# SECRET sharing schemes were introduced by Blakley [5]

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 206 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Secret Sharing Schemes From Three Classes of Linear Codes Jin Yuan Cunsheng Ding, Senior Member, IEEE Abstract Secret sharing has been a subject of study for over 20 years, has had a number of real-world applications. There are several approaches to the construction of secret sharing schemes. One of them is based on coding theory. In principle, every linear code can be used to construct secret sharing schemes. But determining the access structure is very hard as this requires the complete characterization of the minimal codewords of the underlying linear code, which is a dficult problem in general. In this paper, a sufficient condition for all nonzero codewords of a linear code to be minimal is derived from exponential sums. Some linear codes whose covering structure can be determined are constructed, then used to construct secret sharing schemes with nice access structures. Index Terms Cryptography, linear codes, secret sharing, covering problem, exponential sums. I. INTRODUCTION SECRET sharing schemes were introduced by Blakley [5] Shamir [17] in Since then, many constructions have been proposed. The relationship between Shamir s secret sharing scheme the Reed Solomon codes was pointed out by McEliece Sarwate in 1981 [12]. Later, several authors have considered the construction of secret sharing schemes using linear error correcting codes [6], [8], [10], [11], [14], [15]. Massey utilized linear codes for secret sharing pointed out the relationship between the access structure the minimal codewords of the dual code of the underlying code [10], [11]. Unfortunately, determining the minimal codewords is extremely hard for general linear codes. This was done only for a few classes of special linear codes. In special cases, the Ashikhmin Barg lemma [2] (see Lemma 3 in this paper) is very useful in determining the minimal codewords. Several authors have investigated the minimal codewords for certain codes characterized the access structures of the secret sharing schemes based on their dual codes [16], [1], [2], [18]. In this paper, we first characterize the minimal codewords of certain linear codes using exponential sums, then construct some linear codes suitable for secret sharing. Finally, we determine the access structure of the secret sharing schemes based on the duals of those linear codes. Manuscript received May 14, 2004; revised July 7, This work of the authors is supported by the Research Grants Council of the Hong Kong Special Administrative Region, Project HKUST6183/04E, China. The authors are with the Department of Computer Science, The Hong Kong University of Science Technology, Clear Water Bay, Kowloon, Hong Kong, China Communicated by A. E. Ashikhmin, Associate Editor for Coding Theory. Digital Object Identier /TIT II. A LINK BETWEEN SECRET SHARING SCHEMES AND LINEAR CODES The Hamming weight of a vector in is the total number of nonzero coordinates. An code is a linear subspace of with dimension minimum nonzero Hamming weight. Let be a generator matrix of an code, i.e., the row vectors of generate the linear subspace. For all the linear codes mentioned in this paper, we always assume that no column vector of any generator matrix is the zero vector. There are several ways to use linear codes to construct secret sharing schemes. One of them is the following described by Massey [10]. In the secret sharing scheme based on, the secret is an element of, which is called the secret space, participants a dealer are involved. The dealer is a trusted person. In order to compute the shares with respect to a secret, the dealer chooses romly a vector such that. There are altogether such vectors. The dealer then treats as an information vector computes the corresponding codeword gives to participant as share for each. Since, a set of shares, determines the secret only is a linear combination of. Hence we have the following lemma [10]. Proposition 1: Let be a generator matrix of an code. In the secret sharing scheme based on, a set of shares, determines the secret only there is a codeword in the dual code, where for at least one. If there is a codeword of (1) in, then the vector is a linear combination of, say,. Then the secret is recovered by computing. If a group of participants can recover the secret by combining their shares, then any group of participants containing this group can also recover the secret. A group of participants is referred to as a minimal access set they can recover the secret with their shares, while any of its proper subgroups cannot do so. Here, a proper subgroup has fewer members than this group. In view of these facts, we are only interested in the set of all minimal (1) /\$ IEEE

2 YUAN AND DING: SECRET SHARING SCHEMES FROM THREE CLASSES OF LINEAR CODES 207 access sets. To determine this set, we need the notion of minimal codewords. Definition 1: The support of a vector is defined to be. A codeword covers a codeword the support of contains that of. If a nonzero codeword covers only its scalar multiples, but no other nonzero codewords, then it is called a minimal codeword. From Proposition 1 the preceding discussions, it is clear that there is a one-to-one correspondence between the set of minimal access sets the set of minimal codewords of the dual code whose first coordinate is. To determine the access structure of the secret sharing scheme, we need to determine only the set of minimal codewords whose first coordinate is, i.e., a subset of the set of all minimal codewords. However, in almost every case we should be able to determine the set of all minimal codewords as long as we can determine the set of minimal codewords whose first coordinate is. The covering problem of a linear code is to determine the set of all its minimal codewords. It is clear that the shares for the participants depend on the selection of the generator matrix of the code. However, by Proposition 1, the selection of does not affect the access structure of the secret sharing scheme. Therefore, in the sequel we will call it the secret sharing scheme based on, without mentioning the generator matrix used to compute the shares. We say that a secret sharing scheme is democratic of degree every group of participants is in the same number of minimal access sets, where. III. THE ACCESS STRUCTURE OF THE SECRET SHARING SCHEMES BASED ON THE DUALS OF THE CODES In Section II, we described the secret sharing scheme based on a linear code. Naturally, we have also the secret sharing scheme based on the dual code. In this later sections, we consider only the secret sharing scheme based on the dual code of a given linear code. The following proposition describes properties of the minimal access sets of the secret sharing scheme based on [7]. Note that the vectors s in this later sections are not the same as those in Section II. Proposition 2: [7] Let be an code, let be its generator matrix, where all are nonzero. If each nonzero codeword of is minimal, then in the secret sharing scheme based on, there are altogether minimal access sets. In addition, we have the following. 1 If is a scalar multiple of, then participant must be in every minimal access set. Such a participant is called a dictatorial participant. 2 If is not a scalar multiple of, then participant must be in out of minimal access sets. In view of Proposition 2, it is an interesting problem to construct codes whose nonzero codewords are all minimal. Such a linear code gives a secret sharing scheme with the interesting access structure described in Proposition 2. IV. CHARACTERIZATIONS OF MINIMAL CODEWORDS A. Sufficient Condition From Weights If the weights of a linear code are close enough to each other, then all nonzero codewords of the code are minimal, as described as follows. Lemma 3: (Ashikhmin Barg lemma [2]) In an code, let be the minimum maximum nonzero weights, respectively. If then all nonzero codewords of are minimal. The Ashikhmin Barg lemma is quite useful in determining the minimal codewords for special linear codes. B. Sufficient Necessary Condition Using Exponential Sums Let, where is a prime is a positive integer. Throughout this paper, let denote the canonical additive character of, i.e., It is well known that each linear function from to can be written as for some. Hence, for any linear code with generator matrix, there exist such that every codeword can be expressed as for some. On the other h, for every, the vector in (2) is in the code. Hence, any linear code has a trace form of (2). We now consider two nonzero codewords of, where. If, then the two codewords would be scalar multiples of each other. Let be the number of coordinates in which takes on zero, let be the number of coordinates in which both take on zero. By definition,. Clearly, covers only. Hence we obtain the following proposition. Proposition 4: For all is minimal only for all with. We would use this proposition to characterize the minimal codewords of the code. To this end, we would compute the values of both. But this is extremely hard in general. Thus, we would give tight bounds on them using known bounds on exponential sums. By definition (2) (3)

3 208 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Similarly Proposition 8: [9, Ch. 5] Let be of degree with let be a nontrivial additive character of. Then (8) In the expressions of, when or is fixed, the inner sum for both is for some fixed, is called an incomplete exponential sum in general. Note that most known bounds on exponential sums are summed over the whole, may not be used to give bounds on. However, the set constitutes the range of some function defined over, each element in this range is taken on the same number of times by this function, we will be able to derive bounds on using known bounds on exponential sums. This will become clear in later sections. V. SOME BOUNDS ON EXPONENTIAL SUMS The objective of this section is to introduce the following bounds on exponential sums which will be needed later. Definition 2: [9, Ch. 5] Let be a multiplicative an additive character of. Then the Gaussian sum is defined by It is well known that both are nontrivial, Proposition 5: [9, Ch. 5] Let be a finite field with, where is an odd prime is a positive integer. Let be the quadratic character of let be the canonical additive character of. Then Proposition 6: [9, Ch. 5] Let be a nontrivial additive character of a positive integer,. Then be a nontrivial additive char- for any with. Proposition 7: [9, Ch. 5] Let acter of with odd, let with. Then (4) (5) (6) (7) Later we shall need the following bounds on incomplete exponential sums of rational functions [13]. Lemma 9: [13] Let be the finite field of elements characteristic, let be the quotient of two polynomials with coefficients in that satisfies for any, where is the algebraic closure of.define Let be the number of distinct roots of in.if denotes a nontrivial additive character of, then we have (9) (10) where when,, otherwise. In fact, we need a special case of the above result, state it as follows. Lemma 10: Let be the finite field of elements characteristic ; let be the quotient of two polynomials with coefficients in that satisfies, has distinct roots in. If denotes a nontrivial additive character of, then we have (11) where the sum runs over all excluding the zeros of. VI. SECRET SHARING SCHEMES FROM A CLASS OF LINEAR CODES In this section, we first describe a class of linear codes which are a generalization of the irreducible cyclic codes [4], then describe the access structure of the secret sharing scheme based on the duals of these codes. This section is a generalization of some results in [7]. Definition 3: Let be a prime, let. Suppose. Let be a primitive th root of unity in, with.define as where (12) where is the quadratic character of. The following is called the Weil bound. to. is the trace function from

4 YUAN AND DING: SECRET SHARING SCHEMES FROM THREE CLASSES OF LINEAR CODES 209 The code of (12) has dimension, where. It is not cyclic, it is a generalization of the irreducible cyclic codes [4]. When, the code is called nondegenerate. In this section, we consider only the nondegenerate case. We are interested in the secret sharing scheme based on the dual code. To analyze the access structure of the secret sharing scheme, we would solve the covering problem of the code under certain conditions. Now we derive bounds on the of (3) for the code.by (3), we have scheme can be determined under conditions that are weaker than that of (15). The reader is referred to [7] for details. Open Problem 1: Solve the covering problem for the code of (12) determine the access structure of the secret sharing scheme based on when the condition of (15) is not met. Before ending this section, we present a specic example of the secret sharing scheme described above. We set. Let be a primitive element of define. We choose. Then the code of (12) is a nondegenerate code. Although the condition of (15) is not met, all nonzero codewords of are minimal. This is because this condition is sufficient, but not necessary. The dual code has parameters generator matrix where otherwise. Applying the bound of (6), we have (13) As before, let denote the minimum maximum nonzero weights of. It follows from (13) that In the secret sharing scheme based on, 12 participants a dealer are involved. There are altogether minimal access sets (14) By (14), we have that (15) It then follows from the Ashikhmin Barg lemma (Lemma 3) that every nonzero codeword of is minimal under the condition of (15). We remark that the condition of (15) is sufficient, but not necessary. By Proposition 2, the set of dictatorial participants in the secret sharing scheme based on is (16) whose cardinality is between. Combining the discussions above Proposition 2, we have proved the following. Proposition 11: When the condition of (15) is met, all nonzero codewords of are minimal. Furthermore, in the secret sharing scheme based on, the set of possible dictatorial participants is given in (16), each of the other participants is involved in minimal access sets. For two subclasses of the codes of (12), the covering problem can be solved the access structure of the secret sharing Participant 7 is a dictatorial participant because it is involved in every minimal access set. Hence, any group of participants who can determine the secret must include participant 7. Each participant in the set is in minimal access sets. If a group of participants can recover the secret, it must have at least six members (50% of the total number of participants). Such a secret sharing scheme could be useful in applications where the boss must be involved in every decision making. VII. SECRET SHARING SCHEMES FROM QUADRATIC FORM CODES Let be an odd prime,. Let. Consider defined over. It is easily seen that 1 for any ; 2 ; 3 when. Let Range

5 210 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Let, then. Write. We define a linear code as If, let, then by (21) (17) where is the trace function from to. In [7], we proved that is an code, analyzed the weights of this code for the case even. In this section, we determine its weights for the case odd, describe the access structure of the secret sharing scheme based on its dual code. Now we investigate the weights of. Note for any, by Proposition 7 (22) Let, denote the canonical additive character quadratic character over by, respectively. Note that since is odd, one can easily prove that for any. It follows from (22) (5) that (18) Define. Then by (3) Then by (19) the code has three possible nonzero weights (19) To determine the weight of, we need to compute. By definition, is a th root of unity. Note that otherwise. We have (20) When is even, because It follows from (18) that all nonzero codewords of are minimal. When is odd, because (21) In the case that is even, it is proved in [7] that the code has the following four possible nonzero weights: all nonzero codewords of are minimal. Proposition 12: If, all nonzero codewords of the quadratic form code are minimal. Furthermore, in the secret sharing scheme based on, the set of dictatorial participants is given by We now consider the case that is odd. If, then by (21) which has cardinality at most, each of the other participants is involved in minimal access sets. Proof: The first part follows from the earlier discussions. The number of dictatorial participants is at most because the elements are all distinct,. The remaining part of the conclusion follows from Proposition 2. Open Problem 2: Solve the covering problem for the code of (17) determine the access structure of the secret sharing scheme based on for the case. We now present an example of the secret sharing scheme described above. We choose. Let be a primitive element of. Then

6 YUAN AND DING: SECRET SHARING SCHEMES FROM THREE CLASSES OF LINEAR CODES 211 Then the of (17) is a three-weight code with nonzero weights. The dual code has parameters generator matrix The code is dferent from the Goppa codes. Obviously, the dimension of is at most the codeword length is. Now we give a condition on under which. Lemma 13: when (24) Proof: It suffices to prove that at least one of is nonzero, cannot be the zero codeword. Suppose are nonzero, where The augmented code of is a code which is optimal. In the secret sharing scheme based on, 11 participants a dealer are involved. There are altogether minimal access sets for other s. Then for any where is a polynomial in with degree at most. For all,wehave Participant 1 is a dictatorial participant because it is involved in every minimal access set. Hence, any group of participants who can determine the secret must include participant 1. Each participant in the set is in minimal access sets. If a group of participants can recover the secret, it must have at least six members (54% of the total number of participants). Such a secret sharing scheme could be useful in applications where the boss must be involved in every decision making. VIII. SECRET SHARING SCHEMES FROM THE THIRD CLASS OF CODES Let be pairwise distinct elements of. Define because all are pairwise distinct. Thus, the condition of Lemma 10 is satisfied. Let be the canonical additive character of. Then by Lemma 10 On the other h, is the zero codeword, the sum above would be. Hence, the conclusion follows. Now we estimate the weights of. Let be the number of zeros in the codeword, then Write as Using Lemma 10 we obtain that Given, for any, let We define a linear code as where (23) Hence, we have proved the following. Lemma 14: We have that

7 212 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 52, NO. 1, JANUARY 2006 Now we investigate the minimum distance of the dual code. Proposition 15: If, then. Proof: Obviously,.If, from the construction of, there must exist distinct elements, such that for any. Then. Since, this cannot hold for all. Therefore,. Proposition 16: If (25) then is a code all nonzero codewords of are minimal. Furthermore, in the secret sharing scheme based on every participant is in out of minimal access sets. Hence, the secret sharing scheme is democratic of degree at least. Proof: Clearly, the condition of (25) implies that of (24). Hence, under the condition of (25), has dimension. Under this condition it is easily veried that It then follows from the Ashikhmin Barg lemma (Lemma 3) that all nonzero codewords of are minimal. On the other h, by Proposition 15. The conclusion of this proposition then follows from Proposition 2. Open Problem 3: Solve the covering problem for the code of (23) determine the access structure of the secret sharing scheme based on when the condition of (25) is not met. IX. CONCLUDING REMARKS In this paper, under certain conditions, we solved the covering problem for three classes of linear codes determined the access structure of the secret sharing schemes based on their dual codes. The access structures are of two types. In the first type, there are a number of dictatorial participants who must be involved in recovering the secret, each of the remaining participants is involved in the same number of minimal access sets. These secret sharing schemes are not democratic, could be used in applications where a few dictatorial participants are necessary. In the second type, every participant appears in the same number of minimal access sets. The degree of democracy is usually one or two. Secret sharing schemes with access structures of this type could be useful in applications where a small degree of democracy is necessary. Note that a threshold secret sharing scheme is democratic of degree, which is useful in applications where a high degree of democracy is required. The information rate of the secret sharing schemes described in this paper is one, the best possible. The goal of this paper is not to construct error-correcting codes, although we constructed several classes of error-correcting codes. Our purpose is to use some existing classes of error-correcting codes those constructed in this paper to construct secret sharing schemes with nice access structures. The linear codes described in this paper may not be optimal, but give secret sharing schemes with interesting access structures. In this paper, we presented several open problems regarding the covering problem of linear codes the access structures of secret sharing schemes based on linear codes. It would be nice these open problems could be settled in the near future. ACKNOWLEDGMENT The authors wish to thank the referees the Associate Editor Alexei E. Ashikhmin for their constructive comments suggestions that much improved the paper. REFERENCES [1] A. Ashikhmin, A. Barg, G. Cohen, L. Huguet, Variations on minimal codewords in linear codes, in Proc. Applied Algebra, Algebraic Algorithms Error-Correcting Codes (AAECC 1995) (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1995, vol. 948, pp [2] A. Ashikhmin A. Barg, Minimal vectors in linear codes, IEEE Trans. Inf. Theory, vol. 44, no. 5, pp , Sep [3] L. D. Baumert W. H. Mills, Unorm cyclotomy, J. Number Theory, vol. 14, pp , [4] L. D. Baumert R. J. McEliece, Weights of irreducible cyclic codes, Inf. Control, vol. 20, no. 2, pp , [5] G. R. Blakley, Safeguarding cryptographic keys, in Proc National Computer Conf., New York, Jun. 1979, pp [6] C. Ding, D. Kohel, S. Ling, Secret sharing with a class of ternary codes, Theor. Comp. Sci., vol. 246, pp , [7] C. Ding J. Yuan, Covering secret sharing with linear codes, in Discrete Mathematics Theoretical Computer Science (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 2003, vol. 2731, pp [8] E. D. Karnin, J. W. Greene, M. E. Hellman, On secret sharing systems, IEEE Trans. Inf. Theory, vol. IT-29, no. 1, pp , Jan [9] R. Lidl H. Niederreiter, Finite Fields. Cambridge, U.K.: Cambridge Univ. Press, [10] J. L. Massey, Minimal codewords secret sharing, in Proc. 6th Joint Swedish-Russian Workshop on Information Theory, Mölle, Sweden, Aug. 1993, pp [11], Some applications of coding theory, Cryptography, Codes Ciphers: Cryptography Coding IV, pp , [12] R. J. McEliece D. V. Sarwate, On sharing secrets reed-solomon codes, Commun. Assoc. Comp. Mach., vol. 24, pp , [13] C. Moreno O. Moreno, Exponential sums Goppa codes, in Proc. Amer. Math. Soc., vol. 111, 1991, pp [14] K. Okada K. Kurosawa, MDS secret sharing scheme secure against cheaters, IEEE Trans. Inf. Theory, vol. 46, no. 3, pp , May [15] J. Pieprzyk X. M. Zhang, Ideal threshold schemes from MDS codes, in Information Security Cryptology Proc. of ICISC 2002 (Lecture Notes in Computer Sceince). Berlin, Germany: Springer-Verlag, 2003, vol. 2587, pp [16] A. Renvall C. Ding, The access structure of some secret-sharing schemes, in Information Security Privacy (Lecture Notes in Computer Science). Berlin, Germany: Springer-Verlag, 1996, vol. 1172, pp [17] A. Shamir, How to share a secret, Commun. Assoc. Comp. Mach., vol. 22, pp , [18] J. Yuan C. Ding, Secret sharing schemes from two-weight codes, in Proc. R. C. Bose Centenary Symp. Discrete Mathematics Applications, Kolkata, India, Dec

### Two classes of ternary codes and their weight distributions

Two classes of ternary codes and their weight distributions Cunsheng Ding, Torleiv Kløve, and Francesco Sica Abstract In this paper we describe two classes of ternary codes, determine their minimum weight

### On the representability of the bi-uniform matroid

On the representability of the bi-uniform matroid Simeon Ball, Carles Padró, Zsuzsa Weiner and Chaoping Xing August 3, 2012 Abstract Every bi-uniform matroid is representable over all sufficiently large

### Linear Authentication Codes: Bounds and Constructions

866 IEEE TRANSACTIONS ON INFORMATION TNEORY, VOL 49, NO 4, APRIL 2003 Linear Authentication Codes: Bounds and Constructions Huaxiong Wang, Chaoping Xing, and Rei Safavi-Naini Abstract In this paper, we

### LOW-DEGREE PLANAR MONOMIALS IN CHARACTERISTIC TWO

LOW-DEGREE PLANAR MONOMIALS IN CHARACTERISTIC TWO PETER MÜLLER AND MICHAEL E. ZIEVE Abstract. Planar functions over finite fields give rise to finite projective planes and other combinatorial objects.

### International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

### The Dirichlet Unit Theorem

Chapter 6 The Dirichlet Unit Theorem As usual, we will be working in the ring B of algebraic integers of a number field L. Two factorizations of an element of B are regarded as essentially the same if

### Linear Codes. Chapter 3. 3.1 Basics

Chapter 3 Linear Codes In order to define codes that we can encode and decode efficiently, we add more structure to the codespace. We shall be mainly interested in linear codes. A linear code of length

### IRREDUCIBLE OPERATOR SEMIGROUPS SUCH THAT AB AND BA ARE PROPORTIONAL. 1. Introduction

IRREDUCIBLE OPERATOR SEMIGROUPS SUCH THAT AB AND BA ARE PROPORTIONAL R. DRNOVŠEK, T. KOŠIR Dedicated to Prof. Heydar Radjavi on the occasion of his seventieth birthday. Abstract. Let S be an irreducible

### by the matrix A results in a vector which is a reflection of the given

Eigenvalues & Eigenvectors Example Suppose Then So, geometrically, multiplying a vector in by the matrix A results in a vector which is a reflection of the given vector about the y-axis We observe that

### Several Classes of Codes and Sequences Derived From a 4 -Valued Quadratic Form Nian Li, Xiaohu Tang, Member, IEEE, and Tor Helleseth, Fellow, IEEE

7618 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL 57, NO 11, NOVEMBER 2011 Several Classes of Codes Sequences Derived From a 4 -Valued Quadratic Form Nian Li, Xiaohu Tang, Member, IEEE, Tor Helleseth,

### Algebra 2. Rings and fields. Finite fields. A.M. Cohen, H. Cuypers, H. Sterk. Algebra Interactive

2 Rings and fields A.M. Cohen, H. Cuypers, H. Sterk A.M. Cohen, H. Cuypers, H. Sterk 2 September 25, 2006 1 / 20 For p a prime number and f an irreducible polynomial of degree n in (Z/pZ)[X ], the quotient

### U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory

### Linear Codes. In the V[n,q] setting, the terms word and vector are interchangeable.

Linear Codes Linear Codes In the V[n,q] setting, an important class of codes are the linear codes, these codes are the ones whose code words form a sub-vector space of V[n,q]. If the subspace of V[n,q]

### The determinant of a skew-symmetric matrix is a square. This can be seen in small cases by direct calculation: 0 a. 12 a. a 13 a 24 a 14 a 23 a 14

4 Symplectic groups In this and the next two sections, we begin the study of the groups preserving reflexive sesquilinear forms or quadratic forms. We begin with the symplectic groups, associated with

### Functional-Repair-by-Transfer Regenerating Codes

Functional-Repair-by-Transfer Regenerating Codes Kenneth W Shum and Yuchong Hu Abstract In a distributed storage system a data file is distributed to several storage nodes such that the original file can

### ON GENERALIZED RELATIVE COMMUTATIVITY DEGREE OF A FINITE GROUP. A. K. Das and R. K. Nath

International Electronic Journal of Algebra Volume 7 (2010) 140-151 ON GENERALIZED RELATIVE COMMUTATIVITY DEGREE OF A FINITE GROUP A. K. Das and R. K. Nath Received: 12 October 2009; Revised: 15 December

### THE DIMENSION OF A VECTOR SPACE

THE DIMENSION OF A VECTOR SPACE KEITH CONRAD This handout is a supplementary discussion leading up to the definition of dimension and some of its basic properties. Let V be a vector space over a field

### Secure Network Coding on a Wiretap Network

IEEE TRANSACTIONS ON INFORMATION THEORY 1 Secure Network Coding on a Wiretap Network Ning Cai, Senior Member, IEEE, and Raymond W. Yeung, Fellow, IEEE Abstract In the paradigm of network coding, the nodes

### Lattice-Based Threshold-Changeability for Standard Shamir Secret-Sharing Schemes

Lattice-Based Threshold-Changeability for Standard Shamir Secret-Sharing Schemes Ron Steinfeld (Macquarie University, Australia) (email: rons@ics.mq.edu.au) Joint work with: Huaxiong Wang (Macquarie University)

### Row Ideals and Fibers of Morphisms

Michigan Math. J. 57 (2008) Row Ideals and Fibers of Morphisms David Eisenbud & Bernd Ulrich Affectionately dedicated to Mel Hochster, who has been an inspiration to us for many years, on the occasion

### Mathematics Course 111: Algebra I Part IV: Vector Spaces

Mathematics Course 111: Algebra I Part IV: Vector Spaces D. R. Wilkins Academic Year 1996-7 9 Vector Spaces A vector space over some field K is an algebraic structure consisting of a set V on which are

### Notes 11: List Decoding Folded Reed-Solomon Codes

Introduction to Coding Theory CMU: Spring 2010 Notes 11: List Decoding Folded Reed-Solomon Codes April 2010 Lecturer: Venkatesan Guruswami Scribe: Venkatesan Guruswami At the end of the previous notes,

### Real quadratic fields with class number divisible by 5 or 7

Real quadratic fields with class number divisible by 5 or 7 Dongho Byeon Department of Mathematics, Seoul National University, Seoul 151-747, Korea E-mail: dhbyeon@math.snu.ac.kr Abstract. We shall show

### MATH 423 Linear Algebra II Lecture 38: Generalized eigenvectors. Jordan canonical form (continued).

MATH 423 Linear Algebra II Lecture 38: Generalized eigenvectors Jordan canonical form (continued) Jordan canonical form A Jordan block is a square matrix of the form λ 1 0 0 0 0 λ 1 0 0 0 0 λ 0 0 J = 0

### Notes on Factoring. MA 206 Kurt Bryan

The General Approach Notes on Factoring MA 26 Kurt Bryan Suppose I hand you n, a 2 digit integer and tell you that n is composite, with smallest prime factor around 5 digits. Finding a nontrivial factor

### Chapter 1. Search for Good Linear Codes in the Class of Quasi-Cyclic and Related Codes

Chapter 1 Search for Good Linear Codes in the Class of Quasi-Cyclic and Related Codes Nuh Aydin and Tsvetan Asamov Department of Mathematics, Kenyon College Gambier, OH, USA 43022 {aydinn,asamovt}@kenyon.edu

### (x + a) n = x n + a Z n [x]. Proof. If n is prime then the map

22. A quick primality test Prime numbers are one of the most basic objects in mathematics and one of the most basic questions is to decide which numbers are prime (a clearly related problem is to find

### THE Walsh Hadamard transform (WHT) and discrete

IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS I: REGULAR PAPERS, VOL. 54, NO. 12, DECEMBER 2007 2741 Fast Block Center Weighted Hadamard Transform Moon Ho Lee, Senior Member, IEEE, Xiao-Dong Zhang Abstract

### Short Programs for functions on Curves

Short Programs for functions on Curves Victor S. Miller Exploratory Computer Science IBM, Thomas J. Watson Research Center Yorktown Heights, NY 10598 May 6, 1986 Abstract The problem of deducing a function

### EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION

EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION CHRISTIAN ROBENHAGEN RAVNSHØJ Abstract. Consider the Jacobian of a genus two curve defined over a finite field and with complex multiplication.

### Introduction to finite fields

Introduction to finite fields Topics in Finite Fields (Fall 2013) Rutgers University Swastik Kopparty Last modified: Monday 16 th September, 2013 Welcome to the course on finite fields! This is aimed at

### THE FUNDAMENTAL THEOREM OF ALGEBRA VIA PROPER MAPS

THE FUNDAMENTAL THEOREM OF ALGEBRA VIA PROPER MAPS KEITH CONRAD 1. Introduction The Fundamental Theorem of Algebra says every nonconstant polynomial with complex coefficients can be factored into linear

### Monogenic Fields and Power Bases Michael Decker 12/07/07

Monogenic Fields and Power Bases Michael Decker 12/07/07 1 Introduction Let K be a number field of degree k and O K its ring of integers Then considering O K as a Z-module, the nicest possible case is

### it is easy to see that α = a

21. Polynomial rings Let us now turn out attention to determining the prime elements of a polynomial ring, where the coefficient ring is a field. We already know that such a polynomial ring is a UF. Therefore

### Efficient LDPC Code Based Secret Sharing Schemes and Private Data Storage in Cloud without Encryption

Efficient LDPC Code Based Secret Sharing Schemes and Private Data Storage in Cloud without Encryption Yongge Wang Department of SIS, UNC Charlotte, USA yonwang@uncc.edu Abstract. LDPC codes, LT codes,

### ALGORITHMS FOR ALGEBRAIC CURVES

ALGORITHMS FOR ALGEBRAIC CURVES SUMMARY OF LECTURE 4 1. SCHOOF S ALGORITHM Let K be a finite field with q elements. Let p be its characteristic. Let X be an elliptic curve over K. To simplify we assume

### Finite Fields and Error-Correcting Codes

Lecture Notes in Mathematics Finite Fields and Error-Correcting Codes Karl-Gustav Andersson (Lund University) (version 1.013-16 September 2015) Translated from Swedish by Sigmundur Gudmundsson Contents

### Introduction to Algebraic Coding Theory

Introduction to Algebraic Coding Theory Supplementary material for Math 336 Cornell University Sarah A. Spence Contents 1 Introduction 1 2 Basics 2 2.1 Important code parameters..................... 4

### Recall that two vectors in are perpendicular or orthogonal provided that their dot

Orthogonal Complements and Projections Recall that two vectors in are perpendicular or orthogonal provided that their dot product vanishes That is, if and only if Example 1 The vectors in are orthogonal

### On an algorithm for classification of binary self-dual codes with minimum distance four

Thirteenth International Workshop on Algebraic and Combinatorial Coding Theory June 15-21, 2012, Pomorie, Bulgaria pp. 105 110 On an algorithm for classification of binary self-dual codes with minimum

### Integer Factorization using the Quadratic Sieve

Integer Factorization using the Quadratic Sieve Chad Seibert* Division of Science and Mathematics University of Minnesota, Morris Morris, MN 56567 seib0060@morris.umn.edu March 16, 2011 Abstract We give

### Associativity condition for some alternative algebras of degree three

Associativity condition for some alternative algebras of degree three Mirela Stefanescu and Cristina Flaut Abstract In this paper we find an associativity condition for a class of alternative algebras

### Similarity and Diagonalization. Similar Matrices

MATH022 Linear Algebra Brief lecture notes 48 Similarity and Diagonalization Similar Matrices Let A and B be n n matrices. We say that A is similar to B if there is an invertible n n matrix P such that

### Ideal Class Group and Units

Chapter 4 Ideal Class Group and Units We are now interested in understanding two aspects of ring of integers of number fields: how principal they are (that is, what is the proportion of principal ideals

### These axioms must hold for all vectors ū, v, and w in V and all scalars c and d.

DEFINITION: A vector space is a nonempty set V of objects, called vectors, on which are defined two operations, called addition and multiplication by scalars (real numbers), subject to the following axioms

### FUNCTIONAL ANALYSIS LECTURE NOTES: QUOTIENT SPACES

FUNCTIONAL ANALYSIS LECTURE NOTES: QUOTIENT SPACES CHRISTOPHER HEIL 1. Cosets and the Quotient Space Any vector space is an abelian group under the operation of vector addition. So, if you are have studied

### Continued Fractions and the Euclidean Algorithm

Continued Fractions and the Euclidean Algorithm Lecture notes prepared for MATH 326, Spring 997 Department of Mathematics and Statistics University at Albany William F Hammond Table of Contents Introduction

### Quadratic Equations in Finite Fields of Characteristic 2

Quadratic Equations in Finite Fields of Characteristic 2 Klaus Pommerening May 2000 english version February 2012 Quadratic equations over fields of characteristic 2 are solved by the well known quadratic

### The van Hoeij Algorithm for Factoring Polynomials

The van Hoeij Algorithm for Factoring Polynomials Jürgen Klüners Abstract In this survey we report about a new algorithm for factoring polynomials due to Mark van Hoeij. The main idea is that the combinatorial

### Cyclic Codes Introduction Binary cyclic codes form a subclass of linear block codes. Easier to encode and decode

Cyclic Codes Introduction Binary cyclic codes form a subclass of linear block codes. Easier to encode and decode Definition A n, k linear block code C is called a cyclic code if. The sum of any two codewords

### MATH10212 Linear Algebra. Systems of Linear Equations. Definition. An n-dimensional vector is a row or a column of n numbers (or letters): a 1.

MATH10212 Linear Algebra Textbook: D. Poole, Linear Algebra: A Modern Introduction. Thompson, 2006. ISBN 0-534-40596-7. Systems of Linear Equations Definition. An n-dimensional vector is a row or a column

### Orthogonal Diagonalization of Symmetric Matrices

MATH10212 Linear Algebra Brief lecture notes 57 Gram Schmidt Process enables us to find an orthogonal basis of a subspace. Let u 1,..., u k be a basis of a subspace V of R n. We begin the process of finding

### About the inverse football pool problem for 9 games 1

Seventh International Workshop on Optimal Codes and Related Topics September 6-1, 013, Albena, Bulgaria pp. 15-133 About the inverse football pool problem for 9 games 1 Emil Kolev Tsonka Baicheva Institute

### 11 Ideals. 11.1 Revisiting Z

11 Ideals The presentation here is somewhat different than the text. In particular, the sections do not match up. We have seen issues with the failure of unique factorization already, e.g., Z[ 5] = O Q(

### 7. Some irreducible polynomials

7. Some irreducible polynomials 7.1 Irreducibles over a finite field 7.2 Worked examples Linear factors x α of a polynomial P (x) with coefficients in a field k correspond precisely to roots α k [1] of

### Efficient Recovery of Secrets

Efficient Recovery of Secrets Marcel Fernandez Miguel Soriano, IEEE Senior Member Department of Telematics Engineering. Universitat Politècnica de Catalunya. C/ Jordi Girona 1 i 3. Campus Nord, Mod C3,

### N O T E S. A Reed Solomon Code Magic Trick. The magic trick T O D D D. M A T E E R

N O T E S A Reed Solomon Code Magic Trick T O D D D. M A T E E R Howard Community College Columbia, Maryland 21044 tmateer@howardcc.edu Richard Ehrenborg [1] has provided a nice magic trick that can be

### 17. Inner product spaces Definition 17.1. Let V be a real vector space. An inner product on V is a function

17. Inner product spaces Definition 17.1. Let V be a real vector space. An inner product on V is a function, : V V R, which is symmetric, that is u, v = v, u. bilinear, that is linear (in both factors):

### 1 Polyhedra and Linear Programming

CS 598CSC: Combinatorial Optimization Lecture date: January 21, 2009 Instructor: Chandra Chekuri Scribe: Sungjin Im 1 Polyhedra and Linear Programming In this lecture, we will cover some basic material

### GROUP ALGEBRAS. ANDREI YAFAEV

GROUP ALGEBRAS. ANDREI YAFAEV We will associate a certain algebra to a finite group and prove that it is semisimple. Then we will apply Wedderburn s theory to its study. Definition 0.1. Let G be a finite

### Masao KASAHARA. Public Key Cryptosystem, Error-Correcting Code, Reed-Solomon code, CBPKC, McEliece PKC.

A New Class of Public Key Cryptosystems Constructed Based on Reed-Solomon Codes, K(XII)SEPKC. Along with a presentation of K(XII)SEPKC over the extension field F 2 8 extensively used for present day various

### A New, Publicly Veriable, Secret Sharing Scheme

Scientia Iranica, Vol. 15, No. 2, pp 246{251 c Sharif University of Technology, April 2008 A New, Publicly Veriable, Secret Sharing Scheme A. Behnad 1 and T. Eghlidos A Publicly Veriable Secret Sharing

### SOLVING POLYNOMIAL EQUATIONS BY RADICALS

SOLVING POLYNOMIAL EQUATIONS BY RADICALS Lee Si Ying 1 and Zhang De-Qi 2 1 Raffles Girls School (Secondary), 20 Anderson Road, Singapore 259978 2 Department of Mathematics, National University of Singapore,

### SOLVING QUADRATIC EQUATIONS OVER POLYNOMIAL RINGS OF CHARACTERISTIC TWO

Publicacions Matemàtiques, Vol 42 (1998), 131 142. SOLVING QUADRATIC EQUATIONS OVER POLYNOMIAL RINGS OF CHARACTERISTIC TWO Jørgen Cherly, Luis Gallardo, Leonid Vaserstein and Ethel Wheland Abstract We

### VARIABLE fractional delay (VFD) digital filter design has

86 IEEE TRANSACTIONS ON CIRCUITS AND SYSTEMS II: EXPRESS BRIEFS, VOL. 54, NO. 1, JANUARY 2007 Design of 1-D Stable Variable Fractional Delay IIR Filters Hui Zhao Hon Keung Kwan Abstract In this brief,

### I. INTRODUCTION. of the biometric measurements is stored in the database

122 IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL 6, NO 1, MARCH 2011 Privacy Security Trade-Offs in Biometric Security Systems Part I: Single Use Case Lifeng Lai, Member, IEEE, Siu-Wai

### FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z

FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z DANIEL BIRMAJER, JUAN B GIL, AND MICHAEL WEINER Abstract We consider polynomials with integer coefficients and discuss their factorization

### Towards High Security and Fault Tolerant Dispersed Storage System with Optimized Information Dispersal Algorithm

Towards High Security and Fault Tolerant Dispersed Storage System with Optimized Information Dispersal Algorithm I Hrishikesh Lahkar, II Manjunath C R I,II Jain University, School of Engineering and Technology,

### 1 Sets and Set Notation.

LINEAR ALGEBRA MATH 27.6 SPRING 23 (COHEN) LECTURE NOTES Sets and Set Notation. Definition (Naive Definition of a Set). A set is any collection of objects, called the elements of that set. We will most

### Some Polynomial Theorems. John Kennedy Mathematics Department Santa Monica College 1900 Pico Blvd. Santa Monica, CA 90405 rkennedy@ix.netcom.

Some Polynomial Theorems by John Kennedy Mathematics Department Santa Monica College 1900 Pico Blvd. Santa Monica, CA 90405 rkennedy@ix.netcom.com This paper contains a collection of 31 theorems, lemmas,

### Factoring of Prime Ideals in Extensions

Chapter 4 Factoring of Prime Ideals in Extensions 4. Lifting of Prime Ideals Recall the basic AKLB setup: A is a Dedekind domain with fraction field K, L is a finite, separable extension of K of degree

PYTHAGOREAN TRIPLES KEITH CONRAD 1. Introduction A Pythagorean triple is a triple of positive integers (a, b, c) where a + b = c. Examples include (3, 4, 5), (5, 1, 13), and (8, 15, 17). Below is an ancient

### Comparative Analysis for Performance acceleration of Modern Asymmetric Crypto Systems

J. of Comp. and I.T. Vol. 3(1&2), 1-6 (2012). Comparative Analysis for Performance acceleration of Modern Asymmetric Crypto Systems RAJ KUMAR 1 and V.K. SARASWAT 2 1,2 Department of Computer Science, ICIS

### Lecture Notes on Polynomials

Lecture Notes on Polynomials Arne Jensen Department of Mathematical Sciences Aalborg University c 008 Introduction These lecture notes give a very short introduction to polynomials with real and complex

### ON UNIQUE FACTORIZATION DOMAINS

ON UNIQUE FACTORIZATION DOMAINS JIM COYKENDALL AND WILLIAM W. SMITH Abstract. In this paper we attempt to generalize the notion of unique factorization domain in the spirit of half-factorial domain. It

### NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES

NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,

### Quotient Rings and Field Extensions

Chapter 5 Quotient Rings and Field Extensions In this chapter we describe a method for producing field extension of a given field. If F is a field, then a field extension is a field K that contains F.

### MATH 590: Meshfree Methods

MATH 590: Meshfree Methods Chapter 7: Conditionally Positive Definite Functions Greg Fasshauer Department of Applied Mathematics Illinois Institute of Technology Fall 2010 fasshauer@iit.edu MATH 590 Chapter

### Linear Algebra. A vector space (over R) is an ordered quadruple. such that V is a set; 0 V ; and the following eight axioms hold:

Linear Algebra A vector space (over R) is an ordered quadruple (V, 0, α, µ) such that V is a set; 0 V ; and the following eight axioms hold: α : V V V and µ : R V V ; (i) α(α(u, v), w) = α(u, α(v, w)),

### F. ABTAHI and M. ZARRIN. (Communicated by J. Goldstein)

Journal of Algerian Mathematical Society Vol. 1, pp. 1 6 1 CONCERNING THE l p -CONJECTURE FOR DISCRETE SEMIGROUPS F. ABTAHI and M. ZARRIN (Communicated by J. Goldstein) Abstract. For 2 < p

This page intentionally left blank Coding Theory A First Course Coding theory is concerned with successfully transmitting data through a noisy channel and correcting errors in corrupted messages. It is

### Integer roots of quadratic and cubic polynomials with integer coefficients

Integer roots of quadratic and cubic polynomials with integer coefficients Konstantine Zelator Mathematics, Computer Science and Statistics 212 Ben Franklin Hall Bloomsburg University 400 East Second Street

### 2.5 Gaussian Elimination

page 150 150 CHAPTER 2 Matrices and Systems of Linear Equations 37 10 the linear algebra package of Maple, the three elementary 20 23 1 row operations are 12 1 swaprow(a,i,j): permute rows i and j 3 3

### A Class of Three-Weight Cyclic Codes

A Class of Three-Weight Cyclic Codes Zhengchun Zhou Cunsheng Ding Abstract arxiv:30.0569v [cs.it] 4 Feb 03 Cyclic codes are a subclass of linear codes have alications in consumer electronics, data storage

### Modern Algebra Lecture Notes: Rings and fields set 4 (Revision 2)

Modern Algebra Lecture Notes: Rings and fields set 4 (Revision 2) Kevin Broughan University of Waikato, Hamilton, New Zealand May 13, 2010 Remainder and Factor Theorem 15 Definition of factor If f (x)

### Numerical Analysis Lecture Notes

Numerical Analysis Lecture Notes Peter J. Olver 5. Inner Products and Norms The norm of a vector is a measure of its size. Besides the familiar Euclidean norm based on the dot product, there are a number

### MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES

MA257: INTRODUCTION TO NUMBER THEORY LECTURE NOTES 2016 47 4. Diophantine Equations A Diophantine Equation is simply an equation in one or more variables for which integer (or sometimes rational) solutions

### Optimal Index Codes for a Class of Multicast Networks with Receiver Side Information

Optimal Index Codes for a Class of Multicast Networks with Receiver Side Information Lawrence Ong School of Electrical Engineering and Computer Science, The University of Newcastle, Australia Email: lawrence.ong@cantab.net

### CURVES WHOSE SECANT DEGREE IS ONE IN POSITIVE CHARACTERISTIC. 1. Introduction

Acta Math. Univ. Comenianae Vol. LXXXI, 1 (2012), pp. 71 77 71 CURVES WHOSE SECANT DEGREE IS ONE IN POSITIVE CHARACTERISTIC E. BALLICO Abstract. Here we study (in positive characteristic) integral curves

### Introduction to Finite Fields (cont.)

Chapter 6 Introduction to Finite Fields (cont.) 6.1 Recall Theorem. Z m is a field m is a prime number. Theorem (Subfield Isomorphic to Z p ). Every finite field has the order of a power of a prime number

### Factorization Algorithms for Polynomials over Finite Fields

Degree Project Factorization Algorithms for Polynomials over Finite Fields Sajid Hanif, Muhammad Imran 2011-05-03 Subject: Mathematics Level: Master Course code: 4MA11E Abstract Integer factorization is

### MATH 2030: SYSTEMS OF LINEAR EQUATIONS. ax + by + cz = d. )z = e. while these equations are not linear: xy z = 2, x x = 0,

MATH 23: SYSTEMS OF LINEAR EQUATIONS Systems of Linear Equations In the plane R 2 the general form of the equation of a line is ax + by = c and that the general equation of a plane in R 3 will be we call

### Lecture 18 - Clifford Algebras and Spin groups

Lecture 18 - Clifford Algebras and Spin groups April 5, 2013 Reference: Lawson and Michelsohn, Spin Geometry. 1 Universal Property If V is a vector space over R or C, let q be any quadratic form, meaning

### 3 1. Note that all cubes solve it; therefore, there are no more

Math 13 Problem set 5 Artin 11.4.7 Factor the following polynomials into irreducible factors in Q[x]: (a) x 3 3x (b) x 3 3x + (c) x 9 6x 6 + 9x 3 3 Solution: The first two polynomials are cubics, so if

### ON GALOIS REALIZATIONS OF THE 2-COVERABLE SYMMETRIC AND ALTERNATING GROUPS

ON GALOIS REALIZATIONS OF THE 2-COVERABLE SYMMETRIC AND ALTERNATING GROUPS DANIEL RABAYEV AND JACK SONN Abstract. Let f(x) be a monic polynomial in Z[x] with no rational roots but with roots in Q p for

### Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

### A Factoring and Discrete Logarithm based Cryptosystem

Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques

### The Characteristic Polynomial

Physics 116A Winter 2011 The Characteristic Polynomial 1 Coefficients of the characteristic polynomial Consider the eigenvalue problem for an n n matrix A, A v = λ v, v 0 (1) The solution to this problem