VIETNAM GENERAL CONFEDERATION OF LABOUR

TON DUC THANG UNIVERSITY

FACULTY OF MATHEMATICS AND STATISTICS

HUYNH THIEN MAN

241807004

FINAL REPORT

Course’s Name: Coding Theory

Lecturer: Assoc. Prof. Phan Thanh Toan

Ho Chi Minh City, May 2025

TABLE OF CONTENT

LIST OF FIGURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

LIST OF TABLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

I Cyclic codes 5

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Definition of a cyclic code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1 Cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.2 The Ring in cyclic code . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2.3 Multiplication by x and the Cyclic Shift Property . . . . . . . . . . . . . . 9

2.4 Ideals in Rn and Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . 10

2.5 Construction of cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Generator polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

4 The check polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.1 Parity Check Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.2 Parity Check Matrix H . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

4.3 Properties of H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

5 Factor of xn − 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.1 Field Extension and Roots of Unity . . . . . . . . . . . . . . . . . . . . . 28

5.2 Factoring xn − 1 over GF(q m ) . . . . . . . . . . . . . . . . . . . . . . . . 29

1
 5.3 Cyclotomic Cosets and Factoring over GF(q) . . . . . . . . . . . . . . . 29

5.4 Minimal Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

5.5 Zeros of a Cyclic Code and the Dual Code . . . . . . . . . . . . . . . . 32

6 t-Error-correcting BCH codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

6.1 BCH codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

6.2 Binary BCH codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

6.3 Reversible codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

7 Using a matrix over GF(q m ) to define a code over GF(q) . . . . . . . . . . . . . 42

8 Encoding cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

II Exercise 59

2
LIST OF FIGURE

1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3 A circuit to divide by x4 + x + 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4 Preliminary version of encoder 1. . . . . . . . . . . . . . . . . . . . . . . . . . . 49

5 Division circuit with premultiplication by x4 . . . . . . . . . . . . . . . . . . . . . . 51

6 Final version of encoder 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

7 Encoder 1 for a BCH code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

8 Encoder 2 for a BCH code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

3
LIST OF TABLE

1 BCH codes of length 15. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

2 BCH codes of length 31. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

3 BCH codes of length 23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Simulation of Division Circuit in Figure 3 . . . . . . . . . . . . . . . . . . . . . . 48

5 Simulation of Fig. 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

6 Simulation of Division Circuit in Figure 7.8 . . . . . . . . . . . . . . . . . . . . . 52

7 Simulation of Fig. 7.9 Encoder (Final Version of Encoder #1) . . . . . . . . . . 53

8 Simulation of Fig. 7.10 Encoder . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

9 Simulation of Fig. 7.11 Encoder (Stage A and c7 calculation - Clarified FF0n) . 57

4
 Part I

Cyclic codes

5
1 Introduction

Cyclic codes are very common, since they are easy to encode, and include the important
family of BCH codes. They also serve as building blocks for many other complex codes.
Core definition

• In this chapter, we defined a cyclic code as an ideal in a special mathematical structure

called the ”ring of polynomials modulo xn −1”. Informally, cyclic codes have a ”rotational”
property.

• A cyclic code of length n over the finite field GF (q) consists of all ”multiples” of a gener-
ator polinomial g(x).

• The generator polinomial g(x) is the monic polynomial (leading coefficient is 1) of the
least degree in the code, and importantly, it must be a divisor of xn − 1.

• It will be shown that Hamming codes and double-error-correcting BCH codes are also
types of cyclic codes.

• In addition, we defined as h(x) = (xn − 1)/g(x). This polynomial also plays a crucial role
in checking and decoding.

• Studies the factors of the polynomial xn − 1. This is important for understanding and
finding generator polynomials g(x). It is assumed that n and q are relatively prime. The
zeros (roots) of xn − 1 lie in an extension field GF (q m ).

• Provides the general definition for t - error - correcting BCH codes.

• Looks more generally at how a matrix over a larger field GF (q m ) can define a code over
a smaller field GF (q).

• The last section we describes techniques for encoding cyclic codes.

Further Information: Deeper properties of cyclic codes will be dealt with in the next chapter.
In summary, cyclic codes are a manageable class of codes built upon a special ”generator
polynomial” g(x). This chapter will explain their definition, construction, and basic properties,
particularly in relation to BCH codes.

6
2 Definition of a cyclic code

2.1 Cyclic codes

Definition 1 (Cyclic code). A code C is cyclic if

• C is a linear code;

• any cyclic shift of a codeword is also a codeword

(c0 , c1 , · · · , cn−1 ) ∈ C ⇒ (cn−1 , c0 , · · · , cn−2 ) ∈ C.

Example 1. We have:

• C3 = {000, 110, 101, 011} is cyclic code.

• Hamming code H(3, 2): with the generator matrix

 
1 0 0 0 0 1 1
 
 
0 1 0 0 1 0 1
G=



0 0 1 0 1 1 0
 
0 0 0 1 1 1 1

is equivalent to a cyclic code.

• The binary linear code {0000, 1001, 0110, 1111} is not cyclic, but it is equivalent to a cyclic
code.

Comparing with linear codes

We compare linear codes and cyclic codes. The cyclic codes are quite scarce. For example,
there are 11811 linear [7, 3] binary codes, but only two of them are cyclic.
For some cases, for example for n = 19 and F = GF (2), the above four trivial cyclic codes
are the only cyclic codes.
To get the algebraic, we associate with vector c = (c0 , c1 , · · · , cn−1 ) in F n (with F is finite field
GF (q)) and we have the polynomial

c(x) = c0 + c1 x + · · · + cn−1 xn−1

7
Example 2. • C3 corresponds to the polynomials: 0, 1 + x, 1 + x2 and x + x2 .

• The code with the generator matrix

 
1 0 1 1 1 0 0
 
G = 0 1 0 1 1 1 0
 
 
0 0 1 0 1 1 1

has, in addition to the codeword 0000000, the following codewords

c1 = 1011100 c2 = 0101110 c3 = 0010111

c1 + c2 = 1110010 c1 + c3 = 1001011 c2 + c3 = 0111001

c1 + c2 + c3 = 1100101

and it is cyclic because the right shifts have the following impacts

c1 → c2 , c2 → c3 , c3 → c1 + c3 ,

c1 + c2 → c2 + c3 , c 1 + c3 → c1 + c2 + c3 , c2 + c3 → c1

c1 + c2 + c3 → c1 + c2

We shall use the following notation: If F is a field, then F [x] is denotes the set of polynomials
in x with coefficients from F . And in fact, F [x] is a ring.

2.2 The Ring in cyclic code

Definition 2 (Ring). A ring R, generally speaking, is a set equipped with two binary opera-
tions, typically called addition (+) and multiplication (·), satisfying the following axioms:

1. (R, +) is an abelian (commutative) group:

• Addition is associative: (a + b) + c = a + (b + c) for all a, b, c ∈ R.

• There exists a zero element 0 ∈ R such that a + 0 = 0 + a = a for all a ∈ R.

• For each a ∈ R, there exists an additive inverse −a ∈ R such that a + (−a) =

(−a) + a = 0.

• Addition is commutative: a + b = b + a for all a, b ∈ R.

2. Multiplication is associative: (a · b) · c = a · (b · c) for all a, b, c ∈ R.

8
 3. Multiplication is distributive with respect to addition:

• a · (b + c) = (a · b) + (a · c) for all a, b, c ∈ R (left distributivity).

• (b + c) · a = (b · a) + (c · a) for all a, b, c ∈ R (right distributivity).

In our context, the ring under consideration is usually a commutative ring with identity,
meaning that multiplication is also commutative (a · b = b · a) and there exists an identity
element 1 ∈ R such that 1 · a = a · 1 = a for all a ∈ R.
The Ring Rn = F [x]/(xn − 1)
Let F be a finite field (e.g., GF(q)) and F [x] be the ring of polynomials with coefficients in F .
Consider the ideal I = (xn − 1) generated by the polynomial xn − 1 in F [x]. The quotient ring
is defined as:
Rn = F [x]/(xn − 1)

The elements of Rn are the residue classes of polynomials in F [x] modulo xn − 1. This means
that two polynomials a(x) and b(x) belong to the same residue class if a(x) − b(x) is divisible
by xn − 1. In Rn , we have the congruence relation xn ≡ 1 (mod xn − 1), or in other words,
xn = 1 in Rn .
Each element of Rn can be uniquely represented by a polynomial of degree less than n (or
the zero polynomial). Specifically, if p(x) ∈ F [x], then p(x) (mod xn − 1) is the remainder
polynomial r(x) when p(x) is divided by xn − 1, with deg(r(x)) < n. Therefore, an element
c(x) ∈ Rn can be written as:

c(x) = c0 + c1 x + c2 x2 + · · · + cn−1 xn−1

where ci ∈ F . The ring Rn is also an n-dimensional vector space over the field F with basis
{1, x, x2 , . . . , xn−1 }.

2.3 Multiplication by x and the Cyclic Shift Property

Consider an arbitrary polynomial c(x) ∈ Rn as defined above:

c(x) = c0 + c1 x + c2 x2 + · · · + cn−2 xn−2 + cn−1 xn−1

Multiplying c(x) by x in the ring Rn , we get:

xc(x) = c0 x + c1 x2 + c2 x3 + · · · + cn−2 xn−1 + cn−1 xn

9
Since xn = 1 in Rn , the expression becomes:

xc(x) = c0 x + c1 x2 + · · · + cn−2 xn−1 + cn−1 (1)

Rearranging the terms in increasing powers of x:

xc(x) = cn−1 + c0 x + c1 x2 + · · · + cn−2 xn−1

If we represent the polynomial c(x) by its coefficient vector (c0 , c1 , . . . , cn−1 ), then the polyno-
mial xc(x) corresponds to the coefficient vector (cn−1 , c0 , c1 , . . . , cn−2 ). This is precisely a right
cyclic shift of the coefficients of the original polynomial.

Conclusion. Multiplication of a polynomial (representing a codeword) by x in the ring Rn =

F [x]/(xn − 1) corresponds to a cyclic shift of its coefficients. This property is fundamental to
the definition and structure of cyclic codes.

2.4 Ideals in Rn and Cyclic Codes

Definition 3. An ideal C of Rn is a linear subspace of Rn such that:

• if c(x), c′ (x) ∈ C then so is c(x) + c′ (x) ∈ C.

• if c(x) ∈ C then so is r(x)c(x) for all r(x) ∈ Rn . clearly can be replaced by: if c(x) ∈ C
then so is xc(x) ∈ C.

Our initial definition can now be simply written as:

Definition 4. A cyclic code of length n is an ideal of Rn .

Example 3.

0 → 000 1 → 100

x → 010 1 + x → 110

x2 → 001 1 + x2 → 101

x + x2 → 011 1 + x + x2 → 111

10
C3 = {0, 1 + x, 1 + x2 , x + x2 } is an ideal in R3 . For C3 is closed under addition (hence linear),
and any multiple of c(x) ∈ C3 is again in C3

The group algebra F G. A second description of Rn is often helpful. Let G = {1, x, x2 , . . . , xn−1 }, xn =
1, be a cyclic group of order n. The group algebra F G of G over F , cosists of all formal sums

n−1
X
c(x) = ci xi , ci ∈ F.
i=0

Addition in F G is by coordinates, and multiplication is modulo xn − 1. Clearly F G coincides

with Rn .

2.5 Construction of cyclic codes

Notation: For any g(x) ∈ Rn we can define

⟨g(x)⟩ = {r(x)g(x)|r(x) ∈ Rn }

(with multiplication modulo xn − 1) a set of polynomials - a code.

Theorem 1. For any g(x) ∈ Rn , the set ⟨g(x)⟩ is a cyclic code (generated by g).

Proof. If a(x)g(x) ∈ ⟨g(x)⟩ and b(x)g(x) ∈ ⟨g(x)⟩, then

a(x)g(x) + b(x)g(x) = (a(x) + b(x)) g(x) ∈ ⟨g(x)⟩

If a(x)g(x) ∈ ⟨g(x)⟩ and r(x) ∈ Rn , then

r(x). (a(x)g(x)) = (r(x)a(x)) g(x) ∈ a(x)g(x) ∈ ⟨g(x)⟩

Example 4. Let C = ⟨1 + x2 ⟩, n = 3, q = 2.
In order to determine C we have to compute r(x)(1 + x2 ) for all r(x) ∈ R3 .

R3 = {0, 1, x, 1 + x, x2 , 1 + x2 , x + x2 , 1 + x + x2 }.

Answer

11
 C = {0, 1 + x, 1 + x2 , x + x2 } = {000, 011, 101, 100}.

exercise 1.
What is the ideal describing the cyclic code 0000,0101,1010,1111?
The given code is C = 0000, 0101, 1010, 1111. This is a binary code of length n = 4.
We represent the codewords as polynomials in F2 [x]/(x4 − 1):

• 0000 ↔ 0

• 0101 ↔ x + x3

• 1010 ↔ 1 + x2

• 1111 ↔ 1 + x + x2 + x3

To find the generator polynomial g(x), we look for the monic polynomial of the lowest degree
(other than 0) in the code.

The non-zero polynomials are:

• x + x3

• 1 + x2

• 1 + x + x2 + x3

The monic polynomial of lowest degree is g(x) = 1 + x2 .

Let’s check if all codewords are multiples of g(x) = 1 + x2 ∈ R4 :

• 0 ∗ (1 + x2 ) = 0 (corresponds to 0)

• 1 ∗ (1 + x2 ) = 1 + x2 (corresponds to 1010)

• x ∗ (1 + x2 ) = x + x3 (corresponds to 0101)

• (1 + x) ∗ (1 + x2 ) = 1 + x + x2 + x3 (corresponds to 1111)

12
All codewords are indeed multiples of g(x) = 1 + x2 .

Thus, g(x) = 1 + x2 is the generator polynomial.

Therefore, the ideal describing the cyclic code < 1 + x2 > in F2 [x]/(x4 − 1).

exercise 2.
Describe the smallest cyclic code containing the vector 0011010.
We have the vector is C = 0011010. So, it is a binary vector of length n = 7.
The corresponding polynomial is C(x) = x2 + x3 + x5 .
To find the smallest cyclic code C containing the vector C we need to find the polynomial C(x)
is the principal ideal generated by

g(x) = gcd(C(x), x7 − 1)

in F2 [x] First, we factor x7 − 1 over F2 .

x7 − 1 = x7 + 1 (mod 2)

= (x + 1)(x6 + x5 + x4 + x3 + x2 + x + 1)

= x6 + x5 + x4 + x3 + x2 + x + 1(since: x − 1 = x + 1)

= (x3 + x + 1)(x3 + x2 + 1)

So,
x7 − 1 = (x + 1)(x3 + x + 1)(x3 + x2 + 1)

These factors are irreducible over F2 .

Now, we factor C(x) = x2 + x3 + x5 = x2 (1 + x + x3 ).

The common factor between c(x) and x7 − 1 is x3 + x + 1

Thus, the generator polynomial is g(x) = x3 + x + 1

The smallest cyclic code containing the vector 0011010 is the ideal ⟨x3 + x + 1⟩ in R7 .

exercise 3.

13
Show that Rn is not a field (Hint: x − 1 has no multiplicative inverse).
The ring Rn is defined as F [x]/(xn − 1). Besides, we have a field is a commutative ring in
which every non-zero element has a multiplicative inverse.

We consider the element x − 1 in Rn . If x − 1 has a multiplicative inverse, we say p(x), in Rn ,

then (x − 1)p(x) ≡ 1 (mod xn − 1).

This means (x − 1)p(x) = 1 + h(x)(xn − 1) for some polynomial h(x).

Equivalent, we get (x − 1)p(x) − h(x)(xn − 1) = 1.

This equation has a solution for p(x) and −h(x) if and only if gcd(x − 1, xn − 1) = 1 (or a
non-zero constant, which can be scaled to 1).

However, x − 1 is a factor of xn − 1 for any n ≥ 1, because x = 1 is a root of xn − 1 (i.e.,

1n − 1 = 0).

So, gcd(x − 1, xn − 1) = x − 1.

For x − 1 to be 1 (a unit in F [x]), it must be a non-zero constant. This is not the case for the
polynomial x − 1 if we are considering it as a polynomial of degree 1.

If n = 1, then R1 = F [x]/(x − 1). Any polynomial a(x) (mod x − 1) is just a(1), which is an
element of F . So R1 is isomorphic to F , which is a field.

However, the problem implicitly assumes n > 1, where Rn is a ring of polynomials of degree
up to n − 1.

If n > 1, then x − 1 is a non-zero element in Rn . Since gcd(x − 1, xn − 1) = x − 1 ̸= 1, x − 1

does not have a multiplicative inverse in Rn .

Since there exists a non-zero element (x − 1) in Rn (for n > 1) that does not have a multiplica-
tive inverse, Rn is not a field for n > 1.

14
3 Generator polynomial

A particularly simple kind of ideal is a principal ideal, which consists of all multiples of a fixed
polynomial g(x) by elements of Rn . It will be denoted by

⟨g(x)⟩.

g(x) is called a generator polynomial of the ideal.

In fact, every ideal in Rn is a principal ideal; every cyclic code has a generator polynomial.

Theorem 2. Let C be a nonzero ideal in Rn , i.e., a cyclic code of length n.

(a) There is a unique monic polynomial g(x) of minimal degree in C.

(b) C = ⟨g(x)⟩, i.e., g(x) is a generator polynomial of C.

(c) g(x) is a factor of xn − 1.

(d) Any c(x) ∈ C can be written uniquely as c(x) = f (x)g(x) in F[x], where

f (x) ∈ F[x] has degree < n − r, r = deg g(x).

The dimension of C is n − r. Thus the message f (x) becomes the codeword f (x)g(x).

(e) If g(x) = g0 + g1 x + · · · + gr xr , then C is generated (as a subspace of Fn ) by the rows of

the generator matrix:

   
g g g · · · gr 0 g(x)
 0 1 2   
g0 g1 · · · gr−1 gr  
   
 xg(x) 
G= ... ...
=  (3.1)
···
   
   
   
n−r−1
0 g0 · · · gr x g(x)

using an obvious notation.

15
 Proof. (a) Suppose f (x), g(x) ∈ C both are monic and have the minimal degree r. Then the
polynomial f (x) − g(x) ∈ C has lower degree. If f (x) ̸= g(x) we get a contraction. That
means f (x) = g(x).

(b) Suppose c(x) ∈ C. Write c(x) = q(x)g(x) + r(x) in Rn , where deg r(x) < r. But r(x) =
c(x) − q(x)g(x) ∈ C since the code is linear; so r(x) = 0. Therefore c(x) = q(x)g(x).

(c) Write xn − 1 = h(x)g(x) + r(x) in F[x], where deg r(x) < r.

and therefore
r(x) ≡ −h(x)g(x) (mod xn − 1) and

r(x) ∈ C ⇒ r(x) = 0 ⇒ g(x) is a factor of xn − 1.

(d), (e) From (b), any c(x) ∈ C, deg c(x) < n, is equal to q(x)g(x) in Rn . Thus

c(x) = q(x)g(x) + e(x)(xn − 1) in F[x],

= (q(x) + e(x)h(x))g(x) in F[x], (by (c) we write xn − 1 = h(x)g(x))

= f (x)g(x) in F[x], (2)

from (a) we have deg g(x) = r

degc(x) = f (x) + r,

but degc(x) ≤ n − 1. So deg f (x) ≤ n − r − 1

Thus the code consists of multiples of g(x) by polynomials of degree ≤ n − r − 1,

evaluated in F[x] (not in Rn ).

And f(x) can be written as

a0 · 1 + a1 · x + · · · + an−r−1 · xn−r−1 .

then c(x) = a0 [g(x)] + a1 [xg(x)] + · · · + an−r−1 [xn−r−1 g(x)]. Since g(x) ̸= 0, a0 = a1 =

... = an−r−1 = 0

Thus, there are n − r linearly independent multiples of g(x), namely

g(x), xg(x), . . . , xn−r−1 g(x).

16
 The corresponding vectors are the rows of G. Thus the code has dimension n − r.
Q.E.D.

Example 5.
The parity check matrix of a binary Hamming code of length n = 2m −1 has as columns all 2m −
m −2
1 distinct nonzero m-tuples. Now if α is a primitive element of GF(2m ) then 1, α, α2 , . . . , α2
are distinct and can be represented by distinct nonzero binary m-tuples.
So the binary Hamming code Hm with parameters

[n = 2m − 1, k = n − m, d = 3]

has a parity check matrix which can be taken to be

m −2
H = (1, α, α2 , . . . , α2 ), (3)

where each entry is to be replaced by the corresponding column vector of m 0’s and 1’s.
E.g. for H3 ,
H = (1, α, α2 , α3 , α4 , α5 , α6 )
 
0010111
 
= 0101110 , (4)
 
 
1001011

where α ∈ GF(23 ) satisfies α3 + α + 1 = 0.

A vector c = (c0 , c1 , . . . , cn−1 ) belongs to Hm

⇐⇒ HcT = 0

n−1
X
⇐⇒ ci α i = 0
i=0

⇐⇒ c(α) = 0

where c(x) = c0 + c1 x + · · · + cn−1 xn−1 . c ∈ Hm iff the minimal polynomial M (1) (x) divides c(x).
Thus Hm consists of all multiples of M (1) (x), or in other words:

Hm = {c(x) ∈ F2 [x] | M (1) (x) | c(x)}

Theorem 3. The Hamming code Hm as defined above is a cyclic code with generator poly-

17
nomial g(x) = M (1) (x).

From Theorem 1 a generator matrix for Hm is

 
(1)
M (x)
 
(1)
xM (x)
 
 
 
G=
 2 (1) 
(5)
x M (x) 
 
 
................................................
 
xn−m−1 M (1) (x)

E.g. for H3 ,  
1 1 0 1
 
 
 1 1 0 1 
G=


 (6)
 1 1 0 1 
 
1 1 0 1

exercise 4. Verify that the rows of H are orthogonal to those of G.

 
0 0 1 0 1 1 1
 
H = 0 1 0 1 1 1 0
 
 
1 0 0 1 0 1 1

and
 
1 1 0 1 0 0 0
 
 
0 1 1 0 1 0 0
G=
 

0 0 1 1 0 1 0
 
0 0 0 1 0 1 1

Multiply G · H T . Since G is 4 × 7 and H T is 7 × 3.

Thus, the result will be 4 × 3.
- Row 1 of G: [1 1 0 1 0 0 0]
+ Dot with column 1 of H T : [0 0 1 0 1 1 1] = 0
+ Dot with column 2 of H T : = [1 1 0 1 0 0 0] = 0
+ Dot with column 3 of H T : [1 0 0 1 0 1 1] = 0
 
=⇒ Result of row 1 is 0 0 0

- Row 2 of G: [0 1 1 0 1 0 0]

18
+ Dot with column 1 of H T = 0
+ Dot with column 2 of H T = 0
+ Dot with column 3 of H T = 0
 
=⇒ Result of row 2 is 0 0 0

- Row 3 of G: [0 0 1 1 0 1 0]
+ Dot with column 1 of H T = 0
+ Dot with column 2 of H T = 0
+ Dot with column 3 of H T = 0
 
=⇒ Result of row 3 is 0 0 0

- Row 4 of G: [0 0 0 1 1 0 1]
+ Dot with column 1 of H T = 0 + Dot with column 2 of H T = 0 + Dot with column 3 of H T = 0
 
=⇒ Result of row 4 is 0 0 0
=⇒ Final result of G · H T is  
0 0 0
 
 
0 0 0
 
 
0 0 0
 
0 0 0

The product G · H T = 0. Confirm that G is orthogonal of H.

Theorem 4. The double-error-correcting BCH code C has parameters

[n = 2m − 1, k = n − 2m, d ≥ 5], m ≥ 3,

and is a cyclic code with generator polynomial

g(x) = M (1) (x)M (3) (x).

Proof. A double-error-correcting code C of length n = 2m − 1 was defined to have the parity

check matrix
 
2 2m−2
1 α α ··· α
H= , (7)
3 6 3(2m−2)
1 α α ··· α

where again each entry is to be replaced by the corresponding binary m-tuple.

19
Now
c ∈ C ⇐⇒ HcT = 0
n−1
X n−1
X
i
⇐⇒ ci α = 0 and ci α3i = 0
i=0 i=0

⇐⇒ c(α) = 0 and c(α3 ) = 0

⇐⇒ M (1) (x) | c(x) and M (3) (x) | c(x), by (M2),

where M (3) (x) is the minimal polynomial of α3 ,

⇐⇒ l.c.m.(least common multiple){M (1) (x), M (3) (x)} | c(x).

But M (1) (x) and M (3) (x) are irreducible and distinct, so finally we have

c ∈ C ⇐⇒ M (1) (x)M (3) (x) | c(x).

We choose m ≥ 3 to be sure that M (1) (x) and M (3) (x) is different.

Deg M (1) (x) = m and Deg M (3) (x) = m
So Deg g(x) = m + m = 2m. Then we have k = n− deg g(x) = n - 2m. Q.E.D

Example 6. Find all binary cyclic codes of length 3.

Make decomposition

x3 − 1 = (x − 1)(x2 + x + 1)

Therefore, we have the following generator polynomials and cyclic codes of length 3.
Generator polynomials Code in R3 Code in V (3, 2)
1 R3 V (3, 2)
x+1 {0, 1 + x, x + x2 , 1 + x2 } {000, 110, 011, 101}
x2 + x + 1 {0, 1 + x + x2 } {000, 111}
x3 − 1 (=0) {0} {000}

exercise 5.
With the generator polynomial g(x) = (x4 + x + 1)(x4 + x3 + x2 + x + 1). Give a generator
matrix.
The task is to determine all ternary codes of length 4 and generators for them. Factorization

20
of x4 − 1 over GF (3) has the form

x4 − 1 = (x − 1)(x3 + x2 + x + 1) = (x − 1)(x + 1)(x2 + 1)

Therefore, there are 23 = 8 divisors of x4 − 1 and each generates a cyclic code.

Generator polynomial Generator matrix
1 I4
 
−1 1 0 0
 
x−1  0 −1 1 0
 
 
0 0 −1 1
 
1 1 0 0
 
x+1
 
0 1 1 0
 
0 0 1 1
 
1 0 1 0
x2 + 1  
0 1 0 1
 
−1 0 1 0
(x − 1)(x + 1) = x2 − 1  
0 −1 0 1
h i
(x − 1)(x2 + 1) = x3 − x2 + x − 1 −1 1 −1 1
h i
(x + 1)(x2 + 1) 1 1 1 1
h i
x4 − 1 = 0 0 0 0 0

exercise 6.
The Hamming code Hm (q) over GF(q) has an m × (q m − 1)/(q − 1) parity check matrix
whose columns are all nonzero m-tuples from GF(q) with first nonzero entry equal to 1.
Code #6 of Ch. 1 shows H2 (3). Prove that Hm (q) is a perfect [n = (q m − 1)/(q − 1), k =
n − m, d = 3] code.
Given an e-error-correcting code C of length n over Fq , the sphere packing bound asserts that
spheres of radius e centered at the codewords are disjoint.
Hence, we have the inequality

e  
X n
|C| (q − 1)i ≤ q n .
i=0
i

A code is perfect if equality holds in the sphere packing bound.

21
An [n, k]q Hamming code can be defined by its parity check matrix, which consists of n vectors
in Fkq such that any two vectors are linearly independent and with n maximum possible.

qk − 1
Hence, n is the number of 1-dimensional subspaces in Fkq , i.e., n = .
q−1

Since some three columns of the parity check matrix are linearly dependent (and any two
columns are linearly independent), the Hamming code has minimum distance 3 and hence is
1-error-correcting. The union of all spheres of radius 1 centered at the codewords contain:

qk − 1
     
n n−k
|C| 1 + (q − 1) = q 1+ (q − 1) = q n−k q k = q n
1 q−1

codewords. Because the sphere packing bound holds with equality for Hamming codes, the
Hamming codes are perfect.

4 The check polynomial

Let C be a cyclic code with generator polynomial g(x). From Theorem 1, g(x) divides xn − 1.
Then:

k
xn − 1 X
h(x) = = hi xi , hk ̸= 0
g(x) i=0

h(x) is also a polynomial, let’s assume it has the form h(x) = h0 + h1 x + · · · + hk xk , where
hk ̸= 0 (meaning the degree of h(x) is k).
The degree of h(x) will be k = n − deg(g(x)), where deg(g(x)) is the degree of g(x).
Why is it called the “Check polynomial”?
Any code c(x) in the code C is a multiple of g(x). That is, c(x) = f (x)g(x) where f (x) is some
polynomial (the message polynomial)
When we multiply c(x) by h(x), then:

n−1
X k
X
i
c(x).h(x) = ci x . hj xj = f (x)g(x)h(x)
i=0 j=0

xn − 1
Since h(x) = , then g(x)h(x) = xn − 1. Therefore: c(x)h(x) = f (x)(xn − 1)
g(x)

22
In the polynomial ring Rn = F [x]/(xn −1) (that is, polynomial operations are performed modulo
xn − 1), xn − 1 is equivalent to 0.
Thus, c(x)h(x) ≡ 0 in Rn . This means that if c(x) is a valid codeword, then we multiply c(x) by
h(x) (take the result modulo xn − 1), the result will be the zero polynomial.
This is the “check” property.

4.1 Parity Check Equations

n−1
X k
X
i
When we multiply c(x) = ci x by h(x) = hj xj , the coefficient of xl (for any l) in the
i=0 j=0
product c(x)h(x) is convolution sum:
j
X
ci hj−i
i=0

(indices are taken modulo n because multiplication in Rn is cyclic convolution).

Since c(x)h(x) = 0 in Rn all coefficients of the resulting polynomial c(x)h(x) must be zero.
Therefore, we have a system of equations:

j
X
ci hj−i = 0, for j = 0, 1, . . . , n − 1.
i=0

These are the parity check equations that the codewords must satisfy.

4.2 Parity Check Matrix H

Let
 
hk · · · h2 h1 h0
 
hk · · · h2 h1 h0
 
 
H=
 
. . . . . . . . . . . . . . . . . . . . . . . . . . . .

 
hk · · · h2 h1 h0
 ←−− (4.1)
h(x)
←−−
 

xh(x)

 
= ..

.
 
 

n−k−1
←−− 
x h(x)

The parity check equations above can be written in matrix form as HcT = 0, where cT is the
column vector of the coefficients of c(x).

23
The matrix H is constructed from the coefficients of h(x). The structure of H is described in
two ways in formula (4.1):
Method 1 (Upper Matrix): The rows of H are formed by cyclically shifting the coefficients of
h(x) (in reverse order hk , hk−1 , . . . , h0 followed by n − k − 1 zeros).
Specifically:

• Row 1: [ 0 . . . 0 hk hk−1 . . . h0 ] (with n columns).

• Row 2: [0 . . . hk hk−1 . . . h0 0] (shifted left by 1 position).

• ...

The number of rows in this matrix H is n − k = n − deg(h(x)) = deg(g(x))

This is the number of check bits.
Method 2 (Lower Matrix, with arrows): The rows of H are the coefficient vectors of

• h(x),

• xh(x) (mod xn − 1),

• x2 h(x) (mod xn − 1),

• . . .,

• xn−k−1 h(x) (mod xn − 1)

Where k = deg(h(x)).

4.3 Properties of H

• If c is a codeword c ∈ C, then HcT = 0.

• The size of H is (n − k) × n, where k = deg(g(x)) = n − deg(h(x)).

• The rows of H are linearly independent.

• Therefore, the rank rank(H) = n − k is also the dimension of the dual space C ⊥ , which
is a code.

• H is called the parity check matrix for the code C.

24
Example 7. For the Hamming code H3 , h(x) = (x7 + 1)/(x3 + x + 1) = (x + 1)(x3 + x2 + 1) =
x4 + x2 + x + 1. Thus

 
1 0 1 1 1
 
H= 1 0 1 1 1  (4.2)
 
 
1 0 1 1 1

Answer

We have: n = 7. Generator polynomial g(x) = x3 + x + 1

Check polynomial h(x) = (x7 − 1)/(x3 + x + 1) = x4 + x2 + x + 1
(Note: in the binary field F2 , −1 is the same as +1).
The coefficients of h(x) = 1.x4 + 0.x3 + 1.x2 + 1.x1 + 1.x0 are h4 = 1, h3 = 0, h2 = 1, h1 = 1
and h0 = 1 (Degree k = 4).
The matrix H will have deg(g(x)) = 3 rows.
Using the first construction method of (9) (cyclic shifts of the reversed coefficients of h(x)):
Row 1: [0 0 h4 h3 h2 h1 h0 ] = [0 0 1 0 1 1 1]
Row 2: [0 h4 h3 h2 h1 h0 0] = [0 1 0 1 1 1 0] (shift left for row 1)
Row 3: [h4 h3 h2 h1 h0 0 0] = [1 0 1 1 1 0 0] (shift left for row 2)
Then the result matrix H is:  
1 0 1 1 1
 
H= 1 0 1 1 1
 

 
1 0 1 1 1

Theorem 5. The dual code C ⊥ is cyclic and has generator polynomial

g ⊥ (x) = xdeg h(x) h(x−1 )

Proof. From Equation (4.1). Q.E.D.

By this theorem the code with generator polynomial h(x) is equivalent to C ⊥ . In fact it consists
of the codewords of C ⊥ written backwards.

exercise 7.
Show that the [7,4,3] code with g(x) = x3 + x + 1 and the [7, 3, 4] code with g(x) = x4 +
x3 + x2 + 1 are duals.
Solution:

25
A C ⊥ is a dual code of C if and only if:

∀c ∈ C, ∀v ∈ C ⊥ : c · v = 0

So, to actually prove that the second code is the dual of the first code, we need to prove that
every codeword in one code is perpendicular to every codeword in the other code according
to the standard dot product over Fn2 .
We have:

• The code C1 = [7, 4, 3], generated g1 (x) = x3 + x + 1

• The code C1 = [7, 3, 4], generated g2 (x) = x4 + x3 + x2 + 1

First, we build the codeword C1 :

Because C1 is the linear cyclic code, we can take 4 message bits multiply with the generator
to get 8 codewords:
 
g1 (x)
 
 
 xg1 (x) 
G1 = 
 2

 (mod x7 − 1)
x g1 (x)
 
3
x g1 (x)

With g1 (x) = x3 + x + 1, we calculate:

• g1 (x) = 1 + x + x3 = 1 1 0 1 0 0 0

• xg1 (x) = x + x2 + x4 = 0 1 1 0 1 0 0

• x2 g1 (x) = x2 + x3 + x5 = 0 0 1 1 0 1 0

• x3 g1 (x) = x3 + x4 + x6 = 0 0 0 1 1 0 1

 
1 1 0 1 0 0 0
 
 
0 1 1 0 1 0 0
G1 = 



0 0 1 1 0 1 0
 
0 0 0 1 1 0 1

26
Similarly C2 , we have: g2 (x) = x4 + x3 + x2 + 1 and
 
g (x)
 2 
G2 =  xg2 (x)  (mod x7 − 1)
 
 
2
x g2 (x)

With g2 (x) = x4 + x3 + x2 + 1

• g2 (x) = x4 + x3 + x2 + 1 = 1 0 1 1 1 0 0

• xg2 (x) = x + x2 + x3 + x5 = 0 1 1 1 0 1 0

• x2 g2 (x) = x2 + x3 + x4 + x6 = 0 0 1 1 1 0 1

 
1 0 1 1 1 0 0
 
G2 = 0 1 0 1 1 1 0
 
 
0 0 1 0 1 1 1

Second, we check the condition c ∗ v = 0, this means, we get each line of G1 multiply with
each line of G2 to check: Dot product over F2 is 0
With G1 , we put:

c1 = 1 1 0 1 0 0 0

c2 = 0 1 1 0 1 0 0

c3 = 0 0 1 1 0 1 0

c4 = 0 0 0 1 1 0 1

and with G2 , we put:

v1 = 1 0 1 1 1 0 0

v2 = 0 1 1 1 0 1 0

v3 = 0 0 1 1 1 0 1

So, easily to see that:

c1 ∗ v 1 = 0

27
 c1 ∗ v 2 = 0

c1 ∗ v 3 = 0

c2 ∗ v 1 = 0

c2 ∗ v 2 = 0

c2 ∗ v 3 = 0

c3 ∗ v 1 = 0

c3 ∗ v 2 = 0

c3 ∗ v 3 = 0

c4 ∗ v 1 = 0

c4 ∗ v 2 = 0

c4 ∗ v 3 = 0

We conclude that every codeword of C1 orthogonal to C2

That mean, C1⊥ = C2

5 Factor of xn − 1

The factorization of xn − 1 into irreducible factors over GF(q) is a pivotal concept in the theory
of cyclic codes. Its importance stems from the fact that the generator polynomial of any cyclic
code must be a divisor of xn − 1. This principle not only allows for the complete classification
and enumeration of cyclic codes but also provides the foundation for analyzing their funda-
mental properties and their relationship with finite field theory. Without a clear understanding
of how xn − 1 decomposes, the systematic study and application of cyclic codes would be
significantly hindered.

5.1 Field Extension and Roots of Unity

To factor xn − 1, we need to find its roots, which do not necessarily lie in the base field GF(q).

• Core assumption: n and q are relatively prime (gcd(n, q) = 1).

• Multiplicative Order: The smallest positive integer m such that q m ≡ 1 (mod n).

• Splitting Field: The smallest field extension of GF(q) containing all n distinct roots of
xn − 1 is GF(q m ).

28
Lemma 6 (Existence and Properties of Primitive n-th Root of Unity). The set of n roots of
xn − 1 in GF(q m ) forms a cyclic subgroup of order n of GF(q m )*. There always exists an
element α ∈ GF (q m ), called a primitive n-th root of unity, such that these n roots are
{α0 = 1, α1 , α2 , . . . , αn−1 }.

Proof. The set of roots K = {β ∈ GF (q m ) | β n = 1} is a subgroup of the cyclic group GF(q m )*,
hence K is cyclic. Since gcd(n, q) = 1, |K| = n. Thus, K is generated by a primitive n-th root
of unity α.

5.2 Factoring xn − 1 over GF(q m )

Thus, there are n distinct elemnts α0 , α1 , . . . , αn−1 in GF(q m ) (the nth roots of unity) such that

n−1
Y
xn − 1 = (x − αi ) (5.1)
i=0

GF(q m ) is therefore called the splitting fields of xn − 1

5.3 Cyclotomic Cosets and Factoring over GF(q)

To obtain irreducible factors over GF(q), roots αi are grouped.

Lemma 7 (Properties of Frobenius Automorphism). σ : β 7→ β q is an automorphism of GF(q m )

fixing GF(q). If β is a root of f (x) ∈ GF (q)[x], then β q is also a root.
X X
Proof. If f (x) = cj xj (cj ∈ GF (q)) and f (β) = 0, then f (β q ) = ( cj β j )q = (f (β))q =
0.

More generally the cyclotomic coset mod n over GF(q) which contains s is

Cs = {s, sq, . . . , sq ms −1 }

where sq ms ≡ smodn. It is convenient but not essential to choose s to be the smallest integer
in Cs . Then the integers mode n are partitioned into cyclotomic cosets:

[
{0, 1, . . . , n − 1} = Cs ,
s

where s run through a set of coset representatives mod n. Note that m = m1 is the number
of elements in C1

29
Example 8. For n = 9, q = 2

C0 = {0 ∗ 20 mod 9, 0 ∗ 21 mod 9, . . . } = {0}

C1 = {1 ∗ 20 mod 9, 1 ∗ 21 mod 9, 1 ∗ 22 mod 9, 1 ∗ 23 mod 9, 1 ∗ 24 mod 9, 1 ∗ 25 mod 9, 1 ∗ 26 mod 9, . . . }

= {1 mod 9, 2 mod 9, 4 mod 9, 8 mod 9, 16 mod 9, 32 mod 9, 64 mod 9, . . . }

= {1, 2, 4, 8, 7, 5, 1 (Repeat)}

= {1, 2, 4, 5, 7, 8}

C3 = {3 ∗ 20 mod 9, 3 ∗ 21 mod 9, 3 ∗ 22 mod 9, . . . }

= {3 mod 9, 6 mod 9, 12 mod 9, . . . }

= {3, 6, 3 (Repeat)} = {3, 6}

Thus m = 6, and x9 − 1 splits into linear factors over GF(26 ).

Y
Lemma 8 (Coefficients and Closure of Root Set). A polynomial f (x) = (x − αi ) has coef-
i∈K
ficients in GF(q) iff K is closed under multiplication by q (mod n).

Proof.

• (⇒) If f (x) ∈ GF (q)[x] and αk , (k ∈ K) is a root, then by Lemma 7 (Properties of

Frobenius Automorphism), αqk is a root, so qk (mod n) ∈ K.

• (⇐) If K is closed under mult. by q, applying Lemma 7 (Properties of Frobenius Auto-

Y
morphism σ to f (x) permutes its roots: σ(f (x)) = (x − αiq ) = f (x) (because αi is a
i∈K
root, σ(αi ) = αiq also is a root and iq ∈ K). Thus coeffs of f (x) are in GF(q).

5.4 Minimal Polynomials

Definition 5. For coset Cs , the minimal polynomial of αs over GF(q) is

Y
M (s) (x) = (x − αi ).
i∈Cs

This is a monic polynomial with coefficients from GF(q), and is the lowest degree such poly-
nomial having αs as a root

Y
xn − 1 = M (s) (x)
s

30
where s run through a set of coset representatives mod n. This is the factorization of xn − 1
into irreducible polynomials over GF(q)

Example 9. For n = 9, q = 2. From above example, we collect coset representatives mod n -

s = {0, 1, 3}, so

x9 + 1 = M (0) (x)M (1) (x)M (3) (x)

where

M (0) (x) have the highest degree|C0 | = 1 so M (0) (x) = x + 1,

M (1) (x) have the highest degree|C1 | = 6 so M (1) (x) = x6 + x3 + 1,

M (3) (x) have the highest degree|C3 | = 2 so M (3) (x) = x2 + x + 1.

Figure 1 gives the factors of xn + 1 over GF(2) for n ≤ 63 and n = 127. Of course x2m + 1 =
(xm + 1)2 so only odd values of n are given. Also for n = 3, 5, 11, 13, 19, 29, 37, 53, 59, 61, . . . the
factorization is xn + 1 = (x + 1)(xn−1 + · · · + x + 1), since for these primes there are only two
cyclotomic cosets, C0 and C1 . The factors are given in octal, with the lowest degree terms on
the left. Thus the first line of the table means that

1 + x7 = (1 + x)(1 + x2 + x3 )(1 + x + x3 )

31
 Figure 1

5.5 Zeros of a Cyclic Code and the Dual Code

Let C be a cyclic code with generator polynomial g(x). Since g(x) is a divisor of xn − 1 over
GF (q), we have

Y
g(x) = (x − αi ),
i∈K

where i ∈ K =⇒ qi(modn) ∈ K. K is a union of cyclotomic cosets. The nth roots of unity

{αi : i ∈ K} are called the zeros of the code (Naturally the other nth roots of unity are called
the nonzeros - these are the zeros of h(x) = (xn − 1)/g(x)).

32
Clearly if c(x) ∈ Rn then c(x) belongs to C if and only if c(αi ) = 0 for all i ∈ K. Thus a cyclic
code is defined in terms of the zeros of c(x). The zeros of the dual code are the inverse of
the nonzeros of the original code, i.e if C has zeros αi where i run through Cu1 , Cu2 , . . . , then
C | has nonzeros αj where j run through C−u1 , C−u2 , . . . .
Up to now we have taken the generator polynomial of a code to be g(x) = the lowest degree
monic polynomial in the code. But other generators are possible

Lemma 9 ((Bezout)). If p(x) ∈ Rn does not introduce any new zeros, i.e if p(αi ) ̸= 0 for all
/ K, then g(x) and p(x)g(x) generate the same code (Eg. g(x)2 generates the same code
i∈
as g(x))

Proof. (→) Clearly ⟨g(x)⟩ ⊇ ⟨p(x)g(x)⟩.

(←) By hypothesis p(x) and h(x) are relatively prime, by lemma Bezout then there exists
polynomials a(x), b(x) such that

1 = a(x)p(x) + b(x)h(x) in F [x].

⇐⇒ g(x) = a(x)p(x)g(x) + b(x)g(x)h(x) in F [x].

Let h(x) = (xn − 1)/g(x), we deduce that

g(x) = a(x)p(x)g(x) in F [x]

so ⟨g(x)⟩ ⊆ ⟨p(x)g(x)⟩.
Thus ⟨g(x)⟩ = ⟨p(x)g(x)⟩

The factorization of the polynomial xn − 1 over GF(q) is a cornerstone of cyclic code theory. It
provides the theoretical basis for constructing and understanding these codes, their generator
polynomials, their zeros, and their duals. The key tools are field extensions, roots of unity,
Frobenius automorphisms, cyclotomic cosets, and minimal polynomials.

6 t-Error-correcting BCH codes

A BCH code is a class of cyclic error-correcting codes constructed over a finite field GF(q).
For a positive integer t, a BCH code is said to be t-error-correcting if it is designed to correct
up to t errors per codeword. Such a code is constructed so that its generator polynomial has
at least 2t consecutive powers of a primitive nth root of unity as roots.

33
The parameter δ = 2t + 1 is called the designed distance of the code, which guarantees that
the actual minimum distance d of the code satisfies d ≥ δ. This ensures that the code can
detect up to δ − 1 errors and correct up to t errors.

Theorem 10 (The BCH bound.). Let C be the cyclic code with generator polynomial g(x) such
that for some integers b≥ 0,δ ≥ 1

g(αb ) = g(αb+1 ) = ... = g(αb+δ−2 ) = 0.

I.e. the code has a string of δ − 1 consecutive powers of α as zeros. Then the minimum
distance of the code is at least δ.

Proof.

• Step 1: Use codeword properties

If c = (c0 , c1 , ..., cn ) ∈ C then

c(αb ) = c(αb+1 ) = ... = c(αb+δ−2 ) = 0

so that H ′ cT = 0 where
 
b 2b (n−1)b
1 α α ··· α
 
b+1 2(b+1) (n−1)(b+1) 
··· α

1 α α
H′ = 

 .. .. .. ..

. . . .


 
b+δ−2 2(b+δ−2) (n−1)(b+δ−2)
1 α α ··· α

• Step 2: Assume the weight of c is less than δ

Suppose c has weight w ⩽ δ − 1, i.e. ci ̸= 0 iff i ∈ {a1 , a2 , ...aw }. Then H ′ cT = 0 implies
   
 
αa1 b αa2 b ··· αaw b ca1 0
     
 a1 (b+1)
 α αa2 (b+1) · · · αaw (b+1)   ca2  0
    
· = 
.. .. ..   ..   .. 

. . .   .  .


     
αa1 (b+δ−2) αa2 (b+δ−2) ··· α aw (b+δ−2)
caw 0

• Step 3: Use linear independence of Vandermonde matrix

The matrix above is a generalized Vandermonde matrix, and since the αaj values are
distinct (because the indices aj are distinct), the matrix is nonsingular.

34
 Therefore, the only solution to this homogeneous system is:

ca1 = ca2 = ... = caw = 0

which contradicts the assumption that these coefficients are nonzero. Thus the mini-
mum distance of the BCH code is at least δ

Example 10. Binary Hamming Code

• The Hamming code is a special type of BCH code that can correct one error.

• Its generator polynomial is g(x) = M (1) (x), the minimal polynomial of α

• Since α and α2 are both roots of g(x) we have:

g(α) = g(α2 ) = 0

• This means the generator polynomial has two consecutive roots, α, α2 , which implies:

δ−1=2⇒δ =3

• So, by the BCH bound, the minimum distance is at least 3, which matches the known
error-correcting ability of the Hamming code (1-bit error correction).

Corollary 1. A cyclic code of length n with zeros αb , αb+r , αb+2r , ..., αb+(δ−2)r , where r and n
are relatively prime, has minimum distance at least δ

Proof.

• Step 1: Let β = αr . Since α is a primitive nth root of unity and r is relatively prime to n,
β is also a primitive nth root of unity.

• Step 2: Transforming the Zeros: The first zero is

αb = β t , for some t, b ≥ 0

and the other zeros become:

αb+kr = β t+k ( Since β = αr )

35
 So, the zeros are now:

β t , β t+1 , ..., β t+δ−2

→ which are δ − 1 consecutive powers of β

• Step 3: Apply Theorem 1, we know if a generator polynomial has δ − 1 consecutive

powers of β as zeros,then the minimum distance d ⩾ δ

6.1 BCH codes

Definition 6. A cyclic code of length n over GF(q) is a BCH code of designed distance δ if,
for some integer b ≥ 0,

g(x) = l.c.m M (b) (x), M (b+1) (x), . . . , M (b+δ−2) (x) .


(6.1)

i.e., g(x) is the lowest degree monic polynomial over GF(q) having αb , αb+1 , . . . , αb+δ−2 as
zeros. Therefore,

c is in the code iff c(αb ) = c(αb+1 ) = · · · = c(αb+δ−2 ) = 0. (18)

Thus the code has a string of δ − 1 consecutive powers of α as zeros. From Theorem 10 we
deduce that the minimum distance is greater than or equal to the designed distance δ.
Equation (18) also shows that a parity check matrix for the code is
 
b 2b (n−1)b
1 α α ··· α
 
1 αb+1 α2(b+1) ··· (n−1)(b+1)

α


H=
 .. .. .. ... ..
. (19)
. . . .


 
1 αb+δ−2 ··· · · · α(n−1)(b+δ−2)

where each entry is replaced by the corresponding column of m elements from GF(q).
After this replacement the rows of the resulting matrix over GF(q) are the parity checks satis-
fied by the code. There are m(δ − 1) of these, but they need not all be linearly independent.
Thus the dimension of the code is at least n − m(δ − 1). For a second proof, deg M (i) (x) ⩽ m,
hence deg g(x) = n − dimension of code ⩽ m(δ − 1).

36
Theorem 11. A BCH code over GF(q) of length n and designed distance δ has minimum
distance d ⩾ δ, and dimension ⩾ n − m(δ − 1)

Proof. Let us consider a narrow-sense BCH code of length n over the finite field GF(q), with
designed distance δ, and generated by a generator polynomial g(x). Assume that:

• n divides q m − 1 for some minimal m, so the code is cyclic.

• Let α be a primitive n-th root of unity in GF(q m ).

• The BCH code is defined so that g(x) is the least common multiple of the minimal
polynomials of αb , αb+1 , . . . , αb+δ−2 , usually with b = 1.

1. Minimum distance ≥ δ
The code is constructed such that every codeword c(x) satisfies:

c(αb ) = c(αb+1 ) = · · · = c(αb+δ−2 ) = 0

This means that each codeword has at least δ − 1 consecutive powers of α as roots. A
classical result from the BCH bound states that: If a codeword polynomial c(x) has at
least δ − 1 consecutive roots αb , αb+1 , . . . , αb+δ−2 , then its Hamming weight is at least δ.
Therefore, all nonzero codewords have Hamming weight ≥ δ, and thus:

d≥δ

2. Dimension ≥ n − m(δ − 1)
We now analyze the degree of the generator polynomial g(x):

• g(x) is the least common multiple of the minimal polynomials of αb , αb+1 , . . . , αb+δ−2 .

• Each minimal polynomial has degree at most m, the degree of the extension
GF(q m ) over GF(q).

• Since some αi may share the same minimal polynomial, the total number of distinct
minimal polynomials is at most δ − 1.

• Therefore, the degree of g(x) satisfies:

deg(g(x)) ≤ m(δ − 1)

37
 The dimension k of a cyclic code is given by:

k = n − deg(g(x))

Hence,
k ≥ n − m(δ − 1)

3. Conclusion
Therefore, a BCH code over GF(q) of length n and designed distance δ has minimum
distance at least δ, and dimension at least n − m(δ − 1).

The dimension will be greater than this if some of the rows of the GF(q) version of H are
linearly dependent, or (equivalently) if the degree of the RHS of (6.1) is less than m(S - 1).
Examples of this are given below. A generator matrix and an alternative form for the parity
check matrix are given by Equations (1) and (9) respectively.

Remark.

(1) If b = 1 these are sometimes called narrow sense BCH codes. If n = q m − 1 they are
called primitive, for then α is a primitive element of the field GF (q m ) (and not merely a
primitive nth root of unity).
If some αi is a zero of the code then so are all αl , for l in the cyclotomic coset Ci . Since
the cyclotomic cosets are smallest if n = q m − 1, this is the most important case.

(2) If b is fixed, BCH codes are nested. I.e., the code of designed distance δ1 contains the
code of designed distance δ2 iff δ1 ≤ δ2 .

(3) In general the dual of a BCH code is not a BCH code.

6.2 Binary BCH codes

When q = 2, by property (M6) of Ch. 4,

M (2i) (x) = M (i) (x),

and so the degree of g(x) can be reduced. For example if b = 1 we may always assume that
the designed distance δ is odd. For the codes with designed distance 2t and 2t + 1 coincide

38
– both have

g(x) = l.c.m.{M (1) (x), M (3) (x), . . . , M (α−1) (x)} (6.2)

Thus deg g(x) ≤ mt, and the dimension of the code is ≥ n − mt. The parity check matrix is
 
2 n−1
1 α α ··· α
 
1 α 3 α6 ··· 3(n−1)

α


H = .

.. .. ... ..
,
 .. . . .


 
1 α2t−1 · · · · · · α(2t−1)(n−1)

where each entry is replaced by the corresponding binary m-tuple. Of course the second col-
umn of H need only contain α, αi , αi2 , . . . where 1, i1 , i2 , . . . are in different cyclotomic cosets.

Example 11. In table 1, table 2, and 3, we list all narrow-sense, primitive binary BCH codes
of lengths 15, 31, and 23, respectively. These BCH codes are constructed using minimal
polynomials of elements in finite fields GF(16) and GF(32).

• BCH Codes of Length 15

Let’s consider narrow-sense, primitive binary BCH codes of length n = 15 = 24 − 1 ⇒
m = 4, q = 2 and the generator polynomials are constructed from the minimal polyno-
mials of roots αi , where α is a primitive element of GF (24 )

designed generator exponents of dimension actual

distance polynomial roots of = n − deg g(x) distance
δ g(x) g(x) d

1 1 – 15 1
(1)
3 M (x) 1, 2, 4, 8 11 3
5 M (x)M (3) (x)
(1)
1–4, 6, 8, 9, 12 7 5
7 M (x)M (3) (x)M (5) (x)
(1)
1–6, 8–10, 12 5 7
9, 11, 13 M (1) M (3) M (5) M (7)
1–14 1 15
or 15 = (x15 + 1)/(x + 1)

Table 1: BCH codes of length 15.

• BCH Codes of Length 31

Similarly, for binary BCH codes of length n = 31, where q = 2, m = 5, the generator
polynomials are formed in the same way.

39
 designed generator dimension actual
distance polynomial = n − deg g(x) distance
δ g(x) d

1 1 31 1
3 M (1) 26 3
5 M (1) M (3) 21 5
7 M (1) M (3) M (5) 16 7
9 or 11 M (1) M (3) M (5) M (7) 11 11
13 or 15 M (1) M (3) M (5) M (7) M (11) 6 15
17, 19, . . . , 31 M (1) M (3) M (5) M (7) M (11) M (15) 1 31

Table 2: BCH codes of length 31.

The codes with design distances 9 and 11 are identical because they share the same
generator polynomial:

g(x) = l.c.m{M (1) (x), M (3) (x), M (5) (x), M (7) (x), M (9) (x)}

But 9 ∈ C5 , so the minimal polynomials of α9 and α5 are the same:

M (9) (x) = M (5) (x).

Thus:

g(x) = M (1) (x)M (3) (x)M (5) (x)M (7) (x)

which is also the generator polynomial of the code of designed distance 9. This exam-
ple shows that a BCH code of designed distance 6 may coincide with a BCH code of
designed distance δ ′ , where δ ′ ≥ δ. The largest such δ ′ is called the Bose distance of
the code. From the BCH bound the true minimum distance is at least equal to δ ′ , but
may be greater, as the next examples show.

• BCH Codes of Length 23

Finally, table 2 give the binary (nonprimitive) BCH codes of length n = 23. The cyclo-
tomic cosets are

C0 = {0}

C1 = {1, 2, 4, 8, 16, 9, 18, 13, 3, 6, 12}

40
 C5 = {5, 10, 20, 17, 11, 22, 21, 19, 15, 7, 14}

Since |C1 | = 11, the order of 2 modulo 23 is 11. Thus x23 + 1 splits into linear factors
over GF(211 ), and α is a primitive 23rd root of unity in GF(211 ).
Over GF(2), x23 + 1 factors into

x23 + 1 = (x + 1)M (1) (x)M (5) (x)

see Fig. 7.1, where

M (1) (x) = x11 + x7 + x6 + x5 + x + 1

M (5) (x) = x11 + x10 + x7 + x6 + x4 + x2 + 1

The BCH code with design distance δ = 5 (and b = 1) has generator polynomial:

g(x) = l.c.m{M (1) (x), M (3) (x)}

But M (1) (x) = M (3) (x). Therefore g(x) = M (1) (x), and the parity check matrix is

H = (1, α, α2 , ..., α22 )

where each entry is a binary column vector of length 11. Hence, the dimension is
k = 23 − deg(g(x)) = 12.
Table 3 shows that the Bose distance of this code is also 5. However, as we shall in
Ch.20, this BCH code is equivalent to the Golay code G23 , and has minimum distance 7.
Thus here also the minimum distance is greater than the designed distance, illustrating
the fact that the BCH bound is not tight.

designed generator dimension actual

distance polynomial = n − deg g(x) distance
δ g(x) d

1 1 23 1
3 or 5 M (1) 12 7
7, 9, . . . , 23 M (1) M (5) 1 23

Table 3: BCH codes of length 23.

41
6.3 Reversible codes

Definition 7. A code C is reversible if (c0 , c1 , ..., cn−2 , cn−1 ) ∈ C implies (cn−1 , cn−2 , ..., c1 , c0 ) ∈
C. For example {000, 110, 101, 011} is a reversible code. So is the [15, 6, 6] binary BCH code
of length 15 with g(x) = M (−1) (x)M (0) (x)M (1) (x)

exercise 8. Show that the BCH code with b = −t and designed distance δ = 2t + 2 s
reversible.

Solution.

• A binary BCH code has roots αb , αb+1 , ..., αb+δ−2

• If we choose b = −t and δ = 2t + 2, then the roots are:

α−t , α−t+1 , ..., αt

which gives a total of 2t + 1 roots.

• However, the set of roots is symmetric around 0 (modulo n) i.e.,

α−t , ..., α0 , ..., αt

which will generate a polynomial whose roots are the reciprocals of each other.

⇒ This leads to a reversible code.

7 Using a matrix over GF(q m) to define a code over GF(q)

This section studies in more detail how a matrix over the extension field GF(q m ) can be used
to define a code over the subfield (or base field) GF(q). First, assume a code is defined by
a parity check matrix H over GF(q m ). Specifically, let H = (Hij ), where Hij ∈ GF(q m ) for
1 ≤ i ≤ r, 1 ≤ j ≤ n, be an r × n matrix with rank r over GF(q m ). Then, let CH denote the
code over GF(q) consisting of all vectors a = (a1 , . . . , an ), with aj ∈ GF(q), such that

HaT = 0.

42
Another way to obtain CH is as follows. Choose a basis α1 , . . . , αm for GF(q m ) over GF(q).
Then, we write each element Hij of H in the form:

m
X
Hij = Hijl αl , where Hijl ∈ GF(q).
l=1

Define H̃ as the rm × n matrix obtained from H by replacing each element Hij with the
corresponding column vector (Hij1 , . . . , Hijm )T with entries from GF(q). Thus
 
H H121 . . . H1n1
 111 
 H112 H122 ... H1n2 
 
 
 
 ... ... ... ... 
H̃ = 



H11m H12m ... H1nm 
 
 
 ... ... ... 
 
Hr1m Hr2m ... Hrnm

Then

n
X
a ∈ CH ⇐⇒ Hij aj = 0 for i = 1, . . . , r
j=1
n
X
⇐⇒ Hijl aj = 0 for i = 1, . . . , r; l = 1, . . . , m
j=1

⇐⇒ H̃aT = 0

Thus, either H or H̃ can be used to define CH . The rank of H̃ over GF(q) is at most rm, so
CH is an [n, k ≥ n − rm] code, assuming rm ≤ n.
∗
Of course, we can also consider the code CH over GF(q m ) consisting of all vectors b =
(b1 , . . . , bn ), with bi ∈ GF(q m ), such that

HbT = 0.

∗
Then, CH is an [n, n−r] code over GF(q m ). Since GF(q) ⊂ GF(q m ), every codeword in CH also
∗ ∗
belongs to CH . In fact, CH consists of precisely those codewords of CH whose components
belong to GF(q). We denote this as:

∗
CH = CH | GF(q)

43
 ∗
and call CH a subfield subcode of CH .
In general, if C ∗ is any [n, k ∗ , d∗ ] code over GF(q m ), the subfield subcode C ∗ | GF(q) consists of
the codewords of C ∗ which have components from GF(q). Then C ∗ |GF(q) is an [n, k, d] code
with n − m(n − k ∗ ) ≤ k ≤ k ∗ and d ≥ d∗ .
For example, let C ∗ be the [7, 6, 2] BCH code over GF(23 ) with generator polynomial x + α,
where α ∈ GF(23 ) satisfies α3 + α + 1 = 0. Let C be the subfield subcode C ∗ |GF(2). The
codeword a(x) = (x + α)(x + α2 )(x + α4 ) = x3 + x + 1 is in C ∗ and hence in C. Thus C contains
the [7, 4, 3] code H3 . In fact C = H3 , since codeword has minimum distance at least 2.
The trace mapping Tm from GF(q m ) to GF(q) can be used to represent the dual code of
C ∗ | GF(q) through the dual code of C ∗ . The trace mapping is defined by

2 m−1
Tm (x) = x + xq + xq + · · · + xq , x ∈ GF(q m )

Let Tm (C ∗ ) be the code over GF(q) consisting of all distinct vectors

Tm (b) = (Tm (b1 ), . . . , Tm (bn )), with b ∈ C ∗ .

Then Tm (C ∗ ) is an [n, k, d] code over GF(q) with k ∗ ≤ k ≤ mk ∗ and d ≤ d∗ .

Theorem 12 (Delsarte). The dual code of a subfield subcode is the trace of the dual code of
the original code, or:

(C ∗ |GF(q))⊥ = Tm ((C ∗ )⊥ ) (7.1)

Proof.

(i) Tm ((C ∗ )⊥ ) ⊂ (C ∗ |GF(q))⊥ .

To prove this, if a ∈ LHS (Left Hand Side), we must show that a·c = 0 for all c ∈ C ∗ |GF(q).
Indeed, let a = (Tm (b1 ), . . . , Tm (bn )) with b ∈ (C ∗ )⊥ . Therefore,

n
X n
X
a·c= ai c i = Tm (bi )ci .
i=1 i=1

Since ci ∈ GF(q), Tm (bi )ci = Tm (bi ci ). Thus,

n
!
X
a · c = Tm bi c i = Tm (b · c).
i=1

44
 Since b ∈ (C ∗ )⊥ and c ∈ C ∗ |GF(q) ⊂ C ∗ , then b · c = 0. So, a · c = Tm (0) = 0.

(ii) (C ∗ |GF(q))⊥ ⊂ Tm ((C ∗ )⊥ ), or equivalently

(Tm ((C ∗ )⊥ ))⊥ ⊂ C ∗ |GF(q) (7.2)

To prove (7.2), if a ∈ LHS, we must show that a ∈ C ∗ . By definition of the dual code,
a · x = 0 for all x = (Tm (b1 ), . . . , Tm (bn )) with b ∈ (C ∗ )⊥ . If b ∈ (C ∗ )⊥ , then so is λb for
any λ ∈ GF(q m ). Therefore,

n n
! n
!
X X X
0= ai Tm (λbi ) = Tm ai λbi = Tm λ ai b i for all λ ∈ GF(q m ).
i=1 i=1 i=1

The non-degeneracy of the trace implies that if Tm (λX) = 0 for all λ ∈ GF(q m ), then
n
X
X = 0. Therefore, ai bi = 0. This means a · b = 0 for all b ∈ (C ∗ )⊥ . Thus, a ∈
i=1
((C ∗ )⊥ )⊥ = C ∗ . Since a ∈ (Tm ((C ∗ )⊥ ))⊥ , its components ai are in GF(q). As a ∈ C ∗ , it
follows that a ∈ C ∗ |GF(q). This proves (7.2). Taking duals on both sides of (7.2) yields
(Tm ((C ∗ )⊥ )) ⊃ (C ∗ |GF(q))⊥ , which is the desired inclusion for (ii).

exercise 9. Let C be an arbitrary r × r invertible matrix over GF(q m ) and let H1 = CH.
Prove that CH1 = CH i.e CH and H define the same code.

Solution. We need to prove that a vector a (with components from GF(q)) satisfies HaT = 0
if and only if it satisfies (CH)aT = 0.
Forward direction: Assume HaT = 0. Then (CH)aT = C(HaT ) = C · 0 = 0. Thus, if a ∈ CH
then a ∈ CH1 .
Reverse direction: Assume (CH)aT = 0. Since C is invertible, C−1 ((CH)aT ) = C−1 · 0. So,
(C−1 C)HaT = 0, which implies I · HaT = 0, hence HaT = 0. Thus, if a ∈ CH1 then a ∈ CH .
Since both directions hold, CH1 = CH .

8 Encoding cyclic codes

In this section two encoding circuits are described which can be used for any cyclic code. We
illustrate the technique by two examples.

45
Example 12. Two encoder circuits are presented here that can be used to encode any cyclic
code. This is illustrated with two examples:

(E1) The Hamming code [15, 11, 3], denoted H4 , with generator polynomial:

g(x) = x4 + x + 1

(E2) A double-error-correcting BCH code [15, 7, 5] with generator polynomial:

g(x) = (x4 + x + 1)(x4 + x3 + x2 + x + 1) = x8 + x7 + x6 + x4 + 1

Assume that the message u = u0 , u1 , . . . , u10 is encoded by code (E1), and the corresponding
codeword is

c = c0 , . . . , c3 , c4 , . . . , c14
| {z } | {z }
check symbols message symbols

See Figure 2

Figure 2

Encoder 1.

The first encoder requires degg(x) delay elements. c is in the code iff the polynomial c(x) is
divisible by g(x) = x4 + x + 1. So we must choose c0 , . . . , c3 to make this happen. One way to
do this is to divide

c′ (x) = c14 x14 + c13 x13 + · · · + c4 x4

by x4 + x + 1, giving a remainder r(x) = r3 x3 + · · · + r0 . Then set ci = ri (i = 0, . . . , 3) for

c(x) = c′ (x) + r(x) is divisible x4 + x + 1.
To implement this, a circuit is needed which divides by x4 + x + 1. A simple example will show

46
how to construct such a circuit. Suppose we divide

x9 + x8 + x5 + x4 by x4 + x + 1,

using detached coefficients. (I.e we write 10011 instead of x4 + x + 1, etc)

110110 = quotient

10011)1100110000 = dividend

10011

10101

10011

01100

00000

11000

10011

10110

10011

01010

00000

1010 = remainder

The quotient is x5 + x4 + x2 + x and the remainder r(x) is x3 + x.

Therefore the circuit shown in Fig. 7.6 performs the same calculation

Figure 3: A circuit to divide by x4 + x + 1

Division Circuit Logic:

• qk = FF3c ; FF0n = dk ⊕ qk

• FF1n = FF0c ⊕ qk FF2n = FF1c

47
 • FF3n = FF2c Quotient = FF3c

To easily know Figure 3’s activity then we transform its to following table

Quotient
FF3c FF0n FF1n FF2n FF3n FFS
CK dk FF0c FF1c FF2c Output
(qk ) (dk ⊕ qk ) (FF0c ⊕ qk ) (FF1c ) (FF2c ) (0,1,2,3)
(qk )
after CK

0 - 0 0 0 0 - - - - - (0,0,0,0)
1 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
2 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
3 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
4 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
5 1 0 0 0 0 1 0 0 0 0 (1,0,0,0)
6 1 1 0 0 0 1 1 0 0 0 (1,1,0,0)
7 0 1 1 0 0 0 1 1 0 0 (0,1,1,0)
8 0 0 1 1 0 0 0 1 1 0 (0,0,1,1)
9 1 0 0 1 1 0 1 0 1 1 (0,1,0,1)
10 1 0 1 0 1 0 1 1 0 1 (0,1,1,0)
2
End of Dividend Input. FFS shows Remainder: (0,1,1,0) → x + x

Table 4: Simulation of Division Circuit in Figure 3

where

• CK: Clock Cycle.

• dk : Input Dividend bit for the current clock cycle.

• FFxc : Current value of Flip-Flop x (FF0, FF1, FF2, or FF3) before the current clock pulse (square).

• FFxn : Value to be loaded into Flip-Flop x after the current clock pulse and calculations (square).

• qk (in FF3c col.): Quotient bit for cycle k, value of FF3c . This is also the QUOTIENT Output for the current
cycle.

• FFS (0,1,2,3): State of (FF0, FF1, FF2, FF3) after CK. This will be the remainder after all dividend bits
are processed.

• All Flip-Flops are initialized to 0.

The remainder (0101 = x + x3 ) is what is left in the register when the dividend has been completely fed in.
So our first attempt at encoding is: Feed in dividend (message symbols followed by zeros)

F eed
c4 , c5 , . . . , c14 −−−→ 0000c4 , c5 , . . . , c14
| {z } | {z }
c′ c

48
The remainder when all 15 have been fed in is

c0 c1 c2 c3

A circuit to do this is shown in Fig. 7.7

Figure 4: Preliminary version of encoder 1.

Division Circuit Logic with Switches

• 1. Internal Feedback Signal

– The feedback signal qk is taken from the current state of the last flip-flop:

qk = FF3c

• 2. Input Switch Logic (effective input) The actual input to the combinational logic depends on the
input switch Sin :

– If Sin = A (Message Input Mode):

effective input = dk

– If Sin = B (Flush/Parity Mode, inputting zeros):

effective input = 0

• 3. Register Update Equations (Next State Logic)

The next state of each flip-flop is determined as follows:

FF0n = effective input ⊕ qk = effective input ⊕ FF3c

FF1n = FF0c ⊕ qk = FF0c ⊕ FF3c

FF2n = FF1c

FF3n = FF2c

49
 • 4. Output Switch Logic (Channel Out)
The final output sent to the channel depends on the output switch Sout :

– If Sout = A (Systematic Output of (switched) input):

Channel Out = effective input

– If Sout = B (Parity from last FF):

Channel Out = FF3c

– If Sout = C (Alternative Parity/Internal Tap):

Channel Out = FF0c ⊕ FF1c

where

• dk be the incoming message bit.

• FF0c , FF1c , FF2c , FF3c be the current states of the flip-flops.

• FF0n , FF1n , FF2n , FF3n be the next states of the flip-flops.

• Sin be the input switch state (A or B).

• Sout be the output switch state (A, B, or C).

Similarly, from Figure 4, we collect following table

CK SW dk FF0c FF1c FF2c FF3c FF0n FF1n FF2n FF3n Ch. Out FFS
(qk ) (dk ⊕ qk ) (FF0c ⊕ qk ) (FF1c ) (FF2c ) (0,1,2,3)

0 - - 0 0 0 0 - - - - - (0,0,0,0)
STAGE A (11 cycles): Message M = (0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1)
1 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
2 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
3 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
4 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
5 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
6 A 1 0 0 0 0 1 0 0 0 1 (1,0,0,0)
7 A 1 1 0 0 0 1 1 0 0 1 (1,1,0,0)
8 A 0 1 1 0 0 0 1 1 0 0 (0,1,1,0)
9 A 0 0 1 1 0 0 0 1 1 0 (0,0,1,1)
10 A 1 0 0 1 1 0 1 0 1 1 (0,1,0,1)
11 A 1 0 1 0 1 0 1 1 0 1 (0,1,1,0)
STAGE B (4 cycles): Four zero bits, channel idle. FF State from CK11 is (0,1,1,0)
12 B 0 0 1 1 0 0 0 1 1 IDLE (0,0,1,1)

50
 CK SW dk FF0c FF1c FF2c FF3c FF0n FF1n FF2n FF3n Ch. Out FFS
(qk ) (dk ⊕ qk ) (FF0c ⊕ qk ) (FF1c ) (FF2c ) (0,1,2,3)

13 B 0 0 0 1 1 1 1 0 1 IDLE (1,1,0,1)
14 B 0 1 1 0 1 1 0 1 0 IDLE (1,0,1,0)
(0,1,0,1)
15 B 0 1 0 1 0 0 1 0 1 IDLE
(c3 , c2 , c1 , c0 )
STAGE C (4 cycles): Check bits. Remainder is (0,1,0,1)
16 C - 0 1 0 1 - - - - c0 = 1 (0,1,0,1)
17 C - 0 1 0 1 - - - - c1 = 0 (0,1,0,1)
18 C - 0 1 0 1 - - - - c2 = 1 (0,1,0,1)
19 C - 0 1 0 1 - - - - c3 = 0 (0,1,0,1)

Table 5: Simulation of Fig. 4

The switches have three positions: at A for 11 clock cycles, during which time the message
is fed into the channel and into the register: at B for 4 cycles, while 4 zeros enter the register;
and at C for 4 cycles. while the remainder enters the channel.
The disadvantage of this scheme is obvious: the channel is idle while the switches are at B.

To overcome this difficulty, we feed the message into the right-hand end of the shift register.
This has the effect of premultiplying the symbols by x4 as they come in. So instead of the
divisor circuit of Fig. 7.6 we use that of Fig. 7.8.

Figure 5: Division circuit with premultiplication by x4 .

Division Circuit Logic :

• qk = FF3c ; FF0n = dk ⊕ qk

• FF1n =FF0c ⊕ qk FF2n = FF1c

• FF3n = FF2c Quotient = FF3c

51
We also have the simulation table for Figure 6

Quotient
CK dk FF0c FF1c FF2c FF3c FF0n FF1n FF2n FF3n FF State
Output
(qk ) (dk ⊕ qk ) (FF0c ⊕ qk ) (FF1c ) (FF2c ) (FF0,..,FF3)
(qk )

0 - 0 0 0 0 - - - - - (0,0,0,0)
1 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
2 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
3 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
4 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
5 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
6 1 0 0 0 0 1 0 0 0 0 (1,0,0,0)
7 1 1 0 0 0 1 1 0 0 0 (1,1,0,0)
8 0 1 1 0 0 0 1 1 0 0 (0,1,1,0)
9 0 0 1 1 0 0 0 1 1 0 (0,0,1,1)
10 1 0 0 1 1 0 1 0 0 1 (0,1,0,0)
11 1 0 1 0 1 0 1 1 0 1 (0,1,1,0)
End of Message Input. Remainder in Registers: (0,1,1,0). Quotient: 00000000011

Table 6: Simulation of Division Circuit in Figure 7.8

The remainder is now available in the register as soon as c4 has been fed in. The final encoder
is shown in Fig. 6. The switches are at A for 11 cycles, and B for 4 cycles.

Figure 6: Final version of encoder 1.

Simulation Table for Figure 7.9 Encoder Message M = (c14 , . . . , c4 ) = (0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1).

52
 FF3c FF0n FF1n FF2n FF3n FF State
CK SW dk FF0c FF1c FF2c Ch. Out
(qk ) (dk ⊕ qk ) (FF0c ⊕ qk ) (FF1c ) (FF2c ⊕ qk ) (FF0,..,FF3)

0 - - 0 0 0 0 - - - - - (0,0,0,0)
STAGE A (11 cycles): Message M = (0, 0, 0, 0, 0, 1, 1, 0, 0, 1, 1)
1 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
2 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
3 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
4 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
5 A 0 0 0 0 0 0 0 0 0 0 (0,0,0,0)
6 A 1 0 0 0 0 1 0 0 0 1 (1,0,0,0)
7 A 1 1 0 0 0 1 1 0 0 1 (1,1,0,0)
8 A 0 1 1 0 0 0 1 1 0 0 (0,1,1,0)
9 A 0 0 1 1 0 0 0 1 1 0 (0,0,1,1)
10 A 1 0 0 1 1 0 1 0 0 1 (0,1,0,0)
11 A 1 0 1 0 0 1 0 1 0 1 (1,0,1,0)
STAGE B (4 cycles): Remainder out. FF State after CK11 is (1,0,1,0) → (c3 , c2 , c1 , c0 ) = (1, 0, 1, 0)
12 B - 1 0 1 0 - - - - 0 (c0 ) (1,0,1,0)
13 B - 1 0 1 0 - - - - 1 (c1 ) (1,0,1,0)
14 B - 1 0 1 0 - - - - 0 (c2 ) (1,0,1,0)
15 B - 1 0 1 0 - - - - 1 (c3 ) (1,0,1,0)

Table 7: Simulation of Fig. 7.9 Encoder (Final Version of Encoder #1)

It is clear that a similar encoder will work for any cyclic code, and requires degg(x) delay
elements in the shift register. Figure 7.10 shows the encoder

Figure 7: Encoder 1 for a BCH code.

So that it’s easy to understand, I provide simulation Table for Figure 7.

We take the message M = (m6 , m5 , m4 , m3 , m2 , m1 , m0 ) = (1, 0, 1, 1, 0, 1, 0).

53
Generator g(x) = x8 + x7 + x6 + x4 + 1.
Division Circuit Logic (interpreted from Fig. 7):

• Input bit dk ; Feedback qk = FF7c

• FF0n = dk ⊕ qk ; FF1n = FF0c ; FF2n = FF1c ; FF3n = FF2c ;

• FF4n = FF3c ⊕ qk ; FF5n = FF4c ; FF6n = FF5c ⊕ qk ; FF7n = FF6c ⊕ qk .

54
 CK SW dk FF0c FF1c FF2c FF3c FF4c FF5c FF6c FF7c FF0n FF1n FF2n FF3n FF4n FF5n FF6n FF7n Ch. FF State (0..7)
(qk ) (dk ⊕qk ) (FF0c ) (FF1c ) (FF2c ) (FF3c ⊕qk ) (FF4c ) (FF5c ⊕qk ) (FF6c ⊕qk ) Out

0 - - 0 0 0 0 0 0 0 0 - - - - - - - - - (00000000)
STAGE A (7 cycles): Message M = (1, 0, 1, 1, 0, 1, 0)
1 A 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 (10000000)
2 A 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 (01000000)
3 A 1 0 1 0 0 0 0 0 0 1 0 1 0 0 0 0 0 1 (10100000)
4 A 1 1 0 1 0 0 0 0 0 1 1 0 1 0 0 0 0 1 (11010000)
5 A 0 1 1 0 1 0 0 0 0 0 1 1 0 1 0 0 0 0 (01101000)
6 A 1 0 1 1 0 1 0 0 0 1 0 1 1 0 1 0 0 1 (10110100)

55
7 A 0 1 0 1 1 0 1 0 0 0 1 0 1 1 0 1 0 0 (01011010)
STAGE B (8 cycles): Remainder out. FF State after CK7 is (01011010) → (c7 ..c0 )
8 B - 0 1 0 1 1 0 1 0 - - - - - - - - 0(c0 ) (01011010)
9 B - 0 1 0 1 1 0 1 0 - - - - - - - - 1(c1 ) (01011010)
10 B - 0 1 0 1 1 0 1 0 - - - - - - - - 0(c2 ) (01011010)
11 B - 0 1 0 1 1 0 1 0 - - - - - - - - 1(c3 ) (01011010)
12 B - 0 1 0 1 1 0 1 0 - - - - - - - - 1(c4 ) (01011010)
13 B - 0 1 0 1 1 0 1 0 - - - - - - - - 0(c5 ) (01011010)
14 B - 0 1 0 1 1 0 1 0 - - - - - - - - 1(c6 ) (01011010)
15 B - 0 1 0 1 1 0 1 0 - - - - - - - - 0(c7 ) (01011010)

Table 8: Simulation of Fig. 7.10 Encoder

Encoder 2. The second encoder requires deg h(x) delay elements. We saw above that the
check symbols are defined by Equations (11).
For example (E2),

h(x) = (x15 + 1)/g(x) = (x + 1)(x2 + x + 1)(x4 + x3 + 1) = x7 + x6 + x4 + 1

So the codeword satisfies

c7 + c8 + c10 + c14 = 0.

c6 + c7 + c9 + c13 = 0,

...

If c14 , . . . , c8 are the message symbols, this defines the check symbols c7 , c6 , . . . , c0 . Figure
7.11, shows the encoder to do this. The switch is

Figure 8: Encoder 2 for a BCH code.

Message M = (c14 , . . . , c8 ) = (m6 , m5 , m4 , m3 , m2 , m1 , m0 ) = (1, 0, 1, 1, 0, 1, 0).

This encoder uses k = 7 registers.

• Logic for generated bit pk : pk = dk ⊕ FF1c ⊕ FF5c .

• FF Update: FF0n = pk ; FF(i)n = FF(i-1)c for i = 1..6.

56
 CK SW dk FF0c FF1c FF2c FF3c FF4c FF5c FF6c pk (calc.) FF0n FF1n FF2n FF3n FF4n FF5n FF6n Ch. FF State (0..6)
(dk ⊕FF1c ⊕FF5c ) (pk ) Out

0 - - 0 0 0 0 0 0 0 - - - - - - - - - (0000000)
STAGE A (7 cycles): Message M = (c14 , .., c8 ) = (1, 0, 1, 1, 0, 1, 0)
1 A 1 0 0 0 0 0 0 0 1⊕0⊕0 = 1 1 0 0 0 0 0 0 1 (1000000)
2 A 0 1 0 0 0 0 0 0 0⊕0⊕0 = 0 0 1 0 0 0 0 0 0 (0100000)
3 A 1 0 1 0 0 0 0 0 1⊕1⊕0 = 0 0 0 1 0 0 0 0 1 (0010000)
4 A 1 0 0 1 0 0 0 0 1⊕0⊕0 = 1 1 0 0 1 0 0 0 1 (1001000)
5 A 0 1 0 0 1 0 0 0 0⊕0⊕0 = 0 0 1 0 0 1 0 0 0 (0100100)
6 A 1 0 1 0 0 1 0 0 1⊕1⊕0 = 0 0 0 1 0 0 1 0 1 (0010010)

57
7 A 0 0 0 1 0 0 1 0 0⊕0⊕1 = 1 1 0 0 1 0 0 1 0 (1001001)
STAGE B (8 cycles): Check bits c7 , . . . , c0 out. c7 = pk from CK7 = 1. FF State from CK7 is (1001001)
0⊕0⊕0 = 0
8 B - 1 0 0 1 0 0 1 0 1 0 0 1 0 0 1(c7 ) (0100100)
(p8 →c6 )
0⊕1⊕0 = 1
9 B - 0 1 0 0 1 0 0 1 0 1 0 0 1 0 0(c6 ) (1010010)
(p9 →c5 )
(... CK10 to CK15: c5 to c0 are generated and outputted based on full h(x) logic ...)
(Final FF
15 B - ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... c0
state)

Table 9: Simulation of Fig. 7.11 Encoder (Stage A and c7 calculation - Clarified FF0n)
at A for 7 cycles, at B for 8 cycles. The circuit is shown immediately after the last message
symbol c8 , has been fed in, and the first check symbol

c7 = c8 + c10 + c14

is being calculated.
Clearly Encoder 2 will work for any cyclic code, and requires degh(x) = n − degg(x) delay
elements. Often one chooses that encoder having smaller number of delay elements

58
 Part II

Exercise

59
Problem 1. Let C be a linear code with parity check matrix H. Prove that the following
statements are equivalent:

a. The minimum distance of C is d.

b. Some d columns of H are linearly dependent. But any d − 1 columns of H are

linearly independent.

Answer

Let the columns of H be c1 , . . . , cn , that is, H = [c1 , . . . , cn ]. Then x ∈ C, with x = x1 · · · xn , if

and only if HxT = 0; that is,

x1 c1 + · · · + xn cn = 0.

Now, x has weight d − 1 ⇐⇒ ∃j1 , . . . , jd−1 ∈ N such that xj1 , . . . , xjd−1 ̸= 0 and all other
xj = 0 ⇐⇒ xj1 cj1 + · · · + xjd−1 cjd−1 = 0. Hence there exists no word of weight d − 1 if and
only if every d − 1 columns are linearly independent.

Similarly x is a word of weight d if and only if there exists i1 , . . . , id ∈ N such that xi1 , . . . , xid ̸= 0
and all other xi = 0; this occurs if and only if xi1 ci1 + · · · + xid cid = 0.

Hence there exists a word of weight d if and only some d columns are linearly dependent.

60
Problem 2. Let g(x) = x + x3 ∈ R4 . Find the ideal generated by g(x) and the correspond-
ing cyclic code.

Answer

Over the field F2 , notice that 1 = −1. We factor x4 − 1 by first writing x4 − 1 = (x2 − 1)(x2 + 1)
over any field. In characteristic 2, x2 − 1 = (x − 1)2 = (x + 1)2 and x2 + 1 = (x + 1)2 as well,
since (x + 1)2 = x2 + 2x + 1 = x2 + 1 in F2 . Hence,

x4 − 1 = (x2 − 1)(x2 + 1) = (x + 1)2 (x + 1)2 = (x + 1)4 (8.1)

All four roots of x4 − 1 lie in F2 (namely x = 1 is a repeated root of multiplicity 4).

In the quotient ring F2 [x]/(x4 −1), the ideal (g(x)) is generated by the polynomial g(x) = x3 +x.
However, for a cyclic code of length 4, the actual generator polynomial must divide x4 − 1. To
find the generator, we compute

gcd(g(x), x4 − 1) = gcd(x3 + x, x4 − 1) over F2 .

Performing the Euclidean algorithm (or by simple factor checking), one finds

gcd(x3 + x, x4 − 1) = x2 + 1.

Indeed, x2 + 1 divides x4 − 1 (since x4 − 1 = (x2 + 1)2 in F2 ) and also x3 + x = x(x2 + 1).

So the ideal is < g(x) >=< x2 + 1 >.
The cyclic code C of length 4 corresponding to the ideal ⟨g(x)⟩ consists of all multiples of
the generator polynomial x2 + 1 in F2 [x]/(x4 − 1). Concretely, any codeword polynomial is
f (x) · (x2 + 1) taken modulo x4 − 1. Since deg(f ) can be at most 4 − 2 − 1 = 1, there are 22 = 4
possible choices for f (x). The set of codewords (in polynomial form) is:

• 0 (choosing f (x) = 0),

• x3 + x (for f (x) = x; here x · (x2 + 1) = x3 + x),

• x2 + 1 (for f (x) = 1; here 1 · (x2 + 1) = x2 + 1),

• x3 + x2 + x + 1 (for f (x) = x + 1; since (x + 1)(x2 + 1) = x3 + x2 + x + 1 mod 2).

61
In vector (bit) form of length 4 (with coefficient of x3 , x2 , x1 , x0 ), these codewords are
{0000, 1010, 0101, 1111}. Equivalently,

C = {0, x3 + x, x2 + 1, x3 + x2 + x + 1}.

Finally, the dimension k of this [4, k]-cyclic code is given by k = n − deg(gcode ). Here n = 4
and deg(x2 + 1) = 2, so
k =4−2=2 (dimension of C).

This matches the general result that a cyclic code with generator polynomial of degree 2 in
length 4 has dimension 2.

62
Bibliography

[1] F.J. MacWilliams N.J.A. Sloane , “The Theory of Error-Correcting Codes ”, Bell Labora-
tories, Murray Hill, NJ 07974, U. S. A.

63