Skip to Main Content
For an error-correcting code and a distance bound, the list decoding problem is to compute all the codewords within a given distance to a received message. The bounded distance decoding problem is to find one codeword if there is at least one codeword within the given distance, or to output the empty set if there is not. Obviously the bounded distance decoding problem is not as hard as the list decoding problem. For a Reed-Solomon code [n, k]q, a simple counting argument shows that for any integer 0 < g < n, there exists at least one Hamming ball of radius n - g, which contains at least (ng)/qg-k many codewords. Let g(n, k, q) be the smallest positive integer g such that (ng)/qg-k < 1. One knows that k ≤ g(n, k, q) ≤ √nk ≤ n. For the distance bound up to n- √nk;, it is well known that both the list and bounded distance decoding can be solved efficiently. For the distance bound between n - √nk and n - g(n, k, q), we do not know whether the Reed-Solomon code is list, or bounded distance decodable, nor do we know whether there are polynomially many codewords in all balls of the radius. It is generally believed that the answers to both questions are no. There are public key cryptosystems proposed recently, whose security is based on the assumptions. In this paper, we prove: (1) List decoding can not be done for radius n - g(n, k: q) or larger, otherwise the discrete logarithm over Fqg(m, k, q)-k is easy. (2) Let h and g be positive integers satisfying q ≥ max(g2, (h-l)2+ε) and g ≥ (4/ε + 2)(h + 1) for a constant ε > 0. We show that the discrete logarithm problem over Fqh can be efficiently reduced by a randomized algorithm to the bounded distance decoding problem of the Reed-Solomon code [q, g - h]q with radius q - g. These results show that the decoding problems for the Reed-Solomon code are at least as hard as the discrete logarithm problem over finite fields. The main tools to obtain these results are an interesting connection between the problem of list-decoding of Reed-Solomon code and the problem of discrete logarithm over finite fields, and a generalization of Katz's theorem on - representations of elements in an extension finite field by products of distinct linear factors.