Relative generalized Hamming weights of q-ary Reed-Muller codes

Coset constructions of $q$-ary Reed-Muller codes can be used to store secrets on a distributed storage system in such a way that only parties with access to a large part of the system can obtain information while still allowing for local error-correction. In this paper we determine the relative generalized Hamming weights of these codes which can be translated into a detailed description of the information leakage [2, 24, 21, 11].


Introduction
Relative generalized Hamming weights (RGHWs) are useful tools for estimating the information leakage from wire-tap channels of type II when linear codes are used [19]. Similarly they describe the security in linear ramp secret sharing schemes [2,17,10]. We shall give a brief overview of their use in connection with secret sharing schemes. A linear ramp secret sharing scheme with n participants, secrets in (F q ) ℓ , and shares belonging to F q 1 can be described as follows [5]. Consider linear codes C 2 C 1 ⊂ (F q ) n with ℓ = dim(C 1 ) − dim(C 2 ) and let L ⊆ (F q ) n be (a linear code) such that C 1 = L ⊕ C 2 , where ⊕ is the direct sum. Consider a vector space isomorphism ψ : (F q ) ℓ → L. A secret s ∈ (F q ) ℓ is mapped to x = ψ( s) + c 2 ∈ C 1 , where c 2 ∈ C 2 is chosen by random. The n shares distributed among the n participants are the n coordinates of x. The parameters t and r of the scheme are the unique numbers such that: 1. No group of t participants can recover any information about s, but some groups of size t + 1 can. 2. All groups of size r can recover the secret in full, but some groups of size r − 1 cannot.
Only for ℓ = 1 we can hope for r = t + 1 in which case we have a complete picture of the security. Such schemes are called t-threshold secret sharing schemes. For general linear ramp secret sharing schemes we have the parameters t 1 , . . . , t ℓ , r 1 , . . . , r ℓ where for m = 1, . . . , ℓ, t m and r m are the unique numbers such that the following hold: 1. No group of t m participants can recover m q-bits of information about s, but some groups of size t m + 1 can. 2. All groups of size r m can recover m q-bits of information about s, but some groups of size r m − 1 cannot.
Clearly, t = t 1 and r = r ℓ . From [2, Th. 6.7], [17,Th. 4] and [10,Th. 6] we have the following characterization of these parameters: where M m (C 1 , C 2 ) is the m-th relative generalized Hamming weight for C 1 with respect to C 2 and (C) ⊥ denotes the dual code of C. Unfortunately, it is not easy to find the hierarchy of RGHWs of two general linear codes and only for a few classes of codes these parameters have been found or estimated. Actually -until recently -only for a single class of codes the parameters were known, namely MDS codes for which the situation is particular simple [19]. Recently a general method for estimating RGHWs of one-point algebraic geometric codes was proposed in [10] leading to a bound for Hermitian codes which is tight in some cases. In the present paper we show how to calculate RGHWs when both C 1 and C 2 are q-ary Reed-Muller codes. Such codes are particularly suited for secret sharing as the dual of a q-ary Reed-Muller code is also a q-ary Reed-Muller code -and by (1) and (2) we therefore can determine t m as well as r m , m = 1, . . . , ℓ. Also if one wants to apply such a scheme for the purpose of secure multiparty computation [7,8,4,9] then one would need to know the product C 2 = C * C of the involved codes. Here, C 2 = { a * b | a, b ∈ C} where for a = (a 1 , . . . , a n ), b = (b 1 , . . . , b n ), a * b = (a 1 b 1 , . . . , a n b n ). Also one might need to know higher powers C p . For a q-ary Reed-Muller code C the code C p is again a q-ary Reed-Muller code which is easy to determine. Our work is a non-trivial generalization of results by Heijnen and Pellikaan [13] who showed how to calculate generalized Hamming weights of q-ary Reed-Muller codes. Similar to Heijnen and Pellikaan we propose a low complexity method to derive the parameters, and for the situation where the codes are defined from polynomials in two variables we furthermore give closed formula expressions.
The paper is organized as follows. In Section 2 we introduce RGHWs and show how to estimate them using the footprint bound from Gröbner basis theory. This method is then applied to q-ary Reed-Muller codes in Section 3. In Section 4 we elaborate on the method and formalize our findings into an algorithm. For the special case of q-ary Reed-Muller codes defined from polynomials in two variables we then in Section 5 provide closed formula expressions. Finally, Section 6 is the conclusion.

Relative generalized Hamming weights
In this section we give the definition of relative generalized Hamming weights. We also introduce the footprint bound which will be useful when we want to calculate the RGHWs of q-ary Reed-Muller codes and we take the first step in this direction. A well-know concept in coding theory is the generalized Hamming weights [16,14,22] which we start by introducing. Recall that for D ⊆ (F q ) n the support of D is defined as The sequence (d 1 (C), . . . , d k (C)) is called the hierarchy of the GHWs of C.
In particular d 1 (C) is the minimum distance of C. The problem of computing the GHWs for binary Reed-Muller codes was solved in [22] and for general q-ary Reed-Muller codes in [13]. A further generalization of GHWs was introduced by Luo et al. in [19].
the codimension of C 1 and C 2 , and n the length of the codes. For m = 1, . . . , ℓ, the m-th relative generalized Hamming weight (RGHW) of C 1 with respect to C 2 is defined by If C 2 is the zero code { 0} then the m-th RGHW of C 1 with respect to C 2 is equivalent to the m-th GHW of C 1 . This fact should be more clear from the following result [18,Lem. 1].
This alternative characterization of RGHWs is useful when one considers q-ary Reed-Muller codes which we now define.
Definition 4. Let q be a power of a prime, u an integer, s a positive integer, and write n = q s . We enumerate the elements of (F q ) s as {P 1 , . . . , P n } and consider the evaluation map ϕ : F q [X 1 , . . . , X s ] → (F q ) n , ϕ(f ) = (f (P 1 ), . . . , f (P n )). The q-ary Reed-Muller code of order u in s variables is defined by In this paper we shall use the convention deg(0) = −1 and Throughout the rest of the paper we shall always write n = q s . Observe that the equality in (3) is a consequence of the fact that for any f ∈ F q [X 1 , . . . , X s ]. Here, the argument on the right side of (4) means the remainder of f after division with {X q 1 − X 1 , . . . , X q s − X s } (see [6,Sec. 2.3] for the multivariate division algorithm). Furthermore note that ϕ is surjective which is seen by applying Lagrange interpolation. Dimension considerations now show that the restriction of ϕ to the span of is a bijection and {ϕ(M) | M ∈ R s q } therefore is a basis for (F q ) n as a vector space. We write and X a = X a 1 1 · · · X as s for a = (a 1 , . . . , a s ) ∈ N s 0 . Hence, R s q = { X a | a ∈ Q s q }. Remark 5. From the above discussion we conclude that if D ⊆ RM q (u, s) is a subspace of dimension m then without loss of generality we may assume that D = span Fq {ϕ(F 1 ), . . . , ϕ(F m )} where the leading monomials (with respect to the given fixed monomial ordering ≺) satisfy lm ( For given D and fixed ≺ these leading monomials are unique.
We could calculate the RGHWs of q-ary Reed-Muller codes using the technique from [10] where the Feng-Rao bound for primary codes is employed. However, the simple algebraic structure of the q-ary Reed-Muller codes suggests that instead we should apply the footprint bound which we now introduce.  Th. 6] we have the following well-known result.
Theorem 7. Let the notation be as in Definition 6. The set {M + J | M ∈ ∆ ≺ (J)} is a basis for k[X 1 , . . . , X s ]/J as a vector space over k.
Example 2. This is a continuation of Example 1. From Theorem 7 and the fact that ϕ : R s q → (F q ) n is a bijection we conclude ∆ ≺ ( X q 1 − X 1 , . . . , X q s − X s ) = R s q .

5
Consider polynomials F 1 , . . . , F m ∈ F q [X 1 , . . . , X s ]. Let {Q 1 , . . . , Q N } be their common zeros over F q and define the vector space homomorphism ψ : . This map is surjective (Lagrange interpolation again) and as a corollary to Theorem 7 we therefore obtain the following incidence of the footprint bound. (For the general version of the footprint bound see [15] and [6,Pro. 8 ]. The number of common zeros of F 1 , . . . , F m over F q is at most equal to |∆ ≺ ( F 1 , . . . , F m , X q 1 − X 1 , . . . , X q s − X s )| (here, ≺ is any monomial ordering).
We note that actually equality holds in Lemma 8 (see [6,Pro. 8,Sec. 5.3]), but we shall not need this fact. To make Lemma 8 operational we recall the following notation from [3].
Definition 9. The partial ordering P on the monomials in R s q and on the elements in Q s q is defined by The partial ordering is not a total ordering; for example we neither have (3, 2) P (2, 3) nor (3, 2) P (2, 3).
An important tool for calculating RGHWs of q-ary Reed-Muller codes is the following corollary to Lemma 8.

Corollary 10. Consider any monomial ordering and let
Proof. The elements of D are linear combination of ϕ(F 1 ), . . . , ϕ(F m ), hence |supp(D)| equals the length n minus the number of common zeros of F 1 , . . . , F m over F q . By Lemma 8 we get and the proof is complete.
Interestingly for any choice of A as in Corollary 10 there exists some subspaces D for which the bound is sharp.

Proposition 11. Consider any monomial ordering and
Proof. From Corollary 10 we know that Now we want to prove the other inequality. Let F q = {γ 0 , . . . , γ q−1 } and a = (a 1 , . . . , a s ) ∈ Q s q , we write γ a = (γ a 1 , . . . , γ as ). For i = 1, . . . , m, we write the coordinates of a i as (a i,1 , a i,2 , . . . , a i,s ). We define the following subspace of (F q ) n : The last result is equivalent to saying that G i (γ a ) = 0 if and only if a ∈ ∇ a i . The support ofD is the union of all positions where some ϕ( The proof is complete. 7

GHWs and RGHWs of q-ary Reed-Muller codes
In this section we employ Proposition 11 to compute the hierarchy of RGHWs in the case that C 1 and C 2 are both q-ary Reed-Muller codes. The main result is Theorem 20. Recall that a q-ary Reed-Muller code is defined as Our method for calculating the hierarchy of RGHWs involves the anti lexicographic ordering on the monomials in R s q (and on the elements in Q s q ). To relate our findings to Heijnen and Pellikaan's work on GHWs we also need the lexicographic ordering on the same sets.

Definition 12.
The lexicographic ordering ≺ Lex on the monomials in R s q and on the elements in Q s q is defined by The anti lexicographic ordering ≺ A on the monomials in R s q and on the elements in Q s q is defined by From this example it is easy to see that the anti lexicographic ordering is not the inverse ordering of the lexicographic ordering. Recalling from Definition 9 the ordering P we note that if X a P X b (or a P b) then X a Lex X b and X a A X b (or a Lex b and a A b). The following concepts will be used extensively throughout our exposition.
The index q and the value s will be omitted in the rest of this section, thus instead we will use the notations F (a, b) and W (a, b), respectively. The sets N (a,b) (m) will play a crucial role in the following derivation of a formula for the RGHWs of q-ary Reed-Muller codes. The sets L (a,b) (m) shall help us establish the connection to the work by Heijnen and Pellikaan on GHWs. Their main result [13, Th. 5.10] is as follows: Before continuing our work on establishing the RGHWs we reformulate the expressions in (5). We shall need the following result corresponding to [13,Lem. 5.8].

Lemma 16. Let t be an integer satisfying
Then (a 1 , . . . , a s ) is the t-th element of Q s q with respect to the lexicographic ordering.
Also we shall need the bijection µ : Q s q → Q s q given by µ(a 1 , . . . , a s ) = (q − 1 − a s , . . . , q − 1 − a 1 ). Observe that µ has the properties For the proofs and other properties of µ we refer to Lemma 28 in Appendix A. Note that by the first property an element a in a subset A of Q s q is the t-th element in A using the anti lexicographic ordering if and only if µ( a) is the t-th element in µ(A) using the lexicographic ordering. We can now reformulate Theorem 15 into the following result which is not stated in [13].
Theorem 17. Let a be the r-th element in F (0, u 1 ) using the anti lexicographic ordering. Because F (0, u 1 ) ⊆ Q s q there exists t such that a is the t-th element in Q s q using the anti lexicographic ordering. We have Proof. By the properties of µ and using the lexicographic ordering, we have that where by Lemma 16 the last expression can be rewritten as From the third listed property of µ we obtain Having reformulated the formula by Heijnen and Pellikaan for GHWs we now continue our work on establishing a formula for the RGHWs. Consider C 2 = RM q (u 2 , s) C 1 = RM q (u 1 , s). Let ℓ be the codimension of C 1 and C 2 , then for m = 1, . . . , ℓ we have that Equation (6) corresponds to Theorem 3. Equation (7) follows from Remark 5 and the fact that D ⊆ C 1 implies lm(F i ) ∈ W (0, u 1 ), i = 1, . . . , m and from the fact that (7) with Proposition 11 we get The following lemma -which can be viewed as a generalization of [12, Th. 3.7.7] -is proved in Appendix A. A be a subset of F (a, b) consisting of m elements. Then  |∇N (a,b) (m)| ≤ |∇A|. (8) and Lemma 18.

Lemma 18. Let
We are now ready to present the generalization of Theorem 17 to RGHWs.
Theorem 20. Given C 2 = RM q (u 2 , s) C 1 = RM q (u 1 , s), let a be the mth element in F (u 2 + 1, u 1 ) with respect to the anti lexicographic ordering. Because F (u 2 + 1, u 1 ) ⊆ F (0, u 1 ) ⊆ Q s q there exist r and t such that a is the r-th element in F (0, u 1 ) and the t-th element in Q s q with respect to the anti lexicographic ordering. We have

Proof. By Proposition 19 we have already proved that
It remains to be proved that |∇N (u 2 +1,u 1 ) (m)| = t − r + m. Because a is the m-th element in F (u 2 + 1, u 1 ) and the r-th element in F (0, u 1 ) we have from which we derive The union in (9) involves two disjoint sets. Hence, From Theorem 17 we have |∇N (0,u 1 ) (r)| = t. Hence, we will be through if we can prove that We enumerate N (0,u 2 ) (r − m) = { a 1 , . . . , a r−m } according to the anti lexicographic ordering. We have We will prove that holds for i = 1, . . . , r − m.
Now we prove the other inclusion. Assume first a i ∈ F (u 2 , u 2 ). For t = 1, . . . , s we define b t = a i + e t where e t is the standard vector with 1 in the t-th position.
Assume next a i / ∈ F (u 2 , u 2 ). Again we define b t = a i + e t for t = 1, . . . , s.
Combining finally (12) and (11) we obtain By Definition 14 the last set is of size r − m and (10) follows. The proof is complete.
Consider the special case of Theorem 20 where C 2 = { 0} = RM q (−1, s). In this particular case we have -as already notedd m (C 1 ) = M m (C 1 , C 2 ). If we apply Theorem 20 and the notion in there then we obtain r = m and consequently M m (C 1 , C 2 ) = t. Theorem 17 gives us the same information d m (C 1 ) = t.
We illustrate the use of Theorem 17 and Theorem 20 with an example.

An algorithm to compute RGHWs
By Theorem 20 there are still two questions that need to be addressed: Q2 Given a ∈ F q ((a, b), s) how can we find the corresponding position t and r -with respect to the anti lexicographic ordering -in Q s q and in F q ((0, b), s), respectively?
In this section we give answers to these two questions. We start by providing an algorithm that solves the problem from question Q1. This algorithm is a generalizing of a method proposed in [13,Sec. 6]. Due to the nature of the algorithm from now on we will -in contrast to the previous section -use the full notation F q ((a, b), s), rather than just F q ((a, b)) (Definition 13).
We denote by ρ q ((a, b), s) and ρ q ((a, b), (v, w), s) the cardinality of F q ((a, b), s) and F q ((a, b), (v, w), s), respectively. Most of the time the index q will be omitted.

Theorem 22. Let q be a fixed prime power and consider non-negative integers
If these numbers are used as input to the procedure VECA in Figure 2 then  the output is the m-th element a = (a 1 , . . . , a s ) of F q ((a, b), (0, v) Therefore it equals (β 1 , . .
The proof is complete.
Note that for our purpose (that is, to answer Q1), the input V in the algorithm VECA shall always be equal to q − 1. The procedure VECA in Figure 2 uses the value ρ q ((A, B), S) for various choices of A, B, S. We therefore need an algorithm to compute this number.
Lemma 23. Let q be a prime power and onsider integers a, b, s with 0 ≤ a ≤ b ≤ s(q − 1) and s ≥ 1. We have Proof. We rewrite the first expression as follows By [20] and by Exercise 1.2.8 of [21] we have that Theorem 24. Let q be a prime power and consider a, b, s as in Lemma 23. If the procedure RHO (see Figure 3) is used with input a, b, s, q then it returns ρ q ((a, b), s).
Having answered question Q1 from the beginning of the section we now turn to question Q2. Given a ∈ F q ((a, b), s) we need a method to determine what are the corresponding positions r and t in F q ((0, b), s) and Q s q , respectively. The following proposition tells us how to find r. This is done by applying the formula (13) in there in combination with the algorithm RHO.
In particular if a = 0 then Proof. We must count the number of elements b = (b 1 , . . . , b s ) in F q ((a, b), s) which are smaller than or equal to a with respect to the anti lexicographic ordering. This number equals By the below Lemma 26, for j = 0, . . . , s − 1 we have and the proof is complete.
Setting a = 0 and b = s(q − 1) in Proposition 25 we could of course compute the t such that a is the t-th element of Q s q , but with the following reformulation of Lemma 25 we can calculate it much easier.
Lemma 27. The element (a 1 , . . . , a s ) ∈ Q s q is the t-th element of Q s q with respect to the anti lexicographic ordering where Proof. Recall from Section 3 the map µ : Q s q → Q s q , µ(a 1 , . . . , a s ) = (q − 1 − a s , . . . , q − 1 − a 1 ). By Lemma 16 µ(a 1 , . . . , a s Therefore (a 1 , . . . , a s ) is the t-th element of Q s q using the anti lexicographic ordering.
Summarizing this section: to find the m-th RGHW of C 1 = RM q (u 1 , s) with respect to C 2 = RM q (u 2 , s), we perform the following steps. 1. Find the m-th element (a 1 , . . . , a s ) of F q ((u 2 + 1, u 1 ), s) by using the algorithm VECA in Theorem 22 with input A = u 2 + 1, B = u 1 , V = q − 1, S = s, and M = m.

2.
Find the r-th position of (a 1 , . . . , a s ) in F q ((0, u 1 ), s) using Proposition 25 in combination with the algorithm RHO. 3. Find the t-th position of (a 1 , . . . , a s ) in Q s q using Lemma 27.
In the previous section we presented a method to calculate RGHWs for any set of q-ary Reed-Muller codes C i = RM q (u i , s), i = 1, 2. As an alternative, for q-ary Reed-Muller codes in two variables (which by Definition 4 means that s = 2) it is a manageable task to list closed formula expressions for all possible situations. This is done in the first half of the present section. Letting next u 2 = −1, corresponding to C 2 = { 0}, we in particular get closed formula expressions for the GHWs (such formulas -to the best of our knowledge -cannot be found in the literature). The formulas in the present section can be derived by applying Proposition 19 directly. We shall leave the details for the reader. To simplify the description we use the notation t = u 1 − u 2 which of course implies that u 1 = u 2 + t. Hence, throughout this section C 2 = RM q (u 2 , 2) and C 1 = RM q (u 2 + t, 2).

Formulas for RGHW
We have the following three cases.
We are now ready to prove Lemma 18. where the first and the last line is a consequence of the fact that µ is bijective, the second line follows from 9. in Lemma 29,the third line follows from Lemma 28, and the fourth line follows from 5. in Lemma 29.