Quasi-Cyclic Codes: Represented by Gröbner Bases

Quasi-Cyclic Codes
Represented by Gröbner Bases
Aalborg University
Department of Mathematical Sciences
Thomas H. Skjærbæk • MAT6 • 1. Feb. 2010 15. Jun. 2010
d
Aalborg University
Department of Mathematical Sciences
SYNOPSIS:
d
We will begin by dening modules
TITLE: and submodules. We will show that
submodules are a generalization of
Quasi-Cyclic Codes ideals, and we will generalize the
Represented by Gröbner Gröbner basis theory from ideals to
Bases submodules. Some of the basic the-
ory about linear codes will be con-
PROJECT PERIOD: sider, and we will consider the cyclic
codes. Quasi-cyclic codes, which are
From 1. February 2010 a generalization of the cyclic codes,
To 15. June 2010 will be dened and studied. We
will show that we can use the Gröb-
ner basis theory for modules on the
quasi-cyclic codes to nd a generat-
AUTHOR:
ing set for these.
We will give a method to decode
Reed-Solomon codes by using the
Thomas Hassing Skjærbæk theory about modules and Gröbner
basis, and we will give an algorithm
for converting a Gröbner basis with
Supervisor: respect to one monomial order to a
Gröbner basis with respect to an-
Diego Ruano
other monomial order.
Olav H. Geil In the last chapter we will consider
a decoding method for quasi-cyclic
COPIES: 5
codes that uses their Gröbner basis
representation, and we will discuss
PAGES: 83 this method's weaknesses. We will
then restrict ourself to a specic set
of quasi-cyclic codes and give an al-
gorithm for decoding these.

c Thomas H. Skjærbæk, MAT6
Danish Summary
I Kapitel 1 vil vi introducere moduler and submoduler i en kommutativ ring

Rm , hvor R for det meste er en polynomiumsring k[x1 , . . . , xn ]. Submod-
uler er en generalisering af idealer i R, og det vil derfor være naturligt at
generalisere teorien omkring Gröbner baser for ideals til Gröbner baser for
submoduler. For at kunne gøre dette får du brug for at dene monomiale
m
ordner for R , and vi vil betragte to af de mest almindelige. En divisions
m
algoritme for R vil blive introduceret, med hvilken vi vil være i stand til
m
at dividere et element f ∈ R med et sæt af elements (f 1 , . . . , f s ). Efter vi
m
formelt har deneret Gröbner baser for submoduler i R , vil vi vise at givet
m
en Gröbner base for et submodul M ∈ R og et element f ∈ M , at vi kan
bestemme om f ∈ M. I det sidste afsnit af dette kapitel vil vi betragte endnu
en egenskab af Gröbner baserne. Vi vil vise at givet et sæt af generatorer
(f 1 , . . . , f s ) for et submodul M ⊆ Rm , så vil vi være i stand til at nde et
s
sæt af generatorer for syzygy-modulet Syz(f 1 , . . . , f s ) ⊆ R .
I Kapitel 2 vil vi betragte noget fundamental teori omkring lineære koder. Vi

vil betragte de cykliske koder og vise at disse kan betragtes som idealer i kvo-
n
tient ringen Fq [x]/hx −1i. Quasi-cykliske koder, some er en generalisering af
cykliske koder, vil også blive introduceret. Vi vil vise at quasi-cykliske coder
l m
af længde n = lm kan repræsenteres af submoduler i R /hx − 1i. Det følger,
at det vil være naturligt at repræsentere generatorerne af de quasi-cykliske
coder som Gröbner baser, og vi vil bevise en sætning, som viser strukturen
af disse Gröbner baser.
En speciel klasse af cykliske koder vil blive betragtet i Kapitel 3, nemlig

Reed-Solomon koderne. Vi vil give en metode til at dekode Reed-Solomon
koderne, som benytter noget af den teori, som vi har fra moduler og Gröbner
baser. Til sidst i dette kapitel vil vi give en algorithm til at konvertere en
givet Gröbner baser for et eller andet modul med hensyn til en monomial
orden til en Gröbner base for det samme modul men med hensyn til en
anden monomial orden.
I det sidste kapitel af dette speciale vil vi betragte dekodning af quasi-cykliske
4
coder, hvor vi vil benytte deres Gröbner base repræsentation. Vi vil se at
i denne generelle situation, hvor der er mere en én generator, så vil denne
metode fejle, hvis blot en blok indeholder for mange fejl. Vi vil derfor be-
grænse os til at betragte quasi-cykliske koder genereret af en generator. Den
generelle situation her har stadig en svaghed, som vi vil diskutere, før vi be-
grænser os yderligere til at betragte quasi-cykliske koder med én generator af
en specik form. Vi vil give en algoritme til at dekode disse, og vi vil vise at
denne algorithm er meget eektiv, hvis vores modtagne ord mangler større
dele.
5
Preface
This thesis is written by Thomas Hassing Skjærbæk on the MAT6-semester

at Aalborg University in the period February 1st 2010 to June 15th 2010.
This thesis is written in the main eld of Discrete Mathematics, and it is

a continuation of the MAT5-semester project written in the fall of last year
about Gröbner bases for ideals in the polynomial ring. Throughout the thesis
the computer algebra system Singular (http://www.singular.uni-kl.de/) has
been used to do calculations.
Aalborg, 15th of June 2010.
Thomas Hassing Skjærbæk
6
Contents
Introduction 8
1 Modules 10
1.1 Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.2 Monomial Orders and Gröbner Bases for Modules . . . . . . . 20
1.3 Syzygy Modules . . . . . . . . . . . . . . . . . . . . . . . . . . 43
2 Codes 47
2.1 Linear Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
2.2 Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
2.3 Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . 54
3 Reed-Solomon Decoding 62
3.1 Reed-Solomon Decoding . . . . . . . . . . . . . . . . . . . . . 62
4 Decoding of Quasi-Cyclic Codes 76
4.1 Decoding Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . . 76
4.2 1-Generator Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . 78
Bibliography 83
7
Introduction
In Chapter 1 we will introduce modules and submodules of a commuta-

m
tive ring R , where we will mostly work over the polynomial ring R =
k[x1 , . . . , xn ]. Submodules are a generalisation of ideals of R, whereby it will
be natural to generalize the theory of Gröbner bases for ideals to Gröbner
m
bases for modules. For this we will need to dene monomial orders for R ,
m
and we will consider two of the most common. A division algorithm for R
m
will be introduced, which will allow us to divide an element f ∈ R with
a set of elements (f 1 , . . . , f s ). After the Gröbner bases for submodules of
Rm have been formally dened, we will solve the Submodule Membership
m
Problem; that is, we will show that given an element f ∈ R and a sub-
m
module M ⊆ R we can use a Gröbner basis to determine if f ∈ M . The
last section of this chapter will be devoted to another property of Gröbner
bases, namely the so-called syzygy modules. We will show that given a set
m
of generators (f 1 , . . . , f s ) for a submodule M ⊆ R , we will be able to nd
s
a set of generators for the syzygy module Syz(f 1 , . . . , f s ) ⊆ R .
In Chapter 2 we will consider some basic theory about linear codes. We

will then consider the cyclic codes and show that these can be consider as
n
ideals in the quotient ring Fq [x]/hx − 1i. Quasi-cyclic codes, which are a
generalisation of the cyclic codes, will be introduced. We will show that
quasi-cyclic codes of length n = lm can be represented by submodules of
Rl /hxm − 1i. It follows that it is natural to represent the generators of the
quasi-cyclic codes as Gröbner bases, and we will proof a theorem that shows
the structure of these Gröbner bases.
A special class of cyclic codes will be consider in Chapter 3, namely the Reed-
Solomon codes. We will give a decoding method for the Reed-Solomon codes,
which utilizes some of the theory of modules and Gröbner bases. In the end
of this chapter we will give an algorithm for converting a given Gröbner basis
for some submodule with respect to one order to a reduced Gröbner basis for
the same submodule but with respect to another order.
In the last chapter of this thesis we will consider decoding of quasi-cyclic
8
codes, where we will use their Gröbner basis representation. We will see that
in the general case with more than one generator that this method will fail
if we have just one block with too many errors. We will therefore restrict
ourself to considering 1-generator quasi-cyclic codes. The general case of
these still have a weakness, which we will discuss before restricting ourself to
1-generator quasi-cyclic codes, where the generator has a specic structure.
We will give an algorithm for decoding these, and we will show that this
algorithm is very eective if our received word contains a lot of erasures.
9
Chapter 1
Modules
In this chapter we will introduce modules and submodules over a commuta-

tive ring R. We will see that modules have similarities with ideals, and we
will show that ideals are actually just 1-dimensional modules. The Gröbner
basis theory from ideals will be generalized to modules. To do this we will
m m
need to dene monomial orders for R and give a division algorithm for R .
In the last section of this chapter we will consider Syzygy modules, which
are a special type of submodules. This chapter is based on [Cox et al., 2005,
Section 5.15.3] and [Cox et al., 2007, 15 of Chapter 2].
1.1 Modules
We will begin with the formal denition of a module over a commutative

ring.
Denition 1.1.1 (Modules)

A module over a commutative ring with unity R (or an R-module) is
a set M together with the binary operations addition (+) and scalar
multiplication (·) with the following properties:
(i) M is an abelian group under addition; that is, addition in M is

associative and commutative, there is an additive identity 0 ∈ M,
and each element f ∈ M has an additive inverse −f , satisfying
f + (−f ) = 0,
(ii) For all a∈R and all f, g ∈ M we have a(f + g) = af + ag ,
(iii) For all a, b ∈ R and all f ∈M we have (a + b)f = af + bf ,
(iv) For all a, b ∈ R and all f ∈M we have (ab)f = a(bf ),
(v) If 1 is the multiplicative unity in R, then 1f = f for all f ∈ M.
10
1.1. MODULES
The simplest modules are those equal to Rm over R; that is, the ones that
consist of all m×1 matrices with elements of R, and where addition and
scalar multiplication is dened, respectively, as
         
a1 b1 a1 + b 1 a1 ca1
 a2   b 2   a2 + b 2   a2   ca2 
 ..  +  ..  =  , c  ..  =  ..  ,
         
.
 .   .   .
.   .   . 
am bm am + b m am cam
where ai , bi , c ∈ R, 1 ≤ i ≤ m. Just like we can construct ideals of a ring

R as a subset of R, we can construct submodules of Rm as subsets of Rm ,
which satisfy the conditions in Denition 1.1.1, and which are therefore also
modules. More formally, we have the following denition.
Denition 1.1.2 (Submodules)

Let M ⊆ Rm be R-module, and let N ⊆ Rm be a subset of M . If, for any
f , g ∈ N and a ∈ R, we have af + g ∈ N , then we call N a submodule
of M .
As an example of a submodule of Rm let f 1 , . . . , f s be a set of m×1 matrices.

Then the set
hf 1 , . . . , f s i = {a1 f 1 + · · · + as f s ∈ Rm |ai ∈ R, 1 ≤ i ≤ s}
of all possible R-linear combinations of these m×1 matrices is a sub-

m
module of R . We can generalize this result to any generating set F =
hf 1 , . . . , f i , . . . i ⊆ M , where M is any R-module, by constructing a sub-
module N of M as the collection of all f ∈ M that can be written as
∞
X
f= ai f i ,
i=1
with ai ∈ R , where nitely many ai 6= 0, and f i ∈ F . To P

see that N is
an R-module, note that if f , g ∈ N and a ∈ R, then f = ∞ i=1 ai f i and
g= ∞
P
i=1 bi f i such that
∞
X ∞
X
af + g = a ai f i + bi f i
i=1 i=1
∞
X
= (aai + bi )f i ,
i=1
11
Modules
where aai + bi ∈ R. Thus, af + g ∈ N and N is a submodule of M by

Denition 1.1.2.
If the ring R is a eld k , then the denition of an R-module is the same as that
of a vector space over k . If, however, R is a polynomial ring k[x1 , . . . , xn ],
then the modules can exhibit behavior dierent from vector spaces. We
illustrate this in the following example.
Example 1.1.3
Let R = k[x, y, z] M = hf 1 , f 2 , f 3 i ⊆ R3 ,
be a polynomial ring, and where
     
y z 0
f 1 =  −x  , f 2 =  0  , f 3 =  z  ,
0 −x −y
be an R-module, and consider the 1 × 3 matrix A = [x y z]. Then it is seen

that M = ker A = {f ∈ R3 |Af = 0}. Since Af i = 0 for i = 1, 2, 3 the ⊆
T
inclusion follows. To see the other inclusion consider f = [g1 g2 g3 ] such
that Af = g1 x + g2 y + g3 z . The following relations give the desired inclusion:
g1 = 0 ⇒ g2 = z · something, g3 = y · something,
g2 = 0 ⇒ g1 = z · something, g3 = x · something,
g3 = 0 ⇒ g1 = y · something, g2 = x · something,
and note that if g1 , g2 , g3 are all nonzero, then it follows that
g1 = y · something + z · something,
g2 = x · something + z · something,
g3 = x · something + y · something.
The generating set {f 1 , f 2 , f 3 } is minimal in the sense that M 6= hf i , f j i,

1 ≤ i < j ≤ 3, since f k ∈ / hf i , f j i for k 6= i, j . Now, note that zf 1 − yf 2 +
xf 3 = 0, which shows that the generating vectors is linear dependent. This
property that a minimal generating set it not linearly independent is not
possible with any vector space.
Modules over R is closely related to ideals in R. In fact, ideals are just

1-dimensional R-modules, which can be easily veried. If M ⊆ R is an R-
P∞
module, then M is an ideal in R. Too see this note that if f =
P∞ i=1 ai f i ∈ M
and g = b
i=1 i i f ∈ M , where a ,
i Pbi are nonzero polynomials for a nite set
∞
of i ∈ {1, . . . , ∞}, then f + g = i=1 (ai + bi )f i ∈ M . If further h ∈ R,
12
1.1. MODULES
then hf ∈ M , since this just correspondent to scalar multiplication, which

modules are closed under. Hence, M satises the conditions for an ideal in R.
That an ideal is an R-module follows directly from the same argumentation.
We will now show how to dene modules in the computer algebra program
Singular.
Example 1.1.4
We rst dene the ring we will be working over. Here we will use Q[x, y, z]
over the monomial order TOP over the lex order (which we dene in Section
1.2). We will then dene the module used in Example 1.1.3.
>ring R=0,(x,y,z),(lp,c);
>vector f1=[y,-x,0];
>vector f2=[z,0,-x];
>vector f2=[0,z,-y];
>module M=f1,f2,f3;
>print(M);
y, z, 0,
-x,0, z,
0, -x,-y
Note that in Singular we dene rows as vectors. Since the elements of the
module is dened as vectors, we can easily do addition and scalar multipli-
cation.
>vector f4=f1+f2+f3;
>print(f4);
[y+z,-x+z,-x-y]
>vector f5=(x-2z)*f1;
>print(f5);
[xy-2yz,-x2+2xz]
In Example 1.1.3 we saw one of the main dierences between vector spaces
and modules, namely that a minimal generating set for a module is not
necessarily linearly independent. In a vector space a minimal generating set
is called a basis and is always linearly independent and, thus, minimal in the
sense that it contains the minimal amount of vectors to generate the whole
space.
13
Modules
Denition 1.1.5 (A Basis)

A basis is a minimal generating set where the generators are linear inde-
pendent.
If R is the polynomial ring k[x1 , . . . , xn ], then any module over R that requires
more than a single generator cannot have a generating set F which is linearly
independent, since any two polynomials f 1 , f 2 ∈ F satisfy the non-trivial
linear dependence relation f 2 f 1 − f 1 f 2 = 0. We will distinguish between
the two types of bases by referring to a basis in k[x1 , . . . , xn ] as an ideal basis,
and the usual linearly independent basis as a module basis. The following
proposition states when a module does have a module basis.
Proposition 1.1.6
Let M be an R-module. A set F = {f 1 , . . . , f n } ⊆ M is a module basis for
M if and only if every element f ∈ M can be written uniquely in the form
f = a1 f 1 + · · · + an f n , (1.1)
where a1 , . . . , an ∈ R.
Proof
Suppose that F = {f 1 , . . . , f n } is a module basis for M , and let f ∈ M .
Since F is a basis it spans M and, thus, we can write f as in Equation (1.1).
Now, suppose Equation (1.1) is not unique. Then there exists b1 , . . . , bn ∈ R
such that
f = b1 f 1 + · · · + bn f n .
Subtracting this equation from Equation (1.1) yields
0 = (a1 − b1 )f 1 + · · · + (an − bn )f n ,
but since f 1 , . . . , f n are linearly independent it follows that ai − bi = 0 for
i = 1, . . . , n. Hence, ai = bi for every i, and Equation (1.1) is unique.
To show the other way, suppose that any f ∈ M can be written uniquely as
Equation (1.1). This means that f 1 , . . . , f n spans M , and we just need to
show that this set is linearly independent. For this, consider the equation
0 = a1 f 1 + · · · + an f n .
Since this equation is unique, it follows that a1 = · · · = an = 0, and, thus,
f 1, . . . , f n is linearly independent. Hence, f 1 , . . . , f n is a module basis for
M.
14
1.1. MODULES
Modules that do have a module basis are given a special name.
Denition 1.1.7 (Free Module)

Let M be an R-module. M is said to be a free module if M has a module
basis.
For instance, when M = Rm we always have the standard basis with the
elements
   
1 0
 0   .. 
e1 =  ..  , . . . , em =  . .
   
 .   0 
0 1
Naturally, every module over a eld is a free module, since it is equivalent to
a vector space.
In general, it can be dicult to determine whether a submodule of Rm is

free. The next theorem by Quillen and Suslin, which we will not prove, says
that when a submodule M = ker A over k[x1 , . . . , xn ], where A = [f1 · · · fm ],
then it is free.
Theorem 1.1.8 (Quillen-Suslin)

Let R = k[x1 , . . . , xn ] and suppose that f1 , . . . , fm ∈ R are polynomials that
generate all of R that is, hf1 , . . . , fm i = h1i = R. Then the module M of
all solutions (X 1 , . . . , X m )T ∈ Rm of the linear equation
f1 X 1 + · · · + fm X m = 0
is free.
We now consider homogeneous R-linear equations of the form
a1 f 1 + · · · + at f t = 0,
where ai ∈ R, 1 ≤ i ≤ t, and f i , 1 ≤ i ≤ t, are elements of some submodule
m
in R . In the next proposition we will prove that the set of all t-tuples
(a1 , . . . , at ) satisfying the above equation is a submodule of Rt .
Proposition 1.1.9
Let (f 1 , . . . , f t ) be an ordered t-tuple of elements f i ∈ M . The set of all
(a1 , . . . , at )T ∈ Rt such that a1 f 1 + · · · + at f t = 0 is an R-submodule of Rt
called the (rst) syzygy module of (f 1 , . . . , f t ) and denoted Syz(f 1 , . . . , f t ).
15
Modules
Proof
We want to prove that Syz(f 1 , . . . , f t ) is closed under addition and scalar
T T
multiplication. Let (a1 , . . . , at ) , (b1 , . . . , bt ) ∈ Syz(f 1 , . . . , f t ), and let c ∈
R. Then
a1 f 1 + · · · + at f t = 0,
b1 f 1 + · · · + bt f t = 0.
Now, multiply the rst equation by c and add it to the second,
(ca1 + b1 )f 1 + · · · + (cat + bt )f t = 0.
That is, we also have ((ca1 +b1 ), . . . , (cat +bt ))T ∈ Syz(f 1 , . . . , f t ), and, thus,
t
Syz(f 1 , . . . , f t ) is a submodule of R .
We can represent a submodule M = hf 1 , . . . , f t i ⊆ Rt with a so-called pre-

sentation matrix. A presentation matrix for M is any matrix whose columns
span Syz(f 1 , . . . , f t ). For instance, if the linear relations
a11 f 1 + · · · + at1 f t = 0,
.
.
.
a1s f 1 + · · · + ats f t = 0,
generate Syz(f 1 , . . . , f t ), then a presentation matrix for M is
 
a11 . . . a1s
. .. .
. . .
 
 . . .
at1 . . . ats
Example 1.1.10
Consider the submodule M ⊆ R3 dened in Example 1.1.3, M = hf 1 , f 2 , f 3 i,
where
    
y z 0
f 1 =  −x  , f 2 =  0  , f 3 =  z  .
0 −x −y
We can use Singular to calculate the syzygy module Syz(f 1 , f 2 , f 3 ) ⊆ R3 .
>ring R=0,(x,y,z),(lp,c);
>vector f1=[y,-x,0];
16
1.1. MODULES
>vector f2=[z,0,-x];
>vector f2=[0,z,-y];
>module M=f1,f2,f3;
>print(syz(M));
z,
-y,
x
Thus, we have the linear equation
zf 1 − yf 2 + xf 3 = 0,
which generates Syz(f 1 , f 2 , f 3 ). A presentation matrix is given as
 
z
 −y  .
x
We also need to dene the quotient of a module.
Denition 1.1.11 (The Quotient of M by N )

Let N be a submodule of M, and let
[f ] = {g ∈ M |g − f ∈ N } = f + N
denote the set of all elements of M equivalent to f , called an equivalent

class or equivalent coset of M. The quotient of M by N , denoted M/N ,
is the set of all equivalent classes in M.
M/N = {[f ]|f ∈ M }.
Operations in M/N are dened as
[f ] + [g] = [f + g],
a[f ] = [af ],
where f , g ∈ M/N and a ∈ R.
The quotient of M by N is an R-module

and the operations in M/N are
0
well-dened. To see that the operations are well-dened, let f ∈ [f ] and
17
Modules
g 0 ∈ [g]. Then f 0 = f + f̃ and g 0 = g + g̃ for some f̃ , g̃ ∈ N . Since
f 0 + g 0 = (f + f̃ ) + (g + g̃) = (f + g) + (f̃ + g̃),
where f̃ + g̃ ∈ N , we have [f 0 + g 0 ] = [f + g]. Now, let a ∈ R. Then
af 0 = a(f + f̃ ) = af + af̃ ,
where af̃ ∈ N , and, thus, [af 0 ] = [af ]. Hence, the operations dened in
Denition 1.1.11 are well-dened. To see that M/N is an R-module, let
[f ], [g] ∈ M/N and let a ∈ R. Then
a[f ] + [g] = [af + g],
and since af + g ∈ M we have[af + g] ∈ M/N , and, thus, M/N is an

R-module. The zero element of M/N , [0], is a set that can be represented
by any element of the submodule N .
It is natural to dene mappings that preserve some given structures, and we

will, thus, consider R-module homomorphisms.
Denition 1.1.12 (R-module Homomorphism)

An R-module R-modules M and N is an
homomorphism between two
R-linear map between M and N , φ : M → N , such that for all f , g ∈ M
and all a ∈ R we have
φ(af + g) = aφ(f ) + φ(g).
The homomorphism φ is called an isomorphism if it is both one-to-one

and onto. If φ is an isomorphism, then M and N are said to be isomor-
phic, written M ∼= N.
As an example of a natural homomorphism we have the map between a

module M and the quotient M/N , N ⊆ M , given by φ(f ) = [f ] for every
f ∈ M.
Proposition 1.1.13
Suppose that A is an l × m matrix with entries in R, and suppose that A is
a presentation matrix for two dierent R-modules M and N . Then
(i). M and N are isomorphic as R-modules,
18
1.1. MODULES
(ii). M (and, hence, N ) is isomorphic to R/ARm where ARm denotes the

image imA of Rm under multiplication by A.
Proof
For part (i) note that since A is a presentation matrix for M, then there
exists generators m1 , . . . , ml for M such that the columns of A gener-
ate Syz(m1 , . . . , ml ). Since A is also a presentation matrix for N , there
exists generators n1 , . . . , nl for N such that the columns of A generate
Syz(n1 , . . . , nl ). Let φ : M → N be the homomorphism dened by
φ(mi ) = ni , so φ( li=1 ci mi ) =
P Pl
i=1 ci ni for some ci ∈ R. φ is clearly
onto, since M and N consist of the same number of generators and ev-
ery ni is just mapped from mi . To see that φ is also one-to-one, let
Pl Pl
c
i=1 i m i = d
i=1 i m i for some d i ∈ R. Using φ on both sides of the
equality gives
l l
! l
! l
X X X X
ci ni = φ ci mi =φ di mi = di ni , (1.2)
i=1 i=1 i=1 i=1
Pl Pl
which proves the one side. Now, suppose ci ni = d n . Then
Pl i=1 Pl i=1 i i
Equation (1.2) shows that we also have φ( i=1 ci mi ) = φ( i=1 di mi ), which
proves that φ is well-dened and, thus, one-to-one. Since φ is both onto and
one-to-one, it is an isomorphism, and M∼
= N.
m
To prove part (ii), note that since A is an l × m matrix, then AR is a
l l m
submodule of R generated by the columns of A. The quotient R /AR is
m m
generated by the set (e1 + AR , . . . , el + AR ), where e1 , . . . , el are the
l
standard basis vectors of R . Consider the equation
0 = c1 (e1 + ARm ) + · · · + cl (el + ARm )

= (c1 e1 + · · · + cl el ) + (c1 + · · · + cl )ARm
for some c1 , . . . , cl ∈ R. That is, (c1 , . . . , cl )T ∈ Syz(e1 + ARm , . . . , el + ARm )

T T
and (c1 , . . . , cl ) ∈ Syz(e1 , . . . , el ). This is true if and only if (c1 , . . . , cl ) ∈
m T
AR . This means that (c1 , . . . , cl ) is spanned by the columns of A. It
l m
follows that A is a presentation matrix for R /AR , and since A is also a
presentation matrix for M and N , we must have M ∼ =N ∼ = Rl /ARm .
In the next section we will generalize some of known theory from ideals, such
as monomial orders and Gröbner basis. As with ideals, we will consider the
m
membership problem to determine when a given element in R is an element
m
of submodule in R .
19
Modules
1.2 Monomial Orders and Gröbner Bases for

Modules
In this section R will be the polynomial ring k[x1 , . . . , xn ]. We will generalize

the theory of monomial orders and Gröbner basis from ideals to submodules
m
in R , and we will consider the following problems:
(i). (Submodule Membership) Given a submodule M ⊆ Rm and f ∈ Rm ,

determine if f ∈ M.
(ii). (Syzygies) Given an ordered s-tuple of generators (f 1 , . . . , f s ) of
m
an R-module M over R , nd a set of generators for the module
s
Syz(f 1 , . . . , f s ) ⊆ R . In other words, nd a presentation matrix for
M.
A monomial m is an element of the form xα ei for some i, where α ∈ Nn0 .

m
Every element f ∈ R can be written uniquely as a k -linear combination of
monomials mi ,
n
X
f= ci mi ,
i=1
where ci ∈ k , ci 6= 0, and is called a coecient. Every element ci m i of the

sum is called a term.
Example 1.2.1
Let R3 = (k[x, y])3 . Then
 2 2 
3x y + y 2 + 2
f = 2x4 
2
xy − 5x
 2 2   2         
xy y 1 0 0 0
4 
=3  0  +  0  +2 0 +2 x
   +  0  −5 0 

2
0 0 0 0 xy x
= 3x2 y 2 e1 + y 2 e1 + 2e1 + 2x4 e2 + xy 3 e3 − 5xe3 ,
which is a k -linear combination of monomials.
If m = xα ei and n = xβ ej are monomials in Rm , then we say that n

β α
divides m if and only if i = j and x divides x , and we dene the quotient
20
1.2. MONOMIAL ORDERS AND GRÖBNER BASES FOR MODULES
m/n = xα /xβ = xα−β ∈ R. We dene the least common multiple of m

α β
and n, LCM(m, n), to be the least common multiple of x and x times ei
whenever m and n contains the same basis element ei , otherwise we dene
LCM(m, n) = 0. The greatest common divisor, GCD(m, n), is dened as
α β
the greatest common divisor of x and x times ei if m and n contain the
same standard basis element ei , otherwise GCD(m, n) = 0.
If a submodule M ⊆ Rm can be generated by a set of monomials, we say

that M is a monomial submodule.
Denition 1.2.2 (Monomial Submodules)

A submodule M ⊆ Rm
is called a monomial submodule if it can be
n
generated by monomials. That is, if there exists a subset A ⊆ N0 such
α
P
that every element of M can be written in the form α∈A,1≤i≤m hα x ei ,
where hα ∈ R.
Monomial submodules are closely related to monomial ideals as we will show

in the next proposition, but rst we need a few lemmas.
Lemma 1.2.3
Let M ⊆ Rm be a monomial submodule. A monomial xβ ej , β ∈ Nn0 , lies in
M if and only if xβ ej is divisible by xα ei for some α ∈ A.
Proof
Note that for xβ ej α
to be divisible by some x ei , we need to have i = j .
α β
Hence, we will only consider monomials x ei where i = j . Now, if x is
α β
divisible by some x , then x ej ∈ M by denition.
β β α
P
Assume that x ej ∈ M . We can write x as α∈A hα x , where hα ∈ R.
Expand the right-hand side as a linear combination of monomials. The left-
β
hand side consists only of a single monomial x so all the monomials on the
β
right-hand side with a degree dierent from x must cancel out. This means
0 α 0
P
that the right-hand side can be written as the sum α∈A hα x , hα ∈ R. Now,
h0α xα = cα xβ , where cα ∈ k, cα 6= 0, for some α and thus xβ = (c−1 0 α
α hα )x ,
α β
which shows that x divides x .
We will also give Dickson's Lemma for ideals, since we will need this in the
proof for the following proposition.
Lemma 1.2.4 (Dickson's Lemma)

Let I = hxα |α ∈ Ai ⊆ k[x1 , . . . , xn ], where A is a subset of Nn0 , be a mono-
mial ideal. Then I can be written in the form I = hxα(1) , . . . , xα(s) i, where
21
Modules
α(1), . . . , α(s) ∈ A ⊆ Nn0 . That is, I can be nitely generated.

Proof
We will prove this by induction. For n = 1, I is generated by the monomials
{xα |α ∈ A ⊆ N0 }. Let β be the smallest element of A, such that β ≤ α
α β
for all α ∈ A. Every x can be divided by x , and it follows that I can be
β β
generated by x , I = hx i.
Now, suppose the theorem is true for n − 1, n > 3. nth variable
As the
we will be using y to make it more clear. The monomials in k[x1 , . . . , xn−1 , y]
α m n−1
can then be written as x y , where α ∈ N0 and m ∈ N0 . We want to nd
α α m
generators for the monomial ideal I ⊆ k[x1 , . . . , xn−1 , y]. Let J = hx |x y ∈
α m
I, m ≥ 0i be the monomial ideal in k[x1 , . . . , kn−1 ] where x y ∈ I for some
m ≥ 0. The induction hypothesis implies that J must be nitely generated,
α(1)
say, J = hx , . . . , xα(s) i. J can be understood as the projection of I :
k[x1 , . . . , xn−1 , y] → k[x1 , . . . , xn−1 ]. By denition xα(i) y mi ∈ I for 1 ≥ i ≥ s.
Let m = max{m1 , . . . , ms }. Next, dene the slices Jl of I generated by the
β β l
monomials x such that x y ∈ I , and consider the list
J0 : xα0 (1) , . . . , xα0 (s0 ) ,

J1 : xα1 (1) y, . . . , xα1 (s1 ) y,
.
.
.
Jm−1 : xαm−1 (1) y m−1 , . . . , xαm−1 (sm−1 ) y m−1 ,

J = Jm : xα(1) y m , . . . , xα(s) y m .
By the induction hypothesis, every Jl has a nite generating set, say, Jl =

hxαl (1) , . . . , xαl (sl ) i. The claim is that I is generated by the monomials in the
m−1
above list; that is, I = hJ0 ∪ J0 y ∪ · · · ∪ Jm−1 y ∪ Jy m i.
Every monomial in I is divisible by a monomial in the list. To see
α p α p α(i) m
this, let x y ∈ I . If p ≥ m, then x y is divisible by some x y by the
α p α (i) p
construction of J . If p < m, then x y will be divisible by some x p y by
the construction of Jp . Thus, the above monomials generate an ideal having
the same monomials as I, and, therefore, these ideals must be the same.
To nish the proof, we switch back to using the variables x1 , . . . , xn , such

α
that I = hx |α ∈ Ai ⊆ k[x1 , . . . , xn ]. What we need to show is that the nite
α
set of generators can be chosen from the list x , α ∈ A. We have already
β(1)
showed that I = hx , . . . , xβ(s) i for some xβ(i) ∈ I . It follows that each
β(i) α(i) β(i) α(i)
x is divisible by some x . Thus, we can interchange x with x .
β(1)
If we do this for every generator of I = hx , . . . , xβ(s) i we end up with
I = hxα(1) , . . . , xα(s) i, which is the desired form.
22
We are now ready to state the next proposition, which says that every mono-
mial submodule can be nitely generated.
Proposition 1.2.5
Let M ⊆ Rm be a monomial submodule.
(i). Let f ∈ Rm . Then f ∈ M if and only if every term of f lies in M .
(ii). Every monomial submodule of Rm is generated by a nite set of mono-

mials.
(iii). Every innite ascending chain M1 ⊆ M2 ⊆ . . . of monomial submodules

of Rm must stabilize. That is, there exists an N such that MN =
Mn+1 = · · · = MN +l = . . . for all l ≥ 0.
(iv). Let {m1 , . . . , mt } be a set of monomial generators for M , and

let 1 , . . . , t denote the standard basis vectors in Rt . Let mij =
LCM(mi , mj ). The syzygy module Syz(m1 , . . . , mt ) is generated by
the syzygies σij = (mij /mi )i − (mij /mj )j , for all 1 ≤ i < j ≤ t
(σij = 0 unless mi and mj contain the same standard basis vector in
Rm ).
Proof
If every term of f lies in M, then f ∈ M by denition. Now, suppose
P∈ M . Then
f
α
f can be written as a linear combination of monomials f =
α∈A,i hα x ei , hα ∈ R. Expand the right-hand side of this equation as
we did in the proof for Lemma 1.2.3 such that f is k -linear combination of
monomials. We need to show that these monomials lie in M . Since all of
α
the monomials by construction are multiples of some x ei , α ∈ A, it follows
from Lemma 1.2.3 that they all lie in M , and, thus, every term of f lies in
M.
m
For part (ii) let Mbe a monomial submodule of R . Let Mi = M ∩ Rei for
m
each i, which is also a monomial submodule of R . To see this, let f , g ∈ Mi .
m
Then f = f ei , g = gei ∈ M . Since M is a submodule of R it satises the
module conditions, and since addition and scalar multiplication do not change
the standard basis ei , the module conditions are also satised for Mi . Every
element of Mi is of the form f ei , which means that we can write Mi = Ii ei
for some monomial ideal Ii ⊆ R. By Dickson's Lemma the monomial ideal Ii
α(i1)
can be generated by a nite set of monomials x , . . . , xα(idi ) . Now, since
xα(11) e1 , . . . , xα(1d1 ) e1 ,
23
Modules
.
.
.
xα(m1) em , . . . , xα(mdm ) em
generate M , it follows that M can be generated by a nite set of monomials.
S∞ m
For part (iii) let M=
i=1 Mi , which is also a monomial submodule of R .
To see this, rst note that the zero element is in every Mi and, thus, also in
M. Let f, g ∈ M, such that f ∈ Mi and g ∈ Mj
i, j . Since the
for some
submodules form an ascending chain we can assume that Mi ⊆ Mj , and, thus
f ∈ Mj . Since Mj is a submodule and, thus, satises the module conditions,
and since f , g was chosen arbitrarily, the module conditions are also satised
by M . Then by part (ii) M has a nite generating set, say {m1 , . . . , mt }.
For some i ∈ {1, . . . , t} we must have mi ∈ Mj . Let Mji denote the smallest
submodule containing mi , mi ∈ Mji . Hence, we have m1 ∈ Mj1 , . . . , mt ∈
Mjt . Let N = max{j1 , . . . , jt } such that MN = hm1 , . . . , mt i. Then
hm1 , . . . , mt i = MN ⊆ MN +1 ⊆ · · · ⊆ M = hm1 , . . . , mt i.
Hence, an innite ascending chain of submodules will stabilize.
To prove part (iv) let (a1 , . . . , at )T be a syzygy on a set of monomials

(m1 , . . . , mt ), such that
0 = a1 m1 + · · · + at mt .
Consider the expansion of this expression in terms of the standard basis in

Rm ,
0 = f1 e 1 + · · · + fm e m .
We note that we must have f1 = · · · = fn = 0, and, thus, we can split up

T
the syzygy (a1 , . . . , at ) in subsets of the monomials containing ei for each i.
Let {n1 , . . . , ns } ⊆ {m1 , . . . , mt } be the monomials containing ei for some
i,
n1 = xα1 ei , . . . , ns = xαs ei .
If (b1 , . . . , bs )T is a syzygy of {n1 , . . . , ns }, then 0 = b1 n1 + · · · + bs ns or,

equivalently,
0 = b1 x α 1 + · · · + bs x α s .
24
The terms of this expression with the same multidegree must also sum up to
zero, or, in other words, the coecients of the terms with the same multi-
degree must sum to zero. Thus, we can split up the syzygy {n1 , . . . , ns } in
subsets
(c1 xα−α1 , . . . , cs xα−αs )T , c1 , . . . , cs ∈ k,
where c1 + · · · + cs = 0. This syzygy is called a homogeneous syzygy, and

can also be split up in sets where all entries in the syzygy are zero except for
two. To see this, consider an example where we let s = 3. Then a syzygy
can be written as
(c1 xα−α1 , c2 xα−α2 , c3 xα−α3 )T
with c1 + c2 + c3 = 0. We can split this syzygy as
((c1 + c3 )xα−α1 , c2 xα−α2 , 0)T + (−c3 xα−α1 , 0, c3 xα−α3 )T .

α−α1
We note that ((c1 +c3 )x , c2 xα−α2 )T = −c2 (xα−α1 , −xα−α2 )T is a syzygy on
α α α−α1
the pair x 1 , x 2 and (−c3 x , c3 xα−α3 )T = −c3 (xα−α1 , xα−α3 )T is a syzygy
α α
on the pair x 1 , x 3 .
This splitting works for any s; that is, for any s every homogeneous
syzygy can be written as syzygies between pairs of monomials. Let
xα , xβ be two monomials, and let xγ be a multiple of these. Then
α β γ−α
Syz(x , x ) = (x , xγ−β )T is a monomial times
α
T
σ= LCM(x , xβ )/xα , LCM(xα , xβ )/xβ .
To sum up, we split the whole syzygy Syz(m1 , . . . , mt ) up in to syzy-

α β
gies Syz(0, . . . , 0, cα x , 0, . . . , 0, cβ x , 0, . . . , 0)ei for every i. If we let
mij = LCM(mi , mj ), then these are all generated by
σij = (mij /mi )i − (mij /mj )j .
Note that in part (i) that for every term of f to lie in M = hm1 , . . . , mt i,
every term must be divisible by some mi . Hence, as with monomial ideals,
the submodule membership problem is easy to solve for monomial submod-
ules. Thus, we have f ∈M if and only if the remainder of f on division by
the basis of M is zero.
25
Modules
Just as with ideals, before introducing the Gröbner bases for modules we
m
need to dene a monomial ordering of the monomials in R , and we need
m
a division algorithm on elements of R . We will then be able to extend
m
Buchberger's Algorithm to R .
Denition 1.2.6 (Monomial Ordering)

A monomial ordering on Rm = (k[x1 , . . . , xn ])m is a total order on the
set of monomials such that
(i). for every pair of monomials m, n ∈ Rm with m n, we have

xα m xα n for every monomial xα ∈ R,
(ii). is a well-ordering; that is, every nonempty subset has a smallest

element under .
We will consider two dierent families of monomial orders on Rm here that

are both an extension of the monomial orderings on R, namely the TOP
extension (term-over-position) and the POT extension (position-over-term).
Recall the lexicographic order for R:
Denition 1.2.7 (Lexicographic Order for x1 > · · · > xn (lex ))

Let α = (α1 , . . . , αn ) and β = (β1 , . . . , βn ) in Nn0 . We say that α lex β
n α β
in N0 and x lex x in k[x1 , . . . , xn ], when the leftmost nonzero entry in
n
the vector dierence α − β ∈ Z is positive.
If not anything else is specied, we will use the extensions on this order.
Denition 1.2.8 (Monomial Orderings on Rm with e1 > e2 > . . . )

Let R be any monomial order on R and ei > ej whenever i < j.
(i). (TOP extension of R TOP ) We say that xα ei TOP xβ ej if

xα R xβ , or if xα = xβ and i ≤ j .
(ii). (POT extension of R POT ) We say that xα ei POT xβ ej if

i < j, or if i = j and xα R xβ .
α
To see that the TOP order is a monomial order note that we have x ei TOP
xβ ej whenever xα R xβ . Since R is a monomial order we also have
xγ xα R xγ xβ for some xγ ∈ R, which means that xγ xα ei TOP xγ xβ ej .
α β
If x = x , then the condition is clearly also satised, since we only consider
the standard basis vectors in this situation. For the POT order we have
26
xα ei POT xβ ej whenever i < j , which is the same situation as that just

α β α β
discussed for TOP . If i = j , then x ei POT x ej whenever x R x ,
which we can argue the same way as we did with TOP . The well-ordering
of both TOP and POT follows directly from R being a well-ordering.
Example 1.2.9
Let R be the lexicographic order lex and consider the monomials from
Example 1.2.1. With POT we get the following monomial ordering:
   2         
x2 y 2 y 1 0 0 0
 0  POT  0  POT  0  POT  x4  POT  0  POT  0  .
0 0 0 0 xy 2 x
Now consider TOP ,

   2 2       2   
0 xy 0 0 y 1
 x4  TOP  0  TOP  0  TOP  0  TOP  0  TOP  0  .
0 0 xy 2 x 0 0
With a monomial ordering in place we can extend the denitions of the

leading coecient, leading monomial, and leading term of a polynomial to
Rm .
Denition 1.2.10
Let be a monomial ordering on Rm , and write f ∈ Rm as a sum of
terms
t
X
f= ci m i , ci ∈ k,
i=1
with m1 m2 . . . mt . We dene
LC (f ) = c1 ,
LM (f ) = m1 ,
LT (f ) = c1 m1 ,
n
multideg (f ) = (α1 , . . . , αn ) ⊆ N0 if m1 = xα1 1 · · · xαnn ei .
We will give an example to show these.
27
Modules
Example 1.2.11
Let f ∈ (k[x, y])3 be given by
 
3x2 y 2 + y 2 + 2
f = 2x4 .
2
xy − 5x
Then by Denition 1.2.10 we have
LCPOT (f ) = 3, LCTOP (f ) = 2,
 2 2
  
xy 0
4
LMPOT (f ) =  0 , LMTOP (f ) =  x  ,
 02 2  0 
xy 0
LTPOT (f ) = 3  0 , LTTOP (f ) = 2  x4  ,
0 0
multidegree
POT (f ) = (2, 2), multidegree
TOP ) = (4, 0).
(f
If we want to use these monomial orders in Singular we do as follows.
>ring R1=0,(x,y),(c,lp); //POT order over lex

>vector f=[3x2y2+y2+2,2x4,xy2-5x];
>lead(f); //LT(f)
[3x2y2]
>ring R2=0,(x,y),(lp,c); //TOP order over lex
>vector f=imap(R1,f);
>lead(f);
2x4*gen(2)
Note that if the last entries in the vector is zero, then Singular does not write
these. Also note that with the TOP order Singular uses gen ∗ (2) which is
the standard basis e2 . If we used print(lead(f )) we would get [0,2x4].
We can now introduce the Division Algorithm for Rm .

Theorem 1.2.12 (Division Algorithm for Rm )
Fix a monomial ordering on Rm and let F = (f 1 , . . . , f s ) be an ordered
s-tuple of elements of Rm . Then every f ∈ Rm can be written as
f = a1 f 1 + · · · + as f s + r, (1.3)
where ai ∈ R, r ∈ Rm , LT(ai f i ) ≤ LT(f ) for all i. Furthermore, either

r = 0 or r is a k -linear combination of monomials none of which is divisible
28
by any of LM(f 1 ), . . . , LM(f s ), and r is called the remainder of f on division

by F .
Algorithm 1.2.13 (Division Algorithm)
Input
f ∈ Rm
f 1 , . . . , f s ∈ Rm
Output
a1 , . . . , as ∈ R for (1.3)
r ∈ Rm for (1.3)
Initialize
a1 := 0, . . . , as := 0
r := 0
p := f
Loop
WHILE p 6= 0 DO
i := 1
divisionoccurred := false
WHILE i≤s AND divisionoccurred = false DO
IF LT(f i ) divides LT(p) THEN
ai := ai + LT(p)/LT(f i )
p := p − (LT(p)/LT(f i ))f i
divisionoccurred := true
ELSE
i := i + 1
IF divisionoccurred=false THEN
r := r + LT(p)
p := p − LT(p)
Proof
To prove that every f ∈ Rm can be written in the form
f = a1 f 1 + · · · + as f s + p + r,
where p is dened as in the algorithm, by using the Division Algorithm, we

will show that this holds at every step of the algorithm. We will prove this
by induction. With the initial values where a1 , . . . , a s , r are all zero, this is
clearly true. Now, suppose it is true for some step in the algorithm. Two
things can occur in the next step. If it is a division step, then some LT(f i )
29
Modules
divides LT(p) and the equality
ai f i + p = (ai + LT(p)/LT(f i ))f i + (p − (LT(p)/LT(f i ))f i )

shows that the value does not change, and, thus, f can still be written in the
desired form. If the next step is not a division step, then it is a remainder
step, and both p and r will be changed, while the sum p+r will stay the
same, since
p + r = (p − LT(p)) + (r + LT(p)),
and f still has the desired form. The algorithm will terminate when p = 0,
and at that point f is in the form of Equation (1.3). In the algorithm we only
add terms to r when they are divisible by none of the LT(f i ), so a1 , . . . , a s , r
all have the desired properties when the algorithm terminates.
We need to show that the algorithm eventually terminates. This follows from
the fact that the multidegree of p drops at each step of the algorithm. In a
division step p is redened as
LT(p)
p0 = p − f i.
LT(f i )
Since

0 LT(p)
LT(p ) = LT(p) − LT fi
LT(f i )
LT(p)
= LT(p) − LT(f i )
LT(f i )
= 0,
the leading term of p is canceled, and, thus, the multidegree must drop. If
the step is a remainder step, then p is redeed as
p0 = p − LT(p).
Clearly, the leading term is also canceled in this situation, and the mul-
tidegree must drop. Now, since is a well-ordering, it follows that the
multidegree of p must eventually be zero where the algorithm terminates.
The last thing we need to proof is that LT(ai f i ) ≤ LT(f ) for all i. Since
every term of ai is of the form LT(p)/LT(f i ) for some value of p, we have
LT(p) = LT(ai f i ), but since the multidegree of p drops, we must have
LT(ai f i ) = LT(p) ≤ LT(f ), where equality is true with the initial value
f = p.
30
To show how the Division Algorithm works we will show an example.
Example 1.2.14
Let
f = (5xy 2 − y 10 + 3, 4x3 + 2y, 16x)T ∈ (k[x, y])3 ,
and let
f 1 = (xy + 4x, 0, y 2 )T ,
f 2 = (0, y − 1, x − 2)T .
We will use the POT order and divide f with (f 1 , f 2 ).
Step 1: We write our initial values:
a1 : = 0,
a2 : = 0,
r : = 0,
p : = f = (5xy 2 − y 10 + 3, 4x3 + 2y, 16x)T .
Step 2: Notice that LT(f 1 ) = xye1 divides LT(p) = 5xy 2 e1 , and that
LT(p)/LT(f1 ) = 5y , so
a1 : = 5y,
a2 : = 0,
r : = 0,
p : = (5xy 2 − y 10 + 3, 4x3 + 2y, 16x)T − (4y)(xy + 4x, 0, y 2 )T
= (−20xy − y 10 + 3, 4x3 + 2y, 16x − 5y 3 )T .
Step 3: Now LT(f 1 ) = xye1 still divides LT(p) = −20xye1 , and that
LT(p)/LT(f1 ) = −20, so
a1 : = 5y − 20,
a2 : = 0,
r : = 0,
p : = (−20xy − y 10 + 3, 4x3 + 2y, 16x − 5y 2 )T − (−20)(xy + 4x, 0, y 2 )T
= (80x − y 10 + 3, 4x3 + 2y, 16x − 5y 3 + 20y 2 )T .
31
Modules
Step 4-7: Neither LT(f 1 ) = xye1 nor LT(f 2 ) = ye2 divides LT(f ) = 80xe1 ,
so 80xe1 goes to the remainder. Note that the next few steps are remainder
steps, so we will skip these.
a1 : = 5y − 20,
a2 : = 0,
r : = (80x − y 10 + 3, 4x3 , 0)T ,
p : = (0, 2y, 16x − 5y 3 + 20y 2 )T .
Step 8: Now LT(f 1 ) = xye1 does not divide LT(p) = 2ye2 , but LT(f 2 ) =
ye2 does, so
a1 : = 5y − 20,
a2 : = 2,
r : = (80x − y 10 + 3, 4x3 , 0)T ,
p : = (0, 2y, 16x − 5y 3 + 20y 2 )T − (2)(0, y − 1, x − 2)T
= (0, 2, 14x − 5y 3 + 20y 2 + 4)T .
The last steps are all remainder steps, so
a1 : = 5y − 20,
a2 : = 2,
r : = (80x − y 10 + 3, 4x3 + 2, 14x − 5y 3 + 20y 2 + 4)T ,
p : = (0, 0, 0)T
We conclude that we can write f as
f = (5y − 20)f 2 + 2f 2 + (80x − y 10 + 3, 4x3 + 2, 14x − 5y 3 + 20y 2 + 4)T .
We can also use Singular to perform the divisions. We will need to dene
the 2-tuple (f 1 , f 2 ) as a module in Singular.
>ring R=0,(x,y),(c,lp);
>vector f=[5xy2-y10+3,4x3+2y,16x];
>vector f1=[xy+4x,0,y2];
>vector f2=[0,y-1,x-2];
>module M=f1,f2;
>division(f,M);
[1]:
_[1,1]=5y-20
32
_[1,2]=2
[2]:
_[1]=[80x-y10+3,4x3+2,14x-5y3+20y2+4]
[3]:
_[1,1]=1
[1]_[1,1] is a1 , [1]_[1,2] is a2 , and [2]_[1] is the remainder r . [3] is some

number we need to multiply with f, such that [3] · f = a1 f 1 + a2 f 2 + r .
Usually, [3] is just 1.
We are now ready to dene Gröbner bases for modules.
Denition 1.2.15 (Gröbner Bases)

Let M ⊆ Rm be a submodule, and let be a monomial ordering.
(i). Denote by hLT(M )i the monomial submodule generated by he lead-

ing terms of all f ∈M with respect to .
(ii). A nite set G = {g 1 , . . . , g s } ⊆ M is called a Gröbner basis for M

if hLT(M )i = hLT(g 1 ), . . . , LT(g s )i.
We will later show that every submodule has a Gröbner basis. First we will
show how to nd a Gröbner basis in Singular.
Example 1.2.16
We will use Singular to calculate a Gröbner basis for the submodule M =
hf 1 , f 2 i, where
f 1 = (xy + 4x, 0, y 2 )T ,
f 2 = (0, y − 1, x − 2)T .
We will use the POT order.
>ring R=0,(x,y),(c,lp);
>vector f2=[0,y-1,x-2];
>module M=f1,f2;
>std(M);
_[1]=[0,y-1,x-2]
_[2]=[xy+4x,0,y2]
33
Modules
We see that (f 1 , f 2 ) is already a Gröbner basis for M.
As another example, consider the same module, but let us calculate a Gröbner
basis with respect to TOP .
>ring R=0,(x,y),(lp,c);
>vector f2=[0,y-1,x-2];
>module M=f1,f2;
>std(M);
_[1]=x*gen(3)+y*gen(2)-gen(2)-2*gen(3)
_[2]=xy*gen(1)+4x*gen(1)+y2*gen(3)
Thus, a Gröbner basis for M with respect to TOP is also given by (f 1 , f 2 ).
Just like with ideals, then the remainder on division of some f ∈ Rm by a

Gröbner basis is uniquely determined, as we will proof in the next proposition.
Proposition 1.2.17
Let M = hg 1 , . . . , g s i ⊆ Rm be a submodule generated by the Gröbner basis
G = {g 1 , . . . , g s } ⊆ M , and let f ∈ Rm . Then the remainder r ∈ Rm on
division of f by G is uniquely determined.
Proof
The Division Algorithm gives
f = a1 g 1 + · · · + as g s + r,
where no term of r is divisible be any LT(g i ). Dene g = a1 g 1 + · · · + as g s ∈
M. We will prove that f can be uniquely written as f = g + r ; that is, the
remainder is uniquely determined, r = f − g.
0 0 0
Suppose f can also be written as f = g + r , where r 6= r . Then
0 0 0
r − r = g − g ∈ M , and LT(r − r ) ∈ hLT(M )i = hLT(g 1 ), . . . , LT(g s )i by
0
the denition of Gröbner bases. This means that LT(r − r ) is divisible by
some LT(g i ), but this cannot be true because of the denition of a remainder.
0
Thus, r − r = 0, and it follows that r must be uniquely determined.
As we can easily solve the ideal membership problem with Gröbner bases,
we can immediately solve the module membership problem with the use of
Gröbner bases.
34
Proposition 1.2.18
Let G be a Gröbner basis for a submodule M ⊆ Rm , and let f ∈ M . Then
f ∈ M if and only if the remainder on division by G is zero.
Proof
If the remainder on division of f by G is zero, then by denition f ∈ M.
Conversely, suppose f ∈ M. Then f can be written f = f + 0. Since this
expression is unique by Proposition 1.2.17, it follows that the remainder of
f on division by G is zero.
It follows that in Example 1.2.14, f = (5xy 2 − y 10 + 3, 4x3 + 2y, 16x)T ∈

/
2 T T
hf 1 , f 2 i, where f 1 = (xy + 4x, 0, y ) and f 2 = (0, y − 1, x − 2) , since we
saw in Example 1.2.16 that (f 1 , f 2 ) is a Gröbner basis for hf 1 , f 2 i.
It is important to note that a Gröbner basis does not need to be a module

basis; that is, the set of generators that is the Gröbner basis do not need to
be linearly independent. However, as with ideals, Gröbner bases do exist for
m
all submodules of R .
Theorem 1.2.19
Let M ⊆ Rm be a submodule, and x a monomial order . Then M has a
Gröbner basis with respect to this monomial order.
Proof
Consider the monomial submodule hLT(M )i. By Proposition 1.2.5 hLT(M )i
can be generated by a nite number of generators. That is, there exists a set
g 1 , . . . , g s ∈ M such that hLT(M )i = hLT(g 1 ), . . . , LT(g s )i. It follows that
{g 1 , . . . , g s } ⊆ M is a Gröbner basis for M .
An application of Gröbner bases is the fact that any innite ascending chain
of submodules must eventually stabilize.
Theorem 1.2.20 (The Ascending Chain Condition)

Let M1 ⊆ M2 ⊆ . . . be an ascending chain of submodules over Rm . Then the
chain will stabilize for some N ≥ 1; that is, there exists an N ≥ 1 such that
· · · ⊆ MN −1 ⊆ MN = MN +1 = MN +2 = . . . .
Proof
We already proved this for monomial submodules in Proposition 1.2.5 on
page 23. In that proof we only used the monomial property to say that every
m
submodule is nitely generated. By Theorem 1.2.19 every submodule of R
35
Modules
has a Gröbner basis, which is a nite generating set. The theorem follows
directly by combining these two facts, since at every expansion Mi+1 ⊇ Mi
we have at least one g ∈ Mi+1 , where LT(g) is not divisible by any LT(g i ),
whereg i are the generators in the Gröbner basis for Mi . But this means that
hLT(M )i is growing, which we have shown will eventually stabilize.
To be able to calculate a Gröbner basis for a submodule we need a way to

determine when a basis if a Gröbner basis. As with ideals this is done with
the so-called S -elements.
Denition 1.2.21 (The S -element)
Fix a monomial ordering on Rm , and let f , g ∈ Rm . S -element of
The
f g , denoted S(f , g),
and is the following element of Rm . Let m =
LCM(LT(f ), LT(g)). Then
m m
S(f , g) = f− g.
LT(f ) LT(g)
Note that if f and g are elements of a module M , then S(f , g) ∈ M , since it

is a linear combination of f and g. To illustrate the denition we will show
an example.
Example 1.2.22
We want to calculate the S -element of f and g, where
f = [xy + 1, x2 , 0]T ,
g = [x3 y 3 , x − 1, y 2 ]T ,
with respect to the POT order. First note that m = LCM(xye1 , x3 y 3 e1 ) =

x3 y 3 . Thus, we have
x3 y 3 x3 y 3
S(f , g) = [xy + 1, x2 , 0]T − 3 3 [x3 y 3 , x − 1, y 2 ]T
xy xy
= [x y , x y − x + 1, −y 2 ]T .
2 2 4 2
We can easily use Singular to calculate the S -element.
>vector f=[xy+1,x2,0];
>vector g=[x3y3,x-1,y2];
>LIB "teachstd.lib"; //this loads the function spoly among others
36
>spoly(f,g);
[x2y2,x4y2-x+1,-y2]
Before giving Buchberg'er Criterion we need the following lemma.
Lemma 1.2.23
Let f = i=1 ci f i , where ci ∈ k and f i ∈ R , and suppose that
s m
P
multideg(f i ) = δ ∈ N0 for all i. If multideg(f ) < δ , then f is a k -linear
n
combination of the S -elements S(f j , f k ) for 1 ≤ j, k ≤ s. Furthermore,

multideg(S(f j , f k )) < δ for each j, k .
Proof
Let di = LC(f i ) such that LC(ci f i ) = ci di . Since the multidegree of each
ci f i is δ , and their sum have a multidegree strictly smaller than δ, the sum
of the leading coecients must cancel out,
s
X
ci di = 0. (1.4)
i=1
Now, dene pi := f i /di , and note that LC(pi ) = 1. Consider the telescoping
sum
s
X s
X
f= ci f i = ci d i p i
i=1 i=1
= c1 d1 (p1 − p2 ) + (c1 d1 + c2 d2 )(p2 − p3 ) + . . .
+ (c1 d1 + · · · + cs−1 ds−1 )(ps−1 − ps ) + (c1 d1 + · · · + cs ds )ps . (1.5)
The assumption LT(f i ) = di xδ ei implies that LCM(LT(f j ), LT(f k )) = xδ ei

whenever LT(f j ) and LT(f k ) have the same standard basis ei , and
xδ e i xδ e i
S(f j , f k ) = fj − fk
LT(f j ) LT(f k )
xδ e i xδ ei
= dj p j − d k pk
d j xδ e i dk xδ ei
= pj − pk .
From Equation (1.4) we have (c1 d1 + · · · + cs ds )ps = 0, so Equation (1.5)
yields
f = c1 d1 S(f 1 , f 2 ) + (c1 d1 + c2 d2 )S(f 2 , f 3 ) + . . .
37
Modules
+ (c1 d1 + · · · + cs−1 ds−1 )S(f s−1 , f s ),

which has the desired form. Since every pi has multidegree δ , the sum pj −pk
must have a multidegree strictly smaller than δ for every j, k , and it follows
that S(f j , f k ) must also have a multidegree strictly smaller than δ for every
j, k .
We can now state Buchberger's Criterion for submodules, which states when
G
a given basis is a Gröbner basis. We will denote S(f , g) the remainder of
S(f , g) on division by G.
Theorem 1.2.24 (Buchberger's Criterion for Submodules)
A set G = {g 1 , . . . , g s } ⊆ Rm is a Gröbner basis for the submodule M ⊆ Rm
it generates if and only if the remainder on division by G of S(g i , g j ) is 0
for all i, j .
Proof
If G is a Gröbner basis for the submodule M ⊆ Rm , then it follows from
Proposition 1.2.18 that the remainder of S(g i , g j ) on division by G is zero
since S(g i , g j ) ∈ M by construction.
G
To show the other way, suppose S(g i , g j ) = 0 for every i, j , and let f be any
nonzero element in M . If we can prove that LT(f ) ∈ hLT(g 1 ), . . . , LT(g s )i,
then it follows that G is a Gröbner basis for M .
Since f ∈ M , we can write f as
Xs
f= ai g i , ai ∈ R. (1.6)
i=1
First note that we must have
multidegree(f ) ≤ max{multidegree(ai g i )}, (1.7)
since, otherwise, the multidegree of the left-hand side of Equation (1.6)

would be strictly lower then the right-hand side. Now, denote by m(i)
the multidegree of ai g i , and let δ = max{m1 , . . . , ms }. Thus, we have
multidegree(f ) ≤ δ. Since monomial orders are well-orderings, it is pos-
sible to nd an expression for f that minimizes δ . We want to prove
that multidegree(f ) = δ when δ is minimal, since we then can conclude
that LT(f ) ∈ hLT(g 1 ), . . . , LT(g s )i, which is what we want. Suppose that
multidegree(f ) < δ , and rewrite f as
X X
f= ai g i + ai g i
m(i)=δ m(i)<δ
38
X X X
= LT(ai )g i + (ai − LT(ai ))g i + ai g i . (1.8)
m(i)=δ m(i)=δ m(i)<δ
Note that multidegree((ai − LT(ai ))g i ) < δ , and, thus, this sum must also
have a multidegree strictly smaller than δ . By our assumption the sum
P
m(i)=δ LT(ai )g i must also have a multidegree strictly smaller than δ. Write
α(i)
LT(ai ) = ci x , ci ∈ k , such that
X X
LT(ai )g i = ci xα(i) g i . (1.9)
m(i)=δ m(i)=δ
This sum can be written as a linear combination of S -elements according to

Lemma 1.2.23. First note that if LT(g j ) and LT(g k ) have dierent standard
α(j)
basis, then S(x g j , xα(k) g k ) = 0. Therefore, suppose their standard basis
are the same, say ei , then
xδ ei xδ e i
S(xα(j) g j , xα(k) g k ) = x α(j)
g j − xα(k) g k
xα(j) LT(g j ) xα(k) LT(g k )
xδ ei
γjk
xγjk ei

x ei
= γjk g − g
x ei LT(g j ) j LT(g k ) k
= xδ−γjk S(g j , g k ),
where xγjk ei = LCM(LT(g j ), LT(g k )). Equation (1.9) can, thus, be written
as
X X
LT(ai )g i = cjk xδ−γjk S(g j , g k ), cijk ∈ k. (1.10)
m(i)=δ j,k
The initial assumption was that the remainder of S(g j , g k ) on division by G

is zero, so the Division Algorithm yields
s
X
S(g j , g k ) = aijk g i , aijk ∈ R.
i=1
We know that
multideg(aijk g i ) ≤ multideg(S(g j , g k ))
for every i, j, k . Now, consider the equation
s
X
δ−γjk
x S(g j , g k ) = bijk g i ,
i=1
39
Modules
where bijk = xδ−γjk aijk ∈ R. Then
multideg(bijk g i ) ≤ multideg(xδ−γjk S(g j , g k )) < δ. (1.11)
We can now rewrite Equation (1.10) as
s
! s
X X X X
LT(ai )g i = cjk bijk g i = a0i g i ,
m(i)=δ j,k i=1 i=1
0
where multideg(ai g i ) < δ by Equation (1.11). If we again consider Equa-
P Ps 0
tion (1.8), where we substitute m(i)=δ LT (a i )g i with i=1 LT(ai )g i , then
we note that f is still written as a linear combination of the g i 's, but where
every summand have a multidegree strictly smaller than δ, which is a con-
tradiction of δ being the smallest multidegree. Thus, equality must hold in
Equation (1.7). It follows that LT(f ) ∈ hLT(g 1 ), . . . , LT(g s )i, since when
multideg(f ) = max{multideg(ai g i )}, then no cancelation of leading terms
occur in Equation (1.8), and, thus, G is a Gröbner basis for M .
Consider the following example.
Example 1.2.25
Let M = hf 1 , f 2 i ⊆ (k[x, y])3 , where f 1, f 2 are given as in Example 1.2.14,
f 1 = (xy + 4x, 0, y 2 )T ,
f 2 = (0, y − 1, x − 2)T .
We already saw in Example 1.2.16 that G = (f 1 , f 2 ) is a Gröbner basis for
M. Since f 1 and f 2 have leading term in dierent standard basis, it follows
that S(f 1 , f 2 ) = 0. If we add
f 3 = f 1 + f 2 = (xy + 4x, y − 1, x + y 2 − 2)T

to G as a redundant generator, we have
>LIB "teachstd.lib";
>vector f2=[0,y-1,x-2];
>vector f3=f1+f2;
>vector s=spoly(f1,f3);
[0,-y+1,-x+2]
>module M=f1,f2,f3;
>division(s,M)[2]; //returns only the remainder
_[1]=0
40
Thus, we have
S(f 1 , f 3 ) = (0, −y + 1, −x + 2)T ,
but
G
S(f 1 , f 3 ) = 0.
We clearly also have S(f 2 , f 3 ) = 0. It follows from Theorem 1.2.24 that

(f 1 , f 2 , f 3 ) is a Gröbner basis for M .
We can now extend Buchberger's Algorithm for ideals to submodules. With

this algorithm we will be able to add extra generators to a given basis for a
submodule to produce a Gröbner basis for this submodule.
Theorem 1.2.26 (Buchberger's Algorithm for Submodules)

Let F = (f 1 , . . . , f t ) ⊆ Rm , and x a monomial order on Rm . The following
algorithm computes a Gröbner basis G for M = hF i.
Algorithm 1.2.27
Input
F = (f 1 , . . . , f t ) where f i ∈ Rm
a monomial order
Output
a Gröbner basis G = (f 1 , . . . , f s ), s ≥ t, for M = hF i with respect to
Initialize
G := F
Loop
WHILE G 6= G0 DO
0
G := G
FOR each pair {i, j}, i < j DO
S ij := S(f i , f j )
G0
IF r ij = S i j 6= 0 THEN
t:=t+1
f t := rij
G := G + {f t }
Proof
First note that each step of Buchberger's Algorithm certainly gives a basis
41
Modules
for M , since we start with a basis to which we just add more elements, and
G0 G0
since S ij ∈ M , then S ij ∈ M . The algorithm terminates when S ij = 0
for every i, j , and it follows from Buchberger's Criterion that G is a Gröbner
basis for M . Hence, we just need to prove that the algorithm eventually
terminates. After each loop of the while loop G will consist of the old basis
G =: G0 and the nonzero r ij , and, thus,
hLT(G0 )i ( hLT(G)i
while G0 6= G, since r ij 0
is a remainder on division by G , LT(r ij ) is not divisi-
0
/ hLT(G0 )i, but
ble by the leading terms of any element of G . Hence, LT(r ij ) ∈
LT(r ij ) ∈ hLT(G)i. Through the while loop we will, therefore, get a strictly
ascending chain of submodules, and by the Ascending Chain Condition, The-
0
orem 1.2.20, this chain will eventually stabilize. Thus, hLT(G )i = hLT(G)i
0
will eventually occur, which implies that G = G and the algorithm termi-
nates.
Minimal and Reduced Gröbner bases are dened as for ideals.
Denition 1.2.28 (Minimal and Reduced Gröbner Bases)

Let G ⊆ Rm be a Gröbner basis for a submodule M ⊆ Rm . A minimal
Gröbner basis is a Gröbner basis G such that
(i). LC(g) =1 for all g ∈ G,
(ii). for all g ∈ G, LT(g) ∈

/ hLT(G − {g})i.
Furthermore, if
(i). for all g∈G no monomial of g lies in hLT(G − {g})i,
G is called a reduced Gröbner basis for M
In the last section of this chapter, we will consider the second problem stated
in the beginning of this chapter. That is, we want to develop a method
for nding a set of generators for a syzygy module Syz(f 1 , . . . , f s ) given a
m
generating set (f 1 , . . . , f s ) for some submodule of R .
42
1.3. SYZYGY MODULES
1.3 Syzygy Modules
We will in this section show one of the properties of Gröbner basis for mod-
ules. R will again denote the polynomial ring k[x1 , . . . , xn ]. Solving the
Syzygy problem from Section 1.2 will allow us to nd a presentation matrix
m
for any submodule of R for which we know the generators.
Theorem 1.3.1 (Schreyer's Theorem)

Let G = (g 1 , . . . , g s ) be a Gröbner basis for some module over Rm with respect
to any monomial order , and let ε1 , . . . , εs denote the standard basis vectors
in Rs . Dene
mij = LCM(LT(g i ), LT(g j )) ∈ Rm ,
aij = aij1 ε1 + · · · + aijs εs ∈ Rs ,
and
mij mij
sij = εi − εj − aij .
LT(g i ) LT(g j )
Then the set {sij |1 ≤ i, j ≤ s} forms a Gröbner basis for the syzygy module
M = Syz(g 1 , . . . , g s ) with respect to a monomial order G dened as follows:
xα εi G xβ εj if LT(xα g i ) LT(xβ g j ) in Rm , or if LT(xα g i ) = LT(xβ g j )
and i < j .
Proof
That G is a monomial order follows directly from being a monomial order.
Since S(g i , g j ) = −S(g j , g i ) it suces to consider i < j. We want to show

that
mij
LTG (sij ) = εi . (1.12)
LT(g i )
Since we only consider i < j , we have

mij mij
εi > εj .
LT(g i ) LT(g j )
By construction we have
LT(S(g i , g j )) ≥ LT(aijl g l )
for all 1 ≤ l ≤ s, and by denition

mij
LT gi > LT(S(g i , g j )).
LT(g i )
43
Modules
Thus,

mij
LT εi > LT(aijl ).
LT(g i )
which proves Equation (1.12). Now, let
s
X
f= fi εi ∈ M,
i=1
and let LTG (fi εi ) = mi εi for some term mi appearing in fi . Furthermore,

let LTG (f ) = mv εv for some v , and set
X
s= m u εu ,
u∈S
where S = {u|mu LT(g u ) = mv LT(g v )}. Since f ∈ M = Syz(g 1 , . . . , g s ) we

haves ∈ Syz(LT(g u )|u ∈ S). By Proposition 1.2.5 on page 23 part (iii) we
s
know that s is an element of the syzygy module over R generated by the
muw muw
σuw = εu − εw ,
LT(g u ) LT(g w )
where u < w are elements of S . Then it follows from Equation (1.12) that
LTG (s) is divisible by LTG (sij ) for some i < j , which means that the set
{sij |1 ≤ i, j ≤ s} forms a Gröbner basis for M with respect to the G order.
The theorem shows how to nd a Gröbner basis for the syzygy module
s
Syz(g 1 , . . . , g s ) over R with respect to the G order given a Gröbner basis
G = (g 1 , . . . , g s ) with respect to any monomial order for some submodule
m
over R . We will extend this result to a complete solution to the syzygy
problem, and, thus, we will be able to nd a generating set for a syzygy
m
module given any set of generators for a submodule of R .
Let f 1 , . . . , f t ∈ Rm be a set of generators for a submodule M = hf 1 , . . . , f t i,

and let G = (g 1 , . . . , g s ) be a Gröbner basis for M . Denote by F the m × t
matrix with f 1 , . . . , f t as columns, and G the m × s matrix with g 1 , . . . , g s
as columns. Then there exists a t × m matrix A such that F A = G, and a
s × m matrix B such that GB = F .
44
1.3. SYZYGY MODULES
Lemma 1.3.2
Let G = (g 1 , . . . , g s ) be some Gröbner basis for some submodule M =
hf 1 , . . . , f t i ⊆ Rm , and let A and B be matrices such that G = F A and
F = GB , where F = (f 1 , . . . , f t ). If s ∈ Rs is an element of Syz(g 1 , . . . , g s ),
then As is an element of Syz(f 1 , . . . , f t ). Similarly, if t ∈ Rt is an element
of Syz(f 1 , . . . , f t ), then Bt is an element of Syz(g 1 , . . . , g s ). Furthermore,
each column of the matrix It − AB denes an element of Syz(f 1 , . . . , f t ).
Proof
Consider the matrix equation G = F A and multiple by ts ∈ Syz(g 1 , . . . , g s )
on the right. Then 0 = Gs = F As = F (As), which shows that As is an
element of Syz(f 1 , . . . , f t ). Now, consider the matrix equation F = GB and
multiply this by t ∈ Syz(f 1 , . . . , f t ) on the right. Then 0 = F t = GBt =
G(Bt), and, thus, Bt ∈ Syz(g 1 , . . . , g s ). To see the last of the lemma,
consider
0 = F − F = F − F AB = F (It − AB),
which proves the desired property.
We are now ready to show the proposition that solves the general problem
of computing syzygy modules for a general ordered t-tuple F = (f 1 , . . . , f t )
m
of elements of R .
Proposition 1.3.3
Let F = (f 1 , . . . , f t ) be an ordered t-tuple of elements of Rm , and let G =
(g 1 , . . . , g s ) be a Gröbner basis for M = hF i with respect to some monomial
order on Rm . Let A and B be matrices such that G = F A and F = GB ,
and let {sij |1 ≤ i, j ≤ s} be a Gröbner basis for Syz(g 1 , . . . , g s ), where sij is
dened as in Theorem 1.3.1. Also, denote by S 1 , . . . , S t the columns of the
t × t matrix It − AB . Then
Syz(f 1 , . . . , f t ) = hAsij , S 1 , . . . , S t i. (1.13)
Proof
Since F (It − AB) = 0, and since F Asij = Gsij = 0, it is clear that
hAsij , S 1 , . . . , S t i ⊆ Syz(f 1 , . . . , f t ). To show the other inclusion, we want
to show that every element of Syz(f 1 , . . . , f t ) can be written as a linear
combination of the Asij and S 1 , . . . , S t . Let t ∈ Syz(f 1 , . . . , f t ) such that
Bt ∈ Syz(g 1 , . . . , g s ). Since the sij generate Syz(g 1 , . . . , g s ), we can write
Bt as a linear combination of these generators,
X
Bt = aij sij ,
i,j
45
Modules
where aij ∈ R. Multiplying this equation by A on the left yields
X
ABt = aij Asij .
i,j
Now, consider the equation
t = ((It − AB) + AB)t

X
= (It − AB)t + aij Asij .
i,j
Note that (It − AB)t is a linear combination of S 1 , . . . , S t . Thus, we have

shown that t ∈ hAsij , S 1 , . . . , S t i, and since t is an arbitrary element of
Syz(f 1 , . . . , f t ), we have proved that hAsij , S 1 , . . . , S t i ⊇ Syz(f 1 , . . . , f t ).
Hence, the equality in Equation (1.13) holds.
In the proposition we forced G to be a Gröbner basis. This was only to

ensure that the sij would generate the syzygy module Syz(g 1 , . . . , g s ). We
can generalize this proposition to any set of generators for a submodule M
if we can nd a presentation matrix D for the syzygy module.
Corollary 1.3.4
With the same notation as above, suppose that G = (g 1 , . . . , g s ) is any set
of generators for M = hF i, and let D be a presentation matrix for M such
that the columns of D generate Syz(g 1 , . . . , g s ). Then the block matrix
[AD It − AB]
is a presentation matrix for M with respect to the generating set f 1 , . . . , f t .

Proof
This follows from directly from Proposition 1.3.3.
In the next chapter we will consider some of the basic theory about linear
codes, and we will introduce the quasi-cyclic codes. We will show that there
is a one-to-one correspondence between quasi-cyclic codes of length n = ml
m l
and submodules of the quotient ring (Fq [x]/hx − 1i) .
46
Chapter 2
Codes
In this chapter we will present some of the basic theory about linear codes.
We will consider cyclic codes, so we in Chapter 3 can give a method for
decoding a special class of cyclic codes, namely the Reed-Solomon codes.
We will also introduce quasi-cyclic codes, which are a generalisation of
cyclic codes, and we will show that we can see quasi-cyclic codes as sub-
modules. We will therefore use the Gröbner basis theory from the last
chapter to give a way to represent the quasi-cyclic codes. This chap-
ter is based on [Justesen and Høholt, 2000, Sections 1.1-1.2 and 6.1-6.2],
[Human and Pless, 2003, Sections 1.2-1.4, 4.1-4.2, and 4.5], [Lally, 2000,
Section 1.1-1.2 and Chapter 2], and [Lally and Fitzpatrick, 2001, Section
1-2].
2.1 Linear Codes
In this project we will only consider linear codes. Let Fnq denote the vector
space of all n-tuples over a nite eld Fq . An (n, k) linear code C is a k -
n k
dimensional subspace of the vector space Fq with M = q elements, C =
{c1 , . . . , cM }, where ci = (ci0 , . . . , ci(n−1) ) are called the codewords of C . The
linear property assures that if ci , cj ∈ C and f ∈ F, then f ci + cj ∈ C .
Further, the codeword with zeroes in every entry is always a codeword in C .
One of the most common ways to represent a code is by a generator matrix.
Denition 2.1.1 (Generator Matrix)

A generator matrix G for an (n, k) code C is a k×n matrix whose rows
form a basis for C and are, thus, linearly independent.
Since any codeword in C can be represented as a linear combinations of

the rows of the generator matrix G, we can represent each codeword as an
47
Codes
information vector u of k entries. Then
c = uG.
Example 2.1.2
A (7, 4) binary code C can have the generator matrix
 
1 0 0 0 1 0 1
 0 1 0 0 1 1 1 
G=
 0
.
0 1 0 1 1 0 
0 0 0 1 0 1 1
This code consists of 42 = 16 codewords, which are linear combinations of

the rows of G. Now, let u = (1, 0, 1, 0) be an information vector. Then

uG = 1 0 1 0 0 1 1
is a codeword in C.
Since every linear combination of the rows of a generator matrix lies in the
code, row operations of the generator matrix does not change the code. It is
often convenient to write a generator matrix in the form G = [Ik A] called
the standard form, where Ik is the k×k identity matrix. The generator
matrix G in Example 2.1.2 is in standard form. Another way to represent a
code C is with a parity check matrix.
Denition 2.1.3 (Parity Check Matrix)

A parity check matrix H for an (n, k) code C is an (n − k) × n matrix,
whose rows are linearly independent, such that
C = {x ∈ Fnq |HxT = 0},
where xT denotes the transpose of x. Each HxT is called a parity check.
The parity check matrix is itself a generator for an (n, n − k) code called the
⊥
dual code and denoted C ,
C ⊥ = {x ∈ Fnq |x · c = 0 ∀c ∈ C}.
When G is in standard form, a parity check matrix can be found as H =

T
[−A In−k ].
48
2.1. LINEAR CODES
Example 2.1.4
A parity check matrix for the (7, 4) code C represented by the generator
matrix G in Example 2.1.2 is
 
1 1 1 0 1 0 0
 0 1 1 1 0 1 0 .
1 1 0 1 0 0 1
To be able to consider the error-correcting capability of a code C, we will

consider the minimum distance and weight of a code.
Denition 2.1.5 (Hamming Distance d(x, y) and Hamming Weight w(x))

The (Hamming) distance between two vectors x and y, denoted d(x, y),
is dened as the number of coordinates in which x and y dier.
The (Hamming) weight of a vector is dened to be the number of nonzero
coordinates, w(x) = d(x, 0).
The minimum distance of a code C, denoted d, is the smallest distance be-

tween distinct codewords of the code. Since d(x, y) = w(x−y), the minimum
distance of a code C is also equal to the smallest weight of any nonzero code-
word. We often refer to a code C with minimum distance d as a [n, k, d] code.
The code in Example 2.1.2 is a [7, 4, 3] code. When a codeword c is sent,
the received word can contain some errors. If y is the received word, then
y = c + e, where e is an error vector, and the number of errors is given
by w(e). We would like to be able to determine e, but this cannot always
be accomplished. Therefore, we call a code t-error correcting if for any two
distinct codewords ci 6= cj , and any two error vectors ei , ej of weight ≤ t,
we have ci + ei 6= cj + ej .
Theorem 2.1.6
An (n, k, d) code is t-error correcting if and only if t < d/2.
Proof
Suppose t < d/2, and let ci , cj be two codewords and ei , ej be two error
vectors of weight≤ t such that ci + ei = cj + ej . But since ci − cj = ej − ei ,
we have w(ej − ei ) = w(ci − cj ) ≤ 2t < d, which contradicts the fact that
d is the minimum distance. Conversely, suppose that t ≥ d/2, and let c be
a codeword of weight d. Change t + 1 of the nonzero entries of c to zero to
obtain y . Then w(y) = d − (t + 1) < t, and d(0, y) < t, which means that
49
Codes
y is now closer to the 0 codeword than it is to c. Thus, if t < d/2 we might

not be able to decode a received word y to the correct codeword c = y − e.
Since the code in Example 2.1.2 is a [7, 4, 3] code, it is 1-error correcting,

meaning if only one error occurred, then we will be able to correct it.
2.2 Cyclic Codes
In this section we will consider a specic class of linear codes, namely the
cyclic codes.
Denition 2.2.1 (Cyclic Codes)

A linear code C of length n over a nite eld Fq is called a cyclic code if
for every codeword c∈C the codeword obtained by a cyclic shift is also
a codeword in C. That is,
c = (c0 , . . . , cn−1 ) ∈ C ⇒ c0 = (cn−1 , c0 , . . . , cn−2 ) ∈ C.
Every codeword c∈C

can be represented as a polynomial of degree at most
n − 1. In other words, we can represent the codeword c = (c0 , . . . , cn−1 ) ∈ Fnq
n−1
in polynomial form as c(x) = c0 + c1 x + · · · + cn−1 x ∈ Fq [x]. With this
n
notation a cyclic shift corresponds to multiplication by x modulo x − 1.
It follows from the denition of cyclic codes that if C is a cyclic code and
2 n−1
c(x) ∈ C ,then xc(x) = cn−1 + c0 x + c1 x + · · · + cn−2 x ∈ C . With this in
mind, there is a bijective correspondence between cyclic codes and ideals of
the quotient ring
Rn = Fq [x]/hxn − 1i.
It follows that it is natural to dene a generator for the code C.
Denition 2.2.2 (Generator for a Cyclic Code)

The generator g(x) for a cyclic code C is the unique monic polynomial of
minimum degree in C.
We have the following theorem about the generator.
50
2.2. CYCLIC CODES
Theorem 2.2.3
Let C be a nonzero cyclic code in Rn . The generating polynomial from De-
nition 2.2.2 has the following properties:
(i) g(x) generates C ; that is, C = hg(x)i,
(ii) g(x) divides xn − 1,
Let k = n − deg (g(x)), and let g(x) = gi xi , where gn−k = 1. Then

Pn−k
i=0
(iii) the dimension of C is k and {g(x), xg(x), . . . , xk−1 g(x)} is a basis for
C,
(iv) every element of C is uniquely expressible as a product g(x)f (x), where

f (x) = 0 or deg (f (x)) < k ,
(v)
 
g0 g1 g2 · · · gn−k 0 0 ··· 0
 0 g0 g1 · · · gn−k−1 gn−k 0 ··· 0 
G= .. .. .. .. .. .. .. .. ..
 
. . . . . . . . .

 
0 0 0 ··· 0 g0 g1 · · · gn−k
 
g(x)
 xg(x) 
↔ ..
 
.

 
xk−1 g(x)
is a generator matrix for C ,
Proof
Since C is a nonzero subset of Rn , there exists a polynomial g(x) that is monic
and is of minimum degree in C . Let c(x) ∈ C . Then the Division Algorithm
in Fq [x] gives
c(x) = f (x)g(x) + r(x), (2.1)
where either r(x) = 0 or deg(r(x)) < deg(g(x)). Since g(x) has minimal
degree in C , it follows that r(x) = 0, and since C is an ideal in Rn , we
can write C = hg(x)i, which proves (i). Part (ii) follows from the fact that
51
Codes
xn − 1 corresponds to the zero codeword in C , which means that we can write

xn − 1 = f (x)g(x) for some f (x).
Now, suppose deg(g(x)) = n−k . By Equation (2.1) we have c(x) = f (x)g(x)

whenever c(x) ∈ C . If c(x) = 0 we have f (x) = 0, and if c(x) 6= 0, deg(c(x)) =
d < n we have deg(f (x)) = d − (n − k) < k , which proves (iv). As a basis for
C we can, thus, choose {g(x), xg(x), . . . , xk−1 g(x)}, and, thus, we have the
generator matrix
 
g0 g1 g2 · · · gn−k 0 0 ··· 0
 0 g0 g1 · · · gn−k−1 gn−k 0 · · · 0 
G =  .. .. .. . . .
 
. . . . .
 . . . . . . . .. .
. . . . 
0 0 0 ··· 0 g0 g1 · · · gn−k
This proves the rest of the theorem.
Part (i) of the theorem proves that since a cyclic code is an ideal in Rn ,
and since a cyclic code can be generated by a single generator, then Rn is a
principal ideal ring. Part (iv) of the theorem gives an easy way to determine
if a given word c(x) is a codeword in a given cyclic code C , since by (iv) every
c(x) ∈ C is divisible by g(x).
In Theorem 2.2.3 we showed that the generator polynomial g(x) divides xn −

1, and, thus, there must be a correspondence between the divisors of the
n
polynomial x − 1 and the generators of the cyclic codes in Rn . We can
n
determine the number of codes in Rn if we know the factorization of x − 1.
Lemma 2.2.4
Let m denote the number of irreducible divisors of xn − 1 of degree lower than
n. The number of codes in Rn is then 2m .
Proof
We will show this by induction. If xn − 1
is irreducible, then the only
n
codes are the zero code and the code generated by x − 1. Now, sup-
m−1
pose the lemma is true for m − 1, and denote the 2 generators by
g1 , . . . , g2m−1 . For the mth irreducible divisor, say g , we then have the
n
generators g1 , . . . , g2m−1 , gg1 , . . . , gg2m−1 . Thus, if x − 1 has m irreducible
m−1 m
divisors, then we have 2 · 2 = 2 codes.
Example 2.2.5
Let n = 7. We can factor x7 − 1 in irreducible polynomials as
x7 − 1 = (x + 1)(x3 + x2 + 1)(x3 + x + 1),
52
2.2. CYCLIC CODES
and, thus, m = 3. Lemma 2.2.4 says that R7 has 23 = 8 binary cyclic codes
Ci with generator gi (x), which we list below:
i dim gi (x)
0 0 1 + x7
1 1 (1 + x + x )(1 + x + x ) = 1 + x + x2 + x3 + x4 + x5 + x6
2 3 3
2 3 (1 + x)(1 + x2 + x3 ) = 1 + x + x2 + x4
3 3 (1 + x)(1 + x + x3 ) = 1 + x2 + x3 + x4
4 4 1 + x2 + x3
5 4 1 + x + x3
6 6 1+x
7 7 1
We see that g(x) = 1 + x2 + x3 generates a binary cyclic code C in R7 with

dimension 4; that is, C is a [7, 4] cyclic code over F2 . The generator matrix
for C is
 
1 0 1 1 0 0 0
 0 1 0 1 1 0 0 
G=
 0
.
0 1 0 1 1 0 
0 0 0 1 0 1 1
This code is the same as the one used in Example 2.1.2 on page 48.
We want to check if the words c1 (x) = 1 + x2 + x5 + x6 and c2 (x) = 1 + x + x3

lie in C = hg(x)i, where g(x) = 1 + x2 + x3 . We will use Singular to divide
c1 (x) and c2 (x) by g(x), respectively.
>LIB "redcgs.lib"
>ring R=2,x,lp;
>poly g=1+x2+x3;
>poly c1=1+x2+x5+x6;
>poly c2=1+x+x3;
>pdivi(c1,g)[1]; // the remainder of c1 on division by g
0
>pdivi(c2,g)[2];
x2+x
We conclude that c1 (x) is a codeword in C, but that c2 (x) is not.
For coding it is important to be able to determine the minimum distance

of a code, or at least a lower bound, in order to be able to determine the
53
Codes
error-correcting capability of the code. Recall from Section 2.1 that a code
of minimum distance d is t-error correcting if and only if t < 2d. We will
here consider the BCH bound, since the Reed-Solomon codes, which we will
study later, utilizes the BCH bound.
Theorem 2.2.6 (BCH Bound)

Let g(x) be a generator polynomial for a cyclic [n, k, d] code over Fq , and
suppose that g(x) has among its zeroes αb , αb+1 , . . . , αb+δ−2 for some b ≥ 0,
where α ∈ Fmq is a primitive nth root of unity, and m is the smallest integer
such that n|q m − 1. Then d ≥ δ = ]ConsecutiveRoots (g(x)) + 1.
Denition 2.2.7 (Reed-Solomon Codes)

A code C with generator polynomial of the form
g(x) = (x − α)(x − α2 ) · · · (x − αn ),
where n=q−1 and α is a primitive nth root of unity, is called a Reed-

Solomon code.
In the next section we will consider quasi-cyclic codes, which are a generali-
sation of cyclic codes. We will see there there exists a natural correspondence
l
between quasi-cyclic codes and submodules of the quotient ring Rm .
2.3 Quasi-Cyclic Codes
We will start this section with the classic denition of a quasi-cyclic code.
Denition 2.3.1 (Quasi-Cyclic Codes (Classic Denition))

A linear block code C of length n = ml over a nite eld Fq is called
a quasi-cyclic code of index l if for every codeword c ∈ C there exists
a number l such that the codeword obtained by l cyclic shifts is also a
codeword in C. That is,
c = (c0 , . . . , cn−1 ) ∈ C ⇒ c0 = (cn−l , . . . , c0 , . . . , cn−l−1 ) ∈ C.
In the denition l is dened as the smallest number of cyclic shifts where the
54
2.3. QUASI-CYCLIC CODES
code is invariant. Quasi-cyclic codes are a generalisation of cyclic codes; that

is, cyclic codes are quasi-cyclic codes with l = 1.
Example 2.3.2
The binary [6, 3] code with generator matrix
 
1 1 0 1 0 0
G= 0 0 1 1 0 1 
0 1 0 0 1 1
is a quasi-cyclic code with l = 2. To ease the visualization we can write the
shifts as blocks,
 
11 01 00
G =  00 11 01  .
01 00 11
In general, when we consider a generator matrix for a quasi-cyclic code, we

do not restrict ourselves to the standard denition of a generator matrix,
since we do not require the rows to be linearly independent, and, thus, the
dimension of the code is not necessarily equal the number of rows. Since the
rowspace of the generator matrix G is equal to the code, we can permutate
the rows of the matrix, since this does not change the rowspace. Column
permutations do change the rowspace, but we do, however, get an equivalent
code, since the length, dimension and weight structure are unchanged.
Example 2.3.3
We will consider Example 2.3.2 again. If we group together columns 1,3,5
and 2,4,6 we get a code of the form
 
100 110
 010 011  .
001 101
We notice that this generator matrix consists of two submatrices, and that
both these matrices are a 3×3 circulant matrix.
The generator matrix in Example 2.3.2 gives a so called 1-generator [6, 3]

code over F2 with l = 2, m = 3, and generator vector (11 01 00). The
general form of a 1-generator matrix with generator vector
(a11 a12 . . . a1l a21 a22 . . . a2l · · · am1 am2 . . . aml )
55
Codes
for a quasi-cyclic code over Fq of length ml is

 
a11 a12 . . . a1l a21 a22 . . . a2l · · · am1 am2 . . . aml
 am1 am2 . . . aml a11 a12 . . . a1l · · · a(m−1)1 a(m−1)2 . . . a(m−1)l 
,
 
. . .. .
. . .

 . . . . 
a21 a22 . . . a2l a31 a32 . . . a3l · · · a11 a12 . . . a1l
where aij ∈ Fq . As we did in Example 2.3.3 we can permutate the generator
matrix to get a generator matrix consisting of l circulant submatrices,

C1 C2 · · · Cl , (2.2)
where each circulant submatrix is an m×m matrix of the form

 
c0 c1 · · · cm−1
 cm−1 c0 · · · cm−2 
Ci =  .. (2.3)
 
. .. .
. .

 . . . . 
c1 c2 · · · c0
with each row being a single cyclic shift of the previous one and ci ∈ F q ;
that is, the matrix is completely specied by the vector (c0 , c1 , . . . , cm−1 ). A
quasi-cyclic code can have more than one generator vector. A k -generator
quasi-cyclic code with the same structure as in Equation (2.2) has the form
 
C11 C12 · · · C1l
 C21 C22 · · · C2l 
G =  .. , (2.4)
 
. .. .
 . . . .
. . 
Ck1 Ck2 · · · Ckl
with each Cij being of the same form as Equation 2.3. From now on when
we refer to a generator matrix for a quasi-cyclic code it will be of the form
of Equation (2.4).
Denition 2.3.4 (Quasi-Cyclic Codes)

A linear block code C with a generator matrix of the form of Equation
(2.4) is a quasi-cyclic code.
We note that the circulant matrix has the same structure as the generator
matrix for a cyclic code. It follows that if we write the vector (c0 , c1 , . . . , cm−1 )
m−1
in polynomial form as c(x) = c0 + c1 x + · · · + cm−1 x , such that
 
c(x) mod (xm − 1)
 xc(x) mod (xm − 1) 
Ci =  ,
 
.
.
 . 
xm−1 c(x) mod (xm − 1)
56
m
then there is an isomorphism between Fq and the quotient ring R =
Fq [x]/hxm − 1i. If we extend this to the whole generator matrix from
Equation (2.2) it can be proven that there exists an isomorphism between
Flm l
q and R . Because of this isomorphism we can see quasi-cyclic codes C of
l
index l and length n = ml as an R-submodule of the module R . The kernel
of the map
φ : (Fq [x])l → Rl
is the submodule K̃ in Fq [x],
K̃ = ker(φ) = {f ∈ (Fq [x])l |φ(f ) = 0 ∈ Rl }

= {f = (f1 , . . . , fl ) ∈ (Fq [x])l |fi = k(xm − 1), k ∈ Fq [x], 1 ≤ i ≤ l}
= h(xm − 1)ei , 1 ≤ i ≤ li,
where ei , 1 ≤ i ≤ l (Fq [x])l . By the Homo-

is the standard basis vectors of
l l
morphism Theorem there exists an isomorphism between (Fq [x]) /K̃ and R ,
and, thus, there exists an one-to-one correspondence between the submodules
C of Rl and the preimage submodules C˜ of (Fq [x])l containing K̃ .
Suppose C is a k -generator quasi-cyclic code generated by the k elements

r 1 , . . . , r k , where r i = (ri1 , . . . , ril ). Then its preimage C˜ is generated by
r 1 , . . . , r k and (xm − 1)ei , i = 1, . . . , l. Thus, the rows of the matrix
 
r11 ... r1l
. .. .
. . .
. .
 
 
 rk1 ... rkl
 

 m
 x − 1 ... 0


 . .. . 
. . .
. .
 
0 . . . xm − 1
generate C˜. We know that every submodule has a minimal Gröbner basis,
so denote by G̃ POT order
some minimal Gröbner basis with respect to the
˜ ˜ ˜
for the submodule C , C = hG̃i. Since K̃ ⊆ C there exists for every 1 ≤ i ≤ l
m
a g ∈ G̃ such that LT(g) divides LT((x − 1)ei ), and it follows that the
leading monomial of g must be in the ith position. Suppose g 1 , g 2 ∈ G̃ are
two element with the leading monomial in the same position, LM(g 1 ) = Xei
and LM(g 2 ) = Y ei . Since G̃ is a minimal Gröbner basis, and since LM(g 1 )
or LM(g 2 ) must be divisible by the other, it follows that X = Y and G̃ must
contain exactly l elements each with leading monomial in a dierent position.
57
Codes
By reordering the elements of G̃ we may assume that G̃ is of the triangular

form
   
g1 g11 g12 . . . g1l
 g   0 g22 . . . g2l 
 2  
G̃ =  ..  =  .. , (2.5)

. .. .
 .   . . . .
. . 
gl 0 0 . . . gll
where gii 6= 0. In the following theorem we will proof the structure of the
reduced Gröbner basis for C˜.
Theorem 2.3.5
Let C˜ be a submodule of (Fq [x])l containing K̃ . Then C˜ has a reduced Gröbner
basis with respect to the POT order of the form of Equation (2.5) where
(i). gii divides xm −1, and if f ∈ C˜ has leading monomial in the ith position,
then LM(f ) is divisible by gii ei ,
(ii). deg(gji ) < deg(gii ) ≤ m for j < i,
(iii). if gii = xm − 1, then g i = (xm − 1)ei ,
(iv). the Fq -dimension of (Fq [x])l /C˜ is li=1 deg(gii ).

P
Proof
Let G̃ be a reduced Gröbner basis with the triangular form of Equation
(2.5). We have already discussed above that since K̃ ⊆ C ˜, then gii must
m
divide x − 1, so we just need to show that every element of C˜ with leading
polynomial in the ith position is also divisible by gii . This is straight forward,
since when some element f ∈ C ˜ has leading monomial in the ith position,
then it must be generated by g i , and it follows that LT(f ) divides gii ei .
For part (ii) note that since G̃ is a reduced Gröbner basis, no monomial of
g j ∈ G̃ lies in hLT(G−{g j })i, which means that no monomial of g j is divisible
by any LT(g i ). Thus, LM(gii ) does not divide gji for each i, 1 ≤ j < i ≤ l .
This is true if and only if deg(gii ) > deg(gji ) for each i, j , 1 ≤ j < i ≤ l .
m
From part (i) we know that gii divides x − 1, so deg(gii ) ≤ m.
m
To prove part (iii) suppose that gii = x − 1 such that g i = (0, . . . , 0, xm −
1, gi,i+1 , . . . , gil ) ∈ G̃. Since (xm −1)ei ∈ C˜ we also have f = g i −(xm −1)ei =
(0, . . . , 0, 0, gi,i+1 , . . . , gil ) ∈ C˜. By Part (i) LT(f ) is divisible by gi+1,i+1 ei+1 .
Since LT(f ) = LM(gi,i+1 ), we have deg(gi,i+1 ) ≥ deg(gi+1,i+1 ), but this is a
58
contradiction of part (ii), and it follows that gi,i+1 , . . . , gil = 0, and, thus,
g i = (xm − 1)ei .
The Fq -dimension of (Fq [x])l /C˜ is equal for the amount of monomials in the
l ˜ l
footprint of (Fq [x]) /C . That is, the number of monomials X in (Fq [x])
where no LM(g i ) divides X . Since every g i has their leading monomial in
a dierent position we know that one won't be a part of another. Then,
since the leading monomial of
Pl gi has degree deg(gii ) it follows that the whole
dimension is i=1 deg(gii ).
From part (iv) of this theorem we are able to determine the dimension of the
code C.
Proposition 2.3.6
The dimension k of the code C with a Gröbner basis of the form of Theorem
2.3.5 is given by
l
X
k = lm − deg(gii ).
i=1
Proof
Consider the equation
k = dim(C)
˜ m − 1i)
= dim(C/hx
˜ − dim(hxm − 1i)
= dim(C)
˜
= dim((Fq [x])l ) − dim(hxm − 1i) − dim((Fq [x])l ) + dim(C)

˜
= dim((Fq [x])l /hxm − 1i) − dim((Fq [x])l /C).
In part (iv) of Theorem 2.3.5 we determined the codimension of C˜,

and from the same reasoning as in the proof of that theorem we have
dim((Fq [x])l /hxm − 1i) = li=1 m. Thus,
P
l
X l
X l
X
k= m− deg(gii ) = ml − deg(gii ).
i=1 i=1 i=1
Note that when we map a Gröbner basis G̃ for C ˜ to a Gröbner basis G for C
m
we remove every g i ∈ G̃, where g i = (x − 1)ei , since g i is then mapped to
59
Codes
the zero element in Rl . We can therefore also write the dimension k of C as
X
k= (l − deg(gii )).
g i ∈G
To see that this is correct, note that if g i = (xm − 1)ei , then m − deg(gii ) =
m − m = 0.
Before nishing this chapter we will dene a few concepts that we will need
when we decode quasi-cyclic codes.
Denition 2.3.7 (r-level Gröbner Bases)

Let the set G̃ = {g 1 , . . . , g l } ⊆ (Fq [x])l be a reduced Gröbner basis for a
submodule C ˜ ⊆ (Fq [x])l . We say that G̃ is an r-level Gröbner basis for C˜
if there exists g r ∈ G̃, 1 ≤ r ≤ l , such that g r ∈ / K̃ and g j ∈ K̃ for all
j , r < j ≤ l. The corresponding reduced Gröbner basis G for C is also
called an r -level Gröbner basis, since G contains at most r generators.
Note that G only contains at most r generators since every generator g j ∈ K̃

l
equals zero in R . A 1-level Gröbner basis would only need one generator g
to generate the whole code C .
Corollary 2.3.8
A code C of index l and length ml has a 1-level reduced Gröbner basis if and
only if it is generated by a single generator g ∈ Rl of the form
g = (g, f1 g, . . . , fl−1 g), fi ∈ Fq [x]
where g divides xm − 1 and deg(fi ) < m − deg(g) for 1 ≤ i ≤ l − 1.
A further restriction on a one-generator code are the so-called Restriction-1

codes.
Denition 2.3.9 (Restriction-1 Codes)

A code C with a 1-level Gröbner basis g = (f1 g, . . . , fl g) ⊆ Rl , where g =
gcd(g1 , . . . , gl , xm − 1), gcd(fi , (xm − 1)/g) = 1, and deg(fi ) < m − deg(g)
for 1 < i ≤ l is called a Restriction-1 code.
The BCH bound for Restriction-1 codes is shown in the next theorem.
Theorem 2.3.10
60
Let C have a 1-level Gröbner basis with a generator of the form
g = (f1 g, . . . , fl g) ∈ Rl , fi ∈ Fq [x],
where g divides xm − 1, gcd{fi , (xm − 1)/g} = 1, and deg(fi ) < m − deg(m)

for 1 < i ≤ l. If gcd(m, q) = 1, then the minimum distance of C is at least
dmin ≥ l(]ConsecutiveRoots (g) + 1).
Proof
From Theorem 2.2.6 on page 54 we know that the BCH bound for a cyclic
code is
]ConsecutiveRoots (g) + 1.
Since every partial codeword of C is a codeword in the cyclic code generated

by g, it follows that the BCH for a Restriction-1 code is
dmin ≥ l(]ConsecutiveRoots (g) + 1).
In the next chapter we will consider a decoding algorithm for Reed-Solomon

codes. For this algorithm we will need the theory about modules and Gröbner
bases for modules developed in Chapter 1.
61
Chapter 3
Reed-Solomon Decoding
In this chapter we will consider a specic type of cyclic codes, namely the
Reed-Solomon codes.
We consider the polynomial ring R = Fq [x]/hxn −1i and a primitive element α

of the nite eld Fq . Now, consider the Reed-Solomon code C ⊆ R generated
by the generator polynomial
g = (x − α) · · · (x − αd−1 ),
where d is the minimum distance of C . If we assume that d = 2t + 1 for some

t, we should be able to correct up to t errors in a received word. This chap-
ter is mostly based on [Cox et al., 2005, Section 9.4] and [Moro et al., 2007,
Section 4.2].
3.1 Reed-Solomon Decoding
Pq−2
j
We can write any codeword in C J=0 cj x . If c ∈ C ,
as a linear combination
then c must be divisible by g by Theorem 2.2.3 on page 51. Suppose y = c+e
i
P
is a received word, where e = i∈I ei x is the error in transmission. I is called
the set of error locations, and the coecients ei are called the error values.
An often used method for decoding is syndrome decoding, but the special
algebraic structure of Reed-Solomon codes enables us to utilize much better
methods for decoding.
Consider the function
Ej = y(αj ) = c(αj ) + e(αj ) = e(αj ),
since c is divisible by g. Ej , j = 1, . . . , d − 1
By computing the set of values
we can determine whether errors have occurred. If Ej = 0 for all j , then y
is divisible by g since they have the same roots, and it follows that y is a
codeword. Furthermore, if we assume that the error vector has a weight less
62
3.1. REED-SOLOMON DECODING
than t = b d−1
2
c, then y = c. Notice that the idea of Ej is very similar to
the syndrome of the received word. If Ej 6= 0 for some j , then errors have
occurred, and we will try to correct them.
Dene the syndrome polynomial for y as the polynomial
d−1
X
S(x) = Ej xj−1
j=1
of degree at most d − 2. If we let the sum run to innity we will have the
power series
∞
X
E(x) = Ej xj−1 .
j=1
Suppose that the error polynomial e is known. Then

X X
Ej = ei (αj )i = ei (αi )j .
i∈I i∈I
We rewrite E(x) in the following way:
∞
!
X X
E(x) = ei (αi )j xj−1
j=1 i∈I
∞
!
X X
= ei (αi )j+1 xj
j=0 i∈I
∞
!
X X
= (αi )j xj ei α i
i∈I j=0
X ei αi
= ,
i∈I
1 − αi x
P∞ i j j
where we in the last equation used the fact that j=0 ei (α )x is a geometric
series. We will write E(x) as
Ω(x)
E(x) = , (3.1)
Λ(x)
where
X Y
ei α i 1 − αj x ,

Ω(x) =
i∈I j6=i,j∈I
63
Y
1 − αi x

Λ(x) =
i∈I
with
deg(Ω(x)) ≤ deg(Λ(x)) − 1.
Notice that the roots of Λ(x) are α−i for i ∈ I. That is, we can use Λ(x)
to determine the error locations, and, thus, Λ(x) is called the error locator
polynomial. Since
Y
Ω(α−i ) = ei αi 1 − αj α−i =

6 0, (3.2)
j6=i,j∈I
Ω(x) and Λ(x) have no roots in common, and it follows that they must be
relatively prime, since all its factors of degree one are dierent.
Next, consider the dierence between E(x) and S(x),

∞
!
X X
E(x) − S(x) = ei (αi )j xj−1
j=d i∈I
Γ(x)
= xd−1 , (3.3)
Λ(x)
where
X Y
ei αid 1 − αj x ,

Γ(x) =
i∈I j6=i,j∈I
deg(Γ(x)) ≤ deg(Λ(x)) − 1.
By combining Equation (3.1) and (3.3), where we write d − 1 = 2t,
Ω(x) = Λ(x)S(x) + x2t Γ(x), (3.4)
which we can also write as the congruence equation
Ω(x) ≡ Λ(x)S(x) mod x2t . (3.5)
We will refer to this equation as the key equation for decoding.
We will now consider the received word y = c+e where the error vector is
unknown and of weight at most t by assumption. We calculate the syndrome
polynomial S(x) and consider equation (3.5) where S(x) and x2t are known,
and Ω(x), Λ(x) unknown.
64
Theorem 3.1.1
Let S(x) be the syndrome polynomial corresponding to a received word y with
an error of weight at most t. Up to a constant multiple, there exists a unique
solution (Ω, Λ) of (3.5) that satises the degree conditions,
deg (Ω) < deg (Λ) ≤ t,
and in which Ω and Λ are relatively prime.

Proof
Let (Ω, Λ) and (Ω, Λ) be two solutions satisfying the degree and relatively
prime conditions. Both satisfy the key equation,
Ω ≡ ΛS mod x2t ,
Ω ≡ ΛS mod x2t .
Multiplying the rst equation by Λ, the second by Λ, and subtracting yields

the congruence relation
ΩΛ ≡ ΩΛ mod x2t .
Since the degree conditions are satised for both(Ω, Λ) and (Ω, Λ) both sides
of the congruence relation must be of degree at most 2t−1, whereby it follows
that ΩΛ = ΩΛ. It follows from the relatively prime condition that Λ must
be a multiple of Λ, Ω must be a multiple of Ω and vice versa. This means
that (Ω, Λ) and (Ω, Λ) can only dier by a constant multiple.
Given a solution (Ω, Λ) we can determine the roots of the error locator poly-
nomial Λ(x) to determine the error locations. We can then use Equation (3.2)
to determine the values of ei . Hence, we can decode a received word by solv-
ing the key equation. The problem is that (Ω, Λ) might not be unique. That
is, the solution might not satisfy the degree condition. Therefore, consider
the set of all possible solutions,
K = {(Ω, Λ)|Ω ≡ ΛS mod x2t } ⊆ (Fq [x])2 .
We will prove that K is an Fq [x]-submodule of (Fq [x])2 . Let (Ω, Λ), (Ω, Λ) ∈
K and f, g ∈ Fq [x]. Then
• f ((Ω, Λ) + (Ω, Λ)) = f (Ω, Λ) + f (Ω, Λ),
• (f + g)(Ω, Λ) = f (Ω, Λ) + g(Ω, Λ),
65
• (f g)(Ω, Λ) = f (g(Ω, Λ)),

• 1(Ω, Λ) = (Ω, Λ).
We will nd a generating set for K. Consider Equation (3.4) again,
Ω(x) = Λ(x)S(x) + x2t Γ(x).

If we set Λ(x) = 0,
then we have Ω(x) = Γ(x)x2t . So in this situation (Ω, Λ)
2t
can be generated by (x , 0). Now, set Γ(x) = 0 such that Ω(x) = Λ(x)S . In
this situation we can use the generator (S, 1). Thus, we have the generating
set
g1 = (x2t , 0),
(3.6)
g2 = (S, 1).
We have the following proposition.
Proposition 3.1.2
Let k be any eld, and let M be a submodule of (k[x])2 . Let be any mono-
mial order on (k[x])2 . Then the following conditions are equivalent:
(i). The k -vector space (k[x])2 /M is nite-dimensional.

(ii). hLT (M )i contains elements of the form xu e1 = (xu , 0) and xv e2 =
(0, xv ) for some u, v ≥ 0.
Proof
Let G be a Gröbner basis for M with respect to the monomial order .
Every elements of (k[x])2 /M can be written as a linear combination of the
monomials in the complement of hLT (M )i. The proposition follows directly
from the fact that there is a nite number of monomials in the complement
if and only if hLT (M )i contains multiples of both e1 and e2 .
We will now dene a new monomial order.
Denition 3.1.3
Let r ∈ Z, and dene an order r by the following rules,
• xm ei r xn ei if m>n and i = 1, 2,
• xm e2 r xn e1 if and only if m + r ≥ n.
We will consider a few examples where we order the monomials in (k[x])2 .
66
Example 3.1.4
Let r = −1, then
e2 −1 e1 −1 xe2 −1 xe1 −1 x2 e2 −1 x2 e1 −1 . . . .
Let r = 0, then
e1 0 e2 0 xe1 0 xe2 0 x2 e1 0 x2 e2 0 . . . .
Let r = 1, then
e1 1 xe1 1 e2 1 x2 e1 1 xe2 1 x3 e1 1 . . . .
Let r = 2, then
e1 2 xe1 2 x2 e1 2 e2 2 x3 e1 2 xe2 2 . . . .
Notice that forr = −1 and r = 0 we have the standard TOP order with
e2 e1 and e1 e2 , respectively. Also notice that the general structure
when r ≥ 0 is e1 as the smallest element followed by multiples of e1 until
r
we reach x e1 r e2 . Hereafter, the chain will continue with multiples of
r
x e1 r e2 .
Proposition 3.1.5
Let M be a submodule of (k[x])2 , and x r ∈ Z. Assume that the equivalent
conditions in Proposition 3.1.2 are satised. Then the subset G ⊆ M is a
reduced Gröbner basis of M with respect to r if and only if G = {g1 =
(g11 , g12 ), g2 = (g21 , g22 )}, where gi satisfy the following two properties:
(i). LT(g1 ) = xu e1 and LT(g2 ) = xv e2 ,
(ii). deg (g12 ) < v and deg (g21 ) < u.
Proof
We have hLT(M )i = hLT(G)i if and only if G is a Gröbner basis for M . This
is satised if and only if condition (i) is satised.
For G to be reduced, no monomials of g1 must lie in hLT(g2 )i and vice versa,

which in satised if and only if condition (ii) is satised.
67
In Equation (3.6) we found a generating set for K , {g1 = (x2t , 0), g2 = (S, 1)}.
2t
Note that if we order by the deg(S) order, then LT(g1 ) = x e1 and LT(g2 ) =
e2 . The degree conditions in Proposition 3.1.5 are also satised, since we have
deg(g12 ) = deg(0) = 0 < 1 and deg(g21 ) = deg(S) ≤ d − 2 = 2t − 1 < 2t.
2t
Hence, {(x , 0), (S, 1)} is a reduced Gröbner basis for K with respect to
deg(S) .
Denition 3.1.6 (Minimal Element)

Let M be a nonzero submodule of (k[x])2 . A minimal element of M with
respect to the monomial order r is a g ∈ M \{0} such that LT(g) is
minimal with respect to .
Proposition 3.1.7
Let M ⊆ (k[x])2 be a submodule and r a monomial order for (k[x])2 . Every
Gröbner basis for M with respect to r contains a minimal element of M with
respect to r . Furthermore, the minimal element is unique up to a nonzero
constant multiple.
Proof
A basis for hLT(M )i must contain the smallest element of hLT(M )i to be
able to generate everything. Since hLT(M )i = hLT(G)i for a Gröbner basis
G, then G must contain the minimal element. The uniqueness of the minimal
element follows from the denition of monomial orders.
In our case we have
LT((S, 1)) = e2 deg(S) x2t e1 = LT((x2t , 0)),

and, thus, (S, 1) is the minimal element with respect to deg(S) .
Proposition 3.1.8
Let g = (Ω, Λ) be a solution to the key equation, Equation (3.5), satisfying
the conditions in Theorem 3.1.1. Then g is a minimal element of K with
respect to −1 .
Proof
For an element g = (Ω, Λ) ∈ K we have deg(Λ) > deg(Ω) if and only if
u
LT−1 (g) = x e2 for some u.
Suppose thatg is not a minimal element. That is, there exists an element
h = (Ω, Λ) ∈ K such that LT(g) −1 LT(h). By Theorem 3.1.1 we have
68
deg(Ω) ≥ deg(Λ) since only g satises the degree conditions, and thus LT(h)
must be a multiple of e1 . Thus,
deg(Λ) > deg(Ω) ≥ deg(Λ). (3.7)
Both h and g satisfy the key equation,
Ω ≡ SΛ mod x2t ,
Ω ≡ SΛ mod x2t .
Multiplying the rst equation with Λ and the second with Λ and subtracting
yields the congruence relation
ΛΩ ≡ ΛΩ mod x2t . (3.8)
Since
deg(Ω) < deg(Λ) ≤ t
and, thus, also deg(Ω) < t by Equation (3.7), we have a contradiction, since
we have deg(Λ) > deg(Λ), and, thus, the left hand side of Equation (3.8) has
a degree strictly less than that on the right hand side. Hence, g must be the
minimal element of K .
2t
Let us sum up what we have found out. We know that the set {(S, 1), (x , 0)}
2t
is a Gröbner basis of K = {(Ω, Λ)|Ω ≡ ΛS mod x } with respect to the
deg(S) order. Proposition 3.1.8 says that a solution of the key equation is
a minimal element of K with respect to the −1 order. If we consider the
monomial order −1 and calculate a Gröbner basis with respect to this, then
Proposition 3.1.7 guaranties that the minimal element always appear in the
Gröbner basis. Thus, we can calculate a solution of the key equation by
doing this.
Example 3.1.9
Consider the code C over F9 generated by
g(x) = (x − a)(x − a2 )(x − a3 )(x − a4 )

= (−a + 1) − x + (−a + 1)x2 + (a + 1)x3 + x4
with d=5 and t = 2. We send the codeword
c = (−a + 1)x − x2 + (−a + 1)x3 + (a + 1)x4 + x5 .
69
Suppose errors occur in the transmission of c such that we receive the word
y = c + e = −1 + (−a + 1)x − x2 + (−a + 1)x3 + (a + 1)x4 .

Note that e = −1 − x5 . We construct the syndrome polynomial.
>ring R=(3,a),x,(lp,c);
>minpoly=a2+a+2;
>poly y=-1+(-a+1)*x-x2+(-a+1)*x3+(a+1)*x4;
>poly s0=subst(y,x,a);
>poly s1=subst(y,x,a2);
>poly s=s0+s1*x+s2*x2+s3*x3;s;
(-a+1)*x2+(a+1)*x+(a-1)
We then dene the Gröbner basis for K with respect to deg(s) .
>vector g1=[x4,0];
>vector g2=[s,1];
>module K=g1,g2;
We want to nd the Gröbner basis with respect to TOP .
>option(redSB);
>module G=std(K);
>print(G);
-x+(a), x2+(-a)*x-1,
x2+(a)*x+(-a-1),(a-1)
>G[1]<G[2]
1
So we have found the Gröbner basis

−x + a x2 + ax − a − 1
G= 2 ,
x − ax − 1 a−1
and we have found the minimal element to be (−x+a, x2 +ax−a−1). Thus,
we have
(Ω, Λ) = (−x + a, x2 + ax − a − 1).
70
>poly omega=-x+a;
>poly lambda=x2+a*x-a-1;
By using Λ we can nd the error locations.
>subst(lambda,x,a);
1
>subst(lambda,x,a2);
(a)
0
(a)
(-a-1)
-1
-1
0
>1/a3,1/a8;
(-a) 1
>a1,a2,a3,a4,a5,a6,a7,a8;
(a) (-a+1) -1 (-a) (a-1) (a+1) 1
We see that we have errors in the coecients of x0 and x5 .
An alternative method for calculating a Gröbner basis for K with respect to

−1 is to use an extension of a Gröbner basis conversion algorithm developed
by Faugère, Gianni, Lazard, and Mora called the FGLM algorithm, which
can be found in [Cox et al., 2005, Section 2.3]. We will present a generalized
FGLM algorithm that takes a Gröbner basis G1 for some submodule M ⊆
(Fq [x])l with respect to some monomial order 0 , and where M has a nite
footprint, which is the set of monomials in the complement of hLT(M )i, and
gives a reduced Gröbner basis G2 with respect to some other monomial order
. We will use the algorithm found in [Fitzpatrick, 1997], but we will change
it to make it t to our situation. For our use we have G1 = G, G2 = Glex and
the monomial orders 0 =deg(S) and =−1 . Before giving the algorithm
we will need a few functions.
71
• order(S) puts the list S of terms into ascending order with respect to
.
• next(S) removes the rst term from the list S and returns its value.
• rem(g) gives the remainder of g on division by G1 with respect to 0 .

Algorithm 3.1.10
Input
G1 // Gröbner basis of M ⊆ (Fq [x])l with respect to 0 , where M has a nite
footprint
// monomial order
Output
G2 // reduced Gröbner basis of M ⊆ (Fq [x])l with respect to
LT // LT(G2 ) with respect to
FP // the footprint for M with respect to
Initialize
MON := order({ek , 1 ≤ k ≤ l})
G2 := {}
LT := {}
Loop
WHILE MON 6= {} DO
t := next(MON
P)
IF rem(t) = v∈FP fvP· rem(v), fv ∈ Fq THEN
G2 := G2 ∪ {t − v∈FP fv v}
LT := LT ∪ {t}
ELSE
FP := FP ∪ {t}
MON := MON ∪ {xt}
order(MON)
Proof
We will rst prove that the algorithm do terminate, and then prove that G2
l
is the reduced Gröbner basis of M ⊆ (Fq [x]) with respect to . Note that
the loop always start by removed a monomial from MON and, thereafter, we
either add a new monomial to MON and FP or we don't change the size of
either. Now, since the footprint of M is nite neither of the two cases can
happen innitely many times, and, thus, the algorithm must terminate.
P
We clearly have G2 ⊆ M , since for every element t− v∈FP fv v ∈ G2 we
72
have
!
X
rem t− fv v = 0, f ∈ Fq [x],
v∈FP
and it follows thathLT(G2 )i ⊆ hLT(M )i. We want to prove that hLT(M )i =

hLT(G2 )i with respect to , and, thus, show that G2 is a Gröbner basis for
M with respect to . Note that if G2 is a Gröbner basis, then FP is the
footprint of M with respect to and LT is the leading terms of the elements
of G2 by construction.
Let xα ek be any element not in FP. If ek ∈ LT, then clearly xα ek ∈ hLT(G2 )i.
β α
If ek ∈ FP, then consider the maximal term x ek ∈ FP of which x ek is a
γ α γ β
multiple. That is, there exists some x 6= 1 such that x ek = x (x ek )
β β
(α = γ + β ). This means that xx ek appeared in MON, but xx ek ∈ / FP,
α β α
such that x ek is a multiple of xx ek . Thus, x ek is always a multiple of some
α
element of LT, and, thus, and element of hLT(G2 )i. Clearly, if x ek ∈ FP,
α
then x ek is not divisible by any g i ∈ G2 by construction. It follows that FP
and hLT(G2 )i are disjoint sets, and their union cover everything. This means
that FP has the desired structure of a footprint. We now need to show that
α α
FP is not too big, in the sense that if some x ek is in hLT(M )i, then x ek
cannot be an element of FP.
Let g ∈ M , but suppose that there does not exist any g i ∈ G2 such that
LT(g i ) divides LT(g). This means that LT(g) must be in FP, since FP and
hLT(G2 )i are disjoint and cover everything. We can assume without loss of
generality that g is reduced modulo the elements of G2 . Since LT(g) ∈ FP,
LT(g) must have been added to FP at some point before we reached g k for
G2 . Thus
LT(g 1 ) ≤ · · · ≤ LT(g i ) ≤ LT(g) ≤ LT(g i+1 ) ≤ . . .

for some i. At the point when the algorithm considers LT(g) the other
monomials in g that is, the monomials of g − LT(g) must already have
been added to FP, since g is reduced. But it then follows that since g∈M
we have
0 = rem(g) = rem(LT(g)) + rem(g − LT(g)),

which means that the algorithm would add LT(g) to LT. This contradicts
our assumption, and LT(g i ) must divide LT(g) for some i, which means that
LT(g) ∈ hLT(G2 )i. hLT(G2 )i ⊇ hLT(M )i. It follows that
Thus, we also have
G2 is a Gröbner basis for M with respect to . Further, G2 is a reduced
Gröbner basis by construction, since every term of the elements of G2 are
reduced.
73
We will show how to use this algorithm in an easy example.
Example 3.1.11
Consider the module M = hg 1 , g 2 i ⊆ (k[x])2 , where
g 1 = (1, x + 1),
g 2 = (0, x2 )
is a Gröbner basis with respect to POT . We will use the FGLM extension
to nd a Gröbner basis for M with respect to TOP . First we set
MON := {e2 , e1 },
G2 := {},
LT := {},
since e1 POT e2 and MON is ordered in ascending order. We then take

t := e2 and consider rem(e2 ) = e2 . It follows that we add e2 to FP, and
:= {e2 },
FP
MON := {e1 , xe2 }.
We will show how we do these calculations in Singular.
>ring RP=2,x,(c,lp);
>vector g1=[1,x+1];
>vector g2=[0,x2];
>module G=g1,g2;
>reduce(gen(2),G);
[0,1]
>reduce(gen(1),G);
[0,x+1]
>reduce(x*gen(2),G);
[0,x]
>reduce(x*gen(1),G);
[0,x]
In Singular gen(1) = e1 and gen(2) = e2 . We see that we also need to add

e1 to FP, since rem(e1 ) = (x + 1)e2 , whereafter
:= {e2 , e1 },
FP
MON := {xe2 , xe1 }.
74
So now we have t := xe2 and rem(xe2 ) = xe2 = −e2 +(x+1)e2 = −rem(e2 )+

rem(e1 ), so we can write rem(xe2 ) as a linear combination of the monomials
in FP, which means that we add xe2 − (−e2 + e1 ) to G2 , and
G2 := {−e1 + (x + 1)e2 },
LT := {xe2 },
MON := {xe1 }.
We now consider t := xe1 and see that rem(xe1 ) = xe2 = rem(xe2 ), and,
thus, we have
G2 := {−e1 + (x + 1)e2 , (x − 1)e1 + e2 },

LT := {xe2 , xe1 },
MON := {},
which means that the algorithm terminates. To sum up, we have found

1 1+x
G2 = (3.9)
1+x 1
which is a reduced Gröbner basis with respect to TOP . To see that this is
correct, we will check this in Singular.
>ring RT=2,x,(lp,c);
>module G=imap(RP,G); //maps G from RP to G in RT
>option(redSB) //forces std to give a reduced Gröbner basis
>module G2=std(G);print(G2);
1, x+1,
x+1,1
This is the same as Equation (3.9).
In the nal chapter we will consider a method for decoding quasi-cyclic codes
by using their Gröbner basis representation. We will discuss some of the
weaknesses of this method, and show that if we choose a quasi-cyclic code
with one generator, where the generator is of a specic form, then this method
can work very well.
75
Chapter 4
Decoding of Quasi-Cyclic
Codes
In this chapter we consider a method of decoding quasi-cyclic codes by using

their Gröbner basis representation presented in Section 2.3. We will also
discuss this method's weakness, and, thus, consider the Restriction-1 codes
dened in Denition 2.3.9 on page 60, since our method works particulary
well with these. First we will consider the general case. This chapter is based
on [Lally, 2002] and [Lally, 2000, Chapter 6].
4.1 Decoding Quasi-Cyclic Codes
Let C ⊆ (R/I)l , where I = hxm − 1i, be a code of index l and length ml.
l
Let G̃ = {g 1 , . . . , g l } ⊆ R be a reduced Gröbner basis for the submodule
C˜ ⊆ R with respect to POT with the properties described in Theorem 2.3.5
l
on page 58. The mapping
φ : Rl → (R/I)l
given by φ(g) = g mod xm − 1 gives the corresponding Gröbner basis G for

C.
Suppose that gcd(m, q) = 1 and that gii 6= xm − 1 for every i = 1, . . . , l.
Let
v = (v1 , . . . , vl ) ∈ (R/I)l
be any information vector where deg(vi ) < m−deg(gii ), and let the codeword
c = (c1 , . . . , cl ) ∈ C be given by
c = v1 g 1 + · · · + vl g l
l
X
= (v1 g11 , v1 g12 + v2 g22 , . . . , vi gil ) mod xm − 1, (4.1)
i=1
76
4.1. DECODING QUASI-CYCLIC CODES
where modulo is done in every block. Suppose that c is transmitted through

a noisy channel resulting in a received word r = (r1 , . . . , rl ) ∈ (R/I)l con-
taining some errors,
r = c + e,
ri = ci + ei , 1 ≤ i ≤ l,
where e = (e1 , . . . , el ) ∈ (R/I)l is an error vector. Denote by d∗i , 1 ≤ i ≤ l

the BCH bound of the cyclic code generated by gii given in Theorem 2.2.6
on page 54,
d∗i = ]ConsecutiveRoots (gii ) + 1.
From Equation (4.1) we see that
c1 = v1 g11 mod xm − 1
is a codeword in the code generated by g11 . This means that we can decode
r1 correctly to c1 if
d∗1 − 1

w(e1 ) ≤ .
2
If g11 generates a Reed-Solomon code, then we can use the method described
in Chapter 3. After decoding c1 we can calculate the information polynomial
v1 = c1 /g11 . Now, consider
r2 = c2 + e2 = (v1 g12 + v2 g22 ) + e2 mod xm − 1
and dene
r20 = r2 − v1 g12 = v2 g22 + e2 mod xm − 1.
We can decode r20 to c02 = v2 g22 , which is a codeword in the code generated
by g22 , if
d∗2 − 1

w(e2 ) ≤ .
2
0 m
We can then calculate the codeword c2 = c2 + v1 g12 mod x − 1 and the
0
information polynomial v2 = c2 /g22 . We can recursively continue to decode
ci , 2 ≤ i ≤ l one at a time by dening
i−1
X
ri0 = ri − vj gji = vi gii + ei mod xm − 1,
j=1
77
Decoding of Quasi-Cyclic Codes
which we can decode to c0i if
d∗i − 1

w(ei ) ≤ ,
2
and we nd
i−1
X
ci = c0i + vj gji mod xm − 1
j=1
and
c0i
vi = .
gii
m
Note that if gii = x − 1 for any i, then we will simply have vi gii = 0
m
mod x − 1, which means that we can disregard the information polynomial
vi .
This decoding works well if the errors are spread out over the whole
received word, but it will fail if
d∗i − 1

w(ei ) >
2
for any i = 1, . . . , l, since we cannot calculate the rest of the codeword
ci , . . . , c l if this happens.
4.2 1-Generator Quasi-Cyclic Codes
In this section we will restrict ourself to quasi-cyclic codes generated by one

generator
g = (g1 , . . . , gl ) ⊆ (R/I)l .
In particular we will consider quasi-cyclic codes C with a 1-level Gröbner

basis as dened in Denition 2.3.7 on page 60. That is, we have a generator
of the form
g = (g1 , f1 g1 , . . . , fl−1 g1 ) ⊆ (R/I)l , fi ∈ R (4.2)
where g1 divides xm − 1 and deg(fi ) < m − deg(g1 ), 1 ≤ i ≤ l − 1, by

Theorem 2.3.5 on page 58. This basically means that that every entry in
78
4.2. 1-GENERATOR QUASI-CYCLIC CODES
g is a codeword in the cyclic code generated by g1 , or that every entry

generates a subcode of hg1 i. Let v be any information polynomial, where
deg(v) < m − deg(g1 ), such that the codeword c = (c1 , . . . , cl ) ∈ C is given
by
c = vg = (vg1 , vf1 g1 , . . . , vfl−1 g1 ) mod xm − 1.
The codeword c is transmitted and received as
r = c + e,
ri = ci + ei , 1 ≤ i ≤ l,
where e = (e1 , . . . , el ) ∈ (R/I)l is some error vector. The rst received

polynomial
r1 = c1 + e1 = vg1 + e1 mod xm − 1
can be decoded correctly to c1 if
d∗1 − 1

w(e1 ) ≤ .
2
If g1 generates a Reed-Solomon code, then we can use the method described
in Chapter 3 to decode r1 . Because of the structure of the generator in
Equation (4.2) we can use c1 to nd the rest of the codeword by the equation
ci = vfi−1 g1 = fi−1 c1 mod xm − 1, 2 ≤ i ≤ l.
It follows that this algorithm works very well if we have few errors in the rst
block. Even if all the other blocks are missing, we are still able to nd the
correct codeword c.
Note that since we can have gcd(fi , xm − 1) 6= 1 for some i, we cannot
be sure that hg1 i = hfi g1 i, which means that we might not be able to nd
v by decoding any ri other than r1 using the same decoder. This is not
very practical, since we would need a decoder for each block. Next we will
consider codes where this problem does not occur; that is, codes where we
can use the same decoder for every block.
We will now restrict ourself even further to consider Restriction-1 codes as

dened in Denition 2.3.9 on page 60. Thus, we have a generator for the
quasi-cyclic code C of the form
g = (f1 g, . . . , fl g) ∈ (R/I)l , fi ∈ R,
79
where g divides xm − 1, gcd(fi , xm − 1) = 1, and deg(fi ) < m − deg(g),

1 ≤ i ≤ l. Note that this means that gcd(fi g, xm − 1) = g , whereby it
follows that every fi g , 1 ≤ i ≤ l , generates the same cyclic code as g . From
Theorem 2.3.10 on page 60 we have a lower bound on the minimum distance
of C,
dmin ≥ ld∗ = l(]ConsecutiveRoots (g) + 1),
where d∗ is the BCH bound of hgi. Let v be any information polynomial,

where deg(v) < m − deg(fi g) for every i = 1, . . . , l , such that the codeword
c = (c1 , . . . , cl ) ∈ C is given by
c = vg = (vf1 g, vf2 g, . . . , vfl g) mod xm − 1.
The codeword c is transmitting and received as
r = c + e,
r i = ci + e i , 1 ≤ i ≤ l,
where e = (e1 , . . . , el ) ∈ (R/I)l is some error vector. This means that if we

can decode any
ri = ci + ei = vfi g + ei mod xm − 1
to the right codeword ci , which we can when
d∗i − 1

w(ei ) ≤ ,
2
then we can nd all the other blocks by the equation
cj = ci fi−1 fj mod xm − 1 (4.3)
for each j 6= i, 1 ≤ j ≤ l, since gcd(fi , xm − 1) = 1. If we decode any block

incorrectly, then this will result in

dmin − 1
d(c, r) > ,
2
and we will, thus, know that we made a mistake. This algorithm is very
eective if our received word contains a lot of errors, but where we have just
one block with few errors, and it is particically eective for erasures. We can
then use this block to decode the rest of the codeword. To end this chapter
80
4.2. 1-GENERATOR QUASI-CYCLIC CODES
we will give a more formal decoding algorithm for decoding Restriction-1

codes. The algorithm can correct at most
 d∗ −1 
 l 2 +l−1 
min
 dmin −1 
2
errors. Note that
d∗ − 1

l + l − 1 = lt + l − 1 = (t + 1)(l − 1) + t,
2
d∗ −1
where t= 2
, which means that in the worst-case scenario we have l−1
blocks with t+1 errors, but still one block with only t errors, which we can
correct.
Algorithm 4.2.1
Input
r = (r1 , . . . , rl )
g = (f1 g, . . . , fl g)
dmin
Output
c = (c1 , . . . , cl )
Initialize
c := (0, . . . , 0)
i := 1
Loop
WHILE i ≤ l DO
Decode ri as a cyclic codeword in hgi ⊆ R/I
0
IF ri decodes to ci THEN
c0j := c0i fi−1 fj mod xm − 1 for all 1 ≤ j 6= i ≤ l
c0 := (c01 , . . . , c0l )
0
IF d(c , r) ≤ b(dmin − 1)/2c THEN
c := c0 ELSE
i := i + 1
ELSE
i := i + 1
81
Note that when

 d∗ −1 
 l 2 +l−1 
w(e) ≤ min ,
 dmin −1 
2
we clearly also have
d∗ − 1

w(e) ≤ l + l − 1,
2
which we already noted means that we have at least one error polynomial ei
satisfying
d∗ − 1

w(ei ) ≤ , (4.4)
2
meaning that we can decode ri ci . Suppose

correctly to
∗
d −1
w(ei ) >
2
0
for any is decoded incorrectly to ci 6= ci . Then when
i = 1, . . . , l, and ri
0 0 0
we consider the complete codeword c = (c1 , . . . , cl ) ∈ C , constructed from
Equation (4.3), we will get

0 dmin − 1
d(c , r) > ,
2
since there exists a unique codeword c ∈ C , where d(c, r) ≤ b(dmin − 1)/2c.

Thus, the decoding was wrong and we set i := i + 1 in the algorithm and try
the next block. If
d∗ − 1

dmin − 1
l + l − 1 < w(e) ≤ ,
2 2
and we have at least one block satisfying Equation (4.4), then we can still
decode r from this block and Equation (4.3). So, in general we can decode
r to the correct c∈C if at least one block can be correctly decoded and if
the total number of errors is below b(dmin − 1)/2c.
82
Bibliography
[Cox et al., 2005] Cox, D., Little, J., and O'Shea, D. (2005). Using Algebraic
Geometry. Springer, second edition.
[Cox et al., 2007] Cox, D., Little, J., and O'Shea, D. (2007). Ideals, Vari-
eties, and Algorithms. Springer, third edition.
[Fitzpatrick, 1997] Fitzpatrick, P. (1997). Solving a multivariable congruence

by change of term order. J. Symbolic Computation, 24.
[Human and Pless, 2003] Human, W. C. and Pless, V. (2003). Fundamen-

tals of Error Correcting Codes. Cambridge.
[Justesen and Høholt, 2000] Justesen, J. and Høholt, T. (2000). A Course

in Error-Correcting Codes. European Mathematical Society.
[Lally, 2000] Lally, C. (2000).Application of the theory of Gröbner bases to

the study of quasicyclic codes. PhD thesis, National University of Ireland.
[Lally, 2002] Lally, K. (2002). Quasicyclic codes some practical issues.

ISIT, June 30-July 5, 2002.
[Lally and Fitzpatrick, 2001] Lally, K. and Fitzpatrick, P. (2001). Algebraic

structure of quasicyclic codes. Discrete Applied Mathematics, 111.
[Moro et al., 2007] Moro, E. M., Gómez, C. M., and Benito, D. R. (2007).
Bases de gröbner: Aplicaciones a la codicación algebraica. Technical
report.
83

Quasi-Cyclic Codes: Represented by Gröbner Bases

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Quasi-Cyclic Codes: Represented by Gröbner Bases

Uploaded by

Copyright:

Available Formats

Quasi-Cyclic Codes

Represented by Gröbner Bases

I Kapitel 1 vil vi introducere moduler and submoduler i en kommutativ ring

I Kapitel 2 vil vi betragte noget fundamental teori omkring lineære koder. Vi

En speciel klasse af cykliske koder vil blive betragtet i Kapitel 3, nemlig

I det sidste kapitel af dette speciale vil vi betragte dekodning af quasi-cykliske

This thesis is written by Thomas Hassing Skjærbæk on the MAT6-semester

This thesis is written in the main eld of Discrete Mathematics, and it is

Aalborg, 15th of June 2010.

Thomas Hassing Skjærbæk

1.2 Monomial Orders and Gröbner Bases for Modules . . . . . . . 20

1.3 Syzygy Modules . . . . . . . . . . . . . . . . . . . . . . . . . . 43

2.1 Linear Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

2.2 Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

2.3 Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . 54

3.1 Reed-Solomon Decoding . . . . . . . . . . . . . . . . . . . . . 62

4 Decoding of Quasi-Cyclic Codes 76

4.1 Decoding Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . . 76

4.2 1-Generator Quasi-Cyclic Codes . . . . . . . . . . . . . . . . . 78

In Chapter 1 we will introduce modules and submodules of a commuta-

In Chapter 2 we will consider some basic theory about linear codes. We

In the last chapter of this thesis we will consider decoding of quasi-cyclic

In this chapter we will introduce modules and submodules over a commuta-

We will begin with the formal denition of a module over a commutative

Denition 1.1.1 (Modules)

(i) M is an abelian group under addition; that is, addition in M is

(ii) For all a∈R and all f, g ∈ M we have a(f + g) = af + ag ,

(iii) For all a, b ∈ R and all f ∈M we have (a + b)f = af + bf ,

(iv) For all a, b ∈ R and all f ∈M we have (ab)f = a(bf ),

(v) If 1 is the multiplicative unity in R, then 1f = f for all f ∈ M.

where ai , bi , c ∈ R, 1 ≤ i ≤ m. Just like we can construct ideals of a ring

Denition 1.1.2 (Submodules)

As an example of a submodule of Rm let f 1 , . . . , f s be a set of m×1 matrices.

of all possible R-linear combinations of these m×1 matrices is a sub-

with ai ∈ R , where nitely many ai 6= 0, and f i ∈ F . To P

where aai + bi ∈ R. Thus, af + g ∈ N and N is a submodule of M by

be an R-module, and consider the 1 × 3 matrix A = [x y z]. Then it is seen

and note that if g1 , g2 , g3 are all nonzero, then it follows that

The generating set {f 1 , f 2 , f 3 } is minimal in the sense that M 6= hf i , f j i,

Modules over R is closely related to ideals in R. In fact, ideals are just

then hf ∈ M , since this just correspondent to scalar multiplication, which

Denition 1.1.5 (A Basis)

Modules that do have a module basis are given a special name.

Denition 1.1.7 (Free Module)

In general, it can be dicult to determine whether a submodule of Rm is

Theorem 1.1.8 (Quillen-Suslin)

We now consider homogeneous R-linear equations of the form

Now, multiply the rst equation by c and add it to the second,

We can represent a submodule M = hf 1 , . . . , f t i ⊆ Rt with a so-called pre-

generate Syz(f 1 , . . . , f t ), then a presentation matrix for M is

We can use Singular to calculate the syzygy module Syz(f 1 , f 2 , f 3 ) ⊆ R3 .

Thus, we have the linear equation

We also need to dene the quotient of a module.

Denition 1.1.11 (The Quotient of M by N )

denote the set of all elements of M equivalent to f , called an equivalent

M/N = {[f ]|f ∈ M }.

Operations in M/N are dened as

where f , g ∈ M/N and a ∈ R.

The quotient of M by N is an R-module

g 0 ∈ [g]. Then f 0 = f + f̃ and g 0 = g + g̃ for some f̃ , g̃ ∈ N . Since

f 0 + g 0 = (f + f̃ ) + (g + g̃) = (f + g) + (f̃ + g̃),

where f̃ + g̃ ∈ N , we have [f 0 + g 0 ] = [f + g]. Now, let a ∈ R. Then

a[f ] + [g] = [af + g],

This thesis is written in the main eld of Discrete Mathematics, and it is

We will begin with the formal denition of a module over a commutative

Denition 1.1.1 (Modules)

Denition 1.1.2 (Submodules)

with ai ∈ R , where nitely many ai 6= 0, and f i ∈ F . To P

Denition 1.1.5 (A Basis)

Denition 1.1.7 (Free Module)

In general, it can be dicult to determine whether a submodule of Rm is

Now, multiply the rst equation by c and add it to the second,

We also need to dene the quotient of a module.

Denition 1.1.11 (The Quotient of M by N )

Operations in M/N are dened as

It is natural to dene mappings that preserve some given structures, and we

Denition 1.1.12 (R-module Homomorphism)

where ci ∈ k , ci 6= 0, and is called a coecient. Every element ci m i of the

m/n = xα /xβ = xα−β ∈ R. We dene the least common multiple of m

Denition 1.2.2 (Monomial Submodules)

α(1), . . . , α(s) ∈ A ⊆ Nn0 . That is, I can be nitely generated.

By the induction hypothesis, every Jl has a nite generating set, say, Jl =

To nish the proof, we switch back to using the variables x1 , . . . , xn , such

(ii). Every monomial submodule of Rm is generated by a nite set of mono-

(iii). Every innite ascending chain M1 ⊆ M2 ⊆ . . . of monomial submodules

generate M , it follows that M can be generated by a nite set of monomials.

Hence, an innite ascending chain of submodules will stabilize.

σij = (mij /mi )i − (mij /mj )j .

Denition 1.2.6 (Monomial Ordering)

(i). for every pair of monomials m, n ∈ Rm with m n, we have

(ii). is a well-ordering; that is, every nonempty subset has a smallest

We will consider two dierent families of monomial orders on Rm here that

Denition 1.2.7 (Lexicographic Order for x1 > · · · > xn (lex ))

Denition 1.2.8 (Monomial Orderings on Rm with e1 > e2 > . . . )

(i). (TOP extension of R TOP ) We say that xα ei TOP xβ ej if

(ii). (POT extension of R POT ) We say that xα ei POT xβ ej if

xα ei POT xβ ej whenever i < j , which is the same situation as that just

Now consider TOP ,

With a monomial ordering in place we can extend the denitions of the

where p is dened as in the algorithm, by using the Division Algorithm, we

We will use the POT order and divide f with (f 1 , f 2 ).