Finite Commutative Rings and Their Applications

FINITE COMMUTATIVE RINGS AND THEIR APPLICATIONS

Gilberto Bini1 and Flaminio Flamini2

April 24, 2015

1University of Michigan, Dpt. of Mathematics, 525 East University Ave., Ann Arbor, MI, 48109, U.S.A., e-mail address: [email protected] 2Terza Universita’ di Roma ”Roma Tre”, Dip. di Matematica - Largo S. L. Murialdo, 1 - 00146 Roma, Italy, e-mail address: [email protected] Preface

This book is a concrete and self-contained introduction to finite commutative local rings, focusing in particular on Galois and Quasi-Galois rings. Finite commutative ring theory is a fast-developing subject and has recently been seen to have important applications in theoretical areas like Combinatorics, Finite Geometries and the Analysis of Algorithms. Moreover, in the last twenty years, there has been a growing interest in application of commutative rings to Algebraic Cryptography and Coding Theory. In fact, several codes over finite fields, which are widely used in Information and Communication Theory, have been investigated as images of codes over Galois rings (especially over the ring of integers modulo 4). On the one side, applied mathematical research has mo- tivated a more systematic analysis of Finite Commutative Algebra; on the other side, pure Mathematics has offered innovative tools in Coding Theory. Therefore, this book aims to answer a need for introductory references in this evolving area from both perspectives. For this purpose, the reader is provided with an active and practical approach to the study of the purely algebraic structure and properties of finite commutative rings (in particular, Galois rings) as well as to their applications in Coding Theory. The Commutative Algebra set-up has been realized by the second author, whereas the Coding Theory point of view has been treated by the first author. This work is not intended as an exhaustive survey of all topics of either Finite Commutative Algebra or Coding Theory over finite rings. Mc Donald’s classical reference (see [56]) offers a more theoretical approach to the algebraic point of view of the subject. MacWilliams’ and Sloane’s book or van Lint’s book (see [53] and [69], respectively) - just to mention a few - are standard references for codes over finite fields, whereas [62] collects some of the latest articles concerning codes over Galois rings. This text could be appropriately used as a university course book

i ii or for independent reading by students possessing some familiarity with basic algebraic topics, such as Group Theory, Commutative Rings, Finite Fields and Galois Theory. It should also be of great interest to engineers who have to deal in depth with Galois rings. Thus the first chapters can be viewed as a brief summary of basic definitions and results in Commutative Algebra. The reader is referred to a sufficiently detailed bibliography in order to avoid tedious repetitions of some too technical proofs. Together with Hensel’s lemma, the notion of regular polynomial is the fundamental tool of the entire work. Furthermore, in the chapters related to the separable extension theory of local rings, the crucial definitions of unramified extension of such rings and of the splitting ring of a regular polynomial are given. These extend the classical results of the Galois theory of finite fields to finite local rings. Chapter 6 is the core of the book, in which all results from previous chapters are used for the study of Galois rings and another class of finite local rings, Quasi-Galois rings. Moreover, an entire section is devoted to recalling some classical approaches to the theory of Galois rings. In Chapter 7 we briefly recall some standard definitions and results on codes over finite fields, which are necessary tools to discuss the formal duality between Kerdock and Preparata codes, one of the most intrigu- ing research topics in this area. In the last chapter, we deal with the explanation of this formal duality by using codes over finite rings. These two chapters are intended to point out the basic difference between codes over fields and over rings. We have tried to be as rigorous and accurate as possible, especially in proving the fundamental statements, at the same time keeping the examples lively and informal, since they may just be the key to the clarification of certain results. We would like to express our gratitude to everyone who helped and encouraged us throughout our years of study. Above all Prof. M.J. de Resmini, who has been a constant guide and without whom this work would never have come to life. We are indebted to Prof. Dr. D. Jungnickel for his precious and indispensable advice. We wish to thank our colleagues and friends for their support during the preparation of this book. Our deepest gratitude goes to our families. The second author would also like to thank his wife for her constant encouragement. Contents

Preface ii

1 NOTIONS IN RING THEORY 1 1.1 BasicDeﬁnitions ...... 1 1.2 Prime and Maximal Ideals ...... 3 1.3 Euclidean Domains, P.I.D.’s and U.F.D.’s ...... 9 1.4 Factorization in Zpn [x]...... 19

2 FINITE FIELD STRUCTURE 27 2.1 Basic Properties ...... 27 2.2 Characterization of Finite Fields ...... 29 2.3 Galois Field Automorphisms ...... 32

3 FINITE COMMUTATIVE RINGS 37 3.1 Finite Commutative Ring Structure ...... 37 3.2 Regular Polynomials in the Ring R[x] ...... 44 3.3 R-algebra Automorphisms of R[x] ...... 51 3.4 Factorization in R[x]...... 53

4 SEPARABLE EXTENSIONS 59 4.1 Separable Field Extensions ...... 59 4.2 Extensions of Rings ...... 63 4.3 Separable extensions of local rings ...... 65

5 GALOIS THEORY FOR LOCAL RINGS 69 5.1 Basic Facts ...... 69 5.2 Examples. Splitting Rings ...... 73

6 GALOIS AND QUASI-GALOIS RINGS 79 6.1 Classical Constructions ...... 80 6.2 Galois Ring Properties ...... 90

iii iv CONTENTS

6.3 Structure Theorems ...... 103 6.4 Quasi-Galois Rings ...... 105

7 CODES OVER FINITE FIELDS 117 7.1 Basic properties ...... 117 7.2 Some families of q-ary codes ...... 118 7.2.1 Linear Codes ...... 118 7.2.2 Hamming codes ...... 119 7.2.3 Cyclic codes ...... 120 7.2.4 Reed-Muller codes ...... 124 7.3 Duality between codes ...... 126 7.4 Some families of nonlinear q-ary codes ...... 130 7.4.1 Binary Kerdock codes ...... 130 7.4.2 Kerdock sets ...... 130 7.4.3 Properties of binary Kerdock codes ...... 134 7.4.4 Classical Preparata codes ...... 136 7.4.5 Basic properties ...... 136 7.4.6 Preparata codes and Hamming codes ...... 137

8 CODES OVER GALOIS RINGS 141 8.1 Basic properties ...... 141 8.1.1 Linear codes over Zpn ...... 142 8.1.2 Reed-Muller codes over Zpn ...... 143 8.1.3 Cyclic codes over Zpn ...... 144 8.1.4 Hamming codes over Zpn ...... 147 8.2 Linear quaternary codes ...... 148 8.3 Kerdock and Preparata codes revisited ...... 154

Bibliography 163

Index 168 Chapter 1

FUNDAMENTAL NOTIONS IN RING THEORY

We want to start by recalling some elementary topics in ring theory; we basically focus on local rings, since Galois rings, the ”main subject” of our work, are a particular class of such rings. We will review some deﬁnitions and provide clarifying examples. This is useful for the sake of establishing a common language, ﬁxing, once and for all, notation such as would appear in many undergraduate Algebra texts whose contents we assume the reader is familiar with.

1.1 Basic Deﬁnitions

From now on, by a ring we always mean a commutative ring with identity, unless explicitly stated. Let R be a ring. We recall that R is an integral domain if it contains no non-trivial zero-divisors. An element x R is ∈ nilpotent if xn = 0, for some positive integer n. So, a nilpotent element is a zero-divisor in R (provided R is not the trivial ring, i.e. R = 0), but the converse is not generally true. An invertible element (unit) x in R is an element for which there exists a y in R such that xy = 1, 1 being the multiplicative identity of R. The element y is uniquely determined by x and will be denoted by x−1. The subset

U(R) := x R y R s.t. xy = yx = 1 { ∈ | ∃ ∈ } of R is a multiplicative group (with respect to the multiplication in R) and its elements are called the units of R. A ring R is a ﬁeld if every

1 2 CHAPTER 1. NOTIONS IN RING THEORY non-zero element is a unit, i.e. U(R) = R∗ = R 0 . \{ } One of the most familiar examples of a (commutative and with identity) ring is the ring of integers, denoted by Z, which trivially is an integral domain, but not a field; in fact, U(Z) = 1, 1 is isomorphic { − } to the cyclic group of order two, i.e. C =< x x2 = 1 >. If we consider 2 | the ring of the residues modulo m, for a fixed positive integer m, denoted by Zm= Z/mZ, we have a completely different situation.

Proposition 1.1.1 Zm is an integral domain if and only if m is a prime. Proof: Left to the reader. ✷ More precisely, if m is a prime the structure of this ring is richer. Proposition 1.1.2 Assume m is a prime; then, given a Z , a = 0, ∈ m 6 there exists an element b such that ab = 1, i.e. Zm is a field. Proof: If m is a prime and a = 0, then m does not divide a in Z; 6 therefore g.c.d.(m, a) = (m, a) = 1. By the Euclidean algorithm, there exist integers r, b such that rm + ba = 1, thus ab = ba = 1 in Zm. (Observe we used the same notation for the integers and their residue classes. It is easy to understand from the context what is meant.) ✷ This property follows from more general topics which will be dealt with later on, in this chapter. Here we just recall that, given a prime p, Zp is the Galois field of order p, which, in the literature, is also denoted by Fp or GF (p). Observe that a non-zero integer b has an infinite additive order, hence, given n in Z, nb = 0 implies n = 0; on the other hand, in Zp the additive order of each non-zero element is p. More generally, given a commutative ring with identity, R, denote by u its multiplicative identity. We can consider the map: α : Z R −→ n nu −→ which obviously is a ring morphism. The Homomorphism Theorem ensures us that the kernel of α is an ideal in Z, whereas its image is a subring of R such that Z/Ker(α) = Im(α) R. ∼ ⊆ We have two different situations, depending on the nature of the homomorphism α: (i) α is injective: then Ker(α) = 0 , so Z = Im(α) R. { } ∼ ⊆ (ii) α is not injective: in this case its kernel is a proper ideal in the ring of integers, so there exists a positive integer m such that Ker(α) = mZ. Therefore, Im(α) = Z/mZ = Z R. ∼ m ⊆ 1.2. PRIME AND MAXIMAL IDEALS 3

Deﬁnition 1.1.3 Im(α) is called the fundamental subring (or prime ring) of R; it is the subring generated by the multiplicative identity u. The characteristic of R is the additive order of u, hence

char(R) = 0 in case (i) and char(R) = m in case (ii).

Remark In case (i), since Z R, the cardinality of R is, necessarily, ⊆ infinite. If we suppose that R is a domain and if we consider case (ii), the obvious consequence is that char(R) = p, for a fixed prime p. In this situation, the ring R contains the Galois field of order p, as a subring. It follows that an integral domain of positive characteristic always contains a Galois field GF (p), for some prime p, which is called the fundamental subfield or prime field of R. Observe that, if R is a field, then - if char(R) = p, Z R is its prime field; p ⊆ - if char(R) = 0, the fundamental subring of R is isomorphic to Z and the injection α extends to the rational field Q. In conclusion, a field R always admits a prime field, which is either Q, if char(R) = 0, or Zp, if char(R) = p.

1.2 Prime and Maximal Ideals

Among the proper ideals of a given ring R, prime ideals play a fundamental role in all of Commutative Algebra. In this section we want to recall both some properties of this class of ideals and some terminology and notation that will be used in what follows. For a more detailed analysis of these topics, the reader is referred to undergraduate Algebra texts (for example [28], [31]) as well as to Commutative Algebra texts (e.g. [5], [37], [55], [66] or [71]). Given a commutative ring with identity, R, an ideal I R is called ⊆ a proper ideal if 0 = I R. { } 6 ⊂ Proposition 1.2.1 A proper ideal of R does not contain units.

Proof: It immediately follows from the definition of ideal. ✷ Remark An immediate consequence of this statement is the following fact. If we consider the field morphism α : , then α is either a K −→ F monomorphism or is the null morphism; indeed, Ker(α) is an ideal in K which, being a field, contains no proper ideal. 4 CHAPTER 1. NOTIONS IN RING THEORY

Deﬁnition 1.2.2 A (proper) ideal, P , of R is said to be a prime ideal if, for any a, b R such that ab P and a P , b P . ∈ ∈ ∈| ∈ In the ring of the integers the prime ideals have a trivial characterization.

Proposition 1.2.3 An ideal (m) = mZ Z is a prime ideal if and only ⊂ if m is a prime.

Proof: Left to the reader. ✷

Deﬁnition 1.2.4 A proper ideal M in R is called a maximal ideal if there is no proper ideal of R, say J, such that

M J R. ⊂ ⊂ We recall that in a ring A, not necessarily commutative and with identity, an ideal M A is a maximal ideal if and only if the quotient ⊂ ring, A/M, is simple, i.e. it contains no proper ideals. In the commutative case we can specialize this property.

Proposition 1.2.5 Let R be a commutative ring with identity. The ideal M R is maximal if and only if R/M is a field. ⊂ Proof: ) If R/M is a field, then it is a simple ring, so M is a maximal ideal. ⇐ ) Since R is a commutative ring with identity, R/M is commutative ⇒ with identity. Let x be a non-zero element in R/M and (x) R/M the ⊂ ideal it generates. It follows that (x) = R/M, so there exists an element b R/M such that xb = 1, where 1 is the identity in R/M; therefore, ∈ x U(R/M). Since this statement is true for every 0 = x R/M, R/M ∈ 6 ∈ is a field. ✷ Remark Observe that the hypothesis that the simple ring R/M admits an identity is a necessary condition for its being a field. In fact, the ring 2Z = 2k k Z is commutative but without identity; the ideal { | ∈ } J := (2) = 2(2Z) = 2(2k) k Z 2Z is a maximal ideal, since { | ∈ } ⊂ 2Z/J = 2k + (4) k Z = 0 = 2Z, 2 = 2 + 2Z has only trivial { | ∈ } { } ideals, so it is simple. On the other hand, this quotient ring is not a field, because it is not even an integral domain, since 2 = 0, but 2 2 = 0. 6 We have an analogous result for the prime ideals of a ring R.

Proposition 1.2.6 Let R be a commutative ring. A proper ideal P is a prime ideal if and only if R/P is an integral domain. 1.2. PRIME AND MAXIMAL IDEALS 5

Proof: Easy consequence of the deﬁnitions. ✷ The previous remark shows that, in general, a maximal ideal of a ring R is not a prime ideal; e.g., J = (2) 2Z is a maximal ideal, but ⊂ not a prime one. As usual, the situation is more favourable if R is a commutative ring with identity.

Proposition 1.2.7 Let R be a commutative ring with identity. If M is a maximal ideal, then it is a prime ideal.

Proof: Obvious. ✷ Remark Let us go back, for a moment, to the case of the integers, Z, and observe that I = (p) is a maximal ideal if and only if p is a prime. Hence, in the ring of integers maximal ideals and prime ideals coincide and they are those generated by prime numbers. As we shall see, this is more generally valid for principal rings; now, we simply want to point out that this remark is true only for proper ideals of Z. Indeed, the trivial ideal (0) Z is prime, since Z/(0) = Z is an integral domain, but is not ⊂ ∼ maximal, since Z is not a ﬁeld.

Definition 1.2.8 The set of all prime ideals in a ring R is called the spectrum of R and will be denoted by Spec(R), whereas the set of its maximal ideals is the maximal spectrum of R, denoted by Specm(R); obviously, Specm(R) Spec(R). ⊆ These sets play a fundamental role in all of Commutative Algebra, expecially for the deep meaning they have in the study of algebraic vari- eties or, more generally, of schemes (for some applications to Algebraic Geometry see, for example, [23] for a more algebraic point of view, or [30] for a more geometrical approach). A standard application of Zorn’s Lemma (see, for example, [17]) shows that, given a ring R = 0, Specm(R) = , i.e. R contains at least 6 6 ∅ one maximal ideal. This implies that each non-unit of R is contained in one of its maximal ideals ([5]). There exist rings with only one maximal ideal, such as for example the rings Zph , where p is a prime and h is a positive integer. Definition 1.2.9 A ring R with a unique maximal ideal M is called a local ring, with residue field = R/M. It is straightforward to verify K that M = r R r is not a unit . A homomorphism of local rings, { ∈ | } f : R S is called a local morphism if f(M ) M , where M −→ R ⊆ S R and MS are the maximal ideals of the local rings R and S, respectively. 6 CHAPTER 1. NOTIONS IN RING THEORY

Example 1.2.10 An immediate example of a local morphism is the following µ : Z Z 4 −→ 2 0 0 → 1 1 → 2 0 → 3 1 . → This morphism is determined by the structure of Z4; more precisely, Z4 is a finite, commutative, local ring with maximal ideal 2Z = 0, 2 and 4 { } residue field Z4/2Z4 ∼= Z2. Therefore, µ is the natural quotient-morphism and the maximal ideal 2Z4 maps onto the zero element of the field. Remark The reader should realize that, in general, given a morphism of local rings, it does not follow that this morphism is local. For example, let A be a local ring which contains a prime ideal P such that

P M A, ⊂ ⊂ where M denotes its unique maximal ideal. Therefore, A is a ring of Krull dimension greater than or equal to 1 (see [5]). If we denote by ϕ the localization morphism, with respect to the multiplicative system S = A P , then \ ϕ : A A = S−1A → P is not local. In fact, AP is a local ring with maximal ideal PAP (this is a standard notation in Commutative Algebra to denote the ideal generated by ϕ(P ) A , see [5] or [23]), but the image of an element in M is a ⊂ P unit in AP .

Proposition 1.2.11

1. Let R be a ring and M = (0) an ideal such that each x R M is 6 ∈ \ a unit. Then R is a local ring and M is its maximal ideal.

2. Let R be a ring and M a maximal ideal such that each element of the set 1 + M := 1 + x x M is a unit in R. Then R is a local { | ∈ } ring.

Proof: 1. Each proper ideal of R contains only non-units, so it is contained in M. Hence, M is the unique maximal ideal in R. 2. Let x R M. Since M is maximal, the ideal J = (x, M) coincides ∈ \ with R; this implies there exist y R and t M such that xy + t = 1, ∈ ∈ 1.2. PRIME AND MAXIMAL IDEALS 7 so that xy = 1 t 1 + M is a unit in R, i.e. x U(R). The statement − ∈ ∈ follows from 1. ✷ A ring which contains only a finite number of maximal ideals is called semilocal. Each finite ring is a semilocal ring. Even if more will be said later on, we give a few examples of local and semilocal rings. Let p Z be a prime and n a positive integer; the ring ∈ n of the residues modulo p , Zpn , is an example of a finite, local ring with maximal ideal pZ n Z n and residue field F . On the other hand, given p ⊂ p p an integer m, the Fundamental Theorem of Arithmetic ensures us that m admits a unique factorization

m = pk1 pkt , 1 ··· t p a prime, for each 1 i t, p = p , for i = j and k IN. The ideal i ≤ ≤ i 6 j 6 j ∈ lattice of Z , when m = pn for some prime p, is not a chain, as in the m 6 case of Zpn . Therefore, Zm is an example of a finite, semilocal ring. In conclusion, among the rings of the form Zm, the local ones are all of the form Zpn , where p is a prime and n is a positive integer. Note that all non-units in Zpn are nilpotent (in fact, such rings belong to the class of Artinian rings, see [5]); this is not true in Zm, when m is not a prime power, where zero-divisors exist which are not nilpotent. We will see that Galois rings determine a larger class of finite local rings. The fundamental fact about this kind of rings is that they can be considered as ”bricks” for the class of finite local rings; this means that an arbitrary finite, local ring is a GR(pn, r) - algebra of finite type, i.e. it can be expressed as a quotient of a polynomial ring, in a number of indeterminates, with coefficients from a Galois ring GR(pn, r) for some prime p and suitable positive integers n and r, modulo a primary ideal of the polynomial ring (see also [56]). An example of an infinite local ring is the ring of formal power series with coefficients from a field , i.e. [[x]], where the maximal K K ideal M consists of all non-invertible formal power series, M := a + { 0 a x + a x2 + a x3 + a = 0 . We conclude this section with a final 1 2 3 · · · | 0 } remark on prime and maximal ideals of a commutative ring.

Deﬁnition 1.2.12 Given an ideal I R, set ⊂ √I := r R rs I for some s > 0 . { ∈ | ∈ } This set is an ideal of R (as it is easy to check) called the radical of I; it contains I. An ideal J is called a radical ideal if √J = J. 8 CHAPTER 1. NOTIONS IN RING THEORY

Proposition 1.2.13 Let M R be a maximal ideal, then M is a radical ⊂ ideal.

Proof: By deﬁnition, M √M. The maximality of M implies that ⊆ either M = √M, in which case M is a radical ideal, or √M = R, which is absurd. ✷

Proposition 1.2.14 If P R is a prime ideal, then P is a radical ideal. ⊂ Proof: As usual, P √P . Let x be an element of √P and t be a ⊆ positive integer such that xt P . Since P is a prime ideal, xt = xt−1x ∈ ∈ P implies that either x P , and we get the statement, or xt−1 P , and ∈ ∈ we can proceed by repeating the argument. ✷

Proposition 1.2.15 The set Nil(R), consisting of all nilpotent elements of R, is an ideal; by deﬁnition it coincides with the radical ideal √0 (nilradical).

Proof: It is a straightforward consequence of the deﬁnitions. ✷ Another deﬁnition of the nilradical is the following. The nilradical of R coincides with the intersection of all prime ideals in R, i.e.

Nil(R) := P. (1.1) P ∈Spec\ (R) The equivalence of these two deﬁnitions is a consequence of Zorn’s Lemma (see, for example, [5]). In the same way, we can deﬁne the Jacobson radical, denoted by J(R), as the intersection of all maximal ideals of R,

J(R) := M. (1.2) M∈Specm\ (R) There are other deﬁnitions of Jacobson ideal, see e.g. [3] or [5]. For example, we can state the following

Proposition 1.2.16 x J(R) if and only if 1 xy is a unit of R, for ∈ − each y R. ∈ Proof: ) If 1 xy is not a unit, then it belongs to some maximal ⇒ − ideal M R; since x J(R) M, xy M which would imply 1 M. ⊂ ∈ ⊆ ∈ ∈ ) If x is not in M, for some maximal ideal M, then (M, x) = R (by ⇐ maximality of M). Thus, there would exist v M and y R such that ∈ ∈ v + xy = 1. It follows that 1 xy M, so it is not a unit of R. ✷ − ∈ 1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S 9

1.3 Euclidean Domains, P.I.D.’s and U.F.D.’s

In this section we want to recall some properties of the polynomial ring R[x], where R is a commutative ring with identity; in particular, we will consider the case where R is a field and there is only one indeterminate. Primitive polynomials, in a polynomial ring with coefficients from a Galois field Fq, will be dealt with in Chapter 2. Given a ring R, the polynomial ring R[x], with coefficients from R and one indeterminate x, is the extension of R by the element x, transcendent over R (see, for example, [3] for a more detailed discussion on algebraic and trascendent elements over a ring R). Using induction on the number of indeterminates, we can define the polynomial ring R[x1, . . . , xn] (take the inductive construction as (R[x1, . . . , xn−1])[xn]). The structure of R[x] is strictly related to that of R.

Proposition 1.3.1 Let R be a commutative ring with identity.

1. R[x] is an integral domain if and only if R is.

2. Let f(x) = n a xk R[x]. The polynomial f(x) is a unit in k=0 k ∈ R[x] if and only if a is a unit and a , . . . , a are nilpotent in R. P 0 1 n 3. f(x) R[x] is a nilpotent element in R[x] if and only if a , . . . , a ∈ 0 n are nilpotent.

4. f(x) R[x] is a zero-divisor if and only if there exists an element ∈ 0 = a R such that af(x) = 0. 6 ∈ Proof: 1. Obvious. 2. f(x) is a unit if and only if there exists a polynomial g(x) = b0 + ... + b xm R[x] such that f(x)g(x) = 1. This means: m ∈

a0b0 = 1 a b = a b (1.3) 0 1 − 1 0 a b = (b a + + b a ), 2 k n, 0 k − k−1 1 ··· 0 k ≤ ≤ i.e. a U(R). We want to show that the given polynomial f(x) admits 0 ∈ an inverse. ) By using (1.3) and the fact that a is a unit, we can explicitly deter- ⇐ 0 mine the polynomial g(x), with

b = a−1, b = a a−2, b = a2a−2 a a−1,... 0 0 1 − 1 0 2 1 0 − 2 0 10 CHAPTER 1. NOTIONS IN RING THEORY and so on. Since a1, . . . , an are nilpotent, this algorithm is ﬁnite. ) Consider f(x) R[x] a unit; therefore, from (1.3) it follows that ⇒ ∈ a U(R). By observing that a b = 0 and by using the polynomial 0 ∈ n m equation f r+1g = f r, we get, by induction on r, that

r+1 an bm−r = 0.

n Hence an is nilpotent in R (as b0 is a unit). This implies that anx is nilpotent in R[x]. What we need now is the general result that the sum of a nilpotent element and a unit is a unit. Let A be a ring, a A nilpotent and u U(A). Denote by k the ∈ ∈ nilpotency class of a (i.e. k is the smallest integer such that ak = 0); the element

b := u−1 au−2 + a2u−3 a3u−4 + ... + ( 1)k−1ak−1u−k − − − is the inverse of u + a; thus, u + a is a unit. In our case, the polynomial f(x) a xn = a + ... + a xn−1 is a − n 0 n−1 unit in R[x]. Induction on n shows that a1, . . . , an−1 are nilpotent. 3. ) As f(x) is nilpotent, 1 + f(x) is a unit in R[x]. By 2., a , . . . , a ⇒ 1 n are nilpotent in R whereas (1 + a0) U(R). Hence, for n large enough, n n ∈ f = 0 implies that a0 = 0, so a0 is nilpotent too. ) If n IN is such that anj = 0, 0 j n, and n 2, by putting ⇐ j ∈ j ≤ ≤ j ≥ n n := ( n ) n, j − jX=0 we have f(x)n = 0. In fact, f(x)n is a linear combination, with integral coeﬃcients, of products of the form

r0 r1 rt rn kt a0 a1 . . . at . . . an x , such that n r = n, for each 0 k nn. Since we can not simul- j=0 j ≤ t ≤ tanously have r < n , for each j, each of these products is zero. P j j 4. f(x) R[x] is a zero-divisor if there exists a polynomial g(x) R[x] ∈ ∈ such that fg = 0; choose g(x) of smallest degree with respect to this property and let g(x) = b + + b xm. Then a b = 0; therefore, 0 ··· m n m ang(x) = 0 since ang(x) is a polynomial such that deg(ang) < deg(g) and (a g)f = 0. By induction on r, 0 r n, a g(x) = 0; by n ≤ ≤ n−r choosing a = b0 we get the statement. The converse is obvious. ✷ 1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S 11

All we have observed can be extended to the ring R[x1, . . . , xn]. If we wish to consider polynomial division in R[x], we must restrict the divisors to polynomials with leading coeﬃcient a unit, for example monic divisors. Therefore, divisibility is easy in [x], where is a ﬁeld; in this situation, K K most properties that hold in the ring of integers extend in a natural way (Euclidean alghoritm, ideal structure, etc.).

Definition 1.3.2 A commutative ring R is called a Euclidean domain if, for all a, b R, b = 0, there exist q, r R such that a = bq + r and ∈ 6 ∈ v(r) < v(b), where v : R Z+ is a map, called a valuation, which −→ satisfies the following: (i) v(a) = 0 a = 0; ⇔ (ii) v(ab) v(a)v(b), for a, b = 0. ≥ 6 Both Z and [x] are examples of Euclidean domains; indeed, in the K first case the relevant valuation is the absolute value function

: Z Z+ | | −→ whereas, in the second one it is the map

v : [x] Z+ K −→ deﬁned by v(f(x)) := 2deg(f(x)), with the assumption deg(0) := . −∞ Observe that, from its deﬁnition, it immediately follows that a Eu- clidean ring R is an integral domain (with identity). Recall that a commutative ring R with identity is a principal ideal ring if each proper ideal I R is principal, i.e. there exists b R such ⊂ ∈ that I = (b). In particular, when R is an integral domain, R is called a principal ideal domain (P.I.D.). Proposition 1.3.3 Let R be a Euclidean domain, then it is a principal ideal domain. Proof: If I = 0 or I = R, then I = (0) or I = (1). Next, let I = 0 { } 6 { } be an ideal of R. There exists, at least, an element 0 = a I; choose 6 ∈ m I such that v(m) v(i), for each i I. Since i = mq + r, with ∈ ≤ ∈ q, r R and v(r) < v(m), and r = i mq I, it follows that r = 0, ∈ − ∈ hence i = mq, for each i I. This means I = (m). ✷ ∈ The units of a Euclidean domain can be characterized in terms of their valuation; in fact, the elements with the smallest valuation are 12 CHAPTER 1. NOTIONS IN RING THEORY all the units of R. Another familiar example of a Euclidean domain is Z[i], the ring of the Gauss integers, where the valuation is the usual complex norm; the invertible elements are the 4th-roots of unity. For further reading in valuation theory, the reader is referred, for example, to [17]. The rings Z, [x], Z[i] are examples of Euclidean domains but, K also, of principal ideal domains (see Prop. 1.3.3.). To get the general setting, we consider divisibility in an integral domain.

Deﬁnition 1.3.4 Given a, b R we say that a divides b (in symbols ∈ a b) if there exists q R such that b = qa. An equivalent deﬁnition | ∈ is that (b) (a). In this situation, b is called a multiple of a and a is ⊆ called a divisor of b. If a b and b a, then these elements are called | | associates. If a 1, then a is a unit, i.e. a has an inverse. | In Z the units are +1, 1, whereas in [x] they are the non-zero − K polynomials of degree 0.

Deﬁnition 1.3.5 An element a R∗ is called a prime if a bc implies ∈ | that a b or a c. | | An element a R∗ is called irreducible if a = bc implies that either ∈ a b, i.e. a and b are associates and c is a unit or, conversely, a c, | | thus b is a unit.

From the deﬁnition it follows that a prime is an irreducible element. The converse is false, in general. We can consider, for example, the ring Z[√ 5] C, where Z[√ 5] := a + b√ 5 a, b Z . The element − ⊂ − { − | ∈ } 3 is irreducible but not a prime, since 3 21 = (4 + √ 5)(4 √ 5) | − − − but 3 does not divide any of these two factors. On the other hand, in Z each irreducible element is a prime, so the prime numbers are all the irreducible elements of Z.

Deﬁnition 1.3.6 A domain R is called a Unique Factorization Do- main or a U.F.D. if (i) every a R has a representation a = ǫa a , where ǫ U(R) and ∈ 1 ··· n ∈ a R are irreducible, 1 i n; i ∈ ≤ ≤ (ii) if a = ǫa a = ηb b , where ǫ, η U(R) and the a , b are 1 ··· n 1 ··· m ∈ i j irreducible elements of R, 1 i n, 1 j m, then m = n and b is ≤ ≤ ≤ ≤ i associated with a , σ S = Sym(n) and 1 i n. σ(i) ∈ n ≤ ≤ The factorization in R is up to associates. As a consequence of the deﬁnition, it can be proved that in a U.F.D. R each irreducible element is a prime ([1]). 1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S 13

Remark In a U.F.D. it makes sense to define a greatest common divisor (g.c.d.) and a least common multiple (l.c.m.) but, in general, we loose the uniqueness of these elements. Observe that in Proposition 1.3.3. we established a connection between two different classes of rings; more precisely, we have proved that if a ring R is a Euclidean domain, then it is a P.I.D. There are examples of P.I.D.’s which are not Euclidean domains ([58]); expecially in Number Theory (see, for example, [48], [59] or [70]), one can find quadratic fields that are not Euclidean domains. To be more precise, we have to introduce some definitions. We focus, for a moment, on number fields; recall that a complex number is called an algebraic number if it satisfies some polynomial equation f(x) = 0, where f(x) Q[x]. In particular, ∈ an algebraic number ξ is called an algebraic integer if it satisfies a polynomial equation of the form

f(x) = xn + c xn−1 + + c = 0, 1 ··· n where c Z, for all 1 i n 1. Now, we are interested in quadratic i ∈ ≤ ≤ − fields which are, by definition, number fields of degree 2 over Q. One can show that every quadratic field is of the form = Q(√d), where d is a K square-free integer, positive or negative but not equal to 1; moreover, the algebraic integers of a quadratic field form a ring (this is a consequence of a more general result in algebraic number fields; for more details, see [59]). Denote by I( ) = Z[√d] the ring of the algebraic integers of ; K K then is said to be Euclidean if I( ) is a Euclidean domain. K K Exercise First of all, show that if m is an integer such that m 1 mod 4, ≡ then the algebraic integers of Q(√m) are all numbers of the form

1 + √m a + b( ), 2 where a, b Z. After this, consider m = 19. From the step above, it ∈ − follows that the subring of the complex numbers

1 + i√19 R := a + b( ) a, b Z { 2 | ∈ } is the ring of the algebraic integers of the imaginary quadratic ﬁeld Q(√ 19). Prove that R is a P.I.D. which is not a Euclidean domain. − (The second part is exercise n. 8, page 141 in [35]). Therefore Euclidean domains are a proper subclass of P.I.D.’s. We would like to ﬁnd an analogous relation between P.I.D.’s and U.F.D.’s. Proposition 1.3.7 If R is a P.I.D., then R is a U.F.D. 14 CHAPTER 1. NOTIONS IN RING THEORY

Proof: Standard result of basic Algebra. See, for example, [1] or [31]. ✷ We will show that the converse is not true by providing an example of a unique factorization domain which is not principal. To do this, we need to consider factorization in R[x], where R is not a ﬁeld, but, a U.F.D. A fundamental property of P.I.D.’s is the following

Theorem 1.3.8 In a P.I.D., R, prime ideals are maximal ideals and they are generated by irreducible elements.

Proof: If R is a P.I.D., then it obviously is a commutative ring with identity. Take an ideal I R, then ⊂ I maximal I prime; this implication is Proposition 1.2.7. ⇒ We have to show the converse, i.e. I prime I maximal; since R is principal, there exists a R such ⇒ ∈ that I = (a); therefore, if bc I, then b I or c I, that is a b ∈ ∈ ∈ | or a c, and hence a is a prime element. Since R is a P.I.D., and so a | U.F.D., a is irreducible. Therefore, all the prime (principal) ideals of R are generated by irreducible (or, equivalently, prime) elements. Let J be an ideal of R such that I J R; choose J = (b), hence ⊆ ⊆ (a) (b) (1) a (b) b a. ⊆ ⊆ ⇒ ∈ ⇒ | Since a is irreducible, either 1. b and a are associates, hence they differ by a unit; or 2. b is a unit. In case 1., (a) = (b) (i.e. I = J); in case 2., (b) = R, because b is a unit, hence J = R. This implies the maximality of I. ✷ This theorem has an interesting consequence for the ring [x], where K is a field. In fact, [x] is an elementary example of a Euclidean domain, K K hence of a P.I.D. This means that, if I [x] is a proper ideal, then there ⊂ K exists a polynomial f(x) [x] such that I = (f(x)); this polynomial ∈ K is, in general, not uniquely determined since, if f(x) generates I, then also af(x), where a ∗, is a generator of I. If we choose only monic ∈ K generators, given a proper ideal (0) = I [x], there exists a unique 6 ⊂ K monic polynomial f(x) = xn +a xn−1 + +a [x] s.t. I = (f(x)). n−1 ··· 0 ∈ K We recall that an element α is called algebraic over if there exists K a polynomial h(x) [x] such that h(α) = 0. In this sense, we can ∈ K associate with an algebraic element α, over a field , an ideal in [x], K K denoted by Iα, defined as follows:

I := g(x) [x] g(α) = 0 , α { ∈ K | } 1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S 15 which is the kernel of the valuation morphism: ϕ : [x] α K −→ F f(x) f(α), −→ where is an extension of that, as a ﬁeld, contains α. What we F K have observed ensures us that there exists a uniquely determined monic polynomial f (x) [x] such that (f (x)) = I ; this polynomial is α ∈ K α α called the minimal polynomial of α over . Its degree is said to be K the degree of the algebraic element α and it is the least degree of all the polynomials belonging to the ideal Iα.

Proposition 1.3.9 The minimal polynomial fα(x) of an algebraic element α over is irreducible, as an element of [x]. Conversely, if K K f(x) is a monic, irreducible polynomial in [x], then it is the minimal K polynomial of all its roots, i.e. each of its roots is algebraic over . K Proof: ) Suppose that f (x) is reducible; hence f (x) = h(x)k(x), ⇒ α α such that the degrees of these polynomials are positive integers, strictly less than deg(fα(x)). Since 0 = fα(α) = h(α)k(α), either h(α) = 0 or k(α) = 0. This contradicts the minimality of

deg(fα(x)) = Ming(x)∈Iα deg(g(x)). ) If f(x) [x] is an irreducible polynomial and α is one of its roots, ⇐ ∈ K then f(x) I . We want to show that I = (f(x)). Obviously, I = ∈ α α α (h(x)), for some non-constant polynomial h(x), so f(x) is a multiple of h(x). This means that f(x) and h(x) are associates, because f(x) is irreducible; hence, they differ by a unit a ∗, so they generate the ∈ K same ideal. ✷ We would like to find a unique expression for the elements of the simple extension of by an algebraic element α, which we denote by K = ( , α). We get the following: F K i 2 ֒ K → F i1 idF ↓ϕ l [x] α , K → F where i1 and i2 are the inclusion morphisms and ϕα is the valuation morphism defined before. Since α is algebraic over , Ker(ϕ ) = 0 . K α 6 { } More precisely, Ker(ϕ ) = (f (x)) [x] is a maximal ideal, since the α α ⊂ K minimal polynomial of α is irreducible over . From the Homomorphism K Theorem, we get [α] = [x]/(f (x)) (1.4) K ∼ K α 16 CHAPTER 1. NOTIONS IN RING THEORY where [α] is the subring of of all the polynomials, of degree less than K F deg(f (x)), in the element α and with coefficients from . Its quotient α K field (α) = Q( [α]) coincides with ; but [α] is again a field, since K K F K (fα(x)) is a maximal ideal. This means that = [α] = (α). F K K Isomorphism (1.4) also determines a way to exhibit the elements of the algebraic extension (see [3] for further reading about trascendental and algebraic extensions). Proposition 1.3.10 If α is algebraic over , each element of the exten- K sion (α) can be uniquely expressed as a polynomial in α with coefficients K from and with degree strictly less than that of the minimal polynomial K of α over . K Proof: See, for example [3], [28] or [31]. ✷ We recall that if is a field extension, can be viewed as a - K ⊂ F F K vector space and the degree of the extension, denoted by [ : ], is F K its dimension. If we consider a simple algebraic extension of the form (α), K ⊂ K we can restate Proposition 1.3.10; if n = deg(fα(x)), where fα(x) is the minimal polynomial of α over , the set 1, α, α2, . . . , αn−1 forms a K { } basis of (α) over ; in particular, [ (α): ] = n, i.e. the degree of a K K K K simple algebraic extension equals the degree of the minimal polynomial of the algebraic element used to construct the extension. In general, it is possible to show that, if is a field extension and [ : ] is finite, K ⊂ F F K then: (i) each element a is algebraic over , i.e. the extension is ∈ F K algebraic; (ii) the degree of the minimal polynomial of each a divides ∈ F [ : ]. F K We do not want to go too deep into the theory of algebraic extensions, since it is not the aim of this book; in Chapter 2, we consider again algebraic extensions in the particular case of finite fields, only to construct the Galois fields GF (q), where q = pn. For further information on this theory, the reader is referred to [17] or [64]. Finally, recall that one of the most important theorems in the theory of number fields is the Fundamental Theorem of Algebra ([17] or [64]), which shows that the complex field C, unlike IR or Q, is algebraically closed, i.e. each polynomial P (x) C[x] admits, over C, a ∈ factorization in linear terms. In this sense the complex field is the algebraic closure of IR. We want to generalize these ideas by giving a general 1.3. EUCLIDEAN DOMAINS, P.I.D.’S AND U.F.D.’S 17 definition, which does not depend on the fact that we have to consider number fields.

Definition 1.3.11 A field is called algebraically closed if each K polynomial in [x] splits in factors of degree one or, equivalently, if each K polynomial has a root in . K Therefore, given a field , we denote by its algebraic closure ([17], K K [64]), that is a field extension such that is algebraic over and K ⊂ K K K is algebraically closed. K We note an important property of algebraically closed fields. Proposition 1.3.12 If is algebraically closed, then it has infinite car- K dinality. Proof: The statement follows from a simple argument. Given an arbitrary field , [x] contains an infinite number of monic and irreducible F F polynomials (the proof of this fact is the same used to show that Z contains an infinite number of primes). In fact, [x] contains some irre- F ducible polynomial (x + a, where a ). If f (x), . . . , f (x) were all ∈ F 1 n the monic, irreducible polynomials in [x], then the polynomial F n h(x) := ( fi(x)) + 1 iY=1 would be monic, distinct from each fj(x) and irreducible, since not di- visible by any of them. Therefore, there exists an infinite number of such polynomials; now, when is algebraically closed, the only irreducible polynomials are of K the form x + a, such that a ; this implies that the cardinality of is ∈ K K infinite. ✷ Up to now we have seen how easy is to deal with the polynomial ring [x], expecially to determine the algebraic or trascendental extensions of K , since this polynomial ring is an example of a Euclidean domain. We K loose all this if we consider more than one indeterminate; for example, in the ring [x, y] the ideal I = (x, y) is a maximal ideal, since the quotient K ring is the field , but it is not a principal ideal. K Exercise Prove that in the ring Q[x, y] the ideal (x2 y, y + x3) is not − principal. However, [x, y] is obviously Noetherian. K Definition 1.3.13 A ring R is said to be Noetherian if each ideal is finitely generated. 18 CHAPTER 1. NOTIONS IN RING THEORY

The polynomial ring R[x1, . . . , xn], where R is a Noetherian ring, is again a Noetherian ring. This fact follows, by induction on the number of indeterminates, by observing that, for n 2, ≥

R[x1, . . . , xn] = (R[x1, . . . , xn−1])[xn], and from a well known result called the Hilbert Basis theorem. Theorem 1.3.14 If R is a Noetherian ring with identity and if x is an indeterminate, then R[x] is Noetherian. The proof of this result is a bit technical; we refer the reader to Commutative Algebra texts (see, for example [5], [17] or [55]). We should point out that this fundamental result has an important interpretation in Algebraic Geometry; in fact the Krull dimension of a Noetherian ring is strictly related to the (geometric) dimension of the affine scheme it determines. For more details, see [23] or [30]. Other examples where we loose the advantage of having P.I.D.’s are the rings of the form Z [x], where m = p. Even if we have only one m 6 indeterminate, the coefficient ring is not a field; more precisely, it is not an integral domain. Such a polynomial ring is neither Euclidean nor principal, but is Noetherian, since Zm is principal. Z[x] is another example of a ring which is not principal, even if Z is a P.I.D. It is a useful exercise to see why. Consider x Z[x], which is ∈ an irreducible element in the polynomial ring. The ideal it generates is obviously prime; if Z[x] were a P.I.D., then, by Theorem 1.3.8, (x) would be a maximal ideal; this is obviously false, since Z[x]/(x) ∼= Z is not a field. On the other hand, an ideal of the form (x, a), a Z 0, 1 , ∈ \{ ± } is maximal in Z[x] if and only if a = p is a prime (prove this!). Such an ideal can not be principal in Z[x]. Observe that in the extension of Z to Z[x] we loose the property of being a P.I.D.; therefore it is natural to ask if the property of being a U.F.D. is preserved. To answer this question, we have to recall before some general facts.

Definition 1.3.15 Given a U.F.D. R, let R[x] be the polynomial ring n i with coefficients from R. Let f(x) = i=0 aix be a polynomial in R[x]. Define c(f) := g.c.d.(a , a , . . . , a ). Then, f(x) = c(f)f˜(x), where 0 1 nP c(f˜(x)) = 1 or a unit in R. f˜(x) is called a primitive polynomial.

We want to remark that this definition is known in the literature as the Gauss definition of a primitive polynomial and it is a fundamental tool in Commutative Algebra. There is another definition of primitive 1.4. FACTORIZATION IN ZP N [X]. 19 polynomial, completely unrelated to the previous one which is widely used in Finite Field Theory. We will introduce this important notion later on (see Definition 2.2.7) and show how such polynomials play a central role in the Galois field theory. In this section, we restrict ourselves to recalling the Unique Factorization Theorem:

Theorem 1.3.16 R is a U.F.D. if and only if R[x] is a U.F.D. By induction on the number of indeterminates, R[x1, . . . , xn] is a U.F.D.

This theorem is a consequence of an important lemma that belongs to the ”almost inﬁnite” class of lemmas known as ” Gauss Lemma”.

Lemma 1.3.17 Let f(x), g(x) R[x], then c(fg) = c(f)c(g); equiva- ∈ lently, if = Q(R) is the quotient ﬁeld of the domain R, f(x) R[x] K ∈ factors in [x] if and only if it factors in R[x]. K The proofs of these propositions are standard results of elementary Al- gebra (see, for example, [1] which pays special attention to Euclidean domains and U.F.D.’s). In conclusion, the ring Z[x] is an example of a U.F.D. that is neither a P.I.D., nor a Euclidean domain, so this proves that the class of P.I.D.’s is a proper subclass of the class of the U.F.D.’s. The natural question, at this point, is to ask if there exist domains that are not U.F.D.; the answer is aﬃrmative, in fact we have already considered the ring Z[√ 5] C, − ⊂ where 3 is an irreducible element that is not a prime; therefore, Z[√ 5] − is an integral domain which is not a U.F.D.

1.4 Factorization in Zpn [x].

In Chapter 3 we shall deal with finite local rings, since we will show that each finite, commutative ring with identity can be uniquely expressed as a direct sum of finite local rings. After this result, we shall discuss polynomial rings with coefficients from a commutative local ring, where most notions of the previous section loose their meanings, since prime elements, irreducible elements, etc. make no sense. We try to extend, in a sensible way, most of what we observed up to now. A useful approach consists of first considering concrete cases of the form Zpn [x], where p is a prime and n is a positive integer, n 1. ≥ We already noted, in Section 1.2, that the structure of the rings Zpn is quite special: (i) if n = 1, the ring Zp is the Galois field with p elements and U(Zp) = Z∗ = Z 0 ; p p \{ } 20 CHAPTER 1. NOTIONS IN RING THEORY

n (ii) if n > 1, the ring Zpn , of characteristic p , is not a domain, since it contains zero-divisors; more precisely, it is a local ring where the maximal ideal coincides with Nil(Zpn ) (see (1.1)), therefore all the zero-divisors are nilpotent. It is easy to realize that the residue field is Zpn /Nil(Zpn ) ∼= Zp. The aim of this section is to clarify some properties of the ring Zpn , since it is a particular case of a Galois ring. In the ring of the residues n n−1 modulo p , the element p Z n generates the ideal 0, p, 2p, . . . , p(p ∈ p { − 1) , which we denote by pZ n Z n . This ideal is a maximal one, since } p ⊂ p the quotient ring is isomorphic to the Galois field of order p. We can divide the elements of Zpn in two different classes: one contains the units of this ring and the other is formed by the non-invertible elements which, in Zpn , are precisely the nilpotent elements. This second class coincides with the nilradical of Zpn , i.e. pZpn . If we consider the canonical epimorphism

ϕ : Z n Z n /pZ n = Z , (1.5) p −→ p p ∼ p

by deﬁnition, its kernel is precisely pZpn . This result, even if very immediate, is of fundamental importance for many reasons. First of all, the isomorphism Z n /pZ n = Z justiﬁes the fact that an element u Z n p p ∼ p ∈ p can be uniquely written in the form:

u := u + u p + u p2 + + u pn−1, (1.6) 0 1 2 ··· n−1 where u Z , 0 i n 1 (see [11] or [17], which devote an entire i ∈ p ≤ ≤ − section to p adic numbers). This expression is analogous to the one − we have in the ring of integers, when we find a b-adic expression of its elements, b Z+. ∈ We can ”justify” the operations in the ring Zpn , as coming from the usual operations in Z with the p adic expression of its elements, but − with the essential difference that we have to stop at the (n 1)-st power − of p and use the condition pk = 0, if k n, in the calculation of the sum ≥ and the product of two arbitrary elements of the ring Zpn . This first remark allows to immediately determine the units of Zpn .

Proposition 1.4.1 An element u Z n , expressed as in (1.6), is a unit ∈ p if and only if u = 0. 0 6 Proof: This is a straightforward consequence of the Euclidean algorithm. ✷ 1.4. FACTORIZATION IN ZP N [X]. 21

Furthermore, the isomorphism Zpn /pZpn ∼= Zp lifts to the polynomial rings Zpn [x] and Zp[x] providing an epimorphism. More precisely, com- posing the epimorphism ϕ, deﬁned in (1.5), with the inclusions into the respective polynomial rings, yields the following diagram:

ϕ Z n Z p → p in i1 ↓µ ↓ Z n [x] Z [x] p → p hence µ is an epimorphism between the two polynomial rings. On the one hand, we have the ring Zpn [x], that is a Noetherian ring, on the other hand Zp[x] is a Euclidean domain; the basic idea is to transfer some properties of the ring Zp[x] to Zpn [x], whenever possible. In Chapter 3 we shall generalize this approach to an arbitrary local ring.

Deﬁnition 1.4.2 A polynomial f(x) Z n [x] is called regular if it is ∈ p not a zero-divisor in this polynomial ring. A regular polynomial f(x) is a unit in Z n [x] if there exists a regular polynomial h(x) Z n [x] such p ∈ p that f(x)h(x) = 1. A polynomial f(x) is irreducible in Zpn [x] if it is not a unit and, whenever f = gh, then either g or h is a unit (see [56]).

One can give an analogous definition by considering the epimorphism µ, defined above; in fact, we have a more general result, which we will prove later on. Result Given a commutative, local ring with identity, with residue field , and a regular polynomial f(x) R[x] then: K ∈ (i) If µ(f(x)) [x] is irreducible, as an element of a Euclidean domain, ∈ K then f(x) R[x] is irreducible, in the sense of the definition above. ∈ (ii) If f(x) R[x] is irreducible, then µ(f(x)) = kg(x)n, where k ∗, ∈ ∈ K g(x) [x] is a monic, irreducible polynomial and n IN. ∈ K ∈ (iii) If denotes the set of all polynomials in R[x] such that µ(f(x)) D has distinct roots in the algebraic closure of , then f(x) R[x] is K ∈ D ⊂ irreducible if and only if µ(f(x)) [x] is. ∈ K For the time being, let q = pn, n > 1, and h (x) Z [x] be a monic, 1 ∈ p irreducible polynomial of degree m, which divides xk 1 in Z [x], where − p k = pm 1. One can prove that there is a unique monic, irreducible − polynomial h (x) Z [x] (in the sense of Definition 1.4.2) such that n ∈ q h (x) h (x) mod p (1.7) n ≡ 1 k and hn(x) divides x 1 in Zq[x]. Therefore, we have a bijection between − k the irreducible factors of x 1 over Z n and those over Z . This result − p p 22 CHAPTER 1. NOTIONS IN RING THEORY plays a central role in studying cyclic codes over Zq (see, for example, [11]). The basic tool of this analysis is the integral version of Hensel’s Lemma. We will give the general statement of this result in 3.2.6 (see [54] and [56]).

Theorem 1.4.3 (Integral version of Hensel’s lemma, see [19] or [52]). Let p be a prime and k 1 a positive integer; suppose u(x), f(x), ≥ and g(x) are monic polynomials in Z[x] such that f(x) and g(x) are relatively prime modulo p and

u(x) f(x)g(x) (mod pk). ≡ It is possible to uniquely determine two monic polynomials f (x), g (x) 1 1 ∈ Zpk+1 [x], relatively prime modulo p, which satisfy the following congru- ences: (i) f(x) f (x) (mod pk), ≡ 1 (ii) g(x) g (x) (mod pk), ≡ 1 (iii) u(x) f (x)g (x) (mod pk+1). ≡ 1 1 Proof: We want to explicitely ﬁnd two monic polynomials f˜ (x), g˜ (x) 1 1 ∈ Z[x] of the form k f˜1(x) = f(x) + p v(x), k g˜1(x) = g(x) + p w(x),

such that, if f1(x) and g1(x) are the reduced polynomials of f˜1(x) and k+1 g˜1(x) modulo p , they satisfy (i) and (ii). First of all, we can observe that for each integer s Z, ∈ spk (mod pk+1) = (s (mod p))pk; therefore, we can assume the polynomials v(x), w(x) have coeﬃcients in 0, . . . , p 1 . Condition (iii) yields { − } u(x) f (x)g (x) f˜ (x)˜g (x) (mod pk+1), ≡ 1 1 ≡ 1 1 k 2k where f˜1(x)˜g1(x) = f(x)g(x) + (w(x)f(x) + v(x)g(x))p + v(x)w(x)p . Since k 1, so that 2k k + 1, this last congruence becomes ≥ ≥ u(x) f (x)g (x) = f(x)g(x) + (w(x)f(x) + v(x)g(x))pk (mod pk+1). ≡ 1 1 Therefore,

u(x) f(x)g(x) (w(x)f(x) + v(x)g(x))pk (mod pk+1) − ≡ 1.4. FACTORIZATION IN ZP N [X]. 23 and, by hypothesis, u(x) f(x)g(x) 0 (mod pk); setting c(x) = − ≡ u(x)−f(x)g(x) Z[x] gives pk ∈ c(x) w(x)f(x) + v(x)g(x) mod p. ≡ Since f(x) and g(x) are relatively prime modulo p, there exist two polynomials a(x), b(x) Z[x] such that ∈ a(x)f(x) + b(x)g(x) 1 mod p. ≡ It follows that c(x) c(x)a(x)f(x) + c(x)b(x)g(x) mod p, so, by putting ≡ w(x) c(x)a(x) mod p and v(x) c(x)b(x) mod p we get ≡ ≡ w(x)f(x) + v(x)g(x) c(x) mod p. (1.8) ≡ Because of the choice of c(x) Z[x], we have deg(c(x)) < deg(f(x)) + ∈ deg(g(x)), hence, w.l.o.g., we can assume that w(x), v(x) satisfy the inequalities deg(v(x)) < deg(f(x)) and deg(w(x)) < deg(g(x)). These polynomials v(x), w(x) Z[x] are uniquely determined, since if there ∈ existed v (x), w (x) Z[x] satisfying (1.8) such that deg(w (x)) < 1 1 ∈ 1 deg(g(x)), deg(v1(x)) < deg(f(x)) and their coeﬃcients belonged to 0, . . . , p 1 (as for v(x) and w(x)), then { − } (w(x) w (x))f(x) (v(x) v (x))g(x) mod p. − 1 ≡ − − 1 Since deg(w(x) w (x)) < deg(g(x)) and g.c.d.(f(x), g(x)) 1 mod − 1 ≡ p, we deduce that w(x) = w1(x) and, analogously, v1(x) = v(x). This implies that f1(x) and g1(x) are uniquely determined as polynomials in Zpk+1 [x]; moreover, they are monic polynomials as

k f˜1(x) = f(x) + p v(x) and

k g˜1(x) = g(x) + p w(x), with deg(v(x)) < deg(f(x)) and deg(w(x)) < deg(g(x)), so the leading coeﬃcient of f1(x)(g1(x)) is the same as that of f(x)(g(x)). If we consider a(x)f (x) + b(x)g (x) = t(x) Z[x], then 1 1 ∈ t(x) a(x)f(x) + b(x)g(x) 1 mod p ≡ ≡ which shows that f1(x) and g1(x) are relatively prime modulo p. ✷ As an application of the previous lemma, we are now able to determine the desired polynomial h (x) Z [x] in (1.7). In [11] a more n ∈ q constructive approach is used for determining such a polynomial. 24 CHAPTER 1. NOTIONS IN RING THEORY

Theorem 1.4.4 Let n > 1. If h (x) Z [x] is a monic, irreducible 1 ∈ p polynomial which divides xk 1, with k = pr 1 and r = deg(h (x)), − − 1 then there exists a unique monic, irreducible polynomial hn(x) Zpn [x] k ∈ which divides x 1 in Z n [x] and is congruent to h (x) modulo p. − p 1 Proof: For m > 1, suppose we already determined a monic polynomial h (x) Z m [x], irreducible over Z m , such that m ∈ p p h (x) h (x) mod p, m ≡ 1 and h (x) xk 1 m | − in Zpm [x]. Next we show how to construct, by starting from this hm(x), a unique k irreducible, monic polynomial h (x) Z m+1 [x] which divides x 1 m+1 ∈ p − in Zpm+1 [x]. By Hensel’s Lemma, we ﬁnd a polynomial h(x) Zpm+1 [x] m ∈ of the form h(x) = hm(x) + p g(x). Let α be a root of hm(x) and β a corresponding root of h(x) of the form β = α + pmδ. It follows k m k that α = 1 + p ǫ, since h (x) divides x 1 in Z m [x]; moreover, m − p βp = (α + pmδ)p = αp and βkp = (α + pmδ)kp = (1 + pmǫ)p = 1. Hence the monic polynomial, whose roots are the p th powers of the − roots of h(x), divides xk 1 and these roots coincide, modulo pm, with − those of h (x). This polynomial is the required polynomial h (x) m m+1 ∈ Zpm+1 [x]; in fact, it is irreducible, by construction. Also, it is uniquely determined; indeed, let h(x) and h′(x) be two distinct polynomials which determine two distinct hm+1(x) and let β and γ be roots of h(x) and h′(x) respectively, such that β γ (mod pm). ≡ This means that β = γ + pmδ; therefore, βk = γk = 1, βp = γp so ( β )p = ( β )k = 1. Since k = pr 1 and p are relatively prime, β = γ; γ γ − hence h(x) = h′(x). ✷ Note that the previous proof of the existence and uniqueness of this polynomial is a constructive one, based on induction on the integer m > 1, and is related to the ”Hensel lifting” from Zpm to Zpm+1 . A shorter way to ﬁnd the ”lifting” polynomial of h1(x) in (1.7) is the following. Let h (x) Z [x] be a monic polynomial of the form h (x) = xr + 1 ∈ p 1 a xr−1 + + a , a Z , 0 i r 1. Assume θ is a root of r−1 ··· 0 i ∈ p ≤ ≤ − h (x), in some extension (ring) of Z , then θr = a θr−1 a , 1 p − r−1 − · · · − 0 i.e. θr = (p a )θr−1 + + (p a ). The following polynomial − r−1 ··· − 0 h˜ (x) := xr + (pn p + a )xr−1 + + (pn p + a ) n − r−1 ··· − 0 1.4. FACTORIZATION IN ZP N [X]. 25 is a polynomial in Z[x] which determines a polynomial h (x) Z n [x] n ∈ p such that h (x) h (x) mod p; moreover, if h (x) is irreducible in Z [x], n ≡ 1 1 p then so is hn(x) in Zpn [x], since µ(hn(x)) = h1(x). Remark The fact that h (x) h (x) mod p implies that the epimor- n ≡ 1 phism µ : Z n [x] Z [x] (1.9) p −→ p is consistent with the canonical quotient morphisms: π Z [x] 1 Z [x]/(h (x)), p −→ p 1 πn Z n [x] Z n [x]/(h (x)). p −→ p n Therefore, a morphism of quotient rings is determined

µ˜ Z n [x]/(h (x)) Z [x]/(h (x)). (1.10) p n −→ p 1 If we consider a suitable irreducible polynomial h (x) Z [x], of 1 ∈ p degree r, which determines the ﬁeld extension

Z F r = Z (θ) := Z [x]/(h (x)), p ⊂ p ∼ p p 1 we have an epimorphismµ ˜ from the commutative ring Zpn [x]/(hn(x)), n of characteristic p , and the finite field Fpr . Observe that the quotient ring Zpn [x]/(hn(x)) is a local ring, with maximal ideal p(Zpn [x]/(hn(x)) (the image of the maximal ideal pZ n Z n under the morphism π i , p ⊂ p n ◦ n where in πn ,(((Z n ֒ Z n [x] Z n [x]/(h (x p → p −→ p n and residue field Fp.

3 Example 1.4.5 Take p = 2 and n = 3. Let h1(x) = x + x + 1, so F = Z [x]/(x3 + x + 1) = a + bθ + cθ2 a, b, c F , 8 ∼ 2 { | ∈ 2} where θ3 = θ + 1, i.e. F = 0, 1, θ, θ2, 1 + θ, 1 + θ2, θ + θ2, 1 + θ + θ2 . 8 { } By the above computations, we have h˜ (x) = x3+(8 2+0)x2+(8 2+1)x+(8 2+1) = x3+6x2+7x+7 Z[x] 3 − − − ∈ and h (x) = x3 + 6x2 + 7x + 7 Z [x] 3 ∈ 8 such that µ(h3(x)) = h1(x). Thus we have the epimorphism Z [x]/(x3 + 6x2 + 7x + 7) F . 8 → 8 26 CHAPTER 1. NOTIONS IN RING THEORY

Rings of this kind are the main subject of our work; they are called Galois rings, since they are Galois extensions (in a sense we will specify) of local rings of the form Z n . On the other hand, the polynomial h (x) p 1 ∈ Fp[x] is a very special kind of irreducible polynomial, called a primitive polynomial, where primitive is meant in the Finite Field Theory sense (see Deﬁnition 2.2.7.). This brief discussion clariﬁes how we will approach the study of Galois rings in the sequel (see Chapter 6); more precisely, we will focus on the epimorphisms of the form

µ˜ Z n [x]/(h (x)) Z (θ) = F r , p n −→ p ∼ p determined, via the Hensel lifting, by primitive polynomials used for field extensions of the form F F r , r > 1. Therefore, the problem of p ⊂ p studying Galois rings is translated into the analysis ofµ ˜ and what kind of properties these epimorphisms transfer from a finite field to a Galois ring (when this makes sense). Chapter 2

FINITE FIELD STRUCTURE

In this chapter, we will recall some of the most fundamental properties of finite fields or, equivalently, Galois fields, in order to point out the main differences between them and Galois rings (see Chapter 6). For more details the reader is referred to some basic texts on Finite Fields, as [51] and [57]. Finite fields are a fundamental tool in many applications, as Finite Geometries (for example, [33]), Shift Register Sequences ([39]) and Cod- ing Theory (for example, [4]).

2.1 Basic Properties

We recall that a field is a non empty set, F, such that: (i) < F, + > is an abelian group; (ii)< F∗, > is an abelian group; · (iii) for all a F, 0a = 0; ∈ (iv) for all a, b, c F, a(b + c) = ab + ac. ∈ In the case of a finite field, in condition (ii) abelian is not necessary, since, by Wedderburn’s theorem (which will be recalled at the end of this chapter), the commutativity descends from the finiteness of the field. As we already observed in Chapter 1, we have the following

Proposition 2.1.1 The characteristic of a ﬁnite ﬁeld F is a prime p.

By the previous proposition, the prime ﬁeld of F is isomorphic to the ﬁeld of the integers modulo p, i.e. Zp. In particular, if F = Zp, then both the additive and multiplicative groups of F are cyclic groups

27 28 CHAPTER 2. FINITE FIELD STRUCTURE of order p and p 1, respectively. In general, if Z F, the additive and − p ⊂ multiplicative groups have completely different structures. Since for each a F, pa = 0, < F, + > is an elementary abelian ∈ p-group; therefore, it is isomorphic to a (finite) direct sum, where each summand is isomorphic to < Z , + >, i.e. F = Z ... Z = Zn, for p ∼ p ⊕ ⊕ p ∼ p some n. It is straightforward to deduce that F = pn. Thus | | Proposition 2.1.2 The cardinality of a finite field F is a prime power. Obviously, since an elementary abelian p-group can be considered as a vector space over Zp, a finite field F is always a finite-dimensional algebra over its prime field. Since F = pn, the multiplicative order of each element of F must | | n divide pn 1; then ap −1 = 1, for all a F∗. One can ”easily” determine − ∈ the order of each element in F∗, since the structure of this group is well-known. Theorem 2.1.3 The multiplicative group of a finite field is a cyclic group. Proof: The proof of this fact is a bit technical and not in the scope of this book; the interested reader is referred to, for example,[50] or [51]. ✷ It is useful to observe that also the converse of this result is true. Proposition 2.1.4 Assume that F is a field, with F∗ a cyclic group, then F is finite. Proof: If the characteristic of F were zero, then the multiplicative group of Q, the prime field of F, would be cyclic, which is absurd. If the characteristic of F is a prime, then F is finite. Suppose the contrary; hence, F∗ would be isomorphic to the group of integers < Z, + >, which contains no subgroups of finite order. This is a contradiction, since F∗ does contain a cyclic subgroup of order p 1 (if we suppose that − char(F) = p), formed by the non-zero elements of its prime field. ✷ Since the multiplicative group of a finite field is cyclic, there exists n an element α in F∗ such that αp −1 = 1. Such an element is called a primitive element of F (see, also, [24], [39], [51]) and its minimal polynomial is called a primitive polynomial (Definition 2.2.7). Therefore, it is possible to represent the elements of F in the following form

F = 0, αj : 0 j pn 2 , { ≤ ≤ − } n with αp −1 = 1. From now on, we shall denote a ﬁnite ﬁeld, of order pn, n either by Fpn or by GF (p ). 2.2. CHARACTERIZATION OF FINITE FIELDS 29

2.2 Characterization of Finite Fields

In the previous section we deduced the basic properties of a finite field as consequences of its definition and of some elementary results of group theory. Here, the existence and the uniqueness (up to isomorphisms) of finite fields will be discussed.

Remark 2.2.1 It is well known that, if A is a commutative ring with identity and M is a maximal ideal in A, then the quotient ring A/M is a field (see Prop. 1.2.5). Assume A = Z [x] and f(x) A is a polynomial p ∈ of degree n, irreducible over Zp; we proved (see Section 1.3) that f(x) generates a maximal ideal in Zp[x]. Therefore, Zp[x]/(f(x)) is a finite field of order pn; moreover, denote by α a formal root of f(x), i.e. α is not an element in Zp, but f(α) = 0, and consider the following set: Z (α) := a + a α + + a αn−1 a Z , f(α) = 0, 0 i n 1 . p { 0 1 ··· n−1 | i ∈ p ≤ ≤ − } As in Section 1.3, the map

ϕ : Z [x]/(f(x)) Z (α), p −→ p deﬁned by ϕ a + a x + + a xn−1 + (f(x)) a + a α + + a αn−1, 0 1 ··· n−1 → 0 1 ··· n−1 is an isomorphism, so that the set Zp(α) is endowed with a ﬁeld structure.

Remark 2.2.1 is very important, since each finite field may always be viewed as a simple extension of Zp, Zp(α), for some prime p and α not in Zp. On the other hand, to prove the existence of a finite field F, one can consider F as the splitting field of a suitable polynomial over its prime field.

Lemma 2.2.2 If F is a finite field,with q = pn elements, and if we consider the polynomial xq x, as a polynomial in Z [x], then in F[x] − p xq x = (x a). − F − aY∈ In particular, F is the splitting field of xq x over Z . − p Proof: See [51]. ✷ Corollary 2.2.3 Let p be a prime. Then

(p 1)! 1 (mod p). − ≡ − 30 CHAPTER 2. FINITE FIELD STRUCTURE

Proof: This corollary is known, in the literature, as Wilson’s theorem; our proof is based more on finite field theory. In fact, consider the polynomial xp−1 1; from Lemma 2.2.2, we get that − xp−1 1 = (x a). − ∗ − aY∈Zp On the other hand, the constant term of the polynomial on the right hand side is (p 1)!, whereas the one on the left hand side has constant − term equal to 1; therefore, (p 1)! = 1 in Z . ✷ − − − p We reached the most important theorem of this section, which shows the existence and uniqueness of finite fields ([51]).

Theorem 2.2.4 For each prime p and each positive integer n, there exists a unique finite field with pn elements. Moreover, each finite field n of order pn is isomorphic to the splitting field of the polynomial xp x − over Zp.

n Proof: Let F be the splitting ﬁeld of the polynomial xp x over Z − p and consider the set

n S := a F ap a = 0 . { ∈ | − } S is obviously a field, over which the given polynomial completely factors, since S contains all its roots. Consequently, S = F. Since the formal n derivative (see Section 3.4) of P (x) = xp x, in Z [x], is P ′(x) = 1, − p − the field S has cardinality equal to pn. For the uniqueness, observe that F, being a finite field, contains Zp as n its prime field; by Lemma 2.2.2, F is the splitting field of P (x) = xp x − over Zp. ✷

Remark 2.2.5 Note that the argument used in Remark 2.2.1, for the construction of a finite field F, provides a way to find the splitting field of the given polynomial f(x) (consequence of Theorem 2.2.4).

Example 2.2.6 Let Z = 0, 1, 1 be the finite field of order 3 and 3 { − } take x2 + 1 Z [x]. Since the given polynomial is irreducible over Z , ∈ 3 3 Z [x]/(x2 + 1) = Z (α) = a + a α a Z , 3 ∼ 3 { 0 1 | i ∈ 3} where α2 = 1, is a finite field of order 9. By Theorem 2.2.4, Z (α) is − 3 the Galois field of order 9. Observe that

Z (α) = 0, 1, 1, α, 1 + α, 1 + α, 1 α, 1 α, α 3 { − − − − − − } 2.2. CHARACTERIZATION OF FINITE FIELDS 31 is the splitting field of the given polynomial over the prime field Z3, since α and α, which are the roots of the polynomial, belong to this − ∗ extension. Moreover, by Theorem 2.1.4, Z3(α) is a cyclic group of order 8; therefore, there exists an element, say ω, such that ω8 = 1 and ωs = 1, 6 for all s strictly less than 8. One can easily verify that, by choosing ω = 1 + α, Z (α)∗ =< ω ω8 = 1 > . 3 ∼ | In order to concretely ”work” with a finite field, it is convenient to n extend Zp with a primitive element in GF (p ) which is a root of a suitable polynomial . Definition 2.2.7 A polynomial f(x) F [x], of degree n > 1, is called ∈ q a primitive polynomial over Fq if it is the minimal polynomial (see Section 1.3) over Fq of a primitive element of Fqn (see Section 2.1 and [39], [51]). Remark We recall that this definition of primitive polynomial in finite fields is completly unrelated to the Gauss one (Definition 1.3.15).

Example 2.2.8 Let K = GF (3) and f(x) = x2 x 1 K[x]. The − − ∈ field F := K[x]/(f(x)) is, again, a finite field of order 9. In this case, a formal root of the given polynomial, say ω, is a primitive element of F. Therefore, x2 x 1 is a primitive polynomial over K and − − ω2 = ω + 1 ω3 = ω + 1 ω4 = 1 − − ω5 = ω ω6 = ω 1 ω7 = ω 1 − − − − ω8 = 1.

Now, the natural question is if every finite field can be determined as in Remark 2.2.1. To this end, let F be a finite field of order pn and a F∗. We showed, in Section 1.3, that a non-zero element in F can be ∈ considered as a root of a monic polynomial m(x), with coefficients from the prime field, say K F, such that m(x) is irreducible over K. ⊂ Lemma 2.2.9 Let p be a prime and q = ps. If ω is a primitive element of Fqm over Fq, then ω is a root of a polynomial of degree m, irreducible over the subfield Fq. Proof: The elements 1, ω, ω2, . . . , ωm , as vectors of the F - vector { } q space F m , are linearly dependent over F , i.e. there exist a F , q q i ∈ q 0 i n, such that ≤ ≤ a + a ω + + a ωm = 0. 0 1 ··· m 32 CHAPTER 2. FINITE FIELD STRUCTURE

2 m Consider f(x) = a0 + a1x + a2x + ... + amx . This polynomial belongs to Fq[x] and its degree is m; moreover, it is irreducible over Fq. In fact, if we suppose the contrary, we would have

f(x) = g1(x)g2(x), with g (x) F [x], 1 i 2, 0 < r = deg (g (x)) < deg (f(x)), hence, i ∈ q ≤ ≤ i i gi(ω) = 0, for some i = 1, 2. This means

ωri = ci + + ci ωri−1, 0 ··· ri−1 ci F , 0 j r 1, which would imply that F < qm, a contradic- j ∈ q ≤ ≤ i − | | tion. ✷

n Theorem 2.2.10 Let Fq, q = p , be the finite field of order q and let ω be a primitive element of Fq. Then, the field Fq is isomorphic to the field Z (ω) := a + a ω + ... + a ωn−1; a Z p { 0 1 n−1 i ∈ p} with f(ω) = 0, where f(x) is a polynomial in Zp[x], chosen as in Lemma 2.2.9.

Proof: By Lemma 2.2.9, f(x) generates a maximal ideal in Zp[x]; hence, Fp[x]/(f(x)) ∼= Zp(ω). On the other hand, since deg(f(x)) = n, the quotient ring has pn elements, therefore, the statement follows from Theorem 2.2.4. ✷

2.3 Galois Field Automorphisms

From Section 2.1 it follows that the prime field of a Galois field can be identified with Zp. What about other subfields of finite fields?

Theorem 2.3.1 Let F be a finite field of order pn, p a prime. A subset K, such that 0, 1 K, which is closed under the two operations, is a ∈ subfield of F if and only if K = ps, with s n. Moreover, K is uniquely | | | determined by its order.

Proof: Suppose that K is a subfield of F. This implies that the additive group of K is an elementary abelian group of order ph, with h n. On ≤ the other hand, since the multiplicative group of K is a subgroup of F∗, ph 1 must divide pn 1, hence h n. − − | Conversely, suppose that K is a subset of F, which contains zero and has cardinality ps, where s divides n. By hypothesis, K∗ is a subgroup 2.3. GALOIS FIELD AUTOMORPHISMS 33 of the cyclic group F∗, so its order divides pn 1. This means that, s − for each α K∗ F∗, αp −1 = 1. Consequently, K is determined by ∈ ⊆ s the elements α of F such that αp = α. On the other hand, one can easily verify that these elements form a field; hence, K is a subfield of F. The uniqueness of K follows from the uniqueness of the cyclic subgroup determined by one of the divisors of F∗ . ✷ | | Example 2.3.2 Consider K = F = 0, 1 and the polynomial x2 + 2 { } x + 1 F [x]. So we can construct the field F = F = 0, 1, ω, ω2 ∈ 2 4 { | ω2 = ω + 1 . Next, take the primitive polynomial x2 + x + ω F[x] } ∈ (verify!) and β such that β2 = β + ω. Then,

GF (16) := 0, βj; 1 j 15 ; { ≤ ≤ } moreover, β5 = ω and β10 = ω2. This implies that 0, 1, β5, β10 is { } the subﬁeld of order 4, isomorphic to GF (4). Moreover, in GF (24), we have the following chain of subﬁelds

0 GF (2) GF (4) GF (16). { } ⊂ ⊂ ⊂ Remark In Example 2.3.2, the field GF (16) is obtained by two subsequent extensions, starting from GF (2). On the other hand, one can directly construct it by considering the polynomial x4 + x + 1 Z [x], ∈ 2 irreducible over GF (2). From Theorem 2.2.4 it follows that these two fields are isomorphic. This remark can be generalized to the case of an arbitrary prime p; therefore, the field Fpn can be directly constructed from Fp, or by iterating extensions. Recall that an automorphism φ of a field F onto F is a bijection of F such that : (i) φ(a + b) = φ(a) + φ(b), a, b F; ∀ ∈ (ii) φ(ab) = φ(a)φ(b), a, b F∗. ∀ ∈ It is clear that the set of all the automorphisms of F is a group (with respect to the composition of maps). Obviously, φ(0) = 0 and φ(1) = 1. Consequently,

Proposition 2.3.3 Each automorphism of a field F fixes elementwise its prime field.

Proof: If we denote by K the prime ﬁeld of F, then, for each k ∈ K, φ(k) = kφ(1) = k (observe that kφ(1) means φ(1) + + φ(1), k ··· summands). ✷

Corollary 2.3.4 The automorphism group of GF (p) is trivial. 34 CHAPTER 2. FINITE FIELD STRUCTURE

Proof: The statement follows from Proposition 2.3.3, since F = K = Zp. ✷ Assume that F is a ﬁnite ﬁeld of order q = pn, p a prime; then, it is

possible to describe the group AutFp (Fq).

Theorem 2.3.5 If F = Fpn , then its automorphism group (over Fp) is isomorphic to the cyclic group of order n.

Proof: Let ω be a primitive element of F and consider the following maps, k φ : x xp , x F k −→ ∀ ∈ with 0 k n 1. It is straightforward to check that each φ is an ≤ ≤ − k isomorphism. Observe that φ0 is the identity map, whereas φ1 is called the first Frobenius automorphism ([39]). These automorphisms form n a group which is isomorphic to the cyclic group of order n, since φ1 (x) = n xp = x, for each x F. To complete the proof, it is sufficient to show ∈ that each automorphism of F is of the form φ , for some k 0, . . . n 1 . k ∈ { − } By Lemma 2.2.9, the primitive element ω is a root of a polynomial f(x) F [x] of degree n and irreducible over F . If f(x) = a + +a xn, ∈ p p 0 ··· n f(ω) = a + + a ωn = 0; then a + a φ(ω) + + a φ(ωn) = 0. 0 ··· n 0 1 ··· n Therefore, φ(ω) is a root of f(x); we get the statement by observing k that the roots of the polynomial f(x) are all of the form ωp , with 0 ≤ k n 1. ✷ ≤ − The elements φ (α), 1 k n, are called the conjugates of α over k ≤ ≤ F , where α F n . p ∈ p Obviously, if the field Fpn contains subfields other than its prime field, it makes sense to define the automorphism group of Fpn over Fps , with s n, as the set of all the automorphisms of F n , which fix the | p s n subfield Fp elementwise. We will denote this group by AutFps (Fp ).

n Theorem 2.3.6 The group AutFps (Fp ) is isomorphic to the cyclic group n of order s .

n n Proof: This group is obviously cyclic, since AutFps (Fp ) AutFp (Fp ). ⊆h Moreover, since Fps is a subﬁeld of Fpn , Fps = 0, 1, β 1 h pn−1 { | ≤ ≤ s s− p 2 , where β = ω p 1 and ω is a primitive element of Fpn . For an − } pk element of AutF (F n ), β = β, 1 k n, hence ps p ≤ ≤ n− n− p 1 k p 1 (ω ps−1 )p = ω ps−1 .

n n It follows that p −1 pk p −1 (mod pn 1), i.e. pk 1 (mod ps 1), ps−1 ≡ ps−1 − ≡ − which means k = sr. There exist exactly as many automorphisms as 2.3. GALOIS FIELD AUTOMORPHISMS 35 the number of integers r such that 1 sr n, with s > 1. Thus, ≤ ≤ n the cardinality of AutFps (Fp ) equals the number of integers r such that n 1/s r n/s, i.e. s . ≤ ≤ ✷

Example 2.3.7 The automorphism group of GF (24) over GF (2) is isomorphic to the cyclic group of order 4. If ω is a primitive element of GF (24), then

AutF (F ) := φ = id , φ , φ , φ 2 16 { 0 GF (16) 1 2 3} where 4 φ0(ω) = ω φ2(ω) = ω 2 8 φ1(ω) = ω φ3(ω) = ω

This group is generated by the automorphism φ1 and the subﬁeld of GF (16), isomorphic to GF (4), contains the elements 0, 1, ω5, ω10 ; { } therefore, AutF4 (F16) is formed by φ0 and φ2.

There would be more than one hundred of important aspects and properties of finite fields that one could recall as, for example, the trace and the norm of an element, cyclotomic polynomials, cyclotomic extensions and so on ([24], [39]), but it is beyond the scope of this text. We will briefly recall cyclotomic polynomials in Chapter 3, in order to study the local decomposition of particular finite rings. We end this section by recalling Wedderburn’s theorem, which was proved, for the first time, in 1905. From that date, many proofs of this theorem were given. They are mainly based on group theory or linear algebra (see [39] or [51]). We recall that a division ring (or skew-field) A is an integral domain with identity whose multiplicative group < A∗; > is not abelian. · Theorem 2.3.8 (Wedderburn’s theorem) A finite division ring is a field. Proof: See [51]. ✷ By this theorem, all results for finite fields are true for all finite division rings. A similar result is the following.

Theorem 2.3.9 Every ﬁnite integral domain is a ﬁeld.

Proof: Assume that a , a , . . . , a are the elements of the ﬁnite { 1 2 n} integral domain, R. For a ﬁxed non-zero element a R, consider all the ∈ products aa , aa , . . . , aa . These are distinct, for if aa = aa , then { 1 2 n} i j a(a a ) = 0, and since a = 0 we must have a = a . It follows that each i − j 6 i j 36 CHAPTER 2. FINITE FIELD STRUCTURE element of R is of the form aa ; in particular, there exists h 1, . . . , n j ∈ { } such that 1R = aah. Since R is commutative, we have also 1R = aha, −1 then ah = a . Thus, the non-zero elements of R form an abelian group with respect to the multiplication. ✷ This result will play a fundamental role in the next chapter. Chapter 3

FINITE COMMUTATIVE RINGS. REGULAR POLYNOMIALS

In this chapter we want to analyze the structure of finite, commutative rings with identity. We shall prove that any such ring can be uniquely expressed as a direct sum of finite local rings. Next, we shall study the polynomial ring R[x], where R is a local ring with maximal ideal M and residue field = R/M; our attention will be K focused to particular polynomials, the so called regular polynomials. They will play a fundamental role in Galois ring theory.

3.1 Finite Commutative Ring Structure

All through this chapter, R will denote a finite, commutative ring with identity. Local rings were defined in 1.2.9. Here it will be shown they are the ”bricks” of the whole theory of finite, commutative rings with identity. The main ideas of this section follow [56]. Let I ,I ,...,I be proper ideals of a ring R; I and I , 1 j = k 1 2 n j k ≤ 6 ≤ n, are said to be relatively prime ideals if Ij + Ik = R, where I + I := a + b a I b I . j k { | ∈ j ∧ ∈ k} Consider the ring homomorphism Φ: R R/I R/I (3.1) −→ 1 ⊕ · · · ⊕ n such that Φ(r) := (r + I1, . . . , r + In),

37 38 CHAPTER 3. FINITE COMMUTATIVE RINGS for each r R. ∈ Proposition 3.1.1 Let R be a ﬁnite, commutative ring with identity.

1. If I and I , 1 j = k n, are relatively prime ideals of R, then j k ≤ 6 ≤ n n Ij = Ij, j\=1 jY=1

where n I := x1 xj xn xj I , 1 j n . j=1 j { i i ··· i ··· i | i ∈ j ≤ ≤ } Q P 2. If I and I are relatively prime, so are Im and Im, for all m IN. j k j k ∈ (Recall that, if J is an ideal of R, J m is its m-th power, i.e. the ideal generated by the elements x x , where x J, 1 k 1 ··· m k ∈ ≤ ≤ m.)

3. The ring homomorphism Φ in (3.1) is injective if and only if n j=1 Ij = 0. T 4. The ring homomorphism Φ is surjective if and only if Ij and Ik are relatively prime, 1 j = k n. ≤ 6 ≤ Proof:

1. We prove the statement in the case of two ideals and then use induction on their number. If I1,I2 are relatively prime ideals of R, then I I = h R h I h I 1 ∩ 2 { ∈ | ∈ 1 ∧ ∈ 2} is a proper ideal of R. Similarly, I1I2 is a proper ideal of R, such that I I = x y x I , y I . 1 2 { i i | i ∈ 1 i ∈ 2} Xi The trivial inclusion is I I I I . (Note that, in general 1 2 ⊆ 1 ∩ 2 this is a proper inclusion; in fact, if we take, for example, R = Z and I = (6),I = (10) then (60) = I I I I = (30)). 1 2 1 2 ⊂ 1 ∩ 2 For the converse, since I1 and I2 are relatively prime, there exist x I and y I such that 1 = x + y. So, if r I I , then ∈ 1 ∈ 2 ∈ 1 ∩ 2 r = r 1 = r x+r y I I . Observe that this is a generalization of · · · ∈ 1 2 what occurs in the ring of integers, when we consider proper ideals (m) and (n), with m and n relatively prime integers. 3.1. FINITE COMMUTATIVE RING STRUCTURE 39

2. By hypothesis, I and I are relatively prime, so there exist x I j k j ∈ j and x I such that x + x = 1. This means that 1 = 1 1 = k ∈ k j k · (x + x ) (x + x ) = x2 + x2 + 2x x ; there are two possibilities: j k · j k j k j · k - if x x = 0, then it immediately follows that R = I2 + I2; j · k j k - otherwise, 2x x = (2x +2x ) x x = 2x2x +2x x2 I2 +I2; j · k j k · j · k j k j k ∈ j k thus, as before, 1 I2 + I2. ∈ j k By the same argument one can prove the statement by induction on m.

3. Φ(r) = 0 if and only if r Ij for all j 1, . . . , n . The statement ∈n ∈ { } follows from Ker(Φ) = j=1 Ij. 4. The Homomorphism TheoremT gives the following commutative diagram: R Φ R/I R/I −→ 1 ⊕ · · · ⊕ n π i ↓∼ ↑ R/Ker(Φ) = Im(Φ). ←→ If Φ is an epimorphism, then i is an isomorphism. This implies there exists an element x R such that Φ(x) = (1, 0,..., 0); this ∈ means that x 1 (mod I ), x 0 (mod I ), 2 k n, so ≡ 1 ≡ k ≤ ≤ 1 = (1 x) + x I + I , k = 1. Therefore, (I ,I ) is a relatively − ∈ 1 k 6 1 k prime ideal pair, for k 2, . . . , n . More generally, this is true for ∈ { } all pairs (I ,I ), with 1 j = k n. j k ≤ 6 ≤ Conversely, if any pair of ideals (Ij, Ik) is a relatively prime ideal n n pair, from 1. we get Ker(Φ) = j=1 Ij = j=1 Ij. From the Homomorphism Theorem it follows that the ring R/Ker(Φ) is iso- T Q morphic to a subring of R/I R/I , hence the statement by 1 ⊕ · · · ⊕ n observing that these two rings have the same cardinality. ✷

Deﬁnition 3.1.2 An element e of a ring R is called an idempotent element if e2 = e. Two idempotent elements of R, e and f, are said to be orthogonal if ef = 0 (see, for example, [5] or [56]).

Proposition 3.1.3 Let R be a ﬁnite, commutative ring with identity. The following are equivalent: 1. R is isomorphic to a direct sum of subrings R , 1 j n. j ≤ ≤ 2. There exist orthogonal idempotent elements ej, j 1, . . . , n , n ∈ { } such that 1 = i=1 ej and Rj ∼= ejR. P 40 CHAPTER 3. FINITE COMMUTATIVE RINGS

3. R is a direct sum of proper ideals I = R , 1 j n. j ∼ j ≤ ≤ Proof: 1. 2.: There exist e R , for all j 1, . . . , n , such that 1 = n e . ⇒ j ∈ j ∈ { } i=1 i If we consider e as an element of the whole ring R, then e = n e e , k k jP=1 k j which means e e = δ e , where δ is the Kronecher symbol; so the k j kj k kj P e ’s, 1 j n, are idempotent orthogonal elements of R. Moreover, R j ≤ ≤ j is the principal ideal of R generated by ej. 2. 3.: By the step above, every R is an ideal of R. ⇒ j 3. 1.: Obvious. ✷ ⇒ We are now able to prove the main theorem of this section. Theorem 3.1.4 A ﬁnite, commutative ring with identity, R, can be expressed as a direct sum of local rings. This decomposition is unique up to permutation of direct summands.

Proof: Let P1,P2,...,Pn be the prime ideals of R, i.e. Spec(R) = P ,...,P . Since R/P is a ﬁeld (Proposition 1.2.6 and Theorem { 1 n} i 2.3.9), these are maximal ideals of R, therefore Spec(R) = Specm(R). Consequently, the Jacobson radical (cf. Section 1.2) coincides with the nilradical of R. From the maximality of P , 1 j n, it follows that j ≤ ≤ every ideal pair (Pj,Pk), 1 j = k n, is a relatively prime ideal n n ≤ 6 ≤ pair of R, so j=1 Pj = j=1 Pj. Since J(R) is a nilpotent ideal, there exists a positive integer m such that J(R)m0 = 0 . Deﬁne the ring T Q 0 { } homomorphism

Φ : R R/P m0 R/P m0 0 −→ 1 ⊕ · · · ⊕ n in the obvious way. What we proved in Proposition 3.1.1 ensures us that m0 Φ0 is an isomorphism, because any two of the ideals Pj , 1 j n, n m0 n m0 ≤ m≤0 are relatively prime and Ker(Φ0) = j=1 Pj = j=1 Pj = J(R) = 0 . This ring isomorphism determines a bijection between the proper T Q { } m0 ideals of the ring R/Pj , 1 j n, and the ideals of R (properly) m0 ≤ ≤ containing Pj . Since Pj is the unique maximal ideal of R such that m0 m0 Pj Pj R, it follows that R/Pj is a local ring with maximal ideal ⊂m0 ⊂ Pj/Pj . Assume there are two distinct decompositions of R as a direct sum of local rings, R = n R = m S . ⊕j=1 j ⊕k=1 k Then there exist orthogonal idempotent elements e R and f S , j ∈ j k ∈ k 1 j n, 1 k m, such that ≤ ≤ ≤ ≤ n m 1 = ej = fk. jX=1 kX=1 3.1. FINITE COMMUTATIVE RING STRUCTURE 41

Each proper summand Rj is isomorphic to a local ring Rej; similarly, each Sk is a local ring of the form Rfk. Therefore, none of the elements ej and fk is a sum of two or more proper idempotent elements; in fact, in general, a local ring does not contain idempotent elements different from 0 and 1, because its Jacobson radical is the maximal ideal. Thus ej = m k=1 ejfk, so there exists an integer kj s.t. ej = ejfkj and, analogously, there exists an integer j s.t. f = f e , 1 j n, 1 k m . This P k k k jk ≤ ≤ ≤ ≤ means that e = e f = e f e , j j kj j kj jkj so j = j as the elements e are mutually orthogonal. An obvi- kj { j}1≤j≤n ous one-to-one and onto correspondence between the sets e and { j}1≤j≤n f shows that m = n and e = f . ✷ { k}1≤k≤m j kj This theorem is one of the most important results in the theory of finite, commutative rings, since it allows to reduce our analysis to the irreducible components which have a very simple structure. We want to consider a few simple (but fundamental) examples of local summand decomposition of finite rings. Examples 1. The simplest case of a finite, commutative ring is the ring of integers modulo m, for a fixed positive integer m, denoted by Zm. The Funda- mental Theorem of Arithmetic asserts that m has a unique prime factorization of the form

m = pn1 pnk , 1 ··· k where p is a prime, and p = p for 1 j = s k and n IN, j j 6 s ≤ 6 ≤ j ∈ 1 j k. From the Chinese Remainder Theorem (see, for example, ≤ ≤ [49] page 94) we get the ring isomorphism

n n Zm = Zp 1 Zp k , ∼ 1 ⊕ · · · ⊕ k which is the local summand decomposition of Zm. r 2. Let q be a power of a prime l, q = l , and Fq[x] the polynomial ring over the Galois field F . Consider a polynomial f(x) = pt1 (x) ptm (x), q 1 ··· m where t Z+ and p (x) F [x] is an irreducible polynomial, 1 j m. j ∈ j ∈ q ≤ ≤ Thus, (f(x)) is not maximal (prime, as in any Euclidean domain an ideal is maximal iff it is prime). However, pj(x) Fq[x] generates a maximal ∈ tj ideal Ij = (pj(x)) Fq[x], 1 j m, and its power Ij is the ideal tj ⊂ ≤ ≤ (pj (x)). By defining the ring epimorphism

Φ: F [x] (F [x]/(pt1 (x))) (F [x]/(ptm (x))), q −→ q 1 ⊕ · · · ⊕ q m 42 CHAPTER 3. FINITE COMMUTATIVE RINGS we get that Ker(Φ) = (f(x)). The ring Fq[x]/(f(x)) factors in the direct tj tj sum of local rings Fq[x]/(pj (x)), with maximal ideal (pj(x))/(pj (x)) and t t residue field = (F [x]/(p j (x)))/((p (x))/(p j (x))) = F [x]/(p (x)), Kj q j j j ∼ q j 1 j m, respectively. ≤ ≤ 3. Let p be a prime and n a positive integer such that p does not divide (n) n. We denote by Fp the n-th cyclotomic field over Fp, that is the splitting field (over F ) of the polynomial xn 1 F [x]. Its roots are p − ∈ p called the n-th roots of unity over Fp. One can show (see, also, [32], [39], [51]) that xn 1 = (x 1)Q (x), − − n where Q (x) F [x] factors into φ(n) distinct monic irreducible polyno- n ∈ p d mials of the same degree d, where φ is the Euler function φ(n) := 1 k n g.c.d.(k, n) = 1 , | { ≤ ≤ | } | (n) and Fp is the splitting field of any such irreducible factor, so that (n) [Fp : Fp] = d (note that the n-th primitive roots of unity number φ(n)). There are two possibilities: (i) if d = φ(n), Qn(x) is an irreducible polynomial over Fp, so the quo- φ(n) tient ring Fp[x]/(Qn(x)) is the Galois field Fq, where q = p . φ(n) (ii) If d is a proper divisor of φ(n), let k = d be the number of distinct irreducible factors of Qn(x). Then, k k (Qn(x)) = (fj(x)) = (fj(x)), j\=1 jY=1 where f (x) is an irreducible factor of Q (x), 1 j k. If we consider j n ≤ ≤ the epimorphism in (3.1) Φ: F [x] F [x]/(f (x)) F [x]/(f (x)), p −→ p 1 ⊕ · · · ⊕ p k then Ker(Φ) = (Qn(x)). Thus the quotient ring Fp[x]/(Qn(x)) is isomorphic to a direct sum where each summand is a field. 4. We can generalize the previous example to the case Zqn [x]. For p−1 simplicity, consider now the polynomial Q (x) = x + + 1 Z n [x] p ··· ∈ q such that n > 1 and p and q distinct primes. The natural epimorphism

π : Z n Z = F q −→ q ∼ q extends to a polynomial ring epimorphism µ, yielding the following commutative diagram: π Z n Z q −→ q i1 i2 ↓µ ↓ Z n [x] Z [x]. q −→ q 3.1. FINITE COMMUTATIVE RING STRUCTURE 43

Obviously, the cyclotomic polynomial Q (x) Z [x] can be viewed as p ∈ q a polynomial in Zqn [x]; thus, we obtain an epimorphism between the quotient rings µ˜ Z n [x]/(Q (x)) Z [x]/(Q (x)). q p −→ q p What we have seen in the previous examples enables us to distinguish between two different situations. If the polynomial Q (x) F [x] is irreducible over F , then the p ∈ q q quotient ring Fq[x]/(Qp(x)) is the finite field Fqp−1 ; let ξ be a formal root of this cyclotomic polynomial, considered as an element of Zqn [x]. The quotient ring Zqn [x]/(Qp(x)) is the Galois extension Zqn [ξ] of the n ring Z n , which is the Galois ring GR(q , p 1) (see Chapter 6). The q − epimorphismµ ˜, from the (Galois) ring Zqn onto the Galois field Fqp−1 , shows that Zqn [x]/M ∼= Fqp−1 , where M = qZqn [ξ] is the maximal ideal of the local ring. So, if the cyclotomic polynomial Qp(x) is irreducible over Fq, Zqn [ξ] is a local ring. On the other hand, if Q (x) F [x] splits in k = p−1 irreducible p ∈ q d factors, say f1(x), . . . , fk(x), which are monic polynomials of degree d, then the quotient ring is a direct sum of fields, each of which is an algebraic extension of degree d of Fq, i.e.

F [x]/(Q (x)) = (F [x]/(f (x))) (F [x])/((f (x))) = . q p ∼ q 1 ⊕· · ·⊕ q k K1 ⊕· · ·⊕Kk There is a bijection between these ﬁelds and the direct summands of the Z n [x]/(Q (x)) decomposition, which associates with the Galois ring q p Ki Z n [ξ ], where ξ is a formal root of f (x) Z n [x], 1 i k. Therefore, q i i i ∈ q ≤ ≤ this last decomposition is Z n [ξ ] Z n [ξ ], where each summand q 1 ⊕ · · · ⊕ q k is the Galois ring GR(qn, d). We end this section by considering a general fact about local ring decompositions. Let R = R R be the local ring decomposition of 1 ⊕· · ·⊕ n a ﬁnite, commutative ring with identity, R. The following two statements are easy exercises (left to the reader): 1. U(R) = U(R ) U(R ); 1 × · · · × n 2. R[x] factors as a direct sum of proper summands; precisely,

n R[x] = Ri[x]. Mi=1 Proposition 3.1.5 Let R be a ﬁnite, commutative ring with identity and R R be its local summand decomposition. 1 ⊕ · · · ⊕ n n 1. If I is a proper ideal of R, then I = j=1 Ij, where each Ij is an ideal of the ring R . Moreover, I is a maximal ideal in R if and j L 44 CHAPTER 3. FINITE COMMUTATIVE RINGS

only if I is the maximal ideal in R , for some k 1, . . . , n and k k ∈ { } I = R for j = k. j j 6 2. R contains non-trivial nilpotent elements if and only if Ri contains non-trivial nilpotent elements, for some i 1, . . . , n . ∈ { } 3. If R = R R with n 2, then R contains zero-divisors. 1 ⊕ · · · ⊕ n ≥ 4. If m is the characteristic of the ring R , 1 i n, then char(R) = i i ≤ ≤ m = l.c.m.(m1, . . . , mn).

Proof: 1. If I is an ideal of R, then Ij = I Rj is an ideal in ; Rj, 1 j n n ∩ ≤ ≤ so, I = i=1 Ij. If I is a ; maximal ideal of R, R/I is a ﬁeld; there must exist a unique ; k 1, . . . , n such that I R = I is a proper ; ideal L ∈ { } ∩ k k in R , whereas R = I R , j = k; thus, I; = R I R k j ∩ j 6 ∼ 1 ⊕ · · · ⊕ k ⊕ · · · ⊕ n and ; R/I ∼= Rk/Ik is a ﬁeld; this implies that Ik is the ; maximal ideal in Rk. The converse is obvious. 2. If a R is a nilpotent element of R, then a must be contained in some ∈ maximal ideal of R. 1. proves the statement. The converse is obvious (Ri is a subring of R). 3. In the case n = 2 , the elements e1 = (1, 0) and e2 = (0, 1) are zero-divisors in R. The same argument holds for n > 2. 4. Let m be the least positive integer such that m(1,..., 1) = (0,..., 0). This equality implies that m m, 1 i n. From the minimality of i | ≤ ≤ m, m = l.c.m.(m1, . . . , mn) follows. ✷

3.2 Regular Polynomials in the Ring R[x]

In this section R will be a finite, commutative, local ring, with unique maximal ideal M and residue field = R/M. The canonical projection K π : R extends to a morphism of polynomial rings: −→ K µ : R[x] [x]. −→ K We try to generalize some topics, already considered in Chapter 1, by introducing, in particular, the notion of a regular polynomial (cf. also [56]). Before doing this, we recall that, if A is a commutative ring, an ideal I of A is said to be primary if I = A and, whenever xy I and 6 ∈ x I, yn I, for some positive integer n. Now we can make the following ∈| ∈ Definition 3.2.1 (see, for example, [56]) Let f and g be elements of R[x]; 3.2. REGULAR POLYNOMIALS IN THE RING R[X] 45

1. f is regular if it is not a zero-divisor;

2. f is primary if (f) is a primary ideal;

3. f and g are relatively prime if R[x] = (f) + (g).

We start by proving some variations of Proposition 1.3.1.

Proposition 3.2.2 Let f(x) = a + a x + + a xn be an element of 0 1 ··· n R[x]. The following conditions are equivalent: (i) f is a unit; (ii) µ(f) is a unit in [x]; K (iii) a0 is a unit in R and a1, . . . , an are nilpotent.

Proof: (i) (ii): If f is a unit, then there exists a polynomial g s.t. fg = 1. ⇒ Consequently, 1 = µ(1) = µ(fg) = µ(f)µ(g), so µ(f) is a unit. (ii) (iii): The only units in [x] are the constant polynomials µ(f) = c, ⇒ K so, by definition of µ, the coefficients a , 1 i n, must belong to M, i ≤ ≤ i.e. be nilpotent (R is a local ring). a0 is of the form a0 = c + h, where h is a nilpotent element and c is a unit; it follows that a0 is invertible. (iii) (i): This is an easy consequence of proposition 1.3.1 (2). ✷ ⇒ n Proposition 3.2.3 Let f(x) = a0 + a1x + ... + anx be a polynomial in R[x]. The following are equivalent: (i) f is nilpotent; (ii) µ(f) = 0; (iii) a0, . . . , an are nilpotent in R; (iv) f is a zero-divisor; (v) there exists an element a R 0 such that af(x) = 0. ∈ \{ } Proof: The implications (ii) (iii) and (iii) (iv) immediately follow ⇔ ⇔ from the fact that R is a finite, commutative, local ring; so, it suffices to verify that (iii) is equivalent to (i) and (v). By Proposition 1.3.1(3), f(x) is nilpotent if and only if its coefficients are nilpotent. The implication (iii) (v) easily follows from Proposition ⇒ 1.3.1(4) since, if f(x) is nilpotent, then it obviously is a zero-divisor. Conversely, suppose there exists a R 0 that verifies (v). This ∈ \{ } implies aa = 0 for all 0 i n, so that the a ’s are zero-divisors in R; i ≤ ≤ i hence, because of the structure of R, they are nilpotent. ✷

n i Proposition 3.2.4 Let f(x) = i=0 aix be a polynomial in R[x]. The following conditions are equivalent: P 46 CHAPTER 3. FINITE COMMUTATIVE RINGS

(i) f is regular; (ii) the ideal generated by a0, a1, . . . , an coincides with R; (iii) a is a unit in R for some i, 0 i n; i ≤ ≤ (iv) µ(f) = 0. 6 Proof: (i) (ii): This easily follows from 3.2.3(iii); in fact, a subscript i ⇒ ∈ 1, . . . , n must exist such that a is a unit in R. { } i (ii) (iii): Obvious. ⇒ (iii) (iv): Obvious. ⇒ (iv) (i): If µ(f) = 0, then f is not a zero-divisor in R[x] (see 3.2.3(iv)). ✷ ⇒ 6 We want to consider a useful proposition that will play a fundamental role in the proof of the generalized Hensel lemma. If A is an ideal of a ring R, we write A[x] to denote the subring of R[x] deﬁned by A[x] := a + a x + + a xn n 0, a A, 0 i n . { 0 1 ··· n | ≥ i ∈ ≤ ≤ } Proposition 3.2.5 Let R be a ﬁnite, commutative, local ring and M its maximal ideal. Then

1. M[x] = P ⊂R[x] P, where P is a prime ideal in R[x]; 2. M[x] = Tf(x) R[x] g(x)f(x) + 1 has an inverse, for all g(x) { ∈ | ∈ R[x] = J(R[x]). } Proof: 1. By 3.2.3, M[x] = f(x) R[x] f(x) nilpotent = Nil(R[x]). { ∈ | } From (1.1) the assertion follows. 2. Let f(x) M[x]; since M[x] is an ideal in R[x], g(x)f(x) is nilpotent, ∈ for every g(x) in R[x]. Therefore, M[x] J(R[x]). On the other hand, ⊆ if f(x) J(R[x]), where f(x) = n a xi , a R, then xf(x) + 1 has ∈ i=0 i i ∈ an inverse; by Proposition 3.2.2, a , . . . , a are nilpotent. ✷ P0 n Now we are able to generalize Hensel’s Lemma which we saw in Chap- ter 1 in the special case R = Zpn . Theorem 3.2.6 (Generalized Hensel’s Lemma.) Let f be an element of R[x], where R is a ﬁnite local ring, and let µ(f) = g g , 1 ··· n where g ,..., g [x] are pairwise relatively prime polynomials in the 1 n ∈ K Euclidean domain [x]. Then there exist polynomials g , . . . , g R[x] K 1 n ∈ such that 3.2. REGULAR POLYNOMIALS IN THE RING R[X] 47

1. g1, . . . , gn are pairwise relatively prime in R[x]; 2. µ(g ) = g , 1 i n; i i ≤ ≤ 3. f = g g . 1 ··· n Proof: By induction on n. For n = 2, we have

f = h1h2 + v, where v M[x] and µ(h ) = g , µ(h ) = g . Since g and g are ∈ 1 1 2 2 1 2 relatively prime if and only h1 and h2 are relatively prime in R[x], there exist λ1 and λ2 in R[x] such that

λ1h1 + λ2h2 = 1.

Putting h1,1 = h1 + λ2v,

h2,1 = h2 + λ1v, gives 2 h1,1h2,1 = f + λ1λ2v . Hence, f h h (mod v2), ≡ 1,1 2,1 with µ(hi,1) = µ(hi), i = 1, 2 and h1,1, h2,1 relatively prime. At this point we can repeat the argument, applying it to h1,1 and h2,1; by iteration, we can ﬁnd two polynomials h1,t and h2,t in R[x], for every positive integer t, such that f h h (mod v2t) ≡ 1,t 2,t and µ(hi,t) = µ(hi), i = 1, 2. We know that v M[x], therefore it is nilpotent. Hence, it is possible ∈ to choose a positive integer t0 such that

f = h1,t0 h2,t0 , with

µ(hi,t0 ) = µ(hi), i = 1, 2. We get the statement (in the case n = 2) by choosing g = h , 1 i 2. i i,to ≤ ≤ In general, if µ(f) = g g , it is suﬃcient to observe that g is 1 ··· n 1 relatively prime to g , 2 i n, so g ,..., g are pairwise relatively i ≤ ≤ { 1 n} 48 CHAPTER 3. FINITE COMMUTATIVE RINGS prime. Putting r = g g yields µ(f) = g r which completes the 2 ··· n 1 proof. ✷ From Hensel’s lemma we can deduce the existence of the polynomials that ”lift” the factorization to [x], even if the ”lifting factors” K are not uniquely determined. Obviously, except for the uniqueness part, Theorem 1.4.3 is a particular case of this one, when R = Zpn , p a prime. In the Euclidean domain [x] it is always possible to reduce our K analysis to monic polynomials; surprisingly, this is true also in the case of R[x]; in fact, there exist procedures by which we can obtain monic regular polynomials from regular ones, determining monic ”representatives”.

Lemma 3.2.7 Let f(x) be a regular polynomial in R[x]. It is possible to construct a sequence of monic polynomials fj(x) in R[x] such that

deg(fj(x)) = deg(µ(f(x))),

and f (x) f (x) (mod M j). j ≡ j+1 Furthermore, there exist a unit b R and a polynomial g (x) M[x], j ∈ j ∈ for each j, such that

b f(x) f (x) + g (x)f (x) (mod M j). j ≡ j j j n i Proof: Let f(x) = i=0 aix be a polynomial with non-zero leading coeﬃcient and deg(µ(f(x))) = t n. This implies that at is a unit; P ≤−1 −1 n j by choosing g1(x) = 0, f1(x) = at f(x) at ( j=t+1 ajx ) and b1 = −1 − at , the statement is true in the case j = 1; thus,P we can proceed by induction. Suppose we have constructed a sequence f , satisfying { i}1≤i≤j our hypotheses, such that

b f(x) = f (x) + g (x)f (x) + h(x), h(x) M j[x]. j j j j ∈ Since f (x) is a monic polynomial, we can ﬁnd q(x), r(x) R[x] such j ∈ that h(x) = q(x)fj(x) + r(x), deg(r(x)) < deg(fj(x)) = deg(µ(f(x))) or r(x) = 0. Deﬁne fj+1(x) := fj(x) + r(x),

gj+1(x) := gj(x) + q(x).

If r(x) = 0, there is nothing to prove. On the other hand, if fj(x) = a0 + t−1 t s a1x+ +at−1x +x and q(x) = c0 + +csx , then the leading coeffi- ··· t+s ··· t+s−1 cient of x , in fj(x)q(x), is cs; the coefficient of x is (csat−1+cs−1), and so on. Since h(x) 0 (mod M j) and deg(r(x)) < deg(f (x)) = t, ≡ j 3.2. REGULAR POLYNOMIALS IN THE RING R[X] 49 the coefficients c belong to M j, 1 i s, so q(x) M j[x]. There- i ≤ ≤ ∈ fore, r(x) = h(x) q(x)f (x) M j[x]. Finally, putting b = b − j ∈ j j+1 yields b f(x) = f (x) + g (x)f (x) + h(x) = f (x) + g (x)f (x) j j j j j+1 j+1 j+1 − r(x)(g (x) + q(x)) f (x) + g (x)f (x) (mod M j+1). ✷ j ≡ j+1 j+1 j+1 Theorem 3.2.8 Let f(x) be a regular polynomial in R[x]. There exist a monic polynomial f˜(x) with µ(f(x)) = kµ(f˜(x)), where k ∗, and ∈ K a unit v(x) R[x] such that v(x)f(x) = f˜(x). Furthermore, for every ∈ a R, f(a) = 0 if and only if f˜(a) = 0. ∈ Proof: Denote by h the least integer such that M h = 0. By Lemma 3.2.7, bhf(x) = fh(x) + gh(x)fh(x), where b is a unit in R, g (x) M[x] and f (x) R[x] is a monic h h ∈ h ∈ polynomial. We conclude the proof by choosing fh(x) = f˜(x); indeed, ˜ −1 ˜ µ(fh(x)) = µ(f(x)) = µ(bh)µ(f(x)) and f(x) = bh (1 + gh(x))f(x); −1 moreover, since 1 + gh(x) is a unit in R[x], bh (1 + gh(x)) has an inverse in R[x]; hence, for all a in R,

−1 ˜ f(a) = bh (1 + gh(a))f(a). ✷ We end this section by considering some topics strictly related to the irreducible regular polynomials in R[x]. Let R[x] be the set D ⊂ := f(x) µ(f(x)) has distinct roots in the algebraic closure of . D { | K} Theorem 3.2.9 Let f(x) be a regular polynomial in R[x]. Then

1. If µ(f(x)) is irreducible in [x], then f(x) is irreducible in R[x]. K 2. If f(x) is irreducible in R[x], then µ(f(x)) = δgn(x), where δ ∗, ∈ K n IN and g(x) is a monic, irreducible polynomial in [x]. ∈ K 3. A polynomial f(x) is irreducible if and only if µ(f(x)) is ∈ D irreducible.

Proof: 1. If f(x) = g(x)h(x), g(x), h(x) R[x], then either µ(g(x)) or µ(h(x)) ∈ is a unit, as µ(f(x)) is irreducible, and so prime, in [x]. So, from K Proposition 3.2.2 the statement follows. 2. Suppose that µ(f) = δge1 get , where δ ∗, e IN, 1 i 1 ··· t ∈ K i ∈ ≤ ≤ t, and the polynomials g are monic, irreducible in [x] and pairwise i K 50 CHAPTER 3. FINITE COMMUTATIVE RINGS relatively prime. If t 2, by Theorem 3.2.6, f(x) would have a non- ≥ trivial factorization in R[x], a contradiction. Therefore, µ(f) = δgn, with g(x) [x] irreducible. ∈ K 3. This is a trivial consequence of 1. and the deﬁnition of . ✷ D We would like to establish when an irreducible polynomial in R[x] is a prime element (the converse is always true); so we need the following:

Lemma 3.2.10 Let f(x) be a regular, irreducible polynomial in . f(x) D is a prime if and only if M (f). ⊆ Proof: ) If f(x) is a prime, then R[x]/(f) is a finite field (see Theorem ⇒ 2.3.9); thus, if a M, the coset a + (f) is a nilpotent element of the ∈ quotient ring, that is a (f). ∈ ) If M (f), then M[x] (f). Suppose that g + (f) is a nilpotent ⇐ ⊆ ⊆ element of R[x]/(f); then f(x) divides (g(x))n, for some n, so µ(f(x)) divides (µ(g(x)))n. Since f(x) , it follows that µ(f(x)) divides µ(g(x)), ∈ D i.e. µ(g(x)) = µ(f(x))h(x), where h(x) [x]. Let h(x) R[x] be ∈ K ∈ such that µ(h(x)) = h(x). Consequently, h(x)g(x) = f(x) + j(x) with j(x) M[x], therefore g(x) (f). This implies that R[x]/(f) is a field ∈ ∈ and (f) is prime. ✷ Remark Observe that, since R is a finite ring, the polynomial ring R[x] is Noetherian. Now, let N be a maximal ideal in R[x]; then N R = M ∩ and the image of N under the homomorphism µ is the principal ideal (f(x)) [x], where f(x) is an irreducible polynomial. Therefore, M ⊂ K ⊆ N and (f(x)) N, where f is a pre-image of f, i.e. µ(f(x)) = f(x); ⊆ by the maximality of N, N = (M, f). By Theorem 3.2.9, f(x) is an irreducible polynomial in , so (f(x)) is a maximal ideal in R[x] if and D only if M = (0), that is R is a finite field. What about the factorization of regular elements of R[x]? The answer is given by the following

Theorem 3.2.11 Let f(x) be a regular polynomial in R[x]. Then

1. f(x) = δ(x)g (x) g (x), where δ(x) has an inverse in R[x] and 1 ··· n g (x), 1 i n, are regular, primary, pairwise relatively prime i ≤ ≤ polynomials.

2. If f(x) = δ(x)g (x) g (x) = β(x)h (x) h (x) with δ(x) and 1 ··· n 1 ··· m β(x) units in R[x] and gi(x), hj(x) are regular, primary pairwise relatively prime polynomials, then n = m and (g ) = (h ), 1 i i i ≤ ≤ n, by a suitable relabeling. 3.3. R-ALGEBRA AUTOMORPHISMS OF R[X] 51

Proof: 1. Let f(x) be regular in R[x]. Since µ(f(x)) = 0 in [x], 6 K µ(f(x)) = δ ph1 (x) phn (x), with δ , h IN and p (x) irre- 1 ··· n ∈ K i ∈ j ducible, pairwise relatively prime polynomials in [x]. Consequently, K the phj (x)’s are primary and regular polynomials in [x]. By the gener- j K alized Hensel lemma, (f(x)) = δ(x)p (x) p (x), where µ(δ(x)) = δ(x) 1 ··· n and µ(p (x)) = phj (x), 1 j n. It is straightforward to verify that the j j ≤ ≤ pj(x)’s are regular, primary, pairwise relatively prime polynomials. 2. One can proceed as in the case of F[x], F a ﬁeld (Sect. 1.3), but in this case everything is translated in terms of principal ideals; i.e., if

(g ) (g ) = (h ) (h ), 1 ··· n 1 ··· m then n = m and after a suitable ordering (g ) = (h ), 1 i n. ✷ i i ≤ ≤ Observe that a regular polynomial f(x) R[x] is primary if and only ∈ if µ(f) is primary in [x]; this means that µ(f) = δgh, where δ ∗ K ∈ K and g [x] is an irreducible polynomial. We can give the following ∈ K Deﬁnition 3.2.12 (see also [56]) A regular, irreducible polynomial f(x) in R[x] is basic irreducible if µ(f(x)) [x] is irreducible in the ∈ K Euclidean ring.

3.3 R-algebra Automorphisms of R[x]

In this section we want to determine the structure of the R-algebra automorphisms of R[x], where R is a local ring with maximal ideal M and residue ﬁeld . For this theory in the case of a general commutative ring K see [26]. As in [56], we start with the following:

Lemma 3.3.1 Let f(x) and g(x) be non-trivial polynomials in [x] of K degrees n and m, respectively. The polynomial h(x) := g(f(x)) [x] ∈ K is of degree nm; furthermore, f(x) generates [x] over if and only if K K deg(f) = 1, i.e. f(x) = a + a x with a = 0. 0 1 1 6 Proof: The ﬁrst statement is obvious; if f(x) generates [x] over K , then there exists a polynomial g(x) such that x = g(f(x)) and, if K deg(f) = n and deg(g) = m, then mn = 1. Therefore, f(x) = a0 + a1x with a = 0. Conversely, if f(x) is of such a form, then x [f(x)] i.e. 1 6 ∈ K [f(x)] = [x]. ✷ K K An immediate consequence of this lemma is that each automorphism of the -algebra [x], σ : [x] [x], is of the form σ(x) = a + a x, K K K −→ K 0 1 with a = 0. 1 6 52 CHAPTER 3. FINITE COMMUTATIVE RINGS

Next, consider the R-algebra R[x] and a R-morphism σ : R[x] −→ R[x]. It is obvious that the action of σ is uniquely determined by the image of x under σ. If f(x) R[x], the R-morphism induced by x ∈ −→ f(x) will be denoted by σf . If σ is a R-automorphism of R[x], then σ (M[x]) M[x], hence f f ⊆ the ideal M[x] is called characteristic in R[x]. This implies that σf induces a -algebra automorphism K σ : [x] [x], f K −→ K deﬁned by σ (h) = µ(σ (h)), where h(x) R[x] is such that µ(h(x)) = f f ∈ h(x) and µ : R[x] [x] is the standard epimorphism introduced in −→ K Sect. 3.2. It immediately follows that, if we consider the polynomial f(x) = a + a x + + a xn R[x], σ = σ , hence σ induces the - 0 1 ··· n ∈ f µ(f) f K automorphism σ : x µ(f(x)). µ(f) −→ Since σ is an automorphism of [x], µ(f(x)) = π(a )+π(a )x, where µ(f) K 0 1 π : R = R/M. We conclude that a U(R), whereas a , . . . , a −→ K 1 ∈ 2 n are nilpotent in R.

Theorem 3.3.2 Let f(x) = a + a x + + a xn R[x]. The map 0 1 ··· n ∈ σ : x f(x) induces an automorphism of the R-algebra R[x] if and f −→ only if a1 is a unit and a2, . . . , an are nilpotent elements. Each R-algebra automorphism of R[x] is of the form σ , for some f(x) R[x]. f ∈ Proof: We only have to show the suﬃciency of this condition. Take f(x) = a +a x+ +a xn such that a U(R) and a M = Nil(R), 0 1 ··· n 1 ∈ j ∈ 2 j n. Since R[f(x)] = R[a−1(f(x) a )], w.l.o.g. we may assume ≤ ≤ 1 − 0 that a = 0 and a = 1. Thus, f(x) = x + + a xn. By using 0 1 ··· n g(x) := f(x) a (f(x))2 a (f(x))n, − 2 − · · · − n we obtain that g(x) = x + b x2 + + b xs, where b M 2, 2 i s. 2 ··· s i ∈ ≤ ≤ Since M is a nilpotent ideal of R, by a ﬁnite number of iterations of this process, we get x R[f(x)], i.e. σ is surjective. ∈ f To prove the injectivity, consider g(x) = g + g x + + g xs R[x] 0 1 ··· s ∈ such that σ (g(x)) = 0, i.e. g +g f + +g f s = 0. Now a = 0 implies f 0 1 ··· s 0 that g = 0 and (g + g f + + g f s−1)f = 0. Since a is a unit, f(x) 0 1 2 ··· s 1 ∈ R[x] is not a zero-divisor (by Prop. 3.2.4), so (g +g f + +g f s−1) = 0. 1 2 ··· s Repeating the argument shows that g = g = = g = 0, i.e. g(x) = 0; 1 2 ··· s this implies that σf is injective. ✷ 3.4. FACTORIZATION IN R[X] 53

We end this section with a ﬁnal remark. Let Φ be an automorphism of R and f(x) R[x] an arbitrary polynomial. We deﬁne the ring ∈ morphism σ : R[x] R[x] Φ,f −→ by s s i i σΦ,f ( aix ) := Φ(ai)(f(x)) . Xi=1 Xi=1 Theorem 3.3.3 (i) σΦ,f is injective if and only if σf is. (ii) σΦ,f is surjective if and only if σf is.

Proof: For the injectivity, one implication is straightforward; conversely, s i s −1 i if σΦ,f is injective and i=1 ai(f(x)) = 0, then σΦ,f ( i=1 Φ (ai)x ) = 0, i.e. Φ−1(a ) = 0 which implies a = 0, 1 i s. The surjectivity i P i ≤ ≤ P follows from the fact that Im(σΦ,f ) = R[f]. ✷

3.4 Factorization in R[x]

We want to find a way to factor a given polynomial in R[x]. To do this we need to extend the classical congruence theory. As usual, R will denote a finite local ring with maximal ideal M and residue field . K

n Definition 3.4.1 Let D be an integral domain and f(x) = anx + a xn−1 + + a D[x]. The formal derivative of f(x) is the n−1 ··· 0 ∈ polynomial f ′(x) = na xn−1 + + a D[x]. n ··· 1 ∈ df We can use also the symbol dx to denote this first derivative. The k-th dkf (k) derivative of f(x) is the polynomial dxk (or f ) inductively defined by − dkf d(f (k 1)) dxk = dx .

Observe that the notion of a polynomial derivative is formally introduced, without any use of diﬀerential calculus concepts. However, if the characteristic of D is p and p divides the degree n of the polynomial, then f ′(x) has degree less than n 1. For instance, the polynomial F (x) = − xp x F [x] is of degree p but its derivative F ′(x) = 1 = p 1 F − ∈ p − − ∈ p is a constant polynomial. 54 CHAPTER 3. FINITE COMMUTATIVE RINGS

Denote by h the nilpotence class of M, i.e. h Z+ is the least ∈ positive integer such that M h = 0. We get a natural sequence of ring morphism:

σ σh−1 σh−2 σ σ R = R/M h h R/M h−1 R/M h−2 2 = R/M 1 0. −→ −→ −→ · · · −→ K −→ With any of these ring morphisms a natural morphism is associated, namely π : R/M i R/M = , 1 i h. i −→ K ≤ ≤ The kernel of σ is M i−1/M i, for each i, and it is also a - vector i K space, where the - action is given by: K αm := αm, where m M i−1/M i, α R/M i, π (α) = α. (3.2) ∈ ∈ i Since the kernel of π is M/M , this -action is well-deﬁned. i i K For the sake of simplicity, the morphisms σi and πi will simply be denoted by σ and π, respectively. At the same time we will writeσ ˜ and π˜ to denote the extensions of σi and πi to their respective polynomial rings. The fundamental idea is to generate the roots of a polynomial f(x) ∈ (R/M i)[x] from those ofσ ˜(f) (R/M i−1)[x]. Let t be dim (M i−1/M i) ∈ K and v , . . . , v be a -basis for M i−1/M i. Let a be an element of { 1 t} K R/M i−1 which is a root ofσ ˜(f(x)) (R/M i−1)[x] and suppose that ∈ σ(a) = a for some a R/M i. Let b = a + η; our aim is to choose ∈ η M i−1/M i in such a way that f(b) = 0. Since M i−1/M i is nilpotent of ∈ class two, i.e. (M i−1/M i)2 = 0, f(b) = f(a+η) = f(a)+ηf ′(a)+η2Q = f(a) + ηf ′(a), where f ′(x) (R/M i)[x] is the formal derivative of f(x) ∈ and Q R/M i. It follows that ∈ f(b) = 0 f(a) = ηf ′(a); ⇔ − since η M i−1/M i, by (3.2) this means that f(a) = π(f ′(a))η. ∈ − Further, f(a) belongs to the vector space M i−1/M i since (˜σf)(a) = 0. The chosen basis for this vector space determines the followig relations:

t t f(a) = α v , η = β v , α , β . i i i i i i ∈ K Xi=1 Xi=1 Consequently,

t t t ′ ′ 0 = f(b) = αivi + π(f (a))( βivi) = (αi + π(f (a))βi)vi, Xi=1 Xi=1 Xi=1 3.4. FACTORIZATION IN R[X] 55 hence α + π(f ′(a))β = 0, for each i 1, . . . , n . Three cases may i i ∈ { } occur: (i) f ′(a) is a unit, so π(f ′(a)) = 0 and each β is uniquely determined; 6 i hence, there exists a unique b R/M i which is a root for f(x) R/M i[x] ∈ ∈ and satisfies σ(b) = a; (ii) f ′(a) is an element of M/M i and the linear combination above admits (at least) one α = 0, for some j. In this case no root (mapping to a) j 6 exists for f(x). (iii) f ′(a) belongs to M/M i and β = 0, for all j 1, . . . , t ; this j ∈ { } implies that f(a + η) = 0 for each η M i−1/M i. Thus, there exist ∈ M i−1/M i = t roots b for f(x) such that σ(b ) = a, in this case. | | |K| s s Observe that all roots of f(x) are obtained in this way; in fact, if f(a) = 0 for a fixed polynomial f(x) (R/M i)[x] and for a R/M i, ∈ ∈ then σ(a) = a is a root ofσ ˜(f(x)) (R/M i−1)[x]. Therefore, the prob- ∈ lem of finding the roots of a given polynomial f(x) reduces to that of finding those ofπ ˜(f(x)) in the residue field. By taking into account what we have observed here and in the previous sections, we can deduce some properties of the ring R[x] which extend the properties of U.F.D.’s or P.I.D.’s, considered in Chapter 1. Indeed, in the polynomial ring R[x] we make the following

Deﬁnition 3.4.2 A polynomial f is a proper divisor of the polynomial g if (g) (f). ⊂ Observe that, if g is a regular polynomial, then f is a proper divisor of g if and only if f is a divisor of g and µ(f) divides µ(g) in the Euclidean domain [x] (where µ : R[x] [x] is the usual epimorphism deﬁned K −→ K in Sect. 3.2).

Proposition 3.4.3 Let f(x), g(x) be regular associated polynomials in R[x]. Then f(x) = δ(x)g(x), where δ(x) is a unit in R[x].

Proof: As in Section 3.2, two regular polynomials are associates in R[x] if they generate the same ideal, i.e. (f(x)) = (g(x)) R[x]. This implies ⊂ that these polynomials are proper divisors of each other, so f = µ(f), g = µ(g) [x] are associates in the Euclidean domain [x], hence δ ∈ K K ∈ K must exist such that f(x) = δg(x). Now we can proceed as in Theorem 3.2.6 to lift this equality in [x] to R[x]. By recalling that M[x] is a K nilpotent ideal in R[x], one can ﬁnd a suitable δ(x) R[x] satisfying the ∈ statement such that µ(δ(x)) = δ ; by 3.2.2, δ(x) is a unit in R[x]. ✷ ∈ K 56 CHAPTER 3. FINITE COMMUTATIVE RINGS

Proposition 3.4.4 (Euclidean Algorithm) Let f(x), g(x) be non- zero polynomials in R[x]. If g(x) is a regular polynomial,then there exist q(x), r(x) R[x] such that ∈ f(x) = g(x)q(x) + r(x),

with deg(r) < deg(g) or r(x) = 0.

Proof: In the previous proposition we considered the particular case when f(x) and g(x) are associates in R[x], then q(x) = δ(x) and r(x) = 0. Now, let f(x) and g(x) be polynomials in the ring R[x] such that g(x) is regular. If we consider their images in [x], viz. f(x) = µ(f(x)) and K g(x) = µ(g(x)) = 0, then q(x), r(x) [x] exist such that deg(r(x)) < 6 ∈ K deg(g(x)), or r(x) = 0, and f(x) = g(x)q(x) + r(x), since [x] is a K Euclidean domain. Observe that if f(x) is nilpotent, then f(x) = q(x) = r(x) = 0 (by Prop. 3.2.3), whereas, if f(x) is a unit, then q(x) = 0 and r(x) = f(x) = k (by Prop. 3.2.4). ∈ K Another application of the Generalized Hensel Lemma (3.2.6) shows the statement. We leave the technical part to the reader. Observe that the equality f(x) = g(x)q(x) + r(x) is not uniquely determined, i.e. the polynomials q(x), r(x) are not unique. ✷ Other important consequences of our deﬁnitions are the following.

Proposition 3.4.5 Let R and S be two finite, commutative, local rings such that R S. If a is an element of S, then there exists a unique ⊂ monic polynomial f(x) R[x] such that f(a) = 0. ∈ Proof: The statement is obvious if a R. Suppose that a S R. Since ∈ ∈ \ S is a finite ring, there exists only a finite number t of distinct powers of a. Let T be the free R-module generated by all these powers; then R T S, so it is sufficient to observe that at+1 must be expressed ⊂ ⊂ as a polynomial, in the t distinct powers of a, with coefficients from R. This implies that at+1 = p(a), i.e. a is a root of the monic polynomial f(x) = xt+1 p(x). ✷ − Thus, if R and S are two local rings such that R S and if a ⊂ ∈ S, what we proved in Proposition 3.4.5 guarantees the existence of a monic polynomial f(x) R[x] such that f(a) = 0. We get an R-algebra ∈ epimorphism φ : R[x]/(f(x)) R[a] S. a −→ ⊂ Since f(x) is a monic polynomial, it is regular (see Prop. 3.2.4); so, by Proposition 3.4.4, the elements of the quotient ring are represented 3.4. FACTORIZATION IN R[X] 57 by all the polynomials r(x) R[x] such that deg(r(x)) < deg(f(x)), ∈ therefore we may define

φa(r(x)) := r(a). The other fundamental remark stems from what we observed after Lemma 3.2.10 about the maximal ideals of the ring R[x]; indeed, they are all of the form J = (M, f(x)), where M R is its maximal ideal ⊂ and f(x) R[x] is a polynomial such that µ(f(x)) = f(x) [x] is ∈ ∈ K irreducible over . This determines the isomorphism K R[x]/(M, f(x)) = [x]/(f(x)), (3.3) ∼ K which will play a fundamental role in the Galois ring theory. Proposition 3.4.6 If f(x), g(x) R[x] are regular, monic polynomials ∈ which are associates in R[x], i.e. (f(x)) = (g(x)), then f(x) = g(x). Proof: If f(x) and g(x) are associates in R[x], then there exists δ(x) ∈ U(R[x]) such that f(x) = δ(x)g(x) (see Prop. 3.4.3); by Proposition 3.2.2 and the deﬁnition of µ, we have f(x) = δg(x) in [x], where δ ∗. K ∈ K Since f(x), g(x) are monic polynomials in [x], δ = 1, so f(x) = g(x). K As in the proof of Proposition 3.4.3, we can deduce the existence of a unit δ(x) R[x] such that f(x) = δ(x)g(x), where δ(x) of the form ∈ δ(x) = a + a x + ... + a xt, a U(R) and a Nil(R), 1 j t. 0 1 t 0 ∈ j ∈ ≤ ≤ Since f(x) and g(x) are monic, δ(x) = 1. ✷ We conclude with a crucial remark on the R-algebra of polynomials R[x]. Proposition 3.4.7 Let f(x) = a + a x + + a xn be a polynomial in 0 1 ··· n R[x]; if the morphism σf is onto, then a1 is a unit in R and a2, . . . , an are nilpotent. Therefore, if σf is onto, then it is also injective, so it is an automorphism of the R-algebra R[x]. Proof: Suppose that σ is surjective; if r R and u U(R), then σ f ∈ ∈ r+f and σuf are epimorphisms of R[x]. W.l.o.g. we may consider f˜(x) = a + f(x) = a x + a x2 + + a xn; there must exist a polynomial − 0 1 2 ··· n g(x) = b + b x + + b xm R[x] such that σ (g(x)) = g(f˜(x)) = x 0 1 ··· m ∈ f˜ ∈ R[x]. Therefore, x = b + b (a x + + a xn) + b (a x + + a xn)2 + 0 1 1 ··· n 2 1 ··· n + b (a x + + a xn)m, i.e. ··· m 1 ··· n b0 = 0 a1b1 = 1 a2b1 + b2a1 = 0 ...... 58 CHAPTER 3. FINITE COMMUTATIVE RINGS

This implies that a1 U(R) and a2, . . . , an J(R), so, by Theorem ∈ ∈ ✷ 3.3.2, σf˜ (hence σf ) is an automorphism. Chapter 4

SEPARABLE EXTENSIONS OF FINITE FIELDS AND FINITE RINGS

In this chapter we want to deal with separable extension theory, since it will be a fundamental tool to describe the Galois extensions of local rings and to construct Galois rings in the subsequent chapters. We start by recalling the main ideas of the abstract theory of this kind of extensions in the case of fields (see, for example, [44] or [64]), with a particular interest in finite fields. After that, we shall consider the separable (or unramified) extensions of finite, local rings ([56]). This will lead us to the characterization theorem of separable extensions of finite, local rings and provide some particularly interesting examples.

4.1 Separable Field Extensions

Before developing the theory of separable extensions of ﬁelds, we want to recall some fundamental deﬁnitions.

Proposition 4.1.1 Let F be a ﬁeld and f(x) F[x] a polynomial. ∈ There exists a ﬁeld K such that F K and f(x) splits, over it, into ⊆ linear factors.

Proof: See, for example, [3] or [31]. ✷

59 60 CHAPTER 4. SEPARABLE EXTENSIONS

Definition 4.1.2 Let F K be a field extension such that a polynomial ⊆ f(x) F[x] factors, over K, as f(x) = n (x α ), α K, and ∈ i=1 − i i ∈ K = F(α , . . . , α ). We say that K is the splitting field of f(x). 1 n Q This splitting field is, essentially, unique ([44] or [64]).

Recall that we have already introduced, in 1.3.11, the definitions of algebraically closed field and algebraic closure of an arbitrary field K.

Theorem 4.1.3 Given any ﬁeld K, then

1. There always exists an algebraic closure, denoted by K;

2. If K H is an algebraic ﬁeld extension and if each polynomial ⊆ f(x) K[x] completely factors over H, then there exists a K- ∈ isomorphism (i.e. an isomorphism that ﬁxes K elementwise) of H onto K;

3. The algebraic closure of the ﬁeld K is unique up to isomorphism.

Proof: The proof of the existence of such an algebraic closure is based on a transfinite construction. See, for example, [3],[7] or [22]. ✷ In conclusion, given a field K, it is always possible to consider its algebraic closure K. Therefore, we will suppose, for simplicity, that all fields considered are contained in a suitable field E, which is algebraically closed.

Definition 4.1.4 Let F be a field which is contained in an algebraically closed field E. i) A polynomial f(x) F[x] is said to be separable over F if its roots, ∈ as elements of E, are all distinct. ii) a E is a separable element over F if its minimal polynomial ∈ (Section 1.3) f (x) F[x] is separable. a ∈ iii) An algebraic extension field F K is a separable extension if ⊆ each element a K is separable over F. ∈ Another important notion in extension theory is the definition of normal or Galois extension. Given K, H and F fields such that K H ⊂ and K F, we say that a field homomorphism φ : H F is a K- ⊂ −→ morphism if φ K= idK. An extension field K F is normal if each | ⊆ K-monomorphism ϕ : F E is an automorphism (i.e. ϕ(F) = F). −→ Let E be an algebraically closed field, with positive characteristic p, and φ : E E 1 −→ 4.1. SEPARABLE FIELD EXTENSIONS 61 the first Frobenius automorphism (see in the proof of Theorem 2.3.5) defined by φ (a) = ap, a E. 1 ∀ ∈ The field φ1(E) is algebraically closed, since it is isomorphic to the field E but, at the same time, it is an algebraic extension of E; e.g., if a E, ∈ then a is a root of the polynomial xp ap φ (E)[x]. It follows that − ∈ 1 φ1(E) = E. Instead of φ−1(a) E, we will denote by a1/p the preimage, under 1 ∈ φ1, of an element a E; therefore, given a field K E, we will write p 1/p ∈ −1 ⊆ K and K instead of φ1(K) and φ1 (K), respectively.

Proposition 4.1.5 Given a ﬁeld K, the following conditions are equivalent:

1. K = Kp;

2. K = K1/p;

3. Every algebraic extension of K is separable.

Proof: 2. 3. Let a be algebraic over K and f(x) = xn + b xn−1 + ... + b ⇒ 1 n its minimal polynomial over K; if f(x) is not a separable polynomial, then f(x) = h(x)p ([36], pag. 146), where h(x) is a polynomial with coeﬃcients from K1/p. By hypothesis K = K1/p, then h(x) K[x] ∈ which contradicts the irreducibility of f(x) over K. 3. 1. Let a Kp and F = K(a) be separable over K, i.e. F is a simple ⇒ ∈ separable extension of K; so, a Kp = K and, also, a F = K(a); this ∈ ∼ ∈ means a K. ∈ −1 1. 2. Since φ1 φ1(K) = K, we have that φ1(K) = K. Therefore, −1⇒ 1/p ✷ φ1 (K) = K = K.

Definition 4.1.6 A field K is called perfect if it satisfies one of the conditions in Prop. 4.1.5 (see [7] or [64]).

Other methods to construct perfect ﬁelds are given by the next theorem.

Theorem 4.1.7 (1) Every algebraically closed field, as well as every finite field, is a perfect field. (2) If K is perfect and F is algebraic over K, then F is a perfect field. 62 CHAPTER 4. SEPARABLE EXTENSIONS

Proof: (1) We have already observed that an algebraically closed field is cer- tainly perfect. If K is a finite field, since the first Frobenius homomorphism is injective, it must be bijective, then K is perfect.

(2) Let a F and consider H = K(a); since φ1 is an isomorphism, it is ∈ p p clear that [H : K ] = [φ1(H): φ1(K)] = [H : K], where [H : K] denotes the extension degree. By hypothesis, Kp = K and it is obvious that Hp H, so Hp = H. In particular, there exists b H such that a = bp. ✷ ⊆ ∈ The fundamental consequence of this last result is that every algebraic extension of a finite field is a separable extension, since any finite field is perfect. Moreover, in the case of finite extensions, i.e. K F ⊂ such that [F : K] = dimKF is finite, we have a stronger result.

Proposition 4.1.8 Let K F be a field extension. If K F is finite ⊂ ⊂ and separable, then it is simple. Moreover, if K is a finite field, it is enough to assume K F finite to get the statement. ⊂

Proof: This depends on a more general result in field extension theory. Indeed, suppose to have a field extension K F (K not necessarily a ⊂ finite field) such that [F : K] < and let a F. Since the elements ∞ ∈ 1, a, a2, . . . , an F can not be linearly independent over K for each ∈ n, we must have n α ai = 0, where n IN and α K s.t. α = 0 for i=0 i ∈ i ∈ i 6 some i 0, . . . , n . This implies that each element of F is algebraic ∈ { P } over K, i.e. K F is an algebraic extension. Therefore, if K is also a ⊂ finite field, Theorem 4.1.7 ensures us that K F is separable. ⊂ In the infinite case we have to add to the hypotheses the separability of the extension to prove the statement. Since we are interested in the finite case, we only focus on this part and refer the reader to [36] for the general treatment. Thus, consider K a finite field and K F a ⊂ finite extension; then, F is a finite field, separable over K. In Theorem 2.1.3 we recalled that the multiplicative group of a finite field is a cyclic group, therefore there exists ω F∗ such that F∗ =< ω >; so, a fortiori, ∈ F = K(ω). ✷ In the next section we will generalize the notion of a separable extension to finite, commutative rings, and, in particular, to finite, local rings, which will be a corner stone for our future analysis of Galois rings. 4.2. EXTENSIONS OF RINGS 63

4.2 Extensions of Rings

In the previous section we recalled the main properties of ﬁeld extensions. Now, we will state analogous propositions in the case of rings ([56]). As usual, the rings considered will be commutative and with identity.

Definition 4.2.1 Let R and S be two rings. We say that S is an extension of R if R S. Moreover, if T is a non-empty subset of S of ⊆ finite cardinality, the ring it generates is the smallest subring of S, A, such that R T A S. ∪ ⊆ ⊆ Observe that it makes sense to give such a definition, since A may coincide with S. Obviously, if T R, then A = R. Therefore, it is interesting ⊆ to consider sets T which are not contained in R. Consequently, w.l.o.g., we will set R T = . Therefore, A properly contains R and is contained ∩ ∅ in S. Furthermore, it is possible to explicitly determine the elements of A.

Theorem 4.2.2 Let R and S be two rings such that R S. By choosing ⊂ T = t , . . . , t S, the elements of the ring A are of the form { 1 k} ⊂ a tn1 tnk , with a R and t T, 1 j k. n1...nk 1 ··· k n1...nk ∈ j ∈ ≤ ≤ X Proof: Observe that elements of this kind form a ring, B, such that R B S; e.g., both the difference and the product of two elements ⊂ ⊂ of this kind are elements of the same kind. Moreover, by construction, R B S and T B. Finally, if C is a ring containing T , since ⊂ ⊂ ⊂ C is closed with respect to difference and product, then B C, which ⊂ completes the proof. ✷ A particularly important case occurs when the set T is a singleton, i.e. T = a . In this case, we write A = R(a). As in the field case, we { } have the following:

Deﬁnition 4.2.3 An extension of the form R R(a) is said to be sim- ⊂ ple.

Clearly, if R is a commutative ring with identity, so is R(a). More- j over, by Theorem 4.2.2, an element of R(a) is of the form rja , where r R. In the case of a ﬁeld K, we have already seen how the concept j ∈ P of simple extensions is strictly related to the concept of quotients of the polynomial ring K[x]. On the other hand, in the ring case this link is not so evident and, sometimes, we cannot even consider it because, when 64 CHAPTER 4. SEPARABLE EXTENSIONS

R is an arbitrary commutative ring, R[x] does not have the same properties as the Euclidean ring K[x]. However, it is possible to develop an analogous theory in the case of a ﬁnite, local ring R. We shall see, in the next section, that, for such rings, their separable extensions can be characterized.

Definition 4.2.4 Let R and S be two finite, local rings with residue fields and K, respectively, such that R S. The ring S is said to be a K ⊆ separable extension (equivalently, an unramified extension) of R if mS = M.

We know that if R and S are ﬁnite, local rings with and K residue K ﬁelds, respectively, then = R/m and K = S/M, where m and M are K the maximal ideals of R and S.

Theorem 4.2.5 Let R and S be as in Definition 4.2.4, with R S a ⊂ separable extension; then K is a separable field extension. K ⊂ Proof: Since mS = M, then R/m and S/mS are finite fields satisfying K; from Proposition 4.1.5 and Theorem 4.1.7 the assertion follows. K✷ ⊆ It is therefore possible to ”work” very easily with extensions of finite, local rings, establishing when an extension is a separable one. To do this, we need to recall the following important result.

Lemma 4.2.6 (Nakayama’s lemma) Let R be a commutative ring with identity. Assume that M is a ﬁnitely generated R-module and J is an ideal of R. If JM = M, then M = 0.

Proof: Suppose that M = 0; denote by m , . . . , m a minimal set of 6 { 1 n} generators of M as an R-module. As JM = M, we may write

m1 = s1m1 + ... + snmn

for some s J, 1 i n. Then, i ∈ ≤ ≤ (1 s )m = s m + ... + s m ; − 1 1 2 2 n n since s is an element of J, from Prop. 1.2.10 it follows that 1 s is a 1 − 1 unit (R is a local ring). Thus m Rm + + Rm which contradicts 1 ∈ 2 ··· n the minimality of the set of generators. ✷

Theorem 4.2.7 (of the primitive element) Each separable extension of a ﬁnite, local ring is simple. 4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS 65

Proof: Let R S be a separable extension. Thus, K is a finite, ⊂ K ⊂ separable field extension; therefore, by Proposition 4.1.8, there exists a K such that K = (a). Let a S be one pre-image, under the ∈ K ∈ canonical epimorphism µ : S K, of a. From Theorem 4.2.5 it follows −→ that S/mS = (R/m)(a); this means that S = R(a) + mS. Observe that S and R(a) are finitely generated R-modules, thus

m(S/R(a)) = (mS + R(a))/R(a) = S/R(a), and the statement follows from Lemma 4.2.6; in fact, the R-module S/R(a), ﬁnitely generated over R, is the null module, then S and R(a) coincide as local rings. ✷

4.3 Separable Extensions of Finite Commuta- tive Local Rings

This section provides a fundamental theorem on separable extensions of local rings.

Theorem 4.3.1 Let R and S be two finite, commutative, local rings with maximal ideals m and M and residue fields and K, respectively, K such that R S. The local ring S is a separable extension of R if and ⊂ only if S ∼= R[x]/(f(x)) (as R-algebras), where f(x) is a monic, basic irreducible polynomial, i.e. µ(f(x)) [x] is an irreducible polynomial ∈ K (see Definition 3.2.12).

Proof: ) Suppose that S is a separable extension of R. By Theorem ⇒ 4.2.7, there exists an element w S such that S = R[w]. It follows ∈ that also K = S/M is a simple extension of = R/m; more precisely, K K = [w], with w K such that µ(w) = w, where, again, µ is the K ∈ epimorphism µ : S S/M = K. −→ Let f(x) K[x] be the minimal polynomial of w; therefore f(x) is ∈ irreducible. Let h(x) R[x] be a monic pre-image of f(x) such that ∈ deg(h) = deg(f); h(x) is an irreducible polynomial in R[x], as µ(h) = f ∈ K[x] (Theorem 3.2.9). Since w is a pre-image of w K, h(w) R[w]; ∈ ∈ thus, as [K : ] = deg(h) = n, h(w) = n−1 m wi, with m m R, w K i=0 i i ∈ ⊂ a pre-image of w and f(w) mS = M. ∈ P Choose g(x) = n−1 m xi and f(x) := h(x) g(x). It follows that i=0 i − deg(f) = deg(h) = n and the leading coefficient of f is the same as that P of h, i.e. 1 R. Since f(w) = 0, µ(f) = f K[x], then f(x) R[x] ∈ ∈ ∈ 66 CHAPTER 4. SEPARABLE EXTENSIONS is a monic, basic irreducible polynomial. The ideal it generates in R[x] is a proper ideal, because the leading coefficient of f(x) is a unit. The natural morphism, defined by

R[x] S = R[w] −→ x w −→ is consistent with the quotient morphism, which determines an epimorphism of R-algebras, i.e.

ϕ : R[x]/(f(x)) S = R[w]. −→ Now we have to check that R[x]/(f(x)) is a ring with the same cardinality as S, so ϕ will be an isomorphism of R-algebras. We recall that, as we have seen in Chapter 3 for regular polynomials, f(x) is a polynomial for which we can deﬁne the Euclidean division, which gives

R[x]/(f(x)) = r(x) R[x] 0 deg(r) < deg(f) . { ∈ | ≤ } It follows that the rings R[w] and R[x]/(f(x)) are equipotent, and, therefore, ϕ is an isomorphism, i.e.

R[x]/(f(x)) ∼= S = R[w]. ) Assume that there exists a monic, irreducible polynomial of degree ⇐ n, f(x) R[x], such that S = R[x]/(f(x)). We have to show that ∈ the extension R S is separable over R, i.e. mS = M. Since R is a ⊂ local ring with maximal ideal m R, we have already observed that ⊂ m[x] R[x] is an ideal in the polynomial ring, with coeﬃcients from ⊂ R, such that R[x]/m[x] ∼= K[x]. Therefore, the ring S = R[x]/(f(x)) is local; e.g., let m R be the maximal ideal of R, then the ideal ⊂ M := (m, f(x))/(f(x)) R[x]/(f(x)) = S is maximal (see (3.3)); in ⊆ fact, R[x] (m, f(x)) / = R[x]/(m, f(x)) = K[x]/(µ(f(x))) = F (f(x)) (f(x)) ∼ ∼ ∼

is a ﬁeld. Obviously, by construction, mS = M = (m, f(x))/(f(x)); we have to verify that M is the only maximal ideal of S, so that S will be a local ring and the extension R S will be unramiﬁed, i.e. separable. ⊂ The uniqueness of this maximal ideal follows from 3.2.11. ✷ A polynomial f(x) R[x] is a local polynomial if the quotient ∈ ring R[x]/(f(x)) is a local extension of R. A regular polynomial h(x) is a separable polynomial if R[x]/(h(x)) is a local, separable extension 4.3. SEPARABLE EXTENSIONS OF LOCAL RINGS 67 of R. Obviously, if f(x) is a separable polynomial and f ∗(x) R[x] ∈ is a monic, regular polynomial such that µ(f) = µ(f ∗), then (f(x)) = (f ∗(x)) R[x]. In this sense, the separable polynomials are the basic ⊆ irreducible polynomials; more precisely, the following notions are equivalent: (a) f is separable; (b) f is basic irreducible; (c) µ(f) is irreducible.

Theorem 4.3.2 A regular polynomial is local if and only if µ(f) is a power of an irreducible polynomial in [x]. K Proof: ) If µ(f) were not a power of an irreducible polynomial in [x] then, ⇒ K by 3.2.6, f(x) would not be local in R[x]. ) Suppose f is not local; then R[x]/(f) decomposes as a direct sum ⇐ of proper ideals. Thus f and, consequently, µ(f) factor into relatively prime polynomials. ✷

Corollary 4.3.3 If f is a regular, irreducible polynomial in R[x], then R[x]/(f n) is a local ring for any positive integer n. 68 CHAPTER 4. SEPARABLE EXTENSIONS Chapter 5

GALOIS THEORY FOR LOCAL RINGS

In this chapter we want to extend some classical results of the Galois theory of fields to finite, local rings. For general ideas on Galois theory and related topics (Abel-Ruffini’s Theorem, cyclotomic extensions and so on) the reader is referred to [2], [24] or [64]. For interesting examples and a historical point of view of this theory we suggest [22] and [68].

5.1 Basic Facts

Let R and S be two ﬁnite, commutative, local rings such that R S. ⊂ In this situation, we can generalize to the ring case the deﬁnition of K-morphism given in Section 4.1.

Definition 5.1.1 An R-automorphism ϕ of S is an automorphism ϕ : S S such that ϕ = 1 , where 1 is the identity map on R. → |R R R From now on, S and R will denote two finite, commutative, local rings with maximal ideals M and m and residue fields K = S/M and = R/m, respectively. K We recall that, if H is a group of R-automorphisms of S, then the set SH := s S σ(s) = s, σ H { ∈ | ∀ ∈ } is a ring with respect to the operations on S. Therefore, if S is an extension of R, it makes sense to give the following definition.

Deﬁnition 5.1.2 S is a Galois extension of R, with Galois group G, if G is a group of R-automorphisms of S such that

69 70 CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

(i) SG = R; (ii) S is a separable extension of R.

In the remaining part of this section we describe the basic tools to construct Galois extensions of rings, whereas in Section 5.2 some important examples and some related questions will be dealt with.

Lemma 5.1.3 Let f(x) be a regular polynomial in R[x] and suppose that µ(f(x)) has a simple root α in , where µ is again the epimorphism K µ : R . Then f(x) admits one and only one root α in R, s.t. −→ K µ(α) = α.

Proof: By hypothesis, µ(f(x)) = (x α)h(x), with h(x) [x]. By − ∈ K Hensel’s Lemma 3.2.6,

f(x) = (x α + g (x))(h(x) + g (x)), − 1 2 where g (x), g (x) m[x] and µ(h(x)) = h(x). If g (x) = a xn+...+a , 1 2 ∈ 1 n 0 with a m, then i ∈ x α + g (x) = a xn + ... + a x2 + (a + 1)x + (a α). − 1 n 2 1 0 − By Theorem 3.2.8, there exists an invertible element e(x) in R[x] such that x α + g (x) = e(x)(x β) − 1 − with β R and µ(β) = α = µ(α). Therefore, f(x) = e(x)(x β)(h(x) + ∈ ′ − g2(x)) and β is the desired root. If β were another root of f(x) such that µ(β′) = α, then we would have

0 = f(β′) = (β′ β)g(β′), − with g(x) = (h(x) + g2(x))e(x). On the other hand, µ(g(β′)) = h(α) = 0, since α is a simple root of 6 f(x). Therefore, g(β′) is a unit and β′ = β. ✷ Now, we want to consider the ”lifting” theorem which allows to extend automorphisms of R to R-automorphisms of S. This is a generalization of what occurs in the Galois theory of ﬁelds ([7], [22] or [44]).

Theorem 5.1.4 Let S be a separable extension of R and let T be a commutative, local ring, R T , with residue ﬁeld K. Then, for each - ⊂ K isomorphism σ : K K, there exists a unique R-morphism σ : S −→ −→ T that induces σ, modulo the maximal ideals of Sand T , respectively. Finally, σ is an R-isomorphism if and only if T is a separable extension of R. 5.1. BASIC FACTS 71

Proof: By hypothesis and by Theorem 4.2.5, K = [a] is a separable K extension of , where a is a simple root of a monic, irreducible polyno- K mial f(x) [x]. If f(x) R[x] is such that µ(f(x)) = f(x), then, by ∈ K ∈ Lemma 5.1.3, there exists a unique element a S such that f(a) = 0. ∈ Moreover, by the characterization of the separable extensions of local rings (see 4.3.1), S ∼= R[x]/(f), possibly by replacing f with a monic polynomial. It follows that 1, a, . . . , an−1 is a basis of the free R- { } module S, where n = deg(f). Let σ : K K be a -isomorphism and −→ K assume that σ(a) = a . Then K = [a ] and a is a simple root of f(x). 0 K 0 0 Again, Lemma 5.1.3. implies that f(x) has exactly one root a0 in T . In this way it is possible to naturally extend the map a a to a −→ 0 morphism of R-algebras that induces σ. Conversely, if σ : S T is −→ an R-morphism, which induces σ : a a over K, then, by Lemma −→ 0 5.1.3, σ(a) is a root of f(x). On the other hand, σ(a) = a0 by uniqueness in Lemma 5.1.3. This shows that σ is uniquely determined modulo the maximal ideals. Finally, if σ is an R-isomorphism, then T is separable, since it is isomorphic to S. Viceversa, if T is separable, then T ∼= R[x]/(f(x)) ∼= S, therefore σ is an isomorphism. ✷

Corollary 5.1.5 Let S be a separable extension of R. Then, S is a Galois extension of R with Galois group GR(S) isomorphic to the Galois group GK(K).

Proof: Since S is a separable extension of R, each -isomorphism of K GK(K) may be lifted to a unique R-isomorphism of S (see Theorem 5.1.4.). Moreover, each R-isomorphism of S is obtained in this way, since the correspondence of Theorem 5.1.4. is a bijection. To completely prove the assertion, it is sufficient to show that R = SG. Obviously, R SG. On the other hand, if s S R, then one of the following is ⊆ ∈ \ true: (i) s is a unit; (ii) s is not a unit. In the first case, σ(µ(s)) = µ(s), for some σ G (K). Consequently, 6 ∈ K if σ G (S) induces σ, then σ(s) = s. In the other case, 1 + s is a unit ∈ R 6 and 1 + s / R. By repeating the argument of the first case and by ∈ observing that σ(1) = 1 we now obtain σ(s) = s. This proves that if 6 s S R, σ(s) = s, for some σ G (S), that is SG R. ✷ ∈ \ 6 ∈ R ⊆ Now, we are able to characterize the Galois extensions of finite, commutative, local rings. 72 CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

Theorem 5.1.6 Let R be a finite, commutative, local ring and S a finite, local extension of R. Then S is a Galois extension of R if and only if S is a separable extension of R. Proof: ) Obvious, by definition of a Galois extension (cf. Def. 5.1.2). ⇒ ) If S is a separable extension of R, then it suffices to apply Corollary ⇐ 5.1.5. ✷

Corollary 5.1.7 S is a Galois extension of R if and only if

S ∼= R[x]/(f(x)), where f(x) is a basic irreducible polynomial (which we always may assume to be monic) over R and GR(S) acts as a permutation group on the roots of the polynomial f(x). Proof: This immediately follows from Theorems 4.3.1, 5.1.4 and 5.1.6. ✷ Remark: Corollary 5.1.5 implies that G (S) = G (K) = [K : | R | | K | ] = deg(µ(f(x))) = deg(f(x)), where f(x) is a polynomial chosen as in K Corollary 5.1.7. By Theorems 3.2.6 and 3.2.9(3) there is an irreducible pre-image over R for any polynomial irreducible over ; this proves the existence of a K Galois finite, local ring extension of a given degree. We now show its uniqueness. Theorem 5.1.8 Let R be a finite, commutative, local ring and S a Ga- lois extension of R, of degree n. Then S is unique, up to isomorphism. Proof: Assume there exist two distinct extensions of degree n of R, say S1 and S2. By Theorem 4.2.7, there exist algebraic elements a1 and a2 over R, such that S1 = R(a1) and S2 = R(a2). By taking the residue fields and denoting by a and a elements such that µ(a ) = a , 1 i 2, 1 2 i i ≤ ≤ we obtain that (a ) = (a ), which are two finite extensions, of degree K 1 ∼ K 2 n, of (by Theorem 2.2.4). K This implies that there exists an isomorphism Φ which maps a1 onto a ; moreover, if g(x), f(x) [x] are the minimal polynomials of a and 2 ∈ K 1 a2, respectively, then Φ(f(x)) = (g(x)). By Hensel’s Lemma (3.2.6) and by Theorem 5.1.4, we can lift Φ to an isomorphism ∼ Φ:˜ R(a ) = R(a ). 1 −→ 2 This complete the proof. ✷ We conclude the section with the following definition. 5.2. EXAMPLES. SPLITTING RINGS 73

Deﬁnition 5.1.9 An element a S is said to be R-separable if a is a ∈ root of a basic irreducible polynomial in R[x].

5.2 Examples. Splitting Rings

In this section we want to provide a class of examples of Galois extensions of local rings. We deﬁne the splitting ring of a basic irreducible polynomial of R[x], which plays the same role as the splitting ﬁeld of an irreducible polynomial of [x] ([56] and [17] respectively). K The basic idea it to describe the Galois group of a separable extension of a local ring in terms of suitable powers of primitive elements of the extension (see Theorem 4.2.7).

Lemma 5.2.1 Let S be a Galois extension of R and ω S the primitive ∈ element such that S = R[ω]. We denote by

ω = ω1, ω2, . . . , ωn

(where n = dimRS) the n distinct images of the element ω = ω1 under the automorphisms in G (S). If g(ω) = 0, for g(x) R[x], then g(x) is R ∈ a multiple, in R[x], of the polynomial

f(x) = (x ω ) (x ω ) R[x]. − 1 ··· − n ∈ Proof: Obviously, the element ω ω S is an unit of S, for i = j. If i − j ∈ 6 g(ω) = 0, then g(ω ) = 0, for each j 1, . . . , n , since 0 = σ (g(ω)) = j ∈ { } j g(σ (ω)) = g(ω ). We can determine a polynomial p (x) S[x] such j j 1 ∈ that g(x) = (x ω )p (x) − 1 1 and, since g(ω ) = 0 and ω ω U(S), p (ω ) = 0. Similarly, there 2 2 − 1 ∈ 1 2 exists a polynomial p (x) S[x] such that p (x) = (x ω )p (x) and 2 ∈ 1 − 2 2 p (ω ) = 0. At the last step g(x) = f(x)p (x) with p (x) S[x]. 2 3 n n ∈ However, since g(x), f(x) R[x] and f(x) is monic, p (x) R[x]. ✷ ∈ n ∈

Lemma 5.2.2 Let S be a Galois extension of R and f(x) R[x] be a ∈ monic, basic irreducible polynomial. If ξ and η are roots of f(x) S, ∈ then a monic, basic irreducible polynomial g(x) R[x] exists for which ∈ ξ|K| and η|K| are roots. ( We have denoted by the cardinality of the | K | residue ﬁeld of R, i.e. = R/m). K 74 CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

Proof: We can always determine a monic, basic irreducible polynomial in R[x] such that g(ξ|K|) = 0 and µ(g) = µ(f) [x] (it is suﬃcient to ∈ K transform f(x) by the automorphism Ψ : S S, such that Ψ(s) = s|K|, −→ for all s S; it follows that 0 = Ψ(f(ξ)) = g(ξ|K|) and µ(g(x)) = ∈ µ(f(x)) [x], since a|K| = a in ). Consider the polynomial h(x) = ∈ K K g(x|K|). Obviously, h(ξ) = 0, and by the previous lemma, f(x) must divide h(x) in R[x]. Also, h(η) = 0, i.e. η|K| is a root of g(x). ✷

Theorem 5.2.3 Let S be a Galois extension of R. There exists an element ω S, which is a primitive element over R, such that the R- ∈ automorphism σ of S, given by σ : ω ω|K|, is a generator of the −→ Galois group of the extension, GR(S).

Proof: Let f(x) R[x] be a monic, basic irreducible polynomial of ∈ degree n and let ω S be one of its roots. Set ∈ A = g R[x] g(x) monic and µ(g) = µ(f) [x] , { ∈ | ∈ K } B = θ S θ is a root of some polynomial in A { ∈ | } and Bj = θj θ B , { | ∈ } 2 for j IN. Obviously, B B|K| B|K| .... Moreover, if ω = µ(ω) ∈ ⊇ ⊇ ⊇ ∈ , since K n−1 µ(f(x)) = (x ω)(x ω|K|) ... (x ω|K| ) − − · · − t and each element of B is a pre-image of some ω|K| , 0 t n 1, then ≤ ≤ − each element of B is of the form

t ω|K| + c, where c M and 0 t n 1. ∈ ≤ ≤ − The fact that the ideal M is nilpotent implies there exists an exponent s IN for B, such that Bs = Bs+1 = Bs+2 = ... and Bs has cardinality ∈ exactly n. By raising each element of Bs to the -th power, we obtain | K | a permutation of these elements. By the ”lifting” Theorem 5.1.4 and by Lemma 5.2.2, there exists an R-automorphism of S, say σ, such that σ(t) = t|K|, for t Bs. The -automorphisms induced in G (K), which ∈ K K we denote by σ, σ2,..., σn, are all distinct, since the map

µ(t) (µ(t))|K| −→

generates GK(K). It follows that σ is a generator of GR(S). ✷ 5.2. EXAMPLES. SPLITTING RINGS 75

Deﬁnition 5.2.4 We say that a Galois extension S of a local ring R is the splitting ring for a basic irreducible polynomial f(x) R[x] if f(x) ∈ splits in linear factors in S[x] and S is generated, as an R-module, by the roots of f(x).

We can summarize the various lemmas, corollaries and theorems proven in this and in the previous section, by stating the following theorem, which, in the literature, is known as the Galois Correspondence Theorem ([56] for rings and, for example, [7] in the ﬁeld case).

Theorem 5.2.5 Let S be a separable extension of R; then: (i) S is a Galois extension of R and, if f(x) R[x] is a monic, basic ir- ∈ reducible polynomial such that S = R[x]/(f(x)), then G (S) = deg(f); ∼ | R | S is the splitting ring of f(x) over R and it is the unique Galois extension of R which has dimension, as an R-module, equal to deg(f). (ii) The Galois group GR(S) is cyclic and isomorphic to GK(K); also, it is generated by σ : ω ω|K|, for a suitable element ω S, which is −→ ∈ primitive over R. (iii) There exists a bijection between the subﬁelds of K which contain and the R-separable subrings of S, which properly contain R; this K bijection preserves both the subﬁeld lattice and the subring lattice. If T is an R-separable extension and S is a T -separable extension, R T S, ⊆ ⊆ then S is R-separable and we have the following exact sequence of groups

1 G (T ) G (S) G (S) 1. −→ R −→ R −→ T −→ (iv) Given the chain of rings R T S such that R S is a Galois ⊆ ⊆ ⊆ extension, then R T is a Galois extension if and only if G (S) is a ⊆ T normal subgroup of GR(S). (v) S has a normal basis over R, i.e. there exists an element ω S such ∈ that σ(ω) σ G (S) is an R-free basis for S. { | ∈ R } Proof: We have only to prove (iv). We want to show that

R T is a Galois extension G (S) ✁ G (S). ⊆ ⇐⇒ T R (Recall that H ✁ G means that H is a normal subgroup of the group G). ) Let ϕG (T )ϕ−1 = G (T ), for all ϕ G (S). By considering the ⇐ R R ∈ R ring ϕ(T ) S, we have that Ψ G (S) iﬀ Ψ(ϕ(t)) = ϕ(t), for each ⊆ ∈ ϕ(T ) t T . Therefore, (ϕ−1Ψϕ)(t) = t, for each t T , iﬀ ϕ−1Ψϕ G (R), ∈ ∈ ∈ T i.e. Ψ ϕG (R)ϕ−1. This means that ϕG (S)ϕ−1 = G (S) and ∈ T T ϕ(T ) from the hypothesis GT (S) ✁ GR(S), it follows that GT (S) = Gϕ(T )(S); thus T = ϕ(T ) , for all ϕ G (S), so R T is a Galois extension. ∈ R ⊆ 76 CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS

) Let R T be a Galois extension, thus ϕ(T ) = T, for all ϕ G (T ). ⇒ ⊆ ∈ R It follows that ϕ(T ) = T, for all ϕ G (S). Moreover, ∈ R −1 ϕGT (S)ϕ = Gϕ(T )(S) and since ϕ(T ) = T , it follows that ϕG (S)ϕ−1 = G (S), for all ϕ T T ∈ G (S), so G (S)✁G (S). Since each automorphism ϕ G (S) induces R T R ∈ R an R-automorphism of T such that ϕ(T ) = T , we have the following epimorphism ρ : G (S) G (T ) R −→ R such that ρ(ϕ) = ϕ , for all ϕ G (S), whose kernel is ker ρ = |T ∈ R GT (S) ✁ GR(S). The Homomorphism Theorem guarantees that

GR(S)/GT (S) ∼= GR(T ). ✷

Example 5.2.6 Assume R = Z and f(x) = x3 + x + 1 R[x]. Set 4 ∈ µ : Z Z = F ; 4 −→ 2 ∼ 2 with abuse of notation, we always denote by µ the epimorphism extended to the polynomial rings

µ : Z [x] F [x]; 4 −→ 2 then µ(f) F [x] is an irreducible polynomial over F . It follows that ∈ 2 2 f(x) is a monic, basic irreducible polynomial of Z4[x] = R[x]. If we 3 consider the quotient ring S = R[x]/(f(x)) = Z4[x]/(x + x + 1), by Corollary 5.1.7, S is a Galois extension, thus a separable extension, of 3 Z4. Therefore S ∼= Z4[ξ], where ξ is a formal root such that ξ = 3ξ + 3; consequently, S, as a Z4-free module, has dimension three over R, i.e. dimR(S) = 3; indeed deg(f) = 3. It follows that the order of the Galois group of the ring extension R ⊆ S is G (S) = 3. Therefore, the Galois group is isomorphic to C , the | R | 3 cyclic group of order three; by the Galois Correspondence Theorem, there are no proper subrings of S which are separable extensions of R. Again with R = Z , take g(x) = x4 +x3 +x2 +x+1 R[x]. This polynomial is 4 ∈ an irreducible polynomial of R[x], therefore S = R[x]/(g(x)) is a Galois extension with Galois group, GR(S), isomorphic to the cyclic group of order four (this immediately follows from 2.3.5 and 5.1.5). We determine the following chain of separable extensions of R 5.2. EXAMPLES. SPLITTING RINGS 77

R T S ⊆ ⊆ where T = R[x]/(h) and h(x) = x2 + x + 1 R[x] such that g(x) = ∼ ∈ x2h(x)+x+1. By the ”lifting” Theorem 5.1.4, it is possible to determine the R-algebra of automorphisms of S by starting from the Galois group GK(K). If ω is a root of g(x) in S, then

g(x) = (x ω)(x ω2)(x ω3)(x [3ω3 + 3ω2 + 3ω + 3]). − − − − The set 1, ω, ω2, ω3 is an R-basis of S as an R-module. If we { } denote by σ a generator of the Galois group GR(S) ∼= C4, then σ(ω) = ω2 σ2(ω) = 3ω3 + 3ω2 + 3ω + 3 σ3(ω) = ω3 σ4(ω) = ω.

The polynomial h(x) = (x (ω3 + ω2 + 2))(x (3ω3 + 3ω2 + 1)) − − determines the Galois extension of degree two of T over R; we observe that σ2(ω3 + ω2 + 2) = ω3 + ω2 + 2.

2 It follows that the ring T = R[ω3 + ω2 + 2] is the ring S<σ >, i.e. it 2 is the subring of S ﬁxed by the subgroup < σ > of GR(S) ∼=< σ >.

Example 5.2.7 Let R = Z4 and S = R[θ] be such that the element θ is a root of the polynomial f(x) = x2 + x + 1 R[x]. It follows that ∈ G (S) =< σ σ2 = id >, where σ(θ) = 3θ+3; moreover, σ(3θ+1) = θ+2 R | and, it is easy to check that, θ + 2 is not a power of the element 3θ + 1. The generator σ satisﬁes

σ(θ) = 3θ + 3 = θ2; this implies that GR(S) is generated by an automorphism which maps a primitive element of S onto its square. 78 CHAPTER 5. GALOIS THEORY FOR LOCAL RINGS Chapter 6

GALOIS AND QUASI-GALOIS RINGS. STRUCTURE AND PROPERTIES

In this chapter we firstly want to analyze the structure of Galois rings which are, in our terminology, Galois extensions of local rings of the form Zpn , where p is a prime and n a positive integer. The importance of such rings is mainly due to the following facts: 1. In some problems of Combinatorics one deals with finite fields and, at the same time, with local rings of the form Zpn ; the two objects obviously share very few properties. Galois rings constitute the common ”point of view” of these clearly so different families; 2. As already said in the previous chapters, Galois rings can be viewed as ”bricks” of all of Finite Commutative Algebra; indeed, in Section 3 of this chapter we will show that each finite, commutative ring can be considered as a suitable algebra over a fixed Galois ring. At the end of this chapter, we will focus on another class of finite, local rings. Such rings will be called Quasi-Galois rings since, as we shall show, the expressions of their elements are very similar to those of Galois ring elements. On the other hand, the properties of such rings are very different from those of Galois rings. In fact, it suffices to notice that the Galois ring GR(pn, r) is a finite, commutative, local ring of cardinality pnr and characteristic pn, whereas the Quasi-Galois ring r n A(p , n) := Fpr [x]/(x ) is a finite, commutative, local ring with the same cardinality but of characteristic p (p a prime), since it contains Fpr as a

79 80 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS subring. Quasi-Galois rings are very interesting especially from the application point of view (e.g. Coding Theory or Finite Geometry) since they have the nicer property of having a prime characteristic.

6.1 Classical Constructions

This section is a survey of the main classical approaches to the study of Galois rings, which we will denote by GR(pn, r), where p is a prime and n, r are positive integers. Some trivial examples are the following: (i) if n = 1, we are considering the Galois extension of degree r of the ﬁeld Zp ∼= Fp; hence,

r GR(p, r) = GF (p ) = Fpr ;

n (ii) if r = 1, then GR(p , 1) = Zpn . The existence of Galois rings was already known to Krull in 1924 [47] but it was only after more than fourth years that Janusz ([38], 1966) and Raghavendran ([63], 1969) independently rediscovered and studied the properties of such rings. By taking into account what we proved about Galois extensions of local rings, GR(pn, r) is isomorphic to the quotient ring Z n [x]/(f(x)), where f(x) Z n [x] is a monic, basic irreducible p ∈ p polynomial of degree r (see Def. 3.2.12, Theorem 4.3.1 and Theorem 5.1.6). These theorems also show that this construction is well-defined. Equivalently, if f(x) Z[x] is a monic polynomial, of degree r, ∈ n n which is irreducible modulo (p) = pZ, then GR(p , r) ∼= Z[x]/(p , f(x)). This ring is local and its unique maximal ideal is the principal ideal pGR(pn, r). More precisely, we will observe in the next section that each ideal of this local ring is principal of the form (pi) = piGR(pn, r), with 0 i n. ≤ ≤ We can also give explicit representations of the elements of such a ring. By taking into account the notation and what we have proved in Theorem 1.4.4, let ξ be a root of the unique monic, basic irreducible polynomial hn(x) Zpn [x] related to the primitive polynomial h1(x) ∈ r ∈ Zp[x], which is used to construct the Galois field GF (p ) ∼= Zp[x]/(h1(x)), r = deg(h1(x)) (we remark that, in this context, the word ”primitive” k is used in the sense of Definition 2.2.7). Since hn(x) divides x 1 in k r n − Z n [x], then ξ = 1, where k = p 1. Moreover, GR(p , r) = Z n [ξ] as p − ∼ p a ring extension. 6.1. CLASSICAL CONSTRUCTIONS 81

There are two canonical ways for representing its elements; in the first one, each z GR(pn, r) can be written as ∈ k−1 j z = v ξ , v Z n . j j ∈ p jX=0 In the other representation, each element z has the p-adic expansion n−1 z = z0 + pz1 + ... + p zn−1, where each zi belongs to the set r := 0, 1, ξ, . . . , ξp −2 , (6.1) Tr { } called the Teichmüller set of the given Galois ring. As we will prove later on (see Prop. 6.2.5), the units in GR(pn, r) contain a cyclic group of order pr 1. Such a ξ is a generator of this cyclic group; moreover, if − we consider the epimorphism µ˜ Z n [x]/(h (x)) Z [x]/(h (x)), p n −→ p 1 thenµ ˜(ξ) = α where α is a primitive element in the finite field GF (pr), i.e. a primitive root of h (x). Thus,µ ˜( ) = GF (pr). 1 Tr What we have proved up to now guarantees the existence and uniqueness (up to isomorphism) of Galois rings. All we have to do is to understand the structure of these rings, their subrings, their ideals and so on. This is dealt with in [56]. Before doing this, it is very important to recall some classical approaches to the theory of such rings. In 1966 Janusz, [38], introduced Galois rings as particular cases of separable algebras over a Dedekind domain. Let R be an integral domain and = Q(R) its quotient field (i.e. K the field of fractions of R). A fractional ideal J is a non-zero additive subgroup of such that RJ J and there exists an element c R 0 K ⊂ ∈ \{ } such that cJ R. R is said to be a Dedekind domain if the fractional ⊂ ideals form a group with respect to the ideal multiplication. As proved in many books of Algebraic Number Theory (see, for example, [59]), the ring of algebraic integers in a number field is a Dedekind domain. We are now able to state the following Proposition 6.1.1 ([38], page 476) Let R be a Dedekind domain with maximal ideal P such that R/P is finite. Let A = R/P k, for some positive integer k. Then, for each positive integer r, there is only one (up to isomorphism) strongly separable A-algebra without proper idempotents (i.e. idempotents different from 0 and 1) and of rank r over A. 82 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Given a ring R, Janusz defines an R-algebra S to be strongly separable if it is finitely generated, separable and projective as an R- module. (We recall that, if A is a commutative ring, an A-module P is said to be projective if the functor Hom (P, ) is right- A · exact, i.e. for each surjective morphism of A-modules M M 0, 1 → 2 → Hom (P,M ) Hom (P,M ) 0 holds). Therefore, in the A 1 → A 2 → special case of R = Z and P = (p), p a prime, the previous proposition shows there is no ambiguity in the notation GR(pn, r) for a strongly separable Z/(pn)-algebra of rank r, having no proper idempotents. Janusz also remarks that such rings can be abstractly characterized as the only rings (without proper idempotents) that are of prime power characteristic and are separable over the subring generated by the identity element. Moreover, for every fixed r, there is a natural projection

π : GR(pn, r) GR(pn−1, r), n −→ for each n, having kernel pn−1GR(pn, r). If we fix r, the collection GR(pn, r), π , has particular properties in terms of inverse sys- { n}n∈IN tems and projective limits; more precisely, one can show that, for r = 1, n D (1) := projlim GR(p , 1), π = projlim Z n , π is the ring of p- p { n} { p n} adic integers and Dp(r) is the unique strongly separable extension of Dp(1) with no proper idempotents and with rank r over Dp(1). All this is quite beyond the scope of this book, therefore, without going too deep into details, we refer the reader to [38], [53] and [71]. What is important is to observe how strong is the relationship between Galois rings and p-adic integers. Another important paper about Galois rings was published three years later by Raghavendran [63]. In this article he treats the more general problem of determining the structure of prime power rings, i.e. rings whose orders are prime powers. A particular case is given by R, a finite, associative ring (not necessarily commutative), with a multiplicative identity 1 = 0, such that its zero-divisors form an additive group 6 J. In this case, from a general result due to Ganesan [25], it follows that J is an ideal in R; more precisely, J coincides with the Jacobson radical of R (see (1.2)), being the unique maximal left ideal in R. Since each element of R, not in J, has an inverse, R/J is a division ring (or a skew-field, see after Example 2.3.7). Now we have the following fundamental

Theorem 6.1.2 Let R be a ﬁnite ring (not necessarily commutative) with a multiplicative identity 1 = 0 whose zero-divisors form an additive 6 group J. Then 6.1. CLASSICAL CONSTRUCTIONS 83

(i) J is the Jacobson radical of R; (ii) R = pnr and J = p(n−1)r, for some prime p and some positive | | | | integers r and n; (iii) J n = (0); (iv) the characteristic of the ring R is pk for some integer 1 k n; ≤ ≤ and (v) if the characteristic is pn, then R will be commutative.

Proof: As we observed before, (i) immediately follows from Ganesan’s result [25]. Since R/J is a finite division ring, from Wedderburn’s The- orem (see Theorem 2.3.8) it follows that R/J is the finite field GF (q), where q = pr, r a positive integer and p a prime which coincides with the characteristic of this finite field. If 1 denotes the multiplicative identity in R, the element p 1 belongs · to the nilideal J; this means that the additive order of 1 in R is pk, for some positive integer k. Therefore, R = pN and J = pN−r, for | | | | some positive integer N strictly greater than r. To completely prove (ii), we only have to show that r divides N. For this purpose, choose an element g1 in R such that the coset (g1 + J) is a cyclic generator of the multiplicative group of the field R/J (see Theorem 2.1.3). Since the units in R form a multiplicative group U(R) of order (pr 1)pN−r (as we − have observed in the proof of Proposition 1.3.1(2.)), the multiplicative s order of g is (pr 1)ps, for some integer s 0. Write g = gp ; g is 1 − ≥ 1 an element of U(R) with multiplicative order pr 1; moreover, if α, β − are integers such that gα gβ J then gα = gβ, since g + J is a cyclic − ∈ generator of U(R/J). We now introduce an equivalence relation on the elements of R by

x y if and only if x = gαy, ∼ for a non-negative integer α. For any non-zero element x R, the ∈ equation gαx = gβx implies that gα gβ J, i.e. gα = gβ; thus, the pN 1 non-zero elements − ∈ − of R split into equivalence classes each containing exactly pr 1 elements. − It follows that (pr 1) (pN 1), i.e. r N. − | − | We also observe that the number of elements in any left ideal of R is a power of pr; so we obtain a strictly descending sequence

J J 2 J 3 ⊃ ⊃ ⊃ · · · such that J n = (0). This immediately proves (iii) and (iv). 84 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Consider now the set

F := 0, gk 1 k pr 1 . 1 { | ≤ ≤ − } If a, b F are elements such that a b J, then a = b. Therefore, if ∈ 1 − ∈ we assume that the characteristic of R is pn, by induction on k, we can n−1 k n−1 k show that, for elements ak, bk F1, k=0 p ak = k=0 p bk implies that n−1 ∈ p (ak bk) = 0, so ak = bk, for each k 0, . . . , n 1 . This shows − P ∈ { P − } n−1 k that each element of R can be uniquely written in the form k=0 p ak, with a in F , so that R will be commutative. ✷ k 1 P The next corollary describes other important properties of such rings; before stating it, we recall a standard deﬁnition of Group Theory.

Deﬁnition 6.1.3 Let G be a group. The commutator of an ordered pair (g1, g2) of elements of G is the element

[g , g ] := g−1g−1g g G. 1 2 1 2 1 2 ∈ The subgroup of G which is generated by all commutators is usually denoted by G′ = [G, G] and called the derived group (or commutator subgroup) of G. More generally, one can recursively deﬁne the nth derived group as − G(n) = (G(n−1))′ = [G(n−1),G(n−1)].

Therefore, one determines a descending chain of normal subgroups

G = G(0) ✄ G(1) ✄ G(2) ✄ , ··· such that G(i)/G(i+1) is an abelian group, for each i 0. If G is a ﬁnite ≥ group, this chain must terminate after a ﬁnite number of steps. This chain is called the derived series of G if the last subgroup, say G(n), is equal to 1 and, in such case, G is said to be a solvable group (for { } more details see, for example, [32] or [65]).

Now, we can state the following

Corollary 6.1.4 Let R be a ring as in Theorem 6.1.2; then: (i) any subring R1 is again a ring of the same type; (ii) any homomorphic image R = (0) of R is again a ring of same type; 2 6 (iii) the multiplicative group U(R) is a solvable group. 6.1. CLASSICAL CONSTRUCTIONS 85

Proof: (i) If x is any element of R, there exists a positive integer m such that xm equals 0 or 1, according to the fact that x does or does not belong to the nilideal J. Thus, an element x of the subring R R will be a unit 1 ⊂ (a zero-divisor resp.) in R1 if and only if it is invertible (a zero-divisor resp.) in the whole ring R, so that the ideal J1 of all the zero-divisors in R is J R . Therefore, if p , n and r refer to the subring R , we 1 ∩ 1 1 1 1 1 have p1 = p and r1 is a factor of r, since U(R1) < U(R). Of course, the characteristic of R1 is the same as that of R. (ii) Let K be the kernel of a non-trivial homomorphism of R; this means that K is a nilideal in R. Now, an element x in R is a unit if and only if the relative coset x+K is invertible in the quotient ring R2 = R/K. If J2, p2, r2 and n2 refer to the quotient ring, we see that p2 = p, r2 = r (since K is a power of pr), n n and J n2 K. In the case J n−1 = (0), we | | 2 ≤ ⊆ 6 have J n2 = K, thus we can conclude there exist at least n 1 non-trivial − homomorphisms on a ring of the type considered. (iii) Since the quotient ring R/J is commutative,

[a, b] = a−1b−1ab 1 + J ∈ { } for each a, b U(R). Observe that 1+J is a multiplicative subgroup of ∈ { } U(R) whose order is a prime power, i.e. a p-group. By elementary Finite Group Theory [65], a p-group is a nilpotent group, thus, in particular, it is solvable. Therefore the ﬁrst commutator subgroup of U(R) is a solvable group, being a subgroup of a nilpotent one. So U(R) is solvable. ✷

Corollary 6.1.5 Let G be the cyclic group of order pr 1 generated 1 − by the element g introduced in the proof of Theorem 6.1.2 (ii). If G2 is any subgroup of order pr 1 in U(R), then G and G are conjugate in − 1 2 U(R).

Proof: This follows from P. Hall’s Theorem (see [65], page 284) which states that if G is a solvable group of order mn such that g.c.d.(m, n) = 1, then 1. there exists a subgroup of order m; 2. two distinct subgroups of order m are conjugate in G. r(h−1) In our case [U(R): G1] = p , where hr = N, and this index is relatively prime to the order of G1. ✷

Proposition 6.1.6 Let R be a ring as in Theorem 6.1.2, then R contains a subﬁeld of order pr if and only if the characteristic of R is p. 86 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

r Moreover, if F1, F2 are two subﬁelds of order p in R, then there is a −1 unit a in R s.t. a F1a = F2.

Proof: The set F = 0, gk 1 k pr 1 , 1 { | ≤ ≤ − } introduced in Theorem 6.1.2, is the ”natural candidate” of our statement. The necessity of the condition on the characteristic of R is already stated in the Remark after 1.1.3; assume now that the characteristic of R is p and consider two distinct elements a, b of F so that a b U(R). If 1 − ∈ R1 is the subring of R generated by the elements of F1, we see that G1 (as in 6.1.5) is the unique subgroup of order pr 1 in the abelian group − U(R ). As (a b)q = aq bq = a b and so (a b)q−1 = 1, where q = pr, 1 − − − − we see that a b G < U(F ). The second statement follows from the − ∈ 1 1 result in 6.1.5. ✷ Recall that, if R is as in Theorem 6.1.2 (v), i.e. char(R) = pn, then it must be a commutative ring. It is easy to observe that, when n = 1, R reduces to the Galois ﬁeld GF (pr), whereas, when r = 1, R is n isomorphic to Zpn . Raghavendran introduces the Galois ring GR(p , r) (as we did in Section 1.4) by considering a monic polynomial f(x) Z[x] ∈ of degree r, which is irreducible modulo p, such that the quotient ring R = Z[x]/(pn, f(x)) has order pnr and charactestic pn. Since such a ring contains exactly pr(n−1) zero-divisors which form an additive group, it is a particular case of Theorem 6.1.2. With a little more work, he also proves that any ring of the type considered in Theorem 6.1.2(v) is isomorphic to the ring Z[x]/(pn, f(x)), for suitable values of p, r, n and f(x) Z[x] an arbitrary monic polynomial ∈ of degree r, irreducible modulo p. Therefore, one can immediately deduce many properties of Galois rings.

Proposition 6.1.7 Let GR(pn, r) be a Galois ring, where p is a prime and n, r are positive integers. Then: a) Every subring is of the form GR(pn, s) for some divisor s of r. Con- versely, for every positive divisor s of r there exists a unique subring of R which is isomorphic to GR(pn, s). b) The automorphisms of the ring GR(pn, r) form a cyclic group of order r. c) Any homomorphic image (= (0)) of GR(pn, r) is a ring of the form 6 GR(pm, r) for some integer 1 m n. Conversely, for each integer 1 ≤ ≤ ≤ m n there are exactly r homomorphisms of GR(pn, r) onto GR(pm, r). ≤ 6.1. CLASSICAL CONSTRUCTIONS 87 d) Let G be the multiplicative group of units in GR(pn, r). Then G is a direct product of a cyclic group G of order pr 1 and a group G of 1 − 2 order pr(n−1), whose structure is described below.

1. If p is odd or p = 2 and n 2, then G is the direct product of r ≤ 2 cyclic groups each of order pn−1;

2. when p = 2 and n 3, the group G is the direct product of a ≥ 2 cyclic group of order 2, a cyclic group of order 2n−2 and (r 1) − cyclic groups each of order 2n−1.

We do not prove here these statements by following Raghavendran’s method, since they will be proved in Section 6.2. We only want to point out that Raghavendran proves such properties by using the approach of Theorem 6.1.2 and of its corollaries. The reader is referred to the original article [63]. There is another important construction of Galois rings, which is based on an ingenious definition of a suitable F-algebra of vectors, defined by any commutative ring F of characteristic p. Such vectors are known, in the literature, as Witt vectors (see, for example, [37], vol. II page 501). Consider A = Q[xi, yj, zk] the polynomial ring in 3m indeterminates x , y , z , 0 i, j, k m 1, over the field of the ra- i j k ≤ ≤ − tional numbers. Let A(m) be the set of m-tuples (a , . . . , a ), a A, 0 m−1 i ∈ with the usual definition of equality and with componentwise addition and multiplication, which will be denoted by and respectively. ⊕ ⊙ Let p be a prime number and let a = (a0, . . . , am−1) . We can define a map φ : A(m) A(m), −→ such that aφ = (a(0), a(1), . . . , a(m−1)), (6.2) where ν ν−1 a(ν) = ap + pap + ... + pνa , 0 ν m 1. 0 1 ν ≤ ≤ − These are called the ghost components of a. Note that (0,..., 0)φ = (0,..., 0) and (1, 0,..., 0)φ = (1,..., 1) = u, where u is the unit in A(m). We also introduce the map P : A(m) A(m) such that −→ P : a ap = (ap, . . . , ap ). → 0 m−1 Thus, (6.2) gives

a(0) = a , a(ν) = (aP )(ν−1) + pνa , ν 1. 0 ν ≥ 88 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Next, deﬁne a map ψ such that

(0) (1) (m−1) ψ (a , a , . . . , a ) = (a0, a1, . . . , am−1), where,

1 ν ν−1 a = a(0), a = (a(ν) ap pap ... pν−1a , ν 1. 0 ν pν − 0 − 1 − − ν−1 ≥

It is easy to check that φ ψ = ψ φ = id (m) , which shows that φ is ◦ ◦ A injective and onto with ψ as its inverse. We shall now use φ and ψ to define a new ring structure on A(m). We put −1 a + b := (aφ bφ)φ , ⊕ −1 ab := (aφ bφ)φ , ⊙ (m) respectively. We denote by Am the new ring, so that Am and A coincide as sets and φ is an isomorphism; thus Am is commutative and such that (0,..., 0) and (1, 0,..., 0) are the zero and the identity element of the ring, respectively. We can easily determine the formulas for x + y, xy and x y for arbitrary vectors x, y A . In general, if − ∈ m ⋆ denotes any one of the operations +, , in A , then it is clear from · − m the definitions that the ν-th component (x⋆y)ν of x⋆y is a polynomial in x0, . . . , xν, y0, . . . , yν, with rational coefficients and 0 constant term. For example, we have

1 p−1 p i p−i (x + y)0 = x0 + y0 (x + y)1 = x1 + y1 p Σi=1 x0y0 − i !

p p (xy)0 = x0y0 (xy)1 = x0y1 + x1y0 + px1y1

The ﬁrst basic result of this theory is that (x ⋆ y)ν is a polynomial (with 0 constant term) in Z[x , . . . , x , y , . . . , y ], for each 0 ν 0 ν 0 ν ≤ ≤ m 1 (see Theorem 8.25 in [37], vol. II, page 504). It is convenient to − write such polynomials as

(x + y) := s (x , . . . , x , y , . . . , y ) Z[x , y ], ν ν 0 ν 0 ν ∈ i j (xy) := m (x , . . . , x , y , . . . , y ) Z[x , y ], (6.3) ν ν 0 ν 0 ν ∈ i j (x y) := d (x , . . . , x , y , . . . , y ) Z[x , y ]. − ν ν 0 ν 0 ν ∈ i j Let η be a Q-endomorphism of the algebra A. Suppose that

η η xν = aν, yν = bν; 6.1. CLASSICAL CONSTRUCTIONS 89 then, (x(ν))η = a(ν), (y(ν))η = b(ν),

((x + y)(ν))η = (x(ν))η + (y(ν))η = a(ν) + b(ν) and η ((x + y)ν) = (a + b)ν. Hence, by (6.3),

(a + b)ν = sν(a0, . . . , aν, b0, . . . , bν),

(ab)ν = mν(a0, . . . , aν, b0, . . . , bν), (a b) = d (a , . . . , a , b , . . . , b ). − ν ν 0 ν 0 ν Since there exists a Q-endomorphism of A mapping the xν’s and yν’s into arbitrary elements of A, the foregoing formulas hold for arbitrary elements a, b A . ∈ m Now, we can define the ring of Witt vectors for a finite field F = GF (pn); (more generally, one can define it for an arbitrary commutative ring R with characteristic p). Given a positive integer k, denote by W (F) the ring (Fk, +, ) such that k ·

(a + b) := (s0(a, b),..., sk−1(a, b)),

ab := (m0(a, b),..., mk−1(a, b0)), for every a, b Fk, where ∈

sν(a, b) = sν(a0, . . . , ak−1, b0, . . . , bk−1),

mν(a, b) = mν(a0, . . . , ak−1, b0, . . . , bk−1), 0 ν m 1, and where s (a, b), m (a, b) are the images in F of ≤ ≤ − ν ν sν(x0, . . . , yν) and mν(x0, . . . , yν), respectively, under the homomorphism of Z[xi, yj] into F such that

x a , y b i → i i → i for 0 i k 1. We also put 0 = (0,..., 0) and 1 = (1, 0,..., 0) in ≤ ≤ − Wk(F).

Theorem 6.1.8 (see [37], vol II, Theorem 8.26) (W (F), + , , 0 , 1) k · is a commutative ring. 90 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Wk(F) is called the ring of Witt vectors of length k over F and it can be shown ([37], vol. II, from page 505) that Wk(F) is a ﬁnite, commutative ring of characteristic pk. Observe that there is a sequence of projections (i.e. reductions modulo pi, i 1), such that ≥ W (F) W (F) W (F) = F, · · · → 3 → 2 → 1 ∼ i where each Wi(F) is isomorphic to the Galois ring GR(p , n). The Witt vectors of the form

u(x) = (x, 0,..., 0), x F ∈ determine a multiplicative monoid, isomorphic to (F, ), which corre- · sponds to the Teichm¨uller set of the Galois ring GR(pi, n) (see (6.1)). Ti Therefore, Witt vector theory allows to give a further deﬁnition of Galois rings.

6.2 Galois Ring Properties

In this section we want to investigate the fundamental properties of Ga- lois rings by using what we observed in the previous chapters. Recall that, by deﬁnition,

n GR(p , r) = Zpn [ξ] = Zpn [x]/(G(p,r)(x)),

where ξ is a formal root of the monic, basic irreducible polynomial G (x) Z n [x], determined by the integral version of Hensel’s lemma (p,r) ∈ p (see 1.4.3) from a primitive polynomial g (x) Z [x] of degree r (in (p,r) ∈ p the sense of Deﬁnition 2.2.7), such that

r Fpr = GF (p ) = Fp[x]/(g(p,r)(x)) ∼= Zp(θ), with g (θ) = 0 and g (x) G (x) (mod p). Thus, the polyno- (p,r) (p,r) ≡ (p,r) mial G(p,r)(x) is linked to g(p,r)(x) by the epimorphism (1.9) (see Section 1.4) µ : Z n [x] Z [x], p −→ p i.e. µ(G (x)) = g (x) Z [x]. (p,r) (p,r) ∈ p As already observed in Section 1.4, Hensel’s lemma reduces to simple calculations if g (x) Z [x] is monic, irreducible of the form (p,r) ∈ p g (x) = xr + a xr−1 + + a . (p,r) r−1 ··· 0 6.2. GALOIS RING PROPERTIES 91

r n r−1 Indeed, in such a case, we have G(p,r)(x) = x +(p p+ar−1)x + + n − ··· (p p + a ) Z n [x] (note that, since each a Z , j 0, . . . , r 1 , − 0 ∈ p j ∈ p ∈ { − } pn p + a < pn as a positive integer; so it makes sense to consider − j G (x) Z n [x]). (p,r) ∈ p Such a polynomial generates a proper ideal in Zpn [x], since the element µ(G (x)) = g (x) Z [x] is not a unit in the Euclidean (p,r) (p,r) ∈ p domain (cf. Proposition 3.2.2). Explicitly, we have

r−1 n j GR(p , r) := b ξ b Z n , 0 j r 1 , (6.4) { j | j ∈ p ≤ ≤ − } jX=0 with G(p,r)(ξ) = 0. This ring is a ﬁnite, local ring (its cardinality is (pn)r = pnr), with maximal ideal pGR(pn, r) and residue ﬁeld given by n n GR(p , r)/pGR(p , r) ∼= Fpr . Note that the elements in the maximal ideal can be uniquely written as

r−1 n j pGR(p , r) := p b ξ b Z n , 0 j r 1 , { j | j ∈ p ≤ ≤ − } jX=0 with G(p,r)(ξ) = 0; more precisely,

r−1 n j pGR(p , r) = b ξ b pZ n , 0 j r 1 , (6.5) { j | j ∈ p ≤ ≤ − } jX=0 where G (ξ) = 0 and where pZ n Z n is the maximal ideal of the (p,r) p ⊂ p local ring of the integers modulo pn. Therefore, the ideal pGR(pn, r) has cardinality equal to (p(n−1))r = pr(n−1).

Example 6.2.1 Take the ring Z8. In this situation, p = 2 and n = 3, and assume r = 3. Recall that

F = Z [x]/(x3 + x + 1) = a + bζ + cζ2 a, b, c F , 8 ∼ 2 { | ∈ 2} where ζ3 = ζ + 1, i.e.

F = 0, 1, ζ, ζ2, 1 + ζ, 1 + ζ2, ζ + ζ2, 1 + ζ + ζ2 . 8 { } The polynomial g (x) = x3 +x+1 Z [x] is the primitive polynomial (2,3) ∈ 2 used for the ﬁeld extension F F (see Deﬁnition 2.2.7). By Hensel’s 2 ⊂ 8 lemma, G = x3 + (8 2 + 0)x2 + (8 2 + 1)x + (8 2 + 1) = (2,3) − − − x3 + 6x2 + 7x + 7 Z [x]. This monic, basic irreducible polynomial ∈ 8 determines a proper ideal in Z8[x] (in fact, this polynomial has the form 92 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

3 2 b3x + b2x + b1x + b0, with b3 = 1 and b1 = 7 which are not nilpotent elements in Z8, see Proposition 3.2.2.) We now describe the ring GR(8, 3) as

GR(8, 3) = b + b ξ + b ξ2 b Z , { 0 1 2 | i ∈ 8} where ξ is a formal root of G (x) Z [x], i.e. ξ3 = 2ξ2 + ξ + 1; (2,3) ∈ 8 therefore, GR(8, 3) = 83 = 512. The maximal ideal M in Z is 2Z = | | 8 8 0, 2, 4, 6 . We have the following exact sequence { } 0 M Z π Z 0 . −→ −→ 8 −→ 2 −→ The epimorphism π extends to the polynomial ring morphism µ from Z [x] to Z [x]. The ideal (M, x3 + 6x2 + 7x + 7) Z [x] is a proper ideal 8 2 ⊂ 8 and

3 2 3 Z8[x]/(M, x + 6x + 7x + 7) ∼= Z2[x]/(x + x + 1) ∼= F8, since µ(x3 + 6x2 + 7x + 7) = x3 + x + 1. Next, consider the induced map

µ˜ : GR(8, 3) = Z [x]/(x3 + 6x2 + 7x + 7) Z [x]/(x3 + x + 1) = F ; ∼ 8 −→ 2 ∼ 8 the kernel of this epimorphism is 2GR(8, 3) and coincides with the maximal ideal of GR(8, 3) that is the image of the maximal ideal 2Z Z 8 ⊂ 8 .(under the inclusion Z ֒ GR(8, 3 8 → The elements of this kernel are of the form

2GR(8, 3) = 2(b + b ξ + b ξ2) b , b , b Z , { 0 1 2 | 0 1 2 ∈ 8} with ξ3 = 2ξ2 + ξ + 1. Clearly, 2GR(8, 3) = 43 = 64, | | since the coeﬃcients 2b , 2b , 2b M = 2Z . Therefore, we can write 0 1 2 ∈ 8 2GR(8, 3) = λ + λ ξ + λ ξ2 λ M, 0 i 2 , { 0 1 2 | i ∈ ≤ ≤ } again with ξ3 = 2ξ2 + ξ + 1.

We now describe the basic properties of the Galois ring GR(pn, r), for each prime p and any positive integers n, r. We already know that GR(pn, r) is a ﬁnite, commutative, local ring with maximal ideal 6.2. GALOIS RING PROPERTIES 93 pGR(pn, r). This also implies that such a ring is principal, since each ideal is of the form

I := pkGR(pn, r), 1 k n 1. (6.6) k ≤ ≤ − This is an easy consequence of the deﬁnition of GR(pn, r) and the fact that the ideals in the ring Zpn form the chain

2 n−1 pZ n p Z n ... p Z n (0). p ⊃ p ⊃ ⊃ p ⊃ Moreover, this immediately proves what is stated in Proposition 6.1.7(c).

Proposition 6.2.2 Let p be a prime and n, r two positive integers. Each non-zero element y in GR(pn, r) may be written as y = upt, where u is a unit and 0 t n 1. In this representation, the integer t is ≤ ≤ − uniquely determined, whereas u is unique modulo (pn−t).

Proof: It is obvious that if y is a unit, then t = 0; on the other hand, if y is nilpotent, it belongs to an ideal Ik of the form as in (6.6). Therefore t is unique. Now, since t is uniquely determined, if we suppose

y = upt = xpt, for some x, u U(GR(pn, r)), then ∈ (x u)pt = 0. − This means that x u I , i.e. x = u + λpn−t, for some λ − ∈ n−t ∈ U(GR(pn, r)). ✷

Proposition 6.2.3 Every subring of GR(pn, r) is a Galois ring of the form GR(pn, s), where s divides r. Conversely, if s divides r, then GR(pn, r) contains a unique copy of GR(pn, s).

Proof: First, suppose GR(pn, s) GR(pn, r), for a prime p and some ⊂ positive integers n, r, s such that s < r. If y GR(pn, r), there exists a ∈ positive integer k such that yk equals either 0 or 1, according to the fact that y is either nilpotent or a unit in GR(pn, r). Therefore, an element of GR(pn, s) is nilpotent (invertible) in GR(pn, s) if and only if it is in GR(pn, r). This implies that

pGR(pn, s) = GR(pn, s) pGR(pn, r), ∩ i.e. the finite local ring extension GR(pn, s) GR(pn, r) is unramified, ⊂ i.e. this extension is separable, which implies that the residue fields = K 94 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Fps and K = Fpr , respectively, determine the separable field extension K (see Theorem 4.2.5). Theorem 2.3.1 ensures that F s is a subfield K ⊂ p of Fpr if and only if s divides r. Conversely, by Theorem 5.2.5(iii), there is a bijection between the subfields of Fpr which contain Fp and the Zpn -separable subrings of GR(pn, r). Moreover, such a bijection preserves both the subfield lattice and the subring lattice. This implies that, if H is a subring of n ns n GR(p , r) of cardinality p , s divides r, then Zpn H GR(p , r). So ⊂ ⊂ n H is a Zpn -separable extension which is contained in GR(p , r). More- over, there is a unique copy of such a subring determined by its order. n We only have to show that H ∼= GR(p , s). This immediately follows from the fact that, given s a divisor of r, the ring GR(pn, s) is always a subring of GR(pn, r) of order pns. ✷ For the next result we want to show, we need the following technical lemma.

Lemma 6.2.4 Let p be an odd prime and at, bt, ct be the coeﬃcients of xt in the polynomial expansions of (1 + px)N , (1 + 2x)N and (1 + 4x)N , respectively. Then: (a) If pα N, then pα+1 a and pα+2 a , for all t 2. | | 1 | t ≥ (b) If 2α N, then 2α+1 b , for t = 1, 2 and 2α+2 b , for t 3. | | t | t ≥ (c) If 2α N, then 2α+2 c and 2α+3 c , for t 2. | | 1 | t ≥ (d) 4 b , for all t 2. | t ≥ α Proof: Suppose that N = pαh; so, (1 + px)N = ((1 + px)p )h. Next, the Newton binomial formula:

n n (x + y)n = xn−kyk, k ! kX=0 in our case gives α α p 1 (1 + px)p = 1 + pα+1x + pα+2( − )x2 + . 2 ··· α+1 α+2 Therefore, p surely divides a1 and p divides all the other coeﬃ- cients of this expansion. So (a) follows. To prove (b), we use the same procedure, but in this case we get 2α α α 2 3 2 + 1 (1+2x)2 = 1+2α+1x+2α+1(2α 1)x2 +2α+2( − · )x3 + , − 3 ··· i.e. 2α+1 b , b and 2α+2 b , for t 3. (c) obviously follows from | 1 2 | t ≥ the fact that 4x = 22x. For (d), we simply have to apply the binomial formula 6.2. GALOIS RING PROPERTIES 95

N N N N (1 + 2x)N = (2x)t = 2txt. t ! t ! Xt=0 Xt=0 N t Therefore, bt = 2 and also this last assertion immediately fol- t ! lows. ✷ Now, we are able to prove the following Proposition 6.2.5 Let R = GR(pn, r), p a prime and n, r positive integers. Then, the units of the Galois ring form a group

U(R) = G G , ∼ 1 × 2 where r (a) G1 is a cyclic group of order p 1; r(n−1) − (b) G2 is a group of order p such that:

1. if p is odd or if p = 2 and n 2, then G is a direct product of r ≤ 2 cyclic groups each of order pn−1;

2. if p = 2 and n 3, then G is a direct product of a cyclic group of ≥ 2 order 2, a cyclic group of order 2n−2 and (r 1) cyclic groups of − order 2n−1.

Proof: The trivial cases n = 1 or r = 1 can be easily proved. In fact, if n = 1, GR(p, r) = Fpr and we get the statement from Theorem 2.1.3. n Next, if r = 1, GR(p , 1) = Zpn . In such a case, we know that an element u Z n , written as in (1.4), is a unit if and only if u = 0 (see Proposition ∈ p 0 6 1.4.1); whereas the ideal pZpn coincides with the set of all the non-units n n−1 n−1 n in Z n . Therefore, U(Z n ) = p p = p (p 1) = Φ(p ), where Φ p | p | − − is the Euler function (see Section 3.1). Since U(Zpn ) is an abelian group, it follows that there is a subgroup, say G , of order p 1 and a subgroup 1 − G of order pn−1 such that G G = 1 , because of their orders. 2 1 ∩ 2 { } If p = 2 and n = 1, then GR(2, 1) = Z , so U(Z ) = 1 . If p = 2 and 2 2 { } n = 2, then GR(4, 1) = Z4 and U(Z4) is isomorphic to the cyclic group n n−1 C . If p = 2 and n 3, GR(2 , 1) = Z n and U(Z n ) = 2 , therefore, 2 ≥ 2 | 2 | U(Z2n ) is an abelian 2-group. We already know that, in general, such group is not cyclic; in fact, at the beginning of this section, we computed, for example, that U(Z ) = C C . So, for n = 3, we get the statement. 8 ∼ 2 × 2 This is a consequence of a more general result; in fact, one can prove that the element 5 Z n , viewed as an element of the group U(Z n ), has ∈ 2 2 96 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS order 2n−2 if n 3 (see [59]). First of all, we can deduce, by induction ≥ on n, that (as integers) n−2 52 = 1 + k2n (6.7)

for some odd integer k. In fact, in the case n = 3, we get k = 3. It follows that n−1 52 = (1 + k2n)2 = 1 + s2n+1,

where s = k + k22n−1 is also an odd integer. Thus (6.7) holds for each n 3. Moreover, (6.7) implies that the order of 5 in the group U(Z n ) ≥ 2 is a divisor of 2n−2. Now, if in (6.7) n is replaced by n 1, the order of n−3 − 5 in U(Z2n ) is not 2 , since k is odd. Hence the order of this element is exactly 2n−2. We can consider the set of integers n−2 S = 5, 52, 53,..., 52 . {± ± ± ± } The positive (negative) integers are pairwise incongruent modulo 2n by the above; moreover,

5r 5s mod 2n (2n 5s) mod 2n ≡ − ≡ − is impossible for any positive integers r and s. In fact, by assuming r s ≥ and since g.c.d.(2, 5) = 1, we can divide this congruence by 5s, to get 5r−s 1 mod 4. This is impossible, since 5t 1 mod 4 for all integers ≡ − ≡ t 0. Finally, we note that S can be represented as the direct product ≥

n−2 1, 1 5, 52, 53,..., 52 . { − } × { }

This is obviously isomorphic to the abelian group C C n−2 . Thus, the 2 × 2 statement is true also in the case p = 2, r = 1 and n 3. ≥ It remains to treat the case when p is an odd prime, r = 1 and n 2. ≥ We shall show that in Zpn we can always ﬁnd an element of order exactly pn pn−1 and not less. In such a case, since pn pn−1 = pn−1(p 1), − − − with p and p 1 obviously relatively prime, U(Z n ) will be isomorphic − p to the direct product of a cyclic group Cp−1 and a cyclic group Cpn−1 . To show that there is such an element, we consider an integer a < p such that ap−1 1 mod p, i.e. ap−1 = 1 + kp, for some k. We want to ≡ n n−1 construct an element b Z n of order exactly p p . ∈ p − If g.c.d.(k, p) = 1, choose b = a. If p k, then ap−1 1 mod p2 and | ≡ so we deﬁne b = a + p. Using the binomial formula, we get

bp−1 (a + p)p−1 ap−1 + p(p 1)ap−2 1 + p(p 1)ap−2 mod p2. ≡ ≡ − ≡ − 6.2. GALOIS RING PROPERTIES 97

p−1 With either deﬁnition of b, we have b = 1 + pn1 for some integer n such that g.c.d.(p, n ) = 1. Obviously, bp−1 1 mod p. Raising the 1 1 ≡ previous congruence to the pth power, yields

bp(p−1) (1 + pn )p 1 + p2n mod p3, ≡ 1 ≡ 1 p(p−1) 2 and hence we can write b = 1 + p n2, where p does not divide n2. By recursively applying such a congruence, we can conclude in the same j−1 way that bp (p−1) = 1 + pjn , j 3, with g.c.d.(p, n ) = 1. Let h j ≥ j be the smallest integer such that bh 1 mod pn; we want to prove that ≡ h = Φ(pn), where Φ is the Euler function. Such an h is, a priori, a divisor of pn−1(p 1), so that h can be written as h = psd, where s n 1 and − ≤ − d divides p 1. It follows that −s bp (p−1) 1 mod pn and 1 + ps+1n 1 mod pn. ≡ s+1 ≡ This implies s + 1 n, so s = n 1. Also, bh 1 mod pn implies ≥ − ≡ bh 1 mod p. From this and the fact that bp b mod p, it follows that ≡ ≡ s bh bp d bd 1 mod p, ≡ ≡ ≡ therefore d = p 1. − All the trivial cases are proved. Thus, suppose n, r 2. Let R de- ≥ note the Galois ring GR(pn, r) and its residue ﬁeld R/pR. The natural K ring epimorphism µ : R obviously induces a group epimorphism, −→ K which we shall continue to denote by µ, such that

µ : U(R) U( ). −→ K Therefore,

U(R) = U( ) pR = (pr 1)pr(n−1); | | | K | · | | − moreover, g.c.d.(pr 1, pr(n−1)) = 1 implies that − U(R) = G G , 1 × 2 where G = pr 1 and G = pr(n−1). | 1 | − | 2 | The structure of G is easy to determine; in fact, let U( ) =< a > 1 K and a an element in G1 such that µ(a) = a. Since µ is a group homomorphism, the order of a is at least pr 1, which is the cardinality of − G . Thus ord(a) = pr 1 and G =< a >. 1 − 1 Case I: p = 2 and n 3. Since, in , 02 + 0 = 12 + 1, the ﬁeld ≥ K endomorphism given by a a2 + a → 98 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS is not injective. Consequently, the map is not surjective. Therefore, 2 there is a b such that the polynomial fb(x) = x + x b has no ∈ K i − roots in . Choose b R such that µ(b) = b. Let gi = ξ 0≤i≤r−1 be K ∈ { } i the standard free Z2n -basis for R, as a free Z2n -module, where ξ is as in (6.4), for each i. The element

α := 2n−1g 1 = 2n−1 1 0 − −

belongs to G2. In fact,

α2 = (2n−1 1)2 = 22(n−1) + 1 = 1, − since 2n 2 n if and only if n 2, which is our range. − ≥ ≥ Observe that the element β := 4b = 22b R is nilpotent; so, from the ∈ proof of Theorem 1.3.1(2.), it follows that 1 + β U(R). By observing 2n−2 ∈ that (1 + β) = 1, one can deduce that it is in G2. Moreover, for n−1 each γ G , γ2 = 1, since G = 1 + 2R. We claim that if m, ∈ 2 2 ∼ n0, n1, . . . nr−1 are positive integers such that

m 2, n 2n−2, n 2n−1, 1 i r 1 ≤ 0 ≤ i ≤ ≤ ≤ − and if the equality

r−1 αm(1 + β)n0 (1 + 2ξi)ni = 1 (6.8) iY=1 holds, then

m = 2, n = 2n−2 and n = 2n−1, 1 i r 1. 0 i ≤ ≤ − In fact, suppose m = 1. We use Lemma 6.2.4(d) in the expansion of (6.8). We then obtain

r−1 i 2(1 + niξ + 2a) = 0, Xi=1 for some a R, which means that (1 + r−1 n ξi + 2a) 2R. Thus, ∈ i=1 i ∈ denoted (as usual) by µ the epimorphism µ : R R/2R, P −→ r−1 r−1 i i µ(1 + niξ + 2a) = 1 + niµ(ξ ) = 0. Xi=1 Xi=1 6.2. GALOIS RING PROPERTIES 99

By the deﬁnition of ξj, 1 = µ(ξ0), µ(ξ), . . . , µ(ξr−1) is a Z -free basis { } 2 for the vector space F2r , so we get a contradiction. Hence m = 2 and (6.8) reduces to r−1 (1 + β)n0 (1 + 2ξi)ni = 1. (6.9) iY=1 r−1 i As we can now get the result i=1 niµ(ξ ) = 0, we see that all the (r 1) integers n , . . . , n is even. Let δ be the integer in − 1 r−1P 0, . . . , n 2 such that 2δ+1 is the highest power of 2 which divides { − } each of the integers 2n , n , . . . , n . We want to show that δ = n 2. 0 1 r−1 − Let n = 2δm , n = 2δ+1m , for i 1. Clearly, at least one of the 0 0 i i ≥ mi’s must be an odd integer. We now apply Lemma 6.2.4(b) (with δ replaced by δ + 1) and (c) to (6.9), so to have

r−1 r−1 2δ+2(m b + m ξi + m (m 2δ+1 1)ξ2i + 2B) = 0 0 i i i − Xi=1 Xi=1 for some B R. If δ + 2 < n, then ∈ r−1 r−1 i 2i m0µ(b) + miµ(ξ ) + miµ(ξ ) = 0, (6.10) Xi=1 Xi=1 as R/2R is a ﬁeld of characteristic 2. Our choice of the element b implies that m0 must be even, so that at least one of the remaining integers mi must be odd. Then (6.10) gives either

r−1 i miµ(ξ ) = 0 Xi=1 or r−1 i 0 miµ(ξ ) = 1 = µ(ξ ), Xi=1 both of which are contradictions. Thus δ = n 2 and this proves the − assertion after (6.8). If we set

H =< 2n−1 1 >, H = 2, 0 − | 0 | H =< 1 + β >, H = 2n−2, 1 | 1 | H =< 1 + 2ξi >, H = 2n−1, 1 i r 1, i | i | ≤ ≤ − the above assertions imply that the product of these r + 1 subgroups of G is direct. Because of their orders, H H exhausts the whole 2 0 × · · · × r group G2. 100 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Case II: p an odd prime. We have to consider the equality

r−1 (1 + pξi)ni = 1 iY=0 and use (a) of Lemma 6.2.4. The computations are left to the reader. Case III: p = n = 2. In such a case, we have R = Z4[ξ] = GR(4, r) and G2 ∼= 1+2R. Therefore the square of every element of G2 equals 1. This means that G2 is an elementary abelian 2-group. ✷ To end this section, we shall show some examples of how Galois rings are strictly related to ﬁnite ﬁelds and, at the same time, to the rings of integers modulo pn, as we said at the beginning of this chapter.

Example 6.2.6 1) Take a Galois ring of order 8; this implies that, if we write GR(pn, r), then pnr = 8, i.e. p = 2 and nr = 3. There are only two possibilities:

(i) n = 1 and r = 3: in this case, we are considering a cubic extension of F2, so GR(2, 3) ∼= F8 which coincides with its own residue ﬁeld.

(ii) n = 3 and r = 1: this is the case of GR(8, 1) ∼= Z8 and its residue ﬁeld is F2.

We can completely generalize this first example to the case pnr, when nr = l is a prime; there are only trivial Galois rings whose residue fields determine the subfield chain

F F l . p ⊂ p 2) We now describe the Galois rings of order 16; thus, p = 2 and nr = 4. The following may occur:

(i) n = 1 and r = 4: as before, we have a Galois extension of degree 4 of the field F2; so, GR(2, 4) ∼= F16 which is a field. (ii) n = 4 and r = 1: the Galois ring is an extension of degree 1 of 4 the ring Z16; therefore, GR(2 , 1) ∼= Z16 and its residue field is the prime field F2. (iii) The last situation is n = 2 and r = 2; this means that GR(4, 2) is a Galois extension, of degree 2, of the ring Z4. As usual, we consider the epimorphism µ Z [x] Z [x]. 4 −→ 2 6.2. GALOIS RING PROPERTIES 101

The primitive polynomial in Z2[x] which determines the field exten- 2 sion F2 F4 is x +x+1 Z2[x]. Therefore, its regular pre-image ⊂ 2 ∈ in Z4[x] is x + 3x + 3 Z4[x] (we used Hensel’s Lemma). By ∈ 2 definition, GR(4, 2) = Z4[ξ] = Z4[x]/(x + 3x + 3) is a (non-trivial) Galois ring of order 16, with maximal ideal m = 2Z4[ξ] and residue field a finite field of order 4, so Z4[ξ]/m ∼= F4.

The three cases above take care of the whole subﬁeld chain:

F F F 2 ⊂ 4 ⊂ 16 case (ii) case (iii) case (i)

It is not diﬃcult to generalize this example to the case in which p is a prime and n, r are integers such that nr = l2, where l is a prime. As in the previous particular case, we obtain

F F l F 2 . p ⊂ p ⊂ pl 3) This example is the study of the Galois rings of order 64 = 26. So, with the above notation, nr = 6 and the following cases may occur.

(i) n = 1 and r = 6: we know that in this situation GR(2, 6) ∼= F64 is itself a ﬁeld.

(ii) n = 6 and r = 1: the Galois ring is the trivial one, viz. Z64, with residue ﬁeld F2.

(iii) n = 3 and r = 2: here we have a quadratic extension of the ring Z8. This extension determines the Galois ring Z8[ξ], with maximal ideal m = a + bξ a, b 2Z . This means that the residue ﬁeld { | ∈ 8} is isomorphic to F4.

(iv) n = 2 and r = 3: this is the case of a cubic extension of Z4, which deﬁnes a Galois ring of order 64 with residue ﬁeld F8.

The subﬁeld lattice of F64 is not a chain:

F64 / \ F8 F4 / \ F2 102 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

The same is true whenever the order is pnr, whith nr = lt, where l and t are primes, namely:

Fplt / \ Fpl Fpt / \ Fp

4) Finally, take p = 2 and nr = 30 = 2 3 5, i.e. nr is a product · · of three distinct primes; we are dealing with the Galois ring of order 230 = 1.073.741.824. The situations which may occur are the following:

(i) n = 1 and r = 30: this is always the trivial case where GR(2, 30) = F230 ;

(ii) n = 2 and r = 15: GR(4, 15) is a local ring with residue ﬁeld F215 ;

(iii) n = 3 and r = 10: in this case the residue ﬁeld is F210 ;

5 (iv) n = 5 and r = 6: GR(2 , 6) has F26 as its residue ﬁeld;

(v) n = 6 and r = 5: this is the case in which the residue ﬁeld is F25 ;

(vi) n = 10 and r = 3: the residue ﬁeld is F8;

(vii) n = 15 and r = 2: here we have F4 as the residue ﬁeld;

30 (viii) n = 30 and r = 1: the Galois ring GR(2 , 1) is the ring Z230 whose residue ﬁeld is F2;

It will not be so difficult for the reader to draw the diagram of the subfield-lattice. These arguments obviously extend to the general case nr = lst, l, s, t three distinct primes. What about the structure of the automorphism group of a given Ga- lois ring? The answer to this question immediately follows from some results contained in the previous chapters. In fact, by definition, a Galois ring is a separable extension of a ring of the form Zpn ; in 5.1.5 we proved that a separable extension of two finite, local rings, R S, is a Ga- ⊂ lois extension with Galois group GR(S) isomorphic to the Galois group G (K), where and K are the residue fields of R and S, respectively. K K Therefore, we immediately realize that, if S = GR(pn, r), then n n Aut (GR(p , r)) = G (GR(p , r)) = GF (Fpr ); Zpn Zpn ∼ p 6.3. STRUCTURE THEOREMS 103 at the same time, it makes sense to ask which is the group structure of n n n G n (GR(p , r)), where GR(p , s) GR(p , r) is a Galois subring. GR(p ,s) ⊆ r By the same proposition, this group is isomorphic to GFps (Fp ). The problem of finding the automorphisms of a given Galois ring over one of its subrings is reduced, by taking the residue fields, to the well-known problem of finding the automorphism group of a Galois field over one of its subfield, and the latter is known.

6.3 Structure Theorems for Finite Commuta- tive Local Rings

Here we want to prove a very important result in finite, local ring theory which explains the fundamental role that Galois rings play in this context. Such a result is closely related to the classification of finite, local rings with principal ideals (see [56]). We recall that in Theorem 3.1.4 we proved that every finite, commutative ring uniquely splits as a direct sum of finite, local rings. Our aim is to show that each of these local rings is a homomorphic image of a polynomial ring with coefficients from a Galois ring. Consequently, the investigation of finite, local rings reduces to finding a suitable pri- n mary ideal Q GR(p , r)[x1, . . . , xt] and studying the quotient ring n ⊂ GR(p , r)[x1, . . . , xt]/Q.

Theorem 6.3.1 Assume R is a finite, commutative, local ring of characteristic pn, with maximal ideal m and residue field K. Let r denote the dimension of K as a Z -vector space, i.e. [K:Z ]=r, and let u , . . . , u p p { 1 r} be a minimal system of generators for m, viewed as an R-module. Then, there exists a subring T R such that n ⊂ nr (a) T ∼= GR(p , r) is the unique subring of order p and is the maximal Galois extension of Zpn contained in R; (b) R is a homomorphic image of T [x1, . . . , xt]. The Galois ring T is called the coefficient ring of R.

Proof: Let ζ be a generator of the group of units of K, i.e. ζ is a primitive element of K over F , and f(x) Z [x] the primitive polynomial p ∈ p such that f(ζ) = 0. Let again µ be the epimorphism

µ : Z n [x] Z [x]; p −→ p take f(x) Z n [x] to be a monic pre-image under µ of f(x) Z n [x] ∈ p ∈ p (thus, f(x) is a basic irreducible polynomial in Zpn [x]). By Lemma 104 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

5.1.3, there exists a unique element ζ R such that µ(ζ) = ζ and ∈ f(ζ) = 0. Then T = Zpn [ζ] ∼= Zpn [x]/(f(x)) is a Galois ring, unique up to isomorphism, which is the maximal Galois extension of Zpn contained in the ring R. Obviously T [u1, . . . , ut] is a subring of R. So, it suﬃces to prove the other inclusion. n Let c be an arbitrary element of R; since T ∼= GR(p , r) has K as its residue ﬁeld, an element t T must exist such that c t (mod m). ∈ ≡ Let β be the nilpotency class of m, i.e. the least positive integer such that mβ = 0. We can construct a sequence c T [u , . . . , u ] such { j} ⊂ 1 t that c c (mod mj+1), 0 j β 1. ≡ j ≤ ≤ − In fact, if we put c = t, for j 1, we may choose 0 ≥ c = c d w , j − i i Xi where each w is a product of the form uα1 uαn , with n α = j, i 1 ··· n k=1 i and d R. For every d R there exists some b T such that b d i ∈ i ∈ i ∈ P i ≡ i (mod m). Therefore,

c c = d w b w (mod mj+2). − j i i ≡ i i Xi Xi If we put c = c + b w , then c c 0 (mod mj+2). j+1 j i i i j+1 − ≡ Since mβ = 0, it follows that c = c and, by assumption, c P β−1 β−1 ∈ T [u1, . . . , ut]. ✷ Theorem 6.3.1 implies that, if R is a local ring, then we have R ∼= T [x1, . . . , xt]/Q, where Q is a primary ideal in T [x1, . . . , xt] and T is a Galois ring such that Q T = 0 . Observe that the radical of Q, √Q, ∩ { } is precisely (p, x , . . . , x ), since Q √Q and 1 t ⊆ n n T [x1, . . . , xt]/ Q ∼= GR(p , r)/pGR(p , r) ∼= K. p Corollary 6.3.2 Let R be a ﬁnite, commutative, local ring of characteristic pn and m its maximal ideal. If the dimension of the K-vector 2 space m/m is t, then R is a homomorphic image of Zpn [x1, . . . , xt+1].

Proof: First of all, observe that m/m2 is a K-vector space. Indeed, mj is an R-module for each j. The quotient m/m2 is an R-module which is annhilated by m; consequently, it is an R/m-module and R/m ∼= K is a field. By assumption, dimK(m/m2) = t; this implies that m has a minimal set of generators of cardinality t, when viewed as an R-module. From Theorem 6.3.1 it follows that R is a homomorphic image of the 6.4. QUASI-GALOIS RINGS 105 polynomial ring T [x1, . . . , xt], where the coefficient ring is a Galois ring. By observing that T is a homomorphic image of the ring Zpn [y], we get the statement if we put y = xt+1. ✷ This last result enables us to prove another structure theorem for finite, local rings in terms of the generators of U(R).

Theorem 6.3.3 Let R be a ﬁnite, commutative, local ring of characteristic pn. If a , . . . , a is a system of generators for U(R), then R is a { 1 n} homomorphic image of the ring Zpn [x1, . . . , xs].

Proof: Consider the subring Z n [a , . . . , a ] R. This subring obvi- p 1 n ⊆ ously contains all the invertible elements of the ring R; if a is an element of the maximal ideal m and b is a unit in R, then a b U(R)(R is a − ∈ local ring). Therefore, there exists c U(R) such that a b = c. Then, ∈ − a = b + c Z n [a , . . . , a ]. ✷ ∈ p 1 n

6.4 Another Class of Finite Commutative Local Rings: Quasi-Galois Rings

As we said in the introduction to the present chapter, we now want to study another class of finite, commutative, local rings; such rings are, in a certain sense, related to Galois rings even if their properties are completely different. We shall call them Quasi-Galois rings. They have been also used as coordinatizing rings of Pappian-Hjelmslev planes (see [46]). Let p be a prime and n, r be two positive integers. We consider the Galois field Fpr as a simple Galois extension of its prime field Fp, by using a primitive polynomial g (x) F [x] such that deg(g (x)) = r, (see (p,r) ∈ p (p,r) Definition 2.2.7). Denote by ζ a primitive element of Fpr over Fp, then Fpr ∼= Fp[ζ] with g(p,r)(ζ) = 0. Since Fpr is a field, Fpr [x] is a Euclidean n domain, so it is a P.I.D.. Therefore, since the ideal (x ) F r [x] is not ⊂ p prime, the quotient ring r n A(p , n) := Fpr [x]/(x ), is not a domain. Choose an element θ, in some ring extension of Fpr , as n a formal, non-trivial root of the polynomial x F r [x] (i.e. θ = 0 and ∈ p 6 θn = 0), then n−1 r i A(p , n) = a θ a F r , { i | i ∈ p } Xi=0 106 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS where θk = 0 for all k n. This ring is local, with maximal ideal ≥ m(pr, n) consisting of the non-units of A(pr, n), i.e.

n−1 r j m(p , n) = a θ a F r , { j | j ∈ p } jX=1 where θk = 0, for all k n (see Prop. 1.4.1). Its residue field is r r ≥ r A(p , n)/m(p , n) ∼= Fpr . Consequently, A(p , n) is a finite, commutative, local ring containing (pr)n = prn elements. We recall that, in studying the Galois ring GR(pn, r), we considered Z n [x]/(G (x)), where G (x) Z n [x] is the monic, basic p (p,r) (p,r) ∈ p irreducible polynomial determined, as in Lemma 1.4.3, from the same polynomial g (x) F [x] (see Section 6.2). We found (p,r) ∈ p r−1 n j GR(p , r) = b ξ b Z n , 0 j r 1 , { j | j ∈ p ≤ ≤ − } jX=0 where ξ is a formal root of the polynomial G(p,r)(x). All this gave us that GR(pn, r) is a finite, local ring, of cardinality (pn)r = pnr and with residue field Fpr . Thus, the rings A(pr, n) and GR(pn, r) are local, equipotent and with the same residue field, but they are not isomorphic, since they have different characteristic. In fact, A(pr, n) is a finite ring of characteristic p, since it contains Fpr as a subring, whereas we know that the characteristic of GR(pn, r) is pn. Obviously, also the maximal ideals are equipotent; in fact m(pr, n) contains (pr)n−1 = pr(n−1) elements. An arbitrary element of this ideal n−1 h k can be written as a θ , where a F r and θ = 0, for k n. Let h=1 h h ∈ p ≥ ζ F r be a primitive element over F such that g (ζ) = 0, where ∈ p P p (p,r) g (x) Z [x] is such that µ(G (x)) = g (x). (p,r) ∈ p (p,r) (p,r) Each a F r has a unique expression of the form h ∈ p r−1 h j ah = uj ζ , jX=0 where uh bfF , for all j and h, and g (ζ) = 0. This fact enables j ∈ p (p,r) us to write n−1 n−1 r−1 h h j h ahθ = ( uj ζ )θ . hX=1 hX=1 jX=0 6.4. QUASI-GALOIS RINGS 107

Example 6.4.1 Take p = 2, n = 3 and r = 3. Thus, the ring A(8, 3) is, by deﬁnition, 3 A(8, 3) = F8[x]/(x ). We recall that

F = Z [x]/(x3 + x + 1) = a + bζ + cζ2 a, b, c F 8 ∼ 2 { | ∈ 2} with ζ3 = ζ + 1, i.e. F = 0, 1, ζ, ζ2, 1 + ζ, 1 + ζ2, ζ + ζ2, 1 + ζ + ζ2 . 8 { } If θ is a formal, non-trivial root of the polynomial x3 F [x], then ∈ 8 A(8, 3) = a + a θ + a θ2 a F , 0 i 2, θk = 0, for k 3 . { 0 1 2 | i ∈ 8 ≤ ≤ ≥ } Thus, A(8, 3) = 83 = 512; its maximal ideal is m(8, 3) = a θ + a θ2 | | { 1 2 | a , a F , with θk = 0 for k 3, and its residue ﬁeld is F . 1 2 ∈ 8} ≥ 8 Recalling the polynomial expression of the elements of F8 with respect to the primitive element ζ gives

2 0 1 2 2 0 1 2 2 0 1 2 2 2 a0+a1θ+a2θ = (a0+a0ζ+a0ζ )+(a1+a1ζ+a1ζ )θ+(a2+a2ζ+a2ζ )θ , where aj Z , for 0 i, j 2, θk = 0, for k 3 and ζ3 = ζ + 1. i ∈ 2 ≤ ≤ ≥ Remark 6.4.2 Since A(pr, n) is a local ring, the elements of m(pr, n) exhaust the non-units in this ring and are all its nilpotent elements. We can describe such elements by using their coordinates with respect to the basis θj . Therefore the nilpotent elements of A(pr, n) all have { }0≤j≤n−1 the form (0, a1, . . . , an−1), whereas the units are

(a , a , . . . , a ) with a = 0. 0 1 n−1 0 6 Before studying the basic properties of such rings, we want to point out that also Quasi-Galois rings can be viewed as ”bricks” of all of Finite, Commutative Algebra. In fact, each ring A(pr, n) is a particular case of what we saw in Example 2. after Theorem 3.1.4. Indeed, we only have n to consider f(x) = p1(x) , with p1(x) = x, to get the present situation.

Deﬁnition 6.4.3 A commutative ring R is said to be primary if it has a unique prime ideal.

So, if R is local and Artinian (the latter means Spec(R) = Specm(R), see Deﬁnition 1.2.8), then it is trivially a primary ring. Therefore, our A(pr, n)’s are examples of primary rings, since they are ﬁnite and local (see Proposition 1.2.7 and Theorem 2.3.9). 108 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Lemma 6.4.4 Let R be a finite, commutative ring. Then R is a direct sum of primary rings R1,...,Rn and U(R) is a direct product of U(R1),...,U(Rn). Moreover, U(R) is cyclic if and only if each U(Ri) is cyclic and the orders of U(Ri) and U(Rj) are relatively prime for 1 i = j n. ≤ 6 ≤ Proof: The first part of the statement directly follows from Theorem 3.1.4 and Exercise 1., before Proposition 3.1.5. The second assertion follows from elementary Group Theory (see, for example, [65]). ✷ The above lemma reduces the problem of studying the groups of units of all finite, commutative rings to that of determining the structure of the groups of units of finite, commutative, primary rings and to understand which rings have such group as a cyclic group (see [43]). Let N be a nilideal of a finite, commutative ring R. If p is a prime divisor of N , we put | | N(p) := a N pa = 0 . { ∈ | } Then N(p) is an ideal of R, thus

1 + N(p) := 1 + x x N(p) { | ∈ } is a subgroup of U(R).

Lemma 6.4.5 Let N be a nilideal of a ﬁnite, commutative ring and let p be a prime dividing N and assume that 1 + N(p) is cyclic, generated | | by 1 + a, a N(p). If N(p) = pr and n is the least positive integer ∈ | | such that an = 0, then (i) n = pr−1 + 1; (ii) pr−1 2. ≤ Proof: r−1 r−1 (i) Since 1 = (1 + a)p = 1 + ap , we have that pr−1 < n. For each 6 1 i n, ≤ ≤ ai = (1 + a)si 1, for some 1 s pr. − ≤ i ≤ However, if 2 i n, ≤ ≤ 0 = an−2+i = an−2[(1 + a)si 1] = an−2[s a + a2b] = s an−1, − i i thus p divides s . Hence, the map i s is an injection of the set i → i 1, . . . , n into the set 1 s pr s = 1 or p s , which gives { } { ≤ ≤ | | } n pr−1 + 1. ≤ 6.4. QUASI-GALOIS RINGS 109

(ii) By contradiction, suppose that m = pr−1 1 2 and let j be an − ≥ integer such that (j 1)p < m < jp. If s = pt, then − m t k am = (1 + a)pt 1 = (1 + ap)t 1 = z ap , − − k kX=0 where the zk’s are binomial coeﬃcients. If we multiply in turn by an−ip−1, for 1 i < j, we obtain z an−1 = 0. Hence p divides z , so ≤ i i ziai = 0. It follows that the sum above runs from j to t. If we now multiply by an−m+1, we get an−1 = 0, which is impossible. ✷

Lemma 6.4.6 Let N be a nilideal of a ﬁnite ring R. If N is odd, then | | N + =< N, + > (i.e. the additive structure of N, viewed as a subgroup of < R, + >= R+) is cyclic if and only if 1 + N is cyclic.

Proof: ) Assume that 1 + N is cyclic. Then, for any prime p which divides ⇐ N , 1 + N(p) is a subgroup of 1 + N, hence it is cyclic. By Lemma | | 6.4.5 (ii), N(p) 2p. Since p is odd, N(p) = p. This implies that | |≤ | | N + is cyclic. ) Suppose that N + is cyclic. Given a N such that (1 + a)p = 1 for ⇒ ∈ some prime p dividing N , it suﬃcies to show that pa = 0. Let b be a | | generator of N +. Then ba = nb, for some integer n. So, if a = mb, for some m Z, ∈ a2 = (mb)a = m(ba) = m(nb) = n(mb) = na.

If k is the additive order of a, we can ﬁnd an integer t with 1 t k ≤ ≤ and a2 = ta. Since as+1 = 0, for some s, we have tsa = 0, i.e. k ts. | This means that each prime which belongs to the factorization of the integer k also belongs to the one of t. Moreover,

p p 0 = (1 + a)p 1 = z aj = ( z tj−1)a, − j j jX=1 jX=1 p j−1 so k divides j=1 zjt . In particular, every prime dividing k divides both this sum and t. This implies that such a prime must divide the P term with j = 1, namely p. Therefore, k is a power of p. But the only p j−1 ✷ power of p dividing j=1 zjt is p itself and, hence, k = p. The following resultP is very important for the characterization of the groups of units of our A(pr, n)’s. 110 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Theorem 6.4.7 Let R be a finite, commutative, primary ring such that U(R) is cyclic. Let N and R0 be the nilradical and the prime subring of R, respectively. Then R = R0[N], i.e. R is the smallest subring containing R0 and N, and R is isomorphic to exactly one of the following rings: (i) the Galois field GF (pn), p a prime and n 1; ≥ (ii) Zpn , where p is an odd prime and n > 1; (iii) Z4; 2 (iv) Fp[x]/(x ), p a prime; 3 (v) Z2[x]/(x ); (vi) Z [x]/(2x, x2 2). 4 − Proof: If N = 0, then R is a finite field so it is of type (i). Assume that N = 0; R is also a finite, primary ring so R = Z s , for some prime 6 0 0 ∼ p p and some positive integer s. Since U(R0) < U(R), this subgroup must be cyclic. Therefore, by Proposition 6.2.5, we have the following possibilities: (a) p is odd; (b) ps = 2; (c) ps = 4. Put S = R [N] which is a, a priori, a subring of R and set N = N R . 0 0 ∩ 0 We want to determine the structure of S in all possible cases and then to show that S = R. Suppose that (a) holds. Then, since U(R) ∼= 1 + N is cyclic by hypotesis, N + is cyclic (Lemma 6.4.6). Since the characteristic of R is ps, we have

ps N N = ps−1. ≥| |≥| 0 | s−1 If N = p , then N = N and S = R = Z s , so it is of type (ii). | | 0 ∼ 0 ∼ p Assume N = ps and let b be a generator of N +. As N + is the unique | | 0 subgroup of N + of order ps−1, we have pb N +. Write pb = pt, with ∈ 0 1 t ps−1. Then, since b has order ps, g.c.d.(p, t) = 1. But now ≤ ≤ bn = 0 for some n 1, so 0 = pbn = ptn. Hence s = 1, since t is a unit. ≥ It follows that t = 1, so pb = p and b2(p 1) = 0. Thus b2 = 0, therefore 2 − S ∼= Zp[x]/(x ). This ring is of type (iv). Assume that (b) holds. Then, char(R)=2, so N = N(2). By Lemma 6.4.5, 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case, N is 2 a two-element ring with trivial multiplication, so S ∼= Z2[x]/(x ) (type + 3 (iv)). In the latter case, N is isomorphic to C4 and a = 0, where 1 + a 3 generates 1 + N. Hence S ∼= Z2[x]/(x ) (type (v)). 6.4. QUASI-GALOIS RINGS 111

Finally, assume that (c) holds. Then R = Z . Suppose N = N. 0 ∼ 4 0 6 Then, by applying Lemma 6.4.5 to N(2), we have 2r = 2 and n = 2 or 2r = 4 and n = 3. In the former case N + is cyclic, N + = 0, b, 2b, 3b . { } Then N = 0, 2b and 0 = 2b = 2. This implies 2bk = 2 for any k > 0; 0 { } 6 the nilpotency of b leads to a contradiction. Hence 2r = 4 and n = 3. + + Now, N(2) ∼= C4 and N is the product of two cyclic groups of order 2s and 2t, respectively. If a and b are generators of these groups, then 2s−1a and 2t−1b are generators of N(2)+. Since 1+N(2) is cyclic of order 4, it has two generators and these yield (Lemma 6.4.5(i)) two distinct elements of N(2), whose squares are non-zero but whose cubes vanish (n = 3). By simmetry, we may assume that (2t−1b)2 = 0, which implies t = 1. Since char(R)=4, we have s 2. ≤ Assume s = 2. Then 4a = 0, 2a = 0 and 2b = 0. Because (2a)2 = 0, 6 we have 2a = 2; in fact, the squares of the other non-zero elements are non-zero. Then, since a is nilpotent, 2=0, a contradiction. Thus s = 1 and N = N(2). Now N = 0, 2 and N + is a direct summand of N +. 0 { } 0 Let N = 0, 2, d, d + 2 . Then d3 = 0 and 0 = (d + 2)3 = 2d2. This { } implies d2 = 0, so S = Z [x]/(2x, x2 2). ∼ 4 − Now, we shall briefly show that, in each case, S ∼= R. For example, 2 if S ∼= Fp[x]/(x ), then, by choosing b = x, multiplication by b induces a homomorphism from R+ to N + whose kernel contains no units, so it is contained in N; but b2 = 0, bN = 0, so N is the kernel. Hence R = | | N 2= p2 = S and R = S. Similarly, in the cases where | | | | 3 2 S = Z n , Z [x]/(x ), Z [x]/(2x, x 2) ∼ p 2 4 − if we consider multiplication by p, x, x, respectively, we get R = S. ✷ The previous theorem determines which are the finite, commutative, primary rings whose group of units is cyclic. In such class of rings we find some of our Galois and Quasi-Galois rings, since they are finite and local. So this result will be very useful to understand which is the structure of the U(A(pr, n))’s.

Example 6.4.8 To better understand the situation, we shall discuss some of the cases listed in Theorem 6.4.7 and some other interesting examples. First of all, by Theorem 2.1.3, if Fq is a ﬁnite ﬁeld, then U(Fq) is cyclic. On the other hand, in Proposition 6.2.5 we showed that U(Zpn ), p an odd prime, and U(Z4) are cyclic groups. Observe that the rings in Theorem 6.4.7 (iv) and (v) are particular examples of Quasi-Galois; therefore, we want to directly show that they have 3 cyclic groups of units. Consider before the ring A(2, 3) = Z2[x]/(x ) = 112 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

c + bx + ax2 + (x3) a, b, c F of cardinality 23 = 8. Denote by { | ∈ 2} [ax2 + bx + c] the coset c + bx + ax2 + (x3) which is an element of the quotient ring; hence,

Z [x]/(x3) = [0], [1], [x], [x + 1], [x2], [x2 + 1], [x2 + x], [x2 + x + 1] . 2 { } The units of this ring form a group isomorphic to the cyclic group of order 4

U(Z [x]/(x3)) = [1], [x + 1], [x2 + 1], [x2 + x + 1] = C 2 { } ∼ 4 2 (the generators are < [x+1] >=< [x +x+1] >∼= C4). Moreover, the nilradical (see Prop. 1.2.14), i.e. the set of all nilpotent elements, coincides 3 with the maximal ideal of the local ring Z2[x]/(x ); more precisely,

Nil(Z [x]/(x3)) = [0], [x], [x2], [x2 +x] [x]3 = [x2]2 = [x2 +x]3 = [0] . 2 { | } 2 If p is a prime, the ring A(p, 2) = Fp[x]/(x ) has a cyclic group of units for each prime p; in fact, A(p, 2) = p2 p. Therefore, U(A(p, 2)) = | | − ∼ Cp Cp−1 ∼= Cp2−p. × 3 Observe that the ring A(3, 3) = Z3[x]/(x ) is such that U(A(3, 3)) ∼= C G , where C = U(Z ), whereas G is a group of order 9. Precisely, 2 × 2 2 ∼ 3 2 we have

G = 1, 1 + θ, 1 + 2θ, 1 + θ2, 1 + 2θ2, 1 + θ + θ2, 2 { 1 + 2θ + θ2, 1 + θ + 2θ2, 1 + 2θ + 2θ2 }

and some trivial computations show that each element of G2 (except for 1) has order 3; thus G2 is an elementary abelian 3-group. Therefore, U(A(3, 3)) = C C , which is not cyclic. ∼ 6 × 3 If we now consider, for example,

3 A(4, 3) = F4[x]/(x ),

then U(A(4, 3)) = C G , where G is an abelian group of order 24 = 16. ∼ 3× 2 2 Take F = 0, 1, ζ, ζ2 , where ζ2 = ζ + 1. Therefore, 4 { } G = 1, 1 + θ, 1 + θ2, 1 + θ + θ2, 1 + ζθ, 1 + ζθ2, 1 + ζθ + ζθ2, 2 { 1 + θ + ζθ2, 1 + ζθ + θ2, 1 + ζ2θ, 1 + ζ2θ2, 1 + ζ2θ + ζ2θ2,

1 + θ + ζ2θ2, 1 + ζ2θ + θ2, 1 + ζθ + ζ2θ2, 1 + ζ2θ + ζθ2 } 6.4. QUASI-GALOIS RINGS 113 and with some computations, we find that ord(1 + θ2) = ord(1 + ζθ2) = ord(1 + ζ2θ2) = 2, whereas the other elements (different from 1) have order 4. This means that G2 ∼= C4 C4, so U(A(4, 3)) ∼= C12 C4, which is not cyclic. In × × 2 the same way, one can easily verify that, for example, U(F4[x]/(x )) ∼= C3 C2 C2. × × 4 Finally, if we consider the Quasi-Galois ring A(2, 4) = F2[x]/(x ), we get U(A(2, 4)) = 8. The abelian groups of order 8 (up to isomorphism) | | are C ,C C ,C C C . 8 2 × 4 2 × 2 × 2 From Theorem 6.4.7 it follows that U(A(2, 4)) can not be isomorphic to C ; since ord(1 + θ) = 4, then U(A(2, 4)) = C C . 8 ∼ 2 × 4 To summarize, all these examples show that the structure of the abelian p-group 1 + m(pr, n), residue in U(A(pr, n)) to the cyclic group Cpr−1, does not only depend on the given integers p, n and r. This group is called the one-group of A(pr, n). There are some partial results about the problem of finding the structure of such a subgroup (see Bibliography of [56]). However, what we observed in Remark 6.4.2 and in Theorem 6.4.7 allows us to state the following Proposition 6.4.9 Let A(pr, n) be a Quasi-Galois ring, for a given prime p and for positive integers r and n. Such a ring contains pnr − pr(n−1) units, which form a group isomorphic to a direct product of groups, i.e. U(A(pr, n)) = G G , ∼ 1 × 2 r where G1 is a cyclic group of order p 1 and G2 is an abelian p-group nr−r − of order p . We have different possibilities for the group G2. (i) If r = 1 and n = 2, then G2 is cyclic of order p, so U(A(p, 2)) ∼= Cp2−p; (ii) If p = 2, r = 1 and n = 3, then G2 ∼= C4 and U(A(2, 3)) = G2 ∼= C4; (iii) In the other cases, let k := log (n) . 0 ⌈ p ⌉ (Recall that, for a real number h, h denotes the round-up of h which ⌈ ⌉ is defined as the smallest integer greater than or equal to h). Thus, k0 each generator of G2 has, at most, order p . (Observe that such a k0 is strictly less than r(n 1), otherwise, there would exist an element x G2 −r(n−1) ∈ such that ord(x) = p , which would imply that G2 is cyclic; from Theorem 6.4.7, this can happen only in cases (i) and (ii)). 114 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Proof: By a simple computation, the units in A(pr, n) number pnr − pr(n−1). Moreover, it is clear that these elements form a multiplicative group which contains U(Fpr ) as a subgroup (it is formed by the n-tuples (a , 0,..., 0) of Remark 6.4.2 with a = 0). This subgroup is obviously 0 0 6 isomorphic to a cyclic group of order pr 1. Now, consider the set −

H := (1, a , a , . . . , a ) a F r ; { 1 2 n−1 | i ∈ p } its elements will be called the principal units. One can easily verify r(n−1) that H has cardinality p and is isomorphic to G2. We already proved cases (i) and (ii) in Theorem 6.4.7. So it remains to show that (iii) holds. We take an arbitrary element of H,

x = 1 + a θ + + a θn−1. 1 ··· n−1 So xp = 1 + apθp + ... + apθsp, if p(s + 1) n; 1 s ≥ then 2 2 2 2 2 xp = (xp)p = 1 + ap θp + + ap θtp , 1 ··· t where t < s and p2(t + 1) n. By recursively using this procedure we ≥ will ﬁnd that k k xp = (1 + a θ + + a θn−1)p = 1. 1 ··· n−1 k This happens when p n, i.e. k logp(n). The smallest integer ≥ ≥ k satisfying this inequality is k = log (n) . For such a k , xp 0 = 1 for 0 ⌈ p ⌉ 0 each x A(pr, n). So all the generators of G have order at most pk0 . ∈ 2 This means that G2 splits as a direct product of copies of cyclic p-groups of orders at most pk0 . ✷

Example 6.4.10 We can apply the result above to the non-cyclic cases of the previous examples. We found U(A(3, 3)) = C C C ; in fact, ∼ 2 × 3 × 3 p = 3, r = 1 and n = 3 so log (3) = 1 = k and G = C C , since 3 0 2 ∼ 3 × 3 G = pr(n−1) = 9. | 2 | In the case of A(4, 3), we have U(A(4, 3)) = C C C . In fact, ∼ 3 × 4 × 4 k = log (3) = 1. G = C C , since G = 16 and there are only 0 ⌈ 2 ⌉ 2 ∼ 4 × 4 | 2 | three elements of order 2 in G2. The last case we discuss is A(4, 2), where k = 1. Thus G = C C , 0 2 ∼ 2 × 2 since it has cardinality 4.

Remark. In Proposition 6.4.9, when r = 1, we get Φ(pn) = pn−1(p 1) n r − units, since A(p, n) = Zp[x]/(x ); whereas, if n = 1, then A(p , 1) = Fpr whose units number pr 1. − 6.4. QUASI-GALOIS RINGS 115

For what concerns the ideal structure of A(pr, n), from the fact that A(pr, n) is a principal ring, one immediately deduces that each proper ideal is of the form

J = θkA(pr, n), 1 k n 1. k ≤ ≤ − Our aim is to study the subring structure of A(pr, n).

Theorem 6.4.11 Let p be a prime and let n and r be positive integers.

i) The subrings of the Quasi-Galois ring A(pr, n) are isomorphic to Quasi-Galois rings of the form A(ps, n) and A(pr, m), where m and s are proper divisors of n and r, respectively.

ii) The subrings of a Quasi-Galois ring A(pr, n) are not uniquely determined by their orders. Precisely, given m and s divisors of n and r, respectively, such that ns = mr. Then, A(ps, n) and A(pr, m) are equipotent subrings of A(pr, n) which are not isomorphic (unless n = m and s = r).

r n Proof: Consider A(p , n) ∼= Fpr [x]/(x ). In Theorem 2.3.1 we recalled that all the subfields of the Galois field Fpr are of the form Fps , where s is a proper divisor of r, and Fps is uniquely determined by its order. The field inclusion F s F r obviously extends to the polynomial rings p ⊂ p

.[F s [x] ֒ F r [x p → p By reducing this injection modulo the ideal (xn), for the given n, we get the desired inclusion. On the other hand, consider the unique n h m n integer h which we get from h = m . Put η = θ , such that η = θ = 0. Therefore, the elements

h h(m−1) m−1 a + a θ + + a θ = a + a η + + a η , a F r , 0 1 ··· m−1 0 1 ··· m−1 i ∈ p form a subring isomorphic to A(pr, m), which is uniquely determined by the divisor m, since r is ﬁxed. If ns = mr, then the cardinalities of such subrings are the same; in fact

A(pr, m) = pmr = pns = A(ps, n) . | | | | Part ii) of the statement directly follows from the fact that the cyclic subgroup in the group of units, i.e. G , has order pr 1. So if A(ps, n) = 1 − ∼ A(pr, m), then pr 1 = ps 1 so r = s and, therefore, m = n. ✷ − − 116 CHAPTER 6. GALOIS AND QUASI-GALOIS RINGS

Example 6.4.12 Consider A(4, 4). By the previous theorem, we ﬁnd two subrings which are isomorphic to A(2, 4) and A(4, 2), respectively. Thus, A(2, 4) = a + a θ + a θ2 + a θ3 a F , { 0 1 2 3 | i ∈ 2} with θn = 0 for n 4, is a subring of 16 elements. We know that the ≥ units of such a subring form a group isomorphic to C C . On the 2 × 4 other hand, we have

A(4, 2) = a + a η a F , { 0 1 | i ∈ 4} where θ2 = η, which contains 16 elements. Such a subring has a group of units isomorphic to C C C . Therefore A(2, 4) and A(4, 2) are 3 × 2 × 2 equipotent subrings of A(4, 4) which can not be isomorphic.

We end this chapter by recalling that Galois rings and Quasi-Galois rings are particular cases of a larger class of finite, commutative rings with identity. Such rings are called finite chain rings since they are finite and their ideals form a chain under inclusion. These rings arise in algebraic number theory as quotient rings of rings of integers in number fields as well as in the geometry of Pappian-Hjelmslev planes. Recently, they have been also used in various constructions of partial difference sets, relative difference sets and bent functions. Moreover, as we shall briefly discuss in the next chapters, there are lots of recent results concerning linear and cyclic codes over finite chain rings. These are the motivations for the increasing interest on such rings. Chapter 7

BASIC NOTIONS ON CODES OVER FINITE FIELDS

In this chapter, we shall briefly recall some fundamental definitions in Coding Theory and give some examples of codes over Fq, the finite field of order q (see Chapter 2). For more details the reader is referred to some basic texts on Coding Theory, as [4], [14], [34], [53] and [69].

7.1 Basic properties

Let be a finite set of cardinality q. A finite sequence a of elements in A is a word over .A q-ary code C is a non empty subset of ∗, the A A A set of all words over . A All through this chapter, = F , q = pn, where p is a prime; thus C A q is a code over Fq (a binary or a ternary code for q = 2, 3). Under the assumption that the length of all words over is uniform, say m, ∗ can (m) A A be identified with Fq , the m-dimensional vector space over Fq. Two codes C1 and C2 are equivalent if each of these codes can be obtained from the other by a combination of operations of the following types: (i) any permutation on the coordinate positions; (ii) any permutations on the letters of the alphabet in any fixed coordinate In Chapter 8 we shall also consider codes over Galois rings. (m) A q-ary code C of length m is linear if it is a subspace of Fq ; otherwise C is nonlinear. Properties of q-ary codes can be described

117 118 CHAPTER 7. CODES OVER FINITE FIELDS

(m) via the metric structure over Fq , which is induced by the Hamming (m) distance dH . For any pair of vectors v and w in Fq , one deﬁnes d (v, w) := i : 1 i m, v = w , (7.1) H |{ ≤ ≤ i 6 i}| where v and w , 1 i m, are the coordinates (with respect to the i i ≤ ≤ standard basis) of the vectors v and w, respectively. Two basic parameters of q-ary codes are deﬁned in terms of the Hamming distance. The minimum distance of a code C is d(C) := min d (v, w) ; v6=w∈C { H } the minimum weight is wt(C) := min wt(v) , 06=v∈C { } where wt(v) := dH (v, 0). In the sequel, by an (m, M, d)-code we shall mean a code of length m, with M words and minimum distance d.

7.2 Some families of q-ary codes

In this section we brieﬂy recall the construction of some families of q-ary codes. For more details the reader is referred, for instance, to [14] and to [53]. In these books one can also ﬁnd many other examples, whose complete exposition is beyond the scope of our work.

7.2.1 Linear Codes A linear code C is called an [m, k, d]-code if the dimension and the minimum distance of C are k and d, respectively. In this case, the code C contains qk words which can be completely described by choosing a basis of (the vector space) C. The vectors of such a basis are used as rows of a matrix G called a generator matrix of C. In fact, any other word of C can be obtained as a linear combination of the rows of G with coeﬃcients from Fq. By well-known results of Linear Algebra, every linear code of dimension k is equivalent to a code with a generator matrix G in the standard echelon form (I P ), where I is the identity k| k matrix of order k. Since C is linear, it is natural to introduce the dual code of C. More (m) precisely, the vector space Fq is equipped with the inner product m v, w := v w , (7.2) h i i i Xi=1 7.2. SOME FAMILIES OF q-ARY CODES 119 where v = (v1, . . . , vi, . . . , vm) and w = (w1, . . . , wi, . . . , wm) are two (m) vectors in Fq . The set

C⊥ := x F(m) : x, c = 0, c C ∈ q h i ∀ ∈ n o is called the dual code of C. In particular, if C = C⊥, then C is self-dual. By deﬁnition, C⊥ is a linear code of dimension m k. Any − generator matrix of C⊥ is a parity check matrix of C.

7.2.2 Hamming codes The subject of linear codes was greatly inﬂuenced by papers written by R. W. Hamming in 1950 ([29]), who discovered the Hamming codes. Since then, many other codes with better properties have been discovered; anyhow, Hamming codes are still of independent interest for their application to Finite Geometries and Design Theory (see, for example, [4]). The Hamming code C of length m = (qk 1)/(q 1), k 1, over H − − ≥ F is a code for which the k m parity check matrix H has columns q × that are pairwise linearly independent. We point out that here we do not distinguish between equivalent codes. Since H has rank k, CH is linear of dimension m k. Moreover, any codeword x C is a linear − ∈ H combination of wt(x) columns of H. As a result, wt(CH) = 3 since there exist at least three, but not fewer, linearly dependent columns of H.

Remark 7.2.1 Note that if C is a q-ary linear code of type [m, m k, 3], − m = (qk 1)/(q 1), k 1, then C is the Hamming code since, by − − ≥ standard Linear Algebra, its parity check matrix is equivalent to H.

Example 7.2.2 Let us consider the 4 15 matrix × 100011100010111 010010011011011 H =   . (7.3) 001001010111101    000100101101111      H can be used as a parity check matrix to deﬁne the binary Hamming code of length 15 with 211 words. The codeword CH (0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0) has weight 3. Naturally, H is the generator matrix of the dual code of , which has length 15 and dimension 4. Such a code is called a CH 120 CHAPTER 7. CODES OVER FINITE FIELDS projective code since the columns of the generator matrix represent distinct points in the three dimensional projective space over F2. More generally, the dual of a Hamming code is a projective code (cf. [69]). It is possible to obtain a new code, the extended Hamming code, from the Hamming code CH by simply adding in the same position an element of Fq to all the codewords of CH. In general, by the extended code C of a q-ary code C of length m we shall denote the following subset (m+1) of Fq :

m+1 (c1, . . . , cm, cm+1) (c1, . . . , cm) C, ck = 0 . (7.4) ( | ∈ ) kX=1 7.2.3 Cyclic codes Here we recall some basic results on cyclic codes which can be viewed as the bricks of many other codes, such as the Kerdock and the Preparata codes. Furthermore, some other cyclic codes, as the BCH codes (see, for instance, [53] and [69]) are important because of their many ”real world” applications. A linear [m, k, d]-code C is cyclic if (c , . . . , c , . . . c ) C (c , c , . . . , c ) C. (7.5) 0 i m−1 ∈ ⇒ m−1 0 m−2 ∈ Cyclic codes are easily described in terms of polynomials over the finite field Fq. Let C be a q-ary cyclic code of length m such that q and m are relatively prime. The residue class ring R := F [x]/(xm 1) has the m q − set of polynomials a + a x + ... + a xm−1 a F , 0 i < m { 0 1 m−1 | i ∈ q ≤ } as a system of representatives. Rm can be regarded as an m-dimensional vector space over Fq with vectors (a0, a1, . . . , am−1); therefore, C can be identified with a set of elements of Rm. More precisely, since multiplication by x in this ring is equivalent to a cyclic permutation of the coefficients of any representative, C corresponds to an ideal in Rm. Fur- thermore, C is generated by the unique monic polynomial g(x) of the smallest degree; this polynomial divides xm 1 in F [x], since each ideal − q in this ring is principal (see Section 1.3). The polynomial g(x) is called the generator polynomial of C, and the polynomial h(x) := (xm 1)/g(x) − is defined to be the parity check polynomial of C. Note, in particular, that the constant term of h(x) is non-zero. 7.2. SOME FAMILIES OF q-ARY CODES 121

Theorem 7.2.3 Let C be a q-ary code of length m with generator polynomial g(x) of degree r and parity check polynomial h(x). Then the following hold:

(i) C is a code of dimension m r; − ⊥ deg(h(x)) −1 (ii) C is a cyclic code with generator polynomial (x h(x ))/h0, where h(x) is the parity check polynomial of C and where h0 is the constant term of h(x).

Proof: (i) Let f(x) be a representative in Fq[x] of an element f(x) in Rm. Divide f(x) by h(x) to obtain

f(x) = q(x)h(x) + r(x), (7.6) where deg(r(x)) < m r. Next, multiplying both sides of (7.6) by g(x) − yields g(x)f(x) r(x)g(x) mod(xm 1). ≡ − Thus, a basis of C is given by the set g(x), . . . , xm−r−1g(x) . (Note { } that we used the same notation for the polynomial g(x) F [x] and its ∈ q residue class in Rm. It is easy to understand from the context what is meant.) (ii) Since g(x)h(x) = xm 1, g(x−1)h(x−1) = 1 x−m; hence, − − xm−rh(x−1)g(x−1)xr = xm 1. − This means that xm−rh(x−1) divides xm 1 and so the claim follows. m−r −1 − Note that we need to divide x h(x ) by h0 to have a monic polynomial. ✷ All cyclic codes of length m are completely determined by the decomposition over F of the polynomial xm 1 into monic irreducible factors, q − which are distinct by the hypothesis (q, m) = 1 (see Section 3.1 and, for example, [50] for more details). We brieﬂy recall that

xm 1 = M (s)(x). (7.7) − sY∈Rc

Here Rc is a set of representatives for the cyclotomic classes

C := s,sq,...,sqms−1 , s { } and ms is the least non-negative integer such that

sqms s (mod m). ≡ 122 CHAPTER 7. CODES OVER FINITE FIELDS

Moreover, M (s)(x) := (x αj), − jY∈Cs where α is a primitive m-th root of unity.

Example 7.2.4 Set q = 2 and m = 4. The cyclotomic polynomial of degree 15 factors over F2 as follows:

x15 1 = (x 1)(x2 +x+1)(x4 +x+1)(x4 +x3 +1)(x4 +x3 +x2 +x+1). − − In fact, there are 5 cyclotomic classes:

C = 0 ,C = 1, 2, 4, 8 ,C = 3, 6, 12, 9 , 0 { } 1 { } 3 { } C = 5, 10 ,C = 7, 14, 13, 11 . 5 { } 7 { } Moreover,

M (0)(x) = x 1 − M (1)(x) = (x α)(x α2)(x α4)(x α8) = x4 + x + 1, − − − − M (3)(x) = (x α3)(x α6)(x α9)(x α12) = x4 + x3 + x2 + x + 1, − − − − M (5)(x) = (x α5)(x α10) = x2 + x + 1, − − M (7)(x) = (x α7)(x α11)(x α13)(x α14) = x4 + x3 + 1, − − − − where α is a root of the primitive polynomial x4 + x + 1. There are 32 cyclic codes of length 15, corresponding to all possible factors of x15 1. − Among them there is the [15, 11, 3] code with generator polynomial x4 + x3 + x2 + x + 1 and parity check polynomial x11 + x10 + x6 + x5 + x + 1. An easy computation shows that the parity check matrix of this code is equivalent to (7.3).

Cyclic codes can be also described in terms of special polynomials. More explicitly, we recall from Deﬁnition 3.1.2 that an element e(x) 2 ∈ Rm is said to be idempotent if (e(x)) = e(x).

Theorem 7.2.5 Let C be a q-ary cyclic code of length m, (q, m) = 1, with generator polynomial g(x) and parity check polynomial h(x). Then there exists a unique idempotent element e(x) R which generates C ∈ m and such that, for each element p(x) C, ∈ p(x)e(x) = p(x) (7.8)

in Rm. 7.2. SOME FAMILIES OF q-ARY CODES 123

Proof: Since (q, m) = 1, the polynomial xm 1 does not have multiple − roots; so g(x) and h(x) are relatively prime in Fq[x]. Therefore, there exist two polynomials a(x) and b(x) in Fq[x] such that a(x)g(x) + b(x)h(x) = 1. (7.9)

Now, set c(x) := a(x)g(x) = 1 b(x)h(x). If u(x)g(x) is any codeword − in C, then

c(x)u(x)g(x) = u(x)g(x) b(x)h(x)u(x)g(x) u(x)g(x) mod(xm 1). − ≡ − Let e(x) be the residue of c(x) modulo xm 1. By the discus- − sion above, e(x) is an idempotent in Rm and satisﬁes (7.8). Further- more, (7.8) implies that e(x) is a generator of C, since every codeword can be written as a multiple of e(x). Finally, suppose there exists an idempotent q(x) R which generates C and satisﬁes (7.8). Clearly, ∈ m e(x) = f(x)q(x) in Rm; so, by (7.8), q(x) = e(x)q(x) = f(x)(q(x))2 = f(x)q(x) = e(x). ✷

Codes corresponding to minimal ideals in Rm are called minimal cyclic codes (or irreducible cyclic codes). For example, cyclic codes generated by (xm 1)/M (s)(x) are irreducible, since M (s)(x) is an ir- − reducible polynomial over Fq. Furthermore, any minimal code Mi corresponds to an irreducible factor of xm 1. Indeed, the parity check − polynomial h(x) of Mi generates a maximal ideal in Rm; therefore, h(x) is irreducible and coincides with one of the M (s)(x)’s. The idempotent of a cyclic code is called primitive and denoted by θi(x). Observe that, by deﬁnition, the primitive idempotent θs(x) of the code generated by (xm 1)/M (s)(x) does not vanish for x = αj, where − j C and where α is a primitive m-th root of unity. This remark allows ∈ s to compute primitive idempotents.

Example 7.2.6 The primitive idempotents in Example 7.2.4 are given by 14 i θ0(x) = i=0 x , 12 9 8 6 4 3 2 θ1(x) = x + x + x + x + x + x + x + x, P14 13 12 11 9 8 7 6 4 3 2 θ3(x) = x + x + x + x + x + x + x + x + x + x + x + x, 14 13 11 10 8 7 5 4 2 θ5(x) = x + x + x + x + x + x + x + x + x + x, 14 13 12 11 9 7 6 3 θ7(x) = x + x + x + x + x + x + x + x .

Some basic properties of primitive idempotents are recalled in the following result. 124 CHAPTER 7. CODES OVER FINITE FIELDS

Theorem 7.2.7 Let θ (x) be the primitive idempotents correspond- { s }s ing to the polynomials (xm 1)/M (s)(x) . Then { − }s i) θ (x)θ (x) = 0, for i = j; i j 6

ii) s θs(x) = 1; iii) P1 θ (x) ... θ (x) is the idempotent of the code generated by − i1 − − ik the polynomial M (i1)(x) M (ik)(x). ··· Proof: For a proof see, for instance, [69]. ✷ The idempotent of the dual code of a code C can be described in terms of the idempotent of C. If a(x) = a + a x + ... + a xm−1 0 1 m−1 ∈ Fq[x], set

∗ m−1 m−1 a (x) = x a(1/x) = a0x + ... + am−1. (7.10)

Then the following holds.

Proposition 7.2.8 Let C be a q-ary cyclic code of length m with idempotent e(x). The idempotent of the dual code C⊥ is (1 e(x))∗. − Proof: Clearly, (1 e(x))∗ is idempotent since e(x) is. Consider now − the m-th roots of unity β1, . . . , βm. Suppose further that e(βi) = 0, 1 i t, and e(β ) = 0 otherwise. Since e(x) is an idempotent in R , ≤ ≤ i 6 m e(β )(e(β ) 1) = 0 for each root of unity. Therefore, 1 e(x) vanishes i i − − for x = β , t + 1 i m. In other words, 1 e(x) generates the same i ≤ ≤ − ideal as the parity check polynomial of the code C. Thus, by Theorem 7.2.3, (1 e(x))∗ generates the dual code of C. ✷ − 7.2.4 Reed-Muller codes We shall now describe a class of linear binary codes which were introduced by D. E. Muller and I. S. Reed in 1954, the Reed-Muller codes. They are closely related to Finite Geometries, since they can be described in terms of characteristic functions of affine spaces. Here we mainly focus on their description via Boolean functions which will play a major role in our approach to Kerdock codes. For more details, the reader is referred to [4]. Let f : F(l) F be a Boolean function in l variables x , . . . , x . 2 → 2 1 l Alternatively, f can be regarded as a polynomial in F [x , . . . , x ]/(x2 2 1 l 1 − x , . . . , x2 x ) of degree at most l. The Reed-Muller code (r, l) of 1 l − l R order r and length m = 2l is the set of all possible values of Boolean 7.2. SOME FAMILIES OF q-ARY CODES 125 functions of degree at most r. Clearly, (r, l) is a linear code (the sum R of two Boolean functions is a Boolean function) of dimension k = 1 + l l 1 +...+ r , where k is the number of monomials in x1, . . . , xl of degree at most r. We recall some basic properties of Reed-Muller codes. Theorem 7.2.9 The following properties hold: i) (0, l) = 0, 1 ; R { } ii) (l, l) = F(m), where m = 2l; R 2 iii) the minimum distance of (r, l) is 2l−r. R iv) the dual code of (r, l) is (l r 1, l). R R − − Proof: For details and proofs the reader is referred, for example, to [69]. ✷ The Reed-Muller code can be regarded as a special case of a more general family of codes. First, recall that the shortened r-th order generalized Reed-Muller code (r, l)∗ over F of length m = ql 1 is R q − the cyclic code R with generator polynomial g(x) := (x αj). (7.11) − Yj In (7.11) α is a primitive element in Fql and the product ranges over the set of integers j with 0 j < ql 1, 0 w (j) < (q 1)l r, ≤ − ≤ q − − where wq(j) denotes the sum of the coefficients in the expansion of j in the q-ary number system, i.e. m−1 m−1 i j = ξiq , wq(j) = ξi, Xi=0 Xi=0 (see also Section 1.4). Then, the r-th order Generalized Reed-Muller code is defined to be the extended code R. For binary codes, the following holds. Proposition 7.2.10 The r-th order binary generalized Reed-Muller code of length 2m is equivalent to the r-th order Reed-Muller code. Proof: For a proof see [69]. ✷ Remark 7.2.11 By Theorem 7.2.9, the dual of (1, l) is the [2l, 2l R − 1 l, 4] Reed-Muller code (l 2, l). In particular, the shortened code − R − (l 2, l)∗ is a [2l 1, 2l 1 l, 3]-code. Therefore, by Remark 7.2.1, R − − − − the dual code of (1, l) is the extended Hamming code of length 2l. R 126 CHAPTER 7. CODES OVER FINITE FIELDS

7.3 Duality between codes

The weights of the codewords of a q-ary linear code C of length m are related to the weights of the codewords of the dual code C⊥. In this section, we recall this relationship which is known as the MacWilliams Identity [53]. This theorem can be viewed as a special case of a more general identity between speciﬁc elements of a suitable group algebra. Let t1, . . . , tm be m formal indeterminates. For any element x = (m) x x1 xm (x1, . . . , xm) in Fq , set t := t1 . . . tm . The set

G := tx x F(m) { | ∈ q } is an abelian group with respect to the product:

tx ty = (tx1 . . . txm ) (ty1 . . . tym ) := tx1+y1 . . . txm+ym , · 1 m · 1 m 1 m where x + y F , 1 i m. Denote now by C[G] the set of elements i i ∈ q ≤ ≤ g = g(t) := α tx, α C. (7.12) x x ∈ F(m) x∈Xq

C[G] is a commutative, unitary C-algebra, with respect to the following operations: for any g, h C[G] and for any β C, ∈ ∈ i)

x y z g + h = αxt + βyt := (αx + βy)t ; F(m) F(m) F(m) x∈Xq y∈Xq x+y=Xz∈ q

ii)

x y z gh =  αxt   βyt  := αrβz−rt ; x∈F(m) y∈F(m) z,r∈F(m)  Xq   Xq  Xq     iii)

x x βg = β  αxt  := (βαx)t . x∈F(m) x∈F(m)  Xq  Xq   The MacWilliams Identity relates speciﬁc elements in the group algebra C[G]. The weight enumerator of an element g C[G] as in ∈ 7.3. DUALITY BETWEEN CODES 127

(7.12) is the formal sum in C[W, X] given by

m−wt(x) wt(x) Eg(W, X) := αxW X (7.13) F(m) x∈Xq n = α W m−kXk = A W m−kXk.  x k kX=0 wtX(x)=k kX=0   The coeﬃcients Ak = wt(x)=k αx give the weight distribution of g. Remark 7.3.1 Let CPbe a q-ary code. C can be viewed as an abelian subgroup of of C[G] under the embedding c tc, where c C. More- 7→ ∈ over, the element g (t) = tc C[G] C ∈ cX∈C is called the generating function of C. The polynomial

m−wt(c) wt(c) HammC (W, X) := EgC (t)(W, X) = W X cX∈C is called the Hamming weight enumerator of C and the Ak’s give the weight distribution of C, i.e. Ak is the number of codewords of C of weight k.

We recall that a character of an abelian group (A; ) is any homo- ∗ morphism from A to (C∗; ), the multiplicative group of non-zero complex · numbers. t Let χ be any non-trivial character of (Fq; +), where q = p . For any (m) u Fq , deﬁne the map ∈ χ : C[G] C∗ u → by setting

χ α tx = α χ( u, x ), u  x  x h i x∈F(m) x∈F(m)  Xq  Xq   where u, x denotes the inner product in (7.2). As observed in Remark h i 7.3.1, a q-ary code can be embedded in C[G]. Thus, χu can be restricted to C. By abuse of notation, we will denote this restriction by χu.

Lemma 7.3.2 Let C be a q-ary linear code. Then

i) χu is a character of the additive group (C; +); 128 CHAPTER 7. CODES OVER FINITE FIELDS

ii) χ is trivial if and only if u C⊥; u ∈ iii)

C if u C⊥ χu(c) = | | ∈ ( 0 otherwise. cX∈C Proof: Since C is an additive group and χ is a character, i) easily follows. As for ii), observe that, if u C⊥, then χ (c) = 1, for each ∈ u c C. Conversely, if χ is trivial, we have ∈ u 1 = χ (c) = χ( u, c ), u h i for each c C. Therefore, u is an element of C⊥, since, by hypothesis, ∈ χ is not trivial. Finally, iii) can be proved as follows. If u C⊥, by ii), ∈ χu is trivial and, clearly,

χ (c) = C . u | | cX∈C

If u is not an element of the dual code of C, there exists c0 such that χ (c ) = 1. Thus, u 0 6

χu(c0) χu(c) = χu(c0 + c) = χu(c). cX∈C cX∈C cX∈C This implies χu(c) = 0. cX∈C ✷

Let g be an element as in (7.12) such that M := F(m) αx = 0. x∈ q 6 The MacWilliams transform of g is P 1 g(t) := χ (g)tx C[G]. (7.14) M x ∈ F(m) x∈Xq b The following theorem holds.

Theorem 7.3.3 (MacWilliams’ Identity) Take g as in (7.12) such that M := F(m) αx = 0. Then x∈ q 6 P 1 E (W, X) = E W + (q 1)X,W X) . (7.15) g M g − − b 7.3. DUALITY BETWEEN CODES 129

Proof: The reader is referred, for example, to [53] for a proof. ✷ The specialization of (7.15) to linear codes yields

Theorem 7.3.4 Let C be an [m, k, d] code over Fq with Hamming weight enumerator HammC (W, X) and let HammC⊥ (W, X) be the weight enumerator of C⊥. Then

−k Hamm ⊥ (W, X) = q Hamm W + (q 1)X,W X) . C C − − Proof: If g is the generating function of C then, by Remark 7.3.1, (7.15) becomes

E (W, X) = q−kHamm W + (q 1)X,W X) . g C − − On the otherb hand, by Lemma 7.3.2,

−k x g(t) = q χx(c)t F(m) c∈C x∈Xq X b equals the generating function of C⊥. Thus the claim follows. ✷

Example 7.3.5 Consider the Hamming code described in Example CH 7.2.2. The weight enumerator of can be determined by applying the CH result above. By direct computations, the weight enumerator of ⊥ is CH W 15 + 15W 7X8. Therefore, by Theorem 7.3.4, the weight enumerator of is CH 1 15 (W + X)15 + (W + X)7(W X)8 = W 15 + 35X3W 12 16 16 −

+105X4W 11 + 168X5W 10 + 280X6W 9 + 435X7W 8 + 435X8W 7

+280X9W 6 + 168X10W 5 + 105X11W 4 + 35X12W 3 + X15.

By Theorem 7.3.4, the weight distribution of a linear code C is the MacWilliams transform of the weight distribution of the dual code C⊥. Nonetheless, this may happen for nonlinear codes as well.

Deﬁnition 7.3.6 Two nonlinear codes are formal duals if the weight distribution of one of them is the MacWilliams transform of the weight distribution of the other. 130 CHAPTER 7. CODES OVER FINITE FIELDS

We conclude this section by recalling another important function used to describe properties of codes. Let C be a code of type (n, M, d). The distance enumerator of C is given by the formal sum n k BC (z) := Bkz , (7.16) kX=0 where, for any non-negative integer k, 0 k n, ≤ ≤ 1 B := (x, y): x, y C, d (x, y) = k . k M |{ ∈ H }|

The numbers Bk give the distance distribution of C. Remark 7.3.7 Suppose that C is a distance invariant code, i.e. a code such that, for any codewords c1, c2, the number of codewords at distance i from c1 equals the number of codewords at distance i from c2. If, additionally, C contains the word 0, then the weight distribution coincides with the distance distribution.

7.4 Some families of nonlinear q-ary codes

In this section, we will describe two families of nonlinear codes, the Kerdock codes and the Preparata codes. Aside from their excellent error correcting capabilities, these codes are also formal duals (see Deﬁnition 7.3.6). For other examples of q-ary nonlinear codes the reader is referred, for instance, to [14] and to [53].

7.4.1 Binary Kerdock codes Binary Kerdock codes were originally introduced by A. M. Kerdock in 1972 [45]. Since then, they have been investigated by many authors for their properties and their relationships with Symplectic and Orthogonal Finite Geometries. In 1982, W. M. Kantor (see [40], [41], [42]) explicitly constructed inﬁnitely many families of inequivalent Kerdock codes, all of them with the same weight distribution. In this section, we will basically pursue his approach to describe Kerdock codes and to discuss some of their properties.

7.4.2 Kerdock sets To begin with, we need to recall some elementary facts of Symplectic Geometry over finite fields. For more details on this topic, see, for example, [21]. Let V be a vector space of dimension m over the finite field 7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES 131

F , q = 2r. A quadratic form over V is a map Q : V F such that, q → q for all λ, µ F and v, w V , ∈ q ∈ Q(λv + µw) = λ2Q(v) + µ2Q(w) + λµf(v, w), (7.17) where f is a bilinear form over V V . Note that f is determined by Q × since

f(v, w) = Q(v + w) + Q(v) + Q(w), v, w V. ∈ Moreover,

f(v, v) = Q(v + v) + Q(v) + Q(v) = 0, v V. ∈

Thus, f is a symplectic form over V . Denote by y1, . . . , ym coordinates on V with respect to the canonical basis. By standard facts of Linear Algebra, for any quadratic form Q over V , there exists an integer h, 2 2h m, such that Q can be written as ≤ ≤ h y2i−1y2i + L, Xi=1 where 2h is the rank of the symplectic form corresponding to Q and L is a linear functional over V . In what follows, we shall need the following result.

Lemma 7.4.1 i) The number of 2h-tuples (y , . . . , y ) F(2h) such 1 2h ∈ 2 that h y2i−1y2i = 0 Xi=1 is 22h−1 + 2h−1.

ii) The number of m-tuples (y1, . . . , ym) such that

h m y y + a y = 0, a F , (7.18) 2i−1 2i i i i ∈ 2 Xi=1 i=2Xh+1 is 2m−1.

Proof: i) If h = 1, the claim is trivial. Now,

h+1 h y2i−1y2i = y2i−1y2i + y2h+1y2h+2 := F1 + F2. Xi=1 Xi=1 132 CHAPTER 7. CODES OVER FINITE FIELDS

(h) Therefore, by induction, the number of 2h-tuples (y1, . . . , y2h) F2 2h−1 ∈ h−1 such that F1 = F2 = 0 (respectively F1 = F2 = 1) is 3(2 + 2 ) (respectively 22h−1 2h−1). So the claim follows. − ii) The Boolean function on the left hand side of (7.18) attains the value 0 as many times as the value 1. Thus, the number of solutions of (7.18) is 2m−1. ✷ From now on, let V denote a vector space over Fq, q even, of dimension m, m = 2n.

Definition 7.4.2 A Kerdock set over F is a collection of qm−1 K q symplectic forms over V such that the sum of any two distinct elements in is non-singular. K Clearly, a Kerdock set can be identified with a set of qm−1 symmetric matrices B(k) = (b(k)), where b(k) F , of order m such that the ij ij ∈ q difference of any two matrices has rank m.

Deﬁnition 7.4.3 Two Kerdock sets and are equivalent if there K1 K2 exists a map

K1 −→ K2 M dB−1M φ(B−1)t + C, 7−→ where M = (a ), d F∗, φ Aut(F ), M φ is the matrix (α ) such ij ∈ q ∈ q ij that αij = φ(aij), B is an invertible matrix of order m, and C is an alternating matrix of order m.

By Deﬁnition 7.4.3, we can therefore assume that, up to equivalence, a Kerdock set contains the zero symplectic form.

Example 7.4.4 When m = 2, the only Kerdock set over F2 is given by

0 1 0 0 , . ( 1 0 ! 0 0 !)

Consider, now, the case m = 4. By direct computation, the set of matrices

0 0 0 0 0 1 1 1 0 1 1 0 0 0 0 0 1 0 1 1 1 0 0 0   ,   ,   , 0 0 0 0 1 1 0 1 1 0 0 1        0 0 0 0   1 1 1 0   0 0 1 0              7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES 133

0 0 1 1 0 0 1 0 0 1 0 1 0 0 0 1 0 0 1 1 1 0 1 0   ,   ,   , 1 0 0 0 1 1 0 0 0 1 0 0        1 1 0 0   0 1 0 0   1 0 0 0              0 0 0 1 0 1 0 0 0 0 1 0 1 0 0 1   ,   0 1 0 1 0 0 0 1      1 0 1 0   0 1 1 0          is a Kerdock set over F2.

The existence of Kerdock sets is actually a non-trivial problem related to Finite Geometries over Fq, q even. A complete exposition of the techniques used to construct Kerdock sets can be found in [40], [41]. Here we just show how their construction can be approached in geometrical terms. Fix the quadratic form Q over V given by

Q(y1, . . . , ym) := y1yn+1 + ... + yny2n. (7.19)

A subspace W V is totally singular with respect to Q if Q(w) = 0, ⊂ for each w W . Note that the maximal dimension of totally singu- ∈ lar subspaces of V is n. A vector space V which is equipped with the quadratic form (7.19) is said to be an Ω+(2n, q)-space. An orthogonal spread of an Ω+(2n, q)-space is a family of qn−1 + 1 totally singu- F lar n-dimensional spaces such that every totally singular one-dimensional space of V belongs to exactly one member of . Two orthogonal spreads F and are equivalent if there exists an invertible linear transfor- F1 F2 mation of V which preserves Q and maps elements in to elements F1 in . Now, suppose that n = 2a, a 1. Fix two totally singular 2a- F2 ≥ dimensional subspaces U and W such that U W = 0 , so V = U W . ∩ { } ⊕ Thus, there exist two bases u , . . . , u , w , . . . , w of U and W { 1 2a} { 1 2a} respectively, such that f(ui, wj) = δij, where f is the bilinear form associated with the quadratic form Q. This quadratic form is invariant with respect to linear transformations which, in the chosen basis, have matrices of the form I 0 M † = 2a , (7.20) MI2a ! where I2a is the identity matrix of order 2a and M is an alternating matrix of order 2a. As M varies, the set P † of matrices M † is isomorphic to 134 CHAPTER 7. CODES OVER FINITE FIELDS the abelian group of alternating matrices of order 2a with entries from F . Thus, a Kerdock set can be associated with a subset † of P † of q K K q2a−1 matrices. Under this correspondence, any Kerdock set yields an orthogonal spread of V and vice versa (see [40] for a proof). Therefore, the existence of Kerdock sets is reduced to the construction of orthogonal spreads of an Ω+(4a, q)-space. Kantor in [40] and in [41] describes explicitly inequivalent orthogonal spreads which yield inequivalent Ker- dock sets.

7.4.3 Properties of binary Kerdock codes The first family of Kerdock codes was introduced by Kerdock in 1972. These codes, which are usually denoted by (m), m even, m 4, can be K ≥ described in various ways: see [15], [40] and [45] for details about their different constructions. Anyhow, more families of binary Kerdock codes have been discovered; thus, we shall define them as follows.

Deﬁnition 7.4.5 Let m be an even integer, m 4.A binary Ker- ≥ dock code is a (2m, 22m, 2m−1 2m/2−1) subcode of the Reed-Muller code − (2, m), which is obtained as the union of cosets of the Reed-Muller code R (1, m). R

Kerdock codes can be constructed from Kerdock sets over F2. For each matrix M in a Kerdock set , let QM be an associated quadratic (m) K form over F2 . Consider the set

C( ) := Q (v) + L(v) + c , (7.21) K { M } where M , L varies in the space of linear functionals over F(m), ∈ K 2 c F , and v is any vector in F(m). ∈ 2 2 Theorem 7.4.6 The set C( ) is a Kerdock code. K Proof: As observed in Section 7.2.4, the Reed-Muller code (2, m) is R a binary linear code of length 2m; moreover, its codewords are given by Boolean functions of degree at most two. Thus, C( ) is a subcode of K (2, m) of length 2m. Furthermore, C( ) is a union of cosets of (1, m) R K R with representatives Q , M . Therefore, by Theorem 7.2.9, the M ∈ K number of codewords of C( ) is K 2m−1 (1, m) = 22m. · |R | 7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES 135

C( ) is not linear, since the sum of two codewords lies in a coset of K (1, m) which does not necessarily have one of the elements of as a R K representative. To compute the minimum distance of C( ) we remark that, for any K words c , c , d (c , c ) = wt(c + c ), since c + c (2, m) whether 1 2 H 1 2 1 2 1 2 ∈ R c + c belongs to C( ) or not. On the other hand, by deﬁnition of 1 2 K C( ), c + c may belong either to the subcode (1, m) or to a coset of K 1 2 R the ﬁrst order Reed-Muller code with representative a quadratic form of maximal rank m. In the former case, by Theorem 7.2.9, the weight of m m−1 c1 + c2 may be 0, 2 or 2 ; in the latter case, by Lemma 7.4.1, the weight of c + c may be 2m−1 or 2m−1 2m/2−1. Thus, the minimum 1 2 ± distance of C( ) is 2m−1 2m/2−1. ✷ K −

Remark 7.4.7 The same arguments used to compute the minimum distance of C( ) prove that C( ) is distance invariant (cf. Remark 7.3.7). K K Remarkably, any Kerdock code C has the form C( ), for some Ker- K dock set . Indeed, by Definition 7.4.5, C is a union of 2m−1 cosets of K the first order Reed-Muller code. On the other hand, by Lemma 7.4.1, the difference of any two representatives of such cosets needs to have maximal rank if the minimum distance of C is 2m 2m/2−1. Therefore, − the representatives of the cosets which compose C form a Kerdock set.

Example 7.4.8 (The Nordstrom-Robinson code) For m = 4, the Kerdock code corresponding to the Kerdock set described in Example 7.4.4 is a (16, 256, 6) nonlinear code. In [67], Snover proves that there exists a unique nonlinear code with such parameters, which is called the Nordstrom-Robinson code . N16 Equivalent Kerdock codes correspond to equivalent Kerdock sets. More precisely, the following holds.

Theorem 7.4.9 Let and be two Kerdock sets over F . Then K1 K2 2 C( ) and C( ) are equivalent codes if and only if is equivalent to K1 K2 K1 . K2 Proof: For a proof, the reader is referred to [42]. ✷ Although Kerdock codes may be inequivalent, they all have the same weight enumerator, which, by Remark 7.4.7, is also the distance enumerator. 136 CHAPTER 7. CODES OVER FINITE FIELDS

Theorem 7.4.10 The weight enumerator of a Kerdock code C of length 2m, m even, m 4, is ≥ m−1 (m/2)−1 K(z) = 1 + (22m−1 2m)z2 −2 − (7.22) m−1 (m/2)−1 m−1 m + (22m−1 2m)z2 +2 + (2m+1 2)z2 + z2 . − − Proof: Up to equivalence, we can assume that C contains the first order Reed-Muller code (1, m); hence, by Theorem 7.2.9, C has one word of R weight 0, one word of weight 2m and 2m+1 2 words of weight 2m−1. − Moreover, by Lemma 7.4.1, all other words of C have weight 2m−1 ± 2(m/2)−1. Trivially, if a codeword c has weight 2m−1 2(m/2)−1, then − m−1 (m/2)−1 c+1 has weight 2m−1 +2(m/2)−1. Thus, the coefficients of z2 ±2 are both 22m−1 2m. ✷ − 7.4.4 Classical Preparata codes In [61], P. Preparata introduced a class of double-correcting non-linear codes (2) (see Definition 7.4.11 for notation) with a remarkably large P number of codewords in terms of their length and their minimum distance. Since then, many other families with the same properties have been introduced. In this section, we will recall the definition of these codes by following [6]. Moreover, we shall discuss the formal duality of the extended Preparata code (σ) with the Kerdock code (m). P K 7.4.5 Basic properties All through this section, let t be an odd integer, t 3. Set also n = 2t 1 σ ≥ − and F = F t . Let x x be an automorphism of F , i.e., σ is a power of 2 7→ 2, such that (σ 1, n) = 1. If U is a subset of F , then χ(U) will denote ± the characteristic vector of U of length 2t.

Deﬁnition 7.4.11 The extended Preparata code (σ) is the set of P words [χ(U), χ(V )], where U and V are subsets of F such that:

(P1) U and V are even, | | | |

(P2) u∈U u = v∈V v, P σ+1P σ+1 σ+1 (P3) u∈U u + ( u∈U u) = v∈V v . P P P 7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES 137

Without loss of generality, we can assume that 0 F is the first element ∈ in U and the first element in V . The classical Preparata code (σ) is P obtained from the extended code (σ) by dropping the first coordinate P in each codeword. We summarize the main properties of (σ) in the P following theorem: for a proof see [6].

Theorem 7.4.12 The extended Preparata code (σ) is a binary non- t+1 P linear (2t+1, 22 −2t−2, 6) code. Moreover, it is distance invariant.

Clearly, by Theorem 7.4.12, the nonlinear binary code (σ) is a (2t+1 t+1 P − 1, 22 −2t−2, 5)-code. Moreover, it is a nearly perfect code (see [14]).

Example 7.4.13 For t = 3, σ = 4, the code (4) has length 16, min- P imum distance 6, and 256 codewords. As explained in Example 7.4.8, this is the Nordstrom-Robinson code, which, incidentally, coincides with the Kerdock code (4). K We end this section with some remarks about the weight distribution of Preparata codes. To begin with, in [27], the weight distribution of any nearly perfect code is determined. Accordingly, the weight distribution of the extended Preparata code can be completely computed. In particular, when σ = 2, the extended Preparata code (2) of length 2m and the P Kerdock code (m) satisfy the following result. K Theorem 7.4.14 The weight distribution of (2) is the MacWilliams P transform of the weight distribution of (m), m even, m 4. K ≥ Proof: The reader is referred to [53]. ✷ Thus, by Deﬁnition 7.3.6, (2) and (m) are formal duals. Their P K formal duality has been an object of study for years. Arguably, the existence of inﬁnitely many families of Kerdock codes with the same weight distribution and the existence of many other Preparata codes seemed to suggest that the relationship in Theorem 7.4.14 was merely a coincidence. Although this may be true for many versions of these codes, we will show in Chapter 8 that suitable Kerdock codes and Preparata codes can be related in a deeper algebraic sense in terms of Galois Ring Theory.

7.4.6 Preparata codes and Hamming codes In Section 7.4.3, Kerdock codes of length 2m were deﬁned as a union of cosets of the ﬁrst order Reed-Muller code (1, m) in the second order R 138 CHAPTER 7. CODES OVER FINITE FIELDS

Reed-Muller code. By Theorem 7.2.9, the dual of (1, m) is the extended R Hamming code of length 2m. In this section, we will show that Hm Hm can also be constructed from Preparata codes. Set t = m 1, m even, m 4. For the sake of simplicity, denote − ≥ by C the code (σ). Now, for any α F ∗, deﬁne C to be the code 0 P ∈ α obtained by adding the word cα = [χ(U), χ(V )] corresponding to the sets U = V = 0, α to every word of C . { } 0

Lemma 7.4.15 1. The minimum weight of the code Cα is 4, for each α F ∗. ∈ 2. C C = 0, α = α F ∗. α1 ∩ α2 1 6 2 ∈ Proof: 1. Since the extended Preparata code is invariant with respect to the Hamming distance, and its minimum distance is 6, for any x C , ∈ α wt(x) = d (x, 0) 6 r + 4 r = 10 2r, H ≥ − − − where r is the number of 1’s which appear both in a word of minimum weight 6 and in a word of minimum weight 4. Since r 4, it suﬃces to ≤ show that there are no words of minimum weight 2 in Cα. Suppose that such a word exists, say c. Then, c would correspond to the two subsets 0, α , 0, γ, α, β of F , where α, β, and γ are distinct elements in F ∗. { } { } This would contradict (P 2), so the claim follows. 2. Suppose there exists c C C , c = 0 such that c = c + c = ∈ α1 ∩ α2 6 α1 1 c + c , where c (σ) and c C , i = 1, 2. Thus, d (c , c ) = α2 2 i ∈ P αi ∈ αi H 1 2 wt(c + c ) = 4, whereas the minimum distance of (σ) is 6. ✷ α1 α2 P Deﬁne the code m = Cα. H Fm−1 α∈[ Theorem 7.4.16 is the extended Hamming code of length 2m. Hm Proof: Clearly, the length of is 2m. Additionally, Hm m = 2m−1 (σ) = 22 −m−1. |Hm| |P | Moreover, by Lemma 7.4.15, the minimum weight of is 4. Thus, the Hm theorem is proved if we show that is linear. Let c and c be two Hm 1 2 codewords in . Then, there exist subsets X , Y , and elements α in Hm i i i F , i = 1, 2, such that

c = [χ(X ), χ(Y )] + [χ( 0, α ), χ( 0, α )]. i i i { i} { i} 7.4. SOME FAMILIES OF NONLINEAR q-ARY CODES 139

Proving that c + c belongs to is equivalent to solving the equation 1 2 Hm σ+1 σ+1 s1 + s2 = (γ + s1 + s2 + α1 + α2), (7.23)

σ+1 si = xi∈Xi xi , i = 1, 2, with respect to γ (see [6] for details). Since, under our assumptions, the map x xσ+1 is an automorphism P 7→ of F , (7.23) has a unique solution. ✷ 140 CHAPTER 7. CODES OVER FINITE FIELDS Chapter 8

BASIC NOTIONS ON CODES OVER GALOIS RINGS

In this chapter we give a brief overview of some basic properties of codes over Galois rings. In particular, we focus on the case of codes over n GR(p , 1) = Zpn , which are presently an evolving research topic for several applications. Moreover, we shall discuss in more details codes over Z4 by describing their relationship with binary codes. In this case, a fundamental tool of our analysis is the so called Gray map, which will be used to carry out a Z4-interpretation of the formal duality between binary Kerdock codes and some ”ad hoc” generalizations of the classical Preparata codes.

8.1 Basic properties

In this section, we discuss some basic facts of codes over the Galois ring n n of integers mod p , i.e. Zpn = 0, 1, . . . , p 1 . (m) { − } Denote by Zpn the set of ordered m-tuples (x1, . . . , xm), xi Zpn , (m) ∈ 1 i m. A code C over Z n is a subset of Z n . Two codes over Z n ≤ ≤ p p p are permutation equivalent if one can be obtained from the other by a permutation of coordinate positions (see Section 7.1). (m) The Zpn -module Zpn is equipped with two natural distances: the Hamming distance introduced in (7.1) and the Lee distance, dL, which is deﬁned as follows.

141 142 CHAPTER 8. CODES OVER GALOIS RINGS

Deﬁnition 8.1.1 The Lee weight of an element h Z n is ∈ p wt (h) := min h, pn h . (8.1) L { − } (m) The Lee weight of an element a = (a1, . . . , am) Zpn is the sum of the ∈ (m) (m) Lee weights of its coordinates. The Lee distance d on Z n Z n is L p × p deﬁned by d (x, y) = wt (x y). L L − In addition to the minimum Hamming distance and the minimum Hamming weight, a code over Zpn has also a minimum Lee distance

dL(C) := minv6=w∈C dL(v, w), and a minimum Lee weight

wtL(C) := min06=v∈C wtL(v). In general, the Hamming distance is not a natural metric for measur- ing error-correcting capabilities of codes over rings. Indeed, in communication systems it is more likely that a transmitted symbol is received as a symbol close to it. As an example, consider the code of length 3 over the ring Z8. The Hamming distance between (1, 0, 0) and (h, 0, 0) is 1, for any h Z , h = 1. On the other hand, the Lee distance is more ∈ 8 6 suitable for describing possible errors, since dL depends on the symbol h.

8.1.1 Linear codes over Zpn

A code C over Zpn is linear if it is a subgroup of the abelian group (m) Z n ; + , where the operation + is deﬁned componentwise. We recall h p i that, as observed in (1.6), Section 1.4, any element u Z n can be ∈ p uniquely written as a ﬁnite sum n−1 i u = uip , Xi=0 where 0 u p 1. ≤ i ≤ − Similar to the case of q-ary codes, after a suitable permutation of the coordinates, a non-zero linear code C of length m over Zpn can be described by a generator matrix G of the form

IA0,1 A0,2 A0,3 ...A0,n−1 A0,n 0 pI pA ...... pA G =  1,2 1,n  , (8.2) ......    0 0 0 0 . . . pn−1I pn−1A   n−1,n    8.1. BASIC PROPERTIES 143 where the columns are grouped into blocks of size k0, k1, . . . , kn−1, kn such that ki = m. The notion of elementary row operations on a matrix, and the consequences of it, carries over to Z n with the under- P p standing that only multiplication of a row by a unit in Zpn is allowed, as opposed to multiplication by any non-zero element. All the codewords of C are given by [v0 . . . vn−1]G, where vi is a vector of length ki with k components in Zpn−i . Thus, C contains p words, where

n−1 k = (n i)k . − i Xi=0

n−1 (n−i)ki Therefore, C is called a code of type i=0 p . The dual code of C is the set ⊥ (m) Q C := x Z n x y = 0, y C , { ∈ p | · ∀ ∈ } where m x y = x y . (8.3) · i i Xi=1 A generator matrix of C⊥ is called a parity check matrix of C, as in the case of q-ary codes. If C is a linear code with generator matrix G as in (8.2), then a parity check matrix of C is given by

B0,n B0,n−1 ...B0,2 ...B0,1 I pB pB ...... pB pI H =  1,n 1,n−1 1,2  , ......    pn−1B pn−1I...... 0 0   n−1,n    where the column blocks have the same sizes as in (8.2). Moreover, they are determined by the condition GHT = 0. C⊥ is thus a code of type n (n−i)ki i=1 p . Q 8.1.2 Reed-Muller codes over Zpn (m) Let x1, . . . , xm be coordinates on the vector space Z2 . Recall that each coordinate xi can be viewed as a Boolean function. A general- (m) ized Boolean function is a function f from Z to Z k , k 1. It is 2 2 ≥ straightforward to show that any such function of degree at most r can be uniquely expressed as a linear combination over Z2k of monomials in x1, . . . , xm of degree at most r. For k 1 and 0 r m, the r-th order linear code RM2k (r, m) ≥ m≤ ≤ over Z2k of length 2 is generated by the monomials of degree at most r. 144 CHAPTER 8. CODES OVER GALOIS RINGS

For k > 1 and 0 r m + 1, the r-th order linear code ≤ ≤ m ZRM2k (r, m) over Z2k of length 2 is generated by the monomials of degree at most r 1 together with two times the monomials in the x ’s − i of degree r (with the convention that the monomials of degree 1 and − m + 1 are equal to zero).

The code RM2k (r, m) generalizes the binary Reed-Muller code introduced in Chapter 7. For k = 2, the code ZRM4(r, m) was ﬁrst considered in [11].

The codes RM2k (r, m) and ZRM2k (r, m) contain

r r−1 k m k m k−1 m (2 ) i=0 ( i ) and (2 ) i=0 ( i ) (2 )( r ) · P P words, respectively. These codes are widely used in communication engi- neering and, especially, in Orthogonal Frequency Division Multiplexing (cf. [20] for more details on this topic). Analogously to q-ary Reed- Muller codes, we have

Proposition 8.1.2 i) The minimum Hamming distance of the codes m−r RM2k (r, m) and ZRM2k (r, m) is 2 .

ii) The minimum Lee distance of RM2k (r, m) and of ZRM2k (r, m) are 2m−r and 2m−r+1, respectively.

8.1.3 Cyclic codes over Zpn

A cyclic code of length m over Zpn is a linear code which satisﬁes (7.5). As in Section 7.2.3, cyclic codes can be described in terms of polynomials. m Indeed, the residue class ring := Z n [x]/(x 1) has the set of Rm p − polynomials

m−1 := a + a x + ... + a x a Z n , 0 i < m S { 0 1 m−1 | i ∈ p ≤ } as a system of representatives. can be viewed as a free module of Rm rank m over Zpn with elements given by the m-tuples (a0, a1, . . . , am−1); therefore, C can be identiﬁed with a set of elements of . Since mul- Rm tiplication by x in this ring is equivalent to a cyclic permutation of the coeﬃcients of any representative, C corresponds to an ideal in . Rm In what follows, we will assume (m, p) = 1 so that the polynomial xm 1 does not have multiple factors. − Proposition 8.1.3 The ring is a P.I.D. (see Section 1.3). Rm 8.1. BASIC PROPERTIES 145

Proof: Denote by fj(x) the monic irreducible polynomials which decom- pose xm 1 in Z [x]. By consecutively applying the Hensel Lemma (see − p Theorems 1.4.3 and 3.2.6), there exist polynomials fj(x) which factorize m x 1 in Zpn [x]. As in Section 3.1, we have − e s s Zpn [x] j m = := , R (fj(x)) R jY=1 jY=1 where s is the number of polynomialse in the factorization of xm 1 in − Zpn [x]. Since the polynomials fj(x) are relatively prime (see Deﬁnition 3.2.1), any ideal in m can be written as an intersection R e s Ij, j\=1 where I is an ideal in the local ring j, 1 j s. On the other hand, j R ≤ ≤ I = pmj j, 0 m n. (8.4) j R ≤ j ≤

Indeed, Ij admits a primary decomposition in prime ideals. However, j contains only the prime ideal p j, since the image of any prime ideal R R P of j under the homomorphism j R

j Zp[x] R → (fj(x)) is the zero ideal. Thus, P p j; moreover, p belongs to P , since j ⊂ R j j/P is an integral domain. Therefore, P = p j, and I is described R j j R j as in (8.4). By expanding the product in (8.4) and recalling that, in Zpn [x], (f (x)) (pn−1, f (x)) ... (p, f (x)), j ⊂ j ⊂ j we have I = Ψ(J), where Ψ : Z n [x] is the canonical quotient e pe → Rm e epimorphism and where the ideal

n−1 J = (h0(x), ph1(x), . . . , p hn−1(x)) is determined by the polynomials h (x)’s which are divisors of xm 1 in i − Zpn [x] satisfying

h (x) h (x) ... h (x) h (x) n−1 | n−2 | | 1 | 0 (see Section 1.4). 146 CHAPTER 8. CODES OVER GALOIS RINGS

Finally, to prove the assertion it suﬃces to show that any ideal I has the generator Ψ(g(x)), where g(x) := h (x)+ph (x)+...+pn−1h (x) 0 1 n−1 ∈ Zpn [x]. This follows by induction on n. Indeed, for n = 1 the claim is trivial. For n 2, deﬁne the polynomials ≥ h (x) = (xm 1)/h (x); 0 − 0 h (x) = h (x)/h (x), 1 i n. i i−1 i ≤ ≤ Consider the polynomials

n kj(x) = h0(x) ... hj(x) ... hn(x), i=0 Y c where the hat denotes a missing factor in the product. Since the kj(x)’s are relatively prime in Zpn [x], there exist polynomials aj(x) such that

n aj(x)kj(x) = 1. (8.5) jX=0 n−1 Multiplying both sides of (8.5) by p hn−1(x) yields

n n−1 n−1 aj(x)kj(x)p hn−1(x) = p hn−1(x). (8.6) jX=0 By explicit computation (see [13]), it is easy to show that the polyno- n−1 mial Ψ(p hn−1(x)) belongs to the ideal generated by Ψ(g(x)). By induction, the theorem is completely proved. ✷

Remark 8.1.4 By abuse of notation, we can say that g(x) is the generator polynomial of the cyclic code C over Zpn and the polynomial h(x) = (xm 1)/g(x) determines a parity check polynomial of C. − Example 8.1.5 The factorization of x15 1 in Z [x] can be determined − 4 by the factorization of x15 1 in Z [x] (cf. Example 7.2.4). More pre- − 2 cisely,

x15 1 = (x + 3)(x2 + 3x + 3)(x4 + 2x3 + 2x2 + 3x + 3) − · (x4 + 3x3 + 2x2 + 2x + 3)(x4 + 3x3 + 3x2 + 3x + 3) = f1(x) ... f5(x).

Since there are ﬁvee monic,e basic irreducible factors of x15 1, there exist − 35 quaternary cyclic codes of length 15. 8.1. BASIC PROPERTIES 147

Like codes over finite fields, cyclic codes over Zpn can be described in terms of idempotents. In fact, by Proposition 3.1.3 and Theorem 3.1.4, the finite, unitary, commutative ring can be decomposed into a sum Rm of subrings generated by a set of mutual orthogonal idempotents ej such that j ej = 1. Clearly, any finite sum of idempotents in the set ej is an idempotent itself. This means that any cyclic code has an idempotent P as a generator polynomial. We will give more example of cyclic codes in Section 8.2. We end this section by observing how Proposition 7.2.8 extends to cyclic codes over Z n . As in (7.10), for any polynomial a(x) Z n [x] of p ∈ p degree m 1, set − ∗ m−1 m−1 a (x) = x a(1/x) = a0x + ... + am−1.

Proposition 8.1.6 If C is a cyclic code of length m over Zpn with idempotent e(x), then the code C⊥ has idempotent (1 e(x))∗. − Proof: Let g(x) be a generator polynomial of C. With the same convention adopted in Remark 8.1.4, g(x)h(x) = xm 1, where h(x) is a − parity check polynomial of C. Since e(x)(1 e(x)) = 0 in , 1 e(x) − Rm − is an idempotent element in the ideal (h(x)). On the other hand, by the same arguments of Theorem 7.2.5, which can be easily adapted to this case, (1 e(x)) = (h(x)). Since Theorem 7.2.3 ii) can be generalized to − the case of cyclic codes over Zpn , the claim is completely proved. ✷

8.1.4 Hamming codes over Zpn

Hamming codes over the Galois ring Zpn were first introduced by I. F. Blake in [8]. We briefly recall their definition and compare them with their analogue over finite fields. Let Z be the set

(a , . . . , a ) a zero divisor in Z n . { 1 m | i p } Let (k) (k) µ : Z n Z p −→ p be the homomorphism which reduces mod p the coordinates of any k- (k) (k) tuple in Z n (see Section 1.4). Two elements a, b in Z n Z are deﬁned p p \ to be equivalent if and only if µ(a) and µ(b) are linearly dependent over (k) the Zp-vector space Zp .

(k) k Lemma 8.1.7 The number of equivalence classes of Z n Z is (p p \ − 1)/(p 1). − 148 CHAPTER 8. CODES OVER GALOIS RINGS

(k) (n−1)k k n−1 Proof: The cardinality of Z n Z is p (p 1), since there are p p \ − zero-divisors in Zpn . Moreover, by definition, every equivalence class has (p 1)p(n−1)k elements. ✷ − Now, consider the k (pk 1)/(p 1) matrix H with columns given × − − by representatives of the equivalence classes defined above. Since the columns of H can be chosen to have entries from the set 0, 1, . . . , p 1 , { − } it is natural to define the Hamming code C over the Galois ring Zpn as the code with parity check matrix H. C is thus a code of length (pk − 1)/(p 1), with codewords given as linear combinations, with coefficients − (k) from Zpn , of k independent elements in Zp . Finally, notice that both the minimum Hamming distance and the minimum Lee distance of C are equal to 3, as can be readily checked by the definition of H.

8.2 Linear quaternary codes

In this section, we will focus on linear quaternary codes, i.e. linear codes over Z4. Any such code of length m is permutation equivalent to a code C with generator matrix of the form

I AB G = k1 , (8.7) 0 2Ik2 C !

where the entries in A and in C are 0 or 1, and those in B are from Z4.

A codeword has the form (a1, . . . , ak1+k2 )G, where a1 to ak1 are in Z4 and ak1+1 to ak1+k2 are in Z2. C is called a linear quaternary code of type 4k1 2k2 , since it has 22k1+k2 codewords. If C has generator matrix G, the dual code C⊥ has generator matrix

T T T T B C A C Im−k1−k2 − − T . 2A 2Ik2 0 !

Note that C⊥ is a code of type 4m−k1−k2 2k2 . Example 8.2.1 Consider the 4 8 block matrix G = (I B) with × 4 | elements from Z4, where I4 is the identity matrix of order 4 and B is the matrix 3 1 2 1  1 2 3 1  3 3 3 2    2 3 1 1    The linear code with generator matrix G is a quaternary code of length 6, with 256 codewords, and, by direct computation, minimum Lee weight 8.2. LINEAR QUATERNARY CODES 149

6. This code, which is called the octacode, may be characterized, for example, as the unique self-dual code of length 8 and minimal Lee weight 6 (cf. [18]).

Quaternary cyclic codes have been investigated by many authors for their various applications: see, for instance, [9], [13], and [60]. As observed in Section 8.1.3, and with the same notation adopted there, the s number of Z4-cyclic codes of length m is 3 , where s is the number of basic irreducible polynomial factors of xm 1 over Z . Furthermore, the − 4 following result holds.

Theorem 8.2.2 Suppose C is a quaternary cyclic code of odd length m. Then there exist unique, monic polynomials f(x), g(x), and h(x) such that C corresponds to the image of the ideal (f(x)h(x), 2f(x)g(x)) in , where f(x)g(x)h(x) = xm 1, and C is of type 4deg(g(x))2deg(h(x)). Rm − Proof: The proof is a bit technical and basically depends on the pos- sibility of choosing the polynomials f(x), g(x), and h(x); for details see [60]. ✷ Idempotents of quaternary codes have been also determined explicitly. As discussed in Section 7.2.3, the factorization of the cyclotomic polynomial xm 1 over Z determines a set of mutual orthogonal primi- − 2 tive idempotents θ (x) in Z [x]/(xm 1) (cf. Theorem 7.2.7). It is shown i 2 − in [9] that the polynomials θi(x) allow to determine idempotents ηi(x) in Z [x]/(xm 1) such that 4 − η (x) = 1, η (x)η (x) = 0, i = j. i i j 6 Xi

Example 8.2.3 There exist 27 quaternary cyclic codes of length 7, since

x7 1 = (x 1)(3 + x + 2x2 + x3)(3 + 2x + 3x2 + x3) = f f f . − − 0 1 2 By Theorem 8.2.2, it is possible to ﬁgure out the type of all these codes. Among them, the polynomial f1 generates the octacode introduced in Example 8.2.1. Moreover, from the discussion above, these codes can be described in terms of idempotents as well. Indeed, (see [60]) one has

2 3 4 5 6 η0(x) = 3(1 + x + x + x + x + x + x ), 3 5 6 2 4 η1(x) = 1 + 3(x + x + x ) + 2(x + x + x ), 2 4 3 5 6 η2(x) = 1 + 3(x + x + x ) + 2(x + x + x ). 150 CHAPTER 8. CODES OVER GALOIS RINGS

Unlike binary codes, it is possible to deﬁne diﬀerent weight enumerators for a quaternary code. The complete weight enumerator of a quaternary code C of length m is the polynomial

n0(x) n1(x) n2(x) n3(x) cweC (W, X, Y, Z) := W X Y Z , cX∈C where n (c) := k : x = a, 1 k m a |{ k ≤ ≤ }| is the a-weight of the codeword c = (x1, . . . , xm). Clearly, permutation equivalent codes have the same complete weight enumerator. Usually, the deﬁnition of equivalence between quaternary codes is extended by also allowing a change of signs in some coordinate positions (note that 1 = 3 in Z ). Therefore, the complete weight enumerator is − 4 no longer invariant under this kind of equivalence. This leads to introduce the symmetrized weight enumerator sweC (W, X, Y ), which is given by the polynomial cweC (W, X, Y, X). Another weight enumerator for quaternary codes is the Lee weight enumerator

2m−wtL(c) wtL(c) LeeC (W, X) := W X . cX∈C By (8.1), the Lee weights of 0, 1, 2, 3 Z are 0, 1, 2, 1, respectively. ∈ 4 Therefore, for any codeword c, n1(c) + 2n2(c) + n3(c) = wtL(c) and 2n (c) + n (c) + n (c) = 2m wt (c); thus, 0 1 3 − L 2 2 LeeC (W, X) = sweC (W ,WX,X ). As a last weight enumerator of a quaternary code, we mention the Hamming weight enumerator, which is deﬁned to be the polynomial

HamC (W, X) := sweC (W, X, X). Analogously to binary codes, weight enumerators of quaternary codes can be related via an identity similar to the MacWilliams Identity. In fact, by the same arguments as in Theorem 7.3.3, we have

Theorem 8.2.4 Let C be a linear quaternary code of length m, i.e. C Z(m). Then ⊂ 4 1 cwe ⊥ (W, X, Y, Z) = cwe (W + X + Y + Z,W + iX Y iZ, C C C − − | | W X + Y Z,W iX Y + iZ), − − − − where C is the number of codewords of C, and i2 = 1. | | − 8.2. LINEAR QUATERNARY CODES 151

Corollary 8.2.5 Let C be a linear quaternary code. Then

1 (1) swe ⊥ (W, X, Y ) = swe (W + 2X + Y,W Y,W 2X + Y ); C |C| C − − 1 (2) Lee ⊥ (W, X) = Lee (W + X,W X). C |C| C − Proof: The claim follows from Theorem 8.2.4 and from the deﬁnition of the symmetrized and the Lee weight enumerators. For example, (1) can be preved as follows:

swe (W + 2X + Y,W Y,W 2X + Y ) C − − = cwe (W + 2X + Y,W Y,W 2X + Y,W Y ) C − − − = C cwe ⊥ (W, X, Y, X) = C swe ⊥ (W, X, Y ). | | C | | C ✷ Now, we recall the deﬁnition of the Gray map. Denote by α, β, γ the three maps from Z4 to Z2, deﬁned as follows:

c α(c) β(c) γ(c) 0 0 0 0 1 1 0 1 2 0 1 1 3 1 1 0 .

(m) Clearly, α, β and γ can be extended to Z4 by linearity; we shall here- after denote such extensions by the same letters. Notice that α(i) + β(i) + γ(i) = 0, for each i Z . ∈ 4 Deﬁnition 8.2.6 The Gray map Φ: Z(m) Z(2m) is given by 4 → 2 Φ(c) := (β(c), γ(c)).

Remarkably, the Gray map satisﬁes the following

Theorem 8.2.7 For any a, b Z(m), ∈ 4

dL(a, b) = dH (Φ(a), Φ(b)).

Proof: By (8.1) and Deﬁnition 8.2.6,

wt (a) = n (a) + 2n (a) + n (a) = i : β(a ) = 1, 1 i m L 1 2 3 |{ i ≤ ≤ }| + i : γ(a ) = 1, 1 i m = wt (Φ(a)), |{ i ≤ ≤ }| H 152 CHAPTER 8. CODES OVER GALOIS RINGS where a = (a , . . . , a ) Z(m). Thus, for any a, b Z(m), 1 m ∈ 4 ∈ 4 d (a, b) = wt (a b) = wt (Φ(a b)) = d (Φ(a b), 0). L L − H − H − The claim now follows since

d (Φ(a b), 0) = d (Φ(a), Φ(b)). H − H ✷ The image of a quaternary code C of length m under the Gray map is a binary code of length 2m which is called the binary image of C. ′ In particular, a binary code C is Z4-linear if its coordinates can be arranged so that C′ = Φ(C), for some quaternary linear code C.

Theorem 8.2.8 A binary code C of length 2m is Z4-linear if and only if the following holds:

u, v C = v + u + (u + uσ) (v + vσ) C, (8.8) ∈ ⇒ ∗ ∈ where denotes the componentwise product of two codewords, and, for ∗ any u = (u1, . . . , um, um+1, . . . , u2m),

σ u := (um+1, . . . , u2m, u1, . . . , um).

Proof: For a proof see, for example, [11]. ✷

Corollary 8.2.9 A binary linear code C of length 2m is Z4-linear if and only if the following holds:

u, v C = (u + uσ) (v + vσ) C. (8.9) ∈ ⇒ ∗ ∈ Condition (8.8) is very restrictive, so the binary image of quaternary linear codes is quite often nonlinear. In [12], Calderbank and McGuire used (8.9) to prove the following result.

Theorem 8.2.10 Let C be a binary linear code of length 2m. Suppose further that all non-zero Hamming weights wtH in C, with the possible exception of the codeword 1 = (1,..., 1), are contained in the interval [m a, m + a], where 0 < a < m/5. If C is the binary image of a − quaternary code, then C⊥ has minimum weight at most 5. 8.2. LINEAR QUATERNARY CODES 153

As a corollary, many classical families of linear codes, such as some cyclic codes, cannot be obtained as images of quaternary codes under the Gray map. Nonetheless, it may well be that two nonlinear binary codes are the binary images of two linear quaternary codes which are duals. This leads to the following deﬁnition, which will play a fundamental role in the interpretation of the formal duality between Kerdock codes and Preparata codes.

Definition 8.2.11 Let C be a linear quaternary code. The Z4-dual of the binary image of C is the binary image of C⊥. Example 8.2.12 The r-th order Reed-Muller code (r, l) of length R m = 2l, l 1, is Z -linear for r = 0, 1, 2, . . . , l 1, l; indeed, a di- ≥ 4 − rect computation shows that such codes are binary images of the codes ZRM (r, l 1) introduced in Section 8.1.2. In particular, (1, l) is Z - 4 − R 4 linear. On the other hand, (l 2, l), i.e., the extended Hamming code R − of length 2l is not Z -linear for l 5: see [11] for a proof. Therefore, for 4 ≥ l 5, (1, l) and the binary image of Φ(ZRM (1, l 1)⊥) are Z -duals, ≥ R 4 − 4 but not duals as binary codes. Lemma 8.2.13 If C is a linear quaternary code, then Φ(C) is invariant with respect to the Hamming distance. Proof: By Theorem 8.2.7, it suffices to show that C is invariant with respect to the Lee distance. In fact, for c , c C, the map x x+c c 1 2 ∈ → 1− 2 is a bijection between the set of codewords at distance j from c1 and the set of codewords at distance j from c2. ✷ Theorem 8.2.14 If C and C⊥ are dual quaternary codes of length m, the weight enumerators of Φ(C) and Φ(C⊥) satisfy the MacWilliams Identity (cfr. Theorem 7.3.3). Proof: By definition, the weight enumerator of Φ(C) is the polynomial ′ ′ A(W, X) = W 2m−dH (c,c )XdH (c ,c). ′ c ∈XΦ(C) On the other hand, since 0 C, by Corollary 8.2.5 and by Lemma 8.2.13, ∈ we have ′ ′ ′ ′ W 2m−wt(c )Xwt(c ) = W m−wtL(Φ(c ))XwtL(Φ(c )) ′ ⊥ ′ ⊥ c ∈XΦ(C ) c X∈C 1 1 = Lee⊥(W, X) = Lee (W + X,W X) = A(W + X,W X). C C C − C − | | | | ✷ 154 CHAPTER 8. CODES OVER GALOIS RINGS

Remark 8.2.15 The Gray map has been extended to other families of Galois rings. In [16], Carlet deﬁnes a generalization G of the Gray map Φ for codes over the ring Z2n . Analogously to the quaternary case, one can thus introduce the notion of Z2n -linearity and Z2n -duality. More- over, as in Lemma 8.2.13, images of Z2n -codes under G are still distance invariant with respect to the Hamming distance. However, Z2n -dual codes do not satisfy the MacWilliams Identity, but a more complicated relationship.

8.3 Kerdock and Preparata codes revisited

Definition 8.2.11 allows one to provide a deeper interpretation of the formal duality between certain binary nonlinear codes. Actually, the interest in quaternary codes grew in 1994 when Z4-duality was first applied to Kerdock codes and Preparata codes in [11]. Let h (x) Z [x] be a primitive polynomial of degree k (see Def- 2 ∈ 2 inition 2.2.7). By Hensel’s Lemma (see Theorem 1.4.3), there exists a unique monic, irreducible polynomial h(x) Z [x] of degree k such that ∈ 4 h(x) h (x) (mod 2) and h(x) divides xm 1, where m = 2k 1. As ≡ 2 − − observed in Chapter 6, the quotient ring Z4[x]/(h(x)) is a Galois ring with 4k elements. Now, define − to be the cyclic code of length m C4 over Z4 with generator polynomial g(x), the reciprocal polynomial to m − (x 1)/((x 1)h(x)). Consider further the code 4 obtained from 4 − − C − C by adjoining a coordinate c0 to all codewords (c1, . . . , cm) of 4 such m C that i=0 ci = 0. Then the following holds. P Theorem 8.3.1 (see [11], Theorem 10) The binary image of the extended cyclic code of length m, m odd, m 3, under the Gray map C4 ≥ is equivalent to the Kerdock code (m + 1). K The proof of this result is a bit technical and, therefore, is omitted here. We just point out that this theorem is proved by explicitly describing the codewords of in terms of powers of a primitive element ξ of the Galois C4 ring Z4[x]/(h(x)). More explicitly, with the same notation as in Chapter 6, recall that every element c GR(4, k) has a unique representation ∈ c = a+2b, where a and b belong to the Teichmüller set of GR(4, k). Next, denote by f the automorphism of GR(4, k) such that f(a+2b) = a2 +2b2. As viewed in Section 5.2, f generates the group Aut (GR(4, k)). The Z4 relative trace

T (4) : GR(4, k) Z (8.10) → 4 8.3. KERDOCK AND PREPARATA CODES REVISITED 155 is deﬁned by T (4)(c) = c + f(c) + ... + f k−1(c). Then, the code − is C4 given by the set of words c = (c1, . . . , cm) such that

c = T (4)(λξt) + ε, t 1, . . . , m 1 , (8.11) t ∈ { − } where λ GR(4, k), ε Z , and ξ is a primitive element of GR(4, k). ∈ ∈ 4 The code 4 is obtained by adjoining a coordinate c0 Z4 such that m C ∈ i=0 ci = 0. PExample 8.3.2 For m = 3 and h(x) = x3 + 2x2 + x + 1, the generator polynomial of − is g(x) = x3 + 2x2 + x 1. An explicit description of C4 − all codewords and of the generator matrix shows that − is permutation C4 equivalent to the octacode (cf. Example 8.2.1). By Theorem 8.3.1, the binary image of − is the Nordstrom-Robinson code. C4 Since the binary code (m + 1) is simply an extended cyclic code K over Z , it is natural to study the binary image of the dual ⊥. 4 C4 Theorem 8.3.3 (see [11], Theorem 14) The image of ⊥ under the C4 Gray map is a nonlinear code of length 2m+1, m odd, m 3, with m+1 ≥ 22 −2m−2 codewords and minimal distance 6. Moreover, it is distance invariant (with respect to the Hamming distance).

Proof: Obviously, Φ( ⊥) has length 2m+1. It follows from Lemma 8.2.13 C4 and Theorem 8.2.14 that Φ( ⊥) is distance invariant and that its weight C4 distribution is the MacWilliams transform of that of Φ( ). Since the C4 weight enumerator of the binary Kerdock code (m + 1) is known (see K Theorem 7.4.10), the MacWilliams Identity (cf. Theorem 7.15) allows to ⊥ compute the number of codewords and the minimum distance of Φ( 4 ). ✷ C The Z -dual of the Kerdock code (m + 1), for odd m 3, has the 4 K ≥ same parameters of the classical extended Preparata code (2) of length P 2m+1. For m = 3, they coincide: indeed, by Examples 7.4.13 and 8.2.1,

Φ( ⊥) = Φ( ) = = (2). (8.12) C4 C4 N16 P In general, however, there is one essential diﬀerence between Φ( ⊥) C4 and the original extended Preparata code. Indeed, as shown in Theorem 7.4.16, the latter code is contained in the extended Hamming code of length 2m+1. On the contrary, the following holds.

Theorem 8.3.4 For odd m 5, Φ( ⊥) is contained in a nonlinear code ≥ C4 with the same weight distribution as the extended Hamming code of length 2m+1. 156 CHAPTER 8. CODES OVER GALOIS RINGS

Proof: As in Section 8.1.2, the binary image of ZRM4(1, m) is the binary Reed-Muller code (1, m+1), which, as observed in Section 7.4.3, R is contained in the Kerdock code (m + 1). Thus, ZRM (1, m) . K 4 ⊂ C4 Accordingly, by duality,

Φ( ⊥) Φ(ZRM (1, m)⊥). C4 ⊂ 4 ⊥ m Since ZRM4(1, m) is a quaternary code of length 2 and of type 2m−1−m m ⊥ m+1 4 2 , Φ(ZRM4(1, m) ) is a binary code of length 2 . In addition, by Theorem 8.2.14, (1, m) and Φ(ZRM (1, m)⊥) satisfy the R 4 MacWilliams Identity for binary codes. Thus the claim follows. ✷ The formal duality between the Kerdock code (m) and Φ( ⊥) is not K C4 a mystery as the one discussed in Section 7.4.4; in fact, it can be regarded as the binary manifestation of the duality between the corresponding quaternary cyclic preimages. Therefore, it seemed natural (cf. [11]) to consider Φ( ⊥) as a new family of Preparata codes, the Z -Preparata C4 4 codes, which had not been discovered earlier. Actually, other families of Z4-Preparata codes can be constructed. We end this section by recalling how to generate these new codes: we omit most of the proofs because they are rather technical. The reader is referred to [10] for details. In general, the relationship between binary Kerdock codes and their quaternary versions is given in terms of Orthogonal and Symplectic Ge- ometries over a finite dimensional vector space, which is defined via an extraspecial group. We recall that an extraspecial group E is a p- group, p prime, for which the center Z(E) has order p and E/Z(E) is an elementary abelian group (hence a vector space over the finite field Fp). Let V be a vector space of dimension r over Z2. The Euclidean space N r IR , N = 2 , has a canonical basis ev labelled by elements of V . We shall construct an extraspecial group of order 21+2r as a subgroup of O(N, IR), the group of linear transformations of IRN which preserve the standard inner product. To this end, for b V , define the matrices ∈ X(b) := e e ,Y (b) := diag[( 1)b·v], v V, v 7−→ v+b − ∈ where b v denotes the standard inner product on V . The groups X(V ) := · X(a) a V and Y (V ) := Y (b) b V are contained in O(N, IR), { | ∈ } { | ∈ } since the matrices X(b) and Y (b) are permutation matrices. Define E to be the group generated by elements in X(V ) and Y (V ).

Proposition 8.3.5 The group E is an extraspecial group of order 21+2r with center Z(E) = I, I , where I is the identity matrix of order N. { − } 8.3. KERDOCK AND PREPARATA CODES REVISITED 157

Further, every element of E can be uniquely expressed as X(a)Y (b)( I)γ, − a, b V , γ Z . ∈ ∈ 2

Next, under the identiﬁcation of Z(E) with Z2 given by

0 I, → 1 I, → − deﬁne the map Q : E/Z(E) Z by Q(e) = e2, where e is a lifting of e → 2 under the projection of E onto the quotient E/Z(E).

Theorem 8.3.6 The map Q is a well deﬁned, non-singular quadratic form on E/Z(E). Moreover, E/Z(E) is an Ω+(2r, 2)-space (cf. Section 7.4.3).

As explained in Chapter 7, it is possible to construct inequivalent Kerdock codes from orthogonal spreads in E/Z(E). These Kerdock codes are actually binary images of suitably deﬁned quaternary Ker- dock codes. If i C is such that i2 = 1, consider the cyclic group ∈ − iI of order 4 generated by the N N scalar matrix iI. The group h i × F generated by E and by iI has order 22+2r, since E iI = Z(E). h i ∩ h i Moreover, Z(F ) = iI . Therefore, the quotient group F/Z(F ) = F is h i an elementary abelian group of order 22r. The map e

(., .)F : F F Z2 × → −1 −1 (f1, f2)F [f1, f2] = f1 f2 f1f2, e e 7−→ e e is a non-singular symplectic form. Thus, (F, (., .)F ) is called a symplectic space. We brieﬂy recall that a subspace W F is totally ⊂ isotropic if (v, w) = 0, for each v, w F .Ae symplectic spread F ∈ F of the space F (and, more generally, of any 2r-dimensionale symplectic space) is a family of 2r +1 totally isotropic re-dimensional subspaces suche that every non-zeroe vector belongs to one of the elements of . F Analogously to Kerdock sets (cf. Section 7.4.2), symplectic spreads correspond to sets of matrices and vice versa. In fact, denotee by X(V ) and Y (V ) the images of X(V ) and Y (V ) in F ; noticeably, these two subspaces are totally isotropic of maximal dimension. Additionally,e e e X(V ) Y (V ) = F , where F is regarded as a vector space over Z2. ⊕ (r) If v1, . . . , vr is the canonical basis of V = Z , deﬁne xj and yj, e { e } e e 2 j = 1, . . . , r to be X(vj) and Y (vj), respectively. Then, by direct computation, (xj, yt)F = δjt. e e e e e e 158 CHAPTER 8. CODES OVER GALOIS RINGS

Next, ﬁx the basis = x ,..., x , y ,..., y . As in (7.20), consider S { 1 r 1 r} the matrices IP Pe† = e e , e 0 I ! where P is a matrix of order r with entries from Z2. With the choice of the basis , an easy computation shows that the S matrices P † preserve the symplectic form on F if and only if P is a symmetric matrix. Moreover, the map P † P is a group isomorphism 7→ between the set of matrices P † and the additivee group of symmetric matrices of order r with entries from Z2. As for binary Kerdock sets, we have the following

Proposition 8.3.7 There is a bijective correspondence between symplectic spreads and sets of 2r symmetric matrices of order r with entries from Z2, such that the diﬀerence of any two matrices is of maximal rank.

If A is a subspace of a symplectic spread , we denote by P the cor- F A responding matrix. In the sequel, we shall refer to sets of matrices like the ones in Proposition 8.3.7 as quaternarye Kerdock sets.

Remark 8.3.8 Note that the correspondence in Proposition 8.3.7 does not depend on the choice of the two subspaces X(V ) and Y (V ) (the ones used to ﬁx a symplectic basis of F ), since the set of totally isotropic subspaces of F is invariant with respect to the groupe which preservese the symplectic form on F . e e Remark 8.3.9 To recovere quaternary Kerdock codes from quaternary Kerdock sets, the matrix P is ‘lifted’ to a matrix with entries from Z4. This means that, if P = (p ), j, l 1, . . . , r , is a symmetric matrix jl ∈ { } of order r with entries from Z2, the entries 0 and 1 are to be viewed as elements in the ring Z4. Moreover, one deﬁnes η to be the map

η : v vP vT , 7−→ where v V := Z(r). ∈ 4 b b b Deﬁnitionb b 8.3.10 A vector v = (α1, . . . , αr) V is a lift of v = (r) ∈ (a1, . . . , ar) V = Z2 if ai αi (mod 2). ∈ ≡b b Deﬁne further

2 TP (v) := pjjαj + 2 pjlαjαl, Xj Xj

Deﬁnition 8.3.11 The quaternary Kerdock code C( ) of length 2r P is the set T (v) + 2s v + ε , { PA · } where A is a subspace of F , s, v V (v a lift of v), ε Z , and s v ∈ b b ∈ 4 · denotes the inner product (8.3) in V . e b b b b b b Theorem 8.3.12 The binary imageb of a quaternary Kerdock code is a binary Kerdock code.

Proof: The proof of this theorem, whose underlying idea we now briefly discuss, can be found in [10]. As before, let V be the (r + 1)-dimensional vector space over the field Z2 and fix the canonical basis v1, . . . , vr+1. ′ If V is the subspace generated by the vectors v1, . . . , vr, order the coordinates of elements of V such that the first 2r positions are indexed by vectors (v′, 0), v′ V ′, and the last 2r positions by vectors (v′, 1), ∈ v′ V ′. With the same notation as in Proposition 8.3.5, consider the ∈ extraspecial group Er+1 generated by the matrices X(v) and Y (v) and recall that the quotient group Er+1 of Er+1 by the center Z(Er+1) is an Ω+(2r+2, 2)-space. Now, fix an element ω E of order four such that ∈ r+1 the projection ω of ω onto E is nonsingular. The subspace ω⊥/ ω r+1 h i can be given a structure of a symplectic space of dimension 2r associated with the extraspecial group E ωI , where E is the extraspecial group rh i r generated by the matrices X(V ′) and Y (V ′). By standard techniques (see [40]), it is possible to ’lift’ a symplectic spread of the symplec- F tic space ω⊥/ ω to an orthogonal spread of the Ω+(2r + 2, 2)-space h i F defined above. Correspondingly, one can construct ae set of binary K skew-symmetric matrices from the set associated with the symplectic P spread . Furthermore, by the properties of , is actually a binary F P K Kerdock set. Theorem 8.3.12 is thus proved by explicitly checking that e 160 CHAPTER 8. CODES OVER GALOIS RINGS the binary image of the quaternary Kerdock code C( ) is the binary P Kerdock code associated with the Kerdock set . ✷ K Whereas the binary Kerdock codes are nonlinear, the codes C( ) P may be linear as well as nonlinear. In fact, the linearity depends on the sets . More precisely, by recalling Remark 8.3.9, we can state the P following result.

Theorem 8.3.13 The quaternary Kerdock code C( ) is linear if and P only if the set is closed under the sum of matrices over the ﬁeld Z . P 2 Remark 8.3.14 It would be interesting to investigate whether the condition given in Theorem 8.3.13 allows to determine linear subcodes of Φ(C( )), although they are nonlinear. P The Kerdock code (see Theorem 8.3.1) is an example of a (linear) C4 code of the form C( ). Furthermore, the Z -valued quadratic forms, P 4 which deﬁne , can be described in terms of Galois ring theory. First, C4 as in Section 6.2, denote by µ the ring epimorphism

µ : GR(4, k) GF (2, k), → with kernel the Teichm¨uller set of the Galois Ring GR(4, k). Next, T observe that , whose codewords were originally given as in (8.11), can C4 be alternatively described as the set

(4) (−1) (4) (−1) T (λ1µ (v)) + 2T (λ2µ (v)) + ε , n o where v GF (2, k), λ , λ , ε Z and T (4) is the relative trace ∈ 1 2 ∈ T ∈ 4 (8.10). Notice that µ(−1)(v) is just the lift of v as introduced in Deﬁnition 8.3.10. Therefore, the maps

v T (4)(λ µ(−1)(v)), (8.13) 7−→ 1 and v 2T (4)(λ µ(−1)(v)) (8.14) 7−→ 2 are well-deﬁned over GF (2, k). Since µ is an epimorphism and the relative trace is linear, the reader can check that, for any λ in , the 1 T maps in (8.13) are GF (2, k)-linear; likewise, for any λ in , the maps 2 T in (8.14) are Z -valued quadratic forms. As a result, the code has the 4 C4 form C( ). P When C( ) is linear, it makes sense to deﬁne the dual C( )⊥ and P P study properties of the binary image Φ(C( )⊥). As in Theorem 8.3.3, P 8.3. KERDOCK AND PREPARATA CODES REVISITED 161 these codes have the same parameters as the classical Preparata codes. Therefore, any such code is called a Z4-Preparata code. Thus, new families of binary codes arise quite naturally from quaternary Kerdock sets. Indeed, as in the proof of Theorem 8.3.4, we have the following result.

Theorem 8.3.15 For odd r, r 5, no Z -Preparata code of length 2r+1 ≥ 4 is equivalent to any classical (binary) Preparata code.

4 As observed in (8.12), there exist Z4-Preparata codes of length 2 which are equivalent to classical Preparata codes. 162 CHAPTER 8. CODES OVER GALOIS RINGS Bibliography

[1] Allenby R. B. J. T., Rings, Fields and Groups. An introduction to abstract algebra, London, Arnold, 1986.

[2] Artin E., Galois Theory, second edition, Notre Dame Mathematical Lectures, Number 2, Indiana, 1953.

[3] Artin M., Algebra, Englewood Cliﬀ, Prentice Hall, 1991.

[4] Assmus E. F. Jr, Key J. D., Designs and their codes, Cambridge, Cambridge Univ. Press, 1992.

[5] Atiyah M. F. and Macdonald I. G., Introduction to Commutative Algebra, Reading, Massachusetts - Menlo Park, California, Addison - Wesley Publishing Co., 1969.

[6] Baker R. D., van Lint J. H. and Wilson R. M., On the Preparata codes and Goethals codes, IEEE Trans. Inform. Theory, 29 (1983), 342–345.

[7] Bastida J. R., Field Extensions and Galois Theory, Reading- Massachusetts, Addison-Wesley, 1984.

[8] Blake I. F., Codes over integer residue rings, Inform. Control, 29 (1975), 295–300.

[9] Bonnecaze A., Sol´eP., and Calderbank A. R., Quaternary quadratic residue codes and unimodular lattices, IEEE Trans. Inform. Theory, 41 (1995), 366–377.

[10] Calderbank A. R., Cameron P. J., Kantor W. M., Seidel J. J., Z4- Kerdock codes, orthogonal spreads, and extremal euclidean line- sets, Proc. London Math. Soc., 75 (1997), 436–480.

163 164 BIBLIOGRAPHY

[11] Calderbank A. R., Hammons A. R. Jr., Kumar P. V., Sloane N. J. A. and Sole’ P., The Z4 - linearity of Kerdock, Preparata, Goethals and related codes, IEEE Trans. Inform. Theory, 40 (1994), 301–319.

[12] Calderbank A. R., McGuire G., Z4-linear codes obtained as projections of Kerdock and Delsarte-Goethals codes, Lin. Alg. and Appl., 225-228 (1995), 647–665.

[13] Calderbank A. R., Sloane N. J. A., Modular and p-adic cyclic codes, Des., Codes and Cryptogr., 6 (1995), 21–35.

[14] Cameron P. J., van Lint J. H., Designs, Graphs, Codes and their links, London Math. Soc. Student Texts Vol. 22, Cambridge, Cam- bridge University Press, 1991.

[15] Carlet C., A simple description of Kerdock codes, Lecture Notes in Computer Science, 388 (1989), 202–208.

[16] Carlet C., On Z4-Duality, IEEE Trans. Inform. Theory, 41 (1995), 1487–1494.

[17] Cohn P. M., Algebra, vol. II, London-New York-Sydney, J. Wiley and Sons, 1974.

[18] Conway J. H., Sloane N. J. A., Self-dual codes over the integers modulo 4, J. Comb. Theory, Ser. A, 62 (1993), 30–45.

[19] Davenport J., Siret Y. and Tournier E., Computer Algebra: systems and algorithms for algebraic computations, London, Academic Press, 1988.

[20] Davis J. A., Jedwab J, and Paterson G., Codes, Correlations and power control in OFDM, in Diﬀerence Sets, Sequences and their correlation properties, 113–132, eds. Pott A., Kumar P. V. et al., Kluwer Academic Publishers, Boston, 1998.

[21] DieudonnéJ., La géométrie des groupes classiques finis, Berlin- Göttingen-Heidelberg, Springer, 1971.

[22] Edwards H. M., Galois Theory, New York, Springer, 1984.

[23] Eisenbud D., Commutative Algebra, with a view toward Algebraic Geometry, Springer, Berlin, 1995.

[24] Ellis G., Rings and Fields, Oxford, Clarendon Press, 1992. BIBLIOGRAPHY 165

[25] Ganesan N., Properties of rings with a Finite Number of Zero Di- visors II, Math. Annalen, 161 (1965), 241–246. [26] Gilmer R., R-automorphism of R[x], Proc. London Math. Soc., 18 (1968), 427–433. [27] Goethals J. M., Snover S. L., Nearly perfect binary codes, Disc. Math., 3 (1972), 65–88. [28] Goldstein L. J., Abstract Algebra: a first course, Englewood Cliff, Prentice Hall, 1973. [29] Hamming R. W., Error detecting and error correcting codes, Bell Syst. Tech. J., 29 (1950), 147–160. [30] Hartshorne J., Algebraic Geometry, Springer - Verlag, GTM 52, 1977. [31] Herstein I. N., Topics in Algebra, New York - Toronto - London, Blaisdell Pubbl. Co., 1964. [32] Herstein I. N., Abstract Algebra, New York, Mac Millan, 1986. [33] Hirschfeld J. W. P., Projective geometries over finite fields. Second edition, Oxford, Claredon Press, 1998. [34] Hoffman D. G., Leonard D. A. et al., Coding Theory: The essentials, New York, Marcel Dekker, 1991. [35] Hungerford T. W., Algebra, New York-Heidelberg, Springer-Verlag, 1974. [36] Jacobson N., Lectures in Abstract Algebra, vol. III, New York-Toronto-London-Melbourne, American Book-Van Nostrand- Reinhold, 1964. [37] Jacobson N., Basic Algebra I and II, Second Edition, New York, W. H. Freeman and Co., 1995. [38] Janusz G., Separable Algebras over Commutative Rings, Trans. A.M.S., 122 (1966), 461–479. [39] Jungnickel D., Finite Fields: structure and arithmetics, Mannheim, BI-Wiss.-Verl., 1993. [40] Kantor W. M., Spreads, translation planes, and Kerdock sets I, SIAM, J. Alg. Discr. Math., 3 (1982), 151–165. 166 BIBLIOGRAPHY

[41] Kantor W. M., Spreads, translation planes, and Kerdock sets II, SIAM, J. Alg. Discr. Math., 3 (1982), 308–318.

[42] Kantor W. M., An exponential number of generalized Kerdock codes, Inform. Control, 53 (1982), 74–80.

[43] Karpilovsky G., Unit Groups of Classical Rings, Oxford, Claredon, 1988.

[44] Karpilovsky G., Topics in Field Theory, Amsterdam, North- Holland, 1989.

[45] Kerdock A. M., A class of low rate non linear binary codes, Inform. Control, 20 (1972), 182–187.

[46] Klingenberg W., Projective und aﬃne Ebene mit Nachbarele- menten, Math. Z., 60 (1960), 384–406.

[47] Krull W., Algebraische Theorie der Ringe, Math. Ann., 92 (1924), 183–213.

[48] Lang S., Algebraic Number Theory, New York, Springer, 1986.

[49] Lang S., Algebra, Third Ed., Reading-Massachusetts, Addison- Wesley, 1995.

[50] Lidl R., Niederreiter H., Finite Fields, Readings Massachusetts, Addison-Wesley, 1983.

[51] Lidl R., Niederreiter H., Introduction to Finite Fields and Their Applications, Cambridge, Cambridge University Press, 1986.

[52] Machi’ A., Algebra per il Calcolo Simbolico, Roma, Edizioni Kappa, 1995.

[53] MacWilliams F. J., Sloane N. J. A., The Theory of error-correcting codes, Amsterdam, North Holland, 1977.

[54] Malliavin M. - P., Alge`bre Commutative. Applications en Ge´ome´trie et The´orie des Nombres, Paris, Masson, 1984.

[55] Matsumura H., Commutative Algebra, Readings Massachusetts, B. Cummings Publishing Program, 1980.

[56] Mc Donald B. R., Finite Rings with Identity, Inc. New York, Marcell Dekker, 1974. BIBLIOGRAPHY 167

[57] Mc Eliece R. J., Finite ﬁelds for computer scientists and engineers, Boston, Kluwer Accademic Publ., 1987. [58] Motzkin T., The Euclidean Algorithm, Bull. Amer. Math. Soc., 55 (1949), 1142–1146. [59] Niven I. and Zuckerman H. S., An Introduction to the Theory of Numbers. Fourth edition., New York, Wiley, 1980. [60] Pless V., Qian Z., Cyclic Codes and Quadratic Residue Codes over Z4, IEEE Trans. Inform. Theory , 42 (1996), 1594–1600. [61] Preparata F. P., A class of optimum non linear double-error correcting codes, Inform. Control, 13 (1968), 378–400. [62] Pott A., Kumar P. V., Helleseth T., and Jungnickel D., Proceedings of the NATO Advanced Study Institute on Diﬀerence Sets, Sequences and their Correlation Properties, Bad Winsheim, 2-14 August 1998, NATO Science Series C - 542, Dordrecht, Kluwer Academic Pub- lishers, 1999. [63] Raghavendran R., Finite Associative Rings, Compositio Math., 21 (1969), 195–229. [64] Roman S., Field Theory, New York, Springer, 1995. [65] Rose J. S., A Course on Group Theory, Cambridge, Cambridge University Press, 1978. [66] Sharp R. Y., Steps in Commutative Algebra, Cambridge, Cambridge University Press, 1990. [67] Snover S. L., The uniqueness of the Nordstrom-Robinson and Golay binary codes, Ph.D. Thesis, Dept. of Mathematics, Michigan State Univ., 1973. [68] Stewart I., Galois Theory, second edition, London, Chapman and Hall, 1989. [69] van Lint J. H., Introduction to Coding Theory, third edition, New York, Springer, 1998. [70] Weil A., Basic Number Theory, second edition, Berlin-Heidelberg- New York, Springer-Verlag, 1973. [71] Zariski O. and Samuel P., Commutative Algebra (vol I and II), Princeton, Van Nostrand, 1958 and 1960. Index

algebraic element 14 nonlinear - 117 algebraically closed field 17 Nordstrom-Robinson - 135 algebraic closure 17 projective - 120 algebraic integer 13 q-ary - 117 algebraic number 13 Reed-Muller - 124 Artinian ring 7 self-dual 119 associates, elements 12 ternary - 117 automorphism 33 code (over a finite ring) binary image of a - 152 b-adic 20 cyclic - 144 basic irreducible polynomial 51 dual - 143 Boolean function 124 linear - 142 linear quaternary - 148 n (n−i)ki character 127 of type i=1 p , - 143 characteristic ideal 52 quaternary Kerdock - 159 Q characteristic, of a ring 3 RM2k (r, m) - 143 code (over a finite field) Z4-linear - 152 binary - 117 Z4-Preparata - 161 binary Kerdock - 134 ZRM2k (r, m) - 144 classical Preparata - 137 coefficient ring 103 cyclic - 120 commutator 84 distance invariant - 130 conjugate, of an element 34 dual - 119 extended Preparata - 136 Dedekind domain 81 formal dual - 129 degree, of an algebraic element 15 Generalized Reed-Muller - 125 degree, of an extension 16 generating function of - 127 derived group 85 Hamming - 119 derived series 85 linear - 117 distance (m, M, d) - 118 distribution, - 130 [m, k, d] - 118 Hamming - 118 minimal - 123 Lee - 142 nearly-perfect - 137 minimum - 118

168 INDEX 169

minimum Lee - 142 Hensel’s lemma, integral version 22 division ring 35 Hilbert Basis Theorem 18 divisor 12 Homomorphism theorem 2 enumerator idempotent element 39 complete weight - 150 integral domain 1 distance - 130 invertible element 1 Hamming weight - 127, 150 irreducible element 12, 21 Lee weight - 150 symmetrized weight - 150 Jacobson radical 8 weight - of an element 126 Kerdock set 132 equivalent codes 117 K-morphism 60 Euclidean domain 11 Krull dimension 6, 18 Euclidean field 13 Euler function 42 l.c.m 13 extraspecial group 156 lift (of a vector) 158 localization 6 field 1 local morphism 5 finite field 27 local polynomial 67 finite chain ring 116 local ring 5 formal derivative 53 formal power series 7 MacWilliams’ fractional ideal 81 Identity, - 128 Frobenius automorphism 34 transform, - 128 fundamental subfield 3 matrix fundamental subring 3 generator - (over a field) 118 Fundamental generator - (over a ring) 142 Thm. of Algebra 16 parity check - (over a field) 119 Thm. of Arithmetic 7, 41 parity check - (over a ring) 143 maximal ideal 4 Galois correspondence theorem 75 maximal Spectrum, of a ring 5 Galois extension 60, 69 minimal polynomial 15 Galois field 2, 16 m-th power of an ideal 38 Galois ring 7, 20, 26, 43, 80 multiple 12 Gauss integers 12 multiplicative system 6 Gauss lemma 19 g.c.d. 13 Nakayama’s lemma 64 generalized Boolean function 143 Newton binomial formula 94 generalized Hensel’s lemma 46 nilpotency class 10 ghost component 87 nilpotent 1 Gray map 151 nilradical 8 group algebra 126 Noetherian ring 17 170 INDEX n-th cyclotomic field 42 regular polynomial 21, 45 n-th derived group 84 relatively prime ideals 37 n-th root of unity 42 relatively prime polynomials 45 residue field 5 one-group 113 ring extension 63 orthogonal elements 39 semilocal ring 7 p-adic 20, 77 separable element 60, 73 perfect field 61 separable extension 60, 64 permutation equivalence 141 separable polynomial 60, 67 polynomial ring 9 skew-field 35 polynomial (related to codes) simple extension (of a field) 15 generator - 120 simple extension (of a ring) 63 parity check - 120 simple ring 4 primitive idempotent - 123 solvable group 84 primary ideal 44 space primary polynomial 45 symplectic - 157 primary ring 107 Ω+(2n, q) - 133 prime element 12 Specm(R) 5 prime field 3 Spec(R) 5 prime ideal 4 Spectrum, of a ring 5 prime ring 3 splitting field 29, 60 primitive splitting ring 75 element 28 spread element, Theorem of - 65 equivalence 133 polynomial 26, 31 orthogonal - 133 polynomial (Gauss def.) 18 symplectic - 157 P.I.D. 11 strongly separable algebra 82 principal ideal ring 11 subspace principal unit 114 totally singular - 133 projective module 82 totally isotropic - 157 proper divisor 55 proper ideal 3 Teichmüller set 81 transcendent element 9 quadratic field 13 Quasi-Galois ring 79, 105 U.F.D. 12 quaternary Kerdock set 158 unique factorization theorem 18 quotient field 16 unit 1, 12, 21 unramified extension 64 radical ideal 7 radical, of an ideal 7 valuation 11 R-automorphism 69 valuation morphism 15 INDEX 171

Wedderburn’s theorem 35 weight distribution, - 127 Lee - 142 minimum - 118 minimum Lee - 142 Wilson’s theorem 30 Witt vectors 87 word (of an alphabet) 117

Z4-dual 153 Z2n -duality 154 Z2n -linearity 154 zero-divisor 1 Zorn’s lemma 5