primitive recursive vector sequences, polynomial …people.math.carleton.ca/~sartaj/mythesis.pdf ·...

PRIMITIVE RECURSIVE VECTOR SEQUENCES,

POLYNOMIAL SYSTEMS AND

DETERMINANTAL CODES OVER FINITE FIELDS

A Thesis

Submitted in Partial Fulfillment of the Requirements

For the Degree of

Doctor of Philosophy

by

Sartaj Ul Hasan

(02409003)

Under the Supervision of

Supervisor: Professor Sudhir R. Ghorpade

External Supervisor: Dr. Meena Kumari

DEPARTMENT OF MATHEMATICS

INDIAN INSTITUTE OF TECHNOLOGY, BOMBAY

2009

Approval Sheet

The thesis entitled

“PRIMITIVE RECURSIVE VECTOR SEQUENCES, POLYNOMIAL

SYSTEMS AND DETERMINANTAL CODES OVER FINITE FIELDS”

by

Sartaj Ul Hasan

is approved for the degree of

DOCTOR OF PHILOSOPHY

Examiners

Supervisor (s)

Chairman

Date :

Place :

To My Teachers

i

Abstract

This thesis consists of two parts. The first part deals with problems arising in cryptography,

while the second part is related to the theory of linear error correcting codes.

PART-1: In this part, we consider a recent generalization of recursive sequences generated

by LFSRs, i.e., linear feedback shift registers, over finite fields. More specifically, we discuss

a conjecture due to Zeng, Han and He (2007) on the number of primitive σ-LFSRs over

the binary field F2. This is closely related to an open question of Niederreiter (1995). We

formulate a q-ary version of this conjecture and prove that it holds in the affirmative in a

special case. Moreover, we describe a plausible approach to prove the q-ary conjecture in

the general case by first establishing the surjectivity of a certain characteristic map, and

proposing a conjectural description of the size of fibres of this map. The key tools used

include the structure of Singer cycles in general linear groups, Galois theory of extensions

of finite fields, and certain aspects of linear algebra. Several results and questions related

to the general case of the Zeng, Han and He Conjecture are also discussed.

We also propose the design of a nonlinear feedforward σ-LFSR by using the so-called

Langford arrangements, and provide some experimental evidences to support that they are

cryptographically strong with respect to linear complexity.

PART-2: In this part, we begin with an expository account of certain results and conjec-

tures about the number of solutions of polynomial systems over finite fields. This includes a

self-contained proof of a theorem of Serre for projective hypersurfaces over finite fields and

a simpler proof of a theorem of Boguslavasky about systems of two projective hypersurfaces

of the same degree. A conjecture due to Tsfasman and Boguslavasky in the general case is

also stated. These results and conjectures are closely related to the determination of higher

weights of projective Reed-Muller codes, and this connection is outlined.

Next, we introduce a new family of linear error correcting codes, called determinantal

codes that are associated to determinantal varieties over finite fields. We explicitly deter-

mine the length and the dimension of these codes, and obtain bounds on their minimum

Hamming distance in certain special cases.

Contents

1 Introduction 1

2 Primitive Polynomials, Singer Cycles and σ-LFSRs 8

2.1 Primitive Polynomials and Primitive LFSRs . . . . . . . . . . . . . . . . . 8

2.2 Singer Cycles and Singer Subgroups . . . . . . . . . . . . . . . . . . . . . . 11

2.3 Word-Oriented Feedback Shift Register: σ-LFSR . . . . . . . . . . . . . . . 13

2.4 Block Companion Matrices . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.5 The Characteristic Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.6 The Case n = 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

2.7 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3 Word-Oriented Nonlinear Feedforward σ-LFSR 25

3.1 Linear Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3.2 Linear complexity of σ-LFSR . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.3 Word-oriented nonlinear feedforward σ-LFSR . . . . . . . . . . . . . . . . 29

4 Polynomial Systems Over Finite Fields 33

4.1 Elementary Bounds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

4.2 Projective Hypersurfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

4.3 Systems of Homogeneous Polynomials . . . . . . . . . . . . . . . . . . . . . 40

4.3.1 Basic Definitions and Results . . . . . . . . . . . . . . . . . . . . . 40

4.3.2 Boguslavasky’s Inequality . . . . . . . . . . . . . . . . . . . . . . . 43

ii

CONTENTS iii

4.4 Connection with Coding Theory . . . . . . . . . . . . . . . . . . . . . . . . 46

4.4.1 Polynomials Over Fq . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.4.2 Generalized Hamming Weights . . . . . . . . . . . . . . . . . . . . 47

4.4.3 Affine Reed-Muller codes . . . . . . . . . . . . . . . . . . . . . . . . 48

4.4.4 Projective Reed-Muller codes . . . . . . . . . . . . . . . . . . . . . 49

4.4.5 Tsfasman-Boguslavasky’s Conjecture . . . . . . . . . . . . . . . . . 51

5 Codes Associated to Determinantal Varieties 53

5.1 Linear codes and projective systems . . . . . . . . . . . . . . . . . . . . . . 54

5.2 Determinantal varieties over finite fields . . . . . . . . . . . . . . . . . . . . 56

5.3 Determinantal codes and their basic parameters . . . . . . . . . . . . . . . 59

Bibliography 61

Chapter 1

Introduction

This thesis comprises of a study of some combinatorial and geometric problems, which have

their origin in cryptography and coding theory, and it consists of two parts.

1. Enumeration of primitive σ-linear feedback shift registers (σ-LFSRs) and the design

of word-oriented nonlinear feedward σ-LFSRs.

2. Linear codes associated to projective varieties over finite fields.

Chapters 2 and 3 of thesis cover the first part, while Chapters 4 and 5 constitute the second

part. In the following, we explain some relevant background and give a brief motivated

account of the contents of the two parts.

PART-1

Enumeration of primitive σ-LFSRs and the design of

word-oriented nonlinear feedforward σ-LFSRs

Denote, as usual, by Fq the finite field with q elements and by Fq[X] the ring of poly-

nomials in one variable X with coefficients in Fq. It is elementary and well known that if

f(X) ∈ Fq[X] is of degree n and f(0) 6= 0, then f(X) divides Xe − 1 for some positive

integer e ≤ qn−1. The least such e is called the order of f(X) and is denoted by ord f(X).

We say that a monic polynomial f(X) ∈ Fq[X] of degree n is primitive if f(0) 6= 0 and

1

CHAPTER 1. INTRODUCTION 2

ord f(X) = qn − 1. The study of primitive polynomials goes back to Gauss and is an

interesting and important part of the theory of finite fields. A basic reference is [29, Ch.

3] and some of the relevant facts about primitive polynomials are recalled in Chapter 2.

Elements of the maximum possible order in the finite group GLn(Fq) of n × n non-

singular matrices with entries in Fq are called Singer cycles. These are closely related to

primitive polynomials since this maximum possible order is, in fact, qn − 1, and more-

over, characteristic polynomials of Singer cycles are primitive. We refer to [24] and [42] for

some basic aspects of the study of Singer cycles and provide a brief outline of basic results

together with some relevant consequences in Chapter 2

Linear feedback shift registers (LFSRs) are devices frequently used in cryptography

and coding theory (cf. [18, 29]). In effect, a LFSR can be viewed as a homogeneous

linear recurrence relation of finite order over the field Fq. Such a LFSR gives rise to an

infinite sequence of elements of Fq. In the binary case (q = 2), these sequences are used for

efficient encryption of data in designing stream ciphers. In general, it can be shown that

these sequences are (ultimately) periodic and the maximum possible period of an nth order

linear recurring sequence is qn − 1. In order to have good cryptographic properties [18],

one is mainly interested in the sequences generated by LFSRs of a given order that have

the maximum period. The LFSRs corresponding to sequences with maximum period are

known as primitive LFSRs. Using the connection with primitive polynomials or otherwise,

it is readily seen that the number of primitive LFSRs of order n over Fq is given by

φ(qn − 1)

n(1.1)

where φ is the Euler totient function.

Recently, Zeng, Han and He, in their preprint [48] of 2007, have proposed a gener-

alization of a (traditional) LFSR to a word-oriented linear feedback shift register, called

σ-LFSR. It is argued in [48] that the σ-LFSRs meet the dual demands of high efficiency

and good cryptographic properties, and that these can be viewed as a solution to a problem

of Preneel [37] on designing fast and secure LFSRs with the help of the word operations of


modern processors and the techniques of parallelism. Notions of primitivity readily extend

from LFSRs to σ-LFSRs although the connection with primitive polynomials and matri-

ces is a little more intricate. Unlike (1.1), a simple formula for the number of primitive

σ-LFSRs of order n over Fqm is not known, but an intriguing explicit formula in the binary

case has been conjectured. Motivated by this and based on empirical evidence, we have

formulated a version of this conjecture in the more general q-ary case. It states that the

number of primitive σ-LFSRs of order n over Fqm is given by

φ(qmn − 1)

mn.qm(m−1)(n−1)

m−1∏i=1

(qm − qi). (1.2)

We have also found that the seemingly new notion of a σ-LFSR can, in fact, be traced back

to the work of Niederreiter (1993-1996) mainly in the context of pseudorandom number

generation. Indeed, in a series of papers [32, 33, 34, 35], Niederreiter has introduced the

so called multiple recursive matrix method and the notion of recursive vector sequences.

The latter are essentially the same as sequences generated by a σ-LFSR, modulo a natural

isomorphism the field Fqm with qm elements and the vector space Fmq of dimension m over

Fq. The question of counting the number of primitive σ-LFSRs of a given order n over Fqm

is considered in [33, p. 11] under a different guise (cf. Remark 2.5.3 in Chapter 2), and

is termed as open problem. However, no explicit formula for this number is given, even

conjecturally, in the work of Niederreiter, and therefore, the credit for formulating (1.2)

should go to Zeng, Han and He [48] at least in the binary case. Moreover, in a personal

communication, Professor Niederreiter has informed us that the problem of counting the

number of primitive σ-LFSRs of a given order n over Fqm is still open to the best of his

knowledge. Our contribution to this problem can be summarized as follows.

To begin with, we note that in one initial case m = 1, the conjectural formula (1.2) is

an immediate consequence of (1.1). The other initial case n = 1 is not altogether trivial,

and we use certain properties of Singer cycles to prove that (1.2) holds in this case. In

the general case, we propose a plausible approach to derive (1.2) by noting that it suffices


to analyze the image and the fibers of a natural map from a certain class of mn × mn

matrices to the set of primitive polynomials of degree mn. We accomplish the first task by

showing that this map is surjective. As for the second, we give a conjectural description of

the fibers, which is again shown to be valid in the case n = 1 and illustrated in a few other

small cases. In the course of obtaining these results, we also give a number of equivalent

formulations of the q-ary version of the conjecture of Zeng, Han and He.

In Chapter 3, we initiate the study of a word-oriented nonlinear feedforward σ-LFSR.

This is based on an idea of Groth [19], which advocates the use of a Langford arrangement

[28] on LFSR in a clever fashion. Combining Langford arrangements with σ-LFSRs appears

to be a new and useful idea. Indeed, it seems that the resulting sequences generated

by nonlinear feedforward σ-LFSRs will have high linear complexity together with good

randomness properties as compared to simple σ-LFSRs. To support this, some experimental

results have been illustrated in Chapter 3. Work of this chapter is still in progress.

PART-2

Linear codes associated to projective varieties over finite fields

Let n, k be integers with 1 ≤ k ≤ n. A linear [n, k]q-code is, by definition, a k-

dimensional subspace C of the n-dimensional vector space Fnq . The parameters n and k

are referred to as the length and the dimension of the corresponding code. If C is linear

[n, k]q-code, then the minimum distance d = d(C) of C is given by

d(C) := min{|χ(x)| : x ∈ C, x 6= 0}

where χ(x) := {i ∈ {1, . . . , n} : xi 6= 0} is the support of the element x in Fnq . More

generally, the support of a subspace D of C is defined by

χ(D) := {i ∈ {1, . . . , n} : ∃ (x1, x2, ..., xn) ∈ D such that xi 6= 0}.


We shall use this to define the so-called higher weights or generalized Hamming weights of

a code. The notion of higher weights was introduced by Victor Wei in his seminal paper

[47] with the motivation of applying it in cryptology (codes for wire-tap channel of type

II, t-resilient functions). He viewed the minimum Hamming weight as a certain minimum

property of one-dimensional subcodes, and obtained a notion of higher dimensional Ham-

ming weights for linear codes. Given any positive integer r, the rth higher weight dr = dr(C)

of C is defined by

dr(C) := min{|χ(D)| : D is a subspace of C with dimD = r}.

Note that d1(C) = d(C).

An alternative way to describe linear codes is via the language of projective systems.

The notion of projective system was introduced by Tsfasman and Vladut [45], and they

showed that there is a one-to-one correspondence between projective systems and linear

codes, up to certain natural notions of equivalence on both these objects. Briefly, a pro-

jective system is a (multi)set X of n points in the projective space Pk−1 over Fq, and it

gives rise to a linear [n, k]q-code CX . Finding the higher weights of CX corresponds to

determining the maximum number of Fq-rational points on the sections of X by linear

subvarieties of Pk−1 of a given codimension. This geometric approach to higher weights of

codes is explained in [46] and a number of examples of determination of higher weights are

also discussed. In general, it is seen that to explicitly determine all the higher weights of a

linear code is usually interesting and also difficult.

Using the connection with projective systems or otherwise, several classes of linear codes

associated to higher dimensional projective algebraic varieties have recently been studied.

A few specific examples are cited in the introduction to Chapter 5, and we refer to the

above-mentioned work of Tsfasman and Vladut [46] and the recent survey of Little [30] for

more on this. In this thesis, we are particularly interested in the projective Reed-Muller

codes, which may be viewed as linear codes associated to Veronese varieties, and the linear

codes associated to determinantal varieties.


The question of determining the higher weights of projective Reed-Muller codes is open,

in general, and has been of considerable interest. This question can be viewed purely in

terms of the number of zeros of (homogeneous) polynomial systems over finite fields, and

is motivated as such in the Introduction of Chapter 4. Subsequently, we give in Chapter 4

a fairly self-contained account of the main results known concerning this question. This

includes a result of Serre on the number of points of projective hypersurfaces, and a simpler

proof of a result of Boguslavsky. As a consequence, it is seen that if Rq(u,Pm) denotes the

q-ary projective Reed-Muller code of order u on Pm, then

d1 (Rq(u,Pm)) = (q − u+ 1)qm−1.

Moreover, the second higher weight is given by

d2 (Rq(u,Pm)) =

qm + qm−1 if u = 1,

qm − (u− 2)qm−1 − qm−2 if u > 1.

It may be remarked that the formula for d2 as stated in the paper of Boguslavsky [1] is

incorrect in the case u = 1. In fact, the case u = 1 is relatively easy and, as noted in

Chapter 4, it can be shown, in general, that

dr (Rq(1,Pm)) = qm + qm−1 + · · ·+ qm−r+1 for 1 ≤ r ≤ m+ 1 = dim Rq(1,Pm).

In Chapter 5, we introduce a new class of linear codes, called determinantal codes.

These arise from determinantal varieties over finite fields. More specifically, we consider

the generic determinantal variety given by the vanishing of all (t + 1) × (t + 1) minors of

a ` × m matrix whose entries are independent indeterminates over Fq. The linear codes

associated to these determinantal varieties are denoted by Dt(`,m) and they may be viewed

as analogues of the codes associated to Schubert varieties that have recently been of some

interest (cf. [12, 15, 20]). We explicitly determine the length n and the dimension k of


determinantal codes, and show that

n =t∑

j=1

qj2−j

2

(q − 1).

j−1∏i=0

(q`−i − 1)(qm−i − 1)

(qi+1 − 1)and k = `m.

The former uses an old result of Landsberg (1893). Further, we use Serre’s inequality

proved in Chapter 4 to obtain the following lower bound on the minimum distance of

determinantal codes in the case ` = m = t+ 1:

d (Dt(`,m)) ≥ q`2−1 + q`

2−2 + (1− `)q`2−3 − q

`(`−1)2

∏i=2

(qi − 1).

Moreover, it is seen that the equality holds if ` = m = 2.

Results of Chapter 2 are contained in our preprint [17], which is now accepted for

publication in Designs, Codes and Cryptography. The study initiated in chapter 3 is still in

progress and we are likely to write a paper based on this chapter in near future. Chapter

4 is mostly expository in nature and an article based on this chapter is under preparation.

A manuscript based on the results of chapter 5 is ready to be submitted for publication.

Chapter 2

Primitive Polynomials, Singer Cycles

and σ-LFSRs

As indicated in the Introduction to this thesis, the notion of a primitive polynomial is quite

classical and is closely related to the notion of primitivity for a linear feedback shift register

(LFSR). In Section 2.1 below, we begin by reviewing a few basic facts about primitive

polynomials and LFSRs. Next, in Section 2.2, we show how primitive polynomials and

Singer cycles in general linear groups are related to each other. The σ-LFSRs of Zeng, Han

and He [48] are defined in Section 2.3 and the q-ary version of their conjecture concerning

the number of primitve σ-LFSRs is also given there. Subsequently, in Sections 2.4, 2.5,

2.6 and 2.7, we describe equivalent formulations of this conjecture and the results we have

obtained concerning the validity of this conjecture in certain special cases.

2.1 Primitive Polynomials and Primitive LFSRs

Recall that if f(X) ∈ Fq[X] is a polynomial of degree n such that f(0) 6= 0, then there is

a positive integer e ≤ qn − 1 such that f(X) divides Xe − 1. The least such e is called

the order of f(X) and is denoted by ord f(X). More generally, if f(X) is any nonzero

polynomial in Fq[X], then we can write f(X) = Xdg(X), where d ≥ 0 and g(X) ∈ Fq[X]

8

CHAPTER 2. PRIMITIVE POLYNOMIALS, SINGER CYCLES AND σ-LFSRS 9

with g(0) 6= 0, and we define ord f(X) := ord g(X). A monic polynomial in Fq[X] of degree

n is said to be primitive if its order is qn − 1.

By a primitive element in a finite cyclic group G we mean a generator of G. Primitive

polynomials in Fq[X] are related to primitive elements by the following characterization

[29, Thm. 3.16], which is sometimes used to give an alternative definition of primitive

polynomials.

Proposition 2.1.1. Let f(X) ∈ Fq[X] be of degree n ≥ 1. Then f(X) is a primitive

polynomial if and only if f(X) is the minimal polynomial of a primitive element of the

cyclic group F∗qn of nonzero elements of the finite field Fqn.

Using the above theorem together with the fact that the number of primitive elements in

a cyclic group of order N is φ(N), we readily see that the number of primitive polynomials

in Fq[X] of degree n is given by (1.1).

We shall now proceed to review the basic definitions and some of the basic results

concerning linear feedback shift registers.

Definition 2.1.2. Let n be a positive integer and let c0, c1, . . . , cn−1 ∈ Fq. Given any n-

tuple (s0, s1, . . . , sn−1) ∈ Fnq , let s

∞ = (s0, s1, . . . ) denote the infinite sequence of elements

of Fq determined by the following linear recurrence relation:

si+n = sic0 + si+1c1 + · · ·+ si+n−1cn−1 for i = 0, 1, . . . (2.1)

The system (2.1) is called a linear feedback shift register (LFSR) of order1 n over Fq,

while the sequence s∞ is referred to as the sequence generated by the LFSR (2.1). The

n-tuple (s0, s1, · · · , sn−1) is called the initial state of the LFSR (2.1) and the polynomial

Xn − cn−1Xn−1 − · · · − c1X − c0 is called the characteristic polynomial of the LFSR (2.1).

The sequence s∞ is said to be ultimately periodic if there are integers r, n0 with r ≥ 1 and

n0 ≥ 0 such that sj+r = sj for all j ≥ n0. The least positive integer r with this property

1Some times order of LFSR is also referred as length of LFSR.


is called the period of s∞ and the corresponding least nonnegative integer n0 is called the

preperiod of s∞. The sequence s∞ is said to be periodic if its preperiod is 0.

It is customary to depict the LFSR (2.1) as in Figure 2.1.

Figure 2.1: Model of a linear feedback shift register (LFSR)

Some basic facts about LFSRs are summarized in the two propositions below. Proofs

can be found, for example, in [29, Ch. 8].

Proposition 2.1.3. For the sequence s∞ generated by the LFSR (2.1) of order n over Fq,

we have the following.

(i) s∞ is ultimately periodic and its period is ≤ qn − 1.

(ii) If c0 6= 0, then s∞ is periodic. Conversely, if s∞ is periodic whenever the initial state

is of the form (b, 0, . . . , 0), where b ∈ Fq with b 6= 0, then c0 6= 0.

We say that a LFSR of order n over Fq is primitive if for any choice of a nonzero initial

state, the sequence generated by that LFSR is periodic of period qn − 1. Primitive LFSRs

admit the following characterization.

Proposition 2.1.4. A LFSR of order n over Fq is primitive if and only if its characteristic

polynomial is a primitive polynomial of degree n in Fq[X].

As an immediate consequence of Propositions 2.1.1 and 2.1.4, we see that the number

of primitive LFSRs of order n over Fq is given by (1.1).


2.2 Singer Cycles and Singer Subgroups

The following result about orders of elements in a general linear group over finite field is

well known. We include a more elaborate version and a quick proof since it seems a bit

difficult to locate in or extract from the literature. An alternative (and somewhat longer)

proof of the inequality below can be found, for example, in [6, p. 742]. In what follows, for

an element A of a finite group G, we denote by o(A) the order of A in G.

Proposition 2.2.1. Let A ∈ GLn(Fq) and let p(X) ∈ Fq[X] be the minimal polynomial of

A and χ(X) ∈ Fq[X] be the characteristic polynomial of A. Then p(0) 6= 0 and o(A) =

ord p(X). In particular,

(i) o(A) ≤ qn − 1,

(ii) if the equality holds, then p(X) = χ(X). Also, we have:

o(A) = qn − 1 ⇐⇒ p(X) is primitive of degree n ⇐⇒ χ(X) is primitive. (2.2)

Proof. Since A is nonsingular, 0 is not an eigenvalue of A and hence p(0) 6= 0. Now, if I

denotes the n× n identity matrix over Fq, then for any positive integer e, we clearly have

Ae = I ⇐⇒ p(X) divides Xe − 1.

Consequently, o(A) = ord p(X). Further, degχ(X) = n and in view of the Cayley-Hamilton

Theorem, p(X) divides χ(X). In particular, deg p(X) ≤ n and hence o(A) = ord p(X) ≤

qn − 1. Moreover, if ord p(X) = qn − 1, then deg p(X) = n = degχ(X), and hence

p(X) = χ(X). On the other hand, if χ(X) is primitive, then it is irreducible and so

χ(X) = p(X). This yields the equivalence in (2.2).

Alternative proof of part (i) and (ii) of Proposition 2.2.1

Proof. By the Cayley-Hamilton Theorem, χ(A) = 0. In particular, if d = deg p(X), then

p(X) divides χ(X) and d ≤ n = degχ(X). Further, if G denotes the cyclic subgroup of


GLn(Fq) generated by A, then the group algebra Fq[G] is isomorphic to R = Fq[X]/ 〈p(X)〉.

Now G is a subgroup of the group Fq[G]× of units in Fq[G], and therefore

o(A) = |G| ≤∣∣Fq[G]×

∣∣ = ∣∣R×∣∣ ≤ qd − 1 ≤ qn − 1.

Also, it is clear that if o(A) = qn − 1, then d = n and hence χ(X) = p(X).

A cyclic subgroup of GLn(Fq) of order e = qn−1 is called a Singer subgroup of GLn(Fq)

and an element of GLn(Fq) of order e is called a Singer cycle in GLn(Fq). This terminology

stems from [42] and seems appropriate since GLn(Fq) can be viewed as a subgroup of the

symmetric group Se via the natural transitive action of GLn(Fq) on the set Fnq \ {0}, and

elements of GLn(Fq) of order e evidently correspond to e-cycles in Se. We now recall two

results from [24, II.§7] (see also [4]) about Singer subgroups that will be useful to us later.

Proposition 2.2.2. Any two Singer subgroups in GLn(Fq) are conjugate.

Proposition 2.2.3. Let σ be the Frobenius automorphism of order n of the field Fqn.

Identify Fqn with the vector space Fnq and regard σ as an element of GLn(Fq). Also, let

H be a Singer subgroup of GLn(Fq) and N denote its normalizer in GLn(Fq). Then N is

isomorphic to the semi-direct product H o 〈σ〉 of H and the cyclic subgroup of GLn(Fq)

generated by σ.

It may be noted that Proposition 2.2.1 relates Singer cycles to primitive polynomials.

To work in the other direction, we can use companion matrices. Recall that if f(X) =

Xn − cn−1Xn−1 − · · · − c1X − c0 is a monic polynomial of degree n ≥ 1 in Fq[X], then the


companion matrix Cf of f(X) is the n× n matrix

Cf =

0 0 0 . . 0 0 c0

1 0 0 . . 0 0 c1

. . . . . . . .

. . . . . . . .

0 0 0 . . 1 0 cn−2

0 0 0 . . 0 1 cn−1

.

It is clear that detCf = (−1)n+1c0. In particular, Cf ∈ GLn(Fq) if and only if f(0) 6= 0.

Also, we know from linear algebra that f(X) is the minimal polynomial as well as the

characteristic polynomial of Cf . Thus, in view of Proposition 2.2.1, we see that if f(0) 6= 0,

then ord f(X) = o(Cf ) and that f(X) is a primitive polynomial if and only if Cf is a Singer

cycle in GLn(Fq). In turn, primitive LFSRs of order n over Fq are related to Singer cycles

in GLn(Fq). To see the latter in a more direct way, it may be useful to observe that the

companion matrix, say A, of the characteristic polynomial of the LFSR (2.1) is its state

transition matrix. Indeed, the kth state Sk := (sk, sk+1, . . . , sk+n−1) of the LFSR (2.1) is

obtained from the initial state S0 := (s0, s1, . . . , sn−1) by Sk = S0Ak, for any k ≥ 0.

2.3 Word-Oriented Feedback Shift Register: σ-LFSR

Given any ring R and any positive integer d, let Md(R) denote the set of all d× d matrices

with entries in R. Fix throughout this and the subsequent sections, positive integers m

and n, and a vector space basis {α0, . . . , αm−1} of Fqm over Fq. Given any s ∈ Fqm , there

are unique a0, . . . , am−1 ∈ Fq such that s = a0α0 + · · · + am−1αm−1, and we shall denote

the corresponding co-ordinate vector (a0, . . . , am−1) of s by s. Evidently, the association

s 7−→ s gives a vector space isomorphism of Fqm onto Fmq . Elements of Fm

q may be thought

of as row vectors and so sC is a well-defined element of Fmq for any s ∈ Fm

q and C ∈ Mm(Fq).

Following [48], and in analogy with LFSRs, we define a (q-ary) σ-LFSR as follows.


Definition 2.3.1. Let C0, C1, . . . , Cn−1 ∈ Mm(Fq). Given any n-tuple (s0, . . . , sn−1) of

elements of Fqm , let s∞ = (s0, s1, . . . ) denote the infinite sequence of elements of Fqm

determined by the following linear recurrence relation:

si+n = siC0 + si+1C1 + · · ·+ si+n−1Cn−1 for i = 0, 1, . . . (2.3)

The system (2.3) is called a sigma linear feedback shift register (σ-LFSR) of order n over

Fqm , while the sequence s∞ is referred to as the sequence generated by the σ-LFSR (2.3).

The n-tuple (s0, s1, · · · , sn−1) is called initial state of the σ-LFSR (2.3) and the polynomial

Xn−Cn−1Xn−1−· · ·−C1X−C0 with matrix coefficients is called the σ-polynomial of the

σ-LFSR (2.3). The sequence s∞ is said to be ultimately periodic if there are integers r, n0

with r ≥ 1 and n0 ≥ 0 such that sj+r = sj for all j ≥ n0. The least positive integer r with

this property is called the period of s∞ and the corresponding least nonnegative integer n0

is called the preperiod of s∞. The sequence s∞ is said to be periodic if its preperiod is 0.

It is customary to depict the σ-LFSR (2.3) as in Figure 2.2.

Figure 2.2: Model of a sigma linear feedback shift register (σ-LFSR)

The following analogue of Proposition 2.1.3 is easily proved in a similar manner as in

the classical case of LFSRs.

Proposition 2.3.2. For the sequence s∞ generated by the σ-LFSR (2.3) of order n over

Fqm, we have the following.


(i) s∞ is ultimately periodic, and its period is ≤ qmn − 1.

(ii) If C0 is nonsingular, then s∞ is periodic. Conversely, if s∞ is periodic whenever

the initial state is of the form (b, 0, . . . , 0), where b ∈ Fqm with b 6= 0, then C0 is

nonsingular.

We say that a σ-LFSR of order n over Fqm is primitive if for any choice of nonzero initial

state, the sequence generated by that σ-LFSR is periodic of period qmn − 1. Since the σ-

polynomial of a σ-LFSR has coefficients in the noncommutative ring of matrices, notions

such as irreducibility or primitivity are not readily applicable to it, and an analogue of

Proposition 2.1.4 is not obvious. However, as stated in [48, Thm. 2] and proved in [49,

Thm. 3], we have the following characterization of primitive σ-LFSRs.

Proposition 2.3.3. Let f(X) = Xn − Cn−1Xn−1 − · · · − C1X − C0 ∈ Mm(Fq)[X] be the

σ-polynomial of a σ-LFSR of order n over Fqm, where C0 ∈ GLm(Fq) and C` ∈ Mm(Fq)

for ` = 1, . . . , n − 1. For 1 ≤ i, j ≤ m, let f ij(X) ∈ Fq[X] be the polynomial of degree n

given by

f ij(X) = δijXn −n−1∑`=0

cij` X`,

where δij is the Kronecker delta and cij` is the (i, j)th entry of the m × m matrix C` for

` = 0, 1, . . . , n− 1. Finally, let ∆(X) denote the determinant of the m×m matrix (f ij(X))

with polynomial entries. Then the σ-LFSR is primitive if and only if the ∆(X) is a primitive

polynomial over Fq of degree mn.

The q-ary version of Conjecture 1 of [48] is the following.

Conjecture 2.3.4. The number of primitive σ-LFSR of order n over Fqm is given by the

formula (1.2) stated in the Introduction.

We note that since |GLm(Fq)| = (qm− 1)(qm− q) · · · (qm− qm−1), the formula (1.2) can

be equivalently written as

Υ(m,n; q) =|GLm(Fq)|qm − 1

.φ(qmn − 1)

mn.qm(m−1)(n−1) (2.4)


In fact, it appears in [48] in this form in the case q = 2. As noted in [48], the number

Υ(m,n; q) is significantly larger than the number of traditional LFSRs of order n over Fqm ,

namely, φ(qmn − 1)/n, and this is partly a reason why σ-LFSRs are deemed superior than

the LFSRs.

Remark 2.3.5. The significance of the power of q in Υ(m,n; q) is not completely clear. We

merely mention that qm(m−1) is the number of nilpotentm×mmatrices over Fq, thanks to an

old result of Fine and Herstein [8] (see [5] or [10] for a more accessible proof). Consequently,

|GLm(Fq)|qm(m−1)(n−1) is the number of n-tuples (C0, C1, . . . , Cn−1) of m×m matrices over

Fq where C0 is nonsingular and C1, . . . , Cn−1 are nilpotent. However, the relation of such

tuples with primitive σ-LFSRs is not at all clear.

2.4 Block Companion Matrices

By a (m,n)-block companion matrix over Fq we mean T ∈ Mmn(Fq) of the form

T =

0 0 0 . . 0 0 C0

Im 0 0 . . 0 0 C1

. . . . . . . .

. . . . . . . .

0 0 0 . . Im 0 Cn−2

0 0 0 . . 0 Im Cn−1

, (2.5)

where C0, C1, . . . , Cn−1 ∈ Mm(Fq) and Im denotes the m×m identity matrix over Fq, while

0 indicates the zero matrix in Mm(Fq). The set of all (m,n)-block companion matrices over

Fq shall be denoted by BCM(m,n; q). Using a Laplace expansion or a suitable sequence

of elementary column operations, we see that if T ∈ BCM(m,n; q) is given by (2.5), then

detT = ± detC0. Consequently,

T ∈ GLmn(Fq) ⇐⇒ C0 ∈ GLm(Fq). (2.6)


It may be noted that the block companion matrix (2.5) is the state transition matrix for

the σ-LFSR (2.3).

The following elementary observation reduces the calculation of a mn×mn determinant

to an m×m determinant. It is implicit in [49] in the binary case, but one has to be a little

careful with the signs in the q-ary case.

Lemma 2.4.1. Let T ∈ BCM(m,n; q) be given by (2.5) and let F (X) ∈ Mm (Fq[X]) be

defined by F (X) := ImXn−Cn−1X

n−1−· · ·−C1X−C0. Then the characteristic polynomial

of T is equal to detF (X).

Proof. Consider the mn×mn matrix

XImn − T =

XIm 0 0 . . 0 0 −C0

−Im XIm 0 . . 0 0 −C1

. . . . . . . .

. . . . . . . .

0 0 0 . . −Im XIm −Cn−2

0 0 0 . . 0 −Im XIm − Cn−1

Add X times each row in the nth row-block to the corresponding row in the (n − 1)-st

row-block. This will remove the XIm in the (n − 1)-st row-block and it will not alter

the determinant. Next, add X times each row the new in the (n − 1)-st row-block to the

corresponding row in the (n− 2)-nd row-block. Continue successively until all of the XI ′ms

on the main diagonal have been removed. The result is the matrix

0 0 0 . . 0 0 XnIm − Cn−1Xn−1 − · · · − C1X − C0

−Im 0 0 . . 0 0 Xn−1Im − · · · − C2X − C1

. . . . . . . .

. . . . . . . .

0 0 0 . . −Im 0 X2Im − Cn−1X − Cn−2

0 0 0 . . 0 −Im XIm − Cn−1


which has the same determinant as XImn−T . We can clean up the last column by adding

to it appropriate multiples of the other columns so as to obtain

det (XImn − T ) = det

0 0 0 . . 0 0 F (X)

−Im 0 0 . . 0 0 0

. . . . . . . .

. . . . . . . .

0 0 0 . . −Im 0 0

0 0 0 . . 0 −Im 0

.

Finally, we can slide the last column-block to the first by successive column interchanges.

We need m(n − 1) interchanges for each of the m columns in the last column-block, and

so the determinant changes by (−1)m2(n−1). Further, if we pull out the negative sign in

each of the rows in all except the first row-block, then the determinant gets multiplied

by (−1)m(n−1). It follows that the characteristic polynomial of T is (−1)m(m+1)(n−1) times

the determinant of the block diagonal matrix diag (F (X), Im, . . . , Im). Since m(m + 1) is

always even, the lemma is proved.

As a corollary, we can obtain a more amenable form of Conjecture 2.3.4.

Proposition 2.4.2. Conjecture 2.3.4 is equivalent to showing that

|{T ∈ BCM(m,n; q) ∩GLmn(Fq) : o(T ) = qmn − 1}| = Υ(m,n; q), (2.7)

where Υ(m,n; q) is given by the formula (1.2) or the equivalent formula (2.4).

Proof. If T ∈ BCM(m,n; q)∩GLmn(Fq) is given by (2.5) and if F (X) is as in Lemma 2.4.1,

then detF (X) is precisely the polynomial ∆(X) in Proposition 2.3.3. Now, the desired

result follows readily from Propositions 2.2.1 and 2.3.3 together with Lemma 2.4.1.


2.5 The Characteristic Map

Let

BCMS(m,n; q) := {T ∈ BCM(m,n; q) ∩GLmn(Fq) : o(T ) = qmn − 1}

be the set of Singer cycles among (m,n)-block companion matrices, and

P(mn; q) := {p(X) ∈ Fq[X] : p(X) is primitive of degree mn}

be the set of all primitive polynomials of degree mn over Fq. In view of Proposition 2.2.1,

the restriction to BCMS(m,n; q) of the characteristic map

Φ : Mmn(Fq) → Fq[X] defined by Φ(T ) := det (XImn − T )

gives a map from BCMS(m,n; q) to P(mn; q), which we shall denote by Ψ. Clearly,

BCMS(m,n; q) =∐

f(X)∈ im(Ψ)

Ψ−1 (f(X)) ,

where, as usual,∐

denotes disjoint union, im(Ψ) denotes the image of Ψ, and

Ψ−1 (f(X)) := {T ∈ BCMS(m,n; q) : Ψ(T ) = f(X)}

denotes the fiber of f(X) for any f(X) ∈ P(mn; q). Thus, to prove (2.7), it suffices to

determine im(Ψ) and the cardinality of each of the fibers. The former is answered by the

following.

Proposition 2.5.1. The map Ψ : BCMS(m,n; q) → P(mn; q) is surjective.

Proof. Let f(X) ∈ P(mn; q). By Proposition 2.1.1, there is a primitive element γ of F∗qmn

such that f(γ) = 0. Since f(X) ∈ Fq[X], the Frobenius automorphism x 7−→ xq of Fqmn

permutes the roots of f(X), and thus γ, γq, γq2 , . . . , γqmn−1are precisely the mn distinct


roots of f(X). Hence

f(X) =m−1∏j=0

fj(X) where fj(X) :=n−1∏i=0

(X − γqim+j

)for j = 0, . . . ,m− 1.

Note that the map given by x 7−→ xqm is a generator of the Galois group of Fqmn over Fqm ,

and for each j = 0, . . . ,m − 1, it permutes the roots of fj(X) among themselves, and so

fj(X) ∈ Fqm [X]. Moreover, since qj and qmn − 1 are relatively prime, we see that each

fj(X) is the minimal polynomial over Fqm of a primitive element of F∗qmn , namely, γqj , and

thus fj(X) is a primitive polynomial in Fqm [X]; in particular, fj(X) is irreducible in Fqm [X]

and fj(0) 6= 0 for j = 0, . . . ,m− 1. Write

f0(X) = Xn − βn−1Xn−1 − · · · − β1X − β0 where β0, β1, . . . , βn−1 ∈ Fqm .

LetB = Cf0 be the companion matrix of f0(X). By the Cayley-Hamilton Theorem, f0(B) =

0 and hence f(B) = 0. Now, choose a Singer cycle A ∈ GLm(Fq) and let g(X) ∈ Fq[X] be

the minimal polynomial of A. By Proposition 2.2.1, we have g(X) ∈ P(m; q). Moreover,

p(X) 7−→ p(A) defines a Fq-algebra homomorphism of Fq[X] into Mm(Fq) and its image is

the group algebra Fq[A] of the cyclic subgroup of GLm(Fq) generated by A while its kernel

is the ideal of Fq[X] generated by g(X). Since g(X) is irreducible of degree m, the residue

class ring Fq[X]/ 〈g(X)〉 is Fq-isomorphic to Fqm . Thus we obtain a Fq-algebra isomorphism

θ : Fqm → Fq[A], which induces a Fq-algebra homomorphism

θ : Mn (Fqm) → Mn (Mm(Fq)) ' Mmn(Fq) given by θ ((βij)) = (θ (βij))

of the corresponding rings of matrices. It may be noted that since o(A) = qm − 1, we

have Fq[A] ={0, A,A2, . . . , Aqm−1

}, where 0 denotes the zero matrix in Mm(Fq). Now let

Ci := θ(βi) for i = 0, . . . , n − 1, and let T ∈ BCM(m,n; q) be the matrix given by (2.5)

corresponding to thesem×mmatrices C0, C1, . . . , Cm−1. Note that since β0 = f0(0) 6= 0 and

θ is an isomorphism, C0 is nonsingular and hence by (2.6), T ∈ BCM(m,n; q)∩GLmn(Fq).


Also note that T = θ(B). Now, since f(B) = 0 and θ is a Fq-algebra homomorphism, it

follows that f(T ) = 0. Moreover, since f(X) ∈ Fq[X] is primitive of degree mn, it must be

the minimal polynomial of T and further, by Proposition 2.2.1, we see that o(T ) = qmn−1

and f(X) is the characteristic polynomial of T . Thus, T ∈ BCMS(m,n; q) and Φ(T ) =

f(X). This proves that Ψ is surjective.

As for the fibers of Ψ, we propose the following.

Conjecture 2.5.2 (Fiber Conjecture). For any f(X) ∈ P(mn; q), the cardinality of the

fiber Ψ−1 (f(X)) := {T ∈ BCMS(m,n; q) : Ψ(T ) = f(X)} is independent of the choice of

f(X) and, in fact, given by the following formula:

∣∣Ψ−1 (f(X))∣∣ = qm(m−1)(n−1)

m−1∏i=1

(qm − qi).

It is clear that Conjecture 2.5.2 together with Theorem 2.5.1 implies Conjecture 2.3.4.

We remark that the fibers of the ambient map Φ have been studied in the literature (cf.

[10, 38]). The Fiber Conjecture facilitates a connection between Conjecture 2.3.4 and a

question of Niederreiter (which is still open) as indicated below.

Remark 2.5.3. Let α be a primitive element of F∗qmn . A subspaceW of Fqmn of dimensionm

is said to be α-splitting if Fqmn = W⊕αW⊕· · ·⊕αn−1W . Niederreiter [33, p. 11] asks for the

total number of α-splitting subspaces of dimension m. In view of Proposition 2.1.1, fixing a

primitive element of F∗qmn is essentially the same as fixing a primitive polynomial in Fq[X] of

degree mn. Now let Lα : Fqmn → Fqmn be the linear transformation defined by Lα(x) := αx.

Note that the characteristic polynomial of Lα is precisely the minimal polynomial of α.

Moreover, if a subspace W of dimension m is α-splitting and {u1, . . . , um} is an ordered

basis of W , then Bα(u1,...,um) = {u1, . . . , um, αu1, . . . , αum, . . . , α

n−1u1, . . . , αn−1um} is a Fq-

basis of Fqmn and with respect to this ordered basis, the matrix of Lα is a (m,n)-block

companion matrix. Moreover, thanks to Proposition 2.2.1, this block companion matrix is

a Singer cycle. Conversely, a Singer cycle in GLmn(Fq) of the form (2.5) must be the matrix


of Lα with respect to a basis of the form Bα(u1,...,um) and then {u1, . . . , um} clearly spans a

α-splitting subspace. In this way, the enumeration of α-splitting subspaces of dimension m

is essentially equivalent to the determination of cardinalities of the fibers of Ψ.

2.6 The Case n = 1

As noted in the introduction, whenm = 1, (1.2) reduces to (1.1) and hence Conjecture 2.3.4

readily follows from Proposition 2.1.1. Also, when m = 1, the map Ψ is clearly bijective

and hence Conjecture 2.5.2 holds trivially. We will show below that when n = 1, both the

conjectures follow from the structure of Singer cycles.

Proposition 2.6.1. If n = 1, then Conjecture 2.3.4 as well as Conjecture 2.5.2 hold in

the affirmative.

Proof. Suppose n = 1. Then BCMS(m,n; q) is simply the set of all Singer cycles in

GLm(Fq). By Proposition 2.2.2, GLm(Fq) acts transitively on the set of all Singer sub-

groups by conjugation, and hence the number of Singer subgroups of GLm(Fq) is given by

|GLm(Fq)| /|N |, where N denotes the normalizer of a Singer subgroup of GLm(Fq). More-

over, by Proposition 2.2.3, we see that |N | = m(qm−1). Finally, since any Singer subgroup

of GLm(Fq) contains φ(qm − 1) generators, i.e., φ(qm − 1) Singer cycles, it follows that

|BCMS(m, 1; q)| = |GLm(Fq)|m(qm − 1)

φ(qm − 1) = Υ(m, 1; q).

Thus, in view of Proposition 2.4.2, Conjecture 2.3.4 is established when n = 1. To show

more generally, that Conjecture 2.5.2 holds in the affirmative when n = 1, let f(X) ∈

P(m; q) and T ∈ BCMS(m, 1; q) be such that Ψ(T ) = f(X). By Proposition 2.2.1, the

minimal polynomial as well as the characteristic polynomial of T is f(X). In particular, T

and the companion matrix Cf of f(X) have the same set of invariant factors, and therefore,

they are similar (cf. [3, p. VII.32]). It follows that Ψ−1(f(X)) = {P−1CfP : P ∈


GLm(Fq)}. Consequently,

∣∣Ψ−1(f(X))∣∣ = |GLm(Fq)|

|Z(Cf )|where Z(Cf ) := {P ∈ GLm(Fq) : CfP = PCf} .

Further, the linear transformation of Fqm ' Fmq corresponding to Cf is cyclic and hence

by a theorem of Frobenius [25, Thm. 3.16 and its Corollary], the centralizer Z(Cf ) of Cf

consists only of polynomials in Cf . Now, the Fq-algebra of polynomials in Cf is readily seen

to be isomorphic to Fq[X]/ 〈f(X)〉, and so its cardinality is qm. Consequently, Z(Cf ) =

{Cjf : 0 ≤ j < qm} and |Z(Cf )| = qm − 1. Thus,

∣∣Ψ−1(f(X))∣∣ = |GLm(Fq)|

qm − 1=

m−1∏i=1

(qm − qi),

as desired.

Remark 2.6.2. An alternative proof of Conjecture 2.5.2 in the case n = 1 can be obtained

using the Reiner-Gerstenhaber formula for the number of square matrices over Fq with the

given characteristic polynomial (cf. [38, Thm. 2] and [10, §2]) together with Proposition

2.2.1.

2.7 Examples

In this section we outline some small examples to illustrate Conjecture 2.3.4 and its refined

version Conjecture 2.5.2. Throughout, we take q = 2 and for 1 ≤ i, j ≤ 2, we let eij denote

the 2 × 2 matrix over Fq with 1 in (i, j)th place and 0 elsewhere. Also, let I = e11 + e22

be the 2× 2 identity matrix and J = e11 + e12 + e21 + e22 be the 2× 2 matrix with all the

entries equal to 1.

Example 2.7.1. Consider m = 2 and n = 2. There are only 2 primitive polynomials of

degree 2×2 = 4 over F2 and, in fact, we have P(4, 2) = {x4+x+1, x4+x3+1}. It is easily

verified that |BCMS(2, 2; 2)| = 16, i.e., the number of nonsingular (2, 2)-block companion


matrices over F2 of order 24 − 1 = 15 is 16, as predicted by Conjecture 2.3.4. Moreover,

the elements

T =

0 C0

I C1

of BCMS(2, 2; 2) for which Ψ(T ) = x4+x+1 are precisely those for which the corresponding

pair (C0, C1) of 2× 2 matrices is given by either of the following.

(J − e21, e21) , (J − e21, J) , (e12 + e21, e21) , (e12 + e21, e12) ,

(J − e11, I) , (J − e22, I) , (J − e12, e12) , (J − e12, J) .

On the other hand, T ∈ BCMS(2, 2; 2) for which Ψ(T ) = x4 + x3 + 1 are precisely those

for which the corresponding pair (C0, C1) is given by either of the following.

(J − e21, e21 + e22) , (J − e21, e11 + e21) , (e12 + e21, e22) , (e12 + e21, e11),

(J − e11, J − e11) , (J − e22, J − e22) , (J − e12, e12 + e22) , (J − e12, e11 + e12).

Thus, both the fibers have cardinality 8, as predicted by Conjecture 2.5.2.

Example 2.7.2. Consider m = 2 and n = 3. Then P(6, 2) consists of six polynomials,

namely, x6+x5+x4+x+1, x6+x+1, x6+x5+x3+x2+1, x6+x5+1, x6+x4+x3+x+1,

and x6 + x5 + x2 + x + 1. The fibers of Ψ for each of these consists of 32 elements of

BCMS(2, 3; 2), which together, constitute the 192 elements of BCMS(2, 3; 2). It is seen,

therefore, that Conjecture 2.3.4 as well as Conjecture 2.5.2 is valid in this case.

Chapter 3

Word-Oriented Nonlinear

Feedforward σ-LFSR

By using the binary sequences generated by traditional linear feedback shift registers (LF-

SRs), Groth in his paper [19] suggested various schemes to derive binary sequences with

high linear complexity and good statistical randomness properties ([18], [31, Ch. 5]). One

of his schemes uses Langford arrangement [28]. It appears that Groths’s idea of using

Langford arrangement for the number g (if at all there exists one such arrangement for

g) on primitive σ-LFSRs of order n = 2g may give rise the sequences having high linear

complexity with good statistical randomness properties. In support of above, we provide

some experimental results in this chapter.

3.1 Linear Complexity

In this section, we recall some definition and results from [31, Ch.6]. Let s∞ denotes an

infinite sequence whose terms are s0, s1, . . . , sn−1, sn, . . . and sn denotes a finite sequence

of length n whose terms are s0, s1, . . . , sn−1.

Definition 3.1.1. An LFSR is said to generate a sequence s∞ if there is some initial state

for which the output sequence of the LFSR is s∞. Similarly, an LFSR is said to generate

25

CHAPTER 3. WORD-ORIENTED NONLINEAR FEEDFORWARD σ-LFSR 26

a finite sequence sn if there is some initial state for which the ouput sequence of the LFSR

has sn as its first n terms.

Definition 3.1.2. The linear complexity of an infinite binary sequence s∞, denoted L(s∞),

defined as follows:

(i) if s∞ is the zero sequence, then L(s∞) = 0;

(ii) if no LFSR generates s∞, then L(s∞) = ∞;

(iii) otherwise, L(s∞) is the length of the shortest LFSR that generates s∞.

Example 3.1.3. If the sequence s∞ is generated by primitive LFSR of order n, then

L(s∞) = n.

Definition 3.1.4. The linear complexity of a finite binary sequence sn, denotes L(sn), is

the length of a shoetest LFSR that generates a sequence having sn as its first n terms.

Fact 3.1. (Properties of linear Complexity). Let s∞ and s∞′ be binary sequences.

(i) For any n ≥ 1, the linear complexity of the subsequence sn satisfies 0 ≤ L(sn) ≤ n.

(ii) L(sn) = 0 if and only if sn is the zero sequence of length n.

(iii) L(sn) = n if and only if sn = 0, 0, 0, . . . , 0, 1.

(iv) If s∞ is periodic with period N , then L(s∞) ≤ N .

(v) L(s∞ ⊕ s∞′) ≤ L(s∞) + L(s∞′), where s∞ ⊕ s∞′ denotes the bitwise XOR1

of s∞ and s∞′.

Definition 3.1.5. Let s∞ = s0, s1, . . . be a binary sequence, and let LN denote the linear

complexity of the subsequence sN = s0, s1, . . . , sN−1, N ≥ 0. The sequence L1, L2, . . . is

called the linear complexity profile of s∞. Similarly, if sn = s0, s1, . . . , sn−1 is finite binary

sequence, the sequence L1, L2, . . . , Ln is called the linear complexity profile of sn.

1Note that XOR is defines as : 0⊕ 0 = 0, 1⊕ 0 = 1, 0⊕ 1 = 0, 1⊕ 1 = 0.


The linear complexity profile of sequence can be computed using the Berlekamp-Massey

algorithm.

Fact 3.2. (Properties of linear complexity profile). Let L1, L2, . . . be the linear

complexity profile of a sequence s∞ = s0, s1, . . .

(i) If j > i, then Lj ≥ Li.

(ii) LN+1 > LN is possible only if LN ≤ N2.

(iii) If LN+1 > LN , then LN+1 + LN = N + 1.

The linear complexity profile of a sequence s∞ can be graphed by plotting the points

(N,LN), N ≥ 1, in the N ×L plane. The expected linear complexity of a random sequence

should closely follow the line L = N2.

3.2 Linear complexity of σ-LFSR

Linear complexity issues of σ-LFSR have been considered in [48]. However, for the sake of

completeness and comparing results with nonlinear feedforward σ-LFSR, some experimen-

tal results concerning σ-LFSR are presented in this section.

We begin by recalling some facts and results from [48, 49]. In order to achieve high speed

implementation in software, we have to confine ourself to some special kind of coefficient

matrices (linear transformations) in the σ-polynomial of a σ-LFSR, namely the word op-

erations provided by modern processor. These word operations are:

1. And Operation Λγ : Λγ(a) =m−1∑i=0

aiciαi, where α0, . . . , αm−1 is basis of F2m over F2,

a =m−1∑i=0

aiαi and γ =m−1∑i=0

ciαi.

2. Circular Rotation Operation σ : σk(a) =m−1∑i=0

ai+k(mod m)

, where k is a positive

integer.


3. Left Shift Operation L : L(a) =m−1∑i=1

aiαi−1.

4. Right Shift Operation R : R(a) =m−2∑i=0

aiαi+1.

5. LR Shift Combination Operation ∪s,t : ∪s,t = Ls +Rt.

Although, we have carried our experiments on many primitive σ-polynomials of degree

n = 16 with coefficient matrices each of order m = 32 (that is primitive σ-LFSRs of length

16 over F232) which are listed in [48] and in each case, we notice the same results. However,

Figure 3.1: Linear Complexity profile for HHZ1.

we will present here our experimental results only in case of HHZ1 and HHZ2 corresponding

to primitive σ-polynomial as given below:

HHZ1: f1(x) = x16 + Λγ1x10 + Lx6 +Rx5 + 1, where γ1 = 0× 5e8491f8.


HHZ2: f2(x) = x16 + Λγ2x9 + ∪3,1, where γ2 = 0× bffffe4f .2

Our experimental results show that the sequences generated by HHZ1 and HHZ2 have

linear complexity 16384(= mn×m) and satisfy randomness properties too. Moreover, bit

coordinate sequences have linear complexity 512(= mn), which actually verifies Theorem

3 in [48]. The Figure 3.1 shows linear complexity profile for HHZ1.

3.3 Word-oriented nonlinear feedforward σ-LFSR

In this section, we shall define word-oriented nonlinear feedforward σ-LFSR by using Lang-

ford arrangements [28].

Definition 3.3.1. Arrange the numbers 11223344 . . . gg in a sequence such that between

equal numbers h there are exactly h other numbers. This type of arrangement of numbers

is know as Langford arrangement, which is named after the Scottish mathematician C.

Dudley Langford.

Example 3.3.2. For g = 4 and g = 8, the Lagford Arrangement are 41312432 and

6751814657342832 respectively.

It is important to note that Langford arrangements are not possible for every number

g. For example, Langford arrangement is not possible for g = 5, 6, 9, or 10.

Definition 3.3.3. Let s∞ = s0, s1, . . . be the sequence over Fqm generated by σ-LFSR

of order 2g. Let there exist Langford arrangement for the number g and let `i and ri

respectively denote the left and right positions of the number i in the Langford arrangement

of g from the left. Then ri = `i + i+ 1. Now we define a sequence t∞ = t0, t1, . . . obtained

from s∞ by the following recurrence relation:

ti =i∑

j=0

uj for i = 0, 1, . . . (3.1)

2γ1, γ2 are hexadecimal numbers. Hexadecimal is numeral system with a base of 16. It uses sixteendistinct symbols, most often the symbols 0−9 to represent values zero to nine and a, b, c, d, e, f to representvalues ten to fifteen.


where uj =

g∑k=1

s2g+j−`ks2g+j−rk .

The system (3.1) is called a nonlinear feedforward σ-LFSR (NLFF σ-LFSR) of order 2g

over Fqm , while the sequence t∞ is referred to as the sequence generated by the nonlinear

feedforward σ-LFSR (3.1).

Note that the multiplication of the states in above expression 3.1 is either field multipli-

cation in Fqm or some suitable multiplication (e.g. AND operation) such that the resultant

element must necessarily be in Fqm .

The following Figure 3.2 is the nonlinear feedforward σ-LFSR of order 16, where the num-

bers in the Langford arrangement for g = 8 are assigned sequentially to register stages and

the two inputs of a multiplier are connected to the two stages with same number.

⊕

6 7 5 1 8 1 4 6 5 7 3 4 2 8 3 2

&

&

&

&

&

&

&

&

⊕ ⊕t∞

s∞

Figure 3.2: NLFF σ-LFSR based on Langford arrangement for g = 8.

We present here our experimental results when the numbers in the Langford arrange-

ment for g = 8 are assigned sequentially to register stages of HHZ1 and HHZ2 in the same


fashion as in Figure 3.2. However, we have carried out experiments for many primitive

σ-polynomials of degree n = 16 with coefficient matrices of order m = 32 as listed in [48]

and in each case, we obtain the same results.

For our experiments concerning nonlinear feedforward primitive σ-LFSR based on Lang-

ford arrangement, we are multiplying the two states by using And operation.

If we consider 1000000 bits of the output sequence, then the complexity profile follows

the line L = N2(see Figure 3.3) and the linear complexity is atleast 500000, which is much

higher than the linear case.

Figure 3.3: Linear complexity profile of nonlinear feedforward HHZ1 based on Langfordarrangement for g = 8.

We also observe that each bit coordinate sequence has linear complexity mn(mn+1)2

=

131328 or mn(mn+1)2

+ 1 = 131329, which is much higher than the linear case.


∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣

Sr. No. Name of Test Passed Failed

1. Frequency Test 94 6

2. Binary Derivative Test 97 3

3. Change point Test 88 12

4. Poker Test 97 3

5. Runs Test 93 7

6. Universal Test 81 19

7. Linear Complexity Test 95 5

8. Longest Run of Ones Test 94 6

9. Binary Matrix Rank Test 98 2

10. Approximate Entropy Test 97 3

11. Lempel Ziv Compression Test 90 10

12. Non-overlapping Template Matching Test 100 0

∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣∣Table 1: Randomness Tests for NLFF HHZ1 (multiplication uses And operation).

Moreover, if we take 100 files of the sequences generated by nonlinear feedforward HHZ1

based on Langford arrangement, each of size 1000000 bits, then apply statistical test

reccomended by National Institute of Standards and Technology (NIST) to check non-

randomness of the sequences. The Table 1 shows that fairly good number of files have

passed statistical randomness tests.

The study of nonlinear feedforward σ-LFSR is still under progress.

Chapter 4

Polynomial Systems Over Finite

Fields

Let Am = Am(Fq) denote the affine space of dimension m over Fq. Fix any integers u and

m with u ≥ 0 and m ≥ 1. We begin by asking the following.

Question 1. What is the maximum number of zeros in Am that a polynomial of degree u

in m variables with coefficients in Fq can have?

The answer is easy, and just what one would expect. Namely, uqm−1 unless of course

u > q in which case the answer is qm.

In geometric terms, Question 1 asks about the maximum number of Fq-rational points

on an affine hypersurface defined over Fq. We could ask for the corresponding question for

projective hypersurfaces. So let Pm = Pm(Fq) denote the projective space of dimension m

over Fq, and let us ask the following.

Question 2. What is the maximum number of zeros in Pm that a homogeneous polynomial

of degree u in m+ 1 variables with coefficients in Fq can have?

Intuitively, or in analogy with the affine case, one might expect that the answer in this

case is uπm−1, where

πj := |Pj(Fq)| = qj + qj−1 + · · ·+ q + 1 for any nonnegative integer j,

33

CHAPTER 4. POLYNOMIAL SYSTEMS OVER FINITE FIELDS 34

and where we have assumed that u ≤ q (lest uπm−1 > πm). While it is not difficult to show

that uπm−1 is an upper bound for the number of common zeros, an example where this

bound is attained is hard to come by. This is not surprising because the analogous and

intuitively obvious bound is, in fact, not the right one. Realizing this, Tsfasman conjectured

that the correct bound is uqm−1 + πm−2. An elegant proof of Tsfasman’s conjecture was

given by Serre [40] and we refer to Section 4.2 for further details.

Now, let us look at a more general situation. Namely, instead of one polynomial, con-

sider several of them. However, if we consider arbitrary number of polynomials of arbitrary

degrees, then the situation becomes much too general—indeed, we will then be considering

arbitrary affine and projective varieties over finite fields. It is rather unreasonable to expect

precise and succinct answers in this case.1 Thus, in the spirit of Questions 1 and 2, we will

fix the degree and ask the following.

Question 3. What is the maximum number of common zeros in Am that a system of r

linearly independent polynomials, each of degree u in m variables with coefficients in Fq,

can have?

Question 4. What is the maximum number of common zeros in Pm that a system of r

linearly independent homogeneous polynomials, each of degree u in m + 1 variables with

coefficients in Fq, can have?

The status of these questions is as follows. A complete answer to Question 3 is known

and can be seen in [22]. Question 4 is open, in general, except of course in the case r = 1

where it reduces to Question 2 that has been settled by Serre [40] (and, independently, by

Sørrensen [44]) in 1991. The case r = 2 has also been settled, by Boguslavasky in 1997 and

we give an a somewhat simpler proof of his result in Section 4.3.

As remarked in the Introduction of this thesis, each of the above questions are intimately

related to Coding Theory. In greater detail, Questions 1 and 3 correspond to determining

the minimum distance and the rth higher weight, respectively, of q-ary affine Reed-Muller

1See, however [13] for an expository account of results such as Weil conjectures, Lang-Weil inequalitythat are available in the general case.


codes. On the other hand, Questions 2 and 4 correspond to determining the minimum

distance and the rth higher weight, respectively, of q-ary projective Reed-Muller codes. In

fact, this connection with Coding Theory has provided a major impetus for progress on

these questions. We review some basics of Coding Theory and describe this connection in

Section 4.4.

4.1 Elementary Bounds

Let us first settle notations and terminology. Given a ring (always assumed commutative

and with identity) R, we denote, as usual, by R[X] the ring of polynomials in one variable

X with coefficients in R. More generally, R[X1, . . . , Xm] denotes the ring of polynomials in

m variables X1, . . . , Xm with coefficients in R. A nonzero polynomial in R[X1, . . . , Xm] is

said to have degree u if u is its total degree. Here, and hereafter, it is tacitly assumed that

m and u denote integers with m ≥ 1 and u ≥ 0. In particular, if we say that a polynomial

is of degree u, then it necessarily means that the said polynomial is nonzero. Given any

set S, we denote by |S| the number of elements in S if S is finite, and the symbol ∞ if S

is infinite. By convention, u < ∞ for any u ∈ Z.

The simplest and most basic bound is given by the following well known result that is

sometimes ascribed to Lagrange.

Proposition 4.1.1. Let F be a field and f(X) ∈ F [X] be of degree u. Then f(X) has at

most u roots in F . Moreover, if u ≤ |F |, then there exist polynomials of degree u in F [X]

with exactly u roots.

Classically, there is no analogue of the above result for polynomials in two or more

variables because the set of zeros of such polynomials is, in general, infinite. But when the

ground field is finite, one has the following natural analogue.

Proposition 4.1.2. Let f(X1, . . . , Xm) ∈ Fq[X1, . . . , Xm] be of degree u. Then the set

Z(f) := {c = (c1, . . . , cm) ∈ Am(Fq) : f(c1, . . . , cm) = 0} has at most uqm−1 elements.


Moreover, if u ≤ q, then there exists f ∈ Fq[X1, . . . , Xm] such that Z(f) has exactly uqm−1

elements.

Proof. We apply double induction on u and m. When u = 0, 1 or m = 1, the result follows

trivially. Suppose u > 1 and m > 1. We analyze the two cases.

Case 1: (X1 − c) | f(X1, . . . , Xm) for some c ∈ Fq.

In this case, f(X1, . . . , Xm) = (X1 − c)g(X1, . . . , Xm), where g is a polynomial of degree

u− 1. Therefore,

Z(f) = {c ∈ Am(Fq) : c1 = c} q {c ∈ Am(Fq) : c1 6= c and g(c1, . . . , cm) = 0}

and

|Z(f)| ≤ qm−1 + |V (g)|

≤ qm−1 + (u− 1)qm−1 (by induction hypothesis)

= uqm−1.

Case 2: (X1 − c) - f(X1, . . . , Xm), ∀c ∈ Fq.

In this case, we have, f(c,X2, . . . , Xm) 6= 0 and deg f(c,X2, · · · , Xm) ≤ u. For each c ∈ Fq,

f(c,X2, · · · , Xm) has at most uqm−2 solutions in Fm−1q . Since we have q choices for c ∈ Fq,

therefore, |Z(f)| ≤ q(uqm−2) = uqm−1.

For second part of the Proposition, consider the following polynomial f(X1, . . . , Xm) =

(X1 − a1)(X1 − a2) . . . (X1 − au) with distinct elements a1, a2, . . . , au ∈ Fq. We have

deg f(X1, . . . , Xm) = u and f(X1, . . . , Xm) has exactly uqm−1 solutions in Am(Fq).

4.2 Projective Hypersurfaces

We have the following projective analogue of the Proposition 4.1.2.

Proposition 4.2.1. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be a homogeneous polynomial of


degree u. Then the set V (f) := {c = (c0, . . . , cm) ∈ Pm(Fq) : f(c) = 0} has at most uπm−1

elements. Equivalently, the set

Z∗(f) := {(c0, . . . , cm) ∈ Fm+1q \ {(0, . . . , 0)} : f(c0, . . . , cm) = 0}

has at most u(qm − 1) elements.

Proof. We apply double induction on u and m. When u = 0, u = 1 or m = 1, the result

follows trivially. Suppose u > 1 and m > 1. We analyze the two cases.

Case 1: X0 | f .

Then f = X0g, where g is a homogeneous polynomial in Fq[X0, . . . , Xm] of degree u − 1

and hence by induction,

|Z∗(f)| = |{c ∈ Fm+1q \ {0} : f(c) = 0}| ≤ qm − 1 + (u− 1)(qm − 1) = u(qm − 1).

Case 2: X0 - f .

In this case, if (c0, . . . , cm) ∈ Fm+1q with c0 6= 0 is such that f(c0, . . . , cm) = 0, then

f( c1c0, . . . , cm

c0) = 0, where f(Y1, . . . , Ym) = f(1, Y1, . . . , Ym) is polynomial of degree u in m

variables. Furthermore, f(0, X1, . . . , Xm) is a homogeneous polynomial of degree u in m

variables. Therefore,

Z∗(f) = {c ∈ Fm+1q \{0} : c0 6= 0, f(c1, . . . , cm) = 0}q{c ∈ Fm+1

q \{0} : c0 = 0, f(c) = 0}

and hence by Proposition 4.1.2 and the induction hypothesis,

|Z∗(f)| = |{c ∈ Fm+1q \ {0} : f(c) = 0}| ≤ (q − 1)(uqm−1) + u(qm−1 − 1)

= u(qm − 1),

as desired.

The Proposition given below gives the exact bound on the number of points on a


projective hypersurface, which was conjectured by M. Tsfasman and proved by J.-P. Serre.

Proposition 4.2.2. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be a homogeneous polynomial of

degree u. Then the set V (f) := {c = (c0, . . . , cm) ∈ Pm(Fq) : f(c) = 0} has at most

uqm−1 + πm−2 elements. Moreover, if u ≤ q, then the bound on the right hand side is

attained only if V (f) is a union of u hyperplanes whose intersection contains a subspace of

Pm(Fq) of codimension 2.

Proof. (Serre). If u ≥ q + 1, then uqm−1 + πm−2 ≥ qm + qm−1 + πm−2 = πm and the

bound holds trivially. Assume u < q + 1. We apply induction on m. The case m = 0 is

just trivial and the case m = 1 follows from Proposition 4.1.1. Suppose m > 1 and result

holds for homogeneous polynomials in < m + 1 variables. Let g1, . . . , gl be distinct (up

to multiplication by a constant) linear factors of f . Then l ≤ u and each gi is necessarily

homogeneous; further, if we let

Gi = {c ∈ Pm(Fq) : gi(c) = 0} and G =r⋃

i=1

Gi,

then G ⊆ V (f). We analyze the following two cases.

Case 1: G = V (f).

We apply induction on l. If l = 1, then

|G| = |G1| = πm−1 ≤ uqm−1 + πm−2.

If l > 1, then

(l−1⋃i=1

Gi

)∩Gl ⊇ G1 ∩G2 and |G1 ∩G2| = πm−2, and hence,

∣∣∣∣∣l⋃

i=1

Gi

∣∣∣∣∣ =

∣∣∣∣∣l−1⋃i=1

Gi

∣∣∣∣∣+ |Gl| −

∣∣∣∣∣(

l−1⋃i=1

Gi

)∩Gl

∣∣∣∣∣≤

((l − 1)qm−1 + πm−2

)+ πm−1 − πm−2 (by induction hypothesis)

= lqm−1 + πm−2.


Since l ≤ u, the desired inequality follows.

Moreover, we observe that |V (f)| = uqm−1 + πm−2, only if l = u and if G1, . . . , Gl have a

space of dimension (m− 2) in common.

Case 2: G 6= V (f).

Choose a point P ∈ V (f) with P 6∈ G. If H is a hyperplane in Pm containing P , then the

restriction of f to H is not identically zero, by the choice of P . Let V = V (f). We have

H ' Pm−1 and by induction hypothesis, |V ∩H| ≤ uqm−2 + πm−3. Consider the set

T := {(P ′, H) : P ′ ∈ V \ {P} and H is a hyperplane in Pm through P and P ′}.

Now we determine cardinality of the set T in two different ways. For a fixed H passing

through P , the number of P ′ ∈ V \ {P} lying on H is equal to |V ∩ H| − 1, which is at

most uqm−2 + πm−3 − 1. As the number of H passing through P is πm−1, we see that

|T | ≤ πm−1(uqm−2 + πm−3 − 1).

On the other hand, for a fixed P ′ ∈ V \ {P}, the number of H passing through P and P ′

is equal to πm−2. It follows that

|T | = (N − 1)πm−2, where N = |V (f)|.

Thus, (N − 1)πm−2 ≤ πm−1(uqm−2 + πm−3 − 1), and hence,

N ≤ πm−2 + πm−1(uqm−2 + πm−3 − 1)

πm−2

=πm−2 + uqm−2πm−1 + πm−1πm−3 − πm−1

πm−2

=−qm−1 + uqm−2πm−1 + πm−1πm−3

πm−2

=−qm−1 + uqm−1πm−2 + uqm−2 + πm−1πm−3

πm−2


= uqm−1 +uqm−2 − qm−1 + πm−3(q

m−1 + πm−2)

πm−2

= uqm−1 + πm−2 −(q + 1− u)qm−2

πm−2

< uqm−1 + πm−2 (since q + 1− u > 0).

So in case 2, we have |V (f)| < uqm−1 + πm−2. This completes the proof.

4.3 Systems of Homogeneous Polynomials

In this section, we will consider the system of two homogeneous polynomial of the same

degree. Let us first recall some basic definitions and results from algebraic geometry. For

more details as well as proofs of these results, one may refer to [9, 41, 43].

4.3.1 Basic Definitions and Results

For all the definitions and results of this sub-section, we denote by F a field.

Definition 4.3.1. For a subset S ⊆ F [X0, X1, . . . , Xm] of homogeneous polynomials, we

define

V (S) := {c ∈ Pm(F ) : f(c) = 0, ∀ f ∈ S}.

A projective variety or projective algebraic set is a subset V of Pm such that V = V (S)

for some set S of homogeneous polynomials in F [X0, X1, . . . , Xm] . If the set S consists of

only linear homogeneous polynomials, then the variety V = V (S) is called linear variety.

Definition 4.3.2. Let V be a projective variety in Pm(F ). Then the ideal

I(V ) :=< {f ∈ F [X0, . . . , Xm] : f is homogeneous and f(c) = 0,∀c ∈ V } >

generated by homogeneous polynomials which vanish on V , is a homogeneous ideal of

F [X0, X1, . . . , Xm] and is called the homogeneous ideal of V .


Definition 4.3.3. Let V be a projective algebraic set in Pm. We say that V is reducible if

V = V1 ∪ V2, where V1, V2 are algebraic sets in Pm, and Vi 6= V , i = 1, 2. We say that V is

irreducible if V is nonempty and V is not reducible.

Proposition 4.3.4. A projective algebraic set V ⊂ Pm is irreducible if and only if I(V ) is

prime.

Proposition 4.3.5. Any projective algebraic set can be written uniquely as a finite union

of irreducible subvarieties, called its irreducible components.

Definition 4.3.6. The dimension of an irreducible variety V ⊂ Pm is the supremum of

all integers m such that there exists a chain of distinct irreducible subvarieties V0 ⊂ V1 ⊂

· · · ⊂ Vm = V . In general, the dimension of a variety is the maximum dimension of its

irreducible components. The dimension of V is denoted by dimV .

Definition 4.3.7. The codimension of a projective variety V ⊂ Pm is the number

codimV = m− dimV .

Of course, the codimension depends on the ambient space: A line in the plane has

codimension one, whereas a line in 3-space has codimension two.

Definition 4.3.8. The degree of the projective variety V in Pm is the greatest possible

number of intersection points of V with a linear subvariety L ⊂ Pm of dimension equal to

the codimension of V :

deg(V ) := max{|V ∩ L| < ∞ : L is linear subvariety in Pm, dimL+ dimV = m}.

Fact: A subvariety of Pm has degree one if and only if it is a linear subvariety.

Example 4.3.9. The degree of the conic V (yz − x2) ⊂ P2(C) is 2, because a typical line

meets a conic in two points.

Proposition 4.3.10. Every irreducible component of a hypersurface has codimension 1.


Proposition 4.3.11. If f is an irreducible homogeneous polynomial of degree u, then degree

of the hypersurface V (f) ⊂ Pm is u.

Definition 4.3.12. A projective variety V in Pm is called a complete intersection if its

homogeneous ideal I(V ) can be generated by exactly codim(V ) elements.

Example 4.3.13. The twisted cubic V in P3(C) is the intersection of two surfaces defined

by xw = y2 and xw2 = z3, the radical homogeneous ideal of V can not be generated by

two elements. However , this ideal can be generated by three polynomials,

I(V ) = (y2 − xz, z2 − wy, xw − yz) ⊆ C[x, y, z, w].

It can be checked that no two of these polynomials suffice to generate I(V ): Any two cut

out a reducible variety consisting of the twisted cubic plus a line.

We observe that although the twisted cubic curve in P3 has codimension two, its radical

homogeneous ideal requires more than two generators. The twisted cubic is not a complete

intersection of two surfaces.

Notice that a complete intersection V is the intersection of codimV hypersurfaces,

namely, the hypersurfaces whose equations generate the radical ideal of V . However, the

twisted cubic tells us that not every variety is complete intersection, even when the variety

is the intersection of codimV hypersurfaces. The twisted cubic belongs to the somewhat

broader class of varieties that are “set theoretically” like complete intersection.

Definition 4.3.14. A projective variety V of codimension c in Pm is called a set theoretic

complete intersection if V is the intersection of c hypersurfaces.

Of course, every complete intersection is a set-theoretic complete intersection. The

difference is that while a set-theoretic complete intersection is defined by an ideal generated

by c elements, we do not require that this ideal to be a radical ideal.

Proposition 4.3.15. If V = V (f1, · · · , fc) is a complete intersection, then

deg V = deg f1. deg f2 · · · deg fc,


where c = codimV .

4.3.2 Boguslavasky’s Inequality

We recall the following Proposition proved in [1, 14], which gives the cardinality of a general

projective algebraic set over a finite field.

Proposition 4.3.16. Let X ⊂ Pm(Fq) be an algebraic set of degree δ and dimension s.

Then |X| ≤ δπs.

In the following Proposition, we present a simpler version of the proof of Boguslavasky,

although, in same lines.

Proposition 4.3.17. (Boguslavsky) Let F1, F2 ∈ Fq[X0, . . . , Xm] be linearly independent

homogeneous polynomials of degree u such that u < q − 1. Then the projective algebraic

set X := V (F1, F2) = {c = (c0, . . . , cm) ∈ Pm(Fq) : F1(c) = F2(c) = 0} has at most

(u− 1)qm−1 + πm−2 + qm−2 elements.

Proof. Write F1 =t∏

i=1

faii and F2 =

t∏i=1

f bii , where f ′

is are factors of F1 and F2 over Fq such

that fi - fj, ∀i 6= j and ai, bi ≥ 0 ∀ i. Define G :=t∏

i=1

fmin(ai,bi)i ∈ Fq[X0, . . . , Xm]. Let

degree of G be v and, Y := V (G) = {c ∈ Pm(Fq) : G(c) = 0}. We have, 0 ≤ v ≤ u − 1

and the degree of the hypersurface Y is same as the degree of its defining polynomial G,

that is, v. By Proposition 4.2.2, |Y | ≤ vqm−1 + πm−2. Let X ′ = V (F1

G, F2

G). Then clearly

X = X ′∪Y . Note that, by Krull’s Principal Ideal Theorem, height of the ideal (F1

G, F2

G) ≤ 2.

One can easily see that ht(F1

G, F2

G) is infact 2 as gcd(F1

G, F2

G) = 1. We have,

dim(X ′) = dimV (F1

G,F2

G) = dim

Fq[X0 : X1 : · · · : Xm]

(F1

G, F2

G)

− 1 = m− 2.

This shows that X ′ is complete intersection and hence degree of X ′ is δ = (u − v)2 (by

Proposition 4.3.15). Thus by Proposition 4.3.16, |X ′| ≤ (u− v)2πm−2. We analyze three

cases.


Case 1: v = 0.

In this case, X = X ′ and |X| ≤ u2πm−2. So

|X| ≤ u2πm−2

= (u2 − 1)πm−2 + πm−2

≤ (u− 1)(q − 1)πm−2 + πm−2, since u < q − 1

= (u− 1)(qm−1 − 1) + πm−1

< (u− 1)qm−1 + qm−2 + πm−2.

Case 2: 0 < v < u− 1.

In this case, |X| ≤ |Y |+ |X ′| ≤ vqm−1 + πm−2 + (u− v)2πm−2. This implies that,

|X|− (u−1)qm−1−qm−2−πm−2 ≤ − 1

q − 1(qm−1(u−v−1)(q−u+v−2)+(u−v)2−qm−2).

Since 0 < v < (u− 1) ⇒ u− v − 1 > 0. Also q − 1 > u ⇒ q − u+ v − 2 > 0. So

qm−1(u− v − 1)(q − u+ v − 2)− qm−2 ≥ qm−1 − qm−2 > 0

⇒ − 1

q − 1(qm−1(d− u− 1)(q − u+ v − 2) + (u− v)2 − qm−2) < 0

⇒ |X| ≤ (u− 1)qm−1 + qm−2 + πm−2.

Case 3: v = u− 1.

We have deg(X ′) = 1, so X ′ is a linear subspace of codimension 2. We can not apply

Proposition 4.2.2 directly, since we would get

|X| ≤ |Y |+ |X ′| ≤ (u− 1)qm−1 + πm−2 + πm−2

> (u− 1)qm−1 + qm−2 + πm−2.

If Y contains an Fq-hyperplane H, then Y ∩ X ′ contains a linear subspace of dimension


m− 3, hence

|X| ≤ |Y |+ |X ′| − πm−3 ≤ (u− 1)qm−1 + πm−2 + πm−2 − πm−3

= (u− 1)qm−1 + qm−2 + πm−2.

Suppose Y does not contain any Fq-hyperplane, then G is not identically zero on any

hyperplane H and hence we can apply Serre’s inequality to get,

|Y ∩H| ≤ (u− 1)qm−2 + pm−3.

As in the proof of Proposition 4.3.16, we use the induction on the dimension m and Serre’s

construction.

The casem = 1 is trivial (as in this case there are two linearly independent homogeneous

polynomials in two variables which can not have more than u− 1 zeros in common). Now

suppose we proved the Proposition for the dimension m−1. If Y ⊂ X ′ then the Proposition

is evident. Otherwise fix an Fq-point Q ∈ (Y \X ′). There exists a unique hyperplane H0

passing through Q and X ′. Since X ′ ⊆ H0, this would imply that X ′ ∩H0 = X ′.

Now,

X = Y ∪X ′

⇒ H0 ∩X = (H0 ∩ Y ) ∪ (H0 ∩X ′) = (H0 ∩ Y ) ∪X ′

⇒ |H0 ∩X| ≤ |H0 ∩ Y |+ |X ′| ≤ (u− 1)qm−2 + πm−3 + πm−2.

For any other hyperplane H 6= H0 passing through Q, G is not identically zero on H (as if

it is so then Y ⊃ H, which is a contradiction) and F1

G, F1

Gare also not identically zero on

H ( as it will give contradiction to the uniqueness of H0). This would inturn imply that

F1, F2 are not identically zero on H. Therefore by the induction hypothesis,

|H ∩X| ≤ (u− 1)qm−2 + qm−3 + πm−3.


Consider the set

T := {(H,P ) ∈ Pm∗ × Pm : H is hyperplane passing through Q and P ∈ H ∩X, P 6= Q}.

We compute the number of Fq-points in this set by two different ways.

We have |X| − 1 ways of selecting a point P ∈ X such that P 6= Q and for each P we

have πm−2 ways of selecting H passing through P and Q. On the other hand, we can first

select one of πm−1 hyperplanes in Pm passing through Q and then select one of points in

(H ∩X) \Q. Thus,

(|X| − 1)πm−2 =∑

H 6=H0

(|H ∩X| − 1) + |H0 ∩X| − 1

≤ πm−1((u− 1)qm−2 + qm−3 + πm−3 − 1) + πm−2 − qm−3.

Therefore,

|X| ≤ 1 +πm−1

πm−2

((u− 1)qm−2 + qm−3 + πm−3 − 1) +πm−2 − qm−3

πm−2

= (u− 1)qm−1 + qm−2 + πm−2 +1

πm−2

(qm−2(u− 1− q) + πm−3).

We have u ≤ q; thus, qm−2(u− 1− q) + πm−3 < 0 and |X| < (u− 1)qm−1 + qm−2 + πm−2.

This completes the proof the theorem.

4.4 Connection with Coding Theory

Before defing affine and projective Reed-Muller codes, we recall the following elementry

results about polynomials over finite fields.

4.4.1 Polynomials Over Fq

Lemma 4.4.1. If f(X) ∈ Fq[X] with deg f(X) < q and f(a) = 0 ∀ a ∈ Fq, then f = 0.


Proof. It is clear, since f has at most deg f roots.

Proposition 4.4.2. Let f(X1, . . . , Xm) ∈ Fq[X1, . . . , Xm] with degree of f in each variable

is < q. If f(a1, . . . , am) = 0, ∀ (a1, . . . , am) ∈ Am(Fq), then f = 0.

Proof. We apply induction on m. The case m = 1 is clear by Lemma 4.4.1. Let m ≥ 2,

and write

f(X1, . . . , Xm) =∑j

fj(X1, . . . , Xm−1)Xjm

as a polynomial in Xm with coefficients in Fq[X1, . . . , Xm−1]. Given any (a1, . . . , am−1) ∈

Fm−1q , the polynomial g(Xm) := f(a1, . . . , am−1, Xm) is of degree < q and it vanishes at

each am ∈ Fq. So by Lemma 4.4.1, g(am) = 0 for each am ∈ Fq. By induction hypothesis,

fj(X1, . . . , Xm−1) = 0. Hence f = 0.

Proposition 4.4.3. Let f(X0, . . . , Xm) ∈ Fq[X0, . . . , Xm] be homogeneous polynomial with

deg f < q. If f(a0, . . . , am) = 0 ∀ (a0, . . . , am) ∈ Pm(Fq), then f = 0.

Proof. Follows from Proposition 4.4.2.

4.4.2 Generalized Hamming Weights

Definition 4.4.4. Let Fq denote the finite field with q elements and let n, k be integers

with 1 ≤ k ≤ n. A linear [n, k]q-code is, by definition, a k-dimensional subspace C of the

n-dimensional vector space Fnq . .

The parameters n and k are referred to as length and dimension of the corresponding

code. If C is an [n, k]q-code, then the minimum distance d = d(C) of C is given by

d(C) := min{|χ(x)| : x ∈ C, x 6= 0}

where χ(x) := {i ∈ {1, . . . , n} : xi 6= 0} is defined to be support of x in Fnq .

More generally, support of a subspace D of C is defined by

χ(D) := {i : ∃ (x1, x2, ..., xn) ∈ D such that xi 6= 0}.


The r-th generalized Hamming weight of linear code C is the minimal support size of r-

dimensional subcodes of C, that is,

dr(C) := min{|χ(D)| : D is a subspace of C with dimD = r}.

Note that d1(C) equals to the minimum Hamming distance d of C.

Proposition 4.4.5. (Monotonicity) For an [n, k]q linear code C with k > 0, we have

1 ≤ d = d1(C) < d2(C) < . . . < dk(C) ≤ n.

Proof. That 1 ≤ dr−1(C) ≤ dr(C) ≤ n is trivial; it remains to prove that strict inequalities

hold. Let subcode D has |χ(D)| = dr(C) and dim(D) = r. Let i ∈ χ(D) and

Di := {x ∈ D : xi = 0}.

Then dimDi = r − 1 and dr−1(C) ≤ |χ(Di)| ≤ |χ(D)| − 1 = dr(C) − 1. Hence dr−1(C) <

dr(C).

Definition 4.4.6. The k-tuple of all generalized weights (d1, d2, . . . , dk) is called the

weight hierarchy of a code.

4.4.3 Affine Reed-Muller codes

Let q be a power of a prime number. Choose an integer u < q. Denote by Fq[X1, . . . , Xm]≤u

the space of polynomials of degree ≤ u with m variables and with coefficients in Fq. Since

u < q, therefore by Proposition 4.4.2, the space Fq[X1, . . . , Xm]≤u can be seen as a space

of polynomial functions on the affine space Am(Fq). The classical generalized Reed-Muller

code of order u, which we denote as Rq(u, Am), is the image of the injective map

c : Fq[X1, . . . , Xm]≤u −→ F|V |q ,


where we have put V = Am(Fq), defined by

c(f) := (f(a))a∈V .

Clearly, length of affine Reed-Muller codes is qm and dimension is(u+mm

). since the maximal

number of zeroes in Am(Fq) of a polynomial of degree u is equal to uqm−1 [ by Proposition

4.1.2 ], the minimal distance of this code is equal to (q − u)qm−1. The higher weights

of affine Reed-Muller Codes Rq(u, Am) of order u have been computed by Heijnen and

Pellikaan in [22 ], which is equivalent to solving Question 3 as stated in begining of this

Chapter.

4.4.4 Projective Reed-Muller codes

We denote by Fq[X0, X1, . . . , Xm]u the Fq-vector space of those f ∈ Fq[X0, X1, . . . , Xm]

such that f is homogeneous and deg f = u. If f ∈ Fq[X1, . . . , Xm]≤u, define

f(X0, X1, . . . , Xm) = Xu0 f(X1/X0, . . . , Xm/X0),

then f ∈ Fq[X0, X1, . . . , Xm]u; the map f −→ f is an isomorphism

Fq[X1, . . . , Xm]≤u −→ Fq[X0, X1, . . . , Xm]u;

we therefore also have

dimFq[X0, X1, . . . , Xm]u =

(m+ u

u

).

Now let V = Pm(Fq). We have,

V =m∐i=0

Wi

where Wi = {(a0, a1, . . . , am) ∈ Pm(Fq) : a0 = a1 = . . . = ai−1 = 0 and ai 6= 0}.

We define a linear map


c : Fq[X0, X1, . . . , Xm]u −→ F|V |q

in the following way: firstly for a ∈ Pm(Fq) and f ∈ Fq[X0, X1, . . . , Xm]u, we set

ca(f) =f(a0, . . . , am)

auiif a = (a0, . . . , am) ∈ Wi;

the value of ca(f) is unchanged if we replace (a0, . . . , am) by (λa0, . . . , λam), i.e, it is inde-

pendent of any representative of (a0, . . . , am). We then define the map c as

c(f) = (ca(f))a∈V .

When u < q, the map c is injective due to the Proposition 4.4.3.

The image of c defines a code Rq(u, Pm) ⊂ F|V |q , which we call the projective Reed-

Muller code of order u on Pm.

As a consequence of the Serre’s inequality [Proposition 4.2.2], we have the following Propo-

sition given in [26].

Proposition 4.4.7. Assume that u < q. The code Rq(u, Pm) has parameters

length Rq(u,Pm) = πm,

dim Rq(u,Pm) =

(u+m

u

),

d = d1 = dist Rq(u, Pm) = (q − u+ 1)qm−1.

Proof. As we know projective Reed-Muller code is the image of the following injective map

c : Fq[X0, X1, . . . , Xm]u ↪→ F|V |q

defined by

c(f) = (ca(f))a∈V .


So

length Rq(u, Pm) = |V | = |Pm(Fq)| = πm

and

dim Rq(u, Pm) = dimFq[X0, . . . , Xm]u =

(u+m

u

).

Since the number |V (f)| is equal to the number of a ∈ Pm such that ca(f) = 0, i.e., to the

number of null coordinates of the codeword c(f), hence

d = d1 = dist Rq(u, Pm) = πm − (uqm−1 + πm−2) = (q − u+ 1)qm−1.

This completes the proof.

4.4.5 Tsfasman-Boguslavasky’s Conjecture

The plausible higher weights of the Projective Reed-Muller codes are given by a conjecture

due to Tsfasman and Boguslavsky [1]. We explain the conjecture as below.

Each monomial of degree u in m+ 1 variables is determined by its exponent vector, which

is an (m+1)-tuple of nonnegative integers whose sum is u. We arrange these(u+mu

)tuples

in decreasing order lexicographically. For example, if m > 1, then the first three tuples are

(u, 0, 0, . . . , 0), (u− 1, 1, 0 . . . , 0), (u− 1, 0, 1, . . . , 0).

Conjecture 4.1. (Boguslavsky-Tsfasman) Let r be any integer such that 1 ≤ r ≤(u+mu

). Let (ν1, . . . , νm+1) be the r-th tuple in the list of exponent vectors of monomials of

degree u in m+ 1 variables, and let j = min{i : 1 ≤ i ≤ m+ 1 and νi 6= 0}. Then the r-th

higher weight dr of Rq(u, Pm) is given by

dr = πm − πm−2j −m∑i=j

νi(πm−i − πm−i−j). (4.1)

In a geometric language, the above conjecture is equivalent to solving Question 4 as


stated in the begining of this Chapter. Indeed this number is the same as πm − dr with

dr as given in (4.1). The validity of the conjecture in some special cases follows as a

consequence of the theorems which were discussed in earlier sections. For example, when

r = 1, the right hand side of (4.1) equals πm − uqm−1 − πm−2 = (q − u+ 1)qm−1, and thus

(4.1) is a consequence of Proposition 4.2.2 (proved by Serre in 1991), while in the case of

r = 2, the conjecture follows from Proposition 4.3.2 (proved by Boguslavasky in 1997), and

so in this case

d2 =

πm − πm−2 if u = 1

πm − (u− 1)qm−1 − πm−2 − qm−2 if u > 1

In case when u = 1, the above conjecture is true for any r by simple Linear Algebra.

However, the general case is still an open problem.

Chapter 5

Codes Associated to Determinantal

Varieties

Linear error correcting codes associated to higher dimensional projective algebraic varieties

have been of some recent interest. We cite, in particular, the study of codes on hermitian

hypersurfaces by Hirschfeld [23], codes on del Pezzo surfaces by Boguslavasky [2], codes

associated to Grassmannians by Nogin [36], and by Ghorpade, Patil and Pillai [16], Reed-

Muller codes on complete intersections by Duursma, Renteria and Tapia-Recillas [7], codes

associated to Schubert varieties by Ghorpade and Lachaud [14] as well as Ghorpade and

Tsfasman [15] and also by Hansen, Johnsen and Ranestad [20], and codes associated to

flag varieties by Rodier [39]

In this chapter, we discuss a new class of codes associated to determinantal varieties,

called determinantal codes. It is convenient to define these using the language of projective

systems of Tsfasman and Vladut [45]. Basic facts about projective systems are reviewed

in Section 5.1 below. We discuss the determinantal varieties and certain important facts

concerning them in Section 5.2. Finally, in Section 5.3 we show that the determinantal

codes are nondegenerate and obtain their length and dimension. Moreover, in a special

case, we obtain a lower bound for the minimum distance of determinantal codes.

53

CHAPTER 5. CODES ASSOCIATED TO DETERMINANTAL VARIETIES 54

5.1 Linear codes and projective systems

In order to study codes associated to projective varieties over finite fields (algebraic geo-

metric codes) a notion of projective system was introduced by Tafasman and Vladut in

their book [46]. Here we explain this notion in a greater detail.

Definition 5.1.1. An [n, k]q-projective system X is collection of n not necessarily distinct

points in the (k − 1)-dimensional projective space Pk−1Fq

over Fq.

This notion is almost equivalent to that of a linear code and explains the use of algebraic

geometry in coding theory. The parameters n, k, d are defined as follows:

n = |X|, k = dimPk−1 + 1, d = n−maxH

|X ∩H|.

For a linear [n, k]q-code C, we have already defined the generalized Hamming weights in

Chapter 4 as follows:

dr(C) := min{|χ(D)| : D ⊆ C, dimD = r}.

In geometric terms, the definition of dr = dr(X) is even more natural, it just imitates that

of d = d1, namely

dr = n−maxΠ

{|X ∩ Π| : Π a projective subspace of codimension r in Pk−1},

where multiple points of X are counted according to their multiplicity.

Definition 5.1.2. A projective system X is called nondegenerate if it is not contained in

a hyperplane.

Definition 5.1.3. Two systems X1 and X2 in P = Pk−1 = P(V ) are called equivalent if

there is a projective automorphism of P mapping X1 to X2, i.e., if there is a nondegenerate

linear map on V mapping lines of X1 to lines of X2. Projective automorphism form a group

denoted PGL(k, Fq).


Definition 5.1.4. A code C is called nondegenerate if it is not contained in a coordinate

hyperplane. Otherwise it is called degenerate.

Definition 5.1.5. Two codes C1 and C2 are said to be equivalent if C2 can be obtained

from C1 by interchanging coordinates and multiplying them by nonzero elements of Fq. It

can be put in a slightly different way: The group G = (F∗q)

n o Sn (semidirect product)

having (q − 1)n! elements acts on Fnq and C1 is equivalent to C2 if C2 = g(C1) for some

g ∈ G.

Proposition 5.1.6. There is a natural one-to-one correspondence between the set of equiv-

alence classes of nondegenerate projective [n, k]q-systems and the set of equivalence classes

of nondegenerate linear [n, k]q-codes. The correspondence also preserves the parameters

n, k, d1, d2, . . . , dk.

Proof. Let C ⊂ Fnq be nondegenerate linear [n, k]q-code. Define the coordinate maps

xi : C −→ Fq

as

(c1, c2, · · · cn) 7→ ci

Notice that xi is a point of the dual space C∗ of linear forms on C. Since for a nondegenerate

code C, xi 6= 0, it defines a line in C∗, i.e., a point of the corresponding projective space

Pk−1 = P(C∗). Thus we get a projective system X = {x1, . . . , xn} consisting of n not

necessarily distinct points in Pk−1. One can prove that X is also nondegenearte.

Now we are in position to define a map from

C := {[C] : C ⊂ F nq is nondegenerate linear [n, k]q − code}

to

X := {[X] : X ⊂ Pk−1 is nondegenerate projective [n, k]q − system}


as follows

Ψ : C −→ X

[C] 7−→ [X]

It is easy see that this map Ψ is well defined and injective. A system X = {x1, . . . , xn}

in P = P(V ), after being arbitrarily lifted to Y = {y1, . . . , yn} in V (choose a vector in

each line) defines n linear forms V ∗. This gives a map

φ : V ∗ −→ Fnq

defined by

f 7−→ (f(y1), . . . , f(yn)),

whose image is a linear code C. If X is nondegenerate, this map is injective.

It is not difficult to see that C = Imφ is nondegenerate linear [n, k]q-code. Moreover,

one can also prove that Ψ([C]) = [X], which will prove that Ψ is surjective.

To prove that the parameters match, we observe that a subcode D ⊂ C of dimension r

corresponds to the set of elements of C∗ vanishing on D, i.e., to the subspace D∗ ⊂ C∗ of

codimension r and, therefore, to a plane of codimension r in Pk−1. The weight of a subcode

D equals the number of coordinate forms not vanishing on it, i.e., the number of points of

X not lying on this plane of codimension r.

5.2 Determinantal varieties over finite fields

Definition 5.2.1. Let Fq be a field with q elements and let X = (Xij) be an ` × m

matrix whose entries are independent indeterminates over Fq, and let Fq[X] denote the

corresponding ring of polynomials. Given a positive integer t ≤ min{`,m}, let It+1 denote

the ideal in Fq[X] generated by all (t + 1) × (t + 1) minors of X. Then the variety Mt


corresponding to the ideal It+1 is a projective variety in P`m−1(Fq) and known as the generic

determinantal variety.

In order to find the number of Fq-rational points on the determinantal variety Mt ⊂

P`m−1, we need the following Lemmas.

Lemma 5.2.2. The number of ordered t linearly independent vectors in Fmq is given by

(qm − 1)(qm − q)(qm − q2) · · · (qm − qt−1).

Proof. The first vector is any non-zero vector and each succeeding vector must avoid the

span of the previous vectors.

Lemma 5.2.3. The number of t-dimensional subspaces of Fmq is given by the q-binomial

coefficient mt

q

=(qm − 1)(qm − q) . . . (qm − qt−1)

(qt − 1)(qt − q) . . . (qt − qt−1).

Proof. Number of distinct t-dimensional subspaces

= Number of distinct L.I. sets of cardinality t in Fmq

=Number of all L.I. sets of cardinality t in Fm

q

Number of L.I. sets of cardinality t in Fmq which generate the same subspace

Look at the case of numerator. The first nonzero vector in Fmq can be chosen in qm − 1

ways. There are q multiples of this vector. So the second vector can be chosen in qm − q

ways. The number of elements in the span of these two vectors is q2. So the third vector

can be chosen in qm − q2 ways. Continuing in this way, the t th vector can be chosen in

qm − qt−1 ways.

Therefore

Numerator = (qm − 1)(qm − q) . . . (qm − qt−1).


Similarly

Denominator = (qt − 1)(qt − q) . . . (qt − qt−1).

Hence the number of distinct t-dimensional subspaces

=(qm − 1)(qm − q) . . . (qm − qt−1)

(qt − 1)(qt − q) . . . (qt − qt−1).


Now using the above two Lemmas, we give a proof of the following result of Landsberg

[27].

Proposition 5.2.4. The number of `×m matrices over Fq of rank t is given by

Rt(`,m) = qt2−t

2

t−1∏i=0

(q`−i − 1)(qm−i − 1)

qi+1 − 1if t ≥ 1

R0(`,m) = 1.

Proof. For a fixed t-dimensional subspace W ⊂ F`q, the number of matrices with W as the

column space is equal to the number of t×m matrices of rank t. Such a matrix is given by

the t linearly independent row vectors of length m. The number of these vectors is given

by Lemma 5.2.2. The number of t-dimensional subspaces of F`q is

[`t

]q(by Lemma 5.2.3)

and the product is the number `×m matrices of rank t given by`t

q

(qm − 1)(qm − q) · · · (qm − qt−1).

By the same reasoning, the following expressionmt

q

(q` − 1)(q` − q) · · · (q` − qt−1)

gives the number of m× ` matrices of rank t. Both of the these expression are same as the


expression appearing in the statement of the Proposition.

We have the follwing immediate corollary of the Proposition 5.2.4

Corollary 5.2.5. The size n of the determinantal variety Mt is given by

n := |Mt| =t∑

j=1

qj2−j

2

(q − 1).

j−1∏i=0

(q`−i − 1)(qm−i − 1)

(qi+1 − 1).

5.3 Determinantal codes and their basic parameters

Before defining codes associated to determinantal varieties, we prove the following Propo-

sition about the nondegeneracy of a general projective variety.

Proposition 5.3.1. Let V be a projective variety in the projective space PN−1. Let I =

I(V ) be the homogeneous ideal corresponding to V . Then the least M such that V is

nondegenerate in PM−1 is given by

HR(1) = dimS1

I1

where HR denote the Hilbert function of the coordinate ring R of V , S1 is the 1st graded

component of the ring S := Fq[T1, . . . , Tn] w.r.t. its natural gradation and I1 = I ∩ S1.

Proof. Proof follows from the fact that V is contained in a linear subvariety L ' PM−1

if and only if there exist (N − M) linearly independent linear homogeneous polynomials

f1, . . . , fN−M in I1.

By using the Proposition 5.3.1 and the formula for the Hilbert function of the determi-

nantal varieties as computed by Abhyankar [see, e.g., 11] or otherwise, one may easily see

that the determinantal variety Mt is nongenerate in P`m−1. Thus, we get a nondegenerate

projective [n, k]q-system in Pk−1 with

k = `m and n = |Mt| =t∑

j=1

qj2−j

2

(q − 1).

j−1∏i=0

(q`−i − 1)(qm−i − 1)

(qi+1 − 1).


In view of Proposition 5.1.6, we may now define determinantal code over finite fields.

Definition 5.3.2. A nondegenerate linear [n, k]q-code corresponding to this projective

system is called the determinantal code.

We denote this code by Dt(`,m). The dimension k and length n of the determiantal

codes D(n, k) are given by the following formule.

dimDt(`,m) = k = `m

and

lengthDt(`,m) = n =t∑

j=1

qj2−j

2

(q − 1).

j−1∏i=0

(q`−i − 1)(qm−i − 1)

(qi+1 − 1)

By using Proposition 4.2.2 given in Chapter 4, we shall now give lower bound for the

minimum distace in a special case of determinantal varieteis in the following Proposition.

Proposition 5.3.3. Let Mt be the determinantal variety corresponding to the case ` = m

and t = `− 1. Then the minimum distance of the corresponding code satisfy the following

inequality

d ≥ q`2−1 + q`

2−2 + (1− `)q`2−3 − q

`(`−1)2

∏i=2

(qi − 1).

This bound is attained in the case ` = m = 2.

Proof. In case of ` = m and t = `− 1, the determinantal variety Mt in P`2−1 is given by

Mt = {(Xij) : det(Xij) = 0}.

By using Corollary 5.2.5 or by direct calculation of counting non-zero singular matrices (as

given below), one sees that

|Mt| =[(q2 − 1)− |GL`(Fq)|]

(q − 1)= q`

2−1 + q`2−2 + q`

2−3 + π`2−4 − q`(`−1)

2

∏i=2

(qi − 1).


In order to find minimum distance of the coresponding determinantal code, we need to

determine maximum number of Fq-rational point in hyperplane section of the determinantal

Variety Mt. If H is a hyperplane in P`2−1, then it is easy to see that Mt∩H is homogeneous

polynomial of degree ` in `2−1 variables, i.e. a hypersurface of degree ` in P`2−2. Therefore,

by using Proposition 4.2.2, we have,

|Mt ∩H| ≤ `q`2−3 + π`2−4.

Hence the minimum distance d (= |Mt| −maxH

|Mt ∩H|) satisfy the following

d ≥ q`2−1 + q`

2−2 + (1− `)q`2−3 − q

`(`−1)2

∏i=2

(qi − 1).

If we take ` = m = 2 (hence t = 1), then we get |Mt ∩H| ≤ 2q + 1. This bound is actu-

ally attained if one intersects the determinantal variety with the coordinate hyperplanes.

Therefore, in this case, maxH

|Mt ∩ H| = 2q + 1. Consequently, the minimum distance is

precisely given by

d = |Mt| − (2q + 1) = (q2 + 2q + 1)− (2q + 1) = q2.


It is an open problem to determine the minimum distance and more generally, all the

higher weights of arbitrary determinantal codes.

Bibliography

[1] M. Boguslavsky, On the number of solutions of polynomial systems, Finite Fields

Appl. 3, (1997), 287-299.

[2] M. Boguslavsky, Sections of del Pezzo surfaces and generalized weights, Prob-

lems Inform. Transmission 34 (1998), no.1, pp. 14–24

[3] N. Bourbaki, Algebre, Chapitres 4 a 7, Masson, Paris, 1981.

[4] A. Cossidente and M. J. de Resmini, Remarks on Singer cyclic groups and their

normalizers, Des. Codes Cryptogr. 32 (2004), 97–102.

[5] M. C. Crabb, Counting nilpotent endomorphisms, Finite Fields Appl. 12 (2006),

151–154.

[6] M. R. Darafsheh, Order of elements in the groups related to the general linear

group, Finite Fields Appl. 11 (2005), 738-747.

[7] I. Duursma, C. Renteria, H. Tapia-Recillas, Reed-Muller codes on complete

intersections, AAECC 11 (2001), pp. 455–462.

[8] N. J. Fine and I. N. Herstein, The probability that a matrix be nilpotent, Illinois

J. Math. 2 (1958), 499–504.

[9] W. Fulton, Algebraic Curves: An Introduction to Algebraic Geometry, Notes

written with the collaboration of Richard Weiss, Addition-Wesley Publishing

Company, (1989).

62

BIBLIOGRAPHY 63

[10] M. Gerstenhaber, On the number of nilpotent matrices with coefficients in a

finite field, Illinois J. Math. 5 (1961), 330–333.

[11] S. R. Ghorpade, Young bitableaux, lattice paths and Hilbert functions, J. Statist.

Plann. Inference (Special issue on lattice path combinatorics and applications),

Vol. 54(1996), pp. 55–66.

[12] S. R. Ghorpade and G. Lachaud, Higher weights of Grassmann codes, in: “Cod-

ing Theory, Cryptography and Related Areas” (Guanajuato, 1998), J. Buch-

mann, T. Hoeholdt, H. Stichtenoth and H. Tapia-Recillas Eds., Springer-Verlag,

Berlin/Heidelberg, 2000, pp. 122–131.

[13] S. R. Ghorpade and G. Lachaud, Number of solutions of equations over finite

fields, and a conjecture of Lang and Weil, in: Number Theory and Discrete

Mathematics (Chandigarh, 2000), Trends in Math., Birkhauser, Basel (2002),

pp. 269–291.

[14] S. R. Ghorpade and G. Lachaud, Etale Cohomology, Lefschetz Theorems and

Number of Singular Varities over finite fields, Moscow Mathematical Journal,

Vol.2, No.3 (2002), pp. 589–631.

[15] S. R. Ghorpade and M. A. Tsfasman, Schubert varieties, linear codes and enu-

merative combinatorics, Finite Fields Appl., Vol. 11, No. 4 (2005), pp. 684–699.

[16] S. R. Ghorpade, A. R. Patil and H. K. Pillai, Decomposable subspaces, linear

sections of Grassmann varieties, and higher weights of Grassmann codes, Finite

Fields Appl. Vol. 15, No. 1 (2009), pp. 54–68.

[17] S. R. Ghorpade, S. U. Hasan, M. Kumari, Primitive polynomials, Singer cycles,

and word-oriented linear feedback shift registers, arXiv.math/0904.1331, (2009),

pp. 11, Submitted for publication.

[18] S. W. Golomb, Shift Register Sequences, Holden-Day, San Francisco, 1967.

BIBLIOGRAPHY 64

[19] E. J. Groth, Generation of binary sequences with controllable complexity, IEEE

Trans. Inform. Theory, 17 (1971), pp. 288–296.

[20] J. P. Hansen, T. Johnsen, and K. Ranestad, Schubert unions in Grassmann

varieties, Finite Fields Appl., 13 (2007), 738–750.

[21] S. Hansen, Error-correcting codes from higher dimensional varieties, Finite

Fields Appl., 7 (2001), pp. 531–552.

[22] P. Heijnen and R. Pellikaan, Generalized Hamming weights of q-ary Reed-Muller

codes, IEEE Trans. Inform. Theory 44 (1998), 181–196.

[23] J. W. P. Hirschfled, M. Tsfasman, S. G. Vladut, The weight hierarchy of higher

dimensional Hermitian codes, IEEE Trans. Inform. Theory 40 (1994), pp. 275–

278.

[24] B. Huppert, Endliche Gruppen I, Springer-Verlag, Berlin, 1967.

[25] N. Jacobson, Basic Algebra I, 2nd Ed., W. H. Freeman, New York, 1985.

[26] G. Lachaud, The parameters of projective Reed-Muller codes, Discrete Math.

81, (1990) 217–221.

[27] G. L. Landsberg, Uber eine Anzahlbestimmung und eine damit zusammen-

hangende Reihe, J. Reine Angew. Math. 111 (1893), 234–253.

[28] C. D. Langford, Problem, Math. Gaz., 42 (1958), p. 228.

[29] R. Lidl and H. Niederreiter, Finite Fields, Enc. of Math. and its Appl., Vol. 20,

Cambridge University Press, Cambridge, 1983.

[30] J. B. Little, Algebraic geometry codes from higher dimensional varieties,

arXiv:0802.2349 (2008), pp. 26.

BIBLIOGRAPHY 65

[31] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone Handbook of applied

cryptography, CRC Press Series on Discrete Mathematics and its Applications,

CRC Press, Boca Raton, FL, 1997, With a foreword by Ronald L. Rivest.

[32] H. Niederreiter, Factorization of polynomials and some linear-algebra problems

over finite fields, Linear Algebra Appl. 192 (1993), pp. 301–328.

[33] H. Niederreiter, The multiple-recursive matrix method for psedorandom number

generation , Finite Fields Appl. 1 (1995), pp. 3–30.

[34] H. Niederreiter, Psedorandom vector generation by the multiple-recursive matrix

method, Math. Comp. 64 (1995), pp. 279–294.

[35] H. Niederreiter, Improved bound in the multiple-recursive matrix method for

psedorandom number and vector generation, Finite Fields Appl. 2 (1996), pp.

225–240.

[36] D. Yu. Nogin, Codes associated to Grassmannians, Arithmetic, Geometry and

Coding theory, R. Pellikan, M. Perret, S. G. Vladut. Eds., 145–154, Walter de

Gruyter, Berlin/ New York, (1996).

[37] B. Preneel, Introduction to the Proceedings of the Second Workshop on Fast

Software Encryption (Leuven, Belgium, Dec 1994), pp. 1–5, Lecture Notes in

Comput. Sci., 1008, Springer, Berlin, 1995.

[38] I. Reiner, On the number of matrices with given characteristic polynomial, Illi-

nois J. Math. 5 (1961), 324-329.

[39] F. Rodier, Codes from flag varieties over finite fields, J. Pure. Appl. Algebra,

187 (2003), pp. 203–214.

[40] J.-P. Serre, Letter a M. Tsfasman, Journees Arithmetiques de Luminy, (1989),

Asterisque 198-199-200 (1991), 149–156.

BIBLIOGRAPHY 66

[41] I. R. Shafarevich, Basic Algebraic Geometry, Second Edition, Springer-Verlag,

(1988).

[42] J. Singer, A theorem in finite projective geometry and some applications to

number theory, Trans. Amer. Math. Soc. 43 (1938), 377–385.

[43] K. E. Smith, L. Kahanpaa, W. Traves, An Invitation to Algebraic Geometry,

Springer-Verlag, (2000).

[44] A. B. Sørrensen, Projective Reed-Muller codes, IEEE Trans. Inform. Theory 37

(1991), 1567–1576.

[45] M. A. Tsfasman, S. G. Vladut, Algebraic Geometric Codes, Kluwer, Amsterdam,

(1991).

[46] M. A. Tsfasman, S. G. Vladut, Geometric approach to higher weights, IEEE

Trans. Inform. Theory, 41, (1995), 1564–1588.

[47] V. K. Wei, Generalised Hamming weights for linear codes, IEEE Trans. Inform.

Theory 37 , 1412–1418, (1991).

[48] G. Zeng, W. Han and K. He, Word-Oriented Feedback Shift Register: σ-

LFSR, http://eprint.iacr.org/2007/114 (Cryptology ePrint Archive: Report

2007/114).

[49] G. Zeng, W. Han, K. He and S. Fan High Efficiency Feedback Shift Register:

σ-LFSR, preprint 2008.

primitive recursive vector sequences, polynomial …people.math.carleton.ca/~sartaj/mythesis.pdf ·...

Documents