Folding Alternant and Goppa Codes with Non-Trivial Automorphism Groups

The main practical limitation of the McEliece public-key encryption scheme is probably the size of its key. A famous trend to overcome this issue is to focus on subclasses of alternant/Goppa codes with a non trivial automorphism group. Such codes display then symmetries allowing compact parity-check or generator matrices. For instance, a key-reduction is obtained by taking quasi-cyclic (QC) or quasi-dyadic (QD) alternant/Goppa codes. We show that the use of such symmetric alternant/Goppa codes in cryptography introduces a fundamental weakness. It is indeed possible to reduce the key-recovery on the original symmetric public-code to the key-recovery on a (much) smaller code that has not anymore symmetries. This result is obtained thanks to a new operation on codes called folding that exploits the knowledge of the automorphism group. This operation consists in adding the coordinates of codewords which belong to the same orbit under the action of the automorphism group. The advantage is twofold: the reduction factor can be as large as the size of the orbits, and it preserves a fundamental property: folding the dual of an alternant (resp. Goppa) code provides the dual of an alternant (resp. Goppa) code. A key point is to show that all the existing constructions of alternant/Goppa codes with symmetries follow a common principal of taking codes whose support is globally invariant under the action of affine transformations (by building upon prior works of T. Berger and A. D{\"{u}}r). This enables not only to present a unified view but also to generalize the construction of QC, QD and even quasi-monoidic (QM) Goppa codes. All in all, our results can be harnessed to boost up any key-recovery attack on McEliece systems based on symmetric alternant or Goppa codes, and in particular algebraic attacks.Comment: 19 page

Permutation-invariant qudit codes from polynomials

A permutation-invariant quantum code on $N$ qudits is any subspace stabilized by the matrix representation of the symmetric group $S_N$ as permutation matrices that permute the underlying $N$ subsystems. When each subsystem is a complex Euclidean space of dimension $q \ge 2$, any permutation-invariant code is a subspace of the symmetric subspace of $(\mathbb C^q)^N.$ We give an algebraic construction of new families of of $d$-dimensional permutation-invariant codes on at least $(2t+1)^2(d-1)$ qudits that can also correct $t$ errors for $d \ge 2$. The construction of our codes relies on a real polynomial with multiple roots at the roots of unity, and a sequence of $q-1$ real polynomials that satisfy some combinatorial constraints. When $N > (2t+1)^2(d-1)$, we prove constructively that an uncountable number of such codes exist.Comment: 14 pages. Minor corrections made, to appear in Linear Algebra and its Application

Algebraic Properties of Polar Codes From a New Polynomial Formalism

Polar codes form a very powerful family of codes with a low complexity decoding algorithm that attain many information theoretic limits in error correction and source coding. These codes are closely related to Reed-Muller codes because both can be described with the same algebraic formalism, namely they are generated by evaluations of monomials. However, finding the right set of generating monomials for a polar code which optimises the decoding performances is a hard task and channel dependent. The purpose of this paper is to reveal some universal properties of these monomials. We will namely prove that there is a way to define a nontrivial (partial) order on monomials so that the monomials generating a polar code devised fo a binary-input symmetric channel always form a decreasing set. This property turns out to have rather deep consequences on the structure of the polar code. Indeed, the permutation group of a decreasing monomial code contains a large group called lower triangular affine group. Furthermore, the codewords of minimum weight correspond exactly to the orbits of the minimum weight codewords that are obtained from (evaluations) of monomials of the generating set. In particular, it gives an efficient way of counting the number of minimum weight codewords of a decreasing monomial code and henceforth of a polar code.Comment: 14 pages * A reference to the work of Bernhard Geiger has been added (arXiv:1506.05231) * Lemma 3 has been changed a little bit in order to prove that Proposition 7.1 in arXiv:1506.05231 holds for any binary input symmetric channe

Automorphism groups of some AG codes

We show that in many cases, the automorphism group of a curve and the permutation automorphism group of a corresponding AG code are the same. This generalizes a result of Wesemeyer beyond the case of planar curves.Comment: added a reference, fixed error in remark

Geometric representation of interval exchange maps over algebraic number fields

We consider the restriction of interval exchange transformations to algebraic number fields, which leads to maps on lattices. We characterize renormalizability arithmetically, and study its relationships with a geometrical quantity that we call the drift vector. We exhibit some examples of renormalizable interval exchange maps with zero and non-zero drift vector, and carry out some investigations of their properties. In particular, we look for evidence of the finite decomposition property: each lattice is the union of finitely many orbits.Comment: 34 pages, 8 postscript figure