Goppa codes over the p-adic integers and integers modulo pe

Fini e Fields and Thei Applica ions 84 (2022) 102097
Con en s lis s a ailable a ScienceDi ec
Fini e Fields and Thei Applica ions
www.else ie .com/loca e/ffa
Goppa codes o e he p-adic in ege s and in ege s
modulo pe
Ma kel Epelde
Uni e sidad del País Vasco -Euskal He iko Unibe si a ea, Bizkaia, Spain
a i c l e i n o a b s a c
A icle his o y:
Recei ed 11 Oc obe 2021
Recei ed in e ised o m 22 Ap il
2022
Accep ed 27 July 2022
A ailable online 11 Augus 2022
Communica ed by Se gey Rybako
MSC:
11T71
94B05
Keywo ds:
Algeb aic codes
Goppa codes
McEliece c yp osys em
Goppa codes we e defined by Vale y D. Goppa in 1970. In
1978, Robe J. McEliece used his amily o e o -co ec ing
codes in his c yp osys em, which has gained popula i y in
he las decade due o i s esis ance o a acks om quan um
compu e s. In his pape , we p esen Goppa codes o e he
p-adic in ege s and in ege s modulo pe. This allows he
c ea ion o chains o Goppa codes o e diffe en ings. We
show some o hei p ope ies, such as pa i y-check ma ices
and minimum dis ance, and sugges hei c yp og aphic
applica ion, ollowing McEliece’s scheme.
© 2022 The Au ho . Published by Else ie Inc. This is an
open access a icle unde he CC BY-NC-ND license
(h p://c ea i ecommons.o g/licenses/by-nc-nd/4.0/).
In 1970, Vale y D. Goppa defined a new class o e o -co ec ing codes o e a fini e
field Fq, nowadays known as Goppa codes [6]. I we conside q o a p ime numbe p, om
an algeb aic poin o iew, Goppa codes a e Zp-subspaces o Zn
p. As e o -co ec ing
codes, he e also exis s a decoding algo i hm o hem, i.e., a me hod o find he closes
codewo d o a gi en elemen in Zn
p, p o ided he dis ance be ween hem is smalle han
he e o -co ec ing capabili y o he Goppa code. In 1978, Robe J. McEliece p esen ed
his c yp osys em [9], a me hod o enc yp a message by encoding an in o ma ion ec o
E-mail add ess: ma [email protected].
h ps://doi.o g/10.1016/j.ffa.2022.102097
1071-5797/© 2022 The Au ho . Published by Else ie Inc. This is an open access a icle unde he CC
BY-NC-ND license (h p://c ea i ecommons.o g/licenses/by-nc-nd/4.0/).
2M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
and adding e o s a ificially. Fo his c yp osys em, he sugges ed he use o bina y Goppa
codes and, while o he app oaches o code-based c yp osys ems ha e been success ully
a acked, his scheme emains mos ly in ac . Despi e i s d awbacks (such as i s la ge key
sizes), his scheme has egained popula i y due o his quan um esis ance and age [12].
In his pape , we define Goppa codes o e he p-adic in ege s and Zpe, i.e., he ing o
in ege s modulo pe, based on he o iginal idea om Goppa, and we hin a po en ial c yp-
og aphic applica ion o hem. In 2005, An onio A. de And ade and Reginaldo Palazzo
gene alized Goppa codes o fini e ings [1], bu using a diffe en app oach. Howe e , we
will ely on he gene aliza ion o Goppa’s o iginal in oduc ion [6]. This defini ion was
sugges ed by Ma kel Epelde e al. in 2020 o Z4[5] and, while de And ade’s gene aliza-
ion o he decoding algo i hm s ill wo ks, ou defini ion allows o show some addi ional
p ope ies. Bo h he defini ion and i s basic consequences can be seen in Sec ion 1. In
Sec ion 2, we desc ibe he chains o Goppa codes and he ela ions be ween hei pa i y-
check ma ices. In Sec ion 3, we show how o ge isomo phic Goppa codes o e diffe en
ings by changing one o he pa ame e s o he code. Changing he o he pa ame e leads
o some o he esul s in Sec ion 4. Finally, hei po en ial c yp og aphic applica ion is
shown in Sec ion 5.
Le us fix h ∈N∪{0}, le n ∈Nand le pbe a p ime numbe . We will deno e by
Rpe=GR(pe, h) he Galois ex ension o deg ee ho Zpe o any e ∈N, and by Rp∞ he
Galois ex ension o deg ee ho he ing o p-adic in ege s Zp∞, i.e.,
Rp∞=a0+pa1+···+peae+··· | ai∈Fph,∀i∈N∪{0}.
Obse e ha his ing is o med by o mal infini e sums o elemen s in an ex ension o
deg ee ho Zp.
Le i, j∈N∪{∞}such ha i ≥j. We deno e by ψpi,pj:Rpi→Rpj he na u al
p ojec ion o elemen s in Rpi o Rpj, and by 
ψpi,pj he ex ension o ψpi,pj o n- uples in
Rn
pi. Mo eo e , we define Ψpi,pj:Rpi[X] →Rpj[X]as he na u al gene aliza ion o ψpi,pj
o polynomials, i.e., sa is ying Ψpi,pj(n
k=0 akXk) =n
k=0 ψpi,pj(ak)Xk o a n ∈N.
1. Defini ion and basic p ope ies
Le us define Goppa codes o e Zpe, gene alizing Goppa’s o iginal defini ion in [6].
Defini ion 1. Le e ∈N∪{∞}, L =(α1, ..., αn) ∈Rn
peand g∈Rpe[X]o deg ee <n
such ha ψpe,p(αi) =ψpe,p(αj) o i =jand g(αi)is a uni , i.e., ψpe,p(g(αi)) =0 o
e e y i ∈{1, ..., n}. The Goppa code o pa ame e s Land go e Zpeis defined as
Γpe(L, g)=c∈Zn
pe|
n

i=1
ci
X−αi
≡0(modg(X)).
Example 1. Le h =4, and le p =2, e =3and Rpe=Z8[α], whe e αis an elemen o
mul iplica i e o de ph−1 = 15. Le g(X) =X3+α4X2+α5Xand, o ins ance,
M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 3
L=(1,α,α
4,α
3,α
5,α
11,α
14,α
2,α
8,α
13,α
9,α
12,α
6).
Then Γ8(L, g)is he code gene a ed by
G=(2125520325336).
This code has leng h 13, 8elemen s and minimum dis ance 7.
Rema k 1. Le α∈Rpeand g∈Rpe[X]such ha g(α)is a uni . Then,
(X−α)−1=−g(α)−1g(X)−g(α)
X−α
modulo g(X).
The p e ious ema k allows he p oo o he ollowing lemma.
Lemma 1. Le e ∈N∪{∞}, le Γpe(L, g)be a Goppa code o leng h n, and C={c ∈
Zn
pe| cH=0}, whe e
H=⎛
⎜
⎜
⎜
⎜
⎝
g(α1)−1g(α2)−1... g(αn)−1
α1g(α1)−1α2g(α2)−1... α
ng(αn)−1
α2
1g(α1)−1α2
2g(α2)−1... α
2
ng(αn)−1
.
.
..
.
.....
.
.
α −1
1g(α1)−1α −1
2g(α2)−1... α
−1
ng(αn)−1
⎞
⎟
⎟
⎟
⎟
⎠(1)
and =degg. Then, C⊆Γpe(L, g)and, i he leading coefficien o gis a uni o e =∞,
he equali y holds.
P oo . Le g(X) =
i=0 giXiand c ∈Zn
pe. Then, cH=0implies cHH
g=0, whe e
Hg=⎛
⎜
⎜
⎜
⎜
⎝
g 00... 0
g −1g 0... 0
.
.
..
.
........
.
.
g2g3... g
0
g1g2... g
−1g
⎞
⎟
⎟
⎟
⎟
⎠.
Obse e ha , when he leading coefficien o gis a uni , he condi ion is equi alen since
Hgis in e ible. Since Zp∞is an in eg al domain, he condi ion is also equi alen i
e =∞. This ma ix equali y ep esen s he ollowing equa ions
4M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
g (c1g(α1)−1+···+cng(αn)−1)=0
g −1(c1g(α1)−1+···+cng(αn)−1)+g (c1α1g(α1)−1+···+cnαng(αn)−1)=0
.
.
.
g1(c1g(α1)−1+···+cng(αn)−1)+g2(c1α1g(α1)−1+···+cnαng(αn)−1)
+···+g (c1α −1
1g(α1)−1+···+cnα −1
ng(αn)−1)=0
⎫
⎪
⎪
⎪
⎪
⎪
⎪
⎬
⎪
⎪
⎪
⎪
⎪
⎪
⎭
,
which can be w i en compiled in o one polynomial equali y. Namely,
−1

k=0 ⎛
⎝
−k

j=1
gk+j
n

i=1
ciαj−1
ig(αi)−1⎞
⎠Xk=0.
Rea anging he e ms, i ollows ha
n

i=1
cig(αi)−1
−1

k=0
Xk
−k

j=1
gk+jαj−1
i=0.(2)
No e ha
−1

k=0
Xk
−k

j=1
gk+jαj−1
i=

j=1
gj
j−1

k=0
αj−k−1
iXk=

k=0
gkXk−αk
i
X−αi=g(X)−g(αi)
X−αi
.
Since he deg ee o gis g ea e han he e m on he le -hand side o (2), his equa ion
can be w i en as
n

i=1
cig(αi)−1g(X)−g(αi)
X−αi≡0(modg(X)).
The e o e, cH=0implies (and is equi alen o, when he leading coefficien o gis a
uni o e =∞)
n

i=1
ci
X−αi
≡0(modg(X)),i.e., c∈Γpe(L, g).
Rema k 2. When c ∈Γpe(L, g)i and only i cH=0, we say ha His a pa i y-check
ma ix o he code. Howe e , his is an abuse o he e m, since he en ies o Hdo
no necessa ily belong o Zpe. In o de o w i e a pa i y-check ma ix in s ic sense, we
would ha e o expand each en y as a column o med by i s coo dina es wi h espec o
a Zpe-basis o Rpe, and hen emo e he edundan ows o he ma ix.
Example 2. Subs i u ing he en ies o he ma ix Hdefined as in (1) o he code in
Example 1wi h hei coo dina es wi h espec o he Z2-basis {1, α, α2, α3} esul s in
he pa i y-check ma ix
M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 5
H=
⎛
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎜
⎝
4377447036314
0776175437367
6674757766245
5254734666053
4602051336166
0370705652550
6340347205747
5055471151125
4001431121321
0663021333231
6335626574276
5333507346047
⎞
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎟
⎠
.
Recall ha a code o e a ing Ris said o be ee i i is isomo phic o Rk o some
k. We now p o e he ollowing lemma.
Lemma 2. The Goppa code Γp∞(L, g)is a ee code, i.e., a ee Rp∞-submodule o Rn
p∞.
P oo . By Lemma 1, Γp∞(L, g)is defined as he dual o he code wi h gene a o ma ix
Hin (1), and e e y dual code in Zp∞is ee [4]. 
Wi h Lemma a 1and 2, we can p o e he ollowing heo em, which consis s o he
basic p ope ies o Goppa codes as defined in Defini ion 1.
Theo em 1. Le e ∈N∪{∞}and le C=Γ
pe(L, g)be a Goppa code. Then,
(i) I e =∞, dimRp∞C≥n −h deg g. O he wise, |C| ≥pe(n−hdeg g).
(ii) Fo any j<e, C∩pjZn
pe=pj
ψ−1
pe,pe−j(Γpe−j(
ψpe,pe−j(L), Ψpe,pe−j(g))), whe e

ψ−1
pe,pe−j(A)deno es he p eimage o a subse A ⊆Zn
pe−j h ough he p ojec ion
map 
ψpe,pe−j. In pa icula , C∩pe−1Zn
peis isomo phic as a Fp-linea space o
Γp(
ψpe,p(L), Ψpe,p(g)), and o
Γpj(
ψpe,pj(L),Ψpe,pj(g)) ∩pj−1Zn
pj.
(iii) Fo any j∈N∪{∞} wi h j<e, 
ψpe,pj(C)is a subcode o Γpj(
ψpe,pj(L), Ψpe,pj(g))).
As a consequence, i e =∞and o a j∈N, Γpj(
ψpe,pj(L), Ψpe,pj(g)) ⊆pZn
pj,
hen C={0}and n ≤h deg g. Mo eo e , i e ∈Nand Cis ee, hen
Γpj(
ψpe,pj(L), Ψpe,pj(g)) =
ψpe,pj(Γpe(L, g)).
P oo . Le =degg, le Hbe as defined in (1)and le Hbe a pa i y-check ma ix o e
Zpeo he code C={c ∈Zn
pe| cH=0}.As a consequence o Rema k 2, Hhas a
mos h ows, |(C)⊥| ≤|Zpe| h =pe h. Hence, i e ∈N, |C| =|Zn
pe|/|(C)⊥| ≥pe(n− h).

6M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
Since, by Lemma 1, C⊆C, his p o es he esul . I e =∞, om Lemma 2i ollows ha
Γpe(L, g)is a ee code and, since om Lemma 1i ollows ha C=C, a pa i y-check
ma ix o Chas a mos h ows and i s dimension mus be g ea e han n − h.
Fo pa (ii), pjc ∈Γpe(L, g) ∩pjZn
pei and only i
n
i=1 pjci/(X−αi) ≡0(modg(X))
o , equi alen ly n
i=1 ci/(X−αi) ≡0(modg(X)) and modulo pe−j. This is exac ly
he condi ion o c o be a li o a codewo d in Γpe−j(
ψpe,pe−j(L), Ψpe,pe−j(g)). Taking
j=e −1 es ablishes ha he se o mul iples o pe−1in a Goppa code is isomo phic as
a Fp-linea space o i s adi ional Goppa code p ojec ion.
Finally, le us p o e (iii). By defini ion, c ∈Γpe(L, g)i and only i n
i=1
ci
X−αi≡
0(modg(X)). This cong uence is also ue modulo pj, so 
ψpe,pi(c) belongs o
Γpj(
ψpe,pi, Ψpe,pj(g)).
In pa icula , i e =∞, 
ψp∞,pj(C)is a ee subcode o Γpj(
ψpe,pj(L), Ψpe,pj(g)), so i
C ={0} hen Γpj(
ψpe,pj(L), Ψpe,pj(g)) pZn
pj.
Mo eo e , i Γpe(L, g)is ee o an e ∈N, hen 
ψpe,pj(Γpe(L, g)) is also ee and a
subcode o Γpj(
ψpe,pj(L), Ψpe,pj(g)). Le kbe he dimension o C. Since 
ψpe,pj(C)is ee
in Zpj, i has ca dinali y pjk. On he o he hand, by pa (ii) and since Cis ee,
|
ψpe,pj(C)|=|C ∩ pe−jZn
pe|=pjk.
Since 
ψpe,pj(C) ⊆Cand hey ha e he same ca dinali y, he equali y holds. 
Example 3.
1. Le Cbe he code in Example 1. Obse e ha , as claimed in pa (i) o he p e ious
heo em,
8=|C| ≥ pe(n−hdeg g)=2
3(13−4·3) =8.
Mo eo e , C4=Γ
4(
ψ8,4(L), Ψ8,4(g)) and C2=Γ
2(
ψ8,2(L), Ψ8,2(g)) a e he codes
gene a ed by ma ices
G4=(2121120321332)
and
G2=(0101100101110),
espec i ely. On he o he hand, C∩4Zn
8and C4∩2Zn
4a e gene a ed by
G3=(
0404400404440
)
and
M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 7
G1=(
0202200202220
),
espec i ely. As s a ed in pa (ii) o he p e ious heo em,
C∩4Z13
8∼
=C4∩2Z13
4∼
=C2
as {0, 1}-linea spaces. Finally, since Cis ee, no only a e 
ψ8,4(C)and 
ψ8,2(C) sub-
codes o C4and C2, espec i ely, bu he equali y also holds he e, as es ablished in
pa (iii) o he heo em.
2. Le gbe he same as in Example 1, and le
M=(1,α,α
4,α
3,α
5,α
11,α
14,α
2,α
8,α
13,α
9,α
12)∈Rn
8.
Then, D=Γ
8(M, g)is he code gene a ed by
Q=(
040440040444
).
Now, 2 =|D| ≥812−4·3=1, sa is ying pa (i) o Theo em 1, and, acco ding o pa
(ii), D=D∩4Z12
8∼
=D4∩2Z12
4∼
=D2, whe e D4=Γ
4(
ψ8,4(M), Ψ8,4(g)) and
D2=Γ
2(
ψ8,2(M), Ψ8,2(g)) is gene a ed by
Q4=(
020220020222
)
and
Q2=(
010110010111
).
Mo ing o pa (iii), 
ψ8,4(D) ={0}is included in D4and D2, and 
ψ4,2(D4) ={0}
is included in D2, bu he p ojec ions and he codes a e no iden ical. Finally, since
D⊆4Z12
4, we know ha Γ2∞(M, g) ={0} o any li Mand go Mand g,
espec i ely.
Rema k 3. Pa 1 o Example 3shows an ins ance o a Goppa code o e Z8being a
li o he co esponding Goppa codes o e Z4and Z2, and he code o e Z4being a
li o he co esponding code o e Z2. Howe e , as we can see in pa 2 o he same
example, in gene al, he codes Γpe(L, g)o e Zpea e no li s o i s equi alen o e Zp,
Γp(
ψpe,p(L), Ψpe,p(g)). Fo ins ance, in ha example he code o e he 2-adic in ege s is
i ial, whe eas he codes o e Z8, Z4and Z2ha e ca dinali y 2. In ac , none o hem
a e li s o he codes below.
Co olla y 1. Le e ∈N∪{∞} and le C=Γ
pe(L, g)be a Goppa code. The minimum
dis ance o Csa isfies d(C) ≥deg Ψpe,p(g) +1. Fu he mo e, i e =∞, Γp∞(L, g)sa isfies
d ≥deg g+1.
8M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
P oo . Le e ∈N. Obse e ha one can always find a (non-ze o) codewo d co minimum
weigh such ha c ∈C∩pe−1Zn
e. In ac , i cis a mul iple o psbu no a mul iple o ps+1,
hen pe−s−1c ∈C∩pe−1Zn
eand w(pe−s−1c) ≤w(c). Acco ding o pa (ii) o Theo em 1,
C∩pe−1Zn
e=pe−1
ψ−1
pe,p(Cp),
whe e Cp=Γ
p(
ψpe,p(L), Ψpe,p(g). Obse e ha C0is a adi ional Goppa code, ha ing
minimum weigh d(C0) ≥deg Ψpe,pg+1.
I e =∞, le Hbe as defined in (1)and le c ∈Γpe(L, g)be a non-ze o codewo d.
Then, by Lemma 1cH=0so he e exis w(c) linea ly dependen columns in H.
Howe e , any × subma ix o H educes o a Vande monde ma ix wi h a non-ze o
de e minan , so w(c) ≥ +1. The e o e, i x, y∈Γpe(L, g)a e wo dis inc codewo ds,
d(x, y) =w(x −y) ≥ +1. 
2. Pa i y-check ma ix
In his sec ion, we show he ela ion be ween Goppa codes o he same pa ame e s o e
diffe en ings and hei pa i y-check ma ices. Fi s , we p esen he ollowing lemma,
he p oo o which can be ound in [8].
Lemma 3. Le e ∈N, and le be a egula polynomial in Zpe[X]. Then, he e exis
a polynomial ∗∈Zpe[X]and q∈Zpe[X]such ha Ψpe,p( ) =Ψ
pe,p( ∗), (X) =
q(X) ∗(X)and he leading coefficien o ∗is a uni .
We can also show he ollowing ela ion be ween Goppa codes wi h simila polynomial
pa ame e s.
Lemma 4. Le e ∈N∪{∞} and le Γpe(L, g)be a Goppa code. Then, i he e exis s
polynomial g∗(X)such ha i s leading coefficien is a uni , gis a mul iple o g∗and
Ψpe,p(g∗) =Ψ
pe,p(g), hen Γpe(L, g) ⊆Γpe(L, g∗). Mo eo e , i e ∈N, he equali y
holds.
P oo . Le g∗, q∈Rpe[X]be such ha he leading coefficien o g∗(X)is a uni ,
g∗(X)q(X) =g(X)and Ψpe,p(g∗) =Ψ
pe,p(g). The e o e, o some uni uin Zpe,
Ψpe,p(q) =ψpe,p(u) =0, so q(X) =u +pm(X). This implies ha , i e ∈N, q(X)is a
uni , i s in e se being 1 −pu−1m(X) +p2u−2m(X)2+···+(−1)e−1pe−1u1−em(X)e−1.
The e o e, Γpe(L, g) =Γ
pe(L, q·g∗)and c ∈Γpe(L, g)iff
n

i=1
ci
X−αi
≡0(modq(X)g∗(X)).
Mul iplying he e m in he le -hand side by n
i=1(X−αi), i ollows ha c ∈Γpe(L, q·
g∗)i and only i q(X)g∗(X) di ides
M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 9
n

i=1
ci
1≤j≤n
j=i
(X−αi).
The e o e, i c ∈Γpe(L, g) hen g∗(X) di ides his e m. In ac , i q(X)g∗(X) di ides he
e m hen also g∗(X) di ides his e m. Since (g∗(X), X−αi) =1 o e e y i ∈{1, ..., n},
his is equi alen o c ∈Γpe(L, g∗). Obse e ha his code is well defined, since o all
i ∈{1, ..., n}, ψpe,p(g∗(αi)) =ψpe,p(g(αi)) =0. 
Wi h his in o ma ion, we can gi e an explici exp ession o a pa i y-check ma ix o
e e y Goppa code.
Theo em 2. Le e ∈N∪{∞}and le C=Γ
pe(L, g)be a Goppa code.
(i) I e =∞, Has in (1)is a pa i y-check ma ix o C.
(ii) I e ∈Nand g∗∈Rpe[X]is he polynomial sa is ying he condi ions in Lemma 4,
hen
H∗=⎛
⎜
⎜
⎜
⎜
⎜
⎝
g∗(α1)−1g∗(α2)−1... g∗(αn)−1
α1g∗(α1)−1α2g∗(α2)−1... α
ng∗(αn)−1
α2
1g∗(α1)−1α2
2g∗(α2)−1... α
2
ng∗(αn)−1
.
.
..
.
.....
.
.
α ∗−1
1g∗(α1)−1α ∗−1
2g∗(α2)−1... α
∗−1
ng∗(αn)−1
⎞
⎟
⎟
⎟
⎟
⎟
⎠
(3)
is a pa i y-check ma ix o C, whe e ∗=degg∗.
P oo . The fi s pa is s aigh o wa d om Lemma 1. Le e ∈N. By Lemma a 3and
4, he e exis s g∗∈Rpe[X]wi h a uni as leading coefficien such ha C=Ψ
pe,p(g∗)
and Γpe(L, g) =Γ
pe(L, g∗). Since he leading coefficien o g∗is a uni , by Lemma 1, H∗
is a pa i y check ma ix o C.
Example 4. Le us conside he pa ame e s in Example 1, and le (X) =2α14X4+(1 +
2α3)X3+3α4X2+α5X. Since he leading coefficien o gis a uni , Ψ8,2(g) =Ψ
8,2( )
and (X) =(1 +2α14X)g(X), om Lemma 4i ollows ha Γ8(L, ) =Γ
8(L, g)and H
om Example 2is a pa i y-check ma ix o Γ8(L, ).
Rema k 4. We ha e p esen ed a pa i y-check ma ix o any Goppa code Γpe(L, g). This
allows he use o he efficien decoding algo i hm om [1], based on he pa i y-check
ma ix, in ou con ex .
Le us see how he ela ions be ween he pa i y-check ma ices o diffe en alues o
e. In o de o p o e ha , we in oduce a opological esul .
16 M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
a e exac copies o he o iginal Γpe(L, g)and mul iples o pj−e. Mo eo e , by pa (iii)
o Theo em 1, he code o e he p-adic in ege s mus be i ial. 
4. Changes in he polynomial
In he p e ious sec ion, we ha e s udied he changes in he Goppa codes by modi ying
L. Now, le us change he Goppa polynomial. Fi s , le us ecall he ollowing esul o
Goppa codes ound in [7].
Lemma 8. Le g∈R2[X]be a squa e- ee polynomial. Then, Γ2(L, g) =Γ
2(L, g2).
Now, we can p o e he ollowing esul o p =2. This heo em is he gene aliza ion
o i s qua e na y e sion, shown in [5].
Theo em 5. Le g∈R2e[X]be a squa e- ee polynomial wi h a uni as i s leading coeffi-
cien , le Γ2e(L, g)be a Goppa code, and g2∈R2e[X]such ha deg g2≤deg g. Then,
Γ2e(L, g)=Γ
2e(L, g +2
e−1g2).
P oo . Le us p o e Γ2e(L, g) ⊆Γ2e(L, g+2
e−1g2) o any polynomial g2sa -
is ying deg g2≤deg g. Le c ∈Γ2e(L, g). Acco ding o Theo em 1, 
ψ2e,2(c) ∈
Γ2(
ψ2e,2(L), Ψ2e,2(g)). Since gis squa e- ee, Ψ2e,2(g)is also squa e- ee, and by
Lemma 8, 
ψ2e,2(c) ∈Γ2(
ψ2e,2(L), Ψ2e,2(g)2). By Lemma 1and since he leading co-
efficien o gis a uni , his happens when
n

i=1
ciαj−1
ig(αi)−2=0 (mod2)
o all j∈{1, ...2 deg g}. Equi alen ly,
n

i=1
ciαk+j−1
ig(αi)−2=0 (mod2)
o all j∈{1, ..., deg g}and k∈{0, 1, ..., deg g}. The equa ions abo e can be w i en
as

k=0
ak
n

i=1
ciαk
iαj−1
ig(αi)−2=0 (mod2)
o all j∈{1, ..., deg g}and ai∈R2eo , equi alen ly,
n

i=1
ciαj−1
ig(αi)−2g2(αi)=0 (mod2)

M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 17
o all j∈{1, ..., deg g}and g2∈Rpe[X]such ha deg g2≤deg g. He e, we ha e aken
g2(X) =
k=0 akXk. Since c ∈Γ2e(L, g), by Lemma 1and since he leading coefficien
o gis a uni , n
i=1 ciαj−1
ig(αi)−1=0 o all j∈{1, ..., deg g}, so his is equi alen o
n

i=1
ciαj−1
ig(αi)−1+2
e−1
n

i=1
ciαj−1
ig(αi)−2g2(αi)=0
o all j∈{1, ..., deg g}and g2sa is ying he hypo hesis. Finally, by Lemma 6, he
exp ession abo e can be w i en as
n

i=1
ciαj−1
ig(αi)−1(1 −2e−1g(αi)−1g2(αi)) = 0
o all j∈{1, ..., deg g}and g2sa is ying he condi ions o he heo em. Since he leading
coefficien o g+2
e−1g2is also a uni , his is equi alen o c ∈Γ2e(L, g+2
e−1g2). 
Co olla y 4. Le e ∈N, g∈R2e[X]and le g∗∈R2e[X]be he polynomial ha , by
Lemma 3, has he same p ojec ion as gand has a uni as i s leading coefficien . Le
g2∈R2e[X]such ha deg g2≤deg g∗. I Ψ2e,2(g)is squa e- ee,
Γ2e(L, g)=Γ
2e(L, g∗+2
e−1g2).
I qis he polynomial sa is ying q(X)g∗(X) =g(X), hen
Γ2e(L, g)=Γ
2e(L, g +2
e−1qg2).
P oo . The p oo ollows di ec ly om Theo em 5.
Example 7. Le us conside again Example 1. Obse e ha g(X) =X(X2+α4X+α5),
and X2+α4X+α5has no oo s in R8, so gis squa e- ee in R8. By he p e ious heo em,
we can check ha Γ8(L, (1 +4α2)X3+α4X2+(α5+4α)X+4) is gene a ed by he same
gene a o ma ix G om Example 1.
5. Applica ions o c yp og aphy
Goppa codes a e he co e o he o iginal McEliece c yp osys em [9]. This c yp og aphic
scheme, as well as Niede ei e ’s [11], can be gene alized o ings.
Defini ion 3. Le e ∈N∪{∞}, n ∈Nand C⊆Zn
pebe a Zpe-linea code wi h gene a o
ma ix G, e o -co ec ing capaci y ≥ 0and an efficien decoding algo i hm D. We
define he ZpeMcEliece c yp osys em as ollows. The sec e key is o med by G, D, a
andom pe mu a ion ma ix Pand a andom nonsingula ma ix S. The pai (G, 0)
o ms he public key, whe e G=SGP. We define he enc yp ion unc ion as E(m) =
18 M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097
mG+z, whe e z∈Zn
peis a andomly gene a ed e o sa is ying w(z) ≤δ. The dec yp ion
p ocess consis s o : fi s , mul iplying he ciphe ex by P−1, hen apply he decoding
algo i hm Dand finally sol ing linea equa ion sys ems.
The secu i y o he McEliece c yp osys em is based bo h on he NP-ha dness o he
decoding p oblem o andom linea codes o e Zpe, and he indis inguishabili y o he
code C, i.e., one should no be able o sepa a e C om a andom Zpe-linea code.
Rega ding he o me , Elwyn R. Be lekamp, McEliece and Henk C.A. an Tilbo g
p o ed he difficul y o he p oblem in [2] o he case pe=2. This p oo can be gene -
alized o Zpe-linea codes [13]. On he o he hand, he o iginal McEliece c yp osys em
uses bina y Goppa codes, and his amily o codes s ill seems o be he mos eliable
oday. When e ∈N, one can p o e ha he dis inguishabili y p oblem o he bina y
Goppa codes can be educed o he dis inguishabili y o pe-a y Goppa codes. In ac ,
bo h dis inguishabili y p oblems a e equi alen .
Theo em 6. Le e ∈N. The dis inguishabili y p oblems o Goppa codes o e Zpand Zpe
a e equi alen .
P oo . Le us assume he e exis s a dis inguishe D o Goppa codes o e Zpe, i.e., a
polynomial ime algo i hm o dis inguish he code. Le C=pe−1
ψ−1
pe,p(Γp(L, g)). Acco d-
ing o Co olla y 3, Cis a Goppa code o e Zpe o some Leand gesuch ha 
ψpe,p(Le) =L
and Ψpe,p(ge) =g. Applying D o Ciden ifies C, hence dis inguishing Γp(L, g).
Now, le us assume he e exis s a dis inguishe D o p-a y Goppa codes, i.e., a polyno-
mial ime algo i hm o dis inguish a Goppa code o e Zp. Le C he p-a y code isomo phic
o Γpe(L, g) ∩pe−1Zn
pe. Acco ding o Theo em 1, Cis a Goppa code o pa ame e s 
ψpe,p(L)
and Ψpe,p(g). Applying D o Ciden ifies C, hence also dis inguishing Γpe(L, g). 
This esul ises he po en ial c yp og aphic in e es o Goppa codes. In ac , i p =
2, he secu i y o e e y Goppa code educes o he secu i y o he o iginal McEliece
c yp osys em, which is conside ed by a one o he sa es c yp og aphic schemes, e en
esis ing a acks by a quan um compu e [12].
6. Conclusions and u u e wo k
In his pape , we ha e p esen ed Goppa codes o e he p-adic in ege s and in ege s
modulo a powe o p. We ha e p o ed hei basic p ope ies, and some isomo phisms be-
ween Goppa codes o e diffe en ings. Finally, while we lea e he possible applica ions
o Goppa codes o e he p-adics as u u e wo k, we ha e shown a possible c yp og aphic
applica ion o hese codes o e he in ege s modulo pe. This is in e es ing due o he ais-
ing popula i y o code-based c yp og aphy as one o he ew quan um- esis an amilies
o c yp og aphic schemes.
M. Epelde / Fini e Fields and Thei Applica ions 84 (2022) 102097 19
Acknowledgmen s
This wo k is pa o a i ual s ay in he Uni e si y o Sc an on. The au ho wan s o
hank p o esso S. Doughe y o his sugges ions and commen s. The au ho also hanks
he e iewe s o hei ema ks.
Re e ences
[1] A.A. de And ade, R. Palazzo J ., Goppa and S i as a a codes o e fini e ings, Compu . Appl.
Ma h. 24 (2) (2005), h ps://doi .o g /10 .1590 /S0101 -82052005000200005.
[2] E. Be lekamp, R. McEliece, H. an Tilbo g, On he inhe en in ac abili y o ce ain coding p oblems
(co esp.), IEEE T ans. In . Theo y 24 (3) (1978), h ps://doi .o g /10 .1109 /TIT .1978 .1055873.
[3] M. C uz-López, A. Mu illo-Salas, A ecu en andom walk on he p-adic in ege s, B az. J. P obab.
S a . 30 (1) (2016) 145–154, h ps://doi .o g /10 .1214 /14 -BJPS265.
[4] S. Doughe y, Y.H. Pa k, Codes o e he p-adic in ege s, Des. Codes C yp og . 39 (1) (2006) 65–80,
h ps://doi .o g /10 .1007 /s10623 -005 -2542 -x.
[5] M. Epelde, X. La ucea, I.F. Rúa, On qua e na y Goppa codes, Disc e e Ma h. 343 (9) (Sep embe
2020), h ps://doi .o g /10 .1016 /j .disc .2020 .111962.
[6] V.D. Goppa, A new class o linea co ec ing codes, P obl. Pe eda. In . 6(3) (1970) 24–30.
[7] F.J. MacWilliams, N.J.A. Sloane, The Theo y o E o -Co ec ing Codes, No h-Holland Ma he-
ma ical Lib a y, ol. 16, No h-Holland Publ. Co, Ams e dam, 1981.
[8] B.R. McDonald, Fini e Rings wi h Iden i y, Pu e and Applied Ma hema ics, ol. 28, M. Dekke ,
New Yo k, ISBN 0824761618, 1974.
[9] R.J. McEliece, A Public-Key C yp osys em Based on Algeb aic Coding Theo y, Deep Space Ne wo k
P og ess Repo 44, 1978.
[10] J. Munk es, Topology, P en ice-Hall o India, New Dehli, ISBN 978-81-203-2046-8, 2004, p. 169.
[11] H. Niede ei e , Knapsack ype c yp osys ems and algeb aic coding heo y, P obl. Con ol In .
Theo y 15 (1986).
[12] Pos -quan um c yp og aphy s anda diza ion p ocess, h ps://cs c .nis .go /P ojec s /pos -quan um -
c yp og aphy.
[13] V. Wege , K. Kha hu ia, A.L. Ho lemann, M. Ba aglioni, P. San ini, E. Pe siche i, On he ha dness
o he Lee synd ome decoding p oblem, p ep in , h ps://doi .o g /10 .48550 /a Xi .2002 .12785, 2020.