Cameroun Coding

Finite geometry and oding theory
Peter J. Cameron
S hool of Mathemati al S ien es
Queen Mary and West eld College
London E1 4NS
So rates Intensive Programme
Finite Geometies and Their Automorphisms
Potenza, Italy
June 1999
Abstra t
In these notes I will dis uss some re ent developments at the inter-
fa e between nite geometry and oding theory. These developments,
are all based on the theory of quadrati forms over GF(2), and I have
in luded an introdu tion to this material. The parti ular topi s are
bent fun tions and di eren e sets, multiply-resolved designs, odes
over Z4, and quantum error- orre ting odes.
Some of the material here was dis ussed in the Combinatori s
Study Group at Queen Mary and West eld College, London, over
the past year. This a ount is quite brief; a more detailed version will
be published elsewhere. Many of the parti ipants of the study group
ontributed to this presentation; to them I express my gratitude, but
espe ially to Harriet Pollatsek and Keldon Drudge.
1 Codes
There are many good a ounts of oding theory, so this se tion will be brief.
See Ma Williams and Sloane [18℄ for more details.
Let A be an alphabet of q symbols. A word of length n over A is simply
an n-tuple of elements of A (an element of An ). A ode of length n over A
1
is a set of words (a subset of An ). A ode of length n ontaining M words is
referred to as an (n; M ) ode.
The Hamming distan e d(v; w) between two words v and w is the number
of oordinates in whi h v and w di er:
d(v; w) = jfi : 1 i n; vi 6= wi gj:
It satis es the standard axioms for a metri on An . The minimum distan e
of a ode is the smallest distan e between two distin t words in C . A ode
of length n having M odewords and minimum distan e d is referred to as
an (n; M; d) ode.
The basi idea of oding theory is that, in a ommuni ation system,
messages are transmitted in the form of words over a xed alphabet (in
pra ti e, usually the binary alphabet f0; 1g). During transmission, some
errors will o ur, that is, some entries in the word will be hanged by random
noise. The number of errors o urring is the Hamming distan e between the
transmitted and re eived words.
Suppose that we an be reasonably on dent that no more than e errors
o ur during transmission. Then we use a ode whose minimum distan e d
satis es d 2e + 1. Now we transmit only words from the ode C . Suppose
that u is transmitted and v re eived. By assumption, d(u; v ) e. If u0 is
another odeword, then d(u; u0) d 2e + 1. By the triangle inequality,
d(u0; v ) e + 1. Thus, we an re ognise the transmitted word u, as the ode-
word nearest to the re eived word. For this reason, a ode whose minimum
distan e d satis es d 2e + 1 is alled an e-error- orre ting ode.
Thus, good error orre tion means large minimum distan e. On the other
hand, fast transmission rate means many odewords. In reasing one of these
parameters tends to de rease the other. This tension is at the basis of oding
theory.
Usually, it is the ase that the alphabet has the stru ture of a nite
eld GF(q ). In this ase, the set of words is the n-dimensional ve tor spa e
GF(q )n , and we often require that the ode C is a ve tor subspa e of GF(q )n .
Su h a ode is alled a linear ode. A linear ode of length n and dimension
k over GF(q ) is referred to as a [n; k℄ ode; it has q k odewords. If its
minimum distan e is d, it is referred to as an [n; k; d℄ ode. Almost always,
we will onsider only linear odes.
The weight wt(v ) of a word v is the number of non-zero oordinates of
v . The minimum weight of a linear ode is the smallest weight of a nonzero
2
odeword. It is easy to see that
d(v; w) = wt(v w );
and hen e that the minimum distan e and minimum weight of a linear ode
are equal.
Two linear odes C and C 0 are said to be equivalent if C 0 is obtained from
C by a ombination of the two operations:
(a) multiply the oordinates by non-zero s alars (not ne essarily all equal);
and
(b) permute the oordinates.
Equivalent odes have the same length, dimension, minimum weight, and
so on. Note that, over GF(2), operation (a) is trivial, and we only need
operation (b).
A linear [n; k℄ ode C an be spe i ed in either of two ways:
A generator matrix G is a k n matrix whose row spa e is C . Thus,
C = fxG : x 2 GF(q )k g;
and every odeword has a unique representation in the form xG. This
is useful for en oding: if the messages to be transmitted are all k-tuples
over the eld GF(q ), then we an en ode the message x as the odeword
xG.
A parity he k matrix H is a (n k) n matrix whose null spa e is C :
more pre isely,
C = fv 2 GF(q )n : vH > = 0g:
This is useful for de oding, spe i ally for syndrome de oding. The
syndrome of w 2 GF(q )n is the (n k)-tuple wH >. Now, if C orre ts
e errors, and w has Hamming distan e at most e from a odeword v , it
an be shown that the syndrome of w uniquely determines w v , and
hen e v .
If h1 ; : : : ; hn are the olumns of the parity he k matrix H of a ode C ,
then a word x = (x1 ; : : : ; xn ) belongs to C if and only if x1 h1 + + xn hn = 0,
that is, the entries in x are the oeÆ ients in a linear dependen e relation
between the olumns of H . Thus, we have:
3
Proposition 1.1 A ode C has minimum weight d or greater if and only if
any d 1 olumns of its parity he k matrix are linearly independent.
There is a natural inner produ t de ned on GF(q )n , namely the dot prod-
ut
X
n
vw = v i wi :
i =1
If C is an [n; k℄ ode, we de ne the dual ode
C ? = fv 2 GF(q )n : (8w 2 C ) v w = 0g;
it is an [n; n k℄ ode. Then a generator matrix for C ? is a parity he k
matrix for C , and vi e versa.
Sometimes, in the ase when q is a square, so pthat the eld GF(q ) admits
an automorphism of order 2 given by x = x q , we will use instead the
Hermitian inner produ t
X
n
vÆw = vi wi :
i =1
We now give a family of examples.
A 1-error- orre ting ode should have minimum weight at least 3. By
Proposition 1.1, this is equivalent to requiring that no two olumns of its
parity he k matrix are linearly dependent. Thus, the olumns should all be
non-zero, and should span distin t 1-dimensional subspa es of V = GF(q )k ,
where k is the odimension of the ode. Multiplying olumns by non-zero
s alars, or permuting them, gives rise to an equivalent ode. So linear 1-
error- orre ting odes orrespond in a natural way to sets of points in the
proje tive spa e PG(k 1; q ).
Many interesting odes an be obtained by hoosing suitable subsets
(ovoids, unitals, et .). But the simplest, and optimal, hoi e is to take all
the points of the proje tive spa e. The ode thus obtained is the Hamming
ode H(k; q ) of length n = (q k 1)=(q 1) and dimension n k over GF(q ).
To reiterate: the parity he k matrix of the Hamming ode is the k n ma-
trix whose olumns span the n one-dimensional subspa es of GF(q )k . It is a
[n; n k; 3℄ ode.
One further ode we will need is the famous extended binary Golay ode.
This is a [24; 12; 8℄ ode over GF(2), and is the unique ode (up to equiv-
alen e) with this property. The o tads, or sets of eight oordinates whi h
4
support words of weight 8 in the ode) are the blo ks of the Steiner system
S (5; 8; 24) (or, in other terminology, the 5-(24; 8; 1) design).
We dis uss brie y some operations on odes. Let C be a linear ode.
Pun turing C in a oordinate i is the pro ess of deleting the ith oor-
dinate from ea h odeword.
Shortening C in a oordinate i is the pro ess of sele ting those ode-
words in C whi h have entry 0 in the ith oordinate, and then deleting
this oordinate from all odewords.
Extending C , by an overall parity he k, is the pro ess onsisting of
adding a new oordinate to ea h odeword, the entry in this oordinate
being minus the sum of the existing entries (so that the sum of all
oordinates in the extended ode is zero). We denote the extension of
C by C .
The dire t sum of odes C1 and C2 is the set of all words obtained by
on atenating a word of C1 with a word of C2 .
The weight enumerator of a linear ode is an algebrai gadget to keep
tra k of the weights of odewords. If C has length n, its weight enumerator
is
X
n
WC (x; y ) = ai xn i y i ;
i =0
where Ai is the number of words of weight i in C . Note that WC (1; 0) = 1,
and WC (1; 1) = jC j.
The weight enumerator has many important properties. For example,
the weight enumerator of the dire t sum of C1 and C2 is the produ t of the
weight enumerators of C1 and C2 . For our purposes, the most important
result is Ma Williams' Theorem :
Theorem 1.2 Let C be a linear ode over GF(q ), and C ? its dual. Then
1
WC ? (x; y ) =
jC j WC (x + (q 1)y; x y ):
We illustrate this theorem by al ulating the weight enumerators of Ham-

ming odes. It is easier to nd the weight enumerators of their duals:
5
Proposition 1.3 Let C be the q -ary Hamming ode H(k; q ) of length n =
(q 1)=(q
k
1) and dimension n k. Then every non-zero word of C ? has
weight q k 1 .
We say that C ? is a onstant-weight ode.
Proof Let h1 ; : : : ; hn be the olumns of the parity he k matrix H of C .
We laim that ea h word of C ? has the form (f (h1 ); : : : ; f (hn )), where f
belongs to the dual spa e of the k-dimensional spa e V of olumn ve tors
of length k; and every element of V gives rise to a unique word of C ?.
This holds be ause H is a generator matrix of C ?, so the words of C ? are
linear ombinations of the rows of H . Now the ith row of H has the form
(ei (h1 ); : : : ; ei (hn )), where ei is the ith dual basis ve tor. So the laim is
proved.
Now for any non-zero f 2 V , the kernel of f has dimension k 1, and so
ontains (q k 1 1)=(q 1) one-dimensional subspa es, and so it vanishes at
this many of the olumns of H . So the orresponding word of C ? has weight
(q k 1)=(q 1) (q k 1 1)=(q 1) = q k 1:
It follows that the weight enumerator of C ? is
k k 1)=(q 1) y qk
x(q 1)=(q 1) + (q k 1)x(q
1 1
;
and so the weight enumerator of C is
1 k k k

1)y )(q 1)=(q 1) + (q k 1)y )(q 1)=(q 1) (x
1 1
(x + (q 1)(x + (q y )q :
qk
Finally on this topi , we mention that the weight enumerator of the ex-
tended binary Golay ode is
x24 + 759x16 y 8 + 2576x12 y 12 + 759x8 y 16 + y 24 :
A ode C is self-orthogonal if C C ?, and is self-dual if C = C ?. The
extended binary Golay ode just mentioned is self-dual; other examples are
the extended binary Hamming ode of length 8 (a [8; 4; 4℄ ode with weight
enumerator x8 + 14x4 y 4 + y 8), and the binary repetition ode of length 2 (a
[2; 1; 2℄ ode with weight enumerator x2 + y 2).
6
Using Ma Williams' Theorem, we see that the weight enumerator of a
self-dual ode C of length n over GF(q ) satis es
1
WC (x; y ) = WC (x + (q 1)y; x y ): (1)
q n=2
This gives a system of equations for the oeÆ ients of WC , but of ourse not
enough equations to determine it uniquely.
Gleason [13℄ found a simple des ription of all solutions of these equations,
using lassi al invariant theory. We des ribe his te hnique for self-dual binary
odes.
Let G be a nite group of 2 2 matri es over C . Let f (x; y ) be a poly-
nomial of degree n. We say that f is an invariant of G if

f (ax + by; x + dy ) = f (x; y ) for all a b 2 G:
d
Sin e the sum and produ t of invariants is invariant, the set of G-invariants
is a subalgebra of the algebra C [x; y ℄ of all polynomials in x and y over C .
We denote this subalgebra by C [x; y ℄G .
If f (x; y ) is a G-invariant, then its homogeneous omponent of degree k
(the sum of all terms aij xi y j with i + j = k) is also G-invariant. So the
algebra C [x; yL ℄G is graded, a ording to the following de nition:
Let A = k0 Ak be an algebra over C . We say that A is graded if
Ai Aj Ai+j for all i; j 0. If dim(Ak ) is nite for all k 0, then the
Hilbert series of A is the formal power series
X
dim(Ak )tk :
k 0
Molien's Theorem gives an expli it formula for the Hilbert series of C [x; y ℄G
for any nite group G:
Theorem 1.4 Let G be a nite group of 2 2 matri es over C . Then the
Hilbert series of C [x; y ℄G is given by
1 X
tA)) 1 :
jGj A2G(det(I
7
Now let C be a self-dual binary ode. Sin e all words in C have even
weight, the weight enumerator of C satis es
WC (x; y ) = WC (x; y ):
Also, sin e WC (x; y ) is homogeneous of degree n, we an rewrite Equation 1
as
x+y x y
WC p ; p = WC (x; y ):
2 2
These two equations assert that the polynomial WC is an invariant of the
group G = hA1 ; A2 i, where
p p
A1 = 10 0 ;
1 A2 = 11==p22 1= p2 :
1= 2
Now it is easily he ked that
A21 = A22 = (A1 A2 )8 = I;
so G is a dihedral group of order 16. Now Molien's Theorem, and some
al ulation, shows that the Hilbert series of C [x; y ℄G is
1
:
(1 t2 )(1 t8 )
>From this we see that the dimension of the nth homogeneous omponent is
equal to the number of ways of writing n as a sum of 2s and 8s.
We know some examples of self-dual odes: among them, the repetition
ode of length 2 and the extended Hamming ode of length 8, with weight
enumerators respe tively
r(x; y ) = x2 + y 2;
h(x; y ) = x8 + 14x4 y 4 + y 8 :
Moreover, any polynomial of the form rihj is a weight enumerator (of the
dire t sum of i opies of the repetition ode and j opies of the extended
Hamming ode). It an be shown that, for xed n, these polynomials (with
2i + 8j = n) are linearly independent; thus they span the nth homogeneous
omponent of the algebra of invariants of G. This proves Gleason's Theorem :
8
Theorem 1.5 A self-dual binary ode has even length n = 2m, and its
weight enumerator has the form
bX
n=8
aj (x2 + y 2 )(n 8j )=2 (x8 + 14x4 y 4 + y 8)j

j =0
for some aj 2 Q , j 2 f0; : : : ; bn=8 g.
The te hnique has other appli ations too. We give one of these. A self-
orthogonal binary ode has the property that all its weights are even. Su h
a ode is alled doubly even if all its weights are divisible by 4.
If C is a doubly even self-dual ode, then the weight enumerator of C is
invariant under the group G = hA1 ; A2 i, where A2 is as before and

1 0 : A =
1 0 i
It an be shown that G is a group of order 192, and the Hilbert series of its
algebra of invariants is
1
:
(1 t )(1 t24 )
8
Now there exist doubly even self-dual odes whi h have lengths 8 and 24,
namely the extended Hamming ode and the extended Golay ode. The
weight enumerator of the extended Hamming ode is given above. The weight
enumerator of the extended Golay ode is
g (x; y ) = x24 + 759x16 y 8 + 2576x12 y 12 + 759x8 y 16 + y 24 :
Again, these two polynomials are independent, and we have Gleason's se ond
theorem:
Theorem 1.6 A doubly even self-dual ode has length n divisible by 8, say
n = 8m, and its weight enumerator has the form
bn=
X 24
aj (x8 + 14x4 y 4 + y 8 )(n 24j )=8
j =0
(x24 + 759x16 y8 + 2576x12y12 + 759x8y16 + y24) j
for some a 2 Q , j 2 f0; : : : ; bn=24 g.

j
Several further results of the same sort are given in Sloane's survey [26℄.
9
The nal topi in this se tion on erns the overing radius of a ode. This
is a parameter whi h is in a sense dual to the pa king radius, the maximum
number of errors whi h an be orre ted.
Let C be a ode of length n over an alphabet A. The overing radius of
C is
maxn min d(v; ):
2
v A 2C
That is, it is the largest value of the distan e from an arbitrary word to the
nearest odeword. Said otherwise, it is the smallest integer r su h that the
spheres of radius r with entres at the odewords over the whole of An .
We saw that, if the number of errors is at most the pa king radius, then
nearest-neighbour de oding orre tly identi es the transmitted odeword.
The overing radius has a similar interpretation: if the number of errors
is greater than the overing radius, then nearest-neighbour de oding will
ertainly give the wrong odeword.
We give one result on the overing radius of binary odes whi h will be
used in Se tion 5. We say that a ode C has strength s if, given any s
oordinate positions, all possible s-tuples over the alphabet o ur the same
number of times in these positions. The maximum strength is the largest
integer s for whi h the ode has strength s.
Theorem 1.7 Let C be a ode of length n over an alphabet A of size q and
v an arbitrary word in An .
(a) If C has strength 1, then the average distan e of v from the words of C
is n(q 1)=q .
(b) If C has strength 2, then the varian e of the distan es of v from the
words of C is n(q 1)=q 2.
Proof (a) For 1 i n, let di ( ) = 0 if v and agree in the ith oordinate,

1 otherwise. Then
X n
d(v; ) = di ( ):
i =1
So the average distan e from v to C is
1 X n
X
jC j i=1 2C di( ):
10
Now sin e C has strength 1, for any i we have di (C ) = 0 for jC j=q words
2 C , and di( ) = 1 for the remaining (q 1)jC j=q. So the inner sum is
(q 1)jC j=q , and the result follows.
(b) Similarly, we have
X
d(v; )(d(v; ) 1) = di ( )dj ( );
6=
i j
and if C has strength 2, then

X
di ( )dj ( ) = (q 1)2 jC j=q 2:
2C
Thus, the average value of d(v; )(d(v; ) 1) is equal to (q 1)2 n(n 1)=q 2 .
Now simple manipulation gives the result.
Theorem 1.8 Let C be a linear binary ode of length n ontaining the all-1
word.
(a) The overing radius of C is at most n=2.
(b) If C has
pnmaximum strength at least 2, then its overing radius is at most
(n ) =2.
Proof (a) The hypothesis guarantees that C has strength at least 1. (For
this, the all-1 word is not ne essary; it is enough to assume that the support
of C is f1; : : : ; ng.) Sin e the average distan e from v to C is n=2, there is a
word of C with distan e at most n=2 from v .
(b) Suppose that the overing radius is n=2 s. Sin e d(v; + 1) =
n d(v; ), all distan es from v to C lie in the interval from n=2 ps to n=2+ s.
Sin e the varian e of these distan es is n=4, we must have s n=2.
d(v; ) = n=2 for all
Note that equality in (a) implies that p 2 C , while
equality in (b) implies that d(v; ) = (n n)=2 for all 2 C .
Exer ise 1.1 (a) Show that, if C is a linear binary ode of odd minimum
weight d, then the minimum weight of C is d + 1.
(b) Investigate how the dimension and minimum weight of odes hange
under the operations of pun turing, shortening and extending.
11
Exer ise 1.2 If C1 and C2 are linear [n1 ; k1 ; d1 ℄ and [n2 ; k2 ; d2 ℄ odes over
GF(q ), prove that the dire t sum C1 C2 is a linear [n1 +n2 ; k1 +k2 ; minfd1 ; d2 g℄
ode.
Exer ise 1.3 (a) Let C be a binary or ternary Hamming ode (that is, over
GF(2) or GF(3)). Prove that C C ?; that is, C ? is self-orthogonal.
(b) Let C be a Hamming ode over GF(4). Prove that C C ? holds, if
C ? is al ulated with respe t to the Hermitian inner produ t.
Exer ise 1.4 (a) Prove that, if all weights in a linear binary ode C are
divisible by 4, then C is self-orthogonal.
(b) Prove that, if a linear binary ode C is self-orthogonal and is generated
by a set of words whose weights are divisible by 4, then C is doubly
even.
Exer ise 1.5 Express the weight enumerator of the Golay ode as a ombi-
nation of r and h.
Exer ise 1.6 Show that all doubly even self-dual odes of length 16 have
weight enumerator h2 . Find two di erent examples of su h odes.
Exer ise 1.7 Can you nd a more dire t proof that a doubly-even self-dual
binary linear ode has length divisible by 8?
Exer ise 1.8 Fill in the details of the proof of Theorem 1.7.
Exer ise 1.9 What is the overing radius of the binary dual Hamming ode
of length 7?
Exer ise 1.10 Let C be an (n; M ) ode over an alphabet of size q , with
pa king radius e and overing radius r. Prove that
qn qn
Pe M P :
i=0 i (q 1)i i=0 i (q 1)i
n r n
12
2 Symple ti and quadrati forms
In this se tion, we des ribe some of the properties of symple ti and quadrati
forms over the eld GF(2), and the geometries they de ne.
Let V be a ve tor spa e over a eld F . A quadrati form on F is a
fun tion Q : V ! F whi h satis es the onditions
(a) Q(v ) = 2 Q(v ) for all 2 F , v 2 V .
(b) The fun tion B : V V ! F de ned by
Q(v + w) = Q(v ) + Q(w) + B (v; w)
is bilinear (that is, linear in ea h variable).
We express (b) by saying that the form B is obtained from Q by polari-
sation.
The form B de ned in (b) is symmetri , that is, B (v; w) = B (w; v ).
Now, if the hara teristi of F is not 2, then it follows from (a) and (b) that
Q(v ) = 21 B (v; v ) for all v 2 V , so that Q an be re overed from B : that is,
quadrati forms and symmetri bilinear forms arry the same information.
Things are very di erent in hara teristi 2, however. We are interested in
this ase, spe i ally F = GF(2).
From now on, we assume that F = GF(2).
Now we nd that the form B is alternating, that is, B (v; v ) = 0 for all
v 2 V . In general, an alternating bilinear form is skew-symmetri , that is,
B (v; w) = B (w; v ) for all x; y 2 V . Of ourse, in hara teristi 2, this just
says that B is symmetri .
Clearly, Q annot be re overed from B . Instead, we see that, if Q1 and
Q2 both polarise to B , then Q = Q1 Q2 polarises to the zero form, that is,
Q(v + w) = Q(v ) + Q(w):
Also, be ause 2 = for all 2 F , we have
Q(v ) = Q(v ):
Thus, Q is linear. Conversely, two quadrati forms di ering by a linear
form polarise to the same bilinear form. So ea h alternating bilinear form
orresponds to a oset of the dual spa e of V in the spa e of all quadrati
forms.
A bilinear form B is said to be non-degenerate if it has the properties
13
(a) if B (v; w) = 0 for all w 2 V then v = 0;
(b) if B (v; w) = 0 for all v 2 V then w = 0.
If B is skew-symmetri (or symmetri ), then ea h of these onditions implies
the other, and we need only assume one. A non-degenerate alternating bi-
linear form on V exists if and only if V has even dimension. For any su h
form, there is a basis fv1 ; : : : ; vn; w1 ; : : : ; wn g for V su h that
B (vi ; vj ) = 0 = B (wi ; wj ) for all i; j;
B (vi ; wi ) = 1 = B (wi ; vi ) for all i;
B (vi ; wj ) = 0 = B (wj ; vi ) for i 6= j:
This is alled a symple ti basis. A linear transformation of V whi h preserves
the form B is alled symple ti ; the symple ti group is the group of all su h
transformations.
A quadrati form on an m-dimensional ve tor spa e is non-singular if it
annot be written as a form in fewer than m variables by any linear hange
of variables.
Equivalently, the only subspa e W with the property that Q vanishes on
W and B (v; w) = 0 for all v 2 V and w 2 W is the zero subspa e. (Here B
is the bilinear form obtained by polarising Q.) If the eld has hara teristi
di erent from 2, then Q is non-singular if and only if B is non-degenerate;
but this is not true over Z2, as we will see. In the ase of an even-dimensional
ve tor spa e over Z2, we will see that a quadrati form Q is non-singular if
and only if the bilinear form obtained by polarisation is non-singular.
Given a subspa e U of V , we set
U ? = fx 2 V : B (x; u) = 0 for all u 2 U g:
The non-singularity of B guarantees that
dim(U ) + dim(U ? ) = dim V;
but unlike the Eu lidean ase it is not true in general that V = U U ? ,
sin e we may have U \ U ? 6= f0g. A subspa e U of V is said to be totally
isotropi if B vanishes identi ally on U , in other words, if U U ? .
A ve tor x is said to be singular for the quadrati form Q if Q(x) = 0. A
subspa e U is totally singular if Q vanishes identi ally on U . By polarising
14
the restri tion of Q to U , we see that a totally singular subspa e is totally
isotropi ; but the onverse is not true. (Any 1-dimensional subspa e is totally
isotropi , but the span of a non-singular ve tor is not totally singular.)
Here is a small example. Take a 2-dimensional ve tor spa e over Z2, with
typi al ve tor (x1 ; x2 ). The four quadrati forms 0, x21 , x22 and x21 + x22 =
(x1 + x2 )2 are all singular, and are in fa t equal to the four linear forms 0,
x1 , x2 and x1 + x2 . The other four forms x1 x2 , x1 x2 + x21 = x1 (x1 + x2 ),
x1 x2 + x22 = x2 (x1 + x2 ), and x1 x2 + x21 + x22 , are non-singular, and polarise
to the bilinear form x1 y2 + x2 y1 . The rst three are equivalent under linear
hange of variable; ea h has value 0 at three of the four ve tors and 1 at the
fourth. The last form takes the value 1 at all three non-zero variables.
Let Q be a quadrati form on V = Zn2 .
A subspa e W of V is anisotropi if, for all w 2 W , we have Q(w) = 0 if
and only if w = 0.
A hyperboli plane is a subspa e U = he; f i with Q(e) = Q(f ) = 0 and
B (e; f ) = 1 (So we have Q(xe + yf ) = xy .)
Two quadrati forms Q1 on V1 and Q2 on V2 are equivalent if there is an
invertible linear map T : V1 ! V2 su h that Q2 (vT ) = Q1 (v ) for all v 2 V1 .
The next result gives the lassi ation of non-singular quadrati forms.
Theorem 2.1 (a) An anisotropi spa e has dimension at most 2.
(b) Let Q be a quadrati form on V . Then
V = W U1 Ur ;
where W is anisotropi , U1 ; : : : ; Ur are hyperboli planes, and the sum-
mands are pairwise orthogonal.
( ) If quadrati forms Q1 ; Q2 on V1 ; V2 give rise to de ompositions
V1 = W1 U11 U1r ;
V2 = W2 U21 U2s ;
as in (b), then Q1 and Q2 are equivalent if and only if r = s and
dim(W1 ) = dim(W2 ).
As a result we see that quadrati forms over Z2 are determined up to
equivalen e by two invariants, the number r of hyperboli planes (whi h is
15
alled the Witt index ), and the dimension of the anisotropi part. We say
that the form has type +1, 0 or 1 a ording as dim(W ) = 0, 1 or 2. Note
that the bilinear form obtained by polarising Q is non-degenerate if and only
if Q has non-zero type (that is, if and only if dim(V ) is even).
Proof (a) If W is anisotropi , then the polarisation formula shows that
B (u; v ) = 1 for all distin t non-zero u; v 2 W . If u; v; w were linearly inde-
pendent, then
1 = B (u; v + w) = B (u; v ) + B (u; w) = 0;
a ontradi tion. So dim(W ) 2.
(b) The proof is by indu tion on dim(V ), the ase where V = f0g being
trivial. If V is anisotropi , there is nothing to prove. So we may suppose that
there is a ve tor u 2 V with u 6= 0 and Q(u) = 0. Sin e Q is non-singular,
there is a ve tor v with B (u; v ) = 1. Then Q(v )+ Q(u + v ) = 1, and so either
Q(v ) = 0 or Q(u + v ) = 0. Thus, U1 = hu; v i is a hyperboli plane. Moreover,
dim(U1? ) = dim(V ) 2, and it is easily he ked that the restri tion of Q to
U1? is non-singular. By the indu tion hypothesis, U1? has a de omposition of
the type spe i ed, and we are done.
( ) It is lear that the ondition given is suÆ ient for equivalen e; we must
show that it is ne essary. It is also lear that equivalent quadrati forms are
de ned on spa es of the same dimension; so we must prove that they have
the same Witt index. This follows immediately from the next lemma.
Lemma 2.2 The Witt index of a quadrati form is equal to the maximum
dimension of any totally singular subspa e.
Proof Let
V = W U1 Ur ;
where W is anisotropi , U1 ; : : : ; Ur are hyperboli planes, and the summands
are pairwise orthogonal. Let Ui = hui; vi i, where Q(ui ) = Q(vi ) = 0 and
B (ui ; vi ) = 1. Then X = hu1 ; : : : ; ur i is totally singular and has dimension r.
We have to show that no larger totally singular subspa e exists. This is
proved by indu tion on r; it is true when r = 0 (sin e then V is anisotropi ).
So let X be a totally isotropi subspa e, with dim(S ) = s > 0.
Choose a non-zero ve tor x 2 X . As in the proof of the theorem, we
an take x to lie in one of the hyperboli planes, say U1 . Now Q indu es
16
a non-singular quadrati form Q on V = hxi?=hxi, and learly this spa e
has Witt index r 1; moreover, X=hxi is a totally singular subspa e, with
dimension s 1. By the indu tive hypothesis, s 1 r 1, so s r.
Finally, if X is maximal totally singular in V , then X is maximal totally
singular in V ; in this ase, the indu tive hypothesis shows that s 1 = r 1,
so that s = r, as required.
>From now on, we onsider only non-singular quadrati forms on spa es
of even dimension. A form of type +1 in 2n variables is equivalent to
x1 x2 + x3 x4 + + x2n 1 x2n ;
while a form of type 1 is equivalent to
x1 x2 + x3 x4 + + x22n 1 + x2n 1 x2n + x22n :
Theorem 2.3 For = 1, let Q be a quadrati form of type on a ve tor
spa e V of even dimension 2n over Z2. Then there are 2n 1 (2n + ) ve tors
v 2 V su h that Q(v ) = 0.
Proof The proof is by indu tion on n. We begin with n = 1. On a 2-
dimensional spa e Z22, the quadrati form x1 x2 has Witt index 1 (so type
+1) and has three zeros (0; 0), (1; 0) and (0; 1). The form x21 + x1 x2 + x22 has
Witt index 0 (the spa e is anisotropi ), so type 1, and vanishes only at the
origin.
Now assume the result for n 1. Write V = U V 0 , where U is a
hyperboli plane and dim(V 0 ) = 2(n 1); the restri tion of Q to V 0 has the
same type as Q, say . So Q has (2n 2 (2n 1 + ) zeros in V 0 . Sin e U and V 0
are orthogonal, we have Q(u + w) = Q(u) + Q(w) for u 2 U , w 2 V 0 . Thus,
Q(u + w) = 0 if and only if either Q(u) = Q(w) = 0 or Q(u) = Q(w) = 1.
So there are
3 2n 2 (2n 1 + ) + 2n 2 (2n 1 ) = 2n 1 (2n + )
zeros, as required.
This gives an alternative proof of Theorem 2.1( ), sin e the two types of
quadrati form on an even-dimensional ve tor spa e have di erent numbers
of zeros, and annot be equivalent.
Finally, we ount the number of maximal totally isotropi or totally sin-
gular subspa es.
17
Theorem 2.4 (a) Let B be a symple ti form on a ve tor spa e V of di-
mension 2n over Z2. Then the number of subspa es of V of dimension n
whi h are totally isotropi with respe t to B is
Y
n
(2i + 1):
i =1
(b) Let Q be a quadrati form of type +1 (that is, of Witt index n) on a

ve tor spa e V of dimension 2n over Z2. Then the number of subspa es
of V of dimension n whi h are totally singular with respe t to Q is
Y1
n
(2i + 1):
i =0
Proof (a) The proof is by indu tion on n, the result being trivially true
when n = 0. Suppose that it holds for spa es of dimension 2(n 1), and
let V have dimension 2n. For any non-zero ve tor v 2 V , the spa e v ?=hv i
has dimension 2(n 1) and Qn 1 arries a symple ti form. By the indu tion
hypothesis, v lies in N = i=1 (2 + 1) totally isotropi n-spa es in V . Sin e
i
there are (2n + 1)(2n 1) non-zero ve tors, and ea h totally isotropi n-spa e
ontains (2n 1) of them, double ounting shows that the number of su h
spa es is (2n + 1)N , as required.
(b) The argument is similar. Assume the result for spa es of dimen-
sion 2(n 1), and let V have dimension 2n. By Theorem 2.3, the number
of non-zero singular ve tors is (2n 1 + 1)(2n 1), and ea h totally singular
n-spa e ontains 2n 1 of them, so the indu tion works as in ase (a).
Exer ise 2.1 Let Q be a quadrati form in 2n variables with Witt index n
1. How many totally singular (n 1)-subspa es are there for Q?
3 Reed{Muller odes
This se tion gives a very brief a ount of Reed{Muller odes, whi h are very
losely onne ted with aÆne geometry over Z2.
Let V be a ve tor spa e of dimension n over Z2. We identify V with Zn2 ,
and write a typi al ve tor as v = (x1 ; : : : ; xn ). We regard the 2n ve tors in
18
V as being ordered in some way, say v1 ; v2 ; : : : ; v2n . Now nay binary word of
length N = 2n , say ( 1 ; : : : ; n), an be thought of as a fun tion f from V to
Z2 (where f (vi ) = i for i = 1; : : : ; N ).
Lemma 3.1 Any fun tion from V to Z2 an be represented as a polynomial

in the oordinates (x1 ; : : : ; xn ), in whi h no term ontains a power of xi higher
than the rst, for any i.
Proof It is enough to show this for the fun tion f = Æa given by

if v = a,
Æa (v ) = 01 otherwise,
for a 2 V , sin e any fun tion is a sum of fun tions of this form (spe i ally,
X
f= f (a)Æa :
2
a V
But, if a = (a1 ; : : : ; an ), then we have

Y
n
Æa (v ) = (xi ai 1);
i =1
where v = (x1 ; : : : ; xn ).
Corollary 3.2 The monomial fun tions fI on V are linearly independent
for I f1; : : : ; ng, where Y
fI (v ) = xi
2
i I
for v = (x1 ; : : : ; xn ).
Proof These 2n fun tions span the 2n -dimensional spa e of all fun tions
from V to Z2.
For 0 r n, the rth order Reed{Muller ode of length N = 2n is
spanned by the set of polynomial fun tions of degree at most r on V = Zn2 .
It is denoted by R(n; r).
The next result summarises the properties of Reed{Muller odes.
19
Theorem 3.3 (a) R(n; r) is a
" r
#
X n
N = 2n ; k = ; d = 2n r
i=0
i
ode.
(b) R(n; r)? = R(n; n r 1).
Proof (i)
P The ode has length N = 2n by de nition, and dimension k =
r n
i=0 i
sin e this is the number of monomials of degree at most r.
(ii) Next we prove part (b). Sin e
dim(R(n; r)) + dim(R(n; n r 1)) = 2n;
it is enough to prove that these odes are orthogonal, and hen e enough to
prove it for their spanning sets. Now, if f and f 0 are monomials of degrees
at most r, n r 1 respe tively, then there is a variable (say xn ) o urring
in neither of them, and so the values of f and f 0 are una e ted by hanging
xn from 0 to 1. Thus, the interse tion of the supports of f and f 0 has even
ardinality, and so f f 0 = 0.
(iii) Finally, we establish that R(n; r) has minimum weight 2n r by in-
du tion on r. This is true for r = 0 sin e R(n; 0) onsists of the all-0 and
all-1 words only. So assume the result for r 1.
Take f 2 R(n; r): we must show that the support of f has size at least
2 . By the indu tion hypothesis, we may assume that f 2= R(n; r 1). By
n r
(b), there is a monomial of degree n r not orthogonal to f ; we may suppose

that it is x1 xn r . Thus, if S is the support of f , and
A = f(x1 ; : : : ; xn ) 2 V : x1 = = xn r = 1g;
then jS \ Aj is odd. Now A is an aÆne at in V of dimension r. So the union
of any two translates of A is an aÆne at of dimension r + 1, and supports
a word in R(n; n r 1) = R(n; r)?; so jS \ (A [ (A + v ))j is even for all
v 2= A. Thus, jS \ (A + v )j is odd for all v 2 V . In parti ular, S meets all
2n r distin t translates of A, so jS j 2n r , and we are done.
Corollary 3.4 The ode R(n; n 2) is equivalent to the extended Hamming
ode H(n; 2) of length 2n.
20
Proof If we pun ture this ode in one position, we obtain a [2n 1; 2n
n 1; 3℄ linear ode. This ode is equivalent to a Hamming ode: for its
minimum weight is 3, so the olumns of its parity he k matrix are pairwise
linearly independent; and the number of olumns is 2n 1, so every non-zero
n-tuple o urs on e.
The weight enumerator of R(n; 1) is
n n n n
x2 + (2n+1 2)x2 y2 + y2 :
1 1
For this ode ontains the all-0 and all-1 words, and also the linear fun -
tions and their omplements (ea h of whi h have weight 2n 1 ). This ode is
equivalent to the dual extended Hamming ode.
Note that, if we shorten this ode, we obtain the dual Hamming ode,
whi h (as we have seen) is a onstant-weight ode.
We will be parti ularly interested in the se ond-order Reed{Muller ode
R(n; 2). Sin e x2 = x for all x 2 Z2, every linear fun tion on V is quadrati ,
and we have the following des ription:
R(n; 2) = fQ + : Q a quadrati form on V; 2 Z2g:
Re all that two quadrati forms polarise to the same bilinear form if and
only if they di er by a linear form. This means that the osets of R(n; 1) in
R(n; 2) are in one-to-one orresponden e with the alternating bilinear forms
on V .
The weight enumerators of these odes are known. They are al ulated
by the following series of steps:
Choose m (n=2). Count the number of subspa es W of V of odi-
mension 2m.
Count the number of symple ti forms (non-degenerate alternating bi-
linear forms) on the 2m-dimensional spa e V=W . Ea h su h form ex-
tends uniquely to an alternating form on V with radi al W . Let B be
su h a form.
There are 22m quadrati forms on V whi h polarise to V and are zero
on W . Su h a form has weight 2n 1 + 2n m 1 . Adding the all-1 word,
we obtain a word of weight 2n 1 2n m 1 . So we obtain 22m words of
ea h su h weight.
21
Any other quadrati form whi h polarises to B indu es a non-zero linear
form on W . Su h a form has weight 2n 1. We obtain 2n+1 22m+1 forms
of weight 2n 1 .
Add the ontributions from the last two steps, multiply by the fa tors
oming from the rst two steps, and sum over m, to nd the weight
enumerator of R(n; 2)
Exer ise 3.1 Show that the ode obtained by shortening the extended Go-
lay ode on the eight positions of an o tad is equivalent to R(4; 1), while the
ode obtained by pun turing on these positions is equivalent to R(4; 2).
Exer ise 3.2 Cal ulate the weight enumerator of R(5; 2)
(a) using the method outlined above;
(b) using Theorem 3.3 and Gleason's Theorem (Theorem 1.6).
Exer ise 3.3 Show that a oset of R(n; 1) in R(n; 2) ontains words of at
most three di erent weights, and that only two weights o ur if and only if
the bilinear form indexing the oset is non-degenerate.
(Su h a oset is alled a two-weight oset.)
Exer ise 3.4 Prove that the blo ks of the design D (C ) formed by the words
of minimum weight in the se ond-order Reed{Muller ode C = R(2; n) are
the (n 2)-dimensional aÆne ats in AG(n; 2). Dedu e that D is a 3-design.
4 Self-dual odes
We now apply these results to the problem of ounting self-dual and doubly
even self-dual binary odes.
A binary self-dual ode C of length n has the property that all its words
have even weight. This means that the all-1 word 1 is orthogonal to every
word in C , that is, C h1i?. Sin e C is self-dual, 1 2 C .
Now let W = h1i?, the even-weight sub ode of GF(2)n . Then x x = 0
for all x 2 W , so the dot produ t is an alternating bilinear form on W . It is
not non-degenerate, sin e 1 lies in its radi al; but it indu es a non-degenerate
bilinear form B on the (n 2)-dimensional spa e V = W=h1i. Now a ode
C ontaining 1 is self-orthogonal if and only if C = C=h1i is totally isotropi
for B ; so C is self-dual if and only if C is maximal totally isotropi . Thus,
from Theorem 2.4, we have:
22
Theorem 4.1 The number of binary self-dual odes of length n = 2m is
Y1
m
(2i + 1):
i =1
>From this theorem, the numbers of binary self-dual odes of length 2, 4,
6, 8 is 1, 3, 15, 135 respe tively.
For n < 8, the only self-dual odes are dire t sums of opies of the rep-
etition ode of length 2. The number of odes of this form is equal to the
number of partitions of the set of oordinates into subsets of size 2, whi h
is 1, 3, 15, 105 for n = 2, 4, 6, 8. So for n = 8, there are 30 further odes,
whi h as we shall see are all equivalent to the extended Hamming ode of
length 8.
For any two binary words x and y , we have
wt(x + y ) = wt(x) + wt(y ) 2 wt(x \ y ):
Now wt(x \ y ) (x y ) mod 2. So, if x has even weight, and n is divisible by
4, then we an set Q(x) = 12 wt(x) mod 2; we have Q(x) = Q(1 + x), so Q is
well-de ned on V , and we have
Q(x + y ) = Q(x) + Q(y ) + B (x; y ):
In other words, Q is a quadrati form on V whi h polarises to B . Further-
more, a ode C is doubly even if and only if C is totally singular (with
respe t to Q), and C is doubly even self-dual if and only if C is maximal
totally singular of dimension n 1.
Thus, from Theorem 2.4(b), we have:
Theorem 4.2 The number of doubly-even self-dual odes of length n = 2m
divisible by 8 is
Y2
m
(2i + 1):
i =0
This shows that there are indeed 30 doubly-even self-dual odes of length 8
(all equivalent to the extended Hamming ode).
23
Exer ise 4.1 Verify that tthere are 30 odes of length 8 equivalent to the
extended Hamming ode by showing that the automorphism group of the
ode has index 30 in the symmetri group S8 .
Exer ise 4.2 Count the number of binary words of length n with weight
divisible by 4. [Hint: Let a and b be the numbers of words whi h have weight
ongruent to 0 or 2 mod 4 respe tively. Then a + b = 2n 1 . Cal ulate a b
by evaluating the real part of (1 + i)n.℄
Hen e show that the quadrati form q de ned earlier has Witt index n 1
if n 0 mod 8, and n 2 if n 4 mod 8.
This gives an alternative proof that doubly even self-dual odes must have
length divisible by 8.
Exer ise 4.3 Classify doubly-even self-dual odes of length 16. Use Theo-
rem 4.2 to show that your lassi ation is omplete.
5 Bent fun tions
Let n be even, say n = 2m. The ode R(n; 1) has strength 3 (sin e, by
Theorem 3.3, its dual has minimum weight 4). By Theorem 1.8, its overing
radius is at most 22m 1 2m 1 . This bound is attained. For, if Q is a non-
singular quadrati form, then the distan es from Q to words of R(n; 1) are
equal to the weights of words in the oset R(n; 1)+ Q, and we have seen that
these weights are 22m 1 2m 1 .
Let n = 2m, and let V = Zn2 . A fun tion f : V ! Z2 is alled a bent
fun tion if its minimum distan e from R(n; 1) is 22m 1 2m 1 .
As the name ( oined by Rothaus [23℄) suggests, a bent fun tion is a
fun tion whi h is at the greatest possible distan e from the linear fun tions.
As we observed, a non-singular quadrati form is a bent fun tion. In fa t,
a quadrati form is a bent fun tion if and only if it is non-singular; and there
are just two su h fun tions up to equivalen e.
Bent fun tions of higher degree exist: see the Exer ises. The problem
of lassifying bent fun tions appears to be hopeless. Various authors have
atta ked this problem for reasonably small numbers of variables; see [19, 2℄.
Bent fun tions have a range of appli ations, both theoreti al and pra -
ti al. Here is one example. Let f be a bent fun tion. Then R(n; 1) + f is
a two-weight oset of R(n; 1). (This follows from the remark following the
24
proof of Theorem 1.8(b): the weights are 22m 1 2m 1 .) Conversely, any
two-weight oset onsists of bent fun tions.
Theorem 5.1 (a) Let B be the set of supports of all words whi h have
weight 22m 1 2m 1 in a two-weight oset of R(n; 1). Then the stru ture
(V; B) is a 2-(22m ; 22m 1 2m 1 ; 22m 2 2m 1 ) design.
(b) A design with the parameters given in (a) arises from a two-weight oset
of R(n; 1) if and only if it has the following property: the symmetri
di eren e of any three blo ks of the design is either a blo k or the om-
plement of a blo k.
Part (a) of this theorem appears in a number of pla es. Part (b) is due
to Kantor [16℄, who alls his ondition the symmetri di eren e property.
See also [3℄ for another appli ation of bent fun tions.
Exer ise 5.1 Show that the fun tion
x1 x2 + x3 x4 + + x2m 1 x2m + x1 x3 x2m 1
is a bent fun tion.
6 Kerdo k odes
We have seen that, if Q is a quadrati form whi h polarises to a bilinear form

of rank 2m, then the weight of Q is 2n 1 2n m 1 or 2n 1 ; in parti ular, it
is at least 2n 1 2n m 1 .
Let B be a set of alternating bilinear forms on V . Let K (B) denote the
set
fQ + : Q 2 B; 2 Z2g
of fun tions on V , where Q is the bilinear form obtained by polarising Q.
Then K (B) is a
(N = 2n; M = 2n+1 jBj; d = 2n 1 2n m 1)
ode, where 2m is the minimum rank of the di eren e of two forms in B. In

parti ular, to make d as large as possible, we should require that n is even
and the di eren e of any two forms in B is non-degenerate. (We all su h
a set B a non-degenerate set.) Furthermore, the ode K (B) is linear if and
only if B is losed under addition.
25
Lemma 6.1 A non-degenerate set of alternating bilinear forms on a 2m-
dimensional ve tor spa e has ardinality at most 22m 1 .
Proof Ea h form an be represented by a skew-symmetri matrix with
zero diagonal: if fe1 ; : : : ; e2m g is a basis for V , the (i; j ) entry of the matrix
representing B is B (ei ; ej ). Now, if B B 0 is non-degenerate, then the rst
rows of the matri es representing B and B 0 are unequal. Sin e there are at
most 22m 1 possible rst rows (remember that the diagonal entry is zero),
there are at most 22m 1 forms in a non-degenerate set.
A Kerdo k set is a non-degenerate set of bilinear forms on a 2m-dimensional
ve tor spa e V over Z2, having ardinality 22m 1 , that is, attaining the upper
bound. A Kerdo k ode is a ode of the form K (B), where B is a Kerdo k
set. Thus, it is a (22m ; 24m ; 22m 1 2m 1 ) ode.
It an be shown that, for m > 1, a Kerdo k ode must be non-linear.
(The largest additively losed non-singular set has ardinality 2m ; we will
onstru t it in the next se tion. In the ase m = 2, the unique example of a
Kerdo k ode is the Nordstrom{Robinson ode, a (16; 256; 6) ode. The rst
onstru tion for all m was given by Kerdo k [17℄. A simpli ed onstru tion
by Dillon, Dye and Kantor is presented in [8℄, Chapter 12.
Although Kerdo k odes are non-linear, they have re ently been \lin-
earised" in a remarkable way by Hammons et al. [15℄. This is the subje t of
the last se tion.
Sin e non-quadrati bent fun tions exist, it is natural to ask whether
`Kerdo k sets' of higher degree an exist too. So far, no examples have been
found.
Exer ise 6.1 Let O = f1; 2; : : : ; 8g be an o tad in the extended Golay ode
G24 . Consider the set of words of G24 whose supports interse t O in one of
the following eight sets:
;; f1; 2g; f1; 3g; : : : ; f1; 8g:
Now restri t these words to the omplement of O. Show that the result is a
(16; 256; 6) ode, and identify it with a Kerdo k ode.
Show that, if we use instead the set
;; f1; 2g; f1; 3g; f2; 3g;
we obtain a linear [16; 7; 6℄ ode.
26
7 Some resolved designs
Some in nite families of systems of linked symmetri BIBDs (or SLSDs,

for short) were onstru ted by Cameron and Seidel [9℄. The smallest of
these systems was used by Pree e and Cameron [21℄ to onstru t ertain
resolvable designs (whi h they alled fully-balan ed hyper-grae o-latin Youden
`squares' ). For example, they gave a 6 16 re tangle, in whi h ea h ell
ontains one letter from ea h of three alphabets of size 16, satisfying a number
of onditions, in luding:
No letter o urs more than on e in ea h row or olumn of the re tangle.
The sets of letters from ea h of the three alphabets in the olumns of
the re tangle form a 2-(16; 6; 2) design.
Ea h pair of alphabets arry a 2-(16; 6; 2) design, where two letters are
in ident if they o ur together in a ell of the re tangle.
The number of olumns ontaining a given pair of letters from distin t
alphabets is 1 if the two letters are in ident, 3 otherwise.
In this se tion we onstru t an in nite sequen e of su h designs.
A symmetri balan ed in omplete-blo k design (SBIBD) an, like any
in iden e stru ture, be represented by a graph (its in iden e graph or Levi
graph ). The vertex set of the graph is the disjoint union of two sets X1
and X2 , and ea h edge has one end in X1 and the other in X2 . If the design
is a 2-(v; k; ) design, the graph has the properties
jX1j = jX2j = v;
for fi; j g = f1; 2g, any point in X has exa tly k neighbours in X ;
i j
for fi; j g = f1; 2g, any two points in X have exa tly neighbours in
i
Xj .
>From su h a design, we obtain a resolved design with r = 2 lasses of
blo ks as follows: the treatments are the t = vk edges of ; for i = 1; 2, the
blo ks in the ith lass onsist of the sets of edges on ea h of the verti es of
Xi (so that there are v blo ks of k in ea h lass).
Any regular bipartite graph has a 1-fa torisation, a partition of the edge
set into k lasses of v edges ea h, where the edges of ea h lass partition the
27
verti es. (This follows from Hall's Marriage Theorem.) This partition of the
edge set (treatment set) is orthogonal to the two blo k partitions. Using it,
we an represent the design by a Latin re tangle as follows. Number the
elements of Xi from 1 to v for i = 1; 2, and number the 1-fa tors from 1 to
k; then the (i; j ) entry in the k v re tangle is the number of the vertex in
X2 joined to the vertex j of X1 by an edge of the 1-fa tor numbered i.
In the ase of a SBIBD arising from a di eren e set in a group A, we
have an a tion of A on the graph so that the orbits are X1 and X2 and
the a tion on ea h orbit is regular. In this ase, A permutes the edges in k
orbits ea h of size v , forming the desired 1-fa torisation.
A system of linked SBIBDs, or SLSD for short, an be represented by a
multipartite graph with r lasses X1 ; : : : ; Xr , satisfying the onditions
for any distin t i; j , the indu ed subgraph on Xi [ Xj is the in iden e
graph of a SBIBD (with parts Xi and Xj ), having parameters 2-(v; k; )
independent of i and j ;
there exist integers x and y su h that, for any distin t i; j; k, and any
verti es pi 2 Xi and pj 2 Xj , the number of ommon neighbours of pi
and pj in Xk is equal to x if pi and pj are adja ent, and to y otherwise.
We annot onstru t a resolved design from a SLSD unless an extra on-
dition holds. A full lique in a SLSD is a set of verti es, ontaining one from
ea h of the sets Xi , whose verti es are pairwise adja ent. (So a full lique
ontains r verti es.) A full lique over is a set of full liques with the prop-
erty that every edge is ontained in exa tly one full lique in the set. (So
the number of full liques in a full lique over is vk.) Now if we have a full
lique over of a SLSD, we onstru t a design as follows: the treatments are
the t = vk full liques; for i = 1; : : : ; r, the blo ks in the ith lass are the sets
of full liques in the over ontaining ea h of the verti es in Xi . Ea h of the
r blo k lasses ontains v blo ks of size k.
A 1-fa tor is a set of v full liques overing all verti es just on e; a 1-
fa torisation is a partition of the full liques into 1-fa tors. (Thus, it is a
partition of the treatments into k sets of v , whi h is orthogonal to ea h blo k
partition.) I do not know whether 1-fa torisations always exist. However,
if there is a group A of automorphisms whose orbits are X1 ; : : : ; Xr and
whi h a ts regularly on ea h orbit, then the orbits of A on full liques form
a 1-fa torisation.
28
If we have a 1-fa torisation, then we an represent the design by a k n
re tangle whose entries are (r 1)-tuples, similarly to before. We number
the elements of ea h set Xi from 1 to n, and the 1-fa tor from 1 to k; then
the (i; j ) entry of the re tangle is the (r 1)-tuple (l2 ; : : : ; lr ), where li is the
point of Xi lying in a full lique of the ith 1-fa tor with the j th point of X1 .
This is the representation used in [21℄.
The onstru tion of the designs is based on properties of bilinear and
quadrati forms over F = GF(2). Let B be any alternating bilinear form
on a 2n-dimensional ve tor spa e over F . The set Q(B ) of quadrati forms
whi h polarise to B has 22n members. If Q is one member of this set, then
all others an be obtained by adding linear forms to Q. Suppose that B is
non-degenerate. Then any linear form an be written as L(x) = B (v; x) for
some ve tor v 2 V . So
Q(B ) = fQ(x) + B (v; x) : v 2 V g = fQ(x + v) + Q(v) : v 2 V g:
Let X = fx 2 V : Q(x) = 0g be the set of zeros of Q. Then the set of zeros
of Q(x) + B (v; x) is obtained by translating X by v , and omplementing this
set in V if Q(v ) = 1. So any quadrati form in Q(B ) has either N or 22n N
zeros, for some N . We an take N = 22n 1 + 2n 1 , where = 1; the form
Q has type if it has 22n 1 + 2n 1 zeros (Theorem 2.3).
Now the set X of zeros of Q is a di eren e set in the additive group of
the ve tor spa e V , and so gives rise to a symmetri BIBD, whose points are
the ve tors in V and whose blo ks are the translates of X ; as we have seen,
these are the zero sets of the quadrati forms in Q(B ), omplemented in the
ase of forms of type opposite to that of B .
This design has a more symmetri al des ription, as follows. (The proof
that this is the same is an exer ise, or is given in [9℄.) Let B1 and B2 be two
alternating bilinear forms on V , whose di eren e B1 B2 is non-degenerate.
Then the points and blo ks of the SBIBD are the sets Q(B1 ) and Q(B2 )
respe tively; a point Q1 and blo k Q2 are in ident in the design D if and
only if the form Q1 Q2 (whi h is non-singular) has type .
The design D has v = 22n , k = 22n 1 + 2n 1 and = 22n 2 + 2n 1 .
Let V be a ve tor spa e of dimension 2n over the eld F = GF(2). Given
a non-degenerate set B of alternating bilinear forms and a value = 1, we
de ne a SLSD S (B) as follows: the elements are the quadrati forms in the
sets Q(B ) for B 2 B; forms Qi 2 Q(Bi ) and Qj 2 Q(Bj ) are in ident if
Qi Qj has type . It follows from the des ription of the designs that the
29
rst ondition in the de nition of a SLSD is satis ed; see [9℄ for a proof that
the se ond ondition holds too.
The largest non-degenerate sets are the Kerdo k sets; but these do not
have full lique overs in general. However, there is a onstru tion whi h
produ es sets of ardinality 2n ; it is these whi h we use.
Let K = GF(2n ). There is a F -linear map from K onto F , the tra e map,
given by n 1
Tr(x) = x + x2 + x2 + + x2 :
2
(Note that x2n = x for all x 2 K .)

Let V be a 2-dimensional ve tor spa e over K . By restri ting s alars
from K to F , V be omes a 2n-dimensional ve tor spa e over F . If b is an
alternating bilinear form on V as K -spa e, then B = Tr(b) is an alternating
bilinear form on V as F -spa e; and B is non-degenerate if and only if b is.
Similarly, the tra es of the quadrati forms (on the K -spa e V ) polarising to
b are pre isely the quadrati forms (on the F -spa e V ) polarising to B .
Now take b to be any non-degenerate alternating bilinear form on the
K -spa e V (for example, take b((x1 ; x2 ); (y1 ; y2)) = x1 y2 x2 y1 ). Then b is
also a non-degenerate alternating bilinear form, for any non-zero 2 K . We
have
Tr( 1 b) Tr( 2 b) = Tr(( 1 2 )b)
for 1 6= 2 . So the 2n forms
fTr( b) : 2 K g
omprise a non-degenerate set of ardinality 2n , and so give rise to a SLSD
with r = 2n .
We must now produ e the full lique over and its 1-fa torisation. The
argument uses a little group theory.
Theexpli it form
of b given in the last se tion is the determinant of the
x 1 x 2
matrix y y . It follows from this that the spe ial linear group SL(2; 2n)
1 2
of 2 2 matri es of determinant 1 over K preserves b, and hen e ea h of the
forms Tr( b). Thus the produ t A SL(2; 2n), where A is the additive group
of V , a ts on the SLSD, xing ea h of the sets X1 ; : : : ; Xr . (In fa t it a ts
doubly transitively on ea h Xi .)
The subgroup xing a point pi of Xi is a omplement to A in this produ t,
and so is isomorphi to SL(2; 2n); it is transitive on the remaining points of
30
Xi and has two orbits on Xj for all j 6= i, namely, the points in ident and
non-in ident to pi . If pj 2 Xj is a point in ident with pi , then the stabiliser of
pi and pj is a dihedral group of order 2(2n ). Now all su h dihedral groups
in our group A SL(2; 2n) are onjugate (they are the normalisers of Sylow
p-subgroups, where p is a prime divisor of 2n ); so this subgroup xes one
point pl in ea h set Xl . Moreover, these points pl are pairwise in ident. For,
if pl and pm were not in ident, their stabiliser would be a dihedral group of
order 2(2n + ); but this number does not divide 2(2n ).
Now the set of all these points pl is a full lique. It is the unique full
lique ontaining pi and pj whi h is stabilised by a dihedral group of order
2(2n ). So we have onstru ted a full lique over.
Now the orbits of the group A on these full liques form the required
1-fa torisation, as we des ribed earlier.
Exer ise 7.1 Complete the proof that a non-degenerate set of alternating
bilinear forms gives rise to a SLSD.
8 Extraspe ial 2-groups

An extraspe ial 2-group is a 2-group whose entre, derived group, and Frattini
subgroup all oin ide and have order 2. Su h a group E has order 22n+1 for
some n. If (E ) is the entre, then we an identify (E ) with the additive
group of F = Z2. Sin e squaring (the map e 7! e2 ) is a fun tion from E
to (E ), the fa tor group E is elementary abelian of order 22n , and an be
identi ed with the additive group of a 2n-dimensional ve tor spa e over F .
Now the stru ture of the group an be de ned in terms of the ve tor
spa e. Commutation (the map (e; f ) 7! [e; f ℄ = e 1 f 1 ef ) is a fun tion
from E E to (E ). Observing that [ez; f ℄ = [e; fz ℄ = [e; f ℄ for z 2 (E ),
we see that it indu es a map from E E to F . It is readily he ked that this
map is a non-singular alternating bilinear form B . (This explains why jE j is
an even power of 2.) We also have that (ez )2 = e2 for z 2 (E ), so squaring
indu es a quadrati form Q : E ! F , whi h polarises to B .
The ve tor spa e E , with the bilinear form B and quadrati form Q,
determine the stru ture of the extraspe ial group E . From the lassi ation
of quadrati forms, we on lude that there are just two extraspe ial groups
of order 22n+1 for any n (up to isomorphism).
A subgroup S of E is normal in E if and only if it ontains (E ). For
su h a subgroup, S = S= (E ) is a subspa e of E . If we start with S < E we
31
ould have the orresponding S < E ontaining (E ) or not, but normality
of S does not matter in what follows. The following are immediate:
(a) S is abelian if and only if S is totally isotropi ;
(b) S is elementary abelian if and only if S is totally singular.
Consider the ase n = 1. The quadrati form x1 x2 orresponds to a
group generated by two elements of order 2 with produ t of order 4; this is
the dihedral group D8 . The form x1 x2 + x21 + x22 orresponds to a group in
whi h all six non- entral elements have order 4; this is the quaternion group
Q8 . The singular forms orrespond to groups whi h, while having a entral
subgroup of order 2 with elementary abelian quotient, are not extraspe ial;
x21 orresponds to C2 C4 , and 0 to C2 C2 C2 .
Two extraspe ial 2-groups are isomorphi if and only if the orrespond-
ing quadrati forms are equivalent. So our lassi ation of quadrati forms
(Theorem 2.1) gives the following result:
Theorem 8.1 For ea h m 1, there are (up to isomorphism) just two
extraspe ial 2-groups of order 22m+1 .
The groups are determined by the quadrati forms. They an also be
des ribed in a more group-theoreti manner as follows.
Let G1 , G2 be groups, Z1 ; Z2 subgroups of (G1) and (G2) respe tively,
and : Z1 ! Z2 an isomorphism. The entral produ t G1 Æ G2 of G1 and G2
with respe t to is obtained from the dire t produ t G1 G2 by identifying
ea h element z 2 Z1 with its image z 2 Z2 ; in other words, it is the group
G1 Æ G2 = (G1 G2 )=N;
where N = f(z 1 ; z) : z 2 Z1 g.
Now if the quadrati forms Q1 and Q2 on V1 and V2 give rise to groups
E1 and E2 as above, and we take to be the unique isomorphism from (E1 )
to (E2 ), then the group asso iated with the form Q1 + Q2 on V1 V2 is the
entral produ t E1 Æ E2 .
Hen e the two extraspe ial groups of order 22m+1 an be written as
D8 Æ D8 Æ Æ D8 Æ D8 (m fa tors) and
D8 Æ D8 Æ Æ D8 Æ Q8 (m fa tors).
32
Exer ise 8.1 Let Q be a non-singular quadrati form on a spa e of odd
dimension V over Z2. Show that Q vanishes on half of the ve tors in V .
Exer ise 8.2 Let Q be a (possibly singular) quadrati form on a ve tor
spa e V of dimension 2n over Z2, whi h polarises to B . The radi al of B is
de ned to be the set
fv 2 V : B (v; w) = 0 for all w 2 V g:
(a) Show that the radi al has even dimension 2d.
(b) Show that the number of zeros of Q is
22n 1 + 2n+d 1 ;
for some 2 f+1; 0; 1g.
Exer ise 8.3 Prove that the quadrati forms
x1 x2 + x3 x4
and
x21 + x1 x2 + x22 + x23 + x3 x4 + x24
are equivalent.
Dedu e that D8 Æ D8
= Q8 Æ Q8 .
9 Quantum omputing
We give a brief review of the on ept of publi -key ryptography, the RSA
system (its most popular realisation), and the relevan e a fast quantum algo-
rithm for fa torising large integers would have for this system. No attempts
at rigorous de nitions of omplexity lasses or proofs of the assertions will
be given.
In any ryptosystem, the plaintext to be transmitted is en rypted by
some algorithm depending on additional data alled the key, to produ e
iphertext. The re ipient uses another algorithm to re over the plaintext
from the iphertext and key. The simplest example is the one-time pad, the
only provably se ure ipher system. The plaintext is rst en oded as a string
33
of bits of length n, say a1 a2 : : : an . The key onsists of a string b1 b2 : : : bn
of n random bits, produ ed by some physi al randomising pro ess su h as
tossing oins. The en ryption algorithm is bitwise addition; so the iphertext
is 1 2 : : : n , where i = ai + bi (addition mod 2). The de ryption algorithm
in this ase is identi al to the en ryption algorithm: add the key bitwise
(sin e i + bi = ai ). The iphertext is itself a random string of bits, so an
inter eptor without knowledge of the key is unable to gain any information.
(The se urity of this system was proved by Shannon.)
Note that both the sender and the re ipient must have the key, whi h
must be kept se ret from the inter eptor. The key must either be shared on
a previous o asion, or onveyed by a hannel whi h is known to be se ure.
Publi -key ryptography was invented by DiÆe and Hellman in 1975. (In
fa t, the same idea had been invented six years earlier by James Ellis, an em-
ployee of GCHQ, who was unable to publish it be ause of his employment.)
The idea is that the en ryption algorithm and the key are made publi , but
the de ryption is so demanding of omputational resour es that this knowl-
edge is of no use to the inter eptor. However, the re ipient (who publishes
the key) has some additional information, the se ret key, whi h makes the
de ryption mu h easier.
More formally, let M be the set of plaintext messages, C the set of ipher-
text messages, and K the set of keys. An en ryption system onsists of a pair
of fun tions, en ryption e : M K ! C , and de ryption d : C K ! M ,
su h that d(e(m; k); k) = m for all m 2 M and k 2 K . A publi -key system
also has a set S of se ret keys, and an inverse pair of fun tions p : S ! K
and q : K ! S su h that
omputation of e(m; k) and p(s) are easy;
omputation of d( ; k) and q(k) are diÆ ult;
if q(k) is known, then omputation of d( ; k) is easy (in other words,
omputation of d( ; p(s)) is easy).
Ea h user i of the system sele ts an element si 2 S , omputes ki = p(si ),
and publishes the result. If user j wants to send a message m to user i, she
looks up ki in the publi dire tory, omputes = e(m; ki ), and transmits
this iphertext. Now i omputes d(m; q (si )) = d(m; ki) = m. An inter eptor
knows and ki but is fa ed with the diÆ ult tasks of either omputing
d(m; ki) dire tly or omputing si = q (ki).
34
The RSA system works as follows. Ea h se ret key onsists of a pair p; q
of large prime numbers (of hundreds of bits), and an integer a oprime to
(p 1)(q 1). From this, by Eu lid's algorithm, one omputes b su h that
ab 1 (mod (p 1)(q 1)). Now the publi key is the pair (N; a), where
N = pq . The en ryption algorithm takes the message m, whi h is en oded
as an integer less than N , and omputes the iphertext = ma mod N . The
possessor of the se ret key an de rypt this by raising it to the power b mod
N , sin e
b
= mab m1 = m mod N:
(We use the fa t that (N ) = (p 1)(q 1), and Fermat's Little Theorem
asserting that m(N ) 1 (mod N ).
Of the inter eptor's two strategies, the se ond ( al ulating the se ret key)
involves fa torising N , so that b an also be al ulated. It is thought that,
for most hoi es of se ret key, the rst strategy (de rypting using the publi
key) is also equivalent to fa torising N . An intermediate strategy would be
to nd b su h that mab m (mod N ) for all m. This amounts to nding
u su h that mu 1 (mod N ), for then b an be found by the Eu lidean
algorithm. But the smallest su h u is the least ommon multiple of (p 1)
and (q 1); knowledge of this determines (p 1)(q 1) and hen e p and q .
So the se urity of the method depends on the assumption that fa torising
large numbers is a hard problem.
In a dramati re ent development, Peter Shor gave a randomised algo-
rithm for fa torising an integer in polynomial time on a quantum omputer.
We give only a brief a ount of quantum omputing: see [22℄ for more details.
Classi ally, a single bit of information an take either the value 0 or
1, whi h we regard as lying in the set Z2. By ontrast, a quantum state
an be a superposition, or linear ombination, of these two opposite states,
with omplex oeÆ ients. A ordingly, a qubit, or quantum bit, lives in a
2-dimensional Hilbert spa e (a ve tor spa e over the omplex numbers with
Hermitian inner produ t). A state is a 1-dimensional subspa e, whi h we
normally represent by a unit ve tor spanning it. So we take an orthonormal
basis of the spa e to onsist of the two ve tors e0 and e1 , orresponding to
the values zero and one of the qubit. An arbitrary state of the qubit is
represented by e0 + e1 , where j j2 + j j2 = 1.
A ording to the usual interpretation of quantum me hani s, we annot
observe the state dire tly. We an make a measurement, orresponding to a
Hermitian (self-adjoint) operator on the spa e. The result of the measure-
35
ment will be an eigenvalue of the operator. This result is not deterministi ;
di erent results will o ur with appropriate probabilities. For example, we
ould measure the qubit in our example. The measurement ould orrespond
to the operator of orthonormal
proje tion onto the spa e spanned by e1 (in
0 0
matrix form, 0 1 ). The eigenvalues of this operator are 0 and 1, orre-
sponding to the eigenve tors e0 and e1 . If the system is in the state e0 + e1 ,
then we obtain the result 0 with probability j j2 , and the result 1 with prob-
ability j j2 . However, the measurement hanges the state of the system;
after the measurement, the system is in a state spanned by an eigenve tor
orresponding to the eigenvalue obtained in the measurement. (If we nd
the value 0 for the qubit, the system will be in the state e0 , and information
about and is lost.)
Again, in the lassi al ase, we an represent n bits by an n-tuple of whi h
ea h entry is zero or one, that is, an element of V = Zn2 . Correspondingly,
an n-tuple of qubits lives in a omplex Hilbert spa e having an orthonormal
basis orresponding to V . We write a typi al ve tor in V as v , and denoten by
ev the orresponding basis ve tor of the 2n -dimensional Hilbert spa e C 2 .
Note that the Hilbert spa e is isomorphi to the tensor produ t of n
opies of the 2-dimensional Hilbert spa e in whi h a single qubit lives. If
v = (v1 ; v2 ; : : : ; vn ), where vi 2 Z2 = f0; 1g for i = 1; 2; : : : ; n, then
ev = ev1 ev2 e n: v
Why the tensor produ t? Peter Shor [25℄ says:

One of the fundamental prin iples of quantum me hani s is that
the joint quantum state spa e of two systems is the tensor produ t
of their individual state spa es.
The tensor produ t of two spa es is the ùniversal bilinear produ t' of the
spa es. If fe1 ; : : : ; em g and ff1 ; : : : ; fn g are bases for the two spa es V and W ,
then a basis for the tensor produ t V W onsists of all symbols ei fj , for
i = 1; : : :P
; m and j = 1; : : : ; n. (NotePn
that dim(V W ) = dim(V ) dim(W ).)
For v = i=1 i ei 2 V and w = j =1 j fj 2 W , we set
m
X
m
X
n
v w= i j ( ei fj ):
i =1 j =1
36
Note that, in ontrast to the ase of a dire t sum, not every ve tor in the
tensor produ t an be written as a pure tensor v w.
A remark on notation. We do not use Dira 's bra and ket notation beloved
of physi ists. However, we do have to keep straight several di erent ve tor
spa es arrying various forms: we already have an n-dimensional spa e V
over Z2, and a 2n -dimensional omplex Hilbert spa e. Shortly we will meet
a 2n-dimensional Z2-spa e E with a symple ti form! We will use v; a; b for
typi al ve tors of V ; its standard basis will be fu1 ; : : : ; ung (where ui is a
ve tor with 1 in the ith position and 0 elsewhere), and the usual dot produ t
on V will be denoted by
X
n
ab= aj bj :
j =1
We doPnot give a spe ial name to the Hilbert spa e.PIts ve tors P have the
form
P v 2V
e
v v where v 2 C ; the inner produ t of e
v v and v ev is
v v.
The theoreti al quantum omputers whi h we will dis uss will be built
from `quantum ir uits'. A quantum ir uit is built out of \logi al quantum
wires," ea h orresponding to one of the n qubits, and quantum gates, ea h
a ting on one or two wires [25℄. A quantum gate is a unitary transformation,
sin e all possible physi al transformations of a quantum system are unitary.
Shor assumes that ea h gate a ts on either one or two wires; that is, ea h
maps 1 qubit to 1 qubit or 2 qubits to 2 and a ts as the identity on the
remaining qubits. The reason that we are able to restri t ourselves to one- or
two-bit gates is the fa t that, as in lassi al rst-order logi , a small number of
operations forms a ùniversal set' up from whi h all possible operations an be
built. In the ase of quantum omputing, in the words of Shor [25℄, \CNOT
together with all quantum one-bit gates forms a universal set." CNOT here
refers to the two-bit ontrolled not gate whi h takes the basis ve tor e(x;y) of
C 4 = C 2 C 2 to e(x;x+y) . It is learly a unitary transformation, and is given
the name ` ontrolled not' be ause the target bit y is negated or not a ording
as the ontroller bit x equals 1 or 0.
It is the two-qubit gates, and therefore CNOT in parti ular, whi h pro-
vides a quantum omputer with its inherent parallelism. These gates are
intrinsi ally global: there is no way to des ribe them by restri ting attention
to a single qubit. Be ause they a ept as input the tensor produ t of super-
positions (linear ombinations) of e0 and e1 , they are the gates that makes
the omputation quantum rather than lassi al.
37
As we mentioned, Shor [25℄ found a probabilisti algorithm whi h runs
in polynomial time on a quantum omputer. It depends on the following
observation. Suppose that we have omputed the order of x mod N , the
smallest number t su h that xt 1 (mod N ). Suppose that t is even, say
t = 2r. Then N divides xt 1 = (xr 1)(xr + 1). If xr is not ongruent to
1 mod N , then both xr 1 and xr + 1 have fa tors in ommon with N .
We an nd the g. .d.s of the pairs (N; xr 1) and (N; xr + 1) by Eu lid's
algorithm; then we know two di erent fa tors of N , and hen e the omplete
fa torisation in the RSA ase.
The basi idea of quantum omputation is to exploit the inherent paral-
lelism of quantum systems. Suppose, for example, that we want to ompute
2n values f (0); f (1); : : : ; f (2n 1) of a fun tion simultaneously. We repre-
sent the integer i by the binary ve tor v 2 V = Zn2 whi h is its expression
in base 2. Now, if n qubit registers are available, we an load them with a
superposition of the states ev , for v 2 V , as follows: rst load ea h register
with 0 (so that we have state e0 ); then apply the Hadamard transforma-
p
tion with matrix (1= 2) 1 1 ( orresponding to a 45Æ rotation of the
1 1
2-dimensional Hilbert spa e) to ea h qubit. The resulting state is
p1 n ev :
X
2 v2V
Now suppose that some quantum omputation repla es ev by a state rep-
resenting f (i), where v represents the integer i. Then, by the linearity of
the S hrodinger equation, the same omputation repla es the above super-
position by a superposition of the values f (i) for i = 0; : : : ; 2n 1. In the
fa torisation algorithm, we take f (i) = xi (mod N ), where 2n N and x is
some hosen integer oprime to N .
The last stage involves nding the period of f from the above superpo-
sition, whi h is done by use of the dis rete Fourier transform. The Fourier
transform of f is on entrated on multiples of the period, so an observation
of the result will with high probability give a small multiple of the period.
Let us take as an example the urrent obje tive of quantum omputing,
the fa torisation of 15. We take x = 2. Suppose that we have 8 qubit registers
arranged in two banks of four, so that states of the system have the form
X
avw (v w)
2
v;w V
38
in the spa e C 24 C 24 . For onvenien e we write ei in pla e of ev , where
i is the integer in the range [0; 15℄ whose base 2 representation is v . We
begin with the state e0 e0 (that is, all registers ontain zero). Then by
applying a Hadamardtransform to ea h of the rst four qubits, we obtain
P
(up to normalisation) e e0 . The ru ial part of the omputation
i2[0;15℄ i
repla es ei e0 with ei e2i mod 15 . Apart from normalisation, the state is
now
(e0 + e4 + e8 + e12 ) e1 + (e1 + e5 + e9 + e13 ) e2 + :
We extra t the period 4 from the rst four registers by a dis rete Fourier
transform. Now we know that 15 divides (24 1) = (22 1)(22 + 1) = 3 5,
so the two fa tors of 15 are (15; 3) = 3 and (15; 5) = 5.
See Shor [24, 25℄ for further details.
10 Quantum odes
We see that quantum omputing is a te hnology with very great potential

uses. What stands in the way of its implementation is the large error rate,
aused by the fa t that a single bit or qubit is stored by a single ele tron,
instead of by billions of ele trons as in a onventional omputer. It is widely
believed that a quantum omputer large enough for real appli ations will
have to be `fault-tolerant', that is, error- orre tion must be built in so that
the errors introdu ed by the gates and wires an be orre ted faster than
they o ur. The theory of quantum error- orre tion will be outlined below;
it has not been implemented yet.
The evolution of a quantum system is des ribed by a unitary transforma-
tion of the state spa e. We onsider èrrors' to a single qubit represented by
the following unitary matri es:

X = 01 10 (bit error)

1
Z= 0 1 0 (phase error)
The e e t of X is to inter hange the basis ve tors e0 and e1 (the zero and
one states of the qubit). The e e t of Z is to hange the relative phase of
the oeÆ ients and of an arbitrary state (the argument of = ) by 180Æ .
39
(The arguments of and have no absolute signi an e, so we ould as well
use Z , but the given hoi e is more onvenient.)
Along with X and Z , we also allow the identity I (no error) and the
produ t Y = XZ = ZX . (It is more usual in quantum me hani s to set
Y = iXZ ; then X; Y; Z are the standard Pauli spin matri es. Note that X ,
Z and iXZ are Hermitian (or self-adjoint). However, Y = XZ is unitary,
and then everything an be written with real oeÆ ients. A reason to use
Y = iXZ is that then Y is onjugate to both X and Z , whi h means a
hange of basis transforms any one to any other, and we an regard all three
non-trivial errors are equally likely. However, we shall see that the dis rete
mathemati s is the same whether we make this hoi e or the simpler real
hoi e, so in what follows, we use Y = XZ .)
There is a simple expression for the e e t of X and Z on the basis fe0 ; e1 g.
We use the onvention that ( 1)0 = 1 and ( 1)1 = 1, where the exponent
is taken from the nite eld Z2. Then we have, for v 2 Z2,
Xev = ev+1 ; Zev = ( 1)1v ev :
Now we an apply these errors ` oordinatewise' to n qubits. If uj denotes
the j th basis ve tor for V = Zn2 , then the errors to the j th qubit a t on the
2n -dimensional Hilbert spa e with basis fev : v 2 V g as
X (uj ) : ev 7! ev+uj ;
Z (uj ) : ev 7! ( 1)vuj ev :
Then we an de ne X (a), Z (b) for any ve tors a; b 2 V by
X (a) : ev 7! ev+a ;
Z (b) : ev 7! ( 1)vb ev :
Then fX (an) : a 2 V g and fZ (b) : b 2 V g are groups of unitary transforma-
tions of C 2 whi h are both isomorphi to the additive group of V . Together
they generate the group
E = hX (a); Z (b) : a; b 2 V i = fX (a)Z (b) : a; b 2 V g;
a group of order 2 2n 2n = 22n+1 .
We all E the group of allowable errors, or, for short, the error group. It
an also be written in the form
E = fA1 A : A 2 fI; X; Y; Z g for j = 1; : : : ; ng:
n j
40
Why do we only onsider these parti ular errors? A quantum ode an
orre t any one-qubit error if and only if it an orre t the errors X (uj ), Y (uj )
and Z (uj ) for all j . This follows from the fa t that the matri es I; X; Y; Z
span the 4-dimensional spa e of all 2 2 matri es: see [4, 9℄.
In our set-up, the error group
E = fX (a)Z (b) : a; b 2 V g
is an extraspe ial 2-group of order 22n+1 . Its entre is (E ) = fI g, and
E = E= (E ) is a ve tor spa e over F . This is the third, and most important,
ve tor spa e with whi h we have to deal. (See Se tion 8.)
We use the notation (ajb) for the element of E whi h is the oset of (E )
ontaining X (a)Z (b). (This oset is fX (a)Z (b); X (a)Z (b)g.) We use for
the bilinear form on E derived from ommutation on E . In other words,
0 0
[X (a)Z (b); X (a0 )Z (b0 )℄ = ( 1)(ajb)(a jb ) I:
A short al ulation shows that
(ajb) (a0 jb0 ) = a b0 a0 b;
where is the dot produ t on V . (Of ourse, we an repla e the sign by a
+ sign sin e the hara teristi is 2.) Thus, two elements e; f 2 E ommute
if and only if e f = 0.
The quadrati form will be denoted by Q: that is,
(X (a)Z (b))2 = ( 1)Q(ajb) I:
Note that in fa t Q(ajb) = a1 b1 + + an bn . (If we had made the hoi e
Y = iXZ instead of Y = XZ , we would need to enlarge our group E to
in lude iI . As a onsequen e, E would have a larger enter, (E ) = f(i`)I :
` = 0; 1; 2; 3g. Nonetheless, the fa tor group E= (E ) would be \the same"
elementary abelian 2-group of order 22n , and ommutation on E would give
the same bilinear form on this version of E . However, we would lose the
quadrati form on E in this ase sin e e2 would not be well-de ned on E .)
More on notation. The basis f(uj j0); (0juj ) : j = 1; : : : ; ng is a symple ti
basis for E . We will reserve the symbol ? for orthogonality in this spa e (with
respe t to the form ). We also make another use of ?, derived from this
one. If S is a subgroup of E , then we let S ? be the entraliser of S in E . (If
S 0 = CE (S ), then S 0 = S ?, so the notation is onsistent.)
41
To avoid onfusion with orthogonality in E , we use a non-standard symbol
for orthogonality of ve tors in V . For U V we'll write U z = fv 2 V : v u =
0 for all u 2 U g.
We will use h: : :iV , h: : :iE , h: : :iC for the subspa e of V , E or C 2n respe -
tively, spanned by a set : : :; and h: : :i (without adornment) will denote the
subgroup generated by : : :.
We are interested in abelian subgroups of E . Note that any set of mu-
tually ommuting transformations on the Hilbert spa e C 2n whi h ontains
the adjoints of all its elements is simultaneously diagonalisable, and has an
orthonormal basis onsisting of eigenve tors. Said otherwise, the ommon
eigenspa es of the transformations in the set are mutually orthogonal. Any
abelian subgroup of E satis es this.
Choose an abelian subgroup S of E . (Equivalently, hoose a subspa e S
?
of E for whi h S S .) Let dim(S ) = n k. As in the previous se tion, let
Q be an eigenspa e of S . Then the following hold.
(a) For s0 2 S ?, q 2 Q, we have s0 (q ) 2 Q.
(b)Any e 2 E permutes the eigenspa es Qu ; it xes Q if and only if it lies
in S ?; so E=S ? permutes the eigenspa es regularly.
( ) The eigenspa es of S are in one-to-one orresponden e with the har-
a ters of S : an eigenspa e Q0 determines a hara ter of S satisfying
s(q ) = (s)q for s 2 S and q 2 Q0 with ( I ) = 1 if I 2 S ; thus
de nes a hara ter of S .
Now ( ) implies that S has 2n k eigenspa es, one for ea h hara ter of S ;
sin e E=S ? permutes these regularly ea h must haven the same dimension,
and sin e they form an orthogonal de omposition of C 2 , this dimension must
be 2k .
Choose Q to be the eigenspa e orresponding to the trivial hara ter.
Then we have, as in the example above:
(d) For s 2 S , q 2 Q, we have s(q ) = q .
Now Q has dimension 2k , and is isomorphi to the spa e of k qubits, but
the embedding of Q in the larger spa e `smears out' the k qubits over the
spa e of n qubits. (This is exa tly analogous to the situation in lassi al
error- orre ting odes: there, V = Zn2 is the spa e of n bits, and if G is a
42
generator matrix for C then C = fxG : x 2 Zk2 g is a k-dimensional linear
ode, whi h `smears out' the k information bits of x over the spa e V .) So
Q will be our quantum error- orre ting ode.
In the lassi al ase, a message onsists of n bits, that is, it is a ve tor in
V . Errors are also ve tors in V : we have `re eived word equals transmitted
word plus error'. The zero error has no e e t. If we use a ode C , then errors
in C are undete table. There will be a set E of so- alled orre table errors.
They have the property that, if e; f 2 E with e 6= f , then e f 2= C n f0g,
that is, e f is not an undete table error. This means that we an dete t
the addition of an error to a odeword, and we do not onfuse the e e ts
of di erent errors (as long as they lie in E ). The ommonest situation is
that when C has minimum weight at least d, when E onsists of all words of
weight at most b(d 1)=2 .
Table 1 ompares the situation in the lassi al and quantum ases.
Classi al Quantum
Message n bits, in Z2 = V
n
n qubits, in C 2n
Error group V E
e(z ) = z + v e(z ) as before
Code C V , dim(C ) = k Q C 2n , dim(Q) = 2k
Undete table CV S? E
errors
Errors with f0g C S S?
no e e t
Corre table EV EE
errors e; f 2 E ) e; f 2 E )
e f 2= C n f0g f 1 e 2= S ? n S
Table 1: Classi al and quantum error orre tion
We now give the basi result of Calderbank, Rains, Shor and Sloane,
whi h is the quantum analogue of the observation on page 2.
Theorem 10.1 With the notation as above, assume that the minimal q-
?
weight of S n S is d 2e + 1. Then Q orre ts errors in e qubits.
Here, the quantum weight, or q-weight, of (ajb) 2 E (or, equivalently, of
X (a)Z (b) 2 E ) is the number of oordinates j in whi h either aj 6= 0 or
43
bj 6= 0 (in other words, the number of qubits whi h have su ered a bit error,
a phase error, or both). The theorem asserts that, if E is the set of elements
with q-weight at most b(d 1)=2 , then we have e; f 2 E ) f 1 e 2= S ? n S .
We will use [[n; k; d℄℄ to denote su h a ode; the double bra kets to distinguish
it from a lassi al [n; k; d℄ binary ode.
Suppose Q is an additive ode, that is, Q is the +1 eigenspa e for S E ,
and E is the set of orre table errors for Q. Here is how de oding works.
Suppose the odeword q 2 Q is sent, but the re eived message is z = e(q ) for
some e 2 E . If s1 ; : : : ; sn k are a set of generators for S , then by al ulating
sj (z ) = (sj )z for 1 j n k (the syndrome of e) , we an identify
the hara ter and therefore the eigenspa e Q0 ontaining z . We know Q0 =
f (Q) for some f 2 E , and we de ode z to f 1 (z ) = f 1 e(q ). (Noti e that this
de oding step does not require knowing e or q .) In order for this pro edure
to lead us to the orre t odeword q it's ne essary that e(Q) = f (Q) for
e; f 2 E should imply f 1 e(q ) = q . But that is exa tly our ondition on E :
f 1 e annot be in S ? n S .
Now, the extra ondition that distin t e and f in E should produ e inde-
pendent ve tors e(q ) and f (q ) means that f (Q) = e(Q) implies f = e. We
will say that the ode is non-degenerate (or pure ) if it satis es the stronger
?
ondition that e; f 2 E implies f 1 e 2= S n f0g. So, in the spe ial ase of a
non-degenerate ode, identifying the oset ontaining z a tually identi es e
(rather than just enabling e to be orre ted).
Following the theorem in the previous se tion, to obtain an additive ode
mapping k qubits to n and orre ting errors in b(d 1)=2 qubits, we need to
nd a totally isotropi (n k)-dimensional subspa e S of the 2n-dimensional
?
binary spa e E with S n S having minimum q-weight d. In this se tion we
onstru t a spe i example of an [[8; 3; 4℄℄ ode adapted from [7℄ and [14℄.
?
To begin, we need a 5-dimensional subspa e S S of the 16-dimensional
binary spa e E , and we would like the minimal non-zero q-weight of ve tors
?
in S to be 4.
Ve tors in E have the form (ajb) for a; b 2 V , where V is a binary spa e
of dimension 8. We base our onstru tion of S on the [8; 4; 4℄ extended
Hamming ode mH d 3 = H(3; 2), the self-dual ode obtained by extending the
[7; 4; 3℄ Hamming ode H(3; 2) by adding a parity- he k bit to ea h ve tor.
(We now use the hat notation for the usual dual ode, to avoid onfusion
with our overloaded overbar.)
44
We onstru t H3 by spe ifying a 37 parity- he k matrix H . The olumns
of H will onsist of all possible non-zero ve tors in Z32 ' GF(8). We do this
by hoosing a generator = 3 + 1 of the multipli ative group of GF(8), and
letting the olumns of H be 6 ; : : : ; ; 1, (where x 2 + y + z is written as
the olumn [x; y; z ℄>) giving
2 3
1 1 1 0 1 0 0
H=4 0 1 1 1 0 1 0 5
1 1 0 1 0 0 1
This onstru tion of H makes it easy to see that H3 is a y li ode: if
v = (v1 ; : : : ; v7 ) is in H3 , so is its y li shift v 0 = (vn ; v1 ; : : : ; vn 1 ). From H
we easily obtain a generator matrix G for H3 |re all a ode is the row spa e
of its generator matrix.
2 3
1 0 0 0 1 0 1
G0 = 6
6 0 1 0 0 1 1 1 7
7
4 0 0 1 0 1 1 0 5
0 0 0 1 0 1 1
Sin e the ve tor 1 = (1; 1; 1; 1; 1; 1; 1) is in H3 , we get another generator
matrix G1 by adding 1 to ea h row of G0 .
2 3
0 1 1 1 0 1 0
G1 = 6
6 1 0 1 1 0 0 0 7
7
4 1 1 0 1 0 0 1 5
1 1 1 0 1 0 0
We obtain the [8; 4; 4℄ extended Hamming ode Hb3 by adding a parity he k
bit to the front of ea h ve tor in H3 so that the resulting ve tor has even
H-weight. The minimum H-weight of nonzero ve tors in H3 is 3, and the
minimum H-weight is 4 for Hb3 . Moreover, Hb3 = Hb3z .
Finally, we're ready to des ribe a 5 16 generator matrix for S . Let a be
the last row of G1 and b be its rst. Let a1 be the extension of a and b1 be
the extension of b, two ve tors in Hb3 . Next a2 is the extension of the y li
shift a0 , and b2 is the extension of b0 . Similarly a3 and b3 are extensions of a00
and b00 . We take a4 = b5 to be the 8-tuple 1 and a5 = b4 to be the 8-tuple 0.
45
The 5 16 matrix G(0) has for its rows the ve tors (a1 jb1 ); : : : ; (a5 jb5 ).
2 3
0 1 1 1 0 1 0 0 j 0 0 1 1 1 0 1 0
6
6 0 0 1 1 1 0 1 0 j 0 0 0 1 1 1 0 1 7
7
G(0) = 6
6 0 0 0 1 1 1 0 1 j 0 1 0 0 1 1 1 0 7
7
4 1 1 1 1 1 1 1 1 j 0 0 0 0 0 0 0 0 5
0 0 0 0 0 0 0 0 j 1 1 1 1 1 1 1 1
The rows of G(0) are linearly independent, so its row spa e S is of dimension
5. Be ause Hb3 = Hb3z , we see that (ai jbi ) (aj jbj ) = ai bj + aj bi = 0 for i; j =
? ? ?
1; : : : ; 5, so S S . The dimension of S is 16 5 = 11, and so S = S T
for T of dimension 6. We an hoose a basis f(aj j0); (0jbj ) : j = 1; 2; 3g for
T , and from this we an see that the minimum q-weight of S ? is 4.
Our ode Q is the +1 eigenspa e of the subgroup S < E a ting on the
28 -dimensional omplex ve tor spa e C2 : : : C2 . The subspa e Q is of
omplex dimension 23 ; Q thus maps 3 qubits to 8 qubits and orre ts errors
in E that a e t 1 qubit.
We now return brie y to the general theory, to des ribe a theorem of
Calderbank et al. [6℄ whi h shows how to onstru t additive quantum odes
from ertain self-orthogonal odes over GF(4). Re all that we have asso iated
a [[n; k; d℄℄ additive quantum odes to a n k-dimensional subspa e S of E (a
2n-dimensional ve tor spa e over Z2 = GF(2)) whi h is totally isotropi with
respe t to a symple ti inner produ t and for whi h the q-weight of S ? n S
is d.
In order to make the asso iation with odes over GF(4), we onstru t
yet another ve tor spa e, an n-dimensional ve tor spa e F n over the eld
F = GF(4) We will write F as f0; 1; !; !g where ! = ! 2 = 1 + ! . Note
that the ube of every non-zero element is equal to 1, sin e the multipli ative
group has order 3. Sin e ! and ! form a basis for F as ve tor spa e over
GF(2), we an write any ve tor of F n as !a + !b, where a and b are ve tors
of length n over GF(2). In other words, a; b 2 V . Now the map : E ! F n
de ned by
((ajb)) = !a + !b
is a bije tion, and is an isomorphism of GF(2)-ve tor spa es (if we regard
F n as a GF(2)-spa e by restri ting s alars). Sin e !aj + !bj 6= 0 if and only
if either aj 6= 0 or bj 6= 0, we have a very important property of : the
q-weight of a ve tor (ajb) 2 E is equal to the Hamming weight of its image
((ajb)) = !a + !b 2 F n .
46
Let Æ be the Hermitian inner produ t on F n ,
X
n
vÆw = vj wj :
j =1
There is a tra e map Tr from F to GF(2) de ned by
Tr( ) = + ;
so that Tr(0) = Tr(1) = 0 and Tr(! ) = Tr(!) = 1. The tra e map is linear
over GF(2). Now the map (x; y ) 7! Tr(x Æ y ) takes pairs of ve tors in F n to
GF(2). We have:
Tr((!a + !b) Æ (!a0 + !b0 )) = a b0 + a0 b = (ajb) (a0 jb0 ):
The proof of this fa t is just al ulation. Using the fa t that the Hermitian
inner produ t is linear in the rst variable and semilinear in the se ond, and
the fa t that a Æ b = a b for a; b 2 GF(2)n , we have
(!a + !b) Æ (!a0 + !b0 ) = a a0 + !a b0 + !b a0 + b b0 :
Taking the tra e now gives the result (using the linearity of tra e and the
fa t that Tr(1) = 0 and Tr(! ) = Tr(!) = 1).
Next we show that a subspa e of F n is totally isotropi (with respe t to
Æ) if and only if the orresponding subspa e of E is totally isotropi (with
respe t to ). The forward impli ation is lear. So suppose that W F n
is the image under of a totally isotropi subspa e of E . This means that
Tr(x Æ y ) = 0 for all x; y 2 W . Take x; y 2 W , and let x Æ y = . Then
Tr( ) = 0, and
Tr(! ) = Tr((!x) Æ y ) = 0
(sin e !x 2 W ); it follows that = 0.
To summarise: the spa e F n , on restri tion of s alars, be omes isomorphi
to E , by a map taking q-weight to Hamming weight; and subspa e of F n
is the image of a totally isotropi subspa e of E (with respe t to ) if and
only if it is totally isotropi (with respe t to Æ). Of ourse, not every totally
isotropi subspa e of E orresponds to a subspa e of W . (The image under
of a subspa e of E is a GF(2)-subspa e but not ne essarily a GF(4)-subspa e.)
These observations, together with Theorem 10.1, imply the following re-
sult of Calderbank et al. [6℄:
47
Theorem 10.2 If W is a totally isotropi (with respe t to the hermitian
inner produ t) `-dimensional subspa e of F n su h that W ? n W has mini-
mum Hamming weight d, then the above asso iates an additive [[n; n 2`; d℄℄
quantum ode to W .
So, in order to onstru t good quantum error- orre ting odes, we need
subspa es C of W su h that C ? n C has large minimum weight (where C ? is
de ned by the Hermitian inner produ t Æ. Examples an be obtained from
dual Hamming and BCH odes. We do not give details here.
11 Z4 - odes
We already noted the existen e of Kerdo k odes, whi h are non-linear (22n ; 24n )
odes with weight enumerator
2n 2n 1 n 2n 1 n 2n 1 2n 1
x2 + (24n 22n+1 )x2 +2 y 2 2 + (22n+1 2)x2 y2
1 1
2n 1 n 1 2n 2n 1 + y 22n :
+(24n 22n+1 )x2 +2 y 2
1
Moreover, these odes are distan e-invariant ; that is, the weight distribution
of u + C is the same as that of C for all u 2 C .
At about the same time, another family of non-linear binary odes, the
Preparata odes, were dis overed. They are also distan e-invariant, and their
weight enumerators are obtained from those of the Kerdo k odes by applying
the Ma Williams transformation. Thus, the Kerdo k and Preparata odes
behave formally like duals of ea h other. This strange formal duality was not
understood for a long time, until the paper of Hammons et al. [15℄ showed
that they arise from dual odes over Z4 by applying the so- alled Gray map.
The Gray map takes elements of Z4 to pairs of elements of Z2, as follows:
0 7! 00; 1 7! 01; 2 7! 11; 3 7! 10:
Note that it is an isometry between the set Z4 with the Lee metri
d(x; y ) = minfjx y j; 4 jx yjg
(so that d(x; y ) is the number of pla es round the y le separating x from
y ) and Z22 with the Hamming metri . (More generally, a Gray ode is a
Hamiltonian y le in the n-dimensional ube; it is used for analog-to-digital
48
onversion, sin e adja ent points in the y le are represented by words dif-
fering in only one oordinate. We are interested in the ase n = 2.)
The Gray map an be extended to a map from Zn4 to Z22n, for any n.
It is non-linear, so that it will in general take a linear ode in Zn4 (a subset
losed under addition) to a non-linear ode in Z22n. Hammons et al. showed
that the Kerdo k and Preparata odes do indeed arise from linear odes over
Z4 in this way; these linear odes are the Z4 analogues of the dual Hamming
and Hamming odes.
In the remainder of this se tion we outline the onstru tion of the binary
and quaternary odes and their onne tion with symple ti and orthogonal
geometry.
11.1 Orthogonal and symple ti geometry
Re all the de nition of the error group E of isometries of a real ve tor spa e
R N , N = 2m+1 , m odd. Let V = GF (2)m+1 , and let fev : v 2 V g be
an orthonormal basis of R N . The isometry X (a) takes ev to ev+a and Z (b)
takes ev to ( 1)bv ev for a; b 2 V ; X (a) des ribes \bit errors" in ea h qubit
for whi h the orresponding oordinate of a is nonzero, and Z (b) des ribes
\phase errors." The error group for a system of m + 1 qubits is
E = f( 1)` X (a)Z (b) : a; b 2 V; ` 2 Z2g:
Then E is an extraspe ial 2-group of order 2 22(m+1) .
From the group stru ture of E it follows that the quotient E = E= (E ) '
GF(2)2(m+1) has an orthogonal geometry. The quadrati form Q on E is given
by
e2 = ( 1)Q(e) I;
and the orresponding symple ti form is given by
[e; f ℄ = ( 1)ef I;
where e and f are in E and e and f are their images in E . The abelian
subgroups
X (V ) = fX (a) : a 2 V g and Z (V ) = fZ (b) : b 2 B g
give totally singular (m+1)-dimensional subspa es X (V ) and Z (V ) of E (that
is, subspa es on whi h Q vanishes identi ally). These totally singular spa es
49
are also totally isotropi : the symple ti form vanishes identi ally on them.
In fa t, every maximal totally singular subspa e of E has dimension m + 1
and arises as the image of an elementary abelian subgroup of E . Similarly,
every maximal totally isotropi subspa e of E also has dimension m + 1 and
arises as the image of an abelian subgroup of E . Thus, the quadrati form
has type +1 (or Witt index m + 1), and the extraspe ial group E is a entral
produ t of m + 1 opies of the dihedral group D8 (see Se tion 8.)
We don't need the physi s, but by way of motivation, re all from Se -
tion 10 that we might alternatively have onsidered an error group onsisting
of (Hermitian) symmetries of the omplex spa e ontaining the qubits. In
our urrent setting we need to onstru t this omplex geometry, but now we
do it entirely within the group E of symmetries of the real ve tor spa e.
First, we need a bit more notation. As before, let fu1 ; : : : ; um+1 g be the
standard basis for V , and let V 0 = hu1 ; : : : ; umi ' GF(2)m . Let
! = X (um+1 )Z (um+1 ) 2 E;
so ! 2 = I . This element of order 4 will play the role of i in our onstru tion
of a omplex ve tors spa e and a group of unitary transformations of it.
Let F be the entraliser in E of ! ,
F = CE (! ) = f( 1)` X (a)Z (b) : a um+1 = b um+1 ; ` 2 Z2g:
Exer ise 11.1 Show that if X (a)Z (b) is in F , then there are a0 ; b0 2 V 0 so
that either X (a)Z (b) = X (a0 )Z (b0 ) or X (a)Z (b) = !X (a0)Z (b0 ).
By the previous exer ise, an alternative des ription of F is
F = f! `X (a0 )Z (b0 ) : a0 ; b0 2 V 0 ; ` 2 Z4g;
whi h orresponds to the omplex error group of the pre eding hapter. It
is easily seen that F has order 4 22m and that F = F= (F ) ' GF(2)2m .
Be ause ! is of order 4, we may think of R + R ! as C . As a onsequen e,
we may regard the 2-dimensional real spa e hev ; ev ! i as a 1-dimensional om-
plex spa e. Under this identi ation, we an onsider fev0 : v0 2 V 0 g as an
N0
orthonormal basis of the omplex unitary spa e C , for0 N 0 = 2m = (1=2)N ,
and regard F as a subgroup of the unitary group U (C N ).
Sin e the square of an element ! `X (a0 )Z (b0 ) of F depends on ` as well as
on a0 and b0 , we annot de ne a quadrati form on F . However, ommutators
50
depend only on osets modulo (F ), so F does have a symple ti geometry
given by the bilinear form e f where e and f are preimages in E and
[e; f ℄ = ( 1)ef I:
Caution: Our overbar notation is now ambiguous, sin e E and F are binary
spa es of dimensions 2(m + 1) and 2m respe tively; however, ontext should
make lear whi h we intend.
Finally, following [5℄, we will need to onstru t two nite groups L
O(R N ) and L\ U (C N 0 ) normalizing E and F respe tively for whi h L=E '
O(2m + 2; 2) on E and L\ =F ' Sp(2m; 2) on F .
Exer ise 11.2 Let xj = X (uj ) and zj = Z (uj ), j = 1; : : : ; m + 1.
(a) Show that the images of these elements of E in E form a symple ti
basis of singular ve tors, with fxj : j = 1; : : : ; m + 1g a basis for the
maximal totally singular subspa e X (V ) and fzj : j = 1; : : : ; m + 1g a
basis for the maximal totally singular subspa e Z (V ).
(b) Show that fxj ; zj : j = 1; : : : ; mg are in F , and their images in F are
a symple ti basis with fxj : j = 1; : : : ; mg a basis for the maximal
totally isotropi subspa e X (V 0 ) and fzj : j = 1; : : : ; mg a basis for the
maximal totally isotropi subspa e Z (V 0 ).
In our onstru tions of L and L\ , we will be guided by the following
theorem.
Theorem 11.1 Let V be a ve tor spa e of dimension 2n with an alternating
bilinear form and a quadrati form of Witt index n polarising to it. If V
is a sum of maximal totally isotropi subspa es U and V , then Sp(V ) =
hSp(V )U ; Sp(V )W i. Further, if U and W are totally singular, then O(V ) =
hO(V )U ; O(V )W ; T i, where T is the orthogonal transformation inter hanging
u1 and v1 and xing the other ve tors of a symple ti basis of singular ve tors
fu1; : : : ; un; w1; : : : ; wng formed of bases of U and W .
The referen e for this theorem in [5℄ is to 43.7 in [1℄. Other useful ref-
eren es in lude the introdu tory material on the lassi al groups in [12℄, the
\di tionary" translating between matrix and Lie theoreti des riptions of
lassi al groups in [10℄, and the explanatory material in [20℄.
51
First we onstru t L. For an invertible binary (m + 1) (m + 1) matrix
A, we want an element of O(R N ) normalizing E and produ ing X (A; A >)
on E . Choose A~ taking the basis ve tor ev of R N to evA .
Exer ise 11.3 Verify that A~ 1 X (a)Z (b)A~ = X (aA)Z (bA >).
The des ription of the element of O(R N ) produ ing Y (C ) is more om-
pli ated. Choose an (m + 1) (m + 1) binary alternate matrix C . De ne
an alternate bilinear form BC on V by BC (u; v ) = uCv >. Let QC be any
quadrati form polarising to BC . De ne an element D(C ) 2 O(R N ) by
D(C )(ev ) = ( 1)QC (v) ev for v 2 V:
Exer ise 11.4 Verify that D(C ) 1 X (a)Z (b)D(C ) = X (a + aC )Z (b), and
that the map on E produ ed by D(C ) is independent of the hoi e of the
quadrati form QC .
Now O(V )W is generated by the X (A; A >) and the Y (C ) for A invertible
and C alternating.
As in Se tion 10.7, let Hm+1 be the tensor produ t H : : : H , so
1 X
Hm+1 (eb ) = p m+1 ( 1)bv ev :
2 v 2V
Then Hm+1 X (V )Hm+1 = Z (V ). And H~2 = I : : : I H2 normalizes E

and has the e e t on E of inter hanging xm+1 and zm+1 and xing the other
basis ve tors. Now let
L = hA;
~ D(C ); Hm+1 ; H~2 : A invertible, and C alternate (m +1) (m +1)i
Then we have L=E ' O(E ) as desired.

Exer ise 11.5 Verify that L=E ' O(E ).
The des ription of L\ is almost the same as that of L, ex ept that the
basis ve tors on whi h the transformations of L\ a t are the ev0 for v 0 2 V 0 .
N0
The di eren e is in the element of U (C ) produ ing what we'll all Y 0 (C 0 )
on F for C 0 a binary m m symmetri matrix. Rather than using C 0 to
de ne a quadrati form on V 0 , we instead de ne a map TC 0 : Zm 4 ! Z4 as
52
follows. Given vb0 2 Zm
4 , hoose v = (v1 ; : : : ; vm ) 2 Z2 with v vb (mod 2),
0 m 0 0
and let X X
TC 0 (vb0 ) = Cjj0 vj2 + 2 Cjk 0 vv;
j k
j j<k
where the Cij0 are the entries of C 0 , and the arithmeti is done mod 4. Now
we de ne D0 (C 0 ) in U (C N 0 ) by
0
D0 (C 0 )(ev0 ) = iTC0 (v ) ev0 for v 0 2 V 0 :
Exer ise 11.6 Verify that
D0 (C 0 ) 1 X (a0 )Z (b0 )D0 (C 0 ) = X (a0 + a0 C 0 )Z (b0 ):
Finally, let
L\ = hA;
~ D0 (C 0 ); Hn : A invertible and C 0 symmetri m mi:
Exer ise 11.7 Verify that L\ =F ' Sp(F ).

11.2 Orthogonal spreads and binary Kerdo k odes
In this se tion we on entrate on the orthogonal geometry of the 2(m + 1)-

dimensional GF(2) spa e E and use it to give a de nition of a binary Kerdo k
ode of length N = 2m+1 . Re all that we assume m is odd.
By Theorem 2.3, the spa e E ontains
2m (2m+1 + 1) 1 = (2m+1 1)(2m + 1)
totally singular 1-spa es. Clearly, ea h maximal totally singular subspa e of
E ontains 2m+1 1 singular 1-spa es.
If a set of 2m + 1 maximal totally singular subspa es of E partitions
the set of all singular 1-spa es, we all an orthogonal spread for E .
Let A be an abelian subgroup of E so that A is a maximal totally singular
subspa e of E . Let F (A) be the set of eigenspa es for A in R N . Re all from
the pre eding hapter that F (A) is an orthogonal frame for R N |a family of
N mutually orthogonal 1-spa es. For an orthogonal spread of E , let
F () = [ A 2 F (A);
a set of (2m + 1) 2m+1 1-spa es of R N .
53
We de ned a binary Kerdo k ode K(B) of length N = 2m+1 in terms
of a non-degenerate set B of alternate bilinear forms on a ve tor spa e V of
even dimension m + 1. We will give an alternative des ription of the ode
as a set K() of ve tors in ZN2 asso iated with an orthogonal spread of E
and with the hoi e of a distinguished element W of .
First note that by repla ing by a suitable image under L (whi h is
transitive on ordered pairs of su h spa es sin e it indu es O(V ) on E ), we
may assume that the two maximal totally singular spa es U = X (V ) and
W = Z (V ) are in . By Proposition 9.5(a), ea h spa e A 2 n fW g has
the form A = UY (C ) for a unique alternate (m + 1) (m + 1) matrix C ; in
other words, A = D(C ) 1X (V )D(C ). >From Example 10.3, we know that
( )
X
F (X (V )) = h ( 1)bv ev i : b 2 V ;
2
v V
from whi h it follows that

( )
X
F (A) = h ( 1)bv D(C )(ev )i : b 2 V :
v V 2
Sin e D(C ) takes ev to ( 1)QC (v) ev , where QC is a quadrati form on V
polarising to the alternate form BC (v; w) = vCw>, we may write
( )
X
F (A) = h ( 1) v ev i : v = QC (v ) + b v; b 2 V :
2
v V
Somewhat abuse notation and regard fev : v 2 V g as a basis for ZN2 as

well as for R N .
Let be an orthogonal spread of E . We say the following set K() of
ve tors in ZN2 is a binary Kerdo k ode of length N = 2m+1 :
( )
X X
K() = e :
v v ( 1) v ev 2 F () :
2
v V 2
v V
(This notation suppresses the dependen e on the distinguished element W =

Z (V ) in .) P
Allowing for multipli ation by ( 1), we see that for ea h ve tor v2V v ev
in K(), we have v = QC (v ) + b v + for xed b 2 V and 2 Z2. Thus
jK()j = (jj 1) jV j jZ2j = 2m 2m+1 2 = 22m+2 :
54
Now we onne t the two des riptions of the binary Kerdo k ode. Distin t
elements A1 and A2 of n Z (V ) orrespond to alternating matri es C1 and C2
whose di eren e is invertible. In other words, the set of matri es C o urring
in the de nition of K() orresponds to a non-degenerate set of alternating
bilinear forms on V of ardinality 2m . In fa t, a Kerdo k set of matri es
is a set of 2m binary alternating (m + 1) (m + 1) matri es su h that the
di eren e of any two is invertible.
The set of quadrati forms polarising to the alternating form BC on V
is given by fQC + ' : ' 2 V g, for a xed hoi e of QC , where V is the
dual spa e of V . But we may P take V = f'b : b 2 V g, where 'b (v ) = b v .
Finally, we identify the ve tor v2V v ev with the fun tion on V taking v to
v to omplete the equivalen e of the two de nitions.
11.3 Symple ti spreads and quaternary Kerdo k odes
Now we turn to the symple ti geometry of F ' Z22m and use it to de ne a

Z4 Kerdo k ode whi h, we will show in the next se tion, maps via the Gray
map onto the binary Kerdo k ode of the previous se tion.
The spa e F has 22m 1 = (2m + 1)(2m 1) 1-spa es, ea h of whi h is
totally isotropi (sin e v v = 0 for every v 2 F ). Ea h maximal totally
isotropi subspa e of F has 2m 1 isotropi 1-spa es.
A set 0 of 2m +1 maximal totally isotropi subspa es of F is a symple ti
spread if it partitions the set of all totally isotropi 1-spa es of F .
Choose an abelian subgroup A0 < F so that A0 is maximal totally isotropi ,
and let FC (A0 ) be the set of eigenspa 0 es of A0 ; this set of N 0 = 2m omplex
1-spa es forms a unitary frame for C N | that is, it0 is a set of perpendi ular
1-spa es with respe t to the Hermitian form on C N .
For a symple ti spread 0 , let
[
F (0) = F (A0);
0 20
A
a set of 2m (2m + 1) 1-spa es of C N 0 .

As in the previous se tion, without loss of generality, we may assume our
symple ti spread 0 ontains U 0 = X (V 0 ) and W 0 = Z (V 0 ). By Proposition
9.6, ea h A0 in 0 n fW 0 g has the form U 0 Y 0 (C 0 ) for a unique symmetri
55
matrix C 0 , and A0 = D0 (C 0 ) 1 X (V 0 )D0 (C 0 ) gives
( )
X 0 0
F (A0) = h ( 1)b v D0 (C 0 )(ev0 ) i : b0 2 V 0 :
v 0 2V 0
Now D0 (C 0 ) takes ev0 to iTC0 (v0 ) ev0 , where

X X
TC 0 (v 0 ) = Cjj0 vj2 + 2 0 vv 2Z :
Cjk j k 4
j j<k
Using ( 1)b0 v0 = (i2)b0 v0 , we may write

( )
X
F (A0 ) = h idv0 ev0 i : dv0 = TC 0 (v 0 ) + 2b0 v 0 ; b0 2 V :
v 0 2V 0
Somewhat 0abuse notation and regard fev0 : v 0 2 V 0 g as a basis for ZN4 0 as

well as for C N .
Let 0 be an symple ti spread of F . Let
( )
X X
K4 (0 ) = dv0 ev0 : idv0 ev0 2 F (0) :
v 0 2V 0 v 0 2V 0
We all this set of ve tors in ZN4 0 a Z4-Kerdo k ode; it has length 2N 0 =

(1=2)2N , N 0 = 2m , m odd. (This notation suppresses the dependen e on the
distinguished element W 0 = Z (V 0 ) in 0 .) We don't all this a quaternary
ode be ause K4 (0 ) is not always Z4-linear. P
Allowing for multipli ation by i, we see that for ea h ve tor v0 2V 0 dv0 ev0
in K4 (0 ), we have dv0 = TC 0 (v 0 ) + 2b0 v 0 + 0 for xed b0 2 V 0 and 0 2 Z4.
Thus
jK4(0 )j = (j0j 1) jV 0 j jZ4j = 2m 2m 4 = 22m+2 :
We would like to relate the Z4 ode K4 (0 ) to the Z2 ode K() of
the previous se tion. To do this, we will work in E to de ne a map from
symple ti spreads 0 of F to orthogonal spreads of E .
Re all that ! is in E , and write ! for the orresponding ve tor in E and
h!i for the subspa e of ve tors orthogonal to ! with respe t the symple ti
?
form on E . Let be the natural map from E to E=h!i. Sin e F is the
entraliser of ! in E and h! i is the enter of F , we an identify the 2m-
dimensional binary spa e F with (h!i?).
56
We have symple ti bases
fx1; : : : ; x
m +1 ; z1 ; : : : ; zm+1 g of E
and
fx1; : : : ; x ; z1; : : : ; z g of F
m m
orresponding to the dire t sums E = X (V ) Z (V ) and F = X (V 0 ) Z (V 0 ).

Given a maximal totally isotropi subspa e A0 of F , there is a unique maximal
totally singular subspa e A of E su h that A \ Z (V ) = f0g and
(A \ h!i?) = A0 :
Moreover, if A0 = X (V 0 )Y 0 (C 0 ), then A = X (V )Y (C ), where
0 0> 0 0>
C = C + dd((CC)0 ) d(C ) d(C0 ) ;
and the (n 1)-tuple d(C 0 ) = ( 011 ; : : : ; 0n 1;n 1) onsists of the diagonal

entries of C 0 .
Now, de ne by
n o[n o
= Z (V ) A : A \ Z (V ) = f0g; (A \ h!i?) = A0 2 0 :
We all the lift of 0 ; note that is an orthogonal spread of E .

Exer ise 11.8 Show that the 2m totally singular m +1-spa es in interse t
pairwise in f0g, and therefore is an orthogonal spread of E .
Let us summarize where we are so far. Starting with the symple ti spread
0 in the 2m-dimensional binary symple ti spa e F ' (h!i?) we obtain
the Z4-Kerdo k ode K4 (0 ) of length 2m . The lift of 0 is an orthogonal
spread in the 2(m + 1)-dimensional binary orthogonal spa e E , and from
it we obtain the binary Kerdo k ode K() of length 2 2m . In the next
se tion, we show that the Gray map takes K4 (0 ) to K().
Now we quote without proof the following theorem from [5℄.
Theorem 11.2 The Gray map sends K4 (0 ) to K().
57
Referen es
[1℄ M. As hba her, Finite Group Theory, Cambridge Studies in Advan ed

Mathemati s 10, Cambridge University Press, Cambridge, 1994.
[2℄ T. D. Bending, Ph.D. thesis, University of London, 1993.
[3℄ T. D. Bending and D. G. Fon-Der-Flaass, Crooked fun tions, bent fun -
tions, and distan e-regular graphs, Ele troni Journal of Combinatori s
5 (1998), #R34, 14pp. Available from
http://www. ombinatori s.org/Volume 5/v5i1to .html.
[4℄ C. H. Bennett and P. W. Shor, Quantum information theory, IEEE

Transa tions on Information Theory (1998).
[5℄ A. R. Calderbank, P. J. Cameron, W. M. Kantor and J. J. Seidel, Z4-
Kerdo k odes, orthogonal spreads, and extremal Eu lidean line sys-
tems, Pro eedings of the London Mathemati al So iety (3) 75 (1997),
436{480.
[6℄ A. R. Calderbank, E. M. Rains, P. W. Shor and N. J. A. Sloane, Quan-
tum error orre tion via odes over GF(4), IEEE Transa tions on In-
formation Theory 44 (1998), 1369{1387.
[7℄ A. R. Calderbank, E. M. Rains, P. W. Shor and N. J. A. Sloane, Quan-
tum error orre tion and orthogonal geometry, Physi al Review Letters,
78 (1997), 405{409.
[8℄ P. J. Cameron and J. H. van Lint, Designs, Graphs, Codes and their
Links, London Mathemati al So iety Student Texts 22, Cambridge Uni-
versity Press, Cambridge, 1991.
[9℄ P. J. Cameron and J. J. Seidel, Quadrati forms over GF(2), Pro . Kon.
Nederl. Akad. Wetens h. (A) 76 (1973), 1{8.
[10℄ R. W. Carter, Simple Groups of Lie Type, Wiley Inters ien e, New York,
1972.
[11℄ R. Cleve and D. Gottesman, EÆ ient omputations of en odings for
quantum error orre tion, Physi al Review A, 56 (1997) 76{82.
58
[12℄ J. H. Conway, R. T. Curtis, S. P. Norton, R. A. Parker, and R. A. Wilson,
A TL A S of Finite Groups, Oxford University Press, Oxford, 1985.
[13℄ A. M. Gleason, Weight polynomials of self-dual odes and

the Ma Williams identities, A tes du Congres International de
Mathematique (vol. 3), 211{215.
[14℄ D. Gottesman, Class of quantum error- orre ting odes saturating the
quantum Hamming bound, Physi al Review A, 54 (1996), 1862{1868.
[15℄ A. R. Hammons Jr., P. V. Kumar, A. R. Calderbank, N. J. A. Sloane and
P. Sole, The Z4-linearity of Kerdo k, Preparata, Goethals and related
odes, IEEE Transa tions on Information Theory 40 (1994), 301{319.
[16℄ W. M. Kantor, Symmetri designs, symple ti groups, and line ovals,
Journal of Algebra 33 (1975), 43{58.
[17℄ A. M. Kerdo k, A lass of low-rate nonlinear binary odes, Information
and Control 20 (1972), 182{187.
[18℄ F. J. Ma Williams and N. J. A. Sloane, The Theory of Error-Corre ting
Codes, North-Holland Publishing Co., Amsterdam, 1977.
[19℄ C. Parker, E. Spen e and V. D. Ton hev, Designs with the symmetri
di eren e property on 64 points and their groups, Journal of Combina-
torial Theory (A) 67 (1994), 23{43.
[20℄ H. S. Pollatsek, First ohomology groups of some linear groups over elds
of hara teristi two, Illinois Journal of Mathemati s (3) 15 (1971),
393{417.
[21℄ D. A. Pree e and P. J. Cameron, Some new fully-balan ed Grae o-Latin
Youden `squares', Utilitas Math. 8 (1975), 193{204.
[22℄ J. Preskill, Le ture notes for Physi s 229 at Calte h,
http://theory. alte h.edu/~ preskill/ph229.
[23℄ O. S. Rothaus, On \bent" fun tions, Journal of Combinatorial Theory
(A) 20 (1976), 300{305.
59
[24℄ P. W. Shor, Polynomial-time algorithms for prime fa torization and dis-
rete logarithms on a quantum omputer, SIAM Journal on Computing
26 (1997), 1484{1509.
[25℄ P. W. Shor, Quantum Computing, Do umenta Mathemati a, spe ial

ICM 1998 volume, I, 476{486. Available at
http://www.mathematik.uni-bielefeld.de/DMV-J/xvol-i m/
00/Shor.MAN.dvi.
[26℄ N. J. A. Sloane, Weight enumerators of odes, pp. 115{142 in Combi-

natori s (ed. M. Hall Jr. and J. H. van Lint), NATO ASI Series C16,
Reidel, Dordre ht, 1975.
60

Cameroun Coding

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cameroun Coding

Uploaded by

Copyright:

Available Formats

Finite geometry and oding theory

We illustrate this theorem by al ulating the weight enumerators of Ham-

aj (x2 + y 2 )(n 8j )=2 (x8 + 14x4 y 4 + y 8)j

for some a 2 Q , j 2 f0; : : : ; bn=24 g.

Proof (a) For 1  i  n, let di ( ) = 0 if v and agree in the ith oordinate,

and if C has strength 2, then

(b) Let Q be a quadrati form of type +1 (that is, of Witt index n) on a

Lemma 3.1 Any fun tion from V to Z2 an be represented as a polynomial

But, if a = (a1 ; : : : ; an ), then we have

(b), there is a monomial of degree n r not orthogonal to f ; we may suppose

5 Bent fun tions

We have seen that, if Q is a quadrati form whi h polarises to a bilinear form

ode, where 2m is the minimum rank of the di eren e of two forms in B. In

Some in nite families of systems of linked symmetri BIBDs (or SLSDs,

(Note that x2n = x for all x 2 K .)

8 Extraspe ial 2-groups

Why the tensor produ t? Peter Shor [25℄ says:

We see that quantum omputing is a te hnology with very great potential

11.1 Orthogonal and symple ti geometry

Then Hm+1 X (V )Hm+1 = Z (V ). And H~2 = I : : : I H2 normalizes E

Then we have L=E ' O(E ) as desired.

Exer ise 11.7 Verify that L\ =F ' Sp(F ).

In this se tion we on entrate on the orthogonal geometry of the 2(m + 1)-

from whi h it follows that

Somewhat abuse notation and regard fev : v 2 V g as a basis for ZN2 as

(This notation suppresses the dependen e on the distinguished element W =

11.3 Symple ti spreads and quaternary Kerdo k odes

Now we turn to the symple ti geometry of F ' Z22m and use it to de ne a

a set of 2m (2m + 1) 1-spa es of C N 0 .

Now D0 (C 0 ) takes ev0 to iTC0 (v0 ) ev0 , where

Using ( 1)b0 v0 = (i2)b0 v0 , we may write

Somewhat 0abuse notation and regard fev0 : v 0 2 V 0 g as a basis for ZN4 0 as

We all this set of ve tors in ZN4 0 a Z4-Kerdo k ode; it has length 2N 0 =

orresponding to the dire t sums E = X (V )  Z (V ) and F = X (V 0 )  Z (V 0 ).

and the (n 1)-tuple d(C 0 ) = ( 011 ; : : : ; 0n 1;n 1) onsists of the diagonal

We all  the lift of 0 ; note that  is an orthogonal spread of E .

[1℄ M. As hba her, Finite Group Theory, Cambridge Studies in Advan ed

[4℄ C. H. Bennett and P. W. Shor, Quantum information theory, IEEE

[13℄ A. M. Gleason, Weight polynomials of self-dual odes and

[25℄ P. W. Shor, Quantum Computing, Do umenta Mathemati a, spe ial

[26℄ N. J. A. Sloane, Weight enumerators of odes, pp. 115{142 in Combi-

You might also like

Proof (a) For 1 i n, let di ( ) = 0 if v and agree in the ith oordinate,

orresponding to the dire t sums E = X (V ) Z (V ) and F = X (V 0 ) Z (V 0 ).

We all the lift of 0 ; note that is an orthogonal spread of E .