Decoding error-correcting codes with Grbner bases Stanislav Bulygin - PowerPoint PPT Presentation

12 Decoding error-correcting codes with Gröbner bases Stanislav Bulygin Ruud Pellikaan WIC, May 24, 2007 / department of mathematics and computer science 1/25 1/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Outline • Introduction • Unknown syndromes and MDS bases • Decoding up to half the minimum distance • Complexity of the algorithm 2/25 2/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The decoding of cyclic codes up to half the BCH distance is well-known by Peterson, Arimoto and Gorenstein-Zierler, by means of the syndromes s i of a received word and the error-locator polynomial with coefficients σ i . Suppose that the defining set of the cyclic code contains 2 t consecutive elements. The generalized Newton identities s 1 + σ 1 s i − 1 + · · · + σ t s i − t = 0 , i = t + 1 , . . . , 2 t. are t linear equations in the variables σ 1 , . . . , σ t with the known syndromes s 1 , . . . , s 2 t as coefficients. 3/25 3/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Gaussian elimination solves this system of linear equations with complexity O ( n 3 ) . This complexity was improved by the algorithm of Berlekamp-Massey and a variant of the Euclidean algorithm due to Sugiyama et al. Both these algorithms are more efficient and are basically equivalent, but they decode up to the BCH error-correcting capacity, which is often strictly smaller than the true capacity. They do not correct up to the true error-correcting capacity. 4/25 4/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Gröbner bases techniques were addressed to remedy this problem. These methods can be divided into the following categories: - Unknown syndromes by Berlekamp and Tzeng-Hartmann-Chien, - Power sums by Cooper and Chen-Reed-Helleseth-Truong, - Newton identities by Augot-Charpin-Sendrier. Our method is a generalization of the first one. 5/25 5/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The theory of Gröbner basis is about solving systems of polynomial equations in several variables It is as a common generalization of • Linear Algebra, linear systems of equations in several variables, • Euclidean Algorithm, polynomial equations of arbitrary degree in one variable. 6/25 6/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The polynomial equations are linearized by treating the monomials as new variables. The number of variables grows exponentially in the degree of the polynomials. The complexity of computing a Gröbner basis is doubly exponential in general, and exponential in our case of a finite set of solutions. The complexity of our algorithm is exponential. The complexity coefficient is measured under the assumption that the over-determined system of quadratic equations is semi-regular using the results of Bardet et al. applied to algorithm F5 of Faugère. 7/25 7/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Let b 1 , . . . , b n be a basis of F n q . B is the n × n matrix with b 1 , . . . , b n as rows. The (unknown) syndrome of a word e with respect to B is the column vector u ( e ) = u ( B, e ) = B e T . with entries u i ( e ) = u i ( B, e ) = b i · e for i = 1 , . . . , n . The matrix B is invertible. So the syndrome u ( B, e ) determines the error vector e uniquely: B − 1 u ( B, e ) = B − 1 B e T = e T . 8/25 8/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The coordinatewise star product of x , y ∈ F n q by x ∗ y = ( x 1 y 1 , . . . , x n y n ) . Then b i ∗ b j is a linear combination of the basis b 1 , . . . , b n . There are structure constants µ ijl ∈ F q such that n � b i ∗ b j = µ ijl b l . l =1 9/25 9/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction U ( e ) is the n × n matrix of (unknown) syndromes of a word e with entries u ij ( e ) = ( b i ∗ b j ) · e . The entries of U ( e ) and u ( e ) are related by n � u ij ( e ) = µ ijl u l ( e ) . l =1 Lemma The rank of U ( e ) is equal to the weight of e . 10/25 10/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Let B r be the r × n sub matrix of B with b 1 , . . . , b r as rows. b 1 , . . . , b n is called an MDS basis and B an MDS matrix if all the t × t sub matrices of B t have rank t for all t = 1 , . . . , n . Let C t be the code with B t as parity check matrix. Proposition B is an MDS matrix if and only if C t is an [n,n-t,t+1] code for all t . 11/25 11/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction MDS bases are known to exist if n ≤ q . Let x = ( x 1 , . . . , x n ) be n mutually distinct elements in F q . Define b i = ( x i − 1 , . . . , x i − 1 n ) . 1 Then b 1 , . . . , b n with matrix B ( x ) are MDS and are called a Vandermonde basis and matrix, resp. q is an element of order n and x j = α j − 1 , If α ∈ F ∗ then we get a Reed-Solomon (RS) basis and matrix with b i ∗ b j = b i + j − 1 and u ij ( e ) = u i + j − 1 ( e ) . 12/25 12/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Proposition Suppose that B is an MDS matrix. Let U u,v ( e ) be the u × v sub matrix of U ( e ) consisting of the first u rows and v columns. Then � v if v ≤ wt ( e ) , rank ( U nv ( e )) = wt ( e ) if v > wt ( e ) . 13/25 13/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Let C be an F q -linear code of length n , dimension k , minimum distance d , and redundancy r = n − k . Choose a parity check matrix H of C . Let h 1 , . . . , h r be the rows of H . There are constants a ij ∈ F q such that n � h i = a ij b j . j =1 Let A be the r × n matrix with entries a ij . Then H = AB . 14/25 14/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Let y = c + e be a received word with c ∈ C a code word and e an error vector. The syndromes of y and e with respect to H are equal and known s i ( y ) := h i · y = h i · e = s i ( e ) Expressed in the unknown syndromes of e with respect to B : n � s i ( y ) = a ij u j ( e ) . j =1 15/25 15/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The system E ( y ) of equations in the variables U 1 , . . . , U n is given by: � n l =1 a jl U l = s j ( y ) for j = 1 , . . . , r. It consists of n − k independent linear equations in n variables The system E ( t ) in the variables U 1 , . . . , U n , V 1 , . . . , V t is given by: � t � n l =1 µ ijl U l V j = � n l =1 µ it +1 l U l for i = 1 , . . . , n. j =1 It consists of n quadratic equations in n + t variables. 16/25 16/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction The system of equations E ( t, y ) is the union of E ( t ) and E ( y ) . It consists of n − k linear equations in n variables and n quadratic equations in n + t variables. The linear equations are independent and used to eliminate n − k variables. Thus we get a system of n quadratic equations in k + t variables. 17/25 17/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Theorem Let B be an MDS matrix with structure constants µ ijl . Let H be a parity check matrix of the code C such that H = AB . Let y = c + e be a received word with c in C the codeword sent and e the error vector. Suppose that the weight of e is not zero and at most ( d − 1) / 2 . Let t be the smallest positive integer such that E ( t, y ) has a solution ( u , v ) over some extension F q m of F q . Then wt ( e ) = t and the solution is unique satisfying u = u ( e ) . 18/25 18/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Experiments were done on an AMD Athlon 64 Processor 2800+ (1.8MHz), 512MB RAM under Linux. The computations of Gröbner bases were realized in SINGULAR 3-0-1. 19/25 19/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮

Unknown syndromes Complexity Decoding Introduction Code err. cap. mindist. GB dec. no. of rec. average [25,11,4] 1 2.99 1.10 300 0.0037 [25,11,5] 2 21.58 2.89 300 0.0096 [25,8,5] 2 0.99 1.84 300 0.0061 [25,8,6] 2 3.38 1.79 300 0.0060 [25,8,7] 3 12.26 6.94 300 0.0231 [31,15] 2 - 10.76 300 0.0359 [31,15] 3 - 11.19 10 1.119 20/25 20/25 ◭ ◭ ◭ ◭ � ◮ ◮ ◭ ◭ � ◮ ◮ ◮ ◮