How is it made?

Global Positioning System (GPS)

Joseph Khoury
June 14, 2011
Abstract
Recently, after a family trip, a friend of mine decided to go back to use his old paper map in his trav-
els and to put his GPS receiver to rest for ever. This came after a series of deceptions by this little device
with the annoying automated voice and the 4
"
screen and the constantly lost signal, his words not mine.
The latest of these deceptions was a trip from Ottawa to Niagara Falls which took a turn in the US. Ad-
mittedly, such a turn is normal especially if the GPS is programmed to take the shortest distance, except
that my friends family did not have passports on themthat day.
Let us face it, if you have a GPS, you must have experienced some set backs here and there. But the
times when the trip went smoothly without any wrong turn, you must have deep down appreciated the
magic and ingenuity that transforms a little device into a holding hand that takes you from point A to
point B, sometimes thousands of kilometers apart. It is indeed a "scary" thing to have someone watch-
ing your every move fromsomewhere "very high".
Next time you plan a trip, read this note before and use your time on the road to try to reveal to your
co-travelers (with as little mathematics as possible) the magic behind this technology. It works every
time I want to put my kids to sleep on a long trip.
1 A bit of History
The idea of locating ones position on the surface of the planet goes back deep in human history. Ancient
civilizations like the Greek, Persian and Arab were able to develop navigational tools (like the Astrolabe)
to locate the position of ships in high seas. But let us not go that deep in History, after all we are talking
about a very recent technology.
The following are the main highlights in the history of the Global Positioning System:
The story started n 1957 when the Soviet Union launched its satellite named Sputnik. Just days
1
after the launching of Sputnik, two American scientists were able track its orbit simply by recording
changes in the satellite radio frequency.
In the 1960s, the American Navy designed a navigation system for its submarines eet consisting of
10 satellites. At that time, the signal reception was very slow taking up to several hours to pick up a
satellite signal. Great efforts were made to improve signal reception.
Inthe early 1970s, engineers IvanGetting and BradfordParkinson led a Defense Department project
to provide continuous navigation information, leading to the development of GPS (formally known
as NAVSTAR GPS) in 1973.
Year 1978 marked the launching of the rst GPS satellite by the US military.
In 1980, the military activates atomic clocks onboard of GPS satellites.
Year 1983 was a turning point in the development of the GPS system to a new one that we use today,
but it came with a very high cost. Soviet ghters jets shot down a civilian airplane of the Korean
Airline (Flight 007) after it had gone lost over Soviet territory, killing all 269 on board.. The tragedy
prompted US President Ronald Reagan to declassify the GPS project and cleared the way to allow
the civilian use of the GPS system.
After many setbacks and delays over a decade, full operational capability with 24 GPS satellites in
orbit was announced in 1995.
In 2000, Selective Availability is phased out four years after the executive order issued by U.S. Pres-
ident Bill Clinton. Compared to the 100 meters accuracy previously allowed, civilians could now
achieve 10 15 meters accuracy. This created a boom in the GPS devices production industry.
In 2005, the GPS constellation consisted of 32 satellites, out of which 24 are operational and 8 are
ready to take over in case of others fail.
Continuous efforts are always underway to launch new and improved satellites for both military
and civilian uses.
2 The GPS constellation
As explained above, the GPS system is a constellation of satellites out of which 24 are operational at all
times and others operate as backups in case of failures. These satellites are distributed in six inclined
orbital planes making an angle of 55 degree with the plane of the horizontal plane of the equator and
each orbit contains (at least) four operational satellites. Each satellite orbits the Earth almost twice every
24 hours at an altitude of approximately 20,200 km above the surface of the planet. As you can imagine,
there are many reasons for choosing the tilting angle of the orbital planes, the altitude of the satellites,
2
their speed and their apart on each orbit. One main reason is to ensure that no matter where you are on
the surface of the planet, there are at least four satellites in the range of your GPS receiver at any moment.
This is crucial for the system to work.
In case you are interested, each GPS satellite weighs approximately 908 kg and is about 5.2 m across with
the solar panels extended. Each satellite is built to last about 10 years and replacements are constantly
being built and launched into orbit.
3 Pinpointing your location
Your GPS receiver uses a relatively simple mathematical principle called Trilaterationto locate its position
at any time. We start by explaining this principle in the case of a "two dimensional" map.
3.1 Where amI on the map?
Imagine you are lost on campus, you are holding a campus map in your hand but it does not help much.
You ask someone on campus: "Where am I?" and the person answers "you are 500m away from the uni-
versity center" and he walks away. You locate the university center, labeled as UC on the campus map,
but that does help much since you could be anywhere on the circle C
1
centered at UC and of radius 500
m. You drawC
1
using the scaling of the campus map.
3
UC
You ask another person passing by the same question to which he answers: "you are 375m away from
the Math Department" and walks away. You locate the Math Department on the map, labeled as MD,
and you draw on your map the circle C
2
centered at MD and of radius 375 m. This new information will
signicantly narrowyour location to two possible points, namely the intersection points of circles C
1
and
C
2
.
MD UC
A
B
To know which of the two points A and B is your location, it sufces to draw a third circle that would
intersect the other two. You locate another building on your map, relatively close to UC and MD, say
the Faculty of Engineering, labeled as FE on the map. You ask a third person passing by: "How far am I
from the Faculty of Engineering?" and he answers "about 200 m". You then draw the circle C
3
on the map
centered at FE and of radius 200 m.
MD UC
A
B
FE
The point where the three circles meet determines your (relatively) exact location.
4
Of course, in order for this to work, you must be lucky enough to have people passing by giving you (rel-
atively) precise distances from various locations and to be able to somehow work the scale of the map to
draw(relatively) accurate circles. What is probably more important is the kind of question you should ask
the third person in order to endure that the third circle will somehow meet the other two at at exactly one
point.
3.2 Where amI on the surface of the Planet?
A GPS receiver works the same way except in three dimensions and the friendly people you asked to pin-
point your position on the campus map are replaced with satellites thousands of kilometers above the
surface of the Earth continually emitting signals with crucial data stored in them.
The GPS satellite signal is a digital signal similar to the "noise" you hear on the radio when you cannot
tune in the correct station. A civilian GPS signal contains three different parts:
Apseudo-random code, a sort of identication code that tells helps the receiver knowing which one
of which one of the active satellites is transmitting the signal;
An ephemeris data, which is the part of the signal that tells the receiver where the satellite should
be at any time throughout the day. It basically contains detailed information about the orbit of that
particular satellite only and the current date and time according to the (atomic) clock on board of
the satellite. This is vital for the operation of the GPS receiver.
An almanac data which informs the GPS receiver where each GPS satellite should be at any time.
Each satellite emits almanac data about its own orbit as well as other active satellite in the GPS
constellation.
3.2.1 Measuring the distance to a satellite
Now for the story of locating the position on the surface of the planet.
Signals transmitted by GPS satellites move at the speed of light (in a vacuum) and reach a GPS receiver
at slightly different times as some satellites are further away from the receiver than others. Once the re-
ceiver captures a signal, it immediately recognizes which satellite it is coming from, the start time (the
time at which the signal left the satellite according to the satellite clock) and the period of a cycle in the
captured signal. The receiver internal computer starts to "play" the same pseudo-random sequence of
that satellite (using an almanac data stored in the receiver memory) at the same time . The two signals
will not generally match and there will be some lag due to travel time dt taken by the satellite signal in
space to reach the receiver. By comparing how late the satellites pseudo-random code appears compared
to our receivers code, we can determine the time dt it took the signal to reach the receiver.
5
Does this seem to be a bit too technical? the next paragraph will try to explain the idea of the "time
lag" using a simple example.
Let us assume that a GPS satellite signal is just a "song" broadcasted by the satellite. Imagine that at 6:00
am, a GPS satellite begins to broadcast the song
"I see trees of green, red roses too, I see them bloom for me and you..."
in the form of a radio wave to Earth. At the same time (6:00pm), a GPS receiver starts playing the same
song. After traveling thousands of kilometers in space, the radio wave arrives at the receiver but with a
certain delay in the words. At the time of signal reception, if you are holding the receiver in your hand, you
will hear twoversions of the song at the same time: the receiver versionis playing "...thembloomfor..." but
the satellite version is playing (for instance) the rst "I see...". The receiver player would then immediately
"rewind" its version a bit until it synchronizes perfectly with the received version. The amount of time
equivalent to this "shift back" in the receiver player is precisely the travel time of the satellites version.
Once the time delay dt (in seconds) is computed, the receiver computer would multiply it with the
speed of light (in vacuum), c = 299, 792, 458m/sec to calculate the distance separating the satellite from
the GPS receiver.
Now that we have a bit more understanding of how the GPS estimates its distance to the satellites in
its view, it is time to see how these estimates are put in use to pinpoint the position of the receiver.
We start by choosing a system of three coordinates axes with the center of the Earth as center of the
system. As usual, the z-axis is the vertical one passing through the two poles and oriented from South
to North. The xz plane is the Greenwich meridian plane. The x-axis lies in the equatorial plane and the
direction of positive values of x goes through the Greenwich point (point of longitude zero). Similarly,
The y-axis lies in the equatorial plane and the direction of positive values of y goes through the point of
longitude 90

East.
6
y
z
x
All GPS receivers are built with multiple channels allowing them to receive and treat signals from at
least four different satellites simultaneously. Once it captures the signals of three satellites S
1
, S
2
and S
3
in
its range, the receiver calculates the time delays t
1
, t
2
and t
3
(respectively, in seconds) taken by signals of
the three satellites to reach it. The distances between the receivers and the three satellites are computed
as explained in section 3.2.1: d
1
= ct
1
, d
2
=ct
2
and d
3
=ct
3
respectively. The fact that the receiver is at a
distance d
1
from satellite S
1
means that it could be anywhere on the (imaginary) sphere
1
centered at S
1
and of radius d
1
. Using the ephemeris data scripted in the signal, the position (a
1
, b
1
, c
1
) of the satellite S
1
in the above system of axes is known, so the sphere
1
has equation:
(x a
1
)
2
+(y b
1
)
2
+(z c
1
)
2
=d
2
1
=c
2
t
2
1
. (1)
The distance d
2
= ct
2
from the second satellite is computed and the receiver is also somewhere on the
sphere
2
centered at the satellite S
2
(a
2
, b
2
, c
2
) with radius d
2
:
(x a
2
)
2
+(y b
2
)
2
+(z c
2
)
2
=d
2
2
=c
2
t
2
2
. (2)
This narrows the position of the receiver to the intersection of two spheres, namely to a circle. Still not
enough to determine the exact position. Finally, the distance d
3
=ct
3
from the third satellite S
3
(a
3
, b
3
, c
3
)
shows that the receiver is also on the sphere
3
:
(x a
3
)
2
+(y b
3
)
2
+(z c
3
)
2
=d
2
3
=c
2
t
2
3
. (3)
The surface of a sphere and a circle intersect in two points that the receiver software can accurately com-
pute. One of these two points will be unreasonably far from the Earth surface and therefore one possible
position is left.
7
S
1
S
2
S
3
3.3 Is it really that simple?
In theory, once a GPS receiver captures the signals of three different satellites in its view, it should be able
to locate its exact position (as the intersection of three imaginary spheres). But in reality, things are bit
more complicated than that.
Computing the time delay of the satellite signal to reach the receiver is the key element in locating the
receiver position. To compute that time, the GPS receiver computes the difference between the arrival
time of the signal according to the receiver clock and the departure time of the signal from the satel-
lite according to the satellite clock. Remember that the departure time of the signal is encrypted in the
ephemeris data. Each GPS satellite is equipped with three atomic clocks. These are very sophisticated and
extremely accurate clocks, but very expensive. The receiver clock, on the other hand, is the usual every
day digital clock. The quality difference between the clocks creates a certain error in calculating the real
time delay of the GPS signal since the satellite and the receiver clocks are not usually synchronized. This
means that the distances d
1
, d
2
and d
3
shown in the above equations are not very accurate since they are
based on "fake" time delays t
1
, t
2
and t
3
respectively.
At this point, you might be wondering why all this fuss about a time estimate that could differ only
in a fraction of a second? Remember we are dealing with a signal traveling at an incredibly high speed
(the speed of light c) which makes the estimated distances fromthe satellite to the GPS receiver extremely
sensitive to gaps between the satellite and receiver clocks. To give you an idea about the degree of sensi-
tivity, an error of 0.000001 second (one microsecond) would result in an error of 300 metres in distance
8
estimation. No wonder why the GPS receivers clock is the main source of error.
The main reason we need these expensive atomic clocks on board of the GPS satellites is to make sure
that they are always in perfect synchronization with each other. A consequence of this is that the "time
error" calculated by the receiver is the same for any satellite. Let me explain: if
1
is the time of reception
of the signal according to the receiver clock and if
2
is the time of reception of the signal according to the
satellite clock, then =
1

2
is the "time error". Since at any given moment, all satellites read the same
time in their atomic clocks, this time error represents the time difference between the receiver clock and
any of the satellites clocks. It is then independent of the satellite. The true time dt
i
taken by the signal
emitted from satellite S
i
to reach the receiver is the difference between the arrival time of signal to the
receiver according the satellite clock and the departure time of the signal according to the satellite clock
also:
dt
i
= (arrival time according to satellite clock) (departure time according to satellite clock)
= (arrival time according to satellite clock) (departure time according to satellite clock)
+ (arrival time according to receiver clock) (arrival time according to receiver clock)
. .
0
= (arrival time according to receiver clock) (departure time according to satellite clock)
(arrival time according to satellite clock) (arrival time according to satellite clock)
= t
i

The true delay time of the signal is then equal to t

i
(t
i
as above) rather than simply t
i
, for i = 1, 2, 3.
Equations (1), (2) and (3) above can now be written as:
(H)
_

_
(x a
1
)
2
+(y b
1
)
2
+(z c
1
)
2
=d
2
1
=c
2
(t
1
)
2
(x a
2
)
2
+(y b
2
)
2
+(z c
2
)
2
=d
2
2
=c
2
(t
2
)
2
(x a
3
)
2
+(y b
3
)
2
+(z c
3
)
2
=d
2
3
=c
2
(t
3
)
2
This is a system of three equations in four unknowns: the three coordinates of the receiver position (x, y
and z) and the clocks offset time . One needs at least a fourth equation to be able to solve for these four
variables.
3.3.1 The Fix
One way of xing the time gap between receiver and satellite clocks is to simply equip the receivers with
atomic clocks so they perfectly synchronize with the satellites time. That would reduce to zero in the
system (H) giving a system of three equations in three unknowns that the receiver computer can solve to
gure out its position. Of course, that would mean paying tens of thousands of dollars for the receiver.
Not a smart way to make this technology available to the general public. So how come almost everyone
9
you know has a very affordable GPS receiver that is very accurate at the same time?
The answer is in the mathematically brilliant idea the designers of the GPS came up with. As it turns
out, a simple digital clock in your GPS receiver will do just ne and all what it take is one more measure-
ment from a fourth satellite and voil, you have an atomic clock right in the palm of your hand.
As explained earlier, the GPS satellites are placed inorbits so that there are always at least four satellites
in viewof a GPS receiver anywhere in the globe. The receiver captures the signal of a fourth satellite S
4
and
adds one more equation to the above system (H). Now we have the following system of four equations in
four unknowns to deal with:
(S)
_

_
(x a
1
)
2
+(y b
1
)
2
+(z c
1
)
2
=d
2
1
=c
2
(t
1
)
2
(x a
2
)
2
+(y b
2
)
2
+(z c
2
)
2
=d
2
2
=c
2
(t
2
)
2
(x a
3
)
2
+(y b
3
)
2
+(z c
3
)
2
=d
2
3
=c
2
(t
3
)
2
(x a
4
)
2
+(y b
4
)
2
+(z c
4
)
2
=d
2
4
=c
2
(t
4
)
2
3.3.2 Solving (S)
Note rst that (S) is not a linear system and solving it would require more than the techniques seen in a
basic linear algebra course. But with a little work, it could be brought to a "quasi linear" form. The idea is
to replace each of the rst three equations in (S) with the result of subtracting the fourth equation fromit.
For instance, subtracting the fourth equation from the rst:
(x a
1
)
2
+(y b
1
)
2
+(z c
1
)
2
((x a
4
)
2
+(y b
4
)
2
+(z c
4
)
2
) =c
2
(t
1
)
2
c
2
(t
4
)
2
would result in the following equation:
2(a
4
a
1
)x +2(b
4
b
1
)y +2(c
4
c
1
)z =2c
2
(t
4
t
1
)+(a
2
4
+b
2
4
+c
2
4
) (a
2
1
+b
2
1
+c
2
1
) c
2
(t
2
4
t
2
1
) (1)
The expression (a
2
4
+b
2
4
+c
2
4
) (a
2
1
+b
2
1
+c
2
1
) c
2
(t
2
4
t
2
1
) in (1) is a constant with respect to the variables
x, y, z and of the system. To simplify the notations a little bit, we call it A
1
:
A
1
=(a
2
4
+b
2
4
+c
2
4
) (a
2
1
+b
2
1
+c
2
1
) c
2
(t
2
4
t
2
1
).
This way, equation (1) can now be written as:
2(a
4
a
1
)x +2(b
4
b
1
)y +2(c
4
c
1
)z =2c
2
(t
4
t
1
)+A
1
(2)
Repeating the same thing for the second and third equations in (S), we obtain the following equivalent
system
(S

)
_

_
2(a
4
a
1
)x +2(b
4
b
1
)y +2(c
4
c
1
)z =2c
2
(t
4
t
1
)+A
1
2(a
4
a
2
)x +2(b
4
b
2
)y +2(c
4
c
2
)z =2c
2
(t
4
t
2
)+A
2
2(a
4
a
3
)x +2(b
4
b
3
)y +2(c
4
c
3
)z =2c
2
(t
4
t
3
)+A
3
(x a
4
)
2
+(y b
4
)
2
+(z c
4
)
2
=d
2
4
=c
2
(t
4
)
2
10
One way to solve (S

) is to treat as a constant in each of the rst three equations. This will allow us to
express each of the variables x, y and z in terms of and then use the fourth equation to nd (hence
x, y and z). This approach enables us to use the techniques of Linear algebra to solve systems of linear
equations since the rst three equations in (S

) form indeed a system of three linear equations in three

variables (x, y and z).
There are many ways to solve for x, y and z in termof in the rst three equations in (S

), but Cramers
rule is probably the easiest to implement in the receivers computer:
x =
D
1
D
, y =
D
2
D
, z =
D
3
D
,
where D is the determinant of the matrix:
L :=
_
_
_
_
2(a
4
a
1
) 2(b
4
b
1
) 2(c
4
c
1
)
2(a
4
a
2
) 2(b
4
b
2
) 2(c
4
c
2
)
2(a
4
a
3
) 2(b
4
b
3
) 2(c
4
c
3
)
_
_
_
_
and D
1
, D
2
, D
3
are respectively the determinants of the matrices
L
1
=
_
_
_
_
2c
2
(t
4
t
1
)+A
1
2(b
4
b
1
) 2(c
4
c
1
)
2c
2
(t
4
t
2
)+A
2
2(b
4
b
2
) 2(c
4
c
2
)
2c
2
(t
4
t
3
)+A
3
2(b
4
b
3
) 2(c
4
c
3
)
_
_
_
_
, L
2
=
_
_
_
_
2(a
4
a
1
) 2c
2
(t
4
t
1
)+A
1
2(c
4
c
1
)
2(a
4
a
2
) 2c
2
(t
4
t
2
)+A
2
2(c
4
c
2
)
2(a
4
a
3
) 2c
2
(t
4
t
3
)+A
3
2(c
4
c
3
)
_
_
_
_
,
L
3
=
_
_
_
_
2(a
4
a
1
) 2(b
4
b
1
) 2c
2
(t
4
t
1
)+A
1
2(a
4
a
2
) 2(b
4
b
2
) 2c
2
(t
4
t
2
)+A
2
2(a
4
a
3
) 2(b
4
b
3
) 2c
2
(t
4
t
3
)+A
3
_
_
_
_
Of course, we would be in trouble if D =0. But can that really happen? Well, let us look a bit closer at
the structure of D. Using the properties of determinants, we can write
D =8

a
4
a
1
b
4
b
1
c
4
c
1
a
4
a
2
b
4
b
2
c
4
c
2
a
4
a
3
b
4
b
3
c
4
c
3

(3)
(the 8 in front is obtained by factoring 2 from each of the three rows of D) where a
i
, b
i
, c
i
are the coordi-
nates of the satellite S
i
in the above system of axes. So the rows in the determinant in (3) are the com-
ponents of the vector

S
1
S
4
,

S
2
S
4
and

S
3
S
4
respectively. If D =0, then a known result from Linear Algebra
implies that these three vectors belong to the same plane (coplanar) and consequently, the four satellites
S
1
, S
2
, S
3
and S
4
lie on the same plane. NASA scientists were of course fully aware of this problem and the
way they chose to inject the 24 satellites in their orbits was carefully chosen so that it makes it impossible
for a GPS receiver to capture the signals of four satellites which lie on the same plane at any moment and
anywhere close to the surface of the Earth. Your Linear Algebra course does not look so theocratical now,
11
does it?
Now that we are sure we can solve x, y and z in (S

) in terms of , we substitute x, y and z by

D
1
D
,
D
2
D
and
D
3
D
respectively in the fourth equation of (S

). This yields the quadratic equation

_
D
1
D
a
4
_
2
+
_
D
2
D
b
4
_
2
+
_
D
3
D
c
4
_
2
=c
2
(t
4
)
2
which can be written as
c
2

2
2c
2
t
4
+ =0 (4)
where = c
2
t
2
4

_
D
1
D
a
4
_
2

_
D
2
D
b
4
_
2

_
D
3
D
c
4
_
2
. Once again, the way the satellites are put in their
orbits guarantees that equation (4) would have two solutions
1
and
2
. Substituting back into the values
of x, y and z previously found, we get two possible positions (one for each of the two values found for ).
The receiver will easily determine which one is the right position since one of them will correspond to a
point very far from the surface of the Earth.
3.3.3 But I can only see my locationin degrees in my GPS receiver
If you press the "where am I" or "My location" buttons, your GPS will display your location with expres-
sions like 40 N, 30 W and 1040 m, which are obviously not the cartesian coordinate system we have been
working with above. This is simply because your GPS uses a more efcient Coordinate system by which
the position or location of any place on the Earths surface can be determined and described. Namely, it
uses the Latitude, the Longitude and the altitude of your position. Here are the details.
Consider a point Q(x, y, z) in the above coordinate system centered at the center O of the Earth. Let P be
the "projection" of the point Q on the Earth surface. That is, P is the intersection point of the vector

OQ
with the Earth surface. The points Q and P have the same Latitude and Longitude dened as follows.
the Latitude of P (= Latitude of Q) is a measurement of the angle of the location of P north or
south of the Equator. It represents the angle formed between the vector

OP (where O is the center
of the Earth) and the plane of the equator (drawn in red below). Note that 90

90

with the
point of latitude 90

being the South Pole that we mark as 90

S and the point of latitude 90

being
the North Pole that we mark as 90

N. Points of latitude 0

are of course points on the Equator. Lines

of latitude are known as parallels.
The Longitude of P (= Longitude of Q) is a measurement of the angle of the location of P East
or West of an imaginary circle on the Earths surface from the North Pole to the South Pole called
the prime meridian (drawn in blue below), which passes through the town of Greenwich, England.
Note that 180

180

with points of negative longitude are to the West of the prime meridian
and points with positive longitude are to its East. Thus a longitude of 100

is written as 100

W and
a longitude of 55

is written as 55

E. Lines of longitude are known as meridians.

12
The Altitude h of Q is its distance of the point Q from the sea level. If R is the radius of the Earth
(R

=6366km), then the distance between the point Q and the center of the Earth is R +h.
x
y
z
P
Q

R
h
Example 3.1. A point described as (40 N, 30 W, 1850m) is a point located 40 of arc north of the Equator
and 30 of arc west of the Greenwichmeridian andat a distance of 6366+1.85 =6367.85km fromthe center
of the Earth.
3.3.4 Conversionfromcartesianto (latitude, longitude, altitude) coordinates
Suppose that the receiver has calculated its position in cartesian form as being the point Q(x, y, z) in the
above coordinate system.
The receiver would calculate rst the its distance from the center of the Earth: d =
_
x
2
+y
2
+z
2
.
Using the fact d = R +h where R = 6366 km is the radius of the Earth and h is the altitude of the
position, the receiver is able to compute the altitude h =d R of its position.
For the point P, the projection of Q on the surface of the Earth, the cartesian coordinates are
_
R
d
x,
R
d
y,
R
d
z
_
and the the relations between these cartesian coordinates and the latitude and lon-
gitude of the point P (or Q) are given by:
_

_
R
d
x =Rcoscos
R
d
y =Rsincos
R
d
z =Rsin
These are simplied to the following equations:
(L)
_

_
x =d coscos
y =d sincos
z =d sin
13
The last equation gives that sin=
z
d
and since 90

90

, there is a unique value of satisfying

sin=
z
d
, namely =arcsin
_
z
d
_
.
Replacing with arcsin
_
z
d
_
in the rst two equations of the system (L) above reduces the system to
the following two equations:
_
cos=
x
d cos
sin=
y
d cos
with cos known. Since 180

180

, these two equations determine uniquely the value of the

longitude .
Thus the position Q(x, y, z) of the receiver can now be displayed in terms of the latitude, longitude
and altitude of the position point Q.
4 The Mathematics of the GPS Signal
Obviously, the satellites are not emitting their signals using the words of the song "I see trees of green red
roses too..." and the receiver does not actually "forward" its version to compute the time gap. So what is
the nature of these signals and how are they engineered to be easily identied by a ground receiver and
more importantly, to be sufciently "random" to suit the intended use?
Locating the position on (or near) the surface of the Globe using signals from four different satellites
may have appeared somehow complicated to you, but the truth is that this is the "soft" side of Mathemat-
ics used in this project. Careful encryption of codes in the signal emitted by the satellite is key to ensure
accuracy and reliability of information provided by your receiver. This side of the GPS project requires
heavier mathematical tools.
4.1 Linear Feedback Shift Registers
we start with a denition.
Denition 4.1. A binary sequence is sequence of two symbols, normally denoted by of 0 and 1, that we
call bits. A binary sequence is called of length r if it is a nite sequence consisting of r bits. A sequence
a
0
, a
1
, a
2
, . . . is called periodic if there exists a positive integer p, called a period of the sequence, such
that a
n+p
= a
n
for all n. Note that if p is a period, then kp is also a period for any positive integer k. The
smallest possible value for p is called the minimal period of the sequence.
Example 4.1. The sequence
001011000101100010110001011000101100010110001011000101100010110
is a binary sequence of length 63 and periodic of minimal period 7 repeating the block 0010110 of 7 digits.
14
Note that a binary sequence of length r can be expressed as a vector (a
0
, a
1
, . . . a
r 1
) where each com-
ponent a
i
is an element of F
2
:={0, 1}. This means in particular that there are 2.2. . . 2
. .
r
=2
r
such sequences.
More formally, we have the following.
Proposition4.1. There is a total of 2
r
different binary sequences of length r .
Example 4.2. There are 2
3
=8 binary sequences of length 3: 111, 110, 101, 100, 011, 010, 001 and 000.
The codes emitted by GPS satellites (called pseudo-randomnoise codes, or PRN for short) are treated by
the receivers as "deterministic" binary sequences with noise-like properties. These sequences are "de-
terministic" in the sense that they are not truly random but rather completely determined by a relatively
small set of initial values, called the PRNGs state. The "G" in "PRNG" stands for "Generator", or more
precisely a "pseudo-random number generator, which is the "Algorithm" used to produce such a deter-
ministic binary sequence.
There are many pseudo-random number generators out there used for various applications. The one
used in producing the pseudo-random codes for satellites is called Linear Feedback Shift Register or
LFSR for short.
In simple terms, a LFSR can be described as a device on board of each satellite for generating a se-
quence of binary bits that has the "appearance" to be very random although it is periodical. Physically, a
LFSR can be represented by a series of r one-bit storage (or memory) cells each containing a bit a
k
{0, 1}
and is set by an initial "secret key" consisting of a list of initial r bits: a
0
, a
1
, . . . , a
r 1
.
The behavior of the register is controlled by a counter, often referred to as a clock. When a "clock
pulse" is applied, the content of each cell is shifted to the right by one position, reading out the content of
the last (right most) cell. The content in the leftmost cell is the output of certain linear function applied to
the previous state (hence, the word "linear" in the name of that mechanism). The coefcients used in the
linear function to produce the content in the leftmost cell are labeled as c
0
, c
1
, . . . , c
r 1
. These coefcients
differ from one satellite to another and this is what makes the signal produced by one satellite unique
and different from signals produced by other satellites. This enables the GPS receiver to easily associate a
captured signal with the specic satellite emitting it and to quickly synchronize with it.
Did you nd this a bit confusing? No worries, keep reading.
In what follows, we give a step-by-step description of the operating mechanism of a LFSR.
First, we choose the secret key: a list of r bits: a
0
, a
1
, . . . , a
r 1
not all zeros at the same time.
We represent a LFSR by a set of r storage cells, each holding a bit a
i
{0, 1}. Each cell is connected
15
to a constant coefcient c
i
{0, 1}. The vector (c
0
, c
1
, . . . , c
r 1
) is constant throughout the procedure
and it is different from one satellite to another.
a
0
a
1
. . . . . . a
r 1
c
0
c
1
. . . . . . c
r 1
a
r
=a
0
c
0
+a
1
c
1
+ a
r 1
c
r 1
Figure 1-LFSR
Start by lling in the r cells with the initial values to get our rst "window" (a
0
, a
1
, . . . , a
r 1
).
At the rst "clock pulse", a
0
is shiftedtothe secondbox, a
1
tothe third, ..., a
r 2
tothe last (rightmost)
box, leaving out the value a
r 1
. The content of the rst (leftmost) box is then calculated as follows:
rst compute the sum
r 1

k=0
a
k
c
k
= a
0
r
0
+a
1
r
1
+ +a
r 1
r
r 1
.
If the result is even, the value a
r
=0 is inserted in the leftmost box and if the result is odd, the value
a
r
= 1 is inserted in the leftmost box. If you are familiar with "modular arithmetic" (see section
4.2 below), this amounts to calculating the sum

r 1
k=0
a
k
c
k
"modulo" 2. We now have the second
"window" (a
r
, a
0
, . . . , a
r 2
) and the rst r +1 terms of the sequence (or signal) are:
a
0
, a
1
, . . . , a
r 1
, a
r
=
r 1

k=0
a
k
c
k
.
At the second "clock pulse", the register shifts a
r
to the second box, a
0
to the third, ..., a
r 3
to the
last (rightmost) box, leaving out the value a
r 2
. It then calculates the sum
a
r
c
0
+a
0
c
1
+ +a
r 2
c
r 1
modulo 2 (again, that means the register will enter 0 in the leftmost box if the sum is even and 1 if
it is odd), which would be the term a
r +1
in the sequence. The third window that will appear in the
register is (a
r +1
, a
r
, a
0
, . . . , a
r 3
) and the rst r +2 terms of the sequence (or signal):
a
0
, a
1
, . . . , a
r 1
, a
r
, a
r +1
.
The procedure is iterated, creating (in theory at least) an innite signal in the form of a binary se-
quence
a
0
, a
1
, . . . , a
r 1
, a
r
, a
r +1
, . . .
16
Before we proceed further to look in a bit more depth at the mathematical properties of this sequence,
let us look at a simple example of such a signal.
Example 4.3. Inthis example, we take r =5. As coefcient vector, we take c =(c
0
, c
1
, c
2
, c
3
, c
4
) =(0, 1, 1, 1, 0)
and as initial state (or secret code), we take the vector v
0
=(a
0
, a
1
, a
2
, a
3
, a
4
) =(0, 0, 1, 1, 0). At the rst clock
pulse, the register computes the sum00+10+11+11+00 =2. Since the result is even, the content
of the leftmost box is 0. The new window in the sequence is (0, 0, 0, 1, 1) or simply 00011. At the second
clock pulse, the register computes the sum 00+10+10+11+01 =1. Since the result is odd, the
content of the leftmost box is 1. The new window in the sequence is 10001. The following table gives the
rst 30 windows in the sequence.
Clock Pulse number Window
1 00011
2 10001
3 01000
4 10100
5 11010
6 01101
7 00110
8 00011
9 10001
10 01000
11 10100
12 11010
13 01101
14 00110
15 00011
Clock Pulse number Window
16 10001
17 01000
18 10100
19 11010
20 01101
21 00110
22 00011
23 10001
24 01000
25 10100
26 11010
27 01101
28 00110
29 00011
30 10001
and the resulting sequence is then 00110010110001011000101100010110001. . .
Remark 4.1. Proposition 4.1 above indicates that there are exactly 2
r
binary sequences of length r . This
means that the sequence produced by a LFSR must be periodic of maximal period of 2
r
. If you are not
convinced, just look at the 30 "windows" produced by the LFSR in Example 4.3 above. Each window is a
binary sequence of length 5, so there are 2
5
= 32 different windows possible. In the worst case scenario,
one needs 32 "clock pulses" before repeating a previous window and as soon as a window is repeated, the
ones that follow will be already on the list in the same order. But note that the table in Example 4.3 repeats
the rst window just sfter the seventh clock pulse. This justify the notion of a "maximal period " of 2
r
.
We can actually say more, if the coefcients c
0
, c
1
, . . . , c
r 1
and the initial conditions a
0
, a
1
, . . . , a
p1
are
17
chosen "wisely" (as we will do in the sequel) we can guarantee that no window of all zeros will ever occur
and that will give us a maximal period of 2
r
1.
All the mechanism that we will develop in the following sections are geared toward proving the follow-
ing main main result.
Theorem4.1. For a LFSR as described above, one can always choose the coefcients c
0
, c
1
, . . . , c
r 1
and
initial conditions a
0
, a
1
, . . . , a
r 1
in such a way that the sequence produced by the register has a minimal
period of exactly 2
r
1.
4.2 Some modular Arithmetic
Long Division is a technique that you learnt so early in your student life that you most likely dont remem-
ber in what grade. The Division Algorithm of integers is a building block for almost every thing we do in
Arithmetic and modular Arithmetic. Let us start by stating this algorithm properly.
Theorem4.2. (Division Algortitm) Given two integers a and b, with b = 0, there exist unique integers q
and r such that a =bq +r and 0 r <|b|, where |b| is the absolute value of b.
The integer q is called the quotient, r is called the remainder, b is called the divisor and a is called
the dividend.
For the rest of this section, we x an integer n 2.
Denition 4.2. Given two integers a, b Z, we say that a and b are congruent modulo n and we write
a b ( mod n), if a and b have the same remainder upon division by n.
If a, b Z have the same remainder upon division by n, then by the Division Algorithm we can write
a = nq
1
+r and b = nq
2
+r for some q
1
, q
2
and r Z with 0 r < n. So a b = (nq
1
+r ) (nq
2
+r ) =
n(q
1
q
2
) is divisible by n. Conversely, suppose that ab =n is divisible by n and write a =nq
1
+r
1
and
b =nq
2
+r
2
for some q
1
, q
2
, r
1
and r
1
Z with 0 r
1
<n and 0 r
2
<n. We can clearly assume that r
2
r
1
(if not, just inverse the roles of a and b). So, a b = n(q
1
q
2
) +(r
1
r
2
) = n. By the uniqueness of the
quotient and the remainder (Theorem 4.2), we conclude that r
1
r
2
=0. In other words, a and b have the
same remainder upon division by n. This proves the following.
Theorem4.3. For a, b Z, a b (mod n) if and only if a b is divisible by n.
Example 4.4. 11 21 ( mod 5) since 11 and 21 have the same remainder (namely 1) upon division by 5
(or equivalently, their difference 2111 =10 is divisible by 5).
18
There are n possible remainders upon division by n, namely 0, 1, . . . , n 1. Given any integer a, the
Division Algorithm allows us to write a = nq +r for some q, r Z with 0 r n 1. Since a r = nq is
divisible by n, we have that a r ( mod n). This shows that any integer in Zis congruent modulo n to one
of the elements in the set {0, 1, . . . , n1}. If k {0, 1, . . . , n1} is one of the remainders in the division by n,
we consider the set k of all integers having k as remainder upon division by n, that we call an equivalence
class modulo n:
k :={ j Z; j k ( mod n)}.
We then consider the the collection Z
n
of all equivalence classes modulo n:
Z
n
:=
_
k; 0 k n1
_
.
Example 4.5. Z
3
=
_
0, 1, 2
_
where
0 ={. . . , 9, 6, 3, 0, 2, 6, 9, . . . }
1 ={. . . , 8, 5, 2, 1, 4, 7, 10, . . .}
2 ={. . . , 7, 4, 1, 2, 5, 8, 11, . . .}
Remark 4.2. In the notation of the equivalence class k used above, the integer k is just one representative
of that class. Any other element of the same class is also a representative. For instance, in the above
example, 1 can also be represented by 1 or by 7. To avoid confusion, the elements of Z
n
are always
represented in the (standard) formk for 0 k n1. This way, we write 2 instead of 14 in Z
3
.
We dene and addition and a multiplication that we call addition and a multiplication modulo n on
the elements of the set Z
n
in the following way:
Addition modulo n. If a, b Z
n
, dene a +b to be the class represented by the integer a +b. In
other words,
a +b =a +b.
Multiplicationmodulo n. If a, b Z
n
, dene a b (or ab for simplicity) to be the class represented
by the integer a b:
a b =a b.
Since a class in Z
n
has innitely many representatives, one has to check that these two operations are
independent of the choice of representatives. This is left as an easy exercise for the reader.
Example 4.6. The following are addition and multiplication tables of Z
3
:
+ 0 1 2
0 0 1 2
1 1 2 0
2 2 0 1
0 1 2
0 0 0 0
1 0 1 2
2 0 2 1
19
and of Z
4
:
+ 0 1 2 3
0 0 1 2 3
1 1 2 3 0
2 2 3 0 1
3 3 0 1 2
0 1 2 3
0 0 0 0 0
1 0 1 2 3
2 0 2 0 2
3 0 3 2 1
4.3 Groups
Denition 4.3. A Group is a set G equipped with an operation satisfying the following axioms:
G1. Closure of G under the operation . This axiom simply says that when we compose two ele-
ments of G, what we get is also an element of G: x y G for all x, y G.
G2. Associativity of the operation. x (y z) =(x y) z for all x, y, z G.
G3. Existence of an identity element. There exists an element e (called the identity element) of G
satisfying: x e =e x =x for all x G.
G4. Existence of inverses. For every x G, there exists y G such that x y = y x =e . The ele-
ment y G is called the inverse of x.
If in addition, the operation is commutative, that is x y = y x for all x, y G, the group G is called
abelian. A subset H of a group (G, ) is called a subgroup of G if H is itself a group with respect to the
same operation .
It is convenient to use familiar notations for a group operation. The most familiar ones are of course
+ and . (or just a juxtaposition). If we use the symbol +, we say that our group is additive and if the mul-
tiplication (or juxtaposition) is used, the group is called multiplicative. In an additive group, the identity
element is called the zero element and denoted by 0 and the inverse of an element x is called the opposite
of x and denoted with x. In the case of a multiplicative group, the identity element is represented by 1
and the inverse of an element x is denoted with x
1
.
Example 4.7. It should come as no surprise that the abstract denition of a group given above is a gener-
alization of the well known (additive) groups (Z, +) (the integers), (Q, +) (the rational numbers) and (R, +)
(the real numbers). Note that (Z, +) is a subgroupof both(Q, +) and(R, +) and(Q, +) is a subgroupof (R, +).
Changing the operation from addition to multiplication in these groups will make them lose their group
structure: (Z, ) is not a group because only 1 have their multiplicative inverses in Z and the inverse of a
different integer is not an integer. (Q, ) and (R, ) are not groups since 0 does not have an inverse which
violates axiomG4 above. However, and unlike (Z, ), the sets (Q

, ) and (R

, ) are indeed groups where

Q

and R

are respectively the sets of nonzero rational numbers and nonzero real numbers.
20
A group G is called nite if it contains a nite number of elements. In this case, we dene the order of
G, denoted by |G|, as the number of elements in G. Finite groups play a pivotal role in many applications
of mathematics, the GPS signals is no exception. The following example is a classic one for nite groups.
Example 4.8. The set Z
n
= {0, 1, . . . , n1} of integers modulo n dened in section 4.2 above is a additive
group for the addition modulo n. All the group axiom can be easily veried. In particular, 0 is the zero
element of the group and if k Z
n
, then the opposite of k is nk since k +nk =n =0 in Z
n
.
What about the structure of (Z
n
, ) where is the multiplication modulo n? The element 1 Z
n
is the
identity element of Z
n
for the multiplication modulo n since k 1 =1k =k for all k Z
n
. It is also clear
that 0 has no multiplicative inverse since k0 =0 =1 for all k Z
n
. O.K, what about taking away 0 fromZ
n
as we didfor QandR, wouldthe resulting structure (Z

n
, ) be a grouplike inthe case of (Q

, ) and(R

, )?
A closer look at the multiplication table of Z
4
given in Example 4.6 above quickly answers that question
negatively: the element 2 Z
4
has no inverse since the row of 2 in that table does not contain 1. This is
clearly not the case of the multiplication table of Z
3
where every nonzero element seems to have an in-
verse, making (Z

3
, ) a group.
So given a nonzero element k of Z
n
, under what conditions would k have a multiplicative inverse, that
is an element k

of Z
n
satisfying kk

=1? Part of the answer resides in the following observation: suppose

n has a proper divisor, that is a divisor d other than 1 and n, then we can write n =kd with 2 k n1.
If d has a multiplicative inverse d

, we would have on the one hand

k d d

=(k d
. .
=n=0
) d

=0
and on the other hand
k d d

=k (d d

. .
1
) =k =0.
This implies that (Z

n
, ) cannot be a group in the case where n has a proper divisor. Integers with no
proper divisors are called prime integers. For instance, 2, 3, 5, 7, 27 are all prime.
It is then natural to expect that if p is a prime integer, the set Z

p
= {1, 2, . . . , p 1} (of p 1 elements) is
indeed a group for the multiplication modulo p. The proof of this fact uses some properties of the gcd
(Greatest Common Divisor) of two integers that we will not include here but we state the result for future
reference.
Theorem4.4. If p is a prime integer, then the set Z

p
={1, 2, . . . , p 1} (of p1 elements) is a group for the
multiplication modulo p.
Hence, (Z

2
, ), (Z

3
, ), (Z

5
, ) and (Z

31
, ) are all examples of multiplicative groups.
21
From this point on, and unless otherwise specied, the operation of a multiplicative group is simply
denoted with a juxtaposition of elements.
Denition 4.4. Let G be a (multiplicative) group, g G and m Z. If m > 0, we dene g
m
to b be g
composed with itself m times, that is g
m
= g g . . . g
. .
m times
. If m < 0, we dene g
m
to be
_
g
1
_
m
. This is well
dened since in a group, every element has an inverse and m is now positive. As you can expect, if
m=0, we dene g
m
to be the identity element 1 of the group G.
Remark 4.3. In an additive group (G, +), the notion of an "exponent" (or a "power") g
m
of g translates to
g +g + +g =mg.
The Exponent Laws that for real numbers actually apply to any group: given a group G, g, h G and
m, n Z then
g
m+n
= g
m
g
n

_
g
m
_
n
=g
mn
If G is abelian, the (gh)
m
=g
m
h
m
Theorem4.5. (Lagrange.) If G is a nite group and H is a subgroup of G, then |H| is a divisor of |G|.
Proof
Given x G, dene xH as the subset {xg; g G}. Note that there are as many elements in xH as in H. To
see this, let g = g

G and suppose that xg = xg

. Since x
1
exists in G, multiplying both sides with x
1
yields g =g

which is a contradiction. So, if g =g

, then xg =xg

and so xH and H have the same number

of elements. Note also that since H is a subgroup of G, xH = H for any x H (the operation is internal
in H). Next, let g = g

G and suppose that the sets g H and g

H have an element z G in common.

Then there exist h, h

H such that z = gh = g

and we write g = g

h
1
(by multiplying both sides of
gh = g

with h
1
on the right). If y g H, then y = gh

for some h

H and therefore y = g

h
1
h

.
But h

h
1
h

H since H is a subgroup, so y = g

h
1
h

H. This shows that g H is a subset of g

H.
Similarly, we can show that g

H is a subset of g H and conclude that g H = g

H. So as soon as the sets g H

and g

H have an element in common, they must be equal. In other words, the sets g H and g

H are either
disjoint (empty intersection) or they are the same set. Note also that if 1H is simply the subgroup H. The
group G can then be written as the union of pairwise disjoint subsets of the form:
G =H g
1
H . . . g
r
H
with |H| = |g
1
H| = . . . = |g
r
H|. Thus, |G| =|H| +|g
1
H| +. . . +|g
r
H| = (r +1)|H|. We conclude that |H| is a
divisor of |G|.
Groups like (Z, +) and (Z
n
, +) can be "generated" by a single element. For example, in (Z, +), every
integer k can be written as a "power" of the element 1: k = 1+1+ +1 = k 1. We say in this case that
22
the additive group Z is generated by 1. Note also that 1 is a generator of (Z, +). In general, we have the
following.
Denition 4.5. A group G is called cyclic if there exists an element g G such that G = {g
m
; m Z}. In
other words, every element of the group G can be written as a power of a xed element g. We say in this
case, that g is a generator of G and we write G =g.
Example 4.9. The group (Z

7
, ) ={1, 2, 3, 4} is cyclic with generator 2 since every element of the group can
be expressed as a power of 4: 2
0
=1, 2
1
=2, 2
2
=4 and 2
3
=8 =3.
Remark 4.4. By the Exponent Laws of a group, a cyclic group is always abelian.
Given a nite group G of order n and identity element 1, the Exponent Laws of G show in particular
that the set H
g
=
_
g
n
; n N
_
forms a subgroup of G for any g G. H
g
is called the cyclic subgroup gener-
ated by g. Since G is nite, g
k
=g
m
for some k m N(otherwise H
g
would be innite). Multiplying both
sides of g
k
= g
m
with g
k
gives that g
mk
=1. So the set P
g
={l N; g
l
=1} is not empty. Dene the order
of the element g, denoted by |g|, as being the smallest element of P
g
. That is |g| is the smallest integer l
satisfying g
l
=1. Therefore, the subgroup H
g
is equal to
_
g
0
=1, g, g
2
, . . . , g
r 1
_
where r is the order of g.
In other words, the order of the element g G is nothing but the order of the subgroup H
g
generated by
g.
Theorem4.6. If G is a nite group of order n, then g
n
=1 for any g G.
Proof
By Lagrange Theorem (Theorem (4.5)), we know that |g| = |H
g
| is a divisor of n. Write n = k|g| for some
k N, then g
n
= g
k|g|
=
_
g
|g|
_
k
=1
k
=1 since g
|g|
=1 by denition of the order of g.
4.4 Finite Fields-An introduction and basic results
We have seen that the set (Q, +),(R, +) and (Z
n
, +) are all examples of additive groups, but they are all also
equipped with another operation (multiplication) which interact well with the addition to give each of
them a well known structure in Algebra called a Field. On the other hand, the additive group (Z, +) is also
equipped a multiplication but its structure differs from that of Q and R in the following way: the inverse
of an integer is not an integer, except for 1.
Although Field theory has deep roots in the history of Mathematics, it became central in developing
many tools in technology and security of information, especially for the past half century. The following
is a formal denition of this structure.
Denition 4.6. A Field is a set F together with two operations, usually called addition and multiplica-
tion, and denoted by + and . (or just a juxtaposition), respectively. These operations satisfy the following
axioms:
23
A1. Closure of F under addition and multiplication. This axiom simply says that when we add or
multiply two elements of F, what we get is also an element of F: x +y F and xy F for all x, y F.
A2. Associativity of addition and multiplication:
x +(y +z) =(x +y) +z and x(yz) =(xy)z for all x, y, z F.
A3. Commutativity of addition and multiplication: x +y = y +x and xy = yz for all x, y F.
A4. Distributivity of multiplication over addition. This axiom establishes the interaction between
the two operations in a eld: x(y +z) =xy +xz for all x, y F.
A5. Additive and multiplicative identity: There exists elements 0 (called the zero element) and 1
(called the identity element) of F satisfying: x +0 = x and x1 =x for all x F.
A6. Additive and multiplicative inverses:
For every x F, there exists y F tel que x +y =0.
For every non-zero x F, there exists y F tel que xy =1
The set of the reals (R) and the rational numbers (Q) (also the set C for those familiar with complex
numbers) are the classic examples of a eld structure. But these are not the kind of elds used in appli-
cations concerning coding theory. We are going to explore new types of elds, namely ones containing a
nite number of elements that we call nite elds. There is only one eld where the zero element and the
identity element are the same, we call it the zeroeld: this is set with only one element 0 with the obvious
rules: 0+0 =00 =0. Any other eld is called a nonzeroeld.
Remark 4.5. A closer look at the above eld axioms allows to give the following alternative denition of a
eld from the perspective of group theory. A set (F, +, ) is a eld if
(F, +) is an abelian group with 0 as identity element;
(F

, ) is an abelian group where F

={x F; x =0};
is distributive over +:
x (y +z) =x y +x z for all x, y, z F.
Example 4.10. The sets (Q, +, ) and (R, +, ) with the usual addition and multiplication of numbers
clearly satisfy all the axioms of a eld. The set (Z, +, ) is not a eld since (Z

, ) is not a multiplicative
group.
The multiplication table of Z
4
given in Example 4.6 above reveals a striking fact: 2 2 = 0 in spite of
the fact that 2 =0. This cannot happen in a eld as the following Proposition shows.
Proposition4.2. Let F be a nonzero eld with zero element 0. Then
24
1. a 0 =0 for all a F.
2. If a, b F are such that a b =0, then either a or b must be zero.
Proof
1. a 0 = a (0+0) = a 0+a 0 (by the distributivity property A4 above). As an element of a eld,
a 0 must have an additive inverse a 0. Adding a 0 to the equation a 0 = a 0+a 0 gives
0 =a 0.
2. Assume ab =0. If a =0, then a admits a multiplicative inverse a
1
(axiom A6 above). Multiplying
both sides of the equation a b =0 with a
1
gives
a
1
(a b) =a
1
0 (a
1
a
. .
1
) b =0 1b =0 b =0.
We conclude that at least one of the elements a, b must be zero.
The above proposition, together with the multiplication table of Z
4
shows that Z
4
, equipped with the ad-
dition and the multiplication modulo 4, is not a eld since 2 2 = 0 is a violation of part 2 of the above
proposition. On the other hand, addition and multiplication tables of Z
3
show that Z
3
is indeed a eld. In
Z
6
we have that 23 = 6 = 0 with both 2, 3 are nonzero. It is the fact that 6 can be factored as 23 with
1 <2 <3 <6 that makes such an equation possible and consequently stops Z
6
from being a eld.
There is really nothing special about the decomposition 6 =23. In general, if n 2 is not a prime integer,
then n can be written under the form n = pq where 1 < p, q < n. This translates in Z
n
into the equation
pq =n =0 with both p, q nonzero. This means that Z
n
is not a eld if n is not prime. On the other hand,
Theorem (4.4) above shows that Z

n
is a (multiplicative) if n is a prime integer. We conclude
Theorem 4.7. Z
p
is a eld (for the addition and a multiplication modulo p) if and only if p is a prime
integer.
Hence, Z
2
, Z
5
and Z
7
are all examples of nite elds.
Remark 4.6. It can be shown (but we will not show it here) that any nite eld F containing p elements
for a prime p is actually a copy of Z
p
(formally, we say F is isomorphic to Z
p
). In other words, there is only
one led containing p elements for each prime integer p. This eld is denoted by F
p
.
From this point on, we will omit the "over line" in expressing the element a of Z
p
and just write a for
simplicity. For instance, we write Z
3
={0, 1, 2} and Z
5
={0, 1, 2, 3, 4}.
25
4.4.1 The eld F
p
r
The eld Z
p
(or F
p
) containing p elements (for prime p) is just a particular example of a more general
family of nite elds. Given a prime integer p and a positive integer r , the main goal in what follows is
to construct the unique nite eld F
p
r containing exactly p
r
elements. Any other eld containing p
r
ele-
ments is just a copy of F
p
r .
In all what follows, F is a arbitrary eld (not necessarily nite), p is a prime integer and r is a positive
integer. We will "cook" the eld F
p
r following two recipes. The main ingredient in both recipes is the
notion of polynomials with coefcients in the eld F. These are the same type of polynomials that you
always dealt with except that the coefcients are no longer restricted to real numbers.
Denition 4.7. A polynomial in one variable x over F is an expression of the form
p(x) =a
n
x
n
+a
n1
x
n1
+ +a
1
x +a
0
where a
i
F for each i {0, 1, . . . n}. Moreover, if a
n
= 0 (with 0 being the zero element of the eld F),
then we say that p(x) is of degree n and we write degp(x) = n. In this case, the coefcient a
n
is called
the leading coefcient of p(x). A monic polynomial is a polynomial with leading coefcient equal to 1
(the identity element of the eld F). If a
i
=0 for all i , we say that p(x) is the zero polynomial. The degree
of the zero polynomial is dened to be . Note that any element of the eld F can be considered as
a polynomial of degree 0 that we usually call a constant polynomial. The set of all polynomial in one
variable x over F is denoted by F[x].
We dene addition and multiplication in F[x] in the usual way of adding and multiplying two polynomials
with the understanding that the involved operations on the coefcients are done in the eld F. Equipped
with these two operations, F[x] is clearly not a eld since, for example, the multiplicative inverse of the
polynomial p(x) =x does not exist (no polynomial p(x) exists such that xp(x) =1).
Remark 4.7. We are mainly interested in polynomials over the nite elds Z
p
(for prime p) and one
has to be careful when computing modulo the prime p. For instance, let p(x) = x
2
+x +1 and q(x) =
x +1 considered as polynomials in Z
2
[x], then p(x) +q(x) = x
2
+2x +2 = x
2
since in the led Z
2
, 2 = 0
(remember: the coefcient 2 here means 2). Also p(x)q(x) =x
3
+2x
2
+2x +1 =x
3
+1 for the same reason.
Now, if we consider the same polynomials but as elements of Z
3
[x], then p(x) +q(x) = x
2
+2x +2 and
p(x)q(x) =x
3
+2x
2
+2x +1.
The notion of divisibly in Zcan be extended to F[x] with the understanding that a nonzero polynomial
p(x) is said to divide another polynomial q(x) if q(x) = p(x)k(x) for some k(x) F[x]. For example, x
2
+1
divides x
4
1 since the later is equal to (x
2
1)(x
2
+1).
26
Similar to the case of integers, we also have a division algorithm in F[x] usually known as the long division
of polynomials:
Division Algorithm of F[x]. Given two polynomials f (x) and g(x) in F[x] with g(x) =0 and degg(x) =n,
then uniquely determined polynomials q(x) and r (x) in F[x] exist such that
1. f (x) =g(x)q(x) +r (x);
2. Either r (x) is the zero polynomial or degr (x) < n.
The polynomial q(x) is called the quotient of the division and r (x) is called the remainder. Note that if
deg f (x) <degg(x), then we can write f (x) =g(x).0+ f (x) with 0 as quotient and f (x) as remainder.
Example 4.11. Let p(x) =x
4
+2x
3
+x +2 and k(x) =x
2
+x +1 considered as polynomials in Z
3
[x] where
as usual Z
3
={0, 1, 2}. Let us perform the long division of p(x) by k(x):
x
2
+x 2
x
2
+x +1
_
x
4
+2x
3
+x +2
x
4
x
3
x
2
x
3
x
2
+x
x
3
x
2
x
2x
2
+2
2x
2
+2x +2
2x +4
The quotient is q(x) = x
2
+x 2 = x
2
+x +1 (since 2 = 1 in the eld Z
3
) and the remainder is r (x) =
2x +4 =2x +1 (since 4 =1 in the eld Z
3
).
The construction of the eld F
p
r follows to a great extend the construction done for the eld Z
p
(for prime
p), except that the prime integer p is replaced with a "suitable" polynomial p(x) F[x] and all calculations
are performed in F[x] "modulo" p(x). What is meant by "suitable" is given in the following denition.
Denition 4.8. A nonzero polynomial p(x) F[x] is called irreducible over F (or simply irreducible) if
it cannot be written as the product of two non constant polynomials in F[x]. In other words, p(x) is
irreducible if and only if the only way an equality of the form p(x) = p
1
(x)p
2
(x) with p
1
(x), p
2
(x) F[x]
can occur is when either p
1
(x) or p
2
(x) is a constant polynomial. Consequently, if p(x) is irreducible of
degree r , then it does have a non constant polynomial divisor (or factor) of degree strictly less than r .
The notion of irreducibility for polynomials depends largely on the coefcient eld. If F
1
is a eld
contained in a larger eld F
2
, it could very well happens that a polynomial p(x) F
1
[x] is irreducible as an
element of F
1
[x] but not as an element of F
2
[x].
27
Example 4.12. The polynomial p(x) = x
2
2 is irreducible as element of Q[x] but not as an element of
R[x] since p(x) = (x

2)(x +

2) and each one of the polynomials (x

2), (x +

2) is non constant in
R[x].
More interesting examples arise in the case of nite elds.
Example 4.13. The polynomial p(x) = x
2
+1 is not irreducible over Z
2
since (x +1)(x +1) = x
2
+2x +1 =
x
2
+1 in Z
2
[x]. Note that x
2
+1 is clearly irreducible in R[x].
As we did computations "modulo n" in the set Z of all integers, we will dene operations "modulo
p(x)" in F[x] for some polynomial p(x) F[x]. First, a denition.
Denition 4.9. Let F be a eld, p(x) F[x] a nonzero polynomial. We say that the two polynomials
f (x), g(x) F[x] are congruent modulo p(x), and we write f (x) g(x) (mod p(x)), if p(x) divides the
difference f (x) g(x). In many instances, the expression f (x) g(x) is simply replaced with f (x) = g(x)
(mod p(x)). Note that (like in the case of integers) the fact that p(x) divides f (x) g(x) is equivalent to
f (x) and g(x) having the same remainder when divided with p(x).
Example 4.14. x
3
+2x
2
1 x
2
1 (mod x +1) in R[x] since x
3
+2x
2
1(x
2
1) = x
3
+x
2
=x
2
(x +1).
Example 4.15. x
3
+3x x
3
x
2
2x1 (mod x
2
+1) in Z
5
[x] since x
3
+3x(x
3
x
2
2x1) = x
2
+5x+1 =
x
2
+1 (remember that 5 =0 in Z
5
).
The division Algorithmis at the heart of computations modulo p(x) in F[x]: If f (x) =g(x)q(x)+r (x), then
f (x) r (x) = g(x)q(x) and consequently, f (x) r (x) (mod p(x)). Like in the case of integers modulo n,
given a nonzero polynomial p(x) F[x] we group the polynomials of F[x] in "classes" according to their
remainder upon division by p(x). So two polynomials f (x) and g(x) are "equal" modulo p(x) if they be-
long to the same class, or equivalently they have the same remainder when divided by p(x).
For a nonzero polynomial p(x) F[x], we denote by F[x]/p(x) the set of all "classes" of F[x] modulo
p(x). Inother words, F[x]/p(x) is the set of all possible remainders upon (long) division with the polyno-
mial p(x). Like in the case of integers modulo n, addition and multiplication (modulo p(x)) in F[x]/p(x)
are well dened operations in the sense that they do not depend on the "representatives" of the classes.
Remark 4.8. If p(x) = a
n
x
n
+ +a
1
x +a
0
F[x] is a nonzero polynomial, one can easily verify that the
set F[x]/p(x) is the same as F[x]/p

(x) where p

(x) = a
1
n
p(x) = x
n
+ +a
1
n
a
1
x +a
1
n
a
0
. In other
words, one can assume without any loss of generality that the polynomial p(x) is monic when looking at
the structure of F[x]/p(x).
In all what follows, the polynomial p(x) is assumed to be monic when we consider the set F[x]/p(x).
Example 4.16. Let p(x) = x
2
2 Q[x]. Let us add and multiply the two polynomials h(x) = x
3
2x
2
+x
and k(x) =x
2
+3x +1 modulo p(x). First note that
h(x) +k(x) =x
3
x
2
+4x +1, h(x)k(x) =x
5
+x
4
4x
3
+x
2
+x.
28
We start by performing the long division of both h(x) +k(x) and h(x)k(x) by p(x):
x 1
x
2
2
_
x
3
x
2
+4x +1
x
3
+2x
x
2
+6x +1
x
2
2
6x 1
x
3
+x
2
2x +3
x
2
2
_
x
5
+x
4
4x
3
+x
2
+x
x
5
+2x
3
x
4
2x
3
+x
2
x
4
+2x
2
2x
3
+3x
2
+x
2x
3
4x
3x
2
3x
3x
2
+6
3x +6
We conclude that h(x) +k(x) =6x 1 (mod x
2
2) and h(x)k(x) =3x +6 (mod x
2
2).
Remark 4.9. Unlike the case of Z
n
, the set F[x]/p(x) can be innite if the coefcient eld F is innite.
If p(x) F[x] is not irreducible over F, we would have an equation of type hq =0 in the set F[x]/p(x)
(can you see why?) which would deprive that set from having a eld structure with respect to addition
and multiplication mod p(x) by Proposition (4.2) above. So one would expect F[x]/p(x) to be a eld
only in the case where p(x) is an irreducible polynomial. To completely prove that fact, one would need
the notion of greatest common divisor of two polynomials and the Euclidian Algorithm to nd it. These
are technicalities that interested reader can pick up from any basic Algebra book.
Theorem4.8. Let p(x) F[x] be a nonconstant polynomial. The set F[x]/p(x) equipped with addition
and multiplication modulo p(x) is a eld if and only if p(x) is an irreducible polynomial over F.
A closer look at the elements of the eld F[x]/p(x) where p(x) F[x] is irreducible leads to the rst
approach of constructing F
p
r . First, let r = degp(x). Any remainder upon division with p(x) would be
a polynomial of degree r 1 or less. Since each polynomial in F[x] is congruent to its remainder in the
division by p(x), elements of F[x]/p(x) can be identied with polynomials of degree r 1 or less (with
coefcients in the eld F). Be careful, the set of polynomials of degree less than or equal to q is not a eld
for the usual multiplication and addition of polynomials for any positive integer q as we explained above.
So to say that the eld F[x]/p(x) can be identied with the set of polynomials of degree r 1 is not a
correct statement. But note that p(x) =0 in F[x]/p(x) (since it has a zero remainder when divided with
itself ), so what is safe to say is that eld F[x]/p(x) can be identied with the set
P
r 1
={a
0
+a
1
t +a
2
t
2
+ +a
r 1
t
r 1
; a
0
, . . . , a
r 1
F and p(x) =0}.
Let us turn now to the case where the coefcient eld F is the nite eld F
p
(or Z
p
) for p prime. In this
case, there is a total of p
r
polynomials of degree r 1 with coefcients in F
p
since such a polynomial has
29
r coefcients (the degree of the polynomial+1) each of which can take on p values in the eld F
p
. So the
set P
r 1
above has exactly p
r
elements.
The following Theorem is a summary of the above discussion and it represents our First attempt at
constructing the Field F
p
r . Of course, a complete proof would require checking more details, but at this
point the hope is that the reader nds it somehow reasonable to digest.
Theorem4.9. Let q(x) F[x] be monic irreducible polynomial with degq(x) =r 1. The eld F[x]/q(x)
can be identied with polynomials of degree r 1 with coefcients in F together with the condition p(x) =
0. Moreover, if F is the nite eld F
p
(with p prime), then the eld F[x]/q(x) is nite with p
r
elements.
Example 4.17. Let p(x) = x
3
+x +1 considered as an element of F
2
[x]. We start by proving that p(x) is
irreducible over F
2
. Suppose not, then there exist a, b, c Z
2
such that (x +a)(x
2
+bx +c) = x
3
+x +1.
Consequently,
x
3
+x +1 =x
3
+(a +b)x
2
+(ab +c)x +ac.
Comparing corresponding coefcients on both sides leads to the following equations: a+b =0, ab+c =0
and ac =1 which obviously cannot be satised at the same time in the eld Z
2
. Thus, p(x) is irreducible.
Note that another way to check irreducibility of p(x) is to show that it does not have any root in the eld
Z
2
: p(0) = 1 = 0 and p(1) = 1
3
+1
2
+1 = 1 = 0. We conclude that p(x) = x
3
+x
2
+1 is irreducible and
so Z
2
[x]/x
3
+x +1 is indeed a eld. Let us now look at a description of the elements of this eld. By
Theorem 4.9, we know that
Z
2
[x]/x
3
+x +1

=
_
a
0
+a
1
t +a
2
t
2
; a
0
, a
1
, a
2
Z
2
; and t
3
+t +1 =0
_
.
There are exactly 2
3
=8 elements in this eld, namely:
Z
2
[x]/x
3
+x +1 =
_
0, 1, 1+t +t
2
, 1+t , 1+t
2
, t +t
2
, t , t
2
_
. (1)
In case you are wondering what is the signicance of the condition t
3
+t +1 = 0, maybe the following
multiplication in the eld Z
2
[x]/x
3
+x+1 will give an answer. First note that t
3
+t +1 =0 t
3
=t 1 =
t +1 since 1 =1 in Z
2
.
(1+t +t
2
)(t
2
) =t
2
+t
3
+t
4
=t
2
+(t +1) +t (t +1) =t
2
+t +1+t
2
+t =1.
The equation t
3
+t +1 =0 is the "vehicle" that will bring any multiplication of elements of Z
2
[x]/x
3
+
x+1 to one element in the set (1) above (and hence prove that the set is actually closed under polynomial
multiplication.) Another important feature one should notice about the multiplicationinZ
2
[x]/x
3
+x+1
is the fact that every nonzero element of this eld can be expressed as a power of a single element of the
eld: let =t , then:
2
=t
2
,
3
=t +1,
4
= t
2
+t ,
5
=1+t +t
2
,
6
=1+t
2
,
7
=1.
The fact that the nonzero elements of Z
2
[x]/x
3
+x+1 can be expressed as a power of a single element
of that eld is not just a coincidence, it works for any eld according to the following Proposition.
30
Proposition 4.3. If (F, +, ) is a nite eld, then (F

, ) is a cyclic group. Here F

is, as usual, the eld F

from which the zero element is removed.
Proof
Assume that the eld F has r elements. Let F

, and let m = || be the order of as an element of the

multiplicative group (F

, ). As dened above, m is the smallest positive integer satisfying

m
=1 and by
Theorem(4.6), it is at the same time equal to the order of the subgroup P

={
i
; i N} of (F

, ) generated
by . This means in particular that is a root of the polynomial x
m
1 of F[x]. By Lagrange Theorem
(Theorem 4.5), we know that m is a divisor of r 1 ( since |F

| = r 1), so
r 1
=
km
=
_

m
_
k
= 1
k
= 1
and is actually a root of the polynomial x
r 1
1 = 0. To prove that (F

, ) is cyclic, it is enough to nd
a nonzero element with order equal to r 1. Suppose such an element does not exist and let k be the
largest order of a nonzero element of F. Then k < r 1 and every nonzero element of F is a root of the
polynomial x
k
1 =0. But the equation x
k
1 =0 has at most k roots in the eld F which contradicts the
fact that all the r 1 elements of F

are roots. We conclude that an element of order r 1 exists and that

F

={1, ,
2
, . . . ,
r 2
} is a cyclic group.
Denition 4.10. A primitive element of a nite eld (F, +, ) is any generator of the cyclic group (F

, ).
In other words, if |F| =r , then F

is primitive if F

={1, ,
2
, . . . ,
r 2
}.
Example 4.18. In Example 4.17 above, =t is a primitive element of the eld Z
2
[x]/x
3
+x +1.
Now for the second approach to construct F
p
r . Recall that the eld F
p
containing p elements is noth-
ing but a copy of the eld Z
p
of all integers modulo p.
Consider the set Z
p
r
= Z
p
Z
p
Z
p
. .
r
of all r -tuples (a
0
, a
1
, . . . , a
r 1
) where a
i
Z
p
for all i . Our
second construction of the nite eld F
p
r is done by "identifying" F
p
r with Z
p
r
after dening suitable ad-
dition and multiplication of r -tuples.
We dene an addition on Z
r
p
the natural way:
(a
0
, a
1
, . . . , a
r 1
) +(b
0
, b
1
, . . . , b
r 1
) =(a
0
+b
0
, a
1
+b
1
, . . . , a
r 1
+b
r 1
)
where a
i
+b
i
represents the addition mod p in Z
p
.
The multiplication on Z
r
p
will probably appear to you as very "unnatural". We start by xing an irre-
ducible and monic polynomial of degree r in Z
p
[x]:
M(t ) =t
r
+m
r 1
t
r 1
+ +m
1
t +m
0
.
Each r -tuple (a
0
, a
1
, . . . , a
r 1
) Z
p
r
is identied with the polynomial p(t ) = a
r 1
t
r 1
+ +a
1
t +a
0
Z
p
[t ]
of degree less than or equal to r 1 with coefcients in the eld Z
p
.
31
To dene the multiplication of two r -tuples (a
0
, a
1
, . . . , a
r 1
), (b
0
, b
1
, . . . , b
r 1
) of Z
p
r
, we start by writ-
ing the corresponding polynomials in Z
p
[t ]:
p(t ) =a
r 1
t
r 1
+ +a
1
t +a
0
, q(t ) =b
r 1
t
r 1
+ +b
1
t +b
0
,
then we multiply the two polynomials together in the usual way by regrouping terms in t
0
, t , t
2
,..., t
2(r 1)
:
p(t )q(t ) =a
r 1
b
r 1
t
2(r 1)
+ +(a
0
b
1
+a
1
b
0
)t +a
0
b
0
which in turns is congruent to its remainder R(t ) modulo M(t ) as an element of F[t ]/M(t ). Since the
remainder is of degree less than or equal to r 1, it can be written under the form R(t ) =
r 1
t
r 1
+ +

1
t +
0
where
i
F for all i . Now dene the multiplication of the two r -tuples (a
0
, a
1
, . . . , a
r 1
) and
(b
0
, b
1
, . . . , b
r 1
) as being the r -tuple consisting of the coefcients of R(t ):
(a
0
, a
1
, . . . , a
r 1
) (b
0
, b
1
, . . . , b
r 1
) =(
0
,
1
, . . . ,
r 1
).
Remark 4.10. The key feature in this second approach is the fact that it allows us to look at the r -tuples
of F
p
r
as polynomials. More importantly, the multiplication on F
p
r
dened above with respect to the
polynomial M(t ) produces the same results when the r -tuples are identied with polynomials of degree
less than or equal to r 1 and we multiply them modulo M(t ) in F
p
[t ]. Formally, we say that the two elds
F
p
r
and F
p
r are isomorphic (one is a copy of the other). This means in particular that the set Z
p
r
equipped
with the above addition and multiplication with respect to a monic irreducible polynomial M(t ) is indeed
a eld.
Example 4.19. Consider the 3-tuples (1, 0, 1) and (1, 1, 1) as elements of Z
2
3
. As polynomials, these 3-
tuples can be identied with the polynomials t
2
+1 and t
2
+t +1 respectively. We have seen in Example
4.17 above that the polynomial M(t ) =t
3
+t +1 Z
2
[t ] is irreducible. Let us multiply the two 3-tuples with
respect to M(t ):
(t
2
+1)(t
2
+t +1) = t
4
+2t
2
+t +1 =t
4
+t +1
(remember that 2 =0 in Z
2
). Now we divide t
4
+t +1 with t
3
+t +1:
t
t
3
+t +1
_
t
4
+t +1
t
4
t
2
t
t
2
and get a remainder of t
2
= t
2
. The coefcients of this remainder are represented with the 3-tuple
(0, 0, 1). So, (1, 0, 1) (1, 1, 1) =(0, 0, 1).
Denition 4.11. An irreducible monic polynomial F(x) Z
p
[x] of degree r is called a primitive polyno-
mial over Z
p
if the monomial t is a primitive root of the eld Z[x]/F(x) identied with the set
=
_
b
r 1
t
r 1
+ +b
1
t +b
0
; b
i
Z
p
, and F(t ) =0
_
32
Example 4.20. In Example 4.17 above, the polynomial P(x) = x
3
+x +1 Z
2
[x] is primitive since it is
irreducible and t is a primitive element of the eld Z
2
[x]/x
3
+x +1.
Example 4.21. The polynomial x
6
+x
3
+1 Z
2
[x] is irreducible since it has no roots in Z
2
. On the other
hand, the equation t
6
+t
3
+1 = 0 in the eld Z
2
[x]/x
3
+x +1 is equivalent to t
6
=t
3
1 = t
3
+1. This
gives the following powers of the monomial t :
t
7
=t
4
+t , t
8
=t
5
+t
2
, t
9
= t
6
+t
3
=t
3
+1+t
3
=2t
3
+1 =1.
The fact that t
9
=1 and that the multiplicative group of F[x]/x
3
+x +1 is of order 2
6
1 =63 imply that t
is not a generator of that group. So the polynomial x
6
+x
3
+1 of Z
2
[x] is not primitive.
Remark 4.11. If is a primitive root of a nite eld F with |F| = r , the proof of Proposition 4.3 shows in
particular that is a root of the polynomial Q(x) = x
r 1
1 and that r 1 is the smallest integer m such
that is a root of x
m
1. It can also be shown that the polynomial F(x) is a primitive polynomial if the
smallest positive integer n such that F(x) divides x
n
1 is indeed n =r 1.
The following Theorem proves that there is enough supply of primitive polynomials of any chosen
degree.
Theorem4.10. For any prime integer p and any positive integer n, there exists a primitive polynomial of
degree n over the eld Z
p
.
4.5 The Trace
Denition 4.12. A map f : F
p
r
F
p
is called linear if it satises the two conditions:
1. f (u+v) = f (u) + f (v) for all r -tuples u, v in F
p
r
2. f (u) =f (u) for all u F
p
r
and F
p
Example 4.22. Let F(x) be an irreducible polynomial of degree r in F
p
[x] and identify the eld F
p
r
=
F
p
[x]/F(x) as usual with the set of polynomials of degree r 1 or less together with the identity F(t ) =0.
Consider the map : F
p
r
F
p
, called the Trace function, dened as follows:

_
b
r 1
t
r 1
+ +b
1
t +b
0
_
=b
r 1
.
If u =b
r 1
t
r 1
+ +b
1
t +b
0
, v =c
r 1
t
r 1
+ +c
1
t +c
0
F
p
r
and F
p
, then
(u +v) =
_
(b
r 1
+c
r 1
)t
r 1
+ +(b
1
+c
1
)t +(b
0
+c
0
)
_
=b
r 1
+c
r 1
=(u) +(v).
(u) =
_
b
r 1
t
r 1
+ +b
1
t +b
0
_
=b
r 1
=(u).
33
This means that is a linear map.
A special case of great interest in our treatment of GPS signals is the case where p = 2. In this case,
there are 2
r
polynomials of the form b
r 1
t
r 1
+ +b
1
t +b
0
Z
2
[t ] with exactly half of which having the
leading coefcient b
r 1
=0 and the other half have their leading coefcient b
r 1
=1. This means that the
trace function : F
2
r
F
2
takes the value 0 on exactly half of the elements of F
2
r
and the value 1 on the
other half.
4.6 Key properties of signals produced by a Linear Feedback Registrars: Correlation
and maximal period
We arrive at the last stop in our journey to understand the mathematics behind the signals produced by
a GPS satellite using a LFSR. This section provides the proof of the main Theorem (4.1). We start with the
notion of correlation between two "windows" of sequences produced a LFSR. It is the calculation of this
correlation that allows the GPS receiver to accurately compute the exact time taken by the GPS to reach it
from the satellite.
Denition 4.13. The correlation between two binary "windows" of the same length n: A = (a
i
)
n
i =1
and
B =(b
i
)
n
i =1
, denoted by (A, B), is dened to be (A, B) =

n
i =1
(1)
a
i
(1)
b
i
.
Let S ={1, 2, . . . , n}, S
1
={i S; a
i
=b
i
} and S
2
={i S; a
i
=b
i
}. Then
n

i =1
(1)
a
i
(1)
b
i
=

i S
1
(1)
a
i
(1)
b
i
+

i S
2
(1)
a
i
(1)
b
i
.
Note that:
If a
i
=b
i
, then (1)
a
i
(1)
b
i
=(1)
2a
i
=1, so

i S
1
(1)
a
i
(1)
b
i
=1+1+ +1 as many times as the
number of elements in S
1
.
If a
i
=b
i
, then (1)
a
i
(1)
b
i
=1 since one of a
i
, b
i
is 0 and the other is 1 in this case. We conclude
that

i S
1
(1)
a
i
(1)
b
i
=11 1 as many times as the number of elements in S
2
.
Thus, the correlation between A and B is equal to the number of elements in S
1
minus that of S
2
. In other
words;
Proposition 4.4. The correlation between two binary windows A =(a
i
)
n
i =1
and B =(b
i
)
n
i =1
is equal to the
number of indices i where a
i
=b
i
minus the number of indices i where a
i
=b
i
.
Example 4.23. Consider the following two windows produced by the same LFSR:
101011100101110
111001011100101
Every time the numbers agree (in green), add 1 and Every time the numbers disagree (in red), subtract 1.
The resulting correlation is then 1.
34
Let us now revisit the LFSR as shown in Figure 1 above. Fix a primitive polynomial of degree r over Z
2
:
P(x) = x
r
+c
r 1
x
r 1
+ +c
1
x +c
0
whose existence is guaranteed by Theorem 4.10 above. For the coefcient vector of the LFSR, choose
the vector c = (c
r 1
, , c
1
, c
0
) whose components are the coefcients of P(x). The choice of the initial
conditions (the secret code of the LSFR) is a bit more complicated and uses the Trace function : F
p
r
F
p
dened in Example 4.22 above. We follow the following steps:
1. Start by choosing any nonzero polynomial (t ) of degree r 1 in Z
2
[x]/P(x) identied with the set
=
_
b
r 1
t
r 1
+ +b
1
t +b
0
; b
i
Z
p
and P(t ) =0
_
:
(t ) =
r 1
t
r 1
+ +
1
t +
0
,
i
Z
2
for all i =r 1, . . . , 0.
2. Dene a
0
=() =
r 1
.
3. Next, we compute t (t ) as an element of Z
2
[x]/P(x). Remember that the equation P(t ) =0 trans-
lates to t
r
=c
r 1
t
r 1
+ +c
1
t +c
0
since c
i
=c
i
in the eld Z
2
.
t (t ) = t
_

r 1
t
r 1
+ +
1
t +
0
_
=
r 1
t
r
+
r 2
t
r 1
+
1
t
2
+
0
t
=
r 1
_
c
r 1
t
r 1
+ +c
1
t +c
0
_
+
r 2
t
r 1
+
1
t
2
+
0
t
= (
r 1
c
r 1
+
r 2
) t
r 1
+ +(
r 1
c
1
+
0
) t +
r 1
c
0
4. Dene a
1
=(t (t )) =
r 1
c
r 1
+
r 2
5. To dene a
2
, we compute rst t
2
(t ) as a polynomial of degree r 1 in t (always using the identity
P(t ) =0) and then we dene a
2
as the trace of that polynomial: a
2
=(t
2
(t ))
6. In general, a
i
=(t
i
(t )) for all i {0, 1, . . . , r 1}.
7. We take (a
0
, a
1
, ..., a
r 1
) to be the initial window of the LFSR.
But what is the big deal? why do we need P(x) to be primitive and why this complicated way of choos-
ing the initial window? Be patient, you have gone a long way so far and the answers will follow shortly.
Note that:
(t
r
) = (c
r 1
t
r 1
+ +c
1
t +c
0
) (since t
r
=c
r 1
t
r 1
++ +c
1
t +c
0
)
= c
r 1
(t
r 1
) + +c
1
(t ) +c
0
() (by the linearity of the trace map )
= c
r 1
a
r 1
+ +c
1
a
1
+c
0
a
0
(by our denition of the initial conditions a
0
, . . . , a
r 1
)
35
Look closely at the last expression. Isnt that the way the LFSR computes its next term a
r
? We conclude
that (t
r
) = a
r
. In fact, it is not hard to show that any term in the sequence produced by a LFSR can be
obtained this way. More specically,
a
k
=(t
k
), k =0, 1, 2, . . . (1)
The proof is left to the reader.
We are now ready to prove Theorem 4.1.
Proof of Theorem4.1. With the above choice of the coefcients (as coefcients of a primitive polynomial)
and the secret code, we showthat the minimal period of a sequence produced by a LFSR with r registers is
precisely N =2
r
1. We already know(see Remark 4.1) that the sequence is periodic and that the maximal
length of its minimal period is 2
r
. Assume that T is the minimal period of the sequence. Since P(x) is
chosen to be a primitive polynomial, t is a generator of the multiplicative group of the eld Z
2
[x]/P(x)
which contains N =2
r
1 elements and therefore t
N
=1. Moreover, for any n N, we have
a
n+N
=(t
n+N
) =(t
N
t
n
) =(t
n
) =a
n
.
This shows in particular that N = 2
r
1 is a period of the sequence and by the minimality of T, we have
that T N. On the other hand, given k N, the equation a
k+T
= a
k
translates to (t
k+T
) = (t
k
) or
equivalently to
(t
k
(t
T
1)) =0 (2)
by the linearity of . Assume (t
T
1) = 0, then (t
T
1) = 0 as a product of two nonzero elements of the
eld Z
2
[x]/P(x). But remember that P(x) was chosen to be minimal for a reason: any nonzero element
of Z
2
[x]/P(x) is a power of t , in particular (t
T
1) = t
n
for some n
_
0, 1, 2, . . . , 2
r
2
_
and therefore
t
k
(t
T
1) = t
k+n
. The elements t
k
(t
T
1) are then just permutations of the elements of multiplicative
group F

2
r
=
_
1, t , t
2
, . . . , t
N1
_
. Equation (2) implies that the trace function takes the value zero every-
where on F

2
r
which is absurd. Therefore t
T
1 = 0 or equivalently t
T
= 1. By denition of the order of
t as element of the multiplicative group of the eld Z
2
[x]/P(x), N = 2
r
1 is the smallest positive inte-
ger satisfying t
N
= 1. Since T N and t
T
= 1, we conclude that T = N and so the minimal period of the
sequence a
n
is indeed N =2
r
1.
We can actually say more about the sequence produced by a LFSR as constructed above.
Theorem4.11. Consider the binary sequence produced by a LFSR with r registers constructed using the
coefcients of a primitive polynomial and secret code produced by the Trace function as above. Let W
1
=
(a
n
, a
n+1
, . . . , a
n+N1
) and W
2
= (a
m
, a
m+1
, . . . , a
m+N1
) be two windows (with m > n) of the sequence of
length equal to the minimal period N = 2
r
1 of the sequence. Then the correlation between W
1
and
36
W
2
is given by:
=
_
1 if mn is not a multiple of N
N if mn is a multiple of N
Proof
We use the denition of the windows correlation,
=
N1

k=0
(1)
a
n+k
(1)
a
m+k
=
N1

k=0
(1)
(t
n+k
)
(1)
(t
m+k
)
(By relation (1) above)
=
N1

k=0
(1)
(t
n+k
)+(t
m+k
)
=
N1

k=0
(1)

_
t
n+k
+t
m+k

_
(By the linearity of the trace function)
=
N1

k=0
(1)

_
t
n+k
(1+t
mn
)
_
.
If mn =N is a multiple of N, then t
mn
=
_
t
N
_

=1 since t
N
=1 (remember that t is the generator of a
group of order N), so 1+t
mn
=2 =0 and (1)

_
t
n+k
(1+t
mn
)
_
=1 for all k in this case. This implies that the
correlation is = 1+1+ +1
. .
N
= N. Assume next that mn is not a multiple of N, then the polynomial
1+t
mn
is nonzero and therefore (1+t
mn
) is also nonzero as the product of two nonzero elements of
the eld Z
2
[x]/P(x). As in the proof of Theorem 4.1, the fact that P(x) is chosen to be primitive comes
in very handy now:

_
1+t
mn
_
=0
_
1+t
mn
_
=t
j
for some j {0, 1, 2, . . . , N 1}.
As k takes all values in the set {0, 1, . . . , N 1}, the elements t
n+k
(1+t
mn
) = t
j +n+k
are just permuta-
tions of the elements of F

2
r
= {1, t , t
2
, . . . , t
N1
}. As seen above, the trace function takes he value 0 on
exactly half of the elements of the set F
2
r and the value 1 on the other half. This implies in particular that

i
F
2
r
(1)
(
i
)
=0. Now, since (1)
(0)
=1, the last sum in the above expression of can be written as
N1

k=0
(1)

_
t
n+k
(1+t
mn
)
_
=

i
F
2
r
(1)
(
i
)
. .
0
(1)
(0)
=1.
This proves that the correlation between the two window is 1 in this case
This is indeed an amazing fact: Take any two windows of the same length 2
r
1 (length of a minimal
period) in a sequence producedby a LFSR, then youare that the number of terms which disagree is always
one more than the number of terms which agree (provided, as in the Theorem, that mn is not a multiple
of N =2
r
1)
37
4.7 Howis the Shifting of signals would tell the time?
Each satellite transmits a pseudo random code (PRN) in the form of a sequence of packages of "chips"
which the receiver can decode, convert into a binary sequence and compare with the pseudo random
codes stored in its memory. As explained earlier, the two codes will not coincide because of the run-
time of the signal from the satellite. The GPS receiver shifts its signal by one unit and compares with the
captured signal by calculating the correlation between the two windows. This process is repeated until
a correlation zero is attained and hence perfect synchronization between the two signals. The receiver
records the number n of "shifts" needed to acheive that perfect synchronization.
The LFSR used to produce the satellite code has r =10 cells, producing a sequence of minimal period of
2
10
1 =1023 bits by the above discussion. Practically, this means that each "window" of the satellite PNR
is formed by 1023 chips. The satellite PNR is transmitted at a speed of 1.023 MHz or 1023000 cycles (or
windows) per second. This means that every window of minimal period is repeated every 0.001 second
(or 1000 microseconds). At the speed of 299,792,458 meters per second (speed of light), 0.001 second cor-
respond to a distance of 299.792458 km. Dividing this distance with the minimal period of the sequence
(1023) would give a distance of 0.293052256 kmper chip. The departure time fromthe satellite of the start
of the window is encrypted in the code and hence is known by the receiver. The number n of shifts is then
multiplied by 0.293052256 and the result is divided by the speed of light. The answer that we get is the
time gap between the departure of the window from the satellite (according to the satellite clock) and the
arrival time to the reception (according to the receiver clock).
38