c 2013 Society for Industrial and Applied Mathematics

Transcription

1 SIAM J. DISCRETE MATH. Vol. 27, No. 4, pp c 2013 Society for Industrial and Applied Mathematics CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS CUNSHENG DING Abstract. Cyclic codes are a subclass of linear codes and have applications in consumer electronics, data storage systems, and communication systems as they have efficient encoding and decoding algorithms. In this paper, some monomials and trinomials over finite fields are employed to construct a number of families of cyclic codes. Lower bounds on the minimum weight of some families of the cyclic codes are developed. The minimum weights of other families of the codes constructed in this paper are determined. The dimensions of the codes are flexible. Many of the codes presented in this paper are optimal or almost optimal in the sense that they meet some bounds on linear codes. Open problems regarding cyclic codes from monomials and trinomials are also presented. Key words. polynomials, permutation polynomials, cyclic codes, linear span, sequences AMS subject classifications. 94B15, 94B05, 05B50 DOI / Introduction. Let q beapowerofaprimep. A linear [n, k, d] codeover GF(q) isak-dimensional subspace of GF(q) n with minimum (Hamming) nonzero weight d. A linear [n, k] codec over the finite field GF(q) is called cyclic if (c 0,c 1,..., c n 1 ) Cimplies (c n 1,c 0,c 1,...,c n 2 ) C. Let gcd(n, q) = 1. By identifying any vector (c 0,c 1,...,c n 1 ) GF(q) n with c 0 + c 1 x + c 2 x c n 1 x n 1 GF(q)[x]/(x n 1), any code C of length n over GF(q) corresponds to a subset of GF(q)[x]/(x n 1). The linear code C is cyclic if and only if the corresponding subset in GF(q)[x]/(x n 1) is an ideal of the ring GF(q)[x]/(x n 1). It is well known that every ideal of GF(q)[x]/(x n 1) is principal. Let C =(g(x)) be a cyclic code, where g(x) has the smallest degree. Then g(x) is called a generator polynomial and h(x) =(x n 1)/g(x) is referred to as a parity-check polynomial of C. A vector (c 0,c 1,...,c n 1 ) GF(q) n is said to be even-like if n 1 i=0 c i =0,and is odd-like otherwise. The minimum weight of the even-like codewords, respectively, the odd-like codewords, of a code is the minimum even-like weight, denoted by d even, respectively, the minimum odd-like weight of the code, denoted by d odd.theeven-like subcode of a linear code consists of all the even-like codewords of this linear code. The error correcting capability of cyclic codes may not be as good as some other linear codes in general. However, cyclic codes have wide applications in storage and communication systems because they have efficient encoding and decoding algorithms. For example, Reed Solomon codes have found important applications from deep-space communication to consumer electronics. They are prominently used in consumer electronics such as CDs, DVDs, Blu-ray Discs, in data transmission technologies such as DSL and WiMAX, in broadcast systems such as DVB and ATSC, and in computer applications such as RAID 6 systems. Received by the editors June 25, 2012; accepted for publication (in revised form) August 13, 2013; published electronically November 21, This project is supported by the Hong Kong Research Grants Council under Project Number Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Kowloon, Hong Kong (cding@ust.hk). 1977

2 1978 CUNSHENG DING Cyclic codes have been studied for decades and a lot of progress has been made (see, for example, [2, 4, 5, 7, 9, 10, 11, 12, 13, 14, 18, 17, 21, 20, 22, 23, 24, 26]). The total number of cyclic codes over GF(q) and their constructions are closely related to cyclotomic cosets modulo n, and thus many areas of number theory. One way of constructing cyclic codes over GF(q) with length n is to use the generator polynomial x n (1.1) 1 gcd(s n (x),x n 1), where S n (x) = n 1 i=0 s ix i GF(q)[x] ands =(s i ) i=0 is a sequence of period n over GF(q). Throughout this paper, we call the cyclic code C s with the generator polynomial of (1.1) the code defined by the sequence s, and the sequence s the defining sequence of the cyclic code C s. One basic question is whether good cyclic codes can be constructed with this approach. It will be demonstrated in this paper that the code C s couldbeanoptimal or almost optimal linear code if the sequence s is properly designed. In this paper, a number of monomials and trinomials over GF(q m ) will be employed to construct a number of classes of both binary and nonbinary cyclic codes. Lower bounds on the minimum weight of some classes of the cyclic codes are developed. The minimum weights of some other classes of the codes constructed in this paper are determined. The dimensions of the codes of this paper are flexible. Some of the codes obtained in this paper are optimal or almost optimal as they meet certain bounds on linear codes. A number of open problems regarding cyclic codes from monomials and trinomials are also presented in this paper. Our first motivation of this study is that the codes constructed in this paper are often optimal. Our second motivation is the simplicity of the constructions of the cyclic codes. 2. Preliminaries. In this section, we present basic notations and results of q- cyclotomic cosets and sequences that will be employed in subsequent sections Some notations fixed throughout this paper. Throughout this paper, we adopt the following notations unless otherwise stated. p is a prime, and q is a positive power of p. m is a positive integer. r = q m and n = q m 1. Z n = {0, 1, 2,...,n 1} associated with the integer addition modulo n and integer multiplication modulo n operations. α is a generator of GF(r). m a (x) is the minimal polynomial of a GF(r) overgf(q). N p (x) is a function defined by N p (i) =0ifi 0(modp) andn p (i) =1 otherwise, where i is any nonnegative integer. Tr(x) is the trace function from GF(r) togf(q). By the Database we mean the collection of the tables of best linear codes known maintained by Markus Grassl at The q-cyclotomic cosets modulo q m 1. The q-cyclotomic coset containing j modulo n is defined by C j = {j, qj, q 2 j,...,q lj 1 j} Z n, where l j is the smallest positive integer such that q lj j j (mod n),andiscalledthe size of C j. It is known that l j divides m. The smallest integer in C j is called the

3 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1979 coset leader of C j. Let Γ denote the set of all coset leaders. By definition, we have j Γ C j = Z n The linear span and minimal polynomial of sequences. Let s = (s i ) i=0 be a sequence of period L over GF(q). The polynomial c(x) =c 0 + c 1 x + + c l x l over GF(q), where c 0 = 1, is called a characteristic polynomial of s if c 0 s i = c 1 s i 1 + c 2 s i c l s i l for all i l. The characteristic polynomial with the smallest degree is called the minimal polynomial of s. The degree of the minimal polynomial is referred to as the linear span or linear complexity of s. Since we require that the constant term of any characteristic polynomial be 1, the minimal polynomial of any periodic sequence s must be unique. In addition, any characteristic polynomial must be a multiple of the minimal polynomial. For periodic sequences, there are several ways to determine their linear span and minimal polynomials. One of them is given in the following lemma [15]. Lemma 2.1. Let s be a sequence of period L over GF(q). Define S L (x) = L 1 i=0 s ix i GF(q)[x]. Then the minimal polynomial M s (x) of s is given by (2.1) x L 1 gcd(x L 1,S L (x)) and the linear span L s of s is given by L deg(gcd(x L 1,S L (x))). The other one is given in the following lemma [1]. Lemma 2.2. Any sequence s over GF(q) of period q m 1 has a unique expansion of the form s t = q m 2 i=0 c i α it for all t 0, where c i GF(q m ). Let the index set be I = {i : c i 0}, then the minimal polynomial M s (x) of s is M s (x) = i I (1 αi x), and the linear span of s is I. It should be noticed that in some references the reciprocal of M s (x) is called the minimal polynomial of the sequence s. So Lemma 2.2 is a modified version of the original one in [1]. 3. Codes defined by polynomials over finite fields GF(r) The generic construction of cyclic codes with polynomials. Given any polynomial f(x) overgf(r), we define its associated sequence s by (3.1) s i =Tr(f(α i +1)) for all i 0. The objective of this paper is to consider the codes C s defined by some monomials and trinomials over GF(r). We need to treat the cases q = 2 and q being odd separately as different techniques are needed for the two cases How to choose the polynomial f(x). Regarding the generic construction of section 3.1, the following two questions are essential. Is it possible to construct optimal cyclic codes meeting some bound on parameters of linear codes or cyclic codes with good parameters?

4 1980 CUNSHENG DING If the answer to the question above is positive, how should we select the polynomial f(x) overgf(r)? It will be demonstrated in the following that the answer to the first question above is indeed positive. However, it seems hard to answer the second one. Any method of constructing an [n, k] cyclic code over GF(q) isequivalenttothe selection of a divisor g(x) overgf(q) ofx n 1 with degree n k, which is employed as the generator polynomial of the cyclic code. The minimum weight d and other parameters of this cyclic code are determined by the generator polynomial g(x). The question is how to find out a divisor g(x) ofx n 1 that generates an optimal [n, k] cyclic code. Note that x n 1 may have many divisors of small degrees. If the construction method is not well designed, optimal cyclic codes cannot be produced. The construction of section 3.1 may produce cyclic codes with bad parameters. For example, let (q, m) =(2, 6), let α be the generator of GF(2 6 ) with α 6 + α 4 + α 3 + α + 1 = 0, and let f(x) =x e. When e {7, 14, 28, 35, 49, 56}, the binary code C s defined by the monomial f(x) has parameters [63, 45, 3]. These codes are very bad as there are binary linear codes with parameters [63, 45, 8] and binary cyclic codes with parameters [63, 57, 3]. On the other hand, the construction of section 3.1 may produce optimal cyclic codes. For example, let (q, m) =(2, 6) and let f(x) =x e.whene {1, 2, 4, 5, 8, 10, 16, 17, 20, 32, 34, 40}, the binary code C s defined by the monomial f(x) has parameters [63, 57, 3] and should be equivalent to the binary Hamming code with the same parameters. These cyclic codes are optimal with respect to the sphere packing bound. Hence, a monomial may give good or bad cyclic codes within the framework of the construction of section 3.1. Now the question is how to choose a monomial f(x) over GF(r) so that the cyclic code C s defined by f(x) has good parameters. In this paper, we employ monomials and tronomials f(x) overgf(r) thatare either permutations on GF(r) or such that f(gf(r)) is very close to r. Most of the monomials and trinomials f(x) employed in this paper are either almost perfect nonlinear or planar functions on GF(r). A polynomial f(x) overgf(r) is called almost perfect nonlinear (APN) if max max a GF(r) b GF(r) and is referred to as perfect nonlinear or planar if max max a GF(r) b GF(r) {x GF(r) :f(x + a) f(x) =b} =2, {x GF(r) :f(x + a) f(x) =b} =1. It is unnecessary to require that f(x) be highly nonlinear, to obtain cyclic codes C s with good parameters. Both linear and highly nonlinear polynomials f(x) could give optimal cyclic codes C s when they are plugged into the generic construction of section Binary cyclic codes from the permutation monomial f(x) =x r 2 over GF(2 m ). In this section, we study the code C s defined by the the monomial f(x) =x r 2 over GF(2 m ). To this end, we need to prove the following lemma. Let ρ i denote the total number of even integers in the 2-cyclotomic coset C i.we then define ν i = mρ i (4.1) mod 2 l i for each i Γ, where l i = C i.

5 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1981 Lemma 4.1. Let s be the sequence of (3.1), where f(x) =x 2m 2. Then the linear span L s of s is equal to (n +1)/2 and the minimal polynomial M s (x) of s is given by (4.2) M s (x) = m α j (x). j Γ,ν j =1 Proof. The linear span of this sequence was already determined in [25]. Below we prove only the conclusion on the minimal polynomial of this sequence. It was proved in [25] that (4.3) s t =Tr 2 m 1 1 α 2it i=0 = j Γ l j 1 u=0 ( m 1 α jt2u where { 1 if (j 2 (4.4) f j,i = m i mod n) mod2=0, 0 otherwise. (4.5) It then follows from (4.1), (4.4), and (4.3) that s t = ν j (α t ) i. j Γ i C j i=0 ) f j,i, The desired conclusion on the minimal polynomial M s (x) then follows from Lemma 2.2 and (4.5). The following theorem provides information on the code C s and its dual. Theorem 4.2. The binary code C s defined by the sequence of Lemma 4.1 has parameters [2 m 1, 2 m 1 1,d] and generator polynomial M s (x) of (4.2). If m is odd, the minimum distance d of C s is even and satisfies d 2 d +1 n, andthedualcodec s has parameters [2 m 1, 2 m 1,d ],whered satisfies that (d ) 2 d +1 n. Proof. The dimensions of C s and its dual follow from Lemma 4.1 and the definitions of the codes C s and Cs. If m is odd, by Lemma 4.1, m 1 (x) =x 1 is a divisor of the generator polynomial M s (x) ofc s. Hence, all the codewords in C s have even Hamming weights, i.e., C s is an even-weight code. By definition, we have (4.6) ρ i + ρ n i 1 (mod 2) for every i {1, 2,...,n 1}. Note that m is odd. It then follows from (4.6) that ν i + ν n i 1 (mod 2) for every i {1, 2,...,n 1}. Hence, one and only one of m α i(x) andm α i(x) isadivisorofm s (x)/(x 1) for every i {1, 2,...,n 1}. LetC s denote the cyclic code with generator polynomial M s (x)/(x 1). Then C s contains C s as its even-weight subcode. Using a similar approach to the proof of the square-root bound on the minimum weight for the quadratic residue codes, one proves the desired conclusions on the minimum weights of C s and C s. Note that in Theorem 4.2, d and d may not be the smallest positive integers, satisfying the two inequalities, respectively.

6 1982 CUNSHENG DING Example 4.3. Let m =5andα be a generator of GF(2 m ) with α 5 + α 2 +1=0. Then the generator polynomial M s (x) of the code C s is (x +1)m α 3(x)m α 5(x)m α 15(x) = x 16 + x 14 + x 13 + x 10 + x 9 + x 8 + x 7 + x 6 + x 5 + x 2 + x +1 and C s is a [31, 15, 8] binary cyclic code. Its dual is a [31, 16, 7] cyclic code. Both codes are optimal according to the Database. When m is odd, the code C s has the square-root bound, although n may be a composite number. In addition, the example above shows that the actual minimum weight could be much larger than the lower bound on the minimum weight. When m is even, the code C s may not have a good minimum distance. For example, if m =4, the code C s has parameters [15, 7, 3]. So we are not interested in the case that m is even. We inform the reader that C s is a [7, 3, 4] quadratic-residue code when m =3, but not a quadratic-residue code in general. For example, the code in Example 4.3 is not a quadratic-residue code, as the binary quadratic-residue code with parameters [31, 15, 8] has generator polynomial x 16 + x 13 + x 10 + x 8 + x 4 + x 3 + x Nonbinary cyclic codes from monomials and trinomials. Throughout this section, q is a power of an odd prime p Cyclic codes from the monomial f(x) =x qκ +1,wherem/ gcd(m, κ) and q are odd. Let f(x) =x qκ +1,wherem/ gcd(m, κ) andq are odd. In this subsection we study the code C s defined by f(x). To this end, we need to prove the following lemma. Lemma 5.1. Let m be odd. Let s be the sequence of (3.1), where f(x) =x qκ +1. Then the linear span L s of s is equal to 2m + N p (m) and the minimal polynomial M s of s is given by (5.1) M s (x) =(x 1) Np(m) m α 1(x)m α (p κ +1)(x), where N p (i) =0if i 0(modp) and N p (i) =1otherwise. Proof. It is easily seen that m 1 m 1 s t =Tr((α t +1) qκ +1 )=Tr(1)+2 (α t ) qj + (α t ) (qκ +1)q (5.2) j. Since m/ gcd(m, κ) is odd, gcd(2κ, m) =gcd(κ, m). Because q is odd, gcd(q κ 1,q κ + 1) = 2. It then follows that gcd(q κ +1,q m 1) = gcd(q2κ 1,q m 1) gcd(q κ 1,q m 1) = qgcd(2κ,m) 1 q gcd(κ,m) 1 =2. Therefore, the size of the q-cyclotomic coset contating q κ +1 is m. Clearly, C 1 C qκ +1 =. The desired conclusions on the linear span and the minimal polynomial M s (x) then follow from Lemma 2.2 and (5.2). The following theorem provides information on the code C s. Theorem 5.2. The code C s defined by the sequence of Lemma 5.1 has parameters [n, n 2m N p (m),d] and generator polynomial M s (x) of (5.1), where j=0 j=0 d =4 if q =3and m 0 (mod p), 4 d 5 if q =3and m 0 (mod p), d =3 if q>3 and m 0 (mod p), 3 d 4 if q>3 and m 0 (mod p).

7 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1983 Proof. The dimension of C s follows from Lemma 5.1 and the definition of the code C s. We need to prove the conclusion on the minimum distance d of C s. The code C s of this theorem has the same weight distribution as the dual code in Theorem 15 in [7] when m 0(modp) and has the same weight distribution as the even-like subcode of the dual code in Theorem 15 in [7] when m 0(modp). This is because the generator polynomial of the code C s of this theorem and that of the dual code in Theorem 15 in [7] are reciprocals of each other when m 0(modp), and the generator polynomial of the code C s of this theorem and that of the even-like subcode of the dual code in Theorem 15 in [7] are reciprocals of each other when m 0 (mod p). The conclusions on d then follow from those on the minimum weight of the dual code in Theorem 15 in [7]. Example 5.3. Let (m, κ, q) = (3, 1, 3) and α be a generator of GF(r) with α 3 +2α +1=0. ThenC s is a [26, 20, 4] ternary code with generator polynomial M s (x) =x 6 +2x 5 +2x 4 + x 3 + x 2 +2x +1. This cyclic code is an optimal linear code according to the Database. Example 5.4. Let (m, κ, q) = (4, 4, 3) and α be a generator of GF(r) with α 4 +2α 3 +2 = 0. Then C s is a [80, 71, 5] ternary code with generator polynomial M s (x) =x 9 +2x 8 + x 7 +2x 6 + x 4 + x This cyclic code is an optimal linear code according to the Database Cyclic codes from the trinomials x 10 ux 6 u 2 x 2 over GF(3 m ). Throughout this subsection, let q = 3andletm be odd. A family of trinomials f(x) =x 10 ux 6 u 2 x 2 on GF(r) wasdescribedin[8],whereu GF(r). In this subsection we study the code C s defined by these trinomials. To this end, we need to prove the following lemma. Lemma 5.5. Let s be the sequence of (3.1), where f(x) =x 10 ux 6 u 2 x 2. Then the linear span L s of s is given by { 2m + δu if u L s = 6 + u =0, 3m + δ u otherwise, and the minimal polynomial M s (x) of s is given by { (x 1) δ u m M s (x) = α 1(x)m α 10(x) if u 6 + u =0, (x 1) δu m α 1(x)m α 2(x)m α 10(x) otherwise, where δ u =0if Tr(u 2 + u 1) = 0 and δ u =1otherwise. Proof. By definition, we have f(x +1)=x 10 + x 9 ux 6 u 2 x 2 +(1+u + u 2 )x +(1 u u 2 ). It then follows that Tr(f(x +1))=Tr ( ) x 10 (u 3m 1 + u 2 )x 2 +(u 2 + u 1)x Tr(u 2 + u 1). By definition, (5.3) ( s t =Tr (α t ) 10 (u 3m 1 + u 2 )(α t ) 2 + vα t) Tr(v), where v = u 2 + u 1. It can be easily proved that l 1 = l n 1 = l 2 = l n 2 = l 10 = l n 10 = m and that the three q-cyclotomic cosets C 1,C 2,andC 10 are pairwise disjoint.

8 1984 CUNSHENG DING (5.4) We now prove that v = u 2 + u 1 0forallu GF(r). Suppose Multiplying both sides of (5.4) by u yields (5.5) Combining (5.4) and (5.5) gives (5.6) u 2 + u 1=0. u 3 + u 2 u =0. u 3 + u +1=(u 1) 3 +(u 1) = 0. Since m is odd, 1 is not a quadratic residue in GF(r). The only solution of y 3 +y =0 is y = 0. Hence the only solution of (5.6) is u = 1. However, u = 1 is not a solution of (5.4). Hence v 0forallu. Finally u 3m 1 + u 2 = 0 if and only if u 6 + u = 0. The desired conclusions on the linear span and the minimal polynomial M s (x) then follow from Lemma 2.2, (5.3), and the conclusions on the cyclotomic cosets and their lengths. The following theorem provides information on the code C s. Theorem 5.6. The code C s defined by the sequence of Lemma 5.5 has parameters [n, n L s,d] and generator polynomial M s (x), where L s and M s (x) are given in Lemma 5.5, and 5 d 8 if u 6 + u 0and δ u =1, 4 d 6 if u 6 + u 0and δ u =0, 3 d 6 if u 6 + u =0and δ u =1, 3 d 4 if u 6 + u =0and δ u =0. Proof. The dimension of C s follows from Lemma 5.5 and the definition of the code C s. We need to prove the conclusions on the minimum distance d of C s.itisknown that the codes generated by any polynomial g(x) and its reciprocal have the same weight distribution if g(0) 0. When u 6 + u = 0, the reciprocal of M s (x) has the roots α 9 and α 10.Inthiscase d 3 by the BCH bound. The upper bounds on d follow from the sphere-packing bound. When u 6 + u 0, the reciprocal of M s (x) has the roots α i for i {1, 2, 3} and for all i {0, 1, 2, 3} if δ u = 1. The lower bounds on d then come from the BCH bound. The upper bounds on d follow from the sphere-packing bound. Remark 5.7. It is interesting to note that the dimensions of the codes defined by x 10 + x 6 x 2 and x 10 x 6 x 2 are different though both are trinomials with many common properties. Example 5.8. Let (m, q, u) = (3, 3, 1) and α be a generator of GF(r) with α 3 +2α +1=0. ThenC s is a [26, 17, 5] ternary code with generator polynomial M s (x) =x 9 + x 8 +2x 7 +2x 6 +2x 5 + x 4 + x 3 + x 2 +2x +1. This cyclic code is an optimal linear code according to the Database. Example 5.9. Let (m, q, u) =(3, 3, 1) and α be a generator of GF(r) with α 3 +2α +1=0. ThenC s is a [26, 20, 4] ternary code with generator polynomial M s (x) =x 6 +2x 5 +2x 4 + x 3 + x 2 +2x +2. This cyclic code is an optimal linear code according to the Database. Example Let (m, q, u) =(3, 3,α)andα be a generator of GF(r) with α 3 +2α +1=0. ThenC s is a [26, 16, 6] ternary code with generator polynomial M s (x) =x 10 + x 8 +2x 5 + x 2 +2x +2. This cyclic code is an optimal linear code according to the Database.

9 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS Cyclic codes from the monomial f(x) =x (qh 1)/(q 1). Let h be a positive integer satistying the following condition: (5.7) 1 h { (m 1)/2 ifm is odd and m/2 ifm is even. In this subsection, we deal with the code C s defined by the sequence s of (3.1), where f(x) =x (q)/(q 1). When h = 1, the code C s has parameters [n, n m N p (m),d], where d =3ifN p (m) =1andd =2ifN p (m) =0. Whenh = 2, the code C s become a special case of the code in section 5.1. Therefore, we assume that h 3 in this subsection. In order to study the code C s of this subsection, we need to prove a number of auxiliary results on q-cyclotomic cosets. Lemma Let h satisfy the condition of (5.7). For any (i 1,i 2,...,i t ) with 0 <i 1 <i 2 < <i t, the size l i = C j = l n i = m, wherei = q 0 + t j=1 qij. Proof. We prove the conclusion of this lemma only for the case that m is even. The conclusion for m being odd can be similarly proved. Let u be any integer with m 1 u 1. Define Δ 1 = i(q u 1), Δ 2 = i(q m u 1). Clearly Δ i 0forbothi as m 1 u 1. If u m/2, we have Δ 1 = i(q u 1) (q 0 + q m 2t 2 + q m 2t q m 2 2 )(q m 2 1) <n. On the other hand, we have obviously that Δ 1 > i > n. Hence we have Δ 1 0 (mod n) whenu m/2. If u > m/2, then m u < m/2. In this case one can similarly prove that n <Δ 2 <n.sowehaveδ 2 0(modn) whenu>m/2. Summarizing the conclusions above proves the desired conclusions for m being even. Lemma Let h satisfy the condition of (5.7). For any pair of distinct i = q 0 + t l=1 qi l and j = q 0 + t l=1 qj l with 0 <i 1 <i 2 < i t h 1 and 0 <j 1 <j 2 < j t h 1, C i C j =, i.e., i and j cannot be in the same q-cyclotomic coset modulo n. Proof. Letu be any integer with 0 u m 1. Define Δ 1 = iq u j and Δ 2 = jq m u i. Notice that i 1(modq) andj 1(modq). We have that Δ i 0forbothi as i j. Suppose that i and j were in the same cyclotomic coset. Then n would divide both Δ 1 and Δ 2. We prove the desired conclusion only for the case that m is odd. The conclusions for m being even can be similarly proved.

10 1986 CUNSHENG DING We distinguish between the following two cases. When u (m 1)/2, we have Δ 1 = iq u j (q 0 + q m 2t q m 2t q m 1 2 )q m 1 2 j<n. On the other hand, we have obviously that Δ 1 > j > n. Hence we have Δ 1 0 (mod n) whenu (m 1)/2. When u>(m 1)/2, we have m u (m 1)/2. In this case one can similarly prove that n <Δ 2 <n.in this case Δ 2 0(modn). Summarizing the conclusions of the two cases above proves the desired conclusion for m being odd. We need to do more preparation before presenting and proving the main results of this subsection. Let J t 2, and let N(J, t) denote the total number of vectors (i 1,i 2,...,i t 1 ) wth 1 i 1 <i 2 < <i t 1 <J. By definition, we have the following recursive formula: (5.8) N(J, t) = J 1 j=t 1 N(j, t 1). By definition, we have (5.9) N(J, 2) = J 1 for all J 2 and (J 1)(J 2) (5.10) N(J, 3) = 2 It then follows from (5.8), (5.9), and (5.10) that for all J 3. (5.11) J 1 N(J, 4) = N(j, 3) = j=3 J 1 j=3 (J 1)(J 2) 2 = J 3 6J 2 +11J 6. 6 By definition, we have (5.12) N(t, t) = 1 for all t 2. For convenience, we define N(J, 1) = 1 for all J 1. Lemma Let h satisfy the condition of (5.7). Let s be the sequence of (3.1), where f(x) =x (q)/(q 1). Then the linear span L s and minimal polynomial M s (x) of s are given by ( ) L s = N p (h)+ N p (h u)n(u, t) m + N p (m) and t=1 u=1 M s (x) =(x 1) Np(m) m α 1(x) Np(h) t=2 t u Np(h u)=1 1 i 1< <i t 1<u 1 u Np(h u)=1 m α (q 0 +q u )(x) mα (q0 + t 1 j=1 qi j +q u ) (x).

11 (5.13) CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1987 Proof. Define x = α t. Then we have s t =Tr ((x +1) qi) i=0 =Tr h =Tr(1)+Tr =Tr(1)+hTr(x)+Tr +Tr ( i=0 ( ) ) x qi +1 x t j=1 qi j t=1 0 i 1< i t [ h t h t+1 ] (h i 1 )x q0 +q i 1 i 1=1 t=2 i 1=1 i 2=i 1+1 i t=i t 1+1 [ =Tr(1)+hTr(x)+Tr +Tr (h i t ) t=2 i t=t (h i t )x q0 + t ] (h i 1 )x q0 +q i 1 i 1=1 x q 0 + t j=1 qi j 1 i 1< <i t 1<i t j=1 qi j The desired conclusions on the linear span and the minimal polynomial M s (x) then follow from Lemmas 2.2, 5.11, 5.12, and (5.13). The following theorem provides information on the code C s. Theorem The code C s defined by the sequence of Lemma 5.13 has parameters [n, n L s,d] and generator polynomial M s (x), wherel s and M s (x) are given in Lemma Proof. The dimension of C s follows from Lemma 5.13 and the definition of the code C s. As a corollary of Theorem 5.14, we have the following. Corollary Let h =3. The code C s of Theorem 5.14 has parameters [n, n L s,d] and generator polynomial M s (x) given by if p 3,and if p =3,where. M s (x) =(x 1) Np(m) m α 1(x)m α 1 q (x)m α 1 q 2 (x)m α 1 q q2 (x) M s (x) =(x 1) Np(m) m α 1 q(x)m α 1 q 2 (x)m α 1 q q2 (x) (5.14) In addition, L s = { 4m + Np (m) if p 3, 3m + N p (m) if p =3. 3 d 8 if p =3and N p (m) =1, 3 d 6 if p =3and N p (m) =0, 3 d 8 if p>3. Proof. We need to prove only the bounds on the minimum weight of this code. The upper bounds on d follow from the sphere-packing bound and the dimension of

12 1988 CUNSHENG DING the code. In both cases, the reciprocal of M s (x) has the roots α q+q2 and α 1+q+q2.It then follows from the BCH bound that d 3. Open Problem For the code C s of Corollary 5.15, do the following lower bounds hold? 5 when p =3and N p (m) =1, 4 when p =3and N p (m) =0, d 6 when p>3 and N p (m) =1, 5 when p>3 and N p (m) =0. Example Let (m, h, q) =(4, 3, 3) and α be a generator of GF(r) with α 4 +2α 3 +2 = 0. Then C s is a [80, 69, 5] ternary code with generator polynomial M s (x) =x 11 +2x 8 +2x 6 +2x 5 +2x 4 + x 3 +2x 2 + x +2. This is an almost optimal linear code according to the Database. The known optimal linear code has parameters [80, 69, 6] which is not cyclic. Notice that h>m/2. Hence, the parameters of this code do not agree with those of the code in Corollary In this case f(x) isa permutation. Example Let (m, h, q) =(5, 3, 3) and α be a generator of GF(r) with α 5 +2α +1=0. Then C s is a [242, 226,d] ternary code with generator polynomial M s (x) =x 16 +2x 14 +2x 12 +2x 11 + x 10 + x 9 + x 6 + x 3 +2x Notice that h>m/2. However, the parameters of this code do agree with those of the code in Corollary In this case f(x) is a permutation. Example Let (m, h, q) =(6, 3, 3) and α be a generator of GF(r) with α 6 +2α 4 + α 2 +2α +2=0. ThenC s is a [728, 710,d] ternary code with generator polynomial M s (x) =x 18 +2x 15 +2x 14 +2x 13 +2x 11 + x 10 +2x 9 + x 8 + x 6 +2x 4 + x 3 + x Notice that h = m/2. Hence, the parameters of this code agree with those of the code in Corollary In this case f(x) is not a permutation. In fact, gcd((q h 1)/(q 1),q m 1) = Cyclic codes from the monomial f(x) =x (3h +1)/2. Throughout this subsection, let q =3,andr = q m as before. Let h be a positive integer satistying the following conditions: h is odd, gcd(m, h) =1, (5.15) { (m 1)/2 ifm is odd and 3 h m/2 ifm is even. In this subsection, we deal with the code C s defined by the sequence s of (3.1), where f(x) =x (3h +1)/2. When h = 1, the code C s becomes the code of section 5.1. Therefore, we consider the case h 3 in this subsection. The code of this subsection is related to the code of section 5.3, so we need to use some of the notations, symbols, and lemmas of section 5.3. In order to study the code C s of this subsection, we need to prove a number of auxiliary results on q-cyclotomic cosets.

13 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1989 Lemma Let h satisfy the third condition of (5.15). For any (i 1,i 2,...,i t ) with 0 <i 1 <i 2 < i t, the size l i = C j = l n i = m, wherei =2+ t j=1 3ij. In addition, l 2 = l n 2 = m. Proof. The proof of Lemma 5.11 is easily modified into a proof of this lemma. We omit the details here. Lemma Let h satisfy the third condition of (5.15). For any pair of distinct i =2+ t u=1 3iu and j =2+ t u=1 3ju with 0 <i 1 <i 2 < i t h 1 and 0 <j 1 <j 2 < j t h 1, C i C j =, i.e., i and j cannot be in the same q-cyclotomic coset modulo n. In addition, C 2 C 1 =, C 2 C 1+ t =, where1 i u=1 3iu 1 < <i t h 1, C 2 C 2+ tu=1 3 =, where1 i iu 1 < <i t h 1, C t1 2+ u=1 3 C iu 1+ t 2 u=1 3iu =, where 1 i 1 < <i t1 h 1 and 1 i 1 < <i t2 h 1. Proof. The proof of Lemma 5.12 can be modified into a proof of this lemma. We omit the details here. Lemma Let h satisfy the third condition of (5.15). Let s be the sequence of (3.1), where f(x) =x (3h +1)/2. Then the linear span L s and minimal polynomial M s (x) of s are given by and ( h ) L s = N 3 (m)+ N 3 (h i +1) m i=0 ( h ) + N(h, t)+ N 3 (h i t +1)N(i t,t) m t=2 t=2 i t=t M s (x) =(x 1) N3(m) m α 1(x) N3(h+1) m α 2(x) 1 u N 3 (h u+1)=1 m α (1+3 u )(x) t=2 t i t N 3 (h i t +1)=1 t=1 1 i 1< <i t mα (2+ t j=1 3 i j ) (x) 1 i 1< <i t 1<i t m α (1+ t j=1 3 i j ) (x), where N 3 (j) and N(j, t) were defined in sections 2.1 and 5.3 respectively. Proof. Notethat 3h +1 2 =1+ i=0 3i. Define x = α t and f h (x) =Tr ((x +1) 3i) i=0.

14 1990 CUNSHENG DING Then we have s t =Tr ((x +1) 1+ 3i) i=0 =Tr (x(x +1) 3i) i=0 + f h (x) h =Tr(x)+Tr x 1+ t j=1 3i j + f h (x) (5.16) (5.17) t=1 = f h (x)+tr(x)+tr 0 i 1< <i t [ i 1=0 x 1+3i 1 = f h (x)+tr(x)+tr(x 2 )+Tr h +Tr t=2 +Tr t=2 1 i 2< <i t 1 i 1< <i t ] h +Tr [ i 1=1 x 1+3i 1 x 2+ t j=1 3i j x 1+ t j=1 3i j t=2 ]. 0 i 1< <i t x 1+ t j=1 3i j Using the expression of (5.13) for f h (x) and merging terms in (5.16), we obtain s t =Tr(1)+(h +1)Tr(x)+Tr(x 2 )+Tr h +Tr t=2 1 i 2< <i t +Tr (h i t +1) t=2 i t=t [ x 2+ t j=1 3i j ] (h i 1 +1)x 1+3i 1 i 1=1 x 1+ t j=1 3i j 1 i 1< <i t 1 i t. The desired conclusions on the linear span and the minimal polynomial M s (x) then follow from Lemmas 2.2, 5.11, 5.20, 5.12, 5.21, and (5.17). The following theorem provides information on the code C s. Theorem The code C s defined by the sequence of Lemma 5.22 has parameters [n, n L s,d] and generator polynomial M s (x), wherel s and M s (x) are given in Lemma Proof. The dimension of C s follows from Lemma 5.22 and the definition of the code C s. As a corollary of Theorem 5.23, we have the following. Corollary Let h =3. The code C s of Theorem 5.23 has parameters [n, n L s,d] and the generator polynomial M s (x) given by M s (x) =(x 1) N3(m) m α 1(x)m α 2(x)m α 5(x)m α 10(x)m α 11(x)m α 13(x)m α 14(x),

15 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1991 where L s =7m + N 3 (m). In addition, { 5 d 16 if N3 (m) =1, 4 d 16 if N 3 (m) =0. Proof. We need to prove only the bounds on the minimum weight of this code. The upper bound on d follows from the sphere-packing bound and the dimension of the code. In both cases, the reciprocal of M s (x) has the roots α i for all i {1, 2, 3}. When N 3 (m) = 1, the reciprocal of M s (x) has the additional root α 0. The lower bounds then follow from the BCH bound. Open Problem For the code C s of Corollary 5.24, do the following lower bounds hold? { 9 when Np (m) =1, d 8 when N p (m) = Open problems regarding the nonbinary cyclic codes from monomials and trinomials. In previous subsections of section 5, some nonbinary cyclic codes from some monomials and trinomials were studied. It would be nice if the following open problems could be solved. Open Problem Determine the dimension and the generator polynomial of the code C s defined by f(x) =x (3m 3)/2 over GF(3). Develop tight lower bounds on the minimum weight of this code. The following examples demonstrate that the code described in Open Problem 5.26 looks promising. Example Let (m, q) =(3, 3) and α be a generator of GF(q m ) with α 3 + 2α + 1 = 0. Then the generator polynomial of the code C s is M s (x) =x 6 +2x 5 + 2x 4 + x 3 + x 2 +2x +2, and C s is a [26, 20, 4] cyclic code over GF(3), and is an optimal linear code according to the Database. Example Let (m, q) =(4, 3) and α be a generator of GF(q m ) with α 4 + 2α = 0. Then the generator polynomial of the code C s is M s (x) =x 11 +2x 8 + 2x 6 +2x 5 +2x 4 + x 3 +2x 2 + x +2, and C s is a [80, 69, 5] cyclic code over GF(3). The upper bound on the minimum weight of any linear code of length 80 and dimension 69 over GF(3) is 6 according to the Database. The record linear code with parameters [80, 69, 6] reported in the Database is not cyclic. Open Problem Determine the dimension and the generator polynomial of the code C s defined by permutation trinomial f(x) =x qm 2 over GF(q), whereq is odd. Develop tight lower bounds on the minimum weight of this code. Regarding the cyclic code defined by f(x) =x qm 2 over GF(q), the case for q =2 was settled in section 4. The case for q being odd is more complicated. The code is interesting in the binary case. Open Problem Determine the dimension and the generator polynomial of the code C s defined by the monomial f(x) =x (5h +1)/2 over GF(5 m ),where gcd(2m, h) =1. Develop tight lower bounds on the minimum weight of this code. Open Problem Determine the dimension and the generator polynomial of the ternary code C s defined by the monomial f(x) =x e over GF(3 m ),where 3 (m+1)/2 1 2 if m 3 (mod 4), e = 3 (m+1)/ m 1 2 if m 1 (mod 4). Develop tight lower bounds on the minimum weight of this code.

16 1992 CUNSHENG DING Open Problem Determine the dimension and the generator polynomial of the ternary code C s defined by the monomial f(x) =x e over GF(3 m ),where 3 m if m 3 (mod 4), e = 3 m m 1 2 if m 1 (mod 4). Develop tight lower bounds on the minimum weight of this code. Open Problem Determine the dimension and the generator polynomial of the ternary code C s defined by the monomial f(x) =x e over GF(3 m ),where ( )( ) e = 3 (m+1)/4 1 3 (m+1)/2 +1, m 3 (mod 4). Develop tight lower bounds on the minimum weight of this code. 6. A related construction of cyclic codes. Given any nonlinear function f(x) ongf(r), we define its differential sequence š by (6.1) š i =Tr(f(α i +1) f(α i )) for all i 0, where α is a generator of GF(r) and Tr(x) denotes the trace function from GF(r) togf(q). We use Cš to denote the cyclic code defined by the sequence š. Polynomials over GF(r) oftheform i,j a i,jx qi +q j are called Dembowski Ostrom polynomials, wherea i,j GF(r). If f(x) is a Dembowski Ostrom planar polynomial, then u(x) =f(x +1) f(x) is an affine permutation of GF(r). When f(x) =x 2,one can prove that the code Cš has generator polynomial (x 1) δ m α 1(x) and parameters [n, n m δ, d], where δ {0, 1} and { d =3ifδ =1, d =2ifδ =0. The code Cš is very good in this case. The planar property of f(x) will make the sequence balanced and have the desired minimal polynomial. Similarly, almost perfect nonlinear functions f(x) are very attractive for this construction. When f(x) =x h is a monomial over GF(r), the relation between codes Cš and C s must be one of the following: the generator polynomial of C s is equal to m α h(x) times that of Cš and the dimension of C s is equal to that of Cš minus m. Hence, C s is a subcode of Cš; the generator polynomial of Cš is equal to m α h(x) times that of C s and the dimension of Cš is equal to that of C s minus m. Hence, Cš is a subcode of C s. All of the monomials and trinomials could be plugged into this related construction above and the codes Cš are extremely good (many are optimal and almost optimal). Theorems about the codes C s developed in previous sections can be modified into theorems about the codes Cš. As an example, we will do this for the monomial f(x) =x 2t +3. Lemma 6.1. Let m = 2t Let š be the sequence of (6.1), where f(x) =x 2t +3. Then the linear span Lš of š is equal to 4m +1 and the minimal polynomial Mš(x) of š is given by (6.2) Mš(x) =(x 1)m α 1(x)m α 3(x)m α (2 t +1)(x)m α (2 t +2)(x).

17 CYCLIC CODES FROM SOME MONOMIALS AND TRINOMIALS 1993 Proof. The proof of Lemma 5.5 can be slightly modified into a proof of this lemma. The details are left to the reader. The following theorem provides information on Cš. Theorem 6.2. Let m 7 be odd. The binary code Cš defined by the sequence of Lemma 6.1 has parameters [2 m 1, 2 m 2 4m, d] and generator polynomial Mš(x) of (6.2), where d 6. Proof. The proof of Theorem 5.6 can be slightly modified into a proof of this theorem. The details are left to the reader. Example 6.3. Let m =3andα be a generator of GF(2 m ) with α 3 + α +1=0. Then Cš is a [7, 6, 2] optimal binary cyclic code with generator polynomial x +1. Example 6.4. Let m =5andα be a generator of GF(2 m ) with α 5 + α 2 +1=0. Then Cš is a [31, 20, 6] optimal binary cyclic code with generator polynomial x 11 + x 9 + x 8 + x 7 + x Concluding remarks and summary. In this paper, we constructed a number of families of cyclic codes with monomials and trinomials of special types. The dimension of some of the codes is flexible. We determined the minimum weight for some families of cyclic codes, and developed tight lower bounds for other families of cyclic codes. The main results of this paper showed that the two approaches of constructing cyclic codes with polynomials are quite promising. While it is rare to see optimal cyclic codes constructed with tools in algebraic geometry and algebraic function fields, the simple constructions of cyclic codes with monomials and trinomials over GF(r) employed in this paper are very impressive in the sense that it has produced many optimal and almost optimal cyclic codes. Note that all the families of cyclic codes presented in this paper are very good in general. It is known that long BCH codes are bad [16]. However, it was indicated in [3, 19] that there may be good cyclic codes. The cyclic codes presented in this paper proved that some families of cyclic codes are in fact very good. APN monomials over GF(2 m ) were employed to construct binary [2 m 1, 2 m 1 2m, 5] cyclic codes by Carlet, Charpin, and Zinoviev [6], and perfect nonlinear polynomials over GF(p) were used to define [p m 1,p m 1 2m, d] nonbinary codes by Carlet, Ding, and Yuan [7], where p is an odd prime. The dimension of the codes obtained from these two constructions in [6, 7] is always equal to p m 1 2m. In this paper we employed both perfect nonlinear polynomials and APN monomials to construct cyclic codes. However, our construction of cyclic codes using these polynomials is different from those in [6, 7] as the dimension of the codes obtained in this paper is usually different from p m 1 2m and variable. In fact, the parameters of the cyclic codes from APN or PN polynomials obtained in this paper do not depend on the APN or PN property of these polynomials. For the construction of the cyclic codes in this paper, a number of periodic sequences over GF(q) are designed. Some of them could be employed in certain stream ciphers as keystreams. For example, the binary sequence defined by the monomial x 2m 2 over GF(2 m ) in section 4 is employed in a stream cipher described in [25]. So the contribution of this paper in cryptography is the computation of the linear spans of these sequences. A number of open problems regarding cyclic codes were proposed in this paper. The reader is cordially invited to attack them. Acknowledgments. The author is grateful to Ron Roth and the reviewers for their comments and suggestions that improved the quality and presentation of this paper.

18 1994 CUNSHENG DING REFERENCES [1] M. Antweiler and L. Bomer, Complex sequences over GF(p M ) with a two-level autocorrelation function and a large linear span, IEEE Trans. Inform. Theory, 8 (1992), pp [2] A. M. Barg and I. I. Dumer, On computing the weight spectrum of cyclic codes, IEEE Trans. Inform. Theory, 38 (1992), pp [3] E. R. Berlekamp and J. Justesen, Some long cyclic linear binary codes are not so bad, IEEE Trans. Inform. Theory, 20 (1974), pp [4] I. F. Blake and R. C. Mullen, The Mathematical Theory of Coding, Academic Press, New York, [5] A. R. Calderbank, W. Li, and B. Poonen, A 2-adic approach to the analysis of cyclic codes, IEEE Trans. Inform. Theory, 43 (1997), pp [6] C. Carlet, P. Charpin, and V. Zinoviev, Codes, bent functions and permutations suitable for DES-like cryptosystems, Des. Codes Cryptogr., 15 (1998), pp [7] C. Carlet, C. Ding, and J. Yuan, Linear codes from highly nonlinear functions and their secret sharing schemes, IEEE Trans. Inform. Theory, 51 (2005), pp [8] C. Ding and J. Yuan, A family of skew Hadamard difference sets, J.Combin.TheorySer.A, 113 (2006), pp [9] S. T. Dougherty and S. Ling, Cyclic codes over Z 4 of even length, Des. Codes Cryptogr., 39 (2006), pp [10] T. Feng, On cyclic codes of length 2 2r 1 with two zeros whose dual codes have three weights, Des. Codes Cryptogr., 62 (2012), pp [11] C. Güneri and F. Özbudak, Weil-Serre type bounds for cyclic codes, IEEE Trans. Inform. Theory, 54 (2008), pp [12] Q. Huang, Q. Diao, S. Lin, and K. Abdel-Ghaffar, Cyclic and quasi-cyclic LDPC codes on constrained parity-check matrices and their trapping sets, IEEE Trans. Inform. Theory, 58 (2012), pp [13] W. C. Huffman and V. Pless, Fundamentals of Error-Correcting Codes, Cambridge University Press, Cambridge, [14] Y. Jia, S. Ling, and C. Xing, On self-dual cyclic codes over finite fields, IEEE Trans. Inform. Theory, 57 (2011), pp [15] R. Lidl and H. Niederreiter, Finite Fields, Cambridge University Press, Cambridge, [16] S. Lin and E. J. Weldon, Long BCH codes are bad, Inform. Control, 11 (1967), pp [17] J. H. van Lint and R. M. Wilson, On the minimum distance of cyclic codes, IEEE Trans. Inform. Theory, 32 (1986), pp [18] J. Luo and K. Feng, Cyclic codes and sequences from generalized Coulter-Matthews function, IEEE Trans. Inform. Theory, 54 (2008), pp [19] C. Martínez-Pérez and W. Willems, Is the class of cyclic codes asymptotically good?, IEEE Trans. Inform. Theory, 52 (2006), pp [20] M. J. Moisio, The moments of a Kloosterman sum and the weight distribution of a Zetterbergtype binary cyclic code, IEEE Trans. Inform. Theory, 53 (2007), pp [21] O. Moreno and P. V. Kumar, Minimum distance bounds for cyclic codes and Deligne s theorem, IEEE Trans. Inform. Theory, 39(5) (1993), pp [22] V. S. Pless and Z. Qian, Cyclic codes and quadratic residue codes over Z4, IEEE Trans. Inform. Theory, 42 (1996), pp [23] A. Rao and N. Pinnawala, A family of two-weight irreducible cyclic codes, IEEE Trans. Inform. Theory, 56 (2010), pp [24] R. M. Roth and G. Seroussi, On cyclic MDS codes of length q over GF(q), IEEE Trans. Inform. Theory, 32 (1986), pp [25] W. Si and C. Ding, A simple stream cipher with proven properties, Cryptogr. Commun., 4 (2012), pp [26] X. Zeng, L. Hu, W. Jiang, Q. Yue, and X. Cao, The weight distribution of a class of p-ary cyclic codes, Finite Fields Appl., 16 (2010), pp