High dimensional affine codes whose square has a designed minimum distance

Abstract

Given a linear code \({\mathcal {C}}\), its square code \({\mathcal {C}}^{(2)}\) is the span of all component-wise products of two elements of \({\mathcal {C}}\). Motivated by applications in multi-party computation, our purpose with this work is to answer the following question: which families of affine variety codes have simultaneously high dimension \(k({\mathcal {C}})\) and high minimum distance of \({\mathcal {C}}^{(2)}\), \(d({\mathcal {C}}^{(2)})\)? More precisely, given a designed minimum distance d we compute an affine variety code \({\mathcal {C}}\) such that \(d({\mathcal {C}}^{(2)})\ge d\) and the dimension of \({\mathcal {C}}\) is high. The best constructions we propose mostly come from hyperbolic codes. Nevertheless, for small values of d, they come from weighted Reed–Muller codes.

Appendices

A For which affine codes \({\mathcal {C}}_A\) is it verified that \({\mathrm {FB}}({\mathcal {C}}_A) = d({\mathcal {C}}_A)\)?

Let \(A\subseteq [\![0,q-1]\!]^m\) and consider the code \({\mathcal {C}}_A\) as the affine variety code C(I, L) with \(I=(0)\) and \(L={\mathbb {F}}_q[A]\). Then, we know that the length of \({\mathcal {C}}_A\) is \(q^m\) and its dimension coincides with the cardinality of the set A. Moreover its minimum distance, denoted as \(d({\mathcal {C}}_A)\), satisfies that \(d({\mathcal {C}}_A)\ge {\mathrm {FB}}({\mathcal {C}}_A)\). In this section we will study when these two values coincide. More concretely, we provide sufficient conditions to have the equality \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).

Lemma 6

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-\alpha _1)\cdots (q-\alpha _m)\). Then \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if all the elements \(\beta = (\beta _1, \ldots , \beta _m)\) with \(0\le \beta _i \le \alpha _i\) belong to the set A.

Proof

First, to simplify the proof let us suppose that \(m=2\). Let \({\mathcal {P}} = \left\{ P_1, \ldots , P_n\right\} \) be the ordered enumeration of the \(q^2\) different points of \({\mathbb {F}}_q^2\). Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-\alpha _1)(q-\alpha _2)\). Now we can define the polynomial

$$\begin{aligned} f(x) = (X_1-P_1) \cdots (X_1-P_{\alpha _1}) \cdot (X_2-P_1) \cdots (X_2-P_{\alpha _2}). \end{aligned}$$

Take notice that by hypothesis \(f(X_1, X_2) \in {\mathbb {F}}_q[A]\) since all the elements \(\beta = (\beta _1, \beta _2)\) with \(0\le \beta _1 \le \alpha _1\) and \(0\le \beta _2 \le \alpha _2\) belongs to the set A. Moreover, the \({\mathbb {F}}_q\)-roots of f are all the points of form:

$$\begin{aligned} \begin{array}{cccc} (P_i, z_2)&\hbox { and }&(z_1, P_j)&\hbox { with } i \in \{1, \ldots , \alpha _1\} \hbox { , } j \in \{1, \ldots , \alpha _2\} \hbox { and } z_1, z_2\in {\mathbb {F}}_q. \end{array} \end{aligned}$$

That is, the number of \({\mathbb {F}}_q\)-roots of f(x) is \((\alpha _1 + \alpha _2) q - \alpha _1 \alpha _2\). Therefore, we have found a codeword \({\mathbf {c}} = {\mathrm {ev}}_{{\mathcal {P}}} (f)\in {\mathcal {C}}_A\) of weight \(q^2 - (\alpha _1 + \alpha _2) q - \alpha _1 \alpha _2 = {\mathrm {FB}}({\mathcal {C}}_A)\). Hence the minimum distance of \({\mathcal {C}}_A\) is \( {\mathrm {FB}}({\mathcal {C}}_A)\).

The generalization to m variables is straightforward. Let \({\mathcal {P}} = \left\{ P_1, \ldots , P_n\right\} \) be the ordered enumeration of the \(q^m\) different points of \({\mathbb {F}}_q^m\). Then, using all the hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X_1, \ldots , X_m) = \prod _{i=1}^m (X_i - P_1) \cdots (X_i - P_{\alpha _i}) \in {\mathbb {F}}_q[A]. \end{aligned}$$

Thus, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

The following result shows that if l is a divisor of \(q-1\) then, there exists a polynomial \(f(x) = X^l-\alpha \in {\mathbb {F}}_q[X]\) with small support but a large number of \({\mathbb {F}}_q\)-roots. This result will be useful for computing the minimum distance of codes of type \({\mathcal {C}}_A\) by just checking that a very small number of points belongs to the set A.

Lemma 7

Let \(\alpha \) be a primitive element of \({\mathbb {F}}_q^*\). Consider the polynomial \(f(X) = X^l-\alpha ^j \in {\mathbb {F}}_q[X]\). Then \(X^l-\alpha ^j\) has at least one root in \({\mathbb {F}}_q\) if and only if \(\gcd (l, q-1)\) divides j. In such case, the exactly number of \({\mathbb {F}}_q\)-roots of f(X) is \(\gcd (l,q-1)\).

Proof

Suppose that \(\alpha ^i\) is an \({\mathbb {F}}_q\)-root of f(X), then \(f(\alpha ^i) = 0\), that is \(\alpha ^{il} = \alpha ^j\) which implies that the order of \(\alpha \), which is \(q-1\), divides \(il-1\). In other words, there exists an integer x such that \(x(q-1) + il = j\). Take notice that such x exists if and only if \(\gcd (l,q-1)\) divides j.

In such case, if (x, y) is a solution of the equation \(x(q-1) + yl = j\). Then, all solutions of this equations has the form:

$$\begin{aligned} \left( x-\lambda \frac{l}{\gcd (l,q-1)}, y + \lambda \frac{q-1}{\gcd (l,q-1)} \right) \hbox { with } \lambda \in {\mathbb {Z}} \end{aligned}$$

Therefore, if f(X) has at least one root in \({\mathbb {F}}_q\), then it will have exactly \(\gcd (l,q-1)\)\({\mathbb {F}}_q\)-roots.\(\square \)

Corollary 1

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-l)q^{m-1}\) with l a divisor of \(q-1\). Then, \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if \(\{1, X_i^l\}\subseteq {\mathbb {F}}_q[A]\) for some \(i\in \{1, \ldots , m\}\).

Proof

By hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X) = X_i^l - \beta \hbox { for certain }\beta \in {\mathbb {F}}_q. \end{aligned}$$

Then, by Lemma 7, f(X) has \(lq^{m-1}\)\({\mathbb {F}}_q\)-roots. That is, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

Lemma 8

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-kl)q^{m-1}\) with l a divisor of \(q-1\). Then, \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if \(\{1, X_i^l, X_i^{2l}, \ldots , X_i^{kl}\}\subseteq {\mathbb {F}}_q[A]\) for some \(i\in \{1, \ldots , m\}\).

Proof

By hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X) = (X_i^l - \beta ) (X_i^{2l}-\beta ^2) \cdots (X_i^{kl} - \beta ^k) \hbox { for certain }\beta \in {\mathbb {F}}_q. \end{aligned}$$

Then, by Lemma 7, f(X) has \(klq^{m-1}\)\({\mathbb {F}}_q\)-roots. That is, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

Lemma 9

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-l_1)\cdots (q-l_m)\) with \(l_i\) a divisor of \(q-1\). Then, \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if \(\{1, X_1^{l_1}, \cdots , X_m^{l_m}\}\subseteq {\mathbb {F}}_q[A]\).

Proof

By hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X) = \prod _{i=1}^m( X_i^{l_i} - \beta _i) \hbox { for certain }\beta _1, \ldots , \beta _m \in {\mathbb {F}}_q. \end{aligned}$$

Then, by Lemma 7, f(X) has

$$\begin{aligned} (l_1 + \ldots l_m) q^{m-1} - \sum _{1\le i< j\le m} l_i l_j q^{m-2} - \sum _{1\le i< j<k\le m} l_i l_jl_k q^{m-3} - \ldots - l_1 \cdots l_m \end{aligned}$$

\({\mathbb {F}}_q\)-roots. That is, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

Lemma 10

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-k_1l_1)\cdots (q-k_ml_m)\) with \(l_i\) a divisor of \(q-1\). Then, \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if \(\{1, X_1^{l_1}, \ldots , X_1^{ml_1}, \cdots , X_m^{l_m}, \ldots , X_m^{k_ml_m}\}\subseteq {\mathbb {F}}_q[A]\).

Proof

By hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X) = \prod _{i=1}^m( X_i^{l_i} - \beta _i) (X_i^{2l_i}-\beta _i^2) \cdots (X_i^{k_il_i} - \beta _i^{k_i}) \hbox { for certain }\beta _1, \ldots , \beta _m \in {\mathbb {F}}_q. \end{aligned}$$

Then, by Lemma 7, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

Lemma 11

Suppose that \({\mathrm {FB}}({\mathcal {C}}_A) = (q-l)q^{m-1}\) with \(l-1\) a divisor of \(q-1\). Then, \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\) if \(\{X_i, X_i^l\}\subseteq {\mathbb {F}}_q[A]\) for some \(i\in \{1, \ldots , m\}\).

Proof

By hypothesis we can define the following polynomial in \({\mathbb {F}}_q[A]\):

$$\begin{aligned} f(X) = (X_i^l - \beta X_i) = X_i (X_i^{l-1}-\beta ) \hbox { for certain }\beta \in {\mathbb {F}}_q. \end{aligned}$$

Then, by Lemma 7, f(X) has \(lq^{m-1}\)\({\mathbb {F}}_q\)-roots. That is, we have found a codeword of \({\mathcal {C}}_A\) of weight \({\mathrm {FB}}({\mathcal {C}}_A)\), hence \(d({\mathcal {C}}_A) = {\mathrm {FB}}({\mathcal {C}}_A)\).\(\square \)

Lemma 12

Let \(A\subseteq [\![0,q-1]\!]^m\) and \(s\in [\![0,q-1]\!]\). If for all \(f\in {\mathbb {F}}_q[A]\) we have that \(X_1^s\) is a divisor of f(X), then \(d({\mathcal {C}}_A) = d({\mathcal {C}}_B)\) with

$$\begin{aligned} B=\{ (i_1-s-1, i_2,\ldots , i_m)\mid (i_1, \ldots , i_m) \in A\}. \end{aligned}$$

The result can be generalized to any other coordinate \(X_i\) with \(i=2, \ldots , m\).

Proof

By hypothesis every polynomial \(f\in {\mathbb {F}}_q[A]\) can be written as \(f=X_1^s g\) with \(g\in {\mathbb {F}}_q[B]\). And both polynomials f and g have exactly the same number of \({\mathbb {F}}_q\)-roots.\(\square \)

B Proof of Theorem 3 when d is even

We consider now the case of Theorem 3 when the minimum distance d is even.

Theorem 4

Let \({\mathbb {F}}_q\) be a finite field and \(d \in {\mathbb {Z}}^+\) be an even integer with \(d < q\). If \({\mathcal {C}}\) is a weighted Reed–Muller code over \({\mathbb {F}}_q\) with \(d({\mathcal {C}}^{\, (2)}) \ge d\), then \(k({\mathcal {C}}) \le k({\mathcal {C}}_B),\) where \({\mathcal {C}}_B\) is any of the weighted Reed–Muller codes described in Lemma 5.

Proof

This proof will follow the same ideas in Theorem 3. Let \({\mathcal {C}}\) be a weighted Reed–Muller code over \({\mathbb {F}}_q\) with \(d({\mathcal {C}}^{\, (2)}) \ge d\). We assume without loss of generality that \({\mathcal {C}}= {\mathrm {WRM}}_q(\lambda ,2,\{w_1,1\})\) for some \(\lambda , w_1 > 0\). Taking

$$\begin{aligned} A := \{(i,j) \in [\![0, q-1 ]\!]\, \vert \, w_1 i + j \le \lambda \} \end{aligned}$$

we have that \({\mathcal {C}}= {\mathcal {C}}_A\).

In this proof we denote \(a:= (q-1)/2\) and \(b := (q-d+1)/2\); and observe that either \((a,b) \in {\mathbb {N}}^2\) or both \((a-\frac{1}{2}, b + \frac{1}{2}), (a+\frac{1}{2}, b - \frac{1}{2}) \in {\mathbb {N}}^2\). We divide the proof in two cases depending on the value of \(\lambda \).

Case I:\(\lambda \le a + b\). We take \(B = B_1\) as in Lemma 5. To prove that \(|A| = k({\mathcal {C}}) \le k({\mathcal {C}}_B) = |B|\) we are going to prove that either \(A \subseteq B\), or

$$\begin{aligned} \begin{array}{lccl} \varphi : &{} A - B &{}\ \longrightarrow \ &{} B - A \\ &{} (\alpha ,\beta ) &{} \mapsto &{} (2a-\alpha , 2b - \beta ) \end{array} \end{aligned}$$

is an injective map (see Fig. 9 for a graphic representation of this idea).

Fig. 9

Figure illustrating the proof of Theorem 4 for \(d=6\), \(q=11\), \((a,b)=(5,3)\), \(A=\left\{ (i,j)\in {\mathbb {N}}^2 \mid 0.4 i + j \le 4 \right\} \) and \(B=\left\{ (i,j) \in {\mathbb {N}}^2 \mid i+j< 8\right\} \cup \left\{ (i,j) \in {\mathbb {N}}^2 \mid i+j = 8 \hbox { and } j<3\right\} \)

Since the injectivity of \(\varphi \) is easy to check, we are showing that \(\varphi \) is well defined in three steps:

1. (a)

   if \((\alpha ,\beta ) \in A\), then \((2a-\alpha ,2b-\beta ) \notin A\),

2. (b)

   if \((\alpha ,\beta ) \in A - B\), then \((2a-\alpha ,2b-\beta ) \in {\mathbb {N}}^2\), and

3. (c)

   if \((\alpha ,\beta ) \in A - B\), then \((2a-\alpha ,2b-\beta ) \in B\).

If (a) does not hold, then both \((\alpha ,\beta )\) and \((2a-\alpha ,2b-\beta ) \in A\). Hence, \((2a,2b) = (\alpha ,\beta ) + (2a-\alpha ,2b-\beta ) \in A + A\) and \({\mathcal {C}}_A^{\, (2)} = {\mathcal {C}}_{A+A}\). Since \({\mathcal {C}}_A\) is a weighted Reed–Muller code, by Lemma 4 we have that \(d \le d({\mathcal {C}}^{\, (2)}) = {\mathrm {FB}}({\mathcal {C}}^{\, (2)}) \le (q-2a)(q-2b) = d-1\), a contradiction.

We observe that \((2a-\alpha ,2b-\beta ) \in {\mathbb {Z}}^2\) and that \(\alpha \le q-1 = 2a\), so to prove (b) we just need to see that \(2b - \beta \ge 0\). Assume that \(2b < \beta \) and let us prove that

1. (b.1)

   \(P = (a,b) \in A\) if q is odd, or

2. (b.2)

   \(Q_1 = (a - \frac{1}{2}, b + \frac{1}{2}),\ Q_2 = (a + \frac{1}{2}, b- \frac{1}{2}) \in A\) if q is even.

If \(\alpha > a\), then \(\alpha \ge a+\frac{1}{2}\) since \(\beta \ge 2b + 1 > b + \frac{1}{2}\) we have that \(P \in A\) in case (b.1) and \(Q_1, Q_2 \in A\) in case (b.2). If \(\alpha \le a\), from one side we have that \((\alpha , \beta ) \notin B\), so

$$\begin{aligned} \alpha + \beta \ge a+b \end{aligned}$$

(4)

and, if we have equality, then \(\beta \ge b\). From the other side we have that \((\alpha ,\beta ) \in A\), which implies that

$$\begin{aligned} w_1 \alpha + \beta \le \lambda . \end{aligned}$$

(5)

From (4) and (5) we get that

$$\begin{aligned} (w_1 - 1) \alpha + a + b \le (w_1 - 1) \alpha + \alpha + \beta = w_1 \alpha + \beta \le \lambda \le a + b \end{aligned}$$

and, thus, \(w_1 \le 1\). Hence, we separate three cases:

Subcase I.I. If \(\alpha + \beta > a + b\).

$$\begin{aligned} w_1(a+\tfrac{1}{2}) + b - \tfrac{1}{2} \le w_1 a + b< w_1 a + b + \tfrac{1}{2} < \alpha + \beta + (w_1-1)\alpha = w_1 \alpha + \beta \le \lambda . \end{aligned}$$

So, \(P \in A\) if q is odd, or both \(Q_1,Q_2 \in A\) if q is even.

Subcase I.II. If \(\alpha + \beta = a + b\) and q is odd. Since \(\beta \ge b\) and \(w_1 < 1\), we have that \(w_1(\alpha - a) + \beta - b \ge w_1 (\alpha - a + \beta - b) = 0\). As a consequence,

$$\begin{aligned} w_1 a + b \le w_1 a + b + w_1(\alpha - a) + \beta - b = w_1 \alpha + \beta \le \lambda . \end{aligned}$$

Therefore \(P \in A\).

Subcase I.III. If \(\alpha + \beta = a + b\) and q is even. Since \(\beta \ge b\) and \(b \notin {\mathbb {N}}\), then \(\beta \ge b + \frac{1}{2}\); moreover, \(w_1 < 1\), then we have that \(w_1(\alpha - a + \frac{1}{2}) + \beta - b - \frac{1}{2} \ge w_1 (\alpha - a + \frac{1}{2} + \beta - b - \frac{1}{2}) = 0\). As a consequence,

$$\begin{aligned} w_1(a+\tfrac{1}{2}) + b - \tfrac{1}{2}\le & {} w_1(a-\tfrac{1}{2}) + b + \tfrac{1}{2} \\\le & {} w_1(a-\tfrac{1}{2}) + b + \tfrac{1}{2} + w_1(\alpha - a + \tfrac{1}{2}) + \beta - b - \tfrac{1}{2} \\= & {} w_1 \alpha + \beta \le \lambda \end{aligned}$$

and we conclude that \(Q_1,Q_2 \in A\).

Moreover, since \(P + P = Q_1 + Q_2 = (2a,2b)\), in both cases we obtain that \((2a,2b) \in A+A\) and \({\mathcal {C}}_A^{\, (2)} = {\mathcal {C}}_{A+A}\). Since \({\mathcal {C}}_A\) is a weighted Reed–Muller code, by Lemma 4 we have that \(d \le d({\mathcal {C}}^{\, (2)}) \le (q-2a)(q-2b) = d-1\), a contradiction.

Let us prove now (c). Take \((\alpha ,\beta ) \in A-B\), then either

1. (c.1)

   \(\alpha + \beta > a+b\), or

2. (c.2)

   \(\alpha + \beta = a+b\) and \(\beta \ge b\).

In (c.1) we have that \(2a-\alpha + 2b-\beta < a+b\), so \((2a-\alpha ,2b-\beta ) \in B\). In (c.2) we observe that \(\beta \ne b\) because \((a,b) \notin A\). Then, we have that \(2a-\alpha + 2b-\beta = a+b\) and \(2b - \beta < b\), so \((2a-\alpha ,2b-\beta ) \in B\).

Case II:\(\lambda \ge a + b\). We claim that \(\frac{\lambda }{w_1} < a + b\). Otherwise, we have that \(P \in A\) if q is odd, or \(Q_1,Q_2 \in A\) if q is even. In both cases \((2a,2b) \in A + A\) and \({\mathcal {C}}_A^{\, (2)} = {\mathcal {C}}_{A+A}\). Since \({\mathcal {C}}_A\) is a weighted Reed–Muller code, by Lemma 4 we have that \(d \le d({\mathcal {C}}^{\, (2)}) \le (q-2a)(q-2b) = d-1\), a contradiction. Since \(\frac{\lambda }{w_1} < a + b\), then \(A = \{(i,j) \in {\mathbb {N}}^2 \, \vert \, 0 \le i,j \le q-1 {\text { and }} i + \frac{1}{w_1}{j} \le \frac{\lambda }{w_1}\}\) and a symmetric argument to Case I using \(B = B_2\) with \(B_2\) as in Lemma 5 applies here.\(\square \)