I Introduction
Delsarte [3], Gabidulin [5] and Roth [27] independently introduced rank metric codes. Those rank metric codes that achieve Singletonlike bound are called maximum rank distance (MRD) codes. Gabidulin codes are the most well known family of MRD codes. Later this family was generalized by Kshevetskiy and Gabidulin [13] to generalized Gabidulin (GG) codes. These codes are linear over . Sheekey in [30] defined twsited Gabidulin (TG) codes and established a way to generalize GG codes to linear MRD codes over the base fields and then he was followed by Lunardon et al.[19], Otal and Özbudak [21], Trombetti and Zhou [35] and Sheekey [32] to define generalized twisted Gabidulin (GTG) codes, additive generalized twisted (AGTG) codes, TrombettiZhou (TZ) codes and new MRD codes by Sheekey, repcetively. For more constructions of MRD codes, please refer to [31].
Efficient decoding is required for the wide range of applications of MRD codes in storage system [27], network coding [34] and cryptography [4]. There are plenty of algorithms that decode Gabidulin codes up to half the minimum distance [5, 26, 16, 24] and some which decode Gabidulin codes beyond half the minimum distance by considering restricted communication channels [6, 23, 7, 25, 9]
. The previously proposed restricted channels, can generate error vectors that hold some structure and they do not look random.
Randrianarisoa in [24] gave an interpolationbased decoding algorithm for Gabidulin codes and also for GTG codes. This idea is used later in [12],[15], [11] and [10] to decode AGTG [21], Nonadditive partition MRD codes [22], TZ codes [35] and Hermitain Rank metric codes [29], respectively.
In this paper we decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG in [24] and AGTG codes in [14, 12] by making some delicate restrictions on the communication channel. In the previously defined restricted channels, the error vectors hold some specific structures, for instance symmetric error vectors [6], spacesymmetric error vectors [9], but our channel generates random (look random) error vectors. Moreover, we use low rate GTG and AGTG codes to decode error vectors with rank where is the code length.
Ii Preliminaries
Definition 1.
Let be a power of prime and be an extension of the finite field . A polynomial is a polynomial of the form over . If , then we say that has degree . The set of these polynomials is denoted by .
When is fixed or the context is clear, it is also customary to speak of a linearized polynomial as it satisfies the linearity property: for any and any in an arbitrary extension of . Hence a linearized polynomial defines an
from to itself. The rank of a nonzero linearized polynomial over is given by , where is the kernel of .Iii Maximum rank distance (MRD) codes
The rank of a vector in , denoted as , is the number of its linearly independent components, that is the dimension of the vector space spanned by ’s over . The rank distance between two vectors is defined as .
Definition 2.
A subset with respect to the rank distance is called a rank metric code. When contains at least two elements, the minimum rank distance of is given by . Furthermore, it is called a maximum rank distance (MRD) code if it attains the Singletonlike bound .
The most famous MRD codes are Gabidulin codes [5] which were further generalized in [28, 13]. The generalized Gabidulin (GG) codes with length and dimension over is defined by the evaluation of
(2) 
where , on linearly independent points in . The choice of ’s does not affect the rank property and it is customary to exhibit Gabidulin codes and its generalized families without the evaluation points as in (2). For consistency with the parameters of MRD codes in [30, 35, 21], through what follows we always assume .
For a linearized polynomial over , it is clear that if . Gow and Quinlan in [8, Theorem 10] (see also [30]) characterize a necessary condition for to have rank as below, see [2, 20] for other necessary conditions.
Lemma 1.
[8] Suppose a linearized polynomial , , in has roots in . Then where is the norm function from to .
According to Lemma 1, a linearized polynomial of degree has rank at least if the condition in Lemma 1 is not met. Sheekey [30] applied Lemma 1 and constructed a new family of linear MRD codes, known as twisted Gabidulin (TG) codes, and the generalized TG codes are investigated in [19] as follows:
(3) 
where are positive integers such that and . Here is a nonzero element in satisfying . Later Otal and Özbudak [21] further generalized this family by manipulating some terms of linearized polynomials and constructed the following linear MRD codes, known as additive generalized twisted Gabidulin (AGTG) codes
(4) 
where and nonzero in satisfies .
Iv Decoding Gabidulin codes beyond half the minimum distance
For the rest of this paper, we use the notation for , where , for simplicity.
Iva Encoding
Let , where is even and
is odd, be a Gabidulin code with ordered
linearly independent evaluation points . The encoding of a message is the evaluation of the following linearized polynomial at points :(5) 
Let be a vector of length over and be the Moore matrix generated by ’s, where . Then the encoding of the message can be expressed as
(6) 
where is the transpose of matrix . In this process since only the first components of are nonzero, so only the first rows of are involved.
IvB Decoding errors with rank
Let the error vector of rank be added to the codeword during transmission and let be the received vector.
Consider a finely restricted communication channel which only use linearized polynomials of the form
(7)  
(8)  
(9) 
as the error interpolation polynomial, where are the channels’ public parameters. We use such that
(10) 
where are ordered linearly independent points over in . One can see that the error vector is uniquely determined by the polynomial and denote . From (6) and (10) it follows that
Since is nonsingular, this can be rewritten as
Let , then the known coefficients ’s are
(11) 
and we also have the auxiliary equations (8) and (9) which we will use later.
IvC Reconstructing the interpolation polynomial
Let
(12) 
be the Dickson matrix associated with the linearized polynomial , where the indices run through and is the th column of .
According to Proposition 1, since has rank , so has rank and any submiatrix of which contains consecutive rows and columns is nonsingular. Hence the first column can be written as the linear combination of columns as where are elements in . Then we can obtain the following recursive equations
(13) 
where the subscripts in ’s are taken modulo . Due to the relation in (11), we already know . These known coefficients leads us to the following linear recursive equation
(14) 
where are unknowns. In [33], the linearized shift register is given and the above recursive relation (14) can be seen as its generalized version. Here is the connection vector of the shift register. We call the equation (14) as the key equation for the decoding algorithm in this paper and due to the properties of shift register, finding leads us to find the unknown coefficients , recursively. The most complex task in our decoding algorithm is finding and then the remaining task (calculating unknown ’s) will be a recursive process. We consider , i.e., , and the task of finding via (14) is divided into two cases:
Case 1: If . In this case, (14) contains affine equations and variables , which has rank . Hence the variables can be uniquely determined. Here any Gabidulin decoder can be applied, but here we assume the code has high code rate, for which the BerlekampMassey algorithm is more efficient and it has polynomial time complexity.
Case 2: If . In this case (14) is an underdetermined system of equations with variables . A set of solutions with dimension one can be expressed of the form
(15) 
where are fixed elements in and runs through . The modified BM algorithm in [33, Th. 10] can give the solution with a free variable .
If we take and in (14) and substitute the solution (15), then we get
(16) 
and
(17) 
where in (16) and (17), and are the only unknowns and are derived from and known coefficients . if and this solution can be verified by and a known coefficient in (17). Substituting (16) in (8) gives
(18) 
As the next step, we rise both sides of (17) to the th power and obtain
(19) 
We also substitute (19) in (9) and rise both sides to the th power to get
(20) 
Finally, one can substitute (18) into (20) and obtain the following quadratic polynomial equation over
(21) 
If , then and if , equation (21) can be reduced to
(22) 
where and . When the characteristic of is odd, equation (22) can be solved explicitly as follows:

if is a quadratic residue in , then it has two solutions ;

if , then it has a single solution ;

it has no solution in otherwise.
When the characteristic of is two, we have the following cases:

if , it has a single solution , where ;

if , the equation (22) can be reduced to , where and . Then has

no zero if ;

two zeros of the form and where and is any fixed element such that .

We expect our quadratic equation to have roots in that lead to solutions in (14) and in (16). With the coefficients and also the initial state , one can recursively compute according to (13). Note that even if the equation (21) has two different solutions, they don’t necessarily lead to correct coefficients of the error interpolation polynomial. In fact, by the expression of the Dickson matrix of , the correct should have the sequence with period . In other words, if the output sequence has period , we know that the corresponding polynomial is the desired error interpolation polynomial.
V An improvement of the decoding of GTG and AGTG codes
In the interpolationbased decodings of GTG and AGTG codes in [24, 14] and[12], when the rank of the error vector is , one can use any decoder of a Gabidulin code to recover the message. But when , the problem of decoding the error vector is transformed to the problem of solving the projective polynomial over . In the following, we show that how one can decode GTG and AGTG codes more efficiently if he/she communicates via our finely restricted channel . Moreover, we show that one will be able to decode any error vector with any rank added to a low rate GTG and AGTG code if one defines more constraints for the communication channel. In this paper by a low rate code we mean a code with . To be selfcontained, we recall the decoding algorithms from [24] and [12]
Va Decoding GTG and AGTG codes
Here we explain an improvement of the decoding algorithm for GTG codes and the same procedure can be applied to AGTG codes with some minor differences. In this subsection we assume as an even positive integer. To be selfcontained, we recall the decoding algorithm from [12] where the general communication channel is replaced by a delicately restricted communication channel and the time complexity for the case when the rank of the error vector attains the unique decoding radius is improved.
VA1 Encoding
The encoding of a message is the evaluation of the following linearized polynomial at ordered points :
(23) 
Then the encoding of GTG codes can be expressed as
(24) 
where .
VA2 Decoding
Let the error vector of rank be added to the codeword during transmission and let be the received vector. Take be a linearized polynomial of the form given in (7) where instead of (9) we have
(25) 
Then
(26) 
As we mentioned before, is uniquely determined by the polynomial and denote . From (6) and (10) it follows that
VA3 Reconstructing the interpolation polynomial
If we write the column of the Dickson matrix associated to as the linear combination of we will get the recursive equation
(28) 
same as (13), where the subscripts in ’s are taken modulo . Recall that the elements are known from (27). Hence we obtain the following linear equations to replace the key equation in (14), with known coefficients and variables :
(29) 
For an error vector with , i.e., , we can divide the discussion into two cases.
Case 1: . In this case, (29) contains affine equations in variables , which has rank . Hence the variables can be uniquely determined. Any Gabidulin decoder can be applied. Here we assume the code has high code rate, for which the BerlekampMassey algorithm gives a better complexity. Although the recurrence equation (29) is a generalized version of the ones in [26] and [33], the modified BerlekampMassey algorithm can be applied here to recover the coefficients .
Case 2: . In this case (29) gives independent affine equations in variables . For such an underdetermined system of linear equations, we will have a set of solutions that has dimension over . Namely, the solutions will be of the form
where are fixed elements in and runs through . As shown in [33, Th. 10], the solution can be derived from the modified BM algorithm with a free variable .
Observe that in (28), by taking and and substituting the solution , one gets the following two equations
(30) 
and
(31) 
where in (30) and (31), and are unknowns. Using equations (8),(25), (30) and (31) instead of (8),(9), (16) and (17) and going through the same procedure in Subsection IVC, we can get a quadratic equation of the form
(32) 
which can be solved in polynomial time as discussed in Subsection IVC. Hence, if the communication parties transfer their messages through the finely restricted channel , then GTG and AGTG codes can be decoded more efficiently.
Vi Decoding error rank vectors with any rank
In this subsection we consider a communication channel which is more restricted than , but the generated error vectors are still look random and they can have any rank less than or equal to .
Let

(33) where , , is odd, and
(34) 
(35) where , , is even, and
(36)
In the decoding of GTG codes in Subsection VA, let , then we obtain
(37) 
and also based on the definition of GTG codes we have an auxiliary equation
(38) 
since and . Let . If we use (33) ((35)) as the error interpolation polynomial, one can employ (34) ((36)) and directly obtain from the known coefficients in (37). The only remaining unknown coefficient can be calculated using the auxiliary equation (38) since is already calculated.
Hence, by restricting the error interpolation polynomial we can decode any rank error vector with added to a low rate GTG (AGTG) code.
Remark 1.
In [9], an application of spacesymmetric rank errors in codebased cryptography is proposed. But spacesymmetric rank errors similar to symmetric rank errors [6], contain some structures and this may lead to a new structural attack. If we use random rank error vectors defined in Subsection VI instead of spacesymmetric rank errors and use GTG codes instead of Gabidulin codes in GPT variants [17] and [18], we can avoid potential structural attacks and possibly get the same key size found in [9, Section VI.]. This will be investigated in future works.
Remark 2.
The advantage of the channel or even the channel in Subsection VI is that it can generate random (look random) error vectors since the structured coefficients’ vector of the linearized polynomial goes through an interpolation process on linearly independent points. Even in subsection VI. the error space has dimension but it contains error with high or low ranks with no specific structure. So based on this observation, to find more suitable rankbased scheme, besides looking for new MRD codes and find the most efficient one, one can also look for new channels with higher error correctability.
Remark 3.
If we employ linearized polynomials and instead of , we are still able to decode Gabidulin codes beyond half the minimum distance and also improve the decoding algorithms for GTG and AGTG codes. But the final polynomial equation in case 2 will be instead of the quadratic polynomial equation (22). Then using the methods explained in [12, Section 4.2], one can make sure that finding can be done in polynomial time and so decoding Gabidulin codes beyond half the minimum distance.
Vii Conclusion
In this paper we made some delicate restrictions on the communication channel and decode Gabidulin codes beyond half the minimum distance by one unit in polynomial time. The error vectors added to the codewords look random. Moreover, we improved the decoding algorithms for GTG and AGTG codes proposed in [24] and [12], if two parties communicate through the new defined channel. We are also able to decode any error vector with any rank added to low rate () GTG and AGTG codes if we define more constrains for our channel.
References
 [1] (2020) Scalar qsubresultants and dickson matrices. Journal of Algebra 547, pp. 116–128. Cited by: Proposition 1.
 [2] (2019) A characterization of linearized polynomials with maximum kernel. Finite Fields and Their Applications 56, pp. 109 – 130. External Links: ISSN 10715797 Cited by: §III.
 [3] (1978) Bilinear forms over a finite field, with applications to coding theory. Journal of Combinatorial Theory, Series A 25 (3), pp. 226 – 241. External Links: ISSN 00973165 Cited by: §I.
 [4] (1991) Ideals over a noncommutative ring and their application in cryptology. In Advances in Cryptology – EUROCRYPT’91, D. W. Davies (Ed.), pp. 482–489. External Links: ISBN 9783540464167 Cited by: §I.
 [5] (1985) Theory of codes with maximum rank distance. Problemy Peredachi Informatsii 21 (1), pp. 3–16. Cited by: §I, §I, §III.
 [6] (2004) Symmetric rank codes. Problems of Information Transmission 40, pp. 103 – 117. Cited by: §I, §I, Remark 1.
 [7] (2006) Symmetric matrices and codes correcting rank errors beyond the bound. Discrete Applied Mathematics 154 (2), pp. 305–312. Note: Coding and Cryptography External Links: ISSN 0166218X Cited by: §I.
 [8] (2009) Galois theory and linear algebra. Linear Algebra and its Applications 430 (7), pp. 1778 – 1789. Note: Special Issue in Honor of Thomas J. Laffey External Links: ISSN 00243795 Cited by: §III, Lemma 1.
 [9] (2021) Decoding of spacesymmetric rank errors. External Links: 2102.02554 Cited by: §I, §I, Remark 1.
 [10] (2021) Decoding a class of maximum hermitian rank metric codes. Submitted to The 6th International Workshop on Boolean Functions and their Applications (BFA). Cited by: §I.
 [11] (2021) On interpolationbased decoding of a class of maximum rank distance codes. in International Symposium on Information Theory (ISIT). Cited by: §I.
 [12] (2020) On decoding additive generalized twisted gabidulin codes. Cryptography and Communications 12, pp. 987 – 1009. Cited by: §I, §I, §VA, §V, §VII, Remark 3.
 [13] (2005) The new construction of rank codes. In International Symposium on Information Theory, (ISIT), pp. 2105–2108. Cited by: §I, §III.
 [14] (2019) On decoding additive generalized twisted Gabidulin codes. presented at the International Workshop on Coding and Cryptography (WCC). Cited by: §I, §V.
 [15] (2019) Interpolationbased decoding of nonlinear maximum rank distance codes. In International Symposium on Information Theory (ISIT), Cited by: §I.
 [16] (2006) A Welch–Berlekamp like algorithm for decoding Gabidulin codes. In International Workshop on Coding and Cryptography (WCC), Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 36–45. Cited by: §I.
 [17] (2016) An evolution of gpt cryptosystem. In Int. Workshop Alg. Combin. Coding Theory (ACCT), Cited by: Remark 1.
 [18] (2017) A new rank metric codes based encryption scheme. In International Workshop on PostQuantum Cryptography, pp. 3–17. Cited by: Remark 1.
 [19] (2018) Generalized twisted gabidulin codes. Journal of Combinatorial Theory, Series A 159, pp. 79–106. Cited by: §I, §III.
 [20] (2019) A characterization of the number of roots of linearized and projective polynomials in the field of coefficients. Finite Fields and Their Applications 57, pp. 68 – 91. External Links: ISSN 10715797 Cited by: §III.
 [21] (2017) Additive rank metric codes. IEEE Transactions on Information Theory 63 (1), pp. 164–168. Cited by: §I, §I, §III, §III.
 [22] (2018) Some new nonadditive maximum rank distance codes. Finite Fields and Their Applications 50, pp. 293 – 303. External Links: ISSN 10715797 Cited by: §I.
 [23] (2006) On codes correcting symmetric rank errors. In Coding and Cryptography, Ø. Ytrehus (Ed.), Berlin, Heidelberg, pp. 14–21. External Links: ISBN 9783540354826 Cited by: §I.
 [24] (2017) A decoding algorithm for rank metric codes. arXiv.org. abs/1712.07060. Cited by: §I, §I, §I, §V, §VII, Proposition 1.
 [25] (2020) Randomized decoding of gabidulin codes beyond the unique decoding radius. In PostQuantum Cryptography, J. Ding and J. Tillich (Eds.), Cham, pp. 3–19. External Links: ISBN 9783030442231 Cited by: §I.
 [26] (200406) Fast decoding of rankcodes with rank errors and column erasures. In International Symposium on Information Theory (ISIT), pp. 398–398. Cited by: §I, §VA3.
 [27] (1991) Maximumrank array codes and their application to crisscross error correction. IEEE Transactions on Information Theory 37 (2), pp. 328–336. Cited by: §I, §I.
 [28] (1996) Tensor codes for the rank metric. IEEE Transactions on Information Theory 42 (6), pp. 2146–2157. Cited by: §III.
 [29] (2018) Hermitian rank distance codes. Designs, Codes and Cryptography 86 (7), pp. 1469–1481. Cited by: §I.
 [30] (2016) A new family of linear maximum rank distance codes. Advances in Mathematics of Communications 10, pp. 475. External Links: ISSN 19305346 Cited by: §I, §III, §III, §III.
 [31] (2019) MRD codes: constructions and connections. arXiv.org. abs/1904.05813. Cited by: §I.

[32]
(2020)
New semifields and new MRD codes from skew polynomial rings
. Journal of the London Mathematical Society 101 (1), pp. 432–456. Cited by: §I.  [33] (2011Sep.) Linearized shiftregister synthesis. IEEE Transactions on Information Theory 57 (9), pp. 6025–6032. Cited by: §IVC, §IVC, §VA3, §VA3.
 [34] (2008Sept) A rankmetric approach to error control in random network coding. IEEE Transactions on Information Theory 54 (9), pp. 3951–3967. Cited by: §I.
 [35] (2019) A new family of MRD codes in with right and middle nuclei . IEEE Transactions on Information Theory 65 (2), pp. 1054–1062. External Links: ISSN 00189448 Cited by: §I, §I, §III.
Comments
There are no comments yet.