FINITE COMMUTATIVE RINGS AND THEIR APPLICATIONS

FINITE COMMUTATIVE RINGS AND THEIR APPLICATIONS Gilberto Bini1 and Flaminio Flamini2 April 24, 2015

1

University of Michigan, Dpt. of Mathematics, 525 East University Ave., Ann Arbor, MI, 48109, U.S.A., e-mail address: [email protected] 2 Terza Universita’ di Roma ”Roma Tre”, Dip. di Matematica - Largo S. L. Murialdo, 1 - 00146 Roma, Italy, e-mail address: [email protected]

Preface This book is a concrete and self-contained introduction to finite commutative local rings, focusing in particular on Galois and Quasi-Galois rings. Finite commutative ring theory is a fast-developing subject and has recently been seen to have important applications in theoretical areas like Combinatorics, Finite Geometries and the Analysis of Algorithms. Moreover, in the last twenty years, there has been a growing interest in application of commutative rings to Algebraic Cryptography and Coding Theory. In fact, several codes over finite fields, which are widely used in Information and Communication Theory, have been investigated as images of codes over Galois rings (especially over the ring of integers modulo 4). On the one side, applied mathematical research has motivated a more systematic analysis of Finite Commutative Algebra; on the other side, pure Mathematics has offered innovative tools in Coding Theory. Therefore, this book aims to answer a need for introductory references in this evolving area from both perspectives. For this purpose, the reader is provided with an active and practical approach to the study of the purely algebraic structure and properties of finite commutative rings (in particular, Galois rings) as well as to their applications in Coding Theory. The Commutative Algebra set-up has been realized by the second author, whereas the Coding Theory point of view has been treated by the first author. This work is not intended as an exhaustive survey of all topics of either Finite Commutative Algebra or Coding Theory over finite rings. Mc Donald’s classical reference (see [56]) offers a more theoretical approach to the algebraic point of view of the subject. MacWilliams’ and Sloane’s book or van Lint’s book (see [53] and [69], respectively) - just to mention a few - are standard references for codes over finite fields, whereas [62] collects some of the latest articles concerning codes over Galois rings. This text could be appropriately used as a university course book i

ii or for independent reading by students possessing some familiarity with basic algebraic topics, such as Group Theory, Commutative Rings, Finite Fields and Galois Theory. It should also be of great interest to engineers who have to deal in depth with Galois rings. Thus the first chapters can be viewed as a brief summary of basic definitions and results in Commutative Algebra. The reader is referred to a sufficiently detailed bibliography in order to avoid tedious repetitions of some too technical proofs. Together with Hensel’s lemma, the notion of regular polynomial is the fundamental tool of the entire work. Furthermore, in the chapters related to the separable extension theory of local rings, the crucial definitions of unramified extension of such rings and of the splitting ring of a regular polynomial are given. These extend the classical results of the Galois theory of finite fields to finite local rings. Chapter 6 is the core of the book, in which all results from previous chapters are used for the study of Galois rings and another class of finite local rings, Quasi-Galois rings. Moreover, an entire section is devoted to recalling some classical approaches to the theory of Galois rings. In Chapter 7 we briefly recall some standard definitions and results on codes over finite fields, which are necessary tools to discuss the formal duality between Kerdock and Preparata codes, one of the most intriguing research topics in this area. In the last chapter, we deal with the explanation of this formal duality by using codes over finite rings. These two chapters are intended to point out the basic difference between codes over fields and over rings. We have tried to be as rigorous and accurate as possible, especially in proving the fundamental statements, at the same time keeping the examples lively and informal, since they may just be the key to the clarification of certain results. We would like to express our gratitude to everyone who helped and encouraged us throughout our years of study. Above all Prof. M.J. de Resmini, who has been a constant guide and without whom this work would never have come to life. We are indebted to Prof. Dr. D. Jungnickel for his precious and indispensable advice. We wish to thank our colleagues and friends for their support during the preparation of this book. Our deepest gratitude goes to our families. The second author would also like to thank his wife for her constant encouragement.

Contents Preface

ii

1 NOTIONS IN RING THEORY 1.1 Basic Definitions . . . . . . . . . . . . . . 1.2 Prime and Maximal Ideals . . . . . . . . . 1.3 Euclidean Domains, P.I.D.’s and U.F.D.’s 1.4 Factorization in Zpn [x]. . . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

1 1 3 9 19

2 FINITE FIELD STRUCTURE 27 2.1 Basic Properties . . . . . . . . . . . . . . . . . . . . . . . 27 2.2 Characterization of Finite Fields . . . . . . . . . . . . . . 29 2.3 Galois Field Automorphisms . . . . . . . . . . . . . . . . 32 3 FINITE COMMUTATIVE RINGS 3.1 Finite Commutative Ring Structure . 3.2 Regular Polynomials in the Ring R[x] 3.3 R-algebra Automorphisms of R[x] . . 3.4 Factorization in R[x] . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

37 37 44 51 53

4 SEPARABLE EXTENSIONS 59 4.1 Separable Field Extensions . . . . . . . . . . . . . . . . . 59 4.2 Extensions of Rings . . . . . . . . . . . . . . . . . . . . . 63 4.3 Separable extensions of local rings . . . . . . . . . . . . . 65 5 GALOIS THEORY FOR LOCAL RINGS 69 5.1 Basic Facts . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.2 Examples. Splitting Rings . . . . . . . . . . . . . . . . . . 73 6 GALOIS AND QUASI-GALOIS RINGS 79 6.1 Classical Constructions . . . . . . . . . . . . . . . . . . . . 80 6.2 Galois Ring Properties . . . . . . . . . . . . . . . . . . . . 90 iii

iv

CONTENTS 6.3 6.4

Structure Theorems . . . . . . . . . . . . . . . . . . . . . 103 Quasi-Galois Rings . . . . . . . . . . . . . . . . . . . . . . 105

7 CODES OVER FINITE FIELDS 7.1 Basic properties . . . . . . . . . . . . . . . . 7.2 Some families of q-ary codes . . . . . . . . . 7.2.1 Linear Codes . . . . . . . . . . . . . 7.2.2 Hamming codes . . . . . . . . . . . . 7.2.3 Cyclic codes . . . . . . . . . . . . . . 7.2.4 Reed-Muller codes . . . . . . . . . . 7.3 Duality between codes . . . . . . . . . . . . 7.4 Some families of nonlinear q-ary codes . . . 7.4.1 Binary Kerdock codes . . . . . . . . 7.4.2 Kerdock sets . . . . . . . . . . . . . 7.4.3 Properties of binary Kerdock codes . 7.4.4 Classical Preparata codes . . . . . . 7.4.5 Basic properties . . . . . . . . . . . 7.4.6 Preparata codes and Hamming codes 8 CODES OVER GALOIS RINGS 8.1 Basic properties . . . . . . . . . . . . . 8.1.1 Linear codes over Zpn . . . . . 8.1.2 Reed-Muller codes over Zpn . . 8.1.3 Cyclic codes over Zpn . . . . . 8.1.4 Hamming codes over Zpn . . . 8.2 Linear quaternary codes . . . . . . . . 8.3 Kerdock and Preparata codes revisited

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . .

117 117 118 118 119 120 124 126 130 130 130 134 136 136 137

. . . . . . .

141 141 142 143 144 147 148 154

Bibliography

163

Index

168

Chapter 1

FUNDAMENTAL NOTIONS IN RING THEORY We want to start by recalling some elementary topics in ring theory; we basically focus on local rings, since Galois rings, the ”main subject” of our work, are a particular class of such rings. We will review some definitions and provide clarifying examples. This is useful for the sake of establishing a common language, fixing, once and for all, notation such as would appear in many undergraduate Algebra texts whose contents we assume the reader is familiar with.

1.1

Basic Definitions

From now on, by a ring we always mean a commutative ring with identity, unless explicitly stated. Let R be a ring. We recall that R is an integral domain if it contains no non-trivial zero-divisors. An element x ∈ R is nilpotent if xn = 0, for some positive integer n. So, a nilpotent element is a zero-divisor in R (provided R is not the trivial ring, i.e. R = 0), but the converse is not generally true. An invertible element (unit) x in R is an element for which there exists a y in R such that xy = 1, 1 being the multiplicative identity of R. The element y is uniquely determined by x and will be denoted by x−1 . The subset U (R) := {x ∈ R | ∃ y ∈ R s.t. xy = yx = 1} of R is a multiplicative group (with respect to the multiplication in R) and its elements are called the units of R. A ring R is a field if every 1

2

CHAPTER 1. NOTIONS IN RING THEORY

non-zero element is a unit, i.e. U (R) = R∗ = R \ {0}. One of the most familiar examples of a (commutative and with identity) ring is the ring of integers, denoted by Z, which trivially is an integral domain, but not a field; in fact, U (Z) = {1, −1} is isomorphic to the cyclic group of order two, i.e. C2 =< x | x2 = 1 >. If we consider the ring of the residues modulo m, for a fixed positive integer m, denoted by Zm = Z/mZ, we have a completely different situation. Proposition 1.1.1 Zm is an integral domain if and only if m is a prime. Proof: Left to the reader. More precisely, if m is a prime the structure of this ring is richer.

✷

Proposition 1.1.2 Assume m is a prime; then, given a ∈ Zm , a 6= 0, there exists an element b such that ab = 1, i.e. Zm is a field. Proof: If m is a prime and a 6= 0, then m does not divide a in Z; therefore g.c.d.(m, a) = (m, a) = 1. By the Euclidean algorithm, there exist integers r, b such that rm + ba = 1, thus ab = ba = 1 in Zm . (Observe we used the same notation for the integers and their residue classes. It is easy to understand from the context what is meant.) ✷ This property follows from more general topics which will be dealt with later on, in this chapter. Here we just recall that, given a prime p, Zp is the Galois field of order p, which, in the literature, is also denoted by Fp or GF (p). Observe that a non-zero integer b has an infinite additive order, hence, given n in Z, nb = 0 implies n = 0; on the other hand, in Zp the additive order of each non-zero element is p. More generally, given a commutative ring with identity, R, denote by u its multiplicative identity. We can consider the map: α : Z −→ R n −→ nu which obviously is a ring morphism. The Homomorphism Theorem ensures us that the kernel of α is an ideal in Z, whereas its image is a subring of R such that Z/Ker(α) ∼ = Im(α) ⊆ R. We have two different situations, depending on the nature of the homomorphism α: (i) α is injective: then Ker(α) = {0}, so Z ∼ = Im(α) ⊆ R. (ii) α is not injective: in this case its kernel is a proper ideal in the ring of integers, so there exists a positive integer m such that Ker(α) = mZ. Therefore, Im(α) ∼ = Z/mZ = Zm ⊆ R.

1.2. PRIME AND MAXIMAL IDEALS

3

Definition 1.1.3 Im(α) is called the fundamental subring (or prime ring) of R; it is the subring generated by the multiplicative identity u. The characteristic of R is the additive order of u, hence char(R) = 0 in case (i) and char(R) = m in case (ii). Remark In case (i), since Z ⊆ R, the cardinality of R is, necessarily, infinite. If we suppose that R is a domain and if we consider case (ii), the obvious consequence is that char(R) = p, for a fixed prime p. In this situation, the ring R contains the Galois field of order p, as a subring. It follows that an integral domain of positive characteristic always contains a Galois field GF (p), for some prime p, which is called the fundamental subfield or prime field of R. Observe that, if R is a field, then - if char(R) = p, Zp ⊆ R is its prime field; - if char(R) = 0, the fundamental subring of R is isomorphic to Z and the injection α extends to the rational field Q. In conclusion, a field R always admits a prime field, which is either Q, if char(R) = 0, or Zp , if char(R) = p.

1.2

Prime and Maximal Ideals

Among the proper ideals of a given ring R, prime ideals play a fundamental role in all of Commutative Algebra. In this section we want to recall both some properties of this class of ideals and some terminology and notation that will be used in what follows. For a more detailed analysis of these topics, the reader is referred to undergraduate Algebra texts (for example [28], [31]) as well as to Commutative Algebra texts (e.g. [5], [37], [55], [66] or [71]). Given a commutative ring with identity, R, an ideal I ⊆ R is called a proper ideal if {0} = 6 I ⊂ R. Proposition 1.2.1 A proper ideal of R does not contain units. Proof: It immediately follows from the definition of ideal. ✷ Remark An immediate consequence of this statement is the following fact. If we consider the field morphism α : K −→ F, then α is either a monomorphism or is the null morphism; indeed, Ker(α) is an ideal in K which, being a field, contains no proper ideal.

4


Definition 1.2.2 A (proper) ideal, P , of R is said to be a prime ideal if, for any a, b ∈ R such that ab ∈ P and a ∈| P , b ∈ P . In the ring of the integers the prime ideals have a trivial characterization. Proposition 1.2.3 An ideal (m) = mZ ⊂ Z is a prime ideal if and only if m is a prime. Proof: Left to the reader.

✷

Definition 1.2.4 A proper ideal M in R is called a maximal ideal if there is no proper ideal of R, say J, such that M ⊂ J ⊂ R. We recall that in a ring A, not necessarily commutative and with identity, an ideal M ⊂ A is a maximal ideal if and only if the quotient ring, A/M , is simple, i.e. it contains no proper ideals. In the commutative case we can specialize this property. Proposition 1.2.5 Let R be a commutative ring with identity. The ideal M ⊂ R is maximal if and only if R/M is a field. Proof: ⇐ ) If R/M is a field, then it is a simple ring, so M is a maximal ideal. ⇒ ) Since R is a commutative ring with identity, R/M is commutative with identity. Let x be a non-zero element in R/M and (x) ⊂ R/M the ideal it generates. It follows that (x) = R/M , so there exists an element b ∈ R/M such that xb = 1, where 1 is the identity in R/M ; therefore, x ∈ U (R/M ). Since this statement is true for every 0 6= x ∈ R/M , R/M is a field. ✷ Remark Observe that the hypothesis that the simple ring R/M admits an identity is a necessary condition for its being a field. In fact, the ring 2Z = {2k | k ∈ Z} is commutative but without identity; the ideal J := (2) = 2(2Z) = {2(2k) | k ∈ Z} ⊂ 2Z is a maximal ideal, since 2Z/J = {2k + (4) | k ∈ Z} = {0 = 2Z, 2 = 2 + 2Z} has only trivial ideals, so it is simple. On the other hand, this quotient ring is not a field, because it is not even an integral domain, since 2 6= 0, but 2 2 = 0. We have an analogous result for the prime ideals of a ring R. Proposition 1.2.6 Let R be a commutative ring. A proper ideal P is a prime ideal if and only if R/P is an integral domain.


5

Proof: Easy consequence of the definitions. ✷ The previous remark shows that, in general, a maximal ideal of a ring R is not a prime ideal; e.g., J = (2) ⊂ 2Z is a maximal ideal, but not a prime one. As usual, the situation is more favourable if R is a commutative ring with identity. Proposition 1.2.7 Let R be a commutative ring with identity. If M is a maximal ideal, then it is a prime ideal. Proof: Obvious. ✷ Remark Let us go back, for a moment, to the case of the integers, Z, and observe that I = (p) is a maximal ideal if and only if p is a prime. Hence, in the ring of integers maximal ideals and prime ideals coincide and they are those generated by prime numbers. As we shall see, this is more generally valid for principal rings; now, we simply want to point out that this remark is true only for proper ideals of Z. Indeed, the trivial ideal (0) ⊂ Z is prime, since Z/(0) ∼ = Z is an integral domain, but is not maximal, since Z is not a field. Definition 1.2.8 The set of all prime ideals in a ring R is called the spectrum of R and will be denoted by Spec(R), whereas the set of its maximal ideals is the maximal spectrum of R, denoted by Specm(R); obviously, Specm(R) ⊆ Spec(R). These sets play a fundamental role in all of Commutative Algebra, expecially for the deep meaning they have in the study of algebraic varieties or, more generally, of schemes (for some applications to Algebraic Geometry see, for example, [23] for a more algebraic point of view, or [30] for a more geometrical approach). A standard application of Zorn’s Lemma (see, for example, [17]) shows that, given a ring R 6= 0, Specm(R) 6= ∅, i.e. R contains at least one maximal ideal. This implies that each non-unit of R is contained in one of its maximal ideals ([5]). There exist rings with only one maximal ideal, such as for example the rings Zph , where p is a prime and h is a positive integer. Definition 1.2.9 A ring R with a unique maximal ideal M is called a local ring, with residue field K = R/M . It is straightforward to verify that M = {r ∈ R | r is not a unit}. A homomorphism of local rings, f : R −→ S is called a local morphism if f (MR ) ⊆ MS , where MR and MS are the maximal ideals of the local rings R and S, respectively.

6


Example 1.2.10 An immediate example of a local morphism is the following µ : Z4 −→ Z2 0 → 0 1 → 1 2 → 0 3 → 1 . This morphism is determined by the structure of Z4 ; more precisely, Z4 is a finite, commutative, local ring with maximal ideal 2Z4 = {0, 2} and residue field Z4 /2Z4 ∼ = Z2 . Therefore, µ is the natural quotient-morphism and the maximal ideal 2Z4 maps onto the zero element of the field. Remark The reader should realize that, in general, given a morphism of local rings, it does not follow that this morphism is local. For example, let A be a local ring which contains a prime ideal P such that P ⊂ M ⊂ A, where M denotes its unique maximal ideal. Therefore, A is a ring of Krull dimension greater than or equal to 1 (see [5]). If we denote by ϕ the localization morphism, with respect to the multiplicative system S = A \ P , then ϕ : A → AP = S −1 A is not local. In fact, AP is a local ring with maximal ideal P AP (this is a standard notation in Commutative Algebra to denote the ideal generated by ϕ(P ) ⊂ AP , see [5] or [23]), but the image of an element in M is a unit in AP . Proposition 1.2.11 1. Let R be a ring and M 6= (0) an ideal such that each x ∈ R \ M is a unit. Then R is a local ring and M is its maximal ideal. 2. Let R be a ring and M a maximal ideal such that each element of the set 1 + M := {1 + x | x ∈ M } is a unit in R. Then R is a local ring. Proof: 1. Each proper ideal of R contains only non-units, so it is contained in M . Hence, M is the unique maximal ideal in R. 2. Let x ∈ R \ M . Since M is maximal, the ideal J = (x, M ) coincides with R; this implies there exist y ∈ R and t ∈ M such that xy + t = 1,


7

so that xy = 1 − t ∈ 1 + M is a unit in R, i.e. x ∈ U (R). The statement follows from 1. ✷ A ring which contains only a finite number of maximal ideals is called semilocal. Each finite ring is a semilocal ring. Even if more will be said later on, we give a few examples of local and semilocal rings. Let p ∈ Z be a prime and n a positive integer; the ring of the residues modulo pn , Zpn , is an example of a finite, local ring with maximal ideal pZpn ⊂ Zpn and residue field Fp . On the other hand, given an integer m, the Fundamental Theorem of Arithmetic ensures us that m admits a unique factorization m = pk11 · · · pkt t , pi a prime, for each 1 ≤ i ≤ t, pi 6= pj , for i 6= j and kj ∈ IN. The ideal lattice of Zm , when m 6= pn for some prime p, is not a chain, as in the case of Zpn . Therefore, Zm is an example of a finite, semilocal ring. In conclusion, among the rings of the form Zm , the local ones are all of the form Zpn , where p is a prime and n is a positive integer. Note that all non-units in Zpn are nilpotent (in fact, such rings belong to the class of Artinian rings, see [5]); this is not true in Zm , when m is not a prime power, where zero-divisors exist which are not nilpotent. We will see that Galois rings determine a larger class of finite local rings. The fundamental fact about this kind of rings is that they can be considered as ”bricks” for the class of finite local rings; this means that an arbitrary finite, local ring is a GR(pn , r) - algebra of finite type, i.e. it can be expressed as a quotient of a polynomial ring, in a number of indeterminates, with coefficients from a Galois ring GR(pn , r) for some prime p and suitable positive integers n and r, modulo a primary ideal of the polynomial ring (see also [56]). An example of an infinite local ring is the ring of formal power series with coefficients from a field K, i.e. K[[x]], where the maximal ideal M consists of all non-invertible formal power series, M := {a0 + a1 x + a2 x2 + a3 x3 + · · · | a0 = 0}. We conclude this section with a final remark on prime and maximal ideals of a commutative ring. Definition 1.2.12 Given an ideal I ⊂ R, set √ I := {r ∈ R | rs ∈ I for some s > 0}. This set is an ideal of R (as it is easy to check) called√the radical of I; it contains I. An ideal J is called a radical ideal if J = J.

8


Proposition 1.2.13 Let M ⊂ R be a maximal ideal, then M is a radical ideal. √ Proof: By √ definition, M ⊆ M . The maximality of √M implies that either M = M , in which case M is a radical ideal, or M = R, which is absurd. ✷ Proposition 1.2.14 If P ⊂ R is a prime ideal, then P is a radical ideal. √ √ Proof: As usual, P ⊆ P . Let x be an element of P and t be a positive integer such that xt ∈ P . Since P is a prime ideal, xt = xt−1 x ∈ P implies that either x ∈ P , and we get the statement, or xt−1 ∈ P , and we can proceed by repeating the argument. ✷ Proposition 1.2.15 The set N il(R), consisting of all nilpotent elements of R, is an ideal; by definition it coincides with the radical ideal √ 0 (nilradical). Proof: It is a straightforward consequence of the definitions. ✷ Another definition of the nilradical is the following. The nilradical of R coincides with the intersection of all prime ideals in R, i.e. N il(R) :=

\

P.

(1.1)

P ∈Spec(R)

The equivalence of these two definitions is a consequence of Zorn’s Lemma (see, for example, [5]). In the same way, we can define the Jacobson radical, denoted by J(R), as the intersection of all maximal ideals of R, J(R) :=

\

M.

(1.2)

M ∈Specm(R)

There are other definitions of Jacobson ideal, see e.g. [3] or [5]. For example, we can state the following Proposition 1.2.16 x ∈ J(R) if and only if 1 − xy is a unit of R, for each y ∈ R. Proof: ⇒ ) If 1 − xy is not a unit, then it belongs to some maximal ideal M ⊂ R; since x ∈ J(R) ⊆ M , xy ∈ M which would imply 1 ∈ M . ⇐ ) If x is not in M , for some maximal ideal M , then (M, x) = R (by maximality of M ). Thus, there would exist v ∈ M and y ∈ R such that v + xy = 1. It follows that 1 − xy ∈ M , so it is not a unit of R. ✷

9

1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S

1.3

Euclidean Domains, P.I.D.’s and U.F.D.’s

In this section we want to recall some properties of the polynomial ring R[x], where R is a commutative ring with identity; in particular, we will consider the case where R is a field and there is only one indeterminate. Primitive polynomials, in a polynomial ring with coefficients from a Galois field Fq , will be dealt with in Chapter 2. Given a ring R, the polynomial ring R[x], with coefficients from R and one indeterminate x, is the extension of R by the element x, transcendent over R (see, for example, [3] for a more detailed discussion on algebraic and trascendent elements over a ring R). Using induction on the number of indeterminates, we can define the polynomial ring R[x1 , . . . , xn ] (take the inductive construction as (R[x1 , . . . , xn−1 ])[xn ]). The structure of R[x] is strictly related to that of R. Proposition 1.3.1 Let R be a commutative ring with identity. 1. R[x] is an integral domain if and only if R is. P

2. Let f (x) = nk=0 ak xk ∈ R[x]. The polynomial f (x) is a unit in R[x] if and only if a0 is a unit and a1 , . . . , an are nilpotent in R. 3. f (x) ∈ R[x] is a nilpotent element in R[x] if and only if a0 , . . . , an are nilpotent. 4. f (x) ∈ R[x] is a zero-divisor if and only if there exists an element 0 6= a ∈ R such that af (x) = 0. Proof: 1. Obvious. 2. f (x) is a unit if and only if there exists a polynomial g(x) = b0 + . . . + bm xm ∈ R[x] such that f (x)g(x) = 1. This means: a 0 b0 = 1 a0 b1 = −a1 b0

(1.3)

a0 bk = −(bk−1 a1 + · · · + b0 ak ), 2 ≤ k ≤ n, i.e. a0 ∈ U (R). We want to show that the given polynomial f (x) admits an inverse. ⇐) By using (1.3) and the fact that a0 is a unit, we can explicitly determine the polynomial g(x), with −2 −1 2 −2 b0 = a−1 0 , b1 = −a1 a0 , b2 = a1 a0 − a2 a0 , . . .

10


and so on. Since a1 , . . . , an are nilpotent, this algorithm is finite. ⇒) Consider f (x) ∈ R[x] a unit; therefore, from (1.3) it follows that a0 ∈ U (R). By observing that an bm = 0 and by using the polynomial equation f r+1 g = f r , we get, by induction on r, that ar+1 n bm−r = 0. Hence an is nilpotent in R (as b0 is a unit). This implies that an xn is nilpotent in R[x]. What we need now is the general result that the sum of a nilpotent element and a unit is a unit. Let A be a ring, a ∈ A nilpotent and u ∈ U (A). Denote by k the nilpotency class of a (i.e. k is the smallest integer such that ak = 0); the element b := u−1 − au−2 + a2 u−3 − a3 u−4 + . . . + (−1)k−1 ak−1 u−k is the inverse of u + a; thus, u + a is a unit. In our case, the polynomial f (x) − an xn = a0 + . . . + an−1 xn−1 is a unit in R[x]. Induction on n shows that a1 , . . . , an−1 are nilpotent. 3. ⇒) As f (x) is nilpotent, 1 + f (x) is a unit in R[x]. By 2., a1 , . . . , an are nilpotent in R whereas (1 + a0 ) ∈ U (R). Hence, for n large enough, f n = 0 implies that an0 = 0, so a0 is nilpotent too. n ⇐) If nj ∈ IN is such that aj j = 0, 0 ≤ j ≤ n, and nj ≥ 2, by putting n := (

n X

j=0

nj ) − n,

we have f (x)n = 0. In fact, f (x)n is a linear combination, with integral coefficients, of products of the form

P

ar00 ar11 . . . art t . . . arnn xkt ,

such that nj=0 rj = n, for each 0 ≤ kt ≤ nn. Since we can not simultanously have rj < nj , for each j, each of these products is zero. 4. f (x) ∈ R[x] is a zero-divisor if there exists a polynomial g(x) ∈ R[x] such that f g = 0; choose g(x) of smallest degree with respect to this property and let g(x) = b0 + · · · + bm xm . Then an bm = 0; therefore, an g(x) = 0 since an g(x) is a polynomial such that deg(an g) < deg(g) and (an g)f = 0. By induction on r, 0 ≤ r ≤ n, an−r g(x) = 0; by choosing a = b0 we get the statement. The converse is obvious. ✷


11

All we have observed can be extended to the ring R[x1 , . . . , xn ]. If we wish to consider polynomial division in R[x], we must restrict the divisors to polynomials with leading coefficient a unit, for example monic divisors. Therefore, divisibility is easy in K[x], where K is a field; in this situation, most properties that hold in the ring of integers extend in a natural way (Euclidean alghoritm, ideal structure, etc.). Definition 1.3.2 A commutative ring R is called a Euclidean domain if, for all a, b ∈ R, b 6= 0, there exist q, r ∈ R such that a = bq + r and v(r) < v(b), where v : R −→ Z+ is a map, called a valuation, which satisfies the following: (i) v(a) = 0 ⇔ a = 0; (ii) v(ab) ≥ v(a)v(b), for a, b 6= 0. Both Z and K[x] are examples of Euclidean domains; indeed, in the first case the relevant valuation is the absolute value function | |: Z −→ Z+ whereas, in the second one it is the map v : K[x] −→ Z+ defined by v(f (x)) := 2deg(f (x)) , with the assumption deg(0) := −∞. Observe that, from its definition, it immediately follows that a Euclidean ring R is an integral domain (with identity). Recall that a commutative ring R with identity is a principal ideal ring if each proper ideal I ⊂ R is principal, i.e. there exists b ∈ R such that I = (b). In particular, when R is an integral domain, R is called a principal ideal domain (P.I.D.). Proposition 1.3.3 Let R be a Euclidean domain, then it is a principal ideal domain. Proof: If I = {0} or I = R, then I = (0) or I = (1). Next, let I 6= {0} be an ideal of R. There exists, at least, an element 0 6= a ∈ I; choose m ∈ I such that v(m) ≤ v(i), for each i ∈ I. Since i = mq + r, with q, r ∈ R and v(r) < v(m), and r = i − mq ∈ I, it follows that r = 0, hence i = mq, for each i ∈ I. This means I = (m). ✷ The units of a Euclidean domain can be characterized in terms of their valuation; in fact, the elements with the smallest valuation are

12


all the units of R. Another familiar example of a Euclidean domain is Z[i], the ring of the Gauss integers, where the valuation is the usual complex norm; the invertible elements are the 4th -roots of unity. For further reading in valuation theory, the reader is referred, for example, to [17]. The rings Z, K[x], Z[i] are examples of Euclidean domains but, also, of principal ideal domains (see Prop. 1.3.3.). To get the general setting, we consider divisibility in an integral domain. Definition 1.3.4 Given a, b ∈ R we say that a divides b (in symbols a | b) if there exists q ∈ R such that b = qa. An equivalent definition is that (b) ⊆ (a). In this situation, b is called a multiple of a and a is called a divisor of b. If a | b and b | a, then these elements are called associates. If a | 1, then a is a unit, i.e. a has an inverse. In Z the units are +1, −1, whereas in K[x] they are the non-zero polynomials of degree 0. Definition 1.3.5 An element a ∈ R∗ is called a prime if a | bc implies that a | b or a | c. An element a ∈ R∗ is called irreducible if a = bc implies that either a | b, i.e. a and b are associates and c is a unit or, conversely, a | c, thus b is a unit. From the definition it follows that a prime is an irreducible element. The √ converse is false, in√general. We can√consider, for example, the ring Z[ −5] ⊂ C, where Z[ −5] := {a + b −5 | a, b ∈ Z}. √ √ The element 3 is irreducible but not a prime, since 3 | 21 = (4 + −5)(4 − −5) but 3 does not divide any of these two factors. On the other hand, in Z each irreducible element is a prime, so the prime numbers are all the irreducible elements of Z. Definition 1.3.6 A domain R is called a Unique Factorization Domain or a U.F.D. if (i) every a ∈ R has a representation a = ǫa1 · · · an , where ǫ ∈ U (R) and ai ∈ R are irreducible, 1 ≤ i ≤ n; (ii) if a = ǫa1 · · · an = ηb1 · · · bm , where ǫ, η ∈ U (R) and the ai , bj are irreducible elements of R, 1 ≤ i ≤ n, 1 ≤ j ≤ m, then m = n and bi is associated with aσ(i) , σ ∈ Sn = Sym(n) and 1 ≤ i ≤ n. The factorization in R is up to associates. As a consequence of the definition, it can be proved that in a U.F.D. R each irreducible element is a prime ([1]).


13

Remark In a U.F.D. it makes sense to define a greatest common divisor (g.c.d.) and a least common multiple (l.c.m.) but, in general, we loose the uniqueness of these elements. Observe that in Proposition 1.3.3. we established a connection between two different classes of rings; more precisely, we have proved that if a ring R is a Euclidean domain, then it is a P.I.D. There are examples of P.I.D.’s which are not Euclidean domains ([58]); expecially in Number Theory (see, for example, [48], [59] or [70]), one can find quadratic fields that are not Euclidean domains. To be more precise, we have to introduce some definitions. We focus, for a moment, on number fields; recall that a complex number is called an algebraic number if it satisfies some polynomial equation f (x) = 0, where f (x) ∈ Q[x]. In particular, an algebraic number ξ is called an algebraic integer if it satisfies a polynomial equation of the form f (x) = xn + c1 xn−1 + · · · + cn = 0, where ci ∈ Z, for all 1 ≤ i ≤ n − 1. Now, we are interested in quadratic fields which are, by definition, number fields of degree 2√over Q. One can show that every quadratic field is of the form K = Q( d), where d is a square-free integer, positive or negative but not equal to 1; moreover, the algebraic integers of a quadratic field form a ring (this is a consequence of a more general result in algebraic number fields; for more details, see √ [59]). Denote by I(K) = Z[ d] the ring of the algebraic integers of K; then K is said to be Euclidean if I(K) is a Euclidean domain. Exercise First of all, show that if m is an integer such that m ≡ 1 mod 4, √ then the algebraic integers of Q( m) are all numbers of the form √ 1+ m ), a + b( 2 where a, b ∈ Z. After this, consider m = −19. From the step above, it follows that the subring of the complex numbers √ 1 + i 19 R := {a + b( ) | a, b ∈ Z} 2 is √ the ring of the algebraic integers of the imaginary quadratic field Q( −19). Prove that R is a P.I.D. which is not a Euclidean domain. (The second part is exercise n. 8, page 141 in [35]). Therefore Euclidean domains are a proper subclass of P.I.D.’s. We would like to find an analogous relation between P.I.D.’s and U.F.D.’s. Proposition 1.3.7 If R is a P.I.D., then R is a U.F.D.

14


Proof: Standard result of basic Algebra. See, for example, [1] or [31]. ✷ We will show that the converse is not true by providing an example of a unique factorization domain which is not principal. To do this, we need to consider factorization in R[x], where R is not a field, but, a U.F.D. A fundamental property of P.I.D.’s is the following Theorem 1.3.8 In a P.I.D., R, prime ideals are maximal ideals and they are generated by irreducible elements. Proof: If R is a P.I.D., then it obviously is a commutative ring with identity. Take an ideal I ⊂ R, then I maximal ⇒ I prime; this implication is Proposition 1.2.7. We have to show the converse, i.e. I prime ⇒ I maximal; since R is principal, there exists a ∈ R such that I = (a); therefore, if bc ∈ I, then b ∈ I or c ∈ I, that is a | b or a | c, and hence a is a prime element. Since R is a P.I.D., and so a U.F.D., a is irreducible. Therefore, all the prime (principal) ideals of R are generated by irreducible (or, equivalently, prime) elements. Let J be an ideal of R such that I ⊆ J ⊆ R; choose J = (b), hence (a) ⊆ (b) ⊆ (1) ⇒ a ∈ (b) ⇒ b | a. Since a is irreducible, either 1. b and a are associates, hence they differ by a unit; or 2. b is a unit. In case 1., (a) = (b) (i.e. I = J); in case 2., (b) = R, because b is a unit, hence J = R. This implies the maximality of I. ✷ This theorem has an interesting consequence for the ring K[x], where K is a field. In fact, K[x] is an elementary example of a Euclidean domain, hence of a P.I.D. This means that, if I ⊂ K[x] is a proper ideal, then there exists a polynomial f (x) ∈ K[x] such that I = (f (x)); this polynomial is, in general, not uniquely determined since, if f (x) generates I, then also af (x), where a ∈ K∗ , is a generator of I. If we choose only monic generators, given a proper ideal (0) 6= I ⊂ K[x], there exists a unique monic polynomial f (x) = xn +an−1 xn−1 +· · ·+a0 ∈ K[x] s.t. I = (f (x)). We recall that an element α is called algebraic over K if there exists a polynomial h(x) ∈ K[x] such that h(α) = 0. In this sense, we can associate with an algebraic element α, over a field K, an ideal in K[x], denoted by Iα , defined as follows: Iα := {g(x) ∈ K[x] | g(α) = 0},


15

which is the kernel of the valuation morphism: ϕα : K[x] −→ F f (x) −→ f (α), where F is an extension of K that, as a field, contains α. What we have observed ensures us that there exists a uniquely determined monic polynomial fα (x) ∈ K[x] such that (fα (x)) = Iα ; this polynomial is called the minimal polynomial of α over K. Its degree is said to be the degree of the algebraic element α and it is the least degree of all the polynomials belonging to the ideal Iα . Proposition 1.3.9 The minimal polynomial fα (x) of an algebraic element α over K is irreducible, as an element of K[x]. Conversely, if f (x) is a monic, irreducible polynomial in K[x], then it is the minimal polynomial of all its roots, i.e. each of its roots is algebraic over K. Proof: ⇒) Suppose that fα (x) is reducible; hence fα (x) = h(x)k(x), such that the degrees of these polynomials are positive integers, strictly less than deg(fα (x)). Since 0 = fα (α) = h(α)k(α), either h(α) = 0 or k(α) = 0. This contradicts the minimality of deg(fα (x)) = M ing(x)∈Iα deg(g(x)). ⇐) If f (x) ∈ K[x] is an irreducible polynomial and α is one of its roots, then f (x) ∈ Iα . We want to show that Iα = (f (x)). Obviously, Iα = (h(x)), for some non-constant polynomial h(x), so f (x) is a multiple of h(x). This means that f (x) and h(x) are associates, because f (x) is irreducible; hence, they differ by a unit a ∈ K∗ , so they generate the same ideal. ✷ We would like to find a unique expression for the elements of the simple extension of K by an algebraic element α, which we denote by F = (K, α). We get the following: i2

K ֒→ F i1 ↓ l idF ϕα K[x] → F, where i1 and i2 are the inclusion morphisms and ϕα is the valuation morphism defined before. Since α is algebraic over K, Ker(ϕα ) 6= {0}. More precisely, Ker(ϕα ) = (fα (x)) ⊂ K[x] is a maximal ideal, since the minimal polynomial of α is irreducible over K. From the Homomorphism Theorem, we get K[α] ∼ (1.4) = K[x]/(fα (x))

16


where K[α] is the subring of F of all the polynomials, of degree less than deg(fα (x)), in the element α and with coefficients from K. Its quotient field K(α) = Q(K[α]) coincides with F; but K[α] is again a field, since (fα (x)) is a maximal ideal. This means that F = K[α] = K(α). Isomorphism (1.4) also determines a way to exhibit the elements of the algebraic extension (see [3] for further reading about trascendental and algebraic extensions). Proposition 1.3.10 If α is algebraic over K, each element of the extension K(α) can be uniquely expressed as a polynomial in α with coefficients from K and with degree strictly less than that of the minimal polynomial of α over K. Proof: See, for example [3], [28] or [31]. ✷ We recall that if K ⊂ F is a field extension, F can be viewed as a Kvector space and the degree of the extension, denoted by [F : K], is its dimension. If we consider a simple algebraic extension of the form K ⊂ K(α), we can restate Proposition 1.3.10; if n = deg(fα (x)), where fα (x) is the minimal polynomial of α over K, the set {1, α, α2 , . . . , αn−1 } forms a basis of K(α) over K; in particular, [K(α) : K] = n, i.e. the degree of a simple algebraic extension equals the degree of the minimal polynomial of the algebraic element used to construct the extension. In general, it is possible to show that, if K ⊂ F is a field extension and [F : K] is finite, then: (i) each element a ∈ F is algebraic over K, i.e. the extension is algebraic; (ii) the degree of the minimal polynomial of each a ∈ F divides [F : K]. We do not want to go too deep into the theory of algebraic extensions, since it is not the aim of this book; in Chapter 2, we consider again algebraic extensions in the particular case of finite fields, only to construct the Galois fields GF (q), where q = pn . For further information on this theory, the reader is referred to [17] or [64]. Finally, recall that one of the most important theorems in the theory of number fields is the Fundamental Theorem of Algebra ([17] or [64]), which shows that the complex field C, unlike IR or Q, is algebraically closed, i.e. each polynomial P (x) ∈ C[x] admits, over C, a factorization in linear terms. In this sense the complex field is the algebraic closure of IR. We want to generalize these ideas by giving a general


17

definition, which does not depend on the fact that we have to consider number fields. Definition 1.3.11 A field K is called algebraically closed if each polynomial in K[x] splits in factors of degree one or, equivalently, if each polynomial has a root in K. Therefore, given a field K, we denote by K its algebraic closure ([17], [64]), that is a field extension K ⊂ K such that K is algebraic over K and K is algebraically closed. We note an important property of algebraically closed fields. Proposition 1.3.12 If K is algebraically closed, then it has infinite cardinality. Proof: The statement follows from a simple argument. Given an arbitrary field F, F[x] contains an infinite number of monic and irreducible polynomials (the proof of this fact is the same used to show that Z contains an infinite number of primes). In fact, F[x] contains some irreducible polynomial (x + a, where a ∈ F). If f1 (x), . . . , fn (x) were all the monic, irreducible polynomials in F[x], then the polynomial h(x) := (

n Y

fi (x)) + 1

i=1

would be monic, distinct from each fj (x) and irreducible, since not divisible by any of them. Therefore, there exists an infinite number of such polynomials; now, when K is algebraically closed, the only irreducible polynomials are of the form x + a, such that a ∈ K; this implies that the cardinality of K is infinite. ✷ Up to now we have seen how easy is to deal with the polynomial ring K[x], expecially to determine the algebraic or trascendental extensions of K, since this polynomial ring is an example of a Euclidean domain. We loose all this if we consider more than one indeterminate; for example, in the ring K[x, y] the ideal I = (x, y) is a maximal ideal, since the quotient ring is the field K, but it is not a principal ideal. Exercise Prove that in the ring Q[x, y] the ideal (x2 − y, y + x3 ) is not principal. However, K[x, y] is obviously Noetherian. Definition 1.3.13 A ring R is said to be Noetherian if each ideal is finitely generated.

18


The polynomial ring R[x1 , . . . , xn ], where R is a Noetherian ring, is again a Noetherian ring. This fact follows, by induction on the number of indeterminates, by observing that, for n ≥ 2, R[x1 , . . . , xn ] = (R[x1 , . . . , xn−1 ])[xn ], and from a well known result called the Hilbert Basis theorem. Theorem 1.3.14 If R is a Noetherian ring with identity and if x is an indeterminate, then R[x] is Noetherian. The proof of this result is a bit technical; we refer the reader to Commutative Algebra texts (see, for example [5], [17] or [55]). We should point out that this fundamental result has an important interpretation in Algebraic Geometry; in fact the Krull dimension of a Noetherian ring is strictly related to the (geometric) dimension of the affine scheme it determines. For more details, see [23] or [30]. Other examples where we loose the advantage of having P.I.D.’s are the rings of the form Zm [x], where m 6= p. Even if we have only one indeterminate, the coefficient ring is not a field; more precisely, it is not an integral domain. Such a polynomial ring is neither Euclidean nor principal, but is Noetherian, since Zm is principal. Z[x] is another example of a ring which is not principal, even if Z is a P.I.D. It is a useful exercise to see why. Consider x ∈ Z[x], which is an irreducible element in the polynomial ring. The ideal it generates is obviously prime; if Z[x] were a P.I.D., then, by Theorem 1.3.8, (x) would be a maximal ideal; this is obviously false, since Z[x]/(x) ∼ = Z is not a field. On the other hand, an ideal of the form (x, a), a ∈ Z \ {0, ±1}, is maximal in Z[x] if and only if a = p is a prime (prove this!). Such an ideal can not be principal in Z[x]. Observe that in the extension of Z to Z[x] we loose the property of being a P.I.D.; therefore it is natural to ask if the property of being a U.F.D. is preserved. To answer this question, we have to recall before some general facts. Definition 1.3.15 Given a U.F.D. R, let R[x] be the polynomial ring P with coefficients from R. Let f (x) = ni=0 ai xi be a polynomial in R[x]. Define c(f ) := g.c.d.(a0 , a1 , . . . , an ). Then, f (x) = c(f )f˜(x), where c(f˜(x)) = 1 or a unit in R. f˜(x) is called a primitive polynomial. We want to remark that this definition is known in the literature as the Gauss definition of a primitive polynomial and it is a fundamental tool in Commutative Algebra. There is another definition of primitive

1.4. FACTORIZATION IN ZP N [X].

19

polynomial, completely unrelated to the previous one which is widely used in Finite Field Theory. We will introduce this important notion later on (see Definition 2.2.7) and show how such polynomials play a central role in the Galois field theory. In this section, we restrict ourselves to recalling the Unique Factorization Theorem: Theorem 1.3.16 R is a U.F.D. if and only if R[x] is a U.F.D. By induction on the number of indeterminates, R[x1 , . . . , xn ] is a U.F.D. This theorem is a consequence of an important lemma that belongs to the ”almost infinite” class of lemmas known as ” Gauss Lemma”. Lemma 1.3.17 Let f (x), g(x) ∈ R[x], then c(f g) = c(f )c(g); equivalently, if K = Q(R) is the quotient field of the domain R, f (x) ∈ R[x] factors in K[x] if and only if it factors in R[x]. The proofs of these propositions are standard results of elementary Algebra (see, for example, [1] which pays special attention to Euclidean domains and U.F.D.’s). In conclusion, the ring Z[x] is an example of a U.F.D. that is neither a P.I.D., nor a Euclidean domain, so this proves that the class of P.I.D.’s is a proper subclass of the class of the U.F.D.’s. The natural question, at this point, is to ask if there exist domains that are not U.F.D.; √ the answer is affirmative, in fact we have already considered the ring Z[ −5]√ ⊂ C, where 3 is an irreducible element that is not a prime; therefore, Z[ −5] is an integral domain which is not a U.F.D.

1.4

Factorization in Zpn [x].

In Chapter 3 we shall deal with finite local rings, since we will show that each finite, commutative ring with identity can be uniquely expressed as a direct sum of finite local rings. After this result, we shall discuss polynomial rings with coefficients from a commutative local ring, where most notions of the previous section loose their meanings, since prime elements, irreducible elements, etc. make no sense. We try to extend, in a sensible way, most of what we observed up to now. A useful approach consists of first considering concrete cases of the form Zpn [x], where p is a prime and n is a positive integer, n ≥ 1. We already noted, in Section 1.2, that the structure of the rings Zpn is quite special: (i) if n = 1, the ring Zp is the Galois field with p elements and U (Zp ) = Z∗p = Zp \ {0};

20


(ii) if n > 1, the ring Zpn , of characteristic pn , is not a domain, since it contains zero-divisors; more precisely, it is a local ring where the maximal ideal coincides with N il(Zpn ) (see (1.1)), therefore all the zero-divisors are nilpotent. It is easy to realize that the residue field is Zpn /N il(Zpn ) ∼ = Zp . The aim of this section is to clarify some properties of the ring Zpn , since it is a particular case of a Galois ring. In the ring of the residues modulo pn , the element p ∈ Zpn generates the ideal {0, p, 2p, . . . , p(pn−1 − 1)}, which we denote by pZpn ⊂ Zpn . This ideal is a maximal one, since the quotient ring is isomorphic to the Galois field of order p. We can divide the elements of Zpn in two different classes: one contains the units of this ring and the other is formed by the non-invertible elements which, in Zpn , are precisely the nilpotent elements. This second class coincides with the nilradical of Zpn , i.e. pZpn . If we consider the canonical epimorphism ϕ : Zpn −→ Zpn /pZpn ∼ = Zp ,

(1.5)

by definition, its kernel is precisely pZpn . This result, even if very immediate, is of fundamental importance for many reasons. First of all, the isomorphism Zpn /pZpn ∼ = Zp justifies the fact that an element u ∈ Zpn can be uniquely written in the form: u := u0 + u1 p + u2 p2 + · · · + un−1 pn−1 ,

(1.6)

where ui ∈ Zp , 0 ≤ i ≤ n − 1 (see [11] or [17], which devote an entire section to p − adic numbers). This expression is analogous to the one we have in the ring of integers, when we find a b-adic expression of its elements, b ∈ Z+ . We can ”justify” the operations in the ring Zpn , as coming from the usual operations in Z with the p − adic expression of its elements, but with the essential difference that we have to stop at the (n − 1)-st power of p and use the condition pk = 0, if k ≥ n, in the calculation of the sum and the product of two arbitrary elements of the ring Zpn . This first remark allows to immediately determine the units of Zpn . Proposition 1.4.1 An element u ∈ Zpn , expressed as in (1.6), is a unit if and only if u0 6= 0. Proof: This is a straightforward consequence of the Euclidean algorithm. ✷


21

∼ Zp lifts to the polynomial Furthermore, the isomorphism Zpn /pZpn = rings Zpn [x] and Zp [x] providing an epimorphism. More precisely, composing the epimorphism ϕ, defined in (1.5), with the inclusions into the respective polynomial rings, yields the following diagram: ϕ

Zp n → Zp in ↓ ↓ i1 µ Zpn [x] → Zp [x] hence µ is an epimorphism between the two polynomial rings. On the one hand, we have the ring Zpn [x], that is a Noetherian ring, on the other hand Zp [x] is a Euclidean domain; the basic idea is to transfer some properties of the ring Zp [x] to Zpn [x], whenever possible. In Chapter 3 we shall generalize this approach to an arbitrary local ring. Definition 1.4.2 A polynomial f (x) ∈ Zpn [x] is called regular if it is not a zero-divisor in this polynomial ring. A regular polynomial f (x) is a unit in Zpn [x] if there exists a regular polynomial h(x) ∈ Zpn [x] such that f (x)h(x) = 1. A polynomial f (x) is irreducible in Zpn [x] if it is not a unit and, whenever f = gh, then either g or h is a unit (see [56]). One can give an analogous definition by considering the epimorphism µ, defined above; in fact, we have a more general result, which we will prove later on. Result Given a commutative, local ring with identity, with residue field K, and a regular polynomial f (x) ∈ R[x] then: (i) If µ(f (x)) ∈ K[x] is irreducible, as an element of a Euclidean domain, then f (x) ∈ R[x] is irreducible, in the sense of the definition above. (ii) If f (x) ∈ R[x] is irreducible, then µ(f (x)) = kg(x)n , where k ∈ K∗ , g(x) ∈ K[x] is a monic, irreducible polynomial and n ∈ IN. (iii) If D denotes the set of all polynomials in R[x] such that µ(f (x)) has distinct roots in the algebraic closure of K, then f (x) ∈ D ⊂ R[x] is irreducible if and only if µ(f (x)) ∈ K[x] is. For the time being, let q = pn , n > 1, and h1 (x) ∈ Zp [x] be a monic, irreducible polynomial of degree m, which divides xk − 1 in Zp [x], where k = pm − 1. One can prove that there is a unique monic, irreducible polynomial hn (x) ∈ Zq [x] (in the sense of Definition 1.4.2) such that hn (x) ≡ h1 (x) mod p

(1.7)

and hn (x) divides xk −1 in Zq [x]. Therefore, we have a bijection between the irreducible factors of xk − 1 over Zpn and those over Zp . This result

22


plays a central role in studying cyclic codes over Zq (see, for example, [11]). The basic tool of this analysis is the integral version of Hensel’s Lemma. We will give the general statement of this result in 3.2.6 (see [54] and [56]). Theorem 1.4.3 (Integral version of Hensel’s lemma, see [19] or [52]). Let p be a prime and k ≥ 1 a positive integer; suppose u(x), f (x), and g(x) are monic polynomials in Z[x] such that f (x) and g(x) are relatively prime modulo p and u(x) ≡ f (x)g(x)

(mod pk ).

It is possible to uniquely determine two monic polynomials f1 (x), g1 (x) ∈ Zpk+1 [x], relatively prime modulo p, which satisfy the following congruences: (i) f (x) ≡ f1 (x) (mod pk ), (ii) g(x) ≡ g1 (x) (mod pk ), (iii) u(x) ≡ f1 (x)g1 (x) (mod pk+1 ). Proof: We want to explicitely find two monic polynomials f˜1 (x), g˜1 (x) ∈ Z[x] of the form f˜1 (x) = f (x) + pk v(x), g˜1 (x) = g(x) + pk w(x), such that, if f1 (x) and g1 (x) are the reduced polynomials of f˜1 (x) and g˜1 (x) modulo pk+1 , they satisfy (i) and (ii). First of all, we can observe that for each integer s ∈ Z, spk

(mod pk+1 ) = (s

(mod p))pk ;

therefore, we can assume the polynomials v(x), w(x) have coefficients in {0, . . . , p − 1}. Condition (iii) yields u(x) ≡ f1 (x)g1 (x) ≡ f˜1 (x)˜ g1 (x)

(mod pk+1 ),

where f˜1 (x)˜ g1 (x) = f (x)g(x) + (w(x)f (x) + v(x)g(x))pk + v(x)w(x)p2k . Since k ≥ 1, so that 2k ≥ k + 1, this last congruence becomes u(x) ≡ f1 (x)g1 (x) = f (x)g(x) + (w(x)f (x) + v(x)g(x))pk

(mod pk+1 ).

Therefore, u(x) − f (x)g(x) ≡ (w(x)f (x) + v(x)g(x))pk

(mod pk+1 )

1.4. FACTORIZATION IN ZP N [X]. and, by hypothesis, u(x) − f (x)g(x) ≡ 0 u(x)−f (x)g(x) ∈ Z[x] gives pk

23 (mod pk ); setting c(x) =

c(x) ≡ w(x)f (x) + v(x)g(x) mod p. Since f (x) and g(x) are relatively prime modulo p, there exist two polynomials a(x), b(x) ∈ Z[x] such that a(x)f (x) + b(x)g(x) ≡ 1 mod p. It follows that c(x) ≡ c(x)a(x)f (x) + c(x)b(x)g(x) mod p, so, by putting w(x) ≡ c(x)a(x) mod p and v(x) ≡ c(x)b(x) mod p we get w(x)f (x) + v(x)g(x) ≡ c(x) mod p.

(1.8)

Because of the choice of c(x) ∈ Z[x], we have deg(c(x)) < deg(f (x)) + deg(g(x)), hence, w.l.o.g., we can assume that w(x), v(x) satisfy the inequalities deg(v(x)) < deg(f (x)) and deg(w(x)) < deg(g(x)). These polynomials v(x), w(x) ∈ Z[x] are uniquely determined, since if there existed v1 (x), w1 (x) ∈ Z[x] satisfying (1.8) such that deg(w1 (x)) < deg(g(x)), deg(v1 (x)) < deg(f (x)) and their coefficients belonged to {0, . . . , p − 1} (as for v(x) and w(x)), then (w(x) − w1 (x))f (x) ≡ −(v(x) − v1 (x))g(x) mod p. Since deg(w(x) − w1 (x)) < deg(g(x)) and g.c.d.(f (x), g(x)) ≡ 1 mod p, we deduce that w(x) = w1 (x) and, analogously, v1 (x) = v(x). This implies that f1 (x) and g1 (x) are uniquely determined as polynomials in Zpk+1 [x]; moreover, they are monic polynomials as f˜1 (x) = f (x) + pk v(x) and g˜1 (x) = g(x) + pk w(x), with deg(v(x)) < deg(f (x)) and deg(w(x)) < deg(g(x)), so the leading coefficient of f1 (x) (g1 (x)) is the same as that of f (x) (g(x)). If we consider a(x)f1 (x) + b(x)g1 (x) = t(x) ∈ Z[x], then t(x) ≡ a(x)f (x) + b(x)g(x) ≡ 1 mod p which shows that f1 (x) and g1 (x) are relatively prime modulo p. ✷ As an application of the previous lemma, we are now able to determine the desired polynomial hn (x) ∈ Zq [x] in (1.7). In [11] a more constructive approach is used for determining such a polynomial.

24


Theorem 1.4.4 Let n > 1. If h1 (x) ∈ Zp [x] is a monic, irreducible polynomial which divides xk − 1, with k = pr − 1 and r = deg(h1 (x)), then there exists a unique monic, irreducible polynomial hn (x) ∈ Zpn [x] which divides xk − 1 in Zpn [x] and is congruent to h1 (x) modulo p. Proof: For m > 1, suppose we already determined a monic polynomial hm (x) ∈ Zpm [x], irreducible over Zpm , such that hm (x) ≡ h1 (x) mod p, and hm (x) | xk − 1 in Zpm [x]. Next we show how to construct, by starting from this hm (x), a unique irreducible, monic polynomial hm+1 (x) ∈ Zpm+1 [x] which divides xk − 1 in Zpm+1 [x]. By Hensel’s Lemma, we find a polynomial h(x) ∈ Zpm+1 [x] of the form h(x) = hm (x) + pm g(x). Let α be a root of hm (x) and β a corresponding root of h(x) of the form β = α + pm δ. It follows that αk = 1 + pm ǫ, since hm (x) divides xk − 1 in Zpm [x]; moreover, β p = (α + pm δ)p = αp and β kp = (α + pm δ)kp = (1 + pm ǫ)p = 1. Hence the monic polynomial, whose roots are the p−th powers of the roots of h(x), divides xk − 1 and these roots coincide, modulo pm , with those of hm (x). This polynomial is the required polynomial hm+1 (x) ∈ Zpm+1 [x]; in fact, it is irreducible, by construction. Also, it is uniquely determined; indeed, let h(x) and h′ (x) be two distinct polynomials which determine two distinct hm+1 (x) and let β and γ be roots of h(x) and h′ (x) respectively, such that β ≡ γ (mod pm ). This means that β = γ + pm δ; therefore, β k = γ k = 1, β p = γ p so ( βγ )p = ( βγ )k = 1. Since k = pr − 1 and p are relatively prime, β = γ; hence h(x) = h′ (x). ✷ Note that the previous proof of the existence and uniqueness of this polynomial is a constructive one, based on induction on the integer m > 1, and is related to the ”Hensel lifting” from Zpm to Zpm+1 . A shorter way to find the ”lifting” polynomial of h1 (x) in (1.7) is the following. Let h1 (x) ∈ Zp [x] be a monic polynomial of the form h1 (x) = xr + ar−1 xr−1 + · · · + a0 , ai ∈ Zp , 0 ≤ i ≤ r − 1. Assume θ is a root of h1 (x), in some extension (ring) of Zp , then θr = −ar−1 θr−1 − · · · − a0 , i.e. θr = (p − ar−1 )θr−1 + · · · + (p − a0 ). The following polynomial ˜ n (x) := xr + (pn − p + ar−1 )xr−1 + · · · + (pn − p + a0 ) h


25

is a polynomial in Z[x] which determines a polynomial hn (x) ∈ Zpn [x] such that hn (x) ≡ h1 (x) mod p; moreover, if h1 (x) is irreducible in Zp [x], then so is hn (x) in Zpn [x], since µ(hn (x)) = h1 (x). Remark The fact that hn (x) ≡ h1 (x) mod p implies that the epimorphism µ : Zpn [x] −→ Zp [x] (1.9) is consistent with the canonical quotient morphisms: π

1 Zp [x] −→ Zp [x]/(h1 (x)),

π

n Zpn [x] −→ Zpn [x]/(hn (x)).

Therefore, a morphism of quotient rings is determined µ ˜

Zpn [x]/(hn (x)) −→ Zp [x]/(h1 (x)).

(1.10)

If we consider a suitable irreducible polynomial h1 (x) ∈ Zp [x], of degree r, which determines the field extension Zp ⊂ F p r ∼ = Zp (θ) := Zp [x]/(h1 (x)), we have an epimorphism µ ˜ from the commutative ring Zpn [x]/(hn (x)), of characteristic pn , and the finite field Fpr . Observe that the quotient ring Zpn [x]/(hn (x)) is a local ring, with maximal ideal p(Zpn [x]/(hn (x)) (the image of the maximal ideal pZpn ⊂ Zpn under the morphism πn ◦ in , where in πn Zpn ֒→ Zpn [x] −→ Zpn [x]/(hn (x))), and residue field Fp .

Example 1.4.5 Take p = 2 and n = 3. Let h1 (x) = x3 + x + 1, so F8 ∼ = Z2 [x]/(x3 + x + 1) = {a + bθ + cθ2 | a, b, c ∈ F2 }, where θ3 = θ + 1, i.e. F8 = {0, 1, θ, θ2 , 1 + θ, 1 + θ2 , θ + θ2 , 1 + θ + θ2 }. By the above computations, we have ˜ 3 (x) = x3 +(8−2+0)x2 +(8−2+1)x+(8−2+1) = x3 +6x2 +7x+7 ∈ Z[x] h and h3 (x) = x3 + 6x2 + 7x + 7 ∈ Z8 [x]

such that µ(h3 (x)) = h1 (x). Thus we have the epimorphism Z8 [x]/(x3 + 6x2 + 7x + 7) → F8 .

26


Rings of this kind are the main subject of our work; they are called Galois rings, since they are Galois extensions (in a sense we will specify) of local rings of the form Zpn . On the other hand, the polynomial h1 (x) ∈ Fp [x] is a very special kind of irreducible polynomial, called a primitive polynomial, where primitive is meant in the Finite Field Theory sense (see Definition 2.2.7.). This brief discussion clarifies how we will approach the study of Galois rings in the sequel (see Chapter 6); more precisely, we will focus on the epimorphisms of the form µ ˜ Zpn [x]/(hn (x)) −→ Zp (θ) ∼ = Fpr ,

determined, via the Hensel lifting, by primitive polynomials used for field extensions of the form Fp ⊂ Fpr , r > 1. Therefore, the problem of studying Galois rings is translated into the analysis of µ ˜ and what kind of properties these epimorphisms transfer from a finite field to a Galois ring (when this makes sense).

Chapter 2

FINITE FIELD STRUCTURE In this chapter, we will recall some of the most fundamental properties of finite fields or, equivalently, Galois fields, in order to point out the main differences between them and Galois rings (see Chapter 6). For more details the reader is referred to some basic texts on Finite Fields, as [51] and [57]. Finite fields are a fundamental tool in many applications, as Finite Geometries (for example, [33]), Shift Register Sequences ([39]) and Coding Theory (for example, [4]).

2.1

Basic Properties

We recall that a field is a non empty set, F, such that: (i) < F, + > is an abelian group; (ii)< F∗ , · > is an abelian group; (iii) for all a ∈ F, 0a = 0; (iv) for all a, b, c ∈ F, a(b + c) = ab + ac. In the case of a finite field, in condition (ii) abelian is not necessary, since, by Wedderburn’s theorem (which will be recalled at the end of this chapter), the commutativity descends from the finiteness of the field. As we already observed in Chapter 1, we have the following Proposition 2.1.1 The characteristic of a finite field F is a prime p. By the previous proposition, the prime field of F is isomorphic to the field of the integers modulo p, i.e. Zp . In particular, if F = Zp , then both the additive and multiplicative groups of F are cyclic groups 27

28

CHAPTER 2. FINITE FIELD STRUCTURE

of order p and p − 1, respectively. In general, if Zp ⊂ F, the additive and multiplicative groups have completely different structures. Since for each a ∈ F, pa = 0, < F, + > is an elementary abelian p-group; therefore, it is isomorphic to a (finite) direct sum, where each summand is isomorphic to < Zp , + >, i.e. F ∼ = Zp ⊕ . . . ⊕ Z p ∼ = Znp , for n some n. It is straightforward to deduce that | F |= p . Thus Proposition 2.1.2 The cardinality of a finite field F is a prime power. Obviously, since an elementary abelian p-group can be considered as a vector space over Zp , a finite field F is always a finite-dimensional algebra over its prime field. Since | F |= pn , the multiplicative order of each element of F must n divide pn − 1; then ap −1 = 1, for all a ∈ F∗ . One can ”easily” determine the order of each element in F∗ , since the structure of this group is well-known. Theorem 2.1.3 The multiplicative group of a finite field is a cyclic group. Proof: The proof of this fact is a bit technical and not in the scope of this book; the interested reader is referred to, for example,[50] or [51]. ✷ It is useful to observe that also the converse of this result is true. Proposition 2.1.4 Assume that F is a field, with F∗ a cyclic group, then F is finite. Proof: If the characteristic of F were zero, then the multiplicative group of Q, the prime field of F, would be cyclic, which is absurd. If the characteristic of F is a prime, then F is finite. Suppose the contrary; hence, F∗ would be isomorphic to the group of integers < Z, + >, which contains no subgroups of finite order. This is a contradiction, since F∗ does contain a cyclic subgroup of order p − 1 (if we suppose that char(F) = p), formed by the non-zero elements of its prime field. ✷ Since the multiplicative group of a finite field is cyclic, there exists n an element α in F∗ such that αp −1 = 1. Such an element is called a primitive element of F (see, also, [24], [39], [51]) and its minimal polynomial is called a primitive polynomial (Definition 2.2.7). Therefore, it is possible to represent the elements of F in the following form F = {0, αj : 0 ≤ j ≤ pn − 2}, n

with αp −1 = 1. From now on, we shall denote a finite field, of order pn , either by Fpn or by GF (pn ).

2.2. CHARACTERIZATION OF FINITE FIELDS

2.2

29

Characterization of Finite Fields

In the previous section we deduced the basic properties of a finite field as consequences of its definition and of some elementary results of group theory. Here, the existence and the uniqueness (up to isomorphisms) of finite fields will be discussed. Remark 2.2.1 It is well known that, if A is a commutative ring with identity and M is a maximal ideal in A, then the quotient ring A/M is a field (see Prop. 1.2.5). Assume A = Zp [x] and f (x) ∈ A is a polynomial of degree n, irreducible over Zp ; we proved (see Section 1.3) that f (x) generates a maximal ideal in Zp [x]. Therefore, Zp [x]/(f (x)) is a finite field of order pn ; moreover, denote by α a formal root of f (x), i.e. α is not an element in Zp , but f (α) = 0, and consider the following set: Zp (α) := {a0 + a1 α + · · · + an−1 αn−1 | ai ∈ Zp , f (α) = 0, 0 ≤ i ≤ n − 1}. As in Section 1.3, the map ϕ : Zp [x]/(f (x)) −→ Zp (α), defined by ϕ

a0 + a1 x + · · · + an−1 xn−1 + (f (x)) → a0 + a1 α + · · · + an−1 αn−1 , is an isomorphism, so that the set Zp (α) is endowed with a field structure. Remark 2.2.1 is very important, since each finite field may always be viewed as a simple extension of Zp , Zp (α), for some prime p and α not in Zp . On the other hand, to prove the existence of a finite field F, one can consider F as the splitting field of a suitable polynomial over its prime field. Lemma 2.2.2 If F is a finite field,with q = pn elements, and if we consider the polynomial xq − x, as a polynomial in Zp [x], then in F[x] xq − x =

Y

a∈F

(x − a).

In particular, F is the splitting field of xq − x over Zp . Proof: See [51].

✷

Corollary 2.2.3 Let p be a prime. Then (p − 1)! ≡ −1

(mod p).

30


Proof: This corollary is known, in the literature, as Wilson’s theorem; our proof is based more on finite field theory. In fact, consider the polynomial xp−1 − 1; from Lemma 2.2.2, we get that xp−1 − 1 =

Y

∗ a∈Zp

(x − a).

On the other hand, the constant term of the polynomial on the right hand side is (p − 1)!, whereas the one on the left hand side has constant term equal to −1; therefore, (p − 1)! = −1 in Zp . ✷ We reached the most important theorem of this section, which shows the existence and uniqueness of finite fields ([51]). Theorem 2.2.4 For each prime p and each positive integer n, there exists a unique finite field with pn elements. Moreover, each finite field n of order pn is isomorphic to the splitting field of the polynomial xp − x over Zp . n

Proof: Let F be the splitting field of the polynomial xp − x over Zp and consider the set n

S := {a ∈ F | ap − a = 0}. S is obviously a field, over which the given polynomial completely factors, since S contains all its roots. Consequently, S = F. Since the formal n derivative (see Section 3.4) of P (x) = xp − x, in Zp [x], is P ′ (x) = −1, the field S has cardinality equal to pn . For the uniqueness, observe that F, being a finite field, contains Zp as n its prime field; by Lemma 2.2.2, F is the splitting field of P (x) = xp − x ✷ over Zp . Remark 2.2.5 Note that the argument used in Remark 2.2.1, for the construction of a finite field F, provides a way to find the splitting field of the given polynomial f (x) (consequence of Theorem 2.2.4). Example 2.2.6 Let Z3 = {0, 1, −1} be the finite field of order 3 and take x2 + 1 ∈ Z3 [x]. Since the given polynomial is irreducible over Z3 , Z3 [x]/(x2 + 1) ∼ = Z3 (α) = {a0 + a1 α | ai ∈ Z3 }, where α2 = −1, is a finite field of order 9. By Theorem 2.2.4, Z3 (α) is the Galois field of order 9. Observe that Z3 (α) = {0, 1, −1, α, 1 + α, −1 + α, 1 − α, −1 − α, −α }

2.2. CHARACTERIZATION OF FINITE FIELDS

31

is the splitting field of the given polynomial over the prime field Z3 , since α and −α, which are the roots of the polynomial, belong to this extension. Moreover, by Theorem 2.1.4, Z3 (α)∗ is a cyclic group of order 8; therefore, there exists an element, say ω, such that ω 8 = 1 and ω s 6= 1, for all s strictly less than 8. One can easily verify that, by choosing ω = 1 + α, Z3 (α)∗ ∼ =< ω | ω 8 = 1 > . In order to concretely ”work” with a finite field, it is convenient to extend Zp with a primitive element in GF (pn ) which is a root of a suitable polynomial . Definition 2.2.7 A polynomial f (x) ∈ Fq [x], of degree n > 1, is called a primitive polynomial over Fq if it is the minimal polynomial (see Section 1.3) over Fq of a primitive element of Fqn (see Section 2.1 and [39], [51]). Remark We recall that this definition of primitive polynomial in finite fields is completly unrelated to the Gauss one (Definition 1.3.15). Example 2.2.8 Let K = GF (3) and f (x) = x2 − x − 1 ∈ K[x]. The field F := K[x]/(f (x)) is, again, a finite field of order 9. In this case, a formal root of the given polynomial, say ω, is a primitive element of F. Therefore, x2 − x − 1 is a primitive polynomial over K and ω 2 = ω + 1 ω 3 = −ω + 1 ω 4 = −1 ω 5 = −ω ω 6 = −ω − 1 ω 7 = ω − 1 ω 8 = 1. Now, the natural question is if every finite field can be determined as in Remark 2.2.1. To this end, let F be a finite field of order pn and a ∈ F∗ . We showed, in Section 1.3, that a non-zero element in F can be considered as a root of a monic polynomial m(x), with coefficients from the prime field, say K ⊂ F, such that m(x) is irreducible over K. Lemma 2.2.9 Let p be a prime and q = ps . If ω is a primitive element of Fqm over Fq , then ω is a root of a polynomial of degree m, irreducible over the subfield Fq . Proof: The elements {1, ω, ω 2 , . . . , ω m }, as vectors of the Fq - vector space Fqm , are linearly dependent over Fq , i.e. there exist ai ∈ Fq , 0 ≤ i ≤ n, such that a0 + a1 ω + · · · + am ω m = 0.

32


Consider f (x) = a0 + a1 x + a2 x2 + . . . + am xm . This polynomial belongs to Fq [x] and its degree is m; moreover, it is irreducible over Fq . In fact, if we suppose the contrary, we would have f (x) = g1 (x)g2 (x), with gi (x) ∈ Fq [x], 1 ≤ i ≤ 2, 0 < ri = deg (gi (x)) < deg (f (x)), hence, gi (ω) = 0, for some i = 1, 2. This means ω ri = ci0 + · · · + ciri −1 ω ri −1 , cij ∈ Fq , 0 ≤ j ≤ ri − 1, which would imply that | F |< q m , a contradiction. ✷ Theorem 2.2.10 Let Fq , q = pn , be the finite field of order q and let ω be a primitive element of Fq . Then, the field Fq is isomorphic to the field Zp (ω) := {a0 + a1 ω + . . . + an−1 ω n−1 ; ai ∈ Zp } with f (ω) = 0, where f (x) is a polynomial in Zp [x], chosen as in Lemma 2.2.9. Proof: By Lemma 2.2.9, f (x) generates a maximal ideal in Zp [x]; hence, Fp [x]/(f (x)) ∼ = Zp (ω). On the other hand, since deg(f (x)) = n, the quotient ring has pn elements, therefore, the statement follows from Theorem 2.2.4. ✷

2.3

Galois Field Automorphisms

From Section 2.1 it follows that the prime field of a Galois field can be identified with Zp . What about other subfields of finite fields? Theorem 2.3.1 Let F be a finite field of order pn , p a prime. A subset K, such that 0, 1 ∈ K, which is closed under the two operations, is a subfield of F if and only if | K |= ps , with s | n. Moreover, K is uniquely determined by its order. Proof: Suppose that K is a subfield of F. This implies that the additive group of K is an elementary abelian group of order ph , with h ≤ n. On the other hand, since the multiplicative group of K is a subgroup of F∗ , ph − 1 must divide pn − 1, hence h | n. Conversely, suppose that K is a subset of F, which contains zero and has cardinality ps , where s divides n. By hypothesis, K∗ is a subgroup

2.3. GALOIS FIELD AUTOMORPHISMS

33

of the cyclic group F∗ , so its order divides pn − 1. This means that, s for each α ∈ K∗ ⊆ F∗ , αp −1 = 1. Consequently, K is determined by s the elements α of F such that αp = α. On the other hand, one can easily verify that these elements form a field; hence, K is a subfield of F. The uniqueness of K follows from the uniqueness of the cyclic subgroup determined by one of the divisors of | F∗ |. ✷ Example 2.3.2 Consider K = F2 = {0, 1} and the polynomial x2 + x + 1 ∈ F2 [x]. So we can construct the field F4 = F = {0, 1, ω, ω 2 | ω 2 = ω + 1}. Next, take the primitive polynomial x2 + x + ω ∈ F[x] (verify!) and β such that β 2 = β + ω. Then, GF (16) := {0, β j ; 1 ≤ j ≤ 15}; moreover, β 5 = ω and β 10 = ω 2 . This implies that {0, 1, β 5 , β 10 } is the subfield of order 4, isomorphic to GF (4). Moreover, in GF (24 ), we have the following chain of subfields {0} ⊂ GF (2) ⊂ GF (4) ⊂ GF (16). Remark In Example 2.3.2, the field GF (16) is obtained by two subsequent extensions, starting from GF (2). On the other hand, one can directly construct it by considering the polynomial x4 + x + 1 ∈ Z2 [x], irreducible over GF (2). From Theorem 2.2.4 it follows that these two fields are isomorphic. This remark can be generalized to the case of an arbitrary prime p; therefore, the field Fpn can be directly constructed from Fp , or by iterating extensions. Recall that an automorphism φ of a field F onto F is a bijection of F such that : (i) φ(a + b) = φ(a) + φ(b), ∀a, b ∈ F; (ii) φ(ab) = φ(a)φ(b), ∀a, b ∈ F∗ . It is clear that the set of all the automorphisms of F is a group (with respect to the composition of maps). Obviously, φ(0) = 0 and φ(1) = 1. Consequently, Proposition 2.3.3 Each automorphism of a field F fixes elementwise its prime field. Proof: If we denote by K the prime field of F, then, for each k ∈ K, φ(k) = kφ(1) = k (observe that kφ(1) means φ(1) + · · · + φ(1), k summands). ✷ Corollary 2.3.4 The automorphism group of GF (p) is trivial.

34


Proof: The statement follows from Proposition 2.3.3, since F = K = Zp . ✷ Assume that F is a finite field of order q = pn , p a prime; then, it is possible to describe the group AutFp (Fq ). Theorem 2.3.5 If F = Fpn , then its automorphism group (over Fp ) is isomorphic to the cyclic group of order n. Proof: Let ω be a primitive element of F and consider the following maps, k φk : x −→ xp , ∀x ∈ F with 0 ≤ k ≤ n − 1. It is straightforward to check that each φk is an isomorphism. Observe that φ0 is the identity map, whereas φ1 is called the first Frobenius automorphism ([39]). These automorphisms form a group which is isomorphic to the cyclic group of order n, since φn1 (x) = n xp = x, for each x ∈ F. To complete the proof, it is sufficient to show that each automorphism of F is of the form φk , for some k ∈ {0, . . . n−1}. By Lemma 2.2.9, the primitive element ω is a root of a polynomial f (x) ∈ Fp [x] of degree n and irreducible over Fp . If f (x) = a0 +· · ·+an xn , f (ω) = a0 + · · · + an ω n = 0; then a0 + a1 φ(ω) + · · · + an φ(ω n ) = 0. Therefore, φ(ω) is a root of f (x); we get the statement by observing k that the roots of the polynomial f (x) are all of the form ω p , with 0 ≤ k ≤ n − 1. ✷ The elements φk (α), 1 ≤ k ≤ n, are called the conjugates of α over Fp , where α ∈ Fpn . Obviously, if the field Fpn contains subfields other than its prime field, it makes sense to define the automorphism group of Fpn over Fps , with s | n, as the set of all the automorphisms of Fpn , which fix the subfield Fps elementwise. We will denote this group by AutFps (Fpn ).

Theorem 2.3.6 The group AutFps (Fpn ) is isomorphic to the cyclic group of order ns . Proof: This group is obviously cyclic, since AutFps (Fpn ) ⊆ AutFp (Fpn ). Moreover, since Fps is a subfield of Fpn , Fps = {0, 1, β h | 1 ≤ h ≤ pn −1

ps − 2}, where β = ω ps −1 and ω is a primitive element of Fpn . For an k element of AutFps (Fpn ), β p = β, 1 ≤ k ≤ n, hence pn −1

k

pn −1

(ω ps −1 )p = ω ps −1 . n

n

−1 −1 k p ≡ pps −1 (mod pn − 1), i.e. pk ≡ 1 (mod ps − 1), It follows that pps −1 which means k = sr. There exist exactly as many automorphisms as

2.3. GALOIS FIELD AUTOMORPHISMS

35

the number of integers r such that 1 ≤ sr ≤ n, with s > 1. Thus, the cardinality of AutFps (Fpn ) equals the number of integers r such that 1/s ≤ r ≤ n/s, i.e. ns . ✷ Example 2.3.7 The automorphism group of GF (24 ) over GF (2) is isomorphic to the cyclic group of order 4. If ω is a primitive element of GF (24 ), then AutF2 (F16 ) := {φ0 = idGF (16) , φ1 , φ2 , φ3 } where

φ0 (ω) = ω φ1 (ω) = ω 2

φ2 (ω) = ω 4 φ3 (ω) = ω 8

This group is generated by the automorphism φ1 and the subfield of GF (16), isomorphic to GF (4), contains the elements {0, 1, ω 5 , ω 10 }; therefore, AutF4 (F16 ) is formed by φ0 and φ2 . There would be more than one hundred of important aspects and properties of finite fields that one could recall as, for example, the trace and the norm of an element, cyclotomic polynomials, cyclotomic extensions and so on ([24], [39]), but it is beyond the scope of this text. We will briefly recall cyclotomic polynomials in Chapter 3, in order to study the local decomposition of particular finite rings. We end this section by recalling Wedderburn’s theorem, which was proved, for the first time, in 1905. From that date, many proofs of this theorem were given. They are mainly based on group theory or linear algebra (see [39] or [51]). We recall that a division ring (or skew-field) A is an integral domain with identity whose multiplicative group < A∗ ; · > is not abelian. Theorem 2.3.8 (Wedderburn’s theorem) A finite division ring is a field. Proof: See [51]. ✷ By this theorem, all results for finite fields are true for all finite division rings. A similar result is the following. Theorem 2.3.9 Every finite integral domain is a field. Proof: Assume that {a1 , a2 , . . . , an } are the elements of the finite integral domain, R. For a fixed non-zero element a ∈ R, consider all the products {aa1 , aa2 , . . . , aan }. These are distinct, for if aai = aaj , then a(ai −aj ) = 0, and since a 6= 0 we must have ai = aj . It follows that each

36


element of R is of the form aaj ; in particular, there exists h ∈ {1, . . . , n} such that 1R = aah . Since R is commutative, we have also 1R = ah a, then ah = a−1 . Thus, the non-zero elements of R form an abelian group with respect to the multiplication. ✷ This result will play a fundamental role in the next chapter.

Chapter 3

FINITE COMMUTATIVE RINGS. REGULAR POLYNOMIALS In this chapter we want to analyze the structure of finite, commutative rings with identity. We shall prove that any such ring can be uniquely expressed as a direct sum of finite local rings. Next, we shall study the polynomial ring R[x], where R is a local ring with maximal ideal M and residue field K = R/M ; our attention will be focused to particular polynomials, the so called regular polynomials. They will play a fundamental role in Galois ring theory.

3.1

Finite Commutative Ring Structure

All through this chapter, R will denote a finite, commutative ring with identity. Local rings were defined in 1.2.9. Here it will be shown they are the ”bricks” of the whole theory of finite, commutative rings with identity. The main ideas of this section follow [56]. Let I1 , I2 , . . . , In be proper ideals of a ring R; Ij and Ik , 1 ≤ j 6= k ≤ n, are said to be relatively prime ideals if Ij + Ik = R, where Ij + Ik := {a + b | a ∈ Ij ∧ b ∈ Ik }. Consider the ring homomorphism Φ : R −→ R/I1 ⊕ · · · ⊕ R/In such that Φ(r) := (r + I1 , . . . , r + In ), 37

(3.1)

38

CHAPTER 3. FINITE COMMUTATIVE RINGS

for each r ∈ R. Proposition 3.1.1 Let R be a finite, commutative ring with identity. 1. If Ij and Ik , 1 ≤ j 6= k ≤ n, are relatively prime ideals of R, then n \

Ij =

j=1

where

Qn

j=1 Ij

:= {

P

j 1 i xi · · · xi

n Y

Ij ,

j=1

· · · xni | xji ∈ Ij , 1 ≤ j ≤ n}.

2. If Ij and Ik are relatively prime, so are Ijm and Ikm , for all m ∈ IN. (Recall that, if J is an ideal of R, J m is its m-th power, i.e. the ideal generated by the elements x1 · · · xm , where xk ∈ J, 1 ≤ k ≤ m.) 3. The ring homomorphism Φ in (3.1) is injective if and only if Tn j=1 Ij = 0.

4. The ring homomorphism Φ is surjective if and only if Ij and Ik are relatively prime, 1 ≤ j 6= k ≤ n. Proof: 1. We prove the statement in the case of two ideals and then use induction on their number. If I1 , I2 are relatively prime ideals of R, then I1 ∩ I2 = {h ∈ R | h ∈ I1 ∧ h ∈ I2 } is a proper ideal of R. Similarly, I1 I2 is a proper ideal of R, such that X I1 I2 = { xi yi | xi ∈ I1 , yi ∈ I2 }. i

The trivial inclusion is I1 I2 ⊆ I1 ∩ I2 . (Note that, in general this is a proper inclusion; in fact, if we take, for example, R = Z and I1 = (6), I2 = (10) then (60) = I1 I2 ⊂ I1 ∩ I2 = (30)). For the converse, since I1 and I2 are relatively prime, there exist x ∈ I1 and y ∈ I2 such that 1 = x + y. So, if r ∈ I1 ∩ I2 , then r = r ·1 = r ·x+r ·y ∈ I1 I2 . Observe that this is a generalization of what occurs in the ring of integers, when we consider proper ideals (m) and (n), with m and n relatively prime integers.

3.1. FINITE COMMUTATIVE RING STRUCTURE

39

2. By hypothesis, Ij and Ik are relatively prime, so there exist xj ∈ Ij and xk ∈ Ik such that xj + xk = 1. This means that 1 = 1 · 1 = (xj + xk ) · (xj + xk ) = x2j + x2k + 2xj · xk ; there are two possibilities: - if xj · xk = 0, then it immediately follows that R = Ij2 + Ik2 ;

- otherwise, 2xj ·xk = (2xj +2xk )·xj ·xk = 2x2j xk +2xj x2k ∈ Ij2 +Ik2 ; thus, as before, 1 ∈ Ij2 + Ik2 .

By the same argument one can prove the statement by induction on m.

3. Φ(r) = 0 if and only if r ∈ Ij for all j ∈ {1, . . . , n}. The statement T follows from Ker(Φ) = nj=1 Ij .

4. The Homomorphism Theorem gives the following commutative diagram: Φ R −→ R/I1 ⊕ · · · ⊕ R/In π↓ ↑i ∼ = R/Ker(Φ) ←→ Im(Φ). If Φ is an epimorphism, then i is an isomorphism. This implies there exists an element x ∈ R such that Φ(x) = (1, 0, . . . , 0); this means that x ≡ 1 (mod I1 ) , x ≡ 0 (mod Ik ), 2 ≤ k ≤ n, so 1 = (1 − x) + x ∈ I1 + Ik , k 6= 1. Therefore, (I1 , Ik ) is a relatively prime ideal pair, for k ∈ {2, . . . , n}. More generally, this is true for all pairs (Ij , Ik ), with 1 ≤ j 6= k ≤ n.

Conversely, if any pair of ideals (Ij , Ik ) is a relatively prime ideal T Q pair, from 1. we get Ker(Φ) = nj=1 Ij = nj=1 Ij . From the Homomorphism Theorem it follows that the ring R/Ker(Φ) is isomorphic to a subring of R/I1 ⊕ · · · ⊕ R/In , hence the statement by observing that these two rings have the same cardinality.

✷ Definition 3.1.2 An element e of a ring R is called an idempotent element if e2 = e. Two idempotent elements of R, e and f , are said to be orthogonal if ef = 0 (see, for example, [5] or [56]). Proposition 3.1.3 Let R be a finite, commutative ring with identity. The following are equivalent: 1. R is isomorphic to a direct sum of subrings Rj , 1 ≤ j ≤ n. 2. There exist orthogonal idempotent elements ej , j ∈ {1, . . . , n}, P such that 1 = ni=1 ej and Rj ∼ = ej R.

40

CHAPTER 3. FINITE COMMUTATIVE RINGS 3. R is a direct sum of proper ideals Ij ∼ = Rj , 1 ≤ j ≤ n.

Proof: P 1. ⇒ 2.: There exist ej ∈ Rj , for all j ∈ {1, . . . , n}, such that 1 = ni=1 ei . P If we consider ek as an element of the whole ring R, then ek = nj=1 ek ej , which means ek ej = δkj ek , where δkj is the Kronecher symbol; so the ej ’s, 1 ≤ j ≤ n, are idempotent orthogonal elements of R. Moreover, Rj is the principal ideal of R generated by ej . 2. ⇒ 3.: By the step above, every Rj is an ideal of R. 3. ⇒ 1.: Obvious. ✷ We are now able to prove the main theorem of this section. Theorem 3.1.4 A finite, commutative ring with identity, R, can be expressed as a direct sum of local rings. This decomposition is unique up to permutation of direct summands. Proof: Let P1 , P2 , . . . , Pn be the prime ideals of R, i.e. Spec(R) = {P1 , . . . , Pn }. Since R/Pi is a field (Proposition 1.2.6 and Theorem 2.3.9), these are maximal ideals of R, therefore Spec(R) = Specm(R). Consequently, the Jacobson radical (cf. Section 1.2) coincides with the nilradical of R. From the maximality of Pj , 1 ≤ j ≤ n, it follows that every ideal pair (Pj , Pk ), 1 ≤ j 6= k ≤ n, is a relatively prime ideal Q T pair of R, so nj=1 Pj = nj=1 Pj . Since J(R) is a nilpotent ideal, there exists a positive integer m0 such that J(R)m0 = {0}. Define the ring homomorphism Φ0 : R −→ R/P1m0 ⊕ · · · ⊕ R/Pnm0 in the obvious way. What we proved in Proposition 3.1.1 ensures us that Φ0 is an isomorphism, because any two of the ideals Pjm0 , 1 ≤ j ≤ n, T Q are relatively prime and Ker(Φ0 ) = nj=1 Pjm0 = nj=1 Pjm0 = J(R)m0 = {0}. This ring isomorphism determines a bijection between the proper ideals of the ring R/Pjm0 , 1 ≤ j ≤ n, and the ideals of R (properly) containing Pjm0 . Since Pj is the unique maximal ideal of R such that Pjm0 ⊂ Pj ⊂ R, it follows that R/Pjm0 is a local ring with maximal ideal Pj /Pjm0 . Assume there are two distinct decompositions of R as a direct sum of local rings, R = ⊕nj=1 Rj = ⊕m k=1 Sk .

Then there exist orthogonal idempotent elements ej ∈ Rj and fk ∈ Sk , 1 ≤ j ≤ n, 1 ≤ k ≤ m, such that 1=

n X

j=1

ej =

m X

k=1

fk .


41

Each proper summand Rj is isomorphic to a local ring Rej ; similarly, each Sk is a local ring of the form Rfk . Therefore, none of the elements ej and fk is a sum of two or more proper idempotent elements; in fact, in general, a local ring does not contain idempotent elements different from 0 and 1, because its Jacobson radical is the maximal ideal. Thus ej = Pm k=1 ej fk , so there exists an integer kj s.t. ej = ej fkj and, analogously, there exists an integer jk s.t. fk = fk ejk , 1 ≤ j ≤ n, 1 ≤ k ≤ m . This means that e j = e j f k j = e j f kj e j k j , so j = jkj as the elements {ej }1≤j≤n are mutually orthogonal. An obvious one-to-one and onto correspondence between the sets {ej }1≤j≤n and ✷ {fk }1≤k≤m shows that m = n and ej = fkj . This theorem is one of the most important results in the theory of finite, commutative rings, since it allows to reduce our analysis to the irreducible components which have a very simple structure. We want to consider a few simple (but fundamental) examples of local summand decomposition of finite rings. Examples 1. The simplest case of a finite, commutative ring is the ring of integers modulo m, for a fixed positive integer m, denoted by Zm . The Fundamental Theorem of Arithmetic asserts that m has a unique prime factorization of the form m = p1n1 · · · pnk k , where pj is a prime, and pj 6= ps for 1 ≤ j 6= s ≤ k and nj ∈ IN, 1 ≤ j ≤ k. From the Chinese Remainder Theorem (see, for example, [49] page 94) we get the ring isomorphism Zm ∼ = Zp n 1 ⊕ · · · ⊕ Z p n k , 1

k

which is the local summand decomposition of Zm . 2. Let q be a power of a prime l, q = lr , and Fq [x] the polynomial ring over the Galois field Fq . Consider a polynomial f (x) = pt11 (x) · · · ptmm (x), where tj ∈ Z+ and pj (x) ∈ Fq [x] is an irreducible polynomial, 1 ≤ j ≤ m. Thus, (f (x)) is not maximal (prime, as in any Euclidean domain an ideal is maximal iff it is prime). However, pj (x) ∈ Fq [x] generates a maximal t ideal Ij = (pj (x)) ⊂ Fq [x], 1 ≤ j ≤ m, and its power Ij j is the ideal t

(pjj (x)). By defining the ring epimorphism

Φ : Fq [x] −→ (Fq [x]/(pt11 (x))) ⊕ · · · ⊕ (Fq [x]/(ptmm (x))),

42


we get that Ker(Φ) = (f (x)). The ring Fq [x]/(f (x)) factors in the direct t t sum of local rings Fq [x]/(pjj (x)), with maximal ideal (pj (x))/(pjj (x)) and t t ∼ Fq [x]/(pj (x)), residue field Kj = (Fq [x]/(p j (x)))/((pj (x))/(p j (x))) = j

j

1 ≤ j ≤ m, respectively. 3. Let p be a prime and n a positive integer such that p does not divide (n) n. We denote by Fp the n-th cyclotomic field over Fp , that is the splitting field (over Fp ) of the polynomial xn − 1 ∈ Fp [x]. Its roots are called the n-th roots of unity over Fp . One can show (see, also, [32], [39], [51]) that xn − 1 = (x − 1)Qn (x),

where Qn (x) ∈ Fp [x] factors into φ(n) d distinct monic irreducible polynomials of the same degree d, where φ is the Euler function (n)

φ(n) :=| {1 ≤ k ≤ n | g.c.d.(k, n) = 1} |,

and Fp is the splitting field of any such irreducible factor, so that (n) [Fp : Fp ] = d (note that the n-th primitive roots of unity number φ(n)). There are two possibilities: (i) if d = φ(n), Qn (x) is an irreducible polynomial over Fp , so the quotient ring Fp [x]/(Qn (x)) is the Galois field Fq , where q = pφ(n) . (ii) If d is a proper divisor of φ(n), let k = φ(n) d be the number of distinct irreducible factors of Qn (x). Then, (Qn (x)) =

k \

j=1

(fj (x)) =

k Y

(fj (x)),

j=1

where fj (x) is an irreducible factor of Qn (x), 1 ≤ j ≤ k. If we consider the epimorphism in (3.1) Φ : Fp [x] −→ Fp [x]/(f1 (x)) ⊕ · · · ⊕ Fp [x]/(fk (x)), then Ker(Φ) = (Qn (x)). Thus the quotient ring Fp [x]/(Qn (x)) is isomorphic to a direct sum where each summand is a field. 4. We can generalize the previous example to the case Zqn [x]. For simplicity, consider now the polynomial Qp (x) = xp−1 + · · · + 1 ∈ Zqn [x] such that n > 1 and p and q distinct primes. The natural epimorphism π : Zqn −→ Zq ∼ = Fq extends to a polynomial ring epimorphism µ, yielding the following commutative diagram: π Zqn −→ Zq i1 ↓ ↓ i2 µ Zqn [x] −→ Zq [x].


43

Obviously, the cyclotomic polynomial Qp (x) ∈ Zq [x] can be viewed as a polynomial in Zqn [x]; thus, we obtain an epimorphism between the quotient rings µ ˜ Zqn [x]/(Qp (x)) −→ Zq [x]/(Qp (x)). What we have seen in the previous examples enables us to distinguish between two different situations. If the polynomial Qp (x) ∈ Fq [x] is irreducible over Fq , then the quotient ring Fq [x]/(Qp (x)) is the finite field Fqp−1 ; let ξ be a formal root of this cyclotomic polynomial, considered as an element of Zqn [x]. The quotient ring Zqn [x]/(Qp (x)) is the Galois extension Zqn [ξ] of the ring Zqn , which is the Galois ring GR(q n , p − 1) (see Chapter 6). The epimorphism µ ˜, from the (Galois) ring Zqn onto the Galois field Fqp−1 , shows that Zqn [x]/M ∼ = Fqp−1 , where M = qZqn [ξ] is the maximal ideal of the local ring. So, if the cyclotomic polynomial Qp (x) is irreducible over Fq , Zqn [ξ] is a local ring. On the other hand, if Qp (x) ∈ Fq [x] splits in k = p−1 d irreducible factors, say f1 (x), . . . , fk (x), which are monic polynomials of degree d, then the quotient ring is a direct sum of fields, each of which is an algebraic extension of degree d of Fq , i.e. Fq [x]/(Qp (x)) ∼ = (Fq [x]/(f1 (x)))⊕· · ·⊕(Fq [x])/((fk (x))) = K1 ⊕· · ·⊕Kk . There is a bijection between these fields and the direct summands of the Zqn [x]/(Qp (x)) decomposition, which associates Ki with the Galois ring Zqn [ξi ], where ξi is a formal root of fi (x) ∈ Zqn [x], 1 ≤ i ≤ k. Therefore, this last decomposition is Zqn [ξ1 ] ⊕ · · · ⊕ Zqn [ξk ], where each summand is the Galois ring GR(q n , d). We end this section by considering a general fact about local ring decompositions. Let R = R1 ⊕· · ·⊕Rn be the local ring decomposition of a finite, commutative ring with identity, R. The following two statements are easy exercises (left to the reader): 1. U (R) = U (R1 ) × · · · × U (Rn ); 2. R[x] factors as a direct sum of proper summands; precisely, R[x] =

n M

Ri [x].

i=1

Proposition 3.1.5 Let R be a finite, commutative ring with identity and R1 ⊕ · · · ⊕ Rn be its local summand decomposition. L

1. If I is a proper ideal of R, then I = nj=1 Ij , where each Ij is an ideal of the ring Rj . Moreover, I is a maximal ideal in R if and

44

CHAPTER 3. FINITE COMMUTATIVE RINGS only if Ik is the maximal ideal in Rk , for some k ∈ {1, . . . , n} and Ij = Rj for j 6= k. 2. R contains non-trivial nilpotent elements if and only if Ri contains non-trivial nilpotent elements, for some i ∈ {1, . . . , n}. 3. If R = R1 ⊕ · · · ⊕ Rn with n ≥ 2, then R contains zero-divisors. 4. If mi is the characteristic of the ring Ri , 1 ≤ i ≤ n, then char(R) = m = l.c.m.(m1 , . . . , mn ).

Proof: 1. If I is an ideal of R, then Ij = I ∩ Rj is an ideal in ; Rj , 1 ≤ j ≤ n L so, I = ni=1 Ij . If I is a ; maximal ideal of R, R/I is a field; there must exist a unique ; k ∈ {1, . . . , n} such that I ∩ Rk = Ik is a proper ; ideal in Rk , whereas Rj = I ∩ Rj , j 6= k; thus, I; ∼ = R1 ⊕ · · · ⊕ I k ⊕ · · · ⊕ R n and ; R/I ∼ = Rk /Ik is a field; this implies that Ik is the ; maximal ideal in Rk . The converse is obvious. 2. If a ∈ R is a nilpotent element of R, then a must be contained in some maximal ideal of R. 1. proves the statement. The converse is obvious (Ri is a subring of R). 3. In the case n = 2 , the elements e1 = (1, 0) and e2 = (0, 1) are zero-divisors in R. The same argument holds for n > 2. 4. Let m be the least positive integer such that m(1, . . . , 1) = (0, . . . , 0). This equality implies that mi | m, 1 ≤ i ≤ n. From the minimality of m, m = l.c.m.(m1 , . . . , mn ) follows. ✷

3.2

Regular Polynomials in the Ring R[x]

In this section R will be a finite, commutative, local ring, with unique maximal ideal M and residue field K = R/M . The canonical projection π : R −→ K extends to a morphism of polynomial rings: µ : R[x] −→ K[x]. We try to generalize some topics, already considered in Chapter 1, by introducing, in particular, the notion of a regular polynomial (cf. also [56]). Before doing this, we recall that, if A is a commutative ring, an ideal I of A is said to be primary if I 6= A and, whenever xy ∈ I and x ∈| I, y n ∈ I, for some positive integer n. Now we can make the following Definition 3.2.1 (see, for example, [56]) Let f and g be elements of R[x];

3.2. REGULAR POLYNOMIALS IN THE RING R[X]

45

1. f is regular if it is not a zero-divisor; 2. f is primary if (f ) is a primary ideal; 3. f and g are relatively prime if R[x] = (f ) + (g). We start by proving some variations of Proposition 1.3.1. Proposition 3.2.2 Let f (x) = a0 + a1 x + · · · + an xn be an element of R[x]. The following conditions are equivalent: (i) f is a unit; (ii) µ(f ) is a unit in K[x]; (iii) a0 is a unit in R and a1 , . . . , an are nilpotent. Proof: (i)⇒(ii): If f is a unit, then there exists a polynomial g s.t. f g = 1. Consequently, 1 = µ(1) = µ(f g) = µ(f )µ(g), so µ(f ) is a unit. (ii)⇒(iii): The only units in K[x] are the constant polynomials µ(f ) = c, so, by definition of µ, the coefficients ai , 1 ≤ i ≤ n, must belong to M , i.e. be nilpotent (R is a local ring). a0 is of the form a0 = c + h, where h is a nilpotent element and c is a unit; it follows that a0 is invertible. (iii)⇒(i): This is an easy consequence of proposition 1.3.1 (2). ✷ Proposition 3.2.3 Let f (x) = a0 + a1 x + . . . + an xn be a polynomial in R[x]. The following are equivalent: (i) f is nilpotent; (ii) µ(f ) = 0; (iii) a0 , . . . , an are nilpotent in R; (iv) f is a zero-divisor; (v) there exists an element a ∈ R \ {0} such that af (x) = 0. Proof: The implications (ii)⇔(iii) and (iii)⇔(iv) immediately follow from the fact that R is a finite, commutative, local ring; so, it suffices to verify that (iii) is equivalent to (i) and (v). By Proposition 1.3.1(3), f (x) is nilpotent if and only if its coefficients are nilpotent. The implication (iii)⇒(v) easily follows from Proposition 1.3.1(4) since, if f (x) is nilpotent, then it obviously is a zero-divisor. Conversely, suppose there exists a ∈ R \ {0} that verifies (v). This implies aai = 0 for all 0 ≤ i ≤ n, so that the ai ’s are zero-divisors in R; hence, because of the structure of R, they are nilpotent. ✷ P

Proposition 3.2.4 Let f (x) = ni=0 ai xi be a polynomial in R[x]. The following conditions are equivalent:

46


(i) f is regular; (ii) the ideal generated by a0 , a1 , . . . , an coincides with R; (iii) ai is a unit in R for some i, 0 ≤ i ≤ n; (iv) µ(f ) 6= 0. Proof: (i)⇒(ii): This easily follows from 3.2.3(iii); in fact, a subscript i ∈ {1, . . . , n} must exist such that ai is a unit in R. (ii)⇒(iii): Obvious. (iii)⇒(iv): Obvious. (iv)⇒(i): If µ(f ) 6= 0, then f is not a zero-divisor in R[x] (see 3.2.3(iv)). ✷ We want to consider a useful proposition that will play a fundamental role in the proof of the generalized Hensel lemma. If A is an ideal of a ring R, we write A[x] to denote the subring of R[x] defined by A[x] := {a0 + a1 x + · · · + an xn | n ≥ 0, ai ∈ A, 0 ≤ i ≤ n}. Proposition 3.2.5 Let R be a finite, commutative, local ring and M its maximal ideal. Then 1. M [x] =

T

P ⊂R[x] P,

where P is a prime ideal in R[x];

2. M [x] = {f (x) ∈ R[x] | g(x)f (x) + 1 has an inverse, f or all g(x)∈ R[x]} = J(R[x]). Proof: 1. By 3.2.3, M [x] = {f (x) ∈ R[x] | f (x) nilpotent} = N il(R[x]). From (1.1) the assertion follows. 2. Let f (x) ∈ M [x]; since M [x] is an ideal in R[x], g(x)f (x) is nilpotent, for every g(x) in R[x]. Therefore, M [x] ⊆ J(R[x]). On the other hand, P if f (x) ∈ J(R[x]), where f (x) = ni=0 ai xi , ai ∈ R, then xf (x) + 1 has an inverse; by Proposition 3.2.2, a0 , . . . , an are nilpotent. ✷ Now we are able to generalize Hensel’s Lemma which we saw in Chapter 1 in the special case R = Zpn . Theorem 3.2.6 (Generalized Hensel’s Lemma.) Let f be an element of R[x], where R is a finite local ring, and let µ(f ) = g 1 · · · g n , where g 1 , . . . , g n ∈ K[x] are pairwise relatively prime polynomials in the Euclidean domain K[x]. Then there exist polynomials g1 , . . . , gn ∈ R[x] such that


47

1. g1 , . . . , gn are pairwise relatively prime in R[x]; 2. µ(gi ) = g i , 1 ≤ i ≤ n; 3. f = g1 · · · gn . Proof: By induction on n. For n = 2, we have f = h1 h2 + v, where v ∈ M [x] and µ(h1 ) = g 1 , µ(h2 ) = g 2 . Since g 1 and g 2 are relatively prime if and only h1 and h2 are relatively prime in R[x], there exist λ1 and λ2 in R[x] such that λ1 h1 + λ2 h2 = 1. Putting h1,1 = h1 + λ2 v, h2,1 = h2 + λ1 v, gives h1,1 h2,1 = f + λ1 λ2 v 2 . Hence, f ≡ h1,1 h2,1

(mod v 2 ),

with µ(hi,1 ) = µ(hi ), i = 1, 2 and h1,1 , h2,1 relatively prime. At this point we can repeat the argument, applying it to h1,1 and h2,1 ; by iteration, we can find two polynomials h1,t and h2,t in R[x], for every positive integer t, such that f ≡ h1,t h2,t (mod v 2t ) and µ(hi,t ) = µ(hi ), i = 1, 2. We know that v ∈ M [x], therefore it is nilpotent. Hence, it is possible to choose a positive integer t0 such that f = h1,t0 h2,t0 , with µ(hi,t0 ) = µ(hi ), i = 1, 2. We get the statement (in the case n = 2) by choosing gi = hi,to , 1 ≤ i ≤ 2. In general, if µ(f ) = g 1 · · · g n , it is sufficient to observe that g 1 is relatively prime to g i , 2 ≤ i ≤ n, so {g 1 , . . . , g n } are pairwise relatively

48


prime. Putting r = g 2 · · · g n yields µ(f ) = g 1 r which completes the proof. ✷ From Hensel’s lemma we can deduce the existence of the polynomials that ”lift” the factorization to K[x], even if the ”lifting factors” are not uniquely determined. Obviously, except for the uniqueness part, Theorem 1.4.3 is a particular case of this one, when R = Zpn , p a prime. In the Euclidean domain K[x] it is always possible to reduce our analysis to monic polynomials; surprisingly, this is true also in the case of R[x]; in fact, there exist procedures by which we can obtain monic regular polynomials from regular ones, determining monic ”representatives”. Lemma 3.2.7 Let f (x) be a regular polynomial in R[x]. It is possible to construct a sequence of monic polynomials fj (x) in R[x] such that deg(fj (x)) = deg(µ(f (x))), and fj (x) ≡ fj+1 (x)

(mod M j ).

Furthermore, there exist a unit bj ∈ R and a polynomial gj (x) ∈ M [x], for each j, such that bj f (x) ≡ fj (x) + gj (x)fj (x)

(mod M j ).

P

Proof: Let f (x) = ni=0 ai xi be a polynomial with non-zero leading coefficient and deg(µ(f (x))) = t ≤ n. This implies that at is a unit; −1 Pn j by choosing g1 (x) = 0, f1 (x) = a−1 t f (x) − at ( j=t+1 aj x ) and b1 = a−1 t , the statement is true in the case j = 1; thus, we can proceed by induction. Suppose we have constructed a sequence {fi }1≤i≤j , satisfying our hypotheses, such that bj f (x) = fj (x) + gj (x)fj (x) + h(x), h(x) ∈ M j [x]. Since fj (x) is a monic polynomial, we can find q(x), r(x) ∈ R[x] such that h(x) = q(x)fj (x) + r(x), deg(r(x)) < deg(fj (x)) = deg(µ(f (x))) or r(x) = 0. Define fj+1 (x) := fj (x) + r(x), gj+1 (x) := gj (x) + q(x). If r(x) = 0, there is nothing to prove. On the other hand, if fj (x) = a0 + a1 x+· · ·+at−1 xt−1 +xt and q(x) = c0 +· · ·+cs xs , then the leading coefficient of xt+s , in fj (x)q(x), is cs ; the coefficient of xt+s−1 is (cs at−1 +cs−1 ), and so on. Since h(x) ≡ 0 (mod M j ) and deg(r(x)) < deg(fj (x)) = t,


49

the coefficients ci belong to M j , 1 ≤ i ≤ s, so q(x) ∈ M j [x]. Therefore, r(x) = h(x) − q(x)fj (x) ∈ M j [x]. Finally, putting bj = bj+1 yields bj f (x) = fj (x) + gj (x)fj (x) + h(x) = fj+1 (x) + gj+1 (x)fj+1 (x) − r(x)(gj (x) + q(x)) ≡ fj+1 (x) + gj+1 (x)fj+1 (x) (mod M j+1 ). ✷ Theorem 3.2.8 Let f (x) be a regular polynomial in R[x]. There exist a monic polynomial f˜(x) with µ(f (x)) = kµ(f˜(x)), where k ∈ K∗ , and a unit v(x) ∈ R[x] such that v(x)f (x) = f˜(x). Furthermore, for every a ∈ R, f (a) = 0 if and only if f˜(a) = 0. Proof: Denote by h the least integer such that M h = 0. By Lemma 3.2.7, bh f (x) = fh (x) + gh (x)fh (x), where bh is a unit in R, gh (x) ∈ M [x] and fh (x) ∈ R[x] is a monic polynomial. We conclude the proof by choosing fh (x) = f˜(x); indeed, ˜ µ(fh (x)) = µ(f˜(x)) = µ(bh )µ(f (x)) and f (x) = b−1 h (1 + gh (x))f (x); −1 moreover, since 1 + gh (x) is a unit in R[x], bh (1 + gh (x)) has an inverse in R[x]; hence, for all a in R, ˜ f (a) = b−1 h (1 + gh (a))f (a). ✷ We end this section by considering some topics strictly related to the irreducible regular polynomials in R[x]. Let D ⊂ R[x] be the set D := {f (x) | µ(f (x)) has distinct roots in the algebraic closure of K }. Theorem 3.2.9 Let f (x) be a regular polynomial in R[x]. Then 1. If µ(f (x)) is irreducible in K[x], then f (x) is irreducible in R[x]. 2. If f (x) is irreducible in R[x], then µ(f (x)) = δg n (x), where δ ∈ K∗ , n ∈ IN and g(x) is a monic, irreducible polynomial in K[x]. 3. A polynomial f (x) ∈ D is irreducible if and only if µ(f (x)) is irreducible. Proof: 1. If f (x) = g(x)h(x), g(x), h(x) ∈ R[x], then either µ(g(x)) or µ(h(x)) is a unit, as µ(f (x)) is irreducible, and so prime, in K[x]. So, from Proposition 3.2.2 the statement follows. 2. Suppose that µ(f ) = δg1e1 · · · gtet , where δ ∈ K∗ , ei ∈ IN, 1 ≤ i ≤ t, and the polynomials gi are monic, irreducible in K[x] and pairwise

50


relatively prime. If t ≥ 2, by Theorem 3.2.6, f (x) would have a nontrivial factorization in R[x], a contradiction. Therefore, µ(f ) = δg n , with g(x) ∈ K[x] irreducible. 3. This is a trivial consequence of 1. and the definition of D. ✷ We would like to establish when an irreducible polynomial in R[x] is a prime element (the converse is always true); so we need the following: Lemma 3.2.10 Let f (x) be a regular, irreducible polynomial in D. f (x) is a prime if and only if M ⊆ (f ). Proof: ⇒) If f (x) is a prime, then R[x]/(f ) is a finite field (see Theorem 2.3.9); thus, if a ∈ M , the coset a + (f ) is a nilpotent element of the quotient ring, that is a ∈ (f ). ⇐) If M ⊆ (f ), then M [x] ⊆ (f ). Suppose that g + (f ) is a nilpotent element of R[x]/(f ); then f (x) divides (g(x))n , for some n, so µ(f (x)) divides (µ(g(x)))n . Since f (x) ∈ D, it follows that µ(f (x)) divides µ(g(x)), i.e. µ(g(x)) = µ(f (x))h(x), where h(x) ∈ K[x]. Let h(x) ∈ R[x] be such that µ(h(x)) = h(x). Consequently, h(x)g(x) = f (x) + j(x) with j(x) ∈ M [x], therefore g(x) ∈ (f ). This implies that R[x]/(f ) is a field and (f ) is prime. ✷ Remark Observe that, since R is a finite ring, the polynomial ring R[x] is Noetherian. Now, let N be a maximal ideal in R[x]; then N ∩ R = M and the image of N under the homomorphism µ is the principal ideal (f (x)) ⊂ K[x], where f (x) is an irreducible polynomial. Therefore, M ⊆ N and (f (x)) ⊆ N , where f is a pre-image of f , i.e. µ(f (x)) = f (x); by the maximality of N , N = (M, f ). By Theorem 3.2.9, f (x) is an irreducible polynomial in D, so (f (x)) is a maximal ideal in R[x] if and only if M = (0), that is R is a finite field. What about the factorization of regular elements of R[x]? The answer is given by the following Theorem 3.2.11 Let f (x) be a regular polynomial in R[x]. Then 1. f (x) = δ(x)g1 (x) · · · gn (x), where δ(x) has an inverse in R[x] and gi (x), 1 ≤ i ≤ n, are regular, primary, pairwise relatively prime polynomials. 2. If f (x) = δ(x)g1 (x) · · · gn (x) = β(x)h1 (x) · · · hm (x) with δ(x) and β(x) units in R[x] and gi (x), hj (x) are regular, primary pairwise relatively prime polynomials, then n = m and (gi ) = (hi ), 1 ≤ i ≤ n, by a suitable relabeling.

3.3. R-ALGEBRA AUTOMORPHISMS OF R[X]

51

Proof: 1. Let f (x) be regular in R[x]. Since µ(f (x)) 6= 0 in K[x], µ(f (x)) = δ ph1 1 (x) · · · phnn (x), with δ ∈ K, hi ∈ IN and pj (x) irreducible, pairwise relatively prime polynomials in K[x]. Consequently, h the pj j (x)’s are primary and regular polynomials in K[x]. By the generalized Hensel lemma, (f (x)) = δ(x)p1 (x) · · · pn (x), where µ(δ(x)) = δ(x) h and µ(pj (x)) = pj j (x), 1 ≤ j ≤ n. It is straightforward to verify that the pj (x)’s are regular, primary, pairwise relatively prime polynomials. 2. One can proceed as in the case of F[x], F a field (Sect. 1.3), but in this case everything is translated in terms of principal ideals; i.e., if (g1 ) · · · (gn ) = (h1 ) · · · (hm ), then n = m and after a suitable ordering (gi ) = (hi ), 1 ≤ i ≤ n. ✷ Observe that a regular polynomial f (x) ∈ R[x] is primary if and only if µ(f ) is primary in K[x]; this means that µ(f ) = δg h , where δ ∈ K∗ and g ∈ K[x] is an irreducible polynomial. We can give the following Definition 3.2.12 (see also [56]) A regular, irreducible polynomial f (x) in R[x] is basic irreducible if µ(f (x)) ∈ K[x] is irreducible in the Euclidean ring.

3.3

R-algebra Automorphisms of R[x]

In this section we want to determine the structure of the R-algebra automorphisms of R[x], where R is a local ring with maximal ideal M and residue field K. For this theory in the case of a general commutative ring see [26]. As in [56], we start with the following: Lemma 3.3.1 Let f (x) and g(x) be non-trivial polynomials in K[x] of degrees n and m, respectively. The polynomial h(x) := g(f (x)) ∈ K[x] is of degree nm; furthermore, f (x) generates K[x] over K if and only if deg(f ) = 1, i.e. f (x) = a0 + a1 x with a1 6= 0. Proof: The first statement is obvious; if f (x) generates K[x] over K, then there exists a polynomial g(x) such that x = g(f (x)) and, if deg(f ) = n and deg(g) = m, then mn = 1. Therefore, f (x) = a0 + a1 x with a1 6= 0. Conversely, if f (x) is of such a form, then x ∈ K[f (x)] i.e. K[f (x)] = K[x]. ✷ An immediate consequence of this lemma is that each automorphism of the K-algebra K[x], σ : K[x] −→ K[x], is of the form σ(x) = a0 + a1 x, with a1 6= 0.

52


Next, consider the R-algebra R[x] and a R-morphism σ : R[x] −→ R[x]. It is obvious that the action of σ is uniquely determined by the image of x under σ. If f (x) ∈ R[x], the R-morphism induced by x −→ f (x) will be denoted by σf . If σf is a R-automorphism of R[x], then σf (M [x]) ⊆ M [x], hence the ideal M [x] is called characteristic in R[x]. This implies that σf induces a K-algebra automorphism σ f : K[x] −→ K[x], defined by σ f (h) = µ(σf (h)), where h(x) ∈ R[x] is such that µ(h(x)) = h(x) and µ : R[x] −→ K[x] is the standard epimorphism introduced in Sect. 3.2. It immediately follows that, if we consider the polynomial f (x) = a0 + a1 x + · · · + an xn ∈ R[x], σ f = σµ(f ) , hence σf induces the Kautomorphism σµ(f ) : x −→ µ(f (x)). Since σµ(f ) is an automorphism of K[x], µ(f (x)) = π(a0 )+π(a1 )x, where π : R −→ K = R/M . We conclude that a1 ∈ U (R), whereas a2 , . . . , an are nilpotent in R. Theorem 3.3.2 Let f (x) = a0 + a1 x + · · · + an xn ∈ R[x]. The map σf : x −→ f (x) induces an automorphism of the R-algebra R[x] if and only if a1 is a unit and a2 , . . . , an are nilpotent elements. Each R-algebra automorphism of R[x] is of the form σf , for some f (x) ∈ R[x]. Proof: We only have to show the sufficiency of this condition. Take f (x) = a0 + a1 x + · · · + an xn such that a1 ∈ U (R) and aj ∈ M = N il(R), 2 ≤ j ≤ n. Since R[f (x)] = R[a−1 1 (f (x) − a0 )], w.l.o.g. we may assume that a0 = 0 and a1 = 1. Thus, f (x) = x + · · · + an xn . By using g(x) := f (x) − a2 (f (x))2 − · · · − an (f (x))n , we obtain that g(x) = x + b2 x2 + · · · + bs xs , where bi ∈ M 2 , 2 ≤ i ≤ s. Since M is a nilpotent ideal of R, by a finite number of iterations of this process, we get x ∈ R[f (x)], i.e. σf is surjective. To prove the injectivity, consider g(x) = g0 + g1 x + · · · + gs xs ∈ R[x] such that σf (g(x)) = 0, i.e. g0 +g1 f +· · ·+gs f s = 0. Now a0 = 0 implies that g0 = 0 and (g1 + g2 f + · · · + gs f s−1 )f = 0. Since a1 is a unit, f (x) ∈ R[x] is not a zero-divisor (by Prop. 3.2.4), so (g1 +g2 f +· · ·+gs f s−1 ) = 0. Repeating the argument shows that g1 = g2 = · · · = gs = 0, i.e. g(x) = 0; this implies that σf is injective. ✷

3.4. FACTORIZATION IN R[X]

53

We end this section with a final remark. Let Φ be an automorphism of R and f (x) ∈ R[x] an arbitrary polynomial. We define the ring morphism σΦ,f : R[x] −→ R[x] by σΦ,f (

s X

ai xi ) :=

s X

Φ(ai )(f (x))i .

i=1

i=1

Theorem 3.3.3 (i) σΦ,f is injective if and only if σf is. (ii) σΦ,f is surjective if and only if σf is. Proof: For the injectivity, one implication is straightforward; conversely, P P if σΦ,f is injective and si=1 ai (f (x))i = 0, then σΦ,f ( si=1 Φ−1 (ai )xi ) = 0, i.e. Φ−1 (ai ) = 0 which implies ai = 0, 1 ≤ i ≤ s. The surjectivity follows from the fact that Im(σΦ,f ) = R[f ]. ✷

3.4

Factorization in R[x]

We want to find a way to factor a given polynomial in R[x]. To do this we need to extend the classical congruence theory. As usual, R will denote a finite local ring with maximal ideal M and residue field K. Definition 3.4.1 Let D be an integral domain and f (x) = an xn + an−1 xn−1 + · · · + a0 ∈ D[x]. The formal derivative of f (x) is the polynomial f ′ (x) = nan xn−1 + · · · + a1 ∈ D[x]. We can use also the symbol

df dx

to denote this first derivative. The k-th

derivative of f (x) is the polynomial dk f dxk

=

d(f (k−1) ) . dx

dk f dxk

(or f (k) ) inductively defined by

Observe that the notion of a polynomial derivative is formally introduced, without any use of differential calculus concepts. However, if the characteristic of D is p and p divides the degree n of the polynomial, then f ′ (x) has degree less than n − 1. For instance, the polynomial F (x) = xp − x ∈ Fp [x] is of degree p but its derivative F ′ (x) = −1 = p − 1 ∈ Fp is a constant polynomial.

54


Denote by h the nilpotence class of M , i.e. h ∈ Z+ is the least positive integer such that M h = 0. We get a natural sequence of ring morphism: σh−2

σh−1

σ

σ

σ

2 h 1 K = R/M −→ R = R/M h −→ R/M h−1 −→ R/M h−2 −→ · · · −→ 0.

With any of these ring morphisms a natural morphism is associated, namely πi : R/M i −→ R/M = K, 1 ≤ i ≤ h. The kernel of σi is M i−1 /M i , for each i, and it is also a K - vector space, where the K - action is given by: αm := αm, where m ∈ M i−1 /M i , α ∈ R/M i , πi (α) = α.

(3.2)

Since the kernel of πi is M/Mi , this K-action is well-defined. For the sake of simplicity, the morphisms σi and πi will simply be denoted by σ and π, respectively. At the same time we will write σ ˜ and π ˜ to denote the extensions of σi and πi to their respective polynomial rings. The fundamental idea is to generate the roots of a polynomial f (x) ∈ (R/M i )[x] from those of σ ˜ (f ) ∈ (R/M i−1 )[x]. Let t be dimK (M i−1 /M i ) and {v1 , . . . , vt } be a K-basis for M i−1 /M i . Let a be an element of R/M i−1 which is a root of σ ˜ (f (x)) ∈ (R/M i−1 )[x] and suppose that σ(a) = a for some a ∈ R/M i . Let b = a + η; our aim is to choose η ∈ M i−1 /M i in such a way that f (b) = 0. Since M i−1 /M i is nilpotent of class two, i.e. (M i−1 /M i )2 = 0, f (b) = f (a + η) = f (a) + ηf ′ (a) + η 2 Q = f (a) + ηf ′ (a), where f ′ (x) ∈ (R/M i )[x] is the formal derivative of f (x) and Q ∈ R/M i . It follows that f (b) = 0 ⇔ f (a) = −ηf ′ (a); since η ∈ M i−1 /M i , by (3.2) this means that f (a) = −π(f ′ (a))η. Further, f (a) belongs to the vector space M i−1 /M i since (˜ σ f )(a) = 0. The chosen basis for this vector space determines the followig relations: f (a) =

t X

αi vi , η =

i=1

t X i=1

βi vi , αi , βi ∈ K.

Consequently, 0 = f (b) =

t X i=1

αi vi + π(f ′ (a))(

t X i=1

βi vi ) =

t X i=1

(αi + π(f ′ (a))βi )vi ,


55

hence αi + π(f ′ (a))βi = 0, for each i ∈ {1, . . . , n}. Three cases may occur: (i) f ′ (a) is a unit, so π(f ′ (a)) 6= 0 and each βi is uniquely determined; hence, there exists a unique b ∈ R/M i which is a root for f (x) ∈ R/M i [x] and satisfies σ(b) = a; (ii) f ′ (a) is an element of M/M i and the linear combination above admits (at least) one αj 6= 0, for some j. In this case no root (mapping to a) exists for f (x). (iii) f ′ (a) belongs to M/M i and βj = 0, for all j ∈ {1, . . . , t}; this implies that f (a + η) = 0 for each η ∈ M i−1 /M i . Thus, there exist |M i−1 /M i | = |K|t roots bs for f (x) such that σ(bs ) = a, in this case. Observe that all roots of f (x) are obtained in this way; in fact, if f (a) = 0 for a fixed polynomial f (x) ∈ (R/M i )[x] and for a ∈ R/M i , then σ(a) = a is a root of σ ˜ (f (x)) ∈ (R/M i−1 )[x]. Therefore, the problem of finding the roots of a given polynomial f (x) reduces to that of finding those of π ˜ (f (x)) in the residue field. By taking into account what we have observed here and in the previous sections, we can deduce some properties of the ring R[x] which extend the properties of U.F.D.’s or P.I.D.’s, considered in Chapter 1. Indeed, in the polynomial ring R[x] we make the following Definition 3.4.2 A polynomial f is a proper divisor of the polynomial g if (g) ⊂ (f ). Observe that, if g is a regular polynomial, then f is a proper divisor of g if and only if f is a divisor of g and µ(f ) divides µ(g) in the Euclidean domain K[x] (where µ : R[x] −→ K[x] is the usual epimorphism defined in Sect. 3.2). Proposition 3.4.3 Let f (x), g(x) be regular associated polynomials in R[x]. Then f (x) = δ(x)g(x), where δ(x) is a unit in R[x]. Proof: As in Section 3.2, two regular polynomials are associates in R[x] if they generate the same ideal, i.e. (f (x)) = (g(x)) ⊂ R[x]. This implies that these polynomials are proper divisors of each other, so f = µ(f ), g = µ(g) ∈ K[x] are associates in the Euclidean domain K[x], hence δ ∈ K must exist such that f (x) = δg(x). Now we can proceed as in Theorem 3.2.6 to lift this equality in K[x] to R[x]. By recalling that M [x] is a nilpotent ideal in R[x], one can find a suitable δ(x) ∈ R[x] satisfying the statement such that µ(δ(x)) = δ ∈ K; by 3.2.2, δ(x) is a unit in R[x]. ✷

56


Proposition 3.4.4 (Euclidean Algorithm) Let f (x), g(x) be nonzero polynomials in R[x]. If g(x) is a regular polynomial,then there exist q(x), r(x) ∈ R[x] such that f (x) = g(x)q(x) + r(x), with deg(r) < deg(g) or r(x) = 0. Proof: In the previous proposition we considered the particular case when f (x) and g(x) are associates in R[x], then q(x) = δ(x) and r(x) = 0. Now, let f (x) and g(x) be polynomials in the ring R[x] such that g(x) is regular. If we consider their images in K[x], viz. f (x) = µ(f (x)) and g(x) = µ(g(x)) 6= 0, then q(x), r(x) ∈ K[x] exist such that deg(r(x)) < deg(g(x)), or r(x) = 0, and f (x) = g(x)q(x) + r(x), since K[x] is a Euclidean domain. Observe that if f (x) is nilpotent, then f (x) = q(x) = r(x) = 0 (by Prop. 3.2.3), whereas, if f (x) is a unit, then q(x) = 0 and r(x) = f (x) = k ∈ K (by Prop. 3.2.4). Another application of the Generalized Hensel Lemma (3.2.6) shows the statement. We leave the technical part to the reader. Observe that the equality f (x) = g(x)q(x) + r(x) is not uniquely determined, i.e. the polynomials q(x), r(x) are not unique. ✷ Other important consequences of our definitions are the following. Proposition 3.4.5 Let R and S be two finite, commutative, local rings such that R ⊂ S. If a is an element of S, then there exists a unique monic polynomial f (x) ∈ R[x] such that f (a) = 0. Proof: The statement is obvious if a ∈ R. Suppose that a ∈ S \R. Since S is a finite ring, there exists only a finite number t of distinct powers of a. Let T be the free R-module generated by all these powers; then R ⊂ T ⊂ S, so it is sufficient to observe that at+1 must be expressed as a polynomial, in the t distinct powers of a, with coefficients from R. This implies that at+1 = p(a), i.e. a is a root of the monic polynomial f (x) = xt+1 − p(x). ✷ Thus, if R and S are two local rings such that R ⊂ S and if a ∈ S, what we proved in Proposition 3.4.5 guarantees the existence of a monic polynomial f (x) ∈ R[x] such that f (a) = 0. We get an R-algebra epimorphism φa : R[x]/(f (x)) −→ R[a] ⊂ S. Since f (x) is a monic polynomial, it is regular (see Prop. 3.2.4); so, by Proposition 3.4.4, the elements of the quotient ring are represented


57

by all the polynomials r(x) ∈ R[x] such that deg(r(x)) < deg(f (x)), therefore we may define φa (r(x)) := r(a). The other fundamental remark stems from what we observed after Lemma 3.2.10 about the maximal ideals of the ring R[x]; indeed, they are all of the form J = (M, f (x)), where M ⊂ R is its maximal ideal and f (x) ∈ R[x] is a polynomial such that µ(f (x)) = f (x) ∈ K[x] is irreducible over K. This determines the isomorphism R[x]/(M, f (x)) ∼ = K[x]/(f (x)),

(3.3)

which will play a fundamental role in the Galois ring theory. Proposition 3.4.6 If f (x), g(x) ∈ R[x] are regular, monic polynomials which are associates in R[x], i.e. (f (x)) = (g(x)), then f (x) = g(x). Proof: If f (x) and g(x) are associates in R[x], then there exists δ(x) ∈ U (R[x]) such that f (x) = δ(x)g(x) (see Prop. 3.4.3); by Proposition 3.2.2 and the definition of µ, we have f (x) = δg(x) in K[x], where δ ∈ K∗ . Since f (x), g(x) are monic polynomials in K[x], δ = 1, so f (x) = g(x). As in the proof of Proposition 3.4.3, we can deduce the existence of a unit δ(x) ∈ R[x] such that f (x) = δ(x)g(x), where δ(x) of the form δ(x) = a0 + a1 x + . . . + at xt , a0 ∈ U (R) and aj ∈ N il(R), 1 ≤ j ≤ t. Since f (x) and g(x) are monic, δ(x) = 1. ✷ We conclude with a crucial remark on the R-algebra of polynomials R[x]. Proposition 3.4.7 Let f (x) = a0 + a1 x + · · · + an xn be a polynomial in R[x]; if the morphism σf is onto, then a1 is a unit in R and a2 , . . . , an are nilpotent. Therefore, if σf is onto, then it is also injective, so it is an automorphism of the R-algebra R[x]. Proof: Suppose that σf is surjective; if r ∈ R and u ∈ U (R), then σr+f and σuf are epimorphisms of R[x]. W.l.o.g. we may consider f˜(x) = −a0 + f (x) = a1 x + a2 x2 + · · · + an xn ; there must exist a polynomial g(x) = b0 + b1 x + · · · + bm xm ∈ R[x] such that σf˜(g(x)) = g(f˜(x)) = x ∈ R[x]. Therefore, x = b0 + b1 (a1 x + · · · + an xn ) + b2 (a1 x + · · · + an xn )2 + · · · + bm (a1 x + · · · + an xn )m , i.e. b0 a 1 b1 a 2 b1 + b2 a 1 .. .

= = = .. .

0 1 0 .. .

58


This implies that a1 ∈ U (R) and a2 , . . . , an ∈ J(R), so, by Theorem 3.3.2, σf˜ (hence σf ) is an automorphism. ✷

Chapter 4

SEPARABLE EXTENSIONS OF FINITE FIELDS AND FINITE RINGS In this chapter we want to deal with separable extension theory, since it will be a fundamental tool to describe the Galois extensions of local rings and to construct Galois rings in the subsequent chapters. We start by recalling the main ideas of the abstract theory of this kind of extensions in the case of fields (see, for example, [44] or [64]), with a particular interest in finite fields. After that, we shall consider the separable (or unramified) extensions of finite, local rings ([56]). This will lead us to the characterization theorem of separable extensions of finite, local rings and provide some particularly interesting examples.

4.1

Separable Field Extensions

Before developing the theory of separable extensions of fields, we want to recall some fundamental definitions. Proposition 4.1.1 Let F be a field and f (x) ∈ F[x] a polynomial. There exists a field K such that F ⊆ K and f (x) splits, over it, into linear factors. Proof: See, for example, [3] or [31]. 59

✷

60

CHAPTER 4. SEPARABLE EXTENSIONS

Definition 4.1.2 Let F ⊆ K be a field extension such that a polynomial Q f (x) ∈ F[x] factors, over K, as f (x) = ni=1 (x − αi ), αi ∈ K, and K = F(α1 , . . . , αn ). We say that K is the splitting field of f (x). This splitting field is, essentially, unique ([44] or [64]). Recall that we have already introduced, in 1.3.11, the definitions of algebraically closed field and algebraic closure of an arbitrary field K. Theorem 4.1.3 Given any field K, then 1. There always exists an algebraic closure, denoted by K; 2. If K ⊆ H is an algebraic field extension and if each polynomial f (x) ∈ K[x] completely factors over H, then there exists a Kisomorphism (i.e. an isomorphism that fixes K elementwise) of H onto K; 3. The algebraic closure of the field K is unique up to isomorphism. Proof: The proof of the existence of such an algebraic closure is based on a transfinite construction. See, for example, [3],[7] or [22]. ✷ In conclusion, given a field K, it is always possible to consider its algebraic closure K. Therefore, we will suppose, for simplicity, that all fields considered are contained in a suitable field E, which is algebraically closed. Definition 4.1.4 Let F be a field which is contained in an algebraically closed field E. i) A polynomial f (x) ∈ F[x] is said to be separable over F if its roots, as elements of E, are all distinct. ii) a ∈ E is a separable element over F if its minimal polynomial (Section 1.3) fa (x) ∈ F[x] is separable. iii) An algebraic extension field F ⊆ K is a separable extension if each element a ∈ K is separable over F. Another important notion in extension theory is the definition of normal or Galois extension. Given K, H and F fields such that K ⊂ H and K ⊂ F, we say that a field homomorphism φ : H −→ F is a Kmorphism if φ |K = idK . An extension field K ⊆ F is normal if each K-monomorphism ϕ : F −→ E is an automorphism (i.e. ϕ(F) = F). Let E be an algebraically closed field, with positive characteristic p, and φ1 : E −→ E

4.1. SEPARABLE FIELD EXTENSIONS

61

the first Frobenius automorphism (see in the proof of Theorem 2.3.5) defined by φ1 (a) = ap , ∀a ∈ E. The field φ1 (E) is algebraically closed, since it is isomorphic to the field E but, at the same time, it is an algebraic extension of E; e.g., if a ∈ E, then a is a root of the polynomial xp − ap ∈ φ1 (E)[x]. It follows that φ1 (E) = E. 1/p the preimage, under Instead of φ−1 1 (a) ∈ E, we will denote by a φ1 , of an element a ∈ E; therefore, given a field K ⊆ E, we will write Kp and K1/p instead of φ1 (K) and φ−1 1 (K), respectively. Proposition 4.1.5 Given a field K, the following conditions are equivalent: 1. K = Kp ; 2. K = K1/p ; 3. Every algebraic extension of K is separable. Proof: 2. ⇒ 3. Let a be algebraic over K and f (x) = xn + b1 xn−1 + ... + bn its minimal polynomial over K; if f (x) is not a separable polynomial, then f (x) = h(x)p ([36], pag. 146), where h(x) is a polynomial with coefficients from K1/p . By hypothesis K = K1/p , then h(x) ∈ K[x] which contradicts the irreducibility of f (x) over K. 3. ⇒ 1. Let a ∈ Kp and F = K(a) be separable over K, i.e. F is a simple separable extension of K; so, a ∈ Kp ∼ = K and, also, a ∈ F = K(a); this means a ∈ K. 1. ⇒ 2. Since φ−1 1 φ1 (K) = K, we have that φ1 (K) = K. Therefore, −1 1/p φ1 (K) = K = K. ✷ Definition 4.1.6 A field K is called perfect if it satisfies one of the conditions in Prop. 4.1.5 (see [7] or [64]). Other methods to construct perfect fields are given by the next theorem. Theorem 4.1.7 (1) Every algebraically closed field, as well as every finite field, is a perfect field. (2) If K is perfect and F is algebraic over K, then F is a perfect field.

62


Proof: (1) We have already observed that an algebraically closed field is certainly perfect. If K is a finite field, since the first Frobenius homomorphism is injective, it must be bijective, then K is perfect. (2) Let a ∈ F and consider H = K(a); since φ1 is an isomorphism, it is clear that [Hp : Kp ] = [φ1 (H) : φ1 (K)] = [H : K], where [H : K] denotes the extension degree. By hypothesis, Kp = K and it is obvious that Hp ⊆ H, so Hp = H. In particular, there exists b ∈ H such that a = bp . ✷ The fundamental consequence of this last result is that every algebraic extension of a finite field is a separable extension, since any finite field is perfect. Moreover, in the case of finite extensions, i.e. K ⊂ F such that [F : K] = dimK F is finite, we have a stronger result.

Proposition 4.1.8 Let K ⊂ F be a field extension. If K ⊂ F is finite and separable, then it is simple. Moreover, if K is a finite field, it is enough to assume K ⊂ F finite to get the statement. Proof: This depends on a more general result in field extension theory. Indeed, suppose to have a field extension K ⊂ F (K not necessarily a finite field) such that [F : K] < ∞ and let a ∈ F. Since the elements 1, a, a2 , . . . , an ∈ F can not be linearly independent over K for each P n, we must have ni=0 αi ai = 0, where n ∈ IN and αi ∈ K s.t. αi 6= 0 for some i ∈ {0, . . . , n}. This implies that each element of F is algebraic over K, i.e. K ⊂ F is an algebraic extension. Therefore, if K is also a finite field, Theorem 4.1.7 ensures us that K ⊂ F is separable. In the infinite case we have to add to the hypotheses the separability of the extension to prove the statement. Since we are interested in the finite case, we only focus on this part and refer the reader to [36] for the general treatment. Thus, consider K a finite field and K ⊂ F a finite extension; then, F is a finite field, separable over K. In Theorem 2.1.3 we recalled that the multiplicative group of a finite field is a cyclic group, therefore there exists ω ∈ F∗ such that F∗ =< ω >; so, a fortiori, F = K(ω). ✷ In the next section we will generalize the notion of a separable extension to finite, commutative rings, and, in particular, to finite, local rings, which will be a corner stone for our future analysis of Galois rings.

4.2. EXTENSIONS OF RINGS

4.2

63

Extensions of Rings

In the previous section we recalled the main properties of field extensions. Now, we will state analogous propositions in the case of rings ([56]). As usual, the rings considered will be commutative and with identity. Definition 4.2.1 Let R and S be two rings. We say that S is an extension of R if R ⊆ S. Moreover, if T is a non-empty subset of S of finite cardinality, the ring it generates is the smallest subring of S, A, such that R ∪ T ⊆ A ⊆ S. Observe that it makes sense to give such a definition, since A may coincide with S. Obviously, if T ⊆ R, then A = R. Therefore, it is interesting to consider sets T which are not contained in R. Consequently, w.l.o.g., we will set R ∩ T = ∅. Therefore, A properly contains R and is contained in S. Furthermore, it is possible to explicitly determine the elements of A. Theorem 4.2.2 Let R and S be two rings such that R ⊂ S. By choosing T = {t1 , . . . , tk } ⊂ S, the elements of the ring A are of the form X

an1 ...nk tn1 1 · · · tnk k , with an1 ...nk ∈ R and tj ∈ T, 1 ≤ j ≤ k.

Proof: Observe that elements of this kind form a ring, B, such that R ⊂ B ⊂ S; e.g., both the difference and the product of two elements of this kind are elements of the same kind. Moreover, by construction, R ⊂ B ⊂ S and T ⊂ B. Finally, if C is a ring containing T , since C is closed with respect to difference and product, then B ⊂ C, which completes the proof. ✷ A particularly important case occurs when the set T is a singleton, i.e. T = {a}. In this case, we write A = R(a). As in the field case, we have the following: Definition 4.2.3 An extension of the form R ⊂ R(a) is said to be simple. Clearly, if R is a commutative ring with identity, so is R(a). MoreP over, by Theorem 4.2.2, an element of R(a) is of the form rj aj , where rj ∈ R. In the case of a field K, we have already seen how the concept of simple extensions is strictly related to the concept of quotients of the polynomial ring K[x]. On the other hand, in the ring case this link is not so evident and, sometimes, we cannot even consider it because, when

64


R is an arbitrary commutative ring, R[x] does not have the same properties as the Euclidean ring K[x]. However, it is possible to develop an analogous theory in the case of a finite, local ring R. We shall see, in the next section, that, for such rings, their separable extensions can be characterized. Definition 4.2.4 Let R and S be two finite, local rings with residue fields K and K, respectively, such that R ⊆ S. The ring S is said to be a separable extension (equivalently, an unramified extension) of R if mS = M . We know that if R and S are finite, local rings with K and K residue fields, respectively, then K = R/m and K = S/M , where m and M are the maximal ideals of R and S. Theorem 4.2.5 Let R and S be as in Definition 4.2.4, with R ⊂ S a separable extension; then K ⊂ K is a separable field extension. Proof: Since mS = M , then R/m and S/mS are finite fields satisfying K ⊆ K; from Proposition 4.1.5 and Theorem 4.1.7 the assertion follows. ✷ It is therefore possible to ”work” very easily with extensions of finite, local rings, establishing when an extension is a separable one. To do this, we need to recall the following important result. Lemma 4.2.6 (Nakayama’s lemma) Let R be a commutative ring with identity. Assume that M is a finitely generated R-module and J is an ideal of R. If JM = M , then M = 0. Proof: Suppose that M 6= 0; denote by {m1 , . . . , mn } a minimal set of generators of M as an R-module. As JM = M , we may write m1 = s1 m1 + . . . + sn mn for some si ∈ J, 1 ≤ i ≤ n. Then, (1 − s1 )m1 = s2 m2 + . . . + sn mn ; since s1 is an element of J, from Prop. 1.2.10 it follows that 1 − s1 is a unit (R is a local ring). Thus m1 ∈ Rm2 + · · · + Rmn which contradicts the minimality of the set of generators. ✷ Theorem 4.2.7 (of the primitive element) Each separable extension of a finite, local ring is simple.

4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS

65

Proof: Let R ⊂ S be a separable extension. Thus, K ⊂ K is a finite, separable field extension; therefore, by Proposition 4.1.8, there exists a ∈ K such that K = K(a). Let a ∈ S be one pre-image, under the canonical epimorphism µ : S −→ K, of a. From Theorem 4.2.5 it follows that S/mS = (R/m)(a); this means that S = R(a) + mS. Observe that S and R(a) are finitely generated R-modules, thus m(S/R(a)) = (mS + R(a))/R(a) = S/R(a), and the statement follows from Lemma 4.2.6; in fact, the R-module S/R(a), finitely generated over R, is the null module, then S and R(a) coincide as local rings. ✷

4.3

Separable Extensions of Finite Commutative Local Rings

This section provides a fundamental theorem on separable extensions of local rings. Theorem 4.3.1 Let R and S be two finite, commutative, local rings with maximal ideals m and M and residue fields K and K, respectively, such that R ⊂ S. The local ring S is a separable extension of R if and only if S ∼ = R[x]/(f (x)) (as R-algebras), where f (x) is a monic, basic irreducible polynomial, i.e. µ(f (x)) ∈ K[x] is an irreducible polynomial (see Definition 3.2.12). Proof: ⇒) Suppose that S is a separable extension of R. By Theorem 4.2.7, there exists an element w ∈ S such that S = R[w]. It follows that also K = S/M is a simple extension of K = R/m; more precisely, K = K[w], with w ∈ K such that µ(w) = w, where, again, µ is the epimorphism µ : S −→ S/M = K. Let f (x) ∈ K[x] be the minimal polynomial of w; therefore f (x) is irreducible. Let h(x) ∈ R[x] be a monic pre-image of f (x) such that deg(h) = deg(f ); h(x) is an irreducible polynomial in R[x], as µ(h) = f ∈ K[x] (Theorem 3.2.9). Since w is a pre-image of w ∈ K, h(w) ∈ R[w]; P i thus, as [K : K] = deg(h) = n, h(w) = n−1 i=0 mi w , with mi ∈ m ⊂ R, w a pre-image of w and f (w) ∈ mS = M . P i Choose g(x) = n−1 i=0 mi x and f (x) := h(x) − g(x). It follows that deg(f ) = deg(h) = n and the leading coefficient of f is the same as that of h, i.e. 1 ∈ R. Since f (w) = 0, µ(f ) = f ∈ K[x], then f (x) ∈ R[x]

66


is a monic, basic irreducible polynomial. The ideal it generates in R[x] is a proper ideal, because the leading coefficient of f (x) is a unit. The natural morphism, defined by R[x] −→ S = R[w] x −→ w is consistent with the quotient morphism, which determines an epimorphism of R-algebras, i.e. ϕ : R[x]/(f (x)) −→ S = R[w]. Now we have to check that R[x]/(f (x)) is a ring with the same cardinality as S, so ϕ will be an isomorphism of R-algebras. We recall that, as we have seen in Chapter 3 for regular polynomials, f (x) is a polynomial for which we can define the Euclidean division, which gives R[x]/(f (x)) = {r(x) ∈ R[x] | 0 ≤ deg(r) < deg(f )}. It follows that the rings R[w] and R[x]/(f (x)) are equipotent, and, therefore, ϕ is an isomorphism, i.e. R[x]/(f (x)) ∼ = S = R[w]. ⇐) Assume that there exists a monic, irreducible polynomial of degree n, f (x) ∈ R[x], such that S = R[x]/(f (x)). We have to show that the extension R ⊂ S is separable over R, i.e. mS = M . Since R is a local ring with maximal ideal m ⊂ R, we have already observed that m[x] ⊂ R[x] is an ideal in the polynomial ring, with coefficients from R, such that R[x]/m[x] ∼ = K[x]. Therefore, the ring S = R[x]/(f (x)) is local; e.g., let m ⊂ R be the maximal ideal of R, then the ideal M := (m, f (x))/(f (x)) ⊆ R[x]/(f (x)) = S is maximal (see (3.3)); in fact, R[x] (m, f (x)) ∼ / = R[x]/(m, f (x)) ∼ = K[x]/(µ(f (x))) ∼ =F (f (x)) (f (x)) is a field. Obviously, by construction, mS = M = (m, f (x))/(f (x)); we have to verify that M is the only maximal ideal of S, so that S will be a local ring and the extension R ⊂ S will be unramified, i.e. separable. The uniqueness of this maximal ideal follows from 3.2.11. ✷ A polynomial f (x) ∈ R[x] is a local polynomial if the quotient ring R[x]/(f (x)) is a local extension of R. A regular polynomial h(x) is a separable polynomial if R[x]/(h(x)) is a local, separable extension

4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS

67

of R. Obviously, if f (x) is a separable polynomial and f ∗ (x) ∈ R[x] is a monic, regular polynomial such that µ(f ) = µ(f ∗ ), then (f (x)) = (f ∗ (x)) ⊆ R[x]. In this sense, the separable polynomials are the basic irreducible polynomials; more precisely, the following notions are equivalent: (a) f is separable; (b) f is basic irreducible; (c) µ(f ) is irreducible. Theorem 4.3.2 A regular polynomial is local if and only if µ(f ) is a power of an irreducible polynomial in K[x]. Proof: ⇒) If µ(f ) were not a power of an irreducible polynomial in K[x] then, by 3.2.6, f (x) would not be local in R[x]. ⇐) Suppose f is not local; then R[x]/(f ) decomposes as a direct sum of proper ideals. Thus f and, consequently, µ(f ) factor into relatively prime polynomials. ✷ Corollary 4.3.3 If f is a regular, irreducible polynomial in R[x], then R[x]/(f n ) is a local ring for any positive integer n.

68


Chapter 5

GALOIS THEORY FOR LOCAL RINGS In this chapter we want to extend some classical results of the Galois theory of fields to finite, local rings. For general ideas on Galois theory and related topics (Abel-Ruffini’s Theorem, cyclotomic extensions and so on) the reader is referred to [2], [24] or [64]. For interesting examples and a historical point of view of this theory we suggest [22] and [68].

5.1

Basic Facts

Let R and S be two finite, commutative, local rings such that R ⊂ S. In this situation, we can generalize to the ring case the definition of K-morphism given in Section 4.1. Definition 5.1.1 An R-automorphism ϕ of S is an automorphism ϕ : S → S such that ϕ|R = 1R , where 1R is the identity map on R. From now on, S and R will denote two finite, commutative, local rings with maximal ideals M and m and residue fields K = S/M and K = R/m, respectively. We recall that, if H is a group of R-automorphisms of S, then the set S H := {s ∈ S | σ(s) = s, ∀σ ∈ H} is a ring with respect to the operations on S. Therefore, if S is an extension of R, it makes sense to give the following definition. Definition 5.1.2 S is a Galois extension of R, with Galois group G, if G is a group of R-automorphisms of S such that 69

70

CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS (i) S G = R; (ii) S is a separable extension of R.

In the remaining part of this section we describe the basic tools to construct Galois extensions of rings, whereas in Section 5.2 some important examples and some related questions will be dealt with. Lemma 5.1.3 Let f (x) be a regular polynomial in R[x] and suppose that µ(f (x)) has a simple root α in K, where µ is again the epimorphism µ : R −→ K. Then f (x) admits one and only one root α in R, s.t. µ(α) = α. Proof: By hypothesis, µ(f (x)) = (x − α)h(x), with h(x) ∈ K[x]. By Hensel’s Lemma 3.2.6, f (x) = (x − α + g1 (x))(h(x) + g2 (x)), where g1 (x), g2 (x) ∈ m[x] and µ(h(x)) = h(x). If g1 (x) = an xn +. . .+a0 , with ai ∈ m, then x − α + g1 (x) = an xn + . . . + a2 x2 + (a1 + 1)x + (a0 − α). By Theorem 3.2.8, there exists an invertible element e(x) in R[x] such that x − α + g1 (x) = e(x)(x − β)

with β ∈ R and µ(β) = α = µ(α). Therefore, f (x) = e(x)(x − β)(h(x) + g2 (x)) and β is the desired root. If β ′ were another root of f (x) such that µ(β ′ ) = α, then we would have 0 = f (β ′ ) = (β ′ − β)g(β ′ ),

with g(x) = (h(x) + g2 (x))e(x). On the other hand, µ(g(β ′ )) = h(α) 6= 0, since α is a simple root of f (x). Therefore, g(β ′ ) is a unit and β ′ = β. ✷ Now, we want to consider the ”lifting” theorem which allows to extend automorphisms of R to R-automorphisms of S. This is a generalization of what occurs in the Galois theory of fields ([7], [22] or [44]). Theorem 5.1.4 Let S be a separable extension of R and let T be a commutative, local ring, R ⊂ T , with residue field K. Then, for each Kisomorphism σ : K −→ K, there exists a unique R-morphism σ : S −→ T that induces σ, modulo the maximal ideals of Sand T , respectively. Finally, σ is an R-isomorphism if and only if T is a separable extension of R.

5.1. BASIC FACTS

71

Proof: By hypothesis and by Theorem 4.2.5, K = K[a] is a separable extension of K, where a is a simple root of a monic, irreducible polynomial f (x) ∈ K[x]. If f (x) ∈ R[x] is such that µ(f (x)) = f (x), then, by Lemma 5.1.3, there exists a unique element a ∈ S such that f (a) = 0. Moreover, by the characterization of the separable extensions of local rings (see 4.3.1), S ∼ = R[x]/(f ), possibly by replacing f with a monic polynomial. It follows that {1, a, . . . , an−1 } is a basis of the free Rmodule S, where n = deg(f ). Let σ : K −→ K be a K-isomorphism and assume that σ(a) = a0 . Then K = K[a0 ] and a0 is a simple root of f (x). Again, Lemma 5.1.3. implies that f (x) has exactly one root a0 in T . In this way it is possible to naturally extend the map a −→ a0 to a morphism of R-algebras that induces σ. Conversely, if σ : S −→ T is an R-morphism, which induces σ : a −→ a0 over K, then, by Lemma 5.1.3, σ(a) is a root of f (x). On the other hand, σ(a) = a0 by uniqueness in Lemma 5.1.3. This shows that σ is uniquely determined modulo the maximal ideals. Finally, if σ is an R-isomorphism, then T is separable, since it is isomorphic to S. Viceversa, if T is separable, then T ∼ = R[x]/(f (x)) ∼ = S, therefore σ is an isomorphism. ✷ Corollary 5.1.5 Let S be a separable extension of R. Then, S is a Galois extension of R with Galois group GR (S) isomorphic to the Galois group GK (K). Proof: Since S is a separable extension of R, each K-isomorphism of GK (K) may be lifted to a unique R-isomorphism of S (see Theorem 5.1.4.). Moreover, each R-isomorphism of S is obtained in this way, since the correspondence of Theorem 5.1.4. is a bijection. To completely prove the assertion, it is sufficient to show that R = S G . Obviously, R ⊆ S G . On the other hand, if s ∈ S \ R, then one of the following is true: (i) s is a unit; (ii) s is not a unit. In the first case, σ(µ(s)) 6= µ(s), for some σ ∈ GK (K). Consequently, if σ ∈ GR (S) induces σ, then σ(s) 6= s. In the other case, 1 + s is a unit and 1 + s ∈ / R. By repeating the argument of the first case and by observing that σ(1) = 1 we now obtain σ(s) 6= s. This proves that if s ∈ S \ R, σ(s) 6= s, for some σ ∈ GR (S), that is S G ⊆ R. ✷ Now, we are able to characterize the Galois extensions of finite, commutative, local rings.

72

CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

Theorem 5.1.6 Let R be a finite, commutative, local ring and S a finite, local extension of R. Then S is a Galois extension of R if and only if S is a separable extension of R. Proof: ⇒) Obvious, by definition of a Galois extension (cf. Def. 5.1.2). ⇐) If S is a separable extension of R, then it suffices to apply Corollary 5.1.5. ✷ Corollary 5.1.7 S is a Galois extension of R if and only if S∼ = R[x]/(f (x)), where f (x) is a basic irreducible polynomial (which we always may assume to be monic) over R and GR (S) acts as a permutation group on the roots of the polynomial f (x). Proof: This immediately follows from Theorems 4.3.1, 5.1.4 and 5.1.6. ✷ Remark: Corollary 5.1.5 implies that | GR (S) |=| GK (K) |= [K : K] = deg(µ(f (x))) = deg(f (x)), where f (x) is a polynomial chosen as in Corollary 5.1.7. By Theorems 3.2.6 and 3.2.9(3) there is an irreducible pre-image over R for any polynomial irreducible over K; this proves the existence of a Galois finite, local ring extension of a given degree. We now show its uniqueness. Theorem 5.1.8 Let R be a finite, commutative, local ring and S a Galois extension of R, of degree n. Then S is unique, up to isomorphism. Proof: Assume there exist two distinct extensions of degree n of R, say S1 and S2 . By Theorem 4.2.7, there exist algebraic elements a1 and a2 over R, such that S1 = R(a1 ) and S2 = R(a2 ). By taking the residue fields and denoting by a1 and a2 elements such that µ(ai ) = ai , 1 ≤ i ≤ 2, we obtain that K(a1 ) ∼ = K(a2 ), which are two finite extensions, of degree n, of K (by Theorem 2.2.4). This implies that there exists an isomorphism Φ which maps a1 onto a2 ; moreover, if g(x), f (x) ∈ K[x] are the minimal polynomials of a1 and a2 , respectively, then Φ(f (x)) = (g(x)). By Hensel’s Lemma (3.2.6) and by Theorem 5.1.4, we can lift Φ to an isomorphism ∼ = ˜ : R(a1 ) −→ Φ R(a2 ).

This complete the proof. We conclude the section with the following definition.

✷

5.2. EXAMPLES. SPLITTING RINGS

73

Definition 5.1.9 An element a ∈ S is said to be R-separable if a is a root of a basic irreducible polynomial in R[x].

5.2

Examples. Splitting Rings

In this section we want to provide a class of examples of Galois extensions of local rings. We define the splitting ring of a basic irreducible polynomial of R[x], which plays the same role as the splitting field of an irreducible polynomial of K[x] ([56] and [17] respectively). The basic idea it to describe the Galois group of a separable extension of a local ring in terms of suitable powers of primitive elements of the extension (see Theorem 4.2.7). Lemma 5.2.1 Let S be a Galois extension of R and ω ∈ S the primitive element such that S = R[ω]. We denote by ω = ω1 , ω 2 , . . . , ωn (where n = dimR S) the n distinct images of the element ω = ω1 under the automorphisms in GR (S). If g(ω) = 0, for g(x) ∈ R[x], then g(x) is a multiple, in R[x], of the polynomial f (x) = (x − ω1 ) · · · (x − ωn ) ∈ R[x]. Proof: Obviously, the element ωi − ωj ∈ S is an unit of S, for i 6= j. If g(ω) = 0, then g(ωj ) = 0, for each j ∈ {1, . . . , n}, since 0 = σj (g(ω)) = g(σj (ω)) = g(ωj ). We can determine a polynomial p1 (x) ∈ S[x] such that g(x) = (x − ω1 )p1 (x) and, since g(ω2 ) = 0 and ω2 − ω1 ∈ U (S), p1 (ω2 ) = 0. Similarly, there exists a polynomial p2 (x) ∈ S[x] such that p1 (x) = (x − ω2 )p2 (x) and p2 (ω3 ) = 0. At the last step g(x) = f (x)pn (x) with pn (x) ∈ S[x]. However, since g(x), f (x) ∈ R[x] and f (x) is monic, pn (x) ∈ R[x]. ✷ Lemma 5.2.2 Let S be a Galois extension of R and f (x) ∈ R[x] be a monic, basic irreducible polynomial. If ξ and η are roots of f (x) ∈ S, then a monic, basic irreducible polynomial g(x) ∈ R[x] exists for which ξ |K| and η |K| are roots. ( We have denoted by | K | the cardinality of the residue field of R, i.e. K = R/m).

74


Proof: We can always determine a monic, basic irreducible polynomial in R[x] such that g(ξ |K| ) = 0 and µ(g) = µ(f ) ∈ K[x] (it is sufficient to transform f (x) by the automorphism Ψ : S −→ S, such that Ψ(s) = s|K| , for all s ∈ S; it follows that 0 = Ψ(f (ξ)) = g(ξ |K| ) and µ(g(x)) = µ(f (x)) ∈ K[x], since a|K| = a in K). Consider the polynomial h(x) = g(x|K| ). Obviously, h(ξ) = 0, and by the previous lemma, f (x) must divide h(x) in R[x]. Also, h(η) = 0, i.e. η |K| is a root of g(x). ✷ Theorem 5.2.3 Let S be a Galois extension of R. There exists an element ω ∈ S, which is a primitive element over R, such that the Rautomorphism σ of S, given by σ : ω −→ ω |K| , is a generator of the Galois group of the extension, GR (S). Proof: Let f (x) ∈ R[x] be a monic, basic irreducible polynomial of degree n and let ω ∈ S be one of its roots. Set A = {g ∈ R[x] | g(x) monic and µ(g) = µ(f ) ∈ K[x]}, B = {θ ∈ S | θ is a root of some polynomial in A} and B j = {θj | θ ∈ B}, 2

for j ∈ IN . Obviously, B ⊇ B |K| ⊇ B |K| ⊇ . . .. Moreover, if ω = µ(ω) ∈ K, since µ(f (x)) = (x − ω)(x − ω |K| ) · . . . · (x − ω |K|

n−1

)

t

and each element of B is a pre-image of some ω |K| , 0 ≤ t ≤ n − 1, then each element of B is of the form t

ω |K| + c, where c ∈ M and 0 ≤ t ≤ n − 1. The fact that the ideal M is nilpotent implies there exists an exponent s ∈ IN for B, such that B s = B s+1 = B s+2 = ... and B s has cardinality exactly n. By raising each element of B s to the | K |-th power, we obtain a permutation of these elements. By the ”lifting” Theorem 5.1.4 and by Lemma 5.2.2, there exists an R-automorphism of S, say σ, such that σ(t) = t|K| , for t ∈ B s . The K-automorphisms induced in GK (K), which we denote by σ, σ 2 , . . . , σ n , are all distinct, since the map µ(t) −→ (µ(t))|K| generates GK (K). It follows that σ is a generator of GR (S).

✷


75

Definition 5.2.4 We say that a Galois extension S of a local ring R is the splitting ring for a basic irreducible polynomial f (x) ∈ R[x] if f (x) splits in linear factors in S[x] and S is generated, as an R-module, by the roots of f (x). We can summarize the various lemmas, corollaries and theorems proven in this and in the previous section, by stating the following theorem, which, in the literature, is known as the Galois Correspondence Theorem ([56] for rings and, for example, [7] in the field case). Theorem 5.2.5 Let S be a separable extension of R; then: (i) S is a Galois extension of R and, if f (x) ∈ R[x] is a monic, basic irreducible polynomial such that S ∼ = R[x]/(f (x)), then | GR (S) |= deg(f ); S is the splitting ring of f (x) over R and it is the unique Galois extension of R which has dimension, as an R-module, equal to deg(f ). (ii) The Galois group GR (S) is cyclic and isomorphic to GK (K); also, it is generated by σ : ω −→ ω |K| , for a suitable element ω ∈ S, which is primitive over R. (iii) There exists a bijection between the subfields of K which contain K and the R-separable subrings of S, which properly contain R; this bijection preserves both the subfield lattice and the subring lattice. If T is an R-separable extension and S is a T -separable extension, R ⊆ T ⊆ S, then S is R-separable and we have the following exact sequence of groups 1 −→ GR (T ) −→ GR (S) −→ GT (S) −→ 1. (iv) Given the chain of rings R ⊆ T ⊆ S such that R ⊆ S is a Galois extension, then R ⊆ T is a Galois extension if and only if GT (S) is a normal subgroup of GR (S). (v) S has a normal basis over R, i.e. there exists an element ω ∈ S such that {σ(ω) | σ ∈ GR (S)} is an R-free basis for S. Proof: We have only to prove (iv). We want to show that R ⊆ T is a Galois extension ⇐⇒ GT (S) ✁ GR (S). (Recall that H ✁ G means that H is a normal subgroup of the group G). ⇐) Let ϕGR (T )ϕ−1 = GR (T ), for all ϕ ∈ GR (S). By considering the ring ϕ(T ) ⊆ S, we have that Ψ ∈ Gϕ(T ) (S) iff Ψ(ϕ(t)) = ϕ(t), for each t ∈ T . Therefore, (ϕ−1 Ψϕ)(t) = t, for each t ∈ T , iff ϕ−1 Ψϕ ∈ GT (R), i.e. Ψ ∈ ϕGT (R)ϕ−1 . This means that ϕGT (S)ϕ−1 = Gϕ(T ) (S) and from the hypothesis GT (S) ✁ GR (S), it follows that GT (S) = Gϕ(T ) (S); thus T = ϕ(T ) , for all ϕ ∈ GR (S), so R ⊆ T is a Galois extension.

76


⇒) Let R ⊆ T be a Galois extension, thus ϕ(T ) = T, for all ϕ ∈ GR (T ). It follows that ϕ(T ) = T, for all ϕ ∈ GR (S). Moreover, ϕGT (S)ϕ−1 = Gϕ(T ) (S) and since ϕ(T ) = T , it follows that ϕGT (S)ϕ−1 = GT (S), for all ϕ ∈ GR (S), so GT (S)✁GR (S). Since each automorphism ϕ ∈ GR (S) induces an R-automorphism of T such that ϕ(T ) = T , we have the following epimorphism ρ : GR (S) −→ GR (T ) such that ρ(ϕ) = ϕ |T , for all ϕ ∈ GR (S), whose kernel is ker ρ = GT (S) ✁ GR (S). The Homomorphism Theorem guarantees that GR (S)/GT (S) ∼ = GR (T ). ✷ Example 5.2.6 Assume R = Z4 and f (x) = x3 + x + 1 ∈ R[x]. Set µ : Z4 −→ Z2 ∼ = F2 ; with abuse of notation, we always denote by µ the epimorphism extended to the polynomial rings µ : Z4 [x] −→ F2 [x]; then µ(f ) ∈ F2 [x] is an irreducible polynomial over F2 . It follows that f (x) is a monic, basic irreducible polynomial of Z4 [x] = R[x]. If we consider the quotient ring S = R[x]/(f (x)) = Z4 [x]/(x3 + x + 1), by Corollary 5.1.7, S is a Galois extension, thus a separable extension, of Z4 . Therefore S ∼ = Z4 [ξ], where ξ is a formal root such that ξ 3 = 3ξ + 3; consequently, S, as a Z4 -free module, has dimension three over R, i.e. dimR (S) = 3; indeed deg(f ) = 3. It follows that the order of the Galois group of the ring extension R ⊆ S is | GR (S) |= 3. Therefore, the Galois group is isomorphic to C3 , the cyclic group of order three; by the Galois Correspondence Theorem, there are no proper subrings of S which are separable extensions of R. Again with R = Z4 , take g(x) = x4 + x3 + x2 + x + 1 ∈ R[x]. This polynomial is an irreducible polynomial of R[x], therefore S = R[x]/(g(x)) is a Galois extension with Galois group, GR (S), isomorphic to the cyclic group of order four (this immediately follows from 2.3.5 and 5.1.5). We determine the following chain of separable extensions of R

77


R⊆T ⊆S

where T ∼ = R[x]/(h) and h(x) = x2 + x + 1 ∈ R[x] such that g(x) = 2 x h(x)+x+1. By the ”lifting” Theorem 5.1.4, it is possible to determine the R-algebra of automorphisms of S by starting from the Galois group GK (K). If ω is a root of g(x) in S, then g(x) = (x − ω)(x − ω 2 )(x − ω 3 )(x − [3ω 3 + 3ω 2 + 3ω + 3]). The set {1, ω, ω 2 , ω 3 } is an R-basis of S as an R-module. If we denote by σ a generator of the Galois group GR (S) ∼ = C4 , then σ(ω) σ 2 (ω) σ 3 (ω) σ 4 (ω)

= = = =

ω2 3ω 3 + 3ω 2 + 3ω + 3 ω3 ω.

The polynomial h(x) = (x − (ω 3 + ω 2 + 2))(x − (3ω 3 + 3ω 2 + 1)) determines the Galois extension of degree two of T over R; we observe that σ 2 (ω 3 + ω 2 + 2) = ω 3 + ω 2 + 2. 2

It follows that the ring T = R[ω 3 + ω 2 + 2] is the ring S , i.e. it is the subring of S fixed by the subgroup < σ 2 > of GR (S) ∼ =< σ >. Example 5.2.7 Let R = Z4 and S = R[θ] be such that the element θ is a root of the polynomial f (x) = x2 + x + 1 ∈ R[x]. It follows that GR (S) =< σ | σ 2 = id >, where σ(θ) = 3θ+3; moreover, σ(3θ+1) = θ+2 and, it is easy to check that, θ + 2 is not a power of the element 3θ + 1. The generator σ satisfies σ(θ) = 3θ + 3 = θ2 ; this implies that GR (S) is generated by an automorphism which maps a primitive element of S onto its square.

78


Chapter 6

GALOIS AND QUASI-GALOIS RINGS. STRUCTURE AND PROPERTIES In this chapter we firstly want to analyze the structure of Galois rings which are, in our terminology, Galois extensions of local rings of the form Zpn , where p is a prime and n a positive integer. The importance of such rings is mainly due to the following facts: 1. In some problems of Combinatorics one deals with finite fields and, at the same time, with local rings of the form Zpn ; the two objects obviously share very few properties. Galois rings constitute the common ”point of view” of these clearly so different families; 2. As already said in the previous chapters, Galois rings can be viewed as ”bricks” of all of Finite Commutative Algebra; indeed, in Section 3 of this chapter we will show that each finite, commutative ring can be considered as a suitable algebra over a fixed Galois ring. At the end of this chapter, we will focus on another class of finite, local rings. Such rings will be called Quasi-Galois rings since, as we shall show, the expressions of their elements are very similar to those of Galois ring elements. On the other hand, the properties of such rings are very different from those of Galois rings. In fact, it suffices to notice that the Galois ring GR(pn , r) is a finite, commutative, local ring of cardinality pnr and characteristic pn , whereas the Quasi-Galois ring A(pr , n) := Fpr [x]/(xn ) is a finite, commutative, local ring with the same cardinality but of characteristic p (p a prime), since it contains Fpr as a 79

80

CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

subring. Quasi-Galois rings are very interesting especially from the application point of view (e.g. Coding Theory or Finite Geometry) since they have the nicer property of having a prime characteristic.

6.1

Classical Constructions

This section is a survey of the main classical approaches to the study of Galois rings, which we will denote by GR(pn , r), where p is a prime and n, r are positive integers. Some trivial examples are the following: (i) if n = 1, we are considering the Galois extension of degree r of the field Zp ∼ = Fp ; hence, GR(p, r) = GF (pr ) = Fpr ; (ii) if r = 1, then GR(pn , 1) = Zpn . The existence of Galois rings was already known to Krull in 1924 [47] but it was only after more than fourth years that Janusz ([38], 1966) and Raghavendran ([63], 1969) independently rediscovered and studied the properties of such rings. By taking into account what we proved about Galois extensions of local rings, GR(pn , r) is isomorphic to the quotient ring Zpn [x]/(f (x)), where f (x) ∈ Zpn [x] is a monic, basic irreducible polynomial of degree r (see Def. 3.2.12, Theorem 4.3.1 and Theorem 5.1.6). These theorems also show that this construction is well-defined. Equivalently, if f (x) ∈ Z[x] is a monic polynomial, of degree r, which is irreducible modulo (p) = pZ, then GR(pn , r) ∼ = Z[x]/(pn , f (x)). This ring is local and its unique maximal ideal is the principal ideal pGR(pn , r). More precisely, we will observe in the next section that each ideal of this local ring is principal of the form (pi ) = pi GR(pn , r), with 0 ≤ i ≤ n. We can also give explicit representations of the elements of such a ring. By taking into account the notation and what we have proved in Theorem 1.4.4, let ξ be a root of the unique monic, basic irreducible polynomial hn (x) ∈ Zpn [x] related to the primitive polynomial h1 (x) ∈ Zp [x], which is used to construct the Galois field GF (pr ) ∼ = Zp [x]/(h1 (x)), r = deg(h1 (x)) (we remark that, in this context, the word ”primitive” is used in the sense of Definition 2.2.7). Since hn (x) divides xk − 1 in Zpn [x], then ξ k = 1, where k = pr − 1. Moreover, GR(pn , r) ∼ = Zpn [ξ] as a ring extension.

81

6.1. CLASSICAL CONSTRUCTIONS

There are two canonical ways for representing its elements; in the first one, each z ∈ GR(pn , r) can be written as z=

k−1 X j=0

v j ξ j , v j ∈ Zp n .

In the other representation, each element z has the p-adic expansion z = z0 + pz1 + . . . + pn−1 zn−1 , where each zi belongs to the set Tr := {0, 1, ξ, . . . , ξ p

r −2

},

(6.1)

called the Teichm¨ uller set of the given Galois ring. As we will prove later on (see Prop. 6.2.5), the units in GR(pn , r) contain a cyclic group of order pr − 1. Such a ξ is a generator of this cyclic group; moreover, if we consider the epimorphism µ ˜

Zpn [x]/(hn (x)) −→ Zp [x]/(h1 (x)),

then µ ˜(ξ) = α where α is a primitive element in the finite field GF (pr ), i.e. a primitive root of h1 (x). Thus, µ ˜(Tr ) = GF (pr ). What we have proved up to now guarantees the existence and uniqueness (up to isomorphism) of Galois rings. All we have to do is to understand the structure of these rings, their subrings, their ideals and so on. This is dealt with in [56]. Before doing this, it is very important to recall some classical approaches to the theory of such rings. In 1966 Janusz, [38], introduced Galois rings as particular cases of separable algebras over a Dedekind domain. Let R be an integral domain and K = Q(R) its quotient field (i.e. the field of fractions of R). A fractional ideal J is a non-zero additive subgroup of K such that RJ ⊂ J and there exists an element c ∈ R \ {0} such that cJ ⊂ R. R is said to be a Dedekind domain if the fractional ideals form a group with respect to the ideal multiplication. As proved in many books of Algebraic Number Theory (see, for example, [59]), the ring of algebraic integers in a number field is a Dedekind domain. We are now able to state the following Proposition 6.1.1 ([38], page 476) Let R be a Dedekind domain with maximal ideal P such that R/P is finite. Let A = R/P k , for some positive integer k. Then, for each positive integer r, there is only one (up to isomorphism) strongly separable A-algebra without proper idempotents (i.e. idempotents different from 0 and 1) and of rank r over A.

82


Given a ring R, Janusz defines an R-algebra S to be strongly separable if it is finitely generated, separable and projective as an Rmodule. (We recall that, if A is a commutative ring, an A-module P is said to be projective if the functor HomA (P , · ) is rightexact, i.e. for each surjective morphism of A-modules M1 → M2 → 0, HomA (P , M1 ) → HomA (P , M2 ) → 0 holds). Therefore, in the special case of R = Z and P = (p), p a prime, the previous proposition shows there is no ambiguity in the notation GR(pn , r) for a strongly separable Z/(pn )-algebra of rank r, having no proper idempotents. Janusz also remarks that such rings can be abstractly characterized as the only rings (without proper idempotents) that are of prime power characteristic and are separable over the subring generated by the identity element. Moreover, for every fixed r, there is a natural projection πn : GR(pn , r) −→ GR(pn−1 , r), for each n, having kernel pn−1 GR(pn , r). If we fix r, the collection {GR(pn , r), πn }n∈IN , has particular properties in terms of inverse systems and projective limits; more precisely, one can show that, for r = 1, Dp (1) := projlim{GR(pn , 1), πn } = projlim{Zpn , πn } is the ring of padic integers and Dp (r) is the unique strongly separable extension of Dp (1) with no proper idempotents and with rank r over Dp (1). All this is quite beyond the scope of this book, therefore, without going too deep into details, we refer the reader to [38], [53] and [71]. What is important is to observe how strong is the relationship between Galois rings and p-adic integers. Another important paper about Galois rings was published three years later by Raghavendran [63]. In this article he treats the more general problem of determining the structure of prime power rings, i.e. rings whose orders are prime powers. A particular case is given by R, a finite, associative ring (not necessarily commutative), with a multiplicative identity 1 6= 0, such that its zero-divisors form an additive group J. In this case, from a general result due to Ganesan [25], it follows that J is an ideal in R; more precisely, J coincides with the Jacobson radical of R (see (1.2)), being the unique maximal left ideal in R. Since each element of R, not in J, has an inverse, R/J is a division ring (or a skew-field, see after Example 2.3.7). Now we have the following fundamental Theorem 6.1.2 Let R be a finite ring (not necessarily commutative) with a multiplicative identity 1 6= 0 whose zero-divisors form an additive group J. Then


83

(i) J is the Jacobson radical of R; (ii) | R |= pnr and | J |= p(n−1)r , for some prime p and some positive integers r and n; (iii) J n = (0); (iv) the characteristic of the ring R is pk for some integer 1 ≤ k ≤ n; and (v) if the characteristic is pn , then R will be commutative. Proof: As we observed before, (i) immediately follows from Ganesan’s result [25]. Since R/J is a finite division ring, from Wedderburn’s Theorem (see Theorem 2.3.8) it follows that R/J is the finite field GF (q), where q = pr , r a positive integer and p a prime which coincides with the characteristic of this finite field. If 1 denotes the multiplicative identity in R, the element p · 1 belongs to the nilideal J; this means that the additive order of 1 in R is pk , for some positive integer k. Therefore, | R |= pN and | J |= pN −r , for some positive integer N strictly greater than r. To completely prove (ii), we only have to show that r divides N . For this purpose, choose an element g1 in R such that the coset (g1 + J) is a cyclic generator of the multiplicative group of the field R/J (see Theorem 2.1.3). Since the units in R form a multiplicative group U (R) of order (pr − 1)pN −r (as we have observed in the proof of Proposition 1.3.1(2.)), the multiplicative s order of g1 is (pr − 1)ps , for some integer s ≥ 0. Write g = g1p ; g is an element of U (R) with multiplicative order pr − 1; moreover, if α, β are integers such that g α − g β ∈ J then g α = g β , since g + J is a cyclic generator of U (R/J). We now introduce an equivalence relation on the elements of R by x ∼ y if and only if x = g α y, for a non-negative integer α. For any non-zero element x ∈ R, the equation gαx = gβ x implies that g α −g β ∈ J, i.e. g α = g β ; thus, the pN −1 non-zero elements of R split into equivalence classes each containing exactly pr −1 elements. It follows that (pr − 1) | (pN − 1), i.e. r | N . We also observe that the number of elements in any left ideal of R is a power of pr ; so we obtain a strictly descending sequence J ⊃ J2 ⊃ J3 ⊃ · · · such that J n = (0). This immediately proves (iii) and (iv).

84

CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS Consider now the set F1 := {0, g k | 1 ≤ k ≤ pr − 1}.

If a, b ∈ F1 are elements such that a − b ∈ J, then a = b. Therefore, if we assume that the characteristic of R is pn , by induction on k, we can P Pn−1 k k show that, for elements ak , bk ∈ F1 , n−1 k=0 p ak = k=0 p bk implies that n−1 p (ak − bk ) = 0, so ak = bk , for each k ∈ {0, . . . , n − 1}. This shows P k that each element of R can be uniquely written in the form n−1 k=0 p ak , with ak in F1 , so that R will be commutative. ✷ The next corollary describes other important properties of such rings; before stating it, we recall a standard definition of Group Theory. Definition 6.1.3 Let G be a group. The commutator of an ordered pair (g1 , g2 ) of elements of G is the element [g1 , g2 ] := g1−1 g2−1 g1 g2 ∈ G. The subgroup of G which is generated by all commutators is usually denoted by G′ = [G, G] and called the derived group (or commutator subgroup) of G. More generally, one can recursively define the nth − derived group as G(n) = (G(n−1) )′ = [G(n−1) , G(n−1) ]. Therefore, one determines a descending chain of normal subgroups G = G(0) ✄ G(1) ✄ G(2) ✄ · · · , such that G(i) /G(i+1) is an abelian group, for each i ≥ 0. If G is a finite group, this chain must terminate after a finite number of steps. This chain is called the derived series of G if the last subgroup, say G(n) , is equal to {1} and, in such case, G is said to be a solvable group (for more details see, for example, [32] or [65]). Now, we can state the following Corollary 6.1.4 Let R be a ring as in Theorem 6.1.2; then: (i) any subring R1 is again a ring of the same type; (ii) any homomorphic image R2 6= (0) of R is again a ring of same type; (iii) the multiplicative group U (R) is a solvable group.


85

Proof: (i) If x is any element of R, there exists a positive integer m such that xm equals 0 or 1, according to the fact that x does or does not belong to the nilideal J. Thus, an element x of the subring R1 ⊂ R will be a unit (a zero-divisor resp.) in R1 if and only if it is invertible (a zero-divisor resp.) in the whole ring R, so that the ideal J1 of all the zero-divisors in R1 is J ∩ R1 . Therefore, if p1 , n1 and r1 refer to the subring R1 , we have p1 = p and r1 is a factor of r, since U (R1 ) < U (R). Of course, the characteristic of R1 is the same as that of R. (ii) Let K be the kernel of a non-trivial homomorphism of R; this means that K is a nilideal in R. Now, an element x in R is a unit if and only if the relative coset x+K is invertible in the quotient ring R2 = R/K. If J2 , p2 , r2 and n2 refer to the quotient ring, we see that p2 = p, r2 = r (since | K | is a power of pr ), n2 ≤ n and J n2 ⊆ K. In the case J n−1 6= (0), we have J n2 = K, thus we can conclude there exist at least n − 1 non-trivial homomorphisms on a ring of the type considered. (iii) Since the quotient ring R/J is commutative, [a, b] = a−1 b−1 ab ∈ {1 + J} for each a, b ∈ U (R). Observe that {1+J} is a multiplicative subgroup of U (R) whose order is a prime power, i.e. a p-group. By elementary Finite Group Theory [65], a p-group is a nilpotent group, thus, in particular, it is solvable. Therefore the first commutator subgroup of U (R) is a solvable group, being a subgroup of a nilpotent one. So U (R) is solvable. ✷ Corollary 6.1.5 Let G1 be the cyclic group of order pr − 1 generated by the element g introduced in the proof of Theorem 6.1.2 (ii). If G2 is any subgroup of order pr − 1 in U (R), then G1 and G2 are conjugate in U (R). Proof: This follows from P. Hall’s Theorem (see [65], page 284) which states that if G is a solvable group of order mn such that g.c.d.(m, n) = 1, then 1. there exists a subgroup of order m; 2. two distinct subgroups of order m are conjugate in G. In our case [U (R) : G1 ] = pr(h−1) , where hr = N , and this index is relatively prime to the order of G1 . ✷ Proposition 6.1.6 Let R be a ring as in Theorem 6.1.2, then R contains a subfield of order pr if and only if the characteristic of R is p.

86


Moreover, if F1 , F2 are two subfields of order pr in R, then there is a unit a in R s.t. a−1 F1 a = F2 . Proof: The set F1 = {0, g k | 1 ≤ k ≤ pr − 1}, introduced in Theorem 6.1.2, is the ”natural candidate” of our statement. The necessity of the condition on the characteristic of R is already stated in the Remark after 1.1.3; assume now that the characteristic of R is p and consider two distinct elements a, b of F1 so that a − b ∈ U (R). If R1 is the subring of R generated by the elements of F1 , we see that G1 (as in 6.1.5) is the unique subgroup of order pr − 1 in the abelian group U (R1 ). As (a − b)q = aq − bq = a − b and so (a − b)q−1 = 1, where q = pr , we see that a − b ∈ G1 < U (F1 ). The second statement follows from the result in 6.1.5. ✷ n Recall that, if R is as in Theorem 6.1.2 (v), i.e. char(R) = p , then it must be a commutative ring. It is easy to observe that, when n = 1, R reduces to the Galois field GF (pr ), whereas, when r = 1, R is isomorphic to Zpn . Raghavendran introduces the Galois ring GR(pn , r) (as we did in Section 1.4) by considering a monic polynomial f (x) ∈ Z[x] of degree r, which is irreducible modulo p, such that the quotient ring R = Z[x]/(pn , f (x)) has order pnr and charactestic pn . Since such a ring contains exactly pr(n−1) zero-divisors which form an additive group, it is a particular case of Theorem 6.1.2. With a little more work, he also proves that any ring of the type considered in Theorem 6.1.2(v) is isomorphic to the ring Z[x]/(pn , f (x)), for suitable values of p, r, n and f (x) ∈ Z[x] an arbitrary monic polynomial of degree r, irreducible modulo p. Therefore, one can immediately deduce many properties of Galois rings. Proposition 6.1.7 Let GR(pn , r) be a Galois ring, where p is a prime and n, r are positive integers. Then: a) Every subring is of the form GR(pn , s) for some divisor s of r. Conversely, for every positive divisor s of r there exists a unique subring of R which is isomorphic to GR(pn , s). b) The automorphisms of the ring GR(pn , r) form a cyclic group of order r. c) Any homomorphic image (6= (0)) of GR(pn , r) is a ring of the form GR(pm , r) for some integer 1 ≤ m ≤ n. Conversely, for each integer 1 ≤ m ≤ n there are exactly r homomorphisms of GR(pn , r) onto GR(pm , r).


87

d) Let G be the multiplicative group of units in GR(pn , r). Then G is a direct product of a cyclic group G1 of order pr − 1 and a group G2 of order pr(n−1) , whose structure is described below. 1. If p is odd or p = 2 and n ≤ 2, then G2 is the direct product of r cyclic groups each of order pn−1 ; 2. when p = 2 and n ≥ 3, the group G2 is the direct product of a cyclic group of order 2, a cyclic group of order 2n−2 and (r − 1) cyclic groups each of order 2n−1 . We do not prove here these statements by following Raghavendran’s method, since they will be proved in Section 6.2. We only want to point out that Raghavendran proves such properties by using the approach of Theorem 6.1.2 and of its corollaries. The reader is referred to the original article [63]. There is another important construction of Galois rings, which is based on an ingenious definition of a suitable F-algebra of vectors, defined by any commutative ring F of characteristic p. Such vectors are known, in the literature, as Witt vectors (see, for example, [37], vol. II page 501). Consider A = Q[xi , yj , zk ] the polynomial ring in 3m indeterminates xi , yj , zk , 0 ≤ i, j, k ≤ m − 1, over the field of the rational numbers. Let A(m) be the set of m-tuples (a0 , . . . , am−1 ), ai ∈ A, with the usual definition of equality and with componentwise addition and multiplication, which will be denoted by ⊕ and ⊙ respectively. Let p be a prime number and let a = (a0 , . . . , am−1 ) . We can define a map φ : A(m) −→ A(m) , such that aφ = (a(0) , a(1) , . . . , a(m−1) ), where

ν

a(ν) = ap0 + pa1p

ν−1

+ . . . + pν aν , 0 ≤ ν ≤ m − 1.

(6.2)

These are called the ghost components of a. Note that (0, . . . , 0)φ = (0, . . . , 0) and (1, 0, . . . , 0)φ = (1, . . . , 1) = u, where u is the unit in A(m) . We also introduce the map P : A(m) −→ A(m) such that P : a → ap = (ap0 , . . . , apm−1 ). Thus, (6.2) gives a(0) = a0 , a(ν) = (aP )(ν−1) + pν aν , ν ≥ 1.

88


Next, define a map ψ such that (a(0) , a(1) , . . . , a(m−1) )ψ = (a0 , a1 , . . . , am−1 ), where, a0 = a(0) , aν =

ν ν−1 1 (ν) (a − ap0 − pa1p − . . . − pν−1 aν−1 , ν ≥ 1. ν p

It is easy to check that φ ◦ ψ = ψ ◦ φ = idA(m) , which shows that φ is injective and onto with ψ as its inverse. We shall now use φ and ψ to define a new ring structure on A(m) . We put −1 a + b := (aφ ⊕ bφ )φ , −1

ab := (aφ ⊙ bφ )φ ,

respectively. We denote by Am the new ring, so that Am and A(m) coincide as sets and φ is an isomorphism; thus Am is commutative and such that (0, . . . , 0) and (1, 0, . . . , 0) are the zero and the identity element of the ring, respectively. We can easily determine the formulas for x + y, xy and x − y for arbitrary vectors x, y ∈ Am . In general, if ⋆ denotes any one of the operations +, ·, − in Am , then it is clear from the definitions that the ν-th component (x⋆y)ν of x⋆y is a polynomial in x0 , . . . , xν , y0 , . . . , yν , with rational coefficients and 0 constant term. For example, we have 1 p−1 p Σi=1

(x + y)0 = x0 + y0

(x + y)1 = x1 + y1 −

(xy)0 = x0 y0

(xy)1 = xp0 y1 + x1 y0p + px1 y1

p i

!

xi0 y0p−i

The first basic result of this theory is that (x ⋆ y)ν is a polynomial (with 0 constant term) in Z[x0 , . . . , xν , y0 , . . . , yν ], for each 0 ≤ ν ≤ m − 1 (see Theorem 8.25 in [37], vol. II, page 504). It is convenient to write such polynomials as (x + y)ν := sν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ], (xy)ν := mν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ], (x − y)ν := dν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ]. Let η be a Q-endomorphism of the algebra A. Suppose that xην = aν , yνη = bν ;

(6.3)


89

then, (x(ν) )η = a(ν) , (y (ν) )η = b(ν) , ((x + y)(ν) )η = (x(ν) )η + (y (ν) )η = a(ν) + b(ν) and ((x + y)ν )η = (a + b)ν . Hence, by (6.3), (a + b)ν = sν (a0 , . . . , aν , b0 , . . . , bν ), (ab)ν = mν (a0 , . . . , aν , b0 , . . . , bν ), (a − b)ν = dν (a0 , . . . , aν , b0 , . . . , bν ). Since there exists a Q-endomorphism of A mapping the xν ’s and yν ’s into arbitrary elements of A, the foregoing formulas hold for arbitrary elements a, b ∈ Am . Now, we can define the ring of Witt vectors for a finite field F = GF (pn ); (more generally, one can define it for an arbitrary commutative ring R with characteristic p). Given a positive integer k, denote by Wk (F) the ring (Fk , +, ·) such that (a + b) := (s0 (a, b), . . . , sk−1 (a, b)), ab := (m0 (a, b), . . . , mk−1 (a, b0)), for every a, b ∈ Fk , where sν (a, b) = sν (a0 , . . . , ak−1 , b0 , . . . , bk−1 ), mν (a, b) = mν (a0 , . . . , ak−1 , b0 , . . . , bk−1 ), 0 ≤ ν ≤ m − 1, and where sν (a, b), mν (a, b) are the images in F of sν (x0 , . . . , yν ) and mν (x0 , . . . , yν ), respectively, under the homomorphism of Z[xi , yj ] into F such that x i → a i , y i → bi for 0 ≤ i ≤ k − 1. We also put 0 = (0, . . . , 0) and 1 = (1, 0, . . . , 0) in Wk (F). Theorem 6.1.8 (see [37], vol II, Theorem 8.26) (Wk (F), + , ·, 0 , 1) is a commutative ring.

90


Wk (F) is called the ring of Witt vectors of length k over F and it can be shown ([37], vol. II, from page 505) that Wk (F) is a finite, commutative ring of characteristic pk . Observe that there is a sequence of projections (i.e. reductions modulo pi , i ≥ 1), such that · · · → W3 (F) → W2 (F) → W1 (F) ∼ = F, where each Wi (F) is isomorphic to the Galois ring GR(pi , n). The Witt vectors of the form u(x) = (x, 0, . . . , 0), x ∈ F determine a multiplicative monoid, isomorphic to (F, ·), which corresponds to the Teichm¨ uller set Ti of the Galois ring GR(pi , n) (see (6.1)). Therefore, Witt vector theory allows to give a further definition of Galois rings.

6.2

Galois Ring Properties

In this section we want to investigate the fundamental properties of Galois rings by using what we observed in the previous chapters. Recall that, by definition, GR(pn , r) = Zpn [ξ] = Zpn [x]/(G(p,r) (x)), where ξ is a formal root of the monic, basic irreducible polynomial G(p,r) (x) ∈ Zpn [x], determined by the integral version of Hensel’s lemma (see 1.4.3) from a primitive polynomial g(p,r) (x) ∈ Zp [x] of degree r (in the sense of Definition 2.2.7), such that Fpr = GF (pr ) = Fp [x]/(g(p,r) (x)) ∼ = Zp (θ), with g(p,r) (θ) = 0 and g(p,r) (x) ≡ G(p,r) (x) (mod p). Thus, the polynomial G(p,r) (x) is linked to g(p,r) (x) by the epimorphism (1.9) (see Section 1.4) µ : Zpn [x] −→ Zp [x], i.e. µ(G(p,r) (x)) = g(p,r) (x) ∈ Zp [x]. As already observed in Section 1.4, Hensel’s lemma reduces to simple calculations if g(p,r) (x) ∈ Zp [x] is monic, irreducible of the form g(p,r) (x) = xr + ar−1 xr−1 + · · · + a0 .

6.2. GALOIS RING PROPERTIES

91

Indeed, in such a case, we have G(p,r) (x) = xr +(pn −p+ar−1 )xr−1 +· · ·+ (pn − p + a0 ) ∈ Zpn [x] (note that, since each aj ∈ Zp , j ∈ {0, . . . , r − 1}, pn − p + aj < pn as a positive integer; so it makes sense to consider G(p,r) (x) ∈ Zpn [x]). Such a polynomial generates a proper ideal in Zpn [x], since the element µ(G(p,r) (x)) = g(p,r) (x) ∈ Zp [x] is not a unit in the Euclidean domain (cf. Proposition 3.2.2). Explicitly, we have r−1 X

GR(pn , r) := {

j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

(6.4)

with G(p,r) (ξ) = 0. This ring is a finite, local ring (its cardinality is (pn )r = pnr ), with maximal ideal pGR(pn , r) and residue field given by GR(pn , r)/pGR(pn , r) ∼ = Fpr . Note that the elements in the maximal ideal can be uniquely written as pGR(pn , r) := {p

r−1 X j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

with G(p,r) (ξ) = 0; more precisely, r−1 X

pGR(pn , r) = {

j=0

bj ξ j | bj ∈ pZpn , 0 ≤ j ≤ r − 1},

(6.5)

where G(p,r) (ξ) = 0 and where pZpn ⊂ Zpn is the maximal ideal of the local ring of the integers modulo pn . Therefore, the ideal pGR(pn , r) has cardinality equal to (p(n−1) )r = pr(n−1) . Example 6.2.1 Take the ring Z8 . In this situation, p = 2 and n = 3, and assume r = 3. Recall that F8 ∼ = Z2 [x]/(x3 + x + 1) = {a + bζ + cζ 2 | a, b, c ∈ F2 }, where ζ 3 = ζ + 1, i.e. F8 = {0, 1, ζ, ζ 2 , 1 + ζ, 1 + ζ 2 , ζ + ζ 2 , 1 + ζ + ζ 2 }. The polynomial g(2,3) (x) = x3 + x + 1 ∈ Z2 [x] is the primitive polynomial used for the field extension F2 ⊂ F8 (see Definition 2.2.7). By Hensel’s lemma, G(2,3) = x3 + (8 − 2 + 0)x2 + (8 − 2 + 1)x + (8 − 2 + 1) = x3 + 6x2 + 7x + 7 ∈ Z8 [x]. This monic, basic irreducible polynomial determines a proper ideal in Z8 [x] (in fact, this polynomial has the form

92


b3 x3 + b2 x2 + b1 x + b0 , with b3 = 1 and b1 = 7 which are not nilpotent elements in Z8 , see Proposition 3.2.2.) We now describe the ring GR(8, 3) as GR(8, 3) = {b0 + b1 ξ + b2 ξ 2 | bi ∈ Z8 }, where ξ is a formal root of G(2,3) (x) ∈ Z8 [x], i.e. ξ 3 = 2ξ 2 + ξ + 1; therefore, | GR(8, 3) |= 83 = 512. The maximal ideal M in Z8 is 2Z8 = {0, 2, 4, 6}. We have the following exact sequence π

0 −→ M −→ Z8 −→ Z2 −→ 0 . The epimorphism π extends to the polynomial ring morphism µ from Z8 [x] to Z2 [x]. The ideal (M, x3 + 6x2 + 7x + 7) ⊂ Z8 [x] is a proper ideal and Z8 [x]/(M, x3 + 6x2 + 7x + 7) ∼ = Z2 [x]/(x3 + x + 1) ∼ = F8 , since µ(x3 + 6x2 + 7x + 7) = x3 + x + 1. Next, consider the induced map µ ˜ : GR(8, 3) ∼ = F8 ; = Z8 [x]/(x3 + 6x2 + 7x + 7) −→ Z2 [x]/(x3 + x + 1) ∼ the kernel of this epimorphism is 2GR(8, 3) and coincides with the maximal ideal of GR(8, 3) that is the image of the maximal ideal 2Z8 ⊂ Z8 under the inclusion Z8 ֒→ GR(8, 3). The elements of this kernel are of the form 2GR(8, 3) = {2(b0 + b1 ξ + b2 ξ 2 ) | b0 , b1 , b2 ∈ Z8 }, with ξ 3 = 2ξ 2 + ξ + 1. Clearly, | 2GR(8, 3) |= 43 = 64, since the coefficients 2b0 , 2b1 , 2b2 ∈ M = 2Z8 . Therefore, we can write 2GR(8, 3) = {λ0 + λ1 ξ + λ2 ξ 2 | λi ∈ M, 0 ≤ i ≤ 2}, again with ξ 3 = 2ξ 2 + ξ + 1. We now describe the basic properties of the Galois ring GR(pn , r), for each prime p and any positive integers n, r. We already know that GR(pn , r) is a finite, commutative, local ring with maximal ideal


93

pGR(pn , r). This also implies that such a ring is principal, since each ideal is of the form Ik := pk GR(pn , r), 1 ≤ k ≤ n − 1.

(6.6)

This is an easy consequence of the definition of GR(pn , r) and the fact that the ideals in the ring Zpn form the chain pZpn ⊃ p2 Zpn ⊃ . . . ⊃ pn−1 Zpn ⊃ (0). Moreover, this immediately proves what is stated in Proposition 6.1.7(c). Proposition 6.2.2 Let p be a prime and n, r two positive integers. Each non-zero element y in GR(pn , r) may be written as y = upt , where u is a unit and 0 ≤ t ≤ n − 1. In this representation, the integer t is uniquely determined, whereas u is unique modulo (pn−t ). Proof: It is obvious that if y is a unit, then t = 0; on the other hand, if y is nilpotent, it belongs to an ideal Ik of the form as in (6.6). Therefore t is unique. Now, since t is uniquely determined, if we suppose y = upt = xpt , for some x, u ∈ U (GR(pn , r)), then (x − u)pt = 0. This means that x − u ∈ In−t , i.e. x = u + λpn−t , for some λ ∈ U (GR(pn , r)). ✷ Proposition 6.2.3 Every subring of GR(pn , r) is a Galois ring of the form GR(pn , s), where s divides r. Conversely, if s divides r, then GR(pn , r) contains a unique copy of GR(pn , s). Proof: First, suppose GR(pn , s) ⊂ GR(pn , r), for a prime p and some positive integers n, r, s such that s < r. If y ∈ GR(pn , r), there exists a positive integer k such that y k equals either 0 or 1, according to the fact that y is either nilpotent or a unit in GR(pn , r). Therefore, an element of GR(pn , s) is nilpotent (invertible) in GR(pn , s) if and only if it is in GR(pn , r). This implies that pGR(pn , s) = GR(pn , s) ∩ pGR(pn , r), i.e. the finite local ring extension GR(pn , s) ⊂ GR(pn , r) is unramified, i.e. this extension is separable, which implies that the residue fields K =

94


Fps and K = Fpr , respectively, determine the separable field extension K ⊂ K (see Theorem 4.2.5). Theorem 2.3.1 ensures that Fps is a subfield of Fpr if and only if s divides r. Conversely, by Theorem 5.2.5(iii), there is a bijection between the subfields of Fpr which contain Fp and the Zpn -separable subrings of GR(pn , r). Moreover, such a bijection preserves both the subfield lattice and the subring lattice. This implies that, if H is a subring of GR(pn , r) of cardinality pns , s divides r, then Zpn ⊂ H ⊂ GR(pn , r). So H is a Zpn -separable extension which is contained in GR(pn , r). Moreover, there is a unique copy of such a subring determined by its order. We only have to show that H ∼ = GR(pn , s). This immediately follows from the fact that, given s a divisor of r, the ring GR(pn , s) is always a subring of GR(pn , r) of order pns . ✷ For the next result we want to show, we need the following technical lemma. Lemma 6.2.4 Let p be an odd prime and at , bt , ct be the coefficients of xt in the polynomial expansions of (1 + px)N , (1 + 2x)N and (1 + 4x)N , respectively. Then: (a) If pα | N , then pα+1 | a1 and pα+2 | at , for all t ≥ 2. (b) If 2α | N , then 2α+1 | bt , for t = 1, 2 and 2α+2 | bt , for t ≥ 3. (c) If 2α | N , then 2α+2 | c1 and 2α+3 | ct , for t ≥ 2. (d) 4 | bt , for all t ≥ 2. α

Proof: Suppose that N = pα h; so, (1 + px)N = ((1 + px)p )h . Next, the Newton binomial formula: n

(x + y) =

n X

k=0

in our case gives α

n k

!

xn−k y k ,

(1 + px)p = 1 + pα+1 x + pα+2 (

pα − 1 2 )x + · · · . 2

Therefore, pα+1 surely divides a1 and pα+2 divides all the other coefficients of this expansion. So (a) follows. To prove (b), we use the same procedure, but in this case we get α

(1 + 2x)2 = 1 + 2α+1 x + 2α+1 (2α − 1)x2 + 2α+2 (

22α − 3 · 2α + 1 3 )x + · · · , 3

i.e. 2α+1 | b1 , b2 and 2α+2 | bt , for t ≥ 3. (c) obviously follows from the fact that 4x = 22 x. For (d), we simply have to apply the binomial formula

95


N

=

N t

!

(1 + 2x) Therefore, bt =

N X t=0

N t

!

t

(2x) =

N X t=0

N t

!

2t x t .

2t and also this last assertion immediately fol-

lows. Now, we are able to prove the following

✷

Proposition 6.2.5 Let R = GR(pn , r), p a prime and n, r positive integers. Then, the units of the Galois ring form a group U (R) ∼ = G1 × G 2 , where (a) G1 is a cyclic group of order pr − 1; (b) G2 is a group of order pr(n−1) such that: 1. if p is odd or if p = 2 and n ≤ 2, then G2 is a direct product of r cyclic groups each of order pn−1 ; 2. if p = 2 and n ≥ 3, then G2 is a direct product of a cyclic group of order 2, a cyclic group of order 2n−2 and (r − 1) cyclic groups of order 2n−1 . Proof: The trivial cases n = 1 or r = 1 can be easily proved. In fact, if n = 1, GR(p, r) = Fpr and we get the statement from Theorem 2.1.3. Next, if r = 1, GR(pn , 1) = Zpn . In such a case, we know that an element u ∈ Zpn , written as in (1.4), is a unit if and only if u0 6= 0 (see Proposition 1.4.1); whereas the ideal pZpn coincides with the set of all the non-units in Zpn . Therefore, | U (Zpn ) |= pn −pn−1 = pn−1 (p−1) = Φ(pn ), where Φ is the Euler function (see Section 3.1). Since U (Zpn ) is an abelian group, it follows that there is a subgroup, say G1 , of order p − 1 and a subgroup G2 of order pn−1 such that G1 ∩ G2 = {1}, because of their orders. If p = 2 and n = 1, then GR(2, 1) = Z2 , so U (Z2 ) = {1}. If p = 2 and n = 2, then GR(4, 1) = Z4 and U (Z4 ) is isomorphic to the cyclic group C2 . If p = 2 and n ≥ 3, GR(2n , 1) = Z2n and | U (Z2n ) |= 2n−1 , therefore, U (Z2n ) is an abelian 2-group. We already know that, in general, such group is not cyclic; in fact, at the beginning of this section, we computed, for example, that U (Z8 ) ∼ = C2 × C2 . So, for n = 3, we get the statement. This is a consequence of a more general result; in fact, one can prove that the element 5 ∈ Z2n , viewed as an element of the group U (Z2n ), has

96


order 2n−2 if n ≥ 3 (see [59]). First of all, we can deduce, by induction on n, that (as integers) 52

n−2

= 1 + k2n

(6.7)

for some odd integer k. In fact, in the case n = 3, we get k = 3. It follows that 52

n−1

= (1 + k2n )2 = 1 + s2n+1 ,

where s = k + k 2 2n−1 is also an odd integer. Thus (6.7) holds for each n ≥ 3. Moreover, (6.7) implies that the order of 5 in the group U (Z2n ) is a divisor of 2n−2 . Now, if in (6.7) n is replaced by n − 1, the order of 5 in U (Z2n ) is not 2n−3 , since k is odd. Hence the order of this element is exactly 2n−2 . We can consider the set of integers S = {±5, ±52 , ±53 , . . . , ±52

n−2

}.

The positive (negative) integers are pairwise incongruent modulo 2n by the above; moreover, 5r ≡ −5s mod 2n ≡ (2n − 5s ) mod 2n is impossible for any positive integers r and s. In fact, by assuming r ≥ s and since g.c.d.(2, 5) = 1, we can divide this congruence by 5s , to get 5r−s ≡ −1 mod 4. This is impossible, since 5t ≡ 1 mod 4 for all integers t ≥ 0. Finally, we note that S can be represented as the direct product {1, −1} × {5, 52 , 53 , . . . , 52

n−2

}.

This is obviously isomorphic to the abelian group C2 × C2n−2 . Thus, the statement is true also in the case p = 2, r = 1 and n ≥ 3. It remains to treat the case when p is an odd prime, r = 1 and n ≥ 2. We shall show that in Zpn we can always find an element of order exactly pn − pn−1 and not less. In such a case, since pn − pn−1 = pn−1 (p − 1), with p and p − 1 obviously relatively prime, U (Zpn ) will be isomorphic to the direct product of a cyclic group Cp−1 and a cyclic group Cpn−1 . To show that there is such an element, we consider an integer a < p such that ap−1 ≡ 1 mod p, i.e. ap−1 = 1 + kp, for some k. We want to construct an element b ∈ Zpn of order exactly pn − pn−1 . If g.c.d.(k, p) = 1, choose b = a. If p | k, then ap−1 ≡ 1 mod p2 and so we define b = a + p. Using the binomial formula, we get bp−1 ≡ (a + p)p−1 ≡ ap−1 + p(p − 1)ap−2 ≡ 1 + p(p − 1)ap−2 mod p2 .


97

With either definition of b, we have bp−1 = 1 + pn1 for some integer n1 such that g.c.d.(p, n1 ) = 1. Obviously, bp−1 ≡ 1 mod p. Raising the previous congruence to the pth power, yields bp(p−1) ≡ (1 + pn1 )p ≡ 1 + p2 n1 mod p3 , and hence we can write bp(p−1) = 1 + p2 n2 , where p does not divide n2 . By recursively applying such a congruence, we can conclude in the same j−1 way that bp (p−1) = 1 + pj nj , j ≥ 3, with g.c.d.(p, nj ) = 1. Let h be the smallest integer such that bh ≡ 1 mod pn ; we want to prove that h = Φ(pn ), where Φ is the Euler function. Such an h is, a priori, a divisor of pn−1 (p − 1), so that h can be written as h = ps d, where s ≤ n − 1 and d divides p − 1. It follows that bp

s (p−1)

≡ 1 mod pn and 1 + ps+1 ns+1 ≡ 1 mod pn .

This implies s + 1 ≥ n, so s = n − 1. Also, bh ≡ 1 mod pn implies bh ≡ 1 mod p. From this and the fact that bp ≡ b mod p, it follows that bh ≡ bp

sd

≡ bd ≡ 1 mod p,

therefore d = p − 1. All the trivial cases are proved. Thus, suppose n, r ≥ 2. Let R denote the Galois ring GR(pn , r) and K its residue field R/pR. The natural ring epimorphism µ : R −→ K obviously induces a group epimorphism, which we shall continue to denote by µ, such that µ : U (R) −→ U (K). Therefore, | U (R) |=| U (K) | · | pR |= (pr − 1)pr(n−1) ; moreover, g.c.d.(pr − 1, pr(n−1) ) = 1 implies that U (R) = G1 × G2 , where | G1 |= pr − 1 and | G2 |= pr(n−1) . The structure of G1 is easy to determine; in fact, let U (K) =< a > and a an element in G1 such that µ(a) = a. Since µ is a group homomorphism, the order of a is at least pr − 1, which is the cardinality of G1 . Thus ord(a) = pr − 1 and G1 =< a >. Case I: p = 2 and n ≥ 3. Since, in K, 02 + 0 = 12 + 1, the field endomorphism given by a → a2 + a

98


is not injective. Consequently, the map is not surjective. Therefore, there is a b ∈ K such that the polynomial fb (x) = x2 + x − b has no roots in K. Choose b ∈ R such that µ(b) = b. Let {gi = ξ i }0≤i≤r−1 be the standard free Z2n -basis for R, as a free Z2n -module, where ξ i is as in (6.4), for each i. The element α := 2n−1 g0 − 1 = 2n−1 − 1 belongs to G2 . In fact, α2 = (2n−1 − 1)2 = 22(n−1) + 1 = 1, since 2n − 2 ≥ n if and only if n ≥ 2, which is our range. Observe that the element β := 4b = 22 b ∈ R is nilpotent; so, from the proof of Theorem 1.3.1(2.), it follows that 1 + β ∈ U (R). By observing n−2 that (1 + β)2 = 1, one can deduce that it is in G2 . Moreover, for n−1 2 each γ ∈ G2 , γ = 1, since G2 ∼ = 1 + 2R. We claim that if m, n0 , n1 , . . . nr−1 are positive integers such that m ≤ 2, n0 ≤ 2n−2 , ni ≤ 2n−1 , 1 ≤ i ≤ r − 1 and if the equality αm (1 + β)n0

r−1 Y

(1 + 2ξ i )ni = 1

(6.8)

i=1

holds, then m = 2, n0 = 2n−2 and ni = 2n−1 , 1 ≤ i ≤ r − 1. In fact, suppose m = 1. We use Lemma 6.2.4(d) in the expansion of (6.8). We then obtain 2(1 +

r−1 X

ni ξ i + 2a) = 0,

i=1

P

r−1 for some a ∈ R, which means that (1 + i=1 ni ξ i + 2a) ∈ 2R. Thus, denoted (as usual) by µ the epimorphism µ : R −→ R/2R,

µ(1 +

r−1 X i=1

ni ξ i + 2a) = 1 +

r−1 X i=1

ni µ(ξ i ) = 0.

99


By the definition of ξ j , {1 = µ(ξ 0 ), µ(ξ), . . . , µ(ξ r−1 )} is a Z2 -free basis for the vector space F2r , so we get a contradiction. Hence m = 2 and (6.8) reduces to r−1 Y

(1 + β)n0

(1 + 2ξ i )ni = 1.

i=1

(6.9)

P

r−1 As we can now get the result i=1 ni µ(ξ i ) = 0, we see that all the (r − 1) integers n1 , . . . , nr−1 is even. Let δ be the integer in {0, . . . , n − 2} such that 2δ+1 is the highest power of 2 which divides each of the integers 2n0 , n1 , . . . , nr−1 . We want to show that δ = n − 2. Let n0 = 2δ m0 , ni = 2δ+1 mi , for i ≥ 1. Clearly, at least one of the mi ’s must be an odd integer. We now apply Lemma 6.2.4(b) (with δ replaced by δ + 1) and (c) to (6.9), so to have

2δ+2 (m0 b +

r−1 X

mi ξ i +

r−1 X i=1

i=1

mi (mi 2δ+1 − 1)ξ 2i + 2B) = 0

for some B ∈ R. If δ + 2 < n, then m0 µ(b) +

r−1 X

mi µ(ξ i ) +

i=1

r−1 X

mi µ(ξ 2i ) = 0,

(6.10)

i=1

as R/2R is a field of characteristic 2. Our choice of the element b implies that m0 must be even, so that at least one of the remaining integers mi must be odd. Then (6.10) gives either r−1 X

mi µ(ξ i ) = 0

i=1

or

r−1 X

mi µ(ξ i ) = 1 = µ(ξ 0 ),

i=1

both of which are contradictions. Thus δ = n − 2 and this proves the assertion after (6.8). If we set H0 =< 2n−1 − 1 >, H1 =< 1 + β >, Hi =< 1 + 2ξ i >,

| H0 |= 2,

| H1 |= 2n−2 ,

| Hi |= 2n−1 , 1 ≤ i ≤ r − 1,

the above assertions imply that the product of these r + 1 subgroups of G2 is direct. Because of their orders, H0 × · · · × Hr exhausts the whole group G2 .

100


Case II: p an odd prime. We have to consider the equality r−1 Y

(1 + pξ i )ni = 1

i=0

and use (a) of Lemma 6.2.4. The computations are left to the reader. Case III: p = n = 2. In such a case, we have R = Z4 [ξ] = GR(4, r) and G2 ∼ = 1 + 2R. Therefore the square of every element of G2 equals 1. This means that G2 is an elementary abelian 2-group. ✷ To end this section, we shall show some examples of how Galois rings are strictly related to finite fields and, at the same time, to the rings of integers modulo pn , as we said at the beginning of this chapter. Example 6.2.6 1) Take a Galois ring of order 8; this implies that, if we write GR(pn , r), then pnr = 8, i.e. p = 2 and nr = 3. There are only two possibilities: (i) n = 1 and r = 3: in this case, we are considering a cubic extension of F2 , so GR(2, 3) ∼ = F8 which coincides with its own residue field. (ii) n = 3 and r = 1: this is the case of GR(8, 1) ∼ = Z8 and its residue field is F2 . We can completely generalize this first example to the case pnr , when nr = l is a prime; there are only trivial Galois rings whose residue fields determine the subfield chain Fp ⊂ Fpl . 2) We now describe the Galois rings of order 16; thus, p = 2 and nr = 4. The following may occur: (i) n = 1 and r = 4: as before, we have a Galois extension of degree 4 of the field F2 ; so, GR(2, 4) ∼ = F16 which is a field. (ii) n = 4 and r = 1: the Galois ring is an extension of degree 1 of the ring Z16 ; therefore, GR(24 , 1) ∼ = Z16 and its residue field is the prime field F2 . (iii) The last situation is n = 2 and r = 2; this means that GR(4, 2) is a Galois extension, of degree 2, of the ring Z4 . As usual, we consider the epimorphism µ Z4 [x] −→ Z2 [x].

101


The primitive polynomial in Z2 [x] which determines the field extension F2 ⊂ F4 is x2 + x + 1 ∈ Z2 [x]. Therefore, its regular pre-image in Z4 [x] is x2 + 3x + 3 ∈ Z4 [x] (we used Hensel’s Lemma). By definition, GR(4, 2) = Z4 [ξ] = Z4 [x]/(x2 + 3x + 3) is a (non-trivial) Galois ring of order 16, with maximal ideal m = 2Z4 [ξ] and residue field a finite field of order 4, so Z4 [ξ]/m ∼ = F4 . The three cases above take care of the whole subfield chain: F2 ⊂ F4 ⊂ F16 case (ii) case (iii) case (i) It is not difficult to generalize this example to the case in which p is a prime and n, r are integers such that nr = l2 , where l is a prime. As in the previous particular case, we obtain F p ⊂ F p l ⊂ F p l2 . 3) This example is the study of the Galois rings of order 64 = 26 . So, with the above notation, nr = 6 and the following cases may occur. (i) n = 1 and r = 6: we know that in this situation GR(2, 6) ∼ = F64 is itself a field. (ii) n = 6 and r = 1: the Galois ring is the trivial one, viz. Z64 , with residue field F2 . (iii) n = 3 and r = 2: here we have a quadratic extension of the ring Z8 . This extension determines the Galois ring Z8 [ξ], with maximal ideal m = {a + bξ | a, b ∈ 2Z8 }. This means that the residue field is isomorphic to F4 . (iv) n = 2 and r = 3: this is the case of a cubic extension of Z4 , which defines a Galois ring of order 64 with residue field F8 . The subfield lattice of F64 is not a chain: F64 \

/ F8 \

/ F2

F4

102


The same is true whenever the order is pnr , whith nr = lt, where l and t are primes, namely: Fplt /

\

\

/

Fpl

Fpt

Fp

4) Finally, take p = 2 and nr = 30 = 2 · 3 · 5, i.e. nr is a product of three distinct primes; we are dealing with the Galois ring of order 230 = 1.073.741.824. The situations which may occur are the following: (i) n = 1 and r = 30: this is always the trivial case where GR(2, 30) = F230 ; (ii) n = 2 and r = 15: GR(4, 15) is a local ring with residue field F215 ; (iii) n = 3 and r = 10: in this case the residue field is F210 ; (iv) n = 5 and r = 6: GR(25 , 6) has F26 as its residue field; (v) n = 6 and r = 5: this is the case in which the residue field is F25 ; (vi) n = 10 and r = 3: the residue field is F8 ; (vii) n = 15 and r = 2: here we have F4 as the residue field; (viii) n = 30 and r = 1: the Galois ring GR(230 , 1) is the ring Z230 whose residue field is F2 ; It will not be so difficult for the reader to draw the diagram of the subfield-lattice. These arguments obviously extend to the general case nr = lst, l, s, t three distinct primes. What about the structure of the automorphism group of a given Galois ring? The answer to this question immediately follows from some results contained in the previous chapters. In fact, by definition, a Galois ring is a separable extension of a ring of the form Zpn ; in 5.1.5 we proved that a separable extension of two finite, local rings, R ⊂ S, is a Galois extension with Galois group GR (S) isomorphic to the Galois group GK (K), where K and K are the residue fields of R and S, respectively. Therefore, we immediately realize that, if S = GR(pn , r), then Aut (GR(pn , r)) = G (GR(pn , r)) ∼ = GF (Fpr ); Zp n

Zp n

p

6.3. STRUCTURE THEOREMS

103

at the same time, it makes sense to ask which is the group structure of GGR(pn ,s) (GR(pn , r)), where GR(pn , s) ⊆ GR(pn , r) is a Galois subring. By the same proposition, this group is isomorphic to GFps (Fpr ). The problem of finding the automorphisms of a given Galois ring over one of its subrings is reduced, by taking the residue fields, to the well-known problem of finding the automorphism group of a Galois field over one of its subfield, and the latter is known.

6.3

Structure Theorems for Finite Commutative Local Rings

Here we want to prove a very important result in finite, local ring theory which explains the fundamental role that Galois rings play in this context. Such a result is closely related to the classification of finite, local rings with principal ideals (see [56]). We recall that in Theorem 3.1.4 we proved that every finite, commutative ring uniquely splits as a direct sum of finite, local rings. Our aim is to show that each of these local rings is a homomorphic image of a polynomial ring with coefficients from a Galois ring. Consequently, the investigation of finite, local rings reduces to finding a suitable primary ideal Q ⊂ GR(pn , r)[x1 , . . . , xt ] and studying the quotient ring GR(pn , r)[x1 , . . . , xt ]/Q. Theorem 6.3.1 Assume R is a finite, commutative, local ring of characteristic pn , with maximal ideal m and residue field K. Let r denote the dimension of K as a Zp -vector space, i.e. [K:Zp ]=r, and let {u1 , . . . , ur } be a minimal system of generators for m, viewed as an R-module. Then, there exists a subring T ⊂ R such that (a) T ∼ = GR(pn , r) is the unique subring of order pnr and is the maximal Galois extension of Zpn contained in R; (b) R is a homomorphic image of T [x1 , . . . , xt ]. The Galois ring T is called the coefficient ring of R. Proof: Let ζ be a generator of the group of units of K, i.e. ζ is a primitive element of K over Fp , and f (x) ∈ Zp [x] the primitive polynomial such that f (ζ) = 0. Let again µ be the epimorphism µ : Zpn [x] −→ Zp [x]; take f (x) ∈ Zpn [x] to be a monic pre-image under µ of f (x) ∈ Zpn [x] (thus, f (x) is a basic irreducible polynomial in Zpn [x]). By Lemma

104


5.1.3, there exists a unique element ζ ∈ R such that µ(ζ) = ζ and f (ζ) = 0. Then T = Zpn [ζ] ∼ = Zpn [x]/(f (x)) is a Galois ring, unique up to isomorphism, which is the maximal Galois extension of Zpn contained in the ring R. Obviously T [u1 , . . . , ut ] is a subring of R. So, it suffices to prove the other inclusion. Let c be an arbitrary element of R; since T ∼ = GR(pn , r) has K as its residue field, an element t ∈ T must exist such that c ≡ t (mod m). Let β be the nilpotency class of m, i.e. the least positive integer such that mβ = 0. We can construct a sequence {cj } ⊂ T [u1 , . . . , ut ] such that c ≡ cj (mod mj+1 ), 0 ≤ j ≤ β − 1. In fact, if we put c0 = t, for j ≥ 1, we may choose cj = c −

X

di w i ,

i

P

where each wi is a product of the form uα1 1 · · · uαnn , with nk=1 αi = j, and di ∈ R. For every di ∈ R there exists some bi ∈ T such that bi ≡ di (mod m). Therefore, c − cj =

X i

di w i ≡ P

X

bi w i

(mod mj+2 ).

i

If we put cj+1 = cj + i bi wi , then cj+1 − c ≡ 0 (mod mj+2 ). Since mβ = 0, it follows that cβ−1 = c and, by assumption, cβ−1 ∈ T [u1 , . . . , ut ]. ✷ Theorem 6.3.1 implies that, if R is a local ring, then we have R ∼ = T [x1 , . . . , xt ]/Q, where Q is a primary ideal in T [x1 , . . . , xt ] and T √is a Galois ring such that Q ∩ T = {0}. Observe that the radical of Q, Q, √ is precisely (p, x1 , . . . , xt ), since Q ⊆ Q and p

T [x1 , . . . , xt ]/ Q ∼ = GR(pn , r)/pGR(pn , r) ∼ = K. Corollary 6.3.2 Let R be a finite, commutative, local ring of characteristic pn and m its maximal ideal. If the dimension of the K-vector space m/m2 is t, then R is a homomorphic image of Zpn [x1 , . . . , xt+1 ]. Proof: First of all, observe that m/m2 is a K-vector space. Indeed, mj is an R-module for each j. The quotient m/m2 is an R-module which is annhilated by m; consequently, it is an R/m-module and R/m ∼ =K is a field. By assumption, dimK (m/m2 ) = t; this implies that m has a minimal set of generators of cardinality t, when viewed as an R-module. From Theorem 6.3.1 it follows that R is a homomorphic image of the

105

6.4. QUASI-GALOIS RINGS

polynomial ring T [x1 , . . . , xt ], where the coefficient ring is a Galois ring. By observing that T is a homomorphic image of the ring Zpn [y], we get the statement if we put y = xt+1 . ✷ This last result enables us to prove another structure theorem for finite, local rings in terms of the generators of U (R). Theorem 6.3.3 Let R be a finite, commutative, local ring of characteristic pn . If {a1 , . . . , an } is a system of generators for U (R), then R is a homomorphic image of the ring Zpn [x1 , . . . , xs ]. Proof: Consider the subring Zpn [a1 , . . . , an ] ⊆ R. This subring obviously contains all the invertible elements of the ring R; if a is an element of the maximal ideal m and b is a unit in R, then a − b ∈ U (R) (R is a local ring). Therefore, there exists c ∈ U (R) such that a − b = c. Then, a = b + c ∈ Zpn [a1 , . . . , an ]. ✷

6.4

Another Class of Finite Commutative Local Rings: Quasi-Galois Rings

As we said in the introduction to the present chapter, we now want to study another class of finite, commutative, local rings; such rings are, in a certain sense, related to Galois rings even if their properties are completely different. We shall call them Quasi-Galois rings. They have been also used as coordinatizing rings of Pappian-Hjelmslev planes (see [46]). Let p be a prime and n, r be two positive integers. We consider the Galois field Fpr as a simple Galois extension of its prime field Fp , by using a primitive polynomial g(p,r) (x) ∈ Fp [x] such that deg(g(p,r) (x)) = r, (see Definition 2.2.7). Denote by ζ a primitive element of Fpr over Fp , then Fpr ∼ = Fp [ζ] with g(p,r) (ζ) = 0. Since Fpr is a field, Fpr [x] is a Euclidean domain, so it is a P.I.D.. Therefore, since the ideal (xn ) ⊂ Fpr [x] is not prime, the quotient ring A(pr , n) := Fpr [x]/(xn ), is not a domain. Choose an element θ, in some ring extension of Fpr , as a formal, non-trivial root of the polynomial xn ∈ Fpr [x] (i.e. θ 6= 0 and θn = 0), then n−1 X

A(pr , n) = {

i=0

ai θi | ai ∈ Fpr },

106


where θk = 0 for all k ≥ n. This ring is local, with maximal ideal m(pr , n) consisting of the non-units of A(pr , n), i.e. n−1 X

r

m(p , n) = {

j=1

aj θj | aj ∈ Fpr },

where θk = 0, for all k ≥ n (see Prop. 1.4.1). Its residue field is A(pr , n)/m(pr , n) ∼ = Fpr . Consequently, A(pr , n) is a finite, commutative, local ring containing (pr )n = prn elements. We recall that, in studying the Galois ring GR(pn , r), we considered Zpn [x]/(G(p,r) (x)), where G(p,r) (x) ∈ Zpn [x] is the monic, basic irreducible polynomial determined, as in Lemma 1.4.3, from the same polynomial g(p,r) (x) ∈ Fp [x] (see Section 6.2). We found r−1 X

n

GR(p , r) = {

j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

where ξ is a formal root of the polynomial G(p,r) (x). All this gave us that GR(pn , r) is a finite, local ring, of cardinality (pn )r = pnr and with residue field Fpr . Thus, the rings A(pr , n) and GR(pn , r) are local, equipotent and with the same residue field, but they are not isomorphic, since they have different characteristic. In fact, A(pr , n) is a finite ring of characteristic p, since it contains Fpr as a subring, whereas we know that the characteristic of GR(pn , r) is pn . Obviously, also the maximal ideals are equipotent; in fact m(pr , n) contains (pr )n−1 = pr(n−1) elements. An arbitrary element of this ideal P h k r can be written as n−1 h=1 ah θ , where ah ∈ Fp and θ = 0, for k ≥ n. Let ζ ∈ Fpr be a primitive element over Fp such that g(p,r) (ζ) = 0, where g(p,r) (x) ∈ Zp [x] is such that µ(G(p,r) (x)) = g(p,r) (x). Each ah ∈ Fpr has a unique expression of the form ah =

r−1 X

uhj ζ j ,

j=0

where uhj ∈ bf F p , for all j and h, and g(p,r) (ζ) = 0. This fact enables us to write n−1 X h=1

ah θ h =

n−1 X r−1 X

(

h=1 j=0

uhj ζ j )θh .


107

Example 6.4.1 Take p = 2, n = 3 and r = 3. Thus, the ring A(8, 3) is, by definition, A(8, 3) = F8 [x]/(x3 ). We recall that F8 ∼ = Z2 [x]/(x3 + x + 1) = {a + bζ + cζ 2 | a, b, c ∈ F2 } with ζ 3 = ζ + 1, i.e. F8 = {0, 1, ζ, ζ 2 , 1 + ζ, 1 + ζ 2 , ζ + ζ 2 , 1 + ζ + ζ 2 }. If θ is a formal, non-trivial root of the polynomial x3 ∈ F8 [x], then A(8, 3) = {a0 + a1 θ + a2 θ2 | ai ∈ F8 , 0 ≤ i ≤ 2, θk = 0, f or k ≥ 3}. Thus, | A(8, 3) |= 83 = 512; its maximal ideal is m(8, 3) = {a1 θ + a2 θ2 | a1 , a2 ∈ F8 }, with θk = 0 for k ≥ 3, and its residue field is F8 . Recalling the polynomial expression of the elements of F8 with respect to the primitive element ζ gives a0 +a1 θ+a2 θ2 = (a00 +a10 ζ +a20 ζ 2 )+(a01 +a11 ζ +a21 ζ 2 )θ+(a02 +a12 ζ +a22 ζ 2 )θ2 , where aji ∈ Z2 , for 0 ≤ i, j ≤ 2, θk = 0, for k ≥ 3 and ζ 3 = ζ + 1. Remark 6.4.2 Since A(pr , n) is a local ring, the elements of m(pr , n) exhaust the non-units in this ring and are all its nilpotent elements. We can describe such elements by using their coordinates with respect to the basis {θj }0≤j≤n−1 . Therefore the nilpotent elements of A(pr , n) all have the form (0, a1 , . . . , an−1 ), whereas the units are (a0 , a1 , . . . , an−1 ) with a0 6= 0. Before studying the basic properties of such rings, we want to point out that also Quasi-Galois rings can be viewed as ”bricks” of all of Finite, Commutative Algebra. In fact, each ring A(pr , n) is a particular case of what we saw in Example 2. after Theorem 3.1.4. Indeed, we only have to consider f (x) = p1 (x)n , with p1 (x) = x, to get the present situation. Definition 6.4.3 A commutative ring R is said to be primary if it has a unique prime ideal. So, if R is local and Artinian (the latter means Spec(R) = Specm(R), see Definition 1.2.8), then it is trivially a primary ring. Therefore, our A(pr , n)’s are examples of primary rings, since they are finite and local (see Proposition 1.2.7 and Theorem 2.3.9).

108


Lemma 6.4.4 Let R be a finite, commutative ring. Then R is a direct sum of primary rings R1 , . . . , Rn and U (R) is a direct product of U (R1 ), . . . , U (Rn ). Moreover, U (R) is cyclic if and only if each U (Ri ) is cyclic and the orders of U (Ri ) and U (Rj ) are relatively prime for 1 ≤ i 6= j ≤ n. Proof: The first part of the statement directly follows from Theorem 3.1.4 and Exercise 1., before Proposition 3.1.5. The second assertion follows from elementary Group Theory (see, for example, [65]). ✷ The above lemma reduces the problem of studying the groups of units of all finite, commutative rings to that of determining the structure of the groups of units of finite, commutative, primary rings and to understand which rings have such group as a cyclic group (see [43]). Let N be a nilideal of a finite, commutative ring R. If p is a prime divisor of | N |, we put N (p) := {a ∈ N | pa = 0}. Then N (p) is an ideal of R, thus 1 + N (p) := {1 + x | x ∈ N (p)} is a subgroup of U (R). Lemma 6.4.5 Let N be a nilideal of a finite, commutative ring and let p be a prime dividing | N | and assume that 1 + N (p) is cyclic, generated by 1 + a, a ∈ N (p). If | N (p) |= pr and n is the least positive integer such that an = 0, then (i) n = pr−1 + 1; (ii) pr−1 ≤ 2. Proof: r−1 r−1 (i) Since 1 6= (1 + a)p = 1 + ap , we have that pr−1 < n. For each 1 ≤ i ≤ n, ai = (1 + a)si − 1, for some 1 ≤ si ≤ pr . However, if 2 ≤ i ≤ n, 0 = an−2+i = an−2 [(1 + a)si − 1] = an−2 [si a + a2 b] = si an−1 , thus p divides si . Hence, the map i → si is an injection of the set {1, . . . , n} into the set {1 ≤ s ≤ pr | s = 1 or p | s}, which gives n ≤ pr−1 + 1.

109


(ii) By contradiction, suppose that m = pr−1 − 1 ≥ 2 and let j be an integer such that (j − 1)p < m < jp. If sm = pt, then am = (1 + a)pt − 1 = (1 + ap )t − 1 =

t X

k

zk a p ,

k=0

where the zk ’s are binomial coefficients. If we multiply in turn by an−ip−1 , for 1 ≤ i < j, we obtain zi an−1 = 0. Hence p divides zi , so zi ai = 0. It follows that the sum above runs from j to t. If we now multiply by an−m+1 , we get an−1 = 0, which is impossible. ✷ Lemma 6.4.6 Let N be a nilideal of a finite ring R. If | N | is odd, then N + =< N, + > (i.e. the additive structure of N , viewed as a subgroup of < R, + >= R+ ) is cyclic if and only if 1 + N is cyclic. Proof: ⇐) Assume that 1 + N is cyclic. Then, for any prime p which divides | N |, 1 + N (p) is a subgroup of 1 + N , hence it is cyclic. By Lemma 6.4.5 (ii), | N (p) |≤ 2p. Since p is odd, | N (p) |= p. This implies that N + is cyclic. ⇒) Suppose that N + is cyclic. Given a ∈ N such that (1 + a)p = 1 for some prime p dividing | N |, it sufficies to show that pa = 0. Let b be a generator of N + . Then ba = nb, for some integer n. So, if a = mb, for some m ∈ Z, a2 = (mb)a = m(ba) = m(nb) = n(mb) = na. If k is the additive order of a, we can find an integer t with 1 ≤ t ≤ k and a2 = ta. Since as+1 = 0, for some s, we have ts a = 0, i.e. k | ts . This means that each prime which belongs to the factorization of the integer k also belongs to the one of t. Moreover, 0 = (1 + a)p − 1 = P

p X

j=1

zj a j = (

p X

zj tj−1 )a,

j=1

so k divides pj=1 zj tj−1 . In particular, every prime dividing k divides both this sum and t. This implies that such a prime must divide the term with j = 1, namely p. Therefore, k is a power of p. But the only P power of p dividing pj=1 zj tj−1 is p itself and, hence, k = p. ✷ The following result is very important for the characterization of the groups of units of our A(pr , n)’s.

110


Theorem 6.4.7 Let R be a finite, commutative, primary ring such that U (R) is cyclic. Let N and R0 be the nilradical and the prime subring of R, respectively. Then R = R0 [N ], i.e. R is the smallest subring containing R0 and N , and R is isomorphic to exactly one of the following rings: (i) the Galois field GF (pn ), p a prime and n ≥ 1; (ii) Zpn , where p is an odd prime and n > 1; (iii) Z4 ; (iv) Fp [x]/(x2 ), p a prime; (v) Z2 [x]/(x3 ); (vi) Z4 [x]/(2x, x2 − 2). Proof: If N = 0, then R is a finite field so it is of type (i). Assume that N 6= 0; R0 is also a finite, primary ring so R0 ∼ = Zps , for some prime p and some positive integer s. Since U (R0 ) < U (R), this subgroup must be cyclic. Therefore, by Proposition 6.2.5, we have the following possibilities: (a) p is odd; (b) ps = 2; (c) ps = 4. Put S = R0 [N ] which is a, a priori, a subring of R and set N0 = N ∩ R0 . We want to determine the structure of S in all possible cases and then to show that S = R. Suppose that (a) holds. Then, since U (R) ∼ = 1 + N is cyclic by + hypotesis, N is cyclic (Lemma 6.4.6). Since the characteristic of R is ps , we have ps ≥| N |≥| N0 |= ps−1 . If | N |= ps−1 , then N0 = N and S ∼ = Zps , so it is of type (ii). = R0 ∼ s Assume | N |= p and let b be a generator of N + . As N0+ is the unique subgroup of N + of order ps−1 , we have pb ∈ N0+ . Write pb = pt, with 1 ≤ t ≤ ps−1 . Then, since b has order ps , g.c.d.(p, t) = 1. But now bn = 0 for some n ≥ 1, so 0 = pbn = ptn . Hence s = 1, since t is a unit. It follows that t = 1, so pb = p and b2 (p − 1) = 0. Thus b2 = 0, therefore S∼ = Zp [x]/(x2 ). This ring is of type (iv). Assume that (b) holds. Then, char(R)=2, so N = N (2). By Lemma 6.4.5, 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case, N is a two-element ring with trivial multiplication, so S ∼ = Z2 [x]/(x2 ) (type (iv)). In the latter case, N + is isomorphic to C4 and a3 = 0, where 1 + a generates 1 + N . Hence S ∼ = Z2 [x]/(x3 ) (type (v)).


111

∼ Z4 . Suppose N0 6= N . Finally, assume that (c) holds. Then R0 = Then, by applying Lemma 6.4.5 to N (2), we have 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case N + is cyclic, N + = {0, b, 2b, 3b}. Then N0 = {0, 2b} and 0 6= 2b = 2. This implies 2bk = 2 for any k > 0; the nilpotency of b leads to a contradiction. Hence 2r = 4 and n = 3. Now, N (2)+ ∼ = C4 and N + is the product of two cyclic groups of order 2s and 2t , respectively. If a and b are generators of these groups, then 2s−1 a and 2t−1 b are generators of N (2)+ . Since 1+N (2) is cyclic of order 4, it has two generators and these yield (Lemma 6.4.5(i)) two distinct elements of N (2), whose squares are non-zero but whose cubes vanish (n = 3). By simmetry, we may assume that (2t−1 b)2 = 0, which implies t = 1. Since char(R)=4, we have s ≤ 2. Assume s = 2. Then 4a = 0, 2a 6= 0 and 2b = 0. Because (2a)2 = 0, we have 2a = 2; in fact, the squares of the other non-zero elements are non-zero. Then, since a is nilpotent, 2=0, a contradiction. Thus s = 1 and N = N (2). Now N0 = {0, 2} and N0+ is a direct summand of N + . Let N = {0, 2, d, d + 2}. Then d3 = 0 and 0 = (d + 2)3 = 2d2 . This implies d2 = 0, so S ∼ = Z4 [x]/(2x, x2 − 2). Now, we shall briefly show that, in each case, S ∼ = R. For example, 2 ∼ if S = Fp [x]/(x ), then, by choosing b = x, multiplication by b induces a homomorphism from R+ to N + whose kernel contains no units, so it is contained in N ; but b2 = 0, bN = 0, so N is the kernel. Hence | R |= | N |2 = p2 =| S | and R = S. Similarly, in the cases where S∼ = Zpn , Z2 [x]/(x3 ), Z4 [x]/(2x, x2 − 2) if we consider multiplication by p, x, x, respectively, we get R = S. ✷ The previous theorem determines which are the finite, commutative, primary rings whose group of units is cyclic. In such class of rings we find some of our Galois and Quasi-Galois rings, since they are finite and local. So this result will be very useful to understand which is the structure of the U (A(pr , n))’s. Example 6.4.8 To better understand the situation, we shall discuss some of the cases listed in Theorem 6.4.7 and some other interesting examples. First of all, by Theorem 2.1.3, if Fq is a finite field, then U (Fq ) is cyclic. On the other hand, in Proposition 6.2.5 we showed that U (Zpn ), p an odd prime, and U (Z4 ) are cyclic groups. Observe that the rings in Theorem 6.4.7 (iv) and (v) are particular examples of Quasi-Galois; therefore, we want to directly show that they have cyclic groups of units. Consider before the ring A(2, 3) = Z2 [x]/(x3 ) =

112


{c + bx + ax2 + (x3 ) | a, b, c ∈ F2 } of cardinality 23 = 8. Denote by [ax2 + bx + c] the coset c + bx + ax2 + (x3 ) which is an element of the quotient ring; hence, Z2 [x]/(x3 ) = {[0], [1], [x], [x + 1], [x2 ], [x2 + 1], [x2 + x], [x2 + x + 1]}. The units of this ring form a group isomorphic to the cyclic group of order 4 U (Z2 [x]/(x3 )) = {[1], [x + 1], [x2 + 1], [x2 + x + 1]} ∼ = C4 (the generators are < [x+1] >=< [x2 +x+1] >∼ = C4 ). Moreover, the nilradical (see Prop. 1.2.14), i.e. the set of all nilpotent elements, coincides with the maximal ideal of the local ring Z2 [x]/(x3 ); more precisely, N il(Z2 [x]/(x3 )) = {[0], [x], [x2 ], [x2 +x] | [x]3 = [x2 ]2 = [x2 +x]3 = [0]}. If p is a prime, the ring A(p, 2) = Fp [x]/(x2 ) has a cyclic group of units for each prime p; in fact, |A(p, 2)| = p2 − p. Therefore, U (A(p, 2)) ∼ = ∼ Cp × Cp−1 = Cp2 −p . Observe that the ring A(3, 3) = Z3 [x]/(x3 ) is such that U (A(3, 3)) ∼ = U (Z ), whereas G is a group of order 9. Precisely, C2 × G2 , where C2 ∼ = 3 2 we have G2 = {1, 1 + θ, 1 + 2θ, 1 + θ2 , 1 + 2θ2 , 1 + θ + θ2 , 1 + 2θ + θ2 , 1 + θ + 2θ2 , 1 + 2θ + 2θ2 }

and some trivial computations show that each element of G2 (except for 1) has order 3; thus G2 is an elementary abelian 3-group. Therefore, U (A(3, 3)) ∼ = C6 × C3 , which is not cyclic. If we now consider, for example, A(4, 3) = F4 [x]/(x3 ), then U (A(4, 3)) ∼ = C3 ×G2 , where G2 is an abelian group of order 24 = 16. Take F4 = {0, 1, ζ, ζ 2 }, where ζ 2 = ζ + 1. Therefore, G2 = {1, 1 + θ, 1 + θ2 , 1 + θ + θ2 , 1 + ζθ, 1 + ζθ2 , 1 + ζθ + ζθ2 , 1 + θ + ζθ2 , 1 + ζθ + θ2 , 1 + ζ 2 θ, 1 + ζ 2 θ2 , 1 + ζ 2 θ + ζ 2 θ2 , 1 + θ + ζ 2 θ2 , 1 + ζ 2 θ + θ2 , 1 + ζθ + ζ 2 θ2 , 1 + ζ 2 θ + ζθ2 }


113

and with some computations, we find that ord(1 + θ2 ) = ord(1 + ζθ2 ) = ord(1 + ζ 2 θ2 ) = 2, whereas the other elements (different from 1) have order 4. This means that G2 ∼ = C4 × C4 , so U (A(4, 3)) ∼ = C12 × C4 , which is not cyclic. In the same way, one can easily verify that, for example, U (F4 [x]/(x2 )) ∼ = C3 × C2 × C2 . Finally, if we consider the Quasi-Galois ring A(2, 4) = F2 [x]/(x4 ), we get | U (A(2, 4)) |= 8. The abelian groups of order 8 (up to isomorphism) are C8 , C2 × C4 , C2 × C2 × C2 .

From Theorem 6.4.7 it follows that U (A(2, 4)) can not be isomorphic to C8 ; since ord(1 + θ) = 4, then U (A(2, 4)) ∼ = C2 × C4 . To summarize, all these examples show that the structure of the abelian p-group 1 + m(pr , n), residue in U (A(pr , n)) to the cyclic group Cpr −1 , does not only depend on the given integers p, n and r. This group is called the one-group of A(pr , n). There are some partial results about the problem of finding the structure of such a subgroup (see Bibliography of [56]). However, what we observed in Remark 6.4.2 and in Theorem 6.4.7 allows us to state the following Proposition 6.4.9 Let A(pr , n) be a Quasi-Galois ring, for a given prime p and for positive integers r and n. Such a ring contains pnr − pr(n−1) units, which form a group isomorphic to a direct product of groups, i.e. U (A(pr , n)) ∼ = G1 × G2 ,

where G1 is a cyclic group of order pr − 1 and G2 is an abelian p-group of order pnr−r . We have different possibilities for the group G2 . (i) If r = 1 and n = 2, then G2 is cyclic of order p, so U (A(p, 2)) ∼ = Cp2 −p ; (ii) If p = 2, r = 1 and n = 3, then G2 ∼ = C4 and U (A(2, 3)) = G2 ∼ = C4 ; (iii) In the other cases, let k0 := ⌈logp (n)⌉. (Recall that, for a real number h, ⌈h⌉ denotes the round-up of h which is defined as the smallest integer greater than or equal to h). Thus, each generator of G2 has, at most, order pk0 . (Observe that such a k0 is strictly less than r(n−1), otherwise, there would exist an element x ∈ G2 such that ord(x) = pr(n−1) , which would imply that G2 is cyclic; from Theorem 6.4.7, this can happen only in cases (i) and (ii)).

114


Proof: By a simple computation, the units in A(pr , n) number pnr − pr(n−1) . Moreover, it is clear that these elements form a multiplicative group which contains U (Fpr ) as a subgroup (it is formed by the n-tuples (a0 , 0, . . . , 0) of Remark 6.4.2 with a0 6= 0). This subgroup is obviously isomorphic to a cyclic group of order pr − 1. Now, consider the set H := {(1, a1 , a2 , . . . , an−1 ) | ai ∈ Fpr }; its elements will be called the principal units. One can easily verify that H has cardinality pr(n−1) and is isomorphic to G2 . We already proved cases (i) and (ii) in Theorem 6.4.7. So it remains to show that (iii) holds. We take an arbitrary element of H, x = 1 + a1 θ + · · · + an−1 θn−1 . So then

xp = 1 + ap1 θp + . . . + aps θsp , if p(s + 1) ≥ n; 2

2

2

2

2

xp = (xp )p = 1 + ap1 θp + · · · + apt θtp ,

where t < s and p2 (t + 1) ≥ n. By recursively using this procedure we will find that k k xp = (1 + a1 θ + · · · + an−1 θn−1 )p = 1.

This happens when pk ≥ n, i.e. k ≥ logp (n). The smallest integer k satisfying this inequality is k0 = ⌈logp (n)⌉. For such a k0 , xp 0 = 1 for each x ∈ A(pr , n). So all the generators of G2 have order at most pk0 . This means that G2 splits as a direct product of copies of cyclic p-groups of orders at most pk0 . ✷

Example 6.4.10 We can apply the result above to the non-cyclic cases of the previous examples. We found U (A(3, 3)) ∼ = C2 × C3 × C3 ; in fact, p = 3, r = 1 and n = 3 so log3 (3) = 1 = k0 and G2 ∼ = C3 × C3 , since | G2 |= pr(n−1) = 9. In the case of A(4, 3), we have U (A(4, 3)) ∼ = C3 × C4 × C4 . In fact, ∼ k0 = ⌈log2 (3)⌉ = 1. G2 = C4 × C4 , since | G2 |= 16 and there are only three elements of order 2 in G2 . The last case we discuss is A(4, 2), where k0 = 1. Thus G2 ∼ = C2 × C2 , since it has cardinality 4. Remark. In Proposition 6.4.9, when r = 1, we get Φ(pn ) = pn−1 (p − 1) units, since A(p, n) = Zp [x]/(xn ); whereas, if n = 1, then A(pr , 1) = Fpr whose units number pr − 1.


115

For what concerns the ideal structure of A(pr , n), from the fact that A(pr , n) is a principal ring, one immediately deduces that each proper ideal is of the form Jk = θk A(pr , n), 1 ≤ k ≤ n − 1. Our aim is to study the subring structure of A(pr , n). Theorem 6.4.11 Let p be a prime and let n and r be positive integers. i) The subrings of the Quasi-Galois ring A(pr , n) are isomorphic to Quasi-Galois rings of the form A(ps , n) and A(pr , m), where m and s are proper divisors of n and r, respectively. ii) The subrings of a Quasi-Galois ring A(pr , n) are not uniquely determined by their orders. Precisely, given m and s divisors of n and r, respectively, such that ns = mr. Then, A(ps , n) and A(pr , m) are equipotent subrings of A(pr , n) which are not isomorphic (unless n = m and s = r). Proof: Consider A(pr , n) ∼ = Fpr [x]/(xn ). In Theorem 2.3.1 we recalled that all the subfields of the Galois field Fpr are of the form Fps , where s is a proper divisor of r, and Fps is uniquely determined by its order. The field inclusion Fps ⊂ Fpr obviously extends to the polynomial rings Fps [x] ֒→ Fpr [x]. By reducing this injection modulo the ideal (xn ), for the given n, we get the desired inclusion. On the other hand, consider the unique n integer h which we get from h = m . Put η = θh , such that η m = θn = 0. Therefore, the elements a0 + a1 θh + · · · + am−1 θh(m−1) = a0 + a1 η + · · · + am−1 η m−1 ,

ai ∈ Fpr ,

form a subring isomorphic to A(pr , m), which is uniquely determined by the divisor m, since r is fixed. If ns = mr, then the cardinalities of such subrings are the same; in fact |A(pr , m)| = pmr = pns = |A(ps , n)|. Part ii) of the statement directly follows from the fact that the cyclic subgroup in the group of units, i.e. G1 , has order pr − 1. So if A(ps , n) ∼ = A(pr , m), then pr − 1 = ps − 1 so r = s and, therefore, m = n. ✷

116


Example 6.4.12 Consider A(4, 4). By the previous theorem, we find two subrings which are isomorphic to A(2, 4) and A(4, 2), respectively. Thus, A(2, 4) = {a0 + a1 θ + a2 θ2 + a3 θ3 | ai ∈ F2 },

with θn = 0 for n ≥ 4, is a subring of 16 elements. We know that the units of such a subring form a group isomorphic to C2 × C4 . On the other hand, we have A(4, 2) = {a0 + a1 η | ai ∈ F4 }, where θ2 = η, which contains 16 elements. Such a subring has a group of units isomorphic to C3 × C2 × C2 . Therefore A(2, 4) and A(4, 2) are equipotent subrings of A(4, 4) which can not be isomorphic.

We end this chapter by recalling that Galois rings and Quasi-Galois rings are particular cases of a larger class of finite, commutative rings with identity. Such rings are called finite chain rings since they are finite and their ideals form a chain under inclusion. These rings arise in algebraic number theory as quotient rings of rings of integers in number fields as well as in the geometry of Pappian-Hjelmslev planes. Recently, they have been also used in various constructions of partial difference sets, relative difference sets and bent functions. Moreover, as we shall briefly discuss in the next chapters, there are lots of recent results concerning linear and cyclic codes over finite chain rings. These are the motivations for the increasing interest on such rings.

Chapter 7

BASIC NOTIONS ON CODES OVER FINITE FIELDS In this chapter, we shall briefly recall some fundamental definitions in Coding Theory and give some examples of codes over Fq , the finite field of order q (see Chapter 2). For more details the reader is referred to some basic texts on Coding Theory, as [4], [14], [34], [53] and [69].

7.1

Basic properties

Let A be a finite set of cardinality q. A finite sequence a of elements in A is a word over A. A q-ary code C is a non empty subset of A∗ , the set of all words over A. All through this chapter, A= Fq , q = pn , where p is a prime; thus C is a code over Fq (a binary or a ternary code for q = 2, 3). Under the assumption that the length of all words over A is uniform, say m, A∗ can (m) be identified with Fq , the m-dimensional vector space over Fq . Two codes C1 and C2 are equivalent if each of these codes can be obtained from the other by a combination of operations of the following types: (i) any permutation on the coordinate positions; (ii) any permutations on the letters of the alphabet in any fixed coordinate In Chapter 8 we shall also consider codes over Galois rings. (m) A q-ary code C of length m is linear if it is a subspace of Fq ; otherwise C is nonlinear. Properties of q-ary codes can be described 117

118

CHAPTER 7. CODES OVER FINITE FIELDS (m)

via the metric structure over Fq , which is induced by the Hamming (m) distance dH . For any pair of vectors v and w in Fq , one defines dH (v, w) := |{i : 1 ≤ i ≤ m, vi 6= wi }|,

(7.1)

where vi and wi , 1 ≤ i ≤ m, are the coordinates (with respect to the standard basis) of the vectors v and w, respectively. Two basic parameters of q-ary codes are defined in terms of the Hamming distance. The minimum distance of a code C is d(C) := minv6=w∈C {dH (v, w)}; the minimum weight is wt(C) := min06=v∈C {wt(v)}, where wt(v) := dH (v, 0). In the sequel, by an (m, M, d)-code we shall mean a code of length m, with M words and minimum distance d.

7.2

Some families of q-ary codes

In this section we briefly recall the construction of some families of q-ary codes. For more details the reader is referred, for instance, to [14] and to [53]. In these books one can also find many other examples, whose complete exposition is beyond the scope of our work.

7.2.1

Linear Codes

A linear code C is called an [m, k, d]-code if the dimension and the minimum distance of C are k and d, respectively. In this case, the code C contains q k words which can be completely described by choosing a basis of (the vector space) C. The vectors of such a basis are used as rows of a matrix G called a generator matrix of C. In fact, any other word of C can be obtained as a linear combination of the rows of G with coefficients from Fq . By well-known results of Linear Algebra, every linear code of dimension k is equivalent to a code with a generator matrix G in the standard echelon form (Ik |P ), where Ik is the identity matrix of order k. Since C is linear, it is natural to introduce the dual code of C. More (m) precisely, the vector space Fq is equipped with the inner product hv, wi :=

m X i=1

vi wi ,

(7.2)

7.2. SOME FAMILIES OF q-ARY CODES

119

where v = (v1 , . . . , vi , . . . , vm ) and w = (w1 , . . . , wi , . . . , wm ) are two (m) vectors in Fq . The set n

C ⊥ := x ∈ F(m) : hx, ci = 0, ∀ c ∈ C q

o

is called the dual code of C. In particular, if C = C ⊥ , then C is self-dual. By definition, C ⊥ is a linear code of dimension m − k. Any generator matrix of C ⊥ is a parity check matrix of C.

7.2.2

Hamming codes

The subject of linear codes was greatly influenced by papers written by R. W. Hamming in 1950 ([29]), who discovered the Hamming codes. Since then, many other codes with better properties have been discovered; anyhow, Hamming codes are still of independent interest for their application to Finite Geometries and Design Theory (see, for example, [4]). The Hamming code CH of length m = (q k − 1)/(q − 1), k ≥ 1, over Fq is a code for which the k × m parity check matrix H has columns that are pairwise linearly independent. We point out that here we do not distinguish between equivalent codes. Since H has rank k, CH is linear of dimension m − k. Moreover, any codeword x ∈ CH is a linear combination of wt(x) columns of H. As a result, wt(CH ) = 3 since there exist at least three, but not fewer, linearly dependent columns of H. Remark 7.2.1 Note that if C is a q-ary linear code of type [m, m−k, 3], m = (q k − 1)/(q − 1), k ≥ 1, then C is the Hamming code since, by standard Linear Algebra, its parity check matrix is equivalent to H. Example 7.2.2 Let us consider the 4 × 15 matrix    

H=

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

1 1 0 0

1 0 1 0

1 0 0 1

0 1 1 0

0 1 0 1

0 0 1 1

1 1 1 0

0 1 1 1

1 0 1 1

1 1 0 1

1 1 1 1



  . 

(7.3)

H can be used as a parity check matrix to define the binary Hamming code CH of length 15 with 211 words. The codeword (0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0) has weight 3. Naturally, H is the generator matrix of the dual code of CH , which has length 15 and dimension 4. Such a code is called a

120

CHAPTER 7. CODES OVER FINITE FIELDS

projective code since the columns of the generator matrix represent distinct points in the three dimensional projective space over F2 . More generally, the dual of a Hamming code is a projective code (cf. [69]). It is possible to obtain a new code, the extended Hamming code, from the Hamming code CH by simply adding in the same position an element of Fq to all the codewords of CH . In general, by the extended code C of a q-ary code C of length m we shall denote the following subset (m+1) : of Fq (

7.2.3

(c1 , . . . , cm , cm+1 ) | (c1 , . . . , cm ) ∈ C,

m+1 X k=1

)

ck = 0 .

(7.4)

Cyclic codes

Here we recall some basic results on cyclic codes which can be viewed as the bricks of many other codes, such as the Kerdock and the Preparata codes. Furthermore, some other cyclic codes, as the BCH codes (see, for instance, [53] and [69]) are important because of their many ”real world” applications. A linear [m, k, d]-code C is cyclic if (c0 , . . . , ci , . . . cm−1 ) ∈ C ⇒ (cm−1 , c0 , . . . , cm−2 ) ∈ C.

(7.5)

Cyclic codes are easily described in terms of polynomials over the finite field Fq . Let C be a q-ary cyclic code of length m such that q and m are relatively prime. The residue class ring Rm := Fq [x]/(xm − 1) has the set of polynomials {a0 + a1 x + . . . + am−1 xm−1 | ai ∈ Fq , 0 ≤ i < m} as a system of representatives. Rm can be regarded as an m-dimensional vector space over Fq with vectors (a0 , a1 , . . . , am−1 ); therefore, C can be identified with a set of elements of Rm . More precisely, since multiplication by x in this ring is equivalent to a cyclic permutation of the coefficients of any representative, C corresponds to an ideal in Rm . Furthermore, C is generated by the unique monic polynomial g(x) of the smallest degree; this polynomial divides xm − 1 in Fq [x], since each ideal in this ring is principal (see Section 1.3). The polynomial g(x) is called the generator polynomial of C, and the polynomial h(x) := (xm − 1)/g(x) is defined to be the parity check polynomial of C. Note, in particular, that the constant term of h(x) is non-zero.


121

Theorem 7.2.3 Let C be a q-ary code of length m with generator polynomial g(x) of degree r and parity check polynomial h(x). Then the following hold: (i) C is a code of dimension m − r; (ii) C ⊥ is a cyclic code with generator polynomial (xdeg(h(x)) h(x−1 ))/h0 , where h(x) is the parity check polynomial of C and where h0 is the constant term of h(x). Proof: (i) Let f (x) be a representative in Fq [x] of an element f (x) in Rm . Divide f (x) by h(x) to obtain f (x) = q(x)h(x) + r(x),

(7.6)

where deg(r(x)) < m − r. Next, multiplying both sides of (7.6) by g(x) yields g(x)f (x) ≡ r(x)g(x) mod(xm − 1).

Thus, a basis of C is given by the set {g(x), . . . , xm−r−1 g(x)}. (Note that we used the same notation for the polynomial g(x) ∈ Fq [x] and its residue class in Rm . It is easy to understand from the context what is meant.) (ii) Since g(x)h(x) = xm − 1, g(x−1 )h(x−1 ) = 1 − x−m ; hence, xm−r h(x−1 )g(x−1 )xr = xm − 1. This means that xm−r h(x−1 ) divides xm − 1 and so the claim follows. Note that we need to divide xm−r h(x−1 ) by h0 to have a monic polynomial. ✷ All cyclic codes of length m are completely determined by the decomposition over Fq of the polynomial xm − 1 into monic irreducible factors, which are distinct by the hypothesis (q, m) = 1 (see Section 3.1 and, for example, [50] for more details). We briefly recall that xm − 1 =

Y

M (s) (x).

s∈Rc

Here Rc is a set of representatives for the cyclotomic classes Cs := {s, sq, . . . , sq ms −1 }, and ms is the least non-negative integer such that sq ms ≡ s

(mod m).

(7.7)

122


Moreover, M (s) (x) :=

Y

j∈Cs

(x − αj ),

where α is a primitive m-th root of unity. Example 7.2.4 Set q = 2 and m = 4. The cyclotomic polynomial of degree 15 factors over F2 as follows: x15 − 1 = (x − 1)(x2 + x + 1)(x4 + x + 1)(x4 + x3 + 1)(x4 + x3 + x2 + x + 1). In fact, there are 5 cyclotomic classes: C0 = {0},

C1 = {1, 2, 4, 8},

C5 = {5, 10},

C3 = {3, 6, 12, 9},

C7 = {7, 14, 13, 11}.

Moreover, M (0) (x) = x − 1 M (1) (x) = (x − α)(x − α2 )(x − α4 )(x − α8 ) = x4 + x + 1, M (3) (x) = (x − α3 )(x − α6 )(x − α9 )(x − α12 ) = x4 + x3 + x2 + x + 1, M (5) (x) = (x − α5 )(x − α10 ) = x2 + x + 1, M (7) (x) = (x − α7 )(x − α11 )(x − α13 )(x − α14 ) = x4 + x3 + 1, where α is a root of the primitive polynomial x4 + x + 1. There are 32 cyclic codes of length 15, corresponding to all possible factors of x15 − 1. Among them there is the [15, 11, 3] code with generator polynomial x4 + x3 + x2 + x + 1 and parity check polynomial x11 + x10 + x6 + x5 + x + 1. An easy computation shows that the parity check matrix of this code is equivalent to (7.3). Cyclic codes can be also described in terms of special polynomials. More explicitly, we recall from Definition 3.1.2 that an element e(x) ∈ Rm is said to be idempotent if (e(x))2 = e(x). Theorem 7.2.5 Let C be a q-ary cyclic code of length m, (q, m) = 1, with generator polynomial g(x) and parity check polynomial h(x). Then there exists a unique idempotent element e(x) ∈ Rm which generates C and such that, for each element p(x) ∈ C, p(x)e(x) = p(x) in Rm .

(7.8)


123

Proof: Since (q, m) = 1, the polynomial xm − 1 does not have multiple roots; so g(x) and h(x) are relatively prime in Fq [x]. Therefore, there exist two polynomials a(x) and b(x) in Fq [x] such that a(x)g(x) + b(x)h(x) = 1.

(7.9)

Now, set c(x) := a(x)g(x) = 1−b(x)h(x). If u(x)g(x) is any codeword in C, then c(x)u(x)g(x) = u(x)g(x) − b(x)h(x)u(x)g(x) ≡ u(x)g(x) mod(xm − 1). Let e(x) be the residue of c(x) modulo xm − 1. By the discussion above, e(x) is an idempotent in Rm and satisfies (7.8). Furthermore, (7.8) implies that e(x) is a generator of C, since every codeword can be written as a multiple of e(x). Finally, suppose there exists an idempotent q(x) ∈ Rm which generates C and satisfies (7.8). Clearly, e(x) = f (x)q(x) in Rm ; so, by (7.8), q(x) = e(x)q(x) = f (x)(q(x))2 = f (x)q(x) = e(x). ✷ Codes corresponding to minimal ideals in Rm are called minimal cyclic codes (or irreducible cyclic codes). For example, cyclic codes generated by (xm − 1)/M (s) (x) are irreducible, since M (s) (x) is an irreducible polynomial over Fq . Furthermore, any minimal code Mi corresponds to an irreducible factor of xm − 1. Indeed, the parity check polynomial h(x) of Mi generates a maximal ideal in Rm ; therefore, h(x) is irreducible and coincides with one of the M (s) (x)’s. The idempotent of a cyclic code is called primitive and denoted by θi (x). Observe that, by definition, the primitive idempotent θs (x) of the code generated by (xm − 1)/M (s) (x) does not vanish for x = αj , where j ∈ Cs and where α is a primitive m-th root of unity. This remark allows to compute primitive idempotents. Example 7.2.6 The primitive idempotents in Example 7.2.4 are given by P i θ0 (x) = 14 i=0 x , 12 θ1 (x) = x + x9 + x8 + x6 + x4 + x3 + x2 + x, θ3 (x) = x14 + x13 + x12 + x11 + x9 + x8 + x7 + x6 + x4 + x3 + x2 + x, θ5 (x) = x14 + x13 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x, θ7 (x) = x14 + x13 + x12 + x11 + x9 + x7 + x6 + x3 . Some basic properties of primitive idempotents are recalled in the following result.

124


Theorem 7.2.7 Let {θs (x)}s be the primitive idempotents corresponding to the polynomials {(xm − 1)/M (s) (x)}s . Then i) θi (x)θj (x) = 0, for i 6= j; ii)

P

s θs (x)

= 1;

iii) 1 − θi1 (x) − . . . − θik (x) is the idempotent of the code generated by the polynomial M (i1 ) (x) · · · M (ik ) (x). Proof: For a proof see, for instance, [69]. ✷ The idempotent of the dual code of a code C can be described in terms of the idempotent of C. If a(x) = a0 + a1 x + . . . + am−1 xm−1 ∈ Fq [x], set a∗ (x) = xm−1 a(1/x) = a0 xm−1 + . . . + am−1 .

(7.10)

Then the following holds. Proposition 7.2.8 Let C be a q-ary cyclic code of length m with idempotent e(x). The idempotent of the dual code C ⊥ is (1 − e(x))∗ . Proof: Clearly, (1 − e(x))∗ is idempotent since e(x) is. Consider now the m-th roots of unity β1 , . . . , βm . Suppose further that e(βi ) = 0, 1 ≤ i ≤ t, and e(βi ) 6= 0 otherwise. Since e(x) is an idempotent in Rm , e(βi )(e(βi ) − 1) = 0 for each root of unity. Therefore, 1 − e(x) vanishes for x = βi , t + 1 ≤ i ≤ m. In other words, 1 − e(x) generates the same ideal as the parity check polynomial of the code C. Thus, by Theorem 7.2.3, (1 − e(x))∗ generates the dual code of C. ✷

7.2.4

Reed-Muller codes

We shall now describe a class of linear binary codes which were introduced by D. E. Muller and I. S. Reed in 1954, the Reed-Muller codes. They are closely related to Finite Geometries, since they can be described in terms of characteristic functions of affine spaces. Here we mainly focus on their description via Boolean functions which will play a major role in our approach to Kerdock codes. For more details, the reader is referred to [4]. (l) Let f : F2 → F2 be a Boolean function in l variables x1 , . . . , xl . Alternatively, f can be regarded as a polynomial in F2 [x1 , . . . , xl ]/(x21 − x1 , . . . , x2l − xl ) of degree at most l. The Reed-Muller code R(r, l) of order r and length m = 2l is the set of all possible values of Boolean


125

functions of degree at most r. Clearly, R(r, l) is a linear code (the sum oftwo Boolean functions is a Boolean function) of dimension k = 1 + l l , where k is the number of monomials in x1 , . . . , xl of degree + . . . + r 1 at most r. We recall some basic properties of Reed-Muller codes. Theorem 7.2.9 The following properties hold: i) R(0, l) = {0, 1}; (m)

ii) R(l, l) = F2 , where m = 2l ; iii) the minimum distance of R(r, l) is 2l−r . iv) the dual code of R(r, l) is R(l − r − 1, l).

Proof: For details and proofs the reader is referred, for example, to [69]. ✷ The Reed-Muller code can be regarded as a special case of a more general family of codes. First, recall that the shortened r-th order generalized Reed-Muller code R(r, l)∗ over Fq of length m = q l − 1 is the cyclic code R with generator polynomial g(x) :=

Y j

(x − αj ).

(7.11)

In (7.11) α is a primitive element in Fql and the product ranges over the set of integers j with 0 ≤ j < q l − 1, 0 ≤ wq (j) < (q − 1)l − r, where wq (j) denotes the sum of the coefficients in the expansion of j in the q-ary number system, i.e. j=

m−1 X i=0

ξi q i , wq (j) =

m−1 X

ξi ,

i=0

(see also Section 1.4). Then, the r-th order Generalized Reed-Muller code is defined to be the extended code R. For binary codes, the following holds. Proposition 7.2.10 The r-th order binary generalized Reed-Muller code of length 2m is equivalent to the r-th order Reed-Muller code. Proof: For a proof see [69].

✷

Remark 7.2.11 By Theorem 7.2.9, the dual of R(1, l) is the [2l , 2l − 1 − l, 4] Reed-Muller code R(l − 2, l). In particular, the shortened code R(l − 2, l)∗ is a [2l − 1, 2l − 1 − l, 3]-code. Therefore, by Remark 7.2.1, the dual code of R(1, l) is the extended Hamming code of length 2l .

126

7.3


Duality between codes

The weights of the codewords of a q-ary linear code C of length m are related to the weights of the codewords of the dual code C ⊥ . In this section, we recall this relationship which is known as the MacWilliams Identity [53]. This theorem can be viewed as a special case of a more general identity between specific elements of a suitable group algebra. Let t1 , . . . , tm be m formal indeterminates. For any element x = (m) (x1 , . . . , xm ) in Fq , set tx := tx1 1 . . . txmm . The set G := {tx | x ∈ Fq(m) } is an abelian group with respect to the product: xm +ym tx · ty = (tx1 1 . . . txmm ) · (ty11 . . . tymm ) := tx1 1 +y1 . . . tm ,

where xi + yi ∈ Fq , 1 ≤ i ≤ m. Denote now by C[G] the set of elements X

g = g(t) :=

α x tx ,

αx ∈ C.

(m) x∈Fq

(7.12)

C[G] is a commutative, unitary C-algebra, with respect to the following operations: for any g, h ∈ C[G] and for any β ∈ C, i) g+h=

X

(m)

y∈Fq

  X X    gh =  α x tx   βy ty  := (m)

(m)

y∈Fq



 X   αx tx  := βg = β  (m)

x∈Fq

(αx + βy )tz ; (m)

x+y=z∈Fq



x∈Fq

iii)

X

βy ty :=

(m)

x∈Fq

ii)

X

α x tx +

X

X

αr βz−r tz ;

(m)

z,r∈Fq

(βαx )tx .

(m)

x∈Fq

The MacWilliams Identity relates specific elements in the group algebra C[G]. The weight enumerator of an element g ∈ C[G] as in

127

7.3. DUALITY BETWEEN CODES (7.12) is the formal sum in C[W, X] given by X

Eg (W, X) :=

αx W m−wt(x) X wt(x)

(m) x∈Fq

n X

=

k=0

The coefficients Ak =

P

 

X

wt(x)=k

wt(x)=k



(7.13)

αx  W m−k X k =

X

Ak W m−k X k .

k=0

αx give the weight distribution of g.

Remark 7.3.1 Let C be a q-ary code. C can be viewed as an abelian subgroup of of C[G] under the embedding c 7→ tc , where c ∈ C. Moreover, the element X gC (t) = tc ∈ C[G] c∈C

is called the generating function of C. The polynomial HammC (W, X) := EgC (t) (W, X) =

X

W m−wt(c) X wt(c)

c∈C

is called the Hamming weight enumerator of C and the Ak ’s give the weight distribution of C, i.e. Ak is the number of codewords of C of weight k. We recall that a character of an abelian group (A; ∗) is any homomorphism from A to (C∗ ; ·), the multiplicative group of non-zero complex numbers. Let χ be any non-trivial character of (Fq ; +), where q = pt . For any (m) u ∈ Fq , define the map χu : C[G] → C∗ by setting



 X   χu  α x tx  = (m) x∈Fq

X

αx χ(hu, xi),

(m) x∈Fq

where hu, xi denotes the inner product in (7.2). As observed in Remark 7.3.1, a q-ary code can be embedded in C[G]. Thus, χu can be restricted to C. By abuse of notation, we will denote this restriction by χu . Lemma 7.3.2 Let C be a q-ary linear code. Then i) χu is a character of the additive group (C; +);

128


ii) χu is trivial if and only if u ∈ C ⊥ ; iii) X

χu (c) =

c∈C

(

|C| if u ∈ C ⊥ 0 otherwise.

Proof: Since C is an additive group and χ is a character, i) easily follows. As for ii), observe that, if u ∈ C ⊥ , then χu (c) = 1, for each c ∈ C. Conversely, if χu is trivial, we have 1 = χu (c) = χ(hu, ci), for each c ∈ C. Therefore, u is an element of C ⊥ , since, by hypothesis, χ is not trivial. Finally, iii) can be proved as follows. If u ∈ C ⊥ , by ii), χu is trivial and, clearly, X

c∈C

χu (c) = |C|.

If u is not an element of the dual code of C, there exists c0 such that χu (c0 ) 6= 1. Thus, χu (c0 )

X

X

χu (c) =

c∈C

This implies

χu (c0 + c) =

c∈C

X

X

χu (c).

c∈C

χu (c) = 0.

c∈C

Let g be an element as in (7.12) such that M := The MacWilliams transform of g is gb(t) :=

1 M

X

(m) x∈Fq

P

✷ 6 0. (m) αx = x∈F

χx (g)tx ∈ C[G].

q

(7.14)

The following theorem holds. Theorem 7.3.3 (MacWilliams’ Identity) Take g as in (7.12) such that P M := x∈F(m) αx 6= 0. Then q

Ebg (W, X) =

1 Eg W + (q − 1)X, W − X) . M

(7.15)

129

7.3. DUALITY BETWEEN CODES Proof: The reader is referred, for example, to [53] for a proof. The specialization of (7.15) to linear codes yields

✷

Theorem 7.3.4 Let C be an [m, k, d] code over Fq with Hamming weight enumerator HammC (W, X) and let HammC ⊥ (W, X) be the weight enumerator of C ⊥ . Then

HammC ⊥ (W, X) = q −k HammC W + (q − 1)X, W − X) . Proof: If g is the generating function of C then, by Remark 7.3.1, (7.15) becomes

Ebg (W, X) = q −k HammC W + (q − 1)X, W − X) .

On the other hand, by Lemma 7.3.2, gb(t) = q −k

X

(m)

x∈Fq

X

χx (c)tx

c∈C

equals the generating function of C ⊥ . Thus the claim follows.

✷

Example 7.3.5 Consider the Hamming code CH described in Example 7.2.2. The weight enumerator of CH can be determined by applying the ⊥ is result above. By direct computations, the weight enumerator of CH 15 7 8 W + 15W X . Therefore, by Theorem 7.3.4, the weight enumerator of CH is 15 1 (W + X)15 + (W + X)7 (W − X)8 = W 15 + 35X 3 W 12 16 16 +105X 4 W 11 + 168X 5 W 10 + 280X 6 W 9 + 435X 7 W 8 + 435X 8 W 7 +280X 9 W 6 + 168X 10 W 5 + 105X 11 W 4 + 35X 12 W 3 + X 15 . By Theorem 7.3.4, the weight distribution of a linear code C is the MacWilliams transform of the weight distribution of the dual code C ⊥ . Nonetheless, this may happen for nonlinear codes as well. Definition 7.3.6 Two nonlinear codes are formal duals if the weight distribution of one of them is the MacWilliams transform of the weight distribution of the other.

130


We conclude this section by recalling another important function used to describe properties of codes. Let C be a code of type (n, M, d). The distance enumerator of C is given by the formal sum BC (z) :=

n X

Bk z k ,

(7.16)

k=0

where, for any non-negative integer k, 0 ≤ k ≤ n,

1 |{(x, y) : x, y ∈ C, dH (x, y) = k}|. M The numbers Bk give the distance distribution of C. Bk :=

Remark 7.3.7 Suppose that C is a distance invariant code, i.e. a code such that, for any codewords c1 , c2 , the number of codewords at distance i from c1 equals the number of codewords at distance i from c2 . If, additionally, C contains the word 0, then the weight distribution coincides with the distance distribution.

7.4

Some families of nonlinear q-ary codes

In this section, we will describe two families of nonlinear codes, the Kerdock codes and the Preparata codes. Aside from their excellent error correcting capabilities, these codes are also formal duals (see Definition 7.3.6). For other examples of q-ary nonlinear codes the reader is referred, for instance, to [14] and to [53].

7.4.1

Binary Kerdock codes

Binary Kerdock codes were originally introduced by A. M. Kerdock in 1972 [45]. Since then, they have been investigated by many authors for their properties and their relationships with Symplectic and Orthogonal Finite Geometries. In 1982, W. M. Kantor (see [40], [41], [42]) explicitly constructed infinitely many families of inequivalent Kerdock codes, all of them with the same weight distribution. In this section, we will basically pursue his approach to describe Kerdock codes and to discuss some of their properties.

7.4.2

Kerdock sets

To begin with, we need to recall some elementary facts of Symplectic Geometry over finite fields. For more details on this topic, see, for example, [21]. Let V be a vector space of dimension m over the finite field

7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES

131

Fq , q = 2r . A quadratic form over V is a map Q : V → Fq such that, for all λ, µ ∈ Fq and v, w ∈ V , Q(λv + µw) = λ2 Q(v) + µ2 Q(w) + λµf (v, w),

(7.17)

where f is a bilinear form over V × V . Note that f is determined by Q since f (v, w) = Q(v + w) + Q(v) + Q(w),

v, w ∈ V.

Moreover, f (v, v) = Q(v + v) + Q(v) + Q(v) = 0,

v ∈ V.

Thus, f is a symplectic form over V . Denote by y1 , . . . , ym coordinates on V with respect to the canonical basis. By standard facts of Linear Algebra, for any quadratic form Q over V , there exists an integer h, 2 ≤ 2h ≤ m, such that Q can be written as h X

y2i−1 y2i + L,

i=1

where 2h is the rank of the symplectic form corresponding to Q and L is a linear functional over V . In what follows, we shall need the following result. Lemma 7.4.1 that

(2h)

i) The number of 2h-tuples (y1 , . . . , y2h ) ∈ F2 h X

such

y2i−1 y2i = 0

i=1

is 22h−1 + 2h−1 .

ii) The number of m-tuples (y1 , . . . , ym ) such that h X

y2i−1 y2i +

i=1

m X

ai yi = 0,

i=2h+1

ai ∈ F2 ,

is 2m−1 . Proof: i) If h = 1, the claim is trivial. Now, h+1 X i=1

y2i−1 y2i =

h X i=1

y2i−1 y2i + y2h+1 y2h+2 := F1 + F2 .

(7.18)

132

CHAPTER 7. CODES OVER FINITE FIELDS (h)

Therefore, by induction, the number of 2h-tuples (y1 , . . . , y2h ) ∈ F2 such that F1 = F2 = 0 (respectively F1 = F2 = 1) is 3(22h−1 + 2h−1 ) (respectively 22h−1 − 2h−1 ). So the claim follows. ii) The Boolean function on the left hand side of (7.18) attains the value 0 as many times as the value 1. Thus, the number of solutions of (7.18) is 2m−1 . ✷ From now on, let V denote a vector space over Fq , q even, of dimension m, m = 2n. Definition 7.4.2 A Kerdock set K over Fq is a collection of q m−1 symplectic forms over V such that the sum of any two distinct elements in K is non-singular. Clearly, a Kerdock set can be identified with a set of q m−1 symmet(k) (k) ric matrices B (k) = (bij ), where bij ∈ Fq , of order m such that the difference of any two matrices has rank m. Definition 7.4.3 Two Kerdock sets K1 and K2 are equivalent if there exists a map K1 −→ K2 M 7−→ dB −1 M φ (B −1 )t + C, where M = (aij ), d ∈ F∗q , φ ∈ Aut(Fq ), M φ is the matrix (αij ) such that αij = φ(aij ), B is an invertible matrix of order m, and C is an alternating matrix of order m. By Definition 7.4.3, we can therefore assume that, up to equivalence, a Kerdock set contains the zero symplectic form. Example 7.4.4 When m = 2, the only Kerdock set over F2 is given by (

0 1 1 0

!

0 0 0 0

,

!)

.

Consider, now, the case m = 4. By direct computation, the set of matrices     

0 0 0 0

0 0 0 0

0 0 0 0

0 0 0 0



  , 

    

0 1 1 1

1 0 1 1

1 1 0 1

1 1 1 0



  , 

    

0 1 1 0

1 0 0 0

1 0 0 1

0 0 1 0



  , 


    

0 0 1 1

0 0 0 1

1 0 0 0

1 1 0 0     

0 0 0 1



  , 

0 0 1 0

is a Kerdock set over F2 .

    

0 1 0 1

0 0 1 0 1 0 1 0

0 0 1 1 

  , 

1 1 0 0

0 1 0 0     

0 1 0 0



  , 

1 0 0 1

    

0 0 0 1

0 1 0 1 0 1 1 0

1 0 1 0 

0 1 0 0

133

1 0 0 0



  , 

   

The existence of Kerdock sets is actually a non-trivial problem related to Finite Geometries over Fq , q even. A complete exposition of the techniques used to construct Kerdock sets can be found in [40], [41]. Here we just show how their construction can be approached in geometrical terms. Fix the quadratic form Q over V given by Q(y1 , . . . , ym ) := y1 yn+1 + . . . + yn y2n .

(7.19)

A subspace W ⊂ V is totally singular with respect to Q if Q(w) = 0, for each w ∈ W . Note that the maximal dimension of totally singular subspaces of V is n. A vector space V which is equipped with the quadratic form (7.19) is said to be an Ω+ (2n, q)-space. An orthogonal spread F of an Ω+ (2n, q)-space is a family of q n−1 + 1 totally singular n-dimensional spaces such that every totally singular one-dimensional space of V belongs to exactly one member of F. Two orthogonal spreads F1 and F2 are equivalent if there exists an invertible linear transformation of V which preserves Q and maps elements in F1 to elements in F2 . Now, suppose that n = 2a, a ≥ 1. Fix two totally singular 2adimensional subspaces U and W such that U ∩ W = {0}, so V = U ⊕ W . Thus, there exist two bases {u1 , . . . , u2a }, {w1 , . . . , w2a } of U and W respectively, such that f (ui , wj ) = δij , where f is the bilinear form associated with the quadratic form Q. This quadratic form is invariant with respect to linear transformations which, in the chosen basis, have matrices of the form ! I2a 0 † , (7.20) M = M I2a where I2a is the identity matrix of order 2a and M is an alternating matrix of order 2a. As M varies, the set P † of matrices M † is isomorphic to

134


the abelian group of alternating matrices of order 2a with entries from Fq . Thus, a Kerdock set K can be associated with a subset K† of P † of q 2a−1 matrices. Under this correspondence, any Kerdock set yields an orthogonal spread of V and vice versa (see [40] for a proof). Therefore, the existence of Kerdock sets is reduced to the construction of orthogonal spreads of an Ω+ (4a, q)-space. Kantor in [40] and in [41] describes explicitly inequivalent orthogonal spreads which yield inequivalent Kerdock sets.

7.4.3

Properties of binary Kerdock codes

The first family of Kerdock codes was introduced by Kerdock in 1972. These codes, which are usually denoted by K(m), m even, m ≥ 4, can be described in various ways: see [15], [40] and [45] for details about their different constructions. Anyhow, more families of binary Kerdock codes have been discovered; thus, we shall define them as follows. Definition 7.4.5 Let m be an even integer, m ≥ 4. A binary Kerdock code is a (2m , 22m , 2m−1 −2m/2−1 ) subcode of the Reed-Muller code R(2, m), which is obtained as the union of cosets of the Reed-Muller code R(1, m). Kerdock codes can be constructed from Kerdock sets over F2 . For each matrix M in a Kerdock set K, let QM be an associated quadratic (m) form over F2 . Consider the set C(K) := {QM (v) + L(v) + c},

(7.21) (m)

where M ∈ K, L varies in the space of linear functionals over F2 , (m) c ∈ F2 , and v is any vector in F2 . Theorem 7.4.6 The set C(K) is a Kerdock code. Proof: As observed in Section 7.2.4, the Reed-Muller code R(2, m) is a binary linear code of length 2m ; moreover, its codewords are given by Boolean functions of degree at most two. Thus, C(K) is a subcode of R(2, m) of length 2m . Furthermore, C(K) is a union of cosets of R(1, m) with representatives QM , M ∈ K. Therefore, by Theorem 7.2.9, the number of codewords of C(K) is 2m−1 · |R(1, m)| = 22m .


135

C(K) is not linear, since the sum of two codewords lies in a coset of R(1, m) which does not necessarily have one of the elements of K as a representative. To compute the minimum distance of C(K) we remark that, for any words c1 , c2 , dH (c1 , c2 ) = wt(c1 + c2 ), since c1 + c2 ∈ R(2, m) whether c1 + c2 belongs to C(K) or not. On the other hand, by definition of C(K), c1 + c2 may belong either to the subcode R(1, m) or to a coset of the first order Reed-Muller code with representative a quadratic form of maximal rank m. In the former case, by Theorem 7.2.9, the weight of c1 + c2 may be 0, 2m or 2m−1 ; in the latter case, by Lemma 7.4.1, the weight of c1 + c2 may be 2m−1 or 2m−1 ± 2m/2−1 . Thus, the minimum distance of C(K) is 2m−1 − 2m/2−1 . ✷ Remark 7.4.7 The same arguments used to compute the minimum distance of C(K) prove that C(K) is distance invariant (cf. Remark 7.3.7). Remarkably, any Kerdock code C has the form C(K), for some Kerdock set K. Indeed, by Definition 7.4.5, C is a union of 2m−1 cosets of the first order Reed-Muller code. On the other hand, by Lemma 7.4.1, the difference of any two representatives of such cosets needs to have maximal rank if the minimum distance of C is 2m − 2m/2−1 . Therefore, the representatives of the cosets which compose C form a Kerdock set. Example 7.4.8 (The Nordstrom-Robinson code) For m = 4, the Kerdock code corresponding to the Kerdock set described in Example 7.4.4 is a (16, 256, 6) nonlinear code. In [67], Snover proves that there exists a unique nonlinear code with such parameters, which is called the Nordstrom-Robinson code N16 . Equivalent Kerdock codes correspond to equivalent Kerdock sets. More precisely, the following holds. Theorem 7.4.9 Let K1 and K2 be two Kerdock sets over F2 . Then C(K1 ) and C(K2 ) are equivalent codes if and only if K1 is equivalent to K2 . Proof: For a proof, the reader is referred to [42]. ✷ Although Kerdock codes may be inequivalent, they all have the same weight enumerator, which, by Remark 7.4.7, is also the distance enumerator.

136


Theorem 7.4.10 The weight enumerator of a Kerdock code C of length 2m , m even, m ≥ 4, is K(z) = 1 + (22m−1 − 2m )z 2 + (22m−1 − 2m )z

m−1 −2(m/2)−1

(7.22)

2m−1 +2(m/2)−1

+ (2m+1 − 2)z

2m−1

m

+ z2 .

Proof: Up to equivalence, we can assume that C contains the first order Reed-Muller code R(1, m); hence, by Theorem 7.2.9, C has one word of weight 0, one word of weight 2m and 2m+1 − 2 words of weight 2m−1 . Moreover, by Lemma 7.4.1, all other words of C have weight 2m−1 ± 2(m/2)−1 . Trivially, if a codeword c has weight 2m−1 − 2(m/2)−1 , then m−1 ±2(m/2)−1 c + 1 has weight 2m−1 + 2(m/2)−1 . Thus, the coefficients of z 2 are both 22m−1 − 2m . ✷

7.4.4

Classical Preparata codes

In [61], P. Preparata introduced a class of double-correcting non-linear codes P(2) (see Definition 7.4.11 for notation) with a remarkably large number of codewords in terms of their length and their minimum distance. Since then, many other families with the same properties have been introduced. In this section, we will recall the definition of these codes by following [6]. Moreover, we shall discuss the formal duality of the extended Preparata code P(σ) with the Kerdock code K(m).

7.4.5

Basic properties

All through this section, let t be an odd integer, t ≥ 3. Set also n = 2t −1 and F = F2t . Let x 7→ xσ be an automorphism of F , i.e., σ is a power of 2, such that (σ ± 1, n) = 1. If U is a subset of F , then χ(U ) will denote the characteristic vector of U of length 2t . Definition 7.4.11 The extended Preparata code P(σ) is the set of words [χ(U ), χ(V )], where U and V are subsets of F such that: (P1) |U | and |V | are even, (P2) (P3)

P

P

u∈U u∈U

u=

P

v∈V

uσ+1 + (

v,

P

u∈U

u)σ+1 =

P

v∈V

v σ+1 .


137

Without loss of generality, we can assume that 0 ∈ F is the first element in U and the first element in V . The classical Preparata code P(σ) is obtained from the extended code P(σ) by dropping the first coordinate in each codeword. We summarize the main properties of P(σ) in the following theorem: for a proof see [6]. Theorem 7.4.12 The extended Preparata code P(σ) is a binary nont+1 linear (2t+1 , 22 −2t−2 , 6) code. Moreover, it is distance invariant. Clearly, by Theorem 7.4.12, the nonlinear binary code P(σ) is a (2t+1 − t+1 1, 22 −2t−2 , 5)-code. Moreover, it is a nearly perfect code (see [14]). Example 7.4.13 For t = 3, σ = 4, the code P(4) has length 16, minimum distance 6, and 256 codewords. As explained in Example 7.4.8, this is the Nordstrom-Robinson code, which, incidentally, coincides with the Kerdock code K(4). We end this section with some remarks about the weight distribution of Preparata codes. To begin with, in [27], the weight distribution of any nearly perfect code is determined. Accordingly, the weight distribution of the extended Preparata code can be completely computed. In particular, when σ = 2, the extended Preparata code P(2) of length 2m and the Kerdock code K(m) satisfy the following result. Theorem 7.4.14 The weight distribution of P(2) is the MacWilliams transform of the weight distribution of K(m), m even, m ≥ 4. Proof: The reader is referred to [53]. ✷ Thus, by Definition 7.3.6, P(2) and K(m) are formal duals. Their formal duality has been an object of study for years. Arguably, the existence of infinitely many families of Kerdock codes with the same weight distribution and the existence of many other Preparata codes seemed to suggest that the relationship in Theorem 7.4.14 was merely a coincidence. Although this may be true for many versions of these codes, we will show in Chapter 8 that suitable Kerdock codes and Preparata codes can be related in a deeper algebraic sense in terms of Galois Ring Theory.

7.4.6

Preparata codes and Hamming codes

In Section 7.4.3, Kerdock codes of length 2m were defined as a union of cosets of the first order Reed-Muller code R(1, m) in the second order

138


Reed-Muller code. By Theorem 7.2.9, the dual of R(1, m) is the extended Hamming code Hm of length 2m . In this section, we will show that Hm can also be constructed from Preparata codes. Set t = m − 1, m even, m ≥ 4. For the sake of simplicity, denote by C0 the code P(σ). Now, for any α ∈ F ∗ , define Cα to be the code obtained by adding the word cα = [χ(U ), χ(V )] corresponding to the sets U = V = {0, α} to every word of C0 . Lemma 7.4.15 α ∈ F ∗.

1. The minimum weight of the code Cα is 4, for each

2. Cα1 ∩ Cα2 = 0, α1 6= α2 ∈ F ∗ . Proof: 1. Since the extended Preparata code is invariant with respect to the Hamming distance, and its minimum distance is 6, for any x ∈ Cα , wt(x) = dH (x, 0) ≥ 6 − r + 4 − r = 10 − 2r, where r is the number of 1’s which appear both in a word of minimum weight 6 and in a word of minimum weight 4. Since r ≤ 4, it suffices to show that there are no words of minimum weight 2 in Cα . Suppose that such a word exists, say c. Then, c would correspond to the two subsets {0, α}, {0, γ, α, β} of F , where α, β, and γ are distinct elements in F ∗ . This would contradict (P 2), so the claim follows. 2. Suppose there exists c ∈ Cα1 ∩ Cα2 , c 6= 0 such that c = cα1 + c1 = cα2 + c2 , where ci ∈ P(σ) and cαi ∈ Cαi , i = 1, 2. Thus, dH (c1 , c2 ) = ✷ wt(cα1 + cα2 ) = 4, whereas the minimum distance of P(σ) is 6. Define the code [ Cα . Hm = α∈Fm−1

Theorem 7.4.16 Hm is the extended Hamming code of length 2m . Proof: Clearly, the length of Hm is 2m . Additionally, |Hm | = 2m−1 |P(σ)| = 22

m −m−1

.

Moreover, by Lemma 7.4.15, the minimum weight of Hm is 4. Thus, the theorem is proved if we show that Hm is linear. Let c1 and c2 be two codewords in Hm . Then, there exist subsets Xi , Yi , and elements αi in F , i = 1, 2, such that ci = [χ(Xi ), χ(Yi )] + [χ({0, αi }), χ({0, αi })].


139

Proving that c1 + c2 belongs to Hm is equivalent to solving the equation sσ+1 + sσ+1 = (γ + s1 + s2 + α1 + α2 ), 1 2 P

σ+1

(7.23)

, i = 1, 2, with respect to γ (see [6] for details). si = xi ∈Xi xi Since, under our assumptions, the map x 7→ xσ+1 is an automorphism of F , (7.23) has a unique solution. ✷

140


Chapter 8

BASIC NOTIONS ON CODES OVER GALOIS RINGS In this chapter we give a brief overview of some basic properties of codes over Galois rings. In particular, we focus on the case of codes over GR(pn , 1) = Zpn , which are presently an evolving research topic for several applications. Moreover, we shall discuss in more details codes over Z4 by describing their relationship with binary codes. In this case, a fundamental tool of our analysis is the so called Gray map, which will be used to carry out a Z4 -interpretation of the formal duality between binary Kerdock codes and some ”ad hoc” generalizations of the classical Preparata codes.

8.1

Basic properties

In this section, we discuss some basic facts of codes over the Galois ring of integers mod pn , i.e. Zpn = {0, 1, . . . , pn − 1}. (m)

Denote by Zpn the set of ordered m-tuples (x1 , . . . , xm ), xi ∈ Zpn , (m)

1 ≤ i ≤ m. A code C over Zpn is a subset of Zpn . Two codes over Zpn are permutation equivalent if one can be obtained from the other by a permutation of coordinate positions (see Section 7.1). (m)

The Zpn -module Zpn is equipped with two natural distances: the Hamming distance introduced in (7.1) and the Lee distance, dL , which is defined as follows. 141

142

CHAPTER 8. CODES OVER GALOIS RINGS

Definition 8.1.1 The Lee weight of an element h ∈ Zpn is wtL (h) := min{h, pn − h}.

(8.1) (m)

The Lee weight of an element a = (a1 , . . . , am ) ∈ Zpn is the sum of the (m)

(m)

Lee weights of its coordinates. The Lee distance dL on Zpn × Zpn is defined by dL (x, y) = wtL (x − y).

In addition to the minimum Hamming distance and the minimum Hamming weight, a code over Zpn has also a minimum Lee distance dL (C) := minv6=w∈C dL (v, w), and a minimum Lee weight wtL (C) := min06=v∈C wtL (v). In general, the Hamming distance is not a natural metric for measuring error-correcting capabilities of codes over rings. Indeed, in communication systems it is more likely that a transmitted symbol is received as a symbol close to it. As an example, consider the code of length 3 over the ring Z8 . The Hamming distance between (1, 0, 0) and (h, 0, 0) is 1, for any h ∈ Z8 , h 6= 1. On the other hand, the Lee distance is more suitable for describing possible errors, since dL depends on the symbol h.

8.1.1

Linear codes over Zpn

A code C over Zpn is linear if it is a subgroup of the abelian group (m) hZpn ; +i, where the operation + is defined componentwise. We recall that, as observed in (1.6), Section 1.4, any element u ∈ Zpn can be uniquely written as a finite sum u=

n−1 X

u i pi ,

i=0

where 0 ≤ ui ≤ p − 1. Similar to the case of q-ary codes, after a suitable permutation of the coordinates, a non-zero linear code C of length m over Zpn can be described by a generator matrix G of the form    

G=

I A0,1 A0,2 A0,3 0 pI pA1,2 . . . ... ... ... ... 0 0 0 0

. . . A0,n−1 A0,n ... ... pA1,n ... ... ... . . . pn−1 I pn−1 An−1,n



  , 

(8.2)

143

8.1. BASIC PROPERTIES

where the columns are grouped into blocks of size k0 , k1 , . . . , kn−1 , kn P such that ki = m. The notion of elementary row operations on a matrix, and the consequences of it, carries over to Zpn with the understanding that only multiplication of a row by a unit in Zpn is allowed, as opposed to multiplication by any non-zero element. All the codewords of C are given by [v0 . . . vn−1 ]G, where vi is a vector of length ki with components in Zpn−i . Thus, C contains pk words, where k=

n−1 X i=0

(n − i)ki . Q

(n−i)ki . The dual code of Therefore, C is called a code of type n−1 i=0 p C is the set (m) C ⊥ := {x ∈ Zpn | x · y = 0, ∀y ∈ C},

where x·y =

m X

x i yi .

(8.3)

i=1

A generator matrix of C ⊥ is called a parity check matrix of C, as in the case of q-ary codes. If C is a linear code with generator matrix G as in (8.2), then a parity check matrix of C is given by    

H=

B0,n B0,n−1 pB1,n pB1,n−1 ... ... pn−1 Bn−1,n pn−1 I

. . . B0,2 ... ... ... ... ... ...

. . . B0,1 I . . . pB1,2 pI ... ... ... ... 0 0



  , 

where the column blocks have the same sizes as in (8.2). Moreover, they are determined by the condition GH T = 0. C ⊥ is thus a code of type Qn (n−i)ki . i=1 p

8.1.2

Reed-Muller codes over Zpn

(m)

Let x1 , . . . , xm be coordinates on the vector space Z2 . Recall that each coordinate xi can be viewed as a Boolean function. A general(m) ized Boolean function is a function f from Z2 to Z2k , k ≥ 1. It is straightforward to show that any such function of degree at most r can be uniquely expressed as a linear combination over Z2k of monomials in x1 , . . . , xm of degree at most r. For k ≥ 1 and 0 ≤ r ≤ m, the r-th order linear code RM2k (r, m) over Z2k of length 2m is generated by the monomials of degree at most r.

144


For k > 1 and 0 ≤ r ≤ m + 1, the r-th order linear code ZRM2k (r, m) over Z2k of length 2m is generated by the monomials of degree at most r − 1 together with two times the monomials in the xi ’s of degree r (with the convention that the monomials of degree −1 and m + 1 are equal to zero). The code RM2k (r, m) generalizes the binary Reed-Muller code introduced in Chapter 7. For k = 2, the code ZRM4 (r, m) was first considered in [11]. The codes RM2k (r, m) and ZRM2k (r, m) contain (2k )

Pr

i=0

(mi) and (2k )

Pr−1 i=0

(mi) · (2k−1 )(mr)

words, respectively. These codes are widely used in communication engineering and, especially, in Orthogonal Frequency Division Multiplexing (cf. [20] for more details on this topic). Analogously to q-ary ReedMuller codes, we have Proposition 8.1.2 i) The minimum Hamming distance of the codes RM2k (r, m) and ZRM2k (r, m) is 2m−r . ii) The minimum Lee distance of RM2k (r, m) and of ZRM2k (r, m) are 2m−r and 2m−r+1 , respectively.

8.1.3

Cyclic codes over Zpn

A cyclic code of length m over Zpn is a linear code which satisfies (7.5). As in Section 7.2.3, cyclic codes can be described in terms of polynomials. Indeed, the residue class ring Rm := Zpn [x]/(xm − 1) has the set of polynomials S := {a0 + a1 x + . . . + am−1 xm−1 | ai ∈ Zpn , 0 ≤ i < m} as a system of representatives. Rm can be viewed as a free module of rank m over Zpn with elements given by the m-tuples (a0 , a1 , . . . , am−1 ); therefore, C can be identified with a set of elements of Rm . Since multiplication by x in this ring is equivalent to a cyclic permutation of the coefficients of any representative, C corresponds to an ideal in Rm . In what follows, we will assume (m, p) = 1 so that the polynomial xm − 1 does not have multiple factors. Proposition 8.1.3 The ring Rm is a P.I.D. (see Section 1.3).

145


Proof: Denote by fj (x) the monic irreducible polynomials which decompose xm − 1 in Zp [x]. By consecutively applying the Hensel Lemma (see Theorems 1.4.3 and 3.2.6), there exist polynomials fej (x) which factorize xm − 1 in Zpn [x]. As in Section 3.1, we have s s Y Y Zpn [x] Rj , Rm = := e (fj (x)) j=1

j=1

where s is the number of polynomials in the factorization of xm − 1 in Zpn [x]. Since the polynomials fej (x) are relatively prime (see Definition 3.2.1), any ideal in Rm can be written as an intersection s \

Ij ,

j=1

where Ij is an ideal in the local ring Rj , 1 ≤ j ≤ s. On the other hand, Ij = pmj Rj , 0 ≤ mj ≤ n.

(8.4)

Indeed, Ij admits a primary decomposition in prime ideals. However, Rj contains only the prime ideal pRj , since the image of any prime ideal Pj of Rj under the homomorphism Rj →

Zp [x] (fj (x))

is the zero ideal. Thus, Pj ⊂ pRj ; moreover, p belongs to Pj , since Rj /Pj is an integral domain. Therefore, Pj = pRj , and Ij is described as in (8.4). By expanding the product in (8.4) and recalling that, in Zpn [x], (fej (x)) ⊂ (pn−1 , fej (x)) ⊂ . . . (p, fej (x)), we have I = Ψ(J), where Ψ : Zpn [x] → Rm is the canonical quotient epimorphism and where the ideal J = (h0 (x), ph1 (x), . . . , pn−1 hn−1 (x)) is determined by the polynomials hi (x)’s which are divisors of xm − 1 in Zpn [x] satisfying hn−1 (x)|hn−2 (x)| . . . |h1 (x)|h0 (x) (see Section 1.4).

146


Finally, to prove the assertion it suffices to show that any ideal I has the generator Ψ(g(x)), where g(x) := h0 (x)+ph1 (x)+. . .+pn−1 hn−1 (x) ∈ Zpn [x]. This follows by induction on n. Indeed, for n = 1 the claim is trivial. For n ≥ 2, define the polynomials h0 (x) = (xm − 1)/h0 (x); hi (x) = hi−1 (x)/hi (x),

1 ≤ i ≤ n.

Consider the polynomials kj (x) =

n Y

i=0

c h0 (x) . . . h j (x) . . . hn (x),

where the hat denotes a missing factor in the product. Since the kj (x)’s are relatively prime in Zpn [x], there exist polynomials aj (x) such that n X

aj (x)kj (x) = 1.

(8.5)

j=0

Multiplying both sides of (8.5) by pn−1 hn−1 (x) yields n X

aj (x)kj (x)pn−1 hn−1 (x) = pn−1 hn−1 (x).

(8.6)

j=0

By explicit computation (see [13]), it is easy to show that the polynomial Ψ(pn−1 hn−1 (x)) belongs to the ideal generated by Ψ(g(x)). By induction, the theorem is completely proved. ✷ Remark 8.1.4 By abuse of notation, we can say that g(x) is the generator polynomial of the cyclic code C over Zpn and the polynomial h(x) = (xm − 1)/g(x) determines a parity check polynomial of C. Example 8.1.5 The factorization of x15 − 1 in Z4 [x] can be determined by the factorization of x15 − 1 in Z2 [x] (cf. Example 7.2.4). More precisely, x15 − 1 = (x + 3)(x2 + 3x + 3)(x4 + 2x3 + 2x2 + 3x + 3)· (x4 + 3x3 + 2x2 + 2x + 3)(x4 + 3x3 + 3x2 + 3x + 3) = fe1 (x) . . . fe5 (x).

Since there are five monic, basic irreducible factors of x15 − 1, there exist 35 quaternary cyclic codes of length 15.

147


Like codes over finite fields, cyclic codes over Zpn can be described in terms of idempotents. In fact, by Proposition 3.1.3 and Theorem 3.1.4, the finite, unitary, commutative ring Rm can be decomposed into a sum of subrings generated by a set of mutual orthogonal idempotents ej such P that j ej = 1. Clearly, any finite sum of idempotents in the set ej is an idempotent itself. This means that any cyclic code has an idempotent as a generator polynomial. We will give more example of cyclic codes in Section 8.2. We end this section by observing how Proposition 7.2.8 extends to cyclic codes over Zpn . As in (7.10), for any polynomial a(x) ∈ Zpn [x] of degree m − 1, set a∗ (x) = xm−1 a(1/x) = a0 xm−1 + . . . + am−1 . Proposition 8.1.6 If C is a cyclic code of length m over Zpn with idempotent e(x), then the code C ⊥ has idempotent (1 − e(x))∗ . Proof: Let g(x) be a generator polynomial of C. With the same convention adopted in Remark 8.1.4, g(x)h(x) = xm − 1, where h(x) is a parity check polynomial of C. Since e(x)(1 − e(x)) = 0 in Rm , 1 − e(x) is an idempotent element in the ideal (h(x)). On the other hand, by the same arguments of Theorem 7.2.5, which can be easily adapted to this case, (1 − e(x)) = (h(x)). Since Theorem 7.2.3 ii) can be generalized to the case of cyclic codes over Zpn , the claim is completely proved. ✷

8.1.4

Hamming codes over Zpn

Hamming codes over the Galois ring Zpn were first introduced by I. F. Blake in [8]. We briefly recall their definition and compare them with their analogue over finite fields. Let Z be the set {(a1 , . . . , am ) | ai zero divisor in Zpn }. Let

(k)

µ : Zpn −→ Z(k) p

be the homomorphism which reduces mod p the coordinates of any k(k) (k) tuple in Zpn (see Section 1.4). Two elements a, b in Zpn \ Z are defined to be equivalent if and only if µ(a) and µ(b) are linearly dependent over (k) the Zp -vector space Zp . (k)

Lemma 8.1.7 The number of equivalence classes of Zpn \ Z is (pk − 1)/(p − 1).

148

CHAPTER 8. CODES OVER GALOIS RINGS (k)

Proof: The cardinality of Zpn \ Z is p(n−1)k (pk − 1), since there are pn−1 zero-divisors in Zpn . Moreover, by definition, every equivalence class has (p − 1)p(n−1)k elements. ✷ k Now, consider the k × (p − 1)/(p − 1) matrix H with columns given by representatives of the equivalence classes defined above. Since the columns of H can be chosen to have entries from the set {0, 1, . . . , p − 1}, it is natural to define the Hamming code C over the Galois ring Zpn as the code with parity check matrix H. C is thus a code of length (pk − 1)/(p−1), with codewords given as linear combinations, with coefficients (k) from Zpn , of k independent elements in Zp . Finally, notice that both the minimum Hamming distance and the minimum Lee distance of C are equal to 3, as can be readily checked by the definition of H.

8.2

Linear quaternary codes

In this section, we will focus on linear quaternary codes, i.e. linear codes over Z4 . Any such code of length m is permutation equivalent to a code C with generator matrix of the form G=

I k1 0

A 2Ik2

B C

!

,

(8.7)

where the entries in A and in C are 0 or 1, and those in B are from Z4 . A codeword has the form (a1 , . . . , ak1 +k2 )G, where a1 to ak1 are in Z4 and ak1 +1 to ak1 +k2 are in Z2 . C is called a linear quaternary code of type 4k1 2k2 , since it has 22k1 +k2 codewords. If C has generator matrix G, the dual code C ⊥ has generator matrix −B T − C T AT 2AT

CT 2Ik2

Im−k1 −k2 0

!

.

Note that C ⊥ is a code of type 4m−k1 −k2 2k2 . Example 8.2.1 Consider the 4 × 8 block matrix G = (I4 | B) with elements from Z4 , where I4 is the identity matrix of order 4 and B is the matrix   3 1 2 1  1 2 3 1       3 3 3 2  2 3 1 1

The linear code with generator matrix G is a quaternary code of length 6, with 256 codewords, and, by direct computation, minimum Lee weight

8.2. LINEAR QUATERNARY CODES

149

6. This code, which is called the octacode, may be characterized, for example, as the unique self-dual code of length 8 and minimal Lee weight 6 (cf. [18]). Quaternary cyclic codes have been investigated by many authors for their various applications: see, for instance, [9], [13], and [60]. As observed in Section 8.1.3, and with the same notation adopted there, the number of Z4 -cyclic codes of length m is 3s , where s is the number of basic irreducible polynomial factors of xm − 1 over Z4 . Furthermore, the following result holds. Theorem 8.2.2 Suppose C is a quaternary cyclic code of odd length m. Then there exist unique, monic polynomials f (x), g(x), and h(x) such that C corresponds to the image of the ideal (f (x)h(x), 2f (x)g(x)) in Rm , where f (x)g(x)h(x) = xm − 1, and C is of type 4deg(g(x)) 2deg(h(x)) . Proof: The proof is a bit technical and basically depends on the possibility of choosing the polynomials f (x), g(x), and h(x); for details see [60]. ✷ Idempotents of quaternary codes have been also determined explicitly. As discussed in Section 7.2.3, the factorization of the cyclotomic polynomial xm − 1 over Z2 determines a set of mutual orthogonal primitive idempotents θi (x) in Z2 [x]/(xm − 1) (cf. Theorem 7.2.7). It is shown in [9] that the polynomials θi (x) allow to determine idempotents ηi (x) in Z4 [x]/(xm − 1) such that X i

ηi (x) = 1,

ηi (x)ηj (x) = 0, i 6= j.

Example 8.2.3 There exist 27 quaternary cyclic codes of length 7, since x7 − 1 = (x − 1)(3 + x + 2x2 + x3 )(3 + 2x + 3x2 + x3 ) = f0 f1 f2 . By Theorem 8.2.2, it is possible to figure out the type of all these codes. Among them, the polynomial f1 generates the octacode introduced in Example 8.2.1. Moreover, from the discussion above, these codes can be described in terms of idempotents as well. Indeed, (see [60]) one has η0 (x) = 3(1 + x + x2 + x3 + x4 + x5 + x6 ), η1 (x) = 1 + 3(x3 + x5 + x6 ) + 2(x + x2 + x4 ), η2 (x) = 1 + 3(x + x2 + x4 ) + 2(x3 + x5 + x6 ).

150


Unlike binary codes, it is possible to define different weight enumerators for a quaternary code. The complete weight enumerator of a quaternary code C of length m is the polynomial cweC (W, X, Y, Z) :=

X

W n0 (x) X n1 (x) Y n2 (x) Z n3 (x) ,

c∈C

where na (c) := |{k : xk = a, 1 ≤ k ≤ m}|

is the a-weight of the codeword c = (x1 , . . . , xm ). Clearly, permutation equivalent codes have the same complete weight enumerator. Usually, the definition of equivalence between quaternary codes is extended by also allowing a change of signs in some coordinate positions (note that −1 = 3 in Z4 ). Therefore, the complete weight enumerator is no longer invariant under this kind of equivalence. This leads to introduce the symmetrized weight enumerator sweC (W, X, Y ), which is given by the polynomial cweC (W, X, Y, X). Another weight enumerator for quaternary codes is the Lee weight enumerator LeeC (W, X) :=

X

W 2m−wtL (c) X wtL (c) .

c∈C

By (8.1), the Lee weights of 0, 1, 2, 3 ∈ Z4 are 0, 1, 2, 1, respectively. Therefore, for any codeword c, n1 (c) + 2n2 (c) + n3 (c) = wtL (c) and 2n0 (c) + n1 (c) + n3 (c) = 2m − wtL (c); thus, LeeC (W, X) = sweC (W 2 , W X, X 2 ). As a last weight enumerator of a quaternary code, we mention the Hamming weight enumerator, which is defined to be the polynomial HamC (W, X) := sweC (W, X, X). Analogously to binary codes, weight enumerators of quaternary codes can be related via an identity similar to the MacWilliams Identity. In fact, by the same arguments as in Theorem 7.3.3, we have Theorem 8.2.4 Let C be a linear quaternary code of length m, i.e. (m) C ⊂ Z4 . Then cweC ⊥ (W, X, Y, Z) =

1 cweC (W + X + Y + Z, W + iX − Y − iZ, |C| W − X + Y − Z, W − iX − Y + iZ),

where |C| is the number of codewords of C, and i2 = −1.

151

8.2. LINEAR QUATERNARY CODES Corollary 8.2.5 Let C be a linear quaternary code. Then (1) sweC ⊥ (W, X, Y ) = (2) LeeC ⊥ (W, X) =

1 |C| sweC (W

1 |C| LeeC (W

+ 2X + Y, W − Y, W − 2X + Y );

+ X, W − X).

Proof: The claim follows from Theorem 8.2.4 and from the definition of the symmetrized and the Lee weight enumerators. For example, (1) can be preved as follows: sweC (W + 2X + Y, W − Y, W − 2X + Y ) = cweC (W + 2X + Y, W − Y, W − 2X + Y, W − Y ) = |C|cweC ⊥ (W, X, Y, X) = |C|sweC ⊥ (W, X, Y ). ✷ Now, we recall the definition of the Gray map. Denote by α, β, γ the three maps from Z4 to Z2 , defined as follows: c α(c) β(c) γ(c) 0 0 0 0 1 1 0 1 2 0 1 1 3 1 1 0 . (m)

Clearly, α, β and γ can be extended to Z4 by linearity; we shall hereafter denote such extensions by the same letters. Notice that α(i) + β(i) + γ(i) = 0, for each i ∈ Z4 . (m)

Definition 8.2.6 The Gray map Φ : Z4

(2m)

→ Z2

is given by

Φ(c) := (β(c), γ(c)). Remarkably, the Gray map satisfies the following (m)

Theorem 8.2.7 For any a, b ∈ Z4 , dL (a, b) = dH (Φ(a), Φ(b)). Proof: By (8.1) and Definition 8.2.6, wtL (a) = n1 (a) + 2n2 (a) + n3 (a) = |{i : β(ai ) = 1, 1 ≤ i ≤ m}| +|{i : γ(ai ) = 1, 1 ≤ i ≤ m}| = wtH (Φ(a)),

152

CHAPTER 8. CODES OVER GALOIS RINGS (m)

(m)

where a = (a1 , . . . , am ) ∈ Z4 . Thus, for any a, b ∈ Z4 , dL (a, b) = wtL (a − b) = wtH (Φ(a − b)) = dH (Φ(a − b), 0). The claim now follows since dH (Φ(a − b), 0) = dH (Φ(a), Φ(b)). ✷ The image of a quaternary code C of length m under the Gray map is a binary code of length 2m which is called the binary image of C. In particular, a binary code C ′ is Z4 -linear if its coordinates can be arranged so that C ′ = Φ(C), for some quaternary linear code C. Theorem 8.2.8 A binary code C of length 2m is Z4 -linear if and only if the following holds: u, v ∈ C =⇒ v + u + (u + uσ ) ∗ (v + v σ ) ∈ C,

(8.8)

where ∗ denotes the componentwise product of two codewords, and, for any u = (u1 , . . . , um , um+1 , . . . , u2m ), uσ := (um+1 , . . . , u2m , u1 , . . . , um ). Proof: For a proof see, for example, [11].

✷

Corollary 8.2.9 A binary linear code C of length 2m is Z4 -linear if and only if the following holds: u, v ∈ C =⇒ (u + uσ ) ∗ (v + v σ ) ∈ C.

(8.9)

Condition (8.8) is very restrictive, so the binary image of quaternary linear codes is quite often nonlinear. In [12], Calderbank and McGuire used (8.9) to prove the following result. Theorem 8.2.10 Let C be a binary linear code of length 2m. Suppose further that all non-zero Hamming weights wtH in C, with the possible exception of the codeword 1 = (1, . . . , 1), are contained in the interval [m − a, m + a], where 0 < a < m/5. If C is the binary image of a quaternary code, then C ⊥ has minimum weight at most 5.

153

8.2. LINEAR QUATERNARY CODES

As a corollary, many classical families of linear codes, such as some cyclic codes, cannot be obtained as images of quaternary codes under the Gray map. Nonetheless, it may well be that two nonlinear binary codes are the binary images of two linear quaternary codes which are duals. This leads to the following definition, which will play a fundamental role in the interpretation of the formal duality between Kerdock codes and Preparata codes. Definition 8.2.11 Let C be a linear quaternary code. The Z4 -dual of the binary image of C is the binary image of C ⊥ . Example 8.2.12 The r-th order Reed-Muller code R(r, l) of length m = 2l , l ≥ 1, is Z4 -linear for r = 0, 1, 2, . . . , l − 1, l; indeed, a direct computation shows that such codes are binary images of the codes ZRM4 (r, l − 1) introduced in Section 8.1.2. In particular, R(1, l) is Z4 linear. On the other hand, R(l − 2, l), i.e., the extended Hamming code of length 2l is not Z4 -linear for l ≥ 5: see [11] for a proof. Therefore, for l ≥ 5, R(1, l) and the binary image of Φ(ZRM4 (1, l − 1)⊥ ) are Z4 -duals, but not duals as binary codes. Lemma 8.2.13 If C is a linear quaternary code, then Φ(C) is invariant with respect to the Hamming distance. Proof: By Theorem 8.2.7, it suffices to show that C is invariant with respect to the Lee distance. In fact, for c1 , c2 ∈ C, the map x → x+c1 −c2 is a bijection between the set of codewords at distance j from c1 and the set of codewords at distance j from c2 . ✷ Theorem 8.2.14 If C and C ⊥ are dual quaternary codes of length m, the weight enumerators of Φ(C) and Φ(C ⊥ ) satisfy the MacWilliams Identity (cfr. Theorem 7.3.3). Proof: By definition, the weight enumerator of Φ(C) is the polynomial A(W, X) =

X

′

′

W 2m−dH (c,c ) X dH (c ,c) .

c′ ∈Φ(C)

On the other hand, since 0 ∈ C, by Corollary 8.2.5 and by Lemma 8.2.13, we have X

′

′

W 2m−wt(c ) X wt(c ) =

c′ ∈Φ(C ⊥ )

= Lee⊥ C (W, X) =

X

′

′

W m−wtL (Φ(c )) X wtL (Φ(c ))

c′ ∈C ⊥

1 1 LeeC (W + X, W − X) = A(W + X, W − X). |C| |C| ✷

154


Remark 8.2.15 The Gray map has been extended to other families of Galois rings. In [16], Carlet defines a generalization G of the Gray map Φ for codes over the ring Z2n . Analogously to the quaternary case, one can thus introduce the notion of Z2n -linearity and Z2n -duality. Moreover, as in Lemma 8.2.13, images of Z2n -codes under G are still distance invariant with respect to the Hamming distance. However, Z2n -dual codes do not satisfy the MacWilliams Identity, but a more complicated relationship.

8.3

Kerdock and Preparata codes revisited

Definition 8.2.11 allows one to provide a deeper interpretation of the formal duality between certain binary nonlinear codes. Actually, the interest in quaternary codes grew in 1994 when Z4 -duality was first applied to Kerdock codes and Preparata codes in [11]. Let h2 (x) ∈ Z2 [x] be a primitive polynomial of degree k (see Definition 2.2.7). By Hensel’s Lemma (see Theorem 1.4.3), there exists a unique monic, irreducible polynomial h(x) ∈ Z4 [x] of degree k such that h(x) ≡ h2 (x) (mod 2) and h(x) divides xm − 1, where m = 2k − 1. As observed in Chapter 6, the quotient ring Z4 [x]/(h(x)) is a Galois ring with 4k elements. Now, define C4− to be the cyclic code of length m over Z4 with generator polynomial g(x), the reciprocal polynomial to (xm − 1)/((x − 1)h(x)). Consider further the code C4 obtained from C4− by adjoining a coordinate c0 to all codewords (c1 , . . . , cm ) of C4− such P that m i=0 ci = 0. Then the following holds. Theorem 8.3.1 (see [11], Theorem 10) The binary image of the extended cyclic code C4 of length m, m odd, m ≥ 3, under the Gray map is equivalent to the Kerdock code K(m + 1).

The proof of this result is a bit technical and, therefore, is omitted here. We just point out that this theorem is proved by explicitly describing the codewords of C4 in terms of powers of a primitive element ξ of the Galois ring Z4 [x]/(h(x)). More explicitly, with the same notation as in Chapter 6, recall that every element c ∈ GR(4, k) has a unique representation c = a+2b, where a and b belong to the Teichm¨ uller set of GR(4, k). Next, denote by f the automorphism of GR(4, k) such that f (a+2b) = a2 +2b2 . As viewed in Section 5.2, f generates the group AutZ4 (GR(4, k)). The relative trace T (4) : GR(4, k) → Z4

(8.10)

8.3. KERDOCK AND PREPARATA CODES REVISITED

155

is defined by T (4) (c) = c + f (c) + . . . + f k−1 (c). Then, the code C4− is given by the set of words c = (c1 , . . . , cm ) such that ct = T (4) (λξ t ) + ε,

t ∈ {1, . . . , m − 1},

(8.11)

where λ ∈ GR(4, k), ε ∈ Z4 , and ξ is a primitive element of GR(4, k). The code C4 is obtained by adjoining a coordinate c0 ∈ Z4 such that Pm i=0 ci = 0.

Example 8.3.2 For m = 3 and h(x) = x3 + 2x2 + x + 1, the generator polynomial of C4− is g(x) = x3 + 2x2 + x − 1. An explicit description of all codewords and of the generator matrix shows that C4− is permutation equivalent to the octacode (cf. Example 8.2.1). By Theorem 8.3.1, the binary image of C4− is the Nordstrom-Robinson code.

Since the binary code K(m + 1) is simply an extended cyclic code over Z4 , it is natural to study the binary image of the dual C4⊥ . Theorem 8.3.3 (see [11], Theorem 14) The image of C4⊥ under the Gray map is a nonlinear code of length 2m+1 , m odd, m ≥ 3, with m+1 22 −2m−2 codewords and minimal distance 6. Moreover, it is distance invariant (with respect to the Hamming distance). Proof: Obviously, Φ(C4⊥ ) has length 2m+1 . It follows from Lemma 8.2.13 and Theorem 8.2.14 that Φ(C4⊥ ) is distance invariant and that its weight distribution is the MacWilliams transform of that of Φ(C4 ). Since the weight enumerator of the binary Kerdock code K(m + 1) is known (see Theorem 7.4.10), the MacWilliams Identity (cf. Theorem 7.15) allows to compute the number of codewords and the minimum distance of Φ(C4⊥ ). ✷ The Z4 -dual of the Kerdock code K(m + 1), for odd m ≥ 3, has the same parameters of the classical extended Preparata code P(2) of length 2m+1 . For m = 3, they coincide: indeed, by Examples 7.4.13 and 8.2.1, Φ(C4⊥ ) = Φ(C4 ) = N16 = P(2).

(8.12)

In general, however, there is one essential difference between Φ(C4⊥ ) and the original extended Preparata code. Indeed, as shown in Theorem 7.4.16, the latter code is contained in the extended Hamming code of length 2m+1 . On the contrary, the following holds. Theorem 8.3.4 For odd m ≥ 5, Φ(C4⊥ ) is contained in a nonlinear code with the same weight distribution as the extended Hamming code of length 2m+1 .

156


Proof: As in Section 8.1.2, the binary image of ZRM4 (1, m) is the binary Reed-Muller code R(1, m+1), which, as observed in Section 7.4.3, is contained in the Kerdock code K(m + 1). Thus, ZRM4 (1, m) ⊂ C4 . Accordingly, by duality, Φ(C4⊥ ) ⊂ Φ(ZRM4 (1, m)⊥ ). Since ZRM4 (1, m)⊥ is a quaternary code of length 2m and of type m 42 −1−m 2m , Φ(ZRM4 (1, m)⊥ ) is a binary code of length 2m+1 . In addition, by Theorem 8.2.14, R(1, m) and Φ(ZRM4 (1, m)⊥ ) satisfy the MacWilliams Identity for binary codes. Thus the claim follows. ✷ The formal duality between the Kerdock code K(m) and Φ(C4⊥ ) is not a mystery as the one discussed in Section 7.4.4; in fact, it can be regarded as the binary manifestation of the duality between the corresponding quaternary cyclic preimages. Therefore, it seemed natural (cf. [11]) to consider Φ(C4⊥ ) as a new family of Preparata codes, the Z4 -Preparata codes, which had not been discovered earlier. Actually, other families of Z4 -Preparata codes can be constructed. We end this section by recalling how to generate these new codes: we omit most of the proofs because they are rather technical. The reader is referred to [10] for details. In general, the relationship between binary Kerdock codes and their quaternary versions is given in terms of Orthogonal and Symplectic Geometries over a finite dimensional vector space, which is defined via an extraspecial group. We recall that an extraspecial group E is a pgroup, p prime, for which the center Z(E) has order p and E/Z(E) is an elementary abelian group (hence a vector space over the finite field Fp ). Let V be a vector space of dimension r over Z2 . The Euclidean space IRN , N = 2r , has a canonical basis ev labelled by elements of V . We shall construct an extraspecial group of order 21+2r as a subgroup of O(N, IR), the group of linear transformations of IRN which preserve the standard inner product. To this end, for b ∈ V , define the matrices X(b) := ev 7−→ ev+b ,

Y (b) := diag[(−1)b·v ], v ∈ V,

where b·v denotes the standard inner product on V . The groups X(V ) := {X(a) | a ∈ V } and Y (V ) := {Y (b) | b ∈ V } are contained in O(N, IR), since the matrices X(b) and Y (b) are permutation matrices. Define E to be the group generated by elements in X(V ) and Y (V ). Proposition 8.3.5 The group E is an extraspecial group of order 21+2r with center Z(E) = {I, −I}, where I is the identity matrix of order N .

8.3. KERDOCK AND PREPARATA CODES REVISITED

157

Further, every element of E can be uniquely expressed as X(a)Y (b)(−I)γ , a, b ∈ V , γ ∈ Z2 . Next, under the identification of Z(E) with Z2 given by 0 → I, 1 → −I, define the map Q : E/Z(E) → Z2 by Q(e) = e2 , where e is a lifting of e under the projection of E onto the quotient E/Z(E). Theorem 8.3.6 The map Q is a well defined, non-singular quadratic form on E/Z(E). Moreover, E/Z(E) is an Ω+ (2r, 2)-space (cf. Section 7.4.3). As explained in Chapter 7, it is possible to construct inequivalent Kerdock codes from orthogonal spreads in E/Z(E). These Kerdock codes are actually binary images of suitably defined quaternary Kerdock codes. If i ∈ C is such that i2 = −1, consider the cyclic group hiIi of order 4 generated by the N × N scalar matrix iI. The group F generated by E and by hiIi has order 22+2r , since E ∩ hiIi = Z(E). Moreover, Z(F ) = hiIi. Therefore, the quotient group F/Z(F ) = Fe is an elementary abelian group of order 22r . The map (., .)F : Fe × Fe (fe1 , fe2 )F

→ Z2 7−→ [f1 , f2 ] = f1−1 f2−1 f1 f2 ,

is a non-singular symplectic form. Thus, (Fe , (., .)F ) is called a symplectic space. We briefly recall that a subspace W ⊂ Fe is totally isotropic if (v, w)F = 0, for each v, w ∈ Fe . A symplectic spread Fe of the space Fe (and, more generally, of any 2r-dimensional symplectic space) is a family of 2r + 1 totally isotropic r-dimensional subspaces such e that every non-zero vector belongs to one of the elements of F. Analogously to Kerdock sets (cf. Section 7.4.2), symplectic spreads e ) correspond to sets of matrices and vice versa. In fact, denote by X(V e e and Y (V ) the images of X(V ) and Y (V ) in F ; noticeably, these two subspaces are totally isotropic of maximal dimension. Additionally, e ) ⊕ Ye (V ) = Fe , where Fe is regarded as a vector space over Z2 . X(V (r) ej and yej , If {v1 , . . . , vr } is the canonical basis of V = Z2 , define x e e j = 1, . . . , r to be X(vj ) and Y (vj ), respectively. Then, by direct comej , yet )F = δjt . putation, (x

158


er , ye1 , . . . , yer }. As in (7.20), consider e1 , . . . , x Next, fix the basis S = {x the matrices ! I P † P = , 0 I

where P is a matrix of order r with entries from Z2 . With the choice of the basis S, an easy computation shows that the matrices P † preserve the symplectic form on Fe if and only if P is a symmetric matrix. Moreover, the map P † 7→ P is a group isomorphism between the set of matrices P † and the additive group of symmetric matrices of order r with entries from Z2 . As for binary Kerdock sets, we have the following Proposition 8.3.7 There is a bijective correspondence between symplectic spreads and sets of 2r symmetric matrices of order r with entries from Z2 , such that the difference of any two matrices is of maximal rank. e we denote by PA the corIf A is a subspace of a symplectic spread F, responding matrix. In the sequel, we shall refer to sets of matrices like the ones in Proposition 8.3.7 as quaternary Kerdock sets.

Remark 8.3.8 Note that the correspondence in Proposition 8.3.7 does e ) and Ye (V ) (the not depend on the choice of the two subspaces X(V ones used to fix a symplectic basis of Fe ), since the set of totally isotropic subspaces of Fe is invariant with respect to the group which preserves the symplectic form on Fe .

Remark 8.3.9 To recover quaternary Kerdock codes from quaternary Kerdock sets, the matrix P is ‘lifted’ to a matrix with entries from Z4 . This means that, if P = (pjl ), j, l ∈ {1, . . . , r}, is a symmetric matrix of order r with entries from Z2 , the entries 0 and 1 are to be viewed as elements in the ring Z4 . Moreover, one defines η to be the map

(r)

where vb ∈ Vb := Z4 .

η : vb 7−→ vbP vbT ,

Definition 8.3.10 A vector vb = (α1 , . . . , αr ) ∈ Vb is a lift of v = (r) (a1 , . . . , ar ) ∈ V = Z2 if ai ≡ αi (mod 2). Define further TP (v) :=

X j

pjj αj2 + 2

X j