On the Dimensions of Hermitian Subfield Subcodes from Higher-Degree Places

Abstract

The focus of our research is the examination of Hermitian curves over finite fields, specifically concentrating on places of degree three and their role in constructing Hermitian codes. We begin by studying the structure of the Riemann–Roch space associated with these degree-three places, aiming to determine essential characteristics such as the basis. The investigation then turns to Hermitian codes, where we analyze both functional and differential codes of degree-three places, focusing on their parameters and automorphisms. In addition, we explore the study of subfield subcodes and trace codes, determining their structure by giving lower bounds for their dimensions. This presents a complex problem in coding theory. Based on numerical experiments, we formulate a conjecture for the dimension of some subfield subcodes of Hermitian codes. Our comprehensive exploration seeks to deepen the understanding of Hermitian codes and their associated subfield subcodes related to degree-three places, thus contributing to the advancement of algebraic coding theory and code-based cryptography.

1. Introduction

The advent of quantum computers presents significant threats to classical cryptographic schemes, requiring the development of post-quantum cryptographic primitives that resist quantum attacks. In this regard, algebraic geometry (AG) codes have gained considerable attention due to their error-correcting capabilities and potential applications in secure communication and cryptographic protocols. Among various classes of AG codes, subfield subcodes stand out against structural attacks, making them good candidates for deployment in post-quantum cryptography.

Within linear codes over finite field extensions, the process of generating subfield subcodes, commonly referred to as restriction, entails converting a given linear code C over a large field extension ${\mathbb{F}}_{q^n}$ into a code that is defined over a subfield ${\mathbb{F}}_{q^m}$, where m divides n. This strategic approach restricts the codewords of C to elements found within the smaller field ${\mathbb{F}}_{q^m}$, effectively concealing the details about the structure inherent in C. A classic example of this concept is the Reed–Solomon codes, which are algebraic geometry (AG) codes constructed over a projective line. They are widely used in practical applications, with their subfield subcodes represented by Goppa codes. In particular, in cryptography, especially within a McEliece cryptosystem, subfield subcodes play a crucial role in hiding the code structure, thus enhancing its resilience against distinguishing attacks [1,2]. The long-lasting security of the McEliece cryptosystem based on Goppa codes [3] emphasizes its effectiveness in preventing such attacks. Despite subsequent proposals exploring Reed–Solomon codes [4], AG codes, and their subcodes [5], all have been susceptible to structural attacks. By imposing restrictions, cryptographic systems can enhance their security by minimizing the risk of potential attacks aimed at distinguishing the chosen subfield subcode. With growing interest in AG codes, particularly Hermitian codes, they are being evaluated as feasible alternatives to Reed–Solomon codes in specific applications [6]. Hermitian codes have been extensively studied in prior research [7,8,9,10,11,12], particularly those associated with the point at infinity of the Hermitian curve. However, in [13,14], the authors introduced an alternative construction of Hermitian codes associated with higher-degree places on the Hermitian curve.

Our contribution involves conducting further research on Hermitian codes associated with degree-three places, deriving additional properties, and establishing explicit bases for the corresponding Riemann–Roch spaces; additionally, this should align with previous findings in [13]. The stabilizer of a degree-three place has order $3(q^2-q+1)$; the action of this group and the associated quotient curve has been studied by Cossidente, Korchmáros, and Torres [15]. We make heavy use of their approach which relates the Hermitian curve with the curve projective curve $X{Y}^q+Y{Z}^q+Z{X}^q=0$. Beelen, Montanucci, and Vicino [16] studied another class of Hermitian quotient curves, which are obtained by automorphisms stabilizing a degree-three place of the Hermitian curve.

One-point Hermitians of degree-three places have improved minimum distances, as shown by the Matthews–Michel bound [14], and have been further strengthened by Korchmáros and Nagy in [13]. Moreover, we explore the properties of their subfield subcodes, with a particular focus on determining their true dimensions through explicit constructions. This investigation aims to provide a precise understanding of the codes’ capabilities for our future work. Since the family of subfield subcodes of Hermitian codes associated with degree-three places holds promise for the construction of an improved and secure McEliece cryptosystem, the aforementioned investigation will enable a comparison of these parameters with those of other existing codes (see [12], Table 1), such as Goppa codes, to assess the potential improvement in the key size of the McEliece cryptosystem. This suggests that such a proposal could reduce the key size and meet the security level required by NIST [17]. Using bounds on the dimensions offers only an estimate of the code’s performance, which means that this will not help us accurately decide whether these codes can achieve the required security level with an improved key size.

The paper is structured as follows. In Section 2, we introduce the essential background of AG codes constructed from a Hermitian curve, including Hermitian curves, divisors, and the Riemann–Roch space. In Section 3, we provide some facts on the geometry of degree 3 places of the Hermitian curve, and the unitary transformations which stabilize the given degree-three place. Our main tool is the Hermitian sesquilinear form $\langle u,v\rangle =u_1{v}_1^q-u_2{v}_3^q-u_3{v}_2^q$ and the Frobenius map ${\mathrm{Fr}}_{q^2}$. Section 4 deals with their corresponding Riemann–Roch spaces. We explore their structure and give explicit and practical bases over ${\mathbb{F}}_{q^6}$, and a decomposition into invariant subspaces over ${\mathbb{F}}_{q^2}$ (Theorem 3). In Section 5, we study the functional and differential Hermitian codes of a degree 3 place, where we explicitly give the monomial equivalence between them (Theorem 4). In Section 6, we give the main result on the dimensions of the subfield subcodes of degree 3 place Hermitian codes (Theorem 5). This result consists of a theorem that provides a lower bound on the dimensions of the underlying codes, while the conjecture suggests a possible equality based on numerical experiments.

The computational results were obtained using the HERmitian package [18] within the GAP [19] computer algebra system. This involved implementing higher-degree places of Hermitian curves, their divisors and the associated Hermitian codes. This package employs a generic method for computing the bases of Riemann–Roch spaces, independent of the results presented in this paper. Specifically, we acquired computational evidence supporting Conjecture 1 without relying on the theoretical findings of this work.

2. Algebraic Geometry (AG) Codes

2.1. Hermitian Curves and Their Divisors

For more details, we refer the reader to [15,20,21]. The Hermitian curve, denoted as ${\mathcal{H}}_q$, over the finite field ${\mathbb{F}}_{q^2}$ in affine coordinates is given by the equation:

$${\mathcal{H}}_q:Y^q+Y=X^{q+1}.$$

This curve has a genus $g=\frac{q(q-1)}{2}$, classifying it as a maximal curve because it achieves the maximum number of ${\mathbb{F}}_{q^2}$-rational points, which is $\#{\mathcal{H}}_q\left({\mathbb{F}}_{q^2}\right)=q^3+1$. Furthermore, ${\mathcal{H}}_q$ has a unique point at infinity, denoted $Q_{\infty }$.

A divisor on ${\mathcal{H}}_q$ is a formal sum $D=n_1{Q}_1+\cdots +n_k{Q}_k$, where $n_1,\cdots ,n_k$ are integers and $Q_1,\cdots ,Q_k$ are points on ${\mathcal{H}}_q$. The degree of the divisor D is defined as $deg\left(D\right)={\sum }_{i=1}^k{n}_i$. The valuation of D at a point $Q_i$ is $v_{Q_i}\left(D\right)=n_i$, and the support of D is the set $\{Q_i\mid n_i\ne 0\}$.

The Frobenius automorphism, denoted as ${\mathrm{Fr}}_{q^2}$, is defined over the algebraic closure ${\overline{\mathbb{F}}}_{q^2}$ and acts on elements as follows:

$${\mathrm{Fr}}_{q^2}:{\overline{\mathbb{F}}}_{q^2}\to {\overline{\mathbb{F}}}_{q^2},x\mapsto x^{q^2}.$$

It acts on the points of ${\mathcal{H}}_q$ by applying ${\mathrm{Fr}}_{q^2}$ to their coordinates. A point Q on ${\mathcal{H}}_q$ is ${\mathbb{F}}_{q^2}$-rational if and only if it is fixed by ${\mathrm{Fr}}_{q^2}\left(Q\right)$. Over ${\overline{\mathbb{F}}}_{q^2}$, the points in ${\mathcal{H}}_q$ correspond one-to-one to the places in the function field ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$.

For a divisor D, its Frobenius image is given by

$${\mathrm{Fr}}_{q^2}\left(D\right)=n_1{\mathrm{Fr}}_{q^2}\left(Q_1\right)+\cdots +n_k{\mathrm{Fr}}_{q^2}\left(Q_k\right).$$

and D is ${\mathbb{F}}_{q^2}$-rational if $D={\mathrm{Fr}}_{q^2}\left(D\right)$. In particular, if all points $Q_1,\dots ,Q_k$ are in ${\mathcal{H}}_q\left({\mathbb{F}}_{q^2}\right)$, then D is inherently ${\mathbb{F}}_{q^2}$-rational.

2.2. Riemann–Roch Spaces

For a non-zero function g in the function field ${\overline{\mathbb{F}}}_{q^2}$ and a place P, $v_P\left(g\right)$ stands for the order of g at P. If $v_P\left(g\right)>0$, then P is a zero of g, while if $v_P\left(g\right)<0$, then P is a pole of g with multiplicity $-v_P\left(g\right)$. The principal divisor of a non-zero function g is $\left(g\right)={\sum }_P{v}_P\left(g\right)P$.

The Riemann–Roch space associated with an ${\mathbb{F}}_{q^2}$-rational divisor G is the ${\mathbb{F}}_{q^2}$ vector space

$$\mathcal{L}\left(G\right):=\{g\in {\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)\mid \left(g\right)+G\ge 0\}\cup 0.$$

From ([20], Riemann’s Theorem 1.4.17), we have

$$dim\mathcal{L}\left(G\right)\ge deg\left(G\right)+1-\mathfrak{g},$$

with equality if $deg\left(G\right)\ge 2\mathfrak{g}-1$.

In this work, our primary focus is on an ${\mathbb{F}}_{q^2}$-rational divisor G of the form $sP$, where P is a degree r place in ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$ and s is a positive integer. In the extended constant field ${\mathbb{F}}_{q^6}\left({\mathcal{H}}_q\right)$ of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$ with degree r, let $P_1,P_2,\cdots ,P_r$ be the extensions of P. These points are degree-one places in ${\mathbb{F}}_{q^{2r}}\left({\mathcal{H}}_q\right)$, and, after appropriately labeling the indices, $P_i={\mathrm{Fr}}_{q^2}^i\left(P_1\right)$, where the indices are considered modulo r.

2.3. Hermitian Codes

Here, we outline the construction of an AG code from the Hermitian curve.

In algebraic coding theory, Hermitian codes stand out as a significant class of algebraic geometry (AG) codes, renowned for their distinctive properties. These codes are constructed from Hermitian curves defined over finite fields. These codes are typically viewed as functional AG codes, denoted by $C_{\mathcal{L}}(D,G)$. In this standard approach, the divisor G is usually a multiple of a single place of degree one. The set $\mathcal{P}$, which encompasses all the rational points in ${\mathcal{H}}_q$, is listed as $\{Q_1,\dots ,Q_n\}$. This approach gives rise to a structure known as a one-point code. However, it is important to note that recent research in the field suggests that the use of a more varied selection for the divisor G can result in the creation of better AG codes [13,14].

Consider a divisor $D=Q_1+Q_2+\cdots +Q_n$, where all $Q_i$ are distinct rational points, and an ${\mathbb{F}}_{q^2}$-rational divisor G such that $Supp\left(G\right)\cap Supp\left(D\right)=\varnothing$. By numbering the places in the support of D, we define an evaluation map ${ev}_D$ such that ${ev}_D\left(g\right)=(g\left(Q_1\right),\dots ,g\left(Q_n\right))$ for $g\in \mathcal{L}\left(G\right)$.

The functional AG code associated with the divisor G is

$$C_{\mathcal{L}}(D,G):=\{(g\left(Q_1\right),g\left(Q_2\right),\cdots ,g\left(Q_n\right))\mid g\in \mathcal{L}\left(G\right)\}={ev}_D\left(\mathcal{L}\left(G\right)\right),$$

Theorem 1 

([20], Theorem 2.2.2). $C_{\mathcal{L}}(D,G)$ is an $[n,k,d]$ code with parameters

$$k=dim\mathcal{L}\left(G\right)-dim\mathcal{L}(G-D)\mathrm{and}d\ge n-degG.$$

The dual of an AG code can be described as a residue code (see [20] for more details), i.e.,

$$C_{\mathcal{L}}{(D,G)}^{\perp }=C_{\Omega }(D,G).$$

Furthermore, the differential code $C_{\Omega }(D,G)$ is monomially equivalent to the functional code

$$C_{\mathcal{L}}(D,W+D-G),$$

where W represents a canonical divisor of ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$. The notion of monomial equivalence of codes is defined as follows. Let $C\le {\mathbb{F}}_q^n$ be linear subspaces and $\mathit{\mu }=({\mu }_1,\dots ,{\mu }_n)\in {\left({\mathbb{F}}_q^{*}\right)}^n$ with non-zero entries. We define the Schur product

$$\mathit{\mu }★C=\{({\mu }_1{x}_1,\dots ,{\mu }_n{x}_n)\mid (x_1,\dots ,x_n)\in C\}.$$

The vector $\mathit{\mu }$ is also called a multiplier. Clearly, $\mathit{\mu }★C\le {\mathbb{F}}_q^n$. Two linear codes $C_1,C_2\le {\mathbb{F}}_q^n$ are monomially equivalent if $C_2=\mathit{\mu }★C_1$ for some multiplier $\mathit{\mu }$. Monomially equivalent codes share identical dimensions and minimum distances; however, this correspondence does not preserve all crucial properties of the code.

2.4. Subfield Subcodes and Trace Codes

For the efficient construction of codes over ${\mathbb{F}}_q$, one approach involves working with codes originally defined over an extension field ${\mathbb{F}}_{q^m}$. When considering a code $\mathcal{C}$ within ${\mathbb{F}}_{q^m}^n$, a subfield subcode of $\mathcal{C}$ is its restriction to the field ${\mathbb{F}}_q$. This process, often employed in the definition of codes such as BCH codes, Goppa codes, and alternant codes, plays a fundamental role.

Let q be a prime power and m be a positive integer. Let C denote a linear code of parameters $[n,k]$ defined over the finite field ${\mathbb{F}}_{q^m}$. The subfield subcode of C over ${\mathbb{F}}_q$, represented as ${C|}_{{\mathbb{F}}_q}$, is the set

$${C|}_{{\mathbb{F}}_q}=C\cap {\mathbb{F}}_q^n,$$

which consists of all codewords in C that have their components in ${\mathbb{F}}_q$.

The subfield subcode ${C|}_{{\mathbb{F}}_q}$ is a linear code over ${\mathbb{F}}_q$ with parameters $[n,k_0,d_0]$, satisfying the inequalities $d\le d_0\le n$ and $n-k\le n-k_0\le m(n-k)$. Moreover, a parity check matrix for C over ${\mathbb{F}}_q$ provides up to $m(n-k)$ linearly independent parity check equations over ${\mathbb{F}}_q$ for the subfield subcode ${C|}_{{\mathbb{F}}_q}$. Typically, the minimum distance $d_0$ of the subfield subcode exceeds that of the original code C.

Let ${Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}$ denote the trace function from ${\mathbb{F}}_{q^m}$ down to ${\mathbb{F}}_q$, expressed as

$${Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(x\right)=x+x^q+x^{q^2}+\dots +x^{q^{m-1}}.$$

For any vector $c=(c_1,c_2,\dots ,c_n)\in {\mathbb{F}}_q^n$, we define

$${Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(c\right)=\left({Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(c_1\right),{Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(c_2\right),\dots ,{Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(c_n\right)\right).$$

Furthermore, for a linear code C of length n and dimension k over ${\mathbb{F}}_{q^m}$, the code

$${Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(C\right)=\{{Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(c\right)\mid c\in C\}$$

is a linear code of length n and dimension $k_1$ over ${\mathbb{F}}_q$.

A seminal result by Delsarte connects subfield subcodes with trace codes:

Theorem 2 

([22]). Let C be an $[n,k]$ linear code over ${\mathbb{F}}_q$. Then, the dual of the subfield subcode of C is the trace code of the dual code of C, i.e.,

$${\left(C{|}_{{\mathbb{F}}_q}\right)}^{\perp }={Tr}_{{\mathbb{F}}_{q^m}/{\mathbb{F}}_q}\left(C^{\perp }\right).$$

Finding the exact dimension of a subfield subcode of a linear code is typically a hard problem. However, a basic estimation can be obtained by applying Delsarte’s theorem [22]:

$${dimC|}_{{\mathbb{F}}_q}\ge n-m(n-k).$$

(1)

In [20] (Chapter 9), various results are discussed with respect to the subfield subcodes and trace codes of AG codes. This motivated us to formulate the following propositions on the dimension of the subfield subcodes of AG codes, which are useful for the case $G=sP$ with a place P of higher degree.

Proposition 1. 

Let $G_1$ be a positive divisor of the Hermitian curve ${\mathcal{H}}_q$ and $D=Q_1+\cdots +Q_n$ be the sum of ${\mathbb{F}}_{q^2}$-rational places such that $Supp\left(G\right)\cap Supp\left(D\right)=\varnothing$. Assume that $deg{G}_1<n/q$. Then,

$$dim{C}_{\mathcal{L}}(D,G_1){\mid }_{{\mathbb{F}}_q}=1.$$

Proof. 

Let f be a function in $\mathcal{L}\left(G_1\right)$ such that $f\left(Q_i\right)\in {\mathbb{F}}_q$ for $i=1,\cdots ,n$. Then, $f^q-f\in \mathcal{L}\left(q{G}_1\right)$ (since $\mathcal{L}{\left(G_1\right)}^q\subseteq \mathcal{L}\left(q{G}_1\right)$), and hence $f^q-f\in \mathcal{L}(q{G}_1-D)$, where

$$\mathcal{L}(q{G}_1-D)=ker\left({ev}_D\right)=\left\{x\in \mathcal{L}\left(q{G}_1\right)\mid v_{P_i}\left(x\right)>0\mathrm{for}i=1,\dots ,n\right\}.$$

Since $deg(q{G}_1-D)<0$, it follows that $\mathcal{L}(q{G}_1-D)=0$ and $f^q-f=0$, which implies that $f\in {\mathbb{F}}_q$. Consequently, $dim{C}_{\mathcal{L}}(D,G_1){|}_{{\mathbb{F}}_q}=1$. □

3. The Geometry of Hermitian Degree-Three Places

In this section, we collect useful facts on degree-three places of the Hermitian curve, their stabilizer subgroups, and Riemann–Roch spaces.

3.1. The Hermitian Sesquilinear Form

The Hermitian curve ${\mathcal{H}}_q$ has the affine equation $X^{q+1}=Y+Y^q$. The Hermitian function field ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$ is generated by $x,y$ so that $x^{q+1}=y+y^q$ holds. The Frobenius field automorphism ${\mathrm{Fr}}_{q^2}:x\mapsto x^{q^2}$ of the algebraic closure ${\overline{\mathbb{F}}}_{q^2}$ includes an action on rational functions, places, divisors, and curve automorphisms. For this action, we continue to use the notation ${\mathrm{Fr}}_{q^2}$ in the exponent: $P^{{\mathrm{Fr}}_{q^2}}$, $f^{{\mathrm{Fr}}_{q^2}}$, $D^{{\mathrm{Fr}}_{q^2}}$, etc.

Let K be a field extension of ${\mathbb{F}}_{q^2}$. An affine point is a pair $(a,b)\in K^2$. A projective point $(a:b:c)$ is a one-dimensional subspace $\left\{\right(at,bt,ct)\mid t\in K\}$ of $K^3$. If $c\ne 0$, then the projective point $(a:b:c)$ is identified with the affine point $(a/c,b/c)$. For $u=(u_1,u_2,u_3),$$v=(v_1,v_2,v_3)\in K^3$, we define the Hermitian form

$$\begin{array}{c}\hfill \langle u,v\rangle =u_1{v}_1^q-u_2{v}_3^q-u_3{v}_2^q.\end{array}$$

Clearly, $\langle u,v\rangle$ is additive in u and v, $\langle \alpha u,\beta v\rangle =\alpha {\beta }^q\langle u,v\rangle$, and

$$\begin{array}{c}\hfill {\langle u,v\rangle }^q=\langle v^{{\mathrm{Fr}}_{q^2}},u\rangle .\end{array}$$

The point u is self-conjugate if

$$\begin{array}{c}\hfill 0=\langle u,u\rangle =u_1^{q+1}-u_2{u}_3^q-u_2^q{u}_3.\end{array}$$

This is the projective equation $X^{q+1}-Y{Z}^q-Y^{q}Z=0$ of the Hermitian curve ${\mathcal{H}}_q$.

Let $u=(u_1:u_2:u_3)$ be a projective point. The polar line of u has equation

$$u^{\perp }:\langle (X_1,X_2,X_3),u\rangle =u_1^q{X}_1-u_3^q{X}_2-u_2^q{X}_3=0.$$

If u is on ${\mathcal{H}}_q$, then $u^{\perp }$ is the tangent line at u. More precisely, $u^{\perp }$ intersects ${\mathcal{H}}_q$ at u and $u^{{\mathrm{Fr}}_{q^2}}$ with multiplicities q and 1, respectively. If u is ${\mathbb{F}}_{q^2}$-rational, then $u=u^{{\mathrm{Fr}}_{q^2}}$, and the intersection multiplicity is $q+1$.

3.2. Unitary Transformations and Curve Automorphism

Let A be a $3\times 3$ matrix. The linear map $u\mapsto uA$ will also be denoted by A. If A is invertible, then it induces a projective linear transformation, denoted by $\widehat{A}:(u_1:u_2:u_3)\mapsto (u_1^{\prime }:u_2^{\prime }:u_3^{\prime })={(u_1:u_2:u_3)}^{\widehat{A}}$, where

$$\begin{array}{cc}\hfill u_1^{\prime }& =a_{11}{u}_1+a_{21}{u}_2+a_{31}{u}_3,\hfill \\ \hfill u_2^{\prime }& =a_{12}{u}_1+a_{22}{u}_2+a_{32}{u}_3,\hfill \\ \hfill u_3^{\prime }& =a_{13}{u}_1+a_{23}{u}_2+a_{33}{u}_3.\hfill \end{array}$$

We use the same notation $\widehat{A}:(X,Y)\mapsto (X^{\prime },Y^{\prime })={(X,Y)}^{\widehat{A}}$ for the partial affine map:

$$\begin{array}{c}\hfill (X,Y)\mapsto (X^{\prime },Y^{\prime })=\left(\frac{a_{11}X+a_{21}Y+a_{31}}{a_{13}X+a_{23}Y+a_{33}},\frac{a_{12}X+a_{22}Y+a_{32}}{a_{13}X+a_{23}Y+a_{33}}\right).\end{array}$$

The action $f(X,Y)\mapsto f({(X,Y)}^{{\widehat{A}}^{-1}})$ of $\widehat{A}$ on rational functions will be indicated by $A^{*}$. The following lemma is straightforward.

Lemma 1. 

Let $f(X,Y)$ be a polynomial of total degree n. Define the degree n homogeneous polynomial $F(X,Y,Z)=Z^{n}f(X/Z,Y/Z)$. Then,

$$f^{A^{*}}(X,Y)=\frac{F\left((X,Y,1)A^{-1}\right)}{{(a_{13}X+a_{23}Y+a_{33})}^n}.$$

We remark that the line $a_{13}X+a_{23}Y+a_{33}=0$ can be seen as the pre-image of the line at infinity under $\widehat{A}$.

The linear transformation A is unitary if

$$\langle uA,vA\rangle =\langle u,v\rangle$$

holds for all $u,v$. Since $\langle .,.\rangle$ is non-degenerate, unitary transformations are invertible. Moreover, for all $u,v$, one has

$$\begin{array}{cc}\hfill \langle (v^{{\mathrm{Fr}}_{q^2}})A,uA\rangle & =\langle v^{{\mathrm{Fr}}_{q^2}},u\rangle \hfill \\ \hfill & ={\langle u,v\rangle }^q\hfill \\ \hfill & ={\langle uA,vA\rangle }^q\hfill \\ \hfill & =\langle {\left(vA\right)}^{{\mathrm{Fr}}_{q^2}},uA\rangle .\hfill \end{array}$$

This implies $(v^{{\mathrm{Fr}}_{q^2}})A={\left(vA\right)}^{{\mathrm{Fr}}_{q^2}}$ for all v, that is, A and ${\mathrm{Fr}}_{q^2}$ commute. This shows that unitary transformations are defined over ${\mathbb{F}}_{q^2}$. They form a group which is denoted by $GU(3,q)$. A useful fact is that if $b_1,b_2,b_3$ is a basis and

$$\langle b_{i}A,b_{j}A\rangle =\langle b_i,b_j\rangle$$

for all $i,j\in \{1,2,3\}$, then A is unitary.

Let $A\in GU(3,q)$. If $(x,y)$ is a generic point of ${\mathcal{H}}_q$, then $(x^{\prime },y^{\prime })={(x,y)}^{\widehat{A}}$ satisfies

$${\left(x^{\prime }\right)}^{q+1}-y^{\prime }-{\left(y^{\prime }\right)}^q=\langle x^{\prime },y^{\prime }\rangle =\langle x,y\rangle =0.$$

Therefore, $(x^{\prime },y^{\prime })$ is a generic point of ${\mathcal{H}}_q$, and $A^{*}$ induces an automorphism of the function field ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$. If A is defined over ${\mathbb{F}}_{q^2}$, then $A^{*}$ is an automorphism of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$.

3.3. Places of Degree Three and Their Lines

Let $a_1,b_1\in {\mathbb{F}}_{q^6}\setminus {\mathbb{F}}_{q^2}$ be scalars such that $a_1^{q+1}=b_1+b_1^q$. In other words, $(a_1,b_1)$ is an affine point of ${\mathcal{H}}_q:X^{q+1}=Y+Y^q$, defined over ${\mathbb{F}}_{q^6}$. Write $a_2=a_1^{q^2}$, $b_2=b_1^{q^2}$, $a_3=a_2^{q^2}$, $b_3=b_2^{q^2}$, and $p_i=(a_i,b_i,1)$. Then, $p_{i+1}=p_i^{{\mathrm{Fr}}_{q^2}}$, $\langle p_i,p_i\rangle =0$, and

$$\begin{array}{c}\hfill 0={\langle p_i,p_i\rangle }^q=\langle p_i^{{\mathrm{Fr}}_{q^2}},p_i\rangle =\langle p_{i+1},p_i\rangle \end{array}$$

hold for $i=1,2,3$, with the indices taking modulo three. Since $\langle .,.\rangle$ is non-trivial, ${\gamma }_i=\langle p_i,p_{i+1}\rangle \in {\mathbb{F}}_{q^6}\setminus \left\{0\right\}$. More precisely,

$$\begin{array}{c}\hfill {\gamma }_1^{q^3}={\langle p_1,p_2\rangle }^{q^3}={\langle p_2^{{\mathrm{Fr}}_{q^2}},p_1\rangle }^{q^2}=\langle p_2^{{\left({\mathrm{Fr}}_{q^2}\right)}^2},p_1^{{\mathrm{Fr}}_{q^2}}\rangle =\langle p_1,p_2\rangle ={\gamma }_1,\end{array}$$

which shows ${\gamma }_i\in {\mathbb{F}}_{q^3}\setminus \left\{0\right\}$. Clearly, ${\gamma }_{i+1}={\gamma }_i^{q^2}$ and ${\gamma }_{i+2}={\gamma }_i^q$. By ${\gamma }_i\ne 0$, the vectors $p_1,p_2,p_3$ are linearly independent over ${\mathbb{F}}_{q^6}$.

Let K be a field containing ${\mathbb{F}}_{q^6}$. Since $p_1,p_2,p_3$ is a basis in $K^3$, any $u\in K^3$ can be written as

$$\begin{array}{c}\hfill u=x_1{p}_1+x_2{p}_2+x_3{p}_3,\end{array}$$

with $x_i\in K$. Computing

$$\begin{array}{c}\hfill \langle u,p_{i+1}\rangle =\langle x_1{p}_1+x_2{p}_2+x_3{p}_3,p_{i+1}\rangle =x_i\langle p_i,p_{i+1}\rangle ,\end{array}$$

we obtain $x_i=\langle u,p_{i+1}\rangle /{\gamma }_i$. In the basis $p_1,p_2,p_3$, the Hermitian form has the shape

$$\begin{array}{cc}\hfill \langle u,v\rangle & =\langle x_1{p}_1+x_2{p}_2+x_3{p}_3,y_1{p}_1+y_2{p}_2+y_3{p}_3\rangle \hfill \\ \hfill & =x_1{y}_2^q\langle p_1,p_2\rangle +x_2{y}_3^q\langle p_2,p_3\rangle +x_3{y}_1^q\langle p_3,p_1\rangle \hfill \\ \hfill & ={\gamma }_1{x}_1{y}_2^q+{\gamma }_1^{q^2}{x}_2{y}_3^q+{\gamma }_1^{q^4}{x}_3{y}_1^q.\hfill \end{array}$$

In this coordinate frame, the Hermitian curve has projective equation

$$\begin{array}{c}\hfill {\gamma }_1{X}_1{X}_2^q+{\gamma }_1^{q^2}{X}_2{X}_3^q+{\gamma }_1^{q^4}{X}_3{X}_1^q=0.\end{array}$$

Let $x,y$ be the generators of the function field ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$ such that $x^{q+1}=y+y^q$. Write

$$\begin{array}{c}\hfill {\ell }_i=\langle (x,y,1),p_i\rangle =a_i^{q}x-y-b_i^q.\end{array}$$

Then,

$$\begin{array}{c}\hfill (x,y,1)=\frac{{\ell }_2}{{\gamma }_1}{p}_1+\frac{{\ell }_3}{{\gamma }_2}{p}_2+\frac{{\ell }_1}{{\gamma }_3}{p}_3\end{array}$$

and

$$\begin{array}{c}\hfill 0=x^{q+1}-y-y^q=\langle (x,y,1),(x,y,1)\rangle =\frac{{\ell }_1{\ell }_2^q}{{\gamma }_1^q}+\frac{{\ell }_2{\ell }_3^q}{{\gamma }_2^q}+\frac{{\ell }_3{\ell }_1^q}{{\gamma }_3^q}.\end{array}$$

(2)

The Hermitian curve ${\mathcal{H}}_q$ is non-singular, the places of ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$ correspond to the projective points over the algebraic closure ${\overline{\mathbb{F}}}_{q^2}$. Let $P_i$ denote the place corresponding to $(a_i:b_i:1)$. $P_i$ is defined over ${\mathbb{F}}_{q^6}$, $P_{i+1}=P_i^{{\mathrm{Fr}}_{q^2}}$, and

$$\begin{array}{c}\hfill P=P_1+P_2+P_3\end{array}$$

is an ${\mathbb{F}}_{q^2}$-rational place of degree three.

The line $a_i^{q}X-Y-b_i^q=0$ is tangent to ${\mathcal{H}}_q$ at $p_i$; the intersection multiplicities are q and 1 at $p_i$ and $p_{i+1}$, respectively. This implies that the zero divisor ${\left({\ell }_i\right)}_0$ is $q{P}_i+P_{i+1}$, and the principal divisor of ${\ell }_i$ is

$$\begin{array}{c}\hfill \left({\ell }_i\right)=q{P}_i+P_{i+1}-(q+1)Q_{\infty }.\end{array}$$

(3)

3.4. The Stabilizer of a Degree-Three Place

Let ${\beta }_1\in {\mathbb{F}}_{q^6}$ be an element such that ${\beta }_1^{q^3+1}=1$. Define ${\beta }_2={\beta }_1^{q^2}$, ${\beta }_3={\beta }_2^{q^2}$. Then,

$$\begin{array}{c}\hfill {\beta }_i{\beta }_{i+1}^q={\beta }_i^{q^3+1}=1.\end{array}$$

For $p_i^{\prime }={\beta }_i{p}_i$, this implies that

$$\begin{array}{c}\hfill \langle p_i^{\prime },p_{i+1}^{\prime }\rangle ={\beta }_i{\beta }_{i+1}^q\langle p_i,p_{i+1}\rangle =\langle p_i,p_{i+1}\rangle .\end{array}$$

Hence, for all $i,j\in \{1,2,3\}$,

$$\begin{array}{c}\hfill \langle p_i^{\prime },p_j^{\prime }\rangle =\langle p_i,p_j\rangle .\end{array}$$

This shows that we can extend the map $p_i\mapsto p_i^{\prime }$ to a unitary linear map $B=B\left({\beta }_1\right):u\mapsto u^{\prime }$ in the following way. Write

$$\begin{array}{c}\hfill u=x_1{p}_1+x_2{p}_2+x_3{p}_3,\end{array}$$

with $x_i=\langle u,p_{i+1}\rangle /{\gamma }_i$, and define

$$\begin{array}{c}\hfill u^{\prime }=x_1{p}_1^{\prime }+x_2{p}_2^{\prime }+x_3{p}_3^{\prime }=x_1{\beta }_1{p}_1+x_2{\beta }_2{p}_2+x_3{\beta }_3{p}_3.\end{array}$$

(4)

The extension B is a unique unitary transformation. As we have seen in Section 3.2, this implies that $B=B\left({\beta }_1\right)$ is a well-defined element of the general unitary group $GU(3,q)$. The set

$$\mathcal{B}=\{B\left({\beta }_1\right)\mid {\beta }_1\in {\mathbb{F}}_{q^6},{\beta }_1^{q^3+1}=1\}$$

is a cyclic subgroup of $GU(3,q)$, whose order is $\left|\mathcal{B}\right|=q^3+1$.

In the projective plane, B induces a projective linear transformation $\widehat{B}$. $\widehat{B}$ is trivial if and only if ${\beta }_1={\beta }_2={\beta }_1^{q^2}$, that is, if and only if ${\beta }_i\in {\mathbb{F}}_{q^2}$. As $gcd(q^3+1,q^2-1)=q+1$, $\widehat{B}$ is trivial if and only if ${\beta }_1^{q+1}=1$. The set $\widehat{\mathcal{B}}=\{\widehat{B}\mid B\in \mathcal{B}\}$ is a cyclic group of unitary projective linear transformations, whose order is $|\widehat{\mathcal{B}}|=q^2-q+1$.

In a similar way, we fix the elements

$${\delta }_i={\gamma }_i^{\frac{q^3-q}{2}}.$$

since ${\gamma }_1\in {\mathbb{F}}_{q^3}$, ${\delta }_i\in {\mathbb{F}}_{q^3}$. Moreover,

$${\delta }_i^{q^3+1}={\delta }_i^2={\gamma }_i^{q^3-q}={\gamma }_i^{1-q}.$$

As before, the map

$$\Delta :p_i\mapsto p_i^{\prime \prime }={\delta }_i{p}_{i-1}$$

preserves the Hermitian form:

$$\langle p_i^{\prime \prime },p_{i+1}^{\prime \prime }\rangle =\langle {\delta }_i{p}_{i-1},{\delta }_{i+1}{p}_i\rangle ={\delta }_i^{q^3+1}\langle p_{i-1},p_i\rangle ={\gamma }_i^{1-q}{\gamma }_{i-1}={\gamma }_i.$$

Hence, $\Delta$ extends to a unitary linear map, which commutes with ${\mathrm{Fr}}_{q^2}$ and normalizes $\mathcal{B}$. Indeed,

$$p_i^{{\Delta }^{-1}B\Delta }={\left({\delta }_{i+1}^{-1}{p}_{i+1}\right)}^{B\Delta }={\left({\delta }_{i+1}^{-1}{\beta }_{i+1}{p}_{i+1}\right)}^{\Delta }={\beta }_{i+1}{p}_i,$$

and hence, ${\Delta }^{-1}B\Delta =B^{q^2}$. ${\Delta }^3$ maps $p_i$ to ${\delta }_1{\delta }_2{\delta }_3{p}_i$, and

$${\delta }_1{\delta }_2{\delta }_3={\delta }_1^{1+q+q^2}={\left({\gamma }_1^{\frac{q^3-q}{2}}\right)}^{1+q+q^2}={\left({\gamma }_1^{q^3-1}\right)}^{\frac{(q+1)q}{2}}=1.$$

Therefore, $\Delta$ has order 3.

As introduced in Section 3.2, the unitary transformations B and $\Delta$ induce automorphisms $B^{*}$ and ${\Delta }^{*}$ of the function field.

Proposition 2. 

The group ${\mathcal{B}}^{*}=\{B^{*}\mid B\in \mathcal{B}\}$ of curve automorphisms has order $q^2-q+1$, and ${\Delta }^{*}$ normalizes ${\mathcal{B}}^{*}$ by

$${\left({\Delta }^{*}\right)}^{-1}{B}^{*}{\Delta }^{*}={\left(B^{*}\right)}^{q^2}={\left(B^{*}\right)}^{q-1}.$$

Both ${\mathcal{B}}^{*}$ and ${\Delta }^{*}$ stabilize the degree-three place P.

Proposition 3. 

Let ${\beta }_1\in {\mathbb{F}}_{q^6}$ be an element such that ${\beta }_1^{q^3+1}=1$. Define ${\beta }_2={\beta }_1^{q^2}$, ${\beta }_3={\beta }_2^{q^2}$, and the unitary map $B=B\left({\beta }_1\right)\in \mathcal{B}$. Then,

$${\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right)}^{B^{*}}={\beta }_i^{q+1}\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right).$$

Proof. 

By Lemma 1,

$$\begin{array}{cc}\hfill {\ell }_i^{B^{*}}& =\frac{\langle (x,y,1)B^{-1},p_i\rangle }{w}\hfill \\ \hfill & =\frac{\langle (x,y,1),p_{i}B\rangle }{w}\hfill \\ \hfill & =\frac{\langle (x,y,1),{\beta }_i{p}_i\rangle }{w}\hfill \\ \hfill & =\frac{{\beta }_i^q{\ell }_i}{w},\hfill \end{array}$$

where the linear $w=w_{1}x+w_{2}y+w_3$ over ${\mathbb{F}}_{q^2}$ depends only on B. Therefore,

$${\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right)}^{B^{*}}=\frac{{\beta }_i^q}{{\beta }_{i+1}^q}\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right)={\beta }_i^{q-q^3}\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right)={\beta }_i^{q+1}\left(\frac{{\ell }_i}{{\ell }_{i+1}}\right).$$

□

4. Riemann–Roch Spaces Associated with a Degree-Three Place

In this section, we keep using the notation of the previous section: $P_i$ is a degree-one place of ${\mathbb{F}}_{q^6}\left({\mathcal{H}}_q\right)$ associated with the projective point $(a_i:b_i:1)$. $P_i^{{\mathrm{Fr}}_{q^2}}=P_{i+1}$; the index $i=1,2,3$ always takes modulo three. $P=P_1+P_2+P_3$ is an ${\mathbb{F}}_{q^2}$-rational place of degree three of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$. The generators $x,y$ of ${\overline{\mathbb{F}}}_{q^2}\left({\mathcal{H}}_q\right)$ satisfy $x^{q+1}=y+y^q$. The rational function ${\ell }_i=a_i^{q}x-y-b_i^q$ is obtained from the tangent line of ${\mathcal{H}}_q$ at $P_i$.

4.1. Basis and Decomposition of the Riemann–Roch Space

Let $s,u,v$ be positive integers such that $v\le q$ and $s=u(q+1)-v$. Clearly, $u,v$ are uniquely defined by s. In [13], the Riemann–Roch space associated with the divisor $sP$ is given as

$$\mathcal{L}\left(sP\right)=\left\{\frac{f}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^u}\mid f\in {\mathbb{F}}_{q^2}[X,Y],degf\le 3u,v_{P_i}\left(f\right)\ge v\right\}\cup \left\{0\right\}.$$

The Weierstrass semigroup $H\left(P\right)$ consists of the integers $s\ge 0$ such that the pole divisor ${\left(f\right)}_{\infty }=sP$ for some $f\in {\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$, see [20] (Section 6.5) and [16]. If $s\notin H\left(P\right)$, then it is called a Weierstrass gap; the set of Weierstrass gaps is denoted by $G\left(P\right)$. By [13] (Theorem 3.1), we have

$$G\left(P\right)=\left\{u\right(q+1)-v\mid 0\le v\le q,0<3u\le v\}.$$

By the Weierstrass Gap Theorem ([20], Theorem 1.6.8), $\left|G\right(P\left)\right|=\mathfrak{g}$ for a place of degree one. In our case, P has degree three and the situation is slightly more complicated.

Lemma 2. 

$$3\left|G\left(P\right)\right|=\left\{\begin{array}{cc}\mathfrak{g}\hfill & \mathrm{if}q\equiv 0,1\left(\mathrm{mod}3\right),\hfill \\ \mathfrak{g}-1\hfill & \mathrm{if}q\equiv 2\left(\mathrm{mod}3\right).\hfill \end{array}\right.$$

Proof. 

The lemma follows from

$$\begin{array}{cc}\hfill \left|G\right(P\left)\right|& =\sum _{1\le u\le q/3}\left|\{3u,\dots ,q\}\right|\hfill \\ \hfill & =\sum _{i=1}^{\lfloor q/3\rfloor }q+1-3u\hfill \\ \hfill & =\frac{\lfloor q/3\rfloor (2q-1-3\lfloor q/3\rfloor )}{2}.\hfill \end{array}$$

□

The following proposition gives an explicit basis for the Riemann–Roch space $\mathcal{L}\left(sP\right)$ over the extension field ${\mathbb{F}}_{q^6}$.

Proposition 4. 

Let $t,u,v$ be positive integers such that $v\le q$ and $t=u(q+1)-v$. Define the rational functions

$$U_{t,i}={\ell }_i^{2u-v}{\ell }_{i+1}^{v-u}{\ell }_{i+2}^{-u}={\left(\frac{{\ell }_i}{{\ell }_{i+2}}\right)}^u{\left(\frac{{\ell }_{i+1}}{{\ell }_i}\right)}^{v-u},i=1,2,3.$$

Define $U_{0,i}=1$ as the constant function for $i=1,2,3$. Then, the following holds:

(i) 

${\left(U_{t,i}\right)}^{{\mathrm{Fr}}_{q^2}}=U_{t,i+1}$.

(ii) 

The principal divisor of $U_{t,i}$ is

$$\left(U_{t,i}\right)=-tP+\left((3u-v-1)q+(q-v)\right)P_i+\left(v(q-2)+3u\right)P_{i+1}.$$

In particular, if $3u\ge v+1$, then $\left(U_{t,i}\right)\ge -tP$.

(iii) 

The elements $U_{t,i}$, $t\ge 0$, $i=1,2,3$ are linearly independent with the following exception: $q\equiv 2\left(\mathrm{mod}3\right)$, $t=(q^2-q+1)/3$,

$$\begin{array}{c}\hfill \frac{U_{t,1}}{{\gamma }_1^q}+\frac{U_{t,2}}{{\gamma }_2^q}+\frac{U_{t,3}}{{\gamma }_3^q}=0.\end{array}$$

(5)

(iv) 

The set

$$\mathcal{U}\left(s\right)=\{U_{t,i}\mid t\in H\left(P\right),t\le s,i=1,2,3,(3t,i)\ne (q^2-q+1,3)\}$$

of rational functions is a basis of $\mathcal{L}\left(sP\right)$ over ${\mathbb{F}}_{q^6}$.

Proof. 

Note first that $u,v$ are uniquely defined by t; therefore, $U_{t,i}$ is well defined. (i) is trivial and (ii) is straightforward from (3). To show (iii), let us write a linear combination in the form

$$\begin{array}{c}\hfill {\alpha }_1{U}_{t,1}+{\alpha }_2{U}_{t,2}+{\alpha }_3{U}_{t,3}=\sum _{\begin{array}{c}r<t\\ i=1,2,3\end{array}}{\lambda }_{r,i}{U}_{r,i}\end{array}$$

(6)

such that $({\alpha }_1,{\alpha }_2,{\alpha }_3)\ne (0,0,0)$. The right-hand side has a valuation of at least $-t+1$ at $P_1,P_2,P_3$. If $t\ne (q^2-q+1)/3$ and ${\alpha }_i\ne 0$, then the right-hand side has valuation $-t$ at $P_{i+2}$. Hence, ${\alpha }_i=0$ for all $i=1,2,3$, a contradiction. Assume $t=(q^2-q+1)/3$. Then,

$$U_{t,i}=\frac{{\ell }_i{\ell }_{i+1}^q}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q+1}{3}}},$$

and (5) follows from (2). We can use (5) to eliminate $U_{t,3}$ from (6); that is, we can assume ${\alpha }_3=0$. Then, again, the only term that has a valuation $-t$ at $P_{i+2}$ is ${\alpha }_i{U}_{t,i}$ with ${\alpha }_i\ne 0$. Since the left- and right-hand sides of (6) must have the same valuations at $P_1,P_3$, ${\alpha }_1={\alpha }_2=0$ must hold, a contradiction.

(iv) By (iii), $\mathcal{U}\left(s\right)$ consists of linearly independent elements. To show that it is a basis of $\mathcal{L}\left(sP\right)$, it suffices to show that $\left|\mathcal{U}\right(s\left)\right|=dim\left(\mathcal{L}\right(sP\left)\right)$ for $3s\ge 2\mathfrak{g}-2$. On the one hand, in this case, $dim\left(\mathcal{L}\right(sP\left)\right)=3s+1-\mathfrak{g}$. On the other hand,

$$\left|\mathcal{U}\right(s\left)\right|=1+3(s-|G\left(P\right)\left|\right)-\epsilon =3s+1-\left(3\right|G\left(P\right)|+\epsilon ),$$

where $\epsilon =0$ if $q\equiv 0,1\left(\mathrm{mod}3\right)$, and $\epsilon =1$ if $q\equiv 2\left(\mathrm{mod}3\right)$. By Lemma 2, $3\left|G\right(P\left)\right|+\epsilon =\mathfrak{g}$, and the claim follows. □

It is useful to have a decomposition of $\mathcal{L}\left(sP\right)$ over ${\mathbb{F}}_{q^2}$.

Theorem 3. 

For a $t\ge 0$ integer and $\alpha \in {\mathbb{F}}_{q^6}$, define the ${\mathbb{F}}_{q^2}$-rational function

$$W_{t,\alpha }=\alpha U_{t,1}+{\alpha }^{q^2}{U}_{t,2}+{\alpha }^{q^4}{U}_{t,3}$$

and the ${\mathbb{F}}_{q^2}$-linear space

$${\mathcal{W}}_t=\{W_{t,\alpha }\mid \alpha \in {\mathbb{F}}_{q^6}\}.$$

For $t\in H\left(P\right)$, we have

$$dim\left({\mathcal{W}}_t\right)=\left\{\begin{array}{cc}1\hfill & \mathrm{if}t=0,\hfill \\ 2\hfill & \mathrm{if}q\equiv 2\left(\mathrm{mod}3\right)\mathrm{and}t=(q^2-q+1)/3,\hfill \\ 3\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

The ${\mathbb{F}}_{q^2}$-rational Riemann–Roch space $\mathcal{L}\left(sP\right)$ has the direct sum decomposition

$$\begin{array}{c}\hfill \mathcal{L}\left(sP\right)=\underset{t\in H\left(P\right),t\le s}{⨁}{\mathcal{W}}_t.\end{array}$$

(7)

Proof. 

For $t\in H\left(P\right)$, ${\mathcal{W}}_t$ is the set of ${\mathbb{F}}_{q^2}$-rational functions in the space spanned by $U_{t,1},U_{t,2},U_{t,3}$. The claims follow from Proposition 4. □

4.2. Invariant Subspaces of $\mathcal{L}\left(sP\right)$

Lemma 3. 

Let $b\in {\mathbb{F}}_{q^6}$ such that $b^{q^3+1}=1$. Then, ${\left(b^{q+1}\right)}^{q^2}={\left(b^{q+1}\right)}^{q-1}$ and ${\left(b^{q+1}\right)}^{q^4}={\left(b^{q+1}\right)}^{-q}$.

Proof. 

By assumption, $b^{q+1}$ has order $q^2-q+1$. The claim follows from the facts that $q^2-(q-1)$ and $q^4-q$ are divisible by $q^2-q+1$. □

The following lemma shows that the basis elements in $\mathcal{U}\left(s\right)$ are eigenvectors of ${\mathcal{B}}^{*}$.

Lemma 4. 

Let ${\beta }_1\in {\mathbb{F}}_{q^6}$ be an element such that ${\beta }_1^{q^3+1}=1$. Define ${\beta }_2={\beta }_1^{q^2}$, ${\beta }_3={\beta }_2^{q^2}$, and the unitary map $B=B\left({\beta }_1\right)\in \mathcal{B}$. Then,

$${\left(U_{t,i}\right)}^{B^{*}}={\beta }_i^{t(q+1)}{U}_{t,i}.$$

Proof. 

Proposition 3 implies

$${\left(\frac{{\ell }_i}{{\ell }_{i+2}}\right)}^{B^{*}}=\frac{1}{{\beta }_{i+2}^{q+1}}\left(\frac{{\ell }_i}{{\ell }_{i+2}}\right)$$

and

$${\left(\frac{{\ell }_{i+1}}{{\ell }_i}\right)}^{B^{*}}=\frac{1}{{\beta }_i^{q+1}}\left(\frac{{\ell }_{i+1}}{{\ell }_i}\right).$$

By Lemma 3, $\frac{1}{{\beta }_{i+2}^{q+1}}={\left({\beta }_i^{q+1}\right)}^{-q^4}={\left({\beta }_i^{q+1}\right)}^q$. Write $t=u(q+1)-v$ with $0\le v\le q$. Then,

$$B^{*}:{\left(\frac{{\ell }_i}{{\ell }_{i+2}}\right)}^u{\left(\frac{{\ell }_{i+1}}{{\ell }_i}\right)}^{v-u}\mapsto {\left({\beta }_i^{q+1}\right)}^{qu}{\left(\frac{{\ell }_i}{{\ell }_{i+2}}\right)}^u{\left({\beta }_i^{q+1}\right)}^{-v+u}{\left(\frac{{\ell }_{i+1}}{{\ell }_i}\right)}^{v-u}$$

The result follows from the definition of u and v. □

Proposition 5. 

(i) 

Let ${\beta }_1\in {\mathbb{F}}_{q^6}$ be an element such that ${\beta }_1^{q^3+1}=1$, and $B=B\left({\beta }_1\right)\in \mathcal{B}$. Then,

$${\left(W_{t,\alpha }\right)}^{B^{*}}=W_{t,{\beta }_1^{t(q+1)}\alpha }.$$

(ii) 

The subspaces ${\mathcal{W}}_t$, $t\in H\left(P\right)$ are ${\mathcal{B}}^{*}$-invariant.

(iii) 

The ${\mathbb{F}}_{q^2}{\mathcal{B}}^{*}$-modules ${\mathcal{W}}_t$ and ${\mathcal{W}}_s$ are isomorphic if and only if one of the following holds:

(a) 

$s\equiv t(\mathrm{mod}{q}^2-q+1)$;

(b) 

$s\equiv (q-1)t(\mathrm{mod}{q}^2-q+1)$;

(c) 

$s\equiv -qt(\mathrm{mod}{q}^2-q+1)$.

Proof. 

(i) and (ii) follow from Lemma 4. (iii) Let $\Phi :{\mathcal{W}}_t\to {\mathcal{W}}_s$ be an ${\mathbb{F}}_{q^2}{\mathcal{B}}^{*}$-module isomorphism between ${\mathcal{W}}_t$ and ${\mathcal{W}}_s$. It can be written as

$${\left(W_{t,\alpha }\right)}^{\Phi }=W_{t,\alpha \phi },$$

where $\phi :{\mathbb{F}}_{q^6}\to {\mathbb{F}}_{q^6}$ is an ${\mathbb{F}}_{q^2}$-linear bijection. Moreover,

$$\begin{array}{cc}\hfill {\left(W_{t,\alpha }\right)}^{B^{*}\Phi }& ={(W_{t,{\beta }_1^{t(q+1)}\alpha })}^{\Phi }=W_{s,({\beta }_1^{t(q+1)}\alpha )\phi },\hfill \\ \hfill {\left(W_{t,\alpha }\right)}^{\Phi B^{*}}& ={\left(W_{s,\alpha \phi }\right)}^{B^{*}}=W_{s,{\beta }_1^{s(q+1)}\left(\alpha \phi \right)}.\hfill \end{array}$$

Since $b={\beta }_1^{q+1}$ satisfies $b^{q^2-q+1}=1$, this means that for any $\alpha ,b\in {\mathbb{F}}_{q^6}$, $b^{q^2-q+1}=1$, we have

$$\left(b^t\alpha \right)\phi =b^s\left(\alpha \phi \right).$$

Let b be an element of order $q^2-q+1$ in ${\mathbb{F}}_{q^6}$. If $b^t$ or $b^s$ is in ${\mathbb{F}}_{q^2}$, then $b^t=b^s$ and a) hold. Assume that neither $b^t$ nor $b^s$ is in ${\mathbb{F}}_{q^2}$. Then, ${\mathbb{F}}_{q^6}={\mathbb{F}}_{q^2}\left(b^t\right)={\mathbb{F}}_{q^2}\left(b^s\right)$, and over ${\mathbb{F}}_{q^2}$, the minimal polynomial of $b^t$ has the degree three. Assume $b^{3t}+c_1{b}^{2t}+c_2{b}^t+c_3=0$ with $c_0,c_1,c_2\in {\mathbb{F}}_{q^2}$. Then,

$$\begin{array}{cc}\hfill 0& =(b^{3t}+c_1{b}^{2t}+c_2{b}^t+c_3)\phi \hfill \\ \hfill & =\left(b^{3t}\phi \right)+c_1\left(b^{2t}\phi \right)+c_2\left(b^t\phi \right)+c_3\left(1\phi \right)\hfill \\ \hfill & =(b^{3s}+c_1{b}^{2s}+c_2{b}^s+c_3)\left(1\phi \right).\hfill \end{array}$$

As $\phi$ is bijective, $1\phi \ne 0$, $0=b^{3s}+c_1{b}^{2s}+c_2{b}^s+c_3$ follows. This means that $b^s$ has the same minimal polynomial and $b^t\to b^s$ extends to a field automorphism of ${\mathbb{F}}_{q^6}$ over ${\mathbb{F}}_{q^2}$. This implies $b^s=b^t$, $b^s={\left(b^t\right)}^{q^2}$ or $b^s={\left(b^t\right)}^{q^4}$, and the claim follows. □

5. Hermitian Codes of Degree-Three Places and Their Duals

In this section, we explore the one-point Hermitian codes of degree-three places and their dual codes. Let P be a degree-three place on the Hermitian curve ${\mathcal{H}}_q$; $Q_1,\dots ,Q_n,Q_{\infty }$ are its ${\mathbb{F}}_{q^2}$-rational places, where $n=q^3$. We define the divisors $D=Q_1+Q_2+\cdots +Q_n$, $\tilde{D}=D+Q_{\infty }$, and $G=sP$ for a positive integer s.

5.1. Functional Hermitian Codes of Degree-Three Places

Given a divisor D and G, we define the degree-three place functional Hermitian code $C_{\mathcal{L}}(D,sP)$ as:

$$C_{\mathcal{L}}(D,G):=\left\{\left(g\left(Q_1\right),g\left(Q_2\right),\cdots ,g\left(Q_n\right)\right)|g\in \mathcal{L}\left(G\right)\right\},$$

This code forms an $[n,k]$ AG code, where $k\ge 3s-\mathfrak{g}+1$, achieving equality when $\lfloor \frac{2\mathfrak{g}-2}{3}\rfloor <s<n/3$. Furthermore, the code has a minimum distance $d\ge d^{*}=q^3-3s$, where $d^{*}$ is the designed minimum distance.

Furthermore, another degree-three place functional Hermitian code associated with G, denoted by $C_{\mathcal{L}}(\tilde{D},G)$, is constructed by evaluating the functions in $\mathcal{L}\left(G\right)$ at all rational points $Q_1,Q_2,\cdots ,Q_n$ and the point at infinity $Q_{\infty }$ as follows:

$$C_{\mathcal{L}}(\tilde{D},G):=\left\{\left(g\left(Q_1\right),g\left(Q_2\right),\cdots ,g\left(Q_n\right),g\left(Q_{\infty }\right)\right)|g\in \mathcal{L}\left(G\right)\right\},$$

Clearly, $C_{\mathcal{L}}(\tilde{D},G)$ has a length of $n+1$. Concerning the dimensions, we have the following result.

Proposition 6. 

If $s<q^3/3$, then $\mathcal{L}\left(sP\right)$, $C_{\mathcal{L}}(D,G)$ and $C_{\mathcal{L}}(\tilde{D},G)$ have the same dimensions.

Proof. 

If $f\in ker{ev}_D$, then $f\in \mathcal{L}(sP-D)$, which is trivial if $s<q^3/3$. In this case, $ker{ev}_{\tilde{D}}$ is also trivial. □

Remark 1. 

Numerical experiments show that $\mathcal{L}\left(sP\right)$, $C_{\mathcal{L}}(D,G)$ and $C_{\mathcal{L}}(\tilde{D},G)$ have the same dimension if $s<(q^3+1)/3+q-1$.

In the study of the divisors D and $\tilde{D}$, we make use of the polynomial

$$R(X,Y)=X\prod _{\begin{array}{c}c\in {\mathbb{F}}_{q^2}\\ c^q+c\ne 0\end{array}}(Y-c).$$

As shown in [13] (Section 2), the principal divisor of $R(x,y)\in {\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$ is

$$\begin{array}{c}\hfill \left(R(x,y)\right)=D-q^3{Q}_{\infty }.\end{array}$$

(8)

Further properties of $R(x,y)$ are given in the following proposition.

Proposition 7. 

In the function field, we have

$$x^{q}R(x,y)=y^{q^2}-y\mathrm{and}R(x,y)=x^{q^2}-x.$$

The differential of $R(x,y)$ is

$$d\left(R\right(x,y\left)\right)=-dx.$$

Proof. 

Clearly,

$$\prod _{\begin{array}{c}c\in {\mathbb{F}}_{q^2}\\ c^q+c=0\end{array}}(Y-c)=Y^q+Y,$$

and

$$\prod _{\begin{array}{c}c\in {\mathbb{F}}_{q^2}\\ c^q+c\ne 0\end{array}}(Y-c)=\frac{{\displaystyle \prod _{c\in {\mathbb{F}}_{q^2}}}(Y-c)}{{\displaystyle \prod _{\begin{array}{c}c\in {\mathbb{F}}_{q^2}\\ c^q+c=0\end{array}}}(Y-c)}=\frac{Y^{q^2}-Y}{Y^q+Y}.$$

Hence, by $x^{q+1}=y+y^q$,

$$x^{q}R(x,y)=x^{q+1}\prod _{\begin{array}{c}c\in {\mathbb{F}}_{q^2}\\ c^q+c\ne 0\end{array}}(y-c)=x^{q+1}\frac{y^{q^2}-y}{y^q+y}=y^{q^2}-y.$$

Using this, we obtain

$$\begin{array}{c}\hfill x^q(x^{q^2}-x)={\left(x^{q+1}\right)}^q-x^{q+1}=y^q+y^{q^2}-(y+y^q)=y^{q^2}-y=x^{q}R(x,y).\end{array}$$

Canceling by $x^q$, we get $R(x,y)=x^{q^2}-x$, and $d\left(R\right(x,y\left)\right)=-dx$ follows immediately. □

5.2. Differential Hermitian Codes of Degree-Three Places

Differential Hermitian codes of degree-three places are essential counterparts to functional codes on the Hermitian curve ${\mathcal{H}}_q$. The dual code $C_{\Omega }(D,G)$ of $C_{\mathcal{L}}(D,G)$ is called the differential code. It constitutes an $[n,\ell (G-D)-\ell \left(G\right)+degD,d^{\perp }]$ code, where $d^{\perp }\le deg\left(G\right)-(2\mathfrak{g}-2)$, with $deg\left(G\right)-(2\mathfrak{g}-2)$ being its designed distance.

Ref. [20] (Proposition 8.1.2) provides an explicit description of the differential code as a functional code

$$C_{\Omega }(D,G)=C_{\mathcal{L}}(D-G+\left(dt\right)-\left(t\right)),$$

where t is an element of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$ such that $v_{Q_i}\left(t\right)=1$ for all $i\in \{1,\dots ,q^3,\infty \}$. If $G=sP$ and $D=Q_1+\cdots +Q_{q^3}$, then $t=R(x,y)$ is a good choice, with

$$\left(dt\right)=(-dx)=(2\mathfrak{g}-2)Q_{\infty }=(q-2)(q+1)Q_{\infty },$$

see [20] (Lemma 6.4.4). Then, (8) implies the following proposition:

Proposition 8. 

$$C_{\Omega }(D,sP)=C_{\mathcal{L}}(D,(q^3+q^2-q-2)Q_{\infty }-sP).\square$$

The computation of $C_{\Omega }(\tilde{D},sP)$ is more complicated. We claim the next results for the prime powers $q\equiv 2\left(\mathrm{mod}3\right)$, since the proofs are rather transparent in this case. We are certain that they hold for $q\equiv 1\left(\mathrm{mod}3\right)$ as well. Our opinion is supported by numerical experiments with $q\le 8$.

Lemma 5. 

Assume $q\equiv 2\left(\mathrm{mod}3\right)$ and define the ${\mathbb{F}}_{q^2}$-rational function

$$T=\frac{1}{3}\left(\frac{{\ell }_1^{q^2}}{{\ell }_2}+\frac{{\ell }_2^{q^2}}{{\ell }_3}+\frac{{\ell }_3^{q^2}}{{\ell }_1}\right).$$

Then,

$$d\left(\frac{R}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-q+1}{3}}}\right)=-\left(\frac{T}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-q+1}{3}}}\right)dx.$$

Proof. 

We have $d{\ell }_i={(a_i-x)}^{q}dx$, and

$$\begin{array}{cc}\hfill {\ell }_i^{q^2}-{\ell }_{i+1}& =a_i^{q^3}{x}^{q^2}-y^{q^2}-b_i^{q^3}-(a_{i+1}^{q}x-y-b_{i+1}^q)\hfill \\ \hfill & =a_{i+1}^q(x^{q^2}-x)-(y^{q^2}-y)\hfill \\ \hfill & =a_{i+1}^{q}R(x,y)-x^{q}R(x,y)\hfill \\ \hfill & ={(a_{i+1}-x)}^{q}R(x,y).\hfill \end{array}$$

In one line,

$$\begin{array}{c}\hfill \frac{(a_{i+1}-x){)}^q}{{\ell }_{i+1}}=\frac{{\ell }_1^{q^2}/{\ell }_2-1}{R(x,y)}.\end{array}$$

(9)

Hence,

$$\begin{array}{cc}\hfill d\left({\ell }_1{\ell }_2{\ell }_3\right)& ={\ell }_1{\ell }_2{\ell }_3·\left(\frac{{(a_1-x)}^q}{{\ell }_1}+\frac{{(a_2-x)}^q}{{\ell }_2}+\frac{{(a_3-x)}^q}{{\ell }_3}\right)dx\hfill \\ \hfill & ={\ell }_1{\ell }_2{\ell }_3·\left(\frac{{\ell }_1^{q^2}/{\ell }_2-1}{R}+\frac{{\ell }_2^{q^2}/{\ell }_3-1}{R}+\frac{{\ell }_3^{q^2}/{\ell }_1-1}{R}\right)dx\hfill \\ \hfill & =\frac{{\ell }_1{\ell }_2{\ell }_3}{R}(3T-3)dx.\hfill \end{array}$$

This implies

$$\begin{array}{c}d\left(R{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-1}{3}}\right)=\left(-{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-1}{3}}\right)dx+\hfill \\ \hfill R\left(-\frac{1}{3}{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-4}{3}}\right)\frac{{\ell }_1{\ell }_2{\ell }_3}{R}(3T-3)dx.\end{array}$$

By easy cancellation

$$\begin{array}{cc}\hfill d\left(R{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-1}{3}}\right)& =\left(-{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-1}{3}}\right)dx+-\frac{1}{3}{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{-q^2+q-1}{3}}(3T-3)dx\hfill \\ \hfill & =-\left(\frac{T}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-q+1}{3}}}\right)dx.\hfill \end{array}$$

□

Lemma 6. 

Assume $q\equiv 2\left(\mathrm{mod}3\right)$ and define the ${\mathbb{F}}_{q^2}$-rational functions

$$T=\frac{1}{3}\left(\frac{{\ell }_1^{q^2}}{{\ell }_2}+\frac{{\ell }_2^{q^2}}{{\ell }_3}+\frac{{\ell }_3^{q^2}}{{\ell }_1}\right)and{R}_1=\frac{R}{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-q+1}{3}}}.$$

Let G be a divisor of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$ whose support is disjoint from the support of $\tilde{D}$. Then,

$$\mathcal{L}(\tilde{D}-G+\left(d{R}_1\right)-\left(R_1\right))=\mathcal{L}\left(\frac{(q^2-1)(q+1)}{3}P-G\right)·\frac{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-1}{3}}}{T}.$$

Proof. 

We have

$$\begin{array}{cc}\hfill \tilde{D}-G+\left(d{R}_1\right)-\left(R_1\right)& =\tilde{D}-G+\left(T\right)-\frac{q^2-q+1}{3}\left({\ell }_1{\ell }_2{\ell }_3\right)+\left(dx\right)\hfill \\ \hfill & -\left(R\right)+\frac{q^2-q+1}{3}\left({\ell }_1{\ell }_2{\ell }_3\right)\hfill \\ \hfill & =\tilde{D}-G+\left(T\right)+\left(dx\right)-\left(R\right)\hfill \\ \hfill & =Q_{\infty }+q^3{Q}_{\infty }+(2\mathfrak{g}-2)Q_{\infty }-G+\left(T\right)\hfill \\ \hfill & =(q^2-1)(q+1)Q_{\infty }-G+\left(T\right)\hfill \\ \hfill & =\frac{(q^2-1)(q+1)}{3}P-\left({\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-1}{3}}\right)-G+\left(T\right).\hfill \end{array}$$

For Riemann–Roch spaces, the results follow. □

Lemma 7. 

For any $i,j\in \{1,2,3\}$, we have

$$\left(\frac{{\ell }_i}{{\ell }_j}\right)\left(Q_{\infty }\right)=1.$$

Proof. 

We use the local expansion $\tau \left(t\right)=(t:1:t^{q+1}+\cdots )$ of ${\mathcal{H}}_q$ at $Q_{\infty }$. The dots represent terms of a higher degree.

$$\left(\frac{{\ell }_i}{{\ell }_j}\right)\left(\tau \left(t\right)\right)=\frac{a_i^{q}t-1-b_i^q(t^{q+1}+\cdots )}{a_j^{q}t-1-b_j^q(t^{q+1}+\cdots )},$$

which implies

$$\left(\frac{{\ell }_i}{{\ell }_j}\right)\left(Q_{\infty }\right)=\left(\frac{{\ell }_i}{{\ell }_j}\right)\left(\tau \left(0\right)\right)=1.$$

□

Lemma 8. 

Assume $q\not\equiv 0\left(\mathrm{mod}3\right)$ and define the ${\mathbb{F}}_{q^2}$-rational functions

$$T=\frac{1}{3}\left(\frac{{\ell }_1^{q^2}}{{\ell }_2}+\frac{{\ell }_2^{q^2}}{{\ell }_3}+\frac{{\ell }_3^{q^2}}{{\ell }_1}\right)\mathrm{and}{T}_1=\frac{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-1}{3}}}{T}.$$

Then, $T_1\left(Q_{\infty }\right)=1$.

Proof. 

Since

$$\frac{{\ell }_i^{q^2}}{{\ell }_{i+1}{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-1}{3}}}$$

is the product of terms such as ${\ell }_i/{\ell }_j$, it takes the value of 1 at $Q_{\infty }$. This implies $(1/T_1)\left(Q_{\infty }\right)=1$. □

Before stating our main result on differential codes, we remind the reader that two linear codes $C_1,C_2$ are monomially equivalent if $C_2=\mathit{\mu }★C_1$ for some multiplier vector $\mathit{\mu }$.

Theorem 4. 

Assume $q\equiv 2\left(\mathrm{mod}3\right)$ and define the ${\mathbb{F}}_{q^2}$-rational functions

$$T=\frac{1}{3}\left(\frac{{\ell }_1^{q^2}}{{\ell }_2}+\frac{{\ell }_2^{q^2}}{{\ell }_3}+\frac{{\ell }_3^{q^2}}{{\ell }_1}\right)\mathrm{and}{T}_1=\frac{{\left({\ell }_1{\ell }_2{\ell }_3\right)}^{\frac{q^2-1}{3}}}{T}.$$

Let G be a divisor of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$, whose support is disjoint from the support of $\tilde{D}$. Define ${\mu }_i=T_1\left(Q_i\right)$ for $i\in \{1,\dots ,q^3,\infty \}$ and write $\mathit{\mu }=\left({\mu }_i\right)$. Then, all entries ${\mu }_i\in {\mathbb{F}}_{q^2}^{*}$, and

$$C_{\Omega }(\tilde{D},G)=\mathit{\mu }★C_{\mathcal{L}}(\tilde{D},\frac{(q^2-1)(q+1)}{3}P-G).$$

Proof. 

If $i\in \{1,\dots ,q^3\}$, then ${\ell }_i^{q^2}\left(Q_i\right)={\ell }_{i+1}\left(Q_i\right)$. Therefore, $T\left(Q_i\right)=1$ and $T_1\left(Q_i\right)$ is a well-defined non-zero element in ${\mathbb{F}}_q$. Lemma 8 implies $T_1\left(Q_{\infty }\right)=1$. The theorem follows from Lemma 6. □

Corollary 1. 

$$C_{\Omega }(\tilde{D},sP)=\mathit{\mu }★C_{\mathcal{L}}\left(\tilde{D},\left(\frac{(q^2-1)(q+1)}{3}-s\right)P\right).$$

6. Hermitian Subfield Subcodes from Degree-Three Places

In this section, we study the subfield subcodes of $C_{\mathcal{L}}(D,sP)$. As before, q is a prime power, $s\ge 0$ integer, and P is a place of degree three of the Hermitian curve ${\mathcal{H}}_q$. The divisor $D=Q_1+\cdots +Q_n$, $n=q^3$, is defined as the sum of the ${\mathbb{F}}_{q^2}$-rational affine places of ${\mathcal{H}}_q$. The rational place at infinity is $Q_{\infty }$ and $\tilde{D}=D+Q_{\infty }$.

6.1. Trace Maps of Hermitian Functions and Hermitian Codes

We collect properties of the maps $z\mapsto z^q+z$ and $z\mapsto z^q-z$, where z is either a field element, a function, or a vector. We refer to $z^q+z$ as the trace of z, and to the map itself as the trace map $Tr={Tr}_{{\mathbb{F}}_{q^2}/{\mathbb{F}}_q}$. Clearly, Tr is linear over ${\mathbb{F}}_q$.

Lemma 9. 

Consider a positive divisor $G_1$. The trace map satisfies the following properties:

(i) 

For any function $f\in \mathcal{L}\left(G_1\right)$, its trace lies within $\mathcal{L}\left(q{G}_1\right)$, implying $Tr\left(\mathcal{L}\left(G_1\right)\right)\subseteq \mathcal{L}\left(q{G}_1\right)$.

(ii) 

Similarly, for any codeword $c\in C_{\mathcal{L}}(D,G_1)$, its trace resides in $C_{\mathcal{L}}(D,q{G}_1)$.

(iii) 

$Tr\left(C_{\mathcal{L}}(D,G_1)\right)$ is an ${\mathbb{F}}_q$-linear subspace of $C_{\mathcal{L}}(D,q{G}_1)\cap {\mathbb{F}}_q^n$.

Proof. 

Since $G_1\ge 0$, we have $\mathcal{L}\left(G_1\right),\mathcal{L}{\left(G_1\right)}^q\le \mathcal{L}\left(q{G}_1\right)$; hence, (i) holds. Then, (i) implies (ii), and (iii) follows trivially. □

Proposition 9. 

Let $G_1$ be a positive divisor that satisfies $deg{G}_1<n/q$. Then, $Tr\left(C_{\mathcal{L}}(D,G_1)\right)$ is an ${\mathbb{F}}_q$-linear subfield subcode of $C_{\mathcal{L}}(D,q{G}_1)$. Its dimension is

$${dim}_{{\mathbb{F}}_q}(Tr\left(C_{\mathcal{L}}(D,G_1)\right))=2{dim}_{{\mathbb{F}}_{q^2}}\left(\mathcal{L}\left(G_1\right)\right)-1.$$

Proof. 

$Tr\left(C_{\mathcal{L}}(D,G_1)\right)$ is an ${\mathbb{F}}_q$-linear subfield subcode by Lemma 9. The trace map Tr and the evaluation map ${ev}_D$ commute, and by $deg\left(G_1\right)<n$, ${ev}_D$ is injective. Define the ${\mathbb{F}}_q$-linear map

$$\tau :\mathcal{L}\left(G_1\right)\to C_{\mathcal{L}}(D,q{G}_1)\cap {\mathbb{F}}_q^n,f\mapsto {ev}_D(Tr\left(f\right)).$$

On the one hand,

$${dim}_{{\mathbb{F}}_q}\left(\mathcal{L}\left(G_1\right)\right)=2{dim}_{{\mathbb{F}}_{q^2}}\left(\mathcal{L}\left(G_1\right)\right)=dim\mathrm{Im}\left(\tau \right)+dimker\left(\tau \right).$$

We have to show that $ker\left(\tau \right)=1$. Define $\epsilon \in {\mathbb{F}}_{q^2}$ such that $\epsilon =1$ if q is even and $\epsilon =g^{(q+1)/2}$ if q is odd and g is a primitive element in ${\mathbb{F}}_{q^2}$. Then, ${\epsilon }^{q-1}=-1$. For the rational function $f\in {\mathbb{F}}_{q^2}\left(\mathcal{H}\left(q\right)\right)$, we have

$$\begin{array}{cc}\hfill f\in ker\left(\tau \right)& \Rightarrow f^q+f=0\hfill \\ \hfill & \Rightarrow {\left(\epsilon f\right)}^q=\epsilon f\hfill \\ \hfill & \Rightarrow \epsilon f\in {\mathbb{F}}_q\hfill \\ \hfill & \Rightarrow f\in {\epsilon }^{-1}{\mathbb{F}}_q.\hfill \end{array}$$

This finishes the proof. □

6.2. An Explicit Subfield Subcode

In this subsection, we study a subfield subcode of $C_{\mathcal{L}}(D,(q^2-q+1)P)$. As $q^2-q+1=(q-1)(q+1)-(q-1)$, one has

$$U_{q^2-q+1,i}=\frac{{\ell }_i^q{\ell }_{i+2}}{{\ell }_{i+1}{\ell }_{i+2}^q}.$$

The vector space ${\mathcal{W}}_{q^2-q+1}\le \mathcal{L}\left((q^2-q+1)P\right)$ consists of the functions

$$W_{q^2-q+1,\alpha }=\alpha \frac{{\ell }_1^q{\ell }_3}{{\ell }_2{\ell }_3^q}+{\alpha }^{q^2}\frac{{\ell }_2^q{\ell }_1}{{\ell }_3{\ell }_1^q}+{\alpha }^{q^4}\frac{{\ell }_3^q{\ell }_2}{{\ell }_1{\ell }_2^q},\alpha \in {\mathbb{F}}_{q^6}.$$

For rational functions $f,g\in {\mathbb{F}}_{q^6}\left({\mathcal{H}}_q\right)$, we introduce the relation

$$f\approx g⟺f\left(Q_i\right)=g\left(Q_i\right)\mathrm{for}\mathrm{all}i\in \{1,\dots ,q^3,\infty \}.$$

This is clearly an equivalence relation, which can be also written in terms of the principal divisor

$$f\approx g⟺(f-g)\ge \tilde{D},$$

or in terms of the evaluation map

$$f\approx g⟺{ev}_{\tilde{D}}\left(f\right)={ev}_{\tilde{D}}\left(g\right).$$

Lemma 10. 

(i) 

${\left(U_{q^2-q+1,i}\right)}^q\approx U_{q^2-q+1,i+2}$.

(ii) 

${\left(W_{q^2-q+1,\alpha }\right)}^q\approx W_{q^2-q+1,{\alpha }^{q^3}}$.

Proof. 

Lemma 7 implies $U_{q^2-q+1,i}\left(Q_{\infty }\right)=1$. In the proof of Lemma 5, we have seen that ${\ell }_i^{q^2}-{\ell }_{i+1}={(a_{i+1}-x)}^{q}R(x,y)$. Therefore, $({\ell }_i^{q^2}-{\ell }_{i+1})\left(Q_i\right)=0$ for all $i\in \{1,\dots ,q^3\}$. This shows

$$\begin{array}{cc}\hfill {\left(U_{q^2-q+1,i}\right)}^q\left(Q_i\right)& =\left(\frac{{\ell }_i^{q^2}{\ell }_{i+2}^q}{{\ell }_{i+1}^q{\ell }_{i+2}^{q^2}}\right)\left(Q_i\right)\hfill \\ \hfill & =\left(\frac{{\ell }_{i+1}{\ell }_{i+2}^q}{{\ell }_{i+1}^q{\ell }_i}\right)\left(Q_i\right)\hfill \\ \hfill & =U_{q^2-q+1,i+2}\left(Q_i\right)\hfill \end{array}$$

This proves (i). For (ii):

$$\begin{array}{cc}\hfill {\left(W_{q^2-q+1,\alpha }\right)}^q& ={(\alpha U_{q^2-q+1,1}+{\alpha }^{q^2}{U}_{q^2-q+1,2}+{\alpha }^{q^4}{U}_{q^2-q+1,3})}^q\hfill \\ \hfill & \approx {\alpha }^q{U}_{q^2-q+1,3}+{\alpha }^{q^3}{U}_{q^2-q+1,1}+{\alpha }^{q^5}{U}_{q^2-q+1,2}\hfill \\ \hfill & ={\alpha }^{q^3}{U}_{q^2-q+1,1}+{\left({\alpha }^{q^3}\right)}^{q^2}{U}_{q^2-q+1,2}+{\left({\alpha }^{q^3}\right)}^{q^4}{U}_{q^2-q+1,3}\hfill \\ \hfill & =W_{q^2-q+1,{\alpha }^{q^3}}.\hfill \end{array}$$

□

Proposition 10. 

The set

$$\tilde{\mathcal{W}}=\{{ev}_D\left(W_{q^2-q+1,\alpha }\right)\mid \alpha \in {\mathbb{F}}_{q^3}\}$$

is a three-dimensional ${\mathbb{F}}_q$-linear subfield subcode of $C_{\mathcal{L}}(D,(q^2-q+1)P)$.

Proof. 

Lemma 10(ii) implies that ${ev}_D\left(W_{q^2-q+1,\alpha }\right)$ has ${\mathbb{F}}_q$-entries if and only if ${\alpha }^{q^3}=\alpha$. □

6.3. Main Result and a Conjecture

Theorem 5. 

Let $q\ge 3$ be a prime power, $n=q^3$, $D=Q_1+\cdots +Q_n$ be the sum of rational affine places of ${\mathbb{F}}_{q^2}\left({\mathcal{H}}_q\right)$, and P be a place of degree three. The dimension of the subfield subcode of the one-point Hermitian code is

$$dim{C}_{\mathcal{L}}{(D,sP)|}_{{\mathbb{F}}_q}\ge \left\{\begin{array}{cc}7\hfill & \mathrm{for}s=2\mathfrak{g}=q(q-1),\hfill \\ 10\hfill & \mathrm{for}s=2\mathfrak{g}+1=q^2-q+1.\hfill \end{array}\right.$$

Proof. 

Set $G_1=(q-1)P$. By Proposition 9,

$$\mathcal{T}={ev}_D(Tr\left(\mathcal{L}\left(G_1\right)\right))$$

is an ${\mathbb{F}}_q$-linear subspace in $C_{\mathcal{L}}{(D,q(q-1)P)|}_{{\mathbb{F}}_q}$. Since $dim\left(\mathcal{L}\right((q-1)P\left)\right)=4$, $\mathcal{T}$ has dimension seven. This proves $dim{C}_{\mathcal{L}}{(D,q(q-1)P)|}_{{\mathbb{F}}_q}\ge 7$.

Let $\tilde{\mathcal{W}}$ be the three-dimensional ${\mathbb{F}}_q$-linear subfield subcode of $C_{\mathcal{L}}(D,(q^2-q+1)P)$ given in Proposition 10. We show that $\mathcal{T}\cap \tilde{\mathcal{W}}=\left\{0\right\}$; the inequality $dim{C}_{\mathcal{L}}(D,(q^2-q+1)P){|}_{{\mathbb{F}}_q}\ge 10$ will follow. On the one hand,

$$\tilde{\mathcal{W}}\le {ev}_D\left({\mathcal{W}}_{q^2-q+1}\right).$$

On the other hand, using Theorem 3, we have

$$\mathcal{T}\le {ev}_D\left(\mathcal{L}\left(q(q-1)P\right)\right)={ev}_D\left(\underset{t\in H\left(P\right),t\le q(q-1)}{⨁}{\mathcal{W}}_t\right).$$

As ${ev}_D$ is injective on $\mathcal{L}\left((q^2-q+1)P\right)$, and

$$\left(\underset{t\in H\left(P\right),t\le q(q-1)}{⨁}{\mathcal{W}}_t\right)\cap {\mathcal{W}}_{q^2-q+1}=\left\{0\right\},$$

we obtain $\mathcal{T}\cap \tilde{\mathcal{W}}=\left\{0\right\}$. This completes the proof. □

Our proof was constructive, we used the subfield subcodes given explicitly in the previous subsections. Based on computer calculations for small q, we have the following conjecture.

Conjecture 1. 

If $q\ge 4$, then equalities hold in Theorem 5.

The claim of the conjecture has some equivalent formulations.

Proposition 11. 

The following are equivalent.

(i) 

$dim{C}_{\mathcal{L}}(D,(q^2-q)P){|}_{{\mathbb{F}}_q}=7$.

(ii) 

$dim{C}_{\mathcal{L}}(D,(q^2-q-1)P){|}_{{\mathbb{F}}_q}=1$.

(iii) 

$dim{C}_{\mathcal{L}}{(D,sP)|}_{{\mathbb{F}}_q}=1$ for all $0\le s\le 2\mathfrak{g}-1=q^2-q-1$.

Proof. 

We use the notation of the proof of Theorem 5. Assume (i). We have $\mathcal{L}\left((q-1)P\right)={\mathcal{W}}_0\oplus {\mathcal{W}}_{q-1}$. Moreover, $\mathcal{T}$ is an ${\mathbb{F}}_q\mathcal{B}$-module that decomposes into the direct sum of a one-dimensional submodule and a six-dimensional submodule. Note that any non-trivial irreducible ${\mathbb{F}}_q\mathcal{B}$-module has dimension six. Since $\mathcal{T}\cap C_{\mathcal{L}}(D,(q^2-q-1)P)$ is a proper submodule, the only possibility is that it is one-dimensional over ${\mathbb{F}}_q$. (ii) follows. Trivially, (ii) implies (iii). Let us now assume (iii).

$${dim}_{{\mathbb{F}}_q}{C}_{\mathcal{L}}(D,(q^2-q)P)/C_{\mathcal{L}}(D,(q^2-q-1)P)=6,$$

and therefore,

$${dim}_{{\mathbb{F}}_q}{C}_{\mathcal{L}}(D,(q^2-q)P){{|}_{{\mathbb{F}}_q}/C_{\mathcal{L}}(D,(q^2-q-1)P)|}_{{\mathbb{F}}_q}\le 6.$$

This implies $dim{C}_{\mathcal{L}}(D,(q^2-q)P){|}_{{\mathbb{F}}_q}\le 7$. Together with Theorem 5, we have (i). □

We have a partial result related to case (iii) of Proposition 11.

Proposition 12. 

$dim{C}_{\mathcal{L}}{(D,sP)|}_{{\mathbb{F}}_q}=1$ for all $0\le s\le \frac{2}{3}\mathfrak{g}$.

Proof. 

Fix an arbitrary integer s in the range $0\le s<\frac{2}{3}\mathfrak{g}$ and consider a generic element $(c_1,\dots ,c_{q^3})\in C_q\left(s\right)$. This corresponds to a function g in $\mathcal{L}\left(sP\right)$ such that $c_i=g\left(Q_i\right)$ is an element of ${\mathbb{F}}_q$ for each $i=1,\dots ,q^3$. We note that there exists a $\gamma \in {\mathbb{F}}_q$ such that at least $q^2$ of the $c_i$ values is equal to $\gamma$. In other words, the function $g-\gamma$ is in $\mathcal{L}\left(sP\right)$ and has at least $q^2$ zeros on ${\mathcal{H}}_q$. However, a non-zero function in $\mathcal{L}\left(sP\right)$ cannot have more than $deg\left(G\right)\le 2\mathfrak{g}=q(q-1)$ zeros, leading us to conclude that $g-\gamma$ must be the zero function. This implies that every $c_i$ is equal to $\gamma$, and hence $C_{\mathcal{L}}{(D,sP)|}_{{\mathbb{F}}_q}$ consists of constant vectors. This completes the proof. □

7. Conclusions

In summary, our research has uncovered important properties of the family of Hermitian subfield subcodes associated with degree-three places. We achieved this by precisely determining the dimension of these codes for certain parameters and providing explicit bases for the corresponding Riemann–Roch spaces. Moreover, we conducted experiments aimed at calculating the exact dimension of the underlying family of codes across a broad spectrum of parameters. This process has contributed to the reformulation of certain conjectures, with some being proven. Additionally, we have established lower bounds on the dimension of Hermitian subfield subcodes associated with the divisor $sP$, where P is a degree-three Hermitian place, for specific cases such as $0\le s\le \frac{2}{3}\mathfrak{g}$, $s=2\mathfrak{g}$, and $s=2\mathfrak{g}+1$, utilizing the bases of the underlying family of codes. Our motivation to explore the properties of Hermitian subfield subcodes stems from their potential as a family of AG codes for post-quantum cryptography use. In our future work, we anticipate using the parameters of subfield subcodes of degree-three Hermitian codes to enhance and secure the McEliece cryptosystem.