Delsarte , Gabidulin  and Roth  independently introduced rank metric codes. Those rank metric codes that achieve Singleton-like bound are called maximum rank distance (MRD) codes. Gabidulin codes are the most well known family of MRD codes. Later this family was generalized by Kshevetskiy and Gabidulin  to generalized Gabidulin (GG) codes. These codes are linear over . Sheekey in  defined twsited Gabidulin (TG) codes and established a way to generalize GG codes to linear MRD codes over the base fields and then he was followed by Lunardon et al., Otal and Özbudak , Trombetti and Zhou  and Sheekey  to define generalized twisted Gabidulin (GTG) codes, additive generalized twisted (AGTG) codes, Trombetti-Zhou (TZ) codes and new MRD codes by Sheekey, repcetively. For more constructions of MRD codes, please refer to .
Efficient decoding is required for the wide range of applications of MRD codes in storage system , network coding  and cryptography . There are plenty of algorithms that decode Gabidulin codes up to half the minimum distance [5, 26, 16, 24] and some which decode Gabidulin codes beyond half the minimum distance by considering restricted communication channels [6, 23, 7, 25, 9]
. The previously proposed restricted channels, can generate error vectors that hold some structure and they do not look random.
Randrianarisoa in  gave an interpolation-based decoding algorithm for Gabidulin codes and also for GTG codes. This idea is used later in ,,  and  to decode AGTG , Non-additive partition MRD codes , TZ codes  and Hermitain Rank metric codes , respectively.
In this paper we decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG in  and AGTG codes in [14, 12] by making some delicate restrictions on the communication channel. In the previously defined restricted channels, the error vectors hold some specific structures, for instance symmetric error vectors , space-symmetric error vectors , but our channel generates random (look random) error vectors. Moreover, we use low rate GTG and AGTG codes to decode error vectors with rank where is the code length.
Let be a power of prime and be an extension of the finite field . A -polynomial is a polynomial of the form over . If , then we say that has -degree . The set of these polynomials is denoted by .
When is fixed or the context is clear, it is also customary to speak of a linearized polynomial as it satisfies the linearity property: for any and any in an arbitrary extension of . Hence a linearized polynomial defines anfrom to itself. The rank of a nonzero linearized polynomial over is given by , where is the kernel of .
Iii Maximum rank distance (MRD) codes
The rank of a vector in , denoted as , is the number of its linearly independent components, that is the dimension of the vector space spanned by ’s over . The rank distance between two vectors is defined as .
A subset with respect to the rank distance is called a rank metric code. When contains at least two elements, the minimum rank distance of is given by . Furthermore, it is called a maximum rank distance (MRD) code if it attains the Singleton-like bound .
where , on linearly independent points in . The choice of ’s does not affect the rank property and it is customary to exhibit Gabidulin codes and its generalized families without the evaluation points as in (2). For consistency with the parameters of MRD codes in [30, 35, 21], through what follows we always assume .
For a linearized polynomial over , it is clear that if . Gow and Quinlan in [8, Theorem 10] (see also ) characterize a necessary condition for to have rank as below, see [2, 20] for other necessary conditions.
 Suppose a linearized polynomial , , in has roots in . Then where is the norm function from to .
According to Lemma 1, a linearized polynomial of -degree has rank at least if the condition in Lemma 1 is not met. Sheekey  applied Lemma 1 and constructed a new family of -linear MRD codes, known as twisted Gabidulin (TG) codes, and the generalized TG codes are investigated in  as follows:
where are positive integers such that and . Here is a nonzero element in satisfying . Later Otal and Özbudak  further generalized this family by manipulating some terms of linearized polynomials and constructed the following -linear MRD codes, known as additive generalized twisted Gabidulin (AGTG) codes
where and nonzero in satisfies .
Iv Decoding Gabidulin codes beyond half the minimum distance
For the rest of this paper, we use the notation for , where , for simplicity.
Let , where is even and
is odd, be a Gabidulin code with ordered-linearly independent evaluation points . The encoding of a message is the evaluation of the following linearized polynomial at points :
Let be a vector of length over and be the Moore matrix generated by ’s, where . Then the encoding of the message can be expressed as
where is the transpose of matrix . In this process since only the first components of are nonzero, so only the first rows of are involved.
Iv-B Decoding errors with rank
Let the error vector of rank be added to the codeword during transmission and let be the received vector.
Consider a finely restricted communication channel which only use linearized polynomials of the form
as the error interpolation polynomial, where are the channels’ public parameters. We use such that
Since is nonsingular, this can be rewritten as
Let , then the known coefficients ’s are
Iv-C Reconstructing the interpolation polynomial
be the Dickson matrix associated with the linearized polynomial , where the indices run through and is the -th column of .
According to Proposition 1, since has rank , so has rank and any sub-miatrix of which contains consecutive rows and columns is nonsingular. Hence the first column can be written as the linear combination of columns as where are elements in . Then we can obtain the following recursive equations
where the subscripts in ’s are taken modulo . Due to the relation in (11), we already know . These known coefficients leads us to the following linear recursive equation
where are unknowns. In , the -linearized shift register is given and the above recursive relation (14) can be seen as its generalized version. Here is the connection vector of the shift register. We call the equation (14) as the key equation for the decoding algorithm in this paper and due to the properties of shift register, finding leads us to find the unknown coefficients , recursively. The most complex task in our decoding algorithm is finding and then the remaining task (calculating unknown ’s) will be a recursive process. We consider , i.e., , and the task of finding via (14) is divided into two cases:
Case 1: If . In this case, (14) contains affine equations and variables , which has rank . Hence the variables can be uniquely determined. Here any Gabidulin decoder can be applied, but here we assume the code has high code rate, for which the Berlekamp-Massey algorithm is more efficient and it has polynomial time complexity.
Case 2: If . In this case (14) is an under-determined system of equations with variables . A set of solutions with dimension one can be expressed of the form
where are fixed elements in and runs through . The modified BM algorithm in [33, Th. 10] can give the solution with a free variable .
As the next step, we rise both sides of (17) to the -th power and obtain
If , then and if , equation (21) can be reduced to
where and . When the characteristic of is odd, equation (22) can be solved explicitly as follows:
if is a quadratic residue in , then it has two solutions ;
if , then it has a single solution ;
it has no solution in otherwise.
When the characteristic of is two, we have the following cases:
if , it has a single solution , where ;
if , the equation (22) can be reduced to , where and . Then has
no zero if ;
two zeros of the form and where and is any fixed element such that .
We expect our quadratic equation to have roots in that lead to solutions in (14) and in (16). With the coefficients and also the initial state , one can recursively compute according to (13). Note that even if the equation (21) has two different solutions, they don’t necessarily lead to correct coefficients of the error interpolation polynomial. In fact, by the expression of the Dickson matrix of , the correct should have the sequence with period . In other words, if the output sequence has period , we know that the corresponding polynomial is the desired error interpolation polynomial.
V An improvement of the decoding of GTG and AGTG codes
In the interpolation-based decodings of GTG and AGTG codes in [24, 14] and, when the rank of the error vector is , one can use any decoder of a Gabidulin code to recover the message. But when , the problem of decoding the error vector is transformed to the problem of solving the projective polynomial over . In the following, we show that how one can decode GTG and AGTG codes more efficiently if he/she communicates via our finely restricted channel . Moreover, we show that one will be able to decode any error vector with any rank added to a low rate GTG and AGTG code if one defines more constraints for the communication channel. In this paper by a low rate code we mean a code with . To be self-contained, we recall the decoding algorithms from  and 
V-a Decoding GTG and AGTG codes
Here we explain an improvement of the decoding algorithm for GTG codes and the same procedure can be applied to AGTG codes with some minor differences. In this subsection we assume as an even positive integer. To be self-contained, we recall the decoding algorithm from  where the general communication channel is replaced by a delicately restricted communication channel and the time complexity for the case when the rank of the error vector attains the unique decoding radius is improved.
The encoding of a message is the evaluation of the following linearized polynomial at ordered points :
Then the encoding of GTG codes can be expressed as
V-A3 Reconstructing the interpolation polynomial
If we write the -column of the Dickson matrix associated to as the linear combination of we will get the recursive equation
same as (13), where the subscripts in ’s are taken modulo . Recall that the elements are known from (27). Hence we obtain the following linear equations to replace the key equation in (14), with known coefficients and variables :
For an error vector with , i.e., , we can divide the discussion into two cases.
Case 1: . In this case, (29) contains affine equations in variables , which has rank . Hence the variables can be uniquely determined. Any Gabidulin decoder can be applied. Here we assume the code has high code rate, for which the Berlekamp-Massey algorithm gives a better complexity. Although the recurrence equation (29) is a generalized version of the ones in  and , the modified Berlekamp-Massey algorithm can be applied here to recover the coefficients .
Case 2: . In this case (29) gives independent affine equations in variables . For such an under-determined system of linear equations, we will have a set of solutions that has dimension over . Namely, the solutions will be of the form
where are fixed elements in and runs through . As shown in [33, Th. 10], the solution can be derived from the modified BM algorithm with a free variable .
Observe that in (28), by taking and and substituting the solution , one gets the following two equations
where in (30) and (31), and are unknowns. Using equations (8),(25), (30) and (31) instead of (8),(9), (16) and (17) and going through the same procedure in Subsection IV-C, we can get a quadratic equation of the form
which can be solved in polynomial time as discussed in Subsection IV-C. Hence, if the communication parties transfer their messages through the finely restricted channel , then GTG and AGTG codes can be decoded more efficiently.
Vi Decoding error rank vectors with any rank
In this subsection we consider a communication channel which is more restricted than , but the generated error vectors are still look random and they can have any rank less than or equal to .
where , , is odd, and
where , , is even, and
In the decoding of GTG codes in Subsection V-A, let , then we obtain
and also based on the definition of GTG codes we have an auxiliary equation
since and . Let . If we use (33) ((35)) as the error interpolation polynomial, one can employ (34) ((36)) and directly obtain from the known coefficients in (37). The only remaining unknown coefficient can be calculated using the auxiliary equation (38) since is already calculated.
Hence, by restricting the error interpolation polynomial we can decode any rank error vector with added to a low rate GTG (AGTG) code.
In , an application of space-symmetric rank errors in code-based cryptography is proposed. But space-symmetric rank errors similar to symmetric rank errors , contain some structures and this may lead to a new structural attack. If we use random rank error vectors defined in Subsection VI instead of space-symmetric rank errors and use GTG codes instead of Gabidulin codes in GPT variants  and , we can avoid potential structural attacks and possibly get the same key size found in [9, Section VI.]. This will be investigated in future works.
The advantage of the channel or even the channel in Subsection VI is that it can generate random (look random) error vectors since the structured coefficients’ vector of the linearized polynomial goes through an interpolation process on linearly independent points. Even in subsection VI. the error space has dimension but it contains error with high or low ranks with no specific structure. So based on this observation, to find more suitable rank-based scheme, besides looking for new MRD codes and find the most efficient one, one can also look for new channels with higher error correctability.
If we employ linearized polynomials and instead of , we are still able to decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG and AGTG codes. But the final polynomial equation in case 2 will be instead of the quadratic polynomial equation (22). Then using the methods explained in [12, Section 4.2], one can make sure that finding can be done in polynomial time and so decoding Gabidulin codes beyond half the minimum distance.
In this paper we made some delicate restrictions on the communication channel and decode Gabidulin codes beyond half the minimum distance by one unit in polynomial time. The error vectors added to the codewords look random. Moreover, we improved the decoding algorithms for GTG and AGTG codes proposed in  and , if two parties communicate through the new defined channel. We are also able to decode any error vector with any rank added to low rate () GTG and AGTG codes if we define more constrains for our channel.
-  (2020) Scalar q-subresultants and dickson matrices. Journal of Algebra 547, pp. 116–128. Cited by: Proposition 1.
-  (2019) A characterization of linearized polynomials with maximum kernel. Finite Fields and Their Applications 56, pp. 109 – 130. External Links: Cited by: §III.
-  (1978) Bilinear forms over a finite field, with applications to coding theory. Journal of Combinatorial Theory, Series A 25 (3), pp. 226 – 241. External Links: Cited by: §I.
-  (1991) Ideals over a non-commutative ring and their application in cryptology. In Advances in Cryptology – EUROCRYPT’91, D. W. Davies (Ed.), pp. 482–489. External Links: Cited by: §I.
-  (1985) Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21 (1), pp. 3–16. Cited by: §I, §I, §III.
-  (2004) Symmetric rank codes. Problems of Information Transmission 40, pp. 103 – 117. Cited by: §I, §I, Remark 1.
-  (2006) Symmetric matrices and codes correcting rank errors beyond the bound. Discrete Applied Mathematics 154 (2), pp. 305–312. Note: Coding and Cryptography External Links: Cited by: §I.
-  (2009) Galois theory and linear algebra. Linear Algebra and its Applications 430 (7), pp. 1778 – 1789. Note: Special Issue in Honor of Thomas J. Laffey External Links: Cited by: §III, Lemma 1.
-  (2021) Decoding of space-symmetric rank errors. External Links: Cited by: §I, §I, Remark 1.
-  (2021) Decoding a class of maximum hermitian rank metric codes. Submitted to The 6th International Workshop on Boolean Functions and their Applications (BFA). Cited by: §I.
-  (2021) On interpolation-based decoding of a class of maximum rank distance codes. in International Symposium on Information Theory (ISIT). Cited by: §I.
-  (2020) On decoding additive generalized twisted gabidulin codes. Cryptography and Communications 12, pp. 987 – 1009. Cited by: §I, §I, §V-A, §V, §VII, Remark 3.
-  (2005) The new construction of rank codes. In International Symposium on Information Theory, (ISIT), pp. 2105–2108. Cited by: §I, §III.
-  (2019) On decoding additive generalized twisted Gabidulin codes. presented at the International Workshop on Coding and Cryptography (WCC). Cited by: §I, §V.
-  (2019) Interpolation-based decoding of nonlinear maximum rank distance codes. In International Symposium on Information Theory (ISIT), Cited by: §I.
-  (2006) A Welch–Berlekamp like algorithm for decoding Gabidulin codes. In International Workshop on Coding and Cryptography (WCC), Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 36–45. Cited by: §I.
-  (2016) An evolution of gpt cryptosystem. In Int. Workshop Alg. Combin. Coding Theory (ACCT), Cited by: Remark 1.
-  (2017) A new rank metric codes based encryption scheme. In International Workshop on Post-Quantum Cryptography, pp. 3–17. Cited by: Remark 1.
-  (2018) Generalized twisted gabidulin codes. Journal of Combinatorial Theory, Series A 159, pp. 79–106. Cited by: §I, §III.
-  (2019) A characterization of the number of roots of linearized and projective polynomials in the field of coefficients. Finite Fields and Their Applications 57, pp. 68 – 91. External Links: Cited by: §III.
-  (2017) Additive rank metric codes. IEEE Transactions on Information Theory 63 (1), pp. 164–168. Cited by: §I, §I, §III, §III.
-  (2018) Some new non-additive maximum rank distance codes. Finite Fields and Their Applications 50, pp. 293 – 303. External Links: Cited by: §I.
-  (2006) On codes correcting symmetric rank errors. In Coding and Cryptography, Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 14–21. External Links: Cited by: §I.
-  (2017) A decoding algorithm for rank metric codes. arXiv.org. abs/1712.07060. Cited by: §I, §I, §I, §V, §VII, Proposition 1.
-  (2020) Randomized decoding of gabidulin codes beyond the unique decoding radius. In Post-Quantum Cryptography, J. Ding and J. Tillich (Eds.), Cham, pp. 3–19. External Links: Cited by: §I.
-  (2004-06) Fast decoding of rank-codes with rank errors and column erasures. In International Symposium on Information Theory (ISIT), pp. 398–398. Cited by: §I, §V-A3.
-  (1991) Maximum-rank array codes and their application to crisscross error correction. IEEE Transactions on Information Theory 37 (2), pp. 328–336. Cited by: §I, §I.
-  (1996) Tensor codes for the rank metric. IEEE Transactions on Information Theory 42 (6), pp. 2146–2157. Cited by: §III.
-  (2018) Hermitian rank distance codes. Designs, Codes and Cryptography 86 (7), pp. 1469–1481. Cited by: §I.
-  (2016) A new family of linear maximum rank distance codes. Advances in Mathematics of Communications 10, pp. 475. External Links: Cited by: §I, §III, §III, §III.
-  (2019) MRD codes: constructions and connections. arXiv.org. abs/1904.05813. Cited by: §I.
New semifields and new MRD codes from skew polynomial rings. Journal of the London Mathematical Society 101 (1), pp. 432–456. Cited by: §I.
-  (2011-Sep.) Linearized shift-register synthesis. IEEE Transactions on Information Theory 57 (9), pp. 6025–6032. Cited by: §IV-C, §IV-C, §V-A3, §V-A3.
-  (2008-Sept) A rank-metric approach to error control in random network coding. IEEE Transactions on Information Theory 54 (9), pp. 3951–3967. Cited by: §I.
-  (2019) A new family of MRD codes in with right and middle nuclei . IEEE Transactions on Information Theory 65 (2), pp. 1054–1062. External Links: Cited by: §I, §I, §III.