Codes on Algebraic Curves 9781461371670, 9781461547853, 1461371678
This is a self-contained introduction to algebraic curves over finite fields and geometric Goppa codes. There are four m
136 89 42MB
English Pages 363 [352] Year 2012
Polecaj historie
![Algebraic Curves [reprint of the 1st edition]
0387903615, 9780387903613](https://dokumen.pub/img/200x200/algebraic-curves-reprint-of-the-1st-edition-0387903615-9780387903613.jpg)
Citation preview
Codes on Algebraic Curves
Codes on Algebraic Curves Serguei A. Stepanov Bilkent University Ankara, Turkey and Steklov Mathematical Institute Moscow, Russia
Springer Science+Business Media, LLC
Llbrary of Congress Catalog1ng-ln-Publ1catlon Data
Stepanov, S. A. (Sergel Aleksandrovlch) Codes on algebralc curves / Serguel A. Stepanov. p.
cm.
Includes blbllographlcal references and Index.
ISBN 978-1-4613-7167-0 ISBN 978-1-4615-4785-3 (eBook) DOI 10.1007/978-1-4615-4785-3 1. Goppa cades.
2. Curves, Algebralc.
1. Tltle.
OA268.S74 1999 003'.54--dc21
98-47576
CIP
ISBN 978-1-4613-7167-0
© 1999 Springer Science+Business Media New York
Originally published by Kluwer Academic I Plenum Publishers in 1999
Softcover reprint of the hardcover 1si edilion 1999 1098765432 1
A C.I.P. record for this book is available from the Library ofCongress. AII rights reserved No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording, or otherwise, without written permission from the Publisher
Preface This is a self-contained introduction to algebraic curves over finite fields and geometric Goppa codes. There are four main divisions in the book. The first is a brief exposition of basic concepts and facts of the theory of error-correcting codes (Part I). The second is a complete presentation of the theory of algebraic curves, especially the curves defined over finite fields (Part II). The third is a detailed description of the theory of classical modular curves and their reduction modulo a prime number (Part III). The fourth (and basic) is the construction of geometric Goppa codes and the production of asymptotically good linear codes coming from algebraic curves over finite fields (Part IV). The theory of geometric Goppa codes is a fascinating topic where two extremes meet: the highly abstract and deep theory of algebraic (specifically modular) curves over finite fields and the very concrete problems in the engineering of information transmission. At the present time there are two essentially different ways to produce asymptotically good codes coming from algebraic curves over a finite field with an extremely large number of rational points. The first way, developed by M. A. Tsfasman, S. G. Vladut and Th. Zink [210], is rather difficult and assumes a serious acquaintance with the theory of modular curves and their reduction modulo a prime number. The second way, proposed recently by A. Garcia and H. Stichtenoth [53, 54, 56], is much easier and more explicit; the basic tools are the ramification theory of Artin-Schreier extensions and the Hurwitz genus formula. This book demonstrates both of these ways. Moreover, it contains various examples of particular geometric Goppa codes of admissible length, which have fairly good parameters and can be easily used in practice. For example, the author's recent constructions [188, 189] of linear codes on fiber products of hyperelliptic curves provides a family of sufficiently long codes with completely
v
vi
Preface
good parameters and easy construction and decoding algorithms. Recently, a series of effective decoding algorithms for geometric Goppa codes was worked out by several authors. Such algorithms decode up to half the minimum distance and have polynomial complexity. This book provides a detailed description of the most significant results on the decoding of geometric Goppa codes and concrete realizations of various decoding algorithms in the simplest case of plane projective curves. My purpose is to present these themes in a simple, easily understandable manner, and also to explain their close interconnection. At the same time I want to introduce topics which are at the forefront of current research. Numerous examples are given in the text and exercises, with the aim of making the material readable and interesting to mathematicians in fields far removed from the subject of the book. Some exercises are rather difficult and are intended for actively working readers. This book grew out of lectures I gave at the Institute of Mathematics of Academia Sinica (Beijing) in January-April of 1992. The excellent book of 1. H. van Lint and G. B. M. van der Geer, Introduction to Coding Theory and Algebraic Geometry [116], served as a guideline for organizing the material. Some constructions were adopted from a fundamental (but rather difficult for nonspecialists in algebraic geometry) work by M. A. Tsfasman and S. G. Vladut, Algebraic-Geometric Codes [208] and from the author's monograph Arithmetic of Algebraic Curves [187]. The presentation of the theory of classical modular curves and the construction of asymptotically good codes coming from these curves are fairly close to the approaches in N. Koblitz's, Introduction to Elliptic Curves and Modular Forms [96] and C. Moreno's, Algebraic Curves over Finite Fields [129]. The excellent survey article of Hoholdt and Pellikaan, On the Decoding of Algebraic-Geometric Codes [80], was extensively consulted to describe the contemporary state of the decoding of geometric Goppa codes. The book also contains a brief exposition of the theory of algebraic function fields over a finite constant field (in particular, the Artin-Schreier extensions of the rational function field). For a more detailed treatment of this theory see M. Deuring's, Lectures on the Theory ofAlgebraic Functions of One Variable [24] and H. Stichtenoth's, Algebraic Function Fields and Codes [197J. In order to be able to read this book a fairly thorough mathematical background is necessary. The most important area is certainly algebra (especially linear algebra and Galois theory), but the reader must also know some facts from elementary number theory, complex analysis and the theory of finite fields. For these I refer the reader to standard textbooks and also to R. Lidl and H. Niederreiter's, Finite Fields [114]. For a more extensive treatment of coding theory and the theory of modular curves I strongly recommend: F. 1. MacWilliams and N. 1. A. Sloane's, The Theory of Error-Correcting Codes [118J, and G. Shimura's, Introduction to the Arithmetic Theory ofAutomorphic Functions [176].
Preface
vii
I would like to express my gratitude to everyone at the Institute of Mathematics of Academia Sinica for their hospitality. I would especially like to thank Wang Yuan, Yang Lo and Feng Xu-ning for their constant encouragement and help during my stay in Beijing. I wish to express my gratitude to many people at Bilkent University (Ankara) for invaluable help in the final stage of preparation of the manuscript. Specifically, I would like to thank Alexander Klyachko, Vladimir Kurakin and Sinan Sertoz for their careful reading of the original draft and their many useful comments. Finally, I wish to thank Ferruh Ozbudak for having typed most ofthe chapters and Theresa Caner for having proofread.
Bilkent, Ankara September 1997
Serguei A. Stepanov
Contents
I.
Error-Correcting Codes
Chapter 1 Codes and Their Parameters 1.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2. Finite Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3. Linear Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4. Spectrum and Duality . . . . . . . . . . . . . . . . . . . . . . . . Exercises
. . . .
ix
15
20
Chapter 2 Bounds on Codes 2.1. Upper Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.2. The Linear Programming Bound . . . . . . . . . . . . . . . . . . 2.3. Lower Bounds . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . Exercises Chapter 3 Examples and Constructions 3.1. Codes of Genus Zero . . . . . . . . . . . . . . . . . . . . . . . . 3.2. Some Families of Codes . . . . . . . . . . . . . . . . . . . . . . 3.3. Constructing Codes from other Codes . . . . . . . . . . . . . . Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 3 5 13
25 26 32
35 37
41 . . . .
41 46
60 64
x
Contents
II. Algebraic Curves and Varieties Chapter 4
Algebraic Curves 4.1. Algebraic Varieties . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2. Non-Singular Curves . . . . . . . . . . . . . . . . . . . . . . . . . 4.3. Divisors on Algebraic Curves . . . . . . . . . . . . . . . . . . . . 4.4. The Riemann-Roch Theorem . . . . . . . . . . . . . . . . . . . . 4.5. Hurwitz and Plucker Genus Formulas . . . . . . . . . . . . . . .. 4.6. Special Divisors . . . . . . . . . . . . . . . . . . . . . . . . . . .. Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
71 71 77 80 85 93 96 98
Chapter 5
Curves over a Finite Field 5.1. Rational Points and Divisors . . . . . . . . . . . . . . . . . . . .. 5.2. The Zeta-Function of a Curve . . . . . . . . . . . . . . . . . . . . 5.3. L-Functions of Artin . . . . . . . . . . . . . . . . . . . . . . . . . 5.4. Algebraic Function Fields . . . . . . . . . . . . . . . . . . . . . . Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
103 105 111 120 130 139
Chapter 6
Counting Points on Curves over Finite Fields 6.1. The Number of Rational Points on a Curve . . . . . . . . . . . .. 6.2. Character Sums . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.3. Asymptotics .. . . . . . . . . . . . . . . . . . . . . . . . . . . .. Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
143 143 147 157 170
III. Elliptic and Modular Curves Chapter 7
Elliptic Curves 7.1. The Group Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2. Thej-Invariant . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3. Isogenies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. 7.4. Elliptic Curves over Finite Fields . . . . . . . . . . . . . . . . . . 7.5. Elliptic Functions ... . . . . . . . . . . . . . . . . . . . . . . .. Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
175 175 178 180 184 186 190
Chapter 8
Classical Modular Curves 193 8.1. Congruence Subgroups . . . . . . . . . . . . . . . . . . . . . . .. 193 8.2. The Curves X(N), Xo(N), and Xl (N) . . . . . . . . . . . . . . .. 195
xi
Contents
8.3. Hecke Operators . . . . . . 8.4. The Peters son Inner Product Exercises Chapter 9 Reductions of Modular Curves 9.1. Reductions and Moduli Spaces . . . . . . . . . 9.2. The Igusa Theorem . . . . . . . . . . . . . . . . 9.3. The Eichler-Shimura Congruence Relation . . . . . . ...... . 9.4. The Eichler-Selberg Trace Formula Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
199 212 215 219 219 224 231 236 239
IV. Geometric Goppa Codes Chapter 10 Constructions and Properties 10.1. L -Construction 10.2. O-Construction ... 10.3. Parameters . . . . . . . . 10.4. Duality and Spectra Exercises
243 243 245 248 251 254
Chapter 11 Examples 11.1. Codes of Small Genera 11.2. Elliptic and Hermitian Codes 11.3. Codes on Fiber Products . . . . . . . 11.4. Codes on Classical Modular Curves 11.5. Codes on Artin-Schreier Coverings . 11.6. Codes on Trace-Norm Curves Exercises
257 257 261 267 274 276 284 287
Chapter 12 Decoding Geometric Goppa Codes 12.1. The Decoding Problem . . . . . . . . . . . . . . . . . . . 12.2. The Basic and Modified Algorithms . . . . . . . . . . . 12.3. An Improvement of the Modified Algorithm . 12.4. Majority Voting for Unknown Syndromes 12.5. Faster Decoding . . . . . . . . . . . . Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
289 289 292 301 306 309 310
xii
Contents
Chapter 13
Bounds
315
13.1. Asymptotic Bounds . . . . . . . . . . . . . . . . . . . . . . . . .. 13.2. Constructive Bounds . . . . . . . . . . . . . . . . . . . . . . . . . 13.3. Other Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
315 316 319 321
Bibliography
323
List of Notations
335
Index
343
Codes on Algebraic Curves
Part I
Error-Correcting Codes Part I is an introduction to coding theory. It discusses basic concepts of the theory, considers the most interesting examples and constructions of some families of linear codes, and studies asymptotic bounds for parameters of the codes. The reader with only a minimal background in mathematics can get an idea of the character and direction of the subject.
Chapter 1
Codes and Their Parameters In this chapter the basic notions of the theory of error-correcting codes are introduced: the Hamming distance, parameters of codes, linear codes, encoding and decoding procedures, spectrum and duality, the Mac Williams identity and Krawtchouk polynomials.
1.1. INTRODUCTION Let F be a finite set of cardinality q = IFI, which we call an alphabet. The cartesian product F n = F x ... x F of n copies of the set F can be provided with the structure of a metric space if only we introduce the Hamming distance d (x ,y) between x = (XI, ... ,xn ) andy = (YI,'" ,Yn) fromF n as the number of coordinates in which X and y differ:
d(x,y) = #{i 11:::; i:::; n,Xi =/= Yi}' Each non-empty subset C 0, any given p, 0 < p < 1/2, and any positive R less than the capacity there is a code with information rate at least R, for which the probability of incorrect decoding ofa received word is less than e. The"good" code promised by the theorem will have very large word length n. If the symbolerror probability p satisfies the condition p < p' = t / n, then such code will correct t errors. Therefore, a "good" code is an [n,k,d]q-code with large nand R, and 8 as large as possible.
1.2.
FINITE FIELDS
A considerable part of the most interesting constructions in the theory of errorcorrecting codes is based on the use of finite fields. This section is a brief introduction to the basic facts of the theory of finite fields (for more detailed treatment of the subject we refer the reader to Lidl, Niederreiter [114], Schmidt [159] and Stepanov [187]). A fin ite field is a field consisting of a finite number of elements. At first we consider the simplest example of such fields. The ring of integers Z is a principal ideal domain, and any maximal ideal of Z has the form (P) for p a prime number. The residue class ring Z/ (P) is a field with p elements. This field is called a prime finite field and is denoted by Fp. Let F be a finite extension of Fp. Then, under the field operations in F, the field F is a finite dimensional vector space over Fp. The dimension v of F over Fp is called the degree of the extension F over Fp and is denoted by v = [F : Fp]. Let { WI , ... , wv} be a basis of the vector space F over Fp. Then any element x of F can be uniquely written in the form X=XIWI
+, .. +xvwv
with Xi E Fp for I ~ i ~ v. It follows that F is a finite field consisting of q = pV elements. Suppose that F is an arbitrary field and I is the identity element of F. The characteristic of the field F (notation: char F) is the smallest positive integer p (provided that it exists) such that p' I = O. If such an integer does not exist, then we say that the characteristic of F is zero. Clearly, if the characteristic p of the field F is not equal to zero, then p is a prime number. If Fq is a finite field with q elements then we have q . I = 0, hence the characteristic of Fq is a prime divisor ofq.
Proposition 1.1. Let F be a finite field. Then F consists ofpV elements, where p is the characteristic ofF.
6
Chapter 1
Proof: Let 1 be the identity element of F. Since F has a finite number of elements, say q, the characteristic of F is a prime number dividing q. The field F contains a subfie1d consisting of elements 1,2, ... ,p , which is isomorphic to Fp. Since F; has p elements, F has pV elements, where v = [F : F;] is the degree ofF over F;. •
F;
Proposition 1.2. Let x, y be arbitrary elements ofafinite field Fq ofcharacteristic p. Then
Proof: By the binomial theorem we have
and since p divides
(~)
for 1 ::; i ::; p - 1 then
•
This proves the proposition.
There is an easy way to construct explicitly a finite field Fq with q = P v elements for any integer v> 1 and any prime p. Let Fp[u] be the ring of polynomials in u with coefficients from Fp. The ring Fp[u] is a principal ideal domain and any maximal ideal ofFp[u] has the form (f) forf an irreducible polynomial inFp[u]. If f is a monic (with leading coefficient 1) irreducible polynomial in Fp [u] of degree v (such polynomials exist for any p and v ~ 1; see below), the finite field Fq with q = pV elements can be viewed as the residue class ring Fp[u]/(f(u)). Elements of Fp[u]/(f(u)) are residue classes ofthe form r(u) +f(u)Fp[u] with representatives
If 8 is the residue class containing the polynomial u thenf( 8) = 0 in Fp [ull (f(u)), and any element x E Fq can be written uniquely as a linear combination x
=
Xo +Xl 8
+ ... +Xv-l 8 v - 1
of elements 1,8, ... , 8v - 1 with coefficients Xi E Fp. It follows that the set {1, 8, ... , 8 v - 1 } form a basis of Fq over Fp, and Fq is a finite extension of Fp of the form Fq = Fp( 8). Theorem 1.3. For any positive integer v there exists at least one monic irreducible polynomialf E Fp[u] ofdegree v.
Codes and Their Parameters
7
Proof: Let g be a monic polynomial of degree v in the ring Fp[u]. We set N(g) = pV and call N(g) the norm of the polynomial g. It is clear that N(g· h) = N(g) ·N(h) for any two monic polynomials g and h. Now we introduce into consideration the zeta-Junction of the ring Fp[u]: ~(s)
= TI(1-N(J)-s)-I, f
where s = a + it is a complex variable with a = Res> 1 and the product is taken over all monic irreducible polynomials f E Fp [u]. In view of the uniqueness of factorization into irreducibles, we have
TI(1 + L
00
~(s) =
f
N(J)-ms) = 1 + LN(g)-S,
m=1
g
where the sum on the right-hand side is over all monic polynomials g in Fp [u] of positive degree, and then
'"
~(s) = 1 + L ( L
N(g)-S).
n=1 degg=n
Since there are exactly pn monic polynomials g E Fp[u] of degree n, the last relation gives ~(s)
'" = 1 + LP(1-s)n = (1- pl-S)-I. n=1
Let I ( v) denote the number of monic irreducible polynomials f E Fp [u] of degree v. From the definition of the function ~(s) we have ~(s)=
'" TI(I_p-VS)-I(v) v=1
and hence
'" TI(1_p-vS)-I(v) = (l_pl-S)-I. v=1
Taking logarithms, we obtain the equality
'" L I(v) log(l - p-VS) = log(l _ pl-S), v=1
which can be written as
'"
'"
1
"'pn
~/(v) '"1:1 mpmvs = ~ npns·
8
Chapter 1
Comparing the coefficients ofp-ns on both sides of this equality, we find that LvI(v) =pn,
vln whence, from the Mobius inversion formula, we obtain I(v)
= 2. LJL(m)pv/m, v mlv
where JL (m) is the Mobius function defined as I
,,(m) = { (-It
o
ifm = 1 if m = PI ... Pr is the product of distinct primes if m is divisible by the square of a prime
The sum LJL(m)pv/m mlv
is positive for any p and v ::::: 1, hence I ( v) ::::: 1 for any positive integer v.
•
Corollary 1.4. For any prime p and any positive integer v there exists a finite field Fq with q = pV elements.
Algebraic Structure Now we study the algebraic structure of finite fields. Theorem 1.5. If the finite field Fq has q the equation x q - x = o.
= pV elements then every x
E Fq satisfies
Proof: The statement is trivial for x = O. The non-zero elements of Fq form a group under multiplication of order q - 1, hence x q - I = 1 for any 0 =I x E F q . Multiplying this relation by x we obtain x q = x. This completes the proof. • Corollary 1.6. If Fq is a finite field with q elements then the polynomial u q - u E Fq[ulfactors in Fq[u] as uq - u = (u - x).
IT
xEFq
Proof: By Theorem 1.5 the polyr.omial uq - u splits completely in F q . However, it cannot split in any smaller field for that field would have all the roots of this polynomial and so would have at least q elements. Thus Fq is the splitting field of u q - u. This finishes the proof. • Since any two splitting fields of a given polynomial are isomorphic we obtain the following result:
Codes and Their Parameters
9
Corollary 1.7. Any two finite fields having the same number of elements are
isomorphic. The order of a non-zero element x E Fq is the least positive integer n such that We note that if x is an element of order n, then the equality xl = xm is equivalent to I == m mod (n ). In particular, we see that the order of every non-zero element of the field Fq is a divisor of q - 1. Let us show that every finite field Fq contains at least one element TJ of order q - 1. Such an element is called a primitive element of Fq , and the existence of a primitive element implies that the multiplicative group F; = Fq \ {O} ofthe field Fq is a cyclic group of order q - 1.
xn
= 1.
Theorem 1.8 (the Gauss theorem). The finite field Fq with q = pV elements
contains cp( q - 1) primitive elements, where cp is the Euler phi-function.
Proof: Let n be a divisor of q -1, and tfJ(n) the number of elements inFq of order n. Let us assume that tfJ(n) > 0, i.e., that there exists at least one element x E Fq of order n. The powers 1,x, ... ,xn- 1 of the element x are different and satisfy the polynomial equation un - 1 = O. Since the number of roots of a non-zero polynomial does not exceed its degree, these powers exhaust all the roots of the polynomial un - 1. Hence, every element of order n has the form xm for some
m=O,l, ... ,n-1. If (m, n) = d > 1, then the element xm is of the order n / d, which is strictly smaller than n. Now if (m,n) = 1 and if xlm = 1 for a certain positive integer 1< n, then we have 1m == 0 mod (n), which is impossible. Thus, the elementx m has order n if and only if (m,n) = 1, and therefore tfJ(n) = cp(n). Now we use the obvious equality
L
tfJ(n) = q - 1
nlq-l
and the well-known equality
L
cp(n)=q-1
nlq-l
for the Euler phi-function cp(n). We have
L
(cp(n)-tfJ(n)) =0
nlq-l
and therefore tfJ(n) = cp(n) for any n I q - 1. In particular, for n = q - 1 we obtain • the equality tfJ (q - 1) = cp (q - 1), which proves the theorem.
10
Chapter 1
Automorphisms Letf be a monic irreducible polynomial of degree v ~ 1 in Fp[u]. Consider the finite field Fq = Fp[u]/(f(u)). Denote by 0 the residue class in Fp[u] containing the polynomial u, and observe thatf( 0) = O. Raising both sides of this equality to the power p, and using Proposition 1.2 and Theorem 1.5, we find thatf( oP) = O. Repeating this process several times, we see that the elements oP, ... , oP v - 1 are also the roots of the polynomialf(u). Let us show that 0,oP, ... ,oP V - 1 are distinct. Suppose that 1} is a primitive element of the field Fq and 1} = Xo + XI 0 + ... + Xv_Io v- 1 with~i E~p"'. Ifw~ ass~e.that.oPm ~ oP~ forO::; m < n::; v-I, then we get the equahty ~ = ~ ,WhICh lmphes ~ -p = 1. We have I ::; pn _pm < q - 1, and arrive at a contradiction with the definition of the element 1}. Thus, the irreducible polynomial f E Fp [u] has in the field Fq, with q = P v , the factorization v-I
f(u) =
II (u -
oP\
i=1
It follows that the map l}f--+ lJP
induces the automorphism
a: Fq ---+ Fq of the field Fq acting on elements
by the rule
a(x) =xo+xllJP+···+Xv_IO(v-l)p =xP
and leaving the field Fp fixed. The automorphism a is known as the Frobenius automorphism of the field Fq. Theorem 1.9. The Galois groupofafinitefieldFq with q = pV elements is a cyclic group oforder v. Proof: Let a be the Frobenius automorphism of the field F q . Its powers I, a, ... , a v - 1 are also the automorphisms of the field Fq acting on elements X E Fq by the rule
ai(x) =x/. Since a i ( 0) =f: a k ( 0) for 0 ::; i < k ::; v-I, these automorphisms are distinct and exhaust all possible automorphisms of Fq (which cannot be greater in number than v).
..
Codes and Their Parameters
11
Let Gp, be the Galois group of the finite field FpJJ. and Gil be the Galois group of the field Fpv. The field FpJJ. is a subfield of Fpv if and only if Gp, is a subgroup of Gil' Taking into account the cyclicity of the groups Gp, and Gil we get the following result:
Corollary 1.10. The field FpJJ. is a subfield ofthe field Fpv if and only if IL divides v. If u is the Frobenius automorphism of the field Fq with q = pll elements, we define the norm of an element x E Fq as
normll(x)
11-1
11-1
i=O
i=O
= Il ui(x) = Il Xpi.
In a similar way we define the trace of x as
trll(X)
11-1
11-1
i=O
i=O
= Lui(x)= Lx/.
The norm and trace are homomorphisms of multiplicative and additive groups of the field Fq to multiplicative and additive groups of the field Fp, respectively. The following result is a special case of the Hilbert theorem 90:
Theorem 1.11. Let Fq be afinitefieldwith q = pll elements. Then
(i) the norm ofx E Fq is equal to 1 if and only if there exists a non-zero element y E Fq such that x = y /yP; (ii) the trace ofx E Fq is equal to 0 if and only if there exists an element z E Fq such that x = z -zp. Proof: (i) Let e be a generator of Fq over Fp, so that Fq = Fp( e). For every i = 0, I, ... , v-I and every non-zero x E Fq consider the Lagrange-Hilbert
resolvent R(x, e i ) = e i +xe ip + ... +xl+p+·+pV - 2 eipV - l • Since the Vandermonde determinant det
(e ipk )
0$i,k::;I1-1
is not zero, at least one of the elements R(x, ei ), 0 ::; i ::; v-I, differs from zero. Suppose it is the element
y=a+xC#+···+x 1+p+ ... +pv-2 C# v-l
12
Chapter 1
with a
= ei . Ifwe assume that nonnv(x) = 1, then we obtain xyi'=xaP+x 1+PaP2 +···+x 1+P+ '" +Pv-2 aP v-J +a=y
and hence x = y/yp. Conversely, if x = y/yP, then clearly nonnv(x) = 1. (ii) Since det ( eipk )
i= 0,
at least one of elements tr v(1 ), tr v( e), ... ,tr v( ev- I) differs from zero. Let trv(f3) i= 0 for f3 = (Ji, and set z
= (tr v (f3))-1 (xf3P + (x +XP)f3P2 + ... + (x +xP + ... +xPV - 2)f3PV-l).
If we assume that trv(x) = 0, then we get x = z -zp. Conversely, if x = z - zP, then obviously tr v (x) = o. • We also have the following useful result: Theorem 1.12. Let Fq be a finite field with q = pV elements, Fqn an extension of Fq, andf(u) a non-zero polynomialin Fq[u]:
(i)
If a E Fqn
is a root of the polynomial f( u), then so is a q;
(ii) Let g(u) be a monic polynomial in Fqn[u], and assume that g(f3q) every root f3 ofg(u). Then g(u) E Fq[u].
= Ofor
Proof: (i) Iff(u) = L.aiui, it follows from Proposition 1.2 and Theorem 1.5 that
if(uW Hencef(a)
= Laju iq = Lai(U q(
= 0 impliesf(aq ) = O.
(ii) In a suitable extension the polynomial g(u) = L.k=1 bkUk splits into linear factors, say g( u) = (u - f3d ... (u - f3s). Since g(f3f) = 0 for any i = 1,2, ... ,s, we have s
g(u) = (u-f3i)··.(u-f31) = "'ib%u k . k=1 Hence bZ = bk for 1 :s; k :s; s, and bk E Fq, by Theorem 1.5.
•
Codes and Their Parameters
13
Algebraic Closure Let us consider the sequence of finite fields
and set
co
Fp= UFpn!. n=!
The set Fp is a field. Indeed, for any x,y E Fp there exists an integer n such that x ,y E Fpn! , hence we can determine the sum x +y and the product xy of elements x and y. Next, every polynomial g E Fp [u 1has coefficients in some field Fpm, and iff is its irreducible factor in Fprn [u l, say of degree v, then all roots off lie in the field Fpmv which is a subfield of Fpn! for a sufficiently large n. Therefore, the roots of the polynomialf lie in Fp, and hence Fp is an algebraically closed field. The field F p is called an algebraic closure of the prime finite field Fp. Now we sum up our discussion of finite fields as follows: Theorem 1.13. For each prime p and each integer v ~ 1 there exists a finite field Fq with q = pV elements, uniquely determined as a subfield ofan algebraic closure Fp. Thefield Fq is the splittingfield of the polynomial
and its elements are the roots of uq - u. Every finite field is isomorphic to exactly onefield F q. The group of autom orph isms ofthefield Fq with q = pV elements is cyclic of order v, and the multiplicative group F; of the field Fq is a cyclic group of order q - 1.
1.3.
LINEAR CODES
Both for the construction of good codes and for the design of algorithms realizing coding and decoding procedures, the notion of a code over an arbitrary alphabet is very poor in algebraic and arithmetical structure. It is possible to enrich this structure by introducing the notion of a linear code. Now let F = Fq be a finite field of characteristic p with q = pV elements. In this case F; forms a linear metric space over Fq called a Hamming space. A q-ary linear code C of length n is a linear subspace of the linear metric space F;. The integer Ilxll = #{ill :::; i:::; n,xi7i O}
14
Chapter 1
is called the weight of the element x C we have k = dimC and d
= (Xl, ... ,Xn ) E F;.
= min{llxlll X
Forlinear [n,k,d]q-code
E C,x::l O}.
Any choice of basis in C yields an embedding
y:
F; '-+F;.
The matrix G of this map is called a generator matrix of the code C. The map )' is included into a short exact sequence
(i.e., )' is an embedding, T/ is a sUIjection, and KerT/ = 1m )'). The matrix G has as its rows k basis vectors of C, hence
so that encoding is multiplication by G. The matrix H of the map T/ is called a parity-check matrix of the code C. The code C is given by C = {x E F; IH . X T = O} where T denotes the transposition. According to our definition H has n columns and (n - k) linearly independent rows. Sometimes, by abuse of language, any matrix H' such that H' . x T = 0 only for x E C is also called a parity-check matrix. Each such H' has r ~ n - k rows, only (n - k) of which are independent. It is clear that H . G T = O. Let A be defined as a subgroup in the group of linear automorphisms of F; generated by transpositions of coordinates and by mUltiplications of ith coordinate by elements ofF; = Fq \ {O}. The group A acts on subsets of F; and two codes C and C' are called equivalent if and only if C' = a . C for some a E A. The subgroup Aut C ~ A, consisting of elements preserving C, is called the automorphism group of the code C. It is natural to consider codes up to equivalence, so that in many cases speaking of a code we mean rather its equivalence class. The choice of generator matrix G corresponds to choice of basis (el,"" ek) in the k-dimensionallinear space The group
F;.
GLk(Fq) = {A is k x k matrix over Fq I detA::I O}
acts on the set of such bases, and two matrices G and G' define the same code C if and only ifG' =A· G for some A E GLk(Fq). At last we mention a decoding method that is sometimes used in practice. For high rate codes it is fairly effective. The method is known as syndrome decoding.
Codes and Their Parameters
15
For any x E F; the syndrome is defined as H . x'T. For a code-word the syndrome is O. A received vector x' with errors in it can be written as x' = x + e, where x is the transmitted word and e is known as the error-vector. If we pick a certain error-vector e and add it to all the code-words, the result is a coset of C in and all words in this coset have the same syndrome, namely H . e'T. This means that any vector in a coset is a candidate for the error-vector of a word in the same coset. By maximum likelihood decoding we should choo~ this vector so that it has minimum weight. Decoding now goes as follows. For each coset of C we pick a member of minimal weight (often this member is unique). This is called the coset leader. We make a list ofthese coset leaders and their syndromes. When x' is received, the syndrome is calculated, the leader is found by the table examination and x' is decoded by subtracting the leader from x'. From now on we shall focus primarily on linear codes.
F;
1.4.
SPECTRUM AND DUALITY
An important invariant of a code is its weight enumerator or spectrum. We are going to study spectra oflinear codes. Let C be a linear [n,k,d]q-code. Define Ai = Ai(C) as the number of code vectors of weight i in C. Of course, Ai :::=: 0 for 0 :::; i :::; n, Ai = 0 for 0 < i < d, and
The weight enumerator is a homogeneous polynomial
Wc(u: v)
n
= 'LAiUn-ivi =
'L un-lIxllvllxll. xEC
i=O
Sometimes non-homogeneous coordinates are more convenient, then we consider polynomials
Wc(u)
n
n
= 'LAiUn-i
and
Wc(v) = 'LAiVi. i=O
i=O
We haveAo = I,AI = ... =Ad-I = O,Ad :::=: I and hence
n-d
i W.C ( u: v ) = u n +vd "A £..J d+iU n-d-i V.
i=O
Since in many cases we do not know the precise value of d but have only some lower bound for it, the following form is rather convenient. Let s be some integer
16
Chapter 1
such that s 2: n - d. Then s
Wc(u)
= un + LAn-iui. i=O
For a linear [n,k,d]q-code C the dual code Cl. is defined as
Cl.
= {x E F; Ix,y = 0 foreachy E C},
where X· Y = I7=oXiYi is the inner product of vectors x = (XI, ... ,xn) and y = (YI,'" ,yn). Clearly Cl. is an [n,n - k,dl.]q-code. A generator matrix of the code C is a parity-check matrix of the dual code Cl. and vice versa. The dual distance dl. depends on the equivalence class of the code C (and not only its parameters n, k, and d). The distance dl. can be calculated if we know the enumerator Wc(u : v). Moreover, there is the following relation between the spectrum of a code and that of the dual one:
WC-L (u: v) = q-kWc(u + (q -l)v: u - v). To prove this identity, we recall first of all that an additive character of a field Fq, q = pV, is defined as a homomorphism 1/1 from the additive group of Fq to multiplicative group Up ofp-roots of 1. Iftr(x) = x +xp + ... +xpv - 1 denotes the trace of an element x E Fq in its prime subfield Fp, then each additive character 1/1 of Fq has the form
I/I(x)
= I/Ia(X) = exp(27Titr(ax)/p)
for some a E Fq (see below, Section 5.3). It is easy to see that 1/1 (x +y)
~
"
L.F
xE q
a
= I/I(x)I/I(Y),
(x) = {O for a =I 0 q for a = 0
(1.1)
and that the group of additive characters of Fq is isomorphic to Fq. The character t/Io (x) == 1 is called trivial one. For x,y E F; and for a non-trivial additive character 1/1 of Fq define an additive
character
I/Ix (y) = I/Iy(x) = I/I(x· y) Let A be an arbitrary Z[Up]-module. For a functionj: F; ---+ A the Hadamard transjormj(x) is defined as j(x) = L I/Ix(y)f(y). YEF~
Codes and Their Parameters
17
Lemma 1.14. For any linear subspace e
L iCY) = yEC.l
~
I
-lei
F; we have ~
Li(x) xEC
Proof: We have
L](x) = L L tfJxCY)fCY) = L iCY) L l/Iy(x) + L iCY) L tfJy(x). xEC YEF~ xEC yEC.l xEC y(tC.l xEC IfY E
e.l then x .Y = 0 for all x E e and hence L l/Iy(x) = L tfJ(O) = xEC xEC
IfY ~ e.l we can find such x' E
IC!·
e that l/Iy (x') i= 1.
l/Iy(X') L l/Iy(x) xEC
=L
xEC
l/Iy(x' +x)
Then
=L
xEC
tfJy(x)
and therefore
L tfJy(x) = O. xEC
•
This completes the proof.
Corollary 1.15. For each linear subspace e
~
F;
Theorem 1.16 (the MacWilliams identity).
WC.l(u: v) = q-kWc(u+ (q -I)v: u -v). Proof: Let l. Then either C is a trivial [n, n/2,2]q-code and Wc(u: v) = ((q -1)u 2 +v2)n/2, or (q,t) = (2,2),(2,4),(3,3),(4,2).
EXERCISES 1.1. Use induction on n and v to prove that in a field of prime characteristic p one holds: (
n
La;
i=1
)P = La;". n V
i=1
Codes and Their Parameters
21
l.2. Let Fq be a finite field with q elements andf E Fq[u] an irreducible polynomial of degreem 2': l. Provethatf(u) divides
if and only if m divides n. 1.3. Let Fq be a prime finite field with q elements. In the ring Fq [u], prove that
uq" - u = TITIfm(u), minIm where the inner product is taken over all irreducible monic polynomials of degree m. If I(m) is the number of irreducible monic polynomials in Fq[u] of degree m 2': I, deduce that
I(m) =
~ L p,(d)qm/d. mdlm
104. Let p be a prime number andf E Fp[u] an irreducible polynomial of degree m 2': l. In the ring Fq[u], where q = pV, prove thatf(u) splits into d = (m, v) irreducible factors each of which has degree mid. l.5. LetH be a parity-check matrix ofa linear [n,k,d]q-code C. Show that any (d -I) columns of H are linearly independent (as vectors in F;-k) and there exists d linearly dependent columns. Deduce from this fact the validity of the inequality
d:Sn-k+l. l.6. Let V, W be linear spaces over a finite field Fq. An [n,k,d]q-system is an ordered finite family P = {PI, ... ,Pn } of points Pi E V such that P does not lie in a hyperplane. The parameters of the system P are defined as
where maximum being taken over all hyperplanes H c V. Two [n,k,d]q-systems P and pI in V and V' respectively are called equivalent if and only if there is an isomorphism V ~ V' mapping P isomorphically onto P'. A dual [n,k,d]-system is a finite ordered family p.l of points of a linear space W which does not lie in hyperplane. The parameters are defined in the following way: n = Ip.ll, k = n - dim W, d is the minimum number of linearly dependent vectors in p.l. Prove the validity of the following assertions: (a) There is a one-to-one correspondence between the set of equivalence classes of [n,k,d]q-systems and the set of linear [n,k,d]q-codes. (Hint: Consider the space V* of linear forms L on V and injective map 4> : V* -+ F; defined by 4>(L) = (4)1 (L), ... , 4>n(L )), 4>i(L) = L(Pi). Then put C = 1m 4>.) (b) There is a one-to-one correspondence between the set of equivalence classes of dual [n,k,d)q-systems and the set oflinear [n,k,dJq-codes.
22
Chapter 1
(c) If C is a linear [n, k, 2: d]q-code and the minimum distance of the dual code C-L is at least d-L, then n-d
Wc(u)=u n + LBi(u-l/, i=O
where for 0:::; i :::; d-L - 1
and for d-L :::; i :::; n - d
max
{o, (~) (l-i - I) } :::;
Bi :::;
(~) (qmin{n-d-i+l,k-dl.+l} -
1).
(Hint: Check the following interpretation of Bi in terms of [n, k, d]q-systems. Let P = {PI"" ,Pn } be an [n,k,d]q-system of points Pi E V. By Hi denote the hyperplane in V' corresponding to Pi, and for :R and R > such a sequence of codes Ci is called asymptotically good (or simply good). A description of the set Uq is provided by the following theorem of Manin [119] (see also [1] and [208, p. 68] and Exercises 2.8-2.10): there exists a continuous function CXq ( 8) such that
Uq
= ((8,R) 10:::; 8:::; 1 and 0 :::; R:::; cxq (8)}; 25
26
Chapter 2
moreover aq(O) = 1, cyq(8) = Ofor (q -l)/q:::; 8:::; 1, and cyq(8) is decreasing in the interval 0:::; 8:::; (q -l)/q. Note that the function aq(8) has the form CYq (8)
= sup{R I(8,R) E Uq }
and tells us something about the information rate of long [n,k,d]q-codes with din = 8. Ifwe restrict ourselves to consideration of only linear [n,k,d]q-codes then we can define in the same way the sets VJin and u!in (taking into account only points (8,R) associated to linear q-ary codes). In this case there exists a continuous function cy~n(lj) such that
u!in =
{(8,R) /0:::; 8:::; 1 and 0 :::; R:::; cy~n(8)}.
It is clear that cy~n(8):::; CYq (8).
The study of functions CYq ( 8) and cy~n (8) is one of the central problems of the coding theory. At the present time we know only a few of the simplest facts concerning the structure of these functions. So, we are unable to solve even the following problems:
Problem l Are the functions CYq(8) and cy~n (8) differentiable in the interval (0, (q -l)/q)? Problem Il Are these functions convex? Problem III Is it true that cy~n (8) = aq (8), or not? Therefore we are constrained to search some upper and lower bounds for the functions CYq ( 8) and cy~n(8) as close to each other as possible. For the set of all [n,k,d]q-codes overFq we define the functionAq(n,d) by
Aq(n,d) = max {l/there exists an
[n,k,d]q - code}.
A code C that attains this bound is called optimal. If we restrict ourselves to consideration of only linear codes we can define in the same way the function A~n(n,d)
2.1.
= max {l/there exists a linear [n,k,d]q -
UPPER BOUNDS
In the first place we prove the following result: Theorem 2.1 (the Singleton bound). An [n,k,d]q-code has
k:::;n-d+l.
code}.
27
Bounds on Codes
Proof: If C is a code with minimum distance d, then deleting the last d - 1 coordinates of each word in C yields a code C' of length n - d + 1 in which all • the words are still different. Hence Aq (n, d) ::; qn-d+ J , or k ::; n - d + 1. Corollary 2.2 (the asymptotic Singleton bound).
a q (8) ::; 1- 8. In the next statement linearity is essential: Theorem 2.3 (the Griesmer bound). For a linear [n,k,d]q-code we have
r--:-d 1 n>2: - ;=0 ql k-J
Proof: Consider the corresponding projective system P Exercise 1.7). Let IPnHol =maxlPnHI =n-d.
C lP*-1 = J1D(V) (see
H
Set JP>' = Ho and P' = P n Ho C JP>'. This is a projective [n', k', d']q-system, where n' = n - d, k' = k - 1. Let H' be a hyperplane of dimension k - 3 in JP>' such that IP' n H' I = n' - d'. There are (q + 1) hyperplanes H;, 1 ::; i ::; q + 1, in lP*-1 passing throughH', and IPnH;i::; n -d. Therefore (since V = UiHi andH' = niHi)
(q + l)(n -d) ~
q+l
2: IPnH;I = IPn VI +q IPnH'1 = n +q(n -d -d'),
i=O
and hence d' ~ I~l Iterating this operation k times we get an [n(k) ,O,d(k)]qsystem with
n(k) = n -d -d' - ... ::; n -
2: rid 1.
k-J
i=O
q
The condition n(k) ~ 0 proves the theorem. Corollary 2.4 (the asymptotic Griesmer bound).
a lin (8) < 1- -q-8. q q-l The following bounds are true for arbitrary [n,k,d}q-codes. Theorem 2.5 (the Plotkin bound). For an [n,k,d]q-code C we have d < nl(q -1).
-
(qk-l)q
•
28
Chapter 2
Proof: Let C C F; be an [n,k,d]q-code of cardinality M = qk. The minimum distance d cannot exceed the average pairwise distance between the elements of C:
d Set mij
= I{x = (XI,'"
~ M(~ -1) L
,xn ) E
XJ'EC
ClXi
d(x,y)
=j}1 and note that
L mij =M
jEFq
for every i = 1,2, ... ,no Let SjI be the Kronecker symbol. Then we find (using Cauchy--Schwartz inequality)
M(M -1)d ~
L
n
d(x,y) =
XJ'EC
L L
(1- SxiyJ
i=lxJ'EC
=n q - 1M2. q This completes the proof. Corollary 2.6 (the asymptotic Plotkin bound). We have
and
CXq(S)~Rp(8)=1-~18 q-
for
•
q-l 0e>O.
q
Tending e ---+ 0 and choosing the largest w
q-
~
1 with this property, i.e.,
we obtain the desired result.
2.2.
•
THE LINEAR PROGRAMMING BOUND
Many ofthe best upper bounds for Aq (n, d) known at present are based on a method which was developed by Delsarte in 1973. The idea is to derive inequalities that have close connections to the MacWilliams identity and then to use linear programming techniques to analyze these inequalities.
Bounds on Codes
33
Let C be a linear [n,k,d]q-code. By Theorem 1.16 we know that Wc~(u: v) =q-kWc(u+(q-l)v: u-v)
or, in terms of coefficients: n
Af = q-k LAjPiV), j=O
where Pi(u) is the Krawtchoukpolynomial defined as
Pi (u) =
~) -1 Y(q -
j=O
l)i-J
(~) (~I =}~) }
(see Exercise 1.9). Note that
The generating function of polynomials Pi (u) is
(1 + (q - l)zY-U(I-zY = LPi(U)zi. i=O
Since Af are the coefficients of Wc~ (u : v) they are non-negative integers, i.e., for anyj= 1,2, ... ,n n
LAiPj(i) ~
o.
i=O
We want to give an upper bound for n
l= 1+ LA i , i=d
i.e., to solve the following linear programming problem: M = 1+
n
L Zi -+ max,
i=d
iPj(i)Zi ~ 0 (}~) (q -IY + i=d
for
15:) 5: n,
0
for
d 5: i 5: n.
Zi ~
If (Xd, ... ,xn) is a solution of this problem, then n
Aq(n,d) 5: 1+ LXi. i=d
(2.4)
34
Chapter 2
Solving the dual problem and using simplest properties of the polynomials P; (x) (see Exercise 2.11) we obtain the following statement (see [115, §5.3) and [118, Ch. 17, §4]):
Theorem 2.15 (the linear programming bound). For a given set ofnon-negative real numbers al,··· ,an such that 1+
n
L a;P;(j) ~ 0,
d ~j ~ n,
;=1
and for any [n, k, dJq -code C we have
In other words,
if
n
f(x) = 1 + L a;P;(x) ;=1
is a polynomial of degree n with non-negative real a;, 1 ~ i
f(j)
~
n, such that
~ 0,
then Aq(n,d) ~f(O). The advantage of Theorem 2.15 is that any polynomial f(x) satisfying the conditions of the theorem yields a bound for A(n,d) whereas in the above mentioned inequality one has to find the optimal solution ofthe corresponding system. Note that this result can be sharpened if we apply the linear programming method to the constant-weight (spherical) codes and then use Lemma 2.11. The linear programming bound can also be used to get asymptotic upper bounds, but one has to apply a rather subtle technique which does not fit into the frames of this book. We restrict ourselves to the formulation of corresponding results (see [118, Ch. 17, §7) and also [112, 1l3]):
Theorem 2.16 (the McElice-Rodemich-Ramsey-Welch bound).
a q(8)
~
R/p(8) = Hq (
(q-l)-8(q-2)-2 J (q-l)8(1-8)) q
Linear programming applied to the constant-weight codes for q the following result:
.
= 2 leads to
Bounds on Codes
35
Theorem 2.17 (the second McElice-Rodemich-Ramsey-Welch bound).
where
Here we stop to discuss upper (i.e., possibility) bounds and pass to existence bounds.
2.3. LOWER BOUNDS Suppose C is a code of length .1'/ over Fq with minimum distance d and suppose that it is not possible to find a vector not in C that has distance at least d to all code-vectors in C. Then clearly
This simple argument is the proof of the following result: Theorem 2.18 (the Gilbert bound).
Corollary 2.19 (the asymptotic Gilbert bound).
Suppose now that we consider only linear codes in a result as good as Theorem 2.18:
F;. We claim that we find
Theorem 2.20 (the Gilbert-Varshamov bound). If qn-k+l>
d-l (
L
~ ) (q _1)i,
i=O
1
then there exists a linear [n,k,dlq-co~e over Fq. Proof: For k = 0 the assertion is trivial. Suppose the inequality holds for k - 1 and that we have a linear [n, k - 1, d]q-code C. By the proof of Theorem 2.18 there
36
Chapter 2
R / ~ - - - - -R p R
A~ / - - - - - -RBE
I
I
R- GV
q-l
2q Figure 2.1.
is a word x' E F; that has a distance at least d to all the words of C. If x E C and a E then
F;,
Ilx+ax' 11=11 a-1x+x' II=d(-a-1x,x') '2d. Hence C and x' span a linear [n,k,dlq-code C' with a minimum distance d . •
Corollary 2.21 (the asymptotic Gilbert-Varshamov bound).
The Gilbert-Varshamov bound has remarkable statistical properties. The following facts, which can be easily stated rigorously (see Exercise 2.5), are valid: (i) The parameters of almost all linear codes lie on the curve Rov( 8).
(ii) Let us "correct" each non-linear [n,k,dlq-code, by crossing out at most n-:zl qk code vectors. Then almost every code can be corrected so that the parameters of the resulting code lie on the curve Rov (8). Note that logq (qk / n) = k -logq n '" k, i.e., such correction does not change asymptotic parameters. The asymptotic Gilbert-Varshamov bound was not improved until recently. The algebraic-geometric bound that we shall find later on is
Bounds on Codes
37
where q ~ 49 and q is square (see Fig. 2.1 and Exercise 2.7). Note that the line
is higher than the curve
RGv(jj) = I-Hq(5)
in the interval (51,
en), where 51 and en are the roots of the equation
EXERCISES 0 ~ c5 ~ ~,
2.1. Prove that for din -+ c5,
lim .!.lolL
n-+oo n
""I
(f (~)(q_1)i) i=O
I
=Hq(c5).
(Hint: Use Stirling's formula.) 2.2. Let m and w
> 4 be integers. Let Cm be the binary code oflength n defined by
L iXi == m
n-I
mod(n)
}
.
i=1
Show that
nw - 1 A2(n,4,w)~-,-
w.
2.3. Show that
as
n-+ oo .
(~)A2(n,21) ~ 2nA2(n,21, w).
2.4. Check the following facts: (a) On the segment [0, (q -l)/q] the curveRGv(c5) is differentiable (of class COO) and convex;
(b) RGv(O) = 1, RGv«q - l)/q) equality
= 0 and for c5 -+ 0 there is the asymptotical
RGv(c5) = 1 +c51o~ c5+o(c51ogq c5).
In particular, the tangent at c5 = 0 is vertical; (c) For c5 -+ (q - 1)/q there is the asymptotical equality
-1) = 2(q-1) logq W +o(w).
q RGV ( -q--W
q2
2
2
The tangent at (q - 1) I q is horizontal and the tangent order is two.
38
Chapter 2
(d) Tangents to RGv( a) are of the fonn
Rt(a)
= 1- (lo~(l +q -1) -t) -ta,
Each Rt(a) is tangent toRGv(a) at the point
q-l
c50 = qt +q-l and
RGv(c50)=I+
tqt t l-logq(l+q-l). q +q-
2.5. Let G be a k x n matrix whose entries are chosen randomly fromFq , and let C be the code with generator matrix G. Show that if kjn is fixed and n -+ 00, then C meets the Gilbert-Varshamov bound with probability approaching 1. 2.6. Show that for q large enough the bound Rip ( a) is not convex and that for q = 2 the curve Rlp (2) (a) is lower than RBE( a). 2.7. Prove that the equation
Hq(a) - a = (y'q _1)-1
has two roots if and only if
2.8. Suppose that there exists a linear [n,k,d]q-code C. Prove that it is possible to construct a linear code with parameters [n + I, k, d]q, and if k ~ 1, n > d ~ 2 then also linear codes with parameters [n -I,k-l,d]q, [n -I,k,d -1]q, [n,k-l,d]q and [n,k,d -I]q. 2.9. State and prove the similar result for non-linear codes. (Hint: In this case (k - 1) is changed by logq(lqk-I J).) 2.10. Prove that the curve R = aq(a) is continuous on the segment [0,1]. Show that it satisfies the conditions Clq(O) = l,aq(a) = 0 for (q -1)jq ~ a ~ I and decreases on the segment [0, (q -1)jq]. (Hint: Use Exercises 2.8,2.9 and Corollary 2.6.) 2.11. Prove that Krawtchouk polynomials
have the following properties: (a)
Pi(U)=L]=O(-qy(q-l)i-J(~=j)0);
(b) Pi(U) =L]=o(-I
Yi/-J (n-;+j) (~=;);
(c) Pi(U) is polynomial of degree i in u, with leading coefficient (-q)iji! and constant tenn
(~) (q -
l)i;
Bounds on Codes
39
(d) Orthogonality relations:
Ita G) (q - I)' Pi (l)Pj(l)
= qn(q -
l)i (~) aij;
(e) (q-l)'G)Pi(l) = (q-l)iG)P,(i);
(t) Il=oPi(l)P,(j)
= qnaij;
(g) Recurrence:
(i + 1)Pi+ 1(u) = (( n - i) (q - 1) + i - qu )Pi (u) -(q-l)(n-i+l)Pi-l, Po = 1,Pl (u) ={q - l)n - qu; (h) Iff(u) is a polynomial of degree t and t
feu) =
I
aiPi(U),
i=O
then
n
ai
= q-n If(j)Pj(i). j=O
(2.5)
Chapter 3
Examples and Constructions We now tum to the problem of constructing linear codes. We present several examples, each of which is in fact a method to construct some family of linear codes having rather good parameters. A considerable part of these families are predecessors of geometric Goppa codes, therefore we treat the corresponding constructions in this way to demonstrate their close interconnection with the Goppa construction that will be described later on in Part IV.
3.1.
CODES OF GENUS ZERO
Recall that a code ofgenus zero (or anMDS-code) is an [n,k,d]q-code C such that k+d=n+l.
Trivial Codes For every n there are three simplest q-ary codes of genus zero which are naturally called trivial. These are: (i) [n,n, l]q-code Co = F~;
(ii) [n, n - 1, 2]q-code CI check code;
= { (XI, ..• ,xn ) E F~ I 2.7= I Xi = O}, called the parity-
(iii) tn, l,n]q-code C2 = {x =
(XI, .•.
,xI) E F~}, called the repetition code.
Now we pass to a more conceptual construction. 41
42
Chapter 3
Reed-Solomon Codes Let :P = {al, ... , an} ~ Fq be a subset of cardinality n. Consider a linear space L (m) of all polynomials in one variable of degree at most m with coefficients in Fq; its dimension over Fq is dimL(m) = m + l. For n > m a non-zero polynomial f(u) E L(m) cannot vanish at all points of:P. Moreover, it has at least (n - m) non-zero values at points of the set:P. Hence ifn > m, the evaluation map is injective and its image e is an [n,m + l,n - m]q-code called a Reed-Solomon code (RS-code) of degree m (traditionally the codes oflength n < q - 1 are called extended or shortened Reed-Solomon codes, but it is preferable for us to use the same name for all these codes). The parameters of such a code satisfy the condition k + d = n + 1, and k = m + 1 can be freely chosen between 1 and n. It may be noted that the Reed-Solomon codes form an embedded family: L (m) C L (m + 1). Unfortunately, length n ofa Reed-Solomon [n,k,d,]q-code e can not exceed q. Fix the basis {I, U, u 2 , ... , urn} in L (m ). In this basis the generator matrix G ofe is G=
(rJ) I
1:c;iS;n,OgS;rn
If:P = Fq or :P = F; it is easy to see that e..L is also a Reed-Solomon code with m..L = n - m - 2 and parameters [n,n - m - I,m + 2]q (see Exercise 3.1). Let us find now the dual code for a Reed-Solomon code e of arbitrary length n. Set n
go(u) =
TI(u - aj)-I, j=1
and denote by fl( m) the linear vector space spanned by the rational functions g,(u), 0 ::; I ::; n - m - 2. To construct e..L it is convenient to use the so-called residue map from fl( m) to F q . Consider a rational function F(u) = f(u)go(u ),J(u) being a polynomial, and recall the definition of the residue of F at ai: Res",J (u)
= f (ai) TI (ai - aj )-I . fl.i
Proposition 3.1 (the residue formula). If degf ::; n - 2 then n
I
Res",J(u) =
o.
i=1
Proof: Let f( u) = Co + CI U + ... + qui be a non-zero polynomial of degree I ::; n - 2. Consider the following system of linear equations:
l::;i5:n.
Examples and Constructions
43
We have (using Cramer's rule)
n
= (_1)n TI
n
(Uk-U/)Lf(Ui)TI(Ui-Uj)-1 19 1, orji(P' IP) = f(P' IP). Suppose that L' I k' and L" I kIf are two finite extensions of an algebraic function field L I k, and u : L' -+ Lff is an isomorphism of fields L' and L" which maps k' onto kIf and leaves L fixed. For every prime divisor p' of L' I k' we define the prime divisor uP' of Lff I kIf by setting
for allf E L" Ik" (we assume Vpl(O) = 00). The mapP' -+ uP' gives a one-to-one correspondence between the prime divisors p' of L' I k' and the prime divisors p" of L" Ik". If Llk,L'lk' andL" Ikff fonn a tower
Llk ~ L' Ik' ~ L" Ik"
132
Chapter 5
of finite extensions, we have
e(p lI I P) = e(P" I P') . e(P'1P),
f(P" IP) = f(P" IP') f(P'IP)
and
e(aP'IP) = e(P'IP) ,
f(aP'IP) =f(P'IP).
Galois Extensions Let L' I L be a nonnal extension of an algebraic function field L I k with the Galois group G = Gal(L'IL). Let P be a prime divisor of Llk and let p' be a prime divisor of L' I k' lying over P. Then every prime divisor of L' I k', lying over P, has the fonn aP' for some u E G. The subgroup D(P'IP) of G, consisting of elements u E G such that uP' = P', is called the decomposition group of p' over P. The field L~, is a nonnal extension of Lp, and every element (j of the Galois group of this extension is induced by some element u E D(P'IP). The subgroup I(P'IP) of elements u E D(P' I P), such that (j E G(P' I P) is trivial on L~" is called the inertia group of p' over P. Let r denote the number of prime divisors p' of L' Ik' lying over P. Thus the following relations holds:
r = (G: D(P'IP)), D(uP'IP) = uD(P'IP)u- l , (G: I) = [L' :LJs =r·(D(P'IP): I), (D(P'IP) : I(P'IP)) = [L~, : LpJ = f(P' IP),
[L' :LJ =r·e(P'IP)f(P"IP), G(P'IP) ~D(P'IP)II(P'IP),
and
(D(P'IP) . I) = e(P' IP)f(P' IP) . [L':LJi'
(I(P'IP) . 1) = e(P' I P).fn(P' I P) . [L':LJi·
Let L' I L be a finite extension of an algebraic function field L I k. Let
D=
L
ap·P
PEDiv(L)
be a divisor of the field Llk, letP' be a prime divisor of L' Ik' lying over P and let e(P' I P) be the ramification index of P' over P. The divisor
conL'jdD ) =
L
ape(P'IP) .p'
P'EDiv(L')
of the field L' I k' is called a conorm of the divisor D. The map con: Div(L) -+ Div(L') ,
Curves over a Finite Field
133
is an embedding of the group Div(L) into the group Div(L'), which induces a homomorphism con: Pic(L) -+ Pic(L'). For any D E Div(L) we have deg(conLI/L(D))
=
[L" L]
[k'; k] degD.
Suppose that L" Ik" is the smallest normal extension of Llk containing L', and k" is the algebraic closure of k' in L". Then L" I k" is an algebraic function field with the full constant field k". Let G = Gal(L" I L) and H be the subgroup of G which leaves L' fixed. Let G I H be the set ofleft cosets of G with respect to H. If
D'=
'P' apl'
~ £... PIEDiv(L')
is a divisor of the field L' I k', the divisor normLI/L(D')
= [L':L]n LaD' aEG/H
of the field Llk is called a norm of D'. The map D' homomorphism norm: Div(L') -+ Div(L).
1--7
normL'/L(D') defines a
If P' is a prime divisor of L' I k' lying over P E Div(L), then normL'/L(P') =f(P'IP) .p,
and iff is an element of L' I k', then
Constant Field Extensions Let L I k and L' I k' be algebraic function fields. We recall that L' I k' is a constant field extension of Llk if L' = Lk' is the compositum of fields Land k'. Proposition 5.29. In an algebraic constant field extension L' = Lk' of L I k, the following holds: (i) L'IL is unramified (i.e., e(P'IP) = I for all prime divisors P E Div(L) and all prime divisors P' E Div(L') with P'IP); (ii) L'lk' has the same genus as Llk; (iii) for any D E Div(L), we have
degL' D
= degD;
134
Chapter 5
(iv) for any DE Div(L), l(conL'IL(D)) = I(D); (v)
if K is a canonical divisor ofL / k then conL'lL (K) is a canonical divisor of L' /k';
(vi) the map
con: Pic(L) -+ Pic(L')
is injective; (vii) for any prime divisor P' E Div(L') lying over P
= P' nL,
Proof: See Deuring [24, §36] and Stichtenoth [197, 111.6].
•
The Different Let L' / k' be a finite separable extension of an algebraic function field L / k and let [L' : L J = n. Choose an algebraically closed field I containing L. An embedding of L' /L into I is a field homomorphism 0' : L' -+ I such that O'(a) = a for all a E L. Since L' / L is separable there are exactly n distinct embeddings 0'1, ... ,O'n of L' /L into I, and we set, forf E L', n
trL'lL (J)
= L O'i(J). i=1
Similarly, we define normL'IL (J) as follows normL'lL (J)
=
n n
O'i(J).
i=1
Let Vo be a real valuation of the field L. Then Vo induces a topology on L. Two elementsf,g E L are "close" in this topology if vo(J - g) is "large." A sequence {j;} of elements fi E L (i E Z, i ~ 1), is a Cauchy sequence if for every positive I E Z there exists an integer m ~ 1 such that i,j ~ m implies vo(fi - jj) ~ I. A field is complete if every Cauchy sequence converges. It is standard to embed L in a (unique) complete field Lv with a valuation v extending the valuation Vo of L such that L is dense in Lv. Let P be a prime divisor of an algebraic function field L / k and let t be a local parameter at P (i.e., an element of L/k such that vp(t) = 1). Suppose that the residue field Lp is separable over k. Then the completion Lp is isomorphic to the
Curves over a Finite Field
135
field Lp((t)) offonnal power series in t over Lp. Every element of this field has the fonn 00
Ol
= L ai ti , i=m
where m is an integer, ai E Lp and am ::f. O. Suppose now that L' I k' is a finite extension of L I k. Let P be a prime divisor ofLlk andP' a prime divisorofL' Ik'lying over P. Thenlp can be embedded in Dpl. Since the composite field L'lp is complete, contains L' and is contained in DpI, we conclude that L'lp = Dpl. Denote the valuation rings of DpI and lp by (9' pI and Op, and let
(9'pl)* =
{r E (9' pI Itrllpl/Lp (f(9'pl) ~ Op}.
Then (9' pI) * is a fractional ideal of (9' pi of the fonn
(9'pl)* = rd{PI/P)(9'PI , where d(P'IP) is a non-negative integer, which is called the different exponent of p' over P. There are only finitely many p' for which d(P'IP) ::f. O. They are exactly the prime divisors of L' Ik' which are ramified over Llk. The divisor
Diff(L'IL)=
L Ld(P'IP),P' PEDiv{L) pi / p
is called the different of L' I L. Observe that Diff(L'1L) is an effective divisor of the field L' Ik'. Let L' I k' be a finite extension of L I k and let P be a prime divisor of L I k. (i) A prime divisor p' E Div(L') lying over P is said to be tamely (resp. wildly) ramified if e(P' I P) > 1 and p = chark does not divide e(P" I P) (resp. p does divide e(P' I P)).
(ii) We say that P E Div(L) is ramified (resp. unramified) in L' I L if there is at least one p' E Div(L') over P such that p' is ramified (resp. if all p' lying over P are unramified). The prime divisor P is tamely ramified in L' I L if it is ramified in L'IL and no prime divisor p' over P is wildly ramified. If there is at least one wildly ramified prime divisor p' over P we say that P is wildly ramified in L' I L. (iii) P is totally ramified in L' I L ifthere is only one P' over P, and the ramification index is e(P'1P) = [L' : L]. (iv) L'IL is said to be ramified (resp. unramified) if at least one prime divisor P E Div(L) is ramified in L'IL (resp. all Pare unramified in L'IL).
136
Chapter 5
(v) L' I L is said to be tame if no prime divisor P E Div(L) is wildly ramified in L'IL. There is a close connection between e(P'1P) and d(P" I P) (see, for example, Serre [167, Ch. III] and Stichtenoth [197, III.5]): Proposition 5.30. Let L' I k' be a finite separable extension ofan algebraic function field L I k. Then we have: (i) if P is a prime divisor ofL I k and p' is a prime divisor ofL' I k' lying over P, thenP' is ramified ifand only ifP' E Supp(Diff(L'IL)). IfP'isramified, then
d(P' I P) = e(P' I P) - 1 d(P' I P)
? e(P' I P)
¢::=}
¢::=}
p' is tamely ramified,
is wildly ramified;
(ii) almost all prime divisors P E Div(L) are unramified in L' I L; (iii) (the Hurwitz genus formula) ifk' = k and g (resp. g') denotes the genus of L I k (resp. L' I k), then
2g' - 2 = [L' : Lj(2g- 2) + degDiff(L'IL)
L L (e(P'IP)-I)degP'
? [L' :Lj(2g-2)+
PEDiv(L)P'/P
(equality holds if and only ifL' I L is tame).
Next, there is an easy way to calculate the different of L' IL. Let ()p be the integral closure of () P in L' I k'. Then
-()p= n'()p" P'/P
and there exists a basis {Ii, ... ,In} of L' I L such that n
fjp
= L ()p 'j;,
n=[L':Lj.
i=l
Any such basis {Ii , ... ,fn} is called an integral basis of fjP over () p. Proposition 5.31. Suppose L' = L (z) is a finite separable extension ofa function field Llk of degree [L' : Lj = n. Let P E Div(L) be a prime divisor such that the minimal polynomial F(T) ofz over Llk has coefficients in ()p (i.e., z is integral over ()p), and let P;, ... ,P; E Div(L') be all prime divisors lying over P. Let fjp be the integral closure of()p in L'. Then the following holds:
Curves over a Finite Field
137
(i) d(P' /P) ~ vpl(F'(z))Jor 1 ~ i F(T) in the ri~g L[Tl);
~
r (here, F'(T) denotes the derivative oj
(ii) {I, z , ... , zn-I} is an integral basis ojCJp over (J p if and only if d (Pi / P) vp((F'(z»Jor 1 ~ i ~ r; I
=
(iii) ifF(T) E (Jp[TJ andvp' (F'(z) ) = OJor 1 ~ i ~ r, then P is unramified, and
{1,z, ... ,zn-I} is an
in~egral basis oJCJp over (Jp;
(iv) if P' is totally ramified over P, and F(T) is the minimal polynomial oj a local parameter t oJ(J' pI, then d(P' / P) = vpl(F'(t», and {1,t, ... , tn-I} is an integral basis oJCJp over ()p.
•
Proof: See Serre [167, Ch. III] and Stichtenoth [197, III.5]. Arti~chreier
Extensions
Let L / k be an algebraic function field of characteristic p > o. Suppose that J E L is an element such thatJ =1= gP - g for all gEL. Let L' = L(z) with zP - z = J. Such an extension L' /L is called an Artin-Schreier extension of L. For a prime divisor P E Div(L) we define the integer mp by
mp
={
m
-1
if there is an element h E L satisfying v p if - (h P - h) ) = -m < 0 andm mod(p) ifvpif - (h P -h» 2: 0 for some hE L
to
From Propositions 5.29 to 5.31 we deduce the following result: Proposition 5.32. Let L' / L be an Artin-Schreier extension oJL / k. Then we have: (i) L' / L is a cyclic Galois extension oj degree p, and the automorphisms oj L' /L are given by u(z) =z +1, with I = 0, 1, ... ,p -1;
(ii) a prime divisor P E Div(L) is unramified in L' /L ifand only ifmp (iii) P is totally ramified in L' / L if and only if mp prime divisor ojL' lying over P, then
= -I;
> 0; and if P' is the unique
d(P' /P) = (p-I)(mp+ I); (iv) if at least one prime divisor P E Div(L) satisfies mp
braically closed in L', and g' =pg+P; 1
(-2+
L
> 0, then k
(mp+ I)degp),
PEDiv{L)
where g' (resp. g) is the genus oJL' /k (resp. L/k).
is alge-
138
Chapter 5
Let L I k be an algebraic function field over k and letf,g, h E L. We write f = g+E(h)
at
P,
iff = g+ uh with vp( u) 2: O. In particular,f = g+ E (1) means that Vp (f - g) An immediate consequence of Proposition 5.32 is:
2: O.
Proposition 5.33. Suppose that L I k is an algebraicfunction field ofcharacteristic p > 0 over k (where k = Fql is algebraically closed in Land q' = q2 = p2v). Let f ELand assume there exists a prime divisor P E Div(L) such that
vp(f) Then the polynomial Tq with
= -m, +T -
m
>0
and
(m,q)
= 1.
f E L[T] is absolutely irreducible. Let L' = L(z) zq +z =f.
Then the following holds:
(i) L'IL is a Galois extension of degree [L' : L] = q. The Galois group Gal(L' I L) is an elementary abelian of exponent p, and k is algebraically closed in L'. (ii) The prime divisor P is totally ramified in L', and the ramification index ofP' over Pis e(P' I P) = q. Moreover, degP' = degP, and the different exponent of p' I P in the extension L' I L is given by d(P'IP)
= (q -I)(m + I).
(iii) Let Q E Div(L) be a prime divisor and assume that
for some element h E L. Then the divisor Q is ramified in L' I L. In particular, this is the case ifvQif) is non-negative. (iv) Suppose that the prime divisor Q E Div(L) is a zero off - '}' with'}' E Fq. The equation a q + a = '}' has q distinct roots a E k, and for any such a there exists a unique prime divisor Q~ E Div(L') such that Q~ lies over Q, and Q~ is a zero of z - a; in particular, the divisor Q splits completely in L' (i.e., e(QaIQ) = f(QaIQ) = I for all Qa lying over Q).
Curves over a Finite Field
139
EXERCISES 5.1. Let Fq be a finite field of characteristic p #- 2,f(x) a polynomial in Fq [xl and (!!) the generalized Legendre symbol (the multiplicative character of order 2) defined by if a = 0, if a#-O and a is a square in Fq , if a#-O and a is a non-square in Fq. Show that: (a) the number Nq of solutions of the equation y2 = f(x) in elements x,y E Fq can be expressed as
I
Nq =
(l+(J(X»)); q
xEFq
(b) ifJ(x)
= ax 2 +bx+e is a polynomial of degree 2 andd = b 2 -4ae, then ifd = 0, ifd
#- 0;
(c) the number Nq of solutions of the equationax 2 +by2 = e inelementsx,y E F q , where d = ab #- 0, is expressed by formulas q+(
_ {
Nq -
~d( (q _ 1)
q-
5.2. Let Fq be a finite field of characteristic p
--d)
ife = 0, ife
q
#- O.
#- 2 and let
be a quadratic form over Fq with non-zero discriminant d
= al ... an.
Show that:
(a) ifn = 2m then the number Nq of solutions ofthe equationJ(xl, ... ,xn ) elements Xl, ..• ,xn E Fq is expressed by N _ {
q2m-l
q -
q
+ c-~md) (q -
2m-1
-
d) ((_l)m -q-
q
l)qm-l
ife
=0
m-l
ife
#- 0;
(b) ifn = 2m + 1 then ife = 0 if e
(Hint: Use induction on m.)
#- O.
= e in
140
Chapter 5
5.3. LetFq be a finite field and X (resp. t/J) be a multiplicative (resp. an additive) character of Fq . Prove that for the Gaussian sum
T(X,t/J) =
L
XEFq
X(x)t/J(x)
the following relations hold: (a) T(Xo, t/Io) = q;
(b) if X # XO, then T(X, t/Io) = 0; (c) ift/J# t/Io,then T(xo,t/J) =0; (d) if X # xo, t/J # t/Io, then IT(x, t/J)I = ql/2. 5.4. Let t/J be a non-trivial additive character of a finite field F q , let s be a positive divisor of q - 1 and let a be a non-zero element of F q . In the notations of the previous exercise prove that:
(a) LxEFq t/J(axS) = LindX=s x(a)T(x, I/J); (b) iLxEFq t/J(axS)i ::; (s _1)ql/2; (c) ifp = charFq # 2 andf(x) = ax2 +bx+c is a polynomial in Fq[xJ of degree 2 then
L I/J(f(X))!=ql/2. !XEFq 5.5. Letf(xl, ... ,xn) be a polynomial in Fq[XI, ... ,xnJ and I/J a non-trivial additive character of F q • Prove that the number N q of solutions ofthe equationf(xl,'" ,xn) = 0 in elements Xl, . .. ,Xn E Fq is expressed by
5.6. Let Sl, .. . ,Sn be positive integers, So be their least common multiple and di = (Si,q -I), 0::; i::; n. Show that: (a) if Nq is the number of solutions in elements Xl, .. . ,Xn E Fq of the equation
alxfl +.··+anx~n =0, then
al···an #0,
iNq -qn-li::; (dl-I) ... (dn _1)(q_l)qI- I ;
(b) ifs isa positive divisor ofq - 1 andNq is the number of solutions inxl, ... ,Xn E Fq ofthe equation
then
Curves over a Finite Field
141
(c) if Nq is the number of solutions in XI, ... ,Xn E Fq of the equation
then 5.7. Let X (resp. l{!) be a non-trivial multiplicative (resp. a non-trivial additive) character of Fq and let
Tv
= Tv(X,l{!) =
L
Xv (x) l{!v (x).
XEFqv
Prove the validity of the Davenport-Hasse relations
Tv = (-l)v+ITr. 5.8. Let l{! be anon-trivial additive characterofFq , andletg(x) = boxn +bIXn- 1 + .. ·+bo be a polynomial in Fq [xl of degree n with (n, q) = 1. Then let
Tv
= Tv(g) =
L
l{!v(g(x))
xEFqv
and
L(g,z) = exp
(i ~
zv) .
v=1
Show that: (a) the L-function of ArtinL(g,z) has the form
L(g,z) = 1 + f3lz+··· + f3n_lz n- l ; (b) if L(g,z) = rr7~i (1- w;z), then
Tv(g) (c)
lf3n-ti =
=-
n-I
L w!;
j=1
0-1
qT.
5.9. Let a, b be non-zero elements of a finite field Fq and let l{! be a non-trivial additive character of F q . Then let
Tv(a,b)=
L
l{!v(ax+bx- I ),
a,biO
XEF;v
be the Kloosterman sum and
L(a,b,z) Show that:
= exp (~I
~ zv) .
142
Chapter 5
(a) the L-function of Artin L(a,b,z) has the form
L(a,b,z) = 1 + f:llZ+ /hz 2 ; (b) if L(a,b,z)
= (1- wlz)(1 -
Wzz), then
Tv(a, b) = -( wi' + w2'); (c)
1f:l21 =
q.
5.10. Letf(x) = liS! (x) .. f;' (x) be the decomposition of the polynomialf E Fq[x] into irreducible factors in Fq [x], let s be a positive divisor of q - 1 and deg(fi .. fr) = m. Then let X be a non-trivial multiplicative character of Fq of exponent s, let (S,SI,'" ,Sr) = 1 and let
Sv = Sv(f) =
L
Xv(f(x)).
XEFqv
Show that: (a) the L-function of Artin
L(f,z) = exp
(f S:
zv)
v~l
has the form (b) if L(f,z)
L(f,z) = 1+f:llZ+"'+f:lm_l zm - 1;
= rrr=ll (1- wjZ), then m-l
Sv(f) = -
L
j=l m-!
(c) If:lm-Ii=q"''2.
wJ;
Chapter 6
Counting Points on Curves over Finite Fields In this chapter we apply the technique we have worked out earlier to prove the Riemann hypothesis for the zeta-function C(X,s) of a curve X defined over a finite field F q . This result was proved for the first time by Hasse (in the case of elliptic curves) and Weil (in the general case) using the correspondence theory on X. Here we give an elementary proof based essentially on using only the Riemann-Roch theorem (see Stepanov [184,185,187], Bombieri [17], Schmidt [159] and Stohr and Voloch [200]).
6.1.
THE NUMBER OF RATIONAL POINTS ON A CURVE
Let X be a smooth projective curve of genus g defined over a finite field k
= Fq .
Theorem 6.1 (the Hasse-Weil bound). Let Nqv = Nqv (X) be the number ofFqvrational points of the curve X. Then (6.1) We divide the proofinto two stages. At first we get the inequality
(6.2) with some positive constant c = c (X), and then we deduce (6.1) using the properties of the zeta-function Z(X,s), established earlier in Section 5.2. 143
144
Chapter 6
Preliminary Bound Let k' = Fq be an algebraic closure of the field k = F q . The method which we shall use consists in the construction of a non-zero rational function f E k' (X) that has zeroes of a sufficiently high order at every Fqv-rational point x E X (with the possible exception of only one such point) and that does not have too many poles. The inequality (6.2) is obtained now if we compare the number of zeros (taken with their multiplicities) with the number of poles of the function f. To detennine the functionf we use the Riemann-Roch theorem. Whenever every extension Fqv of the field k = Fq is again the definition field of X, we can assume without loss of generality that q II = p2r, where p is the characteristic of F q . Lemma 6.2.
If q
II
= p2r and q v > (g + 1)4 then
Nqv :::; qll + 1 + (2g+ l)qll/2. Proof: We may assume that X has a point y with coordinates in Fqv, since otherwise Nqv = O. Let Rm denote the k' -linear space of functions f E k' (X), which are regular outside y and which have aty a pole of the order at most m, that is vi!) ~ -m. The following facts can be easily proved:
(i) dimRm+ I (ii) if m
:::;
> 2g -
dimRm+ 1; 2, then dimR m = m - g + 1 (see Corollary 4.29);
(iii) iff(x) E Rm, thenf(x qv ) E Rmqv; (iv) there is a basis {ji, ... ,/s} of Rm such that vy(fi) 1,2, ... ,s-1.
< vy(fi+d for
i
=
Indeed, we have so that
Rm
= tIJf=oRdRi- I .
By property (i), we have dimRd Ri-I :::; 1, and the result follows, since a basis can be obtained by picking up for each i, when possible, one element of Ri not in Ri- I. Let n, T be non-negative integers and UI, ••• , Us be elements of Rn. Consider the auxiliary function
f(x) = ui( (x)./i (xqv) + ... + u( (x)/s(x qv ). We have:
Counting Points on Curves over Finite Fields
145
< qV, thenf(x) is identically zero in k'(X) if and only if all the Ui(X) are identically zero.
(v) /fnpT
In fact, suppose thatf(x) is identically zero and that Uj(x) is the first Ui (x) which is not identically zero. Taking the order aty of both sides of the identity
Uj (x)jj(x q )=-Uj+l(Xl!i+l(X q )-···-uf (x)!s(x q ) ~ 1)7
_1)7
V
7
7
V
we obtain, using property (iv),
pT vy(Uj) +qVvyCjj)
~ ~>in(pT Vy(Ui) I
'j
+ qVvy(ti)) ~
_npT + qVvY(!f+d.
Therefore
pTvy(Uj)
~
_npT +qV(vy(!f+l) -vy(!f))
~
_npT +qV > O.
This means that Uj(x) vanishes at y, and thus is a function with no poles and at least one zero; hence Uj (x) is identically zero, contradicting our initial assumption. (vi) /fm,n > 2g-2 and if(n -g+ l)(m -g+ 1) > npT +m -g+ 1 then we
can choose the Ui (x) not all identically zero, such that
uf7 (x).fi (x) + ... + u{ (xlfs(x) is identically zero. In fact, this function is regular outside y and has at the point y a pole of order I::; npT + m, whence by (ii) the set of such functions fOnDS a linear space over k' of dimension at most npT + m + 1. Since each Uj can vary in a vector space of dimension n - g+ 1, and since s = m - g+ 1 (again by (ii)), we get statement (vi): We recall that if x is a Fqv -rational point of X then xqV = x and hence, under the conditions m,n > 2g-2, npT < qV, (m - g+ l)(n - g+ 1) > npT +m - g+ 1, we can construct the auxiliary function f(x) so that it is not identically zero, which vanishes at every Fqv-rational point of X, except aty. Also, sincef(x) by construction is apT-power, we see that it must vanish there with multiplicity at leastpT. Hencef has at least (Nqv -l)pT zeros. On the other hand, f is regular outside y and the order of pole there can not exceed npT +mqv. Thus we have proved that ifm,n,T satisfy m,n > 2g-2, npT < qV, (m - g+ l)(n - g+ 1) > npT +m - g+ 1 then we have the inequality
(Nqv _1)pT ::; npT +mqv. WechoosepT = qv/2, n = qv/2 -1, m = qv/2 +2g. The conditions are satisfied if qV > (g+ 1)4, which we have supposed, and we obtain at once the conclusion ofthe lemma. • Now we tum to the proof of the inequality (6.2).
146
Theorem 6.3.
Chapter 6
If q v = p2r then
Proof: The function field k' (X) contains a purely transcendental subfield k' (u) such that k' (X) is a separable extension of k' (u). Hence there is a nonnal extension of k' (u) which is also nonnal over k' (X); geometrically, we have a situation
X' -t X
-t pI ,
where X' -t pI and X' -t X are Galois coverings, with Galois groups G and H respectively, H being a subgroup of G. Although this situation need not be realized over the field Fqv, it will always be realized over a finite extension of it and therefore for our purpose we may as well assume it is in fact realized over Fqv. Ifx is a point of pI over Fqv and unramified inX -t pI, and ifx' is a point of X'lying over x, we have
O"(x') = x,qV for some 0" E G, called the Frobenius substitution of G at the point x'.
Let
Nqv (X', 0") be the number of such points of X' with Frobenius substitution 0". The same argument used in the proof of Lemma 6.2 gives
where g' is genus of X'; alternatively, one may note that Nqv (X', 0") = Nqv (X~), where X~ is a curve over Fqv isomorphic to X' over an extension Fqmv, where m is the order of element 0" E G (X~ is thus a certain twisting of X' by means of 0"), and the lemma can be applied directly. We have
L Nqv (X', 0") = IGI·Nqv(pl) +0(1) CIEG
(the O( 1) takes care of the branch points of the covering) and, since Nqv (pI) = qV + 1, the upper bound for Nqv(X',O") implies
We have also
L Nqv (X', 0") = IHI·Nqv(X)+O(l), CIEH
whence
Nqv
= Nqv (X) = qV + 0(qv/2),
and this completes the proof of the theorem.
•
Counting Points on Curves over Finite Fields
147
The Hasse-Weil Bound
Tum now to the proof of Theorem 6.1. We have seen (Section 5.2) that the zeta-function Z(X, t) of the curve X of genus g defined over k = Fq has the form
P(t) Z(X,t) = (1- t)(l-qt)' where
P(t)
= 1+
2g-1
L
Uiti +q gt 2g
i=1
is a polynomial with integer coefficients. Moreover, we have seen that if
2g
P(t)
= I1 (1- wit), i=1
then
Nqv = q" + 1 -
2g
L wj.
(6.3)
i=1
Now we show that all zeros wi- I of the function Z (X, t) lie on the circle It I = q-I/2 in the complex plane Co This is equivalent to the condition that all zeros of ,(X,s) = Z(X,t) lie on the line Res = 1/2. Indeed, it follows from Theorem 6.3 that the series
Z'(X,t) _ _ q _ __1__ ~ (N v _ "-I)t,,-1 Z(X,t) 1-qt I-t-"~I q q converges absolutely in the disk It I < q-I/2. Hence the function Z(X,t) has no zero for It I < q-I/2. Moreover, by virtue of functional equation it also has no zero for It I > q-I/2. In that case all the zeros ofZ(X,t) lie on the circle It I = q-I/2, so that Iwd = ql/2 for i = 1,2, ... ,2g. From (6.3) we obtain the following inequality
INqv -q" -11 ~
2g
L Iwd" = 2gq,,/2, i=1
which gives the required result.
6.2.
CHARACTER SUMS
The question concerning upper bounds for absolute values of character sums
L XEFqv
X (norm" (f(x)))
and
L XEFqv
t/I(tr" (g(x))) ,
148
Chapter 6
with multiplicative and additive characters X and l/J of the field Fq is closely connected with the question of the number of Fqv -rational points of superelliptic and Artin-Schreier curves defined over Fq by equations
respectively.
Superelliptic Curves Let s' = (s,q -1) and s = s'r. Since (r,q -1) = 1 then z = yr runs through all elements of Fq as y does. Hence the number of solutions x,y E Fq (6.4) is the same as the number of solutions x,y E Fq of the equation yS' = f(x). Therefore, we can assume without loss of generality that s is a divisor of q - 1. Proposition 6.4. The number Nqv ofsolutions ofequation (6.4) in elements x,y E Fqv is given by Nqv
=
L L
Xv(f(x))
=
indx=sxEFqv
L L
x(normv(f(x))),
indx=sxEFqv
where the external sum is over all multiplicative characters X of the field Fq of exponent s.
Proof: See Schmidt [159, p. 78] and Stepanov [187, p. 51].
•
Let f(x,y) be a polynomial in Fq[x,y]. The polynomial f(x,y) is called absolutely irreducible if it is irreducible over each finite extension of the field Fq. In this case we say that the equationf(x,y) = 0 defines an absolutely irreducible (or absolute) affine curve X over F q . Proposition 6.5. Let f(x) be a polynomialin Fq [x]. The following conditions are equivalent: (i) yS - f(x) is absolutely irreducible; (ii) iff = !is) .. -//r is the decomposition off into distinct irreducible factors in Fq[x] then (s,S), ... ,sr) = 1.
Proof: See Schmidt [159, p. 54] and Stepanov [187, p. 54]. Corollary 6.6. Let I = degf(x). absolutely irreducible.
If (I,s) =
•
1 then the polynomial yS - f(x) is
Counting Points on Curves over Finite Fields
149
Theorem 6.7. Letf(x) be a polynomial in F[x). letf = /{l .. -fir be its decomposition into distinct irreducible factors /; E Fq [x). let m = deg(ti .. ·fr) and let X be a non-trivial multiplicative character of Fq of exponent s. Suppose that (S,Si, ... ,Sr) = 1. Then
L
Xv(f(x)) ~ (m _1)qv/2
XEFqv
for all v
~
1.
Proof: By Proposition 6.5 the polynomial yS - f(x) is absolutely irreducible and hence it defines an absolute affine curve X (which is birationally isomorphic to a smooth projective curve of the same genus). Thus, if Nqv is the number of Fqv-rational points of X, Theorem 6.3 gives
INqv _qVI ~ cqv/2, where c is a positive constant depending only of the polynomial yS - f(x). Now Proposition 6.4 implies
and hence
Finally, by Theorem 5.26
L
m-i
Xv(f(x)) = -
XEFqv
L wj'(X),
j=i
and therefore m-i
L L wj'(X)
~ cqv/2
ind.¥=sj=i X;eXo
for all v ~ 1. Applying Proposition 5.28 we obtain the required result.
•
Corollary 6.S. Let Nqv be the number of Fqv-rational points on absolute curve X defined over Fq by equation (6.4). and m the number of distinct roots of the polynomialf E Fq[x) in algebraic closure Fq ofthefield Fq. Then
INqv _qVI ~ (s-l)(m _1)qv/2.
150
ChapterS
The Artin-Schreier Curve Tum now to the question of the number of solutions x,y E Fqv of the equation
(6.5)
Proposition 6.9. Let Fq be a finite field and v > 1 an integer. Then the number Nqv ofsolutions x,y E Fqv of equation (6.5) is given by Nqv
=L
L
I/Iv(g(x))
'" XEFqv
=L
L
1/1 (trv (g(x))),
'" XEFqv
where the external sum is over all additive characters 1/1 of the field Fq.
Proof: See Schmidt [159, p. 93] and Stepanov [187, p. 52]. Proposition 6.10. Let f(x,y) coefficients in a field k. Set
= yS +.Ii (x )ys-I + ... +Is (x) v"'if)
•
be a polynomial with
degfj =max-199 i
and suppose that 8if) = lis with (l,s) = 1. Thenf(x,y) is absolutely irreducible.
Proof: See Stepanov [185] and Schmidt [159, p. 93].
•
Corollary 6.11. Let g(x) be a polynomialin Fq[x] of degree n. If(n,q) = 1 then the polynomial yq - y - g(x) is absolutely irreducible. Theorem 6.12. Let g(x) = box n +b1x n - 1 + ... +bn be a polynomial in Fq[x] of degree n ~ 1, where (n,q) = 1, and 1/1 a non-trivial additive characterofFq. Then
L
I/Iv(g(x)) :::; (n _1)qv/2
XEFqv
for all v > 1.
Proof: The proof of the theorem is completely similar to the proof of Theorem 6.7. • Corollary 6.13. Let g(x) be a polynomial in Fq [x] of degree n ~ 1 and Nqv the number ofFq v-rational points ofthe affine curve X defined over Fq by the equation (6.5). If(n,q) = 1 and v> 1 then INqv-qVI:::; (n_1)(q_1)qv/2.
Counting Points on Curves over Finite Fields
151
Lower Bounds The results of Theorems 6.7 and 6.12 can not be improved in general (Stepanov [186, 189]):
Theorem 6.14. Let Fq be a finite field of characteristic p > 2, let Fqv be an extension of Fq of degree v > I and let Xv be the multiplicative character of
Fqv induced by a non-trivial quadratic character of the field Fq. There exists a square-free polynomial f E Fq [x 1of the form
if v = 2n if v = 2n+ I such that ( v/2 I) v/2 Xv(f(x)) = { ~ _ 1- q
L
if v = 2n if v=2n+1
q
XEFqV
Proof: Let v > I be an even number. Since xqV = x for any x E Fqv, we have
v( v - IT x+x qv/2 )qi-I -_ IT (qi-I x +x qV/2+i-l)
norm vf( x ) -
i=1
i=1
v/2. . v/2 . . = IT(X ql - 1+xqV/2+I-I)IT(xqV/2+J-1 +xql-I) i-I
j=1
v/2. . - IT( ql-I +xqV/2+'-1)2 , -
X
i=1
and therefore
L
Xv(f(x))
XEFqv
=
L
x(normv(f(x)))
= qV -N,
XEFqv
where N is the number of roots of the polynomial f(x) = x + x qv /2 in the field Fqv. Since (qv/2 - l,qV - I) = qv/2 - I it follows from the Euler criterion that the number of roots of the polynomial I + x qv/2 -I is equal to q v /2 - I. Thus N = q v /2 and hence Xv(f(x)) = (qv/2 _1)qv/2.
L
XEFqv
Similarly, if v
-
norm v f( x ) -
> I is an odd number then for each x E Fqv
IT
(v-I)/2 i=1
.
.
(ql-I q(V+I)/2+,-1)2 x +x
we have
. IT (. q(V-I)/2+ -I)2 Xql-I +x
(v+I)/2 j=1
J
152
Chapter 6
and therefore
L
L
x,,(f(x)) =
XEFqv
x(norm,,(f(x))) = q" -N' ,
XEFqv
where N ' is the number of roots of the polynomialf(x) x q(V+l)/2).10 F q v •lt'IS easy to see that N I = 1 andhence
L
= (x +xq(,,-I)/2)(x +
x,,(f(x)) = qV - I,
XEFqv
as required.
•
Since a E Fqv is a square if and only if norm" (a) is a square in Fq we obtain the following result. Corollary 6.15. Let Nqv be the number of solutions in x,y E Fqv of the equation y2 = f(x), where f(x) is the polynomial from Theorem 6.14 with degf= Then
{
qv/2 q(,,-I)/2(q+l)
_ { q" + (q,,/2 _ l)qv/2 Nqv2qV-I
if v = 2n if v=2n+1 if v = 2n if v=2n+1
It is possible to extend the result of Theorem 6.14 to the case of arbitrary non-trivial multiplicative character X of exponent s ~ 2, where s is a divisor of q - 1, and construct the corresponding affine curve X :yS
= f(x)
with a lot of Fqv-rational points (see Gluhov [62]). Theorem 6.16. Let Fq be a finite field of characteristic p ~ 2, let Fqv be an extension of Fq of degree v > 1 and let X" be the character of Fqv induced by a non-trivial multiplicative character X of the field Fq of exponent s ~ 2. For any positive integers k and I with the condition k + I = s there exists a polynomial f E Fq [x] J (j. (Fqv[x])S, oftheform (x + Xq(V-2)/2)k (x +Xq(V+2)/2)1 (X+xqV/2)S/2 (x +Xq (V-l)/2)k (x +Xq(V+l)/2)1 such that:
if v=2nands#2t if v=2nands=2t, if v=2n+1
153
Counting Points on Curves over Finite Fields
(i)
ifp = 2, q > 2 and s = 2t + 1 then if v = 2n and 4 I v if v = 2n and 4 f v if v=2n+l
(ii)
ifp > 2 then qV _q qV -1
(qv/2 _1)qv/2 qV -1
if if if if
v = 2n and 4 I v v=2nand4fv v = 2n and s = 2t v=2n+l
A similar result can be proved in the case of an additive character as shown by the following theorem (Stepanov [186, 189]): Theorem 6.17. Let Fq be afinitefield ofcharacteristic p > 2, let Fqv an extension of Fq of degree v> 1 and let I/Iv be the character of Fqv induced by a non-trivial additive character 1/1 of the field Fq. There exists a polynomial g E Fq [u 1of the form g(u) = {
U
u
2 +2~(v-2)/2 ql+1 L.,[=I U
+ Uqv/2+1
2 +2~(v-I)/2 q'+1
u
L.,[=I
if v = 2n if v=2n+l
such that
L
I/Iv(g(u)) = qv-I/2.
UEFqv
Proof: Let {WI, ... , wv } be a basis of the field Fqv over Fq. Every element x E Fqv can be uniquely written as a linear combination X =XIWI +···+xvwv
of the basis elements WI, ... , Wv with coefficients Xj E Fq. Next, if u(x) = xq is the Frobenius automorphism of Fqv, we have x =XIWI+ ... +xvwv u(x) =x!O"(wd+'" +xvu(wv) ( ) + ... +xvu v-I( Wv ) . U v-I(x ) =XIU v - IWI
Chapter 6
154
Let us consider the above linear combinations as a system oflinear equations with respect to unknowns Xj. The determinant
of the system differs from zero and hence (by Cramer's rule)
where A .• _ (
alJ -
-
l)i+j dt( e u I-I( Wk )) I 1 for some i ? 1 . By the Hurwitz genus formula, the conditions (ii) and (iii) imply that g(Li) ~ 00 as i ~ 00. Moreover, one can show that for any tower £.- = {Li} the sequence {Nq(Li)/g(Li)} is convergent (see [56]). Now we set A(q
= lim Nq(Li) . Hoo
g(Li)
(6.11)
Since 0::; A(q ::; A(q), any tower of function fields over Fq provides a lower bound for A(q). We call £.- asymptotically good (resp. asymptotically optimal) if A(q > 0 (resp. A(q = A(q)). The notion of asymptotically good sequences of function fields is closely related to the notion of asymptotically good sequences of codes. For example, let {Li} be a tower of function fields, and {Cd the corresponding sequence of geometric Goppa codes, coming from the curves X; (see Chapter 10). If · Nq(X;) 1 1I m--> Hoo
g(X;)
,
Counting Points on Curves over Finite Fields
165
the sequence {Cj} of linear codes Cj is asymptotically good. This reduces the problem of constructing asymptotically good codes to the problem of constructing asymptotically good sequences of function fields over a given finite field F q . Now we consider several examples of asymptotically good towers of function fields over Fq for an arbitrary q, proposed recently by Garcia and Stichtenoth [55]. Let P(L) be the set of all prime divisors of a function field L / Fq . Given a finite extension L' / L and a prime divisor P E P(L), there are finitely many prime divisors P' E P(L') lying over P. We recall that the extension L' / L is tame if the ramification index e(P' / P) is relatively prime to the characteristic of Fq , for all P E P(L) andallP'/P.
Theorem 6.24. Let f., follOWing conditions:
= {Lj} be a tower offunction fields over Fq satisfying the
(i) all extensions Li+I/Lj are tame; (ii) the set
S = {P E P(Lt) IP is ramified in L;JLt/or some i ~ 2} isfinite; (iii) the set
T = {P E P(LI) I deg(P) = 1, and P splits completely in all extensions Li / LI} is non-empty. Then the tower f., is asymptotically good, and A(J:.,)
21TI
~ 2g(LI)-2+s'
where s
=
L degP.
PES
Proof: Since L;JL I is tame, the degree of the different Diff(L;JL d is given by
degDiff(L;JLd= L
L(e(P'/P)-l).degP'.
PESP'/P
Using the equality
L e(P' / P) . degP' = [Lj : LI]' degP, P'/P
166
Chapter 6
we obtain degDiff(L;/LI) :::; [L; : Ld
L degP = [L; : Ld ·s.
PES
Now the Hurwitz genus fonnula implies
2g(L;) :::; [L; : Ld· (2g(LJ) - 2+s) +2. Observe that this inequality implies that 2g(L;) - 2 + s i
-+ 00.
> 0,
since g(L;)
-+ 00 as
On the other hand, we have Nq(L;) 2: ITI· [L; : Ld by condition (iii), and therefore Nq(Li) > 21TI g(L;) - 2g(L;) -2+s +2/[L; : Ld for all i
2: 2. This shows that
which proves the theorem.
•
Our aim is to give some explicit examples of towers that satisfy the hypotheses of the theorem.
Proposition 6.25. Let m > I be an integer with q == I mod (m), and let So ~ Fq be a subset of Fq with 0 E So. Suppose thatf(u) E Fq[uJ is a polynomial whose leading coefficient is an mth power in Fq satisfying the following conditions: (a) f(u)
= ul·fi (u)
withfi(O)
=I- 0 and (I,m) = 1;
(b) degf(u)=m; (c) for each a E So, all roots of the equationf(u)
= am
lie in So.
Wedefinefunctionfields L;/Fq recursivelybyLI = Fq(xJ) andLi+1 =L;(x;+I) with (6.12) X~I =f(x;). Then
.c = {Li} is a tower offunction fields over Fq having thefollowing properties:
(i) Li+ 1/Li is tame extension of degree m,for every i 2: 1; (ii)
if P E P(LJ) is ramified in L;/LI for some i 2: 2 then P is a zero ofXI for some a E So;
(iii) the pole Poo ofX I in LI splits completely in L;/LI,for every i 2: 2; (iv) A(.c) 2:
2/(ISI- 2) > O.
-
a
Counting Points on Curves over Finite Fields
167
Proof: First we consider the extension L2/ LI, where L2 = LI (X2) and
xi = f(xd = x( .Ji (xd·
(6.13)
Let PIE P (L I) be the zero of XI in L I and let P2 be a prime divisorlying over PI. Ifv2 denotes the corresponding discrete valuation of L2, we have from (6.13)
m ·V2(X2)
= I·V2(XI) = l·e(P2/Pd. : Ld = m = e(P2/PI) and V2(X2) = I.
As (I,m) = I, this implies [L2 We see by induction that [Li : LJ] = mi-l, that PI is totally ramified in Li / LI and that Vi (Xi) = Ii-I; here Vi is the valuation of Li corresponding to the unique prime divisor Pi E P(Li) lying over PI. In particular, it follows that Fq is algebraically closed in Li. Since LH 1/Li is a cyclic extension of degree m (this follows from (6.12) and from q == 1 mod(m)), the extensionLHI/L i is tame. Next we show by induction on i that the pole of XI splits completely in Li / LI . Let Q E P(L i ) be a pole of XI. Then Q is a pole ofxl,x2, ... ,Xi, by (6.12), and
= xl .Ji (Xi). Dividing by x't and setting y = XH 1/Xi, we obtain X~I
(6.14) where (3 is the leading coefficient of f( u) and the function z has a zero at the prime divisor Q. The reduction of the equation (6.14) modulo Q gives ym == (3 mod(Q), and since the equation um = {3 has m distinct roots onFq , it follows from the well-known Kummer theorem (see Stichtenoth [197, 111.3.7]) that the prime divisor Q splits completely in Li+I/Li. As a consequence, we have Nq(Li) 2: m i- I and therefore g(Li) --+ 00 as i --+ 00. We have proved that L = {Li} is a tower of function fields over Fq with the properties (i) and (iii). Now we prove the property (ii). Suppose that P E P(LI) is ramified inLdLI. Choose Q E P(L i ) with e(Q/P) > 1 and letPj = QnLj be the restriction of Q to Lj . Since Q/ P is ramified, then Pj+1/Pj is ramified for some j 2: 1. From the equation (6.15) and from the ramification theory of Kummer extensions (see [197, III.7.3]), it follows that PHI is a zero of xHI. Denoting by x(Q) the residue class of an element X ELi modulo Q, we obtain from (6.15) that
The condition (c) of the theorem implies thatxj(Q) E So. Repeating this process, we find that Xj_1 (Q), ... ,X2(Q),XI (Q) E So. Hence the property (ii) holds.
168
Chapter 6
Now we can apply Theorem 6.24. We set S = {P E J'(LJ) IP is a zero of Xl and
-
a for some a E So}
T = {the pole of Xl inLJ}.
Then Theorem 6.24 yields that 2
A(,c) ~ ISol-2. This completes the proof.
•
Example 6.1. Let p be a prime number, q 1). Let Ln = Fq(XI, ... ,Xi) with
=p
II
with v
> 1, and m = (q -
1) / (p -
l:::;k:::;i-l.
Then £ = {Li} is an asymptotically good tower over Fq with
A(,c)
~ ~2. q-
Proof: Let So = Fq andf(u) = 1- (u + l)m. Conditions (a) and (b) of Proposition 6.25 hold obviously. In order to verifY the condition (c), let a E Fq and I - ( 1 + 1)m = am. If am = 1 then 1 = -1 E F q . If am i- 1 then 1 - am E F; (observe that a is the norm map from Fq onto Fp). Hence
(1+ l)q-1 and therefore 1
= (( 1+ 1)my-1
= (1- amy-l
H
am
= 1,
+ 1 E F q . The result follows now from Proposition 6.25.
•
For q = 4, the tower,c = {Li} of the above example is asymptotically optimal over F4, since A(L) ~ 1 andA(L) :::; A(4) :::; 1, by the Drinfeld-Vladut theorem. One can show that in this case the tower ,c = {Ld corresponds to the sequence {Xo(3 i )} of classical modular curves Xo(3 i ), reduced modulo 2 (see Chapters 8 and 9). Moreover, this example provides an elementary proof of the fact that A (q) > 0 for all non-prime finite fields.
Example 6.2. Let q > 2 and Li = Fq2 (Xl, ... ,Xi) be the tower of function fields over Fq2, with xt;ll + (xs + 1)q-l = 1, 1 :::; s :::; i-I. Then ,c
= {Li}
is an asymptotically good tower over Fq2 with
A(L)~~2· q-
Counting Points on Curves over Finite Fields
169
Proof: Choose So = Fq andf(u) = 1- (u + I)q-I. Using the same arguments as in previous example, we arrive at the desired result. •
The tower £ = {Li} of Example 2 is asymptotically optimal for q = 9 (with A(£) = 2), and corresponds to the sequence of classical modular curves XO(2i), reduced modulo 3.
Asymptotics for Jacobians If one knows the zeta-function
Z(X,t) =
n;!1 (1 - wit) (I-t)(I-qt)
ofacurveX over F q , then one can also determine the number of Fq-rational points of the Jacobian of X.
Proposition 6.26. Let h = hq(X) of the Jacobian Jx ofX. Then
= IPico(X) I be the numberofFq-rational points 2g
hq(X)
= I1(Wi -1). i=1
In particular,
(ql/2 _I)2g::::; hq(X)::::; (qi/2+ I)2g.
•
Proof: See Wei! [226J. This proposition implies that
One can improve upon this fact in the following situation. Let X be a curve from a family of curves of growing genus g such that lim Nq(X) = c > o.
g-t oo
g(X)
Then we have the following result:
Proposition 6.27.
.
.
hm lOf
g(X)-t oo
logq hq (X) q (X) ~ I+clogq(--I)· g q-
Proof: See Tsfasman and Vladut [208, p. 185].
•
170
Chapter 6
EXERCISES 6.1. Let Fqv be a finite extension of Fq. Given positive integer s I (q - 1), s z E Fqv show that the number of elements y E Fqv with y' = z is equal to
L
L
X,,(z) =
indx=s
> 1 and
X(norm" (z)),
indx=s
where the sum is over all multiplicative characters of Fq of exponent s. 6.2. Given z E Fqv, v equal to
> 1 show that the number of elements y Ll/J,,(z)
= Ll/J(tr,,(z)),
oJ!
where 6.3. Let
E Fqv with u q - y = z is
oJ!
l/J runs over all additive characters of F q .
l/J be a non-trivial additive character of Fq and T(a,b)= L l/J(ax+bx- 1), xEF;
the Kloosterman sum. Prove that: (a) the polynomial ax 2 - (yq - y)x + b is absolutely irreducible;
(b) IT(a,b)l::; 2~.
6.4. Let Fq be a finite field of characteristic p > 2 and X be a non-trivial multiplicative quadratic character of F q . In the notations ofthe previous exercise prove that
T(a,b)
=
L X(x 2 -4ab)l/J(x). XEFq
(Hint: Use the change of variables: y = ax + bx- 1 .) 6.5. Let Fq be a finite field and X (resp. l/J) a multiplicative (resp. an additive) non-trivial character of F q . Under the conditions of Theorem 5.26 show that: (a) Equationsy' = f(x) and zq -z = g(x) define an absolute affine curve; (b) if
T,,(j,g) = L
x"(j(x))l/J,, (g(x)),
XEFqv
then
IT,,(j,g) I ::; (m +n _1)q"j2.
6.6. Let Fq be a finite field of characteristic p > 2, and f(x) a non-zero polynomial in Fq[xJ. Prove that all solutions x E Fq of the equation !L.!
I ±f
2
(x) = 0
are at least double roots of the polynomial
R(x) = 2f(x)(1 ±f7! (x)) +J'(x)(x q -x).
Counting Points on Curves over Finite Fields
171
Deduce that the number Nq of Fq-rational points on the curve X: y2 = x 3 + ax + b, where a,b E F q , satisfies
q+3 INq -ql:s -2-'
(Hint: Check that the derivative R' (x) of R(x) has the form
R'(x)
=f'(x)(l ±fi::! (x)) +f" (x) (x q -x); q
then compare the number of roots ofthe polynomial R(x) with its degree.) 6.7. Let Fq be a finite field of characteristic p > 2, andf(x) = ax 2 + bx + c E Fq [xl a polynomial of degree 2 with the non-zero discriminant D(J) = b2 - 4ac. Prove that the number Nq of Fq-rational points on the curve y2 = f(x) is N q =q-
(~).
6.8. Let X be the Klein quartic defined over F2 by
x 3y+y3 z + z 3x = O. Show that the zeta-function Z (X, t) of X has the form
1 +5t+8t6 Z(X,t) = (l-t)(1-2t) and then deduce that the number N2v of Fq-rational points of X is given by ifv~O mod(3) ifv:=O mod(3) ,
where integers S3n are defined by the recurrence relation S3(n+2)
with initial values So
+ 53(n+l) + 8S3n =
0
= 6 and S3 = -15.
6.9. Let Jx be the Jacobian of the Klein quartic X over F2, and h2v the number of F2v-rational points of Jx. Show that h2v =
23v + 1- ~S3V
if v ;j: 0 mod(3)
and h2v=(h2v/3)3
ifv:=O mod(3),
where S3v are integers defined by the recurrence relation: S3(v+2)
+ 5s3(v+l) + 8S3v = 0
with initial values So = 6 and S3 = -15.
172
Chapter 6
6.10. Let X be the Hermite curve defined over Fq2 by
x q+! +yq+! +zq+! =
o.
Show that: (a) thecurveXhasgenusq(q-I)/2; (b) the number of Fq-rational points of X is q3 + I.
(Hint: Use the Plucker genus fonnula.) 6.11. Let X be the hyperelliptic curve defined over F2 by
i+y=x 5 + 1. Show that: (a) X has genus 2; (b) the zeta-function Z(X,t) of X has the fonn
Z(X )= (1+2t-2t2)(1+2t+2t2). ,t (l-t)(1-2t) ' (c) the number N2v of FqV -rational points of X is given by if v #4n ifv=4n 6.12. Let p > 2 be a prime and I t= 0 mod (P) be an integer. For p Jakobsthal sum S(/)= (x3+ 1X ) x=! p is zero. For p = 4k + 1, prove that:
f:
(a) S(l) is an even number; (b) S(/z2) = (c) if
(~) S(/);
G) = 1 and (~) = -1, then
GS(l)r + Gs(m)r (d) IS(l) I ~ 2y1J; (e) the equation is solvable in integers x andy.
=p;
= 4k + 3, prove that the
Part III
Elliptic and Modular Curves The aim of this part is to give an introduction to the theory of modular curves insofar as they apply to the construction of geometric Goppa codes on modular curves. For reasons of space our treatment will be rather brief. In fact we shall try to emphasize those aspects of the theory which are of a classical nature and are easy to comprehend with a minimum knowledge of algebraic geometry. As our program is to make available a formula for counting the number of rational points on a modular curve over a finite field, we shall first develop some notions leading up to Igusa's description of a model of modular curve Xo(N) defined over the integers Z with a good reduction modulo every prime p which does not divide the level N. Then we recall the basic results of Eichler and Shimura relating the trace ofthe Hecke operators to the trace ofFrobenius acting on the I-primary part of the torsion points of the Jacobian variety of Xo(N). Finally we will give the formula of Eichler and Selberg for the trace of the Hecke operators.
173
Chapter 7
Elliptic Curves The theory of elliptic curves (curves of genus I having a specified basepoint xo) is varied and rich, and provides a good example of the profound connections between abstract algebraic geometry, complex analysis, and number theory. The most important property is that any elliptic curve is an abelian variety. A moduli space is, roughly speaking, a variety whose points classify the isomorphism classes of some kind of object, e.g., algebraic curves of a certain type. The modular curves we shall be concerned with are moduli spaces of elliptic curves.
7.1.
THE GROUP LAW
In Section 4.4 we have stated that there is a bijection between an elliptic curve E over an algebraically closed field k and Pico(E) given by x f-7 (x -xo) for some Xo E E. Since Pico(E) is a group, E is also a group whose zero element is Xo (see also Proposition 9.1 below). Let us describe the group law by geometric means. To do this we consider the map : E f-7 jp>2 which is defined by the complete linear system 13 ,xol (note that 1(3 . xo) = 3 by the Riemann-Roch theorem). Then we obtain the following result: Proposition 7.1. The map is an embedding ofE into jp>2.
Therefore any elliptic curve is isomorphic to a plane cubic. Conversely, from the Plucker genus formula we deduce that every smooth irreducible plane cubic is an elliptic curve. Later on we shall assume E to be a plane cubic. 175
176
Chapter 7
Let XI ,X2 and x~ be points of E. The condition XI + X2 + x~ = 0 (where + is the composition law on E) can be written as XI + X2 + x~ '" 3 . Xo. Since 3 . Xo is a line section divisor (i.e., it is a form (L), L being a linear form) it means that Xl ,X2 and x~ belong to a line I (with the equation L = 0). If Xl = X2 it means that I is a tangent of E at Xl , and if Xl = X2 = x~ it means that Xl is a flex point of E.
The Coordinate Expression Now we express the composition law Xl +X2 = X3 on E in a coordinate form. In fact, we show that coordinates of the point X3 are rational functions in coordinates of the points Xl and X2. To derive this result we find at first a suitable polynomial equation which defines the curve E. Let
uEL(2·xo)\k,
v E L(3 ·xo) \L(2 ·xo).
Then the functions I, u, v, u2, uv, v 2 and u3 lie in L (6 . xo). It follows from the Riemann-Roch theorem that l(n ·xo) = n for any n 2: I, hence these functions are linearly dependent over k, so
Since only v 2 and u 3 have a pole of order 6 at xo, their coefficients in this linear relation do not vanish. Multiplying u and v by appropriate non-zero elements of k we can assume that the relation has the form (7.1)
with ai E k. Thus we obtain the Weierstrass equation for an elliptic curve E. Assume for simplicity that chark =1= 2 (similar results are also true for chark = 2). Making the substitution v t--+ v+ (alu +a2)/2 we obtain v 2 = (u -a)(u -b )(u -c) for some a,b,c E k. Now we substitute u t--+ (u - a)/(b -a). As a result we arrive at the equation (7.2) A Ek. v 2 = u(u - I)(u - A), This is the Weierstrass equation in Legendre form. The element A is called the
Legendre modulus of E. In homogeneous coordinates, the equation (7.2) can be written as
wv 2 = u(u - w)(u - Aw).
v5
Now we take Xo as the point Xo = (0 : I : 0) and let = a(a - I)(a - A). The line u = aw intersects E at points xo, X = (a : Vo : I), x' = (a : -vo : I), where the points X and x' are opposite to each other (i.e., X = -x'). Now we are able to describe the composition law in geometric terms and write out explicit formulas
Elliptic Curves
177 v
u
Figure 7.1.
for coordinates of the point X3. If Xl = (UI : vI : 1) and X2 = (U2 : V2 : 1), then = XI + X2 can be obtained as follows: let x~ = (u~ : v~ : 1) be the third point of intersection of the line through XI and X2 with E, then X3 = Xl +X2 is the reflection of x~ (see Fig. 7.1). It is easy to see that
X3
(7.3)
It follows from (7.3) that the composition map u : E x E -+ E, U(XI,X2) = is a morphism (the relations (7.3) are valid only for UI ::I U2, but it is not difficult to write out similar relations for UI = U2; in the case UI = U2 and Xl ::I X2 we have VI + V2 = 0, XI = -X2). Clearly the map X r--t -x is also a morphism. Hence E is an abelian variety which can be identified with its Jacobian. Usually the abelian variety E is denoted by E(k) to stress its dependence on k.
XI +X2
Theorem 7.2. The group E(k) is divisible, i.e.Jor any positive integer N and any E E(k) there exists Xl E E(k) such that N 'XI = X in the group E(k).
X
Proof: Since X = Xo and Xl = Xo for w = 0, the case x = (u : v : 0) is trivial, and we can assume that X = (u : v : 1). Let Xl = (u l : VI : 1), (u l , VI) being unknown coordinates of Xl. The group law means that it is possible to express u and v in u l
178
Chapter 7
and v'. We obtain two equations FN{U', v') = 0 and GN{U',V') = 0, whereFN and GN are polynomials whose coefficients depend on u, v and A. One can show that • since k is algebraically closed this system has a solution.
Automorphisms An isomorphism cp : X -+ X of a curve X onto itself is called an automorphism. The group of automorphisms of X is denoted Aut{X) or Autk (X). If X = pi then Aut{X) = PGL2{k) = GL2{k)/1*, 1* being the center of GL2{k) consisting of matrices of the form
(~ ~),
a E k*.
Since E is an abelian variety we have:
Theorem 7.3. For each fixed x' E E the map x
I-t x
+ x' is an automorphism ofE
(as of an algebraic variety).
Corollary 7.4. The group Aut{E) operates on E transitively. We see that Aut{E) contains E as subgroup. This subgroup is normal in Aut{E) and for p = chark =1= 2,3 the factor group G = Aut{E)/E is a finite group of order 2,4 or 6. For p = 3 the order of G is a divisor of 12 and for p = 2 it is a divisor of 24. Therefore for g{X) = 1, the group ofautomorphisms Aut{X) ofa curve X defined over an algebraically closed field k is infinite. On the other hand for g = g{X) ~ 2 we have:
Theorem 7.5. If g ~ 2 then Aut{X) is finite. JAut{X)J ::; 84{g-I).
Moreover, if chark = 0 then
Proof: See Hartshorne [73, p. 305]. 7.2.
•
THEJ-INVARIANT
Our first topic is to define thej-invariant of an elliptic curve, and to show that it classifies curves up to isomorphism. Since j can be any element of the ground field k, this will show that the affine line Al is a variety of moduli for elliptic curves over k. Let us assume that chark =1= 2. Note that the value Afrom (7.2) can be different for isomorphic elliptic curves. In particular, the equations of the form (7.2) with A and A' = 1/A define isomorphic curves. Let us set .. 8{.\2-'\+1)3 )=)(E)=2 .\2(,\-1)2
(7.4)
Elliptic Curves
179
This value is called thej-invariant (or the absolute invariant) of E. Note that the coefficient 28 is introduced to make sure that thej-invariant has integer coefficients being expanded into a power series in some natural variable t (see Section 8.2 below). Our main result then is the following: Theorem 7.6. Let k be an algebraically closed field ofcharacteristic #- 2. Then: (i) the valuej =j(A)
(ii)
=j(E) depends only on the isomorphism class ofE; two elliptic curves E and E' are isomorphic if and only ifj(E) = j(E');
(iii) every element ofk occurs as thej-invariant of some elliptic curve E over k.
Thus we have a one-to-one correspondence between the set ofisomorphism classes ofelliptic curves over k and the elements of k = A I , given by E t-+ j (E).
Proof:
(i) Note that j(A) = j(A') for every A' E A = {A, l/A, 1 - A, 1 - 1/(1A),A/(A-l),(A-l)/A}, which can be checked directly. If we write an equation of E in the form (7.2) then the projectionf(u, v) = u defines a morphismf : E ---+ pI of degree 2 with four ramification points 0, 1, A and 00. Let v 2 = u(u - l)(u - A') be another equation of E. The corresponding morphism f' : E ---+ pI of degree 2 has ramification points 0, 1, A' and 00. Let x,x' E E be such that f(x) = A andf'(x') = A'. By Corollary 7.4 there exists U E Aut(E) with u(x) = x'. Sincef andf' are defined by the linear systems 12 ,xl and 12 ·x'l, respectively, the morphismsf andf' . u are defined by the same linear system and thus differ by an automorphism of pl. Such an automorphism (being an element ofPLG2(k)) sends the tuple (0, I,A,oo) to the tuple (O,I,A',oo) if and only if A' E A which proves (i). (ii) Let E, E' be elliptic curves, and A, A' their Legendre moduli. Letj(A) = j(A'). Considering A' as a variable and A as a parameter, we obtain an equation of degree 6 in A', vanishing on A. Therefore it has no other roots and hence E and E' are isomorphic. (iii) Letj E k and let A be a root of the equation
Then (7.2) defines an elliptic curve E withj(E) = j.
•
180
Chapter 7
For chark i= 2,3 another form of the equation of an elliptic curve E is quite useful. Making the substitution U H U - (A + 1)/3 in (7.2) we get an equation of the form (7.5) Usually one makes the substitution v H 4v, U H 4u in (7.5) and writes the equation in the form (7.6) v 2 =4u 3 -g2 u -g3, which is called Weierstrass normal form of E. It is easy to check that
j(E) = 1728
3 3 g2 ~. g2 -27 3
Theorem 7.6 also remains valid for chark = 2. We give no proof in this case and only define the absolute invariantj(E). Making the substitution U H U + a in (7.1) we get (7.7) V 2 +CIUV +C3V = u 3 +C4U +C6.
Thenj(E)
7.3.
= cF /a, where
ISOGENIES
As we have seen above, over an algebraically closed field k the isomorphism classes of elliptic curves are in one-to-one correspondence with the points of the affine line AJ with coordinate j. We say that Al is the moduli space of elliptic curves over k (for a precise definition of the notion of moduli space see Katz and Mazur [94]). Note thatj does not suffice to specify an elliptic curve E if k is not algebraically closed due to the fact that an elliptic curve (as an algebraic group) can have a non-trivial automorphism group. Denote this group by Auto(E). To get more moduli spaces we consider pairs (E,GN), where E is an elliptic curve and GN is a cyclic subgroup of order N in E. Let us first look at the possibilities for these cyclic subgroups. Let E be an elliptic curve. Let EN be the kernel of multiplication by N. The set EN consists ofpoints oforder N (or N-torsion points) with respect to the group law on E. If N is the product N = N' Nil of two relatively prime integers then EN = EN' X EN". Now letp be a prime. Then the morphism [P] : E -+ E which is multiplication by p has degree p2. If P i= char k then Ep consists of p2 points and is isomorphic (as a group) to Z/pZ x Z/pZ. Ifp = chark then multiplication by p is an inseparable morphism. There are two possibilities: either the degree of inseparability is p and Ep consists of p points and is isomorphic to Z/pZ, or the
Elliptic Curves
181
degree of inseparability is p2 and Ep consists of one point. In the former case we say that E is ordinary, in the latter case that E is a supersingular elliptic curve. Let f : E -t E' be a non-constant map of elliptic curves, let Xo be the zero element of the group law on E and let Xo = f(xo) be the zero element of the group law in E'. Then f defines a morphism of abelian varieties. We call such an f an isogeny. Since E and E' are curves we can speak about its degree, and since E ~ J E, any isogenyf: E -t E' gives rise to the dualisogenyf* : E' =JE, -tJE = E. Iff: E -t E' is an isogeny of degree N andNE : E -t E is the morphism of multiplication by N, than Kerf ~ KerNE, andNE : E
L, E' ~ E.
Proposition 7.7. Let f : E -t E' be an isogeny of degree N. Then degf* = N, f f* = NE" andj* f = NE. In the case of complex elliptic curves this result will be proved in Section 7.5 (for the general case, see Silverman [177, III, §6]). Corollary 7.S. The degree ofNE is equal to N 2 • Now we describe Epv for p = char k and v 2: 1. To begin with, we assume that v = 1. Let E(P) be the elliptic curve obtained from E by raising the coefficients to the pth power, let f = /P : E -t E(P) be the Frobenius morphism given by (u,v) t-+ (uP,vP), andf* : E(P) -t E be its dual morphism. Then by Proposition 7.7 we havef f* = f* f = PE and sincef is a purely inseparable morphism,PE is not separable. Iff* is a separable morphism then E is ordinary, and ifj* is not separable then E is a supersingular elliptic curve. Note that for supersingular E we havej* = f, sincef is the only purely inseparable morphism of degree p. Proposition 7.9. The kernel of the multiplication by pV on E(k) is trivial for a supersingular E and is isomorphic to 'LjpV 'Lfor an ordinary elliptic curve E. Proof: From the above argument it follows that the proposition holds for v = 1. For any v > 1 it can be easily deduced by induction on v. •
Supersingular Elliptic Curves Given p there exists only a finite number of non-isomorphic supersingular curves in characteristic p > 0. Their moduli can be found out. Theorem 7.10. Let p = chark > 2 and let E be the curve defined by v 2 = u(u1) (u - ,.\). Then E is supersingular if and only if
±(~)2,.\;
;=\
I
=0,
(7.8)
182
Chapter 7
where s = (p - 1)/2. Infact, there are exactly lP/12 J+ l>p supersingular elliptic curves E (up to isomorphism) over k, where l>3 = 1, and for p :::=: 5,
l>p
= 0, I, 1,2 if
p
== 1,5,7,11 mod(12)
Proof: See Hartshorne [73, p. 333], Husemoller [81, Ch. 13, §4], or Silverman [177, V, §4] • Therefore all supersingular values of the modulus A and ofthej-invariant lie in a finite field. Moreover, one has the following fact: Proposition 7.11. Let p = chark ofj-invariants. Thenj E Fp 2. Proof:
> 2,
and letj
= j(E) be a supersingular value
We see from Theorem 7.10 thatj E Fp , hence it is sufficient to show that
jP2 = j. For supersingular curve E we have f =f* and since PE : E 4 E (P) C E where is purely inseparable isogeny of degree p2, we conclude that PE = E -+ E(p2) is the Frobenius morphism. Hence E ~ E(P2), andj(E) = jp2 (E). •
fi,
Note that for p = 2 there exits only one supersingular curve E (withj(E) which can be given by v 2 + V = u3 .
fi :
= 0)
Homomorphisms
Let E and E' be elliptic curves. The set of algebraic group morphisms f : E -+ E' (i.e., ofmorphisms which are group homomorphisms) is denoted by Hom(E,E'). If E = E' it is denoted by End(E). Note that Hom(E,E') is an abelian group since we can add its elements: if + g)(x) =f(x) + g(x). Moreover, End(E) is a ring: multiplication is the composition of morphisms. It is clear that Hom(E, E') has no torsion since the condition N f = 0 implies thatf(E) is contained in the finite set EN and hence is trivial. Studying the behavior of morphism at torsion points of E one can prove the following proposition: Proposition 7.12. The rankofHom(E,E') equals 0, 1,2,3 or 4. !fit is equal to 4 then E and E' are supersingular. Proof:
See Lang [108, Ch. 13, §I and §2].
•
If Hom(E,E') 1= 0 then we call the curves E and E' isogenous. Note that if E and E' are isogenous then Hom(E ,E') ® Q = End(E) ® Q, which follows from Proposition 7.7. Note that End(E) is embedded in Endo(E) = End(E) ® Q since End(E) and Endo(E) have no torsion. Moreover from Proposition 7.7 it follows that Endo(E) is a division algebra.
Elliptic Curves
183
Theorem 7.13. These are the following possibilities for the division algebra Endo(E): (i) Endo(E) = Q;
(ii) Endo(E) is an imaginary quadratic field; (iii) Endo(E) is a quaternion algebra over Q which is ramified at p and at 00; this is the case ifp = char k > 0 and E is a supersingular curve over k.
Proof: See Lang [108, Ch. 13, §I and §2], or Husemoller [81, Ch. 12, §4] and [81, Ch. 13, §6]. • Therefore End(E) is a free Z-module generating Endo(E) over Q. In other words End(E) is an order in the division algebra Endo(E). Theorem 7.14. These are the following possibilities for the order End(E): (i) End(E) = Z;
(ii) End(E) = Z+m(9k, where mE Z, m:j. 0 mod(p), (9k being the maximal order in the imaginary quadratic field k = Endo (E) (in this case m is called the conductor ofEnd(E)); (iii) End(E) is a maximal order in the quaternion algebra Endo(E).
Proof: See Lang [108, Ch. 13, §I and §2], or Silverman [177, III, §9].
•
Automorphisms Theorem 7.14 makes it possible to determine the group Auto (E) of automorphisms of an elliptic curve E as an algebraic group (i.e., of those preserving the initial point xo) which is isomorphic to the group End' (E) of units ofEnd(E). Theorem 7.15. Let E be an elliptic curve over k. Then (i) ifj(E)
=F 0 or 1728 then Auto(E) = {±I};
(ii) for p = chark =F 2,3 one has: ifj(E) 1728 then Auto(E) = U4, where Un group of order n; (iii) ifp
= 0 then Auto(E) = U6, and ifj(E) = = g E C* I~n = I} is the cyclotomic
= 2 andj(E) = 0 = 1728 then Auto(E) = SL2(F3) is of order 24;
(iv) if p = 3 and j(E) = 0 = 1728 then Auto(E) is the semi-direct product of 7l/371 by 7l/4Z of order 12.
Chapter 7
184
Proof: See Hartshorne [73, p. 321], Lang [l08, Appendix 1] or Exercise 7.1. • Note that Theorem 7.15 also gives a description of Aut(E) since the group Aut(E) of automorphisms of the curve E is a semi-direct product of E(k) by Auto (E). One has the following "mass-formula" of Eichler and Deuring (see Husemoller [81, Ch. 13, §4)): LIAut(E)1
-I
=
p-l
24'
where the sum is taken over the set of isomorphism classes of supersingular curves in characteristic p > o.
7.4.
ELLIPTIC CURVES OVER FINITE FIELDS
The theory of elliptic curves outlined above concerns the case of algebraically closed ground field, while we are mainly interested in elliptic curves over a finite field k = Fq with q = pI! elements. To study this case one should make some changes in the theory. The definition of an elliptic curve over a finite field is the same as in the case of an algebraically closed field, except that we need to check that an elliptic curve has at least one Fq-rational point. This follows from Theorem 6.1, since IE(Fq)l2: q + 1-2y'q = (y'q _1)2> 0 and hence IE(Fq)l2: 1. Letxo E E(Fq). Ifwe consider Xo as the zero element, we obtain a group structure on the finite set E(Fq). Moreover, using the RiemannRoch theorem which is valid over an arbitrary ground field, we can write down an equation of E in the form
v 2 +aluv+a3v = u 3 +a2u2 +a6· We have seen above that for an algebraically closed ground field, the j-invariant classifies isomorphism classes of elliptic curves. This is not the case over a finite field (nor for the most part over non-closed fields). From Theorem 7.15 one can deduce:
Proposition 7.16. Letj(E) = j(E'). Then E and E' are isomorphic over afinite extension K o/the groundfield k such that [K : k] divides 24. More preCisely, we have: (i) Ifp
= char k i= 2,3 then
(ii) Ifj(E)
i= 0 or 1728 then
[K : k] divides 4 or 6. [K : k]
= 1 or 2.
Note also that there exist elliptic curves E and E' over Fq such thatj(E) j(E') E Fq and HomFq (E ,E') = 0, i.e., E and E' are not isogenous over Fq.
=
Elliptic Curves
185
Theorem 7.17. Let E and E' be elliptic curves over a finite field F q. Then E is isogenous to E' iJand only iJIE(Fq) I = IE'(Fq)l.
Endomorphisms Elliptic curves over finite fields have an abundant set of endomorphisms. To be more precise, let EndFq (E) be the subring of End(E) which is formed by morphisms defined over F q . Proposition 7.1S. EndFq (E) :j:. Z Proof: We prove this proposition for ordinary curves and supersingular curves E withj(E) E Fp. Indeed, let q = pV and letfV : E --+ Eq be the v-power of the Frobenius morphismf = /po Since E is defined over F q , Eq = E and hence JV E EndFq (E). If E is an ordinary curve thenJV .;. Z, since no NEZ is purely inseparable. If E is defined over Fp then v = 1 andf .;. Z since its degree equals p (the degree of NEZ equals N 2 ). For supersingular curves E withj(E) .;. Fp one needs a slightly more elaborate argument. •
Therefore EndFq (E) contains an order in an imaginary quadratic field.
The Structure of E(Fq) It is possible to describe all the possible types of the groups E(Fq) of Fq-rational points of the elliptic curves E defined over Fq • We begin with a description of their order (note that E (Fq) ~ EN ':::::. Z/ NZ x Z/NZ, where N = IE (Fq) I). By Theorem 5.14, the zeta-function Z (E, t) of an elliptic curve E over Fq is of the form 1+ut+qt 2 Z(E,t) = (l-t)(l-qt)'
where u E Z and IE(Fq)1 = q+ 1 +U. Theorem 7.19. The set ofisogeny classes ofelliptic curves over Fq is in a natural bijection with the set of integers u satisfYing lui::; 2.;q and one of the following conditions holds (p = charFq): (i) (q,u)
= 1;
(ii) q is a square and u = (iii) q is a square, p
±2.;q;
ct 1 mod (3), and u = ±.;q;
(iv) q is not a square, p = 2 or 3, and u (v) q is not a square and u = 0;
= ±Vfiij;
186
Chapter 7
(vi) q is a square, p =ft 1 mod (4), and u =
o.
Moreover, IE(Fq)1 = q + 1 + u for any curve E from the isogeny class which corresponds to u.
Proof: See Waterhouse [222]. Now we can give a description of all possible types of groups E(Fq).
•
Theorem 7.20. A group GN of order N = q + 1 + u is isomorphic to E (Fq ) for some elliptic curve E over Fq if and only if one of the following conditions holds (p = charFq): (i) (q, u)
= 1, lui '5:. 2,jq and GN:::::' 'lLII'lL x 'lLlm'lL, where mil andm I (u - 2);
(ii) q is a square, u (iii) q is a square, p
= ±2,jq, and GN:::::' 'lLII'lL x 'lLII'lL,
where 1= ,jq ± 1;
=ft 1 mod(3), u = ±,jq, and GN is cyclic;
(iv) q is not a square, p
= 2 or 3, u = ±y1Hi, and GN is cyclic;
(v) q is not a square and p =ft 3 mod(4), or q is a square and p =ft 1 mod (4), u = 0, and GN is cyclic; (vi) q is not a square, p == 3 mod(4), u = 0, and GN is either cyclic or GN :::::. 'lLlm'lL x 'lL12'lL, where m = (q+ 1)/2.
Proof: See Schoof [161], Tsfasman [205] or Voloch [218].
7.5.
•
ELLIPTIC FUNCTIONS
It is difficult to discuss elliptic curves without bringing in the theory of elliptic
functions of a complex variable. This classical topic from complex analysis gives an insight into the theory of elliptic curves over C which cannot be matched by purely algebraic techniques. Let A be a lattice in C, i.e., a free subgroup in C of rank 2 which generates Cover lR. Therefore if A = 'lL. WI + 'lL. CO2 then T = WI I CO2 .;. lR. Without loss of generality we can assume that 1m T > 0 and that A = 'lL. T + 'lL. An elliptic function with the period lattice A is a meromorphic functionf(z) of the complex variable z such thatf(z + w) = f(z) for all W E A. Because of the periodicity, an elliptic function is determined if one knows its values on a single period parallelogram such as
{a· T+ J3la,J3 E JR., 0'5:. a,J3 < I}.
Elliptic Curves
187
An example of an elliptic function is the Weierstrass p-function defined by
I
p(z) = 2" + Z
L
wEA\{O}
(I (z-w )2 - I ) 2
W
.
One shows that this series converges at all Z (j. A, thus giving a meromorphic function having a double pole at the points of A, and which is elliptic. Its derivative p/(Z) = -2
L (z-1)3
wEA
W
is another elliptic function. If one adds, subtracts, multiplies, or divides two elliptic functions with period lattice A, one gets another such function. Hence the elliptic functions for a given A form a field. Theorem 7.21. Thefield ofelliptic functions for given lattice A is generated over
C by the Weierstrass p-function and its derivative p'. They satisfy the algebraic relation where
Proof: See Lang [108, pp. 8-11], Husemoller [81, Ch. 9, §4], or Exercise 7.11.. Thus if we define a map cp : C -t JPl2 (q by sending Z H (p (z) , p' (z )) in affine coordinates, we obtain a holomorphic map whose image lies inside the curve E with the equation v 2 = 4u 3 - g2 U - g3· In fact, cp induces a bijection between Cj A and E, and E is non-singular, and hence is an elliptic curve. Under this map the field of elliptic functions is identified with the function field on the curve E. Thus for any elliptic function, we can speak of its divisor L aj . Zj with Zj E Cj A. Theorem 7.22. Given distinct points Z\, ... ,Zm E Cj A, and given integers a\ , ... ,am, a necessary and sufficient condition that there exists an elliptic function f with divisor (f) = L aj . Zj is that L aj = 0 and L aj . Zj = 0 in the group Cj A Proof: See Lang [108, pp.
~7].
•
In particular, this says that Z\ +Z2 == Z3 mod(A) if and only if there is an elliptic function with zeroes at Z\ and Z2, and poles at Z3 and O. Since this function is a rational function on the curve E, this says that cp(zJ) + CP(Z2) rv CP(Z3) + cp(O) as divisors on E. Ifwe let Xo = cp(O), which is the point at infinity on the v-axis,
Chapter 7
188
and give E the group structure with origin xo, this says that rp(Z\) + rp(Z2) = rp(Z3) in the group structure on E. In other words, rp gives a group isomorphism between C/ A under addition, and E with the above-mentioned group law.
Theorem 7.23. Given g2,g3 E C, with.l = ~ - 27~ =1= 0, there exists an T rt ~ such that the lattice A( T, 1) gives g2, g3 by formulas g2 = 60
L
4
and g3 = 140
wEA\{O} W
L
T
E C.
6".
WEA\{O} W
•
Proof: See Lang [108, p. 39].
This shows that every elliptic curve over C arises in this way. Indeed, if E is any elliptic curve, we can embed E in JID2 to have an equation of the form v 2 = u (u - 1) (u - '\), with ,\ =1= 0, 1. By a linear change of variable in u, one can bring this into the form v 2 = 4u 3 - g2u - g3, with g2 = (W/3)(,\2 -,\ + 1) and g3 = (1/27)(,\ + 1)(2,\2 - 5,\ + 2). Then.l = ,\2(,\ - 1)2 =1= O. Another way to see this is to observe that an elliptic curve over C is a compact complex Lie group of dimension 1, and is therefore a torus of the form C/ A for some lattice A. Next we define J( T) = ~/.l. Then the j-invariant of E which we defined earlier is just j = 1728J (T). Thus J ( T) classifies the curves E up to isomorphism.
Theorem 7.24. Let T, T' be two complex numbers. Then J( T) if there are integers a,b,c,d E Z with ad - bc = ±1 and
,
= J( T') if and only
aT+b cT+d
T=--.
Furthermore, for any given T', there is a unique T with J ( T) = J (T') such that T lies in the region F (fundamental domain) defined by -1/2:::; ReT
< 1/2
and
if ReT :::; 0 if ReT > 0 Proof: See Lang [108, p. 39]. Now we deduce some consequences from this theory.
•
Theorem 7.25. Let E be an elliptic curve over C. Then as an abstract group, E is isomorphic to IR/Z x IRjZ. In particular, for any N ~ 1, the subgroup ofpoints of order N is isomorphic to Z/NZ x Z/NZ.
Elliptic Curves
189
Proof: We have seen that E is isomorphic as a group to C/ A, which in turn is isomorphic to R/Z x R/Z. The points of order N are represented by NT+ ~ with a, b = 0, 1, ... ,N - 1. The points, whose coordinates are not rational combinations of I and T, are of infinite order. • This theorem implies Proposition 7.7 for complex elliptic curves.
Corollary 7.26. The morphism of multiplication by N, NE : E morphism ofdegree N 2.
-7
E is a finite
Proof: Since it is separable and a group homomorphism, its degree is the order of the kernel, which is N2. • Now we investigate the ring of endomorphisms End{E) of the elliptic curve E determined by the elliptic functions with periods 1 and T.
Proposition 7.27. There is a one-to-one correspondence between endomorphisms f E End(E) and complex numbers a E C such that aA ~ A This correspondence gives an injective ring homomorphism ofEnd{E) to C Proof: Sincef E End{E) is a group homomorphism, under the identification of E with C/ A it gives a group homomorphismf' : C -7 C, such thatf' (A) ~ A On the other hand, sincef is a morphism, the induced mapf' : C -7 C is holomorphic. Now expandingf' as a power series in a neighborhood of the origin, and expressing the fact thatf'(z+u) = f'{z) +f'(u) for any u andz there, we see thatf' must be multiplication by some complex number a. Conversely, given a E C, such that aA ~ A, the multiplication by a induces a group homomorphism f: C/ A -7 C/ A. The map f is holomorphic, hence it is in fact a morphism of E to itself. It is clear under this correspondence that the ring operations of End(E) correspond to addition and multiplication of the corresponding complex numbers a. • Let E be an elliptic curve over C. We say that it has complex multiplication if the ring End(E) is strictly larger than Z. Theorem 7.28. If E has complex multiplication, then T E Q(~) for some square-free integer d :2: 1, and in that case, End(E) is a subring (# Z) of the ring of integers Zk of the field k = Q( ~). Conversely, ifT = r +s~, with r, SEQ then E has complex multiplication, and in fact End(E) = {a +bT la,b E Z
and 2rb E Z,b(r2 +ds 2) E Z}.
Proof: For given T we can determine End(E) as the set of all a E C such that aA ~ A. A necessary and sufficient condition for aA ~ A is that there exist integers a,b,l,m such that
a
= a+bT
and
aT
= I +mT.
190
Chapter 7
If a E lR, then a E Z, and we see that End(E) nlR = Z. On the other hand, if E has complex multiplication, then there is an a f/. Z, and in this case, b i- O. Eliminating a from these equations, we find that
bT 2 +(a-m)T-I=0, which shows that T lies in a quadratic extension of Q. Since T f/. lR,. it must be an imaginary extension, so T E Q( vi -d) for some square-free d E Z, d 2: 1. Eliminating T from the same equations, we find that
a 2 - (a - m)a + (am - bl)
= 0,
which shows that a is integral over Z. Therefore End(E) must be a subring of the ring of integers of the field k = Q( ~). Conversely, suppose T = r +s~ with r,S E Q. Then we can determine End(E) as the set of all a = a + br, with a,b E Z, such that aT E A. Since aT = aT+bT 2, we must have bT2 E A. Now T2
which can be written T2
= r2 -
ds 2 + 2rsN,
= -(r 2 +ds 2)+2rT.
So in order to havebT 2 E Awe must have 2br E Zandb(r 2 +ds 2) E Z. Theseconditions are necessary and sufficient so we get the required expression for End(E). In particular, End(E) is strictly larger than Z, so E has complex multiplication. •
Corollary 7.29. There are only countably many values ofj E C for which the corresponding elliptic curve E has complex multiplication. Proof: Indeed, there are only countably many elements of all quadratic extensions
•
~Q
For a more detailed treatment of the deep theory of elliptic curves we refer the reader to Silverman and Tate [178], Husem611er [81], Koblitz [96], Lang [108] and Silverman [177].
EXERCISES 7.l. Let the elliptic curve E be embedded in nn2 so as to have the equation v 2 = u(u1) (u - A). Show that any automorphism of E leaving Xo = (0, 1, 0) fixed is induced by an automorphism ofjpZ coming from the automorphism of the affine (u, v)-plane given by
ul =au+b,
VI
=CV.
Describe these automorphisms of jpZ explicitly and prove Theorem 7.15 for p chark =I- 2.
=
Elliptic Curves
191
7.2. Let E be an elliptic curve in jp>2 given by an equation ofthe form
Show that the j-invariant is a rational function of the ai with coefficients in IQ. In particular, if the ai are all in some field ko C k, thenj E ko also. Furthermore, for every Dl E ko there exists an elliptic curve defined over ko, with thej-invariant equal to Dl. 7.3. Letf: E -+ E' be an isogeny of elliptic curves E and E' defined over an algebraically closed field k. Show that: (a)
f
is a group homomorphism of E(k) into E'(k);
(b) iff is non-zero isogeny then Kerf is a finite subgroup of E(k); (c) if G is a finite subgroup of E(k), there is a unique elliptic curve E' and a separable isogenyf : E -+ E' such that Kerf = G; (d) the isogeny is an equivalence relation; (e) for any elliptic curve E the set of elliptic curved E' isogenous to E, up to isomorphism, is countable. (Hint: E' is uniquely determined by E and Kerf.) 7.4. LetE be an elliptic curve over a field k ofcharacteristicp > 0 andletp YN. Show that EN ~ 'l./N'l. x 'l./N'l.. (Hint: Study the case of a prime N and then use induction on the number of divisors of N.) 7.5. Letf be an isogeny of elliptic curves E and E' of degree N = N'N", where N' and Nil are coprime. Show that there exist isogenies f' and f" such that f =f' .f" , degf' = N' and degf" = Nil. 7.6. Let E : v 2 + v
= u3 + u and E' : v 2 + v = u3 be elliptic curves over F2. Show that:
(a) j(E) = j(E') = 0;
(b) E and E' are not isomorphic over F2 and F22; (c) E and E' are not isomorphic over F24, but they are isomorphic over F28. 7.7. Let E : v 2 + v = u3 + u and E" : v 2 + v = u 3 + u + 1 be elliptic curves over F2. Show thatj(E) = j(E"). Compute IE (F2v )1 and IE"(F2v)1for all v 2: 1. Find the least field over which E and E" are isomorphic. 7.8. Find all elliptic curves over F3 up to isomorphism over F3. Show that there are four withj = 1 or -1 and four withj = O. Determine their groups of points over F32 and which ones are isomorphic over F32. 7.9. Show that the series
1
L
p(z)=2"+ z wEA\{O}
(1
(z-w)
1)
3-2" W
converges absolutely and uniformly on any compact C such that en A = 0.
Chapter 7
192
7.10. Show that the Weierstrass p-function is an elliptic function with the period lattice A which has a double pole at any w E A and no other poles. Show also that its derivative , ,,1 p (z) = -2 £.., ( wEA
z-w
)2
is an odd elliptic function with the period lattice A which has a pole of order 3 at any w E A and no other poles. 7.11. Prove Theorem 7.21. (Hint: Consider expansions p(z) and p'(z) into Laurent series at the origin.)
7.12. LetE be an elliptic curve over 1(:, defined by the elliptic functions with periods 1 and T. Let End(E) be the ring of endomorphisms of E. Show that: (a) iff E End(E) is a non-zero endomorphism corresponding to complex multiplication by a, then degf = lal 2 ; (b) iff E End(E) corresponds to a E I(: again then the dual endomorphismJ* corresponds to the complex conjugate a of a; (c) ifT E Q( A) happens to be integral over Z then End(E) = Z[T].
Chapter 8
Classical Modular Curves This chapter contains an analytical description of classical modular curves and introduces the Hecke theory of modular fonns which later on will be used for the study of arithmetical properties of modular curves of a special fonn.
8.1.
CONGRUENCE SUBGROUPS
Denote by H the Poincare upper half-plane of the complex plane C: H = {z E
q
Imz
> O}.
The modular group
operates naturally on H (on the left) via linear fractional transfonnations
_az+b () yz --d. cz+ The element -I = ( -
~
_ ~ ) operates trivially, so under the action of f( 1)
on H we can identify f( 1) with the factor group
193
194
Chapter 8
Every elliptic curve E over C corresponds to a complex torus C/ Az , with
Az = Zz + Z, z E H, and C/ Az , C/ Az ' are isomorphic if and only if there exists l' E f( 1) with z' = y(z). Under this action off( 1) on H, we can identify f( 1) \H
with isomorphism classes of elliptic curves over C. Such a space is called a moduli space for elliptic curves. From now on we are interested in moduli spaces of more general form, called modular curves, which are closely related to the existence of Q-rational points of finite order on elliptic curves. First we consider the following subgroups of f( 1). Given a positive integer N we put f(N) = {
(~ ~) E f(I) I (~ ~) == (~ ~)
fo(N)={(~ ~)Ef(I)I(~ ~)==(~ f1 (N) = {
(modN) },
:)(mOdN)},
(~ ~) E f(1) I (~ ~) == (~ ;)
(mod N) }.
The group f(N) is called the principal congruence subgroup of level N. Clearly feN) C f,(N) C fo(N) C f(I) for N > 1.
Proposition 8.1. There are natural group isomorphisms f(I)/f(N)":; SL2(Z/NZ) and fo(N)/f(N)":; {
(~ a~') E f(I)}.
In particular, f(N) is normal in f(I) and f1 (N) is a normal subgroup offo(N).
Corollary 8.2. For any integer N > 1, we have: (i) [f(I): f(N)] = N 3 ITp[N(I- p-2); (ii) [f(I): fo(N)]
= NITp[N(I + p-');
(iii) [f(I): fl(N)] =N2 ITp[N(I _p-2).
A subgroup f off( 1) is called a congruence subgroup (oflevel) N if it contains feN) for some N ~ 1.
Riemann Surface Suppose that f is equipped with a discrete topology while H has the usual complex topology. The space f\H is canonically equipped with a (non-compact) Riemann
Classical Modular Curves
195
surface structure. Indeed, let N 2: 3 and let rN = r n f(N). The group rN contains no elements of finite order and the action of r N on H is free, i.e., has no fixed points. Moreover, for every z E H there exists an open neighborhood Uz homeomorphic to its image U: c rN\H. Thus on rN\H there exists a unique Riemann surface structure such that homeomorphisms between Uz and U: are complex-analytical isomorphisms. Since r;.., = r IrN is a finite group, we define the Riemann surface r\H as a factor of rN\H over r;..,. Clearly, the Riemann surface structure on r\H does not depend on the choice of N.
Compactification An essential deficiency of the Riemann surface r\H is that it is not compact. A canonical compactification r\H* of the surface r\H is provided as follows. Consider the set WI (Q) = Qu {oo} consisting of rational numbers and the symbol 00 (or i . 00 in other notations). Each element r E WI (Q) can be written in the form r = lin, with l,n E Z, and for n = 0 we put r = 00.
The group f(l) acts naturally on WI (Q): ih=(
~ ~ ).then')l(r)=~;!~,
where ')1(00) = alc and ')I(r) = 00 if cr +d = O. Let r\H* = (r\H) u (r\WI (Q)). From Proposition 8.1 it follows that the factor set r\WI (Q) is finite. This set is called the set of cusps of the Riemann surface r\H* (or of the group f). Let us define a complex structure on r\H* such that its restriction to the open subset f\H coincides with the one defined above, complex-analytic neighborhoods of r E Q being open discs tangent to the line Irnz = 0 at r and neighborhoods of 00 being open half-planes of the form Imz > M. Theorem 8.3. The set r\H* with the above complex structure is a connected compact Riemann surface.
8.2. THE CURVESX(N), Xo(N) ANDXt(N)
r
If is an arbitrary congruence subgroup of f( 1), then there exists a unique (up to isomorphism) smooth projective curve Xr over C (see Springer [183]) such that Xr considered as a Riemann surface is isomorphic to r\H*, and the Riemann surface r\H is naturally isomorphic to the smooth affine curve Yr over Co We call Xr and Yr modular curves. If r is a congruence subgroup of level N, then the curvesXr and Yr are called modular curves oflevel N. We are mostly interested in curves corresponding to the groups r = f(N), r = ro(N) and r = r l (N), which are denoted by X(N), Y(N), Xo(N), Yo(N) and XI (N), YI (N), respectively.
196
Chapter 8
The group f(I)jf(N) ~ SL2(ZjNZ) acts on the curveX(N) (and on Y(N»
!)
(~
according to the usual formula: if
E f( 1) and
z is the image of
z E HUJPlI (Q) in X(N) , then az+b cz + d
'Y : z -+ (
)
.
Since feN) is normal in f(I), the action is well-defined. The subgroup fo(N) is not normal in rei). Nevertheless one has: Proposition 8.4.
IfN
= mn then the element Tm
1 (0 1)
= y'm
0
-m
E SL2(lR.)
lies in the normalizeroffo(N) in SL2(lR.) and defines an automorphism ofXo(N). Moreover Aut(Xo(N)):2 (Z/2Z)Uo(N), where U'o(N) is the number ofdivisors ofN.
Let i = R and p = (A - 1) /2. A well-known calculation based on the Hurwitz genus formula for the covering fo(N)\H* -+ f(I)\H*
gives (see Shimura [176, p. 23 and 25] or Miyake [127, §4.2]): Proposition 8.5. One has (i) ifN
~
3, the genus ofX(N) equals g(N) =
1+
(N - 6)N2 24
II (1 _~) ; P
piN
(ii) the genus ofXo(N) equals IL
go(N) = 1 + 12 -
V2
VJ
Jlco
'4 - 3 - 2'
where IL = [f(l) : fo(N)], Jlco = Lttln cp((d,N jd)) is the number of cusps of Xo(N), cp being the Euler phi-junction, and V2 being the number of non-fo(N)-equivalent points ofH which are f( 1)-equivalent to z = i: if41N otherwise.
Classical Modular Curves
197
Also, V:3 is the number ofnon-ro(N)-equivalent points ofIf, which is r(l)equivalent to p:
if91N otherwise (here (-;1) symbol); (iii) ifN
= (-;3) = 0 and (~) for p 2: 3 denotes the quadratic residue
2: 5, the genus ofXI (N) equals
The Taniyama-Weil Conjecture Some modular curves are actually elliptic curves themselves. For example, the curve Xo ( 11) has genus 1, and it has two cusps defined over Q, one of which can be used to make Xo( 11) into an elliptic curve. This curve has a lot of additional structure, due the fact that it is a modular curve, and it is possible to use that extra information to study the arithmetic ofXo(ll). It follows from Proposition 8.5 that the genus of Xo(N) grows with N, so there are only finitely many curves Xo(N) of any given genus. Moreover, we have the following result.
Proposition 8.6. For N 2: 72, the curve Xo(N) is not hyperelliptic. Let E / Q be an elliptic curve defined over the rational numbers. In many cases (in particular, if E /Q is an elliptic curve with complex multiplication), there is a surjective morphism Xo(N) -+ E defined over Q. If this happens, we say that E is parameterized at N by modular functions, or that E is a modular elliptic curve. Such elliptic curves have a very rich structure, which can be used to study their arithmetic properties.
Conjecture 8.7 (Taniyama-Weil). Every elliptiC curve defined over Q is a modular elliptic curve. For a stronger version ofthe Taniyama-Weil conjecture and its close connection with other conjectures for elliptic curves over Q, see Husemoller [81, Ch. 16, 17] and Silverman [177, Appendix C].
Automorphic Functions The elements of the function field onXr, or, in other terms, meromorphic functions on the Riemann surface r\H*, can be considered as functions on H invariant
198
Chapter 8
under r such that their only singularities are poles. These functions are called automorphic under r. If r = r(1), so that r\H* ~ pI (C), then the field of automorphic functions coincides with C(j), wherej = j(z) is thej-invariant of an elliptic curve Ez(C) = C/ Az associated with the lattice Az = Z'z+Z (see Lang [108, p. 63]). Every such function has a canonical Laurent series expansion in the neighborhood of infinity which is called a t-expansion. Since T =
(~ ~) E r( 1), for any J
E C(j) and
z E HwehaveJ(T(z)) =J(z+ 1) =J(z). Ifnowt(z) = e 27riz , thent(T(z)) = t(z), and we can take t = t(z) as a local parameter in a neighborhood of infinity. A local expansion with respect to t of the function J on r\H* is called the t-expansion ofJ: n=-m
The theory of elliptic function yields the following result (see Lang [108, p. 45]): Proposition 8.8. For the t-expansion oJj = j(z) we have
j(z) = t- I
(I + n~
c(n)tn+I) ,
c(n) being integers. Note thatj is normalized (multiplied by 1728) in order to satisfy the proposition. Now let r be a congruence subgroup such that r :::> r(N). Then TN
=
(~ ~) E r(N),
so that for any automorphic function J with respect to the subgroup r we have J(T N (z)) = J(z+N) = J(z). Therefore each suc4 function in a neighborhood of infinity has at-expansion of the form J(z) =
I
a(n)tn/N.
n=-m
Note that T E ro(N), and therefore the functions automorphic under r = ro(N) have expansions in integral powers of t. The field oj automorphic Junctions under To(N) has the following explicit description: Theorem 8.9. Thefield oJJunctions automorphic under ro(N) coincides with the field C(j(z),j(Nz)).
In particular the functionjN(z) = j(Nz) is invariant under ro(N). There exists the canonical involution of the field C(j,jN) which corresponds to to the element Tm E SL2(JR). This involutionpermutesj andjN.
Classical Modular Curves
199
The Modular Equation Since j(z) and j(Nz) are fo(N)-invariants they satisfy a relation of the fonn F(j(z),j(Nz)) = 0, F being a polynomial in two variables. Moreover, since all the coefficients of the t-expansions ofj(z) andj(Nz) are integers, one can choose F having coefficients in Z. The minimum relation of the fonn F (j, u) = 0 satisfied by j = j (z) and u = j (Nz) is called the modular equation. Let AN be the set of all matrices a =
(~ ~) with a, b, dE Z, a > O,d > 0,
ad = N, 0 ~ b ~ d, (a,b,d) = 1 and let a(z) = az;jh, /L(N) = [f(l) : fo(N)J. The basic properties of the modular equation can be summed up as follows: Theorem 8.10. Let
0 ifni = 0
and eli =
{ I 0
ifmi=-I mod(q) and (mi+ I)/q is not a gap at Pi otherwise .
Proposition 10.S. Let C*(Do,D) be the linear [n,k,d]q-code associated to the pair (Do,D). Ifn ~ degD ~ n+2g-2 then s
k ~ n - ~)mj - nj + Wi) degPj + g - 1 i=1
and
s
d ~ degD+ LeljdegPi -2g+2. i=1
Proof: See Tsfasman and Vladut [208, p. 281].
•
Subfield Restriction Let X(Fqv) be the set of all Fqv-rational points of a curve X of genus g defined over Fqv, let {XI, ... ,xn} £;;; X(Fqv ) be a subset of X(Fqv ) of cardinality n, and let Do = XI + ... +xn. Let D be an effective Fq-rational divisor on X. Suppose that 2g- 2 < degD < n, and consider an [n,n -degD+g-I,~ degD -2g+2]qvcode CO = CO(Do,D).
250
Chapter 10
Theorem 10.9. If D = qD' and D' = Iai . Yi, O:S ai :S q - 1, then the field restriction gives a code c· = n F; with parameters
Co
[n,2 n - vdegD(q -l)/q -1,2 degD -2g+2]q. Proof: Later on we shall see that CO is dual to Co(Do,D): CO = Ct. Let m = degD / q = degD', and suppose that m > g. By the Riemann---Roch theorem we have I(D') 2 m - g + 1. Let 1,./i, ... ,Jm-g be linearly independent elements in L (D'). We claim that the elements 1,./i, ... ,!m-g,fiq, ... g are also linearly independent over Fqv. Indeed, suppose that
,Pm-
In view ofthe condition ai :S q - 1, the left-hand side has a pole ofthe order at most q - I. The order of any pole of the right-hand side is divisible by q. Hence if we assume that the function I f3J( has at least one pole, we arrive at a contradiction. If it has no pole then I f3J( = f30 and hence (I yJi)q = with y? = f3i. Therefore I yJi = Yo, contradicting the linear independence of 1,./i , ... ,1m-g. Extend the set F = {1,./i, ... '!m-g,j(, ... ,Pm-g} to a basis of the space L(D). Since C' = n an element v = (VI, .. . , vn ) E lies in C' if and only if
Y6
ct F;,
F;
n
v-/= Lv/(xi) =0 i=1
for any f in this basis. Iff #- 1, in general we have v -/ E Fqv, and hence each equation v -/ = 0 generates v linear equations over Fq (iff = 1 we obtain just one linear equation). Observe also that the equation v .f; = 0 is equivalent to the equation v·j( = O. Thus we see that the number of the linear equations over Fq is at least by v(m -g) + v-I less than the a priori bound vl(D)
= v(degD - g+ 1).
This yields
dimC' 2 n - v(q -1}m-1. In the case m :S g we set F = {I} and proceed as before. The a priori bound v (degD - g + I) is sharpened by (v - 1), and we arrive at the inequality dimC· 2 n - v(degD - g) -1, which is slightly better than the inequality of the theorem. Corollary 10.10. Let gq :S degD < n. If D = qD' and D' q -1, then C' = C'(Do,D} has the parameters
= Iai . Yi,
[n,2 n -degD(q-1}/q -1,2 degD-2g+2]q.
•
0 :S ai :S
Constructions and Properties
251
Automorphlsms Let G ~ AutFq (X) be a subgroup of the group of all Fq-automorphisms of X. Suppose that SuppDo and the divisor D are G-invariant. Then G operates on C = C(Do,D). Indeed, in this case for any g E G andanyf EL(D) the function g* (j), whereg*(j) (x) =f(g(x)), lies inL(D). Therefore a code-vector (j (x I) , ... ,j(xn)) is mapped to (g* (j)(xI) , ... ,g*(j)(xn)) = (j(g(XI)), ... ,j(g(Xn))), which is also a code-vector. Thus G is naturally mapped to Aut(C) nSn and, according to the properties of group codes, we have
where Hi is the stabilizer OfYi E SuppDo.
Proposition 10.11. Let G ~ AutFq (X), let SuppDo be a G-invariant subset of X(Fq) and let D be a G-invariant Fq-rational divisor on X. Suppose that SuppDo n SuppD = 0. Then C = C(Do,D) is a group code:
where Hi is the stabilizer of Yi E SuppDo, {YI, ... ,Ym} being the set of orbit representatives ofthe action ofG on SuppDo.
10.4.
DUALITY AND SPECTRA
First of all we establish the (L - O)-duality of geometric Goppa codes.
Theorem 10.12. The codes C = C(Do,D) and C* = C*(Do,D) are dual to each other.
Proof: Consider first the case 2g - 2 < degD < n when both maps Ev and Res are embeddings. Forf E L(D) and wE O(Do -D) the residue formula yields n
(Ev(j),Res(w))
= LResxj(jw) = L Resx(jw) = O. i=1
xEX
Thus any code-vector of C is orthogonal to any code-vector of C* , i.e., C* ~ Cl.. On the other hand, dimCl. = n - dimC:5 n - (degD - g+ 1) :5 dimC*, hence C* = Cl. and dimCl. = dimC*. For arbitrary degD we have Ker(Ev) = L(D - Do), Ker(Res) = O( -D), and the Riemann-Roch theorem tells us that the dimensions of C and C* are complementary. •
252
Chapter 10
Self-Dual Geometric Goppa Codes Let a = (al, ... , an) E F;, and ai =J 0 for each i = 1,2, ... , n. Recall that a code C ~ F; is called quasi-self-dual with respect to a E y, if n = 2m and for any u = (UI, ... ,Un ) E C, v = (v" ... ,vn ) E C and
(F;
n
Laiuivi
= o.
i=1
A code C is quasi-self-dual if there exists such a and is self-dual if a
= (1, ... , 1).
Theorem 10.13. Letn > 2g-2 be even, anddegD = nI2+g-1. IfK +Do rv 2D then an [n,nI2, 2: nl2 - g+ Ijq-code C = C(Do,D) is quasi-self-dual. Moreover, there exists a unique (up to a multiplicative constant) differentialform WO E O(Do 2D) such that the code C is quasi-self-dual with respect to a = (al' ... ' an), where ai = ResXi (wo) =J O. In particular, ifResx1 (WO) = ... = Resxn (wo) then C is selfdual. Proof: We have n > degD > 2g - 2, 2D rv K + Do and hence k = degD g + 1 = n12, d 2: n - degD = nl2 - g + 1, dimO(Do - 2D) = dimO( -K) = dimL(O) = 1. Let WO E O(Do - 2D) be anon-zero differential form. Ifwe suppose that ResXi (wo) = 0 for some i = 1,2, ... , n then WO E O(Do - 2D - Xi) which is impossible because in that case 2 ~ deg(Do - 2D - x;) < 2 - 2g. Therefore ai = ResXi (WO) =J 0 for all i = 1,2, ... ,n, and whenever w = fgWO E O(Do) for any f,g E L(D), then n
n
L aJ(xi)g(X;) = LResXi(w) = i=1
i=1
o.
•
This completes the proof. In some cases the condition of the theorem is not only sufficient but also necessary.
Theorem 10.14. Let n be even, g 2: 1, D = Iaj . Yj be an effective divisor of degree degD = n 12 + g - 1 > 4g - 1 such that aj ~ degD - 2g + 1 for each j, and SuppDo ~ X(Fq) \ SuppD. The code C = C(Do,D) is self-dual if and only if there exists a non-zero differential form WO E O(Do - 2D) with ResXi (wo) = 1 for any i = 1,2, ... ,n. Proof: Let C = CJ. = C*(Do,D). Since 1 E L(D), there exists a differential form WO E O(Do - D) with ResXi (wo) = 1. Let us show that WO E O(Do - 2D). It is enough to prove that (wo) 2: 2aj .Yi for each j. Let Y be one of the points Yi and let D = a .Y + D', where degD' 2: 2g - 2 and Y ¢ Supp D'. We can suppose without loss of generality that Y is a F q -rational point (otherwise we can consider
253
Constructions and Properties
an extension of the ground field). By the supposition of the theorem there exists a divisor iJ = a ·y+iJ', 0 iJ D such that deg(D - iJ) = 2g - 1 and degiJ ~ 2g. The Riemann--Roch theorem yields L (iJ) =I L (iJ - y ). Letf E L (iJ) \ L (iJ - y ). It follows from self-duality that there exists a differential form wE O(Do - D) with Resx;(w) =f(Xi). We havefwo E O(Do - (D -iJ)) and Resxjifw) = Resx;(w), i.e., w - fwo E O(iJ -D). On the other hand deg(D -iJ) = 2g - 1, and since a non-zero regular differential form can not have (2g - 1) zeros then w = f WOo Hence the order of zero of WO at Y satisfies
:s :s
vy(WO) = vy(w) - vyif) = vy(w) +a
~
2a.
This is valid for eachy E SuppD; therefore (wo) ~ 2D, that is wo E O(Do - 2D) .
•
Self-dual geometric Goppa codes have been studied by Driencourt and Stichtenoth [29], Scharlau [158] and Stichtenoth [193].
Spectra Determination of the weight distribution of a geometric Goppa code leads to very subtle questions on the geometry of corresponding projective curve X. We are restricted to description of some general facts. Theorem 10.15. The minimum distance d* ofC*(Do,D) is the smallest number of distinct points XiI' ... ,Xid * E SuppDo such that
"x· d*
D-K", £..J
1T
-D" ,
T=l
where D" is an effective divisor on X with the support SuppD" disjoint from {XiI' ... , Xid *}·
Proof: Let f E L (K + Do - D) and suppose that there are exactly s points, say ,xs , wheref wo has a pole. Then we have
Xl, .•.
if wo) = -
s
L Xj + D + D"
j=l
with D" ~ 0, i.e.,
D - K '" Xl This proves the theorem.
+ ... + Xs -
D".
:s
•
Another way of phrasing this is as follows. Let D' Do be a positive divisor contained inDo. We haveL(K +D' -D) ~ L(K +Do -D). IfL(K +D' -D) =I
254
Chapter 10
{O} then C*(Do,D) possesses a code-vector of weight at most degD'. To find the minimum distance we have to look for the divisor of smallest positive degree such that L (K + D' - D) i= {O}. Also the weight distribution can be read off these spaces. For example, the number of code-vectors with minimum distance d is (q - 1) times the number of positive divisors D' :::; Do of degree d which are linearly equivalent to a divisor of the form D - K + D" with D" 2: O. Dually, the code C(Do,D) has minimum distance n - d', where d' is the maximum degree of a divisor D' with 0 :::; D' :::; Do and I(D - D') i= {O}.
EXERCISES 10.1. Let X
= IP'I (Fq), and Xl , •.• ,Xn be distinct Fq-rational points onX. Let n
Do= LXi i=l
and D be a Fq-rational divisor onX with the condition SuppDo n SuppD = 0. Prove that the geometric Goppa [n, k, d]q-code C = C(Do, D) associated to the pair (Do, D) has the following properties:
(a) n :::;q+l; (b) k
= n if and only if degD > n -
2;
(c) for 0:::; degD :::; n - 2,
k = I + degD
and
d = n - degD;
(d) every generalized Reed-Solomon code can be represented as a geometric Goppa code C(Do,D); (e) ifxl,'" ,Xn E Fqm, then the rational Goppa code defined in Section 3.2 can be represented as the restriction of the code C.L = C.L(Do,D' -xoo) over Fqm to Fq , where D' is the zero divisor of the Goppa polynomialg(z). 10.2. Let Do = Xl + ... +xn be a Fq-rational divisor and suppose that D, D' are linearly equivalent divisors with supports disjoint from SuppDo. Show that geometric Goppa codes C(Do,D) and C(Do,D') (resp. c*(Do,D) and C*(Do,D')) are equivalent (Hint: For (g) = D - D' consider the isomorphism
L(D) --+ L(D'),
fHfg,
and check that if a = (g(Xt) , .. . ,g(xn)) then C(Do,D')
= a x C(Do,D).)
10.3. Show that ifW '" K +Do then the code C(Do,D) is equivalent to C*(Do,D). 10.4. Let D > 0, degD < nand n = 2m. Suppose that there exists a differential form W() E !l(Do - 2D) with Resx,(w) = 1 for all Xi E SuppDo, I :::; i :::; n. Show that in this case the code C*(Do,D) is self-dual. (Hint: Check that iff E L(D) then fw E !l(Do -D). Using this show that C(Do,D) S;;; C*(Do,D) = C(Do,D).L, then apply dimension reasons.)
Constructions and Properties
255
°
10.5. The Fermat elliptic curve u3 + v 3 + w3 = is birationally isomorphic to the curve X defined over F2 by the equation v 2w + vw 2 = u3 + w 3. Verify that the rational points of X over F4 = {O, l,a,a} are the point at infinity xoo = (0,1,0) and eight points xl=(O,a,I),
x2=(1,I,I),
xs=(O,a,I),
x6=(1,0,1),
x3=(a,I,I),
x4=(a,I,I),
x7=(a,0,1), xs=(a,O,I), where a, a are roots ofthepolynomiaIF(t) = t 2 +t+ I. Let Do =Xl + .. ·+xs +Xoo and letD = x + o-(x) + 0- 2(X) be a primeF2-rational divisor, where X is a Fs-rational point of X such that x
f/. SuppDo. Using the map
Res: O(Do-D) ~F! construct an [9,6,2': 3]4-code C*(Do,D). 10.6. Let X be the non-singular projective curve of genus 1 given over F4 = {O, 1, a, a} by the equation u 2 v + av 2 w + aw2 u = 0. This curve has nine F 4-rational points: xl=(I,O,O},
x2=(0,1,0),
xs=(I,a,a),
x6=(I,I,I),
x3=(0,0,1), x7=(a,I,I),
x4=(I,a,a), xg=(1,a,I),
x9=(I,I,a).
Let Do =Xl + .. ,+x6 andD = 2x7 +xg. Using the map Ev:L(D)~F2
construct an [6, 3,4]4-code C(Do,D). 10.7. Let C ~ (Fqv)n be a linear code over Fqv and trv :Fqv
~Fq
be the trace map. For x = (Xl,'" ,Xn) E (Fqv)n, define
trv(x) = (trv(xJ), ... ,trv(xn)) EF;. The code
trv(C) = {trv(x} Ix E C} ~ F;
is called a trace code of C. Let C' = C n Fq be the subfield subcode (the restriction of C to Fq). Prove that: (a) the map is Fq-linear; (b) (C')-L = trv(C-L);
(c) if C, C' and c" = trv(C) have parameters [n,k,d]qv, [n',k',d']q and [n",k",d"]q, respectively, then
ks,k"s,v·k and
k- (v-l)(n-k) S, k' S, k.
Chapter 11
Examples In this chapter we describe several examples of geometric Goppa [n,k,d]q-codes coming from various algebraic curves defined over a finite field Fq .
11.1.
CODES OF SMALL GENERA
First we consider the simplest case, that of linear codes coming from curves of genus zero.
Codes of Genus Zero Any smooth curve of genus zero over Fq is Fq-isomorphic to the projective line JIDI • Let X = JID1• We choose for Do the q - I points of JIDI minus the origin Zo and the point at infinity xoo and for D we choose a multiple m . xoo of the point at infinity. If we choose as a basis for L(D) the functions 1,t, ... , t m then the geometric Goppa code C = C(Do,D) is given by a matrix (1]ij) with 1] a primitive element of Fq . The code C that we find is a Reed-Solomon code. This code is an MDS-code. In fact all geometric Goppa codes obtained from curves of genus zero are optimal or MDS-codes. Now if we take for D a divisor of the formD = I-L ·xo + v ·Xoo we find examples of BeR-codes (Michon [125]). If degD < n we have for the code C = C(Do,D) k+d~n+(l-g)
or
l-g
R+8> - 1+--. n 257
Chapter 11
258
In particular, for the codes coming from curves of genus zero, one has k+d=n+l,
i.e., the Singleton bound is attained. So we have the following result: Proposition 11.1. Ifg
= 0 then C = C(Do,D) is optimal.
More generally, if we suppose that degD 2:: 2g - 2 we find for the geometric Goppacode C* = C*(Do,D) that degD -2g+2
~
d* ~degD-g+2,
where the right hand side is the Singleton bound.
Codes of Genera 1, 2, and 3 Consider an elliptic curve E defined over FI6 with the maximum possible number of F 24-rational points. We have already pointed out that on E there are 25 points. Let us consider geometric Goppa codes starting with this curve E, and having a divisor D of degree 8 and a divisor Do of degree 21 consisting of some 21 points of these 25. Then we obtain a geometric Goppa code C = C(Do,D) with parameters [21,2:: 8,2:: 13l!6. Concatenation of the outer code C with the inner parity-check [5, 4, 2]z-code gives a [105, 32, 26]z-code, which is rather good (the best [104, k, 26] z-code known before geometric Goppa codes was non-linear and had k = 31.585). Let Nq(g) be the maximum possible number of Fq-rational points on curves of genus g defined over Fq . Consider codes on curves of genus g = 2. They exist for all n, k such that 3~n
~
N q (2)
and
1~ k
~
n - 2,
~
n - 3.
and we have k+d2::n-1.
Codes on curves of genus g
= 3 satisfy k+d2::n-2
for all n, k such that 4 ~ n ~ Nq (3)
and
1~ k
The information concerning all possible values for Nq (2) is given by Theorem 6.22 (see also the corresponding table of values of Nq (3) for small q placed in the same section).
Examples
259
Codes on the Klein Quartic Let X be the Klein quartic (ofgenusg = 3): u 3 v +v 3w+w 3 u = O. We take for Do the divisor consisting of all 24 points of X over Fg• Over F4 there are two points of degree one. They define a closed point (a prime divisor) of degree 2 over F2, denote it by P. They are intersection points with the bitangent line u + v + w = 0 (a bitangent is a line which is a tangent for two distinct points ofX). Let D = m . P with 3 :S m :S 11. We have for the code C* = C*(Do,D): n = 24,
k* = 26 - 2m,
2m - 4
:S d* :S 2m - 1.
Now we apply arguments presented in the previous chapter. If we take m = 3, then we obtain d* ~ 2. We have d* = 2 if and only if L(D' - P) i= {O} with o:S D' :S Do a divisor of degree 2 (note that K rv 2 . P). Suppose L (D' - P) i= {O}. Then the two points over Fg are flex points, so the tangent there is not a bitangent (aflex point is a point where the tangent has at least a 3-fold intersection withX). So this is not possible and d* ~ 3. Again, d* = 3 if and only if there exists a divisor 0 :S D' :S Do of degree 3 with L(D' - P) i= {O}, i.e., there exists a point x E X of degree one over Fg such that x + P rv D'. But then they belong to a linear system JP'(L(D")), with I(D") = 2, degD" = 3, and we can find a pointy over Fg such that x+P+y rvD' +y rv K. In fact, by the Riemann-Roch theorem one has I(D') -1(K -D') = I, and we know I(D') ~ 2, therefore I(K - D') ~ 1. This means that x + y rv P, i.e., 2·x + 2· y rv 2· P rv K, i.e., x ,yare two intersection points of a bitangent. But we do not have bitangents which are tangent in Fg-rational points. Therefore d* ~ 4. By the Hamming bound d* can not be 5. We have proved the following result: Proposition 11.2. Let X be the Klein quartic: u 3 v + v 3 w + w 3 u = 0 in]p>2 defined over F2. if P is an F2-rational prime divisor of degree 2 corresponding to the bitangent u + v + w = 0 and Do is the divisor consisting of al/24 flex Fg-rational points ofX then the code C* = C*(Do,D) over Fg, withD = 3 .p, has parameters [24,20,4]g.
The fact that d* i= 5 implies that there exists a divisor 0 :S D' :S Do of degree 4 such that L(D' - P) i= {O}, i.e., there exists an effective divisor P' of degree 2 over Fs such that D' rv P + P'. One can take P' = P. We can try to get good codes from this curve with D = m . P and m ~ 5. However, here one can not improve above the minimum value for d*: d* ~ 2m - 4. In fact, let us show this for m = 5 and for m = 11. If m = 5 then 6 :S d* :S 9. We have d* = 6 ifandonly if there exists a divisor 0 :S D' :S Do withL(K +D' - 5 ·P) i= {O}, i.e., D' '" 3 . P. This happens if and only if D' + P '" 2K, i.e., there exists a conic which passes through P and the six points of D'. For suitable D' such a conic
260
Chapter 11
exists: uv + uw + vw = O. So d* = 6 for m = 5. For m = 11 we have d* = 18 if and only if there exists a divisor 0 :'S D' :'S Do of degree 18 with D - K '" g. P '" D' . Now Do '" 6 . K '" 12· P, therefore 9 . P ,...., D' if and only if 3 . P ,...., Do - D'. As we saw above we can find such a divisor D'. By suitable concatenation one gets reasonably good codes over F2. Indeed, applying a [4,3,2h-code, i.e., viewing each element of Fs as a vector of length 3 over F2 and replacing it by its image in Fi under the encoding map for the [4, 3,2h-code, we obtain a [96,60, 8h-code over F2 from the [24,20,4]s-code over
Fs.
Hyperelliptic Codes Let X be the hyperelliptic curve of genus g = 2 defined over F2 by the equation
v 2 +v = u5 + 1. It has a 2-fold covering of pI ramified over the point at infinity and the genus of X can be computed by the Hurwitz formula (see Section 4.5). We denote by r the hyperelliptic involution. Let Xoo be the point of X lying over the point at infinity. The number N2v of F2v-rational points of X is given by if v =1= 41 if v = 41 So over F24 we find 33 points: Xoo plus two over each of the 16 points of the affine line AI, namely points x and r(x). Now let Do be the sum of all 32 F 24-rational points differentfromxoo andD = m ·Xoo with m 2: 3. For the code C' = C*(Do,D) we find n = 32, k = 33 - m and m - 2:'S d* :'S m. Suppose d* = m - 2. In that case there exists a divisor 0 :'S D' :'S Do of degree m - 2 such thatD' ,...., (m - 2) ·Xoo. This is possible for m even by taking (m - 2)/2 pairs of conjugate points x and rex). We now assume that m is odd. Then D' ,...., (m - 2) . Xoo is impossible if m = 3, since X is not rational. If m = 5, there exists a divisor 0 :'S D' :'S Do with D' ,...., 3 . Xoo. Then 2· D' ,...., 2· K. The hyperelliptic involution r acts as the identity on 12 . K 1since L (2 . K) is generated by products of elements of L(K), hence 2· D' is a 2-canonical divisor invariant under the involution. But then also D' is invariant. This contradicts the fact that degD' = 3. Next, let m 2: 7. Then we can find a divisor D' with D' ,...., (m - 2) . Xoo. Indeed, the points lying over the 5th roots of 1 on the affine line Al with v = 0 form a divisor linearly equivalent with 5 . Xoo. By adding suitable pairs of conjugate points x and r(x) one gets a D' of required form. We have proved the following result: Proposition 11.3. Let X be the hyperelliptic curve defined over F2 by v 2 + V = u 5 + 1 and let D = m . xoo with 3 :'S m :'S 31. Let Do be the sum of all F24 -rational
Examples
261
points ofX minus Xoo. Then the code C* = C*(Do,D) is a linear [32,33 -m,d*bcode with d* = m - 1for m = 3,5 and d* = m - 2 otherwise.
Let m = 3. We detennine the number of code-vectors of the [32,30, 2h4-code C* = C*(Do,D) with Hamming weight 2. The number of code-vectors of weight 2 equals 15 times the number of effective divisors D' < Do of degree 2 such that D' '" D - K + P '" xoo + P for P a prime F2 -rational divisor distinct from D'. Then ID'I is a linear system with I(D') = 2 and degD' = 2, but on a curve of genus g = 2 there is only one such system, namely 12 ·xool. We see that there are 16 such divisors D', all of the fonn x + T (x) with x #- Xoo. Thus we find 15 . 16 = 240 code-vectors of Hamming weight 2.
11.2.
ELLIPTIC AND HERMITIAN CODES
From the beginning we consider the following example:
Codes on the Fermat Cubic Let E be the Fermat elliptic curve in jp>2 given by u 3 + v 3 + w3 = O. This curve has 3 points over F2, 9 points over F4, and 9 points over F8. In fact, the number N2 v of F2v -rational points on E is if v = 21 + 1 if v = 21 The nine points over F4 are flex points and they give the points of order 3 in the group law. Choose D as a prime F2-rational divisor which corresponds to a close point of degree 3 over F2 (consisting of 3 new points Xi, 1 :5 i :5 3, of degree one over F8), and choose Do as the sum of nine F4-rational points. The space L(K +Do -D) has dimension 6. We get a linear [9,6, 2: 3kcode C* = C*(Do,D). The curve E is an elliptic curve with origin (1 : 1 : 0). We have d* = 3 if and only if Xl + X2 + X3 is a point of order 3 in the group. This is the case because this sum is an F2-rational point and all points over F2 are points of order 3. The configuration of the nine points of order 3 has a large automorphism group which is the group of affine transformations of p} over F3.
Codes on Elliptic Curves A detailed analysis of a very interesting class of geometric Goppa codes coming from elliptic curves over F2 has been made by Driencourt and Michon [26, 27]. We consider here a certain aspect of the construction from an elementary point of view and note that the codes obtained in this way admit an easy decoding procedure.
262
Chapter 11
Let E be an elliptic curve defined by
v 2 +v =g(u), where g(u) is a polynomial in F2[u] of degree 3. The number N2 of F2-rational points x = (u,v, w) of E is 1, 3 or 5. In general the number N2v of F2v-rational points is expressed in terms of N2. Here we need to use the fact that this number is odd and that all points except the point at infinity xoo = (0, 1, 0) form the pairs (X,T(X)) with X = (a,/3, 1) and T(X) = (a,/3+ 1, 1). Let A be the subset of F2v consisting of the distinct non-zero w-coordinates of F2v-rational points of E. Then the complete set of F2v-rational points of E is
Xoo, Set a =
xa =(a,/3,1),
T(xa)=(a,/3+1,1)
with a EA.
IA I and for a positive integer m define the divisors Do, D as Do
=
L (xa + T(Xa)),
aEA
D = m ·Xoo.
We suppose that 2a - m ~ 1. It is clear that the supports of both divisors are disjoint and that degDo = 2a. Set [= lm/2J, [* = l(m - 3)/2J, then define a function on E by
/(u,w) = TI(u+aw), aEA
w/l,
and choose the basis {Wi, 0 :::; i :::; a - [ - 2, 0 :::; j :::; a - [* - 2, in the space O(Do - D) consisting of differential forms
where u, v and ware projective coordinates on E. Using the fact that t = u + a can serve as a local parameter atxa = (a,v(a), 1), one calculates readily that the residues of the corresponding differential forms are given by
where
/'(a) = TI (a + a'). a'EA a'i-a
With n = 2a and q = 2", we define the residue map Res: O(Do-D) -+F;,
263
Examples
where
w ~ Res(w) = (ResX1 (w), ... ,Resxa (w ),ResT(xl)( w), ... ,Res,,(xa)(w )). The resulting geometric Goppa code is a linear [n,n - m, 2: mlzv-code, generated by the vectors Res( w ), as w varies over n(Do - D). We remark that the elliptic codes over binary and ternary fields are related to very interesting number theoretic sums, such as that of Kloostennan. The interested reader would do well to consult the original papers of Driencourt and Michon [26, 27] and Lachaud and Wolfmann [105]. We have also the following result (Janwa [86]): Proposition 11.4.
If q + 1 < n < N q (I),
the elliptiC [n,k,d]q-codes are optimal.
Codes on Hermitian Curves The Hermitian curve X C jp>2 is a smooth projective curve given over Fq by
uq+l +v q+l +wq+l =
o.
The genus g = g(X) of X can be easily calculated by the Plucker genus fonnula: q(q - 1)
g= .:;...c..::-2--'-·
The curve X has (q + 1) Fq2 -rational points at infinity (ofthe fonnxco = (1, ~,o), where ~ is a (q + 1)th root of -1). Next, there are (q + 1) F q2 -rational points of the fonn x = (u, v, 1), where u satisfies 1 - uq+l = 0, and (q2 - q - 1)(q + 1) Fq2 -rational points of the fonn x = (u, v, 1) for each u such that 1 + uq+I :I: 0 and for each v satisfYing v q + I = -1 - uq+ 1 • Thus the curve X has exactly N q 2 = 2( q + 1) + (q
+ 1)(q2 - q - 1) = q3 + 1
F q 2 -rational points. Because N q2 = q2 + 1 + 2gq, the Hennitian curve X is maximal. Choosing a, /3 E Fq such that a q + a = /3q+ I = -1, and setting y __ /3_
- v- /3u'
we can transfonn to the equation
z=uy-a=
/3(I+a)u-av v-/3u
264
Chapter 11
which is more suitable for applications to coding theory. From now on we shall assume that the Hermitian curve X is given over Fq by zq+z=yq+l.
The curve X given by the above equation has one F q2 -rational point Xao = (0,1,0) at infinity and q3 F q 2-rational points of the form X = (y,z), where zq +z = yq+l. Indeed, the non-zero elements u E Fq2 with u q+l E Fq form a subgroup of F;2 of the order (q - I)(q + 1) = q2 - 1, and the equation zq + z = t has exactly q solutions in z E F q2 for each t E F q . For n = q3 let Xl, ... ,Xn be all F q 2-rational points of X different from Xao. Set
Do =Xl
+ ... +xn
and
D = m ·Xao.
The Goppa construction gives us a Hermitian [n,k.dlq-code C = C(Do,D) with k = l(m ·Xao) -l(m ·Xao -Do)
and d?:.n-m.
Note that if m
> n + 2g - 2, the Riemamr-Roch theorem yields k=m-g+ 1- (m-n -g+ 1) =n.
In that case the code C ~ F22 is trivial, and it remains to study Hermitian codes q with 0 :::; m :::; n + 2g - 2. From Proposition 10.5 and Theorem 10.12 it follows thatthe code C = (Do,m· Xao) is dual to C (Do, I.L . Xao) with I.L = n + 2g - 2 - m, and it is self-dual if and only ifq = 2 V and m = (n +2g-2)/2. Set k' = F q2 and consider the set 'N of non-gaps atxao:
'N = For s ?:. 0 let Then gives
INsl =
{n ?:. 0 I there exists f 'Ns
l(s ·Xao), and for s
E k' (X) with (f)ao =
n .Xao } .
= {n E N In:::; s} .
> 2g- 2 = q2 - q - 2 the Riemamr-Roch theorem q2 _q
lJ\fsl =s+ 1- -2-. It is easy to see that elements lzj with i ?:. 0, 0 :::;j :::; q - I and iq +j(q + 1) :::; s form a basis of the space L (s . Xao). Therefore,
'Ns = {n:::; sin = iq+j(q+ 1) with i?:. 0 and O:::;j:::; q -I}.
Examples
265
Proposition 11.5. Suppose that 0 :::; m:::; q3+2g-2, andsetp,=q3+2g-2-m. Then: (i) the dimension k ofC = C(Do,m . x",,} is given by
if 0:::;m 1, s ~ ql/2 and I, (sql/2_ 3)2 S - 2 < I < n, there exists a linear [n',k',d'jp-code C' with
n' = non ~ no(2ql/2 _s)ql/22s - l , k' ~ ko(l- (sql/2 - 3)2 S - 2), d' ~ do(n -I). Relative parameters R' = k'ln' and S' = d'lnl of the code C' satisfY R' + S'
~ Ro (~_ (sql/2 ~ 3)2
S
-
2)
+ 80
(1- ~) .
The above results can be easily extended to the case of fiber products of curves over Fq , where q = pV is an odd power of p (StepanovOzbudak [191, 192]), and to the case of fiber products of superelliptic curves (Ozbudak [136]) defined over a finite field Fq by equations of the form ~yperelliptic
zi = fi(u),
I
~
i
~
s,
where f.L ~ 2 is a divisor of q - 1. The curves (11.1) provide sufficiently long geometric Goppa codes (with n ~ q. 2y'q-1). Moreover, some modification of the polynomialsfi(u) (Ozbudak [138]) allows construction of very good linear [n,k,djq-codes for any n ~ q(q - 1) ·2q. Another construction of rather long geometric Goppa codes coming from fiber products of Artin-Schreier curves was proposed by van der Geer and van der Vlugt [60].
11.4.
CODES ON CLASSICAL MODULAR CURVES
Let us now consider some properties of geometric Goppa codes obtained by reduction of classical modular curves. Let Xo(N) be an absolutely irreducible smooth projective curve over Fp of genus g = go(N). Let Xl, ... ,xn be Fp 2-rational points of Xo(N) (lying over supersingular values ofj), and let N ~ 3 be a prime number, different from p.
Examples
275
Proposition 11.16. Let Do = Xl + ... +Xn , let D be a Fp 2-rational divisor on Xo(N), and let SuppDo n SuppD = 0. IfN ~ 3 is a prime number and N =I p, the linear [n,k,dl p 2-code C = C(Do,D) has parameters
1 :::;: n :::;: n', k ~ degD - go(N) + 1, d
~
n -degD,
where n' ~ (N + 1)(P - 1)/12.
Proof: The proposition follows immediately from Corollary 8.2, Proposition 8.5, Corollary 9.9 and Theorem 9.10. • Note that the assertion of Theorem 9.10 remains correct for all positive integers N relatively prime to p (see Tsfasman and Vladut [208, p. 426]), and we arrive at the following result:
Proposition 11.17. Let Do = Xl + ... + X n , let D be a Fp 2-rational divisor on Xo(N), and let SuppDo n SuppD = 0. If N is relatively prime to p, the linear [n,k,dl p 2-code C = C(Do,D) has parameters
1:::;: n :::;: n', k ~ degD - go(N) + 1, d where
~n-degD,
n'~ N(P-1)n(1+I-I) 12
liN
and the product is taken over all prime numbers I dividing N. Since the length n of the code C can be at least
we can assume that n
= rN (P-1) 12
n(1 +r )1· l
liN
The set of numbers of such form is rather dense. Using Weierstrass points, we can improve the code parameters for small k. We consider only the point xoo on Xo (N) and restrict ourselves to the values N = 2 m
276
Chapter 11
(in this case the effect obtained by using Weierstrass points is maximal). Then we have where
ifm =2v ifm = 2v+ 1
Proposition 11.18. Let D = I·xoo be a divisor of degree I on Xo(N) and C = C(Do,D) be a linear [n,k,d)p2-code. Thenfor the parameters ofC we have:
1::; n::; n', k ~ k(l,m), d~n-I,
where n' ~ 2m - 3 (p -1) and k(l,m) is defined asfollows: k(l,m) = r ifand only if with 1 ::; r ::;
11.5.
l if J-
1.
CODES ON ARTIN-SCHREIER COVERINGS
Let Fq be a finite field with q = pI) elements and Fq2 a quadratic extension of Fq. Let Nq2 (X) be the number of Fq 2 -rational points of a smooth projective curve X of genus g(X) defined over Fq 2 and
Nq2(X)
2.
A(q ) = lIm sup -(X) , g(X)-t oo g
the supremum being taken over all smooth projective curves X of genus g = g(X) (up to isomorphism over Fq2). As was shown before, there exists a family of modular curves Xi such that
A( 2) _
q -
r N 2 (Xi) j!! g(Xi) q
- _1 -q .
(11.3)
For q ~ 7, the equality (11.3) asserts the existence of an asymptotically good sequence of geometric Goppa codes over Fq2, whose parameters lie above the Gilbert-Varshamov bound. The proof of the equality (11.3) exposed in Part III requires very deep facts from algebraic geometry and the theory of modular curves. Now we present a
Examples
much easier proof of (11.3), proposed recently by Garcia and Stichtenoth [52] and based on construction of a sequence of (modified) Artin-Schreier coverings ···~X2~XI~XO
such that the ratio N q 2 (Xi) / g(Xi) tends to the Drinfeld-Vladut bound q - 1 as g(Xi) ~ 00. Let k = Fq2 and Lo = k(x) be the rational function field over k. We define the sequence of smooth projective curves Xi over k recursively by
(11.4) (11.5) and v A;+l'
=j(+l I Ji = zdJi-1
{Z~+l +ZHI I
I'
(11.6)
for i 2: 1. Consider the corresponding tower of function fields
Lo
~LI ~L2 ~
... ,
(11.7)
where L j = k(Xi) for i 2: 0, and note that
L j = Li-l (Zi). Our purpose is to calculate the genus of the curve Xi for each i 2: 0 and determine the number of k-rational points of Xi. To do this we use the ramification theory of Artin-Schreier extensions described in Section 5.4. The Genus of L; From now on, we consider the tower (11.7) of algebraic function fields Li = k(Xi), where the smooth projective curvesXo,XI ,X2, ... are defined by Equations (11.4) to (11.6). Lemma 11.19. Suppose that a prime divisor P E Div(Li) is a simple pole of Ji = zdJi-1 E L j • Then the extension LHI/L j has degree [LHI : L;J = q, and Pis totally ramified in LHI/Li. The prime divisor pI E Div(LHJ) lying over P is a simple pole ofJi+I.
Proof: By assumption, vp(j(+l) = -(q+ 1). From Equations (11.4) to (11.6) and Proposition 5.32 it follows that [Li+I/Lil = q and thatP is totally ramified in LHI/Li. Let pI E Div(Li+d denote the prime divisor lying over P. Then vpl(zi+l +Zi+J)
= vpl(j(+I) = -q(q+ 1),
278
Chapter 11
hence Vpl(Zi+1)
= -(q + 1) and, by relations (11.5),(11.6),
vp,(fi+d = vpl(zi+d - vp,(f;) = -(q+ 1) - (-q) =-1. This completes the proof.
•
As x has a simple pole in Lo = k(x), we obtain by induction the following result:
Lemma 11.20. For all i ~ 1, the field k = Fq2 is algebraically closed in L i, and the degree of the extension Ld Lo is [Li : Lo] = qi. The following lemma is an immediate consequence of Proposition 5.33.
Lemma 11.21. For all i ~ 0, there is a unique prime divisor Qi E Div(Li) which is a common zero ofthefunctions X,Z1,'" ,Zi. Its degree is degQi = 1. ForO:::; p, :::; i, the divisor Qi is also a zero offJL , and we have vQJfJL) = qJL. In the extension L i+ 1/L i, the divisor Qi splits into q prime divisors of Li+ I of degree one (one of them being Qi+I)' Our purpose is to calculate the genus of Xi for i ~ 0 using the Hurwitz genus formula. Hence we must determine precisely all prime divisors P E Div(Li) that ramify in Li+I /L i . For a prime divisor P E Div(Li) and 0:::; p, :::; i, the restriction of P to LJL will be denoted by P n LIL" We introduce the following sets of prime divisors: (i) For i
~
1, let
S~i) = {P E Div(Li) IPnL i = Qi-1 andP i= Q;}. (ii) For 1 :::;
'T :::;
l i22 J, let S~i)
=
{p E Div(Li) IpnLi-1 E S~i-=-II)}.
(iii) If Poo E Div(Lo) denotes the pole of x in Lo, let S(O) = {Poo}
S(1)={PEDiV(LdlpEs~l)orpnLoES(O)};
and
i.e., S(l) contains all prime divisors of LI which are either a pole of x or a common zero of x and ZI - a, for some a E k* satisfying a q + a = O. (iv) For i ~ 2 and i
== 0
mod (2) we define
S(i) = and for i ~ 3 and i
S (i) --
==
{p E Div(Li) IpnLi-1 E S(i-I)},
1 mod (2),
{p E D'IV (L) Ip n Li-I E (S(i-I) U S(i-i) (i-3)/2 )} . i
279
Examples
Now we define the (modified) Artin-Schreier operator p : L -* L by p(h) = h q +h.
To proceed to the critical step of the calculation of the genus gi = g(Li) we need two lemmas. Lemma 11.22. Let 1 :::; J.L :::; i, and let P E Div(Li) be a prime divisor ofLi lying over Q/L (i.e., P is a common zero ofx ,ZI, ... ,z/L). Then (in the notation ofSection 5.4), we have at P: r =J,q (l_J,(q-I)(q+I) +E(f,(q2_ I)(q+I))) J/L /L-I /L-I /L-I and
Proof: The equation yields Z -J,q+ 1 - zq -J,q+ 1 - (f,q+ 1 - zq )q /L - /L-l JL - /L-I /L-1 /L-l = PJ+I (1-J,(q-I)(q+l) +E(f,(q2_ I)(q+I))). J/L-I JL-I /L-I Asf/L
= z/Llf/L-I, this gives the first assertion .. Now we setg = f:~:
and obtain
f;1 =fJL-IZ;;,I = f;!1 (l_gq-l +E(gq))-I = f;!, (I + gq-I +E(gq)),
hence f;(q+l) =g-q(l +gq-l +E(gqW+ 1 =g-q(1 + gq-l +E(gq)) = p(g-l) +E(I).
•
This finishes the proof. Lemma 11.23. Let 0 :::;
T :::;
l i21 J and P E S~i).
Then, we have at P
(q+l = 'V (-(q+l) +E(l) Ji lJi-2/L-l , for some element 'Y E
F;.
280
Chapter 11
Proof: (By induction on T.) Suppose first that T = O. A prime divisor P E S6i ) is the common zero OfX,ZI, ... ,Zi-l andzi - a, with an element a E k* satisfying a q + a = o. We have (Zi - a)q + (Zi - a) = J;~+;l, hence
=ff-il + E(f!-5r+ 1)).
a
Zi -
It follows from (11.6) that
ff+lff-i l = ((Zi -
a) + a)q+1
= a q+1+ a q ~il +E(ff-(r+ I))) +E(ff-(r+ I)) = a q+1+aqff-i l +E(ff-(r+ I)). We divide by
ff-i I, set 'Y = a q + I and obtain
Observe that 'Y E F q , since a E k. Suppose now that induction hypothesis,
T
2': 1. Then P lies over Qi-r-I and P nLi-1 rJ+ I
Ji-I
=
·C(q+l) +E(I)
'YJi-2r
'
E
S~i-=-/). By (11.8)
with 0 -j. 'Y E F q • Lemma 11.22 yields
(-(q+l)
Ji-2r
and as
'Y E F q ,
= .~Vi-2r-l Mtr-(q+I)) +E(I) '
this implies
We have zj + Zi
-
ff-i 1, hence
so that Zi
r(q+l) +E(I) .
= 'YJi-2r-1
(11.9)
Since.li =Zd.li-I' then
.Ii =
(zJi-2r )q+1 (fi- Ji-2r )q+l
with A =JJi-2r andB =ff-ilff-i~.
= Aq+1 B-1,
(11.10)
Examples
281
Note that VP(/i-2T) > 0 (since i - 27:::; i - 7 - 1), and./i-2T Lemma 11.22. From (11.8), B = 'Y + E~i~), hence
B -1 -- 'Y I
_ + EU·q+l) Vi-2T -
Using (11.9) and Lemma 11.22 with J.L
'Y
=i-
= E(/i-2T-J)
) + EfI·q+1 Vi-2T-I·
-I
by
(11.11)
27, we find
A =ZJi-2T =
('YJ;:::~~~?+E(1))J;~2T_I (1+EW~2~~I))
=
'YJ;=~T-I +E(f;~2T-I)·
It follows that
Aq+1 = ",q+I~-(q+l) +E(l) = ",2~-(q+l) +E(l). Ji-2T-I
I
I
Ji-2T-I
(11.12)
Substituting (11.11) and (11.12) into (11.10) we obtain ~q+1 = ",~-(q+l) +E(l)
lli-2T-I
Ji
,
as desired. Proposition 11.24. Let 0 :::; unramified in LH 1/Li.
l i22 J and P E S~i).
7 :::;
•
Then, the prime divisor P is
Proof: We consider a prime divisor P E S~i) , where 0 :::; 7 :::; l i-:/ J. From Lemma 11.23, we have at P ,rl]+1 = ",~-(q+l) +E(l)
lli-2T-I
Ji
with 0 # 'Y E Fq and i - 27 -1
~
C(q+l)
Ji-2T-I hence
,rl]+1
Ji
'
1. By Lemma 11.22,
= PVi-2T-2 (C(q+I)) +E(l) '
= ,vVi-2T-2 Vl(~-(q+I)) +E(l).
(11.13)
Since Li+1 = Li(ZHJ) andzi+1 +Zi+1 = J;q+l, it follows from Proposition 5.33(iii) • that the divisor P is unramified in the field L i + I. Lemma 11.25. In notations as before: (i) ifP E S~i) with 0:::; (ii) for P E
s(i),
7:::; li 22 J, then vp(/i) = -l-2T-I;
we have vp(/i) = -1.
282
Chapter 11
Proof:
(i) The assertion follows from Lemma 11.23, since VP(j;-2T-d also Lemma 11.21) and Proposition 11.24.
= qi-2T-l
(see
(ii) (By induction on i.) The assertion is obvious for i ::; 1. Suppose now that i ~ 2. If i == 0 mod(2), then pnLi-l E S(i-l) and, from the induction assumption, the prime divisor P nLi-l is a simple pole of.Ii-I. By Lemma 11.19, the divisor P is then a simple pole of.Ii. The same argument applies when i == 1 mod(2) and pnLi-\ E remains to consider the case i ~ 3, i == 1 mod (2) and
Po
= ( pnLi-l )
It
(i-l) E S j-3 • ""2
From (i) we know that vpo (j;-l) = -q. Since fied, by Proposition 11.24, we conclude that
qvp(Zi)
S(i-l).
zi + Zi = I!-~! and P / Po is unrami-
= (q+ I)VP(j;-I) = -q(q+ 1),
hence Vp(Zi) = -(q + 1). It follows that
vp(j;)
= Vp(Zi) -
VP(j;-I)
= -(q + 1) -
= -1.
(-q)
•
This proves the lemma. In the next lemma, we denote by
(j;)(i) =
L
vp(j;)·p
PEDiv(Lj)
the principal divisor of.li in the field L i . Lemma 11.26.
(j;) (i) = qi Qi -
lYJ
L
. qi-2T-l D~') - D(i) ,
T=O
where
D¥)=
L
P
and
D(i) =
PES~i)
The degree ofD~i) (resp. D(i)) is degD~i)
L
P.
PES(i)
= qi+l (q -
1) (resp. degD(i)
= ql ¥ J).
Examples
283
Proof: This is straightforward induction based on the use of Lemma 11.25 and the equations zf+1 +ZHI =1(+1 and.fi+1 = zHdk •
By Lemma 11.26, Proposition 5.33 and Proposition 11.24, the prime divisors of Li ramified in L i+II Li are exactly the divisors P E S(i), and they are totally ramified. The different exponent of a prime divisor pi E Div(LHd lying over P E S(i) is d(PI/P) = (q - 1)(q + 2) (see Proposition 5.33(ii)), and the degree of the divisor n(i) is equal to ql!¥ J. Hence, the Hurwitz genus formula (see Proposition 5.30) gives the following recursion for the genus gi = g(Li ): 2gHI - 2 = q(2gi - 2) +ql!¥ J(q -1)(q+2). By induction it then follows: Theorem 11.27. The genus gi = g(Li) is given by
gi = {
qHI +qi -qi:¥ -2q~ + 1 HI i I ;+3 3 HI ;-1 1 q +q - 'iqT - 'iqT -qT +
ifi == 0 mod(2) ifi == 1 mod (2).
The Prime Divisors of Degree 1 Now we determine the number of the prime divisors of Li / Fq 2 of degree one (i.e., the number of F q 2-rational points of the corresponding curve X;). The following statements are easily verified: (i) Let P E Div(Lo) be the zero of x - a with a E k*. Then, the prime divisor p splits completely in Li / Lo, i.e., there are exactly qi prime divisors pi over Pin Div(Li ), all of them having degree one (this follows from Proposition 5.33(iv)). (ii) The prime divisors P E S(I) have degree one, and they are totally ramified in Li / L I. Hence, over each of these prime divisors there is a unique prime divisor pi of L i , and this divisor has degree one. (iii) The prime divisors P E S~i} U {Qi} are of degree one. There are (q2 - 1)qi prime divisors of type (i), q prime divisors of type (ii), and q divisors of type (iii). So, we have: Theorem 11.28. LetNq2(Li ) be the number o/prime divisors o/L;JFq2 o/degree one. Then,for all i ~ 2, we have
284
Chapter 11
Since N q 2(Li) = N q2(X;) andgi =g(Li) =g(X;), from Theorems 11.27 and 11.28 we deduce the following result.
Theorem 11.29. We have . Nq2(X;) ~lm (X) = q - 1, 1--)00 g i hence
11.6.
CODES ON TRACE-NORM CURVES
Explicit examples of asymptotically good towers of function fields are of high interest for coding theory, since they can be used for the explicit construction of asymptotically good families of codes. At the same time such examples provide explicit constructions of sequences {X;} of smooth projective curves over Fq2, for which . Nq 2(Xi ) hm >0. 1--)00 g (X) i Here we briefly discuss the tower £., = {Li} of function fields on smooth projective curves Xi, given over k = F q 2 by equations q xs+I +Xs+I
q
Xs
= -q-_-;I-Xs +1
(11.14)
This tower was firstly introduced by Garcia and Stichtenoth [54, 56]. In fact {Ld is isomorphic to a sub-tower of the tower considered in Section 11.5, since we can rewrite the equation (11.6) in the form
£., =
q
z'+1 I
q+1 q+1 q _ ZI _ zi _ q+ I _ zi +Zi+1 -x· - -q- I - -q-- I . I x + z. + Zi zq+ + 1 I-I
I
I
Equations (11.14) can also be written as tr(Xs+I)
=
norm(xs) tr(xs) ,
and we call X; the trace-norm curve. Let and
A*=A\{O}={aEkl
aq-I=-l}.
Examples
285
First we observe that the fieldL = k(X), with
has the following nice properties:
(i) [L:k(y)]=q; (ii) the functiony has a unique pole Poo in L; and the prime divisor Poo is totally ramified inL/k(y); (iii) for any a E A, the function y - a has a unique zero POI in L, and the prime divisor POI is totally ramified in L / k (y); (iv) for any l' E A, there is a unique common zero Qy ofy andz -1' in L; (v) the principal divisor in L of the functions y - a and z - l' are as follows: (y) =
L Qy -
qPoo,
yEA
(y - a) = qPOl
qPoo, (z-1')=qQy-Poo-
fora E A*,
L
POI'
for l' E A;
OlEcalA
(vi) the prime divisors of L that are ramified over k(y) are exactly the prime divisors P00 and POI' with a E A *; their different exponents with respect to the extensionL/k(y) are
d(Poo) = d(POl ) = 2(q -1); (vii) the prime divisors of L that are ramified over k(z) are exactly the prime divisors Qy, with l' EA. These properties follow immediately from Proposition 5.33. Now we investigate the tower.c = {Li} over k, which is defined by the equation (11.14). Let 'Y(Li) be the set of all prime divisors of Li/k. The tower.c has the following properties (see [56]): (i) [Li: k(xs)]
= qi-l, for s = 1,2, ... ,i;
(ii) if P E 'Y(Li) is a pole of XI or a zero of XI - a for some a E A *, then P is a pole ofx2,X3, ... ,Xi; the prime divisor P is totally ramified in LdLI and it is unramified in Li /k(xn); the different exponent d(P) of P with respect to Li/Li-I is given by d(P) = 2(q -1);
286
Chapter 11
(iii) if P E ':P(Li) isa prime divisor which is neither the pole of XI nor a zero of XI - a, for all a E A, then P is unramified in Li / LI. Our aim is to calculate the degree of the different Diff(Ld Li-d, for all i 2: 2. By the previous properties, it remains to. investigate the behavior of the zeros Q of XI in Li / Li- I . From the properties of the function field L = k(X), where
one has the following possibilities for such prime divisors
Q E ':P:
(a) the prime divisor Q is a common zero of the functions XI ,X2, ... ,Xi; (b) there is some r, I ~ r
< i, such that
Q is a common zero of XI ,X2, ... ,Xr , (b") Q is a zero OfXr+1 - a, with a E A*, (b"') Q is a common pole of X r +2, ... ,X;. (b')
s
=
In case (a), the prime divisors below Q are unramified in k(xs,xs+I )/k(xs ), for I, 2, ... ,i - 1. This implies that Q is unramified in LdLi -I . In case (b), the ramification indices of the prime divisors Q are determined as
follows: (i) if i ~ 2r + I, then the prime divisor Q is unramified in L; / L;_I ; (ii) for 2r + 1 < i, the prime divisor Q is totally ramified in Li / L2r+ I, and for 2r ~ s ~ i, the restriction of Q to Ls is unramified in Ls / k(xs); (iii) if 2r
+ 1 < i,
the different exponent d(Q) of Q in L;/L;_I is given by
d(Q)=2(q-l). For 1 :S r < (n - 1)/2 and a E A*, set
':Pr,a
= {Q E ':PI Q is a zero OfXr+1 - a}
and
Dr,a=
L
Q.
QEPr,a
Then we have and
degDiff(Li/L;-d = 2(q - l)qln/2J.
Examples
287
Moreover, any prime divisor Pa E !J'(LJ), which is the zero of XI - a, for a fj. A, splits completely in all extensions Li / LI. Summing up the above properties of the tower J:., = {Li} and applying the Hurwitz genus formula we find that
g(Li) =
{
(qn/2_1)2 (q(m-I)/2 _1)(q(n+I)/2 -1)
ifi::O mod(2) ifi:: 1 mod(2)
Since Nq2(Li) ~ (q _l)qi+l
we obtain the following result:
Theorem 11.30. The tower = Fq2, so that
k
J:.,
= {Li}
attains the Drinfeld-Vladut bound over
EXERCISES 11.1. Let X be a smooth projective curve defined over Fq . Write out the relation between n = IX(Fq)l, degD and /(D) corresponding to upper bounds for codes given in Chapter 2 and applied to geometric Goppa codes on X. 11.2. Let n = 2m. Show that a geometric Goppa [n, n /2, n /2 + l]q-code C of genus zero is always quasi-self-dual, and that for an even q there exist self-dual geometric Goppa codes with these parameters. (Hint: If g = 0 then any divisor of even degree is divisible by 2 and all the divisors of a given degree are equivalent.) 11.3. Check that any elliptic code with n = 2m is formally self-dual. 11.4. Let N
= Nq be the number of Fq-rational points of an elliptic curve E.
Prove that:
(a) if N is odd, there exists a quasi-self-dual [N -1, (N -1)/2, (N -1)/2]q code onE; (b) if N is even, there exists either a quasi-self-dual [N,N /2,N /2]q-code or a quasi-self-dual [N - 2, (N - 2)/2, (N - 2)j2]q-code; (c) if q is even, there exist com;:sponding self-dual codes. 11.5. Let E be the plane curve over F2 given by the affine equation v 2 + v Show that: (a) the curve E curve; (b) IE(F2 )1
= u3 + u + 1.
c Jp>2 is absolutely irreducible and non-singular, i.e., E is an elliptic
= 1, IE (F4) I = 5, and IE(F16) I = 25;
(c) E is maximal curve over F24;
288
Chapter 11
(d) the spaceL(m ·xoo), wherexoo
= (0: 1 : 0), has a basis {u i viI2i+3j:::; m}.
Write out the generator matrices of codes C(Do,m .xoo) and C(Do,m ·xoo) over F4 andF16, respectively, where SuppDo = E(F4) \ {xoo}, and SuppDo = E(F16) \ {xoo} for m = 2, S, 12, 16. Calculate their spectra. 11.6. Let E be the curve over F52 given by v 2 + v = u 3 . Show that E c]p>2 is a maximal over F52 elliptic curve. Write out generator matrices of codes C(Do,m ·xoo) for m = 2,S, 16, where SuppDo = E(F52) \ {xoo}. 11.7. Let E : v 2 + v = u 3 + bu + c be an elliptic curve defined over F 2. Prove that for v 2 + v = u3 + u + 1 for v 2 + v = u3 or u3 + 1 for v 2 + v = u3 + u. Check that the curve E : v 2 + v = u 3 + u is maximal over F2. II.S. Let E be the curve defined over F2 by v 2 + v = u3 + u. Prove that: (a) the zeta-function of E is
1 +2t+2t 2 Z(E,t) = (l-t)(1-2t); (b) the number N2" of F2" -rational points on E is given by
2v + I 2 v + 1 +2 v/ 2+1 { 2v+I_2v/2+1 N2"= 2 v + 1 +2(v+l)/2 2v + 1 _ 2(v+l)/2
ifv==2,6 mod(S) if v == 4 mod(S) if v == 0 mod(S) if v == 1,7 mod(S) if v == 3,5 mod(S).
Chapter 12
Decoding Geometric Goppa Codes This chapter concerns the decoding problem for geometric Goppa codes. We consider various aspects of the problem beginning with results on the existence of decoding algorithms and ending with ones on the construction of efficient algorithms which can easily be used in practice. For a detailed treatment of the complexity of algorithms we refer the reader to Aho, Hopcroft and Ulman [2].
12.1. THE DECODING PROBLEM Let C ~ F; be a linear [n,k,d]q-code. Define C' as C' = C U {?}. A map ~:
such that ~(u) = u, for all U E C, is called a decoder or a decoding map for the code C. We allow the decoder to give as outcome "?" when it fails to find a code-vector. We recall that a minimum distance decoding for a code C is a decoder ~ such that ~(v) E C' is a nearest code-vector to v, for all v E F;. A decoding error of a decoder occurs when the decoded vector is different from the transmitted vector. A maximum likelihood decoding minimizes the probability of a decoding error. Minimum distance decoding is equivalent to maximum likelihood decoding for a q-ary symmetric channel (in which the probability that a symbol is changed to another one is the same for all symbols in the alphabet and does not depend on the position in the transmitting vector). 289
290
Chapter 12
Now we discuss two essentially different decoding methods for a linear [n,k,d]q-code C. Let H
= (aij)I::;i:s;n-k,lg:s;n
be a parity-check matrix for the code C, so
C
= {u E F; IH . U
T
o} .
=
For a received vector v = (VI"", v n ) E F; and the parity-check matrix H for C, the syndromes are defined as n
Si(V) = ~>ijVj,
I
~
i ~ n.
j=1
We can extend the matrix H to an n x n matrix H' such that the rows I
~
i ~ n,
of H' form a basis of the space F; and the first n - k rows are from H. Let e = v - {(v) = (el, ... , en) E F; be the error-vector. The n syndromes si(e)
=
n
L aijej,
I
~
i ~ n,
j=1
determine the error-vector uniquely, but only the first n - k syndromes are known, since s i ( e) = S i ( V ), for i = I, 2, ... , n - k. The remaining syndromes are called unknown syndromes. Later we will show that the unknown syndromes can be obtained recursively from known syndromes s i ( e) = S i ( V ), I ~ i ~ n - k, by a majority vote. The set of all vectors with the same syndrome as v = (VI, . .. , v n ) is the coset v + C. If v'is a coset leader of v + C (an element of v + C of minimal weight), a simple minimum distance decoding consists of an exhaustive search for a coset leader. Alternatively, we can produce a list of all coset leaders. It is clear that both these decoding procedures have exponential complexity as a function of n, since either one has to search among qRn elements of the coset v + C to find one of minimal weight, or one has to store q(I-R)n coset leaders. Now we briefly describe the decoding problem for linear codes. Let A be an algorithm which has as input a pair (C,v), where C is a linear [n,k,d]q-code and v is a vector of the same length n. Then Ac is the restriction of the algorithm A to C, if Ac has as input a vector v = (v I , ... , v n ) and as output A ( C , v) computed by A. Consider the following problem: Find an algorithm A which has as input (C,v), where C is a linear [n,k,djq-code and v = (VI, ... ,vn ) a received vector, and as output a vector A( C, v) in C ' such that Ac is a minimum distance decoder
Decoding Geometric Goppa Codes
291
for C. This problem is NP-hard, and it can be divided into two parts. First, for an appropriate code C the preprocessing part provides a decoder Ac. Second, the algorithm Ac should work very fast. Thus, the decoding problem can be formulated as the problem of minimum distance decoding with preprocessing. All the known decoding algorithms which have polynomial complexity decode only up to some bound depending on the code (for example, up to halfthe designed minimum distance). We say that a decoder
corrects t errors if ,(v) E C is a nearest code-vector for all v E F; such that d (v, C) ~ t. A decoder' for a linear [n, k, d]q-code C decodes up to half the minimum distance if '(v) is the nearest code-vector for all v E F; such that d (v, C) ~ (d - I) 12. All decoding algorithms for geometric Goppa codes, which will be considered later, decode up to half the designed minimum distance and have complexity at most O(n 3 ) for n -t 00. Whether this is the case for all linear codes can be posed as the following mass problem (see Barg [10]). Problem 1. Is there an algorithm A which has as input ( C , v), where C is a linear [n,k,d]q-code and v = (VI, ... ,v n ) E F; is a vector of the same length n, and has as output a vector A( C, v) in C' such that the restriction Ac of A to C is a decoder for C which decodes up to half the minimum distance, and the complexity of the algorithm Ac is polynomial as a function of n and is independent of C? We complete the discussion of the decoding problem by demonstrating a wellknown fact that errors can be corrected if we have enough information about the error-positions.
Proposition 12.1. Let C be a linear [n,k,d]q-code with parity-check matrix H, let v = (VI, ... , v n) be a received vector with error-vector e = (el,"" en), and suppose that we know a set J of cardinality at most d - 1, which contains the set of error-positions. Then the error-vector e = (el' ... ,en) is the unique solution of the following system of linear equations:
and
Zj
= 0, for all
j(j.J.
°
Proof: Clearly, the error-vector is a solution. Now, if Z = e' is another solution, then H . (e' - e) = and hence e' - e E C. On the other hand, we have II e' - e II ~ d - 1. This implies e' - e = 0, so e' = e. • Thus we have shown that we can reduce error-correcting to the problem of finding the error-positions. To decode all received vectors with t errors, we have to consider ( ~) possible t -sets for error positions. This number grows exponentially with n when tin tends to a positive real number. Proposition 12.1 shows us that
292
Chapter 12
it is enough to find an (n,d - I,t)-covering system (a collection J of subsets d -1 and every subset of {I,2, ... ,n} of size t is contained in at least one J E J). The size of such a covering set is considerably smaller than the number of t -sets, but is at least
J C {I,2, ... ,n} such that IJI =
This number still grows exponentially with n.
12.2.
THE BASIC AND MODIFIED ALGORITHMS
For a code to have practical use, it is essential that it possess an effective decoding algorithm. We present a generalization of the decoding algorithm for Reed--Solomon codes in the case of an arbitrary geometric Goppa code (see Justesen, Larsen, Jensen, Havemose, Hoholdt [87], Skorobogatov, Vladut [180] and Tsfasman, Vladut [208, 209]). The Basic Algorithm
Consider an [n,k*,d*]q-code C* = C*(Do,D) with Do = XI + ... +xn , SuppDo n Supp D = 0, and 2g - 2 < degD ~ n + g - 1. Then the designed parameters of C* are ke* = n - degD + g - 1 and
de* = degD-2g+2. For a vector v = (VI, ... ,v n ) E F; and a function f E L (D) we define the syndrome n
s(v,J) = L vJ(x;), ;=1
and observe that the function s( v,J) is bilinear. Moreover, if v = u + e, where = (UI, ••• , un) E C* and e = (el, ... ,en) is the error-vector, then
U
s(V,J) = LeJ(xi), iEI
I = {i Iei #- O} being the set of error-locators. Let III ~ t and let D' be an auxiliary Fq-rational divisor such that SuppDo n SuppD' = 0. Specify bases {/i, ... ,.Ii} of L(D), {g\, ... ,gm} of L(D'), and {hl, ... ,hr } ofL(D-D'). Clearly,glLhp EL(D) for I ~ IJ. ~ m, I ~ p ~ r, and
293
Decoding Geometric Goppa Codes
the parity-check matrix of the code C* is given by as
s/LP = s/Lp(v)
= s(v,g/Lhp),
(!J. (Xi)).
Define elements s/LP
1 ~ J.L ~ m, 1 ~ p ~ r,
and note that the following system of linear equations plays the crucial role for decoding of the code C*: (12.1)
1 ~ p ~ r.
Proposition 12.2. IfI(D') > t then the system (12.1) has a non-trivial solution in elements Zi E Fq . Moreover, if
degD > degD' +2g-2+t then for any solution Z = (ZI, ... ,Zm) E F:;' o/the system, the/unction
vanishes at all points Xi with i E I. Proof: As I(D')
> t, we have I(D' - LXi) ~ I(D') - t > o. iEI
Choose 0 f. g' E L(D' - LiEIXi) and write
Theng'h p E L(D) for 1 ~ p
~
r, and we obtain m
m
/L=I
/L=I
s(v,g'hp) = L s(v,g/Lhp)z~ = L S/LPz~. On the other hand, since u E C* and gh~ E L(D) then s(u,g'hp ) = 0, and since 0 for i f/. I and g' (Xi) = 0 for i E I (because g' E L (D' - LiEI Xi) then
ei =
s(v,g'hp) = s(u+e,g'hp) = s(e,g'hp) = Leig(Xi)hp(Xi) iEI
This shows that z' = (zi, ... ,z~) is a solution of(12.1).
= O.
294
Chapter 12
Now we take an arbitrary solutionz = (z" ... ,zm) of the system (12.1) and set m
gz = L z/Lgw /L=l
Suppose there is an error-locator io E I such that gz (Xio) =I-
o. We have
~ degD-degD' -[ > 2g-2
deg
(D-D' -
LXi) iEI
L
(D-D' -
LXi) cL iEI
and hence
(D-D' -
LXi). iEI\{io}
So we find an element h E L(D - D') with h(Xio) =I- 0 and h(Xi) i E I \ {io}. As a result we obtain
s(v,gzh) =s(e,gzh) = L eigz(Xi)h (Xi) iEI = eiogz (xi)h (Xi) =I- O.
=0
for all
(12.2)
However, h is a linear combination of hi, ... ,hr, say
and hence m
r
s(v,gzh) = L z/L LYp(v,g/Lhp) /L=l
p=l
r
m
= LYp L s/Lpz/L = 0, p=l
since Z =
(Zl, • ••
/L=l
,zm) is a solution of (12.1). This contradicts (12.2).
•
The above properties of the divisor D' are sufficient to find a function gz vanishing at all points Xi E SuppDo withi E I. Denote the set ofpoints Xi E SuppDo such thatgz(xi) = 0 by I(gz); we have just proved thatI(gz) ::) I. In order to determine coordinates ei of the error-vector e, we consider another system of linear equations:
L f>.(Xi)Wi=S(V,J>.), iEI(gz)
I~A~I.
(12.3)
The error-vector e = (eJ, ... ,en) is a solution of this system, since s(v,J>.) =
s(eJi).
Decoding Geometric Goppa Codes
Proposition 12.3.
295
If degD > degD' + 2g - 2
then the system (12.3) has at most one solution. Proof: Suppose that wand w' are two different solutions of (12.3). Then w - w' is a solution of
L
iEI(gz)
f>..(Xi)Ui = 0,
I "'5: A "'5:1,
i.e., the vector U = (UI,'" ,un) with Ui = Wi - wI for i E I(gz) and Ui = 0 for i (j. I(gz) is a non-zero code-vector. Since gz E L(D') the weight of U can be estimated as follows:
Ilull"'5: II(gz) I "'5: degD'
< degD-2g+2 =
de* "'5: d*.
But the weight of a non-zero code-vector cannot be less than the minimum distance d* , and we arrive at a contradiction. •
Decoding Algorithm A(D') Given an element v E F;:
(I) Find a basis {Ii, ... ,it} of L(D), a basis {gl,'" ,gm} of L(D') and a basis {hi, ... ,hr} of L(D -D'). (2) Calculate syndromes s( v,gp.hp) and s( v,j>..). (3) Find a solution Z
= (ZI,'" ,zm) ofthe linear system (12.1).
(4) Set
and determine I(gz)
= {i 11 "'5: i "'5: nand gz(Xi) = O}.
(5) If the system (12.3) has a unique solution (ei)iEI(gz) , we set e = (el,'" ,en) with ei = 0 for i (j. I(gz) (if the system is not uniquely solvable, we cannot decode v). (6) Calculate the syndromes s( v - e,j>..) and check whether U = v - e is an element of C* = C*(Do,D) and whether Ilell :::: t (if the answer is yes, we decode v to the code-word u; if the answer is no, we cannot decode v).
296
Chapter 12
Theorem 12.4. Let C* = C*(Do,D) and 2g - 2 < degD ::; n + g - 1. positive t there exists a divisor D' such that SuppDo n SuppD' = 0 and
Iffor a
I(D') > t, degD > degD' +2g-2+t, then (i) the algorithm corrects all errors of weight ::; t; Oi) one can choose the divisor D' in such a way that the algorithm corrects all errors of weight Ilell::; (dc* -g-I)/2. Proof: The assertion (i) is obvious from Proposition 12.2 and Proposition 12.3. To prove (ii) we assume that t ::; (dc* - g - 1) /2, and choose a divisor D' such that degD' = g + t and SuppDo n SuppD' = 0. By the Riemann-Roch theorem,
I(D') ~ degD' - g+ 1 = t+ 1> t. The assumption t ::; (dc* - g - 1) /2 implies
degD- (2g-2) - t -degD'
= dc* -2t -
g
> 0,
and hence
degD> degD' +2g-2+t. This completes the proof.
•
To use the basic algorithm we must know D' explicitly. The degree of D' has to satisfy the following two inequalities:
degD' ~g+t
and
degD' < degD-2g-t+2,
which contradict each other when t is large enough. The largest possible value for t which satisfies both the inequalities is
Lett = L(dc* - g-I)/2 J, and take a divisor D' ofdegreeg+t with support disjoint from Do. One can easily show that such a divisor always exists. If we insert the construction of such a divisor D' and bases for L(D), L(D') and L (D - D') in the preprocessing part, the complexity of the basic algorithm is at most O(n 3 ).
Decoding Geometric Goppa Codes
297
The assumptions of Theorem 12.4 can be weakened as follows. Let v =
(VI, ... , vn ) be a received vector, and L(v,D') = {g E L(D')
IL Vigh (Xi) = ° for all
hE L(D -D')}
Next, let E be the divisor of error-positions defined by
and let L(D' - E) be the space of error-locator functions in L(D'), that is, the space of rational functions g' E L(D') which vanish at all points Xi E SuppE. Since L( v,D') contains all the error-locator functions of L(D'), we have L(D' -E) ~ L(v,D').
The linear space L (V, D') can be determined as soon as we know the received vector v. Moreover, if L(D' - E) = L( v,D'), we can find a non-zero rational function g' which vanishes at all error-positions. In that case, Proposition 12.1 allows one now to find the corresponding error-vector e. In this way one can easily remove the condition SuppDo n SuppD' = 0, and we obtain the following version of the basic algorithm (see Duursma [31, 33] and Ehrhard [35]): Proposition 12.5. Let H be a parity-check matrix of the code C* = C*(Do,D). Let v be a received vector, e the corresponding error-vector, E the divisor of error-positions and D' an arbitrary divisor. D + E) = 0, then L( v,D') = L(D' - E), so all elements of the space L (v, D') are error-locator functions. Moreover, if L (D' - E) i= 0, there exists a non-zero element ofL( v,D').
(i)
If fl(D' -
(iO
If fl(D' -
°
D + E) = 0, L(D' - E) i= and g' is a non-zero element of L(v,D') with the set of zero -positions J = {j 19'(Xj) = OJ, then the system of equations
H·z T =H·v T
and Zj
=
°
for all j (j. J
has the unique solution z = e.
One deficiency of the basic algorithm is that it corrects only errors of weight
S (dc' - g - I) /2, but not all errors of weight S (dc' - 1)/2. The following
heuristic argument shows that the basic algorithm corrects L(dc' - 1) /2J errors most ofthe time. Indeed, let E be the divisor of error-positions, and let L(D' - E) be the space of error-locator functions. If t = L(dc' - 1) /2 J, and degD' ? g + t, then L(D' - E) i= for all divisors of t error-positions. The set of divisors E
°
298
Chapter 12
of degree t such that fl(D' - D + E) i- 0 defines a hypersurface in the variety of all effective divisors of degree t. If this hypersurface is irreducible, then the percentage of error patterns of weight t, where the basic algorithm fails, is roughly l/q. It may be the case that fl(D'-D+E) i- 0, but we still have L(v,D') = L (D' - E). The following result is more precise than the previous proposition (see Duursma [33]).
Proposition 12.6. Let D' be a divisor with support which is disjoint from the support ofDo, and let v be a received vector with the error-vector e. Then
L(D'-E) =L(v,D')
if and only if
ex C(E,D')nC*(E,D -D') = O.
The basic algorithm can be improved in several ways. The first way is based on the use ofa divisor D such that degD > degDo = n. We define the gonality of a smooth projective curve X as the smallest degree of a non-constant morphism cf> : X --+ pI, or equivalently, as the smallest degree of a divisor D E Div(X) such that I(D) > 1. The minimum distance of codes C = C(Do,D) such that D is abundant, that is, equivalent to a divisor of the form Do + A, where A is an effective divisor of degree a, is at least m - a, where m is the gonality of the curve. If the curve has at least n + 2 points over F q , then abundant divisors can be used to show that there exists a divisor D' such that the basic algorithm corrects l(de* - g-I +m)!2J errors (see Pellikaan [140]). Another way to improve the basic algorithm is to use special divisors. We recall that the basic algorithm depends on the choice of the divisor D'. So one may try to find a divisor D' which has a lager dimension I (D') than is expected from its degree. We took the lower bound I (D') ~ degD' - g + I, but the Riemann-Roch theorem provides the more precise result:
I(D')
= degD' - g+ 1+/(K -D').
A divisor D' is special if both I(D') and I(K -D') are not zero. The degree of a special divisor is between 0 and 2g - 2. The Clifford theorem gives an upper bound for I(D'): if 0 S degD' S 2g - 2, then
I(D') S
I
"2 degD' + 1.
Ifwe take for the basic algorithm a special divisor D' and assume I (D') > t instead of degD' ~ g + t, and moreover degD' < degD - 2g + 2 - t, then we find that de* - I 3
t 2g-2. Furthermore, s = O( n) and the complexity of the algorithm is O( n 4 ) for n -+ 00. Unfortunately, this result is not not effective, since it does not provide any construction of the divisors D~, ... ,D~. On the other hand, if the curve X has gonality m and at least two Fq-rational points, then the map tfJ:::- I is not smjective and there exist 2m divisors D~, ... ,D~m' which can be constructed explicitly, such that the corresponding basic algorithms, run in parallel, correct L(de' - g - 1 + m)/2J errors.
12.3.
AN IMPROVEMENT OF THE MODIFIED ALGORITHM
Another decoding algorithm, which can be considered as a generalization of solving the key equation for rational Goppa codes by Euclid's algorithm in the ring of polynomials in one variable, was proposed by Porter [146]. The correctness of this algorithm was proved in [34, 35, 147].
302
Chapter 12
One can regard the ring of polynomials in one variable as the ring of rational functions on the projective line pi with poles only at the point xoo at infinity. The ring of polynomials in one variable is replaced by the ring Roo (x) of rational functions on the curve X with poles only at a fixed Fq-rational point x E X, where x differs from the points XI, ... ,Xn used to construct the geometric Goppa code C* = C*(Do,D). The weight ofa rational functionf E Roo(x) is defined as the order of the pole off at x and is denoted by w(f). The ring Roo (x) with the weight function w(f) is not an Euclidean domain unless the genus of X is zero, but it still has very similar properties. For allf, h E Roo (x ) we have:
(i) w(fh)
= w(f) +w(h),
(ii) w(f +h) ::; max(w(f), w(h)), (iii) if w(f) = w(h), then there exists an element ,.\ E F; such that w(f -"\h)
w(f).
2g -
2. There exists a divisor
D" :::; D such that the map Res:
O(Do - D") -+
F;
is sUljective. Moreover, there exists a linear map
Fqn -+ O(D0 -D") ,
v
f-t
Wv,
F;.
such that Res( wv ) = v for all v E The map W defined above provides a more explicit description of such a map. Let D' be a divisor such that degD' < de* or equivalently deg(D - D') > 2g - 2. Then O(Do - D + D') n O(D' - D")
= O(D -
D')
= O.
Thus O(Do - D + D') EEl O(D - D') is a direct sum. Let 7T :
O(Do - D + D') EEl O(D - D') -+ O(D - D')
be the projection along O(Do -D +D'). Define L'(v,D') as L'(v,D') =
(r E L(D') IfWv
E O(Do -D+d') EElO(D-D')}.
One can show that L'( v,D') = L(v,D') when D' has support disjoint from the support of Do and degD' > max (degD",deg(D -Do)). The following result is similar to Theorem 12.11 (ii) (see Ehrhard [34, 35]): Proposition 12.12. Suppose L (D' - E) ::f. 0 and O(D' - D non-zero element ofL(v,D'), then
is the error-vector of v.
+ E) = O.
Iff is a
Decoding Geometric Goppa Codes
305
We can easily compare the modified algorithm and Porter's algorithm in the special case when D = m . x and there exists a differential form w' with divisor (w') = (2g - 2)x. Iff is a non-zero element of L(v,i ·x) for the smallest i E {I, 2, ... , n} such that L (v, i . x) =f. 0, then there exists an cp E Reo (x) such that if, cp) is a valid solution ofthe key equation (12.4). Conversely, if if, cp) is a valid solution of(12.4) and i = wif), thenf is anon-zero element ofL(v,i ·x), and i is the smallest integer such that L (v, i . x) =f. 0. Now we describe Ehrhard s algorithm which produces a sequence of divisors {Di ,... ,D; }. It depends on the received vector v and has the property that the basic algorithm A(D;) decodes v when there are at most t = L(dc' - I) /2 J errors. In this way, the elaborate problem of constructing the sequence of divisors is circumvented, although this algorithm still has the complexity of solving a system of linear equations.
Decoding Algorithm 'B(D') Let an element v E
F; be given:
(1) Input v. (2) Set i := 1 and Di := D'. (3) Look for an index j E {1,2, ... ,n} such that dimL'(v,D; -Xj) :S dimL'(v,DD - 2. If there is such aj, then: setD;+1 = D; -Xj, incrementi and continue at step (3), else
(4) If dimL (v,
DD = 0, then continue at step (5), else continue at step (6).
(5) Output? (6) Compute e = (ResX1 (7Tifw,;)/f), ... , Resxn (7Tifw,;)/f)) for some non-zero
f EL'(Di ).
(7) Output v-e.
An alternative of the above algorithm is to apply the basic algorithm A(D;) at step (6). As a result we have the following theorem (see Ehrhard [36] and Duursma [33]): Theorem 12.13. Let X be a smooth projective curve over Fq ofgenus g, and C* = C*(Do,D) an geometric Goppa code with designed minimum distance dc* ~ 4g. Let t = L(dc* -1)/2J and D' be any divisor of degree 2g+t. Then ~(D') is a decoder for C* which corrects t errors. The complexityof~(D') is at most O(n 3 ).
306
Chapter 12
If we apply both algorithms 'B(D') and 'B(D - D') for a divisor D' such that = g + t, then it is enough to assume that de* 2: 4g - 2m, where m is the gonality of the curve X (see [33]). Moreover, it is shown in an example that this cannot be improved.
degD'
12.4.
MAJORITY VOTING FOR UNKNOWN SYNDROMES
Now we restrict our attention to one-point codes, that is geometric Goppa codes of the form C = C(Do,m ·x) or C* = C*(Do,m ·x), where m is an integer and x E X is an Fq -rational point which is distinct from the points Xl, . .. , Xn. We shall show how for one-point codes one can extend the parity-check matrix H with rows ai = (ail, ... ,ain), 1:::; i:::; n -k, to an n x n matrix H' with rows ai = (ail, ... , ain), I :::; i :::; n. This will be done in such a way that the unknown syndromes Si (e) = ai . eT , i > n - k can be obtained recursively from known syndromes Si = SiC V), 1 :::; i :::; n - k, by a majority vote (see Feng and Rao [39], Duursma [32, 33], Kirfel and Pellikaan [95] and Pellikaan [141]). Let Nx = {O = ml < m2 < m3 < ... } be the non-gap sequence of x. The non-gaps form a semi-group in the set of non-negative integers which is generated by m2,m3, ... ,mg +2. Let gi be a rational function on X which has a pole of order mi at X and no other poles. Then {gl, ... , gr } is a basis for L (m r . x). Let ai = (gi(XJ), ... ,gi(Xn)), and Hr be the r x n matrix with ai, 1 :::; i :::; r, as rows. Then Hr is a parity-check matrix of the code C' = C*(Do,m r ·x). We note that the rows of Hr need not be linearly independent. Define a matrix of syndromes
with respect to an error-vector e = (el, ... ,en) by n
sij(e) = Le/gi(Xt)gj(Xt). 1=1
If v is a received vector with error-vector e with respect to C* (Do, mr . x), and + mj :::; mr, then gigj E L(mr ·x), so sij(e) = sij(v). Thus sij(e) is a known entry of the matrix of syndromes for all i,j such that mi + mj :::; mr. Now we define the set of pairs N r by
mi
Let nr = INr I, and define the Fen~Rao minimum distance dFR (r) of the code C* = C*(Do,mr ·x) by
dFR(r) = min {ns Is 2: r}
307
Decoding Geometric Goppa Codes
Note that the definition of dFR (r) depends only on the semi-group of non-gaps of x. One can check that dFR (r) 2: de' and equality holds if r > 3g - 2. In many examples dFR(r) is greater than de' strictly for small r (see Kirfel and Pellikaan [95]). The entries ofthe matrix of syndromes with (i ,j) E Nr are the first unknown syndromes we encounter with respect to C* (Do, mr . x). As soon as we know one sij(e) with (i,j) E N r , we know all the others Sen with ((I", T) E N r , since each one of the functions gig}, gUgT' or gr+1 is a generator of the one-dimensional vector space L(mr+1 ·x) modulo L(mr ·x). In other words, there exist aij,aijl E Fq such that aij =I- and gig} = aijgr+ 1 + L aijlgl
°
ISr
for all i ,j with mi + m} = mr+ I. Therefore
sij(e) = aijsr+l(e) + Laijlsl(e)
(12.5)
ISr
and this relation is the same for all error-vectors. Consider the matrix
If mi + m} = mr+l, then all entries of this matrix, except sij(e), are known. Next, if mi + m} = mr , then S (i ,j) is a matrix of the linear map from L (m) . x) to L(mi ·x) which is used to compute the space L(v,m} ·x) in the basic algorithm A(m} ·x) for the code C* = C*(Do,mr ·x). The rectangular sub-matrices S(i,j) with mi + m} = mr , is the collection of matrices which one encounters in the modified algorithm for C*(Do,mr ·x). If g' E L(m} ·x) is a non-zero error-locator function and }
g'
=L
T=I
bTgT)
then the columns of the matrix S(i,j) are linearly dependent: }
L bTsU,T(e) = 0,
for all
1::;
(I" ::;
i.
T=I
If (i,j) E N r and the three matrices S(i -l,j - 1), S(i -l,j), and S(i,j -1) have equal rank, then (i,j) is called a candidate with respect to C*(Do,mr ·x). If (i,j) is a candidate, then there is a unique value sij(e) to assign to the unknown entry S ij (e) such that the matrices S (i ,j) and S (i - I ,j - I) have equal rank. The element sij (e) is called the candidate value of the unknown syndrome sij (e). A candidate is called correct when sij = sij and incorrect otherwise. Denote the number of correct candidates by M and the number of incorrect candidates by N.
Chapter 12
308
An entry (i,j) is called discrepancy if the three matrices S(iJ), S(i -I,j), and S(i,j - I) have equal rank and the matrices S(iJ) and S(i -I,j -I) do not have equal rank. The total number P of discrepancies is equal to the rank of the matrix of syndromes, soP:::; Ileli. Let v be a received vector with error-vector e which has at most (nr - I) /2 errors with respect to C*(Do,m r ·x). Then all syndromes sij (e) such thatmi +mj :::; mr are known, and the remaining syndromes are unknown. Denote the number of known discrepancies by Q. A candidate is correct if and only if it is a discrepancy, so N + Q:::; P :::; lIell.
If (i ,j) is a known discrepancy, then all entries (i, T) in the ith row with T > i, and all entries ((T ,j) in the jth column with (T > i are not candidates. If (i ,j) E 'Nr is not a candidate, then there is at least one known discrepancy in the same row or column. Thus the number of pairs (i,j) E 'Nr which are not candidates is at most 2Q. The number of pairs (i,j) E 'Nr which are candidates is equal to M + N. Therefore, nr :::;M+N+2Q. Furthermore, we assume that
Ilell :::; (n r -
1)/2.
Combining the above inequalities gives N:::;M-l.
There is no direct way to see whether a candidate is correct or incorrect. But we assigned a candidate value sij of the syndrome sij to every candidate, and this gives a candidate value or vote Sr+1 (i,j) for Sr+l, in view of(12.5). Thus we have proved the following result:
Proposition 12.14. /fthe number oferrors ofa received vector with respect to the code C* (Do, mr . x) is at most (nr - 1) /2, then the majority of the candidates vote for the correct value ofSr+ I. In this way, all unknown syndromes can be found by induction and this allows determination of the error-vector. Thus the proof of the following result has been sketched:
Theorem 12.15. Majority votingfor unknown syndromes corrects L(dFR - I) /2 J errors with complexity O(n 3 ).
The decoding by majority-voting provides a new bound for geometric Goppa codes and this is the basis for an elementary treatment of these codes (see Feng, Rao [40, 41 D. Note also that the majority voting is incorporated in Porter's algorithm.
Decoding Geometric Goppa Codes
309
Problem II. What is the relation between Ehrhard's decoding algorithm and majority voting? Problem III. Does majority voting correct more than l (dFR - 1) /2 J errors?
12.5.
FASTER DECODING
The basic and the modified algorithms as well as the majority scheme have the complexity of solving systems of linear equations, for finding both the errorlocations and the error-values. If one uses the special structure of the syndrome matrix, the complexity of the majority-voting scheme can be reduced from O(n 3 ) to O(n 7 / 3 ). This is done by Feng, Wei, Rao and Tzeng, using the block-Hankel structure of codes on plane curves. The Berlekamp-Massey-Sakata algorithm, which is a generalization of well-known Berlekamp-Massey algorithm on linear recurring relations in one variable to the case of several variables, allows one to get fast implementations of the modified algorithm, of Porter's algorithm and of the majority-voting scheme (see [87, 156, 157]). In this section we show how the Berlekamp-Massey--Sakata algorithm is used for decoding one-point codes up to half of the Feng-Rao distance. Consider codes of the fonn C*
= C*(Do,m ·x) = C.1.(Do,m ·x),
where Do =XI + ... +xn and x f/. SuppDo. Let {ml,m2, ... ,ms } be a minimal set of generators for the semi-group of non-gaps at x in increasing order, and let gj be a rational function on X with pole of order mj at x and with no other poles. Then to any vector a = (aI, ... , as) with integer coordinates there corresponds the function
having a pole only at x of order
w(g") = w(a) =
s
L aimj'
j=1
For the fixed rational function g" we associate with each vector v =
(VI, ... , vn ) E F; a syndrome s" (v) by
n
s,,(v) =
L Vig" (Xi)'
i=1
Then we find that U = (UI, ... , un) E C* if and only if s,,(u) = 0 for all a with w(a) ::; m. In the decoding situation, v = U+e is received and s,,(u + e) = s,,(e)
310
Chapter 12
ifw(a) ::::; m. These can be easily calculated when all syndromes are known. The following version of the discrete Fourier transformation method gives an explicit formula. Proposition 12.16. Assume that all coordinates of the points Xi are non-zero. all syndromes s,,(e), 0::::; aj ::::; q - 2, 1 ::::;j::::; s, are known, then
If
q-2
ei=(-I)i
L
s"g-"(Xi)'
"1,···,"5=1
Now, applying the Berlekamp-Massey-Sakata algorithm, we obtain a fast algorithm e(m) which can decode the one-point geometric Goppa codes up to half of the Feng-Rao bound (see Sakata, Justesen, Madelung, Jensen, Hoholdt [157]). Theorem 12.17. The algorithm e(m) corrects t::::; l(dFR - 1)/2J errors. The complexity of the algorithm is O(n 7/3). The general problem of solving linear equations can be done faster than Gaussian elimination. Its complexity can be reduced from O(n 3 ) to O(n 2 .38), where n is the number of variables.
Problem IV. Is there a decoding algorithm which decodes all geometric Goppa codes up to half the designed minimum distance with complexity O( n 2 ) for n -+ oo? EXERCISES 12.1. Let X be the Hermitian curve given over F q 2 by the equation uq+ l +v q+ l +wq+ l =
o.
The curve X is isomorphic to the curve Y with affine equation
which has exactly one point xoo at infinity and n = q3 points Xl, ... ,Xn in the affine plane. Show that: (a) the semi-group of non-gaps at xoo is generated by q and q + 1; (b) the ring Roo(xoo) of rational functions on the curve Y with only poles at xoo is generated over Fq2 by rational functions gl, g2 such that VXoo (gl) = -q and V xoo (g2) = -(q + 1), that is
Roo(Xoo)
= Fq2 [gl,g2];
(c) Roo(xoo) ~Fq2[U,V]/(vq +v-u q+ 1).
Decoding Geometric Goppa Codes
311
12.2. The Klein quartic X over Fs has the affine equation u 3v+v 3 +u
= O.
It has genus g = 3 and three rational points Zl = (1 : 0 : 0), Z2 = (0 : 1 : 0), and Z3 = (0: 0: 1) over F 2, and 21 points Xl, ... ,X21 which are rational over Fs, but not over F2. Let us consider the code C· = C*(Do,D), coming from X, where Do =Xl + .. ,+x21 +Zl +z3 andD =m ·Z2. It has parameters [23,25-m, ~m-4ls, for 4 < m < 23. The homogeneous equation of the Klein quartic is
and from this we readily see that the intersection divisor of the curve with the line u = 0 is 3Z3 +z2, with the line v = 0 is 3Z1 +z3, and with the line w = 0 is 2Z2 +zl. Letf = u/w and h = v /w. Prove that: (a) (/h k ) = (2k - i)ZI - (2i+ 3k)Z2 + (3i+ k)Z3;
(b) the non-gaps at Z2 less than or equal to 2g+ 1 are 0,3,5,6,7 and the corresponding functions in Roo (Z2) (which have only poles atz2 of orders 0, 3, 5, 6, 7 respectively) aregl = 0,g2 = h, g3 = fh, g4 = h 2, andg5 = f 2h; furthermore, g3k-2 = hk, g3k-1 = f 2h k - l , andg3k = fh k for k ~ 2; (c) there are the following relations between gi:
and (d)
where
a = (uw+v2,u 4 +v+vw,u 3v+w+w3 );
(e) the effective divisors 3z 1 +z3, 3Z2 +ZI and 3Z3 +Z2 are canonical divisors on X;
(f) (df) = 2z3 +4Z2 - 2z1 and therefore (Jdf ) =ZI +3Z2· (Hint: Let t be a local parameter at a point x E X. Write f= Lai ti , i?m
where m
= Vx if), and deduce that
dJrr = " £... ./ait i-I , i?m
312
Chapter 12
where A is an effective divisor. Now for t = f / h, which is a local parameter at Z2, show that and
h = t3 +alt2 +aotl +al
+ ....
Next, show that t = h 2(1 + ht 3 ) and deduce from this that df = (t 4 + higher order terms )dt,
so (dx) = 2Z3 + 4Z2 - 2z1 + B with an effective divisor B. Finally, using the equality deg(df) = 2g - 2 = 4, find that B = 0.); (g) when the basic algorithm A(3 ·Z2) is applied to the code C*(Do, II ·Z2) it corrects single errors (as well as three errors when the error-positions lie on the line v + cw = 0). (Hint: Take D' = 4· Z2, so D - D' = 7· Z2, and show that rational functions I, h form a basis for L (4 . Z2) = L (3 . Z2) and the rational functions l,h,fh,h 2,f2h form a basis for L(7 ·Z2).) (h) the number of decoding failures of the basic algorithm A(5· Z2) to decode two errors is equal to 7 out of
Ci) .
72, the number of all possible error-
vectors with two errors. (Hint: Let (YI ,Y2) be a couple of distinct points of the points XI, ... ,X2I ,ZI,Z3 and Y = YI + Y2. Then L(5 ·Z2 - y) oF 0, and if n(y - 6 .Z2) oF 0, then 6 ·Z2 '" 3 ·Z2 +zl and hence Y +ZI '" 3· Z2. Thus there exists anon-zero rational functiong' E L(3 ·Z2) which is zero atzi. So g' = ch, c E F g, and furthermore YI = Z3 and Y2 = ZI. Now the code
C(y,5 .Z2) = C(y,6· Z2) = C* (y, 6 .Z2) is generated by (I, I), and therefore
L(v,5 ·Z2)
= L(5 ·Z2 -
y)
for a received vector v with Y as error-positions and error-vector e if and only if ex C(y,5 .Z2) n C*(y,6 ·Z2) = o. By Proposition 12.6 this is equivalent to el
oF e2.)
12.3. The code C*(Do,m ·Z2) coming from the Klein quartic X over Fs has designed distance dc' = m - 4, and is therefore t = l (m - 5) /2 J-error-correcting, but since (de- -g-I)/2 = (m -8)/2, the basic algorithmA(D') corrects 1-2 errors when m == 1 mod(2) and t - 1 errors when m == 0 mod (2). The modified algorithm corrects t - 1 errors by Theorem 12.7, since S(Z2) = 1. Show that the extended modified algorithm corrects 1 - I errors when m == I mod(2), and t errors when m == 0 mod(2). (Hint: Ifm == 1 mod (2), takeAo = 4 ·Z2, Al = 2 ·Z2, A2 = 0, and let Ql = {Ao,AI,A3}, so RBZ(8).
For 8 --+ the bound R8n( 8) behaves twice as bad as Rov( 8). Now we shall give another bound which is good for small values of 8.
The Restriction Bound Let us apply the field restriction.
Theorem 13.11. Let
Rlin(8)=max{l-v(q-I).8- 2v(q-I)}, v q q(qv/2 -I) the maximum being taken over all integers v
~
I such that qV is a square. Then
ago l,lin(8) ~ Rlin(8).
•
Proof: See Katsman and Tsfasman [91].
13.3.
OTHER BOUNDS
Now we consider the question concerning asymptotic bounds for non-linear codes having a polynomial decoding complexity. For the set of all polynomial families of [n, k, d]q-codes (linear, or non-linear), let us introduce into consideration the function a Pol (8) (its definition is quite similar to the definition of the function
agol,lin( 8)).
Bounds for Non-Linear Codes Since concatenation can be applied to non-linear codes as well, Theorem 13.8 has the following obvious analogue.
Theorem 13.12. Let Ro (8) =
mr {~ .(I - (l
/2 - I) -I) -
~ . 8} ,
the maximum being taken over all [n,k,d]q-codes such that k ~ I is an integer and qk is an even power ofa prime. Then
320
Chapter 13
Ifnowwe apply alphabet extension to the boundRo( 8), we obtain the following result for ago l ( 8) : Theorem 13.13. Let I
Ro(8) = mgx
{(
10gMP
2v) ((pv -2)2v 2v )} (pv -l)n - d' 8 ,
where the maximum is taken over all [n,k,d]p2v-codes C, and where the prime P and an integer v 2: 1 are such that M = qk 2:p2v. Then
Bounds for Polynomially Decodable Codes In the preceding subsection we have considered asymptotic bounds for polynomial families of codes, but we have not considered decoding problems. Let us considernow a polynomial family of[n, k, d]q -codes Cj with the property that for each Cj , there is a polynomial in the nj decoding algorithm correcting tj ::; l dill J errors. Let · . f tj T= 11m In - . nj-+oo n;
The family Cj corresponds to the point (2T,R) in the unit square [0, (8,R)-plane. Then we can define ag°l. dec ( 8)
and
IF of the
agol. dec ,lin( 8)
similarly to the definition of agol,lin( 8). Just as for agol,lin( 8) we have: Theorem 13.14. Let q = p2v. Then agol.dec,linu» 2: 1 - 8 - 2( vq _1)-1.
Moreover, we have the following results (see Skorobogatov and Vladut [180]): Theorem 13.15. Let
Rolin(8) and
=mgx{~. (1-2(l/2-1)-I) - ~.8}
Bounds
321
the maximum being taken over all linear [n,k,d]q-codes C and over all (not only linear) codes C', respectively, such that l is a square. Then agol. dec ,lin(8)
;::: Rolin(8)
and Theorem 13.16. Let
R*lin(8)=max{l- v(q-I)8_ 3v(q-l) }, I v q q(qv/2 -I) the maximum being taken over all integers v ;::: 1 such that q v is a square. Then agol. dec ,lin(8);:::
Rjlin(8).
EXERCISES 13.1. Prove Theorem 13.4. 13.2. Prove Theorem 13.5. (Hint: Consider a family of Reed-Solomon [n;,k;,d;]qki -
codes, where q; = li, such that k; ~ 00, d;/n; ~ 80, k;/n; ~ Ro, 80 +Ro = I, n; = q;, and a family of [n;,ki,df]q-codes with n; ~ 00, di/n; ~ 8', kiln; ~ R', R' = I-Hq (8'); then show that concatenation gives [n;n;,k;ki,d;df]q-codes with R = RoR' = (1- 8o)(I-Hq (8')), 8 = 808', and that the construction is polynomial in n;n;.)
13.3. Let
Show that:
(a) I-RBz(8)~~L8.lo~8 (b) RBZ(W)
~
6(q-f;ZIOgq . w 2
8~00;
for for
W = (q -I)/q - 8 ~ o.
13.4. Prove Proposition 13.7 and Theorem 13.9. 13.5. Show that: (a) for 8 ~ 0 the bound Rgn(8) behaves at worst as
R ~ I + 28 logq 8; (b) for w = (q -1)/2 - 8 ~ 0 the bound Rgn(8) behaves at worst as
if if
q =p2v q =p2v+!
322
Chapter 13
13.6. Show that RliO(8),,-,1+2Q-l.810gq8 q
for
8--+0.
agO\
8) logq q') under the alphabet extension, and then apply the obtained result to the bound Ro( 8).)
13.7. Prove Theorem 13.13. (Hint: Show that agol(8) ;::: maxq':-309. [118] MacWilliams F. J., Sloane N. J. A., The Theory of Error-Correcting Codes, North-Holland, Amsterdam, 1977. [119] Manin Yu. I., What is the maximum number of points on a curve over F2?, J. Fac. Sci. Tokyo, Ser. lA, 1982,28, no. 3, p. 71>-720. [120] Manin Y. I., Vladut S. G., Linear codes and modular curves, J. Soviet. Math., 1985, 30, p. 2611-2643. [121] Matsumura H., Commutative Algebra, W. A. Benjamin, New York, 1970. [122] McElice R. J., The Theory of Information and Coding, Encyclopedia of Math. and its Appl., v. 3, Addison-Wesley, Reading, MA, 1977. [123] McElice R. J., Finite Fieldsfor Computer Scientists and Engineers, Kluwer, Boston, 1987. [124] Michon 1. F., Codes de Goppa, Sem. Theorie Nombres, Bordeaux, 1983/84,7, p.l-17. [125] Michon 1. F., Les Codes BCH comme codes geometriques, Preprint, 1985. [126] Michon 1. F., Amelioration des parameters des codes de Goppa, Preprint, 1986. [127] Miyake T., Modular Forms, Springer-Verlag, Berlin, 1989. [128] Moreno C. J., Goppa codes and modular curves, Preprint, 1985. [129] Moreno C. J., Algebraic Curves over Finite Field, Cambridge Univ. Press, 1991 [130] Moreno C. J, Moreno 0., Exponential sums and Goppa codes 1,2,3,4, Preprints, 1988-89. [131] Moreno C. J, Moreno 0., Exponential sums and Goppacodes I, Proc. Amer. Math. Soc., 1991, 111, p. 523-531; 2, IEEE Trans. Info. Theory, 1992, IT-38, p. 1222-1229. [132] Moreno C. J, Moreno 0., An improved Bombieri-Weil bound in characteristic two and applications to coding theory, J. Number Theory, 1992, 42, p. 32-46. [133] Moreno 0., Counting traces of powers over GF(2m), Congr. Numer., 1980,29, p. 673--680. [134] Moreno 0., Kumar P. V., Minimum distance bounds for cyclic codes and Deligne's theorem, IEEE Trans. Info. Theory, to appear. [135] Ogg A., Hyperelliptic modular curves, Bull. Soc. Math. France, 1974, 102, p. 449-462. [136] Ozbudak F., On lower bounds for incomplete character sums over finite fields, Finite Fields and their Appl., 1996,2, p. 173-191. [137] Ozbudak F., Codes on fibre products of some Kummer coverings, Preprint, 1996.
330
Bibliography
[138] Ozbudak E, On configurations of lines in Fq x Fq and fibre products of some Kummer coverings, Preprint, 1997. [139] Pellikaan R, On a decoding algorithm for codes on maximal curves, IEEE Trans. Info. Theory, 1989,IT-35,p.1228-1232. [140] Pellikaan R, On the gonality of curves, abundant codes and decoding, Coding Theory and Algebraic Geometry, Lect. Notes in Math., 1518, Springer-Verlag, Berlin, 1992, p. 132-144. [141] Pellikaan R., On the efficient decoding of algebraic-geometric codes, Proc. Eurocode 92, CISM Courses and Lectures, 339, Springer-Verlag, New York, 1993, p. 231-253. [142] Perret M., Sur Ie nombre de points d'une courbe sur un corps fini; application aux codes correcteurd'erreurs, C. R. Acad. Sci. Paris, Ser. 1,1989,309, p. 177-182. II43] Perret M., Multiplicative character sums and nonlinear geometric codes, Lect. Notes in Camp. Science, 514, Springer-Verlag, Berlin, 1991, p. 158-165. [144] Perret M., Tours ramifiees de corps de classes, J. Number Theory, 1991,38, p. 300-322. [145] Peterson W.
w., Weldon E. J., Error-Correcting Codes, MIT Press, Cambridge, MA, 1972.
[146] Porter S. C., Ph. D. Dissertation, Yale University, New Haven, CT, 1988. [147] Porter S. C., Shen B.-Z., Pellikaan R., Decoding geometric Goppa codes using extra place, IEEE Trans. Info. Theory, 1992, IT-38, p. 1663--1676. [148] Quebbemann H. G., Cyclotomic Goppa codes, IEEE Trans. Info. Theory, 1988, IT-34, no. 5, p. 1317-1320. [149] Quebbemann H. G., On even codes, Discr. Math., 1991,98, p. 29--34. [150] Rodier E, Minoration de certaines sommes exponentialles binaries, Lect. Notes in Math., 1518, Springer-Verlag, Berlin, 1992, p. 199--210. [151] Rodier E, Minoration de certaines sommes exponentielles II, Preprint, 1993. [152] Roland R, On hypersurfaces over a finite field and the parameters of the projective ReedMuller codes, Preprint, 1990. [153] Roquette P., Abschiitzung der Automorphismezahl von Funktionenkorpem bei primzahl Characteristic, Math. Zeitschr., 1970, 117, p. 157-163. [154] Riick H. G., On Goppa codes defined by Kummer and Artin--Schreier extensions, J. Pure and Appl. Algebra, 1990,64, p. 163--169. [155] Riick H. G., Stichtenoth H., A characterization of Hermitian function fields over finite fields, J. reine angew. Math., to appear. [156] Sakata S., Jensen H. E., Hoholdt T., Generalized Berlekamp-Massey decoding of algebraicgeometric codes up to half the Feng-Rao bound, Trans. Info. Theory, 1995, 41, no. 6, p. 1762-1768. [157] Sakata S., Justesen J., Madelung Y., Jensen H. E., and Hoholdt T., A fast decoding method of AG codes from Miura-Kamiya curves Cab Up to half the Feng-Rao bound, Finite Fields and Their Appl., 1995,1, p. 83--101.
Bibliography
331
[158] Scharlau W., Selbstduale Goppa Codes, Math. Nachr., 1989,143, p. 119-122. [159] Schmidt W. M., Equations over Finite Fields, Lecture Notes in Math., 536, Springer-Verlag, New York, 1976. [160] Schoeneberg B., Uber die Weierstrasspunkte in der Korpern der elliptischen Modulfunktionen, Abh. Math. Sem. Univ. Hamburg, 1951,17, p. 104-111. [161] SchoofR, Nonsingular curves over finite fields, J. Combin. Theory, Ser. A, 1987,46, no. 2, p. 183-211. [162] SchoofR, Algebraic curves and coding theory, UTM, 336, Univ. ofTrento, 1990. [163] SchoofR, Algebraic curves over F2 with many rational points, J. Number Theory, 1992,41, p.6-14. [164] SchoofR, van der Vlugt M., Hecke operators and the weight distribution of certain codes, J. Combin. Theory, Ser. A, 1991,57, p. 163-186. [165] Serre J. P., Groups Algebriques et Corps de Classes, Hermann, Paris, 1959. [166] Serre J. P., Majoration de sommes exponentielles, Astmsque 41-42,Soc. Math. France, Paris, 1977. [167] Serre J. P., Local Fields, Springer-Verlag, New York, 1979. [168] Serre J. P., Nombre de points de courbes algebriques sur Fq , 8em. Theorie Nombres Bordeux, 1982-83,22,p.I-8. [169] Serre J. P., Sur Ie nombre des points rationnels d'une courbe algebrique sur un corps fini, C. R. Acad. Sci. Paris, Ser. I, 1983, 296, p. 397-402. [\70] SerreJ. P., Resume des cours de 1983-1984, Annuaire du College de France, 1984, p. 79-83. [171] Serre J. P., Rational points on curves over finite fields, Lectures given at Harvard University, Sept.-Dec. 1985. [172] Shafarevich I. R, Basic Algebraic Geometry, Springer-Verlag, Berlin, 1977. [173] Shen B.-Z., Tzeng K. K., Decoding geometric Goppa codes up to designed minimum distance by solving a key equation in a ring,lEEE Trans. Info. Theory, 1995,41, no. 6, p. 1709-1719. [174] Shen B.-Z., Tzeng K. K., Generation of matrices for determining minimum distance and decoding of algebraic-geometric codes, IEEE Trans. Info. Theory, 1995,41, no. 6, p. 17031708. [175] Shimura G., Correspondances modulaires et les fonctions , de courbes algebriques, J. Math. Soc. Japan, 1958, 10, p. 1-28. [176] Shimura G., Introduction to the Arithmetic Theory of Automorphic Functions, Pub\. Math. Soc. Japan, Princeton Univ. Press, 1971. [177] Silverman J. H., The Arithmetic of Elliptic Curves, Graduate Texts in Math., 106, SpringerVerlag, 1986. [178] Silverman J. H., Tate J., Rational Points on Elliptic Curves, Springer-Verlag, New York, 1992.
332
Bibliography
[179] Skorobogatov A. N., The parameters of subfield subcodes of algebraic-geometric codes, Discr. Appl. Math., 1991,33, p. 205-214. [180] Skorobogatov A. N., Vladut S. G., On the decoding of algebraic-geometric codes, IEEE Trans. Info. Theory, 1990, IT-36, no. 5, p. 1051-1060. [l81] Sloane N. J. A., Sphere packing constructed from BCH and Justesen codes, Mathematika, 1972,19, p. 183-190. [182] Sorensen A. B., Projective 1567-1576.
Ree~Muller
codes, IEEE Trans. Info. Theory, 1991, IT-37, p.
[183] Springer G., Introduction to the Theory ofRiemann Surfaces, Addison-Wesley, Reading, MA, 1957. [184] Stepanov S. A., The number of points ofa hyperelliptic curve over a finite prime field, Math. USSR Izv., 1969,3, p. 1103-1119. [185] Stepanov S. A., Congruences in two unknowns, Math. USSR Izv., 1972,6, no. 1, p. 677-709. [186] Stepanov S. A., On lower bounds of character sums over finite fields, Discr. Math., 1991,3, no. 2,p. 77---S6 (in Russian); Discr. Math. Appl., 1992,2, no. 5, p. 523-532. [187] Stepanov S. A., Arithmetic of Algebraic Curves, Plenum, New York, 1994. [188] Stepanov S. A., Character sums and coding theory, Finite Fields and Applications. London Math. Soc. Lect. Note Series, 233, Cambro Vniv. Press, Cambridge, 1996, p. 355-376. [189] Stepanov S. A., Codes on fibre products of hyperelliptic curves, Diskret. Mat., 1997,9, no. 1, p. 83-94; Discr. Math. Appl., 1997,7, no. 1, p. 77---S8. [190] Stepanov S. A., Character sums, algebraic curves and Goppa codes, Algebraic Geometry, Lect. Notes in Pure and Appl. Math., Ser. 193, Marcel Dekker, New York, 1997, p. 313- 345. [191] Stepanov S. A., Ozbudak F., Fibre products of hyperelliptic curves and geometric Goppa codes, Discr. Math., 1997,7, no. 3, p. 223-229. [192] Stepanov S. A., Ozbudak F., Fibre products of superelliptic curves and codes therefrom, Proc. 1997 IEEE Intern. Symp. on Info. Theory, Vim, Germany, 1997, p. 413. [193] Stichtenoth H., Self-dual Goppa codes, J. Pure Appl. Algebra, 1988,55, p. 199-211. [194] Stichtenoth H., A note on Hermitian codes over GF(q2), IEEE Trans. Info. Theory, 1988, IT-34, no. 5, p. 1345-1348. [195] Stichtenoth H., On automorphism of geometric Goppa codes, J. Algebra, 1990,130, no. 1, p. 113-l2l. [196] Stichtenoth H., Algebraic-geometric codes associated to Artin- Schreier extensions of Fq[z], Proc. of the second Intern. Workshop on Algebraic Geometry and Combinatorial Coding Theory, Leningrad, 1990, p. 203-206. [197] Stichtenoth H., Algebraic Function Fields and Codes, Springer-Verlag, Berlin, 1993. [198] Stichtenoth H., Algebraic geometric codes, Proceedings ofSymposia in Applied Mathematics, 50, AMS, New York, 1995, p.139-152.
Bibliography
333
[199] Stichtenoth H., Xing C. P., On the structure of the divisor class group of a class of curves over finite fields, Arch. Math., 1995, 65, p. 141-150. [200] Stohr K. 0., Voloch J. F., Weierstrass points and curves over finite fields, Proc. London Math. Soc. (3), 1986, 52, p. 1-19. [201] Tate J., The arithmetic of elliptic curves, Invent. Math., 1974,23, p. 179--206. [202] Tate J., Endomorphisms of abelian varieties over finite fields, Invent. Math., 1996, 2, p. 134-144. [203] Tiersma H. J., Remarks on codes from Hermitian curves, IEEE Trans. Info. Theory, 1987, IT-33,p.605-609. [204] Tsfasman M. A., On Goppa codes which are better than the Varshamov-Gi.!bert bound, Probl. Info. Trans., 1982, 18, p. 163--166. [205] Tsfasman M. A., Group of points of an elliptic curve over a finite field, Preprint, 1985. [206] Tsfasman M. A., Algebraic-geometric codes and asymptotic problems, Discr. Appl. Math., 1991,33, p. 241-256. [207] Tsfasman M. A., Global fields, codes and sphere packings, Asterisques, 1991, 198-200, p. 373--396. [208] Tsfasman M. A., Vladut S. G., Algebraic-Geometric Codes, Kluwer Acad. Pub!., Dordrecht, 1991. [209] Tsfasman M. A., Vladut S. G., Geometric approach to higher weights, IEEE Trans. Info. Theory, 1995,4I,no.6,p. 1565-1588. [210] Tsfasman M. A., Vladut S. G., Zink T., Modular curves, Shimura curves and Goppa codes, better than the Varshamov-Gilbert bound, Math. Nachr., 1982, 109, p. 21-28. [211] Vladut S. G., On the polynomiality of codes on classical modular curves, Preprint, 1983. [212] Vladut S. G., An exhaustion bound for algebraic-geometric "modular" curves, Probl. Info. Trans., 1987,23, p. 23--43. [213] Vladut S. G., Algebraic-geometric "modular" codes as group codes, Preprint, 1989. [214] Vladut S. G., On the decoding of algebraic-geometric codes over Fq for q Trans. Info. Theory, IT-36, no. 6, p. 1461-1463.
~
16, 1990, IEEE
[215] Vladut S. G., Drinfeld V. G., Number of points of algebraic curves, Func. Anal., 1983,17, no. 1, p. 68-69. [216] Vladut S. G., Katsman G. 1., Tsfasman M. A., Modular curves and codes with polynomial construction complexity, Probl. Info. Trans., 1984,20, p. 35-42. [217] Voloch J. F., Codes and curves, Eureka, 1983,43, p. 53--61. [218] Voloch J. F., A note on elliptic curves over finite fields, Bull. Soc. Math. France, 1988, 116, p. 455-458. [219] Voss C., On the weights of trace codes, Coding Theory and Algebraic Geometry, Lect. Notes in Math., 1518, Springer-Verlag, Berlin, 1992, p. 193--198.
334
Bibliography
[220] Voss C., Hoholdt T., A family ofKummer extensions ofthe Hennitian function fields, Commun. Algebru, 1995,23,no.4,p. 1551-1566. [221] Voss C., Stichtenoth H., Asymptotically good families of subfield subcodes of geometric Goppa codes, Geometriae Dedicata, 1990,33, p. 111-116. [222] Waterhouse W. C., Abelian varieties over finite fields, Ann. Sci. E. N. S. (4), 1969, 2, p. 521-560. [223] Weil A., On some exponential sums, Proc. Nat. Acad. Sci. USA, 1948,34, p. 204-207. [224] Weil A., Sur les Courbes Algebriques et les Varietes qui s •en Dtiduisent, Hennann, Paris, 1948. [225] Weil A., Varietes Abeliennes et Courbes Aigebriques, Hermann, Paris, 1948. [226] Weil A., Number of solutions of equations in finite fields, Bull. Amer. Math. Soc., 1949,55, p. 497-508. [227] Wirtz M., On the parameters of Goppa codes, IEEE Trans. Info. Theory, 1988, IT-34, no. 5, p. 1341-1343. [228] Wolfinann J., Nombre de points rationnels de courbes algebriques sur des corps finis associees Ii des codes cycliques, C. R. Acad. Sci. Paris, Ser. 1,1987,305, p. 345-348. [229] Wolfinann J., The weights of the dual code to the Melas code over GF(3), Discr. Math., 1989, 74, p. 327-329. [230] Wolfinann J., New bounds on cyclic codes from algebraic curves, Lecture Notes in Compo Science, 388, Springer-Verlag, Berlin, 1989, p. 47-62. [231] Wolfinann J., The number of points of certain algebraic curves over finite fields, Commun. Algebra, 1989,17, p. 2055-2066. [232] Wolfinann J., The number of solutions of certain diagonal equations over finite fields, J. Number Theory, 1992,42, p. 247-257. [233] Xing C. P., Multiple Kummer extensions and the number of prime divisors of degree one in function fields, J. Pure and Appl. Algebra, 1993, 84, p. 85-93. [234] Xing C. P., On automorphisms groups of the Hermitian codes, IEEE Trans. Info. Theory, 1995, IT-41,no.6,p.1629-1635. [235] Xing C. P., Stichtenoth H., The genus of maximal function fields over finite fields, Manuscripta Math., 1995, 86, p. 217-224. [236] Yang K., Kumar P. V., Stichtenoth H., On the weight hierarchy of geometric Goppa codes, IEEE Trans. Info. Theory, 1994, IT-40, p. 913--920. [237] Zink T., Degeneration of ShimuTa surfaces and a problem in coding theory, Lecture Notes in Compo Science, 199, Springer-Verlag, Berlin, 1996, p. 503-511 [238] Zinoviev V. A., Ericson T., On concatenated constant weight codes ameliorating the Varshamov--Gilbert bound, Prahl. Info. Truns, 1987,23, no. I, p. 110-111. [239] Zinoviev V. A., Litsyn S. N., Codes that exceed the Gilbert bound, Prabl. Info. Trans., 1985, 21,no. l,p. 105-108.
List of Notations General Notations
AcB AyB
o
IMI
f·g Imcp Kercp Z N Q ~
c min min
Fq Fq[u]
I(v)
{(s) J.L(n) cp(n) R(x,e i ) ZjnZ
proper subset {A =1= B} injective map empty set cardinality of a set composition of maps image of a map kernel of a map ring of integers set of positive integers field of rational numbers field of real numbers field of complex numbers m divides n in the ring Z m does not divide n in the ring Z finite field with q elements ring of polynomials in U over Fq number of monic irreducible polynomials in Fq[u] of degree v zeta-function of Fq[u] Mobius function Euler phi-function Lagrange-Hilbert resolvent residue ring modulo n 335
336
laJ fal
loga (a,b) (~) Rez Irnz
(~) L/K [L:K]
k chark nonn(a)
tr(a) k[Tl, ... ,Tn] k[[Tl, ... , Tn]] degF k*
GLn(R) Resx(f)
x·y V* diIllk V VEBW V®W
vn
Vli!m
A®B G
G/H
[G :H], or (G: H)
(g) Gx
k[G]
'Unn
X
'"
List of Notations
integer part, laJ :::; a < laJ + 1 upper integer part, a :::; fa 1< a + 1 = loge a g.c.d. of integers a and b generalized Legendre symbol real part of z E C imaginary part of z E C binomial coefficient field extension degree of a field extension algebraic closure of a field characteristic of a field nonnofa trace ofa ring of polynomials in n variables over k ring of fonnal series in n variables over k degree of a polynomial multiplicative group of a field general linear group of order n over a ring residue of a function f at a point x inner product of vectors dual linear space dimension of a linear space over a field k direct sum of linear spaces tensor product of linear spaces nth power of a linear space nth tensor power of a linear space Kronecker (tensor) product of matrices dual group factor-group index of a subgroup cyclic group generated by g stabilizer group ring primitive nth root of unity group of nth roots of unity mUltiplicative character additive character
List of Notations
337
Coding Theory C
M=ICI k = logq ICI [n,k,d)q d(x,y) d d.l R=k/n 8=d/n
Ilxll
Bt(x) G H C.l
Wc(u: v) Wc(u), Wc(v) j(z) Pi(U) MDS Aq(n,d) A~n(n,d)
Hq(8) RH(8) Rp(8) RBE(8) R/p(8) RG(8) RGv(8) RAG(8) RBZ(8) Rz(8) RS CH CR,CN q,c~
BCH Cll,C23
code cardinality of a code log-cardinality of a code parameters of a code Hamming distance minimum distance of a code minimum distance of a dual code information rate relative minimum distance Hamming weight of a vector ball of radius t centered at x generator matrix parity-check matrix dual code weight enumerator non-homogeneous weight enumerators Hadamard transform Krawtchouk polynomial maximum distance separable code = max {qk Ithere exists an [n, k, d) q-code over
Fq} = max{qk Ithere exists a linear [n,k,d)q-code over Fq} q-ary entropy function asymptotic Hamming bound asymptotic Plotkin bound asymptotic Bassalygo-Elias bound asymptotic linear programming bound asymptotic Gilbert bound asymptotic Gilbert-Varshamov bound asymptotic algebraic-geometric bound asymptotic Blokh-Zyablov bound asymptotic Zyablov bound Reed-Solomon code Hamming code quadratic-residue codes extended quadratic-residue codes Bose--Chaudhuri-Hocquenghem code Golay codes
List of Notations
338
Cl2, C24 C(Do,D), C*(Do,D) dc,dc'
A(D') ~(D')
dFR(r)
Ev Res xxy C!$C2
cm
C!®C2 c®m
Vq
Uq
aq(8) vlin q
extended Golay codes geometric Goppa codes designed minimum distance of codes C(Do,D) and C*(Do,D) basic decoding algorithm Ehrhard's decoding algorithm Feng-Rao minimum distance evaluation map residue map Kronecker product of vectors direct sum of linear codes power of a linear code tensor (or Kronecker) product oflinear codes tensor power of a linear code = {(8,R) Ithere exists an [n,k,dlq-code with din = 8 and kin =R} set oflimit points of Vq
=sup{R I(8,R) E Uq } = {(8,R) Ithere exists a linear [n,k,dlq-code
with din = 8 and kin = R} set of limit points of v~in =sup{R (8,R) E u~in}
I
function Clq for a polynomial family of codes
age1.dec,lin(8)
function Clq for a polynomial family of linear codes function age! for a family of codes having a polynomial decoding complexity for a family of linear codes having function a polynomial decoding complexity
ago!
Algebraic Geometry An lP"
YeS)
a(X) m
p
rea) X
affine n-dimensional space projective n-dimensional space zero set = {F E k[TlIF(x) = 0 for all x EX} maximal ideal prime ideal mdical of an ideal algebmic variety, smooth projective curve
List of Notations
dimX k[X] k(X) U