In this paper we consider Goppa codes which form a subclass of alternant codes. This family of codes was named after V.D. Goppa who described it in the early 1970’s. These codes have an interesting algebraic structure and contain good parameters. Goppa codes are believed to have high practical value. Some of the examples which are mostly named as direct application of Goppa codes are the McEliece and Niederreiter cyptosystems.
The McEliece cryptosystem is believed to be a cryptosystem which may have potential to withstand attack by quantum computers [1, 2]. However, what could be worrisome about this cryptosystem is that it chooses a Goppa code at random as its key yet the exact number of these codes for given parameters is not known. Can’t a brutal-force search, via equivalence of codes, be mounted by an adversary so as to find the key? This simply tells us how important the knowledge of the number of inequivalent Goppa codes for fixed parameters could facilitate in the evaluation of the security of such a cryptosystem. We find the best upper bound, available today, on the number of inequivalent irreducible Goppa codes in [3]. Our concern is to find an upper bound on the number of inequivalent extended irreducible Goppa codes. Some recent attempts to count inequivalent extended irreducible Goppa codes can be found in [4, 5, 6, 7]. In particular, this paper seeks to find a tight upper bound on the number of inequivalent extended irreducible binary Goppa codes of degree \((2\ell)^m\) and length \(2^n+1\) where \(n\) and \(\ell\) are odd prime numbers such that \(\ell\neq n\), \((\ell,2^n\pm 1)=1\) and \(m\geq 1\) is a positive integer. The tools which were used to count the non-extended versions (see [3]) are recalled in this paper.
Definition 1. Let \(q\) be a power of a prime number and \(g(z)\in \mathbb{F}_{q^{n}}[z]\) be irreducible of degree \(r\). Let \(L=\mathbb{F}_{q^{n}}=\{\zeta_{i}:0\leq i\leq q^{n}-1\}\). Then an irreducible Goppa code \(\Gamma(L,g)\) is defined as the set of all vectors \(\underline{c}=(c_{0},c_{1},…,c_{q^{n}-1})\) with components in \(\mathbb{F}_{q}\) which satisfy the condition \begin{align*} \sum\limits_{i=0}^{q^{n}-1} \dfrac{c_{i}}{z-\zeta _{i}}\equiv 0 \pmod{g(z)}. \end{align*} The set \(L\) is called the defining set and its cardinality defines the length of \(\Gamma(L,g)\). The polynomial \(g(z)\) is called the Goppa polynomial. If the degree of \(g(z)\) is \(r\) then the code is called an irreducible Goppa code of degree \(r\).
The roots of \(g(z)\) are contained in \(\mathbb{F}_{q^{nr}}\setminus \mathbb{F}_{q^{n}}\). If \(\alpha\) is any root of \(g(z)\) then it completely describes \(\Gamma(L,g)\). Chen in [8] described a parity check matrix \(\textbf{H}(\alpha)\) for \(\Gamma(L,g)\) which is given by \begin{align*} \textbf{H}(\alpha)= \begin{pmatrix} \dfrac{1}{\alpha-\zeta_{0}} & \dfrac{1}{\alpha-\zeta_{1}} & \cdots & \dfrac{1}{\alpha-\zeta_{q^{n}-1}} \end{pmatrix}. \end{align*} We will sometimes denote this code by \(C(\alpha)\). We next give the definition of extended irreducible Goppa codes.Definition 2. Let \(\Gamma(L,g)\) be an irreducible Goppa code of length \(q^{n}\). Then the extended code \(\overline{\Gamma(L,g)}\) is defined by \[\overline{\Gamma(L,g)}=\{(c_{0},c_{1},…,c_{q^{n}}): (c_{0},c_{1},…,c_{q^{n}-1})\in \Gamma(L,g) \;\; \text{and} \;\; \sum_{i=0}^{q^{n}}c_{i}=0\}.\]
Next we define the set which contains all the roots of all possible \(g(z)\) of degree \(r\).Definition 3. We define the set \(\mathbb{S}=\mathbb{S}(n,r)\) as the set of all elements in \(\mathbb{F}_{q^{nr}}\) of degree \(r\) over \(\mathbb{F}_{q^{n}} \).
Any irreducible Goppa code can be defined by an element in \(\mathbb{S}\). The converse is also true, that is, any element in \(\mathbb{S}\) defines an irreducible Goppa code. Since an irreducible Goppa code \(\Gamma(L,g)\) is determined uniquely by the Goppa polynomial \(g(z)\), or by a root \(\alpha\) of \(g(z)\), we define the mapping below. (For further details, see [8].)Definition 4. The relation \(\pi_{\zeta,\xi,i}\) defined on \(\mathbb{S}\) by \begin{equation*} \pi_{\zeta,\xi,i}:\alpha\mapsto\zeta\alpha^{q^{i}}+\xi \end{equation*} for fixed \(i,\zeta,\xi\) where \(1\leq i\leq nr\), \(\zeta\neq 0, \xi\in \mathbb{F}_{q^{n}}\) is a mapping on \(\mathbb{S}\).
This map sends irreducible Goppa codes into equivalent codes and we generalise this as follows:Theorem 5. (Ryan, [5]): If \(\alpha\) and \(\beta\) are related by an equation of the form \(\alpha=\zeta\beta^{q^{i}}+\xi\) for some \(\zeta\neq 0, \xi \in \mathbb{F}_{q^{n}}\), then the codes \(C(\alpha)\) and \(C(\beta)\) are equivalent.
The map in Definition 4 can be broken up into the composition of two maps as follows:Definition 6. Let \(H\) denote the set of all maps \(\{\pi_{\zeta,\xi}: \zeta\neq 0,\xi\in \mathbb{F}_{q^{n}}\}\).
Definition 7. Let \(G\) denote the set of all maps \(\{\sigma^{i}:1\leq i\leq nr\}\).
The sets of maps \(H\) and \(G\) together with the operation composition of maps both form groups which act on \(\mathbb{S}\).Definition 8. The action of \(H\) on \(\mathbb{S}\) induces orbits denoted by \(A(\alpha)\) where \(A(\alpha)=\{\zeta\alpha +\xi : \zeta \neq 0, \xi \in \mathbb{F}_{q^{n}}\}\).
Remark 1. We refer to \(A(\alpha)\) as an {\em affine set} containing \(\alpha\) where \(\alpha\) is an element of degree \(r\) over \(\mathbb{F}_{q^{n}}\) and \(\zeta, \xi \in \mathbb{F}_{q^{n}}\). Since \(\zeta \neq 0, \xi \in \mathbb{F}_{q^{n}}\) then to form the set \(A(\alpha)\) the number of choices for \(\zeta\) is \(q^{n}-1\) and \(\xi\) has \(q^{n}\) choices and so \(|A(\alpha)|=q^{n}(q^{n}-1)\).
Definition 9. Let \(\mathbb{A}\) denote set of all affine sets, i.e., \(\mathbb{A}=\{A(\alpha): \alpha \in \mathbb{S}\}\).
Next, we define a mapping on \(\mathbb{S}\) which sends extended irreducible Goppa codes into equivalent extended irreducible Goppa codes.Definition 10. The relation \(\pi_{\zeta_{1},\zeta_{2},\xi_{1},\xi_{2},i}\) defined on \(\mathbb{S}\) by \begin{equation*} \pi_{\zeta_{1},\zeta_{2},\xi_{1},\xi_{2},i}:\alpha \mapsto \frac{\zeta_{1}\alpha^{q^{i}}+\xi_{1} }{\zeta_{2}\alpha^{q^{i}}+\xi_{2}} \end{equation*} fixed \(i, \zeta_{j},\xi_{j}\) where \(0\leq i\leq nr\), \(\zeta_{j},\xi_{j} \in \mathbb{F}_{q^{n}}\), \(j=1,2\) and \(\zeta_{1}\xi_{2}\neq \zeta_{2}\xi_{1}\) is a mapping on \(\mathbb{S}\).
Since the scalars \(\zeta_{j}\) and \(\xi_{j}\) are defined up to scalar multiplication, we may assume that \(\zeta_{2}=1\) or \(\xi_{2}=1\) if \(\zeta_{2}=0\). We have the following generalisation:Theorem 11 {\rm (Berger, [9]):} If~ \(\pi_{\zeta_{1},\zeta_{2},\xi_{1},\xi_{2},i}(\alpha)=\beta\) then \(\overline{C}(\alpha)\) is equivalent to \(\overline{C}(\beta)\).
We also break up the map in Definition 10 into the composition of two maps as follows:Definition 12. Let \(F\) denote the set of all maps \(\{\pi_{\zeta_{1},\zeta_{2},\xi_{1},\xi_{2}}: \zeta_{j},\xi_{j}\in \mathbb{F}_{q^{n}}\), \(j=1,2\) and \(\zeta_{1}\xi_{2}\neq \zeta_{2}\xi_{1}\)}.
\(F\) forms a group under the operation of composition of maps and it acts on \(\mathbb{S}\).Definition 13. Let \(\alpha \in \mathbb{S}\). Then the orbit in \(\mathbb{S}\) containing \(\alpha\) under the action of \(F\) is \(O(\alpha)=\{\frac{\zeta_{1}\alpha +\xi_{1} }{\zeta_{2}\alpha +\xi_{2}}: \zeta_{j},\xi_{j}\in \mathbb{F}_{q^{n}}, j=1,2\) and \(\zeta_{1}\xi_{2} – \zeta_{2}\xi_{1}\neq 0\}\).
The cardinality of \(O(\alpha)\) is found in [6] and we state it as follow:Theorem 14. For any \(\alpha \in \mathbb{S}\), \(|O(\alpha)|=q^{3n}-q^{n}=q^n(q^n-1)(q^n+1)\).
Definition 15. Let \(\mathbb{O}_{F}\) denote the set of all orbits in \(\mathbb{S}\) under the action of \(F\), i.e., \(\mathbb{O}_{F}=\{O(\alpha): \alpha \in \mathbb{S}\}\). Observe that \(\mathbb{O}_{F}\) is a partition of the set \(\mathbb{S}\).
\(G\) acts on the set \(\mathbb{O}_{F}\) (see [7]). The sets \(O(\alpha)\) in \(\mathbb{O}_{F}\) can be partitioned into \(q^{n}+1\) sets. The theorem below provides more details.Theorem \(O(\alpha)=A(\alpha)\cup A(\frac{1}{\alpha})\cup A(\frac{1}{\alpha + 1})\cup A(\frac{1}{\alpha + \xi _{1}}) \cup A(\frac{1}{\alpha + \xi _{2}})\cup \dots \cup A(\frac{1}{\alpha + \xi _{q^{n}-2}})\) where \(\mathbb{F}_{q^{n}}=\{0,1,\xi_{1}, \xi_{2}, …, \xi_{q^{n}-2}\}\).
Observe that the sets \(\mathbb{O}_{F}\) and \(\mathbb{A}\) are different. \(\mathbb{O}_{F}\) is a partition on \(\mathbb{S}\) and also \(\mathbb{A}\) is a partition on \(\mathbb{S}\). The number of elements in \(\mathbb{A}\) is \(q^{n}+1\) times the number of elements in \(\mathbb{O}_{F}\), i.e., \(|\mathbb{A}|=(q^{n}+1) \times |\mathbb{O}_{F}|\). It is worth mentioning that \(G\) also acts on \(\mathbb{A}=\{A(\alpha): \alpha \in \mathbb{S}\}\) (see [6]).We are going to produce an upper bound on the number of inequivalent extended irreducible binary Goppa codes of degree \((2\ell)^m\) and length \(2^n+1\) where \(m\geq 1\), \(\ell\neq n\) and \((\ell,2^n\pm 1)=1\). We consider the tools, in [3], employed to count the non-extended irreducible binary Goppa codes and those used to count the extended irreducible binary Goppa codes of degrees \(4\), \(2^m\) and \(2p\) (with \(m\geq 1\) and \(p\) odd prime) in [4, 5, 6], respectively.
In counting the non-extended irreducible Goppa codes the action of \(H\) on \(\mathbb{S}\) is considered. This induces orbits in \(\mathbb{S}\) which are denoted by \(A(\alpha)\) as seen in previous section. We then consider the action of \(G\) on the set \(\mathbb{A}\) (recall that \(\mathbb{A}=\{A(\alpha):\alpha \in \mathbb{S}\}\)) and the number of orbits induced gives us an upper bound on the number of inequivalent irreducible Goppa codes.
To count extended irreducible Goppa codes the action of \(F\) on \(\mathbb{S}\) is considered. This action induces orbits in \(\mathbb{S}\) denoted by \(O(\alpha)\). The action of \(G\) on \(\mathbb{O}_F=\{O(\alpha):\alpha \in \mathbb{S}\}\) is then considered and the number of orbits induced gives us an upper bound on the number of inequivalent extended irreducible Goppa codes. It is worth pointing out that the action of \(G\) on \(\mathbb{O}_F\) largely depends on the results found when acting \(G\) on \(\mathbb{A}\).
To find the number of orbits in \(\mathbb{A}\) and \(\mathbb{O}_F\) we use the Cauchy Frobenius Theorem whose proof can be found in [10]. Since the Cauchy Frobenius Theorem is central in this paper we state it as follows:
Theorem 17. [Cauchy Frobenius Theorem] Let \(E\) be a finite group acting on a set \(X\). For any \(e\in E\), let \(X_{e}\) denote the set of elements of \(X\) fixed by \(e\). Then the number of orbits in \(X\) under the action of \(E\) is \(\frac{1}{|E|}\sum_{e\in H}|X_{e}|\).
Observe that the group \(G\) in Definition 7 is a cyclic group of order \((2\ell)^mn\), where \(n>2\) is prime, and it’s subgroups are all of the form \(\langle \sigma^h\rangle\), where \(h\) is a factor of \((2\ell)^mn\). In this section, we determine the \(G\)-orbits of this action.
We first need to know the number of affine sets \(A(\alpha)\) which are in \(\mathbb{A}\). By Section 3.2, \(|\mathbb{S}|=2^{(2\ell)^m)n}-2^{(2^{m-1}\ell^m)n}-2^{(2^m\ell^{m-1})n}+2^{(2\ell)^{m-1}n}\). Since \(|A(\alpha)|=2^{n}(2^{n}-1)\) then \(|\mathbb{A}|=|\mathbb{S}|/(2^{n}(2^{n}-1))\).
The expected length of orbits in \(\mathbb{A}\) under the action of \(G\) are all factors of \((2\ell)^mn\). For our convenience in factorizing \((2\ell)^mn\), we write it as \(2^m\ell^kn\) where \(m=k\). The trivial subgroup \(\langle\sigma^{2^m\ell^kn}\rangle\), containing the identity, fixes every affine set in \(\mathbb{A}\). In the following subsections, we separately consider the remaining subgroups of \(G\), i.e., \(\langle \sigma^{2^{m-1}\ell^kn}\rangle\), \(\langle \sigma^{2^m\ell^k}\rangle\), \(\langle \sigma^{2^{m-1}\ell^k}\rangle\), \(\langle \sigma^{2^s\ell^dn}\rangle\) and \(\langle \sigma^{2^s\ell^d}\rangle\), with \(0\leq s\leq m\) and \(0\leq d\leq k\), while avoiding the combinations (i) \(s=m\) and \(d=k\), (ii) \(s=m-1\) and \(d=k\) (these combinations have been considered already in other subgroups).
The approach we apply in the subsequent subsections in this section generalises the one used in [4] when considering the action of \(G\) on \(\mathbb{A}\).Suppose the orbit in \(\mathbb{A}\) under the action of \(G\) containing \(A(\alpha)\) contains \(2^{m-1}\ell^kn\) affine sets, i.e, \[\{A(\alpha), \sigma (A(\alpha)), \sigma^{2}(A(\alpha)), …, \sigma^{2^{m-1}\ell^kn-1}(A(\alpha))\}.\] Then \(A(\alpha)\) is fixed by \(\langle\sigma^{2^{m-1}\ell^kn}\rangle\). That is, \(\sigma^{2^{m-1}\ell^kn}(A(\alpha))=A(\alpha)\). So we have \(\sigma^{2^{m-1}\ell^kn}(\alpha)=\alpha ^{2^{2^{m-1}\ell^kn}}=\zeta \alpha + \xi\) for some \(\zeta\neq 0,\xi \in \mathbb{F}_{2^{n}}\). So applying \(\sigma^{2^{m-1}\ell^kn}\) for the second time we get \(\alpha=\sigma^{2^{m}\ell^kn}(\alpha)=\sigma^{2^{m}\ell^kn}(\zeta\alpha+\xi)=\zeta^{2^{2^{m-1}\ell^kn}}\alpha^{2^{2^{m-1}\ell^kn}}+\xi^{2^{m-1}\ell^kn}=\zeta\alpha^{2^{2^{m-1}\ell^kn}}+\xi=\zeta(\zeta\alpha+\xi)+\xi=\zeta^{2}\alpha+(\zeta+1)\xi\). We conclude that \(\zeta^2=1\) otherwise \((1-\zeta^{2})\alpha \in \mathbb{F}_{2^{n}}\), contradicting the fact that \(\alpha \in \mathbb{S}\). Since \(2\nmid (2^n-1)\) then \(\zeta^2=1\) implies \(\zeta=1\)
Hence, we have \(\alpha ^{2^{2^{m-1}\ell^kn}}=\alpha + \xi\) for some \(\xi \neq 0\in \mathbb{F}_{2^{n}}\). Multiplying both sides by \(\xi^{-1}\) we get \((\xi^{-1}\alpha)^{2^{2^{m-1}\ell^kn}}=(\xi^{-1}\alpha) + 1\). We may assume that \(\alpha\) satisfies the equation
If \(\alpha\) satisfies (4) then certainly all the \(2^{n}\) elements in the set \(\{\alpha +\xi: \xi \in \mathbb{F}_{2^{n}}\}\) also satisfy (\ref{eq1}) while the remaining elements in \(A(\alpha)\) do not satisfy (4). This follows from the fact that the equation \((\zeta\alpha + \xi)^{2^{2^{m-1}\ell^kn}}=\zeta\alpha^{2^{2^{m-1}\ell^kn}}+\xi=\zeta(\alpha +1)+\xi=\zeta\alpha +\zeta +\xi =(\zeta\alpha+\xi)+1\) holds if and only if \(\zeta=1\). Hence if \(\alpha\) satisfies (4) then \(A(\alpha)\) contains precisely \(2^{n}\) roots of (4}).
We now find the number of elements of \(\mathbb{S}\) which satisfy (4). We know thatSuppose the orbit in \(\mathbb{A}\) under the action of \(G\) containing \(A(\alpha)\) contains \(2^s\ell^dn\) affine sets where \(0\leq s\leq m\) and \(0\leq d\leq k\) while avoiding the combinations: (i) \(s=m\) and \(d=k\), (ii) \(s=m-1\) and \(d=k\). As in Subsection 3.3.1, then \(\sigma^{2^s\ell^dn}(\alpha)=\alpha^{2^{2^s\ell^dn}}=\zeta\alpha+\xi\) for some \(\zeta\neq 0, \xi\in \mathbb{F}_{2^{n}}\). Applying \(\sigma^{2^s\ell^dn}\) for \(2^{m-s}\ell^{m-d}\) times to \(\alpha\) we obtain \(\alpha=\sigma^{2^m\ell^kn}(\alpha)=\zeta^{2^{m-s}\ell^{k-d}}\alpha+(\zeta^{2^{m-s}\ell^{k-d}-1}+\zeta^{2^{m-s}\ell^{k-d}-2}+\cdots+\zeta^{2}+\zeta+1)\xi\). We conclude that \(\zeta^{2^{m-s}\ell^{k-d}}=1\) otherwise \((1-\zeta^{2^{m-s}\ell^{k-d}})\alpha \in \mathbb{F}_{2^{n}}\), contradicting the fact that \(\alpha \in \mathbb{S}\). The possibilities are that \(\zeta^{2^h}=1\) where \(h\) is a factor of \(2^{m-s}\ell^{k-d}\). Since \(2\nmid (2^{n}-1)\) and \(\ell\nmid (2^n-1)\) (by assumption) then, for all \(h\neq 1\), \(h\nmid(2^n-1)\). Hence the only possibility left is that \(\zeta=1\).
So \(\alpha ^{2^{2^s\ell^dn}}=\alpha + \xi\) for some \(\xi\neq 0 \in \mathbb{F}_{2^{n}}\). If we multiply both sides by \(\xi^{-1}\) we obtain \((\xi^{-1}\alpha)^{2^{2^s\ell^dn}}=(\xi^{-1}\alpha) + 1\). We assume that \(\alpha\) satisfies the equation \(x^{2^{2^s\ell^dn}}-x-1=0\). Using similar argument to the one in Subsection 3.3.1, all roots of \(x^{2^{2^s\ell^dn}}-x-1=0\) lie in \(\mathbb{F}_{2^{2^{s+1}\ell^d}}\), \(\mathbb{F}_{2^{(2^{s+1}\ell^{d-1})n}}\) and \(\mathbb{F}_{2^{(2^{s+1}\ell^dn)}}\) (none is in \(\mathbb{S}\)). We conclude that there is no affine set \(A(\alpha)\) fixed under \(\langle\sigma^{2^s\ell^dn}\rangle\).
Suppose the orbit in \(\mathbb{A}\) under the action of \(G\) containing \(A(\alpha)\) contains \(2^{m}\) affine sets. Then \(A(\alpha)\) is fixed under \(\langle\sigma^{2^{m}\ell^k}\rangle\). It is proved in [3] that if \(r\) is the degree of irreducible Goppa codes then the number of affine sets fixed by \(\langle\sigma^{r}\rangle\) is \(|\mathbb{S}(1,r)|/(q(q-1))\). Also note that if an affine set \(A(\alpha)\) is fixed under \(\langle\sigma^{r}\rangle\) then it contains some fixed points, that is, some elements in \(A(\alpha)\) satisfy the equation \(x^{2^r}=x\). In our case, we have \(q=2\) and \(r=2^m\ell^k\). Hence the number of affine sets fixed by \(\langle\sigma^{2^{m}\ell^k}\rangle\) is \(|\mathbb{S}(1,2^{m})|/(2(2-1))=(2^{2^{m}\ell^k}-2^{2^{m-1}\ell^k}-2^{2^m\ell^{k-1}}+2^{2^{m-1}\ell^{k-1}})/2=2^{2^{m}\ell^k-1}-2^{2^{m-1}\ell^k-1}-2^{2^m\ell^{k-1}-1}+2^{2^{m-1}\ell^{k-1}-1}\).
Suppose the orbit in \(\mathbb{A}\) under the action of \(G\) containing \(A(\alpha)\) contains \(2^{m-1}\ell^k\) affine sets. Then \(A(\alpha)\) is fixed by \(\langle\sigma^{2^{m-1}\ell^k}\rangle\). So we have \(\sigma^{2^{m-1}\ell^k}(\alpha)=\alpha^{2^{2^{m-1}\ell^k}}=\zeta\alpha+\xi\) for some \(\zeta\neq 0, \xi\in \mathbb{F}_{2^{n}}\). But if \(A(\alpha)\) is fixed under \(\langle\sigma^{2^{m-1}\ell^k}\rangle\) then it is also fixed under \(\langle\sigma^{2^{m}\ell^k}\rangle\) since \(\langle\sigma^{2^{m}\ell^k}\rangle\subset \langle\sigma^{2^{m-1}\ell^k}\rangle\). So \(A(\alpha)\) contains a fixed point. That is \(A(\alpha)\) contains some elements which satisfy \(x^{2^{2^{m}\ell^k}}=x\) and these elements are in \(\mathbb{F}_{2^{2^m\ell^k}}\setminus(\mathbb{F}_{2^{2^{m-1}\ell^k}}\cup \mathbb{F}_{2^{2^m\ell^{k-1}}})\). Assume \(\alpha \in \mathbb{F}_{2^{2^m\ell^k}}\setminus(\mathbb{F}_{2^{2^{m-1}\ell^k}}\cup \mathbb{F}_{2^{2^m\ell^{k-1}}})\) then applying \(\sigma^{2^{m-1}\ell^k}\) twice to \(\alpha\) we obtain \(\alpha=\alpha^{2^{2^{m}\ell^k}}=\zeta^{2^{2^{m-1}\ell^k}}(\zeta\alpha+\xi)+\xi^{2^{2^{m-1}\ell^k}}=\zeta^{2^{2^{m-1}\ell^k}+1}\alpha +\zeta^{2^{2^{m-1}\ell^k}}\xi+\xi^{2^{2^{m-1}\ell^k}}\). We conclude that \(\zeta^{2^{2^{m-1}\ell^k}+1}=1\) otherwise \(\zeta^{2^{2^{m-1}\ell^k}+1}\neq 1\) would mean \((1-\zeta^{2^{2^{m-1}\ell^k}+1})\alpha \in \mathbb{F}_{2^{n}}\) contradicting the fact that \(\alpha\) is of degree \(2^{m}\ell^k\).
We now show that \(2^{2^{m-1}\ell^k}+1\) is relatively prime to \(2^{n}-1\). Let \(e=2^{m-1}\ell^k\). It suffices to show that \((2^e+1,2^{n}-1)=1\). We show this by contradiction. Assume that \((2^e+1, 2^{n}-1)\neq 1\). That is there must be some odd prime \(p\) which divides both \(2^e+1\) and \(2^{n}-1\). This implies that \(2^n\equiv 1 \pmod{p}\) and \(2^e\equiv -1 \pmod{p}\). So \(2^e\equiv -1 \pmod{p}\) implies \(2^{2e}\equiv(-1)^{2}=1\equiv 2^{n} \pmod{p}\). Thus \(n\equiv 2e\pmod{(p-1)}\). Since \(p-1\) is even then \(n\) is also even. This establishes a contradiction since \(n\) is an odd prime. Hence \((2^e+1, 2^{n} – 1) = 1\) for odd \(n\).
Since \((2^{2^{m-1}\ell^k}+1, 2^{n}-1)=1\) then we conclude that \(\zeta^{2^{2^{m-1}\ell^k}+1}=1\) implies \(\zeta=1\). So the equation \(\alpha=\zeta^{2^{2^{m-1}\ell^k}+1}\alpha+\zeta^{2^{2^{m-1}\ell^k}}\xi+\xi^{2^{2^{m-1}\ell^k}}\) implies \(\alpha=\alpha+\xi+\xi^{2^{2^{m-1}\ell^k}}\). Clearly, \(\xi\) is in the intersection of the fields of order \(2^{2^{m-1}\ell^k}\) and \(2^{n}\). Since \((2^{m-1}\ell^k,n)=1\) then either \(\xi\) is 0 or 1. But \(\xi=0\) is impossible since this would mean that \(\alpha\in \mathbb{F}_{2^{2^{m-1}\ell^k}}\). So \(\xi\) must be 1.
So \(\alpha ^{2^{2^{m-1}\ell^k}}=\alpha + 1\). Clearly \(\alpha\) satisfies the equationWe now show that \(2^{\overline{n}\cdot 2^s\ell^d}+2^{(\overline{n}-1)\cdot 2^s\ell^d}+\cdots+2^{3\cdot 2^s\ell^d}+2^{2\cdot 2^s\ell^d}+2^{2^s\ell^d}+1\) and \(2^{n}-1\) are coprime. First observe that \(2^{\overline{n}\cdot 2^s\ell^d}+2^{(\overline{n}-1)\cdot 2^s\ell^d}+\cdots+2^{3\cdot 2^s\ell^d}+2^{2\cdot 2^s\ell^d}+2^{2^s\ell^d}+1=(2^{2^s\ell^d(\overline{n}+1)}-1)/(2^{2^s\ell^d}-1)=(2^{2^m\ell^k}-1)/(2^{2^s\ell^d}-1)\). But we have \((2^m\ell^k,n)=1\), so \((2^{2^m\ell^k}-1, 2^n-1)=1\) from which we conclude that \(2^{\overline{n}\cdot 2^s\ell^d}+2^{(\overline{n}-1)\cdot 2^s\ell^d}+\cdots+2^{3\cdot 2^s\ell^d}+2^{2\cdot 2^s\ell^d}+2^{2^s\ell^d}+1\) and \(2^{n}-1\) are coprime.
Hence \(\zeta^{2^{\overline{n}\cdot 2^s\ell^d}+2^{(\overline{n}-1)\cdot 2^s\ell^d}+\cdots+2^{3\cdot 2^s\ell^d}+2^{2\cdot 2^s\ell^d}+2^{2^s\ell^d}+1}=1\) implies \(\zeta=1\). Since \(\zeta=1\) then (7) becomes \(\alpha=\alpha +\xi+\xi^{2^{2^sl^d}}+\xi^{2^{2\cdot 2^s\ell^d}}+\cdots+\xi^{2^{(\overline{n}-2)2^s\ell^d}}+\xi^{2^{(\overline{n}-1)2^s\ell^d}}+\xi^{2^{\overline{n}\cdot 2^s\ell^d}}\). It is clear that \(\xi\) is in the intersection of the fields of order \(2^{2^s\ell^d}\) and \(2^{n}\). Since \((2^s\ell^d,n)=1\) then \(\xi\) is either 0 or 1. But \(\xi=0\) is impossible since this would mean that \(\alpha\in \mathbb{F}_{2^{2^{s}}}\). So \(\xi\) must be 1.
So we have \(\alpha ^{2^{2^s\ell^d}}=\alpha + 1\). Clearly \(\alpha\) satisfies the equation \(x^{2^{2^s\ell^d}}-x-1=0\). Observe that \(\alpha +1\) also satisfies the equation \(x^{2^{2^s\ell^k}}-x-1=0\) and one can easily check that these are the only elements in \(A(\alpha)\) which satisfy \(x^{2^{2^s\ell^k}}-x-1=0\). Using similar argument to the one in Subsection 3.3.1, all the \(2^{2^s\ell^k}\) roots of \(x^{2^{2^s\ell^d}}-x-1\) lie in \(\mathbb{F}_{2^{(2^{s+1}\ell^{d-1})}}\) and \(\mathbb{F}_{2^{(2^{s+1}\ell^d)}}\) (not in \(\mathbb{S}\)). Hence we conclude that there is no affine set fixed under \(\langle\sigma^{2^s\ell^d}\rangle\).
| Subgroup of \(G\) | Order of Subgroup | No. of elements not in previous subgroup | No. of fixed affine sets | Product of columns 3 and 4 |
|---|---|---|---|---|
| \(\langle \sigma^{2^m\ell^kn} \rangle\) | 1 | 1 | \(\frac{|\mathbb{S}(n,2^m\ell^k)|}{2^{n}(2^{n}-1)}\) | \(\frac{|\mathbb{S}(n,2^m\ell^k)|}{2^{n}(2^{n}-1)}\) |
| \(\langle \sigma^{2^{m-1}\ell^kn} \rangle\) | 2 | 1 | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) |
| \(\langle \sigma^{2^m\ell^k} \rangle\) | \(n\) | \(n-1\) | \(|\mathbb{S}(1,2^m\ell^k)|\) | \((n-1)|\mathbb{S}(1,2^m\ell^k)|\) |
| \(\langle \sigma^{2^{m-1}\ell^k} \rangle\) | \(2n\) | \(n-1\) | \(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1}\) | \((n-1)(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1})\) |
Remark 2. The number of orbits in \(\mathbb{A}\) under the action of \(G\) gives us an upper bound on the number of irreducible Goppa codes. By the Cauchy Frobenius Theorem, the number of orbits in \(\mathbb{A}\) under the action of \(G\) is \(\frac{2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}+(n-1)|\mathbb{S}(1,2^m\ell^k)|+(n-1)(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1})+\delta}{n(2^m\ell^k)}\) where \(\delta=|\mathbb{S}(n,2^m\ell^k)|/(2^{n}(2^{n}-1))\).
Suppose \(O(\alpha)\in \mathbb{O}_{F}\) is fixed under \(\langle\sigma^{2^s\ell^d}\rangle\) where \(0\leq s\leq m\) and \(0\leq d\leq k\) while avoiding the combinations: (i) \(s=m\) and \(d=k\), (i) \(s=m-1\) and \(d=k\). Then \(\langle\sigma^{2^s\ell^d}\rangle\) acts on \(O(\alpha)\) which is seen as a set of \(2^{n}+1\) affine sets. \(\langle\sigma^{2^s\ell^d}\rangle\) partitions this set of \(2^{n}+1\) affine sets. The possible lengths of orbits are all factors of \(2^{m-s}\ell^{k-d}n\). By Subsection 3.3.5, no affine set is fixed under \(\langle\sigma^{2^s\ell^d}\rangle\), so no orbits of length one are expected. Since \(O(\alpha)\) contains an odd number of affine sets then the possibility that all orbits are of even length is precluded. Since \(2^{n}+1\equiv 3 \pmod{n}\) (see Subsection 3.5.3) we also preclude the possibility that all orbits are of length \(n\). Also, by assumption, \(\ell\nmid (2^n+1)\) so we cannot have all orbits of length \(\ell\).
We now consider the possibility of \(x\) affine sets partitioned in orbits of length \(2^i\), with \(1\leq i\leq m-s\) and \(2^{n}+1-x\) affine sets partitioned in orbits of length multiples of \(n\), i.e., \(2^{n}+1-x\equiv 0\pmod{n}\). Since \(2^{n}+1\equiv 3\pmod{n}\), \(x\) has the form \(jn+3\) where \(j\) is an odd integer. Since \(2|x\) then \(j\) is non zero. So there are \(jn + 3 > 3\) affine sets permuted in orbits of length \(2^i\) under \(\langle\sigma^{2^s\ell^d}\rangle\). Since \(\langle\sigma^{2^{s+i}\ell^d}\rangle\subset \langle\sigma^{2^s\ell^d}\rangle\) it is easy to observe that \(2^i\) affine sets that form an orbit under \(\langle\sigma^{2^s\ell^d}\rangle\) are fixed under \(\langle\sigma^{2^{s+i}\ell^d}\rangle\). If \(s=m-2\) and \(d=k\) (recall that we cannot have \(s=m-1,m\) and \(d=k\) here) then it would mean that there exist a fixed \(O(\alpha)\) under \(\langle\sigma^{2^{m-2+i}\ell^k}\rangle\), with \(i=1\) or \(i=2\), which contains more than \(3\) affine sets fixed under \(\langle\sigma^{2^{m-2+i}\ell^k}\rangle\), contradicting Subsections 3.5.3 and 3.5.4. Also note that, by excluding the combinations we just considered (i.e., \(s+i=m-1,m\) and \(d=k\)), no affine set is fixed under \(\langle\sigma^{2^{s+i}\ell^d}\rangle\) (see Subsection 3.3.5) so it would be a contradiction to say that more than \(3\) affine sets in each fixed \(O(\alpha)\) are fixed under \(\langle\sigma^{2^{s+i}l^d}\rangle\). A similar argument can be used to show that orbit lengths of \(2^i\) and multiples of \(\ell\) are also not possible.
Next, we check the possibility of orbit lengths of multiples of \(\ell\) and \(n\). If \(x\) affine sets are partitioned into orbits of length multiples of \(\ell\) then \(2^n+1-x\) affine sets are partitioned into orbits of length multiples of \(n\). So \(2^n+1-x\equiv 0 \pmod{n}\) and hence \(x\) must be of the \(hn+3\) because \(2^n+1\equiv 3\pmod{n}\). Observe that since \(3\mid 2^n+1\) (because \(2^n+1=2^{2t+1}+1=2\cdot2^{2t}+1\equiv 3\equiv 0 \pmod{3}\)) then \(\ell\neq 3\). So there are \(hn + 3>3\) affine sets permuted in orbits of length multiples of \(\ell\) under \(\langle\sigma^{2^s\ell^d}\rangle\). Note that since \(\langle\sigma^{2^s\ell^{d+1}}\rangle\subset \langle\sigma^{2^s\ell^d}\rangle\) so an orbit of length \(\ell\) under \(\langle\sigma^{2^s\ell^d}\rangle\) is fixed under \(\langle\sigma^{2^s\ell^{d+1}}\rangle\). An argument similar to the one above shows that the orbit lengths of \(\ell\) and \(n\) are impossible.
What about the possibility of orbit lengths of \(2^i\), \(\ell\) and \(n\)? Again, if \(x\) is the number of affine sets partitioned in orbits of length \(2^i\) and multiples of \(\ell\) then \(2^n+1-x\) is the number of affine sets partitioned in orbits of length \(n\). Since \(2^{n}+1\equiv 3\pmod{n}\) then the form of \(x\), the number of affine sets partitioned in orbits of length \(2^i\) and \(\ell\), is \(hn+3\) for some integer \(h\). Since \((n,\ell)=1\) then we can write \(y\ell=zn+1\) for some integers \(y\) and \(z\) (by Bezout’s identity). Hence we can write \(hn+3=(hn+1)+2=w\ell+2=g\ell + (f\ell+2)\), for some integers \(w\), \(g\) and \(f\), where \(g\ell\) are affine sets partitioned into orbits of length \(\ell\) and \(f\ell+2\) are affine sets partitioned into orbits of length \(2^i\). Since 2 must divide \(f\ell+2\) then \(f\) has to be even. It is clear that \(f\ell+2\geq 2\). If \(f=0\) then it implies that 2 affine sets in a fixed \(O(\alpha)\) form an orbit under \(\langle\sigma^{2^s\ell^d}\rangle\). If \(s=m-2\) and \(d=k\) then, since \(\langle\sigma^{2^{s+1}\ell^d}\rangle\subset\langle\sigma^{2^s\ell^d}\rangle\), it would mean that \(\langle\sigma^{2^{m-1}\ell^k}\rangle\) fixes 2 affine sets in each fixed \(O(\alpha)\) which is a contradiction as it only fixes one affine set (see Subsection 3.5.4). For any other combination of \(s\) and \(d\) it would mean that 2 affine sets are fixed in an \(O(\alpha)\) fixed under \(\langle\sigma^{2^{s+1}\ell^d}\rangle\) which is again contradiction as in Subsection 3.3.5 it shows that no such subgroup fixes any affine set. Also \(f>1\) is impossible as it would mean that four or more affine sets are fixed in some fixed \(O(\alpha)\) under some subgroup contained in \(\langle\sigma^{2^s\ell^d}\rangle\) which cannot happen by previous subsections. We have exhausted all the possibilities and we thus conclude that there is no \(O(\alpha)\) in \(\mathbb{O}_{F}\) which is fixed under \(\langle\sigma^{2^{s}\ell^d}\rangle\).
| Subgroup of \(G\) | Order of Subgroup | No. of elements not in previous subgroup | No. of fixed \(O(\alpha)\) | Product of columns 3 and 4 |
|---|---|---|---|---|
| \(\langle \sigma^{2^m\ell^kn} \rangle\) | 1 | 1 | \(\frac{|\mathbb{S}|}{2^{n}(2^{n}-1)(2^{n}+1)}\) | \(\frac{|\mathbb{S}|}{2^{n}(2^{n}-1)(2^{n}+1)}\) |
| \(\langle \sigma^{2^{m-1}\ell^kn} \rangle\) | 2 | 1 | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) |
| \(\langle \sigma^{2^m\ell^k} \rangle\) | \(n\) | \(n-1\) | \(|\mathbb{S}(1,2^m\ell^k)|/3\) | \((n-1)(|\mathbb{S}(1,2^m\ell^k)|)/3\) |
| \(\langle \sigma^{2^{m-1}\ell^k} \rangle\) | \(2n\) | \(n-1\) | \(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1}\) | \((n-1)(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1})\) |
Remark 3.
The number of orbits in \(\mathbb{O}_{F}\) under the action of \(G\) gives us an upper bound for the number of inequivalent extended irreducible binary Goppa codes. By the Cauchy Frobenius Theorem, the number of orbits in \(\mathbb{O}_{F}\) under the action of \(G\) is
\(\frac{2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}+(n-1)(|\mathbb{S}(1,2^m\ell^k)|)/3+(n-1)(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1})+\Delta}{2^m\ell^kn},\)
where \(\Delta=|\mathbb{S}(n,2^m\ell^k)|/(2^n(2^{n}-1)(2^n+1))\).
Theorem 18. Let \(n\) and \(\ell\) be odd prime numbers such that \((\ell,2^n \pm 1)=1\) and \(\ell\neq n\). The number of inequivalent extended irreducible binary Goppa codes of degree \((2\ell)^m\), with \(m\geq 1\) and length \(2^{n}+1\) is at most \[ \begin{cases} \frac{\left(\sum\limits_{i=1}^{(\ell-1)/2}\gamma^{2(\ell-i)-1}+\sum\limits_{i=0}^{\ell-2}(-1)^{i+1}\gamma^i\right)+(\gamma^{\ell-1}-1)+(n-1)(2^{2\ell-1}+2^\ell-4)/3}{2\ell n} & \text{ if } m=1 \\ & \\ \frac{\gamma^{\lambda-1}\left(\sum\limits_{i=0}^{(\lambda-2)/2}\gamma^{2i}\right)\left(\left(\sum\limits_{i=0}^{\ell-1}\gamma^{(\ell-1+i)\lambda}\right)-1\right)+\gamma^{\ell\lambda-1}-\gamma^{\lambda-1}+(n-1)(2^{2\ell\lambda-1}-2^{2\lambda-1}+2^{\ell\lambda}-2^\lambda)/3}{n(2\ell)^m} & \text{if } m>1 \end{cases}\] where \(\lambda=(2\ell)^{m-1}\) and \(\gamma=2^n\).
Example 1. The tables below compare the upper bound on the number of extended irreducible binary Goppa codes of degree \((2\ell)^m\) and length \(2^{n}+1\) and non-extended versions of length \(2^{n}\). The bounds on the number of the two versions of codes are obtained using Remark 2 and Theorem 18.
| Subgroup of \(G\) | Order of Subgroup | No. of elements not in previous subgroup | No. of fixed affine sets | Product of columns 3 and 4 |
|---|---|---|---|---|
| \(\langle \sigma^{2^m\ell^kn} \rangle\) | 1 | 1 | \(\frac{|\mathbb{S}(n,2^m\ell^k)|}{2^{n}(2^{n}-1)}\) | \(\frac{|\mathbb{S}(n,2^m\ell^k)|}{2^{n}(2^{n}-1)}\) |
| \(\langle \sigma^{2^{m-1}\ell^kn} \rangle\) | 2 | 1 | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) | \(2^{(2^{m-1}\ell^k-1)n}-2^{(2^{m-1}\ell^{k-1}-1)n}\) |
| \(\langle \sigma^{2^m\ell^k} \rangle\) | \(n\) | \(n-1\) | \(|\mathbb{S}(1,2^m\ell^k)|\) | \((n-1)|\mathbb{S}(1,2^m\ell^k)|\) |
| \(\langle \sigma^{2^{m-1}\ell^k} \rangle\) | \(2n\) | \(n-1\) | \(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1}\) | \((n-1)(2^{2^{m-1}\ell^k-1}-2^{2^{m-1}\ell^{k-1}-1})\) |
| \(n=7\), \(m=2\), \(\ell=5\) | |
|---|---|
| Non-Ext. Goppa codes | 4,622,588,496,158,230,374,051,769,793,025,984,836,851,746,873,965, |
| 809,423,771,689,488,776,657,578,801,416,6,920,445,784,006,149,455, | |
| 542,768,623,409,098,875,990,160,540,631, 751,785,597,245,560,480, | |
| 490,009,340,223,525,920,966,754,236,069,676,754,557,809,563, 115, | |
| 990,501,031,936 | |
| Ext. Goppa codes | 358,340,193,500,638,013,492,385,255,273,332,157,895,484,253,795, |
| 799,180,137,340,270,447,802,742,646,641,023,601,382,950,503,453, | |
| 909,148,362,538, 791,931,238,348,268,716,699,081,713,709,698,766, | |
| 594,405,529,127,416,760,975,801,640,365,691,439,359,515,939, 510, | |
| 005,752,320 |
