A characterization of MDS codes that have an error correcting pair

Error-correcting pairs were introduced in 1988 by R. Pellikaan, and were found independently by R. K\"otter (1992), as a general algebraic method of decoding linear codes. These pairs exist for several classes of codes. However little or no study has been made for characterizing those codes. This article is an attempt to fill the vacuum left by the literature concerning this subject. Since every linear code is contained in an MDS code of the same minimum distance over some finite field extension we have focused our study on the class of MDS codes. Our main result states that an MDS code of minimum distance $2t+1$ has a $t$-ECP if and only if it is a generalized Reed-Solomon code. A second proof is given using recent results Mirandola and Z\'emor (2015) on the Schur product of codes

Subspace subcodes of Reed-Solomon codes

We introduce a class of nonlinear cyclic error-correcting codes, which we call subspace subcodes of Reed-Solomon (SSRS) codes. An SSRS code is a subset of a parent Reed-Solomon (RS) code consisting of the RS codewords whose components all lie in a fixed ν-dimensional vector subspace S of GF (2m). SSRS codes are constructed using properties of the Galois field GF(2m). They are not linear over the field GF(2ν), which does not come into play, but rather are Abelian group codes over S. However, they are linear over GF(2), and the symbol-wise cyclic shift of any codeword is also a codeword. Our main result is an explicit but complicated formula for the dimension of an SSRS code. It implies a simple lower bound, which gives the true value of the dimension for most, though not all, subspaces. We also prove several important duality properties. We present some numerical examples, which show, among other things, that (1) SSRS codes can have a higher dimension than comparable subfield subcodes of RS codes, so that even if GF(2ν) is a subfield of GF(2m), it may not be the best ν-dimensional subspace for constructing SSRS codes; and (2) many high-rate SSRS codes have a larger dimension than any previously known code with the same values of n, d, and q, including algebraic-geometry codes. These examples suggest that high-rate SSRS codes are promising candidates to replace Reed-Solomon codes in high-performance transmission and storage systems

Cryptanalysis of McEliece Cryptosystem Based on Algebraic Geometry Codes and their subcodes

We give polynomial time attacks on the McEliece public key cryptosystem based either on algebraic geometry (AG) codes or on small codimensional subcodes of AG codes. These attacks consist in the blind reconstruction either of an Error Correcting Pair (ECP), or an Error Correcting Array (ECA) from the single data of an arbitrary generator matrix of a code. An ECP provides a decoding algorithm that corrects up to $\frac{d^*-1-g}{2}$ errors, where $d^*$ denotes the designed distance and $g$ denotes the genus of the corresponding curve, while with an ECA the decoding algorithm corrects up to $\frac{d^*-1}{2}$ errors. Roughly speaking, for a public code of length $n$ over $\mathbb F_q$, these attacks run in $O(n^4\log (n))$ operations in $\mathbb F_q$ for the reconstruction of an ECP and $O(n^5)$ operations for the reconstruction of an ECA. A probabilistic shortcut allows to reduce the complexities respectively to $O(n^{3+\varepsilon} \log (n))$ and $O(n^{4+\varepsilon})$. Compared to the previous known attack due to Faure and Minder, our attack is efficient on codes from curves of arbitrary genus. Furthermore, we investigate how far these methods apply to subcodes of AG codes.Comment: A part of the material of this article has been published at the conferences ISIT 2014 with title "A polynomial time attack against AG code based PKC" and 4ICMCTA with title "Crypt. of PKC that use subcodes of AG codes". This long version includes detailed proofs and new results: the proceedings articles only considered the reconstruction of ECP while we discuss here the reconstruction of EC

Shortened Array Codes of Large Girth

One approach to designing structured low-density parity-check (LDPC) codes with large girth is to shorten codes with small girth in such a manner that the deleted columns of the parity-check matrix contain all the variables involved in short cycles. This approach is especially effective if the parity-check matrix of a code is a matrix composed of blocks of circulant permutation matrices, as is the case for the class of codes known as array codes. We show how to shorten array codes by deleting certain columns of their parity-check matrices so as to increase their girth. The shortening approach is based on the observation that for array codes, and in fact for a slightly more general class of LDPC codes, the cycles in the corresponding Tanner graph are governed by certain homogeneous linear equations with integer coefficients. Consequently, we can selectively eliminate cycles from an array code by only retaining those columns from the parity-check matrix of the original code that are indexed by integer sequences that do not contain solutions to the equations governing those cycles. We provide Ramsey-theoretic estimates for the maximum number of columns that can be retained from the original parity-check matrix with the property that the sequence of their indices avoid solutions to various types of cycle-governing equations. This translates to estimates of the rate penalty incurred in shortening a code to eliminate cycles. Simulation results show that for the codes considered, shortening them to increase the girth can lead to significant gains in signal-to-noise ratio in the case of communication over an additive white Gaussian noise channel.Comment: 16 pages; 8 figures; to appear in IEEE Transactions on Information Theory, Aug 200