Linear time encodable binary code achieving GV bound with linear time encodable dual achieving GV bound
Martijn Brehm, Nicolas Resch
TL;DR
This work constructs a binary linear code of rate $1/2$ whose distance and dual distance both asymptotically approach the GV bound while supporting linear-time encoding for the code and its dual. The construction adapts repeat-multiple-accumulate codes by inserting inverse-accumulation (discrete derivative) rounds to bolster dual distance, yielding duals via reversed encoding order and ensuring duality ($H^T G=0$). The analysis bounds the input-output weight-enumerator and spectral-shape functions, using restricted spectral shapes to show that low- and mid-weight codewords remain negligible, thereby achieving a GV-bound distance for both the code and its dual with high probability as $n$ grows. A practical application to encrypted matrix-vector products demonstrates the potential efficiency gains from linear-time encodability in cryptographic protocols, while the work outlines future directions for field extensions, explicit constructions, and broader cryptographic use-cases.
Abstract
We initiate the study of what we term ``fast good codes'' with ``fast good duals.'' Specifically, we consider the task of constructing a rate 1/2 binary linear code such that both it and its dual are asymptotically good (in fact, have rate-distance tradeoff approaching the GV bound), and are encodable in linear time. While we believe such codes should find applications more broadly, as motivation we describe how such codes can be used the secure computation task of encrypted matrix-vector product. Our main contribution is a construction of such a fast good code with fast good dual. Our construction is inspired by the repeat multiple accumulate (RMA) code. To create the rate 1/2 code, after repeating each message coordinate, we perform accumulation steps -- where first a uniform coordinate permutation is applied, and afterwards the prefix-sum mod 2 is applied -- which are alternated with discrete derivative steps -- where again a uniform coordinate permutation is applied, and afterwards the previous two coordinates are summed mod 2. Importantly, these two operations are inverse of each other. In particular, the dual of the code is very similar, with the accumulation and discrete derivative steps reversed. Our analysis is inspired by a prior analysis of RMA: we bound the expected number of codewords of weight below the GV bound. We face new challenges in controlling the behaviour of the discrete derivative operation (which can significantly drop the weight of a vector), which we overcome by careful case analysis.