Cyclic and BCH Codes

Maheshanand

IIT Roorkee

Workshop on Algebraic Codes and MAGMA Computation (ACMC-2023),

IIT Patna

Nov. 10, 2023

Outline

1 Introduction

2 Basic results on cyclic codes

3 Zeros of a cyclic code

4 BCH Codes

5 Reed-Solomon Codes

6 Generalized Reed-Solomon codes

Maheshanand Cyclic and BCH Codes

Introduction

The class of cyclic codes is an important class of linear codes. Perhaps

the most studied among linear codes.
Introduced by Prange in 1957.
They have rich algebraic structure and there are efficient encoding and
decoding algorithms available for them . Therefore, they are easy to
implement.
Many special classes of cyclic codes have found applications in various
digital communication systems.

Let Fq be a finite field.

A linear code C of length n over Fq is said to be a cyclic code if C is closed

under the operation of cyclic shift, that is,

(c0 , c1 , . . . , cn−1 ) ∈ C =⇒ (cn−1 , c0 , . . . , cn−2 ) ∈ C.

By induction, all successive cyclic shifts of any c ∈ C are again in C.

Maheshanand Cyclic and BCH Codes

Introduction
In cyclic codes, it is convenient to represent codewords as polynomials:

(a0 , a1 , . . . , an−1 ) ←→ a0 + a1 x + · · · + an−1 x n−1 .

This gives a one-one correspondence between Fnq and the set of all
polynomials of degree at most n − 1 over Fq .

Let C be a cyclic code of length n over Fq .

A codeword c = (c0 , c1 , . . . , cn−1 ) ∈ C is represented as
c(x) = c0 + c1 x + · · · + cn−1 x n−1 ∈ Fq [x].
The cyclic shift c ′ = (cn−1 , c0 , . . . , cn−2 ) of c corresponds to
c ′ (x) = cn−1 + c0 x + · · · + cn−2 x n−1 .
Now xc(x) = c0 x + c1 x 2 + · · · + cn−1 x n .
If we take x n = 1, that is, if we do polynomial arithmetic modulo x n − 1, then
we have c ′ (x) = xc(x).
Thus the cyclic shift of the codeword c(x) is xc(x) in the residue class ring
Rn = Fq [x]/(x n − 1).
Therefore the right context for studying cyclic codes of length n over Fq is the
residue class ring Rn = Fq [x]/(x n − 1).
Maheshanand Cyclic and BCH Codes
Basic results on cyclic codes

Theorem
Let C be a linear code of length n over a field Fq . Then C is a cyclic code if
and only if C is an ideal of Rn = Fq [x]/(x n − 1).

Proof.
If C is an ideal of Rn = Fq [x]/(x n − 1), then for any c(x) ∈ C, the element
xc(x) is also in C. Thus C is closed under the operation of cyclic shift, and
hence C is a cyclic code.

Conversely suppose C is a cyclic code. Then for any c(x) ∈ C, the elements

xc(x), x 2 c(x), . . . x n−1 c(x)

are all in C. Since C is linear, any linear combinations of the elements

c(x), xc(x), x 2 c(x), . . . , x n−1 c(x)

is again in C. This implies that for any a(x) ∈ Rn , the element a(x)c(x) ∈ Rn .
So, C is an ideal of Rn .

Maheshanand Cyclic and BCH Codes

Let C be a non-zero cyclic code of length n over Fq .
Then ∃ a monic polynomial g(x) of smallest degree in C satisfying the
following properties:

(i) C = ⟨g(x)⟩.

Let c(x) ∈ C. By division algorithm there exist unique polynomials

q(x), r (x) ∈ Fq [x] such that

c(x) = q(x)g(x) + r (x), r (x) = 0 or deg r (x) < deg g(x) .

Since C is an ideal, r (x) = c(x) − q(x)g(x) ∈ C, as c(x), g(x) ∈ C.

As, deg r (x) < deg g(x), the minimality of deg g(x) implies that r (x) = 0.
So c(x) = q(x)g(x) ∈ ⟨g(x)⟩. Hence C = ⟨g(x)⟩.

(ii) g(x) | (x n − 1).

By division algorithm, ∃ unique q(x), r (x) ∈ Fq [x] such that

x n − 1 = q(x)g(x) + r (x), r (x) = 0 or deg r (x) < deg g(x) .

But in Rn , x n − 1 = 0. So we have 0 = q(x)g(x) + r (x), which implies that

r (x) = −q(x)g(x) ∈ C. Again the minimality of deg g(x) forces r (x) = 0.
Hence g(x) | (x n − 1).
Maheshanand Cyclic and BCH Codes
(iii) Let k = n − deg g(x). Then dimFq (C) = k , and
{g(x), xg(x), . . . , x k −1 g(x)} is a basis for C.

Let c(x) ∈ C. Then c(x) = a(x)g(x) for some a(x) ∈ Fq [x]. Since
deg a(x)g(x) = deg c(x) < n, and deg g(x) = n − k , we must have
deg a(x) < k .
Thus, c(x) is a linear combination of the elements g(x), xg(x), . . . , x k −1 g(x).
Hence the set {g(x), xg(x), . . . , x k −1 g(x)} spans C over Fq .
Now suppose that there exist a0 , a1 , . . . , ak −1 ∈ Fq such that

a0 g(x) + a1 xg(x) + · · · + ak −1 x k −1 g(x) = 0 . (in Rn )

Then a(x)g(x) = 0 in Rn , where a(x) = a0 + a1 x + . . . + ak −1 x k −1 . Then

(x n − 1) | a(x)g(x) in Fq [x]. This implies that a(x)g(x) = 0 because
deg a(x)g(x) < n = deg (x n − 1). Since g(x) ̸= 0,
a(x)g(x) = 0 =⇒ a(x) = 0, which implies that ai = 0 for all i. Hence
{g(x), xg(x), . . . , x k −1 g(x)} is linearly independent over Fq , and is therefore
a basis for C over Fq . Clearly dim C = k .

(v) Every element of C can uniquely be expressed as a(x)g(x), where

a(x) = 0 or deg a(x) < k .

Maheshanand Cyclic and BCH Codes

 Pn−k
(iv) If g(x) = gi x i , then a generator matrix for C is
i=0
 
g0 g1 · · · gn−k 0
 0 g
0 g 1 · · · gn−k

G=
 
... ... ... ...

 
0 g0 g1 · · · gn−k
 
g(x)
 xg(x) 
←→ 
 
... ...

 
x k −1 g(x)

Since {g(x), xg(x), . . . , x k −1 g(x)} is a basis of C over Fq , the matrix G

whose rows are the n-tuples corresponding to the elements
g(x), xg(x), . . . , x k −1 g(x) is a generator matrix for C.
The result follows.

The polynomial g(x) is called the generator polynomial of C.

Maheshanand Cyclic and BCH Codes

Cyclic codes and factorization of x n − 1

We know that if C is a non-zero cyclic code of length n over Fq , then ∃ a

unique monic polynomial g(x) ∈ Fq [x] such that C = ⟨g(x)⟩ and
g(x) | (x n − 1).
Conversely if g(x) ∈ Fq [x] is a monic polynomial with g(x) | (x n − 1), then
clearly ⟨g(x)⟩ is an ideal of Rn , i.e., a cyclic code of length n over Fq .
If we consider the zero ideal in Rn to be the ideal generated by x n − 1, then
there is a one-one correspondence between the monic divisors of x n − 1 in
Fq [x] and the cyclic codes of length n over Fq .

Every monic divisor of x n − 1 over Fq is a unique product of some monic

irreducible factors of x n − 1. Therefore, the factorization of x n − 1 into monic
irreducible polynomials over Fq plays a very important role in the study of
cyclic codes.
Cyclic codes of length n over Fq are mainly studied with the assumption that
(n, q) = (n, p) = 1, where q = pr , p a prime. This condition ensures that
x n − 1 factorizes into distinct monic irreducible polynomials over Fq .
We assume throughout that (n, q) = 1.

Maheshanand Cyclic and BCH Codes

Theorem
Suppose x n − 1 factorizes into m distinct monic irreducible polynomials over
Fq . Then the number of cyclic codes of length n over Fq is 2m .

Example
Consider cyclic codes of length 7 over F2 . x 7 − 1 factorizes into monic
irreducible polynomials over F2 as

x 7 − 1 = (x + 1)(x 3 + x + 1)(x 3 + x 2 + 1) = f1 f2 f3 (say).

So there are 3 distinct monic irreducible factors f1 = x + 1, f2 = x 3 + x + 1

and f3 = x 3 + x 2 + 1 of x 7 − 1 over F2 .
Therefore there are 23 = 8 binary cyclic codes of length 7. The generator
polynomials of distinct cyclic codes of length 7 over F2 are 1 (generates the
whole space), f1 , f2 , f3 , f1 f2 , f1 f3 , f2 f3 and f1 f2 f3 = x 7 − 1 (generates the zero
code).

Maheshanand Cyclic and BCH Codes

Encoding of cyclic codes

Let C be a cyclic code of length n and dimension k over Fq .

Let g(x) be the generator polynomial of C, deg g(x) = n − k .
Let (m0 , m1 , . . . , mk −1 ) ∈ Fkq be a message block.
In polynomial form, the message block is m(x) = m0 + m1 x + · · · + mk −1 x k −1 .
Clearly, c(x) = m(x)g(x) is a codeword in C.
Thus, a message block m(x) can be encoded into a codeword as
c(x) = m(x)g(x).
Therefore, an encoding rule for C can be given by

m(x) −−−−−→ m(x)g(x) .

However, this encoding is not a systematic encoding, as m0 , m1 , . . . , mk −1 do

not all appear as coefficients of c(x) = m(x)g(x).

Maheshanand Cyclic and BCH Codes

A systematic encoding of cyclic codes
Let C be a cyclic code of length n and dimension k over Fq , with generator
polynomial g(x).
Let m(x) be a message polynomial.
Divide x n−k m(x) by g(x). Then there exist unique polynomials q(x) and r (x)
such that

x n−k m(x) = q(x)g(x) + r (x), r (x) = 0 or deg r (x) < deg g(x) = n − k .

Then x n−k m(x) − r (x) = q(x)g(x) ∈ C, i.e, x n−k m(x) − r (x) is a codeword
in C. Now let m(x) ↔ (m0 , m1 , . . . , mk −1 ) and r (x) ↔ (r0 , r1 , . . . , rn−k −1 ) (as
deg r (x) < n − k ). Then

x n−k m(x) − r (x) ←→ (−r0 , −r1 , . . . , −rn−k −1 , m0 , m1 , . . . , mk −1 ) .

Thus, the message symbols m0 , m1 , . . . , mk −1 appear in the last k positions

of the codeword x n−k m(x) − r (x) = q(x)g(x) ∈ C. Therefore, the encoding
given by
m(x) −−−−−→ x n−k m(x) − r (x) ,
gives a systematic encoding where the message symbols appear in the last k
position of the codeword.
Maheshanand Cyclic and BCH Codes
Check polynomial
Let C be a cyclic code of length n over Fq , with generator polynomial g(x).
Since g(x) is monic divisor of x n − 1, there exists a monic polynomial
h(x) ∈ Fq [x] such that
g(x)h(x) = x n − 1 .
Then, g(x)h(x) = 0 in Rn = Fq [x]/(x n − 1).
The polynomial h(x) is called the check polynomial or the parity-check
polynomial of C.

Now let c(x) ∈ C be any codeword. Then c(x) = a(x)g(x) for some
a(x) ∈ Fq [x]. Then

c(x)h(x) = a(x)g(x)h(x) = 0 (in Rn ) .

Conversely, let v (x)h(x) = 0 for any v (x) ∈ Rn . Then (x n − 1) | v (x)h(x) in

Fq [x]. This implies that g(x) | v (x), as x n − 1 = g(x)h(x). Hence v (x) ∈ C.
Therefore, codewords in C are precisely those elements v (x) ∈ Rn such that
v (x)h(x) = 0 in Rn , i.e.,

C = {v (x) ∈ Rn | v (x)h(x) = 0 (in Rn )} .

Maheshanand Cyclic and BCH Codes

A parity-check matrix for a cyclic code

Let C be an [n, k ]-cyclic code over Fq with the check polynomial h(x). Then
deg h(x) = k = n − deg g(x).
Let h(x) = h0 + h1 x + · · · + hk x k and let c(x) = c0 + c1 x + · · · + cn−1 x n−1 be
a codeword in C.
Then c(x)h(x) = 0 in Rn . The coefficient of x j in the product c(x)h(x) (in Rn )
is
Xn−1
ci hj−i , j = 0, 1, . . . , n − 1 ,
i=0

where the indices are computed modulo n.

From this follows that a parity-check matrix for C is
 
hk hk −1 hk −2 · · · h0 ··· 0
 0 hk hk −1 · · · h1 h0 ··· 
H=  . (1)
 
 ... ... ... ... ... 
0 hk hk −1 ··· h0

Maheshanand Cyclic and BCH Codes

The dual of a cyclic code

Let f (x) = f0 + f1 x + · · · + fn x n ∈ Fq [x] be any polynomial. Then the

reciprocal polynomial of f (x) is defined by

f ∗ (x) = x n f (x −1 ) = fn + fn−1 x + · · · + f0 x n .

The coefficients f ∗ (x) are the coefficients of f (x) taken in the reverse order.

The parity-check matrix H of C given in (1) above correspond to h∗ (x) and its
cyclic shifts xh∗ (x), x 2 h∗ (x), . . . , x n−k −1 h∗ (x).
Therefore it follows that the linear code whose generator matrix is H, i.e., the
dual code C ⊥ of C, is a cyclic code with h∗ (x) as a generator, i.e,
C ⊥ = ⟨h∗ (x)⟩.
Now the polynomial h⊥ (x) = h0−1 h∗ (x) is a monic polynomial such that
C ⊥ = ⟨h⊥ (x)⟩ and h⊥ (x) | (x n − 1). It follows from this discussion that

C ⊥ is a cyclic code of length n over Fq with generator polynomial h⊥ (x).

C is self-orthogonal if and only if h∗ (x) | g(x).

Maheshanand Cyclic and BCH Codes

Factorization of x n − 1 over Fq

We have seen that there is a one-one correspondence between cyclic codes

of length n over Fq and the monic divisors of x n − 1 over Fq .
Each such divisor is the generator polynomial of the corresponding cyclic
code.
Thus, the study of cyclic codes of length n over Fq depends on the
factorization of x n − 1 over Fq .
Recall that we have (n, q) = 1, so that x n − 1 factorizes uniquely into distinct
monic irreducible polynomials over Fq .
Also, ∃ a smallest positive integer m such that q m ≡ 1 (mod n).
(This is so because q is invertible modulo n, as (n, q) = 1, and the elements
q, q 2 , q 3 , . . . cannot all be distinct modulo n. Therefore, ∃ r , s ∈ Z, r > s, such
that q r ≡ q s (mod n), which implies that q r −s ≡ 1 (mod n). So such an
integer m exists.)
Thus, m is the smallest positive integer such that n | (q m − 1).
m is called the order of q modulo n.

Maheshanand Cyclic and BCH Codes

Factorization of x n − 1 over Fq

The finite field Fq m is an extension field of Fq of degree m.

The non-zero elements of Fq m are precisely the roots of the polynomial
m
x q −1 − 1.
Let γ be a primitive element of Fq m . Then γ is a primitive (q m − 1)th root of
unity in Fq m .
q m −1
Now since n | (q m − 1), α = γ n is a primitive nth root of unity in Fq m .
Since m is the smallest such positive integer, Fq m is the smallest extension of
Fq which contains a primitive nth root of unity.
The elements 1, α, α2 , . . . , αn−1 are all the nth roots of unity in Fq m , and these
are therefore precisely the roots of x n − 1 over Fq . In other words, Fq m is the
splitting field of x n − 1 over Fq .

Maheshanand Cyclic and BCH Codes

Factorization of x n − 1 over Fq
Let αs , 0 ≤ s ≤ n − 1, be an nth root of unity in Fq m . Let mαs (x) be the
minimal polynomial of αs over Fq . Then all the roots of mαs (x) in Fq m are
r −1
αs , αsq , . . . , αsq ,

where r is the smallest positive integer such that sq r ≡ s (mod n). Since all
the roots of mαs (x) are nth roots of unity, mαs (x) | (x n − 1), and thus mαs (x)
is a monic irreducible factor of x n − 1 over Fq . Also, from the theory of finite
fields, we know that deg mαs (x) | m.

q-cyclotomic cosets modulo n

Let n, q and m be as above. For any non-negative integer s, the q-cyclotomic
coset of s modulo n is defined by

Cs = {s, sq, sq 2 , . . . , sq r −1 } ,

where r is the smallest positive integer such that sq r ≡ s (mod n). The
cylotomic coset Cs is generally represented by the smallest non-negative
integer in Cs .
q-cyclotomic cosets modulo n partition the set {0, 1, 2, . . . , n − 1}.
Maheshanand Cyclic and BCH Codes
Factorization of x n − 1 over Fq

From our discussion above, the minimal polynomial mαs (x) of αs over Fq is
given by Y
mαs (x) = (x − αi ) . (2)
i∈Cs

− αi ) ∈ Fq [x] and deg mαs (x) = |Cs |.

Q
We remark here that mαs (x) = i∈Cs (x

Now if mαs1 (x), mαs2 (x), . . . , mαsk (x) are distinct minimal polynomials of the
nth roots of unity over Fq , then x n − 1 = mαs1 (x)mαs2 (x) · · · mαsk (x) is the
factorization of x n − 1 into monic irreducible factors over Fq .
Then from equation (2), we have
Y Y
xn − 1 = (x − αi ) , (3)
s i∈Cs

where s runs through the set {s1 , s2 , . . . , sk }, which is a set of coset

representatives of q-cyclotomic cosets modulo n.

Maheshanand Cyclic and BCH Codes

Factorization of x n − 1 over Fq

Example
1 Consider the factorization of x 9 − 1 over F2 .
The smallest extension of F2 which contains a primitive 9th root of unity is
F26 , because m = 6 is the smallest positive integer such that 9 divides
2m − 1.
The 2-cyclotomic cosets modulo 9 are

C0 = {0}, C1 = {1, 2, 4, 8, 7, 5}, C3 = {3, 6} .

The corresponding monic irreducible factors of x 9 − 1 over F2 are

m1 (x) = x − 1 = x + 1, mα (x) = x 6 + x 3 + 1 and mα3 (x) = x 2 + x + 1,
where α is a primitive 9th root of unity is F26 .

2 Now consider the factorization of x 13 − 1 over F3 .

The smallest extension of F3 which contains a primitive 13th root of unity
is F33 , because m = 3 is the smallest positive integer such that 13
divides 3m − 1.

Maheshanand Cyclic and BCH Codes

Factorization of x n − 1 over Fq

Example (Example continued.)

The 3-cyclotomic cosets modulo 13 are

C0 = {0}, C1 = {1, 3, 9}, C2 = {2, 6, 5}, C4 = {4, 12, 10}, C7 = {7, 8, 11} .

The corresponding monic irreducible factors of x 13 − 1 over F3 are

m1 (x) = x − 1, mα (x), mα2 (x), mα4 (x) and mα7 (x), where α is a primitive
13th root of unity in F33 .

Maheshanand Cyclic and BCH Codes

Zeros of a cyclic code

Let C be a cyclic code of length n over Fq with generator polynomial g(x).

Then g(x) is a divisor of x n − 1, and hence any root of g(x) in an extension of
Fq is a root of x n − 1.
Let Fq m be the smallest extension of Fq which contains a primitive nth root of
unity α.
Then 1, α, α2 , . . . , αn−1 are all the roots of x n − 1 in Fq m . Thus Fq m contains
all the roots of g(x).
Now for any c(x) ∈ C, g(x) | c(x), and hence any root of g(x) is also a root
of c(x).
Therefore g(αi ) = 0 =⇒ c(αi ) = 0 ∀c(x) ∈ C.
Conversely if c(αi ) = 0 ∀c(x) ∈ C, then clearly g(αi ) = 0, as g(x) ∈ C.
Hence
c(αi ) = 0 ∀ c(x) ∈ C ⇐⇒ g(αi ) = 0 .

Maheshanand Cyclic and BCH Codes

Zeros of a cyclic code

The set
Z = {αi | g(αi ) = 0, 0 ≤ i ≤ n − 1}
is called the set of zeros of the code C.
The set
T = {i | 0 ≤ i ≤ n − 1, g(αi ) = 0}
is called the defining set of C.
As g(x) can be expressed as a product of some monic irreducible factors of
x n − 1 over Fq , from equation (3), g(x) can be expressed as
Y YY
g(x) = mαs (x) = (x − αi ) ,
s s i∈Cs

where s is a subset of representatives of q-cyclotomic cosets modulo n. Then

it follows that the defining set of T can be expressed as T = ∪s Cs , a union of
q-cyclotomic cosets modulo n.
Clearly deg g(x) = |T |. Therefore, dim C = n − deg g(x) = n − |T |.

Maheshanand Cyclic and BCH Codes

Zeros of a cyclic code
The following result summarizes our above discussion.
Theorem
Let α be a primitive nth root of unity in some extension field of Fq . Let C be a
cyclic code of length n over Fq with defining set T and generator polynomial
g(x). Then the following hold:
1 T is a union of q-cyclotomic cosets modulo n.
Y
2 g(x) = (x − αi ).
i∈T
Fq [x]
3 c(x) ∈ ⟨x n −1⟩
is in C if and only if c(αi ) = 0 for all i ∈ T .
4 The dimension of C is n − |T |.

The following results are easily verified.

Let C1 , C2 be linear codes of length n over Fq with defining sets T1 , T2 ,

respectively. Then
1 C1 ∩ C2 has defining set T1 ∪ T2 .
2 C1 + C2 has defining set T1 ∩ T2 .
3 C1 ⊆ C2 if and only if T2 ⊆ T1 .
Maheshanand Cyclic and BCH Codes
BCH bound
Theorem (BCH Bound)
Let C be a cyclic code of length n over Fq . Suppose that C has δ − 1
consecutive zeros αb , αb+1 , . . . , αb+δ−2 , b ≥ 0, δ ≥ 2, where α is a primitive
nth root of unity in an extension of Fq . Then d(C) ≥ δ.

Proof.
Since αb , αb+1 , . . . , αb+δ−2 are roots of C, for any c(x) ∈ C, we have

c(αb ) = c(αb+1 ) = · · · = c(αb+δ−2 ) = 0 .

Now if c(x) = c0 + c1 x + · · · + cn−1 x n−1 ∈ C, then

c(αj ) = 0 =⇒ c0 + c1 αj + · · · + cn−1 α(n−1)j = 0, j = b, b + 1, · · · , b + δ − 2 .

This is equivalent to Hc T = 0, where c = (c0 , c1 , . . . , cn−1 ) and H is the matrix

αb α2b
 
1 ··· α(n−1)b
 1
 αb+1 α2(b+1) ··· α(n−1)(b+1)  
H=  . . . . ..  .
 . .
. .
. .


b+δ−2 2(b+δ−2) (n−1)(b+δ−2)
1 α α ··· α
Maheshanand Cyclic and BCH Codes
BCH bound

Proof continued.
Now consider any δ − 1 columns of H, say columns headed by the elements
αi1 b , αi2 b , . . . , αiδ−1 b . The corresponding submatrix of H is a (δ − 1) × (δ − 1)
matrix
αi1 b αi2 b αiδ−1 b
 
···
 αi1 (b+1) αi2 (b+1) ··· αiδ−1 (b+1) 
H′ = 
 
.. .. .. ..  .
 
 . . . . 
αi1 (b+δ−2) αi2 (b+δ−2) · · · αiδ−1 (b+δ−2)
Now |H ′ | = αi1 b αi2 b · · · αiδ−1 b |M|, where M is the Vandermonde matrix
 
1 1 ··· 1

 αi1 αi2 ··· αiδ−1 

M=  .. .. .. ..  .

 . . . . 
i1 (δ−2) i2 (δ−2) iδ−1 (δ−2)
α α ··· α
Y r
We know that |M| = (α − αs ), where r , s ∈ {i1 , i2 , . . . , iδ−1 }.
r >s

Maheshanand Cyclic and BCH Codes

BCH bound

Proof continued.
As α is a primitive nth root of unity, αi1 , αi2 , . . . , αiδ−1 are all distinct.
Therefore, |M| ̸= 0.
Hence |H ′ | =
̸ 0, i.e., H ′ is non-singular.
So the columns of H ′ are linearly independent over Fq m and hence over Fq .
Thus, every set of δ − 1 columns of H are linearly independent over Fq .
Therefore, d(C) ≥ δ.

Maheshanand Cyclic and BCH Codes

Hamming codes as cyclic codes:

Theorem
A binary Hamming code is equivalent to a cyclic code.

Proof.
Let n = 2r − 1, where r is a positive integer. Let α be a primitive element of
F2r . Then α is a primitive (2r − 1)th root of unity, i.e, a primitive nth root of
unity. Let C be a binary cyclic code of length n and defining set T = {1}.
Then c(α1 ) = c(α) = 0 for all c(x) ∈ C. Therefore the matrix

H = [1, α, α2 , . . . , αn−1 ]

is a parity-check matrix of C over F2r . Now each element of F2r can be

expressed as an r -tuple over F2 with respect to an ordered basis of F2r over
F2 . Therefore expressing each αi , 0 ≤ i ≤ n − 1, in H as an r -tuple over F2 ,
we get an r × n matrix H ′ over F2 such that H ′ c T = 0 for all c ∈ C. Now all the
columns of H ′ are non-zero and distinct, as αi ̸= αj for i ̸= j, 0 ≤ i, j ≤ n − 1.
Therefore, H ′ is the parity-check matrix of an [n, n − r ] binary Hamming code.
Hence C is equivalent to a binary Hamming code.

Maheshanand Cyclic and BCH Codes

Hamming codes as cyclic codes:
Theorem
r
−1
Let r be a positive integer and n = qq−1 such that (r , q − 1) = 1. Let C be a
cyclic code of length n over Fq with defining set T = {1}. Then C is
equivalent to a q-ary Hamming code of length n.

Proof.
Let α be a primitive nth root of unity in Fq r . Since the defining set of C is {1},
we have c(α) = 0 for all c(x) ∈ C.
Therefore, the matrix
H = [1, α, α2 , . . . , αn−1 ]
is a parity-check matrix of C over Fq r .
Now given that (r , q − 1) = 1. Also, we have
r
−1
n = qq−1 = 1 + q + · · · + q r −1 = 1 + 1 + · · · + 1 = r (mod q − 1).
Then n = m(q − 1) + r for some m ∈ Z, and so (n, q − 1) = (q − 1, r ) = 1.
Now since (n, q − 1) = 1, αq−1 is also a primitive nth root of unity.
So α(q−1)i , 0 ≤ i ≤ n − 1, are all distinct.
Maheshanand Cyclic and BCH Codes
Hamming codes as cyclic codes:

Proof.
We claim that any two columns of H are linearly independent over Fq .
Suppose ∃ a1 , a2 ̸= 0 in Fq such that

a1 αi + a2 αj = 0 for some i, j ∈ {0, 1, , . . . , n − 1} with i > j .

Then αi−j = − aa2 ∈ Fq (since a1 , a2 ∈ Fq ). So α(i−j)(q−1) = 1 (recall that for

1
any x ∈ Fq , x q−1 = 1). This implies that n | (i − j)(q − 1) (as order of α is n),
which further implies that n | (i − j), as (n, q − 1) = 1. This is a contradiction
because 0 ≤ i, j ≤ n and i ̸= j. Therefore any two columns of H are linearly
independent over Fq .
Now expressing each αi , 0 ≤ i ≤ n − 1, in H as an r -tuple over Fq with
respect to an ordered basis of Fq r over Fq , we get an r × n matrix H ′ over Fq
such that H ′ c T = 0 for all c ∈ C, and any two columns of H ′ are linearly
independent over Fq .
Therefore, C is equivalent to an [n, n − r ] q-ary Hamming code.

Maheshanand Cyclic and BCH Codes

BCH codes

The binary BCH codes were discovered by Bose and Ray-Chaudhuri (1960)
and independently by Hocquenghem (1959), and were generalized to
arbitrary finite fields by Gorenstein and Zierler (1961).
BCH codes are cyclic codes designed to take the advantage of the BCH
bound.
The objective is to construct a cyclic code C of length n which simultaneously
has high minimum distance and high dimension.
The high minimum distance can be accomplished by choosing the defining
set T of C to have a large number of consecutive elements.
Since dim C = n − |T |, high dimension can be obtained by taking |T | as small
as possible.
Therefore, to meet our objectives, T should be taken to have δ − 1
consecutive elements such that |T | is as small as possible.

Maheshanand Cyclic and BCH Codes

BCH codes
Let n be a positive integer such that (n, q) = 1. Let Fq m be the smallest
extension of Fq containing a primitive nth root of unity α.
Let δ be an integer with 2 ≤ δ ≤ n. A BCH code C of length n over Fq with
designed distance δ is a cyclic code with defining set

T = Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2 ,

where Ci , i ∈ {b, b + 1, . . . , b + δ − 2}, is the q-cyclotomic coset modulo n

containing i.
Equivalently, C is the cyclic code with generator polynomial

g(x) = LCM (mαb (x), mαb+1 (x), . . . , mαb+δ−2 (x)) ,

where mαi (x) denotes the minimal polynomial of αi . Thus C has δ − 1

consecutive zeros αb , αb+1 , . . . , αb+δ−2 .
For b = 1, C is called a narrow-sense BCH code. For n = q m − 1, C is called
a primitive BCH code.
Since a BCH code C of designed distance δ has δ − 1 consecutive zeros, by
BCH bound, C has minimum distance at least δ.
Maheshanand Cyclic and BCH Codes
Theorem

Let C be a BCH code of length n and designed distance δ over Fq . Then

dim C ≥ n − m(δ − 1).

Proof.
Let T = Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2 be the defining set of C. Then

dim C = n − |T | = n − |Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2 | .

Now |Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2 | ≤ m(δ − 1), because the size of any
q-cyclotomic coset Ci modulo n is at most m. Hence
dim C ≥ n − m(δ − 1).

For binary BCH codes, we have a better bound on the dimension of the
codes than as given by the above result.

Theorem
For any positive integer m and t ≤ 2m−1 − 1, there is a binary BCH code of
length n = 2m − 1 that is t-error-correcting and has dimension ≥ n − mt.

Maheshanand Cyclic and BCH Codes

Example
Let C be a narrow-sense binary BCH code of length 15 and designed
distance 5.
Since C has designed distance 5, the defining set of C has 4 consecutive
elements. Also since C is a narrow-sense BCH code (i.e., b = 1), the
defining set of C is
T = C1 ∪ C2 ∪ C3 ∪ C4 ,
where Ci is the 2-cyclotomic coset modulo 15 containing i.
Now C1 = {1, 2, 4, 8} = C2 = C4 and C3 = {3, 6, 12, 9}.
So, T = {1, 2, 3, 4, 6, 8, 9, 12}.
Therefore, dim C = n − |T | = 15 − 8 = 7.
Thus, C is a binary [15, 7] code with minimum distance at least 5.

Maheshanand Cyclic and BCH Codes

Example (continued)
Now F16 is the smallest extension of F2 containing a 15th root of unity.
Let α be a primitive element of F16 , where α is a root of x 4 + x + 1.
Then α is 15th root of unity in F16 .
The generator polynomial of C is

g(x) = LCM(m1 (x), m2 (x), m3 (x), m4 (x)) = m1 (x)m3 (x) ,

where mi (x) is the minimal polynomial of αi . Now

m1 (x) = (x − α)(x − α2 )(x − α4 )(x − α8 ) and
m3 (x) = (x − α3 )(x − α6 )(x − α12 )(x − α9 ).
After computation, we get

g(x) = m1 (x)m3 (x) = 1 + x 4 + x 6 + x 7 + x 8 .

Now since wt(g(x)) = 5 and d(C) ≥ 5, the code C has minimum distance
exactly 5.
Thus, C is a [15, 7, 5] binary code.

Maheshanand Cyclic and BCH Codes

Example
Let C be a narrow-sense BCH code of length 13 and designed distance 4
over F3 .
Since C has designed distance 4, the defining set of C has 3 consecutive
elements.
So the defining set of C is

T = C1 ∪ C2 ∪ C3 ,

where Ci is the 3-cyclotomic cosets modulo 13 containing i.

Now C1 = {1, 3, 9} = C3 and C2 = {2, 6, 5}. Therefore, T = {1, 2, 3, 5, 6, 9}.
Hence dim C = n − |T | = 13 − 6 = 7.
Thus, C is a ternary [13, 7] code with minimum distance at least 4.
Now the smallest extension of F3 containing a primitive 13th root of unity is
F27 . Take α a primitive element of F27 , where α is a root of x 3 + 2x + 1. Then
α is 26th root of unity, and β = α2 is a primitive 13th root of unity.

Maheshanand Cyclic and BCH Codes

Example (continued)
The generator polynomial of C is

g(x) = LCM(m1 (x), m2 (x), m3 (x)) = m1 (x)m2 (x) ,

where mi (x) is the minimal polynomial of β i .

Now m1 (x) = (x − β)(x − β 3 )(x − β 9 ) and m2 (x) = (x − β 2 )(x − β 6 )(x − β 5 ).
So, we get (after computation),

g(x) = m1 (x)m3 (x) = 1 + 2x + x 2 + 2x 3 + 2x 4 + 2x 5 + x 6 .

Now (1 + x)g(x) = 1 + x 4 + x 5 + x 7 .

Since (1 + x)g(x) is a codeword in C with weight 4, and d(C) ≥ 4, the code

C has minimum distance exactly 4.
Thus C is a [13, 7, 4] ternary code.

Maheshanand Cyclic and BCH Codes

Reed-Solomon codes

Let Fq be a finite field and let n = q − 1.

Then Fq itself contains a primitive nth root of unity α, which is clearly a
primitive element of Fq .
Then x n − 1 factorizes completely into linear factors over Fq . In fact, we have

x n − 1 = (x − 1)(x − α) · · · (x − αn−1 ) .

The minimal polynomial of any nth root of unity β = αi is x − β, as β ∈ Fq .

Therefore, any q-cyclotomic coset Ci modulo n is a singleton set containing
only the element i, i.e., Ci = {i}.

A Reed-Solomon (RS) code over Fq is a BCH code of length n = q − 1.

Let C be an RS code of length n = q − 1 over Fq with defining set
T = Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2 , i.e, C has δ − 1 consecutive zeros
αb , αb+1 , . . . , αb+δ−2 . Since Ci = {i} for each i, the complete defining set of
C is
T = {b, b + 1, . . . , b + δ − 2} .

Maheshanand Cyclic and BCH Codes

Reed-Solomon codes
Therefore,
dim C = n − |T | = n − (δ − 1) = n − δ + 1 .
The generator polynomial g(x) of C is
g(x) = (x − αb )(x − αb+1 ) · · · (x − αb+δ−2 ) .

Recall that an [n, k , d] linear code over Fq is said to be a maximum distance

separable (MDS) code if C satisfies the Singleton bound, i.e., d = n − k + 1.
Theorem

An RS code is an MDS code.

Proof.
Let C be an RS code over Fq with designed distance δ. Then we have d ≥ δ,
where d is the minimum distance of C. Also, from above, the dimension of C
is
k = n − (δ − 1) = n − δ + 1 .
Since d ≥ δ, we have k ≥ n − d + 1, and hence d ≥ n − k + 1. But by the
Singleton bound, d ≤ n − k + 1. Therefore, d = n − k + 1. Hence C is an
MDS code.
Maheshanand Cyclic and BCH Codes
Reed-Solomon codes

Example
Let C be a narrow-sense RS code of length 12 and designed distance 5 over
F13 . A primitive element of F13 is 2. C has minimum distance 5, and by
Theorem 16, dim C = k = 12 − 5 + 1 = 8. So C is an [12, 8, 5] MDS code
over F13 . A generator polynomial for C is

g(x) = (x − 2)(x − 22 )(x − 23 )(x − 24 ) = 10 + 2x + 7x 2 + 9x 3 + x 4 .

Maheshanand Cyclic and BCH Codes

Alternative formulation of RS codes

We present an alternative formulation of narrow-sense RS codes.

This formulation is important because it is the basis of the definition of
generalized Reed-Solomon codes and other codes defined by evaluation of
polynomials.
Let n = q − 1 and α be a primitive element of Fq .
Let k ≥ 0 be an integer and let Pk denote the set of all polynomials of degree
less than k over Fq

n  o
C= f (1), f (α), . . . , f (αn−1 ) | f ∈ Pk . (4)

Theorem

The code C defined in (4) is a narrow-sense [n, k , n − k + 1] RS code over Fq .

Maheshanand Cyclic and BCH Codes

Reed-Solomon codes

Proof.
It is well known that Pk is a vector space of dimension k over Fq .
It is easy to show that C is a vector space over Fq .
Now consider the map ϕ : Pk → C defined by
 
f 7→ f (1), f (α), . . . , f (αn−1 ) ,

where f ∈ Pk .
We claim that ϕ is a bijection. For any f , g ∈ Pk we have

ϕ(f ) = ϕ(g) =⇒ ϕ(f − g) = 0 =⇒ (f − g)(αi ) = 0 , ∀ i = 0, 1, . . . , n − 1 .

But this implies that f − g = 0, i.e., f = g, because deg f − g < n and a

non-zero polynomial of degree < n cannot have n roots in Fq . Hence ϕ is
one-one. By definition of C, ϕ is clearly onto. Hence ϕ is a bijection, and C is
therefore a k -dimensional vector space over Fq .

Maheshanand Cyclic and BCH Codes

Reed-Solomon codes

Proof continued.
Now let c = f (1), f (α), . . . , f (αn−1 ) be a non-zero codeword in C for some

f ∈ Pk . Then f is a non-zero polynomial of degree at most k − 1 over Fq , and

therefore f can have at most k − 1 zeros in Fq . Hence there are at most k − 1
coordinates of c that are zero, and so, wt(c) ≥ n − (k − 1) = n − k + 1.
Therefore, d ≥ n − k + 1, where d is the minimum distance of C. But by the
Singleton bound, d ≤ n − k + 1. Hence d = n − k + 1. Thus C is an
[n, k , n − k + 1] MDS code over Fq .
Now let D be a narrow-sense [n, k , n − k + 1] RS code over Fq . Then the
defining set of D is T = {1, 2, . . . , n − k }. Let αi be any zero (root) of D,
1 ≤ i ≤ n − k . Let c(x) = c0 + c1 x + c2 x 2 + · · · + cn−1 x n−1 be any codeword
P −1
in C, where cj = f (αj ) for some f (x) = km=0 fm x m ∈ Pk .
Then
n−1
X n−1
X
c(αi ) = cj (αi )j = f (αj )αij
j=0 j=0

Maheshanand Cyclic and BCH Codes

Reed-Solomon codes
Proof continued.

k −1 k −1
n−1
! n−1
X X X X
= fm αmj αij = fm α(m+i)j
j=0 m=0 m=0 j=0
k −1  (m+i)n

X α −1
= fm =0.
αm+i − 1
m=0

This is so because α(m+i)n = 1 and αm+i ̸= 1 as 1 ≤ i + m ≤ n − 1. Thus αi is

a root of c. Therefore, c ∈ D, and hence C ⊆ D.
Since dim C = dim D = k , we have C = D.

This alternate formulation of narrow-sense RS codes gives an alternate

encoding scheme of these codes. Suppose f0 , f1 , . . . , fk −1 are k information
symbols and f (x) = f0 + f1 x + · · · + fk −1 x k −1 , then the message block
(f0 , f1 , . . . , fk −1 ) is encoded as
encode
(f0 , f1 , . . . , fk −1 ) −−−−→ (f (1), f (α), . . . , f (αq−2 )) .
This encoding is not systematic.
Maheshanand Cyclic and BCH Codes
Generalized Reed-Solomon codes

The alternate construction of narrow-sense Reed-Solomon codes, as

described above, can be generalized as follows.
Let n be any integer with 1 ≤ n ≤ q. Let α0 , α1 , . . . , αn−1 be n distinct
elements of Fq , and let v0 , v1 , . . . , vn−1 be n non-zero (but not necessarily
distinct) elements of Fq .
Let k be an integer with 1 ≤ k ≤ n.
Then a Generalized Reed-Solomon codes (GRS) code over Fq is defined as

C = {(v0 f (α0 ), v1 f (α1 ), . . . , vn−1 f (αn−1 )) | f ∈ Pk } ,

Then C is an [n, k , n − k + 1] MDS code over Fq . This follows from similar

arguments as given in the proof of RS codes. The arguments hold because
v0 , v1 , . . . , vn−1 are all non-zero.
For n = q − 1, αi = αi , where α is a primitive element of Fq , and vi = 1 for all
i, C is just a narrow-sense RS code over Fq .

Maheshanand Cyclic and BCH Codes

References

W. C. Huffman and V. Pless, Fundamentals of Error-Correcting Codes,

Cambridge University Press (2003)

S. Ling and C. Xing, Coding Theory: A First Course, Cambridge

University Press (2004)

F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting

Codes, North Holland (1972)

R. Roth, Introduction to Coding Theory, Cambridge University Press

(2006)

J. H. van Lint, Introduction to Coding Theory, Third Edition, Springer

(1999)

Maheshanand Cyclic and BCH Codes

Maheshanand Cyclic and BCH Codes