A Delicately Restricted Channel and Decoding of Maximum Rank Distance Codes

09/05/2021
by   Wrya K. Kadir, et al.
University of Bergen
0

In this paper an interpolation-based decoding algorithm to decode Gabidulin codes, transmitted through a finely restricted channel, is proposed. The algorithm is able to decode rank errors beyond half the minimum distance by one unit. Also the existing decoding algorithms for generalized twisted Gabidulin codes and additive generalized twisted Gabidulin codes are improved.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

06/24/2021

Decoding a class of maximum Hermitian rank metric codes

Maximum Hermitian rank metric codes were introduced by Schmidt in 2018 a...
02/04/2021

Decoding of (Interleaved) Generalized Goppa Codes

Generalized Goppa codes are defined by a code locator set ℒ of polynomia...
02/04/2021

Decoding of Space-Symmetric Rank Errors

This paper investigates the decoding of certain Gabidulin codes that wer...
10/14/2020

Decoding of Interleaved Alternant Codes

Interleaved Reed-Solomon codes admit efficient decoding algorithms which...
04/05/2019

F_q^n-linear rank distance codes and their distinguishers

For any admissible value of the parameters there exist Maximum Rank dist...
04/07/2020

On Decoding of Generalized Concatenated Codes and Matrix-Product Codes

Generalized concatenated codes were introduced in the 1970s by Zinoviev....
12/29/2018

The Crossover-Distance for ISI-Correcting Decoding of Convolutional Codes in Diffusion-Based Molecular Communications

In diffusion based molecular communication, the intersymbol interference...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

Delsarte [3], Gabidulin [5] and Roth [27] independently introduced rank metric codes. Those rank metric codes that achieve Singleton-like bound are called maximum rank distance (MRD) codes. Gabidulin codes are the most well known family of MRD codes. Later this family was generalized by Kshevetskiy and Gabidulin [13] to generalized Gabidulin (GG) codes. These codes are linear over . Sheekey in [30] defined twsited Gabidulin (TG) codes and established a way to generalize GG codes to linear MRD codes over the base fields and then he was followed by Lunardon et al.[19], Otal and Özbudak [21], Trombetti and Zhou [35] and Sheekey [32] to define generalized twisted Gabidulin (GTG) codes, additive generalized twisted (AGTG) codes, Trombetti-Zhou (TZ) codes and new MRD codes by Sheekey, repcetively. For more constructions of MRD codes, please refer to [31].

Efficient decoding is required for the wide range of applications of MRD codes in storage system [27], network coding [34] and cryptography [4]. There are plenty of algorithms that decode Gabidulin codes up to half the minimum distance [5, 26, 16, 24] and some which decode Gabidulin codes beyond half the minimum distance by considering restricted communication channels [6, 23, 7, 25, 9]

. The previously proposed restricted channels, can generate error vectors that hold some structure and they do not look random.

Randrianarisoa in [24] gave an interpolation-based decoding algorithm for Gabidulin codes and also for GTG codes. This idea is used later in [12],[15], [11] and [10] to decode AGTG [21], Non-additive partition MRD codes [22], TZ codes [35] and Hermitain Rank metric codes [29], respectively.

In this paper we decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG in [24] and AGTG codes in [14, 12] by making some delicate restrictions on the communication channel. In the previously defined restricted channels, the error vectors hold some specific structures, for instance symmetric error vectors [6], space-symmetric error vectors [9], but our channel generates random (look random) error vectors. Moreover, we use low rate GTG and AGTG codes to decode error vectors with rank where is the code length.

Ii Preliminaries

Definition 1.

Let be a power of prime and be an extension of the finite field . A -polynomial is a polynomial of the form over . If , then we say that has -degree . The set of these polynomials is denoted by .

When is fixed or the context is clear, it is also customary to speak of a linearized polynomial as it satisfies the linearity property: for any and any in an arbitrary extension of . Hence a linearized polynomial defines an

-linear transformation

from to itself. The rank of a nonzero linearized polynomial over is given by , where is the kernel of .

Proposition 1.

Let over be a linearized polynomial with rank . Then its associated Dickson matrix

(1)

has rank over [24]. Moreover, any submatrix formed by consecutive rows and consecutive columns in is non-singular [1].

Iii Maximum rank distance (MRD) codes

The rank of a vector in , denoted as , is the number of its linearly independent components, that is the dimension of the vector space spanned by ’s over . The rank distance between two vectors is defined as .

Definition 2.

A subset with respect to the rank distance is called a rank metric code. When contains at least two elements, the minimum rank distance of is given by . Furthermore, it is called a maximum rank distance (MRD) code if it attains the Singleton-like bound .

The most famous MRD codes are Gabidulin codes [5] which were further generalized in [28, 13]. The generalized Gabidulin (GG) codes with length and dimension over is defined by the evaluation of

(2)

where , on linearly independent points in . The choice of ’s does not affect the rank property and it is customary to exhibit Gabidulin codes and its generalized families without the evaluation points as in (2). For consistency with the parameters of MRD codes in [30, 35, 21], through what follows we always assume .

For a linearized polynomial over , it is clear that if . Gow and Quinlan in [8, Theorem 10] (see also [30]) characterize a necessary condition for to have rank as below, see [2, 20] for other necessary conditions.

Lemma 1.

[8] Suppose a linearized polynomial , , in has roots in . Then where is the norm function from to .

According to Lemma 1, a linearized polynomial of -degree has rank at least if the condition in Lemma 1 is not met. Sheekey [30] applied Lemma 1 and constructed a new family of -linear MRD codes, known as twisted Gabidulin (TG) codes, and the generalized TG codes are investigated in [19] as follows:

(3)

where are positive integers such that and . Here is a nonzero element in satisfying . Later Otal and Özbudak [21] further generalized this family by manipulating some terms of linearized polynomials and constructed the following -linear MRD codes, known as additive generalized twisted Gabidulin (AGTG) codes

(4)

where and nonzero in satisfies .

Iv Decoding Gabidulin codes beyond half the minimum distance

For the rest of this paper, we use the notation for , where , for simplicity.

Iv-a Encoding

Let , where is even and

is odd, be a Gabidulin code with ordered

-linearly independent evaluation points . The encoding of a message is the evaluation of the following linearized polynomial at points :

(5)

Let be a vector of length over and be the Moore matrix generated by ’s, where . Then the encoding of the message can be expressed as

(6)

where is the transpose of matrix . In this process since only the first components of are nonzero, so only the first rows of are involved.

Iv-B Decoding errors with rank

Let the error vector of rank be added to the codeword during transmission and let be the received vector.

Consider a finely restricted communication channel which only use linearized polynomials of the form

(7)
(8)
(9)

as the error interpolation polynomial, where are the channels’ public parameters. We use such that

(10)

where are ordered linearly independent points over in . One can see that the error vector is uniquely determined by the polynomial and denote . From (6) and (10) it follows that

Since is nonsingular, this can be rewritten as

Let , then the known coefficients ’s are

(11)

and we also have the auxiliary equations (8) and (9) which we will use later.

Iv-C Reconstructing the interpolation polynomial

Let

(12)

be the Dickson matrix associated with the linearized polynomial , where the indices run through and is the -th column of .

According to Proposition 1, since has rank , so has rank and any sub-miatrix of which contains consecutive rows and columns is nonsingular. Hence the first column can be written as the linear combination of columns as where are elements in . Then we can obtain the following recursive equations

(13)

where the subscripts in ’s are taken modulo . Due to the relation in (11), we already know . These known coefficients leads us to the following linear recursive equation

(14)

where are unknowns. In [33], the -linearized shift register is given and the above recursive relation (14) can be seen as its generalized version. Here is the connection vector of the shift register. We call the equation (14) as the key equation for the decoding algorithm in this paper and due to the properties of shift register, finding leads us to find the unknown coefficients , recursively. The most complex task in our decoding algorithm is finding and then the remaining task (calculating unknown ’s) will be a recursive process. We consider , i.e., , and the task of finding via (14) is divided into two cases:

Case 1: If . In this case, (14) contains affine equations and variables , which has rank . Hence the variables can be uniquely determined. Here any Gabidulin decoder can be applied, but here we assume the code has high code rate, for which the Berlekamp-Massey algorithm is more efficient and it has polynomial time complexity.

Case 2: If . In this case (14) is an under-determined system of equations with variables . A set of solutions with dimension one can be expressed of the form

(15)

where are fixed elements in and runs through . The modified BM algorithm in [33, Th. 10] can give the solution with a free variable .

If we take and in (14) and substitute the solution (15), then we get

(16)

and

(17)

where in (16) and (17), and are the only unknowns and are derived from and known coefficients . if and this solution can be verified by and a known coefficient in (17). Substituting (16) in (8) gives

(18)

As the next step, we rise both sides of (17) to the -th power and obtain

(19)

We also substitute (19) in (9) and rise both sides to the -th power to get

(20)

Finally, one can substitute (18) into (20) and obtain the following quadratic polynomial equation over

(21)

If , then and if , equation (21) can be reduced to

(22)

where and . When the characteristic of is odd, equation (22) can be solved explicitly as follows:

  • if is a quadratic residue in , then it has two solutions ;

  • if , then it has a single solution ;

  • it has no solution in otherwise.

When the characteristic of is two, we have the following cases:

  1. if , it has a single solution , where ;

  2. if , the equation (22) can be reduced to , where and . Then has

    • no zero if ;

    • two zeros of the form and where and is any fixed element such that .

We expect our quadratic equation to have roots in that lead to solutions in (14) and in (16). With the coefficients and also the initial state , one can recursively compute according to (13). Note that even if the equation (21) has two different solutions, they don’t necessarily lead to correct coefficients of the error interpolation polynomial. In fact, by the expression of the Dickson matrix of , the correct should have the sequence with period . In other words, if the output sequence has period , we know that the corresponding polynomial is the desired error interpolation polynomial.

V An improvement of the decoding of GTG and AGTG codes

In the interpolation-based decodings of GTG and AGTG codes in [24, 14] and[12], when the rank of the error vector is , one can use any decoder of a Gabidulin code to recover the message. But when , the problem of decoding the error vector is transformed to the problem of solving the projective polynomial over . In the following, we show that how one can decode GTG and AGTG codes more efficiently if he/she communicates via our finely restricted channel . Moreover, we show that one will be able to decode any error vector with any rank added to a low rate GTG and AGTG code if one defines more constraints for the communication channel. In this paper by a low rate code we mean a code with . To be self-contained, we recall the decoding algorithms from [24] and [12]

V-a Decoding GTG and AGTG codes

Here we explain an improvement of the decoding algorithm for GTG codes and the same procedure can be applied to AGTG codes with some minor differences. In this subsection we assume as an even positive integer. To be self-contained, we recall the decoding algorithm from [12] where the general communication channel is replaced by a delicately restricted communication channel and the time complexity for the case when the rank of the error vector attains the unique decoding radius is improved.

V-A1 Encoding

The encoding of a message is the evaluation of the following linearized polynomial at ordered points :

(23)

Then the encoding of GTG codes can be expressed as

(24)

where .

V-A2 Decoding

Let the error vector of rank be added to the codeword during transmission and let be the received vector. Take be a linearized polynomial of the form given in (7) where instead of (9) we have

(25)

Then

(26)

As we mentioned before, is uniquely determined by the polynomial and denote . From (6) and (10) it follows that

This is equivalent to

Letting , we obtain

(27)

and we also have the relations (8) and (25). In (27) we have known coefficients ’s, while in (11) we had known coefficients ’s.

V-A3 Reconstructing the interpolation polynomial

If we write the -column of the Dickson matrix associated to as the linear combination of we will get the recursive equation

(28)

same as (13), where the subscripts in ’s are taken modulo . Recall that the elements are known from (27). Hence we obtain the following linear equations to replace the key equation in (14), with known coefficients and variables :

(29)

For an error vector with , i.e., , we can divide the discussion into two cases.

Case 1: . In this case, (29) contains affine equations in variables , which has rank . Hence the variables can be uniquely determined. Any Gabidulin decoder can be applied. Here we assume the code has high code rate, for which the Berlekamp-Massey algorithm gives a better complexity. Although the recurrence equation (29) is a generalized version of the ones in [26] and [33], the modified Berlekamp-Massey algorithm can be applied here to recover the coefficients .

Case 2: . In this case (29) gives independent affine equations in variables . For such an under-determined system of linear equations, we will have a set of solutions that has dimension over . Namely, the solutions will be of the form

where are fixed elements in and runs through . As shown in [33, Th. 10], the solution can be derived from the modified BM algorithm with a free variable .

Observe that in (28), by taking and and substituting the solution , one gets the following two equations

(30)

and

(31)

where in (30) and (31), and are unknowns. Using equations (8),(25), (30) and (31) instead of (8),(9), (16) and (17) and going through the same procedure in Subsection IV-C, we can get a quadratic equation of the form

(32)

which can be solved in polynomial time as discussed in Subsection IV-C. Hence, if the communication parties transfer their messages through the finely restricted channel , then GTG and AGTG codes can be decoded more efficiently.

Vi Decoding error rank vectors with any rank

In this subsection we consider a communication channel which is more restricted than , but the generated error vectors are still look random and they can have any rank less than or equal to .

Let

  • (33)

    where , , is odd, and

    (34)
  • (35)

    where , , is even, and

    (36)

In the decoding of GTG codes in Subsection V-A, let , then we obtain

(37)

and also based on the definition of GTG codes we have an auxiliary equation

(38)

since and . Let . If we use (33) ((35)) as the error interpolation polynomial, one can employ (34) ((36)) and directly obtain from the known coefficients in (37). The only remaining unknown coefficient can be calculated using the auxiliary equation (38) since is already calculated.

Hence, by restricting the error interpolation polynomial we can decode any rank error vector with added to a low rate GTG (AGTG) code.

Remark 1.

In [9], an application of space-symmetric rank errors in code-based cryptography is proposed. But space-symmetric rank errors similar to symmetric rank errors [6], contain some structures and this may lead to a new structural attack. If we use random rank error vectors defined in Subsection VI instead of space-symmetric rank errors and use GTG codes instead of Gabidulin codes in GPT variants [17] and [18], we can avoid potential structural attacks and possibly get the same key size found in [9, Section VI.]. This will be investigated in future works.

Remark 2.

The advantage of the channel or even the channel in Subsection VI is that it can generate random (look random) error vectors since the structured coefficients’ vector of the linearized polynomial goes through an interpolation process on linearly independent points. Even in subsection VI. the error space has dimension but it contains error with high or low ranks with no specific structure. So based on this observation, to find more suitable rank-based scheme, besides looking for new MRD codes and find the most efficient one, one can also look for new channels with higher error correctability.

Remark 3.

If we employ linearized polynomials and instead of , we are still able to decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG and AGTG codes. But the final polynomial equation in case 2 will be instead of the quadratic polynomial equation (22). Then using the methods explained in [12, Section 4.2], one can make sure that finding can be done in polynomial time and so decoding Gabidulin codes beyond half the minimum distance.

Vii Conclusion

In this paper we made some delicate restrictions on the communication channel and decode Gabidulin codes beyond half the minimum distance by one unit in polynomial time. The error vectors added to the codewords look random. Moreover, we improved the decoding algorithms for GTG and AGTG codes proposed in [24] and [12], if two parties communicate through the new defined channel. We are also able to decode any error vector with any rank added to low rate () GTG and AGTG codes if we define more constrains for our channel.

References

  • [1] B. Csajbók (2020) Scalar q-subresultants and dickson matrices. Journal of Algebra 547, pp. 116–128. Cited by: Proposition 1.
  • [2] B. Csajbók, G. Marino, O. Polverino, and F. Zullo (2019) A characterization of linearized polynomials with maximum kernel. Finite Fields and Their Applications 56, pp. 109 – 130. External Links: ISSN 1071-5797 Cited by: §III.
  • [3] P. Delsarte (1978) Bilinear forms over a finite field, with applications to coding theory. Journal of Combinatorial Theory, Series A 25 (3), pp. 226 – 241. External Links: ISSN 0097-3165 Cited by: §I.
  • [4] E. M. Gabidulin, A. V. Paramonov, and O. V. Tretjakov (1991) Ideals over a non-commutative ring and their application in cryptology. In Advances in Cryptology – EUROCRYPT’91, D. W. Davies (Ed.), pp. 482–489. External Links: ISBN 978-3-540-46416-7 Cited by: §I.
  • [5] E. M. Gabidulin (1985) Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21 (1), pp. 3–16. Cited by: §I, §I, §III.
  • [6] E. M. Gabidulin and N. I. Pilipchuk (2004) Symmetric rank codes. Problems of Information Transmission 40, pp. 103 – 117. Cited by: §I, §I, Remark 1.
  • [7] E. M. Gabidulin and N. I. Pilipchuk (2006) Symmetric matrices and codes correcting rank errors beyond the bound. Discrete Applied Mathematics 154 (2), pp. 305–312. Note: Coding and Cryptography External Links: ISSN 0166-218X Cited by: §I.
  • [8] R. Gow and R. Quinlan (2009) Galois theory and linear algebra. Linear Algebra and its Applications 430 (7), pp. 1778 – 1789. Note: Special Issue in Honor of Thomas J. Laffey External Links: ISSN 0024-3795 Cited by: §III, Lemma 1.
  • [9] T. Jerkovits, V. Sidorenko, and A. Wachter-Zeh (2021) Decoding of space-symmetric rank errors. External Links: 2102.02554 Cited by: §I, §I, Remark 1.
  • [10] W. K. Kadir, C. Li, and F. Zullo (2021) Decoding a class of maximum hermitian rank metric codes. Submitted to The 6th International Workshop on Boolean Functions and their Applications (BFA). Cited by: §I.
  • [11] W. K. Kadir, C. Li, and F. Zullo (2021) On interpolation-based decoding of a class of maximum rank distance codes. in International Symposium on Information Theory (ISIT). Cited by: §I.
  • [12] W. K. Kadir and C. Li (2020) On decoding additive generalized twisted gabidulin codes. Cryptography and Communications 12, pp. 987 – 1009. Cited by: §I, §I, §V-A, §V, §VII, Remark 3.
  • [13] A. Kshevetskiy and E. Gabidulin (2005) The new construction of rank codes. In International Symposium on Information Theory, (ISIT), pp. 2105–2108. Cited by: §I, §III.
  • [14] C. Li and W. K. Kadir (2019) On decoding additive generalized twisted Gabidulin codes. presented at the International Workshop on Coding and Cryptography (WCC). Cited by: §I, §V.
  • [15] C. Li (2019) Interpolation-based decoding of nonlinear maximum rank distance codes. In International Symposium on Information Theory (ISIT), Cited by: §I.
  • [16] P. Loidreau (2006) A Welch–Berlekamp like algorithm for decoding Gabidulin codes. In International Workshop on Coding and Cryptography (WCC), Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 36–45. Cited by: §I.
  • [17] P. Loidreau (2016) An evolution of gpt cryptosystem. In Int. Workshop Alg. Combin. Coding Theory (ACCT), Cited by: Remark 1.
  • [18] P. Loidreau (2017) A new rank metric codes based encryption scheme. In International Workshop on Post-Quantum Cryptography, pp. 3–17. Cited by: Remark 1.
  • [19] G. Lunardon, R. Trombetti, and Y. Zhou (2018) Generalized twisted gabidulin codes. Journal of Combinatorial Theory, Series A 159, pp. 79–106. Cited by: §I, §III.
  • [20] G. McGuire and J. Sheekey (2019) A characterization of the number of roots of linearized and projective polynomials in the field of coefficients. Finite Fields and Their Applications 57, pp. 68 – 91. External Links: ISSN 1071-5797 Cited by: §III.
  • [21] K. Otal and F. Özbudak (2017) Additive rank metric codes. IEEE Transactions on Information Theory 63 (1), pp. 164–168. Cited by: §I, §I, §III, §III.
  • [22] K. Otal and F. Özbudak (2018) Some new non-additive maximum rank distance codes. Finite Fields and Their Applications 50, pp. 293 – 303. External Links: ISSN 1071-5797 Cited by: §I.
  • [23] N. I. Pilipchuk and E. M. Gabidulin (2006) On codes correcting symmetric rank errors. In Coding and Cryptography, Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 14–21. External Links: ISBN 978-3-540-35482-6 Cited by: §I.
  • [24] T. H. Randrianarisoa (2017) A decoding algorithm for rank metric codes. arXiv.org. abs/1712.07060. Cited by: §I, §I, §I, §V, §VII, Proposition 1.
  • [25] J. Renner, T. Jerkovits, H. Bartz, S. Puchinger, P. Loidreau, and A. Wachter-Zeh (2020) Randomized decoding of gabidulin codes beyond the unique decoding radius. In Post-Quantum Cryptography, J. Ding and J. Tillich (Eds.), Cham, pp. 3–19. External Links: ISBN 978-3-030-44223-1 Cited by: §I.
  • [26] G. Richter and S. Plass (2004-06) Fast decoding of rank-codes with rank errors and column erasures. In International Symposium on Information Theory (ISIT), pp. 398–398. Cited by: §I, §V-A3.
  • [27] R. M. Roth (1991) Maximum-rank array codes and their application to crisscross error correction. IEEE Transactions on Information Theory 37 (2), pp. 328–336. Cited by: §I, §I.
  • [28] R. M. Roth (1996) Tensor codes for the rank metric. IEEE Transactions on Information Theory 42 (6), pp. 2146–2157. Cited by: §III.
  • [29] K. Schmidt (2018) Hermitian rank distance codes. Designs, Codes and Cryptography 86 (7), pp. 1469–1481. Cited by: §I.
  • [30] J. Sheekey (2016) A new family of linear maximum rank distance codes. Advances in Mathematics of Communications 10, pp. 475. External Links: ISSN 1930-5346 Cited by: §I, §III, §III, §III.
  • [31] J. Sheekey (2019) MRD codes: constructions and connections. arXiv.org. abs/1904.05813. Cited by: §I.
  • [32] J. Sheekey (2020)

    New semifields and new MRD codes from skew polynomial rings

    .
    Journal of the London Mathematical Society 101 (1), pp. 432–456. Cited by: §I.
  • [33] V. Sidorenko, G. Richter, and M. Bossert (2011-Sep.) Linearized shift-register synthesis. IEEE Transactions on Information Theory 57 (9), pp. 6025–6032. Cited by: §IV-C, §IV-C, §V-A3, §V-A3.
  • [34] D. Silva, F. R. Kschischang, and R. Koetter (2008-Sept) A rank-metric approach to error control in random network coding. IEEE Transactions on Information Theory 54 (9), pp. 3951–3967. Cited by: §I.
  • [35] R. Trombetti and Y. Zhou (2019) A new family of MRD codes in with right and middle nuclei . IEEE Transactions on Information Theory 65 (2), pp. 1054–1062. External Links: ISSN 0018-9448 Cited by: §I, §I, §III.