Long quasi-polycyclic $t-$CIS codes

We study complementary information set codes of length $tn$ and dimension $n$ of order $t$ called ($t-$CIS code for short). Quasi-cyclic and quasi-twisted $t$-CIS codes are enumerated by using their concatenated structure. Asymptotic existence results are derived for one-generator and have co-index $n$ by Artin's conjecture for quasi cyclic and special case for quasi twisted. This shows that there are infinite families of long QC and QT $t$-CIS codes with relative distance satisfying a modified Varshamov-Gilbert bound for rate $1/t$ codes. Similar results are defined for the new and more general class of quasi-polycyclic codes introduced recently by Berger and Amrani.


Introduction
In [7] a new class of rate one-half binary codes is introduced: complementary information set codes. A binary linear code of length 2n and dimension n is called a complementary information set code (CIS code for short) if it has two disjoint information sets. The motivation was Booolean masking, a countermeasure aimed at avoiding information leak in cryptographic computations made in embarked electronics.
In this paper, we consider q-ary codes of rate 1/t that admit t ≥ 2 pairwise disjoint information sets. These codes are called complementary information set codes of order t (t−CIS code for short). These latter codes were introduced and studied for q = 2 in [6], where asymptotic existence results are derived for long linear CIS codes. In the present paper, we derive similar results for three algebraic classes of codes: quasi-cyclic (QC) codes, quasi-twisted (QT) codes and the more recent class of quasi-polycyclic (QPC) codes, introduced in [4], which contains the first two as subclasses. We also give some numerical examples in modest lengths. Since binary codes are more important for hardware implementations, we describe a process to derive binary CIS codes from 2 m -ary one for any integer m > 1.
The material is organized as follows. The next section collects the necessary notions and notations needed in the rest of the paper, as well as the process just mentioned. Section 3 gives some examples with optimum distance in modest lengths. Section 4 contains exact enumeration formulae. Section 5 builds on Section 4 to study the asymptotic performance of QC, QT, and QPC t-CIS codes. Section 6 extends these results to Z 4 -codes. Section 7 puts these results into perspective, and points out some challenging open problems.

Definitions and Background
A code C of length tn which has t pairwise disjoint information sets is called a tcomplementary information set (t-CIS) code. When these sets are made from consecutive integers, we call this partition the natural partition. We will make this assumption throughout the article for the CIS codes we study. These codes were introduced in [7] for t = 2 and later generalized in [6] to higher t's. Let us note that both articles study only binary codes.
We will assume throughout that the t-CIS code C dealt with is in standard form. Hence, if the alphabet of C is A, then C can be described as where F i 's are permutations of A n . Let us note that CIS codes can be studied both in linear and nonlinear cases. For a q-ary linear t-CIS code, A = F q and F i 's are F q -linear isomorphisms whereas for a Z 4 CIS code for instance, which is studied in [6,7], A = Z 4 and F i 's are simply permutations of Z n 4 . Note that for an F q -linear t-CIS code C, the following is a generating matrix in standard form G = (I n : where M 1 , . . . , M t−1 are n × n invertible matrices corresponding to the F q -linear isomorphisms F 1 , . . . , F t−1 . We will study CIS codes coming from codes over rings (i.e. R-submodule of R t , where R is a ring). The rings we analyze have the form where h(x) is some monic polynomial of degree n in F q [x]. The codes we study will be generated by one element as modules. In particular, the generator of the code C will be of the form which yields a corresponding generating matrix of size n × tn in systematic form where for all i, the matrix A i is a "circulant" matrix of size n×n corresponding to a i (x). More specifically, this means that the first row of A i is the x-expansion of a i (x) (i.e. simply coefficients) and the following rows are the x-expansions of xa i (x), For a general polynomial h(x) ∈ F q [x], we will call the codes in R t quasi-polycyclic (QPC). This kind of codes have been recently studied in [4] (see also [2]). If h(x) = x n − 1, then the related codes are quasi-cyclic (QC) codes of index t (see [15]) and A i 's are circulant matrices in the usual sense. If h(x) = x n − α for some α = 1, then the codes are called quasi-twisted (QT) of index t (see [13]). The case t = 2 and α = −1 amounts to double negacirculant codes ( [1]). We will assume for simplicity that h(x) is a separable (i.e. without repeated roots) polynomial in the QPC case. This assumption is easily made by saying that n is relatively prime to q in the QC and QT cases.
Whether such one-generator code families yield a CIS code (i.e. A i 's in (2) are all invertible) can be characterized by the polynomials a i (x) in (1). The following result is stated for QC codes in [6, Proposition 9.1]. We provide the general statement and its proof for completeness.
for a monic polynomial h of degree n. The code C in R t generated by one element as in (1) is t-CIS if and only if gcd(a i (x), h(x)) = 1 for all 1 ≤ i ≤ t − 1.
Proof. It suffices to show that each matrix A i in (2) is invertible, which amounts to showing that the rows coming from a i (x), xa i (x), . . . , x n−1 a i (x) mod h(x) are linearly independent over F q . Being coprime to h is equivalent to saying that a i (x) is invertible in R. Therefore, if there exist c 0 , c 1 , . . . , c n−1 ∈ F q , not all zero, such that c 0 a i (x) + c 1 xa i (x) + · · · + c n−1 x n−1 a i (x) = 0 in R, then there exists a nonzero polynomial c(x) = c 0 + c 1 x + · · · + c n−1 x n−1 ∈ R such that c(x)a i (x) = 0, which contradicts invertibility of a i (x).
Next we describe the Chinese Remainder Theorem (CRT) decomposition for QPC codes. This has been given in [15] for QC codes and in [13] for QT codes. Presentations in these mentioned articles are detailed and pay attention to reciprocals of the irreducible factors of x n − 1 and x n − α. Such care is needed especially for settling the precise relation to dual codes. Since we do not deal with duality here, we will have a simpler presentation.
Assume again that h(x) is separable and suppose it factors over F q into distinct irreducible polynomials as where degree of h i is d i ≥ 1 for each i. Then by CRT, we have the following ring isomorphism and this isomorphism naturally extends to Via this isomorphism, one can decompose the QPC code C = (1, a 1 (x), . . . , a t−1 (x)) into linear codes C i of length t over F q d i 's (for all i), which are called the constituents of C. The CRT isomorphism enables us to describe the constituents explicitly as where for each i, ξ i is a root of the irreducible polynomial h i in F q d i . Therefore for a one-generator QPC code C, each constituent is of length t and of dimension 1 over the related finite field. For applications, CIS codes over F 2 are more interesting. We will construct CIS codes over arbitrary fields F q in this article, but the following result shows that one can obtain a CIS code over a base field from a CIS code over an extension field. Proposition 2.2 Let q = 2 m and suppose C is a t-CIS code of length tk and dimension k over F q . Then there exists a binary t-CIS code of length mkt and dimension mk.
Proof. Let us denote tk by n. Let B = {e 1 , . . . , e m } be a basis of F q over F 2 and consider the This isomorphism naturally extends to the following F 2 -linear isomorphism: Then φ B (C) is a binary code of length mn and dimension mk. Suppose I ⊂ {1, . . . , n} is an information set for C and let G I be the k × k matrix over F q whose column indices are determined by I. Note that G I is a submatrix of a generating matrix G of C. Since G I is of full rank k, the image of the subcode generated by G I under φ B (i.e. φ B ( G I )) is a binary code of length and dimension mk over F 2 . If we write the coordinates in F mn 2 as {1, . . . , n} × {1, . . . , m}, then the above discussion shows that I × {1, . . . , m} is an information set for φ B (C). Since C is t-CIS, its coordinates have a partition into information sets I 1 , . . . , I t . Discussion above shows that I 1 × {1, . . . , m}, . . . , I t × {1, . . . , m} is a partition for the coordinates of φ B (C).

Numerical Examples
Assume that C is QC 2-CIS codes of length 2n and dimension n. The search was done in Magma [5], for q = 2 and random a 1 (x). Here, d is the minimum distance for QC 2-CIS codes that we computed, d * is the minimum distance for QC 2-CIS codes from [7], and d * * is the highest minimum distance of a linear code of given length and dimension [9].

t = 3
Assume that C is QC 3-CIS codes of length 3n and dimension n. The search was done in Magma [5], for q = 2 and random a i (x) where i = 1, 2. Here, d is the minimum distance for QC 3-CIS codes that we computed, d * is the minimum distance for QC 3-CIS codes from [6], and d * * is the highest minimum distance of a linear code of given length and dimension [9].

Quasi twisted t−CIS codes
Assume that C is QT 2-CIS codes of length 2n and dimension n. The search was done in Magma [5], for q = 4 and random a 1 (x). Here, d is the minimum distance for QT 2-CIS codes that we computed, and d * is the highest minimum distance of a linear code of given length and dimension [9].

t = 3
Assume that C is QT 3-CIS codes of length 3n and dimension n. The search was done in Magma [5], for q = 4 and random a i (x) where i = 1, 2. Here, d is the minimum distance for QT 3-CIS codes that we computed, and d * is the highest minimum distance of a linear code of given length and dimension [9]. Assume that C is QPC 2-CIS codes of length 2n and dimension n. The search was done in Magma [5], for q = 2 and random a 1 (x). Here, d is the minimum distance for QPC 2-CIS codes that we computed, and d * is the highest minimum distance of a linear code of given length and dimension [9].

t = 3
Assume that C is QPC 3-CIS codes of length 3n and dimension n. The search was done in Magma [5], for q = 2 and random a i (x) where i = 1, 2. Here, d is the minimum distance for QPC 3-CIS codes that we computed, and d * is the highest minimum distance of a linear code of given length and dimension [9].

Enumeration
We prove enumeration results, which will be used for asymptotic analysis in the next section.

Proposition 4.1 Let h(x) be a separable polynomial of degree n in F q [x]
with irreducible factorization as in (3) and consider one-generator QPC codes in R t . The number of such QPC t-CIS codes of length tn is Proof. By Proposition 2.1, for C = (1, a 1 (x), . . . , a t−1 (x)) to be t-CIS, the condition gcd(a j (x), h(x)) = 1 holds for all j. Therefore a j (x) does not vanish at any root of h and hence each constituent C i of C is of dimension one with a generator (1, a ′ 1 , . . . , a ′ t−1 ), where a ′ j ∈ F * q d i for all j. Hence there are q d i − 1 such constituents for each i and the product of all such choices yield all the one-generator t-CIS codes.
The following special cases for QC and QT t-CIS codes follow immediately from Proposition 4.1. These consequences will also be needed in the next section.
Corollary 4.2 Let n be a prime which is relatively prime to q. If x n − 1 factors as a product of two irreducible polynomials over F q as x n −1 = (x−1)m(x) , then the number of QC t-CIS codes over F q of length tn and index t is N = ((q − 1)(q n−1 − 1)) t−1 .

Corollary 4.3
Let q be a prime power, n ≥ 2 be an integer and α ∈ F * q . If x n − α is irreducible in F q [x], then the number of the QT t-CIS codes over F q of length tn and index t is N = (q n − 1) t−1 .

Asymptotics
Our first goal is to show that a class of t-CIS QPC codes satisfy a modified Gilbert-Varshamov bound. Recall that R denotes the ring F q [x]/ h(x) for the separable polynomial h of interest. We need some preparation.
Proof. By assumption on h, R t is isomorphic to F t q n/r ⊕ · · · ⊕ F t q n/r and the code C a has r constituents of dimension 1. Let us denote the image of (1, a 1 (x), . . . , a t−1 (x)) under the CRT isomorphism into the i th constituent by (1, a i 1 , . . . , a i t−1 ) (for 1 ≤ i ≤ r). The same notation is valid for the image of b = (b 0 (x), b 1 (x), . . . , b t−1 (x)) under CRT. Note that C a being CIS amounts to a i j being nonzero in F q n/r for all 1 ≤ j ≤ t − 1 and 1 ≤ i ≤ r. Observe that b ∈ C a amounts to following relations: If b i 0 = 0 for some fixed i, then b i j = 0 for all j, in which case a i j 's can be arbitrarily chosen from nonzero elements in F q n/r for all 1 ≤ j ≤ t − 1 (i.e. (q n/r − 1) t−1 choices for a i 1 , a i 2 , . . . , a i t−1 ). Since b is nonzero, at most r − 1 of b i 0 's can be zero. When b i 0 = 0 for a fixed i, a i j 's are uniquely determined by a i j = b i j /b i 0 for all 1 ≤ j ≤ t − 1. Hence, the maximum number of possible a choices so that b ∈ C a for an arbitrary b is obtained if b i 0 = 0 for r − 1 values of i. In this case there exist (q n/r − 1) (t−1)(r−1) possible a's containing the given b.
The following is also needed for the asymptotic result on a class of t-CIS QPC codes.
Lemma 5.2 Let q be a prime power and r be a fixed positive integer. There exists N > 0 such that for infinitely many n > N, there exist r distinct monic irreducible polynomials of degree n/r over F q .
Proof. The number of monic irreducible polynomials of degree n/r over F q is given by 1 n/r d| n r µ n rd q d .
Since q and r are fixed, this number is of the order of rq n/r /n for large n. So for large enough N and any n > N, we have r < rq n/r /n (or equivalently n < q n/r ) and therefore there exist r distinct monic irreducibles of equal degree n/r. It is clear from the enumeration formula of irreducible polynomials that for n ′ = n + r, there are more irreducible polynomials of degree (n + r)/r = n/r + 1, hence there are r distinct monic irreducibles of degree n/r + 1. The claim follows inductively.
Recall that the q-ary entropy function is defined for 0 < y < q−1 q by H q (y) = y log q (q − 1) − y log q (y) − (1 − y) log q (1 − y). Theorem 5.3 Let q be a fixed prime power and r be a fixed positive integer. Let h(x) ∈ F Q [x] be a polynomial which has r distinct monic irreducible factors h 1 , . . . , h r of equal degrees. Let C(r) denote the class of one-generator QPC codes with respect to such h. Then for all t ≥ 2, there exist infinitely many t-CIS QPC codes of rate 1/t in C(r), with relative distance δ satisfying Proof. Note that there exist codes of arbitrarily long lengths in C(r) by Lemma 5.2. The t−CIS QPC codes containing a vector of weight d ∼ tδn or less are by standard entropic estimates and Lemma 5.1 of the order (q n/r − 1) (t−1)(r−1) × q tnHq(δ) , up to subexponential terms. This number will be less than the total number of t−CIS QPC codes, which is by Proposition 4.1 of the order of (q n/r − 1) r(t−1) ∼ q n(t−1) .
Next we specialize to t-CIS QT codes. Now, R = F q [x]/ x n − α for some nonzero α ∈ F q . We will assume that x n − α is irreducible in F q [x]. By [14,Theorem 3.75], this is true if and only if the following two conditions are satisfied: (i) Each prime factor of n divides the order a of α in F * q , but does not divide (q−1)/a. (ii) q ≡ 1 (mod 4) if n ≡ 0 (mod 4).
Hence, there are infinitely many n such that Theorem 5.4 Let q be a prime power. For any fixed integer t ≥ 2, there are infinite families of t−CIS QT codes of rate 1/t and of relative distance δ satisfying H q (δ) ≥ t−1 t . Proof. The infinitude of n such that x n − α is irreducible in F q [x] is guaranteed by the result from [14] above. More specifically, if e is an integer dividing q − 1 such that (e, q−1 e ) = 1, and p is a prime divisor of e, then fixing an α of order e we see that for all i, the binomial . We complete the proof as a special case of r = 1 of Theorem 5.3.
We give one more asymptotic result, for t-CIS QC codes. We will consider x n − 1 ∈ F q [x] for a prime n. In number theory, Artin's conjecture on primitive roots states that if q is neither a perfect square nor −1, then q is a primitive root modulo infinitely many primes n ( [16]). This was proved conditionally under Generalized Riemann Hypothesis by Hooley [11]. In this case, by the correspondence between cyclotomic cosets and irreducible factors of x n − 1 [12], the factorization of x n − 1 into irreducible polynomials over F q contains exactly two factors, one of which is x − 1 ( [8]). Note the difference with QPC and QT cases considered above. So we need to prove the following claim.
Lemma 5.5 Let q be a prime power and n be a prime number which does not divide q. If b = (b 0 (x), b 1 (x), . . . , b t−1 (x)) ∈ R t is nonzero and of weight less than n in each coordinate in R t , then there exists at most one code C a = (1, a 1 (x), . . . , a t−1 (x)) ⊂ R t which is t-CIS QC and contains b.
Proof. We sketch a proof analogue to the one in [8] in the case t = 2. Denote by We discuss four cases depending on values of b 0 . If both b ′ 0 = 0, and b ′′ 0 = 0, then C a is unique.
The proof of the next result follows by Lemma 5.5, by an argument similar to that of Theorem 5.3, hence it is omitted.
Theorem 5.6 Let q be a prime power, and n be prime. If x n − 1 = (x − 1)u(x),with u irreducible, then for any fixed integer t ≥ 2, there are infinite families of t−CIS QC codes of index t, rate 1/t and of relative distance δ, satisfying H q (δ) ≥ t−1 t .

Z 4 -codes
Quasi-twisted (QT) Z 4 -codes have been introduced in [3]. Consider the ring R 4 (n) = Z 4 [x]/ x n + 1 . A QT code of index t and length tn over Z 4 is an R 4 (n)-submodule of R 4 (n) t . Note that there is a well-known ring isomorphism between R 4 (n) and the ring of negacirculant matrices of size n, over Z 4 . In particular such a code will be multinegacirculant of index t if its generator matrix is blocked as [I, A 1 , · · · , A t−1 ], with A i 's negacirculant matrices. Further, it will be t-CIS if each A i is invertible. Assume that over F 2 we have the factorization into two irreducibles x n + 1 = (x + 1)(x n−1 + · · · + x + 1).
As is well-known [8], this is equivalent to n being prime and 2 being primitive modulo n. Since n is odd, by Hensel lifting [10,17], we have the factorization This factorization yields the CRT decomposition R 4 (n) = Z 4 ⊕ GR(4, n − 1), where GR(4, d) denotes the Galois ring of characteristic 4 and size 4 d [10,17]. Denote by (a ′ i , a ′′ i ) the image of A i in that decomposition. The CIS-ness condition translates immediately into a ′ i = ±1, and the a ′′ i 's being units of GR(4, n − 1).
Theorem 6.1 Assume 2 to be primitive modulo n, a prime. Then for any fixed integer t ≥ 2, and large n, there are infinite families of t−CIS multinegacirculant Z 4 -codes of length n, rate 1/t and relative Lee distance δ satisfying H 2 (δ) ≥ t−1 t .
Proof. Note first, that there are infinitely many such n's under Artin's conjecture [16]. The number of QT Z 4 -codes of index t satisfying the said sufficient condition for CISness is easily seen to be (4 n − 2 n ) t−1 , since the number of units in Z 4 is 2, and the number of units in GR(4, d), for any integer d, is 4 d − 2 d [10,17]. The number of such CIS codes containing a nonzero given vector of Z tn 4 of weight < d is at most one, by an easy analogue of Lemma 5.5 . The size of the Lee ball of radius tδn in Z tn 4 equals, by Gray mapping, that the Hamming ball of radius 2tδn in F tn 2 . Both quantities are, for fixed t, and large n, asymptotically equivalent, up to subexponential terms to 2 2tnH 2 (δ) . The result follows by the usual expurgation argument.

Conclusion
In this paper, motivated by the security of embarked electronics, we have studied a class of combinatorial codes (CIS codes), from the viewpoint of asymptotic performance. The main tools of our study were the CRT and expurgated random coding. While the class of QC codes required the full force of Artin's conjecture, the asymptotics of QT codes only required some elementary results on factorization of polynomials over finite fields.
We emphasize the fact that QT codes are understudied in even characteristic. Our existence results might motivate further consideration of this class of codes in finite lengths. More generally, the new class of quasipolycyclic codes deserves further rexploration for a wider variety of polynomials h, beyond the separable case. In a general situation, chain rings will appear in the CRT decomposition, a fact which might complicate the algebraic analysis of the codes.