arXiv:1404.7739v3 [cs.IT] 12 Apr 2015 ehiusadsm ftervrat r h ankontool known main the are variants their of some and techniques { fcetyfrteproeo oig o subspace a For coding. of purpose the for efficiently omtodfeetsbpcs usaecode subspace A subspaces. different two form hs oe,a ela fcetdcdn algorithms. decoding efficient as well as codes, these hs oe eeltrson[0 ob eae ootmlran optimal to related be to [20] shown later were codes These 555ad240258. and 257575 7,[8,[1,priual ncntutoso ag cod large of constructions in particularly in [21], the use [18], renewed be [7], codes may subspace codes of subspace application how This shown erasures. was it where [13], in given oe) htis, that codes), fsbpcsfrom subspaces of h set The coefficient hc a ese stevco pc fdimension of space vector the as seen be may which Gasana nsot over short) in (Grassmannian w ocps ie o-eaieinteger non-negative a Given concepts. two αv usaePlnmasadCci usaeCodes Subspace Cyclic and Polynomials Subspace † h uhr r ihteDprmn fCmue cec,Tec Science, Computer of Department e-mail: the with are authors The ∗ h oko eae ai spr fhsP..tei performe thesis Ph.D. his of part is Raviv Netanel of work The twspeiul ugse 5,[] 1]that [14] [9], [5], suggested previously was It n[3 oe osrcino ag usaecdsusing codes subspace large of construction novel a [13] In usaecdsadcntn ieso oe aeattracted have codes dimension constant and codes Subspace Let hsrsac a upre npr yteErpa Communit European the by part in supported was research This hsrsac a upre npr yteIreiSineFo Science Israeli the by part in supported was research This epeetsm osrcin fsc oe hc r cyclic are which codes such subs of represent constructions to some way new present const We a provide introduce and further codes We cyclic orbits. such full consider we paper this c In possible are codes subspace cyclic particular, In coding. | F v q { P usaecdshv eevda nraigitrs recent interest increasing an received have codes Subspace ∈ eli,etzion,arielga,netanel etefiiefil fsize of field finite the be q  ( V n k n  } ) q h set The . h e falsbpcsof subspaces all of set The . C sedwdwt h metric the with endowed is G ⊆ P q q ( n ( ) ,k n, αV nti ae ewl emil neetdin interested mainly be will we paper this In . } ) l Ben-Sasson Eli sceryasbpc ftesm ieso as dimension same the of subspace a clearly is @cs.technion.ac.il. o some for F q hc sdntdby denoted is which , q n let and , k ≤ k F d n q ( † ≤ F . n ,V U, q ∗ uiEtzion Tuvi n C scle the called is , h e fall of set the , ylcsbpc codes subspace cyclic scalled is dim = ) F nain(S) euae,Ire,udrGat10/12. Grant under Israel, Jerusalem, (ISF), undation no,Hia3003 Israel. 3200003, Haifa hnion, .I I. tteTechnion. the at d q n V { \ niae o ag oe ihefiin noigaddecodi and encoding efficient with codes large for andidates ’ eet rmwr rgam F720-03 ne gra under (FP7/2007-2013) Programme Framework Seventh y’s G over swt ro orcincpblt,efiin noigalg encoding efficient capability, correction error with es NTRODUCTION q G ∈ 0 Abstract ( } ,k n, aecdsb ls fplnmascle usaepolynom subspace called polynomials of class a by codes pace U cyclic For . ∗ eeti ievreyo rbesrltdt etrspaces vector to related problems of variety wide a in terest rjciespace projective F q ydet hi plcto nerrcreto o admn random for error-correction in application their to due ly utoso pia oe o hc hi oeod ontha not do codewords their which for codes optimal of ructions ierzdpolynomials linearized n nlz hi parameters. their analyze and re Gabizon Ariel dim + q ( o osrcigsbpc codes. subspace constructing for s ) ,k n, -erccdstruha prto called operation an through codes k-metric yaueo oain ewl o itnus ewe these between distinguish not will we notation, of abuse By . k h ieof size The . o frsac ntels ih er.Temtvto was motivation The years. eight last the in research of lot a dmninlsbpcsof subspaces -dimensional n ffrevery for if ) ∈ nrno ewr oigfrcreto ferr and errors of correction for coding network random in d V and N − osatdimension constant eoeby denote a rsn sflsrcueta a eapplied be can that structure useful a present may α dim( 2 ∈ forder of V † G α F q w ylcsit r called are shifts cyclic Two . eae Raviv Netanel q ∗ ∈ U ( n ,k n, F F edfiethe define we ∩ q ∗ q (a.k.a. n V n ) n sgvnb h elkonGaussian well-known the by given is ) n every and h edetnino degree of extension field the over usaecd sacollection a is code subspace A . F p oe cle loGrassmannian also (called codes F plnmas[9)i presented. is [19]) -polynomials q n q ∗ om a forms 9 n sdntdby denoted is and [9] ylcshift cyclic V ∈ C Grassmannian ehave we tareet number agreements nt lifting galgorithms. ng of distinct V hs two These . rtm for orithms etwork αV as ials. n ve P sthey is αV ∈ of space q ( C [1], n F , . C ) q 1 . 2

In [9], [14] several examples of optimal cyclic subspace codes with small dimension were found. In [5] an optimal code which also forms a q-analog of Steiner system was presented. This code has an automorphism group which is generated by a cyclic shift and the Frobenius mapping (known together also as a normalizer of a Singer subgroup [5],[12, pp. 187-188]). These codes raised the plausible conjecture that large cyclic codes may be constructed in any dimension. However, the current approaches for construction of subspace codes fall short with handling cyclic codes. In this paper we aim at establishing new general techniques for constructions of cyclic codes. In [22] a thorough algebraic analysis of the structure of cyclic orbit codes is given. One class of such codes is the cyclic codes. However, no nontrivial construction is given. In [10] a construction of cyclic codes with degenerated orbit (of size less qn−1 than q−1 ) is given. This construction produces a subcode of some codes in our work (see Section III-B). Both [10] and [22] raised the following conjecture:

qn−1 Conjecture 1. For every positive integers n, k such that k < n/2, there exists a cyclic code of size q−1 in Gq (n, k) and minimum distance 2k − 2.

Notice that for k >n/2+1, a minimum distance of 2k − 2 is clearly not possible. The original conjecture [22] considered k ≤ n/2. However, an exhaustive search which was used in [10] proved that the conjecture is false for n =8, k =4, q =2. When k

II. SUBSPACES AND THEIR SUBSPACE POLYNOMIALS

For the rest of this paper k and n will be positive integers such that 2

Definition 1. A linearized polynomial was defined by Ore [19] as follows:

[k] [k−1] [1] P (x) , ak · x + ak−1 · x + ··· + a1 · x + a0 · x where the coefficients are in the finite field Fqn .

Linearized polynomials have numerous applications in classic coding theory (e.g., [17, Chapter 4]). It is widely known that the roots of any linearized polynomial form a subspace in some extension of Fqn (seen as a vector space over Fq) and for every V ∈ Gq (k,n), the polynomial v∈V (x − v) is a linearized polynomial [17, p. 118]. We will be particulary interested in linearized polynomials that have simpleQ roots with respect to some field Fqn .

Definition 2. [3], [4], [6], [23] A monic linearized polynomial P with coefficients in Fqn is called a subspace polynomial with respect to Fqn if the following equivalent conditions hold: 1) P divides x[n] − x.

2) P splits completely over Fqn and all its roots have multiplicity 1.

From now on, we shall omit the notation of Fqn whenever it is clear from context. The first two lemmas are trivial and well known. The simplicity of the roots of a subspace polynomial (and in particular, the simplicity of 0) gives rise to the following lemma.

Lemma 1. In any subspace polynomial, the coefficient of x is non-zero. Conversely, every linearized polynomial with non-zero coefficient of x is a subspace polynomial in its splitting field.

Proof: It is readily verified that 0 is a root of multiplicity 1 if and only if the coefficient of x is non-zero. Therefore, if P is a subspace polynomial, all of his roots are of multiplicity 1 (see Definition 2), including 0. On the other hand, if Q is a linearized polynomial with a non-zero coefficient of x, then by [15, Theorem 3.50, p. 108], all the roots of Q have multiplicity 1.

It also follows from Definition 2 that for a given V ∈ Gq (n, k) the polynomial v∈V (x − v) is the unique subspace polynomial whose set of roots is V , which leads to the following lemma. Q

Lemma 2. Two subspaces are equal if and only if their corresponding subspace polynomials are equal.

Lemma 2 allows us to denote by PV the unique subspace polynomial corresponding to a given subspace V .

Example 1. Let t be a positive integer such that t|n. It is known that Fqt is a subfield (in particular, a subspace) of Fqn . [t] The subspace polynomial of F t is F . q P qt (x)= x − x

The connection between linearized polynomials and subspace polynomial is given by the following two claims.

Theorem 1. [15, Theorem 3.50, p. 108] If P is a linearized polynomial whose splitting field is Fqn , then each root of P in Fqn has the same multiplicity, which is a non-negative power of q, and the roots form a linear subspace of Fqn .

∗ Lemma 3. If P (x) is a linearized polynomial with a leading coefficient α 6=0 and the splitting field of P (x) is Fqn , then [t] P (x)= αPV (x) for some subspace V in Fqn and some t ∈ N.

∗The leading coefficient of a polynomial is the coefficient of the monomial with the highest degree. 4

Proof: According to Theorem 1, all the roots of P are of the same multiplicity qt for some t ∈ N, and these roots form a subspace V of Fqn . Hence, [t] [t] [t] P (x)= α (x − v) = α (x − v) = αPV (x) . ∈ ∈ ! vYV vYV

In the sequel, we show several connections between the coefficients of subspace polynomials and properties of the respective subspaces. One of the main tools in our analysis is the difference between the indices of the two topmost non-zero coefficients:

[k] i [j] , Definition 3. For V ∈ Gq (n, k) and PV (x)= x + j=0 αj x , where αi 6=0, let gap(V ) k − i. P As the following lemma illustrates, the gap of two subspace induces a lower bound on their related distance.

Lemma 4. If V ∈ Gq (n, k1) and U ∈ Gq (n, k2) are two distinct subspaces such that k1 ≤ k2 and t [k1] [j] PV (x) = x + αj x j=0 X s [k2] [j] PU (x) = x + βj x , j=0 X such that αt 6=0 and βs 6=0, then dim (U ∩ V ) ≤ max(s,t + k2 − k1).

[i] [i] [i] Proof: According to the properties of Fqn , for all α, β ∈ Fqn and for all i ∈ N we have that (α + β) = α + β , and therefore t [k2−k1] [k2] [k2−k1] [j+k2 −k1] PV (x) = x + αj x . j=0 X [k2−k1] † Since the polynomials PV , PV have the same set of roots, and since the roots of PU are simple, it follows that gcd(PV , PU )= [k −k ] 2 1 , [k2−k1] gcd(PV , PU ). Hence, if Q(x) PU (x) − PV (x) then

[k2−k1] gcd(PV , PU ) = gcd(PV , PU )

[k2−k1] [k2−k1] = gcd(PV , PU (mod PV ))

[k2−k1] [k2−k1] = gcd(PV ,Q(mod PV )).

Since deg Q ≤ max([s], [t + k2 − k1]), it follows that

[k2−k1] [k2−k1] logq deg gcd(PV ,Q(mod PV )) ≤ max(s,t + k2 − k1), and hence dim(U ∩ V ) ≤ max(s,t + k2 − k1). A special case of Lemma 4, where the subspaces U and V are of the same dimension k, provides the following useful corollaries.

Corollary 1. If U, V ∈ Gq (n, k) then dim(U ∩ V ) ≤ k − min(gap(U), gap(V )).

Corollary 2. If U, V ∈ Gq (n, k) then d(U, V ) ≥ 2 min(gap(U), gap(V )).

†gcd(s, t) stands for the greatest common denominator of the elements s, t. 5

Remark 1. Corollary 2 is not tight, i.e., there exists subspaces U, V ∈ Gq (n, k) where gap(V )= gap(U)=1 and d(U, V )= 7 2k − 2. For example, let γ be a root of x + x +1=0, and use this primitive polynomial to generate F27 . The following polynomials are subspace polynomials of U, V ∈ G2 (7, 3) for which gap(U) = gap(V )=1 and d(U, V )=2 · 3 − 2 · 1=4. In particular, U and V are cyclic shifts of each other.

[3] [2] 6 4 3 [1] 3 2 PU (x) = x + x + (γ + γ + γ + γ + 1)x + (γ + γ + γ + 1)x

[3] 2 [2] 6 4 [1] 5 4 PV (x) = x + (γ + 1)x + (γ + γ + γ + 1)x + (γ + γ + γ)x

Aside from cyclic shifts we will also use the well known Frobenius mapping F i as a method to increase the size of the i i [i] codes. For an element α ∈ Fqn and i ∈{0,...,n − 1}, the Fq-mapping F is defined as F (α)= α (see [15, p. 75]). For a subspace V and i ∈{0,...,n−1} the ith Frobenius shift of V is defined as F i(V ) , {v[i] | v ∈ V }. Since the function F i is an automorphism, it follows that the set F i(V ) is a subspace of the same dimension as V . We now characterize the subspace polynomials of the subspaces resulting from these mappings.

F∗ [k] −1 [k] i [j] Lemma 5. If V ∈ Gq (n, k) and α ∈ qn then PαV (x) = α · PV (α x). That is, if PV (x) = x + j=0 αj x then [k] i [k]−[j] [j] PαV (x)= x + j=0 α αj x . P P Proof: By definition,

PαV (x) = (x − u) ∈ uYαV = (x − αv) ∈ vYV = α[k] (α−1x − v) ∈ vYV [k] −1 = α · PV (α x) i [k] [k]−[j] [j] = x + α αj x . j=0 X

[k] i [j] [k] Lemma 6. If V ∈ Gq (n, k) and PV (x) = x + j=0 αj x then for all s ∈ {0,...,n − 1}, PF s(V )(x) = x + i s [j] j=0 F (αj )x . P P Proof: If s ∈{0,...,n − 1} and u ∈ F s(V ) then u = F s(v) for some v ∈ V . Since F s is an automorphism, it follows that i i [k] s [j] s [k] s s [j] u + F (αj )u = F (v) + F (αj )F (v) j=0 j=0 X X i i = F s(v[k])+ F s(α v[j])= F s v[k] + α v[j] j  j  j=0 j=0 X X   s s s = F (PV (v)) = F (v − w) = F (0) = 0. ∈ ! wYV s [k] i s [j] Therefore all elements of F (V ) are roots of x + j=0 F (αj )x . Since the degree of this polynomial is [k], the claim follows. P 6

The next lemma shows a connection between the coefficients of the subspace polynomial of a given subspace V ∈ Gq (n, k) and the number of its distinct cyclic shifts. To formulate our claim, we need the following equivalence relation.

F∗ Definition 4. For α, β ∈ qn and an integer t which divides n, the equivalence relation ∼t is defined as follows α α ∼ β ⇐⇒ ∈ F t . t β q F∗ F∗ F∗ F∗ F∗ F∗ Clearly, if α ∼t β then α ∈ β qt ∩α qt , and since all the cyclic shifts of qt in qn are disjoint, it follows that β qt = α qt . F∗ F∗ qn−1 Hence, the equivalence classes under this relation are all the cyclic shifts of qt in qn . Therefore, there are exactly qt−1 t equivalence classes of ∼t , each of which is of size q − 1.

[k] i [j] Lemma 7. Let V ∈ Gq (n, k) and PV (x) = x + j=0 αj x . If αs 6= 0 for some s ∈ {1,...,i} and gcd(s,n) = t then F∗ ≁ αV 6= βV for all α, β ∈ qn such that α t β. P

F∗ ≁ Proof: Assume for contradiction that αV = βV for some α, β ∈ qn , where α t β. By Lemma 5 i [k] [k]−[j] [j] PαV (x) = x + αj · α x j=0 X i [k] [k]−[j] [j] PβV (x) = x + αj · β x . j=0 X The equality αV = βV , together with Lemma 2, imply that

[k]−[s] [k]−[s] αsα = αsβ  , [k]−1 [k]−1  α0α = α0β and since α0 6=0 by Lemma 1, it follows that [k]−[s] α β = 1  [k]−1 .  α   β = 1

  [s]−1  α α n s By dividing the second equation by the first equation, we get β = 1. Hence, ord( β )| gcd(q − 1, q − 1). It is well Z n s gcd(n,s)   α gcd(n,s) known that in qn−1, gcd(q − 1, q − 1) = q − 1 (e.g., [11, p. 147, s. 38]). Therefore, ord( β )|q − 1, which α F implies that β ∈ qt since t = gcd(n,s), and hence α ∼t β, a contradiction.

[k] i [j] Corollary 3. Let V ∈ Gq (n, k) and PV (x) = x + j=0 αj x . If αs 6= 0 for some s ∈ {1,...,i} with gcd(s,n) = t qn−1 then V has at least qt−1 distinct cyclic shifts. P

To construct codes with more than one orbit using the Frobenius automorphism, one would like to find a sufficient condition that a certain Frobenius shift is not a cyclic shift. Such a condition can be derived for the special case, where the subspace polynomial is a certain trinomial. The proof of the following lemma is deferred to Appendix A.

[k] [1] F∗ Lemma 8. If V ∈ Gq (n, k) and PV (x)= x + α1x + α0x, where α1 6=0, then there exists α ∈ qn , i ∈{0,...,n − 1} such that F i(V )= αV if and only if qi−1 qk −q α q−1 0 =1 . qk −1  q−1  α1   7

III. CYCLIC SUBSPACE CODES

In this section some constructions of cyclic subspace codes are provided. We distinguish between two cases. In Subsec- tion III-A we discuss codes whose codewords have a full length orbit. In Subsection III-B codes whose codewords do not have a full length orbit are discussed.

F∗ Definition 5. Given a subspace V ∈ Gq (n, k), the set {αV |α ∈ qn } is called the orbit of V . The subspace V has a full F∗ qn−1 length orbit if |{αV |α ∈ qn }| = q−1 . If V does not have a full length orbit then it has a degenerate orbit.

Note, that a cyclic code with a full length orbit cannot have a minimum distance 2k. This is a simple observation from the F∗ qk −1 fact that each element α ∈ qn appears in exactly q−1 codewords. We will give several simple related results on subspaces and the size of their orbits. The first claim may be extracted from [10, Corollary 3.13]. For completeness we include a shorter self-contained proof.

F∗ qn−1 Lemma 9. If V ∈ Gq (n, k) then |{αV | α ∈ qn }| = qt−1 for some t which divides n.

ℓ n Proof: Let γ be a primitive element in Fqn and let ℓ ∈ N be the smallest integer such that γ V = V . Clearly, ℓ|q −1 and s iℓ+s it is readily extracted that each i ∈ N and each 0 ≤ s<ℓ satisfy γ V = γ V . Furthermore, for every s1,s2 ∈{0,...,ℓ−1}

, iℓ+sj N i1·ℓ i2·ℓ N iℓ N the sets Asj {γ | i ∈ } satisfy |As1 | = |As2 |. Let γ ,γ ∈ A0 for some i1,i2 ∈ . Since A0 = {γ | i ∈ } it follows that γi1·ℓ + γi2·ℓ V ⊆ γi1·ℓV + γi2·ℓV = V + V = V,

i1·ℓ i2·ℓ
and hence γ + γ ∈ A0, that is, A0 is closed under addition. Since A0 is also closed under multiplication, it follows F F F∗ qn−1 that A0 is the multiplicative group of some subfield qt of qn . Therefore, |{αV | α ∈ qn }| = ℓ = qt−1 . qn−1 An immediate consequence of Lemma 9 is that the largest possible size of an orbit is q−1 , which justifies Definition 5. As will be shown in the sequel (see Section III-B), the parameter t from Lemma 9 must also divide k. A formula for the number of orbits of each possible size is given in [8]. Most of the k-dimensional subspaces of Fqn have full length orbits. The main goal in constructing cyclic codes is to obtain as many orbits as possible in the code. This task will be left for future work. In this work we consider first the existence of cyclic codes with one full length orbit and cyclic codes with multiple full length orbits. Later, we consider the largest cyclic codes for which all the orbits are degenerate.

A. Codes with Full Length Orbits

Lemma 10. [17, p. 107, Theorem 10] The polynomial Q(x) , x[n] − x is the product of all monic irreducible polynomials over Fq with degree dividing n.

k [k]−1 [1]−1 [k] [1] Theorem 2. If q −1 divides n and x +x +1 is irreducible over Fq then the polynomial x +x +x is a subspace polynomial with respect to Fqn .

[k]−1 [1]−1 [k]−1 [1]−1 Proof: Assume that x + x +1 is irreducible over Fq and its degree divides n. By Lemma 10 x + x + [k] [1] qk q 1|Q(x), and hence x + x + x|Q(x). Therefore, x + x + x is a subspace polynomial (see Definition 2), i.e., PV (x)= x[k] + x[1] + x for some subspace V .

k [k]−1 [1]−1 Corollary 4. If q −1 divides n, x +x +1 is irreducible over Fq, and V ∈ Gq (n, k) is the subspace whose subspace [k] [1] C , F∗ qn−1 polynomial is x + x + x, then αV | α ∈ qn is a cyclic subspace code of size q−1 and minimum distance at  8 least 2k − 2.

q qn−1 C Proof: According to Corollary 3, since the coefficient of x in PV is nonzero, there are q−1 distinct cyclic shifts in . By Lemma 5 and Corollary 2, the minimum distance of C is at least 2k − 2. Although there exists an extensive research on irreducible trinomials over finite fields (e.g., [24]), no explicit construction of irreducible trinomials of the above form is known. However, the following examples were easily found using a computer search.

2k −1 Example 2. Since the polynomials x + x +1 are irreducible over F2 for all k ∈ {2, 3, 4, 6, 7, 15}, it follows that the 2k 2 k polynomial x + x + x is a subspace polynomial of a subspace V ∈ G2 (2 − 1)t, k for all t ∈ N. Therefore, the code k C , {αV | α ∈ F∗ } is cyclic code of size 2t·(2 −1) − 1 and minimum distance 2k − 2 in G (2k − 1)t, k . q(2k −1)t
2
By using a similar approach we have that for any k and q, cyclic codes in Gq (n, k) can be explicitly constructed for infinitely many values of n. The construction will make use of the following lemma.

t αi F F Lemma 11. If f(x)= i=1 pi (x) is a polynomial over q and p1(x),...,pt(x) are its irreducible factors in q then f(x) F t ‡ splits completely in qnQfor n = lcm{deg pi(x)}i=1.

Proof: According to [15, Corollary 2.15, p. 52], the splitting field of an irreducible polynomial of degree m over Fq is , Fqm . Therefore, for each i =1,...,t, the splitting field of pi is Fqni , where ni deg pi. For any i, the only finite fields that contain Fqni are of the form Fqr for r such that ni|r. Hence, the smallest field that contains Fqni for all i is Fqn .

qn−1 Theorem 3. For any k and q we may explicitly construct a cyclic subspace code of size q−1 and minimum distance 2k − 2 in Gq (n, k) for infinitely many values of n.

Proof: By factoring T (x) , x[k] + x[1] + x and computing the least common multiplier of the degrees of its factors we find the degree of the splitting field of T (x) (see Lemma 11). The subspace V , whose corresponding subspace polynomial is C , F∗ T (x) may be easily found by finding the kernel of the linear transformation defined by T . If αV | α ∈ qn then by qn−1 C C Corollary 3 there are q−1 distinct cyclic shifts in . By Lemma 5 and Corollary 2, the minimum distance of is at least 2k − 2. Infinitely many values of n will are by considering the cyclic shifts of V in all the field extensions of the splitting field.

Remark 2. Theorem 3 proves Conjecture 1 for infinitely many values of n.

Remark 3. The codes implied by Theorems 2 and Theorem 3 cannot be enlarged using the Frobenius isomorphism due to Lemma 8, since for any i ∈{0,...,n − 1} we have that the ith Frobenius shift is also a cyclic shift.

n F i(qN −1)/(qn−1) q −2 Let N = t·n and let γ be a primitive element in qN . Note, that the set {0}∪{γ }i=0 is the unique subfield F F F F F F F qn of qN . Let V be a subspace of qn . Since qn ⊆ qN we can view the subspace V as a subspace of qN over q.

Now, we present a general method for constructing cyclic codes in Gq (N, k), where N = t · n for some prime n, which have more than one full length orbit. We do so by using the Frobenius automorphism.

‡ t lcm{si}i=1 stands for the least common multiplier of the integers s1,...,st. 9

qk −1 qk −q [k] [1] F∗ q−1 ≁ q−1 Lemma 12. Let n be a prime, n|N, V ∈ Gq (N, k) and PV (x)= x +α1x +α0x, where α0, α1 ∈ qn . If α1 1 α0

(see Definition 4) then the code C ⊆ Gq (N, k) defined by n−1 C , i F∗ α · F (V ) | α ∈ qN (1) i=0 [ n o qN −1 is of size n · q−1 and minimum distance 2k − 2.

Proof: The code C is obviously cyclic. By Lemmas 4, 5, and 6, the dimension of the intersection between any two distinct subspaces in C is at most 1, and hence the minimum distance of C is 2k − 2. C qN −1 [1] To show that | | = n· q−1 , fix i and notice that by Lemma 6 we have that the coefficient of x in PF i(V )(x) is non-zero. i F∗ qN −1 Therefore, Lemma 7 implies that the set {α · F (V ) | α ∈ qN } consists of q−1 distinct subspaces. To complete the proof, we have to show that all the sets in the union in (1) are disjoint. Let i, j ∈{0,...,n − 1},i 6= j, F∗ i j and assume for contradiction that there exists β,γ ∈ qN such that βF (V )= γF (V ). W.l.o.g assume that j>i, and denote U , F i(V ). Notice that by Lemma 6 we have

[k] i [1] i [k] [i] [1] [i] PU (x)= PF i(V )(x)= x + F (α1) · x + F (α0) · x = x + α1 · x + α0 · x.

j−i β Since F (U)= γ · U, we may apply Lemma 8 to get − qj i −1 qk −q qi q−1 α0   =1. (2)   qk −1 qi q−1  α1      qk −q   − α q 1 , 0 Denote z qk −1 and notice that q−1 α1 i j−i A1. Equation (2) implies zq (q −1) =1. qk −1 qk −q q−1 ≁ q−1 F A2. The condition α1 1 α0 implies z∈ / q. F∗ F∗ A3. Since α0, α1 ∈ qn it follows that z ∈ qn . By A1 and A3 we have that ord(z) divides both qi(qj−i − 1) and qn − 1, therefore ord(z)|gcd(qi(qj−i − 1), qn − 1). Since qn − 1 is not a power of q, it follows that gcd(qn − 1, qi)=1, and hence,

gcd(qi(qj−i − 1), qn − 1) = gcd(qj−i − 1, qn − 1).

It is well known that in any field gcd(xr − 1, xs − 1) = xgcd(r,s) − 1 (e.g., [11, p. 147, s. 38]). Therefore, the primality of n j−i n gcd(j−i,n) implies that gcd(q − 1, q − 1) = q − 1= q − 1, and hence ord(z)|q − 1. The only elements of FqN whose order divides q − 1 are the elements of Fq, and hence z ∈ Fq, a contradiction to A2.

Lemma 13 which follows, whose proof is deferred to Appendix A, shows that coefficients α0, α1 from Lemma 12 may be easily found in Fqn .

qk −1 qk −q F , , q q−1 ≁ q−1 Lemma 13. Let n be prime and let γ be a primitive element in qn . If α0 γ and α1 γ then α1 1 α0 .

As a consequence of Lemma 12 and Lemma 13 we have the following theorem. 10

, , q Theorem 4. Let n be prime, γ a primitive element of Fqn , and define α0 γ and α1 γ . If FqN is the splitting field of [k] [1] the polynomial x + α1x + α0x and V ∈ Gq (N, k) its corresponding subspace, then n−1 C , i F∗ α · F (V ) | α ∈ qN i=0 [ n o qN −1 is a cyclic code of size n · q−1 and minimum distance 2k − 2.

Note that the construction in Theorem 4 improves the construction of Theorem 3. In Theorem 3 we construct a code with one full length orbit, where in Theorem 4 we add multiple orbits without compromising the minimum distance.

B. Codes with degenerate orbits

In this subsection it is shown that subspaces of Gq (n, k) that may be considered as subspaces over a subfield of Fqn which is larger than Fq, form a cyclic code with a unique subspace polynomial structure. The cyclic property and the minimum distance of this code are an immediate consequence of this unique structure.

N N F Lemma 14. If n, k ∈ ,k

Gq (n, k).

Fn/d d Proof: Let qd be the vector space of dimension n/d over q . It is widely known that there exists an isomorphism f Fn/d F Fn/d F from qd to (qd)n/d . Notice that by our abuse of notation, both qd and (qd)n/d can be considered as vector spaces over F n F F qd . Since there is a unique field with q elements, qn may also be considered as a vector space over qd . Therefore, there n/d F F n , F F n exists an isomorphism g : qd → q such that g h ◦ f, where h is some isomorphism from (qd)n/d to q . Fn/d F Notice that for all u, v ∈ qd and α, β ∈ qd , we have g(αv + βu) = αg(v)+ βg(u). For V ∈ Gqd (n/d, k/d) let

G(V ) , {g(v)|v ∈ V }. The set G(V ) is clearly a subspace of dimension k over Fq in Fqn . Furthermore, the function

G : Gqd (n/d, k/d) → Gq (n, k) is injective since g is injective. Lemma 14 allows us to define the following set of subspaces.

Construction 1. For n, k ∈ N and d ∈ N such that d| gcd(n, k), let Cd be the code

{G(V )|V ∈ Gqd (n/d, k/d)}, where G was defined in the proof of Lemma 14.

Since Cd is the image of an injective function from Gqd (n/d, k/d) to Gq (n, k), we have the following.

n/d Corollary 5. |Cd| = . k/d qd   Remark 4. The code Cd from construction 1 may be alternatively defined as

k/d

C , α F d α ,...,α ∈ F n are linearly independent over F d . d  i q 1 k/d q q  i=1  X C The proof of the equivalence of this alternative definition appears in Appendix B. The code d may also be defined as the set F of all subspaces of Gq (n, k) that are also subspaces over qd .

The subspaces in Cd admit a unique subspace polynomial structure, from which the useful properties of Cd are apparent. 11

C k/d [di] F Lemma 15. If V ∈ Gq (n, k) then V ∈ d if and only if PV (x)= i=0 cix for some ci’s in qn . P C Proof: Let V ∈ d, and let U ∈ Gqd (n/d, k/d) be such that F (U)= V (see Construction 1). By Definition 2 it follows (qd)n/d (qd)n/d [n] that PU |x − x. Since x − x = x − x, it follows that PU is a subspace polynomial of a subspace W ∈ Gq (n, k). n/d F F n The roots of PU are precisely the set {g(u)|u ∈ U}, where g is the isomorphism between qd and q mentioned in the proof of Lemma 14, and hence, W = V . Since PU is a subspace polynomial of a subspace in Gqd (n/d, k/d), its subspace k/d (qd)i polynomial is of the form PU (x)= i=0 cix . Since PV = PU , the claim follows. k/d [di] [n] Conversely, let V ∈ Gq (n, k) withP PV (x) = i=0 cix . By Definition 2, it follows that PV |x − x, and thus (qd)n/d C PV |x − x. Therefore PV is a subspace polynomialP of some U ∈ Gqd (n/d, k/d), and hence V ∈ d.

Corollary 6. Cd ⊆ Gq (n, k) is a cyclic subspace code.

C F∗ k/d [di] Proof: Let V ∈ d and α ∈ qn . By Lemma 15 the subspace polynomial of V is of the form PV (x) = i=0 cix F k/d [k]−[di] [di] for some ci ∈ qn . By Lemma 5 the subspace polynomial of αV is PV (x)= i=0 ciα x . Again by LemmaP 15, it follows that αV ∈ Cd. P

Since for V ∈ Cd we have that gap(V ) ≥ d, and the following result is a consequence of Corollary 2 and Definition 3.

Corollary 7. The minimum distance of Cd is 2d.

The structure of the subspace polynomials of the codewords of Cd allows us to construct a code C which is a union of C di for distinct di’s which divide gcd(n, k). We now analyze the size and distance of the resulting code.

N t C C Lemma 16. Let k,n ∈ ,k

N C , t C Construction 2. Let k,n ∈ ,k

C Theorem 5. Let d be an integer such that d| gcd(n, k). If ⊆ Gqd (n/d, k/d) is a cyclic code with minimum distance 12

′ 2 · (k/d) − 2δ then there exists a cyclic code C ⊆ Gq (n, k) of size |C| and minimum distance 2k − 2dδ.

n/d F F n Proof: Let g : qd → q and G : Gqd (n/d, k/d) → Gq (n, k) be the embeddings defined in the proof of Lemma 14. ′ ′ ′ If C , {G(V )|V ∈ C} then |C | = |C|, since G is injective. The cyclic property of C follows from the fact that PV (x)= ′ PG(V )(x) for all V ∈ C, as shown in the proof of Lemma 15. To bound the minimum distance of C it suffices to show that if U1,U2 ∈ C then

dim (G(U1) ∩ G(U2)) = d · dim(U1,U2).

, F , Indeed, if w dim(U1 ∩ U2), then since g is an isomorphism of subspaces over qd , it follows that the set Z {g(z)|z ∈

U1 ∩U2} is a subspace of Fqn over Fq. By a simple counting argument, dim Z = dw, and hence, dim (F (U1) ∩ F (U2)) ≥ dw.

Assuming for contradiction that dim (F (U1) ∩ F (U2)) > dw clearly implies that dim(U1 ∩ U2) > w, a contradiction.

IV. CONCLUSIONS AND FUTURE WORK

In this paper we have considered constructions of cyclic subspace codes. We have proved the existence of a cyclic code in

Gq (n, k) for any given k and infinitely many values of n. The constructed codes have minimum subspace distance 2k − 2, the normalizer of a Singer subgroup is their automorphism group if n is a prime, and they have full length orbits for all values of n. We have also constructed large codes when all the orbits are degenerated. We have shown how the representation of subspaces by their subspace polynomials can be used in constructing subspace codes. For future research, the main problems are to construct cyclic codes of large size, to explore the structure and properties of our codes, and to examine possible decoding algorithms for them. It is easily verified that the vast majority of subspaces have full length orbits. Therefore, it seems reasonable to conjecture that full length orbits with minimum distance 2k − 2 exist for any value of n,k,q (see Conjecture 1). Although the codes presented in Section III-A are the first known explicit construction of such codes, they are most likely the tip of the iceberg, and codes of these parameters are abound. Although the gap of two polynomials provides significant information about the intersection of their respective subspaces, Remark 1 shows that the gap might not be the most efficient tool for this purpose. Therefore, another open problem is finding a better measure for the intersection of two subspaces, and in particular, two subspaces from the same orbit. A prominent part of the study of subspace polynomials relies on understanding the connection between the coefficients of a polynomial and the size of the respective splitting field. Hence, any progress in this direction may provide an improvement of our results.

ACKNOWLEDGMENTS

The authors would like to thank Thomas Honold for bringing [8] to their attention.

REFERENCES

[1] R. Ahlswede, H. K. Aydinian, and L. H. Khachatrian, “On perfect codes and related concepts,” Designs, Codes and Cryptography, vol 22, pp. 221–237, 2001. [2] E. Ben-Sasson, T. Etzion, A. Gabizon, and N. Raviv, “Subspace polynomials and cyclic subspace codes,” arXiv:1404.7739, 2014. [3] E. Ben-Sasson, and S. Kopparty, “Affine dispersers from subspace polynomials,” SIAM Journal on Computing, vol. 41, pp. 880–914, 2012. [4] E. Ben-Sasson, S. Kopparty, and J. Radhakrishnan, “Subspace polynomials and limits to list decoding of Reed-Solomon codes,” IEEE Transactions on Information Theory,, vol. 56, pp. 113–120, 2010. [5] M. Braun, T. Etzion, P.Ostergard, A. Vardy, and A. Wasserman, “Existence of q-analogs of Steiner systems,” arXiv:1304.1462, 2013. 13

[6] Q. Cheng, S. Gao, and D. Wan, “Constructing high order elements through subspace polynomials,” Proceedings of the Twenty-third Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 1547–1463, 2012. [7] L. Chihara, “On the zeros of the Askey-Wilson polynomials, with applications to coding theory,” SIAM Journal on Mathematical Analysis, vol. 18, pp. 191-207, 1987. [8] K. Drudge, “On the orbits of Singer groups and their subgroups,” Electronic Journal of Combinatorics, vol. 9, 2002. [9] T. Etzion, and A. Vardy, “Error-correcting codes in projective space,” IEEE Transactions on Information Theory, vol. 57, pp. 1165-1173, 2011. [10] H. Gluesing-Luerssen, and K. Morrison, and C. Troha, “Cyclic orbit codes and stabilizer subfields,” arXiv:1403.1218, 2013. [11] R. L. Graham, D. E. Knuth, and O. Patashnik, “Concrete Mathematics: A Foundation for Computer Science,” Addison-Wesley, 1994 [12] B. Huppert, “Endliche Gruppen,” I, Springer-Verlag, Berlin, 1967. [13] R. Koetter and F. R. Kschischang, Coding for errors and erasures in random network coding, IEEE Transactions on Information Theory, vol. 54, pp. 3579–3591, 2008. [14] A. Kohnert, and S. Kurz, “Construction of large constant dimension codes with a prescribed minimum distance,” Lecture Notes Computer Science, vol. 5395, pp. 31–42, 2008. [15] R. Lidl, and H. Niederreiter, “Finite Fields” Encyclopedia of Mathematics and Its Applications, Cambridge University Press, vol. 20, 1997. [16] J. H. van Lint and R. M. Wilson, “A course in combinatorics” Cambridge university press, 2001. [17] F.J. MacWilliams, and N.J. Sloane, “The Theory of Error-correcting Codes: Part 2,” Elsevier, vol. 16, 1977. [18] W. J. Martin, and X. J. Zhu, “Anticodes for the Grassman and bilinear forms graphs,” Designs, Codes and Cryptography, vol. 6, pp. 73-79, 1995. [19] O. Ore, “On a special class of polynomials,” Transactions of the American Mathematical Society, vol. 35, pp. 559–584, 1933. [20] D. Silva, F.R. Kschischang, and R. Koetter, “A rank-metric approach to error control in random network coding,” IEEE Transactions on Information Theory,, vol. 54, pp. 3951–3967, 2008. [21] M. Schwartz, and T. Etzion, “Codes and anticodes in the Grassman graph,” Journal of Combinatorial Theory, Series A, vol 97, pp. 27–42, 2002. [22] A.-L. Trautmann, F. Manganiello, M. Braun, and J. Rosenthal, “Cyclic orbit codes,” IEEE Transactions on Information Theory, vol. 59, pp. 7386–7404, 2013. [23] A. Wachter-Zeh, “Bounds on list decoding of rank-metric codes,” IEEE Transactions on Information Theory, vol. 59, pp. 7268–7277, 2013. [24] J. von zur Gathen, “Irreducible trinomials over finite fields,” Mathematics of Computation, vol. 72, pp. 1987–2000, 2003.

APPENDIX A

Proof: (of Lemma 8) Assume F i(V )= αV for some α. By Lemmas 5 and 6,

[k] [k]−[1] [1] [k]−1 PαV (x) = x + α · α1x + α · α0x

[k] i [1] i PF i(V )(x) = x + F (α1)x + F (α0)x.

By Lemma 2,

[k]−[1] i α · α1 = F (α1)  [k]−1 i  α · α0 = F (α0)

 [k]−[1] [i] α · α1 = α1  [k]−1 [i]  α · α0 = α0

 14

qi−1 Since α 6=0 (by Lemma 1) and α 6=0, α[1]−1 = α0 . Using some algebraic manipulations we have, 0 1 α1

  [k]−[1] [i]−1 α = α1 k − − q q i (q 1) q−1  q −1 α = α1 i qk −q (q −1) − α  q 1  i 0 = αq −1 α 1  1  qk −q i q−1 ·(q −1) α0 k = 1 q −q i i q−1 ·(q −1)+(q −1) α1 qk −q i q−1 ·(q −1) α0 k − = 1 q 1 i q−1 ·(q −1) α1 qi−1 qk −q α q−1 0 = 1, qk −1  q−1  α1  

which concludes the proof of one direction of the lemma. Now assume

qi−1 qk −q α q−1 0 =1. qk −1  q−1  α1

qi−1   q−1 Define α , α0 . We get α1

  qi−1 qk −q α q−1 0 = 1 qk −1  q−1  α1  qi−1 qk −q q−1 α0 qk −q = 1  q−1  α1 · α1   k − qi−1 q q q−1 α0 qi−1 qi−1 = α1  q−1  α1  qk −q qi−1 α = α1 .

i− k k i q 1 i q −1 q −q q−1 q −1 α0 q −1 In addition, we have α = α α = α1 · qi−1 = α0 . Therefore: α1     i qk −q q −1 α = α1

 i qk −1 q −1  α = α0

i  qk −q q α · α1 = α1 ,  i qk −1 q  α · α0 = α0 i which implies that F (V )= αV due to equality between the coefficients of the corresponding subspace polynomials. Proof: (of Lemma 13) Assume for contradiction that

qk −q qk −1 q−1 q−1 α0 ∼1 α1 , 15

F∗ i.e., there exists α ∈ q such that

k qk −q q −1 q − α · γ q−1 = (γ ) q 1 . (3)

Raising both sides of (3) by the (q − 1)th power yields

k k+1 γq −q = γq −q

k γq (q−1) = 1. (4)

Z∗ n k Since q ∈ qn−1, it follows that q has a multiplicative inverse w modulo q − 1. By raising both sides of (4) by the w th q−1 power we get that γ =1, and hence, γ ∈ Fq, a contradiction.

APPENDIX B

In this appendix we prove the equivalence of an alternative definition to Construction 1 (see Remark 4). The following lemma is required for the proof of equivalence.

ℓ F Lemma 18. If V ∈ Gq (n, k) may be written as V = i=1 αi qd , where d| gcd(n, k), then V may be written as a direct sum k/d F V = j=1 βj qd . S P F , Proof: We show that for every J ⊆ {1,...,ℓ}, every αi qd is either contained or mutually disjoint with AJ F F j∈J αj qd . Assume for contradiction that there exists αi qd ,i∈ / J that is neither contained nor mutually disjoint with AJ . F∗ F PThat is, there exists u1,u2 ∈ qd such that αiu1 ∈ AJ and αiu2 ∈/ AJ . Since αiu1 ∈ AJ it follows that there exists sj ∈ qd −1 −1 for each j ∈ J such that αiu1 = j∈J αj sj . Hence, αi = u1 j∈J αj sj and therefore αiu2 = u1 j∈J αj sj · u2. F∗ F However, since u2/u1 ∈ qd and sPj ∈ qd for all j, it follows thatP αiu2 = j∈J αj (sj u2/u1) ∈ AJ ,P a contradiction. F F Therefore, by taking α1 qd and iteratively expanding it by adding disjoint cyclicP shifts of qd , the required direct sum may be achieved.

Theorem 6. Let d ∈ N such that d| gcd(n, k). For a subspace V ∈ Gq (n, k), V ∈ Cd (see Construction 1) if and only if V F may be written as a direct sum of cyclic shifts of qd .

C k/d [id] F [d]−1 Proof: If V ∈ d then by Lemma 15, PV (x)= i=0 cix . Since for all γ ∈ qd we have γ =1, it follows that F k/d [id] F if PV (v)=0 for v ∈ qn , then PV (γv) = i=0 ci(Pγv) = PV (v)=0. Therefore, V is a union of cyclic shifts of qd , F and according to Lemma 18 may be writtenP as a direct sum of cyclic shifts of qd . k/d n/d −1 F F n F , On the other hand, if V = i=1 αi qd such that αi ∈ q , let βi ∈ qd ,i ∈{1,...,k/d} such that βi g (αi), where n/d k/d F F n g is the isomorphism betweenP qd and q mentioned in the proof of Lemma 14. Let U be the linear span of {βi}i=1 in Fn/d F k k/d qd over qd . We show that U is a d -subspace. Assume for contradiction that the elements of {βi}i=1 are linearly dependent, F F i.e., there exists γi ∈ qd such that γiβi =0. Hence, 0= g(0) = g( γiβi)= γiαi and therefore, the element 0 ∈ qn has two distinct representations as anP element of V . This implies that P|V | < qk, aP contradiction. Now observe that,

G(U) = {g(u) | u ∈ U}

F = g γiβi | ∀i,γi ∈ qd n X  F o F = γiαi | ∀i,γi ∈ qd = αi qd = V, nX o X and hence V ∈ Cd.