒ H0 ∩X = (H0 ∩ Y ) ∪ (H0 ∩X ′) = (H0 ∩ Y ) ∪X ′
⇒ |H0 ∩X| ≤ |H0 ∩ Y |+ |X ′| ≤ (u− 1)qm−2 + πm−3 + πm−2.
For any other hyperplane H 6= H0 passing through Q, G is not identically zero on H (as if
it is so then Y ⊃ H, which is a contradiction) and F1
G, F1
Gare also not identically zero on
H ( as it will give contradiction to the uniqueness of H0). This would inturn imply that
F1, F2 are not identically zero on H. Therefore by the induction hypothesis,
|H ∩X| ≤ (u− 1)qm−2 + qm−3 + πm−3.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 46
Consider the set
T := {(H,P ) ∈ Pm∗ × Pm : H is hyperplane passing through Q and P ∈ H ∩X, P 6= Q}.
We compute the number of Fq-points in this set by two different ways.
We have |X| − 1 ways of selecting a point P ∈ X such that P 6= Q and for each P we
have πm−2 ways of selecting H passing through P and Q. On the other hand, we can first
select one of πm−1 hyperplanes in Pm passing through Q and then select one of points in
(H ∩X) \Q. Thus,
(|X| − 1)πm−2 =∑
H 6=H0
(|H ∩X| − 1) + |H0 ∩X| − 1
≤ πm−1((u− 1)qm−2 + qm−3 + πm−3 − 1) + πm−2 − qm−3.
Therefore,
|X| ≤ 1 +πm−1
πm−2
((u− 1)qm−2 + qm−3 + πm−3 − 1) +πm−2 − qm−3
πm−2
= (u− 1)qm−1 + qm−2 + πm−2 +1
πm−2
(qm−2(u− 1− q) + πm−3).
We have u ≤ q; thus, qm−2(u− 1− q) + πm−3 < 0 and |X| < (u− 1)qm−1 + qm−2 + πm−2.
This completes the proof the theorem.
4.4 Connection with Coding Theory
Before defing affine and projective Reed-Muller codes, we recall the following elementry
results about polynomials over finite fields.
4.4.1 Polynomials Over Fq
Lemma 4.4.1. If f(X) ∈ Fq[X] with deg f(X) < q and f(a) = 0 ∀ a ∈ Fq, then f = 0.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 47
Proof. It is clear, since f has at most deg f roots.
Proposition 4.4.2. Let f(X1, . . . , Xm) ∈ Fq[X1, . . . , Xm] with degree of f in each variable
is < q. If f(a1, . . . , am) = 0, ∀ (a1, . . . , am) ∈ Am(Fq), then f = 0.
Proof. We apply induction on m. The case m = 1 is clear by Lemma 4.4.1. Let m ≥ 2,
and write
f(X1, . . . , Xm) =∑j
fj(X1, . . . , Xm−1)Xjm
as a polynomial in Xm with coefficients in Fq[X1, . . . , Xm−1]. Given any (a1, . . . , am−1) ∈
Fm−1q , the polynomial g(Xm) := f(a1, . . . , am−1, Xm) is of degree < q and it vanishes at
each am ∈ Fq. So by Lemma 4.4.1, g(am) = 0 for each am ∈ Fq. By induction hypothesis,
fj(X1, . . . , Xm−1) = 0. Hence f = 0.
Proposition 4.4.3. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be homogeneous polynomial with
deg f < q. If f(a0, . . . , am) = 0 ∀ (a0, . . . , am) ∈ Pm(Fq), then f = 0.
Proof. Follows from Proposition 4.4.2.
4.4.2 Generalized Hamming Weights
Definition 4.4.4. Let Fq denote the finite field with q elements and let n, k be integers
with 1 ≤ k ≤ n. A linear [n, k]q-code is, by definition, a k-dimensional subspace C of the
n-dimensional vector space Fnq . .
The parameters n and k are referred to as length and dimension of the corresponding
code. If C is an [n, k]q-code, then the minimum distance d = d(C) of C is given by
d(C) := min{|χ(x)| : x ∈ C, x 6= 0}
where χ(x) := {i ∈ {1, . . . , n} : xi 6= 0} is defined to be support of x in Fnq .
More generally, support of a subspace D of C is defined by
χ(D) := {i : ∃ (x1, x2, ..., xn) ∈ D such that xi 6= 0}.
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 48
The r-th generalized Hamming weight of linear code C is the minimal support size of r-
dimensional subcodes of C, that is,
dr(C) := min{|χ(D)| : D is a subspace of C with dimD = r}.
Note that d1(C) equals to the minimum Hamming distance d of C.
Proposition 4.4.5. (Monotonicity) For an [n, k]q linear code C with k > 0, we have
1 ≤ d = d1(C) < d2(C) < . . . < dk(C) ≤ n.
Proof. That 1 ≤ dr−1(C) ≤ dr(C) ≤ n is trivial; it remains to prove that strict inequalities
hold. Let subcode D has |χ(D)| = dr(C) and dim(D) = r. Let i ∈ χ(D) and
Di := {x ∈ D : xi = 0}.
Then dimDi = r − 1 and dr−1(C) ≤ |χ(Di)| ≤ |χ(D)| − 1 = dr(C) − 1. Hence dr−1(C) <
dr(C).
Definition 4.4.6. The k-tuple of all generalized weights (d1, d2, . . . , dk) is called the
weight hierarchy of a code.
4.4.3 Affine Reed-Muller codes
Let q be a power of a prime number. Choose an integer u < q. Denote by Fq[X1, . . . , Xm]≤u
the space of polynomials of degree ≤ u with m variables and with coefficients in Fq. Since
u < q, therefore by Proposition 4.4.2, the space Fq[X1, . . . , Xm]≤u can be seen as a space
of polynomial functions on the affine space Am(Fq). The classical generalized Reed-Muller
code of order u, which we denote as Rq(u, Am), is the image of the injective map
c : Fq[X1, . . . , Xm]≤u −→ F|V |q ,
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 49
where we have put V = Am(Fq), defined by
c(f) := (f(a))a∈V .
Clearly, length of affine Reed-Muller codes is qm and dimension is(u+mm
). since the maximal
number of zeroes in Am(Fq) of a polynomial of degree u is equal to uqm−1 [ by Proposition
4.1.2 ], the minimal distance of this code is equal to (q − u)qm−1. The higher weights
of affine Reed-Muller Codes Rq(u, Am) of order u have been computed by Heijnen and
Pellikaan in [22 ], which is equivalent to solving Question 3 as stated in begining of this
Chapter.
4.4.4 Projective Reed-Muller codes
We denote by Fq[X0, X1, . . . , Xm]u the Fq-vector space of those f ∈ Fq[X0, X1, . . . , Xm]
such that f is homogeneous and deg f = u. If f ∈ Fq[X1, . . . , Xm]≤u, define
f(X0, X1, . . . , Xm) = Xu0 f(X1/X0, . . . , Xm/X0),
then f ∈ Fq[X0, X1, . . . , Xm]u; the map f −→ f is an isomorphism
Fq[X1, . . . , Xm]≤u −→ Fq[X0, X1, . . . , Xm]u;
we therefore also have
dimFq[X0, X1, . . . , Xm]u =
(m+ u
u
).
Now let V = Pm(Fq). We have,
V =m∐i=0
Wi
where Wi = {(a0, a1, . . . , am) ∈ Pm(Fq) : a0 = a1 = . . . = ai−1 = 0 and ai 6= 0}.
We define a linear map
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 50
c : Fq[X0, X1, . . . , Xm]u −→ F|V |q
in the following way: firstly for a ∈ Pm(Fq) and f ∈ Fq[X0, X1, . . . , Xm]u, we set
ca(f) =f(a0, . . . , am)
auiif a = (a0, . . . , am) ∈ Wi;
the value of ca(f) is unchanged if we replace (a0, . . . , am) by (λa0, . . . , λam), i.e, it is inde-
pendent of any representative of (a0, . . . , am). We then define the map c as
c(f) = (ca(f))a∈V .
When u < q, the map c is injective due to the Proposition 4.4.3.
The image of c defines a code Rq(u, Pm) ⊂ F|V |q , which we call the projective Reed-
Muller code of order u on Pm.
As a consequence of the Serre’s inequality [Proposition 4.2.2], we have the following Propo-
sition given in [26].
Proposition 4.4.7. Assume that u < q. The code Rq(u, Pm) has parameters
length Rq(u,Pm) = πm,
dim Rq(u,Pm) =
(u+m
u
),
d = d1 = dist Rq(u, Pm) = (q − u+ 1)qm−1.
Proof. As we know projective Reed-Muller code is the image of the following injective map
c : Fq[X0, X1, . . . , Xm]u ↪→ F|V |q
defined by
c(f) = (ca(f))a∈V .
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 51
So
length Rq(u, Pm) = |V | = |Pm(Fq)| = πm
and
dim Rq(u, Pm) = dimFq[X0, . . . , Xm]u =
(u+m
u
).
Since the number |V (f)| is equal to the number of a ∈ Pm such that ca(f) = 0, i.e., to the
number of null coordinates of the codeword c(f), hence
d = d1 = dist Rq(u, Pm) = πm − (uqm−1 + πm−2) = (q − u+ 1)qm−1.
This completes the proof.
4.4.5 Tsfasman-Boguslavasky’s Conjecture
The plausible higher weights of the Projective Reed-Muller codes are given by a conjecture
due to Tsfasman and Boguslavsky [1]. We explain the conjecture as below.
Each monomial of degree u in m+ 1 variables is determined by its exponent vector, which
is an (m+1)-tuple of nonnegative integers whose sum is u. We arrange these(u+mu
)tuples
in decreasing order lexicographically. For example, if m > 1, then the first three tuples are
(u, 0, 0, . . . , 0), (u− 1, 1, 0 . . . , 0), (u− 1, 0, 1, . . . , 0).
Conjecture 4.1. (Boguslavsky-Tsfasman) Let r be any integer such that 1 ≤ r ≤(u+mu
). Let (ν1, . . . , νm+1) be the r-th tuple in the list of exponent vectors of monomials of
degree u in m+ 1 variables, and let j = min{i : 1 ≤ i ≤ m+ 1 and νi 6= 0}. Then the r-th
higher weight dr of Rq(u, Pm) is given by
dr = πm − πm−2j −m∑i=j
νi(πm−i − πm−i−j). (4.1)
In a geometric language, the above conjecture is equivalent to solving Question 4 as
CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 52
stated in the begining of this Chapter. Indeed this number is the same as πm − dr with
dr as given in (4.1). The validity of the conjecture in some special cases follows as a
consequence of the theorems which were discussed in earlier sections. For example, when
r = 1, the right hand side of (4.1) equals πm − uqm−1 − πm−2 = (q − u+ 1)qm−1, and thus
(4.1) is a consequence of Proposition 4.2.2 (proved by Serre in 1991), while in the case of
r = 2, the conjecture follows from Proposition 4.3.2 (proved by Boguslavasky in 1997), and
so in this case
d2 =
πm − πm−2 if u = 1
πm − (u− 1)qm−1 − πm−2 − qm−2 if u > 1
In case when u = 1, the above conjecture is true for any r by simple Linear Algebra.
However, the general case is still an open problem.
Chapter 5
Codes Associated to Determinantal
Varieties
Linear error correcting codes associated to higher dimensional projective algebraic varieties
have been of some recent interest. We cite, in particular, the study of codes on hermitian
hypersurfaces by Hirschfeld [23], codes on del Pezzo surfaces by Boguslavasky [2], codes
associated to Grassmannians by Nogin [36], and by Ghorpade, Patil and Pillai [16], Reed-
Muller codes on complete intersections by Duursma, Renteria and Tapia-Recillas [7], codes
associated to Schubert varieties by Ghorpade and Lachaud [14] as well as Ghorpade and
Tsfasman [15] and also by Hansen, Johnsen and Ranestad [20], and codes associated to
flag varieties by Rodier [39]
In this chapter, we discuss a new class of codes associated to determinantal varieties,
called determinantal codes. It is convenient to define these using the language of projective
systems of Tsfasman and Vladut [45]. Basic facts about projective systems are reviewed
in Section 5.1 below. We discuss the determinantal varieties and certain important facts
concerning them in Section 5.2. Finally, in Section 5.3 we show that the determinantal
codes are nondegenerate and obtain their length and dimension. Moreover, in a special
case, we obtain a lower bound for the minimum distance of determinantal codes.
53
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 54
5.1 Linear codes and projective systems
In order to study codes associated to projective varieties over finite fields (algebraic geo-
metric codes) a notion of projective system was introduced by Tafasman and Vladut in
their book [46]. Here we explain this notion in a greater detail.
Definition 5.1.1. An [n, k]q-projective system X is collection of n not necessarily distinct
points in the (k − 1)-dimensional projective space Pk−1Fq
over Fq.
This notion is almost equivalent to that of a linear code and explains the use of algebraic
geometry in coding theory. The parameters n, k, d are defined as follows:
n = |X|, k = dimPk−1 + 1, d = n−maxH
|X ∩H|.
For a linear [n, k]q-code C, we have already defined the generalized Hamming weights in
Chapter 4 as follows:
dr(C) := min{|χ(D)| : D ⊆ C, dimD = r}.
In geometric terms, the definition of dr = dr(X) is even more natural, it just imitates that
of d = d1, namely
dr = n−maxΠ
{|X ∩ Π| : Π a projective subspace of codimension r in Pk−1},
where multiple points of X are counted according to their multiplicity.
Definition 5.1.2. A projective system X is called nondegenerate if it is not contained in
a hyperplane.
Definition 5.1.3. Two systems X1 and X2 in P = Pk−1 = P(V ) are called equivalent if
there is a projective automorphism of P mapping X1 to X2, i.e., if there is a nondegenerate
linear map on V mapping lines of X1 to lines of X2. Projective automorphism form a group
denoted PGL(k, Fq).
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 55
Definition 5.1.4. A code C is called nondegenerate if it is not contained in a coordinate
hyperplane. Otherwise it is called degenerate.
Definition 5.1.5. Two codes C1 and C2 are said to be equivalent if C2 can be obtained
from C1 by interchanging coordinates and multiplying them by nonzero elements of Fq. It
can be put in a slightly different way: The group G = (F∗q)
n o Sn (semidirect product)
having (q − 1)n! elements acts on Fnq and C1 is equivalent to C2 if C2 = g(C1) for some
g ∈ G.
Proposition 5.1.6. There is a natural one-to-one correspondence between the set of equiv-
alence classes of nondegenerate projective [n, k]q-systems and the set of equivalence classes
of nondegenerate linear [n, k]q-codes. The correspondence also preserves the parameters
n, k, d1, d2, . . . , dk.
Proof. Let C ⊂ Fnq be nondegenerate linear [n, k]q-code. Define the coordinate maps
xi : C −→ Fq
as
(c1, c2, · · · cn) 7→ ci
Notice that xi is a point of the dual space C∗ of linear forms on C. Since for a nondegenerate
code C, xi 6= 0, it defines a line in C∗, i.e., a point of the corresponding projective space
Pk−1 = P(C∗). Thus we get a projective system X = {x1, . . . , xn} consisting of n not
necessarily distinct points in Pk−1. One can prove that X is also nondegenearte.
Now we are in position to define a map from
C := {[C] : C ⊂ F nq is nondegenerate linear [n, k]q − code}
to
X := {[X] : X ⊂ Pk−1 is nondegenerate projective [n, k]q − system}
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 56
as follows
Ψ : C −→ X
[C] 7−→ [X]
It is easy see that this map Ψ is well defined and injective. A system X = {x1, . . . , xn}
in P = P(V ), after being arbitrarily lifted to Y = {y1, . . . , yn} in V (choose a vector in
each line) defines n linear forms V ∗. This gives a map
φ : V ∗ −→ Fnq
defined by
f 7−→ (f(y1), . . . , f(yn)),
whose image is a linear code C. If X is nondegenerate, this map is injective.
It is not difficult to see that C = Imφ is nondegenerate linear [n, k]q-code. Moreover,
one can also prove that Ψ([C]) = [X], which will prove that Ψ is surjective.
To prove that the parameters match, we observe that a subcode D ⊂ C of dimension r
corresponds to the set of elements of C∗ vanishing on D, i.e., to the subspace D∗ ⊂ C∗ of
codimension r and, therefore, to a plane of codimension r in Pk−1. The weight of a subcode
D equals the number of coordinate forms not vanishing on it, i.e., the number of points of
X not lying on this plane of codimension r.
5.2 Determinantal varieties over finite fields
Definition 5.2.1. Let Fq be a field with q elements and let X = (Xij) be an ` × m
matrix whose entries are independent indeterminates over Fq, and let Fq[X] denote the
corresponding ring of polynomials. Given a positive integer t ≤ min{`,m}, let It+1 denote
the ideal in Fq[X] generated by all (t + 1) × (t + 1) minors of X. Then the variety Mt
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 57
corresponding to the ideal It+1 is a projective variety in P`m−1(Fq) and known as the generic
determinantal variety.
In order to find the number of Fq-rational points on the determinantal variety Mt ⊂
P`m−1, we need the following Lemmas.
Lemma 5.2.2. The number of ordered t linearly independent vectors in Fmq is given by
(qm − 1)(qm − q)(qm − q2) · · · (qm − qt−1).
Proof. The first vector is any non-zero vector and each succeeding vector must avoid the
span of the previous vectors.
Lemma 5.2.3. The number of t-dimensional subspaces of Fmq is given by the q-binomial
coefficient mt
q
=(qm − 1)(qm − q) . . . (qm − qt−1)
(qt − 1)(qt − q) . . . (qt − qt−1).
Proof. Number of distinct t-dimensional subspaces
= Number of distinct L.I. sets of cardinality t in Fmq
=Number of all L.I. sets of cardinality t in Fm
q
Number of L.I. sets of cardinality t in Fmq which generate the same subspace
Look at the case of numerator. The first nonzero vector in Fmq can be chosen in qm − 1
ways. There are q multiples of this vector. So the second vector can be chosen in qm − q
ways. The number of elements in the span of these two vectors is q2. So the third vector
can be chosen in qm − q2 ways. Continuing in this way, the t th vector can be chosen in
qm − qt−1 ways.
Therefore
Numerator = (qm − 1)(qm − q) . . . (qm − qt−1).
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 58
Similarly
Denominator = (qt − 1)(qt − q) . . . (qt − qt−1).
Hence the number of distinct t-dimensional subspaces
=(qm − 1)(qm − q) . . . (qm − qt−1)
(qt − 1)(qt − q) . . . (qt − qt−1).
This completes the proof.
Now using the above two Lemmas, we give a proof of the following result of Landsberg
[27].
Proposition 5.2.4. The number of `×m matrices over Fq of rank t is given by
Rt(`,m) = qt2−t
2
t−1∏i=0
(q`−i − 1)(qm−i − 1)
qi+1 − 1if t ≥ 1
R0(`,m) = 1.
Proof. For a fixed t-dimensional subspace W ⊂ F`q, the number of matrices with W as the
column space is equal to the number of t×m matrices of rank t. Such a matrix is given by
the t linearly independent row vectors of length m. The number of these vectors is given
by Lemma 5.2.2. The number of t-dimensional subspaces of F`q is
[`t
]q(by Lemma 5.2.3)
and the product is the number `×m matrices of rank t given by`t
q
(qm − 1)(qm − q) · · · (qm − qt−1).
By the same reasoning, the following expressionmt
q
(q` − 1)(q` − q) · · · (q` − qt−1)
gives the number of m× ` matrices of rank t. Both of the these expression are same as the
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 59
expression appearing in the statement of the Proposition.
We have the follwing immediate corollary of the Proposition 5.2.4
Corollary 5.2.5. The size n of the determinantal variety Mt is given by
n := |Mt| =t∑
j=1
qj2−j
2
(q − 1).
j−1∏i=0
(q`−i − 1)(qm−i − 1)
(qi+1 − 1).
5.3 Determinantal codes and their basic parameters
Before defining codes associated to determinantal varieties, we prove the following Propo-
sition about the nondegeneracy of a general projective variety.
Proposition 5.3.1. Let V be a projective variety in the projective space PN−1. Let I =
I(V ) be the homogeneous ideal corresponding to V . Then the least M such that V is
nondegenerate in PM−1 is given by
HR(1) = dimS1
I1
where HR denote the Hilbert function of the coordinate ring R of V , S1 is the 1st graded
component of the ring S := Fq[T1, . . . , Tn] w.r.t. its natural gradation and I1 = I ∩ S1.
Proof. Proof follows from the fact that V is contained in a linear subvariety L ' PM−1
if and only if there exist (N − M) linearly independent linear homogeneous polynomials
f1, . . . , fN−M in I1.
By using the Proposition 5.3.1 and the formula for the Hilbert function of the determi-
nantal varieties as computed by Abhyankar [see, e.g., 11] or otherwise, one may easily see
that the determinantal variety Mt is nongenerate in P`m−1. Thus, we get a nondegenerate
projective [n, k]q-system in Pk−1 with
k = `m and n = |Mt| =t∑
j=1
qj2−j
2
(q − 1).
j−1∏i=0
(q`−i − 1)(qm−i − 1)
(qi+1 − 1).
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 60
In view of Proposition 5.1.6, we may now define determinantal code over finite fields.
Definition 5.3.2. A nondegenerate linear [n, k]q-code corresponding to this projective
system is called the determinantal code.
We denote this code by Dt(`,m). The dimension k and length n of the determiantal
codes D(n, k) are given by the following formule.
dimDt(`,m) = k = `m
and
lengthDt(`,m) = n =t∑
j=1
qj2−j
2
(q − 1).
j−1∏i=0
(q`−i − 1)(qm−i − 1)
(qi+1 − 1)
By using Proposition 4.2.2 given in Chapter 4, we shall now give lower bound for the
minimum distace in a special case of determinantal varieteis in the following Proposition.
Proposition 5.3.3. Let Mt be the determinantal variety corresponding to the case ` = m
and t = `− 1. Then the minimum distance of the corresponding code satisfy the following
inequality
d ≥ q`2−1 + q`
2−2 + (1− `)q`2−3 − q
`(`−1)2
∏i=2
(qi − 1).
This bound is attained in the case ` = m = 2.
Proof. In case of ` = m and t = `− 1, the determinantal variety Mt in P`2−1 is given by
Mt = {(Xij) : det(Xij) = 0}.
By using Corollary 5.2.5 or by direct calculation of counting non-zero singular matrices (as
given below), one sees that
|Mt| =[(q2 − 1)− |GL`(Fq)|]
(q − 1)= q`
2−1 + q`2−2 + q`
2−3 + π`2−4 − q`(`−1)
2
∏i=2
(qi − 1).
CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 61
In order to find minimum distance of the coresponding determinantal code, we need to
determine maximum number of Fq-rational point in hyperplane section of the determinantal
Variety Mt. If H is a hyperplane in P`2−1, then it is easy to see that Mt∩H is homogeneous
polynomial of degree ` in `2−1 variables, i.e. a hypersurface of degree ` in P`2−2. Therefore,
by using Proposition 4.2.2, we have,
|Mt ∩H| ≤ `q`2−3 + π`2−4.
Hence the minimum distance d (= |Mt| −maxH
|Mt ∩H|) satisfy the following
d ≥ q`2−1 + q`
2−2 + (1− `)q`2−3 − q
`(`−1)2
∏i=2
(qi − 1).
If we take ` = m = 2 (hence t = 1), then we get |Mt ∩H| ≤ 2q + 1. This bound is actu-
ally attained if one intersects the determinantal variety with the coordinate hyperplanes.
Therefore, in this case, maxH
|Mt ∩ H| = 2q + 1. Consequently, the minimum distance is
precisely given by
d = |Mt| − (2q + 1) = (q2 + 2q + 1)− (2q + 1) = q2.
This completes the proof.
It is an open problem to determine the minimum distance and more generally, all the
higher weights of arbitrary determinantal codes.
Bibliography
[1] M. Boguslavsky, On the number of solutions of polynomial systems, Finite Fields
Appl. 3, (1997), 287-299.
[2] M. Boguslavsky, Sections of del Pezzo surfaces and generalized weights, Prob-
lems Inform. Transmission 34 (1998), no.1, pp. 14–24
[3] N. Bourbaki, Algebre, Chapitres 4 a 7, Masson, Paris, 1981.
[4] A. Cossidente and M. J. de Resmini, Remarks on Singer cyclic groups and their
normalizers, Des. Codes Cryptogr. 32 (2004), 97–102.
[5] M. C. Crabb, Counting nilpotent endomorphisms, Finite Fields Appl. 12 (2006),
151–154.
[6] M. R. Darafsheh, Order of elements in the groups related to the general linear
group, Finite Fields Appl. 11 (2005), 738-747.
[7] I. Duursma, C. Renteria, H. Tapia-Recillas, Reed-Muller codes on complete
intersections, AAECC 11 (2001), pp. 455–462.
[8] N. J. Fine and I. N. Herstein, The probability that a matrix be nilpotent, Illinois
J. Math. 2 (1958), 499–504.
[9] W. Fulton, Algebraic Curves: An Introduction to Algebraic Geometry, Notes
written with the collaboration of Richard Weiss, Addition-Wesley Publishing
Company, (1989).
62
BIBLIOGRAPHY 63
[10] M. Gerstenhaber, On the number of nilpotent matrices with coefficients in a
finite field, Illinois J. Math. 5 (1961), 330–333.
[11] S. R. Ghorpade, Young bitableaux, lattice paths and Hilbert functions, J. Statist.
Plann. Inference (Special issue on lattice path combinatorics and applications),
Vol. 54(1996), pp. 55–66.
[12] S. R. Ghorpade and G. Lachaud, Higher weights of Grassmann codes, in: “Cod-
ing Theory, Cryptography and Related Areas” (Guanajuato, 1998), J. Buch-
mann, T. Hoeholdt, H. Stichtenoth and H. Tapia-Recillas Eds., Springer-Verlag,
Berlin/Heidelberg, 2000, pp. 122–131.
[13] S. R. Ghorpade and G. Lachaud, Number of solutions of equations over finite
fields, and a conjecture of Lang and Weil, in: Number Theory and Discrete
Mathematics (Chandigarh, 2000), Trends in Math., Birkhauser, Basel (2002),
pp. 269–291.
[14] S. R. Ghorpade and G. Lachaud, Etale Cohomology, Lefschetz Theorems and
Number of Singular Varities over finite fields, Moscow Mathematical Journal,
Vol.2, No.3 (2002), pp. 589–631.
[15] S. R. Ghorpade and M. A. Tsfasman, Schubert varieties, linear codes and enu-
merative combinatorics, Finite Fields Appl., Vol. 11, No. 4 (2005), pp. 684–699.
[16] S. R. Ghorpade, A. R. Patil and H. K. Pillai, Decomposable subspaces, linear
sections of Grassmann varieties, and higher weights of Grassmann codes, Finite
Fields Appl. Vol. 15, No. 1 (2009), pp. 54–68.
[17] S. R. Ghorpade, S. U. Hasan, M. Kumari, Primitive polynomials, Singer cycles,
and word-oriented linear feedback shift registers, arXiv.math/0904.1331, (2009),
pp. 11, Submitted for publication.
[18] S. W. Golomb, Shift Register Sequences, Holden-Day, San Francisco, 1967.
BIBLIOGRAPHY 64
[19] E. J. Groth, Generation of binary sequences with controllable complexity, IEEE
Trans. Inform. Theory, 17 (1971), pp. 288–296.
[20] J. P. Hansen, T. Johnsen, and K. Ranestad, Schubert unions in Grassmann
varieties, Finite Fields Appl., 13 (2007), 738–750.
[21] S. Hansen, Error-correcting codes from higher dimensional varieties, Finite
Fields Appl., 7 (2001), pp. 531–552.
[22] P. Heijnen and R. Pellikaan, Generalized Hamming weights of q-ary Reed-Muller
codes, IEEE Trans. Inform. Theory 44 (1998), 181–196.
[23] J. W. P. Hirschfled, M. Tsfasman, S. G. Vladut, The weight hierarchy of higher
dimensional Hermitian codes, IEEE Trans. Inform. Theory 40 (1994), pp. 275–
278.
[24] B. Huppert, Endliche Gruppen I, Springer-Verlag, Berlin, 1967.
[25] N. Jacobson, Basic Algebra I, 2nd Ed., W. H. Freeman, New York, 1985.
[26] G. Lachaud, The parameters of projective Reed-Muller codes, Discrete Math.
81, (1990) 217–221.
[27] G. L. Landsberg, Uber eine Anzahlbestimmung und eine damit zusammen-
hangende Reihe, J. Reine Angew. Math. 111 (1893), 234–253.
[28] C. D. Langford, Problem, Math. Gaz., 42 (1958), p. 228.
[29] R. Lidl and H. Niederreiter, Finite Fields, Enc. of Math. and its Appl., Vol. 20,
Cambridge University Press, Cambridge, 1983.
[30] J. B. Little, Algebraic geometry codes from higher dimensional varieties,
arXiv:0802.2349 (2008), pp. 26.
BIBLIOGRAPHY 65
[31] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone Handbook of applied
cryptography, CRC Press Series on Discrete Mathematics and its Applications,
CRC Press, Boca Raton, FL, 1997, With a foreword by Ronald L. Rivest.
[32] H. Niederreiter, Factorization of polynomials and some linear-algebra problems
over finite fields, Linear Algebra Appl. 192 (1993), pp. 301–328.
[33] H. Niederreiter, The multiple-recursive matrix method for psedorandom number
generation , Finite Fields Appl. 1 (1995), pp. 3–30.
[34] H. Niederreiter, Psedorandom vector generation by the multiple-recursive matrix
method, Math. Comp. 64 (1995), pp. 279–294.
[35] H. Niederreiter, Improved bound in the multiple-recursive matrix method for
psedorandom number and vector generation, Finite Fields Appl. 2 (1996), pp.
225–240.
[36] D. Yu. Nogin, Codes associated to Grassmannians, Arithmetic, Geometry and
Coding theory, R. Pellikan, M. Perret, S. G. Vladut. Eds., 145–154, Walter de
Gruyter, Berlin/ New York, (1996).
[37] B. Preneel, Introduction to the Proceedings of the Second Workshop on Fast
Software Encryption (Leuven, Belgium, Dec 1994), pp. 1–5, Lecture Notes in
Comput. Sci., 1008, Springer, Berlin, 1995.
[38] I. Reiner, On the number of matrices with given characteristic polynomial, Illi-
nois J. Math. 5 (1961), 324-329.
[39] F. Rodier, Codes from flag varieties over finite fields, J. Pure. Appl. Algebra,
187 (2003), pp. 203–214.
[40] J.-P. Serre, Letter a M. Tsfasman, Journees Arithmetiques de Luminy, (1989),
Asterisque 198-199-200 (1991), 149–156.
BIBLIOGRAPHY 66
[41] I. R. Shafarevich, Basic Algebraic Geometry, Second Edition, Springer-Verlag,
(1988).
[42] J. Singer, A theorem in finite projective geometry and some applications to
number theory, Trans. Amer. Math. Soc. 43 (1938), 377–385.
[43] K. E. Smith, L. Kahanpaa, W. Traves, An Invitation to Algebraic Geometry,
Springer-Verlag, (2000).
[44] A. B. Sørrensen, Projective Reed-Muller codes, IEEE Trans. Inform. Theory 37
(1991), 1567–1576.
[45] M. A. Tsfasman, S. G. Vladut, Algebraic Geometric Codes, Kluwer, Amsterdam,
(1991).
[46] M. A. Tsfasman, S. G. Vladut, Geometric approach to higher weights, IEEE
Trans. Inform. Theory, 41, (1995), 1564–1588.
[47] V. K. Wei, Generalised Hamming weights for linear codes, IEEE Trans. Inform.
Theory 37 , 1412–1418, (1991).
[48] G. Zeng, W. Han and K. He, Word-Oriented Feedback Shift Register: σ-
LFSR, http://eprint.iacr.org/2007/114 (Cryptology ePrint Archive: Report
2007/114).
[49] G. Zeng, W. Han, K. He and S. Fan High Efficiency Feedback Shift Register:
σ-LFSR, preprint 2008.