Decoding Linear Codes over Chain Rings Given by Parity Check Matrices

Abstract

We design a decoding algorithm for linear codes over finite chain rings given by their parity check matrices. It is assumed that decoding algorithms over the residue field are known at each degree of the adic decomposition.

1. Introduction

One of the first applications of linear codes whose underlying alphabet is not a finite field appears in [1], where nonlinear binary codes are built from ${\mathbb{Z}}_4$-linear codes by means of the Gray map. Since then, considerable research efforts have focused on linear codes having a finite ring R as their alphabet. Normally, R is assumed to enjoy suitable properties. For instance, Wood, in [2], states MacWilliams identities for finite Frobenius rings, extending the foundations of coding theory to linear codes over Frobenius rings. In [3] it is proven that finite Frobenius rings are Frobenius algebras over their characteristic subrings, which enriches the duality theory for linear codes over this kind of alphabet.

Feng et al. connect linear codes over finite chain rings to network coding in [4,5] by means of matrix channels. They provide a general description of linear codes over finite chain rings, where the $\mathfrak{m}$–adic decomposition is made with respect to any set of representatives containing the element zero.

Concerning efficient decoding algorithms, a framework for decoding linear codes over Galois rings is proposed in [6], which generalizes previous works like [7]. This decoding framework assumes that there is a chain of linear codes over the residue field which have efficient decoding algorithms. These codes are defined by their generating matrices.

In this paper we improve the decoding framework of [6] in two ways. In Appendix A we observe that the decoding scheme from [6] works, with slight modifications, over any finite chain ring and for any set of representatives containing 0 in each degree. Anyway, the efficiently decodable codes are still ordered in a chain. In Section 3 we introduce a new framework where the codes are provided by parity check matrices. This viewpoint has an advantage: the codes over the residue field which are associated to each degree in the corresponding $\mathfrak{m}$-adic decomposition do not need to be ordered in a chain. We gain thus flexibility to build them from codes over fields with good decoding algorithms. In Section 4, Smith normal form of matrices over chain rings are used to compute generating matrices from parity check ones. So a complete coding/decoding scheme is provided. We have also included the Sagemath code of the proposed framework in Appendix B.

2. Preliminaries

Throughout this paper, the word ring means finite commutative ring with identity. A ring is said to be a chain ring if its ideals form a chain under inclusion. Every chain ring is a local ring and, therefore, its elements admit “adic” expansions with respect to the maximal ideal. More precisely, let R be a finite local ring with maximal ideal $\mathfrak{m}$. Nakayama’s Lemma shows that the powers of $\mathfrak{m}$ form a finite chain with strict inclusions

$$R\supset \mathfrak{m}\supset \cdots \supset {\mathfrak{m}}^{\nu -1}\supset {\mathfrak{m}}^{\nu }=\{0\},$$

with ${\mathfrak{m}}^{\nu -1}\ne \{0\}$ for some positive integer $\nu$ called the nilpotency index of R. If R is a chain ring, then all its ideals appear in this chain.

Given $r\in R$, we set

$$deg(r)=max\{i\le \nu :r\in {\mathfrak{m}}^i\},$$

the degree of r. For $i=0,\dots ,\nu -1$ we consider the canonical projection maps

$${\pi }_i:{\mathfrak{m}}^i\to {\mathfrak{m}}^i/{\mathfrak{m}}^{i+1},$$

and we fix maps

$${ϵ}_{[i]}:{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}\to {\mathfrak{m}}^i,$$

such that ${\pi }_i{ϵ}_{[i]}={id}_{{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}}$.

Every $r\in R$ is expressed as

$$r=r_{[0]}+r_{[1]}+\cdots +r_{[\nu -1]},$$

(1)

for uniquely determined $r_{[i]}\in im{ϵ}_{[i]}$, for $i=0,\cdots ,\nu -1$. This expression is referred to as the $(\mathfrak{m},{ϵ}_{[0]},\cdots ,{ϵ}_{[\nu -1]})$–adic expansion of r. Indeed, if r is written as in (1), then, since ${\pi }_k(r_{[j]})=0$ whenever $j>k$, we have

$${\pi }_i(r_{[i]})={\pi }_i(r-r_{[0]}-\cdots -r_{[i-1]}),$$

(2)

for every $i=1,\dots ,\nu -1$. Now, $r_{[i]}\in im{ϵ}_{[i]}$ implies ${ϵ}_{[i]}{\pi }_i(r_{[i]})=r_{[i]}$, so we deduce

$$r_{[i]}={ϵ}_{[i]}{\pi }_i(r-r_{[0]}-\cdots -r_{[i-1]}).$$

(3)

From (1) we also get that ${\pi }_0(r)={\pi }_0(r_{[0]})$ and, thus,

$$r_{[0]}={ϵ}_{[0]}{\pi }_0(r).$$

(4)

Equality (4), in conjunction with the recursive formula (3), shows that the elements $r_{[i]}$ are uniquely determined by r.

This idea also shows how to compute, granting in this way the existence of the expression (1), the elements $r_{[i]}$ from a given $r\in R$. In fact, $r_{[0]}$ is computed according to (4), and the subsequent elements $r_{[1]},\dots ,r_{[\nu -1]}$ are defined recursively by (3). Observe that

$$r-r_{[0]}-\cdots -r_{[i-1]}\in {\mathfrak{m}}^i,$$

as a consequence of a recursive application of the identities ${\pi }_i{ϵ}_{[i]}={id}_{{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}}$, (4) and (3). Finally, we may see that ${\mathfrak{m}}^{\nu }=\{0\}$ implies ${ϵ}_{[\nu -1]}{\pi }_{\nu -1}=i{d}_{{\mathfrak{m}}^{\nu -1}}$, which, by (3), gives

$$r_{[\nu -1]}={ϵ}_{[\nu -1]}{\pi }_{\nu -1}(r-r_{[0]}-\cdots -r_{[\nu -2]})=r-r_{[0]}-\cdots -r_{[\nu -2]},$$

leading to (1).

When R is a chain ring, its maximal ideal is principal, and we may then choose $m\in R$ such that $\mathfrak{m}=Rm$ (see e.g., Proposition 2.1 in [8] or §XVII in [9]). It follows that ${\mathfrak{m}}^i=R{m}^i$ for each $0\le i\le \nu -1$.

Taking advantage of the well known fact that ${\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}$ is a vector space of dimension 1 over the residue field $F=R/\mathfrak{m}$, we obtain a bijective map

$$\left\{{ϵ}_i:F\to R|{\pi }_0{ϵ}_i={id}_F\right\}\to \left\{{ϵ}_{[i]}:{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}\to {\mathfrak{m}}^i|{\pi }_i{ϵ}_{[i]}={id}_{{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}}\right\}$$

as follows. The multiplication map $R\stackrel{·m^i}{\to }{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}$ induces an isomorphism of R–modules

$${\lambda }_i:R/\mathfrak{m}\to {\mathfrak{m}}^i/{\mathfrak{m}}^{i+1},(r+\mathfrak{m}\mapsto r{m}^i+{\mathfrak{m}}^{i+1}).$$

In this way, for each $i=0,1,\dots ,\nu -1$, given ${ϵ}_i:F\to R$ such that ${\pi }_0{ϵ}_i={id}_{R/\mathfrak{m}}$, we may define the map ${ϵ}_{[i]}=(·m^i){ϵ}_i{\lambda }_i^{-1}$. Now, since ${\lambda }_i{\pi }_0={\pi }_i(·m^i)$, we get

$${\pi }_i{ϵ}_{[i]}={\pi }_i(·m^i){ϵ}_i{\lambda }_i^{-1}={\lambda }_i{\pi }_0ϵ{\lambda }_i^{-1}={\lambda }_i{id}_{R/\mathfrak{m}}{\lambda }_i^{-1}={id}_{{\mathfrak{m}}^i/{\mathfrak{m}}^{i+1}}.$$

The maps ${ϵ}_{[i]}$ obey the rule

$${ϵ}_{[i]}(r{m}^i+{\mathfrak{m}}^{i+1})={ϵ}_i(r+\mathfrak{m})m^i.$$

(5)

Summing up the relevant information so far obtained, we state the following proposition.

Proposition 1.

Let $F=R/\mathfrak{m}$ denote the residue field of R. Fix a generator m of $\mathfrak{m}$ and splitting maps ${ϵ}_0,{ϵ}_1,\cdots ,{ϵ}_{\nu -1}:F\to R$ such that ${\pi }_0{ϵ}_i={id}_F$ for all $0\le i\le \nu -1$. Then, for each $r\in R$, there exist uniquely determined ${\rho }_0,\cdots ,{\rho }_{\nu -1}\in F$ such that

$$r={ϵ}_0({\rho }_0)+{ϵ}_1({\rho }_1)m+\cdots +{ϵ}_{\nu -1}({\rho }_{\nu -1})m^{\nu -1}.$$

(6)

Moreover, if ${ϵ}_i(0)=0$ for each $0\le i\le \nu -1$, then $r\in {\mathfrak{m}}^i$ if and only if ${\rho }_0=\cdots ={\rho }_{i-1}=0$.

Proof. 

Define the maps ${ϵ}_{[i]}$ according to (5). For each $i=0,\cdots ,\nu -1$ set, in the unique decomposition (1), $r_{[i]}={ϵ}_i({\rho }_i)m^i$ for suitable ${\rho }_i\in F$. Indeed, from this last equality we see that ${\pi }_i(r_{[i]})={\lambda }_i({\rho }_i)$, which proves that ${\rho }_i$ is uniquely determined by $r_{[i]}$. We thus obtain the expansion (6).

Now, from (2) we derive

$${\rho }_i={\lambda }_i^{-1}(r-{ϵ}_0({\rho }_0)-{ϵ}_1({\rho }_1)m-\cdots -{ϵ}_{i-1}({\rho }_{i-1})m^{i-1}+{\mathfrak{m}}^{i+1}),$$

(7)

with ${\rho }_0={ϵ}_0(r+\mathfrak{m})$. Using recursively (7), we prove that, when ${ϵ}_i(0)=0$, $r\in {\mathfrak{m}}^i$ if and only if ${\rho }_0=\cdots ={\rho }_{i-1}=0$.    □

Remark 1.

The coefficients ${\rho }_i$ can be computed recursively from (7).

The decomposition (6) depends on ${ϵ}_0,{ϵ}_1,\cdots ,{ϵ}_{\nu -1}$ and m. We call it the $(m,{ϵ}_0,{ϵ}_1,\cdots ,{ϵ}_{\nu -1})$-adic decomposition of r, or m-adic decomposition, when no ambiguity is expected. If $ϵ={ϵ}_0={ϵ}_1=\cdots ={ϵ}_{\nu -1}$ and $ϵ(0)=0$, this decomposition coincides with that of Equation (2) in [4], since $ϵ$ gives a choice of residuals modulo m.

Definition 1.

A tuple $(m,{ϵ}_0,\cdots ,{ϵ}_{\nu -1})$ such that $\mathfrak{m}=Rm$ is called a splitting structure for R if, for each $0\le i\le \nu -1$, ${ϵ}_i:F\to R$ satisfies ${\pi }_0{ϵ}_i={id}_F$ and ${ϵ}_i(0)=0$,

Remark 2.

Let $(m,{ϵ}_0,\cdots ,{ϵ}_{\nu -1})$ be a splitting structure for R. Assume $r=u{m}^i$ for some $u\in R$ and let (6) be its m-adic decomposition. Then, by (7) and Proposition 1,

$${\rho }_i={\lambda }_i^{-1}(r+{\mathfrak{m}}^{i+1})={\lambda }_i^{-1}(u{m}^i+{\mathfrak{m}}^{i+1})=u+\mathfrak{m}={\pi }_0(u).$$

Hence, ${\rho }_i$ does not depend on the splitting structure.

The m–adic expansion (6) is extended to matrices in a straightforward way. Let $A^{s\times t}$ denote the set of all matrices of size $s\times t$ with coefficients in a commutative ring A, which is a free A–module. We may extend any map $ϵ:F\to R$ component-wise to a map $ϵ:F^{s\times t}\to R^{s\times t}$. Then, every matrix $L\in R^{s\times t}$ has an m–adic expansion

$$L={ϵ}_0({\Lambda }_0)+{ϵ}_1({\Lambda }_1)m+\cdots +{ϵ}_{\nu -1}({\Lambda }_{\nu -1})m^{\nu -1},$$

for uniquely determined matrices ${\Lambda }_i\in F^{s\times t}$.

Although the splitting maps are not additive neither multiplicative, they obey some relations which will be used. Concretely, let $\rho ,\sigma \in F$ and ${ϵ}_i,{ϵ}_j,{ϵ}_k:F\to R$ splittings. Since ${\pi }_0:R\to F$ is a ring morphism, it follows that

$${\pi }_0({ϵ}_i(\rho +\sigma )-{ϵ}_j(\rho )-{ϵ}_k(\sigma ))=(\rho +\sigma )-\rho -\sigma =0$$

and

$${\pi }_0({ϵ}_i(\rho \sigma )-{ϵ}_j(\rho ){ϵ}_k(\sigma ))=(\rho \sigma )-\rho \sigma =0,$$

hence

$$\begin{array}{c}{ϵ}_i(\rho +\sigma )-{ϵ}_j(\rho )-{ϵ}_k(\sigma )\in \mathfrak{m},\\ {ϵ}_i(\rho \sigma )-{ϵ}_j(\rho ){ϵ}_k(\sigma )\in \mathfrak{m}.\end{array}$$

(8)

The structure of the finite chain rings is well known, see (XVII.5) Theorem in [9]. We will not use this description in full generality, so we only recall the rings that appear in our examples.

Example 1.

Recall that a Galois ring $GR(p^{\alpha },\beta )$ is an extension of degree β of $\mathbb{Z}/\mathbb{Z}{p}^{\alpha }$, i.e., $GR(p^{\alpha },\beta )\cong (\mathbb{Z}/\mathbb{Z}{p}^{\alpha })[x]/\langle f\rangle$, where f is a basic monic irreducible polynomial in $(\mathbb{Z}/\mathbb{Z}{p}^{\alpha })[x]$ of degree β. Its maximal ideal is generated by the prime p. The nilpotency index of p is α, and $F\cong (\mathbb{Z}/\mathbb{Z}p)[x]/\langle \overline{f}\rangle$, where $\overline{f}$ is the canonical projection of f to $(\mathbb{Z}/\mathbb{Z}p)[x]$. In particular, $\mathbb{Z}/\mathbb{Z}{p}^{\alpha }=GR(p^{\alpha },1)$ is a chain ring. On the other side, $GF(p^{\beta })=GR(p,\beta )$ is a field, so it is trivially a chain ring.

Example 2.

The ring ${\mathbb{F}}_{p^{\alpha }}[x]/\langle x^{\beta }\rangle$, where ${\mathbb{F}}_{p^{\alpha }}$ is the field with $p^{\alpha }$ elements, is also a chain ring. The maximal ideal is generated by x, and it has nilpotency index β. Of course $F\cong {\mathbb{F}}_{p^{\alpha }}$.

In the rest of the paper, $\mathcal{C}$ is an R–linear code of length n. Vectors are represented by boldface letters, whilst matrices with uppercase letters. We use Latin alphabet to represent elements in R and greek alphabet to represent elements of F. Moreover, given a matrix M over R with n rows, we denote

$$im(M)=\{\mathit{x}M|\mathit{x}\in R^n\}\mathrm{and}ker(M)=\{\mathit{x}\in R^n|\mathit{x}M=0\}.$$

The same applies to matrices over the residue field F.

Remark 3.

By an abuse of language, for $\mathit{v}=(v_0,\cdots ,v_{n-1})\in R^n$, we say that $\mathit{v}\in {\mathfrak{m}}^i$ if $v_j\in {\mathfrak{m}}^i$ for all $0\le j\le n-1$. The same convention applies to matrices.

3. Decoding via Parity Check

Let us fix a chain ring R with maximal ideal $\mathfrak{m}$ and nilpotency index $\nu$, i.e., ${\mathfrak{m}}^{\nu }=\{0\}$ and ${\mathfrak{m}}^{\nu -1}\ne \{0\}$. We also fix a splitting structure $(m,{ϵ}_0,\cdots ,{ϵ}_{\nu -1})$ for R. There are two standard ways to present an R–linear code $\mathcal{C}$, as the image $\mathcal{C}=im(G)$ of a generating matrix G or as the kernel $\mathcal{C}=ker(H)$ of a parity check matrix H. In the first case, by §IV in [5], we do not lose generality if we assume $\mathcal{C}=im(G)$, where

$$G=\left(\begin{array}{c}{G}^{(0)}\\ G^{(1)}\\ ⋮\\ G^{(\nu -1)}\end{array}\right)$$

and, for each $0\le i\le \nu -1$, $G^{(i)}$ is a $k_i\times n$ matrix whose m-adic decomposition is

$$G^{(i)}={ϵ}_i({\Gamma }_i^{(i)})m^i+{ϵ}_{i+1}({\Gamma }_{i+1}^{(i)})m^{i+1}+\cdots +{ϵ}_{\nu -1}({\Gamma }_{\nu -1}^{(i)})m^{\nu -1},$$

with matrices ${\Gamma }_j^{(i)}$ whose entries are in F, and ${\Gamma }_i^{(i)}$ is full rank.

The decoding framework introduced in [6] and expounded in Appendix A uses this presentation of codes as images. It needs a chain of linear codes over the residue field F

$$im({\Gamma }_0^{(0)})\subseteq im\left(\begin{array}{c}{\Gamma }_1^{(1)}\\ {\Gamma }_0^{(0)}\end{array}\right)\subseteq \cdots \subseteq im\left(\begin{array}{c}{\Gamma }_{\nu -1}^{(\nu -1)}\\ ⋮\\ {\Gamma }_0^{(0)}\end{array}\right)$$

with efficient decoding algorithms. There are several ways to get it. For instance, even with classical linear codes, if we want to use BCH (Bose-Chaudhuri-Hocquenghem) codes, we shall use a decreasing chain of defining sets to build the chain of codes. Goppa codes can also be used but taking as the Goppa polynomial of one code in the chain a divisor of the Goppa polynomial of the previous code. Anyway, this is a limitation of the possible codes we can use at each degree.

We are interested in the second presentation, so let $\mathcal{C}$ be an R-linear code given by a parity check matrix $H\in R^{n\times q}$, i.e.,

$$\mathcal{C}=ker(H)=\left\{\mathit{x}\in R^n|\mathit{x}H=0\right\}.$$

In this section, we develop a new decoding framework based on syndrome decoding for each degree, i.e., we use the parity check matrices and the syndromes of the received words to decode. This strategy allows one to choose independently the linear codes over the residue field at each degree.

By §II.D in [4], we can replace H by its column reduced canonical form, so we do not lose generality if we assume

$$\begin{array}{c}H=\left(\begin{array}{cccc}{H}^{(0)}& H^{(1)}& \cdots & H^{(\nu -1)}\end{array}\right),\\ \mathrm{where}{H}^{(i)}=\sum _{j=i}^{\nu -1}{ϵ}_j({\Theta }_j^{(i)})m^j\end{array}$$

(9)

for suitable matrices ${\Theta }_j^{(i)}\in F^{n\times q_i}$ such that the matrices ${\Theta }_i^{(i)}$ are full rank.

As usual, let $\mathit{y}=\mathit{c}+\mathit{e}$, where $\mathit{c}\in \mathcal{C}$ and $\mathit{e}$ is the error vector. The syndrome is

$$\mathit{s}=\mathit{y}H=\mathit{e}H,$$

and we denote

$${\mathit{s}}^{(i)}=\mathit{y}{H}^{(i)}=\mathit{e}{H}^{(i)},0\le i\le \nu -1.$$

Our decoding framework computes $\mathit{e}$ from H and $\mathit{s}$ by means of an iterative process. Let us introduce notation for the corresponding m-adic expansions:

$$\begin{array}{cc}\hfill \mathit{e}& =\sum _{l=0}^{\nu -1}{ϵ}_l({\mathit{\xi }}_l)m^l,\hfill \\ \hfill {\mathit{s}}^{(i)}& =\sum _{j=i}^{\nu -1}{ϵ}_j({\mathit{\sigma }}_j^{(i)})m^j,0\le i\le \nu -1.\hfill \end{array}$$

(10)

We have taken into account that ${\mathit{s}}^{(i)}\in {\mathfrak{m}}^i$. Observe that, for each $0\le i\le \nu -1$,

$$\begin{array}{cc}\hfill \mathit{e}{H}^{(i)}& =\sum _{l_0=0}^{\nu -1}{ϵ}_{l_0}({\mathit{\xi }}_{l_0})m^{l_0}\sum _{j_0=i}^{\nu -1}{ϵ}_{j_0}({\Theta }_{j_0}^{(i)})m^{j_0}\hfill \\ \hfill & =\sum _{j_0=i}^{\nu -1}\sum _{l_0=0}^{\nu -1}{ϵ}_{l_0}({\mathit{\xi }}_{l_0}){ϵ}_{j_0}({\Theta }_{j_0}^{(i)})m^{j_0+l_0}\hfill \\ \hfill & =\sum _{j=i}^{\nu -1}\sum _{l=0}^{j-i}{ϵ}_l({\mathit{\xi }}_l){ϵ}_{j-l}({\Theta }_{j-l}^{(i)})m^j,\hfill \end{array}$$

(11)

where we use that $m^{\nu }=0$ and we performed the change of variable $j=j_0+l_0$. Hence,

$$\sum _{j=i}^{\nu -1}{ϵ}_j({\mathit{\sigma }}_j^{(i)})m^j=\sum _{j=i}^{\nu -1}\sum _{l=0}^{j-i}{ϵ}_l({\mathit{\xi }}_l){ϵ}_{j-l}({\Theta }_{j-l}^{(i)})m^j$$

(12)

for each $0\le i\le \nu -1$. The right hand side of (12) needs not to be an m-adic decomposition, so we cannot infer from (12) any equality of the corresponding coefficients of each $m^j$.

Let us describe the iterative decoding framework.

3.1. First Step: Computing ${\mathit{\xi }}_0$

Equation (12), when $i=\nu -1$, gives

$${ϵ}_{\nu -1}({\mathit{\sigma }}_{\nu -1}^{(\nu -1)})m^{\nu -1}={ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -1)})m^{\nu -1}.$$

By (8),

$${ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -1)})-{ϵ}_{\nu -1}({\mathit{\xi }}_0{\Theta }_{\nu -1}^{(\nu -1)})\in \mathfrak{m},$$

hence

$${ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -1)})m^{\nu -1}={ϵ}_{\nu -1}({\mathit{\xi }}_0{\Theta }_{\nu -1}^{(\nu -1)})m^{\nu -1}.$$

By Proposition 1,

$${\mathit{\sigma }}_{\nu -1}^{(\nu -1)}={\mathit{\xi }}_0{\Theta }_{\nu -1}^{(\nu -1)}.$$

(13)

Proposition 2.

Let ${\mathfrak{d}}_{\nu -1}$ be a decoding algorithm for the linear code $ker({\Theta }_{\nu -1}^{(\nu -1)})$. If the weight of ${\mathit{\xi }}_0$ is below the correction capability of ${\mathfrak{d}}_{\nu -1}$, then ${\mathit{\xi }}_0={\mathfrak{d}}_{\nu -1}({\mathit{\sigma }}_{\nu -1}^{(\nu -1)})$.

Proof. 

Just observe that ${\mathit{\xi }}_0$ is the only one solution of (13) whose weight is below the correction capability of $ker({\Theta }_{\nu -1}^{(\nu -1)})$.    □

3.2. Second Step: Computing ${\mathit{\xi }}_1$

We include this second step to help the reader to follow the framework. At this step, ${\mathit{\xi }}_0$ is known. If we put $i=\nu -2$ in (12), we have

$$\begin{array}{c}{ϵ}_{\nu -2}({\mathit{\sigma }}_{\nu -2}^{(\nu -2)})m^{\nu -2}+{ϵ}_{\nu -1}({\mathit{\sigma }}_{\nu -1}^{(\nu -2)})m^{\nu -1}=\hfill \\ {ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -2}+{ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -2)})m^{\nu -1}+{ϵ}_1({\mathit{\xi }}_1){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -1}.\hfill \end{array}$$

(14)

Since the vector ${\mathit{\xi }}_0$ is assumed to be known, the element

$$\begin{array}{cc}\hfill {ϵ}_{\nu -2}({\mathit{\sigma }}_{\nu -2}^{(\nu -2)})m^{\nu -2}+{ϵ}_{\nu -1}& ({\mathit{\sigma }}_{\nu -1}^{(\nu -2)})m^{\nu -1}-\hfill \\ & {ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -2}-{ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -2)})m^{\nu -1}\in {\mathfrak{m}}^{\nu -1}\hfill \end{array}$$

can be computed. Hence, by Proposition 1, there exists $\mathit{\delta }\in F^n$ such that

$$\begin{array}{c}{ϵ}_{\nu -2}({\mathit{\sigma }}_{\nu -2}^{(\nu -2)})m^{\nu -2}+{ϵ}_{\nu -1}({\mathit{\sigma }}_{\nu -1}^{(\nu -2)})m^{\nu -1}-\hfill \\ \hfill {ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -2}-{ϵ}_0({\mathit{\xi }}_0){ϵ}_{\nu -1}({\Theta }_{\nu -1}^{(\nu -2)})m^{\nu -1}={ϵ}_{\nu -1}(\mathit{\delta })m^{\nu -1},\end{array}$$

(15)

which can be computed since all elements appearing in its definition are known. Equations (14) and (15) imply

$${ϵ}_{\nu -1}(\mathit{\delta })m^{\nu -1}={ϵ}_1({\mathit{\xi }}_1){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -1}.$$

By (8),

$${ϵ}_1({\mathit{\xi }}_1){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})-{ϵ}_{\nu -1}({\mathit{\xi }}_1{\Theta }_{\nu -2}^{(\nu -2)})\in \mathfrak{m},$$

hence

$${ϵ}_1({\mathit{\xi }}_1){ϵ}_{\nu -2}({\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -1}={ϵ}_{\nu -1}({\mathit{\xi }}_1{\Theta }_{\nu -2}^{(\nu -2)})m^{\nu -1}.$$

By Proposition 1, it follows that

$$\mathit{\delta }={\mathit{\xi }}_1{\Theta }_{\nu -2}^{(\nu -2)}.$$

(16)

Proposition 3.

Let ${\mathfrak{d}}_{\nu -2}$ be a decoding algorithm for the linear code $ker({\Theta }_{\nu -2}^{(\nu -2)})$. If the weight of ${\mathit{\xi }}_1$ is below the correction capability of ${\mathfrak{d}}_{\nu -2}$, then ${\mathit{\xi }}_1={\mathfrak{d}}_{\nu -2}(\mathit{\delta })$.

Proof. 

Same proof that Proposition 2, ${\mathit{\xi }}_1$ is the only one solution of (16) whose weight is below the correction capability of $ker({\Theta }_{\nu -2}^{(\nu -2)})$.    □

3.3. General Step: Computing ${\mathit{\xi }}_l$

We assume that ${\mathit{\xi }}_0,\cdots ,{\mathit{\xi }}_{l-1}$ have been computed. Proceeding as in the previous cases, Equation (12) for $i=\nu -1-l$ provides

$$\begin{array}{cc}\hfill \sum _{j=\nu -1-l}^{\nu -1}{ϵ}_j({\mathit{\sigma }}_j^{(\nu -1-l)})m^j& =\sum _{j=\nu -1-l}^{\nu -1}\sum _{i=0}^{j-\nu +1+l}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{j-i}({\Theta }_{j-i}^{(\nu -1-l)})m^j\hfill \\ \hfill & =\sum _{j=\nu -1-l}^{\nu -2}\sum _{i=0}^{j-\nu +1+l}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{j-i}({\Theta }_{j-i}^{(\nu -1-l)})m^j\hfill \\ \hfill & +\sum _{i=0}^l{ϵ}_i({\mathit{\xi }}_i){ϵ}_{\nu -1-i}({\Theta }_{\nu -1-i}^{(\nu -1-l)})m^{\nu -1}\hfill \\ \hfill & =\sum _{j=\nu -1-l}^{\nu -2}\sum _{i=0}^{j-\nu +1+l}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{j-i}({\Theta }_{j-i}^{(\nu -1-l)})m^j\hfill \\ \hfill & +\sum _{i=0}^{l-1}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{\nu -1-i}({\Theta }_{\nu -1-i}^{(\nu -1-l)})m^{\nu -1}\hfill \\ \hfill & +{ϵ}_l({\mathit{\xi }}_l){ϵ}_{\nu -1-l}({\Theta }_{\nu -1-l}^{(\nu -1-l)})m^{\nu -1}.\hfill \end{array}$$

(17)

By Proposition 1, there exists $\mathit{\delta }\in F^n$ such that

$$\begin{array}{c}\sum _{j=\nu -1-l}^{\nu -1}{ϵ}_j({\mathit{\sigma }}_j^{(\nu -1-i)})m^j-\sum _{j=\nu -1-l}^{\nu -2}\sum _{i=0}^{j-\nu +1+l}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{j-i}({\Theta }_{j-i}^{(\nu -1-l)})m^j\hfill \\ \hfill -\sum _{i=0}^{l-1}{ϵ}_i({\mathit{\xi }}_i){ϵ}_{\nu -1-i}({\Theta }_{\nu -1-i}^{(\nu -1-l)})m^{\nu -1}={ϵ}_{\nu -1}(\mathit{\delta })m^{\nu -1}\in {\mathfrak{m}}^{\nu -1}.\end{array}$$

(18)

The left hand side of the equality in (18) is known because $i<l$ in all summands. So vector $\mathit{\delta }$ can be computed. By (8),

$${ϵ}_l({\mathit{\xi }}_l){ϵ}_{\nu -1-l}({\Theta }_{\nu -1-l}^{(\nu -1-l)})-{ϵ}_{\nu -1}({\mathit{\xi }}_l{\Theta }_{\nu -1-l}^{(\nu -1-l)})\in \mathfrak{m},$$

hence

$${ϵ}_l({\mathit{\xi }}_l){ϵ}_{\nu -1-l}({\Theta }_{\nu -1-l}^{(\nu -1-l)})m^{\nu -1}={ϵ}_{\nu -1}({\mathit{\xi }}_l{\Theta }_{\nu -1-l}^{(\nu -1-l)})m^{\nu -1}.$$

(19)

Therefore, Equations (17)–(19) imply

$${ϵ}_{\nu -1}(\mathit{\delta })m^{\nu -1}={ϵ}_{\nu -1}({\mathit{\xi }}_l{\Theta }_{\nu -1-l}^{(\nu -1-l)})m^{\nu -1}.$$

It follows, by Proposition 1 again, that

$$\mathit{\delta }={\mathit{\xi }}_l{\Theta }_{\nu -1-l}^{(\nu -1-l)}.$$

(20)

Proposition 4.

Let ${\mathfrak{d}}_{\nu -1-l}$ be a decoding algorithm for the linear code $ker({\Theta }_{\nu -1-l}^{(\nu -1-l)})$. If the weight of ${\mathit{\xi }}_l$ is below the correction capability of ${\mathfrak{d}}_{\nu -1-l}$, then ${\mathit{\xi }}_l={\mathfrak{d}}_{\nu -1-l}(\mathit{\delta })$.

Proof. 

As we observed before in Propositions 2 and 3, ${\mathit{\xi }}_l$ is the unique solution of (20) whose weight is below the correction capability of $ker({\Theta }_{\nu -1-l}^{(\nu -1-l)})$.    □

The decoding framework is summarized in Algorithm 1.

Algorithm 1: Syndrome decoding.

Parameters H given as in (11), and decoding algorithms ${\mathfrak{d}}_0,{\mathfrak{d}}_1,\cdots ,{\mathfrak{d}}_{\nu -1}$   Input $\mathit{s}=({\mathit{s}}^{(0)},{\mathit{s}}^{(1)},\cdots ,{\mathit{s}}^{(\nu -1)})\in R^q$   Output The error vector $\mathit{e}={\sum }_{l=0}^{\nu -1}{ϵ}_l({\mathit{\xi }}_l)m^l$.   Assumption   For each $0\le l\le \nu -1$, the Hamming weight of ${\mathit{\xi }}_l$ is below the correction capability of ${\mathfrak{d}}_l$.    1: For each $0\le i\le \nu -1$, compute the m-adic expansion of ${\mathit{s}}^{(i)}$ in (10)    2: for$0\le l\le \nu -1$do    3: Compute $\mathit{\delta }$ from (18)    4: ${\mathit{\xi }}_l={\mathfrak{d}}_l(\mathit{\delta })$    5: end for    6: return${\sum }_{l=0}^{\nu -1}{ϵ}_l({\mathit{\xi }}_l)m^l$.

Theorem 1.

Let $\mathit{y}\in R^n$ and ${\mathit{s}}^{(i)}=\mathit{y}{H}^{(i)}$ for each $0\le i\le \nu -1$. If there exists $\mathit{e}={\sum }_{l=0}^{\nu -1}{ϵ}_l({\mathit{\xi }}_l)m^l\in R^n$ such that $(\mathit{y}-\mathit{e})H=0$ and the weight of ${\mathit{\xi }}_l$ is below the correction capability of ${\mathfrak{d}}_l$ for each $0\le l\le \nu -1$, then Algorithm 1 correctly computes it.

Proof. 

Follows directly from Propositions 2–4.    □

Example 3.

In order to explain how this decoding framework works, we are going to develop a step by step example. Let $R=GR(4,2)$, so $F={\mathbb{F}}_4={\mathbb{F}}_2[a]/\langle a^2+a+1\rangle$. Let $\mathcal{C}=ker(H)$, where

$$H=\left(\begin{array}{rrrr}\hfill 2a+3& \hfill 2a+2& \hfill 2& \hfill 0\\ \hfill 2a+2& \hfill 2a+1& \hfill 0& \hfill 2\\ \hfill 2a+1& \hfill 2a+3& \hfill 2& \hfill 2\\ \hfill 3& \hfill 3a+2& \hfill 2& \hfill 2a\\ \hfill 1& \hfill 3a+1& \hfill 2& \hfill 2a+2\end{array}\right).$$

The splitting structure is $(2,{ϵ}_0,{ϵ}_1)$, where

	0	1	a	$a+1$
${ϵ}_0$	0	$2a+1$	$3a+2$	$a+3$
${ϵ}_1$	0	3	$3a$	$3a+1$

According to this splitting structure, we have

$$H^{(0)}=\left(\begin{array}{cc}\hfill 2a+3& \hfill 2a+2\\ \hfill 2a+2& \hfill 2a+1\\ \hfill 2a+1& \hfill 2a+3\\ \hfill 3& \hfill 3a+2\\ \hfill 1& \hfill 3a+1\end{array}\right)={ϵ}_0\left(\begin{array}{cc}\hfill 1& \hfill 0\\ \hfill 0& \hfill 1\\ \hfill 1& \hfill 1\\ \hfill 1& \hfill a\\ \hfill 1& \hfill a+1\end{array}\right)+2{ϵ}_1\left(\begin{array}{cc}\hfill 1& \hfill a+1\\ \hfill a+1& \hfill 0\\ \hfill 0& \hfill 1\\ \hfill a+1& \hfill 0\\ \hfill a& \hfill a+1\end{array}\right)$$

and

$$H^{(1)}=\left(\begin{array}{cc}\hfill 2& \hfill 0\\ \hfill 0& \hfill 2\\ \hfill 2& \hfill 2\\ \hfill 2& \hfill 2a\\ \hfill 2& \hfill 2a+2\end{array}\right)=2{ϵ}_1\left(\begin{array}{cc}\hfill 1& \hfill 0\\ \hfill 0& \hfill 1\\ \hfill 1& \hfill 1\\ \hfill 1& \hfill a\\ \hfill 1& \hfill a+1\end{array}\right).$$

Observe that ${\Theta }_0^{(0)}$ and ${\Theta }_1^{(1)}$ are the parity check matrices of a Hamming code of length 5 and dimension 3, which corrects one single error. It can be checked that

$$\left(2,2a+1,a+3,2a,3a+3\right)\in \mathcal{C}.$$

Although the error vector

$$\left(2a+2,0,0,3a+2,0\right)$$

has Hamming weight 2, its $(2,{ϵ}_0,{ϵ}_1)$-adic decomposition is

$$\left(2a+2,0,0,3a+2,0\right)={ϵ}_0\left(0,0,0,a,0\right)+2{ϵ}_1\left(a+1,0,0,0,0\right),$$

so our framework should be able to decode the received word

$$\begin{array}{c}\left(2,2a+1,a+3,2a,3a+3\right)+\left(2a+2,0,0,3a+2,0\right)\hfill \\ \hfill =\left(2a,2a+1,a+3,a+2,3a+3\right).\end{array}$$

The syndrome of the received word is

$$\begin{array}{c}\left(2a,2a+1,a+3,a+2,3a+3\right)\left(\begin{array}{rrrr}\hfill 2a+3& \hfill 2a+2& \hfill 2& \hfill 0\\ \hfill 2a+2& \hfill 2a+1& \hfill 0& \hfill 2\\ \hfill 2a+1& \hfill 2a+3& \hfill 2& \hfill 2\\ \hfill 3& \hfill 3a+2& \hfill 2& \hfill 2a\\ \hfill 1& \hfill 3a+1& \hfill 2& \hfill 2a+2\end{array}\right)\hfill \\ \hfill =\left(3a,3a+3,2a,2a+2\right)=\left(\left(3a,3a+3\right),\left(2a,2a+2\right)\right)\end{array}$$

whose $(2,{ϵ}_0,{ϵ}_1)$-decompositions are

$$\begin{array}{cc}\hfill \left(3a,3a+3\right)& ={ϵ}_0\left(a,a+1\right)+2{ϵ}_1\left(1,a\right)\hfill \\ \hfill \left(2a,2a+2\right)& =2{ϵ}_1\left(a,a+1\right)\hfill \end{array}$$

Algorithm 1 can now be applied. In the first round, $i=0$, we have $\mathit{\delta }={\mathit{\sigma }}_1^{(1)}=\left(a,a+1\right)$, which is a times the fourth row of ${\Theta }_1^{(1)}$. So ${\mathit{\xi }}_0=\left(0,0,0,a,0\right)$.

In the second round, $i=1$, we need to compute the $(2,{ϵ}_0,{ϵ}_1)$-adic decomposition of

$$\begin{array}{c}{ϵ}_0\left(a,a+1\right)+2{ϵ}_1\left(1,a\right)-{ϵ}_0\left(0,0,0,a,0\right){ϵ}_0\left(\begin{array}{cc}\hfill 1& \hfill 0\\ \hfill 0& \hfill 1\\ \hfill 1& \hfill 1\\ \hfill 1& \hfill a\\ \hfill 1& \hfill a+1\end{array}\right)\hfill \\ \hfill -2{ϵ}_0\left(0,0,0,a,0\right){ϵ}_1\left(\begin{array}{cc}\hfill 1& \hfill a+1\\ \hfill a+1& \hfill 0\\ \hfill 0& \hfill 1\\ \hfill a+1& \hfill 0\\ \hfill a& \hfill a+1\end{array}\right)=\left(2a+2,0\right),\end{array}$$

which is

$$\left(2a+2,0\right)=2{ϵ}_1\left(a+1,0\right).$$

So, $\mathit{\delta }=\left(a+1,0\right)$, the first row of ${\Theta }_0^{(0)}$ multiplied by $a+1$. Therefore, ${\mathit{\xi }}_1=\left(a+1,0,0,0,0\right)$. It follows

$${ϵ}_0\left(0,0,0,a,0\right)+2{ϵ}_1\left(a+1,0,0,0,0\right)=\left(2a+2,0,0,3a+2,0\right),$$

as expected.

Unlike the former case, if we make use of a different splitting structure to decode, the framework could not work. For instance, consider the splitting structure $(2,{ϵ}_0^{\prime },{ϵ}_1^{\prime })$, where

	0	1	a	$a+1$
${ϵ}_0^{\prime }$	0	$2a+3$	$3a$	$a+1$
${ϵ}_1^{\prime }$	0	$2a+1$	$a+2$	$3a+1$

The $(2,{ϵ}_0^{\prime },{ϵ}_1^{\prime })$-decomposition of the error vector is

$$\left(2a+2,0,0,3a+2,0\right)={ϵ}_0^{\prime }\left(0,0,0,a,0\right)+2{ϵ}_1^{\prime }\left(a+1,0,0,1,0\right),$$

which provides a vector of Hamming weight 2 in degree 1, so Algorithm 1 does not apply.

Remark 4.

Our parity check decoding framework could be used to design a McEliece like cryptosystem following the proposal in [10]. However, by Remark 2, given H as in (9), the matrices ${\Theta }_0^{(0)},\cdots ,{\Theta }_{\nu -1}^{(\nu -1)}$ do not depend on the splitting structure, so an eavesdropper could use any structure to compute the parity check matrices of the linear codes over F. Therefore, the security of this possible cryptosystem would be equivalent to ν consecutive linear codes over the residue field F.

Remark 5.

The time complexity of Algorithm 1 is bounded by the theoretical efficiency of the chosen decoding algorithms ${\mathfrak{d}}_0,\dots ,{\mathfrak{d}}_{\nu -1}$ (Line 4), and the intermediate calculations are described in Lines 1 and 3. Indeed, with respect to the number of elementary operations (additions, multiplications, and map images) over the residue field, let us assume that ${\mathfrak{d}}_i$ belongs to $O(f_i)$ for $i=0,\dots ,\nu -1$ with respect to the length of the code. Moreover, for simplicity, assume that $f_i\in O(f)$ for all i.

According to (7), an m-adic expansion can be computed by $2\nu$ operations, so that Line 1 belongs to $O({\nu }^2)$. Now, the calculation of δ in Line 4 is obtained by solving a linear system over the residue field F. This can be computed by Gaussian elimination, which can be done in $O(t^{\omega })$, where ω is the matrix multiplication exponent and t is the dimension of the matrix. We may consider the classical algorithm and set $\omega =3$, so that Line 3 in each iteration of the loop belongs to $O(n^3+f(n))$, where n is the length of the code. Thus Algorithm 1 can be executed in $O({\nu }^2+\nu n^3+\nu f(n))$. In general, since $\nu \ll n$, we may say that the complexity belongs to $O(\max (n^3,f(n)))$.

4. Parity Check and Encoders

There are known interesting applications of linear codes over finite chain rings as those mentioned in [4,5]. So, even though the decoding framework is based on the syndrome decoding by means of parity check matrices, it is needed to provide an encoding process. So we need to build a generating matrix from the parity check matrix H which defines our code. This task may be performed by using the Smith normal form. Recall that a $k\times n$ matrix M over an arbitrary ring has a Smith normal form if there exist invertible $k\times k$ and $n\times n$ matrices $P,Q$ and a diagonal (non necessarily square) matrix D, where $d_1,\cdots ,d_{min(k,n)}$ are the elements in the main diagonal, such that $PMQ=D$ and $d_i\mid d_{i+1}$.

Any matrix over a commutative principal ideal ring has a Smith normal form (Chapter 15 in [11]). In the particular case of a chain ring, Algorithm 2 gives a way to compute this normal form which simplifies the general procedure in [11].

We may assume $k\le n$, otherwise we can compute it for its transpose $M^T$, and if $P{M}^{T}Q=D$ we have $Q^{T}M{P}^T=D^T$.

Algorithm 2: Smith normal form for finite chain rings.

Input A matrix $M\in R^{k\times n}$ over a finite chain ring R with nilpotency index $\nu$, such that $k\le n$.   Output $D,P,Q$ such that D is a Smith normal form, P and Q are invertible, and $D=PMQ$.    1: if$k=1$then    2:   $Q\leftarrow I_{n\times n}$.    3:   Find $m_{1,j}$ of lowest degree in M.    4:   Swap columns 1 and j in M and Q    5:   for $2\le j\le n$ do    6:    Compute $t\in R$ such that $m_{1,j}=t{m}_{1,1}$    7:    In M and Q, replace column j with column j minus t times column 1.    8:   end for    9:   return $D=(m_{1,1},0,\cdots ,0)$, $P=1$, Q.    10: else    11:   $S,T\leftarrow I_{k\times k},I_{n\times n}$    12:   Find $m_{i,j}$ of lowest degree in M    13:   Swap row 1 and row i in M and S    14:   Swap column 1 and column j in M and T    15:   for $2\le i\le k$ do    16:    Compute $t\in R$ such that $m_{i,1}=t{m}_{1,1}$    17:    In M and S, replace row i with row i minus t times row 1.    18:   end for    19:   for $2\le j\le n$ do    20:    Compute $t\in R$ such that $m_{1,j}=t{m}_{1,1}$    21:    In M and T, replace column j with column j minus t times column 1.    22:   end for    23:   Set $M^{\prime }\in R^{(k-1)\times (n-1)}$ the matrix obtained from M deleting its first row and column.    24:   Apply Algorithm 2 to $M^{\prime }$ and compute $D^{\prime },P^{\prime },Q^{\prime }$ such that $D^{\prime }$ is a Smith normal form for $M^{\prime }$ and $D^{\prime }=P^{\prime }{M}^{\prime }{Q}^{\prime }$.    25:   return $\left(\begin{array}{cc}{m}_{1,1}& \\ & D^{\prime }\end{array}\right)$, $\left(\begin{array}{cc}1& \\ & P^{\prime }\end{array}\right)S$ and $T\left(\begin{array}{cc}1& \\ & Q^{\prime }\end{array}\right)$    26: end if

Remark 6.

Observe that, once a generator m has been fixed for the maximal ideal $\mathfrak{m}$ of R, it is easy to check that $deg(r)=d$ if and only if $r=u{m}^d$ where $u\in R\backslash \mathfrak{m}$, the set of units of R. Therefore, $deg(r)=d$ and ${\mathfrak{m}}^d=Rr$ are equivalent conditions on r. Since $deg(r)\le deg(s)$ implies $s\in {\mathfrak{m}}^{deg(r)}$, we get

$$deg(r)\le deg(s)\mathit{if}\mathit{and}\mathit{only}\mathit{if}s=tr\mathit{for}\mathit{some}t\in R.$$

(21)

Since $deg(r+s),deg(rs)\ge min\{deg(r),deg(s)\}$ for all $r,s\in R$, once $m_{1,1}$ is an element of lowest degree, any operation involving sums and products cannot decrease the degree, so, by (21), we can compute $t\in R$ in lines 6, 16 and 20, and all entries of $M^{\prime }$ have degree greater or equal than the degree of $m_{1,1}$. Since S and T are built to obtain

$$SMT=\left(\begin{array}{cc}{m}_{1,1}& \\ & M^{\prime }\end{array}\right)$$

it follows

$$\begin{array}{c}\left(\begin{array}{cc}1& \\ & P^{\prime }\end{array}\right)SMT\left(\begin{array}{cc}1& \\ & Q^{\prime }\end{array}\right)=\left(\begin{array}{cc}1& \\ & P^{\prime }\end{array}\right)\left(\begin{array}{cc}{m}_{1,1}& \\ & M^{\prime }\end{array}\right)\left(\begin{array}{cc}1& \\ & Q^{\prime }\end{array}\right)\hfill \\ \hfill =\left(\begin{array}{cc}{m}_{1,1}& \\ & P^{\prime }{M}^{\prime }{Q}^{\prime }\end{array}\right)\left(\begin{array}{cc}{m}_{1,1}& \\ & D^{\prime }\end{array}\right),\end{array}$$

so the output of Algorithm 2 is correct.

Once the Smith normal form of the parity check matrix has been found, we may compute a generating matrix. Indeed, assume $H\in R^{n\times q}$ and let $D,P,Q$ matrices such that D is a Smith normal form for H and $D=PHQ$. Since Q is invertible, it follows that $\mathit{c}\in ker(H)$ if and only if $\mathit{c}\in ker(HQ)$. Moreover, $\mathit{x}\in ker(D)$ if and only if $\mathit{x}P\in ker(HQ)$, so, if $ker(D)=im(E)$ we get $ker(H)=im(EP)$. Now, recall D is diagonal with $d_1\mid d_2\mid \cdots \mid d_{min\{n,q\}}$ which, by (21), is equivalent to say that $deg(d_1)\le deg(d_2)\le \cdots \le deg(d_{min\{n,q\}}).$ It follows that E can be taken as an $n\times n$ diagonal matrix whose diagonal elements are $\{m^{\nu -deg(d_1)},m^{\nu -deg(d_2)},\cdots ,m^{\nu -deg(d_{min\{n,q\}})},1,\cdots ,1\}$. We may summarize these ideas in Algorithm 3.

Algorithm 3: Generating matrix computation from a parity check matrix.

Input A parity check matrix $H\in R^{n\times q}$.   Output A matrix G such that $ker(H)=im(G)$.    1: Compute $D,P,Q$ by means of Algorithm 2 applied to H.    2: Compute E as the $n\times n$ diagonal matrix with elements $$m^{\nu -deg(d_1)},m^{\nu -deg(d_2)},\cdots ,m^{\nu -deg(d_{min\{n,q\}})},1,\cdots ,1$$ in its main diagonal.    3: return$EP$.