finite commutative rings. regular polynomials

Chapter 3

FINITE COMMUTATIVE RINGS. REGULAR POLYNOMIALS In this chapter we want to analyze the structure of finite, commutative rings with identity. We shall prove that any such ring can be uniquely expressed as a direct sum of finite local rings. Next, we shall study the polynomial ring R[x], where R is a local ring with maximal ideal M and residue field K = R/M ; our attention will be focused to particular polynomials, the so called regular polynomials. They will play a fundamental role in Galois ring theory.

3.1

Finite Commutative Ring Structure

All through this chapter, R will denote a finite, commutative ring with identity. Local rings were defined in 1.2.9. Here it will be shown they are the ”bricks” of the whole theory of finite, commutative rings with identity. The main ideas of this section follow [56]. Let I1 , I2 , . . . , In be proper ideals of a ring R; Ij and Ik , 1 ≤ j 6= k ≤ n, are said to be relatively prime ideals if Ij + Ik = R, where Ij + Ik := {a + b | a ∈ Ij ∧ b ∈ Ik }. Consider the ring homomorphism Φ : R −→ R/I1 ⊕ · · · ⊕ R/In such that Φ(r) := (r + I1 , . . . , r + In ), 37

(3.1)

38

CHAPTER 3. FINITE COMMUTATIVE RINGS

for each r ∈ R. Proposition 3.1.1 Let R be a finite, commutative ring with identity. 1. If Ij and Ik , 1 ≤ j 6= k ≤ n, are relatively prime ideals of R, then n \

Ij =

j=1

where

Qn

j=1 Ij

:= {

P

j 1 i xi · · · xi

n Y

Ij ,

j=1

· · · xni | xji ∈ Ij , 1 ≤ j ≤ n}.

2. If Ij and Ik are relatively prime, so are Ijm and Ikm , for all m ∈ IN. (Recall that, if J is an ideal of R, J m is its m-th power, i.e. the ideal generated by the elements x1 · · · xm , where xk ∈ J, 1 ≤ k ≤ m.) 3. The ring homomorphism Φ in (3.1) is injective if and only if Tn j=1 Ij = 0.

4. The ring homomorphism Φ is surjective if and only if Ij and Ik are relatively prime, 1 ≤ j 6= k ≤ n. Proof: 1. We prove the statement in the case of two ideals and then use induction on their number. If I1 , I2 are relatively prime ideals of R, then I1 ∩ I2 = {h ∈ R | h ∈ I1 ∧ h ∈ I2 } is a proper ideal of R. Similarly, I1 I2 is a proper ideal of R, such that X I1 I2 = { xi yi | xi ∈ I1 , yi ∈ I2 }. i

The trivial inclusion is I1 I2 ⊆ I1 ∩ I2 . (Note that, in general this is a proper inclusion; in fact, if we take, for example, R = Z and I1 = (6), I2 = (10) then (60) = I1 I2 ⊂ I1 ∩ I2 = (30)). For the converse, since I1 and I2 are relatively prime, there exist x ∈ I1 and y ∈ I2 such that 1 = x + y. So, if r ∈ I1 ∩ I2 , then r = r ·1 = r ·x+r ·y ∈ I1 I2 . Observe that this is a generalization of what occurs in the ring of integers, when we consider proper ideals (m) and (n), with m and n relatively prime integers.

3.1. FINITE COMMUTATIVE RING STRUCTURE

39

2. By hypothesis, Ij and Ik are relatively prime, so there exist xj ∈ Ij and xk ∈ Ik such that xj + xk = 1. This means that 1 = 1 · 1 = (xj + xk ) · (xj + xk ) = x2j + x2k + 2xj · xk ; there are two possibilities: - if xj · xk = 0, then it immediately follows that R = Ij2 + Ik2 ;

- otherwise, 2xj ·xk = (2xj +2xk )·xj ·xk = 2x2j xk +2xj x2k ∈ Ij2 +Ik2 ; thus, as before, 1 ∈ Ij2 + Ik2 .

By the same argument one can prove the statement by induction on m.

3. Φ(r) = 0 if and only if r ∈ Ij for all j ∈ {1, . . . , n}. The statement T follows from Ker(Φ) = nj=1 Ij .

4. The Homomorphism Theorem gives the following commutative diagram: Φ R −→ R/I1 ⊕ · · · ⊕ R/In π↓ ↑i ∼ = R/Ker(Φ) ←→ Im(Φ). If Φ is an epimorphism, then i is an isomorphism. This implies there exists an element x ∈ R such that Φ(x) = (1, 0, . . . , 0); this means that x ≡ 1 (mod I1 ) , x ≡ 0 (mod Ik ), 2 ≤ k ≤ n, so 1 = (1 − x) + x ∈ I1 + Ik , k 6= 1. Therefore, (I1 , Ik ) is a relatively prime ideal pair, for k ∈ {2, . . . , n}. More generally, this is true for all pairs (Ij , Ik ), with 1 ≤ j 6= k ≤ n.

Conversely, if any pair of ideals (Ij , Ik ) is a relatively prime ideal T Q pair, from 1. we get Ker(Φ) = nj=1 Ij = nj=1 Ij . From the Homomorphism Theorem it follows that the ring R/Ker(Φ) is isomorphic to a subring of R/I1 ⊕ · · · ⊕ R/In , hence the statement by observing that these two rings have the same cardinality.

✷ Definition 3.1.2 An element e of a ring R is called an idempotent element if e2 = e. Two idempotent elements of R, e and f , are said to be orthogonal if ef = 0 (see, for example, [5] or [56]). Proposition 3.1.3 Let R be a finite, commutative ring with identity. The following are equivalent: 1. R is isomorphic to a direct sum of subrings Rj , 1 ≤ j ≤ n. 2. There exist orthogonal idempotent elements ej , j ∈ {1, . . . , n}, P such that 1 = ni=1 ej and Rj ∼ = ej R.

40

CHAPTER 3. FINITE COMMUTATIVE RINGS 3. R is a direct sum of proper ideals Ij ∼ = Rj , 1 ≤ j ≤ n.

Proof: P 1. ⇒ 2.: There exist ej ∈ Rj , for all j ∈ {1, . . . , n}, such that 1 = ni=1 ei . P If we consider ek as an element of the whole ring R, then ek = nj=1 ek ej , which means ek ej = δkj ek , where δkj is the Kronecher symbol; so the ej ’s, 1 ≤ j ≤ n, are idempotent orthogonal elements of R. Moreover, Rj is the principal ideal of R generated by ej . 2. ⇒ 3.: By the step above, every Rj is an ideal of R. 3. ⇒ 1.: Obvious. ✷ We are now able to prove the main theorem of this section. Theorem 3.1.4 A finite, commutative ring with identity, R, can be expressed as a direct sum of local rings. This decomposition is unique up to permutation of direct summands. Proof: Let P1 , P2 , . . . , Pn be the prime ideals of R, i.e. Spec(R) = {P1 , . . . , Pn }. Since R/Pi is a field (Proposition 1.2.6 and Theorem 2.3.9), these are maximal ideals of R, therefore Spec(R) = Specm(R). Consequently, the Jacobson radical (cf. Section 1.2) coincides with the nilradical of R. From the maximality of Pj , 1 ≤ j ≤ n, it follows that every ideal pair (Pj , Pk ), 1 ≤ j 6= k ≤ n, is a relatively prime ideal Q T pair of R, so nj=1 Pj = nj=1 Pj . Since J(R) is a nilpotent ideal, there exists a positive integer m0 such that J(R)m0 = {0}. Define the ring homomorphism Φ0 : R −→ R/P1m0 ⊕ · · · ⊕ R/Pnm0 in the obvious way. What we proved in Proposition 3.1.1 ensures us that Φ0 is an isomorphism, because any two of the ideals Pjm0 , 1 ≤ j ≤ n, T Q are relatively prime and Ker(Φ0 ) = nj=1 Pjm0 = nj=1 Pjm0 = J(R)m0 = {0}. This ring isomorphism determines a bijection between the proper ideals of the ring R/Pjm0 , 1 ≤ j ≤ n, and the ideals of R (properly) containing Pjm0 . Since Pj is the unique maximal ideal of R such that Pjm0 ⊂ Pj ⊂ R, it follows that R/Pjm0 is a local ring with maximal ideal Pj /Pjm0 . Assume there are two distinct decompositions of R as a direct sum of local rings, R = ⊕nj=1 Rj = ⊕m k=1 Sk .

Then there exist orthogonal idempotent elements ej ∈ Rj and fk ∈ Sk , 1 ≤ j ≤ n, 1 ≤ k ≤ m, such that 1=

n X

j=1

ej =

m X

k=1

fk .


41

Each proper summand Rj is isomorphic to a local ring Rej ; similarly, each Sk is a local ring of the form Rfk . Therefore, none of the elements ej and fk is a sum of two or more proper idempotent elements; in fact, in general, a local ring does not contain idempotent elements different from 0 and 1, because its Jacobson radical is the maximal ideal. Thus ej = Pm k=1 ej fk , so there exists an integer kj s.t. ej = ej fkj and, analogously, there exists an integer jk s.t. fk = fk ejk , 1 ≤ j ≤ n, 1 ≤ k ≤ m . This means that e j = e j f k j = e j f kj e j k j , so j = jkj as the elements {ej }1≤j≤n are mutually orthogonal. An obvious one-to-one and onto correspondence between the sets {ej }1≤j≤n and ✷ {fk }1≤k≤m shows that m = n and ej = fkj . This theorem is one of the most important results in the theory of finite, commutative rings, since it allows to reduce our analysis to the irreducible components which have a very simple structure. We want to consider a few simple (but fundamental) examples of local summand decomposition of finite rings. Examples 1. The simplest case of a finite, commutative ring is the ring of integers modulo m, for a fixed positive integer m, denoted by Zm . The Fundamental Theorem of Arithmetic asserts that m has a unique prime factorization of the form m = p1n1 · · · pnk k , where pj is a prime, and pj 6= ps for 1 ≤ j 6= s ≤ k and nj ∈ IN, 1 ≤ j ≤ k. From the Chinese Remainder Theorem (see, for example, [49] page 94) we get the ring isomorphism Zm ∼ = Zp n 1 ⊕ · · · ⊕ Z p n k , 1

k

which is the local summand decomposition of Zm . 2. Let q be a power of a prime l, q = lr , and Fq [x] the polynomial ring over the Galois field Fq . Consider a polynomial f (x) = pt11 (x) · · · ptmm (x), where tj ∈ Z+ and pj (x) ∈ Fq [x] is an irreducible polynomial, 1 ≤ j ≤ m. Thus, (f (x)) is not maximal (prime, as in any Euclidean domain an ideal is maximal iff it is prime). However, pj (x) ∈ Fq [x] generates a maximal t ideal Ij = (pj (x)) ⊂ Fq [x], 1 ≤ j ≤ m, and its power Ij j is the ideal t

(pjj (x)). By defining the ring epimorphism

Φ : Fq [x] −→ (Fq [x]/(pt11 (x))) ⊕ · · · ⊕ (Fq [x]/(ptmm (x))),

42


we get that Ker(Φ) = (f (x)). The ring Fq [x]/(f (x)) factors in the direct t t sum of local rings Fq [x]/(pjj (x)), with maximal ideal (pj (x))/(pjj (x)) and t t ∼ Fq [x]/(pj (x)), residue field Kj = (Fq [x]/(p j (x)))/((pj (x))/(p j (x))) = j

j

1 ≤ j ≤ m, respectively. 3. Let p be a prime and n a positive integer such that p does not divide (n) n. We denote by Fp the n-th cyclotomic field over Fp , that is the splitting field (over Fp ) of the polynomial xn − 1 ∈ Fp [x]. Its roots are called the n-th roots of unity over Fp . One can show (see, also, [32], [39], [51]) that xn − 1 = (x − 1)Qn (x),

where Qn (x) ∈ Fp [x] factors into φ(n) d distinct monic irreducible polynomials of the same degree d, where φ is the Euler function (n)

φ(n) :=| {1 ≤ k ≤ n | g.c.d.(k, n) = 1} |,

and Fp is the splitting field of any such irreducible factor, so that (n) [Fp : Fp ] = d (note that the n-th primitive roots of unity number φ(n)). There are two possibilities: (i) if d = φ(n), Qn (x) is an irreducible polynomial over Fp , so the quotient ring Fp [x]/(Qn (x)) is the Galois field Fq , where q = pφ(n) . (ii) If d is a proper divisor of φ(n), let k = φ(n) d be the number of distinct irreducible factors of Qn (x). Then, (Qn (x)) =

k \

j=1

(fj (x)) =

k Y

(fj (x)),

j=1

where fj (x) is an irreducible factor of Qn (x), 1 ≤ j ≤ k. If we consider the epimorphism in (3.1) Φ : Fp [x] −→ Fp [x]/(f1 (x)) ⊕ · · · ⊕ Fp [x]/(fk (x)), then Ker(Φ) = (Qn (x)). Thus the quotient ring Fp [x]/(Qn (x)) is isomorphic to a direct sum where each summand is a field. 4. We can generalize the previous example to the case Zqn [x]. For simplicity, consider now the polynomial Qp (x) = xp−1 + · · · + 1 ∈ Zqn [x] such that n > 1 and p and q distinct primes. The natural epimorphism π : Zqn −→ Zq ∼ = Fq extends to a polynomial ring epimorphism µ, yielding the following commutative diagram: π Zqn −→ Zq i1 ↓ ↓ i2 µ Zqn [x] −→ Zq [x].


43

Obviously, the cyclotomic polynomial Qp (x) ∈ Zq [x] can be viewed as a polynomial in Zqn [x]; thus, we obtain an epimorphism between the quotient rings µ ˜ Zqn [x]/(Qp (x)) −→ Zq [x]/(Qp (x)). What we have seen in the previous examples enables us to distinguish between two different situations. If the polynomial Qp (x) ∈ Fq [x] is irreducible over Fq , then the quotient ring Fq [x]/(Qp (x)) is the finite field Fqp−1 ; let ξ be a formal root of this cyclotomic polynomial, considered as an element of Zqn [x]. The quotient ring Zqn [x]/(Qp (x)) is the Galois extension Zqn [ξ] of the ring Zqn , which is the Galois ring GR(q n , p − 1) (see Chapter 6). The epimorphism µ ˜, from the (Galois) ring Zqn onto the Galois field Fqp−1 , shows that Zqn [x]/M ∼ = Fqp−1 , where M = qZqn [ξ] is the maximal ideal of the local ring. So, if the cyclotomic polynomial Qp (x) is irreducible over Fq , Zqn [ξ] is a local ring. On the other hand, if Qp (x) ∈ Fq [x] splits in k = p−1 d irreducible factors, say f1 (x), . . . , fk (x), which are monic polynomials of degree d, then the quotient ring is a direct sum of fields, each of which is an algebraic extension of degree d of Fq , i.e. Fq [x]/(Qp (x)) ∼ = (Fq [x]/(f1 (x)))⊕· · ·⊕(Fq [x])/((fk (x))) = K1 ⊕· · ·⊕Kk . There is a bijection between these fields and the direct summands of the Zqn [x]/(Qp (x)) decomposition, which associates Ki with the Galois ring Zqn [ξi ], where ξi is a formal root of fi (x) ∈ Zqn [x], 1 ≤ i ≤ k. Therefore, this last decomposition is Zqn [ξ1 ] ⊕ · · · ⊕ Zqn [ξk ], where each summand is the Galois ring GR(q n , d). We end this section by considering a general fact about local ring decompositions. Let R = R1 ⊕· · ·⊕Rn be the local ring decomposition of a finite, commutative ring with identity, R. The following two statements are easy exercises (left to the reader): 1. U (R) = U (R1 ) × · · · × U (Rn ); 2. R[x] factors as a direct sum of proper summands; precisely, R[x] =

n M

Ri [x].

i=1

Proposition 3.1.5 Let R be a finite, commutative ring with identity and R1 ⊕ · · · ⊕ Rn be its local summand decomposition. L

1. If I is a proper ideal of R, then I = nj=1 Ij , where each Ij is an ideal of the ring Rj . Moreover, I is a maximal ideal in R if and

44

CHAPTER 3. FINITE COMMUTATIVE RINGS only if Ik is the maximal ideal in Rk , for some k ∈ {1, . . . , n} and Ij = Rj for j 6= k. 2. R contains non-trivial nilpotent elements if and only if Ri contains non-trivial nilpotent elements, for some i ∈ {1, . . . , n}. 3. If R = R1 ⊕ · · · ⊕ Rn with n ≥ 2, then R contains zero-divisors. 4. If mi is the characteristic of the ring Ri , 1 ≤ i ≤ n, then char(R) = m = l.c.m.(m1 , . . . , mn ).

Proof: 1. If I is an ideal of R, then Ij = I ∩ Rj is an ideal in ; Rj , 1 ≤ j ≤ n L so, I = ni=1 Ij . If I is a ; maximal ideal of R, R/I is a field; there must exist a unique ; k ∈ {1, . . . , n} such that I ∩ Rk = Ik is a proper ; ideal in Rk , whereas Rj = I ∩ Rj , j 6= k; thus, I; ∼ = R1 ⊕ · · · ⊕ I k ⊕ · · · ⊕ R n and ; R/I ∼ = Rk /Ik is a field; this implies that Ik is the ; maximal ideal in Rk . The converse is obvious. 2. If a ∈ R is a nilpotent element of R, then a must be contained in some maximal ideal of R. 1. proves the statement. The converse is obvious (Ri is a subring of R). 3. In the case n = 2 , the elements e1 = (1, 0) and e2 = (0, 1) are zero-divisors in R. The same argument holds for n > 2. 4. Let m be the least positive integer such that m(1, . . . , 1) = (0, . . . , 0). This equality implies that mi | m, 1 ≤ i ≤ n. From the minimality of m, m = l.c.m.(m1 , . . . , mn ) follows. ✷

3.2

Regular Polynomials in the Ring R[x]

In this section R will be a finite, commutative, local ring, with unique maximal ideal M and residue field K = R/M . The canonical projection π : R −→ K extends to a morphism of polynomial rings: µ : R[x] −→ K[x]. We try to generalize some topics, already considered in Chapter 1, by introducing, in particular, the notion of a regular polynomial (cf. also [56]). Before doing this, we recall that, if A is a commutative ring, an ideal I of A is said to be primary if I 6= A and, whenever xy ∈ I and x ∈| I, y n ∈ I, for some positive integer n. Now we can make the following Definition 3.2.1 (see, for example, [56]) Let f and g be elements of R[x];

3.2. REGULAR POLYNOMIALS IN THE RING R[X]

45

1. f is regular if it is not a zero-divisor; 2. f is primary if (f ) is a primary ideal; 3. f and g are relatively prime if R[x] = (f ) + (g). We start by proving some variations of Proposition 1.3.1. Proposition 3.2.2 Let f (x) = a0 + a1 x + · · · + an xn be an element of R[x]. The following conditions are equivalent: (i) f is a unit; (ii) µ(f ) is a unit in K[x]; (iii) a0 is a unit in R and a1 , . . . , an are nilpotent. Proof: (i)⇒(ii): If f is a unit, then there exists a polynomial g s.t. f g = 1. Consequently, 1 = µ(1) = µ(f g) = µ(f )µ(g), so µ(f ) is a unit. (ii)⇒(iii): The only units in K[x] are the constant polynomials µ(f ) = c, so, by definition of µ, the coefficients ai , 1 ≤ i ≤ n, must belong to M , i.e. be nilpotent (R is a local ring). a0 is of the form a0 = c + h, where h is a nilpotent element and c is a unit; it follows that a0 is invertible. (iii)⇒(i): This is an easy consequence of proposition 1.3.1 (2). ✷ Proposition 3.2.3 Let f (x) = a0 + a1 x + . . . + an xn be a polynomial in R[x]. The following are equivalent: (i) f is nilpotent; (ii) µ(f ) = 0; (iii) a0 , . . . , an are nilpotent in R; (iv) f is a zero-divisor; (v) there exists an element a ∈ R \ {0} such that af (x) = 0. Proof: The implications (ii)⇔(iii) and (iii)⇔(iv) immediately follow from the fact that R is a finite, commutative, local ring; so, it suffices to verify that (iii) is equivalent to (i) and (v). By Proposition 1.3.1(3), f (x) is nilpotent if and only if its coefficients are nilpotent. The implication (iii)⇒(v) easily follows from Proposition 1.3.1(4) since, if f (x) is nilpotent, then it obviously is a zero-divisor. Conversely, suppose there exists a ∈ R \ {0} that verifies (v). This implies aai = 0 for all 0 ≤ i ≤ n, so that the ai ’s are zero-divisors in R; hence, because of the structure of R, they are nilpotent. ✷ P

Proposition 3.2.4 Let f (x) = ni=0 ai xi be a polynomial in R[x]. The following conditions are equivalent:

46


(i) f is regular; (ii) the ideal generated by a0 , a1 , . . . , an coincides with R; (iii) ai is a unit in R for some i, 0 ≤ i ≤ n; (iv) µ(f ) 6= 0. Proof: (i)⇒(ii): This easily follows from 3.2.3(iii); in fact, a subscript i ∈ {1, . . . , n} must exist such that ai is a unit in R. (ii)⇒(iii): Obvious. (iii)⇒(iv): Obvious. (iv)⇒(i): If µ(f ) 6= 0, then f is not a zero-divisor in R[x] (see 3.2.3(iv)). ✷ We want to consider a useful proposition that will play a fundamental role in the proof of the generalized Hensel lemma. If A is an ideal of a ring R, we write A[x] to denote the subring of R[x] defined by A[x] := {a0 + a1 x + · · · + an xn | n ≥ 0, ai ∈ A, 0 ≤ i ≤ n}. Proposition 3.2.5 Let R be a finite, commutative, local ring and M its maximal ideal. Then 1. M [x] =

T

P ⊂R[x] P,

where P is a prime ideal in R[x];

2. M [x] = {f (x) ∈ R[x] | g(x)f (x) + 1 has an inverse, f or all g(x)∈ R[x]} = J(R[x]). Proof: 1. By 3.2.3, M [x] = {f (x) ∈ R[x] | f (x) nilpotent} = N il(R[x]). From (1.1) the assertion follows. 2. Let f (x) ∈ M [x]; since M [x] is an ideal in R[x], g(x)f (x) is nilpotent, for every g(x) in R[x]. Therefore, M [x] ⊆ J(R[x]). On the other hand, P if f (x) ∈ J(R[x]), where f (x) = ni=0 ai xi , ai ∈ R, then xf (x) + 1 has an inverse; by Proposition 3.2.2, a0 , . . . , an are nilpotent. ✷ Now we are able to generalize Hensel’s Lemma which we saw in Chapter 1 in the special case R = Zpn . Theorem 3.2.6 (Generalized Hensel’s Lemma.) Let f be an element of R[x], where R is a finite local ring, and let µ(f ) = g 1 · · · g n , where g 1 , . . . , g n ∈ K[x] are pairwise relatively prime polynomials in the Euclidean domain K[x]. Then there exist polynomials g1 , . . . , gn ∈ R[x] such that


47

1. g1 , . . . , gn are pairwise relatively prime in R[x]; 2. µ(gi ) = g i , 1 ≤ i ≤ n; 3. f = g1 · · · gn . Proof: By induction on n. For n = 2, we have f = h1 h2 + v, where v ∈ M [x] and µ(h1 ) = g 1 , µ(h2 ) = g 2 . Since g 1 and g 2 are relatively prime if and only h1 and h2 are relatively prime in R[x], there exist λ1 and λ2 in R[x] such that λ1 h1 + λ2 h2 = 1. Putting h1,1 = h1 + λ2 v, h2,1 = h2 + λ1 v, gives h1,1 h2,1 = f + λ1 λ2 v 2 . Hence, f ≡ h1,1 h2,1

(mod v 2 ),

with µ(hi,1 ) = µ(hi ), i = 1, 2 and h1,1 , h2,1 relatively prime. At this point we can repeat the argument, applying it to h1,1 and h2,1 ; by iteration, we can find two polynomials h1,t and h2,t in R[x], for every positive integer t, such that f ≡ h1,t h2,t (mod v 2t ) and µ(hi,t ) = µ(hi ), i = 1, 2. We know that v ∈ M [x], therefore it is nilpotent. Hence, it is possible to choose a positive integer t0 such that f = h1,t0 h2,t0 , with µ(hi,t0 ) = µ(hi ), i = 1, 2. We get the statement (in the case n = 2) by choosing gi = hi,to , 1 ≤ i ≤ 2. In general, if µ(f ) = g 1 · · · g n , it is sufficient to observe that g 1 is relatively prime to g i , 2 ≤ i ≤ n, so {g 1 , . . . , g n } are pairwise relatively

48


prime. Putting r = g 2 · · · g n yields µ(f ) = g 1 r which completes the proof. ✷ From Hensel’s lemma we can deduce the existence of the polynomials that ”lift” the factorization to K[x], even if the ”lifting factors” are not uniquely determined. Obviously, except for the uniqueness part, Theorem 1.4.3 is a particular case of this one, when R = Zpn , p a prime. In the Euclidean domain K[x] it is always possible to reduce our analysis to monic polynomials; surprisingly, this is true also in the case of R[x]; in fact, there exist procedures by which we can obtain monic regular polynomials from regular ones, determining monic ”representatives”. Lemma 3.2.7 Let f (x) be a regular polynomial in R[x]. It is possible to construct a sequence of monic polynomials fj (x) in R[x] such that deg(fj (x)) = deg(µ(f (x))), and fj (x) ≡ fj+1 (x)

(mod M j ).

Furthermore, there exist a unit bj ∈ R and a polynomial gj (x) ∈ M [x], for each j, such that bj f (x) ≡ fj (x) + gj (x)fj (x)

(mod M j ).

P

Proof: Let f (x) = ni=0 ai xi be a polynomial with non-zero leading coefficient and deg(µ(f (x))) = t ≤ n. This implies that at is a unit; −1 Pn j by choosing g1 (x) = 0, f1 (x) = a−1 t f (x) − at ( j=t+1 aj x ) and b1 = a−1 t , the statement is true in the case j = 1; thus, we can proceed by induction. Suppose we have constructed a sequence {fi }1≤i≤j , satisfying our hypotheses, such that bj f (x) = fj (x) + gj (x)fj (x) + h(x), h(x) ∈ M j [x]. Since fj (x) is a monic polynomial, we can find q(x), r(x) ∈ R[x] such that h(x) = q(x)fj (x) + r(x), deg(r(x)) < deg(fj (x)) = deg(µ(f (x))) or r(x) = 0. Define fj+1 (x) := fj (x) + r(x), gj+1 (x) := gj (x) + q(x). If r(x) = 0, there is nothing to prove. On the other hand, if fj (x) = a0 + a1 x+· · ·+at−1 xt−1 +xt and q(x) = c0 +· · ·+cs xs , then the leading coefficient of xt+s , in fj (x)q(x), is cs ; the coefficient of xt+s−1 is (cs at−1 +cs−1 ), and so on. Since h(x) ≡ 0 (mod M j ) and deg(r(x)) < deg(fj (x)) = t,


49

the coefficients ci belong to M j , 1 ≤ i ≤ s, so q(x) ∈ M j [x]. Therefore, r(x) = h(x) − q(x)fj (x) ∈ M j [x]. Finally, putting bj = bj+1 yields bj f (x) = fj (x) + gj (x)fj (x) + h(x) = fj+1 (x) + gj+1 (x)fj+1 (x) − r(x)(gj (x) + q(x)) ≡ fj+1 (x) + gj+1 (x)fj+1 (x) (mod M j+1 ). ✷ Theorem 3.2.8 Let f (x) be a regular polynomial in R[x]. There exist a monic polynomial f˜(x) with µ(f (x)) = kµ(f˜(x)), where k ∈ K∗ , and a unit v(x) ∈ R[x] such that v(x)f (x) = f˜(x). Furthermore, for every a ∈ R, f (a) = 0 if and only if f˜(a) = 0. Proof: Denote by h the least integer such that M h = 0. By Lemma 3.2.7, bh f (x) = fh (x) + gh (x)fh (x), where bh is a unit in R, gh (x) ∈ M [x] and fh (x) ∈ R[x] is a monic polynomial. We conclude the proof by choosing fh (x) = f˜(x); indeed, ˜ µ(fh (x)) = µ(f˜(x)) = µ(bh )µ(f (x)) and f (x) = b−1 h (1 + gh (x))f (x); −1 moreover, since 1 + gh (x) is a unit in R[x], bh (1 + gh (x)) has an inverse in R[x]; hence, for all a in R, ˜ f (a) = b−1 h (1 + gh (a))f (a). ✷ We end this section by considering some topics strictly related to the irreducible regular polynomials in R[x]. Let D ⊂ R[x] be the set D := {f (x) | µ(f (x)) has distinct roots in the algebraic closure of K }. Theorem 3.2.9 Let f (x) be a regular polynomial in R[x]. Then 1. If µ(f (x)) is irreducible in K[x], then f (x) is irreducible in R[x]. 2. If f (x) is irreducible in R[x], then µ(f (x)) = δg n (x), where δ ∈ K∗ , n ∈ IN and g(x) is a monic, irreducible polynomial in K[x]. 3. A polynomial f (x) ∈ D is irreducible if and only if µ(f (x)) is irreducible. Proof: 1. If f (x) = g(x)h(x), g(x), h(x) ∈ R[x], then either µ(g(x)) or µ(h(x)) is a unit, as µ(f (x)) is irreducible, and so prime, in K[x]. So, from Proposition 3.2.2 the statement follows. 2. Suppose that µ(f ) = δg1e1 · · · gtet , where δ ∈ K∗ , ei ∈ IN, 1 ≤ i ≤ t, and the polynomials gi are monic, irreducible in K[x] and pairwise

50


relatively prime. If t ≥ 2, by Theorem 3.2.6, f (x) would have a nontrivial factorization in R[x], a contradiction. Therefore, µ(f ) = δg n , with g(x) ∈ K[x] irreducible. 3. This is a trivial consequence of 1. and the definition of D. ✷ We would like to establish when an irreducible polynomial in R[x] is a prime element (the converse is always true); so we need the following: Lemma 3.2.10 Let f (x) be a regular, irreducible polynomial in D. f (x) is a prime if and only if M ⊆ (f ). Proof: ⇒) If f (x) is a prime, then R[x]/(f ) is a finite field (see Theorem 2.3.9); thus, if a ∈ M , the coset a + (f ) is a nilpotent element of the quotient ring, that is a ∈ (f ). ⇐) If M ⊆ (f ), then M [x] ⊆ (f ). Suppose that g + (f ) is a nilpotent element of R[x]/(f ); then f (x) divides (g(x))n , for some n, so µ(f (x)) divides (µ(g(x)))n . Since f (x) ∈ D, it follows that µ(f (x)) divides µ(g(x)), i.e. µ(g(x)) = µ(f (x))h(x), where h(x) ∈ K[x]. Let h(x) ∈ R[x] be such that µ(h(x)) = h(x). Consequently, h(x)g(x) = f (x) + j(x) with j(x) ∈ M [x], therefore g(x) ∈ (f ). This implies that R[x]/(f ) is a field and (f ) is prime. ✷ Remark Observe that, since R is a finite ring, the polynomial ring R[x] is Noetherian. Now, let N be a maximal ideal in R[x]; then N ∩ R = M and the image of N under the homomorphism µ is the principal ideal (f (x)) ⊂ K[x], where f (x) is an irreducible polynomial. Therefore, M ⊆ N and (f (x)) ⊆ N , where f is a pre-image of f , i.e. µ(f (x)) = f (x); by the maximality of N , N = (M, f ). By Theorem 3.2.9, f (x) is an irreducible polynomial in D, so (f (x)) is a maximal ideal in R[x] if and only if M = (0), that is R is a finite field. What about the factorization of regular elements of R[x]? The answer is given by the following Theorem 3.2.11 Let f (x) be a regular polynomial in R[x]. Then 1. f (x) = δ(x)g1 (x) · · · gn (x), where δ(x) has an inverse in R[x] and gi (x), 1 ≤ i ≤ n, are regular, primary, pairwise relatively prime polynomials. 2. If f (x) = δ(x)g1 (x) · · · gn (x) = β(x)h1 (x) · · · hm (x) with δ(x) and β(x) units in R[x] and gi (x), hj (x) are regular, primary pairwise relatively prime polynomials, then n = m and (gi ) = (hi ), 1 ≤ i ≤ n, by a suitable relabeling.

3.3. R-ALGEBRA AUTOMORPHISMS OF R[X]

51

Proof: 1. Let f (x) be regular in R[x]. Since µ(f (x)) 6= 0 in K[x], µ(f (x)) = δ ph1 1 (x) · · · phnn (x), with δ ∈ K, hi ∈ IN and pj (x) irreducible, pairwise relatively prime polynomials in K[x]. Consequently, h the pj j (x)’s are primary and regular polynomials in K[x]. By the generalized Hensel lemma, (f (x)) = δ(x)p1 (x) · · · pn (x), where µ(δ(x)) = δ(x) h and µ(pj (x)) = pj j (x), 1 ≤ j ≤ n. It is straightforward to verify that the pj (x)’s are regular, primary, pairwise relatively prime polynomials. 2. One can proceed as in the case of F[x], F a field (Sect. 1.3), but in this case everything is translated in terms of principal ideals; i.e., if (g1 ) · · · (gn ) = (h1 ) · · · (hm ), then n = m and after a suitable ordering (gi ) = (hi ), 1 ≤ i ≤ n. ✷ Observe that a regular polynomial f (x) ∈ R[x] is primary if and only if µ(f ) is primary in K[x]; this means that µ(f ) = δg h , where δ ∈ K∗ and g ∈ K[x] is an irreducible polynomial. We can give the following Definition 3.2.12 (see also [56]) A regular, irreducible polynomial f (x) in R[x] is basic irreducible if µ(f (x)) ∈ K[x] is irreducible in the Euclidean ring.

3.3

R-algebra Automorphisms of R[x]

In this section we want to determine the structure of the R-algebra automorphisms of R[x], where R is a local ring with maximal ideal M and residue field K. For this theory in the case of a general commutative ring see [26]. As in [56], we start with the following: Lemma 3.3.1 Let f (x) and g(x) be non-trivial polynomials in K[x] of degrees n and m, respectively. The polynomial h(x) := g(f (x)) ∈ K[x] is of degree nm; furthermore, f (x) generates K[x] over K if and only if deg(f ) = 1, i.e. f (x) = a0 + a1 x with a1 6= 0. Proof: The first statement is obvious; if f (x) generates K[x] over K, then there exists a polynomial g(x) such that x = g(f (x)) and, if deg(f ) = n and deg(g) = m, then mn = 1. Therefore, f (x) = a0 + a1 x with a1 6= 0. Conversely, if f (x) is of such a form, then x ∈ K[f (x)] i.e. K[f (x)] = K[x]. ✷ An immediate consequence of this lemma is that each automorphism of the K-algebra K[x], σ : K[x] −→ K[x], is of the form σ(x) = a0 + a1 x, with a1 6= 0.

52


Next, consider the R-algebra R[x] and a R-morphism σ : R[x] −→ R[x]. It is obvious that the action of σ is uniquely determined by the image of x under σ. If f (x) ∈ R[x], the R-morphism induced by x −→ f (x) will be denoted by σf . If σf is a R-automorphism of R[x], then σf (M [x]) ⊆ M [x], hence the ideal M [x] is called characteristic in R[x]. This implies that σf induces a K-algebra automorphism σ f : K[x] −→ K[x], defined by σ f (h) = µ(σf (h)), where h(x) ∈ R[x] is such that µ(h(x)) = h(x) and µ : R[x] −→ K[x] is the standard epimorphism introduced in Sect. 3.2. It immediately follows that, if we consider the polynomial f (x) = a0 + a1 x + · · · + an xn ∈ R[x], σ f = σµ(f ) , hence σf induces the Kautomorphism σµ(f ) : x −→ µ(f (x)). Since σµ(f ) is an automorphism of K[x], µ(f (x)) = π(a0 )+π(a1 )x, where π : R −→ K = R/M . We conclude that a1 ∈ U (R), whereas a2 , . . . , an are nilpotent in R. Theorem 3.3.2 Let f (x) = a0 + a1 x + · · · + an xn ∈ R[x]. The map σf : x −→ f (x) induces an automorphism of the R-algebra R[x] if and only if a1 is a unit and a2 , . . . , an are nilpotent elements. Each R-algebra automorphism of R[x] is of the form σf , for some f (x) ∈ R[x]. Proof: We only have to show the sufficiency of this condition. Take f (x) = a0 + a1 x + · · · + an xn such that a1 ∈ U (R) and aj ∈ M = N il(R), 2 ≤ j ≤ n. Since R[f (x)] = R[a−1 1 (f (x) − a0 )], w.l.o.g. we may assume that a0 = 0 and a1 = 1. Thus, f (x) = x + · · · + an xn . By using g(x) := f (x) − a2 (f (x))2 − · · · − an (f (x))n , we obtain that g(x) = x + b2 x2 + · · · + bs xs , where bi ∈ M 2 , 2 ≤ i ≤ s. Since M is a nilpotent ideal of R, by a finite number of iterations of this process, we get x ∈ R[f (x)], i.e. σf is surjective. To prove the injectivity, consider g(x) = g0 + g1 x + · · · + gs xs ∈ R[x] such that σf (g(x)) = 0, i.e. g0 +g1 f +· · ·+gs f s = 0. Now a0 = 0 implies that g0 = 0 and (g1 + g2 f + · · · + gs f s−1 )f = 0. Since a1 is a unit, f (x) ∈ R[x] is not a zero-divisor (by Prop. 3.2.4), so (g1 +g2 f +· · ·+gs f s−1 ) = 0. Repeating the argument shows that g1 = g2 = · · · = gs = 0, i.e. g(x) = 0; this implies that σf is injective. ✷

3.4. FACTORIZATION IN R[X]

53

We end this section with a final remark. Let Φ be an automorphism of R and f (x) ∈ R[x] an arbitrary polynomial. We define the ring morphism σΦ,f : R[x] −→ R[x] by σΦ,f (

s X

ai xi ) :=

s X

Φ(ai )(f (x))i .

i=1

i=1

Theorem 3.3.3 (i) σΦ,f is injective if and only if σf is. (ii) σΦ,f is surjective if and only if σf is. Proof: For the injectivity, one implication is straightforward; conversely, P P if σΦ,f is injective and si=1 ai (f (x))i = 0, then σΦ,f ( si=1 Φ−1 (ai )xi ) = 0, i.e. Φ−1 (ai ) = 0 which implies ai = 0, 1 ≤ i ≤ s. The surjectivity follows from the fact that Im(σΦ,f ) = R[f ]. ✷

3.4

Factorization in R[x]

We want to find a way to factor a given polynomial in R[x]. To do this we need to extend the classical congruence theory. As usual, R will denote a finite local ring with maximal ideal M and residue field K. Definition 3.4.1 Let D be an integral domain and f (x) = an xn + an−1 xn−1 + · · · + a0 ∈ D[x]. The formal derivative of f (x) is the polynomial f ′ (x) = nan xn−1 + · · · + a1 ∈ D[x]. We can use also the symbol

df dx

to denote this first derivative. The k-th

derivative of f (x) is the polynomial dk f dxk

=

d(f (k−1) ) . dx

dk f dxk

(or f (k) ) inductively defined by

Observe that the notion of a polynomial derivative is formally introduced, without any use of differential calculus concepts. However, if the characteristic of D is p and p divides the degree n of the polynomial, then f ′ (x) has degree less than n − 1. For instance, the polynomial F (x) = xp − x ∈ Fp [x] is of degree p but its derivative F ′ (x) = −1 = p − 1 ∈ Fp is a constant polynomial.

54


Denote by h the nilpotence class of M , i.e. h ∈ Z+ is the least positive integer such that M h = 0. We get a natural sequence of ring morphism: σh−2

σh−1

σ

σ

σ

2 h 1 K = R/M −→ R = R/M h −→ R/M h−1 −→ R/M h−2 −→ · · · −→ 0.

With any of these ring morphisms a natural morphism is associated, namely πi : R/M i −→ R/M = K, 1 ≤ i ≤ h. The kernel of σi is M i−1 /M i , for each i, and it is also a K - vector space, where the K - action is given by: αm := αm, where m ∈ M i−1 /M i , α ∈ R/M i , πi (α) = α.

(3.2)

Since the kernel of πi is M/Mi , this K-action is well-defined. For the sake of simplicity, the morphisms σi and πi will simply be denoted by σ and π, respectively. At the same time we will write σ ˜ and π ˜ to denote the extensions of σi and πi to their respective polynomial rings. The fundamental idea is to generate the roots of a polynomial f (x) ∈ (R/M i )[x] from those of σ ˜ (f ) ∈ (R/M i−1 )[x]. Let t be dimK (M i−1 /M i ) and {v1 , . . . , vt } be a K-basis for M i−1 /M i . Let a be an element of R/M i−1 which is a root of σ ˜ (f (x)) ∈ (R/M i−1 )[x] and suppose that σ(a) = a for some a ∈ R/M i . Let b = a + η; our aim is to choose η ∈ M i−1 /M i in such a way that f (b) = 0. Since M i−1 /M i is nilpotent of class two, i.e. (M i−1 /M i )2 = 0, f (b) = f (a + η) = f (a) + ηf ′ (a) + η 2 Q = f (a) + ηf ′ (a), where f ′ (x) ∈ (R/M i )[x] is the formal derivative of f (x) and Q ∈ R/M i . It follows that f (b) = 0 ⇔ f (a) = −ηf ′ (a); since η ∈ M i−1 /M i , by (3.2) this means that f (a) = −π(f ′ (a))η. Further, f (a) belongs to the vector space M i−1 /M i since (˜ σ f )(a) = 0. The chosen basis for this vector space determines the followig relations: f (a) =

t X

αi vi , η =

i=1

t X i=1

βi vi , αi , βi ∈ K.

Consequently, 0 = f (b) =

t X i=1

αi vi + π(f ′ (a))(

t X i=1

βi vi ) =

t X i=1

(αi + π(f ′ (a))βi )vi ,


55

hence αi + π(f ′ (a))βi = 0, for each i ∈ {1, . . . , n}. Three cases may occur: (i) f ′ (a) is a unit, so π(f ′ (a)) 6= 0 and each βi is uniquely determined; hence, there exists a unique b ∈ R/M i which is a root for f (x) ∈ R/M i [x] and satisfies σ(b) = a; (ii) f ′ (a) is an element of M/M i and the linear combination above admits (at least) one αj 6= 0, for some j. In this case no root (mapping to a) exists for f (x). (iii) f ′ (a) belongs to M/M i and βj = 0, for all j ∈ {1, . . . , t}; this implies that f (a + η) = 0 for each η ∈ M i−1 /M i . Thus, there exist |M i−1 /M i | = |K|t roots bs for f (x) such that σ(bs ) = a, in this case. Observe that all roots of f (x) are obtained in this way; in fact, if f (a) = 0 for a fixed polynomial f (x) ∈ (R/M i )[x] and for a ∈ R/M i , then σ(a) = a is a root of σ ˜ (f (x)) ∈ (R/M i−1 )[x]. Therefore, the problem of finding the roots of a given polynomial f (x) reduces to that of finding those of π ˜ (f (x)) in the residue field. By taking into account what we have observed here and in the previous sections, we can deduce some properties of the ring R[x] which extend the properties of U.F.D.’s or P.I.D.’s, considered in Chapter 1. Indeed, in the polynomial ring R[x] we make the following Definition 3.4.2 A polynomial f is a proper divisor of the polynomial g if (g) ⊂ (f ). Observe that, if g is a regular polynomial, then f is a proper divisor of g if and only if f is a divisor of g and µ(f ) divides µ(g) in the Euclidean domain K[x] (where µ : R[x] −→ K[x] is the usual epimorphism defined in Sect. 3.2). Proposition 3.4.3 Let f (x), g(x) be regular associated polynomials in R[x]. Then f (x) = δ(x)g(x), where δ(x) is a unit in R[x]. Proof: As in Section 3.2, two regular polynomials are associates in R[x] if they generate the same ideal, i.e. (f (x)) = (g(x)) ⊂ R[x]. This implies that these polynomials are proper divisors of each other, so f = µ(f ), g = µ(g) ∈ K[x] are associates in the Euclidean domain K[x], hence δ ∈ K must exist such that f (x) = δg(x). Now we can proceed as in Theorem 3.2.6 to lift this equality in K[x] to R[x]. By recalling that M [x] is a nilpotent ideal in R[x], one can find a suitable δ(x) ∈ R[x] satisfying the statement such that µ(δ(x)) = δ ∈ K; by 3.2.2, δ(x) is a unit in R[x]. ✷

56


Proposition 3.4.4 (Euclidean Algorithm) Let f (x), g(x) be nonzero polynomials in R[x]. If g(x) is a regular polynomial,then there exist q(x), r(x) ∈ R[x] such that f (x) = g(x)q(x) + r(x), with deg(r) < deg(g) or r(x) = 0. Proof: In the previous proposition we considered the particular case when f (x) and g(x) are associates in R[x], then q(x) = δ(x) and r(x) = 0. Now, let f (x) and g(x) be polynomials in the ring R[x] such that g(x) is regular. If we consider their images in K[x], viz. f (x) = µ(f (x)) and g(x) = µ(g(x)) 6= 0, then q(x), r(x) ∈ K[x] exist such that deg(r(x)) < deg(g(x)), or r(x) = 0, and f (x) = g(x)q(x) + r(x), since K[x] is a Euclidean domain. Observe that if f (x) is nilpotent, then f (x) = q(x) = r(x) = 0 (by Prop. 3.2.3), whereas, if f (x) is a unit, then q(x) = 0 and r(x) = f (x) = k ∈ K (by Prop. 3.2.4). Another application of the Generalized Hensel Lemma (3.2.6) shows the statement. We leave the technical part to the reader. Observe that the equality f (x) = g(x)q(x) + r(x) is not uniquely determined, i.e. the polynomials q(x), r(x) are not unique. ✷ Other important consequences of our definitions are the following. Proposition 3.4.5 Let R and S be two finite, commutative, local rings such that R ⊂ S. If a is an element of S, then there exists a unique monic polynomial f (x) ∈ R[x] such that f (a) = 0. Proof: The statement is obvious if a ∈ R. Suppose that a ∈ S \R. Since S is a finite ring, there exists only a finite number t of distinct powers of a. Let T be the free R-module generated by all these powers; then R ⊂ T ⊂ S, so it is sufficient to observe that at+1 must be expressed as a polynomial, in the t distinct powers of a, with coefficients from R. This implies that at+1 = p(a), i.e. a is a root of the monic polynomial f (x) = xt+1 − p(x). ✷ Thus, if R and S are two local rings such that R ⊂ S and if a ∈ S, what we proved in Proposition 3.4.5 guarantees the existence of a monic polynomial f (x) ∈ R[x] such that f (a) = 0. We get an R-algebra epimorphism φa : R[x]/(f (x)) −→ R[a] ⊂ S. Since f (x) is a monic polynomial, it is regular (see Prop. 3.2.4); so, by Proposition 3.4.4, the elements of the quotient ring are represented


57

by all the polynomials r(x) ∈ R[x] such that deg(r(x)) < deg(f (x)), therefore we may define φa (r(x)) := r(a). The other fundamental remark stems from what we observed after Lemma 3.2.10 about the maximal ideals of the ring R[x]; indeed, they are all of the form J = (M, f (x)), where M ⊂ R is its maximal ideal and f (x) ∈ R[x] is a polynomial such that µ(f (x)) = f (x) ∈ K[x] is irreducible over K. This determines the isomorphism R[x]/(M, f (x)) ∼ = K[x]/(f (x)),

(3.3)

which will play a fundamental role in the Galois ring theory. Proposition 3.4.6 If f (x), g(x) ∈ R[x] are regular, monic polynomials which are associates in R[x], i.e. (f (x)) = (g(x)), then f (x) = g(x). Proof: If f (x) and g(x) are associates in R[x], then there exists δ(x) ∈ U (R[x]) such that f (x) = δ(x)g(x) (see Prop. 3.4.3); by Proposition 3.2.2 and the definition of µ, we have f (x) = δg(x) in K[x], where δ ∈ K∗ . Since f (x), g(x) are monic polynomials in K[x], δ = 1, so f (x) = g(x). As in the proof of Proposition 3.4.3, we can deduce the existence of a unit δ(x) ∈ R[x] such that f (x) = δ(x)g(x), where δ(x) of the form δ(x) = a0 + a1 x + . . . + at xt , a0 ∈ U (R) and aj ∈ N il(R), 1 ≤ j ≤ t. Since f (x) and g(x) are monic, δ(x) = 1. ✷ We conclude with a crucial remark on the R-algebra of polynomials R[x]. Proposition 3.4.7 Let f (x) = a0 + a1 x + · · · + an xn be a polynomial in R[x]; if the morphism σf is onto, then a1 is a unit in R and a2 , . . . , an are nilpotent. Therefore, if σf is onto, then it is also injective, so it is an automorphism of the R-algebra R[x]. Proof: Suppose that σf is surjective; if r ∈ R and u ∈ U (R), then σr+f and σuf are epimorphisms of R[x]. W.l.o.g. we may consider f˜(x) = −a0 + f (x) = a1 x + a2 x2 + · · · + an xn ; there must exist a polynomial g(x) = b0 + b1 x + · · · + bm xm ∈ R[x] such that σf˜(g(x)) = g(f˜(x)) = x ∈ R[x]. Therefore, x = b0 + b1 (a1 x + · · · + an xn ) + b2 (a1 x + · · · + an xn )2 + · · · + bm (a1 x + · · · + an xn )m , i.e. b0 a 1 b1 a 2 b1 + b2 a 1 .. .

= = = .. .

0 1 0 .. .

58


This implies that a1 ∈ U (R) and a2 , . . . , an ∈ J(R), so, by Theorem 3.3.2, σf˜ (hence σf ) is an automorphism. ✷

Chapter 4

SEPARABLE EXTENSIONS OF FINITE FIELDS AND FINITE RINGS In this chapter we want to deal with separable extension theory, since it will be a fundamental tool to describe the Galois extensions of local rings and to construct Galois rings in the subsequent chapters. We start by recalling the main ideas of the abstract theory of this kind of extensions in the case of fields (see, for example, [44] or [64]), with a particular interest in finite fields. After that, we shall consider the separable extensions of finite, local rings ([56]); we will give the crucial definition of unramified extension of a local ring and then show the equivalence of these two notions. This will lead us to the characterization theorem of separable extensions of finite, local rings and provide some particularly interesting examples.

4.1

Separable Field Extensions

Before developing the theory of separable extensions of fields, we want to recall some fundamental definitions. Proposition 4.1.1 Let F be a field and f (x) ∈ F[x] a polynomial. There exists a field K such that F ⊆ K and f (x) splits, over it, into linear factors. Proof: See, for example, [3] or [31]. 59

✷

60

CHAPTER 4. SEPARABLE EXTENSIONS

Definition 4.1.2 Let F ⊆ K be a field extension such that a polynomial Q f (x) ∈ F[x] factors, over K, as f (x) = ni=1 (x − αi ), αi ∈ K, and K = F(α1 , . . . , αn ). We say that K is the splitting field of f (x). This splitting field is, essentially, unique ([44] or [64]). Recall that we have already introduced, in 1.3.11, the definitions of algebraically closed field and algebraic closure of an arbitrary field K. Theorem 4.1.3 Given any field K, then 1. There always exists an algebraic closure, denoted by K; 2. If K ⊆ H is an algebraic field extension and if each polynomial f (x) ∈ K[x] completely factors over H, then there exists a Kisomorphism (i.e. an isomorphism that fixes K elementwise) of H onto K; 3. The algebraic closure of the field K is unique up to isomorphism. Proof: The proof of the existence of such an algebraic closure is based on a transfinite construction. See, for example, [3],[7] or [22]. ✷ In conclusion, given a field K, it is always possible to consider its algebraic closure K. Therefore, we will suppose, for simplicity, that all fields considered are contained in a suitable field E, which is algebraically closed. Definition 4.1.4 Let F be a field which is contained in an algebraically closed field E. i) A polynomial f (x) ∈ F[x] is said to be separable over F if its roots, as elements of E, are all distinct. ii) a ∈ E is a separable element over F if its minimal polynomial (Section 1.3) fa (x) ∈ F[x] is separable. iii) An algebraic extension field F ⊆ K is a separable extension if each element a ∈ K is separable over F. Another important notion in extension theory is the definition of normal or Galois extension. Given K, H and F fields such that K ⊂ H and K ⊂ F, we say that a field homomorphism φ : H −→ F is a Kmorphism if φ |K = idK . An extension field K ⊆ F is normal if each K-monomorphism ϕ : F −→ E is an automorphism (i.e. ϕ(F) = F). Let E be an algebraically closed field, with positive characteristic p, and φ1 : E −→ E

4.1. SEPARABLE FIELD EXTENSIONS

61

the first Frobenius automorphism (see in the proof of Theorem 2.3.5) defined by φ1 (a) = ap , ∀a ∈ E. The field φ1 (E) is algebraically closed, since it is isomorphic to the field E but, at the same time, it is an algebraic extension of E; e.g., if a ∈ E, then a is a root of the polynomial xp − ap ∈ φ1 (E)[x]. It follows that φ1 (E) = E. 1/p the preimage, under Instead of φ−1 1 (a) ∈ E, we will denote by a φ1 , of an element a ∈ E; therefore, given a field K ⊆ E, we will write Kp and K1/p instead of φ1 (K) and φ−1 1 (K), respectively. Proposition 4.1.5 Given a field K, the following conditions are equivalent: 1. K = Kp ; 2. K = K1/p ; 3. Every algebraic extension of K is separable. Proof: 2. ⇒ 3. Let a be algebraic over K and f (x) = xn + b1 xn−1 + ... + bn its minimal polynomial over K; if f (x) is not a separable polynomial, then f (x) = h(x)p ([36], pag. 146), where h(x) is a polynomial with coefficients from K1/p . By hypothesis K = K1/p , then h(x) ∈ K[x] which contradicts the irreducibility of f (x) over K. 3. ⇒ 1. Let a ∈ Kp and F = K(a) be separable over K, i.e. F is a simple separable extension of K; so, a ∈ Kp ∼ = K and, also, a ∈ F = K(a); this means a ∈ K. 1. ⇒ 2. Since φ−1 1 φ1 (K) = K, we have that φ1 (K) = K. Therefore, −1 1/p φ1 (K) = K = K. ✷ Definition 4.1.6 A field K is called perfect if it satisfies one of the conditions in Prop. 4.1.5 (see [7] or [64]). Other methods to construct perfect fields are given by the next theorem. Theorem 4.1.7 (1) Every algebraically closed field, as well as every finite field, is a perfect field. (2) If K is perfect and F is algebraic over K, then F is a perfect field.

62


Proof: (1) We have already observed that an algebraically closed field is certainly perfect. If K is a finite field, since the first Frobenius homomorphism is injective, it must be bijective, then K is perfect. (2) Let a ∈ F and consider H = K(a); since φ1 is an isomorphism, it is clear that [Hp : Kp ] = [φ1 (H) : φ1 (K)] = [H : K], where [H : K] denotes the extension degree. By hypothesis, Kp = K and it is obvious that Hp ⊆ H, so Hp = H. In particular, there exists b ∈ H such that a = bp . ✷ The fundamental consequence of this last result is that every algebraic extension of a finite field is a separable extension, since any finite field is perfect. Moreover, in the case of finite extensions, i.e. K ⊂ F such that [F : K] = dimK F is finite, we have a stronger result.

Proposition 4.1.8 Let K ⊂ F be a field extension. If K ⊂ F is finite and separable, then it is simple. Moreover, if K is a finite field, it is enough to assume K ⊂ F finite to get the statement. Proof: This depends on a more general result in field extension theory. Indeed, suppose to have a field extension K ⊂ F (K not necessarily a finite field) such that [F : K] < ∞ and let a ∈ F. Since the elements 1, a, a2 , . . . , an ∈ F can not be linearly independent over K for each P n, we must have ni=0 αi ai = 0, where n ∈ IN and αi ∈ K s.t. αi 6= 0 for some i ∈ {0, . . . , n}. This implies that each element of F is algebraic over K, i.e. K ⊂ F is an algebraic extension. Therefore, if K is also a finite field, Theorem 4.1.7 ensures us that K ⊂ F is separable. In the infinite case we have to add to the hypotheses the separability of the extension to prove the statement. Since we are interested in the finite case, we only focus on this part and refer the reader to [36] for the general treatment. Thus, consider K a finite field and K ⊂ F a finite extension; then, F is a finite field, separable over K. In Theorem 2.1.3 we recalled that the multiplicative group of a finite field is a cyclic group, therefore there exists ω ∈ F∗ such that F∗ =< ω >; so, a fortiori, F = K(ω). ✷ In the next section we will generalize the notion of a separable extension to finite, commutative rings, and, in particular, to finite, local rings, which will be a corner stone for our future analysis of Galois rings.

4.2. EXTENSIONS OF RINGS

4.2

63

Extensions of Rings

In the previous section we recalled the main properties of field extensions. Now, we will state analogous propositions in the case of rings ([56]). As usual, the rings considered will be commutative and with identity. Definition 4.2.1 Let R and S be two rings. We say that S is an extension of R if R ⊆ S. Moreover, if T is a non-empty subset of S of finite cardinality, the ring it generates is the smallest subring of S, A, such that R ∪ T ⊆ A ⊆ S. Observe that it makes sense to give such a definition, since A may coincide with S. Obviously, if T ⊆ R, then A = R. Therefore, it is interesting to consider sets T which are not contained in R. Consequently, w.l.o.g., we will set R ∩ T = ∅. Therefore, A properly contains R and is contained in S. Furthermore, it is possible to explicitly determine the elements of A. Theorem 4.2.2 Let R and S be two rings such that R ⊂ S. By choosing T = {t1 , . . . , tk } ⊂ S, the elements of the ring A are of the form X

an1 ...nk tn1 1 · · · tnk k , with an1 ...nk ∈ R and tj ∈ T, 1 ≤ j ≤ k.

Proof: Observe that elements of this kind form a ring, B, such that R ⊂ B ⊂ S; e.g., both the difference and the product of two elements of this kind are elements of the same kind. Moreover, by construction, R ⊂ B ⊂ S and T ⊂ B. Finally, if C is a ring containing T , since C is closed with respect to difference and product, then B ⊂ C, which completes the proof. ✷ A particularly important case occurs when the set T is a singleton, i.e. T = {a}. In this case, we write A = R(a). As in the field case, we have the following: Definition 4.2.3 An extension of the form R ⊂ R(a) is said to be simple. Clearly, if R is a commutative ring with identity, so is R(a). MoreP over, by Theorem 4.2.2, an element of R(a) is of the form rj aj , where rj ∈ R. In the case of a field K, we have already seen how the concept of simple extensions is strictly related to the concept of quotients of the polynomial ring K[x]. On the other hand, in the ring case this link is not so evident and, sometimes, we cannot even consider it because, when

64


R is an arbitrary commutative ring, R[x] does not have the same properties as the Euclidean ring K[x]. However, it is possible to develop an analogous theory in the case of a finite, local ring R. We shall see, in the next section, that, for such rings, their separable extensions can be characterized. Definition 4.2.4 Let R and S be two finite, local rings with residue fields K and K, respectively, such that R ⊆ S; S is a separable extension of R if K is a separable extension of K (in the sense of field extensions). We know that if R and S are finite, local rings with K and K residue fields, respectively, then K = R/m and K = S/M , where m and M are the maximal ideals of R and S. The following result gives a characterization of separable ring extensions in terms of maximal ideals. Theorem 4.2.5 Let R and S be as in Definition 4.2.4, with R ⊂ S; then S is a separable extension of R if and only if mS = M , i.e. the extension is unramified. Proof: ⇐) If mS = M , then R/m and S/mS are finite fields satisfying K ⊆ K; from Proposition 4.1.5 and Theorem 4.1.7 the assertion follows. ⇒) Conversely, assume that R ⊂ S is a separable ring extension; then R/m ⊂ S/M is a separable field extension. But, mS is a prime ideal, therefore S/mS is a field (Theorem 2.3.9). Thus, the ideal mS is maximal, so that mS = M , since S is a local ring. ✷ Therefore, it is possible to ”work” very easily with extensions of finite, local rings, establishing when an extension is a separable one. To do this, we need to recall the following important result. Lemma 4.2.6 (Nakayama’s lemma) Let R be a commutative ring with identity. Assume that M is a finitely generated R-module and J is an ideal of R. If JM = M , then M = 0. Proof: Suppose that M 6= 0; denote by {m1 , . . . , mn } a minimal set of generators of M as an R-module. As JM = M , we may write m1 = s1 m1 + . . . + sn mn for some si ∈ J, 1 ≤ i ≤ n. Then, (1 − s1 )m1 = s2 m2 + . . . + sn mn ;

4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS

65

since s1 is an element of J, from Prop. 1.2.10 it follows that 1 − s1 is a unit (R is a local ring). Thus m1 ∈ Rm2 + · · · + Rmn which contradicts the minimality of the set of generators. ✷ Theorem 4.2.7 (of the primitive element) Each separable extension of a finite, local ring is simple. Proof: Let R ⊂ S be a separable extension. Thus, K ⊂ K is a finite, separable field extension; therefore, by Proposition 4.1.8, there exists a ∈ K such that K = K(a). Let a ∈ S be one pre-image, under the canonical epimorphism µ : S −→ K, of a. From Theorem 4.2.5 it follows that S/mS = (R/m)(a); this means that S = R(a) + mS. Observe that S and R(a) are finitely generated R-modules, thus m(S/R(a)) = (mS + R(a))/R(a) = S/R(a), and the statement follows from Lemma 4.2.6; in fact, the R-module S/R(a), finitely generated over R, is the null module, then S and R(a) coincide as local rings. ✷

4.3

Separable Extensions of Finite Commutative Local Rings

This section provides a fundamental theorem on separable extensions of local rings. Theorem 4.3.1 Let R and S be two finite, commutative, local rings with maximal ideals m and M and residue fields K and K, respectively, such that R ⊂ S. The local ring S is a separable extension of R if and only if S ∼ = R[x]/(f (x)) (as R-algebras), where f (x) is a monic, basic irreducible polynomial, i.e. µ(f (x)) ∈ K[x] is an irreducible polynomial (see Definition 3.2.12). Proof: ⇒) Suppose that S is a separable extension of R. Write K = S/M and K = R/m, then mS = M , which means that the ring extension is unramified. By Theorem 4.2.7, there exists an element w ∈ S such that S = R[w]. It follows that also K = S/M is a simple extension of K = R/m; more precisely, K = K[w], with w ∈ K such that µ(w) = w, where, again, µ is the epimorphism µ : S −→ S/M = K.

66


Let f (x) ∈ K[x] be the minimal polynomial of w; therefore f (x) is irreducible. Let h(x) ∈ R[x] be a monic pre-image of f (x) such that deg(h) = deg(f ); h(x) is an irreducible polynomial in R[x], as µ(h) = f ∈ K[x] (Theorem 3.2.9). Since w is a pre-image of w ∈ K, h(w) ∈ R[w]; P i thus, as [K : K] = deg(h) = n, h(w) = n−1 i=0 mi w , with mi ∈ m ⊂ R, w a pre-image of w and f (w) ∈ mS = M . P i Choose g(x) = n−1 i=0 mi x and f (x) := h(x) − g(x). It follows that deg(f ) = deg(h) = n and the leading coefficient of f is the same as that of h, i.e. 1 ∈ R. Since f (w) = 0, µ(f ) = f ∈ K[x], then f (x) ∈ R[x] is a monic, basic irreducible polynomial. The ideal it generates in R[x] is a proper ideal, because the leading coefficient of f (x) is a unit. The natural morphism, defined by R[x] −→ S = R[w] x −→ w is consistent with the quotient morphism, which determines an epimorphism of R-algebras, i.e. ϕ : R[x]/(f (x)) −→ S = R[w]. Now we have to check that R[x]/(f (x)) is a ring with the same cardinality as S, so ϕ will be an isomorphism of R-algebras. We recall that, as we have seen in Chapter 3 for regular polynomials, f (x) is a polynomial for which we can define the Euclidean division, which gives R[x]/(f (x)) = {r(x) ∈ R[x] | 0 ≤ deg(r) < deg(f )}. It follows that the rings R[w] and R[x]/(f (x)) are equipotent, and, therefore, ϕ is an isomorphism, i.e. R[x]/(f (x)) ∼ = S = R[w]. ⇐) Assume that there exists a monic, irreducible polynomial of degree n, f (x) ∈ R[x], such that S = R[x]/(f (x)). We have to show that the extension R ⊂ S is separable over R, or, equivalently, that it is unramified, i.e. mS = M . Since R is a local ring with maximal ideal m ⊂ R, we have already observed that m[x] ⊂ R[x] is an ideal in the polynomial ring, with coefficients from R, such that R[x]/m[x] ∼ = K[x]. Therefore, the ring S = R[x]/(f (x)) is local; e.g., let m ⊂ R be the maximal ideal of R, then the ideal M := (m, f (x))/(f (x)) ⊆ R[x]/(f (x)) = S is maximal (see (3.3)); in fact, R[x] (m, f (x)) ∼ / = R[x]/(m, f (x)) ∼ = K[x]/(µ(f (x))) ∼ =F (f (x)) (f (x))

4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS

67

is a field. Obviously, by construction, mS = M = (m, f (x))/(f (x)); we have to verify that M is the only maximal ideal of S, so that S will be a local ring and the extension R ⊂ S will be unramified, i.e. separable. The uniqueness of this maximal ideal follows from 3.2.11. ✷ A polynomial f (x) ∈ R[x] is a local polynomial if the quotient ring R[x]/(f (x)) is a local extension of R. A regular polynomial h(x) is a separable polynomial if R[x]/(h(x)) is a local, separable extension of R. Obviously, if f (x) is a separable polynomial and f ∗ (x) ∈ R[x] is a monic, regular polynomial such that µ(f ) = µ(f ∗ ), then (f (x)) = (f ∗ (x)) ⊆ R[x]. In this sense, the separable polynomials are the basic irreducible polynomials; more precisely, the following notions are equivalent: (a) f is separable; (b) f is basic irreducible; (c) µ(f ) is irreducible. Theorem 4.3.2 A regular polynomial is local if and only if µ(f ) is a power of an irreducible polynomial in K[x]. Proof: ⇒) If µ(f ) were not a power of an irreducible polynomial in K[x] then, by 3.2.6, f (x) would not be local in R[x]. ⇐) Suppose f is not local; then R[x]/(f ) decomposes as a direct sum of proper ideals. Thus f and, consequently, µ(f ) factor into relatively prime polynomials. ✷ Corollary 4.3.3 If f is a regular, irreducible polynomial in R[x], then R[x]/(f n ) is a local ring for any positive integer n.

68


Chapter 5

GALOIS THEORY FOR LOCAL RINGS In this chapter we want to extend some classical results of the Galois theory of fields to finite, local rings. For general ideas on Galois theory and related topics (Abel-Ruffini’s Theorem, cyclotomic extensions and so on) the reader is referred to [2], [24] or [64]. For interesting examples and a historical point of view of this theory we suggest [22] and [68].

5.1

Basic Facts

Let R and S be two finite, commutative, local rings such that R ⊂ S. In this situation, we can generalize to the ring case the definition of K-morphism given in Section 4.1. Definition 5.1.1 An R-automorphism ϕ of S is an automorphism ϕ : S → S such that ϕ|R = 1R , where 1R is the identity map on R. From now on, S and R will denote two finite, commutative, local rings with maximal ideals M and m and residue fields K = S/M and K = R/m, respectively. We recall that, if H is a group of R-automorphisms of S, then the set S H := {s ∈ S | σ(s) = s, ∀σ ∈ H} is a ring with respect to the operations on S. Therefore, if S is an extension of R, it makes sense to give the following definition. Definition 5.1.2 S is a Galois extension of R, with Galois group G, if G is a group of R-automorphisms of S such that 69

70

CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS (i) S G = R; (ii) S is a separable extension of R.

In the remaining part of this section we describe the basic tools to construct Galois extensions of rings, whereas in Section 5.2 some important examples and some related questions will be dealt with. Lemma 5.1.3 Let f (x) be a regular polynomial in R[x] and suppose that µ(f (x)) has a simple root α in K, where µ is again the epimorphism µ : R −→ K. Then f (x) admits one and only one root α in R, s.t. µ(α) = α. Proof: By hypothesis, µ(f (x)) = (x − α)h(x), with h(x) ∈ K[x]. By Hensel’s Lemma 3.2.6, f (x) = (x − α + g1 (x))(h(x) + g2 (x)), where g1 (x), g2 (x) ∈ m[x] and µ(h(x)) = h(x). If g1 (x) = an xn +. . .+a0 , with ai ∈ m, then x − α + g1 (x) = an xn + . . . + a2 x2 + (a1 + 1)x + (a0 − α). By Theorem 3.2.8, there exists an invertible element e(x) in R[x] such that x − α + g1 (x) = e(x)(x − β)

with β ∈ R and µ(β) = α = µ(α). Therefore, f (x) = e(x)(x − β)(h(x) + g2 (x)) and β is the desired root. If β ′ were another root of f (x) such that µ(β ′ ) = α, then we would have 0 = f (β ′ ) = (β ′ − β)g(β ′ ),

with g(x) = (h(x) + g2 (x))e(x). On the other hand, µ(g(β ′ )) = h(α) 6= 0, since α is a simple root of f (x). Therefore, g(β ′ ) is a unit and β ′ = β. ✷ Now, we want to consider the ”lifting” theorem which allows to extend automorphisms of R to R-automorphisms of S. This is a generalization of what occurs in the Galois theory of fields ([7], [22] or [44]). Theorem 5.1.4 Let S be a separable extension of R and let T be a commutative, local ring, R ⊂ T , with residue field K. Then, for each Kisomorphism σ : K −→ K, there exists a unique R-morphism σ : S −→ T that induces σ, modulo the maximal ideals of Sand T , respectively. Finally, σ is an R-isomorphism if and only if T is a separable extension of R.

5.1. BASIC FACTS

71

Proof: By hypothesis, K = K[a] is a separable extension of K, where a is a simple root of a monic, irreducible polynomial f (x) ∈ K[x]. If f (x) ∈ R[x] is such that µ(f (x)) = f (x), then, by Lemma 5.1.3, there exists a unique element a ∈ S such that f (a) = 0. Moreover, by the characterization of the separable extensions of local rings (see 4.3.1), S ∼ = R[x]/(f ), possibly by replacing f with a monic polynomial. It follows that {1, a, . . . , an−1 } is a basis of the free R-module S, where n = deg(f ). Let σ : K −→ K be a K-isomorphism and assume that σ(a) = a0 . Then K = K[a0 ] and a0 is a simple root of f (x). Again, Lemma 5.1.3. implies that f (x) has exactly one root a0 in T . In this way it is possible to naturally extend the map a −→ a0 to a morphism of R-algebras that induces σ. Conversely, if σ : S −→ T is an R-morphism, which induces σ : a −→ a0 over K, then, by Lemma 5.1.3, σ(a) is a root of f (x). On the other hand, σ(a) = a0 by uniqueness in Lemma 5.1.3. This shows that σ is uniquely determined modulo the maximal ideals. Finally, if σ is an R-isomorphism, then T is separable, since it is isomorphic to S. Viceversa, if T is separable, then T ∼ = R[x]/(f (x)) ∼ = S, therefore σ is an isomorphism. ✷ Corollary 5.1.5 Let S be a separable extension of R. Then, S is a Galois extension of R with Galois group GR (S) isomorphic to the Galois group GK (K). Proof: Since S is a separable extension of R, each K-isomorphism of GK (K) may be lifted to a unique R-isomorphism of S (see Theorem 5.1.4.). Moreover, each R-isomorphism of S is obtained in this way, since the correspondence of Theorem 5.1.4. is a bijection. To completely prove the assertion, it is sufficient to show that R = S G . Obviously, R ⊆ S G . On the other hand, if s ∈ S \ R, then one of the following is true: (i) s is a unit; (ii) s is not a unit. In the first case, σ(µ(s)) 6= µ(s), for some σ ∈ GK (K). Consequently, if σ ∈ GR (S) induces σ, then σ(s) 6= s. In the other case, 1 + s is a unit and 1 + s ∈ / R. By repeating the argument of the first case and by observing that σ(1) = 1 we now obtain σ(s) 6= s. This proves that if s ∈ S \ R, σ(s) 6= s, for some σ ∈ GR (S), that is S G ⊆ R. ✷ Now, we are able to characterize the Galois extensions of finite, commutative, local rings.

72

CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

Theorem 5.1.6 Let R be a finite, commutative, local ring and S a finite, local extension of R. Then S is a Galois extension of R if and only if S is a separable extension of R. Proof: ⇒) Obvious, by definition of a Galois extension (cf. Def. 5.1.2). ⇐) If S is a separable extension of R, then it suffices to apply Corollary 5.1.5. ✷ Corollary 5.1.7 S is a Galois extension of R if and only if S∼ = R[x]/(f (x)), where f (x) is a basic irreducible polynomial (which we always may assume to be monic) over R and GR (S) acts as a permutation group on the roots of the polynomial f (x). Proof: This immediately follows from Theorems 4.3.1, 5.1.4 and 5.1.6. ✷ Remark: Corollary 5.1.5 implies that | GR (S) |=| GK (K) |= [K : K] = deg(µ(f (x))) = deg(f (x)), where f (x) is a polynomial chosen as in Corollary 5.1.7. By Theorems 3.2.6 and 3.2.9(3) there is an irreducible pre-image over R for any polynomial irreducible over K; this proves the existence of a Galois finite, local ring extension of a given degree. We now show its uniqueness. Theorem 5.1.8 Let R be a finite, commutative, local ring and S a Galois extension of R, of degree n. Then S is unique, up to isomorphism. Proof: Assume there exist two distinct extensions of degree n of R, say S1 and S2 . By Theorem 4.2.7, there exist algebraic elements a1 and a2 over R, such that S1 = R(a1 ) and S2 = R(a2 ). By taking the residue fields and denoting by a1 and a2 elements such that µ(ai ) = ai , 1 ≤ i ≤ 2, we obtain that K(a1 ) ∼ = K(a2 ), which are two finite extensions, of degree n, of K (by Theorem 2.2.4). This implies that there exists an isomorphism Φ which maps a1 onto a2 ; moreover, if g(x), f (x) ∈ K[x] are the minimal polynomials of a1 and a2 , respectively, then Φ(f (x)) = (g(x)). By Hensel’s Lemma (3.2.6) and by Theorem 5.1.4, we can lift Φ to an isomorphism ∼ = ˜ : R(a1 ) −→ Φ R(a2 ).

This complete the proof. We conclude the section with the following definition.

✷

5.2. EXAMPLES. SPLITTING RINGS

73

Definition 5.1.9 An element a ∈ S is said to be R-separable if a is a root of a basic irreducible polynomial in R[x].

5.2

Examples. Splitting Rings

In this section we want to provide a class of examples of Galois extensions of local rings. We define the splitting ring of a basic irreducible polynomial of R[x], which plays the same role as the splitting field of an irreducible polynomial of K[x] ([56] and [17] respectively). The basic idea it to describe the Galois group of a separable extension of a local ring in terms of suitable powers of primitive elements of the extension (see Theorem 4.2.7). Lemma 5.2.1 Let S be a Galois extension of R and ω ∈ S the primitive element such that S = R[ω]. We denote by ω = ω1 , ω 2 , . . . , ωn (where n = dimR S) the n distinct images of the element ω = ω1 under the automorphisms in GR (S). If g(ω) = 0, for g(x) ∈ R[x], then g(x) is a multiple, in R[x], of the polynomial f (x) = (x − ω1 ) · · · (x − ωn ) ∈ R[x]. Proof: Obviously, the element ωi − ωj ∈ S is an unit of S, for i 6= j. If g(ω) = 0, then g(ωj ) = 0, for each j ∈ {1, . . . , n}, since 0 = σj (g(ω)) = g(σj (ω)) = g(ωj ). We can determine a polynomial p1 (x) ∈ S[x] such that g(x) = (x − ω1 )p1 (x) and, since g(ω2 ) = 0 and ω2 − ω1 ∈ U (S), p1 (ω2 ) = 0. Similarly, there exists a polynomial p2 (x) ∈ S[x] such that p1 (x) = (x − ω2 )p2 (x) and p2 (ω3 ) = 0. At the last step g(x) = f (x)pn (x) with pn (x) ∈ S[x]. However, since g(x), f (x) ∈ R[x] and f (x) is monic, pn (x) ∈ R[x]. ✷ Lemma 5.2.2 Let S be a Galois extension of R and f (x) ∈ R[x] be a monic, basic irreducible polynomial. If ξ and η are roots of f (x) ∈ S, then a monic, basic irreducible polynomial g(x) ∈ R[x] exists for which ξ |K| and η |K| are roots. ( We have denoted by | K | the cardinality of the residue field of R, i.e. K = R/m).

74


Proof: We can always determine a monic, basic irreducible polynomial in R[x] such that g(ξ |K| ) = 0 and µ(g) = µ(f ) ∈ K[x] (it is sufficient to transform f (x) by the automorphism Ψ : S −→ S, such that Ψ(s) = s|K| , for all s ∈ S; it follows that 0 = Ψ(f (ξ)) = g(ξ |K| ) and µ(g(x)) = µ(f (x)) ∈ K[x], since a|K| = a in K). Consider the polynomial h(x) = g(x|K| ). Obviously, h(ξ) = 0, and by the previous lemma, f (x) must divide h(x) in R[x]. Also, h(η) = 0, i.e. η |K| is a root of g(x). ✷ Theorem 5.2.3 Let S be a Galois extension of R. There exists an element ω ∈ S, which is a primitive element over R, such that the Rautomorphism σ of S, given by σ : ω −→ ω |K| , is a generator of the Galois group of the extension, GR (S). Proof: Let f (x) ∈ R[x] be a monic, basic irreducible polynomial of degree n and let ω ∈ S be one of its roots. Set A = {g ∈ R[x] | g(x) monic and µ(g) = µ(f ) ∈ K[x]}, B = {θ ∈ S | θ is a root of some polynomial in A} and B j = {θj | θ ∈ B}, 2

for j ∈ IN . Obviously, B ⊇ B |K| ⊇ B |K| ⊇ . . .. Moreover, if ω = µ(ω) ∈ K, since µ(f (x)) = (x − ω)(x − ω |K| ) · . . . · (x − ω |K|

n−1

)

t

and each element of B is a pre-image of some ω |K| , 0 ≤ t ≤ n − 1, then each element of B is of the form t

ω |K| + c, where c ∈ M and 0 ≤ t ≤ n − 1. The fact that the ideal M is nilpotent implies there exists an exponent s ∈ IN for B, such that B s = B s+1 = B s+2 = ... and B s has cardinality exactly n. By raising each element of B s to the | K |-th power, we obtain a permutation of these elements. By the ”lifting” Theorem 5.1.4 and by Lemma 5.2.2, there exists an R-automorphism of S, say σ, such that σ(t) = t|K| , for t ∈ B s . The K-automorphisms induced in GK (K), which we denote by σ, σ 2 , . . . , σ n , are all distinct, since the map µ(t) −→ (µ(t))|K| generates GK (K). It follows that σ is a generator of GR (S).

✷


75

Definition 5.2.4 We say that a Galois extension S of a local ring R is the splitting ring for a basic irreducible polynomial f (x) ∈ R[x] if f (x) splits in linear factors in S[x] and S is generated, as an R-module, by the roots of f (x). We can summarize the various lemmas, corollaries and theorems proven in this and in the previous section, by stating the following theorem, which, in the literature, is known as the Galois Correspondence Theorem ([56] for rings and, for example, [7] in the field case). Theorem 5.2.5 Let S be a separable extension of R; then: (i) S is a Galois extension of R and, if f (x) ∈ R[x] is a monic, basic irreducible polynomial such that S ∼ = R[x]/(f (x)), then | GR (S) |= deg(f ); S is the splitting ring of f (x) over R and it is the unique Galois extension of R which has dimension, as an R-module, equal to deg(f ). (ii) The Galois group GR (S) is cyclic and isomorphic to GK (K); also, it is generated by σ : ω −→ ω |K| , for a suitable element ω ∈ S, which is primitive over R. (iii) There exists a bijection between the subfields of K which contain K and the R-separable subrings of S, which properly contain R; this bijection preserves both the subfield lattice and the subring lattice. If T is an R-separable extension and S is a T -separable extension, R ⊆ T ⊆ S, then S is R-separable and we have the following exact sequence of groups 1 −→ GR (T ) −→ GR (S) −→ GT (S) −→ 1. (iv) Given the chain of rings R ⊆ T ⊆ S such that R ⊆ S is a Galois extension, then R ⊆ T is a Galois extension if and only if GT (S) is a normal subgroup of GR (S). (v) S has a normal basis over R, i.e. there exists an element ω ∈ S such that {σ(ω) | σ ∈ GR (S)} is an R-free basis for S. Proof: We have only to prove (iv). We want to show that R ⊆ T is a Galois extension ⇐⇒ GT (S) ✁ GR (S). (Recall that H ✁ G means that H is a normal subgroup of the group G). ⇐) Let ϕGR (T )ϕ−1 = GR (T ), for all ϕ ∈ GR (S). By considering the ring ϕ(T ) ⊆ S, we have that Ψ ∈ Gϕ(T ) (S) iff Ψ(ϕ(t)) = ϕ(t), for each t ∈ T . Therefore, (ϕ−1 Ψϕ)(t) = t, for each t ∈ T , iff ϕ−1 Ψϕ ∈ GT (R), i.e. Ψ ∈ ϕGT (R)ϕ−1 . This means that ϕGT (S)ϕ−1 = Gϕ(T ) (S) and from the hypothesis GT (S) ✁ GR (S), it follows that GT (S) = Gϕ(T ) (S); thus T = ϕ(T ) , for all ϕ ∈ GR (S), so R ⊆ T is a Galois extension.

76


⇒) Let R ⊆ T be a Galois extension, thus ϕ(T ) = T, for all ϕ ∈ GR (T ). It follows that ϕ(T ) = T, for all ϕ ∈ GR (S). Moreover, ϕGT (S)ϕ−1 = Gϕ(T ) (S) and since ϕ(T ) = T , it follows that ϕGT (S)ϕ−1 = GT (S), for all ϕ ∈ GR (S), so GT (S)✁GR (S). Since each automorphism ϕ ∈ GR (S) induces an R-automorphism of T such that ϕ(T ) = T , we have the following epimorphism ρ : GR (S) −→ GR (T ) such that ρ(ϕ) = ϕ |T , for all ϕ ∈ GR (S), whose kernel is ker ρ = GT (S) ✁ GR (S). The Homomorphism Theorem guarantees that GR (S)/GT (S) ∼ = GR (T ). ✷ Example 5.2.6 Assume R = Z4 and f (x) = x3 + x + 1 ∈ R[x]. Set µ : Z4 −→ Z2 ∼ = F2 ; with abuse of notation, we always denote by µ the epimorphism extended to the polynomial rings µ : Z4 [x] −→ F2 [x]; then µ(f ) ∈ F2 [x] is an irreducible polynomial over F2 . It follows that f (x) is a monic, basic irreducible polynomial of Z4 [x] = R[x]. If we consider the quotient ring S = R[x]/(f (x)) = Z4 [x]/(x3 + x + 1), by Corollary 5.1.7, S is a Galois extension, thus a separable extension, of Z4 . Therefore S ∼ = Z4 [ξ], where ξ is a formal root such that ξ 3 = 3ξ + 3; consequently, S, as a Z4 -free module, has dimension three over R, i.e. dimR (S) = 3; indeed deg(f ) = 3. It follows that the order of the Galois group of the ring extension R ⊆ S is | GR (S) |= 3. Therefore, the Galois group is isomorphic to C3 , the cyclic group of order three; by the Galois Correspondence Theorem, there are no proper subrings of S which are separable extensions of R. Again with R = Z4 , take g(x) = x4 + x3 + x2 + x + 1 ∈ R[x]. This polynomial is an irreducible polynomial of R[x], therefore S = R[x]/(g(x)) is a Galois extension with Galois group, GR (S), isomorphic to the cyclic group of order four (this immediately follows from 2.3.5 and 5.1.5). We determine the following chain of separable extensions of R

77


R⊆T ⊆S

where T ∼ = R[x]/(h) and h(x) = x2 + x + 1 ∈ R[x] such that g(x) = 2 x h(x)+x+1. By the ”lifting” Theorem 5.1.4, it is possible to determine the R-algebra of automorphisms of S by starting from the Galois group GK (K). If ω is a root of g(x) in S, then g(x) = (x − ω)(x − ω 2 )(x − ω 3 )(x − [3ω 3 + 3ω 2 + 3ω + 3]). The set {1, ω, ω 2 , ω 3 } is an R-basis of S as an R-module. If we denote by σ a generator of the Galois group GR (S) ∼ = C4 , then σ(ω) σ 2 (ω) σ 3 (ω) σ 4 (ω)

= = = =

ω2 3ω 3 + 3ω 2 + 3ω + 3 ω3 ω.

The polynomial h(x) = (x − (ω 3 + ω 2 + 2))(x − (3ω 3 + 3ω 2 + 1)) determines the Galois extension of degree two of T over R; we observe that σ 2 (ω 3 + ω 2 + 2) = ω 3 + ω 2 + 2. 2

It follows that the ring T = R[ω 3 + ω 2 + 2] is the ring S , i.e. it is the subring of S fixed by the subgroup < σ 2 > of GR (S) ∼ =< σ >. Example 5.2.7 Let R = Z4 and S = R[θ] be such that the element θ is a root of the polynomial f (x) = x2 + x + 1 ∈ R[x]. It follows that GR (S) =< σ | σ 2 = id >, where σ(θ) = 3θ+3; moreover, σ(3θ+1) = θ+2 and, it is easy to check that, θ + 2 is not a power of the element 3θ + 1. The generator σ satisfies σ(θ) = 3θ + 3 = θ2 ; this implies that GR (S) is generated by an automorphism which maps a primitive element of S onto its square.

78


Chapter 6

GALOIS AND QUASI-GALOIS RINGS. STRUCTURE AND PROPERTIES In this chapter we firstly want to analyze the structure of Galois rings which are, in our terminology, Galois extensions of local rings of the form Zpn , where p is a prime and n a positive integer. The importance of such rings is mainly due to the following facts: 1. In some problems of Combinatorics one deals with finite fields and, at the same time, with local rings of the form Zpn ; the two objects obviously share very few properties. Galois rings constitute the common ”point of view” of these clearly so different families; 2. As already said in the previous chapters, Galois rings can be viewed as ”bricks” of all of Finite Commutative Algebra; indeed, in Section 3 of this chapter we will show that each finite, commutative ring can be considered as a suitable algebra over a fixed Galois ring. At the end of this chapter, we will focus on another class of finite, local rings. Such rings will be called Quasi-Galois rings since, as we shall show, the expressions of their elements are very similar to those of Galois ring elements. On the other hand, the properties of such rings are very different from those of Galois rings. In fact, it suffices to notice that the Galois ring GR(pn , r) is a finite, commutative, local ring of cardinality pnr and characteristic pn , whereas the Quasi-Galois ring A(pr , n) := Fpr [x]/(xn ) is a finite, commutative, local ring with the same cardinality but of characteristic p (p a prime), since it contains Fpr as a 79

80

CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

subring. Quasi-Galois rings are very interesting especially from the application point of view (e.g. Coding Theory or Finite Geometry) since they have the nicer property of having a prime characteristic.

6.1

Classical Constructions

This section is a survey of the main classical approaches to the study of Galois rings, which we will denote by GR(pn , r), where p is a prime and n, r are positive integers. Some trivial examples are the following: (i) if n = 1, we are considering the Galois extension of degree r of the field Zp ∼ = Fp ; hence, GR(p, r) = GF (pr ) = Fpr ; (ii) if r = 1, then GR(pn , 1) = Zpn . The existence of Galois rings was already known to Krull in 1924 [47] but it was only after more than fourth years that Janusz ([38], 1966) and Raghavendran ([63], 1969) independently rediscovered and studied the properties of such rings. By taking into account what we proved about Galois extensions of local rings, GR(pn , r) is isomorphic to the quotient ring Zpn [x]/(f (x)), where f (x) ∈ Zpn [x] is a monic, basic irreducible polynomial of degree r (see Def. 3.2.12, Theorem 4.3.1 and Theorem 5.1.6). These theorems also show that this construction is well-defined. Equivalently, if f (x) ∈ Z[x] is a monic polynomial, of degree r, which is irreducible modulo (p) = pZ, then GR(pn , r) ∼ = Z[x]/(pn , f (x)). This ring is local and its unique maximal ideal is the principal ideal pGR(pn , r). More precisely, we will observe in the next section that each ideal of this local ring is principal of the form (pi ) = pi GR(pn , r), with 0 ≤ i ≤ n. We can also give explicit representations of the elements of such a ring. By taking into account the notation and what we have proved in Theorem 1.4.4, let ξ be a root of the unique monic, basic irreducible polynomial hn (x) ∈ Zpn [x] related to the primitive polynomial h1 (x) ∈ Zp [x], which is used to construct the Galois field GF (pr ) ∼ = Zp [x]/(h1 (x)), r = deg(h1 (x)) (we remark that, in this context, the word ”primitive” is used in the sense of Definition 2.2.7). Since hn (x) divides xk − 1 in Zpn [x], then ξ k = 1, where k = pr − 1. Moreover, GR(pn , r) ∼ = Zpn [ξ] as a ring extension.

81

6.1. CLASSICAL CONSTRUCTIONS

There are two canonical ways for representing its elements; in the first one, each z ∈ GR(pn , r) can be written as z=

k−1 X j=0

v j ξ j , v j ∈ Zp n .

In the other representation, each element z has the p-adic expansion z = z0 + pz1 + . . . + pn−1 zn−1 , where each zi belongs to the set Tr := {0, 1, ξ, . . . , ξ p

r −2

},

(6.1)

called the Teichm¨ uller set of the given Galois ring. As we will prove later on (see Prop. 6.2.5), the units in GR(pn , r) contain a cyclic group of order pr − 1. Such a ξ is a generator of this cyclic group; moreover, if we consider the epimorphism µ ˜

Zpn [x]/(hn (x)) −→ Zp [x]/(h1 (x)),

then µ ˜(ξ) = α where α is a primitive element in the finite field GF (pr ), i.e. a primitive root of h1 (x). Thus, µ ˜(Tr ) = GF (pr ). What we have proved up to now guarantees the existence and uniqueness (up to isomorphism) of Galois rings. All we have to do is to understand the structure of these rings, their subrings, their ideals and so on. This is dealt with in [56]. Before doing this, it is very important to recall some classical approaches to the theory of such rings. In 1966 Janusz, [38], introduced Galois rings as particular cases of separable algebras over a Dedekind domain. Let R be an integral domain and K = Q(R) its quotient field (i.e. the field of fractions of R). A fractional ideal J is a non-zero additive subgroup of K such that RJ ⊂ J and there exists an element c ∈ R \ {0} such that cJ ⊂ R. R is said to be a Dedekind domain if the fractional ideals form a group with respect to the ideal multiplication. As proved in many books of Algebraic Number Theory (see, for example, [59]), the ring of algebraic integers in a number field is a Dedekind domain. We are now able to state the following Proposition 6.1.1 ([38], page 476) Let R be a Dedekind domain with maximal ideal P such that R/P is finite. Let A = R/P k , for some positive integer k. Then, for each positive integer r, there is only one (up to isomorphism) strongly separable A-algebra without proper idempotents (i.e. idempotents different from 0 and 1) and of rank r over A.

82


Given a ring R, Janusz defines an R-algebra S to be strongly separable if it is finitely generated, separable and projective as an Rmodule. (We recall that, if A is a commutative ring, an A-module P is said to be projective if the functor HomA (P , · ) is rightexact, i.e. for each surjective morphism of A-modules M1 → M2 → 0, HomA (P , M1 ) → HomA (P , M2 ) → 0 holds). Therefore, in the special case of R = Z and P = (p), p a prime, the previous proposition shows there is no ambiguity in the notation GR(pn , r) for a strongly separable Z/(pn )-algebra of rank r, having no proper idempotents. Janusz also remarks that such rings can be abstractly characterized as the only rings (without proper idempotents) that are of prime power characteristic and are separable over the subring generated by the identity element. Moreover, for every fixed r, there is a natural projection πn : GR(pn , r) −→ GR(pn−1 , r), for each n, having kernel pn−1 GR(pn , r). If we fix r, the collection {GR(pn , r), πn }n∈IN , has particular properties in terms of inverse systems and projective limits; more precisely, one can show that, for r = 1, Dp (1) := projlim{GR(pn , 1), πn } = projlim{Zpn , πn } is the ring of padic integers and Dp (r) is the unique strongly separable extension of Dp (1) with no proper idempotents and with rank r over Dp (1). All this is quite beyond the scope of this book, therefore, without going too deep into details, we refer the reader to [38], [53] and [71]. What is important is to observe how strong is the relationship between Galois rings and p-adic integers. Another important paper about Galois rings was published three years later by Raghavendran [63]. In this article he treats the more general problem of determining the structure of prime power rings, i.e. rings whose orders are prime powers. A particular case is given by R, a finite, associative ring (not necessarily commutative), with a multiplicative identity 1 6= 0, such that its zero-divisors form an additive group J. In this case, from a general result due to Ganesan [25], it follows that J is an ideal in R; more precisely, J coincides with the Jacobson radical of R (see (1.2)), being the unique maximal left ideal in R. Since each element of R, not in J, has an inverse, R/J is a division ring (or a skew-field, see after Example 2.3.7). Now we have the following fundamental Theorem 6.1.2 Let R be a finite ring (not necessarily commutative) with a multiplicative identity 1 6= 0 whose zero-divisors form an additive group J. Then


83

(i) J is the Jacobson radical of R; (ii) | R |= pnr and | J |= p(n−1)r , for some prime p and some positive integers r and n; (iii) J n = (0); (iv) the characteristic of the ring R is pk for some integer 1 ≤ k ≤ n; and (v) if the characteristic is pn , then R will be commutative. Proof: As we observed before, (i) immediately follows from Ganesan’s result [25]. Since R/J is a finite division ring, from Wedderburn’s Theorem (see Theorem 2.3.8) it follows that R/J is the finite field GF (q), where q = pr , r a positive integer and p a prime which coincides with the characteristic of this finite field. If 1 denotes the multiplicative identity in R, the element p · 1 belongs to the nilideal J; this means that the additive order of 1 in R is pk , for some positive integer k. Therefore, | R |= pN and | J |= pN −r , for some positive integer N strictly greater than r. To completely prove (ii), we only have to show that r divides N . For this purpose, choose an element g1 in R such that the coset (g1 + J) is a cyclic generator of the multiplicative group of the field R/J (see Theorem 2.1.3). Since the units in R form a multiplicative group U (R) of order (pr − 1)pN −r (as we have observed in the proof of Proposition 1.3.1(2.)), the multiplicative s order of g1 is (pr − 1)ps , for some integer s ≥ 0. Write g = g1p ; g is an element of U (R) with multiplicative order pr − 1; moreover, if α, β are integers such that g α − g β ∈ J then g α = g β , since g + J is a cyclic generator of U (R/J). We now introduce an equivalence relation on the elements of R by x ∼ y if and only if x = g α y, for a non-negative integer α. For any non-zero element x ∈ R, the equation gαx = gβ x implies that g α −g β ∈ J, i.e. g α = g β ; thus, the pN −1 non-zero elements of R split into equivalence classes each containing exactly pr −1 elements. It follows that (pr − 1) | (pN − 1), i.e. r | N . We also observe that the number of elements in any left ideal of R is a power of pr ; so we obtain a strictly descending sequence J ⊃ J2 ⊃ J3 ⊃ · · · such that J n = (0). This immediately proves (iii) and (iv).

84

CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS Consider now the set F1 := {0, g k | 1 ≤ k ≤ pr − 1}.

If a, b ∈ F1 are elements such that a − b ∈ J, then a = b. Therefore, if we assume that the characteristic of R is pn , by induction on k, we can P Pn−1 k k show that, for elements ak , bk ∈ F1 , n−1 k=0 p ak = k=0 p bk implies that n−1 p (ak − bk ) = 0, so ak = bk , for each k ∈ {0, . . . , n − 1}. This shows P k that each element of R can be uniquely written in the form n−1 k=0 p ak , with ak in F1 , so that R will be commutative. ✷ The next corollary describes other important properties of such rings; before stating it, we recall a standard definition of Group Theory. Definition 6.1.3 Let G be a group. The commutator of an ordered pair (g1 , g2 ) of elements of G is the element [g1 , g2 ] := g1−1 g2−1 g1 g2 ∈ G. The subgroup of G which is generated by all commutators is usually denoted by G′ = [G, G] and called the derived group (or commutator subgroup) of G. More generally, one can recursively define the nth − derived group as G(n) = (G(n−1) )′ = [G(n−1) , G(n−1) ]. Therefore, one determines a descending chain of normal subgroups G = G(0) ✄ G(1) ✄ G(2) ✄ · · · , such that G(i) /G(i+1) is an abelian group, for each i ≥ 0. If G is a finite group, this chain must terminate after a finite number of steps. This chain is called the derived series of G if the last subgroup, say G(n) , is equal to {1} and, in such case, G is said to be a solvable group (for more details see, for example, [32] or [65]). Now, we can state the following Corollary 6.1.4 Let R be a ring as in Theorem 6.1.2; then: (i) any subring R1 is again a ring of the same type; (ii) any homomorphic image R2 6= (0) of R is again a ring of same type; (iii) the multiplicative group U (R) is a solvable group.


85

Proof: (i) If x is any element of R, there exists a positive integer m such that xm equals 0 or 1, according to the fact that x does or does not belong to the nilideal J. Thus, an element x of the subring R1 ⊂ R will be a unit (a zero-divisor resp.) in R1 if and only if it is invertible (a zero-divisor resp.) in the whole ring R, so that the ideal J1 of all the zero-divisors in R1 is J ∩ R1 . Therefore, if p1 , n1 and r1 refer to the subring R1 , we have p1 = p and r1 is a factor of r, since U (R1 ) < U (R). Of course, the characteristic of R1 is the same as that of R. (ii) Let K be the kernel of a non-trivial homomorphism of R; this means that K is a nilideal in R. Now, an element x in R is a unit if and only if the relative coset x+K is invertible in the quotient ring R2 = R/K. If J2 , p2 , r2 and n2 refer to the quotient ring, we see that p2 = p, r2 = r (since | K | is a power of pr ), n2 ≤ n and J n2 ⊆ K. In the case J n−1 6= (0), we have J n2 = K, thus we can conclude there exist at least n − 1 non-trivial homomorphisms on a ring of the type considered. (iii) Since the quotient ring R/J is commutative, [a, b] = a−1 b−1 ab ∈ {1 + J} for each a, b ∈ U (R). Observe that {1+J} is a multiplicative subgroup of U (R) whose order is a prime power, i.e. a p-group. By elementary Finite Group Theory [65], a p-group is a nilpotent group, thus, in particular, it is solvable. Therefore the first commutator subgroup of U (R) is a solvable group, being a subgroup of a nilpotent one. So U (R) is solvable. ✷ Corollary 6.1.5 Let G1 be the cyclic group of order pr − 1 generated by the element g introduced in the proof of Theorem 6.1.2 (ii). If G2 is any subgroup of order pr − 1 in U (R), then G1 and G2 are conjugate in U (R). Proof: This follows from P. Hall’s Theorem (see [65], page 284) which states that if G is a solvable group of order mn such that g.c.d.(m, n) = 1, then 1. there exists a subgroup of order m; 2. two distinct subgroups of order m are conjugate in G. In our case [U (R) : G1 ] = pr(h−1) , where hr = N , and this index is relatively prime to the order of G1 . ✷ Proposition 6.1.6 Let R be a ring as in Theorem 6.1.2, then R contains a subfield of order pr if and only if the characteristic of R is p.

86


Moreover, if F1 , F2 are two subfields of order pr in R, then there is a unit a in R s.t. a−1 F1 a = F2 . Proof: The set F1 = {0, g k | 1 ≤ k ≤ pr − 1}, introduced in Theorem 6.1.2, is the ”natural candidate” of our statement. The necessity of the condition on the characteristic of R is already stated in the Remark after 1.1.3; assume now that the characteristic of R is p and consider two distinct elements a, b of F1 so that a − b ∈ U (R). If R1 is the subring of R generated by the elements of F1 , we see that G1 (as in 6.1.5) is the unique subgroup of order pr − 1 in the abelian group U (R1 ). As (a − b)q = aq − bq = a − b and so (a − b)q−1 = 1, where q = pr , we see that a − b ∈ G1 < U (F1 ). The second statement follows from the result in 6.1.5. ✷ n Recall that, if R is as in Theorem 6.1.2 (v), i.e. char(R) = p , then it must be a commutative ring. It is easy to observe that, when n = 1, R reduces to the Galois field GF (pr ), whereas, when r = 1, R is isomorphic to Zpn . Raghavendran introduces the Galois ring GR(pn , r) (as we did in Section 1.4) by considering a monic polynomial f (x) ∈ Z[x] of degree r, which is irreducible modulo p, such that the quotient ring R = Z[x]/(pn , f (x)) has order pnr and charactestic pn . Since such a ring contains exactly pr(n−1) zero-divisors which form an additive group, it is a particular case of Theorem 6.1.2. With a little more work, he also proves that any ring of the type considered in Theorem 6.1.2(v) is isomorphic to the ring Z[x]/(pn , f (x)), for suitable values of p, r, n and f (x) ∈ Z[x] an arbitrary monic polynomial of degree r, irreducible modulo p. Therefore, one can immediately deduce many properties of Galois rings. Proposition 6.1.7 Let GR(pn , r) be a Galois ring, where p is a prime and n, r are positive integers. Then: a) Every subring is of the form GR(pn , s) for some divisor s of r. Conversely, for every positive divisor s of r there exists a unique subring of R which is isomorphic to GR(pn , s). b) The automorphisms of the ring GR(pn , r) form a cyclic group of order r. c) Any homomorphic image (6= (0)) of GR(pn , r) is a ring of the form GR(pm , r) for some integer 1 ≤ m ≤ n. Conversely, for each integer 1 ≤ m ≤ n there are exactly r homomorphisms of GR(pn , r) onto GR(pm , r).


87

d) Let G be the multiplicative group of units in GR(pn , r). Then G is a direct product of a cyclic group G1 of order pr − 1 and a group G2 of order pr(n−1) , whose structure is described below. 1. If p is odd or p = 2 and n ≤ 2, then G2 is the direct product of r cyclic groups each of order pn−1 ; 2. when p = 2 and n ≥ 3, the group G2 is the direct product of a cyclic group of order 2, a cyclic group of order 2n−2 and (r − 1) cyclic groups each of order 2n−1 . We do not prove here these statements by following Raghavendran’s method, since they will be proved in Section 6.2. We only want to point out that Raghavendran proves such properties by using the approach of Theorem 6.1.2 and of its corollaries. The reader is referred to the original article [63]. There is another important construction of Galois rings, which is based on an ingenious definition of a suitable F-algebra of vectors, defined by any commutative ring F of characteristic p. Such vectors are known, in the literature, as Witt vectors (see, for example, [37], vol. II page 501). Consider A = Q[xi , yj , zk ] the polynomial ring in 3m indeterminates xi , yj , zk , 0 ≤ i, j, k ≤ m − 1, over the field of the rational numbers. Let A(m) be the set of m-tuples (a0 , . . . , am−1 ), ai ∈ A, with the usual definition of equality and with componentwise addition and multiplication, which will be denoted by ⊕ and ⊙ respectively. Let p be a prime number and let a = (a0 , . . . , am−1 ) . We can define a map φ : A(m) −→ A(m) , such that aφ = (a(0) , a(1) , . . . , a(m−1) ), where

ν

a(ν) = ap0 + pa1p

ν−1

+ . . . + pν aν , 0 ≤ ν ≤ m − 1.

(6.2)

These are called the ghost components of a. Note that (0, . . . , 0)φ = (0, . . . , 0) and (1, 0, . . . , 0)φ = (1, . . . , 1) = u, where u is the unit in A(m) . We also introduce the map P : A(m) −→ A(m) such that P : a → ap = (ap0 , . . . , apm−1 ). Thus, (6.2) gives a(0) = a0 , a(ν) = (aP )(ν−1) + pν aν , ν ≥ 1.

88


Next, define a map ψ such that (a(0) , a(1) , . . . , a(m−1) )ψ = (a0 , a1 , . . . , am−1 ), where, a0 = a(0) , aν =

ν ν−1 1 (ν) (a − ap0 − pa1p − . . . − pν−1 aν−1 , ν ≥ 1. ν p

It is easy to check that φ ◦ ψ = ψ ◦ φ = idA(m) , which shows that φ is injective and onto with ψ as its inverse. We shall now use φ and ψ to define a new ring structure on A(m) . We put −1 a + b := (aφ ⊕ bφ )φ , −1

ab := (aφ ⊙ bφ )φ ,

respectively. We denote by Am the new ring, so that Am and A(m) coincide as sets and φ is an isomorphism; thus Am is commutative and such that (0, . . . , 0) and (1, 0, . . . , 0) are the zero and the identity element of the ring, respectively. We can easily determine the formulas for x + y, xy and x − y for arbitrary vectors x, y ∈ Am . In general, if ⋆ denotes any one of the operations +, ·, − in Am , then it is clear from the definitions that the ν-th component (x⋆y)ν of x⋆y is a polynomial in x0 , . . . , xν , y0 , . . . , yν , with rational coefficients and 0 constant term. For example, we have 1 p−1 p Σi=1

(x + y)0 = x0 + y0

(x + y)1 = x1 + y1 −

(xy)0 = x0 y0

(xy)1 = xp0 y1 + x1 y0p + px1 y1

p i

!

xi0 y0p−i

The first basic result of this theory is that (x ⋆ y)ν is a polynomial (with 0 constant term) in Z[x0 , . . . , xν , y0 , . . . , yν ], for each 0 ≤ ν ≤ m − 1 (see Theorem 8.25 in [37], vol. II, page 504). It is convenient to write such polynomials as (x + y)ν := sν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ], (xy)ν := mν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ], (x − y)ν := dν (x0 , . . . , xν , y0 , . . . , yν ) ∈ Z[xi , yj ]. Let η be a Q-endomorphism of the algebra A. Suppose that xην = aν , yνη = bν ;

(6.3)


89

then, (x(ν) )η = a(ν) , (y (ν) )η = b(ν) , ((x + y)(ν) )η = (x(ν) )η + (y (ν) )η = a(ν) + b(ν) and ((x + y)ν )η = (a + b)ν . Hence, by (6.3), (a + b)ν = sν (a0 , . . . , aν , b0 , . . . , bν ), (ab)ν = mν (a0 , . . . , aν , b0 , . . . , bν ), (a − b)ν = dν (a0 , . . . , aν , b0 , . . . , bν ). Since there exists a Q-endomorphism of A mapping the xν ’s and yν ’s into arbitrary elements of A, the foregoing formulas hold for arbitrary elements a, b ∈ Am . Now, we can define the ring of Witt vectors for a finite field F = GF (pn ); (more generally, one can define it for an arbitrary commutative ring R with characteristic p). Given a positive integer k, denote by Wk (F) the ring (Fk , +, ·) such that (a + b) := (s0 (a, b), . . . , sk−1 (a, b)), ab := (m0 (a, b), . . . , mk−1 (a, b0)), for every a, b ∈ Fk , where sν (a, b) = sν (a0 , . . . , ak−1 , b0 , . . . , bk−1 ), mν (a, b) = mν (a0 , . . . , ak−1 , b0 , . . . , bk−1 ), 0 ≤ ν ≤ m − 1, and where sν (a, b), mν (a, b) are the images in F of sν (x0 , . . . , yν ) and mν (x0 , . . . , yν ), respectively, under the homomorphism of Z[xi , yj ] into F such that x i → a i , y i → bi for 0 ≤ i ≤ k − 1. We also put 0 = (0, . . . , 0) and 1 = (1, 0, . . . , 0) in Wk (F). Theorem 6.1.8 (see [37], vol II, Theorem 8.26) (Wk (F), + , ·, 0 , 1) is a commutative ring.

90


Wk (F) is called the ring of Witt vectors of length k over F and it can be shown ([37], vol. II, from page 505) that Wk (F) is a finite, commutative ring of characteristic pk . Observe that there is a sequence of projections (i.e. reductions modulo pi , i ≥ 1), such that · · · → W3 (F) → W2 (F) → W1 (F) ∼ = F, where each Wi (F) is isomorphic to the Galois ring GR(pi , n). The Witt vectors of the form u(x) = (x, 0, . . . , 0), x ∈ F determine a multiplicative monoid, isomorphic to (F, ·), which corresponds to the Teichm¨ uller set Ti of the Galois ring GR(pi , n) (see (6.1)). Therefore, Witt vector theory allows to give a further definition of Galois rings.

6.2

Galois Ring Properties

In this section we want to investigate the fundamental properties of Galois rings by using what we observed in the previous chapters. Recall that, by definition, GR(pn , r) = Zpn [ξ] = Zpn [x]/(G(p,r) (x)), where ξ is a formal root of the monic, basic irreducible polynomial G(p,r) (x) ∈ Zpn [x], determined by the integral version of Hensel’s lemma (see 1.4.3) from a primitive polynomial g(p,r) (x) ∈ Zp [x] of degree r (in the sense of Definition 2.2.7), such that Fpr = GF (pr ) = Fp [x]/(g(p,r) (x)) ∼ = Zp (θ), with g(p,r) (θ) = 0 and g(p,r) (x) ≡ G(p,r) (x) (mod p). Thus, the polynomial G(p,r) (x) is linked to g(p,r) (x) by the epimorphism (1.9) (see Section 1.4) µ : Zpn [x] −→ Zp [x], i.e. µ(G(p,r) (x)) = g(p,r) (x) ∈ Zp [x]. As already observed in Section 1.4, Hensel’s lemma reduces to simple calculations if g(p,r) (x) ∈ Zp [x] is monic, irreducible of the form g(p,r) (x) = xr + ar−1 xr−1 + · · · + a0 .

6.2. GALOIS RING PROPERTIES

91

Indeed, in such a case, we have G(p,r) (x) = xr +(pn −p+ar−1 )xr−1 +· · ·+ (pn − p + a0 ) ∈ Zpn [x] (note that, since each aj ∈ Zp , j ∈ {0, . . . , r − 1}, pn − p + aj < pn as a positive integer; so it makes sense to consider G(p,r) (x) ∈ Zpn [x]). Such a polynomial generates a proper ideal in Zpn [x], since the element µ(G(p,r) (x)) = g(p,r) (x) ∈ Zp [x] is not a unit in the Euclidean domain (cf. Proposition 3.2.2). Explicitly, we have r−1 X

GR(pn , r) := {

j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

(6.4)

with G(p,r) (ξ) = 0. This ring is a finite, local ring (its cardinality is (pn )r = pnr ), with maximal ideal pGR(pn , r) and residue field given by GR(pn , r)/pGR(pn , r) ∼ = Fpr . Note that the elements in the maximal ideal can be uniquely written as pGR(pn , r) := {p

r−1 X j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

with G(p,r) (ξ) = 0; more precisely, r−1 X

pGR(pn , r) = {

j=0

bj ξ j | bj ∈ pZpn , 0 ≤ j ≤ r − 1},

(6.5)

where G(p,r) (ξ) = 0 and where pZpn ⊂ Zpn is the maximal ideal of the local ring of the integers modulo pn . Therefore, the ideal pGR(pn , r) has cardinality equal to (p(n−1) )r = pr(n−1) . Example 6.2.1 Take the ring Z8 . In this situation, p = 2 and n = 3, and assume r = 3. Recall that F8 ∼ = Z2 [x]/(x3 + x + 1) = {a + bζ + cζ 2 | a, b, c ∈ F2 }, where ζ 3 = ζ + 1, i.e. F8 = {0, 1, ζ, ζ 2 , 1 + ζ, 1 + ζ 2 , ζ + ζ 2 , 1 + ζ + ζ 2 }. The polynomial g(2,3) (x) = x3 + x + 1 ∈ Z2 [x] is the primitive polynomial used for the field extension F2 ⊂ F8 (see Definition 2.2.7). By Hensel’s lemma, G(2,3) = x3 + (8 − 2 + 0)x2 + (8 − 2 + 1)x + (8 − 2 + 1) = x3 + 6x2 + 7x + 7 ∈ Z8 [x]. This monic, basic irreducible polynomial determines a proper ideal in Z8 [x] (in fact, this polynomial has the form

92


b3 x3 + b2 x2 + b1 x + b0 , with b3 = 1 and b1 = 7 which are not nilpotent elements in Z8 , see Proposition 3.2.2.) We now describe the ring GR(8, 3) as GR(8, 3) = {b0 + b1 ξ + b2 ξ 2 | bi ∈ Z8 }, where ξ is a formal root of G(2,3) (x) ∈ Z8 [x], i.e. ξ 3 = 2ξ 2 + ξ + 1; therefore, | GR(8, 3) |= 83 = 512. The maximal ideal M in Z8 is 2Z8 = {0, 2, 4, 6}. We have the following exact sequence π

0 −→ M −→ Z8 −→ Z2 −→ 0 . The epimorphism π extends to the polynomial ring morphism µ from Z8 [x] to Z2 [x]. The ideal (M, x3 + 6x2 + 7x + 7) ⊂ Z8 [x] is a proper ideal and Z8 [x]/(M, x3 + 6x2 + 7x + 7) ∼ = Z2 [x]/(x3 + x + 1) ∼ = F8 , since µ(x3 + 6x2 + 7x + 7) = x3 + x + 1. Next, consider the induced map µ ˜ : GR(8, 3) ∼ = F8 ; = Z8 [x]/(x3 + 6x2 + 7x + 7) −→ Z2 [x]/(x3 + x + 1) ∼ the kernel of this epimorphism is 2GR(8, 3) and coincides with the maximal ideal of GR(8, 3) that is the image of the maximal ideal 2Z8 ⊂ Z8 under the inclusion Z8 ֒→ GR(8, 3). The elements of this kernel are of the form 2GR(8, 3) = {2(b0 + b1 ξ + b2 ξ 2 ) | b0 , b1 , b2 ∈ Z8 }, with ξ 3 = 2ξ 2 + ξ + 1. Clearly, | 2GR(8, 3) |= 43 = 64, since the coefficients 2b0 , 2b1 , 2b2 ∈ M = 2Z8 . Therefore, we can write 2GR(8, 3) = {λ0 + λ1 ξ + λ2 ξ 2 | λi ∈ M, 0 ≤ i ≤ 2}, again with ξ 3 = 2ξ 2 + ξ + 1. We now describe the basic properties of the Galois ring GR(pn , r), for each prime p and any positive integers n, r. We already know that GR(pn , r) is a finite, commutative, local ring with maximal ideal


93

pGR(pn , r). This also implies that such a ring is principal, since each ideal is of the form Ik := pk GR(pn , r), 1 ≤ k ≤ n − 1.

(6.6)

This is an easy consequence of the definition of GR(pn , r) and the fact that the ideals in the ring Zpn form the chain pZpn ⊃ p2 Zpn ⊃ . . . ⊃ pn−1 Zpn ⊃ (0). Moreover, this immediately proves what is stated in Proposition 6.1.7(c). Proposition 6.2.2 Let p be a prime and n, r two positive integers. Each non-zero element y in GR(pn , r) may be written as y = upt , where u is a unit and 0 ≤ t ≤ n − 1. In this representation, the integer t is uniquely determined, whereas u is unique modulo (pn−t ). Proof: It is obvious that if y is a unit, then t = 0; on the other hand, if y is nilpotent, it belongs to an ideal Ik of the form as in (6.6). Therefore t is unique. Now, since t is uniquely determined, if we suppose y = upt = xpt , for some x, u ∈ U (GR(pn , r)), then (x − u)pt = 0. This means that x − u ∈ In−t , i.e. x = u + λpn−t , for some λ ∈ U (GR(pn , r)). ✷ Proposition 6.2.3 Every subring of GR(pn , r) is a Galois ring of the form GR(pn , s), where s divides r. Conversely, if s divides r, then GR(pn , r) contains a unique copy of GR(pn , s). Proof: First, suppose GR(pn , s) ⊂ GR(pn , r), for a prime p and some positive integers n, r, s such that s < r. If y ∈ GR(pn , r), there exists a positive integer k such that y k equals either 0 or 1, according to the fact that y is either nilpotent or a unit in GR(pn , r). Therefore, an element of GR(pn , s) is nilpotent (invertible) in GR(pn , s) if and only if it is in GR(pn , r). This implies that pGR(pn , s) = GR(pn , s) ∩ pGR(pn , r), i.e. the finite local ring extension GR(pn , s) ⊂ GR(pn , r) is unramified (see Theorem 4.2.5). It follows that this extension is separable, which

94


means that the residue fields K = Fps and K = Fpr , respectively, determine the separable field extension K ⊂ K. Theorem 2.3.1 ensures us that Fps is a subfield of Fpr if and only if s divides r. Conversely, by Theorem 5.2.5(iii), there is a bijection between the subfields of Fpr which contain Fp and the Zpn -separable subrings of GR(pn , r). Moreover, such a bijection preserves both the subfield lattice and the subring lattice. This implies that, if H is a subring of GR(pn , r) of cardinality pns , s divides r, then Zpn ⊂ H ⊂ GR(pn , r). So H is a Zpn -separable extension which is contained in GR(pn , r). Moreover, there is a unique copy of such a subring determined by its order. We only have to show that H ∼ = GR(pn , s). This immediately follows from the fact that, given s a divisor of r, the ring GR(pn , s) is always a subring of GR(pn , r) of order pns . ✷ For the next result we want to show, we need the following technical lemma. Lemma 6.2.4 Let p be an odd prime and at , bt , ct be the coefficients of xt in the polynomial expansions of (1 + px)N , (1 + 2x)N and (1 + 4x)N , respectively. Then: (a) If pα | N , then pα+1 | a1 and pα+2 | at , for all t ≥ 2. (b) If 2α | N , then 2α+1 | bt , for t = 1, 2 and 2α+2 | bt , for t ≥ 3. (c) If 2α | N , then 2α+2 | c1 and 2α+3 | ct , for t ≥ 2. (d) 4 | bt , for all t ≥ 2. α

Proof: Suppose that N = pα h; so, (1 + px)N = ((1 + px)p )h . Next, the Newton binomial formula: n

(x + y) =

n X

k=0

in our case gives α

n k

!

xn−k y k ,

(1 + px)p = 1 + pα+1 x + pα+2 (

pα − 1 2 )x + · · · . 2

Therefore, pα+1 surely divides a1 and pα+2 divides all the other coefficients of this expansion. So (a) follows. To prove (b), we use the same procedure, but in this case we get α

(1 + 2x)2 = 1 + 2α+1 x + 2α+1 (2α − 1)x2 + 2α+2 (

22α − 3 · 2α + 1 3 )x + · · · , 3

i.e. 2α+1 | b1 , b2 and 2α+2 | bt , for t ≥ 3. (c) obviously follows from the fact that 4x = 22 x. For (d), we simply have to apply the binomial formula

95


N

=

N t

!

(1 + 2x) Therefore, bt =

N X t=0

N t

!

t

(2x) =

N X t=0

N t

!

2t x t .

2t and also this last assertion immediately fol-

lows. Now, we are able to prove the following

✷

Proposition 6.2.5 Let R = GR(pn , r), p a prime and n, r positive integers. Then, the units of the Galois ring form a group U (R) ∼ = G1 × G 2 , where (a) G1 is a cyclic group of order pr − 1; (b) G2 is a group of order pr(n−1) such that: 1. if p is odd or if p = 2 and n ≤ 2, then G2 is a direct product of r cyclic groups each of order pn−1 ; 2. if p = 2 and n ≥ 3, then G2 is a direct product of a cyclic group of order 2, a cyclic group of order 2n−2 and (r − 1) cyclic groups of order 2n−1 . Proof: The trivial cases n = 1 or r = 1 can be easily proved. In fact, if n = 1, GR(p, r) = Fpr and we get the statement from Theorem 2.1.3. Next, if r = 1, GR(pn , 1) = Zpn . In such a case, we know that an element u ∈ Zpn , written as in (1.4), is a unit if and only if u0 6= 0 (see Proposition 1.4.1); whereas the ideal pZpn coincides with the set of all the non-units in Zpn . Therefore, | U (Zpn ) |= pn −pn−1 = pn−1 (p−1) = Φ(pn ), where Φ is the Euler function (see Section 3.1). Since U (Zpn ) is an abelian group, it follows that there is a subgroup, say G1 , of order p − 1 and a subgroup G2 of order pn−1 such that G1 ∩ G2 = {1}, because of their orders. If p = 2 and n = 1, then GR(2, 1) = Z2 , so U (Z2 ) = {1}. If p = 2 and n = 2, then GR(4, 1) = Z4 and U (Z4 ) is isomorphic to the cyclic group C2 . If p = 2 and n ≥ 3, GR(2n , 1) = Z2n and | U (Z2n ) |= 2n−1 , therefore, U (Z2n ) is an abelian 2-group. We already know that, in general, such group is not cyclic; in fact, at the beginning of this section, we computed, for example, that U (Z8 ) ∼ = C2 × C2 . So, for n = 3, we get the statement. This is a consequence of a more general result; in fact, one can prove that the element 5 ∈ Z2n , viewed as an element of the group U (Z2n ), has

96


order 2n−2 if n ≥ 3 (see [59]). First of all, we can deduce, by induction on n, that (as integers) 52

n−2

= 1 + k2n

(6.7)

for some odd integer k. In fact, in the case n = 3, we get k = 3. It follows that 52

n−1

= (1 + k2n )2 = 1 + s2n+1 ,

where s = k + k 2 2n−1 is also an odd integer. Thus (6.7) holds for each n ≥ 3. Moreover, (6.7) implies that the order of 5 in the group U (Z2n ) is a divisor of 2n−2 . Now, if in (6.7) n is replaced by n − 1, the order of 5 in U (Z2n ) is not 2n−3 , since k is odd. Hence the order of this element is exactly 2n−2 . We can consider the set of integers S = {±5, ±52 , ±53 , . . . , ±52

n−2

}.

The positive (negative) integers are pairwise incongruent modulo 2n by the above; moreover, 5r ≡ −5s mod 2n ≡ (2n − 5s ) mod 2n is impossible for any positive integers r and s. In fact, by assuming r ≥ s and since g.c.d.(2, 5) = 1, we can divide this congruence by 5s , to get 5r−s ≡ −1 mod 4. This is impossible, since 5t ≡ 1 mod 4 for all integers t ≥ 0. Finally, we note that S can be represented as the direct product {1, −1} × {5, 52 , 53 , . . . , 52

n−2

}.

This is obviously isomorphic to the abelian group C2 × C2n−2 . Thus, the statement is true also in the case p = 2, r = 1 and n ≥ 3. It remains to treat the case when p is an odd prime, r = 1 and n ≥ 2. We shall show that in Zpn we can always find an element of order exactly pn − pn−1 and not less. In such a case, since pn − pn−1 = pn−1 (p − 1), with p and p − 1 obviously relatively prime, U (Zpn ) will be isomorphic to the direct product of a cyclic group Cp−1 and a cyclic group Cpn−1 . To show that there is such an element, we consider an integer a < p such that ap−1 ≡ 1 mod p, i.e. ap−1 = 1 + kp, for some k. We want to construct an element b ∈ Zpn of order exactly pn − pn−1 . If g.c.d.(k, p) = 1, choose b = a. If p | k, then ap−1 ≡ 1 mod p2 and so we define b = a + p. Using the binomial formula, we get bp−1 ≡ (a + p)p−1 ≡ ap−1 + p(p − 1)ap−2 ≡ 1 + p(p − 1)ap−2 mod p2 .


97

With either definition of b, we have bp−1 = 1 + pn1 for some integer n1 such that g.c.d.(p, n1 ) = 1. Obviously, bp−1 ≡ 1 mod p. Raising the previous congruence to the pth power, yields bp(p−1) ≡ (1 + pn1 )p ≡ 1 + p2 n1 mod p3 , and hence we can write bp(p−1) = 1 + p2 n2 , where p does not divide n2 . By recursively applying such a congruence, we can conclude in the same j−1 way that bp (p−1) = 1 + pj nj , j ≥ 3, with g.c.d.(p, nj ) = 1. Let h be the smallest integer such that bh ≡ 1 mod pn ; we want to prove that h = Φ(pn ), where Φ is the Euler function. Such an h is, a priori, a divisor of pn−1 (p − 1), so that h can be written as h = ps d, where s ≤ n − 1 and d divides p − 1. It follows that bp

s (p−1)

≡ 1 mod pn and 1 + ps+1 ns+1 ≡ 1 mod pn .

This implies s + 1 ≥ n, so s = n − 1. Also, bh ≡ 1 mod pn implies bh ≡ 1 mod p. From this and the fact that bp ≡ b mod p, it follows that bh ≡ bp

sd

≡ bd ≡ 1 mod p,

therefore d = p − 1. All the trivial cases are proved. Thus, suppose n, r ≥ 2. Let R denote the Galois ring GR(pn , r) and K its residue field R/pR. The natural ring epimorphism µ : R −→ K obviously induces a group epimorphism, which we shall continue to denote by µ, such that µ : U (R) −→ U (K). Therefore, | U (R) |=| U (K) | · | pR |= (pr − 1)pr(n−1) ; moreover, g.c.d.(pr − 1, pr(n−1) ) = 1 implies that U (R) = G1 × G2 , where | G1 |= pr − 1 and | G2 |= pr(n−1) . The structure of G1 is easy to determine; in fact, let U (K) =< a > and a an element in G1 such that µ(a) = a. Since µ is a group homomorphism, the order of a is at least pr − 1, which is the cardinality of G1 . Thus ord(a) = pr − 1 and G1 =< a >. Case I: p = 2 and n ≥ 3. Since, in K, 02 + 0 = 12 + 1, the field endomorphism given by a → a2 + a

98


is not injective. Consequently, the map is not surjective. Therefore, there is a b ∈ K such that the polynomial fb (x) = x2 + x − b has no roots in K. Choose b ∈ R such that µ(b) = b. Let {gi = ξ i }0≤i≤r−1 be the standard free Z2n -basis for R, as a free Z2n -module, where ξ i is as in (6.4), for each i. The element α := 2n−1 g0 − 1 = 2n−1 − 1 belongs to G2 . In fact, α2 = (2n−1 − 1)2 = 22(n−1) + 1 = 1, since 2n − 2 ≥ n if and only if n ≥ 2, which is our range. Observe that the element β := 4b = 22 b ∈ R is nilpotent; so, from the proof of Theorem 1.3.1(2.), it follows that 1 + β ∈ U (R). By observing n−2 that (1 + β)2 = 1, one can deduce that it is in G2 . Moreover, for n−1 2 each γ ∈ G2 , γ = 1, since G2 ∼ = 1 + 2R. We claim that if m, n0 , n1 , . . . nr−1 are positive integers such that m ≤ 2, n0 ≤ 2n−2 , ni ≤ 2n−1 , 1 ≤ i ≤ r − 1 and if the equality αm (1 + β)n0

r−1 Y

(1 + 2ξ i )ni = 1

(6.8)

i=1

holds, then m = 2, n0 = 2n−2 and ni = 2n−1 , 1 ≤ i ≤ r − 1. In fact, suppose m = 1. We use Lemma 6.2.4(d) in the expansion of (6.8). We then obtain 2(1 +

r−1 X

ni ξ i + 2a) = 0,

i=1

P

r−1 for some a ∈ R, which means that (1 + i=1 ni ξ i + 2a) ∈ 2R. Thus, denoted (as usual) by µ the epimorphism µ : R −→ R/2R,

µ(1 +

r−1 X i=1

ni ξ i + 2a) = 1 +

r−1 X i=1

ni µ(ξ i ) = 0.

99


By the definition of ξ j , {1 = µ(ξ 0 ), µ(ξ), . . . , µ(ξ r−1 )} is a Z2 -free basis for the vector space F2r , so we get a contradiction. Hence m = 2 and (6.8) reduces to r−1 Y

(1 + β)n0

(1 + 2ξ i )ni = 1.

i=1

(6.9)

P

r−1 As we can now get the result i=1 ni µ(ξ i ) = 0, we see that all the (r − 1) integers n1 , . . . , nr−1 is even. Let δ be the integer in {0, . . . , n − 2} such that 2δ+1 is the highest power of 2 which divides each of the integers 2n0 , n1 , . . . , nr−1 . We want to show that δ = n − 2. Let n0 = 2δ m0 , ni = 2δ+1 mi , for i ≥ 1. Clearly, at least one of the mi ’s must be an odd integer. We now apply Lemma 6.2.4(b) (with δ replaced by δ + 1) and (c) to (6.9), so to have

2δ+2 (m0 b +

r−1 X

mi ξ i +

r−1 X i=1

i=1

mi (mi 2δ+1 − 1)ξ 2i + 2B) = 0

for some B ∈ R. If δ + 2 < n, then m0 µ(b) +

r−1 X

mi µ(ξ i ) +

i=1

r−1 X

mi µ(ξ 2i ) = 0,

(6.10)

i=1

as R/2R is a field of characteristic 2. Our choice of the element b implies that m0 must be even, so that at least one of the remaining integers mi must be odd. Then (6.10) gives either r−1 X

mi µ(ξ i ) = 0

i=1

or

r−1 X

mi µ(ξ i ) = 1 = µ(ξ 0 ),

i=1

both of which are contradictions. Thus δ = n − 2 and this proves the assertion after (6.8). If we set H0 =< 2n−1 − 1 >, H1 =< 1 + β >, Hi =< 1 + 2ξ i >,

| H0 |= 2,

| H1 |= 2n−2 ,

| Hi |= 2n−1 , 1 ≤ i ≤ r − 1,

the above assertions imply that the product of these r + 1 subgroups of G2 is direct. Because of their orders, H0 × · · · × Hr exhausts the whole group G2 .

100


Case II: p an odd prime. We have to consider the equality r−1 Y

(1 + pξ i )ni = 1

i=0

and use (a) of Lemma 6.2.4. The computations are left to the reader. Case III: p = n = 2. In such a case, we have R = Z4 [ξ] = GR(4, r) and G2 ∼ = 1 + 2R. Therefore the square of every element of G2 equals 1. This means that G2 is an elementary abelian 2-group. ✷ To end this section, we shall show some examples of how Galois rings are strictly related to finite fields and, at the same time, to the rings of integers modulo pn , as we said at the beginning of this chapter. Example 6.2.6 1) Take a Galois ring of order 8; this implies that, if we write GR(pn , r), then pnr = 8, i.e. p = 2 and nr = 3. There are only two possibilities: (i) n = 1 and r = 3: in this case, we are considering a cubic extension of F2 , so GR(2, 3) ∼ = F8 which coincides with its own residue field. (ii) n = 3 and r = 1: this is the case of GR(8, 1) ∼ = Z8 and its residue field is F2 . We can completely generalize this first example to the case pnr , when nr = l is a prime; there are only trivial Galois rings whose residue fields determine the subfield chain Fp ⊂ Fpl . 2) We now describe the Galois rings of order 16; thus, p = 2 and nr = 4. The following may occur: (i) n = 1 and r = 4: as before, we have a Galois extension of degree 4 of the field F2 ; so, GR(2, 4) ∼ = F16 which is a field. (ii) n = 4 and r = 1: the Galois ring is an extension of degree 1 of the ring Z16 ; therefore, GR(24 , 1) ∼ = Z16 and its residue field is the prime field F2 . (iii) The last situation is n = 2 and r = 2; this means that GR(4, 2) is a Galois extension, of degree 2, of the ring Z4 . As usual, we consider the epimorphism µ Z4 [x] −→ Z2 [x].

101


The primitive polynomial in Z2 [x] which determines the field extension F2 ⊂ F4 is x2 + x + 1 ∈ Z2 [x]. Therefore, its regular pre-image in Z4 [x] is x2 + 3x + 3 ∈ Z4 [x] (we used Hensel’s Lemma). By definition, GR(4, 2) = Z4 [ξ] = Z4 [x]/(x2 + 3x + 3) is a (non-trivial) Galois ring of order 16, with maximal ideal m = 2Z4 [ξ] and residue field a finite field of order 4, so Z4 [ξ]/m ∼ = F4 . The three cases above take care of the whole subfield chain: F2 ⊂ F4 ⊂ F16 case (ii) case (iii) case (i) It is not difficult to generalize this example to the case in which p is a prime and n, r are integers such that nr = l2 , where l is a prime. As in the previous particular case, we obtain F p ⊂ F p l ⊂ F p l2 . 3) This example is the study of the Galois rings of order 64 = 26 . So, with the above notation, nr = 6 and the following cases may occur. (i) n = 1 and r = 6: we know that in this situation GR(2, 6) ∼ = F64 is itself a field. (ii) n = 6 and r = 1: the Galois ring is the trivial one, viz. Z64 , with residue field F2 . (iii) n = 3 and r = 2: here we have a quadratic extension of the ring Z8 . This extension determines the Galois ring Z8 [ξ], with maximal ideal m = {a + bξ | a, b ∈ 2Z8 }. This means that the residue field is isomorphic to F4 . (iv) n = 2 and r = 3: this is the case of a cubic extension of Z4 , which defines a Galois ring of order 64 with residue field F8 . The subfield lattice of F64 is not a chain: F64 \

/ F8 \

/ F2

F4

102


The same is true whenever the order is pnr , whith nr = lt, where l and t are primes, namely: Fplt /

\

\

/

Fpl

Fpt

Fp

4) Finally, take p = 2 and nr = 30 = 2 · 3 · 5, i.e. nr is a product of three distinct primes; we are dealing with the Galois ring of order 230 = 1.073.741.824. The situations which may occur are the following: (i) n = 1 and r = 30: this is always the trivial case where GR(2, 30) = F230 ; (ii) n = 2 and r = 15: GR(4, 15) is a local ring with residue field F215 ; (iii) n = 3 and r = 10: in this case the residue field is F210 ; (iv) n = 5 and r = 6: GR(25 , 6) has F26 as its residue field; (v) n = 6 and r = 5: this is the case in which the residue field is F25 ; (vi) n = 10 and r = 3: the residue field is F8 ; (vii) n = 15 and r = 2: here we have F4 as the residue field; (viii) n = 30 and r = 1: the Galois ring GR(230 , 1) is the ring Z230 whose residue field is F2 ; It will not be so difficult for the reader to draw the diagram of the subfield-lattice. These arguments obviously extend to the general case nr = lst, l, s, t three distinct primes. What about the structure of the automorphism group of a given Galois ring? The answer to this question immediately follows from some results contained in the previous chapters. In fact, by definition, a Galois ring is a separable extension of a ring of the form Zpn ; in 5.1.5 we proved that a separable extension of two finite, local rings, R ⊂ S, is a Galois extension with Galois group GR (S) isomorphic to the Galois group GK (K), where K and K are the residue fields of R and S, respectively. Therefore, we immediately realize that, if S = GR(pn , r), then Aut (GR(pn , r)) = G (GR(pn , r)) ∼ = GF (Fpr ); Zp n

Zp n

p

6.3. STRUCTURE THEOREMS

103

at the same time, it makes sense to ask which is the group structure of GGR(pn ,s) (GR(pn , r)), where GR(pn , s) ⊆ GR(pn , r) is a Galois subring. By the same proposition, this group is isomorphic to GFps (Fpr ). The problem of finding the automorphisms of a given Galois ring over one of its subrings is reduced, by taking the residue fields, to the well-known problem of finding the automorphism group of a Galois field over one of its subfield, and the latter is known.

6.3

Structure Theorems for Finite Commutative Local Rings

Here we want to prove a very important result in finite, local ring theory which explains the fundamental role that Galois rings play in this context. Such a result is closely related to the classification of finite, local rings with principal ideals (see [56]). We recall that in Theorem 3.1.4 we proved that every finite, commutative ring uniquely splits as a direct sum of finite, local rings. Our aim is to show that each of these local rings is a homomorphic image of a polynomial ring with coefficients from a Galois ring. Consequently, the investigation of finite, local rings reduces to finding a suitable primary ideal Q ⊂ GR(pn , r)[x1 , . . . , xt ] and studying the quotient ring GR(pn , r)[x1 , . . . , xt ]/Q. Theorem 6.3.1 Assume R is a finite, commutative, local ring of characteristic pn , with maximal ideal m and residue field K. Let r denote the dimension of K as a Zp -vector space, i.e. [K:Zp ]=r, and let {u1 , . . . , ur } be a minimal system of generators for m, viewed as an R-module. Then, there exists a subring T ⊂ R such that (a) T ∼ = GR(pn , r) is the unique subring of order pnr and is the maximal Galois extension of Zpn contained in R; (b) R is a homomorphic image of T [x1 , . . . , xt ]. The Galois ring T is called the coefficient ring of R. Proof: Let ζ be a generator of the group of units of K, i.e. ζ is a primitive element of K over Fp , and f (x) ∈ Zp [x] the primitive polynomial such that f (ζ) = 0. Let again µ be the epimorphism µ : Zpn [x] −→ Zp [x]; take f (x) ∈ Zpn [x] to be a monic pre-image under µ of f (x) ∈ Zpn [x] (thus, f (x) is a basic irreducible polynomial in Zpn [x]). By Lemma

104


5.1.3, there exists a unique element ζ ∈ R such that µ(ζ) = ζ and f (ζ) = 0. Then T = Zpn [ζ] ∼ = Zpn [x]/(f (x)) is a Galois ring, unique up to isomorphism, which is the maximal Galois extension of Zpn contained in the ring R. Obviously T [u1 , . . . , ut ] is a subring of R. So, it suffices to prove the other inclusion. Let c be an arbitrary element of R; since T ∼ = GR(pn , r) has K as its residue field, an element t ∈ T must exist such that c ≡ t (mod m). Let β be the nilpotency class of m, i.e. the least positive integer such that mβ = 0. We can construct a sequence {cj } ⊂ T [u1 , . . . , ut ] such that c ≡ cj (mod mj+1 ), 0 ≤ j ≤ β − 1. In fact, if we put c0 = t, for j ≥ 1, we may choose cj = c −

X

di w i ,

i

P

where each wi is a product of the form uα1 1 · · · uαnn , with nk=1 αi = j, and di ∈ R. For every di ∈ R there exists some bi ∈ T such that bi ≡ di (mod m). Therefore, c − cj =

X i

di w i ≡ P

X

bi w i

(mod mj+2 ).

i

If we put cj+1 = cj + i bi wi , then cj+1 − c ≡ 0 (mod mj+2 ). Since mβ = 0, it follows that cβ−1 = c and, by assumption, cβ−1 ∈ T [u1 , . . . , ut ]. ✷ Theorem 6.3.1 implies that, if R is a local ring, then we have R ∼ = T [x1 , . . . , xt ]/Q, where Q is a primary ideal in T [x1 , . . . , xt ] and T √is a Galois ring such that Q ∩ T = {0}. Observe that the radical of Q, Q, √ is precisely (p, x1 , . . . , xt ), since Q ⊆ Q and p

T [x1 , . . . , xt ]/ Q ∼ = GR(pn , r)/pGR(pn , r) ∼ = K. Corollary 6.3.2 Let R be a finite, commutative, local ring of characteristic pn and m its maximal ideal. If the dimension of the K-vector space m/m2 is t, then R is a homomorphic image of Zpn [x1 , . . . , xt+1 ]. Proof: First of all, observe that m/m2 is a K-vector space. Indeed, mj is an R-module for each j. The quotient m/m2 is an R-module which is annhilated by m; consequently, it is an R/m-module and R/m ∼ =K is a field. By assumption, dimK (m/m2 ) = t; this implies that m has a minimal set of generators of cardinality t, when viewed as an R-module. From Theorem 6.3.1 it follows that R is a homomorphic image of the

105

6.4. QUASI-GALOIS RINGS

polynomial ring T [x1 , . . . , xt ], where the coefficient ring is a Galois ring. By observing that T is a homomorphic image of the ring Zpn [y], we get the statement if we put y = xt+1 . ✷ This last result enables us to prove another structure theorem for finite, local rings in terms of the generators of U (R). Theorem 6.3.3 Let R be a finite, commutative, local ring of characteristic pn . If {a1 , . . . , an } is a system of generators for U (R), then R is a homomorphic image of the ring Zpn [x1 , . . . , xs ]. Proof: Consider the subring Zpn [a1 , . . . , an ] ⊆ R. This subring obviously contains all the invertible elements of the ring R; if a is an element of the maximal ideal m and b is a unit in R, then a − b ∈ U (R) (R is a local ring). Therefore, there exists c ∈ U (R) such that a − b = c. Then, a = b + c ∈ Zpn [a1 , . . . , an ]. ✷

6.4

Another Class of Finite Commutative Local Rings: Quasi-Galois Rings

As we said in the introduction to the present chapter, we now want to study another class of finite, commutative, local rings; such rings are, in a certain sense, related to Galois rings even if their properties are completely different. We shall call them Quasi-Galois rings. They have been also used as coordinatizing rings of Pappian-Hjelmslev planes (see [46]). Let p be a prime and n, r be two positive integers. We consider the Galois field Fpr as a simple Galois extension of its prime field Fp , by using a primitive polynomial g(p,r) (x) ∈ Fp [x] such that deg(g(p,r) (x)) = r, (see Definition 2.2.7). Denote by ζ a primitive element of Fpr over Fp , then Fpr ∼ = Fp [ζ] with g(p,r) (ζ) = 0. Since Fpr is a field, Fpr [x] is a Euclidean domain, so it is a P.I.D.. Therefore, since the ideal (xn ) ⊂ Fpr [x] is not prime, the quotient ring A(pr , n) := Fpr [x]/(xn ), is not a domain. Choose an element θ, in some ring extension of Fpr , as a formal, non-trivial root of the polynomial xn ∈ Fpr [x] (i.e. θ 6= 0 and θn = 0), then n−1 X

A(pr , n) = {

i=0

ai θi | ai ∈ Fpr },

106


where θk = 0 for all k ≥ n. This ring is local, with maximal ideal m(pr , n) consisting of the non-units of A(pr , n), i.e. n−1 X

r

m(p , n) = {

j=1

aj θj | aj ∈ Fpr },

where θk = 0, for all k ≥ n (see Prop. 1.4.1). Its residue field is A(pr , n)/m(pr , n) ∼ = Fpr . Consequently, A(pr , n) is a finite, commutative, local ring containing (pr )n = prn elements. We recall that, in studying the Galois ring GR(pn , r), we considered Zpn [x]/(G(p,r) (x)), where G(p,r) (x) ∈ Zpn [x] is the monic, basic irreducible polynomial determined, as in Lemma 1.4.3, from the same polynomial g(p,r) (x) ∈ Fp [x] (see Section 6.2). We found r−1 X

n

GR(p , r) = {

j=0

bj ξ j | bj ∈ Zpn , 0 ≤ j ≤ r − 1},

where ξ is a formal root of the polynomial G(p,r) (x). All this gave us that GR(pn , r) is a finite, local ring, of cardinality (pn )r = pnr and with residue field Fpr . Thus, the rings A(pr , n) and GR(pn , r) are local, equipotent and with the same residue field, but they are not isomorphic, since they have different characteristic. In fact, A(pr , n) is a finite ring of characteristic p, since it contains Fpr as a subring, whereas we know that the characteristic of GR(pn , r) is pn . Obviously, also the maximal ideals are equipotent; in fact m(pr , n) contains (pr )n−1 = pr(n−1) elements. An arbitrary element of this ideal P h k r can be written as n−1 h=1 ah θ , where ah ∈ Fp and θ = 0, for k ≥ n. Let ζ ∈ Fpr be a primitive element over Fp such that g(p,r) (ζ) = 0, where g(p,r) (x) ∈ Zp [x] is such that µ(G(p,r) (x)) = g(p,r) (x). Each ah ∈ Fpr has a unique expression of the form ah =

r−1 X

uhj ζ j ,

j=0

where uhj ∈ bf F p , for all j and h, and g(p,r) (ζ) = 0. This fact enables us to write n−1 X h=1

ah θ h =

n−1 X r−1 X

(

h=1 j=0

uhj ζ j )θh .


107

Example 6.4.1 Take p = 2, n = 3 and r = 3. Thus, the ring A(8, 3) is, by definition, A(8, 3) = F8 [x]/(x3 ). We recall that F8 ∼ = Z2 [x]/(x3 + x + 1) = {a + bζ + cζ 2 | a, b, c ∈ F2 } with ζ 3 = ζ + 1, i.e. F8 = {0, 1, ζ, ζ 2 , 1 + ζ, 1 + ζ 2 , ζ + ζ 2 , 1 + ζ + ζ 2 }. If θ is a formal, non-trivial root of the polynomial x3 ∈ F8 [x], then A(8, 3) = {a0 + a1 θ + a2 θ2 | ai ∈ F8 , 0 ≤ i ≤ 2, θk = 0, f or k ≥ 3}. Thus, | A(8, 3) |= 83 = 512; its maximal ideal is m(8, 3) = {a1 θ + a2 θ2 | a1 , a2 ∈ F8 }, with θk = 0 for k ≥ 3, and its residue field is F8 . Recalling the polynomial expression of the elements of F8 with respect to the primitive element ζ gives a0 +a1 θ+a2 θ2 = (a00 +a10 ζ +a20 ζ 2 )+(a01 +a11 ζ +a21 ζ 2 )θ+(a02 +a12 ζ +a22 ζ 2 )θ2 , where aji ∈ Z2 , for 0 ≤ i, j ≤ 2, θk = 0, for k ≥ 3 and ζ 3 = ζ + 1. Remark 6.4.2 Since A(pr , n) is a local ring, the elements of m(pr , n) exhaust the non-units in this ring and are all its nilpotent elements. We can describe such elements by using their coordinates with respect to the basis {θj }0≤j≤n−1 . Therefore the nilpotent elements of A(pr , n) all have the form (0, a1 , . . . , an−1 ), whereas the units are (a0 , a1 , . . . , an−1 ) with a0 6= 0. Before studying the basic properties of such rings, we want to point out that also Quasi-Galois rings can be viewed as ”bricks” of all of Finite, Commutative Algebra. In fact, each ring A(pr , n) is a particular case of what we saw in Example 2. after Theorem 3.1.4. Indeed, we only have to consider f (x) = p1 (x)n , with p1 (x) = x, to get the present situation. Definition 6.4.3 A commutative ring R is said to be primary if it has a unique prime ideal. So, if R is local and Artinian (the latter means Spec(R) = Specm(R), see Definition 1.2.8), then it is trivially a primary ring. Therefore, our A(pr , n)’s are examples of primary rings, since they are finite and local (see Proposition 1.2.7 and Theorem 2.3.9).

108


Lemma 6.4.4 Let R be a finite, commutative ring. Then R is a direct sum of primary rings R1 , . . . , Rn and U (R) is a direct product of U (R1 ), . . . , U (Rn ). Moreover, U (R) is cyclic if and only if each U (Ri ) is cyclic and the orders of U (Ri ) and U (Rj ) are relatively prime for 1 ≤ i 6= j ≤ n. Proof: The first part of the statement directly follows from Theorem 3.1.4 and Exercise 1., before Proposition 3.1.5. The second assertion follows from elementary Group Theory (see, for example, [65]). ✷ The above lemma reduces the problem of studying the groups of units of all finite, commutative rings to that of determining the structure of the groups of units of finite, commutative, primary rings and to understand which rings have such group as a cyclic group (see [43]). Let N be a nilideal of a finite, commutative ring R. If p is a prime divisor of | N |, we put N (p) := {a ∈ N | pa = 0}. Then N (p) is an ideal of R, thus 1 + N (p) := {1 + x | x ∈ N (p)} is a subgroup of U (R). Lemma 6.4.5 Let N be a nilideal of a finite, commutative ring and let p be a prime dividing | N | and assume that 1 + N (p) is cyclic, generated by 1 + a, a ∈ N (p). If | N (p) |= pr and n is the least positive integer such that an = 0, then (i) n = pr−1 + 1; (ii) pr−1 ≤ 2. Proof: r−1 r−1 (i) Since 1 6= (1 + a)p = 1 + ap , we have that pr−1 < n. For each 1 ≤ i ≤ n, ai = (1 + a)si − 1, for some 1 ≤ si ≤ pr . However, if 2 ≤ i ≤ n, 0 = an−2+i = an−2 [(1 + a)si − 1] = an−2 [si a + a2 b] = si an−1 , thus p divides si . Hence, the map i → si is an injection of the set {1, . . . , n} into the set {1 ≤ s ≤ pr | s = 1 or p | s}, which gives n ≤ pr−1 + 1.

109


(ii) By contradiction, suppose that m = pr−1 − 1 ≥ 2 and let j be an integer such that (j − 1)p < m < jp. If sm = pt, then am = (1 + a)pt − 1 = (1 + ap )t − 1 =

t X

k

zk a p ,

k=0

where the zk ’s are binomial coefficients. If we multiply in turn by an−ip−1 , for 1 ≤ i < j, we obtain zi an−1 = 0. Hence p divides zi , so zi ai = 0. It follows that the sum above runs from j to t. If we now multiply by an−m+1 , we get an−1 = 0, which is impossible. ✷ Lemma 6.4.6 Let N be a nilideal of a finite ring R. If | N | is odd, then N + =< N, + > (i.e. the additive structure of N , viewed as a subgroup of < R, + >= R+ ) is cyclic if and only if 1 + N is cyclic. Proof: ⇐) Assume that 1 + N is cyclic. Then, for any prime p which divides | N |, 1 + N (p) is a subgroup of 1 + N , hence it is cyclic. By Lemma 6.4.5 (ii), | N (p) |≤ 2p. Since p is odd, | N (p) |= p. This implies that N + is cyclic. ⇒) Suppose that N + is cyclic. Given a ∈ N such that (1 + a)p = 1 for some prime p dividing | N |, it sufficies to show that pa = 0. Let b be a generator of N + . Then ba = nb, for some integer n. So, if a = mb, for some m ∈ Z, a2 = (mb)a = m(ba) = m(nb) = n(mb) = na. If k is the additive order of a, we can find an integer t with 1 ≤ t ≤ k and a2 = ta. Since as+1 = 0, for some s, we have ts a = 0, i.e. k | ts . This means that each prime which belongs to the factorization of the integer k also belongs to the one of t. Moreover, 0 = (1 + a)p − 1 = P

p X

j=1

zj a j = (

p X

zj tj−1 )a,

j=1

so k divides pj=1 zj tj−1 . In particular, every prime dividing k divides both this sum and t. This implies that such a prime must divide the term with j = 1, namely p. Therefore, k is a power of p. But the only P power of p dividing pj=1 zj tj−1 is p itself and, hence, k = p. ✷ The following result is very important for the characterization of the groups of units of our A(pr , n)’s.

110


Theorem 6.4.7 Let R be a finite, commutative, primary ring such that U (R) is cyclic. Let N and R0 be the nilradical and the prime subring of R, respectively. Then R = R0 [N ], i.e. R is the smallest subring containing R0 and N , and R is isomorphic to exactly one of the following rings: (i) the Galois field GF (pn ), p a prime and n ≥ 1; (ii) Zpn , where p is an odd prime and n > 1; (iii) Z4 ; (iv) Fp [x]/(x2 ), p a prime; (v) Z2 [x]/(x3 ); (vi) Z4 [x]/(2x, x2 − 2). Proof: If N = 0, then R is a finite field so it is of type (i). Assume that N 6= 0; R0 is also a finite, primary ring so R0 ∼ = Zps , for some prime p and some positive integer s. Since U (R0 ) < U (R), this subgroup must be cyclic. Therefore, by Proposition 6.2.5, we have the following possibilities: (a) p is odd; (b) ps = 2; (c) ps = 4. Put S = R0 [N ] which is a, a priori, a subring of R and set N0 = N ∩ R0 . We want to determine the structure of S in all possible cases and then to show that S = R. Suppose that (a) holds. Then, since U (R) ∼ = 1 + N is cyclic by + hypotesis, N is cyclic (Lemma 6.4.6). Since the characteristic of R is ps , we have ps ≥| N |≥| N0 |= ps−1 . If | N |= ps−1 , then N0 = N and S ∼ = Zps , so it is of type (ii). = R0 ∼ s Assume | N |= p and let b be a generator of N + . As N0+ is the unique subgroup of N + of order ps−1 , we have pb ∈ N0+ . Write pb = pt, with 1 ≤ t ≤ ps−1 . Then, since b has order ps , g.c.d.(p, t) = 1. But now bn = 0 for some n ≥ 1, so 0 = pbn = ptn . Hence s = 1, since t is a unit. It follows that t = 1, so pb = p and b2 (p − 1) = 0. Thus b2 = 0, therefore S∼ = Zp [x]/(x2 ). This ring is of type (iv). Assume that (b) holds. Then, char(R)=2, so N = N (2). By Lemma 6.4.5, 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case, N is a two-element ring with trivial multiplication, so S ∼ = Z2 [x]/(x2 ) (type (iv)). In the latter case, N + is isomorphic to C4 and a3 = 0, where 1 + a generates 1 + N . Hence S ∼ = Z2 [x]/(x3 ) (type (v)).


111

∼ Z4 . Suppose N0 6= N . Finally, assume that (c) holds. Then R0 = Then, by applying Lemma 6.4.5 to N (2), we have 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case N + is cyclic, N + = {0, b, 2b, 3b}. Then N0 = {0, 2b} and 0 6= 2b = 2. This implies 2bk = 2 for any k > 0; the nilpotency of b leads to a contradiction. Hence 2r = 4 and n = 3. Now, N (2)+ ∼ = C4 and N + is the product of two cyclic groups of order 2s and 2t , respectively. If a and b are generators of these groups, then 2s−1 a and 2t−1 b are generators of N (2)+ . Since 1+N (2) is cyclic of order 4, it has two generators and these yield (Lemma 6.4.5(i)) two distinct elements of N (2), whose squares are non-zero but whose cubes vanish (n = 3). By simmetry, we may assume that (2t−1 b)2 = 0, which implies t = 1. Since char(R)=4, we have s ≤ 2. Assume s = 2. Then 4a = 0, 2a 6= 0 and 2b = 0. Because (2a)2 = 0, we have 2a = 2; in fact, the squares of the other non-zero elements are non-zero. Then, since a is nilpotent, 2=0, a contradiction. Thus s = 1 and N = N (2). Now N0 = {0, 2} and N0+ is a direct summand of N + . Let N = {0, 2, d, d + 2}. Then d3 = 0 and 0 = (d + 2)3 = 2d2 . This implies d2 = 0, so S ∼ = Z4 [x]/(2x, x2 − 2). Now, we shall briefly show that, in each case, S ∼ = R. For example, 2 ∼ if S = Fp [x]/(x ), then, by choosing b = x, multiplication by b induces a homomorphism from R+ to N + whose kernel contains no units, so it is contained in N ; but b2 = 0, bN = 0, so N is the kernel. Hence | R |= | N |2 = p2 =| S | and R = S. Similarly, in the cases where S∼ = Zpn , Z2 [x]/(x3 ), Z4 [x]/(2x, x2 − 2) if we consider multiplication by p, x, x, respectively, we get R = S. ✷ The previous theorem determines which are the finite, commutative, primary rings whose group of units is cyclic. In such class of rings we find some of our Galois and Quasi-Galois rings, since they are finite and local. So this result will be very useful to understand which is the structure of the U (A(pr , n))’s. Example 6.4.8 To better understand the situation, we shall discuss some of the cases listed in Theorem 6.4.7 and some other interesting examples. First of all, by Theorem 2.1.3, if Fq is a finite field, then U (Fq ) is cyclic. On the other hand, in Proposition 6.2.5 we showed that U (Zpn ), p an odd prime, and U (Z4 ) are cyclic groups. Observe that the rings in Theorem 6.4.7 (iv) and (v) are particular examples of Quasi-Galois; therefore, we want to directly show that they have cyclic groups of units. Consider before the ring A(2, 3) = Z2 [x]/(x3 ) =

112


{c + bx + ax2 + (x3 ) | a, b, c ∈ F2 } of cardinality 23 = 8. Denote by [ax2 + bx + c] the coset c + bx + ax2 + (x3 ) which is an element of the quotient ring; hence, Z2 [x]/(x3 ) = {[0], [1], [x], [x + 1], [x2 ], [x2 + 1], [x2 + x], [x2 + x + 1]}. The units of this ring form a group isomorphic to the cyclic group of order 4 U (Z2 [x]/(x3 )) = {[1], [x + 1], [x2 + 1], [x2 + x + 1]} ∼ = C4 (the generators are < [x+1] >=< [x2 +x+1] >∼ = C4 ). Moreover, the nilradical (see Prop. 1.2.14), i.e. the set of all nilpotent elements, coincides with the maximal ideal of the local ring Z2 [x]/(x3 ); more precisely, N il(Z2 [x]/(x3 )) = {[0], [x], [x2 ], [x2 +x] | [x]3 = [x2 ]2 = [x2 +x]3 = [0]}. If p is a prime, the ring A(p, 2) = Fp [x]/(x2 ) has a cyclic group of units for each prime p; in fact, |A(p, 2)| = p2 − p. Therefore, U (A(p, 2)) ∼ = ∼ Cp × Cp−1 = Cp2 −p . Observe that the ring A(3, 3) = Z3 [x]/(x3 ) is such that U (A(3, 3)) ∼ = U (Z ), whereas G is a group of order 9. Precisely, C2 × G2 , where C2 ∼ = 3 2 we have G2 = {1, 1 + θ, 1 + 2θ, 1 + θ2 , 1 + 2θ2 , 1 + θ + θ2 , 1 + 2θ + θ2 , 1 + θ + 2θ2 , 1 + 2θ + 2θ2 }

and some trivial computations show that each element of G2 (except for 1) has order 3; thus G2 is an elementary abelian 3-group. Therefore, U (A(3, 3)) ∼ = C6 × C3 , which is not cyclic. If we now consider, for example, A(4, 3) = F4 [x]/(x3 ), then U (A(4, 3)) ∼ = C3 ×G2 , where G2 is an abelian group of order 24 = 16. Take F4 = {0, 1, ζ, ζ 2 }, where ζ 2 = ζ + 1. Therefore, G2 = {1, 1 + θ, 1 + θ2 , 1 + θ + θ2 , 1 + ζθ, 1 + ζθ2 , 1 + ζθ + ζθ2 , 1 + θ + ζθ2 , 1 + ζθ + θ2 , 1 + ζ 2 θ, 1 + ζ 2 θ2 , 1 + ζ 2 θ + ζ 2 θ2 , 1 + θ + ζ 2 θ2 , 1 + ζ 2 θ + θ2 , 1 + ζθ + ζ 2 θ2 , 1 + ζ 2 θ + ζθ2 }


113

and with some computations, we find that ord(1 + θ2 ) = ord(1 + ζθ2 ) = ord(1 + ζ 2 θ2 ) = 2, whereas the other elements (different from 1) have order 4. This means that G2 ∼ = C4 × C4 , so U (A(4, 3)) ∼ = C12 × C4 , which is not cyclic. In the same way, one can easily verify that, for example, U (F4 [x]/(x2 )) ∼ = C3 × C2 × C2 . Finally, if we consider the Quasi-Galois ring A(2, 4) = F2 [x]/(x4 ), we get | U (A(2, 4)) |= 8. The abelian groups of order 8 (up to isomorphism) are C8 , C2 × C4 , C2 × C2 × C2 .

From Theorem 6.4.7 it follows that U (A(2, 4)) can not be isomorphic to C8 ; since ord(1 + θ) = 4, then U (A(2, 4)) ∼ = C2 × C4 . To summarize, all these examples show that the structure of the abelian p-group 1 + m(pr , n), residue in U (A(pr , n)) to the cyclic group Cpr −1 , does not only depend on the given integers p, n and r. This group is called the one-group of A(pr , n). There are some partial results about the problem of finding the structure of such a subgroup (see Bibliography of [56]). However, what we observed in Remark 6.4.2 and in Theorem 6.4.7 allows us to state the following Proposition 6.4.9 Let A(pr , n) be a Quasi-Galois ring, for a given prime p and for positive integers r and n. Such a ring contains pnr − pr(n−1) units, which form a group isomorphic to a direct product of groups, i.e. U (A(pr , n)) ∼ = G1 × G2 ,

where G1 is a cyclic group of order pr − 1 and G2 is an abelian p-group of order pnr−r . We have different possibilities for the group G2 . (i) If r = 1 and n = 2, then G2 is cyclic of order p, so U (A(p, 2)) ∼ = Cp2 −p ; (ii) If p = 2, r = 1 and n = 3, then G2 ∼ = C4 and U (A(2, 3)) = G2 ∼ = C4 ; (iii) In the other cases, let k0 := ⌈logp (n)⌉. (Recall that, for a real number h, ⌈h⌉ denotes the round-up of h which is defined as the smallest integer greater than or equal to h). Thus, each generator of G2 has, at most, order pk0 . (Observe that such a k0 is strictly less than r(n−1), otherwise, there would exist an element x ∈ G2 such that ord(x) = pr(n−1) , which would imply that G2 is cyclic; from Theorem 6.4.7, this can happen only in cases (i) and (ii)).

114


Proof: By a simple computation, the units in A(pr , n) number pnr − pr(n−1) . Moreover, it is clear that these elements form a multiplicative group which contains U (Fpr ) as a subgroup (it is formed by the n-tuples (a0 , 0, . . . , 0) of Remark 6.4.2 with a0 6= 0). This subgroup is obviously isomorphic to a cyclic group of order pr − 1. Now, consider the set H := {(1, a1 , a2 , . . . , an−1 ) | ai ∈ Fpr }; its elements will be called the principal units. One can easily verify that H has cardinality pr(n−1) and is isomorphic to G2 . We already proved cases (i) and (ii) in Theorem 6.4.7. So it remains to show that (iii) holds. We take an arbitrary element of H, x = 1 + a1 θ + · · · + an−1 θn−1 . So then

xp = 1 + ap1 θp + . . . + aps θsp , if p(s + 1) ≥ n; 2

2

2

2

2

xp = (xp )p = 1 + ap1 θp + · · · + apt θtp ,

where t < s and p2 (t + 1) ≥ n. By recursively using this procedure we will find that k k xp = (1 + a1 θ + · · · + an−1 θn−1 )p = 1.

This happens when pk ≥ n, i.e. k ≥ logp (n). The smallest integer k satisfying this inequality is k0 = ⌈logp (n)⌉. For such a k0 , xp 0 = 1 for each x ∈ A(pr , n). So all the generators of G2 have order at most pk0 . This means that G2 splits as a direct product of copies of cyclic p-groups ✷ of orders at most pk0 .

Example 6.4.10 We can apply the result above to the non-cyclic cases of the previous examples. We found U (A(3, 3)) ∼ = C2 × C3 × C3 ; in fact, p = 3, r = 1 and n = 3 so log3 (3) = 1 = k0 and G2 ∼ = C3 × C3 , since | G2 |= pr(n−1) = 9. In the case of A(4, 3), we have U (A(4, 3)) ∼ = C3 × C4 × C4 . In fact, ∼ k0 = ⌈log2 (3)⌉ = 1. G2 = C4 × C4 , since | G2 |= 16 and there are only three elements of order 2 in G2 . The last case we discuss is A(4, 2), where k0 = 1. Thus G2 ∼ = C2 × C2 , since it has cardinality 4. Remark. In Proposition 6.4.9, when r = 1, we get Φ(pn ) = pn−1 (p − 1) units, since A(p, n) = Zp [x]/(xn ); whereas, if n = 1, then A(pr , 1) = Fpr whose units number pr − 1.


115

For what concerns the ideal structure of A(pr , n), from the fact that A(pr , n) is a principal ring, one immediately deduces that each proper ideal is of the form Jk = θk A(pr , n), 1 ≤ k ≤ n − 1. Our aim is to study the subring structure of A(pr , n). Theorem 6.4.11 Let p be a prime and let n and r be positive integers. i) The subrings of the Quasi-Galois ring A(pr , n) are isomorphic to Quasi-Galois rings of the form A(ps , n) and A(pr , m), where m and s are proper divisors of n and r, respectively. ii) The subrings of a Quasi-Galois ring A(pr , n) are not uniquely determined by their orders. Precisely, given m and s divisors of n and r, respectively, such that ns = mr. Then, A(ps , n) and A(pr , m) are equipotent subrings of A(pr , n) which are not isomorphic (unless n = m and s = r). Proof: Consider A(pr , n) ∼ = Fpr [x]/(xn ). In Theorem 2.3.1 we recalled that all the subfields of the Galois field Fpr are of the form Fps , where s is a proper divisor of r, and Fps is uniquely determined by its order. The field inclusion Fps ⊂ Fpr obviously extends to the polynomial rings Fps [x] ֒→ Fpr [x]. By reducing this injection modulo the ideal (xn ), for the given n, we get the desired inclusion. On the other hand, consider the unique n integer h which we get from h = m . Put η = θh , such that η m = θn = 0. Therefore, the elements a0 + a1 θh + · · · + am−1 θh(m−1) = a0 + a1 η + · · · + am−1 η m−1 ,

ai ∈ Fpr ,

form a subring isomorphic to A(pr , m), which is uniquely determined by the divisor m, since r is fixed. If ns = mr, then the cardinalities of such subrings are the same; in fact |A(pr , m)| = pmr = pns = |A(ps , n)|. Part ii) of the statement directly follows from the fact that the cyclic subgroup in the group of units, i.e. G1 , has order pr − 1. So if A(ps , n) ∼ = A(pr , m), then pr − 1 = ps − 1 so r = s and, therefore, m = n. ✷

116


Example 6.4.12 Consider A(4, 4). By the previous theorem, we find two subrings which are isomorphic to A(2, 4) and A(4, 2), respectively. Thus, A(2, 4) = {a0 + a1 θ + a2 θ2 + a3 θ3 | ai ∈ F2 },

with θn = 0 for n ≥ 4, is a subring of 16 elements. We know that the units of such a subring form a group isomorphic to C2 × C4 . On the other hand, we have A(4, 2) = {a0 + a1 η | ai ∈ F4 }, where θ2 = η, which contains 16 elements. Such a subring has a group of units isomorphic to C3 × C2 × C2 . Therefore A(2, 4) and A(4, 2) are equipotent subrings of A(4, 4) which can not be isomorphic.

We end this chapter by recalling that Galois rings and Quasi-Galois rings are particular cases of a larger class of finite, commutative rings with identity. Such rings are called finite chain rings since they are finite and their ideals form a chain under inclusion. These rings arise in algebraic number theory as quotient rings of rings of integers in number fields as well as in the geometry of Pappian-Hjelmslev planes. Recently, they have been also used in various constructions of partial difference sets, relative difference sets and bent functions. Moreover, as we shall briefly discuss in the next chapters, there are lots of recent results concerning linear and cyclic codes over finite chain rings. These are the motivations for the increasing interest on such rings.

Chapter 7

BASIC NOTIONS ON CODES OVER FINITE FIELDS In this chapter, we shall briefly recall some fundamental definitions in Coding Theory and give some examples of codes over Fq , the finite field of order q (see Chapter 2). For more details the reader is referred to some basic texts on Coding Theory, as [4], [14], [34], [53] and [69].

7.1

Basic properties

Let A be a finite set of cardinality q. A finite sequence a of elements in A is a word over A. A q-ary code C is a non empty subset of A∗ , the set of all words over A. All through this chapter, A= Fq , q = pn , where p is a prime; thus C is a code over Fq (a binary or a ternary code for q = 2, 3). Under the assumption that the length of all words over A is uniform, say m, A∗ can (m) be identified with Fq , the m-dimensional vector space over Fq . Two codes C1 and C2 are equivalent if each of these codes can be obtained from the other by a combination of operations of the following types: (i) any permutation on the coordinate positions; (ii) any permutations on the letters of the alphabet in any fixed coordinate In Chapter 8 we shall also consider codes over Galois rings. (m) A q-ary code C of length m is linear if it is a subspace of Fq ; otherwise C is nonlinear. Properties of q-ary codes can be described 117

118

CHAPTER 7. CODES OVER FINITE FIELDS (m)

via the metric structure over Fq , which is induced by the Hamming (m) distance dH . For any pair of vectors v and w in Fq , one defines dH (v, w) := |{i : 1 ≤ i ≤ m, vi 6= wi }|,

(7.1)

where vi and wi , 1 ≤ i ≤ m, are the coordinates (with respect to the standard basis) of the vectors v and w, respectively. Two basic parameters of q-ary codes are defined in terms of the Hamming distance. The minimum distance of a code C is d(C) := minv6=w∈C {dH (v, w)}; the minimum weight is wt(C) := min06=v∈C {wt(v)}, where wt(v) := dH (v, 0). In the sequel, by an (m, M, d)-code we shall mean a code of length m, with M words and minimum distance d.

7.2

Some families of q-ary codes

In this section we briefly recall the construction of some families of q-ary codes. For more details the reader is referred, for instance, to [14] and to [53]. In these books one can also find many other examples, whose complete exposition is beyond the scope of our work.

7.2.1

Linear Codes

A linear code C is called an [m, k, d]-code if the dimension and the minimum distance of C are k and d, respectively. In this case, the code C contains q k words which can be completely described by choosing a basis of (the vector space) C. The vectors of such a basis are used as rows of a matrix G called a generator matrix of C. In fact, any other word of C can be obtained as a linear combination of the rows of G with coefficients from Fq . By well-known results of Linear Algebra, every linear code of dimension k is equivalent to a code with a generator matrix G in the standard echelon form (Ik |P ), where Ik is the identity matrix of order k. Since C is linear, it is natural to introduce the dual code of C. More (m) precisely, the vector space Fq is equipped with the inner product hv, wi :=

m X i=1

vi wi ,

(7.2)

7.2. SOME FAMILIES OF q-ARY CODES

119

where v = (v1 , . . . , vi , . . . , vm ) and w = (w1 , . . . , wi , . . . , wm ) are two (m) vectors in Fq . The set n

C ⊥ := x ∈ F(m) : hx, ci = 0, ∀ c ∈ C q

o

is called the dual code of C. In particular, if C = C ⊥ , then C is self-dual. By definition, C ⊥ is a linear code of dimension m − k. Any generator matrix of C ⊥ is a parity check matrix of C.

7.2.2

Hamming codes

The subject of linear codes was greatly influenced by papers written by R. W. Hamming in 1950 ([29]), who discovered the Hamming codes. Since then, many other codes with better properties have been discovered; anyhow, Hamming codes are still of independent interest for their application to Finite Geometries and Design Theory (see, for example, [4]). The Hamming code CH of length m = (q k − 1)/(q − 1), k ≥ 1, over Fq is a code for which the k × m parity check matrix H has columns that are pairwise linearly independent. We point out that here we do not distinguish between equivalent codes. Since H has rank k, CH is linear of dimension m − k. Moreover, any codeword x ∈ CH is a linear combination of wt(x) columns of H. As a result, wt(CH ) = 3 since there exist at least three, but not fewer, linearly dependent columns of H. Remark 7.2.1 Note that if C is a q-ary linear code of type [m, m−k, 3], m = (q k − 1)/(q − 1), k ≥ 1, then C is the Hamming code since, by standard Linear Algebra, its parity check matrix is equivalent to H. Example 7.2.2 Let us consider the 4 × 15 matrix    

H=

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

1 1 0 0

1 0 1 0

1 0 0 1

0 1 1 0

0 1 0 1

0 0 1 1

1 1 1 0

0 1 1 1

1 0 1 1

1 1 0 1

1 1 1 1



  . 

(7.3)

H can be used as a parity check matrix to define the binary Hamming code CH of length 15 with 211 words. The codeword (0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0) has weight 3. Naturally, H is the generator matrix of the dual code of CH , which has length 15 and dimension 4. Such a code is called a

120

CHAPTER 7. CODES OVER FINITE FIELDS

projective code since the columns of the generator matrix represent distinct points in the three dimensional projective space over F2 . More generally, the dual of a Hamming code is a projective code (cf. [69]). It is possible to obtain a new code, the extended Hamming code, from the Hamming code CH by simply adding in the same position an element of Fq to all the codewords of CH . In general, by the extended code C of a q-ary code C of length m we shall denote the following subset (m+1) : of Fq (

7.2.3

(c1 , . . . , cm , cm+1 ) | (c1 , . . . , cm ) ∈ C,

m+1 X k=1

)

ck = 0 .

(7.4)

Cyclic codes

Here we recall some basic results on cyclic codes which can be viewed as the bricks of many other codes, such as the Kerdock and the Preparata codes. Furthermore, some other cyclic codes, as the BCH codes (see, for instance, [53] and [69]) are important because of their many ”real world” applications. A linear [m, k, d]-code C is cyclic if (c0 , . . . , ci , . . . cm−1 ) ∈ C ⇒ (cm−1 , c0 , . . . , cm−2 ) ∈ C.

(7.5)

Cyclic codes are easily described in terms of polynomials over the finite field Fq . Let C be a q-ary cyclic code of length m such that q and m are relatively prime. The residue class ring Rm := Fq [x]/(xm − 1) has the set of polynomials {a0 + a1 x + . . . + am−1 xm−1 | ai ∈ Fq , 0 ≤ i < m} as a system of representatives. Rm can be regarded as an m-dimensional vector space over Fq with vectors (a0 , a1 , . . . , am−1 ); therefore, C can be identified with a set of elements of Rm . More precisely, since multiplication by x in this ring is equivalent to a cyclic permutation of the coefficients of any representative, C corresponds to an ideal in Rm . Furthermore, C is generated by the unique monic polynomial g(x) of the smallest degree; this polynomial divides xm − 1 in Fq [x], since each ideal in this ring is principal (see Section 1.3). The polynomial g(x) is called the generator polynomial of C, and the polynomial h(x) := (xm − 1)/g(x) is defined to be the parity check polynomial of C. Note, in particular, that the constant term of h(x) is non-zero.


121

Theorem 7.2.3 Let C be a q-ary code of length m with generator polynomial g(x) of degree r and parity check polynomial h(x). Then the following hold: (i) C is a code of dimension m − r; (ii) C ⊥ is a cyclic code with generator polynomial (xdeg(h(x)) h(x−1 ))/h0 , where h(x) is the parity check polynomial of C and where h0 is the constant term of h(x). Proof: (i) Let f (x) be a representative in Fq [x] of an element f (x) in Rm . Divide f (x) by h(x) to obtain f (x) = q(x)h(x) + r(x),

(7.6)

where deg(r(x)) < m − r. Next, multiplying both sides of (7.6) by g(x) yields g(x)f (x) ≡ r(x)g(x) mod(xm − 1).

Thus, a basis of C is given by the set {g(x), . . . , xm−r−1 g(x)}. (Note that we used the same notation for the polynomial g(x) ∈ Fq [x] and its residue class in Rm . It is easy to understand from the context what is meant.) (ii) Since g(x)h(x) = xm − 1, g(x−1 )h(x−1 ) = 1 − x−m ; hence, xm−r h(x−1 )g(x−1 )xr = xm − 1. This means that xm−r h(x−1 ) divides xm − 1 and so the claim follows. Note that we need to divide xm−r h(x−1 ) by h0 to have a monic polynomial. ✷ All cyclic codes of length m are completely determined by the decomposition over Fq of the polynomial xm − 1 into monic irreducible factors, which are distinct by the hypothesis (q, m) = 1 (see Section 3.1 and, for example, [50] for more details). We briefly recall that xm − 1 =

Y

M (s) (x).

s∈Rc

Here Rc is a set of representatives for the cyclotomic classes Cs := {s, sq, . . . , sq ms −1 }, and ms is the least non-negative integer such that sq ms ≡ s

(mod m).

(7.7)

122


Moreover, M (s) (x) :=

Y

j∈Cs

(x − αj ),

where α is a primitive m-th root of unity. Example 7.2.4 Set q = 2 and m = 4. The cyclotomic polynomial of degree 15 factors over F2 as follows: x15 − 1 = (x − 1)(x2 + x + 1)(x4 + x + 1)(x4 + x3 + 1)(x4 + x3 + x2 + x + 1). In fact, there are 5 cyclotomic classes: C0 = {0},

C1 = {1, 2, 4, 8},

C5 = {5, 10},

C3 = {3, 6, 12, 9},

C7 = {7, 14, 13, 11}.

Moreover, M (0) (x) = x − 1 M (1) (x) = (x − α)(x − α2 )(x − α4 )(x − α8 ) = x4 + x + 1, M (3) (x) = (x − α3 )(x − α6 )(x − α9 )(x − α12 ) = x4 + x3 + x2 + x + 1, M (5) (x) = (x − α5 )(x − α10 ) = x2 + x + 1, M (7) (x) = (x − α7 )(x − α11 )(x − α13 )(x − α14 ) = x4 + x3 + 1, where α is a root of the primitive polynomial x4 + x + 1. There are 32 cyclic codes of length 15, corresponding to all possible factors of x15 − 1. Among them there is the [15, 11, 3] code with generator polynomial x4 + x3 + x2 + x + 1 and parity check polynomial x11 + x10 + x6 + x5 + x + 1. An easy computation shows that the parity check matrix of this code is equivalent to (7.3). Cyclic codes can be also described in terms of special polynomials. More explicitly, we recall from Definition 3.1.2 that an element e(x) ∈ Rm is said to be idempotent if (e(x))2 = e(x). Theorem 7.2.5 Let C be a q-ary cyclic code of length m, (q, m) = 1, with generator polynomial g(x) and parity check polynomial h(x). Then there exists a unique idempotent element e(x) ∈ Rm which generates C and such that, for each element p(x) ∈ C, p(x)e(x) = p(x) in Rm .

(7.8)


123

Proof: Since (q, m) = 1, the polynomial xm − 1 does not have multiple roots; so g(x) and h(x) are relatively prime in Fq [x]. Therefore, there exist two polynomials a(x) and b(x) in Fq [x] such that a(x)g(x) + b(x)h(x) = 1.

(7.9)

Now, set c(x) := a(x)g(x) = 1−b(x)h(x). If u(x)g(x) is any codeword in C, then c(x)u(x)g(x) = u(x)g(x) − b(x)h(x)u(x)g(x) ≡ u(x)g(x) mod(xm − 1). Let e(x) be the residue of c(x) modulo xm − 1. By the discussion above, e(x) is an idempotent in Rm and satisfies (7.8). Furthermore, (7.8) implies that e(x) is a generator of C, since every codeword can be written as a multiple of e(x). Finally, suppose there exists an idempotent q(x) ∈ Rm which generates C and satisfies (7.8). Clearly, e(x) = f (x)q(x) in Rm ; so, by (7.8), q(x) = e(x)q(x) = f (x)(q(x))2 = f (x)q(x) = e(x). ✷ Codes corresponding to minimal ideals in Rm are called minimal cyclic codes (or irreducible cyclic codes). For example, cyclic codes generated by (xm − 1)/M (s) (x) are irreducible, since M (s) (x) is an irreducible polynomial over Fq . Furthermore, any minimal code Mi corresponds to an irreducible factor of xm − 1. Indeed, the parity check polynomial h(x) of Mi generates a maximal ideal in Rm ; therefore, h(x) is irreducible and coincides with one of the M (s) (x)’s. The idempotent of a cyclic code is called primitive and denoted by θi (x). Observe that, by definition, the primitive idempotent θs (x) of the code generated by (xm − 1)/M (s) (x) does not vanish for x = αj , where j ∈ Cs and where α is a primitive m-th root of unity. This remark allows to compute primitive idempotents. Example 7.2.6 The primitive idempotents in Example 7.2.4 are given by P i θ0 (x) = 14 i=0 x , 12 θ1 (x) = x + x9 + x8 + x6 + x4 + x3 + x2 + x, θ3 (x) = x14 + x13 + x12 + x11 + x9 + x8 + x7 + x6 + x4 + x3 + x2 + x, θ5 (x) = x14 + x13 + x11 + x10 + x8 + x7 + x5 + x4 + x2 + x, θ7 (x) = x14 + x13 + x12 + x11 + x9 + x7 + x6 + x3 . Some basic properties of primitive idempotents are recalled in the following result.

124


Theorem 7.2.7 Let {θs (x)}s be the primitive idempotents corresponding to the polynomials {(xm − 1)/M (s) (x)}s . Then i) θi (x)θj (x) = 0, for i 6= j; ii)

P

s θs (x)

= 1;

iii) 1 − θi1 (x) − . . . − θik (x) is the idempotent of the code generated by the polynomial M (i1 ) (x) · · · M (ik ) (x). Proof: For a proof see, for instance, [69]. ✷ The idempotent of the dual code of a code C can be described in terms of the idempotent of C. If a(x) = a0 + a1 x + . . . + am−1 xm−1 ∈ Fq [x], set a∗ (x) = xm−1 a(1/x) = a0 xm−1 + . . . + am−1 .

(7.10)

Then the following holds. Proposition 7.2.8 Let C be a q-ary cyclic code of length m with idempotent e(x). The idempotent of the dual code C ⊥ is (1 − e(x))∗ . Proof: Clearly, (1 − e(x))∗ is idempotent since e(x) is. Consider now the m-th roots of unity β1 , . . . , βm . Suppose further that e(βi ) = 0, 1 ≤ i ≤ t, and e(βi ) 6= 0 otherwise. Since e(x) is an idempotent in Rm , e(βi )(e(βi ) − 1) = 0 for each root of unity. Therefore, 1 − e(x) vanishes for x = βi , t + 1 ≤ i ≤ m. In other words, 1 − e(x) generates the same ideal as the parity check polynomial of the code C. Thus, by Theorem 7.2.3, (1 − e(x))∗ generates the dual code of C. ✷

7.2.4

Reed-Muller codes

We shall now describe a class of linear binary codes which were introduced by D. E. Muller and I. S. Reed in 1954, the Reed-Muller codes. They are closely related to Finite Geometries, since they can be described in terms of characteristic functions of affine spaces. Here we mainly focus on their description via Boolean functions which will play a major role in our approach to Kerdock codes. For more details, the reader is referred to [4]. (l) Let f : F2 → F2 be a Boolean function in l variables x1 , . . . , xl . Alternatively, f can be regarded as a polynomial in F2 [x1 , . . . , xl ]/(x21 − x1 , . . . , x2l − xl ) of degree at most l. The Reed-Muller code R(r, l) of order r and length m = 2l is the set of all possible values of Boolean


125

functions of degree at most r. Clearly, R(r, l) is a linear code (the sum oftwo Boolean functions is a Boolean function) of dimension k = 1 + l l , where k is the number of monomials in x1 , . . . , xl of degree + . . . + r 1 at most r. We recall some basic properties of Reed-Muller codes. Theorem 7.2.9 The following properties hold: i) R(0, l) = {0, 1}; (m)

ii) R(l, l) = F2 , where m = 2l ; iii) the minimum distance of R(r, l) is 2l−r . iv) the dual code of R(r, l) is R(l − r − 1, l).

Proof: For details and proofs the reader is referred, for example, to [69]. ✷ The Reed-Muller code can be regarded as a special case of a more general family of codes. First, recall that the shortened r-th order generalized Reed-Muller code R(r, l)∗ over Fq of length m = q l − 1 is the cyclic code R with generator polynomial g(x) :=

Y j

(x − αj ).

(7.11)

In (7.11) α is a primitive element in Fql and the product ranges over the set of integers j with 0 ≤ j < q l − 1, 0 ≤ wq (j) < (q − 1)l − r, where wq (j) denotes the sum of the coefficients in the expansion of j in the q-ary number system, i.e. j=

m−1 X i=0

ξi q i , wq (j) =

m−1 X

ξi ,

i=0

(see also Section 1.4). Then, the r-th order Generalized Reed-Muller code is defined to be the extended code R. For binary codes, the following holds. Proposition 7.2.10 The r-th order binary generalized Reed-Muller code of length 2m is equivalent to the r-th order Reed-Muller code. Proof: For a proof see [69].

✷

Remark 7.2.11 By Theorem 7.2.9, the dual of R(1, l) is the [2l , 2l − 1 − l, 4] Reed-Muller code R(l − 2, l). In particular, the shortened code R(l − 2, l)∗ is a [2l − 1, 2l − 1 − l, 3]-code. Therefore, by Remark 7.2.1, the dual code of R(1, l) is the extended Hamming code of length 2l .

126

7.3


Duality between codes

The weights of the codewords of a q-ary linear code C of length m are related to the weights of the codewords of the dual code C ⊥ . In this section, we recall this relationship which is known as the MacWilliams Identity [53]. This theorem can be viewed as a special case of a more general identity between specific elements of a suitable group algebra. Let t1 , . . . , tm be m formal indeterminates. For any element x = (m) (x1 , . . . , xm ) in Fq , set tx := tx1 1 . . . txmm . The set G := {tx | x ∈ Fq(m) } is an abelian group with respect to the product: xm +ym tx · ty = (tx1 1 . . . txmm ) · (ty11 . . . tymm ) := tx1 1 +y1 . . . tm ,

where xi + yi ∈ Fq , 1 ≤ i ≤ m. Denote now by C[G] the set of elements X

g = g(t) :=

α x tx ,

αx ∈ C.

(m) x∈Fq

(7.12)

C[G] is a commutative, unitary C-algebra, with respect to the following operations: for any g, h ∈ C[G] and for any β ∈ C, i) g+h=

X

(m)

y∈Fq

  X X    gh =  α x tx   βy ty  := (m)

(m)

y∈Fq



 X   αx tx  := βg = β  (m)

x∈Fq

(αx + βy )tz ; (m)

x+y=z∈Fq



x∈Fq

iii)

X

βy ty :=

(m)

x∈Fq

ii)

X

α x tx +

X

X

αr βz−r tz ;

(m)

z,r∈Fq

(βαx )tx .

(m)

x∈Fq

The MacWilliams Identity relates specific elements in the group algebra C[G]. The weight enumerator of an element g ∈ C[G] as in

127

7.3. DUALITY BETWEEN CODES (7.12) is the formal sum in C[W, X] given by X

Eg (W, X) :=

αx W m−wt(x) X wt(x)

(m) x∈Fq

n X

=

k=0

The coefficients Ak =

P

 

X

wt(x)=k

wt(x)=k



(7.13)

αx  W m−k X k =

X

Ak W m−k X k .

k=0

αx give the weight distribution of g.

Remark 7.3.1 Let C be a q-ary code. C can be viewed as an abelian subgroup of of C[G] under the embedding c 7→ tc , where c ∈ C. Moreover, the element X gC (t) = tc ∈ C[G] c∈C

is called the generating function of C. The polynomial HammC (W, X) := EgC (t) (W, X) =

X

W m−wt(c) X wt(c)

c∈C

is called the Hamming weight enumerator of C and the Ak ’s give the weight distribution of C, i.e. Ak is the number of codewords of C of weight k. We recall that a character of an abelian group (A; ∗) is any homomorphism from A to (C∗ ; ·), the multiplicative group of non-zero complex numbers. Let χ be any non-trivial character of (Fq ; +), where q = pt . For any (m) u ∈ Fq , define the map χu : C[G] → C∗ by setting



 X   χu  α x tx  = (m) x∈Fq

X

αx χ(hu, xi),

(m) x∈Fq

where hu, xi denotes the inner product in (7.2). As observed in Remark 7.3.1, a q-ary code can be embedded in C[G]. Thus, χu can be restricted to C. By abuse of notation, we will denote this restriction by χu . Lemma 7.3.2 Let C be a q-ary linear code. Then i) χu is a character of the additive group (C; +);

128


ii) χu is trivial if and only if u ∈ C ⊥ ; iii) X

χu (c) =

c∈C

(

|C| if u ∈ C ⊥ 0 otherwise.

Proof: Since C is an additive group and χ is a character, i) easily follows. As for ii), observe that, if u ∈ C ⊥ , then χu (c) = 1, for each c ∈ C. Conversely, if χu is trivial, we have 1 = χu (c) = χ(hu, ci), for each c ∈ C. Therefore, u is an element of C ⊥ , since, by hypothesis, χ is not trivial. Finally, iii) can be proved as follows. If u ∈ C ⊥ , by ii), χu is trivial and, clearly, X

c∈C

χu (c) = |C|.

If u is not an element of the dual code of C, there exists c0 such that χu (c0 ) 6= 1. Thus, χu (c0 )

X

X

χu (c) =

c∈C

This implies

χu (c0 + c) =

c∈C

X

X

χu (c).

c∈C

χu (c) = 0.

c∈C

Let g be an element as in (7.12) such that M := The MacWilliams transform of g is gb(t) :=

1 M

X

(m) x∈Fq

P

✷ 6 0. (m) αx = x∈F

χx (g)tx ∈ C[G].

q

(7.14)

The following theorem holds. Theorem 7.3.3 (MacWilliams’ Identity) Take g as in (7.12) such that P M := x∈F(m) αx 6= 0. Then q

Ebg (W, X) =

1 Eg W + (q − 1)X, W − X) . M

(7.15)

129

7.3. DUALITY BETWEEN CODES Proof: The reader is referred, for example, to [53] for a proof. The specialization of (7.15) to linear codes yields

✷

Theorem 7.3.4 Let C be an [m, k, d] code over Fq with Hamming weight enumerator HammC (W, X) and let HammC ⊥ (W, X) be the weight enumerator of C ⊥ . Then

HammC ⊥ (W, X) = q −k HammC W + (q − 1)X, W − X) . Proof: If g is the generating function of C then, by Remark 7.3.1, (7.15) becomes

Ebg (W, X) = q −k HammC W + (q − 1)X, W − X) .

On the other hand, by Lemma 7.3.2, gb(t) = q −k

X

(m)

x∈Fq

X

χx (c)tx

c∈C

equals the generating function of C ⊥ . Thus the claim follows.

✷

Example 7.3.5 Consider the Hamming code CH described in Example 7.2.2. The weight enumerator of CH can be determined by applying the ⊥ is result above. By direct computations, the weight enumerator of CH 15 7 8 W + 15W X . Therefore, by Theorem 7.3.4, the weight enumerator of CH is 15 1 (W + X)15 + (W + X)7 (W − X)8 = W 15 + 35X 3 W 12 16 16 +105X 4 W 11 + 168X 5 W 10 + 280X 6 W 9 + 435X 7 W 8 + 435X 8 W 7 +280X 9 W 6 + 168X 10 W 5 + 105X 11 W 4 + 35X 12 W 3 + X 15 . By Theorem 7.3.4, the weight distribution of a linear code C is the MacWilliams transform of the weight distribution of the dual code C ⊥ . Nonetheless, this may happen for nonlinear codes as well. Definition 7.3.6 Two nonlinear codes are formal duals if the weight distribution of one of them is the MacWilliams transform of the weight distribution of the other.

130


We conclude this section by recalling another important function used to describe properties of codes. Let C be a code of type (n, M, d). The distance enumerator of C is given by the formal sum BC (z) :=

n X

Bk z k ,

(7.16)

k=0

where, for any non-negative integer k, 0 ≤ k ≤ n,

1 |{(x, y) : x, y ∈ C, dH (x, y) = k}|. M The numbers Bk give the distance distribution of C. Bk :=

Remark 7.3.7 Suppose that C is a distance invariant code, i.e. a code such that, for any codewords c1 , c2 , the number of codewords at distance i from c1 equals the number of codewords at distance i from c2 . If, additionally, C contains the word 0, then the weight distribution coincides with the distance distribution.

7.4

Some families of nonlinear q-ary codes

In this section, we will describe two families of nonlinear codes, the Kerdock codes and the Preparata codes. Aside from their excellent error correcting capabilities, these codes are also formal duals (see Definition 7.3.6). For other examples of q-ary nonlinear codes the reader is referred, for instance, to [14] and to [53].

7.4.1

Binary Kerdock codes

Binary Kerdock codes were originally introduced by A. M. Kerdock in 1972 [45]. Since then, they have been investigated by many authors for their properties and their relationships with Symplectic and Orthogonal Finite Geometries. In 1982, W. M. Kantor (see [40], [41], [42]) explicitly constructed infinitely many families of inequivalent Kerdock codes, all of them with the same weight distribution. In this section, we will basically pursue his approach to describe Kerdock codes and to discuss some of their properties.

7.4.2

Kerdock sets

To begin with, we need to recall some elementary facts of Symplectic Geometry over finite fields. For more details on this topic, see, for example, [21]. Let V be a vector space of dimension m over the finite field

7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES

131

Fq , q = 2r . A quadratic form over V is a map Q : V → Fq such that, for all λ, µ ∈ Fq and v, w ∈ V , Q(λv + µw) = λ2 Q(v) + µ2 Q(w) + λµf (v, w),

(7.17)

where f is a bilinear form over V × V . Note that f is determined by Q since f (v, w) = Q(v + w) + Q(v) + Q(w),

v, w ∈ V.

Moreover, f (v, v) = Q(v + v) + Q(v) + Q(v) = 0,

v ∈ V.

Thus, f is a symplectic form over V . Denote by y1 , . . . , ym coordinates on V with respect to the canonical basis. By standard facts of Linear Algebra, for any quadratic form Q over V , there exists an integer h, 2 ≤ 2h ≤ m, such that Q can be written as h X

y2i−1 y2i + L,

i=1

where 2h is the rank of the symplectic form corresponding to Q and L is a linear functional over V . In what follows, we shall need the following result. Lemma 7.4.1 that

(2h)

i) The number of 2h-tuples (y1 , . . . , y2h ) ∈ F2 h X

such

y2i−1 y2i = 0

i=1

is 22h−1 + 2h−1 .

ii) The number of m-tuples (y1 , . . . , ym ) such that h X

y2i−1 y2i +

i=1

m X

ai yi = 0,

i=2h+1

ai ∈ F2 ,

is 2m−1 . Proof: i) If h = 1, the claim is trivial. Now, h+1 X i=1

y2i−1 y2i =

h X i=1

y2i−1 y2i + y2h+1 y2h+2 := F1 + F2 .

(7.18)

132

CHAPTER 7. CODES OVER FINITE FIELDS (h)

Therefore, by induction, the number of 2h-tuples (y1 , . . . , y2h ) ∈ F2 such that F1 = F2 = 0 (respectively F1 = F2 = 1) is 3(22h−1 + 2h−1 ) (respectively 22h−1 − 2h−1 ). So the claim follows. ii) The Boolean function on the left hand side of (7.18) attains the value 0 as many times as the value 1. Thus, the number of solutions of (7.18) is 2m−1 . ✷ From now on, let V denote a vector space over Fq , q even, of dimension m, m = 2n. Definition 7.4.2 A Kerdock set K over Fq is a collection of q m−1 symplectic forms over V such that the sum of any two distinct elements in K is non-singular. Clearly, a Kerdock set can be identified with a set of q m−1 symmet(k) (k) ric matrices B (k) = (bij ), where bij ∈ Fq , of order m such that the difference of any two matrices has rank m. Definition 7.4.3 Two Kerdock sets K1 and K2 are equivalent if there exists a map K1 −→ K2 M 7−→ dB −1 M φ (B −1 )t + C, where M = (aij ), d ∈ F∗q , φ ∈ Aut(Fq ), M φ is the matrix (αij ) such that αij = φ(aij ), B is an invertible matrix of order m, and C is an alternating matrix of order m. By Definition 7.4.3, we can therefore assume that, up to equivalence, a Kerdock set contains the zero symplectic form. Example 7.4.4 When m = 2, the only Kerdock set over F2 is given by (

0 1 1 0

!

0 0 0 0

,

!)

.

Consider, now, the case m = 4. By direct computation, the set of matrices     

0 0 0 0

0 0 0 0

0 0 0 0

0 0 0 0



  , 

    

0 1 1 1

1 0 1 1

1 1 0 1

1 1 1 0



  , 

    

0 1 1 0

1 0 0 0

1 0 0 1

0 0 1 0



  , 


    

0 0 1 1

0 0 0 1

1 0 0 0

1 1 0 0     

0 0 0 1



  , 

0 0 1 0

is a Kerdock set over F2 .

    

0 1 0 1

0 0 1 0 1 0 1 0

0 0 1 1 

  , 

1 1 0 0

0 1 0 0     

0 1 0 0



  , 

1 0 0 1

    

0 0 0 1

0 1 0 1 0 1 1 0

1 0 1 0 

0 1 0 0

133

1 0 0 0



  , 

   

The existence of Kerdock sets is actually a non-trivial problem related to Finite Geometries over Fq , q even. A complete exposition of the techniques used to construct Kerdock sets can be found in [40], [41]. Here we just show how their construction can be approached in geometrical terms. Fix the quadratic form Q over V given by Q(y1 , . . . , ym ) := y1 yn+1 + . . . + yn y2n .

(7.19)

A subspace W ⊂ V is totally singular with respect to Q if Q(w) = 0, for each w ∈ W . Note that the maximal dimension of totally singular subspaces of V is n. A vector space V which is equipped with the quadratic form (7.19) is said to be an Ω+ (2n, q)-space. An orthogonal spread F of an Ω+ (2n, q)-space is a family of q n−1 + 1 totally singular n-dimensional spaces such that every totally singular one-dimensional space of V belongs to exactly one member of F. Two orthogonal spreads F1 and F2 are equivalent if there exists an invertible linear transformation of V which preserves Q and maps elements in F1 to elements in F2 . Now, suppose that n = 2a, a ≥ 1. Fix two totally singular 2adimensional subspaces U and W such that U ∩ W = {0}, so V = U ⊕ W . Thus, there exist two bases {u1 , . . . , u2a }, {w1 , . . . , w2a } of U and W respectively, such that f (ui , wj ) = δij , where f is the bilinear form associated with the quadratic form Q. This quadratic form is invariant with respect to linear transformations which, in the chosen basis, have matrices of the form ! I2a 0 † , (7.20) M = M I2a where I2a is the identity matrix of order 2a and M is an alternating matrix of order 2a. As M varies, the set P † of matrices M † is isomorphic to

134


the abelian group of alternating matrices of order 2a with entries from Fq . Thus, a Kerdock set K can be associated with a subset K† of P † of q 2a−1 matrices. Under this correspondence, any Kerdock set yields an orthogonal spread of V and vice versa (see [40] for a proof). Therefore, the existence of Kerdock sets is reduced to the construction of orthogonal spreads of an Ω+ (4a, q)-space. Kantor in [40] and in [41] describes explicitly inequivalent orthogonal spreads which yield inequivalent Kerdock sets.

7.4.3

Properties of binary Kerdock codes

The first family of Kerdock codes was introduced by Kerdock in 1972. These codes, which are usually denoted by K(m), m even, m ≥ 4, can be described in various ways: see [15], [40] and [45] for details about their different constructions. Anyhow, more families of binary Kerdock codes have been discovered; thus, we shall define them as follows. Definition 7.4.5 Let m be an even integer, m ≥ 4. A binary Kerdock code is a (2m , 22m , 2m−1 −2m/2−1 ) subcode of the Reed-Muller code R(2, m), which is obtained as the union of cosets of the Reed-Muller code R(1, m). Kerdock codes can be constructed from Kerdock sets over F2 . For each matrix M in a Kerdock set K, let QM be an associated quadratic (m) form over F2 . Consider the set C(K) := {QM (v) + L(v) + c},

(7.21) (m)

where M ∈ K, L varies in the space of linear functionals over F2 , (m) c ∈ F2 , and v is any vector in F2 . Theorem 7.4.6 The set C(K) is a Kerdock code. Proof: As observed in Section 7.2.4, the Reed-Muller code R(2, m) is a binary linear code of length 2m ; moreover, its codewords are given by Boolean functions of degree at most two. Thus, C(K) is a subcode of R(2, m) of length 2m . Furthermore, C(K) is a union of cosets of R(1, m) with representatives QM , M ∈ K. Therefore, by Theorem 7.2.9, the number of codewords of C(K) is 2m−1 · |R(1, m)| = 22m .


135

C(K) is not linear, since the sum of two codewords lies in a coset of R(1, m) which does not necessarily have one of the elements of K as a representative. To compute the minimum distance of C(K) we remark that, for any words c1 , c2 , dH (c1 , c2 ) = wt(c1 + c2 ), since c1 + c2 ∈ R(2, m) whether c1 + c2 belongs to C(K) or not. On the other hand, by definition of C(K), c1 + c2 may belong either to the subcode R(1, m) or to a coset of the first order Reed-Muller code with representative a quadratic form of maximal rank m. In the former case, by Theorem 7.2.9, the weight of c1 + c2 may be 0, 2m or 2m−1 ; in the latter case, by Lemma 7.4.1, the weight of c1 + c2 may be 2m−1 or 2m−1 ± 2m/2−1 . Thus, the minimum distance of C(K) is 2m−1 − 2m/2−1 . ✷ Remark 7.4.7 The same arguments used to compute the minimum distance of C(K) prove that C(K) is distance invariant (cf. Remark 7.3.7). Remarkably, any Kerdock code C has the form C(K), for some Kerdock set K. Indeed, by Definition 7.4.5, C is a union of 2m−1 cosets of the first order Reed-Muller code. On the other hand, by Lemma 7.4.1, the difference of any two representatives of such cosets needs to have maximal rank if the minimum distance of C is 2m − 2m/2−1 . Therefore, the representatives of the cosets which compose C form a Kerdock set. Example 7.4.8 (The Nordstrom-Robinson code) For m = 4, the Kerdock code corresponding to the Kerdock set described in Example 7.4.4 is a (16, 256, 6) nonlinear code. In [67], Snover proves that there exists a unique nonlinear code with such parameters, which is called the Nordstrom-Robinson code N16 . Equivalent Kerdock codes correspond to equivalent Kerdock sets. More precisely, the following holds. Theorem 7.4.9 Let K1 and K2 be two Kerdock sets over F2 . Then C(K1 ) and C(K2 ) are equivalent codes if and only if K1 is equivalent to K2 . Proof: For a proof, the reader is referred to [42]. ✷ Although Kerdock codes may be inequivalent, they all have the same weight enumerator, which, by Remark 7.4.7, is also the distance enumerator.

136


Theorem 7.4.10 The weight enumerator of a Kerdock code C of length 2m , m even, m ≥ 4, is K(z) = 1 + (22m−1 − 2m )z 2 + (22m−1 − 2m )z

m−1 −2(m/2)−1

(7.22)

2m−1 +2(m/2)−1

+ (2m+1 − 2)z

2m−1

m

+ z2 .

Proof: Up to equivalence, we can assume that C contains the first order Reed-Muller code R(1, m); hence, by Theorem 7.2.9, C has one word of weight 0, one word of weight 2m and 2m+1 − 2 words of weight 2m−1 . Moreover, by Lemma 7.4.1, all other words of C have weight 2m−1 ± 2(m/2)−1 . Trivially, if a codeword c has weight 2m−1 − 2(m/2)−1 , then m−1 ±2(m/2)−1 c + 1 has weight 2m−1 + 2(m/2)−1 . Thus, the coefficients of z 2 are both 22m−1 − 2m . ✷

7.4.4

Classical Preparata codes

In [61], P. Preparata introduced a class of double-correcting non-linear codes P(2) (see Definition 7.4.11 for notation) with a remarkably large number of codewords in terms of their length and their minimum distance. Since then, many other families with the same properties have been introduced. In this section, we will recall the definition of these codes by following [6]. Moreover, we shall discuss the formal duality of the extended Preparata code P(σ) with the Kerdock code K(m).

7.4.5

Basic properties

All through this section, let t be an odd integer, t ≥ 3. Set also n = 2t −1 and F = F2t . Let x 7→ xσ be an automorphism of F , i.e., σ is a power of 2, such that (σ ± 1, n) = 1. If U is a subset of F , then χ(U ) will denote the characteristic vector of U of length 2t . Definition 7.4.11 The extended Preparata code P(σ) is the set of words [χ(U ), χ(V )], where U and V are subsets of F such that: (P1) |U | and |V | are even, (P2) (P3)

P

P

u∈U u∈U

u=

P

v∈V

uσ+1 + (

v,

P

u∈U

u)σ+1 =

P

v∈V

v σ+1 .


137

Without loss of generality, we can assume that 0 ∈ F is the first element in U and the first element in V . The classical Preparata code P(σ) is obtained from the extended code P(σ) by dropping the first coordinate in each codeword. We summarize the main properties of P(σ) in the following theorem: for a proof see [6]. Theorem 7.4.12 The extended Preparata code P(σ) is a binary nont+1 linear (2t+1 , 22 −2t−2 , 6) code. Moreover, it is distance invariant. Clearly, by Theorem 7.4.12, the nonlinear binary code P(σ) is a (2t+1 − t+1 1, 22 −2t−2 , 5)-code. Moreover, it is a nearly perfect code (see [14]). Example 7.4.13 For t = 3, σ = 4, the code P(4) has length 16, minimum distance 6, and 256 codewords. As explained in Example 7.4.8, this is the Nordstrom-Robinson code, which, incidentally, coincides with the Kerdock code K(4). We end this section with some remarks about the weight distribution of Preparata codes. To begin with, in [27], the weight distribution of any nearly perfect code is determined. Accordingly, the weight distribution of the extended Preparata code can be completely computed. In particular, when σ = 2, the extended Preparata code P(2) of length 2m and the Kerdock code K(m) satisfy the following result. Theorem 7.4.14 The weight distribution of P(2) is the MacWilliams transform of the weight distribution of K(m), m even, m ≥ 4. Proof: The reader is referred to [53]. ✷ Thus, by Definition 7.3.6, P(2) and K(m) are formal duals. Their formal duality has been an object of study for years. Arguably, the existence of infinitely many families of Kerdock codes with the same weight distribution and the existence of many other Preparata codes seemed to suggest that the relationship in Theorem 7.4.14 was merely a coincidence. Although this may be true for many versions of these codes, we will show in Chapter 8 that suitable Kerdock codes and Preparata codes can be related in a deeper algebraic sense in terms of Galois Ring Theory.

7.4.6

Preparata codes and Hamming codes

In Section 7.4.3, Kerdock codes of length 2m were defined as a union of cosets of the first order Reed-Muller code R(1, m) in the second order

138


Reed-Muller code. By Theorem 7.2.9, the dual of R(1, m) is the extended Hamming code Hm of length 2m . In this section, we will show that Hm can also be constructed from Preparata codes. Set t = m − 1, m even, m ≥ 4. For the sake of simplicity, denote by C0 the code P(σ). Now, for any α ∈ F ∗ , define Cα to be the code obtained by adding the word cα = [χ(U ), χ(V )] corresponding to the sets U = V = {0, α} to every word of C0 . Lemma 7.4.15 α ∈ F ∗.

1. The minimum weight of the code Cα is 4, for each

2. Cα1 ∩ Cα2 = 0, α1 6= α2 ∈ F ∗ . Proof: 1. Since the extended Preparata code is invariant with respect to the Hamming distance, and its minimum distance is 6, for any x ∈ Cα , wt(x) = dH (x, 0) ≥ 6 − r + 4 − r = 10 − 2r, where r is the number of 1’s which appear both in a word of minimum weight 6 and in a word of minimum weight 4. Since r ≤ 4, it suffices to show that there are no words of minimum weight 2 in Cα . Suppose that such a word exists, say c. Then, c would correspond to the two subsets {0, α}, {0, γ, α, β} of F , where α, β, and γ are distinct elements in F ∗ . This would contradict (P 2), so the claim follows. 2. Suppose there exists c ∈ Cα1 ∩ Cα2 , c 6= 0 such that c = cα1 + c1 = cα2 + c2 , where ci ∈ P(σ) and cαi ∈ Cαi , i = 1, 2. Thus, dH (c1 , c2 ) = ✷ wt(cα1 + cα2 ) = 4, whereas the minimum distance of P(σ) is 6. Define the code [ Cα . Hm = α∈Fm−1

Theorem 7.4.16 Hm is the extended Hamming code of length 2m . Proof: Clearly, the length of Hm is 2m . Additionally, |Hm | = 2m−1 |P(σ)| = 22

m −m−1

.

Moreover, by Lemma 7.4.15, the minimum weight of Hm is 4. Thus, the theorem is proved if we show that Hm is linear. Let c1 and c2 be two codewords in Hm . Then, there exist subsets Xi , Yi , and elements αi in F , i = 1, 2, such that ci = [χ(Xi ), χ(Yi )] + [χ({0, αi }), χ({0, αi })].


139

Proving that c1 + c2 belongs to Hm is equivalent to solving the equation sσ+1 + sσ+1 = (γ + s1 + s2 + α1 + α2 ), 1 2 P

σ+1

(7.23)

, i = 1, 2, with respect to γ (see [6] for details). si = xi ∈Xi xi Since, under our assumptions, the map x 7→ xσ+1 is an automorphism of F , (7.23) has a unique solution. ✷

140


Chapter 8

BASIC NOTIONS ON CODES OVER GALOIS RINGS In this chapter we give a brief overview of some basic properties of codes over Galois rings. In particular, we focus on the case of codes over GR(pn , 1) = Zpn , which are presently an evolving research topic for several applications. Moreover, we shall discuss in more details codes over Z4 by describing their relationship with binary codes. In this case, a fundamental tool of our analysis is the so called Gray map, which will be used to carry out a Z4 -interpretation of the formal duality between binary Kerdock codes and some ”ad hoc” generalizations of the classical Preparata codes.

8.1

Basic properties

In this section, we discuss some basic facts of codes over the Galois ring of integers mod pn , i.e. Zpn = {0, 1, . . . , pn − 1}. (m)

Denote by Zpn the set of ordered m-tuples (x1 , . . . , xm ), xi ∈ Zpn , (m)

1 ≤ i ≤ m. A code C over Zpn is a subset of Zpn . Two codes over Zpn are permutation equivalent if one can be obtained from the other by a permutation of coordinate positions (see Section 7.1). (m)

The Zpn -module Zpn is equipped with two natural distances: the Hamming distance introduced in (7.1) and the Lee distance, dL , which is defined as follows. 141

142

CHAPTER 8. CODES OVER GALOIS RINGS

Definition 8.1.1 The Lee weight of an element h ∈ Zpn is wtL (h) := min{h, pn − h}.

(8.1) (m)

The Lee weight of an element a = (a1 , . . . , am ) ∈ Zpn is the sum of the (m)

(m)

Lee weights of its coordinates. The Lee distance dL on Zpn × Zpn is defined by dL (x, y) = wtL (x − y).

In addition to the minimum Hamming distance and the minimum Hamming weight, a code over Zpn has also a minimum Lee distance dL (C) := minv6=w∈C dL (v, w), and a minimum Lee weight wtL (C) := min06=v∈C wtL (v). In general, the Hamming distance is not a natural metric for measuring error-correcting capabilities of codes over rings. Indeed, in communication systems it is more likely that a transmitted symbol is received as a symbol close to it. As an example, consider the code of length 3 over the ring Z8 . The Hamming distance between (1, 0, 0) and (h, 0, 0) is 1, for any h ∈ Z8 , h 6= 1. On the other hand, the Lee distance is more suitable for describing possible errors, since dL depends on the symbol h.

8.1.1

Linear codes over Zpn

A code C over Zpn is linear if it is a subgroup of the abelian group (m) hZpn ; +i, where the operation + is defined componentwise. We recall that, as observed in (1.6), Section 1.4, any element u ∈ Zpn can be uniquely written as a finite sum u=

n−1 X

u i pi ,

i=0

where 0 ≤ ui ≤ p − 1. Similar to the case of q-ary codes, after a suitable permutation of the coordinates, a non-zero linear code C of length m over Zpn can be described by a generator matrix G of the form    

G=

I A0,1 A0,2 A0,3 0 pI pA1,2 . . . ... ... ... ... 0 0 0 0

. . . A0,n−1 A0,n ... ... pA1,n ... ... ... . . . pn−1 I pn−1 An−1,n



  , 

(8.2)

143

8.1. BASIC PROPERTIES

where the columns are grouped into blocks of size k0 , k1 , . . . , kn−1 , kn P such that ki = m. The notion of elementary row operations on a matrix, and the consequences of it, carries over to Zpn with the understanding that only multiplication of a row by a unit in Zpn is allowed, as opposed to multiplication by any non-zero element. All the codewords of C are given by [v0 . . . vn−1 ]G, where vi is a vector of length ki with components in Zpn−i . Thus, C contains pk words, where k=

n−1 X i=0

(n − i)ki . Q

(n−i)ki . The dual code of Therefore, C is called a code of type n−1 i=0 p C is the set (m) C ⊥ := {x ∈ Zpn | x · y = 0, ∀y ∈ C},

where x·y =

m X

x i yi .

(8.3)

i=1

A generator matrix of C ⊥ is called a parity check matrix of C, as in the case of q-ary codes. If C is a linear code with generator matrix G as in (8.2), then a parity check matrix of C is given by    

H=

B0,n B0,n−1 pB1,n pB1,n−1 ... ... pn−1 Bn−1,n pn−1 I

. . . B0,2 ... ... ... ... ... ...

. . . B0,1 I . . . pB1,2 pI ... ... ... ... 0 0



  , 

where the column blocks have the same sizes as in (8.2). Moreover, they are determined by the condition GH T = 0. C ⊥ is thus a code of type Qn (n−i)ki . i=1 p

8.1.2

Reed-Muller codes over Zpn

(m)

Let x1 , . . . , xm be coordinates on the vector space Z2 . Recall that each coordinate xi can be viewed as a Boolean function. A general(m) ized Boolean function is a function f from Z2 to Z2k , k ≥ 1. It is straightforward to show that any such function of degree at most r can be uniquely expressed as a linear combination over Z2k of monomials in x1 , . . . , xm of degree at most r. For k ≥ 1 and 0 ≤ r ≤ m, the r-th order linear code RM2k (r, m) over Z2k of length 2m is generated by the monomials of degree at most r.

144


For k > 1 and 0 ≤ r ≤ m + 1, the r-th order linear code ZRM2k (r, m) over Z2k of length 2m is generated by the monomials of degree at most r − 1 together with two times the monomials in the xi ’s of degree r (with the convention that the monomials of degree −1 and m + 1 are equal to zero). The code RM2k (r, m) generalizes the binary Reed-Muller code introduced in Chapter 7. For k = 2, the code ZRM4 (r, m) was first considered in [11]. The codes RM2k (r, m) and ZRM2k (r, m) contain (2k )

Pr

i=0

(mi) and (2k )

Pr−1 i=0

(mi) · (2k−1 )(mr)

words, respectively. These codes are widely used in communication engineering and, especially, in Orthogonal Frequency Division Multiplexing (cf. [20] for more details on this topic). Analogously to q-ary ReedMuller codes, we have Proposition 8.1.2 i) The minimum Hamming distance of the codes RM2k (r, m) and ZRM2k (r, m) is 2m−r . ii) The minimum Lee distance of RM2k (r, m) and of ZRM2k (r, m) are 2m−r and 2m−r+1 , respectively.

8.1.3

Cyclic codes over Zpn

A cyclic code of length m over Zpn is a linear code which satisfies (7.5). As in Section 7.2.3, cyclic codes can be described in terms of polynomials. Indeed, the residue class ring Rm := Zpn [x]/(xm − 1) has the set of polynomials S := {a0 + a1 x + . . . + am−1 xm−1 | ai ∈ Zpn , 0 ≤ i < m} as a system of representatives. Rm can be viewed as a free module of rank m over Zpn with elements given by the m-tuples (a0 , a1 , . . . , am−1 ); therefore, C can be identified with a set of elements of Rm . Since multiplication by x in this ring is equivalent to a cyclic permutation of the coefficients of any representative, C corresponds to an ideal in Rm . In what follows, we will assume (m, p) = 1 so that the polynomial xm − 1 does not have multiple factors. Proposition 8.1.3 The ring Rm is a P.I.D. (see Section 1.3).

145


Proof: Denote by fj (x) the monic irreducible polynomials which decompose xm − 1 in Zp [x]. By consecutively applying the Hensel Lemma (see Theorems 1.4.3 and 3.2.6), there exist polynomials fej (x) which factorize xm − 1 in Zpn [x]. As in Section 3.1, we have s s Y Y Zpn [x] Rj , Rm = := e (fj (x)) j=1

j=1

where s is the number of polynomials in the factorization of xm − 1 in Zpn [x]. Since the polynomials fej (x) are relatively prime (see Definition 3.2.1), any ideal in Rm can be written as an intersection s \

Ij ,

j=1

where Ij is an ideal in the local ring Rj , 1 ≤ j ≤ s. On the other hand, Ij = pmj Rj , 0 ≤ mj ≤ n.

(8.4)

Indeed, Ij admits a primary decomposition in prime ideals. However, Rj contains only the prime ideal pRj , since the image of any prime ideal Pj of Rj under the homomorphism Rj →

Zp [x] (fj (x))

is the zero ideal. Thus, Pj ⊂ pRj ; moreover, p belongs to Pj , since Rj /Pj is an integral domain. Therefore, Pj = pRj , and Ij is described as in (8.4). By expanding the product in (8.4) and recalling that, in Zpn [x], (fej (x)) ⊂ (pn−1 , fej (x)) ⊂ . . . (p, fej (x)), we have I = Ψ(J), where Ψ : Zpn [x] → Rm is the canonical quotient epimorphism and where the ideal J = (h0 (x), ph1 (x), . . . , pn−1 hn−1 (x)) is determined by the polynomials hi (x)’s which are divisors of xm − 1 in Zpn [x] satisfying hn−1 (x)|hn−2 (x)| . . . |h1 (x)|h0 (x) (see Section 1.4).

146


Finally, to prove the assertion it suffices to show that any ideal I has the generator Ψ(g(x)), where g(x) := h0 (x)+ph1 (x)+. . .+pn−1 hn−1 (x) ∈ Zpn [x]. This follows by induction on n. Indeed, for n = 1 the claim is trivial. For n ≥ 2, define the polynomials h0 (x) = (xm − 1)/h0 (x); hi (x) = hi−1 (x)/hi (x),

1 ≤ i ≤ n.

Consider the polynomials kj (x) =

n Y

i=0

c h0 (x) . . . h j (x) . . . hn (x),

where the hat denotes a missing factor in the product. Since the kj (x)’s are relatively prime in Zpn [x], there exist polynomials aj (x) such that n X

aj (x)kj (x) = 1.

(8.5)

j=0

Multiplying both sides of (8.5) by pn−1 hn−1 (x) yields n X

aj (x)kj (x)pn−1 hn−1 (x) = pn−1 hn−1 (x).

(8.6)

j=0

By explicit computation (see [13]), it is easy to show that the polynomial Ψ(pn−1 hn−1 (x)) belongs to the ideal generated by Ψ(g(x)). By induction, the theorem is completely proved. ✷ Remark 8.1.4 By abuse of notation, we can say that g(x) is the generator polynomial of the cyclic code C over Zpn and the polynomial h(x) = (xm − 1)/g(x) determines a parity check polynomial of C. Example 8.1.5 The factorization of x15 − 1 in Z4 [x] can be determined by the factorization of x15 − 1 in Z2 [x] (cf. Example 7.2.4). More precisely, x15 − 1 = (x + 3)(x2 + 3x + 3)(x4 + 2x3 + 2x2 + 3x + 3)· (x4 + 3x3 + 2x2 + 2x + 3)(x4 + 3x3 + 3x2 + 3x + 3) = fe1 (x) . . . fe5 (x).

Since there are five monic, basic irreducible factors of x15 − 1, there exist 35 quaternary cyclic codes of length 15.

147


Like codes over finite fields, cyclic codes over Zpn can be described in terms of idempotents. In fact, by Proposition 3.1.3 and Theorem 3.1.4, the finite, unitary, commutative ring Rm can be decomposed into a sum of subrings generated by a set of mutual orthogonal idempotents ej such P that j ej = 1. Clearly, any finite sum of idempotents in the set ej is an idempotent itself. This means that any cyclic code has an idempotent as a generator polynomial. We will give more example of cyclic codes in Section 8.2. We end this section by observing how Proposition 7.2.8 extends to cyclic codes over Zpn . As in (7.10), for any polynomial a(x) ∈ Zpn [x] of degree m − 1, set a∗ (x) = xm−1 a(1/x) = a0 xm−1 + . . . + am−1 . Proposition 8.1.6 If C is a cyclic code of length m over Zpn with idempotent e(x), then the code C ⊥ has idempotent (1 − e(x))∗ . Proof: Let g(x) be a generator polynomial of C. With the same convention adopted in Remark 8.1.4, g(x)h(x) = xm − 1, where h(x) is a parity check polynomial of C. Since e(x)(1 − e(x)) = 0 in Rm , 1 − e(x) is an idempotent element in the ideal (h(x)). On the other hand, by the same arguments of Theorem 7.2.5, which can be easily adapted to this case, (1 − e(x)) = (h(x)). Since Theorem 7.2.3 ii) can be generalized to the case of cyclic codes over Zpn , the claim is completely proved. ✷

8.1.4

Hamming codes over Zpn

Hamming codes over the Galois ring Zpn were first introduced by I. F. Blake in [8]. We briefly recall their definition and compare them with their analogue over finite fields. Let Z be the set {(a1 , . . . , am ) | ai zero divisor in Zpn }. Let

(k)

µ : Zpn −→ Z(k) p

be the homomorphism which reduces mod p the coordinates of any k(k) (k) tuple in Zpn (see Section 1.4). Two elements a, b in Zpn \ Z are defined to be equivalent if and only if µ(a) and µ(b) are linearly dependent over (k) the Zp -vector space Zp . (k)

Lemma 8.1.7 The number of equivalence classes of Zpn \ Z is (pk − 1)/(p − 1).

148

CHAPTER 8. CODES OVER GALOIS RINGS (k)

Proof: The cardinality of Zpn \ Z is p(n−1)k (pk − 1), since there are pn−1 zero-divisors in Zpn . Moreover, by definition, every equivalence class has (p − 1)p(n−1)k elements. ✷ k Now, consider the k × (p − 1)/(p − 1) matrix H with columns given by representatives of the equivalence classes defined above. Since the columns of H can be chosen to have entries from the set {0, 1, . . . , p − 1}, it is natural to define the Hamming code C over the Galois ring Zpn as the code with parity check matrix H. C is thus a code of length (pk − 1)/(p−1), with codewords given as linear combinations, with coefficients (k) from Zpn , of k independent elements in Zp . Finally, notice that both the minimum Hamming distance and the minimum Lee distance of C are equal to 3, as can be readily checked by the definition of H.

8.2

Linear quaternary codes

In this section, we will focus on linear quaternary codes, i.e. linear codes over Z4 . Any such code of length m is permutation equivalent to a code C with generator matrix of the form G=

I k1 0

A 2Ik2

B C

!

,

(8.7)

where the entries in A and in C are 0 or 1, and those in B are from Z4 . A codeword has the form (a1 , . . . , ak1 +k2 )G, where a1 to ak1 are in Z4 and ak1 +1 to ak1 +k2 are in Z2 . C is called a linear quaternary code of type 4k1 2k2 , since it has 22k1 +k2 codewords. If C has generator matrix G, the dual code C ⊥ has generator matrix −B T − C T AT 2AT

CT 2Ik2

Im−k1 −k2 0

!

.

Note that C ⊥ is a code of type 4m−k1 −k2 2k2 . Example 8.2.1 Consider the 4 × 8 block matrix G = (I4 | B) with elements from Z4 , where I4 is the identity matrix of order 4 and B is the matrix   3 1 2 1  1 2 3 1       3 3 3 2  2 3 1 1

The linear code with generator matrix G is a quaternary code of length 6, with 256 codewords, and, by direct computation, minimum Lee weight

8.2. LINEAR QUATERNARY CODES

149

6. This code, which is called the octacode, may be characterized, for example, as the unique self-dual code of length 8 and minimal Lee weight 6 (cf. [18]). Quaternary cyclic codes have been investigated by many authors for their various applications: see, for instance, [9], [13], and [60]. As observed in Section 8.1.3, and with the same notation adopted there, the number of Z4 -cyclic codes of length m is 3s , where s is the number of basic irreducible polynomial factors of xm − 1 over Z4 . Furthermore, the following result holds. Theorem 8.2.2 Suppose C is a quaternary cyclic code of odd length m. Then there exist unique, monic polynomials f (x), g(x), and h(x) such that C corresponds to the image of the ideal (f (x)h(x), 2f (x)g(x)) in Rm , where f (x)g(x)h(x) = xm − 1, and C is of type 4deg(g(x)) 2deg(h(x)) . Proof: The proof is a bit technical and basically depends on the possibility of choosing the polynomials f (x), g(x), and h(x); for details see [60]. ✷ Idempotents of quaternary codes have been also determined explicitly. As discussed in Section 7.2.3, the factorization of the cyclotomic polynomial xm − 1 over Z2 determines a set of mutual orthogonal primitive idempotents θi (x) in Z2 [x]/(xm − 1) (cf. Theorem 7.2.7). It is shown in [9] that the polynomials θi (x) allow to determine idempotents ηi (x) in Z4 [x]/(xm − 1) such that X i

ηi (x) = 1,

ηi (x)ηj (x) = 0, i 6= j.

Example 8.2.3 There exist 27 quaternary cyclic codes of length 7, since x7 − 1 = (x − 1)(3 + x + 2x2 + x3 )(3 + 2x + 3x2 + x3 ) = f0 f1 f2 . By Theorem 8.2.2, it is possible to figure out the type of all these codes. Among them, the polynomial f1 generates the octacode introduced in Example 8.2.1. Moreover, from the discussion above, these codes can be described in terms of idempotents as well. Indeed, (see [60]) one has η0 (x) = 3(1 + x + x2 + x3 + x4 + x5 + x6 ), η1 (x) = 1 + 3(x3 + x5 + x6 ) + 2(x + x2 + x4 ), η2 (x) = 1 + 3(x + x2 + x4 ) + 2(x3 + x5 + x6 ).

150


Unlike binary codes, it is possible to define different weight enumerators for a quaternary code. The complete weight enumerator of a quaternary code C of length m is the polynomial cweC (W, X, Y, Z) :=

X

W n0 (x) X n1 (x) Y n2 (x) Z n3 (x) ,

c∈C

where na (c) := |{k : xk = a, 1 ≤ k ≤ m}|

is the a-weight of the codeword c = (x1 , . . . , xm ). Clearly, permutation equivalent codes have the same complete weight enumerator. Usually, the definition of equivalence between quaternary codes is extended by also allowing a change of signs in some coordinate positions (note that −1 = 3 in Z4 ). Therefore, the complete weight enumerator is no longer invariant under this kind of equivalence. This leads to introduce the symmetrized weight enumerator sweC (W, X, Y ), which is given by the polynomial cweC (W, X, Y, X). Another weight enumerator for quaternary codes is the Lee weight enumerator LeeC (W, X) :=

X

W 2m−wtL (c) X wtL (c) .

c∈C

By (8.1), the Lee weights of 0, 1, 2, 3 ∈ Z4 are 0, 1, 2, 1, respectively. Therefore, for any codeword c, n1 (c) + 2n2 (c) + n3 (c) = wtL (c) and 2n0 (c) + n1 (c) + n3 (c) = 2m − wtL (c); thus, LeeC (W, X) = sweC (W 2 , W X, X 2 ). As a last weight enumerator of a quaternary code, we mention the Hamming weight enumerator, which is defined to be the polynomial HamC (W, X) := sweC (W, X, X). Analogously to binary codes, weight enumerators of quaternary codes can be related via an identity similar to the MacWilliams Identity. In fact, by the same arguments as in Theorem 7.3.3, we have Theorem 8.2.4 Let C be a linear quaternary code of length m, i.e. (m) C ⊂ Z4 . Then cweC ⊥ (W, X, Y, Z) =

1 cweC (W + X + Y + Z, W + iX − Y − iZ, |C| W − X + Y − Z, W − iX − Y + iZ),

where |C| is the number of codewords of C, and i2 = −1.

151

8.2. LINEAR QUATERNARY CODES Corollary 8.2.5 Let C be a linear quaternary code. Then (1) sweC ⊥ (W, X, Y ) = (2) LeeC ⊥ (W, X) =

1 |C| sweC (W

1 |C| LeeC (W

+ 2X + Y, W − Y, W − 2X + Y );

+ X, W − X).

Proof: The claim follows from Theorem 8.2.4 and from the definition of the symmetrized and the Lee weight enumerators. For example, (1) can be preved as follows: sweC (W + 2X + Y, W − Y, W − 2X + Y ) = cweC (W + 2X + Y, W − Y, W − 2X + Y, W − Y ) = |C|cweC ⊥ (W, X, Y, X) = |C|sweC ⊥ (W, X, Y ). ✷ Now, we recall the definition of the Gray map. Denote by α, β, γ the three maps from Z4 to Z2 , defined as follows: c α(c) β(c) γ(c) 0 0 0 0 1 1 0 1 2 0 1 1 3 1 1 0 . (m)

Clearly, α, β and γ can be extended to Z4 by linearity; we shall hereafter denote such extensions by the same letters. Notice that α(i) + β(i) + γ(i) = 0, for each i ∈ Z4 . (m)

Definition 8.2.6 The Gray map Φ : Z4

(2m)

→ Z2

is given by

Φ(c) := (β(c), γ(c)). Remarkably, the Gray map satisfies the following (m)

Theorem 8.2.7 For any a, b ∈ Z4 , dL (a, b) = dH (Φ(a), Φ(b)). Proof: By (8.1) and Definition 8.2.6, wtL (a) = n1 (a) + 2n2 (a) + n3 (a) = |{i : β(ai ) = 1, 1 ≤ i ≤ m}| +|{i : γ(ai ) = 1, 1 ≤ i ≤ m}| = wtH (Φ(a)),

152

CHAPTER 8. CODES OVER GALOIS RINGS (m)

(m)

where a = (a1 , . . . , am ) ∈ Z4 . Thus, for any a, b ∈ Z4 , dL (a, b) = wtL (a − b) = wtH (Φ(a − b)) = dH (Φ(a − b), 0). The claim now follows since dH (Φ(a − b), 0) = dH (Φ(a), Φ(b)). ✷ The image of a quaternary code C of length m under the Gray map is a binary code of length 2m which is called the binary image of C. In particular, a binary code C ′ is Z4 -linear if its coordinates can be arranged so that C ′ = Φ(C), for some quaternary linear code C. Theorem 8.2.8 A binary code C of length 2m is Z4 -linear if and only if the following holds: u, v ∈ C =⇒ v + u + (u + uσ ) ∗ (v + v σ ) ∈ C,

(8.8)

where ∗ denotes the componentwise product of two codewords, and, for any u = (u1 , . . . , um , um+1 , . . . , u2m ), uσ := (um+1 , . . . , u2m , u1 , . . . , um ). Proof: For a proof see, for example, [11].

✷

Corollary 8.2.9 A binary linear code C of length 2m is Z4 -linear if and only if the following holds: u, v ∈ C =⇒ (u + uσ ) ∗ (v + v σ ) ∈ C.

(8.9)

Condition (8.8) is very restrictive, so the binary image of quaternary linear codes is quite often nonlinear. In [12], Calderbank and McGuire used (8.9) to prove the following result. Theorem 8.2.10 Let C be a binary linear code of length 2m. Suppose further that all non-zero Hamming weights wtH in C, with the possible exception of the codeword 1 = (1, . . . , 1), are contained in the interval [m − a, m + a], where 0 < a < m/5. If C is the binary image of a quaternary code, then C ⊥ has minimum weight at most 5.

153

8.2. LINEAR QUATERNARY CODES

As a corollary, many classical families of linear codes, such as some cyclic codes, cannot be obtained as images of quaternary codes under the Gray map. Nonetheless, it may well be that two nonlinear binary codes are the binary images of two linear quaternary codes which are duals. This leads to the following definition, which will play a fundamental role in the interpretation of the formal duality between Kerdock codes and Preparata codes. Definition 8.2.11 Let C be a linear quaternary code. The Z4 -dual of the binary image of C is the binary image of C ⊥ . Example 8.2.12 The r-th order Reed-Muller code R(r, l) of length m = 2l , l ≥ 1, is Z4 -linear for r = 0, 1, 2, . . . , l − 1, l; indeed, a direct computation shows that such codes are binary images of the codes ZRM4 (r, l − 1) introduced in Section 8.1.2. In particular, R(1, l) is Z4 linear. On the other hand, R(l − 2, l), i.e., the extended Hamming code of length 2l is not Z4 -linear for l ≥ 5: see [11] for a proof. Therefore, for l ≥ 5, R(1, l) and the binary image of Φ(ZRM4 (1, l − 1)⊥ ) are Z4 -duals, but not duals as binary codes. Lemma 8.2.13 If C is a linear quaternary code, then Φ(C) is invariant with respect to the Hamming distance. Proof: By Theorem 8.2.7, it suffices to show that C is invariant with respect to the Lee distance. In fact, for c1 , c2 ∈ C, the map x → x+c1 −c2 is a bijection between the set of codewords at distance j from c1 and the set of codewords at distance j from c2 . ✷ Theorem 8.2.14 If C and C ⊥ are dual quaternary codes of length m, the weight enumerators of Φ(C) and Φ(C ⊥ ) satisfy the MacWilliams Identity (cfr. Theorem 7.3.3). Proof: By definition, the weight enumerator of Φ(C) is the polynomial A(W, X) =

X

′

′

W 2m−dH (c,c ) X dH (c ,c) .

c′ ∈Φ(C)

On the other hand, since 0 ∈ C, by Corollary 8.2.5 and by Lemma 8.2.13, we have X

′

′

W 2m−wt(c ) X wt(c ) =

c′ ∈Φ(C ⊥ )

= Lee⊥ C (W, X) =

X

′

′

W m−wtL (Φ(c )) X wtL (Φ(c ))

c′ ∈C ⊥

1 1 LeeC (W + X, W − X) = A(W + X, W − X). |C| |C| ✷

154


Remark 8.2.15 The Gray map has been extended to other families of Galois rings. In [16], Carlet defines a generalization G of the Gray map Φ for codes over the ring Z2n . Analogously to the quaternary case, one can thus introduce the notion of Z2n -linearity and Z2n -duality. Moreover, as in Lemma 8.2.13, images of Z2n -codes under G are still distance invariant with respect to the Hamming distance. However, Z2n -dual codes do not satisfy the MacWilliams Identity, but a more complicated relationship.

8.3

Kerdock and Preparata codes revisited

Definition 8.2.11 allows one to provide a deeper interpretation of the formal duality between certain binary nonlinear codes. Actually, the interest in quaternary codes grew in 1994 when Z4 -duality was first applied to Kerdock codes and Preparata codes in [11]. Let h2 (x) ∈ Z2 [x] be a primitive polynomial of degree k (see Definition 2.2.7). By Hensel’s Lemma (see Theorem 1.4.3), there exists a unique monic, irreducible polynomial h(x) ∈ Z4 [x] of degree k such that h(x) ≡ h2 (x) (mod 2) and h(x) divides xm − 1, where m = 2k − 1. As observed in Chapter 6, the quotient ring Z4 [x]/(h(x)) is a Galois ring with 4k elements. Now, define C4− to be the cyclic code of length m over Z4 with generator polynomial g(x), the reciprocal polynomial to (xm − 1)/((x − 1)h(x)). Consider further the code C4 obtained from C4− by adjoining a coordinate c0 to all codewords (c1 , . . . , cm ) of C4− such P that m i=0 ci = 0. Then the following holds. Theorem 8.3.1 (see [11], Theorem 10) The binary image of the extended cyclic code C4 of length m, m odd, m ≥ 3, under the Gray map is equivalent to the Kerdock code K(m + 1).

The proof of this result is a bit technical and, therefore, is omitted here. We just point out that this theorem is proved by explicitly describing the codewords of C4 in terms of powers of a primitive element ξ of the Galois ring Z4 [x]/(h(x)). More explicitly, with the same notation as in Chapter 6, recall that every element c ∈ GR(4, k) has a unique representation c = a+2b, where a and b belong to the Teichm¨ uller set of GR(4, k). Next, denote by f the automorphism of GR(4, k) such that f (a+2b) = a2 +2b2 . As viewed in Section 5.2, f generates the group AutZ4 (GR(4, k)). The relative trace T (4) : GR(4, k) → Z4

(8.10)

8.3. KERDOCK AND PREPARATA CODES REVISITED

155

is defined by T (4) (c) = c + f (c) + . . . + f k−1 (c). Then, the code C4− is given by the set of words c = (c1 , . . . , cm ) such that ct = T (4) (λξ t ) + ε,

t ∈ {1, . . . , m − 1},

(8.11)

where λ ∈ GR(4, k), ε ∈ Z4 , and ξ is a primitive element of GR(4, k). The code C4 is obtained by adjoining a coordinate c0 ∈ Z4 such that Pm i=0 ci = 0.

Example 8.3.2 For m = 3 and h(x) = x3 + 2x2 + x + 1, the generator polynomial of C4− is g(x) = x3 + 2x2 + x − 1. An explicit description of all codewords and of the generator matrix shows that C4− is permutation equivalent to the octacode (cf. Example 8.2.1). By Theorem 8.3.1, the binary image of C4− is the Nordstrom-Robinson code.

Since the binary code K(m + 1) is simply an extended cyclic code over Z4 , it is natural to study the binary image of the dual C4⊥ . Theorem 8.3.3 (see [11], Theorem 14) The image of C4⊥ under the Gray map is a nonlinear code of length 2m+1 , m odd, m ≥ 3, with m+1 22 −2m−2 codewords and minimal distance 6. Moreover, it is distance invariant (with respect to the Hamming distance). Proof: Obviously, Φ(C4⊥ ) has length 2m+1 . It follows from Lemma 8.2.13 and Theorem 8.2.14 that Φ(C4⊥ ) is distance invariant and that its weight distribution is the MacWilliams transform of that of Φ(C4 ). Since the weight enumerator of the binary Kerdock code K(m + 1) is known (see Theorem 7.4.10), the MacWilliams Identity (cf. Theorem 7.15) allows to compute the number of codewords and the minimum distance of Φ(C4⊥ ). ✷ The Z4 -dual of the Kerdock code K(m + 1), for odd m ≥ 3, has the same parameters of the classical extended Preparata code P(2) of length 2m+1 . For m = 3, they coincide: indeed, by Examples 7.4.13 and 8.2.1, Φ(C4⊥ ) = Φ(C4 ) = N16 = P(2).

(8.12)

In general, however, there is one essential difference between Φ(C4⊥ ) and the original extended Preparata code. Indeed, as shown in Theorem 7.4.16, the latter code is contained in the extended Hamming code of length 2m+1 . On the contrary, the following holds. Theorem 8.3.4 For odd m ≥ 5, Φ(C4⊥ ) is contained in a nonlinear code with the same weight distribution as the extended Hamming code of length 2m+1 .

156


Proof: As in Section 8.1.2, the binary image of ZRM4 (1, m) is the binary Reed-Muller code R(1, m+1), which, as observed in Section 7.4.3, is contained in the Kerdock code K(m + 1). Thus, ZRM4 (1, m) ⊂ C4 . Accordingly, by duality, Φ(C4⊥ ) ⊂ Φ(ZRM4 (1, m)⊥ ). Since ZRM4 (1, m)⊥ is a quaternary code of length 2m and of type m 42 −1−m 2m , Φ(ZRM4 (1, m)⊥ ) is a binary code of length 2m+1 . In addition, by Theorem 8.2.14, R(1, m) and Φ(ZRM4 (1, m)⊥ ) satisfy the MacWilliams Identity for binary codes. Thus the claim follows. ✷ The formal duality between the Kerdock code K(m) and Φ(C4⊥ ) is not a mystery as the one discussed in Section 7.4.4; in fact, it can be regarded as the binary manifestation of the duality between the corresponding quaternary cyclic preimages. Therefore, it seemed natural (cf. [11]) to consider Φ(C4⊥ ) as a new family of Preparata codes, the Z4 -Preparata codes, which had not been discovered earlier. Actually, other families of Z4 -Preparata codes can be constructed. We end this section by recalling how to generate these new codes: we omit most of the proofs because they are rather technical. The reader is referred to [10] for details. In general, the relationship between binary Kerdock codes and their quaternary versions is given in terms of Orthogonal and Symplectic Geometries over a finite dimensional vector space, which is defined via an extraspecial group. We recall that an extraspecial group E is a pgroup, p prime, for which the center Z(E) has order p and E/Z(E) is an elementary abelian group (hence a vector space over the finite field Fp ). Let V be a vector space of dimension r over Z2 . The Euclidean space IRN , N = 2r , has a canonical basis ev labelled by elements of V . We shall construct an extraspecial group of order 21+2r as a subgroup of O(N, IR), the group of linear transformations of IRN which preserve the standard inner product. To this end, for b ∈ V , define the matrices X(b) := ev 7−→ ev+b ,

Y (b) := diag[(−1)b·v ], v ∈ V,

where b·v denotes the standard inner product on V . The groups X(V ) := {X(a) | a ∈ V } and Y (V ) := {Y (b) | b ∈ V } are contained in O(N, IR), since the matrices X(b) and Y (b) are permutation matrices. Define E to be the group generated by elements in X(V ) and Y (V ). Proposition 8.3.5 The group E is an extraspecial group of order 21+2r with center Z(E) = {I, −I}, where I is the identity matrix of order N .

8.3. KERDOCK AND PREPARATA CODES REVISITED

157

Further, every element of E can be uniquely expressed as X(a)Y (b)(−I)γ , a, b ∈ V , γ ∈ Z2 . Next, under the identification of Z(E) with Z2 given by 0 → I, 1 → −I, define the map Q : E/Z(E) → Z2 by Q(e) = e2 , where e is a lifting of e under the projection of E onto the quotient E/Z(E). Theorem 8.3.6 The map Q is a well defined, non-singular quadratic form on E/Z(E). Moreover, E/Z(E) is an Ω+ (2r, 2)-space (cf. Section 7.4.3). As explained in Chapter 7, it is possible to construct inequivalent Kerdock codes from orthogonal spreads in E/Z(E). These Kerdock codes are actually binary images of suitably defined quaternary Kerdock codes. If i ∈ C is such that i2 = −1, consider the cyclic group hiIi of order 4 generated by the N × N scalar matrix iI. The group F generated by E and by hiIi has order 22+2r , since E ∩ hiIi = Z(E). Moreover, Z(F ) = hiIi. Therefore, the quotient group F/Z(F ) = Fe is an elementary abelian group of order 22r . The map (., .)F : Fe × Fe (fe1 , fe2 )F

→ Z2 7−→ [f1 , f2 ] = f1−1 f2−1 f1 f2 ,

is a non-singular symplectic form. Thus, (Fe , (., .)F ) is called a symplectic space. We briefly recall that a subspace W ⊂ Fe is totally isotropic if (v, w)F = 0, for each v, w ∈ Fe . A symplectic spread Fe of the space Fe (and, more generally, of any 2r-dimensional symplectic space) is a family of 2r + 1 totally isotropic r-dimensional subspaces such e that every non-zero vector belongs to one of the elements of F. Analogously to Kerdock sets (cf. Section 7.4.2), symplectic spreads e ) correspond to sets of matrices and vice versa. In fact, denote by X(V e e and Y (V ) the images of X(V ) and Y (V ) in F ; noticeably, these two subspaces are totally isotropic of maximal dimension. Additionally, e ) ⊕ Ye (V ) = Fe , where Fe is regarded as a vector space over Z2 . X(V (r) ej and yej , If {v1 , . . . , vr } is the canonical basis of V = Z2 , define x e e j = 1, . . . , r to be X(vj ) and Y (vj ), respectively. Then, by direct comej , yet )F = δjt . putation, (x

158


er , ye1 , . . . , yer }. As in (7.20), consider e1 , . . . , x Next, fix the basis S = {x the matrices ! I P † P = , 0 I

where P is a matrix of order r with entries from Z2 . With the choice of the basis S, an easy computation shows that the matrices P † preserve the symplectic form on Fe if and only if P is a symmetric matrix. Moreover, the map P † 7→ P is a group isomorphism between the set of matrices P † and the additive group of symmetric matrices of order r with entries from Z2 . As for binary Kerdock sets, we have the following Proposition 8.3.7 There is a bijective correspondence between symplectic spreads and sets of 2r symmetric matrices of order r with entries from Z2 , such that the difference of any two matrices is of maximal rank. e we denote by PA the corIf A is a subspace of a symplectic spread F, responding matrix. In the sequel, we shall refer to sets of matrices like the ones in Proposition 8.3.7 as quaternary Kerdock sets.

Remark 8.3.8 Note that the correspondence in Proposition 8.3.7 does e ) and Ye (V ) (the not depend on the choice of the two subspaces X(V ones used to fix a symplectic basis of Fe ), since the set of totally isotropic subspaces of Fe is invariant with respect to the group which preserves the symplectic form on Fe .

Remark 8.3.9 To recover quaternary Kerdock codes from quaternary Kerdock sets, the matrix P is ‘lifted’ to a matrix with entries from Z4 . This means that, if P = (pjl ), j, l ∈ {1, . . . , r}, is a symmetric matrix of order r with entries from Z2 , the entries 0 and 1 are to be viewed as elements in the ring Z4 . Moreover, one defines η to be the map

(r)

where vb ∈ Vb := Z4 .

η : vb 7−→ vbP vbT ,

Definition 8.3.10 A vector vb = (α1 , . . . , αr ) ∈ Vb is a lift of v = (r) (a1 , . . . , ar ) ∈ V = Z2 if ai ≡ αi (mod 2). Define further TP (v) :=

X j

pjj αj2 + 2

X j