The Classical List Decoding Framework for Finite Rings 

Shortest Vectors in Polynomial Lattices Over Galois Rings and Application to List Decoding

This chapter contains the most recent results I obtained. It has not been submitted. It concerns the interpolation step of the Guruswami-Sudan algorithm and is included here for the completeness of this part of the PhD thesis.


In this chapter we adapt the algorithm of [Ale05], which works over nite elds, over discrete valuation rings. Given a nite eld Fq and a lattice in Fq[X]n, the algorithm in [Ale05] gives in polynomial time the shortest vector of . The \norm » used here is the degree of the polynomial of greatest degree among all the components of a vector of . It is interesting to note that the nding of the shortest vector of a lattice in Fq[X]m can be done in polynomial time whereas, a priori, no polynomial time algorithm is known to nd the shortest vector of a lattice in Zm.
We follow the presentation given in Alekhnovich’s paper [Ale05]. We rst recall the de nition and properties of discrete valuation rings. Then we give a naive algorithm which computes the shortest vector of a lattice (A=( r))n where A is a DVR with uniformizing parameter . Finally we apply this algorithm to the Sudan list decoding algorithm for Reed-Solomon codes over A=( r).

Related work

Given a lattice in 0 Rm it is NP-hard [Ajt98] to nd a shortest vector. However in the early 1980s a polynomial time algorithm for nding a short vector in 0 was given in [LLL82]. The situation for polynomial lattices is much simpler. Let [X]m be a polynomial lattice over the eld . One can compute a shortest vector of in polynomial time [MS03]. In [Ale05] the author applies a shortest vector nding algorithm to the Guruswami-Sudan problem. Related work of shortest vector in polynomial lattices includes [GJV03, JV05, SV05, JV06].


Complexity model

The \soft-Oh » notation f(n) 2 ~ O(1) (3 + g(n)). It
O(g(n)) means that f(n) 2 g(n) log
is well known [Fur07]
that the time needed to multiply two integers of bit-size at most
n in binary representation is O(n). The cost of multiplying two polynomials of degree
at most n over a ring A is O(n) in terms of the number of arithmetic operations in A.
Thus the bit-cost of multiplying two elements of the nite eld Fpn is O(n log p).

Discrete valuation rings

De nition 51. A discrete valuation ring (DVR) is a principal ideal domain which has one and only one prime ideal m. Any element 2 A such that ( ) = m is called a uniformizing parameter of A. Let a 2 A be a nonzero element. The greatest integer i 2 N such that a 2 mi n mi+1 is called the valuation of a and denoted by v(a). We let v(0) = +1.
De nition 52. Let Zps be an unrami ed extension of Zp of degree s. Then Zps is a DVR with uniformizing parameter p [Ser62, Chapter 1]. Let r be a positive integer. Then the quotient ring
GR(pr; s) := Zps (pr)
is called a Galois ring.
Proposition 53. Let a; b 2 GR(pr; s). Then the product ab 2 GR(pr; s) can be computed with a number of O (s log s log log sr log p log(r log p) log log(r log p))
or O(rs log p) bit-operations.
Proposition 54. Let Fq[[t]] be the power series ring over Fq. It is a DVR with uni-formizing parameter t. Let a; b 2 Fq[[t]]=(tr). Then the product ab 2 Fq[[t]]=(tr) can be computed with a number of O(r log r log log r) or O(r) arithmetic operations in Fq.
Proof. Proposition 52 and 53 are in [GG03, Chapter 8].

Reed-Solomon codes over valuation rings

Let A be a DVR. Reed-Solomon codes over rings are de ned in a slightly di erent way than their eld counterparts. We let A[X]<k denote the submodule of A[X] consisting of all the polynomials of degree at most k 1 of A[X].
De nition 55. Let x1; : : : ; xn be elements of A such that xi xj 2 A 6 r i = j
(where A is the group of units of A). The submodule of An generated by the vectors (f(x1); : : : ; f(xn)) 2 A n where f 2 A[X]<k is called a Reed-Solomon code over A. The n-tuple (x1; : : : ; xn) is called the support of the RS code.
Proposition 56. Let C be a RS code over A. Then C has parameters [n; k; d = n k+1]A.
Proposition 57. Let C be a RS code with parameters [n; k; d = n k + 1]A over a discrete valuation ring A with uniformizing parameter . Then C= rC is a RS code with parameters [n; k; d]A=( r) over A=( r). Moreover of (x1; : : : ; xn) is the support of C then (x1 mod r; : : : ; xn mod r) is the support of C= rC.

