ebook img

Linear independence of rank 1 matrices and the dimension of *-products of codes PDF

0.17 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Linear independence of rank 1 matrices and the dimension of *-products of codes

Linear independence of rank 1 matrices and the dimension of ∗-products of codes 5 1 Hugues Randriambololona 0 2 ENST “Telecom ParisTech” & LTCI CNRS UMR 5141 n January 27, 2015 a J 3 2 Abstract ] We show that with high probability, random rank 1 matrices over T a finite field are in (linearly) general position, at least provided their I shapek×lisnotexcessivelyunbalanced. Thistranslatesintosayingthat s. the dimension of the ∗-product of two [n,k] and [n,l] random codes is c equaltomin(n,kl), asonewould haveexpected. Ourwork is inspiredby [ a similar result of Cascudo-Cramer-Mirandola-Z´emor [4] dealing with ∗- 1 squares ofcodes, which it complements, especially regarding applications v to the analysis of McEliece-type cryptosystems [5][6]. We also briefly 8 mention thecase of higher ∗-powers, which require totaketheFrobenius 7 into account. Wethen conclude with some open problems. 9 5 0 1 Introduction . 1 0 Manyfundamentalproblems ininformationtheoryandintheoreticalcomputer 5 science can be expressed in terms of the structure of linearly independent and 1 generating subsets of a set in a vector space, as illustrated by [10] and the : v subsequent success of matroid theory. In this context the importance of the i X following definition is self-evident: r Definition 0. Let V be a finite-dimensional vector space, over an arbitrary a field. We say a set X ⊆V is in general position if any finite subset S ⊆X has its linear span hSi of dimension dimhSi=min(|S|,dimV). This means that there are no more linear relations than expected between elements of X: any S ⊆X of size |S|≤dimV is linearly independent, and any S ⊆X of size |S|≥dimV is a generating set in V. This requirementis quite strong,and weakervariantshavebeen considered. We can cite at least three of them. Thefirstoneistointroducethresholds. WesayX isin(a,b)-generalposition if any S ⊆ X of size |S| ≤ a is linearly independent, and any S ⊆ X of size 1 |S|≥bis ageneratingsetinV. Thisnotionshouldlookveryfamiliartocoding experts. Indeed one shows easily: Lemma 1. Let C be a q-ary [n,k] code, with generating matrix G. Set V =Fk q and let X ⊆V be the set of columns of G. Then X is in (a,b)-general position, with a=d (C⊥)−1 and b=n−d (C)+1. min min A secondone is to allowa smallgapg fromthe expecteddimension: we say X is in g-almost general position if for any S ⊆X we have dimhSi≥min(|S|,dimV)−g. This means allowing up to g more linear relations than expected. There is an obvious link with the previous notion: Lemma 2. If X ⊆V is in (a,b)-general position, then it is in g-almost general position for g =min(dimV −a,b−dimV). We leave it to the reader to combine Lemma 1 and Lemma 2 and give a coding-theoretic interpretation of this integer g (or a geometric interpretation in case C is an AG-code). Last, our third variant is probabilistic, allowing a small proportion of S to failinDefinition0. Infact,ratherthansubsetsofX,itwillbeeasiertoconsider sequences of elements of X, possibly with repetitions. For this we will assume thatX isequippedwithaprobabilitydistributionL. AnaturalchoicewhenX isfinitewouldbetotaketheuniformdistribution,howevermoregeneralL will be allowed. Then, measuring how close X ⊆ V is to being in general position reduces to the following: Problem 3. Let n ≥ 1, and u ,...,u random elements of X (understood: 1 n independent, and distributed according to L). Give bounds on the “error prob- ability” P[dimhu ,...,u i<min(n,dimV)]. 1 n In this work we address this problem for V = Fk×l a matrix space, and q X ⊆V the set of matrices of rank 1. Understanding the linear span of families of rank 1 matrices is especially important regarding the theory of bilinear complexity (or equivalently, that of tensor decomposition). Indeed, computing the complexity of a bilinear map (or the rank of a 3-tensor) reduces to the following [2][3][7][8]: given a linear subspace W ⊆ Fk×l, find a family of rank 1 matrices of minimal cardinality q whose linear span contains W. Another motivation comes from the theory of ∗-products of codes, and in particular its use in a certain class of attacks [5][6] against McEliece-type cryptosystems. Given words c = (c ,...,c ),c′ = (c′,...,c′ ) ∈ Fn, we let 1 n 1 n q c∗ c′ = (c c′,...,c c′ ) ∈ Fn be their componentwise product. Then [9] if 1 1 n n q C,C′ ⊆Fn are two linear codes of the same length, their product C∗C′ ⊆Fn q q is defined as the linear span of the c∗c′ for c∈C,c′ ∈C′. We can also define the square Ch2i =C∗C, and likewise for higher powers Chji. 2 Setting k =dimC and l =dimC′, it is then easily seen dimC∗C′ ≤kl, dimCh2i ≤k(k+1)/2, and in fact for small k,l and random C,C′ one expects these inequalities to be equalities. Forthesecondinequality,thisisprovedin[4]. Forthefirstinequality, we will see this reduces to our solution of Problem 3 for rank 1 matrices. So, together, [4] and our results support the heuristic at the heart of the aforementionnedattacksagainstMcEliece-typecryptosystems. Indeed,thevery principle of these attacks is to uncover the hidden algebraic structure of an apparentlyrandomcode(whichservesasthepublickey)byidentifyingsubcodes for which equality fails in these inequalities (for instance, the dimension of the product behaving additively rather than multiplicatively). 2 Generic approach Here V is an abstract vector space of dimension m over F , and X ⊆ V an q arbitrarysubset. We mayassumeX spansV. We areinterestedinthefunction P(n)=P[dimhu ,...,u i<min(n,dimV)]. 1 n Clearly it is unimodal, more precisely it is increasing for n≤m and decreasing for n≥m. Now we study each of these two cases in more detail. 2.1 Case n ≥ m. We have dimhu ,...,u i<m iff u ,...,u are contained in an hyperplane H 1 n 1 n of V. Using the union bound and the independence of the u we get at once: i Proposition 4. We have P(n)≤ P[u ,...,u ∈H] 1 n XH = P[u ∈H]n 1 XH where H ranges over hyperplanes of V. This bound is exponentially small. More precisely, set ρ=maxP[u ∈H] 1 H (for instance ρ=max |X∩H|/|X| if L is uniform distribution). We then see H immediately: 3 Corollary 5. For all n≥m we have cρn−m ≤P(n)≤c′ρn−m. where c=ρm and c′ = P[u ∈H]m. H 1 P It should be noted that c,c′,ρ depend on V and X. So, part of the job will be to make these constants more explicit when V and X will be specified. Another interesting fact is that the RHS in Proposition 4 is P[u ,...,u ∈H]=E[|{H; u ,...,u ∈H}|], 1 n 1 n XH the expected value of the number of hyperplanes containing u ,...,u . How- 1 n ever, this number is precisely qd−1, where d = codimhu ,...,u i. This allows q−1 1 n us to combine our second and third variants of the notion of general position: Proposition 6. For 0≤g ≤min(m,n) we have q−1 P[dimhu ,...,u i<m−g]≤c′ρn−m 1 n qg+1−1 (with c′,ρ as above), and also P[dimhu ,...,u i<m−g]≤ P[u ∈W]n 1 n 1 XW where W ⊆V ranges over subspaces of codimension g+1. Proof. The first inequality follows from the discussion above, using Markov’s inequality as in [4, Prop. 5.1]. The second is a direct approach using the union bound similar to that of Proposition 4. Whichofthesetwoboundsisstronger,andwhichismoretractable,certainly depends onV andX. Note alsothatthe bounds remainvalid evenwithout the assumption m≤n. WeillustratewhatprecedesforX =V =Fm withuniformdistribution(this q will be used later). We introduce the converging infinite product C = (1−q−j)−1. q jY≥1 Numerically, C ≤C ≈3.463. q 2 We let m = qm−r+j−1 denote the number of r-dimensional sub- (cid:20)r(cid:21) 1≤j≤r qj−1 q Q spaces in Fm. q Lemma 7. We have m qr(m−r) ≤ ≤C qr(m−r). (cid:20)r(cid:21) q q 4 Proof. From qm−r ≤ qm−r+j−1 ≤(1−q−j)−1qm−r. qj−1 Proposition8. For0≤r ≤min(m,n)andrandomu ,...,u ∈Fm uniformly 1 n q distributed, we have P[dimhu ,...,u i≤r]≤C q−(n−r)(m−r). 1 n q Proof. Follows from what precedes, using P[u ∈ W] = q−(m−r) for dimW = 1 r. 2.2 Case n ≤ m. Fromnowonwewillsuppose(X,L)ishomothetyinvariant: givenanyλ∈F×, q then for random u∈X, we also have λu∈X, with the same distribution L. We say a vector z = (λ ,...,λ ) ∈ Fn is a linear relation for u ,...,u if 1 n q 1 n λ u +···+λ u =0. 1 1 n n Also introduce the random variable s =u +···+u ∈V. n 1 n Lemma 9. For any z∈Fn of Hamming weight w, we have q P[z is a linear relation for u ,...,u ] = P[s =0]. 1 n w Proof. Wemaysupposezhassupport{1,...,w},andweconcludesinceu and i λ u have same distribution for λ 6=0. i i i Proposition 10. We have n P(n)≤ (q−1)w−1P[s =0] w (cid:18)w(cid:19) wX≥1 Proof. Unionbound,asinProposition4(notethatwemaycountlinearrelations only up to proportionality). Likewise, Markov’s inequality gives, for any g ≥0, P(dimhu ,...,u i<n−g)≤ 1 n (q−1)wP[s =0]. 1 n qg+1−1 w w wX≥1(cid:0) (cid:1) In these sums we expect the contribution of linear relations of large weight should stay under control thanks to: Proposition 11. As w →∞ we have 1 P[s =0]→ , w qm except for q = 2 and X contained in the translate of an hyperplane, in which case we have P[s =0] for odd w, and P[s =0]→ 1 for even w →∞. w w 2m−1 5 Proof. We treat first the case q > 2, so there is a λ 6= 0,1 in F . The s form q w a random walk on the finite commutative group V. Seen as a Markov chain, it is irreducible, because X spans V (as a vector space, but also as a group, since X is homothety-invariant). Moreover it is aperiodic, because the zero vector can be written as a sum of 2 elements of X (e.g. s+(−s)), and also as a sum of 3 elements of X (e.g. (1−λ)s+(−s)+λs). So it converges to its unique stationnary distribution, which can only be uniform. The case q =2 is similar, with a tweak on aperiodicity. 3 Rank 1 matrices Amatrixu∈Fk×l is ofrank1iff itcanbe written u=pqT forcolumnvectors q p∈Fk\{0},q∈Fl \{0}. Moreoverthesep,qareuniquelydetermineduptoa q q scalar. This means, choosing randomp∈Fk\{0}, q∈Fl \{0} uniformly, and q q setting u=pqT, gives a random matrix of rank 1 with uniform distribution. Actually we will use a slightly different model. Let X ={u∈Fk×l; rku≤1} k×l q bethesetofrank1matricestogetherwiththezeromatrix. Pickrandomp∈Fk, q q∈Fl uniformly (possibly zero), and set u=pqT. This gives our distribution q L on X . k×l Note that if u ∈ X is distributed according to L, then conditioning k×l on the event u 6= 0 gives back the uniform distribution on matrices of rank 1. Conversely,ifbisaBernoullivariableofparameterP[b=1]=(1−q−k)(1−q−l), and if u is a random uniformly distributed matrix of rank 1, then bu∈X is k×l distributedaccordingtoL. Moreover,replacingu ,...,u withb u ,...,b u 1 n 1 1 n n can only decrease the dimension of their linear span. As a consequence, any upper bound on P(n) for (X ,L) will also be an upper bound for uniformly k×l distributed matrices of rank 1. Lemma 12. (i) Every linear form on Fk×l is of the form l = Tr(BT·) for q B a uniquely determined B∈Fk×l. q (ii) The number of B∈Fk×l of rank r is q k l |GL (F )|≤C qr(k+l−r). (cid:20)r(cid:21) (cid:20)r(cid:21) r q q q q (iii) Given B ∈ Fk×l of rank r, then for random u = pqT in X we have q k×l P[l (u)=0]= 1 1+ q−1 . B q qr (cid:16) (cid:17) Proof. Point(i)isclear. Forpoint(ii)weviewBasalinearmapFk −→Fl,and q q we note that it is entirely determined by its kernel kerB ⊆ Fk of codimension q r, its image imB ⊆ Fl of dimension r, and the isomorphism Fk/kerB ≃ imB q q 6 it induces. This gives the formula of the LHS, and the upper bound works as in the proof of Lemma 7. For (iii) we note l (u) = 0 means pTBq =0, which B happens precisely when pTB = 0 (of probability q−r) or when q is orthogonal to pTB6=0 (of probability q−1(1−q−r)). For some of our results we will restrict to matrices whose long side grows at most exponentially in the short side. More precisely, for any ε,κ > 0, we introduce the parameter space εqκk P(ε,κ)= (k,l); 2≤k≤l ≤ . (cid:26) (q−1)k(cid:27) Now we fix a κ > 0 small enough so that q(1−κ)2 ≥ 1+ q−1 (for instance q κ=0.23 works for any q), as well as some 0<ε<1. Theorem 13. Let (k,l) ∈ P(ε,κ) and n ≥ kl. Then for random u ,...,u ∈ 1 n X we have k×l P[u ,...,u don’t span Fk×l]≤c′′ρn−kl 1 n q with ρ= 1 1+ q−1 and c′′ = qCq 1+ 1 . q q (q−1)2 1−ε (cid:16) (cid:17) (cid:16) (cid:17) Proof. We apply Corollary 5, where from Lemma 12 we get ρ = 1 1+ q−1 q q (cid:16) (cid:17) and 1 kl c′ ≤ C qr(k+l−r) 1 1+ q−1 q−1 q q qr 1≤Xr≤k (cid:16) (cid:16) (cid:17)(cid:17) = Cq (1+qq−r1)kl. q−1 q(k−r)(l−r) 1≤Xr≤k We set r =⌊κk⌋ and split this last sum in two. 0 First, forr ≤r wehave(k−r)(l−r)≥(1−κ)2kl+(r −r) and1+q−1 ≤ 0 0 qr 1+ q−1, so, by our condition on κ, (1+qq−r1)kl ≤ 1 . q q(k−r)(l−r) qr0−r kl kl On the other hand, for r > r we have 1+ q−1 < 1+ q−1 ≤ 0 qr qκk (cid:16) (cid:17) (cid:16) (cid:17) 1 ≤ 1 . 1−kl(q−1) 1−ε qκk We deduce: C 1 1 1 c′ < q  + ≤c′′. q−11≤Xr≤r0qr0−r 1−εr0X<r≤kq(k−r)(l−r) Given k ≤ l and random u ∈ X , recall for all w ≥ 1 we set s = i k×l w u +···+u ∈Fk×l. 1 w q 7 Theorem 14. (i) For 1≤w <k+l we have 2qC /(q−1) P[s =0]≤ q . w qkw/2 (ii) For w ≥k+l we have C (1−q−(w−l))−1 P[s =0]≤ q . w qkl Proof. Write u = p qT with p ∈ Fk, q ∈ Fl uniform. Let G be the k×w i i i i q i q matrix whose columns are p ,...,p , and let x ,...,x ∈ Fw be its rows. 1 w 1 k q Likewise let G′ be the l × w matrix whose columns are q ,...,q , and let 1 w y ,...,y ∈Fwbeitsrows. Notethesex’sandy’sareuniformandindependent. 1 l q Also our key observation is that s =0 iff hx ,...,x i⊥hy ,...,y i in Fw. w 1 k 1 l q Now we condition on dimhy ,...,yi. 1 l By Proposition 8 we have P[dimhy ,...,yi = e] ≤ C q−(l−e)(w−e). Also, 1 l q P[hx ,...,x i⊥hy ,...,y i|dimhy ,...,y i=e]=q−ke. This gives 1 k 1 l 1 l P[s =0]≤C q−f(e) w q X 0≤e≤min(l,w) where f(e) = ke + (l − e)(w − e). This function f attains its minimum at e =(l+w−k)/2, from which we deduce, for 0≤e≤min(l,w): 0 kw+(w−e)≥kw/2+(w−e) for w ≤l−k f(e)≥f(e )+⌊|e−e |⌋≥kw/2+⌊|e−e |⌋ for l−k <w <k+l  0 0 0 kl+(e−k)(w−l) for w ≥k+l.  The first two cases together give point (i), while the third gives point (ii). Theorem 15. Let (k,l)∈ P(ε,1) and n ≤ kl. Then for random u ,...,u ∈ 2 1 n X we have k×l qC 2ε P[u ,...,u lin. dependent]≤ q +q−(kl−n) . 1 n (q−1)2(cid:18)1−ε (cid:19) Proof. Split the sum in Proposition10 in two: for w <k+l use Theorem14(i) and n ≤(kl)w; for w ≥k+l use Theorem 14(ii). w (cid:0) (cid:1) 4 Products of codes By a generating matrix for a linear code C we mean any matrix G whose row span is C. We allow G to have more than dimC rows. Consider random G ∈ Fk×n, G′ ∈ Fl×n (uniform distribution), generating q q matrices for C,C′ ⊆Fn, so dimC ≤ k, dimC′ ≤l. Denote by p ,...,p ∈Fk q 1 n q 8 the columns and by x ,...,x ∈Fn the rows of G. Denote by q ,...,q ∈Fl 1 k q 1 n q the columns and by y ,...,y ∈Fn the rows of G′. 1 l q Identify the matrix space Fk×l with Fkl . q q The product C ∗ C′ and its generating matrix G ∈ F(k×l)×n admit the q following equivalent descriptions [9]: b (i) G has rows all products x ∗y i j (ii) Cb∗C′ is the projection of C⊗C′ on the diagonal (iii) G has columns the rk≤1 matrices p q T,...,p q T 1 1 n n (iv) Cb∗C′ is the image of the evaluation map ev: Bilin(Fk×Fl) −→ Fn q q q B 7→ (B(p ,q ),...,B(p ,q )). 1 1 n n From description (iii) we can translate our Theorems 13 and 15. Recall q(1−κ)2 ≥1+ q−1, and 0<ε<1. q Theorem 16. For (k,l)∈P(ε,κ) and n≥kl, we have P[dimC∗C′ <kl]≤c′′ρn−kl with ρ= 1 1+ q−1 and c′′ = qCq 1+ 1 . q q (q−1)2 1−ε (cid:16) (cid:17) (cid:16) (cid:17) Theorem 17. For (k,l)∈P(ε,1) and n≤kl, we have 2 qC 2ε P[dimC∗C′ <n]≤ q +q−(kl−n) . (q−1)2(cid:18)1−ε (cid:19) Note that if k → ∞ and kl/qk/2 → 0 (for instance if l is polynomial in k), we can set ε=(q−1)kl/qk/2 →0. Still, we can derive an unconditional result, valid for any (k,l). Recall the maximumdistanced ofa linearcode isthe maximum weightofacodeword. max Theorem 18. For any (k,l), and k+l ≤n≤kl, we have qC P[d (C∗C′)⊥ ≥k+l]≤ q q−(kl−n). max (q−1)2 Proof. Union bound for P[∃lin. rel. of weight ≥k+l], which means keep only terms w ≥k+l in Proposition 10, and use only part (ii) of Theorem 14. So, with high probability (C ∗ C′)⊥ has d < k + l. This is a strong max restriction (for instance it also implies dim<k+l). 9 5 Squares and higher powers Let C have generating matrix G ∈ Fk×n, with columns p ,...,p ∈ Fk and q 1 n q rows x ,...,x ∈Fn. As above, the s-th power Chsi and its generating matrix 1 k q G admit the following equivalent descriptions: b(i) G has rows all ∗-monomials of degree s in the x i (ii) Cbhsi is the projection of C⊗s on the diagonal (iii) G has columns the elementary tensors p ⊗s,...,p ⊗s 1 n (iv) Cbhsi is the image of the evaluation map ev: F [t ,...,t ] −→ Fn q 1 k s q P 7→ (P(p ),...,P(p )). 1 n (Where R denotes the s-th homogeneous component of R.) s We deduce at once dimChsi ≤ min(n, k+s−1 ). For s = 2 it is shown in s [4] that for random such C, with high prob(cid:0)ability(cid:1)there is equality: dimCh2i = min(n,k(k+1)) (which could in turn be translated into a generalposition result 2 for rank1 symmetric matrices). It is interesting to note that nothavingto face unbalanced (k,l) made it easier for these authors to deal with short relations, hence to control d (Ch2i)⊥ in [4, Prop. 2.4]. By contrast, in our setting, min independence of C and C′ made it easier to deal with long relations, hence to control d (C∗C′)⊥ in Theorem 18. max Concerning higher powers, one should be careful of the: Proposition 19. For s>q we always have strict inequality k+s−1 dimChsi < . (cid:18) s (cid:19) More precisely, we have dimChsi ≤min(n,χ (k,s)) q where [9, App. A]: χ (k,s)=dimSs Fk =dim(F [t ,...,t ]/(tqt −t tq)) . q Frob q q 1 k i j i j s Proof. The map∗ is Frobenius-symmetric,so in(ii) the projectionC⊗s →Chsi factors through Ss C. Alternatively, in (iv), ker(ev) contains all multiples of Frob the tqt −t tq. i j i j 6 Open problems In our probabilistic model we considered random matrices of the form u = i p q T for column vectors p ∈ Fk, q ∈ Fl possibly zero. However, as already i i i q i q 10

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.