Arxiv:1805.06706V2 [Cs.IT]

arXiv:1805.06706v2 [cs.IT] 28 Jan 2020 qaiy lhuhi a rvnta hr r lnyo MRD of plenty are there [ that field represen proven extension is was it metric Although rank equality. the called in are analogue bound natural this Their hold meeting that codes. codes bound, Hamming Singleton well-known metric. the is This effective. (MRD) h iiu distance minimum the n oesoai osrcin[ construction sporadic some and [ d interest, gained significantly they [ have coding years ten last the [ Roth and oe ntesmnlwrs[ works seminal the in posed 24 oe;sadr form. standard codes; 187711. ntelna aeteripratprmtr r ie yth by given are parameters important their case linear the in at2 er ocr rporpy[ cryptography coding concern network years to 20 last addition In security. and communications 27 ,dsrbtdsoae[ storage distributed ], oe ntern ercwr nrdcd neednl,by independently, introduced, were metric rank the in Codes 2010 -aladdress E-mail swt oe nteHmigmti,te r sal endo defined usually are they metric, Hamming the in codes with As oee,tems tde n motn osrcino MRD of construction important and studied most the However, ∗ e od n phrases. and words Key YTMTCECDR O EEAIE AIUI CODES GABIDULIN GENERALIZED FOR ENCODERS SYSTEMATIC ]. lsadoNr a upre yteSisNtoa Science National Swiss the by supported was Neri Alessandro ahmtc ujc Classification. Subject Mathematics eas rvd hrceiaino h eeao arxi matrix generator the of characterization codes. a provide also we F diin u eut lo ogv e ffiin rtro t criterion efficient new a dimension give of a to block code allow identity results an we our of application, concatenation addition, an the as is particular, matrix In generator Gabidu matrix. generalized structured of a subfamilies is interesting new define to matrices ae ntecmuaino h ako n arxado h ve the on and requires matrix it one and elements of of rank sets the two of of computation independence the on based Abstract. oe.Teprmtiainw e o h o-ytmtcpa non-systematic the for get we the parametrization with The codes. 45 oe,ta r endaaoosya oe htati h S the attain that codes as analogously defined are that codes, ( ,n k, , 37 18 ) ,atog iia oincnb rcdbc oBrmn[ Bergman to back traced be can notion similar a although ], stecs fcmuigterdcdrwehlnfr fa of form echelon row reduced the computing of cost the is N THE AND .Mroe,rn erccdshv ltoao ieetap different of plethora a have codes metric rank Moreover, ]. hs arcscnb ersne eycneinl n th and conveniently very represented be can matrices These . : q 30 [email protected] aaou fgnrlzdCuh arcs edn otede the to leading matrices, Cauchy generalized of -analogue , ecaatrz h eeao arxi tnadfr fgen of form standard in matrix generator the characterize We 8 ,ol e e aiishv endsoee eety[ recently discovered been have families new few only ], d 43 k akmti oe;Gbdlncodes; Gabidulin codes; Rank-metric hs aaeesaerltdb nieult hti sele as is that inequality an by related are parameters Those . ehia nvriyo uih Germany Munich, of University Technical n length and , 9 q 13 , AAOU FCUH MATRICES CAUCHY OF -ANALOGUE 29 , ,atetcto cee [ schemes authentication ], 15 17 , LSADONERI ALESSANDRO 22 , n 37 10 1. , sagnrlzdGbdlncd.Ti rtro sonly is criterion This code. Gabidulin generalized a is 40;11T71. 94B05; . ,adte eeaie n[ in generalized then and ], 34 , Introduction 11 ,saetm oigadwrls omnctos[ communications wireless and coding space-time ], , 12 1 , 25 , 5 ]. O ( m onaintruhgat o 650and 169510 no. grants through Foundation aiu itnesprbe(MDS) separable distance maximum ∗ q i oe hs eeao matrix generator whose codes lin · tnadfr fgnrlMRD general of form standard n osrc aiui oe whose codes Gabidulin construct daTelt/aklmti.In matrix. Toeplitz/Hankel a nd 32 Cuh arcs ytmtcGabidulin systematic matrices; -Cauchy F et hi plcto nnetwork in application their to ue eiywehrarn metric rank a whether verify o h plctospooe nthe in proposed applications the , nbt h amn n rank and Hamming the both in s ( n o-akmti completion matrix low-rank and ] ,n k, length e e by ted to hsmti coincides matrix this of rt oe htaelna vrthe over linear are that codes )) esre[ Delsarte k 20 i ersnainallows representation eir edoeain,where operations, field × icto ftelinear the of rification .Teecdsaeknown are codes These ]. oe ssilteoepro- one the still is codes n nto of finition e nt field finite a ver aiu akdistance rank maximum n arx Moreover, matrix. rlzdGabidulin eralized h dimension the , nltnbudwith bound ingleton 7 .Hwvr nyin only However, ]. 13 41 ,Gbdln[ Gabidulin ], q , -Cauchy 23 lctosin plications , 33 , F atas gant 42 q k and , , and 35 47 15 ] , ] 2 ALESSANDRO NERI as generalized Gabidulin codes, and they represent the rank analogue of the well-known generalized Reed-Solomon (GRS) codes. As GRS codes, generalized Gabidulin codes are evaluation codes. However, they are defined over an extension field Fqm of Fq and the evaluation is done on a particular subset of linearized polynomials in n points that are linearly independent over Fq. The structure of evaluation codes allowed the development of many efficient decoding algorithms in the last years [44, 48]. In this framework, another analogy emerges regarding the generator matrices of these two families of codes. The canonical generator matrix of GRS codes is obtained by the evaluation of the canonical basis {1,x,...,xk−1}, that gives as a result the weighted Vandermonde matrix, a matrix given by the product of a Vandermonde with a non-singular diagonal matrix. The rank analogue of the weighted Vandermonde matrix is given by the s-Moore matrix. Such a matrix is the canonical generator matrix of a generalized Gabidulin code, obtained via the s 2s (k−1)s evaluation of the canonical basis {x,xq ,xq ,...,xq }. There is another important generator matrix of GRS codes that is well-known in the literature. In 1985 Roth and Seroussi gave a characterization of the generator matrix in standard form for these codes, showing that GRS codes are in correspondence with generalized Cauchy matrices ([40]). The same characterization was also given independently by Dür in [14]. Ex- plicitly, the generator matrix in standard form of a GRS code is given by (Ik | X), where Ik is the k × k identity matrix, and X is a generalized Cauchy matrix. On the other hand, every matrix (Ik | X), with X a generalized Cauchy matrix, generates a GRS code. In this work we give a characterization of the generator matrix in standard form of a generalized Gabidulin code, that up to now was unknown. As a consequence, this also allows us to define a rank analogue of generalized Cauchy matrices, whose definition coincides with the q-analogue of generalized Cauchy matrices. This result is obtained making a wide use of properties of finite fields, in particular the trace map, and of some recent results appeared recently [17, 30]. In addition to the theoretical result that almost completes the picture on the analogies between GRS and generalized Gabidulin codes, this has also a useful impact from a practical point of view. Using the structure of the rank analogue of a generalized Cauchy matrix, we derive a subfamily of generalized Gabidulin codes whose generator matrix is made by an identity block and a Toeplitz/Hankel block. From an application point of view, this new family of codes seems to be suitable for fast algorithms for erasure correction and syndrome decoding as well as for encoding. It is well-known, indeed, that the matrix-vector multiplication with a Toeplitz/Hankel matrix can be performed in a fast way. Moreover, from the theoretical characterization obtained, we also derive a new criterion to determine whether a given code is a generalized Gabidulin code. This new criterion is faster to compute than any other previously known. Indeed, for a given rank metric code of dimension k and length n over a finite field Fqm , it only requires O(m · F (k,n)) field operations, where F (k,n) denotes the cost of computing the reduced row echeleon form of a k × n matrix. The paper is structured as follows. In Section 2 we recall some basic properties of finite fields and in particular of the field trace map. We also briefly explain the main results on GRS codes and on their generator matrices. In Section 3 we introduce rank metric codes and give a recap on the most important results on MRD and generalized Gabidulin codes. In addition, some new results are presented that are preparatory for the rest of the paper. Moreover, we give a characterization of the generator matrix of general MRD codes, in the spirit of the well- known results for MDS codes. Section 4 represents the main contribution of this work. Here we characterize the generator matrix in standard form of a generalized Gabidulin code. From this result we derive a new criterion for determining if a given rank metric code is a generalized Gabidulin code. This section can be also seen as the analogue of Roth and Seroussi [40] and Dür [14] works for the rank metric and it completes the picture on the generator matrices of generalized Gabidulin codes. In Section 5 we use our previous results for constructing subfamilies of Gabidulin codes with structured generator matrix. These codes have generator matrix in standard form with a Hankel or a Toeplitz non-systematic part, potentially very SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 3 useful for applications. Finally, in Section 6 we summarize the work underlining our main contributions.

2. Preliminaries Throughout the whole work, given a map h : X →Y and a subset T ⊆Y, we denote by h−1(T ) the preimage of the set T , i.e. h−1(T )= {x ∈ X | h(x) ∈ T } . In the same way, for a set S⊆X , h(S) denotes the set of images of the elements in S through h, i.e. h(S)= {h(x) | x ∈ S} .

2.1. Trace over finite fields an its duality. The following definitions and results can be found in any textbook on finite fields, e.g. [21]. We denote the finite field of cardinality q by Fq. It is well-known that it exists if and only if q is a prime power. Moreover, if it exists, Fq is unique up to isomorphism. An extension field of extension degree m is denoted by Fqm . An important property of finite fields is the existence of a primitive element. This means that F F∗ there always exists α ∈ q that is a generator of q, i.e. i Fq = {0} ∪ {α | 0 ≤ i ≤ q − 2}. We now recall some basic theory on finite fields and the trace function. It is well-known that the extension field Fqm over Fq is a Galois extension and Gal(Fqm /Fq) is cyclic. One of its generators is given by the q-Frobenius automorphism θ, defined as

θ : Fqm −→ Fqm α 7−→ αq.

Definition 1. Let Fq be a finite field and Fqm be an extension field. For α ∈ Fqm , the trace of α over Fq is defined by m−1 m−1 i qi TrFqm /Fq (α) := θ (α)= α . Xi=0 Xi=0 For every integer 0

ϕs : Fqm −→ Fqm α 7−→ θs(α) − α. We will refer to the function F m F TrFqm /Fq : q −→ q as the trace map of Fqm /Fq. The following result relates the trace map with the functions ϕs. Lemma 1. The trace map satisﬁes the following properties:

F F m (1) TrFqm /Fq (α) ∈ q for all α ∈ q . F F m F (2) TrFqm /Fq is an q-linear surjective transformation from q to q. (3) ϕs is an Fq-linear transformation from Fqm to itself. (4) For every s coprime to m, ϕs(α) = 0 if and only if α ∈ Fq.

(5) (Additive Hilbert’s Theorem 90 for finite fields) ker(TrFqm /Fq ) = Im(ϕs) for every s coprime to m and has cardinality qm−1. Proof. A partial proof of this result can be found in [21, Chapter 2, Section 3]. For a complete proof we refer to [30, Lemma 2]. The trace map has many important properties. One of them is that it can be used to define F m F m F an isomorphism between q and HomFq ( q , q). 4 ALESSANDRO NERI

Deﬁnition 2. The Fq-bilinear map deﬁned as

tr : Fqm × Fqm −→ Fq

(α, β) 7−→ TrFqm /Fq (αβ), is called the trace form of the extension Fqm /Fq.

F m F F m F Observe that for every α ∈ q , we can associate an q-linear map Tα ∈ HomFq ( q , q), deﬁned as Tα : Fqm −→ Fq

β 7−→ TrFqm /Fq (αβ).

Theorem 1. The trace form is a symmetric non degenerate Fq-bilinear form. Moreover it induces a duality isomorphism given by

F m F m F Ψ : q −→ HomFq ( q , q) α 7−→ Tα. Proof. For the proof one can see [21, Theorem 2.24]. The following results directly follow from Theorem 1. F∗ Corollary 1. For every α ∈ qm the map Tα is non identically zero, and hence dimFq (ker(Tα)) = m − 1.

Corollary 2. For every α, β ∈ Fqm and λ, µ ∈ Fq, we have

Tλα+µβ = λTα + µTβ. Since the trace form induces a duality isomorphism, we can naturally deﬁne the notion of dual basis.

Deﬁnition 3. Given an Fq-basis α1,...,αm of Fqm and β1,...,βm ∈ Fqm , we say that β1,...,βm is a dual basis of α1,...,αm with respect to the trace form, if for all i, j ∈ {1,...,m} 1 if i = j tr(αi, βj)= δi,j = (0 if i 6= j.

Remark 1. Given an Fq-basis α1,...,αm of Fqm , the existence and uniqueness of its dual basis follow by Theorem 1 and the fact that Fqm is a ﬁnite dimensional Fq-vector space.

Lemma 2. For every α1,...,αk, β ∈ Fqm ,

ker(Tα1 ) ∩ . . . ∩ ker(Tαk ) ⊆ ker(Tβ) if and only if β ∈ hα1,...,αki.

Proof. Suppose β ∈ hα1,...,αki. By Corollary 2, we have Tβ = λ1Tα1 + . . . + λkTαk . Hence, if x ∈ ker(Tα1 ) ∩ . . . ∩ ker(Tαk ), then

Tβ(x)= λ1Tα1 (x)+ . . . + λkTαk (x)=0+ . . . +0=0, and therefore x ∈ ker(Tβ).

On the other hand, suppose β∈ / hα1,...,αki. Let s := dimFq hα1,...,αki. Without loss of generality we can assume that hα1,...,αki = hα1,...,αsi. Now, complete α1,...,αs, β to an Fq-basis α1,...,αs, β, γ1, . . . γm−s−1 of Fqm and consider its dual basis with respect to ˜ ˜ the trace form α˜1,..., α˜s, β, γ˜1,... γ˜m−s−1. Therefore, Tαi (β) = 0 for every i = 1,...,s and Tβ(β˜) = 1, i.e. ˜ β ∈ ker(Tα1 ) ∩ . . . ∩ ker(Tαk ) \ ker(Tβ).

Proposition 1. For every α1,...,αk ∈ Fqm ,

dimFq (ker(Tα1 ) ∩ . . . ∩ ker(Tαk )) = m − dimFq hα1,...,αki. SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 5

Proof. Let s := dimFq hα1,...,αki. Without loss of generality we can suppose hα1,...,αki = hα1,...,αsi. By Lemma 2 we have ker(Tαs+1 ),..., ker(Tαk ) ⊇ ker(Tα1 ) ∩ . . . ∩ ker(Tαs ), and hence

ker(Tα1 ) ∩ . . . ∩ ker(Tαk ) = ker(Tα1 ) ∩ . . . ∩ ker(Tαs ).

Therefore, it is enough to prove the statement when α1,...,αk are linearly independent over F q. We use induction on k. If k = 1 then dimFq (ker(Tα1 )) = m − 1 by Corollary 1. Suppose now that the statement is true for k − 1, i.e.

dimFq (S)= m − k + 1, where S := ker(Tα1 ) ∩ . . . ∩ ker(Tαk−1 ). Then, by Lemma 2, S 6⊆ ker(Tαk ), i.e. S + ker(Tαk )= Fqm . Therefore,

dimFq (S ∩ ker(Tαk )) = dimFq (S)+dimFq (ker(Tαk )) − dimFq (S + ker(Tαk )) = m − k +1+ m − 1 − m = m − k.

Now, let α1,...,αk ∈ Fqm be Fq-linearly independent and complete them to a basis α1,...,αm F m of q . Let β1,...,βm be its dual bases. Then for every i = 1,...,k we have Tαi (βj ) = 0 for every j = k + 1,...,m, i.e. βj ∈ ker(Tα1 ) ∩ . . . ∩ ker(Tαk ). Moreover, by Proposition 1, we get dimFq (ker(Tα1 ) ∩ . . . ∩ ker(Tαk )) = m − k, and hence

ker(Tα1 ) ∩ . . . ∩ ker(Tαk )= hβk+1,...,βmi. We can now deﬁne the trace-orthogonal space of a subspace as follows.

Definition 4. Let S := hα1,...,αki be an Fq-subspace of Fqm . Then the trace-orthogonal space of S is defined as the Fq-subspace × S := ker(Tα1 ) ∩ . . . ∩ ker(Tαk ). Proposition 2. The subspace S× is well-defined, i.e. it does not depend on the choice of the set of generators. ′ ′ Proof. Let {α1,...,αk} and {α1,...,αt} be two sets of generators for a subspace S. We want to prove that ker(T ) ∩ . . . ∩ ker(T ) = ker(T ′ ) ∩ . . . ∩ ker(T ′ ). For every i = 1,...,k, α1 αk α1 αt ′ ′ α ∈ hα ,...,α i and therefore, by Lemma 2, it holds that ker(T ) ⊇ ker(T ′ )∩. . .∩ker(T ′ ). i 1 t αi α1 αt Hence, ker(T ) ∩ . . . ∩ ker(T ) ⊇ ker(T ′ ) ∩ . . . ∩ ker(T ′ ). α1 αk α1 αt The opposite inclusion is analogous.

We already know the relation between the image of the map ϕs and the kernel of the trace map (see Lemma 1). The following Lemma characterizes the preimage of any element under the map ϕs.

Lemma 3. Let α ∈ Fqm and s a positive integer coprime to m. Then (1)

−1 q if α ∈ ker(TrFqm /Fq ) |ϕs ({α})| = (0 if α∈ / ker(TrFqm /Fq ) −1 F (2) Let α ∈ ker(TrFqm /Fq ). If x1,x2 ∈ ϕs ({α}), then x1 − x2 ∈ q, or equivalently, there exists an x ∈ Fqm such that −1 F ϕs ({α})= {x + λ | λ ∈ q} . Moreover such an x is of the form 6 ALESSANDRO NERI

m−2 i 1 x = − σi+1(γ) (σj(α)) . TrFqm /Fq (γ)   Xi=0 Xj=0 F m  s  where γ ∈ q is such that TrFqm /Fq (γ) 6= 0, and σ := θ . −1 Proof. (1) If α∈ / ker(TrFqm /Fq ), then, by part (5) of Lemma 1 we have ϕs ({α}) = ∅. −1 On the other hand, if α ∈ ker(TrFqm /Fq ), then |ϕs ({α})| = | ker(ϕs)|, since ϕs is an Fq-linear map. By part (2) of Lemma 1 F m−1 | qm | q = | ker(TrFqm /Fq )| = |Im(ϕs)| = , | ker(ϕs)| −1 and therefore we get |ϕs ({α})| = q. −1 (2) For the ﬁrst part, let x1,x2 ∈ ϕs ({α}). Hence, ϕs(x1) − ϕs(x2) = 0, and by linearity of ϕs, we get ϕs(x1 − x2) = 0. By part (4) of Lemma 1 we get x1 − x2 ∈ Fq. Finally, showing that ϕs(x)= α is a straightforward computation.

We conclude this section with a useful result on the linear independence of preimages of ϕs. s Lemma 4. Let α1,...,αk ∈ ker(TrFqm /Fq ), s be a positive integer coprime to m and σ := θ . Suppose moreover that β1,...,βk ∈ Fqm are such that σ(βi) − βi = αi. Then, the elements α1,...,αk are linearly independent over Fq if and only if the elements 1, β1,...,βk are linearly independent over Fq.

Proof. Suppose λ1, . . . , λk ∈ Fq and consider the sum

λiαi = λi(σ(βi) − βi)= σ( λiβi) − λiβi. Xi Xi Xi Xi This means that a non-trivial combination of the αi’s is zero if and only if a non-trivial combination of the βi’s belongs to ker ϕs. This is equivalent, by part (4) of Lemma 1, to F F i λiβi ∈ q, i.e. 1, β1,...,βk are linearly dependent over q.

P2.2. GRS codes and Generalized Cauchy Matrices. In classical coding theory the most studied and well-known class of codes is definitely represented by generalized Reed-Solomon codes. These codes were introduced in [36] and through the years were deeply studied by many authors. Their importance is due to the fact that they are maximum distance separable, and possess very fast algorithms for their encoding and decoding procedures [16, 19]. In this section we are going to briefly describe them, focusing in particular on their generator matrices. Fn Let n be a positive integer. The Hamming distance dH on q is defined as Fn Fn N dH : q × q : −→ (u, v) 7−→ |{i | ui 6= vi}|. Fn It is well-known that dH defines indeed a metric on q . With this metric, classical coding theory was developed in the last 70 years, focusing on many different classes of codes. In this section we will only consider linear codes. Definition 5. Let 0 < k ≤ n be two positive integers. A linear code C of dimension k and F F Fn length n over a finite field q is a k-dimensional q-subspace of q equipped with the Hamming distance. The minimum distance of C is the integer

dH (C) := min {dH (u, v) | u, v ∈C, u 6= v} . Fk×n A matrix G ∈ q is called a generator matrix for the code C if C = rs(G), where rs(G) denotes the subspace generated by the rows of G, called the row space of G. SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 7

It is well known that the minimum distance d of any linear code of dimension k and length n satisﬁes the following inequality: d ≤ n − k + 1. This bound is known as Singleton bound [46] and codes meeting it with equality are called called maximum distance separable (MDS) codes. Among all the possible generator matrices of an MDS code, there exists one in a special form. Indeed, it is easy to verify that every MDS code of length n and dimension k has a k×(n−k) generator matrix of the form G = (Ik | X), where X ∈ Fq and Ik denotes the k × k identity matrix. Such a generator matrix is said to be in standard form, or equivalently, in k×(n−k) systematic form. Hence, for a given matrix X ∈ Fq , we denote by CX the code generated by (Ik | X). It is well-known that MDS codes can be characterized by the non-systematic part of their generator matrix in standard form. Concretely, we have the following result. Fn 1 Theorem 2. A linear code CX ⊆ q is MDS if and only if the matrix X is superregular

Let 0 < k ≤ n be two positive integers, and consider the set of polynomials over Fq of degree strictly less than k Fq[x]

Deﬁnition 6. Suppose moreover that n ≤ q, and consider α1,...,αn ∈ Fq pairwise distinct F∗ elements, and b1, . . . , bn ∈ q. The code

C = {(b1f(α1), b2f(α2), . . . , bnf(αn)) | f ∈ Fq[x]

b1 b2 . . . bn b1α1 b2α2 . . . bnαn  b α2 b α2 . . . b α2  1 1 2 2 n n = Vk(α)diag(b),  . . .   . . .   − −   b αk 1 b αk 1 . . . b αk−1   1 1 2 2 n n  where Vk(α) is the classical Vandermonde matrix, and diag(b) denotes the diagonal matrix whose diagonal entries are given by b1, . . . , bn. This generator matrix is obtained by choosing 2 k−1 the set of monomials 1,x,x ,...,x as an Fq-basis of Fq[x]

Deﬁnition 7. Let r, s be positive integers, x1,...,xr,y1,...,ys ∈ Fq, and c1,...,cr, d1,...,ds ∈ F∗ q be elements such that (a) x1,...,xr pairwise distinct, (b) y1,...,ys pairwise distinct, (c) yi ∈ Fq \ {x1,...,xr}, for i = 1,...,s. Fr×s The matrix C ∈ q deﬁned by cidj Ci,j = xi − yj is called Generalized Cauchy (GC) matrix. Theorem 3. [40, Theorem 1], [14, Theorem 2] k×(n−k) (1) If C = GRSn,k(α, b), then C = CX , where X ∈ Fq is a GC matrix.

1 × A matrix A ∈ Fr t is said to be superregular if all its minors are nonzero 8 ALESSANDRO NERI

k×(n−k) (2) If X ∈ Fq is a GC matrix then the code CX is a Generalized Reed-Solomon code. Theorem 3 gives a correspondence between GRS codes of dimension k and length n over Fq, and k × (n − k) GC matrices over Fq. Moreover, in [39, Lemma 7], a characterization of the GC in terms of its entries was given. We are now going to reformulate this result for our purpose, in order to underline that it gives a way to determine whether a code is a GRS code in terms of its generator matrix in standard form. F∗ r×s (−1) F∗ Let A ∈ ( q) with entries ai,j. We denote by A the r×s matrix over q whose entries −1 are ai,j .

k×(n−k) Theorem 4. [39] Let X ∈ Fq Then, the code CX is a GRS code if and only if

(i) every entry xi,j is non-zero, (ii) every 2 × 2 minor of X(−1) is non-zero, and (iii) rk(X(−1)) = 2. In the following we will see that the analogue of GRS in the rank metric is given by generalized Gabidulin codes. We will ﬁnd the same kind of correspondence between them and the rank analogue of GC matrices, obtained by characterizing their generator matrix in standard form. Moreover, we will also ﬁnd an analogue of Theorem 4 in that framework.

3. Rank Metric Codes In this section we will give a recap about rank metric codes. In particular, we will only study those that linear over the extension field. Given a finite field Fq and an extension field F F F Fm qm , recall that qm is isomorphic, as an q-vector space, to q . Using this fact, one then easily obtains the isomorphic description of matrices over the base field Fq as vectors over the Fm×n ∼ Fn Fn extension field, i.e. q = qm . In this setting, let g = (g1,...,gn) ∈ qm . We define the Fqm -support of g over Fq the Fq-subspace

suppq(g) := hg1,...,gniFq .

Moreover, we denote by rkq(g) = dimFq (suppq(g)), which is called the q-rank of g. Unless otherwise specified, whenever we talk about vectors in Fn over a field F, in this work we will always mean row vectors. Fm×n Definition 8. The rank distance dR on q is defined by Fm×n dR(X,Y ) := rk(X − Y ), X,Y ∈ q . Fn Analogously, we define the rank distance between two elements x, y ∈ qm as

dr(x,y) := rkq(x − y), which corresponds to the rank of the diﬀerence of the respective matrix representations in Fm×n q . F Fn In this paper we will focus on qm -linear rank metric codes in qm , i.e. those codes that Fn form a subspace of qm .

Deﬁnition 9. An Fqm -linear rank metric code C of length n and dimension k is a k-dimensional F Fn qm -subspace of qm equipped with the rank distance dr. As in the Hamming metric case, one deﬁnes the minimum rank distance of C as

dr(C) := min {dr(u, v) | u, v ∈C, u 6= v} , Fk×n F and a generator matrix G ∈ qm as a matrix whose row space (over qm ) is C. The well-known Singleton bound for codes in the Hamming metric implies an upper bound for rank metric codes. SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 9

Fn F Theorem 5. [15, Section 2] Let C ⊆ qm be an qm -linear rank metric code with minimum rank distance d of dimension k. Then d ≤ n − k + 1. Deﬁnition 10. A rank metric code meeting the bound in Theorem 5 is called a maximum rank distance (MRD) code. F Fn Lemma 5. [17, Lemma 5.3] Any qm -linear MRD code C ⊆ qm of dimension k has a generator Fk×n matrix G ∈ qm of the form G = Ik X . F F Moreover, all entries in X are from qm \ q.

A generator matrix of the form G = (Ik | X) is said to be in standard form (also called systematic form). The matrix X of this representation is the non-systematic part of G. Since we are going to deal only with Fqm -linear MRD codes, we can denote by CX the code generated by (Ik | X). In fact, by Lemma 5 every MRD code can be represented in a unique Fk×(n−k) way as a code of the form CX for some X ∈ qm . We will widely use this notation later in this work. It can be easily shown that a necessary condition for the existence of MRD codes is n ≤ m. Therefore, in the rest of the paper we will always consider positive integers k,n,m such that 0

Let Gk,s ⊆Lm(Fqm ) be the set deﬁned as

[s] [s(k−1)] Gk,s := f0x + f1x + . . . + fk−1x | fi ∈ Fqm . n Fn o Deﬁnition 12. Let g = (g1,...,gn) ∈ qm be a vector with rkq(g)= n and let s be an integer coprime to m. Let C be the rank metric code deﬁned as

C = {(f(g1),f(g2),...,f(gn)) | f ∈ Gk,s} . Then C is called generalized Gabidulin code of parameter s, and it will be denoted by

C = Gk,s(g). Fn×n We denote by GLn(q) := {A ∈ q | rk(A)= n} the general linear group of degree n over F F Fn q. Furthermore, given a finite field q, we consider the Grassmannian Gr(k, q ), that is the Fn F set of all k-dimensional subspaces of the vector space q over q. It is well known that its n cardinality is given by the Gaussian binomial k q, defined as

k−1 n i k−1 n i n q − q i=0 (q − q ) = k i = . k q q − q |GLk(q)| Yi=0 Q With this notation, for a positive integer s coprime to m, we introduce the set Gabq(k,n,m,s) as the set of all generalized Gabidulin codes over Fqm of dimension k, length n and parameter s, i.e. Fn Gabq(k,n,m,s) := U ∈ Gr(k, qm ) |U is a gen. Gabidulin code of parameter s . 10 ALESSANDRO NERI

Fn Deﬁnition 13. For a vector v := (v1, . . . , vn) ∈ qm we denote the k × n s-Moore matrix by

v1 v2 . . . vn s s s θ (v1) θ (v2) ... θ (vn) Ms,k(v) :=  . .  . . .    θ(k−1)s(v ) θ(k−1)s(v ) ... θ(k−1)s(v )   1 2 n    At this point, it is straightforward to see that a generator matrix of a generalized Gabidulin code Gk,s(g) is given by the k × ns-Moore matrix Ms,k(g). This generator matrix is said to be canonical, since it is obtained by evaluating the basis of monomials {x,x[s],x[2s],...,x[(k−1)s]} of Gk,s in the points g1,...,gn. Therefore, the s-Moore matrix is the natural rank analogue of a weighted Vandermonde matrix. Note that for s = 1, Definition 12 coincides with the classical Gabidulin code construction. The following theorem was shown for s = 1 in [15, Section 4], and for general s in [20]. Theorem 6. Let 1 ≤ k ≤ n ≤ m be integers and let s be another integer coprime to m. Fn Moreover, let g ∈ qm be such that rkq(g)= n. Then, the generalized Gabidulin code Gk,s(g) ⊆ Fn F qm of dimension k over qm has minimum rank distance n−k+1. Thus, generalized Gabidulin codes are Fqm -linear MRD codes. Fn The dual code of a code C ⊆ qm is defined in the usual way as ⊥ Fn ⊤ C := {u ∈ qm | uc = 0 ∀c ∈ C}. In his seminal paper Gabidulin showed the following two results on dual codes of MRD and Gabidulin codes. The result was generalized to s> 1 later on by Kshevetskiy and Gabidulin. Observe that also Delsarte in [13] proved a similar result for what concerns the dual of matrix codes with respect to the Delsarte bilinear form. Proposition 3. [15, Sections 2 and 4][20, Subsection IV.C] Fn F ⊥ Fn (1) Let C ⊆ qm be an qm -linear MRD code of dimension k. Then the dual code C ⊆ qm is an Fqm -linear MRD code of dimension n − k. Fn (2) Let C ⊆ qm be a generalized Gabidulin code of dimension k and parameter s. Then the ⊥ Fn dual code C ⊆ qm is a generalized Gabidulin code of dimension n − k and parameter s. Fk×n s Given a matrix (resp. a vector) A ∈ qm , we denote by θ (A) the component-wise q- Frobenius of A applied s times, i.e. θs(A) is generated by applying θs to every entry of the Fk×n matrix (resp. the vector) A. Analogously, given a code C ⊆ qm , we define θs(C) := {θs(c) | c ∈ C} .

Moreover we consider the map Φs deﬁned as Fk×(n−k) Fk×(n−k) Φs : qm −→ qm X 7−→ θs(X) − X.

Observe that Φs is the function that maps every entry xi,j of the matrix X to ϕs(xi,j). Here we present some criteria on the generator matrix of a rank metric code, that allow to verify whether the code is MRD or generalized Gabidulin. We will need these results later on. The following criterion was given in [30, Proposition 22], and it improves [17, Corollary 2.12], which in turn is based on a well-known result given in [15]. First we deﬁne the sets

Fk×n Eq(k,n) := E ∈ q | rkq(E)= k ,

Tq(k,n) := {nE ∈Eq(k,n) | E is in reducedo row echelon form } . SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 11

Fk×n Proposition 4 (new MRD criterion). [30, Proposition 22] Let G ∈ qm be a generator matrix Fn of a rank metric code C ⊆ qm . Then C is an MRD code if and only if rk(EG⊤)= k for all E ∈Tq(k,n). Furthermore, we need the following criterion for generalized Gabidulin codes. Fk×(n−k) Fn Theorem 7 (gen. Gabidulin criterion). [30, Lemma 19] Let X ∈ qm such that CX ⊆ qm is an Fqm -linear MRD code. CX is a generalized Gabidulin code if and only if there exists a positive integer s with gcd(s,m) = 1, such that

rk(Φs(X)) = 1. Theorem 7 will be one of the most important results on which this work is based. The criterion starts with the assumption that we already know that the code is MRD. However, in Section 4 we will derive a new criterion that does not have such assumption and it is deﬁnitely easier to verify. Concerning Gabidulin codes, we can also ﬁnd the exact number of them. In [6], Berger provided the following result. ′ ′ ′ Proposition 5. [6, Theorem 2] Let 0

(1) If the code CX is MRD, then also CX˜ is MRD. 12 ALESSANDRO NERI

(2) If the code CX is a generalized Gabidulin code of parameter s, then also CX˜ is a generalized Gabidulin code of parameter s.

Proof. (1) Let G = (Ik | X), be the generator matrix in standard form for CX , and let G = (Ik | X˜ ). Then, G = GM where

Ik B e e M = ∈ GLn(q). 0 I − n k By Lemma 6, CX˜ = CX M is MRD. (2) By Theorem 6 the code CX is MRD, and so it is CX˜ by part (1) of this Corollary. Moreover we have Φs(X˜)=Φs(X + B)=Φs(X), and we conclude using Theorem 7. We now give an easy improvement of Lemma 5. Fk×(n−k) Lemma 7. Let X = (xi,j) ∈ qm . (1) If there exists i such that rkq(1,xi,1,...,xi,n−k)

Proof. (1) Suppose that 1,xi,1,...,xi,n−k are Fq-linearly dependent for some i ∈ {1,...,k}, and consider the non-zero codeword

ei Ik X = (0,..., 0, 1, 0,..., 0,xi,1,...,xi,n−k). The rank of this codeword is strictly less than n − k + 1, and therefore CX can not be MRD. ⊥ ⊤ (2) In this case we consider the code CX . Since a generator matrix for this code is (−X | ⊥ In−k), we get that CX is permutation equivalent to the code C−X⊤ . By the ﬁrst part ⊥ of this Lemma, we have that C−X⊤ is not MRD and therefore the same holds for CX . Hence, by part (1) of Proposition 3 we can conclude that CX is not MRD.

The following result derives from [17, Corollary 3.3] and it gives conditions for a code CX to be MRD, based only on the matrix X. For this purpose, we ﬁrst introduce the set of normalized upper triangular matrices as Fr×r Ur(q) := A ∈ q | ai,j = 0 for all i > j, ai,i = 1 for all i . Fk×(n−k) Theorem 8. Let X ∈ qm . The following are equivalent: (1) CX is MRD. k×(n−k) (2) For every A ∈ GLk(q),B ∈ GLn−k(q),C ∈ Fq , the matrix AXB + C is superregular. k×(n−k) (3) For every A ∈ Uk(q),B ∈ Un−k(q),C ∈ Fq , the matrix AXB+C is superregular.

Proof. (2) ⇒ (3) This is clear, since Ur(q) ⊆ GLr(q) for any positive integer r. k×(n−k) (1) ⇒ (2) Suppose that CX is MRD, and let A ∈ GLk(q),B ∈ GLn−k(q),C ∈ Fq .

Then we consider the matrix G = (Ik | X)M, where A−1 A−1C M := ∈ GL (q). e 0 B n e Then it is easy to see that rs(G) = CX , where X = AXB + C. Then the statement follows from Proposition 4 and the characterization of MDS codes given in Theorem 2. (3) ⇒ (1) Suppose that 3 holds.e Every matrixeM ∈ Un(q) can be written in the form A AC M := ∈ GL (q), 0 B n SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 13

k×(n−k) F e for some A ∈ Uk(q),B ∈ Un−k(q),C ∈ q . Moreover, rs((Ik | X)M) = CX , where −1 −1 X = A XB + C. Since the map A 7−→ A is a bijection from Uk(q) into itself, we conclude that CX is an MRD code using Theorem 2 and [17, Corollary 3.3]. Theorem 8 can be considered as the analogue in the rank metric of Theorem 2 and can also be found in [28, Theorem 3.11]. The equivalence between parts 1 and 3 has been shown independently in [1, Theorem 4].

4. Standard Form of Gabidulin Codes Analogously to the works of Roth and Seroussi [40] and Dür [14] for GRS codes, in this Fk×(n−k) section we characterize the matrices X ∈ qm such that the code CX is a generalized Gabidulin code, and we refer to this family of matrices as (q,s)-Cauchy matrices. In order to do that, we rely on Theorem 7 which tells that rk(Φs(X)) = 1. Therefore, we start with a rank-one matrix A and determine the conditions such that A belongs to the image of the map Φs. Finally, we impose that the resulting matrices X with Φs(X)= A, are such that the code CX is MRD and get the desired characterization. Furthermore, we also give an analogue of Theorem 4 for generalized Gabidulin codes. This result represents a new criterion that allows to determine whether a given code in standard form is a generalized Gabidulin code, which is faster than the one given in Theorem 7. As in the whole work, we ﬁx positive integers 0

−1 0 if A∈ / K |Φs ({A})| = k(n−k) (q if A ∈ K. G ∗ G −1 ∗ (3) Φs( (s)) ⊆ R1 ∩ K, or, equivalently, (s) ⊆ Φs (R1 ∩ K). ∗ −1 G (4) Let A ∈ R1 ∩ K and X ∈ Φs ({A}). If X ∈ (s) then the whole preimage of {A} is contained in G(s), i.e. −1 G Φs ({A}) ⊆ (s).

Proof. (1) Since Φs is the function that maps every entry xi,j of the matrix X to ϕs(xi,j), Fk×(n−k) we have that A ∈ Φs( qm ) if and only if every entry ai,j of A belongs to Im(ϕs).

By part (5) of Lemma 1 this is true if and only if every ai,j belongs to ker TrFqm /Fq . −1 (2) If A∈ / K, then, by part (1) of this Lemma, this means that Φs (A) = ∅. Otherwise, −1 again by part (1), Φs (A) 6= ∅. In this case every entry ai,j belongs to Im(ϕs), and by part (2) of Lemma 3, −1 F ϕs ({ai,j})= {xi,j + λ | λ ∈ q}

for some x ∈ Fqm . Since this holds for every entry, we get the desired result. 14 ALESSANDRO NERI

(3) Let X ∈ G(s). By Theorem 7, Φs(X) has rank equal to 1. Moreover, by Lemma F∗ 5, all the entries of Φs(X) are in qm . Finally, by part (1) of this Lemma, we have Φs(X) ∈ K and this concludes the proof. (4) It directly follows from part (2) of this Lemma and part (2) of Corollary 4. Fk×(n−k) As a consequence of part (4) of Lemma 8, given a matrix X ∈ qm , we have that the property of CX being Gabidulin only depends on the image Φs(X). It is now crucial to investigate the matrices that belong to the image of the map Φs, and, by part (3) of Lemma ∗ 8, in particular R1 ∩ K. ∗ By definition, every element in R1 ∩ K has rank one, and it is well-known that every rank- one matrix can be written as the product of a non-zero column vector by a non-zero row m vector. Moreover, for a fixed rank-one matrix over Fqm , there are exactly q − 1 different parametrizations of this form. The following result is straightforward and directly follows from the considerations above ∗ and the definitions of R1 and K. ∗ Lemma 9. The set R1 ∩ K can be written in the following way ∗ ⊤ k n−k F m F m R1 ∩ K = α β | α ∈ q , β ∈ q , αiβj ∈ ker(TrFqm /Fq ) for all i, j n ⊤ Fk Fn−k × o = α β | α ∈ qm , β ∈ qm , βj ∈ suppq(α) for all j n ⊤ Fk Fn−k × o = α β | α ∈ qm , β ∈ qm , suppq(β)suppq(α) n ∗ m o Moreover, every element in R1 ∩ K has q − 1 distinct representations of this form. ∗ This result gives a convenient way to represent R1 ∩ K using the set

Fk Fn−k × Vk,n := (α, β) ∈ qm × qm | suppq(β)suppq(α) . m ∗ Notice that, since we have nq − 1 distinct representations for a matrixo in R1 ∩ K and the entries are all non-zero, we can always choose the representation with β1 = 1. −1 ⊤ At this point, given (α, β) ∈ Vk,n and a matrix X ∈ Φs ({α β}), we have, by Theorem 7 and by the deﬁnition of G(s), that CX is MRD if and only if X ∈ G(s), i.e. if and only if CX is a generalized Gabidulin code of parameter s.

Lemma 10. Let (α, β) ∈ Vk,n, where α = (α1,...,αk) and β = (β1,...,βn−k) and let −1 ⊤ X ∈ Φs ({α β}).

(1) If rkq(α) < k, then X∈ / G(s), i.e. CX is not MRD. (2) If rkq(β)

Fk Fn−k −1 ⊤ Moreover, if α ∈ qm , β ∈ qm satisfy properties (a), (b), (c) and X ∈ Φs ({α β}), then CX ∈ Gabq(k,n,m,s). ⊤ Proof. Let CX be a Gabidulin code. We have that Φs(X) is of the form α β for some α, β by part (3) of Lemma 8 and by Lemma 9. Moreover, part (c) follows from the fact that if CX is a Gabidulin code, then all the entries of Φs(X) belong to ker(TrFqm /Fq ). Finally part (a) and (b) follow from Lemma 10. −1 ⊤ Fk On the other hand, we can count the number of matrices X ∈ Φs ({α β}) for α ∈ qm , β ∈ Fn−k k−1 m i qm satisfying properties (a), (b), (c). For α we have i=0 (q − q ) possible choices, while n−k−1 m−k i m for β we have i=0 (q − q ) choices. Moreover weQ need to divide by q − 1 since, by Lemma 9, we have qm − 1 choices of (α, β) that gives the same matrix α⊤β. Since for every ⊤ ∗ Q k(n−k) α β ∈ R1 ∩ K we have, by part (2) of Lemma 8, q many matrices in the preimage under the map Φs, we finally obtain k−1 n−k−1 qk(n−k) (qm − qi) (qm−k − qi) qm − 1 Yi=0 Yi=0 k−1 n−k−1 = (qm − qi) (qm − qi+k) Yi=1 Yi=0 n−1 = (qm − qi). Yi=1 By Corollary 3, this number is equal to the number of distinct Gabidulin codes. Therefore, by a counting argument, it follows that conditions (a), (b), (c) are also sufficient. Theorem 9 gives a characterization of the generator matrix in standard form of a generalized Gabidulin code. In [40, 14], it was shown that there is a one-to-one correspondence between generalized Reed-Solomon (GRS) codes and generalized Cauchy (GC) matrices. In that paper, it is shown that a code in the Hamming metric whose generator matrix in standard form is (Ik | X) is a GRS code if and only if X is a GC matrix. Since generalized Gabidulin codes are the analogue of GRS codes for the rank metric, it becomes natural to give the definition of a q-analogue of Cauchy matrices according to Theorem 9. F m Let γ ∈ q such that TrFqm /Fq (γ) 6= 0 and s an integer coprime to m. We define the function πs as

πs : Fqm −→ Fqm m−2 i −1 (1) α 7−→ σi+1(γ) (σj(α)) . TrFqm /Fq (γ)   Xi=0 Xj=0 s   where σ := θ . Recall that, by Lemma 3, for α ∈ ker(TrFqm /Fq ), πs(α) gives one of the elements in the preimage of ϕs, i.e. ϕs(πs(α)) = α and πs(ϕs(α)) = α + λ for some λ ∈ Fq. Moreover, −1 every element in ϕs ({α}) is of the form πs(α)+ λ. Ft Fr Deﬁnition 14. Let α ∈ qm , β ∈ qm such that (A) rkq(α)= t, (B) rkq(β)= r, × (C) suppq(β) ⊆ suppq(α) . Ft×r Moreover, let s be an integer coprime to m and B ∈ q . A t × r (q,s)-Cauchy matrix C(q,s)(α,β,B) of parameter s is a matrix of the form

πs(α1β1) πs(α1β2) · · · πs(α1βr) πs(α2β1) πs(α2β2) · · · πs(α2βr) C(q,s)(α,β,B)=  . . .  + B. . . .   πs(αtβ1) πs(αtβ2) · · · πs(αtβr)     16 ALESSANDRO NERI

When s = 1 we will simply call it q-Cauchy matrix. Remark 2. Definition 14 directly arises from the characterization of the generator matrix in standard form of a Gabidulin code. However, one can see that (q,s)-Cauchy matrices introduced in this work are the q-analogue of GC matrices. Indeed, conditions (A), (B) and (C) represent the q-analogues of conditions (a), (b) and (c) of Definition 7. With this definition, we can reformulate Theorem 9 in the following way, that puts emphasis on the correspondence between generalized Gabidulin codes and (q,s)-Cauchy matrices ′ Fk×(n−k) Theorem 9 . Let X ∈ qm and let s be a positive integer coprime to m. Then, CX ∈ Gabq(k,n,m,s) if and only if the matrix X is a (q,s)-Cauchy matrix. From Theorem 9 we have an immediate consequence, that relates (q,s)-Cauchy matrices with Moore matrices. Corollary 5. Let 0

Now, we want to determine the basis of the linearized polynomial space Gk,s that corresponds to the generator matrix in standard form. In order to do that, we introduce the following notion. Fℓ Deﬁnition 15. Let h = (h1,...,hℓ) ∈ qm be a vector such that rkq(h)= ℓ, and let s be an integer coprime to m. We deﬁne the polynomial ph,s associated to h as

ph,s(x) = det(Mℓ+1,s(h1,...,hℓ,x)).

Obviously ph,s(x) is a linearized polynomial and in particular it belongs to Gℓ+1,s. Observe that, by the properties of s-Moore matrices, it can be deduced that the set of roots of ph,s(x) F F ′ Fℓ in qm is equal to the q-subspace suppq(h). Moreover, If h, h ∈ qm are two vectors such ′ ′ that rkq(h)=rkq(h )= ℓ and suppq(h) = suppq(h ), then

ph,s(x) = det(E)ph′,s(x), Fℓ×ℓ ′ ′ where E ∈ q is the change-of-basis matrix from {h1,...,hℓ} to {h1,...,hℓ}. Note that the polynomial associated to h is a scalar multiple of a particular polynomial that is known as subspace polynomial or annihilator polynomial of the subspace suppq(h) (see [21, Chapter 3, Section 4] for more details).

Remark 3. Let C = Gk,s(g1,...,gn) be a generalized Gabidulin code of parameter s. Consider the vectors (i) Fk−1 g := (g1,...,gi−1, gi+1,...,gk) ∈ qm for i = 1,...,k, and deﬁne the polynomials −1 fi(x) := pg(i),s(gi) pg(i),s(x) for i = 1,...,k.

It follows from the deﬁnition that for every i, j ∈ {1,...,k}, we have fi(x) ∈ Gk,s and 1 if i = j fi(gj)= δi,j = (0 if i 6= j. Therefore the generator matrix in standard form for the generalized Gabidulin code C is obtained evaluating the basis {f1(x),...,fk(x)} of Gk,s in the vector g = (g1,...,gn). SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 17

4.1. A new criterion for generalized Gabidulin codes. The following result represents the analogue of Theorem 4 for the rank metric, and its proof directly follows from Theorem 9. Fk×(n−k) Theorem 10 (New Gabidulin Criterion I). Let X ∈ qm and let s be an integer coprime to m. Then, CX ∈ Gabq(k,n,m,s) if and only if

(i) the ﬁrst row of the matrix Φs(X) has q-rank n − k (ii) the ﬁrst column of the matrix Φs(X) has q-rank k, (iii) rk(Φs(X)) = 1. This theorem can be reformulated also in the following way. Theorem 10′ (New Gabidulin Criterion II). Let Fk×(n−k) X = (xi,j) 1≤i≤k ∈ qm 1≤j≤n−k and let s be an integer coprime to m. Then, CX ∈ Gabq(k,n,m,s) if and only if

(i’) rkq(1,x1,1,...,x1,n−k)= n − k + 1, (ii’) rkq(1,x1,1,...,xk,1)= k + 1, (iii) rk(Φs(X)) = 1. Proof. By Lemma 4 we have that conditions (i’) and (ii’) are equivalent to conditions (i) and (ii). This means that the statement is equivalent to Theorem 10.

In addition to representing a natural analogue of Theorem 4 for the rank metric framework, Theorem 10 also gives a new criterion to recognize whether a given code in standard form is a generalized Gabidulin code. Observe that, contrary to Theorem 7, that gives a criterion subject to a previous verification that the code is MRD, this result is independent on this assumption, and it could be verified more easily. Indeed, according to Proposition 4, checking n k(n−k) whether a code is MRD requires the computation of k q = O(q ) matrix products and ranks, while this new criterion only requires to check the linear independence of two sets of elements and the computation of the rank of one matrix. F Fn More generally, suppose we have an qm -linear rank metric code C ⊆ qm of dimension k Fk×n given by one of its generator matrices G ∈ qm , and an integer s coprime to m. We can check whether C is a generalized Gabidulin code of parameter s with the following algorithm. First we compute the reduced row echelon form of G. If it is not of the form (Ik | X), then by Lemma 5, C is not MRD and hence it is not a generalized Gabidulin code for any parameter s. Hence, suppose we get a matrix of the form (Ik | X). We can use Theorem 10, computing the matrix Φs(X) and its rank, and then verifying the linear independence of the elements in first row and in the first column. It is easy to see that the computational cost of this algorithm is given by the cost of computing the reduced row echelon form of G, that can be done via Gaussian elimination, or with faster algorithms. Therefore we have just provided a procedure that verifies if a given code is a Gabidulin code with O(m · F (k,n)) operations over Fqm , where F (k,n) represents the computational cost of computing the reduced row echelon form of a k × n matrix. Observe that new criteria for checking whether a given rank-metric code is a generalized Gabidulin code were given in [31, Theorem 6.5]. Although these criteria do not require to check the MRD condition, it is easy to see that the procedure described above is still faster. F F Example 1. Let q = 3, k = 3 and n = m = 6. Consider the finite field 36 = 3(a), where a is a primitive element that satisfies the relation a6 + 2a4 + a2 + 2a +2=0. Consider the F F6 36 -linear code C ⊆ 36 with generator matrix a2 a54 a591 a277 a160 a634 G = a67 a701 a443 a45 a486 a209 . a320 a199 a650 a361 a701 a562   18 ALESSANDRO NERI

We put G in reduced row echelon form, and obtain the matrix (I3 | X) with a180 a373 a714 X = a14 a588 a561 . a370 a702 a442 For s = 1 we consider the map   F F π1 : 36 −→ 36 4 i i+1 j z 7−→ γ3 z3 ,   Xi=0 Xj=0 with γ = a2. Then, we compute the matrix   a72 a226 a406 98 252 432 Φ1(X)= a a a a144 a298 a478   and observe that it has rank one. Moreover, the element of the first row of Φ1(X) are linearly independent over F3 and the same holds for the elements of the first column. Thus, by Theorem 10, C is a generalized Gabidulin code of parameter 1, that is a classical Gabidulin code. 4.2. Recovering the parameters of the code from the (q,s)-Cauchy matrix. In order to complete the picture on the correspondence between generalized Gabidulin codes and (q,s)- Cauchy matrices, we need to find the relations between the vector of points g = (g1,...,gn) Fk in which the set Gk,s is evaluated, and the corresponding vectors α = (α1,...,αk) ∈ qm , β = Fn−k Fk×(n−k) (β1,...,βn−k) ∈ qm and matrix B ∈ q that define the (q,s)-Cauchy matrix. Observe that, by Lemma 9 and Proposition 5, we can always suppose β1 = g1 = 1. In the rest of this section we will always use this assumption. As a preliminary result, we prove that knowing the entries of a (q,s)-Cauchy matrix is equivalent to knowing its defining parameters α, β and B. If one knows the latter, then it is trivial that the entries of the (q,s)-Cauchy matrix can be easily computed. For the other way around we have the following result. Ft×r Proposition 6. Let X ∈ qm be a (q,s)-Cauchy matrix. Then it is possible to recover the Ft Fr Ft×r parameters α ∈ qm , β ∈ qm and B ∈ q from the entries of X.

Proof. It follows from the deﬁnition of πs and from Lemma 3 that ϕs(xi,1)= αi (since β1 = 1), and ϕs(xi,j)= αiβj for j = 2, . . . , r. From that, we can recover α and β. Finally, the matrix B can be easily obtained, since

πs(α1β1) πs(α1β2) · · · πs(α1βr) πs(α2β1) πs(α2β2) · · · πs(α2βr) B = X −  . . .  . . . .   πs(αtβ1) πs(α1β2) · · · πs(αtβr)    

Suppose we have a generalized Gabidulin code C = Gk,s(g1,...,gn). Then we can efficiently obtain the corresponding (q,s)-Cauchy matrix by computing the reduced row echelon form of the s-Moore matrix Mk,s(g1,...,gn). The cost of this reduction is O(F (k,n)) field operations over the finite field Fqm , where F (k,n) is the cost of computing the reduced row echelon form of a k×n matrix. If we want a more explicit way to do it (but less efficient), then we can compute the basis {f1(x),...,fk(x)} of Gk,s as described in Remark 3, and evaluate it in the vector Fk Fn−k Fk×(n−k) g = (g1,...,gn). In order to recover the parameters α ∈ qm , β ∈ qm and B ∈ q , one can use Proposition 6. On the other hand, we have that the two sets of parameters that we want to put in relation, are connected by Corollary 5 as follows: SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 19

Mk,s(g1,...,gk)C(q,s)(α,β,B)= Mk,s(gk+1,...,gn). From this matrix equation we can deduce how to get the vector g from α, β and B. Let s σ := θ , where θ is the q-Frobenius automorphism of Fqm . Since β1 = 1, from the first column of the matrix product we get k gj(πs(αj)+ bj,1)= gk+1 (2) Xj=1 and, in general, for ℓ = 0,...,k − 1, k ℓ ℓ σ (gj)(πs(αj)+ bj,1)= σ (gk+1), (3) Xj=1 where we have set σ = θs. If we apply σ to equation (3) for ℓ − 1 and we subtract (3) to it, we get the set of equations k ℓ 0= σ (gj)(σ(πs(αj)+ bj,1) − (πs(αj)+ bj,1)) Xj=1 k ℓ = σ (gj)αj, (4) Xj=1 for every ℓ = 1,...,k − 1, where the last identity follows from part (2) of Lemma 3. We can repeat this process with any other column of the matrix product, and we get, for i = 2,...,n − k, k gj(πs(αjβi)+ bj,i)= gk+i (5) Xj=1 and k ℓ 0= σ (gj)αjβi. Xj=1 However, this set of equations is the same as (4), therefore we do not consider it. Now, we can show that equations (2), (4) and (5) are exactly what we need for our purpose. By Proposition 6, we can recover the vectors α and β and the matrix B from X. Moreover, applying σ−ℓ to every equation in (4), we get a linear system −1 −1 −1 −1 σ (α2) σ (α3) · · · σ (αk) σ (α1) −2 −2 −2 g2 −2 σ (α2) σ (α3) · · · σ (αk) . σ (α1)  . . .  . =  .  (6) . . .   .  −k+1 −k+1 −k+1  gk  −k+1   σ (α2) σ (α3) · · · σ (αk)     σ (α1)            with g2,...,gk unknowns. The matrix defining the linear system (6) is a (k − 1) × (k − 1) matrix with coefficients in Fqm . In particular, this matrix is equal to the Moore matrix −1 −1 Mk−1,−s(σ (α2),...,σ (αk)), and since α2,...,αk are Fq-linearly independent it has full rank. The unique solution of this linear system allows to compute g2,...,gk, and for computing gk+1,...,gn one can use (2) and (5).

5. Gabidulin codes in Hankel and Toeplitz form In this section we use the characterization of the generator matrix in standard form for a generalized Gabidulin code given in Section 4 for the construction of particular subclasses of these codes. Indeed, we will prove that there exist generalized Gabidulin codes CX such that X is a Hankel matrix or a Toeplitz matrix. For our purpose, we ﬁrst need a technical result. 20 ALESSANDRO NERI

F F∗ Lemma 11. Let γ ∈ qm be a primitive element, i.e. such that qm = hγi. Then there exists ℓ ∈ N such that ℓ ℓ+1 ℓ+m−2 TrFqm /Fq (γ ) = TrFqm /Fq (γ )= . . . = TrFqm /Fq (γ ) = 0. 2 m−1 Proof. Since γ is a primitive element, then Fqm = Fq(γ) and 1, γ, γ , . . . , γ is an Fq-basis F m F F m F of q . Consider the q-linear map L ∈ HomFq ( q , q) deﬁned as

0 for 0 ≤ i ≤ m − 2 L(γi)= (1 for i = m − 1. ∗ F m F F L is a non zero element in HomFq ( q , q), and by Theorem 1, there exists β ∈ qm such that ℓ L = Tβ. At this point, since γ is a primitive element, there exists ℓ ∈ N such that β = γ . In this way, we have that for all i = 0,...,m − 2, ℓ+i i i ℓ TrFqm /Fq (γ )= Tγ (γ )= L(γ ) = 0 and this concludes the proof.

Deﬁnition 16. An r × s matrix A = (Ai,j) over a ﬁeld F is called Toeplitz matrix if there r+s−1 exist a vector a = (a1−r, a2−r, . . . , as−1) ∈ F such that

Ai,j = aj−i.

An r × s matrix A = (Ai,j) over a ﬁeld F is called Hankel matrix if there exist a vector r+s−1 a = (a0, a1, . . . , ar+s−2) ∈ F such that

Ai,j = ai+j−2. A special kind of square Toeplitz matrices is given by circulant matrices.

Deﬁnition 17. An r × r matrix A = (Ai,j) over a ﬁeld F is called circulant matrix if there exists a vector a = (a0, . . . , ar−1) such that

Ai,j = aj−i( mod r). Theorem 11. For every 0

Proof. Let γ ∈ Fqm be a primitive element. By Lemma 11 there exist ℓ ∈ N such that ℓ ℓ+1 ℓ+m−2 TrFqm /Fq (γ ) = TrFqm /Fq (γ )= . . . = TrFqm /Fq (γ ) = 0. (7) Fk Fn−k Let α ∈ qm , β ∈ qm be defined as α = (γℓ, γℓ+1, . . . , γℓ+k−1), β = (1, γ, . . . , γn−k−1), and consider the matrix α⊤β. We now check that α, β satisfy properties (a), (b), (c) of Theorem 9. Indeed, γ is a primitive element, and therefore 1, γ, . . . , γm−1 are linearly independent, as well as γℓ, . . . , γℓ+m−1. In particular, properties (a) and (b) are satisfied. Moreover, for every i = 0,...,k − 1, j = 0,...,n − k − 1, j ℓ+i+j ℓ+i Tγ (γ ) = TrFqm /Fq (γ ) = 0, where the last inequality holds by (7). Therefore also property (c) is verified. −1 ⊤ Now we have that every matrix X ∈ Φs ({α β}) is a (q,s)-Cauchy matrix and hence it is of the form ℓ ℓ+1 ℓ+n−k−1 πs(γ ) πs(γ ) · · · πs(γ ) ℓ+1 ℓ+2 ℓ+n−k πs(γ ) πs(γ ) · · · πs(γ ) X =  . . .  + B, . . .   π (γℓ+k−1) π (γℓ+k) · · · π (γℓ+n−2)   s s s  k×(n−k)  for an arbitrary B ∈ Fq . Choosing B as a Hankel matrix completes the proof. SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 21

Theorem 12. For every 0

(1,..., 1) Ik X = (1,..., 1, γ, . . . , γ) has rank weight at most 2. In particular, if n≥ 4 we have n n − k +1= + 1 > 2 ≥ d 2 and therefore, the code CX can not be MRD. n This result possibly suggests that, at least in the case k = 2 , it is very difficult to require more structure on the non-systematic part of the generator matrix in standard form of an MRD code. However, it would be very interesting to find new families of Gabidulin, or more generally MRD codes with structured generator matrices. We conclude this section with a small example. Example 2. Consider the case q = 2, k = 3, n = m = 6 and s = 1. We construct a Hankel F F Gabidulin code of dimension 3 and length 6 over the finite field 26 = 2(a), where a is a primitive element that satisfies a6 + a4 + a3 + a +1=0. One can find, by Lemma 11, five i consecutive powers of a that belong to ker(TrF F ), that are a for i = 14, 15,..., 18. Then, 26 / 2 we set the vectors α = (a14, a15, a16), β = (1, a, a2). Moreover, we choose the matrix B to be the zero matrix, and the map F F π1 : 26 −→ 26 4 i i+1 j z 7−→ γ2 z2 ,   Xi=0 Xj=0 with γ = a3. We then get the following q-Cauchy matrix  14 15 16 57 7 13 π1(a ) π1(a ) π1(a ) a a a 15 16 17 7 13 37 X := C(q,1)(α, β, 0) = π1(a ) π1(a ) π1(a ) = a a a .  16 17 18   13 37 36 π1(a ) π1(a ) π1(a ) a a a     22 ALESSANDRO NERI

By Theorem 11 the code CX is a Gabidulin code of parameter s = 1. Moreover we can recover the vector of evaluation points g = (g1,...,g6) of the code. We can suppose g1 = 1, and 45 !5 recover g2 = a and g3 = a using the linear system (6). Finally, using equations (2) and (5) 46 14 28 we get g4 = a , g5 = a and g6 = a . Therefore, our Hankel Gabidulin code is 45 15 46 14 28 CX = G3,1(1, a , a , a , a , a ).

6. Conclusions and open problems In this work we find a parametrization of the generator matrix in standard form of generalized Gabidulin codes (see Theorem 9). Such a parametrization coincides with the q-analogue of generalized Cauchy matrices and, therefore, leads to a natural definition of (q,s)-Cauchy matrices, a notion that was missing in the literature. In Theorem 9′ we underline that these matrices are in one-to-one correspondence with generalized Gabidulin codes. Moreover, in Theorems 10 and 10′ we give a new criterion for determining whether a given rank metric code of dimension k and length n is a generalized Gabidulin code. This new result only requires O(m · F (k,n)) field operations, where F (k,n) denotes the cost of computing the reduced row echelon form of a k × n matrix, and it improves the existing criterion that relies on an a priori check of the MRD property. Finally we use our results in order to build two new subfamilies of generalized Gabidulin codes, namely the Hankel and Toeplitz Gabidulin codes (see Theorems 11 and 12). These families have the advantage that the non-systematic part of the generator matrix is a structured matrix. This implies that matrix/vector multiplications, and therefore the encoding procedure, can be performed faster than usual. From a theoretical point of view we believe that the same parametrization as the one of Theorems 9 and 9′ applies to Gabidulin codes over any finite cyclic field extension E/K, which were introduced by Augot, Loidreau and Robert in [3, 2, 4] (see also [38, Section VI]). As a consequence one would also get the characterization of generalized Gabidulin codes of Theorems 10 and 10′ in this setting. This general approach based on general cyclic extension field is used to describe some results of this paper in [28, Chapter 4]. Here, σ-Gabidulin codes are defined with respect to a generator σ of the Galois group G := Gal(E/K), and the space k−1 Gk,s is replaced by the space hid,σ,...,σ iE ⊆ E[G]. Formally we have the following open problem. Problem 1. Let E/K be an extension of fields of finite degree, and let Gal(E/K) be a cyclic group. Do Theorems 9 and 9′ hold in this more general setting? Unfortunately, the proof technique used here relies on a counting argument, and therefore it does not apply to infinite fields. In order to prove the same theorems in this more general setting one needs to find a different argument, finding an explicit bijection between generalized Gabidulin codes and (q,s)-Cauchy matrices which also works for infinite fields. Moreover, for future research we plan to investigate the use of this parametrization for applications in erasure and syndrome decoding for generalized Gabidulin codes. Acknowledgement

The author would like to thank Eimear Byrne for useful comments on the structure of the work and Martino Borello for suggesting to point out Lemma 12. References

[1] P. Almeida, U. Martínez-Peñas, and D. Napp. Systematic maximum sum rank codes. arXiv preprint arXiv:2001.07198, 2020. [2] D. Augot. Generalization of Gabidulin codes over ﬁelds of rational functions. In 21st International Sym- posium on Mathematical Theory of Networks and Systems (MTNS 2014), 2014. [3] D. Augot, P. Loidreau, and G. Robert. Rank metric and Gabidulin codes in characteristic zero. In 2013 IEEE International Symposium on Information Theory, pages 509–513. IEEE, 2013. [4] D. Augot, P. Loidreau, and G. Robert. Generalized Gabidulin codes over ﬁelds of any characteristic. Designs, Codes and Cryptography, 86(8):1807–1848, 2018. SYSTEMATIC GABIDUIN CODES AND q-CAUCHYMATRICES 23

[5] D. Bartoli, C. Zanella, and F. Zullo. A new family of maximum scattered linear sets in PG(1, q6). arXiv preprint arXiv:1910.02278, 2019. [6] T. P. Berger. Isometries for rank distance and permutation group of Gabidulin codes. IEEE Transactions on Information Theory, 49(11):3016 – 3019, 2003. [7] G. M. Bergman. Ranks of tensors and change of base field. Journal of Algebra, 11(4):613–621, 1969. [8] E. Byrne and A. Ravagnani. Partition-balanced families of codes and asymptotic enumeration in coding theory. Journal of Combinatorial Theory, Series A, 171, 2020. [9] G. Calis and O. O. Koyluoglu. A general construction for PMDS codes. IEEE Communications Letters, 21(3):452–455, 2017. [10] B. Csajbók, G. Marino, O. Polverino, and C. Zanella. A new family of MRD-codes. Linear Algebra and its Applications, 548:203–220, 2018. [11] B. Csajbók, G. Marino, O. Polverino, and Y. Zhou. Maximum rank-distance codes with maximum left and right idealisers. arXiv preprint arXiv:1807.08774, 2018. [12] B. Csajbók, G. Marino, and F. Zullo. New maximum scattered linear sets of the projective line. Finite Fields and Their Applications, 54:133–150, 2018. [13] P. Delsarte. Bilinear forms over a finite field, with applications to coding theory. Journal of Combinatorial Theory, Series A, 25(3):226–241, 1978. [14] A. Dür. The automorphism groups of Reed-Solomon codes. Journal of Combinatorial Theory, Series A, 44(1):69–82, 1987. [15] E. M. Gabidulin. Theory of codes with maximum rank distance. Problemy Peredachi Informatsii, 21(1):3– 16, 1985. [16] V. Guruswami and M. Sudan. Improved decoding of Reed-Solomon and algebraic-geometric codes. In Foundations of Computer Science, 1998. Proceedings. 39th Annual Symposium on, pages 28–37, 1998. [17] A.-L. Horlemann-Trautmann and K. Marshall. New criteria for MRD and Gabidulin codes and some rank-metric code constructions. Advances in Mathematics of Communications, 11(3):533–548, 2017. [18] R. Kötter and F. R. Kschischang. Coding for errors and erasures in random network coding. IEEE Trans- actions on Information Theory, 54(8):3579–3591, 2008. [19] R. Kötter and A. Vardy. Algebraic soft-decision decoding of Reed-Solomon codes. IEEE Transactions on Information Theory, 49(11):2809–2825, 2003. [20] A. Kshevetskiy and E. Gabidulin. The new construction of rank codes. In Information Theory, 2005. ISIT 2005. Proceedings. International Symposium on, pages 2105–2108. IEEE, 2005. [21] R. Lidl and H. Niederreiter. Introduction to Finite Fields and their Applications. Cambridge University Press, Cambridge, London, 1994. Revised edition. [22] P. Loidreau. Designing a rank metric based McEliece cryptosystem. In International Workshop on Post- Quantum Cryptography, pages 142–152. Springer, 2010. [23] G. Lunardon, R. Trombetti, and Y. Zhou. Generalized twisted Gabidulin codes. Journal of Combinatorial Theory, Series A, 159:79–106, 2018. [24] P. Lusina, E. Gabidulin, and M. Bossert. Maximum rank distance codes as space-time codes. IEEE Trans- actions on Information Theory, 49(10):2757–2760, 2003. 3 5 q q q [25] G. Marino, M. Montanucci, and F. Zullo. MRD-codes arising from the trinomial x + x + cx ∈ Fq6 [x]. arXiv preprint arXiv:1907.08122, 2019. [26] K. Morrison. Equivalence for rank-metric and matrix codes and automorphism groups of Gabidulin codes. IEEE Transactions on Information Theory, 60(11):7035–7046, 2014. [27] S. Müelich, S. Puchinger, and M. Bossert. Low-rank matrix recovery using Gabidulin codes in characteristic zero. Electronic Notes in Discrete Mathematics, 57:161–166, 2017. [28] A. Neri. Algebraic Theory of Rank-Metric Codes: Representations, Invariants and Density Results. PhD thesis, Universität Zürich, 2019. [29] A. Neri and A.-L. Horlemann-Trautmann. Random construction of Partial MDS codes. Designs, Codes and Cryptography, 2019. [30] A. Neri, A.-L. Horlemann-Trautmann, T. Randrianarisoa, and J. Rosenthal. On the genericity of maximum rank distance and Gabidulin codes. Designs, Codes and Cryptography, 86(2):341–363, 2018. [31] A. Neri, S. Puchinger, and A.-L. Horlemann-Trautmann. Equivalence and characterizations of linear rank- metric codes based on invariants. arXiv preprint arXiv:1911.13059, 2019. [32] A. Neri, J. Rosenthal, and D. Schipani. Fuzzy authentication using rank distance. In International Work- shop on Communication Security, pages 97–108. Springer, 2017. [33] K. Otal and F. Özbudak. Additive rank metric codes. IEEE Transactions on Information Theory, 63(1):164–168, 2017. [34] R. Overbeck. Structural attacks for public key cryptosystems based on Gabidulin codes. Journal of Cryp- tology, 21(2):280–301, 2008. [35] S. Puchinger, J. Rosenkilde né Nielsen, and J. Sheekey. Further generalisations of twisted Gabidulin codes. In International Workshop on Coding and Cryptography (WCC), 2017. 24 ALESSANDRO NERI

[36] I. S. Reed and G. Solomon. Polynomial codes over certain finite fields. Journal of the society for industrial and applied mathematics, 8(2):300–304, 1960. [37] R. M. Roth. Maximum-rank array codes and their application to crisscross error correction. IEEE Trans- actions on Information Theory, 37(2):328–336, 1991. [38] R. M. Roth. Tensor codes for the rank metric. IEEE Transactions on Information Theory, 42(6):2146–2157, 1996. [39] R. M. Roth and A. Lempel. On MDS codes via Cauchy matrices. IEEE Transactions on Information Theory, 35(6):1314–1319, 1989. [40] R. M. Roth and G. Seroussi. On generator matrices of MDS codes (corresp.). IEEE Transactions on Information Theory, 31(6):826–830, 1985. [41] J. Sheekey. A new family of linear maximum rank distance codes. Advances in Mathematics of Commu- nications, 10(3):475–488, 2016. [42] J. Sheekey. New semifields and new MRD codes from skew polynomial rings. Journal of the London Mathematical Society, 2019. [43] N. Silberstein, A. S. Rawat, and S. Vishwanath. Error-correcting regenerating and locally repairable codes via rank-metric codes. IEEE Transactions on Information Theory, 61(11):5765–5778, 2015. [44] D. Silva and F. R. Kschischang. Fast encoding and decoding of Gabidulin codes. In Information Theory, 2009. ISIT 2009. IEEE International Symposium on, pages 2858–2862. IEEE, 2009. [45] D. Silva, F. R. Kschischang, and R. Kötter. A rank-metric approach to error control in random network coding. IEEE Transactions on Information Theory, 54(9):3951 –3967, 2008. [46] R. Singleton. Maximum distance q-nary codes. IEEE Transactions on Information Theory, 10(2):116–118, 1964. [47] V. Tarokh, N. Seshadri, and A. R. Calderbank. Space-time codes for high data rate wireless communication: Performance criterion and code construction. IEEE transactions on information theory, 44(2):744–765, 1998. [48] A. Wachter-Zeh, V. Afanassiev, and V. Sidorenko. Fast decoding of Gabidulin codes. Designs, codes and cryptography, 66(1-3):57–73, 2013. [49] Z.-X. Wan. Geometry of matrices. World Scientific, Singapore, 1996. In memory of Professor L.K. Hua (1910 – 1985).