Gabidulin Codes Achieve List Decoding Capacity with an Order-Optimal Column-To-Row Ratio

Guo, Zeyu; Xing, Chaoping; Yuan, Chen; Zhang, Zihan

doi:10.4230/LIPIcs.APPROX/RANDOM.2025.43

Gabidulin Codes Achieve List Decoding Capacity with an Order-Optimal Column-To-Row Ratio

Zeyu Guo

Department of Computer Science and Engineering, The Ohio State University, Columbus, OH, USA Chaoping Xing

School of Electronic Information and Electric Engineering, Shanghai Jiao Tong University, China Chen Yuan

School of Electronic Information and Electric Engineering, Shanghai Jiao Tong University, China Zihan Zhang

Department of Computer Science and Engineering, The Ohio State University, Columbus, OH, USA

Abstract

In this paper, we show that random Gabidulin codes of block length $n$ and rate $R$ achieve the (average-radius) list decoding capacity of radius $1-R-\varepsilon$ in the rank metric with an order-optimal column-to-row ratio of $O(\varepsilon)$ . This extends the recent work of Guo, Xing, Yuan, and Zhang (FOCS 2024), improving their column-to-row ratio from $O(\frac{\varepsilon}{n})$ to $O(\varepsilon)$ . For completeness, we also establish a matching lower bound on the column-to-row ratio for capacity-achieving Gabidulin codes in the rank metric.

Our proof techniques build on the work of Guo and Zhang (FOCS 2023), who showed that randomly punctured Reed–Solomon codes over fields of quadratic size attain the generalized Singleton bound of Shangguan and Tamo (STOC 2020) in the Hamming metric. The proof of our lower bound follows the method of Alrabiah, Guruswami, and Li (SODA 2024) for codes in the Hamming metric.

Keywords and phrases:

coding theory, error-correcting codes, Gabidulin codes, rank-metric codes

Category:

RANDOM

Funding:

Zeyu Guo: Supported by NSF grant CCF-2440926.

Zihan Zhang: Supported by NSF grant CCF-2440926.

Copyright and License:

2012 ACM Subject Classification:

Mathematics of computing

\rightarrow

Coding theory

Acknowledgements:

The authors thank the anonymous RANDOM 2025 reviewers for their helpful comments.

DOI:

10.4230/LIPIcs.APPROX/RANDOM.2025.43

Event:

Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques (APPROX/RANDOM 2025)

Editors:

Alina Ene and Eshan Chattopadhyay

Series and Publisher:

Leibniz International Proceedings in Informatics, Schloss Dagstuhl – Leibniz-Zentrum für Informatik

1 Introduction

Introduced by Delsarte [5], rank-metric codes have since developed into a field of study with applications and connections spanning network coding [16, 26, 17, 25], space-time coding [21, 20], cryptography [10, 9, 18, 19], and pseudorandomness [7, 6, 15, 14, 11].

A rank-metric code is a collection of matrices in $\mathbb{F}_{q}^{m\times n}$ with $m\geq n$ , where the distance between two matrices $A$ and $B$ is defined to be their rank distance $\mathrm{rank}(A-B)$ . A rank-metric code $C\subseteq\mathbb{F}_{q}^{m\times n}$ of rate $R:=\frac{\log_{2}|C|}{\log_{2}(q^{mn})}$ and relative minimum (rank) distance $\delta$ must satisfy that $R+\delta\leq 1$ , which is called the Singleton bound. A rank-metric code attaining the Singleton bound is called a maximum rank distance (MRD) code. Gabidulin codes are an important class of MRD codes, which can be seen as the linearized version of Reed–Solomon codes. This analogy allows us to design efficient encoding and unique decoding algorithms for Gabidulin codes. However, when it comes to the list decoding regime, it is known that some Gabidulin codes are not list decodable beyond the unique decoding radius [22, 23]. Thus, it is impossible to design a list decoding algorithm for all Gabidulin codes. Moreover, it was not even clear if any Gabidulin codes were list decodable beyond the unique decoding radius until very recently. Guo, Xing, Yuan and Zhang [12] recently proved that random Gabidulin codes are not only list decodable beyond the unique decoding radius but also attain the optimal generalized Singleton bound (see Lemma 1) with high probability. This settles an open problem of whether there exist list decodable Gabidulin codes.

However, the construction in [12] requires $m$ , the number of rows of matrices, to be at least quadratic in $n$ , so the column-to-row ratio $\frac{n}{m}=O(\frac{1}{n})$ tends to zero as $n$ grows. This is analogous to a result of Brakensiek, Gopi, and Makam on Reed–Solomon codes [4], which states that any Reed–Solomon code exactly attaining the generalized Singleton bound must have an exponential field size. Suppose the list decoding radius is slightly off the generalized Singleton bound (with a gap of $\varepsilon$ ). In that case, Guo and Zhang [13] proved that the field size of Reed–Solomon codes can be brought down to quadratic which was further brought down to linear in the follow-up work of Alrabiah, Guruswami, and Li [2].

Thus, this raises an open problem for rank-metric codes, already asked in [12]: Can we obtain a similar result for Gabidulin codes as well?

Open Problem 1.

Do there exist Gabidulin codes of constant column-to-row ratio that are list decodable in the rank metric?

In this paper, we provide a positive answer to this open problem. We show that if the list decoding radius is slightly off the generalized Singleton bound (with a gap of $\varepsilon$ ), then a random Gabidulin code $C\subseteq\mathbb{F}_{q}^{m\times n}$ with $m=O(\frac{n}{\varepsilon})$ is list decodable up to this bound with high probability. Moreover, we complement our positive result by proving an upper bound $m=\Omega(\frac{n}{\varepsilon})$ for any list decodable Gabidulin codes approaching the generalized Singleton bound with a gap of $\varepsilon$ . One can find the details in the following subsection.

1.1 Main Results

In this paper, we mainly focus on the rank distance, which is defined to be the rank of the difference between two matrices $A,B\in\mathbb{F}_{q}^{m\times n}$ i.e., $d(A,B):=\mathrm{rank}(A-B)$ . In what follows, $d(\cdot,\cdot)$ refers to the rank distance. For $\rho\in[0,1]$ , a code $C\subseteq\Sigma^{n}$ over an alphabet $\Sigma$ is said to be $(\rho,\ell)$ -list decodable if for any $\bm{y}\in\mathbb{F}_{q}^{n}$ , it holds that

|\{\bm{x}\in C:d(\bm{x},\bm{y})\leq\rho n\}|\leq\ell,

where $d(\bm{x},\bm{y})$ denotes the distance between $\bm{x}$ and $\bm{y}$ . Here, $\rho$ is called the list decoding radius, and $\ell$ is called the list size. The stronger notion of $(\rho,\ell)$ -average-radius list decodability is defined in the same way, except that we replace the maximum of the distances $d(\bm{c}_{i},\bm{y})$ by the average of these distances. The formal definition is given as follows.

Definition 2 (Average-radius list decodability).

A code $C\subseteq\Sigma^{n}$ is $(\rho,\ell)$ average-radius list decodable if for any $\bm{y}\in\Sigma^{n}$ and $\ell+1$ distinct codewords $\bm{c}_{0},\bm{c}_{1},\dots,\bm{c}_{\ell}\in C$ , it holds that

\frac{1}{\ell+1}\sum_{i=0}^{\ell}{d(\bm{y},\bm{c}_{i})}>\rho n.

In [24], Shangguan and Tamo proved the generalized Singleton bound for list decoding, generalizing the classical Singleton bound for unique decoding. For linear codes, this generalized Singleton bound states that if $C\subseteq\mathbb{F}_{q}^{n}$ is an $[n,k]$ -linear code that is $(\rho,\ell)$ -list decodable in the Hamming metric, then it holds that $\rho\leq\frac{\ell}{\ell+1}\left(1-\frac{k}{n}\right)$ . In [12], they noted that this generalized Singleton bound also holds for rank-metric codes.

Lemma 1 (Generalized Singleton bound for rank-metric codes [12, Lemma 2.1]).

Let $C\subseteq\mathbb{F}_{q^{m}}^{n}$ be an $[n,k]_{\mathbb{F}_{q^{m}}}$ -linear code that is $(\rho,\ell)$ -list decodable in the rank metric. Then it holds that

\rho\leq\frac{\ell}{\ell+1}\left(1-\frac{k}{n}\right).

They further showed that this bound is tight for rank-metric codes by proving that random Gabidulin codes attain it with high probability. (This is a nontrivial task; in fact, even proving that random linear rank-metric codes attain the generalized Singleton bound is far from obvious.) However, the column-to-row ratio of these codes is quite small, which makes them less appealing for practical applications.

Theorem 3 ([12, Lemma 1.3]).

Let $(\alpha_{1},\dots,\alpha_{n})$ be uniformly distributed over the set of all vectors in $\mathbb{F}_{q^{m}}^{n}$ whose coordinates are linearly independent over $\mathbb{F}_{q}$ . Suppose $m\geq cnk\ell+\log_{q}(1/\delta)$ , where $c$ is a large enough absolute constant. Then it holds with probability at least $1-\delta$ that the Gabidulin code $\mathcal{G}_{n,k}(\alpha_{1},\dots,\alpha_{n})$ ¹¹1See the definition of Gabidulin codes in 13. over $\mathbb{F}_{q^{m}}$ is $\left(\frac{L}{L+1}\left(1-{k}/{n}\right),L\right)$ -list decodable for all $L\in[\ell]$ in the rank metric.

In this paper, we prove that there exist Gabidulin codes with constant column-to-row ratio $\Omega({\varepsilon})$ that are list decodable up to the radius $\frac{\ell}{\ell+1}(1-\frac{k}{n}-\varepsilon)$ .

Theorem 4.

Let $\varepsilon>0$ and $n, k$ be positive integers with $k\leq n$ . Let $m$ and $\ell$ be positive integers such that $m\geq\frac{c\ell(\ell+1)n}{\varepsilon}$ , where $c$ is a sufficiently large absolute constant. Then with probability at least $1-q^{-O(n)}>0$ , a random Gabidulin code of rate $R={k}/{n}$ and block length $n$ over $\mathbb{F}_{q^{m}}^{n}$ is $\left(\frac{\ell}{\ell+1}(1-R-\varepsilon),\ell\right)$ average-radius list decodable.

Complementing this result, we also show that the column-to-row ratio is at most $O(\varepsilon)$ for any rank-metric code that is average-radius list decodable up to the generalized Singleton bound. Thus, our results are essentially tight.

Theorem 5.

Let $\ell\geq 2$ . For any $R\in[0,1]$ , any rank-metric code $C\subseteq\mathbb{F}_{q^{m}}^{n}$ of rate $R$ that is $\left(\frac{\ell\left(1-R-\varepsilon\right)}{\ell+1},\ell\right)$ -average-radius list decodable must have $m=\Omega\left(\frac{Rn}{\varepsilon}\right)$ .

1.2 Proof Overview

Our proof is inspired by [13]. To explain our proof, we first briefly review the techniques in [13]. In [13], they proposed the notion of a reduced intersection matrix, whose kernel corresponds to the list of codewords. Let $C$ be an $[n,k]$ linear code and $G$ be its generator matrix, which is a $k\times n$ matrix. Given $\ell+1$ distinct codewords $\bm{c}_{1},\ldots,\bm{c}_{\ell+1}$ with $\bm{c}_{i}=\bm{x}_{i}G=(c_{i1},\ldots,c_{in})$ that are close to a vector $\bm{y}=(y_{1},\ldots,y_{n})$ , where the coordinates $c_{ij}$ and $y_{j}$ are in the alphabet $\mathbb{F}$ , we define the intersection index set $I_{j}:=\{h\in[n]:y_{h}=c_{jh}\}$ . For a subset $J\subseteq[n]$ , let $G_{J}$ (resp. $\bm{y}_{J}$ ) be the submatrix (resp. subvector) of $G$ (resp. $\bm{y}$ ) formed by the columns (resp. components) with indices in $J$ . Then, we have $\bm{y}_{I_{i}}-\bm{x}_{i}G_{I_{i}}=0$ . If $a\in I_{i}\cap I_{j}$ , then $(\bm{x}_{i}-\bm{x}_{j})G_{a}=0$ . This means that for each element in $I_{i}\cap I_{j}$ , we can establish a linear equation. Since these $\ell+1$ codewords are very close to $\bm{y}$ , it is expected that we can obtain many equations of the form $(\bm{x}_{i}-\bm{x}_{j})G_{a}=0$ . By removing the linear dependence of these equations, we obtain a reduced intersection matrix $R_{G,I_{[\ell]}}$ such that $(\bm{x}_{2}-\bm{x}_{1},\ldots,\bm{x}_{\ell+1}-\bm{x}_{1})R_{G,I_{[\ell]}}=0$ , where $I_{[\ell]}$ is a shorthand for the tuple $(I_{1},\dots,I_{n})$ . On the other hand, if $R_{G,I_{[\ell]}}$ has full rank, then we cannot find $\ell+1$ distinct codewords that are close to a vector $\bm{y}$ and thus $C$ is list decodable. Thus, the essence of their paper is to investigate the full rankness of $R_{G,I_{[\ell]}}$ .

In this paper, we investigate the list decodability of rank-metric codes, where distance is measured using the rank metric rather than the Hamming metric. Thus, we cannot construct the reduced intersection matrix $R_{G,I_{[\ell]}}$ row by row as in [13]. Instead, we present another construction of a reduced intersection matrix, which captures the property of the rank distance. Let us first represent the codeword of our rank-metric code as a vector $\bm{c}\in\mathbb{F}^{n}$ where $\mathbb{F}$ is the extension field of $\mathbb{F}_{q}$ . This is done by fixing an $\mathbb{F}_{q}$ -linear isomorphism $\mathbb{F}\cong\mathbb{F}_{q}^{[\mathbb{F}:\mathbb{F}_{q}]}$ . The rank distance between two codewords $d(\bm{c}_{1},\bm{c}_{2})$ is the maximum number of $\mathbb{F}_{q}$ -linear independent components in $\bm{c}_{1}-\bm{c}_{2}$ . One can find the precise definition in Section 2. Similar to Hamming codes, a linear rank-metric code has a generator matrix $G$ and each codeword can be encoded as $\bm{c}=\bm{x}G$ . Given two vectors $\bm{y}_{1},\bm{y}_{2}\in\mathbb{F}^{n}$ with rank distance $d$ , we can find a $(n-d)\times n$ matrix $A$ over $\mathbb{F}_{q}$ of full rank such that $A(\bm{y}_{1}-\bm{y}_{2})^{\top}=0$ . The major difference between the rank metric and the Hamming metric is that for each vector $\bm{v}$ that lies in the vector space spanned by the rows in $A$ , we always have $\bm{v}(\bm{y}_{1}-\bm{y}_{2})^{\top}=0$ . Thus, we cannot include all $\bm{v}$ in our equations. Instead, we include $A$ as a whole.

With this observation in mind, we present our new reduced intersection matrix. Assume distinct codewords $\bm{c}_{1},\ldots,\bm{c}_{\ell+1}$ with $\bm{c}_{i}=\bm{x}_{i}G$ are close to a vector $\bm{y}=(y_{1},\ldots,y_{n})$ . Assume that $d(\bm{y},\bm{x}_{i}G)=a_{i}$ and there exists an $a_{i}\times n$ matrix $A_{i}$ of full rank over $\mathbb{F}_{q}$ such that $A_{i}(\bm{y}-\bm{x}_{i}G)^{\top}=0$ . By replacing $\bm{y}$ with $\bm{y}-\bm{x}_{1}G$ and $\bm{x}_{i}=\bm{x}_{i}-\bm{x}_{1}$ , we have $A_{1}\bm{y}^{\top}=0$ and $A_{i}(\bm{y}-\bm{x}_{i}G)^{\top}=0$ . Let $\mathcal{V}=(V_{1},\ldots,V_{\ell+1})$ where $V_{i}$ is the vector space spanned by the rows in $A_{i}$ .²²2In our analysis, we need to consider $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ for $t=1,\ldots,\ell+1$ . Here, we only consider $\mathcal{V}_{[\ell+1]}$ for simplicity. Then, we construct a reduced intersection matrix $R_{G,\mathcal{V}}$ to represent all these relations as $R_{G,\mathcal{V}}(\bm{y},\bm{x}_{2},\ldots,\bm{x}_{\ell+1})^{\top}=0$ which can be found in (9). If $R_{G,\mathcal{V}}$ has full rank, which means that we cannot find such $\ell+1$ distinct codewords, then our rank-metric code is list decodable. Thus, it suffices to study the rank of $R_{G,\mathcal{V}}$ . If our decoding radius is slightly off the generalized Singleton bound (with a gap of $\varepsilon$ ), then $R_{G,\mathcal{V}}$ is not square. This makes the full rank condition easier to meet.

We restrict $G$ to a subspace $V$ by defining $G_{V}$ to be the column space of $G A$ where the columns of $A$ span $V$ . This can be seen as a generalization of puncturing in the Hamming metric. By introducing a subspace $V$ , we obtain a submatrix $R_{G,\mathcal{V}}^{V}$ of $R_{G,\mathcal{V}}$ by restricting $G$ to $V$ . Using results from [12], we show that if $G$ is a symbolic Gabidulin code (see Definition 15), then the submatrix $R_{G,\mathcal{V}}^{V}$ is invertible and has the same rank as $R_{G,\mathcal{V}}$ when the dimension of $V$ is not too small, i.e., $\dim(V)\geq n-\frac{\lambda k}{\ell}$ , where $\lambda>0$ is a small parameter depending on $\varepsilon$ . This means if each variable of this symbolic Gabidulin code is chosen uniformly at random, with high probability, $R_{G,\mathcal{V}}^{V}$ has full rank. To show that a Gabidulin code is list decodable, we need to enumerate all possible $t$ -tuples $(V_{1},\ldots,V_{t})$ for $t=1,\ldots,\ell+1$ and take a union bound over all these tuples. Thus, we need to show that $R_{G,\mathcal{V}}$ is of full rank with high probability $1-\exp(\Omega(-n^{2}))$ for each $\mathcal{V}$ . To do this, we borrow the idea of [13] to bound the failure probability.

Let us briefly review the idea of our algorithm. Let $\bm{e}_{1},\ldots,\bm{e}_{n}$ be a standard basis of $\mathbb{F}_{q}^{n}$ . We first fix a non-singular maximal square submatrix $W$ of $R_{G,\mathcal{V}}$ . The reason we need a square submatrix is that it is easy to calculate the determinant of $W$ to bound the failure probability that $W$ is non-singular. Initially, since $G$ is the generator matrix of a symbolic Gabidulin code, $W$ is a nonsingular matrix. If $W$ remains non-singular with the assignment $X_{1}=\alpha_{1},\ldots,X_{n}=\alpha_{n}$ , we are done. Otherwise, we face the situation where $M$ is non-singular under the partial assignment $X_{1}=\alpha_{1},\ldots,X_{j-1}=\alpha_{j-1}$ but becomes singular under $X_{1}=\alpha_{1},\ldots,X_{j}=\alpha_{j}$ . In this case, we call $j$ a faulty index and remove the corresponding columns from the generator matrix $G$ . Then, we come to the submatrix $R_{G,\mathcal{V}}^{V}$ for some subspace $V=\text{span}\{\bm{e}_{i}:i\in[n]/\{j\}\}$ . Note that we have already shown that $R_{G,\mathcal{V}}^{V}$ has full rank if $V$ has large dimension. Then, we find a new maximal square submatrix $W$ of $R_{G,\mathcal{V}}^{V}$ and continue the argument. We show that, with high probability, there are not too many faulty indices, which implies that we can finally find a maximal square submatrix $W$ that has full rank under the assignment. This means $R_{G,\mathcal{V}}$ has full rank, completing the proof.

Complementing our positive result, we also show that a capacity-achieving list decodable rank-metric code must satisfy $m=\Omega(n/\varepsilon)$ . Our proof generalizes the proof in [1] in the rank-metric case. In particular, we first fix a subspace $V_{0}\subseteq\mathbb{F}_{q^{m}}^{n}$ of dimension $b=4\varepsilon n$ and let $\overline{V}_{0}$ be a complement of $V_{0}$ . Then, we construct a collection $\mathcal{F}$ of subspaces of dimension $R-\varepsilon$ in $\overline{V}_{0}$ , where $R$ is the rate of our rank-metric code. For any two subspaces $V_{1},V_{2}\in\mathcal{F}$ , $\dim(V_{1}+V_{2})\geq(R+\varepsilon)n$ . We manage to show that $\mathcal{F}$ has a large size. Using a probabilistic argument, we find a codeword $M$ in the rank-metric code $C$ such that for most subspaces $V\in\mathcal{F}$ , there is a corresponding codeword $M_{V}$ in $C$ satisfying the condition that the kernel of $M-M_{V}$ contains $V$ . Since the number of such subspaces is greater than $\ell q^{4\varepsilon n}$ , by the pigeonhole principle, we can find $\ell$ distinct codewords $M_{V_{1}},\ldots M_{V_{\ell}}$ such that the kernel of $M-M_{V_{i}}$ also contains $V_{0}$ . Then, we show that these $\ell+1$ codewords $M,M_{V_{1}},\ldots M_{V_{\ell}}$ are contained in a ball of small radius in the rank metric. This implies an upper bound on the list decoding radius, thus completing the proof.

$\blacktriangleright$ Remark.

It is interesting to note that we require only the ideas from [13] to improve the column-to-row ratio to $\Omega_{\ell,\varepsilon}(1)$ , without relying on the more refined techniques from [2]. This is likely due to the significantly larger alphabet size of rank-metric codes. While the techniques in [2] might further improve lower-order factors, such as the dependence on $\ell$ , we do not pursue this direction here in order to keep the presentation simple.

2 Preliminaries

In this paper, vectors are considered row vectors unless stated otherwise. Define $[k]=\{1,\ldots,k\}$ . Let $\mathbb{F}_{q}$ be a finite field with $q$ elements and $\mathbb{F}/\mathbb{F}_{q}$ be a (finite or infinite) extension of $\mathbb{F}_{q}$ .

2.1 Vector Spaces

$\mathbb{F}_{q}^{n}$ is a vector space of dimension $n$ over $\mathbb{F}_{q}$ . We denote by $\bm{x}$ a row vector in $\mathbb{F}_{q}^{n}$ and $\bm{x}^{\top}$ a column vector. Let $\bm{e}_{1},\ldots,\bm{e}_{n}$ be the standard basis of $\mathbb{F}_{q}^{n}$ . Given a matrix $A\in\mathbb{F}_{q}^{m\times n}$ , we denote by $\langle A\rangle$ the subspace spanned by the column vectors in $A$ . For a $t$ -tuple $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ and $J\subseteq[t]$ , define $\mathcal{V}_{J}=(V_{i})_{i\in J}$ .

Definition 6 (Dual space).

Let $V\subseteq\mathbb{F}_{q}^{n}$ be a linear subspace. The dual space of $V_{i}$ is denoted as $V^{\perp}=\{\bm{v}\in\mathbb{F}_{q}^{n}:\bm{v}\bm{x}^{\top}=0,\quad\forall\bm{% x}\in V\}$ . It is clear that $V^{\perp}$ is well-defined, and $\dim(V^{\perp})=n-\dim(V)$ .

Linear codes

Let $\mathbb{F}$ be a field. An $[n,k]_{\mathbb{F}}$ linear code $C$ (or $[n,k]_{\mathbb{F}}$ code for short) is simply a subspace of $\mathbb{F}^{n}$ of dimension $k$ . The dual code of an $[n,k]_{\mathbb{F}}$ code $C$ is the $[n,n-k]_{\mathbb{F}}$ code $C^{\perp}$ which is the dual space of $C$ .

For an $[n,k]_{\mathbb{F}}$ code $C$ , a matrix $G\in\mathbb{F}^{k\times n}$ is said to be a generator matrix of $C$ if $C=\{\bm{u}G:u\in\mathbb{F}^{k}\}$ , and a matrix $H\in\mathbb{F}^{(n-k)\times n}$ is said to be a parity-check matrix of $C$ if $C=\{\bm{v}\in\mathbb{F}^{n}:H\bm{v}^{\top}=0\}$ . A generator matrix of $C$ is also a parity-check matrix of the dual code $C^{\perp}$ . Similarly, a parity-check matrix of $C$ is also a generator matrix of $C^{\perp}$ .

Definition 7 (Dimension of a collection of vector spaces).

For a $t$ -tuple $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ of subspaces and $J\subseteq[t]$ , the dimension of $\mathcal{V}_{J}$ is defined as

\dim(\mathcal{V}_{J}):=\sum_{i\in J}\dim(V_{i})-\dim\left(\sum_{i\in J}V_{i}% \right).

We need the following simple lemmas, whose proofs are omitted.

Lemma 2.

Let $\ell\leq n$ . Let $T_{1}$ be a $\ell\times n$ matrix of full rank over $\mathbb{F}$ . Then there exist matrices $M_{1}\in\mathbb{F}^{n\times\ell}$ , $M_{2}\in\mathbb{F}^{n\times(n-\ell)}$ , and $T_{2}\in\mathbb{F}^{(n-\ell)\times n}$ of full rank such that $M_{1}T_{1}+M_{2}T_{2}=I_{n}$ and $T_{1}M_{2}=0$ .

Lemma 3.

Let $V_{1},\ldots,V_{\ell}\subseteq\mathbb{F}^{n}$ . Then

\left(\bigcap_{i=1}^{\ell}V_{i}\right)^{\perp}=\sum_{i=1}^{\ell}V_{i}^{\perp}.

(1)

Lemma 4.

Let $V$ be a subspace in $\mathbb{F}_{q}^{n}$ and $W$ be a subspace of $V$ . Then, there exists a matrix $A\in\mathbb{F}_{q}^{n\times\dim(V)}$ with $\langle A\rangle=V$ such that there exists a $n\times\dim(W)$ submatrix $B$ of $A$ with $\langle B\rangle=W$ .

Lemma 5.

Let $0<\alpha<\beta<1$ with $\beta-\alpha<\frac{1}{4}$ . Given a subspace $V_{1}\subseteq\mathbb{F}_{q}^{n}$ of dimension $\alpha n$ , the number of $V_{2}\subseteq\mathbb{F}_{q}^{n}$ with $\dim(V_{1}+V_{2})\leq\beta n$ and $\dim(V_{2})=\alpha n$ is at most $16n^{2}q^{(\beta-\alpha)(1+3\alpha-2\beta)n^{2}}$ .

Proof.

Let $W=V_{1}\cap V_{2}$ and we write $V_{1}=W\oplus W_{1}$ and $V_{2}=W\oplus W_{2}$ . Since

\dim(V_{1}\cap V_{2})=\dim(V_{1})+\dim(V_{2})-\dim(V_{1}+V_{2})\geq(2\alpha-% \beta)n,

we conclude that $a:=\dim(W)\geq(2\alpha-\beta)n$ and $b:=\dim(W_{2})\leq(\beta-\alpha)n$ . To construct $V_{2}$ , it suffices to construct $W$ and $W_{2}$ separately. The number of subspaces $W$ equals the number of ways of picking a $\dim(W)$ -dimensional subspace from $V_{1}$ , which is at most $4q^{(\alpha n-a)a}$ . On the other hand, the number of $W_{2}$ equals the number of ways of picking a $\dim(W_{2})$ -dimensional subspace that $W_{2}\cap V_{1}=\{0\}$ , which is

\prod_{i=0}^{\dim(W_{2})-1}\frac{q^{n}-q^{\alpha n+i}}{q^{\dim(W_{2})}-q^{i}}% \leq 4q^{(n-b)b}.

Thus, for fixed $(a,b)$ , the total number of $V_{2}$ is at most $16q^{(\alpha n-a)a+(n-b)b}$ subject to $a+b=\alpha n$ and $b\leq(\beta-\alpha)n$ . And we have

(\alpha n-a)a+(n-b)b=b(\alpha n-b)+(n-b)b=b((\alpha+1)n-2b)\leq(\beta-\alpha)(% 1+3\alpha-2\beta)n^{2}.

The number of possible $(a,b)$ is at most $n^{2}$ . The claim follows by taking the union bound over all possible $(a,b)$ . $\hfill\blacktriangleleft$

Corollary 8.

Let $0<\alpha<\beta<1$ . There exists a collection $\mathcal{F}$ of $\alpha n$ -dimensional subspaces in $\mathbb{F}_{q}^{n}$ of size at least $\Omega(q^{(\alpha-\alpha^{2}-2(\beta-\alpha)-o(1))n^{2}})$ such that for any $V_{1},V_{2}\in\mathcal{F}$ , $\dim(V_{1}+V_{2})\geq\beta n$ .

Proof.

There are at least $q^{\alpha(1-\alpha)n^{2}}$ $\alpha n$ -dimensional subspaces in $\mathbb{F}_{q}^{n}$ . For each such subspace $V$ , by Lemma 5, we remove at most $16n^{2}q^{(\beta-\alpha)(1+3\alpha-2\beta)n^{2}}$ subspaces $W$ in $\mathbb{F}_{q}^{n}$ such that $\dim(V+W)\leq\beta n$ . Thus, by a greedy algorithm (i.e., iteratively adding subspaces that have not been selected or removed to $\mathcal{F}$ ), we can find $\mathcal{F}$ of size at least

\frac{1}{16n^{2}}q^{\alpha(1-\alpha)n^{2}-(\beta-\alpha)(1+3\alpha-2\beta)n^{2% }}\geq\Omega(q^{(\alpha-\alpha^{2}-2(\beta-\alpha)-o(1))n^{2}}).

The last inequality is due to $1+3\alpha-2\beta\leq 1+\alpha\leq 2$ . The proof is completed. $\hfill\blacktriangleleft$ The size of family $\mathcal{F}$ will be used in the lower bound argument in Appendix A.

2.2 Rank-Metric Codes

We first review some basic facts and results about rank-metric codes. The rank distance $d(A,B)$ between two matrices $A,B\in\mathbb{F}_{q}^{m\times n}$ is defined to be the rank of $A-B$ , i.e., $d(A,B):=\mathrm{rank}(A-B)$ . Indeed, this defines a distance [8]. A rank-metric code $C$ is a subset of $\mathbb{F}_{q}^{m\times n}$ whose rate and minimum distance are given by

R(C):=\frac{\log_{q}\left|C\right|}{nm}\quad\text{ and }\quad d(C):=\min_{% \begin{subarray}{c}A,B\in C\\ A\neq B\end{subarray}}d(A,B).

Without loss of generality, we always assume that $m\geq n$ , since otherwise we can exchange $n$ and $m$ . It is convenient to treat an $m\times n$ matrix $A$ over $\mathbb{F}_{q}$ as a vector $\bm{v}=(v_{1},\ldots,v_{n})\in\mathbb{F}_{q^{m}}^{n}$ by identifying $\mathbb{F}_{q}^{m}$ with $\mathbb{F}_{q^{m}}$ (by fixing a basis of $\mathbb{F}_{q^{m}}$ ) and viewing each column of $A$ as an element in $\mathbb{F}_{q^{m}}$ . Then, we have $\mathrm{rank}(A)=\dim_{\mathbb{F}_{q}}(\mathrm{span}_{\mathbb{F}_{q}}\{v_{1},% \ldots,v_{n}\})$ . In this way, a rank-metric code $C$ may be viewed as a subset of $\mathbb{F}_{q^{m}}^{n}$ , and we can study linear rank-metric codes, i.e, codes that are $\mathbb{F}_{q^{m}}$ -subspaces.

Linear rank-metric codes over a general field $\mathbb{F}/\mathbb{F}_{q}$

It is convenient for us to consider a general notion of linear rank-metric codes $C\subseteq\mathbb{F}^{n}$ over a field $\mathbb{F}/\mathbb{F}_{q}$ that can even be infinite. To properly define this notion, we first define the $\mathbb{F}_{q}$ -rank and the kernel subspace of a vector $\bm{v}\in\mathbb{F}^{n}$ .

Definition 9 ( $\mathbb{F}_{q}$ -rank).

Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ . For $\bm{v}=(v_{1},\dots,v_{n})\in\mathbb{F}^{n}$ , define

\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v}):=\dim_{\mathbb{F}_{q}}(\mathrm{span}_{% \mathbb{F}_{q}}\{v_{1},\ldots,v_{n}\}),

called the $\mathbb{F}_{q}$ -rank of $\bm{v}$ .

Definition 10 (Kernel subspace).

For $\bm{v}=(v_{1},\dots,v_{n})\in\mathbb{F}^{n}$ , define the $\mathbb{F}_{q}$ -kernel subspace (or simply the kernel subspace) of $\bm{v}$ to be

\ker_{\mathbb{F}_{q}}(\bm{v}):=\left\{\bm{u}\in\mathbb{F}_{q}^{n}:\bm{u}\bm{v}% ^{\top}=0\right\}=\left\{(u_{1},\dots,u_{n})\in\mathbb{F}_{q}^{n}:\sum_{i=1}^{% n}u_{i}v_{i}=0\right\}.

The following lemma can be seen as an alternative definition of the $\mathbb{F}_{q}$ -rank.

Lemma 6.

$\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v})=n-\dim_{\mathbb{F}_{q}}(\ker_{\mathbb{F% }_{q}}(\bm{v}))$ .

Proof.

Consider the $\mathbb{F}_{q}$ -linear map $\mathbb{F}_{q}^{n}\to\mathbb{F}$ sending $\bm{u}\in\mathbb{F}_{q}^{n}$ to $\bm{u}\bm{v}^{\top}$ . The image of this map is $\mathrm{span}_{\mathbb{F}_{q}}\{v_{1},\ldots,v_{n}\}$ , whose dimension is $\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v})$ by definition. The kernel of this map is $\ker_{\mathbb{F}_{q}}(\bm{v})$ . So $\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v})=n-\dim_{\mathbb{F}_{q}}(\ker_{\mathbb{F% }_{q}}(\bm{v}))$ . $\hfill\blacktriangleleft$

We can now define the notion of a linear rank-metric code over a field $\mathbb{F}/\mathbb{F}_{q}$ .

Definition 11 (Linear rank-metric code).

Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ . An $[n,k]_{\mathbb{F}}$ $($ linear $)$ rank-metric code is simply an $[n,k]_{\mathbb{F}}$ code $C\subseteq\mathbb{F}^{n}$ equipped with the distance function $d:\mathbb{F}^{n}\times\mathbb{F}^{n}\to\mathbb{N}$ defined by $d(\bm{v},\bm{v}^{\prime}):=\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v}-\bm{v}^{% \prime})$ . The minimum distance of $C$ is

d(C):=\min_{\begin{subarray}{c}\bm{v},\bm{v}^{\prime}\in C\\ \bm{v}\neq\bm{v}^{\prime}\end{subarray}}d(\bm{v},\bm{v}^{\prime})=\min_{% \mathbf{0}\neq\bm{v}\in C}\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v}).

Analogous to the classical setting, one can prove the following Singleton bound for linear rank-metric codes. While this may be well known, we include a proof for completeness.

Theorem 12 (Singleton bound).

Let $C$ be an $[n,k]_{\mathbb{F}}$ rank-metric code. Then $d(C)\leq n-k+1$ .³³3We remark that when $\mathbb{F}=\mathbb{F}_{q^{m}}$ , there exists a Singleton bound, $|C|\leq q^{m(n-d+1)}$ , that also applies to nonlinear rank-metric codes $C\subseteq\mathbb{F}^{n}$ [8]. However, this bound is given in terms of the size of the code, not the dimension, making it inapplicable when $\mathbb{F}$ is infinite.

Proof.

There exists a nonzero codeword $\bm{v}=(v_{1},\dots,v_{n})\in C$ whose first $k-1$ coordinates are zero. So $d(C)\leq\mathrm{rank}_{\mathbb{F}_{q}}(\bm{v})=\dim_{\mathbb{F}_{q}}(\mathrm{% span}_{\mathbb{F}_{q}}\{v_{1},\ldots,v_{n}\})=\dim_{\mathbb{F}_{q}}(\mathrm{% span}_{\mathbb{F}_{q}}\{v_{k},\ldots,v_{n}\})\leq n-k+1$ . $\hfill\blacktriangleleft$ A rank-metric code meeting the Singleton bound is called maximum rank distance (MRD) code.

Lemma 7 ([12, Lemma 2.11]).

Let $C$ be an $[n,k]_{\mathbb{F}}$ code. If $C$ is $\operatorname{MRD}$ , then $C^{\perp}$ is also $\operatorname{MRD}$ .

Lemma 8.

Let $G\in\mathbb{F}^{k\times n}$ be a generator matrix of an $[n,k]_{\mathbb{F}}$ code $C$ and $H\in\mathbb{F}^{(n-k)\times n}$ be a parity-check matrix of code $C$ . Then the following are all equivalent:

1.

$C$ is $\operatorname{MRD}$ .
2.

For any $A\in\mathbb{F}_{q}^{n\times k}$ of full rank, the matrix $GA\in\mathbb{F}^{k\times k}$ also has full rank.
3.

For any $B\in\mathbb{F}_{q}^{n\times(n-k)}$ of full rank, the matrix $HB\in\mathbb{F}^{(n-k)\times(n-k)}$ also has full rank.

Proof.

For the first two claims, see [12, Lemma 2.10]. Lemma 7 says that $H$ is the generator matrix of a $[n,n-k]_{\mathbb{F}}$ MRD code $C^{\perp}$ . The third claim follows by applying the second one to the dual code $C^{\perp}$ . $\hfill\blacktriangleleft$

Gabidulin codes

The most famous MRD codes are Gabidulin codes, which are defined by using the evaluation of linearized polynomials. We briefly review the construction of Gabidulin codes [8] and extend it to a general field $\mathbb{F}/\mathbb{F}_{q}$ .

Definition 13 (Gabidulin code over $\mathbb{F}$ ).

Let $0<k\leq n$ be integers. Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ such that $[\mathbb{F}:\mathbb{F}_{q}]\geq n$ . Let $\alpha_{1},\dotsc,\alpha_{n}\in\mathbb{F}$ be linearly independent over $\mathbb{F}_{q}$ . Define the $[n,k]_{\mathbb{F}}$ rank-metric code

\mathcal{G}_{n,k}(\alpha_{1},\dotsc,\alpha_{n}):=\left\{\bm{x}_{f}=(f(\alpha_{% 1}),\ldots,f(\alpha_{n})):\;f\in\mathbb{F}[X]\nobreak\ \text{is $q$-linearized% },\deg_{q}(f)<k\right\},

where $f\in\mathbb{F}[X]$ is said to be $q$ -linearized if it only contains monomials whose degrees are $q$ -powers, and we define $\deg_{q}(f)=d$ if $\deg(f)=q^{d}$ .

For a nonzero codeword $\bm{x}_{f}=(f(\alpha_{1}),\ldots,f(\alpha_{n}))\in\mathcal{G}_{n,k}(\alpha_{1}% ,\dotsc,\alpha_{n})$ , using the fact that $f$ is $q$ -linearized, we have

\ker_{\mathbb{F}_{q}}(\bm{x}_{f})=\left\{(u_{1},\dots,u_{n})\in\mathbb{F}_{q}^% {n}:f\left(\sum_{i=1}^{n}u_{i}\alpha_{i}\right)=0\right\}

whose dimension over $\mathbb{F}_{q}$ is bounded by $k-1$ since $\alpha_{1},\dots,\alpha_{n}$ are linearly independent over $\mathbb{F}_{q}$ and $f$ has at most $\deg(f)\leq q^{k-1}$ roots. So $\mathrm{rank}_{\mathbb{F}_{q}}(\bm{x}_{f})\geq n-k+1$ by Lemma 6. This shows that Gabidulin codes are MRD codes.

The dual code of a Gabidulin code is also a Gabidulin code, which can be seen as an analogy of a Reed–Solomon code.

Theorem 14 (Duality of Gabidulin codes).

Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ , and let $\alpha_{1},\dots,\alpha_{n}\in\mathbb{F}$ be linearly independent over $\mathbb{F}_{q}$ . Then there exists $(\beta_{1},\dots,\beta_{n})\in\mathbb{F}^{n}\setminus\{0\}$ such that

\sum_{i=1}^{n}\alpha_{i}^{q^{j-1}}\beta_{i}^{q^{h-1}}=0\qquad\text{for $(j,h)% \in[k]\times[n-k]$}.

(2)

The choice of $(\beta_{1},\dots,\beta_{n})$ satisfying (2) is unique up to a scalar in $\mathbb{F}_{q}\setminus\{0\}$ . Moreover, $\beta_{1},\dots,\beta_{n}$ are linearly independent over $\mathbb{F}_{q}$ , and $\left(\beta_{j}^{q^{i-1}}\right)_{i\in[n-k],j\in[n]}$ is a parity-check matrix of $\mathcal{G}_{n,k}(\alpha_{1},\dotsc,\alpha_{n})$ , i.e.,

\mathcal{G}_{n,k}(\alpha_{1},\dotsc,\alpha_{n})^{\perp}=\mathcal{G}_{n,n-k}(% \beta_{1},\dotsc,\beta_{n}).

A proof can be found in [3, Lemma 2.7.2]. We present this proof for completeness.

Proof of Theorem 14.

This holds for any extension field $\mathbb{F}$ no matter if $\mathbb{F}$ is finite or infinite. Let $\beta_{1},\ldots,\beta_{n}$ be the unique solution up to the scalar such that

\sum_{i=1}^{n}\alpha_{i}^{q^{j}}\beta_{i}=0,\quad j=k+1-n,\ldots,k-1.

(3)

The uniqueness is due to the fact that $(\alpha_{i}^{q^{k-j}})_{(i,j)\in[n]\times[n-1]}$ is a Moore matrix of rank $n-1$ if $\alpha_{1},\ldots,\alpha_{n}$ are $\mathbb{F}_{q}$ -linearly independent. Then, for $j\in[k],h\in[n-k]$ , we have

\sum_{i=1}^{n}\alpha_{i}^{q^{j}}\beta_{i}^{q^{h}}=\left(\sum_{i=1}^{n}\alpha_{% i}^{q^{j-h}}\beta_{j}\right)^{q^{h}}=0.

This is due to (3) and the fact that $k+1-n\leq j-h\leq k-1$ . $\hfill\blacktriangleleft$

Definition 15 (Symbolic Gabidulin code).

Let $0<k\leq n$ . Let $\mathbb{F}=\mathbb{F}_{q}(X_{1},\ldots,X_{n})$ , where $X_{1},\dots,X_{n}$ are transcendental and algebraically independent elements over $\mathbb{F}_{q}$ . A $[n,k]_{\mathbb{F}}$ symbolic Gabidulin code is a $\mathbb{F}$ -linear code with generator matrix $G=(X_{j}^{q^{i-1}})_{(i,j)\in[k]\times[n]}$ , i.e.,

\mathcal{G}_{n,k}(X_{1},\dotsc,X_{n}):=\left\{\bm{x}_{f}=(f(X_{1}),\ldots,f(X_% {n})):\;f\in\mathbb{F}[X]\nobreak\ \text{is $q$-linearized},\deg_{q}(f)<k% \right\}.

2.3 Known Results on the List Decoding of Gabidulin Codes

For $G\in\mathbb{F}^{k\times n}$ over an extension field $\mathbb{F}/\mathbb{F}_{q}$ , $A\in\mathbb{F}_{q}^{n\times d}$ , and $V=\langle A\rangle\subseteq\mathbb{F}_{q}^{n}$ , define $G_{V}\subseteq\mathbb{F}^{n}$ to be the column space of $G A$ . The following results on the list decoding of symbolic Gabidulin codes can be found (implicitly) in [12].

Theorem 16 (Implicit in Theorem 1.16, [12]).

Let $\ell>0$ be an integer. Let $\mathcal{G}_{n,k}(X_{1},\dotsc,X_{n})$ be a symbolic Gabidulin code with generator matrix $G$ and parity-check matrix $H$ . Let $V_{1},\dots,V_{\ell}$ be subspaces of $\mathbb{F}_{q}^{n}$ , each of dimension at most $k$ . Then,

\dim_{\mathbb{F}}\left(\bigcap_{i\in[\ell]}G_{V_{i}}\right)=\max_{P_{1}\sqcup P% _{2}\sqcup\cdots\sqcup P_{s}=[\ell]}\left(\sum_{i\in[s]}\dim_{\mathbb{F}_{q}}% \left(\bigcap_{j\in P_{i}}V_{j}\right)-(s-1)k\right)

(4)

where the maximum is taken over all possible partitions $P_{1}\sqcup P_{2}\sqcup\cdots\sqcup P_{s}$ of $[\ell]$ . Let $V_{1},\dots,V_{\ell}$ be subspaces of $\mathbb{F}_{q}^{n}$ , each of dimension at most $n-k$ . Then,

\dim_{\mathbb{F}}\left(\bigcap_{i\in[\ell]}H_{V_{i}}\right)=\max_{P_{1}\sqcup P% _{2}\sqcup\cdots\sqcup P_{s}=[\ell]}\left(\sum_{i\in[s]}\dim_{\mathbb{F}_{q}}% \left(\bigcap_{j\in P_{i}}V_{j}\right)-(s-1)k\right).

(5)

Lemma 9 (Lemma 6.1, [12]).

Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ and let $G\in\mathbb{F}^{k\times n}$ . For $i=1,\dots,\ell$ , let $V_{i}$ be a subspace of $\mathbb{F}_{q}^{n}$ and let $A_{i}\in\mathbb{F}_{q}^{n\times\dim V_{i}}$ such that $V_{i}=\langle A_{i}\rangle$ . Then, $G_{V_{i}}=\langle GA_{i}\rangle$ and

\dim\left(\bigcap_{i\in[\ell]}G_{V_{i}}\right)=\sum_{i\in[\ell]}\dim G_{V_{i}}% -\mathrm{rank}\left(G_{\{A_{i}\}_{i\in[\ell]}}\right),

(6)

where we define the matrix $G_{\{A_{i}\}_{i\in[\ell]}}:=\begin{pmatrix}GA_{1}&GA_{2}&&&\\ GA_{1}&&GA_{3}&&\\ \vdots&&&\ddots&\\ GA_{1}&&&&GA_{\ell}\end{pmatrix}$ .

3 Characterization of the List Decodable Property

Let $\mathbb{F}$ be the extension field of $\mathbb{F}_{q}$ . Let $C$ be a $[n,k]_{\mathbb{F}}$ code with generator matrix $G$ and parity-check matrix $H$ . Assume $\bm{x}_{i}G\in\mathbb{F}^{n},i=1,\ldots,\ell+1$ are $\ell+1$ codewords close to a vector $\bm{y}\in\mathbb{F}^{n}$ , i.e.,

\sum_{i=1}^{\ell+1}\mathrm{rank}_{\mathbb{F}_{q}}(\bm{y}-\bm{x}_{i}G)\leq\ell n% (1-R+\varepsilon).

(7)

By replacing $\bm{y}$ with $\bm{y}-\bm{x}_{1}G$ and $\bm{x}_{i}$ with $\bm{x}_{i}-\bm{x}_{1}$ for $i>1$ , we may assume $\bm{x}_{1}=0$ . Thus, (7) is equivalent to:

\mathrm{rank}(\bm{y})+\sum_{i=2}^{\ell+1}\mathrm{rank}_{\mathbb{F}_{q}}(\bm{y}% -\bm{x}_{i}G)\leq\ell n(1-R+\varepsilon),

(8)

Let $V_{i}=\ker(\bm{y}-\bm{x}_{i}G)\subseteq\mathbb{F}_{q}^{n}$ be a vector space and $A_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ such that $\langle A_{i}\rangle=V_{i}$ . It follows that $\mathrm{rank}(A_{i})=\dim(V_{i})=n-\mathrm{rank}(\bm{y}-\bm{x}_{i}G)$ and $(\bm{y}-\bm{x}_{i}G)A_{i}=0$ . Since $A_{i}^{\top}(\bm{y}^{\top}-G^{\top}\bm{x}^{\top}_{i})=0$ ,

\left(\begin{array}[]{c|c|c|c}A_{1}^{\top}&0&\cdots&0\\ A_{2}^{\top}&-A_{2}^{\top}G^{\top}&\cdots&0\\ \vdots&\vdots&\ddots&\vdots\\ A_{\ell+1}^{\top}&0&\cdots&-A_{\ell+1}^{\top}G^{\top}\end{array}\right)\left(% \begin{array}[]{c}\bm{y}^{\top}\\ \bm{x}_{2}^{\top}\\ \vdots\\ \bm{x}_{\ell+1}^{\top}\end{array}\right)=0.

(9)

Let the matrix above be denoted as $R_{G,\mathcal{V}_{[\ell+1]}}$ where $\mathcal{V}_{[\ell+1]}=(V_{1},\ldots,V_{\ell+1})$ . Since $A_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ , $R_{G,\mathcal{V}_{[\ell+1]}}$ is a $(\sum_{i=1}^{\ell+1}\dim(V_{i}))\times(\ell k+n)$ matrix.

Lemma 10.

Let $\rho\in(0,1)$ , $\lambda\geq 0$ , and $\ell$ be a positive integer. Let $C$ be an $[n,k]_{\mathbb{F}}$ -linear code over a finite field $\mathbb{F}_{q}$ with generator matrix $G\in\mathbb{F}^{k\times n}$ . Suppose $C$ is not $(\rho,\ell)$ average-radius list decodable in the rank metric and $\rho\leq\frac{\ell}{\ell+1}(1-(1+\lambda)\frac{k}{n})$ . Then, there exist $t\in\{2,3,\dots,\ell+1\}$ and $\mathbb{F}_{q}$ -linear subspaces $V_{1},\ldots,V_{t}\subseteq\mathbb{F}_{q}^{n}$ such that

1.

$\ker(R_{G,\mathcal{V}_{[t]}})\neq 0$ .
2.

$\dim(\mathcal{V}_{[t]})\geq(1+\lambda)(t-1)k$
3.

$\dim(\mathcal{V}_{J})\leq(1+\lambda)(|J|-1)k$ for some non-empty set $J\subseteq[t]$ .

Proof.

As $C$ is not $(\rho,\ell)$ average-radius list decodable in the rank metric, there exists a vector $\bm{y}\in\mathbb{F}^{n}$ and $\ell+1$ codewords $\bm{c}_{1},\ldots,\bm{c}_{\ell+1}\in C$ such that $\sum_{i\in[\ell+1]}\mathrm{rank}_{\mathbb{F}_{q}}(\bm{y}-\bm{c}_{i})\leq(\ell+% 1)\rho n.$ Let $V_{i}=\ker(\bm{y}-\bm{c}_{i})$ and we have $\sum_{i\in[\ell+1]}\dim(V_{i})\geq(\ell+1)n(1-\rho)$ . This implies that

\dim(\mathcal{V}_{[\ell+1]})=\sum_{i\in[\ell+1]}\dim(V_{i})-\dim(\sum_{i\in[% \ell+1]}V_{i})\geq\sum_{i\in[\ell+1]}\dim(V_{i})-n\geq\ell(1+\lambda)k.

Thus, we can choose a minimal set $S\subseteq[\ell+1]$ of size at least $2$ such that $\dim(V_{S})\geq(1+\lambda)(|S|-1)k$ . By permuting the codewords $\bm{c}_{1},\ldots,\bm{c}_{\ell+1}$ , we may assume that $S=[t]$ . By the definition of $\dim(\mathcal{V}_{J})$ , $\dim(\mathcal{V}_{J})=0$ for any subset $J$ of size $1$ . Then, for any subset $J\subseteq[t]$ , Item 3 holds due to the minimality of $S$ . It remains to show that Item 1 holds. To see this, we first notice that $\bm{c}_{i}=\bm{x}_{i}G$ for some $\bm{x}_{i}\in\mathbb{F}_{q^{m}}^{t}$ . Let $A_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ such that $\langle A_{i}\rangle=V_{i}$ . Since $V_{i}=\ker(\bm{y}-\bm{c}_{i})$ , we have $(\bm{y}-\bm{c}_{i})A_{i}=(\bm{y}-\bm{x}_{i}G)A_{i}=0$ . Let $\bm{y}^{\prime}=\bm{y}-\bm{x}_{1}G$ and $\bm{x}^{\prime}_{i}=\bm{x}_{i}-\bm{x}_{1}$ for $i=2,\ldots,\ell+1$ . Then $(\bm{y}^{\prime},\bm{x}^{\prime}_{2},\ldots,\bm{x}^{\prime}_{t})^{\top}\in\ker% (R_{G,\mathcal{V}_{[t]}})$ . This completes the proof. $\hfill\blacktriangleleft$

Definition 17 (Reduced Matrix).

Let $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ , where each $V_{i}$ is a linear subspace of $\mathbb{F}_{q}^{n}$ . Let $V\subseteq\mathbb{F}_{q}^{n}$ be a linear subspace and $\hat{V}_{i}=V_{i}\cap V$ be the intersection of $V_{i}$ and $V$ . The reduced matrix $R_{G,\mathcal{V}_{[t]}}^{V}$ is defined as

R_{G,\mathcal{V}_{[t]}}^{V}=\left(\begin{array}[]{c|c|c|c}\hat{A}_{1}^{\top}&0% &\cdots&0\\ \hat{A}_{2}^{\top}&-\hat{A}_{2}^{\top}G^{\top}&\cdots&0\\ \vdots&\vdots&\ddots&\vdots\\ \hat{A}_{t}^{\top}&0&\cdots&-\hat{A}_{t}^{\top}G^{\top}\end{array}\right).

(10)

where $\hat{A}_{i}\in\mathbb{F}_{q}^{n\times\dim(\hat{V}_{i})}$ of full rank with $\langle\hat{A}_{i}\rangle=\hat{V}_{i}$ . If $V_{J}=\mathrm{span}_{\mathbb{F}_{q}}\{\bm{e}_{i}:i\in J\}$ for some $J\subseteq[n]$ , we shorthand $R_{G,\mathcal{V}_{[t]}}^{J}:=R_{G,\mathcal{V}_{[t]}}^{V_{J}}$ if no ambiguity occurs.

Let $A\subseteq\mathbb{F}_{q}^{n\times\dim(V)}$ with $\langle A\rangle=V$ . Since the column vectors in $\hat{A}_{i}$ lie in $V=\langle A\rangle$ , we may write $\hat{A}_{i}=AT_{i}$ where $T_{i}\in\mathbb{F}_{q}^{\dim(V)\times\dim(\hat{V}_{i})}$ of full rank. Using the above notation, we have the following results.

Lemma 11.

Let $G_{1}=GA$ and $U_{i}=\langle T_{i}\rangle$ for $i=1,\ldots,t$ . Let $\mathcal{U}_{[t]}=(U_{1},\ldots,U_{t})$ . Assume $\ker(R_{G_{1},\mathcal{U}_{[t]}})=0$ , i.e., there is no nonzero solution to

\left(\begin{array}[]{c|c|c|c}T_{1}^{\top}&0&\cdots&0\\ T_{2}^{\top}&-T_{2}^{\top}G_{1}^{\top}&\cdots&0\\ \vdots&\vdots&\ddots&\vdots\\ T_{t}^{\top}&0&\cdots&-T_{t}^{\top}G_{1}^{\top}\end{array}\right)\left(\begin{% array}[]{c}\bm{y}^{\top}\\ \bm{x}_{2}^{\top}\\ \vdots\\ \bm{x}_{t}^{\top}\end{array}\right)=0.

(11)

Then $\ker(R_{G,\mathcal{V}_{[t]}}^{V})=0$ .

Proof.

Assume that there exists a solution $(\bm{y},\bm{x}_{2},\ldots,\bm{x}_{t})\in\ker(R_{G,\mathcal{V}_{[t]}}^{V})$ . Let $\bm{y}^{\prime}=\bm{y}A$ . Then, $(\bm{y}^{\prime},\bm{x}_{2},\ldots,\bm{x}_{t})^{\top}$ is a solution to (11) by observing

\hat{A}^{\top}_{i}G^{\top}=(AT_{i})^{\top}G^{\top}=T_{i}^{\top}A^{\top}G^{\top% }=T_{i}^{\top}(GA)^{\top}=T_{i}^{\top}G_{1}^{\top}.\

$\hfill\blacktriangleleft$

4 Connection to the Parity-Check Matrix

Definition 18.

Let $\mathbb{F}$ be the extension field of $\mathbb{F}_{q}$ . Let $H$ be the parity-check matrix of a $[n,k]_{\mathbb{F}}$ code $C$ . Let $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ be a tuple of subspaces of $\mathbb{F}_{q}^{n}$ . Assume that $D_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ such that $\langle D_{i}\rangle=V_{i}$ for $i\in[t]$ . Define the following matrix

M_{H,{\mathcal{V}_{[t]}}}=\left(\begin{array}[]{c|c|c|c|c}HD_{1}&HD_{2}&0&% \cdots&0\\ HD_{1}&0&HD_{3}&\cdots&0\\ \vdots&\vdots&\vdots&\ddots&\vdots\\ HD_{1}&0&0&\cdots&HD_{t}\end{array}\right).

(12)

Since each $D_{i}$ is an $n\times\dim(V_{i})$ matrix over $\mathbb{F}_{q}$ , $M_{H,\mathcal{V}_{[t]}}$ is a $(t-1)(n-k)\times\sum_{i=1}^{t}\dim(V_{i})$ matrix over $\mathbb{F}_{q}$ .

The following theorem connects the matrices $M_{H,\mathcal{V}^{\perp}_{[t]}}$ and $R_{G,\mathcal{V}_{[t]}}$ . See Appendix B for its proof.

Theorem 19.

Let $\mathbb{F}$ be an extension field of $\mathbb{F}_{q}$ . Let $G$ and $H$ be the generator and parity-check matrix of a $[n,k]_{\mathbb{F}}$ MRD code $C$ , respectively. Let $\mathcal{V}_{[t]}=(V_{1},\dots,V_{t})$ and $\mathcal{V}^{\perp}_{[t]}=(V_{1}^{\perp},\ldots,V_{t}^{\perp})$ . Then, there is an injective $\mathbb{F}$ -linear map $\phi:\ker(R_{G,\mathcal{V}_{[t]}})\rightarrow\ker(M_{H,{\mathcal{V}^{\perp}_{[% t]}}})$ .

We note that the matrix $R_{G,\mathcal{V}_{[t]}}$ is not a square matrix as $(t-1)k+n<\sum_{i\in[\ell+1]}\dim(V_{i})$ . This means that if $R_{G,\mathcal{V}_{[t]}}$ has full rank, there exists a reduced submatrix $R_{G,\mathcal{V}_{[t]}}^{V}$ of $R_{G,\mathcal{V}_{[t]}}$ that has the same rank as $R_{G,\mathcal{V}_{[t]}}$ . The following theorem proves this claim provided that the dimension of $V$ is not too small. See Appendix C for its proof.

Theorem 20.

Let $\mathbb{F}=\mathbb{F}_{q}(X_{1},\ldots,X_{n})$ where $X_{1},\dots,X_{n}$ are transcendental and algebraically independent elements over $\mathbb{F}_{q}$ . Let $G=(X_{j}^{q^{i-1}})_{(i,j)\in[k]\times[n]}$ be the generator matrix of a $[n,k]_{\mathbb{F}}$ symbolic Gabidulin code. Let $\lambda>0$ and $t>1$ . Assume that $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ satisfies that $\dim(\mathcal{V}_{[t]})\geq(1+\lambda)(t-1)k$ and $\dim(\mathcal{V}_{J})\leq(|J|-1)(1+\lambda)k$ for all nonempty $J\subseteq[t]$ . Let $V\subseteq\mathbb{F}_{q}^{n}$ be a linear space with $\dim(V)\geq n-\frac{\lambda k}{t-1}$ . Then, $\ker(R_{G,\mathcal{V}_{[t]}}^{V})=0$ .

5 Random Assignment to Achieve the Capacity

5.1 Random Puncturing

Let $\{\bm{e}_{1},\ldots,\bm{e}_{n}\}$ be the standard basis of $\mathbb{F}_{q}^{n}$ . Theorem 20 states that for any subspace $V\subseteq\mathbb{F}_{q}^{n}$ of dimension at least $n-\frac{\lambda k}{t-1}$ , and $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})$ satisfying Item 2 and Item 3, we have $\ker(R_{G,\mathcal{V}_{[t]}}^{V})=0$ . In this section, we focus on the subspace of the form $W_{J}:=\mathrm{span}_{\mathbb{F}_{q}}\{\bm{e}_{i}:i\in J\}$ for some subset $J\subseteq[n]$ . Recall that we shorthand $R_{G,\mathcal{V}}^{W_{J}}$ as $R_{G,\mathcal{V}}^{J}$ . By focusing on the subset $J\subseteq[n]$ , we are able to mimic the technique in [13] to bound the probability that $R_{G,\mathcal{V}_{[t]}}^{J}$ is not of full rank when selecting the value of $X_{i}$ uniformly at random. The connection between $R_{G,\mathcal{V}_{[t]}}^{J}$ and $R_{G,\mathcal{V}_{[t]}}$ can be found in the following lemma.

Lemma 12.

Let $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})\in(\mathbb{F}_{q}^{n})^{t}$ and $V\subseteq\mathbb{F}_{q}^{n}$ . Then, there exist $A_{i}$ and $\hat{A}_{i}$ in (9) and (10) such that $R_{G,\mathcal{V}_{[t]}}^{V}$ is a submatrix of $R_{G,\mathcal{V}_{[t]}}$ .

Proof.

From Lemma 4, we can find $A_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ and its submatrix $\hat{A}_{i}\in\mathbb{F}_{q}^{n\times\dim(\hat{V}_{i})}$ such that $\langle A_{i}\rangle=V_{i}$ , $\langle\hat{A}_{i}\rangle=\hat{V}_{i}$ . This implies that $(\hat{A}^{\top}_{i},0,\ldots,0,-\hat{A}_{i}^{\top}G^{\top},0,\ldots,0)$ is a submatrix of $(A^{\top}_{i},0,\ldots,0,-A_{i}^{\top}G^{\top},0,\ldots,0)$ . In view of the expression of $R_{G,\mathcal{V}_{[t]}}^{V}$ and $R_{G,\mathcal{V}_{[t]}}$ , we conclude that $R_{G,\mathcal{V}_{[t]}}^{V}$ is a submatrix of $R_{G,\mathcal{V}_{[t]}}$ . $\hfill\blacktriangleleft$

Next, we define the faulty index which was first proposed in [13].

Definition 21 (Faulty index).

Assume $r\geq\ell$ . Let $A\in\mathbb{F}_{q}(X_{1},\ldots,X_{n})^{r\times\ell}$ be a matrix such that $\mathrm{rank}(A)=\ell$ and the entries of $A$ are in $\mathbb{F}_{q}[X_{1},\ldots,X_{n}]$ . For $\alpha_{1},\ldots,\alpha_{n}\in\mathbb{F}_{q^{m}}$ , we say $i\in[n]$ is the faulty index of $A$ (with respect to $\alpha_{1},\ldots,\alpha_{n}$ ) if $A|_{X_{1}=\alpha_{1},\ldots,X_{i-1}=\alpha_{i-1}}$ has full (column) rank but $A|_{X_{1}=\alpha_{1},\ldots,X_{i}=\alpha_{i}}$ does not.

Algorithm 1 Output faulty indices.

Lemma 13.

Let $\lambda\geq 0$ and let $t\geq 1$ be an integer. Let $\mathcal{V}_{[t]}=(V_{1},\ldots,V_{t})\subseteq(\mathbb{F}_{q}^{n})^{t}$ such that $\dim(\mathcal{V}_{[t]})\geq(1+\lambda)(t-1)k$ and $\dim(\mathcal{V}_{J})\leq(1+\lambda)(|J|-1)k$ for all nonempty $J\subseteq[t]$ . Let $r$ be a positive integer with $r\leq\frac{\lambda k}{t-1}+1$ . Then, for all $\alpha_{1},\ldots,\alpha_{n}\in\mathbb{F}_{q^{m}}$ , running Algorithm 1 on the input $\mathcal{V}_{[t]}$ , $\alpha_{1},\ldots,\alpha_{n}$ , and $r$ yields the following two possible scenarios:

1.

Algorithm 1 outputs “Success”. In this case, $R_{G,\mathcal{V}_{[t]}}|_{X_{1}=\alpha_{1},\ldots,X_{n}=\alpha_{n}}$ has full rank.
2.

Algorithm 1 outputs an $r$ -tuple $(i_{1},\ldots,i_{r})\in\binom{[n]}{r}$ . In this case, for each $j\in[r]$ , $i_{j}$ is the faulty index of $R_{G,\mathcal{V}_{[t]}}^{S_{j}}$ for $S_{j}=[n]\setminus\{i_{1},\ldots,i_{j-1}\}$ .

Proof.

Assume the algorithm reaches the $j$ -th round of the loop. At the beginning, we have $|J|\geq n-j+1\geq n-r+1\geq n-\frac{\lambda k}{t-1}$ . Then by Lemma 11 and the fact that $G$ is the generator matrix of a symbolic Gabidulin code, $R_{G,\mathcal{V}}^{J}$ has full rank and thus the algorithm never outputs “Fail”. Suppose that the algorithm outputs “Success” and halts in the $j$ -th round. This means that the faulty index of $R_{G,\mathcal{V}}^{J}$ does not exist in this round. This implies that $R_{G,\mathcal{V}}|_{X_{1}=\alpha_{1},\ldots,X_{n}=\alpha_{n}}$ has full rank. It remains to consider the case where the algorithm outputs a $r$ -tuple $(i_{1},\ldots,i_{r})$ . For $j\in[r]$ , the index $i_{j}$ is chosen to be the faulty index of $R_{G,\mathcal{V}}^{S_{j}}$ , where $S_{j}=[n]\setminus\{i_{1},\ldots,i_{j-1}\}$ . The distinctness of $i_{1},\ldots,i_{r}$ is due to the fact that if $i\notin S_{j}$ , then $R_{G,\mathcal{V}}^{S_{j}}$ does not contain $X_{i}$ . $\hfill\blacktriangleleft$

Lemma 14.

Suppose $m\geq n$ and $(\alpha_{1},\ldots,\alpha_{n})$ are chosen uniformly at random in $\mathbb{F}_{q^{m}}$ . Then, for any $r$ -tuple $(i_{1},\ldots,i_{r})\in\binom{[n]}{r}$ and $(V_{1},\ldots,V_{t})\in(\mathbb{F}_{q}^{n})^{t}$ , the probability that Algorithm 1 outputs $(i_{1},\ldots,i_{r})$ given the input $(V_{1},\ldots,V_{t}),$ $\alpha_{1},\ldots,\alpha_{n}$ and $r$ is at most $\left(\frac{(t-1)kq^{k-1}}{q^{m}}\right)^{r}$ .

Proof.

For $j\in[r]$ , define the following:

1.

$S_{j}:=[n]\setminus\{i_{1},\dots,i_{j-1}\}$ .
2.

Let $M_{j}$ be the smallest nonsingular maximal minor of $R_{G,\mathcal{V}}^{S_{j}}$ in the lexicographic order. The same argument in Lemma 13 implies that for $j\in[r]$ , $R_{G,\mathcal{V}}^{S_{j}}$ has full rank and hence $M_{j}$ exists.
3.

Let $E_{j}$ be the event that $\det(M_{j}|_{X_{1}=\alpha_{1},\dots,X_{i_{j}-1}=\alpha_{i_{j}-1}})\neq$ but $\det(M_{j}|_{X_{1}=\alpha_{1},\dots,X_{i_{j}}=\alpha_{i_{j}}})$ is zero.

Note that if $(i_{1},\ldots,i_{r})$ is output by the algorithm, then $E_{1},\dots,E_{r}$ occurs. So it suffices to prove that $\Pr[E_{1}\wedge\dots\wedge E_{r}]\leq\left(\frac{(t-1)kq^{k-1}}{q^{m}}\right)^% {r}$ .

Let $(j_{1},j_{2},\dots,j_{r})$ be a permutation of $(1,2,\dots,r)$ such that $i_{j_{1}}<\dots<i_{j_{r}}$ , i.e., $i_{j_{\ell}}$ is the $\ell$ -th smallest index among $i_{1},\dots,i_{r}$ for $\ell\in[r]$ . For $\ell\in\{0,1,\dots,r\}$ , define $F_{\ell}:=E_{j_{1}}\wedge\dots\wedge E_{j_{\ell}}$ , where we let $F_{0}$ be the event that always occurs. Then $F_{r}=E_{j_{1}}\wedge\dots\wedge E_{j_{r}}=E_{1}\wedge\dots\wedge E_{r}$ . If $\Pr[F_{r}]=0$ then we are done. So assume $\Pr[F_{r}]>0$ . By definition, if $F_{\ell}$ occurs and $\ell^{\prime}<\ell$ , then $F_{\ell^{\prime}}$ also occurs. So $\Pr[F_{\ell}]>0$ for all $\ell\in\{0,1,\dots,r\}$ . Note

\Pr[E_{1}\wedge\dots\wedge E_{r}]=\Pr[F_{r}]=\prod_{\ell=1}^{r}\frac{\Pr[F_{% \ell}]}{\Pr[F_{\ell-1}]}.

So it suffices to prove that $\frac{\Pr[F_{\ell}]}{\Pr[F_{\ell-1}]}\leq\frac{(t-1)kq^{k-1}}{q^{m}}$ for $\ell\in[r]$ .

Fix $\ell\in[r]$ and let $j=j_{\ell}$ . Let $T$ be the set of all $\beta=(\beta_{1},\dots,\beta_{i_{j}-1})\in\mathbb{F}_{q}^{i_{j}-1}$ such that $\Pr\left[\left(\alpha_{<i_{j}}=\beta\right)\wedge F_{\ell-1}\right]>0$ , where $\alpha_{<i_{j}}=\beta$ is a shorthand for $(\alpha_{1}=\beta_{1})\wedge\dots\wedge(\alpha_{i_{j}-1}=\beta_{i_{j}-1})$ . Note that for $\beta\in T$ , the event $\left(\alpha_{<i_{j}}=\beta\right)\wedge F_{\ell-1}$ is simply $\alpha_{<i_{j}}=\beta$ since $F_{\ell-1}=E_{j_{1}}\wedge\dots\wedge E_{j_{\ell-1}}$ depends only on $\alpha_{1},\dots,\alpha_{i_{j_{\ell-1}}}$ and is bound to happen conditioned on $\alpha_{<i_{j}}=\beta$ . We then have

	$\displaystyle\frac{\Pr[F_{\ell}]}{\Pr[F_{\ell-1}]}$	$\displaystyle=\frac{\sum_{\beta\in S}\Pr\left[\left(\alpha_{<i_{j}}=\beta% \right)\wedge F_{\ell}\right]}{\sum_{\beta\in S}\Pr\left[\left(\alpha_{<i_{j}}% =\beta\right)\wedge F_{\ell-1}\right]}=\frac{\sum_{\beta\in S}\Pr\left[\left(% \alpha_{<i_{j}}=\beta\right)\wedge E_{j}\right]}{\sum_{\beta\in S}\Pr\left[% \alpha_{<i_{j}}=\beta\right]}$
		$\displaystyle\leq\max_{\beta\in S}\frac{\Pr\left[\left(\alpha_{<i_{j}}=\beta% \right)\wedge E_{j}\right]}{\Pr\left[\alpha_{<i_{j}}=\beta\right]}=\max_{\beta% \in S}\Pr\left[E_{j}\mid\alpha_{<i_{j}}=\beta\right].$

Fix $\beta=(\beta_{1},\dots,\beta_{i_{j}-1})\in T$ . We just need to prove that $\Pr\left[E_{j}\mid\alpha_{<i_{j}}=\beta\right]\leq\frac{(t-1)kq^{k-1}}{q^{m}}$ . Let

Q:=\det(M_{j}|_{X_{1}=\beta_{1},\dots,X_{i_{j}-1}=\beta_{i_{j}-1}})\in\mathbb{% F}_{q}[X_{i_{j}},\dots,X_{n}].

If $Q=0$ , then $E_{j}$ never occurs conditioned on $\alpha_{<i_{j}}=\beta$ and we are done. So assume $Q\neq 0$ . View $Q$ as a polynomial in $X_{i_{j}+1},\dots,X_{n}$ over the ring $\mathbb{F}_{q}[X_{i_{j}}]$ , and let $Q_{0}\in\mathbb{F}_{q}[X_{i_{j}}]$ be the coefficient of a nonzero term of $Q$ . Then conditioned on $\alpha_{<i_{j}}=\beta$ , the event $E_{j}$ occurs only if $\alpha_{i_{j}}$ is a root of $Q_{0}\neq 0$ . Note that $\deg Q_{0}\leq\deg_{X_{i_{j}}}Q\leq\deg_{X_{i_{j}}}\left(\det(M_{j})\right)$ , which is bounded by $(t-1)kq^{k-1}$ from the expression of $R_{G,\mathcal{V}}^{S_{j}}$ . Also note that conditioned on $\alpha_{<i_{j}}=\beta$ , the random variable $\alpha_{i_{j}}$ is uniformly distributed over $\mathbb{F}_{q}^{m}$ . It follows that $\Pr\left[E_{j}\mid\alpha_{<i_{j}}=\beta\right]\leq\frac{(t-1)kq^{k-1}}{q^{m}}$ . $\hfill\blacktriangleleft$

Corollary 22.

Under the notations and conditions in Lemma 14, suppose $m\geq n$ and $(\alpha_{1},\ldots,\alpha_{n})$ is chosen uniformly at random, then

\Pr[\ker(R_{G,\mathcal{V}}|_{X_{1}=\alpha_{1},\ldots,X_{n}=\alpha_{n}})\neq 0]% \leq\bigg((t-1)knq^{k-m}\bigg)^{r}.

Proof.

Take a union bound over sequences $(i_{1},\ldots,i_{r})\in\binom{[n]}{r}$ , by Lemma 14, the probability that Algorithm 1 outputs a faulty sequence on the input $V_{1},\ldots,V_{t}$ and $\alpha_{1},\ldots,\alpha_{n}$ is at most $n^{r}\times((t-1)kq^{k-m})^{r}$ . If this doesn’t happen, by Lemma 13, $\ker(R_{G,\mathcal{V}}|_{X_{1}=\alpha_{1},\ldots,X_{n}=\alpha_{n}})\neq 0$ . $\hfill\blacktriangleleft$

5.2 Application to List Decoding

We are ready to prove our main results.

Theorem 23.

Let $\varepsilon\in(0,1),c>1$ and $n,k,m,\ell$ be positive integers with $k\leq n$ and $m\geq\frac{c\ell(\ell+1)n}{\varepsilon}$ . Then with probability at least $1-q^{-\Omega(n)}$ , a randomly punctured Gabidulin code $C\subseteq\mathbb{F}_{q^{m}}^{n}$ with rate $R:=\frac{k}{n}$ is $(\frac{\ell}{\ell+1}(1-R-\varepsilon),\ell)$ average-radius list decodable.

Proof.

Let $\lambda=\frac{\varepsilon}{R}=\frac{\varepsilon k}{n}$ . By Lemma 10, if $C$ with generator matrix $G$ is not $(\frac{\ell}{\ell+1}(1-R-\varepsilon),\ell)$ average-radius list decodable in the rank metric, then, there exist $t\in\{2,3,\dots,\ell+1\}$ and $\mathbb{F}_{q}$ -linear subspaces $V_{1},\ldots,V_{t}\subseteq\mathbb{F}_{q}^{n}$ such that

1.

$\ker(R_{G,\mathcal{V}_{[t]}})\neq 0$ .
2.

$\dim(\mathcal{V}_{[t]})\geq(1+\lambda)(t-1)k$
3.

$\dim(\mathcal{V}_{J})\leq(1+\lambda)(|J|-1)k$ for some non-empty set $J\subseteq[t]$ .

Choose $\alpha_{1},\ldots,\alpha_{n}\in\mathbb{F}_{q^{m}}$ uniformly at random. The probability that $\alpha_{1},\ldots,\alpha_{n}$ are $\mathbb{F}_{q}$ -linearly dependent is at most $nq^{(n-m)}=q^{-\Omega(n)}$ . Let $\bar{G}=(\alpha_{j}^{q^{i-1}})_{(i,j)\in[k]\times[n]}$ . To prove this theorem,it suffices to show that Items 1–3 simultaneously hold with probability at most $q^{-O(n^{2})}$ . We fix $t\in\{2,3,\ldots,\ell+1\}$ and $V_{1},\ldots,V_{t}\subseteq\mathbb{F}_{q}^{n}$ satisfying Item 2 and Item 3. Let $r=\lfloor\frac{\lambda k}{t-1}+1\rfloor\geq\frac{\lambda k}{t-1}=\frac{% \varepsilon n}{t-1}$ . Observe that $R_{\bar{G},\mathcal{V}_{[t]}}=R_{G,\mathcal{V}_{[t]}}|_{X_{1}=\alpha_{1},% \ldots,X_{n}=\alpha_{n}}$ where $G=(X_{j}^{q^{i-1}})_{(i,j)\in[k]\times[n]}$ . By Corollary 22, the probability that $\ker(R_{\bar{G},\mathcal{V}_{[t]}})\neq 0$ holds is at most $(\ell knq^{k-m})^{r}\leq(\ell knq^{k-m})^{\frac{\varepsilon n}{\ell}}$ , where we use the fact that $r\geq\frac{\varepsilon n}{\ell}$ . The number of $t$ -tuples $\mathcal{V}_{[t]}$ , where $t$ ranges over $\{2,\ldots,\ell+1\}$ , is bounded by $\sum_{t=2}^{\ell+1}(q^{n^{2}})^{t}\leq 2q^{(\ell+1)n^{2}}$ . By the union bound, the probability that Items 1–3 hold for some $t\in\{2,\ldots,\ell+1\}$ and $V_{1},\ldots,V_{t}\subseteq\mathbb{F}_{q}^{n}$ is at most $2q^{(\ell+1)n^{2}}\times(\ell knq^{k-m})^{\frac{\varepsilon n}{\ell}}+nq^{n-m}% =2(knq^{k+n\ell(\ell+1)/\varepsilon-m})^{\varepsilon n/\ell}+q^{-\Omega(n)}=q^% {-\Omega(n)}$ as $m\geq\frac{cn\ell(\ell+1)}{\varepsilon}$ for some $c>1$ . $\hfill\blacktriangleleft$

References

[1] Omar Alrabiah, Venkatesan Guruswami, and Ray Li. AG codes have no list-decoding friends: Approaching the generalized Singleton bound requires exponential alphabets. In Proceedings of the 2024 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pages 1367–1378. SIAM, 2024. doi:10.1137/1.9781611977912.55.
[2] Omar Alrabiah, Venkatesan Guruswami, and Ray Li. Randomly punctured Reed–Solomon codes achieve list-decoding capacity over linear-sized fields. In Proceedings of the 56th Annual ACM Symposium on Theory of Computing, pages 1458–1469, 2024. doi:10.1145/3618260.3649634.
[3] Hannes Bartz, Lukas Holzbaur, Hedongliang Liu, Sven Puchinger, Julian Renner, Antonia Wachter-Zeh, et al. Rank-metric codes and their applications. Foundations and Trends® in Communications and Information Theory, 19(3):390–546, 2022. doi:10.1561/0100000119.
[4] Joshua Brakensiek, Sivakanth Gopi, and Visu Makam. Lower bounds for maximally recoverable tensor codes and higher order MDS codes. IEEE Transactions on Information Theory, 68(11):7125–7140, 2022. doi:10.1109/TIT.2022.3187366.
[5] Philippe Delsarte. Bilinear forms over a finite field, with applications to coding theory. J. Comb. Theory, Ser. A, 25(3):226–241, 1978. doi:10.1016/0097-3165(78)90015-8.
[6] Michael A. Forbes and Venkatesan Guruswami. Dimension Expanders via Rank Condensers. In Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques (APPROX/RANDOM 2015), pages 800–814, 2015. doi:10.4230/LIPIcs.APPROX-RANDOM.2015.800.
[7] Michael A Forbes and Amir Shpilka. On identity testing of tensors, low-rank recovery and compressed sensing. In Proceedings of the forty-fourth annual ACM symposium on Theory of computing, pages 163–172, 2012. doi:10.1145/2213977.2213995.
[8] Ernst Gabidulin. Theory of codes with maximum rank distance (translation). Problems of Information Transmission, 21:1–12, January 1985.
[9] J. K. Gibson. Severely denting the Gabidulin version of the Mceliece public key cryptosystem. Designs, Codes and Cryptography, pages 37–45, 1995. doi:10.1007/BF01390769.
[10] J. K. Gibson. The security of the Gabidulin public-key cryptosystem. In Advances in Cryptology – EUROCRYPT’96, LNCS 1070,. Springer, 1996.
[11] Zeyu Guo, Ben Lee Volk, Akhil Jalan, and David Zuckerman. Extractors for images of varieties. In Proceedings of the 55th Annual ACM Symposium on Theory of Computing, pages 46–59, 2023. doi:10.1145/3564246.3585109.
[12] Zeyu Guo, Chaoping Xing, Chen Yuan, and Zihan Zhang. Random gabidulin codes achieve list decoding capacity in the rank metric. In 65th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2024, Chicago, IL, USA, October 27-30, 2024, pages 1846–1873. IEEE, 2024. doi:10.1109/FOCS61266.2024.00111.
[13] Zeyu Guo and Zihan Zhang. Randomly punctured Reed-Solomon codes achieve the list decoding capacity over polynomial-size alphabets. In 2023 IEEE 64th Annual Symposium on Foundations of Computer Science (FOCS), pages 164–176, 2023. doi:10.1109/FOCS57990.2023.00019.
[14] Venkatesan Guruswami, Nicolas Resch, and Chaoping Xing. Lossless dimension expanders via linearized polynomials and subspace designs. Comb., 41(4):545–579, 2021. doi:10.1007/s00493-020-4360-1.
[15] Venkatesan Guruswami, Carol Wang, and Chaoping Xing. Explicit list-decodable rank-metric and subspace codes via subspace designs. IEEE Trans. Inf. Theory, 62(5):2707–2718, 2016. doi:10.1109/TIT.2016.2544347.
[16] R. Koetter and F. R. Kschischang. Coding for errors and erasures in random network coding. In IEEE International Symposium on Information Theory (ISIT 2007), pages 791–795. IEEE, 2007. doi:10.1109/ISIT.2007.4557321.
[17] Ralf Koetter and Frank R. Kschischang. Coding for errors and erasures in random network coding. IEEE Trans. Inf. Theory, 54(8):3579–3591, 2008. doi:10.1109/TIT.2008.926449.
[18] Pierre Loidreau. Designing a rank metric based mceliece cryptosystem. In Post-Quantum Cryptography: Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25-28, 2010. Proceedings 3, pages 142–152. Springer, 2010. doi:10.1007/978-3-642-12929-2_11.
[19] Pierre Loidreau. A new rank metric codes based encryption scheme. In Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings 8, pages 3–17. Springer, 2017. doi:10.1007/978-3-319-59879-6_1.
[20] Hsiao-feng Lu and P Vijay Kumar. A unified construction of space-time codes with optimal rate-diversity tradeoff. IEEE Transactions on Information Theory, 51(5):1709–1730, 2005. doi:10.1109/TIT.2005.846403.
[21] Paul Lusina, Ernst Gabidulin, and Martin Bossert. Maximum rank distance codes as space-time codes. IEEE Transactions on Information Theory, 49(10):2757–2760, 2003. doi:10.1109/TIT.2003.818023.
[22] Netanel Raviv and Antonia Wachter-Zeh. Some Gabidulin codes cannot be list decoded efficiently at any radius. IEEE Transactions on Information Theory, 62(4):1605–1615, 2016. doi:10.1109/TIT.2016.2532343.
[23] Netanel Raviv and Antonia Wachter-Zeh. A correction to “some Gabidulin codes cannot be list decoded efficiently at any radius”. IEEE Transactions on Information Theory, 63(4):2623–2624, 2017. doi:10.1109/TIT.2017.2659766.
[24] Chong Shangguan and Itzhak Tamo. Combinatorial list-decoding of Reed-Solomon codes beyond the Johnson radius. In Proceedings of the 52nd Annual ACM SIGACT Symposium on Theory of Computing, pages 538–551, 2020. doi:10.1145/3357713.3384295.
[25] D. Silva and F. R. Kschischang. Fast encoding and decoding of Gabidulin codes. In IEEE International Symposium on Information Theory (ISIT 2009). IEEE, 2009.
[26] D. Silva, F.R. Kschischang, and R. Koetter. A rank-metric approach to error control in random network coding. IEEE Transactions on Information Theory, 54(9):3951–3967, 2008. doi:10.1109/TIT.2008.928291.

Appendix A Field Size Lower Bound for Capacity-Achieving Rank-Metric Codes

We prove a lower bound on the field size of capacity achieving rank-metric codes by adapting the argument in [1]. We first prove a lower bound for rank-metric codes with large distance in Theorem 24. Then, we remove this distance requirement in Corollary 25.

Theorem 24.

Let $\ell\geq 2$ . For any $r\in[0,1]$ , any rank-metric code $C\subseteq\mathbb{F}_{q^{m}}^{n}$ of rate $R$ and minimum distance at least $(1-R-\varepsilon)n+1$ that is $\left(\frac{\ell\left(1-R-\varepsilon\right)}{\ell+1},\ell\right)$ -avearge-radius list decodable must have $m=\Omega(\frac{Rn}{\varepsilon})$ .

Proof.

Fix a subspace $V_{0}\subseteq\mathbb{F}_{q}^{n}$ of dimension $b:=4\varepsilon n$ . Choose a subspace $\overline{V}_{0}$ such that $V_{0}\oplus\overline{V}_{0}=\mathbb{F}_{q}^{n}$ . Let $\alpha=R-\varepsilon$ and $\beta=R+\varepsilon$ . Let $\mathcal{F}$ be the collection of subspaces $V\subseteq\overline{V}_{0}$ of dimension $\alpha n$ such that for any pair of vector spaces $V_{1},V_{2}\in\mathcal{F}_{1}$ , $\dim(V_{1}+V_{2})\geq\beta n$ . By Corollary 8, the size of $\mathcal{F}$ can be at least $q^{\Omega((\alpha-\alpha^{2}-4\varepsilon-o(1))n^{2})}$ . It suffices to prove that $\ell q^{bm}\geq|\mathcal{F}|/2$ , as this would imply $m=\Omega(\frac{Rn}{\varepsilon})$ .

Assume to the contrary that $\ell q^{bm}<|\mathcal{F}|/2$ . Let $M$ be uniformly distributed from $C$ . For a fixed subspace $V\in\mathcal{F}$ , let $A\in\mathbb{F}_{q}^{n\times\alpha n}$ such that $\langle A\rangle=V$ . Let $E_{V}$ be the event that there exists a codeword $M_{1}\in C$ different from $M$ such that $MA=M_{1}A$ , i.e., $(M-M_{1})A=0$ . If $E_{V}$ does not hold, then $M$ is uniquely determined by $MA\in\mathbb{F}_{q}^{m\times{\alpha n}}$ . As the number of possible values of $M A$ is at most $q^{\alpha nm}$ and $|C|=q^{Rmn}$ , we have

\Pr[\lnot E_{V}]\leq\frac{q^{\alpha mn}}{q^{Rmn}}=q^{-\varepsilon Rmn}.

Therefore, over random $M\in C$ , the expected number of $V\in\mathcal{F}$ such that $E_{V}$ happens is $\sum_{V\in\mathcal{F}}(1-\Pr[\lnot E_{V}])\geq|\mathcal{F}|/2$ . Then, we can fix a codeword $M\in C$ such that the size of the set

\mathcal{F}_{M}:=\{V\in\mathcal{F}:E_{V}\text{ happens}\}

is at least $|\mathcal{F}|/2$ .

Let $A_{0}\in\mathbb{F}_{q}^{n\times b}$ such that $\langle A_{0}\rangle=V_{0}$ . By the definition of $\mathcal{F}_{M}$ , for each $V\in\mathcal{F}_{M}$ , there exists a codeword $M_{V}\neq M$ such that the kernel subspace of $M-M_{V}$ contains $V$ . Since $M_{V}A_{0}\in\mathbb{F}_{q}^{m\times b}$ for any codeword $M_{V}$ and $\ell q^{bm}<|\mathcal{F}|/2\leq|\mathcal{F}_{M}|$ , by the pigeonhole principle, there exists distinct $V_{1},\ldots,V_{\ell}\in\mathcal{F}_{M}$ such that $M_{V_{1}}A_{0}=\dots=M_{V_{\ell}}A_{0}$ . Moreover, by the definition of $\mathcal{F}_{M}$ , for $i=1,\dots,\ell$ , there exists $A_{i}\in\mathbb{F}_{q}^{n\times\alpha n}$ with $\langle A_{i}\rangle=V_{i}$ such that $(M-M_{V_{i}})A_{i}=0$ .

Assume $M_{V_{i}}=M_{V_{j}}$ for some $i\neq j$ . Then $(M-M_{V_{i}})A_{i}=0$ and $(M-M_{V_{i}})A_{j}=0$ . Let $A\in\mathbb{F}_{q}^{n\times\dim(V_{i}+V_{j})}$ such that $\langle A\rangle=V_{i}+V_{j}$ . As the columns of $A$ are in $V_{i}+V_{j}=\langle A_{i}\rangle+\langle A_{j}\rangle$ , we have $(M-M_{V_{i}})A=0$ , i.e., $V_{i}+V_{j}$ is contained in the kernel subspace of $M-M_{V_{i}}$ . Since $M$ and $M_{V_{i}}$ are in code $C$ of minimum distance at least $(1-R-\varepsilon)n+1$ , we have $\mathrm{rank}(M-M_{V_{i}})\geq(1-R-\varepsilon)n+1$ . This implies that the kernel subspace of $M-M_{V_{i}}$ is at most $(R+\varepsilon)n-1$ . So $\dim(V_{i}+V_{j})\leq(R+\varepsilon)n-1$ . However, as $V_{i},V_{j}\in\mathcal{F}$ and thus $\dim(V_{i}+V_{j})\geq\beta n=(R+\varepsilon)n$ , which yields a contradiction. Thus, we conclude that $M_{V_{1}},\ldots,M_{V_{\ell}}$ are all distinct.

Since $\overline{V}_{0}\cap V_{0}=\{0\}$ , there exists $B_{0}\in\mathbb{F}_{q}^{n\times(n-b)}$ such that $\langle B_{0}\rangle=\overline{V}_{0}$ and $\begin{pmatrix}A_{0}&B_{0}\end{pmatrix}\in\mathbb{F}_{q}^{n\times n}$ has full rank. Let $Y\in\mathbb{F}_{q}^{m\times n}$ such that $(M_{V_{1}}-Y)A_{0}=\cdots=(M_{V_{\ell}}-Y)A_{0}=0$ and $(M-Y)B_{0}=0$ . This can be achieved by choosing $Y=\begin{pmatrix}M_{V_{1}}A_{0}&MB_{0}\end{pmatrix}\begin{pmatrix}A_{0}&B_{0}% \end{pmatrix}^{-1}$ .

For $i\in[\ell]$ , we have $(M-Y)A_{i}=0$ since $\langle A_{i}\rangle=V_{i}$ , $V_{i}\subseteq\overline{V}_{0}$ , $\overline{V}_{0}=\langle B_{0}\rangle$ , and $(M-Y)B_{0}=0$ . And for $i\in[\ell]$ , we know $(M-M_{V_{i}})A_{i}=0$ , which implies

(M_{V_{i}}-Y)A_{i}=(M_{V_{i}}-M)A_{i}+(M-Y)A_{i}=0\quad\text{and}\quad(M_{V_{i% }}-Y)A_{0}=0.

Since $V_{0}\cap\langle V_{i}\rangle\subseteq V_{0}\cap\overline{V}_{0}=\{0\}$ for $i\in[\ell]$ , we have $\dim(V_{0}+V_{i})=\dim V_{0}+\dim V_{i}=b+\alpha n$ and hence

\mathrm{rank}(M_{V_{i}}-Y)\leq n-(b+\alpha n)\leq(1-R-3\varepsilon)n,

as $b=4\varepsilon n$ . As $(M-Y)B_{0}=0$ , we have $\mathrm{rank}(M-Y)\leq n-\dim(\overline{V}_{0})=b=4\varepsilon n$ . It follows that

\mathrm{rank}(M-Y)+\sum_{i=1}^{\ell}\mathrm{rank}(M_{V_{i}}-Y)\leq 4% \varepsilon n+\ell(1-R-3\varepsilon)\leq\ell(1-R-\varepsilon)n.

as $\ell\geq 2$ . This contradicts the claim that $C$ is $\left(\frac{\ell\left(1-R-\varepsilon\right)}{\ell+1},\ell\right)$ -avearge-radius list decodable. $\hfill\blacktriangleleft$

We now show how to remove the minimum distance requirement in Theorem 24.

Corollary 25.

Let $\ell\geq 2$ . For any $r\in[0,1]$ , any rank-metric code $C\subseteq\mathbb{F}_{q^{m}}^{n}$ of rate $R$ that is $\left(\frac{\ell\left(1-R-\varepsilon\right)}{\ell+1},\ell\right)$ -avearge-radius list decodable must have $m=\Omega(\frac{Rn}{\varepsilon})$ .

Proof.

Compared to Theorem 24, this statement only remove the minimum distance requirement. Thus, if we find a subcode of $C$ with minimum distance $(1-R-\varepsilon)$ and the same rate $R$ , then we can apply the argument in Theorem 24 directly to obtain the desired result. To achieve this goal, we prove the claim that for any $M\in C$ , there are at most $\ell-1$ codewords $T_{1},\ldots,T_{\ell-1}$ in $C$ that is within minimum distance at most $(1-R-\varepsilon)n$ from $M_{1}$ . Assume not and we find $T_{1},\ldots,T_{\ell}$ such that $\mathrm{rank}(M-T_{i})\leq(1-R-\varepsilon)n$ . Let $M$ be the center and we claim that

\mathrm{rank}(M-M)+\sum_{i=1}^{\ell}\mathrm{rank}(M-T_{i})\leq\ell(1-R-% \varepsilon).

Thus, $C$ is not $\left(\frac{\ell\left(1-R-\varepsilon\right)}{\ell+1},\ell\right)$ -avearge-radius list decodable code and a contradiction happens. Therefore, we can find a subcode $C_{1}\subseteq C$ of size at least $\frac{|C|}{\ell}$ such that the minimum distance of $C_{1}$ is at least $(1-R-\varepsilon)n$ . We can apply the same argument in Theorem 24 to obtain the desired result. $\hfill\blacktriangleleft$

Appendix B Proof of Theorem 19

Proof.

For $i\in[t]$ , let $A_{i}\subseteq\mathbb{F}_{q}^{n\times\dim V_{i}}$ such that $\langle A_{i}\rangle=V_{i}$ . By Lemma 2, there exist full-rank matrices $B_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i}^{\perp})}$ , $C_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i})}$ , and $D_{i}\in\mathbb{F}_{q}^{n\times\dim(V_{i}^{\perp})}$ such that $C_{i}A_{i}^{\top}+D_{i}B_{i}^{\top}=I_{n}$ and $\langle D_{i}\rangle=V_{i}^{\perp}$ . Define the linear map $\phi$ such that it sends a row vector $\bm{v}:=(\bm{y},\bm{x}_{2},\cdots,\bm{x}_{t})\in\ker(R_{G,\mathcal{V}_{[t]}})$ to

\phi(\bm{y},\bm{x}_{2},\cdots,\bm{x}_{t})=\bigg(-\bm{y}B_{1},(\bm{y}-\bm{x}_{2% }G)B_{2},\ldots,(\bm{y}-\bm{x}_{t}G)B_{t}\bigg).

Since $B_{i}$ is an $n\times(n-\dim(V_{i}))$ matrix over $\mathbb{F}_{q}$ , $\phi(\bm{v})$ is a vector of length $\sum_{i=1}^{t}(n-\dim(V_{i}))$ which is exactly the number of columns of $M_{H,{\mathcal{V}^{\perp}_{[t]}}}$ . Next, we show that $\phi(\bm{v})$ belongs to $\ker(M_{H,{\mathcal{V}^{\perp}_{[t]}}})$ . To see this, we observe that $H\bm{y}^{\top}=H(\bm{y}-\bm{x}_{2}G)^{\top}=\cdots=H(\bm{y}-\bm{x}_{t}G)^{\top}$ . Also,

H\bm{y}^{\top}=H\begin{pmatrix}C_{1}&D_{1}\end{pmatrix}\begin{pmatrix}A_{1}^{% \top}\\ B_{1}^{\top}\end{pmatrix}\bm{y}^{\top}=H\begin{pmatrix}C_{1}&D_{1}\end{pmatrix% }\begin{pmatrix}0\\ B_{1}^{\top}\bm{y}^{\top}\end{pmatrix}=HD_{1}B_{1}^{\top}\bm{y}^{\top}

and

	$\displaystyle H(\bm{y}-\bm{x}_{i}G)^{\top}=H\begin{pmatrix}C_{i}&D_{i}\end{% pmatrix}\begin{pmatrix}A_{i}^{\top}\\ B_{i}^{\top}\end{pmatrix}(\bm{y}-\bm{x}_{i}G)^{\top}$	$\displaystyle=H\begin{pmatrix}C_{i}&D_{i}\end{pmatrix}\begin{pmatrix}0\\ B_{i}^{\top}(\bm{y}-\bm{x}_{i}G)^{\top}\end{pmatrix}$
		$\displaystyle=HD_{i}B_{i}^{\top}(\bm{y}-\bm{x}_{i}G)^{\top}.$

This implies that $HD_{1}B_{1}^{\top}\bm{y}^{\top}=HD_{i}B_{i}^{\top}(\bm{y}-\bm{x}_{i}G)^{\top}$ for $i=2,\dots,t$ , and thus $\phi(\bm{v})$ belongs to $\ker(M_{H,{\mathcal{V}^{\perp}_{[t]}}})$ .

It remains to show that $\phi$ is an injection. It suffices to show that $\phi(\bm{v})=0$ implies $\bm{v}=0$ as $\phi$ is a linear map. As $y^{\top}=\begin{pmatrix}C_{1}&D_{1}\end{pmatrix}\begin{pmatrix}A_{1}^{\top}\\ B_{1}^{\top}\end{pmatrix}\bm{y}^{\top}=\begin{pmatrix}C_{1}&D_{1}\end{pmatrix}% \begin{pmatrix}0\\ B_{1}^{\top}\bm{y}^{\top}\end{pmatrix}$ , we know that $\bm{y}B_{1}=0$ implies $\bm{y}=0$ . Similarly, as $(\bm{y}-\bm{x}_{i}G)^{\top}=\begin{pmatrix}C_{i}&D_{i}\end{pmatrix}\begin{% pmatrix}A_{i}^{\top}\\ B_{i}^{\top}\end{pmatrix}(\bm{y}-\bm{x}_{i}G)^{\top}=\begin{pmatrix}C_{i}&D_{i% }\end{pmatrix}\begin{pmatrix}0\\ B_{i}^{\top}(\bm{y}-\bm{x}_{i}G)^{\top}\end{pmatrix}$ , we know that $(\bm{y}-\bm{x}_{i}G)B_{i}=0$ implies $\bm{y}-\bm{x}_{i}G=0$ for $i=2,\dots,t$ . So $\phi(\bm{v})=0$ implies $\bm{v}=0$ . $\hfill\blacktriangleleft$

Appendix C Proof of Theorem 20

Proof.

Let $n^{\prime}=\dim(V)$ . Let $A\subseteq\mathbb{F}_{q}^{n\times n^{\prime}}$ such that $\langle A\rangle=V$ . Let $\mathcal{U}_{[t]}=(U_{1},\ldots,U_{t})\subseteq(\mathbb{F}_{q}^{n^{\prime}})^{t}$ be given in Lemma 11 and we have $\dim(U_{i})=\dim(V_{i}\cap V)$ . Note that

\dim(\mathcal{U}_{[t]})=\sum_{i\in[t]}\dim(U_{i})-\dim(\sum_{i=1}^{t}U_{i})% \geq\dim(\mathcal{V}_{[t]})-(n-\dim(V))(t-1)\geq(1+\lambda)(t-1)k-\lambda k

(13)

and

\dim(\mathcal{U}_{J})\leq\dim(\mathcal{V}_{J})\leq(1+\lambda)(|J|-1)k

(14)

for any nonempty set $J\subseteq[t]$ .

By Lemma 11, to prove $\ker(R_{G,\mathcal{V}_{[t]}}^{V})=0$ , it suffices to show that $\ker(R_{G_{1},\mathcal{U}_{[t]}})=0$ for $G_{1}=GA$ . Here $GA=(Z_{j}^{q^{i-1}})_{[k]\times[n^{\prime}]}$ is also a generator matrix of a symbolic Gabidulin code $C$ by letting $(Z_{1},\ldots,Z_{n^{\prime}})=(X_{1},\ldots,X_{n})A$ . Moreover, by replacing $\mathbb{F}_{q}^{n^{\prime}}$ with $V^{\prime}:=\sum_{i=1}^{t}U_{i}$ and identifying view $U_{i}$ as a subspace of $V^{\prime}$ , we may assume $\sum_{i=1}^{t}U_{i}=\mathbb{F}_{q}^{n^{\prime}}$ .

It follows from (13) and (14) that $\dim(U_{i})\geq\dim(\mathcal{U}_{[t]})-\dim(\mathcal{U}_{[t]/\{i\}})\geq k$ . So $\dim(U^{\perp}_{i})\leq n^{\prime}-k$ . Let $H_{1}$ be the parity-check matrix of $C$ , i.e., $G_{1}H_{1}^{\top}=0$ . Define ${\mathcal{U}^{\perp}_{[t]}}=(U_{1}^{\perp},\ldots,U_{t}^{\perp})$ . Then, by Definition 18, we have

M_{H_{1},{\mathcal{U}^{\perp}_{[t]}}}=\left(\begin{array}[]{c|c|c|c|c}H_{1}D_{% 1}&H_{1}D_{2}&0&\cdots&0\\ H_{1}D_{1}&0&H_{1}D_{3}&\cdots&0\\ \vdots&\vdots&\vdots&\ddots&\vdots\\ H_{1}D_{1}&0&0&\cdots&H_{1}D_{t}\end{array}\right)

(15)

where $D_{i}\subseteq\mathbb{F}_{q}^{n^{\prime}\times\dim(U_{i}^{\perp})}$ with $\langle D_{i}\rangle=U_{i}^{\perp}$ . By Theorem 16, we have

\dim(\bigcap_{i=1}^{t}\langle H_{1}D_{i}\rangle)=\max_{P_{1}\sqcup\cdots\sqcup P% _{s}=[t]}\bigg(\sum_{i=1}^{s}\dim(\bigcap_{j\in P_{i}}U_{j}^{\perp})-(s-1)(n^{% \prime}-k)\bigg).

(16)

We proceed to compute the RHS of (16). For $s=1$ and $P_{1}=[t]$ , as $\sum_{i\in[t]}U_{i}=\mathbb{F}_{q}^{n^{\prime}}$ , we conclude

\bigcap_{j\in[t]}U_{i}^{\perp}\stackrel{{\scriptstyle\eqref{eq:dualspace}}}{{=% }}(\sum_{i\in[t]}U_{i})^{\perp}=0.

(17)

For $s\geq 2$ and nonempty sets $P_{1},\ldots,P_{s}$ that forms a partition of $[t]$ , we have

		$\displaystyle\sum_{i=1}^{s}\dim(\bigcap_{j\in P_{i}}U_{j})\stackrel{{% \scriptstyle\eqref{eq:dualspace}}}{{=}}\sum_{i=1}^{s}\bigg(n^{\prime}-\dim(% \sum_{j\in P_{i}}U_{j}^{\perp})\bigg)=sn^{\prime}+\sum_{i=1}^{s}\dim(\mathcal{% U}_{P_{i}})-\sum_{i=1}^{s}\sum_{j\in P_{i}}\dim(U_{j})$		(18)
		$\displaystyle\stackrel{{\scriptstyle\eqref{eq:lower}}}{{\leq}}sn^{\prime}+(% \lambda+1)\sum_{i=1}^{s}(\|P_{i}\|-1)k-\sum_{j=1}^{t}\dim(U_{j})=sn^{\prime}+(% \lambda+1)k(t-s)-\dim(\mathcal{U}_{[t]})-n^{\prime}$
		$\displaystyle\stackrel{{\scriptstyle\eqref{eq:upper}}}{{\leq}}sn^{\prime}+(% \lambda+1)k(t-s)-(1+\lambda)(t-1)k+\lambda k-n^{\prime}\leq(s-1)(n^{\prime}-k).$

Combining (16), (17), and (18), we conclude that $\bigcap_{i=1}^{t}\langle H_{1}D_{i}\rangle=0$ . Now, by Lemma 9, this implies

\mathrm{rank}(M_{H,{\mathcal{V}^{\perp}_{[t]}}})=\sum_{i=1}^{t}\dim(\langle HD% _{i}\rangle)-\dim(\bigcap_{i=1}^{t}\langle H_{1}D_{i}\rangle)=\sum_{i=1}^{t}% \dim(\langle HD_{i}\rangle)=\sum_{i=1}^{t}\mathrm{rank}(D_{i})

The last equality holds since by Lemma 8, the rank of $HD_{i}$ equals $\mathrm{rank}(D_{i})$ , as $D_{i}\subseteq\mathbb{F}_{q}^{n^{\prime}\times\dim(U_{i}^{\perp})}$ is of full rank and $\dim(U_{i}^{\perp})=n^{\prime}-\dim(U_{i})\leq n^{\prime}-k$ . Since the number of columns in $M_{H,{\mathcal{V}^{\perp}_{[t]}}}$ is $\sum_{i=1}^{t}\mathrm{rank}(D_{i})$ which is equal to its rank, the only solution in $\ker(M_{H,{\mathcal{V}^{\perp}_{[t]}}})$ is $0$ . The proof is completed. $\hfill\blacktriangleleft$

[bib.bib1] [1] Omar Alrabiah, Venkatesan Guruswami, and Ray Li. AG codes have no list-decoding friends: Approaching the generalized Singleton bound requires exponential alphabets. In Proceedings of the 2024 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pages 1367–1378. SIAM, 2024. doi:10.1137/1.9781611977912.55.

[bib.bib2] [2] Omar Alrabiah, Venkatesan Guruswami, and Ray Li. Randomly punctured Reed–Solomon codes achieve list-decoding capacity over linear-sized fields. In Proceedings of the 56th Annual ACM Symposium on Theory of Computing, pages 1458–1469, 2024. doi:10.1145/3618260.3649634.

[bib.bib3] [3] Hannes Bartz, Lukas Holzbaur, Hedongliang Liu, Sven Puchinger, Julian Renner, Antonia Wachter-Zeh, et al. Rank-metric codes and their applications. Foundations and Trends® in Communications and Information Theory, 19(3):390–546, 2022. doi:10.1561/0100000119.

[bib.bib4] [4] Joshua Brakensiek, Sivakanth Gopi, and Visu Makam. Lower bounds for maximally recoverable tensor codes and higher order MDS codes. IEEE Transactions on Information Theory, 68(11):7125–7140, 2022. doi:10.1109/TIT.2022.3187366.

[bib.bib5] [5] Philippe Delsarte. Bilinear forms over a finite field, with applications to coding theory. J. Comb. Theory, Ser. A, 25(3):226–241, 1978. doi:10.1016/0097-3165(78)90015-8.

[bib.bib6] [6] Michael A. Forbes and Venkatesan Guruswami. Dimension Expanders via Rank Condensers. In Approximation, Randomization, and Combinatorial Optimization. Algorithms and Techniques (APPROX/RANDOM 2015), pages 800–814, 2015. doi:10.4230/LIPIcs.APPROX-RANDOM.2015.800.

[bib.bib7] [7] Michael A Forbes and Amir Shpilka. On identity testing of tensors, low-rank recovery and compressed sensing. In Proceedings of the forty-fourth annual ACM symposium on Theory of computing, pages 163–172, 2012. doi:10.1145/2213977.2213995.

[bib.bib8] [8] Ernst Gabidulin. Theory of codes with maximum rank distance (translation). Problems of Information Transmission, 21:1–12, January 1985.

[bib.bib9] [9] J. K. Gibson. Severely denting the Gabidulin version of the Mceliece public key cryptosystem. Designs, Codes and Cryptography, pages 37–45, 1995. doi:10.1007/BF01390769.

[bib.bib10] [10] J. K. Gibson. The security of the Gabidulin public-key cryptosystem. In Advances in Cryptology – EUROCRYPT’96, LNCS 1070,. Springer, 1996.

[bib.bib11] [11] Zeyu Guo, Ben Lee Volk, Akhil Jalan, and David Zuckerman. Extractors for images of varieties. In Proceedings of the 55th Annual ACM Symposium on Theory of Computing, pages 46–59, 2023. doi:10.1145/3564246.3585109.

[bib.bib12] [12] Zeyu Guo, Chaoping Xing, Chen Yuan, and Zihan Zhang. Random gabidulin codes achieve list decoding capacity in the rank metric. In 65th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2024, Chicago, IL, USA, October 27-30, 2024, pages 1846–1873. IEEE, 2024. doi:10.1109/FOCS61266.2024.00111.

[bib.bib13] [13] Zeyu Guo and Zihan Zhang. Randomly punctured Reed-Solomon codes achieve the list decoding capacity over polynomial-size alphabets. In 2023 IEEE 64th Annual Symposium on Foundations of Computer Science (FOCS), pages 164–176, 2023. doi:10.1109/FOCS57990.2023.00019.

[bib.bib14] [14] Venkatesan Guruswami, Nicolas Resch, and Chaoping Xing. Lossless dimension expanders via linearized polynomials and subspace designs. Comb., 41(4):545–579, 2021. doi:10.1007/s00493-020-4360-1.

[bib.bib15] [15] Venkatesan Guruswami, Carol Wang, and Chaoping Xing. Explicit list-decodable rank-metric and subspace codes via subspace designs. IEEE Trans. Inf. Theory, 62(5):2707–2718, 2016. doi:10.1109/TIT.2016.2544347.

[bib.bib16] [16] R. Koetter and F. R. Kschischang. Coding for errors and erasures in random network coding. In IEEE International Symposium on Information Theory (ISIT 2007), pages 791–795. IEEE, 2007. doi:10.1109/ISIT.2007.4557321.

[bib.bib17] [17] Ralf Koetter and Frank R. Kschischang. Coding for errors and erasures in random network coding. IEEE Trans. Inf. Theory, 54(8):3579–3591, 2008. doi:10.1109/TIT.2008.926449.

[bib.bib18] [18] Pierre Loidreau. Designing a rank metric based mceliece cryptosystem. In Post-Quantum Cryptography: Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25-28, 2010. Proceedings 3, pages 142–152. Springer, 2010. doi:10.1007/978-3-642-12929-2_11.

[bib.bib19] [19] Pierre Loidreau. A new rank metric codes based encryption scheme. In Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings 8, pages 3–17. Springer, 2017. doi:10.1007/978-3-319-59879-6_1.

[bib.bib20] [20] Hsiao-feng Lu and P Vijay Kumar. A unified construction of space-time codes with optimal rate-diversity tradeoff. IEEE Transactions on Information Theory, 51(5):1709–1730, 2005. doi:10.1109/TIT.2005.846403.

[bib.bib21] [21] Paul Lusina, Ernst Gabidulin, and Martin Bossert. Maximum rank distance codes as space-time codes. IEEE Transactions on Information Theory, 49(10):2757–2760, 2003. doi:10.1109/TIT.2003.818023.

[bib.bib22] [22] Netanel Raviv and Antonia Wachter-Zeh. Some Gabidulin codes cannot be list decoded efficiently at any radius. IEEE Transactions on Information Theory, 62(4):1605–1615, 2016. doi:10.1109/TIT.2016.2532343.

[bib.bib23] [23] Netanel Raviv and Antonia Wachter-Zeh. A correction to “some Gabidulin codes cannot be list decoded efficiently at any radius”. IEEE Transactions on Information Theory, 63(4):2623–2624, 2017. doi:10.1109/TIT.2017.2659766.

[bib.bib24] [24] Chong Shangguan and Itzhak Tamo. Combinatorial list-decoding of Reed-Solomon codes beyond the Johnson radius. In Proceedings of the 52nd Annual ACM SIGACT Symposium on Theory of Computing, pages 538–551, 2020. doi:10.1145/3357713.3384295.

[bib.bib25] [25] D. Silva and F. R. Kschischang. Fast encoding and decoding of Gabidulin codes. In IEEE International Symposium on Information Theory (ISIT 2009). IEEE, 2009.

[bib.bib26] [26] D. Silva, F.R. Kschischang, and R. Koetter. A rank-metric approach to error control in random network coding. IEEE Transactions on Information Theory, 54(9):3951–3967, 2008. doi:10.1109/TIT.2008.928291.

Gabidulin Codes Achieve List Decoding Capacity with an Order-Optimal Column-To-Row Ratio

Abstract

Keywords and phrases:

Category:

Funding:

Copyright and License:

2012 ACM Subject Classification:

Acknowledgements:

DOI:

Event:

Editors:

Series and Publisher:

1 Introduction

Open Problem 1.

1.1 Main Results

Definition 2 (Average-radius list decodability).

Lemma 1 (Generalized Singleton bound for rank-metric codes [12, Lemma 2.1]).

Theorem 3 ([12, Lemma 1.3]).

Theorem 4.

Theorem 5.

1.2 Proof Overview

▶ Remark.

2 Preliminaries

2.1 Vector Spaces

Definition 6 (Dual space).

Linear codes

Definition 7 (Dimension of a collection of vector spaces).

Lemma 2.

Lemma 3.

Lemma 4.

Lemma 5.

Proof.

Corollary 8.

Proof.

2.2 Rank-Metric Codes

Linear rank-metric codes over a general field 𝔽/𝔽𝒒

Definition 9 (𝔽q-rank).

Definition 10 (Kernel subspace).

Lemma 6.

Proof.

Definition 11 (Linear rank-metric code).

Theorem 12 (Singleton bound).

Proof.

Lemma 7 ([12, Lemma 2.11]).

Lemma 8.

Proof.

Gabidulin codes

Definition 13 (Gabidulin code over 𝔽).

Theorem 14 (Duality of Gabidulin codes).

Proof of Theorem 14.

Definition 15 (Symbolic Gabidulin code).

2.3 Known Results on the List Decoding of Gabidulin Codes

Theorem 16 (Implicit in Theorem 1.16, [12]).

Lemma 9 (Lemma 6.1, [12]).

3 Characterization of the List Decodable Property

Lemma 10.

Proof.

Definition 17 (Reduced Matrix).

Lemma 11.

Proof.

4 Connection to the Parity-Check Matrix

Definition 18.

Theorem 19.

Theorem 20.

5 Random Assignment to Achieve the Capacity

5.1 Random Puncturing

Lemma 12.

Proof.

Definition 21 (Faulty index).

Lemma 13.

Proof.

Lemma 14.

Proof.

Corollary 22.

Proof.

5.2 Application to List Decoding

Theorem 23.

Proof.

References

Appendix A Field Size Lower Bound for Capacity-Achieving Rank-Metric Codes

$\blacktriangleright$ Remark.

Linear rank-metric codes over a general field $\mathbb{F}/\mathbb{F}_{q}$

Definition 9 ( $\mathbb{F}_{q}$ -rank).

Definition 13 (Gabidulin code over $\mathbb{F}$ ).