This year’s Math 256x is a “topics class”
(taught here before, but last in 2001)
that develops the mathematical theory of error-correcting codes
and its connections with other areas of mathematics
ranging from combinatorics to group and representation theory
to projective and algebraic geometry.
We meet Tuesdays and Thursdays from 11:30 AM to 1:00 PM
in Room 309 Room 109
of the Science Center.
Tuesday, Sep. 5: Introduction
General setup for block codes:
Fix a finite set A (“alphabet”) of
q>1 elements (“letters”).
[q=1 is vacuous,
as already observed by Lewis Carroll
— in general, a letter from an alphabet of size q
carries log2(q)
bits’ worth of information.]
For any integer n>0 consider the set An
of n-letter “words”
w = (w1, …, wn).
Define the Hamming distance between two words
w, w’
as the number of coordinates i where
wi ≠ wi’;
that is, d(w, w’)
is the number of one-letter changes (errors) one must make in w
to reach w’.
Exercise: This is in fact a distance function.
We can thus regard An as a metric space,
known as Hamming space.
A code is a nonempty subset C of Hamming space.
C is said to be binary, ternary, quaternary, “etc.”
if the alphabet is of size 2, 3, 4, etc.
The integer n is the length of the code.
The key parameters of C are q, n,
the number of elements (“codewords”) of C,
and the minimum (nonzero) distance dmin
between codewords. [If there is only one codeword then it is sometimes
convenient to set dmin = n + 1,
rather than dmin = ∞ which is
the usual convention for the minimum of an empty set.]
We use the notation
“(n, M, d) code”
for a code of length n,
size M, and minimum distance d.
A code of minimum distance at least d is
(d−1)-error detecting, and thus also
e-error correcting if d > 2e.
Sometimes the alphabet size q is incorporated into the notation
as a subscript, making C an
“(n, M, d)q
code”.
A basic question of coding theory is how large M can get
given q, n, and d
(or more-or-less equivalently how large d can get
given q, n, and M).
As is often the case in this kind of combinatorics,
except in trivial cases it is rare that we can get an exact answer
for a given choice of
q, n, and M or d,
and even the asymptotic behavior is not known: we can only give
lower and upper bounds, which hardly ever coincide.
Here one standard asymptotic direction is to fix q,
let n→∞,
and try to make the transmission rate
R = (logqM) / n
and the error-detection rate
δ = d / n both large.
One of our recurring themes in this course will be such bounds and
asymptotic bounds, and the rare and often special cases where the bounds
agree and we get a provably optimal code.
An elementary upper bound is due to
Singleton (1964):
an (n, M, d) code
must have
M ≤ qn−d+1.
The proof is an easy pigeonhole argument.
(Note that when M = 1
we must use the convention d = n + 1
for the Singleton bound to hold in this case.)
Equivalently,
R + δ ≤ (n + 1) / n.
Codes that attain this bound are known as maximum distance separable,
or MDS for short.
We shall see that q is a prime power
such a code exists for all d and n as long as
0 ≤ d−1 ≤ n ≤ q+1,
but the behavior for n much larger than q
is very different. Indeed, it follows from the Singleton bound that
asymptotically R + δ ≤ 1, but
we’ll see that for fixed q and large n
this bound cannot be attained except for
(R,δ)=(1,0) and (0,1), and moreover
that if R > 0 for an infinite family of codes
with fixed q
then 1−δ is bounded away from zero.
Two trivial examples of MDS codes are An itself
(with d=1) and a one-word code (with d=n+1
— so yes, a singleton code attains equality in the Singleton bound).
Only slightly less trivial is the example with d=n of the
repetition code consisting of the q words of the form
(a, a, …, a). A final
easy example is a single checksum code with d=2
(also called a parity check code
in the case q = 2):
give A a group structure
(usually abelian, though this isn’t necessary),
and let C consist of the
qn−1
words whose entries sum to zero. A curious variant is the
ISBN,
which is in effect the (10, 11·109, 2)11
code obtained from an MDS code by discarding all codewords that use
10 for any but the last letter; this code (even in its unmutilated MDS form)
also has the feature of detecting single-transposition errors, because
it is defined by an F11-linear
relation with pairwise distinct coefficients.
An example of an optimal code that is not MDS is the
Hamming code (1950),
with parameters q = 2 and
(n, M, d) = (7, 16, 3).
[NB an MDS code with the same n and M would have had
d=4.]
The 7 coordinates are identified with the vertices of the
Fano plane
P2(F2);
the alphabet A is F2 = {0,1},
and the codewords are the all-zero word, the characteristic functions of
the lines, and the ones’ complements of these 1+7=8 words.
Check that each codeword c is at distance 3 from seven codewords and
at distance 4 from seven other codewords,
with the remaining codeword other than c itself being
the antipodal word, at distance 7. Since no two codewords
are at distance less than 3, the “Hamming spheres”
(actually Hamming-distance balls)
of radius 1 about the codewords are disjoint; but each contains
1+7=8 words, and there are 16 of them, so they tile the
27 words of
A7 perfectly,
proving that M=16 is optimal given
q=2, n=7,
and d=4.
In general, the sphere-packing bound
(a.k.a. the Hamming bound)
is the observation that if d > 2e
then M can be no larger than qn
divided by the number of words in a Hamming ball of radius e.
A code that attains this bound is said to be perfect.
This happens very rarely: besides generalizations of the Hamming code
that we’ll see before long, all of which are perfect
single-error-correcting codes, the only known perfect codes are
the trivial ones of a one-word code and a binary repetition code of odd length,
and the very nontrivial examples of the binary and ternary Golay codes.
It is known (and we may show towards the end of the class)
that these are the only perfect codes for which q is a prime power.
[Warning: the condition that qn be an exact multiple of
the sphere volume is necessary but not sufficient;
a notable example: it is known (and we’ll prove) that
there is no perfect binary (90, 278, 5) code.]
What does the Hamming bound look like in the asymptotic regime where we
fix q and let n and d grow
while their ratio δ remains roughly constant?
We need the following fundamental computation.
The number of words at distance exactly e from
a given word is
(q−1)e Binomial(n, e).
If we fix q and let n, e → ∞
with e/n → ε for some fixed
ε in (0,1), then we can estimate
Binomial(n, e) using Stirling’s approximation.
We find that log(Binomial(n, e))
is asymptotic to nH(ε)
where H is the (binary) entropy function
H(ε) =
−ε log ε
− (1−ε) log (1−ε).
This gives us the logarithmic asymptotics of the count
(q−1)e Binomial(n, e)
for q=2; in general we must add a term
e log(q−1)
to find that our count is asmyptotically
exp(nHq(ε)+o(n)),
where Hq is the
q-entropy function
Hq(ε) =
−ε log ε
− (1−ε) log (1−ε)
+ ε log (q−1).
For any q, this function Hq
is convex downwards, with vertical tangents at
(ε, Hq(ε)) = (0, 0)
and (1, log(q−1)).
Thus Hq has a unique maximum in (0,1),
and it’s an elementary calculus exercise to locate this maximum at
ε = (q−1)/q,
where Hq(ε) = log q.
[The location and value of the maximum were predictable in advance —
do you see why? Likewise the symmetry
H(ε) = H(1−ε)
of the binary entropy function.]
It soon follows that the number of words at distance at most
e from a given word is given by the same asymptotic formula
exp(nHq(ε)+o(n))
for ε ≤ (q−1)/q,
and is
(1−o(1)) qn
once
ε > (q−1)/q.
Therefore the asymptotic form of the sphere-packing bound is
R ≤
1 − (Hq(δ/2) / log(q)).
This bound is better (i.e. smaller) than the asymptotic Singleton bound
for small δ
(because of the vertical tangent at δ=0),
and for all δ in (0,1) when q=2
(because the two bounds agree at the endpoints and the function
1 − (H(δ/2) / log(2))
of δ is convex upwards).
Replacing e by d−1 in the Hamming bound yields the
Gilbert-(Shannon-)Varshamov bound, which is a lower bound:
there exists an
(n, M, ≥d)q code
provided that qn is no larger than
the product of M with the number of words in a
Hamming ball of radius d−1,
because until that happens we can keep adding words to C
that do not bring its minimum distance below d.
The asymptotic form of this lower bound is
R = 1 − (H(δ) / log(q))
(δ < (q−1)/q).
It is a perennial source of embarrassment that, while the Gilbert-Varshamov
bound is quite weak for small n, the asymptotic form is very hard
to beat; the only improvements known use surprisingly sophisticated
techniques from number theory (curves with many points over finite fields),
and for small q (all q up to about 40)
the Gilbert-Varshamov bound is still the best we have
for all δ.
[There are similar embarrassments elsewhere in combinatorics, as in
Ramsey theory and Euclidean sphere packing in high dimensions,
where the probabilistic method is asymptotically better than
any known explicit construction.]
Tuesday, Sep. 10: Linear codes
We usually take for q a prime power, and identify A
with a finite field, which as usual we denote by F
[the alternative k, for German Körper,
is pre-empted as we shall see a couple of paragraphs below].
Hamming space is then the F-vector space
Fn, and the Hamming distance is translation-invariant,
so
d(w, w’)
= d(0, w’−w)
= wt(w’−w)
where “wt” is the (Hamming) weight:
the weight of any word w is its number
#{i: wi ≠ 0}
of nonzero coordinates. This is a discrete norm
on Fn, satisfying the
triangle inequality
wt(w+w’) ≤
wt(w) + wt(w’)
for all w, w’,
and also the homogeneity wt(cw) = wt(w)
for all words w and nonzero scalars c.
A code C ⊆ Fn
is said to be linear if it is closed under
addition and scalar multiplication, that is, if it is
a vector subspace of Fn.
This is a very special case, but an important one;
we shall soon say more about the advantages and disadvantages of
linear codes vs. unrestricted codes, but for now we note that
almost all our examples of codes from the previous lecture become linear
when A is identified with a finite field,
including the Hamming (7, 16, 3) code (check this!).
This is clearly true for An and the
repetition code; a one-word code is linear iff
it is the zero word; the one-checksum code is linear provided we chose
(F,+) for the group structure; and the ISBN code
is just a one-checksum code over the 11-element field
with some of its codewords removed without increasing the minimum distance.
Suppose C is a linear (n, M, d) code.
Then M = qk where
k is the dimension of C as an
F-vector space;
and d is the minimum (nonzero) weight
minc∈C,
c≠0 wt(c)
because C is closed under subtraction.
A linear code’s basic parameters of distance, dimension, and
minimum distance are given in square brackets: a linear
(n, qk, d) code is an
[n, k, d] code
(again with optional subscript q). The one-word code,
repetition code, Hamming code, single-checksum code,
and the code Fn have parameters
[n, 0, n+1]
(or [n, 0, ∞]),
[n, 1, n],
[7, 4, 3],
[n, n−1, 2],
[n, n, 1] respectively.
The rate
R = (logqM) / n
of an [n, k, d] code is simply
k/n, and the Singleton bound is
k + d ≤ n + 1.
This makes sense, and remains true, even when F
is not assumed finite, though then our proof
(which used the pigeonhole principle) does not work.
We shall rarely study linear codes over infinite fields,
but can easily prove the Singleton bound for a linear code
over an arbitrary field: choose any d−1
coordinates, and note that the subspace of C consisting
of codewords supported on those coordinates must be zero;
but this subspace has codimension at most
n−d+1 in C,
so n−d+1 is an upper bound on
dim(C).
A linear MDS code is a k-dimensional code
whose words supported on any n−m
coordinates constitute a subspace of dimension
max(k−m, 0).
This is the usual behavior when F is infinite,
which is why we rarely do coding theory over infinite fields
(but see “compressive sensing” for a recent nontrivial
analogue of linear error-correcting codes that works in the context of
linear algebra over R or C).
The sphere-packing bound of course holds for linear codes
as a special case. The Gilbert-Varshamov bound holds for linear codes
as well, though here we must prove it anew. One way is to mimic our
proof for arbitrary codes, adding one basis vector at a time while the
Hamming spheres of radius d−1
have not yet filled Fn,
and using the invariance of the Hamming metric under translation.
We obtain the same bound, possibly improved by a small factor
(no larger than q, and thus asymptotically negligible).
Alternatively, we can choose a k-dimensional
subspace of Fn randomly
(with each subspace equally likely), and estimate the probability
that it has minimum weight at least d
by computing the average number of nonzero codewords of weight
<d. As long as this average is less than 1,
the probability of success is positive; indeed it suffices for
the avearge to be under q−1 (why?).
The largest k for which this argument works, call it
kGV,
again yields a code whose number
qkGV
of words is within a constant factor of the GV bound for
arbitrary codes. Moreover, if we apply the same argument for
linear codes of somewhat smaller dimension, say
kGV−c
(which is asymptotically indistinguishable from
kGV),
then the probability of success is
1−O(q−c),
so we are almost certain to succeed.
But (possibly even more embarrassing than before)
we still don’t know how to do it in practice for large n;
even if we choose C at random from codes of length
kGV−c,
then C almost surely has minimum weight at least d,
but we cannot prove it because checking whether an arbitrary linear code
has a word of length <d
is computationally intractable!
Often in mathematics when we introduce a new mathematical structure
we follow it up not just with examples but also with operations that
give new examples from old (direct sums and quotients of groups or
vector spaces, field extensions and polynomial rings, etc.).
Such operations exist for codes too, and we’ve seen a few examples
without calling attention to the general constructions
(e.g. a subset of an (n, M, d) code
is an (n, M’, d’) code
with M’ ≤ M
and d’ ≥ d, and
the subspace of an [n, k, d] code
supported on n’ of the coordinates is an
[n’, k’, d’] code
with
k’ ≥
k − (n−n’)
and d’ ≥ d);
but for now we need not pursue this systematically.
We do give one fundamental construction that’s not so immediate:
the dual, which is a bijection between
linear codes of length n and dimension k
and linear codes of length n and
dimension n−k.
Denote by
⟨·,·⟩ :
Fn × Fn
→ F
the usual perfect symmetric pairing
⟨v,w⟩
=
∑i
vi wi
=
v1w1
+ v2w2
+ · · ·
+ vnwn.
[Warning:
since we hardly ever use F⊆R,
there are usually plenty of nonzero v with
⟨v,v⟩ = 0;
but we shall have other uses for
⟨v,v⟩
before long.]
If C is a linear code then
the dual code of C is
C⊥ :=
{c* ∈ Fn :
⟨c*, c⟩ = 0
for all c ∈ C}.
As usual C⊥⊥ = C.
The zero code and Fn are each other’s dual,
as are the repetition code and single-checksum code. In general the
minimum distance of C⊥
cannot be predicted from the minimum distance of C;
for instance, if C is
[n, n−1, 1]
then C⊥ can have minimum distance
anywhere from 1 to n−1.
However, a linear code is MDS iff its dual is, so the dual of an
[n, k, n−k+1]
code is always an
[n, n−k, k+1]
code. This is illustrated by our above examples with
k = 0, 1, n−1, n.
To prove it in general, suppose C is a length n code
of dimension k such that
C⊥ is not MDS.
Then C⊥ has a nonzero word
of weight at most k. This gives a nontrivial
linear relation on k coordinates of C
(not just “at most k” because
we can always include some idle coordinates to bring the total
to k). But then the subspace of C
supported on the remaining
n−k coordinates
has codimension strictly less than k,
and thus contains some nonzero word of weight
at most n−k.
Therefore C is not MDS either,
QED.
The dual of the Hamming [7, 4, 3] code is the [7, 3, 4] code whose
nonzero codewords are the line complements; this is a
constant-weight code:
all nonzero words have the same weight, here 4.
That [7, 3, 4] code is thus contained in its dual;
a code C ⊆ C⊥
is said to be self-orthogonal, because
an equivalent condition is
⟨c, c’⟩ = 0
for all c, c’
∈ C.
(Except in characteristic 2 it is enough to check this for
c=c’, as usual for quadratic forms.)
Further examples are the zero code (of course) and the repetition code
when the length is a multiple of the characteristic.
Such a code must have
k ≤ n−k,
that is, k ≤ n/2.
An important special case is a self-dual code,
which is a linear code satisfying
C⊥ = C;
equivalently, a self-orthogonal code of length n
and dimension n/2.
An easy example is the repetition code of length 2
over a field of characteristic 2.
A more interesting example is the extended Hamming code,
the [8, 4, 4] binary code obtained by
adding a checksum coordinate to the Hamming [7, 4, 3] code.
The Hamming code contains the antipode (one’s complement)
of each of its codewords, and each non-antipodal pair of codewords
is at Hamming distance 4.
(In general, adding a checksum coordinate to a binary linear code
yields a code of the same dimension all of whose words have even weight;
applying this transformation to an
[n, k, d] code
of odd minimum distance such as the Hamming code yields an
[n+1, k, d+1] code.)
Interlude on isometries:
Hamming space An has two natural sources of isometries:
we can apply a permutation of A to each coordinate,
or an arbitrary permutation to the set of n coordinates.
These generate a group, call it G, of
n! · q!n
isometries, which is the
“wreath product”
that’s the semidirect product of the symmetric group
Sn acting on
(Sq)n.
We claim that G is in fact the full isometry group of Hamming space.
One way to show this is to check that G acts simply transitively
on (n+1)-tuples
(w0,
W1,
W2,
…,
Wn)
where w0 is a word
and each Wi
is a permutation of the q−1 words
w that differ from w0
only in coordinate
σ(i), where σ is some permutation of
{1, 2, …, n}.
If the full isometry group were any larger than G,
then its stabilizer acting on these (n+1)-tuples
would be nontrivial; but that’s impossible because
we can use the Hamming metric, together with the choice of
w and of the ordering of the
n(q−1) words w
at distance 1 from w0, to reconstruct
the rest of Hamming space (each word w’
is uniquely determined by
d(w0, w’)
and the
d(w0, w’)
words w at distance 1 from w0
that are closer to w’
than w0).
Two codes C, C’
of the same length over the same alphabet are said to be
isomorphic if
C’ = g(C)
for some isometry g of Hamming space, and the
automorphism group Aut(C) of C
is the stabilizer of C in the isometry group
G of Hamming space (or sometimes the image of that group
in the group of permutations of C; this is usually
the same but there are codes whose stabilizer does not act faithfully).
If C is linear then translation by any codeword is
an automorphism. But we usually exclude nonzero translations
of linear codes, because the choice of 0
is part of the vector space structure,
and thus should be fixed by any automorphism.
Of the isometries of Fn that preserve 0,
the only linear ones are the
F*-signed permutation matrices,
that is, the matrices each of whose rows and columns has a single nonzero
entry; the group of F*-signed permutation matrices
(a.k.a. F*-signed coordinate permutations)
is a semidirect product — again a wreath product — of
Sn acting on
(F*)n.
The subgroup that takes C to C
is the group of automorphisms of C as a linear code,
and always contains the group F* of scalar matrices
as a normal subgroup. (Again, we might be interested not in this group
but in its image in GL(C) when the action might not be faithful.)
Two linear codes are said to be isomorphic if they are equivalent
under an F*-signed coordinate permutation matrix.
Putting the signed permutation matrices together with translations
by (F*)n yields a group,
call it Glin, of Hamming isometries
consistent with the linear structure. This group is a semidirect product
in two ways: the F*-signed permutation matrices
acting on (F*)n,
and Sn
acting on the nth power of the
ax+b group of affine-linear
permutations of F
(a.k.a. GL1(F)).
When q is 2 or 3, the ax+b group
is all of Sq, so concentrating on linear codes
does not artificially break the symmetry of the problem.
But for large F the
ax+b group
is tiny compared with Sq
(index (q−2)!),
which makes the restriction to linear codes feel less natural,
and might suggest imposing alternative structures on the alphabet —
e.g., later this term we might briefly consider codes over
P1(Fq),
which has q+1 letters and an action of
PGL2(Fq).
The borderline case is q=4, where the
ax+b group is the alternating group
A4, and we recover the symmetric group
S4 by adjoining the nontrivial
field automorphism of F.
In general, when F has nontrivial automorphisms
(i.e., when q = pe
with e > 1),
we can augment Glin slightly
by taking a further semidirect product with the action of
Aut(F). Note, though, that we must apply
the same field automorphism to all coordinates at once
(the “diagonal action” of Aut(F)),
so even when q = 4
we do not quite get all of G
once n > 1.
Tuesday, Sep. 17:
Linear codes and point configurations in projective space
The interlude on Aut(C) also serves as a segue to a
dictionary between linear codes and configurations of points
in finite projective spaces. In applications, and in treatises
aimed at applications, an [n, k, d]
code will often be described by a generator matrix in block form
(I | C),
where I is the identity matrix and C is regarded
as a matrix of checksums, so that the first k letters
are the message (“information bits”, for a binary code)
and the remaining n−k
are the redundant information that makes error correction possible.
But this breaks the Sn symmetry on the coordinates;
and of course choosing any generator matrix for C breaks its
GL(C) symmetry. As usual in linear algebra, when it comes to
doing explicit computation we usually need to make a symmetry-breaking
choice, but for structural study we want to work instrinsically
to the extent that we can.
Here’s one way to think about it,
leading to a nice geometric description of linear codes.
Hamming space Fn is quite a concrete vector space,
coming to us with a choice of coordinates, ambiguous only up to
permutation and scaling individual coordinates. But C
has no intrinsic structure except for what it gains as a subspace
of Fn. So we regard C as
an abstract vector space together with an embedding
into Fn, that is,
a choice of n linear functionals on C.
Permutation equivalence says that we have not an ordered
n-tuple but an unordered set (or perhaps a multiset,
as for the repetition code); and scaling equivalence on each coordinate
says each functional is defined up to nonzero scaling.
We assume that none of the coordinate functions
is the zero functional. (*)
Then the coordinates are nonzero vectors in the linear dual
C* = Hom(C, F) of C
[NB this is not the same as the dual code
C⊥!], and scalar equivalence means
they’re really points in the k−1 dimensional
projective space
P(C*) =
(C*−{0}) / F*.
These points give a linear map from C to Fn
(up to F*-signed coordinate permutation);
this map is injective iff the functionals span
C*, that is, iff the
n points are contained in no hyperplane
of P(C*) —
we say that the points must “span”
P(C*)
.
[It takes at least k points to do that, but we already know that
n > k.]
Therefore:
An [n, k, *] code
without identically-zero coordinates is tantamount to a
spanning (multi)set SC of n points in
Pk−1(F).
This respects the relevant symmetries: two codes are isomorphic iff
their associated configurations are equivalent under
Aut(Pk−1(F))
= PGLk(F).
(*) In general, an [n, k, d] code
C with z identically-zero coordinates is just an
[n−z, k, d]
code C0
with no such coordinates that has been artificially inflated to
length n with z idle coordinates that contribute
neither information nor error correction; if we can understand
C0 then we’ve also
understood C.
So how to recover the minimum weights d and d*
of C and C⊥ from the
geometry of this configuration SC
in the dual projective space? Nonzero codewords c up to scaling
↔ hyperplanes H in the dual
Pk−1,
and the weight of c is the number of points of S
not in H. So the minimum weight is given by the formula
d = n − maxS
#(S ∩ H).
Since any k−1 points span a hyperplane,
the Singleton bound follows immediately (you should check that this is
really the same proof that we gave already), and MDS codes correspond
to configurations of points in “general linear position”,
with no k of the points in a hyperplane. As for d*,
a nonzero dual codeword is a nontrivial linear relation on the
coordinates of C. We already excluded the most trivial
of relations by requiring that C have no nonzero coordinates;
so d* > 1. Beyond that,
d* = 2 means two coordinates
are proportional, so two of the points of S coincide;
d* = 3 means S has
distinct points but three of them are collinear; and so forth.
In general, we see that
d* is the smallest size of
a linearly dependent subset of S.
(In general, δ points in
a projective space are said to be “linearly dependent”
when they lie on a linear projective subspace of dimension
less than δ−1; here there must be d* points
on a subspace of dimension exactly d−2, else the
minimum dual weight would be even smaller.) So again C is MDS
iff C⊥ is MDS.
Note that if C has neither an identically zero coordinate
nor a weight-1 codeword,
then the same is true of C⊥.
This happens iff S has no subset of
n−1 points all on a hyperplane.
Given such S, we can reconstruct C, then form
the dual code C⊥, and find its
associated point configuration S*, which again is n points
(permuted in the same way as the points in S) with no
n−1 points on a hyperplane, but in a
projective space of dimension
n−k−1,
not k−1.
Since C⊥⊥ = C,
applying this construction to S* recovers S.
So we have a duality between n-point configurations
in Pk−1 and in
Pn−k−1
over any field (not necessarily finite), with both configurations
satisfying the condition that
no n−1 of the points are on a hyperplane.
This is equivalent to the (Coble-)Gale duality in
algebraic geometry; see for instance the 1998
article
by Eisenbud and Popescu.
Returning now to our usual setting of a finite field, we can use this
picture to construct and study some basic examples of linear codes.
Suppose for starters that C* is single-error-correcting, i.e. that
d ≥3. This is equivalent to the condition
that the points of the configuration S associated to C
are distinct. Thus n = #S is
at most #Pk−1(F)
= (qk−1) / (q−1),
and conversely if n satisfies that bound then we can find
S and recover C and then an
[n, n−k, ≥3]
code C*. If n equals its maximum value
(qk−1) / (q−1),
then C* is determined uniquely up to isomorphism,
and is perfect because in this case
qk = 1 + (q−1)n.
This shows that perfect single-error-correcting codes of all possible
lengths exist whenever q is a prime power.
[The linear ones are unique as noted, but there can be nonlinear codes
with the same parameters.] There are called Hamming codes, because
the (q,n) = (2,3) case recovers the
Hamming [7, 4, 3] code.
(NB Sometimes C* is called a
“Hamming code” only when q=2, in which case the
parameters of C* are
[2k−1,
2k−k−1, 3].
In this case C itself is a constant-weight
[2k−1, k,
2k−1]
code, of which we shall have more to say soon.)
Another remarkable property of the Hamming code C*
is that
Aut(C*) = GL(C*)
≅ GLk(F);
to see this, note that
Aut(C*) is a subgroup of GL(C*)
that contains F* and that maps surjectively to
PGL(C*) (because any projective linear transformation
permutes SC when SC consists of
all F-points of
Pk−1(F)).
When k=2, the Hamming code is MDS, and is the longest
codimension-k MDS code over F.
The same is true trivially for k=1.
This no longer holds for k ≥ 3.
We next consider the case k=3, when an MDS code
corresponds to a set of n (distinct) points in the projective
plane P2(F)
no three of which are collinear. Such a set is called an
“n-arc”
in P2(F),
and n-arcs were already studied
in finite projective geometry before the advent of coding theory.
We next give some of the known results about small and large
n-arcs in finite projective planes.
When n is small,
it is easy to describe and enumerate n-arcs,
even without assuming that our projective plane is algebraic,
that is, using only the combinatorial definition of a projective plane
of order q as an incidence relation on
q2+q+1 points and
q2+q+1 lines
with each point (resp. line) incident to
q+1 lines (points)
and any two points (lines) incident on a unique line (point).
We find that for n ≤ 6
the number of ways to extend an (n−1)-arc
to an n-arc is a number An
depending only on (q and) n, so the total number of
n-arcs is
(1/n!) ∏1≤i≤n
Ai,
where Ai is
q2+q+1,
q2+q,
q2,
(q−1)2,
(q−2)(q−3)
for i=1, 2, 3, 4, 5,
and
q2−9q+21
= (q−4)(q−5) + 1
for i=6. In particular, the number of
ordered 4-arcs is
∏1≤i≤4
Ai
= q2 (q3−1)
(q3−q) = #PGL3(F),
and indeed in an algebraic projective plane PGL3
acts simply transitively on the ordered 4-arcs;
more generally, for each k the group
PGLk acts simply transitively on the
ordered (k+1)-tuples of points in general linear
position in Pk−1.
In the coding picture, this tells us that the MDS codes with parameters
[k+1, k, 2]
(and dually [k+1, 1, k]) are unique
up to isomorphism — which however is not hard to see directly
for the 1-dimensional code. Returning to the case of a
projective plane, n=4 is also the first case
where C satisfies our hypothesis of no
n−1 points on a hyperplane(=line).
For n=5, the new factors of
(q−2)(q−3)
can be explained by noting that five points with no three on a line
lie on a unique conic,
and a conic has q+1 points,
of which we’re choosing 5 which can be done in
(q+1)q(q−1)(q−2)(q−3) / 5!
ways.
[More on conics in finite algebraic projective planes next time; the count is
q5−q2.]
In particular, 5- and 6-arcs exist on any projective
plane of order at least 4, and on a plane of order 4 or 5
every 5-arc extends uniquely to a 6-arc.
Once n>6, the number of extensions of an
(n−1)-arc to an n-arc
is no longer constant, and even the total number of
n-arcs in a finite projective plane Π
can no longer be given by a simple formula
because it depends on details of the geometry of Π.
After some inclusion-exclusion analysis one finds that for
n=7 the count of
n-arcs depends also on the number of
copies of the Fano (order-2) projective planes in Π
For n=8 we need that count as well as the number
of occurrences of a certain configuration of 8 points and 8 lines;
for n=9 several new counts arise, including
the number of copies in Π of the affine plane of order 3
(a configuration of 9 points and 12 lines of 3, one joining
each pair of points); and it quickly gets more complicated after that.
[See David Glynn: Rings of geometries II,
J. Combinatorial Theory A 49 (1988),
26–66, especially Theorems 4.2 and 4.4;
thanks to Nathan Kaplan for this reference.]
When Π = P2(Fq),
these first few contributions depend only on the residue of q
mod 2 and 3 respectively (e.g. there are no Fano planes except
when q is a power of 2, and no affine planes of order 3
if q ≡ −1 mod 3);
but even in this case the formulas get arbitrarily complicated
as n grows, in a sense made precise by a theorem
of Mnëv (1988) and memorably described by R. Vakil as
“Murphy’s Law”.
Thursday, Sep. 19:
Codes and point configurations, cont’d;
Segre’s theorem
Still we can say something about the largest n-arcs,
or equivalently the longest MDS codes of dimension 3
(and dually of dimension n−3).
We already saw in effect that a conic is an (q+1)-arc;
and it is easy to see that there cannot be an n-arc
for n>q+2: each of the
q+1 lines through a point of the arc
can contain at most one further point. Thus the maximal n
is either q+1 or q+2.
We shall see that:
• n = q+2
is possible
iff q is even;
• n = q+1 is attained
only by conics when q is odd.
The latter is a celebrated
theorem of Segre
(Canad. J. Math. 7 (1955), 414–416
[NB what Segre calls a “Galois field” γ is our
finite field F]);
in our setting, this theorem says that the
[q+1, 3, q−1] MDS code
over a field of odd order is unique up to isomorphism.
Arcs of q+1 and q+2 points
are called “ovals” and “hyperovals” respectively;
thus we assert that P2(F)
contains a hyperoval iff q is even,
while for odd q the only ovals are conics.
The upper bound q+2 has a purely combinatorial proof, and thus holds for
an arbitrary finite projective plane, not just for algebraic planes;
the same is true for the result that if a plane of order q
has a hyperoval then q is even. The former result is easy:
given a point P of an n-arc, each of the
q+1 lines through P can go through only one further point
of the arc, for a total of q+2. For the latter, observe that since
P was an arbitrary point of the arc, any line not disjoint from
a hyperoval must meet it in exactly two points; considering all line through a
given point off the hyperoval gives a partition of the hyperoval’s
points into pairs, whence q+2 is even, which proves the claim.
[Note that this argument fails in the degenerate case of the “projective plane
of order 1”, for lack of a point off the hyperoval (we need
q2+q+1 > q+2);
and indeed that “plane” does have a hyperoval.
But we won’t worry about geometry over a
“one-element field”, though it can be
Fun to contemplate such things.]
Still working in the general combinatorial setting, we see that each point P
of an oval O is on exactly one line tP
that meets O in no other point, and is thus called the “tangent”
to O at P. Each point not in O
is then on an even number of tangents if q is odd,
and on an odd number of tangents if q is even.
In the former case, a second-moment argument shows that the even number
is either 0 or 2, just as in the familiar case of real conics
(where a point in the plane lies on 0, 1, or 2 tangents according as
it is inside, on, or outside the conic — in the projective setting the
“inside” of a conic is the simply-connected component of
its complement).
For each of the q2 points P
not in O, let τP
be the number of tangents through P. There are
q+1 tangents, each lying on q points off O;
thus
∑P τP
= (q+1) q. Each pair of tangents
meets in a unique point, which is not on O,
and each P is the intersection of
τP(τP−1)/2
such pairs; thus
∑P
τP(τP−1)
= (q+1) q.
But then
∑P
τP(τP−2) = 0,
and since each τP is even
none of the summands is negative. Hence all summands vanish,
whence each τP is 0 or 2 as claimed.
A similar argument (see Problem 3 of the
second problem set)
shows that when q is even each
τP is either 1 or q+1,
the latter arising once; that is, all the “tangents” meet at a point!
This point is called the “center” of the oval, and an oval together with
its center is a hyperoval.
For
Π = P2(Fq)
we shall show algebraically that every conic has a center, which will prove
the existence of hyperovals in algebraic projective planes of even order.
[Proof of
Segre’s theorem, where the key step is in effect
that every triangle inscribed in an oval (i.e., formed by three of its points)
has a “symmedian point”, or equivalently that
every triangle circumscribed about an oval (i.e., formed by three of its tangents)
has a Gergonne point. (For more on these, see X(6) and X(7) in the
“Encyclopedia of Triangle Centers”,
which starts with X(1)=incenter and X(2)=centroid, and has reached
X(5394) and beyond.)
Along the way we use in effect the classical
theorems of
Menelaus (115±25 CE),
Ceva (1678, but anticipated by about 700 years by
al-Mutaman),
and (in one direction only) Wilson(-Lagrange 1771, known and perhaps proved a century
or 7+ earlier)!
When q is even, the same argument gives an alternative proof
(but valid only for finite algebraic Π) that any three tangents
to an oval, and thus all its tangents, meet at a point.
Here’s another application of Segre’s
result, showing that quadratic polynomials on a prime field
F=Z/pZ
of odd order are the only maps
f : F→F such that
x ↦ f (x+a)
− f (x)
is a permutation for each nonzero a in F.
(And
here’s how I found out about it.)]
First problem set:
continuity of the asymptotic rate functions;
a bit on spherical codes;
binary codes with 
We’ll use these
Lecture notes
See also
Part II
of my Notices article
“Lattices, Linear Codes, and Invariants”
(Part I is in the analogous picture for
lattices in Euclidean space, which is developed to an extent
later in the course).
Table listing, in several code and lattice
contexts, the parameters q, F, Δ,
