Lecture 25:
Review session
Teaching evaluations
Recall Theorem 1 (proved last time): Let F be a field. The quotient ring F [x]/f (x) is a field iff f (x) is irreducible (in which case
the quotient ring is called a quotient field).
Theorem 2: Let F be a finite field and f (x) ∈ F [x]. Then
|F [x]/f (x)| = |F |deg(f (x)).
Proof: We claim that every equivalence class in F [x]/f (x) contains
exactly one representative which is a polynomial over F of degree
< deg(f (x)).
– Proof: if g(x) ∼ h(x) and deg(g(x)), deg(h(x)) < deg(f (x)),
then f (x) divides a polynomial of degree strictly less than deg(f (x)):
g(x) − h(x) = q(x)f (x)
Impossible, unless g(x) = h(x). So, every equivalence class contains
at most one such polynomial.
Now every polynomial g(x) is equivalent to a polynomial of degree
< deg(f (x)): apply division algorithm:
g(x) = q(x)f (x) + r(x)
g(x) ∼ r(x).
So the equivalence classes in F [x]/f (x) are in 1-1 correspondence
with all polynomials of degree < deg(f (x)). Such a polynomial has
deg(f (x)) coefficients and |F | choices for each coefficient. Thus,
there are |F |deg(f (x)) choices. Let’s say F = GF (2) and deg(f ) = 2. Then the representatives
are {0, 1, x, 1 + x}
1
Examples of addition/multiplication tables:
1. F = GF (2), f (x) = 1 + x2
In this quotient ring, [x2] = [1] = 1.
+
0
1
x 1+x
0
0
1
x 1+x
1
1
0 1+x x
x 1+x 0
1
x
1+x 1+x x
1
0
·
0 1
x 1+x
0 0 0
0
0
1 0 1
x 1+x
x 0 x
1 1+x
1+x 0 1+x 1+x 0
Is not a field, because 1 + x has no multiplicative inverse.
2. F = GF (2), f (x) = 1 + x + x2
In this quotient ring, [x2] = [1 + x].
0
1
x 1+x
+
0
0
1
x 1+x
1
1
0 1+x x
x
x 1+x 0
1
1+x 1+x x
1
0
·
0
1
x
1+x
0 1
x 1+x
0 0
0
0
0 1
x 1+x
0 x 1+x 1
0 1+x 1
x
2
Is a field: because every nonzero element has a multiplicative inverse.
Z2[x]/(1 + x + x2) = GF (4) = {0, 1, a, b}:
Identify 0 ↔ 0, 1 ↔ 1, x ↔ a, 1 + x ↔ b (or vice versa)
Theorem 2 explains why GF (2)[x]/(x2 + 1) is not a field and
GF (2)[x]/(x2 + x + 1) is a field.
Theorem 3: For every prime p and positive integer k, there exists
an irreducible polynomial of degree k over Zp.
Corollary: There exist fields of size pk for every prime p and positive integer k.
Proof: apply the Theorems 3,2,1. .
Theorem 3 is proven in a very indirect way. But once you find such
a polynomial f , you can construct GF (pk ) explicitly as the quotient
field Zp[x]/f (x), as in GF (4) above. In HW6, you will do this for
GF (8).
———————————————————
A little more detail on construction of GF (pk ) (you are not responsible for this):
In HW6, you will show that for every nonzero α ∈ GF (q), αq−1 =
1 (generalize Fermat’s little theorem). So, all α ∈ GF (q) are solutions to the polynomial xq − x = 0.
Since there are exactly q elements of GF (q), we can view GF (q)
as the set of all solutions to xq − x = 0.
Example: The polynomial x4 − x = 0 has two solutions in Z2, but
four solutions in GF (4).
Given a field F and a polynomial g(x) over F , one proves the
existence of a smallest field G = G(F, g(x)) containing f s.t. g has
deg(g) roots in G.
3
k
Let F = Zp and g(x) = xp − x. Then g(x) has pk roots in G.
One can show that these roots are distinct. So, G contains pk distinct
roots of g(x). Then one shows that the roots themselves form a field
(of size pk ).
k
It turns out that at least one of the factors of g(x) = xp − x is
irreducible in Zp and has degree k.
—————————————————————————
In HW6, you will show that for every nonzero α ∈ GF (q), αq−1 =
1 (generalize Fermat’s little theorem). So, all α ∈ GF (q) are solutions to the polynomial xq − x = 0.
Example: Z5:
α
1
2
3
4
α2
1
4
4
1
α3
1
3
2
4
α4
1
1
1
1
For some (nonzero) elements α ∈ Z5, the powers of α sweep out
all of Z5 \ {0} and others not: in the example above, 2 and 3 do, but
1 and 4 do not.
Defn: A primitive element of a finite field GF (q) is a (nonzero)
element α ∈ GF (q) such that {α, α2, . . . , αq−1} = GF (q) \ {0}.
Theorem 4: Every finite field has a primitive element.
We will not prove this.
In HW6, you will find primitive elements of certain finite fields.
If you represent elements of GF (q) \ {0} as powers of a primitive
element, you get a very simple multiplication table:
αiαj = αi+j
4
mod q−1
Example: multiplication table for Z5 using a primitive element α:
·
0
α
α2
α3
α4
0
0
0
0
0
0
α
0
α2
α3
α4
α
α2
0
α3
α4
α
α2
α3
0
α4
α
α2
α3
α4
0
α
α2
α3
α4
(a cyclic table)
Using α = 2 as a primitive element for Z5:
·
0
2
4
3
1
0
0
0
0
0
0
2
0
4
3
1
2
4
0
3
1
2
4
3
0
1
2
4
3
1
0
2
4
3
1
For GF (4), the primitive elements are a and b.
Using α = a as a primitive element, the multiplication table for
GF (4) becomes:
·
0
a=α
b = α2
1 = α3
0
0
0
0
0
a=α
0
b = α2
1 = α3
a=α
b = α2
0
1 = α3
a=α
b = α2
Defn: Let q be a power of a prime and
2≤r <n≤q−1
5
1 = α3
0
a=α
b = α2
1 = α3
Let α1, α2, . . . , αn be distinct nonzero

1
1 ···
 α
 1 α2 · · ·

H =  α12 α22 · · ·

 ··· ··· ···
α1r−1 α2r−1 · · ·
elements of GF (q). Let

1
1
αn−1 αn 

2
2 
αn−1 αn 

··· ··· 
r−1
αn−1
αnr−1
The linear code defined by the parity check matrix H is called a
Reed-Solomon (RS) code.
We will see that the rows of H are linearly independent (as is
required of any parity check matrix).
Theorem: An RS code with parameters q, n, r as above is an
[n, n − r, r + 1] linear code.
Recall Singleton bound: for an (n, M, d) code,
d ≤ n − logq (M ) + 1
For a [n, k, d]q linear code, M = q k , and so Singleton bound becomes
d ≤ n − k + 1.
For an RS code, n − k = r. So,
d=r+1=n−k+1
So RS codes achieve the upper limit for d (given, n, k, q). That
is, given n, k, q, RS codes have the best possible error correction
capability.
6
Lecture 26:
Teaching Evaluations.
Schedule review session.
Recall defn of RS code.
Today we will show:
Theorem: An RS code with parameters q, n, r as above is an
[n, n − r, r + 1] linear code.
Example: q = 7, n = 6, r = 2
1 1 1 1 1 1
H=
1 2 3 4 5 6
Then n = 6, k = 4, d = 3. So, 1-error-correcting.
Another example: q = 7, n = 6, r = 4

 
1
1 1 1 1 1 1

 
1 2 3 4 5 6  1
H=
=
 1 22 32 42 52 62   1
1
1 23 33 43 53 63
1
2
4
1
1
3
2
6
1
4
2
1
1
5
4
6

1

6

1
6
Then n = 6, k = 2, d = 5. So, 2-error-correcting.
Most famous example: q = 256, n = 255, r = 32. So, n = 255.k =
223, d = 33. So, 16-byte-error correcting.
Defn: Let r ≥ 2 and α1, α2, . . . , αr be distinct elements of of a
field F . The r × r square matrix:


1
1 ··· 1
1
 α

 1 α2 · · · αr−1 αr 


2
A =  α12 α22 · · · αr−1
αr2 


 ··· ··· ··· ··· ··· 
r−1
α1r−1 α2r−1 · · · αr−1
αrr−1
7
is called a Vandermonde matrix, denoted V an(α1, . . . , αr )
Lemma: The determinant of a Vandermonde matrix is nonzero.
Proof: by induction.
For r = 2, det(A) = α2 − α1 6= 0.
Assume true for r − 1, and prove for r.
For i = r − 1, . . . , 1, replace R
i+1
by R
i+1
i
− α1 R .
This results in the matrix:


1
1
···
1
1

 0
α2 − α1
···
αr−1 − α1
αr − α1




B =  0 α2(α2 − α1) · · · αr−1(αr−1 − α1) αr (αr − α1) 


···
···
···
···

 ···
r−2
0 α2r−2(α2 − α1) · · · αr−1
(αr−1 − α1) αrr−2(αr − α1)
Q
and det(A) = det(B) = det(V an(α2, . . . , αr )) ri=2(αi − α1) 6= 0,
by the induction hypothesis.
Q
Note: It follows that det (V an(α1, . . . , αr )) = 1≤i<j≤r (αj −
αi).
Recall from linear algebra:
Proposition: for a square matrix A,
TFAE:
1. det (A) 6= 0
2. the rows of A form a linearly independent set
3. the columns of A form a linearly independent set.
Proof: First note that the “zeroness” of the determinant is unaffected by elementary row operations.
So, the determinant of a matrix is nonzero iff the determinant of
its RREF is nonzero. But the RREF of a square matrix is either
8
the identity matrix or has a zero row. So, the determinant of such a
matrix is nonzero iff there are no zero rows in the RREF. But there
are no zero rows iff the rows of the original matrix form a basis,
equivalently are linearly independent.
The same holds for the column set since one can do the same thing
with the columns and the determinant of a matrix and its transpose
are the same. Theorem: An RS code with parameters q, n, r as above is an
[n, n − r, r + 1] linear code.
Proof of Theorem: Clearly, n is the length of the code.
By the Lemma, any matrix M consisting of exactly r columns of
H is a Vandermonde matrix and hence has nonzero determinant and
hence the rows and columns of M form linearly independent sets.
Let M be a square matrix as above (say the matrix formed from
the first r columns). Any linear dependence of the rows of the parity
check matrix H would yield a linear dependence of the rows of M .
Since the rows of M are linearly independent, so are the rows of H.
So, dim(C ⊥) = r and so k = dim(C) = n − r.
Since every set of r columns is linearly dependent, we have d ≥ r+
1. But we know from the Singleton bound that d ≤ n−k +1 = r+1.
So, d = r + 1. Recall: given parity check matrix H, the minimum distance is
equal to min m s.t. there exists a set of m columns of H that is
linearly dependent.
Equivalently, the minimum distance is equal to 1 + max m s.t.
every set of m columns of H is linearly independent.
In general, the minimum distance is not equal to 1 + max m s.t.
there exists a set of m columns of H that is linearly independent.
9