Cryptography Reference
In-Depth Information
Finally, using the
QMTrace
step, we can produce the subfield subcode
⎛
⎝
⎞
⎠
⎛
⎝
⎞
⎠
202111021110210200
220111102011021020
022111210101102002
202022202011210110
220202220101021011
022220022110102101
221212002102111010
122221200210111001
212122020021111100
001101202000011001
100110220000101100
010011022000110010
2
10
2
11100000000000
0
21
1
21010000000000
1
02
1
12001000000000
0
20000100000000
0
00
0
12000010000000
0
00
2
01000001000000
0
22
1
22000000100000
2
02
2
12000000010000
2
20
2
21000000001000
1
22
1
02000000000100
2
12
2
10000000000010
2
00
1
H
=
,H
sys
=
.
21
0
21000000000001
The systematic form
H
sys
can be computed by inverting the matrix consisting of
the last
trm
columns. From the systematic parity-check matrix,
QMSignature
extracts those entries marked in boldface, which are sucient to describe the
public generator matrix
⎛
⎞
100000
201000022122
010000120000202212
001000012000220221
000100
211102122120
000010121210212012
000001112021221201
⎝
⎠
G
sys
=
.
Note that for the parity-check matrix, the signature of each monoidic block is its
first column, but for the generator, which contains transposed monoidic blocks,
the signature is the first row.
B
Decoding Square-Free Goppa Codes
For codes with degree
t
and its average distance at least (4
/p
)
t
+ 1, the proposed
decoder can uniquely correct (2
/p
)
t
errors, with high probability. The correction
capability is higher if the distribution of error magnitudes is not uniform, ap-
proaching or reaching
t
errors when any particular error value occurs much more
often than others or exclusively. The parity-check matrix used by this algorithm
is in the form (1).
At some point of this algorithm, we will call the
WeakPopovForm
algorithm
(also present in [BLM10] and described below) to find the short vectors in the
lattice spanned by the rows of
⎡
⎤
g
00
...
0
⎣
⎦
−
v
1
10
...
0
−
v
2
01
...
0
A
=
,
(5)
.
.
.
.
.
.
.
−
v
p−
1
00
...
1