Two Families of Optimal Binary Linear Complementary Pairs of Codes

Abstract

The optimal security parameters for binary linear complementary pair (LCP) codes are open. Inspired by this, we study LCPs of codes. In this paper, we construct two families of optimal binary LCPs of codes.

1. Introduction

Let q be a prime power and let ${\mathbb{F}}_q$ denote the finite field with q elements. A pair of linear codes $(\mathcal{C}, \mathcal{D})$ of length n over ${\mathbb{F}}_q$ is called a linear complementary pair (LCP) [1] if their direct sum $\mathcal{C}\oplus \mathcal{D}$ produces a full space ${\mathbb{F}}_q^n$. $(\mathcal{C}, \mathcal{D})$ is an LCP of codes, which means that the two codes $\mathcal{C}, \mathcal{D}$ have complementary dimensions and a trivial intersection. If the dimension of $\mathcal{C}$ is k, then $(\mathcal{C}, \mathcal{D})$ is called an $[n, k]$ LCP of codes. In special cases, when $(\mathcal{C}, {\mathcal{C}}^{\perp })$ is an LCP of codes, $\mathcal{C}$ is called a linear complementary dual (LCD) code. In recent years, there has been a lot of research on LCD codes (see [2,3,4,5,6,7,8,9,10,11]), but there is relatively little research specifically focused on the LCPs of codes. The LCD and LCPs of codes have been used in the framework of direct sum masking and haves been proposed as countermeasures against side channel attacks (SCAs) and fault injection attacks (FIAs) ([12,13,14]). In this application, the minimum distance $d\left(\mathcal{C}\right)$ is used to measure protection against FIA, whereas the minimum distance $d\left({\mathcal{D}}^{\perp }\right)$ of the dual of the second code is used to measure protection against SCA. The joint security against the two attacks is provided by $min\{d\left(\mathcal{C}\right), d\left({\mathcal{D}}^{\perp }\right)\}$, which is known as the security parameter of the LCP of codes. Note that in the case of an LCD code $\mathcal{C}$, the security parameter is only $d\left(\mathcal{C}\right)$.

Carlet et al. [15] proved that there is a monomial transformation (equivalence) $\sigma$ on ${\mathbb{F}}_q^n$ such that $(\mathcal{C}, {\sigma \left(\mathcal{C}\right)}^{\perp })$ is LCP, where $\mathcal{C}$ is a nonbinary $[n, k, d]$ linear code on ${\mathbb{F}}_q$. In this case, the security parameter is only d, where $d=d\left(\mathcal{C}\right)=d\left(\sigma \right(\mathcal{C}\left)\right)$. Therefore, the best security parameter problem for the nonbinary LCP of codes is settled. In addition, the same article showed that an $[n, k, d]$ binary code can produce a binary LCP of codes $(\mathcal{C}, \mathcal{D})$ with $d\left(\mathcal{C}\right)=d\left({\mathcal{D}}^{\perp }\right)\ge d-1$. Therefore, the best security parameter for binary LCPs of codes is open for further study. We set

$$d_{LCP}(n, k)=max\{min\{d\left(\mathcal{C}\right), d\left({\mathcal{D}}^{\perp }\right)\}:(\mathcal{C}, \mathcal{D})isan[n, k]binaryLCP\}.$$

Let $d_{LCP}(n, k)$ represent the highest minimum distance among $[n, k]$ binary LCD codes, and $d_L(n, k)$ represent the highest minimum distance among binary linear $[n, k]$ codes; then,

$$d_{LCD}(n, k)\le d_{LCP}(n, k)\le d_L(n, k).$$

If the minimum distance of an $[n, k]$ linear code is $d_L(n, k)$, then we say the linear code is optimal. If the security parameter of an $[n, k]$ LCP of codes $(\mathcal{C}, \mathcal{D})$ is $d_L(n, k)$, then we say the LCP of codes $(\mathcal{C}, \mathcal{D})$ is optimal.

The results in [15] yielded that $d_{LCD}(n, k)\ge d_L(n, k)-1$. For $n\le 18$ or $k\le 4$, the best security parameters of binary $[n, k]$ LCPs of codes were determined in [16]. Moreover, the authors described a sufficient condition for $d_{LCD}(n, k)=d_L(n, k)-1$ and gave a conjecture of a necessary condition. An infinite family of optimal binary LCPs of codes were constructed from Solomon–Stiffler codes by G$\ddot{u}$neri [17]. Li et al. [18] solved an open problem proposed by Carlet et al. [15] and showed a conjecture proposed by Choi et al. [16]. Moreover, the authors also studied linear complementary pairs of codes in [19,20].

This paper is organized as follows. In Section 2, we give some notations and preliminaries. In Section 3, we study binary LCPs of codes and construct two families of optimal binary LCPs of codes. We conclude the paper in Section 4.

2. Preliminaries

Definition 1

(Walsh spectrum). If $\alpha \in {\mathbb{F}}_{2^k}^{*}$, the Walsh transform of $f\left(x\right)$ is defined as

$$\begin{array}{c}\hfill W_f\left(\alpha \right)=\sum _{x\in {\mathbb{F}}_{2^k}}{(-1)}^{f\left(x\right)+{\mathrm{Tr}}_2^{2^k}\left(\alpha x\right)}.\end{array}$$

Lemma 1

([21]). Let $\Omega =\{E_i\le {\mathbb{F}}_2^{2k}:{dim}_{{\mathbb{F}}_2}{E}_i=k, E_i\cap E_j=\left\{\mathbf{0}\right\}\}$, then $\mathbf{z}\perp E_i$ and $\mathbf{z}\perp E_j$ if and only if $\mathbf{z}=\mathbf{0}$, where $E_i, E_j\in \mathrm{\Omega }, i\ne j$, and $\mathbf{z}\in {\mathbb{F}}_2^{2k}$.

Lemma 2.

For any k-dimensional subspace E of ${\mathbb{F}}_2^{2k}$,

$$\begin{array}{c}\hfill \sum _{\mathbf{x}\in E}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y(\mathbf{a}·\mathbf{x})}=\left\{\begin{array}{cc}{2}^{k+1},\hfill & \mathrm{if}\mathbf{a}\perp E,\hfill \\ 2^k,\hfill & \mathrm{if}\mathbf{a}\cancel{\perp }E,\hfill \end{array}\right.\end{array}$$

where $\mathbf{a}\ne \left\{\mathbf{0}\right\}$.

Lemma 3

([22]). For any positive integer k and arbitrary $a\in {\mathbb{F}}_{2^k}^{*}$, the Walsh spectrum of ${\mathrm{Tr}}_2^{2^k}\left(a{x}^{-1}\right)$ defined on ${\mathbb{F}}_{2^k}$ can take any value divisible by 4 in the range $[-2^{{\displaystyle \frac{k}{2}}+1}+1, 2^{{\displaystyle \frac{k}{2}}+1}+1]$.

The following is the well-known Griesmer bound on the length of a linear code.

Lemma 4

(Griesmer bound). For any $[n, \kappa , d]$ linear code over ${\mathbb{F}}_2$, we have

$$n\ge \sum _{i=0}^{\kappa -1}\lceil {\displaystyle \frac{d}{2^i}}\rceil ,$$

where $\lceil x\rceil$ denotes the smallest integer greater than or equal to x.

For any $[n, \kappa , d]$ binary linear code, if $n={\sum }_{i=0}^{\kappa -1}\lceil {\displaystyle \frac{d}{2^i}}\rceil$, then we say that this code meets the Griesmer bound. In general, a binary linear code is called optimal if there is no binary linear code with parameters $[n, \kappa +1, d]$ [23]. We can easily verify that any linear code meeting the Griesmer bound is optimal. In this paper, we focus on optimizing the largest d for the binary linear code with a given length n and dimension $\kappa$.

For an $[n, \kappa , d]$ binary linear code, we say that this code is distance-optimal if there is no $[n, \kappa , d+1]$ linear code over ${\mathbb{F}}_2$. When the lengths and dimensions of linear codes are fixed, there are many references on finding the largest d—see [23,24,25,26], for instance—and in these references, the same notation “distance-optimal” has been mentioned. Any binary linear code $[n, \kappa , d]$ is distance-optimal provided that

$$n<\sum _{i=0}^{\kappa -1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil .$$

3. Two Families of Optimal Binary LCPs of Codes

Let $k>2$ be any integer and ${\mathrm{Tr}}_2^{2^{2k}}$ denote the trace function from ${\mathbb{F}}_{2^{2k}}$ onto ${\mathbb{F}}_2$, ${\mathrm{Tr}}_2^{2^k}$ denote the trace function from ${\mathbb{F}}_{2^k}$ onto ${\mathbb{F}}_2$, and ${\mathrm{Tr}}_{2^k}^{2^{2k}}$ denote the trace function from ${\mathbb{F}}_{2^{2k}}$ onto ${\mathbb{F}}_{2^k}$. Following the approach in [27], for any set $D=\{d_1, d_2, \cdots , d_n\}\subseteq {\mathbb{F}}_{2^{2k}}^{*}$, we define a linear code of length n over ${\mathbb{F}}_2$ by

$${\mathcal{C}}_D=\{({\mathrm{Tr}}_2^{2^{2k}}\left(x{d}_1\right), {\mathrm{Tr}}_2^{2^{2k}}\left(x{d}_2\right), \cdots , {\mathrm{Tr}}_2^{2^{2k}}\left(x{d}_n\right)):x\in {\mathbb{F}}_{2^{2k}}\},$$

and call D the defining set of ${\mathcal{C}}_D$.

In fact, ${\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)=\mathbf{a}·\mathbf{x}$, where $\mathbf{a}={(a_1, a_2, \cdots , a_{2k})}^T$ and $\mathbf{x}={(x_1, x_2, \cdots , x_{2k})}^T$ in ${\mathbb{F}}_2^{2k}$, and the Euclidean inner product of $\mathbf{a}$ and $\mathbf{x}$ is defined by

$$\begin{array}{c}\hfill \mathbf{a}·\mathbf{x}=\sum _{i=1}^{2k}{a}_i{x}_i.\end{array}$$

Hence ${\mathcal{C}}_D=\{(\mathbf{x}·{\mathbf{d}}_1, \mathbf{x}·{\mathbf{d}}_2, \cdots , \mathbf{x}·{\mathbf{d}}_n):\mathbf{x}\in {\mathbb{F}}_2^{2k}\}=\{{\mathbf{x}}^{T}G:\mathbf{x}\in {\mathbb{F}}_2^{2k}\}$, where G is an $2k\times n$ matrix over ${\mathbb{F}}_2$ constructed by the column vectors ${\mathbf{d}}_1, {\mathbf{d}}_2, \cdots , {\mathbf{d}}_n$, i.e., $G=[{\mathbf{d}}_1, {\mathbf{d}}_2, \cdots , {\mathbf{d}}_n]$.

In this paper, G is called a generalized generator matrix of a linear code ${\mathcal{C}}_D$ of length n over ${\mathbb{F}}_2$.

Construction 1.

Let α be a primitive element of ${\mathbb{F}}_{2^k}$, i.e., ${\mathbb{F}}_{2k}^{*}=⟨\alpha ⟩$. Let $F\left(x\right)$ be a one-to-one map from ${\mathbb{F}}_{2^k}$ to ${\mathbb{F}}_{2^k}$, and $F\left(0\right)=0$. Let $V_1=\{1, \alpha , \cdots , {\alpha }^{2^k-2}\}={\mathbb{F}}_{2k}^{*}$, $V_2=\{F\left(1\right), F\left(\alpha \right), \cdots , F\left({\alpha }^{2^k-2}\right)\}={\mathbb{F}}_{2k}^{*}$, and $U=\{u_1, u_2, \cdots , u_t\}$ be a t-subset of ${\mathbb{F}}_{2^{2k}}\setminus {\mathbb{F}}_{2^k}$. For $u_i, u_j\in U$, $u_i{V}_1\ne u_j{V}_1(i\ne j)$. Define

$$D_1=\{x, u_{1}x, u_{2}x, \cdots , u_{t}x:u_i\in U, x\in V_1\},$$

$$D_2=\{y, u_{1}x, u_{2}x, \cdots , u_{t}x:u_i\in U, x\in V_1, y\in V_2\}.$$

Using $D_1$ and $D_2$ as defining sets, we obtain binary linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ as

$${\mathcal{C}}_{D_1}=\{({\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_1\right), {\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_2\right), \cdots , {\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_n\right)):a\in {\mathbb{F}}_{2^{2k}}, d_i\in D_1\},$$

$${\mathcal{C}}_{D_2}=\{({\mathrm{Tr}}_2^{2^{2k}}\left(b{d}_1\right), {\mathrm{Tr}}_2^{2^{2k}}\left(b{d}_2\right), \cdots , {\mathrm{Tr}}_2^{2^{2k}}(b{d}_n)):b\in {\mathbb{F}}_{2^{2k}}, d_i\in D_2\}.$$

Remark 1.

Let $G_1$ and $G_2$ be the generator matrices of ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$. It is clear that $G_1$ and $G_2$ in construction 1 can be transformed into each other through column transformation (rearranging column vectors). Hence ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are always equivalent in Construction 1.

Theorem 1.

In Construction 1, the linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are binary linear codes with parameters $[(t+1)(2^k-1), 2k]$. Moreover, the weight distribution of ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are given in Table 1.

Table 1. The weight distribution of $C_{D_1}$ and $C_{D_2}$ in Theorem 1.

The Weight $\mathit{\omega }$ of Codewords	The Number of Codewords of Weight $\mathit{\omega }$
0	1
$t{2}^{k-1}$	$(t+1)(2^k-1)$
$(t+1)2^{k-1}$	$2^{2k}-(t+1)(2^k-1)-1$

Proof. 

It is clear that the binary linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ have length $n=(t+1)(2^k-1)$. The Hamming weight $\mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)$ of a nonzero codeword ${\mathbf{c}}_{\mathbf{a}}={\left({\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)\right)}_{x\in D_1}$ of ${\mathcal{C}}_{D_1}$ can be calculated as follows:

$$\begin{array}{ccc}\hfill \mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)& =& ♯\{\mathbf{x}\in D_1:{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)\ne 0\}\hfill \\ & =& n-{\displaystyle \frac{1}{2}}\sum _{y\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in D_1}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{y\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in V_1}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}+\sum _{y\in {\mathbb{F}}_2}\sum _{i=1}^t\sum _{x\in u_i{V}_1}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{\mathbf{x}\in V_1}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}+\sum _{i=1}^t\sum _{x\in u_i{V}_1}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{\mathbf{x}\in V_1}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}+\sum _{i=1}^t\sum _{x\in u_i{V}_1}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{i=0}^t\sum _{\mathbf{x}\in E_i}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y(\mathbf{a}·\mathbf{x})}-2(t+1)),\hfill \end{array}$$

where $E_i$ can be viewed as a k-dimensional vector space over ${\mathbb{F}}_2$.

By Lemmas 1 and 2, we have

$$\begin{array}{c}\hfill \mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)=\left\{\begin{array}{cc}t{2}^{k-1},\hfill & \mathrm{if}\mathbf{a}\perp E_i,\hfill \\ (t+1)2^{k-1},\hfill & \mathrm{if}\mathbf{a}\cancel{\perp }{E}_i.\hfill \end{array}\right.\end{array}$$

Since the Hamming weight of any nonzero codeword ${\mathbf{c}}_{\mathbf{a}}\in {\mathcal{C}}_{D_1}$ is not equal to 0, then we get that the dimension of $C_{D_1}$ is $2k$.

By similar arguments as $C_{D_1}$, we can obtain the weight distribution of $C_{D_2}$ is same to $C_{D_1}$. This completes the proof of this theorem. □

Theorem 2.

If $k+t>2^k$, then the linear codes $C_{D_1}$ and $C_{D_2}$ defined in Theorem 1 are distance-optimal with respect to the Griesmer bound.

Proof. 

By Lemma 4, we only need to prove that

$$n<\sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil .$$

Note that

$$\begin{array}{ccc}\hfill \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil & =& \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{t{2}^{k-1}+1}{2^i}}\rceil \hfill \\ & =& \sum _{i=0}^{k-1}\lceil t{2}^{k-1-i}+{\displaystyle \frac{1}{2^i}}\rceil +\sum _{i=k}^{2k-1}\lceil {\displaystyle \frac{t{2}^{k-1}+1}{2^i}}\rceil \hfill \\ & =& t(2^k-1)+k+\sum _{i=k}^{2k-1}\lceil {\displaystyle \frac{t{2}^{k-1}}{2^i}}+{\displaystyle \frac{1}{2^i}}\rceil \hfill \\ & \ge & t(2^k-1)+k+\sum _{i=k}^{2k-1}\lceil {\displaystyle \frac{t{2}^{k-1}}{2^i}}\rceil \hfill \\ & \ge & t(2^k-1)+k+\lceil \sum _{i=k}^{2k-1}t{2}^{k-1-i}\rceil \hfill \\ & =& t(2^k-1)+k+\lceil t(1-{\displaystyle \frac{1}{2^k}})\rceil \hfill \\ & =& t(2^k-1)+k+\lceil t-{\displaystyle \frac{t}{2^k}}\rceil \hfill \\ & \ge & t(2^k-1)+k+t-1.\hfill \end{array}$$

Then we get that

$$\begin{array}{ccc}\hfill \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil & \ge & t(2^k-1)+k+t-1\hfill \\ & >& (t+1)(2^k-1)=n\hfill \end{array}$$

for $k+t>2^k$. This completes the proof. □

Lemma 5.

The linear codes $C_{D_1}$ and $C_{D_2}$ defined in Theorem 1. Then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP if and only if $W_f\left(c\right)\equiv 1\mathrm{or}3mod4$, where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$, $a, b\in {\mathbb{F}}_{2^{2k}}^{*}$.

Proof. 

$({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an LCP of codes means that the two codes ${\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp }$ have complementary dimensions, and they have a trivial intersection. By Theorem 1, it is clear that the dimension of ${\mathcal{C}}_{D_1}$ is equal to $2k$ and the dimension of ${\mathcal{C}}_{D_2}^{\perp }$ is equal to $n-2k$. Next, we just need to prove ${\mathcal{C}}_{D_1}\bigcap {\mathcal{C}}_{D_2}^{\perp }=\left\{\mathbf{0}\right\}$.

${\mathcal{C}}_{D_1}\bigcap {\mathcal{C}}_{D_2}^{\perp }=\left\{\mathbf{0}\right\}$ if and only if $\forall a\in {\mathbb{F}}_{2^{2k}}^{*}, \exists b\in {\mathbb{F}}_{2^{2k}}^{*}$, s.t. ${\mathbf{c}}_{\mathbf{a}}·{\mathbf{c}}_{\mathbf{b}}=1$, where ${\mathbf{c}}_{\mathbf{a}}={\left({\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)\right)}_{x\in D_1}, {\mathbf{c}}_{\mathbf{b}}={\left({\mathrm{Tr}}_2^{2^{2k}}\left(bx\right)\right)}_{x\in D_2}$.

Define $T_0=♯\{x\in {\mathbb{F}}_{2^k}^{*}:{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)=1\mathrm{and}{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(x\right)\right)=1\},$$T_i=♯\{x\in {\mathbb{F}}_{2^k}^{*}:{\mathrm{Tr}}_2^{2^{2k}}\left(a{u}_{i}x\right)=1\mathrm{and}{\mathrm{Tr}}_2^{2^{2k}}\left(b{u}_{i}x\right)=1\},$ where $1\le i\le t.$

Hence ${\mathcal{C}}_{D_1}\bigcap {\mathcal{C}}_{D_2}^{\perp }=\left\{\mathbf{0}\right\}$ if and only if $\forall a\in {\mathbb{F}}_{2^{2k}}^{*}, \exists b\in {\mathbb{F}}_{2^{2k}}^{*}$ s.t. ${\sum }_{i=0}^t{T}_i$ is odd, so if ${\sum }_{i=0}^t{T}_i$ is odd, then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP.

$$\begin{array}{ccc}\hfill T_0& =& {\displaystyle \frac{1}{4}}\sum _{y\in {\mathbb{F}}_2}\sum _{z\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}}{(-1)}^{y[{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)-1]+z[{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(x\right)\right)-1]}\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}}{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)+{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(x\right)\right)}]\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}}{(-1)}^{{\mathrm{Tr}}_2^{2^k}({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right)x)+{\mathrm{Tr}}_2^{2^k}({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)F\left(x\right))}]\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}}{(-1)}^{{\mathrm{Tr}}_2^{2^k}({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}x+F\left(x\right))}]\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+W_f({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1})],\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+W_f\left(c\right)],\hfill \end{array}$$

where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$.

$$\begin{array}{ccc}\hfill T_i& =& {\displaystyle \frac{1}{4}}\sum _{y\in {\mathbb{F}}_2}\sum _{z\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}}{(-1)}^{y[{\mathrm{Tr}}_2^{2^{2k}}\left(a{u}_{i}x\right)-1]+z[{\mathrm{Tr}}_2^{2^{2k}}\left(b{u}_{i}x\right)-1]}\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+1+\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}}{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left((a+b)u_{i}x\right)}]\hfill \\ & =& \left\{\begin{array}{cc}{2}^{k-1},\hfill & \mathrm{if}a=b,\hfill \\ 2^{k-2},\hfill & \mathrm{if}a\ne b.\hfill \end{array}\right.\hfill \end{array}$$

When $W_f\left(c\right)\equiv 1\mathrm{or}3mod4$, ${\sum }_{i=0}^t{T}_i$ is odd, hence $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP. This completes the proof. □

Theorem 3.

The linear codes $C_{D_1}$ and $C_{D_2}$ are defined in Theorem 1. If $k+t>2^k$ and $W_f\left(c\right)\equiv 1\mathrm{or}3mod4$, where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$, $a, b\in {\mathbb{F}}_{2^{2k}}^{*}$, then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

Proof. 

By Theorem 6, $d_{LCP}(n, 2k)=d_L(n, 2k)=t{2}^{k-1}$. Combining Lemma 5, it is clear that $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes. □

3.1. A Family of Optimal Binary LCPs of Codes from $x^{-1}$

Theorem 4.

The linear codes $C_{D_1}$ and $C_{D_2}$ defined in Theorem 1. Let $F\left(x\right)$ be the inverse function $x^{-1}$ of ${\mathbb{F}}_{2^k}$. When $k+t>2^k$, $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

Proof. 

By Lemmas 3, 5 and Theorem 6, it is clear that $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes. □

Example 1.

The linear codes $C_{D_1}$ and $C_{D_2}$ are defined in Theorem 4. Let $F\left(x\right)$ be the inverse function $x^{-1}$ of ${\mathbb{F}}_{2^k}$. Let $k=3, t=6$. With the help of Magma, we obtain that $C_{D_1}$ and $C_{D_2}$ are ${[49, 6, 24]}_2$ linear codes with weight enumerator $1+49z^{24}+14z^{28}$ and is distance-optimal with respect to the Griesmer bound. Note that $C_{D_1}$ and $C_{D_2}$ are equivalent. Moreover, $d_{LCP}(49, 6)=d_L(49, 6)=24$, and $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

Construction 2.

Let α be a primitive element of ${\mathbb{F}}_{2^k}$, i.e., ${\mathbb{F}}_{2^k}^{*}=⟨\alpha ⟩$. Let $F\left(x\right)$ be a one-to-one map from ${\mathbb{F}}_{2^k}$ to ${\mathbb{F}}_{2^k}$, and $F\left(\omega \right)=0, \omega \ne 0$. Let $V_1=\{1, \alpha , \cdots , {\alpha }^{2^k-2}\}$, $V_2=\{F\left(1\right), F\left(\alpha \right), \cdots , F\left({\alpha }^{2^k-2}\right)\}$, and $U=\{u_1, u_2, \cdots , u_{2^k}\}$ be a $2^k$-subset of ${\mathbb{F}}_{2^{2k}}\setminus {\mathbb{F}}_{2^k}$. For $u_i, u_j\in U$, $u_i{V}_1\ne u_j{V}_1(i\ne j)$. Define

$$D_1=\{x, u_{1}x, u_{2}x, \cdots , u_{t}x:u_i\in U, x\in V_1\}\setminus \left\{\omega \right\},$$

$$D_2=\{y, u_{1}x, u_{2}x, \cdots , u_{t}x:u_i\in U, x\in V_1, y\in V_2\}\setminus \left\{0\right\}.$$

Using $D_1$ and $D_2$ as defining sets, we obtain binary linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ as

$${\mathcal{C}}_{D_1}=\{({\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_1\right), {\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_2\right), \cdots , {\mathrm{Tr}}_2^{2^{2k}}\left(a{d}_n\right)):a\in {\mathbb{F}}_{2^{2k}}, d_i\in D_1\},$$

$${\mathcal{C}}_{D_2}=\{({\mathrm{Tr}}_2^{2^{2k}}\left(b{d}_1\right), {\mathrm{Tr}}_2^{2^{2k}}\left(b{d}_2\right), \cdots , {\mathrm{Tr}}_2^{2^{2k}}\left(b{d}_n\right)):b\in {\mathbb{F}}_{2^{2k}}, d_i\in D_2\}.$$

Remark 2.

Let $G_1$ and $G_2$ be the generator matrices of ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$. It is clear that $G_1$ and $G_2$ in Construction 2 can be transformed into each other through column transformation (rearranging column vectors). Hence ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are always equivalent in Construction 2.

Theorem 5.

In Construction 2, the linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are binary linear codes with parameters $[2^{2k}-2, 2k]$. Moreover, the weight distributions of ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ are given in Table 2.

Table 2. The weight distribution of $C_{D_1}$ and $C_{D_2}$ in Theorem 5.

The Weight $\mathit{\omega }$ of Codewords	The Number of Codewords of Weight $\mathit{\omega }$
0	1
$2^{2k-1}-1$	$2^{2k-1}$
$2^{2k-1}$	$2^{2k-1}-1$

Proof. 

It is clear that the binary linear codes ${\mathcal{C}}_{D_1}$ and ${\mathcal{C}}_{D_2}$ have lengths $n=2^{2k}-2$. The Hamming weight $\mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)$ of a nonzero codeword ${\mathbf{c}}_{\mathbf{a}}={\left({\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)\right)}_{x\in D_1}$ of ${\mathcal{C}}_{D_1}$ can be calculated as follows:

$$\begin{array}{ccc}\hfill \mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)& =& ♯\{\mathbf{x}\in D_1:{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)\ne 0\}\hfill \\ & =& n-{\displaystyle \frac{1}{2}}\sum _{y\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in D_1}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{y\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in V_1\setminus \omega }{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)}+\sum _{y\in {\mathbb{F}}_2}\sum _{i=1}^{2^k}\sum _{x\in u_i{V}_1}{(-1)}^{y{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{y\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}\setminus \omega }{(-1)}^{y{\mathrm{Tr}}_2^{2^k}\left({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right)x\right)}+\sum _{y\in {\mathbb{F}}_2}\sum _{i=1}^{2^k}\sum _{x\in u_i{V}_1}{(-1)}^{y({\mathrm{Tr}}_2^{2^{2k}}\left(a\right)x)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}\setminus \omega }\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y{\mathrm{Tr}}_2^{2^k}\left({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right)x\right)}+\sum _{i=1}^{2^k}\sum _{x\in u_i{V}_1}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y({\mathrm{Tr}}_2^{2^{2k}}\left(a\right)x)})\hfill \\ & =& n-{\displaystyle \frac{1}{2}}(-1-{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)}+\sum _{i=0}^{2^k}\sum _{\mathbf{x}\in E_i}\sum _{y\in {\mathbb{F}}_2}{(-1)}^{y(\mathbf{a}·\mathbf{x})}-2(2^k+1)),\hfill \end{array}$$

where $E_i$ can be viewed as a k-dimensional vector space over ${\mathbb{F}}_2$.

By Lemma 2, we have

$$\begin{array}{c}\hfill \mathrm{wt}\left({\mathbf{c}}_{\mathbf{a}}\right)=\left\{\begin{array}{cc}{2}^{2k-1}-1,\hfill & \mathrm{if}{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)=1,\hfill \\ 2^{2k-1},\hfill & \mathrm{if}{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)=0.\hfill \end{array}\right.\end{array}$$

Since the Hamming weight of any nonzero codeword ${\mathbf{c}}_{\mathbf{a}}\in {\mathcal{C}}_{D_1}$ is not equal to 0, then we get that the dimension of $C_{D_1}$ is $2k$.

By similar arguments as for $C_{D_1}$, we can obtain that the minimum distance of ${\mathcal{C}}_{D_2}$ is same to $C_{D_1}$. This completes the proof of this theorem. □

Theorem 6.

The linear codes $C_{D_1}$ and $C_{D_2}$ defined in Theorem 5 are distance-optimal with respect to the Griesmer bound.

Proof. 

By Lemma 4, we only need to prove that

$$n<\sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil .$$

Note that

$$\begin{array}{ccc}\hfill \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil & =& \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{2^{2k-1}}{2^i}}\rceil \hfill \\ & =& \sum _{i=0}^{2k-1}{2}^{2k-1-i}\hfill \\ & =& 2^{2k}-1.\hfill \end{array}$$

Then we get that

$$\begin{array}{ccc}\hfill \sum _{i=0}^{2k-1}\lceil {\displaystyle \frac{d+1}{2^i}}\rceil & >& 2^{2k}-2=n.\hfill \end{array}$$

This completes the proof. □

Lemma 6.

The linear codes $C_{D_1}$ and $C_{D_2}$ are defined in Theorem 5. Then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP if and only if the following conditions holds:

• $W_f\left(c\right)\equiv 0\mathrm{or}2mod4$ if ${\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)={\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)=1$,
• $W_f\left(c\right)\equiv 1\mathrm{or}3mod4$ if ${\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)+{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)\le 1$,

where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$, $a, b\in {\mathbb{F}}_{2^{2k}}^{*}$.

Proof. 

By Theorem 5, it is clear that the dimension of ${\mathcal{C}}_{D_1}$ is equal to $2k$ and the dimension of ${\mathcal{C}}_{D_2}^{\perp }$ is equal to $n-2k$. Next, we just need to prove ${\mathcal{C}}_{D_1}\bigcap {\mathcal{C}}_{D_2}^{\perp }=\left\{\mathbf{0}\right\}$.

Define $T_0=♯\{x\in {\mathbb{F}}_{2^k}^{*}\setminus \omega :{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)=1\mathrm{and}{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(x\right)\right)=1\},$$T_i=♯\{x\in {\mathbb{F}}_{2^k}^{*}:{\mathrm{Tr}}_2^{2^{2k}}\left(a{u}_{i}x\right)=1\mathrm{and}{\mathrm{Tr}}_2^{2^{2k}}\left(b{u}_{i}x\right)=1\},$ where $1\le i\le t.$

Since ${\mathcal{C}}_{D_1}\bigcap {\mathcal{C}}_{D_2}^{\perp }=\left\{\mathbf{0}\right\}$ if and only if $\forall a\in {\mathbb{F}}_{2^{2k}}^{*}, \exists b\in {\mathbb{F}}_{2^{2k}}^{*}$ s.t. ${\sum }_{i=0}^t{T}_i$ is odd, so if ${\sum }_{i=0}^t{T}_i$ is odd, then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP.

$$\begin{array}{ccc}\hfill T_0& =& {\displaystyle \frac{1}{4}}\sum _{y\in {\mathbb{F}}_2}\sum _{z\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}\setminus \omega }{(-1)}^{y[{\mathrm{Tr}}_2^{2^{2k}}\left(ax\right)-1]+z[{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(x\right)\right)-1]}\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k-1+{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)}+{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)}-{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)+{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)}\hfill \\ & +& \sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}}{(-1)}^{{\mathrm{Tr}}_2^{2^k}({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right)x)+{\mathrm{Tr}}_2^{2^k}({\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)F\left(x\right))}]\hfill \\ & =& \left\{\begin{array}{cc}{\displaystyle \frac{1}{4}}[2^k-4+W_f\left(c\right)],\hfill & \mathrm{if}{\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)={\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)=1,\hfill \\ {\displaystyle \frac{1}{4}}[2^k+W_f\left(c\right)],\hfill & \mathrm{otherwise},\hfill \end{array}\right.\hfill \end{array}$$

where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$, $a, b\in {\mathbb{F}}_{2^{2k}}^{*}$.

$$\begin{array}{ccc}\hfill T_i& =& {\displaystyle \frac{1}{4}}\sum _{y\in {\mathbb{F}}_2}\sum _{z\in {\mathbb{F}}_2}\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}}{(-1)}^{y[{\mathrm{Tr}}_2^{2^{2k}}\left(a{u}_{i}x\right)-1]+z[{\mathrm{Tr}}_2^{2^{2k}}\left(b{u}_{i}x\right)-1]}\hfill \\ & =& {\displaystyle \frac{1}{4}}[2^k+1+\sum _{\mathbf{x}\in {\mathbb{F}}_{2^k}^{*}}{(-1)}^{{\mathrm{Tr}}_2^{2^{2k}}\left((a+b)u_{i}x\right)}]\hfill \\ & =& \left\{\begin{array}{cc}{2}^{k-1},\hfill & \mathrm{if}a=b,\hfill \\ 2^{k-2},\hfill & \mathrm{if}a\ne b.\hfill \end{array}\right.\hfill \end{array}$$

Hence $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is LCP if and only if the following conditions holds:

• $W_f\left(c\right)\equiv 0\mathrm{or}2mod4$ if ${\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)={\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)=1$,
• $W_f\left(c\right)\equiv 1\mathrm{or}3mod4$ if ${\mathrm{Tr}}_2^{2^{2k}}\left(a\omega \right)+{\mathrm{Tr}}_2^{2^{2k}}\left(bF\left(\omega \right)\right)\le 1$,

where $f={\mathrm{Tr}}_2^{2^k}\left(F\left(x\right)\right)$ and $c={\mathrm{Tr}}_{2^k}^{2^{2k}}\left(a\right){{\mathrm{Tr}}_{2^k}^{2^{2k}}\left(b\right)}^{-1}$, $a, b\in {\mathbb{F}}_{2^{2k}}^{*}$.

This completes the proof. □

Theorem 7.

The linear codes $C_{D_1}$ and $C_{D_2}$ are defined in Theorem 5. If $F\left(x\right)$ satisfies the conditions of Lemma 6, then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

Proof. 

By Theorem 6, $d_{LCP}(n, 2k)=d_L(n, 2k)=2^{2k-1}-1$. Combining Lemma 6, it is clear that $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes. □

3.2. A Family of Optimal Binary LCPs of Codes from ${(x+1)}^{-1}$

Theorem 8.

The linear codes $C_{D_1}$ and $C_{D_2}$ are defined in Theorem 5. If $F\left(x\right)$ is the function ${(x+1)}^{-1}$ of ${\mathbb{F}}_{2^k}$, then $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

Proof. 

By Lemmas 3, 6 and Theorem 7, it is clear that $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes. □

Example 2.

The linear codes $C_{D_1}$ and $C_{D_2}$ defined in Theorem 8. Let $F\left(x\right)$ be the function ${(x+1)}^{-1}$ of ${\mathbb{F}}_{2^k}$. Let $k=4, t=16$. With the help of Magma, we obtain that $C_{D_1}$ and $C_{D_2}$ are ${[254, 8, 127]}_2$ linear codes with weight enumerator $1+128z^{127}+127z^{128}$ and are distance-optimal with respect to the Griesmer bound. Note that $C_{D_1}$ and $C_{D_2}$ are equivalent. Moreover, $d_{LCP}(254, 8)=d_L(254, 8)=127$, and $({\mathcal{C}}_{D_1}, {\mathcal{C}}_{D_2}^{\perp })$ is an optimal binary LCP of codes.

4. Conclusions

The best security parameter for binary LCPs of codes is open for further study. This is the motivation of our work. In this paper, we studied binary LCPs of codes and constructed two families of optimal binary LCPs of codes.