On skew polynomial codes and lattices from quotients of cyclic division algebras

We propose a variation of Construction A of lattices from linear codes defined using the quotient $\Lambda/\mathfrak p\Lambda$ of some order $\Lambda$ inside a cyclic division $F$-algebra, for $\mathfrak p$ a prime ideal of a number field $F$. To obtain codes over this quotient, we first give an isomorphism between $\Lambda/\mathfrak p\Lambda$ and a ring of skew polynomials. We then discuss definitions and basic properties of skew polynomial codes, which are needed for Construction A, but also explore further properties of the dual of such codes. We conclude by providing an application to space-time coding, which is the original motivation to consider cyclic division $F$-algebras as a starting point for this variation of Construction A.


Introduction
Connections between Euclidean lattices and linear codes over finite alphabets have been classically studied, through a series of constructions referred to as Constructions A,B,C,D or E [1]. Given the finite field F 2 , the original (binary) Construction A [2] considers the map ρ : Z N → F N 2 of reduction modulo 2 componentwise, for N some positive integer. If C is a binary linear code of length N , then ρ −1 (C) (or its normalized version 1 √ 2 ρ −1 (C)) is a lattice. A series of duality follows, such as a correspondence between the dual code C ⊥ of C and the dual lattice L * of L, self-dual codes and unimodular lattices, or between the weight enumerator of the code C and the theta series of the lattice L. Construction A has been generalized in many ways, including, for citing a few examples, to: (1) cyclotomic fields Q(ζ p ) [3], where ζ p is a primitive pth root of unity, and p is prime, in which case ρ becomes the componentwise reduction modulo the prime ideal (1−ζ p ) of a vector with coefficients in the ring of integers Z[ζ p ], (2) to quadratic and imaginary fields and totally definite quaternion algebras over Q as a way to construct modular lattices in [4], (3) to the construction of unimodular lattices using quaternary quadratic residue codes [5].
Construction A is also of interest from a communication point of view, since it provides a concrete way of doing coset coding [2], an encoding technique which is very useful to encode lattices, since it provides a natural way of mapping elements from finite alphabets (codewords) to real or complex symbols (lattice points).
This paper addresses a variation of Construction A in the context of division algebras, and cyclic division algebras over a cyclic number field extension K/F in particular. Denote by O F and O K their respective rings of integers, and by σ the generator of the Galois group of K/F . Instead of using as a starting point the quotient of a number field by an ideal (as in [3] for example), we consider a specific O F -order Λ in a cyclic division F -algebra, and the quotient Λ/pΛ for p a prime ideal of O F .
As shown in Section 2, the quotient Λ/pΛ turns out to be isomorphic to the ring of skew polynomials (O K /pO K )[x; σ]/(x n − u), where u is determined by the choice of the cyclic division F -algebra. To mimic the steps involved in Construction A, we next consider the problem of designing codes over (O K /pO K )[x; σ]/(x n − u) in Section 3, where a variation of Construction A is given. Let F q denote the finite field with q elements, q a prime power. Codes over the skew polynomial ring F q [x; σ]/(f (x)), for (f (x)) a two sided ideal of F q [x; σ], were introduced in [6] and furthermore studied in the context of cyclic codes in [7]. A generalization to Galois rings was obtained in [8]. We propose some basic definitions and properties of codes over the skew polynomial ring (O K /pO K )[x; σ]/(x n − u), by taking inspiration from [8] and generalizing some of the known results for the ring F q [x; σ]/(x n − u). We note that our results could be easily generalized to the case (O K /pO K )[x; σ]/(f (x)), which is not done in this paper because of our focus on cyclic division algebras.
Once equipped with suitable definitions for skew polynomial codes over the ring , it is natural to wonder about the dual of such codes. This is studied in Section 4.
We conclude by going back to the original motivation to consider this variation of Construction A over a cyclic division F -algebra, namely its application to spacetime coding, or more precisely, to derive a way to perform coset encoding, as detailed in Section 5.

Quotients of Cyclic Division Algebras
Let K/F be a number field extension of degree n with cyclic Galois group σ , and respective rings of integers O K and O F . Consider the cyclic F -algebra A defined by K ⊕ Ke ⊕ · · · Ke n−1 where e n = u ∈ F , and ek = σ(k)e for k ∈ K. We assume that u i , i = 0, . . . , n − 1, are not norms in K/F so that the algebra is division. For S a Noetherian integral domain with quotient field F , and A a finite dimensional F -algebra, an S-order in A is a subring Λ of A, having the same identity as A, and such that Λ is a finitely generated module over S and generates A as a linear space over F . An order Λ is called maximal if it is not properly contained in any other S-order. Then is an O F -order of A, which is typically not maximal. Let p be a prime ideal of O F so that pΛ is a two-sided ideal of Λ, and O F /pO F is the finite field F p f , where p is the prime number lying below p and f is the inertial degree of p above p. Since Λ is an O F -module, we have the following ring homomorphism : O F → Λ → Λ/pΛ and the image of p = pΛ ∩ O F obviously lies in pΛ. Hence, it yields a ring homomorphism F p f = O F /p → Λ/pΛ, which means that Λ/pΛ is an F p f -algebra.
From [9], we have the following F p f -algebra isomorphism : where e(k + pO K ) = (σ(k) + pO K )e for all k ∈ O K and e n = u + p. Indeed, since p is a prime ideal of O F and σ |F = Id F , we have σ(pO K ) ⊂ pO K , which means that σ can be factorized as a ring homomorphism by the natural projection π : O K → O K /pO K : more explicitely, there exists a ring homomorphism σ : By a slight abuse of notation, we keep the notation σ for the map σ.
Since O K is a Dedekind domain, pO K = p e1 1 p e2 2 · · · p eg g with p i a prime ideal of O K and e i ≥ 0 for i = 1, . . . , g.
In the particular case where p is inert in K/F , pO K is a prime ideal of O K . Then the finite ring O K /pO K is an integral domain, so it is the finite field F p nf . The induced ring homomorphism σ : Given a ring S with a group G = σ acting on it, the skew polynomial ring S[x; σ] is the set of all polynomials s 0 + s 1 x + . . . + s m x m , s i ∈ S, m ≥ 0 with multiplication twisted by the relation xs = σ(s)x for all s ∈ S.
We will consider the skew polynomial ring (O K /pO K )[x; σ]. Note that since u ∈ F , x n − u belongs to the center of (O K /pO K )[x; σ] and the ideal (x n − u) is two-sided.
Lemma 2.1. There is an F p f -algebra isomorphism between Λ/pΛ and the quotient of (O K /pO K )[x; σ] by the two-sided ideal generated by x n − u.
Proof. We define the map ϕ : Using the isomorphism given above and in [9], it is easily seen that ϕ is a surjective F p f -algebra homomorphism. Moreover, the kernel of ϕ is the two-sided ideal of (O K /pO K )[x; σ] generated by x n − u. Indeed, it is easily seen that x n − u lies in ker(ϕ). Conversely, let f (x) ∈ ker(ϕ). We write Then f (e) = 0 in Λ/pΛ. The ring (O K /pO K )[x; σ] is not always right or left Euclidean, as it would be if O K /pO K were a finite field. However, since x n − u is a monic polynomial (or more precisely since its leading coefficient is a unit in O K /pO K ), we can still perform the long division algorithm: indeed, if m ≥ n, we may perform a right division of f (x) by x n − u as follows. Note that the polynomial has degree smaller than that of f . This procedure of subtracting left multiple of x n − u can be repeated until we obtain a polynomial of degree smaller than n, thus, there exist some polynomials g(x) and h(x) such that where h(x) has degree ≤ n − 1. Hence, f (e) = 0 is equivalent to h(e) = 0. Yet, 0 = h(e) = r 0 + r 1 e + · · · + r n−1 e n−1 in Λ/pΛ ≃ (O K /pO K ) ⊕ (O K /pO K )e ⊕ · · · ⊕ (O K /pO K )e n−1 . Therefore, r 0 = r 1 = · · · = r n−1 = 0 and h(x) = 0. We conclude that f (x) is a (left) multiple of x n − u. Consequently, ker(ϕ) = (x n − u) and we get the desired isomorphism.
This lemma generalizes the isomorphism of [10, Lemma 1] for p inert. Denote by ψ the inverse isomorphism of the one given in Lemma 2.1: Let I be a left ideal of Λ. Assume that I∩O F ⊃ p. Then I/pΛ is an ideal of Λ/pΛ. In the sequel, we will study the left ideal ψ(I/pΛ) of (O K /pO K )[x; σ]/(x n − u).

Skew-Polynomial Codes and a Variation of Construction A
Classical cyclic codes over the finite field F q are ideals of the polynomial ring F q [x]/(x n − 1). Since this is a principal ideal domain, every ideal has a generator polynomial, which in turn defines a cyclic code, and codewords are then multiples of this generator polynomial. In [6], the definition of codes over polynomial rings was extended to that of codes over the skew-polynomial rings F q [x; σ]. We are interested here in codes over the skew-polynomial rings (O K /pO K )[x; σ]/(x n − u).

Division in Skew-Polynomial Rings. A first major difference between
is, as noted in the proof of Lemma 2.1, that the skew polynomial ring (O K /pO K )[x; σ] is not in general right or left Euclidean anymore. However, this can be sorted out, using the same technique as that explained in [8], which was also used for the proof of Lemma 2.1.
t i x i be two polynomials of respective degree m and l, with coefficients in (O K /pO K ). Suppose that t l is invertible and m > l, then a right (respectively left) division of f (x) by g(x) is obtained as follows: consider the polynomial Since σ is an automorphism, Similarly, we have x m−l have degree < m. Therefore this procedure can be iterated, to find polynomials q(x), r(x) such that We next discuss the unicity of the remainder of this division. Suppose is not zero, then the degree of (q 1 (x) − q 2 (x))g(x) is greater than deg(g(x)), while the degree of r 2 (x) − r 1 (x) is less than deg(g(x)), therefore q 1 (x) = q 2 (x) and r 1 (x) = r 2 (x). The proof for left division is done similarly.

Principal Ideals and Codes.
Thanks to the unicity of the remainder, the skew polynomials of degree less than n are canonical representatives of the elements by skew polynomials of degree k = n − deg(g(x)) are canonical representatives of the elements of (g(x))/(x n − u).
). By the correspondence theorem for rings, ( . Since skew polynomials of degree less than n are canonical representatives, the elements of the ideal (g(x))/(x n −u) are left multiples of g(x) by skew polynomials of degree less than k = n − deg g(x).
It forms a code of length n and of dimension k = n − deg g(x) over O K /pO K , consisting of codewords a = (a 0 , a 1 , . . . , a n−1 ) that are coefficient tuples of the left multiples a(x) = a 0 + a 1 x + . . . + a n−1 x n−1 of g(x). This code is called a σ-constacyclic code.
is then an O K /pO K -module and by taking the quotient by the monic skew-polynomial to conclude.
Let us comment on the proposed definition of σ-constacyclic code.
(1) We could also use the terminology central σ-code proposed in [6] since x n −u lies in the center of (O K /pO K )[x; σ]. (2) A cyclic code would correspond to the case u = 1.
(3) This definition could be made more general by considering another suitable polynomial than x n − u, which would yield a complete generalization of the definition of σ-code proposed in [6]. This is not done here, simply because the polynomial is given by the cyclic algebra structure, but this could be an interesting research direction of its own. (4) Finally, we may (and do) restrict our study of σ-constacyclic codes to right divisors g(x) of x n − u that are monic : indeed, if g(x) has leading coefficient a, it is necessarily invertible (since g(x) is a divisor of x n − u) and the constacyclic codes derived from g(x) and a −1 g(x) are equal.
The next result describes a parity check polynomial.
Furthermore, let C be the code generated by g(x). Let a ∈ (O K /pO K ) n and let a(x) be its corresponding polynomial. Then a is a codeword of C if and only if Proof. Since x n − u is central, and The first claim follows from the fact that h(x) is monic and thus not a zero divisor.
If a ∈ C then a(x) = b(x)g(x) and using the first claim Since h(x) is monic and thus not a zero divisor, a(x) = b(x)g(x) as needed.

A Construction A.
Using the isomorphism ψ defined in Section 2, for every left ideal I of Λ, we consider the σ-code C = ψ(I/pΛ) over F q . A lattice of dimension N is here a discrete additive subgroup of R N of rank N as a Z-module.
We set the map : compositum of the canonical projection Λ → Λ/pΛ with ψ. Then From this point of view, the above construction may be interpreted as a variation of Construction A [1], which consists of obtaining a lattice from a linear code over a finite field (ring), as shortly described in the introduction. This is also a generalization of the lattice construction of [11], defined over number fields.

Dual Codes and Lattices
Having defined constacyclic codes over (O K /pO K )[x; σ]/(x n − u), it is natural to wonder about the dual of such codes.

Dual Codes.
We consider the following Euclidean scalar product in (O K /pO K ) n : An (n, k) code C is said to be Euclidean self-dual if C is equal to its Euclidean dual.
It is probably helpful to recall how the generator polynomial of a cyclic code over a finite field is computed. Take h(x) its parity check polynomial, with degree d and constant term h 0 , and compute h −1 0 x d h(x −1 ). The procedure in the case of interest here is somewhat similar, except for one difficulty: we need to give a meaning to h(x −1 ) in the non-commutative case, which is classically done through localization (as also done in [8]). It is known [12,Thm II.2.4] that given a ring R, if S ⊂ R is a right Ore set, then there is a ring RS −1 of right fractions and an injective ring homomorphism R → RS −1 such that (a) the image of every element r ∈ R is invertible in RS −1 , and (b) every element of RS −1 can be written as a product rs −1 .
Proposition 2. Consider the ring (O K /pO K )[x; σ] as above, and take S to be S = {x i , i ≥ 0}. Then S is a right Ore set, and the right localization Proof. By definition of Ore set [12, Def. II.2.3], we need to check the following three conditions: (1) S is closed under multiplication, and 1 ∈ S.
(2) For any s ∈ S, s is not a left or right zero divisor.
(3) Right Ore condition: for all r ∈ R and s ∈ S, there exist r 1 ∈ R and s 1 ∈ S such that sr 1 = rs 1 . Take s = x i ∈ S for some i, and r = r(x) = d l=0 r l x l ∈ O K /pO K [x; σ]. We need to show that there exists r 1 = r 1 (x) such that x i r 1 (x) = r(x)x j for some x j . Pick j ≥ i and r 1 (x) = d l=0 σ −i (r l )x j+l−i . Then Next, consider the map We have, assuming without loss of generality that t ≥ d and a d+1 = . . . = a t = 0, that It follows that θ is an anti-isomorphism of rings.
Based on the above proposition, it is now possible to extend the computation of the generator polynomial from the commutative to the non-commutative case. Recall that we may assume the generator polynomial g(x) to be monic, without loss of generality.
Proposition 3. Consider a code with generator g(x) and parity check polynomial Suppose that u 2 = 1. The Euclidean dual g ⊥ (x)/(x n −u) of the σ-constacyclic code (g(x))/(x n −u) is a σ-constacyclic code whose generator polynomial is given by or equivalently by the monic polynomial −ug ⊥ (x).
Proof. To show that g ⊥ (x)/(x n − u) is a σ-constacyclic code, we need to show that g ⊥ (x) is a right divisor of x n − u. We know that g(x) is, namely there exists a polynomial h(x) such that Then, using the anti-isomorphism θ : x −i a i of the previous proposition: since u 2 = 1. Therefore x k θ(h(x)) is a left divisor of x n − u, and By the first part of Proposition 1, x k θ(h(x)) is also a right divisor of x n − u. Now that we have shown that g ⊥ (x) is indeed a σ-constacyclic code, we are left to show that it is the dual of C.
Let a(x) = n−1 i=0 a i x i be the polynomial corresponding to the codeword a = (a 0 , a 1 , . . . , a n−1 ). Then we denote, for any 0 ≤ l ≤ n − k − 1, by d l (x) the polynomial x l g ⊥ (x), which corresponds to the codeword : Hence, a is orthogonal to the n − k vectors d l (0 ≤ l ≤ n − k − 1): indeed, note that which turns out to be the coefficient of Moreover, since a ∈ C, by Proposition 1, we have a(x)h(x) = 0 modulo x n − u, implying that the coefficients of x k+l , l = 0, . . . , n − k − 1, are equal to zero. This proves the orthogonality of d l with respect to a. Therefore, the O K /pO K -module generated by the codewords d l (0 ≤ l ≤ n−k−1) is contained in C ⊥ .
We We remark that in our context of cyclic division F -algebras, u is restricted to F , therefore the polynomial x n − u ∈ (O K /pO K )[x; σ] actually has a constant term u which belongs to O F /pO F . Therefore the condition u 2 = 1 means that u is of order 2 in a finite field, that is u = ±1. This is however not the case more generally.
Finally we provide another example of self-dual code.

Lattices from Dual Codes. Recall the proposed variation of Construction
A. Given the map compositum of the canonical projection Λ → Λ/pΛ with ψ, we obtained a lattice L given by L = ρ −1 (C) = I. Now let C ⊥ be the dual of C. Then is also a lattice.

Application to Space-time Codes
We conclude by discussing our motivation to look at the question of defining a variation of Construction A over a cyclic division F -algebra, which comes from space-time coding.
5.1. Space-Time Coding. Cyclic division algebras are by now classically used to design space-time codes [13,14]. Unlike in classical coding theory where codewords are typically vectors with coefficients over finite fields (or finite rings), in the context of space-time coding, codewords are matrices with coefficients coming from number fields, and matrix codewords are obtained as follows. To make the notation easier, we assume for the rest of this section that u ∈ O F . To any element a = a 0 + a 1 e + · · · + a n−1 e n−1 of Λ, we can associate a matrix in Mat n (O K ) (since u ∈ O F ) by : uσ(a n−1 ) uσ 2 (a n−2 ) · · · uσ n−1 (a 1 ) a 1 σ(a 0 ) uσ 2 (a n−1 ) · · · uσ n−1 (a 2 ) . . . . . . . . . . . . . . .
. . . . . . . . . uσ n−1 (a n−1 ) a n−1 σ(a n−2 ) σ 2 (a n−3 ) · · · σ n−1 (a 0 ) is an O K -algebra injective homomorphism. A space-time code is thus given by {M (a), a ∈ Λ}. The condition that the F -algebra is division is critical, it fulfills one design criterion for space-time codes, namely that det(M (a) − M (a ′ )) = 0, a = a ′ . We illustrate this by continuing Example 1. Hence, and we obtain the space-time code Note that I = ρ −1 (C) is a real lattice with rank 4.

Coset Coding.
Let now v = (v 1 , . . . , v n ) be an information vector containing the data to be transmitted, which should be mapped to a lattice point in L, where L is used as a lattice code. Mapping a vector with coefficients in a finite ring to a lattice point is not an easy task, and can be facilitated by the use of Construction A. The lattice L = ρ −1 (C) = IΛ may by construction be written as a union of cosets of pΛ, where each coset representative may be chosen to be a codeword in the code C. Namely, if g(x) is a right divisor of x n − u and if a σ-constacyclic code C = (g(x))/(x n − u) ⊂ (O K /pO K )[x; σ]/(x n − u) has dimension k = n − deg(g), since there is an isomorphism I/pΛ ∼ = C.
This allows us to associate in a unique way a coset of pΛ to a codeword. The mapping from v to a point in L may be done by attributing some information coefficients v 1 , . . . , v k to be encoded using the code C, and the rest of the information coefficients to be mapped to a point in the lattice pΛ. This simplifies the encoding in the cases where pΛ is a lattice "easier" to label than L, which happens in the original Construction A where this lattice turns out to be a scaled version of Z n , but also in many cases where p gives rise to a lattice isomorphic to Z n (or another lattice whose points are easy to label). Irrespectively of the lattice obtained from pΛ, coset encoding is necessary in the context of wiretap codes. In a wiretap context, a code should not only provide reliability between a transmitter and a receiver, but also ensure confidentiality, should an eavesdropper try to intercept the message. To protect from wiretapping, information symbols are mapped to a codeword in C, while random symbols are picked uniformly at random in the lattice pΛ to create confusion at the eavesdropper. Wiretap space-time codes have been studied in [15], where coset encoding of spacetime codes is assumed. However, no concrete way to do so was proposed. The construction of the lattice L = ρ −1 (C) = I as presented in this work thus enables coset encoding for wiretap space-time codes.

Future Work
In this paper, we presented a construction of lattices from constacyclic codes over skew-polynomials, which can be interpreted as a variation of the well known Construction A of lattices from linear codes. The starting point was the quotient Λ/pΛ of a given order Λ from a cyclic division F -algebra, which is motivated by applications of such algebras to space-time coding. Natural future research directions include: • To continue the study of constacyclic codes over (O K /pO K )[x; σ]/(x n − u), in particular by replacing the polynomial x n − u with a more general polynomial f (x). This may include looking at the characterization of self-dual codes. One could alternatively consider duality with respect to a Hermitian inner product. • Linking the properties of the constacyclic code C to that of the lattice L = ρ −1 (C): there are standard duality results for the classical Construction A, relating the dual lattice of L * with L ′ , or the weight enumerator of the code with the theta series of the lattice, which have not yet been considered.
This leads to further properties of lattices that could be explored, such as extremality and modularity. • Design of wiretap space-time codes: this consists of choosing the cyclic division F -algebra A, the corresponding two-sided ideal I and constacyclic code C, to optimize the confusion at the eavesdropper.