A Rank-Metric Approach to Error Control in Random Network Coding

A Rank-Metric Approach to Error Control i n Random Netw ork Coding Danilo Silva, Student Member , IEEE, Frank R. Kschischang, F ellow , IEEE, and Ralf K ¨ otter , Senior Member , IEEE Abstract The problem of error con trol in ran dom lin ear network co ding is addressed from a m atrix p erspective that is closely related to th e subspace per spectiv e of K ¨ otter and Kschisch ang. A large class o f co nstant- dimension subspace co des is investigated. It is shown th at cod es in this cla ss can be easily construc ted from rank-metric codes, while pr eserving their distance p roperties. Moreover , it is shown th at min imum distance decod ing of such subspace codes can be ref ormulated as a gener alized decoding problem for rank-m etric codes where p artial inform ation about the error is av ailable. This pa rtial info rmation may be in th e fo rm of era sures ( knowledge of an error locatio n b ut no t its value) an d d eviations (kn owledge of an er ror value but not its loc ation). T aking erasures and deviations into account (when they occu r) strictly increases the error correc tion cap ability of a code: if µ er asures and δ deviations occ ur , then errors of ran k t can always be corr ected p rovided that 2 t ≤ d − 1 + µ + δ , wh ere d is th e minimu m ra nk distance of the code . For Gabidu lin cod es, an importan t family of maximu m rank d istance codes, an efficient decod ing algo rithm is p roposed that can pr operly exploit erasure s and deviations. I n a network coding app lication where n p ackets of length M over F q are transmitted, th e com plexity o f the decod ing algorithm is given by O ( dM ) o peration s in an extension field F q n . Index T erms Constant-dime nsion cod es, error correctio n, lin earized polyno mials, r andom network coding , ran k- metric codes. This work was supported by CAPES Founda tion, Brazil, and by the Nat ural Sciences and Engineering Research Council of Canada. The material in this paper was presented in part at the IEE E I nternational Symposium on Information Theory , Nice, France, June 2007 and at the IEEE Information Theory W ork shop, Bergen, Norway , July 2007. D. Silv a and F . R. Kschischang are with The Edward S. Rogers Sr . Department of Electrical and Compu ter Engineering, Univ ersity of T oronto, T oronto, ON M5S 3G4, Canada (e-mail: danilo@comm.utoronto.ca, frank@comm .utoronto.ca). R. K ¨ otter is with the Institute f or Communications Engineering, T echnical University of Munich, D-80333 Munich, Germany (e-mail: ralf.koetter@tum.de). 2 I . I N T RO D U C T I O N While ran dom linear network coding [1]–[3] is an effecti ve te chnique for information disse mination in communic ation networks, it is highly susceptible to errors. Th e insertion of even a single corrupt packet has the potential, when linearly combine d with legitimate pac kets, to affect all pa ckets gathered by an information receiv er . The prob lem of error control in random network coding is the refore of grea t interest. In this pa per , we focus on end-to-end error control coding, whe re only the source a nd d estination nodes apply error control te chniques . Internal ne twork nod es are assumed to be u naware of the presence of an outer c ode; they simply create ou tgoing pac kets as rand om linear c ombinations of incoming p ackets in the us ual manne r of ran dom network c oding. In addition, we ass ume that the source a nd d estination node s have no knowledge—or at leas t make no ef fort to exploit k nowledge—of the top ology of the ne twork or of the particular network code us ed in the n etwork. This is in contrast to the pioneering ap proaches [4]–[6], which have considered the design of a ne twork cod e as part of the error con trol prob lem. In the basic transmission model for e nd-to-end coding, the s ource node produces n pa ckets, which are length- M vectors in a finite fie ld F q , and the receiver gathers N packets. Additive packet errors may occur in any of the links. Th e chan nel equa tion is given by Y = AX + B Z , where X , Y and Z are matrices whos e rows represent the trans mitted, received an d (possibly) co rrupting packets, respec ti vely , and A and B are the (unknown) co rresponding trans fer matrices induced b y linear network c oding. There have been three pre vious quite dif ferent approa ches to reliable c ommunication unde r this mod el. In [7], Zhang c haracterizes the error correction cap ability of a network c ode u nder a brute-force dec oding algorithm. He shows that n etwork code s with good error -correcting properties exist if the field size is sufficiently lar ge. His approach can be applied to ran dom network c oding if an extended header is included in eac h p acket in order to allow for the matrix B (as well as A ) to b e estimated at a sink no de. A drawback of this approa ch is that the extende d hea der has size equal to the number of network edges, which may incur excessive overhead. In addition, no ef ficient decoding algorithm is provided for errors occurring according to an adversarial model. Jaggi et al. [8] p ropose a dif ferent approach specific ally targeted to combat Byzan tine a dversaries. They provide rate-optimal end-to-end codes tha t do not rely on the s pecific ne twork code us ed and that can be decod ed in po lynomial time. Howe ver , the ir approa ch is b ased o n probabilistic arguments tha t require both the field size and the pac ket len gth to be s uf ficiently lar ge. In contrast, K ¨ otter an d Ks chischan g [9] take a more combinatorial approa ch to the problem, which 3 provides correction guarantees against ad versarial errors and c an be us ed with any g i ven field and packet size. The ir key observation is that, un der the unknown linear transformation applied by random n etwork coding, the only property of the matrix X tha t is preserved is its row s pace. Th us, information sh ould be encoded in the choice of a subspa ce rather than a spec ific ma trix. The receiv er obs erves a subs pace, giv en by the ro w spac e of Y , wh ich may be dif ferent from the transmitted sp ace when pac ket e rrors occur . A metric is propose d to ac count for the d iscrepancy b etween transmitted and recei ved spac es, a nd a new coding theory based on this metric is d ev eloped. In particular , ne arly-optimal Reed-Solomon-like codes are proposed that can be de coded in O ( nM ) operations in an extension field F q n . Although the a pproach in [9] seems to be the ap propriate abs traction of the error c ontrol problem in random network coding, one inherent d if ficulty is the a bsenc e of a natural group structure on the s et of a ll subspa ces of the ambient s pace F M q . As a c onseq uence, many of the powerful concepts of classica l coding theory such as group codes and linear cod es d o not naturally extend to code s c onsisting of s ubspa ces. In this paper , we explore the close relationship be tween su bspac e codes a nd codes for ye t an other distance meas ure: the rank metric. Codewords of a rank metric code are n × m matrices and the rank distance b etween two matrices is the rank of their difference. The rank metric was introduce d in coding theory by Delsa rte [10]. Codes for the rank metric were largely d ev eloped by Ga bidulin [11 ] (see als o [10], [12]). An important fea ture of the cod ing theo ry for the rank metric is that it supports many of the p owerful concep ts and techniques of clas sical co ding theory , such as linea r and cyclic codes a nd correspond ing deco ding a lgorithms [11]–[14]. One main con trib ution o f this pape r is to s how that code s in the rank metric c an be naturally “lifted” to subspa ce co des in such a w ay that the ran k distance be tween two codewords is refle cted in the sub space distance b etween their lifted images. In p articular , ne arly-optimal s ubspa ce codes can b e ob tained d irectly from optimal rank-metric codes . Con versely , when lifted rank-metric codes are used, the decod ing problem for random network coding ca n be reformulated purely in rank-metric terms, allowing many of the tools from the theory of ran k-metric codes to be a pplied to random network c oding. In this reformulation, we obtain a gen eralized d ecoding problem for rank -metric codes that in v olves not o nly ordinary ran k errors, but als o two a dditional p henomen a that we ca ll erasu r es a nd deviations . Erasures an d deviations are dual to ea ch other a nd correspon d to partial information about the error matrix, akin to the role played by symbol erasures in the Ha mming metric. Here, an e rasure correspon ds to the kno wledge of an error location but n ot its value, while a deviation correspo nd to the knowl edge of an error value but not its loca tion. Thes e concepts generalize similar c oncepts found in the rank-metric literature under the terminology of “row and column erasures” [13 ], [15]–[18]. Althoug h with a different 4 terminology , the c oncept of a deviation (an d of a c ode that c an correct deviations) has appe ared before in [19]. Our second main contrib ution is a n ef ficient decoding algorithm for rank-metric code s tha t takes into accoun t erasures and deviations. Our algorithm is applica ble to Ga bidulin c odes [11], a c lass o f cod es, analogou s to con ventional Reed-Solomon codes, that a ttain ma ximum distan ce in the ran k metric. W e show that our algo rithm fully exploits the correction capa bility of Gab idulin codes ; n amely , it can correct any pattern of ǫ errors, µ eras ures an d δ deviati ons provided 2 ǫ + µ + δ ≤ d − 1 , where d is the minimum rank distanc e of the c ode. Moreover , the complexity of our algorithm is O ( dM ) ope rations in F q n , wh ich is smaller than that of the algorithm in [9], esp ecially for practical high-rate co des. In the course of setting up the problem, we a lso prove a res ult tha t can be see n as comp lementary to [9]; namely , we relate the performance gua rantees of a s ubspac e code with more concre te network parameters such as the maximum number of corrupting packets tha t can be injected in the network. This result provides a tighter con nection between the s ubspac e approa ch of [9] a nd previous approac hes that deal with link errors. The remainder of this pape r is or ganized as follo ws. In Section II, we pro vide a brief re vie w of ra nk- metric code s and subsp ace c odes. In Sec tion III, we des cribe in more detail the problem of error control in random network coding, along with K ¨ otter an d Kschischa ng’ s approach to this problem. In Se ction IV, we presen t our code construction and sh ow that the res ulting error control problem can be replaced by a generalized de coding problem for rank-metric codes. At this point, we turn ou r attention e ntirely to rank- metric cod es. The generalized deco ding problem that we introduce is developed in more detail in Section V, whe rein the c oncepts of erasures and deviations are described an d compared to related c oncepts in the rank-metric literature. In Sec tion VI, we p resent an efficient algorithm for d ecoding Gabidu lin codes in the presence of errors, erasures a nd deviati ons. Finally , S ection VII contains our conclusions. I I . P R E L I M I N A R I E S A. Notation Let q ≥ 2 b e a power of a p rime. In this paper , all vectors and matrices have components in the fin ite field F q , unle ss otherwise mentione d. W e use F n × m q to den ote the se t of a ll n × m matrices ov er F q and we set F n q = F n × 1 q . In particular , v ∈ F n q is a column vector and v ∈ F 1 × m q is a ro w vector . If v is a vector , then the symbol v i denotes the i th entry of v . If A is a ma trix, the n the symbo l A i denotes either the i th row or the i th column of A ; the distinction will a lw ays be clear from the way 5 in wh ich A is d efined. In either ca se, the symbol A ij always refers to the entry in the i th row and j th column of A . For clarity , the k × k iden tity matrix is denoted by I k × k . If we set I = I n × n , then the notation I i will denote the i th c olumn of I . More g enerally , if U ⊆ { 1 , . . . , n } , then I U = [ I i , i ∈ U ] will de note the sub-matrix of I co nsisting o f the columns indexed by U . The linear span of a set of vectors v 1 , . . . , v k is de noted by h v 1 , . . . , v k i . The ro w space , the rank and the number of nonze ro ro ws of a matrix X a re d enoted by h X i , rank X and wt ( X ) , respectively . The reduced ro w echelon (RRE) form of a matrix X is denoted by RRE ( X ) . B. Pr operties o f Matrix R ank and Subspac e Dimension Let X ∈ F n × m q . By de finition, rank X = dim h X i ; howe ver , there are many useful equ i valent characterizations . For example, rank X is the smallest r for which the re exist matrices A ∈ F n × r q and B ∈ F r × m q such that X = AB , i.e., rank X = min r,A ∈ F n × r q ,B ∈ F r × m q : X = AB r . (1) It is well-known that, for any X, Y ∈ F n × m q , we have rank ( X + Y ) ≤ rank X + rank Y (2) and that, for X ∈ F n × m q and A ∈ F N × n q , we hav e rank ( AX ) ≥ rank A + ra nk X − n. (3) Recall that if U and V are subsp aces of some fixed vector spa ce, then the sum U + V = { u + v : u ∈ U, v ∈ V } is the smallest subspac e that contains both U and V . Reca ll a lso that dim ( U + V ) = dim U + di m V − dim ( U ∩ V ) . (4) W e w ill make extens iv e use of the f act that *   X Y   + = h X i + h Y i (5) and therefore rank   X Y   = dim ( h X i + h Y i ) = rank X + rank Y − dim ( h X i ∩ h Y i ) . (6) 6 C. R ank-Metric Codes A matrix code is define d as any nonempty subse t o f F n × m q . A ma trix code is a lso commonly known as an array co de w hen it forms a linea r space over F q [12]. A natural and use ful distance measure between elements of F n × m q is giv en in the follo wing definition. Definition 1: For X, Y ∈ F n × m q , the rank distance between X and Y is de fined as d R ( X, Y ) , rank ( Y − X ) . As obse rved in [11], rank distance is indeed a metric . In particular , the triangle ine quality for the rank metric follows directly from (2). In the c ontext of the rank metric, a matrix code is called a ran k-metric code . The minimum (r ank) distance of a rank-metric code C ⊆ F n × m q is defined as d R ( C ) , min x , x ′ ∈C x 6 = x ′ d R ( x , x ′ ) . Associated with every rank-metric c ode C ⊆ F n × m q is the transpos ed code C T ⊆ F m × n q , whose codewords are obtained by transp osing the co dewords of C , i.e., C T = { x T : x ∈ C } . W e have |C T | = |C | and d R ( C T ) = d R ( C ) . Observe the sy mmetry betwe en rows and c olumns in the ran k metric; the distinction between a code and its trans pose is in f act transparent to the metric. A minimum distance dec oder for a rank-metric cod e C ⊆ F n × m q takes a word r ∈ F n × m q and returns a codeword ˆ x ∈ C that is closest to r in rank distance , that is, ˆ x = argmin x ∈C rank ( r − x ) . (7) Note that if d R ( x , r ) < d R ( C ) / 2 , then a minimum distance decoder is gu aranteed to return ˆ x = x . Throughou t this pape r , problem (7) will be referred to as the con ventional rank decoding problem. There is a rich coding theory for rank-metric codes that is analogo us to the classical cod ing theory in the Hamming me tric. In pa rticular , we mention the existenc e of a Singleton bo und [10 ], [11] (see also [20] [21]), which states that e very rank metric code C ⊆ F n × m q with minimum distance d = d R ( C ) must satisfy log q |C | ≤ min { n ( m − d + 1) , m ( n − d + 1) } = max { n, m } (min { n, m } − d + 1) . (8) Codes tha t a chieve this bound a re ca lled max imum-rank-distance (MRD) c odes. An extensive class of MRD codes with n ≤ m was presen ted by Ga bidulin in [11]. By trans position, MRD codes with n > m can also be obtained. Thus, MRD c odes exist for all n and m and all d ≤ m in { n, m } , irrespectiv ely of the field size q . 7 D. S ubspac e Codes Let P ( F M q ) d enote the set of all su bspace s of F M q . W e revie w some conc epts of the c oding theory for subspa ces developed in [9]. Definition 2: Let V , V ′ ∈ P ( F M q ) . The subspac e distance between V and V ′ is defined as d S ( V , V ′ ) , dim ( V + V ′ ) − di m ( V ∩ V ′ ) = 2 dim ( V + V ′ ) − dim V − dim V ′ (9) = dim V + dim V ′ − 2 dim ( V ∩ V ′ ) . (10) It is shown in [9] that the subspac e distance is indeed a metric on P ( F M q ) . A subs pace c ode is defined as a nonempty subse t of P ( F M q ) . The minimum (subsp ace) distan ce of a subspa ce co de Ω ⊆ P ( F M q ) is defined as d S (Ω) , min V , V ′ ∈ Ω V 6 = V ′ d S ( V , V ′ ) . The minimum distance d ecoding problem for a subsp ace code is to find a subspace ˆ V ∈ Ω that is closest to a gi ven subs pace U ∈ P ( F M q ) , i.e., ˆ V = argmin V ∈ Ω d S ( V , U ) . (11) A minimum distance decoder is g uaranteed to return ˆ V = V if d S ( V , U ) < d S (Ω) / 2 . Let P ( F M q , n ) denote the s et of all n -dimension al s ubspac es of F M q . A subspa ce code Ω is c alled a constant-dimens ion code if Ω ⊆ P ( F M q , n ) . It follows from (9) or (10) that the minimum distance of a constant-dimens ion code is always an even numbe r . Let A q [ M , 2 d, n ] be d enote the maximum number of codewords in a cons tant-dimension co de with minimum su bspac e distance 2 d . Many bounds on A q [ M , 2 d, n ] were developed in [9], in p articular the Singleton-like bound A q [ M , 2 d, n ] ≤   M − d + 1 max { n, M − n }   q (12) where  M n  q , ( q M − 1) · · · ( q M − n + 1 − 1) ( q n − 1) · · · ( q − 1) denotes the Gaussian co efficient . It is we ll known that the Gaussian coe f ficient giv es the nu mber of distinct n -dimensiona l su bspace s of an M -dimensional vector space over F q , i.e.,  M n  q = |P ( F M q , n ) | . 8 A useful bound on  M n  q is gi ven by [9, Lemma 5]  M n  q < 4 q n ( M − n ) . (13) Combining (12) and (13) gi ves A q [ M , 2 d, n ] < 4 q max { n,M − n } (min { n,M − n }− d +1) . (14) There exist also bound s on A q [ M , 2 d, n ] that are tighter than (12 ), n amely the W ang -Xing-Safa vi-Naini bound [22] and a Johnson-type bound [23]. For future referenc e, we d efine the sub-optimality of a con stant-dimension code Ω ⊆ P ( F M q , n ) with d S (Ω) = 2 d to be α (Ω) , log q A q [ M , 2 d, n ] − log q | Ω | log q A q [ M , 2 d, n ] . (15) I I I . E R R O R C O N T R O L I N R A N D O M N E T WO R K C O D I N G A. Channel Model W e start by revie wing the b asic mod el for single-source generation-bas ed random linear n etwork coding [2], [3]. Conside r a point-to-point communication network with a single s ource node an d a sing le destination no de. Each link in the network is assu med to trans port, free of errors, a packet o f M sy mbols in a fin ite fi eld F q . Links are directed, incident fr om the node transmitting the pa cket a nd incident to the node receiving the p acket. A p acket transmitted o n a link incident to a giv en node is s aid to be a n incoming packet for that no de, and s imilarly a packet transmitted on a link incident from a given n ode is said to be an ou tgoing packet for that nod e. During each transmission generation, the s ource node formats the information to be transmitted into n packets X 1 , . . . , X n ∈ F 1 × M q , which a re regarded as incoming packets for the s ource node. Whe never a node (including the source) h as a transmission op portunity , it prod uces an outgoing pa cket as a random F q -linear combination of all the inco ming packets it has until then rece i ved. The d estination node collects N pa ckets Y 1 , . . . , Y N ∈ F 1 × M q and tries to recover the original packets X 1 , . . . , X n . Let X be an n × M matrix whose rows are the transmitted packets X 1 , . . . , X n and, s imilarly , let Y be an N × M matrix who se ro ws a re the rece i ved packets Y 1 , . . . , Y N . Since all pac ket operations are linear over F q , then, regardless o f the network topology , the trans mitted pa ckets X and the received packets Y can be related as Y = AX , (16) where A is an N × n matrix correspond ing to the overall linear transformation applied by the network. 9 Before proceed ing, we remark that this model encompa sses a variety of situations: • The network ma y have cycles o r delays. Since the overall system is linear , expression (16) will be true regardless of the network topology . • The network could be wireless instea d o f wired. Broadcast trans missions in wireless n etworks may be modeled by constraining each intermediate node to send exactly the s ame packet on e ach of its outgoing links. • The sou rce node may trans mit more than one generation (a se t of n p ackets). In this ca se, we a ssume that eac h packet c arries a label identifying the ge neration to which it correspo nds and that packets from dif ferent generations are processed s eparately throughout the network [2]. • The network topo logy may be time-v arying as nodes join and lea ve an d connections are established and lost. In this case, we assume that ea ch network link is the instantiation of an actual succe ssful packet transmission. • The network may be used for multicast, i.e., there may be more than one destination no de. Again, expression (16) applies; h owe ver , the matrix A may be dif ferent for each destination. Let us no w extend this model to incorpo rate packet errors. Follo wing [4]–[6], we consider that packet errors may oc cur in any o f the links of the network. Supp ose the links in the network are index ed from 1 to ℓ , and let Z i denote the error packet app lied at link i ∈ { 1 , . . . , ℓ } . The application of an error packet is modeled as follows. W e assume that, for each link i , the node transmitting o n that link first creates a prescribed pa cket P in ,i ∈ F 1 × M q follo wing the procedure de scribed a bove. Then, an error p acket Z i ∈ F 1 × M q is added to P in ,i in order to produc e the outgoing packet o n this link, i.e., P out ,i = P in ,i + Z i . Note that any arbitrary packet P out ,i can be formed s imply by choosing Z i = P out ,i − P in ,i . Let Z be an ℓ × M matrix whose rows are the error pa ckets Z 1 , . . . , Z ℓ . By linearity o f the n etwork, we can write Y = AX + B Z, (17) where B is an N × ℓ matrix co rresponding to the overall linear tr ansformation applied to Z 1 , . . . , Z ℓ on route to the destination. Note that Z i = 0 means tha t n o c orrupt p acket was injected at link i . Thus, the number of non zero rows of Z , wt ( Z ) , gives the total number of (potentially) corrupt packets injected in the network. Note that it is possible that a nonzero error pac ket h appens to be in the row s pace of X , in which case it is not really a co rrupt packet. Observe that this model can represent not on ly the occurrence of random link errors, but also the action of malicious nodes. A malicious n ode can potentially trans mit erroneo us packets on all of its 10 outgoing links. A malicious node ma y also want to disg uise it self and transmit c orrect pac kets on some of these links, or may simply refuse to transmit some packet (i.e., transmitting an all-zero packet), which is represented in the model by se tting Z i = − P in ,i . In any ca se, wt ( Z ) gi ves the total numb er of “p acket interventions” p erformed by all malicious nodes and thus giv es a sense of the total adversarial “power” employed towards jamming the network. Equation (17) is our basic model of a chan nel induced by random linear n etwork c oding, and we will refer to it as the random linear network coding channel (RLNCC). The ch annel input a nd output alphabets are g i ven b y F n × M q and F N × M q , resp ectiv ely . T o give a full proba bilistic specifica tion of the channe l, we would need to specify the joint probability dis trib ution of A , B and Z giv en X . W e will not pursue this path in this pa per , taking, instead, a more combinatorial approach. B. T rans mission via Sub space Selection Let Ω ⊆ P ( F M q ) be a subspac e c ode with max imum dimension n . In the approac h in [9], the so urce node selects a su bspace V ∈ Ω and transmits this subspace over the RLNCC as some matrix X ∈ F n × M q such that V = h X i . The destination node receiv es Y ∈ F N × M q and computes U = h Y i , from which the transmitted subspa ce can be inferred using a minimum distance de coder (11). In this p aper , it will be con v enient to vie w the ab ove a pproach from a matrix perspective. In order to do that, we simply replace Ω by an (arbitrarily chose n) matrix cod e that generates Ω . More precisely , let [Ω] , { X ∈ F n × M q : X = RR E ( X ) , h X i ∈ Ω } be a matrix co de c onsisting of all the n × M matrices in RRE form whose ro w spac e is in Ω . Now , the above s etup can be reinterpreted as follows. The source node selects a matrix X ∈ [Ω] to transmit over the RLNCC. Up on reception of Y , the destination node tries to infer the tr ansmitted matrix using the minimum distance decoding rule ˆ X = argmin X ∈ [Ω] d S ( h X i , h Y i ) . (18) Note that the decoding is guaranteed to be succ essful if d S ( h X i , h Y i ) < d S (Ω) / 2 . C. P er formance Guarantees In this su bsection, we wish to relate the performance guarantees of a sub space co de with more concrete network parameters. Still, we would like the se parame ters to be sufficiently g eneral so tha t we do not need to take the whole network topology into account. W e ma ke the following assumptions: • The column-rank deficiency of the transfer matrix A is ne ver greater than ρ , i.e., rank A ≥ n − ρ . 11 • The adversarial nod es together c an inject a t most t corrupting packets, i.e., wt ( Z ) ≤ t . The follo wing result charac terizes the performance gua rantees of a subspace code under our assump- tions. Theorem 1: Suppos e rank A ≥ n − ρ and wt ( Z ) ≤ t . Then, deco ding according to (18) is guaranteed to be success ful provided 2 t + ρ < d S (Ω) / 2 . In order to prove Theorem 1, we need a fe w results relating rank a nd subspac e distance. Pr oposition 2: Le t X, Y ∈ F N × M q . Then rank   X Y   ≤ rank ( Y − X ) + min { rank X, rank Y } . Pr oof: W e hav e rank   X Y   = rank   X Y − X   ≤ rank ( Y − X ) + rank X rank   X Y   = rank   Y − X Y   ≤ rank ( Y − X ) + rank Y . Cor ollary 3: Le t X, Z ∈ F N × M q and Y = X + Z . Th en d S ( h X i , h Y i ) ≤ 2 rank Z − | rank X − rank Y | . Pr oof: From Propos ition 2, we have d S ( h X i , h Y i ) = 2 rank   X Y   − rank X − rank Y ≤ 2 rank Z + 2 min { rank X , rank Y } − rank X − ra nk Y = 2 rank Z − | ran k X − rank Y | . W e c an no w g i ve a proof of Theo rem 1. Pr oof of The or em 1: From Corollary 3, we have that d S ( h AX i , h Y i ) ≤ 2 rank B Z ≤ 2 rank Z ≤ 2 wt ( Z ) ≤ 2 t. 12 Using (3), we find that d S ( h X i , h AX i ) = rank X − rank AX ≤ n − rank A ≤ ρ. Since d S ( · , · ) satisfies the triangle inequality , we have d S ( h X i , h Y i ) ≤ d S ( h X i , h AX i ) + d S ( h AX i , h Y i ) ≤ ρ + 2 t < d S (Ω) 2 and therefore the decoding is guaranteed to be succ essful. Theorem 1 is an alogous to Th eorem 2 in [9], which states that minimum subsp ace distance decoding is guaran teed to be succes sful if 2( µ + δ ) < d S (Ω) , where δ and µ are, res pectively , the number of “insertions” a nd “ deletions” of dimensions tha t occ ur in the ch annel [9]. Intuiti vely , since one corrupted packet injected at a network min-cut ca n e f fecti vely replace a dimens ion of the transmitted subspace , we see that t corrupted packets can cau se t deletions and t insertions of dimens ions. C ombined with p ossible ρ further deletions caused by a row-rank deficiency of A , we have that δ = t an d µ = t + ρ . Thus, δ + µ < d S (Ω) 2 = ⇒ 2 t + ρ < d S (Ω) 2 . In other words, under the condition that corrupt packets may be injected in any of the links in network (which mus t be a ssumed if we do not wish to take the network topology into account), the performance guarantees of a minimum d istance decoder are essentially g i ven by Th eorem 1. It is worth to me ntion tha t, ac cording to re cent resu lts [24], minimum subs pace distance de coding may not be the optimal decod ing rule whe n the subspa ces in Ω have dif ferent dimension s. For the remainder of this pa per , howe ver , we focus on the cas e of a constan t-dimension code and therefore we use the minimum distance de coding rule (18). Our goal will be to construct con stant-dimension s ubspac e codes with good performance and e f ficient encoding/de coding proced ures. I V . C O D E S F O R T H E R A N D O M L I N E A R N E T W O R K C O D I N G C H A N N E L B A S E D O N R A N K - M E T R I C C O D E S In this section, we sh ow how a constant-dimension subspace co de can be cons tructed from any rank- metric c ode. In pa rticular , this construction w ill allow us to obtain ne arly-optimal subs pace codes that posses s efficient e ncoding and d ecoding algorithms. 13 A. Lifting Construc tion From now on, assu me that M = n + m , where m > 0 . Let I = I n × n . Definition 3: Let I : F n × m q → P ( F n + m q ) , giv en by x 7→ I ( x ) = Dh I x iE . The su bspac e I ( x ) is called the lifti ng of the matrix x . Similarly , if C ⊆ F n × m q is a rank-metric code, the n the subspace code I ( C ) , obtained by lifting each codeword of C , is c alled the lifti ng of C . Definition 3 provides an injec ti ve map ping between rank-metric codes and subspace co des. Note that a subspac e code constructed b y lifti ng is a lways a constant-dimension c ode (with codeword d imension n ). Although the lifti ng construction is a particular way of constructing subs pace c odes, it ca n also b e seen a s a generalization o f the standard approach to random ne twork coding [2], [3]. In the latter , every transmitted matrix has the form X = [ I x ] , whe re the payload matrix x ∈ F n × m q correspond s to the raw data to be co mmunicated. In our approach, each transmitted matrix is also of the form X = [ I x ] , but the payload ma trix x ∈ C is restricted to be a codeword of a rank -metric code rather tha n unc oded data. Our reasons for choo sing C to be a ran k-metric c ode will be made clear from the followi ng proposition. Pr oposition 4: Le t C ⊆ F n × m q and x , x ′ ∈ C . Then d S ( I ( x ) , I ( x ′ )) = 2 d R ( x , x ′ ) d S ( I ( C )) = 2 d R ( C ) . Pr oof: Since dim I ( x ) = dim I ( x ′ ) = n , we ha ve d S ( I ( x ) , I ( x ′ )) = 2 dim ( I ( x ) + I ( x ′ )) − 2 n = 2 rank   I x I x ′   − 2 n = 2 rank   I x 0 x ′ − x   − 2 n = 2 rank ( x ′ − x ) . The second statement is immed iate. Proposition 4 shows that a subspace code constructed by lifting inherits the d istance properties of its underlying rank-metric code. The question of whether such lifted rank-metric codes are “go od” comp ared to the whole class o f constant-dimension codes is a ddresse d in the followi ng proposition. 14 Pr oposition 5: Le t C ⊆ F n × m q be an MRD code with d R ( C ) = d . Th en d S ( I ( C )) = 2 d and A q [ n + m, 2 d, n ] < 4 |I ( C ) | = 4 |C | . Moreover , for any code parame ters, the s ub-optimality of I ( C ) in P ( F n + m q , n ) satisfies α ( I ( C )) < 4 ( n + m ) log 2 q . Pr oof: Using (14) an d the fact that C a chieves the S ingleton bound for rank-metric codes (8), we have A q [ n + m, 2 d, n ] < 4 q max { n,m } (min { n,m }− d +1) = 4 |C | . Applying this result in (15), we ob tain α ( I ( C )) < log q 4 max { n, m } (min { n, m } − d + 1) ≤ log q 4 max { n, m } ≤ log q 4 ( n + m ) / 2 = 4 ( n + m ) log 2 q . Proposition 5 shows that, for a ll practical purpose s, lifted MRD c odes are esse ntially optimal a s constant-dimens ion codes. Indee d, the rate loss in using a lifted MRD code rather than an op timal constant-dimens ion cod e is s maller than 4 /P , where P = ( n + m ) log 2 q is the pa cket s ize in bits. In particular , for p acket siz es o f 50 bytes or more, the rate loss is smaller than 1%. In this context, it is worth mentioning that the nearly-optimal Reed -Solomon-like codes propose d in [9] corres pond exactly to the lifting of the class of MRD codes propos ed by Gabidulin [11]. The latter will be discussed in mo re detail in Section VI. B. Decoding W e no w specialize the decoding problem (18) to the spe cific case of lifted rank-metric code s. W e will see that it is possible to reformulate such a problem in a way that res embles the con ventional decod ing problem for rank-metric codes, b ut w ith additional side-information presented to the de coder . 15 Let the transmitted matrix be given b y X = [ I x ] , where x ∈ C and C ⊆ F n × m q is a rank -metric code. Write the receiv ed matrix as Y = [ ˆ A y ] where ˆ A ∈ F N × n q and y ∈ F N × m q . In acco rdance with the formulation o f Section III -B, we a ssume that rank Y = N , since any linearly de pende nt rece i ved packets do not affect the de coding problem and may be discarded by the destination node. Now , define µ , n − rank ˆ A and δ , N − rank ˆ A. Here µ mea sures the rank deficie ncy of ˆ A with respect to columns , while δ measures the ran k d eficiency of ˆ A with respect to ro ws. Before examining the gen eral problem, we study the simple special case that arises wh en µ = δ = 0 . Pr oposition 6: If µ = δ = 0 , then d S ( h X i , h Y i ) = 2 d R ( x , r ) where r = ˆ A − 1 y . Pr oof: Since µ = δ = 0 , ˆ A is in vertible. Thus, ¯ Y = [ I ˆ A − 1 y ] is row equiv alent to Y , i.e.,  ¯ Y  = h Y i . Applying Proposition 4, we get the desired resu lt. The ab ove proposition s hows that, whenever ˆ A is in vertible, a solution to (18) can be found by solving the con ventional rank decod ing problem. This case is illustrated by the follo wing example. Example 1: Let n = 4 a nd q = 5 . Let x 1 , . . . , x 4 denote the ro ws of a codeword x ∈ C . Suppose that A =         2 4 2 4 0 0 3 3 1 0 4 3 0 4 1 4         , B = h 4 0 1 0 i T and Z = h 1 2 3 4 z i . Then Y =         1 2 4 0 2 x 1 + 4 x 2 + 2 x 3 + 4 x 4 + 4 z 0 0 3 3 3 x 3 + 3 x 4 2 2 2 2 x 1 + 4 x 3 + 3 x 4 + z 0 4 1 4 4 x 2 + x 3 + 4 x 4         . Con verti ng Y to RRE form, we obtain ¯ Y = h I r i (19) 16 where r =         3 x 2 + 2 x 3 + x 4 + z 3 x 1 + 2 x 2 + 4 x 3 + 2 x 4 + 2 z 4 x 1 + 3 x 2 + 3 x 3 + x 4 + z x 1 + 2 x 2 + 3 x 3 + 4 z         . Note that, if no e rrors had occurred, we would expect to find r = x . Now , observe that we c an write r =         x 1 x 2 x 3 x 4         +         1 2 1 4         h 4 x 1 + 3 x 2 + 2 x 3 + x 4 + z i . Thus, rank ( r − x ) = 1 . W e c an think of this as an e rror word e = r − x of ran k 1 app lied to x . This error can be corrected if d R ( C ) ≥ 3 . Let us now proceed to the ge neral case, wh ere ˆ A is not ne cessa rily in v ertible. W e first examine a relati vely straightforward approac h that, however , leads to an unattractiv e decoding problem. Similarly to the proof of Proposition 6, it is pos sible to sh ow that d S ( h X i , h Y i ) = 2 ran k ( y − ˆ A x ) + µ − δ which yields the follo wing decoding prob lem: ˆ x = argmin x ∈C rank ( y − ˆ A x ) . (20) If we define a new code C ′ = ˆ A C = { ˆ A x , x ∈ C } , then a solution to (20) ca n be found b y first solving ˆ x ′ = argmin x ′ ∈C ′ rank ( y − x ′ ) using a c on ventional rank decoder for C ′ and then choosing any ˆ x ∈ { x | ˆ A x = ˆ x ′ } as a s olution. An obvious drawback of this approach is that it requires a new c ode C ′ to be used at each decoding instance. This is likely to increase the dec oding complexity , sinc e the existence of an efficient algorithm for C does not imply the existen ce of an efficient algorithm for C ′ = ˆ A C for all ˆ A . Moreover , even if efficient algorithms are known for all C ′ , running a different algorithm for each recei ved matrix may be impractical or undesirable from a n implementation point-of-vie w . In the follo wing, we seek a n express ion for d S ( h X i , h Y i ) where the structure o f C can be exploited. In order to moti v ate our a pproach, we consider the following two exa mples, which ge neralize Example 1. 17 Example 2: Let us return to Example 1, b ut n ow suppo se A =            1 0 2 3 1 3 0 3 1 4 0 3 2 0 4 0 1 1 2 4            , B = h 4 0 1 0 0 i T and Z = h 1 2 3 4 z i . Then Y =            0 3 4 4 x 1 + 2 x 3 + 3 x 4 + 4 z 1 3 0 3 x 1 + 3 x 2 + 3 x 4 2 1 3 2 x 1 + 4 x 2 + 3 x 4 + z 2 0 4 0 2 x 1 + 4 x 3 1 1 2 4 x 1 + x 2 + 2 x 3 + 4 x 4            = h ˆ A y i . Although ˆ A is not in vertible, we can nevert heless conv ert Y to RRE form to obtain ¯ Y =   I r 0 ˆ E   (21) where r =         2 x 1 + 2 x 2 + 3 x 3 + 4 x 4 + 4 z 4 x 1 + 4 x 2 + 2 x 3 + x 4 + z 2 x 1 + 4 x 2 + 2 x 3 + 3 x 4 + 3 z 3 x 1 + x 2 + 4 x 3 + 3 x 4 + 2 z         and ˆ E = 2 x 1 + 4 x 2 + x 3 + 3 x 4 + 3 z . Observe tha t e = r − x =         x 1 + 2 x 2 + 3 x 3 + 4 x 4 + 4 z 4 x 1 + 3 x 2 + 2 x 3 + x 4 + z 2 x 1 + 4 x 2 + x 3 + 3 x 4 + 3 z 3 x 1 + x 2 + 4 x 3 + 2 x 4 + 2 z         =         3 2 1 4         ˆ E . Thus, we see not only tha t rank e = 1 , but we have a lso recovered part of its decompos ition as an outer product, namely , the vector ˆ E . 18 Example 3: Conside r aga in the para meters of Example 1, but now let A =      3 2 1 1 0 4 3 2 2 1 0 4      and suppos e that there are no errors. Then Y =      3 2 1 1 3 x 1 + 2 x 2 + x 3 + x 4 0 4 3 2 4 x 2 + 3 x 3 + 2 x 4 2 1 0 4 2 x 1 + x 2 + 4 x 4      = h ˆ A y i . Once ag ain we cannot in vert ˆ A ; however , after c on verti ng Y to RRE form and inserting a n all-zero ro w in the third position, we obtain ˆ Y =         1 0 4 0 x 1 + 4 x 3 0 1 2 0 x 2 + 2 x 3 0 0 0 0 0 0 0 0 1 x 4         =         1 0 4 0 x 1 + 4 x 3 0 1 2 0 x 2 + 2 x 3 0 0 1 − 1 0 x 3 − x 3 0 0 0 1 x 4         = h I + ˆ LI T 3 x + ˆ Lx 3 i = h I + ˆ LI T 3 r i (22) where ˆ L =         4 2 − 1 0         . Once ag ain we see that the error word has rank 1, and tha t we ha ve recovered part of its decompo sition as an outer product. Namely , we h ave e = r − x = ˆ Lx 3 where this time ˆ L is known. 19 Having s een from these two examples how side information (partial kn owledge of the error matrix) arises at the output of the RLNCC, we add ress the gen eral case in the following proposition. Pr oposition 7: Le t Y , µ and δ be defined as above. The re e xist a tuple ( r , ˆ L, ˆ E ) ∈ F n × m q × F n × µ q × F δ × m q and a set U ⊆ { 1 , . . . , n } satisfying |U | = µ (23) I T U r = 0 (24) I T U ˆ L = − I µ × µ (25) rank ˆ E = δ (26) such that *   I + ˆ LI T U r 0 ˆ E   + = h Y i . (27) Pr oof: See the Appendix. Proposition 7 shows that every matrix Y is row e quiv alent to a matrix ¯ Y =   I + ˆ LI T U r 0 ˆ E   which is essen tially the matr ix Y in reduc ed ro w echelon form. Equations (19), (21) and (22) are examples of matrices in this form. W e can think of the matrices r , ˆ L and ˆ E and the set U as providing a co mpact description of the rece i ved sub space h Y i . The se t U is in fact redundant an d can be omitted from the description, as we show in the next propo sition. Pr oposition 8: Le t ( r , ˆ L, ˆ E ) ∈ F n × m q × F n × µ q × F δ × m q be a tuple and U ⊆ { 1 , . . . , n } be a set that satisfy (23 )–(26). For any S ⊆ { 1 , . . . , n } , T ∈ F µ × µ q and R ∈ F δ × δ q such that ( r , ˆ LT , R ˆ E ) and S satisfy (23)–(26), we hav e *   I + ˆ LT I T S r 0 R ˆ E   + = *   I + ˆ LI T U r 0 ˆ E   + . Pr oof: See the Appendix. Proposition 8 shows that, gi ven a tuple ( r , ˆ L, ˆ E ) obtaine d from Propo sition 7, the set U can be found as an y set s atisfying (23)–(25). Moreover , the matrix ˆ L c an be multiplied on the right by any nonsingular matrix (provided that the resulting matrix sa tisfies (23)–(25) for some U ), and the matrix ˆ E can b e multiplied o n the left by any n onsingular matrix; none of these operations cha nge the subspac e de scribed by ( r , ˆ L, ˆ E ) . The no tion of a c oncise desc ription of a s ubspac e h Y i is cap tured in the following definition. 20 Definition 4: A tuple ( r , ˆ L, ˆ E ) ∈ F n × m q × F n × µ q × F δ × m q that s atisfies (23)–(27) for s ome U ⊆ { 1 , . . . , n } is sa id to be a reduction of the matrix Y . Remark 1: It would be eno ugh to specify , besides the matrix r , only the column s pace of ˆ L and the row spac e of ˆ E in the definition of a reduc tion. For simplicity we will, h owe ver , n ot use this notation here. Note that if Y is a lifti ng of r , then ( r , [] , []) is a reduction of Y (where [] d enotes an empty matrix). Thus, reduction can be interprete d as the in verse of lifti ng. W e c an no w p rove the main theorem of this section. Theorem 9: Let ( r , ˆ L, ˆ E ) be a red uction of Y . Then d S ( h X i , h Y i ) = 2 ran k   ˆ L r − x 0 ˆ E   − ( µ + δ ) . Pr oof: See the Appendix. A c onsequ ence of The orem 9 is that, unde r the lifting construction, the decoding problem (18) for random network coding can b e abstracted to a generalized deco ding problem for rank-metric co des. More precisely , if we casc ade an RLNCC, a t the input, with a device that takes x to its lifting X = h I x i and, at the output, with a device that takes Y to its reduction ( r , ˆ L, ˆ E ) , then the decoding proble m (18) reduces to the foll owing p roblem: Generalized Decoding Problem f or Rank-Metric Cod es: Let C ⊆ F n × m q be a rank-metric code. Given a receiv ed tuple ( r , ˆ L, ˆ E ) ∈ F n × m q × F n × µ q × F δ × m q with rank ˆ L = µ and rank ˆ E = δ , find ˆ x = argmin x ∈C rank   ˆ L r − x 0 ˆ E   . (28) The problem above will be referred to a s the ge neralized d ecoding problem for rank-metric codes , or generalized rank dec oding for short. Note tha t the con ventional rank decoding problem (7) co rresponds to the special case wh ere µ = δ = 0 . The remainder of this paper is dev oted to the study of the generalized rank deco ding problem and to its solution in the case of MRD cod es. 21 V . A G E N E R A L I Z E D D E C O D I N G P R O B L E M F O R R A N K - M E T R I C C O D E S In this se ction, we d ev elop a persp ectiv e on the gene ralized ran k decoding problem that will prove useful to the unde rstanding of the correction capability of rank-metric c odes, a s we ll as to the formulation of an ef ficient decoding algorithm. A. Err or Loc ations and E rr or V alues Let C ∈ F n × m q be a rank-metric code. For a transmitted codeword x and a received word r , define e , r − x as the error word. Note that if an error word e h as r ank τ , then we can write e = LE for some f ull-rank matr ices L ∈ F n × τ q and E ∈ F τ × m q , as in (1). Le t L 1 , . . . , L τ ∈ F n q denote the columns of L and let E 1 , . . . , E τ ∈ F 1 × m q denote the ro ws of E . The n we c an expand e as a summation of outer products e = LE = τ X j =1 L j E j . (29) W e will now borrow so me terminology from class ical co ding the ory . Rec all tha t an error vector e ∈ F n q of Hamming weight τ ca n be exp anded unique ly as a sum of produ cts e = τ X j =1 I i j e j where 1 ≤ i 1 < · · · < i τ ≤ n and e 1 , . . . , e τ ∈ F q . The index i j (or the unit vector I i j ) s pecifies the location of the j th error , while e j specifies the value of the j th error . Analogous ly , in the s um-of-outer- products expansion (29) w e will refer to L 1 , . . . , L τ as the err or locations an d to E 1 , . . . , E τ as the er r or value s . The location L j (a column vector) indicates tha t, for i = 1 , . . . , n , the j th error value E j (a row vector) oc curred in ro w i multiplied by the co efficient L ij . Of course, L ij = 0 means that the j th e rror v alue is not pres ent in ro w i . Note that, in contrast to the clas sical case, the distinction between error locations and error values in the rank metric is merely a con vention. If we prefer to think of errors as oc curring on column s rather than ro ws, then the roles o f L j and E j would b e interchanged. The same observation will a lso apply to any co ncept deri ved from the interpretation of these quantities as error locations and error values. It is important to mention that, in con trast with class ical coding theory , the expansion (29) is not unique, since e = LE = LT − 1 T E for a ny nonsingular T ∈ F τ × τ q . Thu s, strictly speaking , L 1 , . . . , L τ and E 1 , . . . , E τ are jus t on e p ossible set of error locations/values describing the error w ord e . 22 B. Erasures a nd Deviations W e now reformulate the generalized rank d ecoding problem in a way that facilitates its understanding and solution. First, observe that the problem (28) is equiv alent to the prob lem of finding an error word ˆ e , gi ven by ˆ e = argmin e ∈ r −C rank   ˆ L e 0 ˆ E   , (30) from which the output of the de coder can be c omputed as ˆ x = r − ˆ e . Pr oposition 10: L et e ∈ F n × m q , ˆ L ∈ F n × µ q and ˆ E ∈ F δ × n q . The follo wing s tatements are equi valent: 1) τ ∗ = rank   ˆ L e 0 ˆ E   . 2) τ ∗ − µ − δ is the minimum value of rank ( e − ˆ LE (1) − L (2) ˆ E ) for all E (1) ∈ F µ × m q and all L (2) ∈ F n × δ q . 3) τ ∗ is the minimum v alue of τ for which there exist L 1 , . . . , L τ ∈ F n q and E 1 , . . . , E τ ∈ F 1 × m q satisfying: e = τ X j =1 L j E j L j = ˆ L j , j = 1 , . . . , µ E µ + j = ˆ E j , j = 1 , . . . , δ. Pr oof: See the Appendix. W i th the help of Proposition 10, the infl uence of ˆ L an d ˆ E in the dec oding problem can be interpreted as follows. Sup pose e ∈ r − C is the unique solution to (30). Then e can be expande d as e = P τ j =1 L j E j , where L 1 , . . . , L µ and E µ +1 , . . . , E µ + δ are k nown to the deco der . In other words, the decoding p roblem is facilit ated, since the decode r has side information about the expansion of e . Recall the terminology of Section V -A. Observe that, for j ∈ { 1 , . . . , µ } , the dec oder kn ows the location o f the j th error term b ut not its value, while for j ∈ { µ + 1 , . . . , µ + δ } , the decoder knows the value o f the j th error term but not its loca tion. Since in classica l coding theo ry k nowledge of an error location b ut not its value corresponds to an erasure, we will ad opt a s imilar terminolog y here. Ho wev er we will nee d to introduce a new term to han dle the case where the value of an error is known, b ut not its location. In the expansion (29) of the error word, ea ch term L j E j will be called 23 • an erasure , if L j is known; • a deviation , if E j is kno wn; and • a full err or (or simply an err or ), if ne ither L j nor E j are known. Collecti vely , eras ures, de viations and errors will be referred to as “errata. ” W e say that an e rrata p attern is correctable when (28) h as a unique solution e qual to the original transmitted codew ord. The follo wing theorem characterizes the errata-correction c apability of rank-metric codes. Theorem 11: A rank-metric code C ⊆ F n × m q of minimum distance d is able to c orrect every pa ttern of ǫ errors, µ e rasures and δ deviations if and only if 2 ǫ + µ + δ ≤ d − 1 . Pr oof: Let x ∈ C be a transmitted codeword and let ( r , ˆ L, ˆ E ) ∈ F n × m q × F n × µ q × F δ × m q be a receiv ed tuple such that ra nk   ˆ L r − x 0 ˆ E   = µ + δ + ǫ . Supp ose x ′ ∈ C is anothe r codewor d such that rank   ˆ L r − x ′ 0 ˆ E   = µ + δ + ǫ ′ , where ǫ ′ ≤ ǫ . From Proposition 10, we can write e = r − x = ˆ LE (1) + L (2) ˆ E + L (3) E (3) e ′ = r − x ′ = ˆ LE (4) + L (5) ˆ E + L (6) E (6) for some E (1) , L (2) , . . . , E (6) with appropriate dimensions such tha t rank L (3) E (3) = ǫ and rank L (6) E (6) = ǫ ′ . Thus, e − e ′ = ˆ L ( E (1) − E (4) ) + ( L (2) − L (5) ) ˆ E + L (3) E (3) + L (6) E (6) and rank ( x ′ − x ) = rank ( e − e ′ ) ≤ µ + δ + ǫ + ǫ ′ ≤ d − 1 contradicting the minimum distance of the cod e. Con versely , let x , x ′ ∈ C be two codewords such that rank ( x ′ − x ) = d . For all µ , δ and ǫ suc h that µ + δ + 2 ǫ ≥ d , we can write x ′ − x = L (1) E (1) + L (2) E (2) + L (3) E (3) + L (4) E (4) where the four terms above hav e inn er dimensions equa l to µ , δ , ǫ and ǫ ′ = d − µ − δ − ǫ , respectiv ely . Let e = L (1) E (1) + L (2) E (2) + L (3) E (3) e ′ = − L (4) E (4) 24 and observe that x ′ − x = e − e ′ . Let r = x + e = x ′ + e ′ , ˆ L = L (1) and ˆ E = E (2) . Suppose that x is transmitted and the tuple ( r , ˆ L, ˆ E ) is re ceiv ed. Then rank   ˆ L r − x 0 ˆ E   = rank   ˆ L e 0 ˆ E   = µ + δ + ǫ rank   ˆ L r − x ′ 0 ˆ E   = rank   ˆ L e ′ 0 ˆ E   = µ + δ + ǫ ′ . Since ǫ ′ = d − µ − δ − ǫ ≤ ǫ , it follo ws that x can not be the un ique solution to (28) a nd therefore the errata pattern cannot be corrected. Theorem 1 1 s hows that, similarly to erasu res in the Hamming metric, erasures and deviations cos t half of an error in the ran k metric. Theorem 11 also shows that taking into accoun t information abo ut era sures and deviations (when they occur) can strictly inc rease the error correction capability of a rank-metric code . Indeed, suppo se that an error word of rank t = µ + δ + ǫ is applied to a co dew ord, where µ , δ and ǫ are the numbe r of erasu res, deviations a nd full errors, respectively , in the errata pattern. It follows that a con ventional rank deco der (which ignores the information about eras ures and deviations) can only guarantee succe ssful d ecoding if 2 t ≤ d − 1 , where d is the minimum rank distan ce of the code. On the o ther h and, a gene ralized rank decode r requires only 2 ǫ + µ + δ ≤ d − 1 , or 2 t ≤ d − 1 + µ + δ , in order to guarante e su ccess ful decoding. In this cas e, the error correction c apability is increase d by ( µ + δ ) / 2 if a gen eralized rank d ecode r is used instead of a con ventional one. W e conclude this s ection by comparing our gen eralized decoding problem with previous de coding problems proposed for rank-metric codes. There has be en a significant amount of resea rch on the problem of correcting rank errors in the prese nce of “row and column erasures” [13], [15]–[18], where a row erasure means that all e ntries of that ro w a re replaced by an erasu re symbol, and similarly for a column erasu re. The decoding problem in this setting is naturally define d a s finding a codeword suc h that, wh en the era sed en tries in the receiv ed word are replaced by those of the co dew ord, the difference be tween this new matrix and the c odeword has the smallest possible rank. W e now sh ow that this problem is a s pecial case of (28). First, we force the rec eiv ed word r to be in F n × m q by replacing ea ch erasure symbol with an arbitrary symbol in F q , say 0 . Suppose that the rows i 1 , . . . , i µ and the columns k 1 , . . . , k δ have been erased . Let ˆ L ∈ F n × µ q be gi ven by ˆ L i j ,j = 1 and ˆ L i,j = 0 , ∀ i 6 = i j , for j = 1 , . . . , µ and let ˆ E ∈ F δ × m q be gi ven by 25 ˆ E j,k j = 1 and ˆ E j,k = 0 , ∀ k 6 = k j , for j = 1 , . . . , δ . S ince   ˆ L r − x 0 ˆ E   =   ˆ L r 0 ˆ E   −   0 x 0 0   (31) it is e asy to see that we can perform column op erations on (31) to re place the e rased rows of r with the same e ntries a s x , and similarly we can perform row op erations on (31) to replace the erased co lumns of r with the same entries as x . The decoding problem (28) is uncha nged by the se operations and reduces exactly to the decod ing problem with “row and column e rasures” described in the previous paragraph. An example is given below . Example 4: Let n = m = 3 . S uppose the third ro w and the se cond column have b een erased in the receiv ed w ord. Then r =      r 11 0 r 13 r 21 0 r 23 0 0 0      , ˆ L =      0 0 1      , ˆ E = h 0 1 0 i . Since         0 r 11 0 r 13 0 r 21 0 r 23 1 0 0 0 0 0 1 0         and         0 r 11 x 12 r 13 0 r 21 x 22 r 23 1 x 31 x 32 x 33 0 0 1 0         are ro w equiv alent, we obtain that rank   ˆ L r − x 0 ˆ E   = rank         0 r 11 − x 11 0 r 13 − x 13 0 r 21 − x 21 0 r 23 − x 23 1 0 0 0 0 0 1 0         = 2 + rank      r 11 − x 11 0 r 13 − x 13 r 21 − x 21 0 r 23 − x 23 0 0 0      which is esse ntially the same objective function as in the decod ing problem with “row and c olumn erasures” described above. While ro w/column eras ures are a spec ial case of erasure s/deviations, it a lso true that the latter c an always be transformed into t he former . This can be accomplishe d by multiplying all rank -metric codew ords to the left and to the right by nons ingular matri ces in such a way that the corresponding ˆ L j and ˆ E j become 26 unit vectors. The d rawback o f this approac h, a s pointed out in Section IV -B, is that the structure of the code is cha nged at eac h decoding instance, which may rais e complexity and/or implementation issu es. Thus, it is practically mo re advantageous to fix the s tructure of the code a nd c onstruct a decod er that can han dle the generalized notions of eras ures and deviations. This is the ap proach we take in the next section. V I . D E C O D I N G G A B I D U L I N C O D E S W I T H E R RO R S , E R A S U R E S A N D D E V I A T I O N S In this section, we turn our attention to the d esign of an efficient rank decode r that can correct any pattern of ǫ errors, µ erasures and δ deviations sa tisfying 2 ǫ + µ + δ ≤ d − 1 , where d is the minimum rank distance of the code. Our decoder is applica ble to Gabidulin codes, a clas s of MRD codes p roposed in [11]. A. Pr eliminaries Rank-metric c odes in F n × m q are typica lly constructed as block codes of length n over the extension field F q m . More precisely , by fixing a basis for F q m as a n m -dimension al vector space over F q , we can regard any eleme nt of F q m as a r ow vector of length m over F q (and vice-versa). Similarly , we can regard a ny column vector of length n over F q m as an n × m matrix over F q (and vice-versa). All conce pts previously define d for ma trices in F n × m q can be na turally a pplied to vectors in F n q m ; in particular , the rank of a vector x ∈ F n q m is the rank of x as a n n × m matrix over F q . 1) Gabidulin Codes : In orde r to simplify notation, let [ i ] den ote q i . A Gabidulin code is a linear ( n, k ) code over F q m defined by the p arity-check matrix H =         h [0] 1 h [0] 2 · · · h [0] n h [1] 1 h [1] 2 · · · h [1] n . . . . . . . . . . . . h [ n − k − 1] 1 h [ n − k − 1] 2 · · · h [ n − k − 1] n         where the elements h 1 , . . . , h n ∈ F q m are linearly ind epende nt over F q (note that n ≤ m is required). The minimum rank distance of a Gabidulin code is d = n − k + 1 , sa tisfying the S ingleton boun d in the rank metric [11]. 2) Linearize d P olyn omials: A class of polyn omials that p lay an important role in the s tudy of ran k- metric codes are the linearized polyno mials [25, Sec . 3.4]. A linearized polynomial (or q -polyn omial) over F q m is a polynomial of the form f ( x ) = t X i =0 f i x [ i ] 27 where f i ∈ F q m . If f t 6 = 0 , we call t the q -degree o f f ( x ) . Linearized polyno mials rec eiv e their n ame becaus e of the followi ng property: for any a 1 , a 2 ∈ F q and any β 1 , β 2 ∈ F q m , f ( a 1 β 1 + a 2 β 2 ) = a 1 f ( β 1 ) + a 2 f ( β 2 ) . That is, ev aluation of a linearized polynomial is a map F q m → F q m that is linear over F q . In particular , the set of all roo ts in F q m of a linearized p olynomial is a subspac e of F q m . Let A ( x ) and B ( x ) be linearized polyno mials o f q -degrees t A and t B , respe cti vely . The sy mbolic product of A ( x ) a nd B ( x ) is define d as the polynomial A ( x ) ⊗ B ( x ) , A ( B ( x )) . It is easy to verify that P ( x ) = A ( x ) ⊗ B ( x ) is a linearized p olynomial o f q -degree t = t A + t B whose c oefficients can be computed as P ℓ = min { ℓ,t A } X i =max { 0 ,ℓ − t B } A i B [ i ] ℓ − i = min { ℓ,t B } X j =max { 0 ,ℓ − t A } A ℓ − j B [ ℓ − j ] j for ℓ = 0 , . . . , t . In particular , if t A ≤ t B , then P ℓ = t A X i =0 A i B [ i ] ℓ − i , t A ≤ ℓ ≤ t B , (32) while if t B ≤ t A , then P ℓ = t B X j =0 A ℓ − j B [ ℓ − j ] j , t B ≤ ℓ ≤ t A . ( 33) It is known that the s et of linearized polynomials over F q m together with the operations of polyn omial addition and symb olic multiplication forms a n oncommutative ring with identity having many of the properties of a Euclidean domain. W e d efine the q -r everse of a linearized polynomial f ( x ) = P t i =0 f i x [ i ] as the polynomial ¯ f ( x ) = P t i =0 ¯ f i x [ i ] giv en by ¯ f i = f [ i − t ] t − i for i = 0 , . . . , t . (When t is not specified we will assume that t is the q -degree of f ( x ) .) For a set S ⊆ F q m , define the minimal linearize d polyn omial of S (with res pect to F q m ), denoted M S ( x ) or mi np oly {S } ( x ) , as the monic linearized polynomial over F q m of lea st d egree whos e root space contains S . It can be shown that M S ( x ) is giv en by M S ( x ) , Y β ∈hS i ( x − β ) so the q -degree of M S ( x ) is equal to dim hS i . Moreover , if f ( x ) is any linearized polynomial whose root space contains S , then f ( x ) = Q ( x ) ⊗ M S ( x ) 28 for some linearized polynomial Q ( x ) . This implies that M S ∪{ α } ( x ) = M M S ( α ) ( x ) ⊗ M S ( x ) for any α . Thus, M S ( x ) ca n be compu ted in O ( t 2 ) operations in F q m by taking a bas is { α 1 , . . . , α t } for h S i and computing M { α 1 ,...,α i } ( x ) recursively for i = 1 , . . . , t . 3) Decod ing of Gabidulin Code s: Rec all that, in the co n ventional rank d ecoding problem with τ errors, where 2 τ ≤ d − 1 , we are gi ven a receiv ed word r ∈ F n q m and we want to fi nd the un ique error word e ∈ r − C such that rank e = τ . W e revie w below the usual deco ding procedure, which consists of finding error v alues E 1 , . . . , E τ ∈ F q m and error locations L 1 , . . . , L τ ∈ F n q such that e = P τ j =1 L j E j . Since e ∈ r − C , we can form the syndr omes [ S 0 , . . . , S d − 2 ] T , H r = H e which can then be rela ted to the error v alues and error loca tions according to S ℓ = n X i =1 h [ ℓ ] i e i = n X i =1 h [ ℓ ] i τ X j =1 L ij E j = τ X j =1 X [ ℓ ] j E j , ℓ = 0 , . . . , d − 2 (34) where X j = n X i =1 L ij h i , j = 1 , . . . , τ (35) are called the err or locators associated with L 1 , . . . , L τ . Suppose , for now , that the error values E 1 , . . . , E τ (which are essen tially τ l inearly indep endent elements satisfying h e i = h E 1 , . . . , E τ i ) have already been determined. Then the e rror locators can be determined by solving (34 ) or , equiv alently , by solving ¯ S ℓ = S [ ℓ − d +2] d − 2 − ℓ = τ X j =1 E [ ℓ − d +2] j X j , ℓ = 0 , . . . , d − 2 (36) which is a system o f equations of the form B ℓ = τ X j =1 A [ ℓ ] j X j , ℓ = 0 , . . . , d − 2 (37) consisting of d − 1 linear equ ations (ov er F q m ) in τ u nknowns X 1 , . . . , X τ . Such a system is known to have a unique solution (whenever one exists) provided τ ≤ d − 1 and A 1 , . . . , A τ are linearly indepe ndent (see [25], [26 ]). Moreover , a solution to (37) can be found ef ficiently in O ( d 2 ) operations in F q m by an algorithm proposed by Gabidulin [11 , pp. 9–10]. 29 After the error locators have been found , the error loc ations L 1 , . . . , L τ can be easily recovered by solving (35). More precisely , let h ∈ F n × m q be the matrix whose rows are h 1 , . . . , h n , and let Q ∈ F m × n q be a right in verse of h , i.e., h Q = I n × n . Then L ij = m X k =1 X j k Q k i , i = 1 , . . . , n, j = 1 , . . . , τ . The computation of error values can be don e indirectly via an err or span polynomial σ ( x ) . Le t σ ( x ) be a linearized po lynomial of q -degree τ having as roots all linear co mbinations o f E 1 , . . . , E τ . Then, σ ( x ) can be related to the syndr ome polyn omial S ( x ) = d − 2 X j =0 S j x [ j ] through the follo wing ke y equ ation : σ ( x ) ⊗ S ( x ) ≡ ω ( x ) mo d x [ d − 1] (38) where ω ( x ) is a linearized polynomial of q -degree ≤ τ − 1 . An equiv alent way to express (38) is τ X i =0 σ i S [ i ] ℓ − i = 0 , ℓ = τ , . . . , d − 2 . (39) This key equa tion c an be ef ficiently solved in O ( d 2 ) operations in F q m by the modified Berlekamp - Massey algorithm p roposed in [13], provided 2 τ ≤ d − 1 . After the error span polyno mial is found, the error values can be obta ined by c omputing a basis E 1 , . . . , E τ for the root spa ce of σ ( x ) . This can be do ne either by the proba bilistic algorithm in [27], in an average of O ( dm ) operations in F q m , or by the methods in [28], which take at mos t O ( m 3 ) ope rations in F q plus O ( dm ) operations in F q m . B. A Modified K e y Eq uation Incorporating Erasures and Deviations In the general rank decoding problem with ǫ errors, µ erasu res and δ d eviations, where 2 ǫ + µ + δ ≤ d − 1 , we are gi ven a received tuple ( r , ˆ L, ˆ E ) ∈ F n q m × F n × µ q × F δ q m and we want to find the unique error word e ∈ r − C su ch that rank   ˆ L e 0 ˆ E   = ǫ + µ + δ , τ (along with the value of ǫ , which is not known a priori). First, no te that if we ca n find a linearized p olynomial σ ( x ) of q -degree at mos t τ ≤ d − 1 satisfying σ ( e i ) = 0 , i = 1 , . . . , n , then the error word can be determined in the same ma nner as in Se ction V I-A3. 30 According to Proposition 10, we can write the error w ord as e = P τ j =1 L j E j for some L 1 , . . . , L τ ∈ F n q and E 1 , . . . , E τ ∈ F q m satisfying L j = ˆ L j , j = 1 , . . . , µ , and E µ + j = ˆ E j , j = 1 , . . . , δ . Let σ D ( x ) , σ F ( x ) and σ U ( x ) be linearized polynomials o f smallest q -degrees s atisfying σ D ( E j ) = 0 , j = µ + 1 , . . . , µ + δ σ F ( σ D ( E j )) = 0 , j = µ + δ + 1 , . . . , τ σ U ( σ F ( σ D ( E j ))) = 0 , j = 1 , . . . , µ. Clearly , the q -degrees of σ D ( x ) and σ F ( x ) are δ and ǫ , respec ti vely , and the q -degree o f σ U ( x ) is at most µ . Define the err or spa n po lynomial σ ( x ) = σ U ( x ) ⊗ σ F ( x ) ⊗ σ D ( x ) . Then σ ( x ) is a linearized polynomial of q -degree ≤ τ satisfying σ ( e i ) = σ ( τ X j =1 L ij E j ) = τ X j =1 L ij σ ( E j ) = 0 , i = 1 , . . . , n. Thus, sinc e σ D ( x ) can be readily determined from ˆ E , dec oding reduces to the d etermination of σ F ( x ) and σ U ( x ) . Now , let λ U ( x ) be a linearized polynomial o f q -degree µ s atisfying λ U ( X j ) = 0 , j = 1 , . . . , µ and let ¯ λ U ( x ) be the q -re verse of λ U ( x ) . W e de fine an a uxiliary syndr ome polyno mial a s S D U ( x ) = σ D ( x ) ⊗ S ( x ) ⊗ ¯ λ U ( x ) . Observe that S D U ( x ) inc orporates all the information that is known at the decode r , including eras ures and deviations. Our modified key equ ation is given in the followi ng theorem. Theorem 12: σ F ( x ) ⊗ S D U ( x ) ≡ ω ( x ) mo d x [ d − 1] (40) where ω ( x ) is a linearized polynomial of q -degree ≤ τ − 1 . Pr oof: Let ω ( x ) = σ F ( x ) ⊗ S D U ( x ) mo d x [ d − 1] . If τ ≥ d − 1 , we have nothing to prove, so let us assume τ ≤ d − 2 . W e will show that ω ℓ = 0 for ℓ = τ , . . . , d − 2 . 31 Let σ F D ( x ) = σ F ( x ) ⊗ σ D ( x ) and S F D ( x ) = σ F D ( x ) ⊗ S ( x ) . Ac cording to (32), for ǫ + δ ≤ ℓ ≤ d − 2 we hav e S F D,ℓ = ǫ + δ X i =0 σ F D,i S [ i ] ℓ − i = ǫ + δ X i =0 σ F D,i   τ X j =1 X [ ℓ − i ] j E j   [ i ] = τ X j =1 X [ ℓ ] j σ F D ( E j ) = µ X j =1 X [ ℓ ] j β j , (41) where β j = σ F D ( E j ) , j = 1 , . . . , µ. Note that σ F ( x ) ⊗ S D U ( x ) = S F D ( x ) ⊗ ¯ λ U ( x ) . Using (33) a nd (41), for µ + ǫ + δ ≤ ℓ ≤ d − 2 we have ω ℓ = µ X i =0 ¯ λ [ ℓ − i ] U,i S F D,ℓ − i = µ X i =0 λ [ ℓ − µ ] U,µ − i µ X j =1 X [ ℓ − i ] j β j = µ X j =1 µ X i =0 λ [ ℓ − µ ] U,i X [ ℓ − µ + i ] j β j = µ X j =1 λ U ( X j ) [ ℓ − µ ] β j = 0 . This completes the proof of the theorem. The key equ ation ca n be equi valently expressed a s ǫ X i =0 σ F ,i S [ i ] D U,ℓ − i = 0 , ℓ = µ + δ + ǫ, . . . , d − 2 . (42) Note that this key equa tion reduces to the original key e quation (38) when there are no erasures or deviations. Moreover , it ca n be solved by the same methods as the original key equation (38), e. g., using the Euclidean a lgorithm for linea rized polynomials [11] or us ing the mod ified Be rlekamp-Massey algorithm from [13], provided 2 ǫ ≤ d − 1 − µ − δ (which is true by assumption). No te tha t a small adjustment ne eds to be made so that (42) b ecomes indee d equiv alent to (39 ); na mely , we should cho ose S ℓ in (39) as S ℓ = S D U,ℓ + µ + δ and replace d with d − µ − δ . After c omputing σ F ( x ) , we s till nee d to d etermine σ U ( x ) . In the proof o f The orem 12, o bserve that (41) has the same form as (37); thus , β 1 , . . . , β µ can be co mputed u sing Gabidulin’ s algorithm [11, pp. 9–10], since S F D ( x ) and X 1 , . . . , X µ are known. Finally , σ U ( x ) can be obtained as σ U ( x ) = minp oly { β 1 , . . . , β µ } . C. S ummary of the Algorithm and Co mplexity Analys is The complete algorithm for decoding Gabidulin codes with erasures a nd deviations is summarized in Fig. 1. W e now es timate the complexity of this algorithm. 32 Input: received tuple ( r , ˆ L, ˆ E ) ∈ F n q m × F n × µ q × F δ q m . Output: error word e ∈ F n q m . 1) Computing the auxiliary s yndr ome polyno mial : Compute a) S ℓ = P n i =1 h [ ℓ ] i r i , ℓ = 0 , . . . , d − 2 b) ˆ X j = P n i =1 ˆ L ij h i , j = 1 , . . . , µ c) λ U ( x ) = minp oly { ˆ X 1 , . . . , ˆ X µ } d) σ D ( x ) = minp oly { ˆ E 1 , . . . , ˆ E δ } , and e) S D U ( x ) = σ D ( x ) ⊗ S ( x ) ⊗ ¯ λ U ( x ) . 2) Computing the err or span polynomial : a) Use the Be rlekamp-Massey algo rithm [13] to fin d σ F ( x ) that solve the key e quation (40). b) Compute S F D ( x ) = σ F ( x ) ⊗ σ D ( x ) ⊗ S ( x ) . c) Use Gabidulin’ s algorithm [11] to find β 1 , . . . , β µ ∈ F q m that solve (41). d) Compute σ U ( x ) = minp oly { β 1 , . . . , β µ } and e) σ ( x ) = σ U ( x ) ⊗ σ F ( x ) ⊗ σ D ( x ) . 3) F ind ing the r o ots of the er r or span polynomial : Use either the algorithm in [27] or the methods in [28] to fin d a basis E 1 , . . . , E τ ∈ F q m for the root space of σ ( x ) . 4) F ind ing the err or locations : a) Solve (36) using Gabidulin’ s algorithm [11] to find the error locators X 1 , . . . , X τ ∈ F q m . b) Compute the e rror locations L ij = P m k =1 X j k Q k i , i = 1 , . . . , n , j = 1 , . . . , τ . c) Compute the e rror wor d e = P τ j =1 L j E j . Fig. 1. Generalized decoding algorithm for Gabidulin codes. Steps 1e), 2b) a nd 2e) a re s ymbolic multiplications of linearized polynomials and can be performed in O ( d 2 ) opera tions in F q m . Steps 1c), 1d ) and 2d) in volv e finding a minimal li nearized polyno mial, which takes O ( d 2 ) operations in F q m . S teps 1b), 4b) a nd 4c) are ma trix mu ltiplications and take O ( dnm ) operations in F q only . Both ins tances 2c) a nd 4a) of Gabidulin’ s a lgorithm and also the Berlekamp - Massey algorithm in step 2a) take O ( d 2 ) operations in F q m . 33 The most compu tationally de manding steps a re 1a) compu ting the syn dromes a nd 3) finding a basis for the root s pace of the error sp an polynomial. The former c an be implemented in a straightforward manner using O ( dn ) operations in F q m , wh ile the la tter c an be performed using a n average o f O ( dm ) operations in F q m with the algorithm in [27] (although the method described in [28] will usu ally perform faster when m is small). W e c onclude that the ov erall c omplexity of the algorithm is O ( dm ) operations in F q m . D. A n Equivalent F ormulation Based on the Er r or Loca tor P olyno mial Due to the perfect duality be tween error values and e rror locators (both are elements of F q m ), it is also po ssible to de ri ve a dec oding algorithm ba sed on an error locator polynomial that contains a ll the error locators as roots. Let the auxiliary syndrome polynomial b e defined as S U D ( x ) = λ U ( x ) ⊗ ¯ S ( x ) ⊗ ¯ σ D ( x [ d − 2] ) [ − d +2] where ¯ σ D ( x ) is the q -rev erse o f σ D ( x ) and ¯ S ( x ) is the q -re verse of S ( x ) . Let λ F ( x ) be a linearize d polynomial of q -degree ǫ such that λ F ( λ U ( X i )) = 0 , for i = µ + δ + 1 , . . . , τ . W e have the following key equation: Theorem 13: λ F ( x ) ⊗ S U D ( x ) ≡ ψ ( x ) m o d x [ d − 1] (43) where ψ ( x ) is a linearized polynomial of q -degree ≤ τ − 1 . Pr oof: The proof is similar to that of Theorem 12 an d will be o mitted. The complete decoding algorithm based on the e rror locator polynomial is gi ven in Fig. 2. E. Practical Considerations W e have seen that the co mplexity of deco ding a Ga bidulin code C ⊆ F n × m q with d R ( C ) = d is giv en by O ( dm ) o perations in F q m . In many ap plications, in pa rticular for network coding, we hav e m ≫ n . In suc h case s, the deco ding complexity can be significa ntly reduced by using, rather than a Gabidu lin code, a n MRD code formed by the Cartesian product o f many sho rter Gabidulin cod es with the same distance. More precise ly , let ℓ = ⌊ m n ⌋ a nd n ′ = m − n ( ℓ − 1) . T ake C = C 1 × C 2 × · · · × C ℓ , where C i ⊆ F n × n q , i = 1 , . . . , ℓ − 1 , an d C ℓ ⊆ F n × n ′ q are Gabidulin co des with minimum rank distance d . T hen C is an MRD code with d R ( C ) = d . 34 Input: received tuple ( r , ˆ L, ˆ E ) ∈ F n q m × F n × µ q × F δ q m . Output: error word e ∈ F n q m . 1) Computing the auxiliary s yndr ome polyno mial : Compute a) S ℓ = P n i =1 h [ ℓ ] i r i , ℓ = 0 , . . . , d − 2 b) ˆ X j = P n i =1 ˆ L ij h i , j = 1 , . . . , µ c) λ U ( x ) = minp oly { ˆ X 1 , . . . , ˆ X µ } d) σ D ( x ) = minp oly { ˆ E 1 , . . . , ˆ E δ } , and e) S U D ( x ) = λ U ( x ) ⊗ ¯ S ( x ) ⊗ ¯ σ D ( x [ d − 2] ) [ − d +2] . 2) Computing the err or locator polynomial : a) Use the Be rlekamp-Massey algo rithm [13] to fin d λ F ( x ) that solve the key e quation (43). b) Compute S F U ( x ) = λ F ( x ) ⊗ λ U ( x ) ⊗ ¯ S ( x ) . c) Use Gabidulin’ s algorithm [11] to find γ 1 , . . . , γ δ ∈ F q m that solve S F U ,ℓ = δ X j =1 E [ ℓ − d +2] µ + j γ j . d) Compute λ D ( x ) = minp oly { γ 1 , . . . , γ δ } and e) λ ( x ) = λ D ( x ) ⊗ λ F ( x ) ⊗ λ U ( x ) . 3) F ind ing the r o ots of the er r or locator polynomial : Use either the algorithm in [27] or the methods in [28] to find a basis X 1 , . . . , X τ ∈ F q m for the root space of λ ( x ) . 4) F ind ing the err or values : a) Solve (34) using Gabidulin’ s algorithm [11] to find the error values E 1 , . . . , E τ ∈ F q m . b) Compute the e rror locations L ij = P m k =1 X j k Q k i , i = 1 , . . . , n , j = 1 , . . . , τ . c) Compute the e rror wor d e = P τ j =1 L j E j . Fig. 2. Generalized decoding algorithm for Gabidulin codes, alternativ e formulation. 35 Now , decoding of C can be pe rformed by decoding e ach C i indi vidually . Th us, a ssuming for simplicity that m = n ℓ , the overall de coding complexity is gi ven by ℓO ( dn ) = O ( dm ) operations in F q n . In o ther words, operations in a potentially large field F q m can be replaced by o perations in a much smaller field F q n . Note that, in this case, add itional computationa l s avings may b e obtaine d, since all receiv ed words will share the same set of error locations. For instance, if all error locations are known a nd the decoding algorithm of Fig. 2 is us ed, then only steps 1a), 1b ) and 4a)–4c) ne ed to be performed. V I I . C O N C L U S I O N S In this paper , we have introduced a ne w a pproach to the problem of error co ntrol in rando m network coding. Our ap proach is bas ed, on the one hand, o n K ¨ otter and Ks chischan g’ s abstraction of the p roblem as a c oding-theoretic prob lem for sub space s an d, on the other hand, on the existenc e of o ptimal and efficiently-decodable codes for the ran k metric. W e hav e s hown that, when lifting is p erformed at the transmitter and r eduction at the rec eiv er , the random n etwork co ding c hanne l behaves essentially as a matrix channe l that introduces errors in the rank metric and may also supply partial information about these errors in the form of e rasures and deviati ons. An impo rtant c onseq uence of our results is that many of the tools de veloped for rank-metric codes can be almos t directly applied to rando m network cod ing. Howev er , in order to fully exploit the correction capability of a rank-metric code, erasures and deviations must be tak en i nto account. A secon d contributi on of this work is the generalization of the decoding algorithm for Gab idulin c odes in order to fulfill this task. Our prop osed algorithm requires O ( dm ) ope rations in F q m , ach ieving the same co mplexity as con ventional deco ding algorithms that only correct rank errors. Follo wing this work, a natural step tow ard practical error c ontrol in random n etwork coding is the pursuit of efficient s oftware (and po ssibly hardware) impleme ntations of enc oders and d ecoders for Gabidulin co des. Anothe r avenue would be the in v estigation of mo re gene ral network cod ing scena rios where error and e rasure correction might be use ful; for example, the case of multiple heterogeneo us receiv ers c an be a ddressed using a priorit y encoding transmission sc heme base d on Gabidulin code s [29]. An exciting open question, paralleling the dev elopment of Reed-Solomon codes, is whether an efficient list-decoder for Gabidulin code s exists that would a llo w correction of errors above the error-corr ection bound. W e b eliev e that, with respe ct to forward error (and e rasure) correction, Gabidulin c odes will play the same role in rand om network coding that Reed-Solomon code s have played in traditional communication 36 systems. R E F E R E N C E S [1] T . Ho, R. K oetter , M. M ´ edard, D. R. Karger , and M. Effros, “The benefits of coding over routing i n a randomized setting, ” in Pr oc. IEEE Int. Symp. Information Theory , Y okohama, Japan, Jun. 29–Jul. 4, 2003, p. 442. [2] P . A. Chou, Y . Wu , and K. Jain, “Practical network coding, ” in Proc. Allerton Conf. on Comm., Contr ol, and Computing , Monticello, IL, Oct. 200 3. [3] T . Ho, M. M ´ edard, R. Koetter , D. R. Karger , M. Effros, J. Shi, and B. Leong, “ A random linear network coding approach to multicast, ” IEEE T r ans. Inf. Theory , vol. 52, no. 10, pp. 4413–4430 , Oct. 2006. [4] N. Cai and R. W . Y eung, “Network coding and error correction, ” in Proc. 2002 IEEE Inform. Theory W orkshop , Oct. 20–25, 2002, pp. 119– 122. [5] R. W . Y eung and N. Cai, “Network error correction, part I: Basic concepts and upper bounds, ” Commun . Inform. Syst. , vol. 6, no. 1, pp. 19–36, 2006. [6] N. Cai and R. W . Y eung, “Netw ork error correction, part II : Lower bounds, ” Commun. Inform. Syst. , vol. 6, no. 1, pp. 37–54, 2006. [7] Z. Zhang, “Linear netwo rk error correction codes in packet networks, ” IEEE T ran s. Inf. Theory , v ol. 54, no. 1, pp. 209–218, 2008. [8] S. Jaggi, M. Langber g, S. Katti, T . Ho, D. Katabi, and M. M ´ ed ard, “Resilient network coding in the presence of Byzantine adversa ries, ” in Pr oc. 26th IEEE Int. Conf . on Computer Commun. , Anchorage, AK, May 2007, pp. 616–624. [9] R. K ¨ o tter and F . R. Kschischa ng, “Coding for errors and erasures in rando m network coding, ” IEEE T rans. Inf. Theory , 2008, to be published. [Online]. A vailable: http://arxiv . org/abs/cs/07 03061 [10] P . Delsarte, “Bilinear forms over a finite fi eld, with applications to coding theory , ” J . of Comb . Theory . Series A , vol. 25, pp. 226–241, 1978. [11] E. M. Gabidulin, “Theory of codes with maximum rank distance, ” Probl. Inform. T ransm , vol. 21, no. 1, pp. 1–12, 1985. [12] R. M. Roth, “Maximum-rank array codes and their app lication to crisscross error correction, ” IEEE Tr ans. Inf. Theory , vol. 37, pp. 328–33 6, 1991 . [13] G. Richter and S. Plass, “Error and erasure decoding of rank-codes with a modified Berlekamp-Masse y algorithm, ” in Pr oc. ITG Conf. on Sour ce and Channel Coding , Erlangen, Germany , Jan. 2004 . [14] P . Loidreau, “ A Welch-Berlekamp like algorithm for decoding Gabidulin code s, ” in Pr oc. 4th Int. W orkshop on Coding and Cryptogr aphy , 2005 . [15] E. M. Gabidulin, A. V . Paramono v , and O. V . T retjako v , “Rank errors and rank erasures correction, ” in Pr oc. 4th Int. Colloq. Coding T heory , Dilijan, Armenia, 1991 , Y erev an, 1992, pp. 11–19. [16] E. M. Gabidulin and N. I. Pilipchuk, “ A ne w method of erasure correction by rank codes, ” in Proc. IE EE Int. Symp. Information Theory , Jun. 29–Jul. 4, 2003, p. 423. [17] G. Richter and S. Plass, “Fast decoding of rank-codes with rank errors and column erasures, ” in Pr oc. IEEE Int. Symp. Information Theory , Jun. 27–Jul. 2, 2004, pp. 398–398. [18] N. I. P ilipchuk and E. M. Gabidu lin, “E rasure correcting algorithms for rank codes, ” 2007, to be published. [19] R. M. R oth and G. Seroussi, “Location-correcting codes, ” IEE E Tr ans. Inf. Theory , vol. 42, no. 2, pp. 554–5 65, Mar . 1996. [20] P . Loidreau, “ ´ Etude et optimisation de cryptosyst ` emes ` a cl ´ e publique fond ´ es sur la th ´ eorie des codes correcteurs, ” Ph.D. Dissertation, ´ Ecole Polytechnique, Paris, France, May 200 1. 37 [21] M. Gadouleau and Z. Y an, “Properties of codes with the rank metric, ” i n Pr oc. IEEE Globecom 2006 , San F rancisco, CA, Nov . 27–Dec. 1, 2006 . [22] H. W ang, C. Xing, and R. Safa vi-Naini, “Linear authen tication codes: bounds and constructions, ” IEEE T rans. Inf. Theory , vol. 49, no. 4, pp. 866–872, 2003. [23] S.-T . Xia and F .- W . Fu, “Joh nson type bounds on constant dimension codes, ” 2007, submitted for publication. [Online]. A va ilable: http:// arxi v .org/abs/0709.10 74v1 [24] D. Silva and F . R. Kschischa ng, “On metrics for error correction in network codin g, ” 2008, submitted for publication. [25] R. Lidl and H. Ni ederreiter , F inite Fields . Reading, MA: Addison-W esley , 1983. [26] F . MacWilliams and N. S loane, The Theory of Err or -Corr ecting Codes . Amsterdam: North-Holland, 1977. [27] V . Skachek and R. M. Roth, “Probabilistic algorithm for fi nding r oots of linearized poly nomials, ” Designs, Codes and Cryptogr aphy , vol. 46, no. 1, pp. 17–23, 2008, also in Comput. Sci. Dept., T echnion, T ech. Rep. CS-2004-08 , Jun. 2004. [28] E. R. Berlekamp, Algeb raic Coding Theory . New Y ork: McGraw-Hill, 1968. [29] D. S ilva and F . R. Kschischang, “Rank-metric codes for priority encodin g transmission wi th network codin g, ” in Pr o c. 10th Canadian W orkshop Inform. Theory , Edmonton, Alberta, Canada, Jun. 6–8, 2007, pp. 81–84. A P P E N D I X A. Pr oof of Pr oposition 7 Before proving Proposition 7, let us recall so me properties of the matrices I U and I U c , whe re I = I n × n , U ⊆ { 1 , . . . , n } and U c = { 1 , . . . , n } \ U . For any A ∈ F n × k q (respectiv ely , A ∈ F k × n q ), the matrix I T U A (res p., AI U ) extracts the rows (resp., columns) of A tha t a re indexed by U . Conv ersely , for any B ∈ F |U | × k q (resp., B ∈ F k ×|U | q ) the ma trix I U B (resp., B I T U ) rea llocates the rows (resp., columns) of B to the p ositions ind exed by U , where all-zero rows (resp., c olumns) a re inserted at the pos itions indexed by U c . Furthermore, obse rve tha t I U and I U c satisfy the follo wing properties: I = I U I T U + I U c I T U c , I T U I U = I |U | ×|U | I T U I U c = 0 . W e n ow give a proof of Proposition 7. Pr oof of Pr oposition 7: Let RRE ( Y ) den ote the redu ced ro w echelon form of Y . For i = 1 , . . . , N , let p i be the column position of the lead ing entry of row i in RRE ( Y ) . Let U c = { p 1 , . . . , p n − µ } and U = { 1 , . . . , n } \ U c . Note that |U | = µ . From the properties of the reduce d ro w echelon form, we can write RRE ( Y ) =   W ˜ r 0 ˆ E   38 where ˜ r ∈ F ( n − µ ) × m q , ˆ E ∈ F δ × m q has rank δ , and W ∈ F ( n − µ ) × n q satisfies W I U c = I ( n − µ ) × ( n − µ ) . Now , let ¯ Y =   I U c 0 0 I δ × δ   RRE ( Y ) =   I U c W r 0 ˆ E   where r = I U c ˜ r . Since I = I U c I T U c + I U I T U , we hav e I U c W = I U c W ( I U c I T U c + I U I T U ) = I U c I T U c + I U c W I U I T U = I − I U I T U + I U c W I U I T U = I + ˆ LI T U where ˆ L = − I U + I U c W I U . Also, since I T U I U = I µ × µ and I T U I U c = 0 , we hav e I T U ˆ L = − I µ × µ and I T U r = 0 . Thus, ¯ Y =   I + ˆ LI T U r 0 ˆ E   is a matrix with the same row space as Y . Th e proof is co mplete. B. Pr oof of Pr oposition 8 Pr oof of Pr oposition 8: W e want to show that *   I + ˆ LT I T S r 0 R ˆ E   + = *   I + ˆ LI T U r 0 ˆ E   + . From (5) and the f act that R is nonsingular (since rank R ˆ E = δ ), this a mounts to showing that Dh I + ˆ LT I T S r iE = Dh I + ˆ LI T U r iE . Let W 1 = I + ˆ LI T U and W 2 = I + ˆ LT I T S . Note that, since W 1 I U c = I U c and I T U h W 1 r i = 0 , we have that I T U c W 1 is full rank. Similarly , I T S h W 2 r i = 0 a nd I T S c W 2 is full rank. Thus , it suffices to prove that M h W 2 r i = h W 1 r i (44) for some M ∈ F n × n q . 39 Let A = U ∪ S an d B = U ∩ S . Observe that M can be partitioned into three sub-matrices, M I A c , M I S and M I U \B . Choose M I A c = I A c , and M I S arbitrarily . W e will ch oose M I U \B so tha t (44 ) is satisfied. First, note that M r = M ( I A c I T A c + I A I T A ) r = I A c I T A c r = r since I T A r = 0 . Thus , we jus t need to c onsider M W 2 = W 1 in (44). Moreover , note that M W 2 = M ( I A c I T A c + I S I T S + I U \B I T U \B ) W 2 = I A c I T A c W 2 + ( M I U \B )( I T U \B W 2 ) . Now , consider the sy stem M W 2 = W 1 . From bas ic linear algebra, we ca n so lve for M I U \B if and only if rank   I T U \B W 2 W 1 − I A c I T A c W 2   ≤ |U \ B | . Since I T U \B W 1 = 0 and I T S W 2 = 0 , we can rearrange rows to obtain rank   I T U \B W 2 W 1 − I A c I T A c W 2   = rank   I T U \B ( W 1 − W 2 ) I ( U \B ) c I T ( U \B ) c ( W 1 − W 2 )   = rank ( W 1 − W 2 ) . T o complete the proof, we will show that rank ( W 1 − W 2 ) ≤ |U \ B | . W e have rank ( W 1 − W 2 ) = ra nk ( ˆ LI T U − ˆ LT I T S ) ≤ rank ( I T U − T I T S ) = rank ( I T S ˆ LI T U + I T S ) (45) = rank I T S W 1 = rank I S I T S W 1 = rank ( I S \B I T S \B + I B I T B ) W 1 = rank I S \B I T S \B W 1 ≤ |S \ B | = |U \ B | . where (45) is obtained by left multi plying by I T S ˆ L = − T − 1 . 40 C. P r oof of Theo r em 9 Pr oof of The or em 9: W e ha ve rank   X Y   = rank      I x I + ˆ LI T U r 0 ˆ E      = rank      − ˆ LI T U x − r I + ˆ LI T U r 0 ˆ E      = rank      ˆ LI T U r − x I T U c ( I + ˆ LI T U ) I T U c r 0 ˆ E      (46) = rank      ˆ LI T U r − x I T U c I T U c x 0 ˆ E      (47) = rank   ˆ LI T U r − x 0 ˆ E   + rank h I T U c I T U c x i (48) = rank   ˆ L r − x 0 ˆ E   + n − µ (49) where (46) follo ws from I T U h I + ˆ L I T U r i = 0 , (48) follo ws by subtracting I T U c h ˆ L I T U r − x i from h I T U c ( I + ˆ LI T U ) I T U c r i , (48) follows from I T U c I U c = I ( n − µ ) × ( n − µ ) and ˆ LI T U I U c = 0 (i.e., the two matrices in (48) hav e row spaces tha t intersect tri vially), and (49) follo ws by d eleting the all-zero co lumns. Since rank X + rank Y = 2 n − µ + δ , we have d S ( h X i , h Y i ) = 2 ran k   X Y   − rank X − ran k Y = 2 rank   ˆ L r − x 0 ˆ E   − µ − δ . D. P r oof of Pr oposition 10 Before proving Propo sition 10, we n eed the follo wing lemma. 41 Lemma 14: For X ∈ F n × m q and Y ∈ F N × m q we have min A ∈ F N × n q rank ( Y − AX ) = rank   X Y   − rank X and for X ∈ F n × m q and Y ∈ F n × M q we hav e min B ∈ F m × M q rank ( Y − X B ) = rank h X Y i − rank X . Pr oof: For any A ∈ F N × n q , we hav e rank   X Y   = rank   X Y − AX   ≤ rank X + rank ( Y − AX ) which gi ves a lower bo und on rank ( Y − AX ) . W e n ow prove that this lower boun d is achiev able. Let Z ∈ F t × m q be such that h Y i = h X i ∩ h Y i ⊕ h Z i , where t = rank Y − ω and ω = di m h X i ∩ h Y i . Let B ∈ F ω × n q be su ch that h B X i = h X i ∩ h Y i . W e can write Y = T   B X Z   for some full-r ank T ∈ F N × ( ω + t ) q . Now , let A = T   B 0   ∈ F N × m q . Then rank ( Y − AX ) = rank ( T   B X Z   − T   B X 0   ) = rank ( T   0 Z   ) = ra nk Z = rank Y − dim ( h X i ∩ h Y i ) = rank   X Y   − rank X . This proves the first statement. The s econd statement is just the trans posed version of the first one. Pr oof of Pr oposition 10: Let ǫ ′ = min E (1) ,L (2) rank ( e − ˆ LE (1) − L (2) ˆ E ) . W e fi rst show the equiv alence of 1) and 2). From Lemma 14, w e have min L (2) rank ( e − ˆ LE (1) − L (2) ˆ E ) = ra nk   e − ˆ LE (1) ˆ E   − rank ˆ E . 42 Similarly , from Lemma 14 we ha ve min E (1) rank   e − ˆ LE (1) ˆ E   = min E (1) rank     e ˆ E   −   ˆ L 0   E (1)   = rank   ˆ L e 0 ˆ E   − rank ˆ L. Thus, ǫ ′ = rank   ˆ L e 0 ˆ E   − µ − δ and the equi valence is shown. Now , observe that the statement in 3) is equiv alent to the statement that τ ∗ − µ − δ is the minimum value of ǫ for which there exist E (1) ∈ F µ × m q , L (2) ∈ F n × δ q , L (3) ∈ F n × ǫ q and E (3) ∈ F ǫ × m q satisfying e = ˆ LE (1) + L (2) ˆ E + L (3) E (3) . T o sho w the eq uiv alence of 2) and 3), we will s how that ǫ ′ = ǫ ′′ , where ǫ ′′ = min ǫ,E (1) ,L (2) ,L (3) ,E (3) : e = ˆ LE (1) + L (2) ˆ E + L (3) E (3) ǫ. W e can rewrite ǫ ′′ as ǫ ′′ = min E (1) ,L (2) min ǫ,L (3) ,E (3) : e − ˆ LE (1) − L (2) ˆ E = L (3) E (3) ǫ = min E (1) ,L (2) rank ( e − ˆ LE (1) − L (2) ˆ E ) (50) = ǫ ′ . where (50) follo ws from (1). This shows the equiv alence between 2) and 3).