Discrete Mathematics 321 (2014) 76–89

Contents lists available at ScienceDirect

Discrete Mathematics
journal homepage: www.elsevier.com/locate/disc

Binary cyclic codes from explicit polynomials over GF(2m )✩

Cunsheng Ding a , Zhengchun Zhou b,∗
a
Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Clear Water Bay, Kowloon,
Hong Kong, China
b
School of Mathematics, Southwest Jiaotong University, Chengdu, 610031, China

article info abstract

Article history: Cyclic codes are a subclass of linear codes and have applications in consumer electronics,
Received 14 August 2013 data storage systems, and communication systems as they have very efficient encoding and
Received in revised form 18 December 2013 decoding algorithms. In this paper, monomials and trinomials over finite fields with even
Accepted 23 December 2013
characteristic are employed to construct a number of families of binary cyclic codes. Lower
bounds on the minimum weight of some families of the cyclic codes are developed. The
minimum weights of other families of the codes constructed in this paper are determined.
Keywords:
Polynomials
The dimensions of the codes are flexible. Some of the codes presented in this paper are
Permutation polynomials optimal or almost optimal in the sense that they meet some bounds on linear codes. Open
Cyclic codes problems regarding binary cyclic codes from monomials and trinomials are also presented.
Linear span © 2014 Published by Elsevier B.V.
Sequences

1. Introduction

Let q be a power of a prime p. A linear [n, k, d] code over GF(q) is a k-dimensional subspace of GF(q)n with minimum
Hamming distance d. A linear [n, k] code C over the finite field GF(q) is called cyclic if (c0 , c1 , . . . , cn−1 ) ∈ C implies (cn−1 , c0 ,
c1 , . . . , cn−2 ) ∈ C . By identifying any vector (c0 , c1 , . . . , cn−1 ) ∈ GF(q)n with i=0 ci xi ∈ GF(q)[x]/(xn − 1), any code C of
n−1
length n over GF(q) corresponds to a subset of GF(q)[x]/(x − 1). The linear code C is cyclic if and only if the corresponding
n

subset in GF(q)[x]/(xn − 1) is an ideal of the ring GF(q)[x]/(xn − 1). It is well known that every ideal of GF(q)[x]/(xn − 1) is
principal. Let C = (g (x)) be a cyclic code, where g (x) is monic and has the smallest degree. Then g (x) is called the generator
polynomial and h(x) = (xn − 1)/g (x) is referred to as the parity-check polynomial of C .
Cyclic codes have wide applications in storage and communication systems because they afford efficient encoding and
decoding algorithms [5,12,27]. Cyclic codes have been studied for decades and a lot of progress has been made (see for ex-
ample, [3,4,9–11,13,16,14,17,18,22,21,25,24,26,28,30]). The total number of cyclic codes over GF(q) and their constructions
are closely related to q-cyclotomic cosets modulo n, and thus many topics of number theory. One way of constructing cyclic
codes over GF(q) of length n is to use the generator polynomial

xn − 1
(1)
gcd( Sn (x), xn − 1)

✩ C. Ding’s research was supported by The Hong Kong Research Grants Council, Proj. No. 601013. Z. Zhou’s research was supported by the Natural
Science Foundation of China under Grants 61201243 and 61373009, and the application fundamental research plan project of Sichuan Province under
Grant 2013JY0167, and the open research fund of National Mobile Communications Research Laboratory, Southeast University under Grant 2013D10.
Z. Zhou is also with National Mobile Communications Research Laboratory, Southeast University.
∗ Corresponding author.
E-mail addresses: cding@ust.hk (C. Ding), zzc@home.swjtu.edu.cn (Z. Zhou).

0012-365X/$ – see front matter © 2014 Published by Elsevier B.V.

http://dx.doi.org/10.1016/j.disc.2013.12.020
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 77

where
n −1

S n (x) = si xi ∈ GF(q)[x]
i =0

and s∞ = (si )∞i=0 is a sequence of period n over GF(q). Throughout this paper, we call the cyclic code Cs with the generator
polynomial of (1) the code defined by the sequence s∞ , and the sequence s∞ the defining sequence of the cyclic code Cs .
One basic question is whether good cyclic codes can be constructed with this approach. It turns out that the code Cs could
be an optimal or almost optimal linear code if the sequence s∞ is properly designed [6].
In this paper, several types of monomials and trinomials over GF(2m ) will be employed to construct a number of classes
of binary cyclic codes. Lower bounds on the minimum weight of some classes of the cyclic codes are derived, in some cases
we determine the exact minimal distance. The dimensions of the codes of this paper are flexible. Some of the codes obtained
in this paper are optimal or almost optimal as they meet certain bounds. Several open problems regarding cyclic codes from
monomials and trinomials are also presented in this paper.
The first motivation of this study is that some of the codes constructed in this paper could be optimal or almost optimal.
The second motivation is the simplicity of the constructions of these cyclic codes that may lead to efficient encoding and
decoding algorithms.

2. Preliminaries

In this section, we present basic notations and results of q-cyclotomic cosets, highly nonlinear functions, and sequences
that will be employed throughout the paper.

2.1. Some notations fixed throughout this paper

Throughout this paper, we adopt the following notations unless otherwise stated:
• q = 2, m is a positive integer, r = qm , and n = r − 1.
• Zn = {0, 1, 2, . . . , n − 1} is the usual ring of integers modulo n.
• α is a generator of GF(r )∗ , and ma (x) is the minimal polynomial of a ∈ GF(r ) over GF(q).
• Nq (x) is a function defined by Nq (i) = 0 if i ≡ 0 (mod q) and Nq (i) = 1 otherwise, where i is any nonnegative integer.
• Tr(x) is the trace function from GF(r ) to GF(q).
• By Database we mean the collection of the tables of best linear codes known maintained by Markus Grassl at http://
www.codetables.de/.

2.2. The linear span and minimal polynomial of periodic sequences

ℓ
Let s∞ = (si )∞i=0 be a sequence of period L over GF(q). A polynomial c (x) = i=0 ci xi over GF(q), where c0 = 1, is called
a characteristic polynomial of s∞ if
−c0 si = c1 si−1 + c2 si−2 + · · · + cl si−ℓ for all i ≥ ℓ.
The characteristic polynomial of smallest degree is called the minimal polynomial of s∞ , and denoted by Ms (x). The degree
of the minimal polynomial is referred to as the linear span or linear complexity of s∞ . Since we require the constant term of
any characteristic polynomial to be 1, the minimal polynomial of any periodic sequence s∞ is to be unique. In addition, any
characteristic polynomial must be a multiple of the minimal polynomial. It should be noticed that in some references the
reciprocal of Ms (x) is called the minimal polynomial of the sequence s∞ (see [1,15]).
There are a few ways to determine their linear span and minimal polynomials of a periodic sequence. One of them is
given in the following lemma [8, p. 87, Theorem 5.3].

Lemma 1. Let s∞ be a sequence of period L over GF(q). Define S L (x) = si xi ∈ GF(q)[x]. Then the minimal polynomial
L−1
i=0
Ms (x) of s∞ is given by

xL − 1
(2)
gcd( xL − 1, S L (x))
and the linear span Ls of s∞ is given by L − deg(gcd(xL − 1, S L (x))).
It is well known that any sequence s∞ over GF(q) of period qm − 1 has a unique expansion of the form [15, p. 87]
qm −2

st = ci α it , for all t ≥ 0. (3)
i =0

An alternative way to compute the linear span and minimal polynomial of Ms (x) is based on (3) and a result in [1].

Lemma 2. Let s∞ be a sequence over GF(q) of period m

 q − 1 with the expansion in (3). Let the index set be I = {i|ci ̸= 0}, then
the minimal polynomial Ms (x) of s∞ is Ms (x) = i∈I (1 − α i x), and the linear span of s∞ is |I |.
78 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

Proof. According to Theorem 3 in [1], the reciprocal polynomial of Ms (x) is given by (x − α i ). Thus we have

i∈I
 
Ms (x) = x|I | (1/x − α i ) = ( 1 − α i x)
i∈I i∈I

which completes the proof. 

2.3. The 2-cyclotomic cosets modulo 2m − 1

Let n = 2m − 1. The 2-cyclotomic coset containing j modulo n is defined by

Cj = {j, 2j, 22 j, . . . , 2ℓj −1 j} ⊂ Zn ,
where ℓj is the smallest positive integer such that 2ℓj j ≡ j (mod n). Clearly ℓj is also the size of Cj . It is known that ℓj divides
m. The smallest integer in Cj is called the coset leader of Cj . Let Γ denote the set of all coset leaders and write Γ ∗ = Γ \ {0}.
By definition, we have

Cj = Zn := {0, 1, 2, . . . , n − 1}
j∈Γ

and

Ci Cj = ∅ for any i ̸= j ∈ Γ .
For any integer j with 0 ≤ j ≤ 2m − 1, the 2-weight of j, denoted by wt(j), is defined as the number of nonzero coefficients
in its 2-adic expansion:
j = j0 + j1 · 2 + · · · + jm−1 · 2m−1 , ji ∈ {0, 1}.
The following lemmas will be useful in the sequel.

Lemma 3 ([29]). For any coset leader j ∈ Γ ∗ , j is odd and 1 ≤ j < 2n−1 .

Lemma 4. For any j ∈ Γ ∗ with ℓj = m, the number of odd and even integers in the 2-cyclotomic coset Cj are equal respectively
to wt(j) and m − wt(j).
Proof. By Lemma 3, j is odd. Then we can assume that j = 1 + 2i1 + 2i2 + · · · + 2ik−1 where k = wt(j) and 1 ≤ i1 < i2 · · · <
ik−1 ≤ m − 1. It is easy to check that the odd integers in Cj are given by

j, j2m−ik−1 mod n, j2m−ik−2 mod n, . . . , j2m−i1 mod n (4)

which are pairwise distinct due to ℓj = m. Thus the number of odd integers in the 2-cyclotomic coset Cj is equal to k and
the number of even ones is equal to m − k. 

Lemma 5. All integers 1 ≤ j ≤ 2m − 2 with wt(j) = m − 1 are in the same 2-cyclotomic coset.
Proof. It is clear that the number of integers 1 ≤ j ≤ 2m − 2 with wt(j) = m − 1 is equal to
m
 
m−1
= m. Note that all the
integers in the same coset have the same weight. The conclusion then follows from the facts that wt(2m−1 − 1) = m − 1
and ℓ2m−1 −1 = m. 

Lemma 6. Let h be an integer with 1 ≤ h ≤ ⌈ m+

2
1
⌉ and Γ1 = {1 ≤ j ≤ 2h − 1 : j is odd}. Then for any j ∈ Γ1 ,
• j is the coset leader of Cj ;
• ℓj = m except that ℓ2m/2 +1 = m/2 for even m.
Proof. We begin with the first assertion. For any j ∈ Γ1 , let wt(j) = k and j = 1 + 2i1 + 2i2 + · · · + 2ik−1 , where 1 ≤ i1 <
i2 < · · · < ik−1 ≤ h − 1. It follows from Lemma 3 that the coset leader must be odd. By Lemma 4, all the odd integers in the
2-cyclotomic coset containing j are listed in (4) in which the least one is exactly j due to it ≤ m/2 for all 1 ≤ t ≤ k − 1. This
finishes the proof of the first assertion.
We now prove the second one. Note that for each j ∈ Γ1 , ℓj |m and j is divisible by (2m − 1)/(2ℓj − 1). When m is odd, if
ℓj < m, then ℓj ≤ m/3 and thus (2m − 1)/(2ℓj − 1) > 22m/3 which means that j > 22m/3 . This is impossible since j < 2(m+1)/2 .
Thus ℓj = m for odd m. Similarly, when m is even, if ℓj < m, then ℓj ≤ m/2 and (2m − 1)/(2ℓj − 1) > 2m−ℓj . It is easy to
check that j ∈ Γ1 is divisible by (2m − 1)/(2ℓj − 1) if and only if j = 2m/2 + 1 and ℓj = m/2. 

2.4. PN and APN functions

A polynomial f (x) over GF(r ) is called almost perfect nonlinear (APN) if

max max |{x ∈ GF(r ) : f (x + a) − f (x) = b}| = 2,
a∈GF(r )∗ b∈GF(r )
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 79

and is referred to as perfect nonlinear or planar if

max max |{x ∈ GF(r ) : f (x + a) − f (x) = b}| = 1.
a∈GF(r )∗ b∈GF(r )

In subsequent sections, we shall use the notions of PN and APN functions.

3. Codes defined by polynomials over finite fields GF(r )

3.1. A generic construction of cyclic codes with polynomials

Given any polynomial f (x) over GF(r ), we define its associated sequence s∞ by

si = Tr f α i + 1
  
(5)
for all i ≥ 0.
The objective of this paper is to consider the codes Cs defined by some monomials and trinomials over GF(2m ).

3.2. How to choose the polynomial f (x)

Regarding the generic construction of Section 3.1, the following two questions are natural.
• Is it possible to construct optimal cyclic codes meeting some bound on parameters of linear codes or cyclic codes with
good parameters?
• If the answer to the question above is positive, how should we select the polynomial f (x) over GF(r )?
It will be demonstrated in the sequel that the answer to the first question is indeed positive. However, it seems harder
to answer the second question.
Any method of constructing an [n, k] cyclic code over GF(q) corresponds to the selection of a divisor g (x) over GF(q) of
xn − 1 of degree n − k, which is employed as the generator polynomial. The minimum weight d and other parameters of this
cyclic code are determined by the generator polynomial g (x).
Suppose that an optimal [n, k] cyclic code over GF(q) exists. The question is how to determine a divisor g (x) of xn − 1
generating such a code. Note that xn − 1 may have many divisors of small degrees. If the construction method is not well
designed, optimal cyclic codes cannot be produced even if they exist.
The construction of Section 3.1 may produce cyclic codes with bad parameters. For example, let (q, m) = (2, 6), let α be
the generator of GF(26 ) with α 6 + α 4 + α 3 + α + 1 = 0, and let f (x) = xe . When e ∈ {7, 14, 28, 35, 49, 56}, the binary code
Cs defined by the monomial f (x) has parameters [63, 45, 3]. These codes are very bad as there are binary cyclic codes with
parameters [63, 45, 8] and [63, 57, 3].
On the other hand, the construction of Section 3.1 may also produce optimal cyclic codes. For example, let (q, m) = (2, 6)
and let f (x) = xe . When
e ∈ {1, 2, 4, 5, 8, 10, 16, 17, 20, 32, 34, 40},
the binary code Cs defined by the monomial f (x) has parameters [63, 57, 3] and is equivalent to the binary Hamming code
with the same parameters. This cyclic code is optimal, as it attains the sphere packing bound.
Hence, a monomial may determine either good or bad cyclic codes within the framework of the construction of Sec-
tion 3.1. Now the question is how to choose a monomial f (x) over GF(r ) so that the cyclic code Cs defined by f (x) has good
parameters.
In this paper, we employ monomials and trinomials f (x) over GF(r ) that are either permutations on GF(r ) or such that
|f (GF(r ))| is very close to r. Most of the monomials and trinomials f (x) employed in this paper are either almost perfect
nonlinear or planar functions on GF(r ). These polynomials are considered here as their image size |f (GF(r ))| is at least r /2
and they produce cyclic codes with good parameters.
Observe that it is unnecessary to require that f (x) is highly nonlinear, in order to obtain cyclic codes Cs with good param-
eters. Both linear and highly nonlinear polynomials f (x) could give optimal cyclic codes Cs when they are plugged into the
generic construction of Section 3.1. In subsequent sections, some PN and APN monomials will be employed to obtain optimal
cyclic codes Cs . When m is even and f (x) = x, the code Cs has parameters [2m − 1, 2m − 1 − m, 3] and is optimal. Hence, linear
permutations f (x) may yield optimal cyclic codes Cs when they are plugged into the construction method described above.
t
4. Binary cyclic codes from the permutation monomial f (x) = x2 +3
t
In this section we study the code Cs defined by the permutation monomial f (x) = x2 +3 over GF(22t +1 ). Before doing
this, we need to prove the following lemma.
t
Lemma 7. Let m = 2t + 1 ≥ 7. Let s∞ be the sequence of (5), where f (x) = x2 +3 . Then the linear span Ls of s∞ is equal to
5m + 1 and the minimal polynomial Ms (x) of s is given by
∞

Ms (x) = (x − 1)mα −1 (x)mα −3 (x)mα −(2t +1) (x)mα −(2t +2) (x)mα −(2t +3) (x). (6)
80 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

Proof. By definition, we have

 t

si = Tr (α i + 1)2 +2+1
 t t t

= Tr (α i )2 +3 + (α i )2 +2 + (α i )2 +1 + (α i )3 + α i + 1
m−1 m−1 m−1 m−1 m −1
(α i )(2 +3)2 + (α i )(2
t −1 +1)2j
(α i )(2 +1)2 +
t j t j j j
    
= + (α i )3×2 + (α i )2 + 1. (7)
j =0 j =0 j =0 j =0 j=0

By Lemma 6, the following 2-cyclotomic cosets are pairwise disjoint and have size m:
C1 , C3 , C2t +1 , C2t −1 +1 . (8)
It is clear that the 2-cyclotomic coset C2t +3 are disjoint from all the cosets in (8). We now prove that C2t +3 has size m. It
is sufficient to show that gcd := gcd(22t +1 − 1, 2t + 3) = 1. The conclusion is true for all 1 ≤ t ≤ 4. So we consider only
the case for t ≥ 5.
Note that 22t +1 − 1 = (2t +1 − 6)(2t + 3)+ 17. We have gcd = gcd(2t + 3, 17). Since 2t + 3 = 2t −4 (24 + 1)−(2t −4 − 3), we
obtain that gcd = gcd(2t −4 − 3, 17). Let t1 = ⌊t /4⌋. Using the Euclidean division recursively and the fact 24 ≡ −1(mod 17),
one gets

gcd((−1)t1 −1 − 3, 17) = 1 ≡ 0 (mod 4),


 if t
gcd((−1)t1 −1 21 − 3, 17) = 1 ≡ 1 (mod 4),

if t

gcd =
gcd((−1)t1 −1 22 − 3, 17) = 1 if t ≡ 2 (mod 4),
gcd((−1)t1 −1 23 − 3, 17) = 1 ≡ 3 (mod 4).

if t


Therefore, ℓ2t +3 = |C2t +3 | = ℓ−(2t +3) = m.

The desired conclusions on the linear span and the minimal polynomial Ms (x) then follow from Lemma 2, (7) and the
results on the five cyclotomic cosets and their sizes. 
The following theorem provides information on the code Cs .

Theorem 8. Let m ≥ 7 be odd. The binary code Cs defined by the sequence of Lemma 7 has parameters [2m − 1, 2m − 2 − 5m, d]
and generator polynomial Ms (x) of (6), where d ≥ 8.
Proof. The dimension of Cs follows from Lemma 7 and the definition of the code Cs . We need to prove the conclusion on the
minimum distance d of Cs . To this end, let Ds denote the cyclic code with generator polynomial mα −1 (x)mα −(2j +1) (x)mα −(22j +1)
(x), and let Ds be the even-weight subcode of Ds . Then Ds is a triple-error-correcting code for any j with gcd(j, m) = 1 [19].
This means that the minimal distance of Ds is equal to 7 and that of Ds is 8. Take j = t + 1, then Ds has generator polynomial
mα −1 (x)mα −3 (x)mα −(2t +1) (x) and Cs is a subcode of Ds . The conclusion then follows from the fact that x − 1 is a factor of
Ms (x). 

Example 1. Let m = 5 and α be a generator of GF(2m )∗ with α 5 + α 2 + 1 = 0. Then the generator polynomial of the code
Cs is Ms (x) = x16 + x15 + x13 + x12 + x8 + x6 + x3 + 1, and Cs is a [31, 15, 8] binary cyclic code. Its dual is a [31, 16, 7] cyclic
code. Both codes are optimal according to the Database.

Example 2. Let m = 7 and α be a generator of GF(2m )∗ with α 7 + α + 1 = 0. Then the generator polynomial of the code Cs
is Ms (x) = x36 + x34 + x33 + x32 + x29 + x28 + x27 + x26 + x25 + x24 + x21 + x12 + x11 + x9 + x7 + x6 + x5 + x3 + x + 1 and
Cs is a [127, 91, 8] binary cyclic code.
It can be seen from Example 2 that the bound on the minimal distance of Cs in Theorem 8 is tight in some cases.
h
5. Binary cyclic codes from the permutation monomial f (x) = x2 −1

h
Consider monomials over GF(2m ) of the form f (x) = x2 −1 , where h is a positive integer with 1 ≤ h ≤ ⌈ m
2
⌉.
h
In this section, we deal with the binary code Cs defined by the sequence s∞ of (5), where f (x) = x2 −1 .
We need to do some preparations before presenting and proving the main results of this section. Let t be a positive
integer. We define T = 2t − 1. For any odd a ∈ {1, 2, 3, . . . , T }, define

,

1 if a = 2h − 1
ϵa(t ) =

T
 log2 , if 1 ≤ a < 2h − 1.
a
and
κa(t ) = ϵa(t ) mod 2. (9)
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 81

Let
B(at ) = 2i a : i = 0, 1, 2, . . . , ϵa(t ) − 1 .
 

Then it can be verified that

(t )

B2j+1 = {1, 2, 3, . . . , T }
1≤2j+1≤T

and
(t )
B(at ) ∩ Bb = ∅
for any pair of distinct odd numbers a and b in {1, 2, 3, . . . , T }.
(t ) (t )
The following lemma follows directly from the definitions of ϵa and Ba .

Lemma 9. Let a be an odd integer in {0, 1, 2, . . . , T }. Then

(t )
Ba(t +1) = B(at ) ∪ {a2ϵa } if 1 ≤ a ≤ 2t − 1,
Ba(t +1) = {a} if 2t + 1 ≤ a ≤ 2t +1 − 1,
(t +1) (t )
ϵa = ϵa + 1 if 1 ≤ a ≤ 2t − 1,
ϵa(t +1) = 1 if 2t + 1 ≤ a ≤ 2t +1 − 1.

(t )
Lemma 10. Let Nt denote the total number of odd ϵa when a ranges over all odd numbers in the set {1, 2, . . . , T }. Then N1 = 1
and
2t + (−1)t −1
Nt =
3
for all t ≥ 2.
Proof. It is easily checked that N2 = 1, N3 = 3 and N4 = 5. It follows from Lemma 9 that
Nt = 2t −2 + (2t −2 − Nt −1 ).
Hence
Nt − 2t −2 = 2t −3 − (Nt −1 − 2t −3 ) = 3 × 2t −4 + (Nt −2 − 2t −4 ).
With the recursive application of this formula, one obtains the desired expression for Nt . 
2 h −1
Lemma 11. Let s ∞
be the sequence of (5), where f (x) = x m
, 2 ≤ h ≤ ⌈ ⌉. Then the linear span Ls of s∞ is given by
2

m(2h + (−1)h−1 )

,


 if m is even
Ls = 3 (10)
m(2 + (−1) h h −1
)+3
,

if m is odd.


3
We have thus

Ms (x) = (x − 1)N2 (m)


mα −(2j+1) (x). (11)
1≤2j+1≤2h −1
(h)
κ2j+1 =1

Proof. We have
 
h −1
 
 h−1 i  h−1   2
i

Tr(f (x + 1)) = Tr (x + 1) i=0 2 = Tr x2 + 1 = Tr  xi 
i =0 i=0
 
 
2h −1
   
= Tr(1) + Tr  xi  = Tr(1) + Tr  x2i+1  (12)
 
i =1 1≤2i+1≤2h −1
 
(h)
κ2i+1 =1

where the last equality follows from Lemma 6.

By definition, the sequence of (5) is given by st = Tr(f (α t + 1)) for all t ≥ 0. The desired conclusions on the linear span
and the minimal polynomial Ms (x) then follow from Lemmas 6 and 10 and Eq. (12). 
The following theorem provides information on the code Cs .
82 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

Theorem 12. Let h ≥ 2. The binary code Cs defined by the binary sequence of Lemma 11 has parameters [2m − 1, 2m − 1 − Ls , d]
and generator polynomial Ms (x) of (11), where Ls is given in (10) and
2h−2 + 2 if m is odd and h > 2

d≥
2h−2 + 1.

Proof. The dimension of Cs follows from Lemma 11 and the definition of the code Cs . We now derive lower bounds on the
minimum weight d of the code. It is well known that the codes generated by Ms (x) and its reciprocal have the same weight
distribution. It follows from Lemmas 9 and 11 that the reciprocal of Ms (x) has zeros α 2j+1 for all j in {2h−2 , 2h−2 + 1, . . . ,
2h−1 − 1}. By the Hartmann–Tzeng bound, we have d ≥ 2h−2 + 1. If m is odd, Cs is an even-weight code. In this case, d ≥
2h−2 + 2. 

Example 3. Let (m, h) = (7, 2) and α be a generator of GF(2m )∗ with α 7 + α + 1 = 0. Then the generator polynomial of
the code Cs is Ms (x) = x8 + x6 + x5 + x4 + x3 + x2 + x + 1, and Cs is a [127, 119, 4] binary cyclic code which is optimal
according to the Database.

Example 4. Let (m, h) = (7, 3) and α be a generator of GF(2m )∗ with α 7 + α + 1 = 0. Then the generator polynomial of
the code Cs is Ms (x) = x22 + x21 + x20 + x18 + x17 + x16 + x14 + x13 + x8 + x7 + x6 + x5 + x4 + 1 and Cs is a [127, 105, d]
binary cyclic code, where 4 ≤ d ≤ 8.
h
Remark 13. The code Cs of Theorem 12 may be bad when gcd(h, m) ̸= 1. In this case the monomial f (x) = x2 −1 is not
a permutation of GF(2m ). For example, when (m, h) = (6, 3), Cs is a [63, 45, 3] binary cyclic code, while the best known
linear code in the Database has parameters [63, 45, 8]. Hence, we are interested in this code only when gcd(h, m) = 1,
h
which guarantees that f (x) = x2 −1 is a permutation of GF(2m ).

6. Binary cyclic codes from the permutation monomial f (x) = xe , e = 2(m−1)/2 + 2(m−1)/4 − 1 and m ≡ 1 (mod 4)

Let f (x) = xe , where e = 2(m−1)/2 + 2(m−1)/4 − 1 and m ≡ 1 (mod 4). It can be proved that f (x) is a permutation of GF(r ).
Define h = (m − 1)/4. We have then
 
 h−1  h −1  
22h 2i 22h 2i

Tr(f (x + 1)) = Tr (x + 1)(x + 1) i=0 = Tr (x + 1) x +1
i=0
   
2h −1 2 h −1 2 h −1
22h i+22h
  
= Tr (x + 1) i
x  = 1 + Tr  x + x .
i
(13)
i =0 i=0 i=1

The sequence s∞ of (5) defined by the monomial f (x) = xe is then given by

 
2 h −1 2 h −1
t i+22h
 
st = 1 + Tr  (α ) + (α t )i  (14)
i=0 i=1

for all t ≥ 0, where α is a generator of GF(2m )∗ . In this section, we deal with the code Cs defined by the sequence s∞ of (14).
To this end, we need to prove a number of auxiliary results on 2-cyclotomic cosets.
We define the following two sets for convenience:
A = {0, 1, 2, . . . , 2h − 1}, B = 22h + A = {i + 22h : i ∈ A}.

Lemma 14. For any j ∈ B, we have ℓj = |Cj | = m.

Proof. Let j = i + 22h , where i ∈ A. For any u with 1 ≤ u ≤ m − 1, define
∆1 (j, u) = j(2u − 1) = (i + 22h )(2u − 1), ∆2 (j, u) = j(2m−u − 1) = (i + 22h )(2m−u − 1).
If ℓj < m, there would be an integer 1 ≤ u ≤ m − 1 such that ∆t (j, u) ≡ 0 (mod n) for all t ∈ {1, 2}.
Note that 1 ≤ u ≤ m − 1. We have that ∆1 (j, u) ̸= 0 and ∆2 (j, u) ̸= 0. When u ≤ m − 2h − 1, we have
2h ≤ ∆1 (j, u) ≤ (22h + 2h − 1)(2m−2h−1 − 1) < n.
In this case, ∆1 (j, u) ̸≡ 0 (mod n).
When u ≥ m − 2h, we have m − u ≤ 2h and
2h ≤ ∆2 (j, u) ≤ (22h + 2h − 1)(22h − 1) < n.
In this case, ∆2 (j, u) ̸≡ 0 (mod n).
Combining the conclusions of the two cases above completes the proof. 

Lemma 15. For any pair of distinct i and j in B, Ci ∩ Cj = ∅, i.e., they cannot be in the same 2-cyclotomic coset modulo n.
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 83

Proof. Let i = i1 + 22h and j = j1 + 22h , where i1 ∈ A and j1 ∈ A. Define

∆1 (i, j, u) = i2u − j = (i1 + 22h )2u − (j1 + 22h ),
∆2 (i, j, u) = j2m−u − i = (j1 + 22h )2m−u − (i1 + 22h ).
If Ci = Cj , there would be an integer 1 ≤ u ≤ m − 1 such that ∆t (i, j, u) ≡ 0 (mod n) for all t ∈ {1, 2}.
We first prove that ∆1 (i, j, u) ̸= 0. When u = 0, ∆1 (i, j, u) = i1 − j1 ̸= 0. When 1 ≤ u ≤ m − 1, we have
∆1 (i, j, u) ≥ 2i1 + 22h+1 − 22h − j1 > 0.
Since 1 ≤ u ≤ m − 1, one can similarly prove that ∆2 (i, j, u) > 0.
When u ≤ m − 2h − 1, we have
−n < −22h ≤ ∆1 (i, j, u) ≤ (22h + 2h − 1)(2m−2h−1 − 1) < n.
In this case, ∆1 (i, j, u) ̸≡ 0 (mod n).
When u ≥ m − 2h, we have m − u ≤ 2h and
0 < ∆2 (i, j, u) ≤ (22h + 2h − 1)22h − i1 − 2h < n.
In this case, ∆2 (i, j, u) ̸≡ 0 (mod n).
Combining the conclusions of the two cases above completes the proof. 

Lemma 16. For any i + 22h ∈ B and odd j ∈ A,

Cj if (i, j) = (0, 1)

Ci+22h ∩ Cj = (15)
∅ otherwise.

Proof. Define
∆1 (i, j, u) = j2u − (i + 22h ), ∆2 (i, j, u) = (i + 22h )2m−u − j.
Suppose Ci+22h = Cj , thus, there would be an integer 0 ≤ u ≤ m − 1 such that ∆t (i, j, u) ≡ 0 (mod n) for all t ∈ {1, 2}.
If u = 2h, then
0 ≡ ∆1 (i, j, u) ≡ 22h+1 (j22h − (i + 22h )) (mod n)
≡ j2m − i22h+1 − 2m (mod n)
≡ j − 1 − i22h+1 (mod n)
= j − 1 − i22h+1 .
Whence, the only solution of ∆1 (i, j, 2h) ≡ 0 (mod n) is (i, j) = (0, 1).
We now consider the case that 0 ≤ u < 2h. We claim that ∆1 (i, j, u) ̸= 0. Suppose on the contrary that ∆1 (i, j, u) = 0.
We would then have j2u − i − 22h = 0. Because u < 2h and j is odd, there is an odd i1 such that i = 2u i1 . It then follows
from i < 2h that u < h. We obtain then
j = i1 + 22h−u > i1 + 2h > 2h − 1.
This is contrary to the assumption that j ∈ A. This proves that ∆1 (i, j, u) ̸= 0.
Finally, we deal with the case that 2h + 1 ≤ u < 4h = m − 1. We prove that ∆2 (i, j, u) ̸≡ 0 (mod n) in this case. Since j
is odd, ∆2 (i, j, u) ̸= 0. We have also

∆2 (i, j, u) = i2m−u + 2m+2h−u − j ≤ (2h − 1)2m−u + 2m−1 − j ≤ 2m−(h−1) + 2m−1 − j < n.

Clearly, ∆2 (i, j, u) > −j > −n. Hence in this case we have ∆2 (i, j, u) ̸≡ 0 (mod n).
The proof of the lemma follows from the above conclusions. 

Lemma 17. Let m ≥ 9 be odd. Let s∞ be the sequence of (14). Then the linear span Ls of s∞ is given by
  (m+7)/4
+ (−1)(m−5)/4 + 3

m 2

 , if m ≡ 1 (mod 8)
Ls =  (m+7)/4 3 (16)
(m−5)/4
+ (−1)

m 2 −6 +3
, if m ≡ 5 (mod 8).

3
We have also
m−1
2 4 −1
 
Ms (x) = (x − 1) m m−1 ( x) mα −2j−1 (x)
i=0 α −i−2 2 m−1
1≤2j+1≤2 4 −1
((m−1)/4)
κ2j+1 =1
84 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

if m ≡ 1 (mod 8); and

m−1
2 4 −1
 
Ms (x) = (x − 1) m m−1 (x) mα −2j−1 (x)
i =1 α −i−2 2 m−1
3≤2j+1≤2 4 −1
((m−1)/4)
κ2j+1 =1

(h)
if m ≡ 5 (mod 8), where κ2j+1 was defined in Section 5.
Proof. By Lemma 15, the monomials in the function
 
2h −1
i+22h

Tr  x  (17)
i=0

will not cancel each other. Lemmas 10 and 11 say that after cancellation, we have
 
 
2h −1
   
Tr  xi  = Tr  x2j+1  . (18)
 
i=1 1≤2j+1≤2h −1
 
(h)
κ2j+1 =1

By Lemma 16, the monomials in the function of (17) will not cancel the monomials in the function in the right-hand
2h
side of (18) if m ≡ 1 (mod 8), and only the term x2 in the function of (17) cancels the monomial x in the function in the
right-hand side of (18) if m ≡ 5 (mod 8).
The desired conclusions on the linear span and the minimal polynomial Ms (x) then follow from Lemmas 2, 14, and
Eq. (13). 

The following theorem provides information on the code Cs .

Theorem 18. Let m ≥ 9 be odd. The binary code Cs defined by the sequence of (14) has parameters [2m − 1, 2m − 1 − Ls , d] and
generator polynomial Ms (x), where Ls and Ms (x) are given in Lemma 17 and the minimum weight d fulfills the following bounds:

2(m−1)/4 + 2 (mod 8)

if m ≡ 1
d≥ (19)
2(m−1)/4 if m ≡ 5 (mod 8).

Proof. The dimension and the generator polynomial of Cs follow from Lemma 17 and the definition of the code Cs . We now
derive the lower bounds on the minimum weight d. It is well known that the codes generated by Ms (x) and its reciprocal have
2h
the same weight distribution. The reciprocal of Ms (x) has the zeros α i+2 for all i in {0, 1, 2, . . . , 2h − 1} if m ≡ 1 (mod 8),
and for all i in {1, 2, . . . , 2h − 1} if m ≡ 5 (mod 8). Note that Cs is an even-weight code. Then the desired bounds on d follow
from the BCH bound. 

Example 5. Let m = 5 and α be a generator of GF(2m )∗ with α 5 + α 2 + 1 = 0. Then the generator polynomial of the code
Cs is Ms (x) = x6 + x3 + x2 + 1, and Cs is a [31, 25, 4] binary cyclic code which is optimal according to the Database.

Example 6. Let m = 9 and α be a generator of GF(2m )∗ with α 9 +α 4 + 1 = 0. Then the generator polynomial of the code Cs is
Ms (x) = x46 + x45 + x41 + x40 + x39 + x36 + x35 + x33 + x28 + x27 + x26 + x25 + x24 + x22 + x21 + x20 + x19 + x14 + x12 + x7 + x4 + x2 + x + 1
and Cs is a [511, 465, d] binary cyclic code, where d ≥ 6. The actual minimum weight may be larger than 6.

2h h
7. Binary cyclic codes from the monomials f (x) = x2 −2 +1 , where gcd(m, h) = 1

Define f (x) = xe , where e = 22h − 2h + 1 and gcd(m, h) = 1. In this section, we have the following additional restrictions
on h:
m − 1


 4 if m ≡ 1 (mod 4),

 m − 3
if m ≡ 3 (mod 4),



1≤h≤ m− 4 (20)
4
if m ≡ 0 (mod 4),


4



 m − 2
if m ≡ 2 (mod 4).


4
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 85

Note that
 h−1 
2h+i
Tr(f (x + 1)) = Tr (x + 1)(x + 1) i=0 (21)
 
h−1  
2h+i

= Tr (x + 1) x +1
i=0
 
2 h −1 2 h −1
2h i+1
 
= Tr  x + xi 
i=0 i=0

 
2 h −1 2h −1
i+2m−h
 
= Tr  x + xi  + 1. (22)
i=0 i =1

The sequence s∞ of (5) defined by f (x) is then

 
2h −1 2 h −1
t i+2m−h
 
st = Tr  (α ) + (α t )i  + 1 (23)
i =0 i=1

for all t ≥ 0, where α is a generator of GF(2m )∗ .

In this section, we deal with the code Cs defined by the sequence s∞ of (23). It is noticed that the final expression of the
function of (21) is of the same format as that of the function of (13). The proofs of the lemmas and theorems in this section
are very similar to those of Section 5. Hence, we present only the main results without providing proofs.
We define the following two sets for convenience:
A = {0, 1, 2, . . . , 2h − 1}, B = 2m−h + A = {i + 2m−h : i ∈ A}.

Lemma 19. Let h satisfy the conditions of (20). For any j ∈ B, the size ℓj = |Cj | = m.
Proof. The proof of Lemma 14 is easily modified into a proof for this lemma. The detail is omitted. 

Lemma 20. Let h satisfy the conditions of (20). For any pair of distinct i and j in B, Ci ∩ Cj = ∅, i.e., they cannot be in the same
2-cyclotomic coset modulo n.
Proof. The proof of Lemma 15 is easily modified into a proof for this lemma. The detail is omitted. 

Lemma 21. Let h satisfy the conditions of (20). For any i + 2m−h ∈ B and odd j ∈ A,

Cj if (i, j) = (0, 1)

Ci+2m−h ∩ Cj = (24)
∅ otherwise.

Proof. The proof of Lemma 16 is easily modified into a proof for this lemma. The detail is omitted here. 

Lemma 22. Let h satisfy the conditions of (20). Let s∞ be the sequence of (23). Then the linear span Ls of s∞ is given by

+ (−1)h−1 + 3
  h+2 
 m 2

 if h is even
Ls = 3 (25)
+ (−1)h−1 − 6 + 3
 h+2 
m 2

if h is odd.

3
We have also
2h −1
 
Ms (x) = (x − 1) mα −i−2m−h (x) mα −2j−1 (x)
i =0 1≤2j+1≤2h −1
h
κ2j +1 =1

if h is even; and
2h −1
 
Ms (x) = (x − 1) mα −i−2m−h (x) mα −2j−1 (x)
i=1 3≤2j+1≤2h −1
h
κ2j+1 =1

(h)
if h is odd, where κ2j+1 was defined in Section 5.
86 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

Proof. The proof of Lemma 17 is easily modified into a proof for this lemma. The detail is omitted. 
The following theorem provides information on the code Cs .

Theorem 23. Let h satisfy the conditions of (20). The binary code Cs defined by the sequence of (23) has parameters [2m −
1, 2m − 1 − Ls , d] and generator polynomial Ms (x), where Ls and Ms (x) are given in Lemma 22 and the minimum weight d has
the following bounds:

2h + 2

if h is even
d≥ (26)
2h if h is odd.

Proof. The proof of Theorem 18 is easily modified into a proof for this lemma with the help of the lemmas presented in this
section. The detail is omitted here. 

Example 7. Let (m, h) = (5, 2) and α be a generator of GF(2m )∗ with α 5 + α 2 + 1 = 0. Then the generator polynomial of
the code Cs is Ms (x) = x16 + x14 + x10 + x9 + x8 + x7 + x5 + x4 + x3 + x2 + x + 1 and Cs is a [31, 15, 8] binary cyclic code.
Its dual is a [31, 16, 7] cyclic code. Both codes are optimal according to the Database. In this example, the condition of (20)
is not satisfied. So the conclusions on the code of this example do not agree with the conclusions of Theorem 23.

Example 8. Let (m, h) = (7, 2) and α be a generator of GF(2m )∗ with α 7 + α + 1 = 0. Then the generator polynomial of
the code Cs is Ms (x) = x36 + x28 + x27 + x23 + x21 + x20 + x18 + x13 + x12 + x9 + x7 + x6 + x5 + 1 and Cs is a [127, 91, 8]
binary cyclic code.
In this section, we obtained interesting results on the code Cs under the conditions of (20). When h is outside the ranges,
it may be hard to determine the dimension of the code Cs , let alone its minimum distance. Hence, it would be interesting to
solve the following open problem.

Open Problem 1. Determine the dimension and the minimum weight of the code Cs of this section when h satisfies
m − 1 m−1
 ≥h> if m ≡ 1 (mod 4),
 2

 4
m−3 m−3


≥h> if m ≡ 3 (mod 4),



2 4 (27)
m−4 m−4
≥h> if m ≡ 0 (mod 4),





 2 4
m − 2 m−2


≥h> if m ≡ 2 (mod 4).
2 4

8. Binary cyclic codes from a trinomial over GF(2m )

h
In this section, we study the code Cs from the trinomial x + xr + x2 −1 where wt(r ) = m − 1 and 0 ≤ h ≤ ⌈ m 2
⌉. Before
doing this, we first introduce some notations and lemmas which will be used in the sequel. Let ρi denote the number of even
integers in the 2-cyclotomic coset Ci . For each i ∈ Γ , define
mρi
vi = mod 2 (28)
ℓi
where ℓi = |Ci |.

Lemma 24 ([29]). With the same notations as before,

 
t 2 m −2
 
Tr((1 + α ) )= vj  (α t )i  . (29)
j∈Γ i∈Cj

Furthermore, the total number of nonzero coefficients of α it in (29) is equal to 2m−1 .

Lemma 25. Let m ≥ 4, r be an integer with 1 ≤ r ≤ 2m − 2 and wt(r ) = m − 1, and h an integer with 0 ≤ h ≤ ⌈ m
2
⌉. Let s∞
h
be the sequence of (5), where f (x) = x + xr + x2 −1 . Then the linear span of s∞ is given by

+ m,
 m−1
2
 if m is odd and h = 0
Ls = 2 m−1
− m, if m is even and h = 0 (30)
,

 m−1
2 if h ̸= 0
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 87

and the minimal polynomial of s∞ is given by


mα −1 (x) mα −j (x),


 if m is odd and h = 0
j∈Γ \{1},vj =1


 
m (x),

if m is even and h = 0

α −j
Ms (x) = j∈Γ \{1},vj =1
(31)

 
mα −j (x),

if h ̸= 0




j∈Γ ,uj =1

(h)
+ 1)mod 2, u2j+1 = (v2j+1 + κ2j(h+) 1 )mod 2 for
where mα −j (x) is the minimal polynomial of α −j over GF(2), u1 = (v1 + κ1
(h)
3 ≤ 2j + 1 ≤ 2 − 1, and uj = vj for j ∈ Γ \ {2i + 1 : 1 ≤ 2i + 1 ≤ 2 − 1}. Herein, κ2i+1 is given by (9).
h h

Proof. Note that wt(r ) = wt(2m − 2) = m − 1. It then follows from Lemma 5 and the properties of the trace function that
m
Tr(xr ) = Tr(x2 −2 ) for all x ∈ GF(2m ).
We first deal with the case of h = 0 where f (x) = 1 + x + xr . According to Lemma 24, one has
m−2 −2
Tr(f (1 + α t )) = Tr(1) + Tr(1 + α t ) + Tr((1 + α t )2 )
 
  
= (α t )i + vj  (α t )i 
i∈C1 j∈Γ i∈Cj
 
  
= (1 + v1 )(α ) + t i
vj  (α ) 
t i
(32)
i∈C1 j∈Γ \{1} i∈Cj

where 1 + v1 is performed modulo 2. By the definition of vi , v1 = (m − 1)mod 2. The desired conclusion on the linear span
and minimal polynomial of s∞ for the case h = 0 then follows from Eq. (32) and Lemma 2.
Now we assume that h ̸= 0. From the proof of Lemma 11, we know that
 
2h −1
 
Tr  xi  = Tr(x2j+1 ).
i =1 1≤2j+1≤2h −1
( h)
κ2j+1 =1

It then follows from Lemma 24 that

m−2 −2 h
Tr(f (1 + α t )) = Tr(1 + α t ) + Tr((1 + α t )2 ) + Tr((1 + α t )2 −1 )
  
    (h) 
= (α t )i + vj  (α t )i  + κj  (α t )i 
i∈C1 j∈Γ i∈Cj j∈Γ1 i∈Cj
 
 
= uj  (α t )i  (33)
j∈Γ i∈Cj

(h) (h)
where Γ1 = {2i + 1 : 1 ≤ 2i + 1 ≤ 2h − 1}, u1 = (v1 + κ1 + 1)mod 2, uj = (vj + κj )mod 2 for j ∈ Γ1 \ {1} and uj = vj
for j ∈ Γ \ Γ1 . The minimal polynomial in (31) then follows from Eq. (33).
Finally, we show that the linear span of s∞ is equal to 2m−1 when h ̸= 0, i.e., the total number of nonzero coefficient of α it
in (33) is equal to 2m−1 . According to Lemmas 6 and 24, it is sufficient to prove that the number of j ∈ Γ1 such that uj ̸= 0 is
equal to the number of j ∈ Γ1 such that vj ̸= 0. By the definition of vj and Lemma 4, we have v1 = (m−1)mod 2, v3 = (m−2)
(h) (h) (h)
mod 2. According to the definition of κj in (9), we have κ1 = hmod 2 and κ3 = (h − 1)mod 2. Thus, u1 = (m + h)mod 2
and u3 = (m + h − 1)mod 2. Independently of the parity of m, there are exactly one nonzero ui and vi for i ∈ {1, 3}. Note
that, for any integer a with 2 ≤ a ≤ h − 1, the number of odd integers j satisfying 2a < j < 2a+1 is equal to 2a−1 . It is clear
that when 2j + 1 ranges over the odd integers between 2a and 2a+1 , the number of 2j + 1 such that wt(2j + 1) is even is
equal to 2a−2 . It then follows from Lemma 4 that
|{2a < 2j + 1 < 2a+1 : v2j+1 = 1}| = |{2a < 2j + 1 < 2a+1 : v2j+1 = 0}| = 2a−2 .
(h)
On the other hand, when 2j + 1 runs over the odd integers from 2a to 2a+1 , κ2j+1 has the same value for these j’s due to the
definition of κ2j(h+) 1 in (9). If κj
(h)
= 0, uj = vj , and otherwise uj = vj + 1. Thus we have
|{2a < 2j + 1 < 2a+1 : u2j+1 = 1}| = |{2a < 2j + 1 < 2a+1 : u2j+1 = 0}| = 2a−2 .
88 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89

It then follows that

|{j ∈ Γ1 : uj = 1}| = |{j ∈ Γ1 : vj = 1}|.
By Lemma 6, |Cj | = m for each j ∈ Γ1 . The conclusion then follows from the analysis above. 

Theorem 26. The code Cs defined by the sequence of Lemma 25 has parameters [n, n − Ls , d] and generator polynomial Ms (x)
of (31), where Ls is given by (30) and

8,

if m is odd and h = 0
d≥
3, if m is even and h = 0.

Proof. The dimension of Cs follows from Lemma 25 and the definition of this code. We only need to prove the conclusion on
the minimal distance d of Cs . It is known that codes generated by any polynomial g (x) and its reciprocal have the same weight
distribution. When m is odd and h = 0, since v3 = v5 = 1, the reciprocal of Ms (x) has zeros α t for t ∈ {0, 1, 2, 3, 4, 5, 6}. It
then follows from the BCH bound that d ≥ 8. When m is odd and h = 0, note that v7 = v13 = 1, the reciprocal of Ms (x) has
zeros α t for t ∈ {13, 14}. By the BCH bound, d ≥ 3. 

Open Problem 2. Develop a tight lower bound on the minimal distance of the code Cs in Theorem 26 for the case h > 0.
m
When r = 2m − 2 and h = 1, f (x) becomes the monomial x2 −2 which is the inverse APN function. It was pointed in [7]
that the code Cs from the inverse APN function may have poor minimal distance when m is even. However, when we choose
some other h, the corresponding codes may have excellent minimal distance. This is demonstrated by some of the examples
below.

Example 9. Let m = 4, r = 2m − 2, h = 1, and α be the generator of GF(2m ) with α 4 + α + 1 = 0. Then the generator
polynomial of Cs is Ms (x) = x8 + x7 + x5 + x4 + x3 + x + 1 and Cs is a [15, 7, 3] binary cyclic code. It is not optimal.

Example 10. Let m = 4, r = 2m − 2, h = 0, and α be the generator of GF(2m ) with α 4 + α + 1 = 0. Then the generator
polynomial of Cs is Ms (x) = x4 + x + 1 and Cs is a [15, 11, 3] optimal binary cyclic code. The optimal binary linear code
with the same parameters in the Database is not cyclic.

Example 11. Let m = 4, r = 2m − 2, h = 2, and α be the generator of GF(2m ) with α 4 + α + 1 = 0. Then the generator
polynomial of Cs is Ms (x) = x8 + x7 + x6 + x4 + 1 and Cs is a [15, 7, 5] optimal binary cyclic code. The optimal binary linear
code with the same parameters in the Database is not cyclic.

Example 12. Let m = 5, r = 2m − 2, h = 0, and α be the generator of GF(2m ) with α 5 + α 2 + 1 = 0. Then the generator
polynomial of Cs is Ms (x) = x21 + x18 + x17 + x15 + x13 + x10 + x5 + x4 + x3 + x2 + x + 1 and Cs is a [31, 10, 12] optimal
binary cyclic code.

Example 13. Let m = 5, r = 2m − 2, h = 1, and α be the generator of GF(2m ) with α 5 + α 2 + 1 = 0. Then the generator
polynomial of Cs is Ms (x) = x16 + x14 + x13 + x10 + x9 + x8 + x7 + x6 + x5 + x2 + x + 1 and Cs is a [31, 15, 8] optimal binary
cyclic code. The optimal binary linear code with the same parameters in the Database is not cyclic.

9. Open problems regarding binary cyclic codes from monomials

In the previous sections, we investigated binary cyclic codes defined by some monomials. It would be good if the following
open problems could be solved.

Open Problem 3. Determine the dimension and the minimum weight of the code Cs defined by the monomials xe , where e =
2(m−1)/2 + 2(3m−1)/4 − 1 and m ≡ 3 (mod 4).

Open Problem 4. Determine the dimension and the minimum weight of the code Cs defined by the monomials xe , where e =
24i + 23i + 22i + 2i − 1 and m = 5i.

10. Concluding remarks and summary

In this paper, we constructed a number of families of binary cyclic codes with monomials and trinomials of special types.
The dimension of some of the codes is flexible. We determined the minimum weight for some families of cyclic codes, and
developed tight lower bounds for other families of cyclic codes. The main results of this paper showed that the approach of
constructing cyclic codes with polynomials is promising.
The binary sequences defined by some of the monomials and trinomials have large linear span. These sequences have also
reasonable autocorrelation property. They could be employed in certain stream ciphers as keystreams. So the contribution
of this paper in cryptography is the computation of the linear spans of these sequences.
 C. Ding, Z. Zhou / Discrete Mathematics 321 (2014) 76–89 89

It is known that long BCH codes are bad [20]. However, it was indicated in [2,23] that there may be good cyclic codes.
The cyclic codes presented in this paper proved that some families of cyclic codes are in fact very good.
Four open problems regarding binary cyclic codes were proposed in this paper. The reader is cordially invited to attack
them.

Acknowledgments

The authors are very grateful to the reviewers and the editor, Prof. Marco Buratti, for their comments and suggestions
that improved the presentation and quality of this paper.

References

[1] M. Antweiler, L. Bomer, Complex sequences over GF(pM ) with a two-level autocorrelation function and a large linear span, IEEE Trans. Inform. Theory
38 (1) (1992) 120–130.
[2] E.R. Berlekamp, J. Justesen, Some long cyclic linear binary codes are not so bad, IEEE Trans. Inform. Theory 20 (3) (1974) 351–356.
[3] A.R. Calderbank, W. Li, B. Poonen, A 2-adic approach to the analysis of cyclic codes, IEEE Trans. Inform. Theory 43 (1997) 977–986.
[4] C. Carlet, C. Ding, J. Yuan, Linear codes from highly nonlinear functions and their secret sharing schemes, IEEE Trans. Inform. Theory 51 (6) (2005)
2089–2102.
[5] R.T. Chien, Cyclic decoding procedure for the Bose–Chaudhuri–Hocquenghem codes, IEEE Trans. Inform. Theory 10 (1964) 357–363.
[6] C. Ding, Cyclic codes from the two-prime sequences, IEEE Trans. Inform. Theory 58 (6) (2012) 357–363.
[7] C. Ding, Cyclic codes from some monomials and trinomials, SIAM J. Discrete Math. 27 (2013) 1977–1994.
[8] C. Ding, G. Xiao, W. Shan, The Stability Theory of Stream Ciphers, in: Lecture Notes in Computer Science, vol. 561, Springer-Verlag, Heidelberg, 1991.
[9] H.Q. Dinh, On the linear ordering of some classes of negacyclic and cyclic codes and their distance distributions, Finite Fields Appl. 14 (1) (2008) 22–40.
[10] S.T. Dougherty, S. Ling, Cyclic codes over Z4 of even length, Des. Codes Cryptogr. 39 (2) (2006) 127–153.
r
[11] T. Feng, On cyclic codes of length 22 − 1 with two zeros whose dual codes have three weights, Des. Codes Cryptogr. 62 (3) (2012) 253–258.
[12] G.D. Forney, On decoding BCH codes, IEEE Trans. Inform. Theory 11 (4) (1995) 549–557.
[13] C. Güneri, F. Özbudak, Weil–Serre type bounds for cyclic codes, IEEE Trans. Inform. Theory 54 (12) (2008) 5381–5395.
[14] B. Heijne, J. Top, On the minimal distance of binary self-dual cyclic codes, IEEE Trans. Inform. Theory 55 (11) (2009) 4860–4863.
[15] T. Helleseth, P.V. Kumar, Sequences with low correlation, in: V.S. Pless, W.C. Huffman (Eds.), Handbook of Coding Theory, Elsevier, Amsterdam, 1998,
pp. 1765–1854.
[16] Q. Huang, Q. Diao, S. Lin, K. Abdel-Ghaffar, Cyclic and quasi-cyclic LDPC codes on constrained parity-check matrices and their trapping sets, IEEE Trans.
Inform. Theory 58 (5) (2012) 2648–2671.
[17] W.C. Huffman, V. Pless, Fundamentals of Error-Correcting Codes, Cambridge University Press, Cambridge, 2003.
[18] Y. Jia, S. Ling, C. Xing, On self-dual cyclic codes over finite fields, IEEE Trans. Inform. Theory 57 (4) (2011) 2243–2251.
[19] T. Kasami, The weight enumerators for several classes of subcodes of the second order binary Reed–Muller codes, Inf. Control 18 (1971) 369–394.
[20] S. Lin, E.J. Weldon, Long BCH codes are bad, Inf. Control 11 (1967) 445–451.
[21] J.H. van Lint, R.M. Wilson, On the minimum distance of cyclic codes, IEEE Trans. Inform. Theory 32 (1) (1986) 23–40.
[22] J. Luo, K. Feng, Cyclic codes and sequences from generalized Coulter–Matthews function, IEEE Trans. Inform. Theory 54 (12) (2008) 5345–5353.
[23] C. Martínez-Pérez, W. Willems, Is the class of cyclic codes asymptotically good? IEEE Trans. Inform. Theory 52 (2) (2006) 696–700.
[24] M.J. Moisio, The moments of a Kloosterman sum and the weight distribution of a Zetterberg-type binary cyclic code, IEEE Trans. Inform. Theory 53 (2)
(2007) 843–847.
[25] O. Moreno, P.V. Kumar, Minimum distance bounds for cyclic codes and Deligne’s theorem, IEEE Trans. Inform. Theory 39 (5) (1993) 1524–1534.
[26] J. Park, J. Moon, Error-pattern-correcting cyclic codes tailored to a prescribed set of error cluster patterns, IEEE Trans. Inform. Theory 55 (4) (2009)
1747–1765.
[27] E. Prange, Some cyclic error-correcting codes with simple decoding algorithms, Air Force Cambridge Research Center-TN-58-156, Cambridge, Mass,
April 1958.
[28] A. Rao, N. Pinnawala, A family of two-weight irreducible cyclic codes, IEEE Trans. Inform. Theory 56 (6) (2010) 2568–2570.
[29] W. Si, C. Ding, A simple stream cipher with proven properties, Cryptogr. Commun. 4 (2) (2012) 79–104.
[30] X. Zeng, L. Hu, W. Jiang, Q. Yue, X. Cao, The weight distribution of a class of p-ary cyclic codes, Finite Fields Appl. 16 (1) (2010) 56–73.

Further reading

[1] C. Ding, J. Yuan, A family of skew Hadamard difference sets, J. Combin. Theory Ser. A 113 (2006) 1526–1535.
[2] C.R.P. Hartmann, K.K. Tzeng, Generalizations of the BCH bound, Inf. Control 20 (1972) 489–498.