Feng-Rao decoding of primary codes

We show that the Feng-Rao bound for dual codes and a similar bound by Andersen and Geil [H.E. Andersen and O. Geil, Evaluation codes from order domain theory, Finite Fields Appl., 14 (2008), pp. 92-123] for primary codes are consequences of each other. This implies that the Feng-Rao decoding algorithm can be applied to decode primary codes up to half their designed minimum distance. The technique applies to any linear code for which information on well-behaving pairs is available. Consequently we are able to decode efficiently a large class of codes for which no non-trivial decoding algorithm was previously known. Among those are important families of multivariate polynomial codes. Matsumoto and Miura in [R. Matsumoto and S. Miura, On the Feng-Rao bound for the L-construction of algebraic geometry codes, IEICE Trans. Fundamentals, E83-A (2000), pp. 926-930] (See also [P. Beelen and T. H{\o}holdt, The decoding of algebraic geometry codes, in Advances in algebraic geometry codes, pp. 49-98]) derived from the Feng-Rao bound a bound for primary one-point algebraic geometric codes and showed how to decode up to what is guaranteed by their bound. The exposition by Matsumoto and Miura requires the use of differentials which was not needed in [Andersen and Geil 2008]. Nevertheless we demonstrate a very strong connection between Matsumoto and Miura's bound and Andersen and Geil's bound when applied to primary one-point algebraic geometric codes.Comment: elsarticle.cls, 23 pages, no figure. Version 3 added citations to the works by I.M. Duursma and R. Pellikaa

List Decoding Algorithm based on Voting in Groebner Bases for General One-Point AG Codes

We generalize the unique decoding algorithm for one-point AG codes over the Miura-Kamiya Cab curves proposed by Lee, Bras-Amor\'os and O'Sullivan (2012) to general one-point AG codes, without any assumption. We also extend their unique decoding algorithm to list decoding, modify it so that it can be used with the Feng-Rao improved code construction, prove equality between its error correcting capability and half the minimum distance lower bound by Andersen and Geil (2008) that has not been done in the original proposal except for one-point Hermitian codes, remove the unnecessary computational steps so that it can run faster, and analyze its computational complexity in terms of multiplications and divisions in the finite field. As a unique decoding algorithm, the proposed one is empirically and theoretically as fast as the BMS algorithm for one-point Hermitian codes. As a list decoding algorithm, extensive experiments suggest that it can be much faster for many moderate size/usual inputs than the algorithm by Beelen and Brander (2010). It should be noted that as a list decoding algorithm the proposed method seems to have exponential worst-case computational complexity while the previous proposals (Beelen and Brander, 2010; Guruswami and Sudan, 1999) have polynomial ones, and that the proposed method is expected to be slower than the previous proposals for very large/special inputs.Comment: Accepted for publication in J. Symbolic Computation. LaTeX2e article.cls, 42 pages, 4 tables, no figures. Ver. 6 added an illustrative example of the algorithm executio

An Introduction to Algebraic Geometry codes

We present an introduction to the theory of algebraic geometry codes. Starting from evaluation codes and codes from order and weight functions, special attention is given to one-point codes and, in particular, to the family of Castle codes

Relative generalized Hamming weights of one-point algebraic geometric codes

Security of linear ramp secret sharing schemes can be characterized by the relative generalized Hamming weights of the involved codes. In this paper we elaborate on the implication of these parameters and we devise a method to estimate their value for general one-point algebraic geometric codes. As it is demonstrated, for Hermitian codes our bound is often tight. Furthermore, for these codes the relative generalized Hamming weights are often much larger than the corresponding generalized Hamming weights

On the evaluation codes given by simple d-sequences

Plane valuations at infinity are classified in five types. Valuations in one of them determine weight functions which take values on semigroups of Z2. These semigroups are generated by δ-sequences in Z2. We introduce simple δ-sequences in Z2 and study the evaluation codes of maximal length that they define. These codes are geometric and come from order domains. We give a bound on their minimum distance which improves the Andersen–Geil one. We also give coset bounds for the involved codes

Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes

We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that corrects up to $\frac{d^*-1-g}{2}$ errors, where $d^*$ denotes the designed distance and $g$ denotes the genus of the corresponding curve, while with an ECA the decoding algorithm corrects up to $\frac{d^*-1}{2}$ errors. Roughly speaking, for a public code of length $n$ over $\mathbb F_q$, these attacks run in $O(n^4\log (n))$ operations in $\mathbb F_q$ for the reconstruction of an ECP and $O(n^5)$ operations for the reconstruction of an ECA. A probabilistic shortcut allows to reduce the complexities respectively to $O(n^{3+\varepsilon} \log (n))$ and $O(n^{4+\varepsilon})$. Compared to the previous known attack due to Faure and Minder, our attack is efficient on codes from curves of arbitrary genus. Furthermore, we investigate how far these methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the conferences ISIT 2014 with title "A polynomial time attack against AG code based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG codes". This long version includes detailed proofs and new results: the proceedings articles only considered the reconstruction of ECP while we discuss here the reconstruction of EC