An Algebraic Method for Constructing Bases in Binary Linear Codes for Information Dispersal Algorithms

1. Introduction

The study of linear codes provides a mathematical foundation for secure communication, error detection and correction, and information protection. Furthermore, it underpins modern cryptographic and distributed systems, such as distributed storage, secure multiparty computation, secret-sharing schemes, and information dispersal algorithms (IDAs), along with their associated information recovery algorithms (IRAs) [1,2,8,15,16]. IDAs, introduced by Rabin [14], disperse data into n pieces, allowing reconstruction from any $t<n$ pieces to ensure reliability and fault tolerance. Rabin’s construction employs matrices over algebraic structures such as polynomial rings, Euclidean rings, or finite fields [10], for example, Cauchy or Vandermonde matrices with invertible submatrices that enable reconstruction[19].

Binary linear codes are seldom used in IDAs due to generator matrices lacking invertible $k\times k$ submatrices, unlike those over $\mathbb{R}$ or $\mathbb{C}$. However, parameters like minimum distance and generalized Hamming weights (GHWs) can indicate such properties. Binary codes, being fundamental, offer rigid structures ideal for studying GHWs, bases, and invertible submatrices. We focus on algebraic conditions for binary codes to support IDAs. We show that codes with $d_1\left(C\right)=1$ and $d_k\left(C\right)=n$ enable IDAs via an invertible $k\times k$ submatrix in the generator matrix, ensuring Rabin’s IDA validity. The method uses a degree compatible monomial order on ${\mathbb{F}}_2[x_1,\dots ,x_n]$ to select codewords matching GHWs, forming a basis for binary IDAs without larger-field overhead. Sections 4.2 and 4.3 of [3] motivated us to consider dispersal matrices given by binary linear codewords with special characteristics, as well as those in [2], which allowed us to study the secret-sharing schemes and, therefore, the information dispersal algorithms in a more current way.

The paper is organized as follows. Section 2 reviews the necessary background on linear codes, GHWs, monomial orders, and IDAs. Section 3 presents the main algebraic construction, including the selection of a basis guided by GHWs and the definition of the IDA and IRA procedures. Section 4 illustrates the proposed framework through an example of a binary linear code that satisfies the required conditions. Section 5 presents the conclusions and outlines directions for future research. Finally, Appendix Section 1.1 details the method proposed by Johnsen and Verdure [6] for calculating the GHWs of a linear code.

1.1. Literature Review

This work intersects linear coding theory, algebraic methods, and IDAs. The relevant literature is summarized as follows:

1.

The algebraic foundations of linear codes, including generator matrices, parity-check matrices, and structural parameters, are classical and well established; see, for instance, [12,15,16]. These works provide the basic framework for understanding linear codes as vector spaces over finite fields and for analyzing their fundamental parameters.

2.

Generalized Hamming weights (GHWs), introduced by Wei [18], extend the notion of minimum distance and have become central invariants in the structural analysis of linear codes. Subsequent developments connected GHWs with algebraic and combinatorial objects, particularly through the study of matroids and Stanley-Reisner ideals. In this direction, Johnsen and Verdure [6,7] established a deep relationship between GHWs and graded free resolutions, while García-Marco et al. [5] further explored these ideas in the binary case. These results highlight the role of GHWs as tools for understanding the internal structure of linear codes beyond error-correcting capabilities.

3.

From the algebraic point of view, polynomial rings and monomial orders play an important role in the study of linear codes and their associated ideals; see, e.g., [11]. Degree-compatible monomial orders provide a natural way to organize monomials according to their weight, making them suitable for linking algebraic structures with combinatorial properties of codes.

4.

Information dispersal algorithms (IDA) were introduced by Rabin [1,2,14] as a method for distributing information among multiple participants in a fault-tolerant manner. Classical constructions of IDA usually use matrices from large finite fields, such as Vandermonde or Cauchy matrices, to ensure the existence of invertible submatrices [19]. While these approaches are effective, they inherently depend on non-binary fields.

1.2. Contributions

This work presents an algebraic method for constructing bases of binary linear codes with structural properties suitable for information dispersal. The contributions of this paper can be summarized as follows.

• An algebraic method is introduced for selecting a basis of an $[n,k]$ binary linear code by combining GHWs with a degree-compatible monomial order on the polynomial ring ${\mathbb{F}}_2[x_1,\dots ,x_n]$. The resulting basis reflects the hierarchy of supports determined by the GHWs of the code.
• Under the structural assumptions $d_1\left(C\right)=1$ and $d_k\left(C\right)=n$, we prove that the basis obtained through this construction yields a generator matrix containing at least one invertible $k\times k$ submatrix. This result establishes a direct link between GHWs and the existence of invertible substructures in binary generator matrices.
• We provide a systematic procedure for identifying an invertible $k\times k$ submatrix from the generator matrix associated with the constructed basis. The procedure is derived from the algebraic properties of the selected codewords and does not rely on probabilistic or numerical arguments.
• Based on the above structural results, we formalize an information dispersal and reconstruction scheme defined entirely over the binary field. The correctness of the reconstruction follows from the algebraic properties of the constructed basis and the imposed GHWs conditions.

This work highlights new ideas on GHWs that depart from the traditional perspective of error or security analysis. Instead, they are used as structural invariants that provide information about the possible supports of subcodes and, consequently, about the existence of codewords with controlled support properties. These features will be exploited in Section 2 to guide the selection of a suitable basis for the code.

2. Preliminaries

This section establishes the fundamentals of linear coding theory, specifically generator matrices, parity-check matrices, and Generalized Hamming Weights (GHWs), adopting the standard definitions and notation found in [12,15,16,18]. Furthermore, we detail the use of polynomial rings and monomial orders as discussed in [11]. In this context, these algebraic concepts serve as a structural tool to impose a strict hierarchy on codeword coordinates, facilitating the algebraic analysis of supports and GHWs. Finally, we formally define the Information Dispersal Algorithm (IDA), based on the framework presented in [1].

2.1. Linear Codes and Information Dispersal Algorithm

Let $q=p^r$ be a positive integer, where p is a prime number and r is a positive integer. The finite field with q elements is denoted by ${\mathbb{F}}_q$. Let $n,k,d$ be positive integers such that $n\ge k$ and $d\ge 1$. An $[n,k,d]$linear codeC is defined as a subspace of the vector space ${\mathbb{F}}_q^n$.

A matrix $G\in {\mathrm{Mat}}_{k\times n}\left({\mathbb{F}}_q\right)$ is called a generator matrix of C if its rows form a basis of C. Similarly, a matrix $H\in {\mathrm{Mat}}_{(n-k)\times n}\left({\mathbb{F}}_q\right)$ is said to be a parity-check matrix of C if its null space coincides with C, that is, $x{H}^T=0\mathrm{for}\mathrm{all}x\in C,$ where 0 denotes the zero vector in ${\mathbb{F}}_q^{n-k}$. The code C can be generated by multiplying any vector $x\in {\mathbb{F}}_q^k$ by the generator matrix G, that is, by computing the product $xG$.

Given two nonzero vectors $x=(x_1,\dots ,x_n)$ and $y=(y_1,\dots ,y_n)$ in ${\mathbb{F}}_q^n$, the support of x is defined as $\mathrm{supp}\left(x\right)=\left\{i\mid x_i\ne 0\right\}$. The Hamming distance between x and y is given by

$d(x,y)=\left|\left\{i\mid x_i\ne y_i\right\}\right|$.

The Hamming weight of a vector x is defined as $w\left(x\right)=d(x,\overline{0})$, where $\overline{0}$ denotes the zero vector. The minimum distance of a linear code C is then defined as

$d=min\left\{w\left(x\right)\mid x\in C,x\ne \overline{0}\right\}$.

When the minimum distance of a linear code C is known, the code is described as an $[n,k,d]$ linear code. The elements of C are called codewords, and the parameters n, k, and d are referred to as the basic parameters of the code, representing:

1.

n, the length of the codewords;

2.

k, the dimension of C as a vector space over ${\mathbb{F}}_q$;

3.

d, the minimum distance of C.

The support of a subset $D\subseteq C$ is defined as

$\mathrm{supp}\left(D\right)=\left\{i\mid \exists c\in D\mathrm{such}\mathrm{that}{c}_i\ne 0\right\}$.

In the case of a binary linear code, the support of a subset $D\subseteq C$ coincides with the set of coordinate positions for which at least one element of D has a nonzero entry.

Definition 2.1

([5]). The h-thgeneralized Hamming weightof a linear code C is defined as

$d_h\left(C\right)=min\left\{\left|\mathrm{supp}\left(E\right)\right|\mid E\in D_h\left(C\right)\right\}$,

where $D_h\left(C\right)$ denotes the collection of all h–dimensional linear subspaces of C, for $h\in \left\{1,\dots ,k\right\}$.

It is worth noting that when $h=1$, the generalized Hamming weight coincides with the minimum distance of the code, that is, $d_1\left(C\right)=d$. Hence, Definition 2.1 generalizes the classical notion of minimum distance.

The following theorem establishes fundamental properties of the generalized Hamming weights.

Theorem 2.1

([18]). Let C be an $[n,k,d]$ linear code. Then:

1.

$1\le d_1\left(C\right)<d_2\left(C\right)<\dots <d_k\left(C\right)\le n$;

2.

(Generalized Singleton Bound) $d_h\left(C\right)\le n-k+h$.

The following classical results from linear algebra and commutative algebra can be found in standard references (see, for instance, [20]).

Corollary 2.1

([20]). Let V be a finite–dimensional vector space of dimension n. Any set of n linearly independent vectors in V forms a basis of V.

Theorem 2.2

([15]). Let $A\in {\mathrm{Mat}}_{n\times n}\left(\mathbb{K}\right)$. Then A is invertible if and only if $det\left(A\right)\ne 0$.

Some fundamental results on polynomial rings are presented in [5]. A degree–compatible monomial order is introduced in [11].

Definition 2.2

([11]). Let X be a collection of n vector variables $X_1,\dots ,X_n$, where each $X_i$ decomposes into $q-1$ components $x_{i,1},\dots ,x_{i,q-1}$ for $i\in \left[n\right]$. A monomial in X is an expression of the form

$$\begin{array}{c}\hfill X^u=X_1^{u_1}\dots X_n^{u_n}=\prod _{i=1}^n\prod _{j=1}^{q-1}{x}_{i,j}^{u_{i,j}},\end{array}$$

where $u\in {\mathbb{Z}}_{\ge 0}^{n(q-1)}$.

Definition 2.3.

The polynomial ring $\mathbb{K}\left[X\right]$ is defined as the set of all polynomials in the variables X with coefficients in the field $\mathbb{K}$.

The total degree of a monomial $X^u$ is given by $deg\left(X^u\right)={\sum }_{i=1}^n{\sum }_{j=1}^{q-1}{u}_{i,j}$. In particular, when $u=(0,\dots ,0)$, the monomial reduces to $X^u=1$.

Let X be a set. A partial order on X is a binary relation ≤ that is reflexive, antisymmetric, and transitive. A partial order is said to be a total order if, for any $a,b\in X$, either $a\le b$ or $b\le a$ hold.

Let $\mathbb{K}$ be a field and let $S=\mathbb{K}[x_1,\dots ,x_n]$. Denote by $\mathrm{Mon}\left(S\right)$ the set of all monomials in S.

Definition 2.4.

Amonomial orderon S is a total order ≤ on $\mathrm{Mon}\left(S\right)$ satisfying:

1.

$1\le u$ for all $u\in \mathrm{Mon}\left(S\right)$;

2.

if $u<v$ and $w\in \mathrm{Mon}\left(S\right)$, then $uw<vw$.

Definition 2.5

([11]). A monomial order ≺ on $\mathbb{K}[x_1,\dots ,x_n]$ is said to bedegree compatibleif

$deg\left(X^a\right)<deg\left(X^b\right)⟹X^a\prec X^b$

for all monomials $X^a,X^b$.

An example of a degree–compatible monomial order on ${\mathbb{F}}_2[x_1,\dots ,x_n]$ is the graded lexicographic order. It is defined by $X^a{<}_{\mathrm{deglex}}{X}^b$ if and only if:

1.

${\sum }_{i=1}^n{a}_i<{\sum }_{i=1}^n{b}_i$; or

2.

${\sum }_{i=1}^n{a}_i={\sum }_{i=1}^n{b}_i$ and $a_j<b_j$ for $j=min\left\{i\mid a_i\ne b_i\right\}$.

The following definitions, adapted from [1], formally describe the structure of an information dispersal algorithm.

Definition 2.6

([1]). Let $P=\left\{P_1,P_2,\dots ,P_n\right\}$ be a set of n participants, and let t be a positive integer called thethreshold. Aninformation dispersal algorithm(IDA) consists of a pair of algorithms $(\mathrm{IDA},\mathrm{IRA})$ defined as follows:

$\mathbf{IDA}(M,P,t)⟶(X_1,X_2,\dots ,X_n)$, where:

• M denotes the plaintext message;
• P is the set of participants;
• t is the reconstruction threshold.

The algorithm produces a collection of shares $(X_1,X_2,\dots ,X_n)$, where each share $X_i$ is distributed to the participant $P_i$.

$\mathbf{IRA}(\{X_i:P_i\in A\},A)$:

• the input consists of a subset $A\subseteq P$ and the corresponding shares;
• if $\left|A\right|\ge t$, the algorithm reconstructs M;
• otherwise, it produces an error symbol (e.g.,ERROR).

The scheme satisfies the following correctness condition:

• (Decoding) For every subset $A\subseteq P$ with $\left|A\right|\ge t$,
  $\mathrm{IRA}(\{X_i:P_i\in A\},A)=M$.

In classical IDA, correctness is ensured by the existence of invertible submatrices. In contrast, our binary variant relies on GHWs and degree compatible monomial orders.

3. An Algebraic Framework for Code-Based IDA/IRA Schemes

Let n be a positive integer and consider the notation $\left[n\right]=\{1,\dots ,n\}$. Let C be an $[n,k]$ binary linear code. We define the set $\mathcal{M}$ of codewords of C that form generating sets such that the cardinality of their support equals $d_i\left(C\right)$, as follows:

$\mathcal{M}=\left\{m\in C\mid \exists m_{i_1},\dots ,m_{i_j}\in C\mid d_i\left(C\right)=\left|supp\left(\langle m,m_{i_1},\dots ,m_{i_j}\rangle \right)\right|\right\}$,

where $i\in \{1,\dots ,k\}$, $i_j\in \{1,\dots ,k-1\}$, and $i=i_j$ if $i\ne 1$ and $i\ne k$.

Observe that for $i=1$, we have $\left\{m\in C\mid d_1\left(C\right)=\left|supp(\langle m\rangle )\right|\right\}\subseteq \mathcal{M}$, and for $i=k$, $\left\{m\in C\mid \exists m_1,\dots ,m_{k-1}\in C\mid d_k\left(C\right)=\left|supp\left(\langle m,m_1,\dots ,m_{k-1}\rangle \right)\right|\right\}\subseteq \mathcal{M}$.

Let ≺ be a graded monomial order compatible with the total degree in ${\mathbb{F}}_2[x_1,\dots ,x_n]$. We define the minimal elements in $\mathcal{M}$ as follows:

1.

$m^1={min}_{\prec }\left(\mathcal{M}\right)$,

2.

$m^i={min}_{\prec }\left\{m\in \mathcal{M}|d_i\left(C\right)=\left|supp\left(\langle m,m^{i_1},\dots ,m^{i_j}\rangle \right)\right|\right\}$, where $i\in \{2,\dots ,k\}$, $i_j\in \{1,\dots ,k-1\}$, and $i=i_j$ if $i\ne 1$ and $i\ne k$.

Proposition 3.1.

Let C be an $[n,k]$-binary linear code. Then the set $O_{\prec }=\{m^1,\dots ,m^k\}$ is a basis of C.

Proof. 

We prove this by induction on the index $i\in \left[k\right]$.

For $i=1$, the codeword $m^1$ satisfies $d_1\left(C\right)=\left|supp\left(\langle m^1\rangle \right)\right|$. Clearly, $m^1\ne 0$, and since $\alpha m^1=0$ implies $\alpha =0$, the vector $m^1$ is linearly independent.

For illustrative purposes, consider the case $i=2$. The codewords $m^1$ and $m^2$ satisfy $d_2\left(C\right)=\left|supp\left(\langle m^1,m^2\rangle \right)\right|$. Moreover, $m^1\ne m^2$ because $d_1<d_2$, so there is at least one position j where $m^2$ has a 1 and $m^1$ has a 0. Let $m^1=(b_1,\dots ,b_{j-1},0,b_{j+1},\dots ,b_n)$ and $m^2=(b_1^{\prime },\dots ,b_{j-1}^{\prime },1,b_{j+1}^{\prime },\dots ,b_n^{\prime })$, where $b_i,b_i^{\prime }\in \{0,1\}$. Then,

$$\begin{array}{cc}\hfill {\alpha }_1{m}^1+{\alpha }_2{m}^2& ={\alpha }_1(b_1,\dots ,b_{j-1},0,b_{j+1},\dots ,b_n)+{\alpha }_2(b_1^{\prime },\dots ,b_{j-1}^{\prime },1,b_{j+1}^{\prime },\dots ,b_n^{\prime })\hfill \\ \hfill & =({\alpha }_1{b}_1+{\alpha }_2{b}_1^{\prime },\dots ,{\alpha }_1{b}_{j-1}+{\alpha }_2{b}_{j-1}^{\prime },{\alpha }_2,{\alpha }_1{b}_{j+1}+{\alpha }_2{b}_{j+1}^{\prime },\dots ,{\alpha }_1{b}_n+{\alpha }_2{b}_n^{\prime })\hfill \\ \hfill & =(0,\dots ,0).\hfill \end{array}$$

From this, ${\alpha }_2=0$. Thus,

$$\begin{array}{c}\hfill {\alpha }_1{m}^1+{\alpha }_2{m}^2={\alpha }_1(b_1,\dots ,b_{j-1},0,b_{j+1},\dots ,b_n)={\alpha }_1{m}^1,\end{array}$$

and since $\left\{m^1\right\}$ is linearly independent, ${\alpha }_1=0$. Therefore, ${\alpha }_1={\alpha }_2=0$, so $\{m^1,m^2\}$ is linearly independent.

Assume that $\{m^1,\dots ,m^{k-1}\}$ is linearly independent in C. Now consider $\{m^1,\dots ,m^k\}$ and suppose ${\sum }_{i=1}^k{\alpha }_i{m}^i=0$. Note that $m^i\ne m^j$ for $i\ne j$ since $d_k\left(C\right)=\left|supp\left(\langle m^1,\dots ,m^k\rangle \right)\right|$ and $d_1\left(C\right)<d_2\left(C\right)<\dots <d_k\left(C\right)$. This implies that $m^k$ has at least one 1 in positions $r_1,\dots ,r_j$ where the others have 0s for some $j\in \left[t\right]$.

Fix position $r_1$. The equation becomes

${\sum }_{i=1}^k{\alpha }_i{m}^i=\left({\sum }_{i=1}^n{\alpha }_i{b}_i,\dots ,{\alpha }_{r_1}{b}_{r_1},\dots ,{\sum }_{i=1}^n{\alpha }_i{b}_i\right)=(0,\dots ,0),$

where $b_i\in \{0,1\}$. From the $r_1$-th coordinate, ${\alpha }_{r_1}{b}_{r_1}=0$ and since $b_{r_1}=1$, ${\alpha }_{r_1}=0$. Thus, the system reduces to ${\sum }_{i=1}^{k-1}{\alpha }_i{m}^i=0$. By the induction hypothesis, $\{m^1,\dots ,m^{k-1}\}$ is linearly independent, so ${\alpha }_i=0$ for $i\in [k-1]$. Hence, ${\alpha }_1=\dots ={\alpha }_k=0$, and $O_{\prec }=\{m^1,\dots ,m^k\}$ is linearly independent.

By Corollary 2.1, $O_{\prec }\subset C$ is a basis of C.    □

We restate Proposition 3.1 as the following algorithm:

Algorithm 3.1.

Algorithm for computing a basis of a binary linear code.  

Input: An $[n,k]$-binary linear code C and a degree compatible monomial order in the polynomial ring ${\mathbb{F}}_2[x_1,\dots ,x_n]$.  

Output: A basis of C. Operations: A basis of C is obtained as follows:

1.

Compute the codewords in the subset $\mathcal{M}$ of C defined by

$\mathcal{M}=\left\{m\in C\mid \exists m_{i_1},\dots ,m_{i_j}\in C\mid d_i\left(C\right)=\left|supp\left(\langle m,m_{i_1},\dots ,m_{i_j}\rangle \right)\right|\right\}$,

where $i\in \{1,\dots ,k\}$, $i_j\in \{1,\dots ,k-1\}$, and $i=i_j$ whenever $i\ne 1$ and $i\ne k$.

2.

Order the elements of $\mathcal{M}$ according to the order ≺ for obtain the sequence of codewords $\{m^1,\dots ,m^k\}$.

3.

Output: The ordered set of codewords $O_{\prec }=\{m^1,\dots ,m^k\}$.

Algorithm 3.2.

Algorithm for IDA using a basis of a binary linear code.

Input: An $[n,k]$-binary linear code C satisfying $d_1\left(C\right)=1$, $d_k\left(C\right)=n$, and a plaintext message M.

Output: A dispersal vector and an $n\times k$ matrix and the threshold t.

Operations: The dispersal vector and the matrix A of size $n\times k$ are obtained as follows:

1.

Apply Algorithm 3.1 to the $[n,k]$-binary linear code C to obtain a basis $O_{\prec }={\left\{m^i\right\}}_{i=1}^k$ of C.

2.

Convert the plaintext M into its binary representation, yielding a vector (or a set of vectors) $F\in {\mathbb{F}}_2^k$.

3.

Define $A=[m^1,m^2,\dots ,m^k]$. Multiply F (on the right) by A to obtain the dispersal vector d, i.e., $A·F=d$.

4.

Define $t=n-k$.

5.

Output: The dispersal vector d, the matrix A of size $n\times k$ and the threshold t.

Algorithm 3.3.

Algorithm for the recovery of information from a given vector and an associated dispersion matrix, referred to as the Information Recovery Algorithm (IRA).

Input: A vector b of length k and a matrix $A\in Ma{t}_{n\times k}\left({\mathbb{F}}_2\right)$.

Output: The dispersion vector d.

Operations: The dispersion vector d is obtained from b and A as follows.

1.

Consider $A=[m^1,m^2,\dots ,m^k]$ and denote by $r_i$, $i\in \left[n\right]$, the rows of A. If $supp\left(r_i\right)=supp\left(r_j\right)$, remove the row $r_j$. Repeat this step until all remaining rows satisfy $r_i\ne r_j$, or until $n-k$ deletions are performed. If A contains no repeated rows, proceed to the next step.

2.

For each $i\in \left[n\right]$, if a row $r_i=0$ in A, remove that row.

3.

Suppose steps 1 and 2 result in t and s row deletions respectively, with $p,s<n-k$. Identify rows $r_i$ of A such that $|supp\left(r_i\right)|\ge |supp\left(r_j\right)|$ for all $j\in [n-(p+s\left)\right]$, and remove such rows. Repeat until a total of q additional deletions is performed so that $p+s+q=n-k$.

4.

After deleting $n-k$ rows, rename the resulting column vectors of A as $C_1,C_2,\dots ,C_k$, and define the matrix $B=[C_1,C_2,\dots ,C_k]$.

5.

Solve the linear system $Bd=b$ for d, i.e., compute $d=B^{-1}b$.

6.

Output: The dispersion vector d.

Proposition 3.2.

Let C be an $[n,k]$-binary linear code such that $d_1\left(C\right)=1$ and $d_k\left(C\right)=n$. Then Algorithms 3.2 and 3.3 are valid.

Proof. 

Consider a basis of C given by Algorithm 3.1, namely $O_{\prec }={\left\{m^i\right\}}_{i=1}^k$. Since $d_1=1$, the codeword $m^1$ has exactly one nonzero coordinate in the i-th position; that is, $m^1=(0,\dots ,0,{\underbrace{1}}_i,0,\dots ,0)$. Note that the i-th row in matrix A is not repeated because $m^1$ has a single 1 in position i. Therefore, this row is not omitted. Thus, the vector $C_1$ of matrix B preserves the unique 1 of $m^1$ while removing $n-k$ zero entries, so $C_1=(0,\dots ,0,{\underbrace{1}}_i,0,\dots ,0)$.

Furthermore, Algorithm 3.3 omits zero rows and repeated rows in matrix A, so the rows of B satisfy $r_i\ne r_j$ if $i\ne j$ and $r_i\ne 0$ for $i,j\in \left[k\right]$.

Now, suppose ${\sum }_{i=1}^k{\alpha }_i{r}_i=0$, which gives the system of equations:

$\left\{\begin{array}{c}{\alpha }_1{b}_{11}+{\alpha }_2{b}_{12}+\dots +{\alpha }_k{b}_{1k}=0\hfill \\ {\alpha }_1{b}_{21}+{\alpha }_2{b}_{22}+\dots +{\alpha }_k{b}_{2k}=0\hfill \\ ⋮⋮\hfill \\ {\alpha }_1{b}_{k1}+{\alpha }_2{b}_{k2}+\dots +{\alpha }_k{b}_{kk}=0\hfill \end{array}\right.(*)$

This can be rewritten as ${\alpha }_1{C}_1+{\alpha }_2{C}_2+\dots +{\alpha }_k{C}_k=0$. Note that $C_1=(0,\dots ,\underset{i}{\underbrace{1}},\dots ,0)$. Applying Gaussian elimination to the system,

$\left(\begin{array}{ccccc}\hfill 0& \hfill b_{12}& \hfill \dots & \hfill b_{1k}& \hfill 0\\ \hfill ⋮& \hfill ⋮& \hfill \ddots & \hfill ⋮& \hfill ⋮\\ \hfill 1& \hfill b_{i2}& \hfill \dots & \hfill b_{ik}& \hfill 0\\ \hfill ⋮& \hfill ⋮& \hfill \ddots & \hfill ⋮& \hfill ⋮\\ \hfill 0& \hfill b_{k2}& \hfill \dots & \hfill b_{kk}& \hfill 0\end{array}\right)\sim \left(\begin{array}{ccccc}\hfill 1& \hfill b_{i2}& \hfill \dots & \hfill b_{ik}& \hfill 0\\ \hfill 0& \hfill b_{22}& \hfill \dots & \hfill b_{2k}& \hfill 0\\ \hfill ⋮& \hfill ⋮& \hfill \ddots & \hfill ⋮& \hfill ⋮\\ \hfill 0& \hfill b_{k2}& \hfill \dots & \hfill b_{kk}& \hfill 0\end{array}\right)$

Since $m^i\ne 0$ and $supp\left(C_i\right)\subseteq supp\left(m^i\right)$, some $b_{ij}$ in $C_i$ are nonzero. Step 2 of Algorithm 3.3 omits zero rows, and step 3 removes rows with larger supports, leaving at least the row in B where $b_{ij}=1$ in $C_i$ and $b_{ij}=0$ in $C_{i-1}$.

For each column $C_i$, apply row swaps to place a 1 in position $b_{ij}$, then eliminate below it. Repeating this k times yields:

$\left(\begin{array}{ccccc}\hfill 1& \hfill b_{i2}& \hfill \dots & \hfill b_{ik}& \hfill 0\\ \hfill 0& \hfill 1& \hfill \dots & \hfill b_{2j}& \hfill 0\\ \hfill ⋮& \hfill ⋮& \hfill \ddots & \hfill ⋮& \hfill ⋮\\ \hfill 0& \hfill 0& \hfill \dots & \hfill 1& \hfill 0\end{array}\right)$

Thus, system $(*)$ is equivalent to

$\begin{array}{c}\hfill {\alpha }_1+{\alpha }_2{b}_{12}+\dots +{\alpha }_k{b}_{1k}=0\\ \hfill {\alpha }_2+\dots +{\alpha }_k{b}_{2j}=0\\ \hfill ⋮\\ \hfill {\alpha }_k=0\end{array}$

From the last equation, ${\alpha }_k=0$. From the penultimate, ${\alpha }_{k-1}+{\alpha }_k{b}_{k-1,k}=0$, so ${\alpha }_{k-1}=0$. Back substituting yields ${\alpha }_k={\alpha }_{k-1}=\dots ={\alpha }_1=0$. Thus, the rows $r_i$ of B are linearly independent over ${\mathbb{F}}_2^k$.

By Corollary 2.1, B is a basis of ${\mathbb{F}}_2^k$. Since B has full rank k, it is invertible.    □

4. Analysis and Results

This section provides a concrete example to substantiate the algebraic framework established in Section 3. The example illustrates how basis selection, governed by GHWs, results in a generator matrix suitable for the Information Dispersal Algorithm (IDA). The primary objective is to confirm the theoretical consistency of our approach and elucidate the operational procedures, rather than to evaluate empirical performance. The GHWs are calculated following the method of Johnsen and Verdure [6]. For reference, the pseudocode for determining the GHWs of an $[n,k]$-binary linear code is included in Appendix Section 1.1.

Example 4.1.

Let C be a $[10,7]$-binary linear code with generator matrix

$$G=\left(\begin{array}{cccccccccc}1& 1& 0& 0& 0& 0& 1& 1& 0& 1\\ 1& 1& 0& 1& 0& 0& 1& 0& 0& 1\\ 1& 1& 0& 0& 1& 1& 1& 1& 0& 0\\ 0& 0& 1& 1& 0& 1& 0& 1& 0& 0\\ 0& 1& 0& 0& 0& 1& 1& 0& 1& 1\\ 0& 1& 0& 1& 0& 0& 1& 1& 1& 1\\ 0& 0& 1& 0& 0& 1& 1& 0& 1& 1\end{array}\right).$$

Using the algorithm described in Appendix 1, the generalized Hamming weights of C are computed as

$$\begin{array}{c}\hfill d_1\left(C\right)=1,d_2\left(C\right)=2,d_3\left(C\right)=3,d_4\left(C\right)=5,d_5\left(C\right)=7,d_6\left(C\right)=9,d_7\left(C\right)=10.\end{array}$$

For each $i\in \left[k\right]$, we determine some of the elements of the set $\mathcal{M}$ by selecting the keywords that satisfy the defining condition of this set, namely:

$$\begin{array}{cc}\hfill \mathrm{For}i& =1,\left\{\begin{array}{c}\left(0000010000\right),\left(0010000000\right),\left(0100000000\right)\hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =2,\left\{\begin{array}{c}\left(0000010000\right),\left(0010000000\right),\left(0100000000\right)\hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =3,\left\{\begin{array}{c}\left(0000010000\right),\left(0010000000\right),\left(0100000000\right),\left(0001000100\right),\hfill \\ \left(0010010000\right),\left(0000100001\right),\left(0110000000\right),\left(0100010000\right),\dots \hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =4,\left\{\begin{array}{c}\left(0010010000\right),\left(0000100001\right),\left(0001000100\right),\hfill \\ \left(0110000000\right),\left(0100010000\right),\left(0000001011\right),\dots \hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =5,\left\{\begin{array}{c}\left(0001000100\right),\left(0000001011\right),\left(0000110001\right),\dots \hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =6,\left\{\begin{array}{c}\left(0000001011\right),\left(0000110001\right),\left(0010100001\right),\dots \hfill \end{array}\right\}\subseteq \mathcal{M}\hfill \\ \hfill \mathrm{For}i& =7,\left\{\begin{array}{c}\left(1000000110\right),\left(0000101010\right),\left(1110000110\right),\dots \hfill \end{array}\right\}\subseteq \mathcal{M}.\hfill \end{array}$$

We consider the lexicographic graded order ≺, and using SageMath we calculate the codewords $m^i\in C$, which are:

$$O_{\prec }=\left\{\begin{array}{c}{m}^1=\left(0000010000\right),m^2=\left(0010000000\right),m^3=\left(0100000000\right),m^4=\left(0000100001\right)\hfill \\ m^5=\left(0001000100\right),m^6=\left(0000001011\right),m^7=\left(1000000110\right)\hfill \end{array}\right\}$$

Furthermore, by the definition of the set $\mathcal{M}$ we see that:

$$\begin{array}{cc}\hfill d_1\left(C\right)& =\left|supp\right(〈m^1〉\left)\right|=1\hfill \\ \hfill d_2\left(C\right)& =\left|supp\right(〈m^1,m^2〉\left)\right|=3\hfill \\ \hfill & ⋮\hfill \\ \hfill d_7\left(C\right)& =\left|supp\right(〈m^1,m^2,m^3,m^4,m^5,m^6,m^7〉\left)\right|=10\hfill \end{array}$$

By proposition 3.1, we see that the set $O_{\prec }$ forms a basis of the code C.

We then apply the IDA mechanism proposed by Rabin [14] to the set $O_{\prec }$ as follows:

Let M = “Quantum cryptography is secure" is the plain-text message. We convert the message M into ASCII code, and subsequently into its binary representation,

$$\begin{array}{cc}\hfill M& =0101000101110101011000010110111001110100011101010110110100100000\hfill \\ \hfill & 0110001101110010011110010111000001110100011011110110011101110010\hfill \\ \hfill & 0110000101110000011010000111100100100000011010010111001100100000\hfill \\ \hfill & 011100110110010101100011011101010111001001100101\hfill \end{array}$$

Let $P=\left\{P_1,P_2,P_3,P_4,P_5,P_6,P_7,P_8,P_9,P_{10}\right\}$ be a set of 10 participants and let the threshold be defined as $t=n-k=3$. We consider the matrix formed by the codewords $m^i$,

$$A=\left(\begin{array}{c}{m}^1,m^2,m^3,m^4,m^5,m^6,m^7\end{array}\right)=\left(\begin{array}{ccccccc}0& 0& 0& 0& 0& 0& 1\\ 0& 0& 1& 0& 0& 0& 0\\ 0& 1& 0& 0& 0& 0& 0\\ 0& 0& 0& 0& 1& 0& 0\\ 0& 0& 0& 1& 0& 0& 0\\ 1& 0& 0& 0& 0& 0& 0\\ 0& 0& 0& 0& 0& 1& 1\\ 0& 0& 0& 0& 1& 0& 1\\ 0& 0& 0& 0& 0& 1& 0\\ 0& 0& 0& 1& 0& 1& 1\end{array}\right)$$

The message M is partitioned into blocks of length 7, and each block is multiplied by A. For illustration, only the first three resulting vectors are shown:

$$D=AM=(d_1,d_2,d_3,d_4,d_5,\dots )={\left(\begin{array}{c}01001\\ 01011\\ 10101\\ 01110\\ 11100\\ 01001\dots \\ 01010\\ 00111\\ 00011\\ 10110\end{array}\right)}_{10\times \lceil \left|M\right|/7\rceil }$$

where $\lceil ·\rceil$ denotes the ceiling function, and if the length of the final block is less than 7, it is padded with zeros.

Each component of the resulting vectors is distributed among the participants. We assume that participants $P_7$, $P_8$, and $P_{10}$ are unavailable. Let P represent the set of participants used for reconstruction:

$P=\{P_1,P_2,P_3,P_4,P_5,P_6,P_9\}$, satisfying $\left|P\right|=7\ge t$.

Applying the Information Recovery Algorithm (IRA), the components corresponding to the unavailable participants are removed from each dispersal vector, yielding the vectors $f_i$. To recover the original message, we construct a submatrix B of the dispersal matrix A by deleting the rows corresponding to the unavailable participants.

By Proposition 3.2, the resulting matrix $B\in {\mathbb{F}}_2^{7\times 7}$ is invertible. Its inverse, computed usingSageMath, is explicitly given by

$B^{-1}=\left(\begin{array}{ccccccc}0& 0& 0& 0& 0& 1& 0\\ 0& 0& 1& 0& 0& 0& 0\\ 0& 1& 0& 0& 0& 0& 0\\ 0& 0& 0& 0& 1& 0& 0\\ 0& 0& 0& 1& 0& 0& 0\\ 0& 0& 0& 0& 0& 0& 1\\ 1& 0& 0& 0& 0& 0& 0\end{array}\right).$

Consequently, the dispersal vectors $d_i$ are recovered by solving the linear system

$BM=f_i,\mathrm{then},M=B^{-1}{f}_i,\mathrm{so},$

$$D=\left(\begin{array}{ccccccc}0& 0& 0& 0& 0& 1& 0\\ 0& 0& 1& 0& 0& 0& 0\\ 0& 1& 0& 0& 0& 0& 0\\ 0& 0& 0& 0& 1& 0& 0\\ 0& 0& 0& 1& 0& 0& 0\\ 0& 0& 0& 0& 0& 0& 1\\ 1& 0& 0& 0& 0& 0& 0\end{array}\right)\left(\begin{array}{ccccc}0& 1& 0& 0& 1\\ 0& 1& 0& 1& 1\\ 1& 0& 1& 0& 1\\ 0& 1& 1& 1& 0\dots \\ 1& 1& 1& 0& 0\\ 0& 1& 0& 0& 1\\ 0& 0& 0& 1& 1\end{array}\right)=\left(\begin{array}{c}01001\\ 01011\\ 10101\\ 01110\\ 11100\\ 01001\dots \\ 01010\\ 00111\\ 00011\\ 10110\end{array}\right)$$

where i indexes the set of message blocks. This result shows that the original message can be retrieved even if up to $t=n-k$ components are lost in each dispersal vector.

5. Conclusions

The contributions of this work are fundamentally theoretical. We have demonstrated that Generalized Hamming Weights (GHWs) serve as effective algebraic tools for constructing bases of binary linear codes suitable for information dispersal. These results establish sufficient algebraic conditions to guaranty the existence of generator matrices with invertible submatrices over ${\mathbb{F}}_2$, thereby enabling the application of the Information Dispersal Algorithm (IDA) and the Information Recovery Algorithm (IRA) within a strictly binary framework

This study suggests several avenues for future research, particularly regarding performance and generalized applicability.

Question 5.1.

How does the efficiency of the proposed binary IDA benchmark against classical implementations over finite fields like $GF\left(2^8\right)$ and $GF\left(2^{16}\right)$, as discussed in [17]?

Question 5.2.

In which parameter regimes $(n,k)$ does the binary IDA/IRA framework offer superior performance or distinct trade-offs compared to traditional approaches over larger fields?

Furthermore, relaxing the Generalized Hamming Weight conditions presents a compelling direction. It is natural to inquire whether the strict constraints used here can be loosened to accommodate a wider class of binary linear codes.

Question 5.3.

What are the admissible ranges for $d_1\left(C\right)$ and $d_k\left(C\right)$ (with $d_1\left(C\right)>1$ and $d_k\left(C\right)\le n$) that still permit valid IDA-based dispersal and recovery?

Addressing these questions would deepen the understanding of the interplay between GHWs, algebraic structures, and information dispersal, potentially paving the way for new families of binary codes suitable for distributed storage and secure data dissemination