arxiv: 2604.17864 · v1 · submitted 2026-04-20 · 💻 cs.IT · math.IT

Recognition: unknown

The dimensions of Schur squares of HRS codes

Haojie Gu , Zhihao Zhu , Jun Zhang

Authors on Pith no claims yet

Pith reviewed 2026-05-10 04:20 UTC · model grok-4.3

classification 💻 cs.IT math.IT

keywords Schur squareHRS codesReed-Solomon codeshyperderivative codescode dimensionfinite fieldscode-based cryptography

0 comments

The pith

HRS codes achieve the upper bound on Schur square dimension for parameters p ≥ t ≥ 2s and t ≤ (r + 2s - 1)/2.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper determines the dimensions of Schur squares of Hyperderivative Reed-Solomon codes over finite fields. By solving special determinants from the code basis, it establishes a lower bound and an upper bound, then proves that the dimension equals the upper bound (2t-2s+1)s precisely when p ≥ t ≥ 2s and t ≤ (r+2s-1)/2. In the case t=2s with r ≥ t+1, the dimension is exactly t(t+1)/2, the value expected for random codes with high probability. A sympathetic reader would care because this shows certain algebraic codes match generic random behavior in their Schur squares.

Core claim

By solving certain special determinants, the authors derive a lower bound and an upper bound for the dimensions of Schur squares of HRS codes. They prove that when p ≥ t ≥ 2s and t ≤ (r + 2s - 1)/2, the dimension of the Schur square of the HRS code HRS_t({α1, …, αr}, s) reaches the upper bound (2t − 2s + 1)s. In particular, when p ≥ t = 2s and r ≥ t + 1, this dimension equals t(t + 1)/2, which is the dimension of the Schur squares of random codes with high probability.

What carries the argument

The Schur square of the HRS code basis together with exact solutions of the special determinants that determine its rank.

If this is right

For all parameters satisfying p ≥ t ≥ 2s and t ≤ (r + 2s - 1)/2 the Schur square dimension is exactly (2t - 2s + 1)s.
When t = 2s and r ≥ t + 1 the Schur square dimension is exactly t(t + 1)/2.
HRS codes with these parameters have Schur squares indistinguishable in dimension from those of random codes.
Such HRS codes might resist the Schur square distinguisher attack in code-based cryptography.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The determinant-solving technique could be tested on other algebraic code families to see whether they also attain generic Schur square dimensions.
If the dimension match holds, one could check whether HRS codes also resist other algebraic distinguishers that rely on higher-order products.
The result for classical codes suggests checking analogous statements for the quantum-code versions of HRS constructions mentioned in the abstract.

Load-bearing premise

The special determinants arising from the Schur square basis of HRS codes can be solved exactly to establish the stated lower and upper bounds.

What would settle it

A direct computation of the Schur square dimension for small valid parameters, such as s=2, t=4, r=5 over a field of characteristic at least 4, that yields a value other than 10.

read the original abstract

The Schur square of linear codes over a finite field has emerged as a fundamental operation in both classical and quantum coding theory. In this paper, we investigate the Schur square problem of Hyperderivative Reed-Solomon (HRS) codes. By solving certain special determinants, we first give a lower bound and an upper bound for the dimensions of Schur squares of HRS codes, and then prove that when $p\geq t\geq 2s$ and $t\leq \frac{r+2s-1}{2}$, the dimension of the Schur square of the HRS code $HRS_{t}(\{\alpha_{1},\dots,\alpha_{r}\},s)$ (with length $rs$ and dimension $t$) reaches the upper bound $(2t-2s+1)s$. In particular, when $p \ge t=2s$ and $r\geq t+1$, the dimension of the Schur square equals $\frac{t(t+1)}{2}$ which is the dimension of the Schur squares of random codes with high probability. As an application in code-based cryptography, HRS codes with specific parameter settings might resist the attack of Schur square distinguisher.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

HRS codes reach the random-code Schur square dimension under the stated parameter ranges, but only if the key determinants stay non-zero.

read the letter

The central result is that for Hyperderivative Reed-Solomon codes, when the field characteristic p is at least t, t is at least 2s, and t is at most (r + 2s - 1)/2, the dimension of the Schur square is exactly (2t - 2s + 1)s. In the case where t equals 2s and there are enough evaluation points r at least t + 1, this dimension becomes t(t + 1)/2, the same as for a random code of that length and dimension with high probability. This gives parameter settings where HRS codes could avoid detection by Schur-square based attacks in code-based cryptography.

Referee Report

1 major / 0 minor

Summary. The manuscript examines the Schur squares of Hyperderivative Reed-Solomon (HRS) codes. It derives bounds on their dimensions by evaluating special determinants and establishes that under the conditions p ≥ t ≥ 2s and t ≤ (r+2s-1)/2, the dimension of the Schur square of HRS_t({α1,...,αr},s) achieves the upper bound (2t-2s+1)s. In the case t=2s with p≥t and r≥t+1, this dimension is t(t+1)/2, coinciding with the typical dimension for random codes.

Significance. If the determinant evaluations hold as claimed, this work provides exact dimension formulas for Schur squares of HRS codes, which is valuable for understanding their properties in coding theory and for selecting parameters in code-based cryptography to resist Schur square distinguishers. The connection to random code behavior is particularly noteworthy.

major comments (1)

[Abstract and proof of the main theorem] The central claim that the dimension reaches (2t−2s+1)s when p≥t≥2s and t≤(r+2s−1)/2 rests on the non-vanishing of specific determinants in the Schur square basis construction (built from hyperderivatives and Vandermonde-like blocks). The manuscript asserts these determinants 'can be solved exactly' but does not include the closed-form solutions, factorization, or verification that they remain non-zero for distinct α_i under the parameter constraints. This is load-bearing for the lower bound matching the upper bound, as any zero would collapse the result to below (2t-2s+1)s.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the careful reading and valuable feedback on our manuscript. The comment regarding the presentation of the determinant evaluations is well-taken, and we will strengthen the exposition in the revision.

read point-by-point responses

Referee: [Abstract and proof of the main theorem] The central claim that the dimension reaches (2t−2s+1)s when p≥t≥2s and t≤(r+2s−1)/2 rests on the non-vanishing of specific determinants in the Schur square basis construction (built from hyperderivatives and Vandermonde-like blocks). The manuscript asserts these determinants 'can be solved exactly' but does not include the closed-form solutions, factorization, or verification that they remain non-zero for distinct α_i under the parameter constraints. This is load-bearing for the lower bound matching the upper bound, as any zero would collapse the result to below (2t-2s+1)s.

Authors: We agree that the explicit closed-form solutions, factorizations, and non-vanishing verification for the relevant determinants should have been presented more clearly. The manuscript states that the determinants can be solved exactly to obtain the lower bound, but the details of the evaluation were omitted for brevity. In the revised version we will add a new subsection that explicitly computes these determinants (arising from the hyperderivative basis and the associated Vandermonde-like blocks). The closed forms factor as products of nonzero terms involving (α_i − α_j) for i ≠ j together with nonzero hyperderivative coefficients under the stated field characteristic and parameter constraints. We will also include a direct argument showing that none of these factors vanish when the α_i are distinct, p ≥ t ≥ 2s, and t ≤ (r + 2s − 1)/2, thereby confirming that the constructed basis vectors remain linearly independent and the dimension attains the upper bound (2t − 2s + 1)s. revision: yes

Circularity Check

0 steps flagged

No circularity; bounds obtained via direct algebraic evaluation of determinants in the Schur-square basis.

full rationale

The paper establishes upper and lower bounds on dim(C^2) for HRS codes by explicit computation of special determinants built from hyperderivatives and Vandermonde-like blocks. The lower bound is realized by exhibiting a linearly independent set whose independence is asserted to follow from non-vanishing of those determinants under the stated parameter inequalities; this is a self-contained algebraic argument, not a redefinition of the dimension in terms of itself, a fitted parameter renamed as prediction, or a load-bearing self-citation. The equality to the random-code dimension t(t+1)/2 in the special case t=2s is presented as a consequence of the same determinant evaluation, not as an input. No ansatz is smuggled via citation and no known empirical pattern is merely renamed. The derivation chain therefore remains independent of its target result.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on standard properties of finite fields, polynomial derivatives, and linear algebra over those fields; no free parameters or new entities are introduced in the abstract.

axioms (1)

standard math Finite fields of characteristic p support polynomial evaluation, differentiation, and linear independence of certain monomials.
These properties are invoked to define HRS codes and to analyze the basis of their Schur squares via determinants.

pith-pipeline@v0.9.0 · 5512 in / 1391 out tokens · 68447 ms · 2026-05-10T04:20:18.469710+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

20 extracted references · 1 canonical work pages

[1]

Effective attack on the McEliece cryptosystem based on Reed-Muller codes.Discrete Mathematics & Applications, 24(5), 2014

Mikhail A Borodin and Ivan V Chizhov. Effective attack on the McEliece cryptosystem based on Reed-Muller codes.Discrete Mathematics & Applications, 24(5), 2014

2014
[2]

Generalized Hyperderivative Reed-Solomon Codes

Mahir Bilen Can and Benjamin Horowitz. Generalized Hyperderivative Reed-Solomon Codes. arXiv preprint arXiv:2512.22948, 2025

work page arXiv 2025
[3]

M´ emoire sur les fonctions altern´ ees et sur les sommes altern´ ees

Augustin-Louis Cauchy. M´ emoire sur les fonctions altern´ ees et sur les sommes altern´ ees. Exercices Anal. et Phys. Math., 2:151–159, 1841
[4]

A polynomial time attack against algebraic geometry code based public key cryptosystems

Alain Couvreur, Irene M´ arquez-Corbella, and Ruud Pellikaan. A polynomial time attack against algebraic geometry code based public key cryptosystems. In2014 IEEE International Symposium on Information Theory, pages 1446–1450. IEEE, 2014

2014
[5]

Cryptanalysis of McEliece cryptosystem based on algebraic geometry codes and their subcodes.IEEE Transactions on Information Theory, 63(8):5404–5418, 2017

Alain Couvreur, Irene M´ arquez-Corbella, and Ruud Pellikaan. Cryptanalysis of McEliece cryptosystem based on algebraic geometry codes and their subcodes.IEEE Transactions on Information Theory, 63(8):5404–5418, 2017

2017
[6]

Polynomial time attack on wild McEliece over quadratic extensions.IEEE Transactions on Information Theory, 63(1):404– 427, 2016

Alain Couvreur, Ayoub Otmani, and Jean-Pierre Tillich. Polynomial time attack on wild McEliece over quadratic extensions.IEEE Transactions on Information Theory, 63(1):404– 427, 2016

2016
[7]

Vulnerabilities of the McEliece variants based on polar codes

Vlad Dr˘ agoi, Valeriu Beiu, and Dominic Bucerzan. Vulnerabilities of the McEliece variants based on polar codes. InInternational Conference on Security for Information Technology and Communications, pages 376–390. Springer, 2018. 22

2018
[8]

A distinguisher for high-rate McEliece cryptosystems.IEEE Transactions on Information Theory, 59(10):6830–6844, 2013

Jean-Charles Faugere, Val´ erie Gauthier-Umana, Ayoub Otmani, Ludovic Perret, and Jean- Pierre Tillich. A distinguisher for high-rate McEliece cryptosystems.IEEE Transactions on Information Theory, 59(10):6830–6844, 2013

2013
[9]

List decoding of Hyperderivative Reed-Solomon codes

Haojie Gu and Jun Zhang. List decoding of Hyperderivative Reed-Solomon codes. In2026 IEEE International Symposium on Information Theory, 2026

2026
[10]

Unique decoding of Hyperderivative Reed-Solomon codes, 2026

Haojie Gu and Jun Zhang. Unique decoding of Hyperderivative Reed-Solomon codes, 2026

2026
[11]

Number 20

Rudolf Lidl and Harald Niederreiter.Finite fields. Number 20. Cambridge university press, 1997

1997
[12]

The non-gap sequence of a subcode of a generalized Reed-Solomon code.Designs, Codes and Cryptography, 66(1):317– 333, 2013

Irene M´ arquez-Corbella, Edgar Mart´ ınez-Moro, and Ruud Pellikaan. The non-gap sequence of a subcode of a generalized Reed-Solomon code.Designs, Codes and Cryptography, 66(1):317– 333, 2013

2013
[13]

PhD thesis, 2012

D Mirandola.Schur products of linear codes: a study of parameters Master Thesis. PhD thesis, 2012

2012
[14]

Point sets and sequences with small discrepancy.Monatshefte f¨ ur Math- ematik, 104:273–337, 1987

Harald Niederreiter. Point sets and sequences with small discrepancy.Monatshefte f¨ ur Math- ematik, 104:273–337, 1987

1987
[15]

Linear codes over with respect to the Rosenbloom-Tsfasman metric.Designs, Codes and Cryptography, 38(1):17–29, 2006

Mehmet Ozen and Irfan Siap. Linear codes over with respect to the Rosenbloom-Tsfasman metric.Designs, Codes and Cryptography, 38(1):17–29, 2006

2006
[16]

Linear independence of rank 1 matrices and the dimension of∗- products of codes

Hugues Randriambololona. Linear independence of rank 1 matrices and the dimension of∗- products of codes. In2015 IEEE International Symposium on Information Theory (ISIT), pages 196–200. IEEE, 2015

2015
[17]

On products and powers of linear codes under componentwise multiplication.Algorithmic arithmetic, geometry, and coding theory, 637(3-78):32, 2015

Hugues Randriambololona. On products and powers of linear codes under componentwise multiplication.Algorithmic arithmetic, geometry, and coding theory, 637(3-78):32, 2015

2015
[18]

Codes for them-metric.Problemy Peredachi Informatsii, 33(1):55–63, 1997

M Yu Rosenbloom and Michael Anatol’evich Tsfasman. Codes for them-metric.Problemy Peredachi Informatsii, 33(1):55–63, 1997

1997
[19]

Coding theory and uniform distributions.Algebra i Analiz, 13(2):191, 2001

Maxim Mikhailovich Skriganov. Coding theory and uniform distributions.Algebra i Analiz, 13(2):191, 2001

2001
[20]

Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes

Christian Wieschebrink. Cryptanalysis of the Niederreiter public key scheme based on GRS subcodes. InInternational Workshop on Post-Quantum Cryptography, pages 61–72. Springer, 2010. 23

2010