On the Generalizations of the Rank Metric over Finite Chain Rings

Abstract

The rank metric over finite fields has received a lot of attention these last decades. Several works propose generalizations of this metric to finite rings, each one using a particular notion of module theory. The first work that generalizes the rank metric to finite rings defines a new metric over finite principal ideal rings by replacing the notion of dimension of vector spaces by the minimum number of generators of modules. A second work also defines a new metric over Galois rings by using the notion of cardinal of modules, while another idea is to use the length of modules as a generalization of the dimension. In this paper, we study these three generalizations of the rank metric from fields to finite chain rings. We show that the generalizations using the length and the cardinal of modules are decoding equivalent, and give connections between the minimum distances and the packing radii of the three metrics. These links make it possible to show that up to the packing radii, the generalization using the minimum number of generators of modules corrects more errors than the metric using the length and the one defined by the cardinal of modules. Finally, we show that the use of linear codes with the metric based on the minimum number of generators in a McEliece type encryption scheme results in a cryptosystem with smaller public key sizes.

Appendices

A Appendix

In this appendix, we use the work of [12] to give a method to find \(|B_{d_{g}}( \boldsymbol{\textrm{0}}, r) |\), \(|B_{d_{l}}( \boldsymbol{\textrm{0}},r)|\), and \(|B_{d_{c}}( \boldsymbol{\textrm{0}},r)|\). Recall that \(d_{l}=\nu d_{c}\), thus \(B_{d_{c}}( \boldsymbol{\textrm{0}},r)=B_{d_{l}}( \boldsymbol{\textrm{0}},\nu r)\). By Proposition 3, a module M over R can be decomposed as

$$\begin{aligned} M\cong \pi ^{\alpha _{1}}R\times \cdots \times \pi ^{\alpha _{s}}R. \end{aligned}$$

This isomorphism can be expressed as

where

$$\begin{aligned} k_{i}=|\{j\in \{1,\ldots ,s\}:\alpha _{j}=i\}|, \text { for } i=0,\ldots ,\nu -1. \end{aligned}$$

The \(\nu {-}\)tuple \((k_{0},\ldots ,k_{\nu -1})\) is called the type of M and as in [12] the shape⁴ of M is \((\beta _{1},\ldots ,\beta _{\nu })\) where

$$\begin{aligned} \beta _{1}=k_{0}\text { and }\beta _{i+1}= \beta _{i}+k_{i}\text {, for }i=1,\ldots ,\nu -1. \end{aligned}$$

(6)

The type and the shape of a module can be extended to matrices, so if \(\boldsymbol{\textrm{A}}\) is a matrix of size \(m\times n\) with entries in R, then the type of \(\boldsymbol{\textrm{A}}\) and the shape of \(\boldsymbol{\textrm{A}}\) are respectively the type and the shape of the \(R{-}\)module generated by the column vectors of \(\boldsymbol{\textrm{A}}\). the relationship between the shape of a matrix and its Smith normal form was given in [12].

Over finite fields with q elements, the number of \(k{-}\)dimensional subspaces in an \(n{-}\)dimensional vector space is given by the Gaussian binomial coefficient:

$$\begin{aligned} \left[ \begin{array}{c} n \\ k \end{array} \right] _{q}:=\prod \limits _{i=0}^{k-1}\frac{q^{n}-q^{i}}{q^{k}-q^{i}} \end{aligned}$$

and the number of matrices of size \(m\times n\) of rank k is

$$\begin{aligned} \prod \limits _{i=0}^{k-1}\frac{(q^{n}-q^{i})(q^{m}-q^{i})}{q^{k}-q^{i}}. \end{aligned}$$

These results were extended over finite chain rings using the shape. By [12] the number of \(R{-}\)submodules of \(R^{n}\) of shape \((\beta _{1},\ldots ,\beta _{\nu })\) is

$$\begin{aligned} \prod \limits _{i=1}^{\nu }q^{\beta _{i-1}( n-\beta _{i}) }\left[ \begin{array}{c} n-\beta _{i-1} \\ \beta _{i}-\beta _{i-1}\end{array}\right] _{q} \end{aligned}$$

(7)

and by [12, Theorem 2] the number of matrices of size \(m\times n\) with entries in R of shape \((\beta _{1},\ldots , \beta _{\nu })\) is

$$\begin{aligned} q^{\nu mk}\prod \limits _{j=0}^{k-1}( 1-q^{j-m}) \prod \limits _{i=1}^{\nu }q^{\beta _{i-1}( n-\beta _{i}) }\left[ \begin{array}{c} n-\beta _{i-1} \\ \beta _{i}-\beta _{i-1}\end{array}\right] _{q} \end{aligned}$$

(8)

where \(\beta _{0}:=0\).

As S is a free \(R{-}\)module of rank m, there exists a one-to-one correspondence between \(S^{n}\) and the set \(R^{m\times n}\) of matrices of size \(m\times n\) with entries in R. Thus, the number of \(\boldsymbol{\textrm{a}}\) in \(S^{n}\) such that the shape of \({{\,\textrm{supp}\,}}(\boldsymbol{\textrm{a}})\) is \((\beta _{1},\ldots ,\beta _{\nu })\) is equal to the number of \(\boldsymbol{\textrm{A}}\) in \(R^{m\times n}\) of shape \((\beta _{1},\ldots ,\beta _{\nu })\). Thus, we can use (8) to find \(|B_{d_{g}}( \boldsymbol{\textrm{0}},r) |\) and \(|B_{d_{l}}( \boldsymbol{\textrm{0}},r)|\).

Calculation of \(|B_{d_{g}}( \boldsymbol{\textrm{0}},r) |\) . According to Proposition 3,

$$\boldsymbol{\textrm{a}}\in B_{d_{g}}( \boldsymbol{\textrm{0}},r) \Longleftrightarrow \mu _{R}({{\,\textrm{supp}\,}}(\boldsymbol{\textrm{a}})) \leqslant r \Longleftrightarrow \sum _{0\leqslant i\leqslant \nu -1} k_{i} \leqslant r$$

where \((k_{0},\ldots ,k_{\nu -1})\) is the type of \({{\,\textrm{supp}\,}}(\boldsymbol{\textrm{a}})\). Thus, to calculate \(|B_{d_{g}}( \boldsymbol{\textrm{0}},r) |\), the following steps can be used:

1. 1.

   Find the set K of all types \((k_{0},\ldots ,k_{\nu -1})\) such that \(\sum _{1\leqslant i\leqslant \nu -1}k_{i}\leqslant r\);

2. 2.

   Construct the set B of all the shapes \((\beta _{1},\ldots ,\beta _{\nu })\) associated to each type \((k_{0},\ldots ,k_{\nu -1})\) in K using (6);

3. 3.

   Sum the number of matrices of shape \((\beta _{1},\ldots ,\beta _{\nu })\) for \((\beta _{1},\ldots ,\beta _{\nu })\) in B using (8).

Calculation of \(|B_{d_{l}}( \boldsymbol{\textrm{0}},r) |\) . According to Proposition 3,

$$\mathbf {a\in }B_{d_{l}}( \boldsymbol{\textrm{0}},r) \Longleftrightarrow \lambda _{R}({{\,\textrm{supp}\,}}(\boldsymbol{\textrm{a}}))\leqslant r \Longleftrightarrow \sum _{0\leqslant i\leqslant \nu -1}(\nu -i)k_{i}\leqslant r$$

where \((k_{0},\ldots ,k_{\nu -1})\) is the type of \({{\,\textrm{supp}\,}}(\boldsymbol{\textrm{a}})\). Thus, to calculate \(|B_{d_{l}}(\boldsymbol{\textrm{0}},r) |\), the following steps can be used:

1. 1.

   Find the set K of all types \((k_{0},\ldots ,k_{\nu -1})\) such that \( \sum _{0\leqslant i\leqslant \nu -1}(\nu -i)k_{i}\leqslant r\);

2. 2.

   Construct the set B of all shapes \((\beta _{1},\ldots ,\beta _{\nu })\) associated to each type

   \((k_{0},\ldots ,k_{\nu -1})\) in K using (6);

3. 3.

   Sum the number of matrices of shape \((\beta _{1},\ldots ,\beta _{\nu })\) for \((\beta _{1},\ldots ,\beta _{\nu })\) in B using (8).

Example 5

Here we give more details on the calculation of \(|B_{d_{g}}( \boldsymbol{\textrm{0}},2) |\) and \(|B_{d_{l}}( \boldsymbol{\textrm{0}},2) |\) of Example 4. Recall that in this case, \(q=2\), \(\nu =2\), \(m=n=6\) and \(r=2\).

(i) The calculation of \(|B_{d_{g}}(\boldsymbol{\textrm{0}},2)|\).

The set of types \((k_{0},k_{1})\) such that \(k_{0}+k_{1}\leqslant 2\) is

$$K=\{(0,0),(0,1),(1,0),(1,1),(0,2),(2,0)\}.$$

The set of associated shapes is \(B=\{(0,0),(0,1),(1,1),(1,2),(0,2),(2,2)\}\).

For each \((\beta _{1},\beta _{2})\) in B we calculate the number of matrices of shape \((\beta _{1},\beta _{2})\) and sum them.

Shapes	Number of matrices
(0, 0)	1
(0, 1)	3969
(1, 1)	8128512
(1, 2)	7811500032
(0, 2)	2542806
(2, 2)	2666325344256
Total	2674147519576

Thus, \(|B_{d_{g}}(\boldsymbol{\textrm{0}},2)|=2674147519576\).

(ii) Computing \(|B_{d_{l}}( \boldsymbol{\textrm{0}},2)|\)

The set of type \((k_{0},k_{1})\) such that \(2k_{0}+k_{1}\leqslant 2\) is \(K=\{(0,0),(0,1),(1,0),(0,2)\}\).

The set of associated shape is \(B=\{(0,0),(0,1),(1,1),(0,2)\}\).

For each \((\beta _{1},\beta _{2})\) in B we calculate the number of matrices of shape \((\beta _{1},\beta _{2})\) and sum them.

Shapes	Number of matrices
(0, 0)	1
(0, 1)	3969
(1, 1)	8128512
(0, 2)	2542806
Total	10675288

Thus, \(|B_{d_{l}}( \boldsymbol{\textrm{0}},2)|=10675288\).

B Appendix

In this appendix, we prove as in [21, Remark 5.5.] that, if \(\textbf{e}\) is an element of \(S^{n}\) such that \(d_{l}(\textbf{e},\textbf{0})=r\), then the inverse of the probability \(p_{d_{l}}\) that \({{\,\textrm{supp}\,}}(\mathbf {e)}\) is contained in a free module F of rank u is given by \(1/p_{l}\approx q^{r\left( m-u\right) }\). Recall that \(d_{l}(\textbf{e},\textbf{0})=r\) if and only if \(\lambda _{R}({{\,\textrm{supp}\,}}(\mathbf {e))=}r\). Using the same notations as in Proposition 3 and in (6) we have

$$\begin{aligned} \lambda _{R}(M)=\sum _{1\leqslant i\leqslant s}(\nu -\alpha _{i})=\sum _{0\leqslant i\leqslant \nu -1}(\nu -i)k_{i}=\sum _{1\leqslant i\leqslant \nu }\beta _{i}. \end{aligned}$$

Hence, if M is a module of shape \((\beta _{1},\ldots ,\beta _{\nu })\), then \(\lambda _{R}(M)=r\) if and only if \(\sum _{1\leqslant i\leqslant \nu }\beta _{i}=r\). Thus, according to (7) the number of \(R{-}\)submodule M of length \(\lambda _{R}(M)=r\) contained in a free module F of rank u is

$$\begin{aligned} \varPsi (q,\nu ,r,u):=\sum \limits _{\underset{\beta _{1}+\cdots +\beta _{_{\nu }}=r}{0=\beta _{0}\leqslant \beta _{1}\leqslant \cdots \leqslant \beta _{\nu }} }\prod \limits _{i=1}^{\nu }q^{\beta _{i-1}(u-\beta _{i})}\left[ \begin{array}{c} u-\beta _{i-1} \\ \beta _{i}-\beta _{i-1} \end{array} \right] _{q}. \end{aligned}$$

(9)

Recall that from [25], we have

$$\begin{aligned} q^{k\left( n-k\right) }\leqslant \left[ \begin{array}{c} n \\ k\end{array} \right] _{q}\leqslant 4q^{k\left( n-k\right) }. \end{aligned}$$

Thus,

$$\begin{aligned} q^{\sum _{i=1}^{\nu }\beta _{i}\left( u-\beta _{i}\right) }\leqslant \prod \limits _{i=1}^{\nu }q^{\beta _{i-1}(u-\beta _{i})}\left[ \begin{array}{c} u-\beta _{i-1} \\ \beta _{i}-\beta _{i-1} \end{array}\right] _{q}\leqslant 4^{\nu }q^{\sum _{i=1}^{\nu }\beta _{i}\left( u-\beta _{i}\right) }. \end{aligned}$$

(10)

Using the fact that \(0\leqslant \beta _{1}\leqslant \cdots \leqslant \beta _{\nu }\) and \(\beta _{1}+\cdots +\beta _{_{\nu }}=r\), we obtain, \(\sum _{i=1}^{\nu }\beta _{i}\left( u-\beta _{i}\right) \leqslant \beta _{_{\nu }}(u-r)\leqslant r(u-r)\), since the optimal value of \(\beta _{_{\nu }}\) is r. Thus () is upper bounded by \(4^{\nu }q^{r(u-r)}\). Hence, an upper bound of (9) is \(4^{\nu }\left( {\begin{array}{c}r+\nu -1\\ \nu -1\end{array}}\right) q^{r(u-r)}\) where \(\ \left( {\begin{array}{c}r+\nu -1\\ \nu -1\end{array}}\right) \) is a binomial coefficient which is equal to the number of \(\nu {-}\)tuple \((\beta _{1},\ldots ,\beta _{\nu })\) such that \(\beta _{1}+\cdots +\beta _{_{\nu }}=r\).

Among the \(\nu {-}\)tuples \((\beta _{1},\ldots ,\beta _{\nu })\) such that \(\beta _{1}+\cdots +\beta _{_{\nu }}=r\), one has the \(\nu {-}\)tuple \((0,\ldots ,0,r)\). Thus, (10) implies that (9) is lower bounded by \(q^{r(u-r)}\). Therefore,

$$\begin{aligned} q^{r(u-r)}\leqslant \varPsi (q,\nu ,r,u)\leqslant 4^{\nu }\left( {\begin{array}{c}r+\nu -1\\ \nu -1\end{array}}\right) q^{r(u-r)}. \end{aligned}$$

(11)

The probability \(p_{d_{l}}\) that \({{\,\textrm{supp}\,}}(\mathbf {e)}\) of length r is contained in a free module F of rank u is equal to the number of submodules of S of length r in a free submodule of S of rank u divided by the number of submodules of S of length r, that is to say,

$$\begin{aligned} p_{d_{l}}=\varPsi (q,\nu ,r,u)/\varPsi (q,\nu ,r,m). \end{aligned}$$

Using (11), we obtain \(p_{d_{l}}\) \(\approx q^{r(u-r)}/q^{r(m-r)}\) \(=q^{r(u-m)}\). So,

$$\begin{aligned} 1/p_{d_{l}}\approx q^{r(m-u)}. \end{aligned}$$