Matemáticas Aplicadas a la Informática

Error Correcting Codes

Fco. Javier Lobillo

References

[Ber73] Elwyn R. Berlekamp. Goppa codes. IEEE Transactions on Information

Theory, IT-19(5):590–592, 1973.
[HP10] W. Cary Huffman and Vera Pless. Fundamentals of Error-Correcting
Codes. Cambridge University Press, 2010.

[McE78] R. J. McEliece. A public-key cryptosystem based on algebraic coding

theory. Technical Report 42-44, National Aeronautics and Space Admin-
istration, January and February 1978.
[Var97] Alexander Vardy. The intractability of computing the minimum distance of
a code. IEEE Transactions on Information Theory, 43(6):1757–1766, Nov
1997.
6 Tema 2

Theorem 17. Let n be a positive integer relatively prime to q. Let t be the smallest
positive integer such that qt ≡ 1 (mod n). Let α be a primitive nth root of unity
TEMA 2 in Fqt .

1. For each integer 0 ≤ s < n, the minimal polynomial of αs over Fq is

Cyclic codes Y
Mαs (x) = (x − αi ),
i∈Cs

where Cs is the q-cyclotomic coset of s modulo n.

Concept 2. The conjugates of αs are the elements αi with i ∈ Cs .

An [n, k]–code is said to be cyclic if c0 c1 . . . cn−1 ∈ C implies cn−1 c0 . . . cn−2 ∈ C. 3. Furthermore, Y

The map c0 c1 . . . cn−1 7→ cn−1 c0 . . . cn−2 is called the shift operator. So, cyclic xn − 1 = Mαs (x)
codes are invariant under the shift operator. s

F [x] is the factorization of xn − 1 into irreducible factors over Fq , where s runs

Let v : hxnq −1i → Fn
q be the canonical isomorphism of Fq –vector spaces, where through a set of representatives of the q-cyclotomic cosets modulo n.
each polynomial a0 + a1 x + · · · + an−1 xn−1 is mapped to a0 a1 . . . an−1 .
Theorem 18. Let C be a nonzero cyclic code in Fq [x]/hxn − 1i. There exists a
−1
Theorem 16. An [n, k]–code C over Fq is cyclic if and only if v (C) is an ideal of polynomial g(x) ∈ C with the following properties:
Fq [x]
hxn −1i .
1. g(x) is the unique monic polynomial of minimum degree in C,
n
So cyclic codes of length n correspond to factors of x − 1. 2. C = hg(x)i,

Factoring xn − 1 in Fq [x] 3. g(x) | xn − 1.

Pn−k i
xn − 1 has no repeated irreducible factors if and only if q and n are relatively Let k = n − deg g(x), and let g(x) = i=0 gi x . Then:
4. the dimension of C is k and {g(x), xg(x), . . . , xk−1 g(x)} is a basis for C,
prime.

Let Fqt be a splitting field of xn − 1, i.e. t is the smallest positive integer such
5. every element of C is uniquely expressible as a product g(x)f(x) where
that qt ≡ 1 (mod n). We fix a primitive element γ ∈ Fqt .
deg f(x) < k,
Then α = γd is a primitive nth root of unity where d = (qt − 1)/n.
6. if α is a primitive nth root of unity in some field extension of Fq , then
Y
The q-cyclotomic coset of s modulo n is the set g(x) = Mαs (x),
s
Cs = {s, sq, . . . , sqr−1 } (mod n)
where the product is over a subset of representatives of the q-cyclotomic
where r is the smallest positive integer such that sqr ≡ s (mod n). cosets modulo n.

F. J. Lobillo
MAI: Error Correcting Codes 7

Zeros of a cyclic code Let g(x) = g0 + · · · + gn−k−1 xn−k−1 + xn−k and h(x) = h0 + · · · + hk−1 xk−1 + xk .
Let
Let C be a cyclic [n, k]-code over Fq with generator polynomial g(x). Then
Y Y h∗ (x) = xk h(x−1 ) = h0 xk + h1 xk−1 + h2 xk−2 + · · · + hk−1 x + 1.
g(x) = (x − αi )
s i∈Cs Then
Pk
where s runs S through a subset of representatives of the q-cyclotomic cosets modulo h∗ (xn−1 ) = 1 + i=1 hk−i xn−i
n. Let T = s Cs be the union of these q-cyclotomic cosets, which is called a  P 
defining set of C. The roots of unity Z = {αi |i ∈ T } are called the zeros of C, while ≡ xn−k xk + ki=1 hk−i xk−i
{αi |i ∈
/ T } are the nonzeros. = xn−k h(x).
Theorem 19. Let α be a primitive nth root of unity in some extension field of
Fq . Let C be a cyclic code of length n over Fq with defining set T and generator
Therefore
polynomial g(x). The following hold. hg0 . . . gn−k−1 10 . . . 0, 1hk−1 . . . h0 0 . . . 0i = g(x)h∗ (xn−1 ) mod xn − 1 0

= g(x)xn−k h(x) mod xn − 1 0

1. T is a union of q-cyclotomic cosets modulo n.
Q = xn−k (xn − 1) mod xn − 1 0 = 0.


i
2. g(x) = i∈T (x − α ).
So h∗ (x) ∈ C⊥ . Since dim C⊥ = n − dim C = n − k, it follows that h∗ (x) is a
3. c(x) ∈ C if and only if c(αi ) = 0 for all i ∈ T .
polynomial in C⊥ of minimal degree, hence the Theorem follows.
4. The dimension of C is n − #T .
First encoding scheme
Pn−k
Dual code Let C be a cyclic [n, k]–code over Fq generated by g(x) = i=0 gi xi . A generator
matrix for C is
Theorem 20. The dual code of a cyclic code is also cyclic.    
g0 g1 g2 . . . gn−k 0 ... 0 g(x)
Theorem 21. Let C be a cyclic [n, k]-code over Fq with generator polynomial g(x).  0 g 0 g1 g2 . . . g n−k . . . 0   xg(x)

Let h(x) = (xn − 1)/g(x). Then the generator polynomial of C⊥ is xk h(x−1 )/h(0). G= . =
   
. . . . . . .. 
..
 .. .. .. .. .. .. .. .   
.
Proof. Let α, β ∈ Fq [x] such that deg α, deg β < n. Observe that 0 0 ... g0 g1 g2 ... gn−k xk−1 g(x)
Pn−1 Pn−1
β(xn−1 ) = i=0βi (xn−1 )i = i=0 βi xi(n−1) A message m ∈ Fkq is then encoded as c = mG. Using polynomial notation,
P
≡ β0 + n−1
i=1 βi x
n−i
(mod xn − 1) c(x) = m(x)g(x),

Since xn ≡ 1 (mod xn − 1), the zero degree coefficient of α(x)β(xn−1 ) is where m(x) is the polynomial associated to the message and c(x) the polynomial
P  Pn−1   associated to the codeword.
n−1
α(x)β(xn−1 ) mod xn − 1 0 = n

i n−j
i=0 α i x β 0 + j=1 β j x mod x − 1
0
= α0 β0 + α1 β1 + · · · + αn−1 βn−1 Second encoding scheme
= hα0 . . . αn−1 , β0 . . . βn−1 i This is a systematic encoder.

F. J. Lobillo
8 Tema 2

Let C be a cyclic [n, k]–code over Fq generated by g(x). BCH bound and BCH codes

Any message m ∈ Fkq is associated to a polynomial m(x) ∈ Fq [x] such that Theorem 23. Let C be a cyclic [n, k, d]-code over Fq with defining set T . Assume
deg m(x) < k. T contains δ − 1 consecutive elements for some integer δ. Then d ≥ δ.

Let r(x) = (xn−k m(x) mod g(x)).

Let δ be an integer with 2 ≤ δ ≤ n. A BCH code over Fq of length n and designed
Then c(x) = x n−k
m(x) − r(x) ∈ C. distance δ is a cyclic code with defining set

Also c(x) differs from xn−k m(x) in the coefficients of 1, x, . . . , xn−k−1 as
deg r(x) < n − k.
So c(x) contains the message m in the coefficients of the terms of degree at
least n − k.
T = Cb ∪ Cb+1 ∪ · · · ∪ Cb+δ−2
where Ci is the q-cyclotomic coset modulo n containing i.
Theorem 24. A BCH code of designed distance δ has minimum weight at least δ.

Reed–Solomon codes
Meggit decoding algorithm
A Reed–Solomon code C over Fq is a BCH code of length n = q − 1.
n
Theorem 22. Let g(x) be a monic divisor of x − 1. If s(x) = (v(x) mod g(x)), then
Theorem 25. Let C be a RS code of length n = q − 1 and designed distance δ.
Then
(xv(x) mod xn − 1) mod g(x) = (xs(x) mod g(x)) = xs(x) − g(x)sn−k−1 ,

1. C has defining set T = {b, b + 1, . . . , b + δ − 2}.

where sn−k−1 is the coefficient of xn−k−1 in s(x).
2. C has minimum distance d = δ and dimension k = n − d + 1.
Define the Syndrome polynomial to be S(v(x)) = (xn−k v(x) mod g(x)).
3. C is MDS.
Step 0 Find all the syndrome polynomials S(e(x) of error patterns e(x) =
Pn−1 i
i=0 ei x such that w(e(x)) ≤ t and en−1 6= 0. Syndrome reviewed
Step 1 Suppose that y(x) = c(x) + e(x) is the received vector. Compute the Let C be a BCH code of length n, designed distance δ and defining set T ⊇ {b, b +
syndrome polynomial S(y(x)). Observe that S(y(x)) = S(e(x)). 1, . . . , b + δ − 2}. We denote α the corresponding root of unity used to determine
T . We assume c(x) ∈ C is transmitted and y(x) = c(x) + e(x) is received, where
Step 2 If S(y(x)) is in the list computed in Step 0, then return c(x) = y(x) − e(x) e(x) = Pν ek xkj is the error polynomial with kj < kj+1 < n and ν ≤ τ = δ−1 .

j=1 j 2
where e(x) is the error polynomial in that list associated to S(y(x)). Otherwise
go to next step.
Recall c(x) ∈ C if and only if c(αi ) = 0 for all i ∈ T . In particular y(αi ) =
i i i
Step 3 Compute the syndrome polynomial of xy(x), x2 y(x), . . . in succession until c(α ) + e(α ) = e(α ) for all 1 ≤ i ≤ 2τ, since 2τ ≤ δ − 1. For 1 ≤ i ≤ 2τ, we define
the syndrome polynomial is in the list from Step 0. If S(xi y(x)) is in that the syndrome Si of y(x) and the syndrome polynomial S(x) as
list and has e 0 (x) as associated error polynomial, then the received vector is P P
decoded as y(x) − xn−i e 0 (x). Si = y(αi ) = e(αi ) = ν
j=1 ekj α
ikj
and S(x) = 2τ−1
i=0 Si+b x
i

F. J. Lobillo
MAI: Error Correcting Codes 9

Key equation Peterson–Gorenstein–Zierler Decoding Algorithm

Error locator polynomial
X X
Since
X
ν ν ν
k1
σ(x) = (1 − xα ) . . . (1 − xα kν
)=1+ i
σi x Si = y(αi ) = e(αi ) = ekj (αi )kj = ekj (αkj )i ,
i=1 j=1 j=1

the following system of equations

Error evaluator polynomial
X
ν Y
ν X
ν
σ(x) S1 = ek1 αk1 + ek2 αk2 + · · · + ekν αkν
ω(x) = ekj αbkj (1 − xαki ) = ekj αbkj
1 − xαkj S2 = ek1 (αk1 )2 + ek2 (αk2 )2 + · · · + ekν (αkν )2
j=1 i=1 j=1
i6=j
..
Theorem 26.
.
ω(x) ≡ σ(x)S(x) (mod x2τ ). S2t = ek1 (αk1 )2t + ek2 (αk2 )2t + · · · + ekν (αkν )2t
Proof. Observe that is linear in the unknown error values. So
P 
m−1 i m
(1 − ax) i=0 (ax) ≡ 1 (mod x ). 4. Solve the first ν equations of the previous system to obtain the error magni-
tudes ekj .
So
Pν σ(x)
ω(x) = ekj αbkj 1−xα
j=1 kj
Pν bkj 1
= σ(x) j=1 ekj α 1−xαkj
P P2τ−1
≡ σ(x) νj=1 ekj α
bkj
i=0 (xα )
kj i
(mod x2τ )
P2τ−1 Pν (i+b)kj i
= σ(x) i=0 j=1 ekj α x
P2τ−1
= σ(x) i=0 Si+b xi
= σ(x)S(x).

Sugiyama decoding algorithm

1. Let r−1 (x) = x2t , r0 (x) = S(x), b−1 (x) = 0 and b0 (x) = 1.
2. Repeat the following two computations finding hi (x), ri (x) and bi (x) induc-
tively for i = 1, . . . , I until I satisfies deg rI−1 (x) ≥ t, deg rI (x) < t:
ri−2 (x) = ri−1 (x)h(x) + ri (x), where deg ri (x) < deg ri−1 (x),
bi (x) = bi−2 (x) − hi (x)bi−1 (x).

3. σ(x) is some nonzero scalar multiple of bI (x).

F. J. Lobillo