polynomials with derivations and the corresponding evaluation codes. We propose ... Gabidulin for the rank metric and derive families of MDS and MRD codes.
Design, Codes and Cryptography manuscript No.
(will be inserted by the editor)
Linear codes using skew polynomials with automorphisms and derivations D. Boucher · F. Ulmer
Received: date / Accepted: date
Abstract In this work the definition of codes as modules over skew polynomial
rings of automorphism type is generalized to skew polynomial rings, whose multiplication is defined using an automorphism and a derivation. This produces a more general class of codes which, in some cases, produce better distance bounds than module skew codes constructed only with an automorphism. Extending the approach of Gabidulin codes, we introduce new notions of evaluation of skew polynomials with derivations and the corresponding evaluation codes. We propose several approaches to generalize Reed-Solomon and BCH codes to module skew codes and for two classes we show that the dual of such a Reed-Solomon type skew code is an evaluation skew code. We generalize a decoding algorithm due to Gabidulin for the rank metric and derive families of MDS and MRD codes. Keywords: error-correcting codes, decoding, finite fields, skew polynomial rings
1 Introduction.
In previous work (cf. [4]) we extended the classical notion of cyclic codes of the form (g )/(X n − 1) ⊂ IFq [X ]/(X n − 1), or more generally (g )/(f ) ⊂ IFq [X ]/(f ), to the noncommutative situation by considering the ring of skew polynomials of automorphism type R = IF[X ; θ]. One of the contributions of this work is to generalize this noncommutative approach to the more general rings R = IFq [X ; θ, δ ] which we now define. Starting with a ring A, an indeterminate X , an automorphism θ and a θ-derivation which is a map δ : A → A such that for all a and b in A: δ (a + b) = δ (a) + δ (b) δ (ab) = δ (a)b + θ(a)δ (b),
Pn
O. Ore defined in [15] a ring structure on the set { i=0 ai X i |n ∈ IN, ai ∈ A} of skew polynomial rings in the variable X over A. The addition is the usual addition of polynomials and the multiplication is defined using the commutation rule D. Boucher · F. Ulmer IRMAR (UMR 6625), Universit´ e de Rennes 1, Campus de Beaulieu, F-35042 Rennes Cedex
2
D. Boucher, F. Ulmer
X·a = θ(a)X + δ (a) and extended by distributivity and associativity. If A is a division ring, then A[X ; θ, δ ] is a right (resp. left) Euclidean ring in which greatest
common right (resp. left) divisor and least common left (resp. right) multiple exist ([15], [5]). For a noncommutative ring R = IFq [X ; θ, δ ] of characteristic p, an automorphism θ is a power of the Frobenius automorphism a 7→ ap and the θ-derivation must be a so called inner derivation of the form a 7→ β (θ(a) − a) where β ∈ IFq , which we denote δβ . For θ 6= id this follows from [8] Chapter 8, Theorem 3.1. For θ = id this follows from δ (1) = δ (1 · 1) = δ (1) + δ (1) which shows that any derivation on the prime field IFp ⊂ IFq must be zero and therefore the only classical derivation (i.e. id-derivations) on the algebraic extension IFq of IFp is the zero derivation a 7→ 0. Over IF4 = IF2 (α) with θ : a 7→ a2 , this approach leads to four noncommutative rings R = IF4 [X ; θ, δβ ] with β ∈ {0, 1, α, α2 }, while in [4] we only considered the case β = 0. For any automorphism θ of IFq and any β ∈ IFq we can consider R = IFq [X ; θ, δβ ] and construct the block code Rg/Rf ⊂ R/Rf , where g divides f on the right in R. It is important to note that all polynomial arithmetic is now to be performed in R = IFq [X ; θ, δβ ]. Since R is a right Euclidian ring, the elements of Rg/Rf can be represented by skew polynomials of degree less than deg(f ) which are left multiples associate to an element Pn−1 of g iin R. In analogy to classical cyclic codes, we n a X ∈ R/Rf the ‘word‘ ( a , a , . . . , a ) ∈ I F . The above linear block q 0 1 n− 1 i i=0 codes are of length deg(f ) and have dimension k = deg(f ) − deg(g ). The encoding mg of a message m of length k is done by right multiplication by g in R. Another classical construction of codes using commutative polynomials in IFq [X ] are codes defined using evaluation at a given set of points. To generalize this notion to the noncommutative ring R = IFq [X ; θ, δβ ] we need the notion of evaluation of f ∈ R at α ∈ IFq . The classical generalization of the commutative case is to define f (α) as the remainder of the right division of f by X − α in R = IFq [X ; θ, δβ ] which will be called remainder evaluation. However there is a second possible definition of evaluation in IFq [X ; θ, δβ ]. For R = IFq [X ; θ] (i.e. δβ = 0) the ring R is Pn homomorphic to the ring of operators i=0 ai θi over K where the multiplication Pn is defined as the composition of operators. An evaluation of f = i=0 ai X i ∈ R Pn i at α ∈ IFq can be defined as the evaluation of the operator i=0 ai θ at α, i.e. Pn i i=0 ai θ (α), which we will therefore call operator evaluation. In coding theory this
Pn
m·i
p , where operator ring is known as the ring of linearized polynomials i=0 ai X pm θ(a) = a . Using this ring, E. Gabidulin constructs the Gabidulin codes in [9]. We willP show that for δ 6= 0 the corresponding operator evaluation at α ∈ IFq is given n by i=0 ai δ i (α). One of the advantages of the operator evaluation in IFq [X ; θ, δβ ] is that the solution space is a vector space over the fixed field (IFq )θ under θ, which we will use intensively. The rank distance introduced by E. Gabidulin is well suited to this linear situation, and we will therefore consider both the classical Hamming distance and the rank distance. The paper is organized as follows:
– In section 2 we introduce module skew codes constructed using the rings R = IFq [X ; θ, δβ ]. We show that the case δβ 6= 0 produces new codes whose distance
Linear codes using skew polynomials with automorphisms and derivations
– – – – –
3
sometimes improve those obtained for δβ = 0. We also study equivalences of codes constructed by using different rings R = IFq [X ; θ, δβ ]. In section 3 we introduce the notions of remainder and operator evaluation and gather some results about them. In section 4 we use these evaluation notions to define evaluation skew codes to R = IFq [X ; θ, δβ ]. We study equivalence of the various evaluation skew codes. In section 5 we construct module skew codes with prescribed distance. In section 6 we generalize the notion of BCH codes to R = IFq [X ; θ, δβ ]. Finally, in section 7 we provide decoding algorithms for some of the previously introduced families of codes.
2 Module skew codes with derivation
In the following we will consider modules over R = IFq [X ; θ, δβ ] and in particular submodules Rg/Rf ⊂ R/Rf . We have Rf ⊂ Rg if and only if g is a right factor of f and in this case Rg/Rf is a submodule of R/Rf which is cyclic and generated as a left R-module by g + Rf . Therefore the left R-submodule Rg/Rf ⊂ R/Rf is a IFq -vector subspace of dimension deg(f ) − deg(g ) of the IFq -vector space R/Rf of dimension deg(f ). In analogy to classical cyclic codes, we associate to an element Pn−1 i a X in the quotient module R/Rf the ‘word‘ (a0 , a1 , . . . , an−1 ) ∈ IFq n . i=0 i Definition 1 Let θ be an automorphism of IFq , β ∈ IFq , R = IFq [X ; θ, δβ ], n ∈ IN∗ and f ∈ R be of degree n. A module (θ, δβ )-code C is a left R-submodule Rg/Rf ⊂ R/Rf in the basis 1, X, . . . , X n−1 where g is a right divisor of f in R. The length of the code is n = deg(f ) and its dimension is k = deg(f ) − deg(g ). We say that the code C is of type [n, k]q . If the minimum distance of the code is d, then we say that the θ,δ code C is of type [n, k, d]q . We denote this code C = (g )n β .
The above module skew codes generalize the codes defined in [4] and are also θ,δ considered in [6]. A generator matrix Gg,nβ of the code is given by the coefficients k−1 of g, X · g, . . . , X · g in the basis 1, X, X 2 , . . . , X n−1 and can be computed using the rule X·a = θ(a)X + β (θ(a) − a) for a ∈ IFq . Note that this generator matrix θ,δ depends only on the degree n of f , which justifies the notation C = (g )n β . Example 1 Consider IF4 = IF2 (α), θ : a 7→ a2 and β = α. For g = X 2 + X + α2 ∈ IF4 [X ; θ, δα ], we have X · g = X 3 + X 2 + αX + α and X 2 · g = X 4 + X 3 + α2 X + X + α while for g = X 2 + X + α2 ∈ IF4 [X ; θ] we have X · g = X 3 + X 2 + αX and X 2 · g = X 4 + X 3 + α2 X 2 . α The corresponding generator matrices for the codes (g )θ,δ and (g )θ5 are 5
θ,δα Gg, 5
α2 1 1 0 0 = α α 1 1 0 α 1 α2 1 1
and
Gθg,5
α2 1 1 0 0 = 0 α 1 1 0. 0 0 α2 1 1
The next proposition shows that different derivations may produce the same codes over IFq [X ; θ, δβ ].
4
D. Boucher, F. Ulmer n
k
5 15 15 16 21 31 .. . 40
3 8 12 10 13 27 .. . 36
best known distance 3 6 3 5 6 3 .. . 3
β=0 d 2 5 2 4 5 2 .. . 2
β=1 d 2 5 2 5 5 2 .. . 2
β=a d 3 6 3 4 6 3 .. . 3
Table 1 Module skew codes defined over IF4
Proposition 1 For any σ ∈ Aut(IFq ) the following map is a ring isomorphism ϕσ : IFq [X ; θ, δβ ] → IFq [X ; θ, δσ(β ) ] n X
ai X i 7→
i=0 θ,δβ
In particular the codes (g )n tance.
n X
σ (ai )X i .
i=0 θ,δσ(β )
and (ϕσ (g ))n
are isometric for the Hamming dis-
Proof The map ϕσ is an isomorphism of the corresponding additive groups, so we need to verify the multiplication rule. For a ∈ IFq , ϕσ (aX ) = σ (a)X = ϕσ (a)ϕσ (X ). In order to compute ϕσ (X ) · ϕσ (a), we note that, since the group Aut(IFq ) is abelian, we always have σθ = θσ : ϕσ (X ) · ϕσ (a) = X · σ (a) = (θ ◦ σ )(a)X + σ (β ) ((θ ◦ σ )(a) − σ (a))
= σ (θ(a))X + σ (β (θ(a) − a)) = ϕσ (X · a) This shows that the following induced map θ,δβ
ϕ σ : ( g )n
θ,δσ(β )
→ (ϕσ (g ))n
(a0 , a1 , . . . , an−1 ) 7→ (σ (a0 ), σ (a1 ), . . . , σ (an−1 )) θ,δ
has the property that for a and b in (g )n β , ϕσ (a + b) = ϕσ (a) + ϕσ (b) and for λ ∈ IFq , ϕσ (λa) = σ (λ)ϕσ (a). The map ϕσ preserves the Hamming distance of linear codes and is a semilinear isometry for the Hamming distance. This new class of codes is more general than the codes obtained using skew polynomials of automorphism type for which β = 0. In the following tables we give the parameters of codes which reach the best known minimum Hamming distances over IF4 , IF8 and IF9 thanks to a nonzero derivation and do not reach them with a zero derivation (tables for codes over IF4 also appear in [6]). Because of the above semilinear isometry ϕσ , we only included codes for one element of each orbit of β ∈ IF∗q under the action of θ.
Linear codes using skew polynomials with automorphisms and derivations n
k
22 23 .. . 30
19 20 .. . 27
best known distance 3 3 .. . 3
β=0 d 2 2 .. . 2
β=a d 3 3 .. . 3
β = a3 d 3 2 .. . 2
β = a2 d 7 7 5 5 2 .. . 2
β = a4 d 7 6 4 4 3 .. . 3
β=1 d 3 3 .. . 3
5
Table 2 Module skew codes defined over IF8 n
k
9 10 9 10 27 .. . 30
3 4 5 6 24 .. . 27
best known distance 7 7 5 5 3 .. . 3
β=0 d 6 6 4 4 2 .. . 2
β=1 d 7 6 4 4 3 .. . 3
β=a d 6 6 4 4 3 .. . 3
β = a5 d 6 6 4 4 3 .. . 3
Table 3 Module skew codes defined over IF9
We now establish a link between module skew codes with δβ = 0 and δβ 6= 0. If δβ 6= 0, then the change of variable Z = X + β transforms the ring IFq [X ; θ, δβ ] into a pure automorphism ring IFq [Z ; θ] (cf. [8], page 295). This corresponds to the ring isomorphism ψ : IFq [X ; θ, δβ ] → IFq [Z ; θ]
X
i
ai X 7→
X
(1) i
ai (Z − β ) .
(2)
The ring homomorphism ψ induces a map (which we also denote ψ ) from a θ,δ [n, k] module (θ, δβ )-code C = (g )n β over IFq [X ; θ, δβ ] with β 6= 0 to a [n, k] module θ-code C˜ = (ψ (g ))θn over IFq [Z ; θ] via n− X1
ci X i 7→
i=0
n− X1
i
ci (Z − β ) =
n− X1 i=0
i=0
Computing recursively the coefficients of (X + β )i = (X + β )i+1 = (X + β )·
i X
ai+1,j +1 X j =
c˜i Z i .
i X
Pi
j =0 ai+1,j +1 X
j
using
θ(ai+1,j +1 )(X + β )X j
j =0
j =0
we obtain the following link between the generating matrices of the codes θ,δ
Ak,k (β ) × Gg,nβ = Gθψ(g),n × An,n (β ),
where An,n (β ) is a lower unit triangular n × n matrix over (IFq )θ (β ) whose entries ai,j (j < i) are given by ai+1,j +1 = θ(ai,j ) + βθ(ai,j +1 ) (1 < j < i), ai+1,1 = βθ(ai,1 ) (1 < j ).
6
D. Boucher, F. Ulmer
Example 2 For g = X 2 + X + α2 ∈ IF4 [X ; θ, δα ] defined in the example 1, we have α ψ (g ) = Z 2 + α ∈ IF4 [Z ; θ]. One can verify that the generator matrices Gθ,δ 5,g and α Gθψ(g),5 of (g )θ,δ and (ψ (g ))θ5 satisfy the relation : 5
1 0 100 α2 1 1 0 0 α 1 = α 1 0 α α 1 1 0 1 1 111 α 1 α2 1 1 α α2 1 0
θ,δα −1 A3,3 (α) × Gg, 5 × A5,5 (α)
−1
0 00 0 0 0 1 0 0 α2 1 0 1 01
α 0 100 = 0 α2 0 1 0 = Gθψ(g),5 . 0 0 α01 θ,δ
The corresponding IFq -linear map between the codes (g )n β and (ψ (g ))θn does not preserve the Hamming distance. Indeed we have seen that the consideration of IFq [X ; θ, δβ ] with β 6= 0 produces new codes which are not module skew codes over IFq [X ; θ]. Example 3 For g = X 2 + X + α2 ∈ IF4 [X ; θ, δα ] (defined in examples 1 and 2), the α module skew code (g )θ,δ has minimum Hamming distance 3 while the module skew 5 code (ψ (g ))θ5 has minimum Hamming distance 2. Furthermore, one can verify that all the module skew codes [5, 3] over IF4 [Z ; θ] have minimum distances 1 or 2 and never reach the minimum distance 3 (see the first line of table 1).
The map ψ will be also useful in the context of evaluation skew codes introduced in the section 4.
3 Wronskian and Vandermonde matrices
Like in the commutative case, many constructions of codes are based on the notion of the evaluation of a polynomial. We start with the definition of the evaluation given in [12] ( where skew polynomials are also considered over division rings) and then introduce the evaluation via the linear operators associated to skew polynomials. In the following we denote K \ {0} simply K ∗ . Definition p. 310) Let K be a division ring, θ ∈ Aut(K ) and δ a θ-derivation. P 2 ([12] For f = ai X i ∈ K [X ; θ, δ ] and α ∈ K, the (right) remainder evaluation of f at α is denoted f (α) and is defined as the remainder of the right division of f by X − α. If f (α) = 0, then α is a right root of f .
The following definition ([12] p. 310) generalizes the classical notion of the norm of a field element : for i ∈ IN, Niθ,δ (α) is recursively defined as N0θ,δ (α) = 1 θ,δ θ,δ Niθ,δ +1 (α) = θ (Ni (α)) α + δ (Ni (α)).
In particular, if δ = 0, one gets the classical norm Niθ (α) = αθ(α) · · · θi−1 (α). Using induction one proves that the right remainder evaluation of X i at α ∈ K is equal to Niθ,δ (α) and one deduces from this fact the following lemma :
Linear codes using skew polynomials with automorphisms and derivations
7
Lemma 1 ([12], Proposition 2.9) Let K be a division ring, θ ∈ Aut(K ) and δ a P P θ-derivation. For f = ai X i ∈ K [X ; θ, δ ] and α ∈ K, f (α) = ai Niθ,δ (α).
In the following θ will play the same role for the ring K [X ; θ] as δ 6= 0 for the ring K [X ; θ, δ ]. We therefore introduce the notation:
� D=
θ , if δ = 0 δ , if δ = 6 0
and associate to f = ai X i the operator Lf = ai Di : K → K in the ring Pn i K [D; ◦] = { i=0 ai D | ai ∈ K, n ∈ IN}, where the addition is the usual addition and the multiplication is the composition of operators. Since
P
� Da(Y ) = D(aY ) =
P
θ(aY ) = θ(a)θ(Y ) = (θ(a)D)(Y ) , if δ = 0 δ (aY ) = δ (a)Y + θ(a)δ (Y ) = (θ(a)D + δ (a))(Y ) , if δ = 6 0,
we obtain the following lemma: Lemma 2 Let K be a division ring, θ ∈ Aut(K ) and δ a θ-derivation. The following map is a morphism of rings: K [X ; θ, δ ] → K [D; ◦] f=
n X
ai X i 7→ Lf =
n X
ai Di
i=0
i=0
From ( [11], Lemma 1(2) and [12] Proposition 2.9(4)) we obtain for y ∈ K ∗ � that Niθ,δ D(y )y −1 = Di (y )y −1 . Therefore, for y ∈ K ∗ , we have f (D(y )y −1 ) = Lf (y )y −1
(3)
Definition 3 Let K be a division ring, θ ∈ Aut(K ) and δ a θ-derivation. Consider P f = ai X i ∈ K [X ; θ, δ ] and y ∈ K, the operator evaluation of f at y ∈ K is Lf (y ). If Lf (y ) = 0, then y is a solution of Lf (Y ) = 0.
For a field extension K ⊂ F together with an extension of θ and δ to K we can consider the operator evaluation of f ∈ K [X ; θ, δ ] at y ∈ F . We will be interested in the case IFq [X ; θ, δβ ]. For an extension IFq ⊂ IFqs we extend an automorphism a 7→ am of IFq to the corresponding automorphism a 7→ am of IFqs , extending δβ accordingly. Definition 4 ([12], page 321) Let K be a division ring, θ ∈ Aut(K ), δ be a θderivation and n ∈ IN∗ . Let α1 , . . . , αn ∈K n . The (θ, δ )-Vandermonde matrix of α1 , . . . , αn is defined by
1 1 ··· 1 N1 (α1 ) N1θ,δ (α2 ) · · · N1θ,δ (αn ) θ,δ
Vnθ,δ (α1 , . . . , αn ) =
. .. ··· . θ,δ θ,δ θ,δ Nn− ( α ) N ( α ) · · · N ( α ) 1 1 n−1 2 n−1 n .. .
.. .
8
D. Boucher, F. Ulmer
A closely related matrix is the following generalization of the Wronskian matrix defined for y1 , . . . , yn ∈ K as
y1 D(y1 )
Wrθ,δ n (y 1 , . . . , y n ) =
y2 D(y2 )
··· ···
yn+1 D (y n )
.. . Dn−1 (y1 ) Dn−1 (y2 ) · · · Dn−1 (yn )
.
We now summarize some results, most of them from [12], which allow to control the rank of the (θ, δ )-Vandermonde matrix. Definition 5 ([12]) Let K be a division ring, θ ∈ Aut(K ) and δ a θ-derivation. The (θ, δ )−conjugacy class of an element a ∈ K is the set of all its conjugates ac := θ(c)ac−1 + δ (c)c−1 where c is taken over K ∗ . We call δ (c)c−1 the logarithmic derivative of c.
If δ 6= 0, then from equation (3) we get that for f ∈ K [X ; θ, δ ] the logarithmic derivative δ (y )y −1 of a nonzero solution y of Lf (Y ) = 0 is always a right root of f . But for a solution y 6= 0 of Lf (Y ) = 0 to correspond to a right root α of f , there must be a solution in K to the equation δ (y )y −1 = α. That means that α must � belong to the (θ, δ )-conjugacy class of 0 which is the set δ (c)c−1 | c ∈ K ∗ of the logarithmic derivatives of elements of K ∗ . θ (c)
Note 1 For a finite field IFq one gets ac = c (a + β ) − β and in particular the (θ, δβ )−conjugacy class of −β is reduced to {−β}. Assume q = pN with N ∈ IN∗ and p m prime and consider n θ(a) = ap . Ifoa 6= −β, the (θ, δ )-conjugacy class of a has as many elements as the set
θ (c ) c
| c ∈ IF∗q
namely,
pN −1 p r −1
elements where r = gcd(m, N ). So
r
there are p conjugacy classes: the conjugacy class of −β which contains one element N −1 and pr −1 classes with ppr − 1 elements. In particular, if θ is the Frobenius automorphism (m = r = 1), then there are p conjugacy classes. For q = 2N and m = 1 (θ : a 7→ a2 ), there are two conjugacy classes, the n o class of 0 which is reduced to {0} and the class of 1 which is the set
θ (c) c |c
∈ IF∗2N
= IF∗2N .
Definition 6 ([12], page 3.14) Let K be a division ring, θ ∈ Aut(K ), δ a θ-derivation and a ∈ K. The (θ, δ )-centralizer of a is C θ,δ (a) = c ∈ K ∗ | ac = a ∪ {0}.
�
From [12], Lemma 3.2 we get that C θ,δ (a) is a division subring of K . If K is a field we recover classical notions: 1. If δ = 0, then C θ,δ (1) = {c ∈ K | θ(c) = c} is the fixed field (K )θ of K under θ. 2. If δ 6= 0, then C θ,δ (0) = {c ∈ K | δ (c) = 0} is the subfield of constants kerK (δ ) of K for δ . Theorem 1 ([12], Theorem 4.5 page 323 and [12], page 321)) Let K be a division ring, θ ∈ Aut(K ), δ be a θ-derivation, n ∈ IN∗ and a ∈ K. Then, for any (y1 , . . . , yn ) ∈ K ∗ , rank(Vnθ,δ (ay1 , . . . , ayn )) = dimC θ,δ (a) (y1 , . . . , yn ). Let A = A1 ∪ · · · ∪ Ar be the partition of A ⊂ K into (θ, δ )-conjugacy classes. Then rank(V θ,δ (A)) =
Pr
i=1 rank(V
θ,δ
(Ai )).
Linear codes using skew polynomials with automorphisms and derivations
9
Example 4 Consider IF36 = IF3 (α) where α6 + 2 α4 + α2 + 2 α + 2 = 0, n = 13, β = 1, θ : a 7→ a3 and A = {2, α, α2 , α3 , α4 , α5 , α6 , α7 , α8 , α9 , α10 , α14 , α25 }. The set A can be partitioned as A = A1 ∪ A2 ∪ A3 where A1 = {2}, A2 = {α, α3 , α14 , α25 , α4 , α9 } and A3 = {α2 , α5 , α6 , α7 , α8 , α10 }. The set A1 is the (θ, δ1 )-conjugacy class of 2 = −1, the elements of A2 are (θ, δ1 )conjugate to 0 and the elements of A3 are (θ, δ1 )-conjugate to α2 : 306
, 0α
242
, 0α , 0α
, (α2 )α
305
, (α2 )α , (α2 )α , (α2 )α
A2 = {0α
, 0α
0
203
A3 = {(α2 )α , (α2 )α
190
47
4
130
, 0α
206
26
}, 190
}.
Furthermore C θ,δ (0) = C θ,δ (α2 ) = IF3 and
dimIF3 (α306 , α190 , α242 , α47 , α130 , α206 ) = dimIF3 (1, α203 , α305 , α4 , α26 , α190 ) = 6 so rank(V θ,δ (A)) = 1 + 6 + 6 = 13. Corollary 1 Let K be a field, θ ∈ Aut(K ), δ be a θ-derivation and f = be a nonzero element of K [X ; θ, δ ] of degree n. Then
Pn
i=0 ai X
i
1. If δ = 0, the solution space of Lf (Y ) = 0 is a vector space of dimension at most n over the fixed field (K )θ of K under θ. 2. If δ = 6 0, the solution space of Lf (Y ) = 0 is a vector space of dimension at most n over the subfield of constants kerK (δ ) of K for δ. θ Proof We already noted that the solution space is a vectorspace over � (K ) (resp. Pn i ( Y ) = 0 has kerK (δ )) if δ = 0 (resp. δ 6= 0). Suppose that Lf (Y ) = a D i=0 i n + 1 solutions y1 , . . . , yn+1 , then (a0 , . . . , an ) is a nonzero vector in the kernel of Wrn+1 (y1 , . . . , yn+1 ).
1. If δ = 0, then ( (4.12) page 325 of [12] ) shows that the determinant of the following matrix must be zero:
1
y1
0 . ..
Wrθn+1 (y1 , . . . , yn+1 ) ·
0 .. . .. .
···
..
.
..
. 0 ··· 0
0 .. .
θ y1 yn+1 ). = Vn+1 (1 , . . . , 1 0
(4)
1
yn+1
From the above theorem we get that y1 , . . . , yn+1 are linearly dependent over (K )θ . 2. If δ 6= 0, then ((4.8) page 325 of [12] ) the following matrix is of determinant 0
1
y1
0 .. . .. .
···
.. 0 . Wrθ,δ ( y , . . . , y ) · n+1 n+1 1 .. . . . . 0 ··· 0
0 .. .
θ,δ y1 yn+1 ). = Vn+1 (0 , . . . , 0 0
(5)
1
yn+1
From the above theorem we get that y1 , . . . , yn+1 are linearly dependent over kerK (δ ).
10
D. Boucher, F. Ulmer
The operator Lf (Y ) whose solution space is spanned by y1 , y2 , . . . , yn can be obtained by expanding | Wrθ,δ n+1 (y1 , . . . , yn , Y ) | along the last column. In a similar way, in order to construct the polynomial f ∈ K [X ; θ, δ ] of minimal degree such that f (α1 ) = . . . = f (αn ) = 0 we simply consider the least common left multiple lclm1≤i≤n (X − αi ) ∈ K [X ; θ, δ ]. It corresponds to : Theorem 2 ([11] Theorem 8, [12] page 326) Let K be a division ring, n ∈ IN∗ , θ ∈ Aut(K ) and δ be a θ-derivation. Let α1 , . . . , αn ∈ K and g = lclm1≤i≤n (X −αi ) ∈ K [X ;�θ, δ ] be the least common left multiple of X − αi , i = 1, . . . , n, then deg(g ) = �
rank Vnθ,δ (α1 , . . . , αn ) .
q0 Suppose that q = q0t and consider θ ∈ Aut(IFP q ) given by a 7→ a . The fixed n i θ field (IFq ) of θ is IFq0 . We associate to Lf (Y ) = i=0 ai D (Y ) the commutative linearized polynomial `f (Z ) ∈ IFq [Z ] by expressing the action of the automorphism θ and the derivation δβ = β (θ − id):
Pn
1. If δ = 0, then Lf (Y ) = i=0 ai θi (Y ) corresponds to (cf. Section 5 of [13] or n ”p-polynomials“ in [16]) `f (Z ) = an Z (q0 ) + . . . + a1 Z q0 + a0 Z ∈ IFq [Z ]. Pn i 2. If δ 6= 0 then we can express Lf (Y ) = i=0 ai (β (θ − id)) (Y ) in the form Pn i , . . . , a , β ) can be exi=0 `i (a0 , . . . , an , β )θ (Y ) where the coefficients `i (a0 Pn n plicitly computed and in particular `0 (a0 , . . . , an , β ) = i=0 (−1)i β i ai . Therefore `f (Z ) =
Pn
i=0 `i (a0 , . . . , an , β )Z
(q 0 )i
∈ IFq [Z ].
We obtain that for f ∈ IFq [X, θ, δβ ] the solutions of Lf (Y ) = 0 correspond to the roots of the commutative polynomial `f (Z ) ∈ IFq [Z ]. Since for id 6= θ ∈ Aut(IFq ) and δβ = β (θ − id) (β ∈ IFq ) the fixed field (IFq )θ of IFq is the subfield of constants ker(δβ ), the solution space of Lf (Y ) = 0 and of `f (Z ) = 0 is a vector space over (IFq )θ . The proof of ([7] Theorem 1) generalizes to
Pn
Theorem 3 Consider id 6= θ ∈ Aut(IFq ), β ∈ IFq and f = i=0 ai X i ∈ IFq [X ; θ, δβ ]. There exists a finite field extension IFqs /IFq which contains all the roots of `f (Y ) = 0. The (IFq )θ -subspace of IFqs spanned by those roots is a vector space of dimension n − min{i | `i (a0 , . . . , an , β ) = 6 0} over (IFq )θ .
Therefore, for f ∈ IFq [X, θ, δβ ], if `0 (a0 , . . . , an , β ) 6= 0, then all solution of Lf (Y ) = 0 belong to a finite field extension IFqs /IFq .
4 Evaluation skew codes.
In this section we extend the notion of evaluation code introduced by E. Gabidulin in [9]. Recall that an inner θ-derivation in IFq is of the form δβ (a) = β (θ(a) − a), where β ∈ IFq . In the following we will use the notation δβ whenever an explicit use of β is made in the argumentation; otherwise, we will denote it δ .
4.1 Definitions Definition 7 Let n ∈ IN∗ , k ∈ {1 . . . , n}, θ ∈ Aut(IFq ) and δ a θ-derivation.
Linear codes using skew polynomials with automorphisms and derivations
11
θ,δ – Let α = (α1 , . . . , αn ) ∈ IFn q with rank(Vn (α1 , . . . , αn )) ≥ k. The remainder evaluation skew code of length n, dimension k and support α is defined as
Rθ,δ k,n (α) = {(f (α1 ), . . . , f (αn )) | f ∈ IFq [X ; θ, δ ], deg(f ) ≤ k − 1}. θ,δ – Let y = (y1 , . . . , yn ) ∈ IFn q with rank(Wrn (y1 , . . . , yn )) ≥ k. The operator evaluation skew code of length n, dimension k and support y is defined as θ,δ Ok,n (y ) = {(Lf (y1 ), . . . , Lf (yn )) | f ∈ IFq [X ; θ, δ ], deg(f ) ≤ k − 1}.
In the following lemma, generator matrices are derived for these two codes. Lemma 1 A generator matrix of the code Rθ,δ k,n (α) defined above is the rectangular Vandermonde matrix defined by N0θ,δ (α1 ) N0θ,δ (α2 ) N θ,δ (α1 ) N θ,δ (α2 ) 1 1 θ,δ Vk,n (α1 , . . . , αn ) = .. .. . . θ,δ θ,δ Nk− ( α ) N 1 1 k−1 (α2 )
· · · N0θ,δ (αn ) · · · N1θ,δ (αn ) . .. ··· . θ,δ · · · Nk−1 (αn )
θ,δ A generator matrix of the code Ok,n (y ) defined as above is the rectangular Wronskian matrix defined by
y1 y2 D(y1 ) D ( y2 ) Wrθ,δ .. .. k,n (y1 , . . . , yn ) = . . Dk−1 (y1 ) Dk−1 (y2 ) Proof Let f =
Pk−1 i=0
··· ···
yn D(yn ) . .. ··· . · · · Dk−1 (yn )
ai X i ∈ IFq [X ; θ, δ ].
– According to Lemma 1, ∀j ∈ {1, . . . , n}, f (αj ) =
Pk−1 i=0
ai Niθ,δ (αj ). So
θ,δ (α1 , . . . , αn ) (f (α1 ), . . . , f (αn )) = (a0 , . . . , ak−1 ) × Vk,n
and θ,δ k Rθ,δ k,n (α) = {m × Vk,n (α1 , . . . , αn ) | m ∈ IFq }. θ,δ As the rank of Vk,n (α) is min(k, r) where r is the rank of Vnθ,δ (α) (Remark 4.6
page 324 of [12]) and as r ≥ k, the dimension of Rθ,δ k,n (α) is k . – In the same way, (Lf (y1 ), . . . , Lf (yn )) = (a0 , . . . , ak−1 ) × Wrθ,δ k,n (y1 , . . . , yn ) and θ,δ k Ok,n (y ) = {m × Wrθ,δ k,n (y1 , . . . , yn ) | m ∈ IFq }.
As the rank of Wrθ,δ k,n (y1 , . . . , yn ) is min(k, r ) where r is the dimension of the θ,δ (IFq )θ space generated by y1 , . . . , yn and as r ≥ k, the code Ok,n (y ) is of dimension k.
12
D. Boucher, F. Ulmer
Example 5 Consider x = (2, α, α2 , α3 , α4 , α5 , α6 , α7 , α8 , α9 , α10 , α14 , α25 ) ∈ IF13 36 θ,δ1 defined in example 4. We have shown that rank(V13 (x)) = 13 so one can consider the θ,δ1 remainder evaluation skew code Rk, (x) for any k ∈ {1, . . . , 13} over IF36 . Meanwhile 13 θ,δ1 rank(W13 (x)) = dimIF3 (x) = 6, so one can construct the operator evaluation skew θ,δ1 code Ok, ( x ) for any k ∈ {1, . . . , 6} over IF36 . 13 1 For k = 2, a generator matrix of Rθ,δ 2,13 (x) is
1 V2θ,δ ,13 (x)
� =
11 1 1 1 1 1 1 1 1 1 1 1 2 α α2 α3 α4 α5 α6 α7 α8 α9 α10 α14 α25
�
1 while a generator matrix of O2θ,δ ,13 (x) is
1 Wrθ,δ 2,13 (x)
� =
2 α α2 α3 α4 α5 α6 α7 α8 α9 α10 α14 α25 0 α470 α412 α682 α674 α233 α508 α335 α671 α590 α559 α98 α181
� .
Note 2 For δ = 0, if f ∈ IFq [X ; θ], the operator evaluation Lf (y ) of f at y ∈ IFq coincides with the evaluation of the classical linearized polynomial associated to f . For y1 , . . . , yn ∈ IFq , we have rank(Wrθn (y1 , . . . , yn )) = n if, and only if, y1 , . . . , yn are linearly independent over (IFq )θ (see Corollary 4.13 of [12]). So if y1 , . . . , yn are linearly independent over (IFq )θ , then the corresponding operator evaluation skew codes θ (y ) for k ∈ {1, . . . , n} are due to Gabidulin (cf.[9]). Ok,n
4.2 Classification There are strong links between the remainder evaluation skew codes and the operator evaluation skew codes, and also between the two cases δ = 0 and δ 6= 0. The results are summarized below : are equivalent codes
θ,δ θ,δ Ok,nβ (y ) o_ _ _ _ _ _ _δ _(y _) _/ Rk,nβ (α)
O�
if ∃yi ∈IF∗q , αi =
� �
are equal codes � if
� ��
θ (u) ∃u∈IF∗ q , β= u
θ Ok,n (u × y )
�O
β i yi
� �
are equal � codes ∀β∈IFq
� ��
Rθk,n (α + β )
It is important to note that in two cases the equality (resp. equivalence) depends on the fact that β (resp. all αi ) is θ-conjugate to 1 (resp. (θ, δβ )-conjugate to 0 when δβ 6= 0). This is always true if IFq = IF2r , r ∈ IN∗ and θ : a 7→ a2 ; otherwise δ (y ) the element u (resp. yi ) such that β = θ(uu) = 1u (resp. αi = βyi i = 0yi ) may belong to a field extension of IFq .
Linear codes using skew polynomials with automorphisms and derivations
13
Comparison of remainder evaluation skew codes with δ = 0 and δ 6= 0 : The image of the relation f = q · (X − α) + f (α) in IFq [X ; θ, δβ ] under the morphism (1) becomes ψ (f ) = ψ (q ) · ( Z − β − α ) + f (α )
in IFq [Z ; θ], showing that f (α) = ψ (f )(α + β ).
(6)
∗
Consider n ∈ IN , k ∈ {1, . . . , n − 1} and α1 , . . . , αn ∈ IFq . As the restriction of ψ to the skew polynomials of degree ≤ k − 1 is still a bijection, the relation (6) gives {(f (α1 ), . . . , f (αn )) | f ∈ IFq [X ; θ, δβ ], deg(f ) ≤ k − 1} = {(f (α1 + β ), . . . , f (αn + β )) | f ∈ IFq [X ; θ], deg(f ) ≤ k − 1}
i.e. θ,δ
θ {m × Vk,n β (α1 , . . . , αn ) | m ∈ IFkq } = {m × Vk,n (α1 + β, . . . , αn + β ) | m ∈ IFkq }. θ,δβ
If we assume that rank(Vn
θ,δ
(α1 , . . . , αn )) ≥ k, then rank(Vk,n β (α1 , . . . , αn )) = k =
θ rank(Vk,n (α1 + β, . . . , αn + β ))
because the two sets above have the same dimension over IFq . So we get that rank(Vnθ (α1 + β, . . . , αn + β )) ≥ k. We conclude that the θ,δ remainder evaluation skew codes Rk,nβ (α) and Rθk,n (α + β ) are equal. Comparison of remainder evaluation skew codes and operator evaluation skew codes D (y ) with δ = 0 : Let f ∈ IFq [X ; θ, δ ] and yi ∈ IF∗q . Considering αi = yi i , according to
(3), f (αi ) =
Lf (yi ) yi .
Therefore
y1 0 · · · 0
.. .. . . .. .. . . 0 ··· 0
0 . ..
(Lf (y1 ), . . . , Lf (yn )) = (f (α1 ), . . . , f (αn )) ×
.. .
. 0 yn
This shows that operator evaluation skew codes whose support do not contain zero (which would correspond to a coordinate which is always zero) are always monomially equivalent to a remainder evaluation skew code. Note that the converse of the above does not hold since yi may belong to a field extension of the field IFq containing the αi . More precisely, if αi is (θ, δ )-conjugate to 0 when δ 6= 0 (resp. θ-conjugate to 1 when δ = 0), then the remainder evaluation skew code of support α is monomially equivalent to an operator evaluation skew code. Comparison of operator evaluation skew codes with δ = 0 and with δ 6= 0 : Lemma 3 Let n ∈ IN∗ , k ∈ {1, . . . , n}, y1 , . . . , yn in IFq , θ ∈ Aut(IFq ), β ∈ IF∗q and δ be the nonzero inner θ-derivation defined by δβ (a) = β (θ(a) − a). Let us assume that there exists u ∈ IF∗q such that
θ (u) u
= β.
θ,δ θ – If rank(Wrθ,δ n (y1 , . . . , yn )) ≥ k then Ok,n (y1 , . . . , yn ) = Ok,n (uy1 , . . . , uyn ). θ,δ θ – If rank(Wrθ,δ n (y1 , . . . , yn )) = n then Ok,n (y1 , . . . , yn ) = Ok,n (y1 , . . . , yn ).
14
D. Boucher, F. Ulmer
Proof Suppose that δ 6= 0. Consider u ∈ IF∗q such that
θ (u ) u
= β.
– Consider f ∈ IFq [X ; θ, δ ] with degree < k. For y ∈ {y1 , . . . , yn }, we have L f (y ) = f
�
δ (y ) y
=
(according to (3))
y
�
δ (y ) +β y � y � θ (uy ) (uy ) ψ (f ) uy −1 Lψ(f ) (uy ) u
= ψ (f ) =
�
�
(according to (6)) u
−1
(according to (3)).
So
�
u × (Lf (y1 ), . . . , Lf (yn )) = Lψ(f ) (u y1 ), . . . , Lψ(f ) (u yn ) . θ Since u ∈ IFq , rank(Wrθ,δ n (y1 , . . . , yn )) = rank(Wrn (u y1 , . . . , u yn )). Thus the θ,δ θ operator evaluation skew codes Ok,n (y1 , . . . , yn ) and Ok,n (u y1 , . . . , u yn ) are equal. – If rank(Wrθ,δ n (y1 , . . . , yn )) = n, then uy1 , . . . , uyn are linearly independent over θ (IFq )θ and Ok,n (uy1 , . . . , uyn ) is a Gabidulin code of dimension k and support (uy1 , . . . , uyn ). According to [1] the Gabidulin codes of dimension k of support (u y1 , . . . , u yn ) and (y1 , . . . , yn ) are equal if u ∈ IF∗q . Therefore, if θ,δ rank(Wrθ,δ n (y1 , . . . , yn )) = n, then Ok,n (y1 , . . . , yn ) is the Gabidulin code of support (y1 , . . . , yn ) and dimension k.
4.3 MDS and MDR evaluation skew codes We now give conditions for an evaluation skew code to be MDS (Maximum Distance Separable, for the Hamming metric) or MRD (Maximum Rank Distance, for the rank metric). First, let us recall some facts about the rank metric and MRD codes ([9]). ∗ Definition 8 Consider the IFq -vector space V = IFn q over IFq for n ∈ IN and θ ∈ θ θ Aut(IFq ). The rank of y = (y1 , . . . , yn ) ∈ V over (IFq ) denoted rank (y ), is the y) = dimension of the (IFq )θ -vector space spanned by y1 , . . . , yn . The relation drank (y, ˜
rankθ ((y − ˜ y )) for y, ˜ y ∈ V defines a distance on V called the rank distance. Note 3 Let n ∈ IN∗ and y1 , . . . , yn ∈ IF∗q . According to Theorem 1 with C θ,δ (1) = C θ (0) = (IFq )θ and using the relations (4) and (5) one gets
rank(Wnθ,δ (y1 , . . . , yn )) = rank(Wnθ (y1 , . . . , yn )) = dim(IFq )θ (y ) = rankθ (y ). y ) ≤ dH (y, ˜ y ). One If dH denotes the classical Hamming distance, then drank (y, ˜ can define the minimum rank distance of a linear code as the minimum of the nonzero ranks of the codewords. In particular, a [n, k] code with minimum rank distance dr is said MRD if dr reaches the Singleton bound i.e. dr = n − k + 1. Proposition 2 Let n ∈ IN∗ , k ∈ {1, . . . , n} and yi , αi ∈ IFq (i ∈ {1, . . . , n}).
Linear codes using skew polynomials with automorphisms and derivations
15
1. If rank(Vnθ,δ (α1 , . . . , αn )) = n, then the remainder evaluation skew code Rθ,δ k,n (α) of length n, dimension k and support α = (α1 , . . . , αn ) is MDS. 2. If y1 , . . . , yn are linearly independent over (IFq )θ , then the operator evaluation θ,δ skew code Ok,n (y ) of length n, dimension k and of support y = (y1 , . . . , yn ) is MRD. Proof 1. If a nonzero codeword has a Hamming weight < n − k + 1, then at least k coordinates, say the first k ones must vanish. This means that there exits a nonzero f ∈ IFq [X ; θ, δ ] of degree < k, such that f (αi ) = 0 for i ∈ {1, . . . , k}. The polynomial f is right divisible by X − αi and therefore f is a right multiple of lclm(X − α1 , . . . , X − αk ). Since rank(Vnθ,δ (α1 , . . . , αn )) = n implies that rank(Vkθ,δ (α1 , . . . , αk )) = k, we get from Theorem 2 that the degree of f is k. By assumption the degree of f is less than k, showing that a nonzero word of Hamming weight < n − k + 1 cannot exist. This shows that the minimum Hamming distance of the code is ≥ n−k +1 and we conclude using the Singleton bound that the minimum Hamming distance is equal to n − k + 1.
2. The dual of a MRD code is also MRD (cf. [9]). Therefore we consider the code with the parity-check matrix H = Wrθ,δ k,n (y1 , . . . , yn ) and prove that it is MRD by showing that it has no codeword of rank < k + 1 over (IFq )θ . If c is a codeword of rank r < k + 1 over (IFq )θ , then there exists x = (x1 , . . . , xr ) of rank r over (IFq )θ and a matrix M of size r × n and rank r with coefficients in (IFq )θ such that c = xM . Then H cT = H M T xT = 0. As r ≤ k, we T T get Wrθ,δ x = 0. Set (z1 , . . . zr ) such that (y1 , . . . , yn ) M T = r,n (y1 , . . . , yn ) M T (z1 , . . . zr ), then as D is linear over (IFq )θ we get Wrθ,δ = r,n (y1 , . . . , yn ) M θ,δ θ,δ T Wrr (z1 , . . . , zr ) and Wrr (z1 , . . . , zr ) x = 0. Furthermore z1 , . . . , zr are linearly independent over (IFq )θ because y1 , . . . , yn are linearly independent over (IFq )θ and M has rank r so det(Wrθ,δ r (z1 , . . . , zr )) 6= 0, contradiction. Note 4 If y1 , . . . , yn are linearly independent over (IFq )θ and if δ = 0, then the operator evaluation skew code of support (y1 , . . . , yn ) is a MRD Gabidulin evaluation code ([9]). The condition y1 , . . . , yn ∈ IFq linearly independent over (IFq )θ implies that n ≤ [IFq : (IFq )θ ]. If q = pN with p prime number and if θ is the Frobenius automorphism, then n ≤ N . The condition rank(Vnθ,δ (α1 , . . . , αn )) = n for α1 , . . . , αn ∈ IFq is less restrictive on the size of n. If q = pN then there are p conjugacy classes : the N conjugacy class of −β and p − 1 conjugacy classes each of size pp−−11 (see note 1). The rank of the Vandermonde matrix of elements lying in the same conjugacy class 6= {−β} cannot be higher than [IFq : (IFq )θ ] = N . So if rank(Vnθ,δ (α1 , . . . , αn )) = n then n ≤ (p − 1)N + 1. θ,δ1 Example 6 Consider the example 5. Since rank(V13 (x)) = 13, the remainder evaluation skew code of length 13, dimension k ∈ {1, . . . , 13} and support α is a MDS code over IF36 . Notice that 13 is the maximal length of a MDS remainder evaluation code over IF36 whereas 6 is the maximal length for a MRD operator evaluation code over IF36 .
5 Imposing a distance on module skew codes.
In the following we consider module (θ, δ )-codes (cf. definition 1). We fix n ∈ IN∗ and ∆ ∈ {0, . . . , n} and our aim is to construct g ∈ IFq [X ; θ, δ ] such that the
16
D. Boucher, F. Ulmer
is ≥ ∆. We will consider both Hamming minimum distance of the code (g )θ,δ n and rank distances. Since the condition involves αi belonging to an algebraic closure IFq of IFq , in the following we always extend any morphism a 7→ am to the morphism a 7→ am of the field extension IFq (αi ) ⊂ IFq . Hamming condition 1 : δ = 0 and there exists b ∈ IN and α ∈ IFq such that for αi = αi+b−1 (1 ≤ i ≤ ∆ − 1) we have g (αi ) = 0 (1 ≤ i ≤ ∆ − 1) and θ rank(Vnid,0 (N0θ (α), . . . , Nn− 1 (α))) = n. Hamming condition 2 : Let b ∈ IN such that b = 0 if δ 6= 0. There exists α ∈ IFq such that for αi = Niθ,δ (α) (i ∈ {1, . . . , n}) we have g (αi ) = 0 (1 ≤ i ≤ +b−1
(Njθ,δ (α)) = Njθ,δ (Niθ,δ (α)) for ∆ − 1), rank(Vnθ,δ (α1 , . . . , αn )) = n and Niθ,δ +b−1 +b−1 i ∈ {1, . . . , ∆ − 1} and j ∈ {0, . . . , n − 1}. Rank condition 1 : There exists y1 ∈ IFq such that for yi+1 = D(yi ) = Di (y1 ), (i ∈ {1, . . . , n − 1}) we have both det(Wrθ,δ n (y1 , . . . , yn )) 6= 0 and Lg (yi ) = 0 (i ∈ {1, . . . , ∆ − 1}). Theorem 4 1. If g ∈ IFq [X ; θ, δ ] satisfies the Hamming conditions 1 or 2, then the minimum Hamming distance of the module skew code (g )θ,δ n is ≥ ∆. 2. If g ∈ IFq [X ; θ, δ ] satisfies the rank condition 1 then the minimum rank distance of the module skew code (g )θ,δ n is ≥ ∆. Proof 1. We need to prove that the code has no nonzero word of Hamming weight r < ∆. Such a word would be of the form c(X ) = c1 X i1 + c2 X i2 + · · · + cr X ir , where ij are r distinct elements of {0, . . . , n − 1} and ci = 6 0. As c is a codeword, c(X ) is a right multiple of g and is therefore right divisible by X −αi for 1 ≤ i ≤ r ≤ ∆ − 1. So according to Lemma 1, one gets c1 Niθ,δ (αi ) + · · · + cr Niθ,δ (αi ) = 0 1 r for i ∈ {1, . . . , r}. Therefore c is a nonzero element in the kernel of
(α1 ) (α1 ) Niθ,δ (α1 ) · · · Niθ,δ Niθ,δ r 1 ∆−2
N θ,δ (α ) i1 2 Hr = .. . Niθ,δ (αr ) 1
· · · Niθ,δ (α2 ) Niθ,δ (α2 ) r ∆−2
.. .
.. .
.. . θ,δ · · · Niθ,δ ( α ) N r ir (αr ) ∆−2
.
(7)
In order to show that the minimum Hamming distance of the code is ≥ ∆, we need to insure that Hr is invertible when Hamming condition 1 or Hamming condition 2 is satisfied. Hamming condition 1 Here δ = 0, so Niθ (αj ) = Niθ (α) Hr =
1 1 θ Niθ (α) N i2 (α) 1 .. .. . . Niθ1 (α)∆−2 Niθ2 (α)∆−2
··· ···
.. . ···
�j−1
Niθ1 (α)b 1 Niθr (α) 0 × .. .. . . θ ∆−2 (Nir (α)) 0
�b
Niθ (α)
0 .. . .. .
···
.. ..
.
we obtain
0 .. .
. 0 · · · 0 Niθr (α)b
.
Linear codes using skew polynomials with automorphisms and derivations
�b r θ where j =1 Nij (α) id,0 θ rank(Vn (N0θ (α), . . . , Nn− 1 (α)))
Therefore det(Hr ) = det(Vrid,0 (B ))
�Q
θ {N0θ (α), . . . , Nn− 1 (α)}. As id,0 Vr (B ) is r so det(Hr ) 6= 0 and c = 0.
17
B is a subset of
= n, the rank of
Hamming condition 2 Let us assume that b = 0. Keeping the notation (7), we deduce from the relations Niθ,δ (Njθ,δ (α)) = Njθ,δ (Niθ,δ (α)), i = 1, . . . , ∆ − 1, j = 0, . . . , n − 1 +b +b
that
N0θ,δ (Niθ,δ (α)) N0θ,δ (Niθ,δ (α)) · · · N0θ,δ (Niθ,δ (α)) 1 2 r θ,δ θ,δ θ,δ θ,δ N (N (α)) N (N (α)) · · · N θ,δ (N θ,δ (α)) 1 1 i1 i2 ir 1
Hr =
.. .
.. .
.. .
.. .
.
θ,δ θ,δ θ,δ θ,δ θ,δ θ,δ Nr− 1 (Ni1 (α)) Nr−1 (Ni2 (α)) · · · Nr−1 (Nir (α))
So Hr = Vrθ,δ (αi1 +1 , . . . , αir +1 ). As {αi1 +1 , . . . , αir +1 } ⊂ {α1 , . . . , αn } and rank(Vnθ,δ (α1 , . . . , αn )) = n, we get det(Hr ) 6= 0 and c = 0. If b 6= 0 and δ = 0 then according to the proof of Proposition 2.9 (2) of [12], θ,δ θ,δ j Niθ,δ +j (α) = Nj (α) θ (Ni (α)) so Hr = (α))θb (N0θ,δ (Niθ,δ (α))) (α))θb (N0θ,δ (Niθ,δ (α))) · · · Nbθ,δ (Niθ,δ Nbθ,δ (Niθ,δ r r 1 1 N θ,δ (N θ,δ (α))θb (N θ,δ (N θ,δ (α))) · · · 1 i1 i1 b
.. . θ,δ θ,δ θ,δ θ,δ b Nb (Ni1 (α))θ (Nr− 1 (Ni1 (α)))
. .. . θ,δ θ,δ θ,δ θ,δ b · · · Nb (Nir (α))θ (Nr−1 (Nir (α))) .. .
This implies that
�
�
�
�
(α) θb det Vrθ,0 (αi1 +1 , . . . , αir +1 ) (α) · · · Niθ,δ det(Hr ) = Nbθ,δ Niθ,δ r 1
��
6= 0
and therefore c = 0. 2. We follow ideas of [9] to prove that the code has no nonzero word of rank θ r < ∆ over (IFq )θ . Consider a codeword c ∈ (g )θ,δ n of rank r ≤ ∆ − 1 over (IFq ) . θ Consider x = (x1 , . . . , xr ) of rank r over (IFq ) and M a r × n matrix with coefficients in (IFq )θ of rank r such that c = xM . As c ∈ (g )θ,δ n , there exists a m(X ) ∈ IFq [X ; θ, δ ] with degree ≤ k such that c(X ) = m(X ) · g (X ). According to Lemma 2, we have Lc (yi ) = Lm (Lg (yi )) = 0. So Hr cT = 0 where y1 D(y1 ) · · · Dn−1 (y1 ) y2 D(y2 ) · · · Dn−1 (y2 )
Hr = . .
.
yr D(yr ) · · · Dn−1 (yr )
.
As Dj−1 (yi ) = Di−1 (yj ), we get :
y1 D(y1 )
Hr =
.. .
y2 D(y2 )
··· ···
yn D(yn )
Dr−1 (y1 ) Dr−1 (y2 ) · · · Dr−1 (yn )
.
(8)
18
D. Boucher, F. Ulmer
Let us define (z1 , . . . , zr ) such that (y1 , y2 , · · · , yn ) M T = (z1 , . . . , zr ). As D is linear over (IFq )θ we have :
z1 D (z 1 )
Hr M T =
z2 D (z 2 )
.. .
··· ···
zr D (z r )
Dr−1 (z1 ) Dr−1 (z2 ) · · · Dr−1 (zr )
.
As dim(IFq )θ (y1 , . . . , yn ) = n and rank(M ) = r, z1 , . . . , zr are linearly independent over (IFq )θ so the determinant of Hr M T is nonzero, which contradicts Hr M T xT = 0 with x 6= 0. In order to obtain MDS or MRD codes, we are now going to refine the previous conditions: Theorem 5 – If g ∈ IFq [X ; θ, δ ] satisfies the Hamming condition 1 or 2 with α ∈ IFq and g = lclm(X − αi , i = 1, . . . , n − k), then the code (g )θ,δ n is MDS. – If g ∈ IFq [X ; θ, δ ] satisfies the rank condition 1 with y1 ∈ IFq and θ,δ Lg (Y ) =| Wrθ,δ n−k+1 (y1 , . . . , yn−k , Y ) |, then the code (g )n is MRD. Proof According to the hypothesis, deg(g ) = n−k, the code has a word of Hamming weight ≤ n − k + 1. So both the minimum Hamming distance and the minimum rank distance are ≤ n − k + 1. The remainder part of the proof follows directly from the theorem 4 with ∆ = n − k + 1.
Under certain conditions we get that the dual of a module skew code (g )θ,δ n is an evaluation skew code : Proposition 3 1. If α = (α1 , . . . , αn ) ∈ IFq n and g ∈ IFq [X ; θ, δ ] satisfy the Hamming condition 2 for deg(g ) = n − k (i.e. g = lclm(X − αi , i ∈ {1, . . . , n − k)), then the dual of the module skew code (g )θ,δ n is the remainder evaluation skew code Rθ,δ ( α ) of length n, dimension n − k and support α. n−k,n 2. If y = (y1 , . . . , yn ) ∈ IFn and g ∈ I F [ q X ; θ, δ ] satisfy the rank condition 1 for q
deg(g ) = n − k (i.e. Lg (Y ) =| Wrθ,δ n−k+1 (y1 , . . . , yn−k , Y ) |), then the dual of the θ,δ module skew code (g )θ,δ n is the operator evaluation skew code On−k,n (y ) of length n, dimension n − k and support y.
Proof 1. The parity-check matrix of the code is defined as θ,δ N0θ,δ (α1 ) · · · Nn− 2 (α1 ) N θ,δ (α2 ) · · · N θ,δ (α2 ) n−2 0
H=
θ,δ Nn− 1 (α1 ) θ,δ Nn−1 (α2 )
. .. .. . . θ,δ θ,δ N0θ,δ (αn−k ) · · · Nn− ( α ) N ( α ) n−k 2 n−1 n−k .. .
.. .
θ,δ θ,δ θ,δ θ,δ As Ni− 1 (Nj (α)) = Nj (Ni−1 (α)) (i ∈ {1, . . . , n − k}, j ∈ {0, . . . , n − 1}) we get N0θ,δ (α1 ) · · · N0θ,δ (αn−1 ) N0θ,δ (αn ) θ,δ θ,δ θ,δ N (α1 ) · · · N (αn−1 ) N1 (αn ) 1 1 H= .. .. .. .. . . . . θ,δ θ,δ θ,δ Nn−k− ( α ) · · · N ( α ) N ( α ) 1 1 n−k−1 n−1 n−k−1 n
Linear codes using skew polynomials with automorphisms and derivations
19
which is the generator matrix of the MDS remainder evaluation skew code of length n, dimension n − k and support (α1 , . . . , αn ). T 2. Let c ∈ IFn q be a codeword. We have Lc (yi ) = 0 for i = 1, . . . , ∆− 1. So H c = 0 and H is obtained using the same arguments as for (8) :
H=
y1 D(y1 )
y2 D (y 2 )
··· ···
yn D(yn )
.. . Dn−k (y1 ) Dn−k (y2 ) · · · Dn−k (yn )
.
This is the generator matrix of the operator evaluation skew code of support (y1 , . . . , yn ), length n and dimension n − k. Example 7 Consider IF36 = IF3 (α) where α6 + 2 α4 + α2 + 2 α + 2 = 0. We assume that b = 0 and β = 0. The Hamming condition 2 is satisfied for n = 12 (Note that n = 12 > N = 6 = [IF36 : IF3 ]). The set {Niθ (α), i ∈ {0, . . . , n − 1}} can be partitioned as {α377 , α, α13 , α121 , α365 , α485 } ∪ {α404 , 1, α4 , α40 , 2, α368 } such that the Vandermonde determinants of the two sets are not zero. For ∆ ≤ 12 we have that g = lclm(X − Niθ (α), i = 1, . . . , ∆ − 1) ∈ IF36 [X ; θ] is of degree ∆ − 1 and generates a [n, n − ∆ + 1, ∆] module skew code over IF36 : – for ∆ = 4, we get g = X 3 + 2X 2 + α12 x + α416 which generates [4, 1, 4], [5, 2, 4], [6, 3, 4], [7, 4, 4], [8, 5, 4], . . ., [12, 9, 4] module skew codes over IF36 . – for ∆ = 8, then g = X 7 + α401 X 6 + α680 X 5 + α18 X 4 + α32 X 3 + α477 X 2 + α725 x + α194 generates [8, 1, 8], [9, 2, 8], [10, 3, 8], [11, 4, 8] and [12, 5, 8] module skew codes over IF36 .
6 Construction of BCH module skew codes with prescribed distance over a given field IFq
Most conditions to impose a minimum distance in the previous sections deal with elements αi or yi in a field extension of IFq . The goal of this section is to study how to start with such elements αi in a field extension of IFq in order to obtain a code over IFq . We start from α in a field extension of IFq and construct g ∈ IFq [X ; θ, δ ] of smallest degree such that g (α) = 0. This allows to construct codes for the Hamming conditions 1 and 2 over IFq . For the rank condition 1 we start from y 6= 0 in a field extension of IFq and construct g ∈ IFq [X ; θ, δ ] such that Lg (y ) = 0, but this is equivalent to construct g such that g (D(y )/y ) = 0 and therefore reduces to the previous problem. Definition 9 Let α ∈ IFqs . The nonzero unitary polynomial f of minimal degree in IFq [X ; θ, δ ] such that X −α divides f on the right is called the left skew (θ, δ )-minimal polynomial of α over IFq and we will denote it minθ,δ q (α ). Proposition 4 Consider α ∈ IFqs . Then
minθ,δ q (α) = lclm {X − σ (α) | σ ∈ Aut(IFq s /IFq )} , where the computation of the lclm is performed in IFqs [X ; θ, δ ] and θ denotes the extension of θ ∈ Aut(IFq ) to Aut(IFqs ).
20
D. Boucher, F. Ulmer
Proof Form [15] we get that the lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )} exists and is unique. Any τ ∈ Aut(IFqs /IFq ) fixes β ∈ IFq and therefore Proposition 1 gives an
automorphism ϕτ : IFqs [X ; θ, δ ] → IFqs [X ; θ, δ ] n X i=0
ai X i 7→
n X
τ (ai )X i .
i=0
Therefore ϕτ (lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )}) is right divisible by all X − (τ σ )(α), where σ ∈ Aut(IFqs /IFq ). Since left multiplication (i.e. translation) by τ in Aut(IFqs /IFq ) will permute the elements of Aut(IFqs /IFq ), we obtain that the polynomial ϕτ (lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )}) is right divisible by all X − σ (α) for σ ∈ Aut(IFqs /IFq ). Comparing degrees, we see that ∀τ ∈ Aut(IFqs /IFq ), ϕτ (lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )}) = lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )} . This shows that the coefficients of lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )} are fixed by any τ ∈ Aut(IFqs /IFq ) and therefore belong to IFq , the fixed field of Aut(IFqs /IFq ). In order to show that lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )} is the left skew (θ, δ ) minimal polynomial of α over IFq , we note that if f ∈ IFq [X ; θ, δ ] is right divisible by X − α in IFqs [X ; θ, δ ], then f = q · (X − α) and using again the above automorphism ϕσ we get that f = ϕσ (q ) · (X − σ (α)). This shows that f must be right divisible by all X − σ (α) for all σ ∈ Aut(IFqs /IFq ), and therefore right divisible by lclm {X − σ (α) | σ ∈ Aut(IFqs /IFq )}. We note that if [IFp (α) : IFp ] = `, then θ` (α) = 1 showing that X − α and θ,δ ` therefore minθ,δ q (α) is a right divisor of X − 1. Also the polynomial minq (α) is not always irreducible over IFq [X ; θ]. It may be explained by the following fact : if minθ,δ q (α) = f · g , then either g (α) = 0 or α is conjugated to a root of f (cf. [12] Theorem 2.7). So the polynomial g may not vanish at α. This is illustrated in the following example. Example 8 Consider IF36 = IF3 (α) and IF32 = IF3 (b) where b = α91 . The polynomial f = X 3 + 2 X 2 + 2 x + b7 is the minimal skew polynomial of α over IF32 . It is not irreducible over IF32 as f = (X + b)(X −b)(X −b5 ) is a factorization of f in IF32 [X ; θ]. Furthermore f (b5 ) = 0 but the minimal polynomial of b5 is X − b5 which divides f on the right. We also have f (α321 ) = 0 and the minimal polynomial of α321 over IF32 is X 2 + α182 X + α546 = X 2 + b2 X + b3 which also divides f on the right : (X + b)(X 2 + b2 X + b3 ) = f .
With the above, we can realize Hamming condition 1, 2 and rank condition 1 for a polynomial g ∈ IFq [X ; θ, δ ] of degree ≤ r and imposed distance ∆ in the following way: 1. Select α in IFqr where r ≤| (IFq )θ |r and construct the αi needed for the condition. Denote IFQ the field generated by adjoining the αi to IFq and denote σ the generator of Aut(IFQ /IFq ). 2. Compute the orbit S of {αi } under σ . If | S |≤ n, then compute the skew polynomial g = lclmγ∈S (X−γ ) = lclm(minθ,δ q (αi ), i = 1, . . . , ∆−1) and proceed. Otherwise start over with a new α.
Linear codes using skew polynomials with automorphisms and derivations
21
3. If the αi verify the corresponding rank condition(s), then a new code (g )n θ, δ has been found. For the rank condition 1 we need to construct the operator L(Y ) ∈ IFq [D; ◦] of smallest order such that a given set y1 , . . . , yj belongs to the solution space of L(Y ) = 0. This can also be done either by constructing the corresponding operator directly, or using the above procedure in order to construct g = minθ,δ q
�
D(y∆−1 ) D (y 1 ) ,..., y1 y∆−1
�
and then consider Lg (Y ).
7 Decoding
7.1 Decoding remainder evaluation skew codes For the rank distance, a Welch-Berlekamp like algorithm is presented in [14] to decode Gabidulin evaluation codes. We now design a Welch-Berlekamp like algorithm to decode MDS right remainder evaluation skew codes with the Hamming metric. Proposition 5 Consider n ∈ IN∗ , k ∈ IN∗ , k < n and αi ∈ IFq , i ∈ 1, . . . , n such that
rank(Vnθ,δ (α1 , . . . , αn )) = n. n Consider c ∈ Rθ,δ k,n (α1 , . . . , αn ) and v ∈ IFq such that the Hamming weight of v − c is ≤ t = (n − k − 1)/2. Let Q0 , Q1 ∈ IFq [X ; θ, δ ] such that deg(Q0 ) ≤ k + t, deg(Q1 ) ≤ t and
Q0 (αi ) + Q1 (αivi )vi = 0, ∀i ∈ {1, . . . , n} | vi 6= 0
(9)
Q0 (αi ) = 0, ∀i ∈ {1, . . . , n} | vi = 0.
(10)
Then the codeword c is equal to (f (α1 ), . . . , f (αn )), where f is the quotient in the left division of Q0 by −Q1 in IFq [X ; θ, δ ]. Proof Let c be a codeword and v ∈ IFn q such that wH (v − c) ≤ t = (n − k − 1)/2. Since the minimum Hamming distance of the code is n − k + 1, c is the unique codeword such that wH (v − c) ≤ t. Consider f ∈ IFq [X ; θ, δ ] with deg(f ) ≤ k − 1 such that c = (f (α1 ), . . . , f (αn )). Let R be defined by R = Q0 + Q1 · f where deg(Q0 ) ≤ k + t, deg(Q1 ) ≤ t and the coefficients of Q0 , Q1 satisfy the linear
system given by equations (9) and (10). Our goal is to prove that R = 0, which then allows to compute f as the quotient in the left division of Q0 by −Q1 in IFq [X ; θ, δ ] and to reconstruct c. Let us evaluate R at αi . According to Product Theorem 2.7 of [12], ∀i ∈ {1, . . . , n}, R(αi ) = Q0 (αi ) + Q1 (αici )ci if ci = 6 0 = Q0 (αi ) if ci = 0.
As wH (v − c) ≤ t, there are at least n − t positions i (without lost of generality, say 1, 2, . . . , n − t) such that vi = ci , so
22
D. Boucher, F. Ulmer
6 0 ∀i ∈ {1, . . . , n − t}, R(αi ) = Q0 (αi ) + Q1 (αivi )vi if vi = = Q0 (αi ) if vi = 0.
According to (9) and (10) we have R(αi ) = 0 for all i ∈ {1, . . . , n − t}, which implies that R is right divisible by lclm(X − αi , i = 1, .., n − t). If R 6= 0, then, θ,δ (α1 , . . . , αn−t )) = n − t, the skew polynomial R is of degree at least as rank(Vn−t n − t = (n + k)/2. Since by construction R is of degree at most k + t = (n + k)/2, we must have R = 0. This leads to the decoding algorithm 1. Algorithm 1 Hamming Decoding algorithm of remainder evaluation skew code θ,δ Rθ,δ k,n (α1 , . . . , αn ) with rank(Vk,n (α1 , . . . , αn )) = n. Require: v ∈ IFn q such that v = c + e with wH (e) ≤ t = (n − k − 1)/2 and c a codeword Ensure: c 1: Compute a solution q0 , . . . qn of the system : k+t X if vi = 0 : qj Njθ,δ (αi ) = 0 j=0
k+t t � � X X θ(vi ) (αi + β) − β vi = 0 qj Njθ,δ (αi ) + qk+t+j+1 Njθ,δ if vi 6= 0 : vi j=0 j=0 Pk+t 2: Q0 (X) ← qj X j Ptj=0 j
3: Q1 (X) ← q X j=0 j+1+k+t 4: Compute the quotient f in the left division of Q0 (X) by −Q1 (X) in IFq [X; θ, δ] 5: return c = (f (α1 ), . . . , f (αn ))
Example 9 Consider IF36 = IF3 (α) where α6 +2 α4 + α2 +2 α +2 = 0 and θ : a 7→ a3 . – Consider the ring IF36 [X ; θ] and α = (α, α2 , α3 , α4 , α5 , α7 ). Since rank(V6θ (α)) = 6, the remainder evaluation skew code Rθ3,6 (α) of support α and dimension 3 is a MDS [6, 3, 4] code over IF36 . For f = X 2 + X + α ∈ IF36 [X ; θ] we consider the received word v = (f (α1 ), . . . , f (α5 ), α341 ) = (α9 , α357 , α257 , α727 , α34 , α341 ). Since f (α6 ) 6= α341 this received word contains one error which we now correct by recovering f : 1. The matrix of the system (S ) is the 6 × 7 matrix
1 1 1 1 1 1
α α2 α3 α4 α5 α7
α4 α8 α12 α16 α20 α28
α13 α26 α39 α52 α65 α91
α40 α80 α120 α160 α200 α280
α9 α357 α257 α727 α34 α341
α28 α345 α46 . α 107 α α302
2. Its kernel is generated by (1, α370 , α328 , α184 , 0, α363 , α548 ).
Linear codes using skew polynomials with automorphisms and derivations
23
3. This yields the polynomials Q0 = α184 X 3 + α328 X 2 + α370 X + 1 and Q1 = α548 X + α363 . 4. The left quotient of Q0 by −Q1 in IF36 [X ; θ] is f = X 2 + X + α. – Consider (see example 5) the ring IF36 [X ; θ, δ1 ] and α = (2, α, α2 , α3 , α4 , α5 , α6 , α7 , α8 , α9 , α10 , α14 , α25 ). 1 Since rank(V6θ,δ1 (α)) = 13, the remainder evaluation skew code Rθ,δ 7,13 (α) of support α and dimension 7 is a MDS [13, 6, 8] code over IF36 . For f = X 5 + αX 2 + X + α ∈ IF36 [X ; θ, δ1 ] we consider the received word v = (f (α1 ), . . . , f (α10 ), α708 , α487 , α183 ) given by v = (α221 , α464 , α180 , α416 , α720 , α261 , α400 , α201 , α218 , α708 , α487 , α183 ). Since f (αj ) = 6 vj for 11 ≤ j ≤ 13, such a received word contains three errors which we now correct by recovering f : 1. The matrix of the system (S ) is a 13 × 14 matrix. 2. Its kernel is generated by
(1, α335 , α707 , α157 , α112 , α198 , α632 , α587 , α490 , 0, 1, α268 , α223 , α126 ). 3. This yields the polynomials Q0 = α490 X 8 + α587 X 7 + α632 X 6 + α198 X 5 + α112 X 4 +α157 X 3 +α707 X 2 +α335 x+1 and Q1 = α126 X 3 +α223 X 2 +α268 x+1. 4. The left quotient of Q0 by −Q1 in IF36 [X ; θ, δ1 ] is f = X 5 + αX 2 + X + α.
7.2 Decoding module skew codes 7.2.1 Hamming condition 1
Recall that under the Hamming condition 1, we have δ = 0. A decoding algorithm for this condition based on Euclid’s algorithm can be found in [2] and [7], we present here a slightly different method. For the presentation we will assume that b = 0 and ∆ = 2t + 1. Consider g ∈ IFq [X ; θ] and α ∈ IFq such that for αi = αi+b−1 (1 ≤ i ≤ ∆ − 1) θ we have g (αi ) = 0 (1 ≤ i ≤ ∆ − 1) and rank(Vnid,0 (N0θ (α), . . . , Nn− 1 (α)) = n. θ Let c be a codeword in ( g ) and e be an error vector of Hamming weight r n Pr defined by e(X ) = j =1 ej X ij ∈ IFq [X ; θ] with ej 6= 0, r ≤ t and 0 ≤ i1 < i2 < · · · < ir ≤ n − 1. For a received word v = c + e we obtain at αj = Niθj (α) the
syndrome Si = e(αi−1 ) =
r X j =1
ej Niθj (αi−1 ) =
r X
ej Niθj (α)i−1 =
r X
ej αji−1 .
j =1
j =1
We consider a commutative error localizator polynomial with unknown coefficients : h = (Z − α1 ) · · · (Z − αr ) = Z r +
r X j =1
hj Z j−1 ∈ IFq [Z ].
24
D. Boucher, F. Ulmer
From h(αi ) = 0, (Z · h)(αi ) = 0, . . . , (Z r−1 · h)(αi ) = 0, for i ∈ {1, . . . , r} we obtain:
Pr αir + j =1 hj αij−1 =0 P αr+1 + r hj αj =0 i i j =1 . .. α2r−1 + Pr h αj +r−2 = 0. i j =1 j i Multiplying the first equation by ei for i ∈ {1, . . . r} we obtain the relation Pr ei αir + j =1 hj ei αij−1 = 0. Taking the sum over i we obtain the relation Sr+1 + Pr j =1 hj Sj = 0. Repeating this computation for the remaining 2r − 1 equations we obtain
Pr Sr+1 + j =1 hj Sj =0 P r S h S = 0 r +2 + j j +1 j =1 , .. . Pr S2r + j =1 hj Sr+j−1 = 0
h1 h2
corresponding to
S .. = b
(11)
.
hr
where S1 S2 · · · · · · Sr S2 S3 · · · · · · Sr+1
S= ..
.
Sr
···
and
b=
S2r
−Sr+1
.. . .. .
.
−S2r
A quick computation gives S = V DV T , where D is the diagonal r × r matrix with e1 α1 . . . er αr on its diagonal and V = Vrid,0 (α1 , . . . , αr ) whose rank is r according to the definition of the code above. The matrix S is invertible and we can compute the coefficients of h as solution of the linear system above and then find the positions of the errors thanks to the zeroes of h. Here is the corresponding algorithm : Algorithm 2 Decoding algorithm for module skew code satisfying Hamming con-
dition 1 Require: v = c + e with wH (e) = r ≤ t and c codeword Ensure: c 1: Compute Si for i = 1, . . . , 2t and the matrix S above for r = t. 2: while det(S) = 0 do 3: r ←r−1 4: Compute S 5: end while 6: Compute the solution (h1 , . . . , hr ) of the linear system given Pr by (11) 7: Find i1 , . . . , ir such that h(Nij (α)) = 0 where h = Z r + h Z i−1 ∈ IFq [Z] i=1 i 8: Compute e1 , . . . , er given by the r equations Si =
r X
j
j=1
9: return c such that c(X) = v(X) −
Pr
e X j=1 j
ij
ej αi−1 where αj = Niθ (α) j
Linear codes using skew polynomials with automorphisms and derivations
25
7.2.2 Rank condition 1
We follow Gabidulin’s decoding algorithm ([10]) for IFq [X ; θ] which we extend to module skew codes (g )θ,δ n over IFq [X ; θ, δ ] satisfying rank condition 1. Suppose that for g ∈ IFq [X ; θ, δ ] there exists y = y1 ∈ IFq such that for yi+1 = D(yi ) = Di (y ), i = 1, . . . , n − 1 we have Lg (yi ) = 0, i = 1, . . . , ∆ − 1 and det(Wrθ,δ n (y1 , . . . , yn )) 6= 0. Let c be a codeword and e = (e0 , . . . , en−1 ) ∈ IFn q with rank r ≤ t = (∆ − 1)/2. Let v = c + e. Let us define the syndrome Sj = Lv (yj ) for j = 1, . . . , 2t. By construction, Sj = Lc (yj ) + Le (yj ) = Le (yj ), j = 1, . . . , 2t. Consider x ∈ IFrq with rankθ (x) = r and M ∈ M((IFq )θ , r, n) of rank r such that e = xM . Our aim is to construct a polynomial of degree r whose space of solutions over (IFq )θ enables us to recover first x and then M . For j ∈ {1, . . . , 2t} we have Sj =
n− X1
i
e i D (D
j−1
(y )) =
i=0
=
r X
xl
l=1
n− X1
n− X1
r X
i=0
l=1
r X l=1
xl Ml,i+1
Di (Dj−1 (y ))
Ml,i+1 Dj−1 (Di (y ))
i=0
=
!
n−1 X
xl Dj−1
i=0 |
r X
}
l=1
Ml,i+1 Di (y ) =
{z zl
xl Dj−1 (zl )
(12)
where z1 , . . . , zr are defined by the relation M (y1 , . . . , yn )T = (z1 , . . . , zr )T . Since y1 , . . . , yn are linearly independent over (IFq )θ and M is a rank r matrix over (IFq )θ , z1 , . . . , zr are also linearly independent over (IFq )θ . Once z1 , . . . , zr are computed, one can recover xl from the the linear system Sj =
r X
xl Dj−1 (zl ), j = 1, . . . , r.
l=1
Pr
i To find z1 , . . . , zr , one constructs the skew polynomial h = i=0 hi X ∈ IFq [X ; θ, δ ] with hr = 1 such that the space of solutions of Lh (Y ) = 0 over (IFq )θ is generated by z1 , . . . , zr . The coefficients of this polynomial will satisfy a linear system depending on the Si . We first derive one equation of this linear system and will explain later how to find the remaining r − 1 equations. For l ∈ {1, . . . , r} we have
L h (z l ) =
r +1 X
hj−1 Dj−1 (zl ) = 0.
(13)
j =1
Pr+1
j−1 Multiplying by xl , we get (zl ) = 0 (l ∈ {1, . . . , r}). Summing j =1 hj−1 xl D these equations over l = 1 , . . . , r , we get a linear relation between hl given by Pr+1 h S = 0. j− 1 j j =1 In order to get the r − 1 other linear relations between the coefficients of h we follow the same idea as in [10] : applying θi−1 to (13) for i = 2, . . . , r we have
θi−1 (Lh (zl )) =
r +1 X j =1
�
�
θi−1 (hj−1 )θi−1 Dj−1 (zl ) = 0, l = 1, . . . , r.
(14)
26
D. Boucher, F. Ulmer
If β = 0 (the case considered in [10]), then D = θ and θi−1 Dj−1 (zl ) = θi+j−2 (zl ) . Multiplying each equation of (14) by xl and summing all the equations over l ∈ {1, . . . , r} one gets the r − 1 other linear equations in h0 , . . . , hr−1 , hr = 1:
�
r +1 X
θi−1 (hj−1 )Si+j−1 = 0.
j =1
If β 6= 0, the idea is to express θi−1 Dj−1 (zl ) as a sum of Dm (zl ) whose coefficients depend only on β using the following lemma:
�
Lemma 4 Consider i ∈ IN∗ and u ∈ IFq . Then θi−1 (u) can be written as θi−1 (u) = Pi k−1 (u) where the coefficients ai,j (β ) are defined by : k=1 ai,k (β )D – if β 6= 0: a1,1 (β ) = 1, a1,j (β ) = 0 (j ≥ 2) and ai+1,j +1 (β ) = θ(ai,j +1 (β )). – if β = 0: ai,i (0) = 1 and ai,j (0) = 0 for i 6= j.
1
β θ (ai,j (β ))
+
Proof For β 6= 0, we proceed by induction on i. We have θ0 (u) = u = a1,1 D0 (u). Pi Consider i ≥ 1 such that θi−1 (u) = k=1 ai,k (β )Dk−1 (u). Then θi (u) =
Pi
k=1 θ (ai,k (β ))θ (D
k−1
(u)). As θ = 1/βδ + id, we get
Pi k k−1 (u)) =1 θ (ai,k (β ))(1/βD (u) + D Pik+1 = k=1 (1/βθ(ai,k−1 (β )) + θ(ai,k (β )))Dk−1 (u)).
θ i (u ) =
As ai+1,k−1 (β ) = 1/βθ(ai,k−1 (β )) + θ(ai,k (β )), we get the result. The lemma below describes how to construct the polynomial h in the case where β ∈ IFq .
Pr−1
Lemma 5 Consider h = X r + i=0 hi X i ∈ IFq [X ; θ, δ ] such that ∀i ∈ {1, . . . , r}, Lh (zi ) = 0 where zi is defined by (12). 1. The h0 , . . . , hr−1 satisfy the linear system S · (h0 , h1 , . . . , hr−1 )T = b, where Si,j = θ
i X
−i+1
! ai,k (β )Sk+j−1
,
bi = −θ
−i+1
i X
! ai,k (β )Sk+r
k=1
k=1
and ai,j (β ) are given in Lemma 4. 2. The matrix S is an invertible matrix satisfying the relation : x1 ··· ··· xr θ (x1 ) · · · · · · θ−1 (xr )
−1
S=
z1 · · · · · · Dr−1 (z1 ) z2 · · · · · · Dr−1 (z2 )
×
θ
1−r
(x 1 ) · · · · · · θ
1−r
.
zr · · · · · · D
(xr )
r−1
(z r )
Proof 1. Let i ∈ {1, . . . , r}. According to (14) r +1 X
�
�
θi−1 (hj−1 )θi−1 Dj−1 (zl ) = 0, l = 1, . . . , r.
j =1
Applying Lemma 4 to θi−1 Dj−1 (zl ) we obtain
�
Linear codes using skew polynomials with automorphisms and derivations
r +1 X
θ
i−1
(hj−1 )
j =1
i X
27
ai,k (β )Dk−1 (Dj−1 (zl )) = 0, l = 1, . . . , r.
k=1
For each l we multiply this equation by xl and sum the r equations over l to get r +1 X
θi−1 (hj−1 )
j =1
i X
ai,k (β )Sk+j−1 = 0
k=1
which implies r X
i X
θ−i+1
j =1
!
i X
hj−1 = −θ−i+1
ai,k (β )Sk+j−1
k=1
! ai,k (β )Sk+r
.
k=1
2. We now prove that S is invertible :
Si,j = θ
−i+1
i X
! ai,k (β )Sk+j−1
k=1
=
i X
θ
−i+1
�
ai,k (β ) θ
r X
−i+1
=
θ
−i+1
(x l )θ
i X
−i+1
=
θ
−i+1
(x l )θ
i X
−i+1
l=1
=
r X
! ai,k (β )D
k+j−2
(z l )
ai,k (β )D
k−1
j−1
!
�
�
θ−i+1 (xl )θ−i+1 θi−1 (Dj−1 (zl )) =
(zl ))
θ−i+1 (xl )Dj−1 (zl )
z1 · · · · · · Dr−1 (z1 ) z2 · · · · · · Dr−1 (z2 )
×
−1
So S =
r X l=1
x1 ··· ··· xr θ (x1 ) · · · · · · θ−1 (xr )
θ1−r (x1 ) · · · · · · θ1−r (xr ) −1
(D
k=1
l=1
= Wrθr
(z l )
k=1
l=1 r X
xl D
l=1
k=1 r X
! k+j−2
zr · · · · · · Dr−1 (zr )
.
(x1 , . . . , xr ) × Wrθ,δ r (z 1 , . . . , z r ).
−1
As (IFq )θ = (IFq )θ and x1 , . . . , xr are linearly independent over (IFq )θ , the −1 matrix Wrθr (x1 , . . . , xr ) is invertible. As z1 , . . . , zr are also linearly independent over (IFq )θ , Wrθ,δ r (z1 , . . . , zr ) is also invertible, so S is invertible. This leads to the decoding algorithm 3.
28
D. Boucher, F. Ulmer
Algorithm 3 Decoding algorithm for module skew codes satisfying the rank con-
dition 1 Require: v = c + e with rank(e) = r ≤ t and c a codeword Ensure: c 1: Compute Si for i = 1, . . . , 2t and the matrix S given in Lemma 5, 1. with r = t 2: while det(S) = 0 do 3: r ←r−1 4: Compute S 5: end while 6: Compute the solution (h1 , . . . , hr ) of the linear system given in Lemma P 5 r 7: Compute a basis of solutions z1 , . . . , zr of Lh over IFθq where h = X r + h X i−1 i=1 i 8: Construct x = (x1 , ..., xr ) as a solution of Sj =
r X
xl Dj−1 (zl ), j = 1, . . . , r
l=1
9: Construct M ∈ M(IFθq , r, n) such that M (y1 , . . . , yn )T = (z1 , . . . , zr )T 10: return c such that c = v − e and e = xM
8 Conclusion
We construct new skew codes considering the ring of skew polynomials IFq [X ; θ, δ ] with an automorphism θ of IFq and a derivation δ . First two families of evaluation skew codes are constructed using both remainder evaluation and operator evaluation of skew polynomials and considering both the Hamming metric and the rank metric. These families lead to MDS and MRD codes. A classification of the evaluation skew codes is given together with a comparison to Gabidulin evaluation codes and a decoding algorithm (in Hamming metric) is derived for remainder evaluation skew codes. We also define three families of module skew codes with prescribed distances. We construct MDS and MRD codes starting from two of these families and we prove that their dual are remainder and operator evaluation skew codes. Lastly, we provide decoding algorithms for two of these three families. 9 Acknowledgements
We thank Michael Singer for many discussions and useful suggestions.
References 1. T. Berger Isometries for Rank Distance and Permutation Group of Gabidulin Codes. IEEE Transactions on Information Theory, 49(11), (2003) 2. D. Boucher, W. Geiselmann and F. Ulmer, Skew Cyclic Codes, Applied Algebra in Engineering, Communication and Computing, 18(4), 379-389 (2007) 3. D. Boucher and F. Ulmer, Coding with skew polynomial rings, J. Symb. Comp., 44, 16441656 (2009) 4. D. Boucher and F. Ulmer, Codes as modules over skew polynomial rings, Proceedings of the 12th IMA conference on Cryptography and Coding, Cirencester Lecture Notes in Comput. Sci., 5921, 38-55 (2009) 5. M. Bronstein and M. Petkovshek, Ore rings, linear operators and factorization, Rossi˘ıskaya Akademiya Nauk. Programmirovanie, 1, 27-44 (1994) 6. L. Chaussade, Codes correcteurs avec les polynˆ omes tordus, Th` ese Universit´ e de Rennes 1, novembre 2010. 7. L. Chaussade, P. Loidreau and F. Ulmer, Skew codes of prescribed distance or rank, Designs, Codes and Cryptography, 50(3), 267-284 (2009)
Linear codes using skew polynomials with automorphisms and derivations
29
8. P.M. Cohn, Free Rings and their relations, London Mathematical Society, 1971 9. E.M. Gabidulin (1985), Theory of codes with maximum rank distance, Probl. Peredach. Inform., 21, 3-16 (in Russian; pp. 1–12 in the English translation). 10. E.M. Gabidulin, A fast matrix decoding algorithm for rank-error-correcting codes. Lecture Notes in Comput. Sci., 573, 126-133. Springer Verlag (1991) 11. T.Y. Lam , A general theory of Vandermonde matrices, Expositiones Mathematicae, 4, 193-215 (1986) 12. T.Y. Lam and A. Leroy, Vandermonde and Wronskian Matrices over Division Rings, Journal of Algebra, 119, 308-336 (1988) 13. R. Lidl and H. Niederreiter, Finite Fields., Encyclopedia of Mathematics and its Applications Vol. 20, Amsterdam: Addison-Wesley. (1956). 14. P. Loidreau, A Welch-Berlekamp like algorithm for decoding Gabidulin codes Lecture Notes in Comput. Sci., 3969, 36-45 (2006) 15. O. Ore, Theory of Non-Commutative Polynomials, The Annals of Mathematics, 2nd Ser, 34(3), 480-508 (1933) 16. O. Ore, On a Special Class of Polynomials Trans. Amer. Math. Soc., 35, 559-584, (1933).
