Coding Theory

Peter Müller

June 1, 2017

Contents
1 Introduction 2
1.1 ISBN and EAN numbers as examples of error detecting codes . . . . . 2
1.2 Why codes? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.3 Some definitions and easy properties for block codes . . . . . . . . . . 3
1.4 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Simple bounds and codes attaining these bounds 7

2.1 The Hamming bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2 Hamming codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.3 Perfect codes, part 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.4 The Singleton bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.5 Reed-Solomon codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.6 The Plotkin bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.7 Simplex codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.8 The Griesmer bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.9 Hadamard codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.10 Reed-Muller codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.11 Comparison of some bounds . . . . . . . . . . . . . . . . . . . . . . . . 22
2.12 The Gilbert–Varshamov bounds . . . . . . . . . . . . . . . . . . . . . . . 23
2.13 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3 Duality 28
3.1 The dual code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.2 Linear characters of finite groups . . . . . . . . . . . . . . . . . . . . . . 29
3.3 The MacWilliams identity . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.4 The Linear Programming Bound . . . . . . . . . . . . . . . . . . . . . . 35
3.5 The Covering Radius . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

1
 3.6 Perfect Codes, Part 2 (Lloyd’s Theorem) . . . . . . . . . . . . . . . . . . 41
3.6.1 Application for e = 1 . . . . . . . . . . . . . . . . . . . . . . . . . 44
3.6.2 Application for e = 2 . . . . . . . . . . . . . . . . . . . . . . . . . 45
3.6.3 Application for e = 3 . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.7 Selfdual Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.8 Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

4 Comparing the Bounds 50

5 Application to Projective Planes 52

5.1 Codes Generated from Integral Square Matrices . . . . . . . . . . . . . 52
5.2 Incidence Matrices of Finite Projective Planes . . . . . . . . . . . . . . . 53
5.3 A Special Case of the Bruck–Ryser Theorem . . . . . . . . . . . . . . . 55
5.3.1 A Remark on Projective Planes of Order 10 . . . . . . . . . . . . 57

6 The Golay Codes 57

6.1 The Binary Golay Code . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
6.2 The Ternary Golay Code . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
6.3 Covering Codes and Virtakallio’s Discovery of the Ternary Golay Code 63

7 Goppa Codes 63
7.1 Classical Goppa Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
7.2 Algebraic Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
7.3 Geometric Goppa Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

8 Appendix: Some Tools from Algebra 64

1 Introduction
1.1 ISBN and EAN numbers as examples of error detecting codes
ToDo: To be written

1.2 Why codes?

Assume that we want to transmit (or store) a message which is a stream of letters A,
B, C and D over a binary channel which is only using the symbols (bits) 0 and 1. As
there are exactly four length 2 words with symbols 0 and 1, we can send 00, 01, 10
and 11 for A, B, C, and D, respectively. For instance, the word DAD will be sent as
110011. If one of the bits gets wrongly transmitted, for instance the first one, so that
we receive 010011, we would erroneously decode the message as BAD.

2
 Assume that it happens rarely that a bit gets wrongly transmitted. In order to
detect single errors, we could add a parity check bit, that is we add a bit such that
the number of 1’s is even. The following table shows in the left column the original
length 2 words, and in the right column the actually sent word, henceforth called
code word:

00 → 000 We detect a single error, but cannot correct it. For instance, if
01 → 011 we receive 010, the correct word could have been 000 or 011.
10 → 101
11 → 110

In order to correct a single error, we could add more redundancy. A naive but
working idea is to just repeat the original word 3 times:

00 → 000000 Now any two code words differ in at least 3 positions. So if we

01 → 010101 receive a word where one error happened, for instance 011101,
10 → 101010 then we know that 010101 was the intended code word, because
11 → 111111 no other code word differs in at most one position from 011101.

Next one could ask if we can save some bandwidth, and achieve the same result
with code words of length 5. Indeed, that is possible:

00 → 00000 Again, any two code words differ in at least 3 positions. Thus
01 → 01011 we can correct a single transmission error.
10 → 10111
11 → 11100

The obvious next question is whether we can do that for suitable code words of
length 4. We will soon learn how to systematically treat such questions. For later
reference we record this question.

Question 1.1. Are there 4 words of length 4 using the symbols 0 and 1 which differ
in at least 3 positions?

1.3 Some definitions and easy properties for block codes

The motivation from the previous section can be generalized in various directions.
First, we may use code words built of more symbols than just 0 and 1. Also, if
there is a high probability that symbols in sent code words get wrong, it might be
necessary that we can correct more than one error. These considerations lead to the
basic definition of a block code and the Hamming distance.

3
 Definition 1.2 (Block code). Let F be a finite set of size ≥ 2, and n ∈ N. A
block code is a subset C ⊆ F n .

We will use the term code as a synonym for block code.

Definition 1.3 (Hamming distance). For x = ( x1 x2 . . . xn ) and y =

(y1 y2 . . . yn ) in F n let the Hamming distance d( x, y) be the number of positions
where x and y differ. So d( x, y) is the number of indices i such that xi 6= yi .

Definition 1.4 (Minimum distance). Let C ⊆ F n be a code. Then the minimum

distance d(C ) of C is the minimum of d(c, c0 ) for distinct c, c0 ∈ C. We set
d(C ) = ∞ if |C | ≤ 1.

Remark 1.5. The minimum distance of a code C is the largest integer d such
that d(c, c0 ) ≥ d for every pair of distinct elements c, c0 ∈ C. If |C | ≤ 1, then
there are no such pairs, therefore the inequality holds for all d ∈ N, so we
consistently set d(C ) = ∞ in this case.

We record some simple properties of the Hamming distance.

Lemma 1.6. For x, y, z ∈ F n the following holds.

(a) d( x, y) ≥ 0, and d( x, y) = 0 if and only if x = y.

(b) d( x, y) = d(y, x ) (symmetry).

(c) d( x, z) ≤ d( x, y) + d(y, z) (triangle inequality).

The following lemma explains the error correction capabilities of a code. If we use
a code C with the property (ii) in the lemma, we can correct up to e wrong symbols.
For if c ∈ C was sent, x ∈ F n was received, and at most e symbols got wrong, then c
is the unique element from C which differs in at most e positions from x. Thus we
correctly decode x to c.

Lemma 1.7. Let C ⊆ F n be a code and e ∈ N0 . Then the following assertions are
equivalent.

(i) d(C ) ≥ 2e + 1.

(ii) For any x ∈ F n there is at most one c ∈ C such that d( x, c) ≤ e.

4
 Proof. (i) implies (ii) by the triangle inequality.
Conversely, suppose that (i) does not hold, so there are distinct c, c0 ∈ C such that
d(c, c0 ) ≤ 2e. Then it is easy so see (confer Problem 1.15) that there is x ∈ F n with
d(c, x ) ≤ e and d(c0 , x ) ≤ e.
Many codes which we study in the following have more algebraic structure than
just being subsets of F n . In the following Fq denotes a finite field with q elements.

Definition 1.8 (Linear code). A linear code is a subspace C of the vector space
Fnq . We call it an (n, k, d) code, where k = dim C and d = d(C ).

Definition 1.9 (Weight). For x ∈ Fnq define the weight w( x ) to be the number
of nonzero entries in the vector x, so w( x ) = d( x, 0).

Lemma 1.10. Let C ⊆ Fnq be a linear code. Then d(C ) equals the minimum of the
weights w(c) for 0 6= c ∈ C.

Proof. For c, c0 ∈ C we have c − c0 ∈ C and d(c, c0 ) = w(c − c0 ), from this the claim
follows.
There are some easy modifications of a code which do not change its essential
properties. For instance, let σ ∈ Sym({1, 2, . . . , n}) be a permutation of the letters
{1, 2, . . . , n}, and C ⊆ F n be a code. Then

C 0 = {(cσ(1) cσ(2) . . . cσ(n) ) | (c1 c2 . . . cn ) ∈ C }

has the same size and minimum distance as C. There is another modification which
does not change size and minimum distance. Let F 0 be another set of size | F |, and
for each i = 1, 2, . . . , n let σi : F → F 0 be a bijection. Set

n
C 0 = {(σ1 (c1 ) σ2 (c2 ) . . . σn (cn )) | (c1 c2 . . . cn ) ∈ C } ⊆ F 0 .

Then |C | = |C 0 | and d(C ) = d(C 0 ).

Typical applications are F 0 = F, or F 0 = Z/qZ, where q = | F |, or F 0 = Fq if q is a
prime power.

Definition 1.11 (Equivalence of codes). Suppose that | F | = | F 0 | and let C ⊆ Fn

and C 0 ⊆ Fn0 be codes such that C 0 arises from C by applying a sequence of the
two kinds of modifications described above. Then we call C and C 0 equivalent.

5
 Remark 1.12. It is easy to see that the equivalence of codes indeed is an equiv-
alence relation. Note, however, that if F = F 0 = Fq and C ⊆ Fnq is a linear code,
then a code C 0 ⊆ Fnq which is equivalent to C need not be linear. Linearity of
codes is preserved if in the above definition we only allow σi : Fq → Fq to be
maps of the form σi ( x ) = ai x for nonzero elements ai .

Coding theory essentially consists in the following three aspects:

(a) Given F, n, and d, find codes C ⊆ F n with d(C ) ≥ d and |C | as large as possible.

(b) Given F, n, and d, find good upper bounds for the size |C | of codes C ⊆ F n
with d(C ) ≥ d.

(c) Let C ⊆ F n be a code which can correct up to e errors. Decoding means that
given x ∈ F n , find the (if it exists) the unique code word c ∈ C with d( x, c) ≤ e.
If |C | is very large, a naive search through all the code words can be too time
consuming. For many real world applications, it is important to have efficient
decoding algorithms. The lack of fast algorithms can render certain codes with
otherwise good parameters useless.

In this course we will be concerned with (a) and (b), and will not touch (c).

1.4 Problems
Problem 1.13. Read how the ISBN-10 numbers are defined and which error recog-
nizing properties they have.

Problem 1.14. The ISBN-13 number is a 13-digit number a1 a2 . . . a13 with ai ∈ {0, 1, . . . , 9}
such that

( a1 + a3 + · · · + a13 ) + 3( a2 + a4 + · · · + a12 ) ≡ 0 (mod 10).

Analyze which switches of two consecutive digits are recognized, and which are not.

Problem 1.15. For u, v ∈ F n suppose that d(u, v) ≤ 2e for some e ∈ N. Show that
there is an element w ∈ F n such that d(u, w) ≤ e and d(v, w) ≤ e.

Problem 1.16. Let C ⊆ F n be a code with d(C ) = n. Show that q = | F | ≥ |C | = m,

n
and that C is equivalent to C 0 = {(i i . . . i ) | i = 0, 1, . . . , m − 1} ⊆ F 0 , where
F 0 = {0, 1, . . . , q − 1}.

6
2 Simple bounds and codes attaining these bounds

2.1 The Hamming bound

Definition 2.1 (Hamming ball). For r ∈ R and v ∈ F n we define the Hamming

ball with center v and radius r by Br (v) = { x ∈ F n | d( x, v) ≤ r }.

Lemma 2.2 (Volume of Hamming ball). For all v ∈ F n and m ∈ N0 we have

| Bm (v)| = ∑im=0 (ni)(q − 1)i .

Proof. For each 0 ≤ i ≤ m we count the number of x ∈ F n with d( x, v) = i. There

are (ni) possibilities to pick the i positions in x which differ from v, and for each
of these i positions we have q − 1 choices for the entry of x being different from
the one of v. So this number is (ni)(q − 1)i .
The following theorem is called the Hamming bound or the sphere packing bound.

Theorem 2.3 (Hamming bound). Let C ⊆ F n be a code with d(C ) ≥ 2e + 1 for

e ∈ N0 . Then
qn
|C | ≤ e n
∑i=0 ( i )(q − 1)i
where q = | F |.

Proof. By the triangle inequality, the balls Be (c) around the code words c ∈ C are
pairwise disjoint, hence
e  
n
q = | F | ≥ ∑ | Be (c)| = |C | ∑
n n
( q − 1)i ,
c∈C i =0
i

and the claim follows.

Example 2.4. In Question 1.1 we asked whether if q = | F | = 2, there is a code

C ⊆ F4 with d(C ) ≥ 3 and |C | = 4. The Hamming bound (with e = 1) gives
4
|C | ≤ 12+4 < 4 and therefore |C | ≤ 3. So the answer is negative.

An important class of codes are those where the Hamming bound is sharp. The
proof of the Hamming bound shows that in this case F n is a disjoint union of the
balls Be (c), c ∈ C.

7
 Definition 2.5 (Perfect code). A code C ⊆ F n is a perfect code, if F n is the
disjoint union of the balls Be (c) around the code words c ∈ C for some integer
1 ≤ e ≤ n. In order to emphasize the radius e, one calls it also an e errors
correcting perfect code.

Remark 2.6. The definition excludes the possibilities e = 0 and e = n. For

e = 0, we would obtain the uninteresting case C = F n , and for e = n the code
C would consist of a single element.

Lemma 2.7. Let C ⊆ F n be an e errors correcting perfect code. Then d(C ) = 2e + 1.

Proof. We have d(C ) ≥ 2e + 1 by Lemma 1.7. We need to show that d(C ) ≤ 2e + 1.

Pick some c ∈ C. As e < n, there is an element x ∈ F n such that d( x, c) = e + 1.
Since C is perfect, there is a code word c0 ∈ C with d( x, c0 ) ≤ e. In particular c 6= c0 .
The triangle inequality yields d(c, c0 ) ≤ d( x, c) + d( x, c0 ) ≤ e + 1 + e = 2e + 1, and
the claim follows.
The following section describes infinite families of 1 error correcting perfect linear
codes.

2.2 Hamming codes

The code from the following theorem is called a Hamming code.

Theorem 2.8 (Hamming code). Let Fq be the finite field with q elements and 2 ≤
m ∈ N. For each 1-dimensional subspace of Fm
q pick a nonzero vector vi . Let n be the
number of these vectors. Set

C = {( a1 a2 . . . an ) ∈ Fnq | a1 v1 + a2 v2 + · · · + an vn = 0}.

q m −1
Then n = q −1 and C is a perfect linear code with d(C ) = 3 and of dimension n − m.

Proof. Every 1-dimensional subspace of Fm

q contains exactly q − 1 nonzero el-
ements, and every nonzero element from Fm q is contained in exactly one 1-
q m −1
dimensional subspace. Thus Fm
q has exactly n = q −1 1-dimensional subspaces.
We consider the linear map

ϕ : Fnq → Fm
q , ( a1 a2 . . . a n ) 7 → a1 v1 + a2 v2 + · · · + a n v n .

The map ϕ is surjective, because any element x ∈ Fm

q is a scalar multiple x = λvi

8
for some i, so the vector from Fnq with λ in the i-th position and 0 elsewhere is
mapped to x.
By definition, C is the kernel of ϕ. The dimension formula gives dim C =
dim Fnq − dim Fm q = n − m.
We next show that d(C ) ≥ 3. Suppose this does hold, hence d(C ) ≤ 2. Since C
is a linear code, there is an element 0 6= c = ( a1 a2 . . . an ) ∈ C with w(c) ≤ 2.
Thus there are different indices i and j such that ak = 0 for all k different from i
and j. Thus ai vi + a j v j = 0. Since vi and v j are linearly independent, we obtain
ai = a j = 0, so c = 0, a contradiction.
In order to show that actually d(C ) = 3, note that v1 + v2 is a nonzero vector which
is not contained in hv1 i, nor in hv2 i. Thus v1 + v2 = −λvi for some nonzero scalar
λ and some index i ≥ 3. But then (1 1 0 . . . 0 λ 0 . . . 0) ∈ C, where λ is in the i-th
position.
The Hamming bound yields

qn qn
|C | ≤ = q m −1
= qn−m .
1 + n ( q − 1) 1+ ( q − 1)
q −1

But |C | = qdim C = qn−m , so the Hamming bound is sharp, and therefore C is

perfect.

Example 2.9. Take q = 2.

(a) For m = 2 we may take v1 = (0 1), v2 = (1 0), v3 = (1 1). Then

c = ( a1 a2 a3 ) ∈ C if and only if a2 + a3 = 0 and a1 + a3 = 0, which
is equivalent to a1 = a2 = a3 . So C is just a (boring) repetition code
C = {(0 0 0), (1 1 1)}.

(b) More interesting is the case m = 3. Then n = 7 and dim C = 4. Suppose

that we have a long stream of bits which we want to transmit over a
binary channel which requires error correction, but where it suffices to
correct at most one bit error among say 7 consecutive bits. As |C | = 24 ,
we have a bijection α : F42 → C ⊂ F72 . We can partition the original bit
stream in blocks of length 4, identify each of these blocks with an element
x ∈ F42 , and send the code word c = α( x ) ∈ C.
Under our assumption about the error rate for the bits, we can correct
wrongly transmitted code words, and uniquely reconstruct the original
word x.
The price we pay is that instead of sending the original blocks of 4 bits,
we send blocks of 7 bits. We see that we have complete error correction,
by enlarging the message by a factor of 7/3. This is better than in case

9
 (a), where we have to enlarge by a factor 3, or in the more clever last
example from Section 1.2, which still requires the factor 5/2.

2.3 Perfect codes, part 1

A necessary condition for the existence of an e error correcting perfect code C ⊆ F n ,
where q = | F |, is that
e  
n
∑ i (q − 1)i divides qn . (1)
i =0
Recall that we are only interested in the cases 1 ≤ e ≤ n − 1. Since the minimum
distance of C is 2e + 1 ≤ n, we have e ≤ (n − 1)/2. Up to today it is not possible to
classify the possibilities for (1). If q is a prime, then (1) is clearly equivalent to
e  
n
∑ i ( q − 1)i = q m (2)
i =0

for some integer m. In Problem 2.42 we see that for this conclusion it suffices to
assume that q is a prime power.
We discuss a few cases of the conditions (1) and (2).

(a) n = 2e + 1. I do not know if (1) has solutions besides q = 2, but it is not hard
to show that a perfect code with n = 2e + 1 exists only for q = 2, see Problem
2.40. Up to equivalence the only example is C = {(0 0 . . . 0), (1 1 . . . 1)}.

(b) e = 1. Possible solutions are n = (qm − 1)/(q − 1) as we have seen for the
Hamming codes. Here q need not be a prime power. However, it is not known
if there are perfect codes when q is not a prime power and n = (qm − 1)/(q − 1).
However, (1) has many more solutions if q is not a prime power. For instance,
n = (16m − 1)/5 and q = 6 solves (1). Later we will learn another necessary
condition for perfect codes which does not hold for this particular example.

(c) e = 2, n 6= 2e + 1. If q is a prime power, then the only solutions seem to be

(q, n) = (3, 11) and (q, n) = (2, 90), but there is no proof for that. The first case
indeed belongs to a perfect code, the ternary Golay code which we construct
in Section 6.2. The second solution q = 2, n = 90 does not arise from a perfect
code, see Problem 2.43.
If q is not a prime power, then one finds a few more solutions, namely (q, n) =
(15, 11), (21, 52), and (46, 93). In Section 3.6 we will see that there are no perfect
codes with these parameters.

(d) e = 3, n 6= 2e + 1. Probably the only solution of (1) is q = 2, n = 23. Anyway,

there is a perfect with these parameters, the binary Golay code which we study

10
 in Section 6.1. In fact this is one of the most fascinating codes with many
connections to other topics like sporadic simple groups, Steiner systems, and
dense high dimensional Euclidean sphere packings.

(e) e ≥ 4, n 6= 2e + 1. It is unknown whether (1) has any solutions. However,

with the methods from 3.6 one can show (which we don’t do) that there are no
perfect codes with 4 ≤ e and 2e + 1 < n.

(f) One might wonder if (1) can be discussed at least for q = 2. So the question
is which sums ∑ie=0 (ni) are powers of 2. It seems that this question is beyond
present techniques in number theory.

2.4 The Singleton bound

Probably the simplest upper bound on code sizes is

Theorem 2.10 (Singleton bound). Let C ⊆ F n be a code with minimum distance d.

Then
| C | ≤ | F | n − d +1 .

Proof. Let φ : C → F n−d+1 defined by cutting off the last d − 1 coordinates, that
is ( a1 , a2 , . . . , an ) is mapped to ( a1 , a2 , . . . , an−d+1 ). If c, c0 ∈ C are distinct, then
d(c, c0 ) ≥ d, so φ(c) and φ(c0 ) still differ in at least one position. Hence φ is
injective. The claim follows from |C | = |φ(C )| ≤ | F n−d+1 |.

Remark 2.11. Codes which achieve the Singleton bound are called MDS (max-
imum distance separable) codes. Not very much is known about MDS codes. In
the next section we will describe a large family of linear MDS codes.

2.5 Reed-Solomon codes

The codes in the following theorem are called Reed-Solomon codes.

Theorem 2.12 (Reed-Solomon code). Let 1 ≤ d ≤ n be integers, and Fq be a finite

field with q ≥ n elements. Pick n distinct elements x1 , x2 , . . . , xn from Fq . Set

C = {( f ( x1 ) f ( x2 ) . . . f ( xn )) | f ∈ Fq [ X ] of degree ≤ n − d} ⊆ Fnq .

Then C is an MDS code with d(C ) = d and dim C = n − d + 1.

Proof. Let V be the vector space of the polynomials f ∈ Fq [ X ] of degree

≤ n − d. Clearly dim V = n − d + 1. Consider the linear map ϕ : V → C,

11
 f 7→ ( f ( x1 ) f ( x2 ) . . . f ( xn )). Suppose that f 6= 0. As deg f ≤ n − d, we know that
f has at most n − d roots. Thus there are at least d indices i such that f ( xi ) 6= 0.
Thus w( ϕ( f )) ≥ d, and therefore d(C ) ≥ d. Furthermore, as d ≥ 1, we see that ϕ
has trivial kernel, so it is an injective map. Thus dim C = dim V = n − d + 1.
The Singleton bound says n − d + 1 = dim C ≤ n − d(C ) + 1, so d(C ) ≤ d. Above
we saw that d(C ) ≥ d, so for our code the Singleton bound is sharp.

2.6 The Plotkin bound

The next bound, compared to the Singleton bound and the Hamming bound, works
particularly well for codes with a large minimum distance.

Theorem 2.13 (Plotkin bound). Let C ⊆ F n be a code with q = | F | and d =

d(C ) > n(1 − 1q ). Then
d
|C | ≤ .
d − n(1 − 1q )

Proof. Set m = |C | and M = ∑u,v∈C d(u, v). As there are m(m − 1) pairs u, v in C
with u 6= v, and d(u, v) ≥ d for each such pair, we get

M ≥ d · m · ( m − 1). (3)

We compute the contribution of the first position of the code words to M. For
each i ∈ F let ai be the number of code words c ∈ C which have the first entry i.
Then
∑ ai = |C| = m. (4)
i∈ F
The contribution to M from the first position is

M1 = ∑ a i ( m − a i ).
i∈ F

We compute

M1 = ∑ ai ( m − ai )
i∈ F
m 2
≤ ∑ ai ( m − ai ) + ∑ ( ai − q
)
i∈ F i∈ F
 2 !
m m
= ∑ ai m − 2ai +
q q
i∈ F
1
= m2 (1 − ),
q

12
 where we used (4) in the last step.
This consideration holds for all n positions, hence M ≤ n · m2 (1 − 1q ) and therefore

1
d · m · ( m − 1) ≤ M ≤ n · m2 · (1 − ).
q

From this the claim follows.

Remark 2.14. The proof of the Plotkin bound shows that equality holds if and
only all distinct code words u, v ∈ C have the same distance d = d(u, v), and if
in every position each symbol appears the same number of times.

The Plotkin bound has an interesting application to MDS codes. First we need an
easy observation.

Lemma 2.15. Let C ⊆ F n be an MDS code with n ≥ 2. For i ∈ F define

Ci = {( a1 a2 . . . an−1 ) | ( a1 a2 . . . an ) ∈ C and an = i } ⊆ F n−1 .

Then Ci is an MDS code with d(Ci ) = d(C ).

Proof. Set q = | F |. Clearly d(Ci ) ≥ d(C ) for all i, and |C | = ∑i∈ F |Ci |. Furthermore,
|C | = qn−d(C)+1 , because C is an MDS code. The Singleton bound, applied to each
of the Ci , gives

|C | = ∑ |Ci | ≤ ∑ qn−1−d(Ci )+1 ≤ ∑ qn−1−d(C)+1 = qn−d(C)+1 = |C|.

i∈ F i∈ F i∈ F

Thus we have equality everywhere. In particular, d(Ci ) = d(C ) and |Ci | =

qn−1−d(Ci )+1 for all i. So Ci is an MDS code with d(Ci ) = d(C ).
We learned a huge family of MDS codes, the Reed-Solomon codes. These have the
important restriction q ≥ n. One might ask if there are different constructions which
allow small values of q, preferably q = 2. Unfortunately, that is not the case.

Theorem 2.16. Let C ⊆ F n be an MDS code with d(C ) < n. Then | F | ≥ d(C ).

Proof. Set d = d(C ) and q = | F |. Repeated application of the previous lemma

yields an MDS code C 0 ⊆ F d+1 with d(C 0 ) = d. If q ≥ d then we are done. Thus
d − q +1
we may assume that q ≤ d. Then d − (d + 1)(1 − 1q ) = q > 0, so we may

13
 apply the Plotkin bound to C 0 . Note that |C 0 | = q(d+1)−d+1 = q2 , so

d
q2 ≤ .
d − (d + 1)(1 − 1q )

This yields
q−d
≥ 0.
d−q+1
We assumed q ≤ d. So the denominator is positive, and we get q ≥ d.

Remark 2.17. The idea to apply the Plotkin bound to the MDS code of size q2
is due to Dominik Barth. My original proof was more complicated.

2.7 Simplex codes

We now present a series of codes which meet the Plotkin bound. The code con-
structed in the following theorem is called the simplex code, because any two distinct
elements have the same distance.

q m −1
Theorem 2.18 (Simplex code). Let q be a prime power, n = q−1 , and A ∈ Fm q
×n be

the matrix where the columns are representatives of the n one-dimensional subspaces
of Fm q . Let C ⊆ Fq be the linear code generated by the rows of A.
n

Then dim C = m, and d(u, v) = qm−1 for any distinct u, v ∈ C. In particular,

d ( C ) = q m −1 .

Proof. A contains, up to scalar multiples, all vectors from Fm

q . Therefore the col-
umn rank of A is m. By definition, dim C is the row rank of A, which is m as we
know from linear algebra.
It remains to prove the assertion about the distances. As C is a linear code, we
only need to show that w(c) = qm−1 for each nonzero c ∈ C. Let a1 , a2 , . . . , am be
the rows of A, and write ai = ( ai1 ai2 . . . ain ). Let
m
c= ∑ λi ai
i =1

be a nonzero element from C, where λi ∈ Fq . Then w(c) is the number of indices

1 ≤ j ≤ n such that ∑im=1 λi aij 6= 0. The linear equation ∑im=1 λi xi = 0 has qm−1
solutions. Thus there are exactly qm − qm−1 vectors ( x1 x2 . . . xm )t ∈ Fmq such that
m
∑ i =1 i i
λ x 6 = 0. As the matrix A contains from each one-dimensional subspace of
q m − q m −1
Fm
q precisely one nonzero element, we see that w ( c ) = q −1 = q m −1 .

14
 Remark 2.19. (a) The simplex codes meet the Plotkin bound.

(b) Note that d(C ) = qm−1 is not much smaller than n = 1 + q + q2 + · · · +

qm−1 . So compared to the Hamming code, the simplex code can be used
in situations where transmission errors arise with a high frequency.

2.8 The Griesmer bound

The proof of the Singleton bound relied on deleting positions of a code. Here we
refine this technique for linear codes.

Definition 2.20 (Residual code). Let C ⊆ Fnq be a linear code, and c =

(c1 c2 . . . cn ) ∈ C be a code word with positive weight w = w(c). Let
i1 , i2 , . . . , in−w be the indices i such that ci 6= 0. Then

Res(C, c) = {(vi1 vi2 . . . vin−w ) | (v1 v2 . . . vn ) ∈ C } ⊆ Fnq −w

is called the residual code with respect to c.

Recall that a linear code C ⊆ Fnq is called an (n, dim C, d(C )) code.

Lemma 2.21. Let C ⊆ Fnq be a linear (n, k, d) code. Pick c ∈ C with 0 < w =
q
w(c) < q−1 d. Then Res(C, c) is a linear (n − w, k − 1, d0 ) code with d0 ≥ d − w + wq .

Proof. By replacing C with an equivalent linear code we may assume that

c = (1| 1 {z . . . 0}). Let ϕ : C → Res(C, c) be the linear map sending
. . . 1} 0| 0 {z
w n−w
v = (v1 v2 . . . vn ) to ϕ(v) = (vw+1 vw+2 . . . vn ).
Pick v ∈ C. By the pigeonhole principle, there is an element α ∈ Fq which appears
at least wq times among the first w entries v1 , v2 , . . . , vw of v. Thus v − αc has at
most w − wq nonzero entries in the first w positions, and exactly w( ϕ(v)) nonzero
entries in the remaining n − w positions. Thus
w
w(v − αc) ≤ w − + w( ϕ(v)).
q
If v 6= αc, then w(v − αc) ≥ d. We obtain
w
w( ϕ(v)) ≥ d − w + if v 6= αc.
q
Any nonzero element from Res(C, c) has the form ϕ(v) for some v ∈ C. From
ϕ(v) 6= 0 and ϕ(c) = 0 we obtain v 6= αc, so d(Res(C, c)) ≥ d − w + wq as claimed.

15
 It remains to show that dim Res(C, c) = dim C − 1. Note that c is in the kernel of
ϕ. Note that by the assumption on w we have d − w + wq > 0, so w( ϕ(v)) > 0 if
v 6= αc. This shows that the kernel of ϕ is the one-dimensional space hci, and the
claim follows from the dimension formula.

Corollary 2.22. If there is a linear (n, k, d) over Fq with k ≥ 1, then there is a linear
(n − d, k − 1, d0 ) code over Fq with d0 ≥ dq .

Proof. Apply the previous lemma for a nonzero code word c with minimum
weight w(c) = d.
In the following theorem d x e is the ceiling function, so d x e is the smallest integer
m with m ≥ x.

Theorem 2.23 (Griesmer bound). For any linear (n, k, d) code over Fq the following
holds:
k −1  
d
∑ qi ≤ n
i =0

Proof. We prove the theorem by induction for k. If k = 1 then the inequality claims
d ≤ n, which holds of course.
Thus assume that k ≥ 2. By the previous corollary we know that there is a linear
(n − d, k − 1, d0 ) code with d0 ≥ dq . Applying the induction hypothesis to this code
yields
k −2  0 
d
∑ qi ≤ n − d.
i =0

From d0 ≥ d
q we obtain
k −2  
d
∑ q i +1
≤ n−d
i =0
which is equivalent to the claimed inequality.

Remark 2.24. (a) For linear codes, the Griesmer bound is always at least as
good as the Singleton bound. See Problem 2.47.

(b) The simplex codes not only attain the Plotkin bound, but also the Gries-
mer bound.

(c) The ternary Golay code, which is a perfect (11, 6, 5) code over F3 , also
attains the Griesmer bound.

16
 (d) There is no known generalization of the Griesmer bound to non-linear
codes.

2.9 Hadamard codes

Definition 2.25 (Hadamard matrix). For n ∈ N a Hadamard matrix is a matrix

H ∈ Qn×n with all entries in {−1, 1} such that HH t = nIn , where In is the
identity matrix.

It is easy to see that the property of being a Hadamard matrix does not change by
multiplying rows and columns by −1. In particular, if there is a Hadamard matrix
of size n, then there is also one of this size where the entries in the first row and
column are 1.

Definition 2.26 (Normalized Hadamard matrix). A Hadamard matrix is nor-

malized, if the entries in the first row and column all are 1.

An easy construction of Hadamard matrices is due to Sylvester:

Theorem 2.27 (Sylvester). If H ∈ Qn×n is a Hadamard matrix, then

 
H H
∈ Q2n×2n
H −H

is a Hadamard matrix as well.

Proof. This follows from

t
Ht Ht 2HH t
      
H H H H H H 0
= = = 2nI2n
H −H H −H H −H Ht −Ht 0 2HH t

As H = (1) is a (rather trivial) Hadamard matrix, we see that there are Hadamard
matrices of size 2m for all m ∈ N0 . Sylvester’s construction can easily be generalized.
If there are Hadamard matrices of sizes m and n, then there is a Hadamard matrix
of size mn, see Problem 2.48.
Next we show a restriction on the sizes of Hadamard matrix.

Theorem 2.28. If n is the size of a Hadamard matrix, then n = 1, 2, or n ≡ 0

(mod 4).

17
 Proof. Let H be a Hadamard matrix of size n ≥ 3. As remarked, we may assume
that H is normalized, so the first row contains only the entry 1. By permuting
columns we may assume that the first three rows of H look as follows:

1 1 ··· 1 1 1 ··· 1 1 1 ··· 1 1 1 ··· 1

1 1 ··· 1 1 1 ··· 1 −1 −1 · · · −1 −1 −1 · · · −1
· · · 1 −1 −1 · · · −1 1 ··· 1 −1 −1 · · · −1
 
1 1 1
.. .. .. . .. .. . . .. .. .. . . .. .. .. . . ..
. . . .. . . . . . . . . . . . .
| {z } | {z } | {z } | {z }
i j k `

The pairwise orthogonality of the rows yields

i+j−k−` = 0
i−j+k−` = 0
i − j − k + ` = 0.

From that we get i = j = k = `, so n = i + j + k + ` = 4i.

Remark 2.29. There is the conjecture that there is a Hadamard matrix of size
n whenever n ≡ 0 (mod 4). The smallest such n for which the existence of a
Hadamard matrix is open is 668.

As a preparation for the next theorem, we provide a lemma about the structure of
squares in finite fields of odd order.

Lemma 2.30. Let Fq be a finite field of odd order q. Let χ : Fq → Q be the Legendre
function, defined by

0,
 if i = 0
χ(i ) = 1, if 0 6= i is a square in Fq

−1, if i is a non-square in Fq .


Then the following holds.

(a) χ(ij) = χ(i )χ( j) for all i, j ∈ Fq .

(b) ∑i∈Fq χ(i ) = 0.

(c) χ(−1) = −1 if q ≡ 3 (mod 4).

18
Proof. The map α : x 7→ x2 is a homomorphism from the multiplicative group F?q
to itself. The kernel of α is {−1, 1}, so the size of the image S, which is the group
of non-zero squares, is (q − 1)/2. Since S is a subgroup of index 2 in F?q , we get
(a). By definition, χ assumes the value 1 on S and −1 on the (q − 1)/2 elements
from F?q \ S. This implies (b).
Now suppose that q ≡ 3 (mod 4). Then (q − 1)/2, the order of S, is odd. There-
fore S does not contain the involution −1, and we obtain (c).

Theorem 2.31 (Paley). Let q be a prime power such that q ≡ 3 (mod 4). Then there
is a Hadamard matrix of size q + 1.

Proof. Let Fq be the finite field with q elements. We use Fq to number the rows
and columns of a matrix Q ∈ Qq×q . For i, j ∈ Fq , let Q[i, j] be the entry of Q in
position (i, j).
We use the definitions and results from the previous lemma. Define the matrix
Q ∈ Qq×q by Q[i, j] = χ(i − j). We calculate QQt :

( QQt )[r, s] = ∑ Q[r, k ] Qt [k, s]

k ∈Fq

= ∑ Q[r, k ] Q[s, k ]
k ∈Fq

= ∑ χ (r − k ) χ ( s − k )
k ∈Fq

= ∑ χ (r − s + k ) χ ( k ) k replaced by s − k
k ∈Fq

= ∑ χ (r − s + k ) χ ( k )
06 = k ∈Fq

= ∑ χ(r − s + 1/k )χ(1/k) k replaced with 1/k

06 = k ∈Fq

= ∑ χ(r − s + 1/k )χ(k ) since χ(1/k) = χ(k )

06 = k ∈Fq

= ∑ χ ( k (r − s ) + 1) since χ is multiplicative
06 = k ∈Fq

If r = s, then the sum is q − 1, so ( QQt )[r, r ] = q − 1. If r 6= s, then k (r − s) + 1

runs through all elements from Fq except 1. Thus the sum is −χ(1) = −1, because
∑i∈Fq χ(i ) = 0. So ( QQt )[r, s] = −1 for r 6= s. Set e = (1 1 . . . 1) ∈ Q1×q . Then all
entries of the matrix et e are 1. We see that

QQt = qIq − et e.

From Q[r, s] = χ(r − s) = χ(−1)χ(s − r ) = χ(−1) Q[s, r ] and χ(−1) = −1 we

19
 furthermore get
Qt = − Q.
Define  
1 e
H= .
et Q − Iq
Then
eQt
    
t 1 e 1 e q+1
HH = t t t = .
e Q − Iq e Q − Iq Qet et e + QQt − Q − Qt + Iq

Part (b) of the previous lemma shows that the sums of the elements in each col-
umn and row of Q vanishes. Thus eQt , Qet are the 0-vectors. Together with
Qt = − Q, and QQt = qIq − et e we obtain HH t = (q + 1) Iq+1 .

Theorem 2.32. If there is a Hadamard matrix of size n > 1, then there is a code
C ⊆ F n−1 with | F | = 2 of size n and minimum distance n/2. In fact, the distance of
any distinct code words is n/2.

Proof. Let H be a normalized Hadamard matrix of size n. Let u = (u1 u2 . . . un )

and (v1 v2 . . . vn ) be two distinct code words. Let a and b be the number of
indices i where ui = vi and ui 6= vi , respectively. Then 0 = uvt = ∑i ui vi = a − b,
so a = b = n/2. On the other hand, d(u, v) = b = n/2. The code of length n − 1 is
the set of rows of H, where we cut off the first element (which is 1 in all rows).

n
2
Remark 2.33. From n = n 1 we see that the Hadamard codes assume
2 −( n −1)(1− 2 )
the Plotkin bound.

Example 2.34. (a) By Paley’s theorem for the prime p = 11 there is a

Hadamard matrix of size 12. So the previous theorem yields a binary
code C ⊆ {0, 1}11 of size 12 and minimum distance d(C ) = 6.
In view of Corollary 2.22 one might wonder if for arbitrary codes C ⊆ F n
|C | d(C )
there is a code C 0 ⊆ F n−d(C) such that |C 0 | ≥ q and d(C 0 ) ≥ q .
The example just constructed shows that this is not the case. Otherwise
there were a binary code C 0 ⊆ {0, 1}5 with d(C 0 ) ≥ 3 and |C 0 | ≥ 6. But
5
the Hamming bound |C 0 | ≤ 12+5 < 6 shows that such a code does not
exist.

(b) One might wonder if the following holds: If the Griesmer bound denies
the existence of a linear (n, k, d) code, so there is no non-linear code of

20
 size qk in Fnq and minimum distance d(C ). However, that does not hold:
As in (a), now for the prime p = 19, we obtain a binary code C ⊆ {0, 1}19
of size 20 and minimum distance d(C ) = 10. In particular, a subset of C
has size 24 and still minimum distance 10. However, the Griesmer bound
shows that for a linear (19, k, 10) code we have k ≤ 3.

2.10 Reed-Muller codes

We now construct a family of binary linear codes using an idea similar to the one
for the Reed-Solomon codes.

Theorem 2.35 (Reed-Muller codes). Fix 0 ≤ r ≤ m. Let Pr,m be the set of polyno-
mials in F2 [ X1 , X2 , . . . , Xm ] of total degree ≤ r and of degree ≤ 1 with respect to each
variable. Let v1 , v2 , . . . , vn be the n = 2m elements from F2m . Then

C = {( f (v1 ) f (v2 ) . . . f (vn )) | f ∈ Pr,m }

is a linear (2m , ∑ri=0 (mi), 2m−r ) code over F2 , the so-called Reed-Muller code
RM(r, m).

Proof. We prove the theorem by induction on m + r. There is nothing to show if

m + r = 0.
Now suppose that m + r ≥ 1. Since Pr,m is a vector space, and C ⊆ F2n is a
homomorphic image of Pr,m , we see that C is a linear code. Pick 0 6= f ∈ Pr,m , and
set c = ( f (v1 ) f (v2 ) . . . f (vn )) ∈ C. Note that
w(c) = |{( x1 x2 . . . xm ) ∈ F2m | f ( x1 , x2 , . . . , xm ) 6= 0}|.
Isolate Xm and write f = g( X1 , X2 , . . . , Xm−1 ) + Xm h( X1 , X2 , . . . , Xm−1 ). Note that
g ∈ Pr,m−1 and h ∈ Pr−1,m−1 . Distinguishing between the cases xm = 0 and xm = 1
we see that
w(c) = |{( x1 x2 . . . xm−1 ) ∈ F2m−1 | g( x1 , x2 , . . . , xm−1 ) 6= 0}|
+ |{( x1 x2 . . . xm−1 ) ∈ F2m−1 | ( g + h)( x1 , x2 , . . . , xm−1 ) 6= 0}|.
We show that w(c) ≥ 2m−r by looking at the contributions of the two summands.
If g = h, then 0 6= g = h ∈ Pr−1,m−1 , so by the induction hypothesis the first
summand is ≥ 2(m−1)−(r−1) = 2m−r , hence w(c) ≥ 2m−r .
Now assume that g 6= h. If g = 0, then 0 6= g + h = h ∈ Pr−1,m−1 , so by the
induction hypothesis the second summand is ≥ 2(m−1)−(r−1) , so w(c) ≥ 2m−r . If
however g 6= 0 and g 6= h, then g and g + h are nonzero elements from Pr,m−1 ,
so by the induction hypothesis both summands are ≥ 2m−1−r , and again w(c) ≥
2m −r .

21
 Clearly the monomials { X1e1 X2e2 . . . Xm
em
| 0 ≤ ek ≤ 1, ∑ ek ≤ r } are a basis of Pr,m .
The number of these polynomials with ∑ ek = i is (mi). Thus dim Pr,m = ∑ri=0 (mi).
Since w( f (v)) > 0 for 0 6= f ∈ Pr,m , we see that the linear map Pr,m → C is
bijective, so dim C = dim Pr,m .

Remark 2.36. (a) A historically important example is the Reed-Muller code

C = RM(1, 5). Note that this is a linear (32, 6, 16) code, so |C | = 64.
This code was used in the Mariner 6 and 7 Mars missions in 1969 to
send images. Each pixel allowed for 64 shades of gray, so the raw data
of each pixel was a 6-bit word ( a0 a1 . . . a5 ). Note that P1,5 are the linear
polynomials in 5 variables. Accordingly, this raw word was encoded
and sent as the 32-bit code word with entries a0 + ∑i∈S ai , where S runs
through the 32 subsets of {1, 2, 3, 4, 5}. This encoding scheme was easy
to implement in hardware. Also, for this and other Reed-Muller codes,
there exist fast decoding methods.

(b) Given the alphabet size 2, the length 32, and minimum distance at least
16, one can show that 64 is indeed an upper bound for the size of the
code, see Problem 2.49.

(c) The construction of the Reed-Muller codes can be generalized to arbitrary

finite fields Fq as alphabets. For this take 0 ≤ r ≤ m(q − 1), and replace
Pr,m by the set of polynomials in Fq [ X1 , . . . , Xm ] of total degree ≤ r and
degree ≤ q − 1 in each variable, and v1 , . . . , vn , n = qm , by the elements
from Fm q . Note that for m = 1 we recover the Reed-Solomon codes of
length q.

2.11 Comparison of some bounds

Table 1 compares some of the bounds for small parameters of n, d, and q. We see that
for general codes, there are cases where each of the Hamming bound, the Singleton
bound, and the Plotkin bound gives the best result. So none of these bounds is
superseded by some other bound.
For comparison, we have included the Griesmer bound for linear codes. We see
that there are a few cases where the Hamming bound gives a better result. Note that
in the listed cases, the Plotkin bound actually isn’t worse than the Griesmer bound.
For instance for n = 7, q = 5, d = 6, the Plotkin bound gives |C | ≤ 15, while the
Griesmer bound gives |C | ≤ 5. But if C is linear, then |C | is a power of 5, so |C | ≤ 15
implies |C | ≤ 5 as well.

22
 n = 5, q = 2 n = 5, q = 3 n = 6, q = 4 n = 7, q = 5 n = 8, q = 6
d 2 3 4 2 3 4 2 3 5 2 3 6 2 3 7
Hamming 32 5 5 243 22 22 4096 215 26 78125 2693 214 1679616 40966 216
Singleton 16 8 4 81 27 9 1024 256 16 15625 3125 25 279936 46656 36
Plotkin 6 2 6 10 15 21
Griesmer 16 4 2 81 27 3 1024 256 4 15625 3125 5

Table 1: Comparison of some bounds

2.12 The Gilbert–Varshamov bounds

We have seen several constructions of codes. They all have a major shortcoming:
Given a finite set F of size q, and positive numbers δ and ρ, then only finitely many
d(C ) log |C |
of the codes C we learned so far fulfill n ≥ δ and nq ≥ ρ. Note that if C is
linear, then dim C = logq |C |. Using the existence theorems in this section, one can
1
show that for any 0 ≤ δ < 1 − q there is ρ > 0 such that there are infinitely many
d(C ) log |C |
inequivalent codes C such that δ and nqn ≥ ≥ ρ. (See Problem 2.52 for the
1
case δ > 1 − q .) So there are many more codes with interesting parameters.

Theorem 2.37 (Gilbert). For 1 ≤ d ≤ n and | F | = q there exists a code C ⊆ F n

with d(C ) = d and
qn
| C | ≥ d −1 n .
∑i=0 ( i )(q − 1)i

qn
Proof. We show that if d(C ) ≥ d and |C | < for C ⊆ F n , then there
∑id=−01 ( i )(q−1)i
n

is c0 ∈ F n \ C such that d(C ∪ {c0 }) ≥ d. So starting with two elements from F n

with distance d, we can keep adding suitable elements until we reach a code C as
claimed in the theorem.
It remains to prove the existence of the element c0 . Recall that ∑id=−01 (ni)(q − 1)i
is the volume of the Hamming ball with radius d − 1. Thus the inequality
|C | ∑id=−01 (ni)(q − 1)i < qn shows that the balls with radius d − 1 around the el-
ements from C do not cover F n . Thus there is an element c0 ∈ F n which has
distance > d − 1 from all code words in C.
If F is a field, then an easy modification of the proof allows to assume that C is a
linear code. However, in the linear case we can use a different argument and obtain
a slightly better lower bound.

23
 Lemma 2.38. For 1 ≤ d ≤ n and a prime power q assume that

d −2 
n−1

∑ i
( q − 1)i < q n − k .
i =0

Then there are n elements in Fnq −k such that any d − 1 of them are linearly indepen-
dent.

Proof. Let v1 , v2 , . . . , vm ∈ Fnq −k be m elements such that any d − 1 of them are

linearly independent. We count the number of linear combinations of these
vectors where at most d − 2 of the coefficients are non-zero. If there are ex-
actly i nonzero coefficients, then there are (mi)(q − 1)i possibilities. Thus if
∑id=−02 ( i )(q − 1)i < qn−k , then there is an element v ∈ Fnq −k which is not a lin-
m

ear combination of d − 2 of the vectors v1 , v2 , . . . , vm . Thus any d − 1 of the m + 1

vectors v1 , v2 , . . . , vm , v are linearly independent.
Thus as long as m ≤ n − 1, we can keep adding vectors. We obtain the claim.

Theorem 2.39 (Varshamov). For 1 ≤ d ≤ n and a prime power q there exists a

linear code C ⊆ Fnq such that d(C ) ≥ d and
& !'
d −2 
n−1

dim C ≥ n − logq 1+ ∑ i
( q − 1)i .
i =0

l  m
Proof. Set k = n − logq 1 + ∑id=−02 (n−i 1)(q − 1)i . Then k ≤ n −
 
logq 1 + ∑id=−02 (n−i 1)(q − 1)i and therefore 1 + ∑id=−02 (n−i 1)(q − 1)i ≤ qn−k , so
n −1
∑id=−02 ( i )(q − 1)i < qn−k .
By the previous lemma there exist n vectors v1 , v2 , . . . , vn ∈ Fqn−k such that no
d − 1 of them are linearly independent. Then

C = {(c1 c2 . . . cc ) | c1 v1 + c2 v2 + · · · + cn vn = 0}

has the required properties, for clearly d(C ) ≥ d, and as kernel of the linear map
Fnq → Fnq −k , (c1 c2 . . . cc ) 7→ c1 v1 + c2 v2 + · · · + cn vn we have dim C ≥ n − (n −
k ) = k.
The following graphics show some of our upper bounds and the Gilbert lower
bound for n = 100 and q = 2, 3 and 10.

24
25
2.13 Problems
Problem 2.40. Describe the perfect codes C ⊆ F n witch d(C ) = n.
(Hint: Use Problem 1.16.)

Problem 2.41. For q = 2 and e = 3 determine all possibilities of n, such that

n
∑ie=0 ( i )(q − 1)i divides qn .

Problem 2.42. Suppose that C ⊆ F n is a perfect code, where q = | F | is a prime

power. Show that |C | is a power of q.
qn
(Hint: Show that q − 1 divides |C| − 1 and use the following easy fact from elemen-
tary number theory. If k, `, a are positive integers with a ≥ 2, such that ak − 1 divides
a` − 1, then k divides `.)

Problem 2.43. C ⊆ F n be a perfect code with minimum distance d(C ) = 2e + 1,

where | F | = 2. Show that e + 1 divides n + 1.
(Hint: This does not follow from the sphere packing condition. A possible approach
is as follows: Write F = {0, 1} and suppose that (00 . . . 0) ∈ C. Let B be the set of
elements from F n which are 1 in the first e positions, and have exactly one 1 in the
remaining n − e positions. Study how the elements from B are distributed on the
balls Be (c), c ∈ C.)

Problem 2.44. (a) Show that n = 11, d = 5, q = 15 is a solution of the sphere

packing condition for perfect codes.

(b) Show that nevertheless there is no perfect code with these parameters.
(Hint: Use a suitable bound.)

26
Problem 2.45. Let x1 , x2 , . . . , xn be distinct elements of the finite field Fq , so q ≥ n.
Pick 1 ≤ d ≤ n.

(a) Show that the rows of  

1 ··· 1

 x1 ··· xn 


 x12 ··· xn2 

 .. .. 
 . . 
x1n−d · · · xnn−d
generate an (n, n − d + 1, d) Reed-Solomon code.

(b) Show that the rows of  

1 ··· 1 0

 x1 ··· xn 0 


 x12 ··· xn2 0 

 .. .. 
 . . 
x1n−d · · · xnn−d 1
generate an (n + 1, n − d + 1, d + 1) MDS-code. So there are MDS codes with
q < n.

(c) Now let q be a power of 2. Show that the rows of

 
1 ··· 1 0 0
 x1 · · · xn 1 0 
x12 · · · xn2 0 1

generate an (n + 2, 3, n) MDS-code.

Problem 2.46. Euler’s thirty-six officers problem from 1782 asks the following:

Suppose that there are six regiments, each of these consisting of six offi-
cers of different ranks. Can we arrange these 36 officers in a 6 × 6 square
such that each regiment and each rank appears exactly once in each row
and column?

(a) Show that there is a solution if and only if there is an MDS-code C ⊆ F4 with
|C | = 36 and | F | = 6.

(b) Show that there is no such MDS-code, so Euler’s question is negative.

(Remark: There is no known easy proof without using a computer.)

Problem 2.47. Show that for linear codes, the Griesmer bound is at least as strong
as the Singleton bound.

27
Problem 2.48. Suppose that there are Hadamard matrices of sizes m and n. Show
that there is a Hadamard matrix of size mn.
(Hint: For H = (hij ) and H 0 consider the block matrix where the block in position
(i, j) is hij H 0 .)
Problem 2.49. Let C ⊆ F n be a code, and | F | = q.
|C |
(a) Show that for each 0 ≤ i ≤ n there is a code C 0 ⊆ F n−i with |C 0 | ≥ qi
and
d(C 0 )
≥ d ( C ).
|C |
(Hint: Fix i positions. Show that a pattern at these positions occurs at least qi
times.)

(b) (Extended Plotkin bound) Set d = d(C ). Then for any i with 0 ≤ i ≤ n and
dqi
d − (n − i )(1 − 1q ) > 0 the following holds: |C | ≤ .
d−(n−i )(1− 1q )

(c) Show that the Reed-Muller code RM(1, 5), a linear (32, 6, 16) code, is the largest
possible binary (not necessarily linear) code of length 32 and minimum dis-
tance ≥ 16.
Problem 2.50. Let A2 (n, d) be the largest size of a binary code of length n and with
minimum distance ≥ d.
(a) Show that A2 (n, 2e) = A2 (n − 1, 2e − 1).

(b) Can (a) help in applying the Plotkin (or other) bound?
Problem 2.51. Set F = {0, 1, 2, 3, 4, 5}. Suppose that there is a perfect code C ⊆
F7 with d(C ) = 3. Let C 0 ⊆ F4 be the set of those tuples (u v w x ) such that
(0 0 0 u v w x ) ∈ C. Show that C 0 is an MDS code with |C 0 | = 36 and d(C 0 ) = 3.
(Hint: Show that each 5-tuple ( f 1 f 2 . . . f 5 ) can be completed to a code word ( f 1 f 2 . . . f 7 ) ∈
C.)
Problem 2.52. Set q = | F | and pick δ, ρ with δ > 1 − 1q and ρ > 0. Show that there
are only finitely many n ∈ N for which there is a code C ⊆ F n such that d(C ) ≥ δn
and logq (|C |) ≥ ρn.

3 Duality
3.1 The dual code
Let F be a field. We consider the standard symmetric bilinear form on F n , which is
defined by
n
hu|vi = ∑ ui vi ,
i =1

28
where u = (u1 u2 . . . un ) and v = (v1 v2 . . . vn ). Note that this form is not degener-
ate, that means if v 6= 0, then there is a vector u with hu|vi 6= 0.
For a subset C of F n set

C ⊥ = {u | u ∈ F n , hu|ci = 0 for all c ∈ C }.

Clearly C ⊥ is a subspace of F n . The most important case for us is when C is a

subspace of F n . If F = R, then we know from linear algebra that then F n = C ⊕ C ⊥ .
Here, however, we will be mainly interested in the case that F is a finite field. Then
it need not be true anymore that C ∩ C ⊥ = {0}. In fact, we will see later that codes
C ≤ Fnq with C = C ⊥ will play a prominent role. If C ≤ Fnq is a code, then we will
call C ⊥ the dual code.

Lemma 3.1. Let C ≤ F n be a subspace. Then

(a) dim C + dim C ⊥ = n.

(b) (C ⊥ )⊥ = C.

Proof. Set k = dim C, and let M be the (k × n)–matrix whose rows are a basis of
C. Then by definition C ⊥ consist of those vectors v where Mvt = 0. So C ⊥ is the
kernel of the linear map F n → F k , v 7→ Mvt . This map is surjective, because M
has rank k. The dimension formula gives (a).
By definition C ⊆ (C ⊥ )⊥ . On the other hand dim(C ⊥ )⊥ = n − dim C ⊥ = n −
(n − dim C ) = dim C. This yields (b).

Remark 3.2. We see that by definition, the dual code of a Hamming code is a
simplex code.

3.2 Linear characters of finite groups

Let ( G, +) be a (not necessarily abelian) group, and let C? be the multiplicative
group of the complex numbers. A character is a homomorphism χ : G → C? , so
χ( g + h) = χ( g)χ(h) for all g, h ∈ G. We say that G is trivial if χ( g) = 1 for all
g ∈ G. Note that χ(0) = χ(0 + 0) = χ(0)χ(0), hence χ(0) = 1. Somewhat less
obvious is

Lemma 3.3. Let χ : G → C? be a character of the finite group G. Then

(a) χ(− g) = χ( g) for all g ∈ G.

29
 (b) (
| G |, if χ is trivial
∑ χ( g) = 0, if χ is non-trivial
g∈ G

Proof. (a) From 1 = χ(0) = χ(− g + g) = χ(− g)χ( g) we get χ(− g) = 1/χ( g). As
G is a finite group, there is n ∈ N such that ng = 0. So 1 = χ(ng) = χ( g)n . We
see that χ( g) is an n-th root of unity, so in particular χ( g)χ( g) = 1 and the claim
follows.
(b) The assertion is clear if χ is trivial. Thus assume that χ is non-trivial. So there
is h ∈ G which χ(h) 6= 1. Set S = ∑ g∈G χ( g). If g runs through G, then h + g runs
trough G as well. We obtain

S= ∑ χ(h + g) = ∑ χ(h)χ( g) = χ(h)S,

g∈ G g∈ G

hence S = 0 as χ(h) 6= 1.

Lemma 3.4. Let F be the ring Z/qZ for q ≥ 2, or a finite field.

Then ( F, +) has a non-trivial character χ with the following additional property: For
each 0 6= b ∈ F there is a ∈ F with χ(ba) 6= 1.

Proof. Suppose that F = Z/qZ. Let ζ = e2πi/q be a primitive q-th root of unity.
Then for g = j + qZ set χ( g) = ζ j . This is well-defined, and defines a nontrivial
character on F with χ( g) = 1 if and only if g = 0. So in particular χ(ba) 6= 1 for
b 6= 0 and a = 1.
Next suppose that F is a finite field. Let p be the characteristic of F, so F contains
the prime field F p . By (a), there is a non-trivial character χ0 on (F p , +). Now F
is a vector space over F p , so there is a surjective linear map ψ : F → F p . Then
χ = χ0 ◦ ψ is a non-trivial character on F. As χ is not trivial, there is c ∈ F with
χ(c) 6= 1. So χ(ba) 6= 1 for b 6= 0 and a = b−1 c.

Remark 3.5. (a) In group theory, a character as defined here is called a linear
character. In general a character is defined as χ( g) = trace(φ( g)), where
φ : G → GLn (C) is a homomorphism. Note that in this case χ need not
be a homomorphism anymore. For finite abelian groups, one can show
that any character is built from linear characters, so there is little point in
considering non-linear characters.

(b) In number theory characters of finite abelian groups play a prominent

role, for instance in the proof of Dirichlet’s theorem about primes in

30
 arithmetic progressions.

(c) Any finite abelian group of order ≥ 2 has a non-trivial linear character,
see Problem 3.41. However, we cannot drop the assumption that G is
abelian: As G/ ker χ is isomorphic to a subgroup of the abelian group
C? , we see that ker χ contains the derived subgroup (syn. commutator
subgroup) G 0 . So if G = G 0 , which happens for instance for the alternat-
ing group Alt5 , there is no non-trivial linear character.

(d) If χ is a non-trivial character of the finite field F, then of course the

additional property is automatically satisfied. This is not true if F is
not a field. Take e.g. F = Z/4Z, and define χ( j + 4Z) = (−1) j . Then
χ(2a) = 1 for all a ∈ F.

In the next three sections F will be a finite field Fq , or the residue ring Z/qZ
for some q ≥ 2, respectively. Suppose that F = Z/qZ. We consider F n as an
additive group, and like in the case that F is a field we define the bi-additive function
F n × F n → F which sends the pair u = (u1 u2 . . . un ), v = (v1 v2 . . . vn ) to hu|vi =
∑ ui vi . For v ∈ F n , let w(v) be the number of non-zero components vi . So d(u, v) =
w ( u − v ).
The main technical lemma to be used in the next three sections is

Lemma 3.6. Let z be a polynomial variable over C, and F be the residue class ring
Z/qZ for some q ≥ 2, or a finite field of order q. Then ( F, +) has a character χ such
that for all n ∈ N and u ∈ F n the following holds:

∑n zw(v) χ(hu|vi) = (1 − z)w(u) (1 + (q − 1)z)n−w(u) .

v∈ F

Proof. Let χ be a character of ( F, +) such that for each 0 6= b ∈ F there is a ∈ F

with χ(ba) 6= 1. Such a character exists by Lemma 3.4.
For a ∈ F set w( a) = 1 if a 6= 0, and w( a) = 0 otherwise. Thus w(v) = w(v1 ) +
w(v2 ) + · · · + w(vn ) for v = (v1 v2 . . . vn ) ∈ F n .
Write u = (u1 u2 . . . un ), so hu|vi = u1 v1 + u2 v2 + · · · + un vn . We compute

∑n zw(v) χ(hu|vi) = ∑ χ(u1 v1 + u2 v2 + · · · + un vn )zw(v1 )+w(v2 )+···+w(vn )

v∈ F v1 ,v2 ,...,vn ∈ F

= ∑ (χ(u1 v1 )zw(v1 ) )(χ(u2 v2 )zw(v2 ) ) . . . (χ(un vn )zw(vn ) )

v1 ,v2 ,...,vn ∈ F
n
=∏ ∑ χ ( ui a ) z w( a)
i =1 a ∈ F

It remains to compute the terms ∑ a∈ F χ(ui a)zw(a) . Recall that w( a) = 1 if a 6= 0,

31
 and w(0) = 0. This yields

∑ χ ( u i a ) z w ( a ) = 1 − z + ∑ χ ( u i a ).
a∈ F a∈ F

Note that F → F, a 7→ ui a is additive, so a 7→ χi ( a) = χ(ui a) is a character of

(Fq , +). By the choice of χ we see that χi is non-trivial if and only if ui 6= 0.
Lemma 3.3 then yields
(
1 − z, if ui 6= 0
∑ χ(ui a)zw(a) = 1 + (q − 1)z, if u = 0.
a∈ F i

So in the product, the factor 1 − z appears w(u) times, and the remaining n − w(u)
factors equal 1 + (q − 1)z.
Let C ⊆ F n be a code. For x ∈ F n and 0 ≤ i ≤ n we let Ai ( x) be the number of
code words c ∈ C with d( x, c) = i. Several results in the following sections depend
on

Lemma 3.7. Let z be a polynomial variable over C, and F be the residue class ring
Z/qZ for some q ≥ 2, or a finite field of order q. Let χ be a character as in the
previous lemma.
Let C ⊆ F n be a code, x ∈ F n , and Âi ( x) be the coefficient of zi in
n
∑ Ai (x)(1 − z)i (1 + (q − 1)z)n−i .
i =0

Then !
Âi ( x) = ∑ χ(h x|vi) ∑ χ(hc|vi) .
v∈ Fn c∈C
w(v)=i

Proof. As F is a ring, we have d(c, x) = w(c − x). Clearly

n
∑ Ai (x)(1 − z)i (1 + (q − 1)z)n−i = ∑ (1 − z)w(c−x) (1 + (q − 1)z)n−w(c−x) .
i =0 c∈C

Using the previous lemma, the bi-additivity of the form h·|·i, and χ(− g) = χ( g),

32
 we compute the right hand side:

∑ (1 − z)w(c−x) (1 + (q − 1)z)n−w(c−x) = ∑ ∑n zw(v) χ(hc − x|vi)

c∈C c∈C v∈ F
= ∑ ∑n zw(v) χ(hc|vi)χ(−hx|vi)
c∈C v∈ F
!
= ∑ z w(v)
χ(h x|vi) ∑ χ(hc|vi)
v∈ Fn c∈C

The coefficient of zi arises from summing over those v ∈ F n with w(v) = i. The
claim follows.

3.3 The MacWilliams identity

Let C ≤ Fnq be a linear code. We set Ai = Ai (0), so Ai is the number of code words
of weight i. One calls the sequence A0 , A1 , . . . , An the weight distribution of C. Note
that A0 = 1, A0 + A1 + · · · + An = |C |, and A1 = A2 = . . . Ad−1 = 0 for d = d(C ).
Let z be a variable over C. For nice codes it will turn out that the generating
function (which is a polynomial of degree at most n in this case) AC (z) = ∑in=1 Ai zi
often has a nice closed form. AC (z) is called the weight enumerator of C. Clearly

n
AC (z ) = ∑ Ai zi = ∑ z w(c) .
i =1 c∈C

The weight enumerator of a code has several important applications. In this sec-
tion we will prove the surprising result by MacWilliams that for linear codes C, the
weight enumerator of C ⊥ can be computed in terms of the weight enumerator of C.
For another application of weight enumerators see Problem ???.
Before stating and proving the MacWilliams Identity, we show how characters can
be used to check if a vector lies in the dual of a code.

Lemma 3.8. Let C ≤ Fnq be a linear code, and χ : Fq → C? a non-trivial character.

Then, for all v ∈ Fnq ,
(
| C |, v ∈ C ⊥
∑ χ (h c | v i) =
0, v∈/ C⊥
c∈C

Proof. The assertion is clear if v ∈ C ⊥ . Thus assume that v ∈ / C ⊥ . Then there is

c ∈ C with hc|vi 6= 0, and by linearity of the scalar product in the first component,
we see that ψ : C → Fq , ψ(c) = hc|vi, is surjective. But then χ ◦ ψ : C → C? , c 7→
χ(hc|vi), is a non-trivial character, and the claim follows from Lemma 3.3.

33
 Theorem 3.9 (MacWilliams). Let C ≤ Fnq be a linear code with weight enumerator
A(z) = ∑in=0 Ai zi . Then the weight enumerator A⊥ (z) of the dual code C ⊥ is given
by
1 n
A⊥ (z) = ∑
| C | i =0
A i (1 − z ) i (1 + ( q − 1) z ) n −i .

Proof. We apply Lemma 3.7 with x = 0, hence χ(h x|vi) = 1. So the coefficient of
zi in
n
∑ A i (1 − z ) i (1 + ( q − 1) z ) n −i
i =0
is
∑n ∑ χ(hc|vi).
v∈ F c∈C
w(v)=i

By the previous lemma, this inner sum is |C | if v ∈ C ⊥ , and 0 otherwise. So this

sum simplifies to
|C | ∑ = |C | Ai⊥ ,
v∈C ⊥
w(v)=i

where A0⊥ , A1⊥ , . . . , A⊥ ⊥

n is the weight distribution of C .

Remark 3.10. The MacWilliams Identity can also be written as

(1 + ( q − 1) z ) n 1−z
 
⊥
A (z) = A .
|C | 1 + ( q − 1) z

Example 3.11. The MacWilliams identity can be used for instance to compute
q m −1
the weight enumerator of the Hamming codes. Set n = q−1 , and let C be the
(n, n − m, 3) Hamming code over Fq . Then we know that the dual code C ⊥ is
the (n, m, qm−1 ) Simplex code. Let A(z) and A⊥ (z) be the weight enumerators
of C and C ⊥ , respectively. Since all nonzero codewords in C ⊥ have weight
qm−1 , we have
m −1
A ⊥ ( z ) = 1 + ( q m − 1) z q .

34
 The MacWilliams identity and C = (C ⊥ )⊥ then yield

A(z) = ( A⊥ )⊥ (z)
 q m −1 !
(1 + ( q − 1) z ) n 1−z

m
= 1 + ( q − 1)
qm 1 + ( q − 1) z
q m −1 q m −1 −1
 
1 m q m −1
= m (1 + ( q − 1) z ) q − 1 + (q − 1)(1 − z) (1 + ( q − 1) z ) q − 1 .
q

Expanding in powers of z then yields very messy expressions for the coef-
ficients Ai . Without duality and the relation to the simplex code, it would
certainly have been very difficult to compute the weight enumerator of a Ham-
ming code.

3.4 The Linear Programming Bound

The MacWilliams Identity has a surprising consequence. As the weight enumerator
of the dual code C ⊥ of a linear code C of course has non-negative coefficients, we
obtain that the coefficients of ∑in=0 Ai (1 − z)i (1 + (q − 1)z)n−i are non-negative. This
yields linear inequalities of the numbers Ai , which are non-negative as well. If
d = d(C ), then in addition to A0 = 1 we have A1 = A2 = · · · = Ad−1 = 0. These
restrictions allow to bound |C | = A0 + A1 + · · · + An from above. It turns out that
the bounds one obtains this way in general are much better than the upper bounds
we have developed so far.
What is even more surprising is that we can obtain the same bounds for non-linear
codes, despite the fact that for non-linear codes there are no good notions of duality.
In order to do so, we introduce the distance distribution and the distance enumerator
polynomial.

Definition 3.12. Let F be a finite set of order ≥ 2, and C ⊆ F n be a code. For

0 ≤ i ≤ n let |C | Bi be the number of pairs c1 , c2 ∈ C with d(c1 , c2 ) = i. Then
B0 , B1 , . . . , Bn is the distance distribution of C, and the distance enumerator of C is
the polynomial
n
1
B(z) = ∑ Bi zi = ∑ zd(c1,c2 ) .
i =0
| C | c ,c ∈C
1 2

Remark 3.13. We record a few simple facts, some of which we use without
further notice:

(a) B0 = 1 and |C | = B0 + B1 + · · · + Bn .

35
 1
(b) Bi = |C | ∑ x ∈ C A i ( x ).

(c) If C is linear, then Ai = Bi for all i, and A(z) = B(z). Note that for
non-linear codes, Bi need not be integral.

Theorem 3.14 (Delsarte). Let C ⊆ F n be a code with distance enumerator B(z) =

∑in=0 Bi zi and | F | = q ≥ 2. Then the coefficients of
n
∑ Bi (1 − z)i (1 + (q − 1)z)n−i
i =0

are non-negative.

Proof. Without loss of generality we may assume that F = Z/qZ. Let B̂i be the
coefficient of zi in ∑in=0 Bi (1 − z)i (1 + (q − 1)z)n−i . From |C | Bi = ∑ x∈C Ai ( x) we
get |C | B̂i = ∑ x∈C Âi ( x), so

|C | B̂i = ∑ Âi ( x)
x∈C
!
= ∑ ∑ χ(h x|vi) ∑ χ(hc|vi) (by Lemma 3.7)
x∈C v∈ F n c∈C
w(v)=i
!
= ∑ ∑ χ(hx|vi) ∑ χ(hc|vi)
v∈ Fn x∈C c∈C
w(v)=i
 2
 
= ∑  ∑ χ(hc|vi)
 
v∈ Fn
 c∈C 
w(v)=i

≥0

For later use we record an important corollary of the previous proof

Lemma 3.15. Let C ⊆ F n be a code with distance enumerator B(z) = ∑in=0 Bi zi and
| F | = q ≥ 2. If the coefficient of zi in
n
∑ Bi (1 − z)i (1 + (q − 1)z)n−i
i =0

36
 is 0, then for each x ∈ F n the coefficient of zi in
n
∑ Ai (x)(1 − z)i (1 + (q − 1)z)n−i
i =0

is 0 too.

Proof. In the notation of the proof of the previous theorem assume that B̂i = 0.
The proof then shows that
∑ χ(hc|vi) = 0
c∈C

for each v ∈ F n with w(v) = i. The claim then follows from Lemma 3.7.
We can slightly rephrase Delsarte’s Theorem. To do so, let Kk (i ) be the coefficient
of zk in (1 − z)i (1 + (q − 1)z)n−i . Then Delsarte’s Theorem says that ∑in=0 Bi Kk (i ) ≥ 0
for all 0 ≤ k ≤ n. Note B1 = B2 = · · · = Bd−1 = 0 for d = d(C ). Together with
B0 = 1 and |C | = B0 + B1 + · · · + Bn we get

Theorem 3.16 (Linear Programming Bound). C ⊆ F n be a code with d = d(C ),

| F | = q, and Kk (i ) be the coefficient of zk in (1 − z)i (1 + (q − 1)z)n−i . Choose
bd , bd+1 , . . . , bn ∈ R such that b = bd + bd+1 + · · · + bn is maximal subject to the
following restrictions:

bi ≥ 0 for all d ≤ i ≤ n, and

n
∑ i = d bi K k ( i ) ≥ −Kk (0) for all 0 ≤ k ≤ n.

Then |C | ≤ b + 1.

The problem here is that it is difficult to determine the maximum b. In fact,

while one can compute numerically this maximum for small values of n and q, it is
unknown in general. However, one can compute more easily upper bounds for the
maximum. This is based on the easy concept of duality of linear programs.
In the following we consider real column vectors. For a, b ∈ Rn we write a ≥ b if
a − b has no negative entries.

Definition 3.17 (Linear Program). Let m, n ∈ N, A ∈ Rm×n be a real m × n

matrix, b ∈ Rm , and c ∈ Rn . A linear programs asks for the maximum of ct x
for x ∈ Rn with x ≥ 0 and Ax ≤ b.

It may happen that there is no solution x at all. In this case one says that the
linear program is infeasible. It may also happen that there is no upper bound for ct x
for all solutions x, so the maximum is ∞. In this case the linear program is said to

37
unbounded.
In our case, it is easy to see that the previous theorem yields a linear program. Of
course it is feasible, because for instance bd = bd+1 = · · · = bn = 0 is a solution, and
Kk (0) ≥ 0.
It is less clear that the linear program is bounded. To show that, and in order to
obtain upper bounds for ct x, one considers the so-called dual linear program:

Theorem 3.18 (Weak Duality Theorem). With the notation from the previous def-
inition, suppose that there is y ∈ Rm with y ≥ 0 and At y ≥ c. Then ct x ≤ bt y for
each solution x of the original linear program.

Proof. This follows immediately from

ct x = xt c ≤ xt ( At y) = ( Ax)t y ≤ bt y.

By a suitable (yet very technical) choice of the vector y, one can use this theorem
for instance to retrieve the Singleton bound from Theorem 3.16. So this Theorem
is at least as strong as the Singleton bound. Other (more complicated) choices of
y yield the Hamming bound or the Plotkin bound. This already indicates that the
linear programming bound, despite its difficulty to actually use it, is a very strong
bound.
By applying the Weak Duality Theorem 3.18 in order to bound the maximum b
in Theorem 3.16 one does not loose anything. This follows from the Strong Duality
Theorem: If the linear program in Definition 3.17 is feasible and bounded, then there
exists a solution y in Theorem 3.18. Choose y such that bt y is minimal, and choose
x such that ct x is maximal. Then ct x = bt y. For a proof see any book about linear
programming or linear optimization.

3.5 The Covering Radius

Let C ⊆ F n be a code. The covering radius r (C ) of C is the smallest r ≥ 0 such that
d(C )−1
the Hamming balls of radius r around the code words cover F n . Clearly, [ 2 ] ≤
r (C ) ≤ n. Also, if C is perfect with minimum distance 2e + 1, then r (C ) = e.

Definition 3.19 (MacWilliams transformation). Let n ∈ N and q ∈ C be fixed.

For A(z) = a0 + a1 z + · · · + an zn ∈ C[z] we define the MacWilliams transforma-
tion Â(z) by Â(z) = ∑in=0 ai (1 − z)i (1 + (q − 1)z)n−i . Note that A 7→ Â is a
linear map from the vector space of polynomials of degree ≤ n to itself.

38
Lemma 3.20. ˆ (z) = qn A(z). In other words, if
n n
∑ a i (1 − z ) (1 + ( q − 1) z )
i n −i
= ∑ bi z i ,
i =0 i =0

then
n n
∑ bi ( 1 − z ) i ( 1 + ( q − 1 ) z ) n − i = q n ∑ a i z i .
i =0 i =0

1− z
Proof. Clearly Â(z) = (1 + (q − 1)z)n A(ρ(z)) with ρ(z) = 1+(q−1)z
. Now
ρ(ρ(z)) = z, so

ˆ (z) = (1 + (q − 1)z)n Â(ρ(z)) = (1 + (q − 1)z)n (1 + (q − 1)ρ(z))n A(z) = qn A(z).

Lemma 3.21. Suppose that q 6= 0. Let I ⊆ {0, 1, . . . , n} and ai ∈ C for i ∈ I.

Suppose that not all ai vanish. Then at least one of the coefficients of z0 , z1 , . . . , z| I |−1
in ∑i∈ I ai (1 − z)i (1 + (q − 1)z)n−i does not vanish.

Proof. Suppose wrong. Then

n
∑ a i (1 − z ) i (1 + ( q − 1) z ) n −i = ∑ bk z k
i∈ I k=m

with m = | I | and bk ∈ C. Apply the MacWilliams transformation to obtain

n
q n ∑ ai zi = ∑ bk ( 1 − z ) k ( 1 + ( q − 1 ) z ) n − k .
i∈ I k=m

We see that 1 is an at least m–fold zero of ∑i∈ I ai zi , so 0 is a root of multiplicity

≥ m of
n  
i
∑ a i ( z + 1) = ∑ ( z ∑ k a i ).
i k
i∈ I k =0 i∈ I
We obtain  
i
∑ k ai = 0 for all 0 ≤ k ≤ m − 1.
i∈ I

So the m × m matrix with entry (ki ) in position (k, i ) is singular. Therefore there
exist a non-zero sequence c0 , c1 , . . . , cm−1 with
m −1  
i
∑ k ck = 0 for all i ∈ I.
k =0

39
 Consider the polynomial
m −1  
x
f (x) = ∑ ck
k
,
k =0

where ( xk) = x ( x − 1) · · · ( x − k + 1)/k!. Then f ( x ) has degree at most m − 1.

On the other hand, f ( x ) has the m roots i ∈ I. Hence f ( x ) is the zero polyno-
mial. But the polynomials ( xk) have pairwise distinct degrees, so they are linearly
independent. This implies ck = 0 for all k, a contradiction.

Theorem 3.22. Let C ⊆ F n be a code with distance enumerator B(z) = ∑in=0 Bi zi

and | F | = q ≥ 2. Let r be the number of non-zero coefficients of z, z2 , . . . , zn in
n
∑ Bi (1 − z)i (1 + (q − 1)z)n−i .
i =0

Then r (C ) ≤ r.

Proof. Pick x ∈ F n . Again, let Ai ( x) be the number of c ∈ C with d( x, c) = i.

Define Âi ( x) via
n n
∑ Âi ( x)zi = ∑ Ai (x)(1 − z)i (1 + (q − 1)z)n−i .
i =0 i =0

Then, by Lemma 3.20,

n n
1
∑ Ai ( x ) zi =
qn ∑ Âi (x)(1 − z)i (1 + (q − 1)z)n−i .
i =0 i =0

By Lemma 3.15, at most r of the numbers Âi ( x), 1 ≤ i ≤ r, are non-zero. So

including Â0 ( x), at most r + 1 of these numbers are non-zero. Of course, not all
Âi ( x) vanish. So we may apply Lemma 3.21 which tells us that at least one of the
coefficients A0 ( x), A1 ( x), . . . , Ar ( x) does not vanish. But that means that there is
a code word c ∈ C with d( x, c) ≤ r. As x was arbitrary, the claim follows.

Corollary 3.23. Let C ≤ Fnq be a linear code, and let r be the number of different
weights which appear in the dual code C ⊥ . Then r (C ) ≤ r.

Proof. By MacWilliams Theorem 3.9, the sequence of the coefficients of ∑in=0 Bi (1 −

z)i (1 + (q − 1)z)n−i is, up to a constant factor 6= 0, the weight distribution of the
dual code C ⊥ . The claim then follows from the previous theorem.

40
3.6 Perfect Codes, Part 2 (Lloyd’s Theorem)

As we have seen in Section 2.3, it has been impossible so far to use the sphere packing
condition in order to determine the potential parameters of a perfect code. Using
the techniques from the previous section, it is possible to prove a more technical, but
yet more useful condition on the parameters of a perfect code.

This criterion is most easily expressed in terms of the Krawtchouk polynomials.

Definition 3.24. For 0 ≤ k ≤ n and q ∈ C let

k
n−x
  
x
Kk ( x; n, q) = ∑ (−1) j
( q − 1) k − j
j =0
j k − j

be the k-th Krawtchouk polynomial over C.

If q and n are fixed, the we simply write Kk ( x ) instead of Kk ( x; n, q). Here ( xj) is
the polynomial x ( x − 1) . . . ( x − j + 1)/j!.

Lemma 3.25. Suppose that q 6= 0. Then the following holds:

(−q)k
(a) Kk ( x ) has degree k, with leading term k! .

(b) (1 − z)i (1 + (q − 1)z)n−i = ∑∞ k

k =0 K k ( i ) z .

Proof. (a) As ( xj) and (nk− x

− j ) have degrees j and k − j, we see that the degree of
Kk ( x ) is at most k. The claim then follows from checking that the coefficient of zk
does not vanish:
k k− j (−1)k k k
 
(−q)k
j 1 (−1)
∑ (− 1 )
j! (k − j)!
( q − 1 ) k− j
=
k! j∑ j
( q − 1 ) k− j
=
k!
j =0 =0

41
 (b) We compute

∞ ∞ k
n−i
  
i
∑ Kk (i)z = ∑ ∑ (−1) j k − j (q − 1)k− j zk
k j

k =0 k =0 j =0
∞  ∞ 
n−i

j i
= ∑ (−1) ∑ k − j ( q − 1) k − j z k
j =0
j k= j
∞ ∞ 
n−i
  
j i
= ∑ (−1) ∑ k ( q − 1) k z k + j
j =0
j k =0
∞ 
i j
= ∑ (−1) j z (1 + ( q − 1) z ) n −i
j =0
j
= (1 − z ) i (1 + ( q − 1) z ) n −i .

An immediate corollary from part (b) and Lemma 3.6 is

Lemma 3.26. Let F be the residue class ring Z/qZ for some q ≥ 2. Then ( F, +) has
a character χ such that for all n ∈ N, u ∈ F n and 0 ≤ k ≤ n the following holds:

∑ χ(hu|vi) = Kk (w(u)).
v∈ Fn
w(v)=k

Lemma 3.27. Let C ⊆ F n be a perfect code with | F | = q and minimum distance

2e + 1. Set Ψe ( x ) = ∑ek=0 Kk ( x ). Let B0 , . . . , Bn be the distance distribution of C.
Define B̂i by
n n
∑ B̂i zi = ∑ Bi (1 − z)i (1 + (q − 1)z)n−i .
i =0 i =0
Then
Ψe (i ) B̂i = 0 for 1 ≤ i ≤ n.

Proof. Let S be the set of v ∈ F n with w(v) ≤ e. As C is perfect, every vector

v ∈ F n has a unique representation v = s + c with s ∈ S, c ∈ C. In particular, for
any fixed u ∈ F n , we have

∑ χ(hu|vi) = ∑ χ(hu|s + ci) = ∑ χ(hu|si)χ(hu|ci) = ∑ χ(hu|si) ∑ χ(hu|ci)

v∈ Fn s∈S,c∈C s∈S,c∈C s∈S c∈C

42
The previous Lemma shows that
e
∑ χ(hu|si) = ∑ ∑ χ(hu|vi) = Ψe (w(u)).
s∈S k =0 v ∈ F n
w(v)=k

From now on assume that u 6= 0. Setting z = 1 in Lemma 3.6 yields

∑n χ(hu|vi) = 0.
v∈ F

We obtain
0 = Ψe (w(u)) ∑ χ(hu|ci), (5)
c∈C
The proof of Theorem 3.14 shows that

1
B̂i =
|C | ∑n | ∑ χ(hv|ci)|2.
v∈ F c∈C
w(v)=i

Suppose that B̂i 6= 0 for i ≥ 1. Then there is an element u ∈ F n with w(u) = i and
χ(hu|ci) 6= 0, hence Ψe (w(u)) = 0 by (5).

Lemma 3.28. ∑ek=0 Kk ( x; n, q) = Ke ( x − 1; n − 1, q) for all n ≥ 1, 0 ≤ e ≤ n.

Proof. Pick 1 ≤ i ≤ n. Using generating functions we see that

∞ e ∞
∑ ( ∑ Kk (i; n, q))ze = (1 + z + z2 + . . . ) ∑ Ke (i; n, q)ze
e =0 k =0 e =0
1
= (1 − z ) i (1 + ( q − 1) z ) n −i
1−z
= (1 − z)i−1 (1 + (q − 1)z)(n−1)−(i−1)
∞
= ∑ Ke (i − 1; n − 1, q)ze .
e =0

We see that the polynomials ∑ek=0 Kk ( x; n, q) and Ke ( x − 1; n − 1, q) coincide in

x = 1, 2, 3, . . . , n. Furthermore, by Lemma 3.25, they have the same leading term,
so their difference has degree ≤ e − 1. But a polynomial of degree ≤ e − 1 with at
least n ≥ e roots is 0, and the claim follows.

Theorem 3.29 (LLoyd). Let C ⊆ F n be a perfect code with | F | = q and d(C ) =

2e + 1. Then Ke ( x − 1; n − 1, q) has e distinct integral roots in the interval [1; n].

43
 Proof. As C is perfect with minimum distance 2e + 1, we see that r (C ) = e. By
Theorem 3.22, at least e of the elements B̂1 , B̂2 , . . . , B̂n from Lemma 3.27 do not
vanish. So, Lemma 3.27 tells us that at Ψe (i ) = 0 for at least e integers 1 ≤ i ≤ n.
But Ψe ( x ) is a polynomial of degree e, hence Ψe (i ) = 0 for exactly e integers
1 ≤ i ≤ n, and these are all the roots of Ψe . The claim then follows from Lemma
3.28, as Ψe ( x ) = Ke ( x − 1; n − 1, q).

Remark 3.30. (a) The proof shows that if C is perfect with d(C ) = 2e + 1,
then exactly e of the numbers B̂1 , B̂2 , . . . , B̂n do not vanish.

(b) It is known that any Krawtchouk polynomial Kk ( x; n, q) of degree k has

k distinct real roots in the interval [0; n]. So the only extra information
provided by Lloyd’s Theorem is that these roots are integers.

Using another identity of Krawtchouk values, we can state Lloyd’s Theorem in

another form.

Lemma 3.31. Set Kk ( x ) = Kk ( x; n, q). Then

   
i n k n
( q − 1) K k ( i ) = ( q − 1) Ki ( k )
i k

for all 0 ≤ i, k ≤ n.

Proof. This follows directly from the definition of the Krawtchouk polyno-
mials and the identity (ba) = b!(aa!−b)! . Note that in evaluating Kk (i ) =
i n −i
∑kj=0 (−1) j ( j)( k− j )(q − 1)k− j , it suffices to sum from j = 0 to the minimum of k
and i.

Corollary 3.32. Let C ⊆ F n be a perfect code with | F | = q and d(C ) = 2e + 1.

Then there are exactly e indices 0 ≤ i ≤ n − 1 such that the coefficient of zi in
(1 − z)e (1 + (q − 1)z)n−1−e vanishes.

Proof. By Lloyd’s Theorem, Ke (i − 1; n, q) = 0 for exactly e integers 1 ≤ i ≤ n. The

previous lemma shows that Ke (i − 1; n, q) = 0 if and only if Ki−1 (e; n, q) = 0, and
the claim follows.

3.6.1 Application for e = 1

Let C ⊆ F n be a perfect code with d(C ) = 3, so e = 1 in Lloyd’s Theorem. We have

−1 n−1
K1 ( x − 1; n − 1, q) = x − n + . (6)
q q

44
So the necessary condition in Lloyd’s Theorem shows that q divides n − 1. This
condition cannot be obtained from the sphere packing condition, which says that
1 + n(q − 1) divides qn . (7)
It is not hard to show that there are infinitely many pairs (q, n) for which (6) holds,
but (7) does not hold; and that there are also infinitely many pairs, for which (7)
holds, but (6) does not hold. So in a sense these two conditions are independent
from each other.
It is unknown if there exist perfect codes C with d(C ) = 3 < n for which q is
not a prime power. Unfortunately, there are infinitely many pairs (q, n) for which
(6) and (7) hold, yet q is not a prime power. For example n = q + 1 fulfills both
conditions, but q = 6 is the only non prime power for which the non-existence of a
perfect (q + 1, qq−1 , 3)–code is known (see Problem ???).
If q is a prime power, then (7) implies (6): From Problem ??? we know that (7)
qk −q k −1
implies 1 + n(q − 1) = qk for some k ≥ 1. Then n − 1 = q −1 = q q q−− 1
1 , and we get
(6).

3.6.2 Application for e = 2

In this case d(C ) = 5, it is again not known if there are non-trivial perfect codes for
which q is not a prime power. If however q is a prime power, then a combination of
the sphere packing condition and Lloyd’s theorem allows us to describe the possible
parameters of a perfect code.

Theorem 3.33. Let C ⊆ F n be a perfect code with | F | = q and d(C ) = 5 ≤ n.

Suppose that q is a prime power. Then either q = 2 and n = 5, or q = 3 and n = 11.

Proof. The sphere packing condition

n ( n − 1)
1 + n ( q − 1) + (q − 1)2 divides qn
2
together with Problem ??? shows that
n ( n − 1)
1 + n ( q − 1) + ( q − 1)2 = q k (8)
2
for some k ≥ 2. We compute
2 2n − 4
2
K2 ( x − 1; n − 1, q) = x2 + (1 − 2n + ) x + c0
q q

with c0 = 2
q2
(1 + n(q − 1) + n(n2−1) (q − 1)2 ) = 2qk−2 . So Lloyd’s Theorem says that
2n − 4
x2 + (1 − 2n + ) x + 2qk−2 (9)
q

45
 has positive integral roots x1 ≥ 1 and x2 ≥ 1. Write q = p f with f ∈ N and p
a prime. As x1 x2 = 2qk−2 = 2p(k−2) f , we obtain x1 = 2p a and x2 = pb for some
a, b ≥ 0. Note that x1 6= x2 by Lloyd’s theorem. We see that either x1 /x2 ≥ 2 or
x1 /x2 ≤ 1/2 unless x1 = 2 · 3a , x2 = 3a+1 . The function z 7→ z + 1/z is convex for
z > 0, with a minimum in z = 1. This shows that
(
x1 x2 ≥ 52 , if { x1 , x2 } 6= {2 · 3a , 3a+1 }
+ is (10)
x2 x1 = 136, if { x1 , x2 } = {2 · 3a , 3a+1 }.

Note that

x1 x2 x2 + x22
+ = 1
x2 x1 x1 x2
( x + x2 )2 − 2x1 x2
= 1
x1 x2
( x + x2 )2
= 1 −2
x1 x2
(1 − 2n + 2nq−4 )2
= n ( n −1)
−2
2 2)
q 2 ( 1 + n ( q − 1 ) + 2 ( q − 1 )

x1 x2
We look at the first case x2 + x1 ≥ 25 . After some calculation we arrive at

−3(nq − n + q − 7)(n − 2)(q − 1) ≥ 0.

Now n ≥ 5 and q ≥ 2, which yields

n(q − 1) + q ≤ 7,

hence n = 5, q = 2.
x1 x2 2
It remains to look at the case p = 3, x2 + x1 = 3 + 32 . This yields the equation

(n2 q − n2 − nq − 21n − 6q + 42)(q − 1) − 4 = 0.

So q − 1 divides 4. But q is a power of 3, hence q = 3. This yields 4(n − 1)(n −

11) = 0, hence n = 11 and we are done.
ToDo: Do also the non prime power cases from Section 2.3.

3.6.3 Application for e = 3

The case e = 3 and | F | = q being a prime power is, up to a slightly lengthy compu-
tation, even easier than the case e = 2.

46
Theorem 3.34. Let C ⊆ F n be a perfect code with | F | = q and d(C ) = 7 ≤ n.
Suppose that q is a prime power. Then q = 2 and n = 7 or n = 23.

Proof. We have

−K3 ( x − 1; n − 1, q) 3(2nq − n − q + 2)(n − 3)

F(x) = 3
= x3 + c2 x2 + (3n2 − 6n + 2 − ) x + c0
q q2

with complicated coefficients c2 , c0 which we leave to the reader to compute.

Set a = n − 1 − n− 3 n −2
q and b = n − q . Then

q3 F ( a ) = (n − 3)(q − 1)(q − 2) ≥ 0
q3 F (b) = −(n − 2)(2q − 1)(q − 1) < 0

First suppose that q 6= 2. Then F ( a) > 0, F (b) < 0, so by the intermediate value
theorem, there is a real γ with F (γ) = 0 and a < γ < b. By Lloyd’s Theorem, we
have γ ∈ Z. As 0 < b − a = 1 − 1q < 1, neither a nor b can be integral. So q divides
neither n − 3, nor n − 2. On the other hand, the coefficients of F ( x ) need to be
integers, so q2 divides 3(2nq − n − q + 2)(n − 3). Recall that q is a prime power
q = p f . As p f does not divide n − 3, we get that p f +1 divides 3(2nq − n − q + 2),
so q = p f divides 2nq − n − q + 2, and then q divides n − 2, a contradiction.
Thus we know that q = 2. Here the Lloyd condition is of little help. However, the
(n+1)(n2 −n+6)
sphere packing condition shows that 1 + n + (n2 ) + (n3 ) = 6 is a power
of 2, a case handled in Problem ???.

Remark 3.35. (a) The parameters q = 3, n = 11 and q = 2, n = 23 in

the previous two theorems indeed give rise to perfect codes, the ternary
Golay code (see Section 6.2) and the binary Golay code (see Section 6.1),
respectively.

(b) The preceding theorems can be extended to any e ≥ 2, besides the two
Golay codes no non-trivial perfect codes show up. This classification
result was a joint effort by several authors in the years 1970–1973. See
[vL75] for a nice historical survey, and [vL99] for a readable proof in the
case q = 2, e ≥ 2.

(c) If one does not require q to be a prime power anymore, it is much more
difficult to show that there are no new perfect codes for e ≥ 3. (As
remarked already, the cases e = 1 and e = 2 are wide open.) In [Bes83]
Best treated the cases e ≥ 3 except for e = 6 and e = 8. Hong settled the
remaining cases e = 6 and e = 8 in [Hon84].

47
3.7 Selfdual Codes
Let C ≤ Fnq be a linear code. Recall that the dual code C ⊥ is defined as the set of
u ∈ F n with hu|ci = 0 for all c = 0. The code C is called self-dual if C = C ⊥ . As
dim C + dim C ⊥ = n, we see that self-dual codes can exist only in even dimensions
n = 2m, and then dim C = m.
If C ≤ F2n is a binary self-dual code, then in particular hc|ci = 0 for all c ∈ C, so
c has even weight. As each c ∈ C has even weight, we conclude that (1 1 . . . 1) ∈
C ⊥ = C. We summarize these two easy observations:

Lemma 3.36. Let C ≤ F2n be a binary self-dual code. Then

(a) each c ∈ C has even weight, and

(b) (1 1 . . . 1) ∈ C.

It has become customary to call a code doubly-even if all weights of the code words
are divisible by 4. Many interesting self-dual binary codes are doubly even. For later
use we state another easy lemma:

Lemma 3.37. Let C ≤ F2n be a binary linear code with C ≤ C ⊥ . Suppose that C is
generated by elements of weight divisible by 4. Then C is doubly-even.

Proof. It suffices to show that if u, v ∈ F2n have weights divisible by 4 and hu|vi =
0, then the weight of u + v is divisible by 4 too.
Let c be the number of positions where u and v have the entry 1. Let a and b be
the number of further 1’s in u and v, respectively. Then 4 divides w(u) = a + c
and w(v) = b + c, so 4 divides a + b + 2c = w(u + v) + 2c. As hu|vi = 0, we have
that c is even, and the claim follows.
Let C ≤ F2n be a binary doubly-even self-dual code. As (1 1 . . . 1) ∈ C has weight
n, we get 4 | n. A surprising consequence of the MacWilliams identity is that even
stronger 8|n.

Theorem 3.38 (Gleason). Let C ≤ F2n be a binary doubly-even self-dual code. Then
8 divides n.

Proof. Write n = 2m, so |C | = 2m . Let A(z) be the weight enumerator of C. As

C = C ⊥ , MacWilliams’ Theorem 3.9 tells us that
(1 + z ) n 1 − z
A(z) = A( ).
2m 1+z
√
Set I = −1. As I 4 = 1 and all the coefficients of zi in A(z) vanish if 4 - i, we

48
 1− z
have A(z) = A( Iz). Replacing z with 1+ z yields A( 11− z 1− z
+z ) = A ( I 1+z ), hence

(1 + z ) n 1−z
A(z) = m
A(µ(z)) with µ(z) = I . (11)
2 1+z
Note that
µ(0) = I, µ( I ) = 1, µ(1) = 0.
So setting z = 0, z = I, and z = 1 in (11) gives

1 (1 + I ) n 2n
A (0) = A ( I ) , A ( I ) = A ( 1 ) , A ( 1 ) = A (0). (12)
2m 2m 2m
Note that A(0) = 1 6= 0, so also A( I ), A(1) 6= 0. Multiplying the three equations
from (12), and noting that n = 2m, yields

(1 + I )2m (2I )m
1= = = Im.
2m 2m
However, the multiplicative order of I is 4, hence 4 | m and therefore 8 | n.

Remark 3.39. The usual proof of Gleason’s Theorem uses stronger techniques
from invariant theory, and gives a finer result about the shape of the weight
enumerator of a binary doubly-even self-dual code. See e.g. [Wil99]. We
quickly sketch the main ideas:
Let C ≤ Fnq be a linear code. It is convenient to work with a bivariate version
of the weight enumerator A( x, y) = ∑in=0 Ai xi yn−i . The MacWilliams identity
then gives the weight enumerator |C1 | ∑in=0 Ai (y − x )i (y + (q − 1) x )n−i for the
dual code. So if C is self-dual, then

y − x y + ( q − 1) x
 
A( x, y) = A √ , √ = A(( x y)U )
q q

with  
1 −1 q − 1
U= √ .
q 1 1
If we assume in addition that q = 2 and C is doubly even, then A( x, y) =
A( Ix, y), which we can express as

A( x, y) = A(( x y)V )

with  
I 0
V= .
0 1

49
 Let G ≤ GL2 (C) be the group generated by U and  V. Then  A( x, y) =
ζ 0
A(( x y) g) for all g ∈ G. One computes that (UV )3 = where ζ is a
0 ζ
primitive 8th root of unity. So A( x, y) = A(ζx, ζy), which again implies 8 | n.
This explains the background of our proof from above, which bypasses these
considerations.
Of course knowing that 8 divides n is a rather coarse information about the
weight enumerator A( x, y). Using invariant theory one can describe the sub-
ring R of Q[ x, y] of those polynomials which are fixed by all g ∈ G. One
obtains R = Q[ F8 , F24 ] with F8 = x8 + 14x4 y4 + y8 , F24 = x4 y4 ( x4 − y4 )4 . Fur-
thermore, F8 and F24 are algebraically independent, so there is a unique poly-
nomial P( x, y) ∈ Q[ x, y] with A( x, y) = P( F8 , F24 ).
In order to prove these results, one has to study more carefully the group G
which happens to have order 192.

3.8 Problems
Problem 3.40. Let C ≤ Fnq be a linear (n, k, n − k + 1) code, so C is an MDS code.
Show that the dual code C ⊥ is an (n, n − k, k + 1) code, so it is an MDS code too.
(Hint: Let M be the matrix whose rows are a basis of C. If C ⊥ contains an element
v 6= 0 with w(v) ≤ k, then there are k columns in M which are linearly dependent.
Show that there is a non-trivial linear combination of the rows of M which is 0 in k
positions.)

Problem 3.41. Let G be a finite abelian group of order > 1. Show, without using the
structure theorem for finite abelian groups, that G has a non-trivial character.

4 Comparing the Bounds

One can show that the linear programming bound is always at least as good as
the Singleton bound, the Hamming bound, and the Plotkin bound. For q small
compared to n, the Hamming bound is far stronger than the Singleton bound. How-
ever, if q ≥ n is a prime power, then we found the Reed-Solomon codes C for any
1 ≤ d(C ) ≤ n which match the Singleton bound. That indicates that if q is large
compared to n, the quality of the Singleton bound improves. In particular, for q ≥ n
a prime power, it is the best bound.
Fix q. If f (n, d, q) is one of the upper or lower bounds by Singleton, Hamming,
Plotkin (in the allowed range), Gilbert, or Varshamov, then one can show the follow-
ing: Fix 0 ≤ δ ≤ 1, and let ni ∈ N, di be sequences with 0 ≤ di ≤ ni , lim ni = ∞ and
log f (n ,d ,q)
lim ndi = δ, then lim n logi qi exists and is a continuous function fˆ(δ) depending
i

50
on δ. So asymptotically fˆ bounds the relative rate of a code in terms of the relative
minimum distance.

On can compute these functions fˆ for the bounds mentioned above. For the Del-
sarte bound, where f (n, d, q) is the bound given by solving the associated linear
program, fˆ(δ) is not known.

The following displays two examples of the quality of the bounds. We have omit-
ted the Griesmer bound, because it applies only to linear codes. A refinement of the
proof of the Plotkin bound yields the Elias bound, which is often the next best bound
after the Delsarte bound. As we have not discussed this bound, we don’t display it

here.

51
5 Application to Projective Planes

5.1 Codes Generated from Integral Square Matrices

Theorem 5.1. Let A ∈ Zn×n be a matrix with det A 6= 0, and p be a prime. Let
C ≤ Fnp be the code generated by the rows of A, and let m be maximal with pm | det A.
Then dim C ≥ n − m.

Proof. For X ∈ Zr×s let X̄ be the natural image of X in Frp×s . Conversely, for
X̄ ∈ Frp×s let X ∈ Zr×s be any matrix which is mapped to X̄.
Set k = dim C. Then dim C ⊥ = n − k. Let M̄ be the (n − k ) × n matrix whose
rows are a basis of C ⊥ . As M̄ has rank n − k, we may assume after permuting co-
ordinates in C ⊥ and

C that the first n − k columns of M̄ are linearly independent.
Write M̄ = Ū V̄ with a U ∈ Z k)×(n−k) and V ∈ Z(n−k)×k . Let Ik ∈ Zk×k be
( n −

52
 the identity matrix, and set
 
U V
N= ∈ Zn × n .
0 Ik

By definition of duality of codes, the first n − k columns in Ā N̄ t = AN t vanish, so

the entries in the first n − k columns of AN t are all divisible by p, so pn−k divides
det AN t = det A det N. On the other hand, det N = det U. As Ū is invertible, we
have det Ū 6= 0, so p - det U. We obtain pn−k | det A, so n − k ≤ m and therefore
dim C = k ≥ n − m.

5.2 Incidence Matrices of Finite Projective Planes

A projective plane consists of two sets P and L and a subset I of P × L subject to the
following conditions:

(a) For and p1 , p2 ∈ P with p1 6= p2 there is exactly one ` ∈ L with ( p1 , `), ( p2 , `) ∈

I.

(b) For and `1 , `2 ∈ L with `1 6= `2 there is exactly one p ∈ L with ( p, `1 ), ( p, `2 ) ∈

I.

(c) There are four distinct elements Q in P such that for any ` ∈ L there are at
most 2 elements q ∈ Q with (q, `) ∈ I.

We can make this abstract definition a little more concrete: Identify each ` ∈ L with
the subset of those p ∈ P such that ( p, `) ∈ I, and call these subsets lines. Call the
elements in P points. Then (a) says that any two distinct points lie on exactly one
line, (b) says that any two distinct lines have exactly one common point, and (c) says
that there is a non-degenerate quadrangle.
From now on we take this point of view, so L is a set of subsets of P with the
properties from above.

Lemma 5.2. Let ( P, L) be a projective plane, and `1 , `2 be two distinct lines. Then
there is a point which is neither on `1 , nor on `2 .

Proof. Let Q be a quadrangle according to (c). If each of it points is on `1 or `2 ,

then q1 , q2 ∈ `1 and q3 , q4 ∈ `2 with Q = {q1 , q2 , q3 , q4 }. But then the intersection
point of the line through q1 and q3 with the line through q2 and q4 is neither on
`1 , nor on `2 .

Theorem 5.3. Each line of a projective plane contains the same number of points.

53
 Proof. Let `1 and `2 be two distinct lines, and p be a point not contained in these
lines. For q ∈ `1 let φ(q) be the intersection of the line `2 with the line through q
and p. The properties of a projective plane then show that φ is bijective.
A finite projective plane is a projective plane with P a finite set. As L is a set of
subsets of P, we see that L is finite as well. Let n + 1 be the common number of
points on a line of a finite projective plane. We call n the order of the projective
plane.

Theorem 5.4. Let ( P, L) be a finite projective plane of order n. Then there are n + 1
lines through each point, and | P| = | L| = n2 + n + 1.

Proof. Let p be a point. Not all sides of a quadrangle can contain p, so there is a
line ` not containing p. For each line `0 with p ∈ `0 let φ(`0 ) be the intersection of
`0 with l. Then φ is a bijection, so there are n + 1 lines through p.
The n + 1 lines through p are, up to p, disjoint, and contain n points besides p.
Also, every point 6= p is on exactly one line through p. So there are (n + 1)n + 1 =
n2 + n + 1 points.
The assertion about the number of lines either follows from the same argument,
where the lines and points switch their roles, or by this counting argument: Let
m the number of lines. We count the triples ( p1 , p2 , `) with p1 , p2 ∈ `, p1 6= p2 in
2
two ways. One the one hand, this number equals (n +2n+1) = (n2 + n + 1) n+ 1
2 . On
the other, this number is m(n+ 1
2 ), and the claim follows.

Definition 5.5. Let ( P, L) be a projective plane of order n. Set N = n2 + n + 1.

Number the points and lines P = { p1 , p2 , . . . , p N } and L = {`1 , `2 , . . . , ` N }. Let
A ∈ Z N × N with entry 1 in position (i, j) if pi ∈ ` j , and 0 otherwise.

Theorem 5.6. Let A be the incidence matrix of a projective plane of order n. Then
 
n+1 1 ... 1
t t
 1 n+1 ... 1 
AA = A A =  . ..  ,
 
. .. . .
 . . . . 
1 1 ... n+1

a matrix with n + 1 on the diagonal, and 1 elsewhere. Furthermore, each row and
column of A contains the entry 1 exactly n + 1 times.

Proof. This is just a translation of the properties we developed so far.

54
5.3 A Special Case of the Bruck–Ryser Theorem

A major open problem in finite geometry is the question for which n ∈ N there is a
projective plane of order n. Below we see that if n is a prime power, there is a plane
of order n. On the other hand, no projective plane of order not a prime power has
been found yet. Up to the combination of theoretical and computational arguments
in the proof of the non-existence of planes of order 10 (see Section 5.3.1), the only
other non-existence result is

Theorem 5.7 (Bruck-Ryser 1949, [BR49]). Suppose that n ≡ 1 or 2 (mod 4), and
that n 6= x2 + y2 for all x, y ∈ Z. Then there is no projective plane of order n.

We will not prove this result here, but see Remark 5.11. Instead, we will show
how our results in coding theory can be used to get a special case. Namely suppose
that n ≡ 6 (mod 8). Then n cannot be sum of two squares, and the Bruck–Ryser
Theorem shows that there is no plane of order n. Below we give a direct proof for
this.
But before doing so, we quickly show that projective planes exist for each prime
power order:

Theorem 5.8. For every prime power q > 1 there is a projective plane of order q.

Proof. Let V be the vector space F3q . Let P and L be the set of 1-dimensional and
2-dimensional subspaces, respectively. We say that p ∈ P is on the line ` ∈ L,
if p ∈ `. Then one easily verifies the properties of a projective plane. Note
that the four 1-dimensional spaces h(1 0 0)i, h(0 1 0)i, h(0 0 1)i, h(1 1 1)i have the
property that no 3 of them are contained in a 2–dimensional subspace, so we get
a quadrangle.
The number of 1-dimensional subspaces in a 2-dimensional subspace is (q2 −
1)/(q − 1) = q + 1, so our plane has order q.

Lemma 5.9. Let A ∈ Z N × N be the incidence matrix of a projective plane of order n,

where N = n2 + n + 1. Define
   
1 1
..   ..
.
 
B=
 A .  and the diagonal matrix D = 
 
,

 1   1 
1 ... 1 n+1 −1

both in Z( N +1)×( N +1) . Then BDBt = nD.

55
 Proof. Note that  
−1
.. 
At

DBt D −1 =
 . .
 −1 
−1 . . . −1 n + 1
The claim then follows from the form of AAt given in Theorem 5.6, and the fact
that each row and column of A contains the entry 1 exactly n + 1 times.

Theorem 5.10. Let n ∈ N with n ≡ 6 (mod 8). Then there is no finite projective
plane of order n.

Proof. (Assmus, see [HW06, Satz 7.4.16]) Suppose that n ≡ 6 (mod 8), and that A
is the incidence matrix of a projective plane of order n. Set N = n2 + n + 1. The
assumption on n gives
N + 1 ≡ 4 (mod 8). (13)
Build B ∈ Z( N +1)×( N +1) as in the previous lemma. Taking determinants in
BDBt = nD shows (det B)2 = n N +1 , hence det B = ±n( N +1)/2 . Let m be max-
imal with 2m | det B. The assumption on n shows that 4 - n, hence m = N2+1 .
( N +1)×( N +1)
Let X̄ be the image in F2 of X ∈ Z( N +1)×( N +1) , and C ≤ F2N +1 the
binary code generated by the rows of B̄. As D̄ is the identity matrix and 2 | n, we
see that B̄ B̄t = 0. That means that hb1 |b2 i = 0 for any two rows b1 , b2 of B. So
C ≤ C ⊥ and therefore dim C ≤ N2+1 . On the other hand, dim C ≥ N + 1 − m ≥
N + 1 − N2+1 = N2+1 by Theorem 5.1. So we have equality everywhere, so C is
self-dual.
Each row of B̄ but the last one contains n + 2 times the entry 1, while the last row
contains N + 1 times the entry 1. So in each row, the number of 1s is divisible by
4. In particular, C is doubly-even by Lemma 3.37. But then 8 | N + 1 by Theorem
3.38, contrary to (13).

Remark 5.11. All proofs of the Bruck–Ryser Theorem are based on Lemma 5.9
or minor modifications of it. Suppose that n is the order of a projective plane.
In the language of quadratic forms, the lemma says that the quadratic forms
described by the matrices D and nD are equivalent over the rationals. Using
the easier direction of the Hasse–Minkowski Theorem one shows (under the
assumption on n modulo 4) that each prime p with p ≡ 3 (mod 4) occurs in
n with an even (possibly 0) multiplicity. From elementary number theory, we
get that n = x2 + y2 for x, y ∈ Z.
There is a modification which avoids the use of the Hasse–Minkowski Theo-
rem, and instead uses Lagrange’s Theorem that each positive integer n is a sum

56
 of 4 squares. Using this and elementary calculations, one arrives at n = u2 + v2
with rational u, v. Again, elementary number theory implies that n = x2 + y2
for suitable integers x, y. That is the usual proof in text books, see e.g. [Hal98].
One might wonder if the coding–theoretic proof of the special case n ≡ 6
(mod 8) can be extended to a full proof of the Bruck–Ryser Theorem. Indeed,
while somewhat technical, this is possible. See [Lan83].

5.3.1 A Remark on Projective Planes of Order 10

The Bruck–Ryser Theorem does not apply to the order n = 10, as 10 = 12 + 32 .

Still, much of the proof of Theorem 5.10 carries over. Let C 0 and C be the binary
codes generated by the rows of A and B, respectively. Then again C is doubly-even
and self–dual. So the MacWilliams identity puts severe restrictions on the weight
enumerator of C, and thus on C 0 too. However, one does not achieve a contradiction
by theoretical arguments only. Instead massive computer calculations eventually
show that such a code C 0 cannot arise from a plane of order 10. Up to today, there
is no reproducible account of this non–existence proof – one has to believe in the
correctness of poorly documented computer calculations. See [Hal98] and [KÖ06]
for theoretical results, and [Lam91] for an overview of the computation.

6 The Golay Codes

6.1 The Binary Golay Code

Previously we had seen from the sphere packing condition and Lloyd’s Theorem that
there is a potential perfect binary [23, 12, 7]–code. In this section we will construct
such a code, the binary Golay code G23 . While there are direct constructions of this
code (for instance as a cyclic code or as a quadratic residue code), we prefer to
obtain this code from the equally important extended binary Golay code G24 , which is
a [24, 12, 8]–code.
In doing so, we number the vertices of an icosahedron from 1 to 12. Next we
×12
define a matrix A ∈ F122 via

(
0, i 6= j and i, j are connected by an edge
Aij =
1, otherwise

With the numbering as in

57
we obtain the first four rows of the matrix A, where we drop the 0s for better read-
ability:  
1 1 1 1 1 1 1

 1 1 1 1 1 1 1 
A = 1 1 1 1 1 1 1


1 1 1 1 1 1 1
 
.. .. .. .. .. .. .. .. .. .. .. ..
. . . . . . . . . . . .

Lemma 6.1. (a) w( a) = 7 for each row a of A.

(b) Any two distinct row of A differ in 6 or 10 positions.

(c) h a| a0 i = 0 for any two distinct rows of A, and AAt = A2 = I, where I denotes
the identity matrix.

Proof. (a) This holds, because every vertex is not connected by an edge with 12 −
5 = 7 vertices. In particular, h a| ai = 1 for each row a of A.
(b) Any pair of distinct vertices can be mapped by a symmetry of the icosahedron
to the pair (1, 2), (1, 3), or (1, 4). So we only have to compare the first row of A
with the second, third and fourth row.
(c) As in (b), we see that a and a0 have a common 1 in 2 or 4 positions, hence
h a| a0 i = 0. We get AAt = I from this and (a), and then A2 = I because A is
symmetric.
Set
×24
B = I A ∈ F12


2

58
and let G24 = C ≤ F24
2 be the binary code generated by the rows of B.

Theorem 6.2. The extended binary Golay code G24 is a self–dual, doubly-even
[24, 12, 8]–code.

Proof. Clearly B has rank 12, so dim C = 12. From AAt = I we get that the rows of
B are pairwise orthogonal, so C ≤ C ⊥ . But dim C + dim C ⊥ = 24 and dim C = 12,
hence C = C ⊥ . Each row of B has weight 8, so C is doubly-even by Lemma 3.37.
Of course d(C ) ≤ 8. Suppose that d(C ) ≤ 4. As the weight of the code words of
C are divisible by 4, we get d(C ) = 4. Pick c ∈ C with w(c) = 4. The elements
of C have the form uB = (u uA), where u runs through F12 2 . Hence c = ( u uA )
0
for a suitable u. We claim that c = (uA u) ∈ C. Set v = uA. From (v vA) ∈ C
and A2 = I we obtain c0 = (uA u) ∈ C. From 4 = w(c) = w(u) + w(uA) we
obtain that w(u) ≤ 2 and w(uA) ≤ 2. So by probably passing to c0 , we may and
do assume that w(u) ≤ 2.
If w(u) = 0 then u = 0, hence c = 0, a contradiction. If w(u) = 1, then c is a row
of B, hence w(c) = 8, again contrary to w(c) = 4. Finally assume that w(u) = 2.
Then c is the sum of two distinct rows of B. So there are two distinct rows a and
a0 of A with 2 = w( a + a0 ) = d( a, a0 ). However, d( a, a0 ) ≥ 6 by the lemma.
One can easily determine the weight distribution Ai of C = G24 without comput-
ing all the 212 code words:

Theorem 6.3. The weight enumerator of the extended binary Golay code G24 is 1 +
759z8 + 2576z12 + 759z16 + z24 .

Proof. Let Ai be the number of code words of weight i. As C is doubly-even, we

have Ai = 0 unless 4 | i. Furthermore, the all 1 vector is in C (it is the sum of
all rows of B, or see Lemma 3.36), so Ai = A24−i . Next, A4 = 0 as d( G24 ) = 8.
Thus the weight enumerator has the form A(z) = 1 + A8 (z8 + z16 ) + A12 z12 + z24 .
From 212 = A(1) we get
2A8 + A12 = 212 − 2. (14)
The MacWilliams identity and A(z) = A⊥ (z) gives

1−z
212 A(z) = 212 A⊥ (z) = (1 + z)24 A( ).
1+z

Pick ω ∈ C with ω 2 + ω + 1 = 0. Then ω 3 = 1, so ω 8 + ω 16 = ω 2 + ω = −1,

hence
A(ω ) = 2 − A8 + A12 .
1− ω 1−2ω +ω 2 −4(1+ω +ω 2 ) −3(1+ ω )2
Set β = 1+ ω . Then β2 = (1+ ω )2
= (1+ ω )2
= −3. Furthermore,

59
 (1 + ω )24 = (−ω 2 )24 = 1. This yields
1−ω
(1 + ω )24 A( ) = A( β) = (1 + 312 ) + (34 + 38 ) A8 + 36 A12 ,
1+ω
hence
212 (2 − A8 + A12 ) = (1 + 312 ) + (34 + 38 ) A8 + 36 A12 .
This, together with (14) eventually yields A8 = 759, A12 = 2576, and the claim
follows.

Remark 6.4. The extended binary Golay code G24 has many exciting connec-
tions to other areas of mathematics. For instance, we can consider its automor-
phism group G, which is the group of those permutations of the coordinates
which map code words to code words. Using our definition of the code, it is
easy to see that there are at least 120 automorphisms of the code, see Prob-
lem ???. Actually, the group G of all automorphisms is quite big. It acts 5–fold
transitively on the coordinate positions, and the pointwise stabilizer of 5 points
has order 48. Thus | G | = 24 · 23 · 22 · 21 · 20 · 48 = 244823040. Furthermore,
one can show that G is simple, it is called the Mathieu group M24 , one of the
26 sporadic simple groups.
The code G24 is connected to other fascinating combinatorial objects, the Steiner
systems. Let 2 ≤ t < k < n be integers. A Steiner system S(t, k, n) is a set S of
k–element subsets of a set M of size n, such that each t–element subset of M is
a subset of exactly one set from S. For instance, a projective plane of order n
gives an S(2, n + 1, n2 + n + 1) Steiner system, because any two distinct points
are contained in exactly one line (which has size n + 1).
It is an open problem if there are Steiner systems S(t, k, n) with t ≥ 6. However,
there are a few with t = 5. The code G24 allows to construct a S(5, 8, 24)
Steiner system: For each of the 759 code words c = (c1 c2 . . . , c24 ) of weight 8
associate the 8–element subset of M = {1, 2, . . . , 24} consisting of the indices i
with ci = 1. It is not hard to see that any 5–element subset of M is contained
in exactly one of these 8–element subsets. See Problem ???.
Another interesting construction, a slight modification of the preimage in Z24
of G24 under the natural map Z24 → F24 2 , gives the Leech lattice. It is an
exceptionally dense lattice in R whose automorphism group yields further
24

interesting sporadic simple groups, the three Conway groups.

For this and many further connections see [CS99].

Lemma 6.5. Let C be a binary [24, 12, 8] code, and C 0 be the code obtained form C by
deleting a coordinate position. Then C 0 is a perfect [23, 12, 7]–code.

60
 Proof. Deleting one coordinate position lowers the weight by at most 1, hence
d(C 0 ) ≥ 7, so the balls of radius 3 around the code words of C 0 are disjoint.
However, 212 (1 + (23 23 23
1 ) + ( 2 ) + ( 3 )) = 2 , so these balls disjointly cover F2 , hence
23 23

C 0 is perfect with covering radius 3, and therefore d(C 0 ) = 2 · 3 + 1 = 7.

Let G23 be the code derived from G24 by deleting a coordinate position. The
lemma then tells us that G23 is a perfect [23, 12, 7]-code. This code is called a bi-
nary Golay code. It looks as if G23 would seriously depend on which position gets
deleted. However, one can actually show that up to isomorphism there is only one
binary [23, 12, 7]-code. For this reason one speaks of the binary Golay code. As to
the uniqueness of the [24, 12, 8]-code, or even stronger of the (24, 212 , 8)-code, see
Problem ???.

Remark 6.6. As all the code words in G24 have even weight, one can recover
G24 from G23 by appending a parity check bit. Historically G23 was known and
used before G24 . This explains the extended in the name of G24 .
Besides the beautiful mathematical properties, the binary Golay codes (G24
more than G23 ) had been used in the past for the NASA deep space missions,
and is used nowadays in radio communication.

Remark 6.7. There is the following uniqueness result for the extended binary
Golay code: Let C ⊆ F242 be a not necessarily linear code with |C | = 2
12 and

d(C ) = 8. Assume that 0 ∈ C. Then, up to a permutation of coordinates,

C = G24 . The essential step in showing this is to prove that C is linear. See
Problem ??? for this.

6.2 The Ternary Golay Code

In this section we construct the two ternary Golay codes.

Lemma 6.8. Set

1 1 1 1 1 0
 
1 −1 −1 1
 
0  −1
 1 0 1 − 1 − 1   
× −1 ∈ F6×6 .
 ∈ F3 and C = 
5 5
  
 −1 1
A= 0 1 −1 
A −1 3
 −1 −1 1 0 1   
 −1
1 −1 −1 1 0
−1

Then CC t = − I6 .

61
 Proof. Let ai be the i-th row of A. Then h ai | a j i = 1 if i = j, and h ai | a j i = −1 for
i 6= j. As each row in A arises from rotating the preceding row to the right by one
step, we may assume i = 1 in verifying the cases. Together with the observation
that the entries of each row of A sum up to 0, we get that CC t = − I6 .

Remark 6.9. The matrix A is the modulo 3 reduction of a so-called Paley matrix,
which in general is defined as follows: Index the rows and columns of A with
the finite field Fq . For i, j ∈ Fq define the entry Ai,j of A ∈ Zq×q in position
(i, j) by

0,
 if i = j
Ai,j = 1, if 0 6= i − j is a square in Fq

−1, if i − j is not a square in Fq .


Then AAt = qIq − Jq , where Iq is the all 1 matrix.

Extending to the matrix C as above (still over Z), one gets CC t = qIq+1 . Such a
matrix C, with 0 on the diagonal, −1 or 1 off the diagonal, and CC t a multiple
of the identity matrix, is called a conference matrix. For more about this see
[vLW01].

With the matrix C from the lemma, we define

B = I6 C ∈ F63×12

and let G12 ≤ F123 be the ternary code generated by the rows of B. We call G12 the
extended ternary Golay code.

Theorem 6.10. The extended ternary Golay code G12 is a self–dual [12, 6, 6]–code.

Proof. Length and dimension of G12 are clear. The previous lemma implies BBt =
0, so the rows of B generate a self-dual code. From hc|ci = 0 for each c ∈ G12
and i2 = 1 for each 0 6= i ∈ F3 we see that the weights of the code words of G12
are divisible by 3. So in order to show that d(C ) = 6 we need to show that there
are no words of weight 3. Suppose that there is c ∈ G12 with w(c) = 3. Write
c = (u uC ) with u ∈ F63 . Then 3 = w(u) + w(uC ). Clearly w(u) = 0 and w(u) = 1
are not possible. Suppose that w(u) = 2. Then w(uC ) = 1, and uC is a linear
combination of two rows of C. But this implies w(uC ) ≥ 2, because, each row
of C has a unique 0 entry in a different position. Finally assume w(u) = 3, then
w(uC ) = 0, so uC = 0. But CC t = − I6 implies that C is invertible, hence u = 0, a
contradiction again.
Let G11 be the code obtained from deleting a coordinate position of G12 . As in the
binary case, we see that G11 is a perfect [11, 6, 5]-code, the ternary Golay code. Again,
one can show that up to isomorphism there is only one (11, 36 , 5)-code and only one

62
(12, 36 , 6)-code. This, however, is much more difficult to prove than in the binary
case.

6.3 Covering Codes and Virtakallio’s Discovery of the Ternary

Golay Code
It was long believed that the ternary Golay code was first constructed by Golay in
1949. However, it turned out much later that the first description of this code, es-
sentially by listing 243 = 35 codewords and explaining how to obtain the remaining
2 · 35 words, was given by the Finnish football pool specialist Juhani Virtakallio in
1947 in the soccer magazine Veikkaaja! Every football match has three possible out-
comes, a home win, a home loss, or a draw. In the 1940s, there was a Finnish football
pool where one had to bet the outcome of 12 matches. As the correct prediction of
10 matches was rewarded with a reasonable high prize, Virtakallio tried to find a
system with a minimal number of bets such that at least one of them predicts cor-
rectly the outcome of at least 10 matches. He assumed that for one of the matches
the teams are of such a different strength such that one can be sure to make a correct
guess. So that one needs a system for the remaining 11 games. Phrased mathemat-
ically, one has the following problem after identifying the three possible outcomes
of a match with the elements of F3 . Find a set C ⊆ F11 3 of minimal cardinality such
that for each v ∈ F113 there is a c ∈ C with d ( c, v ) ≤ 2. In other hands, the balls of
radius 2 around the elements c ∈ C should cover all of F11 3 . As the volume of such a
2 11 i
ball is ∑i=0 ( i )2 = 243 = 3 , one gets |C |3 ≥ 3 , hence |C | ≥ 36 .
5 5 11

Of course, this bound is sharp if and only if C is a perfect (11, 36 , 5)-code. Surpris-
ingly, Virtakallio found a system with |C | = 36 , the ternary Golay code! The way he
described his code indicates that he didn’t know much about mathematics, which
makes it even more mysterious that he could find this code!
This example is a special case of a so-called covering code, arising from a question
which is kind of opposite to the error correcting codes: Set | F | = q, and let Kq (n, e)
be the minimal size of a set C ⊆ F n such that the balls of radius e around c ∈ C
cover F n . So the perfectness of the ternary Golay codes gives K3 (11, 2) = 36 = 729.
Virtakallio’s achievement is even more surprising considering that as of 2011, the
values K3 (n, 2) were unknown for 6 ≤ n ≤ 10. For instance, one only knows that
15 ≤ K3 (6, 2) ≤ 17 (see [Kér11]).
See [CHLL97] for a whole book devoted to covering codes. It also contains more
details about Virtakallio’s exciting discovery.

7 Goppa Codes
to be written

63
7.1 Classical Goppa Codes
to be written

7.2 Algebraic Curves

to be written

7.3 Geometric Goppa Codes

to be written

8 Appendix: Some Tools from Algebra

to be written

64
Index
binary Golay code, 57, 61 minimum distance, 4
block code, 4
normalized Hadamard matrix, 17
character, 29
code, 4 order, 54
conference matrix, 62 Paley matrix, 62
covering code, 63 perfect code, 8
covering radius, 38 points, 53
projective plane, 53
distance distribution, 35
distance enumerator, 35 Reed-Muller code, 21
doubly-even, 48 Reed-Solomon codes, 11
dual code, 29 residual code, 15
dual linear program, 38
self-dual, 48
equivalent, 5 simplex code, 14
extended binary Golay code, 57 sphere packing bound, 7
extended ternary Golay code, 62 Steiner systems, 60
finite projective plane, 54 ternary Golay code, 62
Gilbert bound, 23 unbounded, 38
Griesmer bound, 16
Varshamov bound, 24
Hadamard matrix, 17
Hamming ball, 7 weight, 5
Hamming bound, 7 weight distribution, 33
Hamming code, 8 weight enumerator, 33
Hamming distance, 4

infeasible, 37

Krawtchouk polynomial, 41

Leech lattice, 60
linear character, 30
linear code, 5
lines, 53

MacWilliams transformation, 38
MDS code, 11
Minimum distance, 4

65
References
[Bes83] M. R. Best, A contribution to the nonexistence of perfect codes, Ph.D. thesis,
Mathematisch Centrum, Amsterdam (1983).

[BR49] R. H. Bruck, H. J. Ryser, The nonexistence of certain finite projective planes,

Canadian J. Math. (1949), 1, 88–93.

[CHLL97] G. Cohen, I. Honkala, S. Litsyn, A. Lobstein, Covering Codes, vol. 54 of

North-Holland Mathematical Library, North-Holland Publishing Co., Ams-
terdam (1997).

[CS99] J. H. Conway, N. J. A. Sloane, Sphere Packings, Lattices and Groups, vol. 290
of Grundlehren der Mathematischen Wissenschaften, Springer-Verlag, New
York, 3rd edn. (1999), With additional contributions by E. Bannai, R. E.
Borcherds, J. Leech, S. P. Norton, A. M. Odlyzko, R. A. Parker, L. Queen
and B. B. Venkov.

[Hal98] M. Hall, Jr., Combinatorial Theory, Wiley Classics Library, John Wiley &
Sons Inc., New York, 2nd edn. (1998), A Wiley-Interscience Publication.

[Hon84] Y. Hong, On the nonexistence of unknown perfect 6- and 8-codes in Hamming

schemes H (n, q) with q arbitrary, Osaka J. Math. (1984), 21(3), 687–700.

[HW06] B. Huppert, W. Willems, Lineare Algebra., Wiesbaden: Teubner (2006).

[Kér11] G. Kéri, Tables for bounds on covering codes, http://www.sztaki.hu/~keri/

codes/index.htm (2011).

[KÖ06] P. Kaski, P. R. J. Östergård, Classification Algorithms for Codes and Designs,

vol. 15 of Algorithms and Computation in Mathematics, Springer-Verlag,
Berlin (2006), With 1 DVD-ROM (Windows, Macintosh and UNIX).

[Lam91] C. W. H. Lam, The search for a finite projective plane of order 10, Amer. Math.
Monthly (1991), 98(4), 305–318.

[Lan83] E. S. Lander, Symmetric Designs: An Algebraic Approach, vol. 74 of Lon-

don Mathematical Society Lecture Note Series, Cambridge University Press,
Cambridge (1983).

[vL75] J. H. van Lint, A survey of perfect codes, Rocky Mountain J. Math. (1975), 5,
199–224.

[vL99] J. H. van Lint, Introduction to Coding Theory, vol. 86 of Graduate Texts in

Mathematics, Springer-Verlag, Berlin, 3rd edn. (1999).

66
[vLW01] J. H. van Lint, R. M. Wilson, A Course in Combinatorics, Cambridge Uni-
versity Press, Cambridge, 2nd edn. (2001).

[Wil99] W. Willems, Codierungstheorie., Berlin: de Gruyter (1999).

67