A module minimization approach to Gabidulin decoding via interpolation

We focus on iterative interpolation-based decoding of Gabidulin codes and present an algorithm that computes a minimal basis for an interpolation module. We extend existing results for Reed-Solomon codes in showing that this minimal basis gives rise to a parametrization of elements in the module that lead to all Gabidulin decoding solutions that are at a fixed distance from the received word. Our module-theoretic approach strengthens the link between Gabidulin decoding and Reed-Solomon decoding, thus providing a basis for further work into Gabidulin list decoding. 2010 MSC: 11T71, 94B35


Introduction
Over the last decade there has been increased interest in Gabidulin codes, mainly because of their relevance to network coding [12,23] and distributed storage [20].Gabidulin codes are optimal rank-metric codes over a field F q m (where q is a prime power).They are named after the work of Gabidulin in [9] and have independently been presented earlier by Delsarte in [6].These codes can be seen as the q-analog of Reed-Solomon codes, using q-linearized polynomials instead of arbitrary polynomials.They are optimal in the sense that they are not only MDS codes with respect to the Hamming metric, but also achieve the Singleton bound with respect to the rank metric and are thus MRD (maximum rank distance) codes.
The decoding of Gabidulin codes has obtained a fair amount of attention in the literature, starting with work on decoding within the unique decoding radius in [9,10] and more recently [16,19,21,25].If n is the length of the Gabidulin code and k denotes the dimension of the code as a linear space over the field F q m , the unique decoding radius is given by (n − k)/2 .A main open question is whether there exist parameter sets for which Gabidulin codes can be (list) decoded beyond the unique decoding radius efficiently.This paper seeks to contribute to current research efforts on this open question.
Using the close resemblance between Reed-Solomon codes and Gabidulin codes, the paper [16] translates Gabidulin decoding into a set of polynomial interpolation conditions.Essentially, this setup is also used in the papers [12,27] that present iterative algorithms that perform Gabidulin list decoding with a list size of 1.In this paper we present an iterative algorithm that bears similarity to the ones in [12,16,27].As new results we show that the algorithm computes a minimal basis for an interpolation module that we associate with the received word.This result enables a parametrization of elements in the module that lead to all Gabidulin decoding solutions that are at a fixed distance from the received word.Thus we present a module minimization interpretation of the pioneering work by Loidreau [16].
The paper is structured as follows.In the next section we present several preliminaries on q-linearized polynomials and Gabidulin codes, including the polynomial interpolation conditions from [16].Subsection 2.3 deals with modules over the ring of linearized polynomials and draws attention to minimal bases of these modules and their Predictable Leading Monomial property.In Section 3 we reformulate the Gabidulin decoding requirements in terms of a module represented by four q-linearized polynomials and present our polynomial-time algorithm.We conclude this paper in Section 4.

q-linearized polynomials
Let q be a prime power and let m be a positive integer.Denote the finite field with q elements by F q and denote a primitive element of the extension field F q m by α.Since F q m is isomorphic (as a vector space) to the vector space F m q , matrices over the base field F q can be interpreted as vectors over the extension field, i.e., we have the isomorphism F m×n q ∼ = F n q m .In the sequel we denote the rank of a matrix X over F q by rank q (X).
For a vector (v 1 , . . ., v n ) ∈ F n q m we denote the k × n Moore matrix by where [i] := q i .A q-linearized polynomial over F q m is defined to be of the form where, assuming that a n = 0, n is called the q-degree of f (x), denoted by qdeg(f ).This class of polynomials was studied in detail by Ore in [17].One can easily check that f (x 1 +x 2 ) = f (x 1 )+f (x 2 ) and f (λx 1 ) = λf (x 1 ) for any x 1 , x 2 ∈ F q m and λ ∈ F q , hence the name linearized.The set of all q-linearized polynomials over F q m is denoted by L q (x, q m ).This set is a non-commutative ring with the normal addition + and with composition • of polynomials.Because of the non-commutativity, products and quotients of elements of L q (x, q m ) have to be specified as being "left" or "right".To not be mistaken with the standard division, we call the inverse of the composition symbolic division.Thus f (x) is symbolically divisible by g(x) with right quotient m(x) if Efficient algorithms for all these operations (left and right symbolic multiplication and division) can be found e.g. in [12].
Lemma 2.1 (cf.[15] Theorem 3.50).Let f (x) ∈ L q (x, q m ) and let F q s be the smallest extension field of F q m that contains all roots of f (x).Then the set of all roots of f (x) is a F q -linear vector space in F q s .Definition 2.2.Let U be a F q -linear subspace of F q m .We call Π U (x) := g∈U (x − g) the q-annihilator polynomial of U .
Lemma 2.3 ([15] Theorem 3.52).Let U be a F q -linear subspace of F q m .Then Π U (x) is an element of L q (x, q m ).
Note that, if g 1 , . . ., g n is a basis of U , one can rewrite for some constant λ ∈ F q m ; clearly its q-degree equals n.
The notion of q-Lagrange polynomial is as follows: Definition 2.4.Let g = (g 1 , . . ., g n ) ∈ F n q m , where g 1 , g 2 , . . ., g n are F q -linearly independent.Let r = (r 1 , . . ., r n ) ∈ F n q m .Define the matrix D i (g, x) as M n (g 1 , . . ., g n , x) without the i-th column.We define the q-Lagrange polynomial corresponding to g and r as It can be easily verified that the above polynomial is q-linearized and that Λ g,r (g i ) = r i for i = 1, . . ., n.
Throughout the paper we use matrix composition, which is defined analogously to matrix multiplication: Let g 1 , . . ., g n ∈ F q m be linearly independent over F q ; as before denote g := (g 1 , . . ., g n ).Throughout the remainder of the paper we use the standard notation g 1 , . . ., g n for the F q -linear span of g 1 , g 2 , . . .g n .Furthermore we abbreviate the notation Π g1,g2,...,gn (x) by Π g (x).We need the following fact for our investigations in Section 3. Lemma 2.5.Let g 1 , . . ., g n ∈ F q m be linearly independent over F q and let L(x) ∈ L q (x, q m ) be such that L(g i ) = 0 for all i.Then ∃H(x) ∈ L q (x, q m ) : Proof.We know from Lemma 2.3 that Π g (x) ∈ L q (x, q m ).Moreover unique left and right division in L q (x, q m ) holds, i.e. in this case there exist unique polynomials H(x), R(x) ∈ L q (x, q m ) such that L(x) = H(x) • Π g (x) + R(x) and qdeg(R(x)) < qdeg(Π g (x)) = n.Since any α ∈ g 1 , . . ., g n is a root of L(x) as well as Π g (x), they must also be a root of R(x).Hence we have q n distinct roots for R(x) and deg(R) < q n , thus R(x) ≡ 0 and the statement follows.

Gabidulin codes
Let g 1 , . . ., g n ∈ F q m be linearly independent over F q .A Gabidulin code C ⊆ F n q m of dimension k is defined as the linear block code with generator matrix M k (g 1 , . . ., g n ), as defined in (1).Using the isomorphic matrix representation, we can interpret C as a matrix code in F m×n q .The rank distance d R on F m×n q is defined by d R (X, Y ) := rank q (X − Y ) , X, Y ∈ F m×n q and analogously for the isomorphic extension field representation.The code C has dimension k over F q m and minimum rank distance (over F q ) n − k + 1.In fact, an equivalent definition of the code is where L q (x, q m ) <k := {m(x) ∈ L q (x, q m ) | qdeg(m(x)) < k}.For more information on bounds and constructions of rank-metric codes the interested reader is referred to [9].
Consider a received word r = (r 1 , . . ., r n ) ∈ F n q m as the sum r = c + e, where c = (c 1 , . . ., c n ) ∈ C is a codeword and e = (e 1 , . . ., e n ) ∈ F n q m is the error vector.We now recall the polynomial interpolation setup from [16] via a more general formulation in the next theorem.
, then e i ∈ F q m and every element of e 1 , . . ., e n is a root of D(x) (see Lemma 2.1).Since D(x) is non-zero and has degree q t , it follows that the linear space of roots has q-dimension t, which implies that (e 1 , . . ., e n ) has rank t.This means that the rank distance between (c 1 , . . ., c n ) and (r 1 , . . ., r n ) is equal to t.Thus, one direction is proven.
For the other direction let (c 1 , . . ., c n ), (r 1 , . . ., r n ) have rank distance t, i.e. (e 1 , . . ., e n ) := (c 1 − r 1 , . . ., c n − r n ) has rank t.Then by Lemma 2.3 there exists a non-zero D(x) ∈ L q (x, q m ) of degree q t such that D(e i ) = 0 for all i.By linearity we get that D(c i ) = D(r i ) for i = 1, . . ., n.Since c i = f (g i ) the statement follows.
Remark 2.7.Theorem 2.6 states that the set of roots of D(x) is a vector space of degree t which is equal to the span of e 1 , . . ., e n (for this note that e i = m(g i ) − r i ).This is why D(x) is unique up to scalar multiplication (for given codeword and received word) and is also called the error span polynomial (cf.e.g.[22]).The analogy in the classical Hamming metric set-up is the error locator polynomial, whose roots indicate the error locations.

Modules over
As mentioned before, the set of q-linearized polynomials L q (x, q m ) is a ring with addition and composition.Hence, for any positive integer , the set L q (x, q m ) is a (right or left) module.In this work we will consider L q (x, q m ) as a left module and investigate its (left) submodules.
In this section, we give some general definitions and results on L q (x, q m ) and present the terminology of the Predictable Leading Monomial property.All of these are analogous to the definitions and results for modules over F q [x] (equipped with normal polynomial multiplication) from [3], see also the early work by Fitzpatrick [7] and the textbooks [2,5].Linearized polynomials belong to the class of skew polynomials, for which the general theory of linear algebra and Gröbner bases is well established, see e.g.[1,4,11].
For reasons of clear exposition and self-containedness, we formulate the results that we need explicitly in terms of rings with composition, in the language of linearized polynomials.Thus, compared to the F q [x]-case, multiplication is replaced by composition.
To avoid confusion, we denote polynomials by f (x), while vectors of polynomials are denoted by f .If we need to index polynomials, we use the notation f 1 (x), . . ., f s (x), while for vectors of polynomials we use the notation f (1) , . . ., f (s) .
Elements of L q (x, q m ) are of the form ) and e 1 , . . ., e are the unit vectors of length .Analogous to polynomial multiplication on F q m [x] we define for h(x) ∈ L q (x, q m ) the left operation The monomials of f are of the form x [k] e i for all k such that f ik = 0. Definition 2.8.A subset M ⊆ L q (x, q m ) is a (left) submodule of L q (x, q m ) if it is closed under addition and composition with L q (x, q m ) on the left.Definition 2.9.Consider the non-zero elements f (1) , . . ., f (s) ∈ L q (x, q m ) .We say that f (1) , . . ., f (s) are linearly independent if for any a 1 (x), . . ., a s (x) ∈ L q (x, q m ) s i=1 A generating set of a submodule M ⊆ L q (x, q m ) is called a basis of M if all its elements are linearly independent.
One can easily see that is a basis of L q (x, q m ) , thus L q (x, q m ) is a free and finitely generated module.
We need the notion of monomial order for the subsequent results, which we will define in analogy to [2, Definition 3.5.1].Definition 2.10.A monomial order < on L q (x, q m ) is a total order on L q (x, q m ) that fulfills the following two conditions: and j ∈ N 0 .
We have different choices for monomial orders, of which the following is of interest for our investigations.
Definition 2.11.The (k 1 , . . ., k )-weighted term-over-position monomial order is defined as Note that this monomial order for L q (x, q m ) coincides with the weighted term-over-position monomial order for F q m [x], since one could replace the q-degrees with normal degrees and get the classical cases.
In the following we will not fix a monomial order.The results, if not noted differently, hold for any chosen monomial order.Definition 2.13.We can order all monomials of an element f ∈ L q (x, q m ) in decreasing order with respect to some monomial order.Rename them such that x [i1] e j1 > x [i2] e j2 > . . . .Then 1. the leading monomial lm(f ) = x [i1] e j1 is the greatest monomial of f .2. the leading position lpos(f ) = j 1 is the vector coordinate of the leading monomial.
3. the leading term lt(f ) = f j1,i1 x [i1] e j1 is the complete term of the leading monomial.
In order to define minimality for submodule bases we need the following notion of reduction, in analogy to [2, Definition 4.1.1].
Definition 2.14.Let f, h ∈ L q (x, q m ) and let F = {f (1) , . . ., f (s) } be a set of non-zero elements of L q (x, q m ) .We say that f reduces to h modulo F (in one step) if and only if for some a 1 , . . ., a k ∈ N 0 and b 1 , . . ., b k ∈ F q m , where We say that f is minimal with respect to F if it cannot be reduced modulo F .
Definition 2.15.A module basis B is called minimal if all its elements b are minimal with respect to B\{b}.
Proposition 2.16.Let B be a basis of a module M ⊆ L q (x, q m ) .Then B is a minimal basis if and only if all leading positions of the elements of B are distinct.
Proof.Let B be minimal.If two elements of B have the same leading position, the one with the greater leading monomial can be reduced modulo the other element, which contradicts the minimality.Hence, no two elements of a minimal basis can have the same leading position.
The other direction follows straight from the definition of reducibility and minimality of a basis, since if the leading positions of all elements are different, none of them can be reduced modulo the other elements.
The property outlined in the following theorem is well-established for minimal Gröbner bases for modules in F q [x] with respect to multiplication.It extends to non-commutative Gröbner bases of solvable type, see e.g.[11,Lemma 1.5].As a result, it also holds over the ring of linearized polynomials.It was labeled Predictable Leading Monomial (PLM) property in [13] to emphasize its closeness to Forney's Predictable Degree property [8].It captures the exact property that is needed in subsequent proofs.
Note that in [13] minimal bases were addressed as minimal Gröbner bases.It can be shown that in our current setting these are the same.
Theorem 2.17 (PLM property).Let M be a module in L q (x, q m ) with minimal basis B = {b (1) , . . ., b (L) }.Then for any 0 = f ∈ M , written as where a 1 (x), . . ., a L (x) ∈ L q (x, q m ), we have where lm(a i (x)) is the term of a i (x) of highest q-degree.
Proof.Since B is minimal, all leading positions and thus also all leading monomials of its elements are distinct (by Proposition 2.16).Without loss of generality assume that lm(b (1) ) > lm(b (2) and that all a i (x) are non-zero.Since L q (x, q m ) contains no zero divisors, we have that lpos(a i (x)•b (i) ) = lpos(b (i) ) for 1 ≤ i ≤ L. As a result, all leading positions and therefore all leading monomials of the a i (x) • b (i) 's are distinct.Thus there exist j 1 , . . ., j L such that It follows that Proposition 2.18.The leading positions and weighted q-degrees of all elements of two distinct minimal bases for the same module in L q (x, q m ) have to be the same.This implies that the cardinality of both bases are equal as well.

Iterative decoding of Gabidulin codes
For the remainder of the paper let g 1 , . . ., g n ∈ F q m be linearly independent over F q and let M k (g 1 , . . ., g n ) be the generator matrix of the Gabidulin code C ⊆ F n q m .Denote g = (g 1 , . . ., g n ) and let r = (r 1 , . . ., r n ) ∈ F n q m be the received word.Throughout the remainder of this paper our monomial order will be the (0, k − 1)-weighted term-over-position monomial order.

Parametrization
In the following we abbreviate the row span of a (polynomial) matrix A by rs(A).Definition 3.1.The interpolation module M(r) for r is defined as the left submodule of L q (x, q m ) 2 , given by We identify any [f (x) g(x)] ∈ M(r) with the bivariate linearized q-polynomial Q(x, y) = f (x)+g(y).The following theorem shows that the name interpolation module is justified for M(r): Theorem 3.2.M(r) consists exactly of all Q(x, y) = f (x) + g(y) with f (x), g(x) ∈ L q (x, q m ), such that Q(g i , r i ) = 0 for i = 1, . . ., n.
Proof.For the first direction let Q(x, y) = f (x) + g(y) be an element of M(r).Then there exist β(x), γ(x) ∈ L q (x, q m ) such that f For the other direction let f (x), g(x) ∈ L q (x, q m ) be such that Q(g i , r i ) = f (g i ) + g(r i ) = 0 for i = 1, . . ., n.To show that Q(x, y) ∈ M(r) we need to find β(x), γ(x) ∈ L q (x, q m ) such that We substitute the second into the first equation to get ( By assumption, the equation f (g i ) + g(Λ g,r (g i )) = f (g i ) + g(r i ) = 0 holds for all i.Then, by Lemma 2.5, it follows that f (x) + g(x) • Λ g,r (x) is symbolically divisible on the right by Π g (x) and hence there exists β(x) ∈ L q (x, q m ) such that (2) holds.
The above leads to the following characterization of codewords with distance t to the received word: is symbolically divisible on the left by D(x), i.e. there exists m(x) ∈ L q (x, q m ) such that are in one-to-one correspondence with the codewords of rank distance t to the received word r.
Proof.To prove the first direction let c ∈ F n q m be a codeword such that d R (c, r) = t with the corresponding message polynomial m(x) ∈ L q (x, q m ) <k .Then by Theorem 2.6 there exists D(x) ∈ L q (x, q m ) of q-degree t such that D(m(g i )) = D(r i ) for i = 1, . . ., n.By Theorem 3.2 we know that [D(m(x)) −D(x)] is in M(r).It holds that qdeg(D(m(x))) ≤ t + k − 1 and that (D(m(x))) is symbolically divisible on the left by D(x).
For the other direction let [N (x) − D(x)] ∈ M(r) fulfill conditions 1) − 3).Then the divisor m(x) ∈ L q (x, q m ) has q-degree less than k and N (x) = D(m(x)).Since it is in M(r) it follows from Theorem 3.2 that D(m(g i )) − D(r i ) = 0 for all i.Define c := (m(g 1 ), . . ., m(g n )), then it follows from Theorem 2.6 that d R (c, r) = t.
Note that conditions 1) and 2) of Theorem 3.3 can alternatively be formulated as the condition that lpos(f ) = 2 with (0, k − 1)-weighted q-degree of f being equal to t + k − 1.
It follows from Theorem 3.3 that decoding within rank radius t is equivalent to finding all elements f = [N (x) − D(x)] in M(r) with (0, k − 1)-weighted q-degree less than t + k and leading position 2, such that N (x) is symbolically divisible on the left by D(x).The following theorem presents a parametrization that is helpful in order to find such elements.Theorem 3.4.(Parametrization) Let B = {b (1) , b (2) } be a minimal basis of M(r) with respect to the (0, k − 1)-weighted degree, with lpos(b (1) ) = 1 and lpos(b (2) ) = 2. Define 1 and 2 as the (0, k − 1)weighted q-degrees of b (1) , b (2) , respectively.Let t be a nonnegative integer.Then all elements f ∈ M(r) with lpos(f ) = 2 and (0, k − 1)-weighted q-degree equal to t + k − 1 are given by Proof.The parametrization follows straightforwardly from Theorem 2.17.

Construction of a minimal basis
We now present an iterative algorithm for the construction of a minimal basis for the interpolation module.The algorithm is similar to the ones in [12,16,27].Our main contribution is the recognition, via Theorem 3.4, that such an algorithm essentially computes a minimal basis for the interpolation module rather than just one solution corresponding to the received word.A preliminary version of this result is the short conference paper [14].
We first need the following result: Lemma 3.5.For i = 1, . . ., n denote by M i the interpolation module for (g 1 , . . ., g i ) and (r 1 , . . ., r i ).Let be a basis for M i−1 and Proof.We first consider the first case and show that both b (1) and b (2) are in M i .From the assumptions it follows that P (g j ) = K(r j ) and that N (g j ) = D(r j ) for 1 ≤ j < i.Moreover, the two entries of b (1)  are given by For b (2) we get 1) and b (2) are elements of M i .
It remains to show that b (1) and b (2) span the entire interpolation module (and not just a submodule of it).For this, it is sufficient to show that [ Π i−1 (x) 0 ] and [ Λ i−1 (x) −x ] are linear combinations of b (1)  and b (2) .Since [ P (x) −K(x) ] and [ N (x) −D(x) ] are a basis of M i , there exist β(x), γ(x) ∈ L q (x, q m ) such that Let β(x), γ(x) ∈ L q (x, q m ) be such that Note that it can easily be checked that Γ i is a root of the right side of the previous equation, thus β(x) is well-defined by Lemma 2.5 .Denote the first and second row of the new basis by b (1) and b (2) , respectively.Then [ Π i (x) 0 ] is in the module spanned by the new basis.
Analogously, if we have that c(x) Hence, we have shown that the new basis {b (1) , b (2) } spans the entire interpolation module.
For the second case note that which corresponds to the first case after exchanging P (x) with N (x) and K(x) with D(x) (and vice versa).
Using Lemma 3.5 as our main ingredient, we now set out to design an iterative algorithm that computes a minimal basis for M i at each step i.
Algorithm 1 Iterative computation of a minimal basis of M(r).
for i from 1 to n do Γi end if end for return Bn Theorem 3.6.Algorithm 1 yields a minimal basis of the interpolation module M(r), where the leading position of the first row equals 1 and the leading position of the second row equals 2.
Proof.Denote by M 1 the matrix we multiply by on the left in the first IF statement and by M 2 the one in the ELSE statement of the algorithm.We know from Lemma 3.5 that at each step, B i is a basis for the interpolation module M i .We now show that it is a minimal basis with respect to the (0, k − 1)weighted term-over-position monomial order via induction on i. Assume that at step i the first row has leading position 1 and the second row has leading position 2, i.e. qdeg(P i (x)) > qdeg(K i (x)) + k − 1 and qdeg(N i (x)) ≤ qdeg(D i (x)) + k − 1.If qdeg(P i (x)) ≤ qdeg(D i (x)) + k − 1 we composite on the left by M 1 .Hence, qdeg(P i+1 (x)) = qdeg(P i (x)) + 1 and Thus, the leading position of the first row of B i+1 is still 1.Moreover, Thus the leading position of the second row is 2. Since the assumptions are true for B 0 the statement follows via induction.
Analogously one can prove that composition with M 2 yields a basis of M i with different leading positions in the two rows.Thus at each step we get a basis of M i with different leading positions, which is by Proposition 2.16 a minimal basis.Thus, after n steps, B n is a minimal basis for the interpolation module M(r).Remark 3.7.It can be verified that, due to the linear independence of g 1 , . . ., g k , up to a constant, at step k the algorithm has computed the q-annihilator polynomial and the q-Lagrange polynomial corresponding to the data so far.
Note that the corresponding Hamming distances to r vary from 1 to 3.

Conclusions
We extended the Welch-Berlekamp type algorithm given in the pioneering work by Loidreau [16], to be able to decode also beyond the unique decoding radius.For this we derived a parametrization of all codewords within a given radius of the received words, based on a minimal basis of the interpolation module.To compute such a minimal basis we presented a polynomial-time iterative algorithm with simple update steps, similar to Loidreau's algorithm.The main contribution of our paper is the recognition that such algorithms actually compute a minimal basis of the interpolation module which can then be used to provide a parametrization of all solutions corresponding to the received word.
In the Reed-Solomon case, Massey's parametrization resulting from the Berlekamp-Massey algorithm was used by Wu [26] as the foundation to his polynomial-time Reed-Solomon list decoding algorithm.This was used in [3] as the foundation for a polynomial time Reed-Solomon list decoding method via Welch-Berlekamp type interpolation.In this paper we strengthened the link between Reed-Solomon decoding and Gabidulin decoding in providing a similar parametrization from a Welch-Berlekamp type algorithm for Gabidulin decoding.Currently no polynomial-time list decoding algorithms exist for general Gabidulin codes; on the contrary, it is shown that polynomial list sizes are not possible for certain parameter sets (see e.g.[18,24]).However, there are still many parameters for which it is an open question whether polynomial-time list decoding of Gabidulin codes is possible.It is a topic of future research to build on the results of this paper in extending the parametrization-based methods of [3,26] to a possibly polynomial-time Gabidulin list decoding algorithm.