Enumeration of extended irreducible binary Goppa codes of degree 2 m and length 2 n + 1

: Let n be an odd prime and m > 1 be a positive integer. We produce an upper bound on the number of inequivalent extended irreducible binary Goppa codes of degree 2 m and length 2 n +1 . Some examples are given to illustrate our results.


Introduction
This paper focuses on the class of codes called Goppa codes.It was V. D. Goppa who, in the early 1970's, described this class of codes.Goppa codes form a subclass of alternant codes which has an interesting algebraic structure [6].Goppa codes are said to contain good parameters.This might be the reason why they are of high practical value.The McEliece cryptosystem and the Niederreiter cyptosystem are examples of public-key cryptosystems in cryptography which make use of Goppa codes.
The McEliece cryptosystem is believed to be a cryptosystem which may have potential to withstand attack by quantum computers [3].As this cryptosystem chooses a Goppa code at random as its key, knowledge of the number of inequivalent Goppa codes for fixed parameters may facilitate in the evaluation of the security of such a cryptosystem.This paper seeks to find a tight bound on the number of inequivalent extended irreducible binary Goppa codes of degree 2 m .The count employs the tools which were used to count the non-extended versions (see [8]).

Preliminaries
As this paper is focused on irreducible Goppa codes we begin with the definition of irreducible Goppa codes.
Definition 2.1.Let q be a power of a prime number and g(z) ∈ F q n [z] be irreducible of degree r.Let L = F q n = {ζ i : 0 ≤ i ≤ q n − 1}.Then an irreducible Goppa code Γ(L, g) is defined as the set of all vectors c = (c 0 , c 1 , ..., c q n −1 ) with components in F q which satisfy the condition The set L is called the defining set and its cardinality defines the length of Γ(L, g).The polynomial g(z) is called the Goppa polynomial.If the degree of g(z) is r then the code is called an irreducible Goppa code of degree r.
The roots of g(z) are contained in F q nr \ F q n .If α is any root of g(z) then it completely describes Γ(L, g).Chen in [2] described a parity check matrix H(α) for Γ(L, g) which is given by We will sometimes denote this code by C(α).
We next give the definition of extended irreducible Goppa codes.
Definition 2.2.Let Γ(L, g) be an irreducible Goppa code of length q n .Then the extended code Γ(L, g) is defined by Γ(L, g) = {(c 0 , c 1 , ..., c q n ) : (c 0 , c 1 , ..., c q n −1 ) ∈ Γ(L, g) and Next we define the set which contains all the roots of all possible g(z) of degree r.
Definition 2.3.We define the set S = S(n, r) as the set of all elements in F q nr of degree r over F q n .
Any irreducible Goppa code can be defined by an element in S. The converse is also true, that is, any element in S defines an irreducible Goppa code.Since an irreducible Goppa code Γ(L, g) is determined uniquely by the Goppa polynomial g(z), or by a root α of g(z), we define the mapping below.(For further details, see [2].) Definition 2.4.The relation π ζ,ξ,i defined on S by This map sends irreducible Goppa codes into equivalent codes and we generalise this as follows: Theorem 2.5.(Ryan, [8]): If α and β are related by an equation of the form α = ζβ q i + ξ for some ζ = 0, ξ ∈ F q n , then the codes C(α) and C(β) are equivalent.
The map in Definition 2.4 can be broken up into the composition of two maps as follows: 1. π ζ,ξ defined on S by π ζ,ξ : α → ζα + ξ and 2. the map σ i : α → α q i , where σ denotes the Frobenius automorphism of F q nr leaving F q fixed.
From these two maps we define the following sets of mappings.
The sets of maps H and G together with the operation composition of maps both form groups which act on S.
Definition 2.8.The action of H on S induces orbits denoted by A(α) where We refer to A(α) as an affine set containing α where α is an element of degree r over F q n and ζ, ξ ∈ F q n .Since ζ = 0, ξ ∈ F q n then to form the set A(α) the number of choices for ζ is q n − 1 and ξ has q n choices and so |A(α)| = q n (q n − 1).Definition 2.9.Let A denote set of all affine sets, i.e., A = {A(α) : α ∈ S}.
Next, we define a mapping on S which sends extended irreducible Goppa codes into equivalent extended irreducible Goppa codes.
From these two maps we give the following two definitions.
Definition 2.12.Let F denote the set of all maps {π ζ1,ζ2,ξ1,ξ2 : F forms a group under the operation of composition of maps which acts on S.
Definition 2.15.Let O F denote the set of all orbits in S under the action of F , i.e., O F = {O(α) : α ∈ S}.Observe that O F is a partition of the set S.
Note that G acts on the set O F .
It is shown in [9] that each of the sets O(α) in O F can be partitioned into 2 n + 1 sets.The theorem below provides more details.
Observe that the sets O F and A are different.O F is a partition on S and also A is a partition on S.

The number of elements in
G also acts on A = {A(α) : α ∈ S}.

Technique of counting
We wish to produce an upper bound on the number of inequivalent extended irreducible binary Goppa codes of degree r = 2 m .We intend to achieve this by employing the tools developed for counting the non-extended versions.
In counting the non-extended irreducible Goppa codes we consider the action of H on S.This gives orbits in S denoted by A(α) called affine sets.We then consider the action of G on the set A where A = {A(α) : α ∈ S}.The number of orbits in A under G gives us an upper bound on the number of inequivalent irreducible Goppa codes.Now to count extended irreducible Goppa codes we consider the action of F on S.This action induces orbits in S denoted by O(α).Next we consider the action of G on O F = {O(α) : α ∈ S}.The number of orbits in O F under G gives us an upper bound on the number of inequivalent extended irreducible Goppa codes.
To find the number of orbits in A and O F we use the Cauchy Frobenius Theorem whose proof can be found in [4].Since the Cauchy Frobenius Theorem is central in this paper we state it as follows.
Theorem 3.1 (Cauchy Frobenius Theorem).Let E be a finite group acting on a set X.For any e ∈ E, let X e denote the set of elements of X fixed by e. Then the number of orbits in X under the action of E is 1

Cardinality of S
In order to simplify our notation we denote all the factors of the degree 2 m by 2 i for 0 ≤ i ≤ m.Now to find the number of elements in S we use the lattice of subfields of F 2 nM , where M = 2 m as done in [7]. Figure 1 shows the lattice of subfields of F 2 nM .Remark 3.2.In Figure 1 observe that the elements of degree 2 m over F 2 n lie in F 2 n(2 m ) and F 2 2 m .So the number of elements of degree

The number of fixed affine sets in A
Note that the group G defined in Definition 2.7 is a cyclic group of order n2 m , where n > 2 is prime, and it's subgroups are all of the form σ k , where k is a factor of n2 m .Further, note that G acts on A. In this section, we determine the G-orbits of this action.
We first need to know the number of affine sets A(α) which are in A.
The expected length of orbits in A under the action of G are all factors of n2 m .The trivial subgroup σ n(2 m ) , containing the identity, fixes every affine set in A. In the following subsections, we separately consider the remaining subgroups of G, i.e., σ n(2 m−1 ) , σ 2 m , σ 2 m−1 , σ 2 s and σ n(2 s ) where 0 ≤ s < m − 1.
We now find the number of elements of S which satisfy (1).We know that where β i denotes all the elements of F 2 n(2 m−1 ) which have trace 1 over F 2 [5].We know that there are precisely 2 n(2 m−1 )−1 such β i .Note that the trace function we are dealing with is from the field F 2 n(2 m−1 ) to F 2 .So even if an element is in a proper subfield of F 2 n(2 m−1 ) , in calculating its trace we regard it as an element of F 2 n(2 m−1 ) .We further observe that if Since the characteristic is 2, then we conclude that none of the β i in the decomposition of (not in any of its subfields).Furthermore, all the quadratic factors on the right hand side of (2) are irreducible over F 2 n(2 m−1 ) .This is due to linearity of the trace function and the fact that T race(β i ) = 1 for each β i .The 2 2 m−1 −1 quadratic equations corresponding to the β i in F 2 2 m−1 have F 2 2 m as their splitting field while the remaining 2 n(2 m−1 )−1 − 2 2 m−1 −1 quadratic equations have F 2 n(2 m ) as their splitting field.So all the 2 n(2 m−1 ) roots lie in S.

3.3.3.
σ 2 m a subgroup of G of order n Suppose the orbit in A under the action of G containing A(α) contains 2 m affine sets.Then A(α) is fixed under σ 2 m .In [8], it is proved that the number of affine sets fixed by σ r is |S(1, r)|/(q(q − 1)).Hence the number of affine sets fixed by Suppose the orbit in A under the action of G containing A(α) contains 2 m−1 affine sets.Then then it is also fixed under σ 2 m since σ 2 m ⊂ σ 2 m−1 .So A(α) contains a fixed point.That is A(α) contains some elements which satisfy x 2 2 m = x and these elements are in )α ∈ F 2 n contradicting the fact that α is of degree 2 m .Now we show that 2 2 m−1 + 1 is relatively prime to 2 n − 1.We simply show that any number of the form 2 d + 1 is relatively prime to 2 n − 1.That is it suffices to show that (2 d + 1, 2 n − 1) = 1.We show this by contradiction.Assume that (2 d + 1, 2 n − 1) = 1.That is there must be some odd prime p which divides both 2 d + 1 and 2 n − 1.This implies that 2 n ≡ 1 (mod p) and 2 d ≡ −1 (mod p).So 2 d ≡ −1 (mod p) implies 2 2d ≡ (−1) 2 = 1 ≡ 2 n (mod p).Thus n ≡ 2d (mod (p − 1)).Since p − 1 is even then n is also even.This establishes a contradiction since n is an odd prime.Hence (2 d + 1, 2 n − 1) = 1 for odd n.

So we have α
Clearly α satisfies the equation Observe that α + 1 also satisfies (3) and one can easily check that these are the only elements in A(α) which satisfy (3).Using an argument similar to the one in Subsection 3.3.1,all the 2 2 m−1 roots of Hence we conclude that there are 2 2 m−1 −1 affine sets fixed under σ 2 m−1 .

3.3.5.
σ 2 s a subgroup of G of order n(2 m−s ) Suppose the orbit in A under the action of G containing A(α) contains 2 s affine sets where 0 ≤ s < m − 1.Then A(α) is fixed by σ 2 s and σ 2 s (α) = α 2 2 s = ζα + ξ for some ζ = 0, ξ ∈ F 2 n .As in Subsection 3.3.4,if A(α) is fixed under σ 2 s then it is also fixed under σ 2 m since σ 2 m ⊂ σ 2 s .Assume α ∈ F 2 2 m \ F 2 2 m−1 then applying σ 2 s to α for 2 m−s times we obtain where +1 must be equal to 1 otherwise it would mean that We can now conclude that . It is clear that ξ is in the intersection of the fields of order 2 2 s and 2 n .Since (2 s , n) = 1 then ξ is 0 or 1.But ξ = 0 is impossible since this would mean that α ∈ F 2 2 s .So ξ must be 1.
So we have α 2 2 s = α + 1. Clearly α satisfies the equation x 2 2 s + x + 1 = 0. Observe that α + 1 also satisfies the equation x 2 2 s + x + 1 = 0 and one can easily check that these are the only elements in A(α) which satisfy x 2 2 s + x + 1 = 0. Using similar argument to the one in Subsection 3.3.1,all the 2 2 s roots of Hence we conclude that there is no affine set fixed under σ 2 s .

The number of orbits in A under the action of G
We use Table 1 to present the information in Section 3.3.This table shows the number of affine sets which are fixed under the action of various subgroups of G.The subgroups which do not fix any affine set are left out.The subgroups are listed in ascending order of the number of elements in the subgroup.So the first row is the subgroup σ n(2 m ) which is merely the trivial subgroup containing the identity.Column 3 lists the number of elements in subgroup which are not already counted in subgroups in the rows above it in the table.This is to avoid repetition when we multiply column 3 by column 4 in order to get the total number of fixed affine sets by the elements in G.
By the Cauchy Frobenius Theorem, the number of orbits in A under the action of G is .
Remark 3.3.The number of orbits in A under the action of G gives us an upper bound on the number of irreducible Goppa codes.

The number of fixed O(α) in O F
We are going to consider the action of G on O F so that we find the number of O(α)'s which are fixed in O F .This is done by acting all subgroups of G on O F .We begin by finding the number of elements in O F .By Remark 3.
Since G acts on O F and its cardinality is n(2 m ) then the expected lengths for the orbits in O F under the action of G are all the factors of n(2 m ).Every O(α) in O F is fixed by a trivial subgroup σ n(2 m ) containing the identity.As in Section 3.3, we consider the remaining subgroups of G, i.e., σ n(2 m−1 ) , σ 2 m−1 , σ 2 s and σ n(2 s ) where 0 ≤ s < m − 1.

3.5.1.
σ n(2 m−1 ) a subgroup of G of order 2 . We can consider O(α) as a set of 2 n + 1 affine sets.σ n(2 m−1 ) partitions this set of 2 n + 1 affine sets.The only possibility are orbits of length 1 or 2. Since O(α) contains an odd number of affine sets then the possibility that all orbits are of length 2 is excluded.So there has to be at least one orbit of length 1, i.e., O(α) must contain an affine set which is fixed under σ n(2 m ) .By Subsection 3.3.1,there are 2 n(2 m−1 −1) such affine sets.We claim that any fixed O(α) in O F contains precisely one affine set which is fixed under σ n(2 m−1 ) .It suffices to show that O(α) cannot contain two affine sets which are fixed under σ n(2 m−1 ) .Without loss of generality, suppose A(α) We show that none of the affine sets after A(α) in the above decomposition of O(α) is fixed under σ n(2 m−1 ) .This is done by showing that no element in any of these affine sets satisfies the equation 1) in Subsection 3.3.1).By Subsection 3.3.1, the 2 n elements in the set {α+ξ : ξ ∈ F 2 n } satisfy the equation x 2 n(2 m−1 ) +x+1 = 0 from which we see that ) where 0 ≤ s < m.Then σ n(2 s ) acts on O(α).We can consider O(α) as a set of 2 n + 1 affine sets.σ n(2 s ) partitions this set of 2 n + 1 affine sets.The only possible lengths of orbits are all factors of 2 m−s .Since O(α) contains an odd number of affine sets then the possibility that all orbits are of even length is precluded.By Subsection 3.3.2,there is no affine set fixed under σ n(2 s ) .So we also preclude the possibility of length 1. Hence we conclude that no O(α) in O F is fixed under σ n(2 s ) .

3.5.3.
σ 2 m a subgroup of G of order n Suppose O(α) ∈ O F is fixed under σ 2 m .Then σ 2 m acts on O(α) which is seen as a set of 2 n + 1 affine sets.σ 2 m partitions this set of 2 n + 1 affine sets.The only possible lengths of orbits are 1 and n.Since 2 n + 1 ≡ 2 + 1 = 3 (mod n) (by Fermat Little Theorem) then n does not divide 2 n + 1.So there must be at least three affine sets in O(α) fixed under σ 2 m .We claim that there are only three affine sets in O(α) which are fixed under σ 2 m .Recall that O(α